last executing test programs:

14m44.730086099s ago: executing program 2 (id=3441):
unshare(0x20000600)
openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0xfe, 0x0, 0x7ffc9ffe}]})
utime(0x0, 0x0)
signalfd(0xffffffffffffffff, &(0x7f0000000180), 0x8)
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
futex_waitv(&(0x7f0000001080)=[{0x3, &(0x7f0000001040)=0x3, 0x82}], 0x1, 0x0, &(0x7f0000001100)={0x77359400}, 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8c}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_io_uring_submit(0x0, 0x0, 0x0)
request_key(&(0x7f0000000040)='asymmetric\x00', &(0x7f0000001ffb)={'syz', 0x2}, &(0x7f0000001fee)='R\x10rust\xe3c*s\xa8rVid:\xc4e', 0x0)
openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
syz_open_procfs(0x0, &(0x7f0000000080)='net/netlink\x00')
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0)

14m43.170168466s ago: executing program 2 (id=3447):
arch_prctl$ARCH_GET_GS(0x1004, 0x0)
unshare(0x20000600)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='blkio.bfq.io_service_time\x00', 0x0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0xfe, 0x0, 0x7ffc9ffe}]})
utime(0x0, 0x0)
r0 = signalfd(0xffffffffffffffff, &(0x7f0000000180), 0x8)
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
futex_waitv(&(0x7f0000001080)=[{0x3, &(0x7f0000001040)=0x3, 0x82}], 0x1, 0x0, &(0x7f0000001100)={0x77359400}, 0x1)
sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x6)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
write$P9_RVERSION(0xffffffffffffffff, 0x0, 0x15)
syz_io_uring_submit(0x0, 0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r0, 0x0)
request_key(&(0x7f0000000040)='asymmetric\x00', &(0x7f0000001ffb)={'syz', 0x2}, &(0x7f0000001fee)='R\x10rust\xe3c*s\xa8rVid:\xc4e', 0x0)
openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
sendmsg$NFNL_MSG_CTHELPER_GET(0xffffffffffffffff, 0x0, 0x24000000)
r3 = syz_open_procfs(0x0, &(0x7f0000000080)='net/netlink\x00')
read$FUSE(r3, &(0x7f00000051c0)={0x2020}, 0x2020)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r4, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)

14m41.254074527s ago: executing program 2 (id=3453):
arch_prctl$ARCH_GET_GS(0x1004, 0x0)
unshare(0x20000600)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0xfe, 0x0, 0x7ffc9ffe}]})
utime(0x0, 0x0)
r0 = signalfd(0xffffffffffffffff, &(0x7f0000000180), 0x8)
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
futex_waitv(&(0x7f0000001080)=[{0x3, &(0x7f0000001040)=0x3, 0x82}], 0x1, 0x0, &(0x7f0000001100)={0x77359400}, 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8c}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
write$P9_RVERSION(0xffffffffffffffff, 0x0, 0x15)
syz_io_uring_submit(0x0, 0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r0, 0x0)
request_key(&(0x7f0000000040)='asymmetric\x00', &(0x7f0000001ffb)={'syz', 0x2}, &(0x7f0000001fee)='R\x10rust\xe3c*s\xa8rVid:\xc4e', 0x0)
openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFNL_MSG_CTHELPER_GET(r3, 0x0, 0x24000000)
r4 = syz_open_procfs(0x0, &(0x7f0000000080)='net/netlink\x00')
read$FUSE(r4, &(0x7f00000051c0)={0x2020}, 0x2020)

14m39.824354957s ago: executing program 2 (id=3459):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[@ANYRESDEC, @ANYRESDEC, @ANYRES8], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$igmp(0x2, 0x3, 0x2)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x110)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e642c6163638173733d616e792c63616368653d667363616368652c76657273696f6e3d3970323030302e75"])
chdir(&(0x7f00000000c0)='./file0\x00')
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x678d710ecb711ae0, 0xfd)
write$P9_RREADLINK(r3, &(0x7f0000000180)={0x10, 0x17, 0xfffd, {0x7, './file0'}}, 0x10)
open(&(0x7f0000000140)='./file0\x00', 0x33f, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000003c0)=ANY=[@ANYRESDEC=r0], 0x6c}, 0x1, 0x0, 0x0, 0x4040}, 0x0)
mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='tmpfs\x00', 0x0, &(0x7f00000001c0)='grpquota')
r4 = syz_open_dev$I2C(&(0x7f0000000000), 0x0, 0x0)
r5 = openat$ndctl0(0xffffffffffffff9c, &(0x7f0000000000), 0x2503, 0x0)
ioctl$DRM_IOCTL_GEM_FLINK(r5, 0xc008640a, &(0x7f0000000140))
ioctl$I2C_SLAVE_FORCE(r4, 0x706, 0x150)
r6 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000900)={&(0x7f0000000780)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x0, 0x0, 0x2}}, 0x0, 0x1a}, 0x28)
bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="15000000080000000400000000001a0000000000", @ANYRES32=0x1, @ANYBLOB="0500"/20, @ANYRES32=0x0, @ANYRES32=r6, @ANYBLOB="000000000100"/28], 0x48)
bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="1e0000000000000005000000ef00000004000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000000000000000000000000000000000000000000000067b0d3758699e358cfc98f207e101264270a4744c9122b1cd24b0825a891897dce6c500b9192bd09a60bc954"], 0x50)
migrate_pages(r0, 0xa94b, &(0x7f0000000b80), &(0x7f0000000bc0)=0x27e0407a)
syz_open_dev$sndctrl(&(0x7f0000000300), 0x1, 0x0)

14m38.94032949s ago: executing program 2 (id=3461):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0xffffffffffffffff, 0x803, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x0, 0x6}}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x9)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x10000000000002)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat$vimc2(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
setsockopt$netrom_NETROM_IDLE(0xffffffffffffffff, 0x103, 0x7, 0x0, 0x0)
r3 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4)
bind$inet(r3, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10)
io_setup(0x81, &(0x7f0000001440)=<r4=>0x0)
r5 = socket$rxrpc(0x21, 0x2, 0xa)
io_submit(r4, 0x1, &(0x7f00000008c0)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x5, 0x0, r5, 0x0}])
sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
r6 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r3, &(0x7f0000000000)={0x4})
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r3, 0x89f2, 0x0)
sendto$inet(r3, &(0x7f0000001600)="09268a927f1f6588b967481241ba7860fcfaf65ac635ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcec8044ab4ea6f7ae55d88fecf90b1a7511bf746b152124eb38d6c7a207112eb1bf554bc070626792d394df5adf7355fa5f8deb9db3da042d88", 0xfdef, 0x11, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00'}, 0x10)
r7 = syz_io_uring_setup(0x5c2, &(0x7f0000000280)={0x0, 0x0, 0x3080, 0x8003, 0x25f}, &(0x7f0000000240)=<r8=>0x0, &(0x7f0000000200))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r8, 0x4, &(0x7f0000000080)=0xfffffff8, 0x0, 0x4)
io_uring_enter(r7, 0x6e2, 0x620, 0x1, 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)

14m38.651796653s ago: executing program 2 (id=3463):
arch_prctl$ARCH_GET_GS(0x1004, 0x0)
epoll_pwait(0xffffffffffffffff, &(0x7f00000001c0)=[{}, {}], 0x2, 0x6, &(0x7f0000000200)={[0x7]}, 0x8)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0xfe, 0x0, 0x7ffc9ffe}]})
utime(0x0, 0x0)
r0 = signalfd(0xffffffffffffffff, &(0x7f0000000180), 0x8)
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
futex_waitv(&(0x7f0000001080)=[{0x3, &(0x7f0000001040)=0x3, 0x82}], 0x1, 0x0, &(0x7f0000001100)={0x77359400}, 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8c}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
write$P9_RVERSION(0xffffffffffffffff, 0x0, 0x15)
syz_io_uring_submit(0x0, 0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r0, 0x0)
request_key(&(0x7f0000000040)='asymmetric\x00', &(0x7f0000001ffb)={'syz', 0x2}, &(0x7f0000001fee)='R\x10rust\xe3c*s\xa8rVid:\xc4e', 0x0)
openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFNL_MSG_CTHELPER_GET(r3, 0x0, 0x24000000)
r4 = syz_open_procfs(0x0, &(0x7f0000000080)='net/netlink\x00')
read$FUSE(r4, &(0x7f00000051c0)={0x2020}, 0x2020)

14m38.627899988s ago: executing program 32 (id=3463):
arch_prctl$ARCH_GET_GS(0x1004, 0x0)
epoll_pwait(0xffffffffffffffff, &(0x7f00000001c0)=[{}, {}], 0x2, 0x6, &(0x7f0000000200)={[0x7]}, 0x8)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0xfe, 0x0, 0x7ffc9ffe}]})
utime(0x0, 0x0)
r0 = signalfd(0xffffffffffffffff, &(0x7f0000000180), 0x8)
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
futex_waitv(&(0x7f0000001080)=[{0x3, &(0x7f0000001040)=0x3, 0x82}], 0x1, 0x0, &(0x7f0000001100)={0x77359400}, 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8c}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
write$P9_RVERSION(0xffffffffffffffff, 0x0, 0x15)
syz_io_uring_submit(0x0, 0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r0, 0x0)
request_key(&(0x7f0000000040)='asymmetric\x00', &(0x7f0000001ffb)={'syz', 0x2}, &(0x7f0000001fee)='R\x10rust\xe3c*s\xa8rVid:\xc4e', 0x0)
openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFNL_MSG_CTHELPER_GET(r3, 0x0, 0x24000000)
r4 = syz_open_procfs(0x0, &(0x7f0000000080)='net/netlink\x00')
read$FUSE(r4, &(0x7f00000051c0)={0x2020}, 0x2020)

10m13.534366737s ago: executing program 3 (id=4395):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000002c0), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
r2 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
syncfs(r2)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_buf(r3, 0x0, 0x8008000000010, &(0x7f00000003c0)="17000000020001000003d68c5ee17688a2003208030300ecff3f0000000300000a0000000098fc5ad9485bbb6a880000d6c8db0000dba67e06000000e28900000200df018000000000f50607bdff59100ac45761547a681f009cee4a5acb3da400001fb700674f00c88ebbf9315033bf79ac2dff060115003901000000000000ea000000000000000002ffff02dfccebf6ba0008400200000000e90554062a80e605007f71174aa951f3c63e5c83f1ba2112ce68bf17a6e0", 0xb8)
setsockopt$inet_buf(0xffffffffffffffff, 0x0, 0x8008000000010, &(0x7f00000003c0)="17000000020001000003d68c5ee17688a2003208030300ecff3f0000000300000a0000000098fc5ad9485bbb6a880000d6c8db0000dba67e06000000e28900000200df018000000000f50607bdff59100ac45761547a681f009cee4a5acb3da400001fb700674f00c88ebbf9315033bf79ac2dff060115003901000000000000ea000000000000000002ffff02dfccebf6ba0008400200000000e90554062a80e605007f71174aa951f3c63e5c83f1ba2112ce68bf17a6e0", 0xb8)
r4 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB="0213000002"], 0x10}}, 0x0)
sendmsg$key(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="021200000200"], 0x10}}, 0x0)
setsockopt$WPAN_SECURITY_LEVEL(r1, 0x0, 0x2, &(0x7f0000000080)=0x4, 0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
dup3(0xffffffffffffffff, r3, 0x80000)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/ptype\x00')
madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15)
madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x19)
socket$inet6_sctp(0xa, 0x1, 0x84)

10m12.938957031s ago: executing program 3 (id=4399):
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100000b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0)
setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x8, 0x400, 0x2, 0x2, 0x1, 0x2, 0x4000006}, 0x1c)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
io_setup(0x4006, &(0x7f0000000540)=<r2=>0x0)
r3 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
io_submit(r2, 0x1, &(0x7f0000000180)=[&(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1, 0x1, r3, &(0x7f0000000140)="010000", 0x3, 0x2a21}])
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
r4 = syz_open_dev$vim2m(&(0x7f0000000100), 0x7, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r4, 0xc0cc5605, &(0x7f0000000180)={0x1, @vbi={0x0, 0x0, 0xa0363159}})
write$tun(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="00000000bbbbbbbbbbbbaaaaaaaaaaaa080045190014006400000111909e1d2d8a115c7864010102e0"], 0x32)
syz_usbip_server_init(0x3)
lstat(&(0x7f00000005c0)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, <r5=>0x0})
statx(0xffffffffffffffff, &(0x7f0000000580)='./file0\x00', 0x0, 0x800, &(0x7f0000000600))
mount$tmpfs(0x0, &(0x7f0000000340)='./file0\x00', &(0x7f00000003c0), 0x400, &(0x7f0000000980)=ANY=[@ANYBLOB='huge=within_size,mode=00000000000000000000011,nr_blocks=06,gid=', @ANYRESHEX=r5, @ANYBLOB=',obj_type=/dev/snd/midiC#D#\x00,smackfsdef=/dev/snd/pcmC#D#c\x00,fsuuid=fd4a8e0a-db7a-S552-6bbd-4c2648d8,dont_appraise,fsmagic=0x0000000000000003,fsmagic=0x0000000000000008,smackfsfloor=/dev/net/tun\x00,\x00'])
write$UHID_INPUT(0xffffffffffffffff, 0x0, 0x0)
syz_open_dev$sndpcmc(0x0, 0x0, 0x0)
mount$9p_fd(0x0, &(0x7f0000000100)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="7472616e733d4b64e6295701000f2ddb265547112c800000006e8072f654261b02c6b3c5a0", @ANYRESHEX, @ANYBLOB, @ANYRES8, @ANYBLOB="0e"])
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x20000000000, 0xfffffffffffffffd, 0x0, 0x0, 0x1000001000, 0x49}, 0x0, &(0x7f00000002c0)={0x3ff, 0x7, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006}, 0x0, 0x0)

10m10.733836608s ago: executing program 3 (id=4406):
syz_open_dev$loop(&(0x7f0000000140), 0x81, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
ioctl$LOOP_CONFIGURE(0xffffffffffffffff, 0x4c0a, &(0x7f0000000240)={r0, 0x800, {0x2a00, 0x80010000, 0x0, 0x5, 0x1, 0x0, 0x0, 0x20, 0x18, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd6447a4b4e00d9683dda1af1ea09de2b7fb0a0100000000000000000300", "2809e8dbe108598927875397bab22d0000b420a9c81f40f05f819e01177d3d458dac00000000000000000000003b00000000000000000200", "90be8b1c5512406c7f00", [0x4, 0x40000000000000]}})
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x100)
chdir(&(0x7f0000000100)='./file0\x00')
openat$binfmt(0xffffffffffffff9c, 0x0, 0x42, 0x1ff)
socket$inet6(0xa, 0x5, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r2 = dup(r1)
write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c)
r3 = syz_io_uring_setup(0x239, &(0x7f0000000740)={0x0, 0x1c2a, 0x10100, 0x4, 0x0, 0x0, r2}, &(0x7f0000000200)=<r4=>0x0, &(0x7f00000001c0)=<r5=>0x0)
syz_io_uring_submit(r4, r5, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r1, 0x0, 0x0, 0x0, {}, 0x1})
io_uring_enter(r3, 0x2ded, 0x4000, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
sendmsg$nl_generic(r2, 0x0, 0xc084)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="01000000400000000600", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000000000000000000000000000f300"/28], 0x48)
r7 = fanotify_init(0x200, 0x101000)
readv(r7, &(0x7f00000001c0)=[{&(0x7f0000000080)=""/136, 0x88}], 0x1)
bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYRES32=r6, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000000000000000000000000000000459c4f039ab06608"], 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)

10m8.451360495s ago: executing program 3 (id=4410):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000002c0), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
r2 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
syncfs(r2)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_buf(r4, 0x0, 0x8008000000010, &(0x7f00000003c0)="17000000020001000003d68c5ee17688a2003208030300ecff3f0000000300000a0000000098fc5ad9485bbb6a880000d6c8db0000dba67e06000000e28900000200df018000000000f50607bdff59100ac45761547a681f009cee4a5acb3da400001fb700674f00c88ebbf9315033bf79ac2dff060115003901000000000000ea000000000000000002ffff02dfccebf6ba0008400200000000e90554062a80e605007f71174aa951f3c63e5c83f1ba2112ce68bf17a6e0", 0xb8)
r5 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB="0213000002"], 0x10}}, 0x0)
sendmsg$key(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="021200000200"], 0x10}}, 0x0)
setsockopt$WPAN_SECURITY_LEVEL(r1, 0x0, 0x2, &(0x7f0000000080)=0x4, 0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
dup3(r4, r3, 0x80000)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/ptype\x00')
madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15)
madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x19)
socket$inet6_sctp(0xa, 0x1, 0x84)

10m5.671228723s ago: executing program 3 (id=4414):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000002c0), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
r2 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
syncfs(r2)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_buf(r3, 0x0, 0x8008000000010, &(0x7f00000003c0)="17000000020001000003d68c5ee17688a2003208030300ecff3f0000000300000a0000000098fc5ad9485bbb6a880000d6c8db0000dba67e06000000e28900000200df018000000000f50607bdff59100ac45761547a681f009cee4a5acb3da400001fb700674f00c88ebbf9315033bf79ac2dff060115003901000000000000ea000000000000000002ffff02dfccebf6ba0008400200000000e90554062a80e605007f71174aa951f3c63e5c83f1ba2112ce68bf17a6e0", 0xb8)
setsockopt$inet_buf(0xffffffffffffffff, 0x0, 0x8008000000010, &(0x7f00000003c0)="17000000020001000003d68c5ee17688a2003208030300ecff3f0000000300000a0000000098fc5ad9485bbb6a880000d6c8db0000dba67e06000000e28900000200df018000000000f50607bdff59100ac45761547a681f009cee4a5acb3da400001fb700674f00c88ebbf9315033bf79ac2dff060115003901000000000000ea000000000000000002ffff02dfccebf6ba0008400200000000e90554062a80e605007f71174aa951f3c63e5c83f1ba2112ce68bf17a6e0", 0xb8)
r4 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB="0213000002"], 0x10}}, 0x0)
sendmsg$key(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="021200000200"], 0x10}}, 0x0)
setsockopt$WPAN_SECURITY_LEVEL(r1, 0x0, 0x2, &(0x7f0000000080)=0x4, 0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
dup3(0xffffffffffffffff, r3, 0x80000)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/ptype\x00')
madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15)
madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x19)
socket$inet6_sctp(0xa, 0x1, 0x84)

10m4.32364478s ago: executing program 3 (id=4419):
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socket$kcm(0x2, 0x200000000000001, 0x106)
r1 = syz_io_uring_setup(0x460, &(0x7f0000000480)={0x0, 0x40000020, 0x10, 0x2, 0x339}, &(0x7f0000000040)=<r2=>0x0, &(0x7f0000000000)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000240)={0x1, &(0x7f0000000200)=[{0x2f, 0x1, 0x0, 0x4}]}, 0x8)
r4 = socket$igmp(0x2, 0x3, 0x2)
getsockopt$MRT(r4, 0x0, 0xd0, 0x0, &(0x7f00000001c0))
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000008)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_MADVISE={0x19, 0x7b, 0x0, 0x0, 0x0, &(0x7f0000011000/0x4000)=nil, 0x4000, 0xc})
io_uring_enter(r1, 0x47bc, 0x0, 0x0, 0x0, 0x0)
setsockopt$XDP_UMEM_COMPLETION_RING(0xffffffffffffffff, 0x11b, 0x6, 0x0, 0x0)
r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r5, &(0x7f0000000040), 0x6)
ioctl$sock_bt_hci(r5, 0x400448e6, &(0x7f0000000380))
ioctl$sock_bt_hci(r5, 0x400448cb, 0x0)

9m49.938014805s ago: executing program 33 (id=4419):
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socket$kcm(0x2, 0x200000000000001, 0x106)
r1 = syz_io_uring_setup(0x460, &(0x7f0000000480)={0x0, 0x40000020, 0x10, 0x2, 0x339}, &(0x7f0000000040)=<r2=>0x0, &(0x7f0000000000)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000240)={0x1, &(0x7f0000000200)=[{0x2f, 0x1, 0x0, 0x4}]}, 0x8)
r4 = socket$igmp(0x2, 0x3, 0x2)
getsockopt$MRT(r4, 0x0, 0xd0, 0x0, &(0x7f00000001c0))
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000008)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_MADVISE={0x19, 0x7b, 0x0, 0x0, 0x0, &(0x7f0000011000/0x4000)=nil, 0x4000, 0xc})
io_uring_enter(r1, 0x47bc, 0x0, 0x0, 0x0, 0x0)
setsockopt$XDP_UMEM_COMPLETION_RING(0xffffffffffffffff, 0x11b, 0x6, 0x0, 0x0)
r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r5, &(0x7f0000000040), 0x6)
ioctl$sock_bt_hci(r5, 0x400448e6, &(0x7f0000000380))
ioctl$sock_bt_hci(r5, 0x400448cb, 0x0)

8m13.897277793s ago: executing program 1 (id=4736):
syz_open_dev$loop(&(0x7f0000000140), 0x81, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='cpuset.effective_cpus\x00', 0x275a, 0x0)
ioctl$LOOP_CONFIGURE(0xffffffffffffffff, 0x4c0a, &(0x7f0000000240)={r0, 0x800, {0x2a00, 0x80010000, 0x0, 0x5, 0x1, 0x0, 0x0, 0x20, 0x18, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd6447a4b4e00d9683dda1af1ea09de2b7fb0a0100000000000000000300", "2809e8dbe108598927875397bab22d0000b420a9c81f40f05f819e01177d3d458dac00000000000000000000003b00000000000000000200", "90be8b1c5512406c7f00", [0x4, 0x40000000000000]}})
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x100)
chdir(&(0x7f0000000100)='./file0\x00')
openat$binfmt(0xffffffffffffff9c, 0x0, 0x42, 0x1ff)
socket$inet6(0xa, 0x5, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r2 = dup(r1)
write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c)
r3 = syz_io_uring_setup(0x239, &(0x7f0000000740)={0x0, 0x1c2a, 0x10100, 0x4, 0x0, 0x0, r2}, &(0x7f0000000200)=<r4=>0x0, &(0x7f00000001c0)=<r5=>0x0)
syz_io_uring_submit(r4, r5, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r1, 0x0, 0x0, 0x0, {}, 0x1})
io_uring_enter(r3, 0x2ded, 0x4000, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
sendmsg$nl_generic(r2, 0x0, 0xc084)
r6 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
r7 = fanotify_init(0x200, 0x101000)
readv(r7, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYRES32=r6, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000000000000000000000000000000459c4f039ab06608"], 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)

8m13.227729848s ago: executing program 1 (id=4740):
socket(0x10, 0x803, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x4000000)
socketpair$unix(0x1, 0x3, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
removexattr(&(0x7f0000000200)='./cgroup\x00', &(0x7f0000000240)=@known='user.incfs.metadata\x00')
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
set_mempolicy(0x2, &(0x7f00000000c0)=0x51e1, 0x3ff)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x700, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r1, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)
syz_emit_ethernet(0xbe, &(0x7f0000000000)={@dev={'\xaa\xaa\xaa\xaa\xaa', 0x23}, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "7b4b143b7461fd777b1c012bd14efb9f49fcdb8f080c26a04883ad5c8c82b8af", "584cbf2649a50f2dbc43efa8698d0a881c51852e4451b57d037ad3c045942824251d7d17b5191584bcd4fbe40a23424d", "bcfd56f1375461caaa2f19935e6996c7096ffeeb0300000000000064", {"9a3bfbc1f39cb307b3472eb9cdb042d2", "643fcbb2c5a57df67d544af6e8dafe09"}}}}}}}, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x3}, 0x94)
r2 = gettid()
ptrace$PTRACE_SECCOMP_GET_FILTER(0x420c, r2, 0x6, &(0x7f0000000300)=""/153)
r3 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f0000000200)='syzkaller\x00', 0x9}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r3, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)
recvmmsg(r1, &(0x7f00000024c0)=[{{0x0, 0x0, 0x0}, 0x9}], 0x1, 0x10000, 0x0)

8m9.912210353s ago: executing program 1 (id=4747):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000400)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(camellia)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000000)="adcd1a9a3fc36e961ed00fe41b0cd695", 0x20)
r1 = accept4$alg(r0, 0x0, 0x0, 0x0)
sendmmsg$alg(r1, &(0x7f00000021c0)=[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x880}], 0x1, 0x80001)
recvmsg(r1, &(0x7f00000006c0)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000380)=""/73, 0x49}], 0x1}, 0x2000) (fail_nth: 4)

8m9.830735415s ago: executing program 1 (id=4748):
syz_open_dev$loop(&(0x7f0000000140), 0x81, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='cpuset.effective_cpus\x00', 0x275a, 0x0)
ioctl$LOOP_CONFIGURE(0xffffffffffffffff, 0x4c0a, &(0x7f0000000240)={r0, 0x800, {0x2a00, 0x80010000, 0x0, 0x5, 0x1, 0x0, 0x0, 0x20, 0x18, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd6447a4b4e00d9683dda1af1ea09de2b7fb0a0100000000000000000300", "2809e8dbe108598927875397bab22d0000b420a9c81f40f05f819e01177d3d458dac00000000000000000000003b00000000000000000200", "90be8b1c5512406c7f00", [0x4, 0x40000000000000]}})
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x100)
chdir(&(0x7f0000000100)='./file0\x00')
openat$binfmt(0xffffffffffffff9c, 0x0, 0x42, 0x1ff)
socket$inet6(0xa, 0x5, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r2 = dup(r1)
write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c)
r3 = syz_io_uring_setup(0x239, &(0x7f0000000740)={0x0, 0x1c2a, 0x10100, 0x4, 0x0, 0x0, r2}, &(0x7f0000000200)=<r4=>0x0, &(0x7f00000001c0)=<r5=>0x0)
syz_io_uring_submit(r4, r5, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r1, 0x0, 0x0, 0x0, {}, 0x1})
io_uring_enter(r3, 0x2ded, 0x4000, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
sendmsg$nl_generic(r2, 0x0, 0xc084)
r6 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
r7 = fanotify_init(0x200, 0x101000)
readv(r7, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYRES32=r6, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000000000000000000000000000000459c4f039ab06608"], 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)

8m9.383181104s ago: executing program 1 (id=4752):
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x220)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000480)='./file0\x00', 0x89901)
move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x10)
openat$dir(0xffffffffffffff9c, &(0x7f0000000380)='./file0\x00', 0x20242, 0xff0f)

8m9.316456751s ago: executing program 1 (id=4753):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_genetlink_get_family_id$l2tp(&(0x7f00000008c0), 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x208c00, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
unshare(0x22020400)
syz_io_uring_setup(0xcd8, &(0x7f0000000200)={0x0, 0x465e, 0x400, 0x3, 0x100234}, &(0x7f0000000340)=<r1=>0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r1, 0x0, &(0x7f00000002c0)=@IORING_OP_RENAMEAT={0x23, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000140)='./file1\x00', &(0x7f0000000180)='./file0\x00'})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = io_uring_setup(0x497c, &(0x7f00000001c0))
close_range(r2, r3, 0x0)
r4 = epoll_create1(0x0)
r5 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/wakeup_count', 0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r5, &(0x7f0000000200)={0xa000000a})
finit_module(r5, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r7 = dup(r6)
write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c)
r8 = syz_io_uring_setup(0x239, &(0x7f0000000740)={0x0, 0x1c2a, 0x10100, 0x0, 0x0, 0x0, r7}, &(0x7f0000000180)=<r9=>0x0, &(0x7f00000001c0)=<r10=>0x0)
syz_io_uring_submit(r9, r10, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r6, 0x0, 0x0, 0x0, {}, 0x1})
io_uring_enter(r8, 0x2ded, 0x4000, 0x0, 0x0, 0x0)
syslog(0x3, &(0x7f00000000c0)=""/59, 0x3b)

8m3.794350452s ago: executing program 0 (id=4766):
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
getsockopt$bt_l2cap_L2CAP_OPTIONS(r0, 0x6, 0x1, 0x0, 0x0)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, 0x0, 0x0)
r2 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r2, 0x400448c8, 0x0)
ioctl$sock_bt_hidp_HIDPCONNDEL(r2, 0x400448c9, &(0x7f0000000000)={@none, 0x1})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, &(0x7f0000000080)='bridge0\x00', 0x10)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x24003b84, 0x0, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
ioctl$USBDEVFS_SUBMITURB(0xffffffffffffffff, 0x8038550a, &(0x7f0000000000)=@urb_type_control={0x2, {}, 0x0, 0x0, &(0x7f0000000080)={0x0, 0xb, 0x0, 0x0, 0x7995}, 0xfcb5, 0x0, 0x0, 0x48000000, 0x0, 0x0, 0x0})
r4 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301)
ioctl$USBDEVFS_FREE_STREAMS(r4, 0x802c550a, &(0x7f0000000000)=ANY=[])
ioctl$USBDEVFS_REAPURB(r4, 0x4008550c, 0x0)
r5 = socket(0x840000000002, 0x3, 0x6)
connect$inet(r5, &(0x7f0000000540)={0x2, 0x4e22, @remote}, 0x10)
sendmmsg$inet(r5, &(0x7f0000005240)=[{{0x0, 0x0, 0x0}, 0xfffffdef}], 0x300, 0x401eb94)
sendmsg$key(r5, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000003c0)=ANY=[@ANYBLOB], 0xa0}}, 0xc0)
socket$inet6(0x10, 0x3, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f00000018c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000580)=ANY=[@ANYBLOB="280000001e000100000000000000000007000000", @ANYRES32=0x0, @ANYBLOB="00000060aa0c8a010000b67535b60cb4e3b3ef317b201b84770000000008000000f2529af14b7a0eb8f1e51691a8a2c8bc0e6746da31b374c03a6e94114f7196ed88ff52370b75e5618895b9e66c8eb804a09f72afd63d233aab9fe482197b67d760e94a87e51d9ea99ef0ad7c14f36a5387d06d6208ea707f80e9f9e367b25b7bc1719751fecd035e3afdc1e5131603a45c059584b04daa5d00e7469d721db611c82dffa8f9575e705531872be57159dc25bca0ac869ff6bbb0b0cbd561e66ba79ca249a181a3dc5785a8d91fd0c2b80fa631a34b0a6c1cddca2bfcfc319b576df5539656cffed6d9751d699c99b1c3fa2618e6747664b12d77a247cbec589c2b6daf0d54f33fc24b63260979cc8a80b68588e9ba22afc1ac9426403d12ae63aa9c52a316aa668ec67ecde65d70dd0fb311ffb1d4a25010bbbaa00c8393873a6deb0d43a61eb3f8069f7330448ac8d0cacea0f53636b5695014182261573d2c0fedc583a9eae2aff6d87c3eee4f91c7fb39a7c89101d8013b8fdc864d87ca6413b793"], 0x28}}, 0x0)

8m2.955725057s ago: executing program 0 (id=4767):
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
getsockopt$bt_l2cap_L2CAP_OPTIONS(r0, 0x6, 0x1, 0x0, 0x0)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, 0x0, 0x0)
r2 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r2, 0x400448c8, 0x0)
ioctl$sock_bt_hidp_HIDPCONNDEL(r2, 0x400448c9, &(0x7f0000000000)={@none, 0x1})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, &(0x7f0000000080)='bridge0\x00', 0x10)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x24003b84, 0x0, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
ioctl$USBDEVFS_SUBMITURB(0xffffffffffffffff, 0x8038550a, &(0x7f0000000000)=@urb_type_control={0x2, {}, 0x0, 0x0, &(0x7f0000000080)={0x0, 0xb, 0x0, 0x0, 0x7995}, 0xfcb5, 0x0, 0x0, 0x48000000, 0x0, 0x0, 0x0})
r4 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301)
ioctl$USBDEVFS_FREE_STREAMS(r4, 0x802c550a, &(0x7f0000000000)=ANY=[])
ioctl$USBDEVFS_REAPURB(r4, 0x4008550c, 0x0)
r5 = socket(0x840000000002, 0x3, 0x6)
connect$inet(r5, &(0x7f0000000540)={0x2, 0x4e22, @remote}, 0x10)
sendmmsg$inet(r5, &(0x7f0000005240)=[{{0x0, 0x0, 0x0}, 0xfffffdef}], 0x300, 0x401eb94)
sendmsg$key(r5, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000003c0)=ANY=[@ANYBLOB], 0xa0}}, 0xc0)
socket$inet6(0x10, 0x3, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f00000018c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000580)=ANY=[@ANYBLOB="280000001e000100000000000000000007000000", @ANYRES32=0x0, @ANYBLOB="00000060aa0c8a010000b67535b60cb4e3b3ef317b201b84770000000008000000f2529af14b7a0eb8f1e51691a8a2c8bc0e6746da31b374c03a6e94114f7196ed88ff52370b75e5618895b9e66c8eb804a09f72afd63d233aab9fe482197b67d760e94a87e51d9ea99ef0ad7c14f36a5387d06d6208ea707f80e9f9e367b25b7bc1719751fecd035e3afdc1e5131603a45c059584b04daa5d00e7469d721db611c82dffa8f9575e705531872be57159dc25bca0ac869ff6bbb0b0cbd561e66ba79ca249a181a3dc5785a8d91fd0c2b80fa631a34b0a6c1cddca2bfcfc319b576df5539656cffed6d9751d699c99b1c3fa2618e6747664b12d77a247cbec589c2b6daf0d54f33fc24b63260979cc8a80b68588e9ba22afc1ac9426403d12ae63aa9c52a316aa668ec67ecde65d70dd0fb311ffb1d4a25010bbbaa00c8393873a6deb0d43a61eb3f8069f7330448ac8d0cacea0f53636b5695014182261573d2c0fedc583a9eae2aff6d87c3eee4f91c7fb39a7c89101d8013b8fdc864d87ca6413b793"], 0x28}}, 0x0)

8m1.433165045s ago: executing program 0 (id=4777):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$sock_SIOCADDDLCI(r0, 0x5452, &(0x7f0000000100)={'veth1\x00'})
r1 = socket(0x10, 0x2, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r1, 0x89f1, &(0x7f0000000180)={'ip6_vti0\x00', &(0x7f0000000000)={'syztnl1\x00', <r2=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @empty, @private2={0xfc, 0x2, '\x00', 0x1}, 0x0, 0x80, 0xfffffffc, 0xdc67}})
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r1, 0x89f1, &(0x7f0000000140)={'syztnl1\x00', &(0x7f0000000240)={'syztnl0\x00', r2, 0x29, 0x0, 0x6, 0x7f, 0x5, @ipv4={'\x00', '\xff\xff', @multicast1}, @mcast1, 0x0, 0x40, 0x6, 0x41}})
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000400), 0x202)
fanotify_init(0x200, 0x40000)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
r3 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
r4 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x0, 0x0, 0xb6}, &(0x7f0000000000)=<r5=>0x0, &(0x7f0000000280)=<r6=>0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), r3)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000001c0)={'wlan0\x00'})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r4, 0x47f6, 0x0, 0x4, 0x0, 0x0)
r7 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_EEE_SET(r1, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x81}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x48, r7, 0xd, 0x70bd26, 0x25dfdbfe, {}, [@ETHTOOL_A_EEE_ENABLED={0x5}, @ETHTOOL_A_EEE_TX_LPI_TIMER={0x8, 0x7, 0x63}, @ETHTOOL_A_EEE_HEADER={0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}]}, @ETHTOOL_A_EEE_ENABLED={0x5}, @ETHTOOL_A_EEE_ENABLED={0x5, 0x5, 0x1}]}, 0x48}, 0x1, 0x0, 0x0, 0x50}, 0x4000000)
unlink(&(0x7f00000000c0)='./cgroup/cgroup.procs\x00')

8m0.676478061s ago: executing program 0 (id=4780):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$sock_SIOCADDDLCI(r0, 0x5452, &(0x7f0000000100)={'veth1\x00'})
r1 = socket(0x10, 0x2, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r1, 0x89f1, &(0x7f0000000180)={'ip6_vti0\x00', &(0x7f0000000000)={'syztnl1\x00', <r2=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @empty, @private2={0xfc, 0x2, '\x00', 0x1}, 0x0, 0x80, 0xfffffffc, 0xdc67}})
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r1, 0x89f1, &(0x7f0000000140)={'syztnl1\x00', &(0x7f0000000240)={'syztnl0\x00', r2, 0x29, 0x0, 0x6, 0x7f, 0x5, @ipv4={'\x00', '\xff\xff', @multicast1}, @mcast1, 0x0, 0x40, 0x6, 0x41}})
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000400), 0x202)
fanotify_init(0x200, 0x40000)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
r3 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
r4 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x0, 0x0, 0xb6}, &(0x7f0000000000)=<r5=>0x0, &(0x7f0000000280)=<r6=>0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), r3)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000001c0)={'wlan0\x00'})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r4, 0x47f6, 0x0, 0x4, 0x0, 0x0)
r7 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_EEE_SET(r1, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x81}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x48, r7, 0xd, 0x70bd26, 0x25dfdbfe, {}, [@ETHTOOL_A_EEE_ENABLED={0x5}, @ETHTOOL_A_EEE_TX_LPI_TIMER={0x8, 0x7, 0x63}, @ETHTOOL_A_EEE_HEADER={0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}]}, @ETHTOOL_A_EEE_ENABLED={0x5}, @ETHTOOL_A_EEE_ENABLED={0x5, 0x5, 0x1}]}, 0x48}, 0x1, 0x0, 0x0, 0x50}, 0x4000000)
unlink(&(0x7f00000000c0)='./cgroup/cgroup.procs\x00')

8m0.561351677s ago: executing program 0 (id=4773):
r0 = socket$phonet_pipe(0x23, 0x5, 0x2)
setsockopt$PNPIPE_HANDLE(r0, 0x113, 0x3, 0x0, 0x0)
connect$phonet_pipe(r0, &(0x7f0000000000), 0x10)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x220)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000100), 0xffffffffffffffff)
sendmsg$L2TP_CMD_SESSION_DELETE(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)={0x1c, r2, 0x1, 0x70bd28, 0x25dfdbfb, {}, [@L2TP_ATTR_SESSION_ID={0x8, 0xb, 0x2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x10004881}, 0x4009000)
openat$sndtimer(0xffffff9c, &(0x7f0000000440), 0x880)
r3 = open_tree(0xffffffffffffff9c, &(0x7f0000000480)='./file0\x00', 0x89901)
move_mount(r3, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x10)
r4 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_tx_ring(r4, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c)
mmap(&(0x7f0000000000/0x2000)=nil, 0x30000, 0x2, 0x11, r4, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xf0667000)
openat$dir(0xffffffffffffff9c, &(0x7f0000000380)='./file0\x00', 0x20242, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(r3, 0x89e2, &(0x7f0000000000)={<r5=>r3})
recvmsg$can_bcm(r5, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f00000000c0)=""/84, 0x54}, {&(0x7f00000001c0)=""/53, 0x35}], 0x2, &(0x7f0000000280)=""/255, 0xff}, 0x100)

8m0.366180432s ago: executing program 0 (id=4774):
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100000b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0)
setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x8, 0x400, 0x2, 0x2, 0x1, 0x2, 0x4000006}, 0x1c)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
io_setup(0x4006, &(0x7f0000000540)=<r2=>0x0)
r3 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
io_submit(r2, 0x1, &(0x7f0000000180)=[&(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1, 0x1, r3, &(0x7f0000000140)="010000", 0x3, 0x2a21}])
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
r4 = syz_open_dev$vim2m(&(0x7f0000000100), 0x7, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r4, 0xc0cc5605, &(0x7f0000000180)={0x1, @vbi={0x0, 0x0, 0xa0363159}})
write$tun(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="00000000bbbbbbbbbbbbaaaaaaaaaaaa080045190014006400000111909e1d2d8a115c7864010102e0"], 0x32)
syz_usbip_server_init(0x3)
lstat(&(0x7f00000005c0)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, <r5=>0x0})
statx(0xffffffffffffffff, &(0x7f0000000580)='./file0\x00', 0x0, 0x800, &(0x7f0000000600))
mount$tmpfs(0x0, &(0x7f0000000340)='./file0\x00', &(0x7f00000003c0), 0x400, &(0x7f0000000980)=ANY=[@ANYBLOB='huge=within_size,mode=00000000000000000000011,nr_blocks=06,gid=', @ANYRESHEX=r5, @ANYBLOB=',obj_type=/dev/snd/midiC#D#\x00,smackfsdef=/dev/snd/pcmC#D#c\x00,fsuuid=fd4a8e0a-db7a-S552-6bbd-4c2648d8,dont_appraise,fsmagic=0x0000000000000003,fsmagic=0x0000000000000008,smackfsfloor=/dev/net/tun\x00,\x00'])
write$UHID_INPUT(0xffffffffffffffff, 0x0, 0x0)
syz_open_dev$sndpcmc(0x0, 0x0, 0x0)
mount$9p_fd(0x0, &(0x7f0000000100)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="7472616e733d4b64e6295701000f2ddb265547112c800000006e8072f654261b02c6b3", @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRES8, @ANYBLOB="0e"])
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x20000000000, 0xfffffffffffffffd, 0x0, 0x0, 0x1000001000, 0x49}, 0x0, &(0x7f00000002c0)={0x3ff, 0x7, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006}, 0x0, 0x0)

7m54.375712697s ago: executing program 34 (id=4753):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_genetlink_get_family_id$l2tp(&(0x7f00000008c0), 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x208c00, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
unshare(0x22020400)
syz_io_uring_setup(0xcd8, &(0x7f0000000200)={0x0, 0x465e, 0x400, 0x3, 0x100234}, &(0x7f0000000340)=<r1=>0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r1, 0x0, &(0x7f00000002c0)=@IORING_OP_RENAMEAT={0x23, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000140)='./file1\x00', &(0x7f0000000180)='./file0\x00'})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = io_uring_setup(0x497c, &(0x7f00000001c0))
close_range(r2, r3, 0x0)
r4 = epoll_create1(0x0)
r5 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/wakeup_count', 0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r5, &(0x7f0000000200)={0xa000000a})
finit_module(r5, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r7 = dup(r6)
write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c)
r8 = syz_io_uring_setup(0x239, &(0x7f0000000740)={0x0, 0x1c2a, 0x10100, 0x0, 0x0, 0x0, r7}, &(0x7f0000000180)=<r9=>0x0, &(0x7f00000001c0)=<r10=>0x0)
syz_io_uring_submit(r9, r10, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r6, 0x0, 0x0, 0x0, {}, 0x1})
io_uring_enter(r8, 0x2ded, 0x4000, 0x0, 0x0, 0x0)
syslog(0x3, &(0x7f00000000c0)=""/59, 0x3b)

7m46.012113097s ago: executing program 35 (id=4774):
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100000b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0)
setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x8, 0x400, 0x2, 0x2, 0x1, 0x2, 0x4000006}, 0x1c)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
io_setup(0x4006, &(0x7f0000000540)=<r2=>0x0)
r3 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
io_submit(r2, 0x1, &(0x7f0000000180)=[&(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1, 0x1, r3, &(0x7f0000000140)="010000", 0x3, 0x2a21}])
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
r4 = syz_open_dev$vim2m(&(0x7f0000000100), 0x7, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r4, 0xc0cc5605, &(0x7f0000000180)={0x1, @vbi={0x0, 0x0, 0xa0363159}})
write$tun(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="00000000bbbbbbbbbbbbaaaaaaaaaaaa080045190014006400000111909e1d2d8a115c7864010102e0"], 0x32)
syz_usbip_server_init(0x3)
lstat(&(0x7f00000005c0)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, <r5=>0x0})
statx(0xffffffffffffffff, &(0x7f0000000580)='./file0\x00', 0x0, 0x800, &(0x7f0000000600))
mount$tmpfs(0x0, &(0x7f0000000340)='./file0\x00', &(0x7f00000003c0), 0x400, &(0x7f0000000980)=ANY=[@ANYBLOB='huge=within_size,mode=00000000000000000000011,nr_blocks=06,gid=', @ANYRESHEX=r5, @ANYBLOB=',obj_type=/dev/snd/midiC#D#\x00,smackfsdef=/dev/snd/pcmC#D#c\x00,fsuuid=fd4a8e0a-db7a-S552-6bbd-4c2648d8,dont_appraise,fsmagic=0x0000000000000003,fsmagic=0x0000000000000008,smackfsfloor=/dev/net/tun\x00,\x00'])
write$UHID_INPUT(0xffffffffffffffff, 0x0, 0x0)
syz_open_dev$sndpcmc(0x0, 0x0, 0x0)
mount$9p_fd(0x0, &(0x7f0000000100)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="7472616e733d4b64e6295701000f2ddb265547112c800000006e8072f654261b02c6b3", @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRES8, @ANYBLOB="0e"])
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x20000000000, 0xfffffffffffffffd, 0x0, 0x0, 0x1000001000, 0x49}, 0x0, &(0x7f00000002c0)={0x3ff, 0x7, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006}, 0x0, 0x0)

6.449357075s ago: executing program 5 (id=7315):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
bind$inet6(r0, &(0x7f0000000280)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r0, &(0x7f00000002c0)="9e", 0x1, 0x0, &(0x7f0000000200)={0xa, 0x4e23, 0x0, @loopback, 0xe}, 0x1c)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0x2fa34bd67f0adfbc}, 0x2000c091)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl802154(0x0, r1)
r2 = syz_io_uring_setup(0x497, &(0x7f0000000200)={0x0, 0x7278, 0x0, 0x2, 0x156}, &(0x7f0000000000)=<r3=>0x0, &(0x7f0000000100)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_READ_FIXED={0x4, 0x1, 0x2004, @fd_index=0x8, 0x4000000000000000, 0x3, 0xddbf, 0x0, 0x0, {0x1}})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x7)
r5 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r5, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
io_uring_enter(r2, 0x26c8, 0x0, 0x1, 0x0, 0x10)

4.940173761s ago: executing program 5 (id=7324):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_sha384\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0)
r1 = accept4(r0, 0x0, 0x0, 0x0)
recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/71, 0x47}], 0x1}, 0x0)
r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
r3 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r3, 0x0, r2, 0x0, 0x46)
close(r2)
r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x12d102, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x13, r4, 0x0)
getrandom(&(0x7f0000000240)=""/286, 0xffffff9a, 0x0)
r5 = syz_clone(0x0, &(0x7f00000005c0)="83f0eebb8ee652baf5e33c29e342e8cfbe25fa41d0ca0f1e83cc1f645d92f3d9f01f9b9715ef291d76709f9230d0511289742a25d3f6676ad56095fca2fee37da13becf8b2ba0513fe9ad247cdf3963ff991e80177be058246257bad21fab8918754c1e3a945b6c3698f8db8e5d8d0518d9b6dc27486dbe5b56932ba456e4b35a238585f0ae93f11580735346d92ffc96e0a52eb636e8c15e1022f2dbb72852e81964fdfe441f5f1745e4d2fb58c1da19f319d0be87db0b4ce8b10d6c642e62300c64e60c51e56901d126477e477569ffd072054fa33be35fe3c4c6be525907ccbd66c7bb4e70507ffb2333ea5202a88f96cb71c75dbd5a6c85d2f5c01507c242a34c41865181bdbb0df84d68d36ef55583ab047be5715f231e6497f8e10c73854f8837d69f147ad59e5a582dc9625b58fede25fbe3be47311200faa9f4346eab6835f88fd0b974abf1a3ebf730952e5976fe8fe80e92dfeeb44af589bb1e722ffdaa268b5a02cf30a09b69dfe196ca80b1e2ae5e2b214b103c0cde3355603a258016aa3d55ee56e9c439ab8e12103ee8809e142967769344163bf4638dd9cbd52bebb3a334a3d332aa6fd2118fdc8dbea47a30f3b1ccde8000aab0f153e14df32d7b9216c8ff1f163f664ef387beffa6780dc3aeb8ebe406c1173648552e127adc5b5e489ade7d4528f920f4da54ef0b32fb90bf27913bbad1f8693e08233004d7888c90cb5c120c2897b22ccec5041fe20b7c05f9ff8fb0a66185efad0ed57a73e753fe8c9fc9175727e8d259973ea4a3bbe1c0df329394878c2987ad9e3c30591d6fd91ed091e6e42cd6a404bd8f3eae229f277fdea9f535f300b183df8d5d6862a77e5d3a422e2286d929b8480a548f91b7333c5bfb0bf296d142ff2f25cc7a6b540d40cd08a21a253feb486688d1683273d9a3cc8bbcf32403db6c49ea52a750194fd9c8a68cf13ab8d39cf1d954e3bc032f839cd8459a6541f1bd18f4f30ab2a4c54f1e036778ec290e8e58fa27aa09a2da74774a65a95b0a95d84b09133bfdfe6232b9f1747a145e1f6841b4f3100b0195216c3c8d682bd4e82d3d4d087020e9d4ce76a881afb4e3b1ffd23d331eb837147bc698fabd3604165b21051074d817ddeb52f150e6edefcd65170ea5ec8936f72a7fffbcdc2de63b2b5163fc1b7b7730312fb29eb7cb667b8a561dd30bcae4cd86693d17c9e9fcfbbbd700228aefb8f0a92d99b7fd736be410793500f87cee9cffac6d6092ba8fca363bcd59ecb7785657a72199564ac4aab55a8824aa906747cb980e2ab314cf242fb711f10750b2449318788d60df2b34608aa36141274827e2a9a76ac7e6c463f20f11c70f1a476d3252cd78d1044523887799a6e5b910dff68a3e4f74571f7e7eb88e7a4e5446f8c8db611eaf54d91cb6172399a1402765e8d60e07a07e77ebf93426e0eec3ae4649049ed6fd4a3d64c4aaebe172a1249ba19d06b92c60b647a34dd56aaeb0cef0038adcc8510c399bd54ad77d1e4876d0b9df69b2682d3644fb7781db014ac1c1c597b518a5fd12b0901a6c96e7ac2a9ec17cea948710f96e9eca5af55b986ba019a86565bf7c06bbc0bfe6f23df6f5b2e028ee3019736318e2e5e3a8f84c6b7b2cb8b3b4887b8cd95164e07115ce884798fb3bb9158fc27248f19ae1421a6976186d7ee24789c8d3e1aee5b013968822233d1dae806180af13edd81bd3e8a5956224c7d9e1a1107cbc0c63a168b65d73b92d5ec01fb2574452be44041239b6519cff3c5864a44257e50789f6bcb23deac544885432b3204566a069cae9ca9ff12e8f630f42695214ddc2890aacf1f331d3114a394c3f3bea7db9ade6a4176663b9a5047f95556f34a09d658f64518b43674de086236ba201d6de6e137b1caab98abb43d3c6c63cae96a07a91e602dfe32e02152d347ae53feddd12dcc7d170f91579fe8a597ad2f940dc0d79ad92acd776b29322abb39261ecc5c05bca45d4e105e189d52e0940d82ff19bd0223f3385eb1c658fe26eb6b82ab550fbec9cfeb9774b89f3747bfb5cc856c496bc36e7ffef557538cc448574aae1d170afcc87215fbce50b21ec45a12848fed088c2859541cf855a84616b56a879665068d10ca52adab6b50ad46d0c9edad2fea4897181e99b19ff6d33c8620ef6f881476f06c1033dd1e9235de780c01a01baf221e2729ad5ea2ae606dd5423ff998824e45f2584a09a1b4d8152c4621760839fb4e76cfde7e478d6a4c3edfd2f17b3d3bb4a441ec86c9fdb0c885828fa681f539282939f88c2f4524eb225d2bd915965844918f7ccd9027771efa9ead9be957dec7d22961c232aeb0fb276471646bc2a6c92a052437af42ed55f67bcc432ee9441168eb07f93f1f2545e3c4fb1cc9d1ae3f1091da0351b8cf52f46c2875c4898073bc03651e011047dea9a27235c1", 0x6c0, 0x0, 0x0, 0x0)
r6 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
getsockopt$rose(r6, 0x104, 0x3, 0xffffffffffffffff, &(0x7f0000000080))
kcmp$KCMP_EPOLL_TFD(r5, r5, 0x7, r4, &(0x7f0000000000)={0xffffffffffffffff, r4, 0x3})
migrate_pages(r5, 0x4, 0x0, &(0x7f0000001780)=0x2)
sendmsg$ETHTOOL_MSG_WOL_SET(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000740)=ANY=[@ANYBLOB="1c000000", @ANYRES16, @ANYBLOB="470d000000000000000000000000080002"], 0x1c}}, 0x0)
r7 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000740)=ANY=[@ANYBLOB="14020000140001002dbd7000000000000a"], 0x214}], 0x1}, 0x0)
madvise(&(0x7f0000000000/0x400000)=nil, 0x40001e, 0x15)

3.873563045s ago: executing program 6 (id=7330):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)={{0x14}, [], {0x14, 0x10, 0x1, 0x0, 0x0, {0x3}}}, 0x28}}, 0x0)
syz_init_net_socket$netrom(0x6, 0x5, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$gtp(&(0x7f0000000040), 0xffffffffffffffff)
pipe(&(0x7f0000000340)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x129c81, 0x0)
ppoll(&(0x7f0000000280)=[{r2, 0x6000}], 0x1, 0x0, 0x0, 0x0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0xff2e)
ioctl$TCSETS(r2, 0x40045431, &(0x7f00000000c0)={0x0, 0x0, 0x6, 0x6, 0x1, "42341f9b1000007e4f00"})
r3 = syz_open_pts(r2, 0x40000)
dup3(r3, r2, 0x0)
splice(r2, 0x0, r1, 0x0, 0x7ffff000, 0x0)
write$cgroup_type(r1, &(0x7f0000000000), 0x9)
syz_genetlink_get_family_id$ethtool(0x0, r0)
r4 = socket(0x80000000000000a, 0x2, 0x0)
setsockopt$inet6_group_source_req(r4, 0x29, 0x2e, &(0x7f0000000080)={0x0, {{0xa, 0x4, 0x0, @mcast1={0xff, 0x7}, 0x8a4}}, {{0xa, 0x4e20, 0x100, @remote}}}, 0x108)
ioctl$SIOCSIFMTU(0xffffffffffffffff, 0x8922, &(0x7f0000000440)={'syz_tun\x00', 0x101})
ioctl$TIOCSETD(r3, 0x5423, &(0x7f00000001c0)=0x6)

3.318952139s ago: executing program 5 (id=7332):
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'dvmrp0\x00', 0xe43986f95b0e4309})
ioctl$RTC_PIE_OFF(0xffffffffffffffff, 0x7006)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800"/14, @ANYRES32], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x48c00, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
unshare(0x22020400)
syz_io_uring_setup(0xcd8, &(0x7f0000000200)={0x0, 0x465e, 0x400, 0x3, 0x100234}, &(0x7f0000000340), &(0x7f0000000280))
syz_usb_connect$hid(0x5, 0x0, 0x0, 0x0)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x18, 0x0, 0x500)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet6_tcp(0xa, 0x1, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xfffffffffffffffb, 0x9, 0x6, 0x0, 0x7}, 0x0)
r3 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301)
ioctl$USBDEVFS_DISCONNECT_CLAIM(r3, 0x8108551b, &(0x7f0000000380)={0x0, 0x0, "5a77bd318786aeb879ca62cdab2a0000000086d85b25a5665a3247e500f61681905db88235f8a5447dd2a2ed6e91626f068881e50f6853772b21a100efb76cba37ff3111d6847e8b9398a646717af75fc008daefba68e6222103472bc55704cdb72b4b996ed831f3b802549db3a8ffff7d34171113d806726615380fe65a6a0a72e1ac2b60bd6276fd8bb6363d10f70da60fd53ded22c87eb2be010e4a62fb73c33424b437bb192c9d06ea6ed04983fe5c5ca033dfce0a82575ef14eee686be0fc58e384f93a13f4e8bbf599394baea3a9ca1864f0a35d6cc38fca32ad6b39905a9727d2001457df7be7e1aefe363590d1f600"})
ioctl$USBDEVFS_CLEAR_HALT(r3, 0xc0105502, &(0x7f0000000300)={0x1, 0x1})
open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x0)
prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffd000/0x2000)=nil, 0x2000, &(0x7f00000000c0)='\x00')

3.022751442s ago: executing program 4 (id=7334):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000d84000)={0xa, 0x2, 0x200, @loopback, 0x7}, 0x1c)
ioctl$int_in(r0, 0x5452, &(0x7f0000000080)=0x1)
sendto$inet6(r0, 0x0, 0x0, 0x200008c5, &(0x7f0000000000)={0xa, 0x2, 0x2, @loopback, 0x4}, 0x1c)
ioctl$NBD_PRINT_DEBUG(0xffffffffffffffff, 0xab06)
readv(r0, &(0x7f0000001480)=[{&(0x7f00000000c0)=""/229, 0xe5}], 0x1)
shutdown(r0, 0x1)
recvfrom$inet6(r0, 0x0, 0x0, 0x20, 0x0, 0x0)
socket$inet6_icmp(0xa, 0x2, 0x3a)
bind$inet6(r0, &(0x7f0000002f40)={0xa, 0x4e22, 0x6, @rand_addr=' \x01\x00', 0x9}, 0x1c)

2.887529225s ago: executing program 6 (id=7335):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmsg$rds(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
setsockopt$RDS_CANCEL_SENT_TO(0xffffffffffffffff, 0x114, 0x1, 0x0, 0x0)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
sendmsg$RDMA_NLDEV_CMD_STAT_GET(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000340)={&(0x7f00000002c0)=ANY=[@ANYBLOB="400000001114200028bd7000fcdbdf2508004b0026000000bf3184bdd142c39a080003000300000008000300000000000800010042840ee6f8db9e0b29000000"], 0x40}, 0x1, 0x0, 0x0, 0x41}, 0x40)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mkdir(&(0x7f0000000100)='./file1\x00', 0x13b)
mkdir(&(0x7f0000000000)='./bus\x00', 0x0)
syz_open_pts(0xffffffffffffffff, 0x40100)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
r2 = open(&(0x7f0000000580)='./bus\x00', 0x80242, 0x100)
chdir(&(0x7f0000000400)='./file1\x00')
write$FUSE_CREATE_OPEN(r2, &(0x7f0000000180)={0xa0, 0xffffffffffffffda, 0x0, {{0x4, 0x3, 0x5, 0x6, 0x3, 0x1, {0x0, 0x9, 0x20ff, 0x5, 0x89, 0xd615, 0x9, 0x7fffffff, 0xfffffffe, 0x8000, 0x0, 0x0, 0x0, 0x3ff, 0x1}}, {0x0, 0x13}}}, 0xa0)
sendfile(r2, r2, &(0x7f0000000080), 0x7f03)
syz_open_pts(0xffffffffffffffff, 0xa000)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r3 = open(&(0x7f0000000180)='./bus\x00', 0x189a7c, 0x113)
ioctl$AUTOFS_IOC_EXPIRE_MULTI(r0, 0x40049366, &(0x7f0000000240)=0x1)
r4 = open(&(0x7f0000000040)='./bus\x00', 0x4e142, 0x0)
pwritev2(r4, &(0x7f0000000680), 0x0, 0x6000000, 0x0, 0x0)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x37fffee, 0x4002011, r3, 0x40000000)

2.887390572s ago: executing program 4 (id=7336):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
getpid()
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x6a95, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x10d, &(0x7f00000006c0)={0x0, 0x1885, 0x80, 0x2}, 0x0, 0x0)
socket$rds(0x15, 0x5, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000280)=ANY=[], 0x1c}], 0x1}, 0x300)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0)
write$RDMA_USER_CM_CMD_SET_OPTION(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
r2 = syz_usb_connect(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="1a0100005c6b4408070a64006e40010203030902240001a82300000904000002ca744d00090503034d00ff99090805", @ANYRES32], &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]})
r3 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
read$char_usb(r3, &(0x7f0000000280)=""/239, 0xef)
syz_usb_disconnect(r2)
r4 = syz_io_uring_setup(0x45, &(0x7f0000000300)={0x0, 0x0, 0x40, 0x2, 0x18}, &(0x7f0000000100), &(0x7f00000000c0))
io_uring_register$IORING_REGISTER_PBUF_RING(r4, 0x22, &(0x7f0000000200)={&(0x7f0000001000)={[{0x0, 0x0, 0x1}]}, 0x1}, 0x1)
r5 = ioctl$KVM_GET_STATS_FD_cpu(0xffffffffffffffff, 0xaece)
connect$unix(r5, &(0x7f0000000140)=@abs={0x0, 0x0, 0x76}, 0x6e)

2.014430837s ago: executing program 6 (id=7338):
r0 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'netdevsim0\x00', <r3=>0x0})
sendmsg$ETHTOOL_MSG_PAUSE_SET(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000cc0)={&(0x7f0000000100)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010000000000000000001e0000000c00018008000100", @ANYRES32=r3, @ANYBLOB="050003"], 0x28}}, 0x80)
syz_open_dev$swradio(&(0x7f0000000000), 0x0, 0x2)
r4 = gettid()
r5 = syz_open_procfs(r4, &(0x7f0000000040)='timerslack_ns\x00')
write$binfmt_format(r5, &(0x7f0000000180)='1\x00', 0x2)
pipe(&(0x7f0000000080)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
ioctl$VIDIOC_ENUM_FMT(r6, 0x541b, 0x0)

1.943032186s ago: executing program 6 (id=7340):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="09000000030000000400010005"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x2, 0x14, &(0x7f0000000640)=ANY=[@ANYBLOB="1802000000000000000000000000000018010000786c6c2500000000070000007b1af8ff00000000bfa100000000000007010000f8ffffffb700000000000000b7030000000000fd850000000400000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141181)
r2 = dup(r1)
write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c)
r3 = syz_io_uring_setup(0x5417, &(0x7f0000000740)={0x0, 0xc26a, 0x10100, 0x0, 0x0, 0x0, r2}, &(0x7f0000000100)=<r4=>0x0, &(0x7f00000001c0)=<r5=>0x0)
r6 = fsopen(&(0x7f0000000000)='configfs\x00', 0x1)
r7 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0xc0802, 0x0)
r8 = creat(&(0x7f0000000100)='./file0\x00', 0xd931d3864d39dcca)
write$binfmt_elf32(r8, &(0x7f0000000040)=ANY=[@ANYBLOB="7f454c46000000000000000000000000030006"], 0x69)
r9 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000000f60000000000000000000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r9}, 0x10)
r10 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
readv(r10, &(0x7f0000000000)=[{&(0x7f00000028c0)=""/4098, 0x1002}], 0x1)
close(0xffffffffffffffff)
execve(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
ioctl$PPPIOCNEWUNIT(r7, 0xc004743e, &(0x7f0000000280)=0x4)
ioctl$PPPIOCSFLAGS1(r7, 0x40047459, &(0x7f0000000100)=0x2000004)
pwritev(r7, &(0x7f0000000180)=[{&(0x7f00000007c0)="00214717a707001d0000030640710a069d317ebbaaa6b6eb35cc265143ba38207d9590ffea0bdc8900033a639a6e65bb66e2", 0x32}], 0x1, 0x807, 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r6, 0x8, 0x0, 0x0, 0x0)
ioprio_set$pid(0x0, 0x0, 0x2000)
r11 = shmat(0x0, &(0x7f0000ffc000/0x2000)=nil, 0x4000)
shmdt(r11)
syz_io_uring_submit(r4, r5, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1})
io_uring_enter(r3, 0x2ded, 0x4000, 0x0, 0x0, 0x0)
r12 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r12, 0x8933, &(0x7f0000000000)={'wlan0\x00'})

1.861030021s ago: executing program 7 (id=7342):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendto$inet6(r0, &(0x7f00000002c0)="9e", 0x1, 0x0, &(0x7f0000000200)={0xa, 0x4e23, 0x0, @loopback, 0xe}, 0x1c)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000480))
r1 = syz_io_uring_setup(0x497, &(0x7f0000000200)={0x0, 0x7278, 0x0, 0x2, 0x156}, &(0x7f0000000000)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_READ_FIXED={0x4, 0x1, 0x2004, @fd_index=0x8, 0x4000000000000000, 0x3, 0xddbf, 0x0, 0x0, {0x1}})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r4 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r4, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
io_uring_enter(r1, 0x26c8, 0x0, 0x1, 0x0, 0x10)

1.09469582s ago: executing program 4 (id=7343):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
bind$inet6(r0, &(0x7f0000000280)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000480))
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0x2fa34bd67f0adfbc}, 0x2000c091)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl802154(0x0, r1)
r2 = syz_io_uring_setup(0x497, &(0x7f0000000200)={0x0, 0x7278, 0x0, 0x2, 0x156}, &(0x7f0000000000)=<r3=>0x0, &(0x7f0000000100)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_READ_FIXED={0x4, 0x1, 0x2004, @fd_index=0x8, 0x4000000000000000, 0x3, 0xddbf, 0x0, 0x0, {0x1}})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x7)
r5 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r5, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
io_uring_enter(r2, 0x26c8, 0x0, 0x1, 0x0, 0x10)

934.005348ms ago: executing program 6 (id=7344):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000d84000)={0xa, 0x2, 0x200, @loopback, 0x7}, 0x1c)
ioctl$int_in(r0, 0x5452, &(0x7f0000000080)=0x1)
sendto$inet6(r0, 0x0, 0x0, 0x200008c5, &(0x7f0000000000)={0xa, 0x2, 0x2, @loopback, 0x4}, 0x1c)
ioctl$NBD_PRINT_DEBUG(0xffffffffffffffff, 0xab06)
readv(r0, &(0x7f0000001480)=[{&(0x7f00000000c0)=""/229, 0xe5}], 0x1)
shutdown(r0, 0x1)
recvfrom$inet6(r0, 0x0, 0x0, 0x20, 0x0, 0x0)
socket$inet6_icmp(0xa, 0x2, 0x3a)
bind$inet6(r0, &(0x7f0000002f40)={0xa, 0x4e22, 0x6, @rand_addr=' \x01\x00', 0x9}, 0x1c)

933.783522ms ago: executing program 4 (id=7345):
r0 = socket(0x2, 0x3, 0x5) (async)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) (async)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0xcc) (async)
r2 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
fcntl$notify(r2, 0x402, 0x8000001f)
mkdirat(r1, &(0x7f0000000180)='./bus\x00', 0x0)
renameat2(r1, &(0x7f0000000380)='./file0\x00', r1, &(0x7f0000000200)='./bus/file0\x00', 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000002b00)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010000000000000000002c00000018000180140002006e657464657673696d30"], 0x2c}}, 0x0)
getsockopt(r0, 0xff, 0x100000000000001, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000007940)={0x0, 0x0, &(0x7f00000000c0)={0x0, 0x33f}, 0x1, 0x0, 0x0, 0xc0d0}, 0x0) (async)
r5 = socket$inet_udp(0x2, 0x2, 0x0) (async)
r6 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r6, &(0x7f0000000440)=@pppol2tp={0x18, 0x1, {0x0, r5, {0x2, 0x1, @remote}, 0xa}}, 0x26) (async, rerun: 32)
sendmmsg$inet(r6, &(0x7f0000005f80)=[{{0x0, 0x0, &(0x7f0000005dc0)=[{&(0x7f00000010c0)="7d5107673289eeae3f806c5c62db497a0299399ab6101c3b", 0x1}], 0x1}}], 0x4000000000001ce, 0x8040) (async, rerun: 32)
r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NLBL_CIPSOV4_C_LIST(r7, &(0x7f0000000300)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000080)={&(0x7f0000000100)={0x1e4, r8, 0x100, 0x70bd28, 0x25dfdbfb, {}, [@NLBL_CIPSOV4_A_MLSLVLLST={0x9c, 0x8, 0x0, 0x1, [{0x2c, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xd9}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xd0}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xa9}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x43b59d6a}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xe1}]}, {0xc, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x17491f14}]}, {0x34, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x75127d23}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xb9}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x3ea7e3c2}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x8c}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x1073d326}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x9a}]}, {0x2c, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x5af253dd}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x476324e8}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x25}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x23d2ee7e}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x55a29089}]}]}, @NLBL_CIPSOV4_A_DOI={0x8}, @NLBL_CIPSOV4_A_MLSLVLLST={0x12c, 0x8, 0x0, 0x1, [{0x1c, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xbc}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x48}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xc9}]}, {0xc, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x2fa3a80c}]}, {0x44, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x499cf10e}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x72a63145}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xbd}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x4a31e}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x171f3e73}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x97}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xbf}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x7845f7d5}]}, {0x4c, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xe8}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x636d1467}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x3c}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x4ea78bff}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x17ba86c}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x7}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xd2}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x8}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x2fb3d000}]}, {0x2c, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x95}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x1acdcadf}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x1e0a6091}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x80}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x7aae4391}]}, {0x44, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x61b06972}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x20ee92dc}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x47c17a54}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xfa}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x69}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xf4}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x16}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x4f}]}]}]}, 0x1e4}, 0x1, 0x0, 0x0, 0x20000000}, 0x40004)

932.359871ms ago: executing program 7 (id=7352):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
bind$inet6(r0, &(0x7f0000000280)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000480))
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0x2fa34bd67f0adfbc}, 0x2000c091)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl802154(0x0, r1)
r2 = syz_io_uring_setup(0x497, &(0x7f0000000200)={0x0, 0x7278, 0x0, 0x2, 0x156}, &(0x7f0000000000)=<r3=>0x0, &(0x7f0000000100)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_READ_FIXED={0x4, 0x1, 0x2004, @fd_index=0x8, 0x4000000000000000, 0x3, 0xddbf, 0x0, 0x0, {0x1}})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x7)
r5 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r5, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
io_uring_enter(r2, 0x26c8, 0x0, 0x1, 0x0, 0x10)

819.318969ms ago: executing program 7 (id=7346):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x70bd2b, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7b, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
write$cgroup_int(0xffffffffffffffff, &(0x7f0000000180)=0x3, 0x12)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_int(r4, 0x0, 0x32, 0x0, 0x0)
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
r6 = syz_open_dev$dri(&(0x7f0000000040), 0x20000000, 0x40800)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r6, 0xc04064a0, &(0x7f0000000000)={0x0, &(0x7f00000001c0)=[<r7=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r6, 0xc06864a1, &(0x7f0000000240)={0x0, 0x0, r7, <r8=>0x0})
ioctl$DRM_IOCTL_MODE_GETFB2(r6, 0xc06864ce, &(0x7f0000000380)={r8, 0x0, 0x1ff, 0x0, 0x0, [<r9=>0x0], [0x9, 0x0, 0x0, 0x8], [0x3, 0x20000000, 0x100, 0xd], [0x1000010000000, 0x0, 0x7fffffffffffffff]})
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r6, 0xc00c642d, &(0x7f0000000080)={r9, 0x0, <r10=>0xffffffffffffffff})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r5, 0xc00c642e, &(0x7f00000000c0)={0x0, 0x0, r10})
close_range(r0, 0xffffffffffffffff, 0x0)
r11 = syz_io_uring_setup(0x88f, &(0x7f0000000340)={0x0, 0xaee2, 0x100, 0x2, 0xbfdffffc}, &(0x7f0000000000)=<r12=>0x0, &(0x7f0000000180)=<r13=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r12, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
r14 = socket$xdp(0x2c, 0x3, 0x0)
syz_io_uring_submit(r12, r13, &(0x7f00000002c0)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x0, 0x0, r14, 0x0, 0x0, 0x0, 0x40012020, 0x1, {0x2}})
io_uring_enter(r11, 0x47f6, 0x0, 0x4, 0x0, 0x0)

819.055976ms ago: executing program 6 (id=7347):
write(0xffffffffffffffff, 0x0, 0x0)
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000400)=ANY=[@ANYBLOB="0205000e0a00000001000000feffffff03000600ff0000000200000064010100000000000000000002000100000004d30000060b00000000030005000000000002000000ac141daa0000000000000000eb4373464b8cb33205e78df70b2205c32484c7d7893dd22cfdad830e3febfa0e4604bc634563996199b84271452cdffb70a527825cc707de663fb713413138e00aac5e201b072e3999c80c9ec572744c15ef3717c6ef254619da363876340a7d94ec1bf3299321eb9b4dead85064a3828ddc4bcd6dcb898250e5a6cd6ff0615503b6178e4cb6fa15939e0d2549275ab0824d26c9353a18dd48e5c5be8c0977633106a1c7cabdb96ee1f84cfdf341a04aa589c5f601c08187f0a6a032c70095e5dcfa89f50202fda01230dc7a82a7b2210411c10f02a6172ee4c9de723db380ad4df21ce2ba38"], 0x50}, 0x1, 0x7}, 0x4000000)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x3, @pix={0x434c, 0x8, 0x584e4f53, 0x4, 0x2, 0x7, 0x0, 0x5, 0x1, 0x4, 0x2, 0x7}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x700, 0x0)
r2 = socket$can_raw(0x1d, 0x3, 0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r4 = dup(r3)
write$6lowpan_enable(r4, &(0x7f0000000000)='0', 0xfffffd2c)
r5 = syz_io_uring_setup(0x239, &(0x7f0000000380)={0x0, 0xa005, 0x10100, 0x3, 0x99}, &(0x7f0000000080)=<r6=>0x0, &(0x7f0000000100)=<r7=>0x0)
syz_io_uring_submit(r6, r7, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r2, 0x0, 0x0, 0x0, {0x230}})
io_uring_enter(r5, 0x2ded, 0x4000, 0x22, 0x0, 0x0)
openat$sw_sync(0xffffffffffffff9c, 0x0, 0x0, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffe000/0x1000)=nil, 0x0, 0x3, 0x10, r4, 0x0)
r8 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x200, 0x0)
ppoll(&(0x7f0000000000)=[{r8, 0x8108}], 0x1, 0x0, 0x0, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r8, 0xc0045005, &(0x7f0000000640)=0x10)
mmap$dsp(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x100000b, 0x8012, r8, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
getsockopt(0xffffffffffffffff, 0x200000000114, 0x2711, &(0x7f0000c35fff)=""/1, &(0x7f0000000000)=0xf002)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[], 0x44}, 0x1, 0x40afc, 0x0, 0x8011}, 0x0)
epoll_create1(0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0)

319.298435ms ago: executing program 5 (id=7348):
write$uinput_user_dev(0xffffffffffffffff, 0x0, 0x0)
r0 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000000)=0x4792, 0x4)
sendmmsg$inet6(r0, &(0x7f00000000c0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0}}], 0x1, 0x0)
ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0)

237.28558ms ago: executing program 7 (id=7349):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x6c240, 0x0)
r1 = syz_open_dev$loop(&(0x7f0000000080), 0x47ffffa, 0x122c42)
ioctl$LOOP_CONFIGURE(r1, 0x4c0a, &(0x7f0000000440)={r0, 0x2000, {0x0, 0x0, 0x0, 0x40008, 0x0, 0x13, 0x0, 0x0, 0x1c, "339f020bbe78b39843d601010000000000080d0ec0c1b4e9b1c4369d03741250ceaac50104000041dd17c18e8438ef2a565ef1e833236500", "a1163939c787a16c1ca43f8539f3d3289737f0374c72a964a0193b3e8772fd29f35239d200", "24431a1e77a68e174f000000000000000010e200", [0x1f00000000000000]}})
ioctl$LOOP_SET_STATUS64(r1, 0x4c1f, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x40008, 0x2, 0x0, 0x0, 0x10, 0x4, "995e4c8b0ba6f8ed413b1ee5f3a7c862bbf64092868fd6943a428277be3c0fd8c867f86e662e0c2dd39186b32ee0690c16eb180e81ed3e5e2ebe64446497c2fc", "a6fafe5554ac900cc641df63c82e3d2347ef4230f37485c698954b3d8be9b663e59116e54ef137506743aa54d43eeef70999ee41524cf2aef5653e90d68d5ac5", "0286bcec3e402f381e7bfd123ec7d0d13d4c50ed000000000500", [0x0, 0x9]})

237.01029ms ago: executing program 4 (id=7350):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x18, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000000000000000000000000000950000"], &(0x7f0000000c40)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='contention_begin\x00', r0}, 0x18)
r1 = creat(&(0x7f0000000040)='./file0\x00', 0x4b)
close(r1)
r2 = syz_open_dev$dri(0x0, 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f0000000140)={0x0, &(0x7f0000000380)=[<r3=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r1, 0xc06864a1, &(0x7f0000000300)={0x0, 0xfffffffffffffe7a, r3, <r4=>0x0})
ioctl$DRM_IOCTL_MODE_GETFB2(r1, 0xc06864ce, &(0x7f0000000600)={r4, 0x0, 0x0, 0x0, 0x3, [<r5=>0x0, 0x0, 0x0, <r6=>0x0], [0x800000], [0x0, 0x1001000, 0x4000], [0x0, 0x0, 0x4]})
ioctl$DRM_IOCTL_MODE_ADDFB2(r1, 0xc06864b8, &(0x7f00000001c0)={0x0, 0xae, 0x3ff, 0x34325241, 0x0, [r5, 0x0, 0x0, r6], [0x2b8]})
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0})

190.74494ms ago: executing program 5 (id=7351):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000003ec0), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_TSINFO_GET(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000003f80)={&(0x7f00000001c0)=ANY=[@ANYBLOB="14000000", @ANYRES16=r1, @ANYBLOB="19000000"], 0x14}, 0x1, 0x0, 0x0, 0x10}, 0x40004)
r2 = socket$kcm(0x2, 0x200000000000001, 0x106)
sendmsg$inet(r2, &(0x7f0000000080)={&(0x7f0000000140)={0x2, 0x4e24, @local}, 0x10, 0x0}, 0x30005050)
setsockopt$sock_attach_bpf(r2, 0x1, 0x24, &(0x7f0000000000), 0x4)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x22102, 0x0)
unshare(0x24060400)
r4 = openat$tcp_mem(0xffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/tcp_wmem\x00', 0x1, 0x0)
write$tcp_mem(r4, &(0x7f0000000080)={0x7fff, 0x20, 0x0, 0x20, 0x9}, 0x48)
r5 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r6 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_CANCEL_SENT_TO(r6, 0x114, 0x1, &(0x7f0000000240)={0x2, 0x4e22, @local}, 0x10)
ioctl$KVM_CREATE_IRQCHIP(r5, 0xae60)
ioctl$AUTOFS_DEV_IOCTL_READY(0xffffffffffffffff, 0xc0189376, &(0x7f0000000100)={{0x1, 0x1, 0x18, <r7=>r2, {0x200}}, './file0\x00'})
ioctl$BLKROGET(r7, 0x125e, &(0x7f0000000180))
r8 = eventfd(0x8)
r9 = eventfd(0x0)
ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000280)={r8, 0x2, 0x2, r9})

95.116119ms ago: executing program 4 (id=7353):
socket$inet_sctp(0x2, 0x5, 0x84)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r3 = dup(r2)
write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c)
ioprio_set$pid(0x3, 0x0, 0x0)
ioctl$EVIOCSCLOCKID(r3, 0x400445a0, 0x0)
io_uring_enter(r3, 0x20159e, 0x4000, 0x0, 0x0, 0x0)
fcntl$lock(0xffffffffffffffff, 0x6, 0x0)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000047c0)=ANY=[@ANYBLOB="140000003a"], 0x14}}, 0x0)
openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r6 = fcntl$dupfd(r4, 0x0, r4)
setsockopt$inet_tcp_TCP_MD5SIG(r6, 0x6, 0xe, 0x0, 0x0)
sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={0x0}, 0x1, 0x0, 0x0, 0x8888}, 0x8880)
syz_open_dev$tty20(0xc, 0x4, 0x0)
r7 = syz_open_dev$vcsa(&(0x7f0000000000), 0x1, 0x0)
poll(&(0x7f0000000180)=[{r7}], 0x1, 0x0)
quotactl$Q_SYNC(0xffffffff80000102, 0x0, 0x0, 0x0)
syz_open_dev$sndctrl(&(0x7f0000000080), 0x0, 0x0)
r8 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0)
writev(r8, &(0x7f00000000c0)=[{&(0x7f0000000140)='2', 0x1}], 0x1)
r9 = openat$rtc(0xffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$BTRFS_IOC_TREE_SEARCH(r9, 0x7005, 0x0)

27.93719ms ago: executing program 7 (id=7354):
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)=[{&(0x7f0000001580)="d80000001a0081044e81f782db4cb9040a1d08007b490d4f1e81f8d815001b003a05142603600e12080005007a010401a800160020e0034004000000035c0461c9d67f6f940071342e875fab7cb6cec6cf6efb8000a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b141993b134e653fe8efe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9ee5350db79826521340fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e", 0xd8}], 0x1}, 0x44000)
getsockopt$TIPC_IMPORTANCE(0xffffffffffffffff, 0x10f, 0x7f, &(0x7f0000000100), &(0x7f0000000140)=0x4)
r1 = syz_io_uring_setup(0x5805, &(0x7f00000001c0)={0x0, 0x86a9, 0x80, 0x2, 0x3db}, &(0x7f0000000180), &(0x7f00000000c0))
io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r1, 0x10, &(0x7f00000056c0)={0xffffffff, 0x0, &(0x7f0000005640)=[{0x0}], 0x0, 0x1}, 0x20)

2.676568ms ago: executing program 5 (id=7355):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendto$inet6(r0, &(0x7f00000002c0)="9e", 0x1, 0x0, &(0x7f0000000200)={0xa, 0x4e23, 0x0, @loopback, 0xe}, 0x1c)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000480))
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0x2fa34bd67f0adfbc}, 0x2000c091)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl802154(0x0, r1)
r2 = syz_io_uring_setup(0x497, &(0x7f0000000200)={0x0, 0x7278, 0x0, 0x2, 0x156}, &(0x7f0000000000)=<r3=>0x0, &(0x7f0000000100)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_READ_FIXED={0x4, 0x1, 0x2004, @fd_index=0x8, 0x4000000000000000, 0x3, 0xddbf, 0x0, 0x0, {0x1}})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x7)
r5 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r5, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
io_uring_enter(r2, 0x26c8, 0x0, 0x1, 0x0, 0x10)

0s ago: executing program 7 (id=7356):
syz_io_uring_setup(0x2e47, &(0x7f0000000080)={0x0, 0xed6e, 0x40, 0x3, 0x1f7}, &(0x7f0000000100), &(0x7f0000000140))
r0 = memfd_create(&(0x7f0000000300)='+\x8b\x8a\x16\x11O\xdd\xdfk(F\x99\xdf\x92\xd5>oJ\x02u\x9b\xafa\xac\x06\x9c&\xf5\xe3j\xfa\tcqM\xb8R\x86\xd9\xd2.\x9f\x12\xed\x10\f\xbd\x1a|\x8a\xbb\xda\xcfY\x98gU@\xf2M\xc0\xb5\xdf\x9a\x8d\xdb,n\xae\x0eT\x80\x8c\xfd\xd7\xb0\x94\x82t\x96\rKx\xc5\x9b\x8c\x87\x96\x8bc\xbc\xee\xcc\x9f\xe3F\x99V4\x8e;M\xa9\x823\xe3\xb3mG\x8f\xdb\xed\x1b\x05\xec\xfc\xd1\xb5\xfd\xec@\xdeU\xdd\xa4\xc1\xe4L)\x8e\xe5\x91\x8e\xd4\x89\xef\x95T\x05G\xac\xb8\xc1: )mh\xc7\xf1?\xbb\x13;\xad\x95\xd70\xb6\x0e\x7f\x84r\x0e\xbf\xc5\xf6\xd4\xdd\t\x14\x18\xf7\xefi\x93\x03\xd2\xf2\bK\"\xd2\xb5\xaa\xb8\xc8\xe0\xac\x99\xe8su\xcd\xc3E\x12\xd7\xdd\x96!\x16Tu\xe3\xf0\x84#R\xd9\xe3~Wj\xb0r\x87\'\xea\a\xcfOeK\x9daW\xf4\x87@\x9c\xf3\xf1K\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x91\xe6\xdb\xc2\xa5h\'\xdfIn\x97\x0263~\xeb\xbe(i\n\xc2k4\x7f\x12\xa9e`SOs\x8c\xb4\xe7FeQ\xc6$\x92j_U\xfa\b\xea\xb0bYkW\xc0\x05\aC{\xcc\x03T\x17\xa5Sk\x87P\xc2\x97D\xb2\xfa\x1b\x9fe\xf4\x10\x1a\xad\x92\xce\x88\x1b\xbc\xe14\x19\xaa\xd3\r\xf4\xa2\xc3\x9e=\xa0 \xe6j\xe5\x85\xf8\x97\x03\x15\xaa\x920\xdcrI\xd8\b\xfb\xc7\xe7xX\x00>d\xbb\xa71\xad\x9a\xfb\xe6\x13\x87\x93\\\xe5W-\xfc\xfd\xb8O\xb9j\xb8\xf2\x9dx\xb2\x86\xad\x92', 0x3)
write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[], 0x78)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r1, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=ANY=[@ANYBLOB="180000007fe6287c1df3ff86d4f91e000585000000000000000005002b0046000000"], 0x18}], 0x1}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r2 = socket$kcm(0x2, 0x3, 0x2)
ioctl$SIOCSIFHWADDR(r2, 0x8919, &(0x7f0000000040)={'bond_slave_1\x00', @random="020000002000"})
ioctl$BTRFS_IOC_START_SYNC(r2, 0x80089418, &(0x7f0000000140))
socket$kcm(0x29, 0x5, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
bind$alg(0xffffffffffffffff, &(0x7f0000000040)={0x26, 'hash\x00', 0x0, 0x0, 'blake2b-512-generic\x00'}, 0x58)
r4 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1)
bind$bt_hci(r4, &(0x7f0000000000)={0x27}, 0x74)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0), 0xc2d41, 0x0) (fail_nth: 9)
fcntl$addseals(0xffffffffffffffff, 0x409, 0x8)
r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x60081, 0x0)
ioctl$TIOCSETD(r5, 0x5423, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TIOCSTI(r6, 0x5412, &(0x7f00000002c0)=0x7e)
r7 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000040)=@rxrpc=@in6={0x21, 0x2, 0x2, 0x1c, {0xa, 0x4e21, 0x4, @private2={0xfc, 0x2, '\x00', 0x1}, 0x9}}, 0xffffffffffffff93, 0x0}, 0x4000004)
write$cgroup_subtree(r7, &(0x7f0000000000)=ANY=[], 0xfe33)

kernel console output (not intermixed with test programs):

ferent from the interface descriptor's value: 2
[ 1450.375862][ T2172] usb 10-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41
[ 1450.378606][ T2172] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11
[ 1450.380777][T30789] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6546'.
[ 1450.381283][ T2172] usb 10-1: Product: syz
[ 1450.385089][ T2172] usb 10-1: Manufacturer: syz
[ 1450.386427][ T2172] usb 10-1: SerialNumber: syz
[ 1450.460437][ T6018] usb 11-1: USB disconnect, device number 41
[ 1450.464264][ T6018] usblp0: removed
[ 1450.591379][ T2172] usblp 10-1:1.0: usblp0: USB Unidirectional printer dev 44 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[ 1450.786756][ T6018] usb 10-1: USB disconnect, device number 44
[ 1450.791474][ T6018] usblp0: removed
[ 1450.890049][T30789] bridge1: entered promiscuous mode
[ 1450.891725][T30789] bridge1: entered allmulticast mode
[ 1452.438308][T30829] loop6: detected capacity change from 0 to 2560
[ 1452.440901][T30829] ldm_validate_partition_table(): Disk read failed.
[ 1452.443156][T30829] Dev loop6: unable to read RDB block 0
[ 1452.445009][T30829]  loop6: unable to read partition table
[ 1452.446708][T30829] loop_reread_partitions: partition scan of loop6 (3Ÿ¾‚³˜) failed (rc=-5)
[ 1454.272547][T30866] vhci_hcd vhci_hcd.0: pdev(7) rhport(0) sockfd(6)
[ 1454.274698][T30866] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[ 1454.278598][T30866] vhci_hcd vhci_hcd.0: Device attached
[ 1454.429235][T30868] vhci_hcd: connection closed
[ 1454.429857][T23740] vhci_hcd: stop threads
[ 1454.432703][T23740] vhci_hcd: release socket
[ 1454.438480][T23740] vhci_hcd: disconnect device
[ 1454.447484][ T6062] vhci_hcd: vhci_device speed not set
[ 1456.047651][ T1342] usb 11-1: new high-speed USB device number 42 using dummy_hcd
[ 1456.310641][T30909] netlink: 'syz.4.6579': attribute type 1 has an invalid length.
[ 1456.330035][T30909] 8021q: adding VLAN 0 to HW filter on device bond1
[ 1456.372607][ T1342] usb 11-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[ 1456.375724][ T1342] usb 11-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[ 1456.380146][ T1342] usb 11-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1456.389037][ T1342] usb 11-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41
[ 1456.392276][ T1342] usb 11-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11
[ 1456.395058][ T1342] usb 11-1: Product: syz
[ 1456.396534][ T1342] usb 11-1: Manufacturer: syz
[ 1456.399039][ T1342] usb 11-1: SerialNumber: syz
[ 1456.403087][T30911] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6579'.
[ 1456.609820][ T1342] usblp 11-1:1.0: usblp0: USB Unidirectional printer dev 42 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[ 1456.814600][T24094] usb 11-1: USB disconnect, device number 42
[ 1456.817686][T24094] usblp0: removed
[ 1457.038051][ T1342] usb 12-1: new high-speed USB device number 48 using dummy_hcd
[ 1457.183209][ T1342] usb 12-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[ 1457.186413][ T1342] usb 12-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[ 1457.189446][ T1342] usb 12-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1457.195471][ T1342] usb 12-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41
[ 1457.198334][ T1342] usb 12-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11
[ 1457.201110][ T1342] usb 12-1: Product: syz
[ 1457.202537][ T1342] usb 12-1: Manufacturer: syz
[ 1457.204031][ T1342] usb 12-1: SerialNumber: syz
[ 1457.285049][T30923] FAULT_INJECTION: forcing a failure.
[ 1457.285049][T30923] name failslab, interval 1, probability 0, space 0, times 0
[ 1457.289197][T30923] CPU: 1 UID: 0 PID: 30923 Comm: syz.4.6582 Not tainted 6.16.0-syzkaller-11489-gd2eedaa3909b #0 PREEMPT(full) 
[ 1457.289212][T30923] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 1457.289218][T30923] Call Trace:
[ 1457.289222][T30923]  <TASK>
[ 1457.289238][T30923]  dump_stack_lvl+0x16c/0x1f0
[ 1457.289259][T30923]  should_fail_ex+0x512/0x640
[ 1457.289270][T30923]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[ 1457.289286][T30923]  should_failslab+0xc2/0x120
[ 1457.289324][T30923]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[ 1457.289337][T30923]  ? __alloc_skb+0x2b2/0x380
[ 1457.289355][T30923]  __alloc_skb+0x2b2/0x380
[ 1457.289369][T30923]  ? __pfx___alloc_skb+0x10/0x10
[ 1457.289385][T30923]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[ 1457.289404][T30923]  netlink_alloc_large_skb+0x69/0x130
[ 1457.289422][T30923]  netlink_sendmsg+0x6a1/0xdd0
[ 1457.289440][T30923]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1457.289457][T30923]  ? __import_iovec+0x1dd/0x650
[ 1457.289473][T30923]  ____sys_sendmsg+0xa95/0xc70
[ 1457.289487][T30923]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1457.289499][T30923]  ? get_compat_msghdr+0x11a/0x170
[ 1457.289520][T30923]  ___sys_sendmsg+0x134/0x1d0
[ 1457.289536][T30923]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1457.289559][T30923]  ? find_held_lock+0x2b/0x80
[ 1457.289579][T30923]  __sys_sendmsg+0x16d/0x220
[ 1457.289595][T30923]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1457.289616][T30923]  ? rcu_is_watching+0x12/0xc0
[ 1457.289629][T30923]  __do_fast_syscall_32+0x7c/0x3a0
[ 1457.289641][T30923]  do_fast_syscall_32+0x32/0x80
[ 1457.289651][T30923]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1457.289665][T30923] RIP: 0023:0xf7fa4579
[ 1457.289674][T30923] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[ 1457.289684][T30923] RSP: 002b:00000000f50a555c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[ 1457.289695][T30923] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 00000000800012c0
[ 1457.289701][T30923] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1457.289708][T30923] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1457.289714][T30923] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[ 1457.289720][T30923] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1457.289733][T30923]  </TASK>
[ 1457.478456][ T1342] usblp 12-1:1.0: usblp0: USB Unidirectional printer dev 48 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[ 1457.491057][ T1342] usb 12-1: USB disconnect, device number 48
[ 1457.494776][ T1342] usblp0: removed
[ 1457.714530][T30932] netlink: 'syz.5.6583': attribute type 21 has an invalid length.
[ 1457.724275][T16313] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None
[ 1458.505396][T17011] usb 10-1: new high-speed USB device number 45 using dummy_hcd
[ 1458.649969][T17011] usb 10-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[ 1458.652997][T17011] usb 10-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[ 1458.656000][T17011] usb 10-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1458.679376][T17011] usb 10-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41
[ 1458.682226][T17011] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11
[ 1458.684730][T17011] usb 10-1: Product: syz
[ 1458.686093][T17011] usb 10-1: Manufacturer: syz
[ 1458.687683][T17011] usb 10-1: SerialNumber: syz
[ 1458.896338][T17011] usblp 10-1:1.0: usblp0: USB Unidirectional printer dev 45 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[ 1458.985659][T30946] vhci_hcd vhci_hcd.0: pdev(7) rhport(0) sockfd(6)
[ 1458.987886][T30946] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[ 1458.991107][T30946] vhci_hcd vhci_hcd.0: Device attached
[ 1459.002072][T30948] vhci_hcd: connection closed
[ 1459.002547][T23740] vhci_hcd: stop threads
[ 1459.006172][T23740] vhci_hcd: release socket
[ 1459.007989][T23740] vhci_hcd: disconnect device
[ 1459.092003][ T6062] usb 10-1: USB disconnect, device number 45
[ 1459.101239][ T6062] usblp0: removed
[ 1460.136341][T30965] syzkaller1: entered promiscuous mode
[ 1460.138117][T30965] syzkaller1: entered allmulticast mode
[ 1460.151687][T30965] PF_CAN: dropped non conform CAN XL skbuff: dev type 65534, len 6
[ 1461.113311][T30984] netlink: 4 bytes leftover after parsing attributes in process `syz.6.6603'.
[ 1461.161047][T30986] FAULT_INJECTION: forcing a failure.
[ 1461.161047][T30986] name failslab, interval 1, probability 0, space 0, times 0
[ 1461.172346][T30986] CPU: 3 UID: 0 PID: 30986 Comm: syz.6.6604 Not tainted 6.16.0-syzkaller-11489-gd2eedaa3909b #0 PREEMPT(full) 
[ 1461.172362][T30986] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 1461.172368][T30986] Call Trace:
[ 1461.172373][T30986]  <TASK>
[ 1461.172377][T30986]  dump_stack_lvl+0x16c/0x1f0
[ 1461.172397][T30986]  should_fail_ex+0x512/0x640
[ 1461.172408][T30986]  ? fs_reclaim_acquire+0xae/0x150
[ 1461.172425][T30986]  ? tomoyo_encode2+0x100/0x3e0
[ 1461.172437][T30986]  should_failslab+0xc2/0x120
[ 1461.172452][T30986]  __kmalloc_noprof+0xd2/0x510
[ 1461.172467][T30986]  tomoyo_encode2+0x100/0x3e0
[ 1461.172481][T30986]  tomoyo_encode+0x29/0x50
[ 1461.172493][T30986]  tomoyo_realpath_from_path+0x18f/0x6e0
[ 1461.172508][T30986]  ? tomoyo_profile+0x47/0x60
[ 1461.172524][T30986]  tomoyo_path_number_perm+0x245/0x580
[ 1461.172534][T30986]  ? tomoyo_path_number_perm+0x237/0x580
[ 1461.172546][T30986]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1461.172570][T30986]  ? find_held_lock+0x2b/0x80
[ 1461.172594][T30986]  ? hook_file_ioctl_common+0x145/0x410
[ 1461.172607][T30986]  ? __fget_files+0x20e/0x3c0
[ 1461.172621][T30986]  security_file_ioctl_compat+0x9b/0x240
[ 1461.172634][T30986]  __ia32_compat_sys_ioctl+0xc3/0x370
[ 1461.172653][T30986]  __do_fast_syscall_32+0x7c/0x3a0
[ 1461.172664][T30986]  do_fast_syscall_32+0x32/0x80
[ 1461.172674][T30986]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1461.172687][T30986] RIP: 0023:0xf7fc7579
[ 1461.172696][T30986] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[ 1461.172707][T30986] RSP: 002b:00000000f50e655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[ 1461.172717][T30986] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000004008ae89
[ 1461.172724][T30986] RDX: 0000000080000100 RSI: 0000000000000000 RDI: 0000000000000000
[ 1461.172730][T30986] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1461.172736][T30986] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[ 1461.172748][T30986] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1461.172761][T30986]  </TASK>
[ 1461.172802][T30986] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1461.391679][ T6062] usb 12-1: new high-speed USB device number 49 using dummy_hcd
[ 1461.539049][T30995] tipc: Can't bind to reserved service type 1
[ 1461.587986][ T6062] usb 12-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[ 1461.949336][ T6062] usb 12-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[ 1461.952645][ T6062] usb 12-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1461.967793][ T6062] usb 12-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41
[ 1461.972330][ T6062] usb 12-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11
[ 1461.977706][ T6062] usb 12-1: Product: syz
[ 1461.980830][ T6062] usb 12-1: Manufacturer: syz
[ 1461.984103][ T6062] usb 12-1: SerialNumber: syz
[ 1462.203524][ T6062] usblp 12-1:1.0: usblp0: USB Unidirectional printer dev 49 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[ 1462.359097][T31003] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1462.411973][ T1342] usb 12-1: USB disconnect, device number 49
[ 1462.416235][ T1342] usblp0: removed
[ 1462.668963][T31003] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1463.100886][T31021] XFS (nbd7): no-recovery mounts must be read-only.
[ 1465.683217][T31094] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1465.862443][T31097] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1465.945300][T31080] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1466.687126][T31115] netlink: 12 bytes leftover after parsing attributes in process `syz.4.6642'.
[ 1466.748173][T31120] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6642'.
[ 1468.879900][T31153] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1468.945403][T24094] usb 12-1: new high-speed USB device number 50 using dummy_hcd
[ 1468.957323][T31153] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1469.072470][T14743] usb 9-1: new high-speed USB device number 51 using dummy_hcd
[ 1469.222848][T14743] usb 9-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[ 1469.227143][T14743] usb 9-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[ 1469.230223][T14743] usb 9-1: config 1 has 1 interface, different from the descriptor's value: 66
[ 1469.232945][T14743] usb 9-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[ 1469.236044][T14743] usb 9-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[ 1469.240775][T14743] usb 9-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[ 1469.243523][T14743] usb 9-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[ 1469.245845][T14743] usb 9-1: Product: syz
[ 1469.247030][T14743] usb 9-1: Manufacturer: syz
[ 1469.258025][T14743] cdc_wdm 9-1:1.0: skipping garbage
[ 1469.272615][T14743] cdc_wdm 9-1:1.0: skipping garbage
[ 1469.275471][T14743] cdc_wdm 9-1:1.0: cdc-wdm0: USB WDM device
[ 1469.279736][T14743] cdc_wdm 9-1:1.0: Unknown control protocol
[ 1469.327438][T24094] usb 12-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[ 1469.797363][T24094] usb 12-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[ 1469.800434][T24094] usb 12-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 1469.803370][T24094] usb 12-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1469.811191][T31155] raw-gadget.0 gadget.7: fail, usb_ep_enable returned -22
[ 1469.817896][T24094] usb 12-1: Quirk or no altset; falling back to MIDI 1.0
[ 1470.016024][T24094] usb 12-1: USB disconnect, device number 50
[ 1471.726004][ T2172] usb 9-1: USB disconnect, device number 51
[ 1475.981320][T31275] netlink: 'syz.4.6685': attribute type 10 has an invalid length.
[ 1476.905733][T31297] tipc: Enabling of bearer <eth:syzkaller0> rejected, already enabled
[ 1476.937742][T31300] FAULT_INJECTION: forcing a failure.
[ 1476.937742][T31300] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1476.941850][T31300] CPU: 3 UID: 0 PID: 31300 Comm: syz.7.6694 Not tainted 6.16.0-syzkaller-11489-gd2eedaa3909b #0 PREEMPT(full) 
[ 1476.941866][T31300] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 1476.941872][T31300] Call Trace:
[ 1476.941877][T31300]  <TASK>
[ 1476.941881][T31300]  dump_stack_lvl+0x16c/0x1f0
[ 1476.941900][T31300]  should_fail_ex+0x512/0x640
[ 1476.941914][T31300]  _copy_from_user+0x2e/0xd0
[ 1476.941928][T31300]  snd_seq_ioctl+0x1bf/0x410
[ 1476.941940][T31300]  ? __pfx_snd_seq_ioctl+0x10/0x10
[ 1476.941960][T31300]  ? __fget_files+0x20e/0x3c0
[ 1476.941973][T31300]  snd_seq_ioctl_compat+0xea/0x310
[ 1476.941985][T31300]  ? __pfx_snd_seq_ioctl_compat+0x10/0x10
[ 1476.941997][T31300]  __ia32_compat_sys_ioctl+0x23f/0x370
[ 1476.942015][T31300]  __do_fast_syscall_32+0x7c/0x3a0
[ 1476.942026][T31300]  do_fast_syscall_32+0x32/0x80
[ 1476.942036][T31300]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1476.942050][T31300] RIP: 0023:0xf7fa5579
[ 1476.942060][T31300] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[ 1476.942071][T31300] RSP: 002b:00000000f50c655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[ 1476.942081][T31300] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c0505350
[ 1476.942088][T31300] RDX: 0000000080000140 RSI: 0000000000000000 RDI: 0000000000000000
[ 1476.942094][T31300] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1476.942101][T31300] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[ 1476.942107][T31300] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1476.942119][T31300]  </TASK>
[ 1478.154989][T31326] random: crng reseeded on system resumption
[ 1480.738955][T31368] overlayfs: failed to resolve './file1': -2
[ 1480.900184][   T40] kauditd_printk_skb: 50 callbacks suppressed
[ 1480.900195][   T40] audit: type=1804 audit(1754634908.055:78353): pid=31375 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.5.6710" name="/newroot/588/bus/bus" dev="tmpfs" ino=3086 res=1 errno=0
[ 1480.983286][T31379] netlink: 12 bytes leftover after parsing attributes in process `syz.6.6714'.
[ 1481.160787][T31386] IPVS: set_ctl: invalid protocol: 51 172.20.20.62:20002
[ 1484.449467][T31443] netlink: 12 bytes leftover after parsing attributes in process `syz.4.6731'.
[ 1485.455834][T31468] program syz.6.6739 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1485.645570][ T1420] ieee802154 phy1 wpan1: encryption failed: -22
[ 1486.115436][T31476] overlayfs: failed to resolve './file1': -2
[ 1486.270957][T31479] netlink: 12 bytes leftover after parsing attributes in process `syz.5.6742'.
[ 1486.310212][   T40] audit: type=1804 audit(1754634913.745:78354): pid=31476 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.6741" name="/newroot/177/bus/bus" dev="tmpfs" ino=945 res=1 errno=0
[ 1490.499099][T31551] netlink: 12 bytes leftover after parsing attributes in process `syz.7.6756'.
[ 1490.854965][T31567] program syz.5.6763 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1491.645886][T17011] usb 11-1: new high-speed USB device number 43 using dummy_hcd
[ 1491.743920][ T5985] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 1491.747176][ T5985] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 1491.750719][ T5985] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 1491.754044][ T5985] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 1491.756620][ T5985] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 1491.798357][T17011] usb 11-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1491.801588][T17011] usb 11-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1491.805024][T17011] usb 11-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1491.808444][T17011] usb 11-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[ 1491.812440][T17011] usb 11-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.00
[ 1491.815282][T17011] usb 11-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1491.819373][T17011] usb 11-1: config 0 descriptor??
[ 1491.875246][T31579] chnl_net:caif_netlink_parms(): no params data found
[ 1492.213840][T17011] keytouch 0003:0926:3333.000E: fixing up Keytouch IEC report descriptor
[ 1492.219411][T17011] input: HID 0926:3333 as /devices/platform/dummy_hcd.6/usb11/11-1/11-1:0.0/0003:0926:3333.000E/input/input103
[ 1492.357647][T17011] keytouch 0003:0926:3333.000E: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.6-1/input0
[ 1492.417412][ T2172] usb 11-1: USB disconnect, device number 43
[ 1492.441204][T31590] fido_id[31590]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.6/usb11/11-1/report_descriptor': No such file or directory
[ 1492.484995][T31579] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1492.487246][T31579] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1492.489642][T31579] bridge_slave_0: entered allmulticast mode
[ 1492.494289][T31579] bridge_slave_0: entered promiscuous mode
[ 1492.500353][T31579] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1492.504155][T31579] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1492.506432][T31579] bridge_slave_1: entered allmulticast mode
[ 1492.509021][T31579] bridge_slave_1: entered promiscuous mode
[ 1492.542570][T31579] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1492.567488][T31579] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1492.597627][T31579] team0: Port device team_slave_0 added
[ 1492.600787][T31579] team0: Port device team_slave_1 added
[ 1492.650584][T31579] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1492.652789][T31579] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1492.661162][T31579] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1492.665663][T31579] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1492.667845][T31579] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1492.676727][T31579] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1492.727525][T31579] hsr_slave_0: entered promiscuous mode
[ 1492.730526][T31579] hsr_slave_1: entered promiscuous mode
[ 1492.733137][T31579] debugfs: 'hsr0' already exists in 'hsr'
[ 1492.734953][T31579] Cannot create hsr debugfs directory
[ 1493.100571][T23749] dvmrp0 (unregistering): left allmulticast mode
[ 1493.338595][T23749] bond0 (unregistering): (slave batadv0): Releasing backup interface
[ 1493.345393][T23749] bond0 (unregistering): Released all slaves
[ 1493.368791][T31616] input: syz1 as /devices/virtual/input/input104
[ 1493.419280][T23749] : left promiscuous mode
[ 1493.523012][T23749] tipc: Disabling bearer <eth:team0>
[ 1493.527229][T23749] tipc: Left network mode
[ 1493.721400][ T5985] Bluetooth: hci4: command tx timeout
[ 1493.735164][T31579] netdevsim netdevsim5 netdevsim0: renamed from eth0
[ 1493.752822][T31579] netdevsim netdevsim5 netdevsim1: renamed from eth1
[ 1493.778163][T23749] hsr_slave_0: left promiscuous mode
[ 1493.780466][T23749] hsr_slave_1: left promiscuous mode
[ 1494.905137][T31632] blktrace: Concurrent blktraces are not allowed on sg0
[ 1495.279298][T31645] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[ 1495.702818][ T5985] Bluetooth: hci4: command tx timeout
[ 1495.886025][T31579] netdevsim netdevsim5 netdevsim2: renamed from eth2
[ 1495.897880][T31579] netdevsim netdevsim5 netdevsim3: renamed from eth3
[ 1495.945022][T31579] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1495.956729][T31579] 8021q: adding VLAN 0 to HW filter on device team0
[ 1495.975907][T23734] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1495.978260][T23734] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1495.985493][T30406] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1495.988546][T30406] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1496.021283][T31658] netlink: 12 bytes leftover after parsing attributes in process `syz.6.6788'.
[ 1496.115728][T31579] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1496.189662][T23749] IPVS: stop unused estimator thread 0...
[ 1496.494999][T31579] veth0_vlan: entered promiscuous mode
[ 1496.500099][T31579] veth1_vlan: entered promiscuous mode
[ 1496.528392][T31579] veth0_macvtap: entered promiscuous mode
[ 1496.534758][T31579] veth1_macvtap: entered promiscuous mode
[ 1496.544335][T31579] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1496.550159][T31579] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1496.555846][T10314] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1496.558622][T10314] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1496.575610][T10314] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1496.579051][T10314] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1496.642261][T10314] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1496.644748][T10314] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1496.658068][T23734] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1496.660716][T23734] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1496.790884][T31688] netlink: 40 bytes leftover after parsing attributes in process `syz.5.6792'.
[ 1496.801170][T31688] tun0: tun_chr_ioctl cmd 1074025675
[ 1496.802888][T31688] tun0: persist enabled
[ 1496.804874][T31688] tun0: tun_chr_ioctl cmd 1074025675
[ 1496.806830][T31688] tun0: persist disabled
[ 1497.684352][ T5985] Bluetooth: hci4: command tx timeout
[ 1497.701428][T31719] FAULT_INJECTION: forcing a failure.
[ 1497.701428][T31719] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1497.713023][T31719] CPU: 3 UID: 0 PID: 31719 Comm: syz.5.6804 Not tainted 6.16.0-syzkaller-11489-gd2eedaa3909b #0 PREEMPT(full) 
[ 1497.713042][T31719] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 1497.713049][T31719] Call Trace:
[ 1497.713053][T31719]  <TASK>
[ 1497.713059][T31719]  dump_stack_lvl+0x16c/0x1f0
[ 1497.713080][T31719]  should_fail_ex+0x512/0x640
[ 1497.713094][T31719]  _copy_from_user+0x2e/0xd0
[ 1497.713109][T31719]  memdup_user+0x6b/0xe0
[ 1497.713126][T31719]  strndup_user+0x78/0xe0
[ 1497.713145][T31719]  __ia32_sys_mount+0x137/0x310
[ 1497.713161][T31719]  ? __pfx___ia32_sys_mount+0x10/0x10
[ 1497.713177][T31719]  ? rcu_is_watching+0x12/0xc0
[ 1497.713190][T31719]  __do_fast_syscall_32+0x7c/0x3a0
[ 1497.713203][T31719]  do_fast_syscall_32+0x32/0x80
[ 1497.713214][T31719]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1497.713228][T31719] RIP: 0023:0xf7ff1579
[ 1497.713238][T31719] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[ 1497.713250][T31719] RSP: 002b:00000000f511655c EFLAGS: 00000296 ORIG_RAX: 0000000000000015
[ 1497.713261][T31719] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000800020c0
[ 1497.713268][T31719] RDX: 0000000080002100 RSI: 0000000000000000 RDI: 0000000080002140
[ 1497.713275][T31719] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1497.713282][T31719] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[ 1497.713289][T31719] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1497.713302][T31719]  </TASK>
[ 1497.741463][T31723] fuse: Bad value for 'fd'
[ 1498.022659][T31742] netlink: 'syz.4.6812': attribute type 10 has an invalid length.
[ 1498.028135][T31742] team0: Device veth0_vlan failed to register rx_handler
[ 1498.138084][T31752] ubi: mtd0 is already attached to ubi31
[ 1498.336064][T31756] FAULT_INJECTION: forcing a failure.
[ 1498.336064][T31756] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1498.342071][T31756] CPU: 0 UID: 0 PID: 31756 Comm: syz.7.6817 Not tainted 6.16.0-syzkaller-11489-gd2eedaa3909b #0 PREEMPT(full) 
[ 1498.342087][T31756] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 1498.342094][T31756] Call Trace:
[ 1498.342098][T31756]  <TASK>
[ 1498.342103][T31756]  dump_stack_lvl+0x16c/0x1f0
[ 1498.342123][T31756]  should_fail_ex+0x512/0x640
[ 1498.342141][T31756]  _copy_to_user+0x32/0xd0
[ 1498.342155][T31756]  simple_read_from_buffer+0xcb/0x170
[ 1498.342174][T31756]  proc_fail_nth_read+0x197/0x240
[ 1498.342187][T31756]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1498.342199][T31756]  ? rw_verify_area+0xcf/0x6c0
[ 1498.342210][T31756]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1498.342220][T31756]  vfs_read+0x1e4/0xc60
[ 1498.342235][T31756]  ? __pfx_vfs_read+0x10/0x10
[ 1498.342245][T31756]  ? find_held_lock+0x2b/0x80
[ 1498.342260][T31756]  ? __fget_files+0x20e/0x3c0
[ 1498.342270][T31756]  ? handle_mm_fault+0x1c0/0xd10
[ 1498.342284][T31756]  ksys_read+0x12a/0x250
[ 1498.342296][T31756]  ? __pfx_ksys_read+0x10/0x10
[ 1498.342309][T31756]  ? rcu_is_watching+0x12/0xc0
[ 1498.342321][T31756]  __do_fast_syscall_32+0x7c/0x3a0
[ 1498.342333][T31756]  do_fast_syscall_32+0x32/0x80
[ 1498.342343][T31756]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1498.342356][T31756] RIP: 0023:0xf7fa5579
[ 1498.342365][T31756] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[ 1498.342375][T31756] RSP: 002b:00000000f50c6590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 1498.342385][T31756] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f50c6620
[ 1498.342392][T31756] RDX: 000000000000000f RSI: 00000000f7434ff4 RDI: 0000000000000000
[ 1498.342398][T31756] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[ 1498.342404][T31756] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[ 1498.342410][T31756] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1498.342423][T31756]  </TASK>
[ 1498.554998][T31759] netlink: 12 bytes leftover after parsing attributes in process `syz.7.6818'.
[ 1498.560539][T31759] netlink: 12 bytes leftover after parsing attributes in process `syz.7.6818'.
[ 1501.893104][T31829] netlink: 76 bytes leftover after parsing attributes in process `syz.6.6840'.
[ 1504.412343][T31882] zonefs (nullb0) ERROR: Not a zoned block device
[ 1504.535070][T31893] ptrace attach of "/syz-executor exec"[24626] was attempted by "/syz-executor exec"[31893]
[ 1504.540300][ T5985] Bluetooth: hci1: ACL packet for unknown connection handle 200
[ 1504.545257][T31893] 9pnet_fd: Insufficient options for proto=fd
[ 1504.549130][ T5985] Bluetooth: hci1: unexpected event for opcode 0x2035
[ 1504.587610][T31896] netlink: 24 bytes leftover after parsing attributes in process `syz.6.6856'.
[ 1504.623558][T31901] FAULT_INJECTION: forcing a failure.
[ 1504.623558][T31901] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1504.627695][T31901] CPU: 0 UID: 0 PID: 31901 Comm: syz.5.6868 Not tainted 6.16.0-syzkaller-11489-gd2eedaa3909b #0 PREEMPT(full) 
[ 1504.627722][T31901] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 1504.627729][T31901] Call Trace:
[ 1504.627734][T31901]  <TASK>
[ 1504.627739][T31901]  dump_stack_lvl+0x16c/0x1f0
[ 1504.627758][T31901]  should_fail_ex+0x512/0x640
[ 1504.627772][T31901]  _copy_from_iter+0x29f/0x16f0
[ 1504.627786][T31901]  ? __alloc_skb+0x200/0x380
[ 1504.627802][T31901]  ? __pfx__copy_from_iter+0x10/0x10
[ 1504.627821][T31901]  netlink_sendmsg+0x829/0xdd0
[ 1504.627840][T31901]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1504.627857][T31901]  ? __import_iovec+0x1dd/0x650
[ 1504.627873][T31901]  ____sys_sendmsg+0xa95/0xc70
[ 1504.627886][T31901]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1504.627898][T31901]  ? get_compat_msghdr+0x11a/0x170
[ 1504.627918][T31901]  ___sys_sendmsg+0x134/0x1d0
[ 1504.627935][T31901]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1504.627969][T31901]  ? find_held_lock+0x2b/0x80
[ 1504.627990][T31901]  __sys_sendmsg+0x16d/0x220
[ 1504.628006][T31901]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1504.628027][T31901]  ? rcu_is_watching+0x12/0xc0
[ 1504.628040][T31901]  __do_fast_syscall_32+0x7c/0x3a0
[ 1504.628051][T31901]  do_fast_syscall_32+0x32/0x80
[ 1504.628061][T31901]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1504.628075][T31901] RIP: 0023:0xf7ff1579
[ 1504.628084][T31901] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[ 1504.628094][T31901] RSP: 002b:00000000f511655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[ 1504.628104][T31901] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000580
[ 1504.628111][T31901] RDX: 0000000000040010 RSI: 0000000000000000 RDI: 0000000000000000
[ 1504.628117][T31901] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1504.628123][T31901] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[ 1504.628133][T31901] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1504.628146][T31901]  </TASK>
[ 1505.097339][T20582] Bluetooth: hci1: unexpected event for opcode 0x0c38
[ 1505.303520][T31918] netlink: 'syz.5.6864': attribute type 4 has an invalid length.
[ 1505.312764][T31918] netlink: 'syz.5.6864': attribute type 4 has an invalid length.
[ 1505.487328][T31925] ubi: mtd0 is already attached to ubi31
[ 1505.629983][T31934] zonefs (nullb0) ERROR: Not a zoned block device
[ 1505.721660][T31938] openvswitch: netlink: Flow key attr not present in new flow.
[ 1506.249541][T31956] tmpfs: Unknown parameter 'm-N:3/7N'
[ 1506.252214][T31956] tmpfs: Bad value for 'grpquota_block_hardlimit'
[ 1506.254292][ T6018] IPVS: starting estimator thread 0...
[ 1506.334165][T31957] IPVS: using max 41 ests per chain, 98400 per kthread
[ 1508.757468][   T40] audit: type=1326 audit(1754634937.313:78355): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32017 comm="syz.7.6897" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7fa5579 code=0x0
[ 1510.414280][T32056] ubi: mtd0 is already attached to ubi31
[ 1511.882893][   T40] audit: type=1326 audit(1754634940.599:78356): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32079 comm="syz.4.6914" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7fa4579 code=0x0
[ 1512.643238][T32098] FAULT_INJECTION: forcing a failure.
[ 1512.643238][T32098] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1512.648022][T32098] CPU: 3 UID: 0 PID: 32098 Comm: syz.5.6917 Not tainted 6.16.0-syzkaller-11489-gd2eedaa3909b #0 PREEMPT(full) 
[ 1512.648037][T32098] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 1512.648044][T32098] Call Trace:
[ 1512.648048][T32098]  <TASK>
[ 1512.648053][T32098]  dump_stack_lvl+0x16c/0x1f0
[ 1512.648073][T32098]  should_fail_ex+0x512/0x640
[ 1512.648087][T32098]  _copy_to_user+0x32/0xd0
[ 1512.648101][T32098]  simple_read_from_buffer+0xcb/0x170
[ 1512.648121][T32098]  proc_fail_nth_read+0x197/0x240
[ 1512.648133][T32098]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1512.648145][T32098]  ? rw_verify_area+0xcf/0x6c0
[ 1512.648156][T32098]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1512.648167][T32098]  vfs_read+0x1e4/0xc60
[ 1512.648182][T32098]  ? __pfx_vfs_read+0x10/0x10
[ 1512.648192][T32098]  ? find_held_lock+0x2b/0x80
[ 1512.648207][T32098]  ? __fget_files+0x20e/0x3c0
[ 1512.648218][T32098]  ? fput+0x60/0xd0
[ 1512.648236][T32098]  ksys_read+0x12a/0x250
[ 1512.648248][T32098]  ? __pfx_ksys_read+0x10/0x10
[ 1512.648261][T32098]  ? rcu_is_watching+0x12/0xc0
[ 1512.648274][T32098]  __do_fast_syscall_32+0x7c/0x3a0
[ 1512.648285][T32098]  do_fast_syscall_32+0x32/0x80
[ 1512.648295][T32098]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1512.648308][T32098] RIP: 0023:0xf7ff1579
[ 1512.648317][T32098] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[ 1512.648328][T32098] RSP: 002b:00000000f50f5590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 1512.648338][T32098] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 00000000f50f5620
[ 1512.648344][T32098] RDX: 000000000000000f RSI: 00000000f7484ff4 RDI: 0000000000000000
[ 1512.648351][T32098] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[ 1512.648357][T32098] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[ 1512.648363][T32098] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1512.648376][T32098]  </TASK>
[ 1512.715209][    C3] vkms_vblank_simulate: vblank timer overrun
[ 1514.430481][T32151] input: syz1 as /devices/virtual/input/input105
[ 1514.453327][T32151] netlink: 112 bytes leftover after parsing attributes in process `syz.4.6931'.
[ 1515.239178][   T40] audit: type=1326 audit(1754634944.115:78357): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32172 comm="syz.5.6938" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff1579 code=0x7ffc0000
[ 1515.240423][T32176] FAULT_INJECTION: forcing a failure.
[ 1515.240423][T32176] name failslab, interval 1, probability 0, space 0, times 0
[ 1515.248360][   T40] audit: type=1326 audit(1754634944.115:78358): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32172 comm="syz.5.6938" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7ff1579 code=0x7ffc0000
[ 1515.251759][T32176] CPU: 1 UID: 0 PID: 32176 Comm: syz.5.6938 Not tainted 6.16.0-syzkaller-11489-gd2eedaa3909b #0 PREEMPT(full) 
[ 1515.251786][T32176] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 1515.251793][T32176] Call Trace:
[ 1515.251798][T32176]  <TASK>
[ 1515.251803][T32176]  dump_stack_lvl+0x16c/0x1f0
[ 1515.251830][T32176]  should_fail_ex+0x512/0x640
[ 1515.251844][T32176]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[ 1515.251864][T32176]  should_failslab+0xc2/0x120
[ 1515.251885][T32176]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[ 1515.251899][T32176]  ? __alloc_skb+0x2b2/0x380
[ 1515.251916][T32176]  __alloc_skb+0x2b2/0x380
[ 1515.251930][T32176]  ? __pfx___alloc_skb+0x10/0x10
[ 1515.251945][T32176]  ? rcu_is_watching+0x12/0xc0
[ 1515.251961][T32176]  ? trace_kmem_cache_alloc+0x28/0xc0
[ 1515.251978][T32176]  ? audit_log_start+0x2c5/0x7f0
[ 1515.251993][T32176]  audit_log_start+0x2ea/0x7f0
[ 1515.252007][T32176]  ? __pfx_audit_log_start+0x10/0x10
[ 1515.252024][T32176]  ? migrate_enable+0x1ed/0x260
[ 1515.252040][T32176]  ? __pfx_migrate_enable+0x10/0x10
[ 1515.252058][T32176]  audit_seccomp+0x60/0x1f0
[ 1515.252071][T32176]  __seccomp_filter+0x7b6/0xea0
[ 1515.252085][T32176]  ? __pfx___seccomp_filter+0x10/0x10
[ 1515.252096][T32176]  ? handle_mm_fault+0x1c0/0xd10
[ 1515.252109][T32176]  ? fput+0x9b/0xd0
[ 1515.252123][T32176]  ? ksys_write+0x1ac/0x250
[ 1515.252137][T32176]  __secure_computing+0x215/0x320
[ 1515.252150][T32176]  syscall_trace_enter+0x89/0x240
[ 1515.252167][T32176]  __do_fast_syscall_32+0x21b/0x3a0
[ 1515.252179][T32176]  do_fast_syscall_32+0x32/0x80
[ 1515.252189][T32176]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1515.252202][T32176] RIP: 0023:0xf7ff1579
[ 1515.252224][T32176] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[ 1515.252236][T32176] RSP: 002b:00000000f50f555c EFLAGS: 00000296 ORIG_RAX: 00000000000000bb
[ 1515.252247][T32176] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000000005
[ 1515.252253][T32176] RDX: 00000000800000c0 RSI: 0000000080000504 RDI: 0000000000000000
[ 1515.252259][T32176] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1515.252265][T32176] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[ 1515.252271][T32176] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1515.252285][T32176]  </TASK>
[ 1515.272316][T32176] audit: audit_lost=1 audit_rate_limit=0 audit_backlog_limit=64
[ 1515.277241][   T40] audit: type=1326 audit(1754634944.115:78359): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32172 comm="syz.5.6938" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff1579 code=0x7ffc0000
[ 1515.288555][T32176] audit: out of memory in audit_log_start
[ 1515.290643][   T40] audit: type=1326 audit(1754634944.126:78360): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32172 comm="syz.5.6938" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7ff1579 code=0x7ffc0000
[ 1515.290692][   T40] audit: type=1326 audit(1754634944.126:78361): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32172 comm="syz.5.6938" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff1579 code=0x7ffc0000
[ 1515.370241][   T40] audit: type=1326 audit(1754634944.126:78362): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32172 comm="syz.5.6938" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7ff1579 code=0x7ffc0000
[ 1515.377319][   T40] audit: type=1326 audit(1754634944.126:78363): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32172 comm="syz.5.6938" exe="/syz-executor" sig=0 arch=40000003 syscall=4 compat=1 ip=0xf7ff1579 code=0x7ffc0000
[ 1515.385951][   T40] audit: type=1326 audit(1754634944.189:78364): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32172 comm="syz.5.6938" exe="/syz-executor" sig=0 arch=40000003 syscall=3 compat=1 ip=0xf7ff1579 code=0x7ffc0000
[ 1515.596298][ T6018] libceph: connect (1)[c::]:6789 error -101
[ 1515.598297][ T6018] libceph: mon0 (1)[c::]:6789 connect error
[ 1515.655079][T32192] ceph: No mds server is up or the cluster is laggy
[ 1515.847648][T32200] tipc: Resetting bearer <eth:team0>
[ 1515.936411][T32201] input: syz1 as /devices/virtual/input/input107
[ 1516.027410][T32201] netlink: 112 bytes leftover after parsing attributes in process `syz.6.6945'.
[ 1516.309583][T32207] netlink: 4 bytes leftover after parsing attributes in process `syz.7.6947'.
[ 1517.520364][T32249] netlink: 'syz.4.6960': attribute type 1 has an invalid length.
[ 1517.873348][T32275] loop2: detected capacity change from 0 to 7
[ 1517.881041][T32275] Dev loop2: unable to read RDB block 7
[ 1517.883321][T32275]  loop2: unable to read partition table
[ 1517.885255][T32275] loop2: partition table beyond EOD, truncated
[ 1517.887165][T32275] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑ) failed (rc=-5)
[ 1517.966225][ T5985] Bluetooth: hci4: command 0x0405 tx timeout
[ 1518.539097][T32313] FAULT_INJECTION: forcing a failure.
[ 1518.539097][T32313] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1518.543124][T32313] CPU: 3 UID: 0 PID: 32313 Comm: syz.4.6980 Not tainted 6.16.0-syzkaller-11489-gd2eedaa3909b #0 PREEMPT(full) 
[ 1518.543140][T32313] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 1518.543146][T32313] Call Trace:
[ 1518.543150][T32313]  <TASK>
[ 1518.543155][T32313]  dump_stack_lvl+0x16c/0x1f0
[ 1518.543175][T32313]  should_fail_ex+0x512/0x640
[ 1518.543189][T32313]  _copy_from_user+0x2e/0xd0
[ 1518.543203][T32313]  kstrtouint_from_user+0xd6/0x1d0
[ 1518.543219][T32313]  ? __pfx_kstrtouint_from_user+0x10/0x10
[ 1518.543234][T32313]  ? __lock_acquire+0xb97/0x1ce0
[ 1518.543259][T32313]  proc_fail_nth_write+0x83/0x220
[ 1518.543272][T32313]  ? __pfx_proc_fail_nth_write+0x10/0x10
[ 1518.543287][T32313]  ? __pfx_proc_fail_nth_write+0x10/0x10
[ 1518.543297][T32313]  vfs_write+0x29d/0x1150
[ 1518.543313][T32313]  ? __pfx_vfs_write+0x10/0x10
[ 1518.543323][T32313]  ? find_held_lock+0x2b/0x80
[ 1518.543337][T32313]  ? __fget_files+0x20e/0x3c0
[ 1518.543352][T32313]  ksys_write+0x12a/0x250
[ 1518.543364][T32313]  ? __pfx_ksys_write+0x10/0x10
[ 1518.543377][T32313]  ? rcu_is_watching+0x12/0xc0
[ 1518.543390][T32313]  __do_fast_syscall_32+0x7c/0x3a0
[ 1518.543401][T32313]  do_fast_syscall_32+0x32/0x80
[ 1518.543411][T32313]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1518.543424][T32313] RIP: 0023:0xf7fa4579
[ 1518.543433][T32313] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[ 1518.543444][T32313] RSP: 002b:00000000f50a5590 EFLAGS: 00000293 ORIG_RAX: 0000000000000004
[ 1518.543454][T32313] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000f50a5620
[ 1518.543461][T32313] RDX: 0000000000000001 RSI: 00000000f7434ff4 RDI: 0000000000000000
[ 1518.543467][T32313] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[ 1518.543473][T32313] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[ 1518.543479][T32313] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1518.543493][T32313]  </TASK>
[ 1518.606038][    C3] vkms_vblank_simulate: vblank timer overrun
[ 1519.688811][T32336] netlink: 8 bytes leftover after parsing attributes in process `syz.5.6989'.
[ 1519.691828][T32336] netlink: 8 bytes leftover after parsing attributes in process `syz.5.6989'.
[ 1519.842183][T31682] usb 12-1: new full-speed USB device number 51 using dummy_hcd
[ 1520.031569][T31682] usb 12-1: not running at top speed; connect to a high speed hub
[ 1520.108289][T32351] syz.4.6993: attempt to access beyond end of device
[ 1520.108289][T32351] loop4: rw=0, sector=0, nr_sectors = 1 limit=0
[ 1520.112464][T32351] (syz.4.6993,32351,3):ocfs2_get_sector:1714 ERROR: status = -5
[ 1520.114852][T32351] (syz.4.6993,32351,3):ocfs2_sb_probe:753 ERROR: status = -5
[ 1520.117533][T32351] (syz.4.6993,32351,2):ocfs2_fill_super:989 ERROR: superblock probe failed!
[ 1520.120183][T32351] (syz.4.6993,32351,2):ocfs2_fill_super:1177 ERROR: status = -5
[ 1520.223231][   T40] kauditd_printk_skb: 16 callbacks suppressed
[ 1520.223242][   T40] audit: type=1326 audit(1754634949.354:78381): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32349 comm="syz.4.6993" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7fa4579 code=0x0
[ 1520.228495][T31682] usb 12-1: config 1 interface 0 altsetting 0 endpoint 0x2 has invalid maxpacket 1023, setting to 64
[ 1520.518299][T31682] usb 12-1: New USB device found, idVendor=056a, idProduct=00de, bcdDevice= 0.40
[ 1520.521144][T31682] usb 12-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1520.523625][T31682] usb 12-1: Product: syz
[ 1520.524977][T31682] usb 12-1: Manufacturer: syz
[ 1520.526451][T31682] usb 12-1: SerialNumber: syz
[ 1520.530086][T32331] raw-gadget.0 gadget.7: fail, usb_ep_enable returned -22
[ 1520.684764][T32352] netlink: 4 bytes leftover after parsing attributes in process `syz.6.6992'.
[ 1520.729912][T32367] BTRFS info: 'norecovery' is for compatibility only, recommended to use 'rescue=nologreplay'
[ 1520.755985][T32367] FAULT_INJECTION: forcing a failure.
[ 1520.755985][T32367] name failslab, interval 1, probability 0, space 0, times 0
[ 1520.760020][T32367] CPU: 0 UID: 0 PID: 32367 Comm: syz.4.6997 Not tainted 6.16.0-syzkaller-11489-gd2eedaa3909b #0 PREEMPT(full) 
[ 1520.760035][T32367] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 1520.760041][T32367] Call Trace:
[ 1520.760045][T32367]  <TASK>
[ 1520.760050][T32367]  dump_stack_lvl+0x16c/0x1f0
[ 1520.760070][T32367]  should_fail_ex+0x512/0x640
[ 1520.760081][T32367]  ? fs_reclaim_acquire+0xae/0x150
[ 1520.760097][T32367]  ? tomoyo_encode2+0x100/0x3e0
[ 1520.760110][T32367]  should_failslab+0xc2/0x120
[ 1520.760124][T32367]  __kmalloc_noprof+0xd2/0x510
[ 1520.760149][T32367]  ? d_absolute_path+0x136/0x1a0
[ 1520.760167][T32367]  tomoyo_encode2+0x100/0x3e0
[ 1520.760181][T32367]  tomoyo_encode+0x29/0x50
[ 1520.760193][T32367]  tomoyo_realpath_from_path+0x18f/0x6e0
[ 1520.760211][T32367]  tomoyo_path_number_perm+0x245/0x580
[ 1520.760221][T32367]  ? tomoyo_path_number_perm+0x237/0x580
[ 1520.760233][T32367]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1520.760258][T32367]  ? find_held_lock+0x2b/0x80
[ 1520.760269][T32367]  ? hook_file_ioctl_common+0x145/0x410
[ 1520.760282][T32367]  ? __fget_files+0x20e/0x3c0
[ 1520.760296][T32367]  security_file_ioctl_compat+0x9b/0x240
[ 1520.760309][T32367]  __ia32_compat_sys_ioctl+0xc3/0x370
[ 1520.760327][T32367]  __do_fast_syscall_32+0x7c/0x3a0
[ 1520.760338][T32367]  do_fast_syscall_32+0x32/0x80
[ 1520.760348][T32367]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1520.760361][T32367] RIP: 0023:0xf7fa4579
[ 1520.760370][T32367] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[ 1520.760381][T32367] RSP: 002b:00000000f50c655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[ 1520.760391][T32367] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 0000000040946400
[ 1520.760398][T32367] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1520.760404][T32367] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1520.760410][T32367] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[ 1520.760415][T32367] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1520.760428][T32367]  </TASK>
[ 1520.760471][T32367] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1520.773867][T32370] netlink: 4 bytes leftover after parsing attributes in process `syz.5.6998'.
[ 1522.976286][T31682] usbhid 12-1:1.0: can't add hid device: -71
[ 1523.029471][T31682] usbhid 12-1:1.0: probe with driver usbhid failed with error -71
[ 1523.041640][T31682] usb 12-1: USB disconnect, device number 51
[ 1525.046523][T32447] netdevsim netdevsim6 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1525.061777][T32455] program syz.5.7024 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1525.116314][T32451] netlink: 32 bytes leftover after parsing attributes in process `syz.4.7023'.
[ 1525.144025][T32447] netdevsim netdevsim6 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1525.175050][ T1018] usb 11-1: new high-speed USB device number 44 using dummy_hcd
[ 1525.337175][ T1018] usb 11-1: Using ep0 maxpacket: 8
[ 1525.425780][ T1018] usb 11-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[ 1525.457255][ T1018] usb 11-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[ 1525.534981][ T1018] usb 11-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[ 1525.632606][ T1018] usb 11-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1525.709261][ T1018] usb 11-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[ 1525.745812][ T1018] usb 11-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1525.975098][T32447] netdevsim netdevsim6 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1526.133834][T32447] netdevsim netdevsim6 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1526.536388][T23740] netdevsim netdevsim6 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1526.549993][T23740] netdevsim netdevsim6 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1526.565502][T23740] netdevsim netdevsim6 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1526.603384][T23740] netdevsim netdevsim6 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1527.046371][T32492] FAULT_INJECTION: forcing a failure.
[ 1527.046371][T32492] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1527.051377][T32492] CPU: 1 UID: 0 PID: 32492 Comm: syz.5.7036 Not tainted 6.16.0-syzkaller-11489-gd2eedaa3909b #0 PREEMPT(full) 
[ 1527.051393][T32492] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 1527.051400][T32492] Call Trace:
[ 1527.051403][T32492]  <TASK>
[ 1527.051408][T32492]  dump_stack_lvl+0x16c/0x1f0
[ 1527.051427][T32492]  should_fail_ex+0x512/0x640
[ 1527.051440][T32492]  _copy_from_user+0x2e/0xd0
[ 1527.051454][T32492]  snd_seq_ioctl+0x1bf/0x410
[ 1527.051467][T32492]  ? __pfx_snd_seq_ioctl+0x10/0x10
[ 1527.051486][T32492]  ? __fget_files+0x20e/0x3c0
[ 1527.051500][T32492]  snd_seq_ioctl_compat+0xea/0x310
[ 1527.051525][T32492]  ? __pfx_snd_seq_ioctl_compat+0x10/0x10
[ 1527.051537][T32492]  __ia32_compat_sys_ioctl+0x23f/0x370
[ 1527.051555][T32492]  __do_fast_syscall_32+0x7c/0x3a0
[ 1527.051567][T32492]  do_fast_syscall_32+0x32/0x80
[ 1527.051577][T32492]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1527.051591][T32492] RIP: 0023:0xf7ff1579
[ 1527.051599][T32492] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[ 1527.051609][T32492] RSP: 002b:00000000f511655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[ 1527.051620][T32492] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c0bc5351
[ 1527.051627][T32492] RDX: 0000000080000500 RSI: 0000000000000000 RDI: 0000000000000000
[ 1527.051633][T32492] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1527.051639][T32492] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[ 1527.051645][T32492] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1527.051658][T32492]  </TASK>
[ 1527.118436][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1528.196757][T32515] vhci_hcd vhci_hcd.0: pdev(6) rhport(1) sockfd(14)
[ 1528.199051][T32515] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[ 1528.201869][T32515] vhci_hcd vhci_hcd.0: Device attached
[ 1528.208811][T32514] vhci_hcd vhci_hcd.0: pdev(6) rhport(0) sockfd(10)
[ 1528.211586][T32514] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[ 1528.215184][T32514] vhci_hcd vhci_hcd.0: Device attached
[ 1528.480617][ T1018] usb 11-1: usb_control_msg returned -71
[ 1528.528186][T15328] usb 49-2: new high-speed USB device number 4 using vhci_hcd
[ 1528.802091][T32517] vhci_hcd: connection reset by peer
[ 1528.805033][T32516] vhci_hcd: connection closed
[ 1528.811896][T23736] vhci_hcd: stop threads
[ 1528.878593][T23736] vhci_hcd: release socket
[ 1528.968197][T23736] vhci_hcd: disconnect device
[ 1528.970886][T23736] vhci_hcd: stop threads
[ 1529.068632][T23736] vhci_hcd: release socket
[ 1529.153278][T23736] vhci_hcd: disconnect device
[ 1529.255497][ T1018] usbtmc 11-1:16.0: can't read capabilities
[ 1529.434919][ T1018] usb 11-1: USB disconnect, device number 44
[ 1529.994759][T21847] usb 10-1: new low-speed USB device number 46 using dummy_hcd
[ 1530.151378][T21847] usb 10-1: config 1 interface 0 altsetting 37 endpoint 0x1 is Bulk; changing to Interrupt
[ 1530.154607][T21847] usb 10-1: config 1 interface 0 altsetting 37 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[ 1530.160367][T21847] usb 10-1: config 1 interface 0 has no altsetting 0
[ 1530.440213][T32556] overlayfs: workdir and upperdir must be separate subtrees
[ 1531.105215][T32589] netlink: 212364 bytes leftover after parsing attributes in process `syz.4.7066'.
[ 1531.108138][T32589] openvswitch: netlink: Message has 5 unknown bytes.
[ 1531.114311][T32589] netlink: 12 bytes leftover after parsing attributes in process `syz.4.7066'.
[ 1531.618434][    T9] usb 9-1: new high-speed USB device number 52 using dummy_hcd
[ 1531.795141][    T9] usb 9-1: Using ep0 maxpacket: 8
[ 1531.818605][    T9] usb 9-1: config 0 has an invalid interface number: 1 but max is 0
[ 1531.822883][    T9] usb 9-1: config 0 has no interface number 0
[ 1531.838250][    T9] usb 9-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1531.854127][    T9] usb 9-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[ 1531.860139][    T9] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1531.895370][    T9] usb 9-1: config 0 descriptor??
[ 1531.944908][    T9] iowarrior 9-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0
[ 1532.152397][ T1018] usb 9-1: USB disconnect, device number 52
[ 1532.628950][T21847] usb 10-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[ 1532.632148][T21847] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1532.637233][T21847] usb 10-1: can't set config #1, error -71
[ 1532.640082][T21847] usb 10-1: USB disconnect, device number 46
[ 1532.697749][T32627] FAULT_INJECTION: forcing a failure.
[ 1532.697749][T32627] name failslab, interval 1, probability 0, space 0, times 0
[ 1532.702557][T32627] CPU: 3 UID: 0 PID: 32627 Comm: syz.5.7078 Not tainted 6.16.0-syzkaller-11489-gd2eedaa3909b #0 PREEMPT(full) 
[ 1532.702573][T32627] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 1532.702580][T32627] Call Trace:
[ 1532.702585][T32627]  <TASK>
[ 1532.702590][T32627]  dump_stack_lvl+0x16c/0x1f0
[ 1532.702609][T32627]  should_fail_ex+0x512/0x640
[ 1532.702620][T32627]  ? __kmalloc_cache_noprof+0x57/0x3e0
[ 1532.702633][T32627]  should_failslab+0xc2/0x120
[ 1532.702646][T32627]  __kmalloc_cache_noprof+0x6a/0x3e0
[ 1532.702657][T32627]  ? aa_get_newest_label+0x375/0x680
[ 1532.702673][T32627]  ? v9fs_mount+0xa6/0xa90
[ 1532.702690][T32627]  v9fs_mount+0xa6/0xa90
[ 1532.702705][T32627]  ? rcu_is_watching+0x12/0xc0
[ 1532.702716][T32627]  ? __pfx_v9fs_mount+0x10/0x10
[ 1532.702732][T32627]  ? apparmor_capable+0x114/0x1d0
[ 1532.702748][T32627]  ? __pfx_v9fs_mount+0x10/0x10
[ 1532.702762][T32627]  legacy_get_tree+0x109/0x220
[ 1532.702776][T32627]  vfs_get_tree+0x8b/0x340
[ 1532.702786][T32627]  path_mount+0x1482/0x1fd0
[ 1532.702801][T32627]  ? __pfx_path_mount+0x10/0x10
[ 1532.702815][T32627]  ? kmem_cache_free+0x2d1/0x4d0
[ 1532.702827][T32627]  ? putname+0x154/0x1a0
[ 1532.702842][T32627]  ? getname_flags.part.0+0x1c5/0x550
[ 1532.702861][T32627]  ? __ia32_sys_mount+0x28b/0x310
[ 1532.702874][T32627]  __ia32_sys_mount+0x28b/0x310
[ 1532.702888][T32627]  ? __pfx___ia32_sys_mount+0x10/0x10
[ 1532.702902][T32627]  ? rcu_is_watching+0x12/0xc0
[ 1532.702915][T32627]  __do_fast_syscall_32+0x7c/0x3a0
[ 1532.702926][T32627]  do_fast_syscall_32+0x32/0x80
[ 1532.702936][T32627]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1532.702949][T32627] RIP: 0023:0xf7ff1579
[ 1532.702958][T32627] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[ 1532.702968][T32627] RSP: 002b:00000000f511655c EFLAGS: 00000296 ORIG_RAX: 0000000000000015
[ 1532.702980][T32627] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000080000200
[ 1532.702986][T32627] RDX: 0000000080004500 RSI: 0000000000000000 RDI: 0000000080000140
[ 1532.702993][T32627] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1532.702999][T32627] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[ 1532.703005][T32627] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1532.703017][T32627]  </TASK>
[ 1532.799705][T32629] netlink: 'syz.5.7079': attribute type 1 has an invalid length.
[ 1532.813680][T32629] 8021q: adding VLAN 0 to HW filter on device bond1
[ 1532.835232][T32629] bond1: (slave veth3): Enslaving as an active interface with a down link
[ 1532.843171][T32629] netlink: 16 bytes leftover after parsing attributes in process `syz.5.7079'.
[ 1533.147480][T32640] trusted_key: encrypted_key: insufficient parameters specified
[ 1533.163328][T32640] fuse: Unknown parameter 'ÿÿ0xffffffffffffffff'
[ 1533.183891][T32640] mkiss: ax0: crc mode is auto.
[ 1533.415024][T15328] vhci_hcd: vhci_device speed not set
[ 1534.140303][T32653] netlink: 'syz.6.7087': attribute type 1 has an invalid length.
[ 1534.198443][T32653] veth5: entered promiscuous mode
[ 1534.466612][T32669] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1534.539990][T32672] block device autoloading is deprecated and will be removed.
[ 1534.773476][T32669] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1534.814756][ T1018] usb 9-1: new high-speed USB device number 53 using dummy_hcd
[ 1535.124801][T32669] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1535.367217][T32669] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1535.410943][ T1018] usb 9-1: Using ep0 maxpacket: 8
[ 1535.616459][ T1018] usb 9-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[ 1535.619598][ T1018] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[ 1535.622154][ T1018] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[ 1535.636245][ T1018] usb 9-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1535.640376][ T1018] usb 9-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[ 1535.642987][ T1018] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1535.787208][T32691] tmpfs: Unknown parameter 'usrquota'
[ 1535.822648][T32693] binder: 32692:32693 unknown command 0
[ 1535.824310][T32693] binder: 32692:32693 ioctl c0306201 80000080 returned -22
[ 1535.826611][T23736] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1535.833742][T23736] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1535.840233][T23740] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1535.853333][T23740] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1535.875458][T32695] netlink: 'syz.7.7100': attribute type 1 has an invalid length.
[ 1535.979987][ T1018] usb 9-1: usb_control_msg returned -71
[ 1535.981717][ T1018] usbtmc 9-1:16.0: can't read capabilities
[ 1535.993891][ T1018] usb 9-1: USB disconnect, device number 53
[ 1536.056891][T20582] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 1536.061156][T20582] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 1536.067842][T20582] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 1536.078695][T20582] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 1536.090027][T20582] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 1536.092543][T20582] Bluetooth: hci4: Invalid handle: 0x0f00 > 0x0eff
[ 1536.134713][T25312] tipc: Resetting bearer <eth:syzkaller0>
[ 1536.145095][T25312] tipc: Disabling bearer <eth:syzkaller0>
[ 1536.199142][T23734] netdevsim netdevsim7 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1536.216692][T32697] chnl_net:caif_netlink_parms(): no params data found
[ 1536.248091][T23734] netdevsim netdevsim7 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1536.290041][T32697] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1536.293007][T32697] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1536.295362][T32697] bridge_slave_0: entered allmulticast mode
[ 1536.298053][T32697] bridge_slave_0: entered promiscuous mode
[ 1536.302973][T23734] netdevsim netdevsim7 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1536.310015][T32697] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1536.313140][T32697] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1536.315389][T32697] bridge_slave_1: entered allmulticast mode
[ 1536.318083][T32697] bridge_slave_1: entered promiscuous mode
[ 1536.348296][T32697] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1536.353511][T32697] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1536.372229][T23734] netdevsim netdevsim7 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1536.391640][T32697] team0: Port device team_slave_0 added
[ 1536.394741][T32697] team0: Port device team_slave_1 added
[ 1536.421755][T32697] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1536.423771][T32697] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1536.431323][T32697] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1536.435532][T32697] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1536.437512][T32697] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1536.445195][T32697] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1536.536851][T32718] netlink: 8 bytes leftover after parsing attributes in process `syz.6.7106'.
[ 1536.539824][T32718] netlink: 8 bytes leftover after parsing attributes in process `syz.6.7106'.
[ 1536.639370][T32697] hsr_slave_0: entered promiscuous mode
[ 1536.639648][T32728] trusted_key: encrypted_key: insufficient parameters specified
[ 1536.641718][T32697] hsr_slave_1: entered promiscuous mode
[ 1536.642323][T32726] netlink: 8 bytes leftover after parsing attributes in process `syz.5.7115'.
[ 1536.642337][T32726] netlink: 8 bytes leftover after parsing attributes in process `syz.5.7115'.
[ 1536.658782][T32728] fuse: Unknown parameter 'ÿÿ0xffffffffffffffff'
[ 1536.675974][T32731] netlink: 8 bytes leftover after parsing attributes in process `syz.5.7110'.
[ 1536.679140][T32731] netlink: 8 bytes leftover after parsing attributes in process `syz.5.7110'.
[ 1536.680561][T32733] FAULT_INJECTION: forcing a failure.
[ 1536.680561][T32733] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1536.686643][T32733] CPU: 0 UID: 0 PID: 32733 Comm: syz.4.7111 Not tainted 6.16.0-syzkaller-11489-gd2eedaa3909b #0 PREEMPT(full) 
[ 1536.686658][T32733] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 1536.686665][T32733] Call Trace:
[ 1536.686668][T32733]  <TASK>
[ 1536.686673][T32733]  dump_stack_lvl+0x16c/0x1f0
[ 1536.686693][T32733]  should_fail_ex+0x512/0x640
[ 1536.686707][T32733]  _copy_to_user+0x32/0xd0
[ 1536.686721][T32733]  simple_read_from_buffer+0xcb/0x170
[ 1536.686740][T32733]  proc_fail_nth_read+0x197/0x240
[ 1536.686756][T32733]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1536.686769][T32733]  ? rw_verify_area+0xcf/0x6c0
[ 1536.686779][T32733]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1536.686791][T32733]  vfs_read+0x1e4/0xc60
[ 1536.686816][T32733]  ? __pfx_vfs_read+0x10/0x10
[ 1536.686829][T32733]  ? find_held_lock+0x2b/0x80
[ 1536.686844][T32733]  ? __fget_files+0x20e/0x3c0
[ 1536.686860][T32733]  ksys_read+0x12a/0x250
[ 1536.686871][T32733]  ? __pfx_ksys_read+0x10/0x10
[ 1536.686883][T32733]  ? fput+0x9b/0xd0
[ 1536.686897][T32733]  ? rcu_is_watching+0x12/0xc0
[ 1536.686910][T32733]  __do_fast_syscall_32+0x7c/0x3a0
[ 1536.686921][T32733]  do_fast_syscall_32+0x32/0x80
[ 1536.686931][T32733]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1536.686944][T32733] RIP: 0023:0xf7fa4579
[ 1536.686954][T32733] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[ 1536.686965][T32733] RSP: 002b:00000000f50c6590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 1536.686975][T32733] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f50c6620
[ 1536.686981][T32733] RDX: 000000000000000f RSI: 00000000f7434ff4 RDI: 0000000000000000
[ 1536.686987][T32733] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[ 1536.686993][T32733] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[ 1536.686999][T32733] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1536.687012][T32733]  </TASK>
[ 1536.849565][T32748] netlink: 8 bytes leftover after parsing attributes in process `syz.4.7122'.
[ 1536.854870][T32748] netlink: 8 bytes leftover after parsing attributes in process `syz.4.7122'.
[ 1537.135406][T23734] bond0 (unregistering): Released all slaves
[ 1537.261759][T32754] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1537.291447][T32735] mkiss: ax0: crc mode is auto.
[ 1537.300548][T23734] tipc: Disabling bearer <eth:team0>
[ 1537.303663][T23734] tipc: Left network mode
[ 1537.330043][ T6045] usb 10-1: new high-speed USB device number 47 using dummy_hcd
[ 1537.357067][T32754] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1537.450576][T32754] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1537.472937][ T6045] usb 10-1: Using ep0 maxpacket: 8
[ 1537.476041][ T6045] usb 10-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[ 1537.479466][ T6045] usb 10-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[ 1537.482784][ T6045] usb 10-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[ 1537.485885][ T6045] usb 10-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1537.489855][ T6045] usb 10-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[ 1537.493325][ T6045] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1537.524404][T23734] hsr_slave_0: left promiscuous mode
[ 1537.527947][T23734] hsr_slave_1: left promiscuous mode
[ 1537.565394][T23734] veth1_macvtap: left promiscuous mode
[ 1537.567201][T23734] veth0_macvtap: left allmulticast mode
[ 1537.569238][T23734] veth0_macvtap: left promiscuous mode
[ 1537.571028][T23734] veth1_vlan: left promiscuous mode
[ 1538.084066][T20582] Bluetooth: hci3: command tx timeout
[ 1539.117309][T32762] netlink: 8 bytes leftover after parsing attributes in process `syz.4.7119'.
[ 1539.120183][T32762] netlink: 8 bytes leftover after parsing attributes in process `syz.4.7119'.
[ 1539.471111][T32754] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1539.486034][  T307] FAULT_INJECTION: forcing a failure.
[ 1539.486034][  T307] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1539.490862][  T307] CPU: 0 UID: 0 PID: 307 Comm: syz.4.7124 Not tainted 6.16.0-syzkaller-11489-gd2eedaa3909b #0 PREEMPT(full) 
[ 1539.490878][  T307] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 1539.490885][  T307] Call Trace:
[ 1539.490889][  T307]  <TASK>
[ 1539.490894][  T307]  dump_stack_lvl+0x16c/0x1f0
[ 1539.490915][  T307]  should_fail_ex+0x512/0x640
[ 1539.490929][  T307]  _copy_to_user+0x32/0xd0
[ 1539.490943][  T307]  simple_read_from_buffer+0xcb/0x170
[ 1539.490975][  T307]  proc_fail_nth_read+0x197/0x240
[ 1539.490988][  T307]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1539.491000][  T307]  ? rw_verify_area+0xcf/0x6c0
[ 1539.491010][  T307]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1539.491022][  T307]  vfs_read+0x1e4/0xc60
[ 1539.491036][  T307]  ? __pfx_vfs_read+0x10/0x10
[ 1539.491047][  T307]  ? find_held_lock+0x2b/0x80
[ 1539.491061][  T307]  ? __fget_files+0x20e/0x3c0
[ 1539.491076][  T307]  ksys_read+0x12a/0x250
[ 1539.491088][  T307]  ? __pfx_ksys_read+0x10/0x10
[ 1539.491100][  T307]  ? rcu_is_watching+0x12/0xc0
[ 1539.491113][  T307]  __do_fast_syscall_32+0x7c/0x3a0
[ 1539.491125][  T307]  do_fast_syscall_32+0x32/0x80
[ 1539.491135][  T307]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1539.491148][  T307] RIP: 0023:0xf7fa4579
[ 1539.491157][  T307] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[ 1539.491167][  T307] RSP: 002b:00000000f50c6590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 1539.491178][  T307] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f50c6620
[ 1539.491185][  T307] RDX: 000000000000000f RSI: 00000000f7434ff4 RDI: 0000000000000000
[ 1539.491191][  T307] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000
[ 1539.491197][  T307] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[ 1539.491204][  T307] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1539.491217][  T307]  </TASK>
[ 1539.741363][  T313] trusted_key: encrypted_key: insufficient parameters specified
[ 1539.760745][T23751] netdevsim netdevsim5 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1539.761913][  T313] fuse: Unknown parameter 'ÿÿ0xffffffffffffffff'
[ 1539.770556][T23751] netdevsim netdevsim5 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1539.779210][T23751] netdevsim netdevsim5 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1539.808980][T23736] netdevsim netdevsim5 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1539.837618][  T313] mkiss: ax0: crc mode is auto.
[ 1539.897869][ T6045] usb 10-1: usb_control_msg returned -71
[ 1539.899672][ T6045] usbtmc 10-1:16.0: can't read capabilities
[ 1539.916277][ T6045] usb 10-1: USB disconnect, device number 47
[ 1539.955814][T32697] netdevsim netdevsim7 netdevsim0: renamed from eth0
[ 1539.961652][T32697] netdevsim netdevsim7 netdevsim1: renamed from eth1
[ 1539.965753][T32697] netdevsim netdevsim7 netdevsim2: renamed from eth2
[ 1539.970822][T32697] netdevsim netdevsim7 netdevsim3: renamed from eth3
[ 1540.034551][T32697] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1540.044189][T32697] 8021q: adding VLAN 0 to HW filter on device team0
[ 1540.051399][T31757] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1540.053642][T31757] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1540.054316][T20582] Bluetooth: hci3: command tx timeout
[ 1540.060678][T31757] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1540.063757][T31757] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1540.191070][T32697] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1540.323788][T32697] veth0_vlan: entered promiscuous mode
[ 1540.330498][T32697] veth1_vlan: entered promiscuous mode
[ 1540.345601][T32697] veth0_macvtap: entered promiscuous mode
[ 1540.350951][T32697] veth1_macvtap: entered promiscuous mode
[ 1540.358899][T32697] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1540.366660][T32697] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1540.372477][T23751] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1540.375342][T23751] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1540.379638][T23751] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1540.382539][T23751] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1540.449802][T23749] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1540.459173][T23749] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1540.485472][T23751] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1540.488196][T23751] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1540.669662][T25406] tipc: Resetting bearer <eth:syzkaller0>
[ 1540.720136][T25406] tipc: Disabling bearer <eth:syzkaller0>
[ 1540.828683][ T5985] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 1540.833575][ T5985] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 1540.849879][ T5985] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 1540.854876][ T5985] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 1540.869612][ T5985] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 1540.935019][  T368] netlink: 'syz.5.7139': attribute type 2 has an invalid length.
[ 1540.966070][T23736] netdevsim netdevsim6 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1541.024261][  T363] chnl_net:caif_netlink_parms(): no params data found
[ 1541.064847][T23736] netdevsim netdevsim6 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1541.106403][  T363] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1541.108705][  T363] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1541.110937][  T363] bridge_slave_0: entered allmulticast mode
[ 1541.114488][  T363] bridge_slave_0: entered promiscuous mode
[ 1541.117735][  T363] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1541.120296][  T363] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1541.124066][  T363] bridge_slave_1: entered allmulticast mode
[ 1541.126651][  T363] bridge_slave_1: entered promiscuous mode
[ 1541.163623][T23736] netdevsim netdevsim6 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1541.174646][  T363] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1541.179621][  T363] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1541.214413][  T363] team0: Port device team_slave_0 added
[ 1541.222176][  T363] team0: Port device team_slave_1 added
[ 1541.242028][T23736] netdevsim netdevsim6 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1541.263382][  T363] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1541.267013][  T363] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1541.275839][  T363] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1541.280598][  T363] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1541.282798][  T363] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1541.290806][  T363] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1541.339888][  T363] hsr_slave_0: entered promiscuous mode
[ 1541.342927][  T363] hsr_slave_1: entered promiscuous mode
[ 1541.345043][  T363] debugfs: 'hsr0' already exists in 'hsr'
[ 1541.346859][  T363] Cannot create hsr debugfs directory
[ 1541.760177][T23736] bond1 (unregistering): (slave bridge0): Releasing active interface
[ 1541.842260][  T394] __nla_validate_parse: 5 callbacks suppressed
[ 1541.842271][  T394] netlink: 4 bytes leftover after parsing attributes in process `syz.5.7145'.
[ 1541.972664][T23736] bond0 (unregistering): (slave batadv0): Releasing backup interface
[ 1541.982951][T23736] bond0 (unregistering): Released all slaves
[ 1542.005816][T23736] bond1 (unregistering): Released all slaves
[ 1542.023710][T23736] bond2 (unregistering): Released all slaves
[ 1542.037044][T20582] Bluetooth: hci3: command tx timeout
[ 1542.068461][  T405] netlink: 'syz.4.7147': attribute type 1 has an invalid length.
[ 1542.083173][T15328] usb 12-1: new high-speed USB device number 52 using dummy_hcd
[ 1542.147224][  T391] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1542.183656][T23736] : left promiscuous mode
[ 1542.237273][T15328] usb 12-1: Using ep0 maxpacket: 8
[ 1542.290041][T15328] usb 12-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[ 1542.298117][T15328] usb 12-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[ 1542.301284][T15328] usb 12-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[ 1542.304447][T15328] usb 12-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1542.308329][T15328] usb 12-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[ 1542.311008][T15328] usb 12-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1542.340437][T23736] tipc: Disabling bearer <udp:syz1>
[ 1542.342873][T23736] tipc: Left network mode
[ 1542.788170][  T391] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1542.797328][T20582] Bluetooth: hci1: command tx timeout
[ 1542.976059][T23736] hsr_slave_0: left promiscuous mode
[ 1542.978910][T23736] hsr_slave_1: left promiscuous mode
[ 1543.003633][T23736] veth1_macvtap: left promiscuous mode
[ 1543.005432][T23736] veth0_macvtap: left allmulticast mode
[ 1543.010104][T23736] veth0_macvtap: left promiscuous mode
[ 1543.012124][T23736] veth1_vlan: left promiscuous mode
[ 1543.013823][T23736] veth0_vlan: left promiscuous mode
[ 1544.017695][T20582] Bluetooth: hci3: command tx timeout
[ 1544.180605][ T1420] ieee802154 phy1 wpan1: encryption failed: -22
[ 1544.776774][  T391] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1544.790280][T20582] Bluetooth: hci1: command tx timeout
[ 1544.868248][  T391] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1544.881739][  T363] netdevsim netdevsim6 netdevsim0: renamed from eth0
[ 1544.887544][  T363] netdevsim netdevsim6 netdevsim1: renamed from eth1
[ 1544.891447][  T363] netdevsim netdevsim6 netdevsim2: renamed from eth2
[ 1544.897967][  T363] netdevsim netdevsim6 netdevsim3: renamed from eth3
[ 1544.950070][  T363] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1544.959112][  T363] 8021q: adding VLAN 0 to HW filter on device team0
[ 1544.965701][T23734] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1544.967946][T23734] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1544.978446][T23734] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1544.980817][T23734] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1545.025663][T10314] netdevsim netdevsim7 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1545.035286][T23734] netdevsim netdevsim7 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1545.043443][T23734] netdevsim netdevsim7 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1545.054114][T23734] netdevsim netdevsim7 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1545.059806][T23736] IPVS: stop unused estimator thread 0...
[ 1545.084173][T15328] usb 12-1: usb_control_msg returned -71
[ 1545.087408][T15328] usbtmc 12-1:16.0: can't read capabilities
[ 1545.093072][T15328] usb 12-1: USB disconnect, device number 52
[ 1545.111772][  T363] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1545.232264][  T363] veth0_vlan: entered promiscuous mode
[ 1545.237931][  T363] veth1_vlan: entered promiscuous mode
[ 1545.252518][  T363] veth0_macvtap: entered promiscuous mode
[ 1545.257810][  T363] veth1_macvtap: entered promiscuous mode
[ 1545.266860][  T363] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1545.273273][  T363] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1545.279421][T10314] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1545.282236][T10314] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1545.285757][T10314] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1545.288486][T10314] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1545.319320][T23734] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1545.322362][T23734] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1545.333358][T23734] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1545.335791][T23734] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1545.421050][  T442] veth1_to_bond: entered allmulticast mode
[ 1545.425342][  T442] ubi31: detaching mtd0
[ 1545.433695][  T442] ubi31: mtd0 is detached
[ 1545.640333][  T446] trusted_key: encrypted_key: insufficient parameters specified
[ 1545.657093][  T446] fuse: Unknown parameter 'ÿÿ0xffffffffffffffff'
[ 1545.683355][  T446] mkiss: ax0: crc mode is auto.
[ 1546.145465][  T450] random: crng reseeded on system resumption
[ 1546.160981][  T436] veth1_to_bond: left allmulticast mode
[ 1546.760291][T20582] Bluetooth: hci1: command tx timeout
[ 1546.853939][  T460] vhci_hcd vhci_hcd.0: pdev(5) rhport(1) sockfd(14)
[ 1546.856076][  T460] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[ 1546.858907][  T460] vhci_hcd vhci_hcd.0: Device attached
[ 1546.867421][  T459] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(10)
[ 1546.869536][  T459] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[ 1546.871977][  T459] vhci_hcd vhci_hcd.0: Device attached
[ 1547.193598][  T463] vhci_hcd: connection closed
[ 1547.197641][T10314] vhci_hcd: stop threads
[ 1547.214032][T10314] vhci_hcd: release socket
[ 1547.222108][T10314] vhci_hcd: disconnect device
[ 1547.303642][  T462] vhci_hcd: connection closed
[ 1547.307675][T10314] vhci_hcd: stop threads
[ 1547.311203][T10314] vhci_hcd: release socket
[ 1547.331630][T10314] vhci_hcd: disconnect device
[ 1547.910535][  T473] netlink: 16 bytes leftover after parsing attributes in process `syz.6.7157'.
[ 1548.743171][T20582] Bluetooth: hci1: command tx timeout
[ 1549.437664][  T474] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1549.440112][  T474] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1549.486375][  T474] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1549.494118][  T474] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1549.640107][T23751] netdevsim netdevsim6 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1549.643793][T23751] netdevsim netdevsim6 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1549.660381][T23751] netdevsim netdevsim6 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1549.668317][T23751] netdevsim netdevsim6 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1549.672004][  T490] FAULT_INJECTION: forcing a failure.
[ 1549.672004][  T490] name failslab, interval 1, probability 0, space 0, times 0
[ 1549.676702][  T490] CPU: 3 UID: 0 PID: 490 Comm: syz.6.7165 Not tainted 6.16.0-syzkaller-11489-gd2eedaa3909b #0 PREEMPT(full) 
[ 1549.676719][  T490] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 1549.676726][  T490] Call Trace:
[ 1549.676730][  T490]  <TASK>
[ 1549.676735][  T490]  dump_stack_lvl+0x16c/0x1f0
[ 1549.676756][  T490]  should_fail_ex+0x512/0x640
[ 1549.676768][  T490]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[ 1549.676784][  T490]  should_failslab+0xc2/0x120
[ 1549.676799][  T490]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[ 1549.676812][  T490]  ? __alloc_skb+0x2b2/0x380
[ 1549.676830][  T490]  __alloc_skb+0x2b2/0x380
[ 1549.676846][  T490]  ? __pfx___alloc_skb+0x10/0x10
[ 1549.676863][  T490]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[ 1549.676889][  T490]  netlink_alloc_large_skb+0x69/0x130
[ 1549.676907][  T490]  netlink_sendmsg+0x6a1/0xdd0
[ 1549.676927][  T490]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1549.676945][  T490]  ? __import_iovec+0x1dd/0x650
[ 1549.676962][  T490]  ____sys_sendmsg+0xa95/0xc70
[ 1549.676976][  T490]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1549.676988][  T490]  ? get_compat_msghdr+0x11a/0x170
[ 1549.677010][  T490]  ___sys_sendmsg+0x134/0x1d0
[ 1549.677027][  T490]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1549.677050][  T490]  ? find_held_lock+0x2b/0x80
[ 1549.677071][  T490]  __sys_sendmsg+0x16d/0x220
[ 1549.677088][  T490]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1549.677110][  T490]  ? rcu_is_watching+0x12/0xc0
[ 1549.677124][  T490]  __do_fast_syscall_32+0x7c/0x3a0
[ 1549.677136][  T490]  do_fast_syscall_32+0x32/0x80
[ 1549.677146][  T490]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1549.677160][  T490] RIP: 0023:0xf7f26579
[ 1549.677170][  T490] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[ 1549.677181][  T490] RSP: 002b:00000000f504655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[ 1549.677191][  T490] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000080
[ 1549.677198][  T490] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1549.677204][  T490] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1549.677210][  T490] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[ 1549.677217][  T490] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1549.677229][  T490]  </TASK>
[ 1549.775083][  T498] sp0: Synchronizing with TNC
[ 1549.816470][  T498] netlink: 8 bytes leftover after parsing attributes in process `syz.6.7167'.
[ 1549.903397][  T341] usb 9-1: new full-speed USB device number 54 using dummy_hcd
[ 1550.031846][  T513] vivid-007: =================  START STATUS  =================
[ 1550.034636][  T513] vivid-007: Enable Output Cropping: true
[ 1550.036481][  T513] vivid-007: Enable Output Composing: true
[ 1550.038485][  T513] vivid-007: Enable Output Scaler: true
[ 1550.040262][  T513] vivid-007: Tx RGB Quantization Range: Automatic
[ 1550.042394][  T513] vivid-007: Transmit Mode: HDMI
[ 1550.044035][  T513] vivid-007: Hotplug Present: 0x00000000
[ 1550.045871][  T513] vivid-007: RxSense Present: 0x00000000
[ 1550.047715][  T513] vivid-007: EDID Present: 0x00000000
[ 1550.049490][  T513] vivid-007: ==================  END STATUS  ==================
[ 1550.057803][  T513] netlink: 4 bytes leftover after parsing attributes in process `syz.7.7171'.
[ 1550.113678][T31689] hid_parser_main: 5 callbacks suppressed
[ 1550.113692][T31689] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0
[ 1550.119433][T31689] hid-generic 0000:0000:0000.000F: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[ 1550.814062][  T341] usb 9-1: config 0 has an invalid interface number: 133 but max is 0
[ 1550.817431][  T341] usb 9-1: config 0 has no interface number 0
[ 1550.819545][  T341] usb 9-1: config 0 interface 133 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[ 1550.827348][  T341] usb 9-1: New USB device found, idVendor=06cd, idProduct=0121, bcdDevice=dd.3d
[ 1550.831601][  T341] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1550.835191][  T341] usb 9-1: Product: syz
[ 1550.837774][  T341] usb 9-1: Manufacturer: syz
[ 1550.839731][  T341] usb 9-1: SerialNumber: syz
[ 1550.845334][  T341] usb 9-1: config 0 descriptor??
[ 1550.906316][  T531] netlink: 4 bytes leftover after parsing attributes in process `syz.7.7177'.
[ 1551.052185][  T489] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1551.059375][  T489] syzkaller0: entered promiscuous mode
[ 1551.061192][  T489] syzkaller0: entered allmulticast mode
[ 1551.103062][  T489] tipc: Resetting bearer <eth:syzkaller0>
[ 1551.116642][T20582] Bluetooth: hci2: ACL packet for unknown connection handle 200
[ 1551.121714][  T483] tipc: Resetting bearer <eth:syzkaller0>
[ 1551.147330][  T483] tipc: Disabling bearer <eth:syzkaller0>
[ 1551.210740][  T341] keyspan 9-1:0.133: Keyspan 1 port adapter converter detected
[ 1551.220565][  T341] keyspan 9-1:0.133: unsupported endpoint type 0
[ 1551.228752][  T341] keyspan 9-1:0.133: found no endpoint descriptor for endpoint 81
[ 1551.236011][  T341] keyspan 9-1:0.133: found no endpoint descriptor for endpoint 1
[ 1551.243363][  T341] keyspan 9-1:0.133: found no endpoint descriptor for endpoint 2
[ 1551.251566][  T341] usb 9-1: Keyspan 1 port adapter converter now attached to ttyUSB0
[ 1551.271236][  T341] usb 9-1: USB disconnect, device number 54
[ 1551.285226][  T341] keyspan_1 ttyUSB0: Keyspan 1 port adapter converter now disconnected from ttyUSB0
[ 1551.289954][  T341] keyspan 9-1:0.133: device disconnected
[ 1551.664285][  T561] netlink: 'syz.7.7185': attribute type 10 has an invalid length.
[ 1551.679749][  T561] 8021q: adding VLAN 0 to HW filter on device team0
[ 1551.683572][  T561] bond0: (slave team0): Enslaving as an active interface with an up link
[ 1551.915180][  T572] netlink: 8 bytes leftover after parsing attributes in process `syz.4.7189'.
[ 1551.918057][  T572] netlink: 8 bytes leftover after parsing attributes in process `syz.4.7189'.
[ 1552.862668][  T581] FAULT_INJECTION: forcing a failure.
[ 1552.862668][  T581] name failslab, interval 1, probability 0, space 0, times 0
[ 1552.868881][  T581] CPU: 3 UID: 0 PID: 581 Comm: syz.7.7192 Not tainted 6.16.0-syzkaller-11489-gd2eedaa3909b #0 PREEMPT(full) 
[ 1552.868922][  T581] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 1552.868934][  T581] Call Trace:
[ 1552.868941][  T581]  <TASK>
[ 1552.868949][  T581]  dump_stack_lvl+0x16c/0x1f0
[ 1552.868981][  T581]  should_fail_ex+0x512/0x640
[ 1552.869001][  T581]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[ 1552.869024][  T581]  should_failslab+0xc2/0x120
[ 1552.869050][  T581]  kmem_cache_alloc_noprof+0x6d/0x3b0
[ 1552.869068][  T581]  ? __might_fault+0x13b/0x190
[ 1552.869089][  T581]  ? getname_flags.part.0+0x4c/0x550
[ 1552.869119][  T581]  getname_flags.part.0+0x4c/0x550
[ 1552.869149][  T581]  getname_flags+0x93/0xf0
[ 1552.869167][  T581]  user_path_at+0x24/0x60
[ 1552.869187][  T581]  __ia32_sys_mount+0x1fb/0x310
[ 1552.869211][  T581]  ? __pfx___ia32_sys_mount+0x10/0x10
[ 1552.869236][  T581]  ? rcu_is_watching+0x12/0xc0
[ 1552.869258][  T581]  __do_fast_syscall_32+0x7c/0x3a0
[ 1552.869277][  T581]  do_fast_syscall_32+0x32/0x80
[ 1552.869296][  T581]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1552.869317][  T581] RIP: 0023:0xf7fa5579
[ 1552.869332][  T581] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[ 1552.869349][  T581] RSP: 002b:00000000f50c655c EFLAGS: 00000296 ORIG_RAX: 0000000000000015
[ 1552.869367][  T581] RAX: ffffffffffffffda RBX: 0000000080000040 RCX: 0000000080000340
[ 1552.869379][  T581] RDX: 0000000000000000 RSI: 000000000020887b RDI: 0000000000000000
[ 1552.869389][  T581] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1552.869399][  T581] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[ 1552.869410][  T581] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1552.869434][  T581]  </TASK>
[ 1553.810465][  T593] binder: BINDER_SET_CONTEXT_MGR already set
[ 1553.816463][  T593] binder: 591:593 ioctl 4018620d 80004a80 returned -16
[ 1553.970304][  T603] netlink: 12 bytes leftover after parsing attributes in process `syz.6.7199'.
[ 1555.295531][  T633] Bluetooth: MGMT ver 1.23
[ 1555.300754][  T633] wg2: entered promiscuous mode
[ 1555.302784][  T633] wg2: entered allmulticast mode
[ 1555.761538][T16313] usb 12-1: new high-speed USB device number 53 using dummy_hcd
[ 1555.915953][T16313] usb 12-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1555.920190][T16313] usb 12-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1555.925139][T16313] usb 12-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1555.929204][T16313] usb 12-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[ 1555.934653][T16313] usb 12-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.00
[ 1555.937767][T16313] usb 12-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1555.944575][T16313] usb 12-1: config 0 descriptor??
[ 1556.281776][  T645] netlink: 8 bytes leftover after parsing attributes in process `syz.5.7213'.
[ 1556.284691][  T645] netlink: 8 bytes leftover after parsing attributes in process `syz.5.7213'.
[ 1556.377268][  T643] netlink: 16 bytes leftover after parsing attributes in process `syz.7.7212'.
[ 1556.381340][  T643] netlink: 104 bytes leftover after parsing attributes in process `syz.7.7212'.
[ 1556.384370][  T643] netlink: 104 bytes leftover after parsing attributes in process `syz.7.7212'.
[ 1556.559075][  T657] netlink: 16 bytes leftover after parsing attributes in process `syz.5.7215'.
[ 1556.623508][  T657] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1556.626113][  T657] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1556.644980][T16313] usbhid 12-1:0.0: can't add hid device: -71
[ 1556.646966][T16313] usbhid 12-1:0.0: probe with driver usbhid failed with error -71
[ 1556.650577][T16313] usb 12-1: USB disconnect, device number 53
[ 1556.745302][  T657] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1556.752300][  T657] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1556.858415][T23734] netdevsim netdevsim5 eth0: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1556.861198][T23734] netdevsim netdevsim5 eth1: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1556.864227][T23734] netdevsim netdevsim5 eth2: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1556.866974][T23734] netdevsim netdevsim5 eth3: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1556.932461][  T661] netlink: 132 bytes leftover after parsing attributes in process `syz.6.7218'.
[ 1557.308890][  T678] FAULT_INJECTION: forcing a failure.
[ 1557.308890][  T678] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1557.324308][  T678] CPU: 0 UID: 0 PID: 678 Comm: syz.4.7224 Not tainted 6.16.0-syzkaller-11489-gd2eedaa3909b #0 PREEMPT(full) 
[ 1557.324336][  T678] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 1557.324348][  T678] Call Trace:
[ 1557.324354][  T678]  <TASK>
[ 1557.324360][  T678]  dump_stack_lvl+0x16c/0x1f0
[ 1557.324413][  T678]  should_fail_ex+0x512/0x640
[ 1557.324432][  T678]  _copy_from_user+0x2e/0xd0
[ 1557.324456][  T678]  vmci_host_unlocked_ioctl+0xd65/0x2040
[ 1557.324487][  T678]  ? __pfx_vmci_host_unlocked_ioctl+0x10/0x10
[ 1557.324518][  T678]  ? __sanitizer_cov_trace_switch+0x54/0x90
[ 1557.324545][  T678]  ? do_vfs_ioctl+0x128/0x14f0
[ 1557.324573][  T678]  ? __pfx_do_vfs_ioctl+0x10/0x10
[ 1557.324605][  T678]  ? find_held_lock+0x2b/0x80
[ 1557.324621][  T678]  ? hook_file_ioctl_common+0x145/0x410
[ 1557.324642][  T678]  ? __fget_files+0x20e/0x3c0
[ 1557.324658][  T678]  ? __pfx_vmci_host_unlocked_ioctl+0x10/0x10
[ 1557.324677][  T678]  compat_ptr_ioctl+0x6b/0xa0
[ 1557.324693][  T678]  ? __pfx_compat_ptr_ioctl+0x10/0x10
[ 1557.324709][  T678]  __ia32_compat_sys_ioctl+0x23f/0x370
[ 1557.324728][  T678]  __do_fast_syscall_32+0x7c/0x3a0
[ 1557.324741][  T678]  do_fast_syscall_32+0x32/0x80
[ 1557.324751][  T678]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1557.324765][  T678] RIP: 0023:0xf7fa4579
[ 1557.324775][  T678] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[ 1557.324786][  T678] RSP: 002b:00000000f50c655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[ 1557.324798][  T678] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000000007a4
[ 1557.324806][  T678] RDX: 0000000080000180 RSI: 0000000000000000 RDI: 0000000000000000
[ 1557.324813][  T678] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1557.324819][  T678] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[ 1557.324828][  T678] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1557.324848][  T678]  </TASK>
[ 1557.564164][  T676] block device autoloading is deprecated and will be removed.
[ 1557.566732][  T676] syz.6.7221: attempt to access beyond end of device
[ 1557.566732][  T676] md0: rw=2048, sector=3656, nr_sectors = 8 limit=0
[ 1557.891802][  T695] netlink: 'syz.5.7226': attribute type 16 has an invalid length.
[ 1557.894382][  T695] netlink: 48 bytes leftover after parsing attributes in process `syz.5.7226'.
[ 1557.899261][  T695] netlink: 32 bytes leftover after parsing attributes in process `syz.5.7226'.
[ 1559.467641][T15328] usb 9-1: new high-speed USB device number 55 using dummy_hcd
[ 1559.619890][T15328] usb 9-1: Using ep0 maxpacket: 8
[ 1559.696158][T15328] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1559.699444][T15328] usb 9-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[ 1559.705455][T15328] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1559.724649][T15328] usb 9-1: config 0 descriptor??
[ 1560.107431][  T780] netlink: 'syz.7.7240': attribute type 16 has an invalid length.
[ 1560.110055][  T780] netlink: 48 bytes leftover after parsing attributes in process `syz.7.7240'.
[ 1560.120753][  T780] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1560.169094][  T780] netlink: 32 bytes leftover after parsing attributes in process `syz.7.7240'.
[ 1560.776851][  T815] fuse: Bad value for 'fd'
[ 1560.780107][T15328] iowarrior 9-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[ 1560.908039][  T823] FAULT_INJECTION: forcing a failure.
[ 1560.908039][  T823] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1560.912215][  T823] CPU: 2 UID: 0 PID: 823 Comm: syz.6.7246 Not tainted 6.16.0-syzkaller-11489-gd2eedaa3909b #0 PREEMPT(full) 
[ 1560.912230][  T823] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 1560.912237][  T823] Call Trace:
[ 1560.912241][  T823]  <TASK>
[ 1560.912246][  T823]  dump_stack_lvl+0x16c/0x1f0
[ 1560.912266][  T823]  should_fail_ex+0x512/0x640
[ 1560.912280][  T823]  _copy_from_user+0x2e/0xd0
[ 1560.912293][  T823]  drm_ioctl+0x4fb/0xc30
[ 1560.912308][  T823]  ? __pfx_drm_setmaster_ioctl+0x10/0x10
[ 1560.912325][  T823]  ? __pfx_drm_ioctl+0x10/0x10
[ 1560.912361][  T823]  drm_compat_ioctl+0x327/0x460
[ 1560.912380][  T823]  ? __pfx_drm_compat_ioctl+0x10/0x10
[ 1560.912395][  T823]  __ia32_compat_sys_ioctl+0x23f/0x370
[ 1560.912413][  T823]  __do_fast_syscall_32+0x7c/0x3a0
[ 1560.912425][  T823]  do_fast_syscall_32+0x32/0x80
[ 1560.912435][  T823]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1560.912448][  T823] RIP: 0023:0xf7f26579
[ 1560.912456][  T823] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[ 1560.912466][  T823] RSP: 002b:00000000f504655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[ 1560.912476][  T823] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000000641e
[ 1560.912483][  T823] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1560.912489][  T823] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1560.912495][  T823] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[ 1560.912502][  T823] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1560.912514][  T823]  </TASK>
[ 1560.978455][    C2] vkms_vblank_simulate: vblank timer overrun
[ 1561.011200][  T825] comedi comedi3: comedi_config --init_data is deprecated
[ 1562.145829][T15328] usb 9-1: USB disconnect, device number 55
[ 1562.267895][T16313] usb 11-1: new full-speed USB device number 45 using dummy_hcd
[ 1563.194894][T16313] usb 11-1: config 0 has an invalid interface number: 133 but max is 0
[ 1563.197536][T16313] usb 11-1: config 0 has no interface number 0
[ 1563.199657][T16313] usb 11-1: config 0 interface 133 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[ 1563.204713][T16313] usb 11-1: New USB device found, idVendor=06cd, idProduct=0121, bcdDevice=dd.3d
[ 1563.207523][T16313] usb 11-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1563.210047][T16313] usb 11-1: Product: syz
[ 1563.211649][T16313] usb 11-1: Manufacturer: syz
[ 1563.213154][T16313] usb 11-1: SerialNumber: syz
[ 1563.226419][T16313] usb 11-1: config 0 descriptor??
[ 1563.443260][  T839] tipc: Started in network mode
[ 1563.444837][  T839] tipc: Node identity c24e7940a23f, cluster identity 4711
[ 1563.447076][  T839] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1563.450894][  T839] syzkaller0: entered promiscuous mode
[ 1563.452794][  T839] syzkaller0: entered allmulticast mode
[ 1563.602822][  T873] tipc: Resetting bearer <eth:syzkaller0>
[ 1563.607765][  T838] tipc: Resetting bearer <eth:syzkaller0>
[ 1563.618263][  T838] tipc: Disabling bearer <eth:syzkaller0>
[ 1563.682940][T16313] keyspan 11-1:0.133: Keyspan 1 port adapter converter detected
[ 1563.685741][T16313] keyspan 11-1:0.133: unsupported endpoint type 0
[ 1563.690472][T16313] keyspan 11-1:0.133: found no endpoint descriptor for endpoint 81
[ 1563.693135][T16313] keyspan 11-1:0.133: found no endpoint descriptor for endpoint 1
[ 1563.695692][T16313] keyspan 11-1:0.133: found no endpoint descriptor for endpoint 2
[ 1563.699753][T16313] usb 11-1: Keyspan 1 port adapter converter now attached to ttyUSB0
[ 1563.705415][T16313] usb 11-1: USB disconnect, device number 45
[ 1563.716945][T16313] keyspan_1 ttyUSB0: Keyspan 1 port adapter converter now disconnected from ttyUSB0
[ 1563.720777][T16313] keyspan 11-1:0.133: device disconnected
[ 1563.725205][  T876] netlink: 4 bytes leftover after parsing attributes in process `syz.5.7263'.
[ 1563.747434][  T876] netlink: 28 bytes leftover after parsing attributes in process `syz.5.7263'.
[ 1563.811074][  T881] netlink: 8 bytes leftover after parsing attributes in process `syz.4.7265'.
[ 1563.813919][  T881] netlink: 24 bytes leftover after parsing attributes in process `syz.4.7265'.
[ 1563.857061][  T885] KVM: debugfs: duplicate directory 885-6
[ 1563.978308][  T890] netlink: 4 bytes leftover after parsing attributes in process `syz.5.7269'.
[ 1564.231687][ T6018] usb 10-1: new high-speed USB device number 48 using dummy_hcd
[ 1564.394868][ T6018] usb 10-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1564.398965][ T6018] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1564.403972][ T6018] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1564.408153][ T6018] usb 10-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[ 1564.414447][ T6018] usb 10-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.00
[ 1564.418444][ T6018] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1564.425662][ T6018] usb 10-1: config 0 descriptor??
[ 1564.649807][  T915] netlink: 4 bytes leftover after parsing attributes in process `syz.7.7285'.
[ 1564.695829][  T919] netlink: 28 bytes leftover after parsing attributes in process `syz.4.7279'.
[ 1564.872247][  T895] netlink: 16 bytes leftover after parsing attributes in process `syz.5.7270'.
[ 1564.984025][   T40] audit: type=1804 audit(1754634996.332:78382): pid=932 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.7282" name="/newroot/322/bus/bus" dev="overlay" ino=1713 res=1 errno=0
[ 1565.001165][   T40] audit: type=1804 audit(1754634996.353:78383): pid=932 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.4.7282" name="/newroot/322/bus/bus" dev="overlay" ino=1713 res=1 errno=0
[ 1565.009853][   T40] audit: type=1800 audit(1754634996.353:78384): pid=932 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.7282" name="bus" dev="overlay" ino=1713 res=0 errno=0
[ 1565.156406][ T6018] usbhid 10-1:0.0: can't add hid device: -71
[ 1565.158412][ T6018] usbhid 10-1:0.0: probe with driver usbhid failed with error -71
[ 1565.193884][ T6018] usb 10-1: USB disconnect, device number 48
[ 1565.549809][  T972] FAULT_INJECTION: forcing a failure.
[ 1565.549809][  T972] name failslab, interval 1, probability 0, space 0, times 0
[ 1565.553895][  T972] CPU: 3 UID: 0 PID: 972 Comm: syz.6.7296 Not tainted 6.16.0-syzkaller-11489-gd2eedaa3909b #0 PREEMPT(full) 
[ 1565.553910][  T972] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 1565.553916][  T972] Call Trace:
[ 1565.553920][  T972]  <TASK>
[ 1565.553925][  T972]  dump_stack_lvl+0x16c/0x1f0
[ 1565.553944][  T972]  should_fail_ex+0x512/0x640
[ 1565.553955][  T972]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[ 1565.553970][  T972]  should_failslab+0xc2/0x120
[ 1565.553984][  T972]  kmem_cache_alloc_noprof+0x6d/0x3b0
[ 1565.553996][  T972]  ? security_file_alloc+0x34/0x2b0
[ 1565.554011][  T972]  security_file_alloc+0x34/0x2b0
[ 1565.554023][  T972]  init_file+0x93/0x4c0
[ 1565.554038][  T972]  alloc_empty_file+0x73/0x1e0
[ 1565.554054][  T972]  alloc_file_pseudo+0x13a/0x230
[ 1565.554070][  T972]  ? __pfx_alloc_file_pseudo+0x10/0x10
[ 1565.554089][  T972]  sock_alloc_file+0x50/0x210
[ 1565.554101][  T972]  do_accept+0x240/0x530
[ 1565.554114][  T972]  ? do_raw_spin_lock+0x12c/0x2b0
[ 1565.554131][  T972]  ? __pfx_do_accept+0x10/0x10
[ 1565.554155][  T972]  __sys_accept4+0x100/0x1c0
[ 1565.554169][  T972]  ? __pfx___sys_accept4+0x10/0x10
[ 1565.554183][  T972]  ? __pfx_ksys_write+0x10/0x10
[ 1565.554197][  T972]  __ia32_sys_accept4+0x94/0x100
[ 1565.554211][  T972]  ? syscall_enter_from_user_mode_prepare+0x68/0xe0
[ 1565.554229][  T972]  __do_fast_syscall_32+0x7c/0x3a0
[ 1565.554240][  T972]  do_fast_syscall_32+0x32/0x80
[ 1565.554249][  T972]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1565.554262][  T972] RIP: 0023:0xf7f26579
[ 1565.554271][  T972] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[ 1565.554281][  T972] RSP: 002b:00000000f504655c EFLAGS: 00000296 ORIG_RAX: 000000000000016c
[ 1565.554292][  T972] RAX: ffffffffffffffda RBX: 000000000000000b RCX: 0000000000000000
[ 1565.554298][  T972] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1565.554304][  T972] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1565.554310][  T972] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[ 1565.554316][  T972] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1565.554328][  T972]  </TASK>
[ 1565.558383][  T979] overlayfs: lowerdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior.
[ 1565.648700][  T994] __nla_validate_parse: 2 callbacks suppressed
[ 1565.648716][  T994] netlink: 4 bytes leftover after parsing attributes in process `syz.6.7298'.
[ 1565.654570][  T979] overlayfs: overlapping lowerdir path
[ 1567.022499][ T1032] tmpfs: Bad value for 'nr_inodes'
[ 1567.061319][ T1035] FAULT_INJECTION: forcing a failure.
[ 1567.061319][ T1035] name failslab, interval 1, probability 0, space 0, times 0
[ 1567.061402][ T1035] CPU: 2 UID: 0 PID: 1035 Comm: syz.6.7310 Not tainted 6.16.0-syzkaller-11489-gd2eedaa3909b #0 PREEMPT(full) 
[ 1567.061415][ T1035] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 1567.061422][ T1035] Call Trace:
[ 1567.061425][ T1035]  <TASK>
[ 1567.061430][ T1035]  dump_stack_lvl+0x16c/0x1f0
[ 1567.061450][ T1035]  should_fail_ex+0x512/0x640
[ 1567.061461][ T1035]  ? __kmalloc_cache_noprof+0x57/0x3e0
[ 1567.061474][ T1035]  should_failslab+0xc2/0x120
[ 1567.061488][ T1035]  __kmalloc_cache_noprof+0x6a/0x3e0
[ 1567.061499][ T1035]  ? ww_mutex_lock+0x37/0x160
[ 1567.061508][ T1035]  ? drm_atomic_helper_crtc_duplicate_state+0x70/0xd0
[ 1567.061527][ T1035]  drm_atomic_helper_crtc_duplicate_state+0x70/0xd0
[ 1567.061542][ T1035]  drm_atomic_get_crtc_state+0x16e/0x450
[ 1567.061563][ T1035]  drm_atomic_get_plane_state+0x436/0x590
[ 1567.061577][ T1035]  drm_client_modeset_commit_atomic+0x237/0x7e0
[ 1567.061592][ T1035]  ? __pfx___might_resched+0x10/0x10
[ 1567.061607][ T1035]  ? __pfx_drm_client_modeset_commit_atomic+0x10/0x10
[ 1567.061622][ T1035]  ? __mutex_lock+0x1c4/0x10b0
[ 1567.061630][ T1035]  ? rcu_is_watching+0x12/0xc0
[ 1567.061654][ T1035]  drm_client_modeset_commit_locked+0x14d/0x580
[ 1567.061670][ T1035]  drm_client_modeset_commit+0x4f/0x80
[ 1567.061685][ T1035]  __drm_fb_helper_restore_fbdev_mode_unlocked+0x19f/0x200
[ 1567.061701][ T1035]  drm_fb_helper_set_par+0xd8/0x120
[ 1567.061713][ T1035]  ? __pfx_drm_fb_helper_set_par+0x10/0x10
[ 1567.061727][ T1035]  fb_set_var+0x822/0x1280
[ 1567.061745][ T1035]  ? __pfx_fb_set_var+0x10/0x10
[ 1567.061759][ T1035]  ? __lock_acquire+0x62e/0x1ce0
[ 1567.061776][ T1035]  ? __lock_acquire+0x62e/0x1ce0
[ 1567.061797][ T1035]  ? find_held_lock+0x2b/0x80
[ 1567.061810][ T1035]  ? is_bpf_text_address+0x8a/0x1a0
[ 1567.061823][ T1035]  ? bpf_ksym_find+0x124/0x1c0
[ 1567.061833][ T1035]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 1567.061854][ T1035]  ? fb_find_best_mode+0x1e9/0x2f0
[ 1567.061865][ T1035]  ? fb_videomode_to_var+0x13/0x610
[ 1567.061877][ T1035]  fbcon_resize+0x684/0x910
[ 1567.061894][ T1035]  ? __pfx_fbcon_resize+0x10/0x10
[ 1567.061919][ T1035]  ? __pfx_fbcon_resize+0x10/0x10
[ 1567.061934][ T1035]  vc_do_resize+0xccb/0x10e0
[ 1567.061957][ T1035]  ? __pfx_vc_do_resize+0x10/0x10
[ 1567.061974][ T1035]  ? rcu_is_watching+0x12/0xc0
[ 1567.061987][ T1035]  vt_ioctl+0x2ca4/0x30a0
[ 1567.062002][ T1035]  ? __pfx_vt_ioctl+0x10/0x10
[ 1567.062016][ T1035]  ? aa_get_newest_label+0x375/0x680
[ 1567.062034][ T1035]  ? __pfx_aa_get_newest_label+0x10/0x10
[ 1567.062050][ T1035]  ? rcu_is_watching+0x12/0xc0
[ 1567.062060][ T1035]  ? trace_cap_capable+0x18d/0x200
[ 1567.062078][ T1035]  ? apparmor_capable+0x114/0x1d0
[ 1567.062094][ T1035]  ? bpf_lsm_capable+0x9/0x10
[ 1567.062104][ T1035]  ? security_capable+0x7e/0x260
[ 1567.062121][ T1035]  vt_compat_ioctl+0x1c2/0x4e0
[ 1567.062136][ T1035]  ? __pfx_vt_compat_ioctl+0x10/0x10
[ 1567.062149][ T1035]  ? hook_file_ioctl_common+0x145/0x410
[ 1567.062163][ T1035]  ? __fget_files+0x20e/0x3c0
[ 1567.062175][ T1035]  ? __pfx_vt_compat_ioctl+0x10/0x10
[ 1567.062189][ T1035]  tty_compat_ioctl+0x2ee/0x4d0
[ 1567.062199][ T1035]  ? __pfx_tty_compat_ioctl+0x10/0x10
[ 1567.062210][ T1035]  __ia32_compat_sys_ioctl+0x23f/0x370
[ 1567.062229][ T1035]  __do_fast_syscall_32+0x7c/0x3a0
[ 1567.062241][ T1035]  do_fast_syscall_32+0x32/0x80
[ 1567.062251][ T1035]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1567.062264][ T1035] RIP: 0023:0xf7f26579
[ 1567.062272][ T1035] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[ 1567.062282][ T1035] RSP: 002b:00000000f504655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[ 1567.062292][ T1035] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000000560a
[ 1567.062299][ T1035] RDX: 0000000080000040 RSI: 0000000000000000 RDI: 0000000000000000
[ 1567.062305][ T1035] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1567.062311][ T1035] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[ 1567.062318][ T1035] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1567.062332][ T1035]  </TASK>
[ 1567.068915][ T6018] usb 9-1: new high-speed USB device number 56 using dummy_hcd
[ 1567.213063][ T6018] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1567.213088][ T6018] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1567.213102][ T6018] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1567.213113][ T6018] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[ 1567.213133][ T6018] usb 9-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.00
[ 1567.213144][ T6018] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1567.218058][ T6018] usb 9-1: config 0 descriptor??
[ 1567.682951][ T1051] netlink: 16 bytes leftover after parsing attributes in process `syz.4.7308'.
[ 1567.698713][ T1051] netlink: 104 bytes leftover after parsing attributes in process `syz.4.7308'.
[ 1567.698726][ T1051] netlink: 104 bytes leftover after parsing attributes in process `syz.4.7308'.
[ 1568.007305][ T6018] usbhid 9-1:0.0: can't add hid device: -71
[ 1568.009391][ T6018] usbhid 9-1:0.0: probe with driver usbhid failed with error -71
[ 1568.018280][ T6018] usb 9-1: USB disconnect, device number 56
[ 1568.085272][ T1055] netlink: 96 bytes leftover after parsing attributes in process `syz.6.7317'.
[ 1568.130363][ T1059] FAULT_INJECTION: forcing a failure.
[ 1568.130363][ T1059] name failslab, interval 1, probability 0, space 0, times 0
[ 1568.135655][ T1059] CPU: 1 UID: 0 PID: 1059 Comm: syz.6.7319 Not tainted 6.16.0-syzkaller-11489-gd2eedaa3909b #0 PREEMPT(full) 
[ 1568.135680][ T1059] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 1568.135690][ T1059] Call Trace:
[ 1568.135697][ T1059]  <TASK>
[ 1568.135705][ T1059]  dump_stack_lvl+0x16c/0x1f0
[ 1568.135735][ T1059]  should_fail_ex+0x512/0x640
[ 1568.135758][ T1059]  ? __kmalloc_noprof+0xbf/0x510
[ 1568.135778][ T1059]  ? sock_kmalloc+0x111/0x170
[ 1568.135796][ T1059]  should_failslab+0xc2/0x120
[ 1568.135818][ T1059]  __kmalloc_noprof+0xd2/0x510
[ 1568.135844][ T1059]  sock_kmalloc+0x111/0x170
[ 1568.135865][ T1059]  __ipv6_sock_mc_join+0x3de/0xc20
[ 1568.135894][ T1059]  ? look_up_lock_class+0x59/0x150
[ 1568.135918][ T1059]  ? __lock_acquire+0xb97/0x1ce0
[ 1568.135942][ T1059]  do_ipv6_mcast_group_source+0x20c/0x260
[ 1568.135964][ T1059]  ? __pfx_do_ipv6_mcast_group_source+0x10/0x10
[ 1568.136006][ T1059]  ? __local_bh_enable_ip+0xa4/0x120
[ 1568.136026][ T1059]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1568.136052][ T1059]  do_ipv6_setsockopt+0x26b8/0x4350
[ 1568.136080][ T1059]  ? __pfx_do_ipv6_setsockopt+0x10/0x10
[ 1568.136106][ T1059]  ? __pfx_aa_label_sk_perm+0x10/0x10
[ 1568.136125][ T1059]  ? find_held_lock+0x2b/0x80
[ 1568.136142][ T1059]  ? get_pid_task+0xfc/0x250
[ 1568.136172][ T1059]  ? __pfx___might_resched+0x10/0x10
[ 1568.136192][ T1059]  ? aa_sk_perm+0x2f4/0xb10
[ 1568.136209][ T1059]  ? ipv6_setsockopt+0xcb/0x170
[ 1568.136227][ T1059]  ipv6_setsockopt+0xcb/0x170
[ 1568.136248][ T1059]  udpv6_setsockopt+0x7d/0xd0
[ 1568.136273][ T1059]  ? __pfx_sock_common_setsockopt+0x10/0x10
[ 1568.136319][ T1059]  do_sock_setsockopt+0xf3/0x1d0
[ 1568.136343][ T1059]  __sys_setsockopt+0x120/0x1a0
[ 1568.136372][ T1059]  __ia32_sys_setsockopt+0xbc/0x160
[ 1568.136396][ T1059]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1568.136421][ T1059]  ? syscall_enter_from_user_mode_prepare+0x68/0xe0
[ 1568.136448][ T1059]  __do_fast_syscall_32+0x7c/0x3a0
[ 1568.136468][ T1059]  do_fast_syscall_32+0x32/0x80
[ 1568.136484][ T1059]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1568.136506][ T1059] RIP: 0023:0xf7f26579
[ 1568.136521][ T1059] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[ 1568.136538][ T1059] RSP: 002b:00000000f504655c EFLAGS: 00000296 ORIG_RAX: 000000000000016e
[ 1568.136556][ T1059] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000000029
[ 1568.136567][ T1059] RDX: 000000000000002e RSI: 0000000080000080 RDI: 0000000000000108
[ 1568.136578][ T1059] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1568.136588][ T1059] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[ 1568.136599][ T1059] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1568.136624][ T1059]  </TASK>
[ 1569.276072][ T1089] netlink: 504 bytes leftover after parsing attributes in process `syz.5.7324'.
[ 1571.333598][   T40] audit: type=1804 audit(1754635003.009:78385): pid=1154 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.6.7335" name="/newroot/51/bus/bus" dev="overlay" ino=291 res=1 errno=0
[ 1571.346248][   T40] audit: type=1804 audit(1754635003.030:78386): pid=1154 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.6.7335" name="/newroot/51/bus/bus" dev="overlay" ino=291 res=1 errno=0
[ 1571.353196][   T40] audit: type=1800 audit(1754635003.030:78387): pid=1154 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.7335" name="bus" dev="overlay" ino=291 res=0 errno=0
[ 1571.375668][T16313] usb 9-1: new high-speed USB device number 57 using dummy_hcd
[ 1571.536001][T16313] usb 9-1: Using ep0 maxpacket: 8
[ 1571.539634][T16313] usb 9-1: config 168 descriptor has 1 excess byte, ignoring
[ 1571.542278][T16313] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[ 1571.546122][T16313] usb 9-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1571.549996][T16313] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1571.553481][T16313] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[ 1571.558259][T16313] usb 9-1: config 168 descriptor has 1 excess byte, ignoring
[ 1571.560832][T16313] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[ 1571.566715][T16313] usb 9-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1571.570490][T16313] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1571.574534][T16313] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[ 1571.579278][T16313] usb 9-1: config 168 descriptor has 1 excess byte, ignoring
[ 1571.581863][T16313] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[ 1571.587150][T16313] usb 9-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1571.590842][T16313] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1571.594805][T16313] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[ 1571.602496][T16313] usb 9-1: string descriptor 0 read error: -22
[ 1571.608968][T16313] usb 9-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[ 1571.612893][T16313] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1571.623373][T16313] adutux 9-1:168.0: ADU100  now attached to /dev/usb/adutux0
[ 1571.863165][T31689] usb 9-1: USB disconnect, device number 57
[ 1573.834083][ T1195] loop6: detected capacity change from 0 to 524287487
[ 1573.847328][T24518] buffer_io_error: 48 callbacks suppressed
[ 1573.847345][T24518] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1573.860471][T24518] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1573.863654][T24518] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1573.866859][T24518] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1573.870822][T24518] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1573.874001][T24518] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1573.877160][T24518] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1573.880674][T24518] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1573.883219][T24518] ldm_validate_partition_table(): Disk read failed.
[ 1573.885577][T24518] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1573.889643][T24518] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1573.892276][T24518] Dev loop6: unable to read RDB block 0
[ 1573.894623][T24518]  loop6: unable to read partition table
[ 1573.902365][ T1195] ldm_validate_partition_table(): Disk read failed.
[ 1573.906207][ T1195] Dev loop6: unable to read RDB block 0
[ 1573.912037][ T1195]  loop6: unable to read partition table
[ 1573.916995][ T1195] loop_reread_partitions: partition scan of loop6 (3Ÿ¾x³˜CÖ

) failed (rc=-5)
[ 1573.972361][ T1203] netlink: 'syz.7.7354': attribute type 27 has an invalid length.
[ 1573.977244][ T1203] netlink: 164 bytes leftover after parsing attributes in process `syz.7.7354'.
[ 1574.095747][ T1210] random: crng reseeded on system resumption
[ 1574.102111][ T1210] FAULT_INJECTION: forcing a failure.
[ 1574.102111][ T1210] name failslab, interval 1, probability 0, space 0, times 0
[ 1574.106566][ T1210] CPU: 1 UID: 0 PID: 1210 Comm: syz.7.7356 Not tainted 6.16.0-syzkaller-11489-gd2eedaa3909b #0 PREEMPT(full) 
[ 1574.106596][ T1210] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 1574.106603][ T1210] Call Trace:
[ 1574.106608][ T1210]  <TASK>
[ 1574.106613][ T1210]  dump_stack_lvl+0x16c/0x1f0
[ 1574.106633][ T1210]  should_fail_ex+0x512/0x640
[ 1574.106647][ T1210]  should_failslab+0xc2/0x120
[ 1574.106662][ T1210]  __kmalloc_cache_noprof+0x6a/0x3e0
[ 1574.106673][ T1210]  ? do_raw_spin_lock+0x12c/0x2b0
[ 1574.106689][ T1210]  ? find_held_lock+0x2b/0x80
[ 1574.106698][ T1210]  ? async_schedule_node_domain+0x54/0x120
[ 1574.106713][ T1210]  ? __pfx___async_dev_cache_fw_image+0x10/0x10
[ 1574.106730][ T1210]  async_schedule_node_domain+0x54/0x120
[ 1574.106744][ T1210]  dev_cache_fw_image+0x38e/0x490
[ 1574.106760][ T1210]  ? __pfx_dev_cache_fw_image+0x10/0x10
[ 1574.106776][ T1210]  ? dev_cache_fw_image+0x398/0x490
[ 1574.106791][ T1210]  ? __pfx_dev_cache_fw_image+0x10/0x10
[ 1574.106806][ T1210]  dpm_for_each_dev+0x5d/0xb0
[ 1574.106820][ T1210]  fw_pm_notify+0x81/0x150
[ 1574.106834][ T1210]  notifier_call_chain+0xbc/0x410
[ 1574.106847][ T1210]  ? __pfx_fw_pm_notify+0x10/0x10
[ 1574.106864][ T1210]  blocking_notifier_call_chain_robust+0xc8/0x160
[ 1574.106879][ T1210]  ? __pfx_blocking_notifier_call_chain_robust+0x10/0x10
[ 1574.106899][ T1210]  pm_notifier_call_chain_robust+0x27/0x60
[ 1574.106914][ T1210]  snapshot_open+0x218/0x2b0
[ 1574.106926][ T1210]  ? __pfx_snapshot_open+0x10/0x10
[ 1574.106939][ T1210]  misc_open+0x35a/0x420
[ 1574.106954][ T1210]  ? __pfx_misc_open+0x10/0x10
[ 1574.106967][ T1210]  chrdev_open+0x231/0x6a0
[ 1574.106981][ T1210]  ? __pfx_apparmor_file_open+0x10/0x10
[ 1574.106994][ T1210]  ? __pfx_chrdev_open+0x10/0x10
[ 1574.107008][ T1210]  ? fsnotify_open_perm_and_set_mode+0x17c/0xa60
[ 1574.107024][ T1210]  do_dentry_open+0x97f/0x1530
[ 1574.107037][ T1210]  ? __pfx_chrdev_open+0x10/0x10
[ 1574.107053][ T1210]  vfs_open+0x82/0x3f0
[ 1574.107071][ T1210]  path_openat+0x1de4/0x2cb0
[ 1574.107089][ T1210]  ? __pfx_path_openat+0x10/0x10
[ 1574.107102][ T1210]  ? __lock_acquire+0xb97/0x1ce0
[ 1574.107118][ T1210]  do_filp_open+0x20b/0x470
[ 1574.107130][ T1210]  ? __pfx_do_filp_open+0x10/0x10
[ 1574.107153][ T1210]  ? _raw_spin_unlock+0x28/0x50
[ 1574.107167][ T1210]  ? alloc_fd+0x471/0x7d0
[ 1574.107183][ T1210]  do_sys_openat2+0x11b/0x1d0
[ 1574.107199][ T1210]  ? __pfx_do_sys_openat2+0x10/0x10
[ 1574.107216][ T1210]  ? __fget_files+0x20e/0x3c0
[ 1574.107230][ T1210]  __ia32_compat_sys_openat+0x16d/0x210
[ 1574.107241][ T1210]  ? __pfx___ia32_compat_sys_openat+0x10/0x10
[ 1574.107250][ T1210]  ? ksys_write+0x1ac/0x250
[ 1574.107264][ T1210]  ? rcu_is_watching+0x12/0xc0
[ 1574.107277][ T1210]  __do_fast_syscall_32+0x7c/0x3a0
[ 1574.107289][ T1210]  do_fast_syscall_32+0x32/0x80
[ 1574.107299][ T1210]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1574.107312][ T1210] RIP: 0023:0xf7fa5579
[ 1574.107322][ T1210] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[ 1574.107333][ T1210] RSP: 002b:00000000f4f1455c EFLAGS: 00000296 ORIG_RAX: 0000000000000127
[ 1574.107343][ T1210] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 00000000800000c0
[ 1574.107350][ T1210] RDX: 00000000000c2d41 RSI: 0000000000000000 RDI: 0000000000000000
[ 1574.107356][ T1210] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1574.107362][ T1210] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[ 1574.107368][ T1210] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1574.107382][ T1210]  </TASK>
[ 1574.195490][ T1204] syz.4.7353 (1204): drop_caches: 2
[ 1574.195742][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1574.251390][ T1210] 
[ 1574.252209][ T1210] ============================================
[ 1574.254256][ T1210] WARNING: possible recursive locking detected
[ 1574.256297][ T1210] 6.16.0-syzkaller-11489-gd2eedaa3909b #0 Not tainted
[ 1574.259734][ T1210] --------------------------------------------
[ 1574.262028][ T1210] syz.7.7356/1210 is trying to acquire lock:
[ 1574.263910][ T1210] ffffffff8f516388 (fw_lock){+.+.}-{4:4}, at: assign_fw+0x4e/0x640
[ 1574.266388][ T1210] 
[ 1574.266388][ T1210] but task is already holding lock:
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[ 1574.268776][ T1210] ffffffff8f516388 (fw_lock){+.+.}-{4:4}, at: fw_pm_notify+0x69/0x150
[ 1574.271467][ T1210] 
[ 1574.271467][ T1210] other info that might help us debug this:
[ 1574.273977][ T1210]  Possible unsafe locking scenario:
[ 1574.273977][ T1210] 
[ 1574.276298][ T1210]        CPU0
[ 1574.277355][ T1210]        ----
[ 1574.278413][ T1210]   lock(fw_lock);
[ 1574.279598][ T1210]   lock(fw_lock);
[ 1574.280798][ T1210] 
[ 1574.280798][ T1210]  *** DEADLOCK ***
[ 1574.280798][ T1210] 
[ 1574.283640][ T1210]  May be due to missing lock nesting notation
[ 1574.283640][ T1210] 
[ 1574.286430][ T1210] 5 locks held by syz.7.7356/1210:
[ 1574.288017][ T1210]  #0: ffffffff8f300908 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x63/0x420
[ 1574.290621][ T1210]  #1: ffffffff8e484768 (system_transition_mutex){+.+.}-{4:4}, at: lock_system_sleep+0x87/0xa0
[ 1574.293823][ T1210]  #2: ffffffff8e4c4c90 ((pm_chain_head).rwsem){++++}-{4:4}, at: blocking_notifier_call_chain_robust+0xa8/0x160
[ 1574.297553][ T1210]  #3: ffffffff8f516388 (fw_lock){+.+.}-{4:4}, at: fw_pm_notify+0x69/0x150
[ 1574.300656][ T1210]  #4: ffffffff8f510d88 (dpm_list_mtx){+.+.}-{4:4}, at: dpm_for_each_dev+0x2d/0xb0
[ 1574.303628][ T1210] 
[ 1574.303628][ T1210] stack backtrace:
[ 1574.305477][ T1210] CPU: 1 UID: 0 PID: 1210 Comm: syz.7.7356 Not tainted 6.16.0-syzkaller-11489-gd2eedaa3909b #0 PREEMPT(full) 
[ 1574.305492][ T1210] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 1574.305499][ T1210] Call Trace:
[ 1574.305504][ T1210]  <TASK>
[ 1574.305509][ T1210]  dump_stack_lvl+0x116/0x1f0
[ 1574.305527][ T1210]  print_deadlock_bug+0x1e9/0x240
[ 1574.305540][ T1210]  __lock_acquire+0x1133/0x1ce0
[ 1574.305555][ T1210]  ? kasan_save_track+0x14/0x30
[ 1574.305568][ T1210]  lock_acquire+0x179/0x350
[ 1574.305581][ T1210]  ? assign_fw+0x4e/0x640
[ 1574.305595][ T1210]  ? __pfx___might_resched+0x10/0x10
[ 1574.305605][ T1210]  ? path_openat+0x1de4/0x2cb0
[ 1574.305616][ T1210]  ? do_filp_open+0x20b/0x470
[ 1574.305627][ T1210]  ? do_sys_openat2+0x11b/0x1d0
[ 1574.305643][ T1210]  ? assign_fw+0x4e/0x640
[ 1574.305656][ T1210]  __mutex_lock+0x193/0x10b0
[ 1574.305666][ T1210]  ? assign_fw+0x4e/0x640
[ 1574.305681][ T1210]  ? __pfx___mutex_lock+0x10/0x10
[ 1574.305692][ T1210]  ? kasan_quarantine_put+0x10a/0x240
[ 1574.305703][ T1210]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1574.305719][ T1210]  ? assign_fw+0x4e/0x640
[ 1574.305732][ T1210]  assign_fw+0x4e/0x640
[ 1574.305746][ T1210]  ? _request_firmware+0x957/0x1470
[ 1574.305766][ T1210]  _request_firmware+0x988/0x1470
[ 1574.305782][ T1210]  ? __pfx__request_firmware+0x10/0x10
[ 1574.305797][ T1210]  ? dump_stack_lvl+0x197/0x1f0
[ 1574.305812][ T1210]  ? dump_stack_lvl+0x1a3/0x1f0
[ 1574.305828][ T1210]  __async_dev_cache_fw_image+0xb1/0x340
[ 1574.305844][ T1210]  ? __pfx___async_dev_cache_fw_image+0x10/0x10
[ 1574.305860][ T1210]  ? mark_held_locks+0x49/0x80
[ 1574.305872][ T1210]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[ 1574.305887][ T1210]  ? __pfx___async_dev_cache_fw_image+0x10/0x10
[ 1574.305903][ T1210]  async_schedule_node_domain+0xd1/0x120
[ 1574.305916][ T1210]  dev_cache_fw_image+0x38e/0x490
[ 1574.305930][ T1210]  ? __pfx_dev_cache_fw_image+0x10/0x10
[ 1574.305945][ T1210]  ? dev_cache_fw_image+0x398/0x490
[ 1574.305959][ T1210]  ? __pfx_dev_cache_fw_image+0x10/0x10
[ 1574.305973][ T1210]  dpm_for_each_dev+0x5d/0xb0
[ 1574.305986][ T1210]  fw_pm_notify+0x81/0x150
[ 1574.305999][ T1210]  notifier_call_chain+0xbc/0x410
[ 1574.306013][ T1210]  ? __pfx_fw_pm_notify+0x10/0x10
[ 1574.306027][ T1210]  blocking_notifier_call_chain_robust+0xc8/0x160
[ 1574.306041][ T1210]  ? __pfx_blocking_notifier_call_chain_robust+0x10/0x10
[ 1574.306057][ T1210]  pm_notifier_call_chain_robust+0x27/0x60
[ 1574.306071][ T1210]  snapshot_open+0x218/0x2b0
[ 1574.306083][ T1210]  ? __pfx_snapshot_open+0x10/0x10
[ 1574.306094][ T1210]  misc_open+0x35a/0x420
[ 1574.306109][ T1210]  ? __pfx_misc_open+0x10/0x10
[ 1574.306122][ T1210]  chrdev_open+0x231/0x6a0
[ 1574.306134][ T1210]  ? __pfx_apparmor_file_open+0x10/0x10
[ 1574.306147][ T1210]  ? __pfx_chrdev_open+0x10/0x10
[ 1574.306160][ T1210]  ? fsnotify_open_perm_and_set_mode+0x17c/0xa60
[ 1574.306173][ T1210]  do_dentry_open+0x97f/0x1530
[ 1574.306185][ T1210]  ? __pfx_chrdev_open+0x10/0x10
[ 1574.306198][ T1210]  vfs_open+0x82/0x3f0
[ 1574.306214][ T1210]  path_openat+0x1de4/0x2cb0
[ 1574.306227][ T1210]  ? __pfx_path_openat+0x10/0x10
[ 1574.306239][ T1210]  ? __lock_acquire+0xb97/0x1ce0
[ 1574.306252][ T1210]  do_filp_open+0x20b/0x470
[ 1574.306264][ T1210]  ? __pfx_do_filp_open+0x10/0x10
[ 1574.306279][ T1210]  ? _raw_spin_unlock+0x28/0x50
[ 1574.306292][ T1210]  ? alloc_fd+0x471/0x7d0
[ 1574.306304][ T1210]  do_sys_openat2+0x11b/0x1d0
[ 1574.306320][ T1210]  ? __pfx_do_sys_openat2+0x10/0x10
[ 1574.306335][ T1210]  ? __fget_files+0x20e/0x3c0
[ 1574.306347][ T1210]  __ia32_compat_sys_openat+0x16d/0x210
[ 1574.306357][ T1210]  ? __pfx___ia32_compat_sys_openat+0x10/0x10
[ 1574.306366][ T1210]  ? ksys_write+0x1ac/0x250
[ 1574.306378][ T1210]  ? rcu_is_watching+0x12/0xc0
[ 1574.306389][ T1210]  __do_fast_syscall_32+0x7c/0x3a0
[ 1574.306399][ T1210]  do_fast_syscall_32+0x32/0x80
[ 1574.306409][ T1210]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1574.306422][ T1210] RIP: 0023:0xf7fa5579
[ 1574.306431][ T1210] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[ 1574.306441][ T1210] RSP: 002b:00000000f4f1455c EFLAGS: 00000296 ORIG_RAX: 0000000000000127
[ 1574.306451][ T1210] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 00000000800000c0
[ 1574.306458][ T1210] RDX: 00000000000c2d41 RSI: 0000000000000000 RDI: 0000000000000000
[ 1574.306464][ T1210] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1574.306470][ T1210] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[ 1574.306476][ T1210] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1574.306485][ T1210]  </TASK>
[ 1574.306552][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1574.451565][    C1] vkms_vblank_simulate: vblank timer overrun

VM DIAGNOSIS:
04:56:20  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000000000 RBX=0000000000002180 RCX=ffffffff81a6d138 RDX=ffff888027c68000
RSI=ffffffff81a6d142 RDI=0000000000000005 RBP=0000000026400000 RSP=ffffc9000404f918
R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000000 R11=0000000000000001
R12=0000000000000000 R13=ffffc9000404fa58 R14=fffff52000809f4f R15=dffffc0000000000
RIP=ffffffff81bb0f18 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff8880974d3000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000000080001ac0 CR3=000000002860f000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=000000000000000e 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000000ff
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 4e4f4954504f5f4e 4153410063657865
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000000000023 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff855fdb95 RDI=ffffffff9b0e9800 RBP=ffffffff9b0e97c0 RSP=ffffc90002106ce8
R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=732d302e36312e36
R12=0000000000000000 R13=0000000000000023 R14=ffffffff9b0e97c0 R15=ffffffff855fdb30
RIP=ffffffff855fdbbf RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff8880975d3000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=000000008000f000 CR3=000000002860f000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000000ff
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 4e4f4954504f5f4e 4153410063657865
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 2

CPU#2
RAX=0000000080000201 RBX=0000000000000005 RCX=ffffffff84e765e0 RDX=ffff88802357a440
RSI=ffffffff84e765ef RDI=0000000000000007 RBP=ffffc9000343f320 RSP=ffffc9000343f188
R8 =0000000000000007 R9 =0000000000000040 R10=000000000000003b R11=0000000000000012
R12=000000000000003b R13=ffffc9000343f260 R14=ffff888070d20835 R15=0000000000000773
RIP=ffffffff81bb0f27 RFL=00000283 [--S---C] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0000 0000000000000000 ffffffff 00c00000
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007fb516fcb300 ffffffff 00c00000
GS =0000 ffff8880976d3000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000008f000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=000055a08afc9000 CR3=000000004947b000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=00000000feeff800 Opmask01=000000000000ffff Opmask02=00000000ff7fefbf Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000001 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000000003bf12 0000003800000012 0004000000080024 002800000030003c
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000020 0000002000000000 0000000000000000 0000000000000017
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2008000600719626 0000030f00000005 0000000100000000 0000000000001cc4
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 9c20080008b00300 080008a803000800 08a0030208000898 0328080001fe8803
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000190808078c 0301000002040607 8803000000140808 07800307800201fe
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 800301fe80020890 030008000888030f ffffffff02088003 01080001fb800204
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0273cc006c6f6f74 68746501ffffffff ffffffffef0801fb 8003200800060800
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 06800249bc080001 00000e0806060110 a60804980e050480 021881c4cdec0800
ZMM25=485a91b1485a91b1 485a91b1485a91b1 485a91b1485a91b1 485a91b1485a91b1 485a91b1485a91b1 485a91b1485a91b1 485a91b1485a91b1 485a91b1485a91b1
ZMM26=a632fbdba632fbdb a632fbdba632fbdb a632fbdba632fbdb a632fbdba632fbdb a632fbdba632fbdb a632fbdba632fbdb a632fbdba632fbdb a632fbdba632fbdb
ZMM27=eefb6a1ceefb6a1c eefb6a1ceefb6a1c eefb6a1ceefb6a1c eefb6a1ceefb6a1c eefb6a1ceefb6a1c eefb6a1ceefb6a1c eefb6a1ceefb6a1c eefb6a1ceefb6a1c
ZMM28=000000100000000f 0000000e0000000d 0000000c0000000b 0000000a00000009 0000000800000007 0000000600000005 0000000400000003 0000000200000001
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=e0080000e0080000 e0080000e0080000 e0080000e0080000 e0080000e0080000 e0080000e0080000 e0080000e0080000 e0080000e0080000 e0080000e0080000
info registers vcpu 3

CPU#3
RAX=dffffc0000000000 RBX=ffff888022c00a38 RCX=ffffffff8197b113 RDX=1ffff11004580149
RSI=0000000000000004 RDI=ffff888022c00a38 RBP=0000000000000293 RSP=ffffc90003c9fb30
R8 =0000000000000000 R9 =ffffed1004580147 R10=ffff888022c00a3b R11=0000000000000003
R12=ffff888022c00a48 R13=0000000000000293 R14=0000000000000001 R15=ffff888025b8d800
RIP=ffffffff8197b160 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880977d3000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000d6000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000000080213000 CR3=0000000071ad8000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=000000000000000e 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000000ff
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 4e4f4954504f5f4e 4153410063657865
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000