last executing test programs:

1m8.659688741s ago: executing program 3 (id=158):
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil)
syz_open_dev$dri(0x0, 0x4260, 0x0)
r0 = userfaultfd(0x80000)
ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000000500)={&(0x7f00003f7000/0x2000)=nil, 0x2000})
syz_open_dev$dri(0x0, 0x20, 0x181000)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102377, 0x1902c}], 0x1, 0x0, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00')
fchdir(r2)
mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0)
r3 = inotify_init1(0x80000)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x2, 0x200c, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x15, &(0x7f00000054c0)={0x3, 0x16, &(0x7f0000001000)=ANY=[@ANYBLOB="61154c00000000006113500000000000bfa00000000000001503000008004e002d3501000000000095004100000000006916360000000000bf67000000000000350605000fff07206706000005000000160302000ee60060bf500000000000000f650000000000006507f9ff0100000007070000cddfffff1e75000000000000bf54000000000000070400000400f9ffbd4301000000000095000000000000001500000000000000950000000000000032ed3c12dc8c27df8ecf264e0f84f9f17d3c30e32f1754558f2278af6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd3997f9c9c4f6f3be4b369289aa6812b8e007e733a9a4f1b0af3dda82ee45a010fb94fe9de57b9d8a814261bdb94a05000000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe01c5473d51b546cad3f1d5ab2af27546e7c955ccefa1f6ab689b555202da2e0ec2871b4a7e65836429a527dc47ebe84a423b6c8d345dc8da3085b0ab71ca1b901627b562ed04ae76002d4519af619e3cca4d69e88158f0200000000c8fb730a5c1bf2b2bb71a629361997a75fd552bdc2300000008ac86d8a297dff0445a15f21dce4de9f29eff65aadc841848c9b562a31e56723888fb126a163f16f920ae2fb494059bba8e3b680324a188076ebae3f55c4e9b2ad9bc1172ba7cbebe174aba210d739a018f9bbec63222d20cecac4d03723f1c932c9a6aa57f1ad2e99e0e67ab93716d20000009fbb0f53acbb40b4f8e2738270b31562ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb4000000000000000000000000004000bc00f679629709e7e78f4ddc211bc3ebe6bd9d42ca0140a7afaab43176e65ec1118d50d1e827f3472f4445d253880800000000000000690884f800031e03a651bb96589a7e2e509bcc1d161347623cb5e7ac4629c8ab04871bc47287cd31cc43010000207b40407d000000210000000000000000005f37d83f84e98a523d80bd970d703f37ca364a601ae899a56715a0a62a34c6c94cce6994521629ab028acfc1d926a0f6a5489af8dc2f17923f3c40dfd1970a55c22fe3a5ac000000f4000000000000000000000000c1eb2d91fb79ea00000000000000bb0d00000000000000000000e4007be511fe32fbc90e2364a55e9bb66ac64423d2d00fea2594e190deae46e26c596f84eba9000000000000003cc3aa39ee4b1386bab561cda886fa642994cacd473b543ccb5f0d7b63924f17c67b13631d22a11dc3c6939628950000000000000001c7205a6b068fff496d2da7d632bd1f61b007e1ff5f1be1969a1ba791ad46d800000000c7f26a0337302f3b41eae59809fd05d12f6186f117b062df67d3a63f3265dd1410eea68208a3f26b2989b832d8b34a34a4f08b34b30410856e858d27adee7daf32903d3fc78700d429a2d4c8b6d803eb83eecfe4c7ff9e6ab5a52e83d089dad7a8710e0254f1b11cced7bc3c8da0c44d2ebf9f6f3ff3be4d1458077c2253b0c7c7a0a9fdd63bf910dc20e5cb2a88e59febc47f1212a21f631dbaa74f22bad050e9856b48ae3a03a497c37758537650fe6db88aa3c41fdc3d78e046f6160e1741299e8dc29906870e6431ed1eab5d067a183f064b060a8ec12725d42e3a74863d66bee966b1574f8e01b3f34a267ff0afa1e1c758a0079b747067312e9815a21cb3f1f8150d999d788535a4d3114dbc7e2bf2402a75fd7a55733360040855ed5d1c0d634fb9fb38f84d9d87b27f8a5d91217b728f13e3ee20e69e0ffb2780b1a7af137ff7b4ff010404faf0a4da65396174b4563d54b52f06c870edf0c5d744b5272b44c23488b2bdbff947c4dfa108cbb88202ee1192b81f428a5b3c299848649e1a6bff52f657a67463d7dbf85ae9321fc2b517dc4a29b9b5a8ded5de8206c812439ab129ae818837ee1562078fc524b3baf49a0be9bb7d958d5e87c6c09bf71a894bad62934782cc308e936d7637e07c4a2a3bc87b0da23c00d9ef418cf19e7a8c4c328be0ce95798adc2dca871073f6bd61dc18487b6feb89752cd600000000abc86b94f8cbde4d470667bee722a6a2af483ad0d3415ed0f9db059acaba9eaea93f811d434e00000000000000000000d154ba10a8e51489a614e69722bac30000000000000000000000000000c5dfd188ff555285b9743d3aac000583f42d168613151d681a2f71373f20d92c9048407c91fabecfe8b3f2d5454d127edab14ba61ba1cfc4336324c86f3dcb43e9a58208077e90f6ec1c7ac756f61dcc372cdd30b82507489f0bbfbd3c3f21752e81319c0161e154ceb16e00bc7f5a6962dff317f4d014786e432817064874d69a39cb0da31bcc5f81894d8a80756447322207b4007dff12eb95066cc6bc256f0a12282224d718b06ca80b57aa183dd0c3eee45891441f2b89b4c67aa9882281393954972046974f18df232cd7fca610e33f51c2d062020f403d85ff36c26e2f6bd1d82f4d3ceb3472d9a77e0057a3bfe697d9ab7585f4a1b381343d2cf855689232f4fc5135790662dc1419a374be9d7b3e5be2886d23add90d862f1a682ff11c798e338af3e5bb0f9d3952b15bf3e0c618c89d20ca1e18a031397693bf3cfbd8417e5b55e641c898c280356f2da222d5d68919d98158578dcf18efa404e508bcbbb8cfcf70086821ebdf34c9a1dff45af873df904c2bdbef81f246d26f4b40df949e12bdac18533d4e11c608cc31d60cb591c40a7b386fa1c753336d7220a35118d4919b45eff32aab684e62c6691de14e97aa7e9dc8ecf0cd50540246d2b746e41e5b4e2c095039dfe0f71db6265f7580d098be40ef36faee5d1695830d4242a23e541e6ce9fa1998d8961cf4fe3c8e8fbb566f148c8befc229614a4b7f80d237b8abc6fd0407de31d6e5532f360d379f20f054692b47207922fe6c14eba96c9a7ae906abc1ae1ae8c4fae92883cfa1978a04bbff4bbe0000000000000000000000000044585397feaadda3fcc64e7b0c08f7ac5c64cb190f1712a3b10fc34eb758705f1751d8c8b712eb39d2b8ad44f129c2c9aedb15"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xffffffffffffffd2, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
fcntl$getownex(r3, 0x10, &(0x7f0000000140)={0x0, <r5=>0x0})
r6 = syz_open_dev$vim2m(&(0x7f0000000100), 0x0, 0x2)
ioctl$vim2m_VIDIOC_TRY_FMT(r6, 0xc0cc5640, &(0x7f0000000240)={0x2, @sliced={0x283, [0xc5f, 0x2, 0x950, 0x8, 0x0, 0x2, 0x8, 0xf3, 0x5, 0x93b, 0x7, 0xfffc, 0x40, 0x1, 0x5fe, 0x7f3, 0x4, 0x1ff, 0x0, 0x1, 0xffdd, 0x4, 0x9, 0x0, 0x104, 0x9, 0xdb1, 0x1, 0x40, 0x1, 0x6, 0x1ff, 0x1, 0x4, 0xff, 0x7, 0x9, 0x1, 0x7ff, 0xd2b1, 0x6, 0x7, 0x0, 0xd748, 0x4, 0x3, 0x5, 0x10], 0xc}})
syz_open_procfs(r5, &(0x7f0000000200)='fd/4\x00')
futex_waitv(&(0x7f0000001f40)=[{0x0, 0x0, 0x82}, {0x0, 0x0, 0x82}, {0x0, 0x0, 0x2}, {0x0, 0x0, 0x2}, {0x2, 0x0, 0x82}, {0x0, 0x0, 0x2}, {0x0, 0x0, 0x2}, {0x0, 0x0, 0x82}, {0x0, 0x0, 0x1fedfce6e88815b0}, {0x0, 0x0, 0x2}, {0x0, 0x0, 0x2}, {0x0, 0x0, 0x2}, {0x0, 0x0, 0x2}, {0x0, 0x0, 0x82}, {0x7, 0x0, 0x82}, {0x0, 0x0, 0x82}, {0x0, 0x0, 0x2}, {0x0, 0x0, 0x2}, {0x0, 0x0, 0x2}, {0x0, 0x0, 0x82}, {0x0, 0x0, 0x4}, {0x0, 0x0, 0x82}, {0x4, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0, 0xc61e4fdbc1eb9d4c}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0xd, 0x0}, {0x0, 0x0}, {0x0, 0x0, 0x82}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0xfffffffffffffffc, 0x0}, {0x0, 0x0, 0x82}, {0x0, &(0x7f0000000f80)}, {0x0, 0x0}, {0x0, 0x0}, {0x1, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}], 0x3d, 0x0, 0x0, 0x1)
r7 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet6_int(r7, 0x29, 0x17, &(0x7f0000001680)=0x9ffffffa, 0x4)
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="aa538c3a66c49534adad297d4ed69c4df43a6f422e73a8116b8523bb502e6d", @ANYRES32, @ANYBLOB="000000000000fd0a7dc7a22ac397000000000000", @ANYRES32, @ANYRESDEC=0x0, @ANYBLOB="0000776ea3bdf863816404a6b7385db4e72700000000000000000000af3c000000000000000000ea742cd7bc45a2000000000047173e654662b6c1499659876c9d"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000011000000000000000000000018120000", @ANYRES32=r8, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, @void, @value}, 0x90)
getsockname(r1, &(0x7f00000003c0)=@in={0x2, 0x0, @local}, &(0x7f00000004c0)=0x80)
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x19, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000300)='sys_enter\x00', r9}, 0x10)

1m7.850783929s ago: executing program 3 (id=163):
exit(0x4c2d)
r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x0, 0x5, &(0x7f0000000000)=@framed={{}, [@call={0x85, 0x0, 0x0, 0xd0}, @call={0x85, 0x0, 0x0, 0xe}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x5, &(0x7f0000000000)=ANY=[], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x1f, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
exit(0xa)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
waitid(0x0, r0, 0x0, 0x4, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x8, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000047b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000007b00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
close(0x3)
bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000180100002020702500000000002020207b0a"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="1500000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFULNL_MSG_CONFIG(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x28, 0x1, 0x4, 0x5, 0x0, 0x0, {0x0, 0x0, 0x2}, [@NFULA_CFG_CMD={0x5, 0x1, 0x1}, @NFULA_CFG_MODE={0xa, 0x2, {0xf, 0x2}}]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x800)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af0"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
setpgid(r0, r0)

1m7.012279617s ago: executing program 3 (id=171):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_DEL_KEY(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)={0x1c, r2, 0x1, 0x0, 0x0, {{0xc, 0x0, 0x700}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0)

1m6.960810877s ago: executing program 3 (id=172):
r0 = socket(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffff11feffffff000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000001240)=@newqdisc={0x78, 0x24, 0x5820a61ca228651, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c}}]}, 0x78}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000700)=@newtfilter={0x78, 0x2c, 0xd27, 0x1000, 0x0, {0xb, 0x0, 0x0, r3, {}, {}, {0xd}}, [@filter_kind_options=@f_basic={{0xa}, {0x48, 0x2, [@TCA_BASIC_EMATCHES={0x44, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x1002}}, @TCA_EMATCH_TREE_LIST={0x38, 0x2, 0x0, 0x1, [@TCF_EM_NBYTE={0x10, 0x1}, @TCF_EM_IPT={0x24, 0x2, 0x0, 0x0, {{0x3, 0x9, 0x6}, [@TCA_EM_IPT_MATCH_REVISION={0x5, 0x3, 0x1}, @TCA_EM_IPT_NFPROTO={0x5, 0x4, 0x1}, @TCA_EM_IPT_NFPROTO={0x5, 0x4, 0x5}]}}]}]}]}}]}, 0x78}}, 0x0)

1m6.960169058s ago: executing program 3 (id=174):
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000001ac0)=[{&(0x7f0000003080)=ANY=[@ANYBLOB="9c020000230001000000000000000000550200800c00010002"], 0x29c}], 0x1}, 0x400c0)
socket$inet_smc(0x2b, 0x1, 0x0)
r1 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x0, 0x40, &(0x7f0000000200)=@raw={'raw\x00', 0x9, 0x3, 0x240, 0x0, 0xffffffff, 0xffffffff, 0xcc, 0xffffffff, 0x1ac, 0xffffffff, 0xffffffff, 0x1ac, 0xffffffff, 0x3, &(0x7f0000000000), {[{{@ip={@multicast2, @rand_addr=0x64010100, 0xff, 0xffffffff, 'dvmrp0\x00', 'gre0\x00', {}, {}, 0x8}, 0x0, 0x70, 0xcc}, @common=@CLUSTERIP={0x5c, 'CLUSTERIP\x00', 0x0, {0x0, @remote, 0x9, 0x5, [0x15, 0x3e, 0x26, 0x25, 0xa, 0x35, 0xe, 0x3a, 0x24, 0x1a, 0x39, 0xa, 0x19, 0x1b, 0x2, 0x26], 0x2, 0x5, 0x20000000}}}, {{@ip={@multicast1, @empty, 0xff, 0x0, 'ipvlan0\x00', 'sit0\x00', {0xff}, {0xff}, 0x5e, 0x3, 0x2f}, 0x0, 0xbc, 0xe0, 0x0, {}, [@common=@unspec=@cgroup0={{0x28}, {0x80, 0x1}}, @inet=@rpfilter={{0x24}, {0xc}}]}, @common=@inet=@TCPMSS={0x24, 'TCPMSS\x00', 0x0, {0x7}}}], {{'\x00', 0x0, 0x70, 0x94}, {0x24}}}}, 0x29c)

1m6.870719899s ago: executing program 3 (id=175):
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r0, &(0x7f000000a400)={0x2020, 0x0, <r1=>0x0}, 0x2020)
syz_fuse_handle_req(r0, &(0x7f0000008400)="92756f43b31ffe542788ef586b7c5a344424e3acac2590be6bbe37adface4a8f2e534ffe76a83a93f0b3680a72fddfde83f96d01982384e8d689219cb9669b14dbaa1b799f82ea1fc926126a4163618e16d4f94143a4e0f27c44fcef3920a0b3805ed4e78098d8689cc7791bd86648070718d238664332948d87866c8d2590fc0f017f9853abd9ed60b99f1aa6ae2dbd24ab6dbcebdb055246815ace147cc50fa3b2861148fcda374d5b203e51d72c45e4dde3e9ee9a47ffe458baf7bb49035135a8194aa1f0a83fa2abed56398f90daff679634619453f533f22583a6e0a4dc09e9de46684d5e0136e229510f3702cf3a4cd0065d3e5d3c419e38a80b070ca55010e082a9c510fd18cc0b26bb5e8e459e747befbc5c6b60ace80bf41417b7b78cf57e5b3984f0cdddc615c5e0000454d3f4a196fb6d18aa629cf0b0245f95ba958d86dc175616f8cd3ac473057dc3a5ff7107973326350107f4468e7ecd48d689b82c12d22ae5f1858302a1b4cfde8fd347a99ddcde40d1c49d9b5099fbccf09e782212be4b2ce36a2bc3c9ee794abffe72a5501e6c4f3f7f68b74761ffd6620609224a3bf11f655dadb5c8a5813b02fb46830e9ac6825f5d0e89910352eb3a58c0dd82d094f94dd2c85666f684a8f437bbd0e66b9f4d366117b67a054d212c4fbc287848cb0578391335d5d616b14d99a2e3df8e8a152d5de99bcefcaab5bb5cc71f3ddd66b379c104648e190e0b28a180d3aecc5423575d4ba7dbf31215c717da7b87dd454b6efcd36c91aaa631127f5bd88723d221752f102bc0c7ac6c5c7a1ad6747af40d01b6d39eab7b0e1292b44683c586386ad00acf60fb8f9bac551a6eb5bab7317b5d89f64db10bd9018dfa6d65d93862e851afbc30fd70fe5f0de322462045177231852ca80e4e78da4fea0c79ba354333026c8bc77d308a8d256a19ec45d2088c196691d3f9aac28ded36004a65ee1ce49ba9599ceee84534bb61d02d04a6732f1e27d72962f74b59f3522bf844c5022986d55934e48b8681b7f5b7532391448caeef00315d28320a46d8bd7813544e1e4bf994e14a519c2654ff20b42bdb69c262897e28eca528f0999840b00ed8256597d27cfc20d71d5f40d0bbca759f7594c6034aa1e16a84ed152fad0fdc1c303a7f61225712714f823afc5ea241d482d3585759623af8c97ca6a84a2033b3d7314ea0ef7ba9b288b362a294c92c8b9736829c16f61c5a1ee04aca965d71162292274595ea62c9c2918e8279c99f5d2830c617c58211fd7452330184b9428d5ec1d5cd75ddcc6de3326fdc70e891104b3b013c30ffccfaf3308d9671b01f6b080a930dac2052c6f39817a662121d90d40d6a1facfb50bec7d408030b6d0ae3e744f3bcc327c35dc43cf86b743db78ff2e593b19923235ed6467f299b08718fe1840c16a748935dff941150fb08b30573b37bf9af5c86cc8d9e229a832e4ef25ec91f71120f2b3e9062485976c280a2d172386029e2f2a4801197fca0a13514edacf5ddbac5a62e8bb13dd1572657a821a8739297f72e29239d1cdddf3e30cbe9af3141f2275ee4ae85d86ec888fe9a6751f252057e95b8beb055e276439581afee93cd44f1e92f70e5f725451d3ab662918ffbb1269509fbd511e95a00ec717f9d60d643864abd6ad1cc4dd7f933379a6078a86c2158db8076e7b660366fca7b1c46d09d2c8e67a6494bfb4c2c6750e76593895b5e2b2bc78093840c3c4a807826bc2750a96b4e1dd5b82b492bb2215518c92064d1763c37132604e52e73fac3f4511f791753aeecfbb19816e0da7a1bfbea9eeaa0f256eaedcb119a61f7d0ea0f5cd4969d45cb014800f2c888d5c2217cf0f69a7507779883b57352bb8883cc584891950d6e792537074f4fc4337aa19b9bf60e18edd939d289fb4a6b7aa6c66da20774e249ca4f779d3c910b1a9a8e4c38af6adecc87d5481d181fd66023ffff246f4e2556b218fe8110acebe20b1675f1de6f265b6d1d8514a53522396bf0e2f2b153c498e48b36d16f8b9bd56f45d7f5b9397d7f1339117a176d0bad0b68e800682416d3e18fe2197c7f8dc20600feb95cc6ba86ad47f113e159bd4389e30eab2874bd27eebc56020c4dab9973b13f3e82aa62a7e0a151d73de48cb811e32be63ffd303f5a6ea6f097ed763fbf36c430821e451146de79922348354ce285af0997bf3c66e6ef02942e24b8f1ccdd542f09cfe65c0da0094c0b5fd26bbc061538b41e5ed2cbb390ee29b10a4b7a696009e1b5b86c44c0a561a257c15415feaeb1433ea275ed6e4b228503fe71ee5942665164faaed6697112206be0fe7863aebd4bbe951d5dea1da294dba0793196385f4d5141c9d6c4b0fa22b2e200cfb70b52aca31655e71e5a576ccb8ccb5b1364748aa981edbb81a813b1aebc67be1f7619e7e197622d981280429f6ca5145c5b3b05e6bace9191e5c58fbf140f71f594cbfd4db0e9f6923f1758ff9474a61a720a5d4f09c622c3ce3f5d0d3a1d191111168108f41f12b16e9eaf3617c353715cd35260560cbfd0555d51ce5c40bbdb7c95ceaeadadb8902974de50b0863348183864f5ea682e678286a06a6f396af29a7c7fb33a3579e25835963612f3c0d4cf369d85959a0adeda94d35824050e6fba7f83f90867583f713d7783323c7010e94c9be331f860db395dbde6face5bfdb616fcefa9c6b01f6963daa840a31ff554a458c0c50cb5e09f91f54f63234589decaf45bbfbaef0dcbff4ae6e65ca26a530261c491ef8eb9a855a1d7463391c9b66be96cf24c3c321ee5a5bdc857f60b582683c6ae1e3775b62a9f19ff8fa51380ca8a2a3c6de79012f5727ba12025e7e6723a23a81e067ca6e54c7b38ff64880d235d21e7ee5258953dcbf9e2a962f006ca4ffe870859242c850cbae4222b3b72c4f86934379ba2ead1dcde906241b994d95c88355af5a9a30ace9c933a6942f341ad221dd825846a8fd44c03e2eaa9311c26e15a1bd7cbba961a22ef23d7ebba0e34cec5ef09b1ce72814a97e33bd29f3d9ec80a4f45d1d29486accf15c11f1a800bd84918e7626f678275d7c7acb02cc0e6e34bb766ba6b75c3ad14fca9352e09c3b69390c045cfc842ff9ade8ca693c07fadc7047a946e6e570c3afc5b501c964103397f5ddadc2d59a048348dd42f07cfe31bc9b5ae453f5086bb41bba4c8a3e518e30b0855184b053f923025dd72ce1bcbf41231978b34a8547c71d7313992165078903c61d312b0d9469413c9fd97ccdf0ea270fb6c47ec8861a1c8d909eeace761b5a06ba46e25785ff87f867777abb237c6c980687991f1ed0157d58492260c712cec34c1fc0962103955db4d5090b6e8409cf3c3c79d0e691cf4fbc0b2251a016dcd456969cd32e5429533bf0d6f8bda84c05f0e2040de8b53bfb8676eec4b76c3df6f46b1e43732035dda577e75f640777f6ae90fd2f1af42ba462dac732019c599bfef01acd6a0d4d1796bcb8f58519d6f9ad9a3206704a94d472516b988141f44ecd2e6f28a49aa0c449db87972fc995a97379914546ea43143ea2cf779a9cbe81f111fe89129db3610492164ab2598eca7e60d9a6963d8ba03a86729db86e420fd96d61b8fb11edc2b339b57a740074ae5b775eaf60cd85dc934e604bf2b4bd58ee01205b4df57ac20ff8db45a05982b579643882407050c005102a2e71f1e56dc76dbf5331112e83e48bfb5cf2a78a893190d78426175c162ffaa7278a43b9932318fc17fb8cb0dfac610b1ad235b91f9cb7623b155117e07f7b876a3c37627aa31eafed141cc0c5491c4f621a66b6d837a144d78719c46511c04a093cf65fce9fabe5bd6d499eceb63538ece3cf19053550a239bf978c08c879f9954485a4e3e0d5bedb84b407ced85c4dfc4d75af116815992c29f0bc927c4a990c38ae4fcc9feb90fec1b1b555e04d010423010855394d5ccfc8ed21164190cd8f83be5debb70290c3547f07e4dc42814f1e001798e6ceee2558b0c6ff8c1759f90269ee226131116332b99ac8dd104c92088e1f91ace3198c0f59bfb75c4e4a697660eed43a29c831a552de37fce6dce96fa51b6e2111f3071a4e94422d15e102e5f67da7ca6cae6bed7743ebffacb8a811a143605791d17232181a517e872f71262c3c73668f0ef83aad498f67fa26bae698cf78f24c2dbecd399a190e6b8d0684e929f2e8083765eb2c67793a1adbb89d36b58bfb197cdc5f3c894ac9d886e8f3b0936fabd233c09de8fab8099f72a74d908ba5c5e4d39790b0bf9e45b710f5587b7c937c76690c5c5fce621a53a9fd03b0a4ee6d8d1abbe2ed561820a77f12a08cad0755540ab6dd1604b7c30a8652995ab80b85e919011de9438a4637eb0291124ed4b745e782cff98510cb03be79c2a81351abf276584d75cdd96b9c97e73eb71000b3ab7c3c19c2cab4497298fcb3052b5d4503d05e7f310318be6f848547b1a4f4db82caee190801478be28065036aa4d91f290c1f396343e73a5fe8bb5ccf0a317177ed1f77acda1a4a49dccfcab8d1b5d79f015f788b6d5e9f8228a8bcdc0696e6b19f5edffbcd7e9509c87fbe1f726b93bf8c6d8d37428763e142560c46c9e894f7317859000c25abc4f3691ebcd020171e0d4911b5d97a238109aedeb00b2eb475c1e7b45175f8aa85193b5c0f43b434c15de01610c4d022646cd6e3637f349a434a77f571ac1c5d698452d1b991e267f78dca5e592ecd31ccafcad84e4e98d134b4adc525b81bd6843428883023a6ea407201738c8bf16b541ff7280274a34d4cf14819f2dbae167ca0cae8471c495e006b45194ad91c4516f21cbb10e0d26fd5d734cd7725df5b3fbe92955f4a9bb3b9b813aeeff79d6ed5db92def19d060a208c3ec8c42c110786f1e1496c50a7249b03fc792764366894a35320b99d0bef9fd0b6a246c36a357c6b985dc83a37a8d9b8b9ad643dea94860cbe763bb73cc8422b69d4d12332242c8954075fb7117a6679638073617abcdb4619855b2036af160647f66b3531645a3bf047ae290d6ae2249f114e7a8464278bae1486022bcc7c37390c8d9a0efb0e1cfa0da8ef7a5e072f99a47ecc75e4e442880375193db49bb82ba34901286ca473ed5b63e4048db4dc455e74b3fdd2e7898ca3f4c3a02d435cde6141eea645055123a7dcf0d22057f8d425701afc55859f5147954e719d58c7486b1e02ac16cb799b77632c66bb78e6e52e11017c1736424fa4d433f1e19b4c881d23f0b2a12d5fae3ae24339088088d9b496ad97bd9f6e20a8597d1452a0c72dcf43dbbda8f18166585c06d21fbffe5fe7b55f71c9b9f1b34a02bd05ca63c7c1b1bebbb9dd24fb10291b04c665d45154dd28b85d821ce7e613119128996785e1006a8dabc4899b10d2671107d5a0658ed363b9d4b39d02f8cc5e350fbf0a31048adecd1f9e2ca749bd86f195eb48e9b4605f050de03d642940d79184618f7f88a9a0a4683ad84d6134e395305bc1d4d9d17cc334b97653529d6682a87a5fac80a6d46d6e72fc22e58be7b8f8617b3372ef2622110ab1ec448717118b257acffe55d18c7855e9e8710ad977a6792b2315a189eb4468c68641e9b60c0dab7016ac1ad63cd8004b6eca8fc88b1e4263acc00499255c16b11487a0af858075f9c892dc8044c4146e5a5677c4a2cb24bde5e078985020d4ab1e4c87492e76b7e6f4bbd71d84bab1885c9702849e70cf728776b1a94c2a8fb8c7ca01b6111ef6f2032a290949bfe473fe215273b8b5b3ad540f187490f63077dccbca6f62f0a7a66717c596cdef412f2560b10685ede967b3ee68b8c951959aeb1d7564c3b9d806b2ce858381393a79916b78f7e90beadae30ffc0b2b614380f1c2cc551a44565209db3516be379ef566ab00c673fd8aaeeecdcf1168c1960e9a477b9e13757498a44ff089351d1f27abf9fd76816f924504647d1247715ca861ebe624172c322146d66eb2b247f8ecb3e1b5ddca89b287c57510cec40fcf89d802cf4368a861af320e01e34f7a6177d4bc549181b5e87ecdfe02f78c9a59a3bf91ebb6364023ec06410e7b4476ec4e3685bfa3bfe9ef9ecc12dcd899abe0f3c7f16b4686801c0c0a949aa26bed57df56f2bc54ef19af7fcbc7b0d691075f42a4a67acf980b568acb2342f42249f7c1ee3527c13182b096064ecd250887a942d26f637e1c4041b139659d2462a68680bb04387a3b399e396b9fe74de10356125fa47d0a20827370cbf36a79b6fffade91c439dd6cfff4bbe0dd3efefb61c491ee32f935d62307cba369ac8c20f6fe3d4857ce6d240ece5e4d149f0587155a8350fcc18efae2ff11cdbe15218a82499a1996df8b5462ee170b284321e76bbe5c3f4158387644d95f087c598e3d46fbe27f63fa784bda239512113424045a2c5dbc6bc3662ca730a86d13cf8f6fe2743224ca7b535caf6b4701a7dae9cfad3d7290104bbba15b6a064ae6e909a099f75fbe47c9e654d8e3b8dc0f3dbffe829e6c56f7a241e565136812a857f59ab565a9991c6b1d8abcc94c6b33bba314f6e5060e657e4647f969a551dd6c51dfca0ff5d9e4f401fedbc2c927eb1ed95ef25f4e5accba4999322ba1539499310dd5875433a22835cfd42fd77fd4680b7fe767d7aa5c33acde04a65bd3a663fcde4c80e9f2af498f13bf9abbaa1c1265edc691e94abdcc92270c05811cd2a8104eb18efbfec9e4ba9ae5cde211b9b93082ce034b6cd5fbe9cfbac4f7e2404ef159766124f73017cc3600f3c81cd78db25fc3459629eaf20dfdb062c7e502aa69412381d847a9d254d5befc451cda3606f0bc8ae62e0aee928f9ed0b21d705a8d31b899e16445ee064563d32f7b6bb5ad197023cf528d9b329ec67815c6ddf27d2a6ffa7328bb993407cde3d166159fd49fe469254b84c2916daea8df9d69bef019f1351b9bce193e30278835b82ea5f60dc0bdd7f7452b7a820ae7cd6dc29d7ac6a6c1b6411711a96338b1e769146b2a385d282bfaae61b041166efafab2d89a4567b9460cc22d752f8e9aacaaa0db7c84879f5359662d55df6570d4214740851c74574ced733807cbb54571110410892394c3dea07bd4154d0e5689d57c3360207dac951f96a358e9c466a5c5113f3a632e184f57f075edef4dcc9721b963beb95df09dedf848260cbc1ebfdc7408218eaba6d2c51928cd37c4c0c9f321fbb0994a56947cfd9643056db5dbea60a241f8f004c932bc8e645b2ec2eb9bc4e9e2f4156293234d05e70cb26b8a370b0206c756bda6defc11c5eb386640f535a4ffb714168defc6d82f40d8f5ba8768537ead5773c53bd779ca899a2dd31c9138569ff5107c2fb12b804375c3b3dc9b828bfd550328adf358f71e86a0c49fb119f5ef9e06c13855cbfc7d1a62ca2ea655ed912a6dc7bb8b18656e8923fc7a1702ab36947d79384d681c31923e98cf40209f776bc2b219a7ccd139e756a905aa351e6eaae90770c8a193f96cd5c66e4d77a357985556e14333716d80204a5c390e0d76f4081afe917f99ad8a0976b3342f51854b374b4baa9a7f22124d2b82749446e30d9795acb9c3c3a305a6d273ac528e8e9c95c37a78e765fdda55982c2961fbc85a14fc095a78b4654ee6dfc3298749a639ab9c8e155af3a77f8a409ce174532a492ef550a140f774d77d732b3b4ca5bc41fa4488ce5957ce219b032ae1f585273748d81b19edcf3e6cb9a93ec24e41c6b3c472f9baf3ca46cb8b9a91df18acebe7d83bd4473750c4f26806da2f95b9ea48b342460af729ab15e9f033eda67feec645f985d4b9489cf6ceec1b100d007bf46c74be53c7ea17296f9c5b5cbae736491213c93b513009ebdecfcd60d46d7b86c6e3b5e288f2ba5867c07936e7bd1b00de52191eb8630ff82ccafb27a59295164751811bf74eff1e5e2abdf3c93bc5dc9814be83b2562477935e2fa30db7ebb6ec380170cf10c1f98f8c5eb71c730c2b31b55a1dd1c12a64802ab95b63c529e0a96cec8f38680221d6089926d8309796c79994d63b67bfb62f66b4a502f30ed12be41e896e88bc45a160a526fbd5f002e677322f116ec5740d7563cd23ee853c008b84998e38fdf158556e28a532573956e7c00f91f08ca245c295a3d5e003a99ea727f61d12893b435d4c8f2f5cce00c6a3091e2a47f290c07168975c53d7529b71d10faf42d2bac9db8d53669cf59c709c25e9e40b5feaed4c37dde8b84c4961c00712326fb6aaa06e80d766b40b72480f3971def61d1d129676df2478e778d899ed317426ec33e496d1fdd2ec27128f8faee92828e13da72d6aee8330a7988ea1cc8b64ec4d8b20990864c16c52c4be6d00b304b87d97bffdd9c66a740b517223089d9f3f414abedc53c768dab9220b980e6c18d5f20ba8994cc8886d7bdee213442f456d79fce1b1eb48fbf600a666c8ade24d118e6328251cf7b57a6285c650e019850f392b1c29aec5c8fc489a3819d60d5de377d4c11b8ee5625b7c02c5d50d2af3397006f2e2a41a06f039229eef5878ed91f9f6be7e988924dbaeb8455f616275e8698d93fb536e2c839b203aa69bceceddbf9c53f8addba53d50ca0f7a4729a42ac6eb757f1b408ad4a0147546173e62f7621eb18a9e1681510cceb48e0a30ab7a1bf71d56742d5f034f2d725e7ea68a011dbb100fa6eefe4ee093873de366d34f4240ca027a25c5b979c9ac47dd1dcb6ed82c4aee09dcc23cf329a8644f89b5cf00e5683934b1837574e9b39b31b1009f276e15aa040959fdf100838ca3f5ab17e45036668d06044e3a13f3a0a6f68579e50d5b0164f900d7bcfcde78396cf30f0b1dff76dc397ab1a5a44b207eb1eaaf73b945c575029ae2dce20724991e6550155ded6a42672609f2439c5aab4882b2ffaf7da787b71d05d15516bd68c6f1a9d79b675395845f24ee853f877e72c14b6c6702f7b8775ca1bfabbbcf4019f7bccf07f1c211531dfc66a7a1df79e92a20dd1cbe1b22e1209e7e3ecb9d3c2450fc22a57bfe09bd735f61c361cdac2488ae0adc7885edc0712655daaf535e1de96ccbe7869d531d8bf3db512fbd17c772332a3f8cf1e052ee0202eb99a36a0f8d7219888acbb57090cdaf3b28e1e62e8fc2ec237bdf18592a7afe4d8390dcb5e7fcc31bf4f797e6f5710070902265cc2e8c459b7da1451046abd6c8c5b02c0be2d2f505a65376266563ac7b59ef3b4e2570a6cb0bd94d46ad861317c743ce1de12bfa2295a98cdded4414d87a1580b1e4675bbdf73a22cac4a1d8d456d089e0b60cbfd16158f073bd1dac481db49fa5d8801d0fb0844b4afec1bab4e61fa0f381fa667880a1cd8163953be7b591cc9dfd7f91902370b783ae8a0f3c7cbefa7d229a37c00f523529e159b11d2e240629b64af2d11404773e991207a722c320221ce23baed7cbe40a440c5680814b122cfba9092fe03478f85adcbdeacb76d6cbf2491eafae98327b278e267821a0e1cd06ef90cb0328e246c19d8c63b9332291a89bc9f989effc675c79a870ac024756c6f5a7e32babd69625d61487ae7399490b70dd0fade7d70ad9b0757300a2dde77abaff4f63a0303853589d44efa968e10d36561f04408ad0cc227fc6b2f904cead189a0fcca9b2e6cbde5498652e0b3bc9d8b7921474403718feb5cc750dc70f5a9b1a0ae2c642015b6a1a8ab0572182b4e39e0c869cbdc60c9465f5d564d18ba2f5b3bc3e05a458744077430c5ea031ee02dd8f0a65d7dd8d90dd9b8717f77d202239a5778719423fb2aec7ca86eb07c39de65a34b988d65377a7473e9145f16d79593e96903330bbf3a8024fc15519d9baa0fae2018786f4b1846fca355ff0fccf65cccad1896309a5ccf2056dd542c929850cc91cd655962360fe316557ab3fb378328f77a07d9da24447d3fa2020b382ed2e808ec9529a01273434c64b0b7c35a06a019e4ab51cdc9c0f266ab25b6984338a0ba910d1060283b636c5d7e8a3f969c1ee1c99b54bba7ff3679fbeecbb70349f076480a867cc4ee4cacaea39c80f642533599486d2ffb77b8c9109a9d25fa0b06e58eca764f7d56469eb9547036bbea9d5c3d35b4c1fbc3d39a372c2b7ad184965cad3819c8928f1588d00949949c0c4c93d30ac7f6665247c0108bd89dff3aafe780ac66febfacc8c6a3cc387d09da6de700487a80e2c8d56df94d7ebd3e1d9e06411a6c5f7eb6da41c6f52997b5ad47ba985261103fdf12eb4a2828b248f652ef00b6abccab2eb161b878b9dbc0aa911405b6f67adda83c16187748d7b524ffe6381f489f432d592e6171bd9ccb2cd52f977143f57fbf2ab0b823d449ae55f02440972334344cda01837b93afa4f46a2fdefe27e92764cf9596780846de2e3b1ea83e62ee43b1c05aee675e25363504addfaa68e7c53ed685413f5ba951f120d0a646e474872c81e5a887464c19f8460ae814ffff24cb51dd2dca28d597ab2ea60949f8dbbe67f263e722fdb51bce4e328a19f5ff1218e1f63b8da6d40dbd5490964499b2522ea323310634893ead661407966207a66ab13adfcf1a725ed14339c46011c0e0401f2386b47cd9f902fdf84bc85e74d3ae7cc544e4d65670a554a537712c6ee9f75191631d2a4c4da06fc38423b1d5b828d7201235b2974164f52aa16bee70ee509250752f4fdd6b9f8d021943df8320682a6f80ff0d67ab7a4ceea807bd5b3b7b6380b0c7f0caa67b0208ba71317f0355a3b755af0e2c007186389438615df80b7b25104a733fc90625b62682198733c0f1625dfaa08cf81e3df043094b7b5a098b3b36f803b5b0f10a057bf814ae3579932c0a5f208985bab3d817f975283b8838ae5cb709be72b58df7425e059fdbf4e0ee51b3da01fe0b44963c1196baee5ec5909ad80d9d1660f3edd90374952a0bf8b3bece2c2f944593f4de7de5e05ded096b8f4f05d65dfc2e806f78220d84b3db564fb12f4e5e8f5eab316591f004e9374cce8e787263bc3827affe6793c130b8621d3bbb2a86fd87f070ea21718281ee7aec4bb3bb71af4bf5721cecd139c4be8c9df4ec8dfb09a5cf1d86a25d39faa9f064a997c214f334e4410917fc3b4d67ada8d87a38c0f86b02bf653dddaeb5b75b300f8bcfd792858bef8ab23e063421939c59212964c9ed5dd56e215db58cef53d31a966bb8ce4ed56287fecb3a85ba435e0b41b20ba1164b9c9f2c49fa0f7b17a89e0ec47eefe992d63ee29c8c0a1ece2664fee8edadd43636a54c48519b4fcf55b0d9103602b92441a5f85cf8c5e406d0f5815f8f37309934bd78fbc2acf0a03b051b4528db4f7c09de7d0aabafca3736b8259c818ca338ca6754e0747717c2794d664a1cacc1e9c52764a308e6df73d975638630b74cce6c49b1bac16454e96852c4f9d8ed118e86d2f1c8dc33bccd4a07be128db5e80f5684ddcc1158e744411acde590f902f0987cfb750bb5bfeed53bff076868986b566d7701f48ddfcacbd325c8d930bcef26713bf60585d5c991e2a6cc33ccbc27f7ddfba18f998497c2eb378cc8f2cc07a1b4f141c5e0fb6f52e18242e505bcf6dd20e33a469d056a0b4fd5e72d0da9d0bcce1e2f9e9dc7d1c7b6cb0f3604287eca", 0x2000, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x90, 0x0, 0x0, {0x3, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6000, 0x0, 0x0, 0x0, 0x800}}}, 0x0, 0x0, 0x0, 0x0})
write$FUSE_INIT(r0, &(0x7f0000000340)={0x50, 0x0, r1}, 0x50)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000a80)='./file0/file0\x00', 0x0, 0x0)
ioctl$FIBMAP(r2, 0x401070cd, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r4 = openat$cgroup_procs(r3, &(0x7f0000000100)='cgroup.procs\x00', 0x2, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
write$cgroup_pid(r4, &(0x7f00000001c0), 0x12)
r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r6 = syz_init_net_socket$llc(0x1a, 0x2, 0x0)
setsockopt$llc_int(r6, 0x10c, 0x6, &(0x7f0000000080), 0x4)
r7 = openat$cgroup_ro(r5, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0)
write$cgroup_int(r7, &(0x7f0000000200)=0x1, 0x12)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff)
r8 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r9 = openat$cgroup_ro(r8, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0)
write$cgroup_int(r9, &(0x7f0000000200)=0x1, 0x12)

3.119556887s ago: executing program 2 (id=518):
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000001680)=@raw={'raw\x00', 0x3c1, 0x3, 0x2dc, 0x0, 0x111, 0x4b4, 0xec, 0xd4feffff, 0x214, 0x202, 0x225, 0x214, 0x278, 0x3, 0x0, {[{{@ipv6={@dev={0xfe, 0x80, '\x00', 0xfc}, @empty, [], [0x0, 0x0, 0x40000], 'veth1_vlan\x00', 'team_slave_0\x00'}, 0x0, 0xa4, 0xec}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x81, 'syz1\x00'}}}, {{@ipv6={@empty, @ipv4={'\x00', '\xff\xff', @private=0xa010101}, [], [0x0, 0xffffffff], 'veth1_to_hsr\x00', 'erspan0\x00'}, 0x0, 0xe0, 0x128, 0x0, {}, [@common=@unspec=@limit={{0x3c}, {0x0, 0x8000000}}]}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0xa, 'syz1\x00', {0x7f}}}}], {{'\x00', 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x338)

3.119384474s ago: executing program 2 (id=519):
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x0, &(0x7f0000000300)='usrquota')
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0xc240, 0x0)
mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='tmpfs\x00', 0x0, &(0x7f00000001c0)='grpquota') (fail_nth: 24)

3.059749227s ago: executing program 2 (id=520):
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_IPV6_ADDRFORM(r0, 0x29, 0x1, &(0x7f0000000000), 0x4)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
futex(0x0, 0x4, 0x0, 0x0, 0xffffffffffffffff, 0x0)
mkdirat(r1, &(0x7f0000000040)='./file0\x00', 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r2 = msgget$private(0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8})
msgsnd(r2, &(0x7f0000000480)={0x2}, 0x8, 0x0)
msgsnd(0x0, &(0x7f0000000000)={0x1}, 0x8, 0x0)
msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x8, 0x0)
msgctl$IPC_RMID(0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2, 0x0, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000080)='./binderfs/binder1\x00', 0x0, 0x0)
epoll_create(0x5)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r3, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000140)={'nr0\x00', 0x6132})
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000300)={'wlan0\x00'})
r4 = socket$inet6(0xa, 0x1, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000000180)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x24, 0x24, 0x2, [@enum, @struct={0x0, 0x1, 0x0, 0x4, 0x1, 0x0, [{0x0, 0x1, 0x80000000}]}]}}, 0x0, 0x3e, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20)
mmap(&(0x7f00009ff000/0x600000)=nil, 0x600000, 0x0, 0x30, r4, 0x3000)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
r5 = syz_usb_connect$printer(0x0, 0x2d, &(0x7f0000000100)=ANY=[@ANYBLOB="12010000000000202505a8a440000102030109021b00010100000009040000010701010009050102"], 0x0)
syz_usb_control_io$printer(r5, 0x0, &(0x7f0000000a40)={0x34, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000a00)={0x20, 0x0, 0x1}})
r6 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f00000001c0)={&(0x7f00000004c0)={0x3f8, r6, 0x800, 0x70bd2b, 0x25dfdbfd, {}, [@NLBL_CIPSOV4_A_MLSLVLLST={0x164, 0x8, 0x0, 0x1, [{0x44, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x46c16c82}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x35}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xa2}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x29}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x40}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x55}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xe}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x93}]}, {0x2c, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x48}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x41}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x65}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x71be8670}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x415ea914}]}, {0x24, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0xb97ac14}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x67bad0a9}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xde}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x4f3a0d3b}]}, {0x54, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x58fe0a3b}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xe8}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xcf}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x1a}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x31}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xfb}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x35}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x4a1a4b5}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x62}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x49f8cc06}]}, {0x34, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x7b5577d9}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x326f824f}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x1e740f8b}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x37}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x8}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xaa}]}, {0xc, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x11}]}, {0xc, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x9a}]}, {0x2c, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x1c28f3f}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x24e05d5b}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x5bd1fec0}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x24e9ec16}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x322e44c1}]}]}, @NLBL_CIPSOV4_A_DOI={0x8, 0x1, 0x3}, @NLBL_CIPSOV4_A_TAGLST={0x1c, 0x4, 0x0, 0x1, [{0x5, 0x3, 0x5}, {0x5, 0x3, 0x6}, {0x5}]}, @NLBL_CIPSOV4_A_MLSCATLST={0xc4, 0xc, 0x0, 0x1, [{0x34, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x762f8c7b}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x1d904622}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xda02}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x4e53}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x5ad4b701}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xc6a0}]}, {0xc, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x9a8f2ed}]}, {0x2c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x3c776430}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x20c44923}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xf000}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x6a7524b0}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x59256c91}]}, {0x54, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x9e4f}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x373f89c7}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x285c}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x2168}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x4008addc}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x1bac}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x4931503}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x585431a4}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x7ab84807}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0xeef2754}]}]}, @NLBL_CIPSOV4_A_MLSCATLST={0x130, 0xc, 0x0, 0x1, [{0xc, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x9d9b}]}, {0x3c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xdc75}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x4deff37f}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xcf64}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x45c5726c}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x589}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xaf6b}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x232567da}]}, {0x24, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x1461}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xbc1b}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0xef4dcb7}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x5977cc68}]}, {0x24, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x21b6ad57}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x3845}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x34fc}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x6e79}]}, {0xc, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x33b33a1a}]}, {0x44, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x7a47ee62}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x28e9}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x2f63}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x71b583d}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x87a3}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x835}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x7de8}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x2609a1af}]}, {0xc, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xa751}]}, {0x2c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xae53}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xc3b8}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xcca}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x548b}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x1ae9}]}, {0x14, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xe457}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x6a17c65a}]}]}, @NLBL_CIPSOV4_A_MLSLVLLST={0x68, 0x8, 0x0, 0x1, [{0x14, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x654ba0a7}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x3a}]}, {0x14, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x77}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x5cefe1cd}]}, {0x3c, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x84}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x77}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0xbac5bfd}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x1}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xbd}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xdb}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x1}]}]}]}, 0x3f8}, 0x1, 0x0, 0x0, 0x20048001}, 0x0)
r7 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
ioctl$SNDCTL_DSP_SYNC(r7, 0x5006, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x17, 0x4, &(0x7f00000003c0)=ANY=[@ANYBLOB="180000000000000000000000cf56c0bf630101000000000095"], &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sysctl, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)

2.889769491s ago: executing program 1 (id=522):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0xfffffffffffffe01, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={{0x14}, [@NFT_MSG_NEWRULE={0x78, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x38, 0x4, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, @target={{0xb}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_TARGET_NAME={0x10, 0x1, 'CONNSECMARK\x00'}, @NFTA_TARGET_INFO={0x5, 0x3, "ef"}, @NFTA_TARGET_REV={0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_COMPAT={0x14, 0x5, 0x0, 0x1, [@NFTA_RULE_COMPAT_FLAGS={0x8, 0x2, 0x1, 0x0, 0x2}, @NFTA_RULE_COMPAT_PROTO_IPV4={0x8, 0x1, 0x1, 0x0, 0x29}]}]}], {0x14}}, 0xa0}, 0x1, 0x0, 0x0, 0x300}, 0x0)

2.830221733s ago: executing program 1 (id=524):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000400)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01030000000000000000010000000900010073797a300000000060000000030a01080000000000000000010000000900030073797a32000000003400048008000240000000000800014000000000080002401c75414b08000240084925e6080001400000000108000140000000030000000073797a300000000050000000060a010400000000000000000100000008000b40000000000000010073797a30000000002700074062d8ef2ef69d1e112d3c09592b46a8267f047f64f1a7861be9ddd72fe86fd22e684a7b00140000001100010000000000000000000000000a"], 0xf8}}, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000003c0)=[@text16={0x10, &(0x7f0000000140)="66b9c002000066b8de418ce066ba000000000f30f30f09f4baa000b000ee367c09670fb1ff64640fedab4ce3660f61680e2e660fc7b6070066b9650b000066b88700000066ba000000000f30", 0x4c}], 0x1, 0x0, 0x0, 0x0)
r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000140)=ANY=[@ANYBLOB="1201000000000040ac054382408b0b00000109022400010000002009040000fd0301000009210000000122010009058103"], 0x0)
syz_usb_control_io$hid(r1, 0x0, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000800)={'hsr0\x00', <r3=>0x0})
r4 = socket$packet(0x11, 0x3, 0x300)
sendto$packet(r4, &(0x7f0000000140)="d0b4163e96457321d877d01a88fb", 0xe, 0x40000, &(0x7f00000001c0)={0x11, 0x1c, r3, 0x1, 0x70, 0x6, @local}, 0x14)
syz_usb_control_io$hid(r1, &(0x7f00000003c0)={0x24, 0x0, 0x0, &(0x7f0000000a80)=ANY=[@ANYBLOB="002281"], 0x0}, 0x0)
r5 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/keys\x00', 0x0, 0x0)
ioctl$sock_qrtr_TIOCOUTQ(r5, 0x5411, &(0x7f00000000c0))
read$char_usb(r5, &(0x7f0000001840)=""/4090, 0xffa)
statx(0xffffffffffffffff, &(0x7f0000000100)='./file0\x00', 0x1000, 0x100, &(0x7f00000002c0))

2.500019237s ago: executing program 0 (id=531):
r0 = socket$kcm(0x10, 0x2, 0x0)
r1 = socket(0x200000100000011, 0x3, 0x0)
r2 = socket$packet(0x11, 0x3, 0x300)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r2, 0x8933, 0x0)
bind$packet(r1, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
syz_genetlink_get_family_id$nfc(&(0x7f0000000100), 0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_emit_ethernet(0x0, 0x0, 0x0)
socket$nl_generic(0x11, 0x3, 0x10)
socket$inet6_sctp(0xa, 0x5, 0x84)
syz_open_dev$usbfs(&(0x7f0000000000), 0xd, 0x800)
r6 = syz_io_uring_setup(0x117, &(0x7f0000000100), &(0x7f0000000280), &(0x7f0000000200))
r7 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
connect(r7, &(0x7f00000004c0)=@rc={0x1f, @none, 0x8}, 0x80)
io_uring_enter(r6, 0x47f6, 0x0, 0x0, 0x0, 0x0)
sendmsg$kcm(r0, &(0x7f0000000600)={0x0, 0xfffffffffffffd21, &(0x7f0000000000)=[{&(0x7f0000000080)="2e00000010008188e6b62aa73f72cc9f0ba1f848140000005e140602000000000e000a0010000000028000001294", 0x2e}], 0x1}, 0x24084040)

1.610110024s ago: executing program 0 (id=532):
r0 = socket$kcm(0x10, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000000)=ANY=[@ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x4f, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = socket(0xa, 0x3, 0x3a)
getsockopt$nfc_llcp(r1, 0x3a, 0x1, 0x0, 0x20000000)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)}, 0x20008800)

1.609776632s ago: executing program 0 (id=533):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r0, 0x0)
getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(r0, 0x84, 0x1a, &(0x7f0000001100)={0x0, 0x45, "730c302f607df499e38eb0c66d974f72e11e95f208b69756ff1851fac7e65ca30c2b2e348c80779500521b6d931bfdd541b18c84fdf05b2b1f2314482eb085e8a41b6b6fec"}, &(0x7f0000001080)=0x4d)
openat$rfkill(0xffffff9c, &(0x7f0000000000), 0x4000, 0x0)
syz_usb_connect$hid(0x6, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000000006d04171040000102030109fc73000101000000090400000003010000092100000001220000090581030000000000"], 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000480)=ANY=[@ANYBLOB="0000040401200600000000d4aeb2bbd800001334efb7a0defdc2f376e064511da47d02b801eeebc98a6e515e6d730246d0139cc6f56b7c9625e3d8cd5d489939c3c987b96384a817e11d12d470d05e0f190f6a95c94763723af23be6bb03e2ad70fe62ff5042bac58376c82165e566c0b6b01a7af4a8ed63e633f6eb86dc4b8f6b83d9b5b0bac8eb454c283213b5d44b8431079b710c118e000000000000011d6c3cb0ebf8619e9e290708d61fe213a4bcffac0a9a0abb3f05b4a72da75f9137be25219487479c3fc52d8db0dc52edc140b7e9373a8d", @ANYRES32=0x0, @ANYBLOB="f4c0050000000000"], 0x20}, 0x1, 0xba01}, 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043ef502"], 0xf8)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f00000011c0), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_RINGS_GET(0xffffffffffffffff, &(0x7f0000001280)={&(0x7f0000001180)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000001240)={&(0x7f00000002c0)=ANY=[@ANYBLOB="2c0000806e6dfa06fb1aa489bf103806873c09928a80d75f08fcd6d9028db0fee8fa0ce97e52db77129697e64872c9b03e3085dde1e9b2a816185c0c6e3a59dbe49ca48a12e044236db4f606d5f8bafd3d", @ANYRES16=r1, @ANYBLOB="000128bd7000fcdbdf250f000000"], 0x14}, 0x1, 0x0, 0x0, 0x20040880}, 0x8800)
r2 = socket$inet_sctp(0x2, 0x1, 0x84)
sendto$inet(r2, &(0x7f0000000000)='7', 0x1, 0x0, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0)
socket$inet6_sctp(0xa, 0x801, 0x84)
openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0)
mknod(&(0x7f0000000080)='./bus\x00', 0x1000, 0x0)
open(0x0, 0x517200, 0x303)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x10, 0x11, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000100000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffffff, @void, @value}, 0x94)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000380)=0x7)
r4 = socket$inet(0x2, 0x3, 0x6)
connect$inet(r4, 0x0, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
read$msr(0xffffffffffffffff, 0x0, 0x0)
r5 = getpid()
fcntl$setown(r3, 0x8, r5)
setsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r2, 0x84, 0x6, &(0x7f0000000100)={0x0, @in={{0x2, 0x4e20, @loopback}}}, 0x84)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000240)={'wlan0\x00'})

1.609457879s ago: executing program 2 (id=534):
pselect6(0x0, 0x0, &(0x7f0000000200)={0x9, 0xbdd, 0x8001, 0x40, 0x0, 0x5, 0x585}, &(0x7f0000000240)={0x1917, 0x2, 0x3ff, 0xff, 0x6, 0x3}, &(0x7f0000000280)={0x77359400}, &(0x7f0000000340)={&(0x7f0000000300)={[0x1, 0x8]}, 0x8})
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05000000000000c428681d22ddc6347989726d000000070000000900010073797a30000000003c00b4a9fb11fe8bb325107fcbaf9d820000090a000000000000000000000700000008000a40000000000900020073797a31000000000900010073797a30000000000800054000000000000c0a01010000000000000000070000000900020073797a31000000000900010073797a30000000005c0003805800008054000b805000018008000100667764004400028008000340000000000800024000000000080003400000000008000340000000000800034000000002080002400000000008000140000000000010000100000000fd3dcc88b5aca646a9f827477e8ae6f55a20de8edf1f1c2a0816ec2a04e834e19ba9f909b6e1ef4a671d608c8bacfe2b6d477a52acd81c46a1673c00"/340], 0x10c}}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = syz_open_dev$MSR(&(0x7f0000000500), 0x0, 0x0)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000700)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x4, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x3, 0x4, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_DELETE_BATCH(0x1b, &(0x7f0000000180)={&(0x7f0000000540)="ebeeb39297527fda8085b02fb8a58aaac4d4c0fb259777bd42139b07105601d1ad24c6d9c2563854569dfa8db64fc37aeb483e1a631282e8f784b4d9cb51a3c7f5b9e4e83c00bbf0bc3dc7257d2991f50b66ef5ad0497c6f3dffc5e54bde8a9f428e0daa7ecf2113ce7f400ba04635bd6f470c42a6fe34392449653cdb1395f5adab2eb26df20110fb1002a5dd3de1c9314da2174e0dcfc1f0528366fb37281ed4bd44e4e3b5c282b1a480bf11868ad3d3c3d994ca9c482e6916cfd6b9e6e05666264ce088", &(0x7f0000000080)=""/65, 0x0, 0x0, 0x6, r1, 0x4}, 0x38)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
gettid()
socket$inet(0x2, 0x3, 0x2)
ioperm(0x0, 0x0, 0x3f)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
r2 = openat$procfs(0xffffff9c, 0x0, 0x0, 0x0)
setsockopt$nfc_llcp_NFC_LLCP_RW(r2, 0x118, 0x0, 0x0, 0x0)
symlink(&(0x7f0000000000)='./file1\x00', 0x0)
setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
r3 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_PORT_GET(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000880)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="01000000000000000000250000000e0001006e657464657673696d0000000f0002006e657464657673696d300000080003000000000085396d86033eebb3c66a2bd1317a5085b1d1f68c2d853854db6aea9185f457c97dcb779cf900cc84f3ead0bdf936e2a1c5fe6b0c70fc98ee41269ac1bdda717d52094598e8282df1840caad05451f571de527a5ecb83e63604f43148c1ae2a9ca8a68dff2aa8fe3c5894a643b9c291344a9ddb61412b0c2540b53690466aee0996fdf8d8670a108929432f1f7b3c543cc828110210641a", @ANYBLOB="33d670d9aa5d8ab3fdd34c3723b1a84a47f4f0cbc914c93b342b65592e8fe7d10d8cfa999df0c91349b300edc8cdb174f1b8207809015c20e12ee5b3654de62ef86c70e7fc558f1a9ac4479348b64b9a406d174202d380ac5300d291734697c93a20a5be76b929249116d50c77b880664129faa001c7b1467b8f88a518f7f782852a9c913eac65fae86d77154a9d03a807413bcd435df6ebf9468bfa7fc4aecfb3cc8f26ba2cd5304626b677ed98dd57536f7ab998bd5f08920a949471adc12b43f8e0d08ebea782b6d7c93eacf300244f31e716f610f8217fc68152be14b6f3296308156ef399841adb6a2f2ab3f015f08e39d28db6c6fc239b0f7de4eeea3185148ee929187c888d4d09e8b4bb5ffd5332f32559d316fca116a070b5f8c016a611a6402c7dac2dae955fecb16b51ec809f46eedc050035f1bb37ff60b6cdbfb9c12b601c99ebd48f4f28d2aa70c4cb13589304ed98c81728a8c850f4627312f42678a3ab36dbaa9333c77828eb2ba90a87f890bceae03bb6923ed454dbc3a98e67e78f81e4c4b8c567c5f18b028445ce3afb8a9f2c056c5f76dd6e8f5e87b3aca63c42394b5ace6af02cbd31fa434192a33bbbe26b309bb580943d7a2c83901ebe9a4cea120ee5b9630021c2f6e51506ade2725683167100824f6537adc085183901a50f2cf29ae77e328dc2bbaca53450fecad3496416d62321031752e0e29afc3909269fab38db76166e4867d421357a46d7aad742193034da09135cba9b56e7d936df1c654a473ef102b2e004e6575c473686966cb5c4ac8d3854bc7cdb16c4cf6669195a3dfd19cd390fc5d1cff5fac8941f040f9e58b4cf3a83f506f8a184323e61784cc5eb74e0eb019cadba07e4f241b875710fd5f88df60810bc38350420958086fd2aeeb78006a2054fb462aedff090de05a5e6ab1a2a3e71307db13f22f7df2f46a031a70a2625daf9c721c3e93f15baf8adce3c829f04c8c47d613762b1750b90c1b18b8c0cf6fb92c4ba195e9b149c598a7542091918ba796b40a33e201ebc7dffde779799033b56c7c7530644020518ece07378b152708a6071c376b8f6a879ab3d8d9b0e9bf4aa345115b6d1c785a73e42700b871b0a921819164bd495525af9f0fa7287fc138009cc3efdcf47d73ee511c990b01668d32e495f71b52a1f1a86912edbb8eb45d26d694f965c1d2f167ed80d97b127faf657e483e4f1ac9c8d9deb619d83f6e2f3592b94aa8b127775eddc8ce595e3c2b353cbad241ebe65a220a435e53f625afd3dd87cf2fc9b81bbefe625b6e0bd6fc409768e0efc897cb295f50f7ec59a033c44d645440f8fa7476f48f9f7fe8898ededee99679575f0648be195b5aa8a2f71ce055ac71f9c55474653ef60e0e7b9a4202ba1a8e080d8541ef23a33941b9dff48a53b2dde4d2328dd76bce527f88aee026e03963f905cd382dc0d30aaac95b11c04ac7f592326432f2bd1ca153a1e85c9f2ec61a0e4d66a61a24291cd7e012098c6fc88a157acc35a7b4060aa35bc999942cee30cfc397225634356526bc30e087e472944fe8e35f1a9b232f30bcc276d6aa259bdfbc867f1f4ef7ce018fc1b2cd22a5a8ec9efb5bdd2c66ab0e0b07e494004cb89a877c2bc2bce8e9876e8a80ab013e4abb42a1b66cc326d39fbdf351301a8e35c15f5beb909b35fc6a58f3fba033e222e00991b0b49c44901bba1fbdec80884a687db6d32e329e4f99b3553f4d2e0db200ae7003a836e8cbdbb4768a7d325ef47a5998035fed3f602e5376e07ce0a9239be867e3ac90d6572064c1ab187c7320d0e94c45a8580e20b01f15210c65742abf9880aa1bf5ead347270131353665ef464b3e7f5bab7dec110cce23fe25188753c3d60dfa3ab5caa87f76c603c051ca75ed5aba2d113d963e58c8460ec4912e61214265298dcf5a9c3f5237fccf4ff20ed7839737e44c0cde8b600798220742042a306a961ff7797eaaa1435431dfff0e123e9a6b8444e67c461ba4b873dd41260e65dd386bb7ea4014a16f16922c80ecbcfb0ac95a8eb587ece4c9f639805008c2b7397c6a06487c09be7233ee730cfcb8d37076ce64840e3aefa26727294961dfcc949bec9bec8bc4e891fa2f6fe9985ac08a56f69adee18b9844023c6218bc96189665bb4b3b471aa40e596dd071bb6711b734947d300764390f0f7ccd7c2b455030d537d7f6ba3eedf40a92eecb89c5e13eb3774093764e43f186d1b85fa4aabfa3be41a98c67bb5ed0de18b31084e915c531ad7407847873f129b69e36acb87b2215eb73ad2eed48ef2648389a243e6960360c986a13e7512272c4b4d234630a76445495afbeb6d7ff366e4c058f7ad04a8ecf2cdf5990a43da31cbbf569ca57d64e618ef84235dfafd196b4ad04cd30cc016dc0eea670f5394399367c79d00c05a5ec79bf624a63bb642bc5601c8f41c688643807d83dcc8b94e9976f9be814b0aced69628f161f73a2b3dfb3c0edfb9f4174c6135b16458393287a2b3c4a013d5d8dca2a9cd4dcc86e807233780871a921aba7b5844b1654324b80c07b5d17c643893488ea1712159f87b725e9e2287e73638771aa0f7e3b121844ef7a09d999759c332c57fcc8b133d5d622b94cae1f80edb1c7efde9bdbb1873c4f08fcdcc26607f4946c46138c7d9cd76f1fe8fe137a241c33cc440e4554aa62e832b4d8755610dfef9125188658d8b3fb2d62e26611c230a6bc8ceac6244ee5afd95578da854499c54ec066a80e04e731d2c47484f78c07bd410a8bee7462b515de47225a59d0b85d1e08b8f1f8938b45440d6743e9f1f9583ac251fbed6b6dd98a4cf9e7d67fedb6b2798110bd74d89571ca727034e1d3d5b89abac7f78ff4f5c236bb340b096f1627fc855c25bfb966d83744ca87dc33421771aed301fed07af62f31fe1327e413cf42cd5a32b5488d795edd8e84b81d42c3d9b9893cb8c12905b676c45b0f40133692a1686a8201ed4a3a842080107b14a7e030dafd95fe82c8c1d313cadc28f8e283dcf53991f8e7a62aa41166e337fbf8954522f93b0902b46029c34b521ac662ba4818e83365fcbe13f39bfca6b4562dd516af58113868a5ed0690a7cb4e98521b5db8eed76f7a98ff1aaa87f94c1e4dc2c1805e9c3b83ea5de69a707b29369a99f9b226ad0ce95437b75866e23adc447f2b2bc6bd75bfa85e73bb988fa1a80f12c1885a2970ed446a8788b7035f374756b7343d796a426fd9a0c0e1c3ea161b984a9c6eac3cf9b2f2f2cc91cbf805972d25c8e56c3c3336e43cfab7019b959c7b3d02fec75efd0a47f5ca624b3fcc518bce5233ca14e4659e0f7a7bfe2aac58e34d6c3d1c7c92070155c8492122ab297c164490d4ad3e274b67e1ae5a4b17f974b89f6b7fd9668b3a7b04bf7281bd43f8d81f30ca527444cde0f7aaab7c22031abad4aab060f2e4ecde9d26c2c3b4d5e0e55a213d22dff687bd79382fc31c42f6964a853e33e1a5440c878e69833e66fde71f401b26786765b180b27c8da854614f3f1d360b5b7cd86160be8caee58aa8df5e5c99953f9e3cbd1d7936d1dbf16cf583f47ab893229ab4958dc9265e24e9e8e5d73fc95a42cd450ccd40d89df7ae0eb53914ab4d06e45ea84ce9813b20a776bf0f13c20b40e55d4c9d5a29160e402f2e6c70a17030ae2826fca059c667ee771a7e6c90e93a042fdc3a4001e235e2ac8bc70c6f96aee80e446c4fc3d34713bb44fc22124ec8c23550c1a8475a97aed84c044a4b85657c15ffbdd1ac52999847ba8e4beacf95cd389e3ca396410001531ac47947dbc3225c75afb7ee3ffbcc93e79d7bd966b95ba139ac76d5fa5777495fec231a6d1a8ab83d89a3446b0c73c193e073b0fca38867c763b76275c243e320a13902cc931b871863fa78764da984487a2638bfbb969bbcb2c94311afc2b1c781c286535381c8b9b43d8d0fa1180c5d953cd35e80293b6c50dc61887982a2c7cd46ba52596d67ccf6096f1650c93e5d5174a8859aed7ecf1376202bc51a599d6c0bfd1642f83dc43ed8367d85297be5dbd23059deb469b0a69e5868d92966c133ff49e543c18ce6df89774948fd16d9f5314ecf705fb8f0184665ef6b81b019e1292bd541bb9ed72cc9bdee87cd77cda8308d7269a266dcf1497738cdc6ab4681dd38f5179b87aae97c6fe7dcde6386d4e95dbd69d29cc863da5437134928d1041a0de0680f23ea6acf120f666dbbea24996141b8826c6687c4cb4defb5033d03b9ea4c371e9d1749e574a67e9a5313eb03bd478a841321b3d01c8b90f88e3ef8db192dac9a33c27f868e18f2952ce2f4b4a28cdb00faf0d97749cff64762818bd91e88a28cb0c9c5e40ad8765091e2d2e3bf11c80aee2a4983b1c377aff84b935cc0256dfc5e2d5bc26baac49468a626f14b9b430005b6fb00b427da7abd7060947552e48349e789dcfc8d52c20f3e010d599ca298de5a27a8277ef747b25ffe907e55b3cef805e999718686d240bf2da3346cbaaf083c2155dfcc3ea6ebd43e59b0be2091d9638d5b1fdf1744d129a322b662f93767c1eaeb5ea5ca795a3a9344800ca57827090837ad9b5ace8e25031668d6b2ad6fe592b229a9be3eb9c034601ed6bdce822a48241754e6377f9178ee8980197fbcc9cad03674b7c1b5278d32ef7069d709c2e9a200184824e01bbad241c2894dd3d0395570d5904be509161f11bd07934e74a42dd24633c7db53053cd5b2110a5414712859cd1c6981432bd5b0522d4f234214c20a0f6cfbf87271cc1c8bcc09a910f69ed40b6d866bfa68ad449f1d1bb9c9f47800654fe6c842ad43e2f58c1fff9ab3eb55660ff589dc74bb6fa2fa1a55c46386ce8848259513c497261933229e1b7c09b54690d07faccb2ac98764f863471457c354e5aa8cc7a67ea38f628a427ff1d5b3f8f88e161528fd080a34861e475b623497a2e1534f6be203f05c6e683f4f6e27192d0ad87f4e2efbaa8241749caf4090a17725fc61f0b1e27889249b8373bf6ce51b917e017ea1e3911ba11a96363ab813531b489a00eaf0495306af6d9d3de923517105f435b8b2b9d1ad384eaf4b64d7435c3619928750ca4f73f9d6497f7bb20b46f4df0cef791cd0ae219e09e5dec8677f7d7c56d91d4ad64060e722314d9b07eb3ae14d8ae9b915ffcc289774b7d6909a7950af0b3a2fa0181c93313e4806aca268541bbbcc85824cd9b57ecec3dbc6a1e85cb033dd27bdd834af58154a36383071286094cc8415915fe9dde7a479eb0986969e06b61c877abf5e57c88fadcfa31aed6c1bc18812bc61dc5cfe6306bb07cc27227289baa302d045ff82e12bef653141efea37c7bf546451c8c0f4adfb6dca0622829ba6599a7da5e28f0ccf58630a3abba170031a528818de939e7429fccb21343514ecd87363057194e0828cad45ebde90f795c17a0fb7a53ad933f1df96091a9e9f75574182caf0d8f51315fd1c6a79a15e1e98c1ae420a50c451f98ae86dcd966f928c8d77ec6e406a868a1ca70aaf36598721d0035a89224995cff806e5c39f5d6306f9cff58e085a482275938f6fc0c831c2fe8cc0b113847bce77f56d80f16ded9fd6615aedd88be03557e5142270860a76e12a59615224b73220b2e2f48d10888dbeb24688b1e312004703ef43e2a5d3283134a3d6682dcf8497e5b8314f115da8024725c7b264630c34e430e2822573c508c733dcbe1b2951747905e905f37aea5d6fe05b8e17858e6b0a8530ec09f0aebce1920db5d3f279d52aa0a95f30e29d5cc289fe828c96f24011e41"], 0x3c}}, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r4)
r5 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r4, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c)
listen(r5, 0x0)
syz_emit_ethernet(0x52, &(0x7f0000000280)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x23}, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x1c, 0x6, 0x0, @local, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x7, 0xc2, 0x4, 0x0, 0x0, {[@generic={0xfe, 0x6, "ab5916a5"}]}}}}}}}}, 0x0)
r6 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r6, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000000)="2e00000010008188e6b62aa73772cc9f1ba1f848480000005e140602000000030e000a0010000000028000001294", 0x2e}], 0x1}, 0x8000)

1.229478346s ago: executing program 1 (id=535):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x201, 0x0)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1000002, 0x11012, r1, 0x0)
syz_clone(0x42164000, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="040e08000c08"], 0xb)
r2 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r2, 0x10e, 0xc, &(0x7f0000000280)={0x3}, 0x10)
sendmsg$nl_generic(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=ANY=[@ANYBLOB="200000001200010a00000000000000008000000001"], 0x26}}, 0x0)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000080), r0)

1.05010996s ago: executing program 0 (id=536):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.current\x00', 0x275a, 0x0)
ioctl$SIOCSIFHWADDR(r0, 0x40305839, &(0x7f0000000540)={'\x00', @link_local={0x1, 0x4, 0xc2, 0x5}})
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = socket$l2tp(0x2, 0x2, 0x73)
bind$l2tp(r2, &(0x7f00000000c0), 0x10)
sendto$l2tp(r2, &(0x7f0000000040)="e5786a0d000000000000c83b", 0xc, 0x0, &(0x7f0000000080)={0x2, 0x0, @loopback}, 0x10)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuset.effective_mems\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r3, 0x0)
recvfrom$l2tp(r2, &(0x7f0000000000)=""/12, 0xc, 0x40, 0x0, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0xfffffffffffffe01, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={{0x14}, [@NFT_MSG_NEWRULE={0x68, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x38, 0x4, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, @target={{0xb}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_TARGET_NAME={0x10, 0x1, 'CONNSECMARK\x00'}, @NFTA_TARGET_INFO={0x5, 0x3, "ef"}, @NFTA_TARGET_REV={0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_COMPAT={0x4}]}], {0x14}}, 0x90}}, 0x0)

1.049558249s ago: executing program 0 (id=537):
r0 = io_uring_setup(0x177f, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0xfffffffd})
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_MD5SIG(r1, 0x6, 0xe, &(0x7f0000000380)={@in6={{0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0x0, 0x0, 0x42, 0x0, "bd1c790806ed6dcd18899f9ea77ca9fb5184ff0ba54b7dfe784d2f6b7dcd9474d9b295588ac0b991d5c66461eca3f1ff5543acc6c970d0ad22d692e84d692972368e64c272da633a217b45fcc8b1ff3b"}, 0xd8)
setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000180)=0x100000001, 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r1, 0x6, 0x14, &(0x7f0000000340)=0x2, 0xa2)
connect$inet6(r1, &(0x7f0000000080)={0xa, 0x0, 0x0, @empty}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f0000000540), 0x3c)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f000000e0c0), 0x10010)
setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x1, &(0x7f0000000200)=@gcm_256={{0x304}, "00e0f07600", "832b4d2434b35bca8c0b78d2afff6d70d2025c7f53123828322d5af0d5c6c3a5", '`\a-N', "298f0e6df9ae9b3d"}, 0x38)
sendfile(r1, r2, &(0x7f0000000100)=0x8dff, 0x100000000010001)
r3 = syz_io_uring_setup(0xd2, &(0x7f0000000240), &(0x7f0000000040)=<r4=>0x0, &(0x7f0000000080)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f0000000200)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, 0x0, 0x0, {0x1}})
io_uring_enter(r3, 0x47ba, 0x0, 0x0, 0x0, 0xe0)
close_range(r0, 0xffffffffffffffff, 0x0)
io_uring_setup(0x17ba, &(0x7f00000004c0))
socket(0x11, 0xa, 0x0)

939.680555ms ago: executing program 1 (id=538):
r0 = socket(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
syz_genetlink_get_family_id$mptcp(&(0x7f0000000780), r2)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffff11feffffff000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c00"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000001240)=@newqdisc={0x78, 0x24, 0x5820a61ca228651, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c}}]}, 0x78}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000700)=@newtfilter={0x78, 0x2c, 0xd27, 0x1000, 0x0, {0xb, 0x0, 0x0, r3, {}, {}, {0xd}}, [@filter_kind_options=@f_basic={{0xa}, {0x48, 0x2, [@TCA_BASIC_EMATCHES={0x44, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x1002}}, @TCA_EMATCH_TREE_LIST={0x38, 0x2, 0x0, 0x1, [@TCF_EM_NBYTE={0x10, 0x1}, @TCF_EM_IPT={0x24, 0x2, 0x0, 0x0, {{0x3, 0x9, 0x6}, [@TCA_EM_IPT_MATCH_REVISION={0x5, 0x3, 0x1}, @TCA_EM_IPT_NFPROTO={0x5, 0x4, 0x1}, @TCA_EM_IPT_NFPROTO={0x5, 0x4, 0x5}]}}]}]}]}}]}, 0x78}}, 0x0)

939.158423ms ago: executing program 1 (id=539):
r0 = socket$kcm(0x10, 0x2, 0x0)
r1 = socket(0x200000100000011, 0x3, 0x0)
r2 = socket$packet(0x11, 0x3, 0x300)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r2, 0x8933, 0x0)
bind$packet(r1, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
syz_genetlink_get_family_id$nfc(&(0x7f0000000100), 0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_emit_ethernet(0x0, 0x0, 0x0)
socket$nl_generic(0x11, 0x3, 0x10)
socket$inet6_sctp(0xa, 0x5, 0x84)
syz_open_dev$usbfs(&(0x7f0000000000), 0xd, 0x800)
r6 = syz_io_uring_setup(0x117, &(0x7f0000000100), &(0x7f0000000280), &(0x7f0000000200))
r7 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
connect(r7, &(0x7f00000004c0)=@rc={0x1f, @none, 0x8}, 0x80)
io_uring_enter(r6, 0x47f6, 0x0, 0x0, 0x0, 0x0)
sendmsg$kcm(r0, &(0x7f0000000600)={0x0, 0xfffffffffffffd21, &(0x7f0000000000)=[{&(0x7f0000000080)="2e00000010008188e6b62aa73f72cc9f0ba1f848140000005e140602000000000e000a0010000000028000001294", 0x2e}], 0x1}, 0x24084040)

819.225872ms ago: executing program 0 (id=540):
syz_usb_connect(0x2, 0x3d, &(0x7f00000001c0)=ANY=[@ANYBLOB="12010000bdce4208110f80106afc0000000109022b00010000000009043700022ee5cd0009058010ff037f790209050e0320000980070705ab0b78"], 0x0)
r0 = syz_open_dev$char_usb(0xc, 0xb4, 0x80000000)
writev(r0, &(0x7f00000002c0)=[{&(0x7f0000000080)='j', 0x1}], 0x1)

567.49759ms ago: executing program 2 (id=541):
r0 = socket$packet(0x11, 0x3, 0x300)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000000)={'wlan1\x00', <r3=>0x0})
sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000680)=ANY=[@ANYBLOB="98030000", @ANYRES16=r2, @ANYBLOB="010028057000fcdbdf253b00000008000300", @ANYRES32=r3, @ANYBLOB="04008e00080057001b0a000004006c000500190107000000080026006c0900005603330080b0c000ffffffffffff080211000001bae9ee14d4284d73c826d8bce62c"], 0x398}}, 0x7000000)

567.191826ms ago: executing program 2 (id=542):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x18, 0x10, &(0x7f00000000c0)=ANY=[@ANYBLOB, @ANYBLOB="0000000000000000b70500000800000085000000a50000009500"], &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0xe, 0x0, &(0x7f0000000b80)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000040), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0)
r0 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000540), 0x23)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0xe, 0x0, &(0x7f0000000200)="63eced8e2613c2b346dc3f0a7387", 0x0, 0x0, 0x0, 0x0, 0x36, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x4, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
kcmp(0x0, 0x0, 0x2, 0xffffffffffffffff, 0xffffffffffffffff)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x0, 0x1)
r4 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_INIT(r4, 0x0, 0xc8, &(0x7f0000000000), 0x4)
setsockopt$MRT_DONE(r4, 0x0, 0x5, 0x0, 0x0)
mount$afs(&(0x7f0000000040)=@cell={0x25, 'syz1:', 'syz0'}, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, 0x0)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000480), r5)
r7 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000440), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r7, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000140)={<r8=>0xffffffffffffffff}, 0x106, 0x9}}, 0x20)
write$RDMA_USER_CM_CMD_SET_OPTION(r7, &(0x7f00000000c0)={0xe, 0x18, 0xfa00, @id_tos={&(0x7f0000000080), r8, 0x0, 0x3, 0x1}}, 0x20)
sendmsg$NLBL_CIPSOV4_C_ADD(r5, &(0x7f0000000700)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000000)={0x28, r6, 0x207, 0x0, 0x0, {}, [@NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x1}, @NLBL_CIPSOV4_A_TAGLST={0x4}, @NLBL_CIPSOV4_A_DOI={0x8, 0x1, 0x3}]}, 0x28}}, 0x0)
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)

0s ago: executing program 1 (id=543):
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r1 = gettid()
sendmsg$unix(0xffffffffffffffff, 0x0, 0x0)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc))
iopl(0x3)
socket$nl_route(0x10, 0x3, 0x0)
syz_io_uring_setup(0x0, 0x0, &(0x7f0000000100), 0x0)
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r2 = mq_open(&(0x7f000084dff0)='!selinuxselinux\x00', 0x6e93ebbbcc0884f2, 0x0, &(0x7f0000000300)={0x0, 0x1, 0x7})
mq_timedsend(r2, 0x0, 0x0, 0x0, 0x0)
mq_timedsend(r2, 0x0, 0x0, 0x0, 0x0)
sendmsg$netlink(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000001ac0)=[{&(0x7f0000003080)=ANY=[@ANYBLOB="9c020000230001000000000000000000550200800c000100"], 0x29c}], 0x1}, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x2, @sliced={0x8, [0x7d00, 0x9, 0xa4c, 0x4, 0x9d5, 0x1, 0x4, 0x1000, 0x7, 0x0, 0x8, 0x7, 0x1, 0x89b2, 0x8, 0x9, 0x3, 0x6, 0xe667, 0x0, 0x7, 0x800, 0xa, 0x4, 0xff, 0x6, 0xe7f, 0x101, 0x80, 0xd11, 0x6, 0x0, 0x480, 0x8000, 0x77, 0x8000, 0x9, 0x3, 0x4, 0xd164, 0x6, 0x6787, 0x5913, 0x6, 0xd, 0x8, 0x5, 0x7ff]}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
add_key(&(0x7f0000000180)='.dead\x00', 0x0, &(0x7f00000002c0), 0x0, 0xfffffffffffffffb)
remap_file_pages(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x0, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
prctl$PR_MCE_KILL(0x21, 0x1, 0x0)
r4 = syz_open_dev$vim2m(&(0x7f0000000400), 0x0, 0x2)
ioctl$vim2m_VIDIOC_CREATE_BUFS(r4, 0xc0f8565c, &(0x7f0000000440)={0x0, 0xe8d, 0x1, {0x1, @win={{0x0, 0xffffffff, 0x100000, 0x4}, 0x0, 0x195, 0x0, 0x0, 0x0, 0xfd}}})
ioctl$vim2m_VIDIOC_QUERYBUF(r4, 0xc04c5609, &(0x7f00000000c0)=@multiplanar_mmap={0x0, 0x3, 0x4, 0x70000, 0xffffffff, {0x77359400}, {0x4, 0x8, 0x5, 0x4, 0x1, 0x0, "e492f234"}, 0x2309, 0x1, {&(0x7f0000000240)=[{0xfe2, 0x2, {0x2}, 0x3}, {0xca9, 0x5, {0x10000}, 0x296}]}})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
write$RDMA_USER_CM_CMD_RESOLVE_IP(0xffffffffffffffff, 0x0, 0x0)

kernel console output (not intermixed with test programs):

1 ip=0xf7f73579 code=0x7ffc0000
[   38.782670][   T39] audit: type=1326 audit(1729441621.072:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5411 comm="syz.0.1" exe="/syz-executor" sig=0 arch=40000003 syscall=399 compat=1 ip=0xf7f73579 code=0x7ffc0000
[   38.787134][ T5418] 8021q: adding VLAN 0 to HW filter on device batadv0
[   38.788827][   T39] audit: type=1326 audit(1729441621.072:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5411 comm="syz.0.1" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f73579 code=0x7ffc0000
[   38.790762][ T5418] team0: Port device batadv0 added
[   38.813661][ T5424] netlink: 'syz.2.3': attribute type 1 has an invalid length.
[   38.816960][ T5424] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[   38.819826][ T5424] IPv6: NLM_F_CREATE should be set when creating new route
[   39.147772][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[   39.150375][    T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!!
[   39.152684][    T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!!
[   39.154811][    T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!!
[   39.310431][ T5432] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6'.
[   39.459288][ T5437] sit1: entered promiscuous mode
[   39.460902][ T5437] sit1: entered allmulticast mode
[   39.546473][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   39.548964][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   39.557695][ T5436] Failed to enqueue queue_pair DETACH event datagram for context (ID=0x0)
[   39.619962][    T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!!
[   39.622145][    T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!!
[   39.751477][ T5442] netlink: 'syz.0.7': attribute type 10 has an invalid length.
[   39.761193][ T5442] 8021q: adding VLAN 0 to HW filter on device batadv0
[   39.764706][ T5442] team0: Port device batadv0 added
[   40.614426][ T5357] Bluetooth: hci1: command tx timeout
[   40.617183][ T5357] Bluetooth: hci0: command tx timeout
[   40.618796][ T5352] Bluetooth: hci2: command tx timeout
[   40.619092][ T5357] Bluetooth: hci3: command tx timeout
[   40.649549][ T5453] netlink: 'syz.0.11': attribute type 10 has an invalid length.
[   40.673166][ T5455] netlink: 'syz.2.12': attribute type 10 has an invalid length.
[   40.685589][ T5455] 8021q: adding VLAN 0 to HW filter on device batadv0
[   40.688565][ T5455] team0: Port device batadv0 added
[   40.908162][ T5461] netlink: 'syz.1.14': attribute type 10 has an invalid length.
[   40.918407][ T5461] 8021q: adding VLAN 0 to HW filter on device batadv0
[   40.923085][ T5461] team0: Port device batadv0 added
[   41.289476][ T5467] loop7: detected capacity change from 0 to 16384
[   41.471317][ T5466] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   41.476712][ T5469] netlink: 4 bytes leftover after parsing attributes in process `syz.2.17'.
[   42.656736][ T5357] Bluetooth: hci3: command 0x040f tx timeout
[   42.657997][   T65] Bluetooth: hci2: command tx timeout
[   42.658818][ T5357] Bluetooth: hci0: command tx timeout
[   42.659859][ T5352] Bluetooth: hci1: command tx timeout
[   42.999513][ T5492] netlink: 'syz.0.20': attribute type 10 has an invalid length.
[   43.167028][ T5494] netlink: 'syz.3.22': attribute type 10 has an invalid length.
[   43.176416][ T5494] bridge0: port 2(bridge_slave_1) entered disabled state
[   43.178703][ T5494] bridge0: port 1(bridge_slave_0) entered disabled state
[   43.184512][ T5494] bridge0: port 2(bridge_slave_1) entered blocking state
[   43.186432][ T5494] bridge0: port 2(bridge_slave_1) entered forwarding state
[   43.188384][ T5494] bridge0: port 1(bridge_slave_0) entered blocking state
[   43.190221][ T5494] bridge0: port 1(bridge_slave_0) entered forwarding state
[   43.193843][ T5494] bond0: (slave bridge0): Enslaving as an active interface with an up link
[   43.314680][ T5500] netlink: 'syz.3.23': attribute type 10 has an invalid length.
[   44.427822][ T5524] netlink: 'syz.2.29': attribute type 10 has an invalid length.
[   44.736419][   T65] Bluetooth: hci3: command 0x040f tx timeout
[   44.738529][   T65] Bluetooth: hci2: command tx timeout
[   44.740377][   T65] Bluetooth: hci1: command tx timeout
[   44.741280][ T5353] Bluetooth: hci0: command tx timeout
[   44.914335][ T5534] netlink: 'syz.3.31': attribute type 10 has an invalid length.
[   45.829354][ T5555] netlink: 'syz.3.37': attribute type 10 has an invalid length.
[   45.958186][ T5561] netlink: 24 bytes leftover after parsing attributes in process `syz.0.38'.
[   45.991854][ T5561] trusted_key: syz.0.38 sent an empty control message without MSG_MORE.
[   46.260258][ T5563] x_tables: (null)_tables: DNAT target: only valid in nat table, not syz0
[   46.278614][ T5563] netlink: 100 bytes leftover after parsing attributes in process `syz.0.39'.
[   46.283195][ T5563] netlink: 100 bytes leftover after parsing attributes in process `syz.0.39'.
[   46.342612][ T5564] netlink: 209844 bytes leftover after parsing attributes in process `syz.0.39'.
[   46.616742][   T35] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[   46.702649][ T5571] =======================================================
[   46.702649][ T5571] WARNING: The mand mount option has been deprecated and
[   46.702649][ T5571]          and is ignored by this kernel. Remove the mand
[   46.702649][ T5571]          option from the mount to silence this warning.
[   46.702649][ T5571] =======================================================
[   46.717955][ T5571] Mount JFS Failure: -22
[   46.770199][   T35] usb 5-1: config index 0 descriptor too short (expected 23569, got 27)
[   46.772510][   T35] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   46.775976][   T35] usb 5-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[   46.779000][   T35] usb 5-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[   46.781260][   T35] usb 5-1: Manufacturer: syz
[   46.803974][   T35] usb 5-1: config 0 descriptor??
[   46.816423][ T5353] Bluetooth: hci3: command 0x040f tx timeout
[   46.846414][   T35] rc_core: IR keymap rc-hauppauge not found
[   46.848697][   T35] Registered IR keymap rc-empty
[   46.851104][   T35] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.0/rc/rc0
[   46.855702][   T35] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.0/rc/rc0/input5
[   47.509614][   T30] usb 5-1: USB disconnect, device number 2
[   47.880707][ T5586] netlink: 4 bytes leftover after parsing attributes in process `syz.3.43'.
[   47.967520][ T5586] cdrom: dropping to single frame dma
[   48.248241][ T5599] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.48'.
[   48.250834][ T5599] openvswitch: netlink: Tunnel attr 8192 out of range max 16
[   48.279676][ T5602] netlink: 'syz.2.49': attribute type 10 has an invalid length.
[   48.281765][ T5602] netlink: 55 bytes leftover after parsing attributes in process `syz.2.49'.
[   48.288428][ T5602] team0: Port device virt_wifi0 added
[   48.770136][ T5618] netlink: 12 bytes leftover after parsing attributes in process `syz.2.49'.
[   48.974763][ T5621] netlink: 'syz.0.51': attribute type 10 has an invalid length.
[   49.718878][ T5636] Bluetooth: MGMT ver 1.23
[   49.810299][ T5636] netlink: 'syz.0.54': attribute type 10 has an invalid length.
[   49.867223][ T5636] team0: Port device wlan1 added
[   50.191641][ T5641] macvtap0: entered promiscuous mode
[   50.193575][ T5641] macvtap0: left promiscuous mode
[   50.228214][ T5643] netlink: 'syz.3.57': attribute type 25 has an invalid length.
[   50.230355][ T5643] netlink: 'syz.3.57': attribute type 44 has an invalid length.
[   50.323028][ T5646] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   50.390101][ T5646] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   50.450872][ T5646] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   50.515694][ T5646] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   50.602754][ T5646] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   50.607579][ T5646] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   50.612389][ T5646] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   50.617408][ T5646] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   50.996111][ T5656] netlink: 'syz.1.60': attribute type 10 has an invalid length.
[   51.272403][ T5660] bond1: entered promiscuous mode
[   51.273827][ T5660] bond1: entered allmulticast mode
[   51.275607][ T5660] 8021q: adding VLAN 0 to HW filter on device bond1
[   51.332702][ T5660] bond1 (unregistering): Released all slaves
[   51.371147][ T5665] netlink: 4 bytes leftover after parsing attributes in process `syz.2.63'.
[   51.375863][ T5665] netlink: 12 bytes leftover after parsing attributes in process `syz.2.63'.
[   51.468271][ T5666] netlink: 'syz.0.61': attribute type 10 has an invalid length.
[   52.141220][ T5675] netlink: 'syz.1.64': attribute type 10 has an invalid length.
[   52.145450][ T5678] netlink: 'syz.2.66': attribute type 10 has an invalid length.
[   52.363067][ T5689] netlink: 'syz.3.68': attribute type 10 has an invalid length.
[   52.650152][ T5695] openvswitch: netlink: Missing key (keys=40, expected=100)
[   52.687904][ T5696] input: syz1 as /devices/virtual/input/input6
[   52.699448][ T5696] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   52.748005][   T57] libceph: connect (1)[c::]:6789 error -101
[   52.750131][   T57] libceph: mon0 (1)[c::]:6789 connect error
[   52.828147][ T5698] ceph: No mds server is up or the cluster is laggy
[   53.181245][ T5709] bond1: entered promiscuous mode
[   53.182919][ T5709] bond1: entered allmulticast mode
[   53.185176][ T5709] 8021q: adding VLAN 0 to HW filter on device bond1
[   53.246457][ T5709] bond1 (unregistering): Released all slaves
[   53.271785][ T5711] bond1: entered promiscuous mode
[   53.273741][ T5711] bond1: entered allmulticast mode
[   53.275948][ T5711] 8021q: adding VLAN 0 to HW filter on device bond1
[   53.341996][ T5711] bond1 (unregistering): Released all slaves
[   53.410989][ T5717] bond1: entered promiscuous mode
[   53.413105][ T5717] bond1: entered allmulticast mode
[   53.415445][ T5717] 8021q: adding VLAN 0 to HW filter on device bond1
[   53.645665][ T5717] bond1 (unregistering): Released all slaves
[   53.770531][ T5723] netlink: 'syz.0.77': attribute type 10 has an invalid length.
[   54.258226][ T5727] netlink: 'syz.3.78': attribute type 10 has an invalid length.
[   55.418692][ T5752] validate_nla: 2 callbacks suppressed
[   55.418728][ T5752] netlink: 'syz.2.83': attribute type 10 has an invalid length.
[   56.335320][ T5769] netlink: 'syz.3.85': attribute type 10 has an invalid length.
[   57.893507][ T5796] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   58.180082][ T5810] input: syz1 as /devices/virtual/input/input7
[   58.388232][ T5812] netlink: 'syz.2.100': attribute type 10 has an invalid length.
[   58.834980][ T5828] netlink: 4 bytes leftover after parsing attributes in process `syz.0.105'.
[   58.838001][ T5828] netlink: 12 bytes leftover after parsing attributes in process `syz.0.105'.
[   58.843794][ T5830] netlink: 4 bytes leftover after parsing attributes in process `syz.3.106'.
[   58.849376][ T5830] netlink: 12 bytes leftover after parsing attributes in process `syz.3.106'.
[   59.068448][ T5846] netlink: 4 bytes leftover after parsing attributes in process `syz.0.110'.
[   59.345856][ T5854] input: syz0 as /devices/virtual/input/input8
[   59.895919][ T5863] netlink: 4 bytes leftover after parsing attributes in process `syz.1.116'.
[   59.908794][ T5864] FAULT_INJECTION: forcing a failure.
[   59.908794][ T5864] name failslab, interval 1, probability 0, space 0, times 1
[   59.912173][ T5864] CPU: 1 UID: 0 PID: 5864 Comm: syz.3.115 Not tainted 6.12.0-rc3-syzkaller-00420-g715ca9dd687f #0
[   59.914949][ T5864] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   59.917760][ T5864] Call Trace:
[   59.918648][ T5864]  <TASK>
[   59.919430][ T5864]  dump_stack_lvl+0x16c/0x1f0
[   59.920699][ T5864]  should_fail_ex+0x497/0x5b0
[   59.921953][ T5864]  ? fs_reclaim_acquire+0xae/0x150
[   59.923304][ T5864]  should_failslab+0xc2/0x120
[   59.924593][ T5864]  __kmalloc_noprof+0xcb/0x410
[   59.925890][ T5864]  ? __pfx_d_absolute_path+0x10/0x10
[   59.927307][ T5864]  tomoyo_encode2+0x100/0x3e0
[   59.928737][ T5864]  tomoyo_realpath_from_path+0x1a7/0x710
[   59.930220][ T5864]  tomoyo_path_number_perm+0x245/0x5b0
[   59.931661][ T5864]  ? tomoyo_path_number_perm+0x232/0x5b0
[   59.933156][ T5864]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[   59.934751][ T5864]  ? trace_lock_acquire+0x14a/0x1d0
[   59.936137][ T5864]  ? lock_acquire+0x2f/0xb0
[   59.937334][ T5864]  ? __fget_files+0x40/0x3f0
[   59.938667][ T5864]  ? __fget_files+0x244/0x3f0
[   59.939939][ T5864]  security_file_ioctl_compat+0x9b/0x240
[   59.941417][ T5864]  __do_compat_sys_ioctl+0x52/0x2b0
[   59.942782][ T5864]  __do_fast_syscall_32+0x73/0x120
[   59.944154][ T5864]  do_fast_syscall_32+0x32/0x80
[   59.945436][ T5864]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[   59.947090][ T5864] RIP: 0023:0xf7f01579
[   59.948185][ T5864] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[   59.953193][ T5864] RSP: 002b:00000000f564456c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[   59.955459][ T5864] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000000005101
[   59.957524][ T5864] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   59.959575][ T5864] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   59.961637][ T5864] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[   59.963696][ T5864] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   59.965790][ T5864]  </TASK>
[   59.976773][   T39] kauditd_printk_skb: 4 callbacks suppressed
[   59.976783][   T39] audit: type=1326 audit(1729441642.452:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5865 comm="syz.1.117" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf73be579 code=0x0
[   59.996419][ T5864] ERROR: Out of memory at tomoyo_realpath_from_path.
[   60.794133][ T5880] netlink: 4 bytes leftover after parsing attributes in process `syz.3.121'.
[   60.801938][ T5880] 8021q: adding VLAN 0 to HW filter on device team1
[   60.904001][ T5888] netlink: 4 bytes leftover after parsing attributes in process `syz.1.125'.
[   60.973763][ T5896] netlink: 'syz.2.129': attribute type 10 has an invalid length.
[   60.981042][ T5896] netlink: 'syz.2.129': attribute type 10 has an invalid length.
[   60.983042][ T5896] netlink: 2 bytes leftover after parsing attributes in process `syz.2.129'.
[   60.985348][ T5896] team0: entered promiscuous mode
[   60.987086][ T5896] team_slave_0: entered promiscuous mode
[   60.989630][ T5896] team_slave_1: entered promiscuous mode
[   60.991287][ T5896] batadv0: entered promiscuous mode
[   60.992746][ T5896] net veth1_virt_wifi virt_wifi0: entered promiscuous mode
[   60.995428][ T5896] 8021q: adding VLAN 0 to HW filter on device team0
[   60.997385][ T5896] bridge0: port 3(team0) entered blocking state
[   60.999076][ T5896] bridge0: port 3(team0) entered disabled state
[   61.000786][ T5896] team0: entered allmulticast mode
[   61.002234][ T5896] team_slave_0: entered allmulticast mode
[   61.003729][ T5896] team_slave_1: entered allmulticast mode
[   61.005199][ T5896] batadv0: entered allmulticast mode
[   61.006673][ T5896] net veth1_virt_wifi virt_wifi0: entered allmulticast mode
[   61.010102][ T5896] bridge0: port 3(team0) entered blocking state
[   61.011757][ T5896] bridge0: port 3(team0) entered forwarding state
[   61.049970][   T25] usb 8-1: new high-speed USB device number 2 using dummy_hcd
[   61.110604][ T5905] netlink: 'syz.2.133': attribute type 8 has an invalid length.
[   61.113496][ T5905] ata3.00: invalid multi_count 1 ignored
[   61.161673][ T5906] netlink: 'syz.1.127': attribute type 10 has an invalid length.
[   61.165968][ T5907] netlink: 'syz.2.133': attribute type 1 has an invalid length.
[   61.168119][ T5907] netlink: 244 bytes leftover after parsing attributes in process `syz.2.133'.
[   61.170497][ T5907] NCSI netlink: No device for ifindex 0
[   61.196420][   T25] usb 8-1: Using ep0 maxpacket: 32
[   61.199766][   T25] usb 8-1: config index 0 descriptor too short (expected 29220, got 36)
[   61.201874][   T25] usb 8-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[   61.211404][   T25] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 81
[   61.213715][   T25] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[   61.216088][   T25] usb 8-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[   61.219109][   T25] usb 8-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[   61.222398][   T25] usb 8-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[   61.224685][   T25] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   61.231671][   T25] usb 8-1: config 0 descriptor??
[   61.356433][   T45] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled
[   61.359041][   T45] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled
[   61.395191][ T5918] REISERFS warning (device nullb0): super-6502 reiserfs_getopt: unknown mount option "&@"
[   61.438748][   T25] usblp 8-1:0.0: usblp0: USB Bidirectional printer dev 2 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[   61.442452][   T25] usb 8-1: USB disconnect, device number 2
[   61.446792][   T25] usblp0: removed
[   61.896357][    T8] usb 8-1: new high-speed USB device number 3 using dummy_hcd
[   62.136394][    T8] usb 8-1: Using ep0 maxpacket: 32
[   62.141146][    T8] usb 8-1: config index 0 descriptor too short (expected 29220, got 36)
[   62.143950][    T8] usb 8-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[   62.146994][    T8] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 81
[   62.150116][    T8] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[   62.153508][    T8] usb 8-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[   62.156819][    T8] usb 8-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[   62.161126][    T8] usb 8-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[   62.164194][    T8] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   62.175900][    T8] usb 8-1: config 0 descriptor??
[   62.397732][    T8] usblp 8-1:0.0: usblp0: USB Bidirectional printer dev 3 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[   62.596427][ T5948] team0: Port device team_slave_0 removed
[   62.598004][ T5880] Illegal XDP return value 4294967294 on prog  (id 14) dev N/A, expect packet loss!
[   62.605064][ T5880] usb usb9: usbfs: process 5880 (syz.3.121) did not claim interface 0 before use
[   62.628414][    T8] usb 8-1: USB disconnect, device number 3
[   62.638344][    T8] usblp0: removed
[   62.691507][ T5953] capability: warning: `syz.2.150' uses deprecated v2 capabilities in a way that may be insecure
[   62.776172][ T5954] Bluetooth: MGMT ver 1.23
[   62.817852][ T5953] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[   62.820288][ T5953] Bluetooth: hci1: Opcode 0x0406 failed: -4
[   62.826041][ T5953] Bluetooth: hci1: Opcode 0x0406 failed: -4
[   62.830271][ T5953] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[   62.832090][ T5953] Bluetooth: hci2: Opcode 0x0406 failed: -4
[   62.834654][ T5953] Bluetooth: hci2: Opcode 0x0406 failed: -4
[   62.837060][ T5953] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[   62.838649][ T5953] Bluetooth: hci3: Opcode 0x0406 failed: -4
[   62.841113][ T5953] Bluetooth: hci3: Opcode 0x0406 failed: -4
[   63.212023][ T5974] syz.0.157 uses obsolete (PF_INET,SOCK_PACKET)
[   63.695028][ T5992] netlink: 'syz.0.161': attribute type 10 has an invalid length.
[   63.762846][ T5992] team0: Port device netdevsim0 added
[   63.764631][ T5993] netlink: 'syz.0.161': attribute type 10 has an invalid length.
[   63.770468][ T5993] team0: Port device netdevsim0 removed
[   63.773676][ T5993] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[   64.647304][ T6016] netlink: 'syz.0.166': attribute type 10 has an invalid length.
[   64.816352][ T5352] Bluetooth: hci0: command 0x0c1a tx timeout
[   64.818768][ T5353] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[   64.896803][ T5353] Bluetooth: hci2: command 0x0c1a tx timeout
[   64.896806][ T5352] Bluetooth: hci1: command 0x0c1a tx timeout
[   64.896844][ T5357] Bluetooth: hci3: command 0x040f tx timeout
[   64.900971][ T6027] __nla_validate_parse: 6 callbacks suppressed
[   64.900979][ T6027] netlink: 12 bytes leftover after parsing attributes in process `syz.3.172'.
[   64.944794][ T6033] netlink: 'syz.3.174': attribute type 1 has an invalid length.
[   64.947541][ T6033] netlink: 636 bytes leftover after parsing attributes in process `syz.3.174'.
[   65.230941][ T6053] openvswitch: netlink: Missing key (keys=40, expected=100)
[   65.519457][ T6068] netlink: 14 bytes leftover after parsing attributes in process `syz.0.182'.
[   65.818336][ T6068] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   65.822521][ T6068] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   65.826513][ T6068] bond0 (unregistering): (slave netdevsim0): Releasing backup interface
[   65.830169][ T6068] bond0 (unregistering): Released all slaves
[   65.971501][ T6071] netlink: 'syz.1.183': attribute type 10 has an invalid length.
[   66.225062][ T6078] bridge0: port 4(syz_tun) entered blocking state
[   66.227262][ T6078] bridge0: port 4(syz_tun) entered disabled state
[   66.229207][ T6078] syz_tun: entered allmulticast mode
[   66.231709][ T6078] syz_tun: entered promiscuous mode
[   66.233990][ T6078] bridge0: port 4(syz_tun) entered blocking state
[   66.235894][ T6078] bridge0: port 4(syz_tun) entered forwarding state
[   66.266931][ T6080] netlink: 12 bytes leftover after parsing attributes in process `syz.2.187'.
[   66.282601][ T5357] Bluetooth: hci1: SCO packet for unknown connection handle 1955
[   66.337672][ T6087] 9pnet: p9_errstr2errno: server reported unknown error 184467
[   66.342902][ T6087] binder: BINDER_SET_CONTEXT_MGR already set
[   66.344671][ T6087] binder: 6085:6087 ioctl 4018620d 200002c0 returned -16
[   66.433826][ T6097] netlink: 'syz.2.192': attribute type 10 has an invalid length.
[   66.437943][ T6097] ipvlan1: entered promiscuous mode
[   66.444926][ T6097] team0: Device ipvlan1 failed to register rx_handler
[   66.880557][ T6108] FAULT_INJECTION: forcing a failure.
[   66.880557][ T6108] name fail_usercopy, interval 1, probability 0, space 0, times 1
[   66.884047][ T6108] CPU: 2 UID: 0 PID: 6108 Comm: syz.2.196 Not tainted 6.12.0-rc3-syzkaller-00420-g715ca9dd687f #0
[   66.886770][ T6108] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   66.890461][ T6108] Call Trace:
[   66.891631][ T6108]  <TASK>
[   66.892691][ T6108]  dump_stack_lvl+0x16c/0x1f0
[   66.894133][ T6108]  should_fail_ex+0x497/0x5b0
[   66.895788][ T6108]  _copy_from_user+0x30/0xf0
[   66.897418][ T6108]  get_compat_msghdr+0xa8/0x170
[   66.899111][ T6108]  ? __pfx_get_compat_msghdr+0x10/0x10
[   66.901054][ T6108]  ? __pfx___lock_acquire+0x10/0x10
[   66.902896][ T6108]  ___sys_sendmsg+0x1b0/0x1e0
[   66.904640][ T6108]  ? __pfx____sys_sendmsg+0x10/0x10
[   66.906501][ T6108]  ? lock_acquire+0x2f/0xb0
[   66.908158][ T6108]  ? __fget_files+0x40/0x3f0
[   66.909385][ T6108]  ? __pfx___might_resched+0x10/0x10
[   66.910764][ T6108]  ? fdget+0x176/0x210
[   66.911840][ T6108]  __sys_sendmmsg+0x2a5/0x450
[   66.913067][ T6108]  ? __pfx___sys_sendmmsg+0x10/0x10
[   66.914425][ T6108]  ? vfs_write+0x14d/0x1140
[   66.915622][ T6108]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[   66.917189][ T6108]  ? fput+0x30/0x390
[   66.918218][ T6108]  ? ksys_write+0x1ad/0x260
[   66.919403][ T6108]  ? __pfx_ksys_write+0x10/0x10
[   66.920683][ T6108]  __ia32_compat_sys_sendmmsg+0x9d/0x100
[   66.922136][ T6108]  ? syscall_enter_from_user_mode_prepare+0x68/0xe0
[   66.923858][ T6108]  __do_fast_syscall_32+0x73/0x120
[   66.925186][ T6108]  do_fast_syscall_32+0x32/0x80
[   66.926456][ T6108]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[   66.928100][ T6108] RIP: 0023:0xf748e579
[   66.929164][ T6108] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[   66.934085][ T6108] RSP: 002b:00000000f577656c EFLAGS: 00000296 ORIG_RAX: 0000000000000159
[   66.936233][ T6108] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000200038c0
[   66.938269][ T6108] RDX: 00000000ffffff06 RSI: 0000000000000000 RDI: 0000000000000000
[   66.940310][ T6108] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   66.942341][ T6108] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[   66.944392][ T6108] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   66.946428][ T6108]  </TASK>
[   66.976451][ T5357] Bluetooth: hci2: command 0x0c1a tx timeout
[   66.976461][   T65] Bluetooth: hci3: command 0x040f tx timeout
[   66.989522][ T5357] Bluetooth: hci1: command 0x0c1a tx timeout
[   67.398605][ T6126] netlink: 'syz.2.200': attribute type 10 has an invalid length.
[   67.617014][ T6140] netlink: 4 bytes leftover after parsing attributes in process `syz.1.207'.
[   67.619729][ T6140] netlink: 4 bytes leftover after parsing attributes in process `syz.1.207'.
[   67.757347][ T6145] mmap: syz.1.209 (6145) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[   67.879295][ T6152] delete_channel: no stack
[   67.923587][ T6154] bond2: entered promiscuous mode
[   67.924996][ T6154] bond2: entered allmulticast mode
[   67.938133][ T6154] 8021q: adding VLAN 0 to HW filter on device bond2
[   67.999409][ T6154] bond2 (unregistering): Released all slaves
[   68.650936][ T6184] netlink: 'syz.0.221': attribute type 1 has an invalid length.
[   68.660436][ T6184] 8021q: adding VLAN 0 to HW filter on device bond0
[   68.660690][ T6150] delete_channel: no stack
[   68.669422][ T6184] 8021q: adding VLAN 0 to HW filter on device bond0
[   68.671340][ T6184] bond0: (slave ip6tnl1): The slave device specified does not support setting the MAC address
[   68.674517][ T6184] bond0: (slave ip6tnl1): Error -95 calling set_mac_address
[   68.774793][ T6190] netlink: 4 bytes leftover after parsing attributes in process `syz.0.222'.
[   68.797015][ T6194] netlink: 4 bytes leftover after parsing attributes in process `syz.0.224'.
[   69.056437][   T65] Bluetooth: hci3: command 0x040f tx timeout
[   69.066465][   T65] Bluetooth: hci1: command 0x0c1a tx timeout
[   69.067134][ T5353] Bluetooth: hci2: command 0x0c1a tx timeout
[   69.072879][ T5357] Bluetooth: hci1: Opcode 0x206a failed: -110
[   69.504509][ T6211] netlink: 'syz.0.230': attribute type 9 has an invalid length.
[   69.506695][ T6211] netlink: 134660 bytes leftover after parsing attributes in process `syz.0.230'.
[   70.658200][ T1374] ieee802154 phy0 wpan0: encryption failed: -22
[   70.660098][ T1374] ieee802154 phy1 wpan1: encryption failed: -22
[   71.136498][ T5357] Bluetooth: hci3: command 0x040f tx timeout
[   71.146403][ T5357] Bluetooth: hci1: command 0x0c1a tx timeout
[   71.593260][ T6219] FAULT_INJECTION: forcing a failure.
[   71.593260][ T6219] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   71.597216][ T6219] CPU: 1 UID: 0 PID: 6219 Comm: syz.1.233 Not tainted 6.12.0-rc3-syzkaller-00420-g715ca9dd687f #0
[   71.599947][ T6219] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   71.602913][ T6219] Call Trace:
[   71.603803][ T6219]  <TASK>
[   71.604575][ T6219]  dump_stack_lvl+0x16c/0x1f0
[   71.605806][ T6219]  should_fail_ex+0x497/0x5b0
[   71.607043][ T6219]  ? fs_reclaim_acquire+0xae/0x150
[   71.608378][ T6219]  should_fail_alloc_page+0xe7/0x130
[   71.609754][ T6219]  prepare_alloc_pages.constprop.0+0x16f/0x560
[   71.611343][ T6219]  ? __pfx_mark_lock+0x10/0x10
[   71.612602][ T6219]  __alloc_pages_noprof+0x190/0x25a0
[   71.613973][ T6219]  ? mark_lock+0xb5/0xc60
[   71.615100][ T6219]  ? __pfx_mark_lock+0x10/0x10
[   71.616348][ T6219]  ? hlock_class+0x4e/0x130
[   71.617547][ T6219]  ? mark_lock+0xb5/0xc60
[   71.618672][ T6219]  ? __pfx___alloc_pages_noprof+0x10/0x10
[   71.620177][ T6219]  ? __pfx_mark_lock+0x10/0x10
[   71.621418][ T6219]  ? hlock_class+0x4e/0x130
[   71.622598][ T6219]  ? mark_lock+0xb5/0xc60
[   71.623691][ T6219]  ? hlock_class+0x4e/0x130
[   71.624785][ T6219]  ? __lock_acquire+0xbdd/0x3ce0
[   71.625983][ T6219]  ? __sanitizer_cov_trace_switch+0x54/0x90
[   71.627442][ T6219]  ? policy_nodemask+0xea/0x4e0
[   71.628720][ T6219]  alloc_pages_mpol_noprof+0x2c9/0x610
[   71.630139][ T6219]  ? __pfx_alloc_pages_mpol_noprof+0x10/0x10
[   71.631692][ T6219]  ? find_held_lock+0x2d/0x110
[   71.632880][ T6219]  folio_alloc_mpol_noprof+0x36/0xd0
[   71.634180][ T6219]  shmem_alloc_folio+0x135/0x160
[   71.635733][ T6219]  shmem_alloc_and_add_folio+0x48b/0xc00
[   71.637572][ T6219]  ? __pfx_shmem_alloc_and_add_folio+0x10/0x10
[   71.639636][ T6219]  ? shmem_allowable_huge_orders+0xcd/0x3f0
[   71.641534][ T6219]  shmem_get_folio_gfp+0x689/0x1530
[   71.643281][ T6219]  ? __pfx_shmem_get_folio_gfp+0x10/0x10
[   71.645185][ T6219]  ? filemap_map_pages+0xf93/0x16a0
[   71.647066][ T6219]  shmem_fault+0x200/0xae0
[   71.648341][ T6219]  ? __pfx_shmem_fault+0x10/0x10
[   71.649640][ T6219]  ? do_pte_missing+0xdc2/0x3e50
[   71.650944][ T6219]  ? __pfx_lock_release+0x10/0x10
[   71.652273][ T6219]  __do_fault+0x10a/0x490
[   71.653410][ T6219]  do_pte_missing+0xea8/0x3e50
[   71.654674][ T6219]  ? __pfx_lock_acquire.part.0+0x10/0x10
[   71.656160][ T6219]  ? rcu_is_watching+0x12/0xc0
[   71.657421][ T6219]  __handle_mm_fault+0x100a/0x2a10
[   71.658768][ T6219]  ? __pfx___handle_mm_fault+0x10/0x10
[   71.660202][ T6219]  ? __pfx_lock_release+0x10/0x10
[   71.661530][ T6219]  ? follow_page_pte+0x50d/0x1eb0
[   71.663011][ T6219]  handle_mm_fault+0x3fa/0xaa0
[   71.664676][ T6219]  __get_user_pages+0x90f/0x3b90
[   71.666424][ T6219]  ? __pfx_mt_find+0x10/0x10
[   71.667643][ T6219]  ? __pfx_lock_acquire.part.0+0x10/0x10
[   71.669529][ T6219]  ? __pfx___get_user_pages+0x10/0x10
[   71.671326][ T6219]  populate_vma_page_range+0x27f/0x3a0
[   71.673161][ T6219]  ? __pfx_populate_vma_page_range+0x10/0x10
[   71.673359][ T6222] netlink: 6 bytes leftover after parsing attributes in process `syz.0.235'.
[   71.675157][ T6219]  ? __pfx_find_vma_intersection+0x10/0x10
[   71.679603][ T6219]  ? vm_mmap_pgoff+0x25b/0x360
[   71.681221][ T6219]  __mm_populate+0x1d6/0x380
[   71.682786][ T6219]  ? __pfx___mm_populate+0x10/0x10
[   71.684533][ T6219]  ? up_write+0x1b2/0x520
[   71.685990][ T6219]  vm_mmap_pgoff+0x293/0x360
[   71.687559][ T6219]  ? __pfx_vm_mmap_pgoff+0x10/0x10
[   71.689383][ T6219]  ? arch_syscall_is_vdso_sigreturn+0x1bd/0x230
[   71.691493][ T6219]  ksys_mmap_pgoff+0x7d/0x5c0
[   71.693024][ T6219]  ? __ia32_sys_mmap_pgoff+0x11/0x1b0
[   71.694604][ T6219]  __do_fast_syscall_32+0x73/0x120
[   71.696329][ T6219]  do_fast_syscall_32+0x32/0x80
[   71.697916][ T6219]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[   71.699588][ T6219] RIP: 0023:0xf73be579
[   71.700845][ T6219] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[   71.707245][ T6219] RSP: 002b:00000000f56a656c EFLAGS: 00000296 ORIG_RAX: 00000000000000c0
[   71.709720][ T6219] RAX: ffffffffffffffda RBX: 0000000020000000 RCX: 0000000000b36000
[   71.711775][ T6219] RDX: 0000000006ebbeee RSI: 0000000000008031 RDI: 00000000ffffffff
[   71.714412][ T6219] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   71.717069][ T6219] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[   71.719734][ T6219] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   71.722396][ T6219]  </TASK>
[   71.727628][ T6223] netlink: 12 bytes leftover after parsing attributes in process `syz.0.235'.
[   71.745744][ T6225] netlink: 4 bytes leftover after parsing attributes in process `syz.2.234'.
[   71.816161][ T6229] warning: `syz.2.237' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[   71.943949][ T6238] netlink: 32 bytes leftover after parsing attributes in process `syz.1.240'.
[   71.993453][ T6229] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(9)
[   71.996033][ T6229] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[   72.003137][ T6229] vhci_hcd vhci_hcd.0: Device attached
[   72.069852][ T6244] autofs: Bad value for 'fd'
[   72.086028][ T6242] vhci_hcd: connection closed
[   72.088134][   T77] vhci_hcd: stop threads
[   72.090855][   T77] vhci_hcd: release socket
[   72.092060][   T77] vhci_hcd: disconnect device
[   72.111473][ T6246] netlink: 'syz.1.242': attribute type 1 has an invalid length.
[   72.118895][ T6246] 8021q: adding VLAN 0 to HW filter on device bond1
[   72.122700][ T6246] FAULT_INJECTION: forcing a failure.
[   72.122700][ T6246] name failslab, interval 1, probability 0, space 0, times 0
[   72.125918][ T6246] CPU: 1 UID: 0 PID: 6246 Comm: syz.1.242 Not tainted 6.12.0-rc3-syzkaller-00420-g715ca9dd687f #0
[   72.128619][ T6246] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   72.131326][ T6246] Call Trace:
[   72.132206][ T6246]  <TASK>
[   72.132981][ T6246]  dump_stack_lvl+0x16c/0x1f0
[   72.134209][ T6246]  should_fail_ex+0x497/0x5b0
[   72.135435][ T6246]  ? fs_reclaim_acquire+0xae/0x150
[   72.136759][ T6246]  should_failslab+0xc2/0x120
[   72.137977][ T6246]  __kmalloc_cache_noprof+0x6b/0x310
[   72.139341][ T6246]  ? register_netdevice+0x504/0x1e20
[   72.140718][ T6246]  register_netdevice+0x504/0x1e20
[   72.142029][ T6246]  ? __pfx_register_netdevice+0x10/0x10
[   72.143458][ T6246]  ip6_tnl_create2+0x79/0xe0
[   72.144681][ T6246]  ip6_tnl_newlink+0x1bf/0x380
[   72.145920][ T6246]  ? __pfx_ip6_tnl_newlink+0x10/0x10
[   72.147371][ T6246]  ? rtnl_create_link+0xa2e/0xf10
[   72.148680][ T6246]  ? __pfx_ip6_tnl_newlink+0x10/0x10
[   72.150050][ T6246]  __rtnl_newlink+0x119c/0x1920
[   72.151321][ T6246]  ? __pfx___rtnl_newlink+0x10/0x10
[   72.152683][ T6246]  rtnl_newlink+0x67/0xa0
[   72.153809][ T6246]  ? __pfx_rtnl_newlink+0x10/0x10
[   72.155118][ T6246]  rtnetlink_rcv_msg+0x3c7/0xea0
[   72.156411][ T6246]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[   72.157823][ T6246]  ? __pfx___dev_queue_xmit+0x10/0x10
[   72.159218][ T6246]  netlink_rcv_skb+0x165/0x410
[   72.160470][ T6246]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[   72.161881][ T6246]  ? __pfx_netlink_rcv_skb+0x10/0x10
[   72.163253][ T6246]  ? netlink_deliver_tap+0x1ae/0xcf0
[   72.164642][ T6246]  netlink_unicast+0x53c/0x7f0
[   72.165892][ T6246]  ? __pfx_netlink_unicast+0x10/0x10
[   72.167261][ T6246]  ? __phys_addr_symbol+0x30/0x80
[   72.168577][ T6246]  ? __check_object_size+0x4a1/0x710
[   72.169952][ T6246]  netlink_sendmsg+0x8b8/0xd70
[   72.171198][ T6246]  ? __pfx_netlink_sendmsg+0x10/0x10
[   72.172585][ T6246]  ? lock_acquire+0x2f/0xb0
[   72.173773][ T6246]  ____sys_sendmsg+0x9ae/0xb40
[   72.175018][ T6246]  ? __pfx_____sys_sendmsg+0x10/0x10
[   72.176384][ T6246]  ? get_compat_msghdr+0x11b/0x170
[   72.177711][ T6246]  ? __pfx___lock_acquire+0x10/0x10
[   72.179061][ T6246]  ___sys_sendmsg+0x135/0x1e0
[   72.180302][ T6246]  ? __pfx____sys_sendmsg+0x10/0x10
[   72.181656][ T6246]  ? lock_acquire+0x2f/0xb0
[   72.182839][ T6246]  ? __fget_files+0x40/0x3f0
[   72.184059][ T6246]  ? fdget+0x176/0x210
[   72.185120][ T6246]  __sys_sendmsg+0x117/0x1f0
[   72.186316][ T6246]  ? __pfx___sys_sendmsg+0x10/0x10
[   72.187639][ T6246]  ? __fget_files+0x244/0x3f0
[   72.188925][ T6246]  __do_fast_syscall_32+0x73/0x120
[   72.190277][ T6246]  do_fast_syscall_32+0x32/0x80
[   72.191540][ T6246]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[   72.193165][ T6246] RIP: 0023:0xf73be579
[   72.194214][ T6246] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[   72.199128][ T6246] RSP: 002b:00000000f56a656c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[   72.201265][ T6246] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000200000c0
[   72.203294][ T6246] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   72.205327][ T6246] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   72.207348][ T6246] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[   72.209380][ T6246] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   72.211410][ T6246]  </TASK>
[   72.473296][   T39] audit: type=1326 audit(1729441654.942:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6249 comm="syz.1.243" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73be579 code=0x7ffc0000
[   72.479425][   T39] audit: type=1326 audit(1729441654.942:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6249 comm="syz.1.243" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73be579 code=0x7ffc0000
[   72.490658][   T39] audit: type=1326 audit(1729441654.942:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6249 comm="syz.1.243" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf73be579 code=0x7ffc0000
[   72.500700][   T39] audit: type=1326 audit(1729441654.942:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6249 comm="syz.1.243" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73be579 code=0x7ffc0000
[   72.509351][   T39] audit: type=1326 audit(1729441654.942:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6249 comm="syz.1.243" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73be579 code=0x7ffc0000
[   72.516916][   T39] audit: type=1326 audit(1729441654.952:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6249 comm="syz.1.243" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf73be579 code=0x7ffc0000
[   72.524159][   T39] audit: type=1326 audit(1729441654.962:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6249 comm="syz.1.243" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73be579 code=0x7ffc0000
[   72.532438][   T39] audit: type=1326 audit(1729441654.962:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6249 comm="syz.1.243" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73be579 code=0x7ffc0000
[   72.538256][   T39] audit: type=1326 audit(1729441654.962:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6249 comm="syz.1.243" exe="/syz-executor" sig=0 arch=40000003 syscall=399 compat=1 ip=0xf73be579 code=0x7ffc0000
[   72.546836][   T39] audit: type=1326 audit(1729441654.962:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6249 comm="syz.1.243" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73be579 code=0x7ffc0000
[   72.678903][ T6255] netlink: 4 bytes leftover after parsing attributes in process `syz.2.244'.
[   72.823076][ T6264] Zero length message leads to an empty skb
[   73.026441][ T6272] netlink: 12 bytes leftover after parsing attributes in process `syz.0.251'.
[   73.118016][ T6276] netlink: 4 bytes leftover after parsing attributes in process `syz.0.253'.
[   73.120763][ T6276] netlink: 12 bytes leftover after parsing attributes in process `syz.0.253'.
[   73.307833][ T6287] netlink: 272 bytes leftover after parsing attributes in process `syz.1.258'.
[   73.554884][ T6297] netlink: 'syz.2.262': attribute type 10 has an invalid length.
[   73.558523][ T6297] team0: Device ipvlan1 failed to register rx_handler
[   73.587116][ T6299] netlink: 4 bytes leftover after parsing attributes in process `syz.2.263'.
[   73.612675][ T6303] netlink: 'syz.2.265': attribute type 1 has an invalid length.
[   73.614725][ T6303] netlink: 'syz.2.265': attribute type 3 has an invalid length.
[   73.947136][ T6322] netlink: 'syz.1.266': attribute type 10 has an invalid length.
[   74.699133][ T6328] netdevsim netdevsim2 : renamed from netdevsim0 (while UP)
[   74.732776][ T6330] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[   74.737936][ T6330] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98
[   75.044806][ T6342] netlink: 'syz.2.276': attribute type 10 has an invalid length.
[   75.057440][ T6342] bond0: (slave ): Enslaving as an active interface with an up link
[   75.097856][   T65] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[   75.101384][   T65] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   75.104182][   T65] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[   75.108421][   T65] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[   75.111119][   T65] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[   75.113469][   T65] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[   75.141567][ T6346] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   75.201400][ T6346] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   75.202794][ T6343] chnl_net:caif_netlink_parms(): no params data found
[   75.255807][ T6346] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   75.274637][ T6343] bridge0: port 1(bridge_slave_0) entered blocking state
[   75.277044][ T6343] bridge0: port 1(bridge_slave_0) entered disabled state
[   75.279106][ T6343] bridge_slave_0: entered allmulticast mode
[   75.281293][ T6343] bridge_slave_0: entered promiscuous mode
[   75.284986][ T6343] bridge0: port 2(bridge_slave_1) entered blocking state
[   75.287569][ T6343] bridge0: port 2(bridge_slave_1) entered disabled state
[   75.290109][ T6343] bridge_slave_1: entered allmulticast mode
[   75.292405][ T6343] bridge_slave_1: entered promiscuous mode
[   75.316935][ T6343] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   75.335028][   T45] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   75.343579][ T6343] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   75.365381][ T6343] team0: Port device team_slave_0 added
[   75.368273][ T6343] team0: Port device team_slave_1 added
[   75.388798][ T6343] batman_adv: batadv0: Adding interface: batadv_slave_0
[   75.390684][ T6343] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   75.397616][ T6343] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   75.401205][ T6343] batman_adv: batadv0: Adding interface: batadv_slave_1
[   75.403052][ T6343] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   75.409977][ T6343] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   75.440877][   T45] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   75.447308][ T6343] hsr_slave_0: entered promiscuous mode
[   75.449185][ T6343] hsr_slave_1: entered promiscuous mode
[   75.451075][ T6343] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   75.453120][ T6343] Cannot create hsr debugfs directory
[   75.526724][   T45] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   75.608837][   T45] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   75.709631][   T45] bridge_slave_1: left allmulticast mode
[   75.712183][   T45] bridge_slave_1: left promiscuous mode
[   75.716667][   T45] bridge0: port 2(bridge_slave_1) entered disabled state
[   75.728416][   T45] bridge_slave_0: left allmulticast mode
[   75.730506][   T45] bridge_slave_0: left promiscuous mode
[   75.732635][   T45] bridge0: port 1(bridge_slave_0) entered disabled state
[   75.780047][    T9] cfg80211: failed to load regulatory.db
[   75.936580][   T45] bond0 (unregistering): (slave bridge0): Releasing backup interface
[   76.512061][   T45] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   76.520429][   T45] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   76.526845][   T45] bond0 (unregistering): Released all slaves
[   76.983294][   T45] hsr_slave_0: left promiscuous mode
[   76.999047][   T45] hsr_slave_1: left promiscuous mode
[   77.001969][   T45] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   77.004624][   T45] batman_adv: batadv0: Removing interface: batadv_slave_0
[   77.012933][   T45] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   77.015346][   T45] batman_adv: batadv0: Removing interface: batadv_slave_1
[   77.041447][   T45] veth1_macvtap: left promiscuous mode
[   77.043299][   T45] veth0_macvtap: left promiscuous mode
[   77.044934][   T45] veth1_vlan: left promiscuous mode
[   77.047214][   T45] veth0_vlan: left promiscuous mode
[   77.137715][ T5357] Bluetooth: hci4: command tx timeout
[   77.665789][   T45] team0 (unregistering): Port device team_slave_1 removed
[   77.722726][   T45] team0 (unregistering): Port device team_slave_0 removed
[   77.886337][ T1995] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[   78.045203][   T45] team0 (unregistering): Port device batadv0 removed
[   78.046414][ T1995] usb 6-1: Using ep0 maxpacket: 16
[   78.049511][ T1995] usb 6-1: config 0 has an invalid interface number: 2 but max is 0
[   78.051615][ T1995] usb 6-1: config 0 has an invalid descriptor of length 13, skipping remainder of the config
[   78.054352][ T1995] usb 6-1: config 0 has no interface number 0
[   78.055973][ T1995] usb 6-1: config 0 interface 2 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[   78.060501][ T1995] usb 6-1: New USB device found, idVendor=0582, idProduct=0005, bcdDevice= 0.88
[   78.062831][ T1995] usb 6-1: New USB device strings: Mfr=0, Product=2, SerialNumber=3
[   78.065365][ T1995] usb 6-1: Product: syz
[   78.066582][ T1995] usb 6-1: SerialNumber: syz
[   78.069612][ T1995] usb 6-1: config 0 descriptor??
[   78.086686][ T1995] usb 6-1: Quirk or no altset; falling back to MIDI 1.0
[   78.145729][ T1995] snd-usb-audio 6-1:0.2: probe with driver snd-usb-audio failed with error -2
[   78.152886][ T6408] sit1: entered promiscuous mode
[   78.154216][ T6408] sit1: entered allmulticast mode
[   78.160180][ T6394] udevd[6394]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb6/6-1/6-1:0.2/sound/card3/controlC3/../uevent} for writing: No such file or directory
[   78.169981][ T6413] __nla_validate_parse: 8 callbacks suppressed
[   78.169990][ T6413] netlink: 12 bytes leftover after parsing attributes in process `syz.0.296'.
[   78.217475][ T6343] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   78.227921][ T6426] netlink: 8 bytes leftover after parsing attributes in process `syz.0.301'.
[   78.234797][ T6426] bridge0: port 2(bridge_slave_1) entered disabled state
[   78.242675][ T6426] bridge0: port 2(bridge_slave_1) entered blocking state
[   78.244612][ T6426] bridge0: port 2(bridge_slave_1) entered forwarding state
[   78.247138][ T6343] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   78.250561][ T6343] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   78.255489][ T6343] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   78.291414][   T39] kauditd_printk_skb: 6 callbacks suppressed
[   78.291427][   T39] audit: type=1326 audit(1729441660.762:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6417 comm="syz.1.299" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf73be579 code=0x0
[   78.321529][ T6343] 8021q: adding VLAN 0 to HW filter on device bond0
[   78.331483][ T6343] 8021q: adding VLAN 0 to HW filter on device team0
[   78.341459][  T630] bridge0: port 1(bridge_slave_0) entered blocking state
[   78.343696][  T630] bridge0: port 1(bridge_slave_0) entered forwarding state
[   78.358289][   T69] bridge0: port 2(bridge_slave_1) entered blocking state
[   78.360177][   T69] bridge0: port 2(bridge_slave_1) entered forwarding state
[   78.399763][ T6343] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   78.407422][ T6439] netlink: 4 bytes leftover after parsing attributes in process `syz.0.302'.
[   78.486827][ T6343] 8021q: adding VLAN 0 to HW filter on device batadv0
[   78.508629][ T6343] veth0_vlan: entered promiscuous mode
[   78.512745][ T6343] veth1_vlan: entered promiscuous mode
[   78.525463][ T6343] veth0_macvtap: entered promiscuous mode
[   78.528762][ T6343] veth1_macvtap: entered promiscuous mode
[   78.534314][ T6343] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   78.537438][ T6343] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   78.539963][ T6343] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   78.542624][ T6343] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   78.545816][ T6343] batman_adv: batadv0: Interface activated: batadv_slave_0
[   78.548978][ T6343] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   78.551917][ T6343] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   78.554408][ T6343] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   78.557775][ T6343] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   78.560280][ T6343] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   78.562950][ T6343] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   78.566135][ T6343] batman_adv: batadv0: Interface activated: batadv_slave_1
[   78.572918][ T6343] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   78.575196][ T6343] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   78.580917][ T6343] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   78.583163][ T6343] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   78.620387][  T630] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   78.622942][  T630] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   78.630377][   T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   78.632447][   T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   78.682409][ T6450] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.305'.
[   78.684817][ T6450] openvswitch: netlink: Tunnel attr 8192 out of range max 16
[   78.709772][ T6452] netlink: 8 bytes leftover after parsing attributes in process `syz.0.306'.
[   78.743898][ T6454] FAULT_INJECTION: forcing a failure.
[   78.743898][ T6454] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   78.748157][ T6454] CPU: 0 UID: 0 PID: 6454 Comm: syz.0.307 Not tainted 6.12.0-rc3-syzkaller-00420-g715ca9dd687f #0
[   78.750903][ T6454] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   78.753675][ T6454] Call Trace:
[   78.754549][ T6454]  <TASK>
[   78.755320][ T6454]  dump_stack_lvl+0x16c/0x1f0
[   78.756587][ T6454]  should_fail_ex+0x497/0x5b0
[   78.757808][ T6454]  ? fs_reclaim_acquire+0xae/0x150
[   78.759128][ T6454]  should_fail_alloc_page+0xe7/0x130
[   78.760520][ T6454]  prepare_alloc_pages.constprop.0+0x16f/0x560
[   78.762108][ T6454]  ? __pfx_stack_trace_save+0x10/0x10
[   78.763523][ T6454]  __alloc_pages_noprof+0x190/0x25a0
[   78.764943][ T6454]  ? save_trace+0x42/0xa10
[   78.766112][ T6454]  ? add_lock_to_list+0x17d/0x390
[   78.767425][ T6454]  ? hlock_class+0x4e/0x130
[   78.768638][ T6454]  ? __pfx___alloc_pages_noprof+0x10/0x10
[   78.770118][ T6454]  ? __pfx___lock_acquire+0x10/0x10
[   78.771474][ T6454]  ? save_trace+0x42/0xa10
[   78.772658][ T6454]  ? add_lock_to_list+0x17d/0x390
[   78.773967][ T6454]  ? __sanitizer_cov_trace_switch+0x54/0x90
[   78.775515][ T6454]  ? policy_nodemask+0xea/0x4e0
[   78.776792][ T6454]  alloc_pages_mpol_noprof+0x2c9/0x610
[   78.778206][ T6454]  ? __pfx_alloc_pages_mpol_noprof+0x10/0x10
[   78.779789][ T6454]  ? do_raw_spin_lock+0x12d/0x2c0
[   78.781104][ T6454]  ? lock_acquire+0x2f/0xb0
[   78.782290][ T6454]  ? kasan_populate_vmalloc_pte+0xfb/0x160
[   78.783837][ T6454]  ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10
[   78.785479][ T6454]  get_free_pages_noprof+0xc/0x40
[   78.786800][ T6454]  kasan_populate_vmalloc_pte+0x2d/0x160
[   78.788288][ T6454]  ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10
[   78.789913][ T6454]  __apply_to_page_range+0x5fd/0xd30
[   78.791294][ T6454]  ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10
[   78.792946][ T6454]  ? __pfx___apply_to_page_range+0x10/0x10
[   78.794452][ T6454]  ? insert_vmap_area+0x2ef/0x4d0
[   78.795890][ T6454]  alloc_vmap_area+0x93e/0x2a70
[   78.797178][ T6454]  ? __pfx_alloc_vmap_area+0x10/0x10
[   78.798540][ T6454]  __get_vm_area_node+0x17e/0x2d0
[   78.799894][ T6454]  ? netlink_rcv_skb+0x165/0x410
[   78.801210][ T6454]  __vmalloc_node_range_noprof+0x26a/0x15a0
[   78.802776][ T6454]  ? hash_mac_create+0x3f0/0xff0
[   78.804122][ T6454]  ? hash_mac_create+0x3f0/0xff0
[   78.805419][ T6454]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[   78.807071][ T6454]  ? trace_kmalloc+0x2d/0xe0
[   78.808300][ T6454]  ? __kmalloc_node_noprof.cold+0x5a/0x5f
[   78.809779][ T6454]  ? hash_mac_create+0x3f0/0xff0
[   78.811070][ T6454]  __kvmalloc_node_noprof+0x14f/0x1a0
[   78.812498][ T6454]  ? hash_mac_create+0x3f0/0xff0
[   78.813789][ T6454]  hash_mac_create+0x3f0/0xff0
[   78.815042][ T6454]  ? __pfx_hash_mac_create+0x10/0x10
[   78.816444][ T6454]  ip_set_create+0x62a/0x1400
[   78.817678][ T6454]  ? __pfx_ip_set_create+0x10/0x10
[   78.819013][ T6454]  ? rcu_is_watching+0x12/0xc0
[   78.820319][ T6454]  nfnetlink_rcv_msg+0x9c3/0x11e0
[   78.821648][ T6454]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[   78.823068][ T6454]  ? find_held_lock+0x2d/0x110
[   78.824371][ T6454]  netlink_rcv_skb+0x165/0x410
[   78.825621][ T6454]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[   78.827036][ T6454]  ? __pfx_netlink_rcv_skb+0x10/0x10
[   78.828434][ T6454]  ? __pfx_aa_get_newest_label+0x10/0x10
[   78.829891][ T6454]  ? bpf_lsm_capable+0x9/0x10
[   78.831115][ T6454]  ? security_capable+0x7e/0x260
[   78.832426][ T6454]  ? ns_capable+0xd7/0x110
[   78.833595][ T6454]  nfnetlink_rcv+0x1b4/0x430
[   78.834803][ T6454]  ? __pfx_nfnetlink_rcv+0x10/0x10
[   78.836151][ T6454]  ? netlink_deliver_tap+0x1ae/0xcf0
[   78.837536][ T6454]  netlink_unicast+0x53c/0x7f0
[   78.838784][ T6454]  ? __pfx_netlink_unicast+0x10/0x10
[   78.840175][ T6454]  ? __phys_addr_symbol+0x30/0x80
[   78.841486][ T6454]  ? __check_object_size+0x488/0x710
[   78.842860][ T6454]  netlink_sendmsg+0x8b8/0xd70
[   78.844143][ T6454]  ? __pfx_netlink_sendmsg+0x10/0x10
[   78.845520][ T6454]  ? lock_acquire+0x2f/0xb0
[   78.846712][ T6454]  ____sys_sendmsg+0x9ae/0xb40
[   78.847991][ T6454]  ? __pfx_____sys_sendmsg+0x10/0x10
[   78.849329][ T6454]  ? get_compat_msghdr+0x11b/0x170
[   78.850584][ T6454]  ? __pfx___lock_acquire+0x10/0x10
[   78.851909][ T6454]  ___sys_sendmsg+0x135/0x1e0
[   78.853086][ T6454]  ? __pfx____sys_sendmsg+0x10/0x10
[   78.854374][ T6454]  ? lock_acquire+0x2f/0xb0
[   78.855469][ T6454]  ? __fget_files+0x40/0x3f0
[   78.856617][ T6454]  ? fdget+0x176/0x210
[   78.857632][ T6454]  __sys_sendmsg+0x117/0x1f0
[   78.858804][ T6454]  ? __pfx___sys_sendmsg+0x10/0x10
[   78.860073][ T6454]  ? __fget_files+0x244/0x3f0
[   78.861212][ T6454]  __do_fast_syscall_32+0x73/0x120
[   78.862457][ T6454]  do_fast_syscall_32+0x32/0x80
[   78.863704][ T6454]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[   78.865297][ T6454] RIP: 0023:0xf7f73579
[   78.866294][ T6454] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[   78.870969][ T6454] RSP: 002b:00000000f56f656c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[   78.873016][ T6454] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 0000000020000140
[   78.874950][ T6454] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   78.876932][ T6454] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   78.878930][ T6454] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[   78.880911][ T6454] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   78.882883][ T6454]  </TASK>
[   78.885376][ T6454] syz.0.307: vmalloc error: size 4194328, vm_struct allocation failed, mode:0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[   78.890412][ T6454] CPU: 0 UID: 0 PID: 6454 Comm: syz.0.307 Not tainted 6.12.0-rc3-syzkaller-00420-g715ca9dd687f #0
[   78.893063][ T6454] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   78.895751][ T6454] Call Trace:
[   78.896601][ T6454]  <TASK>
[   78.897353][ T6454]  dump_stack_lvl+0x16c/0x1f0
[   78.898562][ T6454]  warn_alloc+0x24d/0x3a0
[   78.899690][ T6454]  ? __pfx_warn_alloc+0x10/0x10
[   78.900914][ T6454]  ? kfree+0x14f/0x4b0
[   78.901942][ T6454]  ? __get_vm_area_node+0x1bc/0x2d0
[   78.903259][ T6454]  __vmalloc_node_range_noprof+0xd27/0x15a0
[   78.904784][ T6454]  ? hash_mac_create+0x3f0/0xff0
[   78.906054][ T6454]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[   78.907669][ T6454]  ? trace_kmalloc+0x2d/0xe0
[   78.908866][ T6454]  ? __kmalloc_node_noprof.cold+0x5a/0x5f
[   78.910329][ T6454]  ? hash_mac_create+0x3f0/0xff0
[   78.911594][ T6454]  __kvmalloc_node_noprof+0x14f/0x1a0
[   78.912978][ T6454]  ? hash_mac_create+0x3f0/0xff0
[   78.914227][ T6454]  hash_mac_create+0x3f0/0xff0
[   78.915452][ T6454]  ? __pfx_hash_mac_create+0x10/0x10
[   78.916814][ T6454]  ip_set_create+0x62a/0x1400
[   78.918009][ T6454]  ? __pfx_ip_set_create+0x10/0x10
[   78.919328][ T6454]  ? rcu_is_watching+0x12/0xc0
[   78.920616][ T6454]  nfnetlink_rcv_msg+0x9c3/0x11e0
[   78.921932][ T6454]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[   78.923349][ T6454]  ? find_held_lock+0x2d/0x110
[   78.924649][ T6454]  netlink_rcv_skb+0x165/0x410
[   78.925901][ T6454]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[   78.927408][ T6454]  ? __pfx_netlink_rcv_skb+0x10/0x10
[   78.928808][ T6454]  ? __pfx_aa_get_newest_label+0x10/0x10
[   78.930195][ T6454]  ? bpf_lsm_capable+0x9/0x10
[   78.931429][ T6454]  ? security_capable+0x7e/0x260
[   78.932746][ T6454]  ? ns_capable+0xd7/0x110
[   78.933913][ T6454]  nfnetlink_rcv+0x1b4/0x430
[   78.935122][ T6454]  ? __pfx_nfnetlink_rcv+0x10/0x10
[   78.936504][ T6454]  ? netlink_deliver_tap+0x1ae/0xcf0
[   78.937879][ T6454]  netlink_unicast+0x53c/0x7f0
[   78.939130][ T6454]  ? __pfx_netlink_unicast+0x10/0x10
[   78.940534][ T6454]  ? __phys_addr_symbol+0x30/0x80
[   78.941845][ T6454]  ? __check_object_size+0x488/0x710
[   78.943225][ T6454]  netlink_sendmsg+0x8b8/0xd70
[   78.944523][ T6454]  ? __pfx_netlink_sendmsg+0x10/0x10
[   78.945899][ T6454]  ? lock_acquire+0x2f/0xb0
[   78.947111][ T6454]  ____sys_sendmsg+0x9ae/0xb40
[   78.948391][ T6454]  ? __pfx_____sys_sendmsg+0x10/0x10
[   78.949775][ T6454]  ? get_compat_msghdr+0x11b/0x170
[   78.951113][ T6454]  ? __pfx___lock_acquire+0x10/0x10
[   78.952496][ T6454]  ___sys_sendmsg+0x135/0x1e0
[   78.953727][ T6454]  ? __pfx____sys_sendmsg+0x10/0x10
[   78.955086][ T6454]  ? lock_acquire+0x2f/0xb0
[   78.956298][ T6454]  ? __fget_files+0x40/0x3f0
[   78.957506][ T6454]  ? fdget+0x176/0x210
[   78.958567][ T6454]  __sys_sendmsg+0x117/0x1f0
[   78.959794][ T6454]  ? __pfx___sys_sendmsg+0x10/0x10
[   78.961144][ T6454]  ? __fget_files+0x244/0x3f0
[   78.962387][ T6454]  __do_fast_syscall_32+0x73/0x120
[   78.963765][ T6454]  do_fast_syscall_32+0x32/0x80
[   78.965042][ T6454]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[   78.966694][ T6454] RIP: 0023:0xf7f73579
[   78.967788][ T6454] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[   78.972745][ T6454] RSP: 002b:00000000f56f656c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[   78.974885][ T6454] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 0000000020000140
[   78.976946][ T6454] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   78.978987][ T6454] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   78.981051][ T6454] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[   78.983097][ T6454] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   78.985172][ T6454]  </TASK>
[   78.986736][ T6454] Mem-Info:
[   78.987770][ T6454] active_anon:9709 inactive_anon:791 isolated_anon:0
[   78.987770][ T6454]  active_file:16801 inactive_file:33128 isolated_file:0
[   78.987770][ T6454]  unevictable:768 dirty:216 writeback:0
[   78.987770][ T6454]  slab_reclaimable:5214 slab_unreclaimable:51977
[   78.987770][ T6454]  mapped:20545 shmem:6229 pagetables:672
[   78.987770][ T6454]  sec_pagetables:301 bounce:0
[   78.987770][ T6454]  kernel_misc_reclaimable:0
[   78.987770][ T6454]  free:76639 free_pcp:1658 free_cma:0
[   78.999274][ T6454] Node 0 active_anon:4908kB inactive_anon:3164kB active_file:13036kB inactive_file:0kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:6652kB dirty:48kB writeback:0kB shmem:3540kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:9264kB pagetables:940kB sec_pagetables:1152kB all_unreclaimable? yes
[   79.007536][ T6454] Node 1 active_anon:33928kB inactive_anon:0kB active_file:54168kB inactive_file:132512kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:75528kB dirty:816kB writeback:0kB shmem:21376kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:2048kB writeback_tmp:0kB kernel_stack:2272kB pagetables:1748kB sec_pagetables:52kB all_unreclaimable? no
[   79.015807][ T6454] Node 0 DMA free:2952kB boost:2048kB min:2808kB low:2996kB high:3184kB reserved_highatomic:0KB active_anon:1036kB inactive_anon:552kB active_file:256kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:572kB local_pcp:192kB free_cma:0kB
[   79.023263][ T6454] lowmem_reserve[]: 0 273 0 0 0
[   79.025175][ T6454] Node 0 DMA32 free:27604kB boost:6144kB min:20048kB low:23524kB high:27000kB reserved_highatomic:4096KB active_anon:3872kB inactive_anon:2612kB active_file:12780kB inactive_file:0kB unevictable:1536kB writepending:48kB present:1032196kB managed:306284kB mlocked:0kB bounce:0kB free_pcp:784kB local_pcp:172kB free_cma:0kB
[   79.036527][ T6454] lowmem_reserve[]: 0 0 0 0 0
[   79.037816][ T6454] Node 1 DMA32 free:276000kB boost:0kB min:47144kB low:58928kB high:70712kB reserved_highatomic:0KB active_anon:33928kB inactive_anon:0kB active_file:54168kB inactive_file:132512kB unevictable:1536kB writepending:816kB present:1048432kB managed:948252kB mlocked:0kB bounce:0kB free_pcp:5232kB local_pcp:892kB free_cma:0kB
[   79.045491][ T6454] lowmem_reserve[]: 0 0 0 0 0
[   79.046892][ T6454] Node 0 DMA: 0*4kB 1*8kB (U) 100*16kB (U) 42*32kB (U) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 2952kB
[   79.050343][ T6454] Node 0 DMA32: 263*4kB (UMH) 346*8kB (UMEH) 48*16kB (UMEH) 213*32kB (UMEH) 94*64kB (UMEH) 23*128kB (UEH) 8*256kB (UME) 2*512kB (UM) 2*1024kB (M) 1*2048kB (M) 0*4096kB = 27532kB
[   79.054795][ T6454] Node 1 DMA32: 6*4kB (ME) 1*8kB (M) 2*16kB (UE) 282*32kB (UM) 308*64kB (UME) 54*128kB (UME) 48*256kB (UME) 31*512kB (UME) 17*1024kB (UME) 9*2048kB (UME) 43*4096kB (UM) = 275840kB
[   79.059455][ T6454] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[   79.061914][ T6454] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[   79.064112][ T6454] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[   79.066785][ T6454] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[   79.068925][ T6454] 54674 total pagecache pages
[   79.070103][ T6454] 0 pages in swap cache
[   79.071185][ T6454] Free swap  = 124524kB
[   79.072269][ T6454] Total swap = 124996kB
[   79.073317][ T6454] 524155 pages RAM
[   79.074285][ T6454] 0 pages HighMem/MovableOnly
[   79.075506][ T6454] 206681 pages reserved
[   79.076676][ T6454] 0 pages cma reserved
[   79.145747][ T6465] sch_tbf: burst 4 is lower than device lo mtu (65550) !
[   79.153722][ T6466] sch_tbf: burst 4 is lower than device lo mtu (65550) !
[   79.183068][ T6470] hsr0: entered promiscuous mode
[   79.216735][ T5357] Bluetooth: hci4: command tx timeout
[   79.346186][ T6480] netlink: 4 bytes leftover after parsing attributes in process `syz.0.314'.
[   79.394937][ T6484] netlink: 24 bytes leftover after parsing attributes in process `syz.0.316'.
[   79.632687][ T6496] netlink: 'syz.0.320': attribute type 1 has an invalid length.
[   79.634840][ T6496] netlink: 'syz.0.320': attribute type 2 has an invalid length.
[   79.721227][ T6499] can0: slcan on ttyS3.
[   80.396887][ T6497] can0 (unregistered): slcan off ttyS3.
[   80.727852][ T1995] usb 6-1: USB disconnect, device number 2
[   81.296935][ T5357] Bluetooth: hci4: command tx timeout
[   81.416515][ T6525] syz.0.324 (6525) used greatest stack depth: 18536 bytes left
[   82.019642][ T6554] netlink: 12 bytes leftover after parsing attributes in process `syz.0.334'.
[   82.140419][ T6540] netlink: 4 bytes leftover after parsing attributes in process `syz.1.330'.
[   82.220103][ T6566] netlink: 4 bytes leftover after parsing attributes in process `syz.0.337'.
[   82.222881][ T6566] bridge_slave_1: left allmulticast mode
[   82.225023][ T6566] bridge_slave_1: left promiscuous mode
[   82.227234][ T6566] bridge0: port 2(bridge_slave_1) entered disabled state
[   82.234563][ T6566] bridge_slave_0: left allmulticast mode
[   82.237728][ T6566] bridge_slave_0: left promiscuous mode
[   82.240067][ T6566] bridge0: port 1(bridge_slave_0) entered disabled state
[   83.067825][ T6590] FAULT_INJECTION: forcing a failure.
[   83.067825][ T6590] name failslab, interval 1, probability 0, space 0, times 0
[   83.071062][ T6590] CPU: 3 UID: 0 PID: 6590 Comm: syz.1.345 Not tainted 6.12.0-rc3-syzkaller-00420-g715ca9dd687f #0
[   83.073774][ T6590] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   83.076545][ T6590] Call Trace:
[   83.077423][ T6590]  <TASK>
[   83.078200][ T6590]  dump_stack_lvl+0x16c/0x1f0
[   83.079440][ T6590]  should_fail_ex+0x497/0x5b0
[   83.080685][ T6590]  ? fs_reclaim_acquire+0xae/0x150
[   83.082026][ T6590]  should_failslab+0xc2/0x120
[   83.083261][ T6590]  __kmalloc_node_track_caller_noprof+0xcf/0x440
[   83.084933][ T6590]  ? push_jmp_history+0x254/0x620
[   83.086247][ T6590]  ? __phys_addr+0xc6/0x150
[   83.087439][ T6590]  krealloc_noprof+0x5d/0x130
[   83.088686][ T6590]  push_jmp_history+0x254/0x620
[   83.089960][ T6590]  do_check_common+0xb63/0xd660
[   83.091239][ T6590]  ? lockdep_hardirqs_on+0x7c/0x110
[   83.092603][ T6590]  ? __pfx_do_check_common+0x10/0x10
[   83.093979][ T6590]  ? kvfree+0x47/0x50
[   83.095112][ T6590]  ? check_cfg+0x400/0x840
[   83.096588][ T6590]  bpf_check+0x788f/0xc970
[   83.098058][ T6590]  ? __pfx_bpf_check+0x10/0x10
[   83.099291][ T6590]  ? find_held_lock+0x2d/0x110
[   83.100548][ T6590]  ? ktime_get_with_offset+0x13a/0x240
[   83.101950][ T6590]  ? trace_lock_acquire+0x14a/0x1d0
[   83.103297][ T6590]  ? ktime_get_with_offset+0x13a/0x240
[   83.104735][ T6590]  ? timekeeping_debug_get_ns+0x3e0/0x5b0
[   83.106203][ T6590]  ? lockdep_hardirqs_on+0x7c/0x110
[   83.107550][ T6590]  ? bpf_obj_name_cpy+0x156/0x1b0
[   83.108863][ T6590]  bpf_prog_load+0xe3f/0x2670
[   83.110083][ T6590]  ? __pfx_bpf_prog_load+0x10/0x10
[   83.111404][ T6590]  ? find_held_lock+0x2d/0x110
[   83.112668][ T6590]  __sys_bpf+0x4c8c/0x5780
[   83.113834][ T6590]  ? ksys_write+0x21e/0x260
[   83.115017][ T6590]  ? __pfx___sys_bpf+0x10/0x10
[   83.116270][ T6590]  ? vfs_write+0x14d/0x1140
[   83.117453][ T6590]  ? __mutex_unlock_slowpath+0x164/0x650
[   83.118915][ T6590]  ? fput+0x30/0x390
[   83.119957][ T6590]  ? ksys_write+0x1ad/0x260
[   83.121145][ T6590]  ? __pfx_ksys_write+0x10/0x10
[   83.122412][ T6590]  __ia32_sys_bpf+0x76/0xe0
[   83.123618][ T6590]  __do_fast_syscall_32+0x73/0x120
[   83.124957][ T6590]  do_fast_syscall_32+0x32/0x80
[   83.126228][ T6590]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[   83.128189][ T6590] RIP: 0023:0xf73be579
[   83.129552][ T6590] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[   83.135764][ T6590] RSP: 002b:00000000f56a656c EFLAGS: 00000296 ORIG_RAX: 0000000000000165
[   83.138501][ T6590] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000200054c0
[   83.141137][ T6590] RDX: 0000000000000048 RSI: 0000000000000000 RDI: 0000000000000000
[   83.143437][ T6590] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   83.145479][ T6590] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[   83.147500][ T6590] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   83.149547][ T6590]  </TASK>
[   83.150449][    C3] vkms_vblank_simulate: vblank timer overrun
[   83.386761][ T5357] Bluetooth: hci4: command tx timeout
[   83.436429][ T5408] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[   83.567909][ T5408] usb 7-1: device descriptor read/64, error -71
[   83.654355][ T6601] netlink: 'syz.1.347': attribute type 10 has an invalid length.
[   83.816386][ T5408] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[   83.956477][ T5408] usb 7-1: device descriptor read/64, error -71
[   84.076554][ T5408] usb usb7-port1: attempt power cycle
[   84.076838][ T6605] netlink: 4 bytes leftover after parsing attributes in process `syz.1.350'.
[   84.126021][ T6605] 8021q: adding VLAN 0 to HW filter on device team1
[   84.134106][ T6605] netlink: 8 bytes leftover after parsing attributes in process `syz.1.350'.
[   84.355605][ T6617] FAULT_INJECTION: forcing a failure.
[   84.355605][ T6617] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   84.360644][ T6617] CPU: 3 UID: 0 PID: 6617 Comm: syz.1.352 Not tainted 6.12.0-rc3-syzkaller-00420-g715ca9dd687f #0
[   84.363431][ T6617] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   84.366314][ T6617] Call Trace:
[   84.367206][ T6617]  <TASK>
[   84.367996][ T6617]  dump_stack_lvl+0x16c/0x1f0
[   84.369241][ T6617]  should_fail_ex+0x497/0x5b0
[   84.370486][ T6617]  _copy_to_user+0x30/0xc0
[   84.371669][ T6617]  simple_read_from_buffer+0xd0/0x160
[   84.373082][ T6617]  proc_fail_nth_read+0x198/0x270
[   84.374428][ T6617]  ? __pfx_proc_fail_nth_read+0x10/0x10
[   84.375892][ T6617]  ? __pfx_proc_fail_nth_read+0x10/0x10
[   84.377340][ T6617]  vfs_read+0x1ce/0xbd0
[   84.378444][ T6617]  ? __fget_files+0x23a/0x3f0
[   84.379691][ T6617]  ? fdget_pos+0x24c/0x360
[   84.380876][ T6617]  ? __pfx_lock_release+0x10/0x10
[   84.382204][ T6617]  ? trace_lock_acquire+0x14a/0x1d0
[   84.383596][ T6617]  ? __pfx_vfs_read+0x10/0x10
[   84.385174][ T6617]  ? __pfx___mutex_lock+0x10/0x10
[   84.386796][ T6617]  ? __fget_files+0x244/0x3f0
[   84.388043][ T6617]  ksys_read+0x12f/0x260
[   84.389159][ T6617]  ? __pfx_ksys_read+0x10/0x10
[   84.390421][ T6617]  __do_fast_syscall_32+0x73/0x120
[   84.391782][ T6617]  do_fast_syscall_32+0x32/0x80
[   84.393067][ T6617]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[   84.394734][ T6617] RIP: 0023:0xf73be579
[   84.395815][ T6617] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[   84.400822][ T6617] RSP: 002b:00000000f56645a0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[   84.403011][ T6617] RAX: ffffffffffffffda RBX: 000000000000000c RCX: 00000000f5664620
[   84.405242][ T6617] RDX: 000000000000000f RSI: 00000000f73abff4 RDI: 0000000000000000
[   84.407405][ T6617] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[   84.409475][ T6617] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[   84.411536][ T6617] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   84.413607][ T6617]  </TASK>
[   84.414635][    C3] vkms_vblank_simulate: vblank timer overrun
[   84.486463][ T5408] usb 7-1: new high-speed USB device number 4 using dummy_hcd
[   84.518613][ T5408] usb 7-1: device descriptor read/8, error -71
[   84.766391][ T5408] usb 7-1: new high-speed USB device number 5 using dummy_hcd
[   84.787801][ T5408] usb 7-1: device descriptor read/8, error -71
[   84.906529][ T5408] usb usb7-port1: unable to enumerate USB device
[   84.998736][ T6624] FAULT_INJECTION: forcing a failure.
[   84.998736][ T6624] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   85.001957][ T6624] CPU: 0 UID: 0 PID: 6624 Comm: syz.1.355 Not tainted 6.12.0-rc3-syzkaller-00420-g715ca9dd687f #0
[   85.004532][ T6624] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   85.007155][ T6624] Call Trace:
[   85.008012][ T6624]  <TASK>
[   85.008762][ T6624]  dump_stack_lvl+0x16c/0x1f0
[   85.009950][ T6624]  should_fail_ex+0x497/0x5b0
[   85.011146][ T6624]  _copy_from_user+0x30/0xf0
[   85.012321][ T6624]  get_compat_msghdr+0xa8/0x170
[   85.013549][ T6624]  ? __pfx_get_compat_msghdr+0x10/0x10
[   85.014848][ T6624]  ? __pfx___lock_acquire+0x10/0x10
[   85.016163][ T6624]  ___sys_sendmsg+0x1b0/0x1e0
[   85.017332][ T6624]  ? __pfx____sys_sendmsg+0x10/0x10
[   85.018648][ T6624]  ? lock_acquire+0x2f/0xb0
[   85.019753][ T6624]  ? __fget_files+0x40/0x3f0
[   85.020850][ T6624]  ? __pfx___might_resched+0x10/0x10
[   85.022182][ T6624]  ? fdget+0x176/0x210
[   85.023177][ T6624]  __sys_sendmmsg+0x2a5/0x450
[   85.024422][ T6624]  ? __pfx___sys_sendmmsg+0x10/0x10
[   85.025772][ T6624]  ? vfs_write+0x14d/0x1140
[   85.027113][ T6624]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[   85.028786][ T6624]  ? fput+0x30/0x390
[   85.029803][ T6624]  ? ksys_write+0x1ad/0x260
[   85.030984][ T6624]  ? __pfx_ksys_write+0x10/0x10
[   85.032263][ T6624]  __ia32_compat_sys_sendmmsg+0x9d/0x100
[   85.033670][ T6624]  ? syscall_enter_from_user_mode_prepare+0x68/0xe0
[   85.035367][ T6624]  __do_fast_syscall_32+0x73/0x120
[   85.036713][ T6624]  do_fast_syscall_32+0x32/0x80
[   85.037979][ T6624]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[   85.039628][ T6624] RIP: 0023:0xf73be579
[   85.040695][ T6624] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[   85.045523][ T6624] RSP: 002b:00000000f56a656c EFLAGS: 00000296 ORIG_RAX: 0000000000000159
[   85.047696][ T6624] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000200038c0
[   85.049729][ T6624] RDX: 00000000ffffff06 RSI: 0000000000000000 RDI: 0000000000000000
[   85.051768][ T6624] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   85.053807][ T6624] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[   85.055836][ T6624] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   85.057958][ T6624]  </TASK>
[   85.196498][ T1995] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[   85.346397][ T1995] usb 5-1: Using ep0 maxpacket: 16
[   85.349671][ T1995] usb 5-1: config 3 has an invalid interface number: 164 but max is 0
[   85.351814][ T1995] usb 5-1: config 3 contains an unexpected descriptor of type 0x2, skipping
[   85.354073][ T1995] usb 5-1: config 3 has an invalid interface number: 203 but max is 0
[   85.356495][ T1995] usb 5-1: config 3 has 2 interfaces, different from the descriptor's value: 1
[   85.358896][ T1995] usb 5-1: config 3 has no interface number 0
[   85.360480][ T1995] usb 5-1: config 3 has no interface number 1
[   85.362096][ T1995] usb 5-1: config 3 interface 164 altsetting 5 has an endpoint descriptor with address 0x5E, changing to 0xE
[   85.365071][ T1995] usb 5-1: config 3 interface 164 altsetting 5 endpoint 0xE has invalid maxpacket 512, setting to 64
[   85.376522][ T1995] usb 5-1: config 3 interface 164 altsetting 5 has an invalid descriptor for endpoint zero, skipping
[   85.379893][ T1995] usb 5-1: config 3 interface 164 altsetting 5 has an invalid descriptor for endpoint zero, skipping
[   85.382666][ T1995] usb 5-1: config 3 interface 164 altsetting 5 has a duplicate endpoint with address 0x2, skipping
[   85.385448][ T1995] usb 5-1: config 3 interface 164 altsetting 5 has a duplicate endpoint with address 0x2, skipping
[   85.388749][ T1995] usb 5-1: config 3 interface 164 altsetting 5 has 9 endpoint descriptors, different from the interface descriptor's value: 16
[   85.392135][ T1995] usb 5-1: too many endpoints for config 3 interface 203 altsetting 128: 41, using maximum allowed: 30
[   85.394995][ T1995] usb 5-1: config 3 interface 203 altsetting 128 endpoint 0x5 has invalid maxpacket 1023, setting to 64
[   85.406369][ T1995] usb 5-1: config 3 interface 203 altsetting 128 has a duplicate endpoint with address 0x5, skipping
[   85.409148][ T1995] usb 5-1: config 3 interface 203 altsetting 128 has an invalid descriptor for endpoint zero, skipping
[   85.411969][ T1995] usb 5-1: config 3 interface 203 altsetting 128 has a duplicate endpoint with address 0x8, skipping
[   85.415010][ T1995] usb 5-1: config 3 interface 203 altsetting 128 has an invalid descriptor for endpoint zero, skipping
[   85.426360][ T1995] usb 5-1: config 3 interface 203 altsetting 128 has 8 endpoint descriptors, different from the interface descriptor's value: 41
[   85.430741][ T1995] usb 5-1: config 3 interface 164 has no altsetting 0
[   85.432524][ T1995] usb 5-1: config 3 interface 203 has no altsetting 0
[   85.449021][ T1995] usb 5-1: New USB device found, idVendor=ed10, idProduct=7636, bcdDevice= 0.01
[   85.451464][ T1995] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   85.453563][ T1995] usb 5-1: Product: 㦻罺잮燵⪶맂䋨敊겊﭅໵흘奫豩ᰴᔡ떌荴떹㱏盎꽒䚹쵾﷊逿뺚怩阃즋匂ᔂᬘ䵂홆鬽멱ꎓ蛗⯚䄥ꮞ끅䯝⟒႔伯࿓ꎥΣﴸꔈ뢤週
[   85.458381][ T1995] usb 5-1: Manufacturer: ࠐ
[   85.459610][ T1995] usb 5-1: SerialNumber: ꣣ᦠ領俩愽銡娿憿ᨒ謁掽堑ゕ굄౑벇낿䥥ᮄ坡ꁷ၎ᢵ쐕ﾠ웽
[   85.720479][ T6633] netlink: 'syz.1.357': attribute type 10 has an invalid length.
[   85.809452][ T1995] usb-storage 5-1:3.164: USB Mass Storage device detected
[   85.814553][ T1995] usb-storage 5-1:3.164: Quirks match for vid ed10 pid 7636: 80
[   85.878329][ T1995] usb-storage 5-1:3.203: USB Mass Storage device detected
[   85.881143][ T1995] usb-storage 5-1:3.203: Quirks match for vid ed10 pid 7636: 80
[   85.944589][ T1995] usb 5-1: USB disconnect, device number 3
[   86.230889][ T5357] Bluetooth: hci3: unexpected event for opcode 0x0c7b
[   86.232288][ T6643] netlink: 'syz.1.359': attribute type 10 has an invalid length.
[   86.242376][ T6643] netlink: 'syz.1.359': attribute type 10 has an invalid length.
[   86.245163][ T6643] netlink: 2 bytes leftover after parsing attributes in process `syz.1.359'.
[   86.248673][ T6643] team0: entered promiscuous mode
[   86.250618][ T6643] team_slave_0: entered promiscuous mode
[   86.252755][ T6643] team_slave_1: entered promiscuous mode
[   86.254265][ T6643] batadv0: entered promiscuous mode
[   86.257735][ T6643] 8021q: adding VLAN 0 to HW filter on device team0
[   86.259891][ T6643] bridge0: port 3(team0) entered blocking state
[   86.261671][ T6643] bridge0: port 3(team0) entered disabled state
[   86.263387][ T6643] team0: entered allmulticast mode
[   86.264934][ T6643] team_slave_0: entered allmulticast mode
[   86.267486][ T6643] team_slave_1: entered allmulticast mode
[   86.269057][ T6643] batadv0: entered allmulticast mode
[   86.272539][ T6643] bridge0: port 3(team0) entered blocking state
[   86.274945][ T6643] bridge0: port 3(team0) entered forwarding state
[   86.305282][ T6650] netlink: 4 bytes leftover after parsing attributes in process `syz.1.360'.
[   86.733485][   T45] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled
[   86.736219][   T45] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled
[   87.035263][ T6681] 9pnet_virtio: no channels available for device syz
[   87.036070][ T6680] netlink: 16 bytes leftover after parsing attributes in process `syz.0.371'.
[   87.037296][ T6681] 9pnet_virtio: no channels available for device syz
[   87.039515][ T6680] netlink: 4 bytes leftover after parsing attributes in process `syz.0.371'.
[   87.149995][ T6685] netlink: 4 bytes leftover after parsing attributes in process `syz.0.372'.
[   87.237973][ T6691] netlink: 72 bytes leftover after parsing attributes in process `syz.0.375'.
[   87.241185][ T6691] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'syz0'
[   87.317469][ T6699] team0: entered promiscuous mode
[   87.318848][ T6699] team_slave_0: entered promiscuous mode
[   87.320417][ T6699] team_slave_1: entered promiscuous mode
[   87.321928][ T6699] batadv0: entered promiscuous mode
[   87.323348][ T6699] mac80211_hwsim hwsim9 wlan1: entered promiscuous mode
[   87.326154][ T6701] netlink: 4 bytes leftover after parsing attributes in process `syz.2.380'.
[   87.329357][ T6699] team_slave_0: entered allmulticast mode
[   87.334446][ T6699] team0: Port device team_slave_0 removed
[   87.339751][ T6698] team0: left promiscuous mode
[   87.341457][ T6698] team_slave_1: left promiscuous mode
[   87.343139][ T6698] batadv0: left promiscuous mode
[   87.345083][ T6698] mac80211_hwsim hwsim9 wlan1: left promiscuous mode
[   87.385491][   T39] audit: type=1326 audit(1729441669.852:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6702 comm="syz.0.382" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f73579 code=0x7ffc0000
[   87.391955][   T39] audit: type=1326 audit(1729441669.852:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6702 comm="syz.0.382" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f73579 code=0x7ffc0000
[   87.400457][   T39] audit: type=1326 audit(1729441669.862:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6702 comm="syz.0.382" exe="/syz-executor" sig=0 arch=40000003 syscall=97 compat=1 ip=0xf7f73579 code=0x7ffc0000
[   87.406155][   T39] audit: type=1326 audit(1729441669.862:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6702 comm="syz.0.382" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f73579 code=0x7ffc0000
[   87.412403][   T39] audit: type=1326 audit(1729441669.862:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6702 comm="syz.0.382" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f73579 code=0x7ffc0000
[   87.419031][   T39] audit: type=1326 audit(1729441669.862:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6702 comm="syz.0.382" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7f73579 code=0x7ffc0000
[   87.424777][   T39] audit: type=1326 audit(1729441669.862:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6702 comm="syz.0.382" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f73579 code=0x7ffc0000
[   87.430222][   T39] audit: type=1326 audit(1729441669.862:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6702 comm="syz.0.382" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f73579 code=0x7ffc0000
[   87.437147][   T39] audit: type=1326 audit(1729441669.862:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6702 comm="syz.0.382" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7f73579 code=0x7ffc0000
[   87.442391][   T39] audit: type=1326 audit(1729441669.862:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6702 comm="syz.0.382" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f73579 code=0x7ffc0000
[   87.902613][ T6723] netlink: 4 bytes leftover after parsing attributes in process `syz.1.386'.
[   89.809542][ T6769] netlink: 'syz.0.396': attribute type 10 has an invalid length.
[   90.258263][ T5357] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0
[   90.260667][ T5357] Bluetooth: hci3: Injecting HCI hardware error event
[   90.264286][   T65] Bluetooth: hci3: hardware error 0x00
[   91.006944][ T6790] netlink: 'syz.0.408': attribute type 10 has an invalid length.
[   91.196397][ T1995] usb 7-1: new high-speed USB device number 6 using dummy_hcd
[   91.356486][ T1995] usb 7-1: Using ep0 maxpacket: 16
[   91.359106][ T1995] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   91.362100][ T1995] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   91.365209][ T1995] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[   91.369443][ T1995] usb 7-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[   91.372809][ T1995] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   91.376511][ T1995] usb 7-1: config 0 descriptor??
[   91.718576][ T6798] openvswitch: netlink: Missing key (keys=40, expected=100)
[   91.792276][ T1995] microsoft 0003:045E:07DA.0002: unknown main item tag 0x0
[   91.796993][ T1995] microsoft 0003:045E:07DA.0002: unknown main item tag 0x0
[   91.802508][ T1995] input: HID 045e:07da as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:0.0/0003:045E:07DA.0002/input/input9
[   91.898575][ T1995] microsoft 0003:045E:07DA.0002: input,hidraw1: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.2-1/input0
[   92.336401][   T65] Bluetooth: hci3: Opcode 0x0c03 failed: -110
[   92.372613][ T6820] netlink: 'syz.1.413': attribute type 10 has an invalid length.
[   92.508446][ T1995] usb 7-1: USB disconnect, device number 6
[   92.977573][   T65] Bluetooth: hci4: command 0x0405 tx timeout
[   92.997860][ T6831] __nla_validate_parse: 4 callbacks suppressed
[   92.997871][ T6831] netlink: 4 bytes leftover after parsing attributes in process `syz.2.417'.
[   93.543445][ T6853] netlink: 14 bytes leftover after parsing attributes in process `syz.1.420'.
[   93.682425][ T6853] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   93.690616][ T6853] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   93.699448][ T6853] bond0 (unregistering): Released all slaves
[   94.420978][ T6862] netlink: 'syz.2.422': attribute type 10 has an invalid length.
[   94.452238][ T6866] netlink: 4 bytes leftover after parsing attributes in process `syz.0.425'.
[   94.455154][ T6866] netlink: 28 bytes leftover after parsing attributes in process `syz.0.425'.
[   94.690612][ T6875] netlink: 'syz.1.423': attribute type 10 has an invalid length.
[   95.048076][ T6878] FAULT_INJECTION: forcing a failure.
[   95.048076][ T6878] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   95.052552][ T6878] CPU: 0 UID: 0 PID: 6878 Comm: syz.2.429 Not tainted 6.12.0-rc3-syzkaller-00420-g715ca9dd687f #0
[   95.056190][ T6878] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   95.056425][   T65] Bluetooth: hci4: command 0x0405 tx timeout
[   95.059819][ T6878] Call Trace:
[   95.059830][ T6878]  <TASK>
[   95.059837][ T6878]  dump_stack_lvl+0x16c/0x1f0
[   95.059918][ T6878]  should_fail_ex+0x497/0x5b0
[   95.067130][ T6878]  _copy_from_user+0x30/0xf0
[   95.068751][ T6878]  get_compat_msghdr+0xa8/0x170
[   95.070420][ T6878]  ? __pfx_get_compat_msghdr+0x10/0x10
[   95.072278][ T6878]  ? __pfx___lock_acquire+0x10/0x10
[   95.074041][ T6878]  ___sys_sendmsg+0x1b0/0x1e0
[   95.075657][ T6878]  ? __pfx____sys_sendmsg+0x10/0x10
[   95.077439][ T6878]  ? lock_acquire+0x2f/0xb0
[   95.079000][ T6878]  ? __fget_files+0x40/0x3f0
[   95.080595][ T6878]  ? __pfx___might_resched+0x10/0x10
[   95.082380][ T6878]  ? fdget+0x176/0x210
[   95.083805][ T6878]  __sys_sendmmsg+0x2a5/0x450
[   95.085410][ T6878]  ? __pfx___sys_sendmmsg+0x10/0x10
[   95.087170][ T6878]  ? vfs_write+0x14d/0x1140
[   95.088738][ T6878]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[   95.090775][ T6878]  ? fput+0x30/0x390
[   95.092134][ T6878]  ? ksys_write+0x1ad/0x260
[   95.093851][ T6878]  ? __pfx_ksys_write+0x10/0x10
[   95.095537][ T6878]  __ia32_compat_sys_sendmmsg+0x9d/0x100
[   95.097432][ T6878]  ? syscall_enter_from_user_mode_prepare+0x68/0xe0
[   95.099674][ T6878]  __do_fast_syscall_32+0x73/0x120
[   95.101426][ T6878]  do_fast_syscall_32+0x32/0x80
[   95.103090][ T6878]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[   95.105462][ T6878] RIP: 0023:0xf748e579
[   95.106877][ T6878] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[   95.113338][ T6878] RSP: 002b:00000000f577656c EFLAGS: 00000296 ORIG_RAX: 0000000000000159
[   95.115729][ T6878] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000200038c0
[   95.117768][ T6878] RDX: 00000000ffffff06 RSI: 0000000000000000 RDI: 0000000000000000
[   95.119829][ T6878] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   95.121886][ T6878] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[   95.123989][ T6878] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   95.126044][ T6878]  </TASK>
[   95.193887][   T39] kauditd_printk_skb: 20 callbacks suppressed
[   95.193901][   T39] audit: type=1326 audit(1729441677.662:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6881 comm="syz.2.431" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf748e579 code=0x7ffc0000
[   95.203044][   T39] audit: type=1326 audit(1729441677.662:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6881 comm="syz.2.431" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf748e579 code=0x7ffc0000
[   95.212420][   T39] audit: type=1326 audit(1729441677.662:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6881 comm="syz.2.431" exe="/syz-executor" sig=0 arch=40000003 syscall=120 compat=1 ip=0xf748e579 code=0x7ffc0000
[   95.220896][   T39] audit: type=1326 audit(1729441677.672:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6886 comm="syz.2.431" exe="/syz-executor" sig=0 arch=40000003 syscall=267 compat=1 ip=0xf748e579 code=0x7ffc0000
[   95.227286][   T39] audit: type=1326 audit(1729441677.672:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6881 comm="syz.2.431" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf748e579 code=0x7ffc0000
[   95.232694][   T39] audit: type=1326 audit(1729441677.672:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6881 comm="syz.2.431" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf748e579 code=0x7ffc0000
[   95.239045][   T39] audit: type=1326 audit(1729441677.672:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6881 comm="syz.2.431" exe="/syz-executor" sig=0 arch=40000003 syscall=20 compat=1 ip=0xf748e579 code=0x7ffc0000
[   95.246066][   T39] audit: type=1326 audit(1729441677.672:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6881 comm="syz.2.431" exe="/syz-executor" sig=0 arch=40000003 syscall=173 compat=1 ip=0xf748e5a7 code=0x7ffc0000
[   95.252864][   T39] audit: type=1326 audit(1729441677.672:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6881 comm="syz.2.431" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf748e579 code=0x7ffc0000
[   95.259477][   T39] audit: type=1326 audit(1729441677.672:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6881 comm="syz.2.431" exe="/syz-executor" sig=0 arch=40000003 syscall=114 compat=1 ip=0xf748e579 code=0x7ffc0000
[   95.427783][ T6895] netlink: 4 bytes leftover after parsing attributes in process `syz.2.435'.
[   95.431777][ T6895] netlink: 28 bytes leftover after parsing attributes in process `syz.2.435'.
[   95.590847][ T6901] input: syz1 as /devices/virtual/input/input10
[   95.736432][ T5408] usb 7-1: new high-speed USB device number 7 using dummy_hcd
[   95.891093][ T5408] usb 7-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f
[   95.893640][ T5408] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   95.895816][ T5408] usb 7-1: Product: syz
[   95.897105][ T5408] usb 7-1: Manufacturer: syz
[   95.898361][ T5408] usb 7-1: SerialNumber: syz
[   95.900656][ T5408] usb 7-1: config 0 descriptor??
[   96.107704][ T6908] netlink: 'syz.0.440': attribute type 10 has an invalid length.
[   96.373198][ T6919] netlink: 4 bytes leftover after parsing attributes in process `syz.1.443'.
[   96.376467][ T6919] netlink: 28 bytes leftover after parsing attributes in process `syz.1.443'.
[   96.726698][ T6925] netlink: 'syz.1.445': attribute type 1 has an invalid length.
[   96.728751][ T6925] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[   96.730616][ T6925] IPv6: NLM_F_CREATE should be set when creating new route
[   97.136522][   T65] Bluetooth: hci4: command 0x0405 tx timeout
[   97.311774][ T6932] netlink: 'syz.1.446': attribute type 10 has an invalid length.
[   98.421763][ T6949] netlink: 4 bytes leftover after parsing attributes in process `syz.0.451'.
[   98.426139][ T6949] netlink: 28 bytes leftover after parsing attributes in process `syz.0.451'.
[   98.446424][   T58] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[   98.507181][ T5408] usb 7-1: USB disconnect, device number 7
[   98.607296][   T58] usb 6-1: Using ep0 maxpacket: 8
[   98.610240][   T58] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 1536, setting to 1024
[   98.613080][   T58] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[   98.615731][   T58] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[   98.618743][   T58] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[   98.622306][   T58] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[   98.624670][   T58] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   99.211512][ T6958] netlink: 'syz.2.454': attribute type 10 has an invalid length.
[   99.342269][   T58] usb 6-1: usb_control_msg returned -71
[   99.343811][   T58] usbtmc 6-1:16.0: can't read capabilities
[   99.350498][   T58] usb 6-1: USB disconnect, device number 3
[  100.501281][ T6975] netlink: 4 bytes leftover after parsing attributes in process `syz.1.465'.
[  100.691292][ T6977] netlink: 'syz.2.457': attribute type 10 has an invalid length.
[  101.108727][ T6985] netlink: 4 bytes leftover after parsing attributes in process `syz.1.459'.
[  101.276552][ T6990] netlink: 4 bytes leftover after parsing attributes in process `syz.2.460'.
[  101.279420][ T6990] netlink: 28 bytes leftover after parsing attributes in process `syz.2.460'.
[  102.223152][ T6999] netlink: 52 bytes leftover after parsing attributes in process `syz.2.464'.
[  102.453991][ T7000] netlink: 'syz.0.463': attribute type 10 has an invalid length.
[  102.489895][ T7008] netlink: 'syz.2.467': attribute type 10 has an invalid length.
[  103.210132][ T7014] netlink: 4 bytes leftover after parsing attributes in process `syz.1.470'.
[  103.213007][ T7014] netlink: 28 bytes leftover after parsing attributes in process `syz.1.470'.
[  103.235352][ T7017] netlink: 'syz.1.471': attribute type 1 has an invalid length.
[  103.244514][ T7017] 8021q: adding VLAN 0 to HW filter on device bond0
[  103.252426][ T7017] 8021q: adding VLAN 0 to HW filter on device bond0
[  103.254291][ T7017] bond0: (slave ip6tnl1): The slave device specified does not support setting the MAC address
[  103.257993][ T7017] bond0: (slave ip6tnl1): Error -95 calling set_mac_address
[  103.263196][ T7019] netlink: 'syz.0.469': attribute type 10 has an invalid length.
[  103.321120][ T7023] netlink: 4 bytes leftover after parsing attributes in process `syz.1.472'.
[  113.468458][ T7041] netlink: 4 bytes leftover after parsing attributes in process `syz.1.478'.
[  113.471577][ T7041] netlink: 24 bytes leftover after parsing attributes in process `syz.1.478'.
[  113.475978][ T7042] ipvlan2: entered promiscuous mode
[  113.478052][ T7042] 8021q: adding VLAN 0 to HW filter on device ipvlan2
[  113.480218][ T7042] bond0: (slave ipvlan2): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[  113.541357][   T65] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  113.544261][   T65] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  113.547266][   T65] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  113.551777][   T65] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  113.553850][   T65] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  113.555718][   T65] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  113.622807][ T7054] netlink: 16 bytes leftover after parsing attributes in process `syz.2.481'.
[  113.681486][ T7046] chnl_net:caif_netlink_parms(): no params data found
[  113.825245][ T7046] bridge0: port 1(bridge_slave_0) entered blocking state
[  113.827399][ T7046] bridge0: port 1(bridge_slave_0) entered disabled state
[  113.829405][ T7046] bridge_slave_0: entered allmulticast mode
[  113.832763][ T7046] bridge_slave_0: entered promiscuous mode
[  113.835889][ T7046] bridge0: port 2(bridge_slave_1) entered blocking state
[  113.837960][ T7046] bridge0: port 2(bridge_slave_1) entered disabled state
[  113.840371][ T7046] bridge_slave_1: entered allmulticast mode
[  113.842767][ T7046] bridge_slave_1: entered promiscuous mode
[  113.882467][ T7046] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  113.887766][ T7046] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  113.932193][ T7046] team0: Port device team_slave_0 added
[  113.936566][ T7046] team0: Port device team_slave_1 added
[  113.964879][ T7046] batman_adv: batadv0: Adding interface: batadv_slave_0
[  113.967316][ T7046] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  113.973977][ T7046] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  113.979909][ T7046] batman_adv: batadv0: Adding interface: batadv_slave_1
[  113.981832][ T7046] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  113.989003][ T7046] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  113.992882][ T7069] netlink: 'syz.2.484': attribute type 10 has an invalid length.
[  114.039396][ T7046] hsr_slave_0: entered promiscuous mode
[  114.042254][ T7046] hsr_slave_1: entered promiscuous mode
[  114.045525][ T7046] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  114.048461][ T7046] Cannot create hsr debugfs directory
[  114.155356][ T7046] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  114.207914][ T7046] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  114.300405][ T7046] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  114.366229][ T7046] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  114.447382][ T7046] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  114.450642][ T7046] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  114.453548][ T7046] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  114.456463][ T7046] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  114.465949][ T7046] bridge0: port 2(bridge_slave_1) entered blocking state
[  114.467886][ T7046] bridge0: port 2(bridge_slave_1) entered forwarding state
[  114.469826][ T7046] bridge0: port 1(bridge_slave_0) entered blocking state
[  114.471679][ T7046] bridge0: port 1(bridge_slave_0) entered forwarding state
[  114.492875][ T7046] 8021q: adding VLAN 0 to HW filter on device bond0
[  114.502881][  T105] bridge0: port 1(bridge_slave_0) entered disabled state
[  114.509659][  T105] bridge0: port 2(bridge_slave_1) entered disabled state
[  114.528739][ T7046] 8021q: adding VLAN 0 to HW filter on device team0
[  114.534588][  T105] bridge0: port 1(bridge_slave_0) entered blocking state
[  114.536517][  T105] bridge0: port 1(bridge_slave_0) entered forwarding state
[  114.541530][  T105] bridge0: port 2(bridge_slave_1) entered blocking state
[  114.543411][  T105] bridge0: port 2(bridge_slave_1) entered forwarding state
[  114.635151][ T7046] 8021q: adding VLAN 0 to HW filter on device batadv0
[  114.652005][ T7046] veth0_vlan: entered promiscuous mode
[  114.656139][ T7046] veth1_vlan: entered promiscuous mode
[  114.667717][ T7046] veth0_macvtap: entered promiscuous mode
[  114.670951][ T7046] veth1_macvtap: entered promiscuous mode
[  114.676981][ T7046] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  114.679687][ T7046] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  114.682175][ T7046] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  114.684925][ T7046] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  114.690032][ T7046] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  114.692692][ T7046] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  114.696378][ T7046] batman_adv: batadv0: Interface activated: batadv_slave_0
[  114.700003][ T7078] netlink: 4 bytes leftover after parsing attributes in process `syz.1.486'.
[  114.708783][ T7078] netlink: 24 bytes leftover after parsing attributes in process `syz.1.486'.
[  114.712367][ T7046] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  114.715182][ T7046] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  114.718274][ T7046] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  114.720993][ T7046] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  114.723502][ T7046] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  114.726150][ T7046] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  114.728872][ T7046] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  114.731550][ T7046] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  114.734734][ T7046] batman_adv: batadv0: Interface activated: batadv_slave_1
[  114.745720][ T7046] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  114.750771][ T7046] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  114.753104][ T7046] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  114.755427][ T7046] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  114.784253][   T45] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  114.788520][   T45] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  114.799553][   T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  114.801647][   T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  114.835647][ T7083] netlink: 4 bytes leftover after parsing attributes in process `syz.1.493'.
[  114.840448][ T7083] netlink: 24 bytes leftover after parsing attributes in process `syz.1.493'.
[  115.091503][ T7086] netlink: 'syz.0.477': attribute type 10 has an invalid length.
[  115.293527][ T7086] 8021q: adding VLAN 0 to HW filter on device batadv0
[  115.296482][ T7086] team0: Port device batadv0 added
[  115.626418][ T5357] Bluetooth: hci2: command tx timeout
[  115.914030][ T7098] netlink: 'syz.2.489': attribute type 10 has an invalid length.
[  116.658395][ T7107] netlink: 'syz.0.491': attribute type 10 has an invalid length.
[  116.771217][ T7111] netlink: 8 bytes leftover after parsing attributes in process `syz.1.494'.
[  116.797339][ T7113] netlink: 4 bytes leftover after parsing attributes in process `syz.1.495'.
[  116.800503][ T7113] netlink: 12 bytes leftover after parsing attributes in process `syz.1.495'.
[  116.950960][ T7121] vxcan0: tx drop: invalid sa for name 0x0000000000000002
[  117.696362][ T5357] Bluetooth: hci2: command tx timeout
[  119.776525][ T5357] Bluetooth: hci2: command tx timeout
[  121.856481][ T5357] Bluetooth: hci2: command tx timeout
[  126.309503][   T65] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  126.312661][   T65] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  126.316465][   T65] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  126.319846][   T65] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  126.322984][   T65] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[  126.325733][   T65] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  126.406655][ T7134] chnl_net:caif_netlink_parms(): no params data found
[  126.441762][ T7134] bridge0: port 1(bridge_slave_0) entered blocking state
[  126.443712][ T7134] bridge0: port 1(bridge_slave_0) entered disabled state
[  126.445582][ T7134] bridge_slave_0: entered allmulticast mode
[  126.447729][ T7134] bridge_slave_0: entered promiscuous mode
[  126.450299][ T7134] bridge0: port 2(bridge_slave_1) entered blocking state
[  126.452190][ T7134] bridge0: port 2(bridge_slave_1) entered disabled state
[  126.454045][ T7134] bridge_slave_1: entered allmulticast mode
[  126.456033][ T7134] bridge_slave_1: entered promiscuous mode
[  126.476901][ T7134] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  126.480529][ T7134] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  126.500530][ T7134] team0: Port device team_slave_0 added
[  126.504012][ T7134] team0: Port device team_slave_1 added
[  126.520730][ T7134] batman_adv: batadv0: Adding interface: batadv_slave_0
[  126.522540][ T7134] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  126.530028][ T7134] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  126.533630][ T7134] batman_adv: batadv0: Adding interface: batadv_slave_1
[  126.535491][ T7134] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  126.542113][ T7134] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  126.563968][ T7134] hsr_slave_0: entered promiscuous mode
[  126.565867][ T7134] hsr_slave_1: entered promiscuous mode
[  126.567805][ T7134] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  126.569755][ T7134] Cannot create hsr debugfs directory
[  126.630254][ T7134] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  126.710888][ T7134] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  126.776892][ T7134] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  126.846219][ T7134] bond0: (slave ): Releasing backup interface
[  126.850085][ T7134] netdevsim netdevsim2  (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  126.922878][ T7134] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  126.925801][ T7134] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  126.929049][ T7134] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  126.932343][ T7134] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  126.941633][ T7134] bridge0: port 2(bridge_slave_1) entered blocking state
[  126.943504][ T7134] bridge0: port 2(bridge_slave_1) entered forwarding state
[  126.945431][ T7134] bridge0: port 1(bridge_slave_0) entered blocking state
[  126.947814][ T7134] bridge0: port 1(bridge_slave_0) entered forwarding state
[  126.973985][ T7134] 8021q: adding VLAN 0 to HW filter on device bond0
[  126.981323][  T105] bridge0: port 1(bridge_slave_0) entered disabled state
[  126.985706][  T105] bridge0: port 2(bridge_slave_1) entered disabled state
[  127.000771][ T7134] 8021q: adding VLAN 0 to HW filter on device team0
[  127.006400][   T69] bridge0: port 1(bridge_slave_0) entered blocking state
[  127.008308][   T69] bridge0: port 1(bridge_slave_0) entered forwarding state
[  127.012472][  T105] bridge0: port 2(bridge_slave_1) entered blocking state
[  127.014323][  T105] bridge0: port 2(bridge_slave_1) entered forwarding state
[  127.087127][ T7134] 8021q: adding VLAN 0 to HW filter on device batadv0
[  127.102873][ T7134] veth0_vlan: entered promiscuous mode
[  127.107897][ T7134] veth1_vlan: entered promiscuous mode
[  127.119634][ T7134] veth0_macvtap: entered promiscuous mode
[  127.122527][ T7134] veth1_macvtap: entered promiscuous mode
[  127.129334][ T7134] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  127.132037][ T7134] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  127.134508][ T7134] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  127.137978][ T7134] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  127.140502][ T7134] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  127.143164][ T7134] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  127.145660][ T7134] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  127.148566][ T7134] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  127.152374][ T7134] batman_adv: batadv0: Interface activated: batadv_slave_0
[  127.157597][ T7134] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  127.160285][ T7134] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  127.163887][ T7134] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  127.166946][ T7134] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  127.169470][ T7134] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  127.172132][ T7134] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  127.174616][ T7134] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  127.177319][ T7134] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  127.179818][ T7134] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  127.182468][ T7134] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  127.185917][ T7134] batman_adv: batadv0: Interface activated: batadv_slave_1
[  127.189999][ T7134] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  127.192661][ T7134] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  127.194893][ T7134] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  127.197307][ T7134] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  127.220787][   T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  127.222866][   T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  127.236012][  T105] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  127.238969][  T105] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  127.779595][ T7161] [U] 
[  127.783787][ T7161] [U] 
[  127.784741][ T7161] [U] �B�-LRJ[��Ć��ќ6�}�%�4̾	��H����@K��-�Y�LE��U�������@��F���%PEZE,���9F��*�
[  127.787528][ T7161] [U] CW����* �9J�Q�#E��SW���C��V�1����!�	��GP�X
[  127.789415][ T7161] [U] N%�9���C�_��Nʅ�BC��$���4�(���
[  127.791441][ T7161] [U] H� Q�؛T��O�R�I#ı�TNBS_RЬ���ƫ�
:�؀�ɦT�ȯ��0�������ÏWڙ_[HN%
[  127.793886][ T7161] [U] Ϡ����4�RЛ���<)�6JG؃��K�^�R\
[  127.795938][ T7161] [U] 7�R:�J37�
[  127.800835][ T7161] [U] Y�P�<��ԅ�U��
H�3ư-�̤��\PQBX�!Q6���SO'}��[���P5O�>�D��֎Y�J>|H0=�ԷT�X��Z�Y֦ʢ
Ě4��IǢ�5AZ��~ZA�~�K�^�TG�S�J�I:�����OD!M2K�W��R>ƈΗKC?X�8��H��*�@QEۻ�U	��.J9�ȓ~�{��`���'R)�-�Ǭ��=5��֝JLY �C�B��;+LP��,F�N����Y�%�3�P���&�)��][�ȋ4�L�ö��!�J�>	��
[  127.808667][ T7161] [U] �.”C�֯��EJ�J
�@�K�J�605RXU�TT�O�&�X�O��֕�\��&�����N
%Y����17�6`��I�W
[  127.811718][ T7161] [U] ���M<@N��KJ(��6)�)�V��LR�
[  127.813615][ T7161] [U] >YG��Z�?��`�O�M�X؍Ӈ�"������9+��DE���{�Ō$~B�YD�UME�!X�ݛA��AU�}J��£2N%MB�Q���
[  127.819247][ T7161] [U] �WV���W�@HZ�=�(��E��J�~�OS@��B�H�:"����!�JI��UJ=��)ΎU��	G����Ԗ=Y=�K�AD��
R�����:=�S����AX���X
[  127.822856][ T7161] [U] BIޙE��}�ET�@�3�(� ����V����{�κ��~�UK+�{3T��$ƻ.�N[8S�ʇ��""�ʔ̺�]R�G�5
[  127.825437][ T7161] [U] V�{ը�VNB>DM��T���Q�T�
����
[  127.827533][ T7161] [U] G�*|�9ٺ�ņ�
[  127.828690][ T7161] [U] G��MIU�E!��T
ό*ߐ�8A7I5�-|��6LK
[  127.830604][ T7161] [U] Nū�D���	��S}R��B��Y�W<����C�����H�\�F��D.�����F�PK�ϋ,���C�ڜ.�;
��EY��K��]Z>��I����OQ&
O������,P��]�,7͛��U���I���
[  127.835203][ T7161] [U] ��	$�L�U2��F_3�+|NW�µZ�EǗ�P1W~���N�(�O͝��8�D�	�S��CDʮF�65�Z�G�R�ް�{���T���K�"@�����:�5}G�B��DѸ��\K�
[  127.840584][ T7161] [U] ����Y��ҟ8�4�4N<;
[  127.842413][ T7161] [U] ���U�I�7X#E�4VML��ȋ���G͔�A��)-���(�N̗N����L#�)׌SU��6�
[  127.844938][ T7161] [U] )�<��E?�A��Uܤ�9��%]��DCC�E+L<'T��1Kȅ��3��.ɻ����WS������ZY�ϼ9I>����
]�Ȝ}{�
/`�ܿ5'�E�	41�TNAX߿ʯ�ϭQ��ëI T�%�G�7L~�B�S
[  127.849197][ T7161] [U] �͢���
[  127.851121][ T7161] [U] Z��U�Ī�4��&˙�E~�8E�σ1��L{ȨGV�Y$PN�O4M���*F�`��A��T��M0?*I�#;�Ѥ+4V
���GA
�ݬ�%H��[�A�YX)LG]F ��H�|�ZV�E�/�ϧ1�7Ǭ�-ǽ��H�O+��^�)8�&E�@A8G˅�-�WR��S��-V�-ұ�O>�ŝQ���#9�UA�H�)F������SA֙�I�N��Z@�C���>K�L�VD^1�)�M$/��Є78..��Q���A�|��Ȧ)�9�">D>E��#I��`\�|{�U�FH.. �EM�W}]5��-,ŢRK}�F��Q���C�O*�P������N�F��
[  127.861772][ T7161] [U] ����
[  127.862967][ T7161] [U] T�0ԝ�*�հ�
�XA����ɣ�A4W�K����C]X����]�L���=�
[  127.865020][ T7161] [U] �$C
UGS�EԲ6���������T�τPP˒Z3T2ȍ���9W-��֑̙�AR���ݻNB�ڎ�
��:^X��ϧ��B�����̲~�{J��
[  127.870633][ T7161] [U] ��T̷E��' 2���L*�A��-�;P;BT��.�N�`��_Ӯ�;��*�U;��5C#R/��Q�K�*M���S�A����#)A�B��>�Yؐ�O\;^��'��O�5_�Y�H����L
�CE��&A�`;œ�ԸЕ�S��S��Ƈ{�H�� �TM�0����BI^L��>���8�٢VV8<��-�{$>�D	���ý]�W����U���0?K�˼ڹ�[UIRB_IL�/ES��I*�W�S�*�ZS���͎ђ��
[  127.878004][ T7161] [U] 
[  127.882602][ T7158] [U] 
[  127.941168][ T7164] netlink: 4 bytes leftover after parsing attributes in process `syz.1.503'.
[  127.944568][ T7164] netlink: 12 bytes leftover after parsing attributes in process `syz.1.503'.
[  128.133792][ T7171] FAULT_INJECTION: forcing a failure.
[  128.133792][ T7171] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  128.137307][ T7171] CPU: 3 UID: 0 PID: 7171 Comm: syz.1.506 Not tainted 6.12.0-rc3-syzkaller-00420-g715ca9dd687f #0
[  128.140022][ T7171] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  128.142789][ T7171] Call Trace:
[  128.143686][ T7171]  <TASK>
[  128.144462][ T7171]  dump_stack_lvl+0x16c/0x1f0
[  128.145704][ T7171]  should_fail_ex+0x497/0x5b0
[  128.146936][ T7171]  ? fs_reclaim_acquire+0xae/0x150
[  128.148257][ T7171]  should_fail_alloc_page+0xe7/0x130
[  128.149634][ T7171]  prepare_alloc_pages.constprop.0+0x16f/0x560
[  128.151245][ T7171]  ? __pfx_mark_lock+0x10/0x10
[  128.152500][ T7171]  __alloc_pages_noprof+0x190/0x25a0
[  128.153873][ T7171]  ? mark_lock+0xb5/0xc60
[  128.155012][ T7171]  ? __pfx_mark_lock+0x10/0x10
[  128.156270][ T7171]  ? hlock_class+0x4e/0x130
[  128.157632][ T7171]  ? mark_lock+0xb5/0xc60
[  128.158765][ T7171]  ? __pfx___alloc_pages_noprof+0x10/0x10
[  128.160259][ T7171]  ? __pfx_mark_lock+0x10/0x10
[  128.161511][ T7171]  ? hlock_class+0x4e/0x130
[  128.162699][ T7171]  ? mark_lock+0xb5/0xc60
[  128.163851][ T7171]  ? hlock_class+0x4e/0x130
[  128.165049][ T7171]  ? __lock_acquire+0xbdd/0x3ce0
[  128.166341][ T7171]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  128.167885][ T7171]  ? policy_nodemask+0xea/0x4e0
[  128.169160][ T7171]  alloc_pages_mpol_noprof+0x2c9/0x610
[  128.170579][ T7171]  ? __pfx_alloc_pages_mpol_noprof+0x10/0x10
[  128.172151][ T7171]  ? find_held_lock+0x2d/0x110
[  128.173406][ T7171]  folio_alloc_mpol_noprof+0x36/0xd0
[  128.174775][ T7171]  shmem_alloc_folio+0x135/0x160
[  128.176079][ T7171]  shmem_alloc_and_add_folio+0x48b/0xc00
[  128.177542][ T7171]  ? __pfx_shmem_alloc_and_add_folio+0x10/0x10
[  128.179142][ T7171]  ? shmem_allowable_huge_orders+0xcd/0x3f0
[  128.180688][ T7171]  shmem_get_folio_gfp+0x689/0x1530
[  128.182051][ T7171]  ? __pfx_shmem_get_folio_gfp+0x10/0x10
[  128.183526][ T7171]  ? filemap_map_pages+0xf93/0x16a0
[  128.184886][ T7171]  shmem_fault+0x200/0xae0
[  128.186060][ T7171]  ? __pfx_shmem_fault+0x10/0x10
[  128.187365][ T7171]  ? do_pte_missing+0xdc2/0x3e50
[  128.188659][ T7171]  ? __pfx_lock_release+0x10/0x10
[  128.189983][ T7171]  __do_fault+0x10a/0x490
[  128.191121][ T7171]  do_pte_missing+0xea8/0x3e50
[  128.192401][ T7171]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  128.193866][ T7171]  ? rcu_is_watching+0x12/0xc0
[  128.195124][ T7171]  __handle_mm_fault+0x100a/0x2a10
[  128.196472][ T7171]  ? __pfx___handle_mm_fault+0x10/0x10
[  128.197893][ T7171]  ? __pfx_lock_release+0x10/0x10
[  128.199228][ T7171]  ? follow_page_pte+0x50d/0x1eb0
[  128.200553][ T7171]  handle_mm_fault+0x3fa/0xaa0
[  128.201810][ T7171]  __get_user_pages+0x90f/0x3b90
[  128.203127][ T7171]  ? __pfx_mt_find+0x10/0x10
[  128.204344][ T7171]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  128.205803][ T7171]  ? __pfx___get_user_pages+0x10/0x10
[  128.207210][ T7171]  populate_vma_page_range+0x27f/0x3a0
[  128.208634][ T7171]  ? __pfx_populate_vma_page_range+0x10/0x10
[  128.210198][ T7171]  ? __pfx_find_vma_intersection+0x10/0x10
[  128.211720][ T7171]  ? vm_mmap_pgoff+0x25b/0x360
[  128.212975][ T7171]  __mm_populate+0x1d6/0x380
[  128.214190][ T7171]  ? __pfx___mm_populate+0x10/0x10
[  128.215533][ T7171]  ? up_write+0x1b2/0x520
[  128.216664][ T7171]  vm_mmap_pgoff+0x293/0x360
[  128.217877][ T7171]  ? __pfx_vm_mmap_pgoff+0x10/0x10
[  128.219225][ T7171]  ? arch_syscall_is_vdso_sigreturn+0x1bd/0x230
[  128.220860][ T7171]  ksys_mmap_pgoff+0x7d/0x5c0
[  128.222097][ T7171]  ? __ia32_sys_mmap_pgoff+0x11/0x1b0
[  128.223516][ T7171]  __do_fast_syscall_32+0x73/0x120
[  128.224856][ T7171]  do_fast_syscall_32+0x32/0x80
[  128.226137][ T7171]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  128.227791][ T7171] RIP: 0023:0xf73be579
[  128.228867][ T7171] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  128.235142][ T7171] RSP: 002b:00000000f56a656c EFLAGS: 00000296 ORIG_RAX: 00000000000000c0
[  128.237577][ T7171] RAX: ffffffffffffffda RBX: 0000000020000000 RCX: 0000000000b36000
[  128.239647][ T7171] RDX: 0000000006ebbeee RSI: 0000000000008031 RDI: 00000000ffffffff
[  128.242104][ T7171] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  128.244112][ T7171] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  128.246180][ T7171] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  128.248250][ T7171]  </TASK>
[  128.306681][ T7174] nbd: socks must be embedded in a SOCK_ITEM attr
[  128.343104][ T5357] Bluetooth: hci5: command tx timeout
[  128.350706][ T7176] netlink: 'syz.0.505': attribute type 10 has an invalid length.
[  128.505010][ T7188] netlink: 4 bytes leftover after parsing attributes in process `syz.2.511'.
[  128.508266][ T7188] netlink: 12 bytes leftover after parsing attributes in process `syz.2.511'.
[  128.535854][ T7190] netlink: 'syz.2.512': attribute type 1 has an invalid length.
[  128.546857][ T7192] binder: 7191:7192 ioctl c0306201 0 returned -14
[  128.549073][ T7192] binder: BINDER_SET_CONTEXT_MGR already set
[  128.550705][ T7192] binder: 7191:7192 ioctl 4018620d 20000040 returned -16
[  128.668000][ T7199] netlink: 'syz.1.516': attribute type 1 has an invalid length.
[  128.675930][ T7199] 8021q: adding VLAN 0 to HW filter on device bond3
[  128.708296][ T7202] team0: default FDB implementation only supports local addresses
[  128.717275][ T7202] sp0: Synchronizing with TNC
[  128.867881][ T7201] [U] �
[  128.967977][ T7217] netlink: 4 bytes leftover after parsing attributes in process `syz.1.521'.
[  128.970866][ T7217] netlink: 12 bytes leftover after parsing attributes in process `syz.1.521'.
[  128.996801][ T7219] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'syz0'
[  129.022632][ T7223] netlink: 12 bytes leftover after parsing attributes in process `syz.1.524'.
[  129.025016][ T7223] netlink: 52 bytes leftover after parsing attributes in process `syz.1.524'.
[  129.176359][   T58] usb 7-1: new high-speed USB device number 8 using dummy_hcd
[  129.252158][ T7235] netlink: 16 bytes leftover after parsing attributes in process `syz.0.528'.
[  129.266358][ T1995] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  129.277912][ T7237] x_tables: ip6_tables: mh match: only valid for protocol 135
[  129.301659][ T7239] netlink: 4 bytes leftover after parsing attributes in process `syz.0.530'.
[  129.326389][   T58] usb 7-1: Using ep0 maxpacket: 32
[  129.329000][   T58] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  129.331652][   T58] usb 7-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  129.338997][   T58] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  129.341349][   T58] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  129.343813][   T58] usb 7-1: Product: syz
[  129.344960][   T58] usb 7-1: Manufacturer: syz
[  129.346172][   T58] usb 7-1: SerialNumber: syz
[  129.458205][ T1995] usb 6-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  129.461025][ T1995] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 26158, setting to 1024
[  129.463864][ T1995] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  129.468045][ T1995] usb 6-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  129.470383][ T1995] usb 6-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  129.472458][ T1995] usb 6-1: Manufacturer: syz
[  129.474512][ T1995] usb 6-1: config 0 descriptor??
[  129.476215][ T7223] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  129.552686][   T58] usblp 7-1:1.0: usblp0: USB Unidirectional printer dev 8 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[  129.587470][ T7243] netlink: 'syz.0.531': attribute type 10 has an invalid length.
[  129.758983][   T30] usb 7-1: USB disconnect, device number 8
[  129.762245][   T30] usblp0: removed
[  129.883279][ T1995] appleir 0003:05AC:8243.0003: unknown main item tag 0x0
[  129.885502][ T1995] appleir 0003:05AC:8243.0003: No inputs registered, leaving
[  129.892151][ T1995] appleir 0003:05AC:8243.0003: hiddev0,hidraw1: USB HID v0.00 Device [syz] on usb-dummy_hcd.1-1/input0
[  130.089564][   T58] usb 6-1: USB disconnect, device number 4
[  130.260388][ T5357] Bluetooth: hci2: unknown advertising packet type: 0x72
[  130.260428][ T5357] Bluetooth: hci2: unknown advertising packet type: 0x09
[  130.262533][ T5357] Bluetooth: hci2: unknown advertising packet type: 0x05
[  130.264649][ T5357] Bluetooth: hci2: Malformed LE Event: 0x02
[  130.393382][ T7251] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies.
[  130.399082][ T7251] netlink: 'syz.2.534': attribute type 10 has an invalid length.
[  130.401143][ T7251] team0: Device wlan1 is up. Set it down before adding it as a team port
[  130.416403][ T5357] Bluetooth: hci5: command tx timeout
[  130.730855][ T5357] Bluetooth: hci0: unexpected event for opcode 0x080c
[  131.200834][ T7270] netlink: 'syz.1.539': attribute type 10 has an invalid length.
[  131.296409][   T74] usb 5-1: new full-speed USB device number 4 using dummy_hcd
[  131.448466][   T74] usb 5-1: config 0 has an invalid interface number: 55 but max is 0
[  131.450695][   T74] usb 5-1: config 0 has no interface number 0
[  131.452439][   T74] usb 5-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  131.455210][   T74] usb 5-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  131.458268][   T74] usb 5-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10
[  131.461218][   T74] usb 5-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 64
[  131.464304][   T74] usb 5-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  131.469170][   T74] usb 5-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  131.471621][   T74] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  131.474879][   T74] usb 5-1: config 0 descriptor??
[  131.477896][ T7268] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  131.484158][   T74] ldusb 5-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  131.858142][ T7278] netlink: 'syz.1.543': attribute type 1 has an invalid length.
[  132.098499][    T9] ------------[ cut here ]------------
[  132.100350][    T9] refcount_t: addition on 0; use-after-free.
[  132.102239][    T9] WARNING: CPU: 0 PID: 9 at lib/refcount.c:25 refcount_warn_saturate+0x1ca/0x210
[  132.104680][    T9] Modules linked in:
[  132.105844][    T9] CPU: 0 UID: 0 PID: 9 Comm: kworker/0:1 Not tainted 6.12.0-rc3-syzkaller-00420-g715ca9dd687f #0
[  132.110205][ T1374] ieee802154 phy0 wpan0: encryption failed: -22
[  132.110287][ T1374] ieee802154 phy1 wpan1: encryption failed: -22
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  132.113990][    T9] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  132.116950][    T9] Workqueue: events sco_sock_timeout
[  132.118408][    T9] RIP: 0010:refcount_warn_saturate+0x1ca/0x210
[  132.120182][    T9] Code: ff 89 de e8 a8 a0 03 fd 84 db 0f 85 e6 fe ff ff e8 bb 9e 03 fd c6 05 f3 89 7c 0b 01 90 48 c7 c7 00 e2 b0 8b e8 f7 1b c5 fc 90 <0f> 0b 90 90 e9 c3 fe ff ff e8 98 9e 03 fd c6 05 ce 89 7c 0b 01 90
[  132.125408][    T9] RSP: 0018:ffffc900003b7c90 EFLAGS: 00010282
[  132.127587][    T9] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff814e38b9
[  132.130473][    T9] RDX: ffff88801d2bc880 RSI: ffffffff814e38c6 RDI: 0000000000000001
[  132.132918][    T9] RBP: ffff8880223ad080 R08: 0000000000000001 R09: 0000000000000000
[  132.135081][    T9] R10: 0000000000000000 R11: 0000000000000000 R12: ffff888000317008
[  132.137231][    T9] R13: ffff8880223ad080 R14: 0000000000000001 R15: ffffc900003b7d80
[  132.139360][    T9] FS:  0000000000000000(0000) GS:ffff88802b400000(0000) knlGS:0000000000000000
[  132.141714][    T9] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  132.143467][    T9] CR2: 00000000f73e6108 CR3: 000000006efde000 CR4: 0000000000352ef0
[  132.145533][    T9] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  132.147773][    T9] DR3: 00000000e08e000c DR6: 00000000ffff0ff0 DR7: 0000000000000400
[  132.149822][    T9] Call Trace:
[  132.150703][    T9]  <TASK>
[  132.151505][    T9]  ? __warn+0xea/0x3d0
[  132.152583][    T9]  ? refcount_warn_saturate+0x1ca/0x210
[  132.154027][    T9]  ? report_bug+0x3c0/0x580
[  132.155248][    T9]  ? handle_bug+0x54/0xa0
[  132.156468][    T9]  ? exc_invalid_op+0x17/0x50
[  132.157703][    T9]  ? asm_exc_invalid_op+0x1a/0x20
[  132.159236][    T9]  ? __warn_printk+0x199/0x350
[  132.160723][    T9]  ? __warn_printk+0x1a6/0x350
[  132.161980][    T9]  ? refcount_warn_saturate+0x1ca/0x210
[  132.163452][    T9]  sco_sock_timeout+0x28a/0x2c0
[  132.164734][    T9]  process_one_work+0x958/0x1b30
[  132.166050][    T9]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  132.167599][    T9]  ? __pfx_process_one_work+0x10/0x10
[  132.169009][   T58] usb 5-1: USB disconnect, device number 4
[  132.170409][   T58] ldusb 5-1:0.55: LD USB Device #0 now disconnected
[  132.170571][    T9]  ? assign_work+0x1a0/0x250
[  132.173564][    T9]  worker_thread+0x6c8/0xf00
[  132.174864][    T9]  ? __kthread_parkme+0x148/0x220
[  132.176238][    T9]  ? __pfx_worker_thread+0x10/0x10
[  132.178062][    T9]  kthread+0x2c1/0x3a0
[  132.179228][    T9]  ? _raw_spin_unlock_irq+0x23/0x50
[  132.180615][    T9]  ? __pfx_kthread+0x10/0x10
[  132.181861][    T9]  ret_from_fork+0x45/0x80
[  132.183076][    T9]  ? __pfx_kthread+0x10/0x10
[  132.184323][    T9]  ret_from_fork_asm+0x1a/0x30
[  132.185614][    T9]  </TASK>
[  132.186605][    T9] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  132.188505][    T9] CPU: 0 UID: 0 PID: 9 Comm: kworker/0:1 Not tainted 6.12.0-rc3-syzkaller-00420-g715ca9dd687f #0
[  132.191203][    T9] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  132.193980][    T9] Workqueue: events sco_sock_timeout
[  132.195368][    T9] Call Trace:
[  132.196258][    T9]  <TASK>
[  132.197041][    T9]  dump_stack_lvl+0x3d/0x1f0
[  132.198250][    T9]  panic+0x71d/0x800
[  132.199292][    T9]  ? __pfx_panic+0x10/0x10
[  132.200469][    T9]  ? show_trace_log_lvl+0x29d/0x3d0
[  132.201824][    T9]  ? check_panic_on_warn+0x1f/0xb0
[  132.203187][    T9]  ? refcount_warn_saturate+0x1ca/0x210
[  132.204611][    T9]  check_panic_on_warn+0xab/0xb0
[  132.205894][    T9]  __warn+0xf6/0x3d0
[  132.206922][    T9]  ? refcount_warn_saturate+0x1ca/0x210
[  132.208361][    T9]  report_bug+0x3c0/0x580
[  132.209490][    T9]  handle_bug+0x54/0xa0
[  132.210571][    T9]  exc_invalid_op+0x17/0x50
[  132.211762][    T9]  asm_exc_invalid_op+0x1a/0x20
[  132.213028][    T9] RIP: 0010:refcount_warn_saturate+0x1ca/0x210
[  132.214615][    T9] Code: ff 89 de e8 a8 a0 03 fd 84 db 0f 85 e6 fe ff ff e8 bb 9e 03 fd c6 05 f3 89 7c 0b 01 90 48 c7 c7 00 e2 b0 8b e8 f7 1b c5 fc 90 <0f> 0b 90 90 e9 c3 fe ff ff e8 98 9e 03 fd c6 05 ce 89 7c 0b 01 90
[  132.219540][    T9] RSP: 0018:ffffc900003b7c90 EFLAGS: 00010282
[  132.221112][    T9] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff814e38b9
[  132.223162][    T9] RDX: ffff88801d2bc880 RSI: ffffffff814e38c6 RDI: 0000000000000001
[  132.225191][    T9] RBP: ffff8880223ad080 R08: 0000000000000001 R09: 0000000000000000
[  132.227225][    T9] R10: 0000000000000000 R11: 0000000000000000 R12: ffff888000317008
[  132.229260][    T9] R13: ffff8880223ad080 R14: 0000000000000001 R15: ffffc900003b7d80
[  132.231315][    T9]  ? __warn_printk+0x199/0x350
[  132.232572][    T9]  ? __warn_printk+0x1a6/0x350
[  132.233835][    T9]  sco_sock_timeout+0x28a/0x2c0
[  132.235119][    T9]  process_one_work+0x958/0x1b30
[  132.236432][    T9]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  132.237955][    T9]  ? __pfx_process_one_work+0x10/0x10
[  132.239364][    T9]  ? assign_work+0x1a0/0x250
[  132.240574][    T9]  worker_thread+0x6c8/0xf00
[  132.241792][    T9]  ? __kthread_parkme+0x148/0x220
[  132.243123][    T9]  ? __pfx_worker_thread+0x10/0x10
[  132.244478][    T9]  kthread+0x2c1/0x3a0
[  132.245552][    T9]  ? _raw_spin_unlock_irq+0x23/0x50
[  132.246900][    T9]  ? __pfx_kthread+0x10/0x10
[  132.248133][    T9]  ret_from_fork+0x45/0x80
[  132.249300][    T9]  ? __pfx_kthread+0x10/0x10
[  132.250509][    T9]  ret_from_fork_asm+0x1a/0x30
[  132.251779][    T9]  </TASK>
[  132.253059][    T9] Kernel Offset: disabled
[  132.254242][    T9] Rebooting in 86400 seconds..

VM DIAGNOSIS:
16:28:34  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000000020 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff8503edc5 RDI=ffffffff9a640260 RBP=ffffffff9a640220 RSP=ffffc900003b75f8
R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=0000000000000000
R12=0000000000000000 R13=0000000000000020 R14=ffffffff8503ed60 R15=0000000000000000
RIP=ffffffff8503edef RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88802b400000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000f73e6108 CR3=000000006efde000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=00000000e08e000c 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000000000000 RBX=ffff8880632c6000 RCX=0000000000000000 RDX=0000000000000000
RSI=0000000000000000 RDI=ffffed100c658c1d RBP=00000000000000f0 RSP=ffffc900005989c8
R8 =ffff8880632c6000 R9 =0000000000000000 R10=ffffed100c658c00 R11=0000000000000001
R12=ffff88801c3c0780 R13=0000000000000820 R14=0000000000000001 R15=ffff88801c3c0780
RIP=ffffffff8b13b294 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88802b500000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000000020022000 CR3=000000006efde000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 2

CPU#2
RAX=0000000000000000 RBX=ffff88802b446780 RCX=ffffffff8180ac8c RDX=ffff88801e92a440
RSI=ffffffff8180ac66 RDI=0000000000000005 RBP=0000000000000003 RSP=ffffc9000078fa58
R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000000
R12=ffffed1005688cf1 R13=0000000000000001 R14=ffff88802b446788 R15=ffff88802b640100
RIP=ffffffff8180ac68 RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88802b600000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000008f000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000562a646bf308 CR3=000000000db7c000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 3

CPU#3
RAX=0000000080010005 RBX=0000000000000003 RCX=ffffffff813c583e RDX=ffff88801bb62440
RSI=ffffffff813c585b RDI=0000000000000000 RBP=ffff88802b63ee80 RSP=ffffc900005f0b60
R8 =0000000000000000 R9 =0000000000000003 R10=0000000000000003 R11=0000000000000000
R12=0000000000000003 R13=0000000000000003 R14=ffff88802b73fdc0 R15=ffffed10056c7dd0
RIP=ffffffff813c585c RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88802b700000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000d6000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=000000000c2919ab CR3=0000000067098000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000