last executing test programs:

4m56.129237718s ago: executing program 3 (id=333):
syz_open_dev$dri(&(0x7f0000000000), 0x200, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000040)=@framed, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r0}, 0x10)
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$VT_RESIZEX(r1, 0x560a, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x20})
pipe(&(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.io_serviced_recursive\x00', 0x26e1, 0x0)
close(r4)
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$SIOCSIFHWADDR(r2, 0x8b34, &(0x7f0000000000)={'ip6tnl0\x00', @broadcast})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000880)=ANY=[@ANYBLOB="09000000801000000000f2ff3f0000000000000048b483fe4ed69cf11225528bcbcb0175af0c10ad28d20e19eaba53eb9c252de6742e1c84037c32d0de63707382a0eb41550000f14d0ad656019076299ca4c1dc5c45e818151b4c2fc57f0c304f18327015e1", @ANYRES32=r1, @ANYBLOB="0000000000dcd51df7c767bfcb64000000001400028008000f000000000008000aa7e06b58eae21761aa25ef699f3318fc3971d76ac30aaafaab367e2177d4a2c88291eaf706dd343c9273e159c15fcbe3b566c08f4c629cd4d6819d7fab08d403d6df0101ebe5a293dce2cd820edc1d2c55c9611d460ff95b274b3a7d3292c6580413c40a3dc0b6322b1285e5823671679da09554c63ccc437e8d841bcc71dd2fdf87d69a9580a70de26400"], 0x44}, 0x1, 0x0, 0x0, 0x48840}, 0x0)
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000100)={[0x4, 0x91e, 0x1, 0x5, 0x7, 0x200, 0x6, 0x4d76, 0x8000, 0xa40a, 0xf, 0xa7, 0x5, 0x1, 0x2, 0x7], 0x2, 0x10000})
r5 = socket$inet_udp(0x2, 0x2, 0x0)
close(r5)
socket$nl_route(0x10, 0x3, 0x0)
r6 = socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$sock_SIOCGSKNS(r3, 0x894c, &(0x7f0000000040)=0xac0)
r7 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
r8 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
unshare(0x8000400)
r9 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x12, 0x1ff, 0x8, 0x3, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$BPF_GET_PROG_INFO(0x10, &(0x7f0000000400)={r9, 0x26, 0x0}, 0x10)
syz_usb_connect$printer(0x4, 0x36, &(0x7f00000003c0)={{0x12, 0x1, 0x250, 0x0, 0x0, 0x0, 0x20, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x7, 0xc0, 0x61, [{{0x9, 0x4, 0x0, 0x1, 0x1, 0x7, 0x1, 0x3, 0x5, "", {{{0x9, 0x5, 0x1, 0x2, 0x40, 0x9, 0x4, 0x9}}, [{{0x9, 0x5, 0x82, 0x2, 0x400, 0x2, 0x30, 0x6}}]}}}]}}]}}, &(0x7f0000000780)={0xa, &(0x7f0000000540)={0xa, 0x6, 0x250, 0x0, 0xf2, 0xb, 0x20, 0x1}, 0xf8, &(0x7f0000000580)={0x5, 0xf, 0xf8, 0x6, [@ssp_cap={0x18, 0x10, 0xa, 0x3, 0x3, 0x9, 0xf000, 0x13, [0x30, 0xc000, 0xff001e]}, @ssp_cap={0x20, 0x10, 0xa, 0xfb, 0x5, 0xfff, 0xf00, 0x5421, [0xc0ff, 0xfff0, 0x0, 0x0, 0x0]}, @generic={0xa2, 0x10, 0xa, "41d0da398185f9f892cfbb256fca8f70b7306ba7f710543a1711daa5a87dc0b456b4e12077c34e71015fcb9f5900c7e902dcc4224672b87f4cf94db56acc0593b736ab4f8dc36d46f73330fc034eb0f8746330281e2df5e7c3355f6184b91a59df59e47fab72eb0a06033e96524499494f179e12aa2479dc9eb12828e54c564b8716a66d94a8785f1a650c2a6cb7226aefe639a46b06b122c4fd6e71f5a887"}, @ext_cap={0x7, 0x10, 0x2, 0x1c, 0x8, 0x2, 0xff}, @wireless={0xb, 0x10, 0x1, 0x4, 0x40, 0x1, 0x0, 0x81, 0xf6}, @ext_cap={0x7, 0x10, 0x2, 0xc36810b68ec126cf, 0x1, 0x7, 0x6}]}, 0x3, [{0x47, &(0x7f0000000680)=ANY=[@ANYBLOB="470388b4f74b75c06b55caddfbde9b973a8c3012c9f224e6302add2395032f7638759d0d94686ef7505a5f7d972492b3777581facd20556a2054ff3c5d691b8eaebbc892326d03ca0a8c9acd42a53c609e360b11510ea9d9678e3cb4655ec42b9438677d98aaa82680c7c5549cf3e1ef90"]}, {0xff, &(0x7f00000009c0)=@string={0xff, 0x3, "6a41a7b275797311e3de7607db83353f04d8b14b9cb14880ce635b93d748a1af168ea9f9a6f2d9233b8b5fa7cf279f3558542b255055a0ae1c0a8e924d9cabfe988848fd29040ad1046c35f29b533ab43a7d41a3fba0715c6df125fa11521f4e197ef5e47e55e6dcb2007799b8865b16a1a71570fd619a142120e5df77df1aa5ee4af934c4d3782f973326bc28b466c8091a0135dce38c7352c4151e4f763098faea8e113e9d507b8782d259a3523a41c1f4193da51ef152b26489ad4c674970ec6eaf73e66a48b0fde9e9a2f26f33f1416a59570fe9479807b367c71402e9b803e3b653e6a4cfdb4e2d47e0b4c7d26a0ce9f328a9f179bcd95745303c"}}, {0x37, &(0x7f0000000ac0)=ANY=[@ANYBLOB="3703cb6193b7f18d0c6b2001971a4f8413935275c2a6f2a23bdc741b13c8d5c68f58bdf89e51c331ec151cc32456145e6e325205c582ee86f337ad2fc91ad64ce9d78035b7c8184a6da7cd58f94ca7a6c9fb5bde8c2d65a138fac53054d4b40b267e751c6ac82a43769f9c798a547ae03b2bfc2a57eb63d5b4bad2f682e7b5d68810ffde23a6a8455f44d0d04afc37c1e2f561c3668d32040908c9d9b7ff965472c9f34fed30f3616d2534aaeaf11cdb5b20750cb9a955afa1ffd0c6527c7b92944d998ebaf8b0fe5082a49df5e90cb13f08cdf2e5f5fec5285639e405ade3342f5fe461eeffec269b6daf8153c3390fc52f"]}]})
r10 = dup3(r8, r7, 0x0)
ioctl$BINDER_WRITE_READ(r10, 0xc0306201, &(0x7f0000000480)={0x8, 0x0, &(0x7f0000000700)=[@register_looper, @exit_looper], 0x0, 0x0, 0x0})
sendmsg$nl_xfrm(r6, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000280)=ANY=[@ANYBLOB="6001000010000100ffffffff00000000e0000001000000000000000000000000fc0200"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ac1414bb000000000000000000000000000000006c000000ff0200000000000000000000000000cf00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a000000000000002c00170004000000000000000000000000000000000000000000000000000000000000000000000000000000480003006c"], 0x160}}, 0x0)
r11 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_inet_SIOCDARP(r11, 0x8955, &(0x7f00000004c0)={{0x2, 0x0, @multicast1}, {0x306, @broadcast}, 0xffffff7d, {0x2, 0x0, @broadcast}})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="4800000010005f3f"], 0x3}}, 0x24000000)
write$binfmt_misc(r3, &(0x7f0000000000), 0xfffffecc)

4m53.061418422s ago: executing program 3 (id=347):
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ip_tables_names\x00')
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f00000001c0))
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000280)=[@increfs], 0x0, 0x0, 0x0})
r3 = dup3(r2, r1, 0x0)
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000692000/0x6000)=nil, 0x6000, 0x1, 0x11, r4, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f00000002c0)={0x73622a85, 0x10a})
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000680)={0x0, 0x0, 0x0, 0x1, 0x1000000000000, &(0x7f0000000340)="cb"})
read$eventfd(r0, &(0x7f0000000280), 0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
syz_open_dev$sndpcmp(&(0x7f0000000040), 0xfffffffd, 0x408083)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f00000700000000000000", @ANYRES32, @ANYBLOB="000000eb00"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000400007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='sched_switch\x00', r8}, 0x10)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r9, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[@ANYBLOB="14000000", @ANYRES16=r10, @ANYBLOB="796100001000000000007e000000"], 0x14}}, 0x0)
socket$netlink(0x10, 0x3, 0x14)

4m52.140583954s ago: executing program 3 (id=352):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mmap(&(0x7f00007b2000/0x3000)=nil, 0x3000, 0x1, 0x1010, 0xffffffffffffffff, 0x9c9a1000)
socket$netlink(0x10, 0x3, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x8, 0xb4, &(0x7f0000000140)=""/180, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2)
ioctl$I2C_SMBUS(0xffffffffffffffff, 0x720, &(0x7f0000003080)={0x1, 0x0, 0x6, &(0x7f0000003040)={0x0, "f4e1a230be8f46463fb1a5f1b44f44eaa65e485b747aa95df8c01eaf07677d18bc"}})
socket$packet(0x11, 0x2, 0x300)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
r3 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0xe, 0x3, &(0x7f0000000100)=@framed, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000cc0)={r3, 0xe0, &(0x7f0000000bc0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f00000013c0)=[0x0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10)

4m51.220191642s ago: executing program 3 (id=355):
r0 = openat$cdrom(0xffffffffffffff9c, &(0x7f0000000080), 0x40000, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f00000035c0)={0x0, 0x0, &(0x7f0000003580)={&(0x7f0000000540)=ANY=[@ANYRES32, @ANYRES16], 0x17c}}, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r4=>0x0})
iopl(0x3)
arch_prctl$ARCH_SHSTK_DISABLE(0x1011, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r5 = socket$kcm(0x2, 0x5, 0x84)
setsockopt$sock_attach_bpf(r5, 0x84, 0x25, &(0x7f0000000000), 0x20000010)
r6 = openat$vim2m(0xffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$vim2m_VIDIOC_CREATE_BUFS(r6, 0xc0f8565c, &(0x7f00000001c0)={0xfae9, 0x101, 0x1, {0x0, @pix_mp={0x0, 0xded, 0x31384142, 0x0, 0x8, [{0x9, 0x800}, {0x1, 0x2}, {0x5}, {0xff, 0xfffffe00}, {0x3, 0x5}, {0x8001, 0x6a}, {0x8, 0x6}, {0x7fff, 0x7ff}], 0x3, 0x6, 0x4, 0x1, 0x6}}, 0x5})
sendmsg$NL80211_CMD_SET_PMKSA(r1, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="34bc000068fcc4b677d7d32561daafe97d1a226cd8241134083ce1eaf7f11a773f42d35707383fc844a8355a992f9170c29d138d01dbfced6d1899859f2ee6eb60108dab9dc31c7472b5ef64263308c775bf61cd8271bf05149aa79d54d66cfcfb018bff3082bcc5b8313f24f2", @ANYRES16=r3, @ANYBLOB="010000000000000000003400000008000300", @ANYRES32=r4, @ANYBLOB="140055003942e958ae3538c24eeb56369b93bda2"], 0x30}}, 0x0)
fcntl$getownex(r5, 0x10, &(0x7f0000000100)={0x0, <r7=>0x0})
r8 = syz_open_procfs(r7, &(0x7f0000000140)='net/dev\x00')
r9 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000001, 0x2010, r8, 0x0)
r10 = openat$binder_debug(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f00000000c0)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$afs(0x0, &(0x7f0000000380)='./file0/file0\x00', &(0x7f00000003c0), 0x0, &(0x7f0000000680)=ANY=[@ANYBLOB="64796e2c0079b3c2eb90a3c933cd1c4cabfbba34d16203000000bb348231c1f9bb3d6a402d0ad330de0b7a6ddd4abed9a9137aa431012522e1021cb4b90839ef87bd600d04d36f0173df6f32ee63975099d662241349012548882fe4d0a16d54c90786d212fbce290f615af0bc9c2f40aefbb9045f9a4d10f58308fc67fcc704420000000000"])
mount$afs(0x0, &(0x7f0000000380)='./file0/file0\x00', &(0x7f00000003c0), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="030000002c00"])
openat$rdma_cm(0xffffff9c, &(0x7f0000000500), 0x2, 0x0)
r11 = syz_io_uring_setup(0x10004b3e, &(0x7f0000000740)={0x0, 0x6707, 0x800, 0x1, 0x61}, &(0x7f00000007c0)=<r12=>0x0, &(0x7f0000000800)=<r13=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r12, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
r14 = io_uring_register$IORING_REGISTER_PERSONALITY(r11, 0x9, 0x0, 0x0)
syz_io_uring_submit(r12, r13, &(0x7f00000002c0)=@IORING_OP_LINKAT={0x27, 0x1a, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000200)='./file0\x00', r10, 0x1000, 0x1, {0x0, r14}})
clock_gettime(0x0, &(0x7f0000000400)={<r15=>0x0, <r16=>0x0})
syz_io_uring_submit(r9, 0x0, &(0x7f00000004c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x40, 0x0, 0x0, 0x0, &(0x7f0000000480)={r15, r16+60000000}, 0x1, 0x0, 0x1, {0x0, r14}})
ioctl$CDROMVOLCTRL(r0, 0x5392, &(0x7f0000000180)={0x9, 0x8, 0x8, 0xfb})

4m51.032504558s ago: executing program 3 (id=356):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mmap(&(0x7f00007b2000/0x3000)=nil, 0x3000, 0x1, 0x1010, 0xffffffffffffffff, 0x9c9a1000)
socket$netlink(0x10, 0x3, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x8, 0xb4, &(0x7f0000000140)=""/180, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2)
ioctl$I2C_SMBUS(0xffffffffffffffff, 0x720, &(0x7f0000003080)={0x1, 0x0, 0x6, &(0x7f0000003040)={0x0, "f4e1a230be8f46463fb1a5f1b44f44eaa65e485b747aa95df8c01eaf07677d18bc"}})
write$UHID_CREATE2(0xffffffffffffffff, &(0x7f00000005c0)={0xb, {'syz1\x00', 'syz1\x00', 'syz0\x00', 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "80"}}, 0x119)
ioctl$LOOP_SET_CAPACITY(0xffffffffffffffff, 0x4c07)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
socket$packet(0x11, 0x2, 0x300)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f00000000c0))
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
r3 = socket$packet(0x11, 0x2, 0x300)
r4 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0xe, 0x3, &(0x7f0000000100)=@framed, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000cc0)={r4, 0xe0, &(0x7f0000000bc0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f00000013c0)=[0x0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10)
setsockopt$packet_tx_ring(r3, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1, 0x0, 0x0, 0x6}, 0x1c)
sendmmsg$sock(r3, &(0x7f0000000740)=[{{&(0x7f0000000080)=@phonet={0x23, 0x0, 0x0, 0x7}, 0x80, 0x0, 0x0, &(0x7f0000000240)=[@txtime={{0x18}}], 0x18}}], 0x1, 0x0)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000680)=@raw={'raw\x00', 0x3c1, 0x3, 0x3cc, 0x100, 0x2b8, 0x182, 0x100, 0x0, 0x304, 0x3a8, 0x3a8, 0x304, 0x3a8, 0x3, 0x0, {[{{@uncond, 0x0, 0xe0, 0x100, 0x0, {0x0, 0x1800}, [@common=@unspec=@limit={{0x3c}, {0x0, 0x292}}]}, @unspec=@TRACE={0x20}}, {{@ipv6={@private2, @private2, [], [], 'macsec0\x00', 'netdevsim0\x00'}, 0x0, 0x1dc, 0x204, 0x0, {}, [@common=@rt={{0x138}, {0x0, [], 0x0, 0x0, 0xe, [@mcast2, @dev, @rand_addr=' \x01\x00', @local, @remote, @mcast1, @dev, @loopback, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @private1, @empty, @dev, @mcast1, @loopback, @private0, @empty]}}]}, @common=@unspec=@NFQUEUE3={0x28}}], {{'\x00', 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x428)

4m51.032165134s ago: executing program 3 (id=357):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mmap(&(0x7f00007b2000/0x3000)=nil, 0x3000, 0x1, 0x1010, 0xffffffffffffffff, 0x9c9a1000)
socket$netlink(0x10, 0x3, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x8, 0xb4, &(0x7f0000000140)=""/180, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2)
ioctl$I2C_SMBUS(0xffffffffffffffff, 0x720, &(0x7f0000003080)={0x1, 0x0, 0x6, &(0x7f0000003040)={0x0, "f4e1a230be8f46463fb1a5f1b44f44eaa65e485b747aa95df8c01eaf07677d18bc"}})
write$UHID_CREATE2(0xffffffffffffffff, &(0x7f00000005c0)={0xb, {'syz1\x00', 'syz1\x00', 'syz0\x00', 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "80"}}, 0x119)
ioctl$LOOP_SET_CAPACITY(0xffffffffffffffff, 0x4c07)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
socket$packet(0x11, 0x2, 0x300)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f00000000c0))
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
r3 = socket$packet(0x11, 0x2, 0x300)
r4 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0xe, 0x3, &(0x7f0000000100)=@framed, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000cc0)={r4, 0xe0, &(0x7f0000000bc0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f00000013c0)=[0x0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10)
setsockopt$packet_tx_ring(r3, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1, 0x0, 0x0, 0x6}, 0x1c)
sendmmsg$sock(r3, &(0x7f0000000740)=[{{&(0x7f0000000080)=@phonet={0x23, 0x0, 0x0, 0x7}, 0x80, 0x0, 0x0, &(0x7f0000000240)=[@txtime={{0x18}}], 0x18}}], 0x1, 0x0)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000680)=@raw={'raw\x00', 0x3c1, 0x3, 0x3cc, 0x100, 0x2b8, 0x182, 0x100, 0x0, 0x304, 0x3a8, 0x3a8, 0x304, 0x3a8, 0x3, 0x0, {[{{@uncond, 0x0, 0xe0, 0x100, 0x0, {0x0, 0x1800}, [@common=@unspec=@limit={{0x3c}, {0x0, 0x292}}]}, @unspec=@TRACE={0x20}}, {{@ipv6={@private2, @private2, [], [], 'macsec0\x00', 'netdevsim0\x00'}, 0x0, 0x1dc, 0x204, 0x0, {}, [@common=@rt={{0x138}, {0x0, [], 0x0, 0x0, 0xe, [@mcast2, @dev, @rand_addr=' \x01\x00', @local, @remote, @mcast1, @dev, @loopback, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @private1, @empty, @dev, @mcast1, @loopback, @private0, @empty]}}]}, @common=@unspec=@NFQUEUE3={0x28}}], {{'\x00', 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x428)

4m50.988278104s ago: executing program 32 (id=357):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mmap(&(0x7f00007b2000/0x3000)=nil, 0x3000, 0x1, 0x1010, 0xffffffffffffffff, 0x9c9a1000)
socket$netlink(0x10, 0x3, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x8, 0xb4, &(0x7f0000000140)=""/180, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2)
ioctl$I2C_SMBUS(0xffffffffffffffff, 0x720, &(0x7f0000003080)={0x1, 0x0, 0x6, &(0x7f0000003040)={0x0, "f4e1a230be8f46463fb1a5f1b44f44eaa65e485b747aa95df8c01eaf07677d18bc"}})
write$UHID_CREATE2(0xffffffffffffffff, &(0x7f00000005c0)={0xb, {'syz1\x00', 'syz1\x00', 'syz0\x00', 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "80"}}, 0x119)
ioctl$LOOP_SET_CAPACITY(0xffffffffffffffff, 0x4c07)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
socket$packet(0x11, 0x2, 0x300)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f00000000c0))
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
r3 = socket$packet(0x11, 0x2, 0x300)
r4 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0xe, 0x3, &(0x7f0000000100)=@framed, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000cc0)={r4, 0xe0, &(0x7f0000000bc0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f00000013c0)=[0x0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10)
setsockopt$packet_tx_ring(r3, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1, 0x0, 0x0, 0x6}, 0x1c)
sendmmsg$sock(r3, &(0x7f0000000740)=[{{&(0x7f0000000080)=@phonet={0x23, 0x0, 0x0, 0x7}, 0x80, 0x0, 0x0, &(0x7f0000000240)=[@txtime={{0x18}}], 0x18}}], 0x1, 0x0)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000680)=@raw={'raw\x00', 0x3c1, 0x3, 0x3cc, 0x100, 0x2b8, 0x182, 0x100, 0x0, 0x304, 0x3a8, 0x3a8, 0x304, 0x3a8, 0x3, 0x0, {[{{@uncond, 0x0, 0xe0, 0x100, 0x0, {0x0, 0x1800}, [@common=@unspec=@limit={{0x3c}, {0x0, 0x292}}]}, @unspec=@TRACE={0x20}}, {{@ipv6={@private2, @private2, [], [], 'macsec0\x00', 'netdevsim0\x00'}, 0x0, 0x1dc, 0x204, 0x0, {}, [@common=@rt={{0x138}, {0x0, [], 0x0, 0x0, 0xe, [@mcast2, @dev, @rand_addr=' \x01\x00', @local, @remote, @mcast1, @dev, @loopback, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @private1, @empty, @dev, @mcast1, @loopback, @private0, @empty]}}]}, @common=@unspec=@NFQUEUE3={0x28}}], {{'\x00', 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x428)

1m48.211154275s ago: executing program 1 (id=1465):
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)
rmdir(&(0x7f00000001c0)='./cgroup/../file0\x00')
r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000180)={0x2, 0x0, @ioapic={0x6000, 0x606, 0x2, 0x1ff, 0x0, [{0x8, 0x61, 0x7, '\x00', 0xe}, {0x7f, 0x80, 0x7, '\x00', 0x1}, {0xfe, 0x9, 0x2c, '\x00', 0x3}, {0x9, 0x2, 0xf1}, {0x1, 0x1, 0x6, '\x00', 0xc7}, {0xa, 0x0, 0x5, '\x00', 0xbc}, {0x63, 0x70, 0x6, '\x00', 0x8}, {0x3, 0x8, 0x7, '\x00', 0x2}, {0x6, 0x2, 0xf1, '\x00', 0x5}, {0xe, 0xfa, 0x2, '\x00', 0xe4}, {0x3, 0x80, 0x3, '\x00', 0x6}, {0x6, 0x2, 0x9, '\x00', 0x1}, {0xe2, 0x5, 0x81, '\x00', 0xe}, {0x3, 0x31, 0x6, '\x00', 0x8}, {0xc3, 0x4, 0x0, '\x00', 0x6}, {0x4, 0x5, 0x8, '\x00', 0x7f}, {0x5, 0xd, 0x40, '\x00', 0x3}, {0x7, 0x7, 0x0, '\x00', 0x5}, {0x3, 0x3, 0x6, '\x00', 0x37}, {0x7, 0x10, 0x2, '\x00', 0x7}, {0xa8, 0x2, 0x8}, {0x6, 0x9f, 0x5f, '\x00', 0x6}, {0xfd, 0xf, 0x2, '\x00', 0x9}, {0x6, 0xf2, 0x7f, '\x00', 0xd0}]}})
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="1800000016000119"], 0x78}}, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001c40)={0x8, 0x3, &(0x7f0000001300)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000001200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
r3 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0)
r4 = fsmount(r3, 0x1, 0x0)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000200)={r2, r4, 0x1, 0x0, @void}, 0x10)

1m48.210792093s ago: executing program 1 (id=1466):
r0 = socket$inet6(0xa, 0x2, 0x3a)
bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e23, 0x0, @empty, 0xa}, 0x1c)
r1 = socket$inet6(0xa, 0x2, 0x3a)
bind$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x9, @empty}, 0x1c)
r2 = syz_open_procfs(0x0, &(0x7f0000000480)='net/icmp6\x00')
preadv(r2, &(0x7f0000000080)=[{&(0x7f00000001c0)=""/120, 0x78}], 0x1, 0x7ffd, 0x0)

1m48.150111103s ago: executing program 1 (id=1467):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000700)={{0x14, 0x10, 0x4, 0x84}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x21}]}, @NFT_MSG_NEWSETELEM={0x60, 0xc, 0xa, 0x301, 0x0, 0x0, {0x7}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x34, 0x3, 0x0, 0x1, [{0x30, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_SET_ELEM_EXPRESSIONS={0x24, 0xb, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @quota={{0xa}, @val={0x10, 0x2, 0x0, 0x1, [@NFTA_QUOTA_BYTES={0xc}]}}}]}]}]}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0xe4}}, 0x0)

1m48.149669086s ago: executing program 1 (id=1468):
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000040)=ANY=[@ANYRES8], 0x0)
syz_usb_ep_read(r0, 0x2, 0xab, &(0x7f00000002c0)=""/171)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000094cc81207f3822a073617215171128285b7a48651c10118ad2a008997da52c4c3a97812565f4948055ba386de4e52a002f1bc607b492c6e42dd1751e9442f5b7f308078177796c8ee06a859b282ffbf11593af5ce1cdc13d0871deb346364661c6199b7a190919832335d8d0129b8ad1847585961d769f06238c48791b749864f39848a8114192979be3615a1c93ba5f1c268ed00963301d371886f7a9447de191d56066cc5acc2f72c0570bb4defc6f5dea05133e011123359bd927e16e4135b993afb8d5", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0xc, 0x1c, &(0x7f0000000d80)=ANY=[@ANYRES16=r1, @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000e90300002bb91a0085000000080000af030000000000000045080100002000009500000000000000b7020000000000007b9af8ff00000000b5090000000000007baaf0ff00000000bf27000000000000070800000007040000f0ffffffc4020000080000001822001000"/132, @ANYRES32=r1, @ANYBLOB="0000000000000000b7050000080000004608efff76000000bf9800000000000056090000000000008500000000004000b70000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000000000000000000000080000085000000d0000000a50000009700000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r3 = dup2(r2, r2)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sys_enter\x00', r3}, 0x10)
mq_notify(r3, 0x0)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'cts(cbc(aes))\x00'}, 0x58)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
r5 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r5, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
umount2(&(0x7f0000000440)='./file0\x00', 0x4)
move_mount(r5, &(0x7f0000000500)='./file0\x00', r5, &(0x7f00000003c0)='./file0\x00', 0x165)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5910fae9d6dcd3292ea54c7b6ef915d564c90c200", 0x18)
r6 = accept4(r4, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file1\x00', 0x0)
setsockopt$packet_fanout_data(0xffffffffffffffff, 0x107, 0x16, &(0x7f00000003c0)={0x0, &(0x7f0000000180)}, 0x8)
mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
r7 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
ioctl$AUTOFS_IOC_PROTOSUBVER(r7, 0xc0089364, &(0x7f0000000180))
sendmsg$TIPC_NL_MEDIA_SET(r6, &(0x7f0000001800)={0x0, 0x0, &(0x7f00000017c0)={&(0x7f0000003c80)=ANY=[], 0x12f4}}, 0x0)
r8 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000700)={0x18, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f00000002c0)='mmap_lock_acquire_returned\x00', r8}, 0x10)
creat(&(0x7f0000000240)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000001900)={0xffffffffffffffff, <r9=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r9, &(0x7f0000000500)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15)

1m45.10192762s ago: executing program 1 (id=1494):
socket$netlink(0x10, 0x3, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x8, 0xb4, &(0x7f0000000140)=""/180, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x0, 0x0)
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
ioctl$I2C_SMBUS(0xffffffffffffffff, 0x720, &(0x7f0000003080)={0x1, 0x0, 0x6, &(0x7f0000003040)={0x0, "f4e1a230be8f46463fb1a5f1b44f44eaa65e485b747aa95df8c01eaf07677d18bc"}})
socket$packet(0x11, 0x2, 0x300)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0xe, 0x3, &(0x7f0000000100)=@framed, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000cc0)={r2, 0x0, 0x0}, 0x10)

1m44.241299671s ago: executing program 1 (id=1498):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000800000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
creat(&(0x7f0000000280)='./file0\x00', 0x0) (async)
creat(&(0x7f0000000280)='./file0\x00', 0x0)
socket$nl_route(0x10, 0x3, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000001000), 0x0, 0x0)
syz_open_dev$cec(&(0x7f0000000000), 0x0, 0x0)
syz_io_uring_setup(0x2239, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x0, 0x0)
pipe2$9p(&(0x7f0000000cc0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESDEC=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])
r3 = syz_open_dev$cec(&(0x7f0000000100), 0x0, 0x0)
ioctl$CEC_ADAP_S_LOG_ADDRS(r3, 0xc05c6104, &(0x7f00000001c0)={"f2efe21e", 0x0, 0x6, 0x4d, 0x0, 0x1ff, "2179d46fd08e3c0ced34c7d0c7e6d7", "7ca24a13", "5161dc20", "a2d1d4a2", ["1af0b1ba1cb8fd54c9c9b587", "bed0f3d6ce7a5f7389827f04", "33af343c60abc64f2fdc9ddf", "9b3842fc63849f62b6eb1c3c"]})
syz_open_dev$cec(&(0x7f0000000000), 0x0, 0x0) (async)
r4 = syz_open_dev$cec(&(0x7f0000000000), 0x0, 0x0)
ioctl$CEC_ADAP_S_LOG_ADDRS(r4, 0xc05c6104, &(0x7f0000000340)={"6d71f879", 0x0, 0x0, 0x0, 0x0, 0x0, "244a18d1c4e6469a005caf0c0ff58a", "ce4250d8", "bf513d1d", "136712b9", ["27e203a56a36ac4f0b8b8c4f", "5e10229555954b0f02cd1469", "cb0e83d3a15978155c384d00", "79f56ca74227234da829edb7"]})
syz_emit_ethernet(0x9a, &(0x7f0000000080)={@multicast, @empty, @void, {@mpls_uc={0x8847, {[{}, {}, {}, {}, {}], @ipv6=@generic={0x0, 0x6, "321435", 0x50, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @mcast1, {[@routing={0x0, 0x6, 0x0, 0x0, 0x0, [@local, @private0={0xfc, 0x0, '\x00', 0x1}, @private0]}], "af00fac47a56b1d8dbd9c704d6d33910fdbccc263cc93e9d"}}}}}}, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) (async)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) (async)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60) (async)
ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60)
ioctl$KVM_CREATE_PIT2(r6, 0x4040ae77, &(0x7f0000000040))
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
lstat(&(0x7f0000000140)='./file0\x00', &(0x7f00000003c0))
ioctl$KVM_SET_PIT(r6, 0x8048ae66, &(0x7f0000000080)={[{0x5}]})
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r7, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2004cb], 0x0, 0x200}) (async)
ioctl$KVM_SET_REGS(r7, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2004cb], 0x0, 0x200})
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)) (async)
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000))
ioctl$KVM_RUN(r7, 0xae80, 0x0)

1m29.095546535s ago: executing program 33 (id=1498):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000800000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
creat(&(0x7f0000000280)='./file0\x00', 0x0) (async)
creat(&(0x7f0000000280)='./file0\x00', 0x0)
socket$nl_route(0x10, 0x3, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000001000), 0x0, 0x0)
syz_open_dev$cec(&(0x7f0000000000), 0x0, 0x0)
syz_io_uring_setup(0x2239, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x0, 0x0)
pipe2$9p(&(0x7f0000000cc0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESDEC=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])
r3 = syz_open_dev$cec(&(0x7f0000000100), 0x0, 0x0)
ioctl$CEC_ADAP_S_LOG_ADDRS(r3, 0xc05c6104, &(0x7f00000001c0)={"f2efe21e", 0x0, 0x6, 0x4d, 0x0, 0x1ff, "2179d46fd08e3c0ced34c7d0c7e6d7", "7ca24a13", "5161dc20", "a2d1d4a2", ["1af0b1ba1cb8fd54c9c9b587", "bed0f3d6ce7a5f7389827f04", "33af343c60abc64f2fdc9ddf", "9b3842fc63849f62b6eb1c3c"]})
syz_open_dev$cec(&(0x7f0000000000), 0x0, 0x0) (async)
r4 = syz_open_dev$cec(&(0x7f0000000000), 0x0, 0x0)
ioctl$CEC_ADAP_S_LOG_ADDRS(r4, 0xc05c6104, &(0x7f0000000340)={"6d71f879", 0x0, 0x0, 0x0, 0x0, 0x0, "244a18d1c4e6469a005caf0c0ff58a", "ce4250d8", "bf513d1d", "136712b9", ["27e203a56a36ac4f0b8b8c4f", "5e10229555954b0f02cd1469", "cb0e83d3a15978155c384d00", "79f56ca74227234da829edb7"]})
syz_emit_ethernet(0x9a, &(0x7f0000000080)={@multicast, @empty, @void, {@mpls_uc={0x8847, {[{}, {}, {}, {}, {}], @ipv6=@generic={0x0, 0x6, "321435", 0x50, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @mcast1, {[@routing={0x0, 0x6, 0x0, 0x0, 0x0, [@local, @private0={0xfc, 0x0, '\x00', 0x1}, @private0]}], "af00fac47a56b1d8dbd9c704d6d33910fdbccc263cc93e9d"}}}}}}, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) (async)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) (async)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60) (async)
ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60)
ioctl$KVM_CREATE_PIT2(r6, 0x4040ae77, &(0x7f0000000040))
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
lstat(&(0x7f0000000140)='./file0\x00', &(0x7f00000003c0))
ioctl$KVM_SET_PIT(r6, 0x8048ae66, &(0x7f0000000080)={[{0x5}]})
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r7, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2004cb], 0x0, 0x200}) (async)
ioctl$KVM_SET_REGS(r7, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2004cb], 0x0, 0x200})
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)) (async)
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000))
ioctl$KVM_RUN(r7, 0xae80, 0x0)

32.40053634s ago: executing program 0 (id=2118):
r0 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f00000021c0)={@loopback, 0x0, 0x0, 0x2, 0x1, 0x27, 0x81}, 0x20)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000380)=[{0x200000000006, 0x6, 0x0, 0x7ffc1ffb}]})
r1 = openat$ppp(0xffffff9c, &(0x7f0000000040), 0x208182, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x2, @pix_mp={0x0, 0x0, 0x34324152, 0x0, 0xa, [{}, {0x10}]}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000032680)=""/102392, 0x18ff8)
bind$l2tp(0xffffffffffffffff, &(0x7f00000000c0), 0x10)
r3 = socket$l2tp(0x2, 0x2, 0x73)
r4 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = syz_io_uring_setup(0x112, &(0x7f0000000a00)={0x0, 0x0, 0x400}, &(0x7f0000000580)=<r6=>0x0, &(0x7f0000000140)=<r7=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
timer_create(0x0, &(0x7f0000000680)={0x0, 0x1f}, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
setreuid(0xee00, 0x0)
syz_io_uring_submit(r6, r7, &(0x7f00000000c0)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x2, 0x0, 0x5, 0x0, 0x0})
io_uring_enter(r5, 0x47f6, 0x0, 0x0, 0x0, 0x0)
preadv2(r4, &(0x7f0000000040)=[{&(0x7f0000000300)=""/97, 0x4}], 0x1, 0x0, 0x0, 0x0)
sendto$l2tp(r3, &(0x7f0000000040), 0x0, 0x0, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
mount$tmpfs(0x0, 0x0, &(0x7f0000000280), 0x0, 0x0)
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='blkio.bfq.io_serviced\x00', 0x275a, 0x0)
write$FUSE_LK(r8, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
openat$ttyS3(0xffffff9c, &(0x7f0000000100), 0x0, 0x0)
syz_80211_inject_frame(0x0, 0x0, 0x0)
ioctl$PPPIOCSACTIVE(r1, 0x40087446, &(0x7f00000000c0)={0x5, &(0x7f0000000080)=[{0x2, 0x5, 0xb, 0xa2}, {0xa01, 0x7, 0x9, 0xfff}, {0xfffe, 0x2, 0x6, 0x9}, {0x3, 0xef, 0xff, 0x3}, {0x0, 0xef, 0x49, 0x7}]})

31.043784145s ago: executing program 0 (id=2126):
r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$BTRFS_IOC_RM_DEV_V2(0xffffffffffffffff, 0x5000943a, &(0x7f0000000640)={{}, 0x0, 0x0, @inherit={0x0, 0x0}, @name="fb41d0bccf751a0046c50e2c9d5552e4e556499e39cacaf9f03a1a9467e9b51ccb457ef7ce9abc7fe03af496ff80bb548428563d69d839869323b9fa1108daea698ceba38a1bd7680ffeee4f104da9dcfdf21f51feecfb505161309ffe71772da089dad4e773734455322d7ee92d3c9b08de4d49dc2db3e0721c4259b9cfde2634b85a447cc0199eb9dad7c70482e1591d2e92f0ce7d522703d29d0244114e4643557bd58b8c7b4db792b0d830fb80677f4938bb722da1624ee444eec7dc100efa7a4f9357346a2945fb56815b27378a4095feb395e45c9c2f6fe7c082ea8e4b7cd66106469bf166c721acb4c1369c2ab3aecdc4fa2e85b382f9350e28bf059c2d8c42982d176c72066a5be9cde486e805cdd19c368a7de425fc347fecbe09ad1aa668158290f0fb406b84ec2d9059954c658bf755be9fa196efdac11b40879f66b4a1a72550657a652c99ed108e39468113cb2ae00d43771aaf99c7c72a2014fe394ae10251d82365f8eb73571bf0c1d443b1cf76b7319e18e2fbcf21e8099d9e47709c580d6e25ec39f9ded643855fb9e16eea85e74263898510248d06fef434fe2890b29e0a68aa2071c4d89b74b5a66fe252824923e4b1eb544e42735f52f0ac1889a1bee6abb0013a89f88096e9a67f1e7491e8af0ccbf930bf9992fac3eb188ce38f57fa995f5b486e25005b1d527400bcbe73fe19ddcd1e48a1e587e81207912a054a0359a19927baf13c49c529f2e06b3a1fa2d7d427e5292d517b647656283384923bcaa8081194252f1aebfeaba627350c61b2802b4c9010f5eb3f7071b2ae51eac7524412c184bfa55b4bf97afe34e32aa9c10aefa0a3fcd9db348752d09b9ffb0e8a3c29dc361d1a0f066a47d883accd4bc95e7f8d525c0d37bc06523a806a333711d80d79fb50dc3c8dc5f485da7592930148a6330be6b02deeeca484f8065c50516278d5217136e3fce6534f277dadef5bc9dbc070354fc9143e8044cac5f68e7917de6a3e7c7f0e68303df6f4b7549e58c8f25af459d6a6caa201c49a34aa8769e7a2c035417aeb18f17e085a61e27efd6bfd5e8d7f74479e73cd4a8b493ac1b6ac8ea54f44214d06324bc30457a7ac523ee688ee97024b433f788538a0a548e7d22aa9405165dbbbfa7509bd18e02e6a398fc8937eb47b97c160b2edc3277229d32de00ec7ac1f9fee3d35adddd69d4a4c7920e943c44288d83b122b4c509db02c66d86e8782c1e10259ee06251cdf338670a8c8f526c729add35d5b149cc88b34e36cbbe3b6a38421924a8f3e09d4ce00b3cf943bd77ca342679cab2adb0df82ee294439a1ff6af02b7cf65064ad36a01fb409c4b924ae1363035527855d15454b54f178b26119d58f04fba81f695a75c12ae8b26851cacb0a1d94e0125798b91c1d03137df3660ac10ec4982770d11eff8c74d3c406e1f17190ebaf96b4a281eddc23629f429ee0e561fccd56c1e72a200dce8c2a3733db34ad564c23e525c53786f816f2debf2c35ded162150b214e103ea42d24b28c7d48658991412798ec682feee94dad1cd0bc11c7060c1404ff6f27581f44e9532a780683bf7e02f3ee4733412268d8a6b7ab9a74c4aee2772d8119006bf03e738382a8d729860e6873b9704cef81011c6d553fa9367764f49b781737cb0cff613f5d4419b7a065b19e0c1378e3a9623751d409c7fd6d49c18e8ce85901d76547d01d2526f6014d41094de325db75a98b5290eb4e120c31e2fd4e208ab25c3e217f09270baedb9076eb4d50efe686313e2a1357b4ee19527c231c5cdb7e165ce22053009f3a5d2c86f8ac41938841f3c557366418c68e8c71404de4df886f209676e5220e4c363e536500d3e5967d00ca47aaa3f8cb960961a4fad6dc95816f88df387f822c1a8b99ab7a2392bbcbe641945dde1b97b9310e58c240f7e62dc79449a554d65ab2178ecdd9b41b9a34155c77d6a84bfe2a3326e256d62cb1471d1c9e400f147f293d6fa9c8152e16b9abfe1ad42e8a552c7cb2017042b838373a7d3268740bebbd99f2276978f3b28d06fe5512b821e711750a79301ab7b537c1efbb12f6be8cf7385c97ec13d0d12de5756d7efd9778b40485a813da628837f844588876ac97ee84f5313409eeb62c84804aa3a22aec3c1870821836a49d6e407554a3de1a529ee8e55a4c50967d7d814d0dad4960f3d793dca6bca6164cbce017286a8b9b9e13a3d1cc953f6d91e978f6158be0ca2db580a4249fe9965df847dbc4554f840b133ec28dc20dfa5a88f76a49ee0d07b99cebaa9927ef0756b2bde7b335498da24c6bb2ec34e5b38738bca879aba2222d2ca941aecba84035d177f081252cf47fd350086e694eed1f8ff639527d1171297a5a8b7fe87c4252d9361936805dcfdb8cc5692a216f2bf5e5440b39543f8a17ffb299515eb188489bd021665b96679fea156341ac713d209dde799b4587cb6d7f6e55ddb0ec7fc10fa179081646271d872c884f1860b9e3895465999831bd13fcd3106d486bc4fba59db3dd9ebd69cb41eda68c95912a4dff95a2496e6bdb77ac60676242a5626dd2b5616a32d43f6241189d1a89d2818bf64842b813b8ad97dff6a11fed2ff1b9d01af7ff4c878fa5be2c6bf1757fd01c8f2661ef2c0a3dad6d8f61deda9d7c00a76b27bd5a8d3764e623e446dabb77495a88151e274e001c3ecdac00d1147e12a7cf339d9ba9fe586b800e4282b14ebd46abbfab251de89a894504f33545d47e7f18d571c20f3d8bb513f5f5937b381e491ada77149bf5790c9b2e3b7b295549bd798db09e2a9a3c3f8e8073156a5bcc6de858080ea79481d310f7ba27c922843daa6cb99a5a06f4aadf082df2ef03397cfdcc4d26909b539a493df881c098e12e0686ce1da41d6abdff0a79e64c1e51f293e2d695b0a47b405c66d6975d46521fef50b5401cf8c2aff9085386137690535822d067ca4cf366c6b0a0e4ec5ab9744aa0cb2eb0509c2cc537d529dbd62e3e50559ba16773cbbe2eae84382a0d3e6d048b05cd366cdc8642e9be3f711ae981f468c506bb810ef8b2caa0fce108243971a08fa9c2ec23b0108a41403ea6579badd4bf7e65d7a3e91fa49e3c190f36f5126014fab9290bc94bd2c7013f906d65d962c37ed9b8da775fad1dd49ad1fadc20de0fb0924e41e4cf7753212ea08df665f33952b057c6e5713d5c2b55a03d345e797d25031777e1eb7f610904e8b28a76fcd9db1b83814f264ef09a3531dc6f96344caae66c2818f3635f67adc67e35293feb0da7bc1d2d5740693b7e84ba32240a3e6d0d408e80b3ae1357d47dd420897a964d1b8a683105c6b94005e48631cc5049168ee7d42fef05d901aedfe41dd9d4390cdbd45d7f4d327040eec78bbbf23de4590b32c5b964ab441552780cc41f4de97198be093cfdb52c53a1defdaee36eab99362dc22785dd54837e7d0e6c7c29b448575abc2a5130776141e8766283ad11370e0b85d045012a0e0c359e5d67019c1f2866869b3b2abd647d3047c88d96bd40b63e9efe6ba687d94bd42c72e14f055dc0ae8d0f90c048779f31585d29f38ee34118c346e3c3b00d6a12e6d8e409ae8b1d9d90bce6eeb4a6ed8357cb5fe8cee9089738a5352bd26bc2437ae74a0d48e8906f78b3473ede88bcf783f7c2d9ce0597e3fb9badca65c3973ae2a29a2c18e6019f23af887dc5ec7a68bb8e9d4314f0540025374933c998433f6173fe0986d9b1d2722d5de797a9aa9ffdeaa4a7f1dd2a36824c79c718cc6f40ca2f9ed8c3a4fd868312104b42a16ba487ec14d49e066a6b5df245413b3fda323245d1b3c665e6298488d836b230de37f1490d47586498e3778152365a43476026d6c82f4e88bac9c9a47ed949441b3a9292d87ccec28bf4ecc974e96a2e8f66c23c31529d78c1c53751c90c9368d1700dae1370f8c849e46e9d89d210871de6dcf621e971f4bae4f1d2fb71ffc91c9117f94908f467a42966ec8fbdefe4374ae9312e23679891d30e985252f07d3dbd1fabc559cddb26d254383a9a500d294aede9eafc3c8e6d5ec96cd909e5bb63d46f412c07511bfd79710f1ee986cac52ce3228b771e2083e55f5b8639cdfeda1faef7a84aa46d45d9fb7580bd5f356028c5272a8fb599993763e99ce2f287411982ee39dd45c0e58c1736b02393272f4fd51166bb21a980d29c63c8fe8131245063fea61ada455dca49739eb1386110c255db2d46443438e652b4c3c277490ac31c2904bc8859cb70733e5fc2ee9bbc180ea1e0b1ee67708531ea8e913d0c0d7d05a59adcfbc39693eccd2f1d8011e5dfec89c7d7b94012f60ecfcdf133527f9459609343107ff030b546e4158ffbfeaafe7efad5181cce3ab492074d225d247f0376c7eb742dd730d16a3eda2c4c516a2000eacaa79e89b3d1e5087301ef4e819817dd79df8d9720a5ad3089175fde4aad534aca926eb99e3657edd380645e1cf8331b4a5026c7bc8a8477689590424506e904f12344dcbe8d32a46f360c2ce4108800e8954d7d94d301b3f2a699b233bc1d1a42b34760192b9fb476101d8fdace62548bbb75b9b619d5978296c47085d462082cf48c27cfe7a76b265ad2f11ebcfa731f237e7acb32dc7bdc8ed689c4f2baf1d85175e04e82938992645a30340413867eb858c2de87772bb9d1173e3fc2d7696142d1fd2b1cc4f3e15e6e59d718f9c1203c42339a8750f618448ab2966b218fe1dbdb49c9e534102d699b36914dc6ebc9a7a401baf4397b616ba1b3e6bb34c9656445e31e929a76d242fdcc5f084371e382e172e8416bb7190a2fd61b87c9f14f6e8a6298f3912f205223e0e643e65c3f323698107ac605cdb7c7bf375e266682e2e209c654dcd777d5d35d61f0cc32d2cc5a2720f6b7dcf46c6f571ace0b743d76f2ac4701ac0b99be1a6e2174e8146b6ea0b0d1184a793b40d54a630d49d972ac3f5b0901901f658160e41f8d8cacbc9a3a5613457854ba6bcafbc635d78a28b8ccb5dea4cfbf7e63dff00ca32c9847994702078542c72cb9839a15557adea828492b6f424075bcfaf577922e68f233a6909c46aebb762c526f20afa2463015547538865f4b236d614f4ddecf7fde084b974bccf845070eb925a335432e88da312829439572dab86d691ec99c5611b528fad9dfdbb1a7f6e428dda8e8d01b2b23a5e781a81f6cfa7b79c42f7c1b0d11cf6ecb27efe7b6af2c50dedf554ecb745c00614ca27203282adc46c2ae1611daa0ba22db3083b703b4274d8d62eb86ea61560df905ff3aeee3bae0ef22ab7553bb0e1351e4323522f98c651b84bfa2a6da184ef739061e09af9ee23296189429a963ebe59d8908b4f5c3b5eb08827ddff176f8d355f9d79ac688af1c4e36c01f76365198e068c266182603bc29cd6f4b8f09502d9739c8d73a496e6877b9f68a1de20f3544d9d30c716b8b5c042695e6cfde5083ee09d1d10f438ddd9a25656383cf406b62db27b243eb044099c1482f8e3bd5de5071d77b68f969b758c9ad412303f6b0bac13cbbcfab98e1a0f5b754972625f694cfa2f6553dfff692a9f0577d67307ee2ae37a1753e003f410c0cd8ed1928b06bf005203a52e21ca6411863185dbb65861de36ed9eeb30207777b761093d8b575b755fa01708645c0e4cf19dbd43e5f64cd18350eb9c668b923fad3ee2da716e313528746da62a901d0fee4ed6228b9bd3ec3d5d"})
sendmmsg$sock(0xffffffffffffffff, &(0x7f0000003780), 0x0, 0x40080)
openat$ttyprintk(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r2 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000280), 0x22802, 0x0)
writev(r2, &(0x7f0000000000)=[{&(0x7f0000000380)='\r', 0x160a}], 0x1)
read$FUSE(r1, 0x0, 0x0)
r3 = syz_open_dev$vbi(&(0x7f00000000c0), 0x3, 0x2)
ioctl$VIDIOC_G_FBUF(r3, 0x802c560a, &(0x7f00000001c0)={0x1, 0x0, &(0x7f0000000100)="60a2d84e529994fda5a6000517345a22a22b82e12432a28332b6ef45617389ed7f79660ef90dfdbc5ca6330cddbe12ddd021e683a354bb3ba37c0d08533b172c53067d08b7d1d7a8fd9765474f7c1b962a4c7f3489025d436c16e79d4c5f48180e3417858ce46b29621425679d61ab748e98bbf15e4be792e433dba9ee07c0641f399ff905908833d5b26f5f87587dcb2e5f20888df796", {0x7, 0x2, 0x20363159, 0x0, 0xba, 0x3, 0x6, 0x60000}})
ioctl$PPPIOCGMRU(r1, 0x80047453, &(0x7f0000000080))
write$FUSE_INIT(r1, &(0x7f0000000000)={0x50, 0x0, 0x0, {0x7, 0x27, 0x0, 0x0, 0x0, 0x0, 0x1ff}}, 0x50)

30.930940148s ago: executing program 0 (id=2130):
r0 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7fffffff, 0x400, 0x1, 0xd, 0x1, 0x6, 0x6}, 0x1c)
recvmmsg$unix(r0, &(0x7f0000003100)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}}], 0x1, 0x0, 0x0)
sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000004c0)={0x14, 0x9, 0x6, 0x201, 0x0, 0x0, {0x2, 0x0, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x30008092}, 0x4000080)
setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xa, &(0x7f0000000080)=0x1, 0x4)
sendmmsg(r0, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1, 0x0, 0x700}}], 0x400000000000181, 0x9200000000000000)

30.040848591s ago: executing program 0 (id=2133):
syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB="040f0100000604"], 0x7)
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000000)={{0x1, 0x1, 0x18, <r0=>0xffffffffffffffff, {0xfb}}, './file0\x00'})
ioctl$EVIOCGUNIQ(r0, 0x80404508, &(0x7f00000000c0))
r1 = openat$nvme_fabrics(0xffffff9c, &(0x7f0000001140), 0x20402, 0x0)
pipe(&(0x7f0000000300)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
write(r3, &(0x7f00000001c0), 0xfffffef3)
pipe(&(0x7f0000000080)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
write(r5, &(0x7f00000001c0)='4', 0x1)
tee(r4, r3, 0x3, 0x0)
setsockopt$MRT_DEL_MFC_PROXY(r4, 0x0, 0xd3, &(0x7f0000000040)={@private=0xa010100, @remote, 0x0, "32e77bcb559c86287e55d34bfbd6ee3b05ef7913f146f930d712134803e94e00", 0x7fffffff, 0x3ff, 0x0, 0x6}, 0x3c)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x101091, 0x0)
r6 = socket$caif_stream(0x25, 0x1, 0x0)
r7 = dup(r6)
r8 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='mounts\x00')
syz_open_dev$MSR(&(0x7f0000000100), 0x3, 0x0)
mount$9p_fd(0x0, &(0x7f00000001c0)='.\x00', &(0x7f0000000180), 0x0, &(0x7f0000000040)={'trans=fd,', {'rfdno', 0x3d, r7}, 0x2c, {'wfdno', 0x3d, r8}})
mount$bind(&(0x7f0000000280)='./file0\x00', &(0x7f0000002100)='./file0/file0\x00', 0x0, 0x2187017, 0x0)
close(r2)
write$P9_RXATTRCREATE(r1, 0x0, 0x12)
openat$apparmor_task_current(0xffffff9c, &(0x7f0000000140), 0x2, 0x0)

29.820044107s ago: executing program 0 (id=2135):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) (async)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0) (async)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x3) (async)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
timer_create(0x0, 0x0, 0x0)
r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x5a00, 0x0) (async)
r2 = epoll_create(0x6)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000040))
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0) (async)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000780)=ANY=[@ANYBLOB="fc00000019000100000000000000000000000000000000000000000000000000fc01000000000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000044000500ac141400000000000000000000000000000000003c000051f3000000000000000000000000000000000000000000000001"], 0xfc}}, 0x0) (async)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r4, 0x0, 0x7, 0x0, &(0x7f0000000680)="e0b9547e514b98", 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x4c) (async)
syz_open_dev$sndpcmp(&(0x7f0000000200), 0x0, 0xa2c65) (async)
syz_emit_ethernet(0x7a, &(0x7f00000003c0)=ANY=[@ANYBLOB="ffffffad4c6fffdff2dd1c00810048000800450000680000eaffff009078ac1e0001ac1414aa05009078000000004100000100000000006c0000ac14143be00000029404000007ff7f0000000000000101000000007f000001e0000002ac141440ac1e00010a01010064010102ac1414110009eeb315b0e18750"], 0x0) (async)
r5 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r5, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f03002a000b11d25a806c8c6f94f90424fc601000407a0a000600053582c137153e37000c1180fc0b2f000300", 0x33fe0}], 0x1, 0x0, 0x0, 0xa}, 0x0)
openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) (async)
r6 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r6, 0xaf01, 0x0) (async)
r7 = eventfd(0x4)
ioctl$VHOST_SET_VRING_BASE(r6, 0x4008af12, &(0x7f0000000080)={0x1, 0x7b}) (async)
ioctl$VHOST_SET_LOG_FD(r6, 0x4004af07, &(0x7f0000000240)=r7) (async)
ioctl$VHOST_SET_VRING_KICK(r6, 0x4008af20, &(0x7f0000000040)={0x1, r7}) (async)
r8 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r8, 0xc018aa3f, &(0x7f0000000380))
setsockopt$RDS_GET_MR_FOR_DEST(0xffffffffffffffff, 0x114, 0x7, &(0x7f0000000440)={@in6={0xa, 0x4e20, 0xfffff001, @remote, 0x2}, {&(0x7f0000000100)=""/15, 0xf}, &(0x7f0000000140), 0x75}, 0xa0)

29.620274909s ago: executing program 0 (id=2136):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_DEL(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000300)={0x34, 0xa, 0x6, 0x101, 0xd000000, 0x0, {0x1}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_ADT={0x4}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_LINENO={0x8}]}, 0x34}}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000280), 0x2, 0x0)
ioctl$VHOST_SET_OWNER(r1, 0xaf01, 0x0)
socket$inet_smc(0x2b, 0x1, 0x0)
epoll_create1(0x0)
socket$inet_smc(0x2b, 0x1, 0x0)
openat$ipvs(0xffffffffffffff9c, &(0x7f0000000200)='/proc/sys/net/ipv4/vs/nat_icmp_send\x00', 0x2, 0x0)
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800}, 0x0, &(0x7f0000000140)={0x1ff}, 0x0, 0x0)
ioctl$VHOST_RESET_OWNER(r1, 0xaf02, 0x0)

29.575685933s ago: executing program 34 (id=2136):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_DEL(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000300)={0x34, 0xa, 0x6, 0x101, 0xd000000, 0x0, {0x1}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_ADT={0x4}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_LINENO={0x8}]}, 0x34}}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000280), 0x2, 0x0)
ioctl$VHOST_SET_OWNER(r1, 0xaf01, 0x0)
socket$inet_smc(0x2b, 0x1, 0x0)
epoll_create1(0x0)
socket$inet_smc(0x2b, 0x1, 0x0)
openat$ipvs(0xffffffffffffff9c, &(0x7f0000000200)='/proc/sys/net/ipv4/vs/nat_icmp_send\x00', 0x2, 0x0)
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800}, 0x0, &(0x7f0000000140)={0x1ff}, 0x0, 0x0)
ioctl$VHOST_RESET_OWNER(r1, 0xaf02, 0x0)

3.72948672s ago: executing program 5 (id=2334):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, 0x0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r1, 0x0, 0x0)
setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r1, 0x6, 0x14, &(0x7f0000000080)=0x1, 0x4)
setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x1, &(0x7f0000000140)=@gcm_128={{0x303}, "00000100ebffffff", "2607080d7f4fcf00fd4ef2dece6c7c58", '\x00B\x00', "006e34e400"}, 0x28)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000200)={0x8, 0x4}, 0x8, 0x10, &(0x7f0000000240)={0x3, 0x4, 0x3, 0x6}, 0x10, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000340), 0x10, 0x37, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
syz_clone(0x800c000, &(0x7f0000001480), 0x0, 0x0, 0x0, 0x0)
setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f0000000040), 0x4)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2)
socket$inet_tcp(0x2, 0x1, 0x0)
sendto$inet6(r1, &(0x7f00000001c0), 0xfffffffffffffede, 0x0, 0x0, 0x3000137)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a5800008df644f8a4d78e73c77fbc8400160a03020000000000000000020000000900020073797a30000000000900010073797a30000000002c0003800800014000000000080002e75df52500180003801400010073797a5f74756e0000000000000000001400000011000100"], 0x80}}, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000000)={'macsec0\x00', <r7=>0x0})
sendmsg$nl_route(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB="3c000000100001000000000000f817fa350e3d866d24848ff7e3fc833258562d97760032", @ANYRES32=r7, @ANYBLOB="00000000000000001c0012800b0001006d616373656300000c00028005000f0001000000"], 0x3c}}, 0x0)
syz_emit_ethernet(0x14, &(0x7f0000000300)=ANY=[@ANYBLOB="aaaaaaaaaaaa0180c20000008864"], 0x0)

2.870978373s ago: executing program 6 (id=2339):
openat(0xffffffffffffff9c, &(0x7f0000000640)='.\x00', 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
iopl(0x3)
socket(0x2, 0x3, 0xff)
openat$cdrom(0xffffff9c, &(0x7f0000000040), 0x0, 0x0)
syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_confirm_req={{0x33, 0xa}}}, 0xd)
ioperm(0x0, 0x9, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f0000000200)=@framed, &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
syz_emit_vhci(0x0, 0x0)
sendmsg$IPSET_CMD_FLUSH(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="5c000000040605000000000000000000030004000900020073797a3200000000090002000100000000000000050001000700000005000100070000000900020073797a310000000005000100070000000900020073797a30"], 0x5c}}, 0x0)

2.870004355s ago: executing program 6 (id=2341):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) (async)
r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000100)={0xd, 0x3, &(0x7f0000000000)=@framed, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xe, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000500)={r1, 0xe0, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000200)=[0x0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10) (async)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100))
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) (async)
r3 = dup3(r2, r0, 0x0) (async)
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) (async)
r5 = socket$unix(0x1, 0x1, 0x0)
r6 = dup(r5)
write$UHID_INPUT(r6, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000300)={'wlan0\x00'}) (async)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r4, 0x0) (async)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f00000002c0)={0x73622a85, 0x10a}) (async)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0}) (async)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000240)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x18, 0x18, &(0x7f0000000440)={@fd={0x66642a85, 0x0, r0}, @ptr={0x70742a85, 0x0, 0x0, 0x0, 0x0, 0xf}, @fd={0x66642a85, 0x0, r0}}, &(0x7f0000000200)={0x0, 0x18, 0x40}}}], 0x0, 0x0, 0x0})

2.798059815s ago: executing program 5 (id=2344):
sched_setscheduler(0x0, 0x1, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ip_tables_names\x00')
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f00000001c0))
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000280)=[@increfs], 0x0, 0x0, 0x0})
r3 = dup3(r2, r1, 0x0)
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000692000/0x6000)=nil, 0x6000, 0x1, 0x11, r4, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f00000002c0)={0x73622a85, 0x10a})
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000300)={0x4c, 0x0, &(0x7f0000000540)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000680)={0x0, 0x0, 0x0, 0x1, 0x1000000000000, &(0x7f0000000340)="cb"})
read$eventfd(r0, &(0x7f0000000280), 0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
syz_open_dev$sndpcmp(0x0, 0xfffffffd, 0x408083)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f00000700000000000000", @ANYRES32, @ANYBLOB="000000eb00"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/25], 0x48)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000400007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='sched_switch\x00', r8}, 0x10)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r9, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[@ANYBLOB="14000000", @ANYRES16=r10, @ANYBLOB="796100001000000000007e000000"], 0x14}}, 0x0)
socket$netlink(0x10, 0x3, 0x14)

2.797937593s ago: executing program 6 (id=2345):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x4, 0x8, &(0x7f0000000040)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0x2e}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r0}}]}, &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x0, 0xe40, 0x0, &(0x7f0000000900)="e02742e8680d85ff9782762f0800", 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) (fail_nth: 8)

2.670630762s ago: executing program 6 (id=2348):
openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000180)='pagemap\x00')
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mprotect(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000240)='clear_refs\x00')
writev(r2, &(0x7f0000000100)=[{&(0x7f0000000000)='4', 0x1}], 0x1)
mprotect(&(0x7f00004a4000/0x800000)=nil, 0x800000, 0x2)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x7)
socket$inet_udp(0x2, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
syz_open_dev$sndctrl(0x0, 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x6609, 0x0)
syz_emit_ethernet(0x5e, &(0x7f0000000000)={@local, @link_local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "122d92", 0x28, 0x3a, 0xff, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, '\x00', @loopback={0xfeffffff00000000, 0x1ff0000aa}, @private2}}}}}}, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000000240), 0x0, 0x3, 0x0)
recvfrom$inet_nvme(0xffffffffffffffff, &(0x7f0000000400)=""/81, 0x51, 0x2000, &(0x7f0000000480)=@hci={0x1f, 0x3, 0x1}, 0x80)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="140000001000010002000000000000000000000a20000000000a05000000000000000000010000000900010073797a300000000054000000090a010400000000000000000100000008000a40000000000900020073797a31000004000900010073797a300000000008000540000000040c00098008000140000000040c001180"], 0x9c}}, 0x0)
pread64(r0, &(0x7f000001a240)=""/102400, 0x19000, 0x100008)

2.570583134s ago: executing program 6 (id=2349):
openat(0xffffffffffffff9c, &(0x7f0000000640)='.\x00', 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
iopl(0x3)
socket(0x2, 0x3, 0xff)
openat$cdrom(0xffffff9c, &(0x7f0000000040), 0x0, 0x0)
syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_confirm_req={{0x33, 0xa}}}, 0xd)
ioperm(0x0, 0x9, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f0000000200)=@framed, &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
syz_emit_vhci(0x0, 0x0)
sendmsg$IPSET_CMD_FLUSH(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="5c000000040605000000000000000000030004000900020073797a3200000000090002000100000000000000050001000700000005000100070000000900020073797a310000000005000100070000000900020073797a30"], 0x5c}}, 0x0)

2.570229954s ago: executing program 6 (id=2350):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket(0x28, 0x5, 0x0)
connect$vsock_stream(r1, &(0x7f0000000080), 0x10)
sendmmsg(r1, &(0x7f0000000100)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000000)="1b", 0x40000}], 0x1}}], 0x1, 0x24008094)
syz_usb_connect(0x2, 0x9a2, &(0x7f0000000300)=ANY=[@ANYRES32=r1], 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000003580)=ANY=[], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000000)={0x4800}, 0x10)
sendmsg$nl_generic(r4, &(0x7f0000000240)={0x0, 0xffffffffffffff4a, &(0x7f0000000200)={&(0x7f0000000080)={0x18, 0x16, 0xa01}, 0x78}}, 0x0)
recvmmsg(r4, &(0x7f0000003980)=[{{0x0, 0x0, 0x0}}], 0x3, 0x0, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000280)=@newtaction={0x14, 0x30, 0x200, 0x800000, 0x25dfdbfd}, 0xffffffffffffff8b}, 0x1, 0x0, 0x0, 0x20000001}, 0x800c1)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r2}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1e00000004000000070000000200000081240000", @ANYRES32, @ANYBLOB="0200000000000000000000000013000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0700000000000000000000000400"/28], 0x48)
r5 = socket(0x10, 0x3, 0x0)
getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r6=>0x0}, &(0x7f0000cab000)=0xc)
setresuid(0x0, r6, 0x0)
mq_open(&(0x7f0000000140)='\xa7\xa5', 0x40, 0x41, &(0x7f00000001c0)={0x0, 0xc2, 0x8})
r7 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32=0x0, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000d8af2fcb00"/28], 0x48)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000000000f7850000002d00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r8}, 0x10)
listxattr(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r7, @ANYBLOB="0000000000000000b70400000800000085000000950000002f1e3a1485a30b43"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
renameat2(0xffffffffffffffff, &(0x7f0000000040)='./file0/../file0\x00', 0xffffffffffffffff, &(0x7f0000000300)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)
r9 = syz_open_dev$evdev(&(0x7f0000000280), 0x4, 0x0)
ioctl$EVIOCGKEYCODE_V2(r9, 0x80284504, &(0x7f0000000180)=""/199)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc)
r10 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
symlinkat(0x0, r10, &(0x7f0000000100)='./file1\x00')
ioctl$NS_GET_PARENT(r10, 0xb702, 0x0)

2.069882482s ago: executing program 2 (id=2352):
r0 = openat$vimc1(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VIDIOC_EXPBUF(r0, 0x2, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, <r1=>0xffffffffffffffff})
r2 = openat$dma_heap(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$DMA_HEAP_IOCTL_ALLOC(r2, 0xc0184800, &(0x7f0000000040)={0x5, <r3=>r1})
ioctl$DMA_BUF_IOCTL_SYNC(r3, 0x40086200, &(0x7f00000003c0)=0x2)
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
connect$bt_l2cap(r4, &(0x7f0000000740)={0x1f, 0x6, @none, 0x8000, 0x1}, 0xe)

2.06935193s ago: executing program 2 (id=2353):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) (async)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000850000002c0000eb17110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000820000009500000000000000"], &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r2, 0x27, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf2ffffff, 0x0, 0x0, 0x0, 0x0}, 0x50)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000008c0)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_NEW_INTERFACE(r0, &(0x7f0000000a00)={0x0, 0x27, &(0x7f0000000980)={&(0x7f00000006c0)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRESOCT=r3, @ANYRES32=r1, @ANYRES32, @ANYBLOB="140004006e696376663000000000000000000000080005"], 0x38}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000180), 0x280183, 0x0) (async)
r4 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000180), 0x280183, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYBLOB="0000000000000000000000000000000000000000178561866b6915ac47e18129e65fe4b34000a5469282feee1577c5c6ac10fc00ca6900cb61a48ddf49e74030d27c3f4d5fe7dd549f0fe42eefb2c4738fad52e12af40fc680c1956d3e41f281d9e07038761822b9198c1a043e4d8e6ef37752587f4cbb5808a70b68b1cee4c33e660a412c9b8e", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="1b0000000700000000000000b700000000000000", @ANYRES32=r5, @ANYBLOB="0800003bae4a0337fbb1774441c08a645ee400"/35, @ANYRES32=0x0, @ANYRES32=r4, @ANYBLOB="040000000200"/28], 0x50) (async)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="1b0000000700000000000000b700000000000000", @ANYRES32=r5, @ANYBLOB="0800003bae4a0337fbb1774441c08a645ee400"/35, @ANYRES32=0x0, @ANYRES32=r4, @ANYBLOB="040000000200"/28], 0x50)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f0000000c40)=ANY=[@ANYRES16=r2], &(0x7f0000000340)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0x2}, 0x8, 0x10, &(0x7f0000000100), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$ENABLE_STATS(0x20, 0x0, 0x0) (async)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r7, 0x1f2f, 0xf, 0x3ce, &(0x7f00000007c0)="9f44948721919580684010a486dd", 0x0, 0x23b, 0x0, 0xb1, 0x0, &(0x7f0000000700)="389ceff69d08b0af1cc71b6262d50660bbaf31a7f8cd6a6f911beb65d5fe6b54bf21a66489121f24fefd198059288c9b735e1898e77a7469489a249292c02a72bc193a3008ebdbf4e9dd4ee8fcceef55402c913c8dd0ebece1330aaa93ece835c5044a246a5967e3acd7c950b3b19f351830e545eb9bc3a9c6dd22ce97f1f857cfe8b68a2370b69ea336006b589368f92deb68f3dfc6f2bfee09f8342da437fce5dcdf658e453e3132bb42067575318c39"}, 0x23)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000018000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f00000001c0)='sys_enter\x00', r8}, 0x10) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f00000001c0)='sys_enter\x00', r8}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x16, 0x14, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000018110000", @ANYRES16=r0, @ANYRES16=0x0], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r9 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r9, 0x0, 0x0)
io_setup(0x9, &(0x7f0000000100)) (async)
io_setup(0x9, &(0x7f0000000100)=<r10=>0x0)
r11 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
io_submit(r10, 0x1, &(0x7f0000000040)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x5, 0x0, r11, 0x0}])
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0x0, 0x0, &(0x7f0000000240)='GPL\x00', 0xffffffff, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0x0, 0x0, &(0x7f0000000240)='GPL\x00', 0xffffffff, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000240)=ANY=[@ANYBLOB='1-1,'], 0x31)
ioctl$UFFDIO_COPY(r4, 0xc028aa03, &(0x7f0000000080)={&(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x2000, 0x3})
openat$sndseq(0xffffff9c, &(0x7f0000001240), 0x0) (async)
r12 = openat$sndseq(0xffffff9c, &(0x7f0000001240), 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_INFO(r12, 0xc0a45320, &(0x7f00000001c0)={0x80, 0x0, 'client1\x00', 0x0, "706283c421ca447c", "b437067509007708e18f85bb3d22ac7a6568af9ebb8891fdffa0225452869ac0"})
ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r12, 0xc0a45320, &(0x7f00000000c0)={{0x80}, 'port1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}) (async)
ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r12, 0xc0a45320, &(0x7f00000000c0)={{0x80}, 'port1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7})
ioctl$KVM_UNREGISTER_COALESCED_MMIO(r4, 0x4010ae68, &(0x7f0000000400)={0x5000, 0x110800}) (async)
ioctl$KVM_UNREGISTER_COALESCED_MMIO(r4, 0x4010ae68, &(0x7f0000000400)={0x5000, 0x110800})

1.910364319s ago: executing program 2 (id=2354):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, 0x0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r1, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, 0x0, 0x0)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r1, 0x6, 0x14, &(0x7f0000000080)=0x1, 0x4)
setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x1, &(0x7f0000000140)=@gcm_128={{0x303}, "00000100ebffffff", "2607080d7f4fcf00fd4ef2dece6c7c58", '\x00B\x00', "006e34e400"}, 0x28)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000200)={0x8, 0x4}, 0x8, 0x10, &(0x7f0000000240)={0x3, 0x4, 0x3, 0x6}, 0x10, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000340), 0x10, 0x37, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
syz_clone(0x800c000, &(0x7f0000001480), 0x0, 0x0, 0x0, 0x0)
setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f0000000040), 0x4)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2)
socket$inet_tcp(0x2, 0x1, 0x0)
sendto$inet6(r1, &(0x7f00000001c0), 0xfffffffffffffede, 0x0, 0x0, 0x3000137)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a5800008df644f8a4d78e73c77fbc8400160a03020000000000000000020000000900020073797a30000000000900010073797a30000000002c0003800800014000000000080002e75df52500180003801400010073797a5f74756e0000000000000000001400000011000100"], 0x80}}, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000000)={'macsec0\x00', <r7=>0x0})
sendmsg$nl_route(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB="3c000000100001000000000000f817fa350e3d866d24848ff7e3fc833258562d97760032", @ANYRES32=r7, @ANYBLOB="00000000000000001c0012800b0001006d616373656300000c00028005000f0001000000"], 0x3c}}, 0x0)
syz_emit_ethernet(0x14, &(0x7f0000000300)=ANY=[@ANYBLOB="aaaaaaaaaaaa0180c20000008864"], 0x0)

1.909923279s ago: executing program 5 (id=2355):
socket$vsock_stream(0x28, 0x1, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="b8000000190001e7"], 0xb8}}, 0x0)
mlock(&(0x7f0000ffc000/0x4000)=nil, 0x4000)
setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x482, &(0x7f0000000040)={0x84, @local, 0x4e23, 0x3, 'sed\x00', 0xe, 0x7, 0x49}, 0x2c)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
r3 = socket$inet_sctp(0x2, 0x5, 0x84)
sendto$inet(r3, &(0x7f00000000c0)="cb", 0x1, 0x4000000, &(0x7f0000000100)={0x2, 0x0, @private=0xa010102}, 0x10)
getsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(r3, 0x84, 0x1c, &(0x7f0000000400)={<r4=>0x0}, &(0x7f0000000440)=0x8)
setsockopt$inet_sctp_SCTP_MAX_BURST(r3, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={r4, 0x80000001}, 0x8)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'lo\x00', <r5=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@getchain={0x24, 0x66, 0xfcd66a900070b359, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x0)
setsockopt$IP_VS_SO_SET_ADDDEST(r0, 0x0, 0x487, &(0x7f0000000000)={{0x84, @initdev={0xac, 0x1e, 0x4, 0x0}, 0x4e21, 0x3, 'lc\x00', 0xa, 0x81, 0x1c}, {@local, 0x4e22, 0x10000, 0xc1, 0x12d5c, 0x12d5c}}, 0x44)
socket$inet_tcp(0x2, 0x1, 0x0)
r6 = syz_open_dev$sg(&(0x7f0000000080), 0x3, 0x200)
r7 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00', <r8=>0x0})
r9 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r9, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000380)=@bridge_dellink={0x3c, 0x13, 0x1, 0x0, 0x0, {0x7, 0x0, 0x0, r8, 0x0, 0x61087}, [@IFLA_AF_SPEC={0x1c, 0x1a, 0x0, 0x1, [@AF_INET={0x18, 0x4, 0x0, 0x1, {0x14, 0x1, 0x0, 0x1, [{0x8, 0x2}, {0x8, 0x1, 0x0, 0x0, 0x8000}]}}]}]}, 0x3c}}, 0x0)
ioctl$SG_GET_VERSION_NUM(r6, 0x2282, &(0x7f00000000c0))

1.780652697s ago: executing program 4 (id=2357):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffe55, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x7, 0x0, 0xffffffffffffffff, 0x20000, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r2 = syz_init_net_socket$nfc_raw(0x27, 0x5, 0x0)
sendmsg$inet(r2, &(0x7f0000003740)={0x0, 0x0, 0x0}, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xc, 0xc, &(0x7f0000000880)=ANY=[@ANYBLOB="1800000000000000000000000000000018150000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b5af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001e00000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f0000000180))
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r3, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000140)="76ea092000000000009bb5606c1e", 0x0, 0x2f00, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x20, 0x4, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000001000040000000000000000079120cde0000000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f00000006c0)={0x0, 0x2, 0x1, {0x0, 0x1}, {0x48, 0xfbff}, @rumble={0xf, 0xff}})
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)=@ipv6_newaddr={0x18, 0x14, 0x2}, 0x18}}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r7=>0x0})
r8 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$IP_VS_SO_SET_STARTDAEMON(r8, 0x0, 0x48b, &(0x7f00000001c0)={0x1, 'veth0_to_bridge\x00'}, 0x18)
getsockopt$IP_VS_SO_GET_DAEMON(r8, 0x0, 0x487, &(0x7f0000000040), &(0x7f00000000c0)=0x30)
sendmsg$NL80211_CMD_JOIN_MESH(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010000000000000000004400000008000300", @ANYRES32=r7, @ANYBLOB="0c0070000700000080000000433c18000303030303030000"], 0x34}}, 0x0)
set_thread_area(&(0x7f00000001c0)={0x2, 0x20000800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})
socket$inet6_udplite(0xa, 0x2, 0x88)
r9 = syz_open_dev$evdev(&(0x7f0000000000), 0x1, 0x8c2b01)
write$char_usb(r9, &(0x7f0000000040)="e2", 0x12d8)
ioctl$EVIOCGKEY(r9, 0x80404518, &(0x7f00000012c0)=""/198)
r10 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000002140)={&(0x7f0000000180)='tlb_flush\x00', r0}, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f0000000400)=ANY=[@ANYBLOB, @ANYRESHEX=r10], &(0x7f00000003c0)='syzkaller\x00', 0x5, 0x0, 0x0, 0x41000, 0x72, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2a7fb7fd, @void, @value}, 0x90)
syz_open_procfs(0x0, &(0x7f00000004c0)='net/wireless\x00')
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x0, 0x400, 0x0, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
unshare(0x62040200)

1.281044982s ago: executing program 4 (id=2358):
openat(0xffffffffffffff9c, &(0x7f0000000640)='.\x00', 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
iopl(0x3)
socket(0x2, 0x3, 0xff)
openat$cdrom(0xffffff9c, &(0x7f0000000040), 0x0, 0x0)
syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_user_confirm_req={{0x33, 0xa}}}, 0xd)
ioperm(0x0, 0x9, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f0000000200)=@framed, &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
syz_emit_vhci(0x0, 0x0)
sendmsg$IPSET_CMD_FLUSH(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="5c000000040605000000000000000000030004000900020073797a3200000000090002000100000000000000050001000700000005000100070000000900020073797a310000000005000100070000000900020073797a30"], 0x5c}}, 0x0)

1.280885728s ago: executing program 4 (id=2359):
r0 = socket$nl_sock_diag(0x10, 0x3, 0x4)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$inet6_mptcp(0xa, 0x1, 0x106)
ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(r0, 0xc0145401, &(0x7f0000000040)={0x0, 0x1, 0x80000000, 0x0, 0x81})
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$igmp(0x2, 0x3, 0x2)
socket$inet6(0xa, 0x1, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="6c0000001000010400d201000072f60000020000", @ANYRES32=r1, @ANYBLOB="0524060000000000300012800b0001006272696467650000200002800c002e00fffff6ffffffffff05000700"], 0x6c}}, 0x840)

1.200931605s ago: executing program 4 (id=2360):
mkdir(&(0x7f0000000280)='./file0\x00', 0x0)
write$FUSE_NOTIFY_STORE(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB='/'], 0x2)
mount$fuse(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0xa6d214, 0x0)
mount$fuse(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0xa6d214, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='mountstats\x00')
read$FUSE(r0, &(0x7f000001c8c0)={0x2020}, 0x160e)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000c0000008500000022000000180100002020732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r1, 0x609, 0xe, 0x0, &(0x7f0000000140)="dd800000000000005d8ec6f10000", 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="1b0000000000000000000000836b000000000000", @ANYRES32, @ANYBLOB="0f00"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0135350000000500"/17], 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={&(0x7f0000000180)="e479077668f4b5464761d75069c322e76771318c746d8d8e88875a5db3c67e0973e99c218417ffa41d29bc055953", &(0x7f00000001c0)=""/51, &(0x7f0000000240)="36a7", &(0x7f0000000280), 0x1, r2, 0x4}, 0x38)

1.200703432s ago: executing program 4 (id=2361):
r0 = add_key$user(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, &(0x7f0000000080)='\x00', 0x1, 0xfffffffffffffffe)
r1 = add_key$user(&(0x7f0000000240), &(0x7f0000000280)={'syz', 0x1}, &(0x7f00000002c0)="d30495a269b77a4d0432a1cb00816669958e22e9990dc32eb097f7c0764d2fafa2ca281cfd29cd56c9d8f62fb890fa4561d5597f80e06d4dd26743060e873563928c1d3a7a8b218a133e194241ca9e7eec210a3ecc0fdd25a4d48b0b8fd50499", 0x60, 0xfffffffffffffffe)
r2 = openat$procfs(0xffffffffffffff9c, &(0x7f00000004c0)='/proc/zoneinfo\x00', 0x0, 0x0)
preadv(r2, &(0x7f0000000600)=[{&(0x7f0000000540)=""/182, 0xb6}], 0x1, 0x8007b9, 0x2)
keyctl$dh_compute(0x17, &(0x7f00000003c0)={r0, r1, r0}, &(0x7f0000000400)=""/166, 0xa6, &(0x7f0000000500)={&(0x7f00000004c0)={'sha1-avx\x00'}})
r3 = openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0)
openat$binderfs(0xffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x400, 0x0)
mmap$binder(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1, 0x11, r3, 0x9)
r4 = io_uring_setup(0x253f, &(0x7f0000000180)={0x0, 0x0, 0x0, 0xffffffff})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
openat$cuse(0xffffffffffffff9c, &(0x7f0000000400), 0x82, 0x0)
io_setup(0xfe, &(0x7f0000000380)=<r5=>0x0)
io_cancel(r5, 0x0, 0x0)
r6 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r6, 0x84, 0x76, &(0x7f0000444ff8)={0x0, 0x7}, 0x8)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r6, 0x84, 0x75, &(0x7f0000000000)={0x0, 0xca}, 0x8)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r6, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c)
sendmmsg$inet6(r6, &(0x7f0000003c40)=[{{&(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000140)="03", 0x1}], 0x1}}], 0x1, 0x0)
r7 = socket$netlink(0x10, 0x3, 0x0)
writev(r7, &(0x7f0000000180)=[{&(0x7f0000000080)="390000001300034700bb65e1c3c6ffff01000000010000005600000025000000190004000400000047fd17e5ffff0800040000000000000000", 0x39}], 0x1)
setsockopt$inet_sctp6_SCTP_RESET_ASSOC(r6, 0x84, 0x78, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_ADD_STREAMS(r6, 0x84, 0x79, &(0x7f00000001c0)={0x0, 0xc2, 0x7}, 0x8)
close_range(r4, 0xffffffffffffffff, 0x0)
r8 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r8, @ANYBLOB="0000000004000000b705000008000000850000006a00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='mmap_lock_acquire_returned\x00', r9}, 0x10)
userfaultfd(0x801)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0))
r10 = getpid()
process_vm_readv(r10, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)

1.008208678s ago: executing program 2 (id=2362):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_wireguard(r0, 0x8933, &(0x7f0000001880)={'wg1\x00'})
r1 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
fcntl$notify(r1, 0x402, 0x80000004)
fcntl$setsig(r1, 0xa, 0x21)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000100), 0x40000, 0x0)

1.007921757s ago: executing program 5 (id=2363):
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000100)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x4, [@func={0x2, 0x0, 0x0, 0xc, 0x2}, @func_proto]}, {0x0, [0x0, 0x5f]}}, 0x0, 0x34, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20) (fail_nth: 8)

972.099746ms ago: executing program 2 (id=2364):
sched_setscheduler(0x0, 0x1, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ip_tables_names\x00')
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f00000001c0))
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000280)=[@increfs], 0x0, 0x0, 0x0})
r3 = dup3(r2, r1, 0x0)
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000692000/0x6000)=nil, 0x6000, 0x1, 0x11, r4, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f00000002c0)={0x73622a85, 0x10a})
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000300)={0x4c, 0x0, &(0x7f0000000540)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000680)={0x0, 0x0, 0x0, 0x1, 0x1000000000000, &(0x7f0000000340)="cb"})
read$eventfd(r0, &(0x7f0000000280), 0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
syz_open_dev$sndpcmp(0x0, 0xfffffffd, 0x408083)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f00000700000000000000", @ANYRES32, @ANYBLOB="000000eb00"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/25], 0x48)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000400007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='sched_switch\x00', r8}, 0x10)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r9, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[@ANYBLOB="14000000", @ANYRES16=r10, @ANYBLOB="796100001000000000007e000000"], 0x14}}, 0x0)
socket$netlink(0x10, 0x3, 0x14)

971.796346ms ago: executing program 5 (id=2365):
r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
times(&(0x7f00000001c0))
socket$nl_xfrm(0x10, 0x3, 0x6)
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0x1100, 0x1})
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs2/custom1\x00', 0x2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r6, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0x1100})
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
r7 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0)
read$FUSE(r7, &(0x7f0000006380)={0x2020}, 0x2020)
dup3(r5, r4, 0x0)
r8 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x800, 0x0)
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x1, 0x11, r8, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001280)={0x18, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000000, 0x12, r0, 0x0)

621.086326ms ago: executing program 4 (id=2366):
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000006ffc)=0x4000000000000200, 0xe50fb6c50bc849c9)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000380)={'geneve1\x00', <r1=>0x0})
bind$packet(r0, &(0x7f0000000040)={0x11, 0x1b, r1, 0x1, 0x0, 0x6, @broadcast}, 0x14)
sendto$inet6(r0, &(0x7f0000000280)="0503092c8f0b48030102", 0xa, 0x800, 0x0, 0x0)
fsopen(&(0x7f00000001c0)='zonefs\x00', 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = openat$rtc(0xffffff9c, &(0x7f0000000000), 0x2040, 0x0)
ioctl$RTC_SET_TIME(r4, 0x4024700a, &(0x7f0000000040)={0x30, 0x25, 0x1, 0x7, 0x5, 0x6, 0x4, 0x103, 0xffffffffffffffff})
ioctl$KVM_SET_PIT2(r3, 0x8010aebb, &(0x7f0000000280)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, {0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x22}], 0x5})

601.850056ms ago: executing program 35 (id=2366):
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000006ffc)=0x4000000000000200, 0xe50fb6c50bc849c9)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000380)={'geneve1\x00', <r1=>0x0})
bind$packet(r0, &(0x7f0000000040)={0x11, 0x1b, r1, 0x1, 0x0, 0x6, @broadcast}, 0x14)
sendto$inet6(r0, &(0x7f0000000280)="0503092c8f0b48030102", 0xa, 0x800, 0x0, 0x0)
fsopen(&(0x7f00000001c0)='zonefs\x00', 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = openat$rtc(0xffffff9c, &(0x7f0000000000), 0x2040, 0x0)
ioctl$RTC_SET_TIME(r4, 0x4024700a, &(0x7f0000000040)={0x30, 0x25, 0x1, 0x7, 0x5, 0x6, 0x4, 0x103, 0xffffffffffffffff})
ioctl$KVM_SET_PIT2(r3, 0x8010aebb, &(0x7f0000000280)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, {0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x22}], 0x5})

496.037967ms ago: executing program 7 (id=2367):
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
munlockall()
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00003, 0x8)
r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='smaps_rollup\x00')
lseek(r0, 0x4, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IP_VS_SO_SET_TIMEOUT(r1, 0x0, 0x48a, &(0x7f0000000100)={0xe, 0x6, 0x3}, 0xc)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f0000000200)=@framed, &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='contention_end\x00', r2}, 0x10)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$TCSETS(r3, 0x40045431, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, "ff00f7000000000000000000af88008300"})
r4 = syz_open_pts(r3, 0x141601)
write(r4, &(0x7f0000000000)="d5", 0xfffffedf)
ioctl$TCSETSF(r4, 0x5404, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, "7823d5f2fd71a6a76177920ea7e60c0ac7a4a5"})
close_range(r1, 0xffffffffffffffff, 0x0)
r5 = socket$kcm(0x10, 0x3, 0x10)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket$packet(0x11, 0x2, 0x300)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r7, 0x8933, &(0x7f0000000000)={'batadv0\x00', <r8=>0x0})
r9 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r9, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)=@getchain={0x24, 0x11, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r8}}, 0x24}}, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="4800000010003b1500"/20, @ANYRES32=r8, @ANYBLOB="0000000000000000280012800a000100767863616e000000180002801400010000000000", @ANYRES8=r6], 0x48}}, 0x0)
sendmsg$kcm(r5, &(0x7f0000000000)={0x0, 0xffffff0a, &(0x7f0000000080)=[{&(0x7f0000000040)="c018030031000b12d25a80648c2594f90124fc60100c074002200600053582c137153e370248078000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r10 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r10, 0x40045532, &(0x7f0000000040))
r11 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0)
r12 = syz_open_dev$sndpcmp(&(0x7f00000001c0), 0x0, 0xa2c65)
write$RDMA_USER_CM_CMD_CREATE_ID(r11, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0xffffffffffffffff, 0x0, 0x13f}}, 0x20)
ioctl$SNDRV_PCM_IOCTL_REWIND(r12, 0x40044146, &(0x7f00000002c0)=0x2f69)

314.381531ms ago: executing program 7 (id=2367):
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
munlockall()
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00003, 0x8)
r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='smaps_rollup\x00')
lseek(r0, 0x4, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IP_VS_SO_SET_TIMEOUT(r1, 0x0, 0x48a, &(0x7f0000000100)={0xe, 0x6, 0x3}, 0xc)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f0000000200)=@framed, &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='contention_end\x00', r2}, 0x10)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$TCSETS(r3, 0x40045431, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, "ff00f7000000000000000000af88008300"})
r4 = syz_open_pts(r3, 0x141601)
write(r4, &(0x7f0000000000)="d5", 0xfffffedf)
ioctl$TCSETSF(r4, 0x5404, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, "7823d5f2fd71a6a76177920ea7e60c0ac7a4a5"})
close_range(r1, 0xffffffffffffffff, 0x0)
r5 = socket$kcm(0x10, 0x3, 0x10)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket$packet(0x11, 0x2, 0x300)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r7, 0x8933, &(0x7f0000000000)={'batadv0\x00', <r8=>0x0})
r9 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r9, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)=@getchain={0x24, 0x11, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r8}}, 0x24}}, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="4800000010003b1500"/20, @ANYRES32=r8, @ANYBLOB="0000000000000000280012800a000100767863616e000000180002801400010000000000", @ANYRES8=r6], 0x48}}, 0x0)
sendmsg$kcm(r5, &(0x7f0000000000)={0x0, 0xffffff0a, &(0x7f0000000080)=[{&(0x7f0000000040)="c018030031000b12d25a80648c2594f90124fc60100c074002200600053582c137153e370248078000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r10 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r10, 0x40045532, &(0x7f0000000040))
r11 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0)
r12 = syz_open_dev$sndpcmp(&(0x7f00000001c0), 0x0, 0xa2c65)
write$RDMA_USER_CM_CMD_CREATE_ID(r11, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0xffffffffffffffff, 0x0, 0x13f}}, 0x20)
ioctl$SNDRV_PCM_IOCTL_REWIND(r12, 0x40044146, &(0x7f00000002c0)=0x2f69)

160.046441ms ago: executing program 7 (id=2367):
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
munlockall()
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00003, 0x8)
r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='smaps_rollup\x00')
lseek(r0, 0x4, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IP_VS_SO_SET_TIMEOUT(r1, 0x0, 0x48a, &(0x7f0000000100)={0xe, 0x6, 0x3}, 0xc)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f0000000200)=@framed, &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='contention_end\x00', r2}, 0x10)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$TCSETS(r3, 0x40045431, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, "ff00f7000000000000000000af88008300"})
r4 = syz_open_pts(r3, 0x141601)
write(r4, &(0x7f0000000000)="d5", 0xfffffedf)
ioctl$TCSETSF(r4, 0x5404, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, "7823d5f2fd71a6a76177920ea7e60c0ac7a4a5"})
close_range(r1, 0xffffffffffffffff, 0x0)
r5 = socket$kcm(0x10, 0x3, 0x10)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket$packet(0x11, 0x2, 0x300)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r7, 0x8933, &(0x7f0000000000)={'batadv0\x00', <r8=>0x0})
r9 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r9, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)=@getchain={0x24, 0x11, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r8}}, 0x24}}, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="4800000010003b1500"/20, @ANYRES32=r8, @ANYBLOB="0000000000000000280012800a000100767863616e000000180002801400010000000000", @ANYRES8=r6], 0x48}}, 0x0)
sendmsg$kcm(r5, &(0x7f0000000000)={0x0, 0xffffff0a, &(0x7f0000000080)=[{&(0x7f0000000040)="c018030031000b12d25a80648c2594f90124fc60100c074002200600053582c137153e370248078000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r10 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r10, 0x40045532, &(0x7f0000000040))
r11 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0)
r12 = syz_open_dev$sndpcmp(&(0x7f00000001c0), 0x0, 0xa2c65)
write$RDMA_USER_CM_CMD_CREATE_ID(r11, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0xffffffffffffffff, 0x0, 0x13f}}, 0x20)
ioctl$SNDRV_PCM_IOCTL_REWIND(r12, 0x40044146, &(0x7f00000002c0)=0x2f69)

60.261576ms ago: executing program 5 (id=2368):
r0 = socket$nl_sock_diag(0x10, 0x3, 0x4)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$inet6_mptcp(0xa, 0x1, 0x106)
ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(r0, 0xc0145401, &(0x7f0000000040)={0x0, 0x1, 0x80000000, 0x0, 0x81})
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$igmp(0x2, 0x3, 0x2)
socket$inet6(0xa, 0x1, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="6c0000001000010400d201000072f60000020000", @ANYRES32=r1, @ANYBLOB="0524060000000000300012800b0001006272696467650000200002800c002e00fffff6ffffffffff05000700"], 0x6c}}, 0x840)

324.63µs ago: executing program 2 (id=2369):
openat$ppp(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0)
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x840)
r0 = syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/time_for_children\x00')
r1 = getpgid(0xffffffffffffffff)
syz_open_procfs$namespace(r1, &(0x7f0000000080)='ns/net\x00')
syz_usb_connect(0x0, 0x2d, &(0x7f0000000040)=ANY=[@ANYBLOB="1201fb0019b40320d812010079de01ec020109021b0001000003000904000001785e4c00090585020004"], 0x0)
r2 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
read$char_usb(r2, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000002000000000080000000000000", @ANYRES32], 0x48)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=@ipv6_newnexthop={0x1c, 0x68, 0x5fb9a818fb7378e9, 0x0, 0x0, {}, [@NHA_FDB={0x4}]}, 0x1c}}, 0x0)
pwrite64(r0, &(0x7f0000000200)="329296dd5c8ec2c1ea692fe2cd491a19844f511466d5a6a727739fcfe57f2f5de78dc5b6af503a396efc0782581b082f010f5bc4e07532bd60f926ceac74c2b63086c37bf33c04b1e8f29671dcdcc689fc22ad6817ed790871d5cf2f563460fe3218bb5b24125defc652e98eabb818fb285099ccc89a051843cd8731a14ddcad5e6a9008d24e67313a7a805fbf7012aa26787567cdb4771ac17d055d9cbfa3ab3669b7906784e618bc7117e91094bd00b8034a2ca9423f5e17a55c98625687a61556c54b919ac92b77f80337cb5b835569f0b06dfcf35dd92b854d16fc929a1c58dc", 0xe2, 0x2)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000020c0)=@newnexthop={0x28, 0x68, 0x1, 0x3, 0x80000000, {}, [@NHA_GROUP={0xc, 0x2, [{0x1, 0x6}]}, @NHA_FDB={0x4}]}, 0x28}}, 0x4000)
socket$inet_dccp(0x2, 0x6, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
r8 = dup(r7)
ioctl$KVM_SET_MSRS(r8, 0x4048aecb, &(0x7f00000000c0)=ANY=[@ANYRES64=r3, @ANYRES64])
r9 = fsopen(&(0x7f0000000040)='binfmt_misc\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r9, 0x8, 0x0, 0x0, 0x0)
r10 = openat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000340))
mkdirat(r10, &(0x7f0000000040)='./file0\x00', 0x0)
mount(&(0x7f0000000040)=@nbd={'/dev/nbd', 0x0}, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)='xfs\x00', 0x0, &(0x7f0000000140)='grpquota')

0s ago: executing program 7 (id=2367):
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
munlockall()
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00003, 0x8)
r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='smaps_rollup\x00')
lseek(r0, 0x4, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IP_VS_SO_SET_TIMEOUT(r1, 0x0, 0x48a, &(0x7f0000000100)={0xe, 0x6, 0x3}, 0xc)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f0000000200)=@framed, &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='contention_end\x00', r2}, 0x10)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$TCSETS(r3, 0x40045431, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, "ff00f7000000000000000000af88008300"})
r4 = syz_open_pts(r3, 0x141601)
write(r4, &(0x7f0000000000)="d5", 0xfffffedf)
ioctl$TCSETSF(r4, 0x5404, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, "7823d5f2fd71a6a76177920ea7e60c0ac7a4a5"})
close_range(r1, 0xffffffffffffffff, 0x0)
r5 = socket$kcm(0x10, 0x3, 0x10)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket$packet(0x11, 0x2, 0x300)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r7, 0x8933, &(0x7f0000000000)={'batadv0\x00', <r8=>0x0})
r9 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r9, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)=@getchain={0x24, 0x11, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r8}}, 0x24}}, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="4800000010003b1500"/20, @ANYRES32=r8, @ANYBLOB="0000000000000000280012800a000100767863616e000000180002801400010000000000", @ANYRES8=r6], 0x48}}, 0x0)
sendmsg$kcm(r5, &(0x7f0000000000)={0x0, 0xffffff0a, &(0x7f0000000080)=[{&(0x7f0000000040)="c018030031000b12d25a80648c2594f90124fc60100c074002200600053582c137153e370248078000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r10 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r10, 0x40045532, &(0x7f0000000040))
r11 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0)
r12 = syz_open_dev$sndpcmp(&(0x7f00000001c0), 0x0, 0xa2c65)
write$RDMA_USER_CM_CMD_CREATE_ID(r11, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0xffffffffffffffff, 0x0, 0x13f}}, 0x20)
ioctl$SNDRV_PCM_IOCTL_REWIND(r12, 0x40044146, &(0x7f00000002c0)=0x2f69)

kernel console output (not intermixed with test programs):

 00
[  352.220943][T13072] RSP: 002b:00000000f56d655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  352.223315][T13072] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020002ac0
[  352.225283][T13072] RDX: 0000000020040011 RSI: 0000000000000000 RDI: 0000000000000000
[  352.227332][T13072] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  352.229257][T13072] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  352.231236][T13072] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  352.233345][T13072]  </TASK>
[  352.368332][T13078] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2084'.
[  352.444577][T13082] 9pnet_fd: Insufficient options for proto=fd
[  353.304705][T13101] FAULT_INJECTION: forcing a failure.
[  353.304705][T13101] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  353.308060][T13101] CPU: 3 UID: 0 PID: 13101 Comm: syz.2.2098 Not tainted 6.12.0-rc7-syzkaller-00216-gf66d6acccbc0 #0
[  353.311074][T13101] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  353.314090][T13101] Call Trace:
[  353.314969][T13101]  <TASK>
[  353.315783][T13101]  dump_stack_lvl+0x16c/0x1f0
[  353.317107][T13101]  should_fail_ex+0x497/0x5b0
[  353.318440][T13101]  _copy_to_user+0x32/0xd0
[  353.319668][T13101]  bpf_test_finish.isra.0+0x52b/0x680
[  353.321166][T13101]  ? lock_acquire+0x2f/0xb0
[  353.322387][T13101]  ? __pfx_bpf_test_finish.isra.0+0x10/0x10
[  353.324095][T13101]  ? _copy_from_user+0x59/0xd0
[  353.325449][T13101]  bpf_prog_test_run_xdp+0xa13/0x1580
[  353.326875][T13101]  ? lock_acquire+0x2f/0xb0
[  353.327698][T13103] FAULT_INJECTION: forcing a failure.
[  353.327698][T13103] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  353.328135][T13101]  ? __fget_files+0x40/0x3f0
[  353.328151][T13101]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  353.328168][T13101]  ? fput+0x30/0x390
[  353.328184][T13101]  ? __bpf_prog_get+0xa0/0x290
[  353.328196][T13101]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  353.338317][T13101]  __sys_bpf+0x1921/0x5780
[  353.339576][T13101]  ? ksys_write+0x21e/0x260
[  353.340837][T13101]  ? __pfx___sys_bpf+0x10/0x10
[  353.342179][T13101]  ? vfs_write+0x306/0x1150
[  353.343416][T13101]  ? __mutex_unlock_slowpath+0x164/0x650
[  353.344961][T13101]  ? fput+0x30/0x390
[  353.346028][T13101]  ? ksys_write+0x1ad/0x260
[  353.347204][T13101]  ? __pfx_ksys_write+0x10/0x10
[  353.348617][T13101]  __ia32_sys_bpf+0x76/0xe0
[  353.349878][T13101]  __do_fast_syscall_32+0x73/0x120
[  353.351311][T13101]  do_fast_syscall_32+0x32/0x80
[  353.352645][T13101]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  353.354386][T13101] RIP: 0023:0xf7f53579
[  353.355498][T13101] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  353.360801][T13101] RSP: 002b:00000000f56d655c EFLAGS: 00000296 ORIG_RAX: 0000000000000165
[  353.363010][T13101] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000020000240
[  353.365166][T13101] RDX: 0000000000000050 RSI: 0000000000000000 RDI: 0000000000000000
[  353.367264][T13101] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  353.369407][T13101] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  353.371689][T13101] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  353.373863][T13101]  </TASK>
[  353.374722][T13103] CPU: 0 UID: 0 PID: 13103 Comm: syz.4.2099 Not tainted 6.12.0-rc7-syzkaller-00216-gf66d6acccbc0 #0
[  353.377550][T13103] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  353.380678][T13103] Call Trace:
[  353.381555][T13103]  <TASK>
[  353.382331][T13103]  dump_stack_lvl+0x16c/0x1f0
[  353.383569][T13103]  should_fail_ex+0x497/0x5b0
[  353.384805][T13103]  _copy_to_user+0x32/0xd0
[  353.385984][T13103]  simple_read_from_buffer+0xd0/0x160
[  353.387405][T13103]  proc_fail_nth_read+0x198/0x270
[  353.388736][T13103]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  353.390211][T13103]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  353.391643][T13103]  vfs_read+0x1df/0xbe0
[  353.392757][T13103]  ? __fget_files+0x23a/0x3f0
[  353.394003][T13103]  ? fdget_pos+0x24c/0x360
[  353.395163][T13103]  ? __pfx_lock_release+0x10/0x10
[  353.396493][T13103]  ? trace_lock_acquire+0x14a/0x1d0
[  353.397842][T13103]  ? __pfx_vfs_read+0x10/0x10
[  353.399094][T13103]  ? __pfx___mutex_lock+0x10/0x10
[  353.400659][T13103]  ? __fget_files+0x244/0x3f0
[  353.401893][T13103]  ksys_read+0x12f/0x260
[  353.403015][T13103]  ? __pfx_ksys_read+0x10/0x10
[  353.404280][T13103]  __do_fast_syscall_32+0x73/0x120
[  353.405635][T13103]  do_fast_syscall_32+0x32/0x80
[  353.406909][T13103]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  353.408554][T13103] RIP: 0023:0xf7fb3579
[  353.409649][T13103] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  353.414553][T13103] RSP: 002b:00000000f5736590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  353.416694][T13103] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f5736620
[  353.418711][T13103] RDX: 000000000000000f RSI: 00000000f743dff4 RDI: 0000000000000000
[  353.421033][T13103] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  353.423293][T13103] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  353.425434][T13103] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  353.428206][T13103]  </TASK>
[  354.132453][T13129] @: renamed from vlan0 (while UP)
[  354.144271][T13129] netlink: 56 bytes leftover after parsing attributes in process `syz.0.2107'.
[  354.177481][T13134] binder: 13133:13134 ioctl c0306201 20000680 returned -14
[  354.379686][T13142] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[  354.382382][T13142] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  354.393157][T13145] FAULT_INJECTION: forcing a failure.
[  354.393157][T13145] name failslab, interval 1, probability 0, space 0, times 0
[  354.400045][T13145] CPU: 3 UID: 0 PID: 13145 Comm: syz.2.2111 Not tainted 6.12.0-rc7-syzkaller-00216-gf66d6acccbc0 #0
[  354.403360][T13145] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  354.407073][T13145] Call Trace:
[  354.408243][T13145]  <TASK>
[  354.409350][T13145]  dump_stack_lvl+0x16c/0x1f0
[  354.411091][T13145]  should_fail_ex+0x497/0x5b0
[  354.412818][T13145]  ? fs_reclaim_acquire+0xae/0x150
[  354.414686][T13145]  should_failslab+0xc2/0x120
[  354.416423][T13145]  __kmalloc_cache_noprof+0x6b/0x310
[  354.418348][T13145]  ? nf_tables_newtable+0xd79/0x1b80
[  354.420293][T13145]  nf_tables_newtable+0xd79/0x1b80
[  354.422183][T13145]  ? net_generic+0xea/0x2a0
[  354.423850][T13145]  ? __pfx_nf_tables_newtable+0x10/0x10
[  354.425871][T13145]  ? trace_lock_acquire+0x14a/0x1d0
[  354.427775][T13145]  ? __nla_parse+0x40/0x60
[  354.429428][T13145]  nfnetlink_rcv_batch+0x1a28/0x24e0
[  354.431369][T13145]  ? __pfx_nfnetlink_rcv_batch+0x10/0x10
[  354.433422][T13145]  ? __pfx_lock_release+0x10/0x10
[  354.435266][T13145]  ? __local_bh_enable_ip+0xa4/0x120
[  354.437184][T13145]  ? lockdep_hardirqs_on+0x7c/0x110
[  354.439099][T13145]  ? __pfx___dev_queue_xmit+0x10/0x10
[  354.440938][T13145]  ? __nla_parse+0x40/0x60
[  354.442496][T13145]  nfnetlink_rcv+0x3c3/0x430
[  354.444192][T13145]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  354.444336][T13143] FAULT_INJECTION: forcing a failure.
[  354.444336][T13143] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  354.446073][T13145]  netlink_unicast+0x53c/0x7f0
[  354.451789][T13145]  ? __pfx_netlink_unicast+0x10/0x10
[  354.453758][T13145]  ? __phys_addr_symbol+0x30/0x80
[  354.455604][T13145]  ? __check_object_size+0x488/0x710
[  354.457514][T13145]  netlink_sendmsg+0x8b8/0xd70
[  354.459283][T13145]  ? __pfx_netlink_sendmsg+0x10/0x10
[  354.461234][T13145]  ____sys_sendmsg+0x9ae/0xb40
[  354.463015][T13145]  ? __pfx_____sys_sendmsg+0x10/0x10
[  354.464934][T13145]  ? get_compat_msghdr+0x11b/0x170
[  354.466813][T13145]  ? __pfx___lock_acquire+0x10/0x10
[  354.468708][T13145]  ___sys_sendmsg+0x135/0x1e0
[  354.470423][T13145]  ? __pfx____sys_sendmsg+0x10/0x10
[  354.472322][T13145]  ? lock_acquire+0x2f/0xb0
[  354.473542][T13145]  ? __fget_files+0x40/0x3f0
[  354.474760][T13145]  ? fdget+0x176/0x210
[  354.475836][T13145]  __sys_sendmsg+0x117/0x1f0
[  354.477063][T13145]  ? __pfx___sys_sendmsg+0x10/0x10
[  354.478404][T13145]  ? __fget_files+0x244/0x3f0
[  354.479664][T13145]  __do_fast_syscall_32+0x73/0x120
[  354.481023][T13145]  do_fast_syscall_32+0x32/0x80
[  354.482295][T13145]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  354.483938][T13145] RIP: 0023:0xf7f53579
[  354.485023][T13145] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  354.490006][T13145] RSP: 002b:00000000f56d655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  354.492134][T13145] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000200000c0
[  354.494201][T13145] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  354.496295][T13145] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  354.498399][T13145] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  354.500460][T13145] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  354.502587][T13145]  </TASK>
[  354.503502][T13143] CPU: 2 UID: 0 PID: 13143 Comm: syz.4.2110 Not tainted 6.12.0-rc7-syzkaller-00216-gf66d6acccbc0 #0
[  354.506343][T13143] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  354.508789][T13143] Call Trace:
[  354.509716][T13143]  <TASK>
[  354.510507][T13143]  dump_stack_lvl+0x16c/0x1f0
[  354.511748][T13143]  should_fail_ex+0x497/0x5b0
[  354.512997][T13143]  ? fs_reclaim_acquire+0xae/0x150
[  354.514342][T13143]  should_fail_alloc_page+0xe7/0x130
[  354.515725][T13143]  prepare_alloc_pages.constprop.0+0x16f/0x560
[  354.517341][T13143]  ? __pfx_mark_lock+0x10/0x10
[  354.518602][T13143]  ? hlock_class+0x4e/0x130
[  354.519826][T13143]  __alloc_pages_noprof+0x190/0x25a0
[  354.521233][T13143]  ? __pfx_mark_lock+0x10/0x10
[  354.522488][T13143]  ? hlock_class+0x4e/0x130
[  354.523680][T13143]  ? __lock_acquire+0xbdd/0x3ce0
[  354.524995][T13143]  ? __pfx___alloc_pages_noprof+0x10/0x10
[  354.526484][T13143]  ? hlock_class+0x4e/0x130
[  354.527679][T13143]  ? mark_lock+0xb5/0xc60
[  354.528864][T13143]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  354.530417][T13143]  ? policy_nodemask+0xea/0x4e0
[  354.531702][T13143]  alloc_pages_mpol_noprof+0x2c9/0x610
[  354.533141][T13143]  ? __pfx_alloc_pages_mpol_noprof+0x10/0x10
[  354.534681][T13143]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  354.536137][T13143]  folio_alloc_mpol_noprof+0x36/0xd0
[  354.537525][T13143]  vma_alloc_folio_noprof+0xee/0x1b0
[  354.538917][T13143]  ? __pfx_vma_alloc_folio_noprof+0x10/0x10
[  354.540452][T13143]  ? find_held_lock+0x2d/0x110
[  354.541708][T13143]  do_pte_missing+0x202d/0x3e70
[  354.542989][T13143]  __handle_mm_fault+0x100a/0x2a10
[  354.544330][T13143]  ? __pfx_mt_find+0x10/0x10
[  354.545558][T13143]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  354.547049][T13143]  ? __pfx___handle_mm_fault+0x10/0x10
[  354.548489][T13143]  ? find_vma+0xc0/0x140
[  354.549615][T13143]  ? __pfx_find_vma+0x10/0x10
[  354.550851][T13143]  handle_mm_fault+0x3fa/0xaa0
[  354.552122][T13143]  do_user_addr_fault+0x7a3/0x13f0
[  354.553566][T13143]  exc_page_fault+0x5c/0xc0
[  354.554760][T13143]  asm_exc_page_fault+0x26/0x30
[  354.556045][T13143] RIP: 0010:_copy_to_iter+0x52a/0x1400
[  354.557473][T13143] Code: e8 eb a0 04 fd 48 8b 4c 24 18 44 89 e6 48 8b 44 24 28 4c 8d 2c 01 4c 89 ef e8 f2 29 66 fd 0f 01 cb 4c 89 e1 4c 89 f7 4c 89 ee <f3> a4 0f 1f 00 0f 01 ca 4c 89 e0 4d 29 e7 48 29 c8 49 01 cf 48 01
[  354.562434][T13143] RSP: 0018:ffffc90024f1f638 EFLAGS: 00050246
[  354.564010][T13143] RAX: 0000000000000001 RBX: 0000000000000000 RCX: 0000000000000317
[  354.566107][T13143] RDX: ffffed100c95b3c6 RSI: ffff888064ad9b19 RDI: 0000000020002000
[  354.568179][T13143] RBP: ffffc90024f1fbc0 R08: 0000000000000000 R09: ffffed100c95b3c5
[  354.570270][T13143] R10: ffff888064ad9e2f R11: 0000000000000000 R12: 0000000000000cd7
[  354.572344][T13143] R13: ffff888064ad9159 R14: 0000000020001640 R15: 0000000000000cd7
[  354.574408][T13143]  ? _copy_to_iter+0x51e/0x1400
[  354.575698][T13143]  ? __pfx__copy_to_iter+0x10/0x10
[  354.577314][T13143]  ? __virt_addr_valid+0x1a4/0x590
[  354.578881][T13143]  ? __virt_addr_valid+0x5e/0x590
[  354.580190][T13143]  ? __phys_addr_symbol+0x30/0x80
[  354.581514][T13143]  ? __check_object_size+0x488/0x710
[  354.582899][T13143]  simple_copy_to_iter+0x4f/0x80
[  354.584205][T13143]  __skb_datagram_iter+0x122/0x8c0
[  354.585558][T13143]  ? __pfx_simple_copy_to_iter+0x10/0x10
[  354.587033][T13143]  ? skb_recv_datagram+0x89/0xc0
[  354.588330][T13143]  ? rcu_is_watching+0x12/0xc0
[  354.589590][T13143]  skb_copy_datagram_iter+0x40/0x50
[  354.590959][T13143]  netlink_recvmsg+0x299/0xf30
[  354.592220][T13143]  ? __pfx_netlink_recvmsg+0x10/0x10
[  354.593603][T13143]  ? aa_sk_perm+0x2f5/0xb20
[  354.594843][T13143]  ? __pfx_aa_sk_perm+0x10/0x10
[  354.596195][T13143]  ? find_held_lock+0x2d/0x110
[  354.597487][T13143]  sock_recvmsg+0x1f6/0x250
[  354.598692][T13143]  ____sys_recvmsg+0x219/0x6b0
[  354.599944][T13143]  ? __pfx_____sys_recvmsg+0x10/0x10
[  354.601341][T13143]  ? find_held_lock+0x2d/0x110
[  354.602597][T13143]  ___sys_recvmsg+0x115/0x1a0
[  354.603811][T13143]  ? __pfx____sys_recvmsg+0x10/0x10
[  354.605071][T13143]  ? lock_acquire+0x2f/0xb0
[  354.606146][T13143]  ? __fget_files+0x40/0x3f0
[  354.607303][T13143]  ? fdget+0x176/0x210
[  354.608392][T13143]  do_recvmmsg+0x51a/0x750
[  354.609561][T13143]  ? __pfx_do_recvmmsg+0x10/0x10
[  354.610849][T13143]  ? __pfx_lock_release+0x10/0x10
[  354.612242][T13143]  ? vfs_write+0x306/0x1150
[  354.613474][T13143]  ? __fget_files+0x244/0x3f0
[  354.614721][T13143]  __sys_recvmmsg+0x21e/0x280
[  354.615971][T13143]  ? __pfx___sys_recvmmsg+0x10/0x10
[  354.617341][T13143]  ? __pfx_ksys_write+0x10/0x10
[  354.618629][T13143]  __ia32_compat_sys_recvmmsg_time32+0xc4/0x160
[  354.620296][T13143]  ? lockdep_hardirqs_on+0x7c/0x110
[  354.621689][T13143]  ? syscall_enter_from_user_mode_prepare+0x68/0xe0
[  354.623439][T13143]  __do_fast_syscall_32+0x73/0x120
[  354.624720][T13143]  do_fast_syscall_32+0x32/0x80
[  354.625956][T13143]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  354.627612][T13143] RIP: 0023:0xf7fb3579
[  354.628695][T13143] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  354.633587][T13143] RSP: 002b:00000000f573655c EFLAGS: 00000296 ORIG_RAX: 0000000000000151
[  354.635639][T13143] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000000
[  354.637614][T13143] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000000000000000
[  354.639653][T13143] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  354.641718][T13143] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  354.643759][T13143] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  354.645814][T13143]  </TASK>
[  354.646720][    C2] vkms_vblank_simulate: vblank timer overrun
[  354.787665][T13157] input: syz0 as /devices/virtual/input/input32
[  354.870233][T13163] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2115'.
[  355.840170][   T64] usb 7-1: new full-speed USB device number 42 using dummy_hcd
[  355.975853][T13192] FAULT_INJECTION: forcing a failure.
[  355.975853][T13192] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  355.982807][T13192] CPU: 0 UID: 0 PID: 13192 Comm: syz.5.2122 Not tainted 6.12.0-rc7-syzkaller-00216-gf66d6acccbc0 #0
[  355.985616][T13192] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  355.988334][T13192] Call Trace:
[  355.989428][T13192]  <TASK>
[  355.990258][T13192]  dump_stack_lvl+0x16c/0x1f0
[  355.991853][T13192]  should_fail_ex+0x497/0x5b0
[  355.993464][T13192]  ? fs_reclaim_acquire+0xae/0x150
[  355.995200][T13192]  should_fail_alloc_page+0xe7/0x130
[  355.996991][T13192]  prepare_alloc_pages.constprop.0+0x16f/0x560
[  355.999075][T13192]  ? __pfx_mark_lock+0x10/0x10
[  356.000706][T13192]  ? mark_lock+0xb5/0xc60
[  356.002170][T13192]  __alloc_pages_noprof+0x190/0x25a0
[  356.003973][T13192]  ? __pfx_mark_lock+0x10/0x10
[  356.005712][T13192]  ? hlock_class+0x4e/0x130
[  356.007244][T13192]  ? __pfx_mark_lock+0x10/0x10
[  356.008838][T13192]  ? __pfx___alloc_pages_noprof+0x10/0x10
[  356.010771][T13192]  ? __pfx___lock_acquire+0x10/0x10
[  356.012754][T13192]  ? __pfx___lock_acquire+0x10/0x10
[  356.014631][T13192]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  356.016685][T13192]  ? policy_nodemask+0xea/0x4e0
[  356.017990][T13192]  alloc_pages_mpol_noprof+0x2c9/0x610
[  356.019425][T13192]  ? __pfx_alloc_pages_mpol_noprof+0x10/0x10
[  356.021079][T13192]  ? __pfx_lock_release+0x10/0x10
[  356.022422][T13192]  ? xas_load+0x49/0x5b0
[  356.023413][T13173] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  356.023551][T13192]  ? filemap_get_entry+0xd0/0x3c0
[  356.027911][T13192]  folio_alloc_noprof+0x1e/0xc0
[  356.029512][T13192]  filemap_alloc_folio_noprof+0x3b4/0x480
[  356.031136][T13192]  ? __pfx_filemap_get_entry+0x10/0x10
[  356.032633][T13192]  ? __pfx_filemap_alloc_folio_noprof+0x10/0x10
[  356.032693][   T64] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  356.034266][T13192]  __filemap_get_folio+0x539/0xaf0
[  356.036770][   T64] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 2
[  356.038130][T13192]  netfs_perform_write+0x48b/0x21a0
[  356.040464][   T64] usb 7-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[  356.041827][T13192]  ? __pfx_netfs_perform_write+0x10/0x10
[  356.041844][T13192]  ? __pfx_lock_release+0x10/0x10
[  356.044159][   T64] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  356.045648][T13192]  ? generic_update_time+0xcf/0xf0
[  356.047990][   T64] usb 7-1: config 0 descriptor??
[  356.049344][T13192]  ? mnt_put_write_access_file+0x45/0xf0
[  356.052450][   T64] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[  356.053564][T13192]  netfs_file_write_iter+0x432/0x4f0
[  356.055291][   T64] dvb-usb: bulk message failed: -22 (3/0)
[  356.056665][T13192]  v9fs_file_write_iter+0x9b/0x100
[  356.059625][T13192]  iter_file_splice_write+0x90f/0x10b0
[  356.061061][   T64] dvb-usb: will use the device's hardware PID filter (table count: 16).
[  356.061836][   T64] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[  356.063218][T13192]  ? __pfx_iter_file_splice_write+0x10/0x10
[  356.063242][T13192]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  356.063263][T13192]  ? __pfx_iter_file_splice_write+0x10/0x10
[  356.065232][   T64] usb 7-1: media controller created
[  356.066771][T13192]  direct_splice_actor+0x18f/0x6c0
[  356.068694][   T64] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  356.069817][T13192]  splice_direct_to_actor+0x346/0xa40
[  356.072929][   T64] dvb-usb: bulk message failed: -22 (6/0)
[  356.075691][T13192]  ? __pfx_direct_splice_actor+0x10/0x10
[  356.077282][   T64] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[  356.079271][T13192]  ? __pfx_splice_direct_to_actor+0x10/0x10
[  356.079301][T13192]  ? __fget_files+0x23a/0x3f0
[  356.085511][   T64] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.2/usb7/7-1/input/input33
[  356.086676][T13192]  do_splice_direct+0x178/0x250
[  356.090915][T13192]  ? __pfx_do_splice_direct+0x10/0x10
[  356.092623][T13192]  ? __pfx_direct_file_splice_eof+0x10/0x10
[  356.094129][T13192]  do_sendfile+0xb0c/0xe40
[  356.095256][T13192]  ? __pfx_do_sendfile+0x10/0x10
[  356.096536][T13192]  ? __fget_files+0x244/0x3f0
[  356.097917][T13192]  __ia32_compat_sys_sendfile+0x1e7/0x230
[  356.099673][T13192]  ? ksys_write+0x1ad/0x260
[  356.100898][T13192]  ? __pfx___ia32_compat_sys_sendfile+0x10/0x10
[  356.102494][T13192]  __do_fast_syscall_32+0x73/0x120
[  356.103767][T13192]  do_fast_syscall_32+0x32/0x80
[  356.105013][T13192]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  356.106541][T13192] RIP: 0023:0xf7f4f579
[  356.107577][T13192] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  356.112318][T13192] RSP: 002b:00000000f56d655c EFLAGS: 00000296 ORIG_RAX: 00000000000000bb
[  356.114414][T13192] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 0000000000000008
[  356.116393][T13192] RDX: 0000000000000000 RSI: 000000007ffff000 RDI: 0000000000000000
[  356.118380][T13192] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  356.120339][T13192] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  356.122339][T13192] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  356.124566][T13192]  </TASK>
[  356.128824][   T64] dvb-usb: schedule remote query interval to 150 msecs.
[  356.131311][   T64] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[  356.261672][   T64] usb 7-1: USB disconnect, device number 42
[  356.280003][   T64] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[  356.298647][T13198] binder: 13197:13198 ioctl c0306201 20000680 returned -14
[  356.320171][ T5995] usb 9-1: new high-speed USB device number 24 using dummy_hcd
[  356.474943][ T5966] Bluetooth: hci4: unexpected event for opcode 0x1005
[  356.490001][ T5995] usb 9-1: Using ep0 maxpacket: 16
[  356.492797][ T5995] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  356.495699][ T5995] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  356.498863][ T5995] usb 9-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  356.501756][ T5995] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  356.505142][ T5995] usb 9-1: config 0 descriptor??
[  356.508098][T13203] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[  356.511742][T13203] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  356.559802][T13205] [U] 
[  356.561026][T13205] [U] 
[  356.562353][T13205] [U] ŒB˜-lrj[éÍä†èÍÑœ6Š}ä%ü4ì¾	­¦h‚�ðû@k„ì-�Y•Le‹÷U¾Ÿ¡–ïÚÁ@‡Ÿf´¡§%Peze,™íŽ9F�Ë*à
[  356.566258][T13205] [U] Cw¯™ÇÇ* þ9JáQØ#eøësWðÁÔC±Ïv·1žâûÏ!è	�žGpœX
[  356.567963][T13205] [U] n%ì9ùÞÖC…_¹ánê…çBc‰…$�þô4þ(�²ž
[  356.569269][T13205] [U] hª qÄØ›tµ¦oâR‚I#ä±ëTNBs_R𬉡¾æ«°
:‰ø€–é¦t‘è¯Ëù0¿™’úÃëŒã�Wú™_[Hn%
[  356.573275][T13205] [U] ï £üÙÛ4‡RЛŸûŠ<)Ü6jG؃¬ÍKÉ^�R\
[  356.574724][T13205] [U] 7¼R:€j37Ø
[  356.575672][T13205] [U] yûPÜ<�Åô…Úu’“
H¦3æ°-î줄ø\PQbxÕ!q6ãüæSO'}­ï[ÉÛÀp5OÉ>€DÊÅöŽyÞj>|h0=öô·TžXÈòZôY֦ʢ
Äš4ª‡iç¢À5Azëñ~Zaâ~ýký^�tGžsÍJ‹I:Á¶¬Ž¥OD!M2KÃW§¬R>æˆî—KC?x…8 ¥HçÒ*©@QeÛ»úu	½à.j9�È“~´{—Á`²íÃ'r)Ó-àǬŸî=5­ÝÖ�JLy éCÄBˆØ;+LP�°,fØn‡‚ÁáYî%ß3†p¨Èõ&Ç)­Ó][œÈ‹4ãl»ã¶£„!’J�>	ÔÎ
[  356.586672][T13205] [U] ø.â”Cšö¯·ÏeJÓj
û@œK’Já605RxUÑTTµO‹&�XðOº�ö•§\®‹&…¬°¡ÙN
%y‹‘ÁÐ17ß6`¬ìI‚w
[  356.589111][T13205] [U] ïøÇM<@nºùkJ(ÝÂ6)ô)îVÌÕlr¢
[  356.591171][T13205] [U] >YgÐ¤zª?Œ¹`–O­mÉXø�ó‡ø"Á¨¹š·¢9+¼¾dEÝá¹{“åŒ$~bÜyDšUMe«!xìÝ›A¹£AUÇ}j„¿â£2n%mbËqÑÉä
[  356.594349][T13205] [U] ÞWV×ïÙw‹@HZ�=¦(ƒ„Eˆ‡jÉ~èOS@žëbÈHª:"®ÃÁ‡!ƒjIÖäUJ=á¥)îŽU¤Å	g×ØÐÚÔ–=y=ÊkÊadËÎ
r†¨¹¹á:=ÉSöÙ—�aX¾¢ÛX
[  356.597728][T13205] [U] BIþ™eß„}¼ETø@±3ì(Ü ß¥¨�v¤žàÐ{™Îº©’~ðuk+Þ{3T˜Ú$Æ».ÃN[8s‹Ê‡šº""ÒÊ”캄]RÏGý5
[  356.600322][T13205] [U] v²{Õ¨ÓvNb>Dm«·t•¨�Qâtà
ÃìÚÀ
[  356.601647][T13205] [U] Gá*|ó9ÙºŸå†¸
[  356.602616][T13205] [U] G´ÆmiuÔe!þõT
ÏŒ*ÿ�…8a7i5‚-|¤Ï6lk
[  356.604071][T13205] [U] NÅ«—Dª²ë	ÂÌS}R�½bãåYºw<»âêèC‚ ÓæÐH°\ÓfÍÈd.›ã÷®˜FŒPk¸ï‹,ªÎ‚C—úœ.Â;
¤êeyºÝK÷æ]z>‘úIãÁ�óoQ&
O«’�¼”½,pùÖ]–,7í›�§uúÑÝI­­Â
[  356.607662][T13205] [U] àû	$äL÷u2êßf_3•+|nWÕµZÓEç—ÒP1w~·ö�N‹(§oÍ�±¸8òdï	£SÆùcDÊ®fÂ��65özÜgãR“þ°Ú{ÁÒÕt“·èK£"@£æÐÔè:á5}GÝB—©dѸ¦ƒ\k”
[  356.610777][T13208] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  356.611158][T13205] [U] èÐù‡yó…ÒŸ8î4Œ4n<;
[  356.614307][T13205] [U] ã�Ôu†IŽ7x#e¤4vml‚ô苬œšGí””A³©)-‡Ìì(¿NÌ—N–¢èöl#Ã)׌Su�É6�
[  356.615440][T13208] batadv_slave_0: entered promiscuous mode
[  356.616341][T13205] [U] )Æ<�èE?êa­¤Uܤ—9ë†%]²ÔdCCŽe+L<'t�¬1Â�KÈ…œ·3åü.é»Á€êæwS¨éÐÀ×ÐZY­Ï¼9i>ÌÒñØ
]þÈœ}{”
/`ìüß5'ùE–	41ÿTnAXÿ¿ê¯çï­Q�Ìã«I tÒ%ÒGð7l~·BÝs
[  356.616376][T13205] [U] £í¢ÄÅ¢
[  356.616404][T13205] [U] ZÓ‘uýäªÕ4¬©&ë™ãe~Ý8Eáσ1´¥l{ȨGv‰Y$Pn�O4MËèÓ*Fó`ÂÎA€‰T×ÙM0?*i›#;ÁѤ+4v
’¹ûGa
Øý¬æ%H»·[›a�Yx)lG]F ‚ÏHÂ|þzv²e­/ëϧ1ò7笳-ǽÈíhœO+¯…^è)8™&E£@A8gë…Œ-èwr»�sãü-v–-Ò±ÌO>æå�q�œÄ#9¨ua„H«)f²þ½´œžSAÖ™³iÜn¼šz@¯C—¶º>k³L–VD^1é)§m$/ÜÅð„78..„»q�¢ýa¸|Ÿöè¦)�9ò">d>eÃó#i�¬`\Û|{óuâfh.. œeMÍw}]5ÖÃ-,Å¢rk}ÏFÆõq¬à·C×o*ÄpÀ¹›á¦âN�F¶ê
[  356.635250][T13205] [U] „§“´
[  356.636111][T13205] [U] T¦0Ô�—*Ãõ°�
öXAøØÊËÉ£¥a4W…K¦¼¯¼c]x¢‹ŒË]êLû÷æ=ÿ
[  356.637842][T13205] [U] ú$c
UGSˆeô²6ÖôÝì÷ýà„¹t¼Ï„Ppë’Z3T2è�£‚”9W-«†Ö‘ì™ÅaR�­�ý»nB�ÚŽ�
²²:^x�öϧ·œB÷Á°Ñöì²~þ{jòÅ
[  356.640619][T13205] [U] íõTì·EÀÊ' 2‚­Äl*áaª¢-³;p;BtØÖ.¸n¦`ß�_ó®î;®ò*·U;°á5C#R/˜ÆQ¸Kú*m¡„ïs�aàšùî#)a‰Bš–>¾YØ�‹O\;^°ˆ'Ýÿo�5_�y¬hŠñÄãl
÷ceŽŒ&a‚`;ÂœÖô¸ð•Ùsœ�s¤–æ‡{Ÿh¡Þ óTM�0ǸµÀBi^lýå>à�ô8ÝÙ¢VV8<ô¶-²{$>°D	œ‚øã½]åw¶�–›uŒšÔ0?k¬˼ú¹Ž[uIrb_iLú/eSßÿi*ŸwÖsî*ãzSàôÀÍŽÑ’‹¿
[  356.647502][T13205] [U] 
[  356.665742][T13204] [U] 
[  356.687648][T13213] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2129'.
[  357.265147][T13220] netlink: 'syz.4.2123': attribute type 4 has an invalid length.
[  357.280134][T13220] netlink: 'syz.4.2123': attribute type 4 has an invalid length.
[  357.287690][T13220] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  357.292323][T13220] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  357.894349][T13041] bond0: (slave syz_tun): Releasing backup interface
[  358.151540][ T5312] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  358.156217][ T5312] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  358.160289][ T5312] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  358.166897][ T5312] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  358.170282][ T5312] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  358.173005][ T5312] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  358.239781][T13236] ip_vti0 speed is unknown, defaulting to 1000
[  358.328126][T13236] chnl_net:caif_netlink_parms(): no params data found
[  358.396328][T13236] bridge0: port 1(bridge_slave_0) entered blocking state
[  358.398311][T13236] bridge0: port 1(bridge_slave_0) entered disabled state
[  358.400727][T13236] bridge_slave_0: entered allmulticast mode
[  358.402877][T13236] bridge_slave_0: entered promiscuous mode
[  358.405635][T13236] bridge0: port 2(bridge_slave_1) entered blocking state
[  358.407629][T13236] bridge0: port 2(bridge_slave_1) entered disabled state
[  358.407805][T13227] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  358.409612][T13236] bridge_slave_1: entered allmulticast mode
[  358.414815][T13236] bridge_slave_1: entered promiscuous mode
[  358.436683][T13236] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  358.440618][T13236] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  358.465972][T13236] team0: Port device team_slave_0 added
[  358.469313][T13236] team0: Port device team_slave_1 added
[  358.489455][T13236] batman_adv: batadv0: Adding interface: batadv_slave_0
[  358.491357][T13236] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  358.497744][T13236] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  358.503914][T13236] batman_adv: batadv0: Adding interface: batadv_slave_1
[  358.505620][T13236] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  358.512526][T13236] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  358.539525][T13236] hsr_slave_0: entered promiscuous mode
[  358.542728][T13236] hsr_slave_1: entered promiscuous mode
[  358.544680][T13236] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  358.546639][T13236] Cannot create hsr debugfs directory
[  358.620955][T13236] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  358.624379][T13236] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  358.627929][T13236] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  358.631771][T13236] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  358.642551][T13236] bridge0: port 2(bridge_slave_1) entered blocking state
[  358.644478][T13236] bridge0: port 2(bridge_slave_1) entered forwarding state
[  358.646351][T13236] bridge0: port 1(bridge_slave_0) entered blocking state
[  358.648095][T13236] bridge0: port 1(bridge_slave_0) entered forwarding state
[  358.676209][T13236] 8021q: adding VLAN 0 to HW filter on device bond0
[  358.686056][ T1128] bridge0: port 1(bridge_slave_0) entered disabled state
[  358.689405][ T1128] bridge0: port 2(bridge_slave_1) entered disabled state
[  358.704690][T13236] 8021q: adding VLAN 0 to HW filter on device team0
[  358.711455][   T74] bridge0: port 1(bridge_slave_0) entered blocking state
[  358.713375][   T74] bridge0: port 1(bridge_slave_0) entered forwarding state
[  358.718470][ T1133] bridge0: port 2(bridge_slave_1) entered blocking state
[  358.720434][ T1133] bridge0: port 2(bridge_slave_1) entered forwarding state
[  358.819088][T13236] 8021q: adding VLAN 0 to HW filter on device batadv0
[  358.928433][T13236] veth0_vlan: entered promiscuous mode
[  358.933223][T13236] veth1_vlan: entered promiscuous mode
[  358.962245][T13236] veth0_macvtap: entered promiscuous mode
[  358.966000][T13236] veth1_macvtap: entered promiscuous mode
[  358.973091][T13236] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  358.976449][T13236] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  358.979144][T13236] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  358.982973][T13236] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  358.985443][T13236] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  358.987983][T13236] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  358.992133][T13236] batman_adv: batadv0: Interface activated: batadv_slave_0
[  358.997035][T13236] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  358.999547][T13236] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  359.002734][T13236] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  359.005466][T13236] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  359.007903][T13236] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  359.010623][T13236] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  359.013050][T13236] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  359.015600][T13236] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  359.018736][T13236] batman_adv: batadv0: Interface activated: batadv_slave_1
[  359.022749][T13236] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  359.024894][T13236] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  359.027022][T13236] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  359.029168][T13236] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  359.080393][ T1128] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  359.086272][ T1128] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  359.096861][   T74] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  359.099630][   T74] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  359.115041][ T5995] usbhid 9-1:0.0: can't add hid device: -71
[  359.116703][ T5995] usbhid 9-1:0.0: probe with driver usbhid failed with error -71
[  359.119605][ T5995] usb 9-1: USB disconnect, device number 24
[  359.309464][T13269] FAULT_INJECTION: forcing a failure.
[  359.309464][T13269] name failslab, interval 1, probability 0, space 0, times 0
[  359.312974][T13269] CPU: 2 UID: 0 PID: 13269 Comm: syz.6.2141 Not tainted 6.12.0-rc7-syzkaller-00216-gf66d6acccbc0 #0
[  359.315939][T13269] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  359.319771][T13269] Call Trace:
[  359.321007][T13269]  <TASK>
[  359.322071][T13269]  dump_stack_lvl+0x16c/0x1f0
[  359.323765][T13269]  should_fail_ex+0x497/0x5b0
[  359.325412][T13269]  ? fs_reclaim_acquire+0xae/0x150
[  359.327221][T13269]  should_failslab+0xc2/0x120
[  359.328943][T13269]  kmem_cache_alloc_node_noprof+0x71/0x310
[  359.330828][T13269]  ? __alloc_skb+0x2b3/0x380
[  359.332412][T13269]  __alloc_skb+0x2b3/0x380
[  359.333828][T13269]  ? __pfx___alloc_skb+0x10/0x10
[  359.335066][T13269]  ? genl_rcv_msg+0x4bd/0x800
[  359.336290][T13269]  netlink_ack+0x164/0xb20
[  359.337437][T13269]  netlink_rcv_skb+0x327/0x410
[  359.338901][T13269]  ? __pfx_genl_rcv_msg+0x10/0x10
[  359.340612][T13269]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  359.342171][T13269]  ? down_read+0xc9/0x330
[  359.343221][T13269]  ? __pfx_down_read+0x10/0x10
[  359.344426][T13269]  ? netlink_deliver_tap+0x1ae/0xcf0
[  359.346014][T13269]  genl_rcv+0x28/0x40
[  359.347474][T13269]  netlink_unicast+0x53c/0x7f0
[  359.349175][T13269]  ? __pfx_netlink_unicast+0x10/0x10
[  359.350950][T13269]  ? __phys_addr_symbol+0x30/0x80
[  359.352611][T13269]  ? __check_object_size+0x488/0x710
[  359.354334][T13269]  netlink_sendmsg+0x8b8/0xd70
[  359.355971][T13269]  ? __pfx_netlink_sendmsg+0x10/0x10
[  359.357801][T13269]  ____sys_sendmsg+0x9ae/0xb40
[  359.359483][T13269]  ? __pfx_____sys_sendmsg+0x10/0x10
[  359.360812][T13269]  ? get_compat_msghdr+0x11b/0x170
[  359.362097][T13269]  ? __pfx___lock_acquire+0x10/0x10
[  359.363757][T13269]  ___sys_sendmsg+0x135/0x1e0
[  359.365376][T13269]  ? __pfx____sys_sendmsg+0x10/0x10
[  359.367129][T13269]  ? lock_acquire+0x2f/0xb0
[  359.368716][T13269]  ? __fget_files+0x40/0x3f0
[  359.370293][T13269]  ? fdget+0x176/0x210
[  359.371655][T13269]  __sys_sendmsg+0x117/0x1f0
[  359.373239][T13269]  ? __pfx___sys_sendmsg+0x10/0x10
[  359.374973][T13269]  ? __fget_files+0x244/0x3f0
[  359.376477][T13269]  __do_fast_syscall_32+0x73/0x120
[  359.377743][T13269]  do_fast_syscall_32+0x32/0x80
[  359.378947][T13269]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  359.380538][T13269] RIP: 0023:0xf7f13579
[  359.381532][T13269] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  359.386547][T13269] RSP: 002b:00000000f567555c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  359.388824][T13269] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020000200
[  359.391171][T13269] RDX: 0000000000004000 RSI: 0000000000000000 RDI: 0000000000000000
[  359.393554][T13269] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  359.395643][T13269] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  359.398212][T13269] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  359.400970][T13269]  </TASK>
[  360.200191][ T5966] Bluetooth: hci1: command tx timeout
[  360.596592][T13286] FAULT_INJECTION: forcing a failure.
[  360.596592][T13286] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  360.601008][T13286] CPU: 3 UID: 0 PID: 13286 Comm: syz.5.2146 Not tainted 6.12.0-rc7-syzkaller-00216-gf66d6acccbc0 #0
[  360.603816][T13286] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  360.606637][T13286] Call Trace:
[  360.607515][T13286]  <TASK>
[  360.608328][T13286]  dump_stack_lvl+0x16c/0x1f0
[  360.609581][T13286]  should_fail_ex+0x497/0x5b0
[  360.610866][T13286]  ? fs_reclaim_acquire+0xae/0x150
[  360.612535][T13286]  should_fail_alloc_page+0xe7/0x130
[  360.614571][T13286]  prepare_alloc_pages.constprop.0+0x16f/0x560
[  360.616823][T13286]  ? __pfx_mark_lock+0x10/0x10
[  360.618602][T13286]  ? hlock_class+0x4e/0x130
[  360.620248][T13286]  __alloc_pages_noprof+0x190/0x25a0
[  360.621644][T13286]  ? hlock_class+0x4e/0x130
[  360.622831][T13286]  ? __lock_acquire+0xbdd/0x3ce0
[  360.624133][T13286]  ? hlock_class+0x4e/0x130
[  360.625361][T13286]  ? mark_lock+0xb5/0xc60
[  360.626506][T13286]  ? __pfx___alloc_pages_noprof+0x10/0x10
[  360.628200][T13286]  ? __pfx_mark_lock+0x10/0x10
[  360.629483][T13286]  ? __pfx___lock_acquire+0x10/0x10
[  360.630883][T13286]  ? hlock_class+0x4e/0x130
[  360.632057][T13286]  ? mark_lock+0xb5/0xc60
[  360.633215][T13286]  ? lock_acquire.part.0+0x11b/0x380
[  360.634596][T13286]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  360.636202][T13286]  ? policy_nodemask+0xea/0x4e0
[  360.637503][T13286]  alloc_pages_mpol_noprof+0x2c9/0x610
[  360.638934][T13286]  ? __pfx_alloc_pages_mpol_noprof+0x10/0x10
[  360.640708][T13286]  ? find_held_lock+0x2d/0x110
[  360.642053][T13286]  folio_alloc_mpol_noprof+0x36/0xd0
[  360.643453][T13286]  vma_alloc_folio_noprof+0xee/0x1b0
[  360.644850][T13286]  ? __pfx_vma_alloc_folio_noprof+0x10/0x10
[  360.646693][T13286]  ? __pfx___lock_acquire+0x10/0x10
[  360.648051][T13286]  do_wp_page+0x2012/0x4930
[  360.649279][T13286]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  360.651031][T13286]  ? __pfx_do_wp_page+0x10/0x10
[  360.652541][T13286]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  360.653942][T13286]  ? lock_acquire+0x2f/0xb0
[  360.655141][T13286]  ? __handle_mm_fault+0xdcd/0x2a10
[  360.656562][T13286]  __handle_mm_fault+0x1a93/0x2a10
[  360.657908][T13286]  ? __pfx___handle_mm_fault+0x10/0x10
[  360.659339][T13286]  ? __pfx_lock_release+0x10/0x10
[  360.660844][T13286]  ? vm_normal_page+0x13c/0x2b0
[  360.662352][T13286]  ? follow_page_pte+0x50d/0x1eb0
[  360.663900][T13286]  handle_mm_fault+0x3fa/0xaa0
[  360.665398][T13286]  __get_user_pages+0x8d9/0x3b50
[  360.666943][T13286]  ? __pfx___get_user_pages+0x10/0x10
[  360.668601][T13286]  ? down_read_killable+0xcc/0x380
[  360.670185][T13286]  ? __pfx_down_read_killable+0x10/0x10
[  360.671969][T13286]  ? mark_lock+0xb5/0xc60
[  360.673322][T13286]  ? find_held_lock+0x2d/0x110
[  360.674843][T13286]  __gup_longterm_locked+0x211/0x1870
[  360.676523][T13286]  ? __pfx_lock_release+0x10/0x10
[  360.678084][T13286]  ? __pfx___gup_longterm_locked+0x10/0x10
[  360.679735][T13286]  ? gup_fast_fallback+0x84c/0x2690
[  360.681371][T13286]  ? __pfx_lock_release+0x10/0x10
[  360.682932][T13286]  ? const_folio_flags.constprop.0+0x56/0x150
[  360.684801][T13286]  ? sanity_check_pinned_pages+0x385/0x11c0
[  360.686616][T13286]  gup_fast_fallback+0x1802/0x2690
[  360.688199][T13286]  ? __pfx_gup_fast_fallback+0x10/0x10
[  360.689881][T13286]  ? hlock_class+0x4e/0x130
[  360.691282][T13286]  ? mark_lock+0xb5/0xc60
[  360.692645][T13286]  pin_user_pages_fast+0xa8/0x100
[  360.694192][T13286]  ? __pfx_pin_user_pages_fast+0x10/0x10
[  360.695917][T13286]  ? register_lock_class+0xb1/0x1240
[  360.697560][T13286]  ? register_lock_class+0xb1/0x1240
[  360.699214][T13286]  iov_iter_extract_pages+0x397/0x1f30
[  360.700918][T13286]  ? hlock_class+0x4e/0x130
[  360.702323][T13286]  ? __lock_acquire+0x163e/0x3ce0
[  360.703899][T13286]  ? __pfx_iov_iter_extract_pages+0x10/0x10
[  360.705730][T13286]  extract_iter_to_sg+0xf74/0x20b0
[  360.707317][T13286]  ? __pfx_mark_lock+0x10/0x10
[  360.708805][T13286]  ? lock_acquire.part.0+0x11b/0x380
[  360.710455][T13286]  ? __pfx_extract_iter_to_sg+0x10/0x10
[  360.712070][T13286]  ? hash_sendmsg+0xb7/0x1180
[  360.713524][T13286]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  360.715164][T13286]  ? mark_held_locks+0x9f/0xe0
[  360.716649][T13286]  ? hash_sendmsg+0xb7/0x1180
[  360.718109][T13286]  ? __local_bh_enable_ip+0xa4/0x120
[  360.719713][T13286]  hash_sendmsg+0x43b/0x1180
[  360.721157][T13286]  ____sys_sendmsg+0x9ae/0xb40
[  360.722627][T13286]  ? __pfx_____sys_sendmsg+0x10/0x10
[  360.724248][T13286]  ? get_compat_msghdr+0x11b/0x170
[  360.725837][T13286]  ? __pfx___lock_acquire+0x10/0x10
[  360.727439][T13286]  ___sys_sendmsg+0x135/0x1e0
[  360.728904][T13286]  ? __pfx____sys_sendmsg+0x10/0x10
[  360.730556][T13286]  ? lock_acquire+0x2f/0xb0
[  360.732087][T13286]  ? __fget_files+0x40/0x3f0
[  360.733532][T13286]  ? fdget+0x176/0x210
[  360.734789][T13286]  __sys_sendmsg+0x117/0x1f0
[  360.736212][T13286]  ? __pfx___sys_sendmsg+0x10/0x10
[  360.737784][T13286]  ? __fget_files+0x244/0x3f0
[  360.739263][T13286]  __do_fast_syscall_32+0x73/0x120
[  360.740849][T13286]  do_fast_syscall_32+0x32/0x80
[  360.742377][T13286]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  360.744304][T13286] RIP: 0023:0xf7f4f579
[  360.745577][T13286] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  360.751509][T13286] RSP: 002b:00000000f56d655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  360.754063][T13286] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020013a40
[  360.756456][T13286] RDX: 0000000001000000 RSI: 0000000000000000 RDI: 0000000000000000
[  360.758709][T13286] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  360.761093][T13286] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  360.763184][T13286] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  360.765326][T13286]  </TASK>
[  361.050115][   T73] usb 10-1: new high-speed USB device number 5 using dummy_hcd
[  361.180130][ T5995] usb 11-1: new high-speed USB device number 2 using dummy_hcd
[  361.210064][   T73] usb 10-1: Using ep0 maxpacket: 16
[  361.213027][   T73] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  361.216058][   T73] usb 10-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  361.219359][   T73] usb 10-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  361.221759][   T73] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  361.224918][   T73] usb 10-1: config 0 descriptor??
[  361.282730][   T39] kauditd_printk_skb: 48 callbacks suppressed
[  361.282745][   T39] audit: type=1326 audit(1731911231.445:4974): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13297 comm="syz.2.2150" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f53579 code=0x0
[  361.340051][ T5995] usb 11-1: Using ep0 maxpacket: 8
[  361.343216][ T5995] usb 11-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  361.346010][ T5995] usb 11-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  361.348470][ T5995] usb 11-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 38243, setting to 1024
[  361.351277][ T5995] usb 11-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024
[  361.354024][ T5995] usb 11-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  361.357796][ T5995] usb 11-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  361.360386][ T5995] usb 11-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  361.389577][T13305] tipc: Invalid UDP bearer configuration
[  361.389596][T13305] tipc: Enabling of bearer <udp:syz1> rejected, failed to enable media
[  361.396397][T13305] netlink: 256 bytes leftover after parsing attributes in process `syz.2.2150'.
[  361.573221][ T5995] usb 11-1: GET_CAPABILITIES returned 0
[  361.574864][ T5995] usbtmc 11-1:16.0: can't read capabilities
[  361.986684][T13310] netlink: 'syz.5.2147': attribute type 4 has an invalid length.
[  361.993609][T13310] netlink: 'syz.5.2147': attribute type 4 has an invalid length.
[  361.999570][T13310] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  362.003048][T13310] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  362.167090][T13314] FAULT_INJECTION: forcing a failure.
[  362.167090][T13314] name failslab, interval 1, probability 0, space 0, times 0
[  362.171023][T13314] CPU: 2 UID: 0 PID: 13314 Comm: syz.2.2155 Not tainted 6.12.0-rc7-syzkaller-00216-gf66d6acccbc0 #0
[  362.173819][T13314] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  362.176606][T13314] Call Trace:
[  362.177488][T13314]  <TASK>
[  362.178285][T13314]  dump_stack_lvl+0x16c/0x1f0
[  362.179549][T13314]  should_fail_ex+0x497/0x5b0
[  362.180807][T13314]  ? fs_reclaim_acquire+0xae/0x150
[  362.182149][T13314]  should_failslab+0xc2/0x120
[  362.183385][T13314]  kmem_cache_alloc_node_noprof+0x71/0x310
[  362.184888][T13314]  ? __alloc_skb+0x2b3/0x380
[  362.186066][T13314]  __alloc_skb+0x2b3/0x380
[  362.187234][T13314]  ? __pfx___alloc_skb+0x10/0x10
[  362.188534][T13314]  ? genl_rcv_msg+0x4bd/0x800
[  362.189765][T13314]  netlink_ack+0x164/0xb20
[  362.190955][T13314]  netlink_rcv_skb+0x327/0x410
[  362.192218][T13314]  ? __pfx_genl_rcv_msg+0x10/0x10
[  362.193545][T13314]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  362.194922][T13314]  ? down_read+0xc9/0x330
[  362.196057][T13314]  ? __pfx_down_read+0x10/0x10
[  362.197314][T13314]  ? netlink_deliver_tap+0x1ae/0xcf0
[  362.198708][T13314]  genl_rcv+0x28/0x40
[  362.199761][T13314]  netlink_unicast+0x53c/0x7f0
[  362.201018][T13314]  ? __pfx_netlink_unicast+0x10/0x10
[  362.202386][T13314]  ? __phys_addr_symbol+0x30/0x80
[  362.203689][T13314]  ? __check_object_size+0x488/0x710
[  362.205053][T13314]  netlink_sendmsg+0x8b8/0xd70
[  362.206288][T13314]  ? __pfx_netlink_sendmsg+0x10/0x10
[  362.207656][T13314]  ____sys_sendmsg+0x9ae/0xb40
[  362.208908][T13314]  ? __pfx_____sys_sendmsg+0x10/0x10
[  362.210239][T13314]  ? get_compat_msghdr+0x11b/0x170
[  362.211749][T13314]  ? __pfx___lock_acquire+0x10/0x10
[  362.213119][T13314]  ___sys_sendmsg+0x135/0x1e0
[  362.214345][T13314]  ? __pfx____sys_sendmsg+0x10/0x10
[  362.215700][T13314]  ? lock_acquire+0x2f/0xb0
[  362.216868][T13314]  ? __fget_files+0x40/0x3f0
[  362.218055][T13314]  ? fdget+0x176/0x210
[  362.219103][T13314]  __sys_sendmsg+0x117/0x1f0
[  362.220311][T13314]  ? __pfx___sys_sendmsg+0x10/0x10
[  362.221639][T13314]  ? __fget_files+0x244/0x3f0
[  362.222812][T13314]  __do_fast_syscall_32+0x73/0x120
[  362.224082][T13314]  do_fast_syscall_32+0x32/0x80
[  362.225279][T13314]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  362.226805][T13314] RIP: 0023:0xf7f53579
[  362.227847][T13314] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  362.232634][T13314] RSP: 002b:00000000f56d655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  362.234630][T13314] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000080
[  362.236503][T13314] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  362.238419][T13314] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  362.240411][T13314] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  362.242810][T13314] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  362.245355][T13314]  </TASK>
[  362.280189][ T5966] Bluetooth: hci1: command tx timeout
[  363.570061][T13331] nbd4: detected capacity change from 0 to 20
[  363.574980][ T9895] block nbd4: Send control failed (result -89)
[  363.577521][ T9895] block nbd4: Request send failed, requeueing
[  363.583009][ T5966] block nbd4: Receive control failed (result -32)
[  363.585297][   T56] block nbd4: Dead connection, failed to find a fallback
[  363.588195][   T56] block nbd4: shutting down sockets
[  363.590713][   T56] blk_print_req_error: 24 callbacks suppressed
[  363.590722][   T56] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  363.594766][   T56] buffer_io_error: 23 callbacks suppressed
[  363.594774][   T56] Buffer I/O error on dev nbd4, logical block 0, async page read
[  363.598591][ T9895] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  363.600834][ T9895] Buffer I/O error on dev nbd4, logical block 0, async page read
[  363.602984][ T9895] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  363.605327][ T9895] Buffer I/O error on dev nbd4, logical block 0, async page read
[  363.607403][ T9895] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  363.610457][ T9895] Buffer I/O error on dev nbd4, logical block 0, async page read
[  363.613339][ T9895] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  363.616513][ T9895] Buffer I/O error on dev nbd4, logical block 0, async page read
[  363.618581][ T9895] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  363.621083][ T9895] Buffer I/O error on dev nbd4, logical block 0, async page read
[  363.623095][ T9895] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  363.625403][ T9895] Buffer I/O error on dev nbd4, logical block 0, async page read
[  363.627390][ T9895] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  363.630442][ T9895] Buffer I/O error on dev nbd4, logical block 0, async page read
[  363.632696][ T9895] ldm_validate_partition_table(): Disk read failed.
[  363.634607][ T9895] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  363.637249][ T9895] Buffer I/O error on dev nbd4, logical block 0, async page read
[  363.639627][ T9895] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  363.642951][ T9895] Buffer I/O error on dev nbd4, logical block 0, async page read
[  363.645916][ T9895] Dev nbd4: unable to read RDB block 0
[  363.648046][ T9895]  nbd4: unable to read partition table
[  363.650240][ T9895] nbd4: partition table beyond EOD, truncated
[  363.654854][ T9895] ldm_validate_partition_table(): Disk read failed.
[  363.656729][ T9895] Dev nbd4: unable to read RDB block 0
[  363.658345][ T9895]  nbd4: unable to read partition table
[  363.660381][ T9895] nbd4: partition table beyond EOD, truncated
[  363.810271][   T73] usbhid 10-1:0.0: can't add hid device: -71
[  363.814876][   T73] usbhid 10-1:0.0: probe with driver usbhid failed with error -71
[  363.820794][   T73] usb 10-1: USB disconnect, device number 5
[  363.861376][   T25] usb 11-1: USB disconnect, device number 2
[  363.929075][T13337] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2161'.
[  364.301759][T13345] netlink: 48 bytes leftover after parsing attributes in process `syz.4.2163'.
[  364.360114][ T5312] Bluetooth: hci1: command tx timeout
[  364.485837][T13354] bridge0: port 2(bridge_slave_1) entered disabled state
[  364.489162][T13354] bridge0: port 1(bridge_slave_0) entered disabled state
[  364.584681][T13357] netdevsim netdevsim6: Firmware load for '../file0' refused, path contains '..' component
[  364.618840][T13359] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2168'.
[  364.679267][T13363] FAULT_INJECTION: forcing a failure.
[  364.679267][T13363] name failslab, interval 1, probability 0, space 0, times 0
[  364.684026][T13363] CPU: 2 UID: 0 PID: 13363 Comm: syz.2.2170 Not tainted 6.12.0-rc7-syzkaller-00216-gf66d6acccbc0 #0
[  364.686834][T13363] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  364.689593][T13363] Call Trace:
[  364.690481][T13363]  <TASK>
[  364.691625][T13363]  dump_stack_lvl+0x16c/0x1f0
[  364.692910][T13363]  should_fail_ex+0x497/0x5b0
[  364.694114][T13363]  ? fs_reclaim_acquire+0xae/0x150
[  364.695419][T13363]  should_failslab+0xc2/0x120
[  364.696718][T13363]  __kmalloc_cache_noprof+0x6b/0x310
[  364.698206][T13363]  ? nf_tables_newtable+0xd79/0x1b80
[  364.699554][T13363]  nf_tables_newtable+0xd79/0x1b80
[  364.701130][T13363]  ? net_generic+0xea/0x2a0
[  364.702785][T13363]  ? __pfx_nf_tables_newtable+0x10/0x10
[  364.704739][T13363]  ? trace_lock_acquire+0x14a/0x1d0
[  364.706090][T13363]  ? __nla_parse+0x40/0x60
[  364.707249][T13363]  nfnetlink_rcv_batch+0x1a28/0x24e0
[  364.708651][T13363]  ? __pfx_nfnetlink_rcv_batch+0x10/0x10
[  364.710107][T13363]  ? __pfx_lock_release+0x10/0x10
[  364.711453][T13363]  ? __local_bh_enable_ip+0xa4/0x120
[  364.712839][T13363]  ? lockdep_hardirqs_on+0x7c/0x110
[  364.714181][T13363]  ? __pfx___dev_queue_xmit+0x10/0x10
[  364.715577][T13363]  ? __nla_parse+0x40/0x60
[  364.716741][T13363]  nfnetlink_rcv+0x3c3/0x430
[  364.717945][T13363]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  364.719310][T13363]  netlink_unicast+0x53c/0x7f0
[  364.720666][T13363]  ? __pfx_netlink_unicast+0x10/0x10
[  364.722580][T13363]  ? __phys_addr_symbol+0x30/0x80
[  364.724225][T13363]  ? __check_object_size+0x488/0x710
[  364.725614][T13363]  netlink_sendmsg+0x8b8/0xd70
[  364.726867][T13363]  ? __pfx_netlink_sendmsg+0x10/0x10
[  364.728242][T13363]  ____sys_sendmsg+0x9ae/0xb40
[  364.729717][T13363]  ? __pfx_____sys_sendmsg+0x10/0x10
[  364.731122][T13363]  ? get_compat_msghdr+0x11b/0x170
[  364.732469][T13363]  ? __pfx___lock_acquire+0x10/0x10
[  364.733840][T13363]  ___sys_sendmsg+0x135/0x1e0
[  364.735094][T13363]  ? __pfx____sys_sendmsg+0x10/0x10
[  364.736470][T13363]  ? lock_acquire+0x2f/0xb0
[  364.737657][T13363]  ? __fget_files+0x40/0x3f0
[  364.738885][T13363]  ? fdget+0x176/0x210
[  364.739948][T13363]  __sys_sendmsg+0x117/0x1f0
[  364.741213][T13363]  ? __pfx___sys_sendmsg+0x10/0x10
[  364.742885][T13363]  ? __fget_files+0x244/0x3f0
[  364.744323][T13363]  __do_fast_syscall_32+0x73/0x120
[  364.745728][T13363]  do_fast_syscall_32+0x32/0x80
[  364.746914][T13363]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  364.748501][T13363] RIP: 0023:0xf7f53579
[  364.749585][T13363] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  364.755248][T13363] RSP: 002b:00000000f56d655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  364.757424][T13363] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000200000c0
[  364.759430][T13363] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  364.761390][T13363] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  364.763306][T13363] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  364.765360][T13363] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  364.767383][T13363]  </TASK>
[  364.935332][T13375] 9pnet_fd: Insufficient options for proto=fd
[  365.314229][T13388] FAULT_INJECTION: forcing a failure.
[  365.314229][T13388] name failslab, interval 1, probability 0, space 0, times 0
[  365.317696][T13388] CPU: 1 UID: 0 PID: 13388 Comm: syz.5.2177 Not tainted 6.12.0-rc7-syzkaller-00216-gf66d6acccbc0 #0
[  365.320985][T13388] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  365.324354][T13388] Call Trace:
[  365.325283][T13388]  <TASK>
[  365.326051][T13388]  dump_stack_lvl+0x16c/0x1f0
[  365.327292][T13388]  should_fail_ex+0x497/0x5b0
[  365.328545][T13388]  ? fs_reclaim_acquire+0xae/0x150
[  365.329913][T13388]  should_failslab+0xc2/0x120
[  365.331158][T13388]  __kmalloc_node_noprof+0xd1/0x440
[  365.332533][T13388]  ? alloc_slab_obj_exts+0x41/0xa0
[  365.333903][T13388]  alloc_slab_obj_exts+0x41/0xa0
[  365.335214][T13388]  __memcg_slab_post_alloc_hook+0x2a7/0x9b0
[  365.336811][T13388]  ? __d_alloc+0x60c/0x8c0
[  365.337994][T13388]  __kmalloc_noprof+0x39e/0x410
[  365.339293][T13388]  ? dentry_unlink_inode+0x3d1/0x480
[  365.340747][T13388]  __d_alloc+0x60c/0x8c0
[  365.341866][T13388]  d_alloc+0x4a/0x1e0
[  365.342924][T13388]  d_alloc_parallel+0xe9/0x12b0
[  365.344254][T13388]  ? __d_lookup+0x25c/0x4a0
[  365.345608][T13388]  ? trace_lock_acquire+0x14a/0x1d0
[  365.346987][T13388]  ? __pfx_d_alloc_parallel+0x10/0x10
[  365.348399][T13388]  ? __d_lookup+0x266/0x4a0
[  365.349603][T13388]  lookup_open.isra.0+0xab5/0x14c0
[  365.350949][T13388]  ? __pfx_lookup_open.isra.0+0x10/0x10
[  365.352397][T13388]  ? path_openat+0x88a/0x2d60
[  365.353634][T13388]  ? mnt_get_write_access+0x20c/0x300
[  365.355046][T13388]  path_openat+0x904/0x2d60
[  365.356278][T13388]  ? __pfx_path_openat+0x10/0x10
[  365.357579][T13388]  ? handle_mm_fault+0x497/0xaa0
[  365.358892][T13388]  ? __pfx___lock_acquire+0x10/0x10
[  365.360259][T13388]  do_filp_open+0x1dc/0x430
[  365.361454][T13388]  ? __pfx_do_filp_open+0x10/0x10
[  365.362772][T13388]  ? find_held_lock+0x2d/0x110
[  365.364039][T13388]  ? _raw_spin_unlock+0x28/0x50
[  365.365374][T13388]  ? alloc_fd+0x2d7/0x6c0
[  365.366553][T13388]  do_sys_openat2+0x17a/0x1e0
[  365.367787][T13388]  ? __pfx_do_sys_openat2+0x10/0x10
[  365.369168][T13388]  ? __fget_files+0x244/0x3f0
[  365.370416][T13388]  __ia32_compat_sys_openat+0x16e/0x210
[  365.371852][T13388]  ? __pfx___ia32_compat_sys_openat+0x10/0x10
[  365.373442][T13388]  ? ksys_write+0x1ad/0x260
[  365.374634][T13388]  __do_fast_syscall_32+0x73/0x120
[  365.375967][T13388]  do_fast_syscall_32+0x32/0x80
[  365.377471][T13388]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  365.379149][T13388] RIP: 0023:0xf7f4f579
[  365.380226][T13388] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  365.385349][T13388] RSP: 002b:00000000f56d655c EFLAGS: 00000296 ORIG_RAX: 0000000000000127
[  365.387502][T13388] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000000
[  365.389581][T13388] RDX: 0000000000000002 RSI: 0000000000000000 RDI: 0000000000000000
[  365.391610][T13388] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  365.393655][T13388] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  365.395688][T13388] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  365.397750][T13388]  </TASK>
[  365.984351][T13408] FAULT_INJECTION: forcing a failure.
[  365.984351][T13408] name failslab, interval 1, probability 0, space 0, times 0
[  365.987727][T13408] CPU: 2 UID: 0 PID: 13408 Comm: syz.6.2184 Not tainted 6.12.0-rc7-syzkaller-00216-gf66d6acccbc0 #0
[  365.990522][T13408] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  365.993180][T13408] Call Trace:
[  365.994036][T13408]  <TASK>
[  365.994817][T13408]  dump_stack_lvl+0x16c/0x1f0
[  365.996046][T13408]  should_fail_ex+0x497/0x5b0
[  365.997285][T13408]  ? fs_reclaim_acquire+0xae/0x150
[  365.998634][T13408]  should_failslab+0xc2/0x120
[  365.999894][T13408]  __kmalloc_cache_noprof+0x6b/0x310
[  366.001273][T13408]  ? xskq_create+0x52/0x1d0
[  366.002463][T13408]  xskq_create+0x52/0x1d0
[  366.003594][T13408]  xsk_setsockopt+0x8b0/0xac0
[  366.004885][T13408]  ? __pfx_xsk_setsockopt+0x10/0x10
[  366.006246][T13408]  ? __pfx_xsk_setsockopt+0x10/0x10
[  366.007596][T13408]  do_sock_setsockopt+0x222/0x480
[  366.008917][T13408]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  366.010567][T13408]  ? fdget+0x176/0x210
[  366.011678][T13408]  __sys_setsockopt+0x1a4/0x270
[  366.012993][T13408]  ? __pfx___sys_setsockopt+0x10/0x10
[  366.014394][T13408]  ? fput+0x30/0x390
[  366.015436][T13408]  ? ksys_write+0x1ad/0x260
[  366.016623][T13408]  ? __pfx_ksys_write+0x10/0x10
[  366.017878][T13408]  __ia32_sys_setsockopt+0xbc/0x160
[  366.019211][T13408]  ? lockdep_hardirqs_on+0x7c/0x110
[  366.020541][T13408]  ? syscall_enter_from_user_mode_prepare+0x68/0xe0
[  366.022290][T13408]  __do_fast_syscall_32+0x73/0x120
[  366.023587][T13408]  do_fast_syscall_32+0x32/0x80
[  366.024873][T13408]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  366.026538][T13408] RIP: 0023:0xf7f13579
[  366.027627][T13408] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  366.032735][T13408] RSP: 002b:00000000f569655c EFLAGS: 00000296 ORIG_RAX: 000000000000016e
[  366.034896][T13408] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000000011b
[  366.036973][T13408] RDX: 0000000000000002 RSI: 0000000020000180 RDI: 0000000000000004
[  366.039040][T13408] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  366.041236][T13408] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  366.043337][T13408] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  366.045441][T13408]  </TASK>
[  366.450042][ T5312] Bluetooth: hci1: command tx timeout
[  366.550057][   T39] audit: type=1326 audit(1731911236.695:4975): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13420 comm="syz.5.2188" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f4f579 code=0x7ffc0000
[  366.555856][   T39] audit: type=1326 audit(1731911236.695:4976): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13420 comm="syz.5.2188" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f4f579 code=0x7ffc0000
[  366.561399][   T39] audit: type=1326 audit(1731911236.695:4977): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13420 comm="syz.5.2188" exe="/syz-executor" sig=0 arch=40000003 syscall=5 compat=1 ip=0xf7f4f579 code=0x7ffc0000
[  366.567182][   T39] audit: type=1326 audit(1731911236.695:4978): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13420 comm="syz.5.2188" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f4f579 code=0x7ffc0000
[  366.572892][   T39] audit: type=1326 audit(1731911236.695:4979): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13420 comm="syz.5.2188" exe="/syz-executor" sig=0 arch=40000003 syscall=21 compat=1 ip=0xf7f4f579 code=0x7ffc0000
[  366.578685][   T39] audit: type=1326 audit(1731911236.695:4980): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13420 comm="syz.5.2188" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f4f579 code=0x7ffc0000
[  366.584420][   T39] audit: type=1326 audit(1731911236.695:4981): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13420 comm="syz.5.2188" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f4f579 code=0x7ffc0000
[  366.590151][   T39] audit: type=1326 audit(1731911236.695:4982): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13420 comm="syz.5.2188" exe="/syz-executor" sig=0 arch=40000003 syscall=5 compat=1 ip=0xf7f4f579 code=0x7ffc0000
[  366.595893][   T39] audit: type=1326 audit(1731911236.695:4983): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13420 comm="syz.5.2188" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f4f579 code=0x7ffc0000
[  366.601822][   T39] audit: type=1326 audit(1731911236.695:4984): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13420 comm="syz.5.2188" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f4f579 code=0x7ffc0000
[  366.825513][ T8353] IPVS: starting estimator thread 0...
[  366.890657][T13429] autofs: Unknown parameter '¸
[  366.890657][T13429] Œü׿»BˆX•‹2ÑÌR›Ùª'
[  366.930030][T13427] IPVS: using max 34 ests per chain, 81600 per kthread
[  366.956285][T13432] netlink: 156 bytes leftover after parsing attributes in process `syz.2.2191'.
[  366.958672][T13432] netlink: 'syz.2.2191': attribute type 2 has an invalid length.
[  366.960879][T13432] netlink: 60 bytes leftover after parsing attributes in process `syz.2.2191'.
[  366.990323][T13434] FAULT_INJECTION: forcing a failure.
[  366.990323][T13434] name failslab, interval 1, probability 0, space 0, times 0
[  366.993875][T13434] CPU: 2 UID: 0 PID: 13434 Comm: syz.2.2192 Not tainted 6.12.0-rc7-syzkaller-00216-gf66d6acccbc0 #0
[  366.996659][T13434] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  366.999429][T13434] Call Trace:
[  367.000308][T13434]  <TASK>
[  367.001102][T13434]  dump_stack_lvl+0x16c/0x1f0
[  367.002368][T13434]  should_fail_ex+0x497/0x5b0
[  367.003615][T13434]  ? fs_reclaim_acquire+0xae/0x150
[  367.004983][T13434]  should_failslab+0xc2/0x120
[  367.006636][T13434]  __kmalloc_cache_noprof+0x6b/0x310
[  367.008154][T13434]  ? p9_fid_create+0x45/0x470
[  367.009508][T13434]  ? do_raw_spin_unlock+0x172/0x230
[  367.011379][T13434]  p9_fid_create+0x45/0x470
[  367.013052][T13434]  p9_client_walk+0xc7/0x540
[  367.014699][T13434]  ? __pfx_p9_client_walk+0x10/0x10
[  367.016437][T13434]  ? v9fs_fid_lookup+0xe9/0xec0
[  367.017684][T13434]  v9fs_file_open+0x596/0xac0
[  367.018875][T13434]  ? __pfx_v9fs_file_open+0x10/0x10
[  367.020166][T13434]  ? bpf_lsm_file_open+0x9/0x10
[  367.021397][T13434]  ? security_file_open+0x62a/0x9d0
[  367.022730][T13434]  do_dentry_open+0x6ca/0x1530
[  367.024011][T13434]  ? __pfx_v9fs_file_open+0x10/0x10
[  367.025420][T13434]  ? inode_permission+0xdd/0x5f0
[  367.026912][T13434]  vfs_open+0x82/0x3f0
[  367.027993][T13434]  ? may_open+0x1f2/0x400
[  367.029093][T13434]  path_openat+0x1e6a/0x2d60
[  367.030271][T13434]  ? __pfx_path_openat+0x10/0x10
[  367.031536][T13434]  ? __pfx___lock_acquire+0x10/0x10
[  367.032915][T13434]  do_filp_open+0x1dc/0x430
[  367.034427][T13434]  ? __pfx_do_filp_open+0x10/0x10
[  367.036107][T13434]  ? _raw_spin_unlock+0x28/0x50
[  367.037433][T13434]  ? alloc_fd+0x2d7/0x6c0
[  367.038552][T13434]  do_sys_openat2+0x17a/0x1e0
[  367.039751][T13434]  ? __pfx_do_sys_openat2+0x10/0x10
[  367.041062][T13434]  ? __fget_files+0x244/0x3f0
[  367.042269][T13434]  __ia32_sys_creat+0xcc/0x120
[  367.043484][T13434]  ? __pfx___ia32_sys_creat+0x10/0x10
[  367.044864][T13434]  ? __pfx_ksys_write+0x10/0x10
[  367.046411][T13434]  ? syscall_enter_from_user_mode_prepare+0x68/0xe0
[  367.048496][T13434]  ? lockdep_hardirqs_on+0x7c/0x110
[  367.050095][T13434]  __do_fast_syscall_32+0x73/0x120
[  367.051669][T13434]  do_fast_syscall_32+0x32/0x80
[  367.053424][T13434]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  367.055440][T13434] RIP: 0023:0xf7f53579
[  367.056793][T13434] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  367.063179][T13434] RSP: 002b:00000000f56d655c EFLAGS: 00000296 ORIG_RAX: 0000000000000008
[  367.065768][T13434] RAX: ffffffffffffffda RBX: 0000000020000300 RCX: 0000000000000000
[  367.068427][T13434] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  367.070928][T13434] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  367.073040][T13434] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  367.075043][T13434] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  367.077583][T13434]  </TASK>
[  367.233232][T13420] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  367.613127][T13438] i2c i2c-1: Invalid block write size 34
[  367.616871][T13438] tmpfs: Cannot change global quota limit on remount
[  367.791953][T13453] xt_CHECKSUM: CHECKSUM should be avoided.  If really needed, restrict with "-p udp" and only use in OUTPUT
[  367.806696][T13453] netlink: 'syz.5.2198': attribute type 1 has an invalid length.
[  368.244106][T13479] binder: 13478:13479 ioctl c0306201 20000680 returned -14
[  368.340598][T13488] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2209'.
[  368.343587][T13488] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2209'.
[  368.512586][T13494] xt_hashlimit: invalid rate
[  368.549728][T13495] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[  368.552947][T13495] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  368.647219][T13501] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_to_bridge, syncid = 0, id = 0
[  368.650692][T13499] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2213'.
[  368.707097][T13499] ip_vti0 speed is unknown, defaulting to 1000
[  368.921357][T13516] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2217'.
[  369.165432][T13531] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2223'.
[  369.187315][T13532] netlink: 28 bytes leftover after parsing attributes in process `syz.6.2218'.
[  369.437882][T13535] ip_vti0 speed is unknown, defaulting to 1000
[  369.520678][T13542] netlink: 20 bytes leftover after parsing attributes in process `syz.5.2226'.
[  369.524596][T13542] FAULT_INJECTION: forcing a failure.
[  369.524596][T13542] name failslab, interval 1, probability 0, space 0, times 0
[  369.528680][T13542] CPU: 2 UID: 0 PID: 13542 Comm: syz.5.2226 Not tainted 6.12.0-rc7-syzkaller-00216-gf66d6acccbc0 #0
[  369.532103][T13542] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  369.535651][T13542] Call Trace:
[  369.536723][T13542]  <TASK>
[  369.537675][T13542]  dump_stack_lvl+0x16c/0x1f0
[  369.539199][T13542]  should_fail_ex+0x497/0x5b0
[  369.540716][T13542]  should_failslab+0xc2/0x120
[  369.542266][T13542]  __kmalloc_cache_noprof+0x6b/0x310
[  369.543985][T13542]  ? fib6_new_table+0x8b/0x350
[  369.545543][T13542]  fib6_new_table+0x8b/0x350
[  369.547030][T13542]  fib6_rule_configure+0x6bd/0xa80
[  369.548706][T13542]  ? __pfx_fib6_rule_configure+0x10/0x10
[  369.550488][T13542]  ? __nla_parse+0x40/0x60
[  369.551933][T13542]  fib_nl_newrule+0x3b6/0x1f20
[  369.553517][T13542]  ? __pfx_fib_nl_newrule+0x10/0x10
[  369.555266][T13542]  ? __mutex_trylock_common+0xea/0x250
[  369.557100][T13542]  ? __pfx___mutex_trylock_common+0x10/0x10
[  369.559038][T13542]  ? rtnetlink_rcv_msg+0x372/0xea0
[  369.560692][T13542]  ? rcu_is_watching+0x12/0xc0
[  369.562337][T13542]  ? __pfx_fib_nl_newrule+0x10/0x10
[  369.564080][T13542]  ? rtnetlink_rcv_msg+0x3c7/0xea0
[  369.565723][T13542]  rtnetlink_rcv_msg+0x3c7/0xea0
[  369.567393][T13542]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  369.569234][T13542]  ? __pfx___dev_queue_xmit+0x10/0x10
[  369.570981][T13542]  netlink_rcv_skb+0x165/0x410
[  369.572560][T13542]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  369.574378][T13542]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  369.576133][T13542]  ? netlink_deliver_tap+0x1ae/0xcf0
[  369.577856][T13542]  netlink_unicast+0x53c/0x7f0
[  369.579401][T13542]  ? __pfx_netlink_unicast+0x10/0x10
[  369.581097][T13542]  ? __phys_addr_symbol+0x30/0x80
[  369.582712][T13542]  ? __check_object_size+0x488/0x710
[  369.584471][T13542]  netlink_sendmsg+0x8b8/0xd70
[  369.586036][T13542]  ? __pfx_netlink_sendmsg+0x10/0x10
[  369.587765][T13542]  ____sys_sendmsg+0x9ae/0xb40
[  369.589292][T13542]  ? __pfx_____sys_sendmsg+0x10/0x10
[  369.590992][T13542]  ? get_compat_msghdr+0x11b/0x170
[  369.592683][T13542]  ? __pfx___lock_acquire+0x10/0x10
[  369.594363][T13542]  ___sys_sendmsg+0x135/0x1e0
[  369.595874][T13542]  ? __pfx____sys_sendmsg+0x10/0x10
[  369.597550][T13542]  ? lock_acquire+0x2f/0xb0
[  369.599090][T13542]  ? __fget_files+0x40/0x3f0
[  369.600589][T13542]  ? fdget+0x176/0x210
[  369.601913][T13542]  __sys_sendmsg+0x117/0x1f0
[  369.603427][T13542]  ? __pfx___sys_sendmsg+0x10/0x10
[  369.605165][T13542]  ? __fget_files+0x244/0x3f0
[  369.606791][T13542]  __do_fast_syscall_32+0x73/0x120
[  369.608544][T13542]  do_fast_syscall_32+0x32/0x80
[  369.610207][T13542]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  369.612357][T13542] RIP: 0023:0xf7f4f579
[  369.613736][T13542] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  369.620264][T13542] RSP: 002b:00000000f56d655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  369.623089][T13542] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000480
[  369.625749][T13542] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  369.628423][T13542] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  369.631086][T13542] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  369.633855][T13542] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  369.636579][T13542]  </TASK>
[  369.637765][    C2] vkms_vblank_simulate: vblank timer overrun
[  369.704403][T13548] netlink: 20 bytes leftover after parsing attributes in process `syz.5.2229'.
[  369.880022][ T5995] usb 9-1: new high-speed USB device number 25 using dummy_hcd
[  369.935153][T13553] ip_vti0 speed is unknown, defaulting to 1000
[  370.017290][T13570] FAULT_INJECTION: forcing a failure.
[  370.017290][T13570] name failslab, interval 1, probability 0, space 0, times 0
[  370.023253][T13570] CPU: 2 UID: 0 PID: 13570 Comm: syz.5.2236 Not tainted 6.12.0-rc7-syzkaller-00216-gf66d6acccbc0 #0
[  370.026801][T13570] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  370.030312][T13570] Call Trace:
[  370.031453][T13570]  <TASK>
[  370.032436][T13570]  dump_stack_lvl+0x16c/0x1f0
[  370.034018][T13570]  should_fail_ex+0x497/0x5b0
[  370.035619][T13570]  ? fs_reclaim_acquire+0xae/0x150
[  370.037253][T13570]  should_failslab+0xc2/0x120
[  370.038814][T13570]  __kmalloc_noprof+0xcb/0x410
[  370.040404][T13570]  bpf_prog_array_alloc+0x46/0x60
[  370.042170][T13570]  compute_effective_progs+0x1de/0x620
[  370.043974][T13570]  update_effective_progs+0x5f/0x270
[  370.045717][T13570]  __cgroup_bpf_attach+0x9cc/0x17e0
[  370.047485][T13570]  ? __pfx___cgroup_bpf_attach+0x10/0x10
[  370.049347][T13570]  ? __local_bh_enable_ip+0xa4/0x120
[  370.051161][T13570]  cgroup_bpf_link_attach+0x264/0x3e0
[  370.052915][T13570]  ? __pfx_cgroup_bpf_link_attach+0x10/0x10
[  370.054888][T13570]  ? ns_capable+0xd7/0x110
[  370.056337][T13570]  ? bpf_token_capable+0x118/0x140
[  370.058098][T13570]  __sys_bpf+0x37f4/0x5780
[  370.059654][T13570]  ? ksys_write+0x21e/0x260
[  370.061152][T13570]  ? __pfx___sys_bpf+0x10/0x10
[  370.062784][T13570]  ? vfs_write+0x306/0x1150
[  370.064264][T13570]  ? __mutex_unlock_slowpath+0x164/0x650
[  370.066167][T13570]  ? fput+0x30/0x390
[  370.067349][T13570]  ? ksys_write+0x1ad/0x260
[  370.068937][T13570]  ? __pfx_ksys_write+0x10/0x10
[  370.070609][T13570]  __ia32_sys_bpf+0x76/0xe0
[  370.072163][T13570]  __do_fast_syscall_32+0x73/0x120
[  370.073914][T13570]  do_fast_syscall_32+0x32/0x80
[  370.075570][T13570]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  370.077709][T13570] RIP: 0023:0xf7f4f579
[  370.079115][T13570] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  370.081277][ T5995] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  370.085462][T13570] RSP: 002b:00000000f56d655c EFLAGS: 00000296
[  370.088260][ T5995] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  370.090345][T13570]  ORIG_RAX: 0000000000000165
[  370.090356][T13570] RAX: ffffffffffffffda RBX: 000000000000001c RCX: 0000000020000200
[  370.090369][T13570] RDX: 0000000000000010 RSI: 0000000000000000 RDI: 0000000000000000
[  370.090380][T13570] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  370.090390][T13570] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  370.099300][ T5995] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  370.099995][T13570] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  370.100024][T13570]  </TASK>
[  370.100123][    C2] vkms_vblank_simulate: vblank timer overrun
[  370.102299][ T5995] usb 9-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  370.115654][ T5995] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  370.120245][ T5995] usb 9-1: config 0 descriptor??
[  370.198020][T13577] netlink: 24 bytes leftover after parsing attributes in process `syz.5.2238'.
[  370.212945][T13577] netdevsim netdevsim5 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0
[  370.215520][T13577] netdevsim netdevsim5 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0
[  370.218008][T13577] netdevsim netdevsim5 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0
[  370.220758][T13577] netdevsim netdevsim5 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0
[  370.541129][ T5995] plantronics 0003:047F:FFFF.0009: unknown main item tag 0x0
[  370.544451][ T5995] plantronics 0003:047F:FFFF.0009: No inputs registered, leaving
[  370.561545][ T5995] plantronics 0003:047F:FFFF.0009: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0
[  370.837789][T13589] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2240'.
[  370.946195][   T73] usb 9-1: USB disconnect, device number 25
[  370.946426][T13544] usb 9-1: string descriptor 0 read error: -71
[  370.951621][T13592] plantronics 0003:047F:FFFF.0009: usb_submit_urb(ctrl) failed: -19
[  371.618996][T13616] FAULT_INJECTION: forcing a failure.
[  371.618996][T13616] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  371.622435][T13616] CPU: 2 UID: 0 PID: 13616 Comm: syz.2.2248 Not tainted 6.12.0-rc7-syzkaller-00216-gf66d6acccbc0 #0
[  371.625247][T13616] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  371.628079][T13616] Call Trace:
[  371.629010][T13616]  <TASK>
[  371.629837][T13616]  dump_stack_lvl+0x16c/0x1f0
[  371.631131][T13616]  should_fail_ex+0x497/0x5b0
[  371.632402][T13616]  _copy_to_user+0x32/0xd0
[  371.633590][T13616]  simple_read_from_buffer+0xd0/0x160
[  371.635006][T13616]  proc_fail_nth_read+0x198/0x270
[  371.636441][T13616]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  371.637900][T13616]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  371.639366][T13616]  vfs_read+0x1df/0xbe0
[  371.640472][T13616]  ? __fget_files+0x23a/0x3f0
[  371.641746][T13616]  ? fdget_pos+0x24c/0x360
[  371.642925][T13616]  ? __pfx_lock_release+0x10/0x10
[  371.644280][T13616]  ? trace_lock_acquire+0x14a/0x1d0
[  371.645585][T13616]  ? __pfx_vfs_read+0x10/0x10
[  371.646824][T13616]  ? __pfx___mutex_lock+0x10/0x10
[  371.648169][T13616]  ? __fget_files+0x244/0x3f0
[  371.649439][T13616]  ksys_read+0x12f/0x260
[  371.650560][T13616]  ? __pfx_ksys_read+0x10/0x10
[  371.651835][T13616]  __do_fast_syscall_32+0x73/0x120
[  371.653194][T13616]  do_fast_syscall_32+0x32/0x80
[  371.654486][T13616]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  371.656159][T13616] RIP: 0023:0xf7f53579
[  371.657306][T13616] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  371.662323][T13616] RSP: 002b:00000000f56d6590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  371.664502][T13616] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000f56d6620
[  371.666567][T13616] RDX: 000000000000000f RSI: 00000000f73ddff4 RDI: 0000000000000000
[  371.668643][T13616] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  371.670696][T13616] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  371.672760][T13616] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  371.674828][T13616]  </TASK>
[  371.675767][    C2] vkms_vblank_simulate: vblank timer overrun
[  371.762766][T13622] FAULT_INJECTION: forcing a failure.
[  371.762766][T13622] name failslab, interval 1, probability 0, space 0, times 0
[  371.766990][T13622] CPU: 1 UID: 0 PID: 13622 Comm: syz.5.2244 Not tainted 6.12.0-rc7-syzkaller-00216-gf66d6acccbc0 #0
[  371.769782][T13622] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  371.772562][T13622] Call Trace:
[  371.773441][T13622]  <TASK>
[  371.774225][T13622]  dump_stack_lvl+0x16c/0x1f0
[  371.775470][T13622]  should_fail_ex+0x497/0x5b0
[  371.776723][T13622]  ? fs_reclaim_acquire+0xae/0x150
[  371.778149][T13622]  should_failslab+0xc2/0x120
[  371.779421][T13622]  __kmalloc_noprof+0xcb/0x410
[  371.780698][T13622]  iter_file_splice_write+0x1cd/0x10b0
[  371.782125][T13622]  ? __pfx_iter_file_splice_write+0x10/0x10
[  371.783670][T13622]  ? __pfx_copy_splice_read+0x10/0x10
[  371.785084][T13622]  ? __pfx_register_lock_class+0x10/0x10
[  371.786550][T13622]  ? __pfx_iter_file_splice_write+0x10/0x10
[  371.788131][T13622]  direct_splice_actor+0x18f/0x6c0
[  371.789490][T13622]  splice_direct_to_actor+0x346/0xa40
[  371.790896][T13622]  ? __pfx_direct_splice_actor+0x10/0x10
[  371.792375][T13622]  ? __pfx_splice_direct_to_actor+0x10/0x10
[  371.793931][T13622]  ? __fget_files+0x23a/0x3f0
[  371.795172][T13622]  do_splice_direct+0x178/0x250
[  371.796464][T13622]  ? __pfx_do_splice_direct+0x10/0x10
[  371.797903][T13622]  ? __pfx_direct_file_splice_eof+0x10/0x10
[  371.799456][T13622]  ? bpf_lsm_file_permission+0x9/0x10
[  371.800869][T13622]  ? security_file_permission+0x71/0x210
[  371.802332][T13622]  do_sendfile+0xb0c/0xe40
[  371.803507][T13622]  ? __pfx_do_sendfile+0x10/0x10
[  371.804814][T13622]  ? __fget_files+0x244/0x3f0
[  371.806056][T13622]  __ia32_compat_sys_sendfile+0x1e7/0x230
[  371.807570][T13622]  ? ksys_write+0x1ad/0x260
[  371.808765][T13622]  ? __pfx___ia32_compat_sys_sendfile+0x10/0x10
[  371.810378][T13622]  __do_fast_syscall_32+0x73/0x120
[  371.811703][T13622]  do_fast_syscall_32+0x32/0x80
[  371.812976][T13622]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  371.814605][T13622] RIP: 0023:0xf7f4f579
[  371.815667][T13622] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  371.821544][T13622] RSP: 002b:00000000f569455c EFLAGS: 00000296 ORIG_RAX: 00000000000000bb
[  371.824427][T13622] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000000006
[  371.827047][T13622] RDX: 0000000000000000 RSI: 0000000000040008 RDI: 0000000000000000
[  371.829405][T13622] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  371.831447][T13622] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  371.833496][T13622] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  371.835543][T13622]  </TASK>
[  372.658548][T13641] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2251'.
[  372.668402][T13641] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2251'.
[  372.737894][T13648] FAULT_INJECTION: forcing a failure.
[  372.737894][T13648] name failslab, interval 1, probability 0, space 0, times 0
[  372.741480][T13648] CPU: 1 UID: 0 PID: 13648 Comm: syz.5.2253 Not tainted 6.12.0-rc7-syzkaller-00216-gf66d6acccbc0 #0
[  372.745052][T13648] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  372.748657][T13648] Call Trace:
[  372.749813][T13648]  <TASK>
[  372.750828][T13648]  dump_stack_lvl+0x16c/0x1f0
[  372.752448][T13648]  should_fail_ex+0x497/0x5b0
[  372.754050][T13648]  ? fs_reclaim_acquire+0xae/0x150
[  372.755849][T13648]  should_failslab+0xc2/0x120
[  372.757509][T13648]  __kmalloc_node_noprof+0xd1/0x440
[  372.759280][T13648]  ? __might_fault+0xe3/0x190
[  372.760892][T13648]  ? __kvmalloc_node_noprof+0xad/0x1a0
[  372.762730][T13648]  ? __might_fault+0xe3/0x190
[  372.764340][T13648]  __kvmalloc_node_noprof+0xad/0x1a0
[  372.766114][T13648]  xt_alloc_table_info+0x3e/0xa0
[  372.767855][T13648]  compat_do_replace+0x20b/0x500
[  372.769656][T13648]  ? __pfx_compat_do_replace+0x10/0x10
[  372.771305][T13648]  ? aa_get_newest_label+0x376/0x680
[  372.772745][T13648]  ? sockopt_release_sock+0x52/0x60
[  372.774102][T13648]  ? __pfx_aa_get_newest_label+0x10/0x10
[  372.775570][T13648]  ? bpf_lsm_capable+0x9/0x10
[  372.776807][T13648]  ? security_capable+0x7e/0x260
[  372.778105][T13648]  do_ip6t_set_ctl+0x686/0xc20
[  372.779375][T13648]  ? trace_contention_end+0xea/0x140
[  372.780755][T13648]  ? __mutex_lock+0x1a6/0x9c0
[  372.781980][T13648]  ? __pfx_do_ip6t_set_ctl+0x10/0x10
[  372.783069][T13645] xt_CT: No such helper "syz0"
[  372.783357][T13648]  ? __pfx___mutex_lock+0x10/0x10
[  372.783371][T13648]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  372.783388][T13648]  ? nf_sockopt_find.constprop.0+0x221/0x290
[  372.783403][T13648]  nf_setsockopt+0x8a/0xf0
[  372.791113][T13648]  ipv6_setsockopt+0x135/0x170
[  372.792371][T13648]  udpv6_setsockopt+0x7d/0xd0
[  372.793574][T13648]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  372.795248][T13648]  do_sock_setsockopt+0x222/0x480
[  372.796574][T13648]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  372.797985][T13648]  ? fdget+0x176/0x210
[  372.799061][T13648]  __sys_setsockopt+0x1a4/0x270
[  372.800344][T13648]  ? __pfx___sys_setsockopt+0x10/0x10
[  372.801744][T13648]  ? __pfx_sched_clock_cpu+0x10/0x10
[  372.803128][T13648]  ? rcu_is_watching+0x12/0xc0
[  372.804389][T13648]  __ia32_sys_setsockopt+0xbc/0x160
[  372.805744][T13648]  ? lockdep_hardirqs_on+0x7c/0x110
[  372.807089][T13648]  ? syscall_enter_from_user_mode_prepare+0x68/0xe0
[  372.808790][T13648]  __do_fast_syscall_32+0x73/0x120
[  372.810116][T13648]  do_fast_syscall_32+0x32/0x80
[  372.811381][T13648]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  372.813014][T13648] RIP: 0023:0xf7f4f579
[  372.814087][T13648] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  372.819023][T13648] RSP: 002b:00000000f56d655c EFLAGS: 00000296 ORIG_RAX: 000000000000016e
[  372.821202][T13648] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000029
[  372.823241][T13648] RDX: 0000000000000040 RSI: 0000000020000c80 RDI: 0000000000000468
[  372.825289][T13648] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  372.827360][T13648] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  372.829390][T13648] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  372.831424][T13648]  </TASK>
[  372.939053][T13655] FAULT_INJECTION: forcing a failure.
[  372.939053][T13655] name failslab, interval 1, probability 0, space 0, times 0
[  372.949991][T13655] CPU: 3 UID: 0 PID: 13655 Comm: syz.6.2256 Not tainted 6.12.0-rc7-syzkaller-00216-gf66d6acccbc0 #0
[  372.952694][T13655] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  372.955379][T13655] Call Trace:
[  372.956228][T13655]  <TASK>
[  372.956970][T13655]  dump_stack_lvl+0x16c/0x1f0
[  372.958190][T13655]  should_fail_ex+0x497/0x5b0
[  372.959424][T13655]  ? fs_reclaim_acquire+0xae/0x150
[  372.960811][T13655]  should_failslab+0xc2/0x120
[  372.962091][T13655]  kmem_cache_alloc_node_noprof+0x71/0x310
[  372.963631][T13655]  ? __alloc_skb+0x2b3/0x380
[  372.964865][T13655]  __alloc_skb+0x2b3/0x380
[  372.966040][T13655]  ? __pfx___alloc_skb+0x10/0x10
[  372.967345][T13655]  ? __nla_parse+0x40/0x60
[  372.968533][T13655]  ovs_dp_cmd_del+0x67/0x2a0
[  372.969758][T13655]  genl_family_rcv_msg_doit+0x202/0x2f0
[  372.971212][T13655]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  372.972814][T13655]  ? bpf_lsm_capable+0x9/0x10
[  372.974055][T13655]  ? security_capable+0x7e/0x260
[  372.975362][T13655]  ? ns_capable+0xd7/0x110
[  372.976509][T13655]  genl_rcv_msg+0x565/0x800
[  372.977678][T13655]  ? __pfx_genl_rcv_msg+0x10/0x10
[  372.979003][T13655]  ? __pfx_ovs_dp_cmd_del+0x10/0x10
[  372.980382][T13655]  netlink_rcv_skb+0x165/0x410
[  372.981644][T13655]  ? __pfx_genl_rcv_msg+0x10/0x10
[  372.982967][T13655]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  372.984376][T13655]  ? down_read+0xc9/0x330
[  372.985519][T13655]  ? __pfx_down_read+0x10/0x10
[  372.986777][T13655]  ? netlink_deliver_tap+0x1ae/0xcf0
[  372.988126][T13655]  genl_rcv+0x28/0x40
[  372.989161][T13655]  netlink_unicast+0x53c/0x7f0
[  372.990388][T13655]  ? __pfx_netlink_unicast+0x10/0x10
[  372.991774][T13655]  ? __phys_addr_symbol+0x30/0x80
[  372.993067][T13655]  ? __check_object_size+0x488/0x710
[  372.994455][T13655]  netlink_sendmsg+0x8b8/0xd70
[  372.995718][T13655]  ? __pfx_netlink_sendmsg+0x10/0x10
[  372.997121][T13655]  ____sys_sendmsg+0x9ae/0xb40
[  372.998382][T13655]  ? __pfx_____sys_sendmsg+0x10/0x10
[  372.999777][T13655]  ? get_compat_msghdr+0x11b/0x170
[  373.001135][T13655]  ? __pfx___lock_acquire+0x10/0x10
[  373.002507][T13655]  ___sys_sendmsg+0x135/0x1e0
[  373.003751][T13655]  ? __pfx____sys_sendmsg+0x10/0x10
[  373.005135][T13655]  ? lock_acquire+0x2f/0xb0
[  373.006335][T13655]  ? __fget_files+0x40/0x3f0
[  373.007556][T13655]  ? fdget+0x176/0x210
[  373.008637][T13655]  __sys_sendmsg+0x117/0x1f0
[  373.009857][T13655]  ? __pfx___sys_sendmsg+0x10/0x10
[  373.011200][T13655]  ? __fget_files+0x244/0x3f0
[  373.012457][T13655]  __do_fast_syscall_32+0x73/0x120
[  373.013800][T13655]  do_fast_syscall_32+0x32/0x80
[  373.015087][T13655]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  373.016745][T13655] RIP: 0023:0xf7f13579
[  373.017819][T13655] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  373.022814][T13655] RSP: 002b:00000000f569655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  373.024981][T13655] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000020000180
[  373.027037][T13655] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  373.029025][T13655] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  373.031070][T13655] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  373.033092][T13655] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  373.035072][T13655]  </TASK>
[  373.068937][ T5966] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  373.073598][ T5966] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  373.079088][ T5966] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  373.083549][ T5966] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  373.086740][ T5966] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[  373.088833][ T5966] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  373.144182][   T39] kauditd_printk_skb: 31 callbacks suppressed
[  373.144241][   T39] audit: type=1326 audit(1731911243.305:5016): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13656 comm="syz.5.2257" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f4f579 code=0x7ffc0000
[  373.151633][   T39] audit: type=1326 audit(1731911243.305:5017): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13656 comm="syz.5.2257" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f4f579 code=0x7ffc0000
[  373.155288][T13659] ip_vti0 speed is unknown, defaulting to 1000
[  373.186226][   T39] audit: type=1326 audit(1731911243.345:5018): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13656 comm="syz.5.2257" exe="/syz-executor" sig=0 arch=40000003 syscall=21 compat=1 ip=0xf7f4f579 code=0x7ffc0000
[  373.194187][   T39] audit: type=1326 audit(1731911243.345:5019): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13656 comm="syz.5.2257" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f4f579 code=0x7ffc0000
[  373.199856][   T39] audit: type=1326 audit(1731911243.345:5020): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13656 comm="syz.5.2257" exe="/syz-executor" sig=0 arch=40000003 syscall=5 compat=1 ip=0xf7f4f579 code=0x7ffc0000
[  373.206985][   T39] audit: type=1326 audit(1731911243.345:5021): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13656 comm="syz.5.2257" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f4f579 code=0x7ffc0000
[  373.213123][   T39] audit: type=1326 audit(1731911243.345:5022): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13656 comm="syz.5.2257" exe="/syz-executor" sig=0 arch=40000003 syscall=379 compat=1 ip=0xf7f4f579 code=0x7ffc0000
[  373.218807][   T39] audit: type=1326 audit(1731911243.345:5023): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13656 comm="syz.5.2257" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f4f579 code=0x7ffc0000
[  373.224829][   T39] audit: type=1326 audit(1731911243.345:5024): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13656 comm="syz.5.2257" exe="/syz-executor" sig=0 arch=40000003 syscall=286 compat=1 ip=0xf7f4f579 code=0x7ffc0000
[  373.230593][   T39] audit: type=1326 audit(1731911243.345:5025): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13656 comm="syz.5.2257" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f4f579 code=0x7ffc0000
[  373.285542][T12996] bond0: (slave syz_tun): Releasing backup interface
[  373.804067][T13656] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  373.806951][T13659] chnl_net:caif_netlink_parms(): no params data found
[  373.945631][T13659] bridge0: port 1(bridge_slave_0) entered blocking state
[  373.947524][T13659] bridge0: port 1(bridge_slave_0) entered disabled state
[  373.950208][T13659] bridge_slave_0: entered allmulticast mode
[  373.956027][T13659] bridge_slave_0: entered promiscuous mode
[  373.958926][T13659] bridge0: port 2(bridge_slave_1) entered blocking state
[  373.961137][T13659] bridge0: port 2(bridge_slave_1) entered disabled state
[  373.963090][T13659] bridge_slave_1: entered allmulticast mode
[  373.965218][T13659] bridge_slave_1: entered promiscuous mode
[  373.991554][T13659] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  373.995292][T13659] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  374.018023][T13659] team0: Port device team_slave_0 added
[  374.023134][T13659] team0: Port device team_slave_1 added
[  374.048543][T13659] batman_adv: batadv0: Adding interface: batadv_slave_0
[  374.051476][T13659] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  374.061810][T13659] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  374.066863][T13659] batman_adv: batadv0: Adding interface: batadv_slave_1
[  374.069310][T13659] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  374.078055][T13659] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  374.108179][T13659] hsr_slave_0: entered promiscuous mode
[  374.110598][T13659] hsr_slave_1: entered promiscuous mode
[  374.115170][T13659] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  374.117277][T13659] Cannot create hsr debugfs directory
[  374.197159][T13659] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  374.293092][T13659] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  374.343338][T13659] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  374.381432][T13684] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2261'.
[  374.384583][T13684] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2261'.
[  374.395946][T13659] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  374.486194][T13659] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  374.489854][T13659] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  374.493189][T13659] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  374.496425][T13659] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  374.524857][T13659] 8021q: adding VLAN 0 to HW filter on device bond0
[  374.534929][T13659] 8021q: adding VLAN 0 to HW filter on device team0
[  374.538897][   T74] bridge0: port 1(bridge_slave_0) entered blocking state
[  374.540819][   T74] bridge0: port 1(bridge_slave_0) entered forwarding state
[  374.545294][ T1132] bridge0: port 2(bridge_slave_1) entered blocking state
[  374.547208][ T1132] bridge0: port 2(bridge_slave_1) entered forwarding state
[  374.566309][T13689] 9pnet_fd: Insufficient options for proto=fd
[  374.590700][T13659] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  374.593470][T13659] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  374.671064][T13659] 8021q: adding VLAN 0 to HW filter on device batadv0
[  374.696696][T13659] veth0_vlan: entered promiscuous mode
[  374.701687][T13659] veth1_vlan: entered promiscuous mode
[  374.713006][T13659] veth0_macvtap: entered promiscuous mode
[  374.720633][T13659] veth1_macvtap: entered promiscuous mode
[  374.727053][T13659] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  374.730536][T13659] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  374.733072][T13659] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  374.735732][T13659] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  374.738270][T13659] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  374.743724][T13659] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  374.746375][T13659] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  374.749317][T13659] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  374.753106][T13659] batman_adv: batadv0: Interface activated: batadv_slave_0
[  374.764372][T13659] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  374.767196][T13659] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  374.769732][T13659] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  374.773311][T13659] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  374.775876][T13659] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  374.778600][T13659] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  374.781529][T13659] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  374.784205][T13659] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  374.786682][T13659] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  374.789338][T13659] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  374.795199][T13659] batman_adv: batadv0: Interface activated: batadv_slave_1
[  374.799411][T13659] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  374.801801][T13659] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  374.803990][T13659] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  374.806139][T13659] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  374.867719][   T46] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  374.869679][   T46] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  374.875467][   T46] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  374.880579][   T46] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  375.177486][T13710] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2254'.
[  375.184613][ T5312] Bluetooth: hci5: command tx timeout
[  375.631389][T13722] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2269'.
[  375.633920][T13712] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  375.636146][T13712] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  375.646247][T13712] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  375.668104][T13712] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  375.669773][T13712] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  375.709562][T13712] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  375.735515][T13712] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  375.744313][T13712] Bluetooth: hci5: Opcode 0x0406 failed: -4
[  375.798958][T13712] Bluetooth: hci5: Opcode 0x0406 failed: -4
[  375.806324][T13722] ip_vti0 speed is unknown, defaulting to 1000
[  376.002609][T13739] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2272'.
[  376.070157][   T64] usb 11-1: new high-speed USB device number 3 using dummy_hcd
[  376.222799][T13741] i2c i2c-1: Invalid block write size 34
[  376.224372][   T64] usb 11-1: Using ep0 maxpacket: 8
[  376.228019][   T64] usb 11-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  376.230744][   T64] usb 11-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  376.233275][   T64] usb 11-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  376.236031][   T64] usb 11-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  376.240401][   T64] usb 11-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  376.242739][   T64] usb 11-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  376.245657][T13741] tmpfs: Cannot change global quota limit on remount
[  376.458275][   T64] usb 11-1: GET_CAPABILITIES returned 0
[  376.460766][   T64] usbtmc 11-1:16.0: can't read capabilities
[  376.659437][ T5333] usb 11-1: USB disconnect, device number 3
[  376.725344][T13780] FAULT_INJECTION: forcing a failure.
[  376.725344][T13780] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  376.729645][T13780] CPU: 3 UID: 0 PID: 13780 Comm: syz.2.2276 Not tainted 6.12.0-rc7-syzkaller-00216-gf66d6acccbc0 #0
[  376.732556][T13780] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  376.735365][T13780] Call Trace:
[  376.736463][T13780]  <TASK>
[  376.737288][T13780]  dump_stack_lvl+0x16c/0x1f0
[  376.738573][T13780]  should_fail_ex+0x497/0x5b0
[  376.739880][T13780]  _copy_from_user+0x2e/0xd0
[  376.741193][T13780]  __ia32_sys_openat2+0x176/0x380
[  376.742764][T13780]  ? __pfx___ia32_sys_openat2+0x10/0x10
[  376.744333][T13780]  ? ksys_write+0x1ad/0x260
[  376.745650][T13780]  __do_fast_syscall_32+0x73/0x120
[  376.747313][T13780]  do_fast_syscall_32+0x32/0x80
[  376.749114][T13780]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  376.751407][T13780] RIP: 0023:0xf7fb7579
[  376.752573][T13780] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  376.757982][T13780] RSP: 002b:00000000f573655c EFLAGS: 00000296 ORIG_RAX: 00000000000001b5
[  376.760482][T13780] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 00000000200000c0
[  376.762624][T13780] RDX: 0000000020000080 RSI: 0000000000000018 RDI: 0000000000000000
[  376.764761][T13780] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  376.766890][T13780] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  376.769092][T13780] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  376.771275][T13780]  </TASK>
[  377.519270][T13796] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2279'.
[  377.560057][ T5966] Bluetooth: hci4: command 0x0405 tx timeout
[  377.676361][T13798] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2281'.
[  377.678888][T13798] FAULT_INJECTION: forcing a failure.
[  377.678888][T13798] name failslab, interval 1, probability 0, space 0, times 0
[  377.683280][T13798] CPU: 3 UID: 0 PID: 13798 Comm: syz.2.2281 Not tainted 6.12.0-rc7-syzkaller-00216-gf66d6acccbc0 #0
[  377.686099][T13798] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  377.689084][T13798] Call Trace:
[  377.689952][T13798]  <TASK>
[  377.690728][T13798]  dump_stack_lvl+0x16c/0x1f0
[  377.692020][T13798]  should_fail_ex+0x497/0x5b0
[  377.693341][T13798]  ? fs_reclaim_acquire+0xae/0x150
[  377.694867][T13798]  should_failslab+0xc2/0x120
[  377.696176][T13798]  __kmalloc_cache_noprof+0x6b/0x310
[  377.697555][T13798]  ? nfnl_err_add+0x4e/0x2d0
[  377.698909][T13798]  nfnl_err_add+0x4e/0x2d0
[  377.700087][T13798]  nfnetlink_rcv_batch+0xe40/0x24e0
[  377.701510][T13798]  ? __pfx_nfnetlink_rcv_batch+0x10/0x10
[  377.703022][T13798]  ? __pfx_lock_release+0x10/0x10
[  377.704416][T13798]  ? __local_bh_enable_ip+0xa4/0x120
[  377.705821][T13798]  ? lockdep_hardirqs_on+0x7c/0x110
[  377.707178][T13798]  ? __pfx___dev_queue_xmit+0x10/0x10
[  377.708620][T13798]  ? __nla_parse+0x40/0x60
[  377.709802][T13798]  nfnetlink_rcv+0x3c3/0x430
[  377.711029][T13798]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  377.712327][T13798]  netlink_unicast+0x53c/0x7f0
[  377.713507][T13798]  ? __pfx_netlink_unicast+0x10/0x10
[  377.714850][T13798]  ? __phys_addr_symbol+0x30/0x80
[  377.716170][T13798]  ? __check_object_size+0x488/0x710
[  377.717517][T13798]  netlink_sendmsg+0x8b8/0xd70
[  377.718734][T13798]  ? __pfx_netlink_sendmsg+0x10/0x10
[  377.720080][T13798]  ____sys_sendmsg+0x9ae/0xb40
[  377.720111][ T5966] Bluetooth: hci1: command 0x0c1a tx timeout
[  377.721251][T13798]  ? __pfx_____sys_sendmsg+0x10/0x10
[  377.724856][T13798]  ? get_compat_msghdr+0x11b/0x170
[  377.726188][T13798]  ? __pfx___lock_acquire+0x10/0x10
[  377.727536][T13798]  ___sys_sendmsg+0x135/0x1e0
[  377.728782][T13798]  ? __pfx____sys_sendmsg+0x10/0x10
[  377.730132][T13798]  ? lock_acquire+0x2f/0xb0
[  377.731316][T13798]  ? __fget_files+0x40/0x3f0
[  377.732503][T13798]  ? fdget+0x176/0x210
[  377.733527][T13798]  __sys_sendmsg+0x117/0x1f0
[  377.734721][T13798]  ? __pfx___sys_sendmsg+0x10/0x10
[  377.736273][T13798]  ? __fget_files+0x244/0x3f0
[  377.737698][T13798]  __do_fast_syscall_32+0x73/0x120
[  377.739238][T13798]  do_fast_syscall_32+0x32/0x80
[  377.740641][T13798]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  377.742287][T13798] RIP: 0023:0xf7fb7579
[  377.743445][T13798] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  377.748555][T13798] RSP: 002b:00000000f573655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  377.750700][T13798] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000200000c0
[  377.752748][T13798] RDX: 0000000000000800 RSI: 0000000000000000 RDI: 0000000000000000
[  377.754773][T13798] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  377.756798][T13798] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  377.758824][T13798] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  377.760820][T13798]  </TASK>
[  377.800072][ T5966] Bluetooth: hci5: command 0x040f tx timeout
[  377.853836][T13803] binder: 13802:13803 ioctl c0306201 20000680 returned -14
[  378.107312][T13806] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[  378.109903][T13806] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  378.113850][T13810] FAULT_INJECTION: forcing a failure.
[  378.113850][T13810] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  378.118527][T13810] CPU: 2 UID: 0 PID: 13810 Comm: syz.4.2285 Not tainted 6.12.0-rc7-syzkaller-00216-gf66d6acccbc0 #0
[  378.121406][T13810] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  378.124178][T13810] Call Trace:
[  378.125064][T13810]  <TASK>
[  378.125853][T13810]  dump_stack_lvl+0x16c/0x1f0
[  378.127109][T13810]  should_fail_ex+0x497/0x5b0
[  378.128354][T13810]  _copy_to_user+0x32/0xd0
[  378.129540][T13810]  bpf_test_finish.isra.0+0x52b/0x680
[  378.130952][T13810]  ? __pfx_bpf_test_finish.isra.0+0x10/0x10
[  378.132517][T13810]  ? __pfx_skb_checksum+0x10/0x10
[  378.133825][T13810]  ? __pfx_csum_partial_ext+0x10/0x10
[  378.135196][T13810]  ? __pfx_csum_block_add_ext+0x10/0x10
[  378.136681][T13810]  ? krealloc_noprof+0xff/0x130
[  378.137972][T13810]  bpf_prog_test_run_skb+0x11bb/0x2140
[  378.139437][T13810]  ? __pfx_bpf_prog_test_run_skb+0x10/0x10
[  378.141191][T13810]  ? fput+0x30/0x390
[  378.142296][T13810]  ? __pfx_bpf_prog_test_run_skb+0x10/0x10
[  378.143927][T13810]  __sys_bpf+0x1921/0x5780
[  378.145336][T13810]  ? ksys_write+0x21e/0x260
[  378.146820][T13810]  ? __pfx___sys_bpf+0x10/0x10
[  378.148437][T13810]  ? vfs_write+0x306/0x1150
[  378.149936][T13810]  ? __mutex_unlock_slowpath+0x164/0x650
[  378.151418][T13810]  ? fput+0x30/0x390
[  378.152483][T13810]  ? ksys_write+0x1ad/0x260
[  378.153733][T13810]  ? __pfx_ksys_write+0x10/0x10
[  378.155079][T13810]  __ia32_sys_bpf+0x76/0xe0
[  378.156433][T13810]  __do_fast_syscall_32+0x73/0x120
[  378.157789][T13810]  do_fast_syscall_32+0x32/0x80
[  378.159105][T13810]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  378.160824][T13810] RIP: 0023:0xf7fb3579
[  378.161924][T13810] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  378.166954][T13810] RSP: 002b:00000000f573655c EFLAGS: 00000296 ORIG_RAX: 0000000000000165
[  378.169179][T13810] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 00000000200002c0
[  378.171266][T13810] RDX: 0000000000000050 RSI: 0000000000000000 RDI: 0000000000000000
[  378.173381][T13810] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  378.175649][T13810] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  378.177845][T13810] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  378.179952][T13810]  </TASK>
[  378.180824][    C2] vkms_vblank_simulate: vblank timer overrun
[  378.343115][   T39] kauditd_printk_skb: 6 callbacks suppressed
[  378.343126][   T39] audit: type=1326 audit(1731911248.505:5032): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13811 comm="syz.4.2286" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb3579 code=0x7ffc0000
[  378.350882][   T39] audit: type=1326 audit(1731911248.505:5033): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13811 comm="syz.4.2286" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb3579 code=0x7ffc0000
[  378.356641][   T39] audit: type=1326 audit(1731911248.505:5034): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13811 comm="syz.4.2286" exe="/syz-executor" sig=0 arch=40000003 syscall=5 compat=1 ip=0xf7fb3579 code=0x7ffc0000
[  378.362964][   T39] audit: type=1326 audit(1731911248.505:5035): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13811 comm="syz.4.2286" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb3579 code=0x7ffc0000
[  378.368690][   T39] audit: type=1326 audit(1731911248.505:5036): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13811 comm="syz.4.2286" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb3579 code=0x7ffc0000
[  378.374112][   T39] audit: type=1326 audit(1731911248.505:5037): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13811 comm="syz.4.2286" exe="/syz-executor" sig=0 arch=40000003 syscall=21 compat=1 ip=0xf7fb3579 code=0x7ffc0000
[  378.379675][   T39] audit: type=1326 audit(1731911248.505:5038): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13811 comm="syz.4.2286" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb3579 code=0x7ffc0000
[  378.385058][   T39] audit: type=1326 audit(1731911248.505:5039): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13811 comm="syz.4.2286" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb3579 code=0x7ffc0000
[  378.390440][   T39] audit: type=1326 audit(1731911248.505:5040): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13811 comm="syz.4.2286" exe="/syz-executor" sig=0 arch=40000003 syscall=5 compat=1 ip=0xf7fb3579 code=0x7ffc0000
[  378.395781][   T39] audit: type=1326 audit(1731911248.505:5041): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13811 comm="syz.4.2286" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb3579 code=0x7ffc0000
[  378.463206][T13814] i2c i2c-1: Invalid block write size 34
[  378.466848][T13814] tmpfs: Cannot change global quota limit on remount
[  378.796625][T13826] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2289'.
[  378.799379][T13826] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2289'.
[  379.062834][T13811] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  379.080121][ T1447] usb 10-1: new high-speed USB device number 6 using dummy_hcd
[  379.097455][T13838] xt_NFQUEUE: number of total queues is 0
[  379.178241][ T1162] Bluetooth: (null): Invalid header checksum
[  379.180842][ T1162] Bluetooth: (null): Invalid header checksum
[  379.230069][ T1447] usb 10-1: Using ep0 maxpacket: 8
[  379.240581][ T1447] usb 10-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  379.243360][ T1447] usb 10-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  379.245978][ T1447] usb 10-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  379.249120][ T1447] usb 10-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  379.253431][ T1447] usb 10-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  379.256003][ T1447] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  379.471867][ T1447] usb 10-1: GET_CAPABILITIES returned 0
[  379.478947][ T1447] usbtmc 10-1:16.0: can't read capabilities
[  379.576491][T13849] binder: 13848:13849 ioctl c018620c 20000240 returned -1
[  379.640452][ T5966] Bluetooth: hci4: command 0x0405 tx timeout
[  379.671517][ T5995] usb 10-1: USB disconnect, device number 6
[  379.800174][ T5966] Bluetooth: hci1: command 0x0c1a tx timeout
[  379.880220][ T5333] usb 11-1: new high-speed USB device number 4 using dummy_hcd
[  379.880228][ T5966] Bluetooth: hci5: command 0x040f tx timeout
[  380.030866][ T5333] usb 11-1: Using ep0 maxpacket: 16
[  380.034621][ T5333] usb 11-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  380.038303][ T5333] usb 11-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  380.042717][ T5333] usb 11-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  380.045503][ T5333] usb 11-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  380.054586][ T5333] usb 11-1: config 0 descriptor??
[  380.281931][T13870] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2306'.
[  380.285144][T13870] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2306'.
[  380.288292][T13870] bridge0: vlan filtering disabled, automatically disabling multicast vlan snooping
[  380.412717][T13886] binder: 13885:13886 ioctl c0306201 20000680 returned -14
[  380.521502][T13896] netlink: 36 bytes leftover after parsing attributes in process `syz.4.2314'.
[  380.817277][T13904] netlink: 'syz.6.2298': attribute type 4 has an invalid length.
[  380.824743][T13904] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  380.827784][T13904] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  380.836671][T13905] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[  380.839064][T13905] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  381.720104][ T5312] Bluetooth: hci4: command 0x0405 tx timeout
[  381.880176][ T5312] Bluetooth: hci1: command 0x0c1a tx timeout
[  381.930126][    T8] usb 9-1: new high-speed USB device number 26 using dummy_hcd
[  381.960251][ T5312] Bluetooth: hci5: command 0x040f tx timeout
[  382.080075][    T8] usb 9-1: Using ep0 maxpacket: 8
[  382.084802][    T8] usb 9-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  382.087705][    T8] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  382.090552][    T8] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  382.093457][    T8] usb 9-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  382.096869][    T8] usb 9-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  382.099430][    T8] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  382.307298][    T8] usb 9-1: GET_CAPABILITIES returned 0
[  382.310629][    T8] usbtmc 9-1:16.0: can't read capabilities
[  382.513155][ T8353] usb 9-1: USB disconnect, device number 26
[  382.659985][ T5333] usbhid 11-1:0.0: can't add hid device: -71
[  382.661764][ T5333] usbhid 11-1:0.0: probe with driver usbhid failed with error -71
[  382.670323][ T5333] usb 11-1: USB disconnect, device number 4
[  382.797582][T13933] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2324'.
[  383.293115][T13947] binder: 13946:13947 ioctl c0306201 20000680 returned -14
[  383.880950][T13947] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[  383.883489][T13947] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  384.040076][ T5312] Bluetooth: hci5: command 0x040f tx timeout
[  384.045504][T13967] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2335'.
[  384.131879][T13972] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2334'.
[  384.512271][T13976] FAULT_INJECTION: forcing a failure.
[  384.512271][T13976] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  384.517065][T13976] CPU: 3 UID: 0 PID: 13976 Comm: syz.4.2337 Not tainted 6.12.0-rc7-syzkaller-00216-gf66d6acccbc0 #0
[  384.521140][T13976] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  384.525195][T13976] Call Trace:
[  384.526331][T13976]  <TASK>
[  384.527331][T13976]  dump_stack_lvl+0x16c/0x1f0
[  384.528974][T13976]  should_fail_ex+0x497/0x5b0
[  384.530724][T13976]  _copy_from_user+0x2e/0xd0
[  384.532662][T13976]  kstrtouint_from_user+0xd7/0x1c0
[  384.534390][T13976]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  384.536348][T13976]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  384.538853][T13976]  proc_fail_nth_write+0x84/0x250
[  384.540733][T13976]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  384.542994][T13976]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  384.544925][T13976]  vfs_write+0x24c/0x1150
[  384.546293][T13976]  ? __fget_files+0x23a/0x3f0
[  384.547526][T13976]  ? fdget_pos+0x24c/0x360
[  384.548849][T13976]  ? __pfx_lock_release+0x10/0x10
[  384.550507][T13976]  ? trace_lock_acquire+0x14a/0x1d0
[  384.552260][T13976]  ? __pfx_vfs_write+0x10/0x10
[  384.553840][T13976]  ? __pfx___mutex_lock+0x10/0x10
[  384.555442][T13976]  ? __fget_files+0x244/0x3f0
[  384.557163][T13976]  ksys_write+0x12f/0x260
[  384.558732][T13976]  ? __pfx_ksys_write+0x10/0x10
[  384.560532][T13976]  __do_fast_syscall_32+0x73/0x120
[  384.562411][T13976]  do_fast_syscall_32+0x32/0x80
[  384.564331][T13976]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  384.566618][T13976] RIP: 0023:0xf7fb3579
[  384.568119][T13976] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  384.573348][T13976] RSP: 002b:00000000f5736590 EFLAGS: 00000293 ORIG_RAX: 0000000000000004
[  384.575471][T13976] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000f5736620
[  384.577559][T13976] RDX: 0000000000000001 RSI: 00000000f743dff4 RDI: 0000000000000000
[  384.579644][T13976] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  384.581848][T13976] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  384.583870][T13976] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  384.585931][T13976]  </TASK>
[  384.700539][T13978] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2338'.
[  384.749444][T13983] netlink: 'syz.4.2340': attribute type 4 has an invalid length.
[  384.814011][T13994] binder: 13993:13994 ioctl c0306201 20000680 returned -14
[  384.835405][T14000] FAULT_INJECTION: forcing a failure.
[  384.835405][T14000] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  384.838833][T14000] CPU: 2 UID: 0 PID: 14000 Comm: syz.6.2345 Not tainted 6.12.0-rc7-syzkaller-00216-gf66d6acccbc0 #0
[  384.841626][T14000] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  384.844427][T14000] Call Trace:
[  384.845316][T14000]  <TASK>
[  384.846106][T14000]  dump_stack_lvl+0x16c/0x1f0
[  384.847351][T14000]  should_fail_ex+0x497/0x5b0
[  384.848610][T14000]  _copy_to_user+0x32/0xd0
[  384.849797][T14000]  bpf_test_finish.isra.0+0x52b/0x680
[  384.851334][T14000]  ? __pfx_bpf_test_finish.isra.0+0x10/0x10
[  384.852930][T14000]  ? krealloc_noprof+0xff/0x130
[  384.854219][T14000]  bpf_prog_test_run_skb+0x11bb/0x2140
[  384.855661][T14000]  ? __pfx_bpf_prog_test_run_skb+0x10/0x10
[  384.857209][T14000]  ? fput+0x30/0x390
[  384.858257][T14000]  ? __pfx_bpf_prog_test_run_skb+0x10/0x10
[  384.859793][T14000]  __sys_bpf+0x1921/0x5780
[  384.860991][T14000]  ? ksys_write+0x21e/0x260
[  384.862200][T14000]  ? __pfx___sys_bpf+0x10/0x10
[  384.863467][T14000]  ? vfs_write+0x306/0x1150
[  384.864686][T14000]  ? __mutex_unlock_slowpath+0x164/0x650
[  384.866172][T14000]  ? fput+0x30/0x390
[  384.867216][T14000]  ? ksys_write+0x1ad/0x260
[  384.868431][T14000]  ? __pfx_ksys_write+0x10/0x10
[  384.869658][T14000]  __ia32_sys_bpf+0x76/0xe0
[  384.870863][T14000]  __do_fast_syscall_32+0x73/0x120
[  384.872234][T14000]  do_fast_syscall_32+0x32/0x80
[  384.873576][T14000]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  384.875236][T14000] RIP: 0023:0xf7f13579
[  384.876320][T14000] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  384.881317][T14000] RSP: 002b:00000000f569655c EFLAGS: 00000296 ORIG_RAX: 0000000000000165
[  384.883494][T14000] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000020000600
[  384.885572][T14000] RDX: 0000000000000048 RSI: 0000000000000000 RDI: 0000000000000000
[  384.887637][T14000] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  384.889730][T14000] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  384.891828][T14000] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  384.893910][T14000]  </TASK>
[  384.894780][    C2] vkms_vblank_simulate: vblank timer overrun
[  384.971541][T14006] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2348'.
[  385.063468][T14011] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[  385.068482][T14011] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  385.300037][ T8353] usb 11-1: new full-speed USB device number 5 using dummy_hcd
[  385.430040][ T8353] usb 11-1: device descriptor read/64, error -71
[  385.680614][ T8353] usb 11-1: new full-speed USB device number 6 using dummy_hcd
[  385.841076][T14034] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2357'.
[  385.898612][T14035] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2354'.
[  386.115077][T14034] ip_vti0 speed is unknown, defaulting to 1000
[  386.130017][ T5312] Bluetooth: hci5: command 0x040f tx timeout
[  386.192798][ T8353] usb 11-1: device descriptor read/64, error -71
[  386.300305][ T8353] usb usb11-port1: attempt power cycle
[  386.343075][T14040] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2359'.
[  386.346132][T14040] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2359'.
[  386.640342][ T8353] usb 11-1: new full-speed USB device number 7 using dummy_hcd
[  386.653560][T14048] binder: BINDER_SET_CONTEXT_MGR already set
[  386.657329][T14048] binder: 14047:14048 ioctl 4018620d 200002c0 returned -16
[  386.661196][ T8353] usb 11-1: device descriptor read/8, error -71
[  386.661357][T14048] binder: 14047:14048 ioctl c0306201 20000680 returned -14
[  386.861248][T13900] bond0: (slave syz_tun): Releasing backup interface
[  386.910105][ T8353] usb 11-1: new full-speed USB device number 8 using dummy_hcd
[  386.932866][ T8353] usb 11-1: device descriptor read/8, error -71
[  387.000426][T14054] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[  387.005050][T14054] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  387.048548][ T8353] usb usb11-port1: unable to enumerate USB device
[  387.058647][   T11] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  387.170605][   T11] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  387.247555][   T11] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  387.322721][   T11] netdevsim netdevsim4  (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  387.419554][   T11] bridge_slave_1: left allmulticast mode
[  387.421801][   T11] bridge_slave_1: left promiscuous mode
[  387.423343][   T11] bridge0: port 2(bridge_slave_1) entered disabled state
[  387.426945][   T11] bridge_slave_0: left allmulticast mode
[  387.428837][   T11] bridge_slave_0: left promiscuous mode
[  387.431442][   T11] bridge0: port 1(bridge_slave_0) entered disabled state
[  387.898461][   T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  387.902397][   T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  387.905864][   T11] bond0 (unregistering): Released all slaves
[  387.910082][   T11] bond1 (unregistering): Released all slaves
[  387.913778][T14064] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2368'.
[  387.916016][T14064] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2368'.
[  388.020653][   T43] ==================================================================
[  388.023103][   T43] BUG: KASAN: use-after-free in move_to_new_folio+0x12e/0x700
[  388.025524][   T43] Read of size 8 at addr ffff888022dde038 by task kcompactd0/43
[  388.027719][   T43] 
[  388.028366][   T43] CPU: 3 UID: 0 PID: 43 Comm: kcompactd0 Not tainted 6.12.0-rc7-syzkaller-00216-gf66d6acccbc0 #0
[  388.032387][   T43] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  388.035157][   T43] Call Trace:
[  388.036046][   T43]  <TASK>
[  388.036828][   T43]  dump_stack_lvl+0x116/0x1f0
[  388.038040][   T43]  print_report+0xc3/0x620
[  388.039201][   T43]  ? __virt_addr_valid+0x5e/0x590
[  388.040488][   T43]  ? __phys_addr+0xc6/0x150
[  388.041646][   T43]  kasan_report+0xd9/0x110
[  388.042793][   T43]  ? move_to_new_folio+0x12e/0x700
[  388.044138][   T43]  ? move_to_new_folio+0x12e/0x700
[  388.045482][   T43]  kasan_check_range+0xef/0x1a0
[  388.046783][   T43]  move_to_new_folio+0x12e/0x700
[  388.048106][   T43]  migrate_pages_batch+0x206a/0x31b0
[  388.049448][   T43]  ? __pfx_compaction_free+0x10/0x10
[  388.050821][   T43]  ? __pfx_migrate_pages_batch+0x10/0x10
[  388.052262][   T43]  ? __pfx___lock_acquire+0x10/0x10
[  388.053584][   T43]  migrate_pages_sync+0x109/0x8f0
[  388.055114][   T43]  ? __pfx_compaction_alloc+0x10/0x10
[  388.056817][   T43]  ? __pfx_compaction_free+0x10/0x10
[  388.058340][   T43]  ? find_held_lock+0x2d/0x110
[  388.059825][   T43]  ? __pfx_migrate_pages_sync+0x10/0x10
[  388.061702][   T43]  ? __pfx_lock_release+0x10/0x10
[  388.063422][   T43]  ? lock_acquire+0x2f/0xb0
[  388.064642][   T43]  ? isolate_movable_page+0x3b/0x7f0
[  388.066039][   T43]  migrate_pages+0x19ee/0x21f0
[  388.067314][   T43]  ? __pfx_compaction_alloc+0x10/0x10
[  388.068769][   T43]  ? __pfx_compaction_free+0x10/0x10
[  388.070177][   T43]  ? __pfx_migrate_pages+0x10/0x10
[  388.071601][   T43]  ? __pfx_isolate_migratepages_block+0x10/0x10
[  388.073240][   T43]  compact_zone+0x1f68/0x4280
[  388.074484][   T43]  ? __pfx_compact_zone+0x10/0x10
[  388.075782][   T43]  ? lock_acquire.part.0+0x11b/0x380
[  388.077180][   T43]  compact_node+0x1a2/0x2d0
[  388.078388][   T43]  ? __pfx_compact_node+0x10/0x10
[  388.079729][   T43]  ? kcompactd+0x55f/0xde0
[  388.080922][   T43]  ? __pfx_extfrag_for_order+0x10/0x10
[  388.082356][   T43]  kcompactd+0x76e/0xde0
[  388.083572][   T43]  ? __pfx_kcompactd+0x10/0x10
[  388.084868][   T43]  ? __pfx_autoremove_wake_function+0x10/0x10
[  388.086685][   T43]  ? lockdep_hardirqs_on+0x7c/0x110
[  388.088055][   T43]  ? __kthread_parkme+0x148/0x220
[  388.089399][   T43]  ? __pfx_kcompactd+0x10/0x10
[  388.090665][   T43]  kthread+0x2c1/0x3a0
[  388.091744][   T43]  ? _raw_spin_unlock_irq+0x23/0x50
[  388.093126][   T43]  ? __pfx_kthread+0x10/0x10
[  388.094338][   T43]  ret_from_fork+0x45/0x80
[  388.095513][   T43]  ? __pfx_kthread+0x10/0x10
[  388.096740][   T43]  ret_from_fork_asm+0x1a/0x30
[  388.097984][   T43]  </TASK>
[  388.098809][   T43] 
[  388.099443][   T43] The buggy address belongs to the physical page:
[  388.101115][   T43] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x22dde
[  388.103722][   T43] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  388.105877][   T43] raw: 00fff00000000000 ffffea00008b77c8 ffffea00008b7748 0000000000000000
[  388.108111][   T43] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[  388.110383][   T43] page dumped because: kasan: bad access detected
[  388.112043][   T43] page_owner tracks the page as freed
[  388.113460][   T43] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 37, tgid 37 (kdevtmpfs), ts 5598324093, free_ts 387566738977
[  388.118900][   T43]  post_alloc_hook+0x2d1/0x350
[  388.120200][   T43]  get_page_from_freelist+0xfce/0x2f80
[  388.121630][   T43]  __alloc_pages_noprof+0x223/0x25a0
[  388.123021][   T43]  alloc_pages_mpol_noprof+0x2c9/0x610
[  388.124460][   T43]  new_slab+0x2c9/0x410
[  388.125562][   T43]  ___slab_alloc+0xd1d/0x16f0
[  388.126804][   T43]  __slab_alloc.constprop.0+0x56/0xb0
[  388.128239][   T43]  kmem_cache_alloc_lru_noprof+0x2a7/0x2f0
[  388.129764][   T43]  shmem_alloc_inode+0x25/0x50
[  388.131026][   T43]  alloc_inode+0x5d/0x230
[  388.132172][   T43]  new_inode+0x22/0x210
[  388.133268][   T43]  shmem_get_inode+0x194/0xea0
[  388.134523][   T43]  shmem_mknod+0x66/0x240
[  388.135660][   T43]  vfs_mknod+0x5d7/0x8e0
[  388.136782][   T43]  devtmpfs_work_loop+0x1a8/0x7d0
[  388.138098][   T43]  devtmpfsd+0x4c/0x50
[  388.139188][   T43] page last free pid 13659 tgid 13659 stack trace:
[  388.140887][   T43]  free_unref_page+0x661/0x1080
[  388.142173][   T43]  qlist_free_all+0x4e/0x120
[  388.143396][   T43]  kasan_quarantine_reduce+0x192/0x1e0
[  388.144845][   T43]  __kasan_slab_alloc+0x69/0x90
[  388.146129][   T43]  kmem_cache_alloc_noprof+0x121/0x2f0
[  388.147564][   T43]  getname_flags.part.0+0x4c/0x550
[  388.148920][   T43]  getname_flags+0x93/0xf0
[  388.150100][   T43]  __ia32_sys_mkdirat+0x75/0xb0
[  388.151383][   T43]  __do_fast_syscall_32+0x73/0x120
[  388.152738][   T43]  do_fast_syscall_32+0x32/0x80
[  388.154022][   T43]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  388.155683][   T43] 
[  388.156326][   T43] Memory state around the buggy address:
[  388.157795][   T43]  ffff888022dddf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  388.159893][   T43]  ffff888022dddf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  388.161999][   T43] >ffff888022dde000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  388.164124][   T43]                                         ^
[  388.165713][   T43]  ffff888022dde080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  388.167796][   T43]  ffff888022dde100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  388.169889][   T43] ==================================================================
[  388.172992][   T43] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  388.175180][   T43] CPU: 3 UID: 0 PID: 43 Comm: kcompactd0 Not tainted 6.12.0-rc7-syzkaller-00216-gf66d6acccbc0 #0
[  388.177919][   T43] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  388.180728][   T43] Call Trace:
[  388.181610][   T43]  <TASK>
[  388.182389][   T43]  dump_stack_lvl+0x3d/0x1f0
[  388.183660][   T43]  panic+0x71d/0x800
[  388.184735][   T43]  ? __pfx_panic+0x10/0x10
[  388.185926][   T43]  ? preempt_schedule_thunk+0x1a/0x30
[  388.187331][   T43]  ? preempt_schedule_common+0x44/0xc0
[  388.188785][   T43]  ? check_panic_on_warn+0x1f/0xb0
[  388.190185][   T43]  check_panic_on_warn+0xab/0xb0
[  388.191733][   T43]  end_report+0x117/0x180
[  388.192884][   T43]  kasan_report+0xe9/0x110
[  388.194053][   T43]  ? move_to_new_folio+0x12e/0x700
[  388.195386][   T43]  ? move_to_new_folio+0x12e/0x700
[  388.196723][   T43]  kasan_check_range+0xef/0x1a0
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  388.197996][   T43]  move_to_new_folio+0x12e/0x700
[  388.199428][   T43]  migrate_pages_batch+0x206a/0x31b0
[  388.200811][   T43]  ? __pfx_compaction_free+0x10/0x10
[  388.202194][   T43]  ? __pfx_migrate_pages_batch+0x10/0x10
[  388.203662][   T43]  ? __pfx___lock_acquire+0x10/0x10
[  388.205040][   T43]  migrate_pages_sync+0x109/0x8f0
[  388.206829][   T43]  ? __pfx_compaction_alloc+0x10/0x10
[  388.208291][   T43]  ? __pfx_compaction_free+0x10/0x10
[  388.209669][   T43]  ? find_held_lock+0x2d/0x110
[  388.210939][   T43]  ? __pfx_migrate_pages_sync+0x10/0x10
[  388.212375][   T43]  ? __pfx_lock_release+0x10/0x10
[  388.213699][   T43]  ? lock_acquire+0x2f/0xb0
[  388.214889][   T43]  ? isolate_movable_page+0x3b/0x7f0
[  388.216271][   T43]  migrate_pages+0x19ee/0x21f0
[  388.217522][   T43]  ? __pfx_compaction_alloc+0x10/0x10
[  388.218944][   T43]  ? __pfx_compaction_free+0x10/0x10
[  388.220430][   T43]  ? __pfx_migrate_pages+0x10/0x10
[  388.221746][   T43]  ? __pfx_isolate_migratepages_block+0x10/0x10
[  388.223367][   T43]  compact_zone+0x1f68/0x4280
[  388.224623][   T43]  ? __pfx_compact_zone+0x10/0x10
[  388.226032][   T43]  ? lock_acquire.part.0+0x11b/0x380
[  388.227339][   T43]  compact_node+0x1a2/0x2d0
[  388.228539][   T43]  ? __pfx_compact_node+0x10/0x10
[  388.229856][   T43]  ? kcompactd+0x55f/0xde0
[  388.231149][   T43]  ? __pfx_extfrag_for_order+0x10/0x10
[  388.232574][   T43]  kcompactd+0x76e/0xde0
[  388.233664][   T43]  ? __pfx_kcompactd+0x10/0x10
[  388.234877][   T43]  ? __pfx_autoremove_wake_function+0x10/0x10
[  388.236438][   T43]  ? lockdep_hardirqs_on+0x7c/0x110
[  388.237749][   T43]  ? __kthread_parkme+0x148/0x220
[  388.239043][   T43]  ? __pfx_kcompactd+0x10/0x10
[  388.240311][   T43]  kthread+0x2c1/0x3a0
[  388.241380][   T43]  ? _raw_spin_unlock_irq+0x23/0x50
[  388.242753][   T43]  ? __pfx_kthread+0x10/0x10
[  388.243975][   T43]  ret_from_fork+0x45/0x80
[  388.245152][   T43]  ? __pfx_kthread+0x10/0x10
[  388.246360][   T43]  ret_from_fork_asm+0x1a/0x30
[  388.247621][   T43]  </TASK>
[  388.248997][   T43] Kernel Offset: disabled
[  388.250129][   T43] Rebooting in 86400 seconds..

VM DIAGNOSIS:
06:27:38  Registers:
info registers vcpu 0

CPU#0
RAX=0000000080000000 RBX=ffff8880427502b0 RCX=ffffffff8202eca3 RDX=ffff8880211a8000
RSI=0000000000000000 RDI=0000000000000005 RBP=0000000000000081 RSP=ffffc900295979f8
R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000000 R11=0000000000000000
R12=0000000000000000 R13=0000000000000000 R14=0000000000000000 R15=ffff8880427502b2
RIP=ffffffff818cb53c RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88802b400000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00007fff4f5b1ff8 CR3=000000005f7d8000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=000000000000000e 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ff00000000000000
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000ff0000000000 000000000000ff00
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ff00ff00ffffffff 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=000000000173627d RBX=0000000000000001 RCX=ffffffff8b14ed79 RDX=0000000000000000
RSI=ffffffff8b4cc8e0 RDI=ffffffff8bb13a60 RBP=ffffed10036e9910 RSP=ffffc90000477e08
R8 =0000000000000001 R9 =ffffed10056a7025 R10=ffff88802b53812b R11=0000000000000000
R12=0000000000000001 R13=ffff88801b74c880 R14=ffffffff901cf808 R15=0000000000000000
RIP=ffffffff8b15015f RFL=00000206 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88802b500000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000555e37275950 CR3=0000000058132000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=00000000c4c0c004 Opmask01=0000000000000003 Opmask02=00000000007bc003 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000004 0302000100008881
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 75722f7261762f88
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff 0f0e0d0c0b0a0908
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0a002075676f0087 868a898482818388
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffff000000000000 0000000000ff0000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000ff00ff ffff000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffff000000000000 0000000000ff0000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 003169616d006e65 6874000000000000 0000000000006d72
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000555e3700662d 0000555e37286da8 0000555e37286dc8 665f65676e006d72
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000555e18004902 0000555e18074287 0000555e180742c8 495f4a484100425d
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 2

CPU#2
RAX=0000000000000000 RBX=0000000000000000 RCX=0000000000000000 RDX=0000000000000000
RSI=0000000000000000 RDI=ffffffff9a54bfb0 RBP=0000000000000001 RSP=ffffc9000776f7d0
R8 =0000000000000001 R9 =0000000000000001 R10=ffffffff901cf80f R11=0000000000000000
R12=ffffffff9a54bfb0 R13=ffffffff9a54bfb0 R14=0000000000000000 R15=0000000000000000
RIP=ffffffff8169ed8f RFL=00000082 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88802b600000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000008f000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000555f64ac5000 CR3=0000000045586000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000008082082 Opmask01=0000000000000000 Opmask02=00000000dfff7fff Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000001 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000001a4
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 554245440045534f 4252455600524f52 5245004c41544146 0054454955510029
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 554245440045534f 4252455600524f52 5245004c41544146 005445495551000c
ZMM20=0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004
ZMM21=91723fc791723fc7 91723fc791723fc7 91723fc791723fc7 91723fc791723fc7 91723fc791723fc7 91723fc791723fc7 91723fc791723fc7 91723fc791723fc7
ZMM22=bfccf3b4bfccf3b4 bfccf3b4bfccf3b4 bfccf3b4bfccf3b4 bfccf3b4bfccf3b4 bfccf3b4bfccf3b4 bfccf3b4bfccf3b4 bfccf3b4bfccf3b4 bfccf3b4bfccf3b4
ZMM23=24c6201f24c6201f 24c6201f24c6201f 24c6201f24c6201f 24c6201f24c6201f 24c6201f24c6201f 24c6201f24c6201f 24c6201f24c6201f 24c6201f24c6201f
ZMM24=bae30f78bae30f78 bae30f78bae30f78 bae30f78bae30f78 bae30f78bae30f78 bae30f78bae30f78 bae30f78bae30f78 bae30f78bae30f78 bae30f78bae30f78
ZMM25=6be7d8296be7d829 6be7d8296be7d829 6be7d8296be7d829 6be7d8296be7d829 6be7d8296be7d829 6be7d8296be7d829 6be7d8296be7d829 6be7d8296be7d829
ZMM26=479e78e2479e78e2 479e78e2479e78e2 479e78e2479e78e2 479e78e2479e78e2 479e78e2479e78e2 479e78e2479e78e2 479e78e2479e78e2 479e78e2479e78e2
ZMM27=dbcef327dbcef327 dbcef327dbcef327 dbcef327dbcef327 dbcef327dbcef327 dbcef327dbcef327 dbcef327dbcef327 dbcef327dbcef327 dbcef327dbcef327
ZMM28=000000100000000f 0000000e0000000d 0000000c0000000b 0000000a00000009 0000000800000007 0000000600000005 0000000400000003 0000000200000001
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=f1100000f1100000 f1100000f1100000 f1100000f1100000 f1100000f1100000 f1100000f1100000 f1100000f1100000 f1100000f1100000 f1100000f1100000
info registers vcpu 3

CPU#3
RAX=0000000000000030 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff8504b0c5 RDI=ffffffff9a645360 RBP=ffffffff9a645320 RSP=ffffc9000069ee78
R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=552033203a555043
R12=0000000000000000 R13=0000000000000030 R14=ffffffff8504b060 R15=0000000000000000
RIP=ffffffff8504b0ef RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88802b700000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000d6000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00007ffe71874508 CR3=000000000db7c000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=00000000c0c0fffd Opmask01=000000000000001c Opmask02=000000000000001f Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000ffffffff 0000000100000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000008888
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff 0f0e0d0c0b0a0908
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0a002075676f0087 868a898482818388
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ff00ff0000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff ffffffffffff0000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ff00ff0000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 3d3d3d3d3d3d3d3d 3d3d3d3d3d3d3d3d 3d3d3d3d3d3d3d3d 3d3d3d3d3d3d3d3d
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000066 0000000000000000 0000555e37286e98 0000555e37286e80
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000555e37286ea0 0000555e37286e98 0000000000000000 0000000000008800
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00733d6e6f682d5f 66690064636c6166 3d2f645f66630031
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000