last executing test programs:

3m34.710950861s ago: executing program 3 (id=1540):
r0 = io_uring_setup(0x70c3, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1})
r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x48842, 0x0)
ioctl$PPPIOCNEWUNIT(r1, 0xc004743e, &(0x7f0000000140))
ioctl$PPPIOCSPASS(r1, 0x40087447, &(0x7f00000022c0)={0x1, &(0x7f0000000080)=[{0x6, 0xce, 0x0, 0x6}]})
close_range(r0, 0xffffffffffffffff, 0x0)
r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000300)='/proc/asound/seq/clients\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200003, 0x0, 0x0, 0x3})
ioctl$PPPIOCSMRRU(r1, 0x4004743b, &(0x7f00000000c0)=0x5)
r3 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCL_GETKMSGREDIRECT(r3, 0x4b3c, 0x0)
ioctl$VIDIOC_G_SLICED_VBI_CAP(r2, 0xc0745645, &(0x7f0000002300)={0x800, [0x2, 0x8b, 0x5, 0x3, 0xef, 0xe, 0x0, 0x5, 0x4, 0xf22, 0x89a, 0x2, 0x2, 0x4, 0x2, 0x0, 0x2, 0x200, 0x7, 0x1, 0x4, 0x8, 0x0, 0x4, 0x7fff, 0x2, 0x200, 0x6, 0xfff, 0x0, 0x2, 0x3, 0x0, 0x4, 0x8, 0x5, 0x7, 0x7, 0x3, 0x1, 0x2, 0x5, 0x7, 0x7, 0x5, 0x3, 0x4, 0x1], 0xc})
preadv(r2, &(0x7f0000000500)=[{&(0x7f0000000380)=""/135, 0x87}], 0x1, 0x154, 0x0)
pwritev(r2, &(0x7f0000002280)=[{&(0x7f0000000200)="e6e1ab1f6428c35ac54becaa4beef8d88b3856be4bde8945ccf277373687376f044ea18f18effc16b113adb178d8f1c88136325d6a1cfebb850d010923368ea61cfa0a2350c6851629ab2c3b15485248b04f22be92c3eedd6435f48f243c8c66395903d0b2c66558818034165dd1ba652667dd8731a72135a77c09ea3c", 0x7d}, {&(0x7f0000000040)="ee4f086c80ed0e7e0a010089", 0xc}, {&(0x7f0000000280)="b8608cebbc8ff0a482cc5e2d997eecb6f9e2a9c92da50e5dda0ec327da47c5c89d754ae9690810d7be3d0d108757823274e2f7430aa899dab47d83545c0dd78c5beed8ef118a6d65ea87d168edef148dd41dc6ebb0f2b4ab47af2a783418c3de93620b2ad8dbe205fea6bd0f9edd6419d9af3173dc9f16fafed339127752061e48df3a6feb67da208c8cd0d653c876562a3ce907764183ca4301080185fdb1e0508571ac57d77f92f8a05fefa62d8e29374c23424331fd2df23cfa02e9097f34a30f58e8a90529cdcd0d518c02318c5ccc13f135e1092d214698fef48c41aa8ce4f271737a06cc38c019460d686289644021052eebf5ef555c8d169504cf519a251c562cd7d9da0945da576201cb7d429150ffb5114e98f29e84629dd616c1b612ee53e44270bc11b32961346c66b5c49993e05277357ab162c4293757aa020b9dded95da7467664ebedf80154a1ce2ed8a493de7d04a2b33ad6fa61aad8955194c82c55dd0c790f7c054d073225725cbbd2dd31969c56d3e36603b12b4de7465c7be73335e4cb384bfd7dced965b3f66b1a9b207862589f751a367cacf896673625e52bc8fe14d48264291bb1ba56c9cf7d8cce91bf29174fe0f163b6ae00f0d9ac7ed7344782f5df6a83f9359013fd1b84ba774dd1c8839318f9fbd8f02a65e8046aaf80bf9272ee380f352b13791a903293008c6902e3e9d4c7f785405452e57753639807f4abda698e20b93b5df8b71f27797c9e5ff132f0079278491ec5f2e173bd48d43d7557d479f1c213a328ef6bf2249608d51593345e77913d201aea007167831e56af59decd147357c30ff9ede746de9555f46feded81dd5e79868f64904f6e6da8257f990393e0978e8e333d9159faeb6a541e402d274ef7ed0fd106bc473aa6741411f0768b09ae7f5c2954bef1dccebe7fb5ce51d9dcb0f10ee44409acabe6c743274782246bc1856a85fc11951e7ca95c83addd5e337498e92bdba865aa74c427bd0df090411ac8d99f0a1f5b774b4281c8187cfa4b3caf5cdc56f4a6de27f2551064ee4dc44e4755a1d10ce0f1048ad674f6399432ddf3c99f02dfebd80bfbfb8449c46e24146a8b9e08b996949634e6e8d56c782a386f01070f07d07fa66b2cfe847d09c405a6ebd9e31754c775f6840d55c805326d9f871a60df6c2a6340962fd942c6d91aa1613bf02e5c5d7373b33c7074d2e3c5f2e82b4f19be1fb89f9acec64fee4d5ba10ad78f1aa29e066046a9e137daaaa14da07c8722d3cab7fd1d7e7f74998d04bc86a3b258337db458d6d93b27cd350bb91c3a02b266385233aa6daecfa67aaadfc9b3782387b04d99021921a92dfc00121a33b151eea1988c2661d1b41083a5d154bc090d3e020047a88ec1be1cdd28612455873d553f42838d7e46e75560ff331a7677776d0837c6686f46e19b455bb67d7a87fcd5de06d80c3b9e12eb4f89a6c3472cd170aa01224bdc75ac7a1c240443381de0eede178c13506bcea2083e368b86c18654a24829ff44f88055faef6a8ef0439397145ae8e4bc1d8af419ab8730baad616bd52d47296af6d1c7072d6d87d88f53c764511f4e1dcb902d0d41bda90753c9965c7eaad18bd559c8386c2193ec4b4d6277dc7cb71b23d3faee4ec93c0c6eabb9dc9fcd9052dcf705d7ae1fa6861519dc52d463b1b5a64f9b25f91ab309214890fb8d46a2975b2fad05f4316f2e44c891f55872189b1db589c48b8f4558c40b4cda0becab668ff9030770b5a35a785147e576155999054cc7ca5c848a7914781a23fec2385cd01fc306510e175e80242253d07bedaff26b4c5ccbc53b798b1c1a5188625cba19fc455fe772d19fef917be46f29e058cc05ee94e4fea44e577858392098542ccd651adeb79a12e17a67657b949d3a63334644a441440c60fc24859c9e315cdbf6b2bdd10d75273399983977d129cb722f65f5db72b90c8f9226e85e983807238944ba667d42c4b80f23493cc8aaa95608df1ecdde57fa7703a014d86d608a0ce42905678ed5e39decdbd61d1c36fc6a94a3d120790f5a97b5727750c587a0212978336017e1460323e068499a271569e74a7d09a6ff08fe48e66698559f1cfad2f8602a112c0bcd7a98d604d7296a2ada298607c4f65955b3abcefb3d4cee95c1d282d38479bf8d2b7ab06c57a830e72b769a6ee61bc2908108d470ecd2940e5820684d6fe6f8edcb7abdb3deafc42e6e2980eb313c2fdbac2e937c2c17b7a116e8e316f509542b8cadb89abcae179b1323c51911d1118a58e7709c42fc0d8045ce8b9f5abfbf935cd1038b75ab6cfbede1014677d0bc530409423b9a1c05411fa9811ae0b6f129708104ffeaac8972f12b4cf89c08c8863f64c69166c8efa2d65eda0d376d473e0a9bb46fc0521da897d842b1efbe8f90ff58b0046446a1f33b5cabff8d00e8eaea7dd6c87014a46cb25686741dc0e999cdb93ce6f36cb3ebc3af82e92a39eb534caa5d42140cba40cecce6aef34e387a78347475d1687c4622e00035266b7d6f6f90fda25fef0195e45cf87bed3782e1d5bb753db2f93f8b17d97b8e9f5549065813fd2de3056db2c4e1e4f3dcb53ebdf91855c99f891553277231f0a1d497a72cf313099186b0bceedeb33f9b808268a4a6d0b65df50ae7bad7291728293092ae7b3a40172fac00ec912b576596394aaf77238bedd26586f73241e9b9496face57feeb2647a75d2470d3e6619850449a2c8bb25983fd856d80b0a0393afea43eda4e05a2fa02c22e81b031b5143cd4462903853a01d2d135b55a94f2617f1282938cf822d30b9d05830381db89a907a10d3dc6f0178372eb06cbd03b7e179f8bd16f604909cc2bccae17c614124b1eff46182cba39f199f69d3347483d6ec24554f5191accdd211eaf3007a45810233e1e6e1c32900112b0e17bc105d343aa6c13e050f65c76326d694e2218da85492ecbfab52cdff0040aa240cf61fe882b955cf1c2df30ab4f07dae79f5e7fa2a4b53faef5156801b728f70b137b85a0daee25412275e8ddc365d55461033eab9b29a83eb2713ac3e052054df9a3d5e8405c56d2a023ab100d4af771e7225e9241bda78fb1bc91b1b8cba2a2434706db090f65b6377d3afdaec799e251bd5a439432a5e4122573d2171f174bb5ddb10d62a16651badfe0c181af55d9c2120e36bf5326c74699e3271d879d94b18d3aac401fc15d2c71b8aeb285afd65590c7f67b85d83a85ccd803e991aa4eeb3ce8963bc8aa8d0431dc047b077ab8524331367eb7d0653b5d74dc00d6d95f38e7a2d6cedb1b8af51d7ce6dc382948cdad146cd085ffd24f87b18b226d5597e0c5b79fca13d4a02c05f8840ce0c91d3ff455863fbedca45ee956f50d7d07de3a060656a99db519c4f41581500ce87ec9f6e3b3be36a5892c5219e19f30fd9e3e5667cf012c597b1ce2d805f02e70547bc4f7c1b7d1d1a36ca8b50052746e068bf47bd90500fee828da17ad7096a6d6abfb4f2d55436c711c16ddd9695c3a3b64d440636e8be659f5852043d0d031ccb20f4145b85a13af1087f6492104d3746566b908f5075211ed8e31404b9e6b740649dd7f367cab73a6b07f4e1c4346401f908f6c3555c3dded8fdf9a227b41dc040f79bcec54cc2fc70614ad3a20521fbab3c253c90244c8880e5911d183ea5b2ab280aa87dc08e28b0ca0ffd1e303f9843bb4a3f8a1e5602b5953ed57d0851bac0310d68f002c015a55f7827a9a2410557d6317db84a3e5bf1bb68803acad0f7282263994b7fbd15c64f528324188b9849d3a9e2fd216f67f88d85c4f088f1fb718eba0fdcd171ea7fce2dc10927f3fb67a5d135714c3a482ad4404083d5c0d650ba7108e44aff3fd90dbcec677a1ca5231ac1a1b8a948ef704f4a13f4ea09b4e937feb8d16caa8db205900a5e62e2b7097f781920f3cc3c2cba7f3942886caa6c3f8fac69c9703ce8f3ffa0bfe30bebb0d14e68eac22d2f0e1ae2e05b635980d69d4239eeb39d6035151f6a949b6f7b9b50cdc5e42b6770fa7d7a65c900a2431b8ea71b6efd98b527b3576997f289be8655ec0ba4929355443ab538571b9699a4c323039c0ec7b3cf35d4d7ef22f605894994c9f399d2033365a7289e552766396a3d1dfabe9df4333e7c75eed0be5e72558e504b042f0fed94bc1606b8a4656990a1b241fa4567e3113fab9a4906fe57eb8a5c4c27d33249070efcce9bfbf341bf08cd233c9228dd9925171000b86137b5240ae335e74e813123bcbbee66bb145f56a40b103c0e110e693e23cdceef1a6627107e691e78ba336493f263aa9f07859bf6363b2a97c87cc0a67f23f02bf12acfe0bb574bfedd62cb090a2d4eca9fa3a7a39eb1d4ee9cebb177a4fe19a6c5dcd42bf85453f6b23a532d6db1679070b0ab53671e1d70ef5f108ab30047f8aeac1df7908f1b71993bb810504e33ee5c5d4953d55bcdfe5d381b796cbc1c8fa29b86785fdaec9fb0c8d8fb8b0de336fc24175a15b69543647e394a2ec051d3a25ea6ce4146471edac45c95b4948269877cfe0b10d92cdfd9fc91db464551e721b4cf2cd198fdfbfd22e6bdb3eb04c63064547a5e0c3c7892c12eb89e0fa052c9733cc017619883e3461a60e2e0f8e0839a4f708aa14aad9dd3b547d44687b08fbe4153c57a78349b96d359c614c9407dd57504e2f0539d47e8f46ebbe55f1145d9ba0c437084546c08bc437c40f940e66332b42bba97250b9a4f328327d271e560445f4ce7a0443ee7ffa562aeb302dec395a598a2e105fb4344b28f5068700fe9c9cc47345a492a6f9852131faab3373e5887c001cc046598db77f45b3ae3c0aac53316038adb183f1976dcc53cf32de4d5742cfd3a21b5cf336d97fb897e87caeafc867c2690c0dfe3024ad0036d61497915ccdafc6ed2312ef3873d5208bf7488a29ea32f701a8e34e9f6dcdef6ab44b76c3a984bcc31d1f9d6e0aaf18d10c42d4713301070de39eacd0ec576dabd0790367fb555cbc260bb0830a03f6b3612ea9a75b9b037425ae9bc0079abf0413070834e0be15b46db416da3cd13202b0831c22bb5229ca456e4c209b6d9a1d04da6dd49d59961ee9120cd4434a130f60b6e16e9120918572f570a21eae2e7d03c054f6f88f5b153a7252273319dcd6905d4140fb71b9c3860d7361539ef6ff6aadf000871cb23c5eb161876034b9cde071e13df0cffa96630a1e6a54326da87674d64e4eaf227c7c9b7bd75f66c01d00110cec97ff3ec5c08fda01efe8bfa2f331e511aa3ed16efd06a970391c8b2197f4109a5e74b95aa8a427f42bb2cae6609c85dfe6ba18ca93508a0a5136c809131bd17462638fb950acd85e4c3e1eeb1271f43fea87375ee1784188e5f98183863d6d27cc6d330901ef5709cb30ac7e7341efb73a1998934d43630015160cca5105c411b4b06de7d2c98f559a79443847f8290cf682eb45ed30e83d2aa09a3140c0ebd3fe1597da808f102ae3d1525ca467bf8b734c0a7ec0d762b50a89b72a5128fcacae7bd90482600eb373c711ba3df0ab604625462852cce931c754a3449b1b723718cc6372c822e92586f4431ff10bb49ce76310a44b563240e77b40c3acbc79a4c852f300ec66f1a6b29f94ac565a7a970aa85ef30a1ba8cf0866f9ae3f800658675ec178588237db6ad4500f07107010a71ecb12d860137db7c9eec592c3cde618947bacbc2ace566e106996567a6ea148048edcbc87764806d4169b99c23a6c024383454d21acee992ccfa61b179a2ac7835a662bf127dadefbcca3b70d7bc", 0x1000}, {&(0x7f0000000100)="b31868bd2c0ce0470c115c7d97d9661838b0", 0x12}, {&(0x7f0000001280)="a04a34a408b2c796c0dfd90cee48a11c484884c6aba4428e7295ad1bdd641122a3eda84c37b5e0f0b2676c0201d6c976a4fc99dca21595ded5ab43036b8993a3b94a5d9d23d5a2366b27fff9b969efd84af6161a82ef8f00f90aeeb4c94c5073c6faa03b3c6d26a55cd78f88399bbf850ff05f8548401b3723413782d734e9e24b09f76250997ab6608c47bd5008d8d0c5e0f66545c3f909d75198b2039ba09980014923070e85e60e091b52e2ce6ca67a01562553a79021c953b10f84837f22dbd3e3d69a76356f6a086da4f6c86995630b68719cd7ed3e49ad3b2804be691d60b244e57aa2ba1e8af80ddf30a43f5438da9d22d304ced528402fbbe92009633f7960d93dce73c3bd1162ae427efce73b8138e6cc28f5c53f3455c72372612f7ce161bc2a8276bf5546c53e3ad2d4add5adb5908155b054924bf0a0d63706cac805c83eedff57b02adc8ac130047fec4b4d8ee21ca665719f99db5eccc7edc283539a2a2790accee1528796bcbb4ffeb0dc1f6b81b866ddd91c7f7c96b0c7102eaa620497d70ae51ee1d27fa8d820201fbc259a425a507e19b5eeccea1f9bf44610153f17fce66a959d89c535322ef909c5334933c258545d4014600845f37a1e2f0d91f11a42dda7f883c0d6f39deb4bd41da83c421fa61aeff89e45b155591cd3a64b699c3d73b436c4c1b0283b20caa6b2345781a4c59076aa3b6532dc1ad0d7c6f74f10e22f5f70fbfa7d950570454612c640e4b8884405ff2e77b9e27d557deaf282f0ceb5ea7769a99a3e414bc148dcc26ea32423388aec27fd4d50829c9177f10058124ff7a4fe0909946413aa0f12d99b6a96311742143b38337d1f377ff19795e43d265178a6c9a76ee4350b071945ce691f1f648f6e65facdddf3ec5929572162a91845451e81525f276c0cc786051a2db6e09162e53e093c7bd96b7d59496fe490bca518aea836daf7e5eb5c2a972ea6fde0758452531185a5f5f3a9016fb65a67b42cedc94efbc8cb026b7eb455d10c51651edf7a5bf4bfd6e8f542376d42b6f8803262ad48a61d811a391239eb0f62a615c54de9c85c51c1bc2114cab943dc68b2cfacc98c0ad2d9571b27fc199ee032ac82107f7f7dfdb8e143281dad3c75542391b1aaf5f6e04e4689bdee87c9702e176326a06e68045ba1fd052e566529c2af1c456a1dcc3da1885c3ab44bf5ce2e3a902660e72913f8a48c0be850a80f2d534279f157b9351bb8a07066bdbf8aaa7c5ba63fca3c089d60176cc443c7452974662acda937cf7bb3a1a1eaaaadd1b73b6435e6f5b9582aef72d506730471dde0bd1c2415428829c726fa5f76efd5552f5681767b6f239c7b3885875228db75df32fc1b0f0e618356d1131583281d3741d1ab695fffc2d8f9acce824c2ddcf27047f05f233314e0f6a51add79c892351135212e97684112c82b4e5250e8f6cd3cb24f121efa8b4acb82545dfe7c9c30c6f3e40cd1d1fd4df88629b8ee34e0bdd9a406d055731be903b561d059ef5c1b6f12894fefa64c396b192f09582407e4e24e28e75096a4242548af3a85d809ee5326c681d04fa957725f2231035bd8fe8dab8b21de7d2f833dea9ed128346198715942a768109cb370368b62e9ae8d4095f4c450da087d545fa9f32e32e7ec6861fe5352cbf6885118451892eb03bf21aee0633ff08a1d6bd4fe84aea2dd9ba3f422d2585c49bfa861461891f45b2dfba7a8fc4a1de95459a78252cb56bb47fbd96ea06116dcec546fb0fa6a36e5d2367d87ef2cbbbe262fe4c133d39d7ae3bc84d32c2e6860afee4c73ff634c5d594fdb2ae4c965715f26fe2456e681f6e6d642c004a224a4a0803d7583c41458e4515cb3bc32089a9d00b9763b7f89fb8646dbb91f61c4154a03de45eccf1310e8dd4ed1bfd2f50d2867737e521b18bbca1ca92f37f044a25861453a12697e6141bcbeffef528ba2280073995c3cd0e38e84809d2a0a9fdb3510c765074b0e9e8984292303379e495fe23c2e25132c59dca5a3bb9432b9de631f5165d74a945ca99b85a769701e089710ad52f96488b931fab1d5404a680382c1f8e0e7d457b10befe66e14291192657849d1add6517f05a9564de8c6872687b570134795929be5bb61033b4a99e5589ff5119aa518089d0d9ab36ee5e513e815a1b9c7a6d80f57c37aa1f74271f189761547d3755322b389a55ca15f39880dda5f83aba80e5d6bc6083fdc13b18628f651508a07ed31902622071c1b32ca7296ad87f988ac65edf78dcc184395d9f640a8f9226597a646fa126fff573a3720f092c2d0a2040e8806cff94255eacfec23e39a9710e51a9207b0a20cc12489f021869c514a71b0a16728866d807ebac538c52836613b6abaf896b373f3deea82cafc6b377d37333dbff3cba2e5c85d02896701a05d239e4afdc14b2839c0c75f0a70cf83fdc060b7bfa63cf71ec89887bfac96b21009b8497d4828157c39ae45d5afd4349684dec09b9d1a9ec2ce047be75e64427a7c7e0446bab5550640213670e40ea485a8d8294ceefdf25e6f027fbd142568698474b24ce64cf9548b3199ebbd2dd8c7d1801d5a31a2a7be498de1b55db14e026455584434a9a1f2f09dda97a64cbbc1edbf670dad1233d8da58fa5757e05b9602902272cab9fb81a344c742b4a75c6fc3f1f52124f73864c89a5d1f15e8a85298ebe5cac7d39c66fa8b4f2998675fac69ca6beeba6cd5145bc189a997c21bdb45f7f77d2148e83295c8bda47eb2f74971234808c9568568010751f6484f875039014fe7ef2abce68721be48c37a6b1ebf645b08fcb19eb3dce9c8d3a3cc0b54e14ee4385dd04796fafda84f24b4e2c0af923c73a14c5fb3c699908104d4e760ef61846456324d57a03223cc4d36aed6d6261a89ed2325740fd832e4c2dd732c3fdad2da212e485a62f1c4779dfcf9bf1b8f6398bafb750ae7f1a9e2bc6a042946d72974a719692ee5d04352c8a547e19d4911ba4870f43ad8493cd0a941f1d3c98acd02c01bf718ecc26e9b101f8634a55a549c13c2fb6d722dbbdc89871db092767a9b7dc55671edd675bda2c190b7af04b1ee0aa3e74dec2281a179226e4cddf9f08ef6d78807dfcd583631904ac84133ef8449398b7d0b8c08669da1188ff0b81d5a78c8adc0a022f8e3b819f18b5fc1081fe13180a7b67344a1e25b8b5138516c0bab0972c23ccc0a4f6ff5167d0582b60dbfcb51c551c0366e785b151e2b698ad326143f3e9e48638ded3b521f932d207730f91716b4a3bb8bceed94d2742124dcd5155de53c6ee2a2b346db338df7997916184d10f2e9b1710e500c0378640dacc0d078afb82cc759b7f00088080772c78f46dc373260b8a1b60a20c460a18fcb709e77345c0eb921df4dc69aabf3d6bb00b27a671b6b8083c179890aa958a63be80c16879e0c18780a624fee30afd0ac3d2584a0ffcf8bd36ef1c3f50c0848e598ab96d8ebc7b928ed34e45b0c45079da029af625fd924af168d264d5863a5ba3e45ba2fc1d2cebd0dfa11db80e6d94252b12d765bfe410ecc616b8a76448ccff27d977a32059ddc094207f41ba4402677801dcd84c576a1118bd15c74fcffd756a7fde78d0f64b5216fa587417372532aac7d4145ef3facdc748b8b21e3150fa2ece09f3772eb7e053a0b5336cf2a218d73c939ce0441866fbf9abc82712ff7495eaf480e9b39d625f110bb95b5d8aef820843e4849aecb2e9f51f0ea8c6bc8f9dc9d7c69562d05d865e1f6ea7a2b7def9512860d8ff37cff537906747ecdf8ea490ddc59e0e31d7fbb39a49a0cf061365e17fd7848efd5e20e8c96c55a2378c5a6536a7142215479b6d3613e1dc391568ce56e212798636adf08aee6d948c7b998429b24ce7435ce9dc1cca7ac00b87c39b22d5d7caf58442baaa351fa815708a8221a4dd0bbe3cf5d181b8e28329672dacb849cb4a717ff778fe5ee0b3336feff87fc9bdcfca7325c53128f64804911e12409739675015639ff953f5fceea1cd86c1d633ed3f8c5ce00ea4d2902f741239396137c14ceda918b44a4a2dad52aff360505d954b17b863ca03e387fefc29b2300084409b1313b0f3c251f88fec3385e2287acd79c0680bee51e0a049bc111f3521f25e2fcf26c3756180e5601934c7b4ff5ef32a6c3da8606fd0ef7e410385a00c60a51f16e8cbeb109a8b9b132ae0dd02a40a1a7c6e397949d3721b2bea1de86ca29e4d85f997a3303cee9332fcdc0427ddb4977b03079b3a1bc95497a34ff5e07a45136af57a86a244ee7e9c493c1513a75f5b9ba9319db5322a6bf7c8c4822e9d9a42ad593522523d70dca4109b3b64b56dc944ce3d39b2bf5a9d360ad61e7d5c08b133459a9ac76341ebf8ecc11e6db425383fb68157f7b18a2209b4a4fc81ba44c9f593159772fd9f8f574d99ec59bb0581d10e185a6e9e4c9525547cdbacb7b7a663d4de2b19c3e10d596c082b0106cfa2b21d6c251af9773b3ab4079a411c658b311920ce0c9341aa788a1b12ac50ba3e836febf6e25422fe4745c854a543676a1665e9609782d054042c080689bffe076e37e485367e156b1d1b6ec561ad90bcf4717d4812108001b8f5c1e48ddf82ebd3e409064ae2f4bd9c94253cdd1705748ca2a36ee316eb47f928710593eeac2d1f1e9fc437715b01e47dc913a992a4bd8c7462adf35769a6c66d0f6b9650b2d1de0a8f49143e76963562777d4dee3ba46745491b97473bd636ca34986b54af65ab0f626515977ec9bf941fa6e638a9a98aea60c677afd70aac9be659c98d7881bfc724ce89f62706bd0405d3b7942c85895a0c773b21c1bc751dc446997c823adc2905f72151d8721b7bbc9f546856e5064206c02b17d82908b175edce2e4be1d82127d5a09cc2b5bca1c37c4a6d9d97e79c142641100175ae4ab628b23a8e8f227a3fed541f81cc8dc65c189ada5b012b1f2ba6d73efdf19ea30d87302f176125006fcf38c25a4c22d82ae3e6dbff421297696a8730430de25449148bd03171a22513134fd2853c5b7ec88d6638fdc315daf9b05eb30c6e2cc55acbb7a3ad111bb5edbc7175729590e4557c1e349e48cb65adbf85f2c1b9831176af4b0275b6a77ee07337509bc37976c01502b0680a5b259614b9f4160b12eba9334e45844552cc8815f8921bdec3712e14f753c015daf4f9770bfad2cb27483f6a99256d7143c683bf2685cf07b75b3c31a2922db58066c3dd6a634dc16edc8a1a5379a096ab9799fe81b539e1ddadae079812e84184edb89ad3302c1a03468e1d375fff7ea60fe682c49da526da1b1662d079e0e253f0a559a1352ceb2885e16d1f6a7d0d1e874436a05e6a38a5a64d5ea395ba587a55ce6c527a7cd2d63dead734911a72a1fe9e4bceba3e9a53bab8fe57f34a57d79b95baa6102699685385523d64406c0afa60302e641e29899b8abc695860a182990e0fcd01773b9b52d8d34b9120622cc46bf8927ab05e4da84e53b6507702695aedd39a22a894fbfa7c53f3beed8728fae9cd9604f5fa78ebff52c5f2f300b9c56a7b6d6248d23bd2ecc465aa25ae106a4e0da57281183d9ec58d58c4c9d4c69ce22b06525bf5c1fbe397964207d8c4f2cbd964d93cfd558e736052fd232b710c5e11ae58bfd67dc3f777850094a818a9bc3290fa46e92e092a45b163d578d8a27711a4864a2a44ae61bfdf62a4bd1b69f7c6ab79a73866e51545d5664f835f15476f5e887772ea2b840b8cff878279922b6ef91520397499ba2544d238f20eb624ef5bc02fdcd509d37b28d6826cd21", 0x1000}], 0x5, 0x5, 0x80000000)

3m34.651671069s ago: executing program 3 (id=1542):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000480)={0x18, 0x3, &(0x7f0000001e80)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x6, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, 0x0, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="14000000100001005d790000000000000500000a600000001d0a0b04000000000000fb380200000234000480300001800b00010074617267657400002000028008000240000000010800030002b511120c0001004e465155455545000900010073797a3000000000090002"], 0x88}}, 0x0)

3m34.571847535s ago: executing program 3 (id=1543):
r0 = socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000080)={'vxcan1\x00', <r1=>0x0})
connect$can_bcm(r0, &(0x7f0000000300)={0x1d, r1}, 0x10) (async, rerun: 64)
sendmsg$can_bcm(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000480)=ANY=[@ANYBLOB="05"], 0x48}}, 0x0) (rerun: 64)
r2 = socket$nl_route(0x10, 0x3, 0x0) (async)
sendmsg$NFQNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x1c}}, 0x0) (async, rerun: 64)
r3 = socket$nl_route(0x10, 0x3, 0x0) (async, rerun: 64)
r4 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r4, 0xaf01, 0x0) (async, rerun: 64)
r5 = eventfd(0xc) (rerun: 64)
ioctl$VHOST_SET_LOG_FD(r4, 0x4004af07, &(0x7f0000000240)=r5) (async)
ioctl$VHOST_SET_VRING_KICK(r4, 0x4008af20, &(0x7f0000000040)={0x1, r5}) (async)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x11, 0x10, &(0x7f0000000200)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, {{0x18, 0x1, 0x1, 0x0, r6}}, {}, [@call={0x85, 0x0, 0x0, 0xf}], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000180)='signal_generate\x00', r7}, 0x18)
syz_open_procfs$namespace(0x0, 0xfffffffffffffffe) (async)
ioctl$VHOST_SET_VRING_ADDR(r4, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f00000002c0)=""/82, 0x0}) (async)
ioctl$VHOST_SET_VRING_ADDR(r4, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74, 0x8080000}) (async)
ioctl$VHOST_SET_MEM_TABLE(r4, 0x4008af03, &(0x7f0000000180)) (async)
ioctl$VHOST_VSOCK_SET_RUNNING(r4, 0x4004af61, &(0x7f0000000000)=0x1)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000026c0)=ANY=[@ANYBLOB="2000000010000107feffffff000000000a0000000c0002006e6c3830323131"], 0x20}}, 0x0)
recvmmsg(r8, &(0x7f00000002c0)=[{{0x0, 0x0, &(0x7f0000002500)=[{&(0x7f0000000380)=""/4096, 0x1000}], 0x1}, 0x80000007}], 0x1, 0x0, 0x0) (async)
ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f00000000c0)={'vxcan1\x00', <r9=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000004c00)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x74, r9}}, 0x24}, 0x1, 0xf0ffffffffffff}, 0x0) (async, rerun: 64)
r10 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00') (rerun: 64)
statx(r10, 0x0, 0x1000, 0x7ff, &(0x7f0000000100)) (async, rerun: 64)
close(0x3) (rerun: 64)

3m34.521548405s ago: executing program 3 (id=1544):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
r2 = syz_io_uring_setup(0x1ee6, &(0x7f0000000380)={0x0, 0xfbc6, 0x10100, 0x8000003, 0x35f, 0x0, r1}, &(0x7f00000001c0)=<r3=>0x0, &(0x7f0000000100)=<r4=>0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {0x230}})
io_uring_enter(r2, 0x2ded, 0x4000, 0x0, 0x0, 0x0)
r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x60240)
readv(r5, &(0x7f0000000080)=[{&(0x7f0000002600)=""/46, 0x2e}], 0x1)
socketpair(0x2, 0x80003, 0xff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
set_mempolicy(0x8000, 0x0, 0xc)
set_mempolicy(0x1, &(0x7f00000000c0)=0x1, 0x4)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x200000a, 0x4c831, 0xffffffffffffffff, 0xe6806000)

3m34.280598033s ago: executing program 3 (id=1545):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=@updpolicy={0xfc, 0x19, 0x1, 0x0, 0x0, {{@in6=@rand_addr=' \x01\x00', @in=@local, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xa9, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xa00, 0x40800000000000, 0x800000000000000}, 0x10000000}, [@tmpl={0x44, 0x5, [{{@in=@local, 0x0, 0x3c}, 0x0, @in=@broadcast, 0x0, 0x0, 0x3}]}]}, 0xfc}}, 0x0)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000005c0)=ANY=[@ANYBLOB="cc000000210001000000000000000000fe8000000000000000000000000000bbac1e0001000000000000000000000000000000040000fffe0a00000032000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000005000110000000000000000000000000000000001e00000020000000000000000000000000a0100ff000000000000000000000000fe8000000000000000000000000000aa3c000000000000000a0002002c0013"], 0xcc}, 0x1, 0x0, 0x0, 0x10}, 0x0)

3m34.280360636s ago: executing program 3 (id=1546):
r0 = openat$urandom(0xffffffffffffff9c, &(0x7f0000000000), 0x103902, 0x0)
r1 = socket(0x23, 0x2, 0x1)
sendfile(r1, r0, 0x0, 0x80000000000001)
r2 = syz_open_dev$mouse(&(0x7f00000000c0), 0x0, 0x2042)
r3 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
r4 = syz_open_dev$usbmon(&(0x7f00000002c0), 0x13dd, 0xc01)
mount$9p_fd(0x0, &(0x7f00000001c0)='.\x00', &(0x7f0000000240), 0x8080, &(0x7f0000000300)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
write$RDMA_USER_CM_CMD_CREATE_ID(r2, 0x0, 0x0)
r5 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/sysvipc/msg\x00', 0x0, 0x0)
r6 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
mount$9p_fd(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000180), 0x0, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r5}, 0x2c, {'wfdno', 0x3d, r6}})
ioctl$DMA_HEAP_IOCTL_ALLOC(r5, 0xc0184800, &(0x7f0000000040)={0xfffffffffffffffb, r6, 0x80000})

3m19.16541804s ago: executing program 32 (id=1546):
r0 = openat$urandom(0xffffffffffffff9c, &(0x7f0000000000), 0x103902, 0x0)
r1 = socket(0x23, 0x2, 0x1)
sendfile(r1, r0, 0x0, 0x80000000000001)
r2 = syz_open_dev$mouse(&(0x7f00000000c0), 0x0, 0x2042)
r3 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
r4 = syz_open_dev$usbmon(&(0x7f00000002c0), 0x13dd, 0xc01)
mount$9p_fd(0x0, &(0x7f00000001c0)='.\x00', &(0x7f0000000240), 0x8080, &(0x7f0000000300)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
write$RDMA_USER_CM_CMD_CREATE_ID(r2, 0x0, 0x0)
r5 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/sysvipc/msg\x00', 0x0, 0x0)
r6 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
mount$9p_fd(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000180), 0x0, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r5}, 0x2c, {'wfdno', 0x3d, r6}})
ioctl$DMA_HEAP_IOCTL_ALLOC(r5, 0xc0184800, &(0x7f0000000040)={0xfffffffffffffffb, r6, 0x80000})

2m0.125875684s ago: executing program 1 (id=911):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000240)=ANY=[@ANYBLOB="1800000012000100000000000000000008003600", @ANYRES32, @ANYBLOB="206265265b27b664d03afcf240e942757177ab3053853c79330d9d79b4a15ef0845b9c6bbdff4544f59eeed65a64f92ca17f15e16babcaf3f06a23bc191ee5f728af5477218c75eef816aa772fe7f8a1c603f7efac568fe71070f5e09a05b0646d42f79059"], 0x18}], 0x1}, 0x0)
shutdown(r0, 0x1)
r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r3}, 0x10)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x1e, 0x6, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
socket$inet_tcp(0x2, 0x1, 0x0)
epoll_create1(0x0)
close(0xffffffffffffffff)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r4, 0x6, 0x13, &(0x7f0000000000)=0x200, 0x4)
connect$inet6(r4, &(0x7f0000000200)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c)
io_uring_setup(0x5ef3, &(0x7f00000002c0)={0x0, 0xa0fd, 0x0, 0x1, 0xa1})
r5 = socket$kcm(0x2, 0x5, 0x84)
sendmsg$inet(r5, &(0x7f0000002980)={&(0x7f0000000180)={0x2, 0x0, @dev}, 0x10, &(0x7f0000001400)=[{&(0x7f0000001800)='_', 0x1}], 0x1}, 0x4000000)
setsockopt$sock_attach_bpf(r5, 0x84, 0x1e, &(0x7f0000000000), 0x10)
r6 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000000)={'veth0_vlan\x00'})
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), 0xffffffffffffffff)
sendmsg$NL80211_CMD_VENDOR(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="ece9c8242bdb516f4192ef2b6dfd676e1600482eb10825a1c8766606d10bd791436ca2efb61fe4778f0e4dad0221cc762439f32a7150c8970fde789a928fc72bba712fc2a307e4220fb489a3890893f669107cd5c7fc10268acb7838df60128fa8b9a8527e33c148a6107f5d3f9c929482b5b55a436ea438155feb10294bbbbb473397d61f8f7e4f67302def340e45b0aded44f9af462ce429e4e825affa073d308c4c", @ANYRES16=r7, @ANYBLOB="01070000000000000000670000000c009900040000"], 0x30}}, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, 0x0)
chdir(&(0x7f0000000300)='./file0\x00')
openat$dsp(0xffffffffffffff9c, &(0x7f00000003c0), 0x840, 0x0)
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0)
fcntl$lock(r8, 0x25, &(0x7f00000000c0))
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0)

1m53.228205738s ago: executing program 1 (id=911):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000240)=ANY=[@ANYBLOB="1800000012000100000000000000000008003600", @ANYRES32, @ANYBLOB="206265265b27b664d03afcf240e942757177ab3053853c79330d9d79b4a15ef0845b9c6bbdff4544f59eeed65a64f92ca17f15e16babcaf3f06a23bc191ee5f728af5477218c75eef816aa772fe7f8a1c603f7efac568fe71070f5e09a05b0646d42f79059"], 0x18}], 0x1}, 0x0)
shutdown(r0, 0x1)
r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r3}, 0x10)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x1e, 0x6, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
socket$inet_tcp(0x2, 0x1, 0x0)
epoll_create1(0x0)
close(0xffffffffffffffff)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r4, 0x6, 0x13, &(0x7f0000000000)=0x200, 0x4)
connect$inet6(r4, &(0x7f0000000200)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c)
io_uring_setup(0x5ef3, &(0x7f00000002c0)={0x0, 0xa0fd, 0x0, 0x1, 0xa1})
r5 = socket$kcm(0x2, 0x5, 0x84)
sendmsg$inet(r5, &(0x7f0000002980)={&(0x7f0000000180)={0x2, 0x0, @dev}, 0x10, &(0x7f0000001400)=[{&(0x7f0000001800)='_', 0x1}], 0x1}, 0x4000000)
setsockopt$sock_attach_bpf(r5, 0x84, 0x1e, &(0x7f0000000000), 0x10)
r6 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000000)={'veth0_vlan\x00'})
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), 0xffffffffffffffff)
sendmsg$NL80211_CMD_VENDOR(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="ece9c8242bdb516f4192ef2b6dfd676e1600482eb10825a1c8766606d10bd791436ca2efb61fe4778f0e4dad0221cc762439f32a7150c8970fde789a928fc72bba712fc2a307e4220fb489a3890893f669107cd5c7fc10268acb7838df60128fa8b9a8527e33c148a6107f5d3f9c929482b5b55a436ea438155feb10294bbbbb473397d61f8f7e4f67302def340e45b0aded44f9af462ce429e4e825affa073d308c4c", @ANYRES16=r7, @ANYBLOB="01070000000000000000670000000c009900040000"], 0x30}}, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, 0x0)
chdir(&(0x7f0000000300)='./file0\x00')
openat$dsp(0xffffffffffffff9c, &(0x7f00000003c0), 0x840, 0x0)
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0)
fcntl$lock(r8, 0x25, &(0x7f00000000c0))
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0)

1m46.340794546s ago: executing program 1 (id=911):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000240)=ANY=[@ANYBLOB="1800000012000100000000000000000008003600", @ANYRES32, @ANYBLOB="206265265b27b664d03afcf240e942757177ab3053853c79330d9d79b4a15ef0845b9c6bbdff4544f59eeed65a64f92ca17f15e16babcaf3f06a23bc191ee5f728af5477218c75eef816aa772fe7f8a1c603f7efac568fe71070f5e09a05b0646d42f79059"], 0x18}], 0x1}, 0x0)
shutdown(r0, 0x1)
r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r3}, 0x10)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x1e, 0x6, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
socket$inet_tcp(0x2, 0x1, 0x0)
epoll_create1(0x0)
close(0xffffffffffffffff)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r4, 0x6, 0x13, &(0x7f0000000000)=0x200, 0x4)
connect$inet6(r4, &(0x7f0000000200)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c)
io_uring_setup(0x5ef3, &(0x7f00000002c0)={0x0, 0xa0fd, 0x0, 0x1, 0xa1})
r5 = socket$kcm(0x2, 0x5, 0x84)
sendmsg$inet(r5, &(0x7f0000002980)={&(0x7f0000000180)={0x2, 0x0, @dev}, 0x10, &(0x7f0000001400)=[{&(0x7f0000001800)='_', 0x1}], 0x1}, 0x4000000)
setsockopt$sock_attach_bpf(r5, 0x84, 0x1e, &(0x7f0000000000), 0x10)
r6 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000000)={'veth0_vlan\x00'})
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), 0xffffffffffffffff)
sendmsg$NL80211_CMD_VENDOR(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="ece9c8242bdb516f4192ef2b6dfd676e1600482eb10825a1c8766606d10bd791436ca2efb61fe4778f0e4dad0221cc762439f32a7150c8970fde789a928fc72bba712fc2a307e4220fb489a3890893f669107cd5c7fc10268acb7838df60128fa8b9a8527e33c148a6107f5d3f9c929482b5b55a436ea438155feb10294bbbbb473397d61f8f7e4f67302def340e45b0aded44f9af462ce429e4e825affa073d308c4c", @ANYRES16=r7, @ANYBLOB="01070000000000000000670000000c009900040000"], 0x30}}, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, 0x0)
chdir(&(0x7f0000000300)='./file0\x00')
openat$dsp(0xffffffffffffff9c, &(0x7f00000003c0), 0x840, 0x0)
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0)
fcntl$lock(r8, 0x25, &(0x7f00000000c0))
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0)

1m38.522776745s ago: executing program 1 (id=911):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000240)=ANY=[@ANYBLOB="1800000012000100000000000000000008003600", @ANYRES32, @ANYBLOB="206265265b27b664d03afcf240e942757177ab3053853c79330d9d79b4a15ef0845b9c6bbdff4544f59eeed65a64f92ca17f15e16babcaf3f06a23bc191ee5f728af5477218c75eef816aa772fe7f8a1c603f7efac568fe71070f5e09a05b0646d42f79059"], 0x18}], 0x1}, 0x0)
shutdown(r0, 0x1)
r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r3}, 0x10)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x1e, 0x6, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
socket$inet_tcp(0x2, 0x1, 0x0)
epoll_create1(0x0)
close(0xffffffffffffffff)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r4, 0x6, 0x13, &(0x7f0000000000)=0x200, 0x4)
connect$inet6(r4, &(0x7f0000000200)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c)
io_uring_setup(0x5ef3, &(0x7f00000002c0)={0x0, 0xa0fd, 0x0, 0x1, 0xa1})
r5 = socket$kcm(0x2, 0x5, 0x84)
sendmsg$inet(r5, &(0x7f0000002980)={&(0x7f0000000180)={0x2, 0x0, @dev}, 0x10, &(0x7f0000001400)=[{&(0x7f0000001800)='_', 0x1}], 0x1}, 0x4000000)
setsockopt$sock_attach_bpf(r5, 0x84, 0x1e, &(0x7f0000000000), 0x10)
r6 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000000)={'veth0_vlan\x00'})
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), 0xffffffffffffffff)
sendmsg$NL80211_CMD_VENDOR(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="ece9c8242bdb516f4192ef2b6dfd676e1600482eb10825a1c8766606d10bd791436ca2efb61fe4778f0e4dad0221cc762439f32a7150c8970fde789a928fc72bba712fc2a307e4220fb489a3890893f669107cd5c7fc10268acb7838df60128fa8b9a8527e33c148a6107f5d3f9c929482b5b55a436ea438155feb10294bbbbb473397d61f8f7e4f67302def340e45b0aded44f9af462ce429e4e825affa073d308c4c", @ANYRES16=r7, @ANYBLOB="01070000000000000000670000000c009900040000"], 0x30}}, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, 0x0)
chdir(&(0x7f0000000300)='./file0\x00')
openat$dsp(0xffffffffffffff9c, &(0x7f00000003c0), 0x840, 0x0)
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0)
fcntl$lock(r8, 0x25, &(0x7f00000000c0))
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0)

1m30.147490625s ago: executing program 1 (id=911):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000240)=ANY=[@ANYBLOB="1800000012000100000000000000000008003600", @ANYRES32, @ANYBLOB="206265265b27b664d03afcf240e942757177ab3053853c79330d9d79b4a15ef0845b9c6bbdff4544f59eeed65a64f92ca17f15e16babcaf3f06a23bc191ee5f728af5477218c75eef816aa772fe7f8a1c603f7efac568fe71070f5e09a05b0646d42f79059"], 0x18}], 0x1}, 0x0)
shutdown(r0, 0x1)
r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r3}, 0x10)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x1e, 0x6, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
socket$inet_tcp(0x2, 0x1, 0x0)
epoll_create1(0x0)
close(0xffffffffffffffff)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r4, 0x6, 0x13, &(0x7f0000000000)=0x200, 0x4)
connect$inet6(r4, &(0x7f0000000200)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c)
io_uring_setup(0x5ef3, &(0x7f00000002c0)={0x0, 0xa0fd, 0x0, 0x1, 0xa1})
r5 = socket$kcm(0x2, 0x5, 0x84)
sendmsg$inet(r5, &(0x7f0000002980)={&(0x7f0000000180)={0x2, 0x0, @dev}, 0x10, &(0x7f0000001400)=[{&(0x7f0000001800)='_', 0x1}], 0x1}, 0x4000000)
setsockopt$sock_attach_bpf(r5, 0x84, 0x1e, &(0x7f0000000000), 0x10)
r6 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000000)={'veth0_vlan\x00'})
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), 0xffffffffffffffff)
sendmsg$NL80211_CMD_VENDOR(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="ece9c8242bdb516f4192ef2b6dfd676e1600482eb10825a1c8766606d10bd791436ca2efb61fe4778f0e4dad0221cc762439f32a7150c8970fde789a928fc72bba712fc2a307e4220fb489a3890893f669107cd5c7fc10268acb7838df60128fa8b9a8527e33c148a6107f5d3f9c929482b5b55a436ea438155feb10294bbbbb473397d61f8f7e4f67302def340e45b0aded44f9af462ce429e4e825affa073d308c4c", @ANYRES16=r7, @ANYBLOB="01070000000000000000670000000c009900040000"], 0x30}}, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, 0x0)
chdir(&(0x7f0000000300)='./file0\x00')
openat$dsp(0xffffffffffffff9c, &(0x7f00000003c0), 0x840, 0x0)
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0)
fcntl$lock(r8, 0x25, &(0x7f00000000c0))
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0)

45.168799701s ago: executing program 1 (id=911):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000240)=ANY=[@ANYBLOB="1800000012000100000000000000000008003600", @ANYRES32, @ANYBLOB="206265265b27b664d03afcf240e942757177ab3053853c79330d9d79b4a15ef0845b9c6bbdff4544f59eeed65a64f92ca17f15e16babcaf3f06a23bc191ee5f728af5477218c75eef816aa772fe7f8a1c603f7efac568fe71070f5e09a05b0646d42f79059"], 0x18}], 0x1}, 0x0)
shutdown(r0, 0x1)
r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r3}, 0x10)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x1e, 0x6, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
socket$inet_tcp(0x2, 0x1, 0x0)
epoll_create1(0x0)
close(0xffffffffffffffff)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r4, 0x6, 0x13, &(0x7f0000000000)=0x200, 0x4)
connect$inet6(r4, &(0x7f0000000200)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c)
io_uring_setup(0x5ef3, &(0x7f00000002c0)={0x0, 0xa0fd, 0x0, 0x1, 0xa1})
r5 = socket$kcm(0x2, 0x5, 0x84)
sendmsg$inet(r5, &(0x7f0000002980)={&(0x7f0000000180)={0x2, 0x0, @dev}, 0x10, &(0x7f0000001400)=[{&(0x7f0000001800)='_', 0x1}], 0x1}, 0x4000000)
setsockopt$sock_attach_bpf(r5, 0x84, 0x1e, &(0x7f0000000000), 0x10)
r6 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000000)={'veth0_vlan\x00'})
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), 0xffffffffffffffff)
sendmsg$NL80211_CMD_VENDOR(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="ece9c8242bdb516f4192ef2b6dfd676e1600482eb10825a1c8766606d10bd791436ca2efb61fe4778f0e4dad0221cc762439f32a7150c8970fde789a928fc72bba712fc2a307e4220fb489a3890893f669107cd5c7fc10268acb7838df60128fa8b9a8527e33c148a6107f5d3f9c929482b5b55a436ea438155feb10294bbbbb473397d61f8f7e4f67302def340e45b0aded44f9af462ce429e4e825affa073d308c4c", @ANYRES16=r7, @ANYBLOB="01070000000000000000670000000c009900040000"], 0x30}}, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, 0x0)
chdir(&(0x7f0000000300)='./file0\x00')
openat$dsp(0xffffffffffffff9c, &(0x7f00000003c0), 0x840, 0x0)
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0)
fcntl$lock(r8, 0x25, &(0x7f00000000c0))
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0)

5.958360652s ago: executing program 4 (id=2471):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000380)={'vcan0\x00', <r1=>0x0})
r2 = epoll_create1(0x0)
r3 = socket$inet_udplite(0x2, 0x2, 0x88)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r3, &(0x7f00000002c0)={0x60000003})
epoll_ctl$EPOLL_CTL_MOD(r2, 0x3, r3, &(0x7f0000000040)={0x4})
r4 = socket$can_j1939(0x1d, 0x2, 0x7)
bind$can_j1939(r4, &(0x7f0000000080)={0x1d, r1, 0x0, {0x0, 0x0, 0x4}, 0xfe}, 0x18)
r5 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r5, 0x5423, &(0x7f0000000100)=0x2)
socket$alg(0x26, 0x5, 0x0)
ioctl$TIOCSETD(r5, 0x5423, &(0x7f0000000040)=0xf)
ioctl$TIOCVHANGUP(r5, 0x5437, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)=ANY=[@ANYBLOB="50000000090601020000000000000000020000000900020073797a31000000000500010007000000280007800c00018008000140ffffffff0500070084000000060004404e220000060005"], 0x50}, 0x1, 0x0, 0x0, 0x10000082}, 0x80)
r7 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_int(r7, 0x0, 0x15, &(0x7f0000000040)=0x3, 0x4)
fsopen(0x0, 0x0)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r8 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r8, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r9=>0xffffffffffffffff, <r10=>0xffffffffffffffff})
connect$unix(r9, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r10, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r8, 0x8, &(0x7f0000000240)=0x2)

5.0597553s ago: executing program 4 (id=2472):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x88, 0x30, 0x4, 0x0, 0x0, {}, [{0x74, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x2c, 0x1, 0x0, 0x0, {{0x8}, {0x4}, {0x4}, {0xc}, {0xc}}}]}]}, 0x88}, 0x1, 0x0, 0x0, 0x804}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="fd92be527dbca9f1e977011690bcf5790312262a69707e4c621b2a1c424e0ceec070391443aa74fed573d7a50cd9eefbeade88fb", @ANYRESHEX=r0, @ANYRES32, @ANYRES16=r0, @ANYRES32, @ANYBLOB="0100000000000000000000000000000fa788dabea72479dda3565a86965e341223644810f342931bdaf275472c466d53ee04a43eae75681808e658102d2342c8ea3a63d6b1d77239f467c4ad23e7873ccf2147aa8318aed91724c0017b4d68f35ef5375b6df13b300586aed4de9789570bb7d035642761f11cdb6cd5b0974316723b1188adb6b6b76b70587710d7534a18d13373a299952d6dc73aab63d83b745527d13503cc932da35f82e130c8e849a66104a389a4ade72f48639ec1598977eda5e02485be148a0cd56a74ebe5cd4f1be87791d07015cf8d1c30472702beb3407775b25462ec88f3ffe6a1830b75b68aef29bbe2697bbbcfde002fe30e9d6e564c9b54ec2d4b2609e4f4c9b600542f41147cca2a37a6a54c3ef6b44ba16d786574cc1849c9c9a5c420ab5a38e197b70d6b747a2966de8d273cbfb8969a63a563086f21e9dde75bdc43370eddf62d5577842a641b41a9b178ae29856efb72a81c139ac71f32e1a1f149118c567a95e303c19966"], 0x48)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x2, 0x8f}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socket$igmp6(0xa, 0x3, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
ioctl$VHOST_SET_LOG_FD(0xffffffffffffffff, 0x4004af07, &(0x7f0000000280))
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
r5 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r5, 0xc004500a, &(0x7f0000000240)=0x28e)
ioctl$SNDCTL_DSP_CHANNELS(r5, 0xc0045006, &(0x7f00000001c0)=0x2)
ioctl$SNDCTL_DSP_SPEED(r5, 0xc0045002, &(0x7f00000000c0))
read$dsp(r5, &(0x7f0000000300)=""/79, 0x4f)
unlink(&(0x7f0000000000)='./file0\x00')
timer_create(0x0, &(0x7f0000000240)={0x0, 0x21}, &(0x7f0000bbdffc))
init_module(&(0x7f0000000400)=ANY=[@ANYBLOB="7f454c4605010c05810000000000000000000000f8ffff3900000000000000030100000000000013ba0000c40038000100b802c8d60200040000000300000080000000000000000200000000000000feffffffffffffff0000000000000000ffffff7f00000000fdffffffffffffff000000000000000000"], 0x78, 0x0)
sendto$inet6(r4, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)

3.038643038s ago: executing program 0 (id=2475):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, &(0x7f00000006c0)=ANY=[], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x41100, 0x45, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000200)={0x5}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000380)=ANY=[@ANYBLOB="34000000100001f8ffffff000000000000000000", @ANYRES32=0x0, @ANYBLOB="00f0ffffffffffff0c002b8008000100", @ANYRES32=r1, @ANYBLOB="08001b"], 0x34}}, 0x4004010)
r5 = socket(0x2, 0x3, 0x6)
bind$inet(r5, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10)
sendto$inet(r5, 0x0, 0x0, 0x0, &(0x7f0000000600)={0x2, 0x0, @remote}, 0x10)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x8)
recvmsg$unix(r5, &(0x7f0000000140)={&(0x7f00000000c0)=@abs, 0x6e, &(0x7f0000000040)=[{&(0x7f0000000280)=""/199, 0xc7}], 0x1, &(0x7f0000000380)=[@cred={{0x18}}, @cred={{0x18}}, @rights={{0x10, 0x1, 0x1, [0xffffffffffffffff]}}, @cred={{0x18}}, @cred={{0x18}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x88}, 0x40)

2.239303929s ago: executing program 2 (id=2476):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_DEBUG_SET(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001500)={&(0x7f0000000300)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000008000000180001801400020073797a5f74756e0000009e000000000018000280"], 0x44}}, 0x0)

2.23901679s ago: executing program 2 (id=2477):
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x18, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000580)='sched_switch\x00', r0}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[], 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r1 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000140), 0x315500, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0xffffffb3, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = socket$inet_tcp(0x2, 0x1, 0x0)
syz_io_uring_setup(0x239, &(0x7f0000000300)={0x0, 0x200000, 0x8000, 0xfffffffd, 0x37b}, 0x0, 0x0)
r6 = openat$ttyprintk(0xffffffffffffff9c, 0x0, 0x22802, 0x0)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000040)=0xe)
ppoll(&(0x7f0000000280)=[{r6, 0x20}], 0x1, 0x0, 0x0, 0x0)
ioctl$PTP_PEROUT_REQUEST(r1, 0x40383d03, &(0x7f00000000c0)={{0x5, 0xab3}, {0x2, 0x3}, 0x1, 0x1})
writev(r6, 0x0, 0x0)
connect$inet(r5, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
sendto$inet(r5, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0)
recvfrom$inet(r5, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x720, 0x0, 0xfffffffffffffd25)
creat(&(0x7f00000002c0)='./file0\x00', 0x6)

2.238550442s ago: executing program 4 (id=2478):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x84042, 0x0)
r1 = syz_open_dev$loop(&(0x7f0000000080), 0x47ffffa, 0x122c42)
socket(0x1d, 0x6, 0x9)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x20, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000a0000000000000095"], &(0x7f0000000900)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @netfilter=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r6 = bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000080)={r5, 0xffffffffffffffff, 0x2d, 0x0, @val=@netfilter={0xa, 0x0, 0x5, 0x1}}, 0x20)
close_range(r6, r6, 0x0)
ioctl$LOOP_CONFIGURE(r1, 0x4c0a, &(0x7f0000001ac0)={r0, 0x0, {0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x4, "339f020bbe82b398000000000000000000000d0ec0c1b4e9b1c4369d03740250ceaac594b1b3d741dd17c1c50d38ef2a565ef1e83323691c58d66500", "a9103939c787a16c1ca43f80026d1a8554fe581b59ded130e04d528539f3d3289737f0374c72a964a02447a75df8a69ea917deb7ba193b3e7772fd29f35239d2", "24431a1e77a68e174f000000000000000010e200"}})
r7 = dup(r1)
read$FUSE(r7, &(0x7f0000003c40)={0x2020}, 0xffffff0a)

2.031500418s ago: executing program 0 (id=2479):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x5, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r2}, 0x10)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000680)=ANY=[@ANYBLOB="4c00000010004b0422000000000000007a000000", @ANYRES32=0x0, @ANYBLOB="00000000000000002c0012800b00010062726964676500001c00028008000400000020000800150000000000050016"], 0x4c}, 0x1, 0x0, 0x0, 0x200400a0}, 0x0)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000200)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f00000002c0)=0x14)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r3, 0x8933, &(0x7f0000000300)={'batadv0\x00', <r5=>0x0})
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000340)={'pim6reg0\x00', <r6=>0x0})
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000400)={r0, 0x58, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r7=>0x0}}, 0x10)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000840)={r1, 0xe0, &(0x7f0000000740)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, &(0x7f00000004c0)=[0x0, 0x0, 0x0], ""/16, <r8=>0x0, 0x0, 0x0, 0x0, 0x4, 0x1, &(0x7f0000000500)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000540)=[0x0], 0x0, 0x16, &(0x7f0000000580)=[{}], 0x8, 0x10, &(0x7f00000005c0), &(0x7f0000000600), 0x8, 0xae, 0x8, 0x8, &(0x7f0000000700)}}, 0x10)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r9=>0xffffffffffffffff})
r10 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r10, 0x107, 0xf, &(0x7f0000000080)=0x81, 0x43)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f00000000c0)={'ip6gretap0\x00', <r11=>0x0})
sendto$packet(r10, &(0x7f0000000180)="0b036800e0ff64000200475400f6a13bb10000000800894f4803", 0x100a6, 0x0, &(0x7f0000000140)={0x11, 0x0, r11}, 0x14)
r12 = socket$netlink(0x10, 0x3, 0x0)
r13 = socket$netlink(0x10, 0x3, 0x0)
r14 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r14, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={&(0x7f0000000a80)=ANY=[], 0x14}}, 0x0)
getsockname$packet(r14, &(0x7f0000000100)={0x11, 0x0, <r15=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r13, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r15, @ANYBLOB="01000000020000001c0012000c000100626f6e64000000000c0002000800010005"], 0x3c}}, 0x0)
sendmsg$nl_route(r12, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)=@newlink={0x54, 0x10, 0xffffff1f, 0x70bd29, 0x80, {0x0, 0x0, 0x0, 0x0, 0x0, 0x3f00}, [@IFLA_LINKINFO={0x2c, 0x12, 0x0, 0x1, @gretap={{0xb}, {0x1c, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_SPORT={0x6, 0x10, 0x4e20}, @IFLA_GRE_FWMARK={0x8, 0x14, 0xf3a}, @IFLA_GRE_REMOTE={0x8, 0x7, @rand_addr=0x64010101}]}}}, @IFLA_MASTER={0x8, 0xa, r15}]}, 0x54}}, 0x0)
getsockname$packet(r1, &(0x7f0000000880)={0x11, 0x0, <r16=>0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f00000008c0)=0x14)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000980)={'erspan0\x00', &(0x7f0000000900)={'gre0\x00', <r17=>0x0, 0x1, 0x7800, 0xff8000, 0x5, {{0xa, 0x4, 0x3, 0x3, 0x28, 0x65, 0x0, 0x6, 0x4, 0x0, @dev={0xac, 0x14, 0x14, 0x40}, @local, {[@rr={0x7, 0x7, 0x12, [@dev={0xac, 0x14, 0x14, 0x20}]}, @generic={0x94, 0xd, "4ec4905266e2b24d6839fa"}]}}}}})
r18 = socket(0x400000000010, 0x3, 0x0)
r19 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r19, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r20=>0x0})
sendmsg$nl_route_sched(r18, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newtfilter={0x8c, 0x2c, 0xd27, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r20, {0xb, 0xfff3}, {}, {0x7}}, [@filter_kind_options=@f_matchall={{0xd}, {0x58, 0x2, [@TCA_MATCHALL_ACT={0x54, 0x2, [@m_skbedit={0x50, 0x1, 0x0, 0x0, {{0xc}, {0x24, 0x2, 0x0, 0x1, [@TCA_SKBEDIT_QUEUE_MAPPING={0x6, 0x4, 0x2}, @TCA_SKBEDIT_PARMS={0x18, 0x2, {0xb380, 0x4, 0x0, 0xd87, 0x6}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x2, 0x3}}}}]}]}}]}, 0x8c}, 0x1, 0x0, 0x0, 0x10}, 0x0)
sendmsg$TEAM_CMD_PORT_LIST_GET(0xffffffffffffffff, &(0x7f0000000a00)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000009c0)={&(0x7f0000000b00)={0x350, 0x0, 0x100, 0x70bd2b, 0x25dfdbfe, {}, [{{0x8, 0x1, r4}, {0x170, 0x2, 0x0, 0x1, [{0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8, 0x4, r5}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0xcd}}, {0x8, 0x6, r6}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x3}}, {0x8, 0x6, r7}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r8}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0x4}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8, 0x4, r11}}, {0x8}}}]}}, {{0x8, 0x1, r15}, {0x3c, 0x2, 0x0, 0x1, [{0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0x4}}}]}}, {{0x8, 0x1, r16}, {0xbc, 0x2, 0x0, 0x1, [{0x6c, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x3c, 0x4, [{0x7, 0x1a, 0x9, 0x3}, {0x2, 0x2, 0xed, 0x1}, {0x8, 0x4, 0x7}, {0x8001, 0xc, 0x8, 0x1}, {0x0, 0xc4, 0x6, 0x9}, {0x9, 0x9, 0x0, 0x6}, {0x8, 0x73, 0x8, 0xafcf}]}}}, {0x4c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x19, 0x4, 'hash_to_port_mapping\x00'}}}]}}, {{0x8, 0x1, r17}, {0xb4, 0x2, 0x0, 0x1, [{0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x4}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8, 0x4, r20}}, {0x8}}}, {0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8}}}]}}]}, 0x350}, 0x1, 0x0, 0x0, 0x20008000}, 0x895)

1.785054805s ago: executing program 0 (id=2480):
add_key(&(0x7f0000000000)='big_key\x00', &(0x7f0000000280)={'syz', 0x1}, &(0x7f00000002c0)="1d", 0xfe3a, 0xfffffffffffffffe)
add_key(&(0x7f0000000000)='big_key\x00', &(0x7f0000000280)={'syz', 0x1}, &(0x7f00000002c0)="1d", 0xfe3a, 0xfffffffffffffffe)
r0 = syz_open_dev$dri(&(0x7f0000000080), 0x0, 0x0)
syz_emit_ethernet(0x22, &(0x7f00000001c0)={@local, @random="97c4864ef7a3", @void, {@ipv4={0x800, @generic={{0x5, 0x4, 0x0, 0x0, 0x14, 0x64, 0x0, 0x0, 0xc84cf8fe4733a687, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0xc}}}}}}, 0x0)
ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000000)=<r1=>0x0)
wait4(r1, &(0x7f0000000180), 0x2, &(0x7f0000000100))
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r0, 0xc02064b2, &(0x7f0000000040)={0x5, 0x6576, 0x9})
mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x4, 0x11, r0, 0x100004)

1.781858871s ago: executing program 0 (id=2481):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x48e80, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = socket$inet6_mptcp(0xa, 0x1, 0x106)
connect$inet6(r2, &(0x7f0000000280)={0xa, 0x0, 0x0, @dev, 0x4}, 0x1c)
setsockopt$sock_linger(r2, 0x1, 0xd, &(0x7f0000000040)={0x1, 0x3}, 0x8)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x200)
ioctl$KVM_SET_MP_STATE(r3, 0x4004ae99, &(0x7f0000000000)=0x3)
r4 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f0000000040)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000240)='pmap_register\x00', r5, 0x0, 0xf69}, 0x18)
sendmsg$netlink(r4, &(0x7f0000000040)={0x0, 0x20, &(0x7f0000002580)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="140000002500010000000000f100000006"], 0x14}], 0x1, 0x0, 0x0, 0x400048c0}, 0x0)
timer_create(0x0, &(0x7f0000000680)={0x0, 0x21, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount$afs(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='dyn'])
chdir(&(0x7f0000000340)='./file0\x00')
open_tree(0xffffffffffffff9c, &(0x7f0000000080)='./bus/file0\x00', 0x80001)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
socketpair$tipc(0x1e, 0x4, 0x0, &(0x7f0000000140)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
sendmsg$tipc(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000040)="fb6bba8839fe8bc048c0cdafd1f8a9918bc4055eaaeb6db4ee9bcb25b1811dbf40b3a7da5a8a64db04ed6dd26eea2e37229c339b1f91201c2796173864", 0x3d}], 0x1}, 0x0)
recvmsg(r6, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)=""/60, 0x3c}], 0x1, 0x0, 0xffd5}, 0x400061de)
r8 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_int(r8, 0x29, 0x31, &(0x7f0000000080)=0xffff7b6e, 0x4)
getsockopt$inet6_buf(r8, 0x29, 0x6, &(0x7f0000000700)=""/32, &(0x7f0000000680)=0x20)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x2, 0x0, @ioapic={0x0, 0x2, 0x3, 0xeffffdff, 0x0, [{0x0, 0x80}, {0x19, 0x5, 0x0, '\x00', 0x10}, {0xfc, 0x4}, {0xfe, 0x0, 0x7f, '\x00', 0x2}, {0x8, 0x0, 0x5, '\x00', 0x9}, {}, {0x0, 0x85, 0xbe}, {0x0, 0x6}, {0x0, 0x0, 0x0, '\x00', 0x7f}, {0x8, 0x6, 0xfe, '\x00', 0x42}, {0x0, 0x2}, {0x0, 0x50}, {0x4, 0x0, 0x4, '\x00', 0x3}, {0x1, 0x4e}, {0x2, 0x2, 0x4, '\x00', 0xfe}, {}, {0x1, 0x0, 0x4, '\x00', 0x4}, {0x0, 0x0, 0x0, '\x00', 0xfd}, {0x1, 0x4, 0x7, '\x00', 0x3}, {0x80, 0x0, 0x0, '\x00', 0x40}, {0x0, 0x4}, {0x0, 0x0, 0x0, '\x00', 0x70}, {0x1, 0x0, 0x0, '\x00', 0xe}, {0x10, 0x83, 0xe}]}})

1.50311379s ago: executing program 0 (id=2482):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ieee802154(&(0x7f0000000480), r0)
socket$igmp6(0xa, 0x3, 0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xd, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000851000000100000095000000000000001800000020646c2500000000002020207b1a00fe00000000bda100000000000007010000f8ffffffb702000008000000b70300000000000085000000760000009500000000000000d36b59ac17a572d7444fe29366d8bcacdf913a8e7588905bf6cca226529c4362b31459e7b4279afff4c2694ae6af0673360f5f96ef5a1ac0e05bc659ad42bbdb9ecb3c42ce5d05a416ac7e0ad3d191a0ccfc5c1cdea3b39fff977ac70ddc8bc224914807ac6f395547937f1fd63808af7b878a45cc9f3f2ea2b4bd64c17cb7076455af28b648efe74fae79b4394cdf4768329b12814da8aa9f56b174939daf3acad3c84504be68ce1c75805911cb0e7f9ceb7780c1ca316381ccd0"], &(0x7f0000000180)='GPL\x00', 0x9, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r4, 0x29, 0x40, &(0x7f0000000000)=@mangle={'mangle\x00', 0x2, 0x6, 0x5d4, 0x0, 0xec, 0x0, 0x3fc, 0x1c4, 0x50c, 0x50c, 0x50c, 0x50c, 0x50c, 0x6, 0x0, {[{{@ipv6={@mcast2, @private1, [], [], 'macvlan1\x00', 'erspan0\x00'}, 0x0, 0xc8, 0xec, 0x0, {0x7a00000000000000}, [@inet=@rpfilter={{0x24}}]}, @HL={0x24}}, {{@ipv6={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @private0, [], [], 'syzkaller0\x00', 'team_slave_1\x00'}, 0x0, 0xa4, 0xd8}, @common=@inet=@SET3={0x34, 'SET\x00', 0x3, {{0xffffffffffffffff}, {0xffffffffffffffff}, {}, 0xf3dd}}}, {{@ipv6={@mcast1, @remote, [], [], '\x00', 'dummy0\x00'}, 0x0, 0x130, 0x154, 0x0, {}, [@common=@srh1={{0x8c}, {0x8, 0x0, 0x0, 0x0, 0x0, @dev, @local, @empty}}]}, @unspec=@CHECKSUM={0x24}}, {{@uncond, 0x0, 0xa4, 0xe4}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00', 0x0, {[0x0, 0x0, 0x0, 0x0, 0x9]}}}, {{@uncond, 0x0, 0xec, 0x110, 0x0, {}, [@inet=@rpfilter={{0x24}}, @common=@eui64={{0x24}}]}, @unspec=@CHECKSUM={0x24}}], {{'\x00', 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x630)
openat$cdrom(0xffffff9c, &(0x7f00000012c0), 0x42880, 0x0)
openat$fb0(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
socket$l2tp6(0xa, 0x2, 0x73)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000001880)=ANY=[@ANYBLOB="b700000081000000bfa30000000030000703000000feffff720af0fff8ffffff71a4f0ff0000000071100000000000001d400500000000004704000001ed00000f030000000000001d44000000000000620a00fe000000007203000000000000b5000000000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fe51bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a22048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93f04bf072f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00e10000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f6f096753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c2571f983e9673560000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d490cba8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e16e1461173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b583cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd84990453f006694d461b76a58d88cf0f520310a1e80dc18cde98d662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6432399f87a7a14245bbd796a09313b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c00000000000000f59dd19e8d525206c0a728cfd42193abe8130bc01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ed1012fd7a8139166fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336d205c5913ef67cf0216e2d81e6127bd9d7fab28800eaab2355992f8ce4cd38add4b272c0bee4076ca4847ffa691cf78fb7ec212bad3bef29f577ea7159b7f3025b3d977ff7c91024cf71126233cb8791c3c"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xfffffffffffffd00, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
syz_usbip_server_init(0x3)
add_key$user(&(0x7f0000000380), &(0x7f0000000000)={'syz', 0x0}, &(0x7f0000000580)='X', 0x1, 0xfffffffffffffffe)
lstat(&(0x7f00000004c0)='./file0\x00', &(0x7f0000000500))
add_key$user(0x0, &(0x7f00000005c0), &(0x7f00000000c0), 0x0, 0xfffffffffffffffd)

1.26996724s ago: executing program 4 (id=2483):
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mkdir(0x0, 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000340)={[{@upperdir={'upperdir', 0x3d, './file1'}}]})
socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$TCXONC(0xffffffffffffffff, 0x540a, 0x2)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
socket$inet_mptcp(0x2, 0x1, 0x106)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0xf, 0x10, &(0x7f0000000040)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r3}}, {}, [@func={0x85, 0x0, 0x1, 0x0, 0xfffffff5}], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000140)='syzkaller\x00', 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_device, 0x0, 0x8300, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) (async)
mkdir(0x0, 0x0) (async)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0) (async)
mount$overlay(0x0, &(0x7f0000000140)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000340)={[{@upperdir={'upperdir', 0x3d, './file1'}}]}) (async)
socket$inet6_tcp(0xa, 0x1, 0x0) (async)
ioctl$TCXONC(0xffffffffffffffff, 0x540a, 0x2) (async)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) (async)
socket$inet_mptcp(0x2, 0x1, 0x106) (async)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) (async)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) (async)
getpid() (async)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) (async)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) (async)
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) (async)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) (async)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) (async)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0xf, 0x10, &(0x7f0000000040)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r3}}, {}, [@func={0x85, 0x0, 0x1, 0x0, 0xfffffff5}], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000140)='syzkaller\x00', 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_device, 0x0, 0x8300, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) (async)

1.162303135s ago: executing program 2 (id=2484):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000002000000b705000008000000850000006900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000680)={&(0x7f0000000040)='percpu_alloc_percpu\x00', r1}, 0x10)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1f, 0x11, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000002800000000000000850000002a000000b7080000000000007baaf8ff00000000b5080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70500000800000085000000a700000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x10, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, @void, @value}, 0x94)

1.067482548s ago: executing program 2 (id=2485):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x6, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
connect$inet6(0xffffffffffffffff, &(0x7f0000000080)={0xa, 0xfffe, 0x7fffffff, @local, 0x9}, 0x1c)
sendmsg(0xffffffffffffffff, 0x0, 0xd)
madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe)
mlock(&(0x7f0000c00000/0x400000)=nil, 0x400000)
mremap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f0000fff000/0x1000)=nil)
madvise(&(0x7f0000f0f000/0x2000)=nil, 0x2000, 0x15)
bpf$PROG_LOAD(0x5, &(0x7f0000002c40)={0x7, 0xf, &(0x7f00000007c0)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x2, 0x0, 0xd300}}, {{0x6, 0x0, 0xb}, {0x65}}, [], {{0x7, 0x1, 0x3, 0x3}, {0x5, 0x0, 0xb, 0x3}}}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)

530.223439ms ago: executing program 4 (id=2486):
r0 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
ioctl$USBDEVFS_SUBMITURB(0xffffffffffffffff, 0x8038550a, 0x0) (async)
ioctl$USBDEVFS_SUBMITURB(0xffffffffffffffff, 0x8038550a, 0x0)
syz_emit_ethernet(0x8e, &(0x7f00000000c0)=ANY=[@ANYRESHEX=r0], 0x0)
getsockopt$CAN_RAW_JOIN_FILTERS(r0, 0x65, 0x6, 0x0, 0x0)
r1 = open(&(0x7f0000000180)='.\x00', 0x0, 0x0)
flock(r1, 0x2)
r2 = open(&(0x7f0000000180)='.\x00', 0x0, 0x0)
flock(r2, 0x2) (async)
flock(r2, 0x2)
r3 = open(&(0x7f0000000180)='.\x00', 0x10000, 0x0)
flock(r3, 0x1) (async)
flock(r3, 0x1)
flock(r3, 0x2)
timer_create(0x0, &(0x7f0000000680)={0x0, 0x21, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100))
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000040)={'vcan0\x00'})
setresgid(0xee00, 0xee01, 0x0)
mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) (async)
mkdir(&(0x7f00000001c0)='./file0\x00', 0x0)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00') (async)
r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00')
socket(0x22, 0x2, 0x24) (async)
r5 = socket(0x22, 0x2, 0x24)
setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, 0x0, 0x0) (async)
setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, 0x0, 0x0)
mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x800400, &(0x7f0000000100)={[{@usrquota}, {@usrquota_block_hardlimit={'usrquota_block_hardlimit', 0x3d, [0x38]}}]})
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r6, 0x3)
ioctl$sock_SIOCOUTQNSD(r6, 0x894b, 0x0)
read$FUSE(r4, &(0x7f0000000340)={0x2020}, 0xcb0a)
timer_settime(0x0, 0x0, &(0x7f0000000500)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x8c01, 0x0) (async)
r7 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x8c01, 0x0)
write$snapshot(r7, 0x0, 0x0)

460.072013ms ago: executing program 4 (id=2487):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x60, 0x30, 0x4, 0x0, 0x0, {}, [{0x4c, 0x1, [@m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x60}, 0x1, 0x0, 0x0, 0x804}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="fd92be527dbca9f1e977011690bcf5790312262a69707e4c621b2a1c424e0ceec070391443aa74fed573d7a50cd9eefbeade88fb", @ANYRESHEX=r0, @ANYRES32, @ANYRES16=r0, @ANYRES32, @ANYBLOB="0100000000000000000000000000000fa788dabea72479dda3565a86965e341223644810f342931bdaf275472c466d53ee04a43eae75681808e658102d2342c8ea3a63d6b1d77239f467c4ad23e7873ccf2147aa8318aed91724c0017b4d68f35ef5375b6df13b300586aed4de9789570bb7d035642761f11cdb6cd5b0974316723b1188adb6b6b76b70587710d7534a18d13373a299952d6dc73aab63d83b745527d13503cc932da35f82e130c8e849a66104a389a4ade72f48639ec1598977eda5e02485be148a0cd56a74ebe5cd4f1be87791d07015cf8d1c30472702beb3407775b25462ec88f3ffe6a1830b75b68aef29bbe2697bbbcfde002fe30e9d6e564c9b54ec2d4b2609e4f4c9b600542f41147cca2a37a6a54c3ef6b44ba16d786574cc1849c9c9a5c420ab5a38e197b70d6b747a2966de8d273cbfb8969a63a563086f21e9dde75bdc43370eddf62d5577842a641b41a9b178ae29856efb72a81c139ac71f32e1a1f149118c567a95e303c19966"], 0x48)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x2, 0x8f}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socket$igmp6(0xa, 0x3, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
ioctl$VHOST_SET_LOG_FD(0xffffffffffffffff, 0x4004af07, &(0x7f0000000280))
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
r5 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r5, 0xc004500a, &(0x7f0000000240)=0x28e)
ioctl$SNDCTL_DSP_CHANNELS(r5, 0xc0045006, &(0x7f00000001c0)=0x2)
ioctl$SNDCTL_DSP_SPEED(r5, 0xc0045002, &(0x7f00000000c0))
read$dsp(r5, &(0x7f0000000300)=""/79, 0x4f)
unlink(&(0x7f0000000000)='./file0\x00')
timer_create(0x0, &(0x7f0000000240)={0x0, 0x21}, &(0x7f0000bbdffc))
init_module(&(0x7f0000000400)=ANY=[@ANYBLOB="7f454c4605010c05810000000000000000000000f8ffff3900000000000000030100000000000013ba0000c40038000100b802c8d60200040000000300000080000000000000000200000000000000feffffffffffffff0000000000000000ffffff7f00000000fdffffffffffffff000000000000000000"], 0x78, 0x0)
sendto$inet6(r4, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)

159.791659ms ago: executing program 2 (id=2488):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_DEBUG_SET(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001500)={&(0x7f0000000300)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000008000000180001801400020073797a5f74756e000000f0000000000018000280"], 0x44}}, 0x0)

159.499123ms ago: executing program 2 (id=2489):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, &(0x7f00000006c0)=ANY=[], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x41100, 0x45, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000200)={0x5}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000380)=ANY=[@ANYBLOB="34000000100001f8ffffff000000000000000000", @ANYRES32=0x0, @ANYBLOB="9effffffffffffff0c002b8008000100", @ANYRES32=r1, @ANYBLOB="08001b"], 0x34}}, 0x4004010)
r5 = socket(0x2, 0x3, 0x6)
bind$inet(r5, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10)
sendto$inet(r5, 0x0, 0x0, 0x0, &(0x7f0000000600)={0x2, 0x0, @remote}, 0x10)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x8)
recvmsg$unix(r5, &(0x7f0000000140)={&(0x7f00000000c0)=@abs, 0x6e, &(0x7f0000000040)=[{&(0x7f0000000280)=""/199, 0xc7}], 0x1, &(0x7f0000000380)=[@cred={{0x18}}, @cred={{0x18}}, @rights={{0x10, 0x1, 0x1, [0xffffffffffffffff]}}, @cred={{0x18}}, @cred={{0x18}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x88}, 0x40)

0s ago: executing program 0 (id=2490):
r0 = openat$loop_ctrl(0xffffff9c, &(0x7f0000000000), 0x0, 0x0) (async, rerun: 32)
r1 = openat$userio(0xffffff9c, &(0x7f0000000040), 0x92001, 0x0) (rerun: 32)
ioctl$AUTOFS_IOC_FAIL(r1, 0x9361, 0x10000) (async, rerun: 64)
r2 = openat$snapshot(0xffffff9c, &(0x7f0000000080), 0x101140, 0x0) (rerun: 64)
ioctl$SNAPSHOT_CREATE_IMAGE(r2, 0x40043311, &(0x7f00000000c0)) (async)
unshare(0x20000)
unshare(0x800) (async)
r3 = fcntl$dupfd(r0, 0x406, r0)
ioctl$CEC_ADAP_G_LOG_ADDRS(r3, 0x805c6103, &(0x7f0000000100)) (async)
r4 = open(&(0x7f0000000180)='./file0\x00', 0x8000, 0x96) (async, rerun: 64)
r5 = ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82) (rerun: 64)
ioctl$LOOP_CTL_ADD(r4, 0x4c80, r5) (async)
ioctl$F2FS_IOC_MOVE_RANGE(r1, 0xc01cf509, &(0x7f00000001c0)={<r6=>r0, 0x33, 0x7e, 0x5})
epoll_pwait2(r6, &(0x7f0000000200)=[{}, {}], 0x2, &(0x7f0000000240), &(0x7f0000000280)={[0xb, 0x9]}, 0x8) (async)
getpeername$packet(r6, &(0x7f00000002c0)={0x11, 0x0, <r7=>0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000300)=0x14)
ioctl$sock_inet6_SIOCADDRT(r4, 0x890b, &(0x7f0000000340)={@private0={0xfc, 0x0, '\x00', 0x1}, @private2={0xfc, 0x2, '\x00', 0x1}, @ipv4={'\x00', '\xff\xff', @loopback}, 0x7, 0x5, 0xd, 0x400, 0x5, 0x40000000, r7}) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, &(0x7f00000003c0)) (async)
ioctl$SG_BLKTRACETEARDOWN(r6, 0x1276, 0x0) (async, rerun: 32)
unshare(0x400) (rerun: 32)
socket$netlink(0x10, 0x3, 0x1) (async)
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r3, 0xc0189373, &(0x7f0000000400)={{0x1, 0x1, 0x18, <r8=>r1, {0xa}}, './file0\x00'})
sendmsg$nl_route_sched(r8, &(0x7f0000000500)={&(0x7f0000000440), 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=@newtclass={0x40, 0x28, 0x20, 0x70bd26, 0x25dfdbfd, {0x0, 0x0, 0x0, r7, {0xffe0, 0x2}, {0x5, 0x9}, {0xfff3, 0xe}}, [@TCA_RATE={0x6, 0x5, {0x3, 0x7}}, @tclass_kind_options=@c_drr={{0x8}, {0xc, 0x2, @TCA_DRR_QUANTUM={0x8, 0x1, 0x4}}}]}, 0x40}, 0x1, 0x0, 0x0, 0x40800}, 0x40000)
r9 = syz_io_uring_setup(0x1e8d, &(0x7f0000000540)={0x0, 0x31cd, 0x8000, 0x2, 0x1de}, &(0x7f00000005c0), &(0x7f0000000600))
io_uring_register$IORING_REGISTER_CLONE_BUFFERS(r9, 0x1e, &(0x7f0000000640)={r6}, 0x1)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000680))
r10 = openat$sequencer2(0xffffff9c, &(0x7f00000006c0), 0x600002, 0x0)
close_range(r0, r10, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
setsockopt$IP_VS_SO_SET_ADDDEST(r4, 0x0, 0x487, &(0x7f0000000700)={{0x3b, @private=0xa010100, 0x4e24, 0x2, 'wrr\x00', 0x7, 0xb2, 0x20}, {@private=0xa010102, 0x4e23, 0x0, 0xba8, 0x200000, 0x6}}, 0x44) (async)
openat$nullb(0xffffff9c, &(0x7f0000000780), 0x0, 0x0)

kernel console output (not intermixed with test programs):

i3: unexpected cc 0x1001 length: 249 > 9
[  380.667135][ T5958] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  380.670564][ T5958] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  380.705063][T13477] sch_tbf: peakrate 8 is lower than or equals to rate 12 !
[  380.721030][T13477] netlink: 'syz.0.2000': attribute type 4 has an invalid length.
[  380.728483][T13477] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2000'.
[  380.899960][T13485] 9pnet_virtio: no channels available for device ./file0/file0
[  380.921506][T13472] chnl_net:caif_netlink_parms(): no params data found
[  381.068462][T13472] bridge0: port 1(bridge_slave_0) entered blocking state
[  381.070843][T13472] bridge0: port 1(bridge_slave_0) entered disabled state
[  381.073448][T13472] bridge_slave_0: entered allmulticast mode
[  381.076062][T13472] bridge_slave_0: entered promiscuous mode
[  381.079317][T13472] bridge0: port 2(bridge_slave_1) entered blocking state
[  381.081672][T13472] bridge0: port 2(bridge_slave_1) entered disabled state
[  381.086334][T13472] bridge_slave_1: entered allmulticast mode
[  381.089034][T13472] bridge_slave_1: entered promiscuous mode
[  381.125981][T13472] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  381.131189][T13472] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  381.169406][T13472] team0: Port device team_slave_0 added
[  381.176874][T13472] team0: Port device team_slave_1 added
[  381.314612][T11273] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  381.329835][T13472] batman_adv: batadv0: Adding interface: batadv_slave_0
[  381.332086][T13472] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  381.340611][T13472] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  381.482501][T13493] netlink: 'syz.4.2003': attribute type 4 has an invalid length.
[  381.486728][T13472] batman_adv: batadv0: Adding interface: batadv_slave_1
[  381.489490][T13472] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  381.502885][T13472] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  381.538644][T11273] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  381.588338][T13495] netlink: 'syz.4.2004': attribute type 1 has an invalid length.
[  381.629715][T11273] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  381.647062][T13472] hsr_slave_0: entered promiscuous mode
[  381.649735][T13472] hsr_slave_1: entered promiscuous mode
[  381.652219][T13472] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  381.655569][T13472] Cannot create hsr debugfs directory
[  381.797663][T11273] bridge_slave_1: left allmulticast mode
[  381.805741][T11273] bridge_slave_1: left promiscuous mode
[  381.808069][T11273] bridge0: port 2(bridge_slave_1) entered disabled state
[  381.822966][T11273] bridge_slave_0: left allmulticast mode
[  381.825371][T11273] bridge_slave_0: left promiscuous mode
[  381.827611][T11273] bridge0: port 1(bridge_slave_0) entered disabled state
[  382.024380][T13508] loop6: detected capacity change from 0 to 524287999
[  382.173288][T11273] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  382.177684][T11273] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  382.181883][T11273] bond0 (unregistering): Released all slaves
[  382.525099][T11273] hsr_slave_0: left promiscuous mode
[  382.527205][T11273] hsr_slave_1: left promiscuous mode
[  382.529281][T11273] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  382.531599][T11273] batman_adv: batadv0: Removing interface: batadv_slave_0
[  382.534999][T11273] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  382.537433][T11273] batman_adv: batadv0: Removing interface: batadv_slave_1
[  382.570181][T11273] veth1_macvtap: left promiscuous mode
[  382.572088][T11273] veth0_macvtap: left promiscuous mode
[  382.575423][T11273] veth1_vlan: left promiscuous mode
[  382.577492][T11273] veth0_vlan: left promiscuous mode
[  382.747566][ T5948] Bluetooth: hci3: command tx timeout
[  382.971249][T13529] netlink: 'syz.0.2014': attribute type 4 has an invalid length.
[  383.033432][ T1332] usb 9-1: new high-speed USB device number 8 using dummy_hcd
[  383.193393][ T1332] usb 9-1: Using ep0 maxpacket: 8
[  383.200424][ T1332] usb 9-1: config index 0 descriptor too short (expected 301, got 45)
[  383.203965][ T1332] usb 9-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  383.208008][ T1332] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  383.212025][ T1332] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  383.216601][ T1332] usb 9-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  383.222030][ T1332] usb 9-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  383.226326][ T1332] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  383.322558][T11273] team0 (unregistering): Port device team_slave_1 removed
[  383.390092][T11273] team0 (unregistering): Port device team_slave_0 removed
[  383.441846][ T1332] usb 9-1: GET_CAPABILITIES returned 0
[  383.443698][ T1332] usbtmc 9-1:16.0: can't read capabilities
[  383.935704][T13472] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  383.940569][T13472] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  383.950550][T13472] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  383.957416][T13472] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  384.036770][T13472] 8021q: adding VLAN 0 to HW filter on device bond0
[  384.055440][T13472] 8021q: adding VLAN 0 to HW filter on device team0
[  384.061295][T11293] bridge0: port 1(bridge_slave_0) entered blocking state
[  384.063670][T11293] bridge0: port 1(bridge_slave_0) entered forwarding state
[  384.072371][T11293] bridge0: port 2(bridge_slave_1) entered blocking state
[  384.074689][T11293] bridge0: port 2(bridge_slave_1) entered forwarding state
[  384.340825][T13472] 8021q: adding VLAN 0 to HW filter on device batadv0
[  384.394975][T13472] veth0_vlan: entered promiscuous mode
[  384.405105][T13472] veth1_vlan: entered promiscuous mode
[  384.422160][T13472] veth0_macvtap: entered promiscuous mode
[  384.427377][T13472] veth1_macvtap: entered promiscuous mode
[  384.437803][T13472] batman_adv: batadv0: Interface activated: batadv_slave_0
[  384.448310][T13472] batman_adv: batadv0: Interface activated: batadv_slave_1
[  384.455032][T13472] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  384.457765][T13472] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  384.460415][T13472] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  384.483331][T13472] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  384.578642][T11293] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  384.581228][T11293] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  384.602745][T13548] Invalid ELF header type: 0 != 1
[  384.604309][T11273] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  384.607568][T11273] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  384.823529][ T5948] Bluetooth: hci3: command 0x041b tx timeout
[  384.919306][   T40] audit: type=1326 audit(1748087847.860:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13552 comm="syz.0.2020" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf708e579 code=0x0
[  385.056349][T13560] input: syz1 as /devices/virtual/input/input44
[  385.315918][T13564] loop6: detected capacity change from 0 to 524287999
[  385.687908][T13566] 9pnet: p9_errstr2errno: server reported unknown error �@cƒF	S
[  385.795600][   T24] usb 9-1: USB disconnect, device number 8
[  385.939541][T13572] mac80211_hwsim hwsim19 wlan1: entered allmulticast mode
[  385.945714][T13572] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2025'.
[  386.071438][T13573] netlink: 'syz.4.2025': attribute type 10 has an invalid length.
[  386.074363][T13573] mac80211_hwsim hwsim19 wlan1: left allmulticast mode
[  386.298722][T13577] lo: left promiscuous mode
[  386.300342][T13577] lo: left allmulticast mode
[  386.302382][T13577] tunl0: left promiscuous mode
[  386.304090][T13577] tunl0: left allmulticast mode
[  386.306063][T13577] gre0: left promiscuous mode
[  386.307729][T13577] gre0: left allmulticast mode
[  386.309788][T13577] gretap0: left promiscuous mode
[  386.311500][T13577] gretap0: left allmulticast mode
[  386.313331][T13577] erspan0: left promiscuous mode
[  386.315378][T13577] ip_vti0: left promiscuous mode
[  386.317368][T13577] ip_vti0: left allmulticast mode
[  386.319630][T13577] ip6_vti0: left promiscuous mode
[  386.321585][T13577] ip6_vti0: left allmulticast mode
[  386.323879][T13577] sit0: left promiscuous mode
[  386.325697][T13577] sit0: left allmulticast mode
[  386.327770][T13577] ip6tnl0: left promiscuous mode
[  386.329657][T13577] ip6tnl0: left allmulticast mode
[  386.331766][T13577] ip6gre0: left promiscuous mode
[  386.333818][T13577] ip6gre0: left allmulticast mode
[  386.336044][T13577] syz_tun: left promiscuous mode
[  386.338259][T13577] syz_tun: left allmulticast mode
[  386.340327][T13577] ip6gretap0: left promiscuous mode
[  386.342292][T13577] ip6gretap0: left allmulticast mode
[  386.346342][T13577] vcan0: left promiscuous mode
[  386.348142][T13577] vcan0: left allmulticast mode
[  386.355855][T13577] bond0: left promiscuous mode
[  386.357779][T13577] mac80211_hwsim hwsim3 wlan1: left promiscuous mode
[  386.360990][T13577] bond0: left allmulticast mode
[  386.362893][T13577] mac80211_hwsim hwsim3 wlan1: left allmulticast mode
[  386.365329][T13577] team0: left promiscuous mode
[  386.367153][T13577] team0: left allmulticast mode
[  386.369489][T13577] dummy0: left promiscuous mode
[  386.371372][T13577] dummy0: left allmulticast mode
[  386.373598][T13577] nlmon0: left promiscuous mode
[  386.375637][T13577] nlmon0: left allmulticast mode
[  386.377953][T13577] caif0: left promiscuous mode
[  386.379717][T13577] caif0: left allmulticast mode
[  386.381900][T13577] batadv0: left promiscuous mode
[  386.385224][T13577] batadv0: left allmulticast mode
[  386.387506][T13577] vxcan0: left promiscuous mode
[  386.390276][T13577] vxcan0: left allmulticast mode
[  386.393420][T13577] vxcan1: left promiscuous mode
[  386.394963][T13577] vxcan1: left allmulticast mode
[  386.421445][T13577] veth0: left promiscuous mode
[  386.423107][T13577] veth0: left allmulticast mode
[  386.424884][T13577] veth1: left promiscuous mode
[  386.426410][T13577] veth1: left allmulticast mode
[  386.428015][T13577] wg0: left promiscuous mode
[  386.429506][T13577] wg0: left allmulticast mode
[  386.431120][T13577] wg1: left promiscuous mode
[  386.432606][T13577] wg1: left allmulticast mode
[  386.434417][T13577] veth0_to_bridge: left promiscuous mode
[  386.436266][T13577] veth0_to_bridge: left allmulticast mode
[  386.438351][T13577] bridge_slave_0: left promiscuous mode
[  386.440160][T13577] bridge_slave_0: left allmulticast mode
[  386.442105][T13577] veth1_to_bridge: left promiscuous mode
[  386.444003][T13577] veth1_to_bridge: left allmulticast mode
[  386.445997][T13577] bridge_slave_1: left promiscuous mode
[  386.447834][T13577] bridge_slave_1: left allmulticast mode
[  386.449799][T13577] veth0_to_bond: left promiscuous mode
[  386.451612][T13577] veth0_to_bond: left allmulticast mode
[  386.453581][T13577] bond_slave_0: left promiscuous mode
[  386.455355][T13577] bond_slave_0: left allmulticast mode
[  386.457230][T13577] veth1_to_bond: left promiscuous mode
[  386.458965][T13577] veth1_to_bond: left allmulticast mode
[  386.460870][T13577] bond_slave_1: left promiscuous mode
[  386.462657][T13577] bond_slave_1: left allmulticast mode
[  386.464871][T13577] veth0_to_team: left promiscuous mode
[  386.466679][T13577] veth0_to_team: left allmulticast mode
[  386.468552][T13577] team_slave_0: left promiscuous mode
[  386.470368][T13577] team_slave_0: left allmulticast mode
[  386.472281][T13577] veth1_to_team: left promiscuous mode
[  386.474410][T13577] veth1_to_team: left allmulticast mode
[  386.476344][T13577] team_slave_1: left promiscuous mode
[  386.478160][T13577] team_slave_1: left allmulticast mode
[  386.480022][T13577] veth0_to_batadv: left promiscuous mode
[  386.481934][T13577] veth0_to_batadv: left allmulticast mode
[  386.484216][T13577] batadv_slave_0: left promiscuous mode
[  386.485983][T13577] batadv_slave_0: left allmulticast mode
[  386.487857][T13577] veth1_to_batadv: left promiscuous mode
[  386.489680][T13577] veth1_to_batadv: left allmulticast mode
[  386.491620][T13577] batadv_slave_1: left promiscuous mode
[  386.493741][T13577] batadv_slave_1: left allmulticast mode
[  386.495705][T13577] xfrm0: left promiscuous mode
[  386.497316][T13577] xfrm0: left allmulticast mode
[  386.499073][T13577] veth0_to_hsr: left promiscuous mode
[  386.500871][T13577] veth0_to_hsr: left allmulticast mode
[  386.502802][T13577] veth1_to_hsr: left promiscuous mode
[  386.505132][T13577] veth1_to_hsr: left allmulticast mode
[  386.507066][T13577] hsr0: left promiscuous mode
[  386.508637][T13577] hsr0: left allmulticast mode
[  386.510334][T13577] hsr_slave_0: left allmulticast mode
[  386.512156][T13577] hsr_slave_1: left allmulticast mode
[  386.514765][T13577] veth1_virt_wifi: left promiscuous mode
[  386.526020][T13577] veth1_virt_wifi: left allmulticast mode
[  386.530730][T13577] veth0_virt_wifi: left promiscuous mode
[  386.533563][T13577] veth0_virt_wifi: left allmulticast mode
[  386.535543][T13577] net veth1_virt_wifi virt_wifi0: left promiscuous mode
[  386.537835][T13577] net veth1_virt_wifi virt_wifi0: left allmulticast mode
[  386.540166][T13577] veth1_vlan: left allmulticast mode
[  386.542150][T13577] @: left promiscuous mode
[  386.543773][T13577] @: left allmulticast mode
[  386.545389][T13577] vlan1: left promiscuous mode
[  386.547055][T13577] vlan1: left allmulticast mode
[  386.548797][T13577] macvlan0: left promiscuous mode
[  386.550501][T13577] macvlan0: left allmulticast mode
[  386.552304][T13577] macvlan1: left promiscuous mode
[  386.554058][T13577] macvlan1: left allmulticast mode
[  386.555823][T13577] ipvlan0: left promiscuous mode
[  386.557501][T13577] ipvlan0: left allmulticast mode
[  386.559260][T13577] ipvlan1: left promiscuous mode
[  386.560943][T13577] ipvlan1: left allmulticast mode
[  386.562625][T13577] veth0_vlan: left allmulticast mode
[  386.564512][T13577] veth1_macvtap: left allmulticast mode
[  386.566426][T13577] veth0_macvtap: left allmulticast mode
[  386.568317][T13577] macvtap0: left promiscuous mode
[  386.570029][T13577] macvtap0: left allmulticast mode
[  386.571833][T13577] macsec0: left promiscuous mode
[  386.575047][T13577] macsec0: left allmulticast mode
[  386.578446][T13577] geneve0: left promiscuous mode
[  386.580103][T13577] geneve0: left allmulticast mode
[  386.581934][T13577] geneve1: left promiscuous mode
[  386.583683][T13577] geneve1: left allmulticast mode
[  386.585488][T13577] mac80211_hwsim hwsim2 wlan0: left promiscuous mode
[  386.587673][T13577] mac80211_hwsim hwsim2 wlan0: left allmulticast mode
[  386.593943][T13577] bridge1: left promiscuous mode
[  386.595620][T13577] bridge1: left allmulticast mode
[  386.597378][T13577] ip6tnl1: left promiscuous mode
[  386.599110][T13577] ip6tnl1: left allmulticast mode
[  386.600903][T13577] geneve2: left promiscuous mode
[  386.602562][T13577] geneve2: left allmulticast mode
[  386.604735][T13577] syztnl2: left promiscuous mode
[  386.606400][T13577] syztnl2: left allmulticast mode
[  386.608012][T13577] vxlan0: left promiscuous mode
[  386.609668][T13577] vxlan0: left allmulticast mode
[  386.611401][T13577] bridge2: left promiscuous mode
[  386.613084][T13577] bridge2: left allmulticast mode
[  386.615117][T13577] ipvlan2: left promiscuous mode
[  386.616869][T13577] ipvlan2: left allmulticast mode
[  386.618547][T13577] erspan0: left allmulticast mode
[  386.620277][T13577] bridge0: left promiscuous mode
[  386.622013][T13577] bridge0: left allmulticast mode
[  386.624000][T13577] bridge3: left promiscuous mode
[  386.625668][T13577] bridge3: left allmulticast mode
[  386.627380][T13577] bridge4: left promiscuous mode
[  386.629059][T13577] bridge4: left allmulticast mode
[  386.630786][T13577] bridge5: left promiscuous mode
[  386.632448][T13577] bridge5: left allmulticast mode
[  386.665319][ T1186] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  387.618552][ T5948] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  387.624317][ T5948] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  387.628990][ T5948] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  387.632145][ T5948] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  387.635123][ T5948] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  387.740282][T13593] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(10)
[  387.742346][T13593] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  387.745433][T13593] vhci_hcd vhci_hcd.0: Device attached
[  387.860217][T13584] chnl_net:caif_netlink_parms(): no params data found
[  387.937562][ T1186] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  387.983393][ T9566] usb 37-1: new high-speed USB device number 11 using vhci_hcd
[  387.991117][T13584] bridge0: port 1(bridge_slave_0) entered blocking state
[  387.993505][T13584] bridge0: port 1(bridge_slave_0) entered disabled state
[  387.995817][T13584] bridge_slave_0: entered allmulticast mode
[  387.998465][T13584] bridge_slave_0: entered promiscuous mode
[  388.001695][T13584] bridge0: port 2(bridge_slave_1) entered blocking state
[  388.006717][T13584] bridge0: port 2(bridge_slave_1) entered disabled state
[  388.009069][T13584] bridge_slave_1: entered allmulticast mode
[  388.011735][T13584] bridge_slave_1: entered promiscuous mode
[  388.041553][ T1186] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  388.063777][T13584] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  388.068523][T13584] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  388.109413][T13584] team0: Port device team_slave_0 added
[  388.113814][T13584] team0: Port device team_slave_1 added
[  388.126429][ T1186] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  388.171157][T13584] batman_adv: batadv0: Adding interface: batadv_slave_0
[  388.174337][T13584] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  388.186247][T13584] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  388.191984][T13584] batman_adv: batadv0: Adding interface: batadv_slave_1
[  388.194887][T13584] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  388.205474][T13584] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  388.279697][T13584] hsr_slave_0: entered promiscuous mode
[  388.282337][T13584] hsr_slave_1: entered promiscuous mode
[  388.285268][T13584] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  388.287637][T13584] Cannot create hsr debugfs directory
[  388.360251][T13594] vhci_hcd: connection reset by peer
[  388.362185][T11293] vhci_hcd: stop threads
[  388.366272][T11293] vhci_hcd: release socket
[  388.368919][T11293] vhci_hcd: disconnect device
[  388.394769][ T1186] bridge_slave_1: left allmulticast mode
[  388.397057][ T1186] bridge_slave_1: left promiscuous mode
[  388.399400][ T1186] bridge0: port 2(bridge_slave_1) entered disabled state
[  388.405460][ T1186] bridge_slave_0: left allmulticast mode
[  388.407801][ T1186] bridge_slave_0: left promiscuous mode
[  388.410506][ T1186] bridge0: port 1(bridge_slave_0) entered disabled state
[  388.700841][ T1186] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  388.705935][ T1186] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  388.709944][ T1186] bond0 (unregistering): Released all slaves
[  388.958187][T13609] netlink: 'syz.0.2032': attribute type 4 has an invalid length.
[  389.009010][T13611] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2033'.
[  389.014376][T13612] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2033'.
[  389.046523][T13615] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  389.050249][T13615] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  389.060067][ T1186] hsr_slave_0: left promiscuous mode
[  389.064758][ T1186] hsr_slave_1: left promiscuous mode
[  389.067680][ T1186] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  389.070485][ T1186] batman_adv: batadv0: Removing interface: batadv_slave_0
[  389.075589][ T1186] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  389.078308][ T1186] batman_adv: batadv0: Removing interface: batadv_slave_1
[  389.127704][ T1186] veth1_macvtap: left promiscuous mode
[  389.130120][ T1186] veth0_macvtap: left promiscuous mode
[  389.132578][ T1186] veth1_vlan: left promiscuous mode
[  389.136718][ T1186] veth0_vlan: left promiscuous mode
[  389.480732][T13623] 9pnet: p9_errstr2errno: server reported unknown error �@cƒF	S
[  389.669540][T13627] FAULT_INJECTION: forcing a failure.
[  389.669540][T13627] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  389.674582][T13627] CPU: 2 UID: 0 PID: 13627 Comm: syz.0.2037 Not tainted 6.15.0-rc7-syzkaller-00142-g4856ebd99715 #0 PREEMPT(full) 
[  389.674605][T13627] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  389.674614][T13627] Call Trace:
[  389.674620][T13627]  <TASK>
[  389.674624][T13627]  dump_stack_lvl+0x16c/0x1f0
[  389.674643][T13627]  should_fail_ex+0x512/0x640
[  389.674662][T13627]  _copy_from_user+0x2e/0xd0
[  389.674672][T13627]  get_compat_msghdr+0xa7/0x170
[  389.674685][T13627]  ? __pfx_get_compat_msghdr+0x10/0x10
[  389.674698][T13627]  ? __lock_acquire+0x5ca/0x1ba0
[  389.674715][T13627]  ___sys_recvmsg+0x191/0x1a0
[  389.674728][T13627]  ? __pfx____sys_recvmsg+0x10/0x10
[  389.674749][T13627]  ? __pfx___might_resched+0x10/0x10
[  389.674764][T13627]  do_recvmmsg+0x568/0x740
[  389.674778][T13627]  ? __pfx_do_recvmmsg+0x10/0x10
[  389.674798][T13627]  ? bpf_get_current_comm+0xe3/0x160
[  389.674818][T13627]  __sys_recvmmsg+0x21c/0x280
[  389.674832][T13627]  ? __pfx___sys_recvmmsg+0x10/0x10
[  389.674846][T13627]  ? syscall_trace_enter+0x1cb/0x260
[  389.674864][T13627]  __ia32_compat_sys_recvmmsg_time32+0xc4/0x160
[  389.674877][T13627]  ? syscall_trace_enter+0xee/0x260
[  389.674899][T13627]  __do_fast_syscall_32+0x73/0x120
[  389.674926][T13627]  do_fast_syscall_32+0x32/0x80
[  389.674947][T13627]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  389.674964][T13627] RIP: 0023:0xf708e579
[  389.674979][T13627] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  389.674993][T13627] RSP: 002b:00000000f505d55c EFLAGS: 00000296 ORIG_RAX: 0000000000000151
[  389.675009][T13627] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000780
[  389.675019][T13627] RDX: 00000000ffffff81 RSI: 0000000000000002 RDI: 0000000000000000
[  389.675027][T13627] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  389.675037][T13627] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  389.675048][T13627] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  389.675076][T13627]  </TASK>
[  389.703536][ T5948] Bluetooth: hci3: command tx timeout
[  389.904670][ T1186] team0 (unregistering): Port device team_slave_1 removed
[  389.985054][ T1186] team0 (unregistering): Port device team_slave_0 removed
[  390.658982][T13635] MTD: Attempt to mount non-MTD device "/dev/loop4"
[  390.659065][T13634] MTD: Attempt to mount non-MTD device "/dev/loop4"
[  390.664083][T13635] syz.4.2040: attempt to access beyond end of device
[  390.664083][T13635] loop4: rw=0, sector=0, nr_sectors = 2 limit=0
[  390.669280][T13634] syz.4.2040: attempt to access beyond end of device
[  390.669280][T13634] loop4: rw=0, sector=0, nr_sectors = 2 limit=0
[  390.681789][T13584] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  390.687728][T13584] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  390.694194][T13584] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  390.699383][T13584] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  390.766248][T13584] 8021q: adding VLAN 0 to HW filter on device bond0
[  390.792440][T13584] 8021q: adding VLAN 0 to HW filter on device team0
[  390.800557][T11293] bridge0: port 1(bridge_slave_0) entered blocking state
[  390.803671][T11293] bridge0: port 1(bridge_slave_0) entered forwarding state
[  390.812853][T11280] bridge0: port 2(bridge_slave_1) entered blocking state
[  390.816003][T11280] bridge0: port 2(bridge_slave_1) entered forwarding state
[  390.825240][   T57] usb 7-1: new high-speed USB device number 20 using dummy_hcd
[  390.846548][T13641] netlink: 'syz.4.2043': attribute type 4 has an invalid length.
[  390.866236][T13584] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  390.885411][T13644] netlink: 48 bytes leftover after parsing attributes in process `syz.4.2044'.
[  390.993537][   T57] usb 7-1: Using ep0 maxpacket: 32
[  391.054504][T13584] 8021q: adding VLAN 0 to HW filter on device batadv0
[  391.087880][T13584] veth0_vlan: entered promiscuous mode
[  391.095422][T13584] veth1_vlan: entered promiscuous mode
[  391.112094][   T57] usb 7-1: unable to get BOS descriptor or descriptor too short
[  391.123025][T13584] veth0_macvtap: entered promiscuous mode
[  391.125013][   T57] usb 7-1: too many configurations: 105, using maximum allowed: 8
[  391.128553][   T57] usb 7-1: unable to read config index 0 descriptor/start: -71
[  391.130968][   T57] usb 7-1: can't read configurations, error -71
[  391.135021][T13584] veth1_macvtap: entered promiscuous mode
[  391.146259][T13584] batman_adv: batadv0: Interface activated: batadv_slave_0
[  391.152680][T13584] batman_adv: batadv0: Interface activated: batadv_slave_1
[  391.158114][T13584] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  391.160874][T13584] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  391.164311][T13584] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  391.167032][T13584] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  391.200249][T11280] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  391.203534][T11280] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  391.222032][ T1186] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  391.229010][ T1186] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  391.356335][   T40] audit: type=1326 audit(1748087854.300:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13654 comm="syz.0.2046" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf708e579 code=0x0
[  391.848539][T13661] loop6: detected capacity change from 0 to 524287999
[  392.391304][T13665] fuse: Bad value for 'fd'
[  392.519574][T13673] netlink: 'syz.0.2052': attribute type 4 has an invalid length.
[  392.773861][T13682] mapping of prio or/and queue is allowed only from OUTPUT/FORWARD/POSTROUTING chains
[  392.787864][T13682] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(12)
[  392.789965][T13682] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  392.793806][T13682] vhci_hcd vhci_hcd.0: Device attached
[  393.063352][ T6086] usb 41-1: new high-speed USB device number 16 using vhci_hcd
[  393.143271][ T9566] vhci_hcd: vhci_device speed not set
[  393.342595][T11280] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  393.412162][T13683] vhci_hcd: connection reset by peer
[  393.414824][ T1069] vhci_hcd: stop threads
[  393.416665][ T1069] vhci_hcd: release socket
[  393.418433][ T1069] vhci_hcd: disconnect device
[  394.496131][T13702] syz.2.2060: attempt to access beyond end of device
[  394.496131][T13702] nbd2: rw=0, sector=8, nr_sectors = 8 limit=0
[  394.503513][T13702] qnx4: unable to read the superblock
[  394.521106][T13705] FAULT_INJECTION: forcing a failure.
[  394.521106][T13705] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  394.525426][T13705] CPU: 0 UID: 0 PID: 13705 Comm: syz.0.2057 Not tainted 6.15.0-rc7-syzkaller-00142-g4856ebd99715 #0 PREEMPT(full) 
[  394.525441][T13705] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  394.525447][T13705] Call Trace:
[  394.525451][T13705]  <TASK>
[  394.525456][T13705]  dump_stack_lvl+0x16c/0x1f0
[  394.525475][T13705]  should_fail_ex+0x512/0x640
[  394.525494][T13705]  _copy_from_user+0x2e/0xd0
[  394.525505][T13705]  get_compat_msghdr+0xa7/0x170
[  394.525518][T13705]  ? __pfx_get_compat_msghdr+0x10/0x10
[  394.525531][T13705]  ? __lock_acquire+0x5ca/0x1ba0
[  394.525548][T13705]  ___sys_recvmsg+0x191/0x1a0
[  394.525562][T13705]  ? __pfx____sys_recvmsg+0x10/0x10
[  394.525581][T13705]  ? get_pid_task+0xd0/0x250
[  394.525595][T13705]  ? __pfx___might_resched+0x10/0x10
[  394.525609][T13705]  do_recvmmsg+0x568/0x740
[  394.525624][T13705]  ? __pfx_do_recvmmsg+0x10/0x10
[  394.525646][T13705]  ? __fget_files+0x20e/0x3c0
[  394.525658][T13705]  __sys_recvmmsg+0x21c/0x280
[  394.525671][T13705]  ? __pfx___sys_recvmmsg+0x10/0x10
[  394.525685][T13705]  ? __pfx_ksys_write+0x10/0x10
[  394.525698][T13705]  __ia32_compat_sys_recvmmsg_time32+0xc4/0x160
[  394.525711][T13705]  ? lockdep_hardirqs_on+0x7c/0x110
[  394.525726][T13705]  ? syscall_enter_from_user_mode_prepare+0x68/0xe0
[  394.525742][T13705]  __do_fast_syscall_32+0x73/0x120
[  394.525761][T13705]  do_fast_syscall_32+0x32/0x80
[  394.525776][T13705]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  394.525789][T13705] RIP: 0023:0xf708e579
[  394.525797][T13705] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  394.525807][T13705] RSP: 002b:00000000f505d55c EFLAGS: 00000296 ORIG_RAX: 0000000000000151
[  394.525818][T13705] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000780
[  394.525824][T13705] RDX: 00000000ffffff81 RSI: 0000000000000002 RDI: 0000000000000000
[  394.525830][T13705] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  394.525836][T13705] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  394.525841][T13705] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  394.525854][T13705]  </TASK>
[  394.615248][ T5958] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  394.619913][ T5958] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  394.624646][ T5958] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  394.628433][ T5958] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  394.632456][ T5958] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  394.756165][T13706] chnl_net:caif_netlink_parms(): no params data found
[  394.817233][T13706] bridge0: port 1(bridge_slave_0) entered blocking state
[  394.819537][T13706] bridge0: port 1(bridge_slave_0) entered disabled state
[  394.821822][T13706] bridge_slave_0: entered allmulticast mode
[  394.825948][T13706] bridge_slave_0: entered promiscuous mode
[  394.830129][T13706] bridge0: port 2(bridge_slave_1) entered blocking state
[  394.832363][T13706] bridge0: port 2(bridge_slave_1) entered disabled state
[  394.835581][T13706] bridge_slave_1: entered allmulticast mode
[  394.838230][T13706] bridge_slave_1: entered promiscuous mode
[  394.870277][T13706] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  394.875417][T13706] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  394.911153][T13706] team0: Port device team_slave_0 added
[  394.916522][T13706] team0: Port device team_slave_1 added
[  394.950870][T13706] batman_adv: batadv0: Adding interface: batadv_slave_0
[  394.953144][T13706] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  394.961738][T13706] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  394.966369][T13706] batman_adv: batadv0: Adding interface: batadv_slave_1
[  394.968554][T13706] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  394.978527][T13706] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  395.017568][T13706] hsr_slave_0: entered promiscuous mode
[  395.019786][T13706] hsr_slave_1: entered promiscuous mode
[  395.021914][T13706] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  395.024516][T13706] Cannot create hsr debugfs directory
[  395.143494][T13731] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2067'.
[  395.146970][T13731] netlink: 124 bytes leftover after parsing attributes in process `syz.2.2067'.
[  395.149898][T13731] netlink: 124 bytes leftover after parsing attributes in process `syz.2.2067'.
[  395.358576][T11280] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  395.473285][ T9566] usb 7-1: new high-speed USB device number 22 using dummy_hcd
[  395.488976][T11280] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  395.547445][T13739] mapping of prio or/and queue is allowed only from OUTPUT/FORWARD/POSTROUTING chains
[  395.574223][T13739] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(12)
[  395.576346][T13739] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  395.578896][T13739] vhci_hcd vhci_hcd.0: Device attached
[  395.623262][ T9566] usb 7-1: Using ep0 maxpacket: 8
[  395.625647][T11280] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  395.626960][ T9566] usb 7-1: config 0 has no interfaces?
[  395.635046][ T9566] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  395.643256][ T9566] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  395.656883][ T9566] usb 7-1: config 0 descriptor??
[  395.741631][T11280] bridge_slave_1: left allmulticast mode
[  395.747636][T11280] bridge_slave_1: left promiscuous mode
[  395.750147][T11280] bridge0: port 2(bridge_slave_1) entered disabled state
[  395.755895][T11280] bridge_slave_0: left allmulticast mode
[  395.758284][T11280] bridge_slave_0: left promiscuous mode
[  395.760749][T11280] bridge0: port 1(bridge_slave_0) entered disabled state
[  395.843430][   T65] usb 37-1: new high-speed USB device number 12 using vhci_hcd
[  395.867537][T13742] usb 2-1: USB disconnect, device number 3
[  396.120071][T11280] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  396.124926][T11280] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  396.128858][T11280] bond0 (unregistering): Released all slaves
[  396.183222][T13740] vhci_hcd: connection reset by peer
[  396.189026][ T1186] vhci_hcd: stop threads
[  396.190436][ T1186] vhci_hcd: release socket
[  396.192317][ T1186] vhci_hcd: disconnect device
[  396.637435][T11280] hsr_slave_0: left promiscuous mode
[  396.640025][T11280] hsr_slave_1: left promiscuous mode
[  396.642151][T11280] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  396.644865][T11280] batman_adv: batadv0: Removing interface: batadv_slave_0
[  396.647841][T11280] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  396.650196][T11280] batman_adv: batadv0: Removing interface: batadv_slave_1
[  396.663310][ T5958] Bluetooth: hci3: command tx timeout
[  396.682603][T11280] veth1_macvtap: left promiscuous mode
[  396.696901][T11280] veth0_macvtap: left promiscuous mode
[  396.698730][T11280] veth1_vlan: left promiscuous mode
[  396.700438][T11280] veth0_vlan: left promiscuous mode
[  396.796351][T13749] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2072'.
[  397.392054][T11280] team0 (unregistering): Port device team_slave_1 removed
[  397.466753][T11280] team0 (unregistering): Port device team_slave_0 removed
[  398.193747][ T6086] vhci_hcd: vhci_device speed not set
[  398.215789][T13706] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  398.218364][ T6007] usb 7-1: USB disconnect, device number 22
[  398.259464][T13706] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  398.265048][T13706] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  398.289311][T13761] syzkaller1: entered promiscuous mode
[  398.291084][T13761] syzkaller1: entered allmulticast mode
[  398.299381][T13706] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  398.360649][T13706] 8021q: adding VLAN 0 to HW filter on device bond0
[  398.374413][T13706] 8021q: adding VLAN 0 to HW filter on device team0
[  398.379756][T11293] bridge0: port 1(bridge_slave_0) entered blocking state
[  398.382814][T11293] bridge0: port 1(bridge_slave_0) entered forwarding state
[  398.426287][T11293] bridge0: port 2(bridge_slave_1) entered blocking state
[  398.429572][T11293] bridge0: port 2(bridge_slave_1) entered forwarding state
[  398.476473][T13772] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(10)
[  398.479318][T13772] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  398.486678][T13772] vhci_hcd vhci_hcd.0: Device attached
[  398.725932][T13706] 8021q: adding VLAN 0 to HW filter on device batadv0
[  398.743317][ T5958] Bluetooth: hci3: command tx timeout
[  398.756015][T13706] veth0_vlan: entered promiscuous mode
[  398.763556][T13706] veth1_vlan: entered promiscuous mode
[  398.781669][T13706] veth0_macvtap: entered promiscuous mode
[  398.789771][T13706] veth1_macvtap: entered promiscuous mode
[  398.801884][T13706] batman_adv: batadv0: Interface activated: batadv_slave_0
[  398.808479][T13706] batman_adv: batadv0: Interface activated: batadv_slave_1
[  398.815877][T13706] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  398.818608][T13706] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  398.821409][T13706] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  398.828029][T13706] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  398.903318][T13789] loop6: detected capacity change from 0 to 524287999
[  398.938462][T11293] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  398.942686][T11293] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  398.948332][T11293] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  398.956412][T11293] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  399.138292][T13773] vhci_hcd: connection closed
[  399.138562][   T13] vhci_hcd: stop threads
[  399.141481][   T13] vhci_hcd: release socket
[  399.142916][   T13] vhci_hcd: disconnect device
[  399.593934][T13794] net veth1_virt_wifi 
€Â: renamed from virt_wifi0
[  399.629766][T13796] netlink: 'syz.4.2081': attribute type 4 has an invalid length.
[  399.633405][T13796] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2081'.
[  399.672926][T13798] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2082'.
[  399.885218][T13806] input: syz1 as /devices/virtual/input/input45
[  399.947919][T13807] loop6: detected capacity change from 0 to 524287999
[  400.217627][T13813] netlink: 'syz.0.2087': attribute type 4 has an invalid length.
[  400.332038][T13808] mapping of prio or/and queue is allowed only from OUTPUT/FORWARD/POSTROUTING chains
[  400.353124][T13808] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(12)
[  400.355190][T13808] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  400.361960][T13808] vhci_hcd vhci_hcd.0: Device attached
[  400.661619][T13817] vhci_hcd: connection closed
[  400.662709][T11280] vhci_hcd: stop threads
[  400.666611][T11280] vhci_hcd: release socket
[  400.668604][T11280] vhci_hcd: disconnect device
[  400.673268][ T6086] usb 41-1: new high-speed USB device number 17 using vhci_hcd
[  400.675684][ T6086] usb 41-1: enqueue for inactive port 0
[  400.743358][ T6086] vhci_hcd: vhci_device speed not set
[  400.758778][T13821] usb usb8: usbfs: process 13821 (syz.4.2089) did not claim interface 12 before use
[  400.983248][   T65] vhci_hcd: vhci_device speed not set
[  401.182236][   T13] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  401.216434][T13828] lo: entered promiscuous mode
[  401.218063][T13828] lo: entered allmulticast mode
[  401.227673][T13828] tunl0: entered promiscuous mode
[  401.233355][T13828] tunl0: entered allmulticast mode
[  401.235819][T13828] gre0: entered promiscuous mode
[  401.240662][T13828] gre0: entered allmulticast mode
[  401.249012][T13828] gretap0: entered promiscuous mode
[  401.250841][T13828] gretap0: entered allmulticast mode
[  401.254948][T13828] erspan0: entered promiscuous mode
[  401.256723][T13828] erspan0: entered allmulticast mode
[  401.259383][T13828] ip_vti0: entered promiscuous mode
[  401.261144][T13828] ip_vti0: entered allmulticast mode
[  401.263766][T13828] ip6_vti0: entered promiscuous mode
[  401.265545][T13828] ip6_vti0: entered allmulticast mode
[  401.270634][T13828] sit0: entered promiscuous mode
[  401.272343][T13828] sit0: entered allmulticast mode
[  401.278611][T13828] ip6tnl0: entered promiscuous mode
[  401.280997][T13828] ip6tnl0: entered allmulticast mode
[  401.291416][T13828] ip6gre0: entered promiscuous mode
[  401.294041][T13828] ip6gre0: entered allmulticast mode
[  401.300099][T13828] ip6gretap0: entered promiscuous mode
[  401.302086][T13828] ip6gretap0: entered allmulticast mode
[  401.306563][T13828] bridge0: entered promiscuous mode
[  401.308344][T13828] bridge0: entered allmulticast mode
[  401.312328][T13828] vcan0: entered promiscuous mode
[  401.314341][T13828] vcan0: entered allmulticast mode
[  401.316670][T13828] bond0: entered promiscuous mode
[  401.318406][T13828] mac80211_hwsim hwsim19 wlan1: entered promiscuous mode
[  401.320845][T13828] bond0: entered allmulticast mode
[  401.322571][T13828] mac80211_hwsim hwsim19 wlan1: entered allmulticast mode
[  401.326388][T13828] 8021q: adding VLAN 0 to HW filter on device bond0
[  401.328997][T13828] team0: entered promiscuous mode
[  401.330784][T13828] team0: entered allmulticast mode
[  401.335503][T13828] 8021q: adding VLAN 0 to HW filter on device team0
[  401.339316][T13828] dummy0: entered promiscuous mode
[  401.341148][T13828] dummy0: entered allmulticast mode
[  401.349139][T13828] nlmon0: entered promiscuous mode
[  401.350956][T13828] nlmon0: entered allmulticast mode
[  401.356100][T13828] caif0: entered promiscuous mode
[  401.357871][T13828] caif0: entered allmulticast mode
[  401.359573][T13828] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  402.350192][T13835] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2094'.
[  402.350907][T13836] netlink: 'syz.0.2092': attribute type 3 has an invalid length.
[  402.482094][ T5948] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  402.487681][ T5948] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  402.491697][ T5948] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  402.496660][ T5948] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  402.500279][ T5948] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  402.671205][T13848] UDF-fs: warning (device sr0): udf_load_vrs: No VRS found
[  402.673654][T13848] UDF-fs: Scanning with blocksize 2048 failed
[  402.676801][T13848] UDF-fs: warning (device sr0): udf_load_vrs: No VRS found
[  402.679152][T13848] UDF-fs: Scanning with blocksize 4096 failed
[  402.786958][T13843] chnl_net:caif_netlink_parms(): no params data found
[  402.921127][T13843] bridge0: port 1(bridge_slave_0) entered blocking state
[  402.924812][T13843] bridge0: port 1(bridge_slave_0) entered disabled state
[  402.927791][T13843] bridge_slave_0: entered allmulticast mode
[  402.931570][T13843] bridge_slave_0: entered promiscuous mode
[  402.939496][T13843] bridge0: port 2(bridge_slave_1) entered blocking state
[  402.942529][T13843] bridge0: port 2(bridge_slave_1) entered disabled state
[  402.953539][T13843] bridge_slave_1: entered allmulticast mode
[  402.964716][T13843] bridge_slave_1: entered promiscuous mode
[  403.012427][T13856] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(10)
[  403.014524][T13856] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  403.017165][T13856] vhci_hcd vhci_hcd.0: Device attached
[  403.035677][T13843] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  403.064476][T13843] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  403.269887][T13857] vhci_hcd: connection closed
[  403.270251][ T1069] vhci_hcd: stop threads
[  403.274450][ T1069] vhci_hcd: release socket
[  403.276295][ T1069] vhci_hcd: disconnect device
[  403.360756][   T13] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  403.393560][T13843] team0: Port device team_slave_0 added
[  403.399269][T13843] team0: Port device team_slave_1 added
[  403.434108][T13845] Invalid ELF header type: 0 != 1
[  403.449608][   T13] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  403.473502][T13843] batman_adv: batadv0: Adding interface: batadv_slave_0
[  403.475742][T13843] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  403.483842][T13843] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  403.488240][T13843] batman_adv: batadv0: Adding interface: batadv_slave_1
[  403.490491][T13843] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  403.498588][T13843] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  403.521808][T13863] 9pnet_virtio: no channels available for device 127.0.0.1
[  403.523880][   T13] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  403.565456][T13861] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  403.567588][T13861] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  403.569998][T13861] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  403.574452][T13843] hsr_slave_0: entered promiscuous mode
[  403.577066][T13843] hsr_slave_1: entered promiscuous mode
[  403.579170][T13843] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  403.581696][T13843] Cannot create hsr debugfs directory
[  403.584057][T13861] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  403.595473][T13861] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  403.615955][T13861] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  403.740291][T13869] netlink: 'syz.2.2101': attribute type 4 has an invalid length.
[  403.780208][   T13] bridge_slave_1: left allmulticast mode
[  403.782070][   T13] bridge_slave_1: left promiscuous mode
[  403.784875][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[  403.824445][   T13] bridge_slave_0: left allmulticast mode
[  403.826727][   T13] bridge_slave_0: left promiscuous mode
[  403.828585][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[  403.974072][T13886] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2104'.
[  404.035508][T13887] netlink: 'syz.4.2104': attribute type 10 has an invalid length.
[  404.127749][   T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  404.132379][   T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  404.137746][   T13] bond0 (unregistering): Released all slaves
[  404.537659][   T13] hsr_slave_0: left promiscuous mode
[  404.540453][   T13] hsr_slave_1: left promiscuous mode
[  404.543528][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  404.545879][   T13] batman_adv: batadv0: Removing interface: batadv_slave_0
[  404.548467][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  404.550938][   T13] batman_adv: batadv0: Removing interface: batadv_slave_1
[  404.577897][   T13] veth1_macvtap: left promiscuous mode
[  404.579701][   T13] veth0_macvtap: left promiscuous mode
[  404.581756][   T13] veth1_vlan: left promiscuous mode
[  404.583633][   T13] veth0_vlan: left promiscuous mode
[  404.765887][T13897] fuse: Unknown parameter 'group_id00000000000000000000'
[  405.422172][   T13] team0 (unregistering): Port device team_slave_1 removed
[  405.491040][   T13] team0 (unregistering): Port device team_slave_0 removed
[  405.623340][ T5948] Bluetooth: hci3: command 0x041b tx timeout
[  405.626141][ T5948] Bluetooth: hci4: command 0x0405 tx timeout
[  405.628143][ T5948] Bluetooth: hci1: command 0x0c1a tx timeout
[  406.395294][T13843] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  406.408274][T13843] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  406.418685][T13843] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  406.445119][T13843] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  406.512527][T13843] 8021q: adding VLAN 0 to HW filter on device bond0
[  406.532757][T13843] 8021q: adding VLAN 0 to HW filter on device team0
[  406.543662][ T1069] bridge0: port 1(bridge_slave_0) entered blocking state
[  406.546228][ T1069] bridge0: port 1(bridge_slave_0) entered forwarding state
[  406.552560][T11273] bridge0: port 2(bridge_slave_1) entered blocking state
[  406.555413][T11273] bridge0: port 2(bridge_slave_1) entered forwarding state
[  406.695811][T13930] 9pnet: p9_errstr2errno: server reported unknown error �@cƒF	S
[  406.771688][T13843] 8021q: adding VLAN 0 to HW filter on device batadv0
[  406.800319][T13843] veth0_vlan: entered promiscuous mode
[  406.811988][T13843] veth1_vlan: entered promiscuous mode
[  406.815497][T13936] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2120'.
[  406.830070][T13843] veth0_macvtap: entered promiscuous mode
[  406.836191][T13843] veth1_macvtap: entered promiscuous mode
[  406.847018][T13843] batman_adv: batadv0: Interface activated: batadv_slave_0
[  406.853106][T13843] batman_adv: batadv0: Interface activated: batadv_slave_1
[  406.859225][T13843] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  406.862061][T13843] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  406.866188][T13843] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  406.869430][T13843] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  406.908573][T13940] Invalid ELF header type: 0 != 1
[  406.910285][T11273] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  406.910298][T11273] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  406.934981][T11273] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  406.938361][T11273] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  408.083493][    T9] usb 9-1: new low-speed USB device number 9 using dummy_hcd
[  408.243273][    T9] usb 9-1: Invalid ep0 maxpacket: 16
[  408.385857][    T9] usb 9-1: new low-speed USB device number 10 using dummy_hcd
[  408.543249][    T9] usb 9-1: Invalid ep0 maxpacket: 16
[  408.545147][    T9] usb usb9-port1: attempt power cycle
[  408.785278][T13960] input: syz1 as /devices/virtual/input/input46
[  408.821622][T13962] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2130'.
[  408.880545][T13964] input: syz0 as /devices/virtual/input/input47
[  408.903960][    T9] usb 9-1: new low-speed USB device number 11 using dummy_hcd
[  408.924341][    T9] usb 9-1: Invalid ep0 maxpacket: 16
[  409.128213][    T9] usb 9-1: new low-speed USB device number 12 using dummy_hcd
[  409.154438][    T9] usb 9-1: Invalid ep0 maxpacket: 16
[  409.157699][    T9] usb usb9-port1: unable to enumerate USB device
[  409.336424][T13969] Invalid ELF header type: 0 != 1
[  409.544127][   T13] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  410.926346][ T5948] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  410.929834][ T5948] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  410.933076][ T5948] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  410.938275][ T5948] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  410.941395][ T5948] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  411.050196][T13976] chnl_net:caif_netlink_parms(): no params data found
[  411.126419][T13976] bridge0: port 1(bridge_slave_0) entered blocking state
[  411.128950][T13976] bridge0: port 1(bridge_slave_0) entered disabled state
[  411.131537][T13976] bridge_slave_0: entered allmulticast mode
[  411.134947][T13976] bridge_slave_0: entered promiscuous mode
[  411.138585][T13976] bridge0: port 2(bridge_slave_1) entered blocking state
[  411.141050][T13976] bridge0: port 2(bridge_slave_1) entered disabled state
[  411.143735][T13976] bridge_slave_1: entered allmulticast mode
[  411.146723][T13976] bridge_slave_1: entered promiscuous mode
[  411.203798][T13976] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  411.210845][T13976] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  411.281446][   T13] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  411.291957][T13976] team0: Port device team_slave_0 added
[  411.295838][T13976] team0: Port device team_slave_1 added
[  411.333787][T13976] batman_adv: batadv0: Adding interface: batadv_slave_0
[  411.336013][T13976] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  411.345092][T13976] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  411.362786][   T13] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  411.371337][T13976] batman_adv: batadv0: Adding interface: batadv_slave_1
[  411.375067][T13976] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  411.384806][T13976] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  411.433411][   T13] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  411.445686][T13976] hsr_slave_0: entered promiscuous mode
[  411.448792][T13976] hsr_slave_1: entered promiscuous mode
[  411.451673][T13976] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  411.456025][T13976] Cannot create hsr debugfs directory
[  411.555933][   T13] bridge_slave_1: left allmulticast mode
[  411.557773][   T13] bridge_slave_1: left promiscuous mode
[  411.559602][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[  411.563779][   T13] bridge_slave_0: left allmulticast mode
[  411.566109][   T13] bridge_slave_0: left promiscuous mode
[  411.568113][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[  411.785000][T13988] netlink: 'syz.0.2135': attribute type 1 has an invalid length.
[  411.808679][   T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  411.813021][   T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  411.816926][   T13] bond0 (unregistering): Released all slaves
[  412.206776][   T13] hsr_slave_0: left promiscuous mode
[  412.209843][   T13] hsr_slave_1: left promiscuous mode
[  412.212744][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  412.218967][   T13] batman_adv: batadv0: Removing interface: batadv_slave_0
[  412.224108][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  412.227230][   T13] batman_adv: batadv0: Removing interface: batadv_slave_1
[  412.281702][   T13] veth1_macvtap: left promiscuous mode
[  412.285353][   T13] veth0_macvtap: left promiscuous mode
[  412.287805][   T13] veth1_vlan: left promiscuous mode
[  412.290115][   T13] veth0_vlan: left promiscuous mode
[  412.520735][T14005] fuse: Bad value for 'user_id'
[  412.522871][T14005] fuse: Bad value for 'user_id'
[  412.983299][ T5948] Bluetooth: hci3: command tx timeout
[  413.035797][T14013] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2142'.
[  413.100787][T14014] netlink: 'syz.0.2142': attribute type 10 has an invalid length.
[  413.189040][   T13] team0 (unregistering): Port device team_slave_1 removed
[  413.267994][   T13] team0 (unregistering): Port device team_slave_0 removed
[  413.946065][T14012] mac80211_hwsim hwsim5 wlan1: entered allmulticast mode
[  413.949957][T14014] mac80211_hwsim hwsim5 wlan1: left allmulticast mode
[  414.176883][T13976] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  414.184659][T13976] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  414.191133][T13976] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  414.197600][T13976] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  414.276241][T13976] 8021q: adding VLAN 0 to HW filter on device bond0
[  414.300779][T13976] 8021q: adding VLAN 0 to HW filter on device team0
[  414.312090][T11272] bridge0: port 1(bridge_slave_0) entered blocking state
[  414.315204][T11272] bridge0: port 1(bridge_slave_0) entered forwarding state
[  414.334330][T11272] bridge0: port 2(bridge_slave_1) entered blocking state
[  414.337377][T11272] bridge0: port 2(bridge_slave_1) entered forwarding state
[  414.389045][T13976] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  414.486733][   T40] audit: type=1804 audit(1748087877.430:64): pid=14035 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.2146" name="/newroot/613/file0/bus" dev="ramfs" ino=43818 res=1 errno=0
[  414.496465][   T40] audit: type=1804 audit(1748087877.430:65): pid=14035 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.2146" name="/newroot/613/file0/bus" dev="ramfs" ino=43818 res=1 errno=0
[  414.529793][T13976] 8021q: adding VLAN 0 to HW filter on device batadv0
[  414.565724][T13976] veth0_vlan: entered promiscuous mode
[  414.570814][T13976] veth1_vlan: entered promiscuous mode
[  414.591144][T13976] veth0_macvtap: entered promiscuous mode
[  414.596795][T13976] veth1_macvtap: entered promiscuous mode
[  414.605615][T13976] batman_adv: batadv0: Interface activated: batadv_slave_0
[  414.614933][T13976] batman_adv: batadv0: Interface activated: batadv_slave_1
[  414.621068][T13976] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  414.625538][T13976] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  414.628946][T13976] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  414.632352][T13976] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  414.699296][T11273] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  414.702572][T11273] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  414.728161][T11294] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  414.730839][T11294] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  415.063444][ T5958] Bluetooth: hci3: command tx timeout
[  415.278225][T14045] fuse: Bad value for 'user_id'
[  415.279763][T14045] fuse: Bad value for 'user_id'
[  415.353092][T14049] Invalid ELF header type: 0 != 1
[  415.386215][T14050] mac80211_hwsim hwsim3 wlan1: entered allmulticast mode
[  415.402153][T14050] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2152'.
[  415.469246][T14051] netlink: 'syz.2.2152': attribute type 10 has an invalid length.
[  415.472422][T14051] mac80211_hwsim hwsim3 wlan1: left allmulticast mode
[  416.179407][T11280] Bluetooth: hci5: Frame reassembly failed (-84)
[  416.181488][T14057] Bluetooth: received HCILL_WAKE_UP_ACK in state 2
[  416.330149][T14059] netlink: 'syz.2.2155': attribute type 1 has an invalid length.
[  417.428722][T14081] mac80211_hwsim hwsim3 wlan1: entered allmulticast mode
[  417.435548][T14081] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2161'.
[  417.494488][T14082] netlink: 'syz.2.2161': attribute type 10 has an invalid length.
[  417.497323][T14082] mac80211_hwsim hwsim3 wlan1: left allmulticast mode
[  418.022877][T14084] fuse: Bad value for 'user_id'
[  418.025352][T14084] fuse: Bad value for 'user_id'
[  418.183375][ T5953] Bluetooth: hci5: command 0x1003 tx timeout
[  418.186302][ T5958] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  418.879896][T14103] input: syz1 as /devices/virtual/input/input48
[  418.937284][T14105] netlink: 'syz.0.2167': attribute type 116 has an invalid length.
[  419.027620][T14107] Bluetooth: received HCILL_WAKE_UP_ACK in state 2
[  419.043355][T11273] Bluetooth: hci5: Frame reassembly failed (-84)
[  419.751906][T14117] mapping of prio or/and queue is allowed only from OUTPUT/FORWARD/POSTROUTING chains
[  419.773509][T14117] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(12)
[  419.776071][T14117] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  419.779838][T14117] vhci_hcd vhci_hcd.0: Device attached
[  420.043237][ T9566] usb 45-1: new high-speed USB device number 3 using vhci_hcd
[  420.300974][T14118] vhci_hcd: connection reset by peer
[  420.301150][T11272] vhci_hcd: stop threads
[  420.301161][T11272] vhci_hcd: release socket
[  420.301327][T11272] vhci_hcd: disconnect device
[  420.823343][ T5947] Bluetooth: hci4: command 0x0405 tx timeout
[  421.063346][ T5947] Bluetooth: hci5: command 0x1003 tx timeout
[  421.067394][ T5953] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  422.006726][T14141] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2178'.
[  422.102126][   T40] audit: type=1326 audit(1748087885.040:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14144 comm="syz.0.2180" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf708e579 code=0x0
[  422.127864][T14146] mac80211_hwsim hwsim3 wlan1: entered allmulticast mode
[  422.138913][T14146] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2179'.
[  422.202146][T14147] netlink: 'syz.2.2179': attribute type 10 has an invalid length.
[  422.205125][T14147] mac80211_hwsim hwsim3 wlan1: left allmulticast mode
[  423.203948][T14165] netlink: 'syz.2.2184': attribute type 1 has an invalid length.
[  424.575429][T14176] macsec1: entered allmulticast mode
[  424.577546][T14176] dummy0: entered allmulticast mode
[  424.580963][T14176] dummy0: left allmulticast mode
[  424.596957][T14177] macsec1: entered allmulticast mode
[  424.598714][T14177] dummy0: entered allmulticast mode
[  424.602957][T14177] dummy0: left allmulticast mode
[  424.904925][T14189] 9pnet_virtio: no channels available for device ./file0/file0
[  424.973328][ T1332] usb 7-1: new high-speed USB device number 23 using dummy_hcd
[  425.045939][T14189] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2190'.
[  425.054490][T14189] netlink: 32 bytes leftover after parsing attributes in process `syz.4.2190'.
[  425.123349][ T1332] usb 7-1: Using ep0 maxpacket: 8
[  425.126726][T14193] netlink: 'syz.4.2191': attribute type 4 has an invalid length.
[  425.130927][ T1332] usb 7-1: config 0 has no interfaces?
[  425.133059][ T1332] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  425.136852][ T1332] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  425.142232][ T1332] usb 7-1: config 0 descriptor??
[  425.163267][ T9566] vhci_hcd: vhci_device speed not set
[  427.742171][T13504] usb 7-1: USB disconnect, device number 23
[  428.005178][T14216] mac80211_hwsim hwsim5 wlan1: entered allmulticast mode
[  428.011714][T14216] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2197'.
[  428.071969][T14218] netlink: 'syz.0.2197': attribute type 10 has an invalid length.
[  428.075537][T14218] mac80211_hwsim hwsim5 wlan1: left allmulticast mode
[  428.499986][T14222] netlink: 'syz.2.2198': attribute type 1 has an invalid length.
[  428.919176][T14239] Bluetooth: received HCILL_WAKE_UP_ACK in state 2
[  428.921376][ T1069] Bluetooth: hci5: Frame reassembly failed (-84)
[  429.961187][T14249] loop6: detected capacity change from 0 to 524287999
[  430.210170][T14256] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2208'.
[  430.268314][T14257] netlink: 'syz.4.2208': attribute type 10 has an invalid length.
[  430.765606][ T1332] usb 7-1: new high-speed USB device number 24 using dummy_hcd
[  430.915076][ T1332] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  430.919120][ T1332] usb 7-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  430.922828][ T1332] usb 7-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[  430.927071][ T1332] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  430.932602][ T1332] usb 7-1: config 0 descriptor??
[  430.983425][ T5953] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  431.100152][T14263] netlink: 'syz.0.2211': attribute type 4 has an invalid length.
[  431.103523][T14263] netlink: 17 bytes leftover after parsing attributes in process `syz.0.2211'.
[  431.146740][T13504] usb 7-1: USB disconnect, device number 24
[  431.211871][T14265] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2211'.
[  431.337092][T14265] team0: Port device team_slave_0 removed
[  431.518469][T14269] mac80211_hwsim hwsim5 wlan1: entered allmulticast mode
[  431.528411][T14269] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2212'.
[  431.591150][T14270] netlink: 'syz.0.2212': attribute type 10 has an invalid length.
[  431.594893][T14270] mac80211_hwsim hwsim5 wlan1: left allmulticast mode
[  431.838284][T14274] syz.2.2214: vmalloc error: size 34359742464, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  431.844514][T14274] CPU: 1 UID: 0 PID: 14274 Comm: syz.2.2214 Not tainted 6.15.0-rc7-syzkaller-00142-g4856ebd99715 #0 PREEMPT(full) 
[  431.844541][T14274] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  431.844553][T14274] Call Trace:
[  431.844560][T14274]  <TASK>
[  431.844567][T14274]  dump_stack_lvl+0x16c/0x1f0
[  431.844598][T14274]  warn_alloc+0x248/0x3a0
[  431.844622][T14274]  ? __pfx_warn_alloc+0x10/0x10
[  431.844640][T14274]  ? __pfx_stack_trace_save+0x10/0x10
[  431.844660][T14274]  ? stack_depot_save_flags+0x28/0xa50
[  431.844696][T14274]  ? kasan_save_stack+0x42/0x60
[  431.844721][T14274]  ? kasan_save_stack+0x33/0x60
[  431.844739][T14274]  ? kasan_save_track+0x14/0x30
[  431.844758][T14274]  ? __kasan_kmalloc+0xaa/0xb0
[  431.844777][T14274]  ? xskq_create+0x52/0x1d0
[  431.844801][T14274]  ? do_sock_setsockopt+0x221/0x470
[  431.844827][T14274]  ? __sys_setsockopt+0x120/0x1a0
[  431.844846][T14274]  ? __ia32_sys_setsockopt+0xbc/0x160
[  431.844873][T14274]  __vmalloc_node_range_noprof+0x10ea/0x1540
[  431.844906][T14274]  ? xskq_create+0xfb/0x1d0
[  431.844932][T14274]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  431.844965][T14274]  ? xskq_create+0xfb/0x1d0
[  431.844984][T14274]  vmalloc_user_noprof+0x6b/0x90
[  431.845000][T14274]  ? xskq_create+0xfb/0x1d0
[  431.845020][T14274]  xskq_create+0xfb/0x1d0
[  431.845044][T14274]  xsk_setsockopt+0x684/0x840
[  431.845066][T14274]  ? __pfx_xsk_setsockopt+0x10/0x10
[  431.845087][T14274]  ? __pfx_aa_sk_perm+0x10/0x10
[  431.845106][T14274]  ? percpu_counter_add_batch+0xb8/0x1f0
[  431.845127][T14274]  ? errseq_sample+0x53/0x70
[  431.845148][T14274]  ? __pfx_xsk_setsockopt+0x10/0x10
[  431.845169][T14274]  do_sock_setsockopt+0x221/0x470
[  431.845195][T14274]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  431.845236][T14274]  __sys_setsockopt+0x120/0x1a0
[  431.845262][T14274]  __ia32_sys_setsockopt+0xbc/0x160
[  431.845281][T14274]  ? lockdep_hardirqs_on+0x7c/0x110
[  431.845304][T14274]  ? syscall_enter_from_user_mode_prepare+0x68/0xe0
[  431.845327][T14274]  __do_fast_syscall_32+0x73/0x120
[  431.845353][T14274]  do_fast_syscall_32+0x32/0x80
[  431.845377][T14274]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  431.845398][T14274] RIP: 0023:0xf7fb8579
[  431.845413][T14274] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  431.845431][T14274] RSP: 002b:00000000f50d655c EFLAGS: 00000296 ORIG_RAX: 000000000000016e
[  431.845449][T14274] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000000011b
[  431.845460][T14274] RDX: 0000000000000002 RSI: 0000000080000080 RDI: 0000000000000020
[  431.845470][T14274] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  431.845481][T14274] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  431.845491][T14274] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  431.845514][T14274]  </TASK>
[  431.845521][T14274] Mem-Info:
[  431.944854][T14274] active_anon:14222 inactive_anon:21 isolated_anon:0
[  431.944854][T14274]  active_file:13985 inactive_file:9806 isolated_file:0
[  431.944854][T14274]  unevictable:2282 dirty:209 writeback:0
[  431.944854][T14274]  slab_reclaimable:5846 slab_unreclaimable:62070
[  431.944854][T14274]  mapped:35707 shmem:10909 pagetables:769
[  431.944854][T14274]  sec_pagetables:320 bounce:0
[  431.944854][T14274]  kernel_misc_reclaimable:0
[  431.944854][T14274]  free:49737 free_pcp:4120 free_cma:0
[  431.958885][T14274] Node 0 active_anon:3088kB inactive_anon:0kB active_file:1004kB inactive_file:188kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:952kB dirty:8kB writeback:0kB shmem:4472kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:9240kB pagetables:1012kB sec_pagetables:1156kB all_unreclaimable? yes Balloon:0kB
[  432.013530][T14274] Node 1 active_anon:43400kB inactive_anon:84kB active_file:54936kB inactive_file:39036kB unevictable:3544kB isolated(anon):0kB isolated(file):0kB mapped:134576kB dirty:828kB writeback:0kB shmem:28964kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:3628kB pagetables:2064kB sec_pagetables:124kB all_unreclaimable? no Balloon:0kB
[  432.026955][T14274] Node 0 DMA free:2412kB boost:2048kB min:2808kB low:2996kB high:3184kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:116kB local_pcp:0kB free_cma:0kB
[  432.037848][T14274] lowmem_reserve[]: 0 293 293 293 293
[  432.040078][T14274] Node 0 DMA32 free:25212kB boost:8192kB min:21640kB low:25000kB high:28360kB reserved_highatomic:4096KB active_anon:3088kB inactive_anon:0kB active_file:1004kB inactive_file:188kB unevictable:3536kB writepending:8kB present:1032196kB managed:300196kB mlocked:0kB bounce:0kB free_pcp:4224kB local_pcp:4156kB free_cma:0kB
[  432.051856][T14274] lowmem_reserve[]: 0 0 0 0 0
[  432.053911][T14274] Node 1 DMA32 free:171100kB boost:16384kB min:63532kB low:75316kB high:87100kB reserved_highatomic:2048KB active_anon:43400kB inactive_anon:84kB active_file:54936kB inactive_file:39036kB unevictable:3544kB writepending:828kB present:1048432kB managed:948284kB mlocked:8kB bounce:0kB free_pcp:24772kB local_pcp:21664kB free_cma:0kB
[  432.065004][T14274] lowmem_reserve[]: 0 0 0 0 0
[  432.066713][T14274] Node 0 DMA: 59*4kB (U) 2*8kB (U) 1*16kB (U) 15*32kB (U) 2*64kB (U) 0*128kB 0*256kB 1*512kB (U) 1*1024kB (U) 0*2048kB 0*4096kB = 2412kB
[  432.072274][T14274] Node 0 DMA32: 229*4kB (UMEH) 211*8kB (UMEH) 93*16kB (UMEH) 146*32kB (UMEH) 73*64kB (UMEH) 36*128kB (UMEH) 12*256kB (UME) 6*512kB (UM) 1*1024kB (H) 0*2048kB 0*4096kB = 25212kB
[  432.079428][T14274] Node 1 DMA32: 47*4kB (UE) 108*8kB (UEH) 61*16kB (UMEH) 85*32kB (UEH) 183*64kB (UMEH) 84*128kB (UMEH) 28*256kB (UME) 31*512kB (UME) 46*1024kB (UM) 10*2048kB (UM) 13*4096kB (UM) = 171084kB
[  432.087080][T14274] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  432.091007][T14274] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[  432.094892][T14274] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  432.098840][T14274] Node 1 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB
[  432.102587][T14274] 32252 total pagecache pages
[  432.104665][T14274] 105 pages in swap cache
[  432.106472][T14274] Free swap  = 122740kB
[  432.108221][T14274] Total swap = 124996kB
[  432.109993][T14274] 524155 pages RAM
[  432.111714][T14274] 0 pages HighMem/MovableOnly
[  432.117553][T14274] 208195 pages reserved
[  432.119380][T14274] 0 pages cma reserved
[  432.374443][ T5983] usb 9-1: new high-speed USB device number 13 using dummy_hcd
[  432.589149][ T5983] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  432.711506][ T5983] usb 9-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  432.716297][ T5983] usb 9-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[  432.726725][ T5983] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  433.266791][ T5983] usb 9-1: config 0 descriptor??
[  433.597774][T14296] mapping of prio or/and queue is allowed only from OUTPUT/FORWARD/POSTROUTING chains
[  433.619605][T14296] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(12)
[  433.622184][T14296] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  433.633368][T14296] vhci_hcd vhci_hcd.0: Device attached
[  433.883368][ T9566] usb 37-1: new high-speed USB device number 13 using vhci_hcd
[  434.202934][T14297] vhci_hcd: connection reset by peer
[  434.205601][T11280] vhci_hcd: stop threads
[  434.206980][T11280] vhci_hcd: release socket
[  434.208642][T11280] vhci_hcd: disconnect device
[  434.433730][T14303] lo: entered promiscuous mode
[  434.435821][T14303] lo: entered allmulticast mode
[  434.438003][T14303] tunl0: entered promiscuous mode
[  434.439751][T14303] tunl0: entered allmulticast mode
[  434.441744][T14303] gre0: entered promiscuous mode
[  434.443884][T14303] gre0: entered allmulticast mode
[  434.446453][T14303] gretap0: entered promiscuous mode
[  434.448633][T14303] gretap0: entered allmulticast mode
[  434.450677][T14303] erspan0: entered promiscuous mode
[  434.452572][T14303] erspan0: entered allmulticast mode
[  434.455203][T14303] ip_vti0: entered promiscuous mode
[  434.457055][T14303] ip_vti0: entered allmulticast mode
[  434.459228][T14303] ip6_vti0: entered promiscuous mode
[  434.461138][T14303] ip6_vti0: entered allmulticast mode
[  434.463306][T14303] sit0: entered promiscuous mode
[  434.465347][T14303] sit0: entered allmulticast mode
[  434.467926][T14303] ip6tnl0: entered promiscuous mode
[  434.470218][T14303] ip6tnl0: entered allmulticast mode
[  434.472780][T14303] ip6gre0: entered promiscuous mode
[  434.475199][T14303] ip6gre0: entered allmulticast mode
[  434.477768][T14303] syz_tun: entered promiscuous mode
[  434.479969][T14303] syz_tun: entered allmulticast mode
[  434.482729][T14303] ip6gretap0: entered promiscuous mode
[  434.485238][T14303] ip6gretap0: entered allmulticast mode
[  434.495614][T14303] vcan0: entered promiscuous mode
[  434.497859][T14303] vcan0: entered allmulticast mode
[  434.500554][T14303] bond0: entered promiscuous mode
[  434.502692][T14303] mac80211_hwsim hwsim3 wlan1: entered promiscuous mode
[  434.505397][T14303] bond0: entered allmulticast mode
[  434.507192][T14303] mac80211_hwsim hwsim3 wlan1: entered allmulticast mode
[  434.510590][T14303] team0: entered promiscuous mode
[  434.512847][T14303] team0: entered allmulticast mode
[  434.516009][T14303] dummy0: entered promiscuous mode
[  434.518349][T14303] dummy0: entered allmulticast mode
[  434.520755][T14303] nlmon0: entered promiscuous mode
[  434.522805][T14303] nlmon0: entered allmulticast mode
[  434.525759][T14303] caif0: entered promiscuous mode
[  434.527635][T14303] caif0: entered allmulticast mode
[  434.530216][T14303] batadv0: entered promiscuous mode
[  434.532065][T14303] batadv0: entered allmulticast mode
[  434.534728][T14303] vxcan0: entered promiscuous mode
[  434.536825][T14303] vxcan0: entered allmulticast mode
[  434.539362][T14303] vxcan1: entered promiscuous mode
[  434.541175][T14303] vxcan1: entered allmulticast mode
[  434.543143][T14303] veth0: entered promiscuous mode
[  434.545100][T14303] veth0: entered allmulticast mode
[  434.547358][T14303] veth1: entered promiscuous mode
[  434.549120][T14303] veth1: entered allmulticast mode
[  434.551342][T14303] wg0: entered promiscuous mode
[  434.553455][T14303] wg0: entered allmulticast mode
[  434.555500][T14303] wg1: entered promiscuous mode
[  434.557198][T14303] wg1: entered allmulticast mode
[  434.559161][T14303] veth0_to_bridge: entered promiscuous mode
[  434.561170][T14303] veth0_to_bridge: entered allmulticast mode
[  434.563520][T14303] bridge_slave_0: entered promiscuous mode
[  434.587539][T14303] bridge_slave_0: entered allmulticast mode
[  434.591802][T14303] veth1_to_bridge: entered promiscuous mode
[  434.595434][T14303] veth1_to_bridge: entered allmulticast mode
[  434.597561][T14303] bridge_slave_1: entered promiscuous mode
[  434.599501][T14303] bridge_slave_1: entered allmulticast mode
[  434.601605][T14303] veth0_to_bond: entered promiscuous mode
[  434.603602][T14303] veth0_to_bond: entered allmulticast mode
[  434.605578][T14303] bond_slave_0: entered promiscuous mode
[  434.607454][T14303] bond_slave_0: entered allmulticast mode
[  434.609542][T14303] veth1_to_bond: entered promiscuous mode
[  434.611466][T14303] veth1_to_bond: entered allmulticast mode
[  434.613599][T14303] bond_slave_1: entered promiscuous mode
[  434.615443][T14303] bond_slave_1: entered allmulticast mode
[  434.617401][T14303] veth0_to_team: entered promiscuous mode
[  434.619272][T14303] veth0_to_team: entered allmulticast mode
[  434.621288][T14303] team_slave_0: entered promiscuous mode
[  434.623106][T14303] team_slave_0: entered allmulticast mode
[  434.625104][T14303] veth1_to_team: entered promiscuous mode
[  434.626964][T14303] veth1_to_team: entered allmulticast mode
[  434.628905][T14303] team_slave_1: entered promiscuous mode
[  434.630743][T14303] team_slave_1: entered allmulticast mode
[  434.632697][T14303] veth0_to_batadv: entered promiscuous mode
[  434.634857][T14303] veth0_to_batadv: entered allmulticast mode
[  434.636903][T14303] batadv_slave_0: entered promiscuous mode
[  434.638817][T14303] batadv_slave_0: entered allmulticast mode
[  434.640856][T14303] veth1_to_batadv: entered promiscuous mode
[  434.642840][T14303] veth1_to_batadv: entered allmulticast mode
[  434.644971][T14303] batadv_slave_1: entered promiscuous mode
[  434.646829][T14303] batadv_slave_1: entered allmulticast mode
[  434.648810][T14303] xfrm0: entered promiscuous mode
[  434.650505][T14303] xfrm0: entered allmulticast mode
[  434.652245][T14303] veth0_to_hsr: entered promiscuous mode
[  434.654239][T14303] veth0_to_hsr: entered allmulticast mode
[  434.656175][T14303] hsr_slave_0: entered allmulticast mode
[  434.658168][T14303] veth1_to_hsr: entered promiscuous mode
[  434.660003][T14303] veth1_to_hsr: entered allmulticast mode
[  434.661984][T14303] hsr_slave_1: entered allmulticast mode
[  434.664011][T14303] hsr0: entered promiscuous mode
[  434.665940][T14303] hsr0: entered allmulticast mode
[  434.668238][T14303] veth1_virt_wifi: entered promiscuous mode
[  434.670206][T14303] veth1_virt_wifi: entered allmulticast mode
[  434.672547][T14303] veth0_virt_wifi: entered promiscuous mode
[  434.675432][T14303] veth0_virt_wifi: entered allmulticast mode
[  434.678294][T14303] net veth1_virt_wifi 
€Â: entered promiscuous mode
[  434.681191][T14303] net veth1_virt_wifi 
€Â: entered allmulticast mode
[  434.684136][T14303] veth1_vlan: entered allmulticast mode
[  434.686720][T14303] veth0_vlan: entered allmulticast mode
[  434.689337][T14303] @: entered promiscuous mode
[  434.691598][T14303] @: entered allmulticast mode
[  434.694069][T14303] vlan1: entered promiscuous mode
[  434.696479][T14303] vlan1: entered allmulticast mode
[  434.698893][T14303] macvlan0: entered promiscuous mode
[  434.701258][T14303] macvlan0: entered allmulticast mode
[  434.703772][T14303] macvlan1: entered promiscuous mode
[  434.706176][T14303] macvlan1: entered allmulticast mode
[  434.768130][T14303] ipvlan0: entered promiscuous mode
[  434.770052][T14303] ipvlan0: entered allmulticast mode
[  434.771988][T14303] ipvlan1: entered promiscuous mode
[  434.774809][T14303] ipvlan1: entered allmulticast mode
[  434.776615][T14303] veth1_macvtap: entered allmulticast mode
[  434.778666][T14303] veth0_macvtap: entered allmulticast mode
[  434.780738][T14303] macvtap0: entered promiscuous mode
[  434.782517][T14303] macvtap0: entered allmulticast mode
[  434.785014][T14303] macsec0: entered promiscuous mode
[  434.786729][T14303] macsec0: entered allmulticast mode
[  434.788524][T14303] geneve0: entered promiscuous mode
[  434.790363][T14303] geneve0: entered allmulticast mode
[  434.792165][T14303] geneve1: entered promiscuous mode
[  434.794321][T14303] geneve1: entered allmulticast mode
[  434.796144][T14303] mac80211_hwsim hwsim2 wlan0: entered promiscuous mode
[  434.798561][T14303] mac80211_hwsim hwsim2 wlan0: entered allmulticast mode
[  434.801036][T14303] bridge1: entered promiscuous mode
[  434.802978][T14303] bridge1: entered allmulticast mode
[  434.804457][T14306] syz.0.2221: attempt to access beyond end of device
[  434.804457][T14306] loop0: rw=6144, sector=128, nr_sectors = 8 limit=0
[  434.805339][T14303] ip6tnl1: entered promiscuous mode
[  434.810092][T14306] gfs2: error -5 reading superblock
[  434.813721][T14303] ip6tnl1: entered allmulticast mode
[  434.815577][T14303] geneve2: entered promiscuous mode
[  434.817244][T14303] geneve2: entered allmulticast mode
[  434.819373][T14303] syztnl2: entered promiscuous mode
[  434.821137][T14303] syztnl2: entered allmulticast mode
[  434.823095][T14303] vxlan0: entered promiscuous mode
[  434.825081][T14303] vxlan0: entered allmulticast mode
[  434.827167][T14303] bridge2: entered promiscuous mode
[  434.828947][T14303] bridge2: entered allmulticast mode
[  434.830792][T14303] ipvlan2: entered promiscuous mode
[  434.832581][T14303] ipvlan2: entered allmulticast mode
[  434.834895][T14303] bridge0: entered promiscuous mode
[  434.836639][T14303] bridge0: entered allmulticast mode
[  434.838651][T14303] bridge3: entered promiscuous mode
[  434.840379][T14303] bridge3: entered allmulticast mode
[  434.842187][T14303] bridge4: entered promiscuous mode
[  434.844032][T14303] bridge4: entered allmulticast mode
[  434.845884][T14303] bridge5: entered promiscuous mode
[  434.847630][T14303] bridge5: entered allmulticast mode
[  434.849492][T14303] bridge6: entered promiscuous mode
[  434.851209][T14303] bridge6: entered allmulticast mode
[  434.853395][T14303] netdevsim netdevsim2 eth0: entered promiscuous mode
[  434.855575][T14303] netdevsim netdevsim2 eth0: entered allmulticast mode
[  434.857891][T14303] netdevsim netdevsim2 eth1: entered promiscuous mode
[  434.860122][T14303] netdevsim netdevsim2 eth1: entered allmulticast mode
[  434.862495][T14303] netdevsim netdevsim2 eth2: entered promiscuous mode
[  434.865002][T14303] netdevsim netdevsim2 eth2: entered allmulticast mode
[  434.867282][T14303] netdevsim netdevsim2 eth3: entered promiscuous mode
[  434.869543][T14303] netdevsim netdevsim2 eth3: entered allmulticast mode
[  434.871828][T14303] bridge7: entered promiscuous mode
[  434.873811][T14303] bridge7: entered allmulticast mode
[  434.875660][T14303] bridge8: entered promiscuous mode
[  434.877474][T14303] bridge8: entered allmulticast mode
[  434.879315][T14303] bridge9: entered promiscuous mode
[  434.881054][T14303] bridge9: entered allmulticast mode
[  435.217847][T14317] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2224'.
[  435.221248][T14317] netlink: 60 bytes leftover after parsing attributes in process `syz.0.2224'.
[  435.287678][ T6086] usb 7-1: new high-speed USB device number 25 using dummy_hcd
[  435.290912][ T3231] usb 9-1: USB disconnect, device number 13
[  435.505036][ T6086] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  435.508367][ T6086] usb 7-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  435.511431][ T6086] usb 7-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[  435.514706][ T6086] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  435.519428][ T6086] usb 7-1: config 0 descriptor??
[  435.665347][T14324] Invalid ELF header type: 0 != 1
[  436.254994][T13504] usb 7-1: USB disconnect, device number 25
[  436.851946][T14342] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2232'.
[  436.857132][T14342] 9pnet_fd: Insufficient options for proto=fd
[  436.981689][T14349] program syz.4.2231 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  437.498795][T14351] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2234'.
[  437.687103][T14358] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2237'.
[  437.813536][ T1332] usb 7-1: new high-speed USB device number 26 using dummy_hcd
[  437.984594][ T1332] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  437.988451][ T1332] usb 7-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  437.992071][ T1332] usb 7-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[  437.996272][ T1332] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  438.001500][ T1332] usb 7-1: config 0 descriptor??
[  438.973767][ T9566] vhci_hcd: vhci_device speed not set
[  439.443885][ T5983] usb 7-1: USB disconnect, device number 26
[  439.546744][ T1417] ieee802154 phy0 wpan0: encryption failed: -22
[  439.549362][ T1417] ieee802154 phy1 wpan1: encryption failed: -22
[  439.704658][T14379] mapping of prio or/and queue is allowed only from OUTPUT/FORWARD/POSTROUTING chains
[  439.720120][T14379] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(12)
[  439.722235][T14379] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  439.725998][T14379] vhci_hcd vhci_hcd.0: Device attached
[  439.963304][ T3231] usb 45-1: new high-speed USB device number 4 using vhci_hcd
[  440.078819][T14387] netlink: 48 bytes leftover after parsing attributes in process `syz.2.2244'.
[  440.329893][T14380] vhci_hcd: connection reset by peer
[  440.331902][T11280] vhci_hcd: stop threads
[  440.333468][T11280] vhci_hcd: release socket
[  440.335069][T11280] vhci_hcd: disconnect device
[  441.043086][T14395] netlink: 'syz.0.2247': attribute type 1 has an invalid length.
[  441.643438][ T6489] usb 7-1: new high-speed USB device number 27 using dummy_hcd
[  441.800339][ T6489] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  441.803668][ T6489] usb 7-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  441.806541][ T6489] usb 7-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[  441.809428][ T6489] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  441.816465][ T6489] usb 7-1: config 0 descriptor??
[  442.035395][ T6489] usb 7-1: USB disconnect, device number 27
[  442.315001][T14422] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  443.373915][T14444] Invalid ELF header type: 0 != 1
[  443.539696][T14448] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2261'.
[  443.760569][T14453] UDF-fs: warning (device sr0): udf_load_vrs: No VRS found
[  443.764214][T14453] UDF-fs: Scanning with blocksize 2048 failed
[  443.792180][T14453] UDF-fs: warning (device sr0): udf_load_vrs: No VRS found
[  443.794623][T14453] UDF-fs: Scanning with blocksize 4096 failed
[  443.920374][T14453] e1000e 0000:00:02.0 eth1: NIC Link is Down
[  443.971293][T14462] trusted_key: encrypted_key: insufficient parameters specified
[  444.053250][T13504] usb 7-1: new high-speed USB device number 28 using dummy_hcd
[  444.082610][T14465] netlink: 'syz.0.2263': attribute type 12 has an invalid length.
[  444.205561][T13504] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  444.209811][T13504] usb 7-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  444.212610][T13504] usb 7-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[  444.216754][T13504] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  444.221011][T13504] usb 7-1: config 0 descriptor??
[  444.439658][T13504] usb 7-1: USB disconnect, device number 28
[  444.859864][T14476] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2269'.
[  445.015267][T14470] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  445.022399][T14470] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  445.063510][ T3231] vhci_hcd: vhci_device speed not set
[  445.117769][T14484] FAULT_INJECTION: forcing a failure.
[  445.117769][T14484] name failslab, interval 1, probability 0, space 0, times 0
[  445.122825][T14484] CPU: 3 UID: 0 PID: 14484 Comm: syz.4.2270 Not tainted 6.15.0-rc7-syzkaller-00142-g4856ebd99715 #0 PREEMPT(full) 
[  445.122841][T14484] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  445.122848][T14484] Call Trace:
[  445.122853][T14484]  <TASK>
[  445.122858][T14484]  dump_stack_lvl+0x16c/0x1f0
[  445.122877][T14484]  should_fail_ex+0x512/0x640
[  445.122893][T14484]  ? __kmalloc_noprof+0xbf/0x510
[  445.122907][T14484]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290
[  445.122924][T14484]  should_failslab+0xc2/0x120
[  445.122938][T14484]  __kmalloc_noprof+0xd2/0x510
[  445.122950][T14484]  ? __pfx___mutex_lock+0x10/0x10
[  445.122968][T14484]  genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290
[  445.122988][T14484]  genl_start+0x18f/0x980
[  445.123006][T14484]  __netlink_dump_start+0x60e/0x990
[  445.123022][T14484]  genl_family_rcv_msg_dumpit+0x1e2/0x2e0
[  445.123039][T14484]  ? __pfx_genl_family_rcv_msg_dumpit+0x10/0x10
[  445.123055][T14484]  ? kfree_skbmem+0x1a4/0x1f0
[  445.123069][T14484]  ? __pfx_genl_get_cmd+0x10/0x10
[  445.123082][T14484]  ? __pfx_genl_start+0x10/0x10
[  445.123096][T14484]  ? __pfx_genl_dumpit+0x10/0x10
[  445.123111][T14484]  ? __pfx_genl_done+0x10/0x10
[  445.123127][T14484]  ? __local_bh_enable_ip+0xa4/0x120
[  445.123139][T14484]  ? __dev_queue_xmit+0x896/0x43e0
[  445.123149][T14484]  ? __radix_tree_lookup+0x21f/0x2c0
[  445.123179][T14484]  genl_rcv_msg+0x46e/0x800
[  445.123197][T14484]  ? __pfx_genl_rcv_msg+0x10/0x10
[  445.123213][T14484]  ? __pfx___dev_queue_xmit+0x10/0x10
[  445.123223][T14484]  ? __pfx_netdev_nl_qstats_get_dumpit+0x10/0x10
[  445.123239][T14484]  ? __lock_acquire+0xaa4/0x1ba0
[  445.123256][T14484]  netlink_rcv_skb+0x16a/0x440
[  445.123270][T14484]  ? __pfx_genl_rcv_msg+0x10/0x10
[  445.123287][T14484]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  445.123308][T14484]  ? __pfx_down_read+0x10/0x10
[  445.123319][T14484]  ? netlink_deliver_tap+0x1ae/0xd30
[  445.123334][T14484]  genl_rcv+0x28/0x40
[  445.123349][T14484]  netlink_unicast+0x53d/0x7f0
[  445.123364][T14484]  ? __pfx_netlink_unicast+0x10/0x10
[  445.123383][T14484]  netlink_sendmsg+0x8d1/0xdd0
[  445.123399][T14484]  ? __pfx_netlink_sendmsg+0x10/0x10
[  445.123417][T14484]  ? __import_iovec+0x1c8/0x660
[  445.123430][T14484]  ____sys_sendmsg+0xa95/0xc70
[  445.123451][T14484]  ? gfs2_link+0x1d0/0xbd0
[  445.123470][T14484]  ? __pfx_____sys_sendmsg+0x10/0x10
[  445.123493][T14484]  ? get_compat_msghdr+0x11a/0x170
[  445.123525][T14484]  ___sys_sendmsg+0x134/0x1d0
[  445.123547][T14484]  ? __pfx____sys_sendmsg+0x10/0x10
[  445.123598][T14484]  __sys_sendmsg+0x16d/0x220
[  445.123618][T14484]  ? __pfx___sys_sendmsg+0x10/0x10
[  445.123649][T14484]  ? rcu_is_watching+0x12/0xc0
[  445.123676][T14484]  __do_fast_syscall_32+0x73/0x120
[  445.123698][T14484]  do_fast_syscall_32+0x32/0x80
[  445.123714][T14484]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  445.123727][T14484] RIP: 0023:0xf7f36579
[  445.123737][T14484] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  445.123747][T14484] RSP: 002b:00000000f501455c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  445.123758][T14484] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 0000000080000100
[  445.123765][T14484] RDX: 0000000004000000 RSI: 0000000000000000 RDI: 0000000000000000
[  445.123771][T14484] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  445.123777][T14484] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  445.123783][T14484] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  445.123797][T14484]  </TASK>
[  446.962170][T14506] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  446.967707][T14506] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  447.303786][T14515] xt_CT: You must specify a L4 protocol and not use inversions on it
[  447.318617][T14509] wg2: entered promiscuous mode
[  447.321410][T14509] wg2: entered allmulticast mode
[  447.653333][ T6489] usb 7-1: new high-speed USB device number 29 using dummy_hcd
[  447.803359][ T6489] usb 7-1: Using ep0 maxpacket: 8
[  447.806254][ T6489] usb 7-1: config 0 has no interfaces?
[  447.807983][ T6489] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  447.810803][ T6489] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  447.814982][ T6489] usb 7-1: config 0 descriptor??
[  448.769994][T14537] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2289'.
[  449.374314][T14550] A link change request failed with some changes committed already. Interface bond_slave_0 may have been left with an inconsistent configuration, please check.
[  449.543479][T13504] usb 9-1: new high-speed USB device number 14 using dummy_hcd
[  449.707181][T13504] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  449.710562][T13504] usb 9-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  449.713472][T13504] usb 9-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[  449.716317][T13504] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  449.721161][T13504] usb 9-1: config 0 descriptor??
[  449.937653][T14554] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check.
[  449.938489][T13504] usb 9-1: USB disconnect, device number 14
[  450.130003][T14555] netlink: 3 bytes leftover after parsing attributes in process `syz.0.2295'.
[  450.138295][T14555] batadv1: entered allmulticast mode
[  450.436184][ T6489] usb 7-1: USB disconnect, device number 29
[  450.470771][T14557] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2296'.
[  450.487117][T14561] binder: 14558:14561 ioctl 541b 80000080 returned -22
[  450.585382][T14569] netlink: 'syz.4.2299': attribute type 1 has an invalid length.
[  450.677686][T14563] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  450.679822][T14563] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  450.681927][T14563] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  450.732243][T14573] ip6_vti0: left allmulticast mode
[  450.735711][T14573] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2301'.
[  451.011446][T14582] netlink: 'syz.0.2305': attribute type 10 has an invalid length.
[  451.019387][T14582] bond0: (slave wlan1): Releasing backup interface
[  451.028888][T14582] team0: Port device wlan1 added
[  451.108221][T14588] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2308'.
[  451.209433][T14590] netlink: 'syz.0.2309': attribute type 1 has an invalid length.
[  451.303400][ T6489] usb 9-1: new high-speed USB device number 15 using dummy_hcd
[  451.464424][ T6489] usb 9-1: Using ep0 maxpacket: 8
[  451.468919][ T6489] usb 9-1: config 0 has no interfaces?
[  451.470940][ T6489] usb 9-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  451.474096][ T6489] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  451.477732][ T6489] usb 9-1: config 0 descriptor??
[  452.407204][   T40] audit: type=1326 audit(1748088144.350:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14606 comm="syz.2.2312" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7fb8579 code=0x0
[  452.743319][ T5953] Bluetooth: hci1: command 0x0c1a tx timeout
[  452.745765][ T5947] Bluetooth: hci4: command 0x0405 tx timeout
[  453.313290][T11294] wlan1: Trigger new scan to find an IBSS to join
[  454.084659][    T9] usb 9-1: USB disconnect, device number 15
[  454.311885][T14629] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2318'.
[  454.316092][T14629] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2318'.
[  454.404186][T14632] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2319'.
[  454.537602][T11273] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  454.642174][T11273] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  454.723519][T11273] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  454.776218][T14637] Invalid ELF header type: 0 != 1
[  454.793072][T11273] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  454.925409][T11273] bridge_slave_1: left allmulticast mode
[  454.928401][T11273] bridge_slave_1: left promiscuous mode
[  454.930886][T11273] bridge0: port 2(bridge_slave_1) entered disabled state
[  454.936543][T11273] bridge_slave_0: left allmulticast mode
[  454.938926][T11273] bridge_slave_0: left promiscuous mode
[  454.941387][T11273] bridge0: port 1(bridge_slave_0) entered disabled state
[  455.229006][T11273] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  455.235637][T11273] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  455.240644][T11273] bond0 (unregistering): Released all slaves
[  455.589527][T11273] hsr_slave_0: left promiscuous mode
[  455.592476][T11273] hsr_slave_1: left promiscuous mode
[  455.595331][T11273] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  455.598490][T11273] batman_adv: batadv0: Removing interface: batadv_slave_0
[  455.602276][T11273] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  455.608156][T11273] batman_adv: batadv0: Removing interface: batadv_slave_1
[  455.649824][T11273] veth1_macvtap: left promiscuous mode
[  455.652309][T11273] veth0_macvtap: left promiscuous mode
[  455.656249][T11273] veth1_vlan: left promiscuous mode
[  455.658618][T11273] veth0_vlan: left promiscuous mode
[  455.931685][   T40] audit: type=1326 audit(1748088147.870:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14639 comm="syz.4.2323" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f36579 code=0x0
[  456.118163][ T5953] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  456.124780][ T5953] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  456.133674][ T5953] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  456.141820][ T5953] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  456.151050][ T5953] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  456.570331][T14644] mapping of prio or/and queue is allowed only from OUTPUT/FORWARD/POSTROUTING chains
[  456.666030][T14644] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(11)
[  456.668170][T14644] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  456.670605][T14644] vhci_hcd vhci_hcd.0: Device attached
[  456.691365][T14653] vhci_hcd: connection closed
[  456.691567][T11294] vhci_hcd: stop threads
[  456.694550][T11294] vhci_hcd: release socket
[  456.698047][T11294] vhci_hcd: disconnect device
[  457.069852][T11273] team0 (unregistering): Port device team_slave_1 removed
[  457.139038][ T3231] usb 9-1: new low-speed USB device number 16 using dummy_hcd
[  457.150750][T11273] team0 (unregistering): Port device team_slave_0 removed
[  457.308760][ T3231] usb 9-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  457.312309][ T3231] usb 9-1: config 1 has 1 interface, different from the descriptor's value: 2
[  457.316175][ T3231] usb 9-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 26984, setting to 8
[  457.320945][ T3231] usb 9-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00
[  457.325100][ T3231] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  457.338182][T14656] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  457.362756][ T3231] hub 9-1:1.0: bad descriptor, ignoring hub
[  457.365703][ T3231] hub 9-1:1.0: probe with driver hub failed with error -5
[  457.369187][ T3231] cdc_wdm 9-1:1.0: skipping garbage
[  457.371695][ T3231] cdc_wdm 9-1:1.0: skipping garbage
[  457.383383][ T1069] wlan1: Trigger new scan to find an IBSS to join
[  457.386797][ T3231] cdc_wdm 9-1:1.0: cdc-wdm1: USB WDM device
[  457.389347][ T3231] cdc_wdm 9-1:1.0: Unknown control protocol
[  457.634842][T14660] netlink: 'syz.2.2326': attribute type 2 has an invalid length.
[  457.863752][ T6007] usb 9-1: USB disconnect, device number 16
[  458.057697][T14648] chnl_net:caif_netlink_parms(): no params data found
[  458.183304][ T5948] Bluetooth: hci3: command tx timeout
[  458.202101][T14677] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2329'.
[  458.210533][T14648] bridge0: port 1(bridge_slave_0) entered blocking state
[  458.210578][T14648] bridge0: port 1(bridge_slave_0) entered disabled state
[  458.210735][T14648] bridge_slave_0: entered allmulticast mode
[  458.211474][T14648] bridge_slave_0: entered promiscuous mode
[  458.221008][T14648] bridge0: port 2(bridge_slave_1) entered blocking state
[  458.221077][T14648] bridge0: port 2(bridge_slave_1) entered disabled state
[  458.221148][T14648] bridge_slave_1: entered allmulticast mode
[  458.229107][T14648] bridge_slave_1: entered promiscuous mode
[  458.280514][T14648] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  458.282317][T14648] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  458.368374][T14648] team0: Port device team_slave_0 added
[  458.369830][T14648] team0: Port device team_slave_1 added
[  458.427594][T14648] batman_adv: batadv0: Adding interface: batadv_slave_0
[  458.427606][T14648] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  458.427625][T14648] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  458.428416][T14648] batman_adv: batadv0: Adding interface: batadv_slave_1
[  458.428423][T14648] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  458.428443][T14648] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  458.512096][T14648] hsr_slave_0: entered promiscuous mode
[  458.514586][T14648] hsr_slave_1: entered promiscuous mode
[  458.516631][T14648] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  458.519110][T14648] Cannot create hsr debugfs directory
[  458.519450][   T40] audit: type=1326 audit(1748088150.460:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14684 comm="syz.0.2332" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf708e579 code=0x0
[  459.057322][T14648] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  459.061457][T14648] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  459.066694][T14648] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  459.070540][T14648] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  459.119242][T14648] 8021q: adding VLAN 0 to HW filter on device bond0
[  459.131560][T14648] 8021q: adding VLAN 0 to HW filter on device team0
[  459.136793][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[  459.139601][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[  459.147949][T11272] bridge0: port 2(bridge_slave_1) entered blocking state
[  459.150259][T11272] bridge0: port 2(bridge_slave_1) entered forwarding state
[  459.288595][ T6007] kernel write not supported for file /snd/seq (pid: 6007 comm: kworker/2:3)
[  459.313388][T11280] wlan1: Creating new IBSS network, BSSID e6:ac:57:7e:0b:64
[  459.340729][T14648] 8021q: adding VLAN 0 to HW filter on device batadv0
[  459.368401][T14648] veth0_vlan: entered promiscuous mode
[  459.374571][T14648] veth1_vlan: entered promiscuous mode
[  459.386847][T14648] veth0_macvtap: entered promiscuous mode
[  459.390512][T14648] veth1_macvtap: entered promiscuous mode
[  459.401453][T14648] batman_adv: batadv0: Interface activated: batadv_slave_0
[  459.405669][T14648] batman_adv: batadv0: Interface activated: batadv_slave_1
[  459.409866][T14648] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  459.412569][T14648] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  459.415785][T14648] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  459.418500][T14648] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  459.568437][T14708] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  459.570720][T11273] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  459.572308][T14708] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  459.574581][T11273] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  459.610298][T14709] loop6: detected capacity change from 0 to 524287999
[  459.951706][T11273] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  459.963634][T11273] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  460.263312][ T5953] Bluetooth: hci3: command tx timeout
[  460.675108][T14720] mapping of prio or/and queue is allowed only from OUTPUT/FORWARD/POSTROUTING chains
[  460.702724][T14720] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(12)
[  460.705563][T14720] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  460.711753][T14720] vhci_hcd vhci_hcd.0: Device attached
[  460.953281][ T6086] usb 45-1: new high-speed USB device number 5 using vhci_hcd
[  461.250220][T14721] vhci_hcd: connection reset by peer
[  461.252169][T11273] vhci_hcd: stop threads
[  461.254405][T11273] vhci_hcd: release socket
[  461.256502][T11273] vhci_hcd: disconnect device
[  461.931055][T14734] netlink: 48 bytes leftover after parsing attributes in process `syz.4.2346'.
[  462.106154][T14738] netlink: 'syz.2.2348': attribute type 1 has an invalid length.
[  462.193957][T14736] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2347'.
[  462.351513][T14740] netlink: 'syz.4.2347': attribute type 10 has an invalid length.
[  463.177130][T14760] loop6: detected capacity change from 0 to 524287999
[  463.383361][T14759] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(5)
[  463.385473][T14759] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  463.388303][T14759] vhci_hcd vhci_hcd.0: Device attached
[  463.653774][T14767] Bluetooth: received HCILL_WAKE_UP_ACK in state 2
[  463.658269][   T13] Bluetooth: hci5: Frame reassembly failed (-84)
[  463.829543][T14761] vhci_hcd: connection closed
[  463.829838][   T13] vhci_hcd: stop threads
[  463.834660][   T13] vhci_hcd: release socket
[  463.836635][   T13] vhci_hcd: disconnect device
[  464.095333][T14772] mapping of prio or/and queue is allowed only from OUTPUT/FORWARD/POSTROUTING chains
[  464.111128][T14772] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(12)
[  464.113324][T14772] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  464.125981][T14772] vhci_hcd vhci_hcd.0: Device attached
[  464.425222][ T3231] usb 41-1: new high-speed USB device number 18 using vhci_hcd
[  464.992490][T14773] vhci_hcd: connection reset by peer
[  464.994523][T11273] vhci_hcd: stop threads
[  464.995891][T11273] vhci_hcd: release socket
[  464.997545][T11273] vhci_hcd: disconnect device
[  465.703315][ T5953] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  465.703336][ T5947] Bluetooth: hci5: command 0x1003 tx timeout
[  465.713333][ T9566] usb 9-1: new high-speed USB device number 17 using dummy_hcd
[  465.863267][ T9566] usb 9-1: Using ep0 maxpacket: 8
[  465.866340][ T9566] usb 9-1: config 0 has no interfaces?
[  465.868144][ T9566] usb 9-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  465.871060][ T9566] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  465.875523][ T9566] usb 9-1: config 0 descriptor??
[  466.008066][T14793] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2361'.
[  466.093340][ T6086] vhci_hcd: vhci_device speed not set
[  466.108044][T14795] netlink: 'syz.2.2361': attribute type 10 has an invalid length.
[  468.515110][ T9566] usb 9-1: USB disconnect, device number 17
[  468.910362][T14844] loop6: detected capacity change from 0 to 524287999
[  468.977599][T14845] ALSA: mixer_oss: invalid index 40000
[  469.663291][ T3231] vhci_hcd: vhci_device speed not set
[  469.689739][T14861] netlink: 'syz.0.2374': attribute type 4 has an invalid length.
[  469.692306][T14861] netlink: 17 bytes leftover after parsing attributes in process `syz.0.2374'.
[  469.757078][   T40] audit: type=1326 audit(1748088161.700:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14868 comm="syz.4.2377" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f36579 code=0x0
[  469.901162][T14874] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2375'.
[  469.923730][T14875] ip6_vti0: entered allmulticast mode
[  469.938229][T14875] 8021q: adding VLAN 0 to HW filter on device bond0
[  469.942439][T14875] 8021q: adding VLAN 0 to HW filter on device team0
[  469.950506][T14875] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  470.893402][ T1455] usb 7-1: new high-speed USB device number 30 using dummy_hcd
[  471.057470][ T1455] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  471.061135][ T1455] usb 7-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  471.064733][ T1455] usb 7-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[  471.068190][ T1455] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  471.077781][ T1455] usb 7-1: config 0 descriptor??
[  471.304116][ T6007] usb 7-1: USB disconnect, device number 30
[  472.246561][T14895] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  473.180130][T14913] netlink: 48 bytes leftover after parsing attributes in process `syz.2.2389'.
[  473.428716][T14915] Bluetooth: hci5: Frame reassembly failed (-12)
[  474.523363][T14932] loop6: detected capacity change from 0 to 524287999
[  474.859007][T14934] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2395'.
[  474.890621][T14934] syz.4.2395 (14934): drop_caches: 2
[  474.934092][T14934] syz.4.2395 (14934): drop_caches: 2
[  475.463373][ T5953] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  475.973399][    C2] hpet: Lost 1 RTC interrupts
[  476.206840][   T40] audit: type=1326 audit(1748088168.150:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14954 comm="syz.0.2400" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708e579 code=0x7ffc0000
[  476.214100][T14955] overlayfs: failed to resolve './file1': -2
[  476.217058][   T40] audit: type=1326 audit(1748088168.150:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14954 comm="syz.0.2400" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708e579 code=0x7ffc0000
[  476.238211][   T40] audit: type=1326 audit(1748088168.150:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14954 comm="syz.0.2400" exe="/syz-executor" sig=0 arch=40000003 syscall=165 compat=1 ip=0xf708e579 code=0x7ffc0000
[  476.246177][   T40] audit: type=1326 audit(1748088168.150:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14954 comm="syz.0.2400" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708e579 code=0x7ffc0000
[  476.254791][   T40] audit: type=1326 audit(1748088168.150:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14954 comm="syz.0.2400" exe="/syz-executor" sig=0 arch=40000003 syscall=365 compat=1 ip=0xf708e579 code=0x7ffc0000
[  476.261690][   T40] audit: type=1326 audit(1748088168.150:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14954 comm="syz.0.2400" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708e579 code=0x7ffc0000
[  476.269203][   T40] audit: type=1326 audit(1748088168.150:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14954 comm="syz.0.2400" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf708e579 code=0x7ffc0000
[  476.276655][   T40] audit: type=1326 audit(1748088168.150:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14954 comm="syz.0.2400" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708e579 code=0x7ffc0000
[  476.284543][   T40] audit: type=1326 audit(1748088168.150:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14954 comm="syz.0.2400" exe="/syz-executor" sig=0 arch=40000003 syscall=296 compat=1 ip=0xf708e579 code=0x7ffc0000
[  476.483141][T14968] netlink: 'syz.0.2403': attribute type 1 has an invalid length.
[  476.742240][T14976] Bluetooth: received HCILL_WAKE_UP_ACK in state 2
[  476.745332][T11294] Bluetooth: hci5: Frame reassembly failed (-84)
[  476.747307][T14976] FAULT_INJECTION: forcing a failure.
[  476.747307][T14976] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  476.751239][T14976] CPU: 0 UID: 0 PID: 14976 Comm: syz.2.2406 Not tainted 6.15.0-rc7-syzkaller-00142-g4856ebd99715 #0 PREEMPT(full) 
[  476.751253][T14976] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  476.751260][T14976] Call Trace:
[  476.751264][T14976]  <TASK>
[  476.751269][T14976]  dump_stack_lvl+0x16c/0x1f0
[  476.751293][T14976]  should_fail_ex+0x512/0x640
[  476.751311][T14976]  _copy_to_user+0x32/0xd0
[  476.751323][T14976]  simple_read_from_buffer+0xcb/0x170
[  476.751343][T14976]  proc_fail_nth_read+0x197/0x270
[  476.751358][T14976]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  476.751386][T14976]  ? rw_verify_area+0xcf/0x680
[  476.751402][T14976]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  476.751417][T14976]  vfs_read+0x1de/0xc70
[  476.751429][T14976]  ? __pfx___mutex_lock+0x10/0x10
[  476.751445][T14976]  ? __pfx_vfs_read+0x10/0x10
[  476.751459][T14976]  ? __fget_files+0x20e/0x3c0
[  476.751473][T14976]  ksys_read+0x12a/0x240
[  476.751483][T14976]  ? __pfx_ksys_read+0x10/0x10
[  476.751492][T14976]  ? syscall_user_dispatch+0x78/0x140
[  476.751509][T14976]  ? rcu_is_watching+0x12/0xc0
[  476.751522][T14976]  __do_fast_syscall_32+0x73/0x120
[  476.751539][T14976]  do_fast_syscall_32+0x32/0x80
[  476.751555][T14976]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  476.751568][T14976] RIP: 0023:0xf7fb8579
[  476.751577][T14976] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  476.751587][T14976] RSP: 002b:00000000f50d6590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  476.751597][T14976] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 00000000f50d6620
[  476.751604][T14976] RDX: 000000000000000f RSI: 00000000f7442ff4 RDI: 0000000000000000
[  476.751610][T14976] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  476.751616][T14976] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  476.751621][T14976] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  476.751635][T14976]  </TASK>
[  477.018250][T14983] A link change request failed with some changes committed already. Interface bond_slave_0 may have been left with an inconsistent configuration, please check.
[  478.195040][T14997] mapping of prio or/and queue is allowed only from OUTPUT/FORWARD/POSTROUTING chains
[  478.215705][T14997] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(12)
[  478.218503][T14997] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  478.221799][T14997] vhci_hcd vhci_hcd.0: Device attached
[  478.483302][ T3231] usb 45-1: new high-speed USB device number 6 using vhci_hcd
[  478.805197][T14998] vhci_hcd: connection reset by peer
[  478.807454][ T1069] vhci_hcd: stop threads
[  478.808803][ T1069] vhci_hcd: release socket
[  478.810337][ T1069] vhci_hcd: disconnect device
[  478.823396][ T5953] Bluetooth: hci5: command 0x1003 tx timeout
[  478.823447][ T5947] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  479.963382][ T6007] usb 9-1: new high-speed USB device number 18 using dummy_hcd
[  480.061043][T15023] netlink: 'syz.0.2420': attribute type 1 has an invalid length.
[  480.090074][T15023] bond2 (unregistering): Released all slaves
[  480.123345][ T6007] usb 9-1: Using ep0 maxpacket: 8
[  480.127941][ T6007] usb 9-1: config 0 has no interfaces?
[  480.130284][ T6007] usb 9-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  480.134446][ T6007] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  480.140418][ T6007] usb 9-1: config 0 descriptor??
[  481.235666][T15036] Bluetooth: received HCILL_WAKE_UP_ACK in state 2
[  481.239709][T11294] Bluetooth: hci5: Frame reassembly failed (-84)
[  481.591081][ T5958] Bluetooth: hci4: command 0x0405 tx timeout
[  481.856987][   T40] kauditd_printk_skb: 14 callbacks suppressed
[  481.857006][   T40] audit: type=1800 audit(1748088173.790:94): pid=15041 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=set_data cause=unavailable-hash-algorithm comm="syz.0.2425" name="/bus" dev="9p" ino=35913967 res=0 errno=0
[  482.277380][T15037] block nbd0: shutting down sockets
[  482.506246][T15047] syz.0.2426 (15047): drop_caches: 2
[  482.510120][T15047] syz.0.2426 (15047): drop_caches: 2
[  482.542608][T15049] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2427'.
[  482.739178][ T6086] usb 9-1: USB disconnect, device number 18
[  482.758378][T15055] netlink: 48 bytes leftover after parsing attributes in process `syz.4.2429'.
[  483.303355][ T5958] Bluetooth: hci5: command 0x1003 tx timeout
[  483.305598][ T5953] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  483.474309][T15061] Bluetooth: received HCILL_WAKE_UP_ACK in state 2
[  483.483725][T11294] Bluetooth: hci5: Frame reassembly failed (-84)
[  483.613367][ T3231] vhci_hcd: vhci_device speed not set
[  483.935928][T15079] overlayfs: workdir and upperdir must be separate subtrees
[  484.326123][   T40] audit: type=1326 audit(1748088176.270:95): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15064 comm="syz.0.2433" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708e579 code=0x7fc00000
[  484.333429][   T40] audit: type=1326 audit(1748088176.270:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15064 comm="syz.0.2433" exe="/syz-executor" sig=0 arch=40000003 syscall=8 compat=1 ip=0xf708e579 code=0x7fc00000
[  484.523283][ T1332] usb 9-1: new high-speed USB device number 19 using dummy_hcd
[  484.673298][ T1332] usb 9-1: Using ep0 maxpacket: 8
[  484.676688][ T1332] usb 9-1: config 0 has no interfaces?
[  484.678446][ T1332] usb 9-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  484.681256][ T1332] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  484.686472][ T1332] usb 9-1: config 0 descriptor??
[  485.479655][T15097] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2440'.
[  485.543282][ T5953] Bluetooth: hci5: command 0x1003 tx timeout
[  485.546452][ T5947] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  485.689780][T15104] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2442'.
[  487.221571][    T9] usb 9-1: USB disconnect, device number 19
[  487.337581][ T1455] hid-generic 00A0:0008:0003.0006: unknown main item tag 0x0
[  487.339933][ T1455] hid-generic 00A0:0008:0003.0006: unknown main item tag 0x0
[  487.342258][ T1455] hid-generic 00A0:0008:0003.0006: unknown main item tag 0x0
[  487.349224][ T1455] hid-generic 00A0:0008:0003.0006: unknown main item tag 0x0
[  487.355125][ T1455] hid-generic 00A0:0008:0003.0006: item fetching failed at offset 13/15
[  487.362045][ T1455] hid-generic 00A0:0008:0003.0006: probe with driver hid-generic failed with error -22
[  487.467023][T15126] Invalid ELF header type: 0 != 1
[  487.786843][T15130] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(4)
[  487.788885][T15130] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  487.793888][T15130] vhci_hcd vhci_hcd.0: Device attached
[  487.797265][T15130] sctp: [Deprecated]: syz.4.2450 (pid 15130) Use of int in max_burst socket option deprecated.
[  487.797265][T15130] Use struct sctp_assoc_value instead
[  488.043347][ T6007] usb 45-1: new high-speed USB device number 7 using vhci_hcd
[  488.060272][T15137] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2451'.
[  488.072115][T15140] overlay: Unknown parameter 'fsname'
[  488.072115][T15139] overlay: Unknown parameter 'fsname'
[  488.198313][T15152] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2455'.
[  488.227108][T15154] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  488.230671][T15154] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  488.324397][T15132] vhci_hcd: connection reset by peer
[  488.326995][T11280] vhci_hcd: stop threads
[  488.328784][T11280] vhci_hcd: release socket
[  488.331144][T11280] vhci_hcd: disconnect device
[  488.678539][T15160] mapping of prio or/and queue is allowed only from OUTPUT/FORWARD/POSTROUTING chains
[  488.713426][T15160] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(12)
[  488.716276][T15160] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  488.719092][T15160] vhci_hcd vhci_hcd.0: Device attached
[  489.283206][T15161] vhci_hcd: connection closed
[  489.285267][T11272] vhci_hcd: stop threads
[  489.288162][T11272] vhci_hcd: release socket
[  489.289695][T11272] vhci_hcd: disconnect device
[  491.213022][T15171] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2460'.
[  491.286007][T15171] netlink: 'syz.2.2460': attribute type 1 has an invalid length.
[  491.713691][T15187] Invalid ELF header type: 0 != 1
[  492.377810][T15194] loop6: detected capacity change from 0 to 524287999
[  492.678675][ T5947] Bluetooth: hci4: unexpected event for opcode 0x2062
[  492.910144][T15205] mapping of prio or/and queue is allowed only from OUTPUT/FORWARD/POSTROUTING chains
[  492.929426][T15205] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(12)
[  492.931557][T15205] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  492.934951][T15205] vhci_hcd vhci_hcd.0: Device attached
[  493.135247][ T6007] vhci_hcd: vhci_device speed not set
[  493.213389][ T3231] usb 41-1: new high-speed USB device number 19 using vhci_hcd
[  493.339246][T15214] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  493.343434][T15214] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  493.592531][T15217] netlink: 'syz.4.2470': attribute type 1 has an invalid length.
[  496.427785][T15206] vhci_hcd: connection reset by peer
[  496.437845][T11294] vhci_hcd: stop threads
[  496.439599][T11294] vhci_hcd: release socket
[  496.441163][T11294] vhci_hcd: disconnect device
[  496.745120][ T5947] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0
[  496.747822][ T5947] Bluetooth: hci4: Injecting HCI hardware error event
[  496.750567][ T5947] Bluetooth: hci4: hardware error 0x00
[  497.098599][T15238] Invalid ELF header type: 0 != 1
[  497.215175][T15240] wg2: left promiscuous mode
[  497.216876][T15240] wg2: left allmulticast mode
[  497.224438][T15240] A link change request failed with some changes committed already. Interface bond_slave_0 may have been left with an inconsistent configuration, please check.
[  497.397327][T15242] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2476'.
[  497.676365][T15250] netlink: 'syz.0.2479': attribute type 1 has an invalid length.
[  497.719559][T15255] loop6: detected capacity change from 0 to 524287999
[  498.355892][T15273] overlayfs: failed to resolve './file1': -2
[  498.513262][ T3231] vhci_hcd: vhci_device speed not set
[  498.520652][T15275] mapping of prio or/and queue is allowed only from OUTPUT/FORWARD/POSTROUTING chains
[  498.553534][T15275] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(12)
[  498.555636][T15275] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  498.558290][T15275] vhci_hcd vhci_hcd.0: Device attached
[  499.032426][T15278] vhci_hcd: connection closed
[  499.033949][T11294] vhci_hcd: stop threads
[  499.036888][T11294] vhci_hcd: release socket
[  499.039090][T11294] vhci_hcd: disconnect device
[  499.063985][ T5947] Bluetooth: hci4: Opcode 0x0c03 failed: -110
[  499.463827][T15294] Invalid ELF header type: 0 != 1
[  499.482266][T15296] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2488'.
[  499.689590][T15301] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  499.693963][T15301] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  499.703873][ T9566] ------------[ cut here ]------------
[  499.705774][ T9566] workqueue: cannot queue hci_conn_timeout on wq hci3
[  499.707930][ T9566] WARNING: CPU: 1 PID: 9566 at kernel/workqueue.c:2257 __queue_work+0xc9c/0x10f0
[  499.710745][ T9566] Modules linked in:
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  499.712255][ T9566] CPU: 1 UID: 0 PID: 9566 Comm: kworker/1:6 Not tainted 6.15.0-rc7-syzkaller-00142-g4856ebd99715 #0 PREEMPT(full) 
[  499.717763][ T9566] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  499.721665][ T9566] Workqueue: events l2cap_chan_timeout
[  499.723789][ T9566] RIP: 0010:__queue_work+0xc9c/0x10f0
[  499.725838][ T9566] Code: 00 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 28 04 00 00 48 8b 75 18 4c 89 f2 48 c7 c7 60 e7 8b 8b e8 55 4f f7 ff 90 <0f> 0b 90 90 e9 96 f7 ff ff e8 56 6c 37 00 90 0f 0b 90 e9 1b f6 ff
[  499.732629][ T9566] RSP: 0018:ffffc9000759fa50 EFLAGS: 00010086
[  499.734658][ T9566] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff817a9458
[  499.737663][ T9566] RDX: ffff888021720000 RSI: ffffffff817a9465 RDI: 0000000000000001
[  499.740441][ T9566] RBP: ffff88800ded8948 R08: 0000000000000001 R09: 0000000000000000
[  499.743431][ T9566] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[  499.746352][ T9566] R13: ffff88801353a800 R14: ffff88801353a978 R15: ffff88800ded8950
[  499.749290][ T9566] FS:  0000000000000000(0000) GS:ffff8880978e7000(0000) knlGS:0000000000000000
[  499.752548][ T9566] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  499.755146][ T9566] CR2: 000000000c3f3826 CR3: 000000006b92d000 CR4: 0000000000352ef0
[  499.757995][ T9566] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  499.761088][ T9566] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  499.763943][ T9566] Call Trace:
[  499.765254][ T9566]  <TASK>
[  499.766456][ T9566]  ? __cancel_work+0x2c8/0x370
[  499.768392][ T9566]  ? clear_pending_if_disabled+0xa8/0x210
[  499.770638][ T9566]  ? __pfx_clear_pending_if_disabled+0x10/0x10
[  499.772815][ T9566]  __queue_delayed_work+0x35b/0x460
[  499.774869][ T9566]  queue_delayed_work_on+0x1b5/0x200
[  499.776982][ T9566]  l2cap_chan_del+0x5a0/0x8f0
[  499.778633][ T9566]  l2cap_chan_close+0xfe/0xa30
[  499.780508][ T9566]  ? debug_object_deactivate+0x1ec/0x3a0
[  499.782452][ T9566]  ? __pfx_l2cap_chan_close+0x10/0x10
[  499.784137][ T9566]  l2cap_chan_timeout+0x196/0x310
[  499.785676][ T9566]  process_one_work+0x9cf/0x1b70
[  499.787240][ T9566]  ? __pfx_process_one_work+0x10/0x10
[  499.788925][ T9566]  ? assign_work+0x1a0/0x250
[  499.790345][ T9566]  worker_thread+0x6c8/0xf10
[  499.791826][ T9566]  ? __kthread_parkme+0x19e/0x250
[  499.793407][ T9566]  ? __pfx_worker_thread+0x10/0x10
[  499.795004][ T9566]  kthread+0x3c2/0x780
[  499.796310][ T9566]  ? __pfx_kthread+0x10/0x10
[  499.797810][ T9566]  ? __pfx_kthread+0x10/0x10
[  499.799234][ T9566]  ? __pfx_kthread+0x10/0x10
[  499.800860][ T9566]  ? __pfx_kthread+0x10/0x10
[  499.802711][ T9566]  ? rcu_is_watching+0x12/0xc0
[  499.804348][ T9566]  ? __pfx_kthread+0x10/0x10
[  499.806172][ T9566]  ret_from_fork+0x48/0x80
[  499.807941][ T9566]  ? __pfx_kthread+0x10/0x10
[  499.809680][ T9566]  ret_from_fork_asm+0x1a/0x30
[  499.811543][ T9566]  </TASK>
[  499.812629][ T9566] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  499.815446][ T9566] CPU: 1 UID: 0 PID: 9566 Comm: kworker/1:6 Not tainted 6.15.0-rc7-syzkaller-00142-g4856ebd99715 #0 PREEMPT(full) 
[  499.819827][ T9566] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  499.823730][ T9566] Workqueue: events l2cap_chan_timeout
[  499.825812][ T9566] Call Trace:
[  499.827033][ T9566]  <TASK>
[  499.828097][ T9566]  dump_stack_lvl+0x3d/0x1f0
[  499.829879][ T9566]  panic+0x71c/0x800
[  499.831344][ T9566]  ? __pfx_panic+0x10/0x10
[  499.833020][ T9566]  ? show_trace_log_lvl+0x29b/0x3e0
[  499.835065][ T9566]  ? check_panic_on_warn+0x1f/0xb0
[  499.837001][ T9566]  ? __queue_work+0xc9c/0x10f0
[  499.838908][ T9566]  check_panic_on_warn+0xab/0xb0
[  499.840723][ T9566]  __warn+0xf6/0x3c0
[  499.842308][ T9566]  ? __pfx_vprintk_emit+0x10/0x10
[  499.844189][ T9566]  ? __queue_work+0xc9c/0x10f0
[  499.846114][ T9566]  report_bug+0x3c3/0x580
[  499.847852][ T9566]  ? __queue_work+0xc9c/0x10f0
[  499.849720][ T9566]  handle_bug+0x184/0x210
[  499.851445][ T9566]  exc_invalid_op+0x17/0x50
[  499.853254][ T9566]  asm_exc_invalid_op+0x1a/0x20
[  499.855171][ T9566] RIP: 0010:__queue_work+0xc9c/0x10f0
[  499.857161][ T9566] Code: 00 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 28 04 00 00 48 8b 75 18 4c 89 f2 48 c7 c7 60 e7 8b 8b e8 55 4f f7 ff 90 <0f> 0b 90 90 e9 96 f7 ff ff e8 56 6c 37 00 90 0f 0b 90 e9 1b f6 ff
[  499.864225][ T9566] RSP: 0018:ffffc9000759fa50 EFLAGS: 00010086
[  499.866416][ T9566] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff817a9458
[  499.869310][ T9566] RDX: ffff888021720000 RSI: ffffffff817a9465 RDI: 0000000000000001
[  499.872250][ T9566] RBP: ffff88800ded8948 R08: 0000000000000001 R09: 0000000000000000
[  499.875295][ T9566] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[  499.878476][ T9566] R13: ffff88801353a800 R14: ffff88801353a978 R15: ffff88800ded8950
[  499.881577][ T9566]  ? __warn_printk+0x198/0x350
[  499.883334][ T9566]  ? __warn_printk+0x1a5/0x350
[  499.885197][ T9566]  ? __cancel_work+0x2c8/0x370
[  499.887050][ T9566]  ? clear_pending_if_disabled+0xa8/0x210
[  499.889306][ T9566]  ? __pfx_clear_pending_if_disabled+0x10/0x10
[  499.891750][ T9566]  __queue_delayed_work+0x35b/0x460
[  499.893783][ T9566]  queue_delayed_work_on+0x1b5/0x200
[  499.895875][ T9566]  l2cap_chan_del+0x5a0/0x8f0
[  499.897749][ T9566]  l2cap_chan_close+0xfe/0xa30
[  499.899662][ T9566]  ? debug_object_deactivate+0x1ec/0x3a0
[  499.901880][ T9566]  ? __pfx_l2cap_chan_close+0x10/0x10
[  499.903991][ T9566]  l2cap_chan_timeout+0x196/0x310
[  499.905748][ T9566]  process_one_work+0x9cf/0x1b70
[  499.907738][ T9566]  ? __pfx_process_one_work+0x10/0x10
[  499.909870][ T9566]  ? assign_work+0x1a0/0x250
[  499.911728][ T9566]  worker_thread+0x6c8/0xf10
[  499.913583][ T9566]  ? __kthread_parkme+0x19e/0x250
[  499.915581][ T9566]  ? __pfx_worker_thread+0x10/0x10
[  499.917632][ T9566]  kthread+0x3c2/0x780
[  499.919226][ T9566]  ? __pfx_kthread+0x10/0x10
[  499.921089][ T9566]  ? __pfx_kthread+0x10/0x10
[  499.922951][ T9566]  ? __pfx_kthread+0x10/0x10
[  499.924801][ T9566]  ? __pfx_kthread+0x10/0x10
[  499.926655][ T9566]  ? rcu_is_watching+0x12/0xc0
[  499.928571][ T9566]  ? __pfx_kthread+0x10/0x10
[  499.930316][ T9566]  ret_from_fork+0x48/0x80
[  499.932090][ T9566]  ? __pfx_kthread+0x10/0x10
[  499.933787][ T9566]  ret_from_fork_asm+0x1a/0x30
[  499.935719][ T9566]  </TASK>
[  499.937533][ T9566] Kernel Offset: disabled
[  499.938891][ T9566] Rebooting in 86400 seconds..

VM DIAGNOSIS:
11:55:06  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000000000 RBX=ffff88802b23b100 RCX=ffffffff81aec6ae RDX=ffff88801da8c880
RSI=ffffffff81aec688 RDI=0000000000000005 RBP=ffffc9000044fd10 RSP=ffffc9000044fc40
R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000001 R11=fffffbfff1c79516
R12=1ffff92000089f8c R13=0000000000000002 R14=0000000000000001 R15=ffffed1005647621
RIP=ffffffff81aec68e RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880977e7000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000000000000000 CR3=0000000065ef8000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000000000036 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff854c6a35 RDI=ffffffff9ade4c80 RBP=ffffffff9ade4c40 RSP=ffffc9000759f3c0
R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=0000000000000000
R12=0000000000000000 R13=0000000000000036 R14=ffffffff9ade4c40 R15=ffffffff854c69d0
RIP=ffffffff854c6a5f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880978e7000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=000000000c3f3826 CR3=000000006b92d000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 2

CPU#2
RAX=dffffc0000000000 RBX=0000000000000001 RCX=ffffc9000386f054 RDX=0000000000000000
RSI=ffffffff8179c592 RDI=ffff888024f60444 RBP=ffff888024f60000 RSP=ffffc9000386f078
R8 =0000000000000001 R9 =0000000000000000 R10=0000000000000001 R11=00000000000079c2
R12=ffffffff81a69170 R13=ffffc9000386f100 R14=0000000000000000 R15=ffff888024f60000
RIP=ffffffff81a0637c RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880979e7000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000008f000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000f7f46e40 CR3=000000004cf9b000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 f700585858585858 2e7a7973f73e2ff4
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 f700585858585858
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff 0f0e0d0c0b0a0908
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 3

CPU#3
RAX=00000000008689ab RBX=0000000000000003 RCX=ffffffff8b69a3e9 RDX=0000000000000000
RSI=ffffffff8dbde8d7 RDI=ffffffff8bf48ea0 RBP=ffffed10037e4000 RSP=ffffc9000048fdf8
R8 =0000000000000001 R9 =ffffed10056a65bd R10=ffff88802b532deb R11=0000000000000000
R12=0000000000000003 R13=ffff88801bf20000 R14=ffffffff90854e10 R15=0000000000000000
RIP=ffffffff8b698c7f RFL=00000282 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff888097ae7000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000d6000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000565924c0 CR3=000000007173f000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000