last executing test programs:

15m39.812508036s ago: executing program 1 (id=1322):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r1 = dup(r0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0xc, 0x0, 0x3}, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFNL_MSG_CTHELPER_NEW(r4, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000540)={0x70, 0x0, 0x9, 0x305, 0x0, 0x0, {}, [@NFCTH_NAME={0x9, 0x1, 'syz1\x00'}, @NFCTH_POLICY={0xc, 0x4, 0x0, 0x1, {0x4}}, @NFCTH_TUPLE={0x3c, 0x2, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @empty}, {0x14, 0x4, @remote}}}]}, @NFCTH_PRIV_DATA_LEN={0x8}]}, 0x70}}, 0x0)
fsopen(0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x7}, 0x94)
r5 = socket$inet(0x2, 0x4000000000000001, 0x0)
r6 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000000)={'lo\x00', <r8=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=@newqdisc={0x60, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r8, {0x0, 0xa}, {0xffff, 0xffff}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x34, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0xea, 0x0, 0x0, 0xff, 0x9, 0x5}, {0x12, 0x2, 0x0, 0x401, 0x8001, 0x1400}, 0x0, 0x5, 0x10000000}}, @TCA_TBF_BURST={0x8, 0x6, 0x8057}]}}]}, 0x60}}, 0x44080)
sendto$inet(r5, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @empty}, 0x10)
r9 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000280)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x3}}, [@NFT_MSG_NEWOBJ={0x1c, 0x12, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x1}, @NFT_OBJECT_SYNPROXY=@NFTA_OBJ_TYPE={0x8}}], {0x14}}, 0x44}, 0x1, 0x0, 0x0, 0x4c050}, 0x40)
ioctl$sock_SIOCETHTOOL(r9, 0x8946, &(0x7f0000000180)={'macvlan1\x00', &(0x7f0000000100)=@ethtool_pauseparam={0x13, 0x6, 0xfffffffd, 0x3ff}})
bind$rds(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x4e, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x180000f, 0x13, r1, 0x2000)
r10 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r11 = dup(r10)
write$6lowpan_enable(r11, &(0x7f0000000000)='0', 0xfffffd2c)

15m37.041026374s ago: executing program 1 (id=1329):
bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0x1, 0x4, 0xfff, 0x5, 0x4}, 0x50)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x84042, 0x0)
r0 = syz_open_dev$loop(&(0x7f0000000080), 0x47ffffa, 0x122c42)
socket(0x1d, 0x6, 0x9)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x4f, &(0x7f00000000c0)=ANY=[], &(0x7f00000000c0)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x20, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000900)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @netfilter=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket$netlink(0x10, 0x3, 0x0)
r2 = openat$full(0xffffffffffffff9c, &(0x7f00000012c0), 0x0, 0x0)
read$alg(r2, &(0x7f0000000240)=""/4096, 0xfffffdef)
dup(r0)

15m35.795732088s ago: executing program 1 (id=1339):
bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0x1, 0x4, 0xfff, 0x5, 0x4}, 0x50)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x84042, 0x0)
r0 = syz_open_dev$loop(&(0x7f0000000080), 0x47ffffa, 0x122c42)
socket(0x1d, 0x6, 0x9)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x4f, &(0x7f00000000c0)=ANY=[], &(0x7f00000000c0)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x20, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000900)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @netfilter=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket$netlink(0x10, 0x3, 0x0)
r4 = openat$full(0xffffffffffffff9c, &(0x7f00000012c0), 0x0, 0x0)
read$alg(r4, &(0x7f0000000240)=""/4096, 0xfffffdef)
dup(r0)

15m35.364579367s ago: executing program 1 (id=1332):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r1 = dup(r0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0xc, 0x0, 0x3}, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFNL_MSG_CTHELPER_NEW(r4, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000540)={0x70, 0x0, 0x9, 0x305, 0x0, 0x0, {}, [@NFCTH_NAME={0x9, 0x1, 'syz1\x00'}, @NFCTH_POLICY={0xc, 0x4, 0x0, 0x1, {0x4}}, @NFCTH_TUPLE={0x3c, 0x2, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @empty}, {0x14, 0x4, @remote}}}]}, @NFCTH_PRIV_DATA_LEN={0x8}]}, 0x70}}, 0x0)
fsopen(0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x7}, 0x94)
r5 = socket$inet(0x2, 0x4000000000000001, 0x0)
r6 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000000)={'lo\x00', <r8=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=@newqdisc={0x60, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r8, {0x0, 0xa}, {0xffff, 0xffff}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x34, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0xea, 0x0, 0x0, 0xff, 0x9, 0x5}, {0x12, 0x2, 0x0, 0x401, 0x8001, 0x1400}, 0x0, 0x5, 0x10000000}}, @TCA_TBF_BURST={0x8, 0x6, 0x8057}]}}]}, 0x60}}, 0x44080)
sendmsg$nl_route_sched(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xd0f, 0x70bd29, 0x0, {0x60, 0x0, 0x0, r8, {}, {0xffe0, 0xa}, {0x1, 0x10}}, [@qdisc_kind_options=@q_pfifo_fast={0xf}]}, 0x34}, 0x1, 0x0, 0x0, 0x55}, 0x4000)
sendto$inet(r5, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @empty}, 0x10)
r9 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000280)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x3}}, [@NFT_MSG_NEWOBJ={0x1c, 0x12, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x1}, @NFT_OBJECT_SYNPROXY=@NFTA_OBJ_TYPE={0x8}}], {0x14}}, 0x44}, 0x1, 0x0, 0x0, 0x4c050}, 0x40)
ioctl$sock_SIOCETHTOOL(r9, 0x8946, &(0x7f0000000180)={'macvlan1\x00', &(0x7f0000000100)=@ethtool_pauseparam={0x13, 0x6, 0xfffffffd, 0x3ff}})
bind$rds(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x4e, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x180000f, 0x13, r1, 0x2000)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
write$6lowpan_enable(0xffffffffffffffff, &(0x7f0000000000)='0', 0xfffffd2c)

15m32.936209127s ago: executing program 1 (id=1338):
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = getpid()
mmap$KVM_VCPU(&(0x7f0000ffa000/0x4000)=nil, 0x0, 0x1000008, 0x20010, r2, 0x0)
r4 = syz_pidfd_open(r3, 0x0)
prlimit64(r3, 0xc, &(0x7f0000000140)={0x40000000000000, 0x88}, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
r5 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r6 = signalfd(0xffffffffffffffff, 0x0, 0x0)
fcntl$setownex(r6, 0xf, 0x0)
faccessat2(r6, &(0x7f0000000100)='.\x00', 0x20, 0x600)
setpgid(r5, 0x0)
setpgid(0x0, r5)
mount$9p_fd(0x0, &(0x7f0000000280)='./file1\x00', &(0x7f0000000240), 0x10000, &(0x7f00000002c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c77660600000000e1ffff06d04b255c8e0debc8e3efa49c8ffc7327c549849b5b690a5330", @ANYRESHEX=r4, @ANYBLOB=',\x00'])
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
mount$bpf(0x0, 0x0, &(0x7f0000000180), 0x48004, 0x0)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="0a00000000100bd97d0900ba242b5222838900004b9905c8548a7e822931c858725b7461419c6f56dd8d605c21120683bf71e814beb178a53846734b1681c4f720a964c46de1b57d7d7860bf95e9483415704678e24cbb01fc12ae3f5bbfc79b98d93a4f9935", @ANYRES32, @ANYBLOB='\x00'/15, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$OBJ_PIN_MAP(0x6, &(0x7f00000001c0)=@generic={&(0x7f00000000c0)='./file0/file0\x00', r7}, 0x18)
mlockall(0x2)
bpf$OBJ_GET_MAP(0x7, &(0x7f00000003c0)=@generic={&(0x7f0000000440)='./file0/file0\x00'}, 0x14)
mount$afs(0x0, &(0x7f0000000200)='./file1\x00', 0x0, 0x88, 0x0)
r8 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
ioctl$AUTOFS_IOC_READY(r8, 0x9360, 0x800000000000001)
ioctl$KVM_SET_MSRS(r2, 0xc008ae88, &(0x7f0000000340)=ANY=[@ANYBLOB="05000000000000e672000040"])

15m32.264481904s ago: executing program 1 (id=1341):
bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0x1, 0x4, 0xfff, 0x5, 0x4}, 0x50)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x84042, 0x0)
r0 = syz_open_dev$loop(&(0x7f0000000080), 0x47ffffa, 0x122c42)
socket(0x1d, 0x6, 0x9)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x4f, &(0x7f00000000c0)=ANY=[], &(0x7f00000000c0)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x20, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000900)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @netfilter=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket$netlink(0x10, 0x3, 0x0)
r4 = openat$full(0xffffffffffffff9c, &(0x7f00000012c0), 0x0, 0x0)
read$alg(r4, &(0x7f0000000240)=""/4096, 0xfffffdef)
dup(r0)

15m17.113768659s ago: executing program 32 (id=1341):
bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0x1, 0x4, 0xfff, 0x5, 0x4}, 0x50)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x84042, 0x0)
r0 = syz_open_dev$loop(&(0x7f0000000080), 0x47ffffa, 0x122c42)
socket(0x1d, 0x6, 0x9)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x4f, &(0x7f00000000c0)=ANY=[], &(0x7f00000000c0)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x20, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000900)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @netfilter=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket$netlink(0x10, 0x3, 0x0)
r4 = openat$full(0xffffffffffffff9c, &(0x7f00000012c0), 0x0, 0x0)
read$alg(r4, &(0x7f0000000240)=""/4096, 0xfffffdef)
dup(r0)

4m40.719663029s ago: executing program 4 (id=3413):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000004000000ff0f00000500000004000000", @ANYRES32, @ANYBLOB="48de09c0a36eb4aaf42185000040", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000200"/28], 0x50)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x84042, 0x0)
r2 = syz_open_dev$loop(&(0x7f0000000080), 0x47ffffa, 0x122c42)
socket(0x1d, 0x6, 0x9)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x4f, &(0x7f00000000c0)=ANY=[], &(0x7f00000000c0)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2)
r6 = syz_open_dev$amidi(&(0x7f0000000000), 0x2, 0x101)
dup3(0xffffffffffffffff, r6, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x5, 0x3, &(0x7f0000000380)=ANY=[@ANYBLOB="180080d193f38a0ba0173e00001d0000000473321000000095"], &(0x7f0000000900)='GPL\x00', 0xffffffff, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r7 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000bc0)=@newtaction={0x18, 0x30, 0x48b, 0x0, 0x0, {}, [{0x4}]}, 0x18}}, 0x0)
ioctl$LOOP_CONFIGURE(r2, 0x4c0a, &(0x7f0000001ac0)={r1, 0x0, {0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x4, "339f020bbe82b398000000000000000000000d0ec0c1b4e9b1c4369d03740250ceaac594b1b3d741dd17c1c50d38ef2a565ef1e83323691c58d66500", "a9103939c787a16c1ca43f80026d1a8554fe581b59ded130e04d528539f3d3289737f0374c72a964a02447a75df8a69ea917deb7ba193b3e7772fd29f35239d2", "24431a1e77a68e174f000000000000000010e200"}})
r8 = dup(r2)
syz_io_uring_setup(0x49a, &(0x7f0000000400)={0x0, 0x79af, 0x3180, 0x8000, 0x40024e}, &(0x7f0000000340), &(0x7f0000000300))
read$FUSE(r8, &(0x7f0000003c40)={0x2020}, 0xffffff0a)
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, &(0x7f0000000580)=ANY=[@ANYBLOB="1802000000000000000000000000000018010000786c6c2500000000070000007b1af8ff00000000bfa100000000000007010000f8ffffffb700000000000000b7030000000000fd850000007300000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000680)='sys_exit\x00', r9}, 0x10)
r10 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r10, 0x6, 0x1e, &(0x7f0000000180)=0x400000001, 0xc2)
setsockopt$inet6_tcp_int(r10, 0x6, 0x2000000000000022, &(0x7f0000000140)=0x1, 0x4)

4m39.768869108s ago: executing program 4 (id=3414):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x2}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpu.stat\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r3, 0x0)
statx(r3, &(0x7f0000000000)='./file0\x00', 0x1000, 0x80, &(0x7f0000000500))

4m38.787521306s ago: executing program 4 (id=3419):
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
mkdir(&(0x7f0000000400)='./file1\x00', 0x7)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
symlink(&(0x7f0000000040)='.\x00', &(0x7f0000000100)='./file0\x00')
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000240))
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x1)
ioctl$SCSI_IOCTL_SEND_COMMAND(r1, 0x1, &(0x7f0000000140)=ANY=[@ANYBLOB="00000000010400002f0000006d8260cf12a68fd9a44c78babfed5ca9fe6e925e201d1d6b812126088a0f6a59753b22cd6dabda5e3dd7c6f201f05f273de9a255df5e7e69d3671d680572a7326ffa6ce32157ed3786c021df2306b56cc238e0decee8a005516b6ef0dd31dbb0de98ec1d9ab563d76aa710422d8eeada8907d75bbaba6fae74ba26d03eb492a7be40a96b69f0a13b62e6d7b9319ec99cb5f941895ffaeb0d4310e2878cea277b03a66be6123e7a5983a523ac191a028dd337e5b3d172bab5e05a0e9361ede20c91bdc8a3f4be67039a655082f0959e078cd1e578c3e4162cf3a8eaffbe1e105b3678b358d45da2cd2f4b9a78f064cc5e1996"])
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f0000001540)=ANY=[@ANYBLOB="b702000008000000bfa300000000000007030000ffffffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000001404000001007d60b7030000000000006a0a00fe40000900850000001f000000b70000000000000095000000000000006623848adf1dc9a764ab51a064caff0c9b27a26293fddf0180000071ff31f1622271d5518193e09483c5a020c334f8c76334d8ce8303b81ddaa52e8756ad60a07d6f27c125e16d024098f755d8583da60f27c162dbba0700002ac9170f50f2568836077b7f711a18ebf608d87b885297b6b6981978d51514b00dcc4a2748b376358c33c9753beab62bdf27dc04e4cb4bc598affd989b1ca58949a54d5827df14feecea46408a05d572077f1252fbb72c3d099c501bc4ded6fca17a3447222c95edb47b770009524edd5fa5c53e9c37251709f1ff7f0000f07bf7f53ce129a9ecd3b4dd15100f2b450f98526a0d8cac7c97fc2f64015306a1bd88345710fb6379b4c53cf55eefb4c0974486a8d25a363adbd83b49e13fbd1757b27020bd9b8cff3f48c9411670c34f23ab8caf7851b290feb3045a1b622f20c4383a0280f040de7667f8b1d0842835e81c35af41e5b5b924275cb1749289b44e9728e7a73f148ac8206afe120c1437490d9900000011000003971b32fdffffffffffffffaf580278e1342aabd1b623f6c4f128858e4eb6b42f2173184c2b99b645f6ec0e14e5d7c95a0008000000f30f6c0000000000ff0000b8f5001a1d2a34dc0973ec302bc23211d3e3b6e6dad65a51e5497a3419cecec38126247b27113ad4c7915c8f82c333a7b350802f0311807010d1ed50c18411aa6900daccc02f4ba4b078f07e41f781eee222c7d071d5a94d82ca9a0846c1af59cee16639b4970f8f0a82c6a712fd5722d677d406160ffaffffffb4e0bde6749aa52c408b74251914c5d3255fd88a42e7ebb69ebcd8eee623e51dbb1f1b548c91a6825c0686fdc16be1cbb72c217fda18bd746253ca66093daf35923300b600000000ac376e0a4649a8a84e1d293a6b109c5e59b366bca5cc3d936c53d4a48c05099e6fc37e5aa23bff8cce0600000000000300a568a8532623d12b40b50ac26f2e8255470a04bfbe7acb581b90991d965a01d1f84cb6b973558e1e3f8118c77ccf0b3c6eb6443870004da10c75723b65f83769ad1f0e4ef6b9ef1cec23264fd8fdac6264af1cb467020bdc12b797b6c156c439105829d2ae1c45f7cfa40df68f536a03353a55a8a8e176e5d48887d31c8e0f77f2c1e68ec7c01bd5a2028a8fc107007f5f4c67600a6ade3deb1f200abe1f753754678dae8b4e3ba3d086d4b95dfc5817e3dafae2d38b522f942cc750399d9029f071fdb1e05882f8a4b8fbd219ccac3a895828b4f22b6527ce31ceb02b7b2b4492510134552f0b076b168394f8417f25cc82ae04007193cbe69de8bf35e4bebd15412426b2020ab1f05fc44ae9ae094c1b81d3ef947692b44d2afb09c7498dedf0f87c38bbcab7357836f03e8a7c392e535694a3ead2de11e6b1781e2a017ac341fda2e563ee95085742f5fee9f95f4741b226e428d20b00bc140000e4b2f5efd0a0b1ceba000830ba8634b5aa26bdbe91614e92fae3c7349531df9bf4c01ebf5d8eb7d53e5f30647661623fbdb3f6c3652c423ce6ecc1be5d4e8133fc32f68ea86a2df1e7df98a0ae216c405d0ae9eed114ff2d6fe27dfdff1cf9194849c4cc0da9533e5983863e526a7dc0d8728f3b573ca4427bdb44df9341e9b8420e896598a156c935c800436a312e7ae3c011e46851ac599f0427729ab9c55ae0ab4c0000000000000000000000000000c87bcc2ac5aed9467b51d92e0993af4beaf1f3d47dcdfab9165f98155d93e383d6b85158b54675c1585037508c1e9461a1c3d1a6e2402045cae150a7016f716eebbdf6afc4414d900be0bdf19f4a273f44f4357380b4387f1c8b104f0e406b2f04e5ed88631be6411f9927fe9f83412b7c5a676ceec8b454ebf6481c98e86b6933a02daea0b4ec0be5b3d916bd70208b4588626c27c318475802e2c62681bd1a331422a6e47bbd40857d52c4894944fae5c5000000000000000000000000e0c47613e950b6aefeae054fc723f62ac7d13941de11b018f1f48ac50335df91c771729f81929128135b2803562c1171ee00a3f4a31281aa363e087d53d86dd85e3ff979a7e72d16fdd7e1a0f07a1c8e6085d280d760f74975ceb3a5be6cfb4da8e0aeb769b8b75f4aad803ed77d34872eed2711aa40a3b38099dc2752e8ec9b520faf39e416752aa0830206736570f5d41a4df848c9052551cf8dcb1be000000000eb2577188e8e96bd825d462350905d3eb916b397d2a46a64081e85661d7a5a2716cc87cb1976d15d9b6418e94f165911803e43830432226c660f4da67bb7c8ceb3755c07197d8b80b8d16b12c2ec63bebe107aa2350a7ae564bf69a6c52a2da1496016dd66a1c1b112"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000880), 0xfffffffffffffddd}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r2, 0x0, 0x22, 0x0, &(0x7f0000000140)="3d6ee2e04b91ab10143d9abe86dd", 0x0, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
chdir(&(0x7f0000000380)='./bus\x00')
r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x2000, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r6, 0x4008ae89, &(0x7f0000000440)=ANY=[@ANYBLOB="0100000000000000150001c0"])
fcntl$notify(r3, 0x402, 0x5)
openat(r3, &(0x7f0000000000)='./file0\x00', 0x105042, 0x0)
r7 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
mount$9p_fd(0x0, 0x0, &(0x7f0000000080), 0x80400, &(0x7f0000000a40)=ANY=[@ANYRESDEC=r7, @ANYRES16])
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)=@newtaction={0x18, 0x30, 0x1, 0xfffffffc, 0x0, {}, [{0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r8 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r8, 0x2, &(0x7f0000000200)=0x6)

4m38.642339116s ago: executing program 4 (id=3420):
r0 = syz_open_dev$vim2m(&(0x7f0000000080), 0x80, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000000)={0x46, 0x1, 0x4})
getsockopt$inet_sctp_SCTP_STATUS(0xffffffffffffffff, 0x84, 0xe, &(0x7f0000000400)={<r1=>0x0, 0x5, 0x6, 0x8, 0x3, 0x3ff, 0x5, 0x16a, {0x0, @in6={{0xa, 0x4e21, 0x1, @private1={0xfc, 0x1, '\x00', 0x1}, 0x1}}, 0x7, 0x2, 0x6, 0xc4, 0x81}}, &(0x7f0000000040)=0xb0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f00000001c0)={r1, 0xac, &(0x7f00000004c0)=[@in6={0xa, 0x4e23, 0x1, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010100}, 0x4}, @in={0x2, 0x4e24, @private=0xa010100}, @in6={0xa, 0x4e21, 0x2, @ipv4={'\x00', '\xff\xff', @multicast2}, 0x2}, @in6={0xa, 0x4e22, 0xffffff5b, @empty, 0x2}, @in6={0xa, 0x4e23, 0x9, @remote, 0xfffffff9}, @in={0x2, 0x4e24, @loopback}, @in6={0xa, 0x4e23, 0x1, @local, 0x6}]}, &(0x7f0000000340)=0xc)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0)
mkdir(&(0x7f00000003c0)='./file0\x00', 0x0)
r2 = socket$rds(0x15, 0x5, 0x0)
sendmsg$rds(r2, &(0x7f0000000780)={&(0x7f0000000040)={0x2, 0x4e21, @empty}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x8085}, 0x40)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e642c6163638173733d616e792c63616368653d667363616368652c76657273696f6e3d3970323030302e75"])
chdir(&(0x7f0000000300)='./file0\x00')
openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x0)
r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000380), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r3, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
write$FUSE_NOTIFY_DELETE(r3, &(0x7f00000002c0)=ANY=[@ANYBLOB="2d0000000600000000000000000000000100000000002d00000000000000000004"], 0x2d)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_sys\x00', 0x275a, 0x0)
fcntl$lock(r4, 0x6, &(0x7f0000000000)={0x0, 0x0, 0x8})
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@workdir={'workdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
r5 = open(&(0x7f0000000180)='./bus\x00', 0x14d27e, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000080)={'netdevsim0\x00', <r7=>0x0})
dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000)
r8 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000000)={'bridge0\x00', <r9=>0x0})
sendmsg$nl_route(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000740)=@newlink={0x4c, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x215, 0x100000}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r7}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x4c}, 0x1, 0xba01}, 0x0)
ioctl$EXT4_IOC_GET_ES_CACHE(r5, 0xc020660b, &(0x7f00000002c0)={0x0, 0xfffffffeffc})
r10 = openat$qat_adf_ctl(0xffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOCTL_CONFIG_SYS_RESOURCE_PARAMETERS(r10, 0x40046103, 0x0)

4m38.412966025s ago: executing program 4 (id=3421):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000880)=@file={0x0, './file1\x00'}, 0x6e) (async)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) (async)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001200)=ANY=[@ANYRES16=r1], 0x4c}}, 0x0) (async)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000900)={<r3=>0x0}, &(0x7f00000006c0)=0xc)
move_pages(r3, 0x8, &(0x7f0000000780)=[&(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000402000/0x4000)=nil, &(0x7f00002db000/0x4000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000347000/0x2000)=nil, &(0x7f00004e9000/0x3000)=nil, &(0x7f0000403000/0x3000)=nil], 0x0, &(0x7f0000000740)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x2) (async)
r4 = inotify_init()
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000100)={0x0, 0x3ffc, 0x0, 0x1, 0x35, "ffff00"}) (async)
syz_open_pts(0xffffffffffffffff, 0x0) (async)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x18c) (async)
mount$tmpfs(0x0, &(0x7f0000000000)='./file1\x00', &(0x7f0000000080), 0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="7151a387b551457a43caccf7e808839de3b3ee55c140559a180ab583f51b04bbd18c3b576c74402c0086b692f71f6e53fdbf30263eee65bd8464a152a80d35e59ba6aa45aba9612d630c184f483e3de5a2b26e9830a7807867cffcab4d3da068e774309d6ea7eebda027613b6f6f6b764a082fad1cf9f960a8fe50f12518e5cb836648d692ba"])
r5 = openat(0xffffffffffffff9c, &(0x7f0000004d00)='./file1\x00', 0x351142, 0x1cd)
quotactl_fd$Q_GETNEXTQUOTA(r5, 0xffffffff80000901, 0x0, 0x0)
io_setup(0x7, &(0x7f0000000000)) (async)
getpid()
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
inotify_add_watch(r4, &(0x7f00000000c0)='.\x00', 0x5000009) (async)
open(&(0x7f0000000180)='./bus\x00', 0x5bf8bf, 0x113)
r6 = syz_open_dev$dri(&(0x7f0000000080), 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(0xffffffffffffffff, 0xc02064b2, &(0x7f0000000680)={0xa871, 0x6, 0x401}) (async)
r7 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r7, 0xc04064a0, &(0x7f0000000700)={0x0, &(0x7f0000000640)=[<r8=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_CURSOR(r6, 0xc01c64a3, &(0x7f0000000040)={0x3, r8, 0x10000000, 0x80000001, 0xb, 0x1fd, 0x1}) (async)
close_range(r6, 0xffffffffffffffff, 0x0) (async)
r9 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$IP6T_SO_SET_REPLACE(r9, 0x29, 0x40, &(0x7f0000000200)=@security={'security\x00', 0x44, 0x4, 0x424, 0xffffffff, 0xc8, 0x294, 0xc8, 0xffffffff, 0xffffffff, 0x35c, 0x35c, 0x35c, 0xffffffff, 0x4, 0x0, {[{{@ipv6={@private0, @mcast1, [0x0, 0x0, 0xffffffff], [], 'nr0\x00', 'veth0_vlan\x00'}, 0x203, 0xa4, 0xc8, 0x8502}, @common=@unspec=@CONNSECMARK={0x24, 'CONNSECMARK\x00', 0x0, {0x1}}}, {{@uncond, 0x0, 0xa4, 0x1cc}, @common=@unspec=@SECMARK={0x128, 'SECMARK\x00', 0x0, {0x0, 0x0, 'system_u:object_r:modem_device_t:s0\x00'}}}, {{@uncond, 0x0, 0xa4, 0xc8}, @common=@unspec=@AUDIT={0x24}}], {{'\x00', 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x480)

4m37.933197214s ago: executing program 4 (id=3424):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket(0x11, 0x3, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000300)=ANY=[@ANYBLOB="aaaaaaaaaa95bbbbbbbb00beca5966cad7370028000000e863d94fdfb96af8637560267720cefb2d63cecb372fec7117322b49f2acd9c383666a97adaae93900000000000000000000a300"/85, @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5c000000907809f1"], 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r3, 0x8933, &(0x7f0000000600)={'team0\x00', <r4=>0x0})
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000004c0)=@newqdisc={0x30, 0x24, 0xf0b, 0x0, 0x1000000, {0x0, 0x0, 0x12, r4, {0x0, 0x300}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_clsact={0xb}]}, 0x30}, 0x1, 0x7a00}, 0x4000000)
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r1, 0x8983, &(0x7f0000000100)={0x0, 'erspan0\x00', {0x1}, 0x26})
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
ioctl$BLKZEROOUT(0xffffffffffffffff, 0x127f, 0x0)
r6 = syz_open_dev$vim2m(&(0x7f0000000000), 0x800, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r6, 0xc008561c, &(0x7f0000000280)={0xf0f022})
ioctl$vim2m_VIDIOC_S_FMT(r6, 0xc0d05605, &(0x7f00000000c0)={0x2, @win={{0xdd52, 0xc, 0x40, 0xe0fd}, 0x0, 0x2, 0x0, 0xc, 0x0, 0x6}})
ioctl$MEDIA_IOC_REQUEST_ALLOC(0xffffffffffffffff, 0x80047c05, &(0x7f00000000c0))
connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x4001, @remote}, 0x10)
setsockopt$SO_BINDTODEVICE_wg(0xffffffffffffffff, 0x1, 0x19, &(0x7f0000000080)='wg1\x00', 0x4)
sendto$inet(0xffffffffffffffff, &(0x7f0000000040)="e5", 0xffffffe4, 0x0, 0x0, 0x0)
unshare(0x40020000)

4m37.833099378s ago: executing program 33 (id=3424):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket(0x11, 0x3, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000300)=ANY=[@ANYBLOB="aaaaaaaaaa95bbbbbbbb00beca5966cad7370028000000e863d94fdfb96af8637560267720cefb2d63cecb372fec7117322b49f2acd9c383666a97adaae93900000000000000000000a300"/85, @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5c000000907809f1"], 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r3, 0x8933, &(0x7f0000000600)={'team0\x00', <r4=>0x0})
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000004c0)=@newqdisc={0x30, 0x24, 0xf0b, 0x0, 0x1000000, {0x0, 0x0, 0x12, r4, {0x0, 0x300}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_clsact={0xb}]}, 0x30}, 0x1, 0x7a00}, 0x4000000)
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r1, 0x8983, &(0x7f0000000100)={0x0, 'erspan0\x00', {0x1}, 0x26})
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
ioctl$BLKZEROOUT(0xffffffffffffffff, 0x127f, 0x0)
r6 = syz_open_dev$vim2m(&(0x7f0000000000), 0x800, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r6, 0xc008561c, &(0x7f0000000280)={0xf0f022})
ioctl$vim2m_VIDIOC_S_FMT(r6, 0xc0d05605, &(0x7f00000000c0)={0x2, @win={{0xdd52, 0xc, 0x40, 0xe0fd}, 0x0, 0x2, 0x0, 0xc, 0x0, 0x6}})
ioctl$MEDIA_IOC_REQUEST_ALLOC(0xffffffffffffffff, 0x80047c05, &(0x7f00000000c0))
connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x4001, @remote}, 0x10)
setsockopt$SO_BINDTODEVICE_wg(0xffffffffffffffff, 0x1, 0x19, &(0x7f0000000080)='wg1\x00', 0x4)
sendto$inet(0xffffffffffffffff, &(0x7f0000000040)="e5", 0xffffffe4, 0x0, 0x0, 0x0)
unshare(0x40020000)

3.873957397s ago: executing program 2 (id=4855):
r0 = socket$kcm(0x2, 0x2, 0x0)
setsockopt$sock_attach_bpf(r0, 0x1, 0xf, &(0x7f00000002c0), 0x161)
sendmsg$inet(r0, &(0x7f0000000540)={0x0, 0x0, 0x0}, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
setsockopt$sock_attach_bpf(r0, 0x1, 0x31, &(0x7f0000000640)=r1, 0x4)
setsockopt$sock_attach_bpf(r0, 0x1, 0x31, &(0x7f0000000000), 0x4)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000740)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = socket$inet6_sctp(0xa, 0x5, 0x84)
r6 = io_uring_setup(0x58e1, &(0x7f0000000440)={0x0, 0x61d6, 0x4000, 0x1, 0x258})
r7 = syz_io_uring_setup(0x487, &(0x7f00000000c0)={0x0, 0x9010, 0x100, 0x4, 0x165, 0x0, r6}, &(0x7f0000000000)=<r8=>0x0, &(0x7f0000000280)=<r9=>0x0)
io_uring_register$IORING_REGISTER_PBUF_RING(r7, 0x16, &(0x7f0000000140)={0x0, 0x0, 0x1}, 0x1)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r8, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r8, r9, &(0x7f00000002c0)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x20, 0x10, r5, 0x0, 0x0, 0x0, 0x60, 0x1, {0x1}})
r10 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r10, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000240001030000000000000000010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000) (fail_nth: 8)
io_uring_enter(r7, 0x3517, 0x173d, 0x42, 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(0xffffffffffffffff, 0xc2c45513, &(0x7f0000002e00)={{0x8, 0x7, 0x3, 0x1ff, 'syz0\x00', 0x7f}, 0x0, [0x8, 0x8, 0x1000, 0x0, 0xb3d, 0xffffffff, 0x5, 0x901, 0xbbf, 0x7, 0x15b, 0x7, 0x5944, 0x5, 0x7, 0x4a7, 0x9, 0x5, 0xb, 0x3, 0x2c, 0x400, 0x40, 0x10000000, 0x6, 0x0, 0xffffffff, 0x800, 0x3, 0x3, 0x4, 0x6, 0x6, 0xfff, 0x3ff, 0x1, 0x5, 0x3, 0x5, 0x9, 0x7, 0x7fff, 0xffff8000, 0x80000001, 0xe, 0x0, 0x2, 0x0, 0xe, 0x4, 0x9, 0x5, 0x400, 0x3, 0x9, 0xfffff647, 0x8, 0x4, 0x5, 0x0, 0x9, 0x9, 0x5, 0x8, 0x98, 0xbe, 0x6, 0xa, 0x7, 0x80000000, 0x81, 0x10001, 0x2, 0x80000001, 0x69d, 0xb, 0x3, 0x1, 0x8, 0x9, 0x7, 0x9, 0x1, 0x3, 0x1, 0xffff, 0x6, 0x8, 0x7ff, 0x4, 0xef, 0xff, 0x6, 0x3, 0xf86, 0x589f, 0x3, 0x9, 0x895, 0xfff, 0x9, 0x89, 0x0, 0x1, 0xe0b2, 0x9, 0xfffff561, 0xe, 0x3, 0x3, 0xfffffffa, 0x3, 0x2, 0x1, 0x2ba, 0x1, 0xe, 0x0, 0xf, 0x2, 0xf2, 0x4, 0x0, 0x7, 0x2, 0x7, 0x6, 0x100]})

3.336277163s ago: executing program 2 (id=4857):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, 0x0, 0x3, 0x0, 0x0, 0xce56fe61a68fc369, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400004}, 0x94)
r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000080)=0xb0000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000000)={@my=0x0})
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
ioctl$IOCTL_VMCI_NOTIFICATIONS_RECEIVE(r0, 0x7a6, &(0x7f00000000c0)={0x0, 0x100000, 0x100000000000, 0xfffffffffffffffa, 0x80, 0x15}) (fail_nth: 3)

3.224834766s ago: executing program 2 (id=4859):
io_setup(0x6, &(0x7f00000000c0)=<r0=>0x0)
io_submit(r0, 0x1, &(0x7f0000000040)=[&(0x7f0000001500)={0x0, 0x2000000, 0x0, 0x1, 0x0, 0xffffffffffffffff, 0x0}])
socket$alg(0x26, 0x5, 0x0)
openat$sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/mm/ksm/run\x00', 0x1, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0)
sendmsg$nl_route(r1, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
fsmount(0xffffffffffffffff, 0x0, 0x0)
write$cgroup_subtree(0xffffffffffffffff, 0x0, 0x5)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000080)={0x5, 0x1000086}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x3, 0xffffffffffffffff, 0x1, 0x0)
sched_setaffinity(0x0, 0x43, &(0x7f0000000040)=0x2)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000040)={<r3=>0xffffffffffffffff})
setsockopt$TIPC_SRC_DROPPABLE(r3, 0x10f, 0x80, &(0x7f0000001640)=0x4f1d, 0x4)
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x14, 0x10, 0x1}, 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
sendmmsg$inet(r3, &(0x7f0000001540)=[{{0x0, 0xfffffffffffffda1, 0x0}}], 0x40001b6, 0xf5)

3.196483237s ago: executing program 5 (id=4860):
r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0)
r1 = dup(r0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0xc, 0x0, 0x3}, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFNL_MSG_CTHELPER_NEW(r4, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000540)={0x64, 0x0, 0x9, 0x305, 0x0, 0x0, {}, [@NFCTH_NAME={0x9, 0x1, 'syz1\x00'}, @NFCTH_TUPLE={0x3c, 0x2, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @empty}, {0x14, 0x4, @remote}}}]}, @NFCTH_PRIV_DATA_LEN={0x8}]}, 0x64}}, 0x0)
fsopen(0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x7}, 0x94)
r5 = socket$inet(0x2, 0x4000000000000001, 0x0)
r6 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000000)={'lo\x00', <r8=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=@newqdisc={0x60, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r8, {0x0, 0xa}, {0xffff, 0xffff}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x34, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0xea, 0x0, 0x0, 0xff, 0x9, 0x5}, {0x12, 0x2, 0x0, 0x401, 0x8001, 0x1400}, 0x0, 0x5, 0x10000000}}, @TCA_TBF_BURST={0x8, 0x6, 0x8057}]}}]}, 0x60}}, 0x44080)
sendmsg$nl_route_sched(r6, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x55}, 0x4000)
sendto$inet(r5, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @empty}, 0x10)
r9 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000280)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x3}}, [@NFT_MSG_NEWOBJ={0x1c, 0x12, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x1}, @NFT_OBJECT_SYNPROXY=@NFTA_OBJ_TYPE={0x8}}], {0x14}}, 0x44}, 0x1, 0x0, 0x0, 0x4c050}, 0x40)
ioctl$sock_SIOCETHTOOL(r9, 0x8946, &(0x7f0000000180)={'macvlan1\x00', &(0x7f0000000100)=@ethtool_pauseparam={0x13, 0x6, 0xfffffffd, 0x3ff}})
bind$rds(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x4e, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x180000f, 0x13, r1, 0x2000)
r10 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r11 = dup(r10)
write$6lowpan_enable(r11, &(0x7f0000000000)='0', 0xfffffd2c)

2.584652547s ago: executing program 0 (id=4863):
r0 = gettid()
timer_create(0x2, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f0000000080)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000000200)=[{&(0x7f0000000040)=""/175, 0xaf}], 0x1, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xd, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000200), 0x10}, 0x94)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)

2.454570917s ago: executing program 3 (id=4864):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(des3_ede)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c", 0x15)

2.404180935s ago: executing program 3 (id=4865):
r0 = socket(0x11, 0x3, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x40000)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r2 = syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x0)
mmap(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000001, 0x2052, r2, 0x4b000)
writev(0xffffffffffffffff, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
chmod(&(0x7f0000000340)='./file0\x00', 0x8)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r4 = openat$pmem0(0xffffffffffffff9c, &(0x7f0000002340), 0x8c941, 0x0)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x0, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000000000000000100"/24], &(0x7f0000000000)='syzkaller\x00'}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r5}, 0x10)
ioctl$BLKPG(r4, 0x1269, &(0x7f00000001c0)={0x1, 0x0, 0x98, &(0x7f00000000c0)={0x0, 0x1000, 0xd}})
io_uring_setup(0x5f33, &(0x7f00000003c0)={0x0, 0xc9c2, 0x0, 0x0, 0x354})
syz_io_uring_setup(0x6ebe, &(0x7f0000000680)={0x0, 0x7588, 0x1, 0x4, 0x166}, &(0x7f0000000180), &(0x7f0000000240))
r6 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r6}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
sendmsg$RDMA_NLDEV_CMD_RES_PD_GET(r0, &(0x7f0000000640)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000600)={&(0x7f00000005c0)=ANY=[@ANYBLOB="100064671410002cbd7000ffdbdf25"], 0x10}}, 0x8000010)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={<r7=>0xffffffffffffffff})
pipe(&(0x7f00000000c0)={0xffffffffffffffff, <r8=>0xffffffffffffffff})
splice(r7, 0x0, r1, 0x0, 0x0, 0x5)
r9 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000dc0)={0x1f, 0x4, &(0x7f00000001c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, [@call={0x85, 0x0, 0x0, 0xd0}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x11}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
write$P9_RWRITE(r8, &(0x7f0000000040)={0xb}, 0x11000)

2.221375666s ago: executing program 3 (id=4866):
openat$ttyS3(0xffffffffffffff9c, 0x0, 0x80002, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
ioctl$VIDIOC_S_INPUT(0xffffffffffffffff, 0xc0045627, &(0x7f00000000c0)=0x3)
syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x20000)
r2 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
r3 = syz_open_dev$tty1(0xc, 0x4, 0x1)
bpf$MAP_CREATE(0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="040000000400000004000000050001", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000000200000000000000000f00000000000000000000000012"], 0x50)
ioctl$VT_RESIZEX(r3, 0x560a, &(0x7f00000006c0)={0x0, 0x0, 0x0, 0x20, 0x132, 0x3})
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0), 0x210b014, &(0x7f0000000200)=ANY=[@ANYBLOB="747261b3733d66642c7266646e6f3d", @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r0, @ANYBLOB=',noxattr,smackfstransmute=#,},permit_directio,\x00'])
ioctl$UI_SET_LEDBIT(r2, 0x40045569, 0x7)
ioctl$UI_SET_EVBIT(r2, 0x40045564, 0x11)
ioctl$UI_DEV_SETUP(r2, 0x405c5503, &(0x7f0000000100)={{0x100}, 'syz1\x00'})
ioctl$UI_SET_LEDBIT(r2, 0x40045569, 0x4)
ioctl$UI_SET_LEDBIT(r2, 0x40045569, 0x3)
ioctl$UI_DEV_CREATE(r2, 0x5501)
r4 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_usb_control_io$uac1(0xffffffffffffffff, 0x0, 0x0)
syz_usb_control_io$uac1(0xffffffffffffffff, 0x0, 0x0)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events.local\x00', 0x26e1, 0x0)
ioctl$SIOCSIFHWADDR(r5, 0xc0189436, &(0x7f0000000000)={'bridge_slave_1\x00'})
syz_usb_control_io$cdc_ncm(0xffffffffffffffff, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(0xffffffffffffffff, 0x0, 0x0)
ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$UI_DEV_DESTROY(r2, 0x5502)
ioctl$TIOCMGET(0xffffffffffffffff, 0x5415, &(0x7f0000000280))
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000080)=0x3)

2.200054397s ago: executing program 5 (id=4867):
r0 = socket$packet(0x11, 0x3, 0x300)
r1 = getpid()
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmmsg$unix(r3, &(0x7f0000002e40)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000880)=[@rights={{0x10, 0x1, 0x1, [r2]}}, @cred={{0x18, 0x1, 0x2, {r1}}}, @rights={{0x28, 0x1, 0x1, [r3, r2, r2, r2, r3, r3, r2]}}, @cred={{0x18, 0x1, 0x2, {r1}}}, @cred={{0x18, 0x1, 0x2, {r1}}}, @rights={{0x10, 0x1, 0x1, [r3]}}, @rights={{0x18, 0x1, 0x1, [r0, r2, r2]}}, @rights={{0x18, 0x1, 0x1, [r3, r0, r3]}}, @cred={{0x18, 0x1, 0x2, {r1}}}], 0xd8, 0x49c5}}], 0x1, 0x20010004)

2.135177692s ago: executing program 5 (id=4868):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, 0x0)
chdir(&(0x7f0000000100)='./file0\x00')
r0 = open(&(0x7f0000000780)='./bus\x00', 0x14507e, 0x0)
io_setup(0x7d, &(0x7f0000000600)=<r1=>0x0)
io_submit(r1, 0x1, &(0x7f0000001d00)=[&(0x7f0000000080)={0x1000000, 0x0, 0x0, 0x0, 0x0, r0, &(0x7f0000000000)="96", 0x1, 0x0, 0x0, 0x0, r0}])

2.009329966s ago: executing program 5 (id=4869):
unshare(0x6a040000)
r0 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r0, &(0x7f00000000c0)={0x18, 0x0, {0x4, @multicast, 'bond0\x00'}}, 0x1e)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000)=<r1=>0x0)
timer_settime(r1, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
getsockopt$IP6T_SO_GET_INFO(r2, 0x29, 0x40, &(0x7f00000002c0)={'nat\x00', 0x0, [0x7, 0x4, 0xb, 0x4, 0x3]}, &(0x7f0000000100)=0x54)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
r3 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), r3)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000280)={'wlan0\x00'})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@delqdisc={0x5c, 0x25, 0x800, 0x70bd2c, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, {0x9, 0xfff3}, {0x5, 0xa}, {0x1, 0xc}}, [@qdisc_kind_options=@q_prio={{0x9}, {0x18, 0x2, {0x5, "ea94a503cfec0c2fb031907188f4a9ff"}}}, @qdisc_kind_options=@q_skbprio={{0xc}, {0x8, 0x2, 0x4}}]}, 0x5c}, 0x1, 0x0, 0x0, 0x4004810}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
r6 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0xa4242, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000280)=ANY=[@ANYBLOB="1c0000021500010300000000000000000c0000000800040009000000"], 0x1c}, 0x1, 0x0, 0x0, 0xc000}, 0x4000000)
r7 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r7, 0xc0306201, &(0x7f0000000480)={0x10, 0x0, &(0x7f0000000000)=[@clear_death={0x400c630e}], 0x0, 0x0, 0x0})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000007, 0x38011, r6, 0x0)
add_key$keyring(&(0x7f0000000000), &(0x7f0000000080)={'syz', 0x0}, 0x0, 0x0, 0xffffffffffffffff)

1.973228301s ago: executing program 2 (id=4870):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket(0x11, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r3, 0x8933, &(0x7f0000000600)={'team0\x00', <r4=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000004c0)=@newqdisc={0x34, 0x24, 0x20, 0x0, 0x1000000, {0x0, 0x0, 0x12, r4, {0x0, 0x300}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x4}}]}, 0x34}, 0x1, 0x7a00}, 0x4000000)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mount$cgroup(0x600, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000840)={[{@none}, {}]})
socket$inet_smc(0x2b, 0x1, 0x0)
syz_open_dev$cec(&(0x7f0000000000), 0x0, 0x2)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000080)={'wlan0\x00'})

1.668410135s ago: executing program 0 (id=4871):
socket$inet6_udp(0xa, 0x2, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket(0x200000000000011, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'bridge0\x00', <r2=>0x0})
syz_emit_ethernet(0x2a, &(0x7f0000000100)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa0823bed006001808000604000100ac1414bb00"/45], 0x0)
bind$packet(r1, &(0x7f0000000180)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @multicast}, 0x14)
getsockname$packet(r1, &(0x7f0000000080)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ethtool(&(0x7f00000001c0), 0xffffffffffffffff)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f00000003c0)={'netdevsim0\x00', <r7=>0x0})
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0xc, &(0x7f0000000140)=ANY=[@ANYBLOB="18020000040000000000000000000000850000002c0000001801000020207325000000000020"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', r3, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$ETHTOOL_MSG_COALESCE_SET(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000140)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="01000000000000000000100000000c00018008000100", @ANYRES32=r7, @ANYBLOB="080011"], 0x28}, 0x1, 0x0, 0x0, 0x40000c5}, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000700)={'bridge_slave_1\x00'})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="38000000540001000000000000c4000007008209", @ANYRESHEX=r1, @ANYBLOB="20000100", @ANYRESOCT=r3, @ANYBLOB="00000000e000030000000000000000000000000008"], 0x38}}, 0x4000881)
sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0)

1.535084623s ago: executing program 0 (id=4872):
timer_create(0x0, &(0x7f0000000680)={0x0, 0x21}, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
open(&(0x7f0000000100)='./file0\x00', 0x440, 0x0)
link(0x0, &(0x7f00000002c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')

1.403942986s ago: executing program 0 (id=4873):
r0 = socket$packet(0x11, 0x3, 0x300)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmmsg$unix(r2, &(0x7f0000002e40)=[{{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000500)="e994b75dea159be4e866e782a58c0b051a2afe7e8d8481a20cf8b4b8686654bdb805ff8b913e721b1d02c593803ecabb284f660e8c8141393223842533500819230c403e4f0c0e97a16e4d7c4bb112d2da58dbe4317604aebbdd42ac0ae2ea68dc6e917b6fee740bcb87027de026177590516e66728706a7882d0e4055646231161d601559de56f174d154bd356e1133ffd1e33e6a23bf6aabe8c5362d08bbd45bf1a7b9bc4fbebb89d4639257ef0b07b22fb1e39afdec44872237e35295dd18", 0xc0}], 0x1, &(0x7f0000000880)=[@rights={{0x10, 0x1, 0x1, [r1]}}, @cred={{0x18}}, @rights={{0x28, 0x1, 0x1, [r2, r1, r1, r1, r2, r2, r1]}}, @cred={{0x18}}, @cred={{0x18}}, @rights={{0x10, 0x1, 0x1, [r2]}}, @rights={{0x18, 0x1, 0x1, [r0, r1, r1]}}, @rights={{0x18, 0x1, 0x1, [r2, r0, r2]}}, @cred={{0x18}}, @cred={{0x18}}], 0xf0, 0x49c5}}], 0x1, 0x20010004)

1.40338876s ago: executing program 0 (id=4874):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x2000)
syz_open_dev$tty20(0xc, 0x4, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(r0, 0x84, 0x12, &(0x7f0000000000)=0xfffffffd, 0x4)
r1 = dup(0xffffffffffffffff)
write$6lowpan_enable(r1, 0x0, 0x0)
r2 = socket$vsock_stream(0x28, 0x1, 0x0)
getsockopt(r2, 0x28, 0x0, 0x0, 0x0)
syz_open_dev$media(&(0x7f0000001a80), 0x3, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
mount$9p_fd(0x0, &(0x7f0000000100)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r3}})
ioctl$FIGETBSZ(0xffffffffffffffff, 0x2, &(0x7f0000000080))
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x6, &(0x7f0000000000)=0x4, 0x4)
connect$inet(0xffffffffffffffff, &(0x7f0000000280)={0x2, 0x0, @broadcast}, 0x10)
r4 = syz_open_dev$usbmon(&(0x7f0000000280), 0x80000000000000, 0x0)
r5 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f0000000040))
syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301)
ioctl$DRM_IOCTL_MODE_ADDFB2(0xffffffffffffffff, 0xc06864b8, &(0x7f0000000580)={0x0, 0xc1, 0x87e, 0x20203843, 0x3, [0x2], [0x800, 0x0, 0x0, 0xfffffffc], [0x101, 0x0, 0x1, 0xb1e5], [0x6, 0xffffffffffffffff, 0x0, 0x8]})
mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8003, &(0x7f0000000000)=0xd, 0x8, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=@newlink={0x48, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0x18, 0x2, 0x0, 0x1, [@IFLA_IPTUN_REMOTE={0x14, 0x3, @mcast2}]}}}]}, 0x48}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x74, 0x10, 0x401, 0xfffffffc, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, [@IFLA_LINKINFO={0x54, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0x44, 0x2, 0x0, 0x1, [@IFLA_IPTUN_ENCAP_TYPE={0x6}, @IFLA_IPTUN_ENCAP_FLAGS={0x6, 0x10, 0x2}, @IFLA_IPTUN_FLOWINFO={0x8, 0x7, 0x7}, @IFLA_IPTUN_LOCAL={0x14, 0x2, @private2}, @IFLA_IPTUN_COLLECT_METADATA={0x4}, @IFLA_IPTUN_FLAGS={0x8, 0x8, 0x14}, @IFLA_IPTUN_TTL={0x5, 0x4, 0x96}]}}}]}, 0x74}, 0x1, 0x0, 0x0, 0x40001}, 0x20004090)
sendmsg$BATADV_CMD_SET_VLAN(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000200)={&(0x7f0000000340)={0x48, 0x0, 0x200, 0x70bd2d, 0x25dfdbfc, {}, [@BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x80000000}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x740}, @BATADV_ATTR_MESH_IFINDEX={0x8}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x3}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @random="aaae29a642aa"}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x4447}]}, 0x48}, 0x1, 0x0, 0x0, 0xc001000}, 0x40000c0)
mount(0x0, &(0x7f0000000240)='.\x00', &(0x7f00000000c0)='cifs\x00', 0x1200010, &(0x7f0000000100))
fchmodat(0xffffffffffffff9c, &(0x7f0000000300)='.\x00', 0xffffffd3)

1.27070468s ago: executing program 3 (id=4875):
socket$inet_smc(0x2b, 0x1, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x6, 0x0, 0x7fff0006}]})
geteuid()
eventfd2(0x9, 0x80800)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f00000006c0)={0x0, 0x2, 0x0, {0x0, 0x1}, {0x45, 0x2}, @period={0x59, 0xfffc, 0x0, 0x0, 0x4, {0x10, 0xffff, 0x1, 0x1}, 0x0, 0x0}})
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x1, 0x8c2b01)
write$char_usb(r0, &(0x7f0000000040)="e2", 0x12d8)
r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r2 = dup(r1)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000600)={&(0x7f00000003c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x10, 0x10, 0xa, [@var={0x7, 0x0, 0x0, 0xe, 0x3}]}, {0x0, [0x4f, 0x0, 0x5f, 0x2e, 0x0, 0x5f, 0x2e, 0x10]}}, &(0x7f0000000500)=""/214, 0x32, 0xd6, 0x1}, 0x28)
open$dir(&(0x7f0000000080)='./file0\x00', 0x80182, 0x102)
write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffffffffffd7d)
r3 = socket$alg(0x26, 0x5, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$bt_rfcomm(0x1f, 0x3, 0x3)
bind$alg(r3, &(0x7f0000000300)={0x26, 'hash\x00', 0x0, 0x0, 'sha512-generic\x00'}, 0x58)
r4 = accept4(r3, 0x0, 0x0, 0x800)
recvmmsg$unix(r4, &(0x7f0000003700)=[{{0x0, 0x700, 0x0, 0x0, 0x0, 0x500}}], 0x600, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0xb, &(0x7f0000000380)=@framed={{}, [@printk={@ld, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x2d}}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

971.489638ms ago: executing program 2 (id=4876):
r0 = socket$packet(0x11, 0x3, 0x300)
r1 = getpid()
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmmsg$unix(r3, &(0x7f0000002e40)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000880)=[@rights={{0x10, 0x1, 0x1, [r2]}}, @cred={{0x18, 0x1, 0x2, {r1}}}, @rights={{0x28, 0x1, 0x1, [r3, r2, r2, r2, r3, r3, r2]}}, @cred={{0x18, 0x1, 0x2, {r1}}}, @cred={{0x18, 0x1, 0x2, {r1}}}, @rights={{0x10, 0x1, 0x1, [r3]}}, @rights={{0x18, 0x1, 0x1, [r0, r2, r2]}}, @rights={{0x18, 0x1, 0x1, [r3, r0, r3]}}], 0xc0, 0x49c5}}], 0x1, 0x20010004)

921.645578ms ago: executing program 3 (id=4877):
openat$ttynull(0xffffff9c, &(0x7f0000000040), 0x24202, 0x0)
r0 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000000), 0x103902, 0x0)
ioctl$TCSETS(r0, 0x5402, &(0x7f0000000180)={0x2, 0x2, 0xfffffffe, 0x10003, 0xc, "008ef10ba278887cb0baba08431799317e6324"})
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x20, 0x4, &(0x7f0000000900)=ANY=[@ANYBLOB="18000000010000000000000000000000791200000000000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = syz_open_dev$vim2m(&(0x7f0000000080), 0x8000009, 0x2)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x25dfdbfb, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x800}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
io_uring_register$IORING_REGISTER_FILES(0xffffffffffffffff, 0x1e, &(0x7f0000000000)=[0xffffffffffffffff], 0x1)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000027c0)={0x11, 0x4, &(0x7f0000000a40)=ANY=[@ANYBLOB="1801000000050000000000000000ea0485000000d000000095"], &(0x7f0000000a00)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='sched_switch\x00', r2}, 0x10)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
setrlimit(0x3, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$SNDCTL_DSP_GETTRIGGER(0xffffffffffffffff, 0x80045010, 0x0)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x101002, 0x0)
r6 = socket(0x11, 0x800000003, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r6, 0x8933, &(0x7f0000000600)={'team0\x00', <r7=>0x0})
r8 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r8, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000000)=@newqdisc={0xb0, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x12, r7, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x80, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [], 0x0, [0x8, 0x4], [0x0, 0x8]}}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x10, 0x2, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0x10000}]}]}, @TCA_TAPRIO_ATTR_SCHED_CLOCKID={0x8, 0x5, 0x1}, @TCA_TAPRIO_ATTR_SCHED_BASE_TIME={0xc, 0x3, 0x280000000000000}]}}]}, 0xb0}}, 0x0)
ioctl$vim2m_VIDIOC_CREATE_BUFS(r1, 0xc0f8565c, &(0x7f0000000280)={0x0, 0x400, 0x2, {0x1, @pix_mp={0x17a5499b, 0x2, 0x38414762, 0x2, 0xa, [{0x4, 0x2}, {0x3, 0x2}, {0x100, 0x200}, {0x40, 0x6b}, {0x1}, {0x4, 0x6}, {0x80000000, 0x6cc}, {0xe, 0x2}], 0xff, 0x4, 0x7, 0x0, 0x6}}})
write$UHID_INPUT(0xffffffffffffffff, &(0x7f0000001040)={0x18, {"a2e3ad21ed6b52f99cfbf4c087f70c9b3e6ee7ff7fc6e5539b9b3b0e8b9b411b5d30091b080d29428f0e1ac6e7049b3468959b4c9a242a9b67f3988f7ef319520100ffe8d178708c523c921b1b25380a169b63d336cd3b78130daa61d8e809ea882f5802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f309f4cff7738596ecae8707ce065cd5b91cd0ae193973735b36d5b1b63e91c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecd03aded6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca5b6bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27afc953854a642c57519544ae15a7e454dea05918b4124351601611c8f11baa500a3621c56cea8d20ff911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a60560a22f1fca567e65d5e880572286522449df466c632b3570243f989cce3803f465e41e610c20d80421d653a5120000008213b704c7fb082ff27590678ef9f190bae979babc7041d860420c5664ba7921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202fd28f28381aab144a5d429a04a689b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2f05dd3318271a1f5f8528f227e79c1388dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eefc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44060bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a7288afe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f48fe4eae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf02b98a269b891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efedfd71af9444e197f47e866101496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615f7084a607a7eceb6243378e0610060f02cca4051c2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c4e15a7b6eb65ca8104e1b4da1fbb77ab2fc043aead87c32ab875ee7c2e7b7019c902cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad948741b2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd73643de50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c1023bf70cc77737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73c497579773767075428067e7f16f4dde374f8211fef42cb468e623daf60b3569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe29068c0ca3d3414442e863a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae44369ddb4581c55925d0f6f1ba471eba281f259152f85a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b405177548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e05130935e00785ec27e923911fab964c271556527697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9ddbfb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e7027132f2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afae5336651b1b9bd522d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee29165895ac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463181f4b87c10772d2b13f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76d57227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f84fad6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b3110b932a4d02da711b757fe43c06d21e35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc238a081ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4908b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cb0b3e35cb80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c60edddab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec014508e5247d33ae6c962d35603ff8454c16f8342856935125102bb784ed714887071f3d998efdd9923c954ab6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee658e4cb5e930ed624806c43a006dc9336d07c2b8081c128ad2706f48261f7897084c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da3932ba5c04c24a560ad80a3ce654578376e599aff3565b1d531f30912b99e6619ebe93cc0b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e6491953264d2700c838fa2c7b34252600c9654e502dcea39cb6bc3eb69992e234b4ca7db2f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c6000064b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c7e36bb2fc4c40e9cf96f06817fb903729a7db6ff957697c9ede7885d94ff1aa70826ad01a9b03c37b0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x100d}}, 0xfffffdef)

917.380052ms ago: executing program 2 (id=4878):
io_setup(0x6, &(0x7f00000000c0)=<r0=>0x0)
io_submit(r0, 0x1, &(0x7f0000000040)=[&(0x7f0000001500)={0x0, 0x2000000, 0x0, 0x1, 0x0, 0xffffffffffffffff, 0x0}])
socket$alg(0x26, 0x5, 0x0)
openat$sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/mm/ksm/run\x00', 0x1, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0)
sendmsg$nl_route(r1, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
fsmount(0xffffffffffffffff, 0x0, 0x0)
write$cgroup_subtree(0xffffffffffffffff, 0x0, 0x5)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000080)={0x5, 0x1000086}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x3, 0xffffffffffffffff, 0x1, 0x0)
sched_setaffinity(0x0, 0x43, &(0x7f0000000040)=0x2)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000040)={<r3=>0xffffffffffffffff})
setsockopt$TIPC_SRC_DROPPABLE(r3, 0x10f, 0x80, &(0x7f0000001640)=0x4f1d, 0x4)
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x14, 0x10, 0x1}, 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
sendmmsg$inet(r3, &(0x7f0000001540)=[{{0x0, 0xfffffffffffffda1, 0x0}}], 0x40001b6, 0xf5)

406.642679ms ago: executing program 5 (id=4879):
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x2, 0x4, 0x4, 0x8}, 0x50)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000140)=@base={0xd, 0x5, 0x4, 0x7, 0x0, r0}, 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180), &(0x7f0000000340), 0x2, r1}, 0x38)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0xa, 0x4, 0x7fe2, 0x1}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r3}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$netlink(0x10, 0x3, 0x0)
r5 = openat$null(0xffffffffffffff9c, &(0x7f0000000340), 0x40402, 0x0)
io_setup(0x8, &(0x7f00000003c0)=<r6=>0x0)
io_submit(r6, 0x200000000000007c, &(0x7f0000000640)=[&(0x7f0000000400)={0x18, 0x7000000, 0x4, 0x0, 0x0, r5, 0x0, 0x0, 0x3, 0x0, 0x0, r5}])
r7 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r7, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r8, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010006"], 0x3c}}, 0x0)
r9 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r9, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=ANY=[@ANYBLOB="3c0000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="a4280400000000001400350076657468305f746f5f626f6e6400000008000a00", @ANYRES32=r8, @ANYRES32=r9, @ANYRES16=r4, @ANYRESHEX=r9], 0x3c}, 0x1, 0x0, 0x0, 0x4008800}, 0x8000)
r10 = socket$nl_route(0x10, 0x3, 0x0)
r11 = socket(0x1, 0x803, 0x0)
getsockname$packet(r11, &(0x7f0000000100)={0x11, 0x0, <r12=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
r13 = socket$unix(0x1, 0x1, 0x0)
r14 = syz_open_dev$vim2m(&(0x7f0000000040), 0x0, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r14, 0xc0145608, &(0x7f00000000c0)={0x2, 0x1, 0x1})
ioctl$vim2m_VIDIOC_DQBUF(r14, 0xc044560f, &(0x7f0000000380)=@mmap={0x0, 0x1, 0x4, 0x0, 0x0, {0x77359400}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "37bb54f0"}})
ioctl$sock_SIOCGIFINDEX(r13, 0x8933, &(0x7f0000000100)={'veth1\x00', <r15=>0x0})
sendmsg$nl_route(r10, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=@newlink={0x4c, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x90646}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6, 0x1, 0x4}]}}}, @IFLA_LINK={0x8, 0x5, r15}, @IFLA_MASTER={0x8, 0xa, r12}]}, 0x4c}, 0x1, 0x0, 0x0, 0x600}, 0x0) (fail_nth: 4)

280.391812ms ago: executing program 0 (id=4880):
r0 = gettid()
timer_create(0x2, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f0000000080)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000000200)=[{&(0x7f0000000040)=""/175, 0xaf}], 0x1, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xd, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000200), 0x10}, 0x94)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)

55.069577ms ago: executing program 5 (id=4881):
syz_usb_ep_write(0xffffffffffffffff, 0x81, 0x1, &(0x7f0000000240)="b9")
r0 = syz_open_dev$evdev(&(0x7f0000001540), 0x0, 0x0)
ioctl$EVIOCGLED(r0, 0x5452, &(0x7f0000000240)=""/77)
syz_usb_connect$cdc_ncm(0x3, 0x74, &(0x7f0000000100)={{0x12, 0x1, 0x110, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x62, 0x2, 0x1, 0x7f, 0x60, 0x2, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0xb, 0x24, 0x6, 0x0, 0x1, "d4dea00ffc91"}, {0x5, 0x24, 0x0, 0x1}, {0xd, 0x24, 0xf, 0x1, 0xe, 0xf3d7, 0x6, 0x60}, {0x6, 0x24, 0x1a, 0x40b, 0x18}}, {{0x9, 0x5, 0x81, 0x3, 0x20, 0x1, 0x0, 0x7f}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x40, 0x8, 0x5, 0x8}}, {{0x9, 0x5, 0x3, 0x2, 0x40, 0xe, 0x7, 0x77}}}}}}}]}}, &(0x7f00000004c0)={0xa, &(0x7f0000000000)={0xa, 0x6, 0x200, 0x4, 0x3, 0x6, 0x20, 0x6}, 0x5, &(0x7f0000000080)={0x5, 0xf, 0x5}, 0x5, [{0xe8, &(0x7f00000002c0)=@string={0xe8, 0x3, "739cf73671dd3f5f2f8f14187f2b1b3969d052b0c85ca4fe41052ae9a72c16d2c935b5cd4f0a16e08a46fabe0458a792f9f748952563277850c73f35ba1fe2cbc4b40d1ad88b51b0cd756cbdcc0dae2365b487b4c970e27cfbe46f8bf27df18cd76a114546c1669d956be1b4da7133e739a823a86e457b8ce8498eff17ae8b771df286111ffe12c05f888ced9d9017b1979a24e4842ccb7385e188dc4f57e116cc39297db507a2addb55734ba5eb7228fde2588ff1341ce17f65721f9799869002ab3a42fc050844a511d2bddf69b00f79c5b2850baa9f413a584bb1b2f298ca6fea202e7bc3"}}, {0x1c, &(0x7f00000001c0)=@string={0x1c, 0x3, "db543cb593cd7b29a1b1bfde3b6210fb94a66df40449346f8b02"}}, {0x9f, &(0x7f00000003c0)=@string={0x9f, 0x3, "09b30fb4d0411671d4f16dfad127c7f3bf4c81c60759e22e34d15c1b12773a9efc44faba4eb54b3b2d8dd4aa5b960a97f46ee07b9a4fc4caafd20ad21bf53141ef5e0ff39dc0fc7a86f640bedc6931d930147055708191329f64938319013523af31ddcce8a42b49363a4cec5824cc4e1c337246727ef7c0c8e83d55c09a266de8d0c2fc527d236c69c2fb0276f5c048fd66fc7a507868af3ec008abac"}}, {0x4, &(0x7f0000000200)=@lang_id={0x4, 0x3, 0xc0a}}, {0x4, &(0x7f0000000480)=@lang_id={0x4, 0x3, 0x3c33}}]})
ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000180)={0x57, 0x0, 0x0, {0xfffe, 0x1}, {0x74, 0x2}, @const={0x6, {0x7f, 0x0, 0x8000, 0xfffd}}})
r1 = openat$dlm_monitor(0xffffff9c, &(0x7f0000000500), 0x4000, 0x0)
write$char_usb(r1, &(0x7f0000000540)="30fc64f050cdf93eba30a9ac37af6157f077eb32b216b99bd87ae46842832300c2df5c5b14cdaf7d62529e24a9307f0b3e3c45c1fc5e7e3f7617e1446f48377b0d51aeef7cfaf533107679820bf3b6fd5b11782beaafc3713e4cecbc7db225785cdee3f40313f3d451a4735ce34f51182688d7cbd7d84b105df4b1f8d37f1e0cf946f2af3f8b8eda51e4e267c037815b07600c575ef39eb2d9e017864463", 0x9e)
r2 = syz_open_dev$evdev(&(0x7f00000000c0), 0x78, 0x822b01)
write$char_usb(r2, &(0x7f0000000040)="e2", 0x1068)

0s ago: executing program 3 (id=4882):
r0 = socket$packet(0x11, 0x3, 0x300)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmmsg$unix(r2, &(0x7f0000002e40)=[{{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000500)="e994b75dea159be4e866e782a58c0b051a2afe7e8d8481a20cf8b4b8686654bdb805ff8b913e721b1d02c593803ecabb284f660e8c8141393223842533500819230c403e4f0c0e97a16e4d7c4bb112d2da58dbe4317604aebbdd42ac0ae2ea68dc6e917b6fee740bcb87027de026177590516e66728706a7882d0e4055646231161d601559de56f174d154bd356e1133ffd1e33e6a23bf6aabe8c5362d08bbd45bf1a7b9bc4fbebb89d4639257ef0b07b22fb1e39afdec44872237e35295dd18", 0xc0}], 0x1, &(0x7f0000000880)=[@rights={{0x10, 0x1, 0x1, [r1]}}, @cred={{0x18}}, @rights={{0x28, 0x1, 0x1, [r2, r1, r1, r1, r2, r2, r1]}}, @cred={{0x18}}, @cred={{0x18}}, @rights={{0x10, 0x1, 0x1, [r2]}}, @rights={{0x18, 0x1, 0x1, [r0, r1, r1]}}, @rights={{0x18, 0x1, 0x1, [r2, r0, r2]}}, @cred={{0x18}}, @cred={{0x18}}], 0xf0, 0x49c5}}], 0x1, 0x20010004)

kernel console output (not intermixed with test programs):

tdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1212.741452][T23296] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1212.744212][T23296] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1212.747261][T23296] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1212.770346][T23296] gtp0: left promiscuous mode
[ 1212.775600][T23296] vlan2: left allmulticast mode
[ 1212.777200][T23296] veth1: left allmulticast mode
[ 1212.793425][T23298] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1212.799045][T23298] 8021q: adding VLAN 0 to HW filter on device team0
[ 1212.803126][T23298] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[ 1212.937717][T23299] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(8)
[ 1212.939806][T23299] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[ 1212.945201][T23299] vhci_hcd vhci_hcd.0: Device attached
[ 1213.214586][ T6275] usb 38-1: SetAddress Request (2) to port 0
[ 1213.217164][ T6275] usb 38-1: new SuperSpeed USB device number 2 using vhci_hcd
[ 1213.380812][T23314] vhci_hcd: connection reset by peer
[ 1213.383563][ T6344] vhci_hcd: stop threads
[ 1213.386637][ T6344] vhci_hcd: release socket
[ 1213.388101][ T6344] vhci_hcd: disconnect device
[ 1213.540158][T23323] sg_write: data in/out 41084/1 bytes for SCSI command 0x1c-- guessing data in;
[ 1213.540158][T23323]    program syz.3.4055 not setting count and/or reply_len properly
[ 1213.771583][T23325] netlink: 3 bytes leftover after parsing attributes in process `syz.3.4055'.
[ 1213.798703][T23325] batadv1: entered allmulticast mode
[ 1213.842498][T23326] input: syz1 as /devices/virtual/input/input48
[ 1214.543578][T23345] FAULT_INJECTION: forcing a failure.
[ 1214.543578][T23345] name failslab, interval 1, probability 0, space 0, times 0
[ 1214.547866][T23345] CPU: 0 UID: 0 PID: 23345 Comm: syz.0.4064 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) 
[ 1214.547881][T23345] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 1214.547889][T23345] Call Trace:
[ 1214.547893][T23345]  <TASK>
[ 1214.547897][T23345]  dump_stack_lvl+0x16c/0x1f0
[ 1214.547917][T23345]  should_fail_ex+0x512/0x640
[ 1214.547932][T23345]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[ 1214.547949][T23345]  should_failslab+0xc2/0x120
[ 1214.547960][T23345]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[ 1214.547976][T23345]  ? __alloc_skb+0x2b2/0x380
[ 1214.547994][T23345]  __alloc_skb+0x2b2/0x380
[ 1214.548008][T23345]  ? __pfx___alloc_skb+0x10/0x10
[ 1214.548022][T23345]  ? __pfx_rtnl_newlink+0x10/0x10
[ 1214.548043][T23345]  netlink_ack+0x15d/0xb80
[ 1214.548059][T23345]  netlink_rcv_skb+0x332/0x420
[ 1214.548070][T23345]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1214.548081][T23345]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1214.548097][T23345]  ? netlink_deliver_tap+0x1ae/0xd30
[ 1214.548110][T23345]  netlink_unicast+0x53d/0x7f0
[ 1214.548123][T23345]  ? __pfx_netlink_unicast+0x10/0x10
[ 1214.548138][T23345]  netlink_sendmsg+0x8d1/0xdd0
[ 1214.548151][T23345]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1214.548164][T23345]  ? __import_iovec+0x1dd/0x650
[ 1214.548183][T23345]  ____sys_sendmsg+0xa98/0xc70
[ 1214.548197][T23345]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1214.548208][T23345]  ? get_compat_msghdr+0x11a/0x170
[ 1214.548231][T23345]  ___sys_sendmsg+0x134/0x1d0
[ 1214.548247][T23345]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1214.548270][T23345]  ? find_held_lock+0x2b/0x80
[ 1214.548289][T23345]  __sys_sendmsg+0x16d/0x220
[ 1214.548305][T23345]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1214.548326][T23345]  ? rcu_is_watching+0x12/0xc0
[ 1214.548339][T23345]  __do_fast_syscall_32+0x7c/0x3a0
[ 1214.548357][T23345]  do_fast_syscall_32+0x32/0x80
[ 1214.548373][T23345]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1214.548387][T23345] RIP: 0023:0xf708e579
[ 1214.548395][T23345] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[ 1214.548406][T23345] RSP: 002b:00000000f507e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[ 1214.548417][T23345] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000800002c0
[ 1214.548443][T23345] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1214.548449][T23345] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1214.548455][T23345] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[ 1214.548462][T23345] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1214.548475][T23345]  </TASK>
[ 1214.659614][T11928] Bluetooth: hci3: command 0x0406 tx timeout
[ 1214.708904][T23360] FAULT_INJECTION: forcing a failure.
[ 1214.708904][T23360] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1214.713102][T23360] CPU: 2 UID: 0 PID: 23360 Comm: syz.0.4070 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) 
[ 1214.713118][T23360] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 1214.713125][T23360] Call Trace:
[ 1214.713130][T23360]  <TASK>
[ 1214.713134][T23360]  dump_stack_lvl+0x16c/0x1f0
[ 1214.713154][T23360]  should_fail_ex+0x512/0x640
[ 1214.713172][T23360]  _copy_to_user+0x32/0xd0
[ 1214.713190][T23360]  simple_read_from_buffer+0xcb/0x170
[ 1214.713205][T23360]  proc_fail_nth_read+0x197/0x270
[ 1214.713219][T23360]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1214.713232][T23360]  ? rw_verify_area+0xcf/0x680
[ 1214.713245][T23360]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1214.713257][T23360]  vfs_read+0x1e4/0xc60
[ 1214.713272][T23360]  ? fdget_pos+0x2a2/0x370
[ 1214.713288][T23360]  ? __pfx_vfs_read+0x10/0x10
[ 1214.713301][T23360]  ? find_held_lock+0x2b/0x80
[ 1214.713316][T23360]  ? __fget_files+0x20e/0x3c0
[ 1214.713333][T23360]  ksys_read+0x12a/0x250
[ 1214.713348][T23360]  ? __pfx_ksys_read+0x10/0x10
[ 1214.713364][T23360]  ? rcu_is_watching+0x12/0xc0
[ 1214.713376][T23360]  __do_fast_syscall_32+0x7c/0x3a0
[ 1214.713394][T23360]  do_fast_syscall_32+0x32/0x80
[ 1214.713411][T23360]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1214.713425][T23360] RIP: 0023:0xf708e579
[ 1214.713434][T23360] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[ 1214.713444][T23360] RSP: 002b:00000000f507e590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 1214.713454][T23360] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000f507e620
[ 1214.713461][T23360] RDX: 000000000000000f RSI: 00000000f73f3ff4 RDI: 0000000000000000
[ 1214.713485][T23360] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[ 1214.713495][T23360] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[ 1214.713505][T23360] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1214.713525][T23360]  </TASK>
[ 1214.927216][T23367] sch_tbf: burst 19872 is lower than device lo mtu (11337746) !
[ 1214.969589][   T40] audit: type=1800 audit(1751440274.972:4456): pid=23367 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.4069" name="nullb0" dev="tmpfs" ino=2124 res=0 errno=0
[ 1215.047039][T23375] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1215.051395][T23375] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1215.194107][T23377] FAULT_INJECTION: forcing a failure.
[ 1215.194107][T23377] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1215.198306][T23377] CPU: 1 UID: 0 PID: 23377 Comm: syz.5.4076 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) 
[ 1215.198329][T23377] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 1215.198339][T23377] Call Trace:
[ 1215.198345][T23377]  <TASK>
[ 1215.198352][T23377]  dump_stack_lvl+0x16c/0x1f0
[ 1215.198382][T23377]  should_fail_ex+0x512/0x640
[ 1215.198403][T23377]  _copy_from_user+0x2e/0xd0
[ 1215.198419][T23377]  get_compat_msghdr+0xa7/0x170
[ 1215.198437][T23377]  ? __pfx_get_compat_msghdr+0x10/0x10
[ 1215.198454][T23377]  ? __pfx__kstrtoull+0x10/0x10
[ 1215.198469][T23377]  ___sys_sendmsg+0x1ae/0x1d0
[ 1215.198487][T23377]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1215.198501][T23377]  ? __lock_acquire+0x622/0x1c90
[ 1215.198528][T23377]  ? __pfx___might_resched+0x10/0x10
[ 1215.198542][T23377]  __sys_sendmmsg+0x2f9/0x420
[ 1215.198560][T23377]  ? __pfx___sys_sendmmsg+0x10/0x10
[ 1215.198580][T23377]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 1215.198602][T23377]  ? fput+0x70/0xf0
[ 1215.198613][T23377]  ? ksys_write+0x1ac/0x250
[ 1215.198626][T23377]  ? __pfx_ksys_write+0x10/0x10
[ 1215.198643][T23377]  __ia32_compat_sys_sendmmsg+0x9d/0x100
[ 1215.198654][T23377]  ? syscall_enter_from_user_mode_prepare+0x68/0xe0
[ 1215.198674][T23377]  __do_fast_syscall_32+0x7c/0x3a0
[ 1215.198692][T23377]  do_fast_syscall_32+0x32/0x80
[ 1215.198709][T23377]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1215.198722][T23377] RIP: 0023:0xf709e579
[ 1215.198731][T23377] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[ 1215.198742][T23377] RSP: 002b:00000000f508e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000159
[ 1215.198752][T23377] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000080000000
[ 1215.198759][T23377] RDX: 0000000000000041 RSI: 0000000000000000 RDI: 0000000000000000
[ 1215.198765][T23377] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1215.198770][T23377] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[ 1215.198777][T23377] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1215.198790][T23377]  </TASK>
[ 1215.348029][T23375] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[ 1215.930169][T23407] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4083'.
[ 1216.328539][T23421] cgroup2: Unknown parameter 'pids_localeven'
[ 1216.395001][  T838] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None
[ 1216.738705][T23434] netlink: 20 bytes leftover after parsing attributes in process `syz.2.4092'.
[ 1217.553086][T23470] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4102'.
[ 1217.571468][T23470] netdevsim netdevsim2 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[ 1217.574499][T23470] netdevsim netdevsim2 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[ 1217.577100][T23470] netdevsim netdevsim2 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[ 1217.580378][T23470] netdevsim netdevsim2 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[ 1217.591695][T23470] vxlan0: entered promiscuous mode
[ 1217.602132][T23470] 9pnet: p9_errstr2errno: server reported unknown error �1 
[ 1217.722919][   T40] audit: type=1326 audit(1751440277.722:4457): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23490 comm="syz.0.4109" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf708e579 code=0x0
[ 1218.244713][ T6275] usb 38-1: device descriptor read/8, error -110
[ 1218.502485][T23508] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[ 1218.648778][ T6275] usb usb38-port1: attempt power cycle
[ 1218.712855][T23522] FAULT_INJECTION: forcing a failure.
[ 1218.712855][T23522] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1218.717447][T23522] CPU: 3 UID: 0 PID: 23522 Comm: syz.5.4121 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) 
[ 1218.717463][T23522] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 1218.717469][T23522] Call Trace:
[ 1218.717473][T23522]  <TASK>
[ 1218.717478][T23522]  dump_stack_lvl+0x16c/0x1f0
[ 1218.717497][T23522]  should_fail_ex+0x512/0x640
[ 1218.717515][T23522]  _copy_from_user+0x2e/0xd0
[ 1218.717533][T23522]  get_compat_msghdr+0xa7/0x170
[ 1218.717550][T23522]  ? __pfx_get_compat_msghdr+0x10/0x10
[ 1218.717577][T23522]  ___sys_sendmsg+0x1ae/0x1d0
[ 1218.717594][T23522]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1218.717616][T23522]  ? find_held_lock+0x2b/0x80
[ 1218.717647][T23522]  __sys_sendmsg+0x16d/0x220
[ 1218.717666][T23522]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1218.717688][T23522]  ? rcu_is_watching+0x12/0xc0
[ 1218.717701][T23522]  __do_fast_syscall_32+0x7c/0x3a0
[ 1218.717718][T23522]  do_fast_syscall_32+0x32/0x80
[ 1218.717734][T23522]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1218.717748][T23522] RIP: 0023:0xf709e579
[ 1218.717756][T23522] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[ 1218.717767][T23522] RSP: 002b:00000000f508e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[ 1218.717777][T23522] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000040
[ 1218.717783][T23522] RDX: 0000000000044080 RSI: 0000000000000000 RDI: 0000000000000000
[ 1218.717789][T23522] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1218.717796][T23522] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[ 1218.717802][T23522] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1218.717815][T23522]  </TASK>
[ 1219.245644][ T6275] usb usb38-port1: unable to enumerate USB device
[ 1219.917752][T23544] FAULT_INJECTION: forcing a failure.
[ 1219.917752][T23544] name failslab, interval 1, probability 0, space 0, times 0
[ 1219.921776][T23544] CPU: 3 UID: 0 PID: 23544 Comm: syz.5.4128 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) 
[ 1219.921792][T23544] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 1219.921799][T23544] Call Trace:
[ 1219.921803][T23544]  <TASK>
[ 1219.921808][T23544]  dump_stack_lvl+0x16c/0x1f0
[ 1219.921828][T23544]  should_fail_ex+0x512/0x640
[ 1219.921843][T23544]  ? fs_reclaim_acquire+0xae/0x150
[ 1219.921858][T23544]  ? tomoyo_encode2+0x100/0x3e0
[ 1219.921872][T23544]  should_failslab+0xc2/0x120
[ 1219.921882][T23544]  __kmalloc_noprof+0xd2/0x510
[ 1219.921901][T23544]  tomoyo_encode2+0x100/0x3e0
[ 1219.921917][T23544]  tomoyo_encode+0x29/0x50
[ 1219.921930][T23544]  tomoyo_realpath_from_path+0x18f/0x6e0
[ 1219.921946][T23544]  ? tomoyo_profile+0x47/0x60
[ 1219.921963][T23544]  tomoyo_path_number_perm+0x245/0x580
[ 1219.921975][T23544]  ? tomoyo_path_number_perm+0x237/0x580
[ 1219.921988][T23544]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1219.922014][T23544]  ? find_held_lock+0x2b/0x80
[ 1219.922025][T23544]  ? hook_file_ioctl_common+0x145/0x410
[ 1219.922040][T23544]  ? __fget_files+0x20e/0x3c0
[ 1219.922052][T23544]  ? __fput_deferred+0x440/0x480
[ 1219.922065][T23544]  security_file_ioctl_compat+0x9b/0x240
[ 1219.922079][T23544]  __ia32_compat_sys_ioctl+0xc3/0x370
[ 1219.922094][T23544]  __do_fast_syscall_32+0x7c/0x3a0
[ 1219.922112][T23544]  do_fast_syscall_32+0x32/0x80
[ 1219.922128][T23544]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1219.922141][T23544] RIP: 0023:0xf709e579
[ 1219.922150][T23544] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[ 1219.922160][T23544] RSP: 002b:00000000f508e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[ 1219.922170][T23544] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000800452d2
[ 1219.922177][T23544] RDX: 00000000800000c0 RSI: 0000000000000000 RDI: 0000000000000000
[ 1219.922183][T23544] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1219.922189][T23544] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[ 1219.922195][T23544] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1219.922208][T23544]  </TASK>
[ 1219.922218][T23544] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1220.047886][T11928] Bluetooth: hci2: unexpected event for opcode 0x2028
[ 1220.304652][T16994] usb 10-1: new high-speed USB device number 6 using dummy_hcd
[ 1220.457315][T16994] usb 10-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 1220.460484][T16994] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1220.463021][T16994] usb 10-1: Product: syz
[ 1220.464384][T16994] usb 10-1: Manufacturer: syz
[ 1220.465994][T16994] usb 10-1: SerialNumber: syz
[ 1220.472222][T16994] usb 10-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[ 1220.487481][ T7640] usb 10-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 1220.710554][  T838] usb 10-1: USB disconnect, device number 6
[ 1220.727934][T23569] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1220.730763][T23569] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1220.743288][T23569] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1220.745441][   T40] audit: type=1326 audit(1751440280.752:4458): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23570 comm="syz.5.4138" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709e579 code=0x7ffc0000
[ 1220.748334][T23569] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1221.524499][ T7640] ath9k_htc 10-1:1.0: ath9k_htc: Target is unresponsive
[ 1221.526786][ T7640] ath9k_htc: Failed to initialize the device
[ 1221.529093][  T838] usb 10-1: ath9k_htc: USB layer deinitialized
[ 1221.721171][T23629] FAULT_INJECTION: forcing a failure.
[ 1221.721171][T23629] name failslab, interval 1, probability 0, space 0, times 0
[ 1221.725699][T23629] CPU: 1 UID: 0 PID: 23629 Comm: syz.5.4156 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) 
[ 1221.725715][T23629] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 1221.725721][T23629] Call Trace:
[ 1221.725725][T23629]  <TASK>
[ 1221.725730][T23629]  dump_stack_lvl+0x16c/0x1f0
[ 1221.725749][T23629]  should_fail_ex+0x512/0x640
[ 1221.725767][T23629]  should_failslab+0xc2/0x120
[ 1221.725778][T23629]  kmem_cache_alloc_noprof+0x6d/0x3b0
[ 1221.725795][T23629]  ? dst_alloc+0x99/0x1a0
[ 1221.725812][T23629]  dst_alloc+0x99/0x1a0
[ 1221.725827][T23629]  rt_dst_alloc+0x35/0x3a0
[ 1221.725840][T23629]  ip_route_output_key_hash_rcu+0x87a/0x28f0
[ 1221.725860][T23629]  ip_route_output_key_hash+0x137/0x2e0
[ 1221.725875][T23629]  ? __pfx_ip_route_output_key_hash+0x10/0x10
[ 1221.725893][T23629]  ? __lock_acquire+0xb8a/0x1c90
[ 1221.725916][T23629]  tcp_v4_connect+0x806/0x1bd0
[ 1221.725943][T23629]  ? __pfx_tcp_v4_connect+0x10/0x10
[ 1221.725963][T23629]  ? __local_bh_enable_ip+0xa4/0x120
[ 1221.725984][T23629]  mptcp_connect+0x57c/0xfe0
[ 1221.726009][T23629]  __inet_stream_connect+0x3c8/0x1020
[ 1221.726031][T23629]  ? __pfx___inet_stream_connect+0x10/0x10
[ 1221.726049][T23629]  ? __pfx_do_raw_spin_lock+0x10/0x10
[ 1221.726077][T23629]  ? __pfx_inet_stream_connect+0x10/0x10
[ 1221.726100][T23629]  ? __local_bh_enable_ip+0xa4/0x120
[ 1221.726122][T23629]  ? __pfx_inet_stream_connect+0x10/0x10
[ 1221.726141][T23629]  inet_stream_connect+0x57/0xa0
[ 1221.726162][T23629]  __sys_connect_file+0x13e/0x1a0
[ 1221.726179][T23629]  __sys_connect+0x13b/0x160
[ 1221.726192][T23629]  ? __pfx___sys_connect+0x10/0x10
[ 1221.726205][T23629]  ? handle_mm_fault+0x2a0/0xd10
[ 1221.726223][T23629]  ? __pfx_ksys_write+0x10/0x10
[ 1221.726241][T23629]  __ia32_sys_connect+0x71/0xb0
[ 1221.726255][T23629]  ? syscall_enter_from_user_mode_prepare+0x68/0xe0
[ 1221.726272][T23629]  __do_fast_syscall_32+0x7c/0x3a0
[ 1221.726290][T23629]  do_fast_syscall_32+0x32/0x80
[ 1221.726306][T23629]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1221.726320][T23629] RIP: 0023:0xf709e579
[ 1221.726329][T23629] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[ 1221.726339][T23629] RSP: 002b:00000000f508e55c EFLAGS: 00000296 ORIG_RAX: 000000000000016a
[ 1221.726349][T23629] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000140
[ 1221.726356][T23629] RDX: 0000000000000010 RSI: 0000000000000000 RDI: 0000000000000000
[ 1221.726362][T23629] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1221.726368][T23629] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[ 1221.726374][T23629] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1221.726388][T23629]  </TASK>
[ 1222.493862][T23655] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1222.497552][T23655] Bluetooth: hci1: Opcode 0x0406 failed: -4
[ 1222.502287][T23655] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1222.504294][T23655] Bluetooth: hci2: Opcode 0x0406 failed: -4
[ 1222.510550][T23655] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1222.512532][T23655] Bluetooth: hci3: Opcode 0x0406 failed: -4
[ 1222.945056][T23665] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4169'.
[ 1222.961996][T23665] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4169'.
[ 1222.968260][T23665] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4169'.
[ 1222.974107][T23665] netlink: 22 bytes leftover after parsing attributes in process `syz.5.4169'.
[ 1223.114980][T23669] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4170'.
[ 1223.965751][T23685] netlink: set zone limit has 4 unknown bytes
[ 1224.208474][T23691] loop6: detected capacity change from 0 to 524287999
[ 1224.404620][T11928] Bluetooth: hci1: command 0x0406 tx timeout
[ 1224.565214][T15863] Bluetooth: hci2: command 0x0406 tx timeout
[ 1224.567188][T11928] Bluetooth: hci3: command 0x0406 tx timeout
[ 1224.694924][T23707] siw: device registration error -23
[ 1224.737721][T23708] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98
[ 1225.672518][T23730] openvswitch: netlink: IPv4 tun info is not correct
[ 1225.754949][T23737] FAULT_INJECTION: forcing a failure.
[ 1225.754949][T23737] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1225.759692][T23737] CPU: 3 UID: 0 PID: 23737 Comm: syz.0.4190 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) 
[ 1225.759707][T23737] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 1225.759714][T23737] Call Trace:
[ 1225.759718][T23737]  <TASK>
[ 1225.759723][T23737]  dump_stack_lvl+0x16c/0x1f0
[ 1225.759743][T23737]  should_fail_ex+0x512/0x640
[ 1225.759761][T23737]  _copy_to_user+0x32/0xd0
[ 1225.759779][T23737]  simple_read_from_buffer+0xcb/0x170
[ 1225.759795][T23737]  proc_fail_nth_read+0x197/0x270
[ 1225.759808][T23737]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1225.759825][T23737]  ? rw_verify_area+0xcf/0x680
[ 1225.759838][T23737]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1225.759850][T23737]  vfs_read+0x1e4/0xc60
[ 1225.759865][T23737]  ? fdget_pos+0x2a2/0x370
[ 1225.759882][T23737]  ? __pfx_vfs_read+0x10/0x10
[ 1225.759895][T23737]  ? find_held_lock+0x2b/0x80
[ 1225.759910][T23737]  ? __fget_files+0x20e/0x3c0
[ 1225.759928][T23737]  ksys_read+0x12a/0x250
[ 1225.759942][T23737]  ? __pfx_ksys_read+0x10/0x10
[ 1225.759957][T23737]  ? rcu_is_watching+0x12/0xc0
[ 1225.759970][T23737]  __do_fast_syscall_32+0x7c/0x3a0
[ 1225.759988][T23737]  do_fast_syscall_32+0x32/0x80
[ 1225.760004][T23737]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1225.760018][T23737] RIP: 0023:0xf708e579
[ 1225.760027][T23737] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[ 1225.760037][T23737] RSP: 002b:00000000f5055590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 1225.760048][T23737] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 00000000f5055620
[ 1225.760055][T23737] RDX: 000000000000000f RSI: 00000000f73f3ff4 RDI: 0000000000000000
[ 1225.760061][T23737] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[ 1225.760067][T23737] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[ 1225.760074][T23737] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1225.760087][T23737]  </TASK>
[ 1226.494548][T11928] Bluetooth: hci1: command 0x0406 tx timeout
[ 1226.497181][T23755] netlink: 'syz.2.4194': attribute type 2 has an invalid length.
[ 1226.499819][T23755] netlink: 'syz.2.4194': attribute type 1 has an invalid length.
[ 1226.502611][T23755] netlink: 'syz.2.4194': attribute type 1 has an invalid length.
[ 1226.506948][T23755] sch_tbf: burst 19872 is lower than device lo mtu (11337746) !
[ 1226.644804][T11928] Bluetooth: hci3: command 0x0406 tx timeout
[ 1226.644879][T15863] Bluetooth: hci2: command 0x0406 tx timeout
[ 1227.822001][T23772] overlayfs: failed to decode file handle (len=19, type=248, flags=0, err=-61)
[ 1227.982982][   T40] audit: type=1326 audit(1751440287.982:4459): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23773 comm="syz.5.4201" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709e579 code=0x7fc00000
[ 1228.712445][   T40] audit: type=1326 audit(1751440288.712:4460): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23773 comm="syz.5.4201" exe="/syz-executor" sig=0 arch=40000003 syscall=370 compat=1 ip=0xf709e579 code=0x7fc00000
[ 1228.843779][T23787] netlink: 'syz.5.4204': attribute type 2 has an invalid length.
[ 1228.846544][T23787] netlink: 12 bytes leftover after parsing attributes in process `syz.5.4204'.
[ 1228.866944][  T838] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None
[ 1229.354347][T23791] lo speed is unknown, defaulting to 1000
[ 1229.433459][T23791] lo speed is unknown, defaulting to 1000
[ 1235.574567][T23853] netlink: 'syz.0.4212': attribute type 2 has an invalid length.
[ 1235.577015][T23853] netlink: 'syz.0.4212': attribute type 1 has an invalid length.
[ 1235.579399][T23853] netlink: 'syz.0.4212': attribute type 1 has an invalid length.
[ 1235.583673][T23853] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[ 1235.612003][   T40] audit: type=1326 audit(1751440295.612:4461): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23845 comm="syz.5.4213" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709e579 code=0x7ffc0000
[ 1235.620631][   T40] audit: type=1326 audit(1751440295.612:4462): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23845 comm="syz.5.4213" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709e579 code=0x7ffc0000
[ 1235.652895][T23857] netlink: 'syz.2.4214': attribute type 2 has an invalid length.
[ 1235.656443][T23857] netlink: 'syz.2.4214': attribute type 1 has an invalid length.
[ 1235.659758][T23857] netlink: 'syz.2.4214': attribute type 1 has an invalid length.
[ 1235.661798][   T40] audit: type=1326 audit(1751440295.612:4463): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23845 comm="syz.5.4213" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf709e579 code=0x7ffc0000
[ 1235.669710][T23857] sch_tbf: burst 19872 is lower than device lo mtu (11337746) !
[ 1235.970865][   T40] audit: type=1326 audit(1751440295.612:4464): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23845 comm="syz.5.4213" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709e579 code=0x7ffc0000
[ 1235.990603][   T40] audit: type=1326 audit(1751440295.612:4465): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23845 comm="syz.5.4213" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709e579 code=0x7ffc0000
[ 1235.997296][   T40] audit: type=1326 audit(1751440295.612:4466): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23845 comm="syz.5.4213" exe="/syz-executor" sig=0 arch=40000003 syscall=361 compat=1 ip=0xf709e579 code=0x7ffc0000
[ 1236.003820][   T40] audit: type=1326 audit(1751440295.612:4467): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23845 comm="syz.5.4213" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709e579 code=0x7ffc0000
[ 1236.011932][   T40] audit: type=1326 audit(1751440295.612:4468): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23845 comm="syz.5.4213" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709e579 code=0x7ffc0000
[ 1236.020731][   T40] audit: type=1326 audit(1751440295.612:4469): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23845 comm="syz.5.4213" exe="/syz-executor" sig=0 arch=40000003 syscall=337 compat=1 ip=0xf709e579 code=0x7ffc0000
[ 1236.028657][   T40] audit: type=1326 audit(1751440295.612:4470): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23845 comm="syz.5.4213" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709e579 code=0x7ffc0000
[ 1236.709143][T23874] netlink: 3 bytes leftover after parsing attributes in process `syz.5.4218'.
[ 1236.720814][T23874] batadv1: entered allmulticast mode
[ 1236.771031][T23878] input: syz1 as /devices/virtual/input/input51
[ 1236.801271][T23878] netlink: 12 bytes leftover after parsing attributes in process `syz.5.4218'.
[ 1236.875402][T23874] netlink: 132 bytes leftover after parsing attributes in process `syz.5.4218'.
[ 1238.168173][ T1419] ieee802154 phy0 wpan0: encryption failed: -22
[ 1238.171071][ T1419] ieee802154 phy1 wpan1: encryption failed: -22
[ 1239.707795][T23912] netlink: 'syz.0.4231': attribute type 2 has an invalid length.
[ 1239.713085][T23912] netlink: 'syz.0.4231': attribute type 1 has an invalid length.
[ 1239.717120][T23912] netlink: 'syz.0.4231': attribute type 1 has an invalid length.
[ 1239.732178][T23912] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[ 1240.827612][T23931] netlink: 240 bytes leftover after parsing attributes in process `syz.0.4235'.
[ 1240.830391][T23931] netlink: 240 bytes leftover after parsing attributes in process `syz.0.4235'.
[ 1241.132260][   T40] kauditd_printk_skb: 182 callbacks suppressed
[ 1241.132272][   T40] audit: type=1804 audit(1751440301.132:4653): pid=23950 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.4240" name="cgroup.controllers" dev="tmpfs" ino=2614 res=1 errno=0
[ 1241.143605][   T40] audit: type=1800 audit(1751440301.142:4654): pid=23950 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.4240" name="cgroup.controllers" dev="tmpfs" ino=2614 res=0 errno=0
[ 1241.164803][T23950] netlink: 20 bytes leftover after parsing attributes in process `syz.2.4240'.
[ 1241.257325][   T40] audit: type=1800 audit(1751440301.162:4655): pid=23950 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.4240" name="cgroup.controllers" dev="tmpfs" ino=2614 res=0 errno=0
[ 1244.145930][T23976] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4248'.
[ 1244.308566][   T40] audit: type=1326 audit(1751440304.312:4656): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23975 comm="syz.5.4248" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709e579 code=0x7fc00000
[ 1244.964513][   T40] audit: type=1326 audit(1751440304.962:4657): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23975 comm="syz.5.4248" exe="/syz-executor" sig=0 arch=40000003 syscall=370 compat=1 ip=0xf709e579 code=0x7fc00000
[ 1244.972102][   T40] audit: type=1326 audit(1751440304.962:4658): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23975 comm="syz.5.4248" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709e579 code=0x7fc00000
[ 1244.981179][   T40] audit: type=1326 audit(1751440304.962:4659): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23975 comm="syz.5.4248" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709e579 code=0x7fc00000
[ 1244.989840][   T40] audit: type=1326 audit(1751440304.962:4660): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23975 comm="syz.5.4248" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709e579 code=0x7fc00000
[ 1244.999027][   T40] audit: type=1326 audit(1751440304.962:4661): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23975 comm="syz.5.4248" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709e579 code=0x7fc00000
[ 1245.007259][   T40] audit: type=1326 audit(1751440304.962:4662): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23975 comm="syz.5.4248" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709e579 code=0x7fc00000
[ 1245.019663][T23990] netlink: 'syz.5.4251': attribute type 2 has an invalid length.
[ 1245.021926][T23990] netlink: 'syz.5.4251': attribute type 1 has an invalid length.
[ 1245.024302][T23990] netlink: 'syz.5.4251': attribute type 1 has an invalid length.
[ 1245.038286][T23990] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[ 1245.773930][T24010] netlink: set zone limit has 8 unknown bytes
[ 1246.788525][T24031] netlink: 'syz.2.4263': attribute type 1 has an invalid length.
[ 1246.810887][T24031] 8021q: adding VLAN 0 to HW filter on device bond7
[ 1249.949075][T24095] NILFS (nbd0): device size too small
[ 1250.568987][T24114] netlink: 'syz.3.4286': attribute type 2 has an invalid length.
[ 1250.571203][T24114] netlink: 'syz.3.4286': attribute type 1 has an invalid length.
[ 1250.573446][T24114] netlink: 'syz.3.4286': attribute type 1 has an invalid length.
[ 1250.577208][T24114] sch_tbf: burst 19872 is lower than device lo mtu (11337746) !
[ 1251.622559][T24129] ip6t_srh: unknown srh invflags 6BE9
[ 1251.633868][T24129] ubi31: attaching mtd0
[ 1251.641034][T24129] ubi31: scanning is finished
[ 1251.811777][T24129] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB)
[ 1251.814361][T24129] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[ 1251.816850][T24129] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1
[ 1251.819038][T24129] ubi31: VID header offset: 64 (aligned 64), data offset: 128
[ 1251.821382][T24129] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[ 1251.823519][T24129] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 23
[ 1251.826095][T24129] ubi31: max/mean erase counter: 2/1, WL threshold: 4096, image sequence number: 288141314
[ 1251.829192][T24129] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[ 1251.832421][T24131] ubi31: background thread "ubi_bgt31d" started, PID 24131
[ 1251.993095][T24133] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4290'.
[ 1251.999048][T24133] netlink: zone id is out of range
[ 1252.002094][T24133] netlink: zone id is out of range
[ 1252.004062][T24133] netlink: zone id is out of range
[ 1252.005980][T24133] netlink: zone id is out of range
[ 1252.018814][T24133] netlink: set zone limit has 4 unknown bytes
[ 1252.059479][T24135] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(11)
[ 1252.061609][T24135] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[ 1252.065768][T24135] vhci_hcd vhci_hcd.0: Device attached
[ 1252.068991][T24136] vhci_hcd: connection closed
[ 1252.071218][T24058] vhci_hcd: stop threads
[ 1252.075405][T24058] vhci_hcd: release socket
[ 1252.077344][T24058] vhci_hcd: disconnect device
[ 1253.530747][T24160] netlink: 'syz.5.4298': attribute type 2 has an invalid length.
[ 1253.533888][T24160] netlink: 'syz.5.4298': attribute type 1 has an invalid length.
[ 1253.536930][T24160] netlink: 'syz.5.4298': attribute type 1 has an invalid length.
[ 1253.541274][T24160] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[ 1254.419286][T24167] FAULT_INJECTION: forcing a failure.
[ 1254.419286][T24167] name failslab, interval 1, probability 0, space 0, times 0
[ 1254.423367][T24167] CPU: 2 UID: 0 PID: 24167 Comm: syz.5.4300 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) 
[ 1254.423394][T24167] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 1254.423401][T24167] Call Trace:
[ 1254.423406][T24167]  <TASK>
[ 1254.423411][T24167]  dump_stack_lvl+0x16c/0x1f0
[ 1254.423431][T24167]  should_fail_ex+0x512/0x640
[ 1254.423446][T24167]  ? fs_reclaim_acquire+0xae/0x150
[ 1254.423460][T24167]  ? tomoyo_encode2+0x100/0x3e0
[ 1254.423473][T24167]  should_failslab+0xc2/0x120
[ 1254.423484][T24167]  __kmalloc_noprof+0xd2/0x510
[ 1254.423499][T24167]  ? d_absolute_path+0x136/0x1a0
[ 1254.423513][T24167]  tomoyo_encode2+0x100/0x3e0
[ 1254.423529][T24167]  tomoyo_encode+0x29/0x50
[ 1254.423542][T24167]  tomoyo_realpath_from_path+0x18f/0x6e0
[ 1254.423561][T24167]  tomoyo_path_number_perm+0x245/0x580
[ 1254.423572][T24167]  ? tomoyo_path_number_perm+0x237/0x580
[ 1254.423590][T24167]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1254.423617][T24167]  ? find_held_lock+0x2b/0x80
[ 1254.423628][T24167]  ? hook_file_ioctl_common+0x145/0x410
[ 1254.423646][T24167]  ? __fget_files+0x20e/0x3c0
[ 1254.423659][T24167]  ? __fput_deferred+0x440/0x480
[ 1254.423672][T24167]  security_file_ioctl_compat+0x9b/0x240
[ 1254.423687][T24167]  __ia32_compat_sys_ioctl+0xc3/0x370
[ 1254.423702][T24167]  __do_fast_syscall_32+0x7c/0x3a0
[ 1254.423720][T24167]  do_fast_syscall_32+0x32/0x80
[ 1254.423736][T24167]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1254.423753][T24167] RIP: 0023:0xf709e579
[ 1254.423761][T24167] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[ 1254.423772][T24167] RSP: 002b:00000000f506d55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[ 1254.423783][T24167] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c0487c04
[ 1254.423790][T24167] RDX: 0000000080000280 RSI: 0000000000000000 RDI: 0000000000000000
[ 1254.423796][T24167] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1254.423802][T24167] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[ 1254.423808][T24167] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1254.423822][T24167]  </TASK>
[ 1254.495133][T24167] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1255.303887][T24177] kAFS: No cell specified
[ 1255.882513][T15863] Bluetooth: hci2: Malformed LE Event: 0x0b
[ 1256.002592][T24198] netlink: 'syz.2.4309': attribute type 2 has an invalid length.
[ 1256.006180][T24198] netlink: 'syz.2.4309': attribute type 1 has an invalid length.
[ 1256.008607][T24198] netlink: 'syz.2.4309': attribute type 1 has an invalid length.
[ 1256.017724][T24198] sch_tbf: burst 19872 is lower than device lo mtu (11337746) !
[ 1256.064113][T24196] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1256.068253][T24196] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1256.093167][T24199] lo speed is unknown, defaulting to 1000
[ 1256.175650][T24199] lo speed is unknown, defaulting to 1000
[ 1256.402521][T24203] netdevsim netdevsim5: Direct firmware load for ��0���Pq���D"�2�N�ktT�Wj��%�N�� failed with error -2
[ 1256.408764][T24203] netdevsim netdevsim5: Falling back to sysfs fallback for: ��0���Pq���D"�2�N�ktT�Wj��%�N��
[ 1256.471724][T24209] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[ 1256.474161][T24209] IPv6: NLM_F_CREATE should be set when creating new route
[ 1256.476480][T24209] IPv6: NLM_F_CREATE should be set when creating new route
[ 1256.478997][T24209] IPv6: NLM_F_CREATE should be set when creating new route
[ 1256.692559][T24215] afs: Unknown parameter 'dy'
[ 1256.793653][T24219] tmpfs: Bad value for 'mpol'
[ 1256.862065][T24223] netlink: 68 bytes leftover after parsing attributes in process `syz.2.4318'.
[ 1256.944192][T24226] FAULT_INJECTION: forcing a failure.
[ 1256.944192][T24226] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1256.953040][T24226] CPU: 0 UID: 0 PID: 24226 Comm: syz.0.4319 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) 
[ 1256.953062][T24226] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 1256.953071][T24226] Call Trace:
[ 1256.953077][T24226]  <TASK>
[ 1256.953097][T24226]  dump_stack_lvl+0x16c/0x1f0
[ 1256.953126][T24226]  should_fail_ex+0x512/0x640
[ 1256.953154][T24226]  _copy_from_user+0x2e/0xd0
[ 1256.953182][T24226]  ia32_restore_sigcontext+0xc3/0x630
[ 1256.953207][T24226]  ? __pfx_ia32_restore_sigcontext+0x10/0x10
[ 1256.953237][T24226]  ? rcu_is_watching+0x12/0xc0
[ 1256.953255][T24226]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1256.953278][T24226]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1256.953305][T24226]  __do_compat_sys_rt_sigreturn+0x120/0x1f0
[ 1256.953332][T24226]  ? __pfx___do_compat_sys_rt_sigreturn+0x10/0x10
[ 1256.953360][T24226]  ? rcu_is_watching+0x12/0xc0
[ 1256.953380][T24226]  do_int80_emulation+0x104/0x460
[ 1256.953409][T24226]  asm_int80_emulation+0x1a/0x20
[ 1256.953427][T24226] RIP: 0023:0xf708e5a7
[ 1256.953441][T24226] Code: 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 90 58 b8 77 00 00 00 cd 80 90 8d b4 26 00 00 00 00 b8 ad 00 00 00 cd 80 <90> 90 90 90 90 90 90 90 90 55 89 e5 57 8d 3d 2c dc ff ff 56 53 e8
[ 1256.953457][T24226] RSP: 002b:00000000f507d940 EFLAGS: 00000286 ORIG_RAX: 00000000000000ad
[ 1256.953474][T24226] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000f507d9cc
[ 1256.953486][T24226] RDX: 00000000f507d94c RSI: 0000000000000000 RDI: 0000000000000000
[ 1256.953496][T24226] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1256.953506][T24226] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1256.953516][T24226] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1256.953547][T24226]  </TASK>
[ 1256.995267][T24223] lo speed is unknown, defaulting to 1000
[ 1257.164368][T24223] lo speed is unknown, defaulting to 1000
[ 1257.313309][T24228] lo speed is unknown, defaulting to 1000
[ 1257.391130][T24228] lo speed is unknown, defaulting to 1000
[ 1257.471987][T24239] afs: Unknown parameter 'dy'
[ 1258.251610][T24247] netlink: 44 bytes leftover after parsing attributes in process `syz.5.4325'.
[ 1258.260678][T24247] netlink: 6 bytes leftover after parsing attributes in process `syz.5.4325'.
[ 1258.345427][T24247] delete_channel: no stack
[ 1258.980904][T24269] afs: Unknown parameter 'dy'
[ 1260.685064][T24298] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4342'.
[ 1260.917284][T24309] netlink: 52 bytes leftover after parsing attributes in process `syz.2.4347'.
[ 1261.114629][ T7640] usb 10-1: new high-speed USB device number 7 using dummy_hcd
[ 1261.264595][ T7640] usb 10-1: Using ep0 maxpacket: 8
[ 1261.268479][ T7640] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1261.271669][ T7640] usb 10-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[ 1261.275518][ T7640] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1261.280602][ T7640] usb 10-1: config 0 descriptor??
[ 1261.504613][ T7640] iowarrior 10-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior1
[ 1261.511142][ T7640] usb 10-1: USB disconnect, device number 7
[ 1262.359748][T24348] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4360'.
[ 1263.081313][T24351] syz_tun: entered promiscuous mode
[ 1263.083710][T24351] batadv_slave_0: entered promiscuous mode
[ 1263.250061][T24361] rdma_rxe: rxe_newlink: failed to add vxcan1
[ 1263.310172][T24364] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4366'.
[ 1263.312885][T24364] netlink: 24 bytes leftover after parsing attributes in process `syz.0.4366'.
[ 1263.650699][T24366] xt_CT: You must specify a L4 protocol and not use inversions on it
[ 1263.706600][T24370] netlink: 'syz.0.4366': attribute type 4 has an invalid length.
[ 1263.768460][T24371] netlink: 'syz.0.4366': attribute type 4 has an invalid length.
[ 1264.353035][T24379] netlink: 16 bytes leftover after parsing attributes in process `syz.0.4369'.
[ 1264.357409][T24379] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4369'.
[ 1264.462076][T24381] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4369'.
[ 1265.112364][T24395] usbtmc 5-1:16.0: send_request_dev_dep_msg_in returned -71
[ 1265.136808][T24395] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1265.140705][T24395] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1265.774521][  T839] usb 10-1: new high-speed USB device number 8 using dummy_hcd
[ 1265.945636][  T839] usb 10-1: Using ep0 maxpacket: 32
[ 1265.948752][  T839] usb 10-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[ 1265.954016][  T839] usb 10-1: New USB device found, idVendor=b6d8, idProduct=0009, bcdDevice=de.79
[ 1265.957851][  T839] usb 10-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[ 1265.961346][  T839] usb 10-1: Product: syz
[ 1265.962920][  T839] usb 10-1: Manufacturer: syz
[ 1265.964752][  T839] usb 10-1: SerialNumber: syz
[ 1265.969383][  T839] usb 10-1: config 0 descriptor??
[ 1265.971599][T24399] raw-gadget.3 gadget.5: fail, usb_ep_enable returned -22
[ 1266.595095][T24416] lo speed is unknown, defaulting to 1000
[ 1266.667341][T24416] lo speed is unknown, defaulting to 1000
[ 1266.941450][T24421] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4383'.
[ 1267.209260][T24427] netlink: 'syz.2.4384': attribute type 2 has an invalid length.
[ 1267.212534][T24427] netlink: 'syz.2.4384': attribute type 1 has an invalid length.
[ 1267.215860][T24427] netlink: 'syz.2.4384': attribute type 1 has an invalid length.
[ 1267.222112][T24427] sch_tbf: burst 19872 is lower than device lo mtu (11337746) !
[ 1268.221028][T24447] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4392'.
[ 1268.225298][T24447] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4392'.
[ 1268.292520][T24446] lo speed is unknown, defaulting to 1000
[ 1268.411554][T24446] lo speed is unknown, defaulting to 1000
[ 1268.411876][T24447] lo speed is unknown, defaulting to 1000
[ 1268.488500][T24447] lo speed is unknown, defaulting to 1000
[ 1268.527113][ T7640] usb 10-1: USB disconnect, device number 8
[ 1268.876138][T24469] netlink: 'syz.3.4397': attribute type 2 has an invalid length.
[ 1268.878708][T24469] netlink: 'syz.3.4397': attribute type 1 has an invalid length.
[ 1268.881196][T24469] netlink: 'syz.3.4397': attribute type 1 has an invalid length.
[ 1268.951600][T24469] sch_tbf: burst 19872 is lower than device lo mtu (11337746) !
[ 1268.975722][T24460] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1269.255249][T24460] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1269.285838][T24460] usbtmc 5-1:16.0: send_request_dev_dep_msg_in returned -71
[ 1269.433750][T24475] netlink: 'syz.2.4399': attribute type 30 has an invalid length.
[ 1269.438126][T24475] (unnamed net_device) (uninitialized): option arp_missed_max: invalid value (0)
[ 1269.441154][T24475] (unnamed net_device) (uninitialized): option arp_missed_max: allowed values 1 - 255
[ 1269.707792][T24485] netlink: 3 bytes leftover after parsing attributes in process `syz.2.4400'.
[ 1269.743070][T24485] batadv1: entered allmulticast mode
[ 1269.828117][T24460] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1269.831378][T24460] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1269.944610][  T839] usb 10-1: new high-speed USB device number 9 using dummy_hcd
[ 1269.974790][   T40] kauditd_printk_skb: 31 callbacks suppressed
[ 1269.974805][   T40] audit: type=1326 audit(1751440329.972:4694): auid=4294967295 uid=60929 gid=0 ses=4294967295 subj=unconfined pid=24481 comm="syz.3.4402" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf70be579 code=0x0
[ 1270.094576][  T839] usb 10-1: Using ep0 maxpacket: 32
[ 1270.097523][  T839] usb 10-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[ 1270.102244][  T839] usb 10-1: New USB device found, idVendor=b6d8, idProduct=0009, bcdDevice=de.79
[ 1270.105167][  T839] usb 10-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[ 1270.107745][  T839] usb 10-1: Product: syz
[ 1270.109105][  T839] usb 10-1: Manufacturer: syz
[ 1270.110600][  T839] usb 10-1: SerialNumber: syz
[ 1270.117937][  T839] usb 10-1: config 0 descriptor??
[ 1270.120035][T24484] raw-gadget.2 gadget.5: fail, usb_ep_enable returned -22
[ 1270.637950][T24493] netlink: 4768 bytes leftover after parsing attributes in process `syz.3.4405'.
[ 1270.805760][T24504] netlink: 4768 bytes leftover after parsing attributes in process `syz.3.4409'.
[ 1270.850824][T24513] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4412'.
[ 1270.862207][T24513] bond12: entered promiscuous mode
[ 1270.863950][T24513] bond12: entered allmulticast mode
[ 1270.872036][T24513] geneve2: entered promiscuous mode
[ 1270.873797][T24513] geneve2: entered allmulticast mode
[ 1270.876093][T24515] netlink: 'syz.2.4411': attribute type 2 has an invalid length.
[ 1270.878792][T24515] netlink: 'syz.2.4411': attribute type 1 has an invalid length.
[ 1270.881419][T24515] netlink: 'syz.2.4411': attribute type 1 has an invalid length.
[ 1270.894908][T24513] bond12: (slave geneve2): Enslaving as an active interface with an up link
[ 1270.898242][T24515] sch_tbf: burst 19872 is lower than device lo mtu (11337746) !
[ 1271.003933][T24513] FAULT_INJECTION: forcing a failure.
[ 1271.003933][T24513] name failslab, interval 1, probability 0, space 0, times 0
[ 1271.013082][T24513] CPU: 2 UID: 0 PID: 24513 Comm: syz.3.4412 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) 
[ 1271.013107][T24513] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 1271.013118][T24513] Call Trace:
[ 1271.013124][T24513]  <TASK>
[ 1271.013131][T24513]  dump_stack_lvl+0x16c/0x1f0
[ 1271.013160][T24513]  should_fail_ex+0x512/0x640
[ 1271.013184][T24513]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[ 1271.013213][T24513]  should_failslab+0xc2/0x120
[ 1271.013231][T24513]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[ 1271.013257][T24513]  ? __alloc_skb+0x2b2/0x380
[ 1271.013286][T24513]  __alloc_skb+0x2b2/0x380
[ 1271.013310][T24513]  ? __pfx___alloc_skb+0x10/0x10
[ 1271.013334][T24513]  ? kasan_quarantine_put+0x10a/0x240
[ 1271.013358][T24513]  ? lockdep_hardirqs_on+0x40/0x110
[ 1271.013396][T24513]  inet_netconf_notify_devconf+0x8b/0x1f0
[ 1271.013423][T24513]  inetdev_event+0xed5/0x18a0
[ 1271.013446][T24513]  ? ib_netdevice_event+0xfc/0x330
[ 1271.013466][T24513]  ? __pfx_inetdev_event+0x10/0x10
[ 1271.013490][T24513]  ? __sanitizer_cov_trace_switch+0x54/0x90
[ 1271.013522][T24513]  notifier_call_chain+0xbc/0x410
[ 1271.013543][T24513]  ? __pfx_inetdev_event+0x10/0x10
[ 1271.013571][T24513]  call_netdevice_notifiers_info+0xbe/0x140
[ 1271.013595][T24513]  unregister_netdevice_many_notify+0xf9d/0x2700
[ 1271.013626][T24513]  ? __pfx_unregister_netdevice_many_notify+0x10/0x10
[ 1271.013647][T24513]  ? __pfx___mutex_lock+0x10/0x10
[ 1271.013679][T24513]  ? unregister_netdevice_queue+0x22e/0x3f0
[ 1271.013699][T24513]  ? __pfx_unregister_netdevice_queue+0x10/0x10
[ 1271.013719][T24513]  ? __nla_parse+0x40/0x60
[ 1271.013742][T24513]  rtnl_dellink+0x3cb/0xa80
[ 1271.013766][T24513]  ? __pfx_unregister_netdevice_queue+0x10/0x10
[ 1271.013784][T24513]  ? dev_hard_start_xmit+0x94/0x740
[ 1271.013804][T24513]  ? __dev_queue_xmit+0x7eb/0x43e0
[ 1271.013825][T24513]  ? netlink_deliver_tap+0xa87/0xd30
[ 1271.013841][T24513]  ? netlink_unicast+0x5df/0x7f0
[ 1271.013875][T24513]  ? __pfx_rtnl_dellink+0x10/0x10
[ 1271.013899][T24513]  ? __sys_sendmsg+0x16d/0x220
[ 1271.013925][T24513]  ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1271.014002][T24513]  ? __lock_acquire+0x622/0x1c90
[ 1271.014028][T24513]  ? rcu_is_watching+0x12/0xc0
[ 1271.014045][T24513]  ? trace_cap_capable+0x18d/0x200
[ 1271.014072][T24513]  ? find_held_lock+0x2b/0x80
[ 1271.014103][T24513]  ? __pfx_rtnl_dellink+0x10/0x10
[ 1271.014128][T24513]  ? __pfx_rtnl_dellink+0x10/0x10
[ 1271.014150][T24513]  ? rtnetlink_rcv_msg+0x93a/0xe90
[ 1271.014168][T24513]  ? __pfx_rtnl_dellink+0x10/0x10
[ 1271.014195][T24513]  rtnetlink_rcv_msg+0x95b/0xe90
[ 1271.014214][T24513]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1271.014239][T24513]  ? ref_tracker_free+0x37c/0x830
[ 1271.014269][T24513]  netlink_rcv_skb+0x155/0x420
[ 1271.014287][T24513]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1271.014306][T24513]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1271.014336][T24513]  ? netlink_deliver_tap+0x1ae/0xd30
[ 1271.014360][T24513]  netlink_unicast+0x53d/0x7f0
[ 1271.014383][T24513]  ? __pfx_netlink_unicast+0x10/0x10
[ 1271.014415][T24513]  netlink_sendmsg+0x8d1/0xdd0
[ 1271.014440][T24513]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1271.014462][T24513]  ? __import_iovec+0x1dd/0x650
[ 1271.014498][T24513]  ____sys_sendmsg+0xa98/0xc70
[ 1271.014523][T24513]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1271.014543][T24513]  ? get_compat_msghdr+0x11a/0x170
[ 1271.014582][T24513]  ___sys_sendmsg+0x134/0x1d0
[ 1271.014608][T24513]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1271.014646][T24513]  ? find_held_lock+0x2b/0x80
[ 1271.014680][T24513]  __sys_sendmsg+0x16d/0x220
[ 1271.014706][T24513]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1271.014742][T24513]  ? rcu_is_watching+0x12/0xc0
[ 1271.014763][T24513]  __do_fast_syscall_32+0x7c/0x3a0
[ 1271.014792][T24513]  do_fast_syscall_32+0x32/0x80
[ 1271.014818][T24513]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1271.014838][T24513] RIP: 0023:0xf70be579
[ 1271.014852][T24513] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[ 1271.014869][T24513] RSP: 002b:00000000f50ae55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[ 1271.014885][T24513] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000280
[ 1271.014897][T24513] RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000000
[ 1271.014907][T24513] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1271.014918][T24513] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[ 1271.014928][T24513] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1271.014951][T24513]  </TASK>
[ 1271.181449][T24513] bond12 (unregistering): (slave geneve2): Releasing backup interface
[ 1271.187753][T24513] geneve2: left promiscuous mode
[ 1271.190121][T24513] geneve2: left allmulticast mode
[ 1271.194004][T24513] bond12 (unregistering): Released all slaves
[ 1271.376722][ T7640] usb 10-1: USB disconnect, device number 9
[ 1271.557689][T24523] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[ 1272.387543][T24568] netlink: 'syz.3.4424': attribute type 2 has an invalid length.
[ 1272.390675][T24568] netlink: 'syz.3.4424': attribute type 1 has an invalid length.
[ 1272.402604][T24568] netlink: 'syz.3.4424': attribute type 1 has an invalid length.
[ 1272.422008][T24568] sch_tbf: burst 19872 is lower than device lo mtu (11337746) !
[ 1272.423588][T24570] openvswitch: netlink: Flow actions attr not present in new flow.
[ 1273.253541][T24578] FAULT_INJECTION: forcing a failure.
[ 1273.253541][T24578] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1273.257702][T24578] CPU: 3 UID: 0 PID: 24578 Comm: syz.3.4428 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) 
[ 1273.257717][T24578] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 1273.257724][T24578] Call Trace:
[ 1273.257729][T24578]  <TASK>
[ 1273.257733][T24578]  dump_stack_lvl+0x16c/0x1f0
[ 1273.257754][T24578]  should_fail_ex+0x512/0x640
[ 1273.257772][T24578]  _copy_from_user+0x2e/0xd0
[ 1273.257789][T24578]  get_compat_msghdr+0xa7/0x170
[ 1273.257807][T24578]  ? __pfx_get_compat_msghdr+0x10/0x10
[ 1273.257829][T24578]  ___sys_sendmsg+0x1ae/0x1d0
[ 1273.257846][T24578]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1273.257869][T24578]  ? find_held_lock+0x2b/0x80
[ 1273.257888][T24578]  __sys_sendmsg+0x16d/0x220
[ 1273.257904][T24578]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1273.257926][T24578]  ? rcu_is_watching+0x12/0xc0
[ 1273.257939][T24578]  __do_fast_syscall_32+0x7c/0x3a0
[ 1273.257956][T24578]  do_fast_syscall_32+0x32/0x80
[ 1273.257973][T24578]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1273.257988][T24578] RIP: 0023:0xf70be579
[ 1273.257996][T24578] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[ 1273.258006][T24578] RSP: 002b:00000000f50ae55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[ 1273.258016][T24578] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000540
[ 1273.258023][T24578] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1273.258029][T24578] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1273.258035][T24578] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[ 1273.258040][T24578] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1273.258053][T24578]  </TASK>
[ 1273.400684][T24583] bond0: (slave bond_slave_1): Releasing backup interface
[ 1273.414182][T24583] team0: Port device team_slave_0 removed
[ 1273.420476][T24583] team0: Port device team_slave_1 removed
[ 1273.423675][T24583] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1273.428002][T24583] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1273.430410][T24583] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1273.439806][T24583] bond11: (slave vlan2): Releasing active interface
[ 1273.447416][ T7640] lo speed is unknown, defaulting to 1000
[ 1273.457660][T16994] syz1: Port: 1 Link DOWN
[ 1273.500806][T24583] netlink: 16 bytes leftover after parsing attributes in process `syz.3.4429'.
[ 1273.505220][T24583] netlink: 16 bytes leftover after parsing attributes in process `syz.3.4429'.
[ 1273.509050][T24583] vlan0: entered promiscuous mode
[ 1273.512824][T24583] tipc: Started in network mode
[ 1273.514917][T24583] tipc: Node identity aaaaaaaaaa1a, cluster identity 4711
[ 1273.517318][T24583] tipc: Enabled bearer <eth:team0>, priority 0
[ 1273.587700][T24592] vivid-002: =================  START STATUS  =================
[ 1273.588246][T24594] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4433'.
[ 1273.590627][T24592] vivid-002: ==================  END STATUS  ==================
[ 1273.594302][T24594] openvswitch: netlink: push_nsh: missing base or metadata attributes
[ 1273.601204][T24594] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1273.665591][T24598] FAULT_INJECTION: forcing a failure.
[ 1273.665591][T24598] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1273.669892][T24598] CPU: 3 UID: 0 PID: 24598 Comm: syz.3.4435 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) 
[ 1273.669916][T24598] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 1273.669928][T24598] Call Trace:
[ 1273.669936][T24598]  <TASK>
[ 1273.669943][T24598]  dump_stack_lvl+0x16c/0x1f0
[ 1273.669973][T24598]  should_fail_ex+0x512/0x640
[ 1273.670001][T24598]  _copy_from_user+0x2e/0xd0
[ 1273.670029][T24598]  get_compat_msghdr+0xa7/0x170
[ 1273.670057][T24598]  ? __pfx_get_compat_msghdr+0x10/0x10
[ 1273.670101][T24598]  ___sys_sendmsg+0x1ae/0x1d0
[ 1273.670131][T24598]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1273.670173][T24598]  ? find_held_lock+0x2b/0x80
[ 1273.670212][T24598]  __sys_sendmsg+0x16d/0x220
[ 1273.670240][T24598]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1273.670276][T24598]  ? rcu_is_watching+0x12/0xc0
[ 1273.670298][T24598]  __do_fast_syscall_32+0x7c/0x3a0
[ 1273.670325][T24598]  do_fast_syscall_32+0x32/0x80
[ 1273.670350][T24598]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1273.670372][T24598] RIP: 0023:0xf70be579
[ 1273.670386][T24598] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[ 1273.670401][T24598] RSP: 002b:00000000f50ae55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[ 1273.670419][T24598] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000480
[ 1273.670429][T24598] RDX: 00000000200000c0 RSI: 0000000000000000 RDI: 0000000000000000
[ 1273.670438][T24598] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1273.670447][T24598] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[ 1273.670454][T24598] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1273.670468][T24598]  </TASK>
[ 1274.066262][T24607] validate_nla: 1 callbacks suppressed
[ 1274.066274][T24607] netlink: 'syz.0.4437': attribute type 2 has an invalid length.
[ 1274.070378][T24607] netlink: 'syz.0.4437': attribute type 1 has an invalid length.
[ 1274.072802][T24607] netlink: 'syz.0.4437': attribute type 1 has an invalid length.
[ 1274.078901][T24607] sch_tbf: burst 19872 is lower than device lo mtu (11337746) !
[ 1274.360823][T24614] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4440'.
[ 1274.378263][T24614] bond8: entered promiscuous mode
[ 1274.380082][T24614] bond8: entered allmulticast mode
[ 1274.393591][T24614] geneve2: entered promiscuous mode
[ 1274.396041][T24614] geneve2: entered allmulticast mode
[ 1274.397974][T24614] bond8: (slave geneve2): Enslaving as an active interface with an up link
[ 1274.404857][T24614] bond8 (unregistering): (slave geneve2): Releasing backup interface
[ 1274.408570][T24614] geneve2: left promiscuous mode
[ 1274.410482][T24614] geneve2: left allmulticast mode
[ 1274.413220][T24614] bond8 (unregistering): Released all slaves
[ 1274.644965][T11279] tipc: Node number set to 11578026
[ 1275.190102][T24640] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4449'.
[ 1275.563384][T24651] netlink: 'syz.2.4452': attribute type 2 has an invalid length.
[ 1275.566035][T24651] netlink: 'syz.2.4452': attribute type 1 has an invalid length.
[ 1275.568588][T24651] netlink: 'syz.2.4452': attribute type 1 has an invalid length.
[ 1275.573371][T24651] sch_tbf: burst 19872 is lower than device lo mtu (11337746) !
[ 1275.895463][   T40] audit: type=1326 audit(1751440335.902:4695): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24652 comm="syz.0.4453" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708e579 code=0x7fc00000
[ 1275.904812][   T40] audit: type=1326 audit(1751440335.902:4696): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24652 comm="syz.0.4453" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708e579 code=0x7fc00000
[ 1276.469755][T24661] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(7)
[ 1276.471920][T24661] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[ 1276.474721][T24661] vhci_hcd vhci_hcd.0: Device attached
[ 1276.501683][T24671] fuse: Bad value for 'fd'
[ 1276.594663][   T40] audit: type=1326 audit(1751440336.592:4697): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24652 comm="syz.0.4453" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf708e598 code=0x7fc00000
[ 1276.614696][   T40] audit: type=1326 audit(1751440336.592:4698): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24652 comm="syz.0.4453" exe="/syz-executor" sig=0 arch=40000003 syscall=173 compat=1 ip=0xf708e5a7 code=0x7fc00000
[ 1276.626769][   T40] audit: type=1326 audit(1751440336.592:4699): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24652 comm="syz.0.4453" exe="/syz-executor" sig=0 arch=40000003 syscall=252 compat=1 ip=0xf708e579 code=0x7fc00000
[ 1276.724745][ T6275] usb 47-1: new high-speed USB device number 2 using vhci_hcd
[ 1276.793811][T24683] overlayfs: failed to resolve './file0': -2
[ 1277.082363][T24667] vhci_hcd: connection reset by peer
[ 1277.085030][T24055] vhci_hcd: stop threads
[ 1277.086710][T24055] vhci_hcd: release socket
[ 1277.088212][T24055] vhci_hcd: disconnect device
[ 1277.840497][T24700] sch_tbf: burst 19872 is lower than device lo mtu (11337746) !
[ 1278.621958][T24710] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4470'.
[ 1278.784664][T24715] netlink: 'syz.5.4471': attribute type 2 has an invalid length.
[ 1278.787233][T24715] netlink: 244 bytes leftover after parsing attributes in process `syz.5.4471'.
[ 1279.712586][T24734] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4477'.
[ 1279.716932][T24734] netlink: 24 bytes leftover after parsing attributes in process `syz.3.4477'.
[ 1279.857459][T24738] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[ 1280.143089][T24743] xt_CT: You must specify a L4 protocol and not use inversions on it
[ 1280.203678][T24744] netlink: 'syz.3.4477': attribute type 4 has an invalid length.
[ 1280.287852][T24743] netlink: 'syz.3.4477': attribute type 4 has an invalid length.
[ 1280.302220][ T7768] lo speed is unknown, defaulting to 1000
[ 1280.306844][ T7768] lo speed is unknown, defaulting to 1000
[ 1280.770707][T24763] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4482'.
[ 1281.834547][ T6275] vhci_hcd: vhci_device speed not set
[ 1282.446332][T24797] netlink: 'syz.2.4491': attribute type 2 has an invalid length.
[ 1282.448759][T24797] netlink: 'syz.2.4491': attribute type 1 has an invalid length.
[ 1282.451183][T24797] netlink: 'syz.2.4491': attribute type 1 has an invalid length.
[ 1282.456074][T24797] sch_tbf: burst 19872 is lower than device lo mtu (11337746) !
[ 1282.459861][T24798] sch_tbf: burst 19872 is lower than device lo mtu (11337746) !
[ 1283.400053][   T40] audit: type=1326 audit(1751440343.402:4700): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24811 comm="syz.2.4497" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702e579 code=0x7ffc0000
[ 1283.412649][   T40] audit: type=1326 audit(1751440343.402:4701): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24811 comm="syz.2.4497" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702e579 code=0x7ffc0000
[ 1283.421236][   T40] audit: type=1326 audit(1751440343.402:4702): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24811 comm="syz.2.4497" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf702e579 code=0x7ffc0000
[ 1283.430147][   T40] audit: type=1326 audit(1751440343.402:4703): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24811 comm="syz.2.4497" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702e579 code=0x7ffc0000
[ 1283.439938][   T40] audit: type=1326 audit(1751440343.402:4704): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24811 comm="syz.2.4497" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702e579 code=0x7ffc0000
[ 1283.449517][   T40] audit: type=1326 audit(1751440343.402:4705): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24811 comm="syz.2.4497" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf702e579 code=0x7ffc0000
[ 1283.457053][   T40] audit: type=1326 audit(1751440343.402:4706): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24811 comm="syz.2.4497" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702e579 code=0x7ffc0000
[ 1283.463777][   T40] audit: type=1326 audit(1751440343.402:4707): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24811 comm="syz.2.4497" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702e579 code=0x7ffc0000
[ 1283.472604][   T40] audit: type=1326 audit(1751440343.402:4708): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24811 comm="syz.2.4497" exe="/syz-executor" sig=0 arch=40000003 syscall=361 compat=1 ip=0xf702e579 code=0x7ffc0000
[ 1283.481035][   T40] audit: type=1326 audit(1751440343.402:4709): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24811 comm="syz.2.4497" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702e579 code=0x7ffc0000
[ 1284.569973][T24827] smc: ib device syz2 ibport 1 applied user defined pnetid SYZ2
[ 1284.847754][T24839] netlink: 'syz.3.4504': attribute type 10 has an invalid length.
[ 1284.850409][T24839] openvswitch: netlink: Flow actions attr not present in new flow.
[ 1284.993682][T24844] netlink: 'syz.0.4503': attribute type 2 has an invalid length.
[ 1284.997329][T24844] netlink: 'syz.0.4503': attribute type 1 has an invalid length.
[ 1285.014872][T24844] netlink: 'syz.0.4503': attribute type 1 has an invalid length.
[ 1285.027092][T24844] sch_tbf: burst 19872 is lower than device lo mtu (11337746) !
[ 1288.932228][T24915] sch_tbf: burst 19872 is lower than device lo mtu (11337746) !
[ 1290.655121][T24959] sch_tbf: burst 19872 is lower than device lo mtu (11337746) !
[ 1293.490225][T24987] ip6t_srh: unknown srh invflags 6BE9
[ 1293.916519][T24993] sch_tbf: burst 19872 is lower than device lo mtu (11337746) !
[ 1294.972938][T25014] sch_tbf: burst 19872 is lower than device lo mtu (11337746) !
[ 1295.821483][   T40] kauditd_printk_skb: 37 callbacks suppressed
[ 1295.821965][   T40] audit: type=1326 audit(1751440355.822:4747): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25024 comm="syz.0.4556" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708e579 code=0x7ffc0000
[ 1295.860555][   T40] audit: type=1326 audit(1751440355.842:4748): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25024 comm="syz.0.4556" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf708e579 code=0x7ffc0000
[ 1295.895279][   T40] audit: type=1326 audit(1751440355.842:4749): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25024 comm="syz.0.4556" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708e579 code=0x7ffc0000
[ 1295.927335][   T40] audit: type=1326 audit(1751440355.842:4750): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25024 comm="syz.0.4556" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708e579 code=0x7ffc0000
[ 1295.944254][   T40] audit: type=1326 audit(1751440355.852:4751): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25024 comm="syz.0.4556" exe="/syz-executor" sig=0 arch=40000003 syscall=361 compat=1 ip=0xf708e579 code=0x7ffc0000
[ 1295.953201][   T40] audit: type=1326 audit(1751440355.852:4752): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25024 comm="syz.0.4556" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708e579 code=0x7ffc0000
[ 1295.961216][   T40] audit: type=1326 audit(1751440355.852:4753): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25024 comm="syz.0.4556" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708e579 code=0x7ffc0000
[ 1295.969746][   T40] audit: type=1326 audit(1751440355.852:4754): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25024 comm="syz.0.4556" exe="/syz-executor" sig=0 arch=40000003 syscall=337 compat=1 ip=0xf708e579 code=0x7ffc0000
[ 1295.986135][   T40] audit: type=1326 audit(1751440355.852:4755): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25024 comm="syz.0.4556" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708e579 code=0x7ffc0000
[ 1296.001757][   T40] audit: type=1326 audit(1751440355.852:4756): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25024 comm="syz.0.4556" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708e579 code=0x7ffc0000
[ 1296.422382][T25015] block nbd5: shutting down sockets
[ 1296.605038][T25033] netlink: 3 bytes leftover after parsing attributes in process `syz.2.4557'.
[ 1296.697878][T25033] batadv1: entered allmulticast mode
[ 1297.007703][T25044] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4557'.
[ 1297.557354][T25033] netlink: 132 bytes leftover after parsing attributes in process `syz.2.4557'.
[ 1299.148881][T25081] netlink: 'syz.3.4569': attribute type 2 has an invalid length.
[ 1299.151436][T25081] netlink: 'syz.3.4569': attribute type 1 has an invalid length.
[ 1299.154004][T25081] netlink: 'syz.3.4569': attribute type 1 has an invalid length.
[ 1299.160016][T25081] sch_tbf: burst 19872 is lower than device lo mtu (11337746) !
[ 1299.616451][ T1419] ieee802154 phy0 wpan0: encryption failed: -22
[ 1299.618600][ T1419] ieee802154 phy1 wpan1: encryption failed: -22
[ 1300.306690][T25095] netlink: 3 bytes leftover after parsing attributes in process `syz.3.4573'.
[ 1300.346480][T25095] batadv1: entered allmulticast mode
[ 1300.357214][T11928] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 1300.363366][T11928] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 1300.367145][T11928] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 1300.384676][T11928] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 1300.392519][T25098] input: syz1 as /devices/virtual/input/input54
[ 1300.394882][T11928] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 1300.624775][T25094] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4573'.
[ 1300.641925][T25096] lo speed is unknown, defaulting to 1000
[ 1300.690831][T25098] netlink: 132 bytes leftover after parsing attributes in process `syz.3.4573'.
[ 1300.720747][T25096] lo speed is unknown, defaulting to 1000
[ 1300.808191][T25096] chnl_net:caif_netlink_parms(): no params data found
[ 1300.886815][T25096] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1300.889145][T25096] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1300.891429][T25096] bridge_slave_0: entered allmulticast mode
[ 1300.894133][T25096] bridge_slave_0: entered promiscuous mode
[ 1300.897694][T25096] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1300.899973][T25096] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1300.902232][T25096] bridge_slave_1: entered allmulticast mode
[ 1300.907173][T25096] bridge_slave_1: entered promiscuous mode
[ 1300.946963][T25096] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1300.955976][T25096] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1301.038279][T25096] team0: Port device team_slave_0 added
[ 1301.051750][T25096] team0: Port device team_slave_1 added
[ 1301.101119][T25096] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1301.103407][T25096] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1301.116645][T25096] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1301.121053][T25096] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1301.123384][T25096] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1301.133016][T25096] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1301.185979][T25113] siw: device registration error -23
[ 1301.199795][T25096] hsr_slave_0: entered promiscuous mode
[ 1301.202054][T25096] hsr_slave_1: entered promiscuous mode
[ 1301.204321][T25096] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1301.207015][T25096] Cannot create hsr debugfs directory
[ 1301.541402][T25096] netdevsim netdevsim2 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1301.544964][T25096] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1301.610927][T25096] netdevsim netdevsim2 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1301.614322][T25096] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1301.669224][T25096] netdevsim netdevsim2 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1301.672778][T25096] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1301.753877][T25096] netdevsim netdevsim2 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1301.756927][T25096] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1301.909199][T25096] netdevsim netdevsim2 netdevsim0: renamed from eth0
[ 1301.915410][T25096] netdevsim netdevsim2 netdevsim1: renamed from eth1
[ 1301.920698][T25096] netdevsim netdevsim2 netdevsim2: renamed from eth2
[ 1301.926104][T25096] netdevsim netdevsim2 netdevsim3: renamed from eth3
[ 1302.008148][T25096] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1302.024300][T25096] 8021q: adding VLAN 0 to HW filter on device team0
[ 1302.027849][T25127] @: renamed from vlan0
[ 1302.032363][T24058] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1302.035301][T24058] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1302.046853][T24058] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1302.049186][T24058] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1302.141093][T25136] netlink: 'syz.5.4580': attribute type 2 has an invalid length.
[ 1302.143941][T25136] netlink: 'syz.5.4580': attribute type 1 has an invalid length.
[ 1302.150601][T25136] netlink: 'syz.5.4580': attribute type 1 has an invalid length.
[ 1302.161320][T25136] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[ 1302.220551][T25096] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1302.272481][T25096] veth0_vlan: entered promiscuous mode
[ 1302.278621][T25096] veth1_vlan: entered promiscuous mode
[ 1302.315868][T25096] veth0_macvtap: entered promiscuous mode
[ 1302.319846][T25096] veth1_macvtap: entered promiscuous mode
[ 1302.329860][T25096] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1302.337269][T25096] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1302.342045][T25096] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1302.345422][T25096] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1302.348067][T25096] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1302.350842][T25096] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1302.397293][ T6336] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1302.402209][ T6336] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1302.420891][T17090] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1302.424524][T17090] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1302.484545][T15863] Bluetooth: hci4: command tx timeout
[ 1302.653673][T25143] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4583'.
[ 1302.656767][T25143] netlink: 'syz.3.4583': attribute type 5 has an invalid length.
[ 1302.659235][T25143] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4583'.
[ 1302.666632][T25143] netdevsim netdevsim3 eth0: set [1, 1] type 2 family 0 port 256 - 0
[ 1302.669229][T25143] netdevsim netdevsim3 eth1: set [1, 1] type 2 family 0 port 256 - 0
[ 1302.671703][T25143] netdevsim netdevsim3 eth2: set [1, 1] type 2 family 0 port 256 - 0
[ 1302.674816][T25143] netdevsim netdevsim3 eth3: set [1, 1] type 2 family 0 port 256 - 0
[ 1302.677389][T25143] geneve3: entered promiscuous mode
[ 1302.679064][T25143] geneve3: entered allmulticast mode
[ 1303.117901][T25147] usbtmc 5-1:16.0: send_request_dev_dep_msg_in returned -71
[ 1303.344579][T16994] usb 10-1: new high-speed USB device number 10 using dummy_hcd
[ 1303.359271][T25147] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1303.363215][T25147] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1303.441548][T25153] netlink: 24 bytes leftover after parsing attributes in process `syz.3.4585'.
[ 1304.564549][T15863] Bluetooth: hci4: command tx timeout
[ 1305.079194][   T40] kauditd_printk_skb: 265 callbacks suppressed
[ 1305.079206][   T40] audit: type=1326 audit(1751440365.082:5022): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25177 comm="syz.0.4592" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708e579 code=0x7ffc0000
[ 1305.088963][   T40] audit: type=1326 audit(1751440365.092:5023): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25177 comm="syz.0.4592" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708e579 code=0x7ffc0000
[ 1305.097848][   T40] audit: type=1326 audit(1751440365.102:5024): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25177 comm="syz.0.4592" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf708e579 code=0x7ffc0000
[ 1305.106360][   T40] audit: type=1326 audit(1751440365.112:5025): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25177 comm="syz.0.4592" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708e579 code=0x7ffc0000
[ 1305.118520][   T40] audit: type=1326 audit(1751440365.112:5026): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25177 comm="syz.0.4592" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708e579 code=0x7ffc0000
[ 1305.125653][   T40] audit: type=1326 audit(1751440365.112:5027): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25177 comm="syz.0.4592" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf708e579 code=0x7ffc0000
[ 1305.131830][   T40] audit: type=1326 audit(1751440365.112:5028): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25177 comm="syz.0.4592" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708e579 code=0x7ffc0000
[ 1305.138188][   T40] audit: type=1326 audit(1751440365.112:5029): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25177 comm="syz.0.4592" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708e579 code=0x7ffc0000
[ 1305.178451][   T40] audit: type=1326 audit(1751440365.182:5030): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25177 comm="syz.0.4592" exe="/syz-executor" sig=0 arch=40000003 syscall=361 compat=1 ip=0xf708e579 code=0x7ffc0000
[ 1305.184671][   T40] audit: type=1326 audit(1751440365.182:5031): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25177 comm="syz.0.4592" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708e579 code=0x7ffc0000
[ 1306.314530][   T29] usb 7-1: new high-speed USB device number 39 using dummy_hcd
[ 1306.466279][   T29] usb 7-1: Using ep0 maxpacket: 32
[ 1306.469586][   T29] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[ 1306.480907][   T29] usb 7-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[ 1306.483938][   T29] usb 7-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[ 1306.486815][   T29] usb 7-1: Product: syz
[ 1306.488302][   T29] usb 7-1: Manufacturer: syz
[ 1306.489847][   T29] usb 7-1: SerialNumber: syz
[ 1306.497104][   T29] usb 7-1: config 0 descriptor??
[ 1306.499310][T25186] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[ 1306.504174][   T29] hub 7-1:0.0: bad descriptor, ignoring hub
[ 1306.508773][   T29] hub 7-1:0.0: probe with driver hub failed with error -5
[ 1306.644655][T15863] Bluetooth: hci4: command tx timeout
[ 1306.716120][T25186] usbtmc 5-1:16.0: send_request_dev_dep_msg_in returned -71
[ 1306.856253][T25186] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1306.861198][T25186] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1308.735142][T15863] Bluetooth: hci4: command tx timeout
[ 1309.094661][  T839] usb 7-1: USB disconnect, device number 39
[ 1310.134242][T25252] syz.2.4612: attempt to access beyond end of device
[ 1310.134242][T25252] nbd2: rw=0, sector=64, nr_sectors = 1 limit=0
[ 1310.140010][T25252] syz.2.4612: attempt to access beyond end of device
[ 1310.140010][T25252] nbd2: rw=0, sector=256, nr_sectors = 1 limit=0
[ 1310.145756][T25252] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=256, location=256
[ 1310.150184][T25252] syz.2.4612: attempt to access beyond end of device
[ 1310.150184][T25252] nbd2: rw=0, sector=512, nr_sectors = 1 limit=0
[ 1310.155986][T25252] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=512, location=512
[ 1310.159873][T25252] syz.2.4612: attempt to access beyond end of device
[ 1310.159873][T25252] nbd2: rw=0, sector=64, nr_sectors = 2 limit=0
[ 1310.164670][T25252] syz.2.4612: attempt to access beyond end of device
[ 1310.164670][T25252] nbd2: rw=0, sector=512, nr_sectors = 2 limit=0
[ 1310.170201][T25252] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=256, location=256
[ 1310.174304][T25252] syz.2.4612: attempt to access beyond end of device
[ 1310.174304][T25252] nbd2: rw=0, sector=1024, nr_sectors = 2 limit=0
[ 1310.182051][T25252] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=512, location=512
[ 1310.185926][T25252] syz.2.4612: attempt to access beyond end of device
[ 1310.185926][T25252] nbd2: rw=0, sector=64, nr_sectors = 4 limit=0
[ 1310.190385][T25252] syz.2.4612: attempt to access beyond end of device
[ 1310.190385][T25252] nbd2: rw=0, sector=1024, nr_sectors = 4 limit=0
[ 1310.195631][T25252] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=256, location=256
[ 1310.199002][T25252] syz.2.4612: attempt to access beyond end of device
[ 1310.199002][T25252] nbd2: rw=0, sector=2048, nr_sectors = 4 limit=0
[ 1310.203002][T25252] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=512, location=512
[ 1310.206939][T25252] syz.2.4612: attempt to access beyond end of device
[ 1310.206939][T25252] nbd2: rw=0, sector=64, nr_sectors = 8 limit=0
[ 1310.212948][T25252] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=256, location=256
[ 1310.216952][T25252] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=512, location=512
[ 1310.219911][T25252] UDF-fs: warning (device nbd2): udf_fill_super: No partition found (1)
[ 1310.338374][T24055] bond0 (unregistering): Released all slaves
[ 1310.345490][T24055] bond1 (unregistering): Released all slaves
[ 1310.351746][T24055] bond2 (unregistering): Released all slaves
[ 1310.469316][T24055] bond3 (unregistering): Released all slaves
[ 1310.476418][T24055] bond4 (unregistering): Released all slaves
[ 1310.594817][T24055] bond5 (unregistering): Released all slaves
[ 1310.601432][T24055] bond6 (unregistering): Released all slaves
[ 1310.700782][T24055] bond7 (unregistering): Released all slaves
[ 1310.709634][T24055] bond8 (unregistering): Released all slaves
[ 1310.717607][T25251] netdevsim netdevsim2: Direct firmware load for ��0���Pq���D"�2�N�ktT�Wj��%�N�� failed with error -2
[ 1310.721356][T25251] netdevsim netdevsim2: Falling back to sysfs fallback for: ��0���Pq���D"�2�N�ktT�Wj��%�N��
[ 1310.827360][T25250] lo speed is unknown, defaulting to 1000
[ 1310.858326][T24055] tipc: Left network mode
[ 1310.930886][T25250] lo speed is unknown, defaulting to 1000
[ 1311.288553][T25259] hub 6-0:1.0: USB hub found
[ 1311.298144][T25259] hub 6-0:1.0: 1 port detected
[ 1311.366619][T24055] hsr_slave_0: left promiscuous mode
[ 1311.388952][T24055] veth1_macvtap: left promiscuous mode
[ 1311.391007][T24055] veth0_macvtap: left promiscuous mode
[ 1311.394172][T24055] veth1_vlan: left promiscuous mode
[ 1312.004596][T25273] proc: Unknown parameter 'fd'
[ 1313.873883][T24055] IPVS: stop unused estimator thread 0...
[ 1315.349622][T25338] FAULT_INJECTION: forcing a failure.
[ 1315.349622][T25338] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1315.363560][T25338] CPU: 3 UID: 0 PID: 25338 Comm: syz.3.4637 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) 
[ 1315.363596][T25338] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 1315.363606][T25338] Call Trace:
[ 1315.363613][T25338]  <TASK>
[ 1315.363620][T25338]  dump_stack_lvl+0x16c/0x1f0
[ 1315.363648][T25338]  should_fail_ex+0x512/0x640
[ 1315.363672][T25338]  _copy_to_user+0x32/0xd0
[ 1315.363697][T25338]  __ia32_sys_cachestat+0x301/0x5f0
[ 1315.363717][T25338]  ? __pfx___ia32_sys_cachestat+0x10/0x10
[ 1315.363741][T25338]  ? rcu_is_watching+0x12/0xc0
[ 1315.363760][T25338]  __do_fast_syscall_32+0x7c/0x3a0
[ 1315.363789][T25338]  do_fast_syscall_32+0x32/0x80
[ 1315.363811][T25338]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1315.363829][T25338] RIP: 0023:0xf70be579
[ 1315.363840][T25338] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[ 1315.363854][T25338] RSP: 002b:00000000f50ae55c EFLAGS: 00000296 ORIG_RAX: 00000000000001c3
[ 1315.363869][T25338] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000040
[ 1315.363878][T25338] RDX: 0000000080000080 RSI: 0000000000000000 RDI: 0000000000000000
[ 1315.363887][T25338] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1315.363895][T25338] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[ 1315.363904][T25338] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1315.363924][T25338]  </TASK>
[ 1315.513807][   T40] kauditd_printk_skb: 36 callbacks suppressed
[ 1315.513819][   T40] audit: type=1326 audit(1751440375.512:5068): auid=4294967295 uid=60929 gid=0 ses=4294967295 subj=unconfined pid=25344 comm="syz.3.4640" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf70be579 code=0x0
[ 1316.740902][T25361] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[ 1316.743704][T25361] overlayfs: option "index=on" is useless in a non-upper mount, ignore
[ 1316.747126][T25361] overlayfs: option "volatile" is meaningless in a non-upper mount, ignoring it.
[ 1316.750520][T25361] overlayfs: missing 'lowerdir'
[ 1317.435089][T25387] netlink: 596 bytes leftover after parsing attributes in process `syz.0.4651'.
[ 1317.490572][T25390] netlink: 'syz.0.4652': attribute type 13 has an invalid length.
[ 1318.537985][T25403] lo speed is unknown, defaulting to 1000
[ 1318.615910][T25403] lo speed is unknown, defaulting to 1000
[ 1318.699858][  T839] usb 10-1: new high-speed USB device number 11 using dummy_hcd
[ 1318.877585][  T839] usb 10-1: config 0 has no interfaces?
[ 1318.881755][  T839] usb 10-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[ 1318.884797][  T839] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1318.887365][  T839] usb 10-1: Product: syz
[ 1318.890822][  T839] usb 10-1: Manufacturer: syz
[ 1318.892496][  T839] usb 10-1: SerialNumber: syz
[ 1318.917284][  T839] usb 10-1: config 0 descriptor??
[ 1319.283683][   T40] audit: type=1800 audit(1751440379.282:5069): pid=25403 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.4655" name="/" dev="fuse" ino=1 res=0 errno=0
[ 1319.294843][   T40] audit: type=1800 audit(1751440379.282:5070): pid=25403 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.4655" name="/" dev="fuse" ino=1 res=0 errno=0
[ 1319.327820][  T838] usb 10-1: USB disconnect, device number 11
[ 1319.999213][T25442] @: renamed from vlan0 (while UP)
[ 1321.427291][T25481] netlink: 'syz.0.4676': attribute type 2 has an invalid length.
[ 1321.429864][T25481] netlink: 'syz.0.4676': attribute type 1 has an invalid length.
[ 1321.434106][T25481] sch_tbf: burst 19872 is lower than device lo mtu (11337746) !
[ 1322.587682][   T40] audit: type=1326 audit(1751440382.592:5071): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25498 comm="syz.3.4683" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf70be579 code=0x0
[ 1324.784058][T25543] loop6: detected capacity change from 0 to 524287999
[ 1326.928362][T25561] input: syz1 as /devices/virtual/input/input55
[ 1326.946384][T25563] sch_tbf: burst 19872 is lower than device lo mtu (11337746) !
[ 1327.166748][T25566] netlink: 'syz.2.4698': attribute type 10 has an invalid length.
[ 1327.175088][T25566] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1327.181545][T25566] bond0: (slave batadv0): Enslaving as an active interface with an up link
[ 1327.202504][T25566] netlink: 36 bytes leftover after parsing attributes in process `syz.2.4698'.
[ 1327.206849][T25566] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4698'.
[ 1327.788648][   T40] audit: type=1326 audit(1751440387.792:5072): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25571 comm="syz.2.4702" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf711e579 code=0x0
[ 1328.553019][T25593] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(8)
[ 1328.555154][T25593] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[ 1328.559849][T25593] vhci_hcd vhci_hcd.0: Device attached
[ 1328.834587][ T7768] usb 43-1: new high-speed USB device number 3 using vhci_hcd
[ 1329.103138][T25596] vhci_hcd: connection reset by peer
[ 1329.107151][ T6336] vhci_hcd: stop threads
[ 1329.109151][ T6336] vhci_hcd: release socket
[ 1329.111266][ T6336] vhci_hcd: disconnect device
[ 1329.442367][T25612] netlink: set zone limit has 4 unknown bytes
[ 1329.668836][T25622] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[ 1331.129174][T25633] netlink: 156 bytes leftover after parsing attributes in process `syz.3.4716'.
[ 1331.764889][T25651] @: renamed from vlan0 (while UP)
[ 1332.204688][T25668] overlayfs: missing 'lowerdir'
[ 1332.246873][T25669] FAULT_INJECTION: forcing a failure.
[ 1332.246873][T25669] name failslab, interval 1, probability 0, space 0, times 0
[ 1332.250716][T25669] CPU: 3 UID: 60928 PID: 25669 Comm: syz.0.4726 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) 
[ 1332.250733][T25669] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 1332.250740][T25669] Call Trace:
[ 1332.250746][T25669]  <TASK>
[ 1332.250750][T25669]  dump_stack_lvl+0x16c/0x1f0
[ 1332.250770][T25669]  should_fail_ex+0x512/0x640
[ 1332.250785][T25669]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[ 1332.250804][T25669]  should_failslab+0xc2/0x120
[ 1332.250814][T25669]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[ 1332.250830][T25669]  ? __alloc_skb+0x2b2/0x380
[ 1332.250847][T25669]  __alloc_skb+0x2b2/0x380
[ 1332.250862][T25669]  ? __pfx___alloc_skb+0x10/0x10
[ 1332.250879][T25669]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[ 1332.250893][T25669]  netlink_alloc_large_skb+0x69/0x130
[ 1332.250905][T25669]  netlink_sendmsg+0x6a1/0xdd0
[ 1332.250919][T25669]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1332.250931][T25669]  ? __import_iovec+0x1dd/0x650
[ 1332.250950][T25669]  ____sys_sendmsg+0xa98/0xc70
[ 1332.250964][T25669]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1332.250975][T25669]  ? get_compat_msghdr+0x11a/0x170
[ 1332.250999][T25669]  ___sys_sendmsg+0x134/0x1d0
[ 1332.251016][T25669]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1332.251038][T25669]  ? find_held_lock+0x2b/0x80
[ 1332.251058][T25669]  __sys_sendmsg+0x16d/0x220
[ 1332.251074][T25669]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1332.251096][T25669]  ? rcu_is_watching+0x12/0xc0
[ 1332.251109][T25669]  __do_fast_syscall_32+0x7c/0x3a0
[ 1332.251126][T25669]  do_fast_syscall_32+0x32/0x80
[ 1332.251143][T25669]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1332.251156][T25669] RIP: 0023:0xf708e579
[ 1332.251165][T25669] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[ 1332.251175][T25669] RSP: 002b:00000000f505d55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[ 1332.251185][T25669] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000080000000
[ 1332.251192][T25669] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1332.251198][T25669] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1332.251204][T25669] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[ 1332.251209][T25669] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1332.251222][T25669]  </TASK>
[ 1332.898378][T25676] 9p: Unknown Cache mode or invalid value �eada�ad
[ 1333.323796][T25682] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4730'.
[ 1333.327207][T25682] bridge_slave_1: left allmulticast mode
[ 1333.329650][T25682] bridge_slave_1: left promiscuous mode
[ 1333.332272][T25682] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1333.341230][T25682] bridge_slave_0: left allmulticast mode
[ 1333.343640][T25682] bridge_slave_0: left promiscuous mode
[ 1333.346612][T25682] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1333.914546][ T7768] vhci_hcd: vhci_device speed not set
[ 1334.031964][T25701] input: syz1 as /devices/virtual/input/input56
[ 1335.012710][T25717] netlink: 'syz.3.4740': attribute type 1 has an invalid length.
[ 1335.025829][T25717] bond12: entered promiscuous mode
[ 1335.027676][T25717] 8021q: adding VLAN 0 to HW filter on device bond12
[ 1335.037586][T25717] 8021q: adding VLAN 0 to HW filter on device bond12
[ 1335.040088][T25717] bond12: (slave ip6gre1): The slave device specified does not support setting the MAC address
[ 1335.043505][T25717] bond12: (slave ip6gre1): Setting fail_over_mac to active for active-backup mode
[ 1335.048712][T25717] bond12: (slave ip6gre1): making interface the new active one
[ 1335.051225][T25717] ip6gre1: entered promiscuous mode
[ 1335.053814][T25717] bond12: (slave ip6gre1): Enslaving as an active interface with an up link
[ 1335.490477][T15863] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci4/hci4:201'
[ 1335.495814][T15863] CPU: 2 UID: 0 PID: 15863 Comm: kworker/u33:0 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) 
[ 1335.495843][T15863] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 1335.495858][T15863] Workqueue: hci4 hci_rx_work
[ 1335.495880][T15863] Call Trace:
[ 1335.495887][T15863]  <TASK>
[ 1335.495896][T15863]  dump_stack_lvl+0x16c/0x1f0
[ 1335.495929][T15863]  sysfs_warn_dup+0x7f/0xa0
[ 1335.495955][T15863]  sysfs_create_dir_ns+0x24b/0x2b0
[ 1335.495979][T15863]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[ 1335.496002][T15863]  ? find_held_lock+0x2b/0x80
[ 1335.496025][T15863]  ? do_raw_spin_unlock+0x172/0x230
[ 1335.496057][T15863]  kobject_add_internal+0x2c4/0x9b0
[ 1335.496082][T15863]  kobject_add+0x16e/0x240
[ 1335.496099][T15863]  ? __pfx_kobject_add+0x10/0x10
[ 1335.496119][T15863]  ? do_raw_spin_unlock+0x172/0x230
[ 1335.496147][T15863]  ? kobject_put+0xab/0x5a0
[ 1335.496173][T15863]  device_add+0x288/0x1a70
[ 1335.496194][T15863]  ? __pfx_dev_set_name+0x10/0x10
[ 1335.496216][T15863]  ? __pfx_device_add+0x10/0x10
[ 1335.496234][T15863]  ? mgmt_send_event_skb+0x2fb/0x460
[ 1335.496271][T15863]  hci_conn_add_sysfs+0x17e/0x230
[ 1335.496290][T15863]  le_conn_complete_evt+0x1075/0x1d70
[ 1335.496327][T15863]  ? __pfx_le_conn_complete_evt+0x10/0x10
[ 1335.496351][T15863]  ? hci_event_packet+0x459/0x11c0
[ 1335.496388][T15863]  hci_le_conn_complete_evt+0x23c/0x370
[ 1335.496421][T15863]  hci_le_meta_evt+0x357/0x5e0
[ 1335.496438][T15863]  ? __pfx_hci_le_conn_complete_evt+0x10/0x10
[ 1335.496470][T15863]  hci_event_packet+0x682/0x11c0
[ 1335.496498][T15863]  ? __pfx_hci_le_meta_evt+0x10/0x10
[ 1335.496516][T15863]  ? __pfx_hci_event_packet+0x10/0x10
[ 1335.496547][T15863]  ? kcov_remote_start+0x3c9/0x6d0
[ 1335.496584][T15863]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1335.496619][T15863]  hci_rx_work+0x2c5/0x16b0
[ 1335.496638][T15863]  ? rcu_is_watching+0x12/0xc0
[ 1335.496662][T15863]  process_one_work+0x9cf/0x1b70
[ 1335.496700][T15863]  ? __pfx_process_one_work+0x10/0x10
[ 1335.496734][T15863]  ? assign_work+0x1a0/0x250
[ 1335.496761][T15863]  worker_thread+0x6c8/0xf10
[ 1335.496796][T15863]  ? __kthread_parkme+0x19e/0x250
[ 1335.496841][T15863]  ? __pfx_worker_thread+0x10/0x10
[ 1335.496869][T15863]  kthread+0x3c5/0x780
[ 1335.496896][T15863]  ? __pfx_kthread+0x10/0x10
[ 1335.496924][T15863]  ? rcu_is_watching+0x12/0xc0
[ 1335.496939][T15863]  ? __pfx_kthread+0x10/0x10
[ 1335.496965][T15863]  ret_from_fork+0x5d4/0x6f0
[ 1335.496987][T15863]  ? __pfx_kthread+0x10/0x10
[ 1335.497011][T15863]  ret_from_fork_asm+0x1a/0x30
[ 1335.497045][T15863]  </TASK>
[ 1335.497107][T15863] kobject: kobject_add_internal failed for hci4:201 with -EEXIST, don't try to register things with the same name in the same directory.
[ 1335.593816][T15863] Bluetooth: hci4: failed to register connection device
[ 1335.758817][T25732] 9pnet_virtio: no channels available for device syz
[ 1336.790306][T25748] netlink: 'syz.2.4748': attribute type 2 has an invalid length.
[ 1336.794388][T25748] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[ 1337.525742][T25756] lo speed is unknown, defaulting to 1000
[ 1337.601172][T15863] Bluetooth: hci4: Malformed LE Event: 0x0b
[ 1337.657103][T25756] lo speed is unknown, defaulting to 1000
[ 1337.679671][T25762] lo speed is unknown, defaulting to 1000
[ 1337.761191][T25773] PM: Enabling pm_trace changes system date and time during resume.
[ 1337.761191][T25773] PM: Correct system time has to be restored manually after resume.
[ 1337.806973][T25762] lo speed is unknown, defaulting to 1000
[ 1338.659649][T25788] input: syz1 as /devices/virtual/input/input57
[ 1338.678983][T25792] binder: 25791:25792 ioctl c0306201 80000640 returned -22
[ 1339.783884][T25812] bio_check_eod: 2 callbacks suppressed
[ 1339.783896][T25812] syz.5.4766: attempt to access beyond end of device
[ 1339.783896][T25812] loop5: rw=0, sector=2, nr_sectors = 1 limit=0
[ 1339.791834][T25812] hfs: can't find a HFS filesystem on dev loop5
[ 1340.374468][T17123] usb 7-1: new high-speed USB device number 40 using dummy_hcd
[ 1340.554599][T17123] usb 7-1: Using ep0 maxpacket: 32
[ 1340.558656][T17123] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[ 1340.565123][T17123] usb 7-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[ 1340.568638][T17123] usb 7-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[ 1340.572028][T17123] usb 7-1: Product: syz
[ 1340.578807][T17123] usb 7-1: Manufacturer: syz
[ 1340.580851][T17123] usb 7-1: SerialNumber: syz
[ 1340.584785][T17123] usb 7-1: config 0 descriptor??
[ 1340.588328][T25823] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[ 1340.595530][T17123] hub 7-1:0.0: bad descriptor, ignoring hub
[ 1340.598156][T17123] hub 7-1:0.0: probe with driver hub failed with error -5
[ 1340.831567][T25823] usbtmc 5-1:16.0: send_request_dev_dep_msg_in returned -71
[ 1341.482765][T25844] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 1342.226199][T25850] netlink: 216 bytes leftover after parsing attributes in process `syz.5.4777'.
[ 1342.229012][T25850] netlink: 216 bytes leftover after parsing attributes in process `syz.5.4777'.
[ 1342.238231][T11279] hid-generic 0000:7FFFFFFF:0000.0019: unknown main item tag 0x0
[ 1342.241208][T11279] hid-generic 0000:7FFFFFFF:0000.0019: unknown main item tag 0x0
[ 1342.243997][T11279] hid-generic 0000:7FFFFFFF:0000.0019: unknown main item tag 0x0
[ 1342.251348][T11279] hid-generic 0000:7FFFFFFF:0000.0019: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[ 1342.378921][T25852] fido_id[25852]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[ 1342.520560][T25861] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(8)
[ 1342.522673][T25861] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[ 1342.584278][T25864] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4779'.
[ 1342.670087][T25861] vhci_hcd vhci_hcd.0: Device attached
[ 1342.906637][T17123] usb 37-1: new high-speed USB device number 3 using vhci_hcd
[ 1343.326464][T25805] usb 7-1: reset high-speed USB device number 40 using dummy_hcd
[ 1343.413204][T25862] vhci_hcd: connection reset by peer
[ 1343.445479][T24055] vhci_hcd: stop threads
[ 1343.447153][T24055] vhci_hcd: release socket
[ 1343.449096][T24055] vhci_hcd: disconnect device
[ 1343.481976][T25805] usb 7-1: device firmware changed
[ 1343.487572][T25805] usb 7-1: USB disconnect, device number 40
[ 1343.784644][T25805] usb 7-1: new high-speed USB device number 41 using dummy_hcd
[ 1343.935270][T25805] usb 7-1: Using ep0 maxpacket: 32
[ 1344.033950][T25879] netlink: 'syz.5.4785': attribute type 1 has an invalid length.
[ 1344.042679][T25879] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[ 1344.432971][T11928] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 1344.437177][T11928] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 1344.442098][T11928] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 1344.446014][T11928] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 1344.449643][T11928] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 1344.569032][T25884] lo speed is unknown, defaulting to 1000
[ 1344.660704][T25884] lo speed is unknown, defaulting to 1000
[ 1344.753235][T25884] chnl_net:caif_netlink_parms(): no params data found
[ 1346.139364][T25805] usb 7-1: unable to get BOS descriptor or descriptor too short
[ 1346.141684][T25805] usb 7-1: no configurations
[ 1346.143094][T25805] usb 7-1: can't read configurations, error -22
[ 1346.430489][T19645] sr 2:0:0:0: [sr0] CDROM not ready.  Make sure there is a disc in the drive.
[ 1346.484549][T15863] Bluetooth: hci2: command tx timeout
[ 1346.546325][T25884] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1346.548606][T25884] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1346.550845][T25884] bridge_slave_0: entered allmulticast mode
[ 1346.553472][T25884] bridge_slave_0: entered promiscuous mode
[ 1346.566324][T25884] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1346.568751][T25884] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1346.571057][T25884] bridge_slave_1: entered allmulticast mode
[ 1346.573785][T25884] bridge_slave_1: entered promiscuous mode
[ 1346.653960][T25884] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1346.685716][T25884] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1347.292505][T25884] team0: Port device team_slave_0 added
[ 1347.297848][T25884] team0: Port device team_slave_1 added
[ 1347.327887][T25884] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1347.330080][T25884] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1347.340680][T25884] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1347.350962][T25884] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1347.353828][T25884] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1347.414225][T25884] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1347.612301][T25884] hsr_slave_0: entered promiscuous mode
[ 1347.624081][T25884] hsr_slave_1: entered promiscuous mode
[ 1347.630918][T25884] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1347.634034][T25884] Cannot create hsr debugfs directory
[ 1347.817899][T25884] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1347.821382][T25884] netdevsim netdevsim3 eth3 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[ 1347.924215][T25884] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1347.928607][T25884] netdevsim netdevsim3 eth2 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[ 1348.031193][T25884] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1348.043022][T25884] netdevsim netdevsim3 eth1 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[ 1348.105397][T25884] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1348.111613][T25884] netdevsim netdevsim3 eth0 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[ 1348.114607][T17123] vhci_hcd: vhci_device speed not set
[ 1348.225607][T25884] netdevsim netdevsim3 netdevsim0: renamed from eth0
[ 1348.229804][T25884] netdevsim netdevsim3 netdevsim1: renamed from eth1
[ 1348.236238][T25884] netdevsim netdevsim3 netdevsim2: renamed from eth2
[ 1348.240530][T25884] netdevsim netdevsim3 netdevsim3: renamed from eth3
[ 1348.310423][T25884] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1348.328664][T25884] 8021q: adding VLAN 0 to HW filter on device team0
[ 1348.337754][ T6335] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1348.340394][ T6335] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1348.358017][ T6335] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1348.360294][ T6335] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1348.399809][T25884] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 1348.404123][T25884] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1348.512394][T25884] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1348.537535][T25884] veth0_vlan: entered promiscuous mode
[ 1348.542484][T25884] veth1_vlan: entered promiscuous mode
[ 1348.557484][T25884] veth0_macvtap: entered promiscuous mode
[ 1348.563469][T25884] veth1_macvtap: entered promiscuous mode
[ 1348.565611][T15863] Bluetooth: hci2: command tx timeout
[ 1348.575731][T25884] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1348.582894][T25884] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1348.589733][T25884] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1348.592784][T25884] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1348.595776][T25884] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1348.598738][T25884] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1348.659637][T24056] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1348.662842][T24056] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1348.687759][ T6335] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1348.690254][ T6335] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1349.035424][T25942] sr 2:0:0:0: [sr0] CDROM not ready.  Make sure there is a disc in the drive.
[ 1349.245457][T25950] loop4: detected capacity change from 0 to 7
[ 1349.249417][ T6219] Dev loop4: unable to read RDB block 7
[ 1349.251360][ T6219]  loop4: unable to read partition table
[ 1349.253244][ T6219] loop4: partition table beyond EOD, truncated
[ 1349.259821][T25950] Dev loop4: unable to read RDB block 7
[ 1349.262134][T25950]  loop4: unable to read partition table
[ 1349.266711][T25950] loop4: partition table beyond EOD, truncated
[ 1349.268709][T25950] loop_reread_partitions: partition scan of loop4 (�被x������ ) failed (rc=-5)
[ 1349.276457][T25950] Dev loop4: unable to read RDB block 7
[ 1349.278747][T25950]  loop4: unable to read partition table
[ 1349.280585][T25950] loop4: partition table beyond EOD, truncated
[ 1349.324201][T25952] [U] 
[ 1349.325624][T25952] [U] 
[ 1349.326627][T25952] [U] 
[ 1349.327625][T25952] [U] 
[ 1349.329157][T25952] [U] 
[ 1349.330251][T25952] [U] 
[ 1349.331274][T25952] [U] 
[ 1349.332180][T25952] [U] 
[ 1349.333179][T25952] [U] 
[ 1349.334171][T25952] [U] 
[ 1349.335106][T25952] [U] 
[ 1349.336071][T25952] [U] 
[ 1349.339023][T25952] [U] 
[ 1349.340191][T25952] [U] 
[ 1349.341179][T25952] [U] 
[ 1349.342297][T25952] [U] 
[ 1349.343390][T25952] [U] 
[ 1349.344370][T25952] [U] 
[ 1349.345418][T25952] [U] 
[ 1349.346525][T25952] [U] 
[ 1349.348110][T25952] [U] 
[ 1349.349050][T25952] [U] 
[ 1349.350042][T25952] [U] 
[ 1349.351034][T25952] [U] 
[ 1349.352188][T25952] [U] 
[ 1349.353131][T25952] [U] 
[ 1349.354150][T25952] [U] 
[ 1349.355132][T25952] [U] 
[ 1349.356677][T25952] [U] 
[ 1349.357750][T25952] [U] 
[ 1349.358713][T25952] [U] 
[ 1349.359821][T25952] [U] 
[ 1349.360839][T25952] [U] 
[ 1349.361748][T25952] [U] 
[ 1349.362654][T25952] [U] 
[ 1349.363615][T25952] [U] 
[ 1349.365070][T25952] [U] 
[ 1349.366056][T25952] [U] 
[ 1349.366980][T25952] [U] 
[ 1349.367899][T25952] [U] 
[ 1349.368852][T25952] [U] 
[ 1349.369783][T25952] [U] 
[ 1349.370753][T25952] [U] 
[ 1349.371695][T25952] [U] 
[ 1349.372658][T25952] [U] 
[ 1349.373568][T25952] [U] 
[ 1349.374482][T25952] [U] 
[ 1349.375414][T25952] [U] 
[ 1349.376675][T25952] [U] 
[ 1349.377578][T25952] [U] 
[ 1349.378479][T25952] [U] 
[ 1349.379406][T25952] [U] 
[ 1349.380610][T25952] [U] 
[ 1349.381522][T25952] [U] 
[ 1349.382416][T25952] [U] 
[ 1349.383335][T25952] [U] 
[ 1349.384290][T25952] [U] 
[ 1349.385192][T25952] [U] 
[ 1349.386073][T25952] [U] 
[ 1349.387188][T25952] [U] 
[ 1349.388616][T25952] [U] 
[ 1349.389654][T25952] [U] 
[ 1349.390567][T25952] [U] 
[ 1349.391451][T25952] [U] 
[ 1349.392622][T25952] [U] 
[ 1349.393510][T25952] [U] 
[ 1349.394426][T25952] [U] 
[ 1349.395339][T25952] [U] 
[ 1349.496060][T25951] [U] 
[ 1349.984559][T25878] usb 10-1: new high-speed USB device number 12 using dummy_hcd
[ 1350.134799][T25878] usb 10-1: Using ep0 maxpacket: 32
[ 1350.142773][T25878] usb 10-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[ 1350.149968][T25878] usb 10-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[ 1350.153200][T25878] usb 10-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[ 1350.158695][T25878] usb 10-1: Product: syz
[ 1350.160385][T25878] usb 10-1: Manufacturer: syz
[ 1350.162257][T25878] usb 10-1: SerialNumber: syz
[ 1350.166844][T25878] usb 10-1: config 0 descriptor??
[ 1350.169593][T25957] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22
[ 1350.175114][T25878] hub 10-1:0.0: bad descriptor, ignoring hub
[ 1350.177352][T25878] hub 10-1:0.0: probe with driver hub failed with error -5
[ 1350.444911][T25957] usbtmc 5-1:16.0: send_request_dev_dep_msg_in returned -71
[ 1350.644938][T15863] Bluetooth: hci2: command tx timeout
[ 1351.697645][T25986] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4811'.
[ 1352.143031][T25994] loop4: detected capacity change from 0 to 7
[ 1352.147861][T25994] Dev loop4: unable to read RDB block 7
[ 1352.150276][T25994]  loop4: unable to read partition table
[ 1352.152961][T25994] loop4: partition table beyond EOD, truncated
[ 1352.163025][T25994] loop_reread_partitions: partition scan of loop4 (�被x������ ) failed (rc=-5)
[ 1352.169412][T25994] Dev loop4: unable to read RDB block 7
[ 1352.171773][T25994]  loop4: unable to read partition table
[ 1352.174522][T25994] loop4: partition table beyond EOD, truncated
[ 1352.239639][ T5354] Dev loop4: unable to read RDB block 7
[ 1352.242055][ T5354]  loop4: unable to read partition table
[ 1352.247968][ T5354] loop4: partition table beyond EOD, truncated
[ 1352.728650][T15863] Bluetooth: hci2: command tx timeout
[ 1352.775781][  T838] usb 10-1: USB disconnect, device number 12
[ 1352.839480][T26004] input: syz1 as /devices/virtual/input/input58
[ 1353.729424][T26023] netlink: 'syz.5.4820': attribute type 1 has an invalid length.
[ 1353.733434][T26023] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[ 1354.002153][T26028] input: syz1 as /devices/virtual/input/input59
[ 1354.763866][T26037] netlink: 'syz.5.4825': attribute type 1 has an invalid length.
[ 1354.778311][T26037] bond1: entered promiscuous mode
[ 1354.780159][T26037] 8021q: adding VLAN 0 to HW filter on device bond1
[ 1354.865871][T26039] 8021q: adding VLAN 0 to HW filter on device bond1
[ 1354.868571][T26039] bond1: (slave ip6gre1): The slave device specified does not support setting the MAC address
[ 1354.871849][T26039] bond1: (slave ip6gre1): Setting fail_over_mac to active for active-backup mode
[ 1354.877953][T26039] bond1: (slave ip6gre1): making interface the new active one
[ 1354.880640][T26039] ip6gre1: entered promiscuous mode
[ 1354.882971][T26039] bond1: (slave ip6gre1): Enslaving as an active interface with an up link
[ 1355.140041][T26046] netlink: 'syz.0.4826': attribute type 2 has an invalid length.
[ 1355.142510][T26046] netlink: 'syz.0.4826': attribute type 1 has an invalid length.
[ 1355.148236][T26046] sch_tbf: burst 19872 is lower than device lo mtu (11337746) !
[ 1355.379558][T26050] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4827'.
[ 1355.398849][T26050] syz.5.4827: attempt to access beyond end of device
[ 1355.398849][T26050] nbd5: rw=6144, sector=128, nr_sectors = 8 limit=0
[ 1355.403840][T26050] gfs2: error -5 reading superblock
[ 1356.313792][T26061] input: syz1 as /devices/virtual/input/input60
[ 1356.431345][T26068] @: renamed from vlan0 (while UP)
[ 1356.847299][T26077] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4833'.
[ 1356.885162][T26074] sr 2:0:0:0: [sr0] CDROM not ready.  Make sure there is a disc in the drive.
[ 1357.194242][T24055] Bluetooth: Error in BCSP hdr checksum
[ 1357.924575][T11279] usb 10-1: new high-speed USB device number 13 using dummy_hcd
[ 1358.074673][T11279] usb 10-1: Using ep0 maxpacket: 16
[ 1358.078620][T11279] usb 10-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1358.082233][T11279] usb 10-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1358.087271][T11279] usb 10-1: New USB device found, idVendor=05ac, idProduct=0244, bcdDevice= 0.00
[ 1358.090362][T11279] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1358.101006][T11279] usb 10-1: config 0 descriptor??
[ 1358.116658][T11279] input: bcm5974 as /devices/platform/dummy_hcd.5/usb10/10-1/10-1:0.0/input/input61
[ 1358.359488][ T5339] bcm5974 10-1:0.0: could not read from device
[ 1358.364236][T26088] bcm5974 10-1:0.0: could not read from device
[ 1358.370618][ T5339] bcm5974 10-1:0.0: could not read from device
[ 1358.371010][T11279] usb 10-1: USB disconnect, device number 13
[ 1358.965487][T15863] Bluetooth: hci0: Opcode 0x1003 failed: -110
[ 1358.966485][T11928] Bluetooth: hci0: command 0x1003 tx timeout
[ 1359.052282][T26109] netlink: 'syz.3.4843': attribute type 1 has an invalid length.
[ 1359.056640][T26109] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[ 1360.058311][T26124] input: syz1 as /devices/virtual/input/input62
[ 1361.051348][ T1419] ieee802154 phy0 wpan0: encryption failed: -22
[ 1361.053389][ T1419] ieee802154 phy1 wpan1: encryption failed: -22
[ 1361.076085][T26138] netlink: 'syz.0.4848': attribute type 2 has an invalid length.
[ 1361.078494][T26138] netlink: 'syz.0.4848': attribute type 1 has an invalid length.
[ 1361.083473][T26138] sch_tbf: burst 19872 is lower than device lo mtu (11337746) !
[ 1361.913418][T26150] 9pnet: Unknown protocol version 9p20\++}
[ 1362.372139][T26157] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[ 1363.099721][T26167] FAULT_INJECTION: forcing a failure.
[ 1363.099721][T26167] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1363.104120][T26167] CPU: 1 UID: 0 PID: 26167 Comm: syz.2.4857 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) 
[ 1363.104136][T26167] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 1363.104143][T26167] Call Trace:
[ 1363.104147][T26167]  <TASK>
[ 1363.104151][T26167]  dump_stack_lvl+0x16c/0x1f0
[ 1363.104172][T26167]  should_fail_ex+0x512/0x640
[ 1363.104189][T26167]  _copy_from_user+0x2e/0xd0
[ 1363.104206][T26167]  vmci_host_unlocked_ioctl+0x1123/0x2040
[ 1363.104223][T26167]  ? __pfx_vmci_host_unlocked_ioctl+0x10/0x10
[ 1363.104238][T26167]  ? __pfx_do_vfs_ioctl+0x10/0x10
[ 1363.104265][T26167]  ? find_held_lock+0x2b/0x80
[ 1363.104276][T26167]  ? hook_file_ioctl_common+0x145/0x410
[ 1363.104291][T26167]  ? __fget_files+0x20e/0x3c0
[ 1363.104303][T26167]  ? __fput_deferred+0x440/0x480
[ 1363.104316][T26167]  ? __pfx_vmci_host_unlocked_ioctl+0x10/0x10
[ 1363.104330][T26167]  compat_ptr_ioctl+0x6e/0xa0
[ 1363.104341][T26167]  ? __pfx_compat_ptr_ioctl+0x10/0x10
[ 1363.104352][T26167]  __ia32_compat_sys_ioctl+0x23f/0x370
[ 1363.104366][T26167]  __do_fast_syscall_32+0x7c/0x3a0
[ 1363.104384][T26167]  do_fast_syscall_32+0x32/0x80
[ 1363.104411][T26167]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1363.104428][T26167] RIP: 0023:0xf711e579
[ 1363.104437][T26167] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[ 1363.104447][T26167] RSP: 002b:00000000f510e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[ 1363.104457][T26167] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000000007a6
[ 1363.104464][T26167] RDX: 00000000800000c0 RSI: 0000000000000000 RDI: 0000000000000000
[ 1363.104470][T26167] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1363.104476][T26167] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[ 1363.104482][T26167] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1363.104495][T26167]  </TASK>
[ 1363.407534][T26175] netlink: 'syz.5.4860': attribute type 2 has an invalid length.
[ 1363.411495][T26175] netlink: 'syz.5.4860': attribute type 1 has an invalid length.
[ 1363.423303][T26175] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[ 1363.791382][T26177] binder: BC_ACQUIRE_RESULT not supported
[ 1363.793622][T26177] binder: 26176:26177 ioctl c0306201 80000040 returned -22
[ 1364.303843][T26189] input: syz1 as /devices/virtual/input/input63
[ 1364.328885][   T40] audit: type=1800 audit(1751440424.332:5073): pid=26193 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.4868" name="bus" dev="9p" ino=35913966 res=0 errno=0
[ 1364.617259][T26197] lo speed is unknown, defaulting to 1000
[ 1364.722571][T26197] lo speed is unknown, defaulting to 1000
[ 1364.794483][   T40] audit: type=1326 audit(1751440424.792:5074): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26196 comm="syz.5.4869" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709e579 code=0x7ffc0000
[ 1364.814521][   T40] audit: type=1326 audit(1751440424.792:5075): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26196 comm="syz.5.4869" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709e579 code=0x7ffc0000
[ 1364.821126][   T40] audit: type=1326 audit(1751440424.822:5076): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26196 comm="syz.5.4869" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf709e598 code=0x7ffc0000
[ 1364.828308][   T40] audit: type=1326 audit(1751440424.822:5077): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26196 comm="syz.5.4869" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf709e598 code=0x7ffc0000
[ 1364.846686][   T40] audit: type=1326 audit(1751440424.822:5078): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26196 comm="syz.5.4869" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf709e598 code=0x7ffc0000
[ 1364.853173][   T40] audit: type=1326 audit(1751440424.822:5079): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26196 comm="syz.5.4869" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf709e598 code=0x7ffc0000
[ 1364.861039][T26206] netlink: 32 bytes leftover after parsing attributes in process `syz.0.4871'.
[ 1364.866744][   T40] audit: type=1326 audit(1751440424.822:5080): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26196 comm="syz.5.4869" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf709e598 code=0x7ffc0000
[ 1364.873526][   T40] audit: type=1326 audit(1751440424.822:5081): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26196 comm="syz.5.4869" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf709e598 code=0x7ffc0000
[ 1364.890296][   T40] audit: type=1326 audit(1751440424.822:5082): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26196 comm="syz.5.4869" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf709e598 code=0x7ffc0000
[ 1366.053862][T26233] netlink: 'syz.5.4879': attribute type 1 has an invalid length.
[ 1366.097798][T26233] 8021q: adding VLAN 0 to HW filter on device bond2
[ 1366.118411][T26233] bond2: (slave veth0_to_bond): making interface the new active one
[ 1366.121587][T26233] bond2: (slave veth0_to_bond): Enslaving as an active interface with an up link
[ 1366.162959][T26233] FAULT_INJECTION: forcing a failure.
[ 1366.162959][T26233] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1366.168015][T26233] CPU: 3 UID: 0 PID: 26233 Comm: syz.5.4879 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) 
[ 1366.168031][T26233] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 1366.168037][T26233] Call Trace:
[ 1366.168041][T26233]  <TASK>
[ 1366.168046][T26233]  dump_stack_lvl+0x16c/0x1f0
[ 1366.168066][T26233]  should_fail_ex+0x512/0x640
[ 1366.168083][T26233]  _copy_from_iter+0x29f/0x16f0
[ 1366.168101][T26233]  ? __alloc_skb+0x200/0x380
[ 1366.168117][T26233]  ? __pfx__copy_from_iter+0x10/0x10
[ 1366.168134][T26233]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[ 1366.168150][T26233]  netlink_sendmsg+0x829/0xdd0
[ 1366.168163][T26233]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1366.168175][T26233]  ? __import_iovec+0x1dd/0x650
[ 1366.168194][T26233]  ____sys_sendmsg+0xa98/0xc70
[ 1366.168207][T26233]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1366.168218][T26233]  ? get_compat_msghdr+0x11a/0x170
[ 1366.168241][T26233]  ___sys_sendmsg+0x134/0x1d0
[ 1366.168258][T26233]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1366.168285][T26233]  ? __pfx_vfs_write+0x10/0x10
[ 1366.168300][T26233]  ? css_rstat_updated+0x9d/0xd30
[ 1366.168314][T26233]  __sys_sendmsg+0x16d/0x220
[ 1366.168329][T26233]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1366.168351][T26233]  ? rcu_is_watching+0x12/0xc0
[ 1366.168364][T26233]  __do_fast_syscall_32+0x7c/0x3a0
[ 1366.168382][T26233]  do_fast_syscall_32+0x32/0x80
[ 1366.168398][T26233]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1366.168411][T26233] RIP: 0023:0xf709e579
[ 1366.168421][T26233] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[ 1366.168434][T26233] RSP: 002b:00000000f508e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[ 1366.168450][T26233] RAX: ffffffffffffffda RBX: 000000000000000d RCX: 0000000080000280
[ 1366.168459][T26233] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1366.168468][T26233] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1366.168494][T26233] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[ 1366.168503][T26233] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1366.168524][T26233]  </TASK>
[ 1366.584518][T15519] usb 10-1: new high-speed USB device number 14 using dummy_hcd
[ 1366.746005][T15519] usb 10-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 64
[ 1366.749207][T15519] usb 10-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 64
[ 1366.753924][T15519] usb 10-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1366.758148][T15519] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1366.760918][T15519] usb 10-1: Product: 댉됏䇐焖舘⟑䲿욁备⻢턴᭜眒鸺䓼뫺땎㭋购꫔陛霊滴篠侚쫄튯툊䄱廯삝竼빀槜ᐰ啰腰㊑撟莓ę⌵ㆯ쳝ꓨ䤫㨶⑘仌㌜䙲繲샷唽髀洦탨ﳂ絒氣쉩˻䣀曽竼硐꽨쀾꬈
[ 1366.769794][T15519] usb 10-1: Manufacturer: 哛딼춓⥻놡戻﬐Ꚕ䤄漴ʋ
[ 1366.772107][T15519] usb 10-1: SerialNumber: ఊ
[ 1366.981368][T26238] 
[ 1366.982282][T26238] =====================================================
[ 1366.984521][T26238] WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected
[ 1366.987023][T26238] 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 Not tainted
[ 1366.989876][T26238] -----------------------------------------------------
[ 1366.992963][T26238] syz.5.4881/26238 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire:
[ 1366.995601][T26238] ffff88804e901d38 (&new->fa_lock){....}-{3:3}, at: kill_fasync+0x138/0x510
[ 1366.998426][T26238] 
[ 1366.998426][T26238] and this task is already holding:
[ 1367.001184][T26238] ffff88806ad0a028 (&client->buffer_lock){....}-{3:3}, at: evdev_pass_values+0x10e/0x9b0
[ 1367.005155][T26238] which would create a new lock dependency:
[ 1367.007710][T26238]  (&client->buffer_lock){....}-{3:3} -> (&new->fa_lock){....}-{3:3}
[ 1367.011053][T26238] 
[ 1367.011053][T26238] but this new dependency connects a SOFTIRQ-irq-safe lock:
[ 1367.014891][T26238]  (&dev->event_lock#2){..-.}-{3:3}
[ 1367.014931][T26238] 
[ 1367.014931][T26238] ... which became SOFTIRQ-irq-safe at:
[ 1367.020265][T26238]   lock_acquire+0x179/0x350
[ 1367.022217][T26238]   _raw_spin_lock_irqsave+0x3a/0x60
[ 1367.024435][T26238]   input_inject_event+0x9f/0x390
[ 1367.026449][T26238]   led_set_brightness+0x214/0x290
[ 1367.028463][T26238]   led_trigger_event+0xda/0x270
[ 1367.030275][T26238]   kbd_bh+0x21b/0x300
[ 1367.031773][T26238]   tasklet_action_common+0x281/0x400
[ 1367.033748][T26238]   handle_softirqs+0x219/0x8e0
[ 1367.035556][T26238]   do_softirq+0xb2/0xf0
[ 1367.037146][T26238]   __local_bh_enable_ip+0x100/0x120
[ 1367.039092][T26238]   cfg80211_inform_single_bss_data+0x9ae/0x1df0
[ 1367.041370][T26238]   cfg80211_inform_bss_data+0x224/0x3bc0
[ 1367.043454][T26238]   cfg80211_inform_bss_frame_data+0x26f/0x750
[ 1367.045668][T26238]   ieee80211_bss_info_update+0x310/0xab0
[ 1367.047737][T26238]   ieee80211_ibss_rx_queued_mgmt+0x1905/0x2fd0
[ 1367.049810][T26238]   ieee80211_iface_work+0xbf4/0x1020
[ 1367.051645][T26238]   cfg80211_wiphy_work+0x3df/0x550
[ 1367.053407][T26238]   process_one_work+0x9cf/0x1b70
[ 1367.055164][T26238]   worker_thread+0x6c8/0xf10
[ 1367.056773][T26238]   kthread+0x3c5/0x780
[ 1367.058178][T26238]   ret_from_fork+0x5d4/0x6f0
[ 1367.059789][T26238]   ret_from_fork_asm+0x1a/0x30
[ 1367.061504][T26238] 
[ 1367.061504][T26238] to a SOFTIRQ-irq-unsafe lock:
[ 1367.063903][T26238]  (tasklist_lock){.+.+}-{3:3}
[ 1367.063924][T26238] 
[ 1367.063924][T26238] ... which became SOFTIRQ-irq-unsafe at:
[ 1367.068335][T26238] ...
[ 1367.068341][T26238]   lock_acquire+0x179/0x350
[ 1367.070696][T26238]   _raw_read_lock+0x5f/0x70
[ 1367.072447][T26238]   __do_wait+0x105/0x890
[ 1367.074225][T26238]   do_wait+0x21e/0x5a0
[ 1367.075906][T26238]   kernel_wait+0x9f/0x160
[ 1367.077696][T26238]   call_usermodehelper_exec_work+0xf1/0x170
[ 1367.080084][T26238]   process_one_work+0x9cf/0x1b70
[ 1367.082114][T26238]   worker_thread+0x6c8/0xf10
[ 1367.084058][T26238]   kthread+0x3c5/0x780
[ 1367.085729][T26238]   ret_from_fork+0x5d4/0x6f0
[ 1367.087330][T26238]   ret_from_fork_asm+0x1a/0x30
[ 1367.088818][T26238] 
[ 1367.088818][T26238] other info that might help us debug this:
[ 1367.088818][T26238] 
[ 1367.092518][T26238] Chain exists of:
[ 1367.092518][T26238]   &dev->event_lock#2 --> &client->buffer_lock --> tasklist_lock
[ 1367.092518][T26238] 
[ 1367.097747][T26238]  Possible interrupt unsafe locking scenario:
[ 1367.097747][T26238] 
[ 1367.100841][T26238]        CPU0                    CPU1
[ 1367.102829][T26238]        ----                    ----
[ 1367.104934][T26238]   lock(tasklist_lock);
[ 1367.106583][T26238]                                local_irq_disable();
[ 1367.109115][T26238]                                lock(&dev->event_lock#2);
[ 1367.111476][T26238]                                lock(&client->buffer_lock);
[ 1367.113995][T26238]   <Interrupt>
[ 1367.115072][T26238]     lock(&dev->event_lock#2);
[ 1367.116709][T26238] 
[ 1367.116709][T26238]  *** DEADLOCK ***
[ 1367.116709][T26238] 
[ 1367.119204][T26238] 7 locks held by syz.5.4881/26238:
[ 1367.121003][T26238]  #0: ffff888028972118 (&evdev->mutex){+.+.}-{4:4}, at: evdev_write+0x184/0x440
[ 1367.124446][T26238]  #1: ffff88802151e230 (&dev->event_lock#2){..-.}-{3:3}, at: input_inject_event+0x9f/0x390
[ 1367.128326][T26238]  #2: ffffffff8e5c47c0 (rcu_read_lock){....}-{1:3}, at: input_inject_event+0xbb/0x390
[ 1367.132073][T26238]  #3: ffffffff8e5c47c0 (rcu_read_lock){....}-{1:3}, at: input_pass_values+0x80/0x890
[ 1367.135799][T26238]  #4: ffffffff8e5c47c0 (rcu_read_lock){....}-{1:3}, at: evdev_events+0x7b/0x390
[ 1367.138904][T26238]  #5: ffff88806ad0a028 (&client->buffer_lock){....}-{3:3}, at: evdev_pass_values+0x10e/0x9b0
[ 1367.141950][T26238]  #6: ffffffff8e5c47c0 (rcu_read_lock){....}-{1:3}, at: kill_fasync+0x62/0x510
[ 1367.144732][T26238] 
[ 1367.144732][T26238] the dependencies between SOFTIRQ-irq-safe lock and the holding lock:
[ 1367.147827][T26238]  -> (&dev->event_lock#2){..-.}-{3:3} {
[ 1367.149552][T26238]     IN-SOFTIRQ-W at:
[ 1367.150816][T26238]                       lock_acquire+0x179/0x350
[ 1367.152779][T26238]                       _raw_spin_lock_irqsave+0x3a/0x60
[ 1367.154925][T26238]                       input_inject_event+0x9f/0x390
[ 1367.156998][T26238]                       led_set_brightness+0x214/0x290
[ 1367.159075][T26238]                       led_trigger_event+0xda/0x270
[ 1367.161155][T26238]                       kbd_bh+0x21b/0x300
[ 1367.162936][T26238]                       tasklet_action_common+0x281/0x400
[ 1367.165091][T26238]                       handle_softirqs+0x219/0x8e0
[ 1367.167083][T26238]                       do_softirq+0xb2/0xf0
[ 1367.168998][T26238]                       __local_bh_enable_ip+0x100/0x120
[ 1367.171125][T26238]                       cfg80211_inform_single_bss_data+0x9ae/0x1df0
[ 1367.173601][T26238]                       cfg80211_inform_bss_data+0x224/0x3bc0
[ 1367.175941][T26238]                       cfg80211_inform_bss_frame_data+0x26f/0x750
[ 1367.178334][T26238]                       ieee80211_bss_info_update+0x310/0xab0
[ 1367.180546][T26238]                       ieee80211_ibss_rx_queued_mgmt+0x1905/0x2fd0
[ 1367.182913][T26238]                       ieee80211_iface_work+0xbf4/0x1020
[ 1367.185166][T26238]                       cfg80211_wiphy_work+0x3df/0x550
[ 1367.187497][T26238]                       process_one_work+0x9cf/0x1b70
[ 1367.189499][T26238]                       worker_thread+0x6c8/0xf10
[ 1367.191460][T26238]                       kthread+0x3c5/0x780
[ 1367.193239][T26238]                       ret_from_fork+0x5d4/0x6f0
[ 1367.195168][T26238]                       ret_from_fork_asm+0x1a/0x30
[ 1367.197227][T26238]     INITIAL USE at:
[ 1367.198480][T26238]                      lock_acquire+0x179/0x350
[ 1367.200413][T26238]                      _raw_spin_lock_irqsave+0x3a/0x60
[ 1367.202535][T26238]                      input_inject_event+0x9f/0x390
[ 1367.204655][T26238]                      led_set_brightness+0x214/0x290
[ 1367.206803][T26238]                      kbd_led_trigger_activate+0xcb/0x110
[ 1367.209373][T26238]                      led_trigger_set+0x597/0xc50
[ 1367.211395][T26238]                      led_trigger_set_default+0x1e0/0x2e0
[ 1367.213807][T26238]                      led_classdev_register_ext+0x7b8/0xa10
[ 1367.216128][T26238]                      input_leds_connect+0x552/0x8e0
[ 1367.218395][T26238]                      input_attach_handler.isra.0+0x184/0x260
[ 1367.221174][T26238]                      input_register_device+0xa84/0x1130
[ 1367.224098][T26238]                      atkbd_connect+0x5da/0xa20
[ 1367.226698][T26238]                      serio_driver_probe+0x77/0xb0
[ 1367.229403][T26238]                      really_probe+0x23e/0xa90
[ 1367.231997][T26238]                      __driver_probe_device+0x1de/0x440
[ 1367.234854][T26238]                      driver_probe_device+0x4c/0x1b0
[ 1367.237567][T26238]                      __driver_attach+0x283/0x580
[ 1367.240299][T26238]                      bus_for_each_dev+0x13b/0x1d0
[ 1367.243144][T26238]                      serio_handle_event+0x247/0xa50
[ 1367.245357][T26238]                      process_one_work+0x9cf/0x1b70
[ 1367.247464][T26238]                      worker_thread+0x6c8/0xf10
[ 1367.249371][T26238]                      kthread+0x3c5/0x780
[ 1367.251223][T26238]                      ret_from_fork+0x5d4/0x6f0
[ 1367.253203][T26238]                      ret_from_fork_asm+0x1a/0x30
[ 1367.255379][T26238]   }
[ 1367.256227][T26238]   ... key      at: [<ffffffff9b0bb680>] __key.7+0x0/0x40
[ 1367.258504][T26238] -> (&client->buffer_lock){....}-{3:3} {
[ 1367.260379][T26238]    INITIAL USE at:
[ 1367.261603][T26238]                    lock_acquire+0x179/0x350
[ 1367.263519][T26238]                    _raw_spin_lock+0x2e/0x40
[ 1367.265513][T26238]                    evdev_pass_values+0x10e/0x9b0
[ 1367.267518][T26238]                    evdev_events+0x1bb/0x390
[ 1367.269667][T26238]                    input_pass_values+0x6c7/0x890
[ 1367.272129][T26238]                    input_handle_event+0xf00/0x14d0
[ 1367.274708][T26238]                    input_inject_event+0x1cd/0x390
[ 1367.277197][T26238]                    evdev_write+0x2e1/0x440
[ 1367.279072][T26238]                    vfs_write+0x29d/0x1150
[ 1367.280859][T26238]                    ksys_write+0x1f8/0x250
[ 1367.282634][T26238]                    __do_fast_syscall_32+0x7c/0x3a0
[ 1367.284849][T26238]                    do_fast_syscall_32+0x32/0x80
[ 1367.287539][T26238]                    entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1367.289964][T26238]  }
[ 1367.290757][T26238]  ... key      at: [<ffffffff9b0bbb00>] __key.1+0x0/0x40
[ 1367.292901][T26238]  ... acquired at:
[ 1367.294110][T26238]    _raw_spin_lock+0x2e/0x40
[ 1367.296080][T26238]    evdev_pass_values+0x10e/0x9b0
[ 1367.297767][T26238]    evdev_events+0x1bb/0x390
[ 1367.299249][T26238]    input_pass_values+0x6c7/0x890
[ 1367.300851][T26238]    input_handle_event+0xf00/0x14d0
[ 1367.302512][T26238]    input_inject_event+0x1cd/0x390
[ 1367.304239][T26238]    evdev_write+0x2e1/0x440
[ 1367.306151][T26238]    vfs_write+0x29d/0x1150
[ 1367.308033][T26238]    ksys_write+0x1f8/0x250
[ 1367.309532][T26238]    __do_fast_syscall_32+0x7c/0x3a0
[ 1367.311235][T26238]    do_fast_syscall_32+0x32/0x80
[ 1367.312830][T26238]    entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1367.314873][T26238] 
[ 1367.315661][T26238] 
[ 1367.315661][T26238] the dependencies between the lock to be acquired
[ 1367.315667][T26238]  and SOFTIRQ-irq-unsafe lock:
[ 1367.319839][T26238]   -> (tasklist_lock){.+.+}-{3:3} {
[ 1367.321859][T26238]      HARDIRQ-ON-R at:
[ 1367.323346][T26238]                         lock_acquire+0x179/0x350
[ 1367.325591][T26238]                         _raw_read_lock+0x5f/0x70
[ 1367.328165][T26238]                         __do_wait+0x105/0x890
[ 1367.330676][T26238]                         do_wait+0x21e/0x5a0
[ 1367.332973][T26238]                         kernel_wait+0x9f/0x160
[ 1367.335425][T26238]                         call_usermodehelper_exec_work+0xf1/0x170
[ 1367.338373][T26238]                         process_one_work+0x9cf/0x1b70
[ 1367.340668][T26238]                         worker_thread+0x6c8/0xf10
[ 1367.343108][T26238]                         kthread+0x3c5/0x780
[ 1367.345553][T26238]                         ret_from_fork+0x5d4/0x6f0
[ 1367.348231][T26238]                         ret_from_fork_asm+0x1a/0x30
[ 1367.350955][T26238]      SOFTIRQ-ON-R at:
[ 1367.352630][T26238]                         lock_acquire+0x179/0x350
[ 1367.354730][T26238]                         _raw_read_lock+0x5f/0x70
[ 1367.356820][T26238]                         __do_wait+0x105/0x890
[ 1367.358976][T26238]                         do_wait+0x21e/0x5a0
[ 1367.360875][T26238]                         kernel_wait+0x9f/0x160
[ 1367.362840][T26238]                         call_usermodehelper_exec_work+0xf1/0x170
[ 1367.365323][T26238]                         process_one_work+0x9cf/0x1b70
[ 1367.367478][T26238]                         worker_thread+0x6c8/0xf10
[ 1367.369521][T26238]                         kthread+0x3c5/0x780
[ 1367.371434][T26238]                         ret_from_fork+0x5d4/0x6f0
[ 1367.373483][T26238]                         ret_from_fork_asm+0x1a/0x30
[ 1367.375585][T26238]      INITIAL USE at:
[ 1367.376865][T26238]                        lock_acquire+0x179/0x350
[ 1367.378842][T26238]                        _raw_write_lock_irq+0x36/0x50
[ 1367.380973][T26238]                        copy_process+0x4caf/0x76a0
[ 1367.382995][T26238]                        kernel_clone+0xfc/0x960
[ 1367.384981][T26238]                        user_mode_thread+0xc7/0x110
[ 1367.387050][T26238]                        rest_init+0x23/0x2b0
[ 1367.388953][T26238]                        start_kernel+0x3ee/0x4d0
[ 1367.390963][T26238]                        x86_64_start_reservations+0x18/0x30
[ 1367.393331][T26238]                        x86_64_start_kernel+0x130/0x190
[ 1367.395497][T26238]                        common_startup_64+0x13e/0x148
[ 1367.397560][T26238]      INITIAL READ USE at:
[ 1367.399002][T26238]                             lock_acquire+0x179/0x350
[ 1367.401073][T26238]                             _raw_read_lock+0x5f/0x70
[ 1367.403214][T26238]                             __do_wait+0x105/0x890
[ 1367.405188][T26238]                             do_wait+0x21e/0x5a0
[ 1367.407110][T26238]                             kernel_wait+0x9f/0x160
[ 1367.409154][T26238]                             call_usermodehelper_exec_work+0xf1/0x170
[ 1367.411655][T26238]                             process_one_work+0x9cf/0x1b70
[ 1367.413865][T26238]                             worker_thread+0x6c8/0xf10
[ 1367.415999][T26238]                             kthread+0x3c5/0x780
[ 1367.417988][T26238]                             ret_from_fork+0x5d4/0x6f0
[ 1367.420117][T26238]                             ret_from_fork_asm+0x1a/0x30
[ 1367.422290][T26238]    }
[ 1367.423154][T26238]    ... key      at: [<ffffffff8e20c098>] tasklist_lock+0x18/0x40
[ 1367.425581][T26238]    ... acquired at:
[ 1367.426835][T26238]    _raw_read_lock+0x5f/0x70
[ 1367.428318][T26238]    send_sigurg+0xed/0xc80
[ 1367.429735][T26238]    sk_send_sigurg+0x76/0x360
[ 1367.431240][T26238]    unix_stream_sendmsg+0xeb3/0x11d0
[ 1367.432916][T26238]    ____sys_sendmsg+0xa98/0xc70
[ 1367.434465][T26238]    ___sys_sendmsg+0x134/0x1d0
[ 1367.436004][T26238]    __sys_sendmmsg+0x2f9/0x420
[ 1367.437610][T26238]    __ia32_compat_sys_sendmmsg+0x9d/0x100
[ 1367.439527][T26238]    __do_fast_syscall_32+0x7c/0x3a0
[ 1367.441237][T26238]    do_fast_syscall_32+0x32/0x80
[ 1367.442811][T26238]    entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1367.444852][T26238] 
[ 1367.445611][T26238]  -> (&f_owner->lock){....}-{3:3} {
[ 1367.447266][T26238]     INITIAL USE at:
[ 1367.448525][T26238]                      lock_acquire+0x179/0x350
[ 1367.450457][T26238]                      _raw_write_lock_irq+0x36/0x50
[ 1367.452530][T26238]                      __f_setown+0x61/0x3c0
[ 1367.454423][T26238]                      do_fcntl+0x1098/0x15a0
[ 1367.456310][T26238]                      do_compat_fcntl64+0x367/0x710
[ 1367.458382][T26238]                      __do_fast_syscall_32+0x7c/0x3a0
[ 1367.460488][T26238]                      do_fast_syscall_32+0x32/0x80
[ 1367.462533][T26238]                      entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1367.464983][T26238]     INITIAL READ USE at:
[ 1367.466354][T26238]                           lock_acquire+0x179/0x350
[ 1367.468444][T26238]                           _raw_read_lock_irqsave+0x74/0x90
[ 1367.470741][T26238]                           send_sigio+0x31/0x3e0
[ 1367.472765][T26238]                           dnotify_handle_event+0x15e/0x2b0
[ 1367.475099][T26238]                           fsnotify_handle_inode_event.isra.0+0x1e2/0x3f0
[ 1367.477733][T26238]                           fsnotify+0x13d6/0x1dc0
[ 1367.479781][T26238]                           vfs_mkdir+0x71d/0x8c0
[ 1367.481765][T26238]                           do_mkdirat+0x304/0x3e0
[ 1367.483818][T26238]                           __ia32_sys_mkdirat+0x82/0xb0
[ 1367.485986][T26238]                           __do_fast_syscall_32+0x7c/0x3a0
[ 1367.488273][T26238]                           do_fast_syscall_32+0x32/0x80
[ 1367.490446][T26238]                           entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1367.493080][T26238]   }
[ 1367.493941][T26238]   ... key      at: [<ffffffff9ade9740>] __key.1+0x0/0x40
[ 1367.496195][T26238]   ... acquired at:
[ 1367.497451][T26238]    _raw_read_lock_irqsave+0x74/0x90
[ 1367.499137][T26238]    send_sigio+0x31/0x3e0
[ 1367.500543][T26238]    kill_fasync+0x214/0x510
[ 1367.502008][T26238]    lease_break_callback+0x23/0x30
[ 1367.503672][T26238]    __break_lease+0x674/0x1810
[ 1367.505219][T26238]    do_dentry_open+0x6e1/0x1c10
[ 1367.506765][T26238]    vfs_open+0x82/0x3f0
[ 1367.508108][T26238]    dentry_open+0x71/0xd0
[ 1367.509398][T26238]    do_mq_open+0x4df/0x8c0
[ 1367.510859][T26238]    __ia32_compat_sys_mq_open+0x154/0x280
[ 1367.512741][T26238]    __do_fast_syscall_32+0x7c/0x3a0
[ 1367.514429][T26238]    do_fast_syscall_32+0x32/0x80
[ 1367.516034][T26238]    entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1367.518042][T26238] 
[ 1367.518807][T26238] -> (&new->fa_lock){....}-{3:3} {
[ 1367.520435][T26238]    INITIAL USE at:
[ 1367.521684][T26238]                    lock_acquire+0x179/0x350
[ 1367.523598][T26238]                    _raw_write_lock_irq+0x36/0x50
[ 1367.525567][T26238]                    fasync_remove_entry+0xb2/0x1e0
[ 1367.527599][T26238]                    fasync_helper+0xaf/0xd0
[ 1367.529424][T26238]                    pipe_fasync+0xc7/0x200
[ 1367.531273][T26238]                    __fput+0x968/0xb70
[ 1367.532981][T26238]                    task_work_run+0x14d/0x240
[ 1367.534871][T26238]                    exit_to_user_mode_loop+0xeb/0x110
[ 1367.536964][T26238]                    __do_fast_syscall_32+0x2ac/0x3a0
[ 1367.539001][T26238]                    do_fast_syscall_32+0x32/0x80
[ 1367.540988][T26238]                    entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1367.543471][T26238]    INITIAL READ USE at:
[ 1367.544824][T26238]                         lock_acquire+0x179/0x350
[ 1367.546831][T26238]                         _raw_read_lock_irqsave+0x74/0x90
[ 1367.549045][T26238]                         kill_fasync+0x138/0x510
[ 1367.551049][T26238]                         __splice_from_pipe+0x663/0x800
[ 1367.553226][T26238]                         __do_sys_vmsplice+0x716/0x1180
[ 1367.555391][T26238]                         __do_fast_syscall_32+0x7c/0x3a0
[ 1367.557590][T26238]                         do_fast_syscall_32+0x32/0x80
[ 1367.559715][T26238]                         entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1367.562260][T26238]  }
[ 1367.563088][T26238]  ... key      at: [<ffffffff9ade9700>] __key.0+0x0/0x40
[ 1367.565269][T26238]  ... acquired at:
[ 1367.566479][T26238]    lock_acquire+0x179/0x350
[ 1367.567994][T26238]    _raw_read_lock_irqsave+0x74/0x90
[ 1367.569662][T26238]    kill_fasync+0x138/0x510
[ 1367.571110][T26238]    evdev_pass_values+0x619/0x9b0
[ 1367.572715][T26238]    evdev_events+0x1bb/0x390
[ 1367.574194][T26238]    input_pass_values+0x6c7/0x890
[ 1367.575811][T26238]    input_handle_event+0xf00/0x14d0
[ 1367.577459][T26238]    input_inject_event+0x1cd/0x390
[ 1367.579088][T26238]    evdev_write+0x2e1/0x440
[ 1367.580574][T26238]    vfs_write+0x29d/0x1150
[ 1367.581989][T26238]    ksys_write+0x1f8/0x250
[ 1367.583394][T26238]    __do_fast_syscall_32+0x7c/0x3a0
[ 1367.585073][T26238]    do_fast_syscall_32+0x32/0x80
[ 1367.586649][T26238]    entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1367.588676][T26238] 
[ 1367.589433][T26238] 
[ 1367.589433][T26238] stack backtrace:
[ 1367.591242][T26238] CPU: 2 UID: 0 PID: 26238 Comm: syz.5.4881 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) 
[ 1367.591256][T26238] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 1367.591263][T26238] Call Trace:
[ 1367.591268][T26238]  <TASK>
[ 1367.591273][T26238]  dump_stack_lvl+0x116/0x1f0
[ 1367.591293][T26238]  check_irq_usage+0x7dc/0x920
[ 1367.591306][T26238]  ? __pfx___smp_call_single_queue+0x10/0x10
[ 1367.591317][T26238]  ? do_raw_spin_lock+0x12c/0x2b0
[ 1367.591334][T26238]  ? check_path.constprop.0+0x24/0x50
[ 1367.591348][T26238]  ? __lock_acquire+0x1285/0x1c90
[ 1367.591360][T26238]  __lock_acquire+0x1285/0x1c90
[ 1367.591375][T26238]  lock_acquire+0x179/0x350
[ 1367.591388][T26238]  ? kill_fasync+0x138/0x510
[ 1367.591400][T26238]  _raw_read_lock_irqsave+0x74/0x90
[ 1367.591415][T26238]  ? kill_fasync+0x138/0x510
[ 1367.591424][T26238]  kill_fasync+0x138/0x510
[ 1367.591435][T26238]  evdev_pass_values+0x619/0x9b0
[ 1367.591450][T26238]  evdev_events+0x1bb/0x390
[ 1367.591464][T26238]  input_pass_values+0x6c7/0x890
[ 1367.591478][T26238]  input_handle_event+0xf00/0x14d0
[ 1367.591492][T26238]  ? _copy_from_user+0x59/0xd0
[ 1367.591510][T26238]  input_inject_event+0x1cd/0x390
[ 1367.591524][T26238]  evdev_write+0x2e1/0x440
[ 1367.591538][T26238]  ? __pfx_evdev_write+0x10/0x10
[ 1367.591552][T26238]  ? bpf_lsm_file_permission+0x9/0x10
[ 1367.591563][T26238]  ? security_file_permission+0x71/0x210
[ 1367.591577][T26238]  ? rw_verify_area+0xcf/0x680
[ 1367.591590][T26238]  ? __pfx_evdev_write+0x10/0x10
[ 1367.591603][T26238]  vfs_write+0x29d/0x1150
[ 1367.591618][T26238]  ? __pfx_vfs_write+0x10/0x10
[ 1367.591631][T26238]  ? find_held_lock+0x2b/0x80
[ 1367.591640][T26238]  ? __fget_files+0x204/0x3c0
[ 1367.591655][T26238]  ? __fget_files+0x20e/0x3c0
[ 1367.591670][T26238]  ksys_write+0x1f8/0x250
[ 1367.591684][T26238]  ? __pfx_ksys_write+0x10/0x10
[ 1367.591698][T26238]  ? rcu_is_watching+0x12/0xc0
[ 1367.591710][T26238]  __do_fast_syscall_32+0x7c/0x3a0
[ 1367.591726][T26238]  do_fast_syscall_32+0x32/0x80
[ 1367.591742][T26238]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1367.591755][T26238] RIP: 0023:0xf709e579
[ 1367.591763][T26238] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[ 1367.591773][T26238] RSP: 002b:00000000f508e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000004
[ 1367.591782][T26238] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000080000040
[ 1367.591789][T26238] RDX: 0000000000001068 RSI: 0000000000000000 RDI: 0000000000000000
[ 1367.591795][T26238] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1367.591802][T26238] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[ 1367.591807][T26238] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1367.591817][T26238]  </TASK>
[ 1367.884747][T15519] cdc_ncm 10-1:1.0: bind() failure
[ 1367.887636][T15519] cdc_ncm 10-1:1.1: CDC Union missing and no IAD found
[ 1367.889891][T15519] cdc_ncm 10-1:1.1: bind() failure
[ 1367.892884][T15519] usb 10-1: USB disconnect, device number 14
[ 1367.952693][T11279] usb 5-1: USB disconnect, device number 35
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[ 1368.119886][T26237] syz_tun (unregistering): left promiscuous mode
[ 1368.309265][T19258] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1368.422037][T19258] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1368.537067][T19258] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1368.628268][T19258] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1368.705534][T19258] bond1 (unregistering): (slave ip6gre1): Releasing backup interface
[ 1368.708093][T19258] ip6gre1 (unregistering): left promiscuous mode
[ 1368.799255][T19258] bond0 (unregistering): (slave 
3
0
��): Releasing backup interface
[ 1368.802731][T19258] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1368.806066][T19258] bond0 (unregistering): Released all slaves
[ 1368.890087][T19258] bond1 (unregistering): Released all slaves
[ 1368.969974][T19258] bond2 (unregistering): (slave veth0_to_bond): Releasing active interface
[ 1368.973308][T19258] bond2 (unregistering): Released all slaves
[ 1369.346336][T19258] batadv_slave_0: left promiscuous mode
[ 1369.349984][T19258] hsr_slave_0: left promiscuous mode
[ 1369.351821][T19258] hsr_slave_1: left promiscuous mode
[ 1369.353628][T19258] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1369.365034][T19258] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1369.372461][T19258] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1369.376038][T19258] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1369.380264][T19258] veth1_macvtap: left promiscuous mode
[ 1369.381948][T19258] veth0_macvtap: left promiscuous mode
[ 1369.383660][T19258] veth1_vlan: left promiscuous mode
[ 1369.385335][T19258] veth0_vlan: left promiscuous mode
[ 1369.543312][T19258] team0 (unregistering): Port device team_slave_1 removed
[ 1369.590928][T19258] team0 (unregistering): Port device team_slave_0 removed
[ 1370.177493][T19258] IPVS: stop unused estimator thread 0...
[ 1370.270801][ T6335] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1370.329175][ T6335] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1370.377870][ T6335] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1370.439225][ T6335] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1370.512825][ T6335] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1370.559420][ T6335] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1370.617923][ T6335] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1370.697364][ T6335] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1370.755531][ T6335] bridge_slave_1: left allmulticast mode
[ 1370.757392][ T6335] bridge_slave_1: left promiscuous mode
[ 1370.759192][ T6335] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1370.762125][ T6335] bridge_slave_0: left allmulticast mode
[ 1370.764087][ T6335] bridge_slave_0: left promiscuous mode
[ 1370.765952][ T6335] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1370.812698][ T6335] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1370.818440][ T6335] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1370.821955][ T6335] bond0 (unregistering): (slave batadv0): Releasing backup interface
[ 1370.825926][ T6335] bond0 (unregistering): Released all slaves
[ 1370.914035][ T6335] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1370.919018][ T6335] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1370.922379][ T6335] bond0 (unregistering): Released all slaves
[ 1371.547902][ T6335] hsr_slave_0: left promiscuous mode
[ 1371.549901][ T6335] hsr_slave_1: left promiscuous mode
[ 1371.551774][ T6335] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1371.554086][ T6335] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1371.557394][ T6335] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1371.559729][ T6335] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1371.563661][ T6335] hsr_slave_0: left promiscuous mode
[ 1371.565939][ T6335] hsr_slave_1: left promiscuous mode
[ 1371.567871][ T6335] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1371.570196][ T6335] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1371.572749][ T6335] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1371.575740][ T6335] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1371.582245][ T6335] veth1_macvtap: left promiscuous mode
[ 1371.584646][ T6335] veth0_macvtap: left promiscuous mode
[ 1371.586656][ T6335] veth1_vlan: left promiscuous mode
[ 1371.588345][ T6335] veth0_vlan: left promiscuous mode
[ 1371.590503][ T6335] veth1_macvtap: left promiscuous mode
[ 1371.592248][ T6335] veth0_macvtap: left promiscuous mode
[ 1371.593998][ T6335] veth1_vlan: left promiscuous mode
[ 1371.596584][ T6335] veth0_vlan: left promiscuous mode
[ 1371.872263][ T6335] team0 (unregistering): Port device team_slave_1 removed
[ 1371.921976][ T6335] team0 (unregistering): Port device team_slave_0 removed
[ 1372.360919][ T6335] team0 (unregistering): Port device team_slave_1 removed
[ 1372.408719][ T6335] team0 (unregistering): Port device team_slave_0 removed

VM DIAGNOSIS:
07:09:57  Registers:
info registers vcpu 0

CPU#0
RAX=00000000012bb07c RBX=0000000000000000 RCX=ffffffff8b7cfc39 RDX=ffffed1005646646
RSI=ffffffff8c156620 RDI=ffffffff819185c1 RBP=fffffbfff1c52ef0 RSP=ffffffff8e207e08
R8 =0000000000000000 R9 =ffffed1005646645 R10=ffff88802b23322b R11=0000000000000001
R12=0000000000000000 R13=ffffffff8e297780 R14=ffffffff90a82850 R15=0000000000000000
RIP=ffffffff8b7ce79f RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88809755f000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000000032310ff8 CR3=000000005f979000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000001d6df6c RBX=0000000000000001 RCX=ffffffff8b7cfc39 RDX=ffffed1005666646
RSI=ffffffff8c156620 RDI=ffffffff819185c1 RBP=ffffed1003bdb488 RSP=ffffc9000046fdf8
R8 =0000000000000000 R9 =ffffed1005666645 R10=ffff88802b33322b R11=0000000000000001
R12=0000000000000001 R13=ffff88801deda440 R14=ffffffff90a82850 R15=0000000000000000
RIP=ffffffff8b7ce79f RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88809765f000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000000080032000 CR3=000000004a2a2000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000009800000000 0000000200000008
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000009800000000 0000000200000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 2

CPU#2
RAX=0000000000000032 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff855875a5 RDI=ffffffff9b06da00 RBP=ffffffff9b06d9c0 RSP=ffffc9000634f300
R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=2d2d2d2d2d2d2d2d
R12=0000000000000000 R13=0000000000000032 R14=ffffffff9b06d9c0 R15=ffffffff85587540
RIP=ffffffff855875cf RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff88809775f000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000008f000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=000000000c59d4f3 CR3=000000005259a000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 2323232323232323 2323232323232323
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff ffffffffffffff00
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 3

CPU#3
RAX=0000000000be28f4 RBX=0000000000000003 RCX=ffffffff8b7cfc39 RDX=ffffed10056a6646
RSI=ffffffff8c156620 RDI=ffffffff819185c1 RBP=ffffed1003860000 RSP=ffffc9000048fdf8
R8 =0000000000000000 R9 =ffffed10056a6645 R10=ffff88802b53322b R11=0000000000000001
R12=0000000000000003 R13=ffff88801c300000 R14=ffffffff90a82850 R15=0000000000000000
RIP=ffffffff8b7ce79f RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88809785f000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000d6000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000f7474230 CR3=000000005a76c000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 445ae744cc1a9ba5 7fa25c4f19961410
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 de80ace1e9ba0193 3c574ce00ae3b294
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 1c17e287a9736469 08b1b1eccdfcb3cf
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 8a476c058868f4d6 437f7d5d4e6c1154
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000009140
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000040
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ad91ef94c0beb1f8 0000033cc0c9ed8e
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 8bcab4bc00800100 00800100c0d47472
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000033c00800100 c0a3dd7ee684a4e4
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 008001000000033c 0000033c9aea90ac
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 8dd9a88184173fbc 35ca8e05dc3a792e
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 090437ab233f1dfa 4732737caa136624
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 a54ff53a3c6ef372 bb67ae856a09e667
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 5be0cd191f83d9ab 9b05688c510e527f
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000