last executing test programs:

13m31.238229045s ago: executing program 2 (id=3):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
capset(&(0x7f0000000100)={0x20071026}, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x81, 0xfffffffb})
mount_setattr(0xffffffffffffff9c, 0x0, 0x9100, &(0x7f0000000200)={0x81, 0x0, 0x100000}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00'}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYBLOB, @ANYRES32=0x0, @ANYBLOB], 0x50)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION2(r1, 0x40a0ae49, &(0x7f0000000280)={0x2, 0x1, 0x1000, 0x2000, &(0x7f0000ffc000/0x2000)=nil, 0x5, r1})
openat$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000100), 0x2, 0x0)
add_key(&(0x7f0000000000)='big_key\x00', &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000001480)="aeffa4486aa84c5cd1276d91eecdfccfb963910470b7fbea31521973580a6311fb47d40700e353de4e219eb4802eb77ce0d6016e584d552b5ccea8207888668e4b1c5d8e464389b41a7db270bcf39bd9e94fa051110e00cbf0a42159e717046d42be7bb0af9d94fc977ffa26577997b6c08a1b17ab4dd123fe7aa034d4d36f56ba3f438a0e6c356c0fad29e66a202cd90c08eb053f04f5b1aa50f6a115de7b6b61edd701777a7a6612f0310d2c1b0b9fabc21b67cecd727c6e05f18a639e9277b2813694267b7d134f89bedd55c711587c8ce6489474edd2f7b23243c0e2166aa7249592ea988afaef4fbbeddd1129b1091d885fcd6127ac89d5a0ebe59d472941", 0x101, 0xffffffffffffffff)
r2 = syz_open_dev$loop(&(0x7f0000000080), 0x47ffffa, 0x122c42)
ioctl$LOOP_CONFIGURE(r2, 0x401070c9, 0x0)
io_uring_enter(0xffffffffffffffff, 0x50d4, 0x4000, 0x50, 0x0, 0x20)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='ramfs\x00', 0x2014800, 0x0)
acct(&(0x7f0000000100)='./file0/bus\x00')
chroot(&(0x7f0000000040)='./file0\x00')
umount2(&(0x7f00000000c0)='./file0\x00', 0x0)
kexec_load(0x5, 0x3, &(0x7f0000001080), 0x3e0000)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000010000000900010073797a30000000003c000000090a010400000000000000000100000008000a40000000000900020073797a32000000000900010073797a30000000000800054000000002600000000c0a010300000000000000000100000008000440000000000900010073797a300000000038000380340000800400018004000680140007800c000100636f756e74657200040002801400018006000100636f756e7465720080040280140000001000010000000000000000000000000a6115823951e1e677cf79ff2b86fec3d0140ce22908a9e22b04d5d92fb3a2eeea4f47ea0ac3793df7e3e12c0751d110c2f5d7c69f1c5c4371cf10b8cafa5728c506db60c69fef704dbc8652dba88ab1736c547c048c7043d26cc3a99eb2ec0258ce9d717bdb2e78bcf03fb63f5c0b3e1dd676d3a9509580120d9b5a10d9e3259108ffca72f3ddeb63fd2640d76a412337a1f0d6062574507a86823f98ec8efd343be01b130a2a4a764e3dd4ab6252b27cb8622135818fd8114c1278828696d98d8bdd37553f131d9c572bedffa7e9dceea60daa776437eaf3b75bf58c7dfbee34d0cb4e"], 0xe4}}, 0x0)
fsopen(&(0x7f0000000380)='exfat\x00', 0x1)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=@newtaction={0x18, 0x30, 0xffff, 0x0, 0x25dfdbff, {0x0, 0x0, 0x1300}, [{0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x8000}, 0x0)

13m29.610270703s ago: executing program 2 (id=8):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x4, 0xfd, 0x7ffc1ffb}]})
timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
capset(&(0x7f0000000ac0)={0x19980330}, &(0x7f0000000180)={0x0, 0x10000, 0xc898, 0x40000000, 0x0, 0x2})

13m29.310504439s ago: executing program 2 (id=10):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r0 = dup(0xffffffffffffffff)
write$6lowpan_enable(r0, &(0x7f0000000000)='0', 0xfffffd2c)
r1 = syz_io_uring_setup(0x23d, &(0x7f0000000380)={0x0, 0x4db8, 0x2, 0x0, 0xd3, 0x0, r0}, 0x0, &(0x7f00000001c0)=<r2=>0x0)
r3 = socket$packet(0x11, 0x3, 0x300)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
socket$packet(0x11, 0x3, 0x300)
r4 = socket$inet(0x2, 0x2, 0x0)
r5 = syz_io_uring_setup(0x460, &(0x7f0000000480)={0x0, 0x40000020, 0x10, 0x80000002, 0x34e, 0x0, r1}, &(0x7f0000000100)=<r6=>0x0, &(0x7f0000000000)=<r7=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
r8 = getpid()
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
kcmp(r8, 0x0, 0x5, 0xffffffffffffffff, 0xffffffffffffffff)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={<r9=>0xffffffffffffffff})
sendmsg$inet(r9, &(0x7f00000009c0)={&(0x7f0000000200)={0x2, 0x4e21, @multicast1}, 0x10, 0x0}, 0x20040000)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000240)={0x1, &(0x7f0000000200)=[{0x2f, 0x1, 0x0, 0x4}]}, 0x8)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(r6, r7, &(0x7f0000000200)=@IORING_OP_RECVMSG={0xa, 0x22, 0x10, r4, 0x0, &(0x7f0000000400)={&(0x7f0000000280)=@vsock, 0x80, &(0x7f0000000100), 0x0, &(0x7f00000016c0)=""/253, 0xfd}, 0x0, 0x40000062, 0x0, {0x1}})
io_uring_enter(r5, 0x47bc, 0x0, 0x0, 0x0, 0x0)
io_uring_enter(r5, 0x799b, 0xcca2, 0x4, 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000500)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a140000001100010000000000000000000000400ab6596d0d2032c80100000000000000069c82e8f1a4cab5d163396faf011970f756c8a4b5a5bf2e12a1d1f6301b59aa687cd9e84cb4701a6583cbd4fe2a5b7916419e7238fd624f524c85a9ea4f98af8520177eba2f31918bd912a440934203c4367e88993a9779f43e9fd67d5003b21a47f2fadd2b46e90a917091bd24c73f24c47bf528fc01589934bcc0f2d441"], 0x28}}, 0x0)
socket$rds(0x15, 0x5, 0x0)
execveat(r0, &(0x7f0000000000)='./file2\x00', 0x0, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000000040)=0x8)
syz_emit_ethernet(0x2a, &(0x7f0000000140)=ANY=[@ANYRESHEX=r3, @ANYRESHEX=r4], 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r0, 0x0, 0x0, 0x0, {0x8230}, 0x3})
io_uring_enter(r1, 0x2ded, 0x4000, 0x0, 0x0, 0x0)
inotify_init()

13m29.199285061s ago: executing program 2 (id=12):
r0 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
bind$nfc_llcp(r0, &(0x7f0000000240)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "d9298498abdba7f061bd1ca44c226af5160e961711a07760760beeab11e88509de7f1939e8abfe0055acc8ef039a5be42200000000000000000100", 0x38}, 0x58)
bind$nfc_llcp(r0, &(0x7f00000001c0)={0x27, 0x0, 0x1, 0x7, 0x1, 0x5, "78b032077654e16fbba309ac089345ae0058f834b8caf93019fead013e930b883cd3b01075f788ee73ff3dc81e3d5d626b2487a674ede7bc165808819d98d7", 0x2}, 0x60)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x5d032, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x80801)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000100))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x5})
r2 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000100))
ioctl$UFFDIO_CONTINUE(r2, 0xc020aa08, &(0x7f0000000080)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}})
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
r3 = syz_clone(0x88200200, 0x0, 0x0, 0x0, 0x0, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f00000042c0)='mounts\x00')
r5 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/crypto\x00', 0x0, 0x0)
read$FUSE(r5, &(0x7f0000000200)={0x2020}, 0x2020)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000380)={0x28, 0x2, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}]}, 0x28}}, 0x0)
mount(&(0x7f0000000300), &(0x7f0000000080)='.\x00', &(0x7f0000000180)='devtmpfs\x00', 0x2200892, 0x0)
pread64(r4, &(0x7f0000002240)=""/237, 0xed, 0x4eb)
setpgid(r3, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x220)
setpgid(0x0, r3)
r7 = open_tree(0xffffffffffffff9c, &(0x7f0000000480)='./file0\x00', 0x89901)
move_mount(r7, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x10)
mount$overlay(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000), 0x10000, &(0x7f00000002c0)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './bus'}}], [], 0x2c})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0)

13m28.298550642s ago: executing program 2 (id=20):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r0 = io_uring_setup(0x1d11, &(0x7f00000003c0)={0x0, 0x46a08, 0x8000, 0xffffffff, 0x4be})
io_uring_register$IORING_UNREGISTER_NAPI(r0, 0x1c, &(0x7f00000000c0), 0x1)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x3, &(0x7f0000000200)=0x6)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r2, &(0x7f0000000440), 0x10)
sendmmsg$inet(0xffffffffffffffff, &(0x7f00000007c0), 0x0, 0x0)
listen(r2, 0x0)
r3 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r3, &(0x7f0000000100)={0x28, 0x0, 0x0, @local}, 0x10)
writev(r3, &(0x7f0000000000)=[{&(0x7f0000000480)='}', 0x1}], 0x1)
r4 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0)
ioctl$TIOCSETD(r4, 0x5423, 0x0)
writev(r4, &(0x7f0000000b00)=[{&(0x7f0000000940)=':', 0xfdef}], 0x1)
r5 = accept4$unix(r2, 0x0, 0x0, 0x800)
recvfrom$unix(r5, &(0x7f0000000240)=""/148, 0x94, 0x10100, 0x0, 0x0)
fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
ioctl$VIDIOC_DBG_S_REGISTER(0xffffffffffffffff, 0x4038564f, &(0x7f00000001c0)={{0x2, @name="b8c6e6f5afbfc109a47a71a6402ba1874e6f33852edeb9a06c19de9e4e8f4d38"}, 0x8, 0xffff, 0x3})
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1b00000000000000000000000000000104000000", @ANYRES32, @ANYBLOB="000000000000006eb8564f70e9a2235e00000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
writev(r5, 0x0, 0x0)
r6 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r6, 0x84, 0x75, &(0x7f0000000d80)={0x0, 0x7fffffff}, &(0x7f0000000080)=0x8)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)

13m13.316332095s ago: executing program 32 (id=20):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r0 = io_uring_setup(0x1d11, &(0x7f00000003c0)={0x0, 0x46a08, 0x8000, 0xffffffff, 0x4be})
io_uring_register$IORING_UNREGISTER_NAPI(r0, 0x1c, &(0x7f00000000c0), 0x1)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x3, &(0x7f0000000200)=0x6)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r2, &(0x7f0000000440), 0x10)
sendmmsg$inet(0xffffffffffffffff, &(0x7f00000007c0), 0x0, 0x0)
listen(r2, 0x0)
r3 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r3, &(0x7f0000000100)={0x28, 0x0, 0x0, @local}, 0x10)
writev(r3, &(0x7f0000000000)=[{&(0x7f0000000480)='}', 0x1}], 0x1)
r4 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0)
ioctl$TIOCSETD(r4, 0x5423, 0x0)
writev(r4, &(0x7f0000000b00)=[{&(0x7f0000000940)=':', 0xfdef}], 0x1)
r5 = accept4$unix(r2, 0x0, 0x0, 0x800)
recvfrom$unix(r5, &(0x7f0000000240)=""/148, 0x94, 0x10100, 0x0, 0x0)
fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
ioctl$VIDIOC_DBG_S_REGISTER(0xffffffffffffffff, 0x4038564f, &(0x7f00000001c0)={{0x2, @name="b8c6e6f5afbfc109a47a71a6402ba1874e6f33852edeb9a06c19de9e4e8f4d38"}, 0x8, 0xffff, 0x3})
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1b00000000000000000000000000000104000000", @ANYRES32, @ANYBLOB="000000000000006eb8564f70e9a2235e00000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
writev(r5, 0x0, 0x0)
r6 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r6, 0x84, 0x75, &(0x7f0000000d80)={0x0, 0x7fffffff}, &(0x7f0000000080)=0x8)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)

1m29.300249321s ago: executing program 1 (id=3848):
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
connect$inet6(r0, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1c}, 0xd}, 0x1c)
recvmmsg(r0, &(0x7f0000000140)=[{{0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f00000005c0)=""/96, 0x60}], 0x1, 0x0, 0x60}, 0xc06}], 0x1, 0x40010000, 0x0)

1m29.252564999s ago: executing program 1 (id=3849):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x25dfdbfb, {0x0, 0x0, 0x0, r3, {0x0, 0x1}, {0xffff, 0xffff}, {0xffff, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x4000)
sendmsg$nl_route_sched(r1, &(0x7f0000000580)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x24000014}, 0x240c4004)

1m29.128863173s ago: executing program 1 (id=3850):
fsopen(&(0x7f0000000000)='sysfs\x00', 0x0)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$igmp(0x2, 0x3, 0x2)
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
r4 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYRES32=r3, @ANYRES32=r3, @ANYRESOCT=r3], 0x6c}}, 0x0)
mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='tmpfs\x00', 0x0, &(0x7f00000001c0)='grpquota')
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000900)={&(0x7f0000000480)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c000000020000000000000000000006040000000000045dd90b2e4906acad7c22dab31b7a3f2b1332e54d324837abfb5623af67bd24cdcbe2f21c97428d16d134f6df995efe5e69a28eac09347df12df069e44fbd2d94662f88ccbe86bd02eeac3f7e79cf99fcfb5b0ba786dd395bfb436e1b2da0352dec0470"], 0x0, 0x26}, 0x20)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)={0x1c, 0x41, 0x107, 0xfffffffc, 0x0, {0x2, 0x7c}, [@typed={0x8, 0x12d, 0x0, 0x0, @fd=r5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x488c0}, 0xc000)
migrate_pages(r0, 0xa94b, &(0x7f0000000b80), &(0x7f0000000bc0)=0x27e0407a)
umount2(&(0x7f0000000340)='./file0\x00', 0x0)
recvmmsg$unix(0xffffffffffffffff, &(0x7f0000000ac0)=[{{&(0x7f0000000000)=@abs, 0x6e, &(0x7f0000000100)=[{&(0x7f0000000c00)=""/21, 0x15}], 0x1, &(0x7f0000000200)=[@cred={{0x18}}, @cred={{0x18}}, @cred={{0x18}}, @rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x18}}], 0x84}}, {{0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000000140)=""/34, 0x22}, {&(0x7f0000000680)=""/66, 0x42}, {&(0x7f00000002c0)}], 0x3}}], 0x2, 0x0, &(0x7f0000000b40)={0x0, 0x3938700})
r6 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r6, &(0x7f0000000440), 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)

1m28.272883666s ago: executing program 1 (id=3853):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
shmget$private(0x0, 0x3000, 0x54000000, &(0x7f0000ffb000/0x3000)=nil)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000000c0), 0x1048b, 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f00000003c0)='./file0\x00', 0x101800, 0x3)
r0 = inotify_init()
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)={0x3c, 0x0, 0x8, 0x301, 0x0, 0x0, {0x2, 0x0, 0x6}, [@CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x88be}, @CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x88}, @CTA_TIMEOUT_NAME={0xfffffffffffffcf5, 0x1, 'syz0\x00'}, @CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x1}, @CTA_TIMEOUT_DATA={0x4, 0x4, 0x0, 0x1, @tcp}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40}, 0x8000)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, r0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
quotactl$Q_SYNC(0xffffffff80000102, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
r5 = getpgid(0x0)
fcntl$setownex(0xffffffffffffffff, 0xf, &(0x7f0000000140)={0x2, r5})
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
r6 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup\x00', 0x0, 0x189)
getdents64(r6, &(0x7f0000000100)=""/33, 0x21)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1/file0\x00', 0x0)
mount$bind(&(0x7f0000000100)='.\x00', &(0x7f0000000300)='./file1/file0\x00', 0x0, 0x1085408, 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f00000003c0), 0x0, &(0x7f00000004c0)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file1/file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})

1m27.360867724s ago: executing program 1 (id=3857):
r0 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_FILL_RING(r0, 0x11b, 0x5, &(0x7f00000000c0)=0x40, 0x4)
r1 = syz_io_uring_setup(0x28d2, &(0x7f0000000100)={0x0, 0xccf0, 0x0, 0x2, 0x1e1}, &(0x7f0000000080), &(0x7f0000000180))
io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r1, 0x10, &(0x7f0000000480)={0x8000, 0x0, &(0x7f0000000400)=[{&(0x7f00000001c0)=""/33, 0x21}, {&(0x7f0000000200)=""/107, 0x6b}, {&(0x7f00000002c0)=""/109, 0x6d}, {&(0x7f0000000340)=""/74, 0x4a}, {&(0x7f00000003c0)=""/41, 0x29}], &(0x7f00000004c0)=[0x101, 0x488, 0x400, 0x5, 0x9, 0x80000001], 0x5}, 0x20)
r2 = socket$netlink(0x10, 0x3, 0x0)
socket$nl_audit(0x10, 0x3, 0x9)
setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r2, 0x10e, 0xc, &(0x7f0000000440)=0x15, 0xfffffffffffffd3a)
sendmsg$netlink(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000100)={0x1c, 0x5e, 0x1, 0x0, 0x0, "", [@typed={0x8, 0x3ffd, 0x0, 0x0, @uid}, @typed={0x4, 0x0, 0x0, 0x0, @binary}]}, 0x1c}], 0x1, 0x0, 0x0, 0x488c5}, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x34, 0x34, 0x2, [@array={0x0, 0x0, 0x0, 0x3, 0x0, {0x3, 0x2, 0xfffffffc}}, @int={0x0, 0x0, 0x0, 0x1, 0x5, 0x10}, @union={0x0, 0x0, 0x0, 0x4, 0x0, 0x2}]}}, 0x0, 0x4e}, 0x20)

1m27.231543055s ago: executing program 1 (id=3858):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x25dfdbfb, {0x0, 0x0, 0x0, r3, {0x0, 0x1}, {0xffff, 0xffff}, {0xffff, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x4000)
sendmsg$nl_route_sched(r1, &(0x7f0000000580)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x24000014}, 0x240c4004)

1m27.184041691s ago: executing program 33 (id=3858):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x25dfdbfb, {0x0, 0x0, 0x0, r3, {0x0, 0x1}, {0xffff, 0xffff}, {0xffff, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x4000)
sendmsg$nl_route_sched(r1, &(0x7f0000000580)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x24000014}, 0x240c4004)

9.379292367s ago: executing program 4 (id=4315):
syz_open_procfs(0x0, &(0x7f0000000000)='net/vlan/vlan0\x00')
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffff}, 0x0)
syz_open_dev$sndmidi(0x0, 0x5, 0x141101)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_DETACH(0x8, 0x0, 0x10)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x1000, 0x2})
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r4 = dup3(r3, r2, 0x0)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r5, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a})
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000780)={0x44, 0x0, &(0x7f0000000900)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000001a80)={0x0, 0x0, 0x0, 0x50, 0x0, &(0x7f0000001980)="d527cf11805d55533beee663b219fc6742ceda12c4ba069e5d711c602617720ced4aeef3c627ec8ad698db10e3f3dbd3712fbe8eb20ba74f94971ff02659784db4600a1b79ec37b13575abaf52a8afe4"})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000100)=[@transaction_sg={0x40486311, {0x1f, 0x0, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x30, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0})
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x400, 0x0, 0x30}, 0x9c)
bind$inet6(0xffffffffffffffff, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(0xffffffffffffffff, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
shutdown(0xffffffffffffffff, 0x2)
close(0xffffffffffffffff)
syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000180)=ANY=[@ANYBLOB="1201010200000010f3b100000000010203010902240001010330050904000801030101000921"], 0x0)
mlock2(&(0x7f0000007000/0x1000)=nil, 0x1000, 0x0)

8.10370754s ago: executing program 3 (id=4310):
fsopen(&(0x7f0000000000)='sysfs\x00', 0x0)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = socket$igmp(0x2, 0x3, 0x2)
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
r3 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYRES32=r2, @ANYRES32=r2, @ANYRESOCT=r2], 0x6c}}, 0x0)
mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='tmpfs\x00', 0x0, &(0x7f00000001c0)='grpquota')
r4 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000900)={&(0x7f0000000480)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c000000020000000000000000000006040000000000045dd90b2e4906acad7c22dab31b7a3f2b1332e54d324837abfb5623af67bd24cdcbe2f21c97428d16d134f6df995efe5e69a28eac09347df12df069e44fbd2d94662f88ccbe86bd02eeac3f7e79cf99fcfb5b0ba786dd395bfb436e1b2da0352dec0470"], 0x0, 0x26}, 0x20)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)={0x1c, 0x41, 0x107, 0xfffffffc, 0x0, {0x2, 0x7c}, [@typed={0x8, 0x12d, 0x0, 0x0, @fd=r5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x488c0}, 0xc000)
bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0x15, 0x8, 0x4, 0x0, 0x0, 0x1, 0x5, '\x00', 0x0, r4, 0x0, 0x1}, 0x48)
migrate_pages(r0, 0xa94b, &(0x7f0000000b80), &(0x7f0000000bc0)=0x27e0407a)
umount2(&(0x7f0000000340)='./file0\x00', 0x0)
recvmmsg$unix(0xffffffffffffffff, &(0x7f0000000ac0)=[{{&(0x7f0000000000)=@abs, 0x6e, &(0x7f0000000100)=[{&(0x7f0000000c00)=""/21, 0x15}], 0x1, &(0x7f0000000200)=[@cred={{0x18}}, @cred={{0x18}}, @cred={{0x18}}, @rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x18}}], 0x84}}, {{0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000000140)=""/34, 0x22}, {&(0x7f0000000680)=""/66, 0x42}, {&(0x7f00000002c0)}], 0x3}}], 0x2, 0x0, &(0x7f0000000b40)={0x0, 0x3938700})
r6 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r6, &(0x7f0000000440), 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)

7.278243881s ago: executing program 3 (id=4313):
socket$unix(0x1, 0x1, 0x0)
r0 = creat(&(0x7f0000000340)='./file0\x00', 0x101)
close(r0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94)
rt_sigprocmask(0x0, &(0x7f0000000000)={[0xfffffffffffffffd]}, 0x0, 0x8)
syz_clone(0x0, &(0x7f0000000180)="31af42935fd57f431ca4bb252d278b0bcb1cafdea42f1c2e081014", 0x1b, &(0x7f00000002c0), &(0x7f0000000300), &(0x7f0000000380)="16fa24d065aa0d296ea42149cefc4482687511c7d4a16fa8aedec0c6b57ab4837ecabc84f2b071432859f859e5518ba69fe3801148e53dae34433681e2b92ee4090a64e4960d2381e8dde2b7e73b488e46b4187f2dba3204a68adf8df2f8364eebda064c21c702b813e3a9f3b69d4ee1f183450f4e0ae3a98913d451a01e352614f0cd930c57a2d030040e7c3553ef0288f10c3fe6fca7f268752b89357bee31d048fc3f636925ee63a00fe3081959e4d727719750a860e0691acd671d812be91dfbf7d9f279c43c512a8d470e884fab8af80a0e5492dc76ba66eb4b2550b4abae0ccc3edf3d")
r1 = inotify_init()
inotify_add_watch(r1, &(0x7f00000001c0)='.\x00', 0x400017e)

7.188918996s ago: executing program 3 (id=4314):
r0 = syz_usb_connect(0x5, 0x24, &(0x7f0000000140)=ANY=[@ANYRES64=0x0], 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="0500000004000000040000000100000000000000", @ANYRES32, @ANYBLOB="000d00000000365856bdfb180000000022cacd5d21540c2f710544f515b9b96fb9c967840c57", @ANYRES32=0x0, @ANYRES32, @ANYRESDEC=r0], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x8, 0xd, &(0x7f0000000940)=ANY=[@ANYBLOB, @ANYBLOB="addb5b0613208dac9dc5980129e15d9cf6f112b1f6b59955c4d579ef860610feb8f69a15", @ANYBLOB="0000000000000000b7080000000000007b8a07ba00000000bfa20000000000000702fbffffffffffb703000008000000b7040000000000009500000001000000850000007d000000953af1e5d0a257ac3dc6c973c02835c1db9982051491bbe9700f4db2959f5fd2b1158c2edd43ad592fb6e73496a149f18b2353c9028a69bab0ab4e885cdc"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = socket$qrtr(0x2a, 0x2, 0x0)
r2 = syz_io_uring_setup(0x497, &(0x7f0000000200)={0x0, 0x4661, 0x800, 0x3, 0x28a}, &(0x7f0000000340)=<r3=>0x0, &(0x7f0000000300)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x4000000, 0x1})
io_uring_enter(r2, 0x40f9, 0x217, 0xa7, 0x0, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="18010000000000000000000000000000850000000700000018110000", @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r6 = socket$kcm(0x10, 0x2, 0x0)
fspick(0xffffffffffffffff, &(0x7f00000003c0)='./file0\x00', 0x0)
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8)
r7 = syz_open_dev$media(&(0x7f0000001a80), 0x3, 0x0)
write$cgroup_pid(0xffffffffffffffff, &(0x7f0000000240), 0x12)
pipe2(&(0x7f00000000c0)={<r8=>0xffffffffffffffff, <r9=>0xffffffffffffffff}, 0x80000)
write$FUSE_INIT(r9, &(0x7f0000000340)={0x50, 0x0, 0x0, {0x7, 0x28, 0x0, 0x0, 0x0, 0x0, 0x4}}, 0x50)
fcntl$setpipe(r9, 0x407, 0x2000000)
ioctl$DRM_IOCTL_MODE_GETFB2(r8, 0xc06464ce, &(0x7f00000005c0)={0x0, 0x8, 0x7, 0x6, 0x1, [], [0x1, 0x9, 0x10001, 0x3], [0x7f, 0x91c, 0x7bea, 0xfffffffa], [0x7f, 0x7, 0xe, 0x6]})
ioctl$MEDIA_IOC_ENUM_LINKS(r7, 0xc0287c02, &(0x7f0000000100)={0x80000000, 0x0, &(0x7f0000000540)=[{{}, {<r10=>0x80000000}}, {{0x80000000, <r11=>0x0}, {<r12=>0x80000000}}]})
ioctl$MEDIA_IOC_ENUM_LINKS(r7, 0xc0287c02, &(0x7f0000000300)={r10, &(0x7f0000000080)=[{<r13=>0x80000000}], 0x0})
ioctl$MEDIA_IOC_SETUP_LINK(r9, 0xc0347c03, &(0x7f00000001c0)={{r12, r11, 0xe10faebb7221f0, [0xffffffff, 0xd]}, {r13, 0x0, 0x7, [0x5, 0x836f]}, 0x2, [0x4000, 0x8]})
sendmsg$kcm(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000040)="d8000000100081044e81f782db44b904021d006a0f000000e8fe55a1290015000600142603600e120900040044000000a80016000a0003400200000000000000b94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef52a985162f7ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d3220a7c9f8775730d16a4683f1aeb4edbb57a5025ccca9e00360db70100000040fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9701", 0xd8}], 0x1}, 0x60044884)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xd, &(0x7f0000000040)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r5, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x94)
getsockopt$PNPIPE_IFINDEX(0xffffffffffffffff, 0x113, 0x2, &(0x7f0000000400), &(0x7f0000000700)=0x4)
setsockopt$SO_J1939_FILTER(0xffffffffffffffff, 0x6b, 0x1, &(0x7f0000000f40)=[{0x2, 0x2, {0x1, 0xf0}, {0x1, 0xff, 0x1}, 0x1, 0xff}, {0x3, 0x2, {0x1, 0xff, 0x2}, {0x1, 0xf0, 0x4}, 0xfc, 0xff}, {0x2, 0x3, {0x1, 0x1, 0x3}, {0x0, 0x0, 0x1}}, {0x3, 0x3, {0x2, 0xf0, 0x4}, {0x2, 0xff}, 0xfe, 0xfd}, {0x1, 0x0, {0x1, 0xff, 0x3}, {0x0, 0x1, 0x4}, 0x1, 0x1}, {0x0, 0x3, {0x0, 0x0, 0x2}, {0x1, 0x0, 0x3}, 0xfe, 0xfe}], 0xa8)

6.558556204s ago: executing program 5 (id=4317):
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=ANY=[@ANYBLOB], 0x88}}, 0x0)

6.484031166s ago: executing program 5 (id=4318):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r2 = dup(r1)
r3 = epoll_create1(0x0)
r4 = epoll_create1(0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000004c0)=@dellink={0x34, 0x11, 0x1, 0x1, 0x2001, {0x0, 0x0, 0x0, 0x0, 0x9000, 0x4c008}, [@IFLA_IFNAME={0x14, 0x3, 'bond0\x00'}]}, 0x34}, 0x1, 0x0, 0x0, 0x20040801}, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000240)=ANY=[@ANYRESHEX=r3], 0x48)
r6 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f0000000200)=@framed, &(0x7f00000003c0)='GPL\x00'}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0, r7}, 0x18)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10)
epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r6, &(0x7f0000000400)={0xa})
epoll_pwait(r3, &(0x7f0000000080)=[{}], 0x1, 0x80000000, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$vsock(0xffffffffffffff9c, 0x0, 0x141180, 0x0)
write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c)
r8 = syz_io_uring_setup(0x239, &(0x7f0000000740)={0x0, 0x1c2a, 0x10100, 0x0, 0x0, 0x0, r2}, &(0x7f0000000180)=<r9=>0x0, &(0x7f0000000080)=<r10=>0x0)
r11 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r11, 0xae03, 0xa)
syz_io_uring_submit(r9, r10, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r2, 0x0, 0x0, 0x0, {}, 0x1})
io_uring_enter(r8, 0x2ded, 0x4000, 0x0, 0x0, 0x0)
r12 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace$setopts(0x4206, r12, 0x0, 0x0)
wait4(r12, 0x0, 0x20000000, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c00000010001f05fcfffffffcdbdf2500cf0000", @ANYRES32=0x0, @ANYBLOB="00000000000000001c0012800b00010069703667726500000c00028004060000ff7f0000"], 0x3c}}, 0x0)

6.069387733s ago: executing program 4 (id=4320):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000340)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmsg$inet(r2, &(0x7f0000000f80)={0x0, 0x0, 0x0}, 0x0)
setsockopt$inet_buf(0xffffffffffffffff, 0x0, 0x8008000000010, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x5c, 0x30, 0x1, 0x0, 0x0, {}, [{0x48, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}]}]}, 0x5c}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, 0x0, 0x0)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$rxrpc(0x21, 0x2, 0xa)
syz_emit_vhci(&(0x7f0000000000)=ANY=[], 0xffffffffffffff2b)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f00000000c0)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581", @ANYBLOB, @ANYRESDEC], 0x0)
r6 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
read$char_usb(r6, 0x0, 0x0)
r7 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
close_range(r7, 0xffffffffffffffff, 0x0)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
pipe(&(0x7f00000000c0))
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg(r1, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x0)

5.543552546s ago: executing program 5 (id=4321):
getsockopt$inet6_buf(0xffffffffffffffff, 0x6, 0x6, 0x0, 0x0)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000380)={'bond0\x00', 0x0})
socket$inet(0x2, 0x3, 0x2)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000066000000004b64ffec850000006d000000c50000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
unshare(0x6a040000)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
socket$inet6(0xa, 0x6, 0x6010000)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
r2 = dup(r1)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x1, 0x3, &(0x7f00000000c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfffffffd}}, 0x0, 0x5}, 0x94)
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f00000000c0)=ANY=[@ANYBLOB="0100000000000800c40100"])
setsockopt$ARPT_SO_SET_REPLACE(0xffffffffffffffff, 0xa02000000000000, 0x60, &(0x7f0000000000)={'filter\x00', 0x1002, 0x4, 0x3ac, 0x0, 0x0, 0x0, 0x2cc, 0x2cc, 0x2cc, 0x7fffffe, 0x0, {[{{@uncond, 0xbc, 0xe0}, @unspec=@STANDARD={0x24, '\x00', 0x0, 0xe0}}, {{@uncond, 0xbc, 0x10c}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @mac=@multicast, @rand_addr=0x64010102, @rand_addr=0x64010101, 0x4}}}, {{@arp={@remote, @remote, 0xff000000, 0x80800000, 0x6, 0x4, {@mac=@multicast, {[0x0, 0x0, 0x0, 0x0, 0xff, 0xff]}}, {@mac=@local, {[0x0, 0xff, 0x0, 0xff, 0x0, 0xff]}}, 0x6, 0x81, 0x1, 0x1, 0xd13, 0xe106, 'pimreg1\x00', 'veth1_virt_wifi\x00', {0xff}, {0xff}, 0x0, 0x119}, 0xbc, 0xe0}, @unspec=@NFQUEUE0={0x24, 'NFQUEUE\x00', 0x0, {0xfff9}}}], {{'\x00', 0xbc, 0xe0}, {0x24}}}}, 0x3f8)
write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c)
connect$rxrpc(0xffffffffffffffff, &(0x7f0000000140)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x8000, @multicast2}}, 0x24)
sendmmsg(0xffffffffffffffff, &(0x7f0000000180)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[{0x10, 0x110, 0x1}], 0x10, 0xe000}, 0x5}], 0x1, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002940)=[{{0x0, 0x0, 0x0}}], 0xf000, 0x10002, 0x0)

5.203718709s ago: executing program 5 (id=4322):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
shmget$private(0x0, 0x3000, 0x54000000, &(0x7f0000ffb000/0x3000)=nil)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000000c0), 0x1048b, 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f00000003c0)='./file0\x00', 0x101800, 0x3)
r0 = inotify_init()
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)={0x3c, 0x0, 0x8, 0x301, 0x0, 0x0, {0x2, 0x0, 0x6}, [@CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x88be}, @CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x88}, @CTA_TIMEOUT_NAME={0xfffffffffffffcf5, 0x1, 'syz0\x00'}, @CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x1}, @CTA_TIMEOUT_DATA={0x4, 0x4, 0x0, 0x1, @tcp}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40}, 0x8000)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, r0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
quotactl$Q_SYNC(0xffffffff80000102, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
r5 = getpgid(0x0)
fcntl$setownex(0xffffffffffffffff, 0xf, &(0x7f0000000140)={0x2, r5})
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
r6 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup\x00', 0x0, 0x189)
getdents64(r6, &(0x7f0000000100)=""/33, 0x21)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1/file0\x00', 0x0)
mount$bind(&(0x7f0000000100)='.\x00', &(0x7f0000000300)='./file1/file0\x00', 0x0, 0x1085408, 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f00000003c0), 0x0, &(0x7f00000004c0)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file1/file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})

4.378481055s ago: executing program 0 (id=4323):
fsopen(&(0x7f0000000000)='sysfs\x00', 0x0)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$igmp(0x2, 0x3, 0x2)
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
r4 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYRES32=r3, @ANYRES32=r3, @ANYRESOCT=r3], 0x6c}}, 0x0)
mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='tmpfs\x00', 0x0, &(0x7f00000001c0)='grpquota')
r5 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000900)={&(0x7f0000000480)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c000000020000000000000000000006040000000000045dd90b2e4906acad7c22dab31b7a3f2b1332e54d324837abfb5623af67bd24cdcbe2f21c97428d16d134f6df995efe5e69a28eac09347df12df069e44fbd2d94662f88ccbe86bd02eeac3f7e79cf99fcfb5b0ba786dd395bfb436e1b2da0352dec0470"], 0x0, 0x26}, 0x20)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)={0x1c, 0x41, 0x107, 0xfffffffc, 0x0, {0x2, 0x7c}, [@typed={0x8, 0x12d, 0x0, 0x0, @fd=r6}]}, 0x1c}, 0x1, 0x0, 0x0, 0x488c0}, 0xc000)
bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0x15, 0x8, 0x4, 0x0, 0x0, 0x1, 0x5, '\x00', 0x0, r5, 0x0, 0x1}, 0x48)
migrate_pages(r0, 0xa94b, &(0x7f0000000b80), &(0x7f0000000bc0)=0x27e0407a)
umount2(&(0x7f0000000340)='./file0\x00', 0x0)
recvmmsg$unix(0xffffffffffffffff, &(0x7f0000000ac0)=[{{&(0x7f0000000000)=@abs, 0x6e, &(0x7f0000000100)=[{&(0x7f0000000c00)=""/21, 0x15}], 0x1, &(0x7f0000000200)=[@cred={{0x18}}, @cred={{0x18}}, @cred={{0x18}}, @rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x18}}], 0x84}}, {{0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000000140)=""/34, 0x22}, {&(0x7f0000000680)=""/66, 0x42}, {&(0x7f00000002c0)}], 0x3}}], 0x2, 0x0, &(0x7f0000000b40)={0x0, 0x3938700})
r7 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r7, &(0x7f0000000440), 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)

4.293142317s ago: executing program 3 (id=4324):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket(0x11, 0x3, 0x0)
r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000080)=0x13)
r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TIOCSTI(r4, 0x5412, &(0x7f0000000640)=0x11)
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r1, 0x8983, &(0x7f0000000100)={0x0, 'erspan0\x00', {0x1}, 0x26})
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
r5 = socket$inet_smc(0x2b, 0x1, 0x0)
connect$inet(r5, 0x0, 0x0)
sendto$inet(r5, &(0x7f0000000040)="e5", 0xffffffe4, 0x0, 0x0, 0x0)
unshare(0x40020000)
r6 = socket$netlink(0x10, 0x3, 0x0)
writev(r6, &(0x7f0000000000)=[{&(0x7f0000000040)="39000000120003474cbb65e1c3e4ffff07000d0001000000070000002500000004003d000c0014000000001f000006060400180000008cdb25", 0x39}], 0x1)

3.991842266s ago: executing program 5 (id=4325):
socket$unix(0x1, 0x1, 0x0)
r0 = creat(&(0x7f0000000340)='./file0\x00', 0x101)
close(r0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94)
rt_sigprocmask(0x0, &(0x7f0000000000)={[0xfffffffffffffffd]}, 0x0, 0x8)
syz_clone(0x0, &(0x7f0000000180)="31af42935fd57f431ca4bb252d278b0bcb1cafdea42f1c2e081014", 0x1b, &(0x7f00000002c0), &(0x7f0000000300), &(0x7f0000000380)="16fa24d065aa0d296ea42149cefc4482687511c7d4a16fa8aedec0c6b57ab4837ecabc84f2b071432859f859e5518ba69fe3801148e53dae34433681e2b92ee4090a64e4960d2381e8dde2b7e73b488e46b4187f2dba3204a68adf8df2f8364eebda064c21c702b813e3a9f3b69d4ee1f183450f4e0ae3a98913d451a01e352614f0cd930c57a2d030040e7c3553ef0288f10c3fe6fca7f268752b89357bee31d048fc3f636925ee63a00fe3081959e4d727719750a860e0691acd671d812be91dfbf7d9f279c43c512a8d470e884fab8af80a0e5492dc76ba66eb4b2550b4abae0ccc3edf3d")
r1 = inotify_init()
inotify_add_watch(r1, &(0x7f00000001c0)='.\x00', 0x400017e)

3.965639896s ago: executing program 0 (id=4326):
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=ANY=[@ANYBLOB], 0x88}}, 0x0)

3.811909201s ago: executing program 0 (id=4327):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@delqdisc={0x7c, 0x25, 0x4, 0x70bd2c, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, {0x4, 0x3}, {0xffe0, 0x2}, {0x2, 0x5}}, [@TCA_RATE={0x6, 0x5, {0xfe, 0x1}}, @qdisc_kind_options=@q_cbs={{0x8}, {0x1c, 0x2, @TCA_CBS_PARMS={0x18, 0x1, {0x5, '\x00', 0x3ff, 0x3ff, 0x37, 0xcb65}}}}, @TCA_STAB={0x2c, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x7f, 0x6, 0x4, 0x0, 0x0, 0x0, 0x6, 0x4}}, {0xc, 0x2, [0x6, 0x4, 0x4, 0x5]}}]}]}, 0x7c}, 0x1, 0x0, 0x0, 0x800}, 0x40000)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee7, 0x8031, 0xffffffffffffffff, 0x0)
syz_init_net_socket$netrom(0x6, 0x5, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000003c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setrlimit(0x8, 0x0)
r3 = add_key(&(0x7f0000000000)='big_key\x00', &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000080)="ae", 0x1, 0xffffffffffffffff)
keyctl$read(0x2, r3, &(0x7f00000003c0)=""/4096, 0x1000)
vmsplice(r2, 0x0, 0x0, 0x4)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f0000001640), 0x0, &(0x7f00000013c0)=ANY=[@ANYRES16, @ANYBLOB, @ANYRESOCT=r4])
chdir(&(0x7f0000000300)='./file0\x00')
openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0)
removexattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000280)=@known='trusted.overlay.impure\x00')
r5 = socket$inet_sctp(0x2, 0x5, 0x84)
bind$inet(r5, &(0x7f0000000480)={0x2, 0x4e22, @empty}, 0x10)
sendto$inet(r5, &(0x7f00000004c0)="ab", 0xff04, 0xc0, &(0x7f00000001c0)={0x2, 0x4e22, @local}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x2, 0xe, &(0x7f0000000200)=ANY=[@ANYBLOB="b70000000c000000bca30000000000002403000020feffff620af8fff8ffffff71a4f8ff000000001f03000000000000e5000200000000002604fdffff02000014010000033800001d130000000000007a0a00fe0000001f0f14000000000000b503f7fff80000009500000000000000033bc065b78111c6dfa041b63af4a3912435f1a864a7aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168e5181554a090f300020000fe275daf51efd601b6bf01c8e8b1b526375ee4dd6fcd82e4fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e65440000000000000000028610643a98d9ec21ead2ed51b104d4d91af25b845b9f7d08d123deda88c658d42ecbf28bf7076c15b463bebc72f526dd70252e79166d858fcd0e06dd31af9612fa402d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff61623604000000000000006a89adaf17b0a6041bdeebdfd1f5089048ddff6da40f9411fe7226a40409d6e37c4f46756d31cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564163427afea62d84f3a10076443d643649393bf52d2105bd901128c7e0ec82701c8204a1deeed4155617572652d950ad31928b0b036dc2869f478341d02d0f5ad94b081fcd507acb4b9c67382f13d000000225d85ae49cee383dc5049076b98fb6853ab39a21514da60d2ae20cfb91d6a49964757cdf538f9ce2bdbb9893a5de817101a3062cd54f9ff51d355d84ce97bb0c6b6a595e487a2cc47c0efbb2d71cde2c10f0bc6980fe78683ac5c0c31032599dd273863be9261eee52216d009f4c52048ef8c126aeef5f510a8f1aded94a129e4aec6e8d9ab06faffc3a15d91c2ea3e2e04cfe031b287539d0540059fe6c7fe7cd8697502c7596566d674e425da5e7f009602a9f61d3804b3e0a1053abdc31282dfb15eb6841bb64a1b3045024a982f3c48153baae244e7bf573eac34b781337ad5905c6bbf1137548c7f1a4cad2422ee965a38f7defbd2960242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a90144022a579dfc0229cc0dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc48899b212c55318294270a1ad10c80fef7c24d47afcc829ba0f85da6d888f18ea40ab959f6074ab2a40d85d1501783a7ab540b8d7b4ead35a385e0b4a26b702396df7e0c1e02b88c114f244a9bf93f04bf072f0861f5c0b000000000000eedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba3401e6a52acb11883ad2a3b1832371fe5bc621426d1ed01b389708165b9cdbae2ed9dc7358f0ebadde0b727f27feeb7464dcd857ab15e355713767c536cbae2f5c7d951680f6f2f9a6a8346962a350845ffa0d82884f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010ae20e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a532869d701723fedcbada1ee7baa19faf67256b56a41fd355b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ced301efeb6dc5f6a9037d2283c42efc54fa84323afc4c10eff462c8843187f1dd48ef0981000000000000ff0f40b1888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538c6ee6ba65893ff1f908ba7554ba583ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738612e4fee18a22da19fc08001011e32f80fb60e14b9eee094277bbc170882c8890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f62e3f753b639a924599c1f69219927ea5301fff0a6063d427180d61542c2571f983e96635600000554f327a3535e7c7542799493c31ac05a7b57f03ca91a01ba2a30ca99e969d6fd09dc28ebc15edb4d91675767999d146aef7799738b292fd64bb25b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a794963342aece449a0d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b6ef9d12096833d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e1661261173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec035d232f89fe0120f64c62e8e3ed8bcb45202c204bbec8d722824c0ebca8db1ea4a05e41f6016ab5bbe4fe7ff5d785d0128171c90d9900ca2532b0f9d01c4b45294fbba468df3e1b393cb4e62e753b4172ba7ac1f2b51c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd849904568916694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a881192292ffff5392ab3d1311b82432662806add87047f601fa888400000000000000000000000000006acc19808d7cf29bc974b0ea92499a41b9b9a7c2bca311a28ee4952f2d325a56397c78f12205db653a536f9f3322405d1efd78e578dc6b3fb84f3738a4b6caa800000087efa51c5d95ecba4e50e529d1e8c89600e809dc3d0a2f65579e23457949a50f2d0455cf79a43746979f99f6a1527f004f1e37a3926937e84fb478199dc1020f4beb98b8074bf7df8b5e783637da740800000000000000c55a4385e9a617aa6c8e10d4202c5afeb06e2f9115558ea12f92d7ae633d44086b3f03b20d546fa66a72e38207c9d20035abc46271a30f1240de52536941242d23896ab74a3c6670fdc49c14f34fc4eadd6db8d80eba439772bf60a1db18c472dafc5569adc282928d2a1ffe29f1a57d3f18f4edaeb5d37918e6fddcd821da67a0785585a4443440dc65600e64a6a2740000000000000000000000000000000000000000000a0009dd14b38f2f4426d7cf5075047c31f6ce6adddfe3ac649c0643c8bfbeb14ba1fd7a485aa893915cf81e29aaf375e904bbe52691a4100260ffcd8f1d04166d291ebcef893e1b9ccb6797d0646fe0e7274434f28efb43e06e64f0698caca42f4e6018a455736c482a017e2b13dac4a90faa109f0e87cc94e3efb649692456463ca74aa6ad4bf50c1acb0000000000000005375e528285544d0064b98646f3109e9a4942ce42c6e7ec84b664f6c2770803f10baa804a707f0a1fcbfc309381aeba191950bae71f37f1eb7ceeffb3c0547ac6571603adbfde4c8b5f8d7f4b854441613633b48865b65bdc415e1e0dcf672d68cf4cebf04f4bc1eebf560a26d34d3757b1450fdb0a9a69f432e277f3a0386eb2bd3305c821c64757f786b79fef54dbe64c67d73934bc80b2133fb3c04cc7ea48bf97a6243c9f95dcbddecf45f008f1822c7868e1ff5a3cff5d6b6898335792749df7b1f51e91f8c1c3b1b93b33aaa3fab69cef08a9f6f6cf39dea3d878b2ed42545421970cc426e644332bc956d1c6adefdf0ede2c5c94aa632646ae225accdf031f611d01622921f1b922a5ac887cca3136133dce8d9f5f4da7bed2ea5d94362200000000000000000000f296b0c1484e5f781ad26bff696b05ff0a5e2270e07618b04273bd4075ea38ab463bfa6a38e7c537498ba3e4df8dfc9e040000003c3ffad44d2a376def42e41e9fc31678257e040fa7cf32c221aaac08000000000000001a00000000000000000000173570f0c11ae694b0f7a4f9c2f6790044a357e785af6e153d5f1ea460af92c7cbbd6295afe740f5e154346d483e0d641ef02e4d5295d756e110522a7a945b93fb705b95b6aae27a8fb33732ce1da1c0b1af8eb9222a06e984ab1e6984c8bdc12360627137ab67b6b68ab08acb29a74dc36b51209cfbc87f61182bbeb2772e9d5a1ffc477179be481efe46a4ce86be0b1d8eee42a611a3d44ca450b14586ed63dd92005c79e4a8ab8a94f0c6cb4bed8594a39bd76d3ef8a7ab014e787596db796bd93a36c2880423291e3bccc86f66ba792ff4d87b3f80e5908779e51c5e9055fc5b23605cd000c723187ef09dcf4b07b06a9342f3f62ee7acddff292082c1f4d8eb9561f80873a09a1ae0c9af1121175e5600f43a1179484502009759264a5729f07c2b218fa36ba2316a99aaad0130df83d0bda1e711290f78c143ea143967b00adcd77e6ad5e48d839ea61aadb83e4d071c54691924a3830d3e7b5c198bb0ed623153590000000000000000004b985ea1702f34f2f85b168c083e810ed567e3f1979b9ed1a4bf6a10dac825c96a0828b335de445a4880bb6474157efd1a72ca46ae4cbe3ab648c9bc4867a5a4cb87d7d6d55475b34b3cb6aa9e2337d4e04a37e35109752522ac9b186ddd80c47da6a2f4ef7bb909c975520000000000000000000000219cf5c1376ab33786f6b856d354e90a2733f78f2d188057cead3480eade49d55b770fad7fa000d23da6275768810b6b2df91d3a991ea98d929d271696c258d5b735d5db11df434e7dd1b7c1ca05cea3977df564115f4ec6ffab1d2ff8a642ca50934b3fbe44b0abeba9df209566984a29dfc0466e439a94e177b3c4d5f6e92b8176b9d6ddeeeb196fa964217f88e1acc180aaa4"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f00000000c0), 0x10}, 0x94)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000))
clock_gettime(0x0, &(0x7f0000004780)={<r6=>0x0, <r7=>0x0})
recvmmsg$unix(r5, &(0x7f0000004700)=[{{&(0x7f0000001400)=@abs, 0x6e, &(0x7f0000000180)=[{&(0x7f0000004280)=""/217, 0xd1}, {&(0x7f0000001680)=""/199, 0xc7}], 0x2, &(0x7f00000048c0)=[@cred={{0x18}}, @cred={{0x18}}, @cred={{0x18}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x18}}], 0xd4}}, {{&(0x7f0000001880)=@abs, 0x6e, &(0x7f0000001780)=[{&(0x7f0000001900)=""/124, 0x7c}, {&(0x7f0000001980)=""/147, 0x93}, {&(0x7f0000001a40)=""/233, 0xe9}, {&(0x7f0000001b40)=""/4096, 0x1000}, {&(0x7f0000002b40)=""/4096, 0x1000}, {&(0x7f0000003b40)=""/146, 0x92}, {&(0x7f0000003c00)=""/244, 0xf4}], 0x7, &(0x7f0000003d00)=[@cred={{0x18}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x30}}, {{0x0, 0x0, &(0x7f00000041c0)=[{&(0x7f0000003d40)=""/202, 0xca}, {&(0x7f0000003e40)=""/130, 0x82}, {&(0x7f0000003f00)=""/146, 0x92}, {&(0x7f0000003fc0)=""/32, 0x20}, {&(0x7f0000004000)=""/192, 0xc0}, {&(0x7f00000040c0)=""/230, 0xe6}], 0x6}}, {{&(0x7f0000004200)=@abs, 0x6e, &(0x7f0000004680)=[{&(0x7f0000004800)=""/179, 0xb3}, {&(0x7f0000004340)}, {&(0x7f0000004380)=""/203, 0x11}, {&(0x7f0000004480)=""/243, 0xf3}, {&(0x7f0000004580)=""/242, 0xf2}], 0x5, &(0x7f00000046c0)}}], 0x4, 0x40000001, &(0x7f00000047c0)={r6, r7+10000000})
timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0)

3.800395037s ago: executing program 4 (id=4335):
fsopen(&(0x7f0000000000)='sysfs\x00', 0x0)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$igmp(0x2, 0x3, 0x2)
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
r4 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYRES32=r3, @ANYRES32=r3, @ANYRESOCT=r3], 0x6c}}, 0x0)
mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='tmpfs\x00', 0x0, &(0x7f00000001c0)='grpquota')
r5 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000900)={&(0x7f0000000480)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c000000020000000000000000000006040000000000045dd90b2e4906acad7c22dab31b7a3f2b1332e54d324837abfb5623af67bd24cdcbe2f21c97428d16d134f6df995efe5e69a28eac09347df12df069e44fbd2d94662f88ccbe86bd02eeac3f7e79cf99fcfb5b0ba786dd395bfb436e1b2da0352dec0470"], 0x0, 0x26}, 0x20)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)={0x1c, 0x41, 0x107, 0xfffffffc, 0x0, {0x2, 0x7c}, [@typed={0x8, 0x12d, 0x0, 0x0, @fd=r6}]}, 0x1c}, 0x1, 0x0, 0x0, 0x488c0}, 0xc000)
bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0x15, 0x8, 0x4, 0x0, 0x0, 0x1, 0x5, '\x00', 0x0, r5, 0x0, 0x1}, 0x48)
migrate_pages(r0, 0xa94b, &(0x7f0000000b80), &(0x7f0000000bc0)=0x27e0407a)
umount2(&(0x7f0000000340)='./file0\x00', 0x0)
recvmmsg$unix(0xffffffffffffffff, &(0x7f0000000ac0)=[{{&(0x7f0000000000)=@abs, 0x6e, &(0x7f0000000100)=[{&(0x7f0000000c00)=""/21, 0x15}], 0x1, &(0x7f0000000200)=[@cred={{0x18}}, @cred={{0x18}}, @cred={{0x18}}, @rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x18}}], 0x84}}, {{0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000000140)=""/34, 0x22}, {&(0x7f0000000680)=""/66, 0x42}, {&(0x7f00000002c0)}], 0x3}}], 0x2, 0x0, &(0x7f0000000b40)={0x0, 0x3938700})
r7 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r7, &(0x7f0000000440), 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)

3.621984759s ago: executing program 5 (id=4328):
r0 = io_uring_setup(0xf08, &(0x7f0000000780)={0x0, 0xfb6e, 0x38c1, 0x4, 0xf0})
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000000)={&(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f000000c000/0x1000)=nil, &(0x7f000001f000/0x1000)=nil, &(0x7f0000015000/0x3000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f000000c000/0x4000)=nil, &(0x7f000001d000/0x3000)=nil, &(0x7f0000012000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0}, 0x68)
syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$VHOST_NET_SET_BACKEND(0xffffffffffffffff, 0x4008af00, &(0x7f0000000000))
io_uring_register$IORING_REGISTER_FILES(r0, 0x20, &(0x7f0000000000)=[r0], 0x1)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000200)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000040)={'vlan0\x00', &(0x7f00000001c0)=@ethtool_sset_info={0x37, 0x1, 0x400ab9, [0x84c, 0x2, 0x5, 0x7, 0x2]}})
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r2, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6)
write(r2, &(0x7f0000000340)="3f000000010003", 0x7)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143042, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000029c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
sendmsg$inet(r4, &(0x7f0000000840)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000400)="c7a6", 0x2}], 0x1}, 0x24048811)
recvmsg$unix(r3, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x40000001)
openat$fb0(0xffffff9c, &(0x7f0000000000), 0x80000, 0x0)
sendmsg$inet(r4, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000001740)=[{&(0x7f0000000b00)='>', 0x1}], 0x1}, 0x20000040)
setsockopt$sock_attach_bpf(r3, 0x1, 0x10, &(0x7f0000001280), 0x4)
recvmsg$unix(r3, &(0x7f00000009c0)={0x0, 0x0, 0x0}, 0x40000042)
r5 = openat$sysfs(0xffffff9c, &(0x7f00000000c0)='/sys/kernel/warn_count', 0x2000, 0x190)
utimensat(r5, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0)
setsockopt$nfc_llcp_NFC_LLCP_MIUX(0xffffffffffffffff, 0x118, 0x1, &(0x7f0000000100)=0x488, 0x4)

3.576210351s ago: executing program 34 (id=4328):
r0 = io_uring_setup(0xf08, &(0x7f0000000780)={0x0, 0xfb6e, 0x38c1, 0x4, 0xf0})
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000000)={&(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f000000c000/0x1000)=nil, &(0x7f000001f000/0x1000)=nil, &(0x7f0000015000/0x3000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f000000c000/0x4000)=nil, &(0x7f000001d000/0x3000)=nil, &(0x7f0000012000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0}, 0x68)
syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$VHOST_NET_SET_BACKEND(0xffffffffffffffff, 0x4008af00, &(0x7f0000000000))
io_uring_register$IORING_REGISTER_FILES(r0, 0x20, &(0x7f0000000000)=[r0], 0x1)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000200)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000040)={'vlan0\x00', &(0x7f00000001c0)=@ethtool_sset_info={0x37, 0x1, 0x400ab9, [0x84c, 0x2, 0x5, 0x7, 0x2]}})
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r2, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6)
write(r2, &(0x7f0000000340)="3f000000010003", 0x7)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143042, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000029c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
sendmsg$inet(r4, &(0x7f0000000840)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000400)="c7a6", 0x2}], 0x1}, 0x24048811)
recvmsg$unix(r3, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x40000001)
openat$fb0(0xffffff9c, &(0x7f0000000000), 0x80000, 0x0)
sendmsg$inet(r4, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000001740)=[{&(0x7f0000000b00)='>', 0x1}], 0x1}, 0x20000040)
setsockopt$sock_attach_bpf(r3, 0x1, 0x10, &(0x7f0000001280), 0x4)
recvmsg$unix(r3, &(0x7f00000009c0)={0x0, 0x0, 0x0}, 0x40000042)
r5 = openat$sysfs(0xffffff9c, &(0x7f00000000c0)='/sys/kernel/warn_count', 0x2000, 0x190)
utimensat(r5, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0)
setsockopt$nfc_llcp_NFC_LLCP_MIUX(0xffffffffffffffff, 0x118, 0x1, &(0x7f0000000100)=0x488, 0x4)

3.443319452s ago: executing program 4 (id=4330):
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00')
unshare(0x400)
ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x7)
r1 = syz_open_dev$loop(&(0x7f0000000000), 0x401, 0x20000)
readahead(r1, 0x8, 0x8)
ioctl$PPPIOCSFLAGS1(r0, 0x40047459, &(0x7f0000000140)=0x1000000)
r2 = memfd_create(&(0x7f00000000c0)='v\xa6\xf5lj6,r\xaf\xe8\x10/\xecg\xed\xe3h\x02\x00\x00\x006w\xda\xdd\xb9\nR\xe8@\x99\xb9\x8a\x0fZ\xf0\x8f\x8bp\x10\x84\x86t\x8a\xba\xc6\xfb\xd2\f\xef&\xad\xa8M\xe8\b\xb0#\xac)\x81\x1e\x8a\f\x11D\x90\xf5\xbb\x1c\xac\xc7\xad\xdc\\\x11\x95\xf8\xe6\xa7\xc3\xbc\x18+\x92\x92N\a\xa7\x7fN\x9bL\xf8\xebQs\x02\xf9\xadi\x8f\x0f\xff\x02n\x9d\x85\xea\x1a*\x1bC\xd8\x1c\xe8\x9bYS', 0x0)
r3 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
r4 = socket$inet6(0xa, 0x80002, 0x0)
r5 = fcntl$dupfd(r4, 0x2, 0xffffffffffffffff)
splice(r3, 0x0, r5, 0x0, 0x2000, 0x0)
write(r2, &(0x7f0000002140)="6963e65843ea486da3a74e3deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da33", 0x41)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
ioctl$KVM_GET_SREGS(r8, 0x8138ae83, &(0x7f0000000480))
readlinkat(r0, &(0x7f0000000040)='./file0\x00', &(0x7f0000019240)=""/102393, 0x18ff9)
syz_emit_ethernet(0x35, &(0x7f0000000040)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x2c}, @void, {@arp={0x806, @generic={0x31, 0x88f8, 0x6, 0x10, 0x9, @local, "81686447d1865b6a9c8d334cc96459dd", @remote, "c267fe"}}}}, 0x0)

3.387689632s ago: executing program 3 (id=4331):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x803, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x9)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x10000000000002)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = openat$vimc2(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$VIDIOC_ENUM_FMT(r3, 0xc0405602, &(0x7f0000000080)={0x4, 0x1, 0x0, "6cfef8b4b9fdcfc8bf98040c2599e8a8e9f887975c3cc41e122a623eb7c37334", 0x34343459})
syz_usbip_server_init(0x6)
r4 = accept4$netrom(0xffffffffffffffff, &(0x7f0000000300)={{0x3, @netrom}, [@remote, @null, @rose, @netrom, @null, @rose, @bcast, @default]}, &(0x7f00000001c0)=0x48, 0x0)
setsockopt$netrom_NETROM_IDLE(r4, 0x103, 0x7, &(0x7f0000000280)=0x8, 0x4)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYRES16=r1], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xc, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10)
socket$inet6_mptcp(0xa, 0x1, 0x106)
r6 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r6, &(0x7f0000000000)={0x1f, 0x8ef, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000740)=@newlink={0x44, 0x10, 0x403, 0x0, 0x25dfdbfc, {0x0, 0x0, 0x74, 0x0, 0x1810, 0x55007}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_MCAST_QUERIER={0x5, 0x19, 0x2}, @IFLA_BR_MCAST_SNOOPING={0x5}]}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x800}, 0x0)
r8 = syz_init_net_socket$bt_bnep(0x1f, 0x3, 0x4)
ioctl$sock_bt_bnep_BNEPCONNADD(r8, 0x400442c8, &(0x7f0000000100)={r6, 0x0, 0x4})

2.076583823s ago: executing program 6 (id=4329):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket(0x11, 0x3, 0x0)
r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000080)=0x13)
r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TIOCSTI(r4, 0x5412, &(0x7f0000000640)=0x11)
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r1, 0x8983, &(0x7f0000000100)={0x0, 'erspan0\x00', {0x1}, 0x26})
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
r5 = socket$inet_smc(0x2b, 0x1, 0x0)
ioctl$MEDIA_IOC_REQUEST_ALLOC(0xffffffffffffffff, 0x80047c05, &(0x7f00000000c0))
connect$inet(r5, 0x0, 0x0)
sendto$inet(r5, &(0x7f0000000040)="e5", 0xffffffe4, 0x0, 0x0, 0x0)
unshare(0x40020000)
r6 = socket$netlink(0x10, 0x3, 0x0)
writev(r6, &(0x7f0000000000)=[{&(0x7f0000000040)="39000000120003474cbb65e1c3e4ffff07000d0001000000070000002500000004003d000c0014000000001f000006060400180000008cdb25", 0x39}], 0x1)

2.073369044s ago: executing program 4 (id=4340):
socket$nl_rdma(0x10, 0x3, 0x14)
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket(0xb, 0xa, 0xffffffff)
syz_emit_ethernet(0x36, &(0x7f0000000380)={@local, @multicast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x5, 0x0, @dev, @multicast1}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x0, 0x0, 0x0, 0x9f1}}}}}}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r3, 0x8933, &(0x7f0000000600))
socket$nl_route(0x10, 0x3, 0x0)
syz_open_dev$usbmon(0x0, 0x1, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="5c0000000206050000000000000000000700000014000780080008400000009808000640200000000500010006000000050005000200000005000400000000000900020073797a310000000010000300686173683a69702c6d6163"], 0x5c}}, 0x20000000) (fail_nth: 9)
sendmsg$IPSET_CMD_DESTROY(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="2800000003060108000010000000ff5ac300afef2071000003140018050001000700e8ff08000200"], 0x28}, 0x1, 0x0, 0x0, 0x5}, 0x44084)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
ioctl$BLKZEROOUT(0xffffffffffffffff, 0x127f, 0x0)
r5 = socket$inet_smc(0x2b, 0x1, 0x0)
sendto$inet(r5, &(0x7f0000000040)="e5", 0xffffffe4, 0x0, 0x0, 0x0)
unshare(0x40020000)
mkdir(&(0x7f0000000000)='./bus\x00', 0x160)

1.328277738s ago: executing program 3 (id=4332):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x803, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x9)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x10000000000002)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = openat$vimc2(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$VIDIOC_ENUM_FMT(r3, 0xc0405602, &(0x7f0000000080)={0x4, 0x1, 0x0, "6cfef8b4b9fdcfc8bf98040c2599e8a8e9f887975c3cc41e122a623eb7c37334", 0x34343459})
syz_usbip_server_init(0x6)
r4 = accept4$netrom(0xffffffffffffffff, &(0x7f0000000300)={{0x3, @netrom}, [@remote, @null, @rose, @netrom, @null, @rose, @bcast, @default]}, &(0x7f00000001c0)=0x48, 0x0)
setsockopt$netrom_NETROM_IDLE(r4, 0x103, 0x7, &(0x7f0000000280)=0x8, 0x4)
socket$netlink(0x10, 0x3, 0x15)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYRES16=r1], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xc, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10)
socket$inet6_mptcp(0xa, 0x1, 0x106)
r6 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r6, &(0x7f0000000000)={0x1f, 0x8ef, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe)
socket$nl_route(0x10, 0x3, 0x0)
r7 = syz_init_net_socket$bt_bnep(0x1f, 0x3, 0x4)
ioctl$sock_bt_bnep_BNEPCONNADD(r7, 0x400442c8, &(0x7f0000000100)={r6, 0x0, 0x4})

1.138741598s ago: executing program 4 (id=4333):
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50)
r1 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
symlinkat(&(0x7f00000000c0)='./file1\x00', r1, &(0x7f0000000100)='./file0\x00')
syz_usb_connect(0x0, 0x24, &(0x7f0000000200)=ANY=[@ANYBLOB="1201410130f56920ac05190272f001050301090212000100001000090455070003490200"], 0x0)
socket(0x2, 0x80805, 0x0)
fchmodat(r1, &(0x7f0000000340)='./file1\x00', 0x40)
r2 = socket$can_j1939(0x1d, 0x2, 0x7)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
r3 = syz_io_uring_setup(0x24f6, &(0x7f0000000b80)={0x0, 0x0, 0x10100, 0x0, 0x33a}, &(0x7f0000000100)=<r4=>0x0, &(0x7f0000000140)=<r5=>0x0)
sendmsg$IPSET_CMD_TYPE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='8'], 0x38}}, 0x0)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r6, &(0x7f0000000180)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r6, 0x0)
syz_io_uring_submit(r4, r5, &(0x7f0000000000)=@IORING_OP_CLOSE={0x13, 0x8})
io_uring_enter(r3, 0x2d3e, 0x0, 0x0, 0x0, 0x0)
ioctl$AUTOFS_IOC_READY(r1, 0x9360, 0x800000000000001)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x16, 0x13, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000ab4b8657f75cf2d1dde853c7ec7300001600000000000900000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000180100002020692500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000070000008500000006000000bf91000000000000b7020000010000008500000084000000b7000000000000009500000000000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x11, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5f, 0x0, 0x0, 0x0, 0xffffff80}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r7, 0xfca804a0, 0x10, 0x38, &(0x7f00000002c0)="b800000500000000", &(0x7f0000000300)=""/8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)
openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)
syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
io_setup(0x2, &(0x7f00000000c0))
openat$random(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'syzkaller1\x00', 0x1})
r8 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000080), 0x129202, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r8, 0xc0045005, &(0x7f00000000c0)=0x20)
write$binfmt_elf32(r8, 0x0, 0x4cd)
ioctl$SNDCTL_DSP_SETFMT(r8, 0xc0045005, &(0x7f0000000100)=0x1)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000480)={0x18, 0x3, &(0x7f0000000540)=ANY=[@ANYRESHEX=r6, @ANYRESHEX=r2, @ANYRESOCT=r8], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)

909.212834ms ago: executing program 6 (id=4334):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
shmget$private(0x0, 0x3000, 0x54000000, &(0x7f0000ffb000/0x3000)=nil)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000000c0), 0x1048b, 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f00000003c0)='./file0\x00', 0x101800, 0x3)
r0 = inotify_init()
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)={0x3c, 0x0, 0x8, 0x301, 0x0, 0x0, {0x2, 0x0, 0x6}, [@CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x88be}, @CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x88}, @CTA_TIMEOUT_NAME={0xfffffffffffffcf5, 0x1, 'syz0\x00'}, @CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x1}, @CTA_TIMEOUT_DATA={0x4, 0x4, 0x0, 0x1, @tcp}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40}, 0x8000)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, r0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
quotactl$Q_SYNC(0xffffffff80000102, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
r5 = getpgid(0x0)
fcntl$setownex(0xffffffffffffffff, 0xf, &(0x7f0000000140)={0x2, r5})
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
r6 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup\x00', 0x0, 0x189)
getdents64(r6, &(0x7f0000000100)=""/33, 0x21)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1/file0\x00', 0x0)
mount$bind(&(0x7f0000000100)='.\x00', &(0x7f0000000300)='./file1/file0\x00', 0x0, 0x1085408, 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f00000003c0), 0x0, &(0x7f00000004c0)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file1/file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})

870.607412ms ago: executing program 0 (id=4336):
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=ANY=[@ANYBLOB], 0x88}}, 0x0)

701.59411ms ago: executing program 0 (id=4337):
socket$unix(0x1, 0x1, 0x0)
r0 = creat(&(0x7f0000000340)='./file0\x00', 0x101)
close(r0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='sys_enter\x00'}, 0x10)
rt_sigprocmask(0x0, &(0x7f0000000000)={[0xfffffffffffffffd]}, 0x0, 0x8)
syz_clone(0x0, &(0x7f0000000180)="31af42935fd57f431ca4bb252d278b0bcb1cafdea42f1c2e081014", 0x1b, &(0x7f00000002c0), &(0x7f0000000300), &(0x7f0000000380)="16fa24d065aa0d296ea42149cefc4482687511c7d4a16fa8aedec0c6b57ab4837ecabc84f2b071432859f859e5518ba69fe3801148e53dae34433681e2b92ee4090a64e4960d2381e8dde2b7e73b488e46b4187f2dba3204a68adf8df2f8364eebda064c21c702b813e3a9f3b69d4ee1f183450f4e0ae3a98913d451a01e352614f0cd930c57a2d030040e7c3553ef0288f10c3fe6fca7f268752b89357bee31d048fc3f636925ee63a00fe3081959e4d727719750a860e0691acd671d812be91dfbf7d9f279c43c512a8d470e884fab8af80a0e5492dc76ba66eb4b2550b4abae0ccc3edf3d")
r1 = inotify_init()
inotify_add_watch(r1, &(0x7f00000001c0)='.\x00', 0x400017e)

320.552035ms ago: executing program 0 (id=4338):
socket$inet6(0xa, 0x11, 0x7)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x70bd2b, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7b, 0x0, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = syz_io_uring_setup(0x10a, &(0x7f0000000140)={0x0, 0x5883, 0x1000, 0x3}, &(0x7f0000000040)=<r4=>0x0, &(0x7f00000001c0)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_RENAMEAT={0x23, 0x4, 0x0, 0xffffffffffffffff, &(0x7f0000000300)='./file0\x00', &(0x7f0000000380)='./file0\x00', r1, 0x0, 0x1})
io_uring_enter(r3, 0x3516, 0x0, 0x0, 0x0, 0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000140)='tracefs\x00', 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
r9 = openat$zero(0xffffff9c, &(0x7f00000000c0), 0x80000, 0x0)
ioctl$TUNSETTXFILTER(r9, 0x400454d1, &(0x7f0000000240)={0x0, 0x1, [@multicast]})
ioctl$KVM_SET_SREGS(r8, 0x4138ae84, &(0x7f0000000100)={{0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x2, 0x0, 0x8, 0x9, 0x10}, {0xffff1000, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x7}, {0x2000, 0x5000, 0xc, 0x0, 0x7, 0x4, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfc}, {0x3000, 0xd000, 0x0, 0x0, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0x4}, {0xeeee8000, 0xffff1000, 0x9, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3c}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x0, 0xa, 0xfe, 0x0, 0x0, 0x3}, {0x0, 0x3000, 0x0, 0x0, 0x0, 0x1, 0x0, 0xa, 0x26}, {0x80a0000}, {0xdddd1000}, 0xddf8ffdb, 0x0, 0x0, 0x50, 0x0, 0xf801, 0x0, [0x0, 0x0, 0x1]})

0s ago: executing program 6 (id=4339):
fsopen(&(0x7f0000000000)='sysfs\x00', 0x0)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$igmp(0x2, 0x3, 0x2)
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
r4 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYRES32=r3, @ANYRES32=r3, @ANYRESOCT=r3], 0x6c}}, 0x0)
mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='tmpfs\x00', 0x0, &(0x7f00000001c0)='grpquota')
r5 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000900)={&(0x7f0000000480)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c000000020000000000000000000006040000000000045dd90b2e4906acad7c22dab31b7a3f2b1332e54d324837abfb5623af67bd24cdcbe2f21c97428d16d134f6df995efe5e69a28eac09347df12df069e44fbd2d94662f88ccbe86bd02eeac3f7e79cf99fcfb5b0ba786dd395bfb436e1b2da0352dec0470"], 0x0, 0x26}, 0x20)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)={0x1c, 0x41, 0x107, 0xfffffffc, 0x0, {0x2, 0x7c}, [@typed={0x8, 0x12d, 0x0, 0x0, @fd=r6}]}, 0x1c}, 0x1, 0x0, 0x0, 0x488c0}, 0xc000)
bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0x15, 0x8, 0x4, 0x0, 0x0, 0x1, 0x5, '\x00', 0x0, r5, 0x0, 0x1}, 0x48)
migrate_pages(r0, 0xa94b, &(0x7f0000000b80), &(0x7f0000000bc0)=0x27e0407a)
umount2(&(0x7f0000000340)='./file0\x00', 0x0)
recvmmsg$unix(0xffffffffffffffff, &(0x7f0000000ac0)=[{{&(0x7f0000000000)=@abs, 0x6e, &(0x7f0000000100)=[{&(0x7f0000000c00)=""/21, 0x15}], 0x1, &(0x7f0000000200)=[@cred={{0x18}}, @cred={{0x18}}, @cred={{0x18}}, @rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x18}}], 0x84}}, {{0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000000140)=""/34, 0x22}, {&(0x7f0000000680)=""/66, 0x42}, {&(0x7f00000002c0)}], 0x3}}], 0x2, 0x0, &(0x7f0000000b40)={0x0, 0x3938700})
r7 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r7, &(0x7f0000000440), 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)

kernel console output (not intermixed with test programs):

000000000000000 R09: 0000000000000000
[  759.833926][T19321] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  759.833936][T19321] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  759.833960][T19321]  </TASK>
[  759.834075][T19321] ERROR: Out of memory at tomoyo_realpath_from_path.
[  759.865494][T14790] usb 40-1: device descriptor read/8, error -110
[  759.929515][T19329] netlink: 528 bytes leftover after parsing attributes in process `syz.1.3786'.
[  759.934693][ T1946] Process accounting resumed
[  759.935702][T19329] netlink: 528 bytes leftover after parsing attributes in process `syz.1.3786'.
[  759.940515][T19329] fuse: Unknown parameter 'ÿÿÿÿ'
[  759.995266][T19332] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3784'.
[  760.053098][ T6044] usb 46-1: device descriptor read/8, error -110
[  760.055232][T14790] usb usb40-port1: unable to enumerate USB device
[  760.437471][ T6044] usb usb46-port1: attempt power cycle
[  760.634748][T19328] syz.4.3784: page allocation failure: order:0, mode:0x10cc0(GFP_KERNEL|__GFP_NORETRY), nodemask=(null),cpuset=/,mems_allowed=0-1
[  760.638991][T19328] CPU: 2 UID: 0 PID: 19328 Comm: syz.4.3784 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) 
[  760.639007][T19328] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  760.639037][T19328] Call Trace:
[  760.639042][T19328]  <TASK>
[  760.639047][T19328]  dump_stack_lvl+0x16c/0x1f0
[  760.639067][T19328]  warn_alloc+0x248/0x3a0
[  760.639084][T19328]  ? __pfx_warn_alloc+0x10/0x10
[  760.639099][T19328]  ? psi_group_change+0x6dc/0xd20
[  760.639117][T19328]  ? __pfx___alloc_pages_direct_compact+0x10/0x10
[  760.639133][T19328]  ? psi_memstall_leave+0x1e1/0x2d0
[  760.639147][T19328]  ? psi_memstall_leave+0x1e6/0x2d0
[  760.639162][T19328]  __alloc_frozen_pages_noprof+0xea2/0x23f0
[  760.639185][T19328]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  760.639204][T19328]  ? rcu_is_watching+0x12/0xc0
[  760.639222][T19328]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  760.639239][T19328]  ? policy_nodemask+0xea/0x4e0
[  760.639254][T19328]  alloc_pages_mpol+0x1fb/0x550
[  760.639265][T19328]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  760.639280][T19328]  alloc_pages_noprof+0x131/0x390
[  760.639291][T19328]  kimage_alloc_pages+0x75/0x350
[  760.639308][T19328]  kimage_alloc_control_pages+0x153/0xa00
[  760.639328][T19328]  ? __pfx_kimage_alloc_control_pages+0x10/0x10
[  760.639350][T19328]  do_kexec_load+0x480/0x8d0
[  760.639361][T19328]  ? __pfx_do_kexec_load+0x10/0x10
[  760.639375][T19328]  __ia32_compat_sys_kexec_load+0x37f/0x400
[  760.639389][T19328]  ? __pfx___ia32_compat_sys_kexec_load+0x10/0x10
[  760.639402][T19328]  ? rcu_is_watching+0x12/0xc0
[  760.639415][T19328]  __do_fast_syscall_32+0x7c/0x3a0
[  760.639433][T19328]  do_fast_syscall_32+0x32/0x80
[  760.639449][T19328]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  760.639463][T19328] RIP: 0023:0xf7f14579
[  760.639472][T19328] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  760.639483][T19328] RSP: 002b:00000000f501555c EFLAGS: 00000296 ORIG_RAX: 000000000000011b
[  760.639493][T19328] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000000003
[  760.639500][T19328] RDX: 0000000080001080 RSI: 00000000003e0000 RDI: 0000000000000000
[  760.639506][T19328] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  760.639512][T19328] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  760.639519][T19328] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  760.639532][T19328]  </TASK>
[  760.639550][T19328] Mem-Info:
[  760.716876][T19328] active_anon:1129 inactive_anon:919 isolated_anon:0
[  760.716876][T19328]  active_file:1935 inactive_file:2897 isolated_file:0
[  760.716876][T19328]  unevictable:18055 dirty:502 writeback:0
[  760.716876][T19328]  slab_reclaimable:6199 slab_unreclaimable:72293
[  760.716876][T19328]  mapped:22844 shmem:2641 pagetables:993
[  760.716876][T19328]  sec_pagetables:330 bounce:0
[  760.716876][T19328]  kernel_misc_reclaimable:0
[  760.716876][T19328]  free:31002 free_pcp:2769 free_cma:0
[  760.762291][T19328] Node 0 active_anon:152kB inactive_anon:288kB active_file:992kB inactive_file:20kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:100kB dirty:28kB writeback:0kB shmem:4408kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:7280kB pagetables:1040kB sec_pagetables:1144kB all_unreclaimable? yes Balloon:0kB
[  760.773549][T19328] Node 1 active_anon:1576kB inactive_anon:3472kB active_file:6808kB inactive_file:11536kB unevictable:68684kB isolated(anon):0kB isolated(file):0kB mapped:91892kB dirty:1984kB writeback:0kB shmem:3352kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:5800kB pagetables:3132kB sec_pagetables:176kB all_unreclaimable? no Balloon:0kB
[  760.784138][T19328] Node 0 DMA free:1896kB boost:0kB min:760kB low:948kB high:1136kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:4kB active_file:56kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:48kB local_pcp:32kB free_cma:0kB
[  760.793032][T19328] lowmem_reserve[]: 0 288 288 288 288
[  760.794791][T19328] Node 0 DMA32 free:17648kB boost:4096kB min:17316kB low:20620kB high:23924kB reserved_highatomic:2048KB free_highatomic:1952KB active_anon:152kB inactive_anon:284kB active_file:916kB inactive_file:20kB unevictable:3536kB writepending:28kB present:1032196kB managed:295892kB mlocked:0kB bounce:0kB free_pcp:584kB local_pcp:0kB free_cma:0kB
[  760.804559][T19328] lowmem_reserve[]: 0 0 0 0 0
[  760.806082][T19328] Node 1 DMA32 free:96348kB boost:0kB min:47144kB low:58928kB high:70712kB reserved_highatomic:2048KB free_highatomic:2048KB active_anon:10676kB inactive_anon:3472kB active_file:6808kB inactive_file:11536kB unevictable:68684kB writepending:1984kB present:1048432kB managed:948284kB mlocked:0kB bounce:0kB free_pcp:12168kB local_pcp:516kB free_cma:0kB
[  760.817313][T19328] lowmem_reserve[]: 0 0 0 0 0
[  760.818938][T19328] Node 0 DMA: 2*4kB (M) 2*8kB (M) 4*16kB (UM) 3*32kB (M) 3*64kB (UM) 0*128kB 0*256kB 1*512kB (M) 1*1024kB (M) 0*2048kB 0*4096kB = 1912kB
[  760.823263][T19328] Node 0 DMA32: 201*4kB (UME) 161*8kB (ME) 85*16kB (ME) 89*32kB (UMEH) 37*64kB (UMEH) 16*128kB (UME) 11*256kB (UMH) 6*512kB (UMH) 1*1024kB (H) 0*2048kB 0*4096kB = 17628kB
[  760.828839][T19328] Node 1 DMA32: 1*4kB (U) 601*8kB (UME) 835*16kB (UME) 556*32kB (ME) 256*64kB (ME) 117*128kB (ME) 55*256kB (ME) 17*512kB (ME) 2*1024kB (M) 2*2048kB (MH) 0*4096kB = 96252kB
[  760.834115][T19328] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  760.837013][T19328] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[  760.839965][T19328] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  760.842880][T19328] Node 1 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB
[  760.845738][T19328] 26188 total pagecache pages
[  760.848895][T19328] 618 pages in swap cache
[  760.850352][T19328] Free swap  = 110468kB
[  760.851678][T19328] Total swap = 124996kB
[  760.852993][T19328] 524155 pages RAM
[  760.854183][T19328] 0 pages HighMem/MovableOnly
[  760.855672][T19328] 209271 pages reserved
[  760.857372][T19328] 0 pages cma reserved
[  761.116814][ T6044] usb usb46-port1: unable to enumerate USB device
[  761.463343][T19364] lo speed is unknown, defaulting to 1000
[  761.693272][T19328] kexec: Could not allocate control_code_buffer
[  761.960121][T19379] netlink: 'syz.0.3796': attribute type 10 has an invalid length.
[  761.962676][T19379] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3796'.
[  761.966494][T19379] dummy0: entered promiscuous mode
[  761.968358][T19379] bridge0: port 1(dummy0) entered blocking state
[  761.970598][T19379] bridge0: port 1(dummy0) entered disabled state
[  761.972945][T19379] dummy0: entered allmulticast mode
[  761.995666][T19379] random: crng reseeded on system resumption
[  762.059561][T19384] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(6)
[  762.061640][T19384] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  762.065007][T19384] vhci_hcd vhci_hcd.0: Device attached
[  762.389932][ T6044] usb 46-1: SetAddress Request (14) to port 0
[  762.392094][ T6044] usb 46-1: new SuperSpeed USB device number 14 using vhci_hcd
[  762.599913][T19399] program syz.0.3804 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  762.715329][T19385] vhci_hcd: connection reset by peer
[  762.717217][ T1137] vhci_hcd: stop threads
[  762.718651][ T1137] vhci_hcd: release socket
[  762.720236][ T1137] vhci_hcd: disconnect device
[  762.941125][T19410] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3805'.
[  763.870904][T19426] netlink: 'syz.1.3811': attribute type 10 has an invalid length.
[  763.873458][T19426] netlink: 40 bytes leftover after parsing attributes in process `syz.1.3811'.
[  763.876985][T19426] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  763.879869][T19426] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  763.882916][T19426] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  763.892398][T19426] team0: Port device geneve0 added
[  763.985042][T19422] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  764.060312][T19422] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  764.181536][T19422] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  764.205501][T19432] lo speed is unknown, defaulting to 1000
[  764.248224][T19422] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  764.256571][T19422] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  764.264946][T19422] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  764.271524][T19422] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  764.705387][T19444] binder: 19442:19444 ioctl c0306201 0 returned -14
[  764.902251][T19446] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(6)
[  764.904300][T19446] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  764.988740][T19446] vhci_hcd vhci_hcd.0: Device attached
[  765.582668][T19458] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3819'.
[  765.606071][T19451] vhci_hcd: connection closed
[  765.606362][  T215] vhci_hcd: stop threads
[  765.609852][  T215] vhci_hcd: release socket
[  765.612967][  T215] vhci_hcd: disconnect device
[  765.767753][T19460] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3820'.
[  765.770650][T19460] FAULT_INJECTION: forcing a failure.
[  765.770650][T19460] name failslab, interval 1, probability 0, space 0, times 0
[  765.774828][T19460] CPU: 2 UID: 0 PID: 19460 Comm: syz.3.3820 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) 
[  765.774846][T19460] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  765.774853][T19460] Call Trace:
[  765.774857][T19460]  <TASK>
[  765.774862][T19460]  dump_stack_lvl+0x16c/0x1f0
[  765.774881][T19460]  should_fail_ex+0x512/0x640
[  765.774900][T19460]  should_failslab+0xc2/0x120
[  765.774911][T19460]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  765.774936][T19460]  ? __alloc_skb+0x2b2/0x380
[  765.774958][T19460]  __alloc_skb+0x2b2/0x380
[  765.774973][T19460]  ? __pfx___alloc_skb+0x10/0x10
[  765.774988][T19460]  ? lock_acquire+0x179/0x350
[  765.775003][T19460]  ? find_held_lock+0x2b/0x80
[  765.775016][T19460]  fdb_notify+0xa4/0x1a0
[  765.775030][T19460]  fdb_delete+0x6f9/0x1230
[  765.775046][T19460]  fdb_delete_local+0x566/0x740
[  765.775070][T19460]  br_fdb_delete_by_port+0x2a6/0x320
[  765.775095][T19460]  br_dev_delete+0xe5/0x1a0
[  765.775112][T19460]  rtnl_dellink+0x3ba/0xa80
[  765.775127][T19460]  ? __pfx_br_dev_delete+0x10/0x10
[  765.775143][T19460]  ? __pfx_rtnl_dellink+0x10/0x10
[  765.775181][T19460]  ? __lock_acquire+0x622/0x1c90
[  765.775197][T19460]  ? rcu_is_watching+0x12/0xc0
[  765.775208][T19460]  ? trace_cap_capable+0x18d/0x200
[  765.775222][T19460]  ? find_held_lock+0x2b/0x80
[  765.775232][T19460]  ? __pfx_rtnl_dellink+0x10/0x10
[  765.775247][T19460]  ? __pfx_rtnl_dellink+0x10/0x10
[  765.775261][T19460]  ? rtnetlink_rcv_msg+0x93a/0xe90
[  765.775278][T19460]  ? __pfx_rtnl_dellink+0x10/0x10
[  765.775293][T19460]  rtnetlink_rcv_msg+0x95e/0xe90
[  765.775311][T19460]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  765.775330][T19460]  ? __lock_acquire+0x622/0x1c90
[  765.775346][T19460]  netlink_rcv_skb+0x155/0x420
[  765.775358][T19460]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  765.775375][T19460]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  765.775391][T19460]  ? netlink_deliver_tap+0x1ae/0xd30
[  765.775407][T19460]  ? is_vmalloc_addr+0x86/0xa0
[  765.775424][T19460]  netlink_unicast+0x58d/0x850
[  765.775436][T19460]  ? __pfx_netlink_unicast+0x10/0x10
[  765.775455][T19460]  netlink_sendmsg+0x8d1/0xdd0
[  765.775468][T19460]  ? __pfx_netlink_sendmsg+0x10/0x10
[  765.775480][T19460]  ? __import_iovec+0x1dd/0x650
[  765.775493][T19460]  ____sys_sendmsg+0xa95/0xc70
[  765.775506][T19460]  ? __pfx_____sys_sendmsg+0x10/0x10
[  765.775517][T19460]  ? get_compat_msghdr+0x11a/0x170
[  765.775539][T19460]  ___sys_sendmsg+0x134/0x1d0
[  765.775555][T19460]  ? __pfx____sys_sendmsg+0x10/0x10
[  765.775576][T19460]  ? find_held_lock+0x2b/0x80
[  765.775595][T19460]  __sys_sendmsg+0x16d/0x220
[  765.775610][T19460]  ? __pfx___sys_sendmsg+0x10/0x10
[  765.775631][T19460]  ? rcu_is_watching+0x12/0xc0
[  765.775644][T19460]  __do_fast_syscall_32+0x7c/0x3a0
[  765.775662][T19460]  do_fast_syscall_32+0x32/0x80
[  765.775677][T19460]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  765.775692][T19460] RIP: 0023:0xf707e579
[  765.775701][T19460] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  765.775712][T19460] RSP: 002b:00000000f506e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  765.775722][T19460] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000200
[  765.775729][T19460] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  765.775734][T19460] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  765.775741][T19460] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  765.775746][T19460] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  765.775759][T19460]  </TASK>
[  766.092925][T19468] netlink: 'syz.0.3822': attribute type 1 has an invalid length.
[  766.102468][T19468] pim6reg: entered allmulticast mode
[  766.353186][T19481] binder: 19479:19481 ioctl c0306201 0 returned -14
[  766.664157][T19477] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3825'.
[  766.745218][T19465] pim6reg: left allmulticast mode
[  766.821406][T19484] lo speed is unknown, defaulting to 1000
[  767.141123][   T40] audit: type=1326 audit(2000001491.925:2828): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19493 comm="syz.1.3831" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ce579 code=0x7ffc0000
[  767.149716][   T40] audit: type=1326 audit(2000001491.925:2829): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19493 comm="syz.1.3831" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ce579 code=0x7ffc0000
[  767.156674][   T40] audit: type=1326 audit(2000001491.935:2830): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19493 comm="syz.1.3831" exe="/syz-executor" sig=0 arch=40000003 syscall=259 compat=1 ip=0xf70ce579 code=0x7ffc0000
[  767.164599][   T40] audit: type=1326 audit(2000001491.935:2831): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19493 comm="syz.1.3831" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ce579 code=0x7ffc0000
[  767.171677][   T40] audit: type=1326 audit(2000001491.935:2832): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19493 comm="syz.1.3831" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ce579 code=0x7ffc0000
[  767.178459][T19500] netlink: del zone limit has 8 unknown bytes
[  767.180489][   T40] audit: type=1326 audit(2000001491.935:2833): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19493 comm="syz.1.3831" exe="/syz-executor" sig=0 arch=40000003 syscall=260 compat=1 ip=0xf70ce579 code=0x7ffc0000
[  767.190832][   T40] audit: type=1326 audit(2000001491.935:2834): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19493 comm="syz.1.3831" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf70ce598 code=0x7ffc0000
[  767.203544][   T40] audit: type=1326 audit(2000001491.935:2835): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19493 comm="syz.1.3831" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf70ce598 code=0x7ffc0000
[  767.210956][   T40] audit: type=1326 audit(2000001491.935:2836): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19493 comm="syz.1.3831" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf70ce598 code=0x7ffc0000
[  767.217545][   T40] audit: type=1326 audit(2000001491.935:2837): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19493 comm="syz.1.3831" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf70ce598 code=0x7ffc0000
[  767.250983][ T6044] usb 46-1: device descriptor read/8, error -110
[  767.470969][T19508] FAULT_INJECTION: forcing a failure.
[  767.470969][T19508] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  767.477703][T19508] CPU: 2 UID: 0 PID: 19508 Comm: syz.3.3835 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) 
[  767.477720][T19508] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  767.477727][T19508] Call Trace:
[  767.477731][T19508]  <TASK>
[  767.477736][T19508]  dump_stack_lvl+0x16c/0x1f0
[  767.477756][T19508]  should_fail_ex+0x512/0x640
[  767.477773][T19508]  _copy_from_user+0x2e/0xd0
[  767.477790][T19508]  kstrtouint_from_user+0xd6/0x1d0
[  767.477803][T19508]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  767.477815][T19508]  ? __lock_acquire+0xb8a/0x1c90
[  767.477837][T19508]  proc_fail_nth_write+0x83/0x250
[  767.477852][T19508]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  767.477868][T19508]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  767.477881][T19508]  vfs_write+0x29d/0x1150
[  767.477899][T19508]  ? __pfx_vfs_write+0x10/0x10
[  767.477930][T19508]  ? find_held_lock+0x2b/0x80
[  767.477947][T19508]  ? __fget_files+0x20e/0x3c0
[  767.477965][T19508]  ksys_write+0x12a/0x250
[  767.477980][T19508]  ? __pfx_ksys_write+0x10/0x10
[  767.477996][T19508]  ? rcu_is_watching+0x12/0xc0
[  767.478010][T19508]  __do_fast_syscall_32+0x7c/0x3a0
[  767.478028][T19508]  do_fast_syscall_32+0x32/0x80
[  767.478044][T19508]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  767.478062][T19508] RIP: 0023:0xf707e579
[  767.478071][T19508] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  767.478082][T19508] RSP: 002b:00000000f506e590 EFLAGS: 00000293 ORIG_RAX: 0000000000000004
[  767.478100][T19508] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f506e620
[  767.478107][T19508] RDX: 0000000000000001 RSI: 00000000f73e3ff4 RDI: 0000000000000000
[  767.478113][T19508] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  767.478119][T19508] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  767.478125][T19508] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  767.478139][T19508]  </TASK>
[  767.690216][T19514] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3837'.
[  767.715458][ T6044] usb usb46-port1: attempt power cycle
[  767.791236][T19514] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3837'.
[  767.794220][T19514] dummy0: left allmulticast mode
[  767.802268][T19514] bridge0: port 1(dummy0) entered disabled state
[  767.970835][T19521] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3838'.
[  767.977383][T19522] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3836'.
[  768.273777][T19529] binder: 19526:19529 ioctl c0306201 0 returned -14
[  768.626363][T19531] lo speed is unknown, defaulting to 1000
[  768.701287][ T6044] usb usb46-port1: unable to enumerate USB device
[  768.785809][T19537] pim6reg1: tun_chr_ioctl cmd 1074025677
[  768.787796][T19537] pim6reg1: linktype set to 780
[  770.047013][T19567] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3850'.
[  770.768842][T19569] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3853'.
[  771.740414][   T13] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  771.790372][   T13] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  771.846130][   T13] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  771.918022][   T13] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  771.984251][ T5971] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  771.989201][ T5971] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  771.996329][ T5971] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  772.006758][ T5971] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  772.012227][ T5971] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  772.111353][T19597] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3862'.
[  772.298042][   T13] team0: Port device geneve0 removed
[  772.711400][T19593] lo speed is unknown, defaulting to 1000
[  772.782016][T19605] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(6)
[  772.784168][T19605] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  772.787100][T19605] vhci_hcd vhci_hcd.0: Device attached
[  772.832372][T19593] chnl_net:caif_netlink_parms(): no params data found
[  772.983449][T19593] bridge0: port 1(bridge_slave_0) entered blocking state
[  772.986018][T19593] bridge0: port 1(bridge_slave_0) entered disabled state
[  772.988518][T19593] bridge_slave_0: entered allmulticast mode
[  772.992082][T19593] bridge_slave_0: entered promiscuous mode
[  773.000488][T19593] bridge0: port 2(bridge_slave_1) entered blocking state
[  773.003791][T19593] bridge0: port 2(bridge_slave_1) entered disabled state
[  773.006705][T19593] bridge_slave_1: entered allmulticast mode
[  773.009316][T19593] bridge_slave_1: entered promiscuous mode
[  773.024921][T19617] block nbd3: shutting down sockets
[  773.212299][T19593] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  773.212474][ T6044] usb 46-1: SetAddress Request (18) to port 0
[  773.217427][T19593] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  773.236431][ T6044] usb 46-1: new SuperSpeed USB device number 18 using vhci_hcd
[  773.252812][T19593] team0: Port device team_slave_0 added
[  773.256885][T19593] team0: Port device team_slave_1 added
[  773.290344][T19593] batman_adv: batadv0: Adding interface: batadv_slave_0
[  773.293597][T19593] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  773.301925][T19593] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  773.308171][T19593] batman_adv: batadv0: Adding interface: batadv_slave_1
[  773.313587][T19593] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  773.322045][T19593] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  773.413025][T19606] vhci_hcd: connection reset by peer
[  773.415219][   T46] vhci_hcd: stop threads
[  773.416643][   T46] vhci_hcd: release socket
[  773.418157][   T46] vhci_hcd: disconnect device
[  773.428883][T19593] hsr_slave_0: entered promiscuous mode
[  773.431254][T19593] hsr_slave_1: entered promiscuous mode
[  773.433298][T19593] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  773.435627][T19593] Cannot create hsr debugfs directory
[  773.591667][T19593] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  773.640009][T19593] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  773.644287][T19593] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  773.654658][T19593] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  773.655822][T19624] FAULT_INJECTION: forcing a failure.
[  773.655822][T19624] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  773.661195][T19624] CPU: 0 UID: 0 PID: 19624 Comm: syz.0.3866 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) 
[  773.661210][T19624] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  773.661217][T19624] Call Trace:
[  773.661221][T19624]  <TASK>
[  773.661226][T19624]  dump_stack_lvl+0x16c/0x1f0
[  773.661244][T19624]  should_fail_ex+0x512/0x640
[  773.661262][T19624]  _copy_to_user+0x32/0xd0
[  773.661281][T19624]  simple_read_from_buffer+0xcb/0x170
[  773.661296][T19624]  proc_fail_nth_read+0x197/0x270
[  773.661317][T19624]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  773.661331][T19624]  ? rw_verify_area+0xcf/0x680
[  773.661344][T19624]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  773.661357][T19624]  vfs_read+0x1e4/0xc60
[  773.661372][T19624]  ? fdget_pos+0x2a2/0x370
[  773.661389][T19624]  ? __pfx_vfs_read+0x10/0x10
[  773.661403][T19624]  ? find_held_lock+0x2b/0x80
[  773.661418][T19624]  ? __fget_files+0x20e/0x3c0
[  773.661436][T19624]  ksys_read+0x12a/0x250
[  773.661451][T19624]  ? __pfx_ksys_read+0x10/0x10
[  773.661466][T19624]  ? rcu_is_watching+0x12/0xc0
[  773.661480][T19624]  __do_fast_syscall_32+0x7c/0x3a0
[  773.661498][T19624]  do_fast_syscall_32+0x32/0x80
[  773.661514][T19624]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  773.661527][T19624] RIP: 0023:0xf70ce579
[  773.661536][T19624] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  773.661547][T19624] RSP: 002b:00000000f50be590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  773.661557][T19624] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 00000000f50be620
[  773.661563][T19624] RDX: 000000000000000f RSI: 00000000f7433ff4 RDI: 0000000000000000
[  773.661570][T19624] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  773.661576][T19624] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  773.661582][T19624] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  773.661595][T19624]  </TASK>
[  773.775807][T19593] 8021q: adding VLAN 0 to HW filter on device bond0
[  773.794214][T19632] loop9: detected capacity change from 0 to 7
[  773.796657][T19632] Buffer I/O error on dev loop9, logical block 0, async page read
[  773.799171][T19632] Buffer I/O error on dev loop9, logical block 0, async page read
[  773.801598][T19632] Buffer I/O error on dev loop9, logical block 0, async page read
[  773.804269][T19632] Buffer I/O error on dev loop9, logical block 0, async page read
[  773.805110][T19593] 8021q: adding VLAN 0 to HW filter on device team0
[  773.806750][T19632] Buffer I/O error on dev loop9, logical block 0, async page read
[  773.812021][T19632] Buffer I/O error on dev loop9, logical block 0, async page read
[  773.814518][T19632] Buffer I/O error on dev loop9, logical block 0, async page read
[  773.816951][T19632] ldm_validate_partition_table(): Disk read failed.
[  773.819033][T19632] Buffer I/O error on dev loop9, logical block 0, async page read
[  773.821530][T19632] Buffer I/O error on dev loop9, logical block 0, async page read
[  773.824017][T19632] Buffer I/O error on dev loop9, logical block 0, async page read
[  773.826648][T19632] Dev loop9: unable to read RDB block 0
[  773.828494][T19632]  loop9: unable to read partition table
[  773.830455][T19632] loop9: partition table beyond EOD, truncated
[  773.831462][T19593] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  773.832373][T19632] loop_reread_partitions: partition scan of loop9 (þ被xü—ŸÑà– ) failed (rc=-5)
[  773.835670][T19593] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  773.852670][   T46] bridge0: port 1(bridge_slave_0) entered blocking state
[  773.854936][   T46] bridge0: port 1(bridge_slave_0) entered forwarding state
[  773.860788][   T46] bridge0: port 2(bridge_slave_1) entered blocking state
[  773.863138][   T46] bridge0: port 2(bridge_slave_1) entered forwarding state
[  773.954978][ T5971] Bluetooth: hci1: command tx timeout
[  773.962081][T19593] 8021q: adding VLAN 0 to HW filter on device batadv0
[  774.102316][T19593] veth0_vlan: entered promiscuous mode
[  774.107470][T19593] veth1_vlan: entered promiscuous mode
[  774.122478][T19593] veth0_macvtap: entered promiscuous mode
[  774.127860][T19593] veth1_macvtap: entered promiscuous mode
[  774.144311][T19593] batman_adv: batadv0: Interface activated: batadv_slave_0
[  774.152780][T19593] batman_adv: batadv0: Interface activated: batadv_slave_1
[  774.161003][T19593] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  774.163906][T19593] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  774.167984][T19593] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  774.170679][T19593] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  774.178171][   T13] : left promiscuous mode
[  774.243850][   T13] : left promiscuous mode
[  774.366639][   T46] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  774.387164][   T46] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  774.407003][T19662] FAULT_INJECTION: forcing a failure.
[  774.407003][T19662] name failslab, interval 1, probability 0, space 0, times 0
[  774.412229][T19662] CPU: 0 UID: 0 PID: 19662 Comm: syz.3.3873 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) 
[  774.412264][T19662] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  774.412272][T19662] Call Trace:
[  774.412277][T19662]  <TASK>
[  774.412281][T19662]  dump_stack_lvl+0x16c/0x1f0
[  774.412301][T19662]  should_fail_ex+0x512/0x640
[  774.412321][T19662]  ? __kmalloc_noprof+0xbf/0x510
[  774.412338][T19662]  ? iter_file_splice_write+0x1cc/0x1150
[  774.412353][T19662]  should_failslab+0xc2/0x120
[  774.412363][T19662]  __kmalloc_noprof+0xd2/0x510
[  774.412378][T19662]  ? __pfx_timestamp_truncate+0x10/0x10
[  774.412395][T19662]  ? ktime_get_coarse_real_ts64_mg+0x1d4/0x300
[  774.412413][T19662]  iter_file_splice_write+0x1cc/0x1150
[  774.412427][T19662]  ? current_time+0x11d/0x1a0
[  774.412442][T19662]  ? __pfx_current_time+0x10/0x10
[  774.412457][T19662]  ? __pfx_make_vfsgid+0x10/0x10
[  774.412471][T19662]  ? atime_needs_update+0x8b/0x710
[  774.412484][T19662]  ? __pfx_iter_file_splice_write+0x10/0x10
[  774.412498][T19662]  ? __lock_acquire+0xb8a/0x1c90
[  774.412524][T19662]  ? __pfx_iter_file_splice_write+0x10/0x10
[  774.412539][T19662]  direct_splice_actor+0x18f/0x6c0
[  774.412555][T19662]  splice_direct_to_actor+0x345/0xa30
[  774.412569][T19662]  ? __pfx_direct_splice_actor+0x10/0x10
[  774.412586][T19662]  ? __pfx_splice_direct_to_actor+0x10/0x10
[  774.412599][T19662]  ? get_pid_task+0xfc/0x250
[  774.412617][T19662]  do_splice_direct+0x174/0x240
[  774.412631][T19662]  ? __pfx_do_splice_direct+0x10/0x10
[  774.412645][T19662]  ? __pfx_direct_file_splice_eof+0x10/0x10
[  774.412661][T19662]  ? rw_verify_area+0xcf/0x680
[  774.412676][T19662]  do_sendfile+0xb06/0xe50
[  774.412693][T19662]  ? __pfx_do_sendfile+0x10/0x10
[  774.412707][T19662]  ? __might_fault+0xe3/0x190
[  774.412721][T19662]  ? __might_fault+0x13b/0x190
[  774.412740][T19662]  __ia32_compat_sys_sendfile+0x162/0x220
[  774.412752][T19662]  ? __pfx___ia32_compat_sys_sendfile+0x10/0x10
[  774.412764][T19662]  ? rcu_is_watching+0x12/0xc0
[  774.412777][T19662]  __do_fast_syscall_32+0x7c/0x3a0
[  774.412795][T19662]  do_fast_syscall_32+0x32/0x80
[  774.412811][T19662]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  774.412824][T19662] RIP: 0023:0xf707e579
[  774.412833][T19662] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  774.412844][T19662] RSP: 002b:00000000f504d55c EFLAGS: 00000296 ORIG_RAX: 00000000000000bb
[  774.412854][T19662] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000000004
[  774.412861][T19662] RDX: 0000000080000080 RSI: 0000000000007f04 RDI: 0000000000000000
[  774.412867][T19662] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  774.412873][T19662] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  774.412879][T19662] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  774.412892][T19662]  </TASK>
[  774.615939][ T1138] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  774.619060][ T1138] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  774.747889][   T13] hsr_slave_0: left promiscuous mode
[  774.759489][   T13] hsr_slave_1: left promiscuous mode
[  774.770681][   T13] batman_adv: batadv0: Removing interface: dummy0
[  774.783873][   T13] batman_adv: batadv0: Removing interface: batadv_slave_0
[  774.786706][   T13] batman_adv: batadv0: Removing interface: batadv_slave_1
[  775.098974][ T1417] ieee802154 phy1 wpan1: encryption failed: -22
[  775.872783][T19677] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(6)
[  775.874902][T19677] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  775.878409][T19677] vhci_hcd vhci_hcd.0: Device attached
[  775.944850][ T5971] Bluetooth: hci1: command tx timeout
[  776.016413][T19673] Context (ID=0x10) not attached to queue pair (handle=0x4dd:0x0)
[  776.093680][   T13] team0 (unregistering): Port device team_slave_1 removed
[  776.189260][   T13] team0 (unregistering): Port device team_slave_0 removed
[  776.763968][T19679] vhci_hcd: connection closed
[  776.777972][   T46] vhci_hcd: stop threads
[  776.780852][   T46] vhci_hcd: release socket
[  776.786478][   T46] vhci_hcd: disconnect device
[  776.864502][T19687] FAULT_INJECTION: forcing a failure.
[  776.864502][T19687] name failslab, interval 1, probability 0, space 0, times 0
[  776.871530][T19687] CPU: 3 UID: 0 PID: 19687 Comm: syz.3.3878 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) 
[  776.871547][T19687] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  776.871553][T19687] Call Trace:
[  776.871557][T19687]  <TASK>
[  776.871562][T19687]  dump_stack_lvl+0x16c/0x1f0
[  776.871582][T19687]  should_fail_ex+0x512/0x640
[  776.871598][T19687]  ? __kmalloc_cache_noprof+0x57/0x3e0
[  776.871614][T19687]  should_failslab+0xc2/0x120
[  776.871624][T19687]  __kmalloc_cache_noprof+0x6a/0x3e0
[  776.871638][T19687]  ? rcu_is_watching+0x12/0xc0
[  776.871649][T19687]  ? call_usermodehelper_setup+0xaf/0x360
[  776.871662][T19687]  ? __pfx_free_modprobe_argv+0x10/0x10
[  776.871679][T19687]  call_usermodehelper_setup+0xaf/0x360
[  776.871692][T19687]  __request_module+0x3bd/0x690
[  776.871708][T19687]  ? __pfx___request_module+0x10/0x10
[  776.871723][T19687]  ? aa_get_newest_label+0x375/0x680
[  776.871735][T19687]  ? __pfx_aa_get_newest_label+0x10/0x10
[  776.871750][T19687]  ? apparmor_capable+0x114/0x1d0
[  776.871761][T19687]  ? dev_load+0x1de/0x240
[  776.871778][T19687]  dev_load+0x1ff/0x240
[  776.871791][T19687]  dev_ioctl+0x19c/0x1060
[  776.871807][T19687]  sock_ioctl+0x5b3/0x6b0
[  776.871820][T19687]  ? __pfx_sock_ioctl+0x10/0x10
[  776.871830][T19687]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  776.871851][T19687]  compat_sock_ioctl+0x58b/0x730
[  776.871864][T19687]  ? __pfx_compat_sock_ioctl+0x10/0x10
[  776.871875][T19687]  ? hook_file_ioctl_common+0x145/0x410
[  776.871890][T19687]  ? __fget_files+0x20e/0x3c0
[  776.871904][T19687]  ? __fput_deferred+0x450/0x480
[  776.871918][T19687]  ? __pfx_compat_sock_ioctl+0x10/0x10
[  776.871930][T19687]  __ia32_compat_sys_ioctl+0x23f/0x370
[  776.871944][T19687]  __do_fast_syscall_32+0x7c/0x3a0
[  776.871962][T19687]  do_fast_syscall_32+0x32/0x80
[  776.871978][T19687]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  776.871991][T19687] RIP: 0023:0xf707e579
[  776.872000][T19687] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  776.872011][T19687] RSP: 002b:00000000f504d55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  776.872021][T19687] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 00000000000089f0
[  776.872028][T19687] RDX: 0000000080000800 RSI: 0000000000000000 RDI: 0000000000000000
[  776.872034][T19687] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  776.872041][T19687] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  776.872047][T19687] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  776.872060][T19687]  </TASK>
[  777.236780][   T13] IPVS: stop unused estimator thread 0...
[  777.381441][T19698] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(6)
[  777.383535][T19698] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  777.461998][T19698] vhci_hcd vhci_hcd.0: Device attached
[  777.736018][ T1946] usb 48-1: SetAddress Request (2) to port 0
[  777.738059][ T1946] usb 48-1: new SuperSpeed USB device number 2 using vhci_hcd
[  777.917109][ T5971] Bluetooth: hci1: command tx timeout
[  777.937871][T19699] vhci_hcd: connection reset by peer
[  777.944945][   T12] vhci_hcd: stop threads
[  777.946863][   T12] vhci_hcd: release socket
[  777.948715][   T12] vhci_hcd: disconnect device
[  778.064813][T19715] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3882'.
[  778.069413][ T6044] usb 46-1: device descriptor read/8, error -110
[  778.569220][ T6044] usb usb46-port1: attempt power cycle
[  779.240358][T19732] netlink: 72 bytes leftover after parsing attributes in process `syz.5.3888'.
[  779.248488][T19732] bridge_slave_0: left allmulticast mode
[  779.250273][T19732] bridge_slave_0: left promiscuous mode
[  779.253046][T19732] bridge0: port 1(bridge_slave_0) entered disabled state
[  779.258420][T19732] bridge_slave_1: left allmulticast mode
[  779.260316][T19732] bridge_slave_1: left promiscuous mode
[  779.276921][T19732] bridge0: port 2(bridge_slave_1) entered disabled state
[  779.296455][T19732] bond0: (slave bond_slave_0): Releasing backup interface
[  779.306458][T19732] bond0: (slave bond_slave_1): Releasing backup interface
[  779.322439][T19732] team0: Port device team_slave_0 removed
[  779.329143][ T6044] usb usb46-port1: unable to enumerate USB device
[  779.342790][T19732] team0: Port device team_slave_1 removed
[  779.346791][T19732] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  779.349115][T19732] batman_adv: batadv0: Removing interface: batadv_slave_0
[  779.355501][T19732] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  779.357833][T19732] batman_adv: batadv0: Removing interface: batadv_slave_1
[  779.609866][T19751] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3893'.
[  779.613615][T19751] netlink: 32 bytes leftover after parsing attributes in process `syz.0.3893'.
[  779.900705][ T5971] Bluetooth: hci1: command tx timeout
[  780.174271][ T6044] usb 10-1: new high-speed USB device number 2 using dummy_hcd
[  780.329660][ T6044] usb 10-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  780.332384][ T6044] usb 10-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  780.336183][ T6044] usb 10-1: config 1 has 1 interface, different from the descriptor's value: 66
[  780.365028][ T6044] usb 10-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  780.368584][ T6044] usb 10-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  780.388343][ T6044] usb 10-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  780.391228][ T6044] usb 10-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  780.394069][ T6044] usb 10-1: Product: syz
[  780.395605][ T6044] usb 10-1: Manufacturer: syz
[  780.428630][ T6044] cdc_wdm 10-1:1.0: skipping garbage
[  780.434595][ T6044] cdc_wdm 10-1:1.0: skipping garbage
[  780.441531][ T6044] cdc_wdm 10-1:1.0: cdc-wdm0: USB WDM device
[  780.449668][ T6044] cdc_wdm 10-1:1.0: Unknown control protocol
[  780.644390][ T6044] usb 10-1: USB disconnect, device number 2
[  780.712915][T19770] netlink: 36 bytes leftover after parsing attributes in process `syz.3.3897'.
[  781.246472][T19781] netlink: 32 bytes leftover after parsing attributes in process `syz.3.3900'.
[  782.548896][T19812] rdma_rxe: rxe_newlink: failed to add team_slave_0
[  782.574832][ T1946] usb 48-1: device descriptor read/8, error -110
[  782.647054][   T40] kauditd_printk_skb: 1023 callbacks suppressed
[  782.647070][   T40] audit: type=1326 audit(2000001508.197:3861): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19817 comm="syz.0.3911" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf70ce579 code=0x0
[  782.689502][T19815] netlink: 'syz.3.3910': attribute type 1 has an invalid length.
[  782.710379][T19815] overlayfs: failed to resolve './file1/file0': -2
[  782.714560][T19815] netlink: 52 bytes leftover after parsing attributes in process `syz.3.3910'.
[  782.848126][T19827] netlink: 196 bytes leftover after parsing attributes in process `syz.4.3914'.
[  782.966790][ T1946] usb usb48-port1: attempt power cycle
[  783.562439][ T1946] usb usb48-port1: unable to enumerate USB device
[  783.658283][T19846] new mount options do not match the existing superblock, will be ignored
[  783.667685][T19846] FAULT_INJECTION: forcing a failure.
[  783.667685][T19846] name failslab, interval 1, probability 0, space 0, times 0
[  783.675725][T19846] CPU: 0 UID: 0 PID: 19846 Comm: syz.0.3919 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) 
[  783.675742][T19846] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  783.675749][T19846] Call Trace:
[  783.675753][T19846]  <TASK>
[  783.675757][T19846]  dump_stack_lvl+0x16c/0x1f0
[  783.675780][T19846]  should_fail_ex+0x512/0x640
[  783.675795][T19846]  ? __kvmalloc_node_noprof+0x124/0x620
[  783.675813][T19846]  should_failslab+0xc2/0x120
[  783.675823][T19846]  __kvmalloc_node_noprof+0x137/0x620
[  783.675837][T19846]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  783.675854][T19846]  ? simple_xattr_alloc+0x41/0xa0
[  783.675868][T19846]  ? simple_xattr_alloc+0x41/0xa0
[  783.675877][T19846]  simple_xattr_alloc+0x41/0xa0
[  783.675888][T19846]  simple_xattr_set+0x3d/0x3e0
[  783.675898][T19846]  ? __pfx_kernfs_vfs_xattr_set+0x10/0x10
[  783.675914][T19846]  ? __pfx_kernfs_vfs_xattr_set+0x10/0x10
[  783.675927][T19846]  kernfs_vfs_xattr_set+0x82/0xe0
[  783.675942][T19846]  __vfs_setxattr+0x172/0x1e0
[  783.675958][T19846]  ? __pfx___vfs_setxattr+0x10/0x10
[  783.675973][T19846]  ? apparmor_capable+0x114/0x1d0
[  783.675987][T19846]  __vfs_setxattr_noperm+0x127/0x660
[  783.676005][T19846]  __vfs_setxattr_locked+0x182/0x260
[  783.676020][T19846]  ? __lock_acquire+0xb8a/0x1c90
[  783.676036][T19846]  vfs_setxattr+0x145/0x360
[  783.676052][T19846]  ? lock_acquire+0x179/0x350
[  783.676067][T19846]  ? __pfx_vfs_setxattr+0x10/0x10
[  783.676081][T19846]  ? mnt_get_write_access+0x54/0x300
[  783.676093][T19846]  ? mnt_get_write_access+0x54/0x300
[  783.676106][T19846]  do_setxattr+0x145/0x180
[  783.676122][T19846]  filename_setxattr+0x16b/0x1d0
[  783.676137][T19846]  ? __pfx_filename_setxattr+0x10/0x10
[  783.676152][T19846]  ? getname_flags.part.0+0x1c5/0x550
[  783.676168][T19846]  path_setxattrat+0x1de/0x2a0
[  783.676183][T19846]  ? __pfx_path_setxattrat+0x10/0x10
[  783.676200][T19846]  ? ksys_write+0x190/0x250
[  783.676227][T19846]  ? fput+0x70/0xf0
[  783.676236][T19846]  ? arch_syscall_is_vdso_sigreturn+0x1bd/0x230
[  783.676252][T19846]  ? syscall_user_dispatch+0x78/0x140
[  783.676264][T19846]  __ia32_sys_lsetxattr+0xc7/0x140
[  783.676283][T19846]  ? syscall_trace_enter+0x5e/0x260
[  783.676300][T19846]  __do_fast_syscall_32+0x7c/0x3a0
[  783.676318][T19846]  do_fast_syscall_32+0x32/0x80
[  783.676334][T19846]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  783.676348][T19846] RIP: 0023:0xf70ce579
[  783.676356][T19846] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  783.676367][T19846] RSP: 002b:00000000f50be55c EFLAGS: 00000296 ORIG_RAX: 00000000000000e3
[  783.676377][T19846] RAX: ffffffffffffffda RBX: 0000000080000000 RCX: 0000000080000040
[  783.676384][T19846] RDX: 0000000080000080 RSI: 0000000000000016 RDI: 0000000000000001
[  783.676390][T19846] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  783.676396][T19846] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  783.676402][T19846] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  783.676416][T19846]  </TASK>
[  784.071901][T19863] netlink: 196 bytes leftover after parsing attributes in process `syz.5.3924'.
[  784.233426][T19867] bond0 (unregistering): Released all slaves
[  784.589398][T19872] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3925'.
[  785.147100][T19884] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(6)
[  785.149103][T19884] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  785.152107][T19884] vhci_hcd vhci_hcd.0: Device attached
[  785.451451][ T6044] usb 38-1: SetAddress Request (10) to port 0
[  785.453528][ T6044] usb 38-1: new SuperSpeed USB device number 10 using vhci_hcd
[  785.970165][T19906] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3936'.
[  785.972989][T19906] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3936'.
[  786.054536][T19910] sctp: [Deprecated]: syz.3.3937 (pid 19910) Use of int in max_burst socket option.
[  786.054536][T19910] Use struct sctp_assoc_value instead
[  786.077381][T19885] vhci_hcd: connection reset by peer
[  786.082402][ T1137] vhci_hcd: stop threads
[  786.083787][ T1137] vhci_hcd: release socket
[  786.085237][ T1137] vhci_hcd: disconnect device
[  786.194963][T19900] netdevsim netdevsim5 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  786.200306][T19900] netdevsim netdevsim5 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  786.203831][T19900] netdevsim netdevsim5 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  786.207356][T19900] netdevsim netdevsim5 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  786.244104][T19913] UDF-fs: warning (device sr0): udf_load_vrs: No VRS found
[  786.246426][T19913] UDF-fs: Scanning with blocksize 2048 failed
[  786.266698][T19913] UDF-fs: warning (device sr0): udf_load_vrs: No VRS found
[  786.269000][T19913] UDF-fs: Scanning with blocksize 4096 failed
[  788.055698][T19948] option changes via remount are deprecated (pid=19947 comm=syz.4.3949)
[  788.101459][T19952] FAULT_INJECTION: forcing a failure.
[  788.101459][T19952] name failslab, interval 1, probability 0, space 0, times 0
[  788.105675][T19952] CPU: 0 UID: 0 PID: 19952 Comm: syz.4.3951 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) 
[  788.105701][T19952] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  788.105708][T19952] Call Trace:
[  788.105713][T19952]  <TASK>
[  788.105718][T19952]  dump_stack_lvl+0x16c/0x1f0
[  788.105765][T19952]  should_fail_ex+0x512/0x640
[  788.105781][T19952]  ? __kmalloc_cache_noprof+0x57/0x3e0
[  788.105798][T19952]  should_failslab+0xc2/0x120
[  788.105808][T19952]  __kmalloc_cache_noprof+0x6a/0x3e0
[  788.105823][T19952]  ? rtnl_newlink+0x11b/0x2000
[  788.105841][T19952]  ? __pfx_rtnl_newlink+0x10/0x10
[  788.105857][T19952]  rtnl_newlink+0x11b/0x2000
[  788.105872][T19952]  ? is_bpf_text_address+0x8a/0x1a0
[  788.105889][T19952]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  788.105903][T19952]  ? is_bpf_text_address+0x94/0x1a0
[  788.105918][T19952]  ? __pfx_rtnl_newlink+0x10/0x10
[  788.105937][T19952]  ? __kernel_text_address+0xd/0x40
[  788.105947][T19952]  ? unwind_get_return_address+0x59/0xa0
[  788.105965][T19952]  ? arch_stack_walk+0xa6/0x100
[  788.105983][T19952]  ? __lock_acquire+0x622/0x1c90
[  788.105999][T19952]  ? rcu_is_watching+0x12/0xc0
[  788.106010][T19952]  ? trace_cap_capable+0x18d/0x200
[  788.106025][T19952]  ? find_held_lock+0x2b/0x80
[  788.106036][T19952]  ? __pfx_rtnl_newlink+0x10/0x10
[  788.106051][T19952]  ? __pfx_rtnl_newlink+0x10/0x10
[  788.106067][T19952]  ? rtnetlink_rcv_msg+0x93a/0xe90
[  788.106083][T19952]  ? __pfx_rtnl_newlink+0x10/0x10
[  788.106100][T19952]  rtnetlink_rcv_msg+0x95e/0xe90
[  788.106118][T19952]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  788.106137][T19952]  ? __lock_acquire+0x622/0x1c90
[  788.106154][T19952]  netlink_rcv_skb+0x155/0x420
[  788.106166][T19952]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  788.106184][T19952]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  788.106200][T19952]  ? netlink_deliver_tap+0x1ae/0xd30
[  788.106217][T19952]  ? is_vmalloc_addr+0x86/0xa0
[  788.106235][T19952]  netlink_unicast+0x58d/0x850
[  788.106248][T19952]  ? __pfx_netlink_unicast+0x10/0x10
[  788.106263][T19952]  netlink_sendmsg+0x8d1/0xdd0
[  788.106276][T19952]  ? __pfx_netlink_sendmsg+0x10/0x10
[  788.106288][T19952]  ? __import_iovec+0x1dd/0x650
[  788.106302][T19952]  ____sys_sendmsg+0xa95/0xc70
[  788.106315][T19952]  ? __pfx_____sys_sendmsg+0x10/0x10
[  788.106326][T19952]  ? get_compat_msghdr+0x11a/0x170
[  788.106349][T19952]  ___sys_sendmsg+0x134/0x1d0
[  788.106365][T19952]  ? __pfx____sys_sendmsg+0x10/0x10
[  788.106387][T19952]  ? find_held_lock+0x2b/0x80
[  788.106407][T19952]  __sys_sendmsg+0x16d/0x220
[  788.106423][T19952]  ? __pfx___sys_sendmsg+0x10/0x10
[  788.106445][T19952]  ? rcu_is_watching+0x12/0xc0
[  788.106458][T19952]  __do_fast_syscall_32+0x7c/0x3a0
[  788.106475][T19952]  do_fast_syscall_32+0x32/0x80
[  788.106491][T19952]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  788.106505][T19952] RIP: 0023:0xf7f14579
[  788.106513][T19952] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  788.106523][T19952] RSP: 002b:00000000f503655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  788.106534][T19952] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000000
[  788.106540][T19952] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  788.106546][T19952] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  788.106552][T19952] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  788.106558][T19952] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  788.106572][T19952]  </TASK>
[  788.503091][T19966] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3953'.
[  788.966269][ T5971] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  788.966773][ T5967] Bluetooth: hci4: command 0x1003 tx timeout
[  789.635523][T19986] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3958'.
[  789.853915][T19990] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3960'.
[  789.875370][T19993] netlink: 'syz.3.3961': attribute type 1 has an invalid length.
[  789.877892][T19993] netlink: 216 bytes leftover after parsing attributes in process `syz.3.3961'.
[  789.940068][T19999] netlink: 'syz.5.3964': attribute type 1 has an invalid length.
[  789.942476][T19999] netlink: 216 bytes leftover after parsing attributes in process `syz.5.3964'.
[  789.975318][T20001] nfs4: Unknown parameter ''
[  790.083385][T19997] Bluetooth: MGMT ver 1.23
[  790.897611][ T6044] usb 38-1: device descriptor read/8, error -110
[  790.975613][T20021] FAULT_INJECTION: forcing a failure.
[  790.975613][T20021] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  790.992343][T20021] CPU: 1 UID: 0 PID: 20021 Comm: syz.0.3970 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) 
[  790.992362][T20021] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  790.992370][T20021] Call Trace:
[  790.992374][T20021]  <TASK>
[  790.992379][T20021]  dump_stack_lvl+0x16c/0x1f0
[  790.992400][T20021]  should_fail_ex+0x512/0x640
[  790.992419][T20021]  copy_fpstate_to_sigframe+0x854/0xaf0
[  790.992437][T20021]  ? __pfx_copy_fpstate_to_sigframe+0x10/0x10
[  790.992451][T20021]  ? posixtimer_deliver_signal+0xed/0x6a0
[  790.992471][T20021]  ? posixtimer_deliver_signal+0x1af/0x6a0
[  790.992486][T20021]  ? x86_task_fpu+0x5f/0x90
[  790.992499][T20021]  get_sigframe+0x4a8/0x9c0
[  790.992514][T20021]  ? __pfx_get_sigframe+0x10/0x10
[  790.992528][T20021]  ? _raw_spin_unlock_irq+0x23/0x50
[  790.992542][T20021]  ? siginfo_layout+0x177/0x290
[  790.992557][T20021]  ia32_setup_rt_frame+0xe3/0xb30
[  790.992577][T20021]  ? __pfx_ia32_setup_rt_frame+0x10/0x10
[  790.992593][T20021]  ? find_held_lock+0x2b/0x80
[  790.992605][T20021]  ? __fget_files+0x204/0x3c0
[  790.992622][T20021]  arch_do_signal_or_restart+0x480/0x790
[  790.992637][T20021]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  790.992654][T20021]  ? ksys_read+0x1ac/0x250
[  790.992669][T20021]  ? __pfx_ksys_read+0x10/0x10
[  790.992685][T20021]  ? __pfx___do_compat_sys_rt_sigreturn+0x10/0x10
[  790.992715][T20021]  exit_to_user_mode_loop+0x84/0x110
[  790.992745][T20021]  do_int80_emulation+0x352/0x460
[  790.992776][T20021]  asm_int80_emulation+0x1a/0x20
[  790.992793][T20021] RIP: 0023:0xf70ce577
[  790.992808][T20021] Code: 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 <cd> 80 5d 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00
[  790.992824][T20021] RSP: 002b:00000000f50be55c EFLAGS: 00000296 ORIG_RAX: 0000000000000003
[  790.992840][T20021] RAX: 0000000000000003 RBX: 0000000000000004 RCX: 0000000080000180
[  790.992851][T20021] RDX: 0000000000002020 RSI: 0000000000000000 RDI: 0000000000000000
[  790.992862][T20021] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  790.992871][T20021] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  790.992881][T20021] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  790.992903][T20021]  </TASK>
[  791.349619][ T6044] usb usb38-port1: attempt power cycle
[  791.910431][ T6044] usb usb38-port1: unable to enumerate USB device
[  792.124361][T20047] UDF-fs: warning (device sr0): udf_load_vrs: No VRS found
[  792.126653][T20047] UDF-fs: Scanning with blocksize 2048 failed
[  792.129522][T20047] UDF-fs: warning (device sr0): udf_load_vrs: No VRS found
[  792.131721][T20047] UDF-fs: Scanning with blocksize 4096 failed
[  793.463372][T20061] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(6)
[  793.465452][T20061] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  793.473762][T20061] vhci_hcd vhci_hcd.0: Device attached
[  793.493946][T20060] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3979'.
[  793.805455][ T6044] usb 38-1: SetAddress Request (14) to port 0
[  793.807776][ T6044] usb 38-1: new SuperSpeed USB device number 14 using vhci_hcd
[  794.033768][T20062] vhci_hcd: connection reset by peer
[  794.035924][   T46] vhci_hcd: stop threads
[  794.037320][   T46] vhci_hcd: release socket
[  794.039457][   T46] vhci_hcd: disconnect device
[  794.150118][T20072] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3983'.
[  794.299212][T20072] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  794.301300][T20072] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  794.310748][T20072] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  794.312896][T20072] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  794.364876][T20072] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  796.130056][ T5967] Bluetooth: hci3: command 0x0c1a tx timeout
[  796.348676][ T5967] Bluetooth: hci1: command 0x0c1a tx timeout
[  796.351385][ T5967] Bluetooth: hci2: command 0x0405 tx timeout
[  796.761389][T20121] overlayfs: failed to resolve './file1': -2
[  797.008536][   T40] audit: type=1800 audit(2000001523.282:3862): pid=20126 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.3999" name="file0" dev="9p" ino=36047789 res=0 errno=0
[  797.236307][T20129] FAULT_INJECTION: forcing a failure.
[  797.236307][T20129] name failslab, interval 1, probability 0, space 0, times 0
[  797.238325][T20124] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3998'.
[  797.250172][T20129] CPU: 0 UID: 0 PID: 20129 Comm: syz.5.4000 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) 
[  797.250200][T20129] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  797.250206][T20129] Call Trace:
[  797.250211][T20129]  <TASK>
[  797.250217][T20129]  dump_stack_lvl+0x16c/0x1f0
[  797.250238][T20129]  should_fail_ex+0x512/0x640
[  797.250254][T20129]  ? __kmalloc_noprof+0xbf/0x510
[  797.250270][T20129]  ? snd_ctl_elem_add+0x558/0x14c0
[  797.250286][T20129]  should_failslab+0xc2/0x120
[  797.250296][T20129]  __kmalloc_noprof+0xd2/0x510
[  797.250315][T20129]  snd_ctl_elem_add+0x558/0x14c0
[  797.250333][T20129]  ? find_held_lock+0x2b/0x80
[  797.250344][T20129]  ? __might_fault+0xe3/0x190
[  797.250359][T20129]  ? __might_fault+0xe3/0x190
[  797.250373][T20129]  ? __might_fault+0x13b/0x190
[  797.250389][T20129]  ? __pfx_snd_ctl_elem_add+0x10/0x10
[  797.250408][T20129]  snd_ctl_elem_add_compat+0x299/0x3f0
[  797.250426][T20129]  snd_ctl_ioctl_compat+0xa96/0xc50
[  797.250443][T20129]  ? __pfx_snd_ctl_ioctl_compat+0x10/0x10
[  797.250457][T20129]  ? find_held_lock+0x2b/0x80
[  797.250468][T20129]  ? hook_file_ioctl_common+0x145/0x410
[  797.250484][T20129]  ? __fget_files+0x20e/0x3c0
[  797.250501][T20129]  ? __pfx_snd_ctl_ioctl_compat+0x10/0x10
[  797.250518][T20129]  __ia32_compat_sys_ioctl+0x23f/0x370
[  797.250533][T20129]  __do_fast_syscall_32+0x7c/0x3a0
[  797.250551][T20129]  do_fast_syscall_32+0x32/0x80
[  797.250567][T20129]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  797.250581][T20129] RIP: 0023:0xf7fe7579
[  797.250590][T20129] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  797.250601][T20129] RSP: 002b:00000000f510655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  797.250611][T20129] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000c1105517
[  797.250618][T20129] RDX: 0000000080000340 RSI: 0000000000000000 RDI: 0000000000000000
[  797.250624][T20129] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  797.250630][T20129] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  797.250636][T20129] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  797.250650][T20129]  </TASK>
[  798.085661][T20143] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4004'.
[  798.132789][T20143] netlink: 196 bytes leftover after parsing attributes in process `syz.4.4004'.
[  798.273112][ T5971] Bluetooth: hci1: command 0x0c1a tx timeout
[  798.647340][ T6044] usb 38-1: device descriptor read/8, error -110
[  798.961298][T20171] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4013'.
[  798.967326][T20171] netlink: 196 bytes leftover after parsing attributes in process `syz.0.4013'.
[  799.010303][T20173] smc: removing net device bond0 with user defined pnetid SYZ2
[  799.012928][T20173] bond0 (unregistering): Released all slaves
[  799.073422][ T6044] usb usb38-port1: attempt power cycle
[  799.229915][T20183] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4011'.
[  799.296622][T20189] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4014'.
[  799.646844][ T6044] usb usb38-port1: unable to enumerate USB device
[  800.031978][T20203] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4018'.
[  800.245118][ T5971] Bluetooth: hci1: command 0x0c1a tx timeout
[  800.904069][   T40] audit: type=1326 audit(2000001527.376:3863): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20218 comm="syz.3.4022" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf707e579 code=0xffff0000
[  801.095392][T20223] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4030'.
[  802.093683][T20244] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4026'.
[  802.783960][T20255] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4032'.
[  802.796409][T20255] netlink: 196 bytes leftover after parsing attributes in process `syz.3.4032'.
[  804.099881][T20299] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4039'.
[  804.802222][T20307] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4043'.
[  804.813443][T20307] netlink: 196 bytes leftover after parsing attributes in process `syz.0.4043'.
[  804.846277][T20308] : entered promiscuous mode
[  804.863376][T20308] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4041'.
[  806.576826][T20335] 9pnet_fd: Insufficient options for proto=fd
[  806.700285][   T40] audit: type=1326 audit(2000001533.455:3864): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20338 comm="syz.3.4050" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf707e579 code=0x0
[  806.988849][T20345] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4053'.
[  807.009219][T20345] netlink: 196 bytes leftover after parsing attributes in process `syz.0.4053'.
[  808.179914][T20362] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4057'.
[  808.370360][T20367] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4054'.
[  808.615689][T20371] FAULT_INJECTION: forcing a failure.
[  808.615689][T20371] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  808.620324][T20371] CPU: 3 UID: 0 PID: 20371 Comm: syz.3.4059 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) 
[  808.620351][T20371] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  808.620358][T20371] Call Trace:
[  808.620362][T20371]  <TASK>
[  808.620367][T20371]  dump_stack_lvl+0x16c/0x1f0
[  808.620387][T20371]  should_fail_ex+0x512/0x640
[  808.620405][T20371]  _copy_from_user+0x2e/0xd0
[  808.620422][T20371]  get_compat_msghdr+0xa7/0x170
[  808.620440][T20371]  ? __pfx_get_compat_msghdr+0x10/0x10
[  808.620458][T20371]  ? __lock_acquire+0x622/0x1c90
[  808.620475][T20371]  ___sys_recvmsg+0x191/0x1a0
[  808.620491][T20371]  ? __pfx____sys_recvmsg+0x10/0x10
[  808.620508][T20371]  ? find_held_lock+0x2b/0x80
[  808.620524][T20371]  ? __pfx___might_resched+0x10/0x10
[  808.620540][T20371]  do_recvmmsg+0x55d/0x750
[  808.620557][T20371]  ? __pfx_do_recvmmsg+0x10/0x10
[  808.620572][T20371]  ? trace_sched_exit_tp+0xde/0x130
[  808.620594][T20371]  ? __pfx___schedule+0x10/0x10
[  808.620607][T20371]  ? __fget_files+0x20e/0x3c0
[  808.620621][T20371]  ? handle_mm_fault+0x1e0/0xd10
[  808.620637][T20371]  __sys_recvmmsg+0x21c/0x280
[  808.620653][T20371]  ? __pfx___sys_recvmmsg+0x10/0x10
[  808.620673][T20371]  __ia32_compat_sys_recvmmsg_time32+0xc4/0x160
[  808.620684][T20371]  ? lockdep_hardirqs_on+0x7c/0x110
[  808.620699][T20371]  ? syscall_enter_from_user_mode_prepare+0x68/0xe0
[  808.620715][T20371]  __do_fast_syscall_32+0x7c/0x3a0
[  808.620732][T20371]  do_fast_syscall_32+0x32/0x80
[  808.620748][T20371]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  808.620768][T20371] RIP: 0023:0xf707e579
[  808.620777][T20371] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  808.620788][T20371] RSP: 002b:00000000f504d55c EFLAGS: 00000296 ORIG_RAX: 0000000000000151
[  808.620799][T20371] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000080002440
[  808.620806][T20371] RDX: 00000000ffffff67 RSI: 0000000000000000 RDI: 0000000000000000
[  808.620812][T20371] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  808.620819][T20371] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  808.620825][T20371] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  808.620839][T20371]  </TASK>
[  809.173809][T20383] binder: 20382:20383 ioctl c0306201 80000240 returned -14
[  809.239888][ T5967] Bluetooth: hci4: sending frame failed (-49)
[  809.243577][ T5971] Bluetooth: hci4: Opcode 0x1003 failed: -49
[  809.602682][T20401] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4066'.
[  810.551542][ T3242] usb 5-1: new high-speed USB device number 51 using dummy_hcd
[  810.694690][ T3242] usb 5-1: Using ep0 maxpacket: 32
[  810.698964][ T3242] usb 5-1: config index 0 descriptor too short (expected 156, got 27)
[  810.701497][ T3242] usb 5-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30
[  810.705005][ T3242] usb 5-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7
[  810.708170][ T3242] usb 5-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144
[  810.711964][ T3242] usb 5-1: config 0 interface 0 has no altsetting 0
[  810.717598][ T3242] usb 5-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  810.720232][ T3242] usb 5-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  810.722722][ T3242] usb 5-1: Product: syz
[  810.724353][ T3242] usb 5-1: Manufacturer: syz
[  810.725834][ T3242] usb 5-1: SerialNumber: syz
[  810.728352][ T3242] usb 5-1: config 0 descriptor??
[  810.733146][ T3242] ldusb 5-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  810.742395][ T3242] ldusb 5-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  810.813441][T20424] 9pnet_fd: Insufficient options for proto=fd
[  810.946520][ T6045] usb 5-1: USB disconnect, device number 51
[  810.949733][ T6045] ldusb 5-1:0.0: LD USB Device #0 now disconnected
[  811.123411][    T9] usb 10-1: new high-speed USB device number 3 using dummy_hcd
[  811.253957][T20444] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4077'.
[  811.294782][    T9] usb 10-1: device descriptor read/64, error -71
[  811.541968][    T9] usb 10-1: new high-speed USB device number 4 using dummy_hcd
[  811.781146][    T9] usb 10-1: device descriptor read/64, error -71
[  811.887131][    T9] usb usb10-port1: attempt power cycle
[  812.209450][    T9] usb 10-1: new high-speed USB device number 5 using dummy_hcd
[  812.228763][    T9] usb 10-1: device descriptor read/8, error -71
[  812.456651][    T9] usb 10-1: new high-speed USB device number 6 using dummy_hcd
[  812.486181][    T9] usb 10-1: device descriptor read/8, error -71
[  812.590574][    T9] usb usb10-port1: unable to enumerate USB device
[  812.939426][T20467] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4087'.
[  813.177693][   T40] audit: type=1326 audit(2000001540.247:3865): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20481 comm="syz.4.4090" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f14579 code=0x0
[  813.276422][T20485] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4090'.
[  813.279222][T20485] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4090'.
[  813.296231][   T40] audit: type=1326 audit(2000001540.384:3866): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20481 comm="syz.4.4090" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f14579 code=0x7ffc0000
[  813.302996][   T40] audit: type=1326 audit(2000001540.384:3867): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20481 comm="syz.4.4090" exe="/syz-executor" sig=0 arch=40000003 syscall=384 compat=1 ip=0xf7f14579 code=0x7ffc0000
[  813.380647][   T40] audit: type=1326 audit(2000001540.384:3868): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20481 comm="syz.4.4090" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f14579 code=0x7ffc0000
[  813.387316][   T40] audit: type=1326 audit(2000001540.384:3869): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20481 comm="syz.4.4090" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7f14579 code=0x7ffc0000
[  813.396163][   T40] audit: type=1326 audit(2000001540.384:3870): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20481 comm="syz.4.4090" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f14579 code=0x7ffc0000
[  813.402769][   T40] audit: type=1326 audit(2000001540.384:3871): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20481 comm="syz.4.4090" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7f14579 code=0x7ffc0000
[  813.410206][   T40] audit: type=1326 audit(2000001540.384:3872): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20481 comm="syz.4.4090" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f14579 code=0x7ffc0000
[  813.416692][   T40] audit: type=1326 audit(2000001540.384:3873): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20481 comm="syz.4.4090" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7f14579 code=0x7ffc0000
[  813.423472][   T40] audit: type=1326 audit(2000001540.384:3874): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20481 comm="syz.4.4090" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f14579 code=0x7ffc0000
[  813.573214][T20492] netlink: 'syz.5.4091': attribute type 64 has an invalid length.
[  813.576007][T20492] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4091'.
[  813.618704][T20478] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4088'.
[  813.993994][T20499] netlink: 'syz.3.4093': attribute type 4 has an invalid length.
[  814.782585][T20524] netlink: 196 bytes leftover after parsing attributes in process `syz.0.4102'.
[  815.672093][T20546] rdma_rxe: rxe_newlink: failed to add team_slave_0
[  815.959310][T20553] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  815.961906][T20553] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  815.965854][T20553] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  815.968389][T20553] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  815.970953][T20553] geneve2: entered promiscuous mode
[  815.972982][T20553] geneve2: entered allmulticast mode
[  817.008722][T20567] netlink: 32 bytes leftover after parsing attributes in process `syz.0.4113'.
[  817.543569][T20579] smc: adding net device wg1 with user defined pnetid SYZ1
[  818.860122][T20620] program syz.3.4130 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  818.867597][   T40] kauditd_printk_skb: 17 callbacks suppressed
[  818.867607][   T40] audit: type=1326 audit(2000001546.220:3892): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20618 comm="syz.0.4129" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ce579 code=0x7ffc0000
[  818.886094][   T40] audit: type=1326 audit(2000001546.220:3893): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20618 comm="syz.0.4129" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ce579 code=0x7ffc0000
[  818.892872][   T40] audit: type=1326 audit(2000001546.231:3894): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20618 comm="syz.0.4129" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf70ce579 code=0x7ffc0000
[  818.899453][   T40] audit: type=1326 audit(2000001546.241:3895): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20618 comm="syz.0.4129" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ce579 code=0x7ffc0000
[  818.909153][   T40] audit: type=1326 audit(2000001546.241:3896): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20618 comm="syz.0.4129" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ce579 code=0x7ffc0000
[  818.920221][T20616] random: crng reseeded on system resumption
[  818.928009][   T40] audit: type=1326 audit(2000001546.262:3897): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20618 comm="syz.0.4129" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf70ce579 code=0x7ffc0000
[  818.934834][   T40] audit: type=1326 audit(2000001546.273:3898): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20618 comm="syz.0.4129" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ce579 code=0x7ffc0000
[  818.941344][   T40] audit: type=1326 audit(2000001546.273:3899): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20618 comm="syz.0.4129" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ce579 code=0x7ffc0000
[  818.948329][   T40] audit: type=1326 audit(2000001546.283:3900): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20618 comm="syz.0.4129" exe="/syz-executor" sig=0 arch=40000003 syscall=76 compat=1 ip=0xf70ce579 code=0x7ffc0000
[  818.954866][   T40] audit: type=1326 audit(2000001546.283:3901): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20618 comm="syz.0.4129" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ce579 code=0x7ffc0000
[  819.029119][ T1946] usb 10-1: new high-speed USB device number 7 using dummy_hcd
[  819.153284][ T1946] usb 10-1: device descriptor read/64, error -71
[  819.401060][ T1946] usb 10-1: new high-speed USB device number 8 using dummy_hcd
[  819.533979][ T1946] usb 10-1: device descriptor read/64, error -71
[  819.639676][ T1946] usb usb10-port1: attempt power cycle
[  820.079021][ T1946] usb 10-1: new high-speed USB device number 9 using dummy_hcd
[  820.116207][ T1946] usb 10-1: device descriptor read/8, error -71
[  820.381991][ T1946] usb 10-1: new high-speed USB device number 10 using dummy_hcd
[  820.414497][ T1946] usb 10-1: device descriptor read/8, error -71
[  820.518234][ T1946] usb usb10-port1: unable to enumerate USB device
[  820.749007][T20668] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4146'.
[  820.751766][T20668] netlink: 24 bytes leftover after parsing attributes in process `syz.0.4146'.
[  820.758581][T20670] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4146'.
[  820.761355][T20670] netlink: 24 bytes leftover after parsing attributes in process `syz.0.4146'.
[  820.764684][T20660] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4143'.
[  820.874195][T20673] netlink: 36 bytes leftover after parsing attributes in process `syz.0.4147'.
[  820.945300][T20676] FAULT_INJECTION: forcing a failure.
[  820.945300][T20676] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  820.949229][T20676] CPU: 2 UID: 0 PID: 20676 Comm: syz.0.4148 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) 
[  820.949244][T20676] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  820.949250][T20676] Call Trace:
[  820.949254][T20676]  <TASK>
[  820.949259][T20676]  dump_stack_lvl+0x16c/0x1f0
[  820.949280][T20676]  should_fail_ex+0x512/0x640
[  820.949299][T20676]  _copy_from_user+0x2e/0xd0
[  820.949316][T20676]  get_compat_msghdr+0xa7/0x170
[  820.949345][T20676]  ? __pfx_get_compat_msghdr+0x10/0x10
[  820.949368][T20676]  ___sys_sendmsg+0x1ae/0x1d0
[  820.949385][T20676]  ? __pfx____sys_sendmsg+0x10/0x10
[  820.949408][T20676]  ? find_held_lock+0x2b/0x80
[  820.949444][T20676]  __sys_sendmsg+0x16d/0x220
[  820.949462][T20676]  ? __pfx___sys_sendmsg+0x10/0x10
[  820.949477][T20676]  ? __pfx_bpf_trace_run2+0x10/0x10
[  820.949496][T20676]  ? syscall_trace_enter+0x1cb/0x260
[  820.949514][T20676]  ? rcu_is_watching+0x12/0xc0
[  820.949528][T20676]  __do_fast_syscall_32+0x7c/0x3a0
[  820.949545][T20676]  do_fast_syscall_32+0x32/0x80
[  820.949561][T20676]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  820.949575][T20676] RIP: 0023:0xf70ce579
[  820.949583][T20676] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  820.949594][T20676] RSP: 002b:00000000f50be55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  820.949604][T20676] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000800003c0
[  820.949615][T20676] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  820.949621][T20676] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  820.949627][T20676] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  820.949633][T20676] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  820.949647][T20676]  </TASK>
[  821.339316][T20684] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4152'.
[  821.454710][T20691] (unnamed net_device) (uninitialized): Unable to set peer notification delay as MII monitoring is disabled
[  822.076610][T20711] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  822.094240][T20711] netlink: 36 bytes leftover after parsing attributes in process `syz.3.4158'.
[  822.307950][T20719] bond0 (unregistering): Released all slaves
[  822.618306][T20725] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4160'.
[  822.916508][T20733] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4164'.
[  822.934661][ T1946] usb 9-1: new high-speed USB device number 39 using dummy_hcd
[  823.114544][T20737] (unnamed net_device) (uninitialized): Unable to set peer notification delay as MII monitoring is disabled
[  823.250631][ T1946] usb 9-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  823.256504][ T1946] usb 9-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  823.262844][ T1946] usb 9-1: config 1 has 1 interface, different from the descriptor's value: 66
[  823.267652][ T1946] usb 9-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  823.274176][ T1946] usb 9-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  823.281844][ T1946] usb 9-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  823.287790][ T1946] usb 9-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  823.293955][ T1946] usb 9-1: Product: syz
[  823.297377][ T1946] usb 9-1: Manufacturer: syz
[  823.308817][ T1946] cdc_wdm 9-1:1.0: skipping garbage
[  823.312581][ T1946] cdc_wdm 9-1:1.0: skipping garbage
[  823.317287][ T1946] cdc_wdm 9-1:1.0: cdc-wdm0: USB WDM device
[  823.321275][ T1946] cdc_wdm 9-1:1.0: Unknown control protocol
[  823.642369][T20751] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  823.646599][T20751] FAULT_INJECTION: forcing a failure.
[  823.646599][T20751] name failslab, interval 1, probability 0, space 0, times 0
[  823.650515][T20751] CPU: 2 UID: 0 PID: 20751 Comm: syz.0.4169 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) 
[  823.650530][T20751] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  823.650536][T20751] Call Trace:
[  823.650541][T20751]  <TASK>
[  823.650545][T20751]  dump_stack_lvl+0x16c/0x1f0
[  823.650565][T20751]  should_fail_ex+0x512/0x640
[  823.650581][T20751]  ? fs_reclaim_acquire+0xae/0x150
[  823.650595][T20751]  should_failslab+0xc2/0x120
[  823.650606][T20751]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  823.650629][T20751]  ? find_held_lock+0x2b/0x80
[  823.650639][T20751]  ? p9_tag_alloc+0x9c/0x640
[  823.650657][T20751]  p9_tag_alloc+0x9c/0x640
[  823.650674][T20751]  ? __pfx_p9_tag_alloc+0x10/0x10
[  823.650689][T20751]  ? stack_depot_save_flags+0x3e0/0xa40
[  823.650707][T20751]  ? check_irq_usage+0xcb/0x920
[  823.650723][T20751]  p9_client_prepare_req+0x19b/0x4d0
[  823.650745][T20751]  ? __pfx_p9_client_prepare_req+0x10/0x10
[  823.650768][T20751]  p9_client_rpc+0x1c4/0xc50
[  823.650784][T20751]  ? node_tag_clear+0x105/0x290
[  823.650797][T20751]  ? __pfx_p9_client_rpc+0x10/0x10
[  823.650814][T20751]  ? idr_alloc_u32+0x20f/0x2f0
[  823.650832][T20751]  ? idr_preload_end+0xc2/0x230
[  823.650848][T20751]  ? rcu_is_watching+0x12/0xc0
[  823.650862][T20751]  p9_client_walk+0x1ab/0x530
[  823.650877][T20751]  ? __pfx_p9_client_walk+0x10/0x10
[  823.650889][T20751]  ? v9fs_fid_lookup+0xe9/0xeb0
[  823.650909][T20751]  v9fs_vfs_lookup+0x206/0x5b0
[  823.650923][T20751]  ? __pfx_v9fs_vfs_lookup+0x10/0x10
[  823.650935][T20751]  ? lockdep_init_map_type+0x5c/0x280
[  823.650951][T20751]  ? lockdep_init_map_type+0x5c/0x280
[  823.650969][T20751]  __lookup_slow+0x251/0x460
[  823.650981][T20751]  ? __pfx___lookup_slow+0x10/0x10
[  823.650996][T20751]  ? pcpu_balance_workfn+0x80/0xe00
[  823.651015][T20751]  ? pcpu_balance_workfn+0x80/0xe00
[  823.651030][T20751]  ? d_lookup+0xe7/0x190
[  823.651045][T20751]  lookup_one_unlocked+0xd4/0x120
[  823.651058][T20751]  ovl_lookup_single+0x214/0xfc0
[  823.651074][T20751]  ? __pfx_ovl_lookup_single+0x10/0x10
[  823.651089][T20751]  ovl_lookup_layer+0x3d4/0x480
[  823.651102][T20751]  ? __pfx_ovl_lookup_layer+0x10/0x10
[  823.651112][T20751]  ? trace_kmalloc+0x2b/0xd0
[  823.651127][T20751]  ovl_lookup+0x13f9/0x21a0
[  823.651143][T20751]  ? __pfx_ovl_lookup+0x10/0x10
[  823.651153][T20751]  ? generic_permission+0xad/0x7d0
[  823.651165][T20751]  ? bpf_lsm_inode_permission+0x9/0x10
[  823.651177][T20751]  ? inode_permission+0x156/0x630
[  823.651189][T20751]  ? ovl_revert_creds+0x13/0x50
[  823.651201][T20751]  ? ovl_permission+0xcd/0x290
[  823.651217][T20751]  ? __pfx_ovl_permission+0x10/0x10
[  823.651239][T20751]  ? bpf_lsm_inode_permission+0x9/0x10
[  823.651253][T20751]  ? security_inode_permission+0xbf/0x260
[  823.651271][T20751]  ? inode_permission+0x156/0x630
[  823.651289][T20751]  ? __pfx_ovl_lookup+0x10/0x10
[  823.651307][T20751]  lookup_open.isra.0+0x4d7/0x1580
[  823.651335][T20751]  ? __pfx_lookup_open.isra.0+0x10/0x10
[  823.651361][T20751]  ? __pfx_down_write+0x10/0x10
[  823.651370][T20751]  ? mnt_get_write_access+0x20c/0x300
[  823.651385][T20751]  path_openat+0x893/0x2cb0
[  823.651405][T20751]  ? __pfx_path_openat+0x10/0x10
[  823.651421][T20751]  ? __lock_acquire+0xb8a/0x1c90
[  823.651437][T20751]  do_filp_open+0x20b/0x470
[  823.651452][T20751]  ? __pfx_do_filp_open+0x10/0x10
[  823.651477][T20751]  ? alloc_fd+0x471/0x7d0
[  823.651496][T20751]  do_sys_openat2+0x11b/0x1d0
[  823.651509][T20751]  ? __pfx_do_sys_openat2+0x10/0x10
[  823.651522][T20751]  ? __fget_files+0x20e/0x3c0
[  823.651535][T20751]  ? handle_mm_fault+0x1e0/0xd10
[  823.651552][T20751]  __ia32_compat_sys_open+0x146/0x1e0
[  823.651564][T20751]  ? __pfx___ia32_compat_sys_open+0x10/0x10
[  823.651580][T20751]  ? rcu_is_watching+0x12/0xc0
[  823.651591][T20751]  ? syscall_enter_from_user_mode_prepare+0x68/0xe0
[  823.651609][T20751]  __do_fast_syscall_32+0x7c/0x3a0
[  823.651630][T20751]  do_fast_syscall_32+0x32/0x80
[  823.651646][T20751]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  823.651660][T20751] RIP: 0023:0xf70ce579
[  823.651669][T20751] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  823.651680][T20751] RSP: 002b:00000000f50be55c EFLAGS: 00000296 ORIG_RAX: 0000000000000005
[  823.651690][T20751] RAX: ffffffffffffffda RBX: 0000000080000580 RCX: 0000000000181242
[  823.651697][T20751] RDX: 000000005997fa5f RSI: 0000000000000000 RDI: 0000000000000000
[  823.651703][T20751] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  823.651709][T20751] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  823.651716][T20751] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  823.651729][T20751]  </TASK>
[  823.821581][ T1946] usb 9-1: USB disconnect, device number 39
[  825.084512][T20789] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(6)
[  825.087205][T20789] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  825.090774][T20789] vhci_hcd vhci_hcd.0: Device attached
[  825.411755][ T1946] usb 38-1: SetAddress Request (18) to port 0
[  825.414176][ T1946] usb 38-1: new SuperSpeed USB device number 18 using vhci_hcd
[  825.630815][T20790] vhci_hcd: connection reset by peer
[  825.632619][   T60] vhci_hcd: stop threads
[  825.634092][   T60] vhci_hcd: release socket
[  825.640255][   T60] vhci_hcd: disconnect device
[  826.011962][    T9] usb 9-1: new high-speed USB device number 40 using dummy_hcd
[  826.235246][    T9] usb 9-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  826.237845][    T9] usb 9-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  826.244930][    T9] usb 9-1: config 1 has 1 interface, different from the descriptor's value: 66
[  826.249998][    T9] usb 9-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  826.259519][    T9] usb 9-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  826.263644][    T9] usb 9-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  826.266335][    T9] usb 9-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  826.269222][    T9] usb 9-1: Product: syz
[  826.278573][    T9] usb 9-1: Manufacturer: syz
[  826.531523][    T9] cdc_wdm 9-1:1.0: skipping garbage
[  826.533138][    T9] cdc_wdm 9-1:1.0: skipping garbage
[  826.535367][    T9] cdc_wdm 9-1:1.0: cdc-wdm0: USB WDM device
[  826.537228][    T9] cdc_wdm 9-1:1.0: Unknown control protocol
[  826.730189][ T6044] usb 9-1: USB disconnect, device number 40
[  826.899268][T20824] __nla_validate_parse: 6 callbacks suppressed
[  826.899280][T20824] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4188'.
[  827.263355][T20832] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(6)
[  827.265331][T20832] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  827.267993][T20832] vhci_hcd vhci_hcd.0: Device attached
[  827.626649][T20846] netlink: 16 bytes leftover after parsing attributes in process `syz.3.4195'.
[  827.633166][T20846] netlink: 196 bytes leftover after parsing attributes in process `syz.3.4195'.
[  827.815984][ T5967] Bluetooth: hci3: unexpected event for opcode 0x1001
[  827.883671][T20833] vhci_hcd: connection closed
[  827.884151][   T60] vhci_hcd: stop threads
[  827.886962][   T60] vhci_hcd: release socket
[  827.897469][   T60] vhci_hcd: disconnect device
[  829.244837][T20879] FAULT_INJECTION: forcing a failure.
[  829.244837][T20879] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  829.249834][T20879] CPU: 3 UID: 0 PID: 20879 Comm: syz.0.4204 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) 
[  829.249853][T20879] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  829.249860][T20879] Call Trace:
[  829.249864][T20879]  <TASK>
[  829.249869][T20879]  dump_stack_lvl+0x16c/0x1f0
[  829.249888][T20879]  should_fail_ex+0x512/0x640
[  829.249906][T20879]  copy_fpstate_to_sigframe+0x854/0xaf0
[  829.249921][T20879]  ? do_raw_spin_lock+0x20e/0x2b0
[  829.249939][T20879]  ? __pfx_copy_fpstate_to_sigframe+0x10/0x10
[  829.249956][T20879]  ? x86_task_fpu+0x5f/0x90
[  829.249968][T20879]  get_sigframe+0x4a8/0x9c0
[  829.249983][T20879]  ? __pfx_get_sigframe+0x10/0x10
[  829.249996][T20879]  ? _raw_spin_unlock_irq+0x29/0x50
[  829.250009][T20879]  ? siginfo_layout+0x177/0x290
[  829.250023][T20879]  ia32_setup_frame+0xe2/0xa50
[  829.250040][T20879]  ? fpu__restore_sig+0x10f/0x190
[  829.250054][T20879]  ? __pfx_ia32_setup_frame+0x10/0x10
[  829.250070][T20879]  ? __pfx_ia32_restore_sigcontext+0x10/0x10
[  829.250087][T20879]  arch_do_signal_or_restart+0x59c/0x790
[  829.250101][T20879]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  829.250113][T20879]  ? _raw_spin_unlock_irq+0x23/0x50
[  829.250129][T20879]  ? __do_compat_sys_sigreturn+0x1a0/0x200
[  829.250144][T20879]  ? __pfx___do_compat_sys_sigreturn+0x10/0x10
[  829.250163][T20879]  exit_to_user_mode_loop+0x84/0x110
[  829.250181][T20879]  do_int80_emulation+0x352/0x460
[  829.250198][T20879]  asm_int80_emulation+0x1a/0x20
[  829.250209][T20879] RIP: 0023:0xf70ce579
[  829.250218][T20879] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  829.250229][T20879] RSP: 002b:00000000f50be55c EFLAGS: 00000296
[  829.250237][T20879] RAX: 00000000fffffffc RBX: 0000000000000001 RCX: 0000000000000000
[  829.250244][T20879] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000001000
[  829.250250][T20879] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  829.250268][T20879] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  829.250275][T20879] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  829.250289][T20879]  </TASK>
[  829.351398][T20881] netlink: 'syz.0.4205': attribute type 1 has an invalid length.
[  829.367620][T20881] smc: adding net device bond0 with user defined pnetid SYZ2
[  829.372144][T20881] 8021q: adding VLAN 0 to HW filter on device bond0
[  829.387613][T20881] bond0: (slave ip6erspan0): making interface the new active one
[  829.392204][T20881] bond0: (slave ip6erspan0): Enslaving as an active interface with an up link
[  829.526919][ T3242] usb 10-1: new high-speed USB device number 11 using dummy_hcd
[  829.534956][T20889] netlink: 16 bytes leftover after parsing attributes in process `syz.0.4209'.
[  829.542361][T20889] netlink: 196 bytes leftover after parsing attributes in process `syz.0.4209'.
[  829.560535][T20887] fuse: Bad value for 'fd'
[  829.701405][ T3242] usb 10-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  829.701422][ T3242] usb 10-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  829.701432][ T3242] usb 10-1: config 1 has 1 interface, different from the descriptor's value: 66
[  829.701453][ T3242] usb 10-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  829.701466][ T3242] usb 10-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  829.702590][ T3242] usb 10-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  829.702608][ T3242] usb 10-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  829.702618][ T3242] usb 10-1: Product: syz
[  829.702626][ T3242] usb 10-1: Manufacturer: syz
[  829.704695][ T3242] cdc_wdm 10-1:1.0: skipping garbage
[  829.704704][ T3242] cdc_wdm 10-1:1.0: skipping garbage
[  829.705277][ T3242] cdc_wdm 10-1:1.0: cdc-wdm0: USB WDM device
[  829.705286][ T3242] cdc_wdm 10-1:1.0: Unknown control protocol
[  829.777441][T20893] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4208'.
[  830.326267][ T1946] usb 38-1: device descriptor read/8, error -110
[  830.336178][ T6044] usb 10-1: USB disconnect, device number 11
[  830.618203][T20908] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4212'.
[  830.699948][T20912] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4211'.
[  830.728322][ T1946] usb usb38-port1: attempt power cycle
[  831.235191][T20922] FAULT_INJECTION: forcing a failure.
[  831.235191][T20922] name failslab, interval 1, probability 0, space 0, times 0
[  831.240003][T20922] CPU: 0 UID: 0 PID: 20922 Comm: syz.5.4216 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) 
[  831.240019][T20922] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  831.240025][T20922] Call Trace:
[  831.240030][T20922]  <TASK>
[  831.240034][T20922]  dump_stack_lvl+0x16c/0x1f0
[  831.240055][T20922]  should_fail_ex+0x512/0x640
[  831.240071][T20922]  ? __kmalloc_cache_noprof+0x57/0x3e0
[  831.240087][T20922]  should_failslab+0xc2/0x120
[  831.240098][T20922]  __kmalloc_cache_noprof+0x6a/0x3e0
[  831.240112][T20922]  ? tcf_chain_tp_find+0x2b5/0x470
[  831.240128][T20922]  ? tc_new_tfilter+0xf0c/0x2340
[  831.240141][T20922]  tc_new_tfilter+0xf0c/0x2340
[  831.240158][T20922]  ? arch_stack_walk+0xa6/0x100
[  831.240169][T20922]  ? __pfx_tc_new_tfilter+0x10/0x10
[  831.240194][T20922]  ? find_held_lock+0x2b/0x80
[  831.240206][T20922]  ? __pfx_tc_new_tfilter+0x10/0x10
[  831.240217][T20922]  ? rtnetlink_rcv_msg+0x93a/0xe90
[  831.240234][T20922]  ? __pfx_tc_new_tfilter+0x10/0x10
[  831.240246][T20922]  rtnetlink_rcv_msg+0x95e/0xe90
[  831.240263][T20922]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  831.240283][T20922]  ? __lock_acquire+0x622/0x1c90
[  831.240300][T20922]  netlink_rcv_skb+0x155/0x420
[  831.240311][T20922]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  831.240329][T20922]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  831.240345][T20922]  ? netlink_deliver_tap+0x1ae/0xd30
[  831.240362][T20922]  ? is_vmalloc_addr+0x86/0xa0
[  831.240379][T20922]  netlink_unicast+0x58d/0x850
[  831.240392][T20922]  ? __pfx_netlink_unicast+0x10/0x10
[  831.240407][T20922]  netlink_sendmsg+0x8d1/0xdd0
[  831.240420][T20922]  ? __pfx_netlink_sendmsg+0x10/0x10
[  831.240432][T20922]  ? __import_iovec+0x1dd/0x650
[  831.240446][T20922]  ____sys_sendmsg+0xa95/0xc70
[  831.240459][T20922]  ? __pfx_____sys_sendmsg+0x10/0x10
[  831.240470][T20922]  ? get_compat_msghdr+0x11a/0x170
[  831.240492][T20922]  ___sys_sendmsg+0x134/0x1d0
[  831.240509][T20922]  ? __pfx____sys_sendmsg+0x10/0x10
[  831.240532][T20922]  ? find_held_lock+0x2b/0x80
[  831.240552][T20922]  __sys_sendmsg+0x16d/0x220
[  831.240567][T20922]  ? __pfx___sys_sendmsg+0x10/0x10
[  831.240582][T20922]  ? __pfx_bpf_trace_run2+0x10/0x10
[  831.240601][T20922]  ? syscall_trace_enter+0x1cb/0x260
[  831.240619][T20922]  ? rcu_is_watching+0x12/0xc0
[  831.240632][T20922]  __do_fast_syscall_32+0x7c/0x3a0
[  831.240650][T20922]  do_fast_syscall_32+0x32/0x80
[  831.240666][T20922]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  831.240680][T20922] RIP: 0023:0xf7fe7579
[  831.240688][T20922] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  831.240699][T20922] RSP: 002b:00000000f510655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  831.240709][T20922] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000080000000
[  831.240716][T20922] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  831.240722][T20922] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  831.240728][T20922] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  831.240734][T20922] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  831.240747][T20922]  </TASK>
[  831.394528][ T1946] usb usb38-port1: unable to enumerate USB device
[  831.480888][    C0] sd 0:0:0:0: [sda] tag#29 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s
[  831.484220][    C0] sd 0:0:0:0: [sda] tag#29 CDB: Test Unit Ready 
[  831.730651][T20933] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4221'.
[  831.929014][T20938] loop6: detected capacity change from 0 to 128
[  832.022383][T20938] Invalid logical block size (1373)
[  833.071342][T20961] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6)
[  833.073345][T20961] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  833.088367][T20961] vhci_hcd vhci_hcd.0: Device attached
[  833.233528][ T6045] usb 9-1: new high-speed USB device number 41 using dummy_hcd
[  833.365555][ T6044] usb 44-1: SetAddress Request (14) to port 0
[  833.368371][ T6044] usb 44-1: new SuperSpeed USB device number 14 using vhci_hcd
[  833.376487][ T6045] usb 9-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  833.379519][ T6045] usb 9-1: config 1 has an invalid descriptor of length 52, skipping remainder of the config
[  833.382737][ T6045] usb 9-1: config 1 has 1 interface, different from the descriptor's value: 66
[  833.390293][ T6045] usb 9-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 7
[  833.398114][ T6045] usb 9-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 9272, setting to 1024
[  833.415331][ T6045] usb 9-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  833.418055][ T6045] usb 9-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  833.421154][ T6045] usb 9-1: Product: syz
[  833.429511][ T6045] usb 9-1: Manufacturer: syz
[  833.441798][ T6045] cdc_wdm 9-1:1.0: skipping garbage
[  833.446268][ T6045] cdc_wdm 9-1:1.0: skipping garbage
[  833.450807][ T6045] cdc_wdm 9-1:1.0: probe with driver cdc_wdm failed with error -22
[  833.626519][ T1417] ieee802154 phy1 wpan1: encryption failed: -22
[  833.682804][ T1946] usb 9-1: USB disconnect, device number 41
[  833.980143][T20962] vhci_hcd: connection reset by peer
[  833.984425][   T60] vhci_hcd: stop threads
[  833.985795][   T60] vhci_hcd: release socket
[  833.987231][   T60] vhci_hcd: disconnect device
[  834.787336][T20983] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(6)
[  834.789354][T20983] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  834.792191][T20983] vhci_hcd vhci_hcd.0: Device attached
[  835.153109][T20992] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4234'.
[  835.165898][ T1946] usb 46-1: SetAddress Request (22) to port 0
[  835.174110][ T1946] usb 46-1: new SuperSpeed USB device number 22 using vhci_hcd
[  835.247311][T20998] netlink: 16 bytes leftover after parsing attributes in process `syz.5.4235'.
[  835.255976][T20998] netlink: 196 bytes leftover after parsing attributes in process `syz.5.4235'.
[  835.275176][T20986] vhci_hcd: connection reset by peer
[  835.280539][   T13] vhci_hcd: stop threads
[  835.281893][   T13] vhci_hcd: release socket
[  835.286416][   T13] vhci_hcd: disconnect device
[  835.346627][   T40] kauditd_printk_skb: 60 callbacks suppressed
[  835.346642][   T40] audit: type=1326 audit(2000001563.521:3962): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20999 comm="syz.5.4236" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe7579 code=0x7ffc0000
[  835.358818][   T40] audit: type=1326 audit(2000001563.542:3963): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20999 comm="syz.5.4236" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe7579 code=0x7ffc0000
[  835.365607][   T40] audit: type=1326 audit(2000001563.542:3964): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20999 comm="syz.5.4236" exe="/syz-executor" sig=0 arch=40000003 syscall=29 compat=1 ip=0xf7fe7579 code=0x7ffc0000
[  837.444674][T21035] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(6)
[  837.446768][T21035] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  837.461725][ T6045] usb 10-1: new high-speed USB device number 12 using dummy_hcd
[  837.463043][T21035] vhci_hcd vhci_hcd.0: Device attached
[  838.043426][ T6045] usb 10-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  838.046568][ T6045] usb 10-1: config 1 has an invalid descriptor of length 52, skipping remainder of the config
[  838.050034][ T6045] usb 10-1: config 1 has 1 interface, different from the descriptor's value: 66
[  838.053361][ T6045] usb 10-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 7
[  838.057238][ T6045] usb 10-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 9272, setting to 1024
[  838.068619][ T6045] usb 10-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  838.074117][ T6045] usb 10-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  838.076705][ T6045] usb 10-1: Product: syz
[  838.080826][ T6045] usb 10-1: Manufacturer: syz
[  838.101368][ T6045] cdc_wdm 10-1:1.0: skipping garbage
[  838.102997][ T6045] cdc_wdm 10-1:1.0: skipping garbage
[  838.104663][ T6045] cdc_wdm 10-1:1.0: probe with driver cdc_wdm failed with error -22
[  838.160197][T14790] usb 38-1: SetAddress Request (22) to port 0
[  838.162383][T14790] usb 38-1: new SuperSpeed USB device number 22 using vhci_hcd
[  838.162572][T21048] 9pnet_fd: Insufficient options for proto=fd
[  838.248744][T21052] openvswitch: netlink: Missing key (keys=40, expected=200000)
[  838.274486][ T6044] usb 44-1: device descriptor read/8, error -110
[  838.313331][ T1463] usb 10-1: USB disconnect, device number 12
[  839.224286][T21053] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4247'.
[  839.339520][T21036] vhci_hcd: connection reset by peer
[  839.342442][ T1138] vhci_hcd: stop threads
[  839.344239][ T1138] vhci_hcd: release socket
[  839.347384][ T1138] vhci_hcd: disconnect device
[  839.538615][ T6044] usb usb44-port1: attempt power cycle
[  839.640766][T21068] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4251'.
[  840.258186][ T6044] usb usb44-port1: unable to enumerate USB device
[  840.261240][ T1946] usb 46-1: device descriptor read/8, error -110
[  840.460969][T21086] fuse: Unknown parameter 'groÜS!G¤ÜQã´£ëuþup_id'
[  840.655621][ T1946] usb usb46-port1: attempt power cycle
[  840.724614][T21098] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4259'.
[  841.186622][ T1946] usb usb46-port1: unable to enumerate USB device
[  841.460567][T21110] smc: removing net device bond0 with user defined pnetid SYZ2
[  841.465796][T21110] bond0 (unregistering): (slave ip6erspan0): Releasing active interface
[  841.470677][T21110] bond0 (unregistering): Released all slaves
[  841.530659][T21121] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4265'.
[  841.553433][ T6045] usb 10-1: new high-speed USB device number 13 using dummy_hcd
[  841.723952][ T6045] usb 10-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  841.726682][ T6045] usb 10-1: config 1 has an invalid descriptor of length 52, skipping remainder of the config
[  841.731222][ T6045] usb 10-1: config 1 has 1 interface, different from the descriptor's value: 66
[  841.734812][ T6045] usb 10-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 7
[  841.740824][ T6045] usb 10-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 9272, setting to 1024
[  841.776729][ T6045] usb 10-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  841.779775][ T6045] usb 10-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  841.782277][ T6045] usb 10-1: Product: syz
[  841.783633][ T6045] usb 10-1: Manufacturer: syz
[  841.788677][ T6045] cdc_wdm 10-1:1.0: skipping garbage
[  841.790378][ T6045] cdc_wdm 10-1:1.0: skipping garbage
[  841.792052][ T6045] cdc_wdm 10-1:1.0: probe with driver cdc_wdm failed with error -22
[  842.021821][ T1946] usb 10-1: USB disconnect, device number 13
[  842.742785][T21151] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  842.772039][T21152] netlink: 'syz.3.4275': attribute type 10 has an invalid length.
[  842.774583][T21152] netlink: 40 bytes leftover after parsing attributes in process `syz.3.4275'.
[  842.782516][T21152] team0: Port device geneve0 added
[  842.830063][T21151] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  842.905578][T21151] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  842.979216][T21151] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  843.014947][T21156] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4276'.
[  843.105693][T21151] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  843.117819][T21151] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  843.125371][T21151] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  843.135543][T21151] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  843.149701][T14790] usb 38-1: device descriptor read/8, error -110
[  843.424118][T21167] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(6)
[  843.426263][T21167] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  843.429333][T21167] vhci_hcd vhci_hcd.0: Device attached
[  843.522985][T21164] new mount options do not match the existing superblock, will be ignored
[  843.623932][T14790] usb usb38-port1: attempt power cycle
[  843.786375][ T1946] usb 46-1: SetAddress Request (26) to port 0
[  843.790598][ T1946] usb 46-1: new SuperSpeed USB device number 26 using vhci_hcd
[  844.142308][T21168] vhci_hcd: connection reset by peer
[  844.144181][   T73] vhci_hcd: stop threads
[  844.145608][   T73] vhci_hcd: release socket
[  844.147166][   T73] vhci_hcd: disconnect device
[  844.208267][T14790] usb usb38-port1: unable to enumerate USB device
[  844.710967][T21191] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4284'.
[  844.723301][T21191] netlink: 196 bytes leftover after parsing attributes in process `syz.4.4284'.
[  844.915774][T21197] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4286'.
[  845.377555][ T6045] usb 9-1: new high-speed USB device number 42 using dummy_hcd
[  845.780970][   T40] audit: type=1326 audit(2000001574.481:3965): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21212 comm="syz.0.4289" exe="/syz-executor" sig=0 arch=40000003 syscall=20 compat=1 ip=0xf70ce579 code=0x7ffc0000
[  845.793654][   T40] audit: type=1326 audit(2000001574.481:3966): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21212 comm="syz.0.4289" exe="/syz-executor" sig=0 arch=40000003 syscall=173 compat=1 ip=0xf70ce5a7 code=0x7ffc0000
[  845.800778][   T40] audit: type=1326 audit(2000001574.481:3967): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21212 comm="syz.0.4289" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ce579 code=0x7ffc0000
[  845.807548][   T40] audit: type=1326 audit(2000001574.481:3968): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21212 comm="syz.0.4289" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ce579 code=0x7ffc0000
[  845.814744][   T40] audit: type=1326 audit(2000001574.492:3969): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21212 comm="syz.0.4289" exe="/syz-executor" sig=0 arch=40000003 syscall=20 compat=1 ip=0xf70ce579 code=0x7ffc0000
[  845.821381][   T40] audit: type=1326 audit(2000001574.492:3970): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21212 comm="syz.0.4289" exe="/syz-executor" sig=0 arch=40000003 syscall=173 compat=1 ip=0xf70ce5a7 code=0x7ffc0000
[  845.828138][   T40] audit: type=1326 audit(2000001574.492:3971): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21212 comm="syz.0.4289" exe="/syz-executor" sig=0 arch=40000003 syscall=20 compat=1 ip=0xf70ce579 code=0x7ffc0000
[  845.835489][   T40] audit: type=1326 audit(2000001574.492:3972): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21212 comm="syz.0.4289" exe="/syz-executor" sig=0 arch=40000003 syscall=173 compat=1 ip=0xf70ce5a7 code=0x7ffc0000
[  845.843527][   T40] audit: type=1326 audit(2000001574.492:3973): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21212 comm="syz.0.4289" exe="/syz-executor" sig=0 arch=40000003 syscall=20 compat=1 ip=0xf70ce579 code=0x7ffc0000
[  845.850856][   T40] audit: type=1326 audit(2000001574.492:3974): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21212 comm="syz.0.4289" exe="/syz-executor" sig=0 arch=40000003 syscall=173 compat=1 ip=0xf70ce5a7 code=0x7ffc0000
[  845.858303][ T6045] usb 9-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  845.860941][ T6045] usb 9-1: config 1 has an invalid descriptor of length 52, skipping remainder of the config
[  845.864747][ T6045] usb 9-1: config 1 has 1 interface, different from the descriptor's value: 66
[  845.867583][ T6045] usb 9-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 7
[  845.875828][ T6045] usb 9-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 9272, setting to 1024
[  846.069831][ T6045] usb 9-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  846.073952][ T6045] usb 9-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  846.076846][ T6045] usb 9-1: Product: syz
[  846.078508][ T6045] usb 9-1: Manufacturer: syz
[  846.114148][ T6045] cdc_wdm 9-1:1.0: skipping garbage
[  846.118499][ T6045] cdc_wdm 9-1:1.0: skipping garbage
[  846.120538][ T6045] cdc_wdm 9-1:1.0: probe with driver cdc_wdm failed with error -22
[  846.126034][T21220] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(6)
[  846.128304][T21220] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  846.130989][T21220] vhci_hcd vhci_hcd.0: Device attached
[  846.445423][ T6044] usb 9-1: USB disconnect, device number 42
[  846.682342][T14790] usb 38-1: SetAddress Request (26) to port 0
[  846.716934][T14790] usb 38-1: new SuperSpeed USB device number 26 using vhci_hcd
[  846.724971][T21221] vhci_hcd: connection closed
[  846.725134][   T60] vhci_hcd: stop threads
[  846.728134][   T60] vhci_hcd: release socket
[  846.729688][   T60] vhci_hcd: disconnect device
[  846.783236][T21228] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6)
[  846.785341][T21228] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  846.788302][T21228] vhci_hcd vhci_hcd.0: Device attached
[  846.898091][T21236] netlink: 16 bytes leftover after parsing attributes in process `syz.5.4294'.
[  846.903543][T21236] netlink: 196 bytes leftover after parsing attributes in process `syz.5.4294'.
[  847.158741][ T6044] usb 44-1: SetAddress Request (18) to port 0
[  847.160674][ T6044] usb 44-1: new SuperSpeed USB device number 18 using vhci_hcd
[  847.340766][T21229] vhci_hcd: connection reset by peer
[  847.342854][   T60] vhci_hcd: stop threads
[  847.344223][   T60] vhci_hcd: release socket
[  847.345778][   T60] vhci_hcd: disconnect device
[  847.544255][T21248] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4297'.
[  847.626630][T21251] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4298'.
[  847.673862][T21251] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4298'.
[  848.644749][ T1946] usb 46-1: device descriptor read/8, error -110
[  848.995403][T21269] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4302'.
[  849.009485][T21269] netlink: 20 bytes leftover after parsing attributes in process `syz.4.4302'.
[  849.015289][T21269] geneve3: entered promiscuous mode
[  849.017104][T21269] geneve3: entered allmulticast mode
[  849.084900][ T1946] usb usb46-port1: attempt power cycle
[  849.777306][T21290] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6)
[  849.779432][T21290] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  849.874782][T21290] vhci_hcd vhci_hcd.0: Device attached
[  849.877784][ T1946] usb usb46-port1: unable to enumerate USB device
[  849.997349][   T61] usb 5-1: new high-speed USB device number 52 using dummy_hcd
[  850.162913][T21293] vhci_hcd: connection closed
[  850.178397][   T13] vhci_hcd: stop threads
[  850.181581][   T13] vhci_hcd: release socket
[  850.183200][   T13] vhci_hcd: disconnect device
[  850.197799][   T61] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  850.200497][   T61] usb 5-1: config 1 has an invalid descriptor of length 52, skipping remainder of the config
[  850.203674][   T61] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66
[  850.206463][   T61] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 7
[  850.209925][   T61] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 9272, setting to 1024
[  850.215790][   T61] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  850.218954][   T61] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  850.221443][   T61] usb 5-1: Product: syz
[  850.222781][   T61] usb 5-1: Manufacturer: syz
[  850.229272][T21300] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(6)
[  850.231359][T21300] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  850.236199][T21300] vhci_hcd vhci_hcd.0: Device attached
[  850.244670][ T5960] usb 9-1: new high-speed USB device number 43 using dummy_hcd
[  850.249523][   T61] cdc_wdm 5-1:1.0: skipping garbage
[  850.251549][   T61] cdc_wdm 5-1:1.0: skipping garbage
[  850.253229][   T61] cdc_wdm 5-1:1.0: probe with driver cdc_wdm failed with error -22
[  850.397402][ T5960] usb 9-1: Using ep0 maxpacket: 16
[  850.529573][ T1463] usb 5-1: USB disconnect, device number 52
[  850.532003][ T1946] usb 48-1: SetAddress Request (6) to port 0
[  850.536459][ T1946] usb 48-1: new SuperSpeed USB device number 6 using vhci_hcd
[  850.819743][T21301] vhci_hcd: connection reset by peer
[  850.822671][   T60] vhci_hcd: stop threads
[  850.824418][   T60] vhci_hcd: release socket
[  850.826333][   T60] vhci_hcd: disconnect device
[  850.826446][T21305] netlink: 96 bytes leftover after parsing attributes in process `syz.3.4309'.
[  851.020657][T21308] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4310'.
[  851.530703][T14790] usb 38-1: device descriptor read/8, error -110
[  851.602138][T21317] netlink: 'syz.5.4312': attribute type 1 has an invalid length.
[  851.610475][T21317] pim6reg: entered allmulticast mode
[  851.912460][T14790] usb usb38-port1: attempt power cycle
[  851.988272][ T6044] usb 44-1: device descriptor read/8, error -110
[  852.079933][T21325] netlink: 'syz.0.4316': attribute type 4 has an invalid length.
[  852.292677][T21314] pim6reg: left allmulticast mode
[  852.356078][ T5971] Bluetooth: hci2: ACL packet for unknown connection handle 201
[  852.360559][ T6044] usb usb44-port1: attempt power cycle
[  852.455798][T14790] usb usb38-port1: unable to enumerate USB device
[  852.527004][ T5960] usb 9-1: unable to get BOS descriptor or descriptor too short
[  852.530317][ T5960] usb 9-1: unable to read config index 0 descriptor/start: -71
[  852.534105][ T5960] usb 9-1: can't read configurations, error -71
[  852.799969][T21338] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4318'.
[  852.903091][ T6044] usb usb44-port1: unable to enumerate USB device
[  853.207576][T21344] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(6)
[  853.209641][T21344] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  853.212241][T21344] vhci_hcd vhci_hcd.0: Device attached
[  853.502494][ T6044] usb 38-1: SetAddress Request (30) to port 0
[  853.507100][ T6044] usb 38-1: new SuperSpeed USB device number 30 using vhci_hcd
[  853.712079][ T5960] usb 9-1: new high-speed USB device number 45 using dummy_hcd
[  853.766100][T21345] vhci_hcd: connection reset by peer
[  853.771155][   T13] vhci_hcd: stop threads
[  853.772693][   T13] vhci_hcd: release socket
[  853.774515][   T13] vhci_hcd: disconnect device
[  853.827963][T21355] netlink: 24 bytes leftover after parsing attributes in process `syz.5.4322'.
[  853.885170][ T5960] usb 9-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  853.888709][ T5960] usb 9-1: config 1 has an invalid descriptor of length 52, skipping remainder of the config
[  853.892793][ T5960] usb 9-1: config 1 has 1 interface, different from the descriptor's value: 66
[  853.915359][ T5960] usb 9-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 7
[  853.919735][ T5960] usb 9-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 9272, setting to 1024
[  853.930138][ T5960] usb 9-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  853.933921][ T5960] usb 9-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  853.937153][ T5960] usb 9-1: Product: syz
[  853.938907][ T5960] usb 9-1: Manufacturer: syz
[  853.947622][ T5960] cdc_wdm 9-1:1.0: skipping garbage
[  853.949866][ T5960] cdc_wdm 9-1:1.0: skipping garbage
[  853.952554][ T5960] cdc_wdm 9-1:1.0: probe with driver cdc_wdm failed with error -22
[  854.249654][T14790] usb 9-1: USB disconnect, device number 45
[  854.922634][T21359] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4323'.
[  855.449657][T21371] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4335'.
[  855.453243][ T1946] usb 48-1: device descriptor read/8, error -110
[  855.565639][ T5967] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  855.572252][ T5967] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  855.577397][ T5967] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  855.592185][ T5967] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  855.594683][ T5967] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  855.789258][T21374] chnl_net:caif_netlink_parms(): no params data found
[  855.902689][T21374] bridge0: port 1(bridge_slave_0) entered blocking state
[  855.905857][T21374] bridge0: port 1(bridge_slave_0) entered disabled state
[  855.908118][T21374] bridge_slave_0: entered allmulticast mode
[  855.910704][T21374] bridge_slave_0: entered promiscuous mode
[  855.913923][T21374] bridge0: port 2(bridge_slave_1) entered blocking state
[  855.916210][T21374] bridge0: port 2(bridge_slave_1) entered disabled state
[  855.918518][T21374] bridge_slave_1: entered allmulticast mode
[  855.921128][T21374] bridge_slave_1: entered promiscuous mode
[  855.980158][ T1946] usb usb48-port1: attempt power cycle
[  856.077055][T21374] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  856.077147][T21389] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6)
[  856.081955][T21389] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  856.083191][T21374] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  856.102391][T21389] vhci_hcd vhci_hcd.0: Device attached
[  856.127228][T21374] team0: Port device team_slave_0 added
[  856.130966][T21374] team0: Port device team_slave_1 added
[  856.185714][T21374] batman_adv: batadv0: Adding interface: batadv_slave_0
[  856.187873][T21374] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  856.196792][T21374] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  856.215212][T21374] batman_adv: batadv0: Adding interface: batadv_slave_1
[  856.218166][T21374] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  856.225923][T21374] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  856.261737][T21374] hsr_slave_0: entered promiscuous mode
[  856.263955][T21374] hsr_slave_1: entered promiscuous mode
[  856.266066][T21374] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  856.268355][T21374] Cannot create hsr debugfs directory
[  856.379084][T14790] usb 44-1: SetAddress Request (22) to port 0
[  856.380323][T21374] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  856.381080][T14790] usb 44-1: new SuperSpeed USB device number 22 using vhci_hcd
[  856.387035][T21374] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  856.399748][T21374] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  856.403831][T21374] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  856.469135][T21374] 8021q: adding VLAN 0 to HW filter on device bond0
[  856.482745][T21374] 8021q: adding VLAN 0 to HW filter on device team0
[  856.490778][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[  856.493062][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[  856.500193][   T46] bridge0: port 2(bridge_slave_1) entered blocking state
[  856.502799][   T46] bridge0: port 2(bridge_slave_1) entered forwarding state
[  856.535353][T21374] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  856.541502][ T1946] usb usb48-port1: unable to enumerate USB device
[  856.575373][T21391] vhci_hcd: connection reset by peer
[  856.577245][   T13] vhci_hcd: stop threads
[  856.578717][   T13] vhci_hcd: release socket
[  856.584743][   T13] vhci_hcd: disconnect device
[  856.650969][T21374] 8021q: adding VLAN 0 to HW filter on device batadv0
[  856.774762][T21374] veth0_vlan: entered promiscuous mode
[  856.780358][T21374] veth1_vlan: entered promiscuous mode
[  856.796817][T21374] veth0_macvtap: entered promiscuous mode
[  856.802135][T21374] veth1_macvtap: entered promiscuous mode
[  856.812156][T21374] batman_adv: batadv0: Interface activated: batadv_slave_0
[  856.817903][T21374] batman_adv: batadv0: Interface activated: batadv_slave_1
[  856.823022][T21374] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  856.825719][T21374] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  856.828725][T21374] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  856.831381][T21374] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  856.871589][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  856.873976][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  856.888320][   T73] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  856.891488][   T73] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  857.185809][T21416] FAULT_INJECTION: forcing a failure.
[  857.185809][T21416] name failslab, interval 1, probability 0, space 0, times 0
[  857.189850][T21416] CPU: 2 UID: 0 PID: 21416 Comm: syz.4.4340 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) 
[  857.189865][T21416] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  857.189872][T21416] Call Trace:
[  857.189876][T21416]  <TASK>
[  857.189880][T21416]  dump_stack_lvl+0x16c/0x1f0
[  857.189900][T21416]  should_fail_ex+0x512/0x640
[  857.189915][T21416]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[  857.189933][T21416]  should_failslab+0xc2/0x120
[  857.189944][T21416]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  857.189960][T21416]  ? __alloc_skb+0x2b2/0x380
[  857.189976][T21416]  __alloc_skb+0x2b2/0x380
[  857.189991][T21416]  ? __pfx___alloc_skb+0x10/0x10
[  857.190010][T21416]  netlink_ack+0x15d/0xb80
[  857.190026][T21416]  netlink_rcv_skb+0x332/0x420
[  857.190036][T21416]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  857.190051][T21416]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  857.190079][T21416]  ? ns_capable+0xd7/0x110
[  857.190094][T21416]  nfnetlink_rcv+0x1b3/0x430
[  857.190107][T21416]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  857.190119][T21416]  ? netlink_deliver_tap+0x1ae/0xd30
[  857.190136][T21416]  ? is_vmalloc_addr+0x86/0xa0
[  857.190154][T21416]  netlink_unicast+0x58d/0x850
[  857.190166][T21416]  ? __pfx_netlink_unicast+0x10/0x10
[  857.190182][T21416]  netlink_sendmsg+0x8d1/0xdd0
[  857.190195][T21416]  ? __pfx_netlink_sendmsg+0x10/0x10
[  857.190207][T21416]  ? __import_iovec+0x1dd/0x650
[  857.190220][T21416]  ____sys_sendmsg+0xa95/0xc70
[  857.190234][T21416]  ? __pfx_____sys_sendmsg+0x10/0x10
[  857.190245][T21416]  ? get_compat_msghdr+0x11a/0x170
[  857.190267][T21416]  ___sys_sendmsg+0x134/0x1d0
[  857.190283][T21416]  ? __pfx____sys_sendmsg+0x10/0x10
[  857.190312][T21416]  ? find_held_lock+0x2b/0x80
[  857.190332][T21416]  __sys_sendmsg+0x16d/0x220
[  857.190348][T21416]  ? __pfx___sys_sendmsg+0x10/0x10
[  857.190370][T21416]  ? rcu_is_watching+0x12/0xc0
[  857.190383][T21416]  __do_fast_syscall_32+0x7c/0x3a0
[  857.190400][T21416]  do_fast_syscall_32+0x32/0x80
[  857.190416][T21416]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  857.190430][T21416] RIP: 0023:0xf7f14579
[  857.190439][T21416] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  857.190449][T21416] RSP: 002b:00000000f501555c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  857.190460][T21416] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 0000000080000040
[  857.190466][T21416] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000
[  857.190473][T21416] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  857.190478][T21416] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  857.190485][T21416] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  857.190498][T21416]  </TASK>
[  857.190791][T21416] netlink: 20 bytes leftover after parsing attributes in process `syz.4.4340'.
[  857.551199][ T5971] Bluetooth: hci1: command tx timeout
[  858.004129][T21427] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6)
[  858.006185][T21427] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  858.009043][T21427] vhci_hcd vhci_hcd.0: Device attached
[  858.085874][   T61] usb 9-1: new high-speed USB device number 46 using dummy_hcd
[  858.125406][T21431] netlink: 24 bytes leftover after parsing attributes in process `syz.6.4334'.
[  858.237334][   T61] usb 9-1: Using ep0 maxpacket: 32
[  858.240872][   T61] usb 9-1: config 0 has an invalid interface number: 85 but max is 0
[  858.243392][   T61] usb 9-1: config 0 has no interface number 0
[  858.245322][   T61] usb 9-1: config 0 interface 85 has no altsetting 0
[  858.250114][   T61] usb 9-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72
[  858.252861][   T61] usb 9-1: New USB device strings: Mfr=1, Product=5, SerialNumber=3
[  858.255250][   T61] usb 9-1: Product: syz
[  858.258982][   T61] usb 9-1: Manufacturer: syz
[  858.260468][   T61] usb 9-1: SerialNumber: syz
[  858.269202][   T61] usb 9-1: config 0 descriptor??
[  858.272904][   T61] appletouch 9-1:0.85: Could not find int-in endpoint
[  858.278468][   T61] appletouch 9-1:0.85: probe with driver appletouch failed with error -5
[  858.282739][   T61] usbhid 9-1:0.85: couldn't find an input interrupt endpoint
[  858.313242][ T6044] usb 38-1: device descriptor read/8, error -110
[  858.521006][   T61] usb 9-1: USB disconnect, device number 46
[  858.802451][ T6044] usb usb38-port1: attempt power cycle
[  858.882007][T21428] vhci_hcd: connection closed
[  858.884898][   T60] vhci_hcd: stop threads
[  858.887888][   T60] vhci_hcd: release socket
[  858.889365][   T60] vhci_hcd: disconnect device
[  859.086581][T21393] ------------[ cut here ]------------
[  859.088761][T21393] refcount_t: underflow; use-after-free.
[  859.090810][T21393] WARNING: CPU: 3 PID: 21393 at lib/refcount.c:28 refcount_warn_saturate+0x14a/0x210
[  859.093703][T21393] Modules linked in:
[  859.096311][T21393] CPU: 3 UID: 0 PID: 21393 Comm: kbnepd bnep0 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) 
[  859.102438][T21393] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  859.106395][T21393] RIP: 0010:refcount_warn_saturate+0x14a/0x210
[  859.108614][T21393] Code: ff 89 de e8 f8 76 e2 fc 84 db 0f 85 66 ff ff ff e8 0b 7c e2 fc c6 05 4a 16 b9 0b 01 90 48 c7 c7 20 25 15 8c e8 87 cc a1 fc 90 <0f> 0b 90 90 e9 43 ff ff ff e8 e8 7b e2 fc 0f b6 1d 25 16 b9 0b 31
[  859.114600][T21393] RSP: 0018:ffffc90003a3f938 EFLAGS: 00010286
[  859.116492][T21393] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff817ab108
[  859.118955][T21393] RDX: ffff8880236c0000 RSI: ffffffff817ab115 RDI: 0000000000000001
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  859.121403][T21393] RBP: ffff88802b3ff078 R08: 0000000000000001 R09: 0000000000000000
[  859.123953][T21393] R10: 0000000000000000 R11: 0000000000000001 R12: ffff88805a096c00
[  859.126470][T21393] R13: ffff88802b3ff078 R14: ffffffff8607c160 R15: 0000000000000000
[  859.128929][T21393] FS:  0000000000000000(0000) GS:ffff888097820000(0000) knlGS:0000000000000000
[  859.131706][T21393] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  859.134211][T21393] CR2: 00000000fff04e40 CR3: 000000007959f000 CR4: 0000000000352ef0
[  859.136696][T21393] Call Trace:
[  859.137776][T21393]  <TASK>
[  859.138728][T21393]  klist_put+0x11b/0x1b0
[  859.140073][T21393]  device_del+0x1d8/0x9f0
[  859.141457][T21393]  ? __pfx_device_del+0x10/0x10
[  859.143464][T21393]  ? netdev_unregister_kobject+0x2da/0x540
[  859.145305][T21393]  unregister_netdevice_many_notify+0x1903/0x2700
[  859.147292][T21393]  ? rcu_is_watching+0x12/0xc0
[  859.148795][T21393]  ? __pfx_unregister_netdevice_many_notify+0x10/0x10
[  859.150895][T21393]  ? rtnl_net_dev_lock+0x146/0x360
[  859.152739][T21393]  ? __pfx___mutex_lock+0x10/0x10
[  859.154352][T21393]  unregister_netdevice_queue+0x305/0x3f0
[  859.156275][T21393]  ? __pfx_unregister_netdevice_queue+0x10/0x10
[  859.158242][T21393]  ? rtnl_net_dev_lock+0x28/0x360
[  859.159835][T21393]  ? rtnl_net_dev_lock+0x146/0x360
[  859.162063][T21393]  ? rtnl_lock+0x9/0x20
[  859.163524][T21393]  ? rtnl_net_dev_lock+0x146/0x360
[  859.165147][T21393]  unregister_netdev+0x1f/0x60
[  859.167093][T21393]  bnep_session+0x224e/0x2d80
[  859.168927][T21393]  ? __pfx_bnep_session+0x10/0x10
[  859.170734][T21393]  ? do_raw_spin_lock+0x12c/0x2b0
[  859.172505][T21393]  ? __pfx_woken_wake_function+0x10/0x10
[  859.174539][T21393]  ? rcu_is_watching+0x12/0xc0
[  859.176041][T21393]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  859.177860][T21393]  ? lockdep_hardirqs_on+0x7c/0x110
[  859.179501][T21393]  ? __kthread_parkme+0x19e/0x250
[  859.181769][T21393]  ? __pfx_bnep_session+0x10/0x10
[  859.183346][T21393]  kthread+0x3c2/0x780
[  859.184629][T21393]  ? __pfx_kthread+0x10/0x10
[  859.186089][T21393]  ? rcu_is_watching+0x12/0xc0
[  859.187581][T21393]  ? __pfx_kthread+0x10/0x10
[  859.189040][T21393]  ret_from_fork+0x5d7/0x6f0
[  859.190722][T21393]  ? __pfx_kthread+0x10/0x10
[  859.192404][T21393]  ret_from_fork_asm+0x1a/0x30
[  859.193913][T21393]  </TASK>
[  859.194898][T21393] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  859.197149][T21393] CPU: 3 UID: 0 PID: 21393 Comm: kbnepd bnep0 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) 
[  859.200855][T21393] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  859.204130][T21393] Call Trace:
[  859.205188][T21393]  <TASK>
[  859.206123][T21393]  dump_stack_lvl+0x3d/0x1f0
[  859.207569][T21393]  panic+0x71c/0x800
[  859.208798][T21393]  ? __pfx_panic+0x10/0x10
[  859.210206][T21393]  ? show_trace_log_lvl+0x29b/0x3e0
[  859.211830][T21393]  ? check_panic_on_warn+0x1f/0xb0
[  859.213453][T21393]  ? refcount_warn_saturate+0x14a/0x210
[  859.215168][T21393]  check_panic_on_warn+0xab/0xb0
[  859.216826][T21393]  __warn+0xf6/0x3c0
[  859.218089][T21393]  ? refcount_warn_saturate+0x14a/0x210
[  859.219838][T21393]  report_bug+0x3c3/0x580
[  859.221206][T21393]  ? refcount_warn_saturate+0x14a/0x210
[  859.222947][T21393]  handle_bug+0x184/0x210
[  859.224304][T21393]  exc_invalid_op+0x17/0x50
[  859.225749][T21393]  asm_exc_invalid_op+0x1a/0x20
[  859.227278][T21393] RIP: 0010:refcount_warn_saturate+0x14a/0x210
[  859.229210][T21393] Code: ff 89 de e8 f8 76 e2 fc 84 db 0f 85 66 ff ff ff e8 0b 7c e2 fc c6 05 4a 16 b9 0b 01 90 48 c7 c7 20 25 15 8c e8 87 cc a1 fc 90 <0f> 0b 90 90 e9 43 ff ff ff e8 e8 7b e2 fc 0f b6 1d 25 16 b9 0b 31
[  859.235107][T21393] RSP: 0018:ffffc90003a3f938 EFLAGS: 00010286
[  859.237005][T21393] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff817ab108
[  859.239472][T21393] RDX: ffff8880236c0000 RSI: ffffffff817ab115 RDI: 0000000000000001
[  859.241925][T21393] RBP: ffff88802b3ff078 R08: 0000000000000001 R09: 0000000000000000
[  859.244346][T21393] R10: 0000000000000000 R11: 0000000000000001 R12: ffff88805a096c00
[  859.246791][T21393] R13: ffff88802b3ff078 R14: ffffffff8607c160 R15: 0000000000000000
[  859.249240][T21393]  ? __pfx_klist_children_put+0x10/0x10
[  859.250969][T21393]  ? __warn_printk+0x198/0x350
[  859.252478][T21393]  ? __warn_printk+0x1a5/0x350
[  859.253992][T21393]  ? refcount_warn_saturate+0x149/0x210
[  859.255739][T21393]  klist_put+0x11b/0x1b0
[  859.257074][T21393]  device_del+0x1d8/0x9f0
[  859.258461][T21393]  ? __pfx_device_del+0x10/0x10
[  859.259985][T21393]  ? netdev_unregister_kobject+0x2da/0x540
[  859.261801][T21393]  unregister_netdevice_many_notify+0x1903/0x2700
[  859.263785][T21393]  ? rcu_is_watching+0x12/0xc0
[  859.265287][T21393]  ? __pfx_unregister_netdevice_many_notify+0x10/0x10
[  859.267379][T21393]  ? rtnl_net_dev_lock+0x146/0x360
[  859.268975][T21393]  ? __pfx___mutex_lock+0x10/0x10
[  859.270559][T21393]  unregister_netdevice_queue+0x305/0x3f0
[  859.272336][T21393]  ? __pfx_unregister_netdevice_queue+0x10/0x10
[  859.274276][T21393]  ? rtnl_net_dev_lock+0x28/0x360
[  859.275863][T21393]  ? rtnl_net_dev_lock+0x146/0x360
[  859.277578][T21393]  ? rtnl_lock+0x9/0x20
[  859.278904][T21393]  ? rtnl_net_dev_lock+0x146/0x360
[  859.280509][T21393]  unregister_netdev+0x1f/0x60
[  859.282021][T21393]  bnep_session+0x224e/0x2d80
[  859.283514][T21393]  ? __pfx_bnep_session+0x10/0x10
[  859.285114][T21393]  ? do_raw_spin_lock+0x12c/0x2b0
[  859.286703][T21393]  ? __pfx_woken_wake_function+0x10/0x10
[  859.288453][T21393]  ? rcu_is_watching+0x12/0xc0
[  859.289962][T21393]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  859.291780][T21393]  ? lockdep_hardirqs_on+0x7c/0x110
[  859.293438][T21393]  ? __kthread_parkme+0x19e/0x250
[  859.295395][T21393]  ? __pfx_bnep_session+0x10/0x10
[  859.297504][T21393]  kthread+0x3c2/0x780
[  859.299252][T21393]  ? __pfx_kthread+0x10/0x10
[  859.301231][T21393]  ? rcu_is_watching+0x12/0xc0
[  859.303268][T21393]  ? __pfx_kthread+0x10/0x10
[  859.305241][T21393]  ret_from_fork+0x5d7/0x6f0
[  859.307205][T21393]  ? __pfx_kthread+0x10/0x10
[  859.309164][T21393]  ret_from_fork_asm+0x1a/0x30
[  859.311196][T21393]  </TASK>
[  860.385873][T21393] Shutting down cpus with NMI
[  860.388101][T21393] Kernel Offset: disabled
[  860.389482][T21393] Rebooting in 86400 seconds..

VM DIAGNOSIS:
13:44:23  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000000000 RBX=0000000000000003 RCX=ffffffff8169f246 RDX=ffff888024f78000
RSI=ffffffff816a229c RDI=0000000000000000 RBP=ffff88805a096c00 RSP=ffffc90002e2f800
R8 =0000000000000000 R9 =0000000000000003 R10=0000000000000003 R11=0000000000000001
R12=0000000000000003 R13=0000000000000003 R14=ffff88802b23b380 R15=ffffed100b412d80
RIP=ffffffff816a229d RFL=00000093 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff888097520000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000801ea000 CR3=000000006f587000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=000000000000000e 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000002c5f89b RBX=0000000000000001 RCX=ffffffff8b847c69 RDX=0000000000000000
RSI=ffffffff8de2c794 RDI=ffffffff8c157960 RBP=ffffed1003bdc488 RSP=ffffc9000046fdf8
R8 =0000000000000001 R9 =ffffed1005666645 R10=ffff88802b33322b R11=0000000000000001
R12=0000000000000001 R13=ffff88801dee2440 R14=ffffffff90a9a150 R15=0000000000000000
RIP=ffffffff8b8467cf RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff888097620000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=000000002c7ecff8 CR3=000000006f587000 CR4=00352ef0
DR0=0000000000000001 DR1=0000000000000002 DR2=0000000000000004 DR3=0000000080000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 2

CPU#2
RAX=0000000000000000 RBX=0000000000000024 RCX=ffffffff84df8226 RDX=ffff888023222440
RSI=0000000000000040 RDI=0000000000000001 RBP=ffffc9000108f330 RSP=ffffc9000108f1f0
R8 =0000000000000001 R9 =0000000000000040 R10=0000000000000020 R11=0000000000000001
R12=1ffff92000211e48 R13=0000000000000020 R14=0000000000000000 R15=ffffffff8c15caf0
RIP=ffffffff81bb5ee0 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0000 0000000000000000 ffffffff 00c00000
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007f3f4f346300 ffffffff 00c00000
GS =0000 ffff888097720000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000008f000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=000055d205f01000 CR3=00000000514b1000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=00000000fcffc200 Opmask01=000000000000ffff Opmask02=00000000ffffffff Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000001 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000000001df8a 0000002c00000012 0004000000080024 0000000000280030
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000010fc 0000001400000000 0000000000000000 0000000000000015
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0008000180030408 000608001e080006 0070ba040000009b 0000000100000001
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0100000008060601 67e000080001b003 00080001a8030008 0001a00302080001
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 9803029008000803 0eb2270000000000 0006000000000000 0000000100000012
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0008000000000000 0000ffffffff0000 0002000000000005 0003000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4000000000110020 1402018408118003 1180020003000201 9003000800018803
ZMM24=d1b89957d1b89957 d1b89957d1b89957 d1b89957d1b89957 d1b89957d1b89957 d1b89957d1b89957 d1b89957d1b89957 d1b89957d1b89957 d1b89957d1b89957
ZMM25=57e4cd8557e4cd85 57e4cd8557e4cd85 57e4cd8557e4cd85 57e4cd8557e4cd85 57e4cd8557e4cd85 57e4cd8557e4cd85 57e4cd8557e4cd85 57e4cd8557e4cd85
ZMM26=4b5185e44b5185e4 4b5185e44b5185e4 4b5185e44b5185e4 4b5185e44b5185e4 4b5185e44b5185e4 4b5185e44b5185e4 4b5185e44b5185e4 4b5185e44b5185e4
ZMM27=9794431b9794431b 9794431b9794431b 9794431b9794431b 9794431b9794431b 9794431b9794431b 9794431b9794431b 9794431b9794431b 9794431b9794431b
ZMM28=000001500000014f 0000014e0000014d 0000014c0000014b 0000014a00000149 0000014800000147 0000014600000145 0000014400000143 0000014200000141
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=264e0000264e0000 264e0000264e0000 264e0000264e0000 264e0000264e0000 264e0000264e0000 264e0000264e0000 264e0000264e0000 264e0000264e0000
info registers vcpu 3

CPU#3
RAX=0000000000000049 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff85584895 RDI=ffffffff9b0ac980 RBP=ffffffff9b0ac940 RSP=ffffc90003a3f2a0
R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=0000000000000001
R12=0000000000000000 R13=0000000000000049 R14=ffffffff9b0ac940 R15=ffffffff85584830
RIP=ffffffff855848bf RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff888097820000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000d6000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000fff04e40 CR3=000000007959f000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 7c6fe4b4a6c13797 3691488d0cdcce78
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 b6c602066f4be12d a5536ce1b1ef4e8f
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 23d07a18699acb52 f15c2f7709200971
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 d007570f45ee4b98 92e734404194809a
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000002680
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000040
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000020900000000 4559782200800100
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000209 0000020900800100
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000209222a16ff 3f99719400ef097d
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000209455c0c74 455aec0e38f2aa4a
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0624d29eac26b8aa c29537f17fb67e1f
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 a3b078b3625679c4 e0b91be5e0f66537
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 a54ff53a3c6ef372 bb67ae856a09e667
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 5be0cd191f83d9ab 9b05688c510e527f
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000