last executing test programs:

2m16.449366893s ago: executing program 3 (id=527):
r0 = socket$pppoe(0x18, 0x1, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
madvise(&(0x7f000060c000/0x4000)=nil, 0x4000, 0x16)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r1 = socket$qrtr(0x2a, 0x2, 0x0)
connect$qrtr(r1, &(0x7f0000000000)={0x2a, 0x0, 0x2}, 0xc)
bind$qrtr(r1, &(0x7f00000000c0)={0x2a, 0x1}, 0xc)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2)
mq_timedsend(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
bpf$MAP_CREATE(0x141e000000000000, 0x0, 0x50)
ptrace(0x10, 0x1)
accept4(r1, &(0x7f0000000480)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @remote}, &(0x7f0000000040)=0x80, 0x800)
syz_emit_ethernet(0xe0, &(0x7f0000000680)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaabb8100deff0800481c00ce0066000002029078ffffffffe000000286090000000002033500000022089078640101027e0361ed5dc9d7ba63b1f73f356e585f1c2b8963faca2ea48e9e5a72db77127b80bcd4d7bd205795730b0c0ce480b9f14e798ac59be59108d0a71914481511adee3044bedd531553fcbfc72565c24faa23136c449bcd0ce38cb8688f16bb0c741f4e703fd7c027ebe9356908da02330d3cc4c2b9eb7cbfd8c6b235a24a8f606994b4a64020c496c736df9411107bccd967fb589302564b63400a0d256e9ef48ee52b21f7f2a3"], 0x0)
setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x17, 0x0, 0x0)
ioctl$PPPOEIOCDFWD(r0, 0x40047459, 0x1000000000000)

2m15.442430371s ago: executing program 3 (id=536):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000009c0)=ANY=[@ANYBLOB="140000001000010000000000000003000000000a20000000000a01010000000000000000010000000900010073797a30000000003c000000090a010400000000000000180100000008000a40000000000900020073797a32000000000900010073797a30000000000800054000000008740000000c0a95c900000000000000000100000008000440000000000900010073797a300000000038000380340000800400018004000680140007800c000100636f756e7465720004000280140001800c0001"], 0xe4}}, 0x0)

2m15.442028346s ago: executing program 3 (id=537):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
symlink(&(0x7f0000000340)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000680)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
readlinkat(0xffffffffffffff9c, &(0x7f0000000100)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xffffffffffffffff, 0xb4)
readlink(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000200)=""/59, 0x3b)
sendmsg$nl_route(r0, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000040)=@ipv6_getanyicast={0x14, 0x3e, 0x0, 0x70bd2b, 0x25dfdbfb, {}, ["", ""]}, 0x14}}, 0x20004000)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x1020000, &(0x7f0000000380)={[{@nfs_export_off}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@uuid_null}]})
r1 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
mknodat$loop(r1, &(0x7f0000001600)='./file1\x00', 0x0, 0x0)
chdir(&(0x7f00000003c0)='./bus\x00')
openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x64)
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00', <r4=>0x0})
sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=@bridge_dellink={0x2c, 0x11, 0x5, 0x0, 0x0, {0x7, 0x0, 0x0, r4, 0xa000}, [@IFLA_AF_SPEC={0xc, 0x1a, 0x0, 0x1, [@AF_INET={0x8, 0x4, 0x0, 0x1, {0x4, 0x8}}]}]}, 0x2c}}, 0x0)
linkat(r1, &(0x7f0000000100)='./file1\x00', r1, &(0x7f0000000240)='./file0\x00', 0x0)
r5 = socket$inet_tcp(0x2, 0x1, 0x0)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x6, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="18020000f9ffffff0000000000000000850000002c00000095"], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r7=>0x0})
setitimer(0x1, &(0x7f0000000440)={{0x0, 0xea60}, {0x77359400}}, 0x0)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000340)={r6, r7, 0x25, 0x0, @val=@iter={0x0}}, 0x20)
ioctl$sock_inet6_SIOCDIFADDR(r1, 0x8936, &(0x7f0000000200)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x2f, r7})
unlink(&(0x7f0000000280)='./file1\x00')
creat(&(0x7f00000002c0)='./file0\x00', 0x6)

2m15.378575885s ago: executing program 3 (id=538):
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f00000003c0)="5c00000013006bcd9e3fe3dceb48aa31086b8703110000001fa1ff0000000000040014000d000a000d00ff009ee517d34460bc24eab556a705251e6182949a3651f60a84c9f5d1938037e786a6d0bdd7fcf50e4509c5bb5a00f69853", 0x5c}], 0x1, 0x0, 0x0, 0x1f000801}, 0x0)

2m15.378297836s ago: executing program 3 (id=539):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000380)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f0000000040)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000080)='rpc_clnt_new\x00', r0, 0x0, 0xb9b}, 0x18)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="11000000040000000400000002"], 0x48)
bpf$BPF_GET_MAP_INFO(0x3, &(0x7f0000000080)={r1, 0x58, &(0x7f00000003c0)}, 0x10)
r2 = dup(0xffffffffffffffff)
write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000000000000000000001e000000950000000000000029da8e9b4a652b58dab85b7a3648b3d789aea2d6811d472a21dbc12d7ef040ce255bbbe8add35dfd92a6a64213e6f77249e94014"], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x0, r2, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r4 = dup(r3)
r5 = syz_io_uring_setup(0x2b9, &(0x7f0000000740)={0x0, 0xb1e9, 0x10100, 0x0, 0x0, 0x0, r4}, &(0x7f0000000080)=<r6=>0x0, &(0x7f00000001c0)=<r7=>0x0)
syz_io_uring_submit(r6, r7, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r3, 0x0, 0x0, 0x0, {}, 0x1})
io_uring_enter(r5, 0x2ded, 0xef92, 0x0, 0x0, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0}, 0x30)
r8 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
ioctl$SG_SET_FORCE_PACK_ID(r8, 0x227b, &(0x7f00000000c0)=0x1)
r9 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r9, &(0x7f0000000040)={0x0, 0x20, &(0x7f0000002580)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="140000002500010000000000f100000006"], 0x14}], 0x1, 0x0, 0x0, 0x400048c0}, 0x0) (fail_nth: 34)

2m15.121731188s ago: executing program 3 (id=540):
creat(&(0x7f0000000240)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000500)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15)
syz_open_dev$media(&(0x7f0000000040), 0x20, 0x0)
r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/sysvipc/msg\x00', 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
mount$9p_fd(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000180), 0x0, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}})
r4 = dup(r1)
write$FUSE_BMAP(r4, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r4, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r4])
chmod(&(0x7f0000000140)='./file0\x00', 0x0)
r5 = creat(&(0x7f0000000300)='./file0\x00', 0x0)
pwritev2(r5, &(0x7f0000000180)=[{&(0x7f0000000340)='L', 0x1}], 0x1, 0x8, 0x10000007, 0x0)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000000540)={'wlan0\x00', <r8=>0x0})
sendmsg$NL80211_CMD_NEW_KEY(r7, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000000)={0x3c, r6, 0x801, 0x70bd28, 0x0, {{}, {@val={0x8, 0x3, r8}, @void}}, [@NL80211_ATTR_KEY={0x20, 0x50, 0x0, 0x1, [@NL80211_KEY_TYPE={0x8, 0x7, 0x2}, @NL80211_KEY_DATA_WEP104={0x11, 0x1, "ea28e0749e26ee9b5e442b2c60"}]}]}, 0x3c}}, 0x0)
r9 = socket$nl_xfrm(0x10, 0x3, 0x6)
r10 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a000000020000000110000007"], 0x50)
r11 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000600), 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r11, 0xc08c5332, &(0x7f00000003c0)={0x9c9, 0x0, 0x0, 'queue1\x00', 0x200000})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r11, 0x40605346, &(0x7f0000000280)={0x0, 0x0, {0x3, 0x0, 0x40000000}, 0x8})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r10, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r12 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r12, 0x2000000, 0xe, 0x0, &(0x7f00000004c0)="630b008646dc3f0adf33c9f7b986", 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x2}, 0x50)
sendmsg$nl_xfrm(r9, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000280)=@newsa={0x164, 0x10, 0x1, 0x0, 0x0, {{@in6=@dev, @in6=@private2}, {@in=@remote, 0x0, 0x6c}, @in6=@mcast2, {}, {}, {}, 0x0, 0x0, 0xa}, [@replay_esn_val={0x2c, 0x17, {0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0]}}, @algo_comp={0x48, 0x3, {{'lzjh\x00'}}}]}, 0x164}}, 0x0)

1m59.042877161s ago: executing program 32 (id=540):
creat(&(0x7f0000000240)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000500)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15)
syz_open_dev$media(&(0x7f0000000040), 0x20, 0x0)
r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/sysvipc/msg\x00', 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
mount$9p_fd(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000180), 0x0, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}})
r4 = dup(r1)
write$FUSE_BMAP(r4, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r4, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r4])
chmod(&(0x7f0000000140)='./file0\x00', 0x0)
r5 = creat(&(0x7f0000000300)='./file0\x00', 0x0)
pwritev2(r5, &(0x7f0000000180)=[{&(0x7f0000000340)='L', 0x1}], 0x1, 0x8, 0x10000007, 0x0)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000000540)={'wlan0\x00', <r8=>0x0})
sendmsg$NL80211_CMD_NEW_KEY(r7, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000000)={0x3c, r6, 0x801, 0x70bd28, 0x0, {{}, {@val={0x8, 0x3, r8}, @void}}, [@NL80211_ATTR_KEY={0x20, 0x50, 0x0, 0x1, [@NL80211_KEY_TYPE={0x8, 0x7, 0x2}, @NL80211_KEY_DATA_WEP104={0x11, 0x1, "ea28e0749e26ee9b5e442b2c60"}]}]}, 0x3c}}, 0x0)
r9 = socket$nl_xfrm(0x10, 0x3, 0x6)
r10 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a000000020000000110000007"], 0x50)
r11 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000600), 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r11, 0xc08c5332, &(0x7f00000003c0)={0x9c9, 0x0, 0x0, 'queue1\x00', 0x200000})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r11, 0x40605346, &(0x7f0000000280)={0x0, 0x0, {0x3, 0x0, 0x40000000}, 0x8})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r10, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r12 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r12, 0x2000000, 0xe, 0x0, &(0x7f00000004c0)="630b008646dc3f0adf33c9f7b986", 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x2}, 0x50)
sendmsg$nl_xfrm(r9, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000280)=@newsa={0x164, 0x10, 0x1, 0x0, 0x0, {{@in6=@dev, @in6=@private2}, {@in=@remote, 0x0, 0x6c}, @in6=@mcast2, {}, {}, {}, 0x0, 0x0, 0xa}, [@replay_esn_val={0x2c, 0x17, {0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0]}}, @algo_comp={0x48, 0x3, {{'lzjh\x00'}}}]}, 0x164}}, 0x0)

1m8.667251942s ago: executing program 4 (id=1111):
r0 = syz_io_uring_setup(0x24fe, &(0x7f0000000300)={0x0, 0xf36e, 0x10100, 0x4}, &(0x7f0000000100), &(0x7f0000000140))
io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000001480)=[{0x0}], 0x1)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000040)={'wlan1\x00', {0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x33}}})
msgsnd(0x0, 0x0, 0x4000, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000280)=0x7)
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
setsockopt$bt_BT_DEFER_SETUP(r2, 0x112, 0xd, 0x0, 0x0)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_group_source_req(r6, 0x29, 0x2e, &(0x7f0000000000)={0x3, {{0xa, 0x0, 0x0, @mcast2}}, {{0xa, 0x0, 0x6, @ipv4={'\x00', '\xff\xff', @local}}}}, 0x108)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff)
r8 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r8, &(0x7f00000000c0), 0x12)
sendmsg$NL80211_CMD_SET_WIPHY_NETNS(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)={0x44, r7, 0x200, 0x70bd2d, 0x25dfdbff, {{}, {@val={0x8, 0x1, 0x78}, @void, @void}}, [@NL80211_ATTR_WDEV={0xc, 0x99, {0x1, 0x2b}}, @NL80211_ATTR_IFINDEX={0x8}, @NL80211_ATTR_NETNS_FD={0x8, 0xdb, r8}, @NL80211_ATTR_WDEV={0xc, 0x99, {0x0, 0x4}}]}, 0x44}, 0x1, 0x0, 0x0, 0x400c080}, 0xc000)
getsockopt$inet6_buf(r6, 0x29, 0x30, 0x0, &(0x7f0000001000))
openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
sendmsg$IPSET_CMD_TYPE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000440)=ANY=[], 0x38}, 0x1, 0x0, 0x0, 0x800}, 0x4c)
r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r9, &(0x7f0000000180)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r9, 0x0)

1m7.588515039s ago: executing program 4 (id=1118):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000009c0)=ANY=[@ANYBLOB="140000001000010000000000000000000100000a20000000000a01010000000000000000010000000900010073797a30000000003c000000090a010400000000000000180100000008000a40000000000900020073797a32000000000900010073797a30000000000800054000000008740000000c0a95c900000000000000000100000008000440000000000900010073797a300000000038000380340000800400018004000680140007800c000100636f756e7465720004000280140001800c0001"], 0xe4}}, 0x0)

1m7.524549405s ago: executing program 4 (id=1119):
ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x0, 0x2})
r0 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000180)={0xffffff}, 0x10)
write(r0, &(0x7f0000000000)="240000001a005f0214f9f407000904001f00000000000000000000000800110001000000", 0x24)
syz_open_dev$sndpcmp(0x0, 0x0, 0x0)
r1 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
shutdown(r1, 0x1)
connect$bt_rfcomm(r1, &(0x7f0000000200)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x15}, 0xa)

1m7.5188555s ago: executing program 4 (id=1121):
r0 = syz_init_net_socket$nfc_raw(0x27, 0x5, 0x0)
recvmmsg(r0, &(0x7f0000000100)=[{{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f00000003c0)=""/232, 0xe8}], 0x1, &(0x7f00000004c0)=""/4096, 0x1000}, 0x1800}], 0x1, 0x40, 0x0)
setsockopt$sock_int(r0, 0x1, 0x7, &(0x7f0000000140)=0x8, 0x4)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
socket$kcm(0x2, 0xa, 0x2)
bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = socket$inet_sctp(0x2, 0x5, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0xd, &(0x7f0000000000)=@assoc_value, &(0x7f0000000240)=0x1f)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x850)
ioctl$TUNGETVNETHDRSZ(r1, 0x800454d7, &(0x7f0000000080))
r3 = openat$tun(0xffffff9c, &(0x7f0000000040), 0xc0000, 0x0)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}})
pipe2$watch_queue(&(0x7f00000002c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0x80)
mkdir(&(0x7f0000000200)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x1048001, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r4])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x2, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r5 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000042c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r5, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
futimesat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000300), 0x208002, 0x0)
syz_extract_tcp_res$synack(&(0x7f0000000340)={<r7=>0x41424344}, 0x1, 0x0)
syz_extract_tcp_res$synack(&(0x7f0000000380)={<r8=>0x41424344}, 0x1, 0x0)
write$tun(r6, &(0x7f00000014c0)=ANY=[@ANYBLOB="6a03eb81039906ff20010000000000000000000000000001fe80000000000000000000000000001087000251680000003312040908100d0000000000000000000000000000000000fc020000000000000000000000000000fc010000000000000000000000000000fe8000000000000000000000000000bb20010000000000000000000000000002ff010000000000000000000000000001fe800000000000000000000000000011fe8000000000000000000000000000aaff0200000000000000000000000000012b0e0407e438020020010000000000000000000000000001ff010000000000000000000000000001fc010000000000000000000000000000fe8800000000000000000000000001010000000000000000000000000000000000000000000000000000ffffac1414bbff0100000000000000000000000000012b1004080208030000000000000000000000ffffe000000100000000000000000000ffffffffffffff010000000000000000000000000001fc000000000000000000000000000001fe880000000000000000000000000101fc010000000000000000000000000000fc000000000000000000000000000001fe8800000000000000000000000001013b00ff39680000002c100000000000000001000658f219334c87713c2c13d03e91e1a46845508681515e8d7ec3fe036861db7af39cc109222c5ecf4a8b37aab5796753aedd5e0d238538606158d84bc5968d7464a792ea0162c6d10d11a5ce67e79b8ca2c49c794dd4c07a7a50071000000002020408000600000000000000c910ff01000000000000000000000000000100000000000000320600020000000000000000000000000000000000000000fe80000000000000000000000000000afc0100000000000000000000000000009a02040106000500fc010000000000000000000000000001020000000000000001010000000000004e214e21", @ANYRES32=r7, @ANYRES32=r8, @ANYBLOB="91010003907800051310b66c79674669ca7908d3f1bceead1c053c52db0303031e0a0b405411207e7a1102040300fe06e2d4c3d9fe06e2d4c3d91e1023070700000000000000f95a0000080a000000087290b20001000000119629b3e8d5ef4d065628d05f83f9e85508e2c43d42fabecaace1bd4a73a06e4f26c1868f7584e8d930fade728296354b33de32cf67ee47bd82e7c4417e36268fb97257d1db853d856d3b62ffab1c1b9f5e01f6c81d28c62a133c3b702e76a049e7dfcef0f45b671a293e2c901be16dd3281fdbbff70a83ce52ab21672de5541a53465d2e1751e3660213286f927b1fc99db48f28034e96cc9d7a2c86"], 0x3c1)
write$tun(r1, &(0x7f0000000280)={@val={0x6f01, 0x800}, @val={0x1, 0x0, 0x0, 0x0, 0x20}, @mpls={[], @ipv4=@tcp={{0x5, 0x4, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x84, 0x0, @empty=0x3fffffff, @local}, {{0x0, 0x0, 0x41424344, r8, 0x0, 0x5, 0xb, 0x0, 0x700, 0x0, 0x14, {[@window={0x9, 0x3}, @timestamp={0x5, 0xa}, @generic={0x0, 0x8, "d58838068b91"}]}}}}}}, 0x4e)

1m6.582859773s ago: executing program 4 (id=1127):
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f00000003c0)="5c00000013006bcd9e3fe3dceb48aa31086b8703110000001fa1ff0000000000040014000d000a000d0000079ee517d34460bc24eab556a705251e6182949a3651f60a84c9f5d1938037e786a6d0bdd7fcf50e4509c5bb5a00f69853", 0x5c}], 0x1, 0x0, 0x0, 0x1f000801}, 0x0)

1m6.261666543s ago: executing program 4 (id=1129):
ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x0, 0x2})
r0 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000180)={0xffffff}, 0x10)
write(r0, &(0x7f0000000000)="240000001a005f0214f9f407000904001f00000000000000000000000800110001000000", 0x24)
syz_open_dev$sndpcmp(0x0, 0x0, 0x0)
r1 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
shutdown(r1, 0x1)
connect$bt_rfcomm(r1, &(0x7f0000000200)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x15}, 0xa)

1m6.211656401s ago: executing program 33 (id=1129):
ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x0, 0x2})
r0 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000180)={0xffffff}, 0x10)
write(r0, &(0x7f0000000000)="240000001a005f0214f9f407000904001f00000000000000000000000800110001000000", 0x24)
syz_open_dev$sndpcmp(0x0, 0x0, 0x0)
r1 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
shutdown(r1, 0x1)
connect$bt_rfcomm(r1, &(0x7f0000000200)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x15}, 0xa)

3.900417748s ago: executing program 0 (id=1624):
r0 = socket$inet(0x2, 0x3, 0x2)
r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x0, 0x2042)
write$uinput_user_dev(r1, &(0x7f0000000400)={'syz0\x00', {0x7, 0x4, 0x6, 0xfffa}, 0x1d, [0x6, 0xc95a, 0xfffffff3, 0x9, 0x7f, 0x7, 0x10001, 0x7f, 0x6, 0x4d, 0xfffffff2, 0x5c, 0x3, 0x40000003, 0xffff2d37, 0x1dd2, 0x6, 0x7, 0x2, 0x80000001, 0x7, 0x9, 0xffff, 0x3c5b, 0x1, 0x24, 0x3, 0xfffffffe, 0x800, 0x2, 0x7, 0x3, 0xf, 0x3, 0x7fff, 0x4c74, 0xf, 0x8001, 0x4, 0xa, 0x0, 0x80071, 0x5, 0xfffff000, 0x103, 0x0, 0x5, 0x3c, 0x4, 0x1, 0x1000, 0x3, 0x5, 0x4, 0x8, 0x0, 0x80, 0x2, 0x5, 0xa, 0x8, 0x7, 0x1, 0xfffffffe], [0x10000007, 0xfffd, 0xfff, 0x8000, 0xc, 0xfffffff5, 0x129432e6, 0x3, 0x6, 0x0, 0x2bf, 0x8, 0x9, 0xffff7ffe, 0x3, 0x4002, 0x101, 0x5, 0x2f, 0xe, 0xfff, 0x78, 0x10000ea4, 0xa, 0xe, 0x0, 0x8000, 0xb, 0x400, 0x101, 0x0, 0xfffffffd, 0xff, 0x1005, 0x7ff, 0x5f31, 0x7, 0x6000000, 0x6, 0x2, 0xc, 0x4, 0x9, 0x8, 0x6, 0x6, 0x5, 0x0, 0x1, 0x0, 0xffff, 0x2000002, 0x7f, 0xb, 0xfff, 0x1000, 0x4, 0x143, 0x7, 0xb, 0x8009, 0x48c93690, 0x6, 0x3], [0x7, 0x4, 0x0, 0x64e, 0xfffffdfe, 0x5, 0x8d2, 0x9, 0x5, 0xfffffff7, 0x0, 0x5, 0xb, 0x4, 0x5, 0x5, 0x0, 0x1ef, 0x5, 0x8, 0x98f, 0x2, 0x10000009, 0x3ea, 0xb, 0x5, 0x6, 0x2, 0xf, 0x88, 0x0, 0x5, 0x5, 0x3b, 0x3, 0x5, 0x80, 0x3, 0xfffffffe, 0x202, 0x0, 0xa2, 0x7, 0x53cf697b, 0x1, 0x6, 0x54fe12d2, 0xbf, 0x200, 0x0, 0x400002, 0x3, 0x4, 0x5, 0xf23, 0x0, 0x400, 0xfffffffb, 0x120000, 0x3, 0x6, 0x9, 0x4, 0x3], [0x9, 0x7e06, 0x3, 0xb, 0x5, 0x938, 0xeb, 0x3, 0x0, 0x5, 0xce7, 0x1ff, 0x6, 0x5, 0x5, 0x0, 0x101, 0x10003, 0x2006, 0x7fff, 0x8ffff, 0xfffffffb, 0x2, 0x5, 0x1, 0x2, 0x14c, 0x60a7, 0x6, 0x6, 0x400007, 0x2, 0x5, 0x735, 0x8, 0x3, 0x50fd, 0x10001, 0x3, 0x9, 0x54, 0x9602, 0xa, 0x2, 0x80000007, 0x6, 0x1, 0x10000, 0xffff7ffe, 0x8, 0x2b94, 0xa1f, 0x8, 0x9, 0x1, 0x6c1b, 0x2d513b50, 0x4, 0x5, 0x4b1c, 0x1, 0xa, 0xffff7441, 0xfff]}, 0x45c)
ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r1, 0xc018937d, &(0x7f00000001c0)={{0x1, 0x1, 0x18, <r2=>r0, {0xc58e}}, './file0\x00'})
syz_io_uring_setup(0x417c, &(0x7f0000000240)={0x0, 0x4, 0x10100, 0x3, 0x17b, 0x0, r2}, 0x0, &(0x7f0000000140))

3.899505502s ago: executing program 0 (id=1625):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)=ANY=[@ANYBLOB="14000000103f010000000000000000000100000a20000000000a01040000000000000000010000030900010073797a30000000002c000000030a01010000000000000000010000000900010073797a30000000000900030073797a3200000000a0000000060a010400000000000000000100000008000b400000000078000480340001800b000100657874686472000024000280080001400000000c080003400000000008000440000000220500020007000000400001800c0001006269747769736500300002800800034000000002080001400000001408000240000000120c000780080001001f00000708000640000000010900010073797a30"], 0x114}}, 0x0)

3.801417184s ago: executing program 0 (id=1627):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000200), 0x84042, 0x0)
r1 = syz_open_dev$loop(&(0x7f0000000080), 0x47ffffa, 0x122c42)
ioctl$LOOP_CONFIGURE(r1, 0x4c0a, &(0x7f0000001ac0)={r0, 0x0, {0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x3, 0x1c, "ff9f020bbe82b398b1c4369d03740250ceaac594b1b3d741dd17c1ac0d38ef2a565ef1e8336300", "a9103939c787a16c1ca43f80026d1f3c4da06963dd89d130e04d528539f3d3289737f0374c72a964a02447a75df8a69ea917deb7ba193b7e7772fd29f35239d2", "24431a1e77a68e174f000000000000000010e200", [0xfffffffffffffffe, 0x87e]}})
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_IRQCHIP(r3, 0x4048aec9, &(0x7f0000000140)={0x6, 0x0, @pic={0x8, 0x1, 0xe, 0x0, 0x7, 0xd0, 0x9, 0x5, 0x6, 0x8, 0x3, 0xa, 0x80, 0x26, 0x5, 0x80}})
ioctl$LOOP_SET_STATUS64(r1, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x3, 0x0, 0x6, 0x19, 0xd, "89753015418ab0df6afb245518580ce0c8bf604cca41f31c108938fcfa393ef569e0bcf244bb4b23555b13ecab66c7d257a037d0f08e8ad896ba67a07696defa", "8b609009aaa722687f3f2513d754f688a9e306ee1dba533f02e1b69da6e26ec889fce40080000027cc7d24fdc26f1a95d702020000e4b8fb1703e47463b969e4", "ca1b97448abe996b48e2b870128218a0d22915216fddb100", [0x7, 0x7]})
syz_open_dev$vim2m(&(0x7f0000000000), 0x80000001, 0x2)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x3, 0x3, &(0x7f0000000140)=@framed={{0x18, 0x7}}, &(0x7f0000000040)='GPL\x00', 0x2, 0x92, &(0x7f0000000240)=""/146, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)

3.733022224s ago: executing program 2 (id=1628):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
syz_init_net_socket$x25(0x9, 0x5, 0x0)
getsockopt$EBT_SO_GET_INFO(0xffffffffffffffff, 0x0, 0x80, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r2 = dup(r1)
write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd74)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl802154(0x0, 0xffffffffffffffff)
sendmsg$NL802154_CMD_GET_SEC_DEVKEY(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB, @ANYRES16=r4, @ANYBLOB="0103fcffffff000000002b0000000c0006000100000001000000"], 0x20}}, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wlan1\x00'})
r5 = socket$netlink(0x10, 0x3, 0x0)
r6 = socket(0x10, 0x803, 0x0)
sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r6, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0)
getsockname$packet(r6, &(0x7f0000000600)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14)
sendmsg$nl_route(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=ANY=[@ANYRESHEX=r2, @ANYRES16=r0, @ANYRESHEX=r4], 0x3c}, 0x1, 0x0, 0x0, 0x80000}, 0x40000)
sendmsg$nl_route(r6, &(0x7f0000000280)={0x0, 0xfffffffffffffe0f, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[], 0x3c}, 0x1, 0x0, 0x0, 0x800}, 0xc0b0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={0x0}}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={0x0, 0x58}, 0x1, 0x0, 0x0, 0x24004004}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'batadv_slave_1\x00'})
r8 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
syz_emit_ethernet(0x3e9, &(0x7f0000000940)=ANY=[@ANYBLOB="aaaaaaaaaaaa0180c200000e8848000f0f0000000000000000006004d6d503a73a0100000000000000000000ffffe0000001200100000000000000000000000000000416000000000000c91000000000000000000000ffffffffffff00010007180000000104260f000800000000000000db0c0000000000000502000a00010001010004010304704753d7e3687e18b6ed3f36731408b958b9c6e3359f6677f2071b35368f8572e32718a01f7655c648ffa4d32c65e04697e54758f348d33b1d3b3931fd49cb28266ed69f22218dd80789e148851589dca8d406d8e473070def9d6bcc57b6f8e7ff8795d643ba21937acad9040104010400000000000612010300000000fe8000000000000000000000000000bb0000000000000000000000000000000000000000000000000000ffffe0000002fc000000000000000000000000000001fe8000000000000000000000000000bbfc010000000000000000000000000001fe80000000000000000000000000000aff010000000000000000000000000001fe80000000000000000000000000000c040090780000000463d747d30c0d3200fc010000000000000000000000000000000000000000000000000000000000000604016c00000000fe880000000000000000000000000101000000000000000000000000000000003300000000000000050200090401f5001600022165000000110000000073000000270404026738ff00fc010000000000000000000000000001200100000000000000000000000000013b01000000000000050200050001000502000400000000002c11000000000000050202040502000104010205129c53eb3ae340a84cd1dada8d5bd74246b2e744285609d6a7c11c87257a6bef8d60a00624ff4921085d5cb8d8f394b1630a21d8943a918a127b9dc488392943d48e85d698159f98db88968a8af225097a91c1e12c649516ca1731fd12a2551bf5890570743705ff23e04a2ac1e1b88401080000000000000000010200000000000000002900013167000000dd3dfb4d8cf15bf6b843ddc33e8b503e922649d9431fafcb28a5c122e0dea111c3472aa0a02cc4691ab7ee946b9a6e23b528da4ad7961cf7439ad6863290996be32ef73ab490414f65e22e1f7fe45f984fe2387f81ec7eac54a5ab4f7e1c73750f23964ada01f0be80155de0d307f0c8b923e0d3d17b7ce62ba94389a5af985f44b8da6123321afc6846610f01d67964beebe616a77c25a9683c55a0baf2b8ef6d659d6247046e34efcfd91862436e029ec2f46eebcd1a18f3adcb18918ac5f7c9ac0761a1025ed55f593a21f1998aa26b7ff7dde6e06627b693874c4ead78594a0a340f5bdd47f6c49e8987f179f124e8a0d1a278865982149f7f6b27304a309e5ebca62a09f051a247ffea01f2243ce18a3491488666a2ea419fb6e650e74ed55951716cc81d2a4f3f092ddf8ab359dee86f94bacee0be2966a13946b566334dfaaf5d0b85a48a4906ce05488a1405e9304ffd94d16bb8d95a44f3bf0e212d10285d37ad8eb62826797deb4ffc39c27a2fce6e926308320e8160ebed3b119569784843724b57e909b23bbde6403dd2f8d06faef8aa4eb44edf6161df41a531879b13d466925f5e86f899ee60330e193f8d8b91e00677fb3826e131e363e123b6765ba68cbc8490804a372a8f407e6d3487b68b95a409cae9c00a59e78a4f1057ddb1c9e7081769f3de943731da1d732d1e1cbf2ab00385b1b91e4b6659e1e0476dcd9e1f0e708f82028609b7278fd5366ea74c4874292e5c0829e7cc92424c6e18e821a3736b57948b40000000"], 0x0)
recvmsg(r8, &(0x7f0000000500)={0x0, 0x0, 0x0}, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="300000001000010000003a194618000000008553", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32=0x0, @ANYBLOB="08001b"], 0x30}}, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f00000003c0), 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)

3.396669278s ago: executing program 0 (id=1629):
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x2, @pix={0x1, 0x0, 0x50424752, 0x8, 0xf43, 0x7, 0x6, 0x1, 0x1, 0x6, 0x1, 0x5}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8d}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000)={<r0=>0x0}, &(0x7f0000000100)=0xc)
capget(&(0x7f0000000280)={0x19980330, r0}, &(0x7f0000000300)={0xfff, 0x9, 0x5, 0x2, 0x3, 0x8})
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sendmsg$IPSET_CMD_DESTROY(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000400)=ANY=[@ANYBLOB="280008d10306010200000000000000000500000005000100070000000900020073797a3100000000"], 0x28}, 0x1, 0x0, 0x0, 0x8005}, 0x20000840)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000240)='clear_refs\x00')
writev(r2, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x20000004)
syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff)
r3 = socket$nl_route(0x10, 0x3, 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000340)={'bridge0\x00', <r4=>0x0})
r5 = socket(0x28, 0x80004, 0x0)
connect$inet6(r5, &(0x7f00000002c0)={0xa, 0x4e23, 0xa0000000, @mcast2, 0x3}, 0x1c)
sendmsg$nl_route_sched(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x1, 0x2000000, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xfff3}}}, 0x24}, 0x1, 0x0, 0x0, 0x1f}, 0x0)
mknod$loop(0x0, 0x2000, 0x1)
r6 = syz_open_dev$usbfs(0x0, 0x74, 0x101301)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, 0x0, &(0x7f0000000440))
ioctl$USBDEVFS_IOCTL(r6, 0xc0105512, &(0x7f0000000040)=@usbdevfs_connect)
socket$nl_generic(0x10, 0x3, 0x10)

2.984357902s ago: executing program 5 (id=1633):
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCL_GETMOUSEREPORTING(r0, 0x5412, &(0x7f0000000640)=0x13)
r1 = syz_io_uring_setup(0x231, &(0x7f0000000080)={0x0, 0x0, 0x10100, 0x0, 0x1}, &(0x7f0000000000)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_io_uring_submit(r2, r3, &(0x7f00000009c0)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd_index=0x3, 0xffffffffffffffff, 0x0})
io_uring_enter(r1, 0x7a98, 0x0, 0x0, 0x0, 0x0)
ioctl$TCSETA(r0, 0x5406, &(0x7f00000001c0)={0x9, 0xfe, 0xff82, 0xa, 0x30})

2.984178347s ago: executing program 5 (id=1634):
r0 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@broute={'broute\x00', 0x20, 0x0, 0x90, [0x1000000, 0x0, 0x0, 0x0, 0xfffff9, 0x800005c0], 0x0, 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="0000000000000000000000ff00000000000000000000000020000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000c3000000000000000000000000000000000000000000000000000000feffffff000000"]}, 0xe0)

2.907990718s ago: executing program 5 (id=1635):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000f80)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000a1ac27dbbdad29b50bf11c9229752690e3a4cd635e2ff1a9f6cddc21597777add7fd87ae96ae66df9c945f0334998f205b316559f04aac7e5c16062c13396c7573f7ff9d3e0aeb3acf2be7423e72c406e5ce8a", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x11, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000ffffffff000000000000000085000000a8000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000000000085000000a800000095"], &(0x7f0000000b00)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r1 = syz_open_procfs$namespace(0x0, &(0x7f0000000080)='ns/uts\x00')
ioctl$NS_GET_USERNS(r1, 0xb701, 0x0)
mkdir(0x0, 0x0)
r2 = openat$sequencer(0xffffff9c, 0x0, 0x88302, 0x0)
openat$audio(0xffffffffffffff9c, 0x0, 0x20301, 0x0)
ioctl$SNDCTL_SEQ_GETOUTCOUNT(r2, 0x4004510d, 0x0)
connect$bt_l2cap(0xffffffffffffffff, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
ioctl$sock_bt_hidp_HIDPCONNADD(0xffffffffffffffff, 0x400448c8, 0x0)
syz_open_dev$dri(&(0x7f0000000040), 0x7, 0x7c1a80)
syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff)
r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
sched_setscheduler(0x0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r4, &(0x7f0000001040)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2)
setsockopt$IPT_SO_SET_REPLACE(r3, 0x0, 0x40, &(0x7f0000000480)=@raw={'raw\x00', 0x8, 0x3, 0x374, 0x0, 0x11, 0x148, 0x14c, 0x10, 0x374, 0x2a8, 0x2a8, 0x374, 0x2a8, 0x7fffffe, 0x0, {[{{@uncond, 0x10, 0x70, 0xb8, 0x1c}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x1, 0x1ff, 0x0, 0x2, 'snmp\x00', {0xff}}}}, {{@ip={@multicast1, @rand_addr=0x64010102, 0x0, 0x0, 'syzkaller0\x00', 'veth1_to_batadv\x00'}, 0x0, 0x1c8, 0x228, 0x0, {}, [@common=@inet=@hashlimit3={{0x158}, {'team_slave_0\x00', {0x459, 0x0, 0x48, 0x0, 0x0, 0x3, 0x2, 0x80, 0x0, 0x18}, {0x91}}}]}, @common=@SET={0x60, 'SET\x00', 0x0, {{0x3, [0x1, 0x3, 0x2, 0x0, 0x2, 0x1]}, {0x1, [0x3, 0x2, 0x1, 0x0, 0x3, 0x5], 0x4}}}}], {{'\x00', 0xc8, 0x70, 0x94}, {0x24}}}}, 0x3d0)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x2, 0xe, &(0x7f0000000200)=ANY=[@ANYBLOB="b70000001a000000bca300000000000024030000c0feffff620af0fff8fffcff71a4f2ff000000001f03000000000000e5000200000000002604fdffff02000014010000030000001d130000000000007a0a00fe0000001f0f14000000000000b503f7fff80000009500000000000000033bc065b78111c6dfa041b63af4a3912435f1a864a7aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168e5181554a090f300020000fe275daf51efd601b6bf01c8e8b1b526375ee4dd6fcd82e4fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e65440000000000000000028610643a98d9ec21ead2ed51b104d4d91af25b845b9f7d08d123deda88c658d42ecbf28bf7076c15b463bebc72f526dd70252e79166d858fcd0e06dd31af9612fa402d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff61623604000000000000006a89adaf17b0a6041bdeebdfd1f5089048ddff6da40f9411fe7226a40409d6e37c4f46756d31cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564163427afea62d84f3a10076443d643649393bf52d2105bd901128c7e0ec82701c8204a1deeed4155617572652d950ad31928b0b036dc2869f478341d02d0f5ad94b081fcd507acb4b9c67382f13d000000225d85ae49cee383dc5049076b98fb6853ab39a21514da60d2ae20cfb91d6a49964757cdf538f9ce2bdbb9893a5de817101a3062cd54f9ff51d355d84ce97bb0c6b6a595e487a2cc47c0efbb2d71cde2c10f0bc6980fe78683ac5c0c31032599dd273863be9261eee52216d009f4c52048ef8c126aeef5f510a8f1aded94a129e4aec6e8d9ab06faffc3a15d91c2ea3e2e04cfe031b287539d0540059fe6c7fe7cd8697502c7596566d674e425da5e7f009602a9f61d3804b3e0a1053abdc31282dfb15eb6841bb64a1b3045024a982f3c48153baae244e7bf573eac34b781337ad5905c6bbf1137548c7f1a4cad2422ee965a38f7defbd2960242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a90144022a579dfc0229cc0dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc48899b212c55318294270a1ad10c80fef7c24d47afcc829ba0f85da6d888f18ea40ab959f6074ab2a40d85d1501783a7ab540b8d7b4ead35a385e0b4a26b702396df7e0c1e02b88c114f244a9bf93f04bf072f0861f5c0b000000000000eedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba3401e6a52acb11883ad2a3b1832371fe5bc621426d1ed01b389708165b9cdbae2ed9dc7358f0ebadde0b727f27feeb7464dcd857ab15e355713767c536cbae2f5c7d951680f6f2f9a6a8346962a350845ffa0d82884f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010ae20e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a532869d701723fedcbada1ee7baa19faf67256b56a41fd355b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ced301efeb6dc5f6a9037d2283c42efc54fa84323afc4c10eff462c8843187f1dd48ef0981000000000000ff0f40b1888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538c6ee6ba65893ff1f908ba7554ba583ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738612e4fee18a22da19fc08001011e32f80fb60e14b9eee094277bbc170882c8890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f62e3f753b639a924599c1f69219927ea5301fff0a6063d427180d61542c2571f983e96635600000554f327a3535e7c7542799493c31ac05a7b57f03ca91a01ba2a30ca99e969d6fd09dc28ebc15edb4d91675767999d146aef7799738b292fd64bb25b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a794963342aece449a0d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b6ef9d12096833d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e1661261173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec035d232f89fe0120f64c62e8e3ed8bcb45202c204bbec8d722824c0ebca8db1ea4a05e41f6016ab5bbe4fe7ff5d785d0128171c90d9900ca2532b0f9d01c4b45294fbba468df3e1b393cb4e62e753b4172ba7ac1f2b51c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd849904568916694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a881192292ffff5392ab3d1311b82432662806add87047f601fa888400000000000000000000000000006acc19808d7cf29bc974b0ea92499a41b9b9a7c2bca311a28ee4952f2d325a56397c78f12205db653a536f9f3322405d1efd78e578dc6b3fb84f3738a4b6caa800000087efa51c5d95ecba4e50e529d1e8c89600e809dc3d0a2f65579e23457949a50f2d0455cf79a43746979f99f6a1527f004f1e37a3926937e84fb478199dc1020f4beb98b8074bf7df8b5e783637da740800000000000000c55a4385e9a617aa6c8e10d4202c5afeb06e2f9115558ea12f92d7ae633d44086b3f03b20d546fa66a72e38207c9d20035abc46271a30f1240de52536941242d23896ab74a3c6670fdc49c14f34fc4eadd6db8d80eba439772bf60a1db18c472dafc5569adc282928d2a1ffe29f1a57d3f18f4edaeb5d37918e6fddcd821da67a0785585a4443440dc65600e64a6a2740000000000000000000000000000000000000000000a0009dd14b38f2f4426d7cf5075047c31f6ce6adddfe3ac649c0643c8bfbeb14ba1fd7a485aa893915cf81e29aaf375e904bbe52691a4100260ffcd8f1d04166d291ebcef893e1b9ccb6797d0646fe0e7274434f28efb43e06e64f0698caca42f4e6018a455736c482a017e2b13dac4a90faa109f0e87cc94e3efb649692456463ca74aa6ad4bf50c1acb0000000000000005375e528285544d0064b98646f3109e9a4942ce42c6e7ec84b664f6c2770803f10baa804a707f0a1fcbfc309381aeba191950bae71f37f1eb7ceeffb3c0547ac6571603adbfde4c8b5f8d7f4b854441613633b48865b65bdc415e1e0dcf672d68cf4cebf04f4bc1eebf560a26d34d3757b1450fdb0a9a69f432e277f3a0386eb2bd3305c821c64757f786b79fef54dbe64c67d73934bc80b2133fb3c04cc7ea48bf97a6243c9f95dcbddecf45f008f1822c7868e1ff5a3cff5d6b6898335792749df7b1f51e91f8c1c3b1b93b33aaa3fab69cef08a9f6f6cf39dea3d878b2ed42545421970cc426e644332bc956d1c6adefdf0ede2c5c94aa632646ae225accdf031f611d01622921f1b922a5ac887cca3136133dce8d9f5f4da7bed2ea5d94362200000000000000000000f296b0c1484e5f781ad26bff696b05ff0a5e2270e07618b04273bd4075ea38ab463bfa6a38e7c537498ba3e4df8dfc9e040000003c3ffad44d2a376def42e41e9fc31678257e040fa7cf32c221aaac08000000000000001a00000000000000000000173570f0c11ae694b0f7a4f9c2f6790044a357e785af6e153d5f1ea460af92c7cbbd6295afe740f5e154346d483e0d641ef02e4d5295d756e110522a7a945b93fb705b95b6aae27a8fb33732ce1da1c0b1af8eb9222a06e984ab1e6984c8bdc12360627137ab67b6b68ab08acb29a74dc36b51209cfbc87f61182bbeb2772e9d5a1ffc477179be481efe46a4ce86be0b1d8eee42a611a3d44ca450b14586ed63dd92005c79e4a8ab8a94f0c6cb4bed8594a39bd76d3ef8a7ab014e787596db796bd93a36c2880423291e3bccc86f66ba792ff4d87b3f80e5908779e51c5e9055fc5b23605cd000c723187ef09dcf4b07b06a9342f3f62ee7acddff292082c1f4d8eb9561f80873a09a1ae0c9af1121175e5600f43a1179484502009759264a5729f07c2b218fa36ba2316a99aaad0130df83d0bda1e711290f78c143ea143967b00adcd77e6ad5e48d839ea61aadb83e4d071c54691924a3830d3e7b5c198bb0ed623153590000000000000000004b985ea1702f34f2f85b168c083e810ed567e3f1979b9ed1a4bf6a10dac825c96a0828b335de445a4880bb6474157efd1a72ca46ae4cbe3ab648c9bc4867a5a4cb87d7d6d55475b34b3cb6aa9e2337d4e04a37e35109752522ac9b186ddd80c47da6a2f4ef7bb909c975520000000000000000000000219cf5c1376ab33786f6b856d354e90a2733f78f2d188057cead3480eade49d55b770fad7fa000d23da6275768810b6b2df91d3a991ea98d929d271696c258d5b735d5db11df434e7dd1b7c1ca05cea3977df564115f4ec6ffab1d2ff8a642ca50934b3fbe44b0abeba9df209566984a29dfc0466e439a94e177b3c4d5f6e92b8176b9d6ddeeeb196fa964217f88e1acc180aaa4"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xffffffffffffff97, 0x10, &(0x7f00000000c0), 0xfffffffffffffd27, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
socket$inet(0x2, 0x2, 0x0)

2.905435783s ago: executing program 1 (id=1637):
syz_open_dev$sg(&(0x7f00000000c0), 0x0, 0x482)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x3}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
ioctl$MEDIA_IOC_G_TOPOLOGY(0xffffffffffffffff, 0xc0487c04, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="1400000016000b63d25a80648c2594f90124fc60", 0x14}], 0x1}, 0x0)
recvmsg$kcm(r3, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = syz_init_net_socket$ax25(0x3, 0x5, 0x0)
getsockopt$ax25_int(r5, 0x101, 0xa, &(0x7f0000000000), &(0x7f0000000100)=0x4)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, 0x0, 0x0)
sendmsg$NFT_BATCH(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000740)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a78000000060a09040000000000000008020000004c000480300001800e000100696d6d6564696174650000001c000280100002800c00028008000180000000000800014000000000180001800d00010073796e70726f787900000000040002800900010073797a30000000000900020073797a320000000014000000110001"], 0xa0}}, 0x0)
r7 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
close_range(r7, 0xffffffffffffffff, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000140)=@newtaction={0x98, 0x30, 0x871a15abc695fb3d, 0x0, 0x0, {}, [{0x84, 0x1, [@m_tunnel_key={0x80, 0x1, 0x0, 0x0, {{0xf}, {0x50, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_PARMS={0x1c, 0x2, {{}, 0x1}}, @TCA_TUNNEL_KEY_ENC_IPV4_SRC={0x8, 0xe, @initdev={0xac, 0x1e, 0x0, 0x0}}, @TCA_TUNNEL_KEY_ENC_IPV6_SRC={0x14, 0x5, @empty}, @TCA_TUNNEL_KEY_ENC_IPV6_DST={0x14, 0x6, @empty}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x98}}, 0x0)

2.639350241s ago: executing program 2 (id=1638):
r0 = socket$inet6(0xa, 0x1, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f0000000100)=0x1, 0x4)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x84402, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x14, 0x30, 0x800, 0x1}, 0x14}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r1 = openat$udambuf(0xffffff9c, 0x0, 0x2)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x14, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000613000/0x2000)=nil, 0x2000, 0xb635773f07ebbeeb, 0xd0558aca5fbb555, r1, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r5, &(0x7f0000000480)={0x0, 0xff80, &(0x7f0000000000)={&(0x7f00000004c0)=ANY=[@ANYBLOB="3c0100001000130728bd70000000000020010000000000000000000000000502fe80000000000000000000000000001b00000001000000000a00000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="ff01000000000000000000000000000100000000320000002001000000000000000000000000000100000000000000000000000000000000080000000010000000000000000000003804000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000008000000000000000000000028bd7000000000000a000000000000004c001200726663343534332867636d2861657329290000000000000000000000000000000000000000000043e4fc2255ac818c00000000000000000000000000000000000000000080000000"], 0x13c}, 0x1, 0x0, 0x0, 0xc0}, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r6, 0x0, 0x0)
getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x14, &(0x7f0000000380)={@mcast2, <r7=>0x0}, &(0x7f0000000280)=0x14)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x4, 0x3, &(0x7f0000000180)=ANY=[@ANYBLOB], &(0x7f0000000440)='syzkaller\x00', 0x0, 0x0, 0x0, 0xd3672b3c58094972, 0x0, '\x00', r7, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r8}, 0x18)
r9 = openat$nci(0xffffffffffffff9c, &(0x7f0000002540), 0x2, 0x0)
syz_usb_connect$uac1(0x6, 0x82, &(0x7f0000000000)=ANY=[], 0x0)
close_range(r9, 0xffffffffffffffff, 0x0)
syz_genetlink_get_family_id$l2tp(&(0x7f0000000000), 0xffffffffffffffff)
r10 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r10, &(0x7f0000000040)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @local}, 0x2}}, 0x26)
socket$nl_xfrm(0x10, 0x3, 0x6)

2.374435225s ago: executing program 0 (id=1639):
prctl$PR_SET_SECUREBITS(0x1c, 0x25)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x20000000)
mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x0, 0x0)
chdir(&(0x7f0000000080)='./file1\x00')
openat(0xffffffffffffff9c, 0x0, 0x2, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
syz_open_dev$evdev(&(0x7f0000000400), 0xb7, 0x4000)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000180))
getgroups(0x0, 0x0)
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
open$dir(&(0x7f0000000100)='./file0\x00', 0x149800, 0x0)
r1 = syz_io_uring_setup(0x110, &(0x7f0000000140)={0x0, 0xfad6}, &(0x7f0000000240)=<r2=>0x0, &(0x7f0000000280)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r1, 0xdb4, 0x0, 0x0, 0x0, 0x0)
open$dir(&(0x7f0000000180)='./file0\x00', 0x607e, 0x0)
syz_open_dev$evdev(&(0x7f0000000d80), 0x3, 0x0)

2.193677731s ago: executing program 1 (id=1640):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
bind$inet6(r0, &(0x7f0000000280)={0xa, 0x4e23, 0x4, @empty}, 0x1c)
sendto$inet6(r0, &(0x7f00000002c0)="9e", 0x1, 0x841, &(0x7f0000000200)={0xa, 0x4e23, 0x0, @loopback, 0xe}, 0x1c)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000000)={0x0, 0x5, 0x10}, 0xc)
writev(r0, &(0x7f0000000100)=[{&(0x7f0000000040)=',', 0x19fff}], 0x1)
r1 = syz_open_dev$tty1(0xc, 0x4, 0x2)
ioctl$TIOCL_SETSEL(r1, 0x541c, &(0x7f0000000000)={0x2, {0x2, 0x101, 0x300, 0x0, 0x101, 0x300}})
sendto$inet6(r0, &(0x7f0000000300)="8e3614caddfb1ac647c1b00caa2eff03eaba8af15391f329b55632874569b9105982e712c95481d426c57a3494da352bf0052437506d53fca205356980c2", 0x3e, 0x24004000, 0x0, 0x0)

2.129650985s ago: executing program 1 (id=1641):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
openat$ipvs(0xffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/vs/sync_version\x00', 0x2, 0x0)
ioctl$KDFONTOP_SET(r0, 0x4b72, &(0x7f0000000000)={0x0, 0xfffffffc, 0xe, 0xb, 0x200, &(0x7f0000003c40)="1ae19337aa151f36ae49bb3f8cb95c5bf840d4f1e55efaaf098d47a70eb36a73090000000000001b0f4743f490c585108c1331c7749299a25a705f5096cb268cbc6070d680e1be250700000000000000472471ff550c0010000007f3c7b61abe4162256004ea8ca5e5b5f379c6eb3257eda08f7e6959090000004d13184d382747e035b4722525e00ade86b4c6d1e157c75d15c1f961ebc0a64d7f2a73f8979fcecacaa64f9b9069ebcc1d5b471edbc4f6c7f1b98ae74e909aa6f25b7fa77bf9cd4ed36d5c53dc519d11c3cc1c22a3b86cf3c645413f4afbcea0c99ded703699d2bb6a4a663b99b6069da5aaf64785a5887c31261d4b9e57ee07000000def6f255ca26108f11f02047d47f2d0fec30f7e92482f71496e184214a4e0c5fdc48b0af0c0478940016d8f0990a0e1090fd515380aae83c5eaeed338701574b64200a16ef2811fadcf1e0f49a514df529061e09ce45e3da03a03fe9b4a6bcfa7d04594e4f6d0714a2e14ea127ab37d64a5e0db630cd4f4a2e6c985a542ff20a9b2193f265f93a258a88dd6c9d6a926dd23d32425849c5d9210007660a617f22133b6cb5087f4c6057942aa18193172bd995fa70a1f949b196f2e2a3c175858575713be5ee3f7f4dcecc98123f9ded3afdebe13d79a7f7fcb2469ae0ac503111401612df7ee995f74fb97a63bf62d61f78c062f959119ab50c1f706a930121ebcd53ccb93d158186ed360750ca8e72814dd988844b9a5cff46591ccaff416e5a8c25f9555da5ca6fdf75b86ea6171b046b856168f403b5253a5cc393430a09a4489a0895571e597ac8846f945ffb372a88d3a25978b463dc961416c80c55773f917020751ed51cfd73c1e06fbadd156d56bedc117af95d242d6dccbe2ce34dccd6005e944afa92b22ec9a698469c6edc06caa2cfcd61912607d459b4c28ebea9745bcd4697d75c9601fd333d3cd797963a3c71b7cc5fdc756da8d97207936e5f53b53b732533c2722e03002293517966611602f297de6ff5408777b7a93c45cee3ee5c5601a4e94266b295ea7a86812a7ab8896ec5ea1b12643e1844b185734528399e62bceb8700cc6cd491e4a4430d0a3ba329a5a2fa170fd0b1cc4ba8294de988cd35df2cd7344aa8a9f3432b96fb889c02f484f635a0cc3466a3c2733d45f176931b2db18dba54991a9553cedb7f585786388d4042dbae1c95b769e3d4e036e8afea0a04c04f542b152ca1fd1f8efee60425c5a122fd1b90e98635284abd9f217d9e19cb2a64b354c9d79509cc47d7305114990148a7291cb0fe2d1c773a6664b66ae04aa62c534d072ae54c2ca0d5962cc58945d8924abfc4d5af922462507430d8f2c17479a6678b0b3700000000000000000000000000000000000000000000f800"})

2.07582275s ago: executing program 1 (id=1642):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000480)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000300)='syzkaller\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000200)={0x5, 0x4}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xa45e, @void, @value}, 0x94)
ioctl$NS_GET_PARENT(0xffffffffffffffff, 0xb702, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
listen(0xffffffffffffffff, 0x3)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f05ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000003a000c152bbd7000f9db4f151e9340001dce93ee2a67fbb181597c4d127d118a8da648dbd15164bccad3ea398586a3b4f7304361d6d946798b205ba5b28bcb5c1c9bd976d60257458f0509a339827d141aa8917e6a"], 0x14}}, 0x0)
socket$packet(0x11, 0x3, 0x300)
r5 = socket$netlink(0x10, 0x3, 0x0)
r6 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r6, 0x0, 0x4014)
getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, <r7=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x59)
r8 = dup(r5)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r8, 0xc00c642e, &(0x7f0000000440)={0x0, 0x0, r8})
sendmsg$nl_route(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c00000010008506000000000007ff0000000000", @ANYRES32=<r9=>r7, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010005"], 0x3c}}, 0x4840)
sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000f40)=ANY=[@ANYBLOB="7002440010001ffffcfbffff000000000000000053ade9d0851ca39d1902b4970481202d5a01e29bc82fa5a300c3a1aa10e11686b8800b30312dc926b77dce236aefe976ed22418752c154935fce2729ad464f375407ae387ab4fb52431aa673dd84b54c5048d9d26b7193ba351093b82c57606de1408e781ec8e68cfd0d5c9885fb356491d5982125284f7cb4f0bffcac8608547ce8436536b40cadfb3296b06de530bb5e30233369ef0398c2f833d8530bcb7946b152576be43ff81b2b992984cce9c783ea94cfcc602643445c50905c000c31993662ec46276d4f6897d291e9afccb0c775b77377548c2d17afb028174bf6e551304c0d0a28b9d420ceeb506c9b468513515ce01aec0742628411168bb11d4993c0392b91dcbd64c9d206f4a0f3c85c14ca249686d551cbb44ef4f4423fae9cd03eb49aecaa6cb9856d74339be3d20363da3947fcc992fae0dd3c18f98faf6c27eee32a11aacf9f04437d0149b9f6", @ANYRES32=0x0, @ANYBLOB="0000000000000000480218803400018014000500b8f6f93ae497c493fa83a5cbb7b69ecd0500020000000000140005004cea1b2c163a3a93d79c9b288455aad9180001801400050000000000000000000000000000000000280001800500060002000000050006001000000014000400c5bccf6ae0f62f20dec975a7e713ff24380001800800010003000000140005000dec6edab465254cf940442331411a040500060003000000050006000e000000050006005f00000060000180140004007b85d413a678abe34077c351df13212e050006000300000005000600040000000e0002002523dcfb2d213a982e00000014000400dfdee1e3983d5b8987a7e906336cfe3b1400040051336e9697090000000000000029c0f568000180140005008d4a57b68c1a1daf07bef8412f615d9f1400040000abd0cc5142fd85bac38ff3a5f3eea0050006000900000009000200aaaaaaaaaa0000001400040010c969088a39b4a32333f331e70365851400040049d753d50dfe2e985ac05f52be0e98a77c00018009000200242d24210000000014000500613b5934d5aef146a17ee9f7b9fbf5f50500060009000000100002002f6465762f72666b696c6c0005000600030000001400050086aaddda4cbf0e702fbdd1a8238ce725060002002b000000140004006a723c7e6b1b0b5da8f66f00faca2bbc0500020000000000540001800500060003000000060002007d0000000800010000000080050006000500000008000100070000001400040022bc79e3885293a654721cfab423878e14000500a19f", @ANYRES32=r7, @ANYRESOCT=r9], 0x270}, 0x1, 0x0, 0x0, 0x40000}, 0x20000000)
r10 = openat$rfkill(0xffffff9c, &(0x7f0000000040), 0x8080, 0x0)
poll(&(0x7f0000000080)=[{r10, 0x212c}], 0x1, 0xf0)
openat$nci(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)

1.801468612s ago: executing program 5 (id=1643):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd74)
sendmsg$NL802154_CMD_GET_SEC_DEVKEY(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
syz_emit_ethernet(0x3e9, &(0x7f0000000940)=ANY=[], 0x0)
recvmsg(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3000000010000100fe003a194618000000008553", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32=0x0, @ANYBLOB="08001b"], 0x30}}, 0x0)

1.51311123s ago: executing program 0 (id=1644):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @broadcast}, 0x10)
ioctl(0xffffffffffffffff, 0x7fff, &(0x7f00000001c0)="7a0cf02703c851ceb11b41a541b8b2a74a7055e98173816476f7eb81d17b1d5be175712fae325aceb78b3ac897375d4f153ec8f273e551a0be344b18d2eaceffa86723ae647daf15a4200b87d24de4d64bece89b3a365156e4e868133d30de47ec54518266a69f59abedc69cf68f5bd5abd632e439f891dbc1cd5f78d8606a83d274998a57f9d617406ce075b82317df2b73511c17e1b3dfd6d82c13310882f61875c80cc6156bdb00ce2cd575f6d272d26bf0b1daa2f01bb6bab252af0e086cf39edcd240fb81a4eb04d2b7e9427768328b9ae0032e789dc5e1f6fd51ed")
r1 = socket$inet(0x2, 0x3, 0x6)
r2 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x1ff, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r2, 0xc2c45513, &(0x7f0000000040)={{0x2, 0x0, 0x0, 0x0, 'syz1\x00'}, 0x0, [0x2, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0x0, 0x0, 0x2, 0x1000000, 0x0, 0x0, 0x8, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x66, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x80000001, 0x0, 0x2, 0x0, 0x0, 0x0, 0x1, 0x0, 0x3, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x4, 0x2, 0x7, 0x4cd, 0x0, 0x0, 0x0, 0x200000, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x14fa, 0x0, 0x4000, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x1, 0x0, 0x5]})
setsockopt$IP_VS_SO_SET_ADD(r1, 0x0, 0x482, &(0x7f0000000080)={0x84, @remote, 0x4e22, 0x3, 'sh\x00', 0x8, 0xffff0722, 0x66}, 0x2c)
mkdirat$cgroup_root(0xffffff9c, &(0x7f0000000480)='./cgroup.cpu/syz0\x00', 0x1ff)
r3 = syz_open_dev$tty1(0xc, 0x4, 0x1)
write$UHID_INPUT(r3, &(0x7f00000011c0)={0xfc, {"a483885aed0d09f91b5e070987f70e06d038e7ff7fc6e5539b0d3e0e8b089b3f073063030890e0879b0af8c6e70a9b334a959b669a240d0a0af3988f7ef319520100ffe8d178708c523c921b1b5b31070d0773090acd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801118c20b8f16bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399ea4727d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a040200b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a64002bebc2407aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef64ab253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bf068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827475e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcb32b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba36b37767b6b45a44957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b94025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b03512629f46366e7205dd8d6f37525c1a0e94210dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9154f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d603994732d6b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21396532713e5b69cf767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285e6a89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeaf1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b627cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e46a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5c92441918145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed608000000a006e39336d07c2b80817a28ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030f81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c00004f5d374755534d7f68f679c4ff516e9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f900000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c00", 0x1000}}, 0xffbc)
setsockopt$IP_VS_SO_SET_DEL(r1, 0x0, 0x484, &(0x7f00000000c0)={0x84, @remote, 0x4e22, 0x3, 'nq\x00', 0x0, 0x3, 0x5c}, 0x2c)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
syz_usb_connect(0x5, 0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="1201000064f1f440cf1065807991010203010902240001000000000904ff000220473800090506020002000000090582020000000000234903adbb4a38e0a0c29b5f02276bce03"], 0x0)
syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="040e06006220"], 0x9)
socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_open_dev$sndctrl(&(0x7f00000001c0), 0x0, 0x800)
r5 = syz_open_procfs(0x0, &(0x7f0000000240)='net/wireless\x00')
preadv(r5, &(0x7f0000000000)=[{&(0x7f0000000400)=""/158, 0x9e}], 0x1, 0x105, 0x97e)
r6 = openat$mice(0xffffff9c, &(0x7f00000004c0), 0x408000)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="1b000000000000000000000008a2000000000000", @ANYRES32=r5, @ANYBLOB="0600"/20, @ANYRES32=0x0, @ANYRES32=r6, @ANYBLOB="03000000000000000400"/28], 0x50)
ioctl$SNDRV_CTL_IOCTL_TLV_COMMAND(r4, 0xc008551c, &(0x7f0000000380)=ANY=[@ANYBLOB="000000000000000000000000c73bbd25d6cb19d10ed7f9e8378d01e81a3db51dada4bd70e2e096b76da08db9e3c976c6e98c4bc3610285b0ad4106e9bdd9c67863f309c731d1b94d82a04dbdbc6a516d568b73290f7034cb3b21a440fa81bcc1bdb571a51f6ef448f9ee7e407e1e1052d003c41f53004a1823901937a6abcdbbac76c732155bd88c28e79e9c9f51f5b4e3c89bc61c0df177c6155efe5b9d60e85f132c2153714fb6239cb2f81a15827324296b90a3faa92bf2383e293b8e376ab3c7454425"])
mmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x6000004, 0x11, r1, 0xcff45000)
r7 = fsmount(0xffffffffffffffff, 0x0, 0xf6)
ioctl$sock_kcm_SIOCKCMCLONE(r7, 0x89e2, &(0x7f0000000340))
syz_genetlink_get_family_id$devlink(&(0x7f0000000780), 0xffffffffffffffff)
r8 = syz_open_procfs(0x0, &(0x7f0000000040)='net/rt6_stats\x00')
read$FUSE(r8, 0x0, 0x0)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f00000000c0)='bbr\x00', 0x4)
sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0)
recvfrom$inet(r0, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x720, 0x0, 0xfffffffffffffd25)

1.399651302s ago: executing program 2 (id=1645):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000680)=ANY=[@ANYBLOB="1400000010000100000000000000000000f5ff0a20000000000a01030000000000000000070000000900010073797a30000000003c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a3000000000080005400000002cdc0000000c0a01010000000000000000070000000900020073797a3100000000b0000380ac0000807c000180280001007b708fe45485a60c58622c4cc8930a771da248cc442c69d3ab5749d2a62eb8d930dbfdd6100002800900020073797a310000000040f801800800034000000002080003400000000408000180fffffffc08000180fffffffd080003400000000208000180000000000900020073797a30000000002c000b8028000180090001006c61737400000000180002800c000240000000000000000808000140000000090900010073797a30"], 0x160}}, 0x5829808e57081068)

1.326586667s ago: executing program 2 (id=1646):
r0 = socket(0x10, 0x3, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000ac0)={0x14, 0x2b, 0xb, 0x0, 0x25dfdbff, {0x1}}, 0x14}}, 0x0)
sendto$inet6(r0, &(0x7f0000000000)="7800000018002507b9409b14ffff00000202be04020506056403040c5c0009003f0020010a0000000d0085a168216b46d32345653600648d27000b000a00080049935ade4a460c89b6ec0cff3959547f509058ba86c902007a00004a32000402160008000800000000000000e218d1ddf66ed538f2523250", 0x78, 0x0, 0x0, 0x0)

1.102566087s ago: executing program 2 (id=1647):
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, 0x0)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000300)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0xa, 0x2})
socket$kcm(0x29, 0x7, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x5c, 0x30, 0x400, 0x0, 0x0, {}, [{0x48, 0x1, [@m_ct={0x44, 0x4, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x3, 0x0, 0x7}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3}}}}]}]}, 0x5c}, 0x1, 0x0, 0x0, 0x24008800}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_open_dev$midi(0x0, 0x7fff, 0x20240)
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000380), 0x2, 0x0)
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
connect$bt_l2cap(r4, &(0x7f0000000040)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe)
r5 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000080)=ANY=[@ANYBLOB="9feb010018000000000000001c2000001c00000003000000010000000000000e0200000000000000000000000000000504000000002e"], 0x0, 0x37, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000004440)=@base={0x9, 0x4, 0x4, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, r5, 0x2, 0x1, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000340), &(0x7f0000000240), 0xfff, r6}, 0x38)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
r7 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x401)
ioctl$BLKTRACESETUP(r7, 0xc0481273, &(0x7f0000000b40)={'\x00', 0x8, 0x530, 0xc, 0xfffffffffffffffd, 0x59c})
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000780)=ANY=[@ANYBLOB="14"], 0xdc}, 0x1, 0x0, 0x0, 0x51}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r8 = socket(0x200000000000011, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000000)={'bridge0\x00'})

1.016003426s ago: executing program 1 (id=1648):
syz_open_dev$sg(&(0x7f00000000c0), 0x0, 0x482)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x3}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
ioctl$MEDIA_IOC_G_TOPOLOGY(0xffffffffffffffff, 0xc0487c04, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="1400000016000b63d25a80648c2594f90124fc60", 0x14}], 0x1}, 0x0)
recvmsg$kcm(r3, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = syz_init_net_socket$ax25(0x3, 0x5, 0x0)
getsockopt$ax25_int(r5, 0x101, 0xa, &(0x7f0000000000), &(0x7f0000000100)=0x4)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, 0x0, 0x0)
sendmsg$NFT_BATCH(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000740)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a78000000060a09040000000000000008020000004c000480300001800e000100696d6d6564696174650000001c000280100002800c00028008000180000000000800014000000000180001800d00010073796e70726f787900000000040002800900010073797a30000000000900020073797a320000000014000000110001"], 0xa0}}, 0x0)
r7 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
close_range(r7, 0xffffffffffffffff, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000140)=@newtaction={0x98, 0x30, 0x871a15abc695fb3d, 0x0, 0x0, {}, [{0x84, 0x1, [@m_tunnel_key={0x80, 0x1, 0x0, 0x0, {{0xf}, {0x50, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_PARMS={0x1c, 0x2, {{}, 0x1}}, @TCA_TUNNEL_KEY_ENC_IPV4_SRC={0x8, 0xe, @initdev={0xac, 0x1e, 0x0, 0x0}}, @TCA_TUNNEL_KEY_ENC_IPV6_SRC={0x14, 0x5, @empty}, @TCA_TUNNEL_KEY_ENC_IPV6_DST={0x14, 0x6, @empty}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x98}}, 0x0)

942.248537ms ago: executing program 5 (id=1649):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000000c0)={0x26, 'hash\x00', 0x0, 0x0, 'cmac(camellia-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000040)="2c385aa3d49100dc6626c892b6bc436a", 0x20)
setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xe, &(0x7f0000000200)=0x9, 0x4)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0)
write$binfmt_aout(r2, &(0x7f0000000180)=ANY=[], 0xff2e)
ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000140)={0x0, 0x2, 0x7fffffff, 0x6, 0x14})
r3 = syz_open_pts(r2, 0x101000)
r4 = socket$packet(0x11, 0x2, 0x300)
r5 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000300)={0xffffffffffffffff, 0x0, 0x25, 0x7, @void}, 0x10)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r5, 0xc02064b2, &(0x7f0000000040)={0x7, 0x6576, 0x3})
r6 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f00000018c0)={'team_slave_1\x00', <r7=>0x0})
socket$inet_udp(0x2, 0x2, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000022780)=ANY=[@ANYBLOB="4000000010003b1500"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000000280080004000100000008000a00"/36, @ANYRES32=r7, @ANYBLOB], 0x40}}, 0x0)
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
ioctl$KVM_CAP_SPLIT_IRQCHIP(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000680))
r9 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
sendmsg$NL80211_CMD_NEW_STATION(0xffffffffffffffff, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="1cd30f00a5e9bfa7817a74132c0aa9caf00997b05686806782e2b0e77d166c0539", @ANYRESOCT=r8, @ANYBLOB="010000000000fcdbdf251300000008000300", @ANYRES32=0x0, @ANYBLOB], 0x1c}, 0x1, 0x0, 0x0, 0x4044000}, 0x0)
ioctl$KVM_RUN(r9, 0xae80, 0x0)
mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x4, 0x11, r5, 0x100000000)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r4, 0x8933, &(0x7f0000000240)={'batadv_slave_1\x00', <r10=>0x0})
setsockopt$packet_add_memb(r4, 0x107, 0x1, &(0x7f0000000040)={r10, 0x1, 0x6, @multicast}, 0x10)
setsockopt$packet_drop_memb(r4, 0x107, 0x2, &(0x7f0000000080)={r10, 0x1, 0x6, @multicast}, 0x10)
r11 = dup3(r3, r2, 0x0)
ioctl$TIOCSTI(r11, 0x5412, &(0x7f0000000000)=0x17)
openat$binder_debug(0xffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), r0)

472.203173ms ago: executing program 1 (id=1650):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000300)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x8000, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x6, 0x1c, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0xa0ffffff, 0x0, 0x0, 0x0, 0x1}, {{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x5, 0x0, 0xb, 0x9, 0x0, 0x2, 0x2}, {0x3, 0x2, 0x3, 0xa, 0x9, 0xfe00}, {0x5, 0x0, 0xb, 0x9, 0x0, 0x0, 0x4}, {0x3, 0x0, 0x6, 0xa, 0x9, 0xfe04, 0xe1}, {0x7, 0x1, 0xb, 0x7, 0x8}, {0x7, 0x0, 0x0, 0x8}, {0x7, 0x1, 0xb, 0x4, 0xa, 0x20}, {}, {}, {0x18, 0x2, 0x2, 0x0, r0}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)

74.89485ms ago: executing program 2 (id=1651):
syz_open_dev$sg(&(0x7f00000000c0), 0x0, 0x482)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x3}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
ioctl$MEDIA_IOC_G_TOPOLOGY(0xffffffffffffffff, 0xc0487c04, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="1400000016000b63d25a80648c2594f90124fc60", 0x14}], 0x1}, 0x0)
recvmsg$kcm(r3, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = syz_init_net_socket$ax25(0x3, 0x5, 0x0)
getsockopt$ax25_int(r5, 0x101, 0xa, &(0x7f0000000000), 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x20000842}, 0x0)
sendmsg$NFT_BATCH(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000740)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a78000000060a09040000000000000008020000004c000480300001800e000100696d6d6564696174650000001c000280100002800c00028008000180000000000800014000000000180001800d00010073796e70726f787900000000040002800900010073797a30000000000900020073797a320000000014000000110001"], 0xa0}}, 0x0)
r7 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
close_range(r7, 0xffffffffffffffff, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000140)=@newtaction={0x98, 0x30, 0x871a15abc695fb3d, 0x0, 0x0, {}, [{0x84, 0x1, [@m_tunnel_key={0x80, 0x1, 0x0, 0x0, {{0xf}, {0x50, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_PARMS={0x1c, 0x2, {{}, 0x1}}, @TCA_TUNNEL_KEY_ENC_IPV4_SRC={0x8, 0xe, @initdev={0xac, 0x1e, 0x0, 0x0}}, @TCA_TUNNEL_KEY_ENC_IPV6_SRC={0x14, 0x5, @empty}, @TCA_TUNNEL_KEY_ENC_IPV6_DST={0x14, 0x6, @empty}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x98}}, 0x0)

0s ago: executing program 5 (id=1652):
r0 = syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x0)
r1 = getpid()
ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r0, 0xc1105517, &(0x7f0000000340)={{0xfffffffe, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x6, 0x2, 0x4, r1, 0x0, 0x0, 'syz1\x00', 0x0})
ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r0, 0xc1105518, &(0x7f0000000c40)={{0x0, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x0, [0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000, 0x0, 0x80000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x108000000000000, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x40, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0xfffffffffffffffa, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000000000, 0x3, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x80000000000000, 0xfffffffc, 0x1, 0x8, 0x4, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x4, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x5, 0xfffffffc, 0x7]})

kernel console output (not intermixed with test programs):

4193][ T8255] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  126.884199][ T8255] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  126.884211][ T8255]  </TASK>
[  126.988847][    C2] vkms_vblank_simulate: vblank timer overrun
[  126.996053][ T8264] x_tables: ip_tables: dccp match: only valid for protocol 33
[  127.075400][ T8274] sctp: [Deprecated]: syz.2.697 (pid 8274) Use of int in maxseg socket option.
[  127.075400][ T8274] Use struct sctp_assoc_value instead
[  127.084164][ T8274] netlink: 4 bytes leftover after parsing attributes in process `syz.2.697'.
[  127.086983][ T8274] netlink: 16 bytes leftover after parsing attributes in process `syz.2.697'.
[  127.179383][ T8284] netlink: 'syz.0.704': attribute type 1 has an invalid length.
[  127.235079][ T8288] Invalid logical block size (1048576)
[  127.335903][ T8293] FAULT_INJECTION: forcing a failure.
[  127.335903][ T8293] name failslab, interval 1, probability 0, space 0, times 0
[  127.339882][ T8293] CPU: 2 UID: 0 PID: 8293 Comm: syz.0.708 Not tainted 6.15.0-rc4-syzkaller-00291-g2a239ffbebb5 #0 PREEMPT(full) 
[  127.339896][ T8293] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  127.339902][ T8293] Call Trace:
[  127.339906][ T8293]  <TASK>
[  127.339910][ T8293]  dump_stack_lvl+0x16c/0x1f0
[  127.339927][ T8293]  should_fail_ex+0x512/0x640
[  127.339941][ T8293]  ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0
[  127.339954][ T8293]  should_failslab+0xc2/0x120
[  127.339966][ T8293]  kmem_cache_alloc_lru_noprof+0x72/0x3b0
[  127.339977][ T8293]  ? __d_alloc+0x31/0xaa0
[  127.339989][ T8293]  __d_alloc+0x31/0xaa0
[  127.340000][ T8293]  d_alloc+0x4a/0x1e0
[  127.340011][ T8293]  d_alloc_parallel+0xe3/0x12e0
[  127.340024][ T8293]  ? inode_init_always_gfp+0xce4/0x1030
[  127.340039][ T8293]  ? new_inode+0x22/0x1c0
[  127.340049][ T8293]  ? __debugfs_create_file+0x11c/0x6b0
[  127.340062][ T8293]  ? debugfs_create_u32+0x70/0xa0
[  127.340073][ T8293]  ? nbd_start_device+0x415/0xcd0
[  127.340083][ T8293]  ? nbd_ioctl+0x219/0xda0
[  127.340092][ T8293]  ? __ia32_compat_sys_ioctl+0x24c/0x360
[  127.340105][ T8293]  ? __do_fast_syscall_32+0x73/0x120
[  127.340118][ T8293]  ? do_fast_syscall_32+0x32/0x80
[  127.340131][ T8293]  ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  127.340145][ T8293]  ? __pfx_d_alloc_parallel+0x10/0x10
[  127.340159][ T8293]  ? lockdep_init_map_type+0x5c/0x280
[  127.340173][ T8293]  ? lockdep_init_map_type+0x5c/0x280
[  127.340188][ T8293]  __lookup_slow+0x193/0x460
[  127.340201][ T8293]  ? __pfx___lookup_slow+0x10/0x10
[  127.340216][ T8293]  ? __SetPageMovable+0xb0/0x4a0
[  127.340233][ T8293]  ? __SetPageMovable+0xb0/0x4a0
[  127.340247][ T8293]  ? d_lookup+0xe7/0x190
[  127.340262][ T8293]  lookup_one_len+0x17f/0x1b0
[  127.340274][ T8293]  ? __pfx_lookup_one_len+0x10/0x10
[  127.340287][ T8293]  ? mntput+0x10/0x90
[  127.340302][ T8293]  start_creating.part.0+0x12f/0x3a0
[  127.340316][ T8293]  __debugfs_create_file+0xa7/0x6b0
[  127.340332][ T8293]  debugfs_create_file_full+0x41/0x60
[  127.340351][ T8293]  nbd_start_device+0x436/0xcd0
[  127.340366][ T8293]  nbd_ioctl+0x219/0xda0
[  127.340377][ T8293]  ? __pfx_nbd_ioctl+0x10/0x10
[  127.340391][ T8293]  ? find_held_lock+0x2b/0x80
[  127.340401][ T8293]  ? __pfx_nbd_ioctl+0x10/0x10
[  127.340410][ T8293]  compat_blkdev_ioctl+0x2eb/0x7a0
[  127.340423][ T8293]  ? __pfx_compat_blkdev_ioctl+0x10/0x10
[  127.340433][ T8293]  ? __fput_deferred+0x320/0x370
[  127.340447][ T8293]  ? __pfx_compat_blkdev_ioctl+0x10/0x10
[  127.340459][ T8293]  __ia32_compat_sys_ioctl+0x24c/0x360
[  127.340474][ T8293]  __do_fast_syscall_32+0x73/0x120
[  127.340488][ T8293]  do_fast_syscall_32+0x32/0x80
[  127.340502][ T8293]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  127.340513][ T8293] RIP: 0023:0xf7fc6579
[  127.340521][ T8293] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  127.340531][ T8293] RSP: 002b:00000000f50e655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  127.340541][ T8293] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 000000000000ab03
[  127.340547][ T8293] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  127.340552][ T8293] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  127.340557][ T8293] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  127.340563][ T8293] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  127.340575][ T8293]  </TASK>
[  127.340670][ T5939] block nbd0: Receive control failed (result -107)
[  127.520874][ T8290] block nbd0: shutting down sockets
[  127.861750][ T8309] netlink: 'syz.0.711': attribute type 10 has an invalid length.
[  127.921290][ T6007] tipc: Node number set to 11578026
[  128.440684][ T8313] netlink: 'syz.1.714': attribute type 1 has an invalid length.
[  128.541402][ T5939] Bluetooth: hci4: command tx timeout
[  128.719901][ T8338] netlink: 4 bytes leftover after parsing attributes in process `syz.4.723'.
[  128.728999][ T8338] netlink: 173 bytes leftover after parsing attributes in process `syz.4.723'.
[  129.489123][ T8344] netlink: 'syz.0.725': attribute type 1 has an invalid length.
[  129.720302][ T8366] netlink: 'syz.0.735': attribute type 1 has an invalid length.
[  129.771619][ T8370] xt_policy: output policy not valid in PREROUTING and INPUT
[  129.867991][ T8376] IPv6: NLM_F_CREATE should be specified when creating new route
[  130.070055][  T837] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  130.251889][  T837] usb 5-1: Using ep0 maxpacket: 32
[  130.254757][  T837] usb 5-1: config 0 has an invalid interface number: 89 but max is 0
[  130.257433][  T837] usb 5-1: config 0 has no interface number 0
[  130.259357][  T837] usb 5-1: config 0 interface 89 has no altsetting 0
[  130.263471][  T837] usb 5-1: New USB device found, idVendor=0ccd, idProduct=10af, bcdDevice=38.4e
[  130.266273][  T837] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  130.268729][  T837] usb 5-1: Product: syz
[  130.270058][  T837] usb 5-1: Manufacturer: syz
[  130.271520][  T837] usb 5-1: SerialNumber: syz
[  130.275035][  T837] usb 5-1: config 0 descriptor??
[  130.493663][ T8375] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  130.497007][ T8375] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  130.502630][  T837] usb 5-1: USB disconnect, device number 5
[  130.728626][   T40] kauditd_printk_skb: 23 callbacks suppressed
[  130.728637][   T40] audit: type=1804 audit(1746358639.675:81): pid=8388 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.741" name="/newroot/176/file0/file0" dev="9p" ino=35913923 res=1 errno=0
[  130.775797][ T5939] Bluetooth: hci4: command tx timeout
[  130.827984][ T8395] netlink: 'syz.1.744': attribute type 1 has an invalid length.
[  130.899835][ T5939] Bluetooth: hci2: unexpected event for opcode 0x0c24
[  131.658816][ T8411] netlink: 4 bytes leftover after parsing attributes in process `syz.1.749'.
[  131.708429][ T8416] program syz.1.751 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  131.961017][ T8422] netlink: 'syz.1.752': attribute type 9 has an invalid length.
[  131.963621][ T8422] netlink: 8 bytes leftover after parsing attributes in process `syz.1.752'.
[  131.989922][ T8422] macvlan4: entered promiscuous mode
[  131.992179][ T8422] hsr0: entered promiscuous mode
[  131.994152][ T8422] macvlan4: entered allmulticast mode
[  132.005113][ T8422] hsr0: entered allmulticast mode
[  132.032207][ T8422] hsr_slave_0: entered allmulticast mode
[  132.033918][ T8424] netlink: 'syz.4.753': attribute type 1 has an invalid length.
[  132.034140][ T8422] hsr_slave_1: entered allmulticast mode
[  132.759346][ T8447] ptrace attach of "/syz-executor exec"[5947] was attempted by "/syz-executor exec"[8447]
[  133.035454][ T8453] ptrace attach of "/syz-executor exec"[5942] was attempted by "/syz-executor exec"[8453]
[  133.651427][ T8456] block nbd0: server does not support multiple connections per device.
[  133.658792][ T8456] block nbd0: shutting down sockets
[  133.779922][ T8460] netlink: 8 bytes leftover after parsing attributes in process `syz.1.765'.
[  133.806020][ T8462] fuse: Bad value for 'group_id'
[  133.807637][ T8462] fuse: Bad value for 'group_id'
[  133.848163][ T8466] netlink: 'syz.1.768': attribute type 1 has an invalid length.
[  134.101642][ T8471] netlink: 'syz.1.769': attribute type 1 has an invalid length.
[  134.142785][ T8471] 8021q: adding VLAN 0 to HW filter on device bond5
[  135.013807][ T8488] ptrace attach of "/syz-executor exec"[5936] was attempted by "/syz-executor exec"[8488]
[  135.034594][ T8493] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[  135.122020][ T8496] ptrace attach of "/syz-executor exec"[5942] was attempted by "/syz-executor exec"[8496]
[  135.214958][ T1415] ieee802154 phy0 wpan0: encryption failed: -22
[  135.217138][ T1415] ieee802154 phy1 wpan1: encryption failed: -22
[  135.264904][ T8498] netlink: 80 bytes leftover after parsing attributes in process `syz.0.776'.
[  135.383394][ T8501] netlink: 'syz.4.777': attribute type 1 has an invalid length.
[  136.434853][ T8527] netlink: 28 bytes leftover after parsing attributes in process `syz.4.785'.
[  136.438921][ T8527] netlink: 8 bytes leftover after parsing attributes in process `syz.4.785'.
[  136.499974][ T8532] netlink: 'syz.4.787': attribute type 1 has an invalid length.
[  136.572541][ T8536] capability: warning: `syz.4.789' uses 32-bit capabilities (legacy support in use)
[  136.715112][ T8540] ptrace attach of "/syz-executor exec"[5947] was attempted by "/syz-executor exec"[8540]
[  137.053669][ T8545] netlink: 4 bytes leftover after parsing attributes in process `syz.1.791'.
[  137.092574][ T8548] netlink: 4 bytes leftover after parsing attributes in process `syz.1.792'.
[  137.096852][ T8547] netlink: 4 bytes leftover after parsing attributes in process `syz.1.792'.
[  137.503746][ T8553] netlink: 4 bytes leftover after parsing attributes in process `syz.1.794'.
[  137.566627][ T8559] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  137.566627][ T8559]    program syz.0.795 not setting count and/or reply_len properly
[  137.842144][  T835] usb 9-1: new high-speed USB device number 2 using dummy_hcd
[  138.013200][  T835] usb 9-1: Using ep0 maxpacket: 32
[  138.017070][  T835] usb 9-1: unable to get BOS descriptor or descriptor too short
[  138.020400][  T835] usb 9-1: config index 0 descriptor too short (expected 34347, got 43)
[  138.023083][  T835] usb 9-1: config 31 has too many interfaces: 196, using maximum allowed: 32
[  138.026570][  T835] usb 9-1: config 31 has an invalid descriptor of length 0, skipping remainder of the config
[  138.029722][  T835] usb 9-1: config 31 has 1 interface, different from the descriptor's value: 196
[  138.032521][  T835] usb 9-1: config 31 has no interface number 0
[  138.034389][  T835] usb 9-1: config 31 interface 81 altsetting 3 has an endpoint descriptor with address 0x93, changing to 0x83
[  138.038142][  T835] usb 9-1: config 31 interface 81 altsetting 3 bulk endpoint 0x83 has invalid maxpacket 150
[  138.041253][  T835] usb 9-1: config 31 interface 81 has no altsetting 0
[  138.046678][  T835] usb 9-1: string descriptor 0 read error: -22
[  138.048752][  T835] usb 9-1: New USB device found, idVendor=0dfc, idProduct=0001, bcdDevice=24.ac
[  138.051609][  T835] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  138.056251][ T8561] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  138.061262][  T835] input: USB Touchscreen 0dfc:0001 as /devices/platform/dummy_hcd.4/usb9/9-1/9-1:31.81/input/input7
[  138.105337][    C0] usbtouchscreen 9-1:31.81: usbtouch_irq - usb_submit_urb failed with result: -1
[  138.134676][ T8565] netlink: 'syz.1.797': attribute type 1 has an invalid length.
[  138.189455][ T8569] FAULT_INJECTION: forcing a failure.
[  138.189455][ T8569] name failslab, interval 1, probability 0, space 0, times 0
[  138.193699][ T8569] CPU: 3 UID: 0 PID: 8569 Comm: syz.1.799 Not tainted 6.15.0-rc4-syzkaller-00291-g2a239ffbebb5 #0 PREEMPT(full) 
[  138.193713][ T8569] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  138.193719][ T8569] Call Trace:
[  138.193723][ T8569]  <TASK>
[  138.193727][ T8569]  dump_stack_lvl+0x16c/0x1f0
[  138.193744][ T8569]  should_fail_ex+0x512/0x640
[  138.193759][ T8569]  ? __kmalloc_noprof+0xbf/0x510
[  138.193770][ T8569]  ? tracepoint_probe_unregister+0x24c/0xd70
[  138.193784][ T8569]  should_failslab+0xc2/0x120
[  138.193796][ T8569]  __kmalloc_noprof+0xd2/0x510
[  138.193808][ T8569]  ? __pfx___bpf_trace_ext4_ext_remove_space_done+0x10/0x10
[  138.193823][ T8569]  tracepoint_probe_unregister+0x24c/0xd70
[  138.193839][ T8569]  ? __pfx_tracepoint_probe_unregister+0x10/0x10
[  138.193854][ T8569]  ? bpf_link_free+0x95/0x390
[  138.193865][ T8569]  ? rcu_is_watching+0x12/0xc0
[  138.193875][ T8569]  ? __pfx_bpf_link_release+0x10/0x10
[  138.193885][ T8569]  bpf_raw_tp_link_release+0x35/0x70
[  138.193895][ T8569]  bpf_link_free+0xe9/0x390
[  138.193906][ T8569]  bpf_link_release+0x5d/0x80
[  138.193916][ T8569]  __fput+0x3ff/0xb70
[  138.193931][ T8569]  fput_close_sync+0x118/0x260
[  138.193944][ T8569]  ? __pfx_fput_close_sync+0x10/0x10
[  138.193955][ T8569]  ? dnotify_flush+0x79/0x4c0
[  138.193968][ T8569]  __ia32_sys_close+0x8b/0x120
[  138.193982][ T8569]  __do_fast_syscall_32+0x73/0x120
[  138.193996][ T8569]  do_fast_syscall_32+0x32/0x80
[  138.194010][ T8569]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  138.194023][ T8569] RIP: 0023:0xf709e579
[  138.194030][ T8569] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  138.194040][ T8569] RSP: 002b:00000000f508e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000006
[  138.194050][ T8569] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 0000000000000000
[  138.194055][ T8569] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  138.194061][ T8569] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  138.194066][ T8569] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  138.194072][ T8569] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  138.194084][ T8569]  </TASK>
[  138.291434][ T8571] netlink: 212376 bytes leftover after parsing attributes in process `syz.1.800'.
[  138.308018][ T8571] lo speed is unknown, defaulting to 1000
[  138.338142][    C1] usbtouchscreen 9-1:31.81: usbtouch_irq - usb_submit_urb failed with result: -1
[  138.419511][ T6002] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[  138.559453][ T8574] block device autoloading is deprecated and will be removed.
[  138.564802][ T8574] syz.1.800: attempt to access beyond end of device
[  138.564802][ T8574] md2: rw=2048, sector=0, nr_sectors = 8 limit=0
[  138.590464][ T6002] usb 7-1: Using ep0 maxpacket: 8
[  138.602030][ T6002] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  138.605301][ T6002] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  138.608347][ T6002] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  138.611620][ T6002] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  138.615953][ T6002] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  138.619178][ T6002] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  138.842799][ T6002] usb 7-1: GET_CAPABILITIES returned 0
[  138.844592][ T6002] usbtmc 7-1:16.0: can't read capabilities
[  139.261737][ T8586] ptrace attach of "/syz-executor exec"[5947] was attempted by "/syz-executor exec"[8586]
[  139.617407][   T10] usb 7-1: USB disconnect, device number 2
[  140.594122][ T8616] netlink: 'syz.0.811': attribute type 9 has an invalid length.
[  140.596680][ T8616] netlink: 8 bytes leftover after parsing attributes in process `syz.0.811'.
[  140.610844][ T8616] macvlan5: entered promiscuous mode
[  140.613380][ T8616] macvlan5: entered allmulticast mode
[  140.732347][ T8613] netlink: 16 bytes leftover after parsing attributes in process `syz.1.812'.
[  140.814758][ T6002] usb 9-1: USB disconnect, device number 2
[  140.894514][ T8626] hub 6-0:1.0: USB hub found
[  140.896377][ T8626] hub 6-0:1.0: 1 port detected
[  140.925372][ T8626] netlink: 8 bytes leftover after parsing attributes in process `syz.4.817'.
[  141.185875][ T8631] ptrace attach of "/syz-executor exec"[5942] was attempted by "/syz-executor exec"[8631]
[  141.794098][ T6007] IPVS: starting estimator thread 0...
[  141.915279][ T8646] IPVS: using max 38 ests per chain, 91200 per kthread
[  142.072827][ T8655] netlink: 32 bytes leftover after parsing attributes in process `syz.2.822'.
[  142.847394][ T8684] netlink: 8 bytes leftover after parsing attributes in process `syz.0.829'.
[  142.850334][ T8684] netlink: 'syz.0.829': attribute type 5 has an invalid length.
[  142.852966][ T8684] netlink: 20 bytes leftover after parsing attributes in process `syz.0.829'.
[  143.022420][ T8690] ptrace attach of "/syz-executor exec"[5942] was attempted by "/syz-executor exec"[8690]
[  143.791435][ T8697] ieee802154 phy0 wpan0: encryption failed: -22
[  143.943352][ T8700] netlink: 8 bytes leftover after parsing attributes in process `syz.0.836'.
[  144.303801][ T8712] netlink: 4 bytes leftover after parsing attributes in process `syz.4.839'.
[  144.607975][ T8721] netlink: 8 bytes leftover after parsing attributes in process `syz.4.840'.
[  144.636030][ T8722] netlink: 'syz.2.837': attribute type 9 has an invalid length.
[  144.639416][ T8722] netlink: 8 bytes leftover after parsing attributes in process `syz.2.837'.
[  144.680604][ T8722] macvlan6: entered promiscuous mode
[  144.682528][ T8722] macvlan6: entered allmulticast mode
[  144.720439][ T8721] netlink: 'syz.4.840': attribute type 5 has an invalid length.
[  144.723095][ T8721] netlink: 20 bytes leftover after parsing attributes in process `syz.4.840'.
[  144.741424][ T8721] netdevsim netdevsim4 netdevsim0: set [1, 1] type 2 family 0 port 256 - 0
[  144.744388][ T8721] netdevsim netdevsim4 netdevsim1: set [1, 1] type 2 family 0 port 256 - 0
[  144.747297][ T8721] netdevsim netdevsim4 netdevsim2: set [1, 1] type 2 family 0 port 256 - 0
[  144.750373][ T8721] netdevsim netdevsim4 netdevsim3: set [1, 1] type 2 family 0 port 256 - 0
[  144.753460][ T8721] geneve2: entered promiscuous mode
[  144.755265][ T8721] geneve2: entered allmulticast mode
[  145.116246][ T8728] netlink: 24 bytes leftover after parsing attributes in process `syz.0.841'.
[  145.392604][ T8735] ptrace attach of "/syz-executor exec"[5936] was attempted by "/syz-executor exec"[8735]
[  146.231586][ T8759] ptrace attach of "/syz-executor exec"[5942] was attempted by "/syz-executor exec"[8759]
[  146.547809][ T8763] netlink: 8 bytes leftover after parsing attributes in process `syz.0.853'.
[  146.550494][ T8763] netlink: 'syz.0.853': attribute type 9 has an invalid length.
[  146.555679][ T8763] macvlan6: entered allmulticast mode
[  146.557298][ T8763] mac80211_hwsim hwsim2 wlan0: entered allmulticast mode
[  146.813421][ T8778] mac80211_hwsim hwsim3 wlan1: entered allmulticast mode
[  146.880893][ T8780] netlink: 14 bytes leftover after parsing attributes in process `syz.0.859'.
[  146.883874][ T8780] mac80211_hwsim hwsim3 wlan1: left allmulticast mode
[  147.248373][ T8791] netlink: 'syz.1.864': attribute type 1 has an invalid length.
[  147.647920][ T8803] ptrace attach of "/syz-executor exec"[5942] was attempted by "/syz-executor exec"[8803]
[  147.873870][ T8807] netlink: 8 bytes leftover after parsing attributes in process `syz.2.870'.
[  148.092862][ T8816] netlink: 'syz.0.873': attribute type 1 has an invalid length.
[  148.183854][ T8821] x_tables: ip_tables: ah match: only valid for protocol 51
[  148.239320][ T8826] tap0: tun_chr_ioctl cmd 1074025677
[  148.241029][ T8826] tap0: linktype set to 780
[  148.310116][ T8829] netlink: 'syz.0.879': attribute type 1 has an invalid length.
[  148.442758][ T8835] netlink: 8 bytes leftover after parsing attributes in process `syz.4.878'.
[  148.474295][ T5939] block nbd1: Receive control failed (result -107)
[  148.528395][ T8831] block nbd1: shutting down sockets
[  148.816819][ T8853] netlink: 'syz.0.888': attribute type 10 has an invalid length.
[  148.819484][ T8853] A link change request failed with some changes committed already. Interface dummy0 may have been left with an inconsistent configuration, please check.
[  148.827573][ T8855] binder_alloc: binder_alloc_mmap_handler: 8854 80ffd000-81000000 already mapped failed -16
[  148.831303][ T8857] binder: BINDER_SET_CONTEXT_MGR already set
[  148.834237][ T8857] binder: 8854:8857 ioctl 4018620d 80000040 returned -16
[  149.229600][ T8875] bond1: (slave erspan1): Releasing active interface
[  149.231994][ T8875] erspan1: left promiscuous mode
[  149.233760][ T8875] erspan1: left allmulticast mode
[  149.243803][ T8875] team0: Mode changed to "activebackup"
[  149.246490][ T8875] vlan0: entered promiscuous mode
[  149.253230][ T8875] tipc: Started in network mode
[  149.254951][ T8875] tipc: Node identity aaaaaaaaaa1a, cluster identity 4711
[  149.257437][ T8875] tipc: Enabled bearer <eth:team0>, priority 0
[  149.286315][ T8878] x_tables: ip_tables: dccp match: only valid for protocol 33
[  149.302170][ T8861] lo speed is unknown, defaulting to 1000
[  149.407986][ T8888] input: syz1 as /devices/virtual/input/input10
[  149.514074][ T8901] Invalid logical block size (1048576)
[  149.619395][ T8909] FAULT_INJECTION: forcing a failure.
[  149.619395][ T8909] name failslab, interval 1, probability 0, space 0, times 0
[  149.623436][ T8909] CPU: 1 UID: 0 PID: 8909 Comm: syz.2.909 Not tainted 6.15.0-rc4-syzkaller-00291-g2a239ffbebb5 #0 PREEMPT(full) 
[  149.623450][ T8909] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  149.623456][ T8909] Call Trace:
[  149.623459][ T8909]  <TASK>
[  149.623463][ T8909]  dump_stack_lvl+0x16c/0x1f0
[  149.623480][ T8909]  should_fail_ex+0x512/0x640
[  149.623494][ T8909]  ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0
[  149.623507][ T8909]  should_failslab+0xc2/0x120
[  149.623519][ T8909]  kmem_cache_alloc_lru_noprof+0x72/0x3b0
[  149.623530][ T8909]  ? __d_alloc+0x31/0xaa0
[  149.623542][ T8909]  __d_alloc+0x31/0xaa0
[  149.623554][ T8909]  d_alloc+0x4a/0x1e0
[  149.623564][ T8909]  d_alloc_parallel+0xe3/0x12e0
[  149.623577][ T8909]  ? inode_init_always_gfp+0xce4/0x1030
[  149.623592][ T8909]  ? new_inode+0x22/0x1c0
[  149.623602][ T8909]  ? __debugfs_create_file+0x11c/0x6b0
[  149.623615][ T8909]  ? debugfs_create_u32+0x70/0xa0
[  149.623626][ T8909]  ? nbd_start_device+0x415/0xcd0
[  149.623636][ T8909]  ? nbd_ioctl+0x219/0xda0
[  149.623645][ T8909]  ? __ia32_compat_sys_ioctl+0x24c/0x360
[  149.623658][ T8909]  ? __do_fast_syscall_32+0x73/0x120
[  149.623671][ T8909]  ? do_fast_syscall_32+0x32/0x80
[  149.623683][ T8909]  ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  149.623697][ T8909]  ? __pfx_d_alloc_parallel+0x10/0x10
[  149.623711][ T8909]  ? lockdep_init_map_type+0x5c/0x280
[  149.623725][ T8909]  ? lockdep_init_map_type+0x5c/0x280
[  149.623740][ T8909]  __lookup_slow+0x193/0x460
[  149.623753][ T8909]  ? __pfx___lookup_slow+0x10/0x10
[  149.623768][ T8909]  ? __SetPageMovable+0xb0/0x4a0
[  149.623785][ T8909]  ? __SetPageMovable+0xb0/0x4a0
[  149.623799][ T8909]  ? d_lookup+0xe7/0x190
[  149.623813][ T8909]  lookup_one_len+0x17f/0x1b0
[  149.623825][ T8909]  ? __pfx_lookup_one_len+0x10/0x10
[  149.623838][ T8909]  ? mntput+0x10/0x90
[  149.623854][ T8909]  start_creating.part.0+0x12f/0x3a0
[  149.623868][ T8909]  __debugfs_create_file+0xa7/0x6b0
[  149.623888][ T8909]  debugfs_create_file_full+0x41/0x60
[  149.623903][ T8909]  nbd_start_device+0x436/0xcd0
[  149.623917][ T8909]  nbd_ioctl+0x219/0xda0
[  149.623929][ T8909]  ? __pfx_nbd_ioctl+0x10/0x10
[  149.623942][ T8909]  ? find_held_lock+0x2b/0x80
[  149.623952][ T8909]  ? __pfx_nbd_ioctl+0x10/0x10
[  149.623961][ T8909]  compat_blkdev_ioctl+0x2eb/0x7a0
[  149.623974][ T8909]  ? __pfx_compat_blkdev_ioctl+0x10/0x10
[  149.623985][ T8909]  ? __fput_deferred+0x320/0x370
[  149.623999][ T8909]  ? __pfx_compat_blkdev_ioctl+0x10/0x10
[  149.624011][ T8909]  __ia32_compat_sys_ioctl+0x24c/0x360
[  149.624026][ T8909]  __do_fast_syscall_32+0x73/0x120
[  149.624040][ T8909]  do_fast_syscall_32+0x32/0x80
[  149.624053][ T8909]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  149.624065][ T8909] RIP: 0023:0xf711e579
[  149.624073][ T8909] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  149.624082][ T8909] RSP: 002b:00000000f510e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  149.624092][ T8909] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 000000000000ab03
[  149.624098][ T8909] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  149.624103][ T8909] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  149.624109][ T8909] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  149.624114][ T8909] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  149.624126][ T8909]  </TASK>
[  149.625264][ T5939] block nbd2: Receive control failed (result -107)
[  149.778498][ T5953] block nbd2: shutting down sockets
[  149.857875][ T8924] (unnamed net_device) (uninitialized): option ad_actor_sys_prio: mode dependency failed, not supported in mode balance-rr(0)
[  150.094446][ T8944] netlink: 'syz.0.913': attribute type 10 has an invalid length.
[  150.117183][ T8945] __nla_validate_parse: 7 callbacks suppressed
[  150.117224][ T8945] netlink: 4 bytes leftover after parsing attributes in process `syz.1.921'.
[  150.122764][ T8945] netlink: 173 bytes leftover after parsing attributes in process `syz.1.921'.
[  150.135332][ T8944] team0: Device veth0_vlan failed to register rx_handler
[  150.329877][ T5968] tipc: Node number set to 11578026
[  150.553324][  T835] usb 9-1: new high-speed USB device number 3 using dummy_hcd
[  150.692264][  T835] usb 9-1: device descriptor read/64, error -71
[  150.959593][  T835] usb 9-1: new high-speed USB device number 4 using dummy_hcd
[  151.026506][ T8964] fuse: Bad value for 'fd'
[  151.109183][  T835] usb 9-1: device descriptor read/64, error -71
[  151.237581][  T835] usb usb9-port1: attempt power cycle
[  151.602238][  T835] usb 9-1: new high-speed USB device number 5 using dummy_hcd
[  151.623654][  T835] usb 9-1: device descriptor read/8, error -71
[  151.911033][  T835] usb 9-1: new high-speed USB device number 6 using dummy_hcd
[  151.933069][  T835] usb 9-1: device descriptor read/8, error -71
[  152.051198][  T835] usb usb9-port1: unable to enumerate USB device
[  152.536261][ T8996] netlink: 'syz.1.937': attribute type 9 has an invalid length.
[  152.538926][ T8996] netlink: 8 bytes leftover after parsing attributes in process `syz.1.937'.
[  152.558704][ T8996] macvlan5: entered promiscuous mode
[  152.560913][ T8996] macvlan5: entered allmulticast mode
[  152.734427][ T8998] block nbd0: server does not support multiple connections per device.
[  152.749536][ T8998] block nbd0: shutting down sockets
[  152.876578][ T9002] netlink: 'syz.2.939': attribute type 1 has an invalid length.
[  153.254163][ T9009] netlink: 4 bytes leftover after parsing attributes in process `syz.2.942'.
[  153.412285][   T40] audit: type=1804 audit(1746358660.890:82): pid=9021 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.946" name="/newroot/268/file0/file0" dev="9p" ino=35913923 res=1 errno=0
[  153.573456][ T9031] netlink: 'syz.0.949': attribute type 1 has an invalid length.
[  154.021557][ T9055] netlink: 8 bytes leftover after parsing attributes in process `syz.1.957'.
[  154.024452][ T9055] netlink: 'syz.1.957': attribute type 5 has an invalid length.
[  154.026967][ T9055] netlink: 20 bytes leftover after parsing attributes in process `syz.1.957'.
[  154.045527][ T9055] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 256 - 0
[  154.048352][ T9055] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 256 - 0
[  154.051368][ T9055] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 256 - 0
[  154.054091][ T9055] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 256 - 0
[  154.056841][ T9055] geneve2: entered promiscuous mode
[  154.058539][ T9055] geneve2: entered allmulticast mode
[  154.102268][ T9058] netlink: 'syz.2.958': attribute type 10 has an invalid length.
[  154.105761][ T9058] batman_adv: batadv0: Adding interface: wlan0
[  154.107750][ T9058] batman_adv: batadv0: The MTU of interface wlan0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  154.116254][ T9058] batman_adv: batadv0: Interface activated: wlan0
[  155.061523][ T9072] ptrace attach of "/syz-executor exec"[5942] was attempted by "/syz-executor exec"[9072]
[  155.902443][ T9088] netlink: 8 bytes leftover after parsing attributes in process `syz.4.964'.
[  155.905278][ T9088] netlink: 'syz.4.964': attribute type 5 has an invalid length.
[  155.907491][ T9088] netlink: 20 bytes leftover after parsing attributes in process `syz.4.964'.
[  156.061373][ T9092] netlink: 8 bytes leftover after parsing attributes in process `syz.1.966'.
[  156.064022][ T9092] netlink: 'syz.1.966': attribute type 5 has an invalid length.
[  156.143899][ T9092] netlink: 20 bytes leftover after parsing attributes in process `syz.1.966'.
[  157.015147][ T9109] netlink: 12 bytes leftover after parsing attributes in process `syz.2.972'.
[  157.206619][ T9114] netlink: 136 bytes leftover after parsing attributes in process `syz.2.973'.
[  157.467181][ T9118] ptrace attach of "/syz-executor exec"[5936] was attempted by "/syz-executor exec"[9118]
[  157.699207][ T9124] Invalid logical block size (1048576)
[  157.838570][ T9132] workqueue: name exceeds WQ_NAME_LEN. Truncating to: !寿$ûÌÌULÙvy¸ÚØ¢
…D£øUDŒw˜}�z
[  157.868696][ T9134] netlink: 'syz.0.981': attribute type 1 has an invalid length.
[  158.132972][ T5968] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  158.305178][ T5968] usb 6-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 0
[  158.319498][ T5968] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  158.322296][ T5968] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  158.325217][ T5968] usb 6-1: Product: syz
[  158.326707][ T5968] usb 6-1: Manufacturer: syz
[  158.328160][ T5968] usb 6-1: SerialNumber: syz
[  158.332757][ T9132] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  158.354329][ T9166] binder: 9165:9166 ioctl 541c 80000000 returned -22
[  158.362901][ T9166] nfs: Unknown parameter '§~–'
[  158.451345][ T9172] netlink: 'syz.4.984': attribute type 10 has an invalid length.
[  158.679544][ T9181] netlink: 'syz.2.990': attribute type 1 has an invalid length.
[  158.996251][ T9191] ptrace attach of "/syz-executor exec"[5936] was attempted by "/syz-executor exec"[9191]
[  159.661530][ T9200] 9pnet_fd: Insufficient options for proto=fd
[  160.510581][ T9214] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1001'.
[  160.547013][ T9216] 9pnet: Unknown protocol version 9
[  160.945550][ T9222] netlink: 'syz.2.1003': attribute type 1 has an invalid length.
[  160.972447][ T9222] 8021q: adding VLAN 0 to HW filter on device bond2
[  161.012334][ T5968] cdc_ether 6-1:1.0: probe with driver cdc_ether failed with error -22
[  161.020399][ T5968] usb 6-1: USB disconnect, device number 4
[  161.547617][ T9235] ptrace attach of "/syz-executor exec"[5947] was attempted by "/syz-executor exec"[9235]
[  161.931455][ T9242] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1008'.
[  162.521643][ T9267] lo speed is unknown, defaulting to 1000
[  162.721748][ T9266] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1015'.
[  162.763048][ T9274] bridge_slave_0: left allmulticast mode
[  162.764867][ T9274] bridge_slave_0: left promiscuous mode
[  162.766695][ T9274] bridge0: port 1(bridge_slave_0) entered disabled state
[  162.770549][ T9274] bridge_slave_1: left allmulticast mode
[  162.772392][ T9274] bridge_slave_1: left promiscuous mode
[  162.774434][ T9274] bridge0: port 2(bridge_slave_1) entered disabled state
[  162.780021][ T9274] bond0: (slave bond_slave_0): Releasing backup interface
[  162.785610][ T9274] bond0: (slave bond_slave_1): Releasing backup interface
[  162.796334][ T9274] team0: Port device team_slave_0 removed
[  162.802065][ T9274] team0: Port device team_slave_1 removed
[  162.804985][ T9274] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  162.807294][ T9274] batman_adv: batadv0: Removing interface: batadv_slave_0
[  162.810135][ T9274] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  162.812668][ T9274] batman_adv: batadv0: Removing interface: batadv_slave_1
[  162.903728][ T9285] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1020'.
[  162.906553][ T9285] nbd: socks must be embedded in a SOCK_ITEM attr
[  162.914490][ T9285] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1020'.
[  162.917521][ T9285] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1020'.
[  163.178319][ T9297] ptrace attach of "/syz-executor exec"[8034] was attempted by "/syz-executor exec"[9297]
[  164.048356][ T9311] mac80211_hwsim hwsim5 wlan1: entered allmulticast mode
[  164.322816][ T8213] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  164.559317][ T8213] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  164.564584][ T8213] usb 6-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  164.568525][ T8213] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  164.578511][ T9331] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1033'.
[  164.579887][ T8213] usb 6-1: config 0 descriptor??
[  164.581626][ T9331] netlink: 'syz.2.1033': attribute type 5 has an invalid length.
[  164.585501][ T9331] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1033'.
[  164.592751][ T8213] usbhid 6-1:0.0: couldn't find an input interrupt endpoint
[  164.798984][  T837] usb 6-1: USB disconnect, device number 5
[  165.186335][ T9335] netlink: 84 bytes leftover after parsing attributes in process `syz.0.1034'.
[  165.190124][ T9335] netlink: 84 bytes leftover after parsing attributes in process `syz.0.1034'.
[  165.214197][ T9337] netlink: 64 bytes leftover after parsing attributes in process `syz.0.1035'.
[  165.252711][ T9339] lo speed is unknown, defaulting to 1000
[  165.564368][ T9362] netlink: 'syz.1.1040': attribute type 5 has an invalid length.
[  165.971092][ T9371] FAULT_INJECTION: forcing a failure.
[  165.971092][ T9371] name failslab, interval 1, probability 0, space 0, times 0
[  165.976199][ T9371] CPU: 3 UID: 0 PID: 9371 Comm: syz.2.1046 Not tainted 6.15.0-rc4-syzkaller-00291-g2a239ffbebb5 #0 PREEMPT(full) 
[  165.976222][ T9371] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  165.976231][ T9371] Call Trace:
[  165.976237][ T9371]  <TASK>
[  165.976244][ T9371]  dump_stack_lvl+0x16c/0x1f0
[  165.976272][ T9371]  should_fail_ex+0x512/0x640
[  165.976294][ T9371]  ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0
[  165.976316][ T9371]  should_failslab+0xc2/0x120
[  165.976336][ T9371]  kmem_cache_alloc_lru_noprof+0x72/0x3b0
[  165.976354][ T9371]  ? __pfx_lookup_one_len+0x10/0x10
[  165.976374][ T9371]  ? alloc_inode+0x61/0x240
[  165.976396][ T9371]  ? __pfx_debugfs_alloc_inode+0x10/0x10
[  165.976417][ T9371]  alloc_inode+0x61/0x240
[  165.976436][ T9371]  new_inode+0x22/0x1c0
[  165.976453][ T9371]  ? start_creating.part.0+0x25d/0x3a0
[  165.976477][ T9371]  __debugfs_create_file+0x11c/0x6b0
[  165.976504][ T9371]  debugfs_create_file_full+0x41/0x60
[  165.976548][ T9371]  nbd_start_device+0x436/0xcd0
[  165.976579][ T9371]  nbd_ioctl+0x219/0xda0
[  165.976599][ T9371]  ? __pfx_nbd_ioctl+0x10/0x10
[  165.976622][ T9371]  ? find_held_lock+0x2b/0x80
[  165.976640][ T9371]  ? __pfx_nbd_ioctl+0x10/0x10
[  165.976656][ T9371]  compat_blkdev_ioctl+0x2eb/0x7a0
[  165.976678][ T9371]  ? __pfx_compat_blkdev_ioctl+0x10/0x10
[  165.976695][ T9371]  ? __fput_deferred+0x320/0x370
[  165.976719][ T9371]  ? __pfx_compat_blkdev_ioctl+0x10/0x10
[  165.976743][ T9371]  __ia32_compat_sys_ioctl+0x24c/0x360
[  165.976770][ T9371]  __do_fast_syscall_32+0x73/0x120
[  165.976794][ T9371]  do_fast_syscall_32+0x32/0x80
[  165.976817][ T9371]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  165.976838][ T9371] RIP: 0023:0xf711e579
[  165.976851][ T9371] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  165.976867][ T9371] RSP: 002b:00000000f510e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  165.976883][ T9371] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 000000000000ab03
[  165.976893][ T9371] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  165.976902][ T9371] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  165.976910][ T9371] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  165.976919][ T9371] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  165.976942][ T9371]  </TASK>
[  165.976948][ T9371] debugfs: out of free dentries, can not create file 'flags'
[  166.071212][ T5294] block nbd2: Receive control failed (result -107)
[  166.109257][ T9370] block nbd2: shutting down sockets
[  166.623526][ T9391] ptrace attach of "/syz-executor exec"[5936] was attempted by "/syz-executor exec"[9391]
[  166.790238][ T9392] blktrace: Concurrent blktraces are not allowed on sg0
[  167.474148][ T9416] netlink: 'syz.4.1061': attribute type 9 has an invalid length.
[  167.476743][ T9416] __nla_validate_parse: 5 callbacks suppressed
[  167.476750][ T9416] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1061'.
[  167.491462][ T9416] hsr0: entered promiscuous mode
[  167.493022][ T9416] macvlan2: entered promiscuous mode
[  167.495218][ T9416] macvlan2: entered allmulticast mode
[  167.497022][ T9416] hsr0: entered allmulticast mode
[  167.498773][ T9416] hsr_slave_0: entered allmulticast mode
[  167.500804][ T9416] hsr_slave_1: entered allmulticast mode
[  167.632798][ T9425] bridge3: entered promiscuous mode
[  167.817051][ T9421] 9pnet_fd: Insufficient options for proto=fd
[  167.890688][ T9441] netlink: 'syz.2.1068': attribute type 1 has an invalid length.
[  167.891071][ T9442] FAULT_INJECTION: forcing a failure.
[  167.891071][ T9442] name failslab, interval 1, probability 0, space 0, times 0
[  167.893621][ T9441] netlink: 'syz.2.1068': attribute type 2 has an invalid length.
[  167.897961][ T9442] CPU: 2 UID: 0 PID: 9442 Comm: syz.1.1071 Not tainted 6.15.0-rc4-syzkaller-00291-g2a239ffbebb5 #0 PREEMPT(full) 
[  167.897976][ T9442] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  167.897982][ T9442] Call Trace:
[  167.897986][ T9442]  <TASK>
[  167.897990][ T9442]  dump_stack_lvl+0x16c/0x1f0
[  167.898007][ T9442]  should_fail_ex+0x512/0x640
[  167.898022][ T9442]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[  167.898034][ T9442]  should_failslab+0xc2/0x120
[  167.898050][ T9442]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  167.898061][ T9442]  ? getname_flags.part.0+0x4c/0x550
[  167.898076][ T9442]  getname_flags.part.0+0x4c/0x550
[  167.898090][ T9442]  getname_flags+0x93/0xf0
[  167.898105][ T9442]  do_sys_openat2+0xb8/0x1d0
[  167.898118][ T9442]  ? __pfx_do_sys_openat2+0x10/0x10
[  167.898131][ T9442]  ? __fget_files+0x20e/0x3c0
[  167.898149][ T9442]  __ia32_compat_sys_open+0x146/0x1e0
[  167.898162][ T9442]  ? __pfx___ia32_compat_sys_open+0x10/0x10
[  167.898178][ T9442]  ? rcu_is_watching+0x12/0xc0
[  167.898187][ T9442]  ? syscall_enter_from_user_mode_prepare+0x68/0xe0
[  167.898203][ T9442]  __do_fast_syscall_32+0x73/0x120
[  167.898218][ T9442]  do_fast_syscall_32+0x32/0x80
[  167.898231][ T9442]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  167.898244][ T9442] RIP: 0023:0xf709e579
[  167.898251][ T9442] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  167.898261][ T9442] RSP: 002b:00000000f503a55c EFLAGS: 00000296 ORIG_RAX: 0000000000000005
[  167.898270][ T9442] RAX: ffffffffffffffda RBX: 0000000080000140 RCX: 0000000000000001
[  167.898276][ T9442] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  167.898282][ T9442] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  167.898287][ T9442] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  167.898293][ T9442] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  167.898304][ T9442]  </TASK>
[  168.841922][ T9466] netlink: 'syz.2.1079': attribute type 1 has an invalid length.
[  168.916725][ T9470] lo: entered allmulticast mode
[  168.950297][ T9469] lo: left allmulticast mode
[  169.337584][ T9490] netlink: 'syz.2.1087': attribute type 1 has an invalid length.
[  169.435957][ T9490] 8021q: adding VLAN 0 to HW filter on device bond3
[  169.951420][ T9503] netlink: 'syz.1.1091': attribute type 5 has an invalid length.
[  169.995441][ T9507] input: syz0 as /devices/virtual/input/input12
[  171.305634][ T9540] netlink: 'syz.2.1100': attribute type 9 has an invalid length.
[  171.308224][ T9540] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1100'.
[  171.335487][ T9540] macvlan7: entered promiscuous mode
[  171.337876][ T9540] macvlan7: entered allmulticast mode
[  171.672681][ T9549] dvmrp8: entered allmulticast mode
[  171.802899][ T9553] wireguard0: entered promiscuous mode
[  171.805075][ T9553] wireguard0: entered allmulticast mode
[  171.830608][ T9557] Cannot find add_set index 0 as target
[  172.608003][ T9576] ptrace attach of "/syz-executor exec"[5936] was attempted by "/syz-executor exec"[9576]
[  173.000575][ T9587] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1115'.
[  173.270563][ T9595] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1118'.
[  173.274519][ T9595] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1118'.
[  173.311605][ T9593] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1116'.
[  173.314706][ T9593] netlink: 'syz.0.1116': attribute type 5 has an invalid length.
[  173.317142][ T9593] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1116'.
[  173.463231][ T5968] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[  173.623616][ T5968] usb 7-1: Using ep0 maxpacket: 8
[  173.625932][ T9606] FAULT_INJECTION: forcing a failure.
[  173.625932][ T9606] name failslab, interval 1, probability 0, space 0, times 0
[  173.626510][ T5968] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  173.630476][ T9606] CPU: 1 UID: 0 PID: 9606 Comm: syz.1.1122 Not tainted 6.15.0-rc4-syzkaller-00291-g2a239ffbebb5 #0 PREEMPT(full) 
[  173.630490][ T9606] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  173.630496][ T9606] Call Trace:
[  173.630500][ T9606]  <TASK>
[  173.630505][ T9606]  dump_stack_lvl+0x16c/0x1f0
[  173.630523][ T9606]  should_fail_ex+0x512/0x640
[  173.630537][ T9606]  ? fs_reclaim_acquire+0xae/0x150
[  173.630552][ T9606]  should_failslab+0xc2/0x120
[  173.630564][ T9606]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  173.630576][ T9606]  ? security_inode_alloc+0x3b/0x2b0
[  173.630589][ T9606]  security_inode_alloc+0x3b/0x2b0
[  173.630600][ T9606]  inode_init_always_gfp+0xce4/0x1030
[  173.630618][ T9606]  alloc_inode+0x86/0x240
[  173.630629][ T9606]  new_inode+0x22/0x1c0
[  173.630640][ T9606]  ? start_creating.part.0+0x25d/0x3a0
[  173.630655][ T9606]  __debugfs_create_file+0x11c/0x6b0
[  173.630671][ T9606]  debugfs_create_file_full+0x41/0x60
[  173.630686][ T9606]  nbd_start_device+0x436/0xcd0
[  173.630701][ T9606]  nbd_ioctl+0x219/0xda0
[  173.630713][ T9606]  ? __pfx_nbd_ioctl+0x10/0x10
[  173.630733][ T9606]  ? find_held_lock+0x2b/0x80
[  173.630745][ T9606]  ? __pfx_nbd_ioctl+0x10/0x10
[  173.630754][ T9606]  compat_blkdev_ioctl+0x2eb/0x7a0
[  173.630767][ T9606]  ? __pfx_compat_blkdev_ioctl+0x10/0x10
[  173.630777][ T9606]  ? __fput_deferred+0x320/0x370
[  173.630792][ T9606]  ? __pfx_compat_blkdev_ioctl+0x10/0x10
[  173.630803][ T9606]  __ia32_compat_sys_ioctl+0x24c/0x360
[  173.630819][ T9606]  __do_fast_syscall_32+0x73/0x120
[  173.630834][ T9606]  do_fast_syscall_32+0x32/0x80
[  173.630848][ T9606]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  173.630861][ T9606] RIP: 0023:0xf709e579
[  173.630868][ T9606] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  173.630878][ T9606] RSP: 002b:00000000f508e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  173.630887][ T9606] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 000000000000ab03
[  173.630893][ T9606] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  173.630899][ T9606] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  173.630904][ T9606] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  173.630909][ T9606] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  173.630922][ T9606]  </TASK>
[  173.630937][ T9606] debugfs: out of free dentries, can not create file 'flags'
[  173.633183][ T5968] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  173.637848][ T5294] block nbd1: Receive control failed (result -107)
[  173.640062][ T5968] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  173.640076][ T5968] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  173.640099][ T5968] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  173.718107][ T5968] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  173.736192][ T5937] block nbd1: shutting down sockets
[  173.798235][ T9610] netlink: 136 bytes leftover after parsing attributes in process `syz.1.1124'.
[  173.951432][ T5968] usb 7-1: usb_control_msg returned -71
[  173.953248][ T5968] usbtmc 7-1:16.0: can't read capabilities
[  173.958954][ T5968] usb 7-1: USB disconnect, device number 3
[  174.071408][ T9616] ptrace attach of "/syz-executor exec"[5942] was attempted by "/syz-executor exec"[9616]
[  174.541937][ T9620] netlink: 'syz.2.1128': attribute type 1 has an invalid length.
[  174.598064][ T1230] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  174.601414][ T1230] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[  174.672367][ T1230] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  174.675910][ T1230] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[  174.738940][ T1230] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  174.742243][ T1230] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[  174.813554][ T1230] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  174.816760][ T1230] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[  174.853696][ T5939] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  174.857522][ T5939] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  174.865563][ T5939] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  174.868504][ T5939] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  174.871752][ T5939] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  174.905451][ T9625] lo speed is unknown, defaulting to 1000
[  175.261831][ T9647] netlink: 'syz.1.1135': attribute type 1 has an invalid length.
[  175.356187][ T1230] bond0 (unregistering): Released all slaves
[  175.364561][ T1230] bond1 (unregistering): Released all slaves
[  175.495763][ T9656] xt_CT: You must specify a L4 protocol and not use inversions on it
[  175.574533][ T9625] chnl_net:caif_netlink_parms(): no params data found
[  176.006331][ T9625] bridge0: port 1(bridge_slave_0) entered blocking state
[  176.015774][ T9625] bridge0: port 1(bridge_slave_0) entered disabled state
[  176.018428][ T9625] bridge_slave_0: entered allmulticast mode
[  176.021895][ T9625] bridge_slave_0: entered promiscuous mode
[  176.067735][ T1230] hsr0: left allmulticast mode
[  176.069717][ T1230] veth1_macvtap: left promiscuous mode
[  176.072367][ T1230] veth0_macvtap: left promiscuous mode
[  176.075109][ T1230] veth1_vlan: left promiscuous mode
[  176.472768][ T9677] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1140'.
[  177.034141][ T5294] Bluetooth: hci4: command tx timeout
[  177.321893][ T9625] bridge0: port 2(bridge_slave_1) entered blocking state
[  177.324288][ T9625] bridge0: port 2(bridge_slave_1) entered disabled state
[  177.326562][ T9625] bridge_slave_1: entered allmulticast mode
[  177.329116][ T9625] bridge_slave_1: entered promiscuous mode
[  177.344819][ T9671] tap0: tun_chr_ioctl cmd 1074025677
[  177.346566][ T9671] tap0: linktype set to 780
[  177.353855][ T9679] bridge4: entered promiscuous mode
[  177.365557][ T9677] workqueue: Failed to create a rescuer kthread for wq "bond3": -EINTR
[  177.367997][ T9688] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1145'.
[  177.399867][ T9625] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  177.404182][ T9625] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  177.474975][ T9625] team0: Port device team_slave_0 added
[  177.487811][ T9625] team0: Port device team_slave_1 added
[  177.580475][ T9625] batman_adv: batadv0: Adding interface: batadv_slave_0
[  177.585067][ T9625] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  177.598292][ T9625] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  177.605819][ T9700] tipc: Resetting bearer <eth:team0>
[  177.619265][ T9700] batman_adv: batadv0: Interface deactivated: wlan0
[  177.621428][ T9700] batman_adv: batadv0: Removing interface: wlan0
[  177.628998][ T9625] batman_adv: batadv0: Adding interface: batadv_slave_1
[  177.631359][ T9625] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  177.641221][ T9625] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  177.705639][ T9700] netlink: 'syz.2.1146': attribute type 10 has an invalid length.
[  177.743011][ T9625] hsr_slave_0: entered promiscuous mode
[  177.745225][ T9625] hsr_slave_1: entered promiscuous mode
[  177.747221][ T9625] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  177.759872][ T9703] i2c i2c-1: Invalid block write size 34
[  177.763792][ T9625] Cannot create hsr debugfs directory
[  177.765791][ T9700] mac80211_hwsim hwsim8 wlan1: left allmulticast mode
[  177.769616][ T9700] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  178.139001][ T9625] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  178.146375][ T9625] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  178.150364][ T9625] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  178.155138][ T9625] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  178.195562][ T9625] 8021q: adding VLAN 0 to HW filter on device bond0
[  178.206586][ T9625] 8021q: adding VLAN 0 to HW filter on device team0
[  178.214344][   T75] bridge0: port 1(bridge_slave_0) entered blocking state
[  178.216654][   T75] bridge0: port 1(bridge_slave_0) entered forwarding state
[  178.219249][ T9717] FAULT_INJECTION: forcing a failure.
[  178.219249][ T9717] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  178.223329][ T1230] bridge0: port 2(bridge_slave_1) entered blocking state
[  178.223387][ T1230] bridge0: port 2(bridge_slave_1) entered forwarding state
[  178.227949][ T9717] CPU: 1 UID: 0 PID: 9717 Comm: syz.1.1149 Not tainted 6.15.0-rc4-syzkaller-00291-g2a239ffbebb5 #0 PREEMPT(full) 
[  178.227962][ T9717] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  178.227968][ T9717] Call Trace:
[  178.227972][ T9717]  <TASK>
[  178.227976][ T9717]  dump_stack_lvl+0x16c/0x1f0
[  178.227994][ T9717]  should_fail_ex+0x512/0x640
[  178.228010][ T9717]  strncpy_from_user+0x3b/0x2e0
[  178.228024][ T9717]  getname_flags.part.0+0x8f/0x550
[  178.228039][ T9717]  getname_flags+0x93/0xf0
[  178.228053][ T9717]  do_sys_openat2+0xb8/0x1d0
[  178.228066][ T9717]  ? __pfx_do_sys_openat2+0x10/0x10
[  178.228079][ T9717]  ? __fget_files+0x20e/0x3c0
[  178.228097][ T9717]  __ia32_compat_sys_open+0x146/0x1e0
[  178.228110][ T9717]  ? __pfx___ia32_compat_sys_open+0x10/0x10
[  178.228126][ T9717]  ? rcu_is_watching+0x12/0xc0
[  178.228135][ T9717]  ? syscall_enter_from_user_mode_prepare+0x68/0xe0
[  178.228150][ T9717]  __do_fast_syscall_32+0x73/0x120
[  178.228164][ T9717]  do_fast_syscall_32+0x32/0x80
[  178.228178][ T9717]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  178.228190][ T9717] RIP: 0023:0xf709e579
[  178.228198][ T9717] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  178.228208][ T9717] RSP: 002b:00000000f503a55c EFLAGS: 00000296 ORIG_RAX: 0000000000000005
[  178.228218][ T9717] RAX: ffffffffffffffda RBX: 0000000080000140 RCX: 0000000000000001
[  178.228223][ T9717] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  178.228229][ T9717] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  178.228234][ T9717] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  178.228239][ T9717] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  178.228251][ T9717]  </TASK>
[  178.236923][ T9625] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  178.294886][ T9625] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  178.395012][ T9625] 8021q: adding VLAN 0 to HW filter on device batadv0
[  178.533308][ T9625] veth0_vlan: entered promiscuous mode
[  178.538170][ T9625] veth1_vlan: entered promiscuous mode
[  178.558249][ T9625] veth0_macvtap: entered promiscuous mode
[  178.563334][ T9625] veth1_macvtap: entered promiscuous mode
[  178.577593][ T9625] batman_adv: batadv0: Interface activated: batadv_slave_0
[  178.589826][ T9625] batman_adv: batadv0: Interface activated: batadv_slave_1
[  178.603497][ T9625] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  178.616494][ T9625] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  178.619760][ T9625] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  178.623291][ T9625] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  178.632204][ T9750] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1152'.
[  178.635254][ T9750] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1152'.
[  178.683814][   T75] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  178.686329][   T75] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  178.711338][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  178.717284][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  179.080675][ T9772] mac80211_hwsim hwsim4 wlan0: left allmulticast mode
[  179.092052][ T9772] hsr0: left allmulticast mode
[  179.093865][ T9772] hsr_slave_0: left allmulticast mode
[  179.095744][ T9772] hsr_slave_1: left allmulticast mode
[  179.098184][ T9772] hsr0: left promiscuous mode
[  179.102292][ T9772] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 256 - 0
[  179.105216][ T9772] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 256 - 0
[  179.110908][ T9772] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 256 - 0
[  179.114075][ T9772] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 256 - 0
[  179.257635][ T5294] Bluetooth: hci4: command tx timeout
[  179.440576][   T40] audit: type=1804 audit(1746358685.238:83): pid=9789 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.1156" name="/newroot/291/file0/file0" dev="9p" ino=35913923 res=1 errno=0
[  179.958230][ T9813] netlink: 'syz.2.1159': attribute type 1 has an invalid length.
[  179.998920][ T9813] 8021q: adding VLAN 0 to HW filter on device bond4
[  180.200053][ T9825] ptrace attach of "/syz-executor exec"[9625] was attempted by "/syz-executor exec"[9825]
[  180.409135][ T9833] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1166'.
[  180.412454][ T9833] netlink: 'syz.1.1166': attribute type 9 has an invalid length.
[  180.418051][ T9833] macvlan6: entered allmulticast mode
[  180.419883][ T9833] mac80211_hwsim hwsim4 wlan0: entered allmulticast mode
[  180.685010][ T9838] ptrace attach of "/syz-executor exec"[5942] was attempted by "/syz-executor exec"[9838]
[  180.976184][ T9843] vlan2: entered promiscuous mode
[  180.977988][ T9843] vlan2: entered allmulticast mode
[  180.980881][ T9843] hsr_slave_1: entered allmulticast mode
[  181.010191][ T9843] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1169'.
[  181.481357][ T5294] Bluetooth: hci4: command tx timeout
[  181.620210][ T6007] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  181.781162][ T6007] usb 5-1: Using ep0 maxpacket: 32
[  181.787254][ T6007] usb 5-1: config 0 has an invalid interface number: 89 but max is 0
[  181.790685][ T6007] usb 5-1: config 0 has no interface number 0
[  181.794153][ T6007] usb 5-1: config 0 interface 89 has no altsetting 0
[  181.799354][ T6007] usb 5-1: New USB device found, idVendor=0ccd, idProduct=10af, bcdDevice=38.4e
[  181.809045][ T6007] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  181.812308][ T6007] usb 5-1: Product: syz
[  181.814599][ T6007] usb 5-1: Manufacturer: syz
[  181.816750][ T6007] usb 5-1: SerialNumber: syz
[  181.821448][ T6007] usb 5-1: config 0 descriptor??
[  182.027546][ T9858] syz.2.1174: attempt to access beyond end of device
[  182.027546][ T9858] nbd2: rw=0, sector=0, nr_sectors = 2 limit=0
[  182.042293][ T9849] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  182.045123][  T835] hid-generic 0004:FFFFFFFF:0143.0002: unknown main item tag 0x0
[  182.047812][  T835] hid-generic 0004:FFFFFFFF:0143.0002: unknown main item tag 0x0
[  182.049012][ T9849] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  182.051592][  T835] hid-generic 0004:FFFFFFFF:0143.0002: unknown main item tag 0x0
[  182.055370][  T835] hid-generic 0004:FFFFFFFF:0143.0002: unknown main item tag 0x0
[  182.056497][ T5982] usb 5-1: USB disconnect, device number 6
[  182.057822][  T835] hid-generic 0004:FFFFFFFF:0143.0002: unknown main item tag 0x0
[  182.062761][  T835] hid-generic 0004:FFFFFFFF:0143.0002: unknown main item tag 0x0
[  182.065220][  T835] hid-generic 0004:FFFFFFFF:0143.0002: unknown main item tag 0x0
[  182.067639][  T835] hid-generic 0004:FFFFFFFF:0143.0002: unknown main item tag 0x0
[  182.070323][  T835] hid-generic 0004:FFFFFFFF:0143.0002: unknown main item tag 0x0
[  182.072795][  T835] hid-generic 0004:FFFFFFFF:0143.0002: unknown main item tag 0x0
[  182.075260][  T835] hid-generic 0004:FFFFFFFF:0143.0002: unknown main item tag 0x0
[  182.077791][  T835] hid-generic 0004:FFFFFFFF:0143.0002: unknown main item tag 0x0
[  182.080416][  T835] hid-generic 0004:FFFFFFFF:0143.0002: unknown main item tag 0x0
[  182.082869][  T835] hid-generic 0004:FFFFFFFF:0143.0002: unknown main item tag 0x0
[  182.085344][  T835] hid-generic 0004:FFFFFFFF:0143.0002: unknown main item tag 0x0
[  182.087795][  T835] hid-generic 0004:FFFFFFFF:0143.0002: unknown main item tag 0x0
[  182.090288][  T835] hid-generic 0004:FFFFFFFF:0143.0002: unknown main item tag 0x0
[  182.092747][  T835] hid-generic 0004:FFFFFFFF:0143.0002: unknown main item tag 0x0
[  182.095161][  T835] hid-generic 0004:FFFFFFFF:0143.0002: unknown main item tag 0x0
[  182.097625][  T835] hid-generic 0004:FFFFFFFF:0143.0002: unknown main item tag 0x0
[  182.100047][  T835] hid-generic 0004:FFFFFFFF:0143.0002: unknown main item tag 0x0
[  182.102507][  T835] hid-generic 0004:FFFFFFFF:0143.0002: unknown main item tag 0x0
[  182.104952][  T835] hid-generic 0004:FFFFFFFF:0143.0002: unknown main item tag 0x0
[  182.107387][  T835] hid-generic 0004:FFFFFFFF:0143.0002: unknown main item tag 0x0
[  182.109859][  T835] hid-generic 0004:FFFFFFFF:0143.0002: unknown main item tag 0x0
[  182.112406][  T835] hid-generic 0004:FFFFFFFF:0143.0002: unknown main item tag 0x0
[  182.114854][  T835] hid-generic 0004:FFFFFFFF:0143.0002: unknown main item tag 0x0
[  182.117315][  T835] hid-generic 0004:FFFFFFFF:0143.0002: unknown main item tag 0x0
[  182.119703][  T835] hid-generic 0004:FFFFFFFF:0143.0002: unknown main item tag 0x0
[  182.121982][  T835] hid-generic 0004:FFFFFFFF:0143.0002: unknown main item tag 0x0
[  182.124500][  T835] hid-generic 0004:FFFFFFFF:0143.0002: unknown main item tag 0x0
[  182.126945][  T835] hid-generic 0004:FFFFFFFF:0143.0002: unknown main item tag 0x0
[  182.135195][  T835] hid-generic 0004:FFFFFFFF:0143.0002: hidraw1: <UNKNOWN> HID v0.00 Device [syz0] on syz0
[  182.304528][ T6002] usb 7-1: new high-speed USB device number 4 using dummy_hcd
[  182.443964][ T6002] usb 7-1: device descriptor read/64, error -71
[  182.721172][ T9875] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1182'.
[  182.732723][ T6002] usb 7-1: new high-speed USB device number 5 using dummy_hcd
[  182.881794][ T6002] usb 7-1: device descriptor read/64, error -71
[  183.012195][ T6002] usb usb7-port1: attempt power cycle
[  183.384149][ T6002] usb 7-1: new high-speed USB device number 6 using dummy_hcd
[  183.416616][ T6002] usb 7-1: device descriptor read/8, error -71
[  183.629605][ T9897] netlink: 'syz.0.1190': attribute type 10 has an invalid length.
[  183.631594][   T40] audit: type=1326 audit(1746358689.167:84): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9893 comm="syz.5.1188" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf710e579 code=0x0
[  183.632196][ T9897] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1190'.
[  183.642884][ T9897] A link change request failed with some changes committed already. Interface dummy0 may have been left with an inconsistent configuration, please check.
[  183.672925][ T6002] usb 7-1: new high-speed USB device number 7 using dummy_hcd
[  183.695012][ T6002] usb 7-1: device descriptor read/8, error -71
[  183.715836][ T5294] Bluetooth: hci4: command tx timeout
[  183.799805][   T40] audit: type=1804 audit(1746358689.317:85): pid=9918 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.1199" name="/newroot/339/file0/file0" dev="9p" ino=35913923 res=1 errno=0
[  183.890994][ T6002] usb usb7-port1: unable to enumerate USB device
[  183.987121][ T9927] mac80211_hwsim hwsim15 wlan1: entered allmulticast mode
[  184.074087][ T9929] bridge_slave_0: left allmulticast mode
[  184.075953][ T9929] bridge_slave_0: left promiscuous mode
[  184.077810][ T9929] bridge0: port 1(bridge_slave_0) entered disabled state
[  184.082939][ T9929] bridge_slave_1: left allmulticast mode
[  184.084732][ T9929] bridge_slave_1: left promiscuous mode
[  184.086541][ T9929] bridge0: port 2(bridge_slave_1) entered disabled state
[  184.107509][ T9929] bond0: (slave bond_slave_0): Releasing backup interface
[  184.119887][ T9929] bond0: (slave bond_slave_1): Releasing backup interface
[  184.133823][ T9923] netlink: 'syz.5.1201': attribute type 10 has an invalid length.
[  184.135376][ T9929] team0: Port device team_slave_0 removed
[  184.147412][ T9929] team0: Port device team_slave_1 removed
[  184.149675][ T9929] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  184.152087][ T9929] batman_adv: batadv0: Removing interface: batadv_slave_0
[  184.162374][ T9929] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  184.165042][ T9929] batman_adv: batadv0: Removing interface: batadv_slave_1
[  184.191574][ T9923] mac80211_hwsim hwsim15 wlan1: left allmulticast mode
[  184.453639][ T9936] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1203'.
[  184.456693][ T9936] netlink: 'syz.0.1203': attribute type 5 has an invalid length.
[  184.459328][ T9936] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1203'.
[  185.094666][ T6007] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[  185.211900][ T9960] bridge4: entered promiscuous mode
[  185.255112][ T6007] usb 6-1: Using ep0 maxpacket: 32
[  185.261306][ T6007] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  185.267473][ T6007] usb 6-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  185.271128][ T6007] usb 6-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  185.274375][ T6007] usb 6-1: Product: syz
[  185.276122][ T6007] usb 6-1: Manufacturer: syz
[  185.278886][ T6007] usb 6-1: SerialNumber: syz
[  185.282980][ T6007] usb 6-1: config 0 descriptor??
[  185.285724][ T9951] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  185.501831][ T9969] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1212'.
[  185.504824][ T9969] netlink: 'syz.0.1212': attribute type 5 has an invalid length.
[  185.507294][ T9969] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1212'.
[  185.513987][ T9951] team0: Device lo is loopback device. Loopback devices can't be added as a team port
[  185.517104][ T9951] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  185.884175][ T9986] tmpfs: Bad value for 'mpol'
[  185.966059][ T9987] =======================================================
[  185.966059][ T9987] WARNING: The mand mount option has been deprecated and
[  185.966059][ T9987]          and is ignored by this kernel. Remove the mand
[  185.966059][ T9987]          option from the mount to silence this warning.
[  185.966059][ T9987] =======================================================
[  185.986296][ T9989] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1219'.
[  185.990478][ T9987] overlayfs: lowerdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior.
[  185.996885][ T9987] overlayfs: overlapping lowerdir path
[  186.002391][ T9989] bridge0: entered promiscuous mode
[  186.007133][ T9989] macvlan2: entered promiscuous mode
[  186.077042][ T9990] can0: slcan on ttyS3.
[  186.210684][ T9997] netlink: 1041 bytes leftover after parsing attributes in process `syz.5.1220'.
[  186.934446][ T9985] can0 (unregistered): slcan off ttyS3.
[  187.299735][T10031] lo speed is unknown, defaulting to 1000
[  187.412891][T10035] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1231'.
[  187.529380][T10042] netlink: 232 bytes leftover after parsing attributes in process `syz.2.1233'.
[  188.057662][T10048] netlink: 52 bytes leftover after parsing attributes in process `syz.0.1236'.
[  188.099030][ T6007] usb 6-1: USB disconnect, device number 6
[  188.319132][T10056] ptrace attach of "/syz-executor exec"[9625] was attempted by "/syz-executor exec"[10056]
[  188.345623][T10058] sp0: Synchronizing with TNC
[  188.418105][T10062] 9pnet: Unknown protocol version 9
[  188.551001][T10064] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1243'.
[  189.082133][T10074] vlan2: entered allmulticast mode
[  189.084400][T10074] gretap0: entered allmulticast mode
[  189.369174][T10082] ptrace attach of "/syz-executor exec"[5947] was attempted by "/syz-executor exec"[10082]
[  189.545889][T10090] bridge5: trying to set multicast startup query interval below minimum, setting to 100 (1000ms)
[  189.628757][T10101] netlink: 'syz.2.1252': attribute type 4 has an invalid length.
[  189.897509][T10115] trusted_key: encrypted_key: master key parameter 'defYult' is invalid
[  189.982264][T10117] 9pnet: Unknown protocol version 9
[  190.229334][T10129] netlink: 'syz.5.1262': attribute type 3 has an invalid length.
[  190.366186][T10139] lo speed is unknown, defaulting to 1000
[  190.530188][ T5294] block nbd2: Receive control failed (result -107)
[  190.541418][T10159] __nla_validate_parse: 4 callbacks suppressed
[  190.541428][T10159] netlink: 64 bytes leftover after parsing attributes in process `syz.0.1266'.
[  190.583392][   T40] audit: type=1804 audit(1746358695.659:86): pid=10163 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.1267" name="/newroot/360/file0/file0" dev="9p" ino=35913923 res=1 errno=0
[  190.598929][ T5953] block nbd2: shutting down sockets
[  190.960572][T10199] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1276'.
[  190.977344][T10201] xt_policy: output policy not valid in PREROUTING and INPUT
[  191.257531][T10214] netlink: 'syz.0.1279': attribute type 1 has an invalid length.
[  191.286596][T10218] netlink: 68 bytes leftover after parsing attributes in process `syz.5.1282'.
[  191.292113][T10214] 8021q: adding VLAN 0 to HW filter on device bond3
[  191.403386][T10216] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1278'.
[  191.425457][T10216] netlink: 'syz.1.1278': attribute type 5 has an invalid length.
[  191.430088][T10216] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1278'.
[  191.550643][T10235] delete_channel: no stack
[  191.566475][T10240] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1285'.
[  191.997649][   T40] audit: type=1800 audit(1746358696.968:87): pid=10263 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.1290" name="bus" dev="9p" ino=35913973 res=0 errno=0
[  192.095223][   T40] audit: type=1326 audit(1746358697.071:88): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10267 comm="syz.0.1292" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc6579 code=0x7ffc0000
[  192.102611][   T40] audit: type=1326 audit(1746358697.080:89): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10267 comm="syz.0.1292" exe="/syz-executor" sig=0 arch=40000003 syscall=374 compat=1 ip=0xf7fc6579 code=0x7ffc0000
[  192.109749][   T40] audit: type=1326 audit(1746358697.080:90): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10267 comm="syz.0.1292" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc6579 code=0x7ffc0000
[  192.117333][   T40] audit: type=1326 audit(1746358697.080:91): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10267 comm="syz.0.1292" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7fc6579 code=0x7ffc0000
[  192.123958][   T40] audit: type=1326 audit(1746358697.090:92): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10267 comm="syz.0.1292" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc6579 code=0x7ffc0000
[  192.130841][   T40] audit: type=1326 audit(1746358697.090:93): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10267 comm="syz.0.1292" exe="/syz-executor" sig=0 arch=40000003 syscall=224 compat=1 ip=0xf7fc6579 code=0x7ffc0000
[  192.138445][   T40] audit: type=1326 audit(1746358697.090:94): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10267 comm="syz.0.1292" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc6579 code=0x7ffc0000
[  192.145448][   T40] audit: type=1326 audit(1746358697.090:95): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10267 comm="syz.0.1292" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc6579 code=0x7ffc0000
[  192.282747][T10271] tap0: tun_chr_ioctl cmd 1074025677
[  192.285469][T10271] tap0: linktype set to 780
[  192.484222][T10274] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1293'.
[  193.318883][T10291] ptm ptm0: ldisc open failed (-12), clearing slot 0
[  193.483307][T10296] sit0: entered promiscuous mode
[  193.488480][T10296] netlink: 'syz.2.1299': attribute type 1 has an invalid length.
[  193.490916][T10296] netlink: 1 bytes leftover after parsing attributes in process `syz.2.1299'.
[  193.611945][T10307] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1302'.
[  193.884523][T10311] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1302'.
[  195.051416][ T5294] block nbd1: Receive control failed (result -107)
[  195.090821][T10350] FAULT_INJECTION: forcing a failure.
[  195.090821][T10350] name failslab, interval 1, probability 0, space 0, times 0
[  195.095161][T10350] CPU: 0 UID: 0 PID: 10350 Comm: syz.1.1314 Not tainted 6.15.0-rc4-syzkaller-00291-g2a239ffbebb5 #0 PREEMPT(full) 
[  195.095175][T10350] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  195.095181][T10350] Call Trace:
[  195.095196][T10350]  <TASK>
[  195.095211][T10350]  dump_stack_lvl+0x16c/0x1f0
[  195.095229][T10350]  should_fail_ex+0x512/0x640
[  195.095243][T10350]  ? __kmalloc_noprof+0xbf/0x510
[  195.095256][T10350]  ? kobject_get_path+0xd2/0x2a0
[  195.095268][T10350]  should_failslab+0xc2/0x120
[  195.095281][T10350]  __kmalloc_noprof+0xd2/0x510
[  195.095294][T10350]  kobject_get_path+0xd2/0x2a0
[  195.095310][T10350]  kobject_uevent_env+0x289/0x1870
[  195.095320][T10350]  ? __pfx_dev_uevent_name+0x10/0x10
[  195.095338][T10350]  ? nbd_set_size+0x629/0x720
[  195.095354][T10350]  nbd_set_size+0x5ba/0x720
[  195.095377][T10350]  ? __pfx_nbd_set_size+0x10/0x10
[  195.095401][T10350]  ? queue_work_on+0x12a/0x1f0
[  195.095415][T10350]  ? lockdep_hardirqs_on+0x7c/0x110
[  195.095430][T10350]  nbd_start_device+0x8d1/0xcd0
[  195.095445][T10350]  nbd_ioctl+0x219/0xda0
[  195.095456][T10350]  ? __pfx_nbd_ioctl+0x10/0x10
[  195.095470][T10350]  ? find_held_lock+0x2b/0x80
[  195.095480][T10350]  ? __pfx_nbd_ioctl+0x10/0x10
[  195.095490][T10350]  compat_blkdev_ioctl+0x2eb/0x7a0
[  195.095503][T10350]  ? __pfx_compat_blkdev_ioctl+0x10/0x10
[  195.095513][T10350]  ? __fput_deferred+0x320/0x370
[  195.095527][T10350]  ? __pfx_compat_blkdev_ioctl+0x10/0x10
[  195.095539][T10350]  __ia32_compat_sys_ioctl+0x24c/0x360
[  195.095554][T10350]  __do_fast_syscall_32+0x73/0x120
[  195.095569][T10350]  do_fast_syscall_32+0x32/0x80
[  195.095583][T10350]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  195.095596][T10350] RIP: 0023:0xf709e579
[  195.095604][T10350] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  195.095613][T10350] RSP: 002b:00000000f508e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  195.095623][T10350] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 000000000000ab03
[  195.095629][T10350] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  195.095635][T10350] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  195.095640][T10350] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  195.095645][T10350] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  195.095658][T10350]  </TASK>
[  195.096588][T10349] block nbd1: shutting down sockets
[  196.125181][T10365] syzkaller1: entered promiscuous mode
[  196.131490][T10365] syzkaller1: entered allmulticast mode
[  196.371532][T10382] netlink: 'syz.1.1327': attribute type 1 has an invalid length.
[  196.374104][T10382] netlink: 'syz.1.1327': attribute type 2 has an invalid length.
[  196.554630][T10392] tipc: Resetting bearer <eth:team0>
[  196.690709][T10399] ptrace attach of "/syz-executor exec"[5942] was attempted by "/syz-executor exec"[10399]
[  196.698469][T10392] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  196.701493][T10392] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  196.704344][T10392] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  196.707855][T10392] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  196.734962][T10402] tmpfs: Unknown parameter 'grpquota 0
[  196.734962][T10402] '
[  196.738979][T10392] bond0: (slave wlan1): Releasing backup interface
[  196.741967][T10392] mac80211_hwsim hwsim6 wlan0: left allmulticast mode
[  196.745763][T10392] netdevsim netdevsim2 netdevsim0: unset [1, 1] type 2 family 0 port 256 - 0
[  196.750097][T10392] netdevsim netdevsim2 netdevsim1: unset [1, 1] type 2 family 0 port 256 - 0
[  196.753606][T10392] netdevsim netdevsim2 netdevsim2: unset [1, 1] type 2 family 0 port 256 - 0
[  196.757003][T10392] netdevsim netdevsim2 netdevsim3: unset [1, 1] type 2 family 0 port 256 - 0
[  196.760158][T10403] Unsupported ieee802154 address type: 0
[  196.767612][T10392] bridge0: left promiscuous mode
[  196.825445][T10392] hsr0: left allmulticast mode
[  196.827081][T10392] hsr_slave_0: left allmulticast mode
[  196.828984][T10392] hsr_slave_1: left allmulticast mode
[  196.937792][T10403] Process accounting resumed
[  197.053853][T10418] __nla_validate_parse: 6 callbacks suppressed
[  197.053864][T10418] netlink: 84 bytes leftover after parsing attributes in process `syz.2.1341'.
[  197.058759][T10418] netlink: 84 bytes leftover after parsing attributes in process `syz.2.1341'.
[  197.088325][T10421] team0: Unable to change to the same mode the team is in
[  197.093674][T10421] tipc: Enabling of bearer <eth:team0> rejected, already enabled
[  197.322493][T10429] openvswitch: netlink: Message has 4 unknown bytes.
[  197.440888][T10432] netlink: 'syz.1.1346': attribute type 1 has an invalid length.
[  197.443393][T10432] netlink: 'syz.1.1346': attribute type 2 has an invalid length.
[  197.478635][   T75] Bluetooth: hci5: Frame reassembly failed (-84)
[  197.480652][   T75] Bluetooth: hci5: Frame reassembly failed (-84)
[  197.521158][T10438] netlink: 68 bytes leftover after parsing attributes in process `syz.0.1349'.
[  197.540989][T10440] 9pnet: Unknown protocol version 9p200
[  198.724173][T10464] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1358'.
[  198.845634][T10474] tap0: tun_chr_ioctl cmd 1074025677
[  198.847553][T10474] tap0: linktype set to 780
[  199.053424][T10483] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1363'.
[  199.369457][T10487] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1366'.
[  199.372862][T10487] netlink: 'syz.5.1366': attribute type 5 has an invalid length.
[  199.557028][ T5939] Bluetooth: hci4: Unknown advertising packet type: 0x18
[  199.698028][ T5939] Bluetooth: hci5: command 0x1003 tx timeout
[  199.698331][ T5294] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  199.752435][T10510] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1372'.
[  199.755331][T10510] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1372'.
[  199.865446][T10518] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1377'.
[  199.869069][T10518] netlink: 'syz.2.1377': attribute type 9 has an invalid length.
[  199.875273][T10518] macvlan8: entered allmulticast mode
[  199.877108][T10518] mac80211_hwsim hwsim6 wlan0: entered allmulticast mode
[  200.031165][T10528] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1381'.
[  200.088856][T10529] ptrace attach of "/syz-executor exec"[5947] was attempted by "/syz-executor exec"[10529]
[  200.699174][T10541] vlan2: entered allmulticast mode
[  200.897293][ T1415] ieee802154 phy0 wpan0: encryption failed: -22
[  200.899363][ T1415] ieee802154 phy1 wpan1: encryption failed: -22
[  201.178444][T10556] 9pnet: Could not find request transport: fdna=éÞ"—wÖØ6þ
[  201.326570][   T40] kauditd_printk_skb: 30 callbacks suppressed
[  201.326582][   T40] audit: type=1326 audit(1746358705.714:126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10558 comm="syz.0.1390" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc6579 code=0x7ffc0000
[  201.337198][   T40] audit: type=1326 audit(1746358705.714:127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10558 comm="syz.0.1390" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc6579 code=0x7ffc0000
[  201.343912][   T40] audit: type=1326 audit(1746358705.723:128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10558 comm="syz.0.1390" exe="/syz-executor" sig=0 arch=40000003 syscall=366 compat=1 ip=0xf7fc6579 code=0x7ffc0000
[  201.351960][   T40] audit: type=1326 audit(1746358705.723:129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10558 comm="syz.0.1390" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc6579 code=0x7ffc0000
[  201.358766][   T40] audit: type=1326 audit(1746358705.723:130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10558 comm="syz.0.1390" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc6579 code=0x7ffc0000
[  201.365393][   T40] audit: type=1326 audit(1746358705.723:131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10558 comm="syz.0.1390" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7fc6579 code=0x7ffc0000
[  201.374776][   T40] audit: type=1326 audit(1746358705.723:132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10558 comm="syz.0.1390" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc6579 code=0x7ffc0000
[  201.382101][   T40] audit: type=1326 audit(1746358705.723:133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10558 comm="syz.0.1390" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc6579 code=0x7ffc0000
[  201.388771][   T40] audit: type=1326 audit(1746358705.723:134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10558 comm="syz.0.1390" exe="/syz-executor" sig=0 arch=40000003 syscall=425 compat=1 ip=0xf7fc6579 code=0x7ffc0000
[  201.395396][   T40] audit: type=1326 audit(1746358705.723:135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10558 comm="syz.0.1390" exe="/syz-executor" sig=0 arch=40000003 syscall=192 compat=1 ip=0xf7fc6579 code=0x7ffc0000
[  202.253128][   T34] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[  202.435279][   T34] usb 6-1: Using ep0 maxpacket: 32
[  202.442587][   T34] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  202.447735][T10588] __nla_validate_parse: 8 callbacks suppressed
[  202.447747][T10588] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1398'.
[  202.452969][T10588] netlink: 173 bytes leftover after parsing attributes in process `syz.0.1398'.
[  202.460749][   T34] usb 6-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  202.464052][   T34] usb 6-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  202.467534][   T34] usb 6-1: Product: syz
[  202.469289][   T34] usb 6-1: Manufacturer: syz
[  202.470970][   T34] usb 6-1: SerialNumber: syz
[  202.473691][   T34] usb 6-1: config 0 descriptor??
[  202.478663][T10577] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  202.710530][T10577] team0: Device lo is loopback device. Loopback devices can't be added as a team port
[  202.714112][T10577] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  203.359684][T10598] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  203.795816][T10623] ptrace attach of "/syz-executor exec"[5936] was attempted by "/syz-executor exec"[10623]
[  203.909536][T10624] ptrace attach of "/syz-executor exec"[9625] was attempted by "/syz-executor exec"[10624]
[  204.681483][T10635] overlay: ./file1 is not a directory
[  205.003996][T10643] netlink: 'syz.5.1416': attribute type 1 has an invalid length.
[  205.222364][   T34] usb 6-1: USB disconnect, device number 7
[  205.309733][T10655] ptrace attach of "/syz-executor exec"[9625] was attempted by "/syz-executor exec"[10655]
[  205.607780][T10661] netlink: 'syz.0.1420': attribute type 9 has an invalid length.
[  205.610433][T10661] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1420'.
[  205.622562][T10661] macvlan7: entered promiscuous mode
[  205.624447][T10661] macvlan7: entered allmulticast mode
[  205.661834][T10663] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1423'.
[  205.998103][T10673] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1426'.
[  206.155193][T10671] block nbd0: server does not support multiple connections per device.
[  206.167471][T10671] block nbd0: shutting down sockets
[  206.326318][  T838] usb 10-1: new high-speed USB device number 2 using dummy_hcd
[  206.351434][T10685] netlink: 'syz.1.1428': attribute type 9 has an invalid length.
[  206.353840][T10685] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1428'.
[  206.473316][T10685] macvlan7: entered promiscuous mode
[  206.475080][T10685] hsr0: entered promiscuous mode
[  206.477315][T10685] macvlan7: entered allmulticast mode
[  206.479045][T10685] hsr0: entered allmulticast mode
[  206.480688][T10685] hsr_slave_0: entered allmulticast mode
[  206.482446][T10685] hsr_slave_1: entered allmulticast mode
[  206.488588][  T838] usb 10-1: Using ep0 maxpacket: 32
[  206.491663][  T838] usb 10-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  206.496646][  T838] usb 10-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  206.499909][  T838] usb 10-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  206.502608][  T838] usb 10-1: Product: syz
[  206.503960][  T838] usb 10-1: Manufacturer: syz
[  206.505508][  T838] usb 10-1: SerialNumber: syz
[  206.509810][  T838] usb 10-1: config 0 descriptor??
[  206.514486][T10679] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  206.741994][T10679] team0: Device lo is loopback device. Loopback devices can't be added as a team port
[  206.746089][T10679] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  206.970187][ T5294] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0
[  206.973098][ T5294] Bluetooth: hci4: Injecting HCI hardware error event
[  206.975682][ T5294] Bluetooth: hci4: hardware error 0x00
[  207.169865][ T5939] Bluetooth: hci2: SCO packet for unknown connection handle 201
[  207.452179][T10711] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1439'.
[  207.459894][T10711] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1439'.
[  207.502537][T10712] ptrace attach of "/syz-executor exec"[5942] was attempted by "/syz-executor exec"[10712]
[  207.611353][T10713] ptrace attach of "/syz-executor exec"[5936] was attempted by "/syz-executor exec"[10713]
[  208.330336][T10719] binder: 10718:10719 ioctl 80489439 0 returned -22
[  208.353949][T10719] Bluetooth: MGMT ver 1.23
[  208.360824][T10719] overlayfs: overlapping lowerdir path
[  208.849844][T10728] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1444'.
[  208.859059][T10728] netlink: 'syz.2.1444': attribute type 5 has an invalid length.
[  208.861755][T10728] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1444'.
[  208.910891][T10729] 9pnet_fd: Insufficient options for proto=fd
[  209.191365][ T5294] Bluetooth: hci4: Opcode 0x0c03 failed: -110
[  209.288018][  T838] usb 10-1: USB disconnect, device number 2
[  209.395592][T10737] netlink: 'syz.5.1445': attribute type 1 has an invalid length.
[  209.408164][T10737] 8021q: adding VLAN 0 to HW filter on device bond1
[  209.554205][T10737] 8021q: adding VLAN 0 to HW filter on device bond1
[  209.559743][T10737] bond1: (slave vxcan3): The slave device specified does not support setting the MAC address
[  209.575315][T10737] bond1: (slave vxcan3): Error -95 calling set_mac_address
[  209.684129][T10747] ptrace attach of "/syz-executor exec"[5936] was attempted by "/syz-executor exec"[10747]
[  209.946626][ T6008] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[  210.114494][ T6008] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  210.118308][ T6008] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  210.121740][ T6008] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  210.126128][ T6008] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  210.129274][ T6008] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  210.142610][ T6008] usb 6-1: config 0 descriptor??
[  210.276921][T10754] netlink: 48 bytes leftover after parsing attributes in process `syz.5.1450'.
[  210.284632][T10754] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  210.354375][T10758] netlink: 20 bytes leftover after parsing attributes in process `syz.5.1452'.
[  210.424602][T10759] mkiss: ax0: crc mode is auto.
[  210.540591][T10764] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1454'.
[  210.742855][ T6008] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0
[  210.746119][ T6008] plantronics 0003:047F:FFFF.0003: No inputs registered, leaving
[  210.763492][ T6008] plantronics 0003:047F:FFFF.0003: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0
[  211.017981][T10769] blktrace: Concurrent blktraces are not allowed on sg0
[  211.252878][T10777] ptrace attach of "/syz-executor exec"[5947] was attempted by "/syz-executor exec"[10777]
[  211.679549][T10786] mac80211_hwsim hwsim8 wlan1: entered allmulticast mode
[  211.749308][T10787] netlink: 'syz.2.1457': attribute type 10 has an invalid length.
[  211.752770][T10787] mac80211_hwsim hwsim8 wlan1: left allmulticast mode
[  212.022808][T10796] netlink: 148 bytes leftover after parsing attributes in process `syz.0.1463'.
[  212.028649][T10796] netlink: 148 bytes leftover after parsing attributes in process `syz.0.1463'.
[  212.032609][T10796] netlink: 148 bytes leftover after parsing attributes in process `syz.0.1463'.
[  212.032795][   T40] kauditd_printk_skb: 28 callbacks suppressed
[  212.032807][   T40] audit: type=1804 audit(1746358715.723:164): pid=10794 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.5.1462" name="/newroot/76/file0/file0" dev="9p" ino=35913923 res=1 errno=0
[  212.037061][T10796] netlink: 148 bytes leftover after parsing attributes in process `syz.0.1463'.
[  212.119569][T10796] netlink: 148 bytes leftover after parsing attributes in process `syz.0.1463'.
[  212.870846][ T6002] usb 6-1: USB disconnect, device number 8
[  213.199605][T10891] ptrace attach of "/syz-executor exec"[9625] was attempted by "/syz-executor exec"[10891]
[  213.663334][T10900] netlink: 'syz.2.1474': attribute type 3 has an invalid length.
[  214.409746][T10925] __nla_validate_parse: 62 callbacks suppressed
[  214.409763][T10925] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1480'.
[  214.416346][T10925] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1480'.
[  214.697477][T10930] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1482'.
[  215.245689][T10935] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(3)
[  215.248366][T10935] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  215.251423][T10935] vhci_hcd vhci_hcd.0: Device attached
[  215.257591][T10935] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(5)
[  215.260218][T10935] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  215.263067][T10935] vhci_hcd vhci_hcd.0: Device attached
[  215.267991][T10938] vhci_hcd: connection closed
[  215.269438][T10936] vhci_hcd: connection closed
[  215.269442][   T13] vhci_hcd: stop threads
[  215.277221][   T13] vhci_hcd: release socket
[  215.278762][   T13] vhci_hcd: disconnect device
[  215.281500][   T13] vhci_hcd: stop threads
[  215.283003][   T13] vhci_hcd: release socket
[  215.284788][   T13] vhci_hcd: disconnect device
[  215.333114][T10943] FAULT_INJECTION: forcing a failure.
[  215.333114][T10943] name failslab, interval 1, probability 0, space 0, times 0
[  215.338391][T10943] CPU: 2 UID: 0 PID: 10943 Comm: syz.2.1486 Not tainted 6.15.0-rc4-syzkaller-00291-g2a239ffbebb5 #0 PREEMPT(full) 
[  215.338413][T10943] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  215.338423][T10943] Call Trace:
[  215.338429][T10943]  <TASK>
[  215.338435][T10943]  dump_stack_lvl+0x16c/0x1f0
[  215.338480][T10943]  should_fail_ex+0x512/0x640
[  215.338507][T10943]  ? __kvmalloc_node_noprof+0x122/0x600
[  215.338527][T10943]  should_failslab+0xc2/0x120
[  215.338553][T10943]  __kvmalloc_node_noprof+0x135/0x600
[  215.338569][T10943]  ? page_pool_create_percpu+0x34e/0xcc0
[  215.338593][T10943]  ? page_pool_create_percpu+0x34e/0xcc0
[  215.338613][T10943]  page_pool_create_percpu+0x34e/0xcc0
[  215.338636][T10943]  bpf_test_run_xdp_live+0x18e/0x500
[  215.338657][T10943]  ? __pfx_bpf_test_run_xdp_live+0x10/0x10
[  215.338681][T10943]  ? __pfx_xdp_test_run_init_page+0x10/0x10
[  215.338715][T10943]  ? _copy_from_user+0x59/0xd0
[  215.338740][T10943]  ? bpf_test_init.isra.0+0x6b/0x140
[  215.338758][T10943]  bpf_prog_test_run_xdp+0x824/0x1540
[  215.338785][T10943]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  215.338802][T10943]  ? __might_fault+0x80/0x190
[  215.338823][T10943]  ? fput+0x70/0xf0
[  215.338842][T10943]  ? __bpf_prog_get+0xa0/0x290
[  215.338860][T10943]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  215.338879][T10943]  __sys_bpf+0x1485/0x4d80
[  215.338902][T10943]  ? __pfx___sys_bpf+0x10/0x10
[  215.338923][T10943]  ? ksys_write+0x190/0x240
[  215.338940][T10943]  ? __mutex_unlock_slowpath+0x161/0x6a0
[  215.338972][T10943]  ? fput+0x70/0xf0
[  215.338989][T10943]  ? ksys_write+0x1b9/0x240
[  215.339002][T10943]  ? __pfx_ksys_write+0x10/0x10
[  215.339019][T10943]  __ia32_sys_bpf+0x76/0xe0
[  215.339041][T10943]  __do_fast_syscall_32+0x73/0x120
[  215.339065][T10943]  do_fast_syscall_32+0x32/0x80
[  215.339087][T10943]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  215.339107][T10943] RIP: 0023:0xf711e579
[  215.339119][T10943] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  215.339134][T10943] RSP: 002b:00000000f510e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000165
[  215.339150][T10943] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000080000340
[  215.339160][T10943] RDX: 0000000000000050 RSI: 0000000000000000 RDI: 0000000000000000
[  215.339169][T10943] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  215.339178][T10943] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  215.339187][T10943] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  215.339206][T10943]  </TASK>
[  215.339214][T10943] page_pool_create_percpu() gave up with errno -12
[  215.490842][T10945] can: request_module (can-proto-3) failed.
[  215.576772][T10947] tmpfs: Unknown parameter 'smackfsfloor'
[  215.667380][T10947] netlink: 'syz.2.1487': attribute type 1 has an invalid length.
[  215.670727][T10947] netlink: 224 bytes leftover after parsing attributes in process `syz.2.1487'.
[  215.674407][T10947] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1487'.
[  215.848504][T10953] overlayfs: option "index=on" is useless in a non-upper mount, ignore
[  215.852099][T10953] overlayfs: missing 'lowerdir'
[  216.183161][T10960] overlayfs: missing 'lowerdir'
[  217.377943][T10972] netlink: 'syz.1.1493': attribute type 9 has an invalid length.
[  217.381166][T10972] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1493'.
[  217.471973][T10972] macvlan8: entered promiscuous mode
[  217.474862][T10972] macvlan8: entered allmulticast mode
[  217.578810][T10978] ptrace attach of "/syz-executor exec"[9625] was attempted by "/syz-executor exec"[10978]
[  218.380046][T10984] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1498'.
[  218.665717][T10994] ptrace attach of "/syz-executor exec"[5942] was attempted by "/syz-executor exec"[10994]
[  218.854775][   T40] audit: type=1326 audit(1746358722.102:165): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10992 comm="syz.0.1501" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc6579 code=0x7ffc0000
[  218.861558][   T40] audit: type=1326 audit(1746358722.102:166): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10992 comm="syz.0.1501" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc6579 code=0x7ffc0000
[  218.868298][   T40] audit: type=1326 audit(1746358722.102:167): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10992 comm="syz.0.1501" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7fc6579 code=0x7ffc0000
[  218.876559][   T40] audit: type=1326 audit(1746358722.102:168): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10992 comm="syz.0.1501" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc6579 code=0x7ffc0000
[  218.883401][   T40] audit: type=1326 audit(1746358722.112:169): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10992 comm="syz.0.1501" exe="/syz-executor" sig=0 arch=40000003 syscall=192 compat=1 ip=0xf7fc6579 code=0x7ffc0000
[  218.890834][   T40] audit: type=1326 audit(1746358722.112:170): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10992 comm="syz.0.1501" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc6579 code=0x7ffc0000
[  218.897570][   T40] audit: type=1326 audit(1746358722.112:171): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10992 comm="syz.0.1501" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc6579 code=0x7ffc0000
[  218.904958][   T40] audit: type=1326 audit(1746358722.112:172): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10992 comm="syz.0.1501" exe="/syz-executor" sig=0 arch=40000003 syscall=3 compat=1 ip=0xf7fc6579 code=0x7ffc0000
[  218.911445][   T40] audit: type=1326 audit(1746358722.112:173): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10992 comm="syz.0.1501" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc6579 code=0x7ffc0000
[  218.918702][   T40] audit: type=1326 audit(1746358722.112:174): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10992 comm="syz.0.1501" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc6579 code=0x7ffc0000
[  219.140357][T11007] netlink: 'syz.0.1503': attribute type 9 has an invalid length.
[  219.142943][T11007] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1503'.
[  219.161520][T11007] macvlan3: entered promiscuous mode
[  219.163773][T11007] macvlan3: entered allmulticast mode
[  219.416650][T11016] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1505'.
[  219.419891][T11014] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1505'.
[  219.493784][T11019] syzkaller0: entered promiscuous mode
[  219.497134][T11019] syzkaller0: entered allmulticast mode
[  219.498591][T11022] FAULT_INJECTION: forcing a failure.
[  219.498591][T11022] name failslab, interval 1, probability 0, space 0, times 0
[  219.503413][T11022] CPU: 2 UID: 0 PID: 11022 Comm: syz.2.1509 Not tainted 6.15.0-rc4-syzkaller-00291-g2a239ffbebb5 #0 PREEMPT(full) 
[  219.503427][T11022] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  219.503433][T11022] Call Trace:
[  219.503437][T11022]  <TASK>
[  219.503441][T11022]  dump_stack_lvl+0x16c/0x1f0
[  219.503458][T11022]  should_fail_ex+0x512/0x640
[  219.503472][T11022]  ? __kmalloc_noprof+0xbf/0x510
[  219.503484][T11022]  ? rpc_alloc_iostats+0x56/0x140
[  219.503497][T11022]  should_failslab+0xc2/0x120
[  219.503514][T11022]  __kmalloc_noprof+0xd2/0x510
[  219.503528][T11022]  rpc_alloc_iostats+0x56/0x140
[  219.503543][T11022]  rpc_new_client+0x5cc/0x1320
[  219.503558][T11022]  rpc_create_xprt+0xd9/0x440
[  219.503571][T11022]  rpc_create+0x469/0x7f0
[  219.503585][T11022]  ? __pfx_rpc_create+0x10/0x10
[  219.503601][T11022]  ? __lock_acquire+0xaa4/0x1ba0
[  219.503627][T11022]  ? __pfx___might_resched+0x10/0x10
[  219.503642][T11022]  rpcb_create_af_local+0x11b/0x310
[  219.503652][T11022]  ? __pfx_rpcb_create_af_local+0x10/0x10
[  219.503668][T11022]  ? find_held_lock+0x2b/0x80
[  219.503678][T11022]  ? rpcb_create_local+0x1da/0x270
[  219.503690][T11022]  rpcb_create_local+0x1ee/0x270
[  219.503701][T11022]  svc_bind+0x1e8/0x260
[  219.503713][T11022]  nfsd_create_serv+0x2d2/0x480
[  219.503728][T11022]  ? __pfx_nfsd_create_serv+0x10/0x10
[  219.503746][T11022]  nfsd_nl_listener_set_doit+0xe5/0x1a40
[  219.503761][T11022]  ? rcu_is_watching+0x12/0xc0
[  219.503771][T11022]  ? __pfx_nfsd_nl_listener_set_doit+0x10/0x10
[  219.503781][T11022]  ? __nla_parse+0x40/0x60
[  219.503792][T11022]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290
[  219.503807][T11022]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290
[  219.503824][T11022]  genl_family_rcv_msg_doit+0x206/0x2f0
[  219.503839][T11022]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  219.503852][T11022]  ? rcu_is_watching+0x12/0xc0
[  219.503865][T11022]  ? bpf_lsm_capable+0x9/0x10
[  219.503875][T11022]  ? security_capable+0x7e/0x260
[  219.503894][T11022]  genl_rcv_msg+0x55c/0x800
[  219.503909][T11022]  ? __pfx_genl_rcv_msg+0x10/0x10
[  219.503923][T11022]  ? __pfx_nfsd_nl_listener_set_doit+0x10/0x10
[  219.503935][T11022]  ? __lock_acquire+0xaa4/0x1ba0
[  219.503949][T11022]  netlink_rcv_skb+0x16a/0x440
[  219.503961][T11022]  ? __pfx_genl_rcv_msg+0x10/0x10
[  219.503975][T11022]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  219.503993][T11022]  ? __pfx_down_read+0x10/0x10
[  219.504008][T11022]  ? netlink_deliver_tap+0x1ae/0xd30
[  219.504021][T11022]  genl_rcv+0x28/0x40
[  219.504033][T11022]  netlink_unicast+0x53a/0x7f0
[  219.504064][T11022]  ? __pfx_netlink_unicast+0x10/0x10
[  219.504081][T11022]  netlink_sendmsg+0x8d1/0xdd0
[  219.504095][T11022]  ? __pfx_netlink_sendmsg+0x10/0x10
[  219.504108][T11022]  ? __import_iovec+0x1c8/0x660
[  219.504126][T11022]  ____sys_sendmsg+0xa95/0xc70
[  219.504141][T11022]  ? __pfx_____sys_sendmsg+0x10/0x10
[  219.504154][T11022]  ? get_compat_msghdr+0x11a/0x170
[  219.504171][T11022]  ___sys_sendmsg+0x134/0x1d0
[  219.504182][T11022]  ? __pfx____sys_sendmsg+0x10/0x10
[  219.504211][T11022]  __sys_sendmsg+0x16d/0x220
[  219.504222][T11022]  ? __pfx___sys_sendmsg+0x10/0x10
[  219.504239][T11022]  ? rcu_is_watching+0x12/0xc0
[  219.504249][T11022]  __do_fast_syscall_32+0x73/0x120
[  219.504264][T11022]  do_fast_syscall_32+0x32/0x80
[  219.504278][T11022]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  219.504290][T11022] RIP: 0023:0xf711e579
[  219.504298][T11022] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  219.504308][T11022] RSP: 002b:00000000f510e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  219.504317][T11022] RAX: ffffffffffffffda RBX: 000000000000000c RCX: 0000000080000040
[  219.504323][T11022] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  219.504328][T11022] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  219.504334][T11022] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  219.504339][T11022] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  219.504352][T11022]  </TASK>
[  219.636422][T11024] ptrace attach of "/syz-executor exec"[9625] was attempted by "/syz-executor exec"[11024]
[  220.191979][ T6002] usb 7-1: new high-speed USB device number 8 using dummy_hcd
[  220.293439][T11035] netlink: 'syz.5.1513': attribute type 10 has an invalid length.
[  220.295896][T11035] netlink: 40 bytes leftover after parsing attributes in process `syz.5.1513'.
[  220.298654][T11035] dummy0: entered promiscuous mode
[  220.300776][T11035] bridge0: port 1(dummy0) entered blocking state
[  220.302940][T11035] bridge0: port 1(dummy0) entered disabled state
[  220.305064][T11035] dummy0: entered allmulticast mode
[  220.307942][T11035] bridge0: port 1(dummy0) entered blocking state
[  220.310145][T11035] bridge0: port 1(dummy0) entered forwarding state
[  220.342167][ T6002] usb 7-1: device descriptor read/64, error -71
[  220.355448][T11038] netlink: 'syz.5.1514': attribute type 11 has an invalid length.
[  220.358015][T11038] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1514'.
[  220.608965][ T6002] usb 7-1: new high-speed USB device number 9 using dummy_hcd
[  220.758578][ T6002] usb 7-1: device descriptor read/64, error -71
[  221.085570][ T6002] usb usb7-port1: attempt power cycle
[  221.278229][T11056] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1519'.
[  221.374275][T11058] Cannot find del_set index 0 as target
[  221.464113][ T6002] usb 7-1: new high-speed USB device number 10 using dummy_hcd
[  221.486320][ T6002] usb 7-1: device descriptor read/8, error -71
[  221.548596][T11063] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1522'.
[  221.740942][T11069] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1524'.
[  221.752791][ T6002] usb 7-1: new high-speed USB device number 11 using dummy_hcd
[  221.780923][ T6002] usb 7-1: device descriptor read/8, error -71
[  221.793986][T11071] Invalid logical block size (1048576)
[  221.836443][T11072] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1523'.
[  221.840553][T11072] netlink: 'syz.1.1523': attribute type 5 has an invalid length.
[  221.843307][T11072] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1523'.
[  221.863424][T11075] x_tables: ip_tables: dccp match: only valid for protocol 33
[  221.892367][ T6002] usb usb7-port1: unable to enumerate USB device
[  221.964180][T11077] device ioctl magic numbers don't match! Did you rebuild pvfs2-client-core/libpvfs2? [cmd 50009418, magic 94 != 6b]
[  222.388643][T11086] xt_policy: output policy not valid in PREROUTING and INPUT
[  222.505499][ T5294] Bluetooth: hci3: SCO packet for unknown connection handle 200
[  222.508719][ T6007] hid-generic 0008:FFFFFFFA:0000.0004: unknown main item tag 0x0
[  222.515771][ T6007] hid-generic 0008:FFFFFFFA:0000.0004: unknown main item tag 0x0
[  222.519833][ T6007] hid-generic 0008:FFFFFFFA:0000.0004: unknown main item tag 0x0
[  222.525088][ T6007] hid-generic 0008:FFFFFFFA:0000.0004: unknown main item tag 0x0
[  222.528277][ T6007] hid-generic 0008:FFFFFFFA:0000.0004: unknown main item tag 0x0
[  222.531923][ T6007] hid-generic 0008:FFFFFFFA:0000.0004: unknown main item tag 0x0
[  222.536382][ T6007] hid-generic 0008:FFFFFFFA:0000.0004: unknown main item tag 0x0
[  222.540864][ T6007] hid-generic 0008:FFFFFFFA:0000.0004: unknown main item tag 0x0
[  222.544611][ T6007] hid-generic 0008:FFFFFFFA:0000.0004: unknown main item tag 0x0
[  222.547608][ T6007] hid-generic 0008:FFFFFFFA:0000.0004: unknown main item tag 0x0
[  222.552323][ T6007] hid-generic 0008:FFFFFFFA:0000.0004: unknown main item tag 0x0
[  222.555369][ T6007] hid-generic 0008:FFFFFFFA:0000.0004: unknown main item tag 0x0
[  222.558521][ T6007] hid-generic 0008:FFFFFFFA:0000.0004: unknown main item tag 0x0
[  222.562174][ T6007] hid-generic 0008:FFFFFFFA:0000.0004: unknown main item tag 0x0
[  222.565260][ T6007] hid-generic 0008:FFFFFFFA:0000.0004: unknown main item tag 0x0
[  222.568362][ T6007] hid-generic 0008:FFFFFFFA:0000.0004: unknown main item tag 0x0
[  222.571520][ T6007] hid-generic 0008:FFFFFFFA:0000.0004: unknown main item tag 0x0
[  222.574662][ T6007] hid-generic 0008:FFFFFFFA:0000.0004: unknown main item tag 0x0
[  222.581645][ T6007] hid-generic 0008:FFFFFFFA:0000.0004: unknown main item tag 0x0
[  222.584807][ T6007] hid-generic 0008:FFFFFFFA:0000.0004: unknown main item tag 0x0
[  222.587937][ T6007] hid-generic 0008:FFFFFFFA:0000.0004: unknown main item tag 0x0
[  222.591637][ T6007] hid-generic 0008:FFFFFFFA:0000.0004: unknown main item tag 0x0
[  222.594799][ T6007] hid-generic 0008:FFFFFFFA:0000.0004: unknown main item tag 0x0
[  222.597884][ T6007] hid-generic 0008:FFFFFFFA:0000.0004: unknown main item tag 0x0
[  222.601038][ T6007] hid-generic 0008:FFFFFFFA:0000.0004: unknown main item tag 0x0
[  222.604139][ T6007] hid-generic 0008:FFFFFFFA:0000.0004: unknown main item tag 0x0
[  222.606438][ T6007] hid-generic 0008:FFFFFFFA:0000.0004: unknown main item tag 0x0
[  222.609296][ T6007] hid-generic 0008:FFFFFFFA:0000.0004: unknown main item tag 0x0
[  222.611722][ T6007] hid-generic 0008:FFFFFFFA:0000.0004: unknown main item tag 0x0
[  222.614312][ T6007] hid-generic 0008:FFFFFFFA:0000.0004: unknown main item tag 0x0
[  222.616652][ T6007] hid-generic 0008:FFFFFFFA:0000.0004: unknown main item tag 0x0
[  222.619109][ T6007] hid-generic 0008:FFFFFFFA:0000.0004: unknown main item tag 0x0
[  222.621495][ T6007] hid-generic 0008:FFFFFFFA:0000.0004: unknown main item tag 0x0
[  222.624236][ T6007] hid-generic 0008:FFFFFFFA:0000.0004: unknown main item tag 0x0
[  222.626681][ T6007] hid-generic 0008:FFFFFFFA:0000.0004: unknown main item tag 0x0
[  222.629121][ T6007] hid-generic 0008:FFFFFFFA:0000.0004: unknown main item tag 0x0
[  222.631639][ T6007] hid-generic 0008:FFFFFFFA:0000.0004: unknown main item tag 0x0
[  222.633981][ T6007] hid-generic 0008:FFFFFFFA:0000.0004: unknown main item tag 0x0
[  222.636370][ T6007] hid-generic 0008:FFFFFFFA:0000.0004: unknown main item tag 0x0
[  222.639188][ T6007] hid-generic 0008:FFFFFFFA:0000.0004: unknown main item tag 0x0
[  222.641635][ T6007] hid-generic 0008:FFFFFFFA:0000.0004: unknown main item tag 0x0
[  222.644028][ T6007] hid-generic 0008:FFFFFFFA:0000.0004: unknown main item tag 0x0
[  222.646428][ T6007] hid-generic 0008:FFFFFFFA:0000.0004: unknown main item tag 0x0
[  222.648829][ T6007] hid-generic 0008:FFFFFFFA:0000.0004: unknown main item tag 0x0
[  222.651325][ T6007] hid-generic 0008:FFFFFFFA:0000.0004: unknown main item tag 0x0
[  222.654131][ T6007] hid-generic 0008:FFFFFFFA:0000.0004: unknown main item tag 0x0
[  222.656550][ T6007] hid-generic 0008:FFFFFFFA:0000.0004: unknown main item tag 0x0
[  222.658976][ T6007] hid-generic 0008:FFFFFFFA:0000.0004: unknown main item tag 0x0
[  222.661471][ T6007] hid-generic 0008:FFFFFFFA:0000.0004: unknown main item tag 0x0
[  222.663860][ T6007] hid-generic 0008:FFFFFFFA:0000.0004: unknown main item tag 0x0
[  222.666257][ T6007] hid-generic 0008:FFFFFFFA:0000.0004: unknown main item tag 0x0
[  222.668639][ T6007] hid-generic 0008:FFFFFFFA:0000.0004: unknown main item tag 0x0
[  222.671464][ T6007] hid-generic 0008:FFFFFFFA:0000.0004: unknown main item tag 0x0
[  222.673929][ T6007] hid-generic 0008:FFFFFFFA:0000.0004: unknown main item tag 0x0
[  222.676341][ T6007] hid-generic 0008:FFFFFFFA:0000.0004: unknown main item tag 0x0
[  222.678747][ T6007] hid-generic 0008:FFFFFFFA:0000.0004: unknown main item tag 0x0
[  222.681145][ T6007] hid-generic 0008:FFFFFFFA:0000.0004: unknown main item tag 0x0
[  222.683602][ T6007] hid-generic 0008:FFFFFFFA:0000.0004: unknown main item tag 0x0
[  222.686409][ T6007] hid-generic 0008:FFFFFFFA:0000.0004: unknown main item tag 0x0
[  222.688925][ T6007] hid-generic 0008:FFFFFFFA:0000.0004: unknown main item tag 0x0
[  222.691389][ T6007] hid-generic 0008:FFFFFFFA:0000.0004: unknown main item tag 0x0
[  222.693833][ T6007] hid-generic 0008:FFFFFFFA:0000.0004: unknown main item tag 0x0
[  222.696225][ T6007] hid-generic 0008:FFFFFFFA:0000.0004: unknown main item tag 0x0
[  222.698616][ T6007] hid-generic 0008:FFFFFFFA:0000.0004: unknown main item tag 0x0
[  222.702238][ T6007] hid-generic 0008:FFFFFFFA:0000.0004: hidraw1: <UNKNOWN> HID v80.00 Device [syz1] on syz0
[  222.791420][T11094] team0: Port device gtp0 added
[  223.304986][T11107] lo speed is unknown, defaulting to 1000
[  223.644989][ T6002] usb 10-1: new high-speed USB device number 3 using dummy_hcd
[  223.805403][ T6002] usb 10-1: Using ep0 maxpacket: 16
[  223.809490][ T6002] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  223.813997][ T6002] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  223.819365][ T6002] usb 10-1: New USB device found, idVendor=05ac, idProduct=8241, bcdDevice= 0.00
[  223.823161][ T6002] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  223.828483][ T6002] usb 10-1: config 0 descriptor??
[  223.900670][T11116] ubi31: attaching mtd0
[  223.906474][T11116] ubi31: scanning is finished
[  223.909039][T11116] ubi31: empty MTD device detected
[  223.998375][T11116] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB)
[  224.000768][T11116] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[  224.003007][T11116] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1
[  224.005217][T11116] ubi31: VID header offset: 64 (aligned 64), data offset: 128
[  224.008589][T11116] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[  224.010961][T11116] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 23
[  224.013627][T11116] ubi31: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 897283255
[  224.017077][T11116] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[  224.020318][T11120] ubi31: background thread "ubi_bgt31d" started, PID 11120
[  224.289807][ T6002] input: HID 05ac:8241 as /devices/platform/dummy_hcd.5/usb10/10-1/10-1:0.0/0003:05AC:8241.0005/input/input18
[  224.400388][T11127] ptrace attach of "/syz-executor exec"[5942] was attempted by "/syz-executor exec"[11127]
[  224.512751][   T40] kauditd_printk_skb: 2 callbacks suppressed
[  224.512762][   T40] audit: type=1326 audit(1746358727.406:176): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11106 comm="syz.5.1537" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf710e579 code=0x0
[  224.654886][ T6002] appleir 0003:05AC:8241.0005: input,hiddev0,hidraw1: USB HID v0.00 Device [HID 05ac:8241] on usb-dummy_hcd.5-1/input0
[  224.662537][T11125] netlink: 'syz.2.1541': attribute type 10 has an invalid length.
[  224.667223][ T6002] usb 10-1: USB disconnect, device number 3
[  224.670765][T11125] tipc: Resetting bearer <eth:team0>
[  224.678110][T11125] 8021q: adding VLAN 0 to HW filter on device team0
[  224.684904][T11125] bond0: (slave team0): Enslaving as an active interface with an up link
[  225.721071][T11137] sit0: left promiscuous mode
[  225.722840][T11137] tipc: Resetting bearer <eth:team0>
[  225.733195][T11137] bond0: (slave team0): Releasing backup interface
[  225.738936][T11137] tipc: Resetting bearer <eth:team0>
[  225.742454][T11137] vlan0: left promiscuous mode
[  225.744944][T11137] macvlan2: left allmulticast mode
[  225.746575][T11137] geneve2: left promiscuous mode
[  225.748137][T11137] geneve2: left allmulticast mode
[  225.749742][T11137] macvlan3: left promiscuous mode
[  225.751569][T11137] bridge2: left promiscuous mode
[  225.753183][T11137] macvlan4: left promiscuous mode
[  225.754780][T11137] macvlan4: left allmulticast mode
[  225.756464][T11137] gtp0: left promiscuous mode
[  225.758026][T11137] macvlan5: left promiscuous mode
[  225.759612][T11137] macvlan5: left allmulticast mode
[  225.761353][T11137] bond1: left promiscuous mode
[  225.764296][T11137] bond1: left allmulticast mode
[  225.765923][T11137] vlan2: left allmulticast mode
[  225.767502][T11137] gretap0: left allmulticast mode
[  225.769164][T11137] macvlan6: left promiscuous mode
[  225.770764][T11137] macvlan6: left allmulticast mode
[  225.772525][T11137] bridge3: left promiscuous mode
[  225.774147][T11137] macvlan7: left promiscuous mode
[  225.775841][T11137] macvlan7: left allmulticast mode
[  225.777850][T11137] bridge4: left promiscuous mode
[  225.780243][T11137] mac80211_hwsim hwsim6 wlan0: left allmulticast mode
[  225.782567][T11137] macvlan8: left allmulticast mode
[  225.809568][T11132] syz.0.1543 (11132) used greatest stack depth: 20488 bytes left
[  225.843238][T11141] ptrace attach of "/syz-executor exec"[5942] was attempted by "/syz-executor exec"[11141]
[  226.130624][T11149] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1548'.
[  226.134439][T11149] netlink: 'syz.2.1548': attribute type 9 has an invalid length.
[  226.142917][T11149] macvlan9: entered allmulticast mode
[  226.145335][T11149] mac80211_hwsim hwsim6 wlan0: entered allmulticast mode
[  226.409692][T11155] tap0: tun_chr_ioctl cmd 1074025677
[  226.417163][T11155] tap0: linktype set to 780
[  226.612131][T11161] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1551'.
[  227.484474][   T34] libceph: connect (1)[c::]:6789 error -101
[  227.487151][   T34] libceph: mon0 (1)[c::]:6789 connect error
[  227.607681][ T5294] Bluetooth: hci0: ACL packet for unknown connection handle 200
[  227.710418][T11169] netlink: 60 bytes leftover after parsing attributes in process `syz.5.1553'.
[  227.714050][T11169] netlink: 60 bytes leftover after parsing attributes in process `syz.5.1553'.
[  227.774087][   T34] libceph: connect (1)[c::]:6789 error -101
[  227.776600][   T34] libceph: mon0 (1)[c::]:6789 connect error
[  228.317204][ T6002] libceph: connect (1)[c::]:6789 error -101
[  228.319598][ T6002] libceph: mon0 (1)[c::]:6789 connect error
[  228.329607][T11172] ceph: No mds server is up or the cluster is laggy
[  228.394612][T11198] ptrace attach of "/syz-executor exec"[5942] was attempted by "/syz-executor exec"[11198]
[  228.827633][T11202] netlink: 'syz.2.1558': attribute type 9 has an invalid length.
[  228.831090][T11202] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1558'.
[  228.840179][T11202] macvlan10: entered promiscuous mode
[  228.843377][T11202] macvlan10: entered allmulticast mode
[  228.845118][T11202] hsr0: entered allmulticast mode
[  228.846699][T11202] hsr_slave_0: entered allmulticast mode
[  228.848491][T11202] hsr_slave_1: entered allmulticast mode
[  228.907639][T11209] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1564'.
[  228.944696][T11211] Invalid logical block size (1048576)
[  229.870791][T11227] binder: 11226:11227 ioctl 80489439 0 returned -22
[  229.924959][T11229] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1571'.
[  230.351190][T11248] ptrace attach of "/syz-executor exec"[9625] was attempted by "/syz-executor exec"[11248]
[  230.848344][T11233] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  231.069677][T11264] netlink: 'syz.1.1578': attribute type 9 has an invalid length.
[  231.072156][T11264] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1578'.
[  231.352017][T11264] macvlan9: entered promiscuous mode
[  231.356746][T11264] macvlan9: entered allmulticast mode
[  231.826751][T11275] dummy0: left allmulticast mode
[  231.828575][T11275] bridge0: port 1(dummy0) entered disabled state
[  232.112197][ T5294] Bluetooth: hci0: command 0x0c1a tx timeout
[  232.179331][   T40] audit: type=1804 audit(1746358734.571:177): pid=11289 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.1586" name="/newroot/406/file0/file0" dev="9p" ino=35913923 res=1 errno=0
[  232.572631][T11297] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1589'.
[  232.642504][T11304] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1591'.
[  233.034672][T11311] ptrace attach of "/syz-executor exec"[5936] was attempted by "/syz-executor exec"[11311]
[  233.836158][T11322] netlink: 'syz.0.1594': attribute type 1 has an invalid length.
[  234.017734][T11322] 8021q: adding VLAN 0 to HW filter on device bond5
[  234.189666][T11331] : entered promiscuous mode
[  234.603430][T11335] netlink: 'syz.0.1599': attribute type 1 has an invalid length.
[  234.659420][T11338] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1600'.
[  234.730466][T11333] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1598'.
[  234.743121][T11333] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1598'.
[  234.745941][T11333] ksmbd: Unknown IPC event: 0, ignore.
[  234.859080][T11349] FAULT_INJECTION: forcing a failure.
[  234.859080][T11349] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  234.869473][T11349] CPU: 3 UID: 0 PID: 11349 Comm: syz.5.1604 Not tainted 6.15.0-rc4-syzkaller-00291-g2a239ffbebb5 #0 PREEMPT(full) 
[  234.869489][T11349] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  234.869495][T11349] Call Trace:
[  234.869499][T11349]  <TASK>
[  234.869503][T11349]  dump_stack_lvl+0x16c/0x1f0
[  234.869522][T11349]  should_fail_ex+0x512/0x640
[  234.869538][T11349]  _copy_to_user+0x32/0xd0
[  234.869554][T11349]  bpf_test_finish.isra.0+0x484/0x690
[  234.869568][T11349]  ? __pfx_bpf_test_finish.isra.0+0x10/0x10
[  234.869580][T11349]  ? _copy_from_user+0x59/0xd0
[  234.869596][T11349]  bpf_prog_test_run_xdp+0xa0d/0x1540
[  234.869613][T11349]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  234.869624][T11349]  ? __might_fault+0x80/0x190
[  234.869638][T11349]  ? fput+0x70/0xf0
[  234.869649][T11349]  ? __bpf_prog_get+0xa0/0x290
[  234.869660][T11349]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  234.869671][T11349]  __sys_bpf+0x1485/0x4d80
[  234.869700][T11349]  ? __pfx___sys_bpf+0x10/0x10
[  234.869714][T11349]  ? ksys_write+0x190/0x240
[  234.869725][T11349]  ? __mutex_unlock_slowpath+0x161/0x6a0
[  234.869747][T11349]  ? fput+0x70/0xf0
[  234.869757][T11349]  ? ksys_write+0x1b9/0x240
[  234.869766][T11349]  ? __pfx_ksys_write+0x10/0x10
[  234.869777][T11349]  __ia32_sys_bpf+0x76/0xe0
[  234.869791][T11349]  __do_fast_syscall_32+0x73/0x120
[  234.869806][T11349]  do_fast_syscall_32+0x32/0x80
[  234.869820][T11349]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  234.869832][T11349] RIP: 0023:0xf710e579
[  234.869840][T11349] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  234.869849][T11349] RSP: 002b:00000000f50fe55c EFLAGS: 00000296 ORIG_RAX: 0000000000000165
[  234.869859][T11349] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000080000340
[  234.869865][T11349] RDX: 0000000000000050 RSI: 0000000000000000 RDI: 0000000000000000
[  234.869871][T11349] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  234.869876][T11349] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  234.869882][T11349] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  234.869894][T11349]  </TASK>
[  235.069180][T11356] ptrace attach of "/syz-executor exec"[5947] was attempted by "/syz-executor exec"[11356]
[  235.334656][   T40] audit: type=1800 audit(1746358737.518:178): pid=11358 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.1607" name="bus" dev="9p" ino=35913973 res=0 errno=0
[  235.370318][T11365] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1610'.
[  235.522009][T11369] netlink: 212376 bytes leftover after parsing attributes in process `syz.1.1611'.
[  235.529603][T11369] bridge1: entered promiscuous mode
[  235.542163][T11372] bridge2: entered promiscuous mode
[  236.010195][T11389] ptrace attach of "/syz-executor exec"[5942] was attempted by "/syz-executor exec"[11389]
[  236.081963][    C2] hpet: Lost 1 RTC interrupts
[  236.409267][T11394] 9pnet_fd: Insufficient options for proto=fd
[  236.496168][T11398] mac80211_hwsim hwsim15 wlan1: entered allmulticast mode
[  236.623081][T11399] netlink: 'syz.5.1619': attribute type 10 has an invalid length.
[  236.628989][T11399] mac80211_hwsim hwsim15 wlan1: left allmulticast mode
[  236.815025][T11401] netlink: 830 bytes leftover after parsing attributes in process `syz.1.1620'.
[  236.857326][T11403] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1621'.
[  236.888033][T11405] overlayfs: failed to resolve './file0': -2
[  237.042439][T11418] loop6: detected capacity change from 0 to 524287999
[  237.627440][T11431] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1629'.
[  237.691533][T11437] bond0: entered promiscuous mode
[  237.696102][T11437] batadv0: entered promiscuous mode
[  237.699307][T11437] hsr1: Slave A (bond0) is not up; please bring it up to get a fully working HSR network
[  237.705223][T11437] 8021q: adding VLAN 0 to HW filter on device hsr1
[  237.710665][T11437] bond0: left promiscuous mode
[  237.713514][T11437] batadv0: left promiscuous mode
[  238.405864][T11453] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1638'.
[  238.964822][T11471] netlink: 'syz.1.1642': attribute type 1 has an invalid length.
[  239.337124][T11471] 8021q: adding VLAN 0 to HW filter on device bond7
[  239.586197][T11486] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  239.969785][   T29] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  240.003067][T11498] netlink: 32 bytes leftover after parsing attributes in process `syz.5.1649'.
[  240.008193][T11498] batadv_slave_1: entered promiscuous mode
[  240.010767][T11498] batadv_slave_1: left promiscuous mode
[  240.131424][   T29] usb 5-1: config 0 has an invalid interface number: 255 but max is 0
[  240.134126][   T29] usb 5-1: config 0 has no interface number 0
[  240.136227][   T29] usb 5-1: config 0 interface 255 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  240.161881][   T29] usb 5-1: config 0 interface 255 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[  240.203400][   T29] usb 5-1: New USB device found, idVendor=10cf, idProduct=8065, bcdDevice=91.79
[  240.209947][T11502] blktrace: Concurrent blktraces are not allowed on sg0
[  240.218593][   T29] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  240.221191][   T29] usb 5-1: Product: syz
[  240.222587][   T29] usb 5-1: Manufacturer: syz
[  240.232270][   T29] usb 5-1: SerialNumber: syz
[  240.257744][   T29] usb 5-1: config 0 descriptor??
[  240.272971][   T29] vmk80xx 5-1:0.255: driver 'vmk80xx' failed to auto-configure device.
[  240.277540][   T29] vmk80xx 5-1:0.255: probe with driver vmk80xx failed with error -22
[  240.489960][ T5939] Bluetooth: hci3: unexpected event for opcode 0x2062
[  240.664509][    C1] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  241.088918][T11510] netlink: 'syz.5.1653': attribute type 1 has an invalid length.
[  241.092654][T11504] ==================================================================
[  241.095180][T11504] BUG: KASAN: vmalloc-out-of-bounds in vrealloc_noprof+0x132/0x320
[  241.097602][T11504] Write of size 4064 at addr ffffc90002fbf020 by task syz.1.1650/11504
[  241.101274][T11504] 
[  241.102332][T11504] CPU: 0 UID: 0 PID: 11504 Comm: syz.1.1650 Not tainted 6.15.0-rc4-syzkaller-00291-g2a239ffbebb5 #0 PREEMPT(full) 
[  241.102346][T11504] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  241.102352][T11504] Call Trace:
[  241.102356][T11504]  <TASK>
[  241.102360][T11504]  dump_stack_lvl+0x116/0x1f0
[  241.102377][T11504]  print_report+0xc3/0x670
[  241.102389][T11504]  ? __virt_addr_valid+0x5e/0x590
[  241.102404][T11504]  ? vrealloc_noprof+0x132/0x320
[  241.102412][T11504]  kasan_report+0xe0/0x110
[  241.102424][T11504]  ? vrealloc_noprof+0x132/0x320
[  241.102434][T11504]  kasan_check_range+0xef/0x1a0
[  241.102447][T11504]  __asan_memset+0x23/0x50
[  241.102462][T11504]  vrealloc_noprof+0x132/0x320
[  241.102471][T11504]  push_insn_history+0x2ae/0x6c0
[  241.102483][T11504]  do_check_common+0xbd3/0xc2a0
[  241.102499][T11504]  ? __pfx_do_check_common+0x10/0x10
[  241.102509][T11504]  ? __pfx_mark_fastcall_pattern_for_call+0x10/0x10
[  241.102525][T11504]  ? kfree+0x2b6/0x4d0
[  241.102539][T11504]  ? bpf_check+0x6c86/0xb460
[  241.102548][T11504]  ? bpf_check+0x7b2f/0xb460
[  241.102559][T11504]  bpf_check+0x7f51/0xb460
[  241.102573][T11504]  ? __pfx_bpf_check+0x10/0x10
[  241.102582][T11504]  ? pcpu_alloc_noprof+0x949/0x1470
[  241.102596][T11504]  ? __lock_acquire+0xaa4/0x1ba0
[  241.102611][T11504]  ? find_held_lock+0x2b/0x80
[  241.102621][T11504]  ? __asan_memset+0x23/0x50
[  241.102635][T11504]  ? bpf_obj_name_cpy+0x14a/0x1a0
[  241.102648][T11504]  bpf_prog_load+0xe41/0x2490
[  241.102662][T11504]  ? __pfx_bpf_prog_load+0x10/0x10
[  241.102675][T11504]  ? __pfx___futex_wait+0x10/0x10
[  241.102692][T11504]  ? bpf_lsm_bpf+0x9/0x10
[  241.102703][T11504]  __sys_bpf+0x433c/0x4d80
[  241.102717][T11504]  ? __pfx___sys_bpf+0x10/0x10
[  241.102730][T11504]  ? __lock_acquire+0xaa4/0x1ba0
[  241.102742][T11504]  ? do_futex+0x122/0x350
[  241.102752][T11504]  ? __pfx_do_futex+0x10/0x10
[  241.102764][T11504]  ? __pfx___ia32_sys_futex_time32+0x10/0x10
[  241.102776][T11504]  ? kcov_ioctl+0x265/0x730
[  241.102790][T11504]  __ia32_sys_bpf+0x76/0xe0
[  241.102804][T11504]  __do_fast_syscall_32+0x73/0x120
[  241.102818][T11504]  do_fast_syscall_32+0x32/0x80
[  241.102832][T11504]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  241.102844][T11504] RIP: 0023:0xf709e579
[  241.102852][T11504] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  241.102862][T11504] RSP: 002b:00000000f508e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000165
[  241.102872][T11504] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000080000840
[  241.102878][T11504] RDX: 0000000000000094 RSI: 0000000000000000 RDI: 0000000000000000
[  241.102884][T11504] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  241.102889][T11504] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  241.102895][T11504] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  241.102903][T11504]  </TASK>
[  241.102907][T11504] 
[  241.195563][T11504] The buggy address belongs to the virtual mapping at
[  241.195563][T11504]  [ffffc90002f7f000, ffffc90002fc1000) created by:
[  241.195563][T11504]  kvrealloc_noprof+0x7d/0xd0
[  241.200928][T11504] 
[  241.201699][T11504] The buggy address belongs to the physical page:
[  241.203688][T11504] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffffffffffffffff pfn:0x4d4bd
[  241.206795][T11504] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[  241.209082][T11504] raw: 04fff00000000000 0000000000000000 dead000000000122 0000000000000000
[  241.211723][T11504] raw: ffffffffffffffff 0000000000000000 00000001ffffffff 0000000000000000
[  241.214378][T11504] page dumped because: kasan: bad access detected
[  241.216375][T11504] page_owner tracks the page as allocated
[  241.218152][T11504] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102cc2(GFP_HIGHUSER|__GFP_NOWARN), pid 11504, tgid 11503 (syz.1.1650), ts 241092545269, free_ts 144678982633
[  241.223486][T11504]  post_alloc_hook+0x181/0x1b0
[  241.225009][T11504]  get_page_from_freelist+0x135c/0x3920
[  241.226734][T11504]  __alloc_frozen_pages_noprof+0x5a8/0x23a0
[  241.228579][T11504]  alloc_pages_mpol+0x1fb/0x550
[  241.230102][T11504]  alloc_pages_noprof+0x131/0x390
[  241.231674][T11504]  __vmalloc_node_range_noprof+0x732/0x1540
[  241.233525][T11504]  __kvmalloc_node_noprof+0x2ff/0x600
[  241.235215][T11504]  kvrealloc_noprof+0x7d/0xd0
[  241.236694][T11504]  push_insn_history+0x2ae/0x6c0
[  241.238258][T11504]  do_check_common+0xbd3/0xc2a0
[  241.239768][T11504]  bpf_check+0x7f51/0xb460
[  241.241183][T11504]  bpf_prog_load+0xe41/0x2490
[  241.242660][T11504]  __sys_bpf+0x433c/0x4d80
[  241.244078][T11504]  __ia32_sys_bpf+0x76/0xe0
[  241.245517][T11504]  __do_fast_syscall_32+0x73/0x120
[  241.247133][T11504]  do_fast_syscall_32+0x32/0x80
[  241.248684][T11504] page last free pid 8722 tgid 8701 stack trace:
[  241.250657][T11504]  __free_frozen_pages+0x69d/0xff0
[  241.252576][T11504]  qlist_free_all+0x4e/0x120
[  241.254049][T11504]  kasan_quarantine_reduce+0x195/0x1e0
[  241.255772][T11504]  __kasan_slab_alloc+0x69/0x90
[  241.257327][T11504]  __kmalloc_noprof+0x1d4/0x510
[  241.258850][T11504]  __register_sysctl_table+0xb3/0x1900
[  241.260563][T11504]  neigh_sysctl_register+0x31f/0x670
[  241.262264][T11504]  addrconf_sysctl_register+0xb9/0x1f0
[  241.263987][T11504]  ipv6_add_dev+0xb39/0x15f0
[  241.265412][T11504]  addrconf_notify+0x53e/0x19e0
[  241.266933][T11504]  notifier_call_chain+0xb9/0x410
[  241.268515][T11504]  call_netdevice_notifiers_info+0xbe/0x140
[  241.270366][T11504]  register_netdevice+0x182e/0x2270
[  241.272013][T11504]  macvlan_common_newlink+0x10e7/0x1a20
[  241.273738][T11504]  rtnl_newlink+0xc42/0x2000
[  241.275189][T11504]  rtnetlink_rcv_msg+0x95b/0xe90
[  241.276738][T11504] 
[  241.277518][T11504] Memory state around the buggy address:
[  241.279261][T11504]  ffffc90002fbef00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  241.281742][T11504]  ffffc90002fbef80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  241.284212][T11504] >ffffc90002fbf000: 00 00 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[  241.286674][T11504]                                ^
[  241.288266][T11504]  ffffc90002fbf080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[  241.290721][T11504]  ffffc90002fbf100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[  241.293186][T11504] ==================================================================
[  241.300787][T11504] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  241.303064][T11504] CPU: 0 UID: 0 PID: 11504 Comm: syz.1.1650 Not tainted 6.15.0-rc4-syzkaller-00291-g2a239ffbebb5 #0 PREEMPT(full) 
[  241.306740][T11504] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  241.310044][T11504] Call Trace:
[  241.311106][T11504]  <TASK>
[  241.312066][T11504]  dump_stack_lvl+0x3d/0x1f0
[  241.313525][T11504]  panic+0x71c/0x800
[  241.314771][T11504]  ? __pfx_panic+0x10/0x10
[  241.316194][T11504]  ? rcu_is_watching+0x12/0xc0
[  241.317717][T11504]  ? preempt_schedule_thunk+0x16/0x30
[  241.319397][T11504]  ? vrealloc_noprof+0x132/0x320
[  241.320956][T11504]  ? preempt_schedule_common+0x44/0xc0
[  241.322657][T11504]  ? vrealloc_noprof+0x132/0x320
[  241.324211][T11504]  check_panic_on_warn+0xab/0xb0
[  241.325707][T11504]  end_report+0x107/0x170
[  241.327068][T11504]  kasan_report+0xee/0x110
[  241.328509][T11504]  ? vrealloc_noprof+0x132/0x320
[  241.330060][T11504]  kasan_check_range+0xef/0x1a0
[  241.331586][T11504]  __asan_memset+0x23/0x50
[  241.333052][T11504]  vrealloc_noprof+0x132/0x320
[  241.334555][T11504]  push_insn_history+0x2ae/0x6c0
[  241.336113][T11504]  do_check_common+0xbd3/0xc2a0
[  241.337654][T11504]  ? __pfx_do_check_common+0x10/0x10
[  241.339299][T11504]  ? __pfx_mark_fastcall_pattern_for_call+0x10/0x10
[  241.341339][T11504]  ? kfree+0x2b6/0x4d0
[  241.342622][T11504]  ? bpf_check+0x6c86/0xb460
[  241.344087][T11504]  ? bpf_check+0x7b2f/0xb460
[  241.345539][T11504]  bpf_check+0x7f51/0xb460
[  241.346942][T11504]  ? __pfx_bpf_check+0x10/0x10
[  241.348493][T11504]  ? pcpu_alloc_noprof+0x949/0x1470
[  241.350120][T11504]  ? __lock_acquire+0xaa4/0x1ba0
[  241.351668][T11504]  ? find_held_lock+0x2b/0x80
[  241.353202][T11504]  ? __asan_memset+0x23/0x50
[  241.354863][T11504]  ? bpf_obj_name_cpy+0x14a/0x1a0
[  241.356458][T11504]  bpf_prog_load+0xe41/0x2490
[  241.357950][T11504]  ? __pfx_bpf_prog_load+0x10/0x10
[  241.359538][T11504]  ? __pfx___futex_wait+0x10/0x10
[  241.361123][T11504]  ? bpf_lsm_bpf+0x9/0x10
[  241.362524][T11504]  __sys_bpf+0x433c/0x4d80
[  241.363962][T11504]  ? __pfx___sys_bpf+0x10/0x10
[  241.365478][T11504]  ? __lock_acquire+0xaa4/0x1ba0
[  241.367033][T11504]  ? do_futex+0x122/0x350
[  241.368398][T11504]  ? __pfx_do_futex+0x10/0x10
[  241.369864][T11504]  ? __pfx___ia32_sys_futex_time32+0x10/0x10
[  241.371736][T11504]  ? kcov_ioctl+0x265/0x730
[  241.373526][T11504]  __ia32_sys_bpf+0x76/0xe0
[  241.374976][T11504]  __do_fast_syscall_32+0x73/0x120
[  241.376589][T11504]  do_fast_syscall_32+0x32/0x80
[  241.378187][T11504]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  241.380195][T11504] RIP: 0023:0xf709e579
[  241.381479][T11504] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  241.387430][T11504] RSP: 002b:00000000f508e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000165
[  241.390009][T11504] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000080000840
[  241.392621][T11504] RDX: 0000000000000094 RSI: 0000000000000000 RDI: 0000000000000000
[  241.395095][T11504] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  241.397576][T11504] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  241.400026][T11504] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  241.402474][T11504]  </TASK>
[  241.404115][T11504] Kernel Offset: disabled
[  241.405482][T11504] Rebooting in 86400 seconds..

VM DIAGNOSIS:
11:39:12  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000000032 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff854c2735 RDI=ffffffff9addfbc0 RBP=ffffffff9addfb80 RSP=ffffc90004d96f00
R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=0000000074697257
R12=0000000000000000 R13=0000000000000032 R14=ffffffff9addfb80 R15=ffffffff854c26d0
RIP=ffffffff854c275f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0000 0000000000000000 ffffffff 00c00000
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff8880977ec000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=000000000c36372a CR3=000000007535a000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000000000000 RBX=ffff88802b241480 RCX=ffffffff81ae9e69 RDX=ffff888043dc0000
RSI=0000000000000000 RDI=0000000000000005 RBP=0000000000000003 RSP=ffffc9000107efd8
R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000000
R12=ffffed1005648291 R13=0000000000000001 R14=dffffc0000000000 R15=ffff88802b33b180
RIP=ffffffff81baa692 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880978ec000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000f741e32c CR3=0000000062636000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 2

CPU#2
EAX=81d77ccd EBX=00000069 ECX=00000000 EDX=ffffffff
ESI=ffffffff EDI=f6a41288 EBP=f6a502c8 ESP=ffeb8c70
EIP=f7136da0 EFL=00000282 [--S----] CPL=3 II=0 A20=1 SMM=0 HLT=0
ES =002b 00000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0023 00000000 ffffffff 00c0fb00 DPL=3 CS32 [-RA]
SS =002b 00000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
DS =002b 00000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 00000000 ffffffff 00c00000
GS =0063 56de2440 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 00000000 ffffffff 00c00000
TR =0040 00091000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000008f000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=000000002dfebb58 CR3=000000004cee5000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 3

CPU#3
RAX=000000000031279f RBX=0000000000000003 RCX=ffffffff8b6953e9 RDX=0000000000000000
RSI=ffffffff8dbdb683 RDI=ffffffff8bf46ca0 RBP=ffffed1003b58000 RSP=ffffc9000048fdf8
R8 =0000000000000001 R9 =ffffed10056a65bd R10=ffff88802b532deb R11=0000000000000000
R12=0000000000000003 R13=ffff88801dac0000 R14=ffffffff90852310 R15=0000000000000000
RIP=ffffffff8b693c7f RFL=00000282 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff888097aec000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000d6000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000f7410e24 CR3=00000000232f4000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=000000000000000e 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000