last executing test programs:

7.006176934s ago: executing program 2 (id=2915):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000006600), 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r3}, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = getpid()
process_vm_readv(r4, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={0x0}, 0x10)
ioctl$BTRFS_IOC_TREE_SEARCH(0xffffffffffffffff, 0xd0009411, &(0x7f0000004c00)={{0x0, 0x0, 0x1000, 0x3, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, 0x3}})
sendmsg$IPCTNL_MSG_EXP_GET(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f00000003c0)={&(0x7f00000002c0)={0x14, 0x1, 0x2, 0x101, 0x0, 0x0, {0x2, 0x0, 0x1}}, 0x14}, 0x1, 0x0, 0x0, 0x4048091}, 0x46095)
r5 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r5, 0x1, 0x3c, &(0x7f0000000040)=0x1, 0x4)
setrlimit(0x0, &(0x7f0000000100)={0xffffffffffffffff})
r6 = open(0x0, 0x1c1042, 0x0)
r7 = open(0x0, 0x0, 0x0)
r8 = syz_open_procfs(0x0, &(0x7f0000000040)='ns\x00')
move_mount(r8, &(0x7f00000000c0)='./mnt\x00', r8, &(0x7f0000000100)='./mnt\x00', 0x271)
sendfile(r7, r6, 0x0, 0x0)
syz_emit_ethernet(0x32, &(0x7f0000000040)={@broadcast, @dev, @val, {@ipv4={0x8864, @udp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x2f, 0x0, @rand_addr, @local}, {0x0, 0x0, 0x8}}}}}, 0x0)
open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0)
fcntl$setownex(0xffffffffffffffff, 0xf, &(0x7f0000000080)={0x2})
openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/locks\x00', 0x0, 0x0)
preadv(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
ioctl$TIOCSSOFTCAR(r2, 0x5453, 0x0)
r9 = dup(r1)
bind$alg(r8, &(0x7f0000000340)={0x26, 'aead\x00', 0x0, 0x0, 'seqiv(rfc4543(gcm_base(ctr(aes-aesni),ghash-generic)))\x00'}, 0x58)
ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, 0x0)

6.74368703s ago: executing program 1 (id=2917):
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000800)=@filter={'filter\x00', 0x42, 0x4, 0x278, 0xffffffff, 0x1c8, 0x1c8, 0x1c8, 0xffffffff, 0xffffffff, 0x2e8, 0x2e8, 0x2e8, 0xffffffff, 0x4, 0x0, {[{{@ip={@rand_addr, @loopback, 0x0, 0x0, 'veth0_to_batadv\x00', 'wlan0\x00'}, 0x0, 0x70, 0x98, 0x0, {0x100000000000000}}, @REJECT={0x28}}, {{@uncond, 0x0, 0x70, 0x98}, @common=@inet=@SET1={0x28}}, {{@ip={@private, @loopback, 0x0, 0x0, 'bridge0\x00', 'ip6erspan0\x00'}, 0x0, 0x70, 0xb0}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x2d8)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x35, &(0x7f0000000000), 0x4)
setsockopt$inet6_IPV6_HOPOPTS(0xffffffffffffffff, 0x29, 0x36, 0x0, 0x8)
pipe(&(0x7f0000000300)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
write(r2, &(0x7f00000001c0), 0xfffffef3)
pipe(&(0x7f0000000100)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
write(0xffffffffffffffff, &(0x7f00000001c0)='4', 0x1)
tee(r3, r2, 0x3, 0x0)
bind$inet6(0xffffffffffffffff, &(0x7f0000f5dfe4)={0xa, 0x4e1d, 0x0, @empty, 0x1}, 0x1c)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r7, 0x4008ae89, &(0x7f0000000300)=ANY=[@ANYBLOB="0100000000000000010100c0"])
setsockopt$inet6_IPV6_DSTOPTS(r0, 0x29, 0x3b, &(0x7f0000000fc0)=ANY=[@ANYRES32=r6, @ANYBLOB="9148092824bc59f07487210260eb4ab49c75d89ef698731258c72ac95850c4749163a8d6ac2be349331ba94b2711fdbd60550f87ff33e3eae19455c38a2093f6f2bd4301296ebe782103478565b0005b599ec27c5cf667a3dcd90f9e67172a48a7995418b0bd475aaf9624cfe752fb6b1cf64a4df5b2551ec44e6cbb2d5471dd78a8ae8a16609b46eb50937e8bec091b9e8b982e0e3cfc30cb53608ef947db183b7963eb5d3c878d96fb2cb690c5c53276833fe3761eee1dfcf7e1b65ade4e26f0f51774331b5072a23897da62b4e296ba25edfda4a876fec7aa614d6d7af96757029e", @ANYBLOB="c2e20c1d4e63e919088c122676a6913d04f8e3d4aaef7ecf95f749dc806008d74723232a3c0a209c1608594e8d8b946afe04171062cfa10ef7bf3df8ced4114d5c98e12711cd6f7eb4d267a73f50108327b22c0c5026757629a39b5cae076199ac2319639c62f22dbd1c128e079bf2bf6dafb24c297595780499a0093c75aa34ef09005ce71d3c2bffa6de3df2ed80556199476a4ee5918b4fe085f3f3a020d1954729696ed094c22926a9562b7ebd9570cffdbfd7ee58dabf19af5a3442795c2762", @ANYRESDEC], 0x8)
recvmmsg(r0, &(0x7f0000000040), 0x400000000000284, 0x2, 0x0)
r8 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x40042, 0x1fe)
write$binfmt_script(r8, &(0x7f0000000680)={'#! ', './file1', [{0x20, '\t\v\xaf\xe2\x8cd0\x99\xa1U\xcc\x9c\xce\xef%\xf2\b\xe9Ow\x98\xa7\xac\xccM\x85\xbf\x11\xb8\xe0 M\xb1:\\TD\x89\x91N\xa6h\xd8\xb1>\xa3`\x99\xc9\xbe\xb9+\xf3`\xdb\x96\x1c\bA\x1bff\xdaD\xe9_\x1b_\xdcO\xe0/\xd6\x93H\x01L-i\xc0\xd6\xec\xeb\xa1W2Ne;X\xba\xd6\x17m\x1e\xcc\xc0\x94\bmi\xd1\x18\xb6+C\xd8\xf8\xdd\x9e\naq\xe0\xb3\x00,>\x80py@\xddG-\x98\xc9!0\x11\x89(\xef\xf1\x99\x0fQ\n\xe2\xa9Y\a\xb4\n\\\xfe\xa4\xbb`u\xc0\xc5\xf6\x13\xfd\xec\xf3F\x87\xf3D\xd9\xefV\x16\x91p\xaf\xfc\xa2\xcdu\xf7<_\x13\xa3Rj\xe1\x1d\xad\xdd\xdc\x140_\x9az\xb9b\xa0\"e\x9c\x94\xd0\xc2\x05\x98\xee\x1f\x93\x8d*\x16\x94\xf1.bv{\xef\xf9\x8a\rFA\x00\xb1\x99<\xcc\xc7\xdb?[\x9b\x7fW\xa2\xfc\x94\xd8~q\xac\x98M\x1e\xe50\xe8p\xe1\x8f\xe4'}]}, 0x103)
close(r8)
execveat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0, 0x0, 0x0)
r9 = creat(&(0x7f0000000500)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e642c6163638173733d616e792c63616368653d667363616368652c76657273696f6e3d3970323030302e75"])
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000003c0)={r2, <r10=>0xffffffffffffffff}, 0x4)
bpf$PROG_LOAD(0x5, &(0x7f0000000d00)={0x9, 0x2, &(0x7f00000000c0)=@raw=[@exit, @call={0x85, 0x0, 0x0, 0xbb}], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x8, &(0x7f0000000180)=""/8, 0x41100, 0x3a, '\x00', 0x0, @cgroup_sock=0xc, 0xffffffffffffffff, 0x8, &(0x7f00000002c0)={0x9, 0x2}, 0x8, 0x10, &(0x7f0000000340)={0x4, 0x7, 0x200, 0xffffffff}, 0x10, 0x0, r1, 0x8, &(0x7f0000000400)=[r3, 0xffffffffffffffff, r1, r1, r2, r10, r4, r9], &(0x7f0000000b00)=[{0x2, 0x4, 0xb, 0x7}, {0x3, 0x5, 0x4, 0x7}, {0x4, 0x1, 0x3, 0x6}, {0x4, 0x1, 0xa, 0x1}, {0x0, 0x3, 0x5, 0x5}, {0x2, 0x1, 0x3, 0x3}, {0x5, 0x4, 0xf, 0xc}, {0x4, 0x5, 0xa, 0x9}], 0x10, 0x800, @void, @value}, 0x94)
chdir(&(0x7f0000000100)='./file0\x00')
r11 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
getdents64(r11, 0x0, 0x0)
link(&(0x7f0000000100)='./file0\x00', &(0x7f0000000bc0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')

5.835677659s ago: executing program 2 (id=2918):
mkdir(&(0x7f0000000240)='./file0\x00', 0x4d)
mount$overlay(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400))
socket$can_bcm(0x1d, 0x2, 0x2)
bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=@bloom_filter={0x1e, 0x8, 0x4, 0xfffffffb, 0x20, 0x1, 0x9, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x1, 0x1, 0xa, @void, @value, @void, @value}, 0x48)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000280)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket(0x840000000002, 0x3, 0x100)
connect$inet(r3, &(0x7f0000000000)={0x2, 0x0, @remote}, 0x10)
sendmmsg$inet(r3, &(0x7f0000005240), 0x264e33, 0x0)
syz_genetlink_get_family_id$netlbl_cipso(0x0, 0xffffffffffffffff)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000100)={'wlan1\x00'})
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0xc, &(0x7f0000000500)=ANY=[@ANYBLOB="18020000000000000000000000000000850000002e000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r5, 0x4000000, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0xe00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)

5.805876574s ago: executing program 1 (id=2919):
r0 = syz_genetlink_get_family_id$nl802154(&(0x7f00000003c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'wpan0\x00', <r1=>0x0})
ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000000000)={'lo\x00', {0x2, 0x0, @multicast1}})
r2 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc)=<r3=>0x0)
timer_settime(0x0, 0x0, &(0x7f0000000280)={{}, {0x0, 0x3938700}}, 0x0)
timer_gettime(r3, &(0x7f0000000180))
poll(0x0, 0x0, 0x108)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
write$binfmt_elf32(r4, &(0x7f0000000200)=ANY=[], 0xfffffdb6)
sendmmsg$unix(r4, &(0x7f0000000700)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000001c0)="c1", 0x1}], 0x1, 0xffffffffffffffff, 0x0, 0x10}}], 0x1, 0x0)
r6 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/address_bits', 0x10000, 0x0)
r7 = socket(0x1, 0x0, 0x0)
recvmsg$inet_nvme(r7, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
close(r5)
rt_sigreturn()
dup(r6)
socket$inet6_icmp(0xa, 0x2, 0x3a)
shutdown(r4, 0x1)
r8 = socket$inet6(0xa, 0x80801, 0x0)
connect$inet6(r8, 0x0, 0x0)
r9 = dup3(r8, 0xffffffffffffffff, 0x0)
shutdown(r9, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r10=>0xffffffffffffffff})
r11 = signalfd(0xffffffffffffffff, &(0x7f0000000080), 0x8)
readv(r11, 0x0, 0x0)
pipe2$9p(&(0x7f0000000280), 0x0)
sendmsg$NL802154_CMD_NEW_SEC_DEVKEY(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f00000002c0)=ANY=[@ANYBLOB="05ae61", @ANYRES16=r0, @ANYBLOB="010026bd7000000000001d00000008000300", @ANYRES16=r10, @ANYBLOB="6c002f804800038008000400010000000500020003000000080004000d0000000c00050002000000000000000c00050002000000000000000c000500ffffffffffffffff08000400723200000800010000000000180003800c00038006000100000000000800010000000000"], 0x88}, 0x1, 0x0, 0x0, 0x20004000}, 0x0)
r12 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL802154_CMD_SET_PAN_ID(r12, &(0x7f00000001c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000140)={0x54, r0, 0x2, 0x70bd28, 0x25dfdbfd, {}, [@NL802154_ATTR_PAN_ID={0x6, 0x9, 0x3}, @NL802154_ATTR_PAN_ID={0x6, 0x9, 0x1}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x2}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r1}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r1}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r1}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000003}]}, 0x54}}, 0x24048c01)

5.147598146s ago: executing program 0 (id=2920):
r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x11, 0x8, &(0x7f0000001b40)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f6fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe508185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff90326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c6be0ed9257851ed916219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c5b901dbd7387f49e0b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000053046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25132a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a068c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238e3fee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e89884cb73f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182060e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000008835196ed0c6a1c1d4c140e5ff0000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd574d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a3174b531f573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d0104361c37c61a43b5afd865b60d4cae891b73220f17d25979a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fcd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d372e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36d3cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e64701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867ec92d13a4faa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a2689217380400a9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a000000000000000000000000000020bd79e41c682139c58ac1deb039a691ad640e12c12fe11d70fe495906f200d71778acbd4eee53a3996cb0de84bd2b059d60c0f96a53ea44e0b293865aa68df494f87db976e36ad6c06912244d4c883c4aaa60b4a1392ce0b2f2c519663b4652ff871e0f6dfff9f7d34ecf04be0a58c3d53174b67d1886e34b81ad8c60da56acc64739c3acab24aa8d0ac92d465074f915608b1b60a948bad401b1a7fb3627bbe6c45123ed44bfdf8cc143bd1b7a663dc3d0476b8e39becffc429e41f66b1e37ae52aacaff0f1dc8ea70b68c25072e20586b19127d75fa71577f265c5100000000000000000000000000028bfaaf1dce7970ae04e33a3d130761c0c0a53997716ebfa0e03c0acdb52e4af877a339d154fea243453e69bc89bb18fc501cf3a623bb871047060234ebc21155d0dc6efa64749afb63a0f8a9c28f62861e826ddf243bd9dda895a9b24d38641856dc058040a418e15139c0b13d52258254eacf045386abe27e8756c29758330146da2e25822afd92467974f70fa71a971517be63845c1eeb1a7a39a8e01750a67925746ffbc35c0046a1d660ebe5967bbc0496d0c9ba9758f9fcf46ecbd2e07523af5e56ff1d8eee549ecc92b0d13ad2edb0149b25debe70d227afb1ad45991bfb63f7cf6a8b5bcabf504d7fe21df0a23e8615055df856d88b7379a4c4499d01221d10c286c10b12ff5c89903806eab61c18721be6edc3d0fdbe2448f130b87b375f0de009ac38fd159a9f54771388f54b50caf5caf896ceb214b298b524c6cfeca9e0343038c68de8856772de2c498e191b9da24cc2a4b722c88a0fd2cca32ea9445e06549d1b5e9c1c90f4de9ce818694c1ced8354729bbec6a828876dae455e24f0f40490aaf80825d0fcdd8620b43da6b7f94c82aac9b256a469312aff3411ac73a377f01f7329a8027d9b47212c2ae9f2038152d0e99b4622a6eb35ba206e43cfbb50ef80b84a1854208c8414b309eb8a3408050772e161beac866e7247b3dc245c9ea14965f2a1a4a97c8baa5a4dd9f8904d47"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x49)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000340)='mmap_lock_acquire_returned\x00', r2}, 0x10)
r3 = getpid()
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3)
r5 = dup(r4)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
setsockopt$bt_BT_CHANNEL_POLICY(r5, 0x112, 0xa, 0x0, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000040)={<r6=>0xffffffffffffffff}, 0x2, 0x6}}, 0x20)
write$RDMA_USER_CM_CMD_QUERY_ROUTE(r5, &(0x7f00000000c0)={0x5, 0x10, 0xfa00, {&(0x7f00000003c0), r6, 0x1}}, 0x18)
syz_io_uring_setup(0x28c3, &(0x7f0000000140)={0x0, 0xdd9f, 0x400, 0x2, 0x2d9, 0x0, r5}, &(0x7f00000001c0)=<r7=>0x0, &(0x7f0000000200))
syz_io_uring_setup(0x7d7c, &(0x7f0000000280)={0x0, 0x631d, 0x40, 0x1, 0x342, 0x0, r5}, &(0x7f00000005c0), &(0x7f0000000600)=<r8=>0x0)
r9 = io_uring_register$IORING_REGISTER_PERSONALITY(r5, 0x9, 0x0, 0x0)
syz_io_uring_submit(r7, r8, &(0x7f0000000640)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x34, 0x4007, @fd=r0, 0x7fffffffffffffff, 0x0, 0x0, 0x8, 0x1, {0x2, r9}})
process_vm_readv(r3, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)

4.915556128s ago: executing program 2 (id=2921):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x6, 0xe, &(0x7f00000008c0)=ANY=[@ANYBLOB="b7020000000d0000bfa30000000000000703000000feffff7a0af0fff8ffff1971a4f0ff00000000b7060000080000006f6400000000000045040400010000001704000001000a00b7040000ff0100006a0a00fe0000000085000000bd000000b70000000000000095000000000000009e17f199a68b06d83298a8cdc21ce784909b849d5550ad857d0454d8877a6db61d69f2ffcaa10350e11cb97c8adf1bc9a0c4eeceb9971e43405d621ffbc9ce000000d8ca56b50d0c010d631f6dde53a9a53608c10556e5734eb84049761451ce540c772e2d9f8004e26f7fcc059c062234d5595f6fbaa187b81d1106000000000fd60000fd9ac3d09e29a9d542ca9d85a5c9c88474895d679838def0a83a733dc6a39b63a5ed69d32394c53361d7e43c5cbd80450f859ce8122a79c3e40000b59b0fc46d6cec3c0802882add4e3179bd4a44f231b6d753a7be428ba953df4aece69311687f4122073a236c3a32efa04137d4524847d2638da3261c8162bb7c7824be6195a66d2e17e122040e1100000000928612a29fc691e4f1f7bd053abb885f39381f1759410b1059f05684261f332d606834669b49ec99320ca7712d7e79bd5bf5ed818ecc7640917f6a559a47db608fcf9f6c131b84e41c354c66838f72b9e12d36e996f316f0812ca83efb30c7f6c6d57c4a64590401eec22523dd712c680013e87f649a1ede7142ca9d5d8a8c9f9b440fe4331ad5532c74d9a31a5d737537f7a2caa30581253d14dd3e92af7dc836686365ae01bdec561c0402b67801267a8df97d2f85426a5963d4fa3e26cc05972c162f223f000000d999e80de00fcbcc02d0aed7bb8f7ba337d59c14f39dcd4aad4139ef6425a9367f1bd1467fc6b95a4df7669839771ce9d5788029901e5a79d8b9990ace8f74087f25ad50c46088000000008000"/686], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x3a, 0x10, &(0x7f0000000340), 0xd58495bc, 0x0, 0xffffffffffffffff, 0xffffffffffffff5b, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x42)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)

4.759807891s ago: executing program 2 (id=2923):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000000)={'syz_tun\x00', &(0x7f00000001c0)=@ethtool_sset_info={0x37, 0x0, 0xffffffffffffffff}})
mount$9p_fd(0x0, &(0x7f0000000040)='.\x00', &(0x7f0000000080), 0x400, &(0x7f0000000a40)=ANY=[@ANYBLOB=',debug=0x0000007,version=9p20\\++},%{!(6,afid=0x000000003f5689cf,nodevmap,fscache,afid=0x0000000000000f9c,msize=0x00', @ANYRESDEC])
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58)
r2 = accept4(r1, 0x0, 0x0, 0x0)
sendmmsg$inet(r2, &(0x7f0000002c40)=[{{0x0, 0x0, &(0x7f0000001380)=[{&(0x7f0000000100)="8fc51ea43bc38fdc672ff8a38c366bb16b506f6b0a9054452a7000538d993be36813c4d7ed5cf342504aab2192e5e9ede74ddeb93cc59ec6ff6fce6466a68433b79ac0c778d805cfff9bc09c7d7b7cbc7c77db378a8b572e53", 0x59}], 0x1}}], 0x1, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f00000003c0)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_ctr_aes256\x00'}, 0x58)
socket$nl_generic(0x10, 0x3, 0x10)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(0xffffffffffffffff, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r5 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$VHOST_SET_FEATURES(r5, 0x4008af00, &(0x7f0000000140)=0x200000000)
write$vhost_msg_v2(r5, 0x0, 0x0)
r6 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r6, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r6, 0xc01064b5, &(0x7f0000000140)={&(0x7f00000006c0)=[<r7=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_GETPLANE(r6, 0xc02064b6, &(0x7f00000003c0)={r7, <r8=>0x0, <r9=>0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_SETCRTC(r6, 0xc06864a2, &(0x7f0000000400)={0x0, 0x0, r8, 0x0, 0x0, 0xffff0000, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "b4bc323ef77d1f000071849800000000deff00000000e6ffffff00"}})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r6, 0xc01064b5, &(0x7f0000000180)={&(0x7f00000000c0)=[0x0, <r10=>0x0], 0x2})
ioctl$DRM_IOCTL_MODE_SETPLANE(r6, 0xc03064b7, &(0x7f0000000040)={r10, r8, r9})
ioctl$DRM_IOCTL_MODE_SETPLANE(r6, 0xc03064b7, &(0x7f0000000a00)={r10, r8, r9})
read$msr(0xffffffffffffffff, 0x0, 0x0)

4.520711406s ago: executing program 0 (id=2924):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000f3a75bb79500000000000000"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
socket$inet6_sctp(0xa, 0x1, 0x84)
r1 = socket$rxrpc(0x21, 0x2, 0xa)
bind$rxrpc(r1, &(0x7f00000000c0)=@in4={0x21, 0x2, 0x2, 0x10, {0x2, 0x0, @broadcast}}, 0x24)
bind$rxrpc(r1, &(0x7f0000000040)=@in4={0x21, 0x2, 0x2, 0x10, {0x2, 0x4e25, @rand_addr=0x64010100}}, 0x24)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040))
pipe(&(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="3c00000010ffffffff00"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000001c00128009000100626f6e64000000000c00028008001e0006"], 0x3c}}, 0x0)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
close(r4)
r5 = socket$kcm(0xa, 0x3, 0x3a)
sendmsg$kcm(r5, &(0x7f00000031c0)={&(0x7f00000006c0)=@l2tp6={0xa, 0x0, 0x9, @mcast1, 0x3e, 0xfffffffc}, 0x80, 0x0, 0x0, &(0x7f0000000400)=[{0x20, 0x29, 0x2, "bf0c4ee5998d5a8a126d8775b8be4d563e"}], 0x20}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="4800000010005f3f770005000000000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000280012800a00010076786c616e"], 0x3}}, 0x0)
write$binfmt_misc(r3, &(0x7f0000000000)=ANY=[], 0xfffffecc)
splice(r2, 0x0, r4, 0x0, 0x4ffe2, 0x0)
ioctl$BTRFS_IOC_START_SYNC(r0, 0x80089418, &(0x7f00000002c0)=<r6=>0x0)
ioctl$BTRFS_IOC_WAIT_SYNC(r2, 0x40089416, &(0x7f0000000340)=r6)
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca0000c441f96ec80fc4c60066400fe2def3ad46c7045300101000f00fc01ec422e10399c5c1202066410f6f15040000000000e1f563df", 0xdc000006, 0x0}, 0x0, 0x8, &(0x7f0000000300))
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
syz_usb_control_io$hid(0xffffffffffffffff, &(0x7f0000001540)={0x14, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="00220f"], 0x0}, 0x0)
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r8, &(0x7f0000000040)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r8, 0x0)
sendmmsg$inet6(r7, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)

4.501801059s ago: executing program 1 (id=2925):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d0000006700000005000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
socket$packet(0x11, 0x2, 0x300)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000003c0)=ANY=[], 0x20}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000180)='tlb_flush\x00', r0}, 0x10)
r1 = getpid()
process_vm_readv(r1, &(0x7f0000008400)=[{&(0x7f0000000340)=""/69, 0x623c41ea}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000027c0)=@base={0x4, 0x4, 0x4, 0x10005, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000001c0), 0xc)
add_key$keyring(&(0x7f0000000000), &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0, 0xffffffffffffffff)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00'}, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0xfff, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r3, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x1000000, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

4.206261311s ago: executing program 3 (id=2927):
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
ptrace$setregset(0x4205, 0xffffffffffffffff, 0x1, &(0x7f0000000400)={&(0x7f0000000480)="53725ad700d75d7a25d29fc6bd923b1fd8ae073a7f33bb1fbb6f8f0385db2caa2c1129acb9f3dfb64339e156f0c2e09ee3ccf3b234349f8737169455894cd49d4501a914a81e517faef9647ba06e9cbe297de1064d0529553f016eb7d46fbdd0acb8f60e200c0157d3763c7506e8e01b390c3d26844f5df3c20ccaac262ba74a555140cc9596e6968a2c6a88c08537db5b05c26906d7a188ff6908350eb297c9c623585ca1761b836d3a06938332e7fd65053242eb05435b3857183caa693e9eefc2d71648ef2e57740800003ef52262fb7e8b4d62ea80c34e0685bf657092e26906ef937f101b2100"/247, 0xf7})
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
mmap$KVM_VCPU(&(0x7f0000ffc000/0x1000)=nil, 0x0, 0x4, 0x50, 0xffffffffffffffff, 0x0)
r1 = socket$inet6(0xa, 0x5, 0x0)
setsockopt$inet_int(r1, 0x0, 0xf, &(0x7f0000000340)=0xfffffffffffffff9, 0x4)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000100)=[@in6={0xa, 0x0, 0x0, @loopback}, @in6={0xa, 0x0, 0x0, @private0}], 0x38)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_REM(r1, 0x84, 0x65, &(0x7f0000000180)=[@in={0x2, 0x4e22, @empty}], 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r2 = openat$kvm(0xffffff9c, &(0x7f00000005c0), 0x90b40, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000700)={0x18, 0x42, &(0x7f0000000580)=ANY=[], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r4}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000640)=ANY=[], 0x20}}, 0x0)
recvmmsg(r5, &(0x7f0000000a40)=[{{0x0, 0x0, &(0x7f0000000800)=[{&(0x7f0000000100)=""/210, 0xd2}, {&(0x7f0000000400)=""/203, 0xcb}, {0x0}, {&(0x7f0000000280)=""/118, 0x76}], 0x4}, 0x33a}], 0x1, 0x0, 0x0)
socket$inet6(0xa, 0x3, 0x2)
r6 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, 0x0, 0x0)
ioctl$KVM_SET_IRQCHIP(r3, 0xc048aec8, &(0x7f0000000080)={0x0, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}]}})
socketpair$unix(0x1, 0x0, 0x0, 0x0)
syz_open_dev$media(&(0x7f00000001c0), 0x0, 0x0)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r7, 0x0, 0x0)
r8 = socket$inet_tcp(0x2, 0x1, 0x0)
getsockopt$inet_IP_XFRM_POLICY(r8, 0x0, 0x11, &(0x7f0000000600)={{{@in=@dev}}, {{@in=@multicast1}, 0x0, @in6=@empty}}, &(0x7f0000000300)=0xe4)
setsockopt$inet_tcp_int(r8, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)
connect$inet(r8, &(0x7f0000000140)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x29}}, 0x10)

3.631951034s ago: executing program 0 (id=2928):
socket$pppl2tp(0x18, 0x1, 0x1)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = eventfd(0x0)
ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000080)={r2})
close(r2)
connect$pppl2tp(0xffffffffffffffff, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r4 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$VHOST_SET_FEATURES(r4, 0x4008af00, &(0x7f0000000140)=0x200000000)
write$vhost_msg_v2(r4, &(0x7f0000000980)={0x2, 0x0, {0x0, 0x4b, 0x0, 0x0, 0x2}}, 0x48)
write$vhost_msg_v2(r4, &(0x7f0000002080)={0x2, 0x0, {&(0x7f0000001f80)=""/152, 0x98, 0x0, 0x0, 0x2}}, 0x48)
write$vhost_msg_v2(r4, &(0x7f0000000180)={0x2, 0x0, {&(0x7f0000000a00)=""/87, 0x57, 0x0, 0x0, 0x2}}, 0x48)
write$vhost_msg_v2(r4, &(0x7f0000001f00)={0x2, 0x0, {&(0x7f00000004c0)=""/110, 0x6e, 0x0, 0x2, 0x2}}, 0x48)
write$vhost_msg_v2(r4, &(0x7f0000000200)={0x2, 0x0, {&(0x7f0000000840)=""/211, 0xd3, 0x0, 0x0, 0x2}}, 0x48)
write$vhost_msg_v2(r4, &(0x7f00000003c0)={0x2, 0x0, {&(0x7f00000002c0)=""/119, 0xfca2, 0x0, 0x0, 0x3}}, 0x48)
sendmsg$DEVLINK_CMD_RELOAD(0xffffffffffffffff, 0x0, 0x0)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000340), 0x4)
r5 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
connect$llc(r5, &(0x7f00000001c0)={0x1a, 0x201, 0x4, 0x0, 0x81, 0x0, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xe}}, 0x10)
r6 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r6}, &(0x7f0000bbdffc)=<r7=>0x0)
timer_settime(r7, 0x1, &(0x7f0000000280)={{0x0, 0x989680}}, 0x0)
sendmsg$sock(r5, &(0x7f00000034c0)={0x0, 0x0, &(0x7f0000003440)}, 0x0)

3.216251955s ago: executing program 1 (id=2929):
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000003c0)=0x18)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
r1 = socket$qrtr(0x2a, 0x2, 0x0)
getsockname$qrtr(r1, 0x0, &(0x7f0000000580))
bind$qrtr(r1, &(0x7f0000000c00)={0x2a, 0x1, 0x1}, 0xc)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{0x1, <r2=>0xffffffffffffffff}, 0x0, &(0x7f0000000280)}, 0x1c)
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r3, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000440)=@bloom_filter={0x1e, 0x4, 0x2, 0xfffffff9, 0x0, r2, 0x7, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x5, 0x8, @void, @value, @void, @value}, 0x50)
r4 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581d7"], 0x0)
syz_usb_connect$printer(0x3, 0x2d, &(0x7f0000000080)=ANY=[@ANYBLOB="12011001000000102505a8a440000102030109021b0001010000060904000901070102050905060c09"], &(0x7f0000000400)={0xa, &(0x7f00000000c0)={0xa, 0x6, 0x981c09933ecf36ab, 0x7, 0x9, 0xd, 0x8, 0xff}, 0x5, &(0x7f0000000340)=ANY=[@ANYBLOB="05d33fd92a0000"], 0x2, [{0x2, &(0x7f00000005c0)=ANY=[@ANYBLOB]}, {0x0, 0x0}]})
syz_usb_control_io$hid(r4, 0x0, 0x0)
syz_usb_control_io$hid(r4, &(0x7f0000001540)={0x24, 0x0, 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="00220f"], 0x0}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
openat$vhost_vsock(0xffffff9c, &(0x7f0000000200), 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r5 = syz_open_dev$hiddev(&(0x7f0000000540), 0x0, 0x0)
syz_usb_disconnect(r4)
ioctl$HIDIOCGNAME(r5, 0x80404806, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
fcntl$getown(0xffffffffffffffff, 0x9)
pipe2(&(0x7f0000000000), 0x0)
bind$qrtr(r1, &(0x7f0000001000)={0x2a, 0x1, 0x3fff}, 0xc)
futex(&(0x7f0000000040), 0xb, 0x0, 0x0, &(0x7f0000000180), 0x0)
r6 = syz_init_net_socket$ax25(0x3, 0x3, 0x0)
getsockopt$ax25_int(r6, 0x101, 0x4, &(0x7f00000001c0), 0x0)
fchdir(0xffffffffffffffff)
ioctl$IOC_PR_CLEAR(0xffffffffffffffff, 0x401070cd, &(0x7f0000000140)={0xfffffffffffffffb})

2.909195436s ago: executing program 2 (id=2930):
r0 = openat$dsp1(0xffffffffffffff9c, &(0x7f00000000c0), 0x109801, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x1, @pix_mp={0x0, 0x0, 0x34324152}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff)
sendmsg$TIPC_NL_KEY_SET(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)={0x54, r3, 0x1, 0x0, 0x601, {0x3}, [@TIPC_NLA_BEARER={0x40, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @local}}, {0x14, 0x2, @in={0x2, 0x4a23, @multicast2}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}]}]}, 0x54}}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r4 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r4, 0x0, 0x0)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000062c0)=[{{&(0x7f0000000500)=@phonet, 0x80, 0x0}, 0xfff}, {{0x0, 0x0, &(0x7f0000006180)=[{&(0x7f0000004f80)=""/46, 0x2e}, {0x0}], 0x2}, 0x5}], 0x2, 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000080)=0x74000000)
io_uring_enter(0xffffffffffffffff, 0x2def, 0x4000, 0x0, 0x0, 0x0)
write$dsp(r0, &(0x7f0000002000)='`', 0x88020)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x80383, 0x0)
openat$sequencer2(0xffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = inotify_init1(0x0)
fcntl$setown(r5, 0x8, 0xffffffffffffffff)
fcntl$getownex(r5, 0x10, &(0x7f0000000140)={0x0, <r6=>0x0})
r7 = syz_open_procfs(r6, &(0x7f0000000600)='fd/4\x00')
ioctl$SNDCTL_SEQ_PANIC(r7, 0x5100)
readv(0xffffffffffffffff, &(0x7f00000000c0)=[{&(0x7f00000001c0)=""/187, 0xbb}, {0x0}], 0x2)

2.542191618s ago: executing program 3 (id=2931):
r0 = getpid()
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x35)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000002140)={0x0, r1}, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x1, 0x0)
process_vm_readv(r0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x4c, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
socket$packet(0x11, 0x0, 0x300)
recvmmsg(0xffffffffffffffff, &(0x7f0000000dc0), 0x0, 0x0, 0x0)
r2 = gettid()
r3 = openat$sndseq(0xffffffffffffff9c, 0x0, 0x0)
r4 = openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x40802, 0x0)
ioctl$SG_IO(r4, 0x2285, &(0x7f0000002740)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x29, 0x81, &(0x7f00000000c0)=""/129}, &(0x7f00000025c0)="8536b60bfad6", 0x0, 0x8, 0x10000, 0x1, 0x0})
read(0xffffffffffffffff, &(0x7f0000000200)=""/213, 0xd5)
ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT(r3, 0xc0bc5351, &(0x7f0000000300)={0x8c93, 0x0, 'client0\x00', 0x0, "fada128e1d9fabfc", "1f15f151ad62129d4b65d8423deaf5612fd98ea9387ef3469e0d395c3520ff23"})
tkill(r2, 0x0)
syz_genetlink_get_family_id$l2tp(&(0x7f0000000680), 0xffffffffffffffff)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x0)
r6 = socket$inet6(0xa, 0x80002, 0x0)
sendto$inet6(r6, 0x0, 0x0, 0x8000, &(0x7f0000000280)={0xa, 0x4e20, 0x0, @remote, 0x7}, 0x1c)
r7 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r7, 0x107, 0xf, &(0x7f0000000400)=0x19, 0xfffffffffffffdf8)
r8 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000300)={'ip6_vti0\x00', <r9=>0x0})
sendto$packet(r7, &(0x7f0000000040)="10030300ffffffff02004788aa96a13bc5a000117942428ff08bf9232300007fca1a00217734e4c0e197c7008f2c", 0x2e, 0x0, &(0x7f0000000140)={0x11, 0x0, r9}, 0x14)
sendto$inet6(r6, &(0x7f00000009c0)="c7cfcaaa22e10542fca5c0195350f15147657e0bfc59d383a47190db88690e6fedc3040ab5809ae02a54cd429cc3338c5afa0c9dce3f91950d1f567f358ac21154159130e88cbb6c43197813b2f23f3e442f80877490b393408142ebcfea6821f543e5ee9e27032e2b75d78f1b79f5a6bb6f0645e267770ef7e8f3a92148091217450ce8581e54223eeb6486205a209bf1fe854d211c03f8c3140fc3979d824082990d119473d20e94f253c9621fac339560ae46cb24b88bf2d01559bb658e343257b90f233b81bc5c398be3bbddb23a1e", 0xffd6, 0xc001, 0x0, 0xffffffffffffff0c)
setsockopt$inet6_udp_int(r6, 0x11, 0x1, &(0x7f0000000080), 0x4)
syz_emit_ethernet(0x46, &(0x7f0000000780)={@local, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "00ed00", 0x10, 0x3a, 0x0, @remote, @ipv4={'\x00', '\xff\xff', @multicast2}, {[], @ndisc_ra}}}}}, 0x0)
writev(r5, &(0x7f00000003c0)=[{&(0x7f0000000180)="3900003f1300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1)
writev(r5, &(0x7f0000000100)=[{&(0x7f00000001c0)="390000001300034700bb5be1c3e4feff060000000100000045e8000025000000190004000400ad6e000d000000000000060400000000f93132", 0x39}], 0x1)
syz_open_dev$video(&(0x7f0000000180), 0x7, 0x80400)

2.168560388s ago: executing program 0 (id=2932):
read$FUSE(0xffffffffffffffff, &(0x7f0000000200)={0x2020, 0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x2020)
getpriority(0x1, r0)
timer_create(0x1, 0x0, &(0x7f0000bbdffc))
syz_open_procfs(0x0, &(0x7f0000000080)='timers\x00')
ioctl$SNDRV_PCM_IOCTL_DRAIN(0xffffffffffffffff, 0x4144, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
ioctl$CEC_ADAP_S_LOG_ADDRS(0xffffffffffffffff, 0xc05c6104, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xa, 0x5, 0x2, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
close(0x3)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000dc0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000001c40)={0x0, 0x10, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000001000000850000008600000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x54, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x10, &(0x7f0000000180)=ANY=[], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000600)={{r3}, &(0x7f0000000580), &(0x7f00000005c0)='%+9llu \x00'}, 0x20)
setsockopt$sock_attach_bpf(r5, 0x1, 0x32, &(0x7f00000000c0)=r7, 0x4)
sendmsg$unix(r6, &(0x7f00000006c0)={0x0, 0x0, 0x0}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r8 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000000c0)={0x2, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB], &(0x7f0000000580)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000500)={r8, 0x0, 0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r9 = socket$kcm(0x2, 0xa, 0x2)
r10 = socket$nl_generic(0x10, 0x3, 0x10)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000200))
sendmsg$TIPC_CMD_GET_NODES(r10, 0x0, 0x4000800)
ioctl$SIOCSIFHWADDR(r9, 0x8914, &(0x7f0000000180)={'bond_slave_1\x00', @local})

1.970221073s ago: executing program 3 (id=2933):
r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
close(r0)
openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
r1 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e23, @multicast2}, 0x10)
sendto$inet(r1, 0x0, 0x0, 0x22048854, &(0x7f0000000200)={0x2, 0x4e23, @empty}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
clock_gettime(0x97604d54e53160ea, 0x0)
unlink(0x0)
prctl$PR_SCHED_CORE(0x3e, 0x2, 0x0, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000001c0)=0xd7d)
preadv(0xffffffffffffffff, &(0x7f0000001880)=[{&(0x7f0000001a80)=""/102400, 0x19000}], 0x1, 0x0, 0x0)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x20, 0x800000000004, @thr={0x0, &(0x7f0000000240)="22cf82441a78d96eb378d68e6641c22db7abd4a8d2da6764e7ba1d8a50d7592c2d1a9e780c15e3b37d2e7a7f3a9efd00b81edbb259b93691d9e35e431f3895d6e717287555a2dd66a449d78350cc74fdd4"}}, &(0x7f0000bbdffc))
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x0)
openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
set_mempolicy(0x4005, &(0x7f0000000080)=0x3ff, 0x8)
r2 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r3 = socket$inet6(0xa, 0x40000080806, 0x0)
bind$inet6(r3, &(0x7f000047b000)={0xa, 0x4e23, 0x0, @empty}, 0x1c)
listen(r3, 0x400000001ffffffd)
r4 = socket$inet6(0xa, 0x6, 0x0)
setsockopt$inet6_group_source_req(r4, 0x29, 0x2, &(0x7f0000000480)={0x6, {{0xa, 0x0, 0x0, @private1}}, {{0xa, 0x0, 0x0, @empty}}}, 0x108)
connect$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
mount$bpf(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000340), 0x80000, &(0x7f0000000380)={[{}, {@gid}, {@mode={'mode', 0x3d, 0xffffffff00000001}}, {@mode={'mode', 0x3d, 0x2}}], [{@fsuuid={'fsuuid', 0x3d, {[0x31, 0x32, 0x34, 0x62, 0x35, 0x62, 0x64, 0x39], 0x2d, [0x66, 0x35, 0x3f, 0x31], 0x2d, [0x38, 0x63, 0x31, 0x30], 0x2d, [0x34, 0x39, 0xa, 0x75], 0x2d, [0x37, 0x66, 0x39, 0x38, 0x37, 0x38, 0x37, 0x36]}}}, {@flag='silent'}, {@uid_eq}, {@mask={'mask', 0x3d, 'MAY_EXEC'}}, {@obj_type={'obj_type', 0x3d, '/dev/vmci\x00'}}, {@fsname}]})
ioctl$IOCTL_VMCI_VERSION2(r2, 0x7a7, &(0x7f0000000100)=0x80000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r2, 0x7a0, &(0x7f0000000140)={@my=0x1})
ioctl$IOCTL_VMCI_CTX_GET_CPT_STATE(r2, 0x7b1, &(0x7f0000000040)={0x0, 0x2})
write$binfmt_script(r0, 0x0, 0x0)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x7, 0x10012, r0, 0x0)

1.877636064s ago: executing program 3 (id=2934):
setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, &(0x7f0000000040)={0x9e2}, 0x10)
r0 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc)
write$binfmt_script(r0, &(0x7f0000000400)={'#! ', './file0', [], 0xa, "1f411d2552ad52cb07410969e814977e4f2c4a80522094786c8673fb61cf8b86bda4de504f5a3c7c04055f1f70e4064d46b2bb9e5100d446bb6a"}, 0x2)
r1 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f00000005c0)={&(0x7f0000000000)=""/96, 0x128000, 0x800}, 0x1c)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$XDP_UMEM_COMPLETION_RING(r1, 0x11b, 0x6, &(0x7f0000000140)=0x20, 0x4)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000080)={'batadv_slave_1\x00', <r3=>0x0})
setsockopt$XDP_RX_RING(r1, 0x11b, 0x2, &(0x7f0000000180)=0x200000, 0x4)
setsockopt$XDP_UMEM_FILL_RING(r1, 0x11b, 0x5, &(0x7f0000000100)=0x20, 0x4)
bind$xdp(r1, &(0x7f00000002c0)={0x2c, 0x0, r3}, 0x10)
setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f00000000c0)={0x0}, 0x1c)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b703000000000020850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x7e)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000080)='netlink_extack\x00', r4}, 0x10)
socket(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x16, 0x16, &(0x7f00000004c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r6 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$TCSETSW(r6, 0x5403, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, "90737f0000fffffffffffffbff95647fffffeb"})
r7 = dup(r5)
ioctl$TCSETAF(r7, 0x5408, &(0x7f0000000200)={0x1, 0x0, 0x0, 0x82f6, 0xa, "0800000002000d20"})
read(r7, &(0x7f0000000c80)=""/4096, 0x1000)
ioctl$TIOCSTI(r7, 0x5412, &(0x7f0000000100)=0xff)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000002c0))
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.bfq.io_serviced\x00', 0x26e1, 0x0)
close(r8)
ioctl$SIOCSIFHWADDR(r8, 0x8b34, &(0x7f0000000000)={'wlan1\x00', @random='\x00\x00\x00 (\x00'})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYRESOCT=r8], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0xfffffffffffffe8a, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6, @void, @value}, 0x94)

1.18511148s ago: executing program 3 (id=2935):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d00000067"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
socket$packet(0x11, 0x2, 0x300)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000003c0)=ANY=[], 0x20}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000180)='tlb_flush\x00', r0}, 0x10)
r1 = getpid()
process_vm_readv(r1, &(0x7f0000008400)=[{&(0x7f0000000340)=""/69, 0x623c41ea}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000027c0)=@base={0x4, 0x4, 0x4, 0x10005, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000001c0), 0xc)
add_key$keyring(&(0x7f0000000000), &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0, 0xffffffffffffffff)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00'}, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0xfff, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r3, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x1000000, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

627.810733ms ago: executing program 0 (id=2936):
r0 = openat(0xffffffffffffff9c, 0x0, 0x42, 0x1ff)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005000000", @ANYRES32, @ANYBLOB="0000d3000000000000df35dcfb9d2a000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000800)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb70300000c000000b7040000000000008500000003000000850000000500000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r2}, 0x10)
openat$tcp_congestion(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x17, 0x3, &(0x7f0000000b00)=ANY=[@ANYBLOB="1800000001000000000000000000000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sysctl, r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x40841, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000680)='memory.swap.current\x00', 0x275a, 0x0)
write$binfmt_script(r4, &(0x7f0000000000), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r4, 0x0)
preadv(r4, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffffff000}], 0x5, 0x0, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000000)={'syz_tun\x00', 0x4000})
r5 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
r6 = socket$nl_crypto(0x10, 0x3, 0x15)
sendmsg$nl_crypto(r6, &(0x7f0000000440)={&(0x7f00000002c0), 0xc, &(0x7f0000000400)={&(0x7f0000000300)=@del={0xe8, 0x11, 0x1, 0x0, 0x0, {{'drbg_nopr_sha512\x00'}}, [{0x4}]}, 0xe8}}, 0x0)
ioctl$F2FS_IOC_FLUSH_DEVICE(r6, 0x4008f50a, &(0x7f0000000040)={0x101})
write$tun(r3, &(0x7f00000004c0)=ANY=[@ANYBLOB="bbbbbbbbbbbbaaaaaaaaaabb810000008847000004000000000045fc00a80064000000019078ac14143b4401010344249b43e00000020033b824474a38b9dcd18a34092efc5b000002ac1414bb00000003e000000100000001e00000010000b49a9404010001008637000000000604ca28060752cec6e310010affbfcd8801f699e60611d2c093787d432957890bf0bc405bff010b1d4c73a6e2fb7a0675830f12e97e5ce8aa668d9a85e6ad2736b0821763d5ef417ac5440c1163000000000000c6ab7a062fbcb59b907800"], 0xc2)
ioctl$TUNSETPERSIST(r3, 0x400454cb, 0x1)
syz_genetlink_get_family_id$nl802154(&(0x7f0000000280), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000480)={'wpan0\x00'})
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ieee802154(&(0x7f0000000080), r7)
r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_802154(r8, 0x8933, &(0x7f0000000340)={'wpan1\x00'})
sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ieee802154(&(0x7f00000000c0), r9)

309.597664ms ago: executing program 1 (id=2937):
setsockopt$IP_VS_SO_SET_STARTDAEMON(0xffffffffffffffff, 0x0, 0x48b, &(0x7f0000000140)={0x2, 'hsr0\x00'}, 0x18)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
write$6lowpan_enable(0xffffffffffffffff, &(0x7f0000000000)='0', 0xfffffd2c)
read$FUSE(0xffffffffffffffff, &(0x7f0000000300)={0x2020}, 0x2020)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r3)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffff11feffffff000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000005840)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000001240)=@newqdisc={0x78, 0x24, 0x5820a61ca228651, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c}}]}, 0x78}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000002340)=@newtfilter={0x60, 0x2c, 0xd27, 0x70bd2a, 0x25dfdbfb, {0x0, 0x0, 0x0, r4, {}, {}, {0xc}}, [@filter_kind_options=@f_basic={{0xa}, {0x30, 0x2, [@TCA_BASIC_EMATCHES={0x2c, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0xffff}}, @TCA_EMATCH_TREE_LIST={0x20, 0x2, 0x0, 0x1, [@TCF_EM_NBYTE={0x1c, 0x1, 0x0, 0x0, {{0x0, 0x2, 0x3}, {0x0, 0xa, 0x0, "00002100000200000000"}}}]}]}]}}]}, 0x60}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)

283.138843ms ago: executing program 0 (id=2938):
bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
socket$inet6(0xa, 0x6, 0x0)
r0 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000040), 0x8002)
write$binfmt_aout(r0, &(0x7f0000000380)=ANY=[@ANYBLOB="03070000b5"], 0xc8)
openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000080), 0x2)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e642c6163638173733d616e792c63616368653d667363616368652c76657273696f6e3d3970323030302e75"])
chdir(&(0x7f0000000100)='./file0\x00')
mkdir(&(0x7f0000000580)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
r1 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0)
r2 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
mknodat$loop(r2, &(0x7f00000004c0)='./file1\x00', 0x2000, 0x1)
chdir(&(0x7f0000000140)='./bus\x00')
linkat(r1, &(0x7f00000002c0)='./file1\x00', r2, &(0x7f0000000440)='./file0\x00', 0x0)
lchown(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f00000004c0)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
r3 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x0, 0x0)
mknodat$loop(r3, &(0x7f0000000340)='./file1\x00', 0x0, 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
unlinkat(r3, &(0x7f0000000240)='./file1\x00', 0x0)
rename(&(0x7f00000001c0)='./file1\x00', &(0x7f0000000280)='./file0\x00')
r4 = creat(&(0x7f0000000080)='./bus\x00', 0x0)
open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
write$binfmt_elf64(r4, &(0x7f00000004c0)=ANY=[], 0xfe3c)

239.803032ms ago: executing program 3 (id=2939):
read$FUSE(0xffffffffffffffff, &(0x7f0000000200)={0x2020, 0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x2020)
getpriority(0x1, r0)
timer_create(0x1, 0x0, &(0x7f0000bbdffc))
syz_open_procfs(0x0, &(0x7f0000000080)='timers\x00')
ioctl$SNDRV_PCM_IOCTL_DRAIN(0xffffffffffffffff, 0x4144, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xa, 0x5, 0x2, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
close(0x3)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000dc0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000001c40)={0x0, 0x10, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000001000000850000008600000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x54, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x10, &(0x7f0000000180)=ANY=[], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000600)={{r3}, &(0x7f0000000580), &(0x7f00000005c0)='%+9llu \x00'}, 0x20)
setsockopt$sock_attach_bpf(r5, 0x1, 0x32, &(0x7f00000000c0)=r7, 0x4)
sendmsg$unix(r6, &(0x7f00000006c0)={0x0, 0x0, 0x0}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r8 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000000c0)={0x2, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB], &(0x7f0000000580)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000500)={r8, 0x0, 0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r9 = socket$kcm(0x2, 0xa, 0x2)
r10 = socket$nl_generic(0x10, 0x3, 0x10)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000200))
sendmsg$TIPC_CMD_GET_NODES(r10, 0x0, 0x4000800)
ioctl$SIOCSIFHWADDR(r9, 0x8914, &(0x7f0000000180)={'bond_slave_1\x00', @local})

53.505083ms ago: executing program 1 (id=2940):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x0, 0x0)
getpid()
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$TCXONC(0xffffffffffffffff, 0x540a, 0x3)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0)
syz_open_pts(0xffffffffffffffff, 0x48f00)
socket$nl_netfilter(0x10, 0x3, 0xc)
readv(0xffffffffffffffff, &(0x7f0000001500)=[{&(0x7f0000001380)=""/97, 0x61}], 0x1)
r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/diskstats\x00', 0x0, 0x0)
read$char_usb(r3, &(0x7f0000002240)=""/4095, 0xfff)
add_key(0x0, 0x0, &(0x7f0000000080), 0x0, 0xfffffffffffffffb)
preadv(r3, &(0x7f0000000180)=[{&(0x7f0000000600)=""/170, 0xaa}], 0x1, 0xffeffffe, 0x0)
read$char_usb(r3, &(0x7f0000000240)=""/34, 0x43)
sendmsg$nl_xfrm(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000bc0)=ANY=[@ANYBLOB="1400000025000100001c00010000000000"], 0x14}}, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7b, 0x4)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @broadcast}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000000040)={0x2, 0x4e23, @local}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600), 0x4)
sendto$inet(r0, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba78600a34f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03859bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b037511bf746bec66ba", 0x2acf, 0x11, 0x0, 0x27)
recvmsg(r0, &(0x7f0000001500)={0x0, 0xa, &(0x7f0000002200)=[{&(0x7f00000035c0)=""/4106, 0x200045ca}], 0x1, 0x0, 0x46, 0x407006}, 0x104)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='htcp\x00', 0x5)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000180), 0x42, 0x0)

0s ago: executing program 2 (id=2941):
setsockopt$IP_VS_SO_SET_STARTDAEMON(0xffffffffffffffff, 0x0, 0x48b, &(0x7f0000000140)={0x2, 'hsr0\x00'}, 0x18)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
read$FUSE(0xffffffffffffffff, &(0x7f0000000300)={0x2020}, 0x2020)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x3, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x10, 0x803, 0x0)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r5)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffff11feffffff000000", @ANYRES32=r6, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000005840)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000001240)=@newqdisc={0x78, 0x24, 0x5820a61ca228651, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c}}]}, 0x78}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000002340)=@newtfilter={0x60, 0x2c, 0xd27, 0x70bd2a, 0x25dfdbfb, {0x0, 0x0, 0x0, r6, {}, {}, {0xc}}, [@filter_kind_options=@f_basic={{0xa}, {0x30, 0x2, [@TCA_BASIC_EMATCHES={0x2c, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0xffff}}, @TCA_EMATCH_TREE_LIST={0x20, 0x2, 0x0, 0x1, [@TCF_EM_NBYTE={0x1c, 0x1, 0x0, 0x0, {{0x0, 0x2, 0x3}, {0x0, 0xa, 0x0, "00002100000200000000"}}}]}]}]}}]}, 0x60}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)

kernel console output (not intermixed with test programs):

583] bond0: entered promiscuous mode
[  741.595511][T14583] bond_slave_0: entered promiscuous mode
[  741.597149][T14583] bond_slave_1: entered promiscuous mode
[  741.607547][T14583] bond0: left promiscuous mode
[  741.608899][T14583] bond_slave_0: left promiscuous mode
[  741.610462][T14583] bond_slave_1: left promiscuous mode
[  741.623958][T14583] 8021q: adding VLAN 0 to HW filter on device bond0
[  741.628660][T14583] team0: Port device bond0 added
[  741.708470][T14586] FAULT_INJECTION: forcing a failure.
[  741.708470][T14586] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  741.713935][T14586] CPU: 2 UID: 0 PID: 14586 Comm: syz.1.2707 Not tainted 6.11.0-syzkaller-02574-ga430d95c5efa #0
[  741.717579][T14586] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  741.721294][T14586] Call Trace:
[  741.722503][T14586]  <TASK>
[  741.723568][T14586]  dump_stack_lvl+0x16c/0x1f0
[  741.725259][T14586]  should_fail_ex+0x497/0x5b0
[  741.727008][T14586]  _copy_from_iter+0x29b/0x13f0
[  741.728779][T14586]  ? __alloc_skb+0x200/0x380
[  741.730336][T14586]  ? __pfx__copy_from_iter+0x10/0x10
[  741.732120][T14586]  ? __virt_addr_valid+0x5e/0x590
[  741.733962][T14586]  ? __phys_addr_symbol+0x30/0x80
[  741.735774][T14586]  ? __check_object_size+0x497/0x720
[  741.737656][T14586]  netlink_sendmsg+0x813/0xd70
[  741.739394][T14586]  ? __pfx_netlink_sendmsg+0x10/0x10
[  741.741306][T14586]  ____sys_sendmsg+0x9ae/0xb40
[  741.743144][T14586]  ? __pfx_____sys_sendmsg+0x10/0x10
[  741.744666][T14586]  ? get_compat_msghdr+0x11b/0x170
[  741.746034][T14586]  ? __pfx___lock_acquire+0x10/0x10
[  741.747392][T14586]  ___sys_sendmsg+0x135/0x1e0
[  741.748626][T14586]  ? __pfx____sys_sendmsg+0x10/0x10
[  741.749975][T14586]  ? find_held_lock+0x2d/0x110
[  741.751411][T14586]  ? ksys_write+0x21c/0x260
[  741.753080][T14586]  ? __fget_light+0x173/0x210
[  741.754801][T14586]  __sys_sendmsg+0x117/0x1f0
[  741.756452][T14586]  ? __pfx___sys_sendmsg+0x10/0x10
[  741.758354][T14586]  __do_fast_syscall_32+0x73/0x120
[  741.760159][T14586]  do_fast_syscall_32+0x32/0x80
[  741.761871][T14586]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  741.763993][T14586] RIP: 0023:0xf7f20579
[  741.765409][T14586] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  741.770517][T14586] RSP: 002b:00000000f56a656c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  741.772666][T14586] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020001080
[  741.774717][T14586] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  741.776766][T14586] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  741.778806][T14586] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  741.780816][T14586] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  741.782880][T14586]  </TASK>
[  741.993270][T14593] FAULT_INJECTION: forcing a failure.
[  741.993270][T14593] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  742.001517][T14593] CPU: 2 UID: 0 PID: 14593 Comm: syz.1.2709 Not tainted 6.11.0-syzkaller-02574-ga430d95c5efa #0
[  742.004396][T14593] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  742.007299][T14593] Call Trace:
[  742.008186][T14593]  <TASK>
[  742.008944][T14593]  dump_stack_lvl+0x16c/0x1f0
[  742.010242][T14593]  should_fail_ex+0x497/0x5b0
[  742.011541][T14593]  _copy_from_user+0x30/0xf0
[  742.012797][T14593]  get_compat_msghdr+0xa8/0x170
[  742.014115][T14593]  ? __pfx_get_compat_msghdr+0x10/0x10
[  742.015553][T14593]  ? __pfx___lock_acquire+0x10/0x10
[  742.016925][T14593]  ? __might_fault+0x13b/0x190
[  742.018213][T14593]  ___sys_sendmsg+0x1b0/0x1e0
[  742.019461][T14593]  ? __pfx____sys_sendmsg+0x10/0x10
[  742.020819][T14593]  ? find_held_lock+0x2d/0x110
[  742.022109][T14593]  ? __pfx_lock_release+0x10/0x10
[  742.023446][T14593]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  742.024932][T14593]  ? __fget_light+0x173/0x210
[  742.026193][T14593]  __sys_sendmmsg+0x2a5/0x450
[  742.027435][T14593]  ? __pfx___sys_sendmmsg+0x10/0x10
[  742.028800][T14593]  ? vfs_write+0x14d/0x1140
[  742.030015][T14593]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  742.031612][T14593]  ? fput+0x30/0x390
[  742.032649][T14593]  ? ksys_write+0x1ab/0x260
[  742.033873][T14593]  ? __pfx_ksys_write+0x10/0x10
[  742.035164][T14593]  __ia32_compat_sys_sendmmsg+0x9d/0x100
[  742.036639][T14593]  ? syscall_enter_from_user_mode_prepare+0x68/0xe0
[  742.038383][T14593]  __do_fast_syscall_32+0x73/0x120
[  742.039742][T14593]  do_fast_syscall_32+0x32/0x80
[  742.041427][T14593]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  742.043624][T14593] RIP: 0023:0xf7f20579
[  742.045029][T14593] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  742.051567][T14593] RSP: 002b:00000000f566456c EFLAGS: 00000296 ORIG_RAX: 0000000000000159
[  742.054430][T14593] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020003900
[  742.057105][T14593] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000000
[  742.059349][T14593] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  742.061846][T14593] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  742.064547][T14593] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  742.067154][T14593]  </TASK>
[  742.091321][T14596] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1426: comm dhcpcd-run-hook: corrupted in-inode xattr: bad magic number in in-inode xattr
[  742.638269][T14605] 9pnet_virtio: no channels available for device syz
[  742.864251][T14609] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2711'.
[  742.870392][T14609] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2711'.
[  743.677371][T14613] 9pnet_fd: Insufficient options for proto=fd
[  743.781545][T12078] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  743.787756][T12078] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  743.792508][T12078] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  743.796370][T12078] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  743.799652][T12078] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  743.802975][T12078] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  743.812515][ T4778] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  743.818878][ T4778] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  743.823626][ T4778] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  743.826740][ T4778] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  743.829109][ T4778] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  743.831208][ T4778] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  744.021238][T14625] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u32:7: corrupted in-inode xattr: bad magic number in in-inode xattr
[  744.064137][T14618] chnl_net:caif_netlink_parms(): no params data found
[  744.431476][T14633] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2716'.
[  744.436265][T14634] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2716'.
[  744.470406][T14618] bridge0: port 1(bridge_slave_0) entered blocking state
[  744.474832][T14618] bridge0: port 1(bridge_slave_0) entered disabled state
[  744.477016][T14618] bridge_slave_0: entered allmulticast mode
[  744.481267][T14618] bridge_slave_0: entered promiscuous mode
[  744.511327][T14618] bridge0: port 2(bridge_slave_1) entered blocking state
[  744.513461][T14618] bridge0: port 2(bridge_slave_1) entered disabled state
[  744.515571][T14618] bridge_slave_1: entered allmulticast mode
[  744.523064][T14618] bridge_slave_1: entered promiscuous mode
[  744.654703][T14618] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  744.663836][T14618] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  744.910281][T14618] team0: Port device team_slave_0 added
[  744.922529][T14618] team0: Port device team_slave_1 added
[  745.014325][T14644] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2717'.
[  745.105193][T14644] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2717'.
[  745.228185][T14618] batman_adv: batadv0: Adding interface: batadv_slave_0
[  745.233718][T14618] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  745.240433][T14618] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  745.244701][T14618] batman_adv: batadv0: Adding interface: batadv_slave_1
[  745.246530][T14618] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  745.258830][T14618] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  745.702557][T14618] hsr_slave_0: entered promiscuous mode
[  745.708469][T14618] hsr_slave_1: entered promiscuous mode
[  745.722808][T14618] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  745.724847][T14618] Cannot create hsr debugfs directory
[  745.783494][T14654] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2722'.
[  745.786105][ T4778] Bluetooth: hci4: command tx timeout
[  745.839106][T14654] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2722'.
[  746.136753][T14618] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  746.267917][T14618] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  746.390681][T14618] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  746.435249][T14669] bridge0: port 2(bridge_slave_1) entered disabled state
[  746.438121][T14669] bridge0: port 1(bridge_slave_0) entered disabled state
[  746.442226][T14669] bridge0: entered promiscuous mode
[  746.478221][T14618] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  746.753870][T14618] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  746.767378][T14618] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  746.817911][T14618] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  746.826826][T14618] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  746.830983][T14673] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2726'.
[  746.842159][T14673] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2726'.
[  747.195403][ T1112] bridge_slave_1: left allmulticast mode
[  747.197042][ T1112] bridge_slave_1: left promiscuous mode
[  747.198723][ T1112] bridge0: port 2(bridge_slave_1) entered disabled state
[  747.206435][ T1112] bridge_slave_0: left allmulticast mode
[  747.208018][ T1112] bridge_slave_0: left promiscuous mode
[  747.209607][ T1112] bridge0: port 1(bridge_slave_0) entered disabled state
[  747.767479][ T4778] Bluetooth: hci4: command tx timeout
[  747.959218][ T1112] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  747.964927][ T1112] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  747.968158][ T1112] bond0 (unregistering): Released all slaves
[  748.005881][T14689] tc_dump_action: action bad kind
[  748.075693][T14618] 8021q: adding VLAN 0 to HW filter on device bond0
[  748.158899][T14618] 8021q: adding VLAN 0 to HW filter on device team0
[  748.328210][ T1105] bridge0: port 1(bridge_slave_0) entered blocking state
[  748.330627][ T1105] bridge0: port 1(bridge_slave_0) entered forwarding state
[  748.469409][ T1112] hsr_slave_0: left promiscuous mode
[  748.473821][ T1112] hsr_slave_1: left promiscuous mode
[  748.476250][ T1112] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  748.478292][ T1112] batman_adv: batadv0: Removing interface: batadv_slave_0
[  748.483641][ T1112] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  748.486659][ T1112] batman_adv: batadv0: Removing interface: batadv_slave_1
[  748.570464][ T1112] veth1_macvtap: left promiscuous mode
[  748.572142][ T1112] veth0_macvtap: left promiscuous mode
[  748.573755][ T1112] veth1_vlan: left promiscuous mode
[  748.575218][ T1112] 
: left promiscuous mode
[  749.126471][T12078] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  749.141777][T12078] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  749.152750][T12078] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  749.157438][T12078] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  749.177294][T12078] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  749.179955][T12078] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  749.753526][ T4778] Bluetooth: hci4: command tx timeout
[  750.242845][ T1112] team0 (unregistering): Port device team_slave_1 removed
[  750.384211][ T1112] team0 (unregistering): Port device team_slave_0 removed
[  751.133750][ T4778] Bluetooth: hci0: command tx timeout
[  751.294599][T14704] netlink: 'syz.2.2737': attribute type 4 has an invalid length.
[  751.304356][T14706] netlink: 'syz.2.2737': attribute type 17 has an invalid length.
[  751.348948][ T1108] bridge0: port 2(bridge_slave_1) entered blocking state
[  751.350911][ T1108] bridge0: port 2(bridge_slave_1) entered forwarding state
[  751.529816][T14724] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u32:5: corrupted in-inode xattr: bad magic number in in-inode xattr
[  751.535440][T14725] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u32:5: corrupted in-inode xattr: bad magic number in in-inode xattr
[  751.542776][T14727] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u32:5: corrupted in-inode xattr: bad magic number in in-inode xattr
[  751.553160][T14728] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u32:5: corrupted in-inode xattr: bad magic number in in-inode xattr
[  751.675133][T14618] 8021q: adding VLAN 0 to HW filter on device batadv0
[  751.682544][T14733] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u32:11: corrupted in-inode xattr: bad magic number in in-inode xattr
[  751.691507][T14709] chnl_net:caif_netlink_parms(): no params data found
[  751.708786][T14734] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2751'.
[  751.717691][T14734] FAULT_INJECTION: forcing a failure.
[  751.717691][T14734] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  751.721264][T14734] CPU: 2 UID: 0 PID: 14734 Comm: syz.0.2751 Not tainted 6.11.0-syzkaller-02574-ga430d95c5efa #0
[  751.723978][T14734] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  751.726914][T14734] Call Trace:
[  751.727810][T14734]  <TASK>
[  751.728609][T14734]  dump_stack_lvl+0x16c/0x1f0
[  751.729894][T14734]  should_fail_ex+0x497/0x5b0
[  751.731143][T14734]  _copy_from_iter+0x29b/0x13f0
[  751.732441][T14734]  ? __pfx__copy_from_iter+0x10/0x10
[  751.733863][T14734]  ? __pfx_alloc_pages_mpol_noprof+0x10/0x10
[  751.735453][T14734]  ? tun_build_skb.constprop.0+0x1b8/0x1390
[  751.737036][T14734]  ? __pfx_lock_release+0x10/0x10
[  751.738384][T14734]  ? hlock_class+0x4e/0x130
[  751.739594][T14734]  ? mark_lock+0xb5/0xc60
[  751.740892][T14734]  copy_page_from_iter+0xa5/0x120
[  751.742255][T14734]  tun_build_skb.constprop.0+0x294/0x1390
[  751.743764][T14734]  ? __pfx_tun_build_skb.constprop.0+0x10/0x10
[  751.745397][T14734]  ? __pfx___lock_acquire+0x10/0x10
[  751.746806][T14734]  ? __pfx___lock_acquire+0x10/0x10
[  751.748177][T14734]  ? __lock_acquire+0xbdd/0x3cb0
[  751.749475][T14734]  tun_get_user+0x872/0x3d70
[  751.750699][T14734]  ? __pfx_tun_get_user+0x10/0x10
[  751.752023][T14734]  ? find_held_lock+0x2d/0x110
[  751.753292][T14734]  ? __pfx_lock_release+0x10/0x10
[  751.754672][T14734]  tun_chr_write_iter+0xdc/0x210
[  751.755983][T14734]  vfs_write+0x6b5/0x1140
[  751.757142][T14734]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  751.758667][T14734]  ? __pfx_vfs_write+0x10/0x10
[  751.759971][T14734]  ? __fget_files+0x244/0x3f0
[  751.761234][T14734]  ? __fget_light+0x173/0x210
[  751.762521][T14734]  ksys_write+0x12f/0x260
[  751.763676][T14734]  ? __pfx_ksys_write+0x10/0x10
[  751.764981][T14734]  __do_fast_syscall_32+0x73/0x120
[  751.766341][T14734]  do_fast_syscall_32+0x32/0x80
[  751.767651][T14734]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  751.769305][T14734] RIP: 0023:0xf73be579
[  751.770409][T14734] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  751.775443][T14734] RSP: 002b:00000000f5685530 EFLAGS: 00000293 ORIG_RAX: 0000000000000004
[  751.777628][T14734] RAX: ffffffffffffffda RBX: 00000000000000c8 RCX: 0000000020000340
[  751.779734][T14734] RDX: 000000000000006e RSI: 00000000f73abff4 RDI: 0000000000000000
[  751.781816][T14734] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  751.783893][T14734] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  751.785981][T14734] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  751.788082][T14734]  </TASK>
[  751.804759][ T4778] Bluetooth: hci4: command tx timeout
[  751.867393][T14618] veth0_vlan: entered promiscuous mode
[  752.047425][T14709] bridge0: port 1(bridge_slave_0) entered blocking state
[  752.049747][T14709] bridge0: port 1(bridge_slave_0) entered disabled state
[  752.051917][T14709] bridge_slave_0: entered allmulticast mode
[  752.065904][T14709] bridge_slave_0: entered promiscuous mode
[  752.085003][T14709] bridge0: port 2(bridge_slave_1) entered blocking state
[  752.087371][T14709] bridge0: port 2(bridge_slave_1) entered disabled state
[  752.089888][T14709] bridge_slave_1: entered allmulticast mode
[  752.095815][T14709] bridge_slave_1: entered promiscuous mode
[  752.101701][T14618] veth1_vlan: entered promiscuous mode
[  752.278396][T14709] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  752.302162][T14709] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  752.431125][T12078] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  752.438467][T12078] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  752.443287][T12078] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  752.449942][T12078] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  752.452614][T12078] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  752.459390][T12078] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  752.460922][T14709] team0: Port device team_slave_0 added
[  752.481190][T14709] team0: Port device team_slave_1 added
[  752.533625][ T1112] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  752.614663][T14618] veth0_macvtap: entered promiscuous mode
[  752.647257][T14709] batman_adv: batadv0: Adding interface: batadv_slave_0
[  752.649099][T14709] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  752.656484][T14709] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  752.685293][ T1112] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  752.698424][T14709] batman_adv: batadv0: Adding interface: batadv_slave_1
[  752.700278][T14709] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  752.708215][T14709] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  752.725470][T14618] veth1_macvtap: entered promiscuous mode
[  752.754369][ T1112] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  752.852930][ T1112] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  752.869317][T14618] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  752.872367][T14618] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  752.876632][T14618] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  752.879432][T14618] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  752.882035][T14618] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  752.884905][T14618] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  752.888964][T14618] batman_adv: batadv0: Interface activated: batadv_slave_0
[  752.897550][T14709] hsr_slave_0: entered promiscuous mode
[  752.902243][T14709] hsr_slave_1: entered promiscuous mode
[  752.912067][T14709] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  752.914099][T14709] Cannot create hsr debugfs directory
[  752.931535][T14618] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  752.934271][T14618] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  752.936836][T14618] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  752.939905][T14618] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  752.942515][T14618] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  752.945221][T14618] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  752.949103][T14618] batman_adv: batadv0: Interface activated: batadv_slave_1
[  753.000077][T14618] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  753.002357][T14618] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  753.004474][T14618] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  753.007060][T14618] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  753.104863][ T4778] Bluetooth: hci0: command tx timeout
[  753.208309][ T1112] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  753.308452][ T1112] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  753.372988][ T1108] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  753.375049][ T1108] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  753.439926][ T1112] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  753.465359][T14744] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u32:8: corrupted in-inode xattr: bad magic number in in-inode xattr
[  753.469244][   T96] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  753.473578][   T96] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  753.479716][T14740] chnl_net:caif_netlink_parms(): no params data found
[  753.595391][ T1112] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  753.676738][T14740] bridge0: port 1(bridge_slave_0) entered blocking state
[  753.679352][T14740] bridge0: port 1(bridge_slave_0) entered disabled state
[  753.682044][T14740] bridge_slave_0: entered allmulticast mode
[  753.690945][T14740] bridge_slave_0: entered promiscuous mode
[  753.707747][T14740] bridge0: port 2(bridge_slave_1) entered blocking state
[  753.711121][T14740] bridge0: port 2(bridge_slave_1) entered disabled state
[  753.718891][T14740] bridge_slave_1: entered allmulticast mode
[  753.726897][T14740] bridge_slave_1: entered promiscuous mode
[  753.866255][T14740] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  753.871140][T14740] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  753.979555][T14740] team0: Port device team_slave_0 added
[  753.988817][T14740] team0: Port device team_slave_1 added
[  754.076789][ T1112] bridge_slave_1: left allmulticast mode
[  754.078340][ T1112] bridge_slave_1: left promiscuous mode
[  754.079919][ T1112] bridge0: port 2(bridge_slave_1) entered disabled state
[  754.095209][ T1112] bridge_slave_0: left allmulticast mode
[  754.096663][ T1112] bridge_slave_0: left promiscuous mode
[  754.098859][ T1112] bridge0: port 1(bridge_slave_0) entered disabled state
[  754.124269][ T1112] bridge_slave_1: left allmulticast mode
[  754.125849][ T1112] bridge_slave_1: left promiscuous mode
[  754.127427][ T1112] bridge0: port 2(bridge_slave_1) entered disabled state
[  754.151858][ T1112] bridge_slave_0: left allmulticast mode
[  754.153871][ T1112] bridge_slave_0: left promiscuous mode
[  754.155764][ T1112] bridge0: port 1(bridge_slave_0) entered disabled state
[  754.406369][ T4778] Bluetooth: hci1: command tx timeout
[  754.800650][ T1112] bond0 (unregistering): (slave bridge0): Releasing backup interface
[  755.092617][ T4778] Bluetooth: hci0: command tx timeout
[  756.239008][ T1112] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  756.247997][ T1112] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  756.253480][ T1112] bond0 (unregistering): Released all slaves
[  756.316987][T14762] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2750'.
[  756.378437][ T4778] Bluetooth: hci1: command tx timeout
[  756.416901][ T1112] team0: Port device bond0 removed
[  756.421009][ T1112] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  756.429003][ T1112] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  756.432394][ T1112] bond0 (unregistering): Released all slaves
[  756.521460][T14740] batman_adv: batadv0: Adding interface: batadv_slave_0
[  756.524241][T14740] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  756.550604][T14740] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  756.682368][ T1112] Κό: left promiscuous mode
[  756.701841][T14740] batman_adv: batadv0: Adding interface: batadv_slave_1
[  756.711120][T14740] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  756.727898][T14740] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  756.816130][ T1112] IPVS: stopping backup sync thread 13446 ...
[  756.929346][T14740] hsr_slave_0: entered promiscuous mode
[  756.933208][T14740] hsr_slave_1: entered promiscuous mode
[  756.938194][T14740] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  756.940920][T14740] Cannot create hsr debugfs directory
[  757.074482][ T4778] Bluetooth: hci0: command tx timeout
[  757.450467][T14709] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  757.505543][T14709] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  757.514350][T14709] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  757.547510][T14709] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  757.602423][ T1112] hsr_slave_0: left promiscuous mode
[  757.605418][ T1112] hsr_slave_1: left promiscuous mode
[  757.608856][ T1112] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  757.610850][ T1112] batman_adv: batadv0: Removing interface: batadv_slave_0
[  757.616792][ T1112] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  757.618881][ T1112] batman_adv: batadv0: Removing interface: batadv_slave_1
[  757.639138][ T1112] hsr_slave_0: left promiscuous mode
[  757.641474][ T1112] hsr_slave_1: left promiscuous mode
[  757.643734][ T1112] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  757.646258][ T1112] batman_adv: batadv0: Removing interface: batadv_slave_0
[  757.655844][ T1112] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  757.657915][ T1112] batman_adv: batadv0: Removing interface: batadv_slave_1
[  757.756027][ T1112] veth1_macvtap: left promiscuous mode
[  757.757672][ T1112] veth0_macvtap: left promiscuous mode
[  757.759508][ T1112] veth1_vlan: left allmulticast mode
[  757.761044][ T1112] veth1_vlan: left promiscuous mode
[  757.807778][ T1112] veth1_macvtap: left promiscuous mode
[  757.809235][ T1112] veth0_macvtap: left promiscuous mode
[  757.811751][ T1112] veth1_vlan: left promiscuous mode
[  757.813316][ T1112] veth0_vlan: left promiscuous mode
[  758.320203][ T1112] macvlan0 (unregistering): left allmulticast mode
[  758.360158][ T4778] Bluetooth: hci1: command tx timeout
[  760.341157][ T4778] Bluetooth: hci1: command tx timeout
[  761.313622][T14779] netlink: 'syz.0.2758': attribute type 6 has an invalid length.
[  761.349165][T14779] hub 9-0:1.0: USB hub found
[  761.351603][T14779] hub 9-0:1.0: 1 port detected
[  761.565807][ T1112] team0 (unregistering): Port device team_slave_1 removed
[  761.733384][ T1112] team0 (unregistering): Port device team_slave_0 removed
[  764.069686][ T1112] team0 (unregistering): Port device team_slave_1 removed
[  764.215304][ T1112] team0 (unregistering): Port device team_slave_0 removed
[  765.319218][T14778] netlink: 132 bytes leftover after parsing attributes in process `syz.0.2758'.
[  765.478282][T14709] 8021q: adding VLAN 0 to HW filter on device bond0
[  765.497385][T14709] 8021q: adding VLAN 0 to HW filter on device team0
[  765.517333][   T45] bridge0: port 1(bridge_slave_0) entered blocking state
[  765.519238][   T45] bridge0: port 1(bridge_slave_0) entered forwarding state
[  765.543982][ T1173] bridge0: port 2(bridge_slave_1) entered blocking state
[  765.546221][ T1173] bridge0: port 2(bridge_slave_1) entered forwarding state
[  765.686825][T14784] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u32:11: corrupted in-inode xattr: bad magic number in in-inode xattr
[  765.695032][T14785] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u32:11: corrupted in-inode xattr: bad magic number in in-inode xattr
[  765.702920][T14786] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u32:11: corrupted in-inode xattr: bad magic number in in-inode xattr
[  765.710723][T14787] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u32:11: corrupted in-inode xattr: bad magic number in in-inode xattr
[  765.778960][T14709] 8021q: adding VLAN 0 to HW filter on device batadv0
[  765.833618][T14740] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  765.841172][T14740] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  765.853612][T14740] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  765.865383][T14740] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  765.920654][T14709] veth0_vlan: entered promiscuous mode
[  765.951485][T14709] veth1_vlan: entered promiscuous mode
[  765.962874][T12078] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  765.969240][T12078] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  765.974709][T12078] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  765.978761][T12078] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  765.994389][T12078] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  765.997148][T12078] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  766.077350][T14740] 8021q: adding VLAN 0 to HW filter on device bond0
[  766.093672][T14709] veth0_macvtap: entered promiscuous mode
[  766.119784][T14740] 8021q: adding VLAN 0 to HW filter on device team0
[  766.135948][T14709] veth1_macvtap: entered promiscuous mode
[  766.157492][ T1112] IPVS: stop unused estimator thread 0...
[  766.169683][ T1173] bridge0: port 1(bridge_slave_0) entered blocking state
[  766.172278][ T1173] bridge0: port 1(bridge_slave_0) entered forwarding state
[  766.191506][ T1173] bridge0: port 2(bridge_slave_1) entered blocking state
[  766.194151][ T1173] bridge0: port 2(bridge_slave_1) entered forwarding state
[  766.198833][T14709] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  766.202553][T14709] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  766.205955][T14709] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  766.210475][T14709] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  766.215804][T14709] batman_adv: batadv0: Interface activated: batadv_slave_0
[  766.223944][T14709] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  766.228182][T14709] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  766.231369][T14709] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  766.234812][T14709] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  766.240549][T14709] batman_adv: batadv0: Interface activated: batadv_slave_1
[  766.271408][T14709] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  766.274698][T14709] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  766.278513][T14709] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  766.281613][T14709] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  766.424386][ T1112] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  766.437935][T14794] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u32:1: corrupted in-inode xattr: bad magic number in in-inode xattr
[  766.464022][T14790] chnl_net:caif_netlink_parms(): no params data found
[  766.466112][T14795] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u32:11: corrupted in-inode xattr: bad magic number in in-inode xattr
[  766.471620][T14796] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u32:1: corrupted in-inode xattr: bad magic number in in-inode xattr
[  766.500931][ T1112] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  766.525219][T14797] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u32:1: corrupted in-inode xattr: bad magic number in in-inode xattr
[  766.531948][T14798] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u32:1: corrupted in-inode xattr: bad magic number in in-inode xattr
[  766.553504][T14756] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  766.556264][T14756] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  766.585739][ T1112] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  766.668543][T14790] bridge0: port 1(bridge_slave_0) entered blocking state
[  766.671146][T14790] bridge0: port 1(bridge_slave_0) entered disabled state
[  766.673763][T14790] bridge_slave_0: entered allmulticast mode
[  766.677788][T14790] bridge_slave_0: entered promiscuous mode
[  766.719335][ T1112] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  766.732554][T14790] bridge0: port 2(bridge_slave_1) entered blocking state
[  766.739362][T14790] bridge0: port 2(bridge_slave_1) entered disabled state
[  766.742238][T14790] bridge_slave_1: entered allmulticast mode
[  766.746047][T14790] bridge_slave_1: entered promiscuous mode
[  766.826464][T14790] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  766.833879][   T45] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  766.834883][T14740] 8021q: adding VLAN 0 to HW filter on device batadv0
[  766.836706][   T45] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  766.851225][T14790] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  766.938583][T14790] team0: Port device team_slave_0 added
[  766.987596][T14790] team0: Port device team_slave_1 added
[  767.083017][T14804] xt_CT: You must specify a L4 protocol and not use inversions on it
[  767.114891][T14790] batman_adv: batadv0: Adding interface: batadv_slave_0
[  767.117958][T14790] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  767.127649][T14790] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  767.140920][T14740] veth0_vlan: entered promiscuous mode
[  767.150904][T14790] batman_adv: batadv0: Adding interface: batadv_slave_1
[  767.154048][T14790] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  767.161084][T14790] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  767.164474][ T1112] bridge_slave_1: left allmulticast mode
[  767.166019][ T1112] bridge_slave_1: left promiscuous mode
[  767.167626][ T1112] bridge0: port 2(bridge_slave_1) entered disabled state
[  767.180393][ T1112] bridge_slave_0: left allmulticast mode
[  767.182005][ T1112] bridge_slave_0: left promiscuous mode
[  767.183612][ T1112] bridge0: port 1(bridge_slave_0) entered disabled state
[  767.760613][ T1112] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  767.767255][ T1112] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  767.771196][ T1112] bond0 (unregistering): Released all slaves
[  767.788030][T14740] veth1_vlan: entered promiscuous mode
[  767.801348][T14806] all: renamed from lo (while UP)
[  767.944003][T14790] hsr_slave_0: entered promiscuous mode
[  767.950631][T14790] hsr_slave_1: entered promiscuous mode
[  767.972202][T12078] Bluetooth: hci2: command tx timeout
[  768.254984][T14740] veth0_macvtap: entered promiscuous mode
[  768.277684][ T1112] hsr_slave_0: left promiscuous mode
[  768.280639][ T1112] hsr_slave_1: left promiscuous mode
[  768.283835][ T1112] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  768.287002][ T1112] batman_adv: batadv0: Removing interface: batadv_slave_0
[  768.290484][ T1112] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  768.293376][ T1112] batman_adv: batadv0: Removing interface: batadv_slave_1
[  768.329712][ T1112] veth1_macvtap: left promiscuous mode
[  768.331178][ T1112] veth0_macvtap: left promiscuous mode
[  768.332661][ T1112] veth1_vlan: left promiscuous mode
[  768.336480][ T1112] veth0_vlan: left promiscuous mode
[  769.908435][ T1112] team0 (unregistering): Port device team_slave_1 removed
[  769.951518][T12078] Bluetooth: hci2: command tx timeout
[  770.096370][ T1112] team0 (unregistering): Port device team_slave_0 removed
[  771.188543][T14740] veth1_macvtap: entered promiscuous mode
[  771.421428][T14740] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  771.425112][T14740] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  771.451346][T14740] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  771.455094][T14740] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  771.471902][T14740] batman_adv: batadv0: Interface activated: batadv_slave_0
[  771.531736][T14740] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  771.545852][T14740] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  771.548432][T14740] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  771.551157][T14740] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  771.557981][T14740] batman_adv: batadv0: Interface activated: batadv_slave_1
[  771.569757][T14740] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  771.572205][T14740] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  771.574498][T14740] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  771.576785][T14740] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  771.668550][T14822] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2768'.
[  771.718637][T14822] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2768'.
[  771.796353][   T96] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  771.798446][   T96] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  771.839584][ T1105] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  771.841794][ T1105] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  771.938642][T12078] Bluetooth: hci2: command tx timeout
[  771.960508][T14790] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  771.974769][T14790] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  771.984176][T14790] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  771.993227][T14790] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  772.212742][T14790] 8021q: adding VLAN 0 to HW filter on device bond0
[  772.231992][T14826] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2747'.
[  772.240911][T14790] 8021q: adding VLAN 0 to HW filter on device team0
[  772.250166][T14826] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2747'.
[  772.313141][T14829] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2769'.
[  772.334966][T14756] bridge0: port 1(bridge_slave_0) entered blocking state
[  772.336864][T14756] bridge0: port 1(bridge_slave_0) entered forwarding state
[  772.339753][T14756] bridge0: port 2(bridge_slave_1) entered blocking state
[  772.341607][T14756] bridge0: port 2(bridge_slave_1) entered forwarding state
[  772.384327][T14829] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2769'.
[  772.577895][T14790] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  772.590123][T14790] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  772.659257][T14835] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u32:5: corrupted in-inode xattr: bad magic number in in-inode xattr
[  772.687353][T14836] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u32:5: corrupted in-inode xattr: bad magic number in in-inode xattr
[  772.710432][T14837] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u32:5: corrupted in-inode xattr: bad magic number in in-inode xattr
[  772.721359][T14838] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u32:5: corrupted in-inode xattr: bad magic number in in-inode xattr
[  772.808895][T14790] 8021q: adding VLAN 0 to HW filter on device batadv0
[  772.953220][T14790] veth0_vlan: entered promiscuous mode
[  772.972205][T14790] veth1_vlan: entered promiscuous mode
[  773.106291][T14790] veth0_macvtap: entered promiscuous mode
[  773.113526][T14790] veth1_macvtap: entered promiscuous mode
[  773.156173][T14790] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  773.159676][T14790] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  773.164110][T14790] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  773.167569][T14790] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  773.171285][T14790] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  773.175125][T14790] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  773.180076][T14790] batman_adv: batadv0: Interface activated: batadv_slave_0
[  773.188051][T14790] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  773.191050][T14790] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  773.194860][T14790] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  773.199253][T14790] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  773.203072][T14790] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  773.205905][T14790] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  773.210857][T14790] batman_adv: batadv0: Interface activated: batadv_slave_1
[  773.216182][T14847] bond_slave_1: entered allmulticast mode
[  773.268945][T14790] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  773.271299][T14790] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  773.277574][T14790] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  773.281914][T14790] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  773.301669][T14853] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u32:9: corrupted in-inode xattr: bad magic number in in-inode xattr
[  773.439540][T14854] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.2774'.
[  773.647840][ T1112] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  773.657849][ T1112] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  773.713886][   T96] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  773.716080][   T96] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  773.719700][T14857] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u32:9: corrupted in-inode xattr: bad magic number in in-inode xattr
[  773.734730][T14858] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u32:9: corrupted in-inode xattr: bad magic number in in-inode xattr
[  773.876775][T14861] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u32:9: corrupted in-inode xattr: bad magic number in in-inode xattr
[  773.892842][T14862] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u32:11: corrupted in-inode xattr: bad magic number in in-inode xattr
[  773.910814][T12078] Bluetooth: hci2: command tx timeout
[  774.138430][T14865] xt_CT: You must specify a L4 protocol and not use inversions on it
[  775.312463][T14884] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u32:9: corrupted in-inode xattr: bad magic number in in-inode xattr
[  775.449141][T14894] netlink: 'syz.0.2784': attribute type 4 has an invalid length.
[  775.495773][T14894] netlink: 'syz.0.2784': attribute type 4 has an invalid length.
[  775.963181][   T35] usb 7-1: new high-speed USB device number 41 using dummy_hcd
[  776.134635][   T35] usb 7-1: Using ep0 maxpacket: 32
[  776.138266][   T35] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  776.140918][   T35] usb 7-1: config 0 has no interfaces?
[  776.142538][   T35] usb 7-1: New USB device found, idVendor=1b96, idProduct=9f0a, bcdDevice= 0.15
[  776.145820][   T35] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  776.149081][   T35] usb 7-1: config 0 descriptor??
[  776.335910][T14912] bond_slave_1: entered allmulticast mode
[  776.346851][T14913] xt_CT: You must specify a L4 protocol and not use inversions on it
[  776.567668][T14917] netlink: 'syz.3.2792': attribute type 9 has an invalid length.
[  776.571802][T14917] netlink: 209836 bytes leftover after parsing attributes in process `syz.3.2792'.
[  777.216261][T12078] block nbd3: Receive control failed (result -104)
[  777.217059][T14918] block nbd3: shutting down sockets
[  778.198198][T14943] input: syz1 as /devices/virtual/input/input37
[  778.199551][T14941] FAULT_INJECTION: forcing a failure.
[  778.199551][T14941] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  778.204757][T14941] CPU: 0 UID: 0 PID: 14941 Comm: syz.1.2798 Not tainted 6.11.0-syzkaller-02574-ga430d95c5efa #0
[  778.207550][T14941] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  778.210405][T14941] Call Trace:
[  778.211525][T14941]  <TASK>
[  778.212669][T14941]  dump_stack_lvl+0x16c/0x1f0
[  778.214352][T14941]  should_fail_ex+0x497/0x5b0
[  778.215634][T14941]  _copy_to_user+0x30/0xc0
[  778.216864][T14941]  generic_map_lookup_batch+0x70e/0xb90
[  778.218364][T14941]  ? __pfx_generic_map_lookup_batch+0x10/0x10
[  778.219987][T14941]  bpf_map_do_batch+0x432/0x6d0
[  778.221408][T14941]  ? __pfx_generic_map_lookup_batch+0x10/0x10
[  778.223080][T14941]  __sys_bpf+0x5105/0x5590
[  778.224282][T14941]  ? __pfx___sys_bpf+0x10/0x10
[  778.225636][T14941]  ? ksys_write+0x12f/0x260
[  778.226874][T14941]  ? find_held_lock+0x2d/0x110
[  778.228143][T14941]  ? ksys_write+0x21c/0x260
[  778.229356][T14941]  ? __pfx_lock_release+0x10/0x10
[  778.230719][T14941]  ? vfs_write+0x14d/0x1140
[  778.231947][T14941]  ? __mutex_unlock_slowpath+0x164/0x650
[  778.233477][T14941]  ? fput+0x30/0x390
[  778.234533][T14941]  ? ksys_write+0x1ab/0x260
[  778.235724][T14941]  ? __pfx_ksys_write+0x10/0x10
[  778.237019][T14941]  __ia32_sys_bpf+0x76/0xe0
[  778.238240][T14941]  __do_fast_syscall_32+0x73/0x120
[  778.239601][T14941]  do_fast_syscall_32+0x32/0x80
[  778.241014][T14941]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  778.242737][T14941] RIP: 0023:0xf7fb2579
[  778.243828][T14941] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  778.249089][T14941] RSP: 002b:00000000f571556c EFLAGS: 00000296 ORIG_RAX: 0000000000000165
[  778.251347][T14941] RAX: ffffffffffffffda RBX: 0000000000000018 RCX: 00000000200003c0
[  778.253552][T14941] RDX: 0000000000000038 RSI: 0000000000000000 RDI: 0000000000000000
[  778.255676][T14941] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  778.257812][T14941] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  778.259927][T14941] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  778.262528][T14941]  </TASK>
[  778.459171][   T59] usb 7-1: USB disconnect, device number 41
[  778.560801][T14949] EXT4-fs error: 5 callbacks suppressed
[  778.560816][T14949] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u32:9: corrupted in-inode xattr: bad magic number in in-inode xattr
[  778.582575][T14950] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u32:9: corrupted in-inode xattr: bad magic number in in-inode xattr
[  779.168175][T14959] IPVS: length: 196 != 24
[  779.414664][T14965] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2807'.
[  779.417757][T14966] random: crng reseeded on system resumption
[  779.424625][T14965] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2807'.
[  779.572598][T14971] random: crng reseeded on system resumption
[  779.595126][T14971] FAULT_INJECTION: forcing a failure.
[  779.595126][T14971] name failslab, interval 1, probability 0, space 0, times 0
[  779.606213][T14971] CPU: 0 UID: 0 PID: 14971 Comm: syz.1.2810 Not tainted 6.11.0-syzkaller-02574-ga430d95c5efa #0
[  779.608938][T14971] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  779.611827][T14971] Call Trace:
[  779.612712][T14971]  <TASK>
[  779.613498][T14971]  dump_stack_lvl+0x16c/0x1f0
[  779.614740][T14971]  should_fail_ex+0x497/0x5b0
[  779.615933][T14971]  ? fs_reclaim_acquire+0xae/0x160
[  779.617278][T14971]  should_failslab+0xc2/0x120
[  779.618522][T14971]  __kmalloc_noprof+0xcb/0x410
[  779.619943][T14971]  ? __pfx_d_absolute_path+0x10/0x10
[  779.621823][T14971]  tomoyo_encode2+0x100/0x3e0
[  779.623486][T14971]  tomoyo_realpath_from_path+0x1a7/0x710
[  779.625472][T14971]  tomoyo_path_number_perm+0x245/0x5b0
[  779.627411][T14971]  ? tomoyo_path_number_perm+0x232/0x5b0
[  779.629350][T14971]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  779.631443][T14971]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  779.633570][T14971]  ? __fget_files+0x244/0x3f0
[  779.635239][T14971]  ? __fget_files+0x244/0x3f0
[  779.636588][T14971]  security_file_ioctl_compat+0x9b/0x240
[  779.638014][T14971]  __do_compat_sys_ioctl+0x5d/0x330
[  779.639386][T14971]  __do_fast_syscall_32+0x73/0x120
[  779.641310][T14971]  do_fast_syscall_32+0x32/0x80
[  779.642848][T14971]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  779.644466][T14971] RIP: 0023:0xf7fb2579
[  779.645545][T14971] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  779.650574][T14971] RSP: 002b:00000000f573656c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  779.652967][T14971] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000003314
[  779.655095][T14971] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  779.657068][T14971] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  779.659079][T14971] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  779.661162][T14971] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  779.663193][T14971]  </TASK>
[  779.703179][T14971] ERROR: Out of memory at tomoyo_realpath_from_path.
[  779.753612][T14974] random: crng reseeded on system resumption
[  779.818470][   T39] audit: type=1326 audit(2000000721.709:819): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14972 comm="syz.2.2811" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f55579 code=0x7ffc0000
[  779.839018][   T39] audit: type=1326 audit(2000000721.719:820): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14972 comm="syz.2.2811" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f55579 code=0x7ffc0000
[  779.860786][   T39] audit: type=1326 audit(2000000721.719:821): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14972 comm="syz.2.2811" exe="/syz-executor" sig=0 arch=40000003 syscall=5 compat=1 ip=0xf7f55579 code=0x7ffc0000
[  779.866706][   T39] audit: type=1326 audit(2000000721.719:822): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14972 comm="syz.2.2811" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f55579 code=0x7ffc0000
[  779.906523][   T39] audit: type=1326 audit(2000000721.719:823): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14972 comm="syz.2.2811" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f55579 code=0x7ffc0000
[  779.931496][   T39] audit: type=1326 audit(2000000721.730:824): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14972 comm="syz.2.2811" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7f55579 code=0x7ffc0000
[  779.944912][   T39] audit: type=1326 audit(2000000721.730:825): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14972 comm="syz.2.2811" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f55579 code=0x7ffc0000
[  779.957871][   T39] audit: type=1326 audit(2000000721.730:826): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14972 comm="syz.2.2811" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f55579 code=0x7ffc0000
[  779.964944][   T39] audit: type=1326 audit(2000000721.730:827): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14972 comm="syz.2.2811" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7f55579 code=0x7ffc0000
[  779.981097][   T39] audit: type=1326 audit(2000000721.730:828): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14972 comm="syz.2.2811" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f55579 code=0x7ffc0000
[  780.030517][T14984] tipc: Started in network mode
[  780.031893][T14984] tipc: Node identity aee9416d057f, cluster identity 4711
[  780.033935][T14984] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  780.050015][T14984] tipc: Resetting bearer <eth:syzkaller0>
[  780.073028][T14983] tipc: Disabling bearer <eth:syzkaller0>
[  780.260050][T14991] FAULT_INJECTION: forcing a failure.
[  780.260050][T14991] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  780.264045][T14991] CPU: 0 UID: 0 PID: 14991 Comm: syz.2.2818 Not tainted 6.11.0-syzkaller-02574-ga430d95c5efa #0
[  780.266978][T14991] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  780.269914][T14991] Call Trace:
[  780.270809][T14991]  <TASK>
[  780.271631][T14991]  dump_stack_lvl+0x16c/0x1f0
[  780.272925][T14991]  should_fail_ex+0x497/0x5b0
[  780.274244][T14991]  strncpy_from_user+0x38/0x320
[  780.275614][T14991]  getname_flags.part.0+0x8f/0x550
[  780.277052][T14991]  getname_flags+0x93/0xf0
[  780.278636][T14991]  user_path_at+0x24/0x60
[  780.280005][T14991]  __ia32_sys_mount+0x1fb/0x310
[  780.281434][T14991]  ? __pfx___ia32_sys_mount+0x10/0x10
[  780.282917][T14991]  __do_fast_syscall_32+0x73/0x120
[  780.284334][T14991]  do_fast_syscall_32+0x32/0x80
[  780.285753][T14991]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  780.287593][T14991] RIP: 0023:0xf7f55579
[  780.289082][T14991] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  780.295012][T14991] RSP: 002b:00000000f56d656c EFLAGS: 00000296 ORIG_RAX: 0000000000000015
[  780.297303][T14991] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000200000c0
[  780.300031][T14991] RDX: 0000000020000340 RSI: 0000000000000000 RDI: 0000000020000080
[  780.302435][T14991] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  780.304569][T14991] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  780.306746][T14991] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  780.308919][T14991]  </TASK>
[  780.363166][T14996] FAULT_INJECTION: forcing a failure.
[  780.363166][T14996] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  780.373318][T14996] CPU: 3 UID: 0 PID: 14996 Comm: syz.2.2819 Not tainted 6.11.0-syzkaller-02574-ga430d95c5efa #0
[  780.376895][T14996] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  780.380292][T14996] Call Trace:
[  780.381491][T14996]  <TASK>
[  780.382561][T14996]  dump_stack_lvl+0x16c/0x1f0
[  780.384198][T14996]  should_fail_ex+0x497/0x5b0
[  780.385874][T14996]  _copy_from_iter+0x29b/0x13f0
[  780.387662][T14996]  ? __alloc_skb+0x200/0x380
[  780.389325][T14996]  ? __pfx__copy_from_iter+0x10/0x10
[  780.391198][T14996]  ? __virt_addr_valid+0x5e/0x590
[  780.392990][T14996]  ? __phys_addr_symbol+0x30/0x80
[  780.394645][T14996]  ? __check_object_size+0x497/0x720
[  780.396397][T14996]  netlink_sendmsg+0x813/0xd70
[  780.398084][T14996]  ? __pfx_netlink_sendmsg+0x10/0x10
[  780.399787][T14996]  ____sys_sendmsg+0x9ae/0xb40
[  780.401544][T14996]  ? __pfx_____sys_sendmsg+0x10/0x10
[  780.403344][T14996]  ? get_compat_msghdr+0x11b/0x170
[  780.405121][T14996]  ? __pfx___lock_acquire+0x10/0x10
[  780.406889][T14996]  ___sys_sendmsg+0x135/0x1e0
[  780.408532][T14996]  ? __pfx____sys_sendmsg+0x10/0x10
[  780.410269][T14996]  ? find_held_lock+0x2d/0x110
[  780.411963][T14996]  ? ksys_write+0x21c/0x260
[  780.413652][T14996]  ? __fget_light+0x173/0x210
[  780.415237][T14996]  __sys_sendmsg+0x117/0x1f0
[  780.416934][T14996]  ? __pfx___sys_sendmsg+0x10/0x10
[  780.418780][T14996]  __do_fast_syscall_32+0x73/0x120
[  780.420645][T14996]  do_fast_syscall_32+0x32/0x80
[  780.422393][T14996]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  780.424573][T14996] RIP: 0023:0xf7f55579
[  780.426032][T14996] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  780.432687][T14996] RSP: 002b:00000000f56d656c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  780.435589][T14996] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020001080
[  780.438350][T14996] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  780.441141][T14996] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  780.443915][T14996] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  780.446587][T14996] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  780.449462][T14996]  </TASK>
[  781.046791][T15013] FAULT_INJECTION: forcing a failure.
[  781.046791][T15013] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  781.050408][T15013] CPU: 2 UID: 0 PID: 15013 Comm: syz.2.2826 Not tainted 6.11.0-syzkaller-02574-ga430d95c5efa #0
[  781.053441][T15013] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  781.056900][T15013] Call Trace:
[  781.057805][T15013]  <TASK>
[  781.058594][T15013]  dump_stack_lvl+0x16c/0x1f0
[  781.059843][T15013]  should_fail_ex+0x497/0x5b0
[  781.061092][T15013]  _copy_to_user+0x30/0xc0
[  781.062352][T15013]  simple_read_from_buffer+0xd0/0x160
[  781.064265][T15013]  proc_fail_nth_read+0x198/0x270
[  781.065701][T15013]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  781.067154][T15013]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  781.068613][T15013]  vfs_read+0x1ce/0xbd0
[  781.069757][T15013]  ? __fdget_pos+0xe8/0x170
[  781.070981][T15013]  ? __pfx_vfs_read+0x10/0x10
[  781.072216][T15013]  ? __pfx___mutex_lock+0x10/0x10
[  781.073976][T15013]  ? __fget_files+0x244/0x3f0
[  781.075696][T15013]  ksys_read+0x12f/0x260
[  781.077238][T15013]  ? __pfx_ksys_read+0x10/0x10
[  781.078975][T15013]  __do_fast_syscall_32+0x73/0x120
[  781.080820][T15013]  do_fast_syscall_32+0x32/0x80
[  781.082569][T15013]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  781.084458][T15013] RIP: 0023:0xf7f55579
[  781.085538][T15013] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  781.090509][T15013] RSP: 002b:00000000f56d65a0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  781.092782][T15013] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f56d6620
[  781.094848][T15013] RDX: 000000000000000f RSI: 00000000f73dbff4 RDI: 0000000000000000
[  781.096896][T15013] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000
[  781.098964][T15013] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  781.101021][T15013] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  781.103437][T15013]  </TASK>
[  781.104704][    C2] vkms_vblank_simulate: vblank timer overrun
[  781.212761][T15017] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2825'.
[  781.220887][T15017] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2825'.
[  781.236670][T15020] overlayfs: missing 'lowerdir'
[  781.318628][T15022] netlink: 84 bytes leftover after parsing attributes in process `syz.2.2827'.
[  781.697631][T12304] usb 7-1: new high-speed USB device number 42 using dummy_hcd
[  781.880718][T12304] usb 7-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  781.926310][T12304] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  781.929522][T12304] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 66
[  781.932018][T12304] usb 7-1: config 1 interface 0 altsetting 0 has an endpoint descriptor with address 0xF7, changing to 0x87
[  781.935118][T12304] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x87 has an invalid bInterval 0, changing to 7
[  782.031366][T12304] usb 7-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  782.034712][T12304] usb 7-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  782.037596][T12304] usb 7-1: Product: syz
[  782.039123][T12304] usb 7-1: Manufacturer: syz
[  782.113937][T12304] cdc_wdm 7-1:1.0: skipping garbage
[  782.115654][T12304] cdc_wdm 7-1:1.0: skipping garbage
[  782.128248][T15029] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u32:1: corrupted in-inode xattr: bad magic number in in-inode xattr
[  782.162809][T12304] cdc_wdm 7-1:1.0: cdc-wdm0: USB WDM device
[  782.177761][T12304] cdc_wdm 7-1:1.0: Unknown control protocol
[  782.389085][T15018] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  782.418214][T15018] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  782.698249][ T1999] usb 7-1: USB disconnect, device number 42
[  782.747960][T15033] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2831'.
[  783.200357][T15040] FAULT_INJECTION: forcing a failure.
[  783.200357][T15040] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  783.206009][T15040] CPU: 3 UID: 0 PID: 15040 Comm: syz.1.2834 Not tainted 6.11.0-syzkaller-02574-ga430d95c5efa #0
[  783.209529][T15040] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  783.213110][T15040] Call Trace:
[  783.214255][T15040]  <TASK>
[  783.215261][T15040]  dump_stack_lvl+0x16c/0x1f0
[  783.216853][T15040]  should_fail_ex+0x497/0x5b0
[  783.218324][T15040]  _copy_from_user+0x30/0xf0
[  783.219555][T15040]  get_compat_msghdr+0xa8/0x170
[  783.220845][T15040]  ? __pfx_get_compat_msghdr+0x10/0x10
[  783.222327][T15040]  ? __pfx___lock_acquire+0x10/0x10
[  783.223700][T15040]  ___sys_sendmsg+0x1b0/0x1e0
[  783.224948][T15040]  ? __pfx____sys_sendmsg+0x10/0x10
[  783.226330][T15040]  ? find_held_lock+0x2d/0x110
[  783.227591][T15040]  ? ksys_write+0x21c/0x260
[  783.228804][T15040]  ? __fget_light+0x173/0x210
[  783.230067][T15040]  __sys_sendmsg+0x117/0x1f0
[  783.231301][T15040]  ? __pfx___sys_sendmsg+0x10/0x10
[  783.232810][T15040]  __do_fast_syscall_32+0x73/0x120
[  783.234557][T15040]  do_fast_syscall_32+0x32/0x80
[  783.236237][T15040]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  783.238398][T15040] RIP: 0023:0xf7fb2579
[  783.239789][T15040] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  783.246288][T15040] RSP: 002b:00000000f573656c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  783.249097][T15040] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000200001c0
[  783.251771][T15040] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  783.254437][T15040] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  783.257094][T15040] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  783.259778][T15040] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  783.262507][T15040]  </TASK>
[  783.562250][T15050] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2837'.
[  783.567392][T15050] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2837'.
[  783.687396][T15051] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2836'.
[  783.790258][T15054] fuse: Unknown parameter 'groCΤtd'
[  786.918883][T15093] FAULT_INJECTION: forcing a failure.
[  786.918883][T15093] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  786.923369][T15093] CPU: 0 UID: 0 PID: 15093 Comm: syz.0.2853 Not tainted 6.11.0-syzkaller-02574-ga430d95c5efa #0
[  786.926635][T15093] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  786.930209][T15093] Call Trace:
[  786.931222][T15093]  <TASK>
[  786.932121][T15093]  dump_stack_lvl+0x16c/0x1f0
[  786.933644][T15093]  should_fail_ex+0x497/0x5b0
[  786.935175][T15093]  ? fs_reclaim_acquire+0xae/0x160
[  786.936840][T15093]  should_fail_alloc_page+0xe7/0x130
[  786.938560][T15093]  prepare_alloc_pages.constprop.0+0x16f/0x560
[  786.940533][T15093]  __alloc_pages_noprof+0x194/0x2460
[  786.942260][T15093]  ? hlock_class+0x4e/0x130
[  786.943727][T15093]  ? mark_lock+0xb5/0xc60
[  786.945127][T15093]  ? hlock_class+0x4e/0x130
[  786.946649][T15093]  ? __lock_acquire+0xbdd/0x3cb0
[  786.950752][T15093]  ? __pfx___alloc_pages_noprof+0x10/0x10
[  786.950863][T15093]  ? __pfx___lock_acquire+0x10/0x10
[  786.950885][T15093]  ? __pfx___lock_acquire+0x10/0x10
[  786.950905][T15093]  ? __pfx_mark_lock+0x10/0x10
[  786.950926][T15093]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  786.950952][T15093]  ? policy_nodemask+0xea/0x4e0
[  786.950972][T15093]  alloc_pages_mpol_noprof+0x275/0x610
[  786.950995][T15093]  ? __pfx_alloc_pages_mpol_noprof+0x10/0x10
[  786.951021][T15093]  ? find_held_lock+0x2d/0x110
[  786.951040][T15093]  folio_alloc_mpol_noprof+0x36/0xd0
[  786.951063][T15093]  vma_alloc_folio_noprof+0xee/0x1b0
[  786.951084][T15093]  ? __pfx_vma_alloc_folio_noprof+0x10/0x10
[  786.951104][T15093]  ? lock_vma_under_rcu+0x1e2/0x8f0
[  786.951123][T15093]  ? lock_vma_under_rcu+0x1e2/0x8f0
[  786.951145][T15093]  __handle_mm_fault+0x2d27/0x5470
[  786.951170][T15093]  ? down_read_trylock+0x1ed/0x3f0
[  786.951191][T15093]  ? lock_vma_under_rcu+0x1e2/0x8f0
[  786.951209][T15093]  ? __pfx___handle_mm_fault+0x10/0x10
[  786.951239][T15093]  ? __pfx_lock_vma_under_rcu+0x10/0x10
[  786.951261][T15093]  handle_mm_fault+0x498/0xa60
[  786.951282][T15093]  ? spurious_kernel_fault+0x361/0x3c0
[  786.951306][T15093]  do_user_addr_fault+0x60d/0x13f0
[  786.951334][T15093]  exc_page_fault+0x5c/0xc0
[  786.951359][T15093]  asm_exc_page_fault+0x26/0x30
[  786.951381][T15093] RIP: 0023:0xf71c5610
[  786.951396][T15093] Code: 20 00 00 65 8b 15 14 00 00 00 89 94 24 cc 20 00 00 8b 56 68 85 d2 0f 85 46 01 00 00 c7 46 68 ff ff ff ff 8d 94 24 cc 00 00 00 <89> b4 24 bc 00 00 00 89 54 24 38 89 54 24 34 8d 94 24 cc 20 00 00
[  786.951411][T15093] RSP: 002b:00000000f56a44a0 EFLAGS: 00010246
[  786.951427][T15093] RAX: 00000000f726e5bc RBX: 00000000f73abff4 RCX: 00000000f56a65d4
[  786.951438][T15093] RDX: 00000000f56a456c RSI: 00000000f73b2240 RDI: 0000000000000009
[  786.951448][T15093] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  786.951458][T15093] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  786.951468][T15093] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  786.951490][T15093]  </TASK>
[  786.968747][T15093] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[  787.174925][T15111] vivid-000: =================  START STATUS  =================
[  787.179085][T15111] vivid-000: Generate PTS: true
[  787.181072][T15111] vivid-000: Generate SCR: true
[  787.183071][T15111] tpg source WxH: 720x576 (Y'CbCr)
[  787.185633][T15111] tpg field: 4
[  787.187002][T15111] tpg crop: 64x576@0x0
[  787.188746][T15111] tpg compose: 16x576@0x0
[  787.190450][T15111] tpg colorspace: 1
[  787.191955][T15111] tpg transfer function: 0/0
[  787.193864][T15111] tpg Y'CbCr encoding: 0/0
[  787.196186][T15111] tpg quantization: 0/0
[  787.197823][T15111] tpg RGB range: 0/2
[  787.199699][T15111] vivid-000: ==================  END STATUS  ==================
[  787.202702][T15111] FAULT_INJECTION: forcing a failure.
[  787.202702][T15111] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  787.211632][T15111] CPU: 2 UID: 0 PID: 15111 Comm: syz.0.2858 Not tainted 6.11.0-syzkaller-02574-ga430d95c5efa #0
[  787.215460][T15111] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  787.219358][T15111] Call Trace:
[  787.220581][T15111]  <TASK>
[  787.221689][T15111]  dump_stack_lvl+0x16c/0x1f0
[  787.223377][T15111]  should_fail_ex+0x497/0x5b0
[  787.225044][T15111]  _copy_to_user+0x30/0xc0
[  787.226650][T15111]  simple_read_from_buffer+0xd0/0x160
[  787.228615][T15111]  proc_fail_nth_read+0x198/0x270
[  787.230483][T15111]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  787.232492][T15111]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  787.234486][T15111]  vfs_read+0x1ce/0xbd0
[  787.235819][T15111]  ? __fdget_pos+0xe8/0x170
[  787.237490][T15111]  ? __pfx_vfs_read+0x10/0x10
[  787.239195][T15111]  ? __pfx___mutex_lock+0x10/0x10
[  787.240881][T15111]  ? __fget_files+0x244/0x3f0
[  787.242614][T15111]  ksys_read+0x12f/0x260
[  787.244069][T15111]  ? __pfx_ksys_read+0x10/0x10
[  787.245709][T15111]  __do_fast_syscall_32+0x73/0x120
[  787.247466][T15111]  do_fast_syscall_32+0x32/0x80
[  787.249152][T15111]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  787.251402][T15111] RIP: 0023:0xf73be579
[  787.252852][T15111] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  787.259539][T15111] RSP: 002b:00000000f56a65a0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  787.262018][T15111] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f56a6620
[  787.264743][T15111] RDX: 000000000000000f RSI: 00000000f73abff4 RDI: 0000000000000000
[  787.267444][T15111] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  787.270279][T15111] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  787.272965][T15111] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  787.275720][T15111]  </TASK>
[  787.277022][    C2] vkms_vblank_simulate: vblank timer overrun
[  787.419115][T15120] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2861'.
[  787.424759][T15120] netlink: 7 bytes leftover after parsing attributes in process `syz.1.2861'.
[  787.993578][   T39] kauditd_printk_skb: 4 callbacks suppressed
[  787.993595][   T39] audit: type=1326 audit(2000000959.289:833): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15095 comm="syz.2.2854" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f55579 code=0x7fc00000
[  788.029308][   T39] audit: type=1326 audit(2000000959.289:834): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15095 comm="syz.2.2854" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f55579 code=0x7fc00000
[  788.037139][   T39] audit: type=1326 audit(2000000959.289:835): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15095 comm="syz.2.2854" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f55579 code=0x7fc00000
[  788.047584][   T39] audit: type=1326 audit(2000000959.289:836): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15095 comm="syz.2.2854" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f55579 code=0x7fc00000
[  788.056194][   T39] audit: type=1326 audit(2000000959.289:837): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15095 comm="syz.2.2854" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f55579 code=0x7fc00000
[  788.063809][   T39] audit: type=1326 audit(2000000959.289:838): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15095 comm="syz.2.2854" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f55579 code=0x7fc00000
[  788.078495][   T39] audit: type=1326 audit(2000000959.310:839): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15095 comm="syz.2.2854" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f55579 code=0x7fc00000
[  788.088830][   T39] audit: type=1326 audit(2000000959.310:840): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15095 comm="syz.2.2854" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f55579 code=0x7fc00000
[  788.096437][   T39] audit: type=1326 audit(2000000959.310:841): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15095 comm="syz.2.2854" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f55579 code=0x7fc00000
[  788.104202][   T39] audit: type=1326 audit(2000000959.310:842): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15095 comm="syz.2.2854" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f55579 code=0x7fc00000
[  789.198484][T15134] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u32:8: corrupted in-inode xattr: bad magic number in in-inode xattr
[  789.763432][ T1379] ieee802154 phy0 wpan0: encryption failed: -22
[  789.766026][ T1379] ieee802154 phy1 wpan1: encryption failed: -22
[  789.877185][T15137] netlink: 72 bytes leftover after parsing attributes in process `syz.1.2867'.
[  790.933013][T15142] syz.1.2869[15142] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  790.933258][T15142] syz.1.2869[15142] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  791.096793][T15144] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2870'.
[  791.693160][T15152] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2872'.
[  791.696218][T15152] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2872'.
[  791.995486][T15162] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2874'.
[  792.005096][T15162] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2874'.
[  793.014731][T15174] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u32:1: corrupted in-inode xattr: bad magic number in in-inode xattr
[  793.099756][   T58] usb 6-1: new high-speed USB device number 34 using dummy_hcd
[  793.271213][   T58] usb 6-1: Using ep0 maxpacket: 8
[  793.276642][   T58] usb 6-1: config index 0 descriptor too short (expected 301, got 45)
[  793.279541][   T58] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  793.289518][   T58] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  793.297372][   T58] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  793.309451][   T58] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  793.322383][   T58] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  793.325577][   T58] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  793.525692][T15184] syz.0.2883 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  793.538218][   T39] kauditd_printk_skb: 3 callbacks suppressed
[  793.538230][   T39] audit: type=1326 audit(2000000965.105:846): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15183 comm="syz.0.2883" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73be579 code=0x7ffc0000
[  793.545851][   T39] audit: type=1326 audit(2000000965.105:847): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15183 comm="syz.0.2883" exe="/syz-executor" sig=0 arch=40000003 syscall=386 compat=1 ip=0xf73be579 code=0x7ffc0000
[  793.554994][   T58] usb 6-1: usb_control_msg returned -32
[  793.555488][   T39] audit: type=1326 audit(2000000965.105:848): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15183 comm="syz.0.2883" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73be579 code=0x7ffc0000
[  793.556935][   T58] usbtmc 6-1:16.0: can't read capabilities
[  793.564485][   T39] audit: type=1326 audit(2000000965.105:849): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15183 comm="syz.0.2883" exe="/syz-executor" sig=0 arch=40000003 syscall=370 compat=1 ip=0xf73be579 code=0x7ffc0000
[  793.573630][   T39] audit: type=1326 audit(2000000965.105:850): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15183 comm="syz.0.2883" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73be579 code=0x7ffc0000
[  793.581110][   T39] audit: type=1326 audit(2000000965.105:851): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15183 comm="syz.0.2883" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf73be579 code=0x7ffc0000
[  793.588745][   T39] audit: type=1326 audit(2000000965.105:852): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15183 comm="syz.0.2883" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73be579 code=0x7ffc0000
[  793.595963][   T39] audit: type=1326 audit(2000000965.105:853): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15183 comm="syz.0.2883" exe="/syz-executor" sig=0 arch=40000003 syscall=354 compat=1 ip=0xf73be579 code=0x7ffc0000
[  793.602335][   T39] audit: type=1326 audit(2000000965.116:854): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15183 comm="syz.0.2883" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf73be579 code=0x0
[  793.704788][T15191] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2886'.
[  793.737841][T15192] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2885'.
[  793.749874][T15192] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2885'.
[  793.980206][   T39] audit: type=1326 audit(2000000965.578:855): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15193 comm="syz.3.2887" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf747e579 code=0x0
[  794.635431][T15205] usb usb8: usbfs: process 15205 (syz.0.2890) did not claim interface 0 before use
[  794.921905][T15210] bond_slave_1: entered allmulticast mode
[  794.940918][T15212] netlink: 'syz.0.2893': attribute type 10 has an invalid length.
[  794.964671][T15212] team0: Port device netdevsim0 added
[  794.981079][T15212] netlink: 'syz.0.2893': attribute type 10 has an invalid length.
[  795.685094][ T5412] usb 6-1: USB disconnect, device number 34
[  809.922803][ T4778] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  809.929587][ T4778] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  809.951458][ T4778] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  809.983182][T15246] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  809.987524][T15246] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  810.004089][T15246] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  810.005961][T15247] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  810.009204][T15247] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  810.011165][T15246] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  810.011494][T15247] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  810.013407][T15246] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  810.031261][T15246] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  810.065562][T15247] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  810.077564][ T5360] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  810.089847][ T5360] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  810.090023][T15253] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  810.097849][T15253] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  810.100273][T15253] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  810.104990][ T5360] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  810.107198][ T5360] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  810.116154][ T5360] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  810.120807][ T5360] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  810.138967][T15253] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  810.161216][T15247] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  810.348442][ T1105] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  810.480919][ T1105] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  810.585587][ T1105] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  810.664661][ T1105] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  810.762987][T15261] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u32:11: corrupted in-inode xattr: bad magic number in in-inode xattr
[  810.818550][T15263] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u32:9: corrupted in-inode xattr: bad magic number in in-inode xattr
[  810.848223][T15250] chnl_net:caif_netlink_parms(): no params data found
[  810.860592][T15264] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u32:11: corrupted in-inode xattr: bad magic number in in-inode xattr
[  810.873808][T15248] chnl_net:caif_netlink_parms(): no params data found
[  810.923288][T15244] chnl_net:caif_netlink_parms(): no params data found
[  810.937198][T15266] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u32:8: corrupted in-inode xattr: bad magic number in in-inode xattr
[  811.085960][T15242] chnl_net:caif_netlink_parms(): no params data found
[  811.113793][ T1105] bridge_slave_1: left allmulticast mode
[  811.115342][ T1105] bridge_slave_1: left promiscuous mode
[  811.116927][ T1105] bridge0: port 2(bridge_slave_1) entered disabled state
[  811.125403][ T1105] bridge_slave_0: left allmulticast mode
[  811.127771][ T1105] bridge_slave_0: left promiscuous mode
[  811.129922][ T1105] bridge0: port 1(bridge_slave_0) entered disabled state
[  811.787517][ T1105] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  811.793874][ T1105] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  811.797430][ T1105] bond0 (unregistering): Released all slaves
[  811.927308][T15244] bridge0: port 1(bridge_slave_0) entered blocking state
[  811.929292][T15244] bridge0: port 1(bridge_slave_0) entered disabled state
[  811.931288][T15244] bridge_slave_0: entered allmulticast mode
[  811.942825][T15244] bridge_slave_0: entered promiscuous mode
[  812.004905][T15244] bridge0: port 2(bridge_slave_1) entered blocking state
[  812.007693][T15244] bridge0: port 2(bridge_slave_1) entered disabled state
[  812.007948][T15246] Bluetooth: hci0: command tx timeout
[  812.011305][T15244] bridge_slave_1: entered allmulticast mode
[  812.016325][T15244] bridge_slave_1: entered promiscuous mode
[  812.071488][T15250] bridge0: port 1(bridge_slave_0) entered blocking state
[  812.074101][T15250] bridge0: port 1(bridge_slave_0) entered disabled state
[  812.079053][T15250] bridge_slave_0: entered allmulticast mode
[  812.082307][T15250] bridge_slave_0: entered promiscuous mode
[  812.084732][T15246] Bluetooth: hci4: command tx timeout
[  812.086675][T15250] bridge0: port 2(bridge_slave_1) entered blocking state
[  812.089874][T15250] bridge0: port 2(bridge_slave_1) entered disabled state
[  812.092290][T15250] bridge_slave_1: entered allmulticast mode
[  812.099935][T15250] bridge_slave_1: entered promiscuous mode
[  812.155926][T15248] bridge0: port 1(bridge_slave_0) entered blocking state
[  812.157915][T15248] bridge0: port 1(bridge_slave_0) entered disabled state
[  812.159845][T15248] bridge_slave_0: entered allmulticast mode
[  812.164432][T15248] bridge_slave_0: entered promiscuous mode
[  812.165996][T15253] Bluetooth: hci3: command tx timeout
[  812.169184][T15246] Bluetooth: hci2: command tx timeout
[  812.169573][T15248] bridge0: port 2(bridge_slave_1) entered blocking state
[  812.173733][T15248] bridge0: port 2(bridge_slave_1) entered disabled state
[  812.175679][T15248] bridge_slave_1: entered allmulticast mode
[  812.178072][T15248] bridge_slave_1: entered promiscuous mode
[  812.257679][T15244] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  812.357434][T15250] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  812.373030][T15244] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  812.431615][T15242] bridge0: port 1(bridge_slave_0) entered blocking state
[  812.434189][T15242] bridge0: port 1(bridge_slave_0) entered disabled state
[  812.437450][T15242] bridge_slave_0: entered allmulticast mode
[  812.440901][T15242] bridge_slave_0: entered promiscuous mode
[  812.445797][T15242] bridge0: port 2(bridge_slave_1) entered blocking state
[  812.448652][T15242] bridge0: port 2(bridge_slave_1) entered disabled state
[  812.451230][T15242] bridge_slave_1: entered allmulticast mode
[  812.454890][T15242] bridge_slave_1: entered promiscuous mode
[  812.463307][T15250] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  812.578823][T15248] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  812.583978][T15248] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  812.677426][T15250] team0: Port device team_slave_0 added
[  812.690208][T15244] team0: Port device team_slave_0 added
[  812.791371][T15250] team0: Port device team_slave_1 added
[  812.796681][T15244] team0: Port device team_slave_1 added
[  812.804431][T15248] team0: Port device team_slave_0 added
[  812.809971][T15242] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  812.865241][T15248] team0: Port device team_slave_1 added
[  812.869409][T15242] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  812.939007][ T1105] hsr_slave_0: left promiscuous mode
[  812.940877][ T1105] hsr_slave_1: left promiscuous mode
[  812.943246][ T1105] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  812.945176][ T1105] batman_adv: batadv0: Removing interface: batadv_slave_0
[  812.947620][ T1105] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  812.949833][ T1105] batman_adv: batadv0: Removing interface: batadv_slave_1
[  812.981974][ T1105] veth1_macvtap: left promiscuous mode
[  812.983745][ T1105] veth0_macvtap: left promiscuous mode
[  812.985575][ T1105] veth1_vlan: left promiscuous mode
[  812.987269][ T1105] veth0_vlan: left promiscuous mode
[  813.989625][T15246] Bluetooth: hci0: command tx timeout
[  814.068164][T15246] Bluetooth: hci4: command tx timeout
[  814.151392][T15246] Bluetooth: hci2: command tx timeout
[  814.151448][T15253] Bluetooth: hci3: command tx timeout
[  814.500632][ T1105] team0 (unregistering): Port device team_slave_1 removed
[  814.681040][ T1105] team0 (unregistering): Port device team_slave_0 removed
[  815.970813][T15253] Bluetooth: hci0: command tx timeout
[  816.027531][T15250] batman_adv: batadv0: Adding interface: batadv_slave_0
[  816.029556][T15250] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  816.036229][T15250] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  816.042663][T15244] batman_adv: batadv0: Adding interface: batadv_slave_0
[  816.044527][T15244] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  816.047796][T15253] Bluetooth: hci4: command tx timeout
[  816.054854][T15244] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  816.060746][T15244] batman_adv: batadv0: Adding interface: batadv_slave_1
[  816.063214][T15244] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  816.072225][T15244] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  816.077012][T15248] batman_adv: batadv0: Adding interface: batadv_slave_0
[  816.079368][T15248] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  816.088356][T15248] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  816.093910][T15248] batman_adv: batadv0: Adding interface: batadv_slave_1
[  816.096366][T15248] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  816.105140][T15248] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  816.130346][T15242] team0: Port device team_slave_0 added
[  816.132864][T15253] Bluetooth: hci2: command tx timeout
[  816.132886][T15246] Bluetooth: hci3: command tx timeout
[  816.137693][T15242] team0: Port device team_slave_1 added
[  816.140761][T15250] batman_adv: batadv0: Adding interface: batadv_slave_1
[  816.143539][T15250] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  816.156536][T15250] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  816.367746][T15250] hsr_slave_0: entered promiscuous mode
[  816.370984][T15250] hsr_slave_1: entered promiscuous mode
[  816.374100][T15250] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  816.376927][T15250] Cannot create hsr debugfs directory
[  816.419001][T15242] batman_adv: batadv0: Adding interface: batadv_slave_0
[  816.421465][T15242] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  816.434588][T15242] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  816.443192][T15242] batman_adv: batadv0: Adding interface: batadv_slave_1
[  816.445703][T15242] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  816.460739][T15242] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  816.531322][T15248] hsr_slave_0: entered promiscuous mode
[  816.534028][T15248] hsr_slave_1: entered promiscuous mode
[  816.537628][T15248] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  816.540291][T15248] Cannot create hsr debugfs directory
[  816.547253][T15244] hsr_slave_0: entered promiscuous mode
[  816.550454][T15244] hsr_slave_1: entered promiscuous mode
[  816.557035][T15244] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  816.559780][T15244] Cannot create hsr debugfs directory
[  816.863076][T15242] hsr_slave_0: entered promiscuous mode
[  816.868368][T15242] hsr_slave_1: entered promiscuous mode
[  816.870664][T15242] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  816.872676][T15242] Cannot create hsr debugfs directory
[  817.193801][ T1105] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  817.344044][ T1105] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  817.474351][ T1105] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  817.651468][ T1105] team0: Port device netdevsim0 removed
[  817.655734][ T1105] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  817.782984][ T1105] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  817.897463][T15250] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  817.901650][T15250] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  817.907030][T15250] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  817.911037][T15250] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  817.953556][ T1105] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  817.960284][T15246] Bluetooth: hci0: command tx timeout
[  818.028548][T15246] Bluetooth: hci4: command tx timeout
[  818.046175][ T1105] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  818.080242][T15250] 8021q: adding VLAN 0 to HW filter on device bond0
[  818.092616][T15250] 8021q: adding VLAN 0 to HW filter on device team0
[  818.104226][T15246] Bluetooth: hci3: command tx timeout
[  818.104540][T15253] Bluetooth: hci2: command tx timeout
[  818.105719][ T1173] bridge0: port 1(bridge_slave_0) entered blocking state
[  818.109541][ T1173] bridge0: port 1(bridge_slave_0) entered forwarding state
[  818.113537][ T1173] bridge0: port 2(bridge_slave_1) entered blocking state
[  818.115822][ T1173] bridge0: port 2(bridge_slave_1) entered forwarding state
[  818.144722][ T1105] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  818.213032][T15279] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u32:2: corrupted in-inode xattr: bad magic number in in-inode xattr
[  818.222526][T15280] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u32:2: corrupted in-inode xattr: bad magic number in in-inode xattr
[  818.233812][T15281] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u32:2: corrupted in-inode xattr: bad magic number in in-inode xattr
[  818.240931][T15282] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u32:2: corrupted in-inode xattr: bad magic number in in-inode xattr
[  818.263617][T15250] 8021q: adding VLAN 0 to HW filter on device batadv0
[  818.348617][T15250] veth0_vlan: entered promiscuous mode
[  818.411544][ T1105] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  818.427992][T15250] veth1_vlan: entered promiscuous mode
[  818.448558][T15250] veth0_macvtap: entered promiscuous mode
[  818.452838][T15250] veth1_macvtap: entered promiscuous mode
[  818.463787][T15250] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  818.469366][T15250] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  818.472054][T15250] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  818.474800][T15250] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  818.478105][T15250] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  818.480844][T15250] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  818.484799][T15250] batman_adv: batadv0: Interface activated: batadv_slave_0
[  818.490313][T15250] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  818.493033][T15250] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  818.496576][T15250] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  818.499296][T15250] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  818.501833][T15250] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  818.504944][T15250] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  818.508769][T15250] batman_adv: batadv0: Interface activated: batadv_slave_1
[  818.525554][ T1105] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  818.541214][T15250] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  818.543903][T15250] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  818.546272][T15250] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  818.548526][T15250] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  818.607986][   T45] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  818.612456][   T45] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  818.649152][   T45] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  818.651873][   T45] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  818.723569][ T1105] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  818.734670][T15284] FAULT_INJECTION: forcing a failure.
[  818.734670][T15284] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  818.738279][T15284] CPU: 0 UID: 0 PID: 15284 Comm: syz.1.2904 Not tainted 6.11.0-syzkaller-02574-ga430d95c5efa #0
[  818.741036][T15284] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  818.744734][T15284] Call Trace:
[  818.745924][T15284]  <TASK>
[  818.746937][T15284]  dump_stack_lvl+0x16c/0x1f0
[  818.748470][T15284]  should_fail_ex+0x497/0x5b0
[  818.749736][T15284]  _copy_to_user+0x30/0xc0
[  818.750940][T15284]  simple_read_from_buffer+0xd0/0x160
[  818.752358][T15284]  proc_fail_nth_read+0x198/0x270
[  818.753703][T15284]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  818.755249][T15284]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  818.757208][T15284]  vfs_read+0x1ce/0xbd0
[  818.758727][T15284]  ? __fdget_pos+0xe8/0x170
[  818.760345][T15284]  ? __pfx_vfs_read+0x10/0x10
[  818.761697][T15284]  ? __pfx___mutex_lock+0x10/0x10
[  818.763038][T15284]  ? __fget_files+0x244/0x3f0
[  818.764293][T15284]  ksys_read+0x12f/0x260
[  818.765422][T15284]  ? __pfx_ksys_read+0x10/0x10
[  818.766684][T15284]  __do_fast_syscall_32+0x73/0x120
[  818.768023][T15284]  do_fast_syscall_32+0x32/0x80
[  818.769617][T15284]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  818.771361][T15284] RIP: 0023:0xf7fc3579
[  818.772434][T15284] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  818.777423][T15284] RSP: 002b:00000000f57465a0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  818.779581][T15284] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f5746620
[  818.781754][T15284] RDX: 000000000000000f RSI: 00000000f744bff4 RDI: 0000000000000000
[  818.783834][T15284] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  818.785957][T15284] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  818.788033][T15284] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  818.790162][T15284]  </TASK>
[  818.900656][ T1105] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  819.044949][ T1105] bridge_slave_1: left allmulticast mode
[  819.046549][ T1105] bridge_slave_1: left promiscuous mode
[  819.048461][ T1105] bridge0: port 2(bridge_slave_1) entered disabled state
[  819.051640][ T1105] bridge_slave_0: left allmulticast mode
[  819.053113][ T1105] bridge_slave_0: left promiscuous mode
[  819.054690][ T1105] bridge0: port 1(bridge_slave_0) entered disabled state
[  819.064544][ T1105] bridge_slave_1: left allmulticast mode
[  819.066106][ T1105] bridge_slave_1: left promiscuous mode
[  819.068008][ T1105] bridge0: port 2(bridge_slave_1) entered disabled state
[  819.071455][ T1105] bridge_slave_0: left allmulticast mode
[  819.072962][ T1105] bridge_slave_0: left promiscuous mode
[  819.074587][ T1105] bridge0: port 1(bridge_slave_0) entered disabled state
[  819.079069][ T1105] bridge_slave_1: left allmulticast mode
[  819.080707][ T1105] bridge_slave_1: left promiscuous mode
[  819.082421][ T1105] bridge0: port 2(bridge_slave_1) entered disabled state
[  819.085899][ T1105] bridge_slave_0: left allmulticast mode
[  819.087485][ T1105] bridge_slave_0: left promiscuous mode
[  819.089192][ T1105] bridge0: port 1(bridge_slave_0) entered disabled state
[  820.726113][ T1105] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  820.733234][ T1105] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  820.737968][ T1105] bond0 (unregistering): Released all slaves
[  820.900852][ T1105] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  820.908378][ T1105] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  820.911548][ T1105] bond0 (unregistering): Released all slaves
[  821.079871][ T1105] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  821.086293][ T1105] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  821.091077][ T1105] bond0 (unregistering): Released all slaves
[  821.251000][T15244] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  821.256023][ T1105] Κό: left promiscuous mode
[  821.263323][T15244] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  821.269275][T15244] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  821.274668][T15244] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  821.361483][T15244] 8021q: adding VLAN 0 to HW filter on device bond0
[  821.381063][T15244] 8021q: adding VLAN 0 to HW filter on device team0
[  821.394198][ T1108] bridge0: port 1(bridge_slave_0) entered blocking state
[  821.396307][ T1108] bridge0: port 1(bridge_slave_0) entered forwarding state
[  821.436299][   T45] bridge0: port 2(bridge_slave_1) entered blocking state
[  821.438687][   T45] bridge0: port 2(bridge_slave_1) entered forwarding state
[  821.493107][ T1105] tipc: Left network mode
[  821.614675][T15244] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  821.630062][T15291] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u32:1: corrupted in-inode xattr: bad magic number in in-inode xattr
[  821.635984][T15292] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u32:1: corrupted in-inode xattr: bad magic number in in-inode xattr
[  821.700204][T15293] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u32:1: corrupted in-inode xattr: bad magic number in in-inode xattr
[  821.716413][T15294] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u32:1: corrupted in-inode xattr: bad magic number in in-inode xattr
[  821.733639][T15244] 8021q: adding VLAN 0 to HW filter on device batadv0
[  821.868712][T15244] veth0_vlan: entered promiscuous mode
[  821.879666][T15244] veth1_vlan: entered promiscuous mode
[  821.914196][T15244] veth0_macvtap: entered promiscuous mode
[  821.956358][T15244] veth1_macvtap: entered promiscuous mode
[  821.977919][T15244] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  821.981816][T15244] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  821.985250][T15244] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  821.988813][T15244] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  821.993582][T15244] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  821.997168][T15244] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  822.000140][T15244] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  822.003101][T15244] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  822.007331][T15244] batman_adv: batadv0: Interface activated: batadv_slave_0
[  822.012123][T15244] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  822.015356][T15244] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  822.018822][T15244] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  822.023429][T15244] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  822.026128][T15244] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  822.029181][T15244] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  822.031736][T15244] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  822.034763][T15244] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  822.038978][T15244] batman_adv: batadv0: Interface activated: batadv_slave_1
[  822.094960][T15244] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  822.099258][T15244] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  822.102224][T15244] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  822.105728][T15244] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  822.251615][ T1101] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  822.256843][ T1101] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  822.328888][T14756] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  822.331191][T14756] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  822.373306][T15242] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  822.379235][T15242] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  822.423579][ T1105] hsr_slave_0: left promiscuous mode
[  822.428721][ T1105] hsr_slave_1: left promiscuous mode
[  822.431530][ T1105] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  822.433581][ T1105] batman_adv: batadv0: Removing interface: batadv_slave_0
[  822.436082][ T1105] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  822.438123][ T1105] batman_adv: batadv0: Removing interface: batadv_slave_1
[  822.446992][ T1105] hsr_slave_0: left promiscuous mode
[  822.451075][ T1105] hsr_slave_1: left promiscuous mode
[  822.454011][ T1105] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  822.456643][ T1105] batman_adv: batadv0: Removing interface: batadv_slave_0
[  822.460668][ T1105] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  822.463398][ T1105] batman_adv: batadv0: Removing interface: batadv_slave_1
[  822.473705][ T1105] hsr_slave_0: left promiscuous mode
[  822.476598][ T1105] hsr_slave_1: left promiscuous mode
[  822.479639][ T1105] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  822.482363][ T1105] batman_adv: batadv0: Removing interface: batadv_slave_0
[  822.485988][ T1105] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  822.490017][ T1105] batman_adv: batadv0: Removing interface: batadv_slave_1
[  822.606857][   T35] IPVS: starting estimator thread 0...
[  822.607515][ T1105] veth1_macvtap: left promiscuous mode
[  822.612362][ T1105] veth0_macvtap: left promiscuous mode
[  822.614207][ T1105] veth1_vlan: left promiscuous mode
[  822.615775][ T1105] veth0_vlan: left promiscuous mode
[  822.619238][ T1105] veth1_macvtap: left promiscuous mode
[  822.620764][ T1105] veth0_macvtap: left promiscuous mode
[  822.622372][ T1105] veth1_vlan: left promiscuous mode
[  822.623893][ T1105] veth0_vlan: left promiscuous mode
[  822.626702][ T1105] veth1_macvtap: left promiscuous mode
[  822.628347][ T1105] veth0_macvtap: left promiscuous mode
[  822.630368][T15303] IPVS: rr: TCP 172.20.20.170:0 - no destination available
[  822.630694][ T1105] veth1_vlan: left promiscuous mode
[  822.635267][ T1105] veth0_vlan: left promiscuous mode
[  822.686316][T15304] IPVS: using max 34 ests per chain, 81600 per kthread
[  822.693275][T15306] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  823.511614][T15309] netlink: 72 bytes leftover after parsing attributes in process `syz.2.2909'.
[  823.676592][    C3] IPVS: rr: TCP 172.20.20.170:0 - no destination available
[  824.833413][T15317] ecryptfs_parse_options: You must supply at least one valid auth tok signature as a mount parameter; see the eCryptfs README
[  824.841867][T15317] Error parsing options; rc = [-22]
[  824.959114][ T1105] team0 (unregistering): Port device team_slave_1 removed
[  825.081865][ T1105] team0 (unregistering): Port device team_slave_0 removed
[  827.127917][ T1105] team0 (unregistering): Port device team_slave_1 removed
[  827.266214][ T1105] team0 (unregistering): Port device team_slave_0 removed
[  829.387022][ T1105] team0 (unregistering): Port device team_slave_1 removed
[  829.490815][ T1105] team0 (unregistering): Port device team_slave_0 removed
[  830.545533][T15242] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  830.550368][T15242] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  830.659541][T15248] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  830.667881][T15325] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u32:2: corrupted in-inode xattr: bad magic number in in-inode xattr
[  830.688828][T15326] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u32:2: corrupted in-inode xattr: bad magic number in in-inode xattr
[  830.689649][T15248] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  830.710218][T15248] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  830.723039][T15248] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  830.848209][T15242] 8021q: adding VLAN 0 to HW filter on device bond0
[  830.876801][T15242] 8021q: adding VLAN 0 to HW filter on device team0
[  830.898709][   T96] bridge0: port 1(bridge_slave_0) entered blocking state
[  830.900819][   T96] bridge0: port 1(bridge_slave_0) entered forwarding state
[  830.908960][   T96] bridge0: port 2(bridge_slave_1) entered blocking state
[  830.910944][   T96] bridge0: port 2(bridge_slave_1) entered forwarding state
[  831.019262][T15248] 8021q: adding VLAN 0 to HW filter on device bond0
[  831.060691][T15242] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  831.079160][T15335] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u32:5: corrupted in-inode xattr: bad magic number in in-inode xattr
[  831.092423][T15248] 8021q: adding VLAN 0 to HW filter on device team0
[  831.101904][   T96] bridge0: port 1(bridge_slave_0) entered blocking state
[  831.103258][T15336] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u32:8: corrupted in-inode xattr: bad magic number in in-inode xattr
[  831.104469][   T96] bridge0: port 1(bridge_slave_0) entered forwarding state
[  831.127896][T14756] bridge0: port 2(bridge_slave_1) entered blocking state
[  831.130441][T14756] bridge0: port 2(bridge_slave_1) entered forwarding state
[  831.143101][T15337] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u32:1: corrupted in-inode xattr: bad magic number in in-inode xattr
[  831.167341][T15338] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u32:1: corrupted in-inode xattr: bad magic number in in-inode xattr
[  831.234105][T15242] 8021q: adding VLAN 0 to HW filter on device batadv0
[  831.239234][T15340] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u32:1: corrupted in-inode xattr: bad magic number in in-inode xattr
[  831.254948][T15341] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u32:1: corrupted in-inode xattr: bad magic number in in-inode xattr
[  831.272175][T15342] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u32:2: corrupted in-inode xattr: bad magic number in in-inode xattr
[  831.279594][T15343] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u32:2: corrupted in-inode xattr: bad magic number in in-inode xattr
[  831.284395][T15242] veth0_vlan: entered promiscuous mode
[  831.297143][T15242] veth1_vlan: entered promiscuous mode
[  831.306876][T15248] 8021q: adding VLAN 0 to HW filter on device batadv0
[  831.358172][T15242] veth0_macvtap: entered promiscuous mode
[  831.362273][T15242] veth1_macvtap: entered promiscuous mode
[  831.429525][T15248] veth0_vlan: entered promiscuous mode
[  831.443451][T15242] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  831.446200][T15242] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  831.448812][T15242] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  831.460110][T15242] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  831.470113][T15242] batman_adv: batadv0: Interface activated: batadv_slave_0
[  831.498597][T15248] veth1_vlan: entered promiscuous mode
[  831.502587][T15242] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  831.505400][T15242] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  831.515164][T15242] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  831.519652][T15242] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  831.523807][T15242] batman_adv: batadv0: Interface activated: batadv_slave_1
[  831.546516][T15242] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  831.549551][T15242] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  831.552494][T15242] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  831.555929][T15242] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  831.680612][T15248] veth0_macvtap: entered promiscuous mode
[  831.694512][T15248] veth1_macvtap: entered promiscuous mode
[  831.807582][   T96] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  831.809681][   T96] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  831.822845][T15248] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  831.825999][T15248] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  831.828557][T15248] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  831.840648][T15248] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  831.843582][T15248] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  831.846797][T15248] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  831.964960][T15248] batman_adv: batadv0: Interface activated: batadv_slave_0
[  831.993758][T15248] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  831.994530][ T1105] IPVS: stop unused estimator thread 0...
[  831.996435][T15248] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  831.998091][T14756] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  832.000797][T15248] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  832.011562][T14756] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  832.014577][T15248] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  832.017337][T15248] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  832.020680][T15248] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  832.026331][T15248] batman_adv: batadv0: Interface activated: batadv_slave_1
[  832.052079][T15248] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  832.054451][T15248] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  832.056821][T15248] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  832.065813][T15248] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  832.440539][T15319] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  832.443396][T15319] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  832.479021][T15319] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  832.481114][T15319] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  832.866255][T15367] netlink: 'syz.3.2922': attribute type 3 has an invalid length.
[  832.872696][T15367] netlink: 130984 bytes leftover after parsing attributes in process `syz.3.2922'.
[  832.873952][T15366] 9pnet: Unknown protocol version 9p20\++}
[  834.698193][T13144] usb 6-1: new high-speed USB device number 35 using dummy_hcd
[  834.890024][T13144] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  834.892876][T13144] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  834.895896][T13144] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  834.901305][T13144] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  834.903580][T13144] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  834.918935][T13144] usb 6-1: config 0 descriptor??
[  835.146111][T15391] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  835.165255][T15391] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  835.374865][T13144] plantronics 0003:047F:FFFF.001F: unknown main item tag 0x0
[  835.376825][T13144] plantronics 0003:047F:FFFF.001F: unknown main item tag 0x0
[  835.378745][T13144] plantronics 0003:047F:FFFF.001F: unknown main item tag 0x0
[  835.380664][T13144] plantronics 0003:047F:FFFF.001F: unknown main item tag 0x0
[  835.383096][T13144] plantronics 0003:047F:FFFF.001F: unknown main item tag 0x0
[  835.392228][T13144] plantronics 0003:047F:FFFF.001F: unknown main item tag 0x0
[  835.402682][T13144] plantronics 0003:047F:FFFF.001F: unknown main item tag 0x0
[  835.405542][T13144] plantronics 0003:047F:FFFF.001F: unknown main item tag 0x0
[  835.407479][T13144] plantronics 0003:047F:FFFF.001F: unknown main item tag 0x0
[  835.409399][T13144] plantronics 0003:047F:FFFF.001F: unknown main item tag 0x0
[  835.411305][T13144] plantronics 0003:047F:FFFF.001F: unknown main item tag 0x0
[  835.422145][T13144] plantronics 0003:047F:FFFF.001F: unknown main item tag 0x0
[  835.424085][T13144] plantronics 0003:047F:FFFF.001F: unknown main item tag 0x0
[  835.426127][T13144] plantronics 0003:047F:FFFF.001F: unknown main item tag 0x0
[  835.428050][T13144] plantronics 0003:047F:FFFF.001F: unknown main item tag 0x0
[  835.430396][T13144] plantronics 0003:047F:FFFF.001F: No inputs registered, leaving
[  835.442811][T13144] plantronics 0003:047F:FFFF.001F: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0
[  835.449313][T15400] netlink: 'syz.3.2931': attribute type 4 has an invalid length.
[  835.634156][T13144] usb 6-1: USB disconnect, device number 35
[  835.849711][T15404] bond_slave_1: entered allmulticast mode
[  837.106652][T15418] netlink: 'syz.0.2936': attribute type 1 has an invalid length.
[  837.399142][T15421] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2937'.
[  837.412768][T15421] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2937'.
[  837.510278][T15423] overlay: ./bus is not a directory
[  837.534228][T15423] overlay: ./bus is not a directory
[  837.584388][T15427] bond_slave_1: entered allmulticast mode
[  837.624023][   T39] audit: type=1804 audit(2000001011.391:856): pid=15423 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.2938" name="/newroot/6/file0/bus" dev="9p" ino=42206898 res=1 errno=0
[  837.647083][T15422] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x206c5 pfn:0x70374
[  837.650451][T15422] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[  837.653417][T15422] page_type: 0xbfffffff(buddy)
[  837.654976][T15422] raw: 04fff00000000000 ffffea0001a68408 ffffea0001bc4808 0000000000000000
[  837.657266][T15422] raw: 00000000000206c5 0000000000000002 00000000bfffffff 0000000000000000
[  837.659476][T15422] page dumped because: VM_BUG_ON_FOLIO(((unsigned int) folio_ref_count(folio) + 127u <= 127u))
[  837.662453][T15422] page_owner tracks the page as freed
[  837.665776][T15422] page last allocated via order 0, migratetype Movable, gfp_mask 0x140dca(GFP_HIGHUSER_MOVABLE|__GFP_COMP|__GFP_ZERO), pid 15415, tgid 15414 (syz.3.2935), ts 836532140916, free_ts 837355144004
[  837.671903][T15422]  post_alloc_hook+0x2d1/0x350
[  837.673313][T15422]  get_page_from_freelist+0x1351/0x2e50
[  837.674873][T15422]  __alloc_pages_noprof+0x22b/0x2460
[  837.676440][T15422]  alloc_pages_mpol_noprof+0x275/0x610
[  837.678337][T15422]  folio_alloc_mpol_noprof+0x36/0xd0
[  837.680518][T15422]  vma_alloc_folio_noprof+0xee/0x1b0
[  837.682197][T15422]  do_wp_page+0xf59/0x3360
[  837.684280][T15422]  __handle_mm_fault+0x23c4/0x5470
[  837.686270][T15422]  handle_mm_fault+0x498/0xa60
[  837.687946][T15422]  do_user_addr_fault+0x7a3/0x13f0
[  837.690171][T15422]  exc_page_fault+0x5c/0xc0
[  837.692362][T15422]  asm_exc_page_fault+0x26/0x30
[  837.695774][T15422] page last free pid 15415 tgid 15414 stack trace:
[  837.699074][T15422]  free_unref_folios+0x9e9/0x1390
[  837.700432][T15422]  folios_put_refs+0x560/0x760
[  837.701706][T15422]  free_pages_and_swap_cache+0x36d/0x510
[  837.703148][T15422]  __tlb_batch_free_encoded_pages+0xf9/0x290
[  837.704708][T15422]  tlb_flush_mmu+0xe9/0x590
[  837.705925][T15422]  unmap_page_range+0x1c74/0x3bf0
[  837.715640][T15422]  unmap_single_vma+0x194/0x2b0
[  837.717047][T15422]  unmap_vmas+0x22f/0x490
[  837.719418][T15422]  exit_mmap+0x1b8/0xb20
[  837.721686][T15435] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2941'.
[  837.721858][T15422]  __mmput+0x12a/0x480
[  837.730888][T15422]  mmput+0x62/0x70
[  837.732346][T15422]  do_exit+0x9bf/0x2bb0
[  837.734783][T15422]  do_group_exit+0xd3/0x2a0
[  837.737613][T15422]  get_signal+0x2658/0x26d0
[  837.742180][T15422]  arch_do_signal_or_restart+0x90/0x7e0
[  837.746289][T15422]  syscall_exit_to_user_mode+0x150/0x2a0
[  837.746654][T15435] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2941'.
[  837.751171][T15422] ------------[ cut here ]------------
[  837.752618][T15422] kernel BUG at include/linux/mm.h:1460!
[  837.754223][T15422] Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN NOPTI
[  837.756268][T15422] CPU: 0 UID: 0 PID: 15422 Comm: syz.0.2938 Not tainted 6.11.0-syzkaller-02574-ga430d95c5efa #0
[  837.760912][T15422] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  837.763730][T15422] RIP: 0010:__iov_iter_get_pages_alloc+0x1d1e/0x2240
[  837.765511][T15422] Code: b0 8b 48 89 df e8 32 4b 4e fd 90 0f 0b 49 89 c5 e9 99 f6 ff ff e8 f2 db 09 fd 48 c7 c6 20 44 b0 8b 4c 89 e7 e8 13 4b 4e fd 90 <0f> 0b e8 db db 09 fd 4c 8b 64 24 48 49 83 ec 01 e9 94 fd ff ff 4c
[  837.770514][T15422] RSP: 0018:ffffc90003fcefd8 EFLAGS: 00010293
[  837.772071][T15422] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[  837.774131][T15422] RDX: ffff8880249f4880 RSI: ffffffff848148dd RDI: ffff8880249f4cc4
[  837.776179][T15422] RBP: ffffea0001c0dd34 R08: 0000000000000001 R09: fffffbfff2d27905
[  837.778499][T15422] R10: ffffffff9693c82f R11: ffff88802b628a40 R12: ffffea0001c0dd00
[  837.781158][T15422] R13: ffff888021a09c00 R14: 0000000000001000 R15: 0000000000001000
[  837.783721][T15422] FS:  0000000000000000(0000) GS:ffff88802b600000(0063) knlGS:0000000056ac5440
[  837.786247][T15422] CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
[  837.788518][T15422] CR2: 000000002caf2ff8 CR3: 000000006f544000 CR4: 0000000000350ef0
[  837.791032][T15422] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  837.793094][T15422] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  837.795105][T15422] Call Trace:
[  837.795970][T15422]  <TASK>
[  837.796721][T15422]  ? show_regs+0x8c/0xa0
[  837.797840][T15422]  ? die+0x36/0xa0
[  837.798825][T15422]  ? do_trap+0x232/0x430
[  837.799923][T15422]  ? __iov_iter_get_pages_alloc+0x1d1e/0x2240
[  837.801519][T15422]  ? __iov_iter_get_pages_alloc+0x1d1e/0x2240
[  837.803084][T15422]  ? do_error_trap+0xf4/0x230
[  837.804309][T15422]  ? __iov_iter_get_pages_alloc+0x1d1e/0x2240
[  837.805889][T15422]  ? handle_invalid_op+0x34/0x40
[  837.807190][T15422]  ? __iov_iter_get_pages_alloc+0x1d1e/0x2240
[  837.808774][T15422]  ? exc_invalid_op+0x2e/0x50
[  837.810402][T15422]  ? asm_exc_invalid_op+0x1a/0x20
[  837.811844][T15422]  ? __iov_iter_get_pages_alloc+0x1d1d/0x2240
[  837.813407][T15422]  ? __iov_iter_get_pages_alloc+0x1d1e/0x2240
[  837.814960][T15422]  ? __iov_iter_get_pages_alloc+0x1d1d/0x2240
[  837.816528][T15422]  ? __pfx___iov_iter_get_pages_alloc+0x10/0x10
[  837.818143][T15422]  ? delete_node+0x207/0x8e0
[  837.819349][T15422]  iov_iter_get_pages_alloc2+0x53/0xf0
[  837.820829][T15422]  p9_get_mapped_pages.part.0.constprop.0+0x4ca/0x7d0
[  837.822596][T15422]  ? p9pdu_vwritef+0x368/0x21d0
[  837.823879][T15422]  ? __pfx_p9_get_mapped_pages.part.0.constprop.0+0x10/0x10
[  837.825755][T15422]  ? __pfx_p9pdu_vwritef+0x10/0x10
[  837.827062][T15422]  ? __pfx_p9pdu_vwritef+0x10/0x10
[  837.828373][T15422]  ? p9_tag_alloc+0x4cc/0x870
[  837.829915][T15422]  ? __pfx_lock_release+0x6/0x10
[  837.831344][T15422]  p9_virtio_zc_request+0x1ac/0x1460
[  837.832716][T15422]  ? p9pdu_writef+0xc4/0x100
[  837.833937][T15422]  ? __pfx_p9pdu_writef+0x10/0x10
[  837.835234][T15422]  ? __pfx_p9pdu_vwritef+0x10/0x10
[  837.836552][T15422]  ? __pfx_p9_virtio_zc_request+0x10/0x10
[  837.838173][T15422]  ? rcu_is_watching+0x12/0xc0
[  837.839722][T15422]  ? trace_9p_protocol_dump+0x192/0x220
[  837.841152][T15422]  ? rcu_is_watching+0x12/0xc0
[  837.842366][T15422]  ? p9_client_prepare_req+0x111/0x4d0
[  837.843761][T15422]  ? __pfx_p9_client_prepare_req+0x10/0x10
[  837.845737][T15422]  ? hlock_class+0x4e/0x130
[  837.847240][T15422]  p9_client_zc_rpc.constprop.0+0x29a/0x880
[  837.849007][T15422]  ? __pfx_p9_client_zc_rpc.constprop.0+0x10/0x10
[  837.850619][T15422]  ? __pfx___lock_acquire+0x10/0x10
[  837.851917][T15422]  ? hlock_class+0x4e/0x130
[  837.853095][T15422]  ? mark_lock+0xb5/0xc60
[  837.854166][T15422]  ? __pfx_mark_lock+0x10/0x10
[  837.855323][T15422]  ? __pfx_p9_virtio_zc_request+0x10/0x10
[  837.856735][T15422]  p9_client_write+0x447/0x680
[  837.857941][T15422]  ? __pfx_p9_client_write+0x10/0x10
[  837.859279][T15422]  ? mark_held_locks+0x9f/0xe0
[  837.860531][T15422]  v9fs_issue_write+0xe2/0x180
[  837.862180][T15422]  ? __pfx_v9fs_issue_write+0x10/0x10
[  837.863915][T15422]  ? rcu_is_watching+0x12/0xc0
[  837.865151][T15422]  ? trace_netfs_sreq+0x193/0x220
[  837.866387][T15422]  netfs_do_issue_write+0x92/0x110
[  837.867689][T15422]  netfs_advance_write+0x384/0xbd0
[  837.869025][T15422]  ? netfs_buffer_append_folio+0x569/0x750
[  837.870524][T15422]  netfs_write_folio+0xc44/0x18f0
[  837.871773][T15422]  netfs_writepages+0x2ba/0xb90
[  837.873022][T15422]  ? __pfx_netfs_writepages+0x10/0x10
[  837.874402][T15422]  ? __pfx___lock_acquire+0x10/0x10
[  837.875814][T15422]  ? __pfx_netfs_writepages+0x10/0x10
[  837.877208][T15422]  do_writepages+0x1a3/0x7f0
[  837.878419][T15422]  ? __pfx_do_writepages+0x10/0x10
[  837.879738][T15422]  ? __pfx_lock_acquire+0x10/0x10
[  837.881072][T15422]  ? do_raw_spin_lock+0x12d/0x2c0
[  837.882393][T15422]  ? do_raw_spin_unlock+0x172/0x230
[  837.883760][T15422]  ? _raw_spin_unlock+0x28/0x50
[  837.884995][T15422]  ? wbc_attach_and_unlock_inode+0x597/0x940
[  837.886521][T15422]  filemap_fdatawrite_wbc+0x148/0x1c0
[  837.887893][T15422]  __filemap_fdatawrite_range+0xba/0x100
[  837.889315][T15422]  ? __pfx___filemap_fdatawrite_range+0x10/0x10
[  837.890881][T15422]  v9fs_dir_release+0x429/0x590
[  837.892119][T15422]  ? __pfx_v9fs_dir_release+0x10/0x10
[  837.893497][T15422]  ? __pfx_v9fs_dir_release+0x10/0x10
[  837.894849][T15422]  __fput+0x3f6/0xb60
[  837.895875][T15422]  ? _raw_spin_unlock_irq+0x23/0x50
[  837.897223][T15422]  task_work_run+0x14e/0x250
[  837.898416][T15422]  ? __pfx_task_work_run+0x10/0x10
[  837.899676][T15422]  ? __pfx___close_range+0x10/0x10
[  837.901087][T15422]  syscall_exit_to_user_mode+0x27b/0x2a0
[  837.903286][T15422]  __do_fast_syscall_32+0x80/0x120
[  837.904769][T15422]  do_fast_syscall_32+0x32/0x80
[  837.906067][T15422]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  837.907752][T15422] RIP: 0023:0xf7f98579
[  837.908780][T15422] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  837.913471][T15422] RSP: 002b:00000000fff6d0fc EFLAGS: 00000202 ORIG_RAX: 00000000000001b4
[  837.915478][T15422] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 000000000000001e
[  837.917393][T15422] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  837.919357][T15422] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000
[  837.921386][T15422] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000
[  837.923374][T15422] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  837.925342][T15422]  </TASK>
[  837.926130][T15422] Modules linked in:
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  837.980328][T15422] ---[ end trace 0000000000000000 ]---
[  837.981834][T15422] RIP: 0010:__iov_iter_get_pages_alloc+0x1d1e/0x2240
[  837.983585][T15422] Code: b0 8b 48 89 df e8 32 4b 4e fd 90 0f 0b 49 89 c5 e9 99 f6 ff ff e8 f2 db 09 fd 48 c7 c6 20 44 b0 8b 4c 89 e7 e8 13 4b 4e fd 90 <0f> 0b e8 db db 09 fd 4c 8b 64 24 48 49 83 ec 01 e9 94 fd ff ff 4c
[  837.988689][T15422] RSP: 0018:ffffc90003fcefd8 EFLAGS: 00010293
[  837.990900][T15422] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[  837.993493][T15422] RDX: ffff8880249f4880 RSI: ffffffff848148dd RDI: ffff8880249f4cc4
[  837.995832][T15422] RBP: ffffea0001c0dd34 R08: 0000000000000001 R09: fffffbfff2d27905
[  837.998353][T15422] R10: ffffffff9693c82f R11: ffff88802b628a40 R12: ffffea0001c0dd00
[  838.000591][T15422] R13: ffff888021a09c00 R14: 0000000000001000 R15: 0000000000001000
[  838.002677][T15422] FS:  0000000000000000(0000) GS:ffff88802b900000(0063) knlGS:0000000056ac5440
[  838.005248][T15422] CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
[  838.007006][T15422] CR2: 000000002026c000 CR3: 000000006f544000 CR4: 0000000000350ef0
[  838.009106][T15422] Kernel panic - not syncing: Fatal exception
[  838.011715][T15422] Kernel Offset: disabled
[  838.013214][T15422] Rebooting in 86400 seconds..

VM DIAGNOSIS:
14:43:20  Registers:
info registers vcpu 0

CPU#0
RAX=dffffc0000000060 RBX=00000000000003fd RCX=0000000000000000 RDX=00000000000003fd
RSI=ffffffff84fcd470 RDI=ffffffff9a5e9460 RBP=ffffffff9a5e9420 RSP=ffffc90003fce910
R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=552030203a555043
R12=0000000000000000 R13=0000000000000020 R14=fffffbfff34bd2de R15=dffffc0000000000
RIP=ffffffff84fcd497 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff88802b600000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=000000002caf2ff8 CR3=000000006f544000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000008
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000010800000000 0000000400000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=000000000158dafc RBX=0000000000000001 RCX=ffffffff8b094f29 RDX=ffffed10056e6fda
RSI=ffffffff8bb09d00 RDI=ffffffff816353dc RBP=ffffed10037e5910 RSP=ffffc90000477e08
R8 =0000000000000000 R9 =ffffed10056e6fd9 R10=ffff88802b737ecb R11=0000000000000000
R12=0000000000000001 R13=ffff88801bf2c880 R14=ffffffff901b3398 R15=0000000000000000
RIP=ffffffff8b09630f RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88802b700000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=000000002001a000 CR3=000000002235c000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000004 Opmask01=0000000000000000 Opmask02=00000000fffffdff Opmask03=2040000404420020
Opmask04=00000000ffffffff Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000055c067ecdeb0 000055c067eb3790
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000055c067ecdeb0 000055c067eb3790
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 7373737373737373 7373737373737373
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffff0000 ffffff00000000ff
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffff0000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffff0000 ffffff00000000ff
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffff0000 ffffff00000000ff
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 87e96bcd59fd4207 737326b648998411
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 7373737373737142 737373435c021e73
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 73202c297325286b 636f6c66206f7420 656c62616e55006e 6f69746974726170
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 302c393230302c38 3230302c37323030 2c36323030003831 3d5145534b534944
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0d11040f0d0d1105 0f0d0d110a0f0d0d 110b0f0d0d00050c 005145534b534944
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 f49a18be2a8e3174 000055c53bedc231 00000000000000a1 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 000055c067ec5b90 000055c067ec6db0 0000000000000041 0000000000302e37
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fd8db7f2070 00007fd8db7f2070 0000000000000a21 0000003177617264
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 383a3a263d383a3a 260a0a0a0a0a3a38 370a007d6c796667 6b78264b483b2649
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 692054524f50202c 2064696c61696d20 0070253a20252054 524f504d49005452
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 692020520050202c 2025204f504d4900 0061253a20252000 2527204d49005452
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 2

CPU#2
RAX=1ffff1100564730c RBX=ffff88802b239800 RCX=0000000000000638 RDX=1ffff1100564f394
RSI=0000000000000000 RDI=ffff88802b239860 RBP=dffffc0000000000 RSP=ffffc9000075fc20
R8 =0000000000000238 R9 =0000000000000000 R10=0000000000000000 R11=0000000000000000
R12=ffff88802b93eb80 R13=ffffed1005727d8a R14=ffff88802b93ec40 R15=ffff88802b93ec50
RIP=ffffffff8160999e RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88802b800000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000008f000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000000020107000 CR3=0000000062f90000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000008082082 Opmask01=0000000000000000 Opmask02=00000000dfff7fff Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000001 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000001a4
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 554245440045534f 4252455600524f52 5245004c41544146 0054454955510029
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 554245440045534f 4252455600524f52 5245004c41544146 005445495551000c
ZMM20=0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004
ZMM21=7767e3aa7767e3aa 7767e3aa7767e3aa 7767e3aa7767e3aa 7767e3aa7767e3aa 7767e3aa7767e3aa 7767e3aa7767e3aa 7767e3aa7767e3aa 7767e3aa7767e3aa
ZMM22=47de076047de0760 47de076047de0760 47de076047de0760 47de076047de0760 47de076047de0760 47de076047de0760 47de076047de0760 47de076047de0760
ZMM23=6d420c5b6d420c5b 6d420c5b6d420c5b 6d420c5b6d420c5b 6d420c5b6d420c5b 6d420c5b6d420c5b 6d420c5b6d420c5b 6d420c5b6d420c5b 6d420c5b6d420c5b
ZMM24=63b3f1e763b3f1e7 63b3f1e763b3f1e7 63b3f1e763b3f1e7 63b3f1e763b3f1e7 63b3f1e763b3f1e7 63b3f1e763b3f1e7 63b3f1e763b3f1e7 63b3f1e763b3f1e7
ZMM25=144ff709144ff709 144ff709144ff709 144ff709144ff709 144ff709144ff709 144ff709144ff709 144ff709144ff709 144ff709144ff709 144ff709144ff709
ZMM26=f67900a7f67900a7 f67900a7f67900a7 f67900a7f67900a7 f67900a7f67900a7 f67900a7f67900a7 f67900a7f67900a7 f67900a7f67900a7 f67900a7f67900a7
ZMM27=195b65ad195b65ad 195b65ad195b65ad 195b65ad195b65ad 195b65ad195b65ad 195b65ad195b65ad 195b65ad195b65ad 195b65ad195b65ad 195b65ad195b65ad
ZMM28=000000900000008f 0000008e0000008d 0000008c0000008b 0000008a00000089 0000008800000087 0000008600000085 0000008400000083 0000008200000081
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=5b2500005b250000 5b2500005b250000 5b2500005b250000 5b2500005b250000 5b2500005b250000 5b2500005b250000 5b2500005b250000 5b2500005b250000
info registers vcpu 3

CPU#3
RAX=0000000080000001 RBX=0000000000000000 RCX=ffffffff81c4eea6 RDX=ffff88801fc92440
RSI=0000000000000000 RDI=0000000000000007 RBP=000055a6b413e000 RSP=ffffc900010e7010
R8 =0000000000000007 R9 =0000000000000000 R10=0000000000000000 R11=0000000000000000
R12=000000000004ae0b R13=ffff88804afe6d00 R14=000ffffffffff000 R15=dffffc0000000000
RIP=ffffffff818b257c RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0000 0000000000000000 ffffffff 00c00000
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88802b900000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000d6000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=000000002ca0fff8 CR3=0000000062f90000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000014000000000 0000000400000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000