last executing test programs:

19.476593277s ago: executing program 3 (id=2394):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0xfffffffe, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x800, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="4c000000020681010000000000000000000000000500050002000000050001000700000005000400030000000900020073797a310000000011000300686173683a6e65742c6e6574"], 0x4c}, 0x1, 0x0, 0x0, 0x4040000}, 0x800)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r1, 0x0, 0x4)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
recvmmsg(r2, &(0x7f0000004040)=[{{0x0, 0x0, 0x0}, 0x1}], 0x1, 0x20, 0x0)
io_uring_setup(0x652, 0x0)
r3 = socket$packet(0x11, 0x3, 0x300)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x10, 0x803, 0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r8, 0x4040aea0, &(0x7f0000000140)=@x86={0x4, 0x10, 0x7, 0x0, 0x5, 0x5, 0x4, 0x0, 0x81, 0x40, 0x2, 0x88, 0x0, 0x7e, 0x2, 0x5, 0x5, 0x1, 0x0, '\x00', 0x4, 0xa})
ioctl$KVM_SET_GUEST_DEBUG(r8, 0x4048ae9b, &(0x7f0000000080)={0x1a0003, 0x0, [0x8, 0xff, 0xfffffffffffffffb, 0x3e00000000000000, 0x7fffffff, 0x7, 0x9, 0xa]})
sendmsg$nl_route(r5, &(0x7f0000000380)={0x0, 0x4076cbba9945d516, &(0x7f0000000340)={0x0, 0x14}}, 0x0)
getsockname$packet(r5, &(0x7f0000000140)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000280)=ANY=[@ANYBLOB="400000001000390400"/20, @ANYRES32=r9, @ANYBLOB="01980000a4c6622eaf8d7db4b1307e000000002000128008000100677265000000000000000600ac141400060003003f000000"], 0x40}}, 0x4040)
sendto$packet(r3, &(0x7f0000000000)='1', 0x1, 0x40081, &(0x7f0000000200)={0x11, 0x0, r9, 0x1, 0x4, 0x6, @remote}, 0x14)
r10 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x401)
ioctl$SG_IO(r10, 0x2285, &(0x7f00000005c0)={0x53, 0xfffffffe, 0x6, 0x0, @scatter={0x0, 0x3, 0x0}, &(0x7f00000000c0)="a10b7633ecb5", 0x0, 0x0, 0x0, 0x0, 0x0})
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wlan1\x00'})
socket$kcm(0x2, 0x200000000000006, 0x106)

18.445497404s ago: executing program 3 (id=2396):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a000000180100002020702500000000002020207b1af8ff00"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000002c0)='kfree\x00', r0}, 0x10)
r1 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newsa={0xec, 0x10, 0x713, 0x70bd28, 0x0, {{@in=@initdev={0xac, 0x1e, 0x1, 0x0}, @in=@local, 0x4e23, 0x1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x3a, 0x0, 0xee00}, {@in6=@remote, 0x0, 0x32}, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', {0x0, 0x0, 0x8, 0x100000001, 0x6}, {0x0, 0x0, 0x2, 0xfffffffffffffffc}, {0xc}, 0x70bd28, 0x0, 0x2}}, 0xec}, 0x1, 0x0, 0x0, 0xc0}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{0x0}], 0x1}, 0x0)
r2 = socket$inet_mptcp(0x2, 0x1, 0x106)
r3 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_int(r3, 0x29, 0xb, &(0x7f0000000040)=0x9, 0x4)
bind$inet6(r3, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty, 0x1000}, 0x1c)
recvmmsg(r3, &(0x7f00000009c0)=[{{0x0, 0x0, 0x0}, 0x4}], 0x65942126f3d7b6a8, 0x2, 0x0)
sendto$inet6(r3, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c)
mremap(&(0x7f0000550000/0x2000)=nil, 0x2000, 0x9000, 0x7, &(0x7f0000096000/0x9000)=nil)
setsockopt$sock_int(r2, 0x1, 0x20, 0x0, 0x0)
bind$alg(0xffffffffffffffff, 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x10}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r4 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r4, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socket$nl_netfilter(0x10, 0x3, 0xc)
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x42202)
write$apparmor_exec(r1, &(0x7f0000000080)={'exec ', ':\x00'}, 0x7)

14.155457401s ago: executing program 3 (id=2405):
r0 = socket$inet6(0xa, 0xa, 0x400000)
sendmmsg$inet6(r0, 0x0, 0x0, 0xc8000)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x3, @raw_data="dea233684c996156af0d4bd8e3300217e750b8c97b7123d48003e7e1d3be5f710c41a1db6719881876e9bcc6e2f73c67cc6b675eb43188b5b7f9f898868de9a9c5d536d418ba283121a73a5aba55a87d2a2525295f4492bbde02ad8bc8e88779f2de06f38e99172df4d45b6f13c813dee4230c204a93172922b778fef7a1f89ce876bb89d44cd705bbb28db4869dfac20d928950507acd92c02d17f51b0a627539f6e0a0bdb92004bc6252cd35e8cd100962db9a83ad63a4e7e1ca17c1b6aac63fefa9bebe429d00"})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = syz_io_uring_setup(0x7fae, &(0x7f0000000440)={0x0, 0x911f, 0x1, 0x2, 0x115}, &(0x7f0000000080), &(0x7f00000004c0))
io_uring_register$IORING_REGISTER_FILES2(r2, 0xd, &(0x7f0000000800)={0x1, 0x0, 0x0, &(0x7f0000000700)=[{0x0}], &(0x7f00000007c0)=[0x749]}, 0x20)
setsockopt$MRT_ADD_MFC_PROXY(0xffffffffffffffff, 0x0, 0xd2, 0x0, 0x0)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x2e}, 0x1, 0x0, 0x0, 0x20000000}, 0x24004080)
syz_open_procfs(0x0, &(0x7f0000000180)='wchan\x00')
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000400))
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
openat$dsp(0xffffffffffffff9c, &(0x7f00000003c0), 0x101a02, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, 0x0)
chdir(0x0)
r3 = open(&(0x7f0000000040)='./file0\x00', 0x80242, 0x1df2a23c5997fa7b)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
sendfile(r3, r3, &(0x7f0000000080), 0x7f04)
r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f0000001540)=ANY=[@ANYBLOB="b702000008000000bfa300000000000007030000ffffffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000001404000001007d60b7030000000000006a0a00fe40000900850000001f000000b70000000000000095000000000000006623848adf1dc9a764ab51a064caff0c9b27a26293fddf0180000071ff31f1622271d5518193e09483c5a020c334f8c76334d8ce8303b81ddaa52e8756ad60a07d6f27c125e16d024098f755d8583da60f27c162dbba0700002ac9170f50f2568836077b7f711a18ebf608d87b885297b6b6981978d51514b00dcc4a2748b376358c33c9753beab62bdf27dc04e4cb4bc598affd989b1ca58949a54d5827df14feecea46408a05d572077f1252fbb72c3d099c501bc4ded6fca17a3447222c95edb47b770009524edd5fa5c53e9c37251709f1ff7f0000f07bf7f53ce129a9ecd3b4dd15100f2b450f98526a0d8cac7c97fc2f64015306a1bd88345710fb6379b4c53cf55eefb4c0974486a8d25a363adbd83b49e13fbd1757b27020bd9b8cff3f48c9411670c34f23ab8caf7851b290feb3045a1b622f20c4383a0280f040de7667f8b1d0842835e81c35af41e5b5b924275cb1749289b44e9728e7a73f148ac8206afe120c1437490d9900000011000003971b32fdffffffffffffffaf580278e1342aabd1b623f6c4f128858e4eb6b42f2173184c2b99b645f6ec0e14e5d7c95a0008000000f30f6c0000000000ff0000b8f5001a1d2a34dc0973ec302bc23211d3e3b6e6dad65a51e5497a3419cecec38126247b27113ad4c7915c8f82c333a7b350802f0311807010d1ed50c18411aa6900daccc02f4ba4b078f07e41f781eee222c7d071d5a94d82ca9a0846c1af59cee16639b4970f8f0a82c6a712fd5722d677d406160ffaffffffb4e0bde6749aa52c408b74251914c5d3255fd88a42e7ebb69ebcd8eee623e51dbb1f1b548c91a6825c0686fdc16be1cbb72c217fda18bd746253ca66093daf35923300b600000000ac376e0a4649a8a84e1d293a6b109c5e59b366bca5cc3d936c53d4a48c05099e6fc37e5aa23bff8cce0600000000000300a568a8532623d12b40b50ac26f2e8255470a04bfbe7acb581b90991d965a01d1f84cb6b973558e1e3f8118c77ccf0b3c6eb6443870004da10c75723b65f83769ad1f0e4ef6b9ef1cec23264fd8fdac6264af1cb467020bdc12b797b6c156c439105829d2ae1c45f7cfa40df68f536a03353a55a8a8e176e5d48887d31c8e0f77f2c1e68ec7c01bd5a2028a8fc107007f5f4c67600a6ade3deb1f200abe1f753754678dae8b4e3ba3d086d4b95dfc5817e3dafae2d38b522f942cc750399d9029f071fdb1e05882f8a4b8fbd219ccac3a895828b4f22b6527ce31ceb02b7b2b4492510134552f0b076b168394f8417f25cc82ae04007193cbe69de8bf35e4bebd15412426b2020ab1f05fc44ae9ae094c1b81d3ef947692b44d2afb09c7498dedf0f87c38bbcab7357836f03e8a7c392e535694a3ead2de11e6b1781e2a017ac341fda2e563ee95085742f5fee9f95f4741b226e428d20b00bc140000e4b2f5efd0a0b1ceba000830ba8634b5aa26bdbe91614e92fae3c7349531df9bf4c01ebf5d8eb7d53e5f30647661623fbdb3f6c3652c423ce6ecc1be5d4e8133fc32f68ea86a2df1e7df98a0ae216c405d0ae9eed114ff2d6fe27dfdff1cf9194849c4cc0da9533e5983863e526a7dc0d8728f3b573ca4427bdb44df9341e9b8420e896598a156c935c800436a312e7ae3c011e46851ac599f0427729ab9c55ae0ab4c0000000000000000000000000000c87bcc2ac5aed9467b51d92e0993af4beaf1f3d47dcdfab9165f98155d93e383d6b85158b54675c1585037508c1e9461a1c3d1a6e2402045cae150a7016f716eebbdf6afc4414d900be0bdf19f4a273f44f4357380b4387f1c8b104f0e406b2f04e5ed88631be6411f9927fe9f83412b7c5a676ceec8b454ebf6481c98e86b6933a02daea0b4ec0be5b3d916bd70208b4588626c27c318475802e2c62681bd1a331422a6e47bbd40857d52c4894944fae5c5000000000000000000000000e0c47613e950b6aefeae054fc723f62ac7d13941de11b018f1f48ac50335df91c771729f81929128135b2803562c1171ee00a3f4a31281aa363e087d53d86dd85e3ff979a7e72d16fdd7e1a0f07a1c8e6085d280d760f74975ceb3a5be6cfb4da8e0aeb769b8b75f4aad803ed77d34872eed2711aa40a3b38099dc2752e8ec9b520faf39e416752aa0830206736570f5d41a4df848c9052551cf8dcb1be000000000eb2577188e8e96bd825d462350905d3eb916b397d2a46a64081e85661d7a5a2716cc87cb1976d15d9b6418e94f165911803e43830432226c660f4da67bb7c8ceb3755c07197d8b80b8d16b12c2ec63bebe107aa2350a7ae564bf69a6c52a2da1496016dd66a1c1b112"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000880), 0xfffffffffffffddd}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r5, 0x0, 0x27, 0x0, &(0x7f0000000140)="3d6ee2e04b91ab10143d9abe86dd", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x50)
ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000000)=0x15)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000100)=0x1b)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000040)=0x11)

12.354322659s ago: executing program 3 (id=2407):
r0 = socket(0x400000000010, 0x3, 0x0)
write(r0, &(0x7f0000000040)="0f03000019002551075c0165ff0ffc02802000030004000500e1000c040007001a000200", 0x33a)
sendmsg$IPSET_CMD_DEL(r0, &(0x7f0000000740)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000700)={&(0x7f0000000680)={0x18, 0xa, 0x6, 0x101, 0x0, 0x0, {0x3, 0x0, 0x4}, [@IPSET_ATTR_DATA={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0xc000}, 0x4000000)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000000c0)={{0x1}, &(0x7f0000000000), &(0x7f0000000080)='%pi6   \x00'}, 0x1c)
openat$vcsu(0xffffff9c, &(0x7f0000000100), 0x242742, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000400)={&(0x7f00000005c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x6c, 0x6c, 0x2, [@restrict={0xf, 0x0, 0x0, 0xb, 0x5}, @typedef={0x3, 0x0, 0x0, 0x8, 0x2}, @func_proto={0x0, 0x9, 0x0, 0xd, 0x0, [{0x2}, {0x4, 0x3}, {0x1, 0x3}, {0x2, 0x5}, {0x8, 0x3}, {0x5, 0x2}, {0xa, 0x5}, {0x1}, {0x4, 0x4}]}]}}, &(0x7f0000000340)=""/172, 0x86, 0xac, 0x0, 0xd920}, 0x28)
mkdirat$cgroup_root(0xffffff9c, &(0x7f00000002c0)='./cgroup/syz1\x00', 0x1ff)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
fsopen(0x0, 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e)
getsockopt$inet_sctp6_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000580), &(0x7f00000005c0)=0x4)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/oss_mixer\x00', 0x2002, 0x0)
write$proc_mixer(r4, &(0x7f0000000180)=ANY=[@ANYBLOB="5245434c45560a50484f4e454f55540a535045414b455220274344272030303030303030303030303030303030303030300a4449474954414c32202706b8"], 0xb8)
r5 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/asound/card0/oss_mixer\x00', 0x0, 0x0)
dup3(r5, r4, 0x0)

10.142167935s ago: executing program 3 (id=2412):
symlink(&(0x7f0000000040)='.\x00', &(0x7f0000000100)='./file0\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f0000000200)='./file1\x00', 0x0)
r0 = openat$dlm_plock(0xffffff9c, &(0x7f0000000000), 0x200002, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f00000007c0)={0x53, 0xfffffffffffffffe, 0x78, 0x8, @scatter={0x6, 0x0, &(0x7f0000000480)=[{&(0x7f0000000240)=""/34, 0x22}, {&(0x7f0000000280)=""/85, 0x55}, {&(0x7f0000000380)=""/225, 0xe1}, {&(0x7f0000000300)=""/24, 0x18}, {&(0x7f0000000540)=""/172, 0xac}, {&(0x7f0000000600)=""/140, 0x8c}]}, &(0x7f00000006c0)="aad61179735a677c37f8a9580b113ee75ad543128f61bbf8b35b138befa45335028eb922243cc5d34dac87ee1db2931be10fa662f73a438a5ff8e617ee89b07bb09dc3ad0697d4469600007a6b401d2c9787802e8f7b081cfdb95c9e59fd66793595c8a81790ca55e31b1042afc8f07dd4442b3eac45e802", &(0x7f0000000740)=""/68, 0x1, 0x10, 0x1, &(0x7f00000004c0)})
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000500)={[{@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
rmdir(&(0x7f0000000180)='./file1\x00')
chdir(&(0x7f00000001c0)='./bus\x00')
rename(&(0x7f0000000140)='./file0\x00', &(0x7f0000001900)='./file1\x00')

10.101312318s ago: executing program 1 (id=2414):
io_setup(0x10000, &(0x7f0000000040))
syz_open_dev$radio(&(0x7f0000001640), 0x0, 0x2)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x19)
migrate_pages(0x0, 0x5, &(0x7f0000000000)=0x9, &(0x7f0000000080)=0x272)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x1)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
setsockopt$inet6_IPV6_DSTOPTS(0xffffffffffffffff, 0x29, 0x3b, 0x0, 0x0)
r1 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2)
ioctl$VIDIOC_S_INPUT(r1, 0xc0045627, &(0x7f0000000100)=0x3)
ioctl$VIDIOC_SUBDEV_S_DV_TIMINGS(r1, 0xc0845657, &(0x7f0000000040)={0x0, @bt={0xa00, 0x400, 0x1, 0x1, 0xd59f83, 0x19fa, 0x3b, 0x19ef, 0x3, 0x8, 0x2800, 0x2800, 0x3, 0xba2, 0x0, 0x2b, {0x8, 0xffffffff}, 0xd1, 0x9}})
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_inet_SIOCSIFDSTADDR(r3, 0x8918, &(0x7f0000000040)={'veth0_to_batadv\x00', {0x2, 0x4e20, @empty}})
close(r2)
socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r2, 0x0, 0x0)
r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000300), 0xffffffffffffffff)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
recvmmsg(r5, &(0x7f0000001640)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000004c0)=""/4096, 0x1e67}, {&(0x7f00000000c0)=""/250, 0x4}], 0x2, 0x0, 0xd64}}], 0x300, 0x34000, 0x0)
sendmsg$ETHTOOL_MSG_TSINFO_GET(r5, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000280)=ANY=[@ANYBLOB="18000000", @ANYRES16=r4, @ANYBLOB="a787000000ff000000000b00000404000180"], 0x18}}, 0x0)
mbind(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x4000, &(0x7f0000000240)=0xee1, 0x0, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000180)={@fallback=r1, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)
socket(0x10, 0x3, 0x0)

9.269867652s ago: executing program 0 (id=2415):
openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x8c0802, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
userfaultfd(0x801)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$l2tp(0x0, 0xffffffffffffffff)
sendmsg$L2TP_CMD_TUNNEL_CREATE(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000100)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="170926bd700000000800000000000600090004000000060002000100000008000a0000000000"], 0x2c}}, 0x24000000)
madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15)
sendmsg$NL80211_CMD_VENDOR(0xffffffffffffffff, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000600000027"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x20, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r4}, 0x10)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="140000001000010000000000000000000100000a140000001100010000000000000000000700000a98de1972eaad045503d4a46144a0"], 0x28}}, 0x0)
r6 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
setsockopt$bt_BT_VOICE(r6, 0x12, 0xb, 0x0, 0x0)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r7 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r8 = dup(r7)
ioctl$TIOCL_SETVESABLANK(r8, 0x560e, &(0x7f0000000140))
sendmsg$NL80211_CMD_GET_FTM_RESPONDER_STATS(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000000}, 0x8000)
read$FUSE(0xffffffffffffffff, &(0x7f0000000880)={0x2020}, 0x2020)
r9 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r9, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000600)=@gettaction={0x104, 0x32, 0x8, 0xfffffffd, 0x0, {}, [@action_gd=@TCA_ACT_TAB={0x7c, 0x1, [{0xc, 0x12, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x55a3}}, {0x10, 0x1a, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'mirred\x00'}}, {0xc, 0x6, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'ipt\x00'}}, {0x10, 0x1c, 0x0, 0x0, @TCA_ACT_KIND={0xa, 0x1, 'pedit\x00'}}, {0xc, 0x13, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x80}}, {0xc, 0x10, 0x0, 0x0, @TCA_ACT_INDEX={0x8}}, {0xc, 0x1d, 0x0, 0x0, @TCA_ACT_KIND={0x7, 0x1, 'xt\x00'}}, {0xc, 0x1a, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x56}}, {0x10, 0x0, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'skbmod\x00'}}]}, @action_dump_flags=@TCA_ROOT_FLAGS={0xc, 0x2, {0x1}}, @action_dump_flags=@TCA_ROOT_FLAGS={0xc, 0x2, {0x0, 0x1}}, @action_gd=@TCA_ACT_TAB={0x5c, 0x1, [{0xc, 0x12, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x10}}, {0xc, 0x1c, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x9}}, {0xc, 0x5, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x2}}, {0xc, 0x16, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x4}}, {0x10, 0x8, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'sample\x00'}}, {0xc, 0xc, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x4}}, {0xc, 0x11e, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x4}}]}]}, 0x104}}, 0x4000810)

8.947821809s ago: executing program 1 (id=2416):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xc, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000002c0)='kfree\x00', r0}, 0x10)
openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newsa={0xec, 0x10, 0x713, 0x70bd28, 0x0, {{@in=@initdev={0xac, 0x1e, 0x1, 0x0}, @in=@local, 0x4e23, 0x1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x3a, 0x0, 0xee00}, {@in6=@remote, 0x0, 0x32}, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', {0x0, 0x0, 0x8, 0x100000001, 0x6}, {0x0, 0x0, 0x2, 0xfffffffffffffffc}, {0xc}, 0x70bd28, 0x0, 0x2}}, 0xec}, 0x1, 0x0, 0x0, 0xc0}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{0x0}], 0x1}, 0x0)
r1 = socket$inet_mptcp(0x2, 0x1, 0x106)
r2 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_int(r2, 0x29, 0xb, &(0x7f0000000040)=0x9, 0x4)
bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty, 0x1000}, 0x1c)
recvmmsg(r2, &(0x7f00000009c0)=[{{0x0, 0x0, 0x0}, 0x4}], 0x65942126f3d7b6a8, 0x2, 0x0)
sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c)
mremap(&(0x7f0000550000/0x2000)=nil, 0x2000, 0x9000, 0x7, &(0x7f0000096000/0x9000)=nil)
setsockopt$sock_int(r1, 0x1, 0x20, 0x0, 0x0)
bind$alg(0xffffffffffffffff, 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x10}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x3)
r4 = syz_open_dev$usbfs(&(0x7f0000000000), 0xb, 0x101301)
ioctl$USBDEVFS_IOCTL(r4, 0x80045505, &(0x7f0000000040)=@usbdevfs_connect)
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x42202)

8.26656892s ago: executing program 0 (id=2417):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
syz_open_dev$sg(0x0, 0x0, 0x38dd80)
r0 = socket$inet6(0xa, 0xa, 0x400000)
bind$inet6(r0, 0x0, 0x0)
sendmmsg$inet6(r0, 0x0, 0x0, 0xc8000)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x3, @raw_data="dea233684c996156af0d4bd8e32d0217e750b8c97b7123d48003e7e1d3be5f710c41a1db6719881876e9bcc6e2f73c67cc6b675eb43188b5b7f9f898868de9a9c5d536d418ba283121a73a5aba55a8772a2525295f4492bbde02ad8bc8e88779f2de06f38e99172df4d45b6f13c813dee4230c204a93172922b778fef7a1f89ce876bb89d405137434b28db48699fac20d928950507acd92c02d17f51b0a627539f6e0a0bdb92004bc6252cd35e8cd100962db9a83ad63a4e7e1ca17c1b6aac63fefa9bebe429d00"})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
setsockopt$MRT_ADD_MFC_PROXY(0xffffffffffffffff, 0x0, 0xd2, 0x0, 0x0)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x10)
syz_open_procfs$pagemap(0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x3, 0x7, &(0x7f0000000340)=ANY=[@ANYBLOB="1807001845f50bd015093c0000000000851000000200000026000000ffffff859500007b000000008500000013000000950000000000000084aac684da8fe9861769a6bf5316a13ea8b17291379c2d2bcf818fdaa1dca871ed6d028109542708bd2d1609b1a8120e60880651"], &(0x7f0000000040)='GPL\x00', 0x2}, 0x94)
mkdirat(0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e642c6163638173733d616e792c63616368653d667363616368652c76657273696f6e3d3970323030302e75"])
chdir(&(0x7f0000000100)='./file0\x00')
r2 = open(&(0x7f0000000040)='./file0\x00', 0x80242, 0x1df2a23c5997fa7b)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x0, 0xf0, 0x0, 0x0, 0x0, 0x805, 0x0, 0xd, 0x0, 0x0, 0x0}, 0x4c)
socket$inet6_tcp(0xa, 0x1, 0x0)
write$FUSE_CREATE_OPEN(r2, &(0x7f0000000500)={0xa0, 0xffffffffffffffda, 0x0, {{0x80000000, 0x3, 0xfffffffffffffffb, 0xfffffffffedfff83, 0x3, 0x1, {0x3, 0x3ff, 0x20ff, 0x7ff, 0xf7c, 0x800000000000d615, 0x3ff, 0x7fffffff, 0x6, 0x1000, 0xc, 0x0, 0x0, 0x3ff, 0x8ea2}}, {0x0, 0x12}}}, 0xa0)
ioctl$SIOCX25SCUDMATCHLEN(r2, 0x89e7, &(0x7f0000000280)={0x6c})
sendfile(r2, r2, &(0x7f0000000080), 0x7f04)
mlock2(&(0x7f0000bdc000/0x3000)=nil, 0x3000, 0x1)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000006c0)={r2, 0x0, 0x9b, 0x14, &(0x7f00000003c0)="beb6d960f850ce757a45dec40eb9efd952edb8df174b7fdf683c53405e7ef4b0c61c54b5377be5576d6372663891b6e55fa8140c651759121c9e098d442a1fb20a3661822b4fc19706a02ccec62f2c99ad89049083acee0fa66db842378d40f608c0665ca7108384545729f28b05dc676b015d8015166ac9468ea633f4f9344517529e06e272cd95f1d3983d5b9e0c29d45355db7e18c0a5ac8263", &(0x7f0000000740)=""/20, 0xc, 0x0, 0x4e, 0x51, &(0x7f00000005c0)="3b0a2430d2cabc220a2a5bd661262a3978ed974878c981c5a426ff3ace0213058753778ee01a81bce2eb4ef4d5bc777f4ab526a3fcb0916e9150e2e2cee7d9eca8beaa56ba7811c9e4e1cde38442", &(0x7f0000000640)="945044bf99a751063cb5a27b43534a9a2184e2b404ecaf8803689aaa4d5b1f1b5dcad33b92f4e166e0ac13ad83d871fa5c82ff78dfff45cfa2a876c608227f515a0f419e6da289dc9e83c6da38b43fb7d8", 0x7, 0x0, 0xa9}, 0x4c)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, 0x0)

7.876463013s ago: executing program 0 (id=2419):
io_setup(0x10000, &(0x7f0000000040))
syz_open_dev$radio(&(0x7f0000001640), 0x0, 0x2)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x19)
migrate_pages(0x0, 0x5, &(0x7f0000000000)=0x9, &(0x7f0000000080)=0x272)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x1)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
setsockopt$inet6_IPV6_DSTOPTS(0xffffffffffffffff, 0x29, 0x3b, 0x0, 0x0)
r1 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2)
ioctl$VIDIOC_S_INPUT(r1, 0xc0045627, &(0x7f0000000100)=0x3)
ioctl$VIDIOC_SUBDEV_S_DV_TIMINGS(r1, 0xc0845657, &(0x7f0000000040)={0x0, @bt={0xa00, 0x400, 0x1, 0x1, 0xd59f83, 0x19fa, 0x3b, 0x19ef, 0x3, 0x8, 0x2800, 0x2800, 0x3, 0xba2, 0x0, 0x2b, {0x8, 0xffffffff}, 0xd1, 0x9}})
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_inet_SIOCSIFDSTADDR(r3, 0x8918, &(0x7f0000000040)={'veth0_to_batadv\x00', {0x2, 0x4e20, @empty}})
close(r2)
socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r2, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
r4 = syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
recvmmsg(r5, &(0x7f0000001640)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000004c0)=""/4096, 0x1e67}, {&(0x7f00000000c0)=""/250, 0x4}], 0x2, 0x0, 0xd64}}], 0x300, 0x34000, 0x0)
sendmsg$ETHTOOL_MSG_TSINFO_GET(r5, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000280)=ANY=[@ANYBLOB="18000000", @ANYRES16=r4, @ANYBLOB="a787000000ff000000000b00000404000180"], 0x18}}, 0x0)
mbind(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x4000, &(0x7f0000000240)=0xee1, 0x0, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000180)={@fallback=r1, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)
socket(0x10, 0x3, 0x0)

7.042779953s ago: executing program 2 (id=2420):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x60081, 0x0)
ioctl$TCSETS(r0, 0x404c4701, &(0x7f0000000040)={0x1, 0x0, 0x0, 0x400000, 0x14, "3eccd8000000000000000010000000040100"})
syz_genetlink_get_family_id$gtp(&(0x7f0000000080), 0xffffffffffffffff)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r2 = dup(r1)
write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="fc0000001900010000000000fcdbdf2500000000000000000000000000000000fe8000000000000000000000000000bb00000000000000000200000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB], 0xfc}, 0x1, 0x0, 0x0, 0x20008000}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
unshare(0x8010800)
r5 = socket$nl_route(0x10, 0x3, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="040f0200f80d20"], 0x7)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r6, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00', <r8=>0x0})
syz_init_net_socket$ax25(0x3, 0x3, 0xcf)
sendmsg$nl_route(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=@ipv6_newnexthop={0x20, 0x68, 0x5fb9a818fb7378e9, 0x0, 0x25dfdbff, {}, [@NHA_OIF={0x8, 0x5, r8}]}, 0x20}}, 0x0)
r9 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r9, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000004c0)=@newnexthop={0x38, 0x68, 0x1, 0x100003, 0x7ffffffd, {}, [@NHA_GROUP={0xc, 0x2, [{0x1, 0x15}]}, @NHA_RES_GROUP={0xc, 0xc, 0x0, 0x1, [@NHA_RES_GROUP_BUCKETS={0x6, 0x1, 0x3fd4}]}, @NHA_GROUP_TYPE={0x6, 0x3, 0x1}]}, 0x38}, 0x1, 0x0, 0x0, 0x4008018}, 0x4000080)
sendmsg$nl_route(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000540)=ANY=[@ANYBLOB="200000001000370400"/20, @ANYRES32=r8, @ANYBLOB="9201000000140000c700d297a15da00851121e3709be4f44ecc4906ed4ec0c56b3f85bd1b0fae631ddaad8a1f784224c5e331beaf162ef0379d57c16b7bbdbfcc0cc86f3f119a82c5f1e87a5c9fd797e5429884671a6b84c425c63ccb0d2f4533f27303a41a302e94452762adff8854b2ad93505b6af5b92005b55a748ab2d1a476d85f9a6df0796a915264cce8ce2e5ed06da80def9376a10635c30bebe65a05e8a0d186ed7c9bbc7b9678e114108018e9eb770ed803c78f87b5c6b51ed0044db8630d2f12e507487ab35d625bd301855625f7d92a9197b67c810ed89bcb85022aef34d3625db29f568136e38d8e0976a370d232afd41256b99ec84030899"], 0x20}}, 0x0)
bind$inet(r3, &(0x7f0000000100)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}, 0x10)
setsockopt$sock_int(r3, 0x1, 0x6, &(0x7f0000000000)=0x4, 0x4)
connect$inet(r3, &(0x7f0000000280)={0x2, 0x0, @broadcast}, 0x10)
sendmmsg$inet(r3, &(0x7f0000004d00)=[{{0x0, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x30000}}], 0x300, 0xf00)
gettid()
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x1})

6.774619723s ago: executing program 0 (id=2421):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x60081, 0x0)
ioctl$TCSETS(r0, 0x404c4701, &(0x7f0000000040)={0x1, 0x0, 0x0, 0x400000, 0x14, "3eccd8000000000000000010000000040100"})
syz_genetlink_get_family_id$gtp(&(0x7f0000000080), 0xffffffffffffffff)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r2 = dup(r1)
write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="fc0000001900010000000000fcdbdf2500000000000000000000000000000000fe8000000000000000000000000000bb00000000000000000200000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000000400000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000100000044000500"/127], 0xfc}, 0x1, 0x0, 0x0, 0x20008000}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
unshare(0x8010800)
r5 = socket$nl_route(0x10, 0x3, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="040f0200f80d20"], 0x7)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r6, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00', <r8=>0x0})
syz_init_net_socket$ax25(0x3, 0x3, 0xcf)
sendmsg$nl_route(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=@ipv6_newnexthop={0x20, 0x68, 0x5fb9a818fb7378e9, 0x0, 0x25dfdbff, {}, [@NHA_OIF={0x8, 0x5, r8}]}, 0x20}}, 0x0)
r9 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r9, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000004c0)=@newnexthop={0x38, 0x68, 0x1, 0x100003, 0x7ffffffd, {}, [@NHA_GROUP={0xc, 0x2, [{0x1, 0x15}]}, @NHA_RES_GROUP={0xc, 0xc, 0x0, 0x1, [@NHA_RES_GROUP_BUCKETS={0x6, 0x1, 0x3fd4}]}, @NHA_GROUP_TYPE={0x6, 0x3, 0x1}]}, 0x38}, 0x1, 0x0, 0x0, 0x4008018}, 0x4000080)
sendmsg$nl_route(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000540)=ANY=[@ANYBLOB="200000001000370400"/20, @ANYRES32=r8, @ANYBLOB="9201000000140000c700d297a15da00851121e3709be4f44ecc4906ed4ec0c56b3f85bd1b0fae631ddaad8a1f784224c5e331beaf162ef0379d57c16b7bbdbfcc0cc86f3f119a82c5f1e87a5c9fd797e5429884671a6b84c425c63ccb0d2f4533f27303a41a302e94452762adff8854b2ad93505b6af5b92005b55a748ab2d1a476d85f9a6df0796a915264cce8ce2e5ed06da80def9376a10635c30bebe65a05e8a0d186ed7c9bbc7b9678e114108018e9eb770ed803c78f87b5c6b51ed0044db8630d2f12e507487ab35d625bd301855625f7d92a9197b67c810ed89bcb85022aef34d3625db29f568136e38d8e0976a370d232afd41256b99ec84030899"], 0x20}}, 0x0)
bind$inet(r3, &(0x7f0000000100)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}, 0x10)
setsockopt$sock_int(r3, 0x1, 0x6, &(0x7f0000000000)=0x4, 0x4)
connect$inet(r3, &(0x7f0000000280)={0x2, 0x0, @broadcast}, 0x10)
sendmmsg$inet(r3, &(0x7f0000004d00)=[{{0x0, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x30000}}], 0x300, 0xf00)
gettid()
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x1})

6.205228014s ago: executing program 2 (id=2422):
r0 = io_uring_setup(0x664c, &(0x7f0000000480)={0x0, 0x0, 0x1880, 0x5})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='contention_end\x00'}, 0x10)
syz_usb_connect(0x5, 0x2d, &(0x7f0000000080)=ANY=[@ANYBLOB="120100000cb768405e0483020b9901e4020109021b000100000000090400fb015c291d00090509"], 0x0)
syz_open_dev$sndpcmp(&(0x7f0000000080), 0x3, 0x800)
close_range(r0, 0xffffffffffffffff, 0x2000000)

5.656777165s ago: executing program 0 (id=2423):
openat$mixer(0xffffffffffffff9c, &(0x7f00000018c0), 0x0, 0x0)
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000400)={0x6, 0x12, &(0x7f0000000140)=@framed={{0x18, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0xf}, [@map_val={0x18, 0x2, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x6}, @ldst={0x0, 0x1, 0x1, 0xa, 0x3, 0x50, 0x4}, @tail_call={{0x18, 0x2, 0x1, 0x0, 0x1}}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0x2, 0x0, 0x0, 0x0, 0xfffeffff}, @tail_call]}, &(0x7f0000000200)='GPL\x00', 0x8000, 0x7b, &(0x7f0000000240)=""/123, 0x40f00, 0x40, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f00000002c0)={0x3, 0xe, 0xd21, 0x49f5}, 0x10, 0x0, 0x0, 0x9, &(0x7f0000000300)=[0x1, 0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff], &(0x7f0000000340)=[{0x1, 0x2, 0x1, 0x2}, {0x1, 0x1, 0x0, 0x1}, {0x5, 0x2, 0x1, 0x5}, {0x0, 0x3, 0xc, 0xb}, {0x4, 0x5, 0x4}, {0x4, 0x5, 0x3, 0xb}, {0x4, 0x3, 0x8, 0xc}, {0x3, 0x1, 0x3, 0x1}, {0x0, 0x5, 0xe, 0x7}], 0x10, 0x5}, 0x94)
r1 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f00000004c0)={0x3, 0x4, 0x4, 0xa, 0x0, 0x1, 0xa, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x3, 0x2}, 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0x9, &(0x7f0000000040)=@raw=[@printk={@llx, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x25e}}, @jmp={0x5, 0x0, 0x8, 0xb, 0x9, 0x30, 0xffffffffffffffff}], &(0x7f00000000c0)='GPL\x00', 0x8, 0x0, 0x0, 0x41000, 0x9, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x8, &(0x7f0000000100)={0x6, 0x1}, 0x8, 0x10, 0x0, 0x0, 0x0, r0, 0x4, &(0x7f0000000540)=[r1], &(0x7f0000000580)=[{0x4, 0x7, 0x6}, {0x3, 0x5, 0x3, 0x7}, {0x2, 0x2, 0x5}, {0x2, 0x5, 0x6}], 0x10, 0x1}, 0x94)
r3 = openat$ndctl0(0xffffff9c, &(0x7f0000000680), 0xd40, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f00000007c0)={@cgroup, 0xf, 0x0, 0x9c, &(0x7f00000006c0)=[0x0, 0x0], 0x2, 0x0, &(0x7f0000000700)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000880)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000780)=[0x0, 0x0, 0x0], <r4=>0x0}, 0x40)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000800)={@fallback=r2, r3, 0x7, 0x0, r0, @void, @value=r0, @void, @void, r4}, 0x20)
syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/net\x00')
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000))
syz_open_dev$usbfs(0x0, 0x204, 0x2)
r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x88640, 0x0)
ioctl$TCSETS(r5, 0x40045431, &(0x7f0000000040)={0x0, 0x0, 0x4, 0x0, 0x0, "ff00f7000000000000000000af88008300"})
r6 = syz_open_pts(r5, 0x141601)
r7 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r7}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x3938700}, {0x0, 0x3938700}}, 0x0)
ppoll(0x0, 0x0, 0x0, 0x0, 0x0)
write(r6, &(0x7f0000000000)="d5", 0xfffffedf)
ioctl$TCSETSF(r6, 0x5404, &(0x7f0000000080)={0x8, 0x20000000, 0xfffffffc, 0x7fffffd, 0x5, "682341f2fd71a6a76177920ea7e60c0ac7a4a5"})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r8 = creat(&(0x7f0000000180)='./file0\x00', 0x10)
write$qrtrtun(r8, &(0x7f0000000400)="2ec8425d4ce2ef00", 0x8)
ioctl$RNDZAPENTCNT(r8, 0x5204, &(0x7f0000000840)=0x9)

4.987840302s ago: executing program 2 (id=2424):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x60081, 0x0)
ioctl$TCSETS(r0, 0x404c4701, &(0x7f0000000040)={0x1, 0x0, 0x0, 0x400000, 0x14, "3eccd8000000000000000010000000040100"})
syz_genetlink_get_family_id$gtp(&(0x7f0000000080), 0xffffffffffffffff)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r2 = dup(r1)
write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="fc0000001900010000000000fcdbdf2500000000000000000000000000000000fe8000000000000000000000000000bb00000000000000000200000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000000400000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000100000044000500"/127], 0xfc}, 0x1, 0x0, 0x0, 0x20008000}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
unshare(0x8010800)
r5 = socket$nl_route(0x10, 0x3, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="040f0200f80d20"], 0x7)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r6, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00', <r8=>0x0})
syz_init_net_socket$ax25(0x3, 0x3, 0xcf)
sendmsg$nl_route(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=@ipv6_newnexthop={0x20, 0x68, 0x5fb9a818fb7378e9, 0x0, 0x25dfdbff, {}, [@NHA_OIF={0x8, 0x5, r8}]}, 0x20}}, 0x0)
r9 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r9, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000004c0)=@newnexthop={0x38, 0x68, 0x1, 0x100003, 0x7ffffffd, {}, [@NHA_GROUP={0xc, 0x2, [{0x1, 0x15}]}, @NHA_RES_GROUP={0xc, 0xc, 0x0, 0x1, [@NHA_RES_GROUP_BUCKETS={0x6, 0x1, 0x3fd4}]}, @NHA_GROUP_TYPE={0x6, 0x3, 0x1}]}, 0x38}, 0x1, 0x0, 0x0, 0x4008018}, 0x4000080)
sendmsg$nl_route(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000540)=ANY=[@ANYBLOB="200000001000370400"/20, @ANYRES32=r8, @ANYBLOB="9201000000140000c700d297a15da00851121e3709be4f44ecc4906ed4ec0c56b3f85bd1b0fae631ddaad8a1f784224c5e331beaf162ef0379d57c16b7bbdbfcc0cc86f3f119a82c5f1e87a5c9fd797e5429884671a6b84c425c63ccb0d2f4533f27303a41a302e94452762adff8854b2ad93505b6af5b92005b55a748ab2d1a476d85f9a6df0796a915264cce8ce2e5ed06da80def9376a10635c30bebe65a05e8a0d186ed7c9bbc7b9678e114108018e9eb770ed803c78f87b5c6b51ed0044db8630d2f12e507487ab35d625bd301855625f7d92a9197b67c810ed89bcb85022aef34d3625db29f568136e38d8e0976a370d232afd41256b99ec84030899"], 0x20}}, 0x0)
bind$inet(r3, &(0x7f0000000100)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}, 0x10)
setsockopt$sock_int(r3, 0x1, 0x6, &(0x7f0000000000)=0x4, 0x4)
connect$inet(r3, &(0x7f0000000280)={0x2, 0x0, @broadcast}, 0x10)
sendmmsg$inet(r3, &(0x7f0000004d00)=[{{0x0, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x30000}}], 0x300, 0xf00)
gettid()
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x1})

4.93632815s ago: executing program 1 (id=2425):
socket$inet(0x2, 0x3, 0x2)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_open_dev$usbmon(0x0, 0x0, 0x0)
r4 = socket$rxrpc(0x21, 0x2, 0xa)
mkdir(&(0x7f0000000140)='./file0\x00', 0xd2)
ioctl$sock_SIOCGPGRP(r4, 0x8904, 0x0)
r5 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000780)=@raw={'raw\x00', 0x3c1, 0x3, 0x370, 0x1bc, 0x2b8, 0x0, 0x1bc, 0xff000000, 0x2a8, 0x3a8, 0x3a8, 0x2a8, 0x3a8, 0x3, 0x0, {[{{@ipv6={@dev, @private2, [], [], 'veth1_to_hsr\x00', 'wg2\x00'}, 0x0, 0x154, 0x1bc, 0x0, {0x0, 0xff3f0000}, [@common=@srh1={{0x8c}, {0x0, 0x0, 0x0, 0x0, 0x0, @private1, @loopback, @empty, [], [], [], 0x0, 0x6359d960a6776be9}}, @common=@inet=@ecn={{0x24}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'snmp_trap\x00', 'syz1\x00'}}}, {{@uncond, 0x0, 0xa4, 0xec}, @unspec=@CT0={0x48}}], {{'\x00', 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x3cc)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="180000000000000000000000000000009500000000000000636dc9fc5eb8bbd6e973412c611b69c76b348cd09d912738609f1cd155fad9592bd54ca044ed15f756da7b44867d165be8bb4aabb09e035913d72e5922ea1d338842532550d9394b28509fa4cf769f576406d231"], &(0x7f00000003c0)='GPL\x00', 0x90, 0x0, 0x0, 0x0, 0x1}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000140)='itimer_expire\x00', r6}, 0x18)
r7 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x8400, 0x0)
ioctl$FS_IOC_SETFLAGS(r7, 0x40186f40, &(0x7f0000000440)=0x1f)
getsockopt$inet6_tcp_buf(r0, 0x6, 0xd, 0x0, 0x0)
request_key(&(0x7f0000000080)='rxrpc_s\x00', &(0x7f0000001ffb)={'syz', 0x1}, &(0x7f0000000040)='\xb1H\xd7\xda\xe8y\xa9rustV\x1eS=\xd4\x16\x95::\x00\x00\x00', 0x0)
r8 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r8, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="4c000000150097f87059ae08060c040002ff0f020000000000000187ac1414aaa69d35a2cca84708f7abca1bac1414aabd7c493872f750375ed08a560400000003e4926441256d2c3d32461e", 0x4c}], 0x1}, 0x4040)

4.628783319s ago: executing program 0 (id=2426):
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
r1 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
bind$ax25(r1, &(0x7f0000000100)={{0x3, @default, 0x1}, [@null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @null]}, 0x48)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x10)
ioctl$sock_netdev_private(r2, 0x8914, &(0x7f0000000000))
ioctl$sock_netrom_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000000)={0x0, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bpq0, 0x1, 'syz1\x00', @default, 0x1, 0x0, [@null, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @default]})
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(0xffffffffffffffff, 0xc02064b2, &(0x7f0000000040)={0xa2, 0x6576, 0xd})
r3 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1edb23610000000109022d0101100000000904000003fe03010009cd8d1f0002000000090505020000fcffff09058b1e20"], 0x0)
syz_usb_control_io$printer(r3, 0x0, &(0x7f0000000480)={0x53, &(0x7f00000001c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0})
r4 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
ioctl$EVIOCGMASK(r4, 0x5b03, 0x0)
write$char_usb(r4, &(0x7f0000000100), 0x0)
syz_usb_disconnect(r3)
syz_open_dev$usbmon(0x0, 0x0, 0xc0041)
socketpair$unix(0x1, 0x3, 0x0, 0x0)
ioctl$sock_netdev_private(r0, 0x8914, &(0x7f0000000000))

4.046761464s ago: executing program 2 (id=2427):
bpf$MAP_CREATE(0x0, 0x0, 0x50)
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x2, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$SNDRV_CTL_IOCTL_RAWMIDI_PREFER_SUBDEVICE(0xffffffffffffffff, 0xc0b45545, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r5 = socket(0x400000000010, 0x3, 0x0)
r6 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r7, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0x3}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000005480)=@newtfilter={0x84, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r7, {0x0, 0x3}, {}, {0x3}}, [@filter_kind_options=@f_matchall={{0xd}, {0x50, 0x2, [@TCA_MATCHALL_ACT={0x4c, 0x2, [@m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x40, 0x6, 0x20000000, 0xea, 0x100004}, 0x1}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x2, 0x3}}}}]}]}}]}, 0x84}, 0x1, 0x0, 0x0, 0x10}, 0x0)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f00000003c0)="12f1ff35fa0f83472674520dadbffdca420ed3f22bb5b575b3b5df42e4d3e9038e261b13f4448b2993c3fc4984c2bbaec7749bd855672c0274f6072e3d8995c7d52809ec37d2f3fcac99f0a3255103dc076ace446999426df5b82c5341dca9726d86730857c33e4fac48417139311b5ac79a9686ed5b9ad8c6e34fb35a", 0x7d)
accept4$alg(r3, 0x0, 0x0, 0x80000)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
syz_open_procfs(0x0, &(0x7f00000002c0)='mounts\x00')
mkdir(&(0x7f00000001c0)='./file0\x00', 0x0)
mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180), 0x0, 0x0)
openat$cuse(0xffffffffffffff9c, &(0x7f0000002040), 0x2, 0x0)
socket$packet(0x11, 0x2, 0x300)

3.925145425s ago: executing program 1 (id=2428):
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000200), 0x800)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
fsopen(&(0x7f0000000000)='sysfs\x00', 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
syz_emit_vhci(0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="1000000004000000080000000b00000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000000000000000000000000000000000000000000005b973e2d11243f11b821242fb06f372cd78abafee700000000000000001000000000000000c4a712c8a4549d6ff1f263827d2f5183bb3dfe4687902b701a5daf867f99b0afb83d570baa090a2f2fb221e56876bde3b09987f1fd2388a8b0bb582d99b3abe6de30a321f9670a9b9b379ec5c244e47cd09bc0e46bbcf7e66789ff8effbc017b5f7fa1dd8a6ac8d7271b4e30797a7e4c9af9969dc5dcbddf1adfa692116cb93ed52465d55ae682550018f62a9b3c31058d460605b19ca559f4a16775fdd6f945b181e2ca29e6ce4a8c19c53a8351040e3cba9825727d0b5e30255477faf5c3990886b8e7144ea0b59c"], 0x50)
syz_open_dev$sndctrl(&(0x7f0000000300), 0x1, 0x0)
umount2(&(0x7f0000000340)='./file0\x00', 0x0)
syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0)
r5 = openat$dsp(0xffffff9c, &(0x7f0000000080), 0x82040, 0x0)
ioctl$SOUND_MIXER_WRITE_RECSRC(r5, 0xc0044dff, &(0x7f0000000100)=0x9)
sendmsg$NFNL_MSG_ACCT_GET_CTRZERO(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="20000000020701010000000000000000040000030c000780070001"], 0x20}, 0x1, 0x0, 0x0, 0x4}, 0x40448c2)
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r0, 0x4058534c, &(0x7f0000000180)={0x80, 0x2a, 0x3})
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r0, 0x4058534c, &(0x7f0000000400)={0x80, 0x16, 0x3, 0xfffffff7, 0x0, 0xc})
r6 = syz_init_net_socket$ax25(0x3, 0x5, 0x0)
ioctl$SIOCAX25GETINFOOLD(r6, 0x5411, &(0x7f0000000040))

3.561948957s ago: executing program 3 (id=2413):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a000000180100002020702500000000002020207b1af8ff00"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000002c0)='kfree\x00', r0}, 0x10)
r1 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newsa={0xec, 0x10, 0x713, 0x70bd28, 0x0, {{@in=@initdev={0xac, 0x1e, 0x1, 0x0}, @in=@local, 0x4e23, 0x1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x3a, 0x0, 0xee00}, {@in6=@remote, 0x0, 0x32}, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', {0x0, 0x0, 0x8, 0x100000001, 0x6}, {0x0, 0x0, 0x2, 0xfffffffffffffffc}, {0xc}, 0x70bd28, 0x0, 0x2}}, 0xec}, 0x1, 0x0, 0x0, 0xc0}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{0x0}], 0x1}, 0x0)
r2 = socket$inet_mptcp(0x2, 0x1, 0x106)
r3 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_int(r3, 0x29, 0xb, &(0x7f0000000040)=0x9, 0x4)
bind$inet6(r3, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty, 0x1000}, 0x1c)
recvmmsg(r3, &(0x7f00000009c0)=[{{0x0, 0x0, 0x0}, 0x4}], 0x65942126f3d7b6a8, 0x2, 0x0)
sendto$inet6(r3, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c)
mremap(&(0x7f0000550000/0x2000)=nil, 0x2000, 0x9000, 0x7, &(0x7f0000096000/0x9000)=nil)
setsockopt$sock_int(r2, 0x1, 0x20, 0x0, 0x0)
bind$alg(0xffffffffffffffff, 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x10}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r4 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r4, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socket$nl_netfilter(0x10, 0x3, 0xc)
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x42202)
write$apparmor_exec(r1, &(0x7f0000000080)={'exec ', ':\x00'}, 0x7)

2.889032795s ago: executing program 1 (id=2429):
openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x70bd2b, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7b, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x44)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
prctl$PR_SET_KEEPCAPS(0x8, 0x0)
syz_clone3(&(0x7f0000000580)={0x100008000, &(0x7f0000000180), &(0x7f00000001c0)=<r0=>0x0, &(0x7f0000000340), {0x3c}, &(0x7f0000000380)=""/198, 0xc6, &(0x7f0000000500)=""/86, &(0x7f0000000480)=[0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffffffffffffffff], 0x6}, 0x58)
syz_pidfd_open(r0, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x4000000004002, 0x0)
futex(&(0x7f0000000600), 0x100, 0x2, &(0x7f0000000640), &(0x7f0000000680)=0x1, 0x1)
r2 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r2, 0x40045532, &(0x7f0000000100)=0x3fffe)
syz_io_uring_setup(0x494, &(0x7f0000000200)={0x0, 0x2727b, 0x4, 0x1, 0x385}, &(0x7f0000000000)=<r3=>0x0, &(0x7f0000000280)=<r4=>0x0)
syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
sched_setscheduler(0x0, 0x1, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r5 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NL80211_CMD_REQ_SET_REG(r6, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000240)={0x1c, r7, 0x1, 0x70bd2d, 0x25dfdbff, {}, [@NL80211_ATTR_USER_REG_HINT_TYPE={0x8, 0x9a, 0x849bad20fb97b287}]}, 0x1c}, 0x1, 0x0, 0x0, 0x48800}, 0x40000)
writev(r5, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r8 = dup(r1)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r8, 0x2000)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x17)
write$binfmt_aout(r8, 0x0, 0xffffffdb)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)

2.61995506s ago: executing program 2 (id=2430):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095", @ANYRES64=0x0, @ANYRES64], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, 0x2}, 0x94)
socket$nl_route(0x10, 0x3, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000400)=@newlink={0x58, 0x10, 0x401, 0x4006, 0x25dfdbfe, {0x0, 0x0, 0xffff, 0x0, 0xd108}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x14, 0x2, 0x0, 0x1, [@IFLA_VLAN_EGRESS_QOS={0x10, 0x3, 0x0, 0x1, [@IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x4, 0x1}}]}]}}}, @IFLA_IFNAME={0x14, 0x3, 'macsec0\x00'}]}, 0x58}, 0x1, 0x0, 0x0, 0x4080}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r2 = dup(r1)
r3 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_MCAST_MSFILTER(r3, 0x29, 0x30, &(0x7f00000004c0)={0x1, {{0xa, 0x0, 0x0, @mcast1}}, 0x40000000}, 0x90)
write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r4, 0x0, 0xd}, 0x18)
r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r5, &(0x7f0000000000)={0x1f, 0xffffffffffffffff, 0x3}, 0x6)
ioctl$SIOCX25SFACILITIES(0xffffffffffffffff, 0x89e3, &(0x7f0000000080)={0x15, 0x800000, 0x10008, 0x8})
write$bt_hci(r5, &(0x7f0000000080)=ANY=[], 0x6)
r6 = syz_io_uring_setup(0x239, &(0x7f0000000740)={0x0, 0x1c2a, 0x10100, 0x0, 0x0, 0x0, r2}, &(0x7f0000000180)=<r7=>0x0, &(0x7f00000001c0)=<r8=>0x0)
syz_open_dev$video4linux(&(0x7f0000000080), 0x6, 0x80000)
r9 = socket$nl_route(0x10, 0x3, 0x0)
r10 = socket$inet6_udplite(0xa, 0x2, 0x88)
sendmsg$nl_route(r9, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=@newlink={0x38, 0x10, 0x401, 0x70bd26, 0x0, {0x0, 0x0, 0x0, 0x0, 0x32b}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @gtp={{0x8}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GTP_FD0={0x8, 0x1, @udp6=r10}]}}}]}, 0x38}}, 0x0)
r11 = syz_io_uring_setup(0x1e1e, &(0x7f0000000200)={0x0, 0x86f7, 0x10100}, &(0x7f0000002000)=<r12=>0x0, &(0x7f0000000000)=<r13=>0x0)
syz_io_uring_submit(r12, r13, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x22})
io_uring_enter(r11, 0x48e9, 0x0, 0x2, 0x0, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000007c0)=ANY=[@ANYBLOB="8001000010000100000000000008000000000000000000000000000000000000ac1414bb000000000000000000000000000000002f5647280000000016000000553b98239fb73aa69ff560423ebbbc6c8f005661dd147fc5de7101f7f9351b530de3cf5f46033bddaf36d81c4992315e8ee0dd88dc6292b0", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0a010102000000000000000000000000000004d26c000000ac1414aa00000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200010000000000480003006465666c61746500000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000480001006362636d616328736565642900"/308], 0x180}}, 0x0)
syz_io_uring_submit(r7, r8, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r1, 0x0, 0x0, 0x0, {}, 0x1})
io_uring_enter(r6, 0x2ded, 0xef92, 0x0, 0x0, 0x0)
clock_nanosleep(0x2, 0x0, &(0x7f0000000100)={0x0, 0x3938700}, 0x0)
munmap(&(0x7f0000002000/0x1000)=nil, 0x1000)

1.737144804s ago: executing program 2 (id=2432):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xc, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000002c0)='kfree\x00', r0}, 0x10)
openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newsa={0xec, 0x10, 0x713, 0x70bd28, 0x0, {{@in=@initdev={0xac, 0x1e, 0x1, 0x0}, @in=@local, 0x4e23, 0x1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x3a, 0x0, 0xee00}, {@in6=@remote, 0x0, 0x32}, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', {0x0, 0x0, 0x8, 0x100000001, 0x6}, {0x0, 0x0, 0x2, 0xfffffffffffffffc}, {0xc}, 0x70bd28, 0x0, 0x2}}, 0xec}, 0x1, 0x0, 0x0, 0xc0}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{0x0}], 0x1}, 0x0)
r1 = socket$inet_mptcp(0x2, 0x1, 0x106)
r2 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_int(r2, 0x29, 0xb, &(0x7f0000000040)=0x9, 0x4)
bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty, 0x1000}, 0x1c)
recvmmsg(r2, &(0x7f00000009c0)=[{{0x0, 0x0, 0x0}, 0x4}], 0x65942126f3d7b6a8, 0x2, 0x0)
sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c)
mremap(&(0x7f0000550000/0x2000)=nil, 0x2000, 0x9000, 0x7, &(0x7f0000096000/0x9000)=nil)
setsockopt$sock_int(r1, 0x1, 0x20, 0x0, 0x0)
bind$alg(0xffffffffffffffff, 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x10}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x3)
r4 = syz_open_dev$usbfs(&(0x7f0000000000), 0xb, 0x101301)
ioctl$USBDEVFS_IOCTL(r4, 0x80045505, &(0x7f0000000040)=@usbdevfs_connect)
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x42202)

0s ago: executing program 1 (id=2433):
r0 = socket$inet6(0xa, 0xa, 0x400000)
sendmmsg$inet6(r0, 0x0, 0x0, 0xc8000)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x3, @raw_data="dea233684c996156af0d4bd8e3300217e750b8c97b7123d48003e7e1d3be5f710c41a1db6719881876e9bcc6e2f73c67cc6b675eb43188b5b7f9f898868de9a9c5d536d418ba283121a73a5aba55a87d2a2525295f4492bbde02ad8bc8e88779f2de06f38e99172df4d45b6f13c813dee4230c204a93172922b778fef7a1f89ce876bb89d44cd705bbb28db4869dfac20d928950507acd92c02d17f51b0a627539f6e0a0bdb92004bc6252cd35e8cd100962db9a83ad63a4e7e1ca17c1b6aac63fefa9bebe429d00"})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = syz_io_uring_setup(0x7fae, &(0x7f0000000440)={0x0, 0x911f, 0x1, 0x2, 0x115}, &(0x7f0000000080), &(0x7f00000004c0))
io_uring_register$IORING_REGISTER_FILES2(r2, 0xd, &(0x7f0000000800)={0x1, 0x0, 0x0, &(0x7f0000000700)=[{0x0}], &(0x7f00000007c0)=[0x749]}, 0x20)
setsockopt$MRT_ADD_MFC_PROXY(0xffffffffffffffff, 0x0, 0xd2, 0x0, 0x0)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x2e}, 0x1, 0x0, 0x0, 0x20000000}, 0x24004080)
syz_open_procfs(0x0, &(0x7f0000000180)='wchan\x00')
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000400))
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
openat$dsp(0xffffffffffffff9c, &(0x7f00000003c0), 0x101a02, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, 0x0)
chdir(0x0)
r3 = open(&(0x7f0000000040)='./file0\x00', 0x80242, 0x1df2a23c5997fa7b)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
sendfile(r3, r3, &(0x7f0000000080), 0x7f04)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f0000001540)=ANY=[@ANYBLOB="b702000008000000bfa300000000000007030000ffffffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000001404000001007d60b7030000000000006a0a00fe40000900850000001f000000b70000000000000095000000000000006623848adf1dc9a764ab51a064caff0c9b27a26293fddf0180000071ff31f1622271d5518193e09483c5a020c334f8c76334d8ce8303b81ddaa52e8756ad60a07d6f27c125e16d024098f755d8583da60f27c162dbba0700002ac9170f50f2568836077b7f711a18ebf608d87b885297b6b6981978d51514b00dcc4a2748b376358c33c9753beab62bdf27dc04e4cb4bc598affd989b1ca58949a54d5827df14feecea46408a05d572077f1252fbb72c3d099c501bc4ded6fca17a3447222c95edb47b770009524edd5fa5c53e9c37251709f1ff7f0000f07bf7f53ce129a9ecd3b4dd15100f2b450f98526a0d8cac7c97fc2f64015306a1bd88345710fb6379b4c53cf55eefb4c0974486a8d25a363adbd83b49e13fbd1757b27020bd9b8cff3f48c9411670c34f23ab8caf7851b290feb3045a1b622f20c4383a0280f040de7667f8b1d0842835e81c35af41e5b5b924275cb1749289b44e9728e7a73f148ac8206afe120c1437490d9900000011000003971b32fdffffffffffffffaf580278e1342aabd1b623f6c4f128858e4eb6b42f2173184c2b99b645f6ec0e14e5d7c95a0008000000f30f6c0000000000ff0000b8f5001a1d2a34dc0973ec302bc23211d3e3b6e6dad65a51e5497a3419cecec38126247b27113ad4c7915c8f82c333a7b350802f0311807010d1ed50c18411aa6900daccc02f4ba4b078f07e41f781eee222c7d071d5a94d82ca9a0846c1af59cee16639b4970f8f0a82c6a712fd5722d677d406160ffaffffffb4e0bde6749aa52c408b74251914c5d3255fd88a42e7ebb69ebcd8eee623e51dbb1f1b548c91a6825c0686fdc16be1cbb72c217fda18bd746253ca66093daf35923300b600000000ac376e0a4649a8a84e1d293a6b109c5e59b366bca5cc3d936c53d4a48c05099e6fc37e5aa23bff8cce0600000000000300a568a8532623d12b40b50ac26f2e8255470a04bfbe7acb581b90991d965a01d1f84cb6b973558e1e3f8118c77ccf0b3c6eb6443870004da10c75723b65f83769ad1f0e4ef6b9ef1cec23264fd8fdac6264af1cb467020bdc12b797b6c156c439105829d2ae1c45f7cfa40df68f536a03353a55a8a8e176e5d48887d31c8e0f77f2c1e68ec7c01bd5a2028a8fc107007f5f4c67600a6ade3deb1f200abe1f753754678dae8b4e3ba3d086d4b95dfc5817e3dafae2d38b522f942cc750399d9029f071fdb1e05882f8a4b8fbd219ccac3a895828b4f22b6527ce31ceb02b7b2b4492510134552f0b076b168394f8417f25cc82ae04007193cbe69de8bf35e4bebd15412426b2020ab1f05fc44ae9ae094c1b81d3ef947692b44d2afb09c7498dedf0f87c38bbcab7357836f03e8a7c392e535694a3ead2de11e6b1781e2a017ac341fda2e563ee95085742f5fee9f95f4741b226e428d20b00bc140000e4b2f5efd0a0b1ceba000830ba8634b5aa26bdbe91614e92fae3c7349531df9bf4c01ebf5d8eb7d53e5f30647661623fbdb3f6c3652c423ce6ecc1be5d4e8133fc32f68ea86a2df1e7df98a0ae216c405d0ae9eed114ff2d6fe27dfdff1cf9194849c4cc0da9533e5983863e526a7dc0d8728f3b573ca4427bdb44df9341e9b8420e896598a156c935c800436a312e7ae3c011e46851ac599f0427729ab9c55ae0ab4c0000000000000000000000000000c87bcc2ac5aed9467b51d92e0993af4beaf1f3d47dcdfab9165f98155d93e383d6b85158b54675c1585037508c1e9461a1c3d1a6e2402045cae150a7016f716eebbdf6afc4414d900be0bdf19f4a273f44f4357380b4387f1c8b104f0e406b2f04e5ed88631be6411f9927fe9f83412b7c5a676ceec8b454ebf6481c98e86b6933a02daea0b4ec0be5b3d916bd70208b4588626c27c318475802e2c62681bd1a331422a6e47bbd40857d52c4894944fae5c5000000000000000000000000e0c47613e950b6aefeae054fc723f62ac7d13941de11b018f1f48ac50335df91c771729f81929128135b2803562c1171ee00a3f4a31281aa363e087d53d86dd85e3ff979a7e72d16fdd7e1a0f07a1c8e6085d280d760f74975ceb3a5be6cfb4da8e0aeb769b8b75f4aad803ed77d34872eed2711aa40a3b38099dc2752e8ec9b520faf39e416752aa0830206736570f5d41a4df848c9052551cf8dcb1be000000000eb2577188e8e96bd825d462350905d3eb916b397d2a46a64081e85661d7a5a2716cc87cb1976d15d9b6418e94f165911803e43830432226c660f4da67bb7c8ceb3755c07197d8b80b8d16b12c2ec63bebe107aa2350a7ae564bf69a6c52a2da1496016dd66a1c1b112"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000880), 0xfffffffffffffddd}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r4, 0x0, 0x27, 0x0, &(0x7f0000000140)="3d6ee2e04b91ab10143d9abe86dd", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x50)
r5 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r5, 0x5423, &(0x7f0000000100)=0x1b)
ioctl$TIOCSETD(r5, 0x5423, &(0x7f0000000040)=0x11)

kernel console output (not intermixed with test programs):

  do_fast_syscall_32+0x32/0x80
[  552.153583][T12838]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  552.153597][T12838] RIP: 0023:0xf7ff5579
[  552.153606][T12838] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  552.153616][T12838] RSP: 002b:00000000f5116590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  552.153627][T12838] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f5116620
[  552.153634][T12838] RDX: 000000000000000f RSI: 00000000f7483ff4 RDI: 0000000000000000
[  552.153640][T12838] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  552.153646][T12838] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  552.153652][T12838] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  552.153665][T12838]  </TASK>
[  552.295751][T12085] Bluetooth: hci2: unexpected subevent 0x0a length: 91 > 30
[  552.477338][T12844] openvswitch: : Dropping previously announced user features
[  552.773649][T12846] netlink: 284 bytes leftover after parsing attributes in process `syz.1.1781'.
[  554.325289][ T5964] Bluetooth: hci2: command 0x0406 tx timeout
[  554.338169][T12885] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  554.390698][T12885] could not allocate digest TFM handle sha256-ni
[  554.866000][   T54] usb 8-1: new high-speed USB device number 15 using dummy_hcd
[  555.053055][   T54] usb 8-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  555.056803][   T54] usb 8-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  555.060907][   T54] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 66
[  555.065034][   T54] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 101, changing to 10
[  555.069640][   T54] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 18286, setting to 1024
[  555.074788][ T1119] sr 2:0:0:0: [sr0] tag#26 FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_OK cmd_age=0s
[  555.077986][ T1119] sr 2:0:0:0: [sr0] tag#26 Sense Key : Illegal Request [current] 
[  555.079970][   T54] usb 8-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  555.081097][ T1119] sr 2:0:0:0: [sr0] tag#26 Add. Sense: Invalid command operation code
[  555.306894][   T54] usb 8-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  555.309943][   T54] usb 8-1: Product: syz
[  555.311380][   T54] usb 8-1: Manufacturer: syz
[  555.414613][T12884] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  555.454353][ T1119] sr 2:0:0:0: [sr0] tag#26 CDB: Write(10) 2a 00 00 00 00 00 00 00 04 00
[  555.464241][ T1119] critical target error, dev sr0, sector 0 op 0x1:(WRITE) flags 0x800 phys_seg 2 prio class 0
[  555.468905][   T54] cdc_wdm 8-1:1.0: skipping garbage
[  555.471422][   T54] cdc_wdm 8-1:1.0: skipping garbage
[  555.474101][ T1119] Buffer I/O error on dev sr0, logical block 0, lost async page write
[  555.477339][ T1119] Buffer I/O error on dev sr0, logical block 1, lost async page write
[  555.477617][   T54] cdc_wdm 8-1:1.0: cdc-wdm0: USB WDM device
[  555.494860][   T54] cdc_wdm 8-1:1.0: Unknown control protocol
[  556.332859][   T54] usb 8-1: USB disconnect, device number 15
[  556.916141][T12909] openvswitch: : Dropping previously announced user features
[  557.674117][ T6024] usb 7-1: new high-speed USB device number 14 using dummy_hcd
[  557.824329][ T6024] usb 7-1: Using ep0 maxpacket: 8
[  557.834124][ T6024] usb 7-1: config index 0 descriptor too short (expected 301, got 45)
[  557.837456][ T6024] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  557.840845][ T6024] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  557.844062][ T6024] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  557.847191][ T6024] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  557.851286][ T6024] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  557.868640][ T6024] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  557.884937][T12923] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1802'.
[  558.075489][ T6024] usb 7-1: GET_CAPABILITIES returned 0
[  558.077279][ T6024] usbtmc 7-1:16.0: can't read capabilities
[  558.171500][T12928] ip6t_srh: unknown srh invflags 6BE9
[  558.182502][T12928] ubi: mtd0 is already attached to ubi31
[  558.315798][  T837] usb 7-1: USB disconnect, device number 14
[  558.637473][T12932] ubi: mtd0 is already attached to ubi31
[  560.947286][T12985] openvswitch: : Dropping previously announced user features
[  562.325809][ T1419] ieee802154 phy1 wpan1: encryption failed: -22
[  566.765748][T13049] ubi: mtd0 is already attached to ubi31
[  567.132848][T13056] netlink: 'syz.1.1829': attribute type 2 has an invalid length.
[  567.148296][T13056] netlink: 723 bytes leftover after parsing attributes in process `syz.1.1829'.
[  568.035537][T13070] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(3)
[  568.037638][T13070] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  568.044542][T13070] vhci_hcd vhci_hcd.0: Device attached
[  568.049647][T13071] usbip_core: unknown command
[  568.051604][T13071] vhci_hcd: unknown pdu 0
[  568.053044][T13071] usbip_core: unknown command
[  568.055590][ T1178] vhci_hcd: stop threads
[  568.057168][ T1178] vhci_hcd: release socket
[  568.058672][ T1178] vhci_hcd: disconnect device
[  568.298047][T13077] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1832'.
[  569.965874][   T34] usb 8-1: new high-speed USB device number 16 using dummy_hcd
[  570.134087][   T34] usb 8-1: Using ep0 maxpacket: 8
[  570.137111][   T34] usb 8-1: config index 0 descriptor too short (expected 301, got 45)
[  570.140156][   T34] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  570.143587][   T34] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  570.147241][   T34] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  570.150528][   T34] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  570.155841][   T34] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  570.158764][   T34] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  570.254129][   T53] usb 7-1: new high-speed USB device number 15 using dummy_hcd
[  570.365463][   T34] usb 8-1: GET_CAPABILITIES returned 0
[  570.367528][   T34] usbtmc 8-1:16.0: can't read capabilities
[  570.404122][   T53] usb 7-1: Using ep0 maxpacket: 8
[  570.408196][   T53] usb 7-1: config index 0 descriptor too short (expected 301, got 45)
[  570.410669][   T53] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  570.413574][   T53] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  570.417738][   T53] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  570.420867][   T53] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  570.425706][   T53] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  570.429578][   T53] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  570.475143][T13089] openvswitch: : Dropping previously announced user features
[  570.566693][ T6042] usb 8-1: USB disconnect, device number 16
[  570.643699][   T53] usb 7-1: GET_CAPABILITIES returned 0
[  570.645565][   T53] usbtmc 7-1:16.0: can't read capabilities
[  570.846740][   T53] usb 7-1: USB disconnect, device number 15
[  572.535391][   T53] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[  572.545422][T13116] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(3)
[  572.547569][T13116] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  572.550834][T13116] vhci_hcd vhci_hcd.0: Device attached
[  572.555968][T13117] usbip_core: unknown command
[  572.557644][T13117] vhci_hcd: unknown pdu 0
[  572.559089][T13117] usbip_core: unknown command
[  572.563737][ T1171] vhci_hcd: stop threads
[  572.565813][ T1171] vhci_hcd: release socket
[  572.567804][ T1171] vhci_hcd: disconnect device
[  572.702835][   T53] usb 6-1: Using ep0 maxpacket: 8
[  572.710992][   T53] usb 6-1: config index 0 descriptor too short (expected 301, got 45)
[  572.713670][   T53] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  572.717554][   T53] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  572.720589][   T53] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  572.723716][   T53] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  572.734063][   T53] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  572.737126][   T53] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  572.751054][T13122] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1845'.
[  572.964128][   T53] usb 6-1: GET_CAPABILITIES returned 0
[  572.965901][   T53] usbtmc 6-1:16.0: can't read capabilities
[  573.167164][ T6044] usb 6-1: USB disconnect, device number 8
[  575.030510][T13138] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1850'.
[  575.035991][T13138] bond0: entered promiscuous mode
[  575.073479][T13139] ip6t_srh: unknown srh invflags 6BE9
[  575.090324][T13139] ubi: mtd0 is already attached to ubi31
[  575.098247][T13138] bond0: left promiscuous mode
[  577.689564][T13168] openvswitch: : Dropping previously announced user features
[  578.907733][T13180] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1860'.
[  579.088418][T13185] netlink: 'syz.3.1861': attribute type 2 has an invalid length.
[  579.091598][T13185] netlink: 723 bytes leftover after parsing attributes in process `syz.3.1861'.
[  580.829817][T13201] openvswitch: : Dropping previously announced user features
[  581.095305][T13206] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1866'.
[  581.858899][T13221] "syz.2.1868" (13221) uses obsolete ecb(arc4) skcipher
[  581.887742][T13222] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1872'.
[  581.915088][T13224] netlink: 'syz.1.1871': attribute type 2 has an invalid length.
[  581.919831][T13224] netlink: 723 bytes leftover after parsing attributes in process `syz.1.1871'.
[  584.148183][T13248] openvswitch: : Dropping previously announced user features
[  588.270550][T13272] "syz.1.1884" (13272) uses obsolete ecb(arc4) skcipher
[  588.364130][    T9] usb 5-1: new high-speed USB device number 20 using dummy_hcd
[  588.481722][T13274] netlink: 'syz.2.1885': attribute type 2 has an invalid length.
[  588.484266][T13274] netlink: 723 bytes leftover after parsing attributes in process `syz.2.1885'.
[  588.515185][    T9] usb 5-1: Using ep0 maxpacket: 8
[  588.518231][    T9] usb 5-1: config index 0 descriptor too short (expected 301, got 45)
[  588.520784][    T9] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  588.523786][    T9] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  588.527209][    T9] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  588.530244][    T9] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  588.535446][    T9] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  588.538383][    T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  588.946717][    T9] usb 5-1: usb_control_msg returned -71
[  588.948507][    T9] usbtmc 5-1:16.0: can't read capabilities
[  588.952446][    T9] usb 5-1: USB disconnect, device number 20
[  589.048610][T13281] lo speed is unknown, defaulting to 1000
[  589.050544][T13281] lo speed is unknown, defaulting to 1000
[  589.052961][T13281] lo speed is unknown, defaulting to 1000
[  589.060007][T13281] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[  589.071996][T13281] lo speed is unknown, defaulting to 1000
[  589.074653][T13281] lo speed is unknown, defaulting to 1000
[  589.079145][T13281] lo speed is unknown, defaulting to 1000
[  589.081709][T13281] lo speed is unknown, defaulting to 1000
[  592.540933][T13309] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1893'.
[  593.702626][T13319] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1895'.
[  593.707468][T13319] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1895'.
[  593.795661][T13319] overlayfs: failed to resolve './file1': -2
[  593.936384][T13322] netlink: 'syz.0.1897': attribute type 2 has an invalid length.
[  593.939706][T13322] netlink: 723 bytes leftover after parsing attributes in process `syz.0.1897'.
[  595.287812][T13340] ip6t_srh: unknown srh invflags 6BE9
[  595.294423][T13340] ubi: mtd0 is already attached to ubi31
[  595.772616][T13347] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(3)
[  595.775813][T13347] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  595.780122][T13347] vhci_hcd vhci_hcd.0: Device attached
[  595.786178][T13348] usbip_core: unknown command
[  595.788227][T13348] vhci_hcd: unknown pdu 0
[  595.790117][T13348] usbip_core: unknown command
[  595.791940][   T74] vhci_hcd: stop threads
[  595.793679][   T74] vhci_hcd: release socket
[  595.796015][   T74] vhci_hcd: disconnect device
[  596.141170][T13357] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1904'.
[  598.026088][T13371] netlink: 'syz.1.1909': attribute type 2 has an invalid length.
[  598.028910][T13371] netlink: 723 bytes leftover after parsing attributes in process `syz.1.1909'.
[  600.763567][T13398] openvswitch: : Dropping previously announced user features
[  601.087243][T13400] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(3)
[  601.089883][T13400] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  601.093298][T13400] vhci_hcd vhci_hcd.0: Device attached
[  601.099953][T13401] usbip_core: unknown command
[  601.101955][T13401] vhci_hcd: unknown pdu 0
[  601.103478][T13401] usbip_core: unknown command
[  601.105302][ T1178] vhci_hcd: stop threads
[  601.106707][ T1178] vhci_hcd: release socket
[  601.108695][ T1178] vhci_hcd: disconnect device
[  601.379662][T13412] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1916'.
[  601.582887][T13413] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1918'.
[  603.050909][T13420] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1919'.
[  605.448805][T13450] ip6t_srh: unknown srh invflags 6BE9
[  605.463489][T13450] ubi: mtd0 is already attached to ubi31
[  606.885311][T13464] openvswitch: : Dropping previously announced user features
[  607.398463][T13471] netlink: 'syz.1.1931': attribute type 10 has an invalid length.
[  607.447815][T13471] : (slave bridge_slave_1): Enslaving as an active interface with an up link
[  608.268330][T13475] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  608.395546][T13479] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(3)
[  608.399777][T13479] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  608.408149][T13479] vhci_hcd vhci_hcd.0: Device attached
[  608.424044][T13481] usbip_core: unknown command
[  608.425887][T13481] vhci_hcd: unknown pdu 0
[  608.427516][T13481] usbip_core: unknown command
[  608.443749][ T1171] vhci_hcd: stop threads
[  608.445484][ T1171] vhci_hcd: release socket
[  608.447193][ T1171] vhci_hcd: disconnect device
[  608.718857][T13487] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1934'.
[  608.829820][T13484] : (slave bridge_slave_1): Releasing backup interface
[  609.323099][   T34] lo speed is unknown, defaulting to 1000
[  609.815606][T13496] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1935'.
[  610.950195][T13507] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1937'.
[  612.112767][ T6042] usb 8-1: new full-speed USB device number 17 using dummy_hcd
[  612.115251][T13530] ip6t_srh: unknown srh invflags 6BE9
[  612.136207][T13530] ubi: mtd0 is already attached to ubi31
[  612.274099][ T6110] usb 6-1: new high-speed USB device number 9 using dummy_hcd
[  612.424062][ T6110] usb 6-1: Using ep0 maxpacket: 8
[  612.427591][ T6110] usb 6-1: config index 0 descriptor too short (expected 301, got 45)
[  612.430378][ T6110] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  612.434067][ T6110] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  612.438519][ T6110] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  612.442263][ T6110] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  612.447619][ T6110] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  612.451084][ T6110] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  612.668852][ T6110] usb 6-1: GET_CAPABILITIES returned 0
[  612.671866][ T6110] usbtmc 6-1:16.0: can't read capabilities
[  612.756749][ T6042] usb 8-1: config 5 has an invalid interface number: 123 but max is 0
[  612.759755][ T6042] usb 8-1: config 5 has no interface number 0
[  612.762203][ T6042] usb 8-1: config 5 interface 123 has no altsetting 0
[  612.767880][ T6042] usb 8-1: New USB device found, idVendor=3923, idProduct=718a, bcdDevice=d8.d7
[  612.771437][ T6042] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  612.774247][ T6042] usb 8-1: Product: syz
[  612.775696][ T6042] usb 8-1: Manufacturer: syz
[  612.777273][ T6042] usb 8-1: SerialNumber: syz
[  612.976200][    T9] usb 6-1: USB disconnect, device number 9
[  612.983464][T13529] usbtmc 6-1:16.0: usb_control_msg returned -71
[  613.001121][ T6042] comedi comedi5: Wrong number of endpoints
[  613.003813][ T6042] ni6501 8-1:5.123: driver 'ni6501' failed to auto-configure device.
[  613.009888][ T6042] usb 8-1: USB disconnect, device number 17
[  613.891378][T13550] ip6t_srh: unknown srh invflags 6BE9
[  613.895174][T13550] ubi: mtd0 is already attached to ubi31
[  614.428328][T13555] FAULT_INJECTION: forcing a failure.
[  614.428328][T13555] name failslab, interval 1, probability 0, space 0, times 0
[  614.433502][T13555] CPU: 1 UID: 0 PID: 13555 Comm: syz.3.1951 Not tainted 6.16.0-rc5-syzkaller-00038-g733923397fd9 #0 PREEMPT(full) 
[  614.433518][T13555] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  614.433525][T13555] Call Trace:
[  614.433529][T13555]  <TASK>
[  614.433534][T13555]  dump_stack_lvl+0x16c/0x1f0
[  614.433554][T13555]  should_fail_ex+0x512/0x640
[  614.433570][T13555]  ? __kvmalloc_node_noprof+0x124/0x620
[  614.433588][T13555]  should_failslab+0xc2/0x120
[  614.433599][T13555]  __kvmalloc_node_noprof+0x137/0x620
[  614.433614][T13555]  ? rcu_is_watching+0x12/0xc0
[  614.433638][T13555]  ? alloc_netdev_mqs+0xd2/0x1570
[  614.433659][T13555]  ? __pfx_gtp_link_setup+0x10/0x10
[  614.433671][T13555]  ? alloc_netdev_mqs+0xd2/0x1570
[  614.433687][T13555]  alloc_netdev_mqs+0xd2/0x1570
[  614.433707][T13555]  rtnl_create_link+0xc08/0xf90
[  614.433726][T13555]  rtnl_newlink+0xb69/0x2000
[  614.433747][T13555]  ? __pfx_rtnl_newlink+0x10/0x10
[  614.433763][T13555]  ? kasan_quarantine_put+0x10a/0x240
[  614.433778][T13555]  ? lockdep_hardirqs_on+0x7c/0x110
[  614.433797][T13555]  ? kfree_skbmem+0x1a4/0x1f0
[  614.433822][T13555]  ? rcu_is_watching+0x12/0xc0
[  614.433838][T13555]  ? trace_cap_capable+0x18d/0x200
[  614.433857][T13555]  ? find_held_lock+0x2b/0x80
[  614.433872][T13555]  ? __pfx_rtnl_newlink+0x10/0x10
[  614.433893][T13555]  ? __pfx_rtnl_newlink+0x10/0x10
[  614.433908][T13555]  ? rtnetlink_rcv_msg+0x93a/0xe90
[  614.433930][T13555]  ? __pfx_rtnl_newlink+0x10/0x10
[  614.433947][T13555]  rtnetlink_rcv_msg+0x95b/0xe90
[  614.433976][T13555]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  614.433999][T13555]  ? ref_tracker_free+0x37c/0x830
[  614.434018][T13555]  netlink_rcv_skb+0x158/0x420
[  614.434030][T13555]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  614.434048][T13555]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  614.434065][T13555]  ? netlink_deliver_tap+0x1ae/0xd30
[  614.434085][T13555]  netlink_unicast+0x53a/0x7f0
[  614.434098][T13555]  ? __pfx_netlink_unicast+0x10/0x10
[  614.434113][T13555]  netlink_sendmsg+0x8d1/0xdd0
[  614.434126][T13555]  ? __pfx_netlink_sendmsg+0x10/0x10
[  614.434139][T13555]  ? __import_iovec+0x1dd/0x650
[  614.434152][T13555]  ____sys_sendmsg+0xa98/0xc70
[  614.434166][T13555]  ? __pfx_____sys_sendmsg+0x10/0x10
[  614.434179][T13555]  ? get_compat_msghdr+0x11a/0x170
[  614.434202][T13555]  ___sys_sendmsg+0x134/0x1d0
[  614.434219][T13555]  ? __pfx____sys_sendmsg+0x10/0x10
[  614.434242][T13555]  ? find_held_lock+0x2b/0x80
[  614.434262][T13555]  __sys_sendmsg+0x16d/0x220
[  614.434279][T13555]  ? __pfx___sys_sendmsg+0x10/0x10
[  614.434301][T13555]  ? rcu_is_watching+0x12/0xc0
[  614.434314][T13555]  __do_fast_syscall_32+0x7c/0x3a0
[  614.434332][T13555]  do_fast_syscall_32+0x32/0x80
[  614.434349][T13555]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  614.434362][T13555] RIP: 0023:0xf7ff5579
[  614.434371][T13555] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  614.434382][T13555] RSP: 002b:00000000f511655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  614.434392][T13555] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000280
[  614.434399][T13555] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  614.434405][T13555] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  614.434411][T13555] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  614.434417][T13555] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  614.434431][T13555]  </TASK>
[  614.704952][T13557] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(3)
[  614.707127][T13557] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  614.715272][T13557] vhci_hcd vhci_hcd.0: Device attached
[  614.728689][T13558] usbip_core: unknown command
[  614.730935][T13558] vhci_hcd: unknown pdu 0
[  614.732672][T13558] usbip_core: unknown command
[  614.734784][T13561] netlink: 'syz.3.1953': attribute type 2 has an invalid length.
[  614.738092][T13561] netlink: 723 bytes leftover after parsing attributes in process `syz.3.1953'.
[  614.738119][ T1082] vhci_hcd: stop threads
[  615.098392][T13564] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1952'.
[  615.184810][ T6110] usb 37-1: new high-speed USB device number 8 using vhci_hcd
[  615.224164][ T1082] vhci_hcd: release socket
[  615.226098][ T1082] vhci_hcd: disconnect device
[  616.106972][T13577] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1955'.
[  616.978263][T13585] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1958'.
[  618.558526][T13601] trusted_key: encrypted_key: insufficient parameters specified
[  618.928572][T13606] netlink: 'syz.3.1964': attribute type 2 has an invalid length.
[  618.932377][T13606] netlink: 723 bytes leftover after parsing attributes in process `syz.3.1964'.
[  619.398784][T13613] openvswitch: : Dropping previously announced user features
[  619.425801][T13614] netlink: 'syz.1.1965': attribute type 1 has an invalid length.
[  619.883362][T13619] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(3)
[  619.885728][T13619] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  619.888492][T13619] vhci_hcd vhci_hcd.0: Device attached
[  619.892389][T13620] usbip_core: unknown command
[  619.894184][T13620] vhci_hcd: unknown pdu 0
[  619.895577][T13620] usbip_core: unknown command
[  619.897704][   T74] vhci_hcd: stop threads
[  619.899096][   T74] vhci_hcd: release socket
[  619.902598][   T74] vhci_hcd: disconnect device
[  620.314112][ T6110] vhci_hcd: vhci_device speed not set
[  620.514201][T13629] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1967'.
[  622.477946][T13650] netlink: 'syz.1.1973': attribute type 1 has an invalid length.
[  624.703181][ T1419] ieee802154 phy1 wpan1: encryption failed: -22
[  624.885089][T13664] ip6t_srh: unknown srh invflags 6BE9
[  624.891427][T13664] ubi: mtd0 is already attached to ubi31
[  625.648466][T13676] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(3)
[  625.650956][T13676] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  625.655834][T13676] vhci_hcd vhci_hcd.0: Device attached
[  625.667609][T13677] usbip_core: unknown command
[  625.669309][T13677] vhci_hcd: unknown pdu 0
[  625.670682][T13677] usbip_core: unknown command
[  625.673516][ T1178] vhci_hcd: stop threads
[  625.679590][ T1178] vhci_hcd: release socket
[  625.685484][ T1178] vhci_hcd: disconnect device
[  625.875133][T13681] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1981'.
[  626.139494][T13685] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1982'.
[  626.909384][T13691] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1983'.
[  627.407798][T13699] netlink: 100 bytes leftover after parsing attributes in process `syz.0.1986'.
[  629.856455][T13714] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1990'.
[  629.891706][T13715] ip6t_srh: unknown srh invflags 6BE9
[  629.895868][T13715] ubi: mtd0 is already attached to ubi31
[  630.865742][T13720] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(3)
[  630.867799][T13720] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  630.894263][T13720] vhci_hcd vhci_hcd.0: Device attached
[  630.916857][T13721] usbip_core: unknown command
[  630.918371][T13721] vhci_hcd: unknown pdu 0
[  630.919752][T13721] usbip_core: unknown command
[  631.209654][T13726] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1992'.
[  632.708948][   T24] usb 39-1: new high-speed USB device number 5 using vhci_hcd
[  632.834157][ T1171] vhci_hcd: stop threads
[  632.835552][ T1171] vhci_hcd: release socket
[  632.844130][ T1171] vhci_hcd: disconnect device
[  633.166022][T13735] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1994'.
[  634.888409][T13747] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(3)
[  634.890522][T13747] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  634.894140][T13747] vhci_hcd vhci_hcd.0: Device attached
[  635.014934][T13748] usbip_core: unknown command
[  635.016528][T13748] vhci_hcd: unknown pdu 0
[  635.018219][T13748] usbip_core: unknown command
[  635.020501][   T74] vhci_hcd: stop threads
[  635.022219][   T74] vhci_hcd: release socket
[  635.054545][   T74] vhci_hcd: disconnect device
[  635.084682][ T9226] vhci_hcd: vhci_device speed not set
[  635.225361][T13754] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1997'.
[  635.751803][T13762] ip6t_srh: unknown srh invflags 6BE9
[  635.756501][T13762] ubi: mtd0 is already attached to ubi31
[  636.068200][T13764] netlink: 'syz.2.2001': attribute type 2 has an invalid length.
[  636.071330][T13764] netlink: 723 bytes leftover after parsing attributes in process `syz.2.2001'.
[  636.996512][T13772] netlink: 'syz.0.2003': attribute type 2 has an invalid length.
[  636.999748][T13772] netlink: 723 bytes leftover after parsing attributes in process `syz.0.2003'.
[  637.834270][   T24] vhci_hcd: vhci_device speed not set
[  639.226169][T13796] netlink: 'syz.1.2010': attribute type 2 has an invalid length.
[  639.229399][T13796] netlink: 723 bytes leftover after parsing attributes in process `syz.1.2010'.
[  639.425037][T13797] netlink: 'syz.3.2009': attribute type 1 has an invalid length.
[  639.427900][T13799] netlink: 'syz.0.2008': attribute type 1 has an invalid length.
[  640.389949][   T34] libceph: connect (1)[c::]:6789 error -101
[  640.392668][   T34] libceph: mon0 (1)[c::]:6789 connect error
[  640.455041][T13813] ceph: No mds server is up or the cluster is laggy
[  640.954831][ T5964] Bluetooth: hci1: connection err: -111
[  642.583444][T13840] netlink: 'syz.3.2020': attribute type 1 has an invalid length.
[  643.430384][T13854] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  643.554108][  T838] usb 8-1: new high-speed USB device number 18 using dummy_hcd
[  643.714094][  T838] usb 8-1: Using ep0 maxpacket: 8
[  643.717438][  T838] usb 8-1: config index 0 descriptor too short (expected 301, got 45)
[  643.720112][  T838] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  643.723917][  T838] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  643.727757][  T838] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  643.731590][  T838] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  643.735662][  T838] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  643.739194][  T838] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  643.894031][ T6024] usb 7-1: new high-speed USB device number 16 using dummy_hcd
[  643.950129][  T838] usb 8-1: GET_CAPABILITIES returned 0
[  643.952519][  T838] usbtmc 8-1:16.0: can't read capabilities
[  644.044108][ T6024] usb 7-1: Using ep0 maxpacket: 8
[  644.049211][ T6024] usb 7-1: config index 0 descriptor too short (expected 301, got 45)
[  644.052276][ T6024] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  644.055714][ T6024] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  644.060472][ T6024] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  644.064528][ T6024] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  644.069571][ T6024] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  644.072726][ T6024] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  644.163320][  T838] usb 8-1: USB disconnect, device number 18
[  644.282820][ T6024] usb 7-1: GET_CAPABILITIES returned 0
[  644.288576][ T6024] usbtmc 7-1:16.0: can't read capabilities
[  644.369857][T13850] dummy0: entered promiscuous mode
[  644.374364][T13850] gretap0: entered promiscuous mode
[  644.378606][T13850] hsr1: entered allmulticast mode
[  644.382701][T13850] dummy0: entered allmulticast mode
[  644.384422][T13850] gretap0: entered allmulticast mode
[  644.504077][T13871] netlink: 'syz.0.2030': attribute type 1 has an invalid length.
[  644.591565][ T6042] usb 7-1: USB disconnect, device number 16
[  644.595203][T13863] usbtmc 7-1:16.0: usb_control_msg returned -71
[  645.284164][  T838] usb 6-1: new high-speed USB device number 10 using dummy_hcd
[  645.434187][  T838] usb 6-1: Using ep0 maxpacket: 8
[  645.438523][  T838] usb 6-1: config index 0 descriptor too short (expected 301, got 45)
[  645.441817][  T838] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  645.453144][  T838] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  645.456593][  T838] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  645.461172][  T838] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  645.470100][  T838] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  645.473874][  T838] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  645.575079][T13891] 9pnet_fd: Insufficient options for proto=fd
[  645.609194][T13891] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2035'.
[  646.025258][  T838] usb 6-1: GET_CAPABILITIES returned 0
[  646.027702][  T838] usbtmc 6-1:16.0: can't read capabilities
[  646.113494][T13899] netlink: 'syz.3.2038': attribute type 2 has an invalid length.
[  646.118727][T13899] netlink: 723 bytes leftover after parsing attributes in process `syz.3.2038'.
[  646.921435][T13904] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2039'.
[  646.957507][  T838] usb 6-1: USB disconnect, device number 10
[  647.326772][T13922] netlink: 'syz.3.2041': attribute type 1 has an invalid length.
[  647.843640][T13933] netlink: 'syz.2.2050': attribute type 2 has an invalid length.
[  647.847305][T13933] netlink: 723 bytes leftover after parsing attributes in process `syz.2.2050'.
[  648.375984][ T6042] usb 8-1: new high-speed USB device number 19 using dummy_hcd
[  648.619188][T13934] "syz.0.2048" (13934) uses obsolete ecb(arc4) skcipher
[  648.654119][ T6042] usb 8-1: Using ep0 maxpacket: 8
[  648.661612][ T6042] usb 8-1: config index 0 descriptor too short (expected 301, got 45)
[  648.666523][ T6042] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  648.674215][ T6042] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  648.678241][ T6042] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  648.682328][ T6042] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  648.687594][ T6042] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  648.691208][ T6042] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  648.899767][ T6042] usb 8-1: GET_CAPABILITIES returned 0
[  648.901558][ T6042] usbtmc 8-1:16.0: can't read capabilities
[  649.107390][ T9226] usb 8-1: USB disconnect, device number 19
[  649.326409][T13952] nfs: Unknown parameter '4'
[  649.630697][T13961] FAULT_INJECTION: forcing a failure.
[  649.630697][T13961] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  649.636125][T13961] CPU: 0 UID: 0 PID: 13961 Comm: syz.0.2060 Not tainted 6.16.0-rc5-syzkaller-00038-g733923397fd9 #0 PREEMPT(full) 
[  649.636141][T13961] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  649.636148][T13961] Call Trace:
[  649.636152][T13961]  <TASK>
[  649.636156][T13961]  dump_stack_lvl+0x16c/0x1f0
[  649.636177][T13961]  should_fail_ex+0x512/0x640
[  649.636195][T13961]  _copy_from_iter+0x29f/0x16f0
[  649.636214][T13961]  ? __alloc_skb+0x200/0x380
[  649.636231][T13961]  ? __pfx__copy_from_iter+0x10/0x10
[  649.636248][T13961]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  649.636264][T13961]  netlink_sendmsg+0x829/0xdd0
[  649.636278][T13961]  ? __pfx_netlink_sendmsg+0x10/0x10
[  649.636290][T13961]  ? __import_iovec+0x1dd/0x650
[  649.636303][T13961]  ____sys_sendmsg+0xa98/0xc70
[  649.636316][T13961]  ? __pfx_____sys_sendmsg+0x10/0x10
[  649.636327][T13961]  ? get_compat_msghdr+0x11a/0x170
[  649.636351][T13961]  ___sys_sendmsg+0x134/0x1d0
[  649.636367][T13961]  ? __pfx____sys_sendmsg+0x10/0x10
[  649.636389][T13961]  ? find_held_lock+0x2b/0x80
[  649.636409][T13961]  __sys_sendmsg+0x16d/0x220
[  649.636425][T13961]  ? __pfx___sys_sendmsg+0x10/0x10
[  649.636446][T13961]  ? rcu_is_watching+0x12/0xc0
[  649.636461][T13961]  __do_fast_syscall_32+0x7c/0x3a0
[  649.636479][T13961]  do_fast_syscall_32+0x32/0x80
[  649.636495][T13961]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  649.636509][T13961] RIP: 0023:0xf704e579
[  649.636517][T13961] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  649.636528][T13961] RSP: 002b:00000000f503e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  649.636539][T13961] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000600
[  649.636545][T13961] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  649.636551][T13961] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  649.636561][T13961] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  649.636567][T13961] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  649.636580][T13961]  </TASK>
[  649.832563][T13965] netlink: 'syz.0.2062': attribute type 2 has an invalid length.
[  649.844084][T13965] netlink: 723 bytes leftover after parsing attributes in process `syz.0.2062'.
[  650.774403][T13968] "syz.3.2063" (13968) uses obsolete ecb(arc4) skcipher
[  650.928928][T13985] netlink: 'syz.1.2067': attribute type 2 has an invalid length.
[  650.931254][T13985] netlink: 723 bytes leftover after parsing attributes in process `syz.1.2067'.
[  651.754294][T14000] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(3)
[  651.756332][T14000] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  651.758935][T14000] vhci_hcd vhci_hcd.0: Device attached
[  651.768457][T14001] usbip_core: unknown command
[  651.774341][T14001] vhci_hcd: unknown pdu 0
[  651.776643][T14001] usbip_core: unknown command
[  651.810980][ T1140] vhci_hcd: stop threads
[  651.812383][ T1140] vhci_hcd: release socket
[  651.813798][ T1140] vhci_hcd: disconnect device
[  651.909624][T14004] dummy0: entered promiscuous mode
[  651.912468][T14004] gretap0: entered promiscuous mode
[  651.917163][T14004] debugfs: Directory 'hsr1' with parent 'hsr' already present!
[  651.921150][T14004] Cannot create hsr debugfs directory
[  651.923548][T14004] hsr1: entered allmulticast mode
[  651.930191][T14004] dummy0: entered allmulticast mode
[  651.932676][T14004] gretap0: entered allmulticast mode
[  652.056729][T14010] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2071'.
[  652.150881][ T5964] Bluetooth: hci1: Invalid handle: 0x0f00 > 0x0eff
[  653.271104][T14023] "syz.3.2077" (14023) uses obsolete ecb(arc4) skcipher
[  653.934145][ T6042] usb 5-1: new high-speed USB device number 21 using dummy_hcd
[  654.084072][ T6042] usb 5-1: Using ep0 maxpacket: 8
[  654.089237][ T6042] usb 5-1: config index 0 descriptor too short (expected 301, got 45)
[  654.091854][ T6042] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  654.120040][ T6042] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  654.123400][ T6042] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  654.130476][ T6042] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  654.148895][ T6042] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  654.158620][ T6042] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  654.385091][ T6042] usb 5-1: GET_CAPABILITIES returned 0
[  654.386864][ T6042] usbtmc 5-1:16.0: can't read capabilities
[  654.582405][T13728] usb 5-1: USB disconnect, device number 21
[  654.937848][T14050] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(3)
[  654.940241][T14050] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  654.955234][T14050] vhci_hcd vhci_hcd.0: Device attached
[  654.969688][T14051] usbip_core: unknown command
[  654.971397][T14051] vhci_hcd: unknown pdu 0
[  654.972771][T14051] usbip_core: unknown command
[  655.000756][ T1140] vhci_hcd: stop threads
[  655.002877][ T1140] vhci_hcd: release socket
[  655.005074][ T1140] vhci_hcd: disconnect device
[  655.112085][T14057] "syz.3.2087" (14057) uses obsolete ecb(arc4) skcipher
[  655.256903][T14059] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2085'.
[  656.543157][T14065] bpf: Bad value for 'mode'
[  659.559430][T14100] "syz.1.2099" (14100) uses obsolete ecb(arc4) skcipher
[  659.980214][T14108] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2100'.
[  659.986475][T14108] bridge_slave_0: vlans aren't supported yet for dev_uc|mc_add()
[  659.989194][T14108] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2100'.
[  660.533236][T14111] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2101'.
[  660.736380][T14117] RDS: rds_bind could not find a transport for fe80::bb, load rds_tcp or rds_rdma?
[  660.825747][T14121] openvswitch: : Dropping previously announced user features
[  660.836514][T14122] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2104'.
[  661.629088][T14131] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  661.734966][T14131] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  661.842455][T14137] "syz.1.2108" (14137) uses obsolete ecb(arc4) skcipher
[  661.888980][T14131] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  661.969653][T14131] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  662.420715][T14131] Failed to register nexthop notifier
[  663.034122][   T34] usb 7-1: new high-speed USB device number 17 using dummy_hcd
[  663.044124][  T838] usb 5-1: new high-speed USB device number 22 using dummy_hcd
[  663.504295][  T838] usb 5-1: Using ep0 maxpacket: 8
[  663.506005][   T34] usb 7-1: Using ep0 maxpacket: 8
[  663.675061][  T838] usb 5-1: config index 0 descriptor too short (expected 301, got 45)
[  663.678422][  T838] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  663.681793][  T838] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  663.684906][   T34] usb 7-1: config index 0 descriptor too short (expected 301, got 45)
[  663.687445][   T34] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  663.690455][   T34] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  663.693759][  T838] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  663.696931][   T34] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  663.700985][  T838] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  663.706584][   T34] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  663.711132][  T838] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  663.715129][   T34] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  663.721301][  T838] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  663.724154][   T34] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  663.953159][  T838] usb 5-1: GET_CAPABILITIES returned 0
[  663.958971][   T34] usb 7-1: GET_CAPABILITIES returned 0
[  663.960671][   T34] usbtmc 7-1:16.0: can't read capabilities
[  663.962916][  T838] usbtmc 5-1:16.0: can't read capabilities
[  664.157029][   T34] usb 5-1: USB disconnect, device number 22
[  664.174333][  T838] usb 7-1: USB disconnect, device number 17
[  665.206179][T14168] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(3)
[  665.208507][T14168] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  665.211627][T14168] vhci_hcd vhci_hcd.0: Device attached
[  665.218508][T14169] usbip_core: unknown command
[  665.219912][T14169] vhci_hcd: unknown pdu 0
[  665.221244][T14169] usbip_core: unknown command
[  665.474048][ T1171] vhci_hcd: stop threads
[  665.475449][ T1171] vhci_hcd: release socket
[  665.476850][ T1171] vhci_hcd: disconnect device
[  665.522073][T14171] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2118'.
[  665.663519][T14177] FAULT_INJECTION: forcing a failure.
[  665.663519][T14177] name failslab, interval 1, probability 0, space 0, times 0
[  665.667616][T14177] CPU: 3 UID: 0 PID: 14177 Comm: syz.3.2120 Not tainted 6.16.0-rc5-syzkaller-00038-g733923397fd9 #0 PREEMPT(full) 
[  665.667633][T14177] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  665.667639][T14177] Call Trace:
[  665.667644][T14177]  <TASK>
[  665.667648][T14177]  dump_stack_lvl+0x16c/0x1f0
[  665.667668][T14177]  should_fail_ex+0x512/0x640
[  665.667684][T14177]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[  665.667703][T14177]  should_failslab+0xc2/0x120
[  665.667713][T14177]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  665.667730][T14177]  ? skb_clone+0x190/0x3f0
[  665.667748][T14177]  skb_clone+0x190/0x3f0
[  665.667764][T14177]  nfnetlink_rcv_batch+0x1cf/0x2330
[  665.667778][T14177]  ? kmem_cache_free+0x2d1/0x4d0
[  665.667797][T14177]  ? consume_skb+0xcc/0x100
[  665.667808][T14177]  ? __pfx_nfnetlink_rcv_batch+0x10/0x10
[  665.667822][T14177]  ? __local_bh_enable_ip+0xa4/0x120
[  665.667835][T14177]  ? lockdep_hardirqs_on+0x7c/0x110
[  665.667850][T14177]  ? __dev_queue_xmit+0x896/0x43e0
[  665.667864][T14177]  ? __local_bh_enable_ip+0xa4/0x120
[  665.667875][T14177]  ? __dev_queue_xmit+0x896/0x43e0
[  665.667887][T14177]  ? __dev_queue_xmit+0x8b7/0x43e0
[  665.667906][T14177]  ? __pfx___dev_queue_xmit+0x10/0x10
[  665.667920][T14177]  ? __asan_memset+0x23/0x50
[  665.667934][T14177]  ? __nla_validate_parse+0x600/0x2880
[  665.667947][T14177]  ? __pfx_aa_get_newest_label+0x10/0x10
[  665.667959][T14177]  ? rcu_is_watching+0x12/0xc0
[  665.667971][T14177]  ? __pfx___nla_validate_parse+0x10/0x10
[  665.667984][T14177]  ? apparmor_capable+0x114/0x1d0
[  665.667998][T14177]  ? __nla_parse+0x40/0x60
[  665.668010][T14177]  nfnetlink_rcv+0x3c1/0x430
[  665.668023][T14177]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  665.668039][T14177]  netlink_unicast+0x53a/0x7f0
[  665.668053][T14177]  ? __pfx_netlink_unicast+0x10/0x10
[  665.668068][T14177]  netlink_sendmsg+0x8d1/0xdd0
[  665.668081][T14177]  ? __pfx_netlink_sendmsg+0x10/0x10
[  665.668093][T14177]  ? __import_iovec+0x1dd/0x650
[  665.668106][T14177]  ____sys_sendmsg+0xa98/0xc70
[  665.668119][T14177]  ? __pfx_____sys_sendmsg+0x10/0x10
[  665.668130][T14177]  ? get_compat_msghdr+0x11a/0x170
[  665.668152][T14177]  ___sys_sendmsg+0x134/0x1d0
[  665.668169][T14177]  ? __pfx____sys_sendmsg+0x10/0x10
[  665.668191][T14177]  ? find_held_lock+0x2b/0x80
[  665.668211][T14177]  __sys_sendmsg+0x16d/0x220
[  665.668227][T14177]  ? __pfx___sys_sendmsg+0x10/0x10
[  665.668248][T14177]  ? rcu_is_watching+0x12/0xc0
[  665.668261][T14177]  __do_fast_syscall_32+0x7c/0x3a0
[  665.668279][T14177]  do_fast_syscall_32+0x32/0x80
[  665.668295][T14177]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  665.668309][T14177] RIP: 0023:0xf7ff5579
[  665.668317][T14177] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  665.668328][T14177] RSP: 002b:00000000f511655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  665.668339][T14177] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000080
[  665.668345][T14177] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  665.668351][T14177] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  665.668357][T14177] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  665.668363][T14177] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  665.668376][T14177]  </TASK>
[  665.891849][T14181] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2122'.
[  670.394114][   T34] usb 8-1: new high-speed USB device number 20 using dummy_hcd
[  670.544044][   T34] usb 8-1: Using ep0 maxpacket: 8
[  670.548548][   T34] usb 8-1: config index 0 descriptor too short (expected 301, got 45)
[  670.552029][   T34] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  670.556213][   T34] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  670.561153][   T34] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  670.566035][   T34] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  670.571540][   T34] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  670.575646][   T34] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  670.631862][T14227] FAULT_INJECTION: forcing a failure.
[  670.631862][T14227] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  670.636758][T14227] CPU: 3 UID: 0 PID: 14227 Comm: syz.1.2133 Not tainted 6.16.0-rc5-syzkaller-00038-g733923397fd9 #0 PREEMPT(full) 
[  670.636787][T14227] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  670.636798][T14227] Call Trace:
[  670.636803][T14227]  <TASK>
[  670.636810][T14227]  dump_stack_lvl+0x16c/0x1f0
[  670.636855][T14227]  should_fail_ex+0x512/0x640
[  670.636886][T14227]  _copy_from_iter+0x29f/0x16f0
[  670.636916][T14227]  ? __alloc_skb+0x200/0x380
[  670.636942][T14227]  ? __pfx__copy_from_iter+0x10/0x10
[  670.636980][T14227]  netlink_sendmsg+0x829/0xdd0
[  670.637004][T14227]  ? __pfx_netlink_sendmsg+0x10/0x10
[  670.637025][T14227]  ? __import_iovec+0x1dd/0x650
[  670.637048][T14227]  ____sys_sendmsg+0xa98/0xc70
[  670.637071][T14227]  ? __pfx_____sys_sendmsg+0x10/0x10
[  670.637090][T14227]  ? get_compat_msghdr+0x11a/0x170
[  670.637126][T14227]  ___sys_sendmsg+0x134/0x1d0
[  670.637154][T14227]  ? __pfx____sys_sendmsg+0x10/0x10
[  670.637191][T14227]  ? find_held_lock+0x2b/0x80
[  670.637225][T14227]  __sys_sendmsg+0x16d/0x220
[  670.637252][T14227]  ? __pfx___sys_sendmsg+0x10/0x10
[  670.637288][T14227]  ? rcu_is_watching+0x12/0xc0
[  670.637312][T14227]  __do_fast_syscall_32+0x7c/0x3a0
[  670.637339][T14227]  do_fast_syscall_32+0x32/0x80
[  670.637366][T14227]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  670.637388][T14227] RIP: 0023:0xf7fb2579
[  670.637403][T14227] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  670.637421][T14227] RSP: 002b:00000000f50d655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  670.637440][T14227] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080006040
[  670.637451][T14227] RDX: 0000000000040010 RSI: 0000000000000000 RDI: 0000000000000000
[  670.637462][T14227] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  670.637472][T14227] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  670.637484][T14227] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  670.637505][T14227]  </TASK>
[  670.819441][   T34] usb 8-1: GET_CAPABILITIES returned 0
[  670.821754][   T34] usbtmc 8-1:16.0: can't read capabilities
[  671.042908][ T9226] usb 8-1: USB disconnect, device number 20
[  671.631439][T14241] "syz.1.2135" (14241) uses obsolete ecb(arc4) skcipher
[  671.914173][   T34] usb 8-1: new high-speed USB device number 21 using dummy_hcd
[  672.084071][   T34] usb 8-1: Using ep0 maxpacket: 8
[  672.087871][   T34] usb 8-1: config index 0 descriptor too short (expected 301, got 45)
[  672.243613][T14246] trusted_key: encrypted_key: insufficient parameters specified
[  672.294113][   T34] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  672.297720][   T34] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  672.301410][   T34] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  672.354056][   T34] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  672.358888][   T34] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  672.362209][   T34] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  672.578477][   T34] usb 8-1: usb_control_msg returned -32
[  672.580588][   T34] usbtmc 8-1:16.0: can't read capabilities
[  673.249671][T14269] "syz.1.2142" (14269) uses obsolete ecb(arc4) skcipher
[  673.955404][ T9226] usb 5-1: new high-speed USB device number 23 using dummy_hcd
[  673.960771][T14279] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2147'.
[  674.124136][ T9226] usb 5-1: Using ep0 maxpacket: 8
[  674.128369][ T9226] usb 5-1: config index 0 descriptor too short (expected 301, got 45)
[  674.132093][ T9226] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  674.137951][ T9226] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  674.142322][ T9226] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  674.151860][ T9226] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  674.156157][ T9226] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  674.160239][ T9226] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  674.380925][ T9226] usb 5-1: GET_CAPABILITIES returned 0
[  674.383871][ T9226] usbtmc 5-1:16.0: can't read capabilities
[  674.753022][ T6042] usb 8-1: USB disconnect, device number 21
[  675.187891][T14301] openvswitch: : Dropping previously announced user features
[  675.296705][ T9226] usb 5-1: USB disconnect, device number 23
[  675.691585][T14306] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2154'.
[  677.037876][T14334] "syz.2.2158" (14334) uses obsolete ecb(arc4) skcipher
[  677.214133][    T9] usb 5-1: new high-speed USB device number 24 using dummy_hcd
[  677.371357][T14337] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(3)
[  677.374049][T14337] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  677.377530][    T9] usb 5-1: Using ep0 maxpacket: 8
[  677.382448][T14337] vhci_hcd vhci_hcd.0: Device attached
[  677.386006][    T9] usb 5-1: config index 0 descriptor too short (expected 301, got 45)
[  677.389381][    T9] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  677.398817][    T9] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  677.399625][T14338] usbip_core: unknown command
[  677.403208][    T9] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  677.404943][T14338] vhci_hcd: unknown pdu 0
[  677.404952][T14338] usbip_core: unknown command
[  677.406841][   T12] vhci_hcd: stop threads
[  677.409784][    T9] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  677.411213][   T12] vhci_hcd: release socket
[  677.411223][   T12] vhci_hcd: disconnect device
[  677.413643][    T9] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  677.430404][    T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  677.654844][T14346] openvswitch: : Dropping previously announced user features
[  677.964515][    T9] usb 5-1: GET_CAPABILITIES returned 0
[  677.966420][    T9] usbtmc 5-1:16.0: can't read capabilities
[  677.975319][    T9] usb 5-1: USB disconnect, device number 24
[  679.174369][T14365] 9pnet_fd: Insufficient options for proto=fd
[  679.264705][   T54] usb 7-1: new high-speed USB device number 18 using dummy_hcd
[  679.269162][T14368] FAULT_INJECTION: forcing a failure.
[  679.269162][T14368] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  679.273205][T14368] CPU: 1 UID: 0 PID: 14368 Comm: syz.1.2171 Not tainted 6.16.0-rc5-syzkaller-00038-g733923397fd9 #0 PREEMPT(full) 
[  679.273221][T14368] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  679.273227][T14368] Call Trace:
[  679.273231][T14368]  <TASK>
[  679.273236][T14368]  dump_stack_lvl+0x16c/0x1f0
[  679.273256][T14368]  should_fail_ex+0x512/0x640
[  679.273274][T14368]  _copy_to_user+0x32/0xd0
[  679.273292][T14368]  simple_read_from_buffer+0xcb/0x170
[  679.273307][T14368]  proc_fail_nth_read+0x197/0x270
[  679.273321][T14368]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  679.273334][T14368]  ? rw_verify_area+0xcf/0x680
[  679.273354][T14368]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  679.273367][T14368]  vfs_read+0x1e1/0xc60
[  679.273383][T14368]  ? fdget_pos+0x2a2/0x370
[  679.273400][T14368]  ? __pfx_vfs_read+0x10/0x10
[  679.273413][T14368]  ? find_held_lock+0x2b/0x80
[  679.273429][T14368]  ? __fget_files+0x20e/0x3c0
[  679.273447][T14368]  ksys_read+0x12a/0x250
[  679.273462][T14368]  ? __pfx_ksys_read+0x10/0x10
[  679.273478][T14368]  ? rcu_is_watching+0x12/0xc0
[  679.273492][T14368]  __do_fast_syscall_32+0x7c/0x3a0
[  679.273510][T14368]  do_fast_syscall_32+0x32/0x80
[  679.273527][T14368]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  679.273540][T14368] RIP: 0023:0xf7fb2579
[  679.273549][T14368] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  679.273559][T14368] RSP: 002b:00000000f50d6590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  679.273569][T14368] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f50d6620
[  679.273576][T14368] RDX: 000000000000000f RSI: 00000000f7443ff4 RDI: 0000000000000000
[  679.273582][T14368] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  679.273587][T14368] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  679.273593][T14368] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  679.273606][T14368]  </TASK>
[  679.326420][T14370] netlink: 'syz.0.2172': attribute type 1 has an invalid length.
[  679.364499][T14370] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2172'.
[  679.379868][T14370] 8021q: adding VLAN 0 to HW filter on device bond2
[  679.383007][T14370] bond1: (slave bond2): making interface the new active one
[  679.386104][T14370] bond1: (slave bond2): Enslaving as an active interface with an up link
[  679.434180][   T54] usb 7-1: Using ep0 maxpacket: 8
[  679.437266][   T54] usb 7-1: config index 0 descriptor too short (expected 301, got 45)
[  679.440127][   T54] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  679.443206][   T54] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  679.446861][   T54] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  679.449991][   T54] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  679.455431][   T54] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  679.458385][   T54] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  679.665053][   T54] usb 7-1: GET_CAPABILITIES returned 0
[  679.666971][   T54] usbtmc 7-1:16.0: can't read capabilities
[  679.869130][   T34] usb 7-1: USB disconnect, device number 18
[  679.964248][ T6110] usb 6-1: new high-speed USB device number 11 using dummy_hcd
[  680.114114][ T6110] usb 6-1: Using ep0 maxpacket: 8
[  680.117835][ T6110] usb 6-1: config index 0 descriptor too short (expected 301, got 45)
[  680.120601][ T6110] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  680.123958][ T6110] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  680.127248][ T6110] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  680.130425][ T6110] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  680.134696][ T6110] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  680.137614][ T6110] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  680.348626][ T6110] usb 6-1: GET_CAPABILITIES returned 0
[  680.350432][ T6110] usbtmc 6-1:16.0: can't read capabilities
[  680.502955][T14391] netlink: 'syz.0.2178': attribute type 1 has an invalid length.
[  680.553413][T13728] usb 6-1: USB disconnect, device number 11
[  680.621298][T14390] infiniband syz1: set active
[  680.625836][T14390] infiniband syz1: added syz_tun
[  680.675983][T14396] FAULT_INJECTION: forcing a failure.
[  680.675983][T14396] name failslab, interval 1, probability 0, space 0, times 0
[  680.680206][T14396] CPU: 3 UID: 0 PID: 14396 Comm: syz.2.2180 Not tainted 6.16.0-rc5-syzkaller-00038-g733923397fd9 #0 PREEMPT(full) 
[  680.680222][T14396] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  680.680228][T14396] Call Trace:
[  680.680233][T14396]  <TASK>
[  680.680238][T14396]  dump_stack_lvl+0x16c/0x1f0
[  680.680258][T14396]  should_fail_ex+0x512/0x640
[  680.680275][T14396]  ? __kmalloc_node_track_caller_noprof+0xc3/0x510
[  680.680295][T14396]  should_failslab+0xc2/0x120
[  680.680306][T14396]  __kmalloc_node_track_caller_noprof+0xd6/0x510
[  680.680323][T14396]  ? rcu_is_watching+0x12/0xc0
[  680.680335][T14396]  ? smb3_parse_devname+0x199/0x480
[  680.680353][T14396]  kstrndup+0x6d/0x160
[  680.680371][T14396]  smb3_parse_devname+0x199/0x480
[  680.680387][T14396]  smb3_fs_context_parse_param+0x37be/0xa2c0
[  680.680403][T14396]  ? __mutex_lock+0x1ca/0xb90
[  680.680421][T14396]  ? __pfx_smb3_fs_context_parse_param+0x10/0x10
[  680.680438][T14396]  ? __pfx___mutex_lock+0x10/0x10
[  680.680453][T14396]  ? __might_fault+0x13b/0x190
[  680.680473][T14396]  ? __pfx_smb3_fs_context_parse_param+0x10/0x10
[  680.680491][T14396]  ? vfs_parse_fs_param+0x20b/0x3c0
[  680.680507][T14396]  vfs_parse_fs_param+0x20b/0x3c0
[  680.680523][T14396]  __do_sys_fsconfig+0x930/0xbe0
[  680.680535][T14396]  ? __pfx___do_sys_fsconfig+0x10/0x10
[  680.680544][T14396]  ? fput+0x70/0xf0
[  680.680558][T14396]  ? rcu_is_watching+0x12/0xc0
[  680.680576][T14396]  __do_fast_syscall_32+0x7c/0x3a0
[  680.680594][T14396]  do_fast_syscall_32+0x32/0x80
[  680.680611][T14396]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  680.680625][T14396] RIP: 0023:0xf70ee579
[  680.680633][T14396] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  680.680644][T14396] RSP: 002b:00000000f50de55c EFLAGS: 00000296 ORIG_RAX: 00000000000001af
[  680.680655][T14396] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000000001
[  680.680661][T14396] RDX: 0000000080000080 RSI: 00000000800019c0 RDI: 0000000000000000
[  680.680668][T14396] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  680.680674][T14396] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  680.680680][T14396] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  680.680693][T14396]  </TASK>
[  680.680810][T14396] CIFS: VFS: Unable to allocate memory for devname
[  680.733046][T14390] RDS/IB: syz1: added
[  680.807471][T14390] smc: adding ib device syz1 with port count 1
[  680.810234][T14390] smc:    ib device syz1 port 1 has pnetid 
[  680.823399][T14402] FAULT_INJECTION: forcing a failure.
[  680.823399][T14402] name failslab, interval 1, probability 0, space 0, times 0
[  680.830198][T14402] CPU: 3 UID: 0 PID: 14402 Comm: syz.2.2183 Not tainted 6.16.0-rc5-syzkaller-00038-g733923397fd9 #0 PREEMPT(full) 
[  680.830224][T14402] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  680.830236][T14402] Call Trace:
[  680.830242][T14402]  <TASK>
[  680.830249][T14402]  dump_stack_lvl+0x16c/0x1f0
[  680.830280][T14402]  should_fail_ex+0x512/0x640
[  680.830305][T14402]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[  680.830333][T14402]  should_failslab+0xc2/0x120
[  680.830350][T14402]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  680.830377][T14402]  ? security_file_alloc+0x34/0x2b0
[  680.830404][T14402]  security_file_alloc+0x34/0x2b0
[  680.830428][T14402]  init_file+0x93/0x4c0
[  680.830447][T14402]  alloc_empty_file+0x73/0x1e0
[  680.830467][T14402]  alloc_file_pseudo+0x13a/0x230
[  680.830488][T14402]  ? __pfx_alloc_file_pseudo+0x10/0x10
[  680.830508][T14402]  ? find_held_lock+0x2b/0x80
[  680.830532][T14402]  __anon_inode_getfile+0xe8/0x280
[  680.830559][T14402]  bpf_link_prime+0x10f/0x290
[  680.830594][T14402]  bpf_xdp_link_attach+0x249/0x8f0
[  680.830623][T14402]  ? __pfx_bpf_xdp_link_attach+0x10/0x10
[  680.830648][T14402]  ? find_held_lock+0x2b/0x80
[  680.830667][T14402]  ? __fget_files+0x204/0x3c0
[  680.830703][T14402]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  680.830736][T14402]  __sys_bpf+0x19ef/0x4d80
[  680.830756][T14402]  ? __pfx___sys_bpf+0x10/0x10
[  680.830774][T14402]  ? ksys_write+0x190/0x250
[  680.830803][T14402]  ? __mutex_unlock_slowpath+0x161/0x6a0
[  680.830845][T14402]  ? fput+0x70/0xf0
[  680.830862][T14402]  ? ksys_write+0x1ac/0x250
[  680.830886][T14402]  ? __pfx_ksys_write+0x10/0x10
[  680.830916][T14402]  __ia32_sys_bpf+0x76/0xe0
[  680.830935][T14402]  __do_fast_syscall_32+0x7c/0x3a0
[  680.830965][T14402]  do_fast_syscall_32+0x32/0x80
[  680.830991][T14402]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  680.831013][T14402] RIP: 0023:0xf70ee579
[  680.831028][T14402] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  680.831045][T14402] RSP: 002b:00000000f50de55c EFLAGS: 00000296 ORIG_RAX: 0000000000000165
[  680.831062][T14402] RAX: ffffffffffffffda RBX: 000000000000001c RCX: 0000000080000240
[  680.831074][T14402] RDX: 0000000000000020 RSI: 0000000000000000 RDI: 0000000000000000
[  680.831084][T14402] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  680.831094][T14402] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  680.831122][T14402] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  680.831147][T14402]  </TASK>
[  682.253050][T14438] FAULT_INJECTION: forcing a failure.
[  682.253050][T14438] name failslab, interval 1, probability 0, space 0, times 0
[  682.260235][T14438] CPU: 1 UID: 0 PID: 14438 Comm: syz.2.2192 Not tainted 6.16.0-rc5-syzkaller-00038-g733923397fd9 #0 PREEMPT(full) 
[  682.260262][T14438] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  682.260273][T14438] Call Trace:
[  682.260279][T14438]  <TASK>
[  682.260286][T14438]  dump_stack_lvl+0x16c/0x1f0
[  682.260316][T14438]  should_fail_ex+0x512/0x640
[  682.260356][T14438]  ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0
[  682.260386][T14438]  should_failslab+0xc2/0x120
[  682.260404][T14438]  kmem_cache_alloc_lru_noprof+0x72/0x3b0
[  682.260432][T14438]  ? proc_alloc_inode+0x25/0x200
[  682.260462][T14438]  ? __pfx_proc_alloc_inode+0x10/0x10
[  682.260489][T14438]  proc_alloc_inode+0x25/0x200
[  682.260513][T14438]  alloc_inode+0x61/0x240
[  682.260533][T14438]  new_inode+0x22/0x1c0
[  682.260554][T14438]  proc_pid_make_inode+0x22/0x160
[  682.260577][T14438]  ? do_raw_spin_unlock+0x172/0x230
[  682.260595][T14438]  proc_fd_instantiate+0x57/0x240
[  682.260616][T14438]  ? __pfx_proc_lookupfd+0x10/0x10
[  682.260635][T14438]  proc_lookupfd+0x11f/0x230
[  682.260654][T14438]  ? __pfx_proc_lookupfd+0x10/0x10
[  682.260681][T14438]  ? __pfx_proc_lookupfd+0x10/0x10
[  682.260700][T14438]  lookup_open.isra.0+0x4da/0x1580
[  682.260729][T14438]  ? __pfx_lookup_open.isra.0+0x10/0x10
[  682.260768][T14438]  ? lookup_fast+0x156/0x610
[  682.260795][T14438]  path_openat+0x893/0x2cb0
[  682.260825][T14438]  ? __pfx___up_read+0x10/0x10
[  682.260853][T14438]  ? __pfx_path_openat+0x10/0x10
[  682.260885][T14438]  do_filp_open+0x20b/0x470
[  682.260912][T14438]  ? __pfx_do_filp_open+0x10/0x10
[  682.260935][T14438]  ? rcu_is_watching+0x12/0xc0
[  682.260972][T14438]  ? _raw_spin_unlock+0x28/0x50
[  682.260995][T14438]  ? alloc_fd+0x471/0x7d0
[  682.261025][T14438]  do_sys_openat2+0x11b/0x1d0
[  682.261047][T14438]  ? __pfx_do_sys_openat2+0x10/0x10
[  682.261070][T14438]  ? __fget_files+0x20e/0x3c0
[  682.261099][T14438]  __ia32_compat_sys_openat+0x16d/0x210
[  682.261121][T14438]  ? __pfx___ia32_compat_sys_openat+0x10/0x10
[  682.261142][T14438]  ? ksys_write+0x1ac/0x250
[  682.261170][T14438]  ? rcu_is_watching+0x12/0xc0
[  682.261193][T14438]  __do_fast_syscall_32+0x7c/0x3a0
[  682.261222][T14438]  do_fast_syscall_32+0x32/0x80
[  682.261248][T14438]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  682.261270][T14438] RIP: 0023:0xf70ee579
[  682.261284][T14438] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  682.261301][T14438] RSP: 002b:00000000f50de55c EFLAGS: 00000296 ORIG_RAX: 0000000000000127
[  682.261318][T14438] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 0000000080000000
[  682.261329][T14438] RDX: 0000000000000000 RSI: 00000000000000c1 RDI: 0000000000000000
[  682.261339][T14438] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  682.261350][T14438] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  682.261360][T14438] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  682.261384][T14438]  </TASK>
[  683.552543][   T40] kauditd_printk_skb: 8 callbacks suppressed
[  683.552556][   T40] audit: type=1326 audit(1752061242.147:1188): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14450 comm="syz.3.2196" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff5579 code=0x7ffc0000
[  683.565073][   T40] audit: type=1326 audit(1752061242.147:1189): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14450 comm="syz.3.2196" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff5579 code=0x7ffc0000
[  683.577289][   T40] audit: type=1326 audit(1752061242.147:1190): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14450 comm="syz.3.2196" exe="/syz-executor" sig=0 arch=40000003 syscall=393 compat=1 ip=0xf7ff5579 code=0x7ffc0000
[  683.595319][   T40] audit: type=1326 audit(1752061242.147:1191): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14450 comm="syz.3.2196" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff5579 code=0x7ffc0000
[  683.611266][   T40] audit: type=1326 audit(1752061242.147:1192): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14450 comm="syz.3.2196" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff5579 code=0x7ffc0000
[  683.631523][   T40] audit: type=1326 audit(1752061242.147:1193): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14450 comm="syz.3.2196" exe="/syz-executor" sig=0 arch=40000003 syscall=394 compat=1 ip=0xf7ff5579 code=0x7ffc0000
[  683.654717][   T40] audit: type=1326 audit(1752061242.147:1194): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14450 comm="syz.3.2196" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff5579 code=0x7ffc0000
[  683.663316][   T40] audit: type=1326 audit(1752061242.147:1195): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14450 comm="syz.3.2196" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff5579 code=0x7ffc0000
[  683.704959][   T40] audit: type=1326 audit(1752061242.157:1196): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14450 comm="syz.3.2196" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7ff5579 code=0x7ffc0000
[  683.712111][   T40] audit: type=1326 audit(1752061242.157:1197): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14450 comm="syz.3.2196" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff5579 code=0x7ffc0000
[  684.710434][T14478] CIFS: VFS: Malformed UNC in devname
[  685.205885][ T1419] ieee802154 phy1 wpan1: encryption failed: -22
[  685.638430][T14495] Cannot find add_set index 2 as target
[  688.215187][T14511] "syz.2.2211" (14511) uses obsolete ecb(arc4) skcipher
[  689.970438][T14530] can0: slcan on ttyS3.
[  690.055559][T14529] can0 (unregistered): slcan off ttyS3.
[  690.209493][T14537] ./cgroup: Can't lookup blockdev
[  690.609843][T14555] syz1: rxe_newlink: already configured on syz_tun
[  690.664393][T14554] netlink: 'syz.0.2224': attribute type 1 has an invalid length.
[  690.921175][T14560] netlink: 'syz.1.2225': attribute type 1 has an invalid length.
[  692.034344][T14574] netlink: 'syz.1.2230': attribute type 2 has an invalid length.
[  692.038083][T14574] netlink: 723 bytes leftover after parsing attributes in process `syz.1.2230'.
[  693.044064][    T9] usb 7-1: new high-speed USB device number 19 using dummy_hcd
[  693.204140][    T9] usb 7-1: Using ep0 maxpacket: 8
[  693.207233][    T9] usb 7-1: config index 0 descriptor too short (expected 301, got 45)
[  693.209850][    T9] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  693.213030][    T9] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  693.216463][    T9] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  693.219515][    T9] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  693.223905][    T9] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  693.226978][    T9] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  693.441135][    T9] usb 7-1: usb_control_msg returned -71
[  693.442937][    T9] usbtmc 7-1:16.0: can't read capabilities
[  693.447521][    T9] usb 7-1: USB disconnect, device number 19
[  694.240642][T14597] "syz.1.2235" (14597) uses obsolete ecb(arc4) skcipher
[  694.404143][   T54] usb 7-1: new high-speed USB device number 20 using dummy_hcd
[  694.554206][   T54] usb 7-1: Using ep0 maxpacket: 8
[  694.557739][   T54] usb 7-1: config index 0 descriptor too short (expected 301, got 45)
[  694.561044][   T54] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  694.564896][   T54] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  694.568148][   T54] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  694.572537][   T54] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  694.580578][   T54] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  694.584597][   T54] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  694.791647][   T54] usb 7-1: GET_CAPABILITIES returned 0
[  694.793549][   T54] usbtmc 7-1:16.0: can't read capabilities
[  694.904840][T14603] netlink: 'syz.3.2239': attribute type 1 has an invalid length.
[  694.995072][   T54] usb 7-1: USB disconnect, device number 20
[  695.267907][T14606] mkiss: ax0: crc mode is auto.
[  695.283209][T14606] pim6reg: entered allmulticast mode
[  695.294479][T14606] pim6reg: left allmulticast mode
[  695.828035][T14618] netlink: 680 bytes leftover after parsing attributes in process `syz.2.2244'.
[  697.934084][    T9] usb 7-1: new high-speed USB device number 21 using dummy_hcd
[  698.030652][T14645] trusted_key: encrypted_key: insufficient parameters specified
[  698.084716][T14647] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(3)
[  698.087077][T14647] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  698.095483][T14647] vhci_hcd vhci_hcd.0: Device attached
[  698.110680][T14648] usbip_core: unknown command
[  698.112722][T14648] vhci_hcd: unknown pdu 0
[  698.115226][T14648] usbip_core: unknown command
[  698.117766][   T74] vhci_hcd: stop threads
[  698.119571][   T74] vhci_hcd: release socket
[  698.121457][   T74] vhci_hcd: disconnect device
[  698.124077][    T9] usb 7-1: Using ep0 maxpacket: 8
[  698.137788][    T9] usb 7-1: config index 0 descriptor too short (expected 301, got 45)
[  698.141205][    T9] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  698.154093][    T9] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  698.158087][    T9] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  698.162125][    T9] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  698.184333][    T9] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  698.188061][    T9] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  698.424843][    T9] usb 7-1: usb_control_msg returned -71
[  698.484188][    T9] usbtmc 7-1:16.0: can't read capabilities
[  698.491008][    T9] usb 7-1: USB disconnect, device number 21
[  699.520265][T14664] netlink: 'syz.2.2255': attribute type 1 has an invalid length.
[  699.556035][T14665] "syz.3.2254" (14665) uses obsolete ecb(arc4) skcipher
[  700.648752][T14678] ip6t_srh: unknown srh invflags 6BE9
[  700.651505][T14678] ubi: mtd0 is already attached to ubi31
[  701.072338][T14682] trusted_key: encrypted_key: insufficient parameters specified
[  701.550824][T14698] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(3)
[  701.553531][T14698] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  701.560451][T14698] vhci_hcd vhci_hcd.0: Device attached
[  701.591865][T14699] usbip_core: unknown command
[  701.602953][T14699] vhci_hcd: unknown pdu 0
[  701.605616][T14699] usbip_core: unknown command
[  701.611860][   T12] vhci_hcd: stop threads
[  701.613916][   T12] vhci_hcd: release socket
[  701.618122][   T12] vhci_hcd: disconnect device
[  704.093197][T14716] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(4)
[  704.095278][T14716] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  704.098396][T14716] vhci_hcd vhci_hcd.0: Device attached
[  705.590472][T14716] bond1: (slave bond2): Releasing backup interface
[  705.734153][T11005] usb 37-1: new high-speed USB device number 9 using vhci_hcd
[  705.901595][T14721] vhci_hcd: connection reset by peer
[  705.905929][ T9656] vhci_hcd: stop threads
[  705.908316][ T9656] vhci_hcd: release socket
[  705.910294][ T9656] vhci_hcd: disconnect device
[  706.115607][ T5999] libceph: connect (1)[c::]:6789 error -101
[  706.119169][ T5999] libceph: mon0 (1)[c::]:6789 connect error
[  706.149482][T14759] futex_wake_op: syz.3.2268 tries to shift op by 144; fix this program
[  706.152549][T14756] ceph: No mds server is up or the cluster is laggy
[  706.844112][ T5999] usb 5-1: new high-speed USB device number 25 using dummy_hcd
[  707.124084][ T5999] usb 5-1: Using ep0 maxpacket: 8
[  707.128283][ T5999] usb 5-1: config index 0 descriptor too short (expected 301, got 45)
[  707.131703][ T5999] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  707.144089][ T5999] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  707.148143][ T5999] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  707.152161][ T5999] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  707.174067][ T5999] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  707.177852][ T5999] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  707.289331][T14783] openvswitch: : Dropping previously announced user features
[  707.387792][ T5999] usb 5-1: GET_CAPABILITIES returned 0
[  707.394760][ T5999] usbtmc 5-1:16.0: can't read capabilities
[  707.590078][T13728] usb 5-1: USB disconnect, device number 25
[  707.946051][T14793] ip6t_srh: unknown srh invflags 6BE9
[  707.949693][T14793] ubi: mtd0 is already attached to ubi31
[  710.884125][T11005] vhci_hcd: vhci_device speed not set
[  710.907369][T14830] CIFS: VFS: Malformed UNC in devname
[  711.496397][T14838] netlink: 'syz.1.2293': attribute type 2 has an invalid length.
[  711.514811][T14838] netlink: 723 bytes leftover after parsing attributes in process `syz.1.2293'.
[  712.184171][ T5999] usb 8-1: new high-speed USB device number 22 using dummy_hcd
[  712.474293][ T5999] usb 8-1: Using ep0 maxpacket: 8
[  712.483072][ T5999] usb 8-1: config index 0 descriptor too short (expected 301, got 45)
[  712.487822][ T5999] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  712.491856][ T5999] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  712.501363][ T5999] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  712.504695][ T5999] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  712.509639][ T5999] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  712.513200][ T5999] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  712.846007][ T5999] usb 8-1: usb_control_msg returned -71
[  712.851112][ T5999] usbtmc 8-1:16.0: can't read capabilities
[  712.855568][ T5999] usb 8-1: USB disconnect, device number 22
[  712.986078][T14852] FAULT_INJECTION: forcing a failure.
[  712.986078][T14852] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  712.991477][T14852] CPU: 3 UID: 0 PID: 14852 Comm: syz.2.2297 Not tainted 6.16.0-rc5-syzkaller-00038-g733923397fd9 #0 PREEMPT(full) 
[  712.991499][T14852] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  712.991509][T14852] Call Trace:
[  712.991515][T14852]  <TASK>
[  712.991521][T14852]  dump_stack_lvl+0x16c/0x1f0
[  712.991548][T14852]  should_fail_ex+0x512/0x640
[  712.991574][T14852]  _copy_to_user+0x32/0xd0
[  712.991599][T14852]  simple_read_from_buffer+0xcb/0x170
[  712.991621][T14852]  proc_fail_nth_read+0x197/0x270
[  712.991639][T14852]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  712.991657][T14852]  ? rw_verify_area+0xcf/0x680
[  712.991675][T14852]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  712.991692][T14852]  vfs_read+0x1e1/0xc60
[  712.991713][T14852]  ? fdget_pos+0x2a2/0x370
[  712.991736][T14852]  ? __pfx_vfs_read+0x10/0x10
[  712.991753][T14852]  ? find_held_lock+0x2b/0x80
[  712.991775][T14852]  ? __fget_files+0x20e/0x3c0
[  712.991800][T14852]  ksys_read+0x12a/0x250
[  712.991820][T14852]  ? __pfx_ksys_read+0x10/0x10
[  712.991841][T14852]  ? rcu_is_watching+0x12/0xc0
[  712.991861][T14852]  __do_fast_syscall_32+0x7c/0x3a0
[  712.991885][T14852]  do_fast_syscall_32+0x32/0x80
[  712.991907][T14852]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  712.991926][T14852] RIP: 0023:0xf70ee579
[  712.991937][T14852] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  712.991952][T14852] RSP: 002b:00000000f50de590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  712.991967][T14852] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000f50de620
[  712.991977][T14852] RDX: 000000000000000f RSI: 00000000f7453ff4 RDI: 0000000000000000
[  712.991986][T14852] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  712.992002][T14852] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  712.992011][T14852] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  712.992034][T14852]  </TASK>
[  713.029140][T14850] openvswitch: : Dropping previously announced user features
[  713.789895][T14867] trusted_key: encrypted_key: insufficient parameters specified
[  713.947520][T14872] netlink: 'syz.0.2301': attribute type 1 has an invalid length.
[  713.950642][T14872] netlink: 'syz.0.2301': attribute type 2 has an invalid length.
[  713.953379][T14872] netlink: 3 bytes leftover after parsing attributes in process `syz.0.2301'.
[  715.219693][T14897] openvswitch: : Dropping previously announced user features
[  715.486621][T14901] trusted_key: encrypted_key: insufficient parameters specified
[  716.486804][   T40] kauditd_printk_skb: 29 callbacks suppressed
[  716.486821][   T40] audit: type=1804 audit(1752061275.087:1227): pid=14907 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.2315" name="/newroot/563/file1" dev="fuse" ino=1 res=1 errno=0
[  716.514110][   T40] audit: type=1800 audit(1752061275.087:1228): pid=14907 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.2315" name="/" dev="fuse" ino=1 res=0 errno=0
[  716.521908][   T40] audit: type=1800 audit(1752061275.087:1229): pid=14907 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.2315" name="/" dev="fuse" ino=1 res=0 errno=0
[  716.677261][T14917] FAULT_INJECTION: forcing a failure.
[  716.677261][T14917] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  716.682216][T14917] CPU: 3 UID: 0 PID: 14917 Comm: syz.1.2317 Not tainted 6.16.0-rc5-syzkaller-00038-g733923397fd9 #0 PREEMPT(full) 
[  716.682233][T14917] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  716.682240][T14917] Call Trace:
[  716.682245][T14917]  <TASK>
[  716.682249][T14917]  dump_stack_lvl+0x16c/0x1f0
[  716.682270][T14917]  should_fail_ex+0x512/0x640
[  716.682288][T14917]  should_fail_alloc_page+0xe7/0x130
[  716.682301][T14917]  prepare_alloc_pages+0x3c2/0x610
[  716.682314][T14917]  ? trace_mm_page_alloc+0x11f/0x1a0
[  716.682327][T14917]  __alloc_frozen_pages_noprof+0x18b/0x23f0
[  716.682345][T14917]  ? fuse_do_ioctl+0x284/0x1670
[  716.682356][T14917]  ? kasan_save_stack+0x42/0x60
[  716.682372][T14917]  ? kasan_save_stack+0x33/0x60
[  716.682386][T14917]  ? kasan_save_track+0x14/0x30
[  716.682402][T14917]  ? __kasan_kmalloc+0xaa/0xb0
[  716.682416][T14917]  ? __kmalloc_noprof+0x223/0x510
[  716.682431][T14917]  ? fuse_do_ioctl+0x284/0x1670
[  716.682440][T14917]  ? fuse_ioctl_common+0x123/0x190
[  716.682450][T14917]  ? fuse_dir_compat_ioctl+0x122/0x180
[  716.682463][T14917]  ? __ia32_compat_sys_ioctl+0x242/0x370
[  716.682476][T14917]  ? __do_fast_syscall_32+0x7c/0x3a0
[  716.682492][T14917]  ? do_fast_syscall_32+0x32/0x80
[  716.682508][T14917]  ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  716.682522][T14917]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  716.682539][T14917]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  716.682563][T14917]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  716.682580][T14917]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  716.682598][T14917]  ? policy_nodemask+0xea/0x4e0
[  716.682609][T14917]  alloc_pages_mpol+0x1fb/0x550
[  716.682620][T14917]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  716.682630][T14917]  ? rcu_is_watching+0x12/0xc0
[  716.682645][T14917]  folio_alloc_noprof+0x20/0x2d0
[  716.682659][T14917]  fuse_do_ioctl+0x5f3/0x1670
[  716.682673][T14917]  ? __pfx_fuse_do_ioctl+0x10/0x10
[  716.682684][T14917]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  716.682697][T14917]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  716.682714][T14917]  ? do_vfs_ioctl+0x523/0x1a60
[  716.682726][T14917]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  716.682749][T14917]  ? hook_file_ioctl_common+0x145/0x410
[  716.682765][T14917]  fuse_ioctl_common+0x123/0x190
[  716.682777][T14917]  fuse_dir_compat_ioctl+0x122/0x180
[  716.682791][T14917]  ? __pfx_fuse_dir_compat_ioctl+0x10/0x10
[  716.682804][T14917]  __ia32_compat_sys_ioctl+0x242/0x370
[  716.682819][T14917]  __do_fast_syscall_32+0x7c/0x3a0
[  716.682836][T14917]  do_fast_syscall_32+0x32/0x80
[  716.682853][T14917]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  716.682866][T14917] RIP: 0023:0xf7fb2579
[  716.682874][T14917] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  716.682885][T14917] RSP: 002b:00000000f50d655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  716.682895][T14917] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000040086607
[  716.682902][T14917] RDX: 00000000de8f6976 RSI: 0000000000000000 RDI: 0000000000000000
[  716.682908][T14917] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  716.682914][T14917] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  716.682925][T14917] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  716.682938][T14917]  </TASK>
[  716.757706][T14922] netlink: 'syz.3.2314': attribute type 1 has an invalid length.
[  717.497782][T14933] FAULT_INJECTION: forcing a failure.
[  717.497782][T14933] name failslab, interval 1, probability 0, space 0, times 0
[  717.503001][T14933] CPU: 3 UID: 0 PID: 14933 Comm: syz.3.2321 Not tainted 6.16.0-rc5-syzkaller-00038-g733923397fd9 #0 PREEMPT(full) 
[  717.503040][T14933] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  717.503051][T14933] Call Trace:
[  717.503058][T14933]  <TASK>
[  717.503065][T14933]  dump_stack_lvl+0x16c/0x1f0
[  717.503095][T14933]  should_fail_ex+0x512/0x640
[  717.503121][T14933]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[  717.503151][T14933]  should_failslab+0xc2/0x120
[  717.503168][T14933]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  717.503194][T14933]  ? skb_clone+0x190/0x3f0
[  717.503223][T14933]  skb_clone+0x190/0x3f0
[  717.503251][T14933]  nfnetlink_rcv_batch+0x1cf/0x2330
[  717.503272][T14933]  ? kmem_cache_free+0x2d1/0x4d0
[  717.503306][T14933]  ? consume_skb+0xcc/0x100
[  717.503326][T14933]  ? __pfx_nfnetlink_rcv_batch+0x10/0x10
[  717.503350][T14933]  ? __local_bh_enable_ip+0xa4/0x120
[  717.503371][T14933]  ? lockdep_hardirqs_on+0x7c/0x110
[  717.503395][T14933]  ? __dev_queue_xmit+0x896/0x43e0
[  717.503417][T14933]  ? __local_bh_enable_ip+0xa4/0x120
[  717.503435][T14933]  ? __dev_queue_xmit+0x896/0x43e0
[  717.503457][T14933]  ? __dev_queue_xmit+0x8b7/0x43e0
[  717.503489][T14933]  ? __pfx___dev_queue_xmit+0x10/0x10
[  717.503514][T14933]  ? __asan_memset+0x23/0x50
[  717.503537][T14933]  ? __nla_validate_parse+0x600/0x2880
[  717.503559][T14933]  ? __pfx_aa_get_newest_label+0x10/0x10
[  717.503581][T14933]  ? rcu_is_watching+0x12/0xc0
[  717.503600][T14933]  ? __pfx___nla_validate_parse+0x10/0x10
[  717.503622][T14933]  ? apparmor_capable+0x114/0x1d0
[  717.503646][T14933]  ? __nla_parse+0x40/0x60
[  717.503669][T14933]  nfnetlink_rcv+0x3c1/0x430
[  717.503691][T14933]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  717.503721][T14933]  netlink_unicast+0x53a/0x7f0
[  717.503744][T14933]  ? __pfx_netlink_unicast+0x10/0x10
[  717.503771][T14933]  netlink_sendmsg+0x8d1/0xdd0
[  717.503795][T14933]  ? __pfx_netlink_sendmsg+0x10/0x10
[  717.503817][T14933]  ? __import_iovec+0x1dd/0x650
[  717.503840][T14933]  ____sys_sendmsg+0xa98/0xc70
[  717.503865][T14933]  ? __pfx_____sys_sendmsg+0x10/0x10
[  717.503884][T14933]  ? get_compat_msghdr+0x11a/0x170
[  717.503923][T14933]  ___sys_sendmsg+0x134/0x1d0
[  717.503957][T14933]  ? __pfx____sys_sendmsg+0x10/0x10
[  717.504009][T14933]  ? find_held_lock+0x2b/0x80
[  717.504046][T14933]  __sys_sendmsg+0x16d/0x220
[  717.504073][T14933]  ? __pfx___sys_sendmsg+0x10/0x10
[  717.504098][T14933]  ? __pfx_bpf_trace_run2+0x10/0x10
[  717.504131][T14933]  ? syscall_trace_enter+0x1cb/0x260
[  717.504161][T14933]  ? rcu_is_watching+0x12/0xc0
[  717.504183][T14933]  __do_fast_syscall_32+0x7c/0x3a0
[  717.504212][T14933]  do_fast_syscall_32+0x32/0x80
[  717.504239][T14933]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  717.504262][T14933] RIP: 0023:0xf7ff5579
[  717.504277][T14933] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  717.504295][T14933] RSP: 002b:00000000f511655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  717.504311][T14933] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800000c0
[  717.504324][T14933] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  717.504334][T14933] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  717.504343][T14933] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  717.504355][T14933] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  717.504379][T14933]  </TASK>
[  717.837639][T14942] openvswitch: : Dropping previously announced user features
[  718.269531][T14945] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2325'.
[  718.525086][T14953] ip6t_srh: unknown srh invflags 6BE9
[  718.535748][T14953] ubi: mtd0 is already attached to ubi31
[  718.861035][T14961] "syz.0.2328" (14961) uses obsolete ecb(arc4) skcipher
[  719.401329][T14967] trusted_key: encrypted_key: insufficient parameters specified
[  719.477939][T14966] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2331'.
[  719.775834][T14973] can0: slcan on ttyS3.
[  720.825291][T14971] can0 (unregistered): slcan off ttyS3.
[  720.906733][T14995] CIFS: VFS: Malformed UNC in devname
[  721.620335][T15002] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2342'.
[  722.916072][T15035] CIFS: VFS: Malformed UNC in devname
[  722.924414][  T838] usb 6-1: new high-speed USB device number 12 using dummy_hcd
[  722.957768][T15037] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  723.084073][  T838] usb 6-1: Using ep0 maxpacket: 8
[  723.088282][  T838] usb 6-1: config index 0 descriptor too short (expected 301, got 45)
[  723.091335][  T838] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  723.104300][  T838] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  723.107698][  T838] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  723.111517][  T838] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  723.134169][  T838] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  723.137127][  T838] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  723.350831][  T838] usb 6-1: GET_CAPABILITIES returned 0
[  723.352778][  T838] usbtmc 6-1:16.0: can't read capabilities
[  723.655961][T15029] usbtmc 6-1:16.0: usb_control_msg returned -71
[  723.656151][   T24] usb 6-1: USB disconnect, device number 12
[  723.766417][T15050] fuse: Unknown parameter '0x0000000000000005'
[  723.779314][T15050] cgroup: Need name or subsystem set
[  724.524450][T15055] bridge0: entered allmulticast mode
[  724.526927][T15055] A link change request failed with some changes committed already. Interface bridge0 may have been left with an inconsistent configuration, please check.
[  724.537154][T15055] kernel profiling enabled (shift: 17)
[  724.540375][T15055] netlink: 'syz.1.2354': attribute type 16 has an invalid length.
[  724.543196][T15055] netlink: 'syz.1.2354': attribute type 17 has an invalid length.
[  724.549432][T15055] bridge0: left allmulticast mode
[  724.827401][T15065] CIFS: VFS: Malformed UNC in devname
[  724.939498][T15069] ip6t_srh: unknown srh invflags 6BE9
[  724.943423][T15069] ubi: mtd0 is already attached to ubi31
[  725.016269][T12085] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  725.021626][T12085] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  725.026904][T12085] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  725.034480][T12085] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  725.041059][T12085] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  725.065544][T15071] lo speed is unknown, defaulting to 1000
[  725.068724][T15071] lo speed is unknown, defaulting to 1000
[  726.058321][ T1178] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  726.070457][T15071] chnl_net:caif_netlink_parms(): no params data found
[  726.183068][ T1178] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  726.255964][T15071] bridge0: port 1(bridge_slave_0) entered blocking state
[  726.259092][T15071] bridge0: port 1(bridge_slave_0) entered disabled state
[  726.262090][T15071] bridge_slave_0: entered allmulticast mode
[  726.265857][T15071] bridge_slave_0: entered promiscuous mode
[  726.301362][T15085] 8021q: adding VLAN 0 to HW filter on device bond3
[  726.306373][T15071] bridge0: port 2(bridge_slave_1) entered blocking state
[  726.314239][T15071] bridge0: port 2(bridge_slave_1) entered disabled state
[  726.317227][T15071] bridge_slave_1: entered allmulticast mode
[  726.320363][T15071] bridge_slave_1: entered promiscuous mode
[  726.371742][ T1178] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  726.410046][T15071] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  726.417417][T15071] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  726.476282][ T1178] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  726.540859][T15071] team0: Port device team_slave_0 added
[  726.552305][T15071] team0: Port device team_slave_1 added
[  726.694122][   T24] usb 8-1: new high-speed USB device number 23 using dummy_hcd
[  726.877490][   T24] usb 8-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  726.883241][   T24] usb 8-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  726.887780][   T24] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 66
[  726.891940][   T24] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  726.900529][   T24] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  726.907589][   T24] usb 8-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  726.910626][   T24] usb 8-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  726.913228][   T24] usb 8-1: Product: syz
[  726.916568][T15071] batman_adv: batadv0: Adding interface: batadv_slave_0
[  726.917476][   T24] usb 8-1: Manufacturer: syz
[  726.919556][T15071] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  726.919602][T15071] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  726.926973][   T24] cdc_wdm 8-1:1.0: skipping garbage
[  726.941263][   T24] cdc_wdm 8-1:1.0: skipping garbage
[  726.949362][   T24] cdc_wdm 8-1:1.0: cdc-wdm0: USB WDM device
[  726.951507][   T24] cdc_wdm 8-1:1.0: Unknown control protocol
[  726.978687][T15071] batman_adv: batadv0: Adding interface: batadv_slave_1
[  726.981716][T15071] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  726.993337][T15071] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  727.124134][ T5964] Bluetooth: hci4: command tx timeout
[  728.199253][ T1178] bond0 (unregistering): Released all slaves
[  728.229836][T15071] hsr_slave_0: entered promiscuous mode
[  728.240446][T15071] hsr_slave_1: entered promiscuous mode
[  728.243334][T15071] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  728.250291][T15071] Cannot create hsr debugfs directory
[  728.395181][ T1178] : left promiscuous mode
[  728.954728][ T1178] hsr_slave_0: left promiscuous mode
[  728.963952][ T1178] hsr_slave_1: left promiscuous mode
[  729.005554][ T1178] veth1_macvtap: left promiscuous mode
[  729.007913][ T1178] veth0_macvtap: left promiscuous mode
[  729.009830][ T1178] veth1_vlan: left promiscuous mode
[  729.011711][ T1178] veth0_vlan: left promiscuous mode
[  729.203454][   T24] usb 8-1: USB disconnect, device number 23
[  729.224165][ T5964] Bluetooth: hci4: command tx timeout
[  729.822779][T15112] ip6t_srh: unknown srh invflags 6BE9
[  729.826605][T15112] ubi: mtd0 is already attached to ubi31
[  730.571445][T15116] netlink: 'syz.3.2369': attribute type 1 has an invalid length.
[  730.585592][T15118] FAULT_INJECTION: forcing a failure.
[  730.585592][T15118] name failslab, interval 1, probability 0, space 0, times 0
[  730.590983][T15118] CPU: 3 UID: 0 PID: 15118 Comm: syz.0.2370 Not tainted 6.16.0-rc5-syzkaller-00038-g733923397fd9 #0 PREEMPT(full) 
[  730.591021][T15118] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  730.591032][T15118] Call Trace:
[  730.591038][T15118]  <TASK>
[  730.591046][T15118]  dump_stack_lvl+0x16c/0x1f0
[  730.591082][T15118]  should_fail_ex+0x512/0x640
[  730.591107][T15118]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[  730.591138][T15118]  should_failslab+0xc2/0x120
[  730.591155][T15118]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  730.591180][T15118]  ? consume_skb+0xcc/0x100
[  730.591196][T15118]  ? __alloc_skb+0x2b2/0x380
[  730.591245][T15118]  __alloc_skb+0x2b2/0x380
[  730.591269][T15118]  ? __pfx___alloc_skb+0x10/0x10
[  730.591303][T15118]  netlink_ack+0x15d/0xb80
[  730.591323][T15118]  ? __pfx___dev_queue_xmit+0x10/0x10
[  730.591351][T15118]  netlink_rcv_skb+0x332/0x420
[  730.591369][T15118]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  730.591393][T15118]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  730.591423][T15118]  ? ns_capable+0xd7/0x110
[  730.591444][T15118]  nfnetlink_rcv+0x1b3/0x430
[  730.591466][T15118]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  730.591485][T15118]  ? netlink_deliver_tap+0x1ae/0xd30
[  730.591519][T15118]  netlink_unicast+0x53a/0x7f0
[  730.591541][T15118]  ? __pfx_netlink_unicast+0x10/0x10
[  730.591565][T15118]  netlink_sendmsg+0x8d1/0xdd0
[  730.591589][T15118]  ? __pfx_netlink_sendmsg+0x10/0x10
[  730.591609][T15118]  ? __import_iovec+0x1dd/0x650
[  730.591631][T15118]  ____sys_sendmsg+0xa98/0xc70
[  730.591654][T15118]  ? __pfx_____sys_sendmsg+0x10/0x10
[  730.591670][T15118]  ? get_compat_msghdr+0x11a/0x170
[  730.591708][T15118]  ___sys_sendmsg+0x134/0x1d0
[  730.591734][T15118]  ? __pfx____sys_sendmsg+0x10/0x10
[  730.591772][T15118]  ? find_held_lock+0x2b/0x80
[  730.591806][T15118]  __sys_sendmsg+0x16d/0x220
[  730.591832][T15118]  ? __pfx___sys_sendmsg+0x10/0x10
[  730.591857][T15118]  ? __pfx_bpf_trace_run2+0x10/0x10
[  730.591886][T15118]  ? syscall_trace_enter+0x1cb/0x260
[  730.591916][T15118]  ? rcu_is_watching+0x12/0xc0
[  730.591937][T15118]  __do_fast_syscall_32+0x7c/0x3a0
[  730.591965][T15118]  do_fast_syscall_32+0x32/0x80
[  730.591990][T15118]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  730.592012][T15118] RIP: 0023:0xf704e579
[  730.592026][T15118] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  730.592041][T15118] RSP: 002b:00000000f503e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  730.592057][T15118] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000140
[  730.592069][T15118] RDX: 0000000000040000 RSI: 0000000000000000 RDI: 0000000000000000
[  730.592096][T15118] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  730.592105][T15118] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  730.592117][T15118] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  730.592141][T15118]  </TASK>
[  731.060257][T15071] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  731.069398][T15071] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  731.073933][T15071] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  731.080584][T15071] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  731.217308][T15071] 8021q: adding VLAN 0 to HW filter on device bond0
[  731.233924][T15071] 8021q: adding VLAN 0 to HW filter on device team0
[  731.241356][ T9658] bridge0: port 1(bridge_slave_0) entered blocking state
[  731.244340][ T9658] bridge0: port 1(bridge_slave_0) entered forwarding state
[  731.255164][ T9658] bridge0: port 2(bridge_slave_1) entered blocking state
[  731.257617][ T9658] bridge0: port 2(bridge_slave_1) entered forwarding state
[  731.286930][ T5964] Bluetooth: hci4: command tx timeout
[  731.426914][T15071] 8021q: adding VLAN 0 to HW filter on device batadv0
[  731.461126][T15071] veth0_vlan: entered promiscuous mode
[  731.467261][T15071] veth1_vlan: entered promiscuous mode
[  731.484132][   T10] usb 8-1: new high-speed USB device number 24 using dummy_hcd
[  731.493478][T15071] veth0_macvtap: entered promiscuous mode
[  731.499277][T15071] veth1_macvtap: entered promiscuous mode
[  731.510023][T15071] batman_adv: batadv0: Interface activated: batadv_slave_0
[  731.519931][T15071] batman_adv: batadv0: Interface activated: batadv_slave_1
[  731.525509][T15071] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  731.528231][T15071] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  731.530882][T15071] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  731.533768][T15071] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  731.623921][   T74] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  731.627529][   T74] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  731.634168][   T10] usb 8-1: Using ep0 maxpacket: 8
[  731.637816][   T10] usb 8-1: config index 0 descriptor too short (expected 301, got 45)
[  731.641247][   T10] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  731.646046][   T10] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  731.650188][   T10] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  731.656064][   T10] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  731.665239][   T10] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  731.669808][ T1139] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  731.669828][ T1139] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  731.682695][   T10] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  731.895987][   T10] usb 8-1: GET_CAPABILITIES returned 0
[  731.898449][   T10] usbtmc 8-1:16.0: can't read capabilities
[  732.119868][   T24] usb 8-1: USB disconnect, device number 24
[  732.981200][T12085] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  732.996718][T12085] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  733.000508][T12085] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  733.005192][T12085] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  733.014248][T12085] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  733.052710][ T1178] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0
[  733.056122][ T1178] netdevsim netdevsim1 eth3 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0
[  733.107550][T15166] lo speed is unknown, defaulting to 1000
[  733.110105][T15166] lo speed is unknown, defaulting to 1000
[  733.177072][ T1178] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0
[  733.181119][ T1178] netdevsim netdevsim1 eth2 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0
[  733.364479][T12085] Bluetooth: hci4: command tx timeout
[  733.472079][ T1178] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0
[  733.475765][ T1178] netdevsim netdevsim1 eth1 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0
[  733.515815][T15166] chnl_net:caif_netlink_parms(): no params data found
[  733.839415][ T1178] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0
[  733.845744][ T1178] netdevsim netdevsim1 eth0 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0
[  733.895222][T15166] bridge0: port 1(bridge_slave_0) entered blocking state
[  733.897966][T15166] bridge0: port 1(bridge_slave_0) entered disabled state
[  733.900250][T15166] bridge_slave_0: entered allmulticast mode
[  733.903048][T15166] bridge_slave_0: entered promiscuous mode
[  733.908858][T15166] bridge0: port 2(bridge_slave_1) entered blocking state
[  733.911203][T15166] bridge0: port 2(bridge_slave_1) entered disabled state
[  733.913941][T15166] bridge_slave_1: entered allmulticast mode
[  733.917231][T15166] bridge_slave_1: entered promiscuous mode
[  734.045414][T15166] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  734.050988][T15166] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  734.173756][T15166] team0: Port device team_slave_0 added
[  734.189045][T15166] team0: Port device team_slave_1 added
[  734.243345][T15166] batman_adv: batadv0: Adding interface: batadv_slave_0
[  734.245687][T15166] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  734.260259][T15166] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  734.272677][T15166] batman_adv: batadv0: Adding interface: batadv_slave_1
[  734.275848][T15166] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  734.285255][T15166] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  735.044315][T12085] Bluetooth: hci3: command tx timeout
[  735.383122][ T1178] gretap0 (unregistering): left promiscuous mode
[  735.412711][ T1178] dvmrp0 (unregistering): left allmulticast mode
[  735.637003][ T1178]  (unregistering): Released all slaves
[  735.651878][T15166] hsr_slave_0: entered promiscuous mode
[  735.657118][T15166] hsr_slave_1: entered promiscuous mode
[  735.660146][T15166] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  735.663264][T15166] Cannot create hsr debugfs directory
[  735.759215][ T1178] : left promiscuous mode
[  736.247639][ T1178] dummy0: left promiscuous mode
[  736.283900][ T1178] hsr_slave_0: left promiscuous mode
[  736.294344][ T1178] hsr_slave_1: left promiscuous mode
[  736.322778][ T1178] veth1_macvtap: left promiscuous mode
[  736.326073][ T1178] veth0_macvtap: left promiscuous mode
[  736.328356][ T1178] veth1_vlan: left promiscuous mode
[  736.330935][ T1178] veth0_vlan: left promiscuous mode
[  736.354107][T15138] usb 8-1: new high-speed USB device number 25 using dummy_hcd
[  736.506649][T15198] trusted_key: encrypted_key: insufficient parameters specified
[  736.512044][T15138] usb 8-1: Using ep0 maxpacket: 8
[  736.516435][T15138] usb 8-1: config index 0 descriptor too short (expected 301, got 45)
[  736.519883][T15138] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  736.523955][T15138] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  736.527927][T15138] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  736.531545][T15138] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  736.536711][T15138] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  736.540248][T15138] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  736.758363][T15138] usb 8-1: GET_CAPABILITIES returned 0
[  736.760169][T15138] usbtmc 8-1:16.0: can't read capabilities
[  736.874103][ T9226] usb 7-1: new high-speed USB device number 22 using dummy_hcd
[  737.025960][ T9226] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  737.029585][ T9226] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  737.032842][ T9226] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  737.039802][ T9226] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  737.042786][ T9226] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  737.047622][ T9226] usb 7-1: config 0 descriptor??
[  737.064513][T15194] usbtmc 8-1:16.0: usb_control_msg returned -71
[  737.064720][T15138] usb 8-1: USB disconnect, device number 25
[  737.139377][T12085] Bluetooth: hci3: command tx timeout
[  737.460950][ T9226] plantronics 0003:047F:FFFF.0006: reserved main item tag 0xd
[  737.464991][ T9226] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0
[  737.468298][ T9226] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0
[  737.482647][ T9226] plantronics 0003:047F:FFFF.0006: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0
[  737.753141][   T10] usb 7-1: USB disconnect, device number 22
[  737.758114][    T9] lo speed is unknown, defaulting to 1000
[  737.760299][    T9] syz2: Port: 1 Link DOWN
[  738.060877][T15166] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  738.067886][T15166] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  738.074074][T15166] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  738.081886][T15166] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  738.173252][T15166] 8021q: adding VLAN 0 to HW filter on device bond0
[  738.187201][T15166] 8021q: adding VLAN 0 to HW filter on device team0
[  738.194685][ T1140] bridge0: port 1(bridge_slave_0) entered blocking state
[  738.197695][ T1140] bridge0: port 1(bridge_slave_0) entered forwarding state
[  738.205504][ T1139] bridge0: port 2(bridge_slave_1) entered blocking state
[  738.208053][ T1139] bridge0: port 2(bridge_slave_1) entered forwarding state
[  738.237181][T15166] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  738.379878][T15227] netlink: 32 bytes leftover after parsing attributes in process `syz.3.2394'.
[  738.405223][T15166] 8021q: adding VLAN 0 to HW filter on device batadv0
[  738.450604][T15166] veth0_vlan: entered promiscuous mode
[  738.458663][T15166] veth1_vlan: entered promiscuous mode
[  738.494875][T15166] veth0_macvtap: entered promiscuous mode
[  738.501423][T15166] veth1_macvtap: entered promiscuous mode
[  738.540572][T15166] batman_adv: batadv0: Interface activated: batadv_slave_0
[  738.555907][T15166] batman_adv: batadv0: Interface activated: batadv_slave_1
[  738.569043][T15166] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  738.573043][T15166] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  738.579811][T15166] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  738.583656][T15166] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  738.634526][ T1139] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  738.640282][ T1139] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  738.660546][ T1178] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  738.664156][ T1178] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  738.963719][T15234] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2395'.
[  739.204192][T12085] Bluetooth: hci3: command tx timeout
[  739.380518][    C3] ata1: illegal qc_active transition (00000000->01000000)
[  739.706774][ T1109] ata1: SATA link up 1.5 Gbps (SStatus 113 SControl 300)
[  739.721025][ T1109] ata1.00: configured for UDMA/100
[  741.090685][T15293] can0: slcan on ttyS3.
[  741.284284][   T34] usb 7-1: new high-speed USB device number 23 using dummy_hcd
[  741.287633][T12085] Bluetooth: hci3: command tx timeout
[  741.454091][   T34] usb 7-1: Using ep0 maxpacket: 8
[  741.460210][   T34] usb 7-1: config index 0 descriptor too short (expected 301, got 45)
[  741.463720][   T34] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  741.481775][   T34] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  741.491946][   T34] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  741.504218][   T34] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  741.524158][   T34] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  741.546412][   T34] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  741.848829][   T34] usb 7-1: GET_CAPABILITIES returned 0
[  741.854245][   T34] usbtmc 7-1:16.0: can't read capabilities
[  741.906175][T15290] can0 (unregistered): slcan off ttyS3.
[  742.069556][ T5999] usb 7-1: USB disconnect, device number 23
[  742.220107][T15296] can0: slcan on ttyS3.
[  743.385419][T15294] can0 (unregistered): slcan off ttyS3.
[  745.293626][T15305] input: syz1 as /devices/virtual/input/input16
[  745.296600][T15305] input: failed to attach handler leds to device input16, error: -6
[  745.514237][T15322] netlink: 'syz.3.2407': attribute type 2 has an invalid length.
[  745.525573][T15322] netlink: 723 bytes leftover after parsing attributes in process `syz.3.2407'.
[  746.647018][ T1419] ieee802154 phy1 wpan1: encryption failed: -22
[  746.866191][T15334] netlink: 'syz.2.2409': attribute type 1 has an invalid length.
[  747.775859][T15345] "syz.0.2410" (15345) uses obsolete ecb(arc4) skcipher
[  747.870901][ T5964] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  747.878287][ T5964] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  747.881967][ T5964] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  747.885495][ T5964] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  747.889932][ T5964] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  747.910657][T15346] lo speed is unknown, defaulting to 1000
[  747.934560][    T9] usb 7-1: new high-speed USB device number 24 using dummy_hcd
[  748.101294][    T9] usb 7-1: Using ep0 maxpacket: 8
[  748.122606][    T9] usb 7-1: config index 0 descriptor too short (expected 301, got 45)
[  748.126390][    T9] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  748.130569][    T9] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  748.134159][T15257] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  748.135118][    T9] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  748.152145][    T9] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  748.155718][T15346] chnl_net:caif_netlink_parms(): no params data found
[  748.158749][    T9] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  748.168521][    T9] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  748.234944][T15257] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  748.403287][    T9] usb 7-1: GET_CAPABILITIES returned 0
[  748.404440][T15257] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  748.406454][    T9] usbtmc 7-1:16.0: can't read capabilities
[  748.450916][T15346] bridge0: port 1(bridge_slave_0) entered blocking state
[  748.454287][T15346] bridge0: port 1(bridge_slave_0) entered disabled state
[  748.457352][T15346] bridge_slave_0: entered allmulticast mode
[  748.461199][T15346] bridge_slave_0: entered promiscuous mode
[  748.471051][T15346] bridge0: port 2(bridge_slave_1) entered blocking state
[  748.474243][T15346] bridge0: port 2(bridge_slave_1) entered disabled state
[  748.477396][T15346] bridge_slave_1: entered allmulticast mode
[  748.481030][T15346] bridge_slave_1: entered promiscuous mode
[  748.614833][T15257] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  748.621919][    T9] usb 7-1: USB disconnect, device number 24
[  748.628264][T15346] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  748.638672][T15346] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  748.865692][T15346] team0: Port device team_slave_0 added
[  748.870111][T15346] team0: Port device team_slave_1 added
[  749.007732][T15346] batman_adv: batadv0: Adding interface: batadv_slave_0
[  749.010708][T15346] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  749.023376][T15346] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  749.055354][T15346] batman_adv: batadv0: Adding interface: batadv_slave_1
[  749.059568][T15346] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  749.081793][T15346] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  749.710450][T15368] 9pnet_virtio: no channels available for device syz
[  749.927433][T12085] Bluetooth: hci0: command tx timeout
[  749.977030][T15257] gretap0 (unregistering): left promiscuous mode
[  750.511411][T15257] bond0 (unregistering): Released all slaves
[  750.685567][T15257] : left promiscuous mode
[  750.743273][T15346] hsr_slave_0: entered promiscuous mode
[  750.764365][T15346] hsr_slave_1: entered promiscuous mode
[  750.795578][T15257] tipc: Left network mode
[  750.922353][T15380] netlink: 72 bytes leftover after parsing attributes in process `syz.2.2420'.
[  751.108468][T15384] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2421'.
[  751.354158][T15257] dummy0: left promiscuous mode
[  751.372040][T15257] hsr_slave_0: left promiscuous mode
[  751.378103][T15257] hsr_slave_1: left promiscuous mode
[  751.407561][T15257] veth1_macvtap: left promiscuous mode
[  751.409348][T15257] veth0_macvtap: left promiscuous mode
[  751.411170][T15257] veth1_vlan: left promiscuous mode
[  751.413888][T15257] veth0_vlan: left promiscuous mode
[  751.834092][   T54] usb 7-1: new high-speed USB device number 25 using dummy_hcd
[  752.002893][   T54] usb 7-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  752.006834][T12085] Bluetooth: hci0: command tx timeout
[  752.009325][   T54] usb 7-1: config 0 interface 0 has no altsetting 0
[  752.014691][   T54] usb 7-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  752.018478][   T54] usb 7-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  752.021921][   T54] usb 7-1: Product: syz
[  752.023658][   T54] usb 7-1: Manufacturer: syz
[  752.029028][   T54] usb 7-1: SerialNumber: syz
[  752.033045][   T54] usb 7-1: config 0 descriptor??
[  752.042553][   T54] usb 7-1: selecting invalid altsetting 0
[  752.255431][   T54] usb 7-1: USB disconnect, device number 25
[  752.901484][T15398] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2424'.
[  753.237897][T15402] ip6t_srh: unknown srh invflags 6BE9
[  753.252031][T15402] ubi: mtd0 is already attached to ubi31
[  753.414085][T13728] usb 5-1: new high-speed USB device number 26 using dummy_hcd
[  753.604039][T13728] usb 5-1: Using ep0 maxpacket: 8
[  753.623110][T13728] usb 5-1: config index 0 descriptor too short (expected 301, got 45)
[  753.643654][T13728] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  753.647747][T15346] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  753.648208][T13728] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  753.655708][T13728] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  753.658163][T15346] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  753.663352][T13728] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  753.663913][T15346] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  753.669075][T13728] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  753.675021][T13728] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  753.677355][T15346] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  753.743893][T15346] 8021q: adding VLAN 0 to HW filter on device bond0
[  753.760028][T15346] 8021q: adding VLAN 0 to HW filter on device team0
[  753.768775][T15257] bridge0: port 1(bridge_slave_0) entered blocking state
[  753.771874][T15257] bridge0: port 1(bridge_slave_0) entered forwarding state
[  753.781241][   T74] bridge0: port 2(bridge_slave_1) entered blocking state
[  753.784329][   T74] bridge0: port 2(bridge_slave_1) entered forwarding state
[  753.888813][T13728] usb 5-1: GET_CAPABILITIES returned 0
[  753.891224][T13728] usbtmc 5-1:16.0: can't read capabilities
[  753.978193][T15346] 8021q: adding VLAN 0 to HW filter on device batadv0
[  754.017647][T15346] veth0_vlan: entered promiscuous mode
[  754.022703][T15346] veth1_vlan: entered promiscuous mode
[  754.048185][T15346] veth0_macvtap: entered promiscuous mode
[  754.054255][T15346] veth1_macvtap: entered promiscuous mode
[  754.068758][T15346] batman_adv: batadv0: Interface activated: batadv_slave_0
[  754.079254][T15346] batman_adv: batadv0: Interface activated: batadv_slave_1
[  754.082429][T15412] "syz.2.2427" (15412) uses obsolete ecb(arc4) skcipher
[  754.084260][T12085] Bluetooth: hci0: command tx timeout
[  754.086602][T15346] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  754.091688][T15346] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  754.096667][T15346] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  754.100263][T15346] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  754.125049][T15421] netlink: 'syz.1.2428': attribute type 1 has an invalid length.
[  754.161274][T15251] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  754.166117][T15251] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  754.185332][T15241] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  754.189074][T15241] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  754.193915][T13728] usb 5-1: USB disconnect, device number 26
[  754.198673][T15401] usbtmc 5-1:16.0: usb_control_msg returned -71
[  755.308094][T15435] Bluetooth: MGMT ver 1.23
[  756.108551][ T5964] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  756.124334][ T5964] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  756.134149][ T5964] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  756.166218][ T5964] Bluetooth: hci0: command tx timeout
[  756.171773][ T5964] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  756.176753][ T5964] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  756.292957][T15443] lo speed is unknown, defaulting to 1000
[  756.675922][ T1082] smc: removing ib device syz1
[  756.696291][   T34] syz1: Port: 1 Link DOWN
[  757.068732][T15443] chnl_net:caif_netlink_parms(): no params data found
[  758.313318][ T1082] ------------[ cut here ]------------
[  758.315825][ T1082] GID entry ref leak for dev syz1 index 2 ref=1
[  758.324325][T12085] Bluetooth: hci1: command tx timeout
[  758.324581][ T1082] WARNING: CPU: 3 PID: 1082 at drivers/infiniband/core/cache.c:806 gid_table_release_one+0x387/0x4b0
[  758.330647][ T1082] Modules linked in:
[  758.332655][ T1082] CPU: 3 UID: 0 PID: 1082 Comm: kworker/u32:5 Not tainted 6.16.0-rc5-syzkaller-00038-g733923397fd9 #0 PREEMPT(full) 
[  758.338710][ T1082] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  758.342069][ T1082] Workqueue: ib-unreg-wq ib_unregister_work
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  758.343927][ T1082] RIP: 0010:gid_table_release_one+0x387/0x4b0
[  758.346145][ T1082] Code: 07 00 00 48 85 f6 74 2b 48 89 74 24 38 e8 b1 ad 32 f9 48 8b 74 24 38 44 89 f1 44 89 ea 48 c7 c7 e0 86 b9 8c e8 9a f9 f1 f8 90 <0f> 0b 90 90 e9 6e fe ff ff e8 8b ad 32 f9 48 8d bd 48 07 00 00 48
[  758.352239][ T1082] RSP: 0018:ffffc9000679fb50 EFLAGS: 00010286
[  758.354231][ T1082] RAX: 0000000000000000 RBX: ffff88802927d200 RCX: ffffffff817ab108
[  758.356721][ T1082] RDX: ffff888023a8a440 RSI: ffffffff817ab115 RDI: 0000000000000001
[  758.359384][ T1082] RBP: ffff8880707bc000 R08: 0000000000000001 R09: 0000000000000000
[  758.361833][ T1082] R10: 0000000000000001 R11: 0000000000000001 R12: ffffed100524fa5b
[  758.364434][ T1082] R13: 0000000000000002 R14: 0000000000000001 R15: dffffc0000000000
[  758.367233][ T1082] FS:  0000000000000000(0000) GS:ffff888097821000(0000) knlGS:0000000000000000
[  758.370315][ T1082] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  758.372430][ T1082] CR2: 00000000807ce018 CR3: 000000002874b000 CR4: 0000000000352ef0
[  758.375139][ T1082] Call Trace:
[  758.376303][ T1082]  <TASK>
[  758.377246][ T1082]  ib_device_release+0xef/0x1e0
[  758.378921][ T1082]  ? __pfx_ib_device_release+0x10/0x10
[  758.381206][ T1082]  device_release+0xa4/0x240
[  758.382870][ T1082]  kobject_put+0x1e7/0x5a0
[  758.384429][ T1082]  put_device+0x1f/0x30
[  758.386012][ T1082]  process_one_work+0x9cf/0x1b70
[  758.388112][ T1082]  ? __pfx_process_one_work+0x10/0x10
[  758.390372][ T1082]  ? assign_work+0x1a0/0x250
[  758.392349][ T1082]  worker_thread+0x6c8/0xf10
[  758.394395][ T1082]  ? __kthread_parkme+0x19e/0x250
[  758.396490][ T1082]  ? __pfx_worker_thread+0x10/0x10
[  758.398656][ T1082]  kthread+0x3c2/0x780
[  758.400500][ T1082]  ? __pfx_kthread+0x10/0x10
[  758.402453][ T1082]  ? rcu_is_watching+0x12/0xc0
[  758.404728][ T1082]  ? __pfx_kthread+0x10/0x10
[  758.406577][ T1082]  ret_from_fork+0x5d7/0x6f0
[  758.408519][ T1082]  ? __pfx_kthread+0x10/0x10
[  758.410468][ T1082]  ret_from_fork_asm+0x1a/0x30
[  758.412672][ T1082]  </TASK>
[  758.414294][ T1082] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  758.417284][ T1082] CPU: 3 UID: 0 PID: 1082 Comm: kworker/u32:5 Not tainted 6.16.0-rc5-syzkaller-00038-g733923397fd9 #0 PREEMPT(full) 
[  758.422192][ T1082] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  758.426565][ T1082] Workqueue: ib-unreg-wq ib_unregister_work
[  758.429014][ T1082] Call Trace:
[  758.430424][ T1082]  <TASK>
[  758.431669][ T1082]  dump_stack_lvl+0x3d/0x1f0
[  758.433469][ T1082]  panic+0x71c/0x800
[  758.434916][ T1082]  ? __pfx_panic+0x10/0x10
[  758.436754][ T1082]  ? show_trace_log_lvl+0x29b/0x3e0
[  758.438809][ T1082]  ? check_panic_on_warn+0x1f/0xb0
[  758.441068][ T1082]  ? gid_table_release_one+0x387/0x4b0
[  758.443369][ T1082]  check_panic_on_warn+0xab/0xb0
[  758.445431][ T1082]  __warn+0xf6/0x3c0
[  758.447015][ T1082]  ? preempt_schedule_notrace+0x62/0xe0
[  758.449107][ T1082]  ? gid_table_release_one+0x387/0x4b0
[  758.451359][ T1082]  report_bug+0x3c3/0x580
[  758.453187][ T1082]  ? gid_table_release_one+0x387/0x4b0
[  758.455530][ T1082]  handle_bug+0x184/0x210
[  758.457341][ T1082]  exc_invalid_op+0x17/0x50
[  758.459254][ T1082]  asm_exc_invalid_op+0x1a/0x20
[  758.461283][ T1082] RIP: 0010:gid_table_release_one+0x387/0x4b0
[  758.463816][ T1082] Code: 07 00 00 48 85 f6 74 2b 48 89 74 24 38 e8 b1 ad 32 f9 48 8b 74 24 38 44 89 f1 44 89 ea 48 c7 c7 e0 86 b9 8c e8 9a f9 f1 f8 90 <0f> 0b 90 90 e9 6e fe ff ff e8 8b ad 32 f9 48 8d bd 48 07 00 00 48
[  758.471346][ T1082] RSP: 0018:ffffc9000679fb50 EFLAGS: 00010286
[  758.473849][ T1082] RAX: 0000000000000000 RBX: ffff88802927d200 RCX: ffffffff817ab108
[  758.476764][ T1082] RDX: ffff888023a8a440 RSI: ffffffff817ab115 RDI: 0000000000000001
[  758.479979][ T1082] RBP: ffff8880707bc000 R08: 0000000000000001 R09: 0000000000000000
[  758.483172][ T1082] R10: 0000000000000001 R11: 0000000000000001 R12: ffffed100524fa5b
[  758.486439][ T1082] R13: 0000000000000002 R14: 0000000000000001 R15: dffffc0000000000
[  758.489697][ T1082]  ? __warn_printk+0x198/0x350
[  758.491703][ T1082]  ? __warn_printk+0x1a5/0x350
[  758.493760][ T1082]  ib_device_release+0xef/0x1e0
[  758.495814][ T1082]  ? __pfx_ib_device_release+0x10/0x10
[  758.498151][ T1082]  device_release+0xa4/0x240
[  758.499922][ T1082]  kobject_put+0x1e7/0x5a0
[  758.501689][ T1082]  put_device+0x1f/0x30
[  758.503388][ T1082]  process_one_work+0x9cf/0x1b70
[  758.505318][ T1082]  ? __pfx_process_one_work+0x10/0x10
[  758.507541][ T1082]  ? assign_work+0x1a0/0x250
[  758.509530][ T1082]  worker_thread+0x6c8/0xf10
[  758.511489][ T1082]  ? __kthread_parkme+0x19e/0x250
[  758.513595][ T1082]  ? __pfx_worker_thread+0x10/0x10
[  758.515712][ T1082]  kthread+0x3c2/0x780
[  758.517450][ T1082]  ? __pfx_kthread+0x10/0x10
[  758.519386][ T1082]  ? rcu_is_watching+0x12/0xc0
[  758.521391][ T1082]  ? __pfx_kthread+0x10/0x10
[  758.523322][ T1082]  ret_from_fork+0x5d7/0x6f0
[  758.525290][ T1082]  ? __pfx_kthread+0x10/0x10
[  758.527247][ T1082]  ret_from_fork_asm+0x1a/0x30
[  758.529250][ T1082]  </TASK>
[  758.531209][ T1082] Kernel Offset: disabled
[  758.532870][ T1082] Rebooting in 86400 seconds..

VM DIAGNOSIS:
11:41:57  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000000000 RBX=ffffc9000380fb60 RCX=0000000000000000 RDX=0000000000000000
RSI=ffffffff850bf3e4 RDI=ffffc9000380fb60 RBP=ffffffff850bf3d0 RSP=ffffc900022dfeb0
R8 =0000000000000001 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000000
R12=0000000000000000 R13=dffffc0000000000 R14=0000000000000000 R15=ffffc9000380fb28
RIP=ffffffff850bf40d RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0000 0000000000000000 ffffffff 00c00000
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff888097521000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=000000002f90fff8 CR3=00000000712fe000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000f000000000 0000000300000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000000000046 RBX=0000000000000001 RCX=ffffc90003b5faec RDX=0000000000000002
RSI=ffffffff8de06a02 RDI=ffffffff8c1578e0 RBP=000000000000001d RSP=ffffc90003b5fab8
R8 =0000000000000001 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000001
R12=ffffffff8b5185e5 R13=0000000000000206 R14=ffff888024f50000 R15=0000000000000003
RIP=ffffffff8b8453fe RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff888097621000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=000000008002a000 CR3=00000000712fe000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000f000000000 0000000300000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 2

CPU#2
RAX=0000000000000000 RBX=0000000000000006 RCX=00000000ef9d33e4 RDX=0000000000000000
RSI=ffffffff8de06a02 RDI=ffffffff8c1578e0 RBP=ffffc900031eff58 RSP=ffffc900031efd80
R8 =0ac0d5affe09d4ff R9 =0000000000000000 R10=0000000000000000 R11=0000000000000001
R12=000056458ed40000 R13=000056458ed40000 R14=ffff888049188a00 R15=1ffff9200063dfb8
RIP=ffffffff8b8441a8 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0000 0000000000000000 ffffffff 00c00000
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007fba0cd81300 ffffffff 00c00000
GS =0000 ffff888097721000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000008f000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=000056458ed40000 CR3=000000004b773000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=00000000fcffc200 Opmask01=000000000000ffff Opmask02=00000000ffffffff Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000001 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffff8887e460 ffffffff85567484 0000000200000004 0000000600040008
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffff850fc51f ffffffff8246a5c9 ffffffff8206f11a ffffffff866ccedb
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffe908 ffffffff8206d9ce ffffffff816c607d ffffffff8b53d4d1
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0005a20304408080 820005a203300200 05a0031e08000598 0300040005940300
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0200059203000200 0590031608000588 0300040005840300 40a0808200058203
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0040808082000582 0330020005800305 8004109003240800 1088030c08001080
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0300040000080063 800201c708000801 498600726578696d 2f7665642f01ffff
ZMM24=0297411002974110 0297411002974110 0297411002974110 0297411002974110 0297411002974110 0297411002974110 0297411002974110 0297411002974110
ZMM25=d2ef357dd2ef357d d2ef357dd2ef357d d2ef357dd2ef357d d2ef357dd2ef357d d2ef357dd2ef357d d2ef357dd2ef357d d2ef357dd2ef357d d2ef357dd2ef357d
ZMM26=bafff4bbbafff4bb bafff4bbbafff4bb bafff4bbbafff4bb bafff4bbbafff4bb bafff4bbbafff4bb bafff4bbbafff4bb bafff4bbbafff4bb bafff4bbbafff4bb
ZMM27=467cf634467cf634 467cf634467cf634 467cf634467cf634 467cf634467cf634 467cf634467cf634 467cf634467cf634 467cf634467cf634 467cf634467cf634
ZMM28=000000300000002f 0000002e0000002d 0000002c0000002b 0000002a00000029 0000002800000027 0000002600000025 0000002400000023 0000002200000021
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=d91a0000d91a0000 d91a0000d91a0000 d91a0000d91a0000 d91a0000d91a0000 d91a0000d91a0000 d91a0000d91a0000 d91a0000d91a0000 d91a0000d91a0000
info registers vcpu 3

CPU#3
RAX=000000000000006b RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff85583cd5 RDI=ffffffff9b0ab980 RBP=ffffffff9b0ab940 RSP=ffffc9000679f4c0
R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=0000000000000001
R12=0000000000000000 R13=000000000000006b R14=ffffffff9b0ab940 R15=ffffffff85583c70
RIP=ffffffff85583cff RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff888097821000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000d6000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000807ce018 CR3=000000002874b000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=00000000000000c1 Opmask01=0000000000000001 Opmask02=0000000000000008 Opmask03=0000000000000000
Opmask04=00000000fffffff7 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffc98cf22cb 00007ffc98cf22cb
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffc98cf27d0 0000003000000018
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffc98cf27d0 0000003000000018
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0a0a0a0a0a0a0a0a 0a0a0a0a0a0a0a0a 0a0a0a0a0a0a0a0a 0a0a0a0a0a0a0a0a
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 30353a30353a3035 3a30352044495353 42202c6b726f7774 000034203e203900
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 3035303035303035 3030352044435353 4220266172657774 0000342034203300
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 666572207972746e 6520444947205d32 38303154205b5d35 32383531332e3835
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 33203a65756c6176 207327726f747069 7263736564206563 61667265746e6920
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 656874206d6f7266 20746e6572656666 6964202c73726f74 7069726373656420
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 746e696f70646e65 2032207361682030 20676e6974746573 746c612030206563
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 61667265746e6920 3631206769666e6f 63203a312d352062 7375205d38323733
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 65746e656d676172 66206562206c6c69 7720656361667265 746e692073696874
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000