last executing test programs:

4.908886606s ago: executing program 3 (id=993):
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x2, @pix_mp={0x0, 0x0, 0x34324152, 0x0, 0xb}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x0)
io_setup(0x6, 0x0)
syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00')
io_submit(0x0, 0x0, &(0x7f0000000040))
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000001240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x40, 0x2, 0x6, 0x301, 0xa, 0x0, {}, [@IPSET_ATTR_TYPENAME={0x10, 0x3, 'bitmap:port\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_DATA={0x4}]}, 0x40}}, 0x0)
sendmsg$IPSET_CMD_DESTROY(r1, 0x0, 0x0)
writev(0xffffffffffffffff, &(0x7f0000000000)=[{0x0}, {0x0}], 0x2)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000200)={'dummy0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000140)=@newqdisc={0x40, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_clsact={0xb}, @TCA_INGRESS_BLOCK={0x8, 0xd, 0x8}, @TCA_EGRESS_BLOCK={0x8, 0xe, 0x8}]}, 0x40}}, 0x0) (fail_nth: 12)

4.030352291s ago: executing program 3 (id=998):
r0 = syz_open_procfs$namespace(0x0, &(0x7f0000001580)='ns/uts\x00')
write(0xffffffffffffffff, &(0x7f00000002c0)="6f88b2a60614ef91a3f8ef9e1220b2675bce0f59b2336b1e3eb222ffa77b91bd642da8472b07a5059831e5c03734ccff6480db993a9be5198f428be1838bef5847f8452dab06605676dc879a87d9c28bf128eb784296078f4a28e8a2595743bd65e4e6a9e5ced66e5524edc432ceaab8552a2c2f179d91122a961061343c8695c39084b2370dae938e8d43b6d6fbd905eff6c6360e26d2ef525c6a46357a0f26061ba8da82c8c39b5ac93cea456c8ed747b85fa822136714ad8bdb0d36d7c9c75354e5d73d216e45cb24fc975e092c08bd1bfb1102952f580acce4909b84036801c1f0b88c7508aa2bf5999b5f8b0da1b6d5a83203cf784ce1e8a562c75310eea1c28d9f650073742c8e9311718b35ac6e6a272bd76b7e547c06b9b9c461163e18f48033a79c7f3a6574c234d84fa9c569100e6c088070010175611c6643b7cd4eb643ab300fa1e46fb4027fe48882975fcfd5a5295ead29b97cb0e86af8a0b4beb400d3b54774eafac72f7d222a4248662afdd0072963aef817701d5ffc09f61d563c3ed0992670002289a555f7bebfec91b5c75e9222b17ed54aff16a3d6a0cfab24f8bffcaef7c61f2be13411eb800853f37dd2d0efc25abc246e833d350206539d5160991f02e4b0201f14ed8fdc814c4034ed7e438934b250352ece17f1147ba3265caf7d6dcc71b59da7ea72c698adfeeb89e4e1090000000000000037f0a1459629821e194a2601310dc37e5d25c9b21055681830bf06fc121191758bf9e1d11571ee3a3a41ec52dc12d74f657a35f396e51b22ab9955933cd68d838dfe6ff69882554c01", 0x248) (async)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r1, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x3}, 0x6) (async)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000080)={0x4, <r2=>0x0}, 0x8)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f0000000340)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x2f}, @printk={@li, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x200}, {0x85, 0x0, 0x0, 0x72}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r3, 0x0, 0x10, 0x10, &(0x7f00000002c0)="0000ffffffffa000", &(0x7f0000000300)=""/8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) (async)
write$bt_hci(r1, &(0x7f0000000500)=ANY=[@ANYBLOB="0e0001000200"], 0x8) (async)
ioctl$NS_GET_OWNER_UID(r0, 0xb704, &(0x7f0000000000))

3.959776335s ago: executing program 3 (id=1000):
unshare(0x68060200)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xffffff5f)
r0 = socket$nl_route(0x10, 0x3, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
syz_emit_ethernet(0xc6, &(0x7f0000000280)={@link_local, @dev, @val={@void}, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "f53a04", 0x8c, 0x3a, 0x0, @remote, @mcast2, {[], @param_prob={0x2, 0x0, 0x0, 0x500, {0x0, 0x6, "11f808", 0x0, 0x0, 0x0, @private1, @mcast1, [], "3f871bf8ef28639bcd27a8b0d174862e2a496b3a017ff19b07f2cbc84af012099e9b6a8f89cfb1ac40ed35d95f9c0af0b81c536b92e34d9cff389579c274b7460ed287a2e99bfe02dbe826797cb0023ae83ecd55291ea5a1d03a4f48"}}}}}}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000040)={'team0\x00', <r2=>0x0})
sendmsg$nl_route(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000001c0)=@newlink={0x3c, 0x10, 0x403, 0x0, 0x25dfdbfb, {0x0, 0x0, 0x4, 0x0, 0x300}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @vcan={{0x9}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0x4c044)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='attr/fscreate\x00')
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=@ipv4_newrule={0x1c, 0x20, 0x301, 0x0, 0x25dfdbfb}, 0x1c}}, 0x0)

3.530276099s ago: executing program 3 (id=1004):
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r0, &(0x7f0000000600)={0x0, 0x3, &(0x7f0000000040)=[{&(0x7f0000000000)="2e00000010008188e6b62aa73772cc9f1ba1f848430000435e140602000000000e0003000f000000028000001294", 0x2e}], 0x1}, 0x0)

3.42950754s ago: executing program 3 (id=1005):
r0 = socket$inet(0xa, 0x801, 0x84)
connect$inet(r0, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10)
listen(r0, 0x62)
r1 = accept4(r0, 0x0, 0x0, 0x80800)
sendto$inet(r1, &(0x7f00000002c0)="cc", 0x1, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_usb_connect(0x0, 0x3f, &(0x7f0000000540)=ANY=[@ANYBLOB="11010000733336088dee1edb23610000000109022d0101100000000904000003fe03010009cd8d1f0002000000090505020000fcffff09058b1e20"], 0x0)
syz_usb_control_io(r2, 0x0, 0x0)
syz_usb_control_io(r2, 0x0, &(0x7f0000000780)={0x84, &(0x7f00000004c0)=ANY=[@ANYBLOB="00000100000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r3 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
ioctl$EVIOCGMASK(r3, 0x80015b1a, 0x0)
r4 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r5 = dup(r4)
r6 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0xffffffff, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000181100", @ANYRES32=r7, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000000)='syzkaller\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xe, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r8}, 0x10)
r9 = syz_open_dev$tty20(0xc, 0x4, 0x0)
r10 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$VT_RESIZEX(r10, 0x560a, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x3, 0x3, 0x2})
ioctl$VT_RESIZE(r9, 0x5609, &(0x7f0000000040)={0x4, 0x3, 0xb})
write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffffffffffff0)
r11 = syz_io_uring_setup(0x239, &(0x7f0000000380)={0x0, 0x1ffffe, 0x10100, 0x0, 0x0, 0x0, r5}, &(0x7f0000000180)=<r12=>0x0, &(0x7f00000001c0)=<r13=>0x0)
syz_io_uring_submit(r12, r13, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1})
sendmsg$nl_generic(r5, &(0x7f0000000400)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000140)={&(0x7f0000000440)={0xfffffffffffffd36, 0x33, 0x10, 0x70bd29, 0x25dfdbfd, {0x19}, [@nested={0x4, 0x61}, @generic="b2223b579105944caff50372c50707a590cbdb68807e8b7c90bc3d2ec459fc906492e3bdf6b3903ad0abb0701c65c79d6c06a353cf0c2200e12f5ea50a276f180fa2711e2385937165ef0a1a9616028b8d28d687fbda37d1aaf915d8be4060fe2fe7d8a6e6"]}, 0x20}, 0x1, 0x0, 0x0, 0x240000c0}, 0x8000)
io_uring_enter(r11, 0x2ded, 0x4000, 0x0, 0x0, 0x0)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)
pipe(&(0x7f0000000080))
mknod(&(0x7f0000002400)='./file0\x00', 0x2, 0x0)

1.633740681s ago: executing program 1 (id=1010):
r0 = socket(0x21, 0x800000002, 0x65b8fb6d)
r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r2 = gettid()
sendmsg$unix(0xffffffffffffffff, 0x0, 0x0)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc))
iopl(0x3)
socket$nl_route(0x10, 0x3, 0x0)
syz_io_uring_setup(0x0, 0x0, &(0x7f0000000100), 0x0)
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x8)
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r3 = mq_open(&(0x7f000084dff0)='!selinuxselinux\x00', 0x6e93ebbbcc0884f2, 0x0, &(0x7f0000000300)={0x0, 0x1, 0x7})
mq_timedsend(r3, 0x0, 0x0, 0x0, 0x0)
mq_timedsend(r3, 0x0, 0x0, 0x0, 0x0)
sendmsg$netlink(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000001ac0)=[{&(0x7f0000003080)=ANY=[@ANYBLOB="9c020000230001000000000000000000550200800c00010002"], 0x29c}], 0x1}, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x2, @sliced={0x8, [0x7d00, 0x9, 0xa4c, 0x4, 0x9d5, 0x1, 0x4, 0x1000, 0x7, 0x0, 0x8, 0x7, 0x1, 0x89b2, 0xa, 0x9, 0x3, 0x6, 0xe667, 0x0, 0x7, 0x800, 0xa, 0x6, 0xff, 0x6, 0xe7f, 0x101, 0x80, 0xd0f, 0x6, 0x0, 0x80, 0x8002, 0x77, 0x5a50, 0x9, 0x3, 0x4, 0x5, 0x6, 0x1, 0x5913, 0x8, 0x80d, 0x8, 0x5, 0x7ff]}})
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
add_key(&(0x7f0000000180)='.dead\x00', 0x0, &(0x7f00000002c0), 0x0, 0xfffffffffffffffb)
remap_file_pages(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x0, 0x0, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f00000002c0)=0x80002)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
prctl$PR_MCE_KILL(0x21, 0x1, 0x0)
r5 = syz_open_dev$vim2m(&(0x7f0000000400), 0x0, 0x2)
ioctl$vim2m_VIDIOC_CREATE_BUFS(r5, 0xc0f8565c, &(0x7f0000000440)={0x0, 0xe8d, 0x1, {0x1, @win={{0x0, 0xffffffff, 0x100000, 0x4}, 0x0, 0x195, 0x0, 0x0, 0x0, 0xfd}}})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
write$RDMA_USER_CM_CMD_RESOLVE_IP(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000000)={'ipvlan0\x00', {0x2, 0x0, @private=0xac141437}})

731.223414ms ago: executing program 1 (id=1025):
r0 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r1, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r1, 0xc01064b5, &(0x7f0000000280)={&(0x7f0000000100)=[<r2=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_GETPLANE(r1, 0xc02064b6, &(0x7f00000001c0)={r2, 0x0, <r3=>0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_GETPLANE(r0, 0xc02064b6, &(0x7f0000000200)={r2, <r4=>0x0, r3, 0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_SETCRTC(r0, 0xc06864a2, &(0x7f0000000400)={0x0, 0x0, r4, r3, 0x0, 0x1, 0x0, 0x7b46, {0x5, 0x1, 0x3, 0x65, 0x1, 0x1, 0x2, 0x4005, 0x4cab, 0xe156, 0x0, 0x1, 0x0, 0x400000, "fe1d0e1cff001704000000341300000000000000000000003f00"}})

728.264898ms ago: executing program 1 (id=1026):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0x8f)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x11, 0x18, &(0x7f0000000180)=ANY=[], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x1f00, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r3}, 0x10)
r4 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000001c0)={0x114, 0x2b, 0x1, 0x0, 0x0, "", [@nested={0x104, 0x0, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}, @typed={0x14, 0x1, 0x0, 0x0, @ipv6=@loopback}, @generic="50bb2d6f67d29d6fabadb107d0def49c88ea04abde1d5e8d3fb22a1b5046778bdafefc46b0449ade68bf84b36ec72dd71265fc2e882348c26c2126237dd5b37f5ae655b1086cda40e00aec58754734be31d750351dc076eb43d9621dc08c029d1608a487f26fbe816b89f7cb81bff81a8b9482565856555ee923c65973deb0a99b962bc0fe94a3fcae3697bd7b85b3a682167c43dbf137115a40ebddcad74875ec58e9a3ddb9ad02a078cf0d972df9e99f079767734f69ce475f55ac64337803f5eb4e5842f4d98fe3fa370d47eb640dc5061dc35817c8a66c29be82fd3f8cd1"]}]}, 0x114}], 0x1}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0xd, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b708000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r5, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20)
r6 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000380)={0x3, 0x4, 0x4, 0xa, 0x0, r5, 0xffffffff, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2, 0x5, 0x0, @void, @value, @void, @value}, 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000540)={{r6}, &(0x7f0000000400), &(0x7f0000000500)=r3}, 0x1c)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r5], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000980)='sys_exit\x00', r7}, 0x10)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000700)='signal_generate\x00', r8}, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r9=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="050000000000000000000600000008000300", @ANYRES32=r9, @ANYBLOB="080005000300000095582c3b60825f5f3376eacdbb7ca246fb7edd4cdc3041449bfd88525d42622ff873bb478d4b7d6cb5baba7c83a6bac0fd2d065ba1c77ee22df541ad164b74e23b288f82bfad2658adea209547315ec5ba428bd7a3dff349"], 0x24}}, 0x0)
sendmsg$NL80211_CMD_START_AP(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000001300)=ANY=[@ANYBLOB='t\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="050000000000000000000f000000080003", @ANYRES32=r9, @ANYBLOB="28000e0080000000ffffffffffff0802110000000802110000000000000000000000000064000100080026006c09000008000c006400000008000d00000000000a0034000202020202020000080035000000f8"], 0x74}}, 0x0)

619.641298ms ago: executing program 1 (id=1028):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
fcntl$getownex(r0, 0x10, &(0x7f0000000040))
write$binfmt_script(r0, &(0x7f00000000c0)={'#! ', './file0'}, 0xb)
socket$inet6_sctp(0xa, 0x5, 0x84)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0)
syz_open_dev$usbfs(&(0x7f0000000000), 0xd, 0x800)
r1 = syz_io_uring_setup(0x117, &(0x7f0000000100), &(0x7f0000000280)=<r2=>0x0, &(0x7f0000000200)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffc00, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000000c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x7, 0x0, 0x0, 0x0, 0xc})
io_uring_enter(r1, 0x47f6, 0x0, 0x0, 0x0, 0x0)
prlimit64(0x0, 0x7, &(0x7f0000000200), 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r0, 0x0)
timerfd_settime(0xffffffffffffffff, 0x1, &(0x7f0000000000)={{}, {0x0, 0x3938700}}, 0x0)

489.665054ms ago: executing program 2 (id=1031):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_user\x00', 0x275a, 0x0)
write$UHID_CREATE2(r0, &(0x7f00000001c0)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r0, 0x0)
ioctl$I2C_TIMEOUT(r0, 0x702, 0x68)
sendfile64(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00000004c0), 0x0)
mbind(&(0x7f00001fa000/0x2000)=nil, 0x2000, 0x1, 0x0, 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
syz_emit_vhci(&(0x7f0000000000)=@HCI_SCODATA_PKT={0x3, {0xc8, 0x22}, "ab0a090cc336fc6eb9a4c0d67628e770dc4b3009b94439093be5468a49c5e0dfc150"}, 0x26)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x1f, 0x18, &(0x7f0000000200)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r3}}, {}, [@ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x9}}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x1d, '\x00', 0x0, @fallback=0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_GUEST_DEBUG(r4, 0x4048ae9b, &(0x7f0000000300)={0x4376ea830d5d549a})
ioctl$KVM_RUN(r4, 0xae80, 0x0)

420.034302ms ago: executing program 1 (id=1032):
r0 = socket$l2tp6(0xa, 0x2, 0x73)
sendmmsg$inet6(r0, &(0x7f0000003040)=[{{&(0x7f00000000c0)={0xa, 0x0, 0x0, @local}, 0x1c, 0x0}, 0x7ffffffb}, {{&(0x7f0000000bc0)={0xa, 0x4e20, 0x7fffffff, @local, 0x66}, 0x17, 0x0}}], 0x2, 0x0)

419.634762ms ago: executing program 1 (id=1033):
r0 = socket$inet(0x2, 0x0, 0x0)
syz_emit_ethernet(0x66, &(0x7f0000001a40)={@broadcast, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "1200b0", 0x30, 0x3a, 0x0, @empty, @mcast2, {[], @dest_unreach={0xa0, 0x0, 0x0, 0x0, '\x00', {0x0, 0x6, "277382", 0x0, 0x0, 0x0, @private1, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}}}}}}, 0x0)
shutdown(r0, 0x0)
recvmmsg(r0, 0x0, 0x0, 0x0, 0x0)
ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f00000002c0)=<r1=>0x0)
r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/address_bits', 0x0, 0x104)
ioctl$SOUND_MIXER_READ_RECSRC(r2, 0x80044dff, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000340)={r1, r2, 0x0, 0x7, &(0x7f0000000200)='cgroup\x00'}, 0x30)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r5=>0x0})
sendmsg$NL80211_CMD_JOIN_MESH(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000003c0)={0x40, r4, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_MESH_ID={0xa}, @NL80211_ATTR_TX_RATES={0x18, 0x5a, 0x0, 0x1, [@NL80211_BAND_2GHZ={0x14, 0x0, 0x0, 0x1, [@NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_GI={0x5}]}]}]}, 0x40}}, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r6 = signalfd4(0xffffffffffffffff, &(0x7f0000000140), 0x8, 0x0)
r7 = syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x101301)
ioctl$USBDEVFS_CLAIM_PORT(r7, 0x80045518, &(0x7f0000000280)=0x7)
r8 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x801, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002200002018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000820000009500000000000000"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r9, 0x0, 0xe, 0x0, &(0x7f0000000300)="14fd54ab72df97e6256c00000000", 0x0, 0x7ff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
close_range(r6, 0xffffffffffffffff, 0x0)
syz_usb_connect(0x1, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x200, 0x6a, 0xf2, 0x96, 0x8, 0x1a8d, 0x100d, 0xdd34, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x2, 0xff, 0x49, 0x57, 0x0, [], [{{0x9, 0x5, 0xf, 0x10, 0x0, 0x7f}}, {{0x9, 0x5, 0x3, 0x2, 0x20, 0x2}}]}}]}}]}}, 0x0)

391.323757ms ago: executing program 0 (id=1034):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000280)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000001c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000200000a20000000160a01020000000000000000630000090900020073797a30000000008800c800180a01010000000000000000030000050900020073797a3100000000380003802c0003801400010076657468305f766c616e0000000000001400010076657468305f766972745f776966690008000140000000000900020073797a30000000000900010073797a30000000000c00038008000240000000050c00054000000000000000021c010000180a010100000000000000000a00000008000740000000020900020073797a32000000000c000540000000000000000108000740000000030900020073797a31000000000900010073797a30000000000c00054000000000000000050900020073797a3200000000a8000380a4000380140001006272696467655f736c6176655f3100001400010076657468305f6d61637674617000000014000100726f73653000000000000000000000001400010076657468315f766972745f7769666900140001007866726db000000000000000000000001400010063616966300000000000000000000000140001006261746164765f736c6176655f3100001400010076657468315f746f5fc83de7a7c88ad4c200074000000001140000001100010000000000000000000a00000a"], 0x1ec}, 0x1, 0x0, 0x0, 0x8000}, 0x8000)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f0000000100)=ANY=[@ANYBLOB="180000000000000000000000ff000000850000000e000000850000000800000095"], &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000340)='kfree\x00', r1}, 0x18)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r2 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$inet6_udp_int(r2, 0x11, 0x67, &(0x7f0000000040)=0x91, 0x4)
setsockopt$sock_linger(r2, 0x1, 0x3c, &(0x7f0000000180)={0x200000000000001}, 0x8)
connect$inet6(r2, &(0x7f0000000000)={0xa, 0x0, 0x0, @local, 0x6}, 0x75)
sendmmsg$inet6(r2, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171, 0x0, 0x0, 0x6000}}], 0x400000000000172, 0x4001c00)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
openat$cgroup(r3, &(0x7f0000000040)='syz1\x00', 0x200002, 0x0)
openat$cgroup_int(r3, &(0x7f0000000080)='hugetlb.1GB.rsvd.failcnt\x00', 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000edff0000000000000000850000000f00000018010000646c012500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000800000850000000600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000140)={'pim6reg1\x00', 0x1})
r5 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000740)={&(0x7f0000000a40)=@newlink={0x38, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x10004}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @gre={{0x8}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_IGNORE_DF={0x5, 0x13, 0x1}]}}}]}, 0x38}}, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010200000000000000020000000900010073797a300000000040000000030a01010000000000000000020000000900010073797a30000000000900030073797a320000000014000480080001400000000008000240000000002c000000030a03000000000000000000020000000900010073797a30000000000900030073797a32"], 0xb4}}, 0x0)

260.214268ms ago: executing program 2 (id=1035):
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x2000007, 0x401d031, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00')
ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0xc0686611, &(0x7f0000000180)={0x18, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil})
creat(&(0x7f0000000240)='./file0\x00', 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f00000000c0))
acct(0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
sendmsg$NFT_MSG_GETFLOWTABLE(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000480)=ANY=[@ANYBLOB="20000000170a00000000000000000000000000060c0005400000000000000002aaa4468be19c963ebbcb290000000000000000"], 0x20}}, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000240)={@in6={{0xa, 0x0, 0x0, @remote}}, 0x0, 0x0, 0x26, 0x0, "8ddbb51a3cfd954e41e8ccb21f650fa6a867fb9bbcf0feeee4dc036d0675af58b39fa8d54ee8323507a61a95cf134ce8f605671338c7f8838a00bdfba71bc4b828c7de258b6b9ca1fc52bcc83e2a016a"}, 0xd8)
socket$key(0xf, 0x3, 0x2)
bind$inet6(r3, &(0x7f0000000100)={0xa, 0x4e22, 0x0, @rand_addr, 0x3}, 0x1c)
r4 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
preadv(r4, &(0x7f0000000180)=[{&(0x7f0000000000)=""/150, 0x96}], 0x1, 0x0, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f0000000380)={'batadv_slave_1\x00', <r5=>0x0})
sendmsg$BATADV_CMD_SET_MESH(r4, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000400)={&(0x7f00000003c0)=ANY=[@ANYBLOB="01003800", @ANYRES16=0x0, @ANYBLOB="02002abd7000fbdbdf250f00000008002b000100000008000600", @ANYRES32=r5, @ANYBLOB="0500300001000000"], 0x2c}, 0x1, 0x0, 0x0, 0x400c010}, 0x40001)
ioctl$FS_IOC_GETVERSION(r0, 0x80047601, &(0x7f0000000080))
listen(r3, 0x0)
syz_emit_ethernet(0x5e, &(0x7f0000000140)=ANY=[@ANYBLOB="aaaaaaaaaaaa00000000000086dd60083ff200280600fe71eea4110000", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="a0040000907800001312fb6b90339d1800"/28], 0x0)
sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="580000000002000000000000000000000000000010000180f7000280050001000000000030"], 0x58}}, 0x0)
r6 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000001c0)=ANY=[], 0x24d8}], 0x1}, 0x0)
ioctl$KVM_SET_IRQCHIP(r2, 0x4048aec9, &(0x7f0000000680)={0x2, 0x0, @pic={0x42, 0xb7, 0x3, 0xe, 0x3, 0x4, 0x6, 0x0, 0x40, 0x9, 0xfd, 0x7f, 0x7, 0x8, 0xf2, 0xe}})
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r7, &(0x7f0000000600)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000005c0)={&(0x7f0000000540)={0x68, 0x2, 0x6, 0x404, 0x0, 0x0, {0x3, 0x0, 0x7}, [@IPSET_ATTR_REVISION={0x5, 0x4, 0x2}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_TYPENAME={0x13, 0x3, 'hash:net,iface\x00'}, @IPSET_ATTR_DATA={0x1c, 0x7, 0x0, 0x1, [@IPSET_ATTR_SIZE={0x8, 0x17, 0x1, 0x0, 0x7}, @IPSET_ATTR_PORT={0x6, 0x4, 0x1, 0x0, 0x4e20}, @IPSET_ATTR_CIDR={0x5, 0x3, 0x8}]}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x68}, 0x1, 0x0, 0x0, 0x50}, 0x6090)

230.698758ms ago: executing program 0 (id=1036):
r0 = signalfd(0xffffffffffffffff, &(0x7f0000000280)={[0xfffffffffffefffd]}, 0x8)
socket$inet6_udp(0xa, 0x2, 0x0)
fanotify_init(0x2, 0x0)
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
pselect6(0x40, &(0x7f00000045c0)={0x0, 0x2, 0x4, 0x0, 0x10000000000000, 0xfffffffffffffffc, 0x80, 0x8}, 0x0, &(0x7f0000004640)={0xf8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x516a}, 0x0, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r1, 0xc004500a, &(0x7f0000000080))
mmap$dsp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000b, 0x8012, r1, 0x0)
close(r0)

160.200483ms ago: executing program 2 (id=1037):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0x8f)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x11, 0x18, &(0x7f0000000180)=ANY=[], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x1f00, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r3}, 0x10)
r4 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000001c0)={0x114, 0x2b, 0x1, 0x0, 0x0, "", [@nested={0x104, 0x0, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}, @typed={0x14, 0x1, 0x0, 0x0, @ipv6=@loopback}, @generic="50bb2d6f67d29d6fabadb107d0def49c88ea04abde1d5e8d3fb22a1b5046778bdafefc46b0449ade68bf84b36ec72dd71265fc2e882348c26c2126237dd5b37f5ae655b1086cda40e00aec58754734be31d750351dc076eb43d9621dc08c029d1608a487f26fbe816b89f7cb81bff81a8b9482565856555ee923c65973deb0a99b962bc0fe94a3fcae3697bd7b85b3a682167c43dbf137115a40ebddcad74875ec58e9a3ddb9ad02a078cf0d972df9e99f079767734f69ce475f55ac64337803f5eb4e5842f4d98fe3fa370d47eb640dc5061dc35817c8a66c29be82fd3f8cd1"]}]}, 0x114}], 0x1}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0xd, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b708000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r5, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20)
r6 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000380)={0x3, 0x4, 0x4, 0xa, 0x0, r5, 0xffffffff, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2, 0x5, 0x0, @void, @value, @void, @value}, 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000540)={{r6}, &(0x7f0000000400), &(0x7f0000000500)=r3}, 0x1c)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r5], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000980)='sys_exit\x00', r7}, 0x10)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000700)='signal_generate\x00', r8}, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r9=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="050000000000000000000600000008000300", @ANYRES32=r9, @ANYBLOB="080005000300000095582c3b60825f5f3376eacdbb7ca246fb7edd4cdc3041449bfd88525d42622ff873bb478d4b7d6cb5baba7c83a6bac0fd2d065ba1c77ee22df541ad164b74e23b288f82bfad2658adea209547315ec5ba428bd7a3dff349"], 0x24}}, 0x0)
sendmsg$NL80211_CMD_START_AP(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000001300)=ANY=[@ANYBLOB='t\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="050000000000000000000f000000080003", @ANYRES32=r9, @ANYBLOB="28000e0080000000ffffffffffff0802110000000802110000000000000000000000000064000100080026006c09000008000c006400000008000d00000000000a0034000202020202020000080035000000f8"], 0x74}}, 0x0)

159.692196ms ago: executing program 3 (id=1038):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000000c0), 0x60d00, 0x0)
socket$inet_sctp(0x2, 0x5, 0x84)
preadv(r0, &(0x7f0000000080)=[{0x0}, {0x0}], 0x2, 0x0, 0x10800)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0)
close(0xffffffffffffffff)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
r1 = syz_open_dev$cec(&(0x7f0000000440), 0x0, 0x0)
ioctl$CEC_ADAP_S_LOG_ADDRS(r1, 0xc05c6104, &(0x7f00000002c0)={"90125830", 0x0, 0x5, 0x9, 0x0, 0x6, "471d855406050000c6a185480039d5", 'W\x00', "214619ed", "41f336e7", ["c81de44b0091fb7ce7442d42", "ed44d0ac45643699e300", "34334e67c300e1a4c49d3300", "e996c9c4d23135876ea2fff7"]})
r2 = socket$inet_smc(0x2b, 0x1, 0x0)
getsockopt$sock_timeval(r2, 0x1, 0x67, &(0x7f0000000840), &(0x7f0000000880)=0x8)
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f00000004c0)=@filter={'filter\x00', 0xe, 0x4, 0x26c, 0xffffffff, 0x1d8, 0x94, 0x0, 0xffffffff, 0xffffffff, 0x1d8, 0x1d8, 0x1d8, 0xffffffff, 0x4, 0x0, {[{{@uncond, 0x0, 0x70, 0x94}, @REJECT={0x24, 'REJECT\x00', 0x0, {0x2}}}, {{@uncond, 0x0, 0x70, 0x94}, @REJECT={0x24, 'REJECT\x00', 0x0, {0x1}}}, {{@ip={@initdev={0xac, 0x1e, 0x0, 0x0}, @dev={0xac, 0x14, 0x14, 0x27}, 0xff, 0x0, 'veth1_to_team\x00', 'team0\x00', {0xff}, {0xff}, 0x2, 0x0, 0x21}, 0x0, 0x70, 0xb0}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00', 0x0, {[0x8f00, 0xfffffd9a, 0x2f, 0x1e, 0xffffffff, 0x0, 0x100, 0x8]}}}], {{'\x00', 0x0, 0x70, 0x94}, {0x24}}}}, 0x2c8)
write$binfmt_elf64(0xffffffffffffffff, &(0x7f0000000400)=ANY=[@ANYBLOB="7f454c4600000000000000000000000003003e00000000000000000000000000400000000000000000000000000000000000000000003800010000d198000000030000000000000000"], 0x78)
execveat(0xffffffffffffff9c, 0x0, 0x0, 0x0, 0x0)
socket$kcm(0xa, 0x3, 0x87)
ioctl$CEC_TRANSMIT(r1, 0xc0386105, 0x0)
socket$kcm(0x11, 0x3, 0x0)
r3 = socket(0x1e, 0x1, 0x0)
connect$tipc(r3, &(0x7f0000000000)=@name={0x1e, 0x2, 0x0, {{0x1, 0x1}}}, 0x10)
r4 = syz_io_uring_setup(0x6908, &(0x7f00000008c0)={0x0, 0x0, 0x10100}, &(0x7f0000000140), &(0x7f0000000100)=<r5=>0x0)
syz_io_uring_setup(0x1864, &(0x7f00000003c0)={0x0, 0x72ae, 0x10, 0x80000000}, &(0x7f00000007c0)=<r6=>0x0, &(0x7f0000000280))
syz_io_uring_submit(r6, r5, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, 0x1})
io_uring_enter(r4, 0x184c, 0x0, 0x0, 0x0, 0x0)
rt_sigtimedwait(&(0x7f0000000040)={[0x802, 0x7fffffff]}, 0x0, 0x0, 0x8)
write$binfmt_misc(r3, 0x0, 0x2000011a)
tee(0xffffffffffffffff, 0xffffffffffffffff, 0xaf5, 0x0)
ppoll(&(0x7f00000001c0)=[{0xffffffffffffffff, 0x42c3}, {r2, 0x5020}], 0x2, &(0x7f0000000200)={0x0, 0x989680}, &(0x7f0000000240)={[0x8, 0x9]}, 0x8)

159.416696ms ago: executing program 0 (id=1039):
r0 = socket$kcm(0x10, 0x400000002, 0x0)
write$cgroup_subtree(r0, &(0x7f0000001a00)=ANY=[@ANYBLOB], 0xfe33)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f0000000000)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x97}, @printk={@x, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x9b}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r1, 0x0, 0x14, 0xe40, &(0x7f00000002c0)='\x00\x00\x00\x00\x00\x00\x00\x00', &(0x7f0000000300)=""/8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, 0x0)
bpf$BPF_PROG_TEST_RUN(0x1c, 0x0, 0x0)
r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=@framed={{0x18, 0x5}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r2}, {0x7, 0x0, 0xb, 0x4}, {0x85, 0x0, 0x0, 0x95}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='sched_switch\x00', r3}, 0x10)
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$ITER_CREATE(0x21, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f0000001ac0)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8fff7ff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001000000b70500000000e000720a23fe000000008500000012000000b70000000000000095000000000000004e6258941c823b7505608556ba4ababb42684e890d31ae450400373a0a5447a801b8c1c4f0c4bd97c6555e61345400f9bd32abeb9ade0105000000000000a21902ff07000094a2b51c21df74924f5436a6ed89b98f75e800230c49c90fe1336481f3b92a63336c36fcd745d61d7739c6554ca201000000bebbe8282f8b1e26407437a397bf8f50e87ed4d27adfd876bffc402887781979461c4363bc5c9b6202ea471428197ef88bc333fbcec0ea4334f1ddb9d679ae95a90fd41d528f58d305000000435883df6c10ce86188c92292b2d0226082960be682836bdff8b0971f2a5405e453228e7b1005bd73479358a90df3e481947de6453736aa572158af6ea63d6d418fbbd2bba050000001da000ef78df03000000d19913a5fb03c79dac2e489f68127892658115e7ffb588a71dffffff951b8535167ab8069a2c92a3aa18e22517000026637b4c34bf2d0aa304ed42bf70480e9e97203fd169411f37fddd1f7fbe16dbbc0f307bceb5064f388a0350c3dc928b0e638b1e2b2a9d25264233e5d45eb377f56b95241024dbe30f67191c2b56b70328d6d3215dfffe5d89af1d10599bd494d921d1fb2db99b6aba0fa978f41eb1d4c553e5a9326ed550c13f8dd36716a899a1e79234294707c5312b924d142c17b20bb80ee202222c03fa84ccc374e717f694018630366397266090a82343aedfbf7afe892390c2eb775b0d16073da2229958db05de7df6ab7600004000010000006d8081cb3bf251d906c00da0e23b50465f8394820be571e3592d0000c7ef10fdc462e7040e7074ec43aa461fc54401a76406db718d4efd6c1bd10ce1d087cf9bba461162555a95524c84df0952d32093082b7aa71304e0d2d9ec310d1b676b378a5879e47941de1a28c3a8f400000000000000000e032b7d2badd0bc6617a859b7ac273b6304555f664469cec152030f06cc0ca1765838eb5590264736fbccfc3a8f4e3b10daf6a275daf5db2dac7096fe8ac8876acaad043663b3b0fedb05e6d31408fa20140c9d2db1c59ac8a3ce28e489d67d87d3a107ccea3007f58f2c5017e8807107f79ac50cc1d4f546b4443d137eb706b71b1767a10cca7a7c82b76c96e874aff249f36329a6526b354b6e674b08f7ef492b804c4b08fb10de807d79fd782027318cd7632e22d2faa16209272b39b5ec8d239832ea02cc88e249a2e77753a58987547571fbc8de747faab724bebb6401412b496e078fcb6c78ab447e871b76a8b0506f49594aa1d610567e14d739a60ff3ce04d0d2e5681e787c7e1ad25467bb81f2f440128207fe07a83759ec30cf9e0a3fd3f2fcee97fe8d273f8e712a8a64eaf2d89a1fa44554357fcd7ab531ff7a41c27164fca430a62d015b477de61853f5ee2e25b00a63642ec32ece2ff3bb5883deb895f52a923b5c744d8dccdd6a09ded8b90f1eeda8e6e884a4f090edb6ab9fc8107846508d51f3735493d5860cf80200ce31b92eb3563d485b5a7d192092d7a9fd2bc67d305d1d4573aad5f6501d1cd27657ce17330402dacb78d72d776330711645eed7d4c292f4448733c0826c4eb950f3d40453f82d7f792d106518f6bde874aff9e2bea7d73f74bebeeacfc700000000000000000000d40d73be47803297db004264c8c70b7761b22a7114a078a87d63d63b0c9dcc263a5b773bfeba212abef4181ad9e4872e328c0f105d51e3d167a2b717051d7681ba04552eeba18a000000b22b50d76d85040c9000ea68a528049a60d5e26b20455194f4be3b8466fd66d0e6cefcff7891c485d61cb66f4076cd60a22733cb00cf7cc12ca7d9bb864c0e650236a79a5c85349a9b1e6bbc3bace197e72490c566431cd3a08e9d1b641c1ba1f661d01573b904c3fa1427370fa15cecd294ac21fefe3d161fdf58e8bc5957ef145839f4370176e1be88d2e3516a1998c1621a00b4438b85a4dfee6f61827a1e50e158038b037dfda3ffb35069e41fc740ae720800de53948f176c3c15f3a529c02434b920d87f12a6e3420a2fdcb3559e7a5b1ddbb06b7a5977f63bfac701e673bf626d126b213c92e7169a930beb8d76f9db34e8098bea301baa96916d6458c923866dc192928b320738d1b298fb55f2a64500000000000000000000000000509885a38d9d995a46817e7ff7acddcc5f9253c63f86baf33f92820c9ff497cf76b6482c3ab53fb6ecea6d220b91b99b2fb4279ab09ae0645ab92df309000000000000a4868411948f8e3e259f717d722a1eebd3f6860a17f1ae9e10a1178f6aef4951b192d13e9600c1f700ca7b1d127e451034469bf2a8f93dbae6ad8e932e431dc18323794156238625bb9c45c5a76a68a8646e701b29a71ffbd854f50f195833106a5625ff94221f1f04c72525b50aae69081de9626de9847bf53475d90642d9730101d80b1b0000000000000000822b0641698d60160d9157548302dd2636d12c431f96728ae4a45361e6d47a1c4a52d67c0f0a62585c09fcfd70d0f249f87c44b47283c1c6f2430d70c751e4ada9b646e6e7c1719faee476d88a2943c71a21da55b7497dd7ed385ac2e8cb916390a3a0ed52e7371e1a141e69afa07b46ac20f3521fb251b72c82ee1c7eb4f67c0deed5618d0db925ce7a7c50a99835544c540f5d528587d1a26e78df1bc9a8e4d90c57d0b8122eae7b23e4456624f5337c16c42648c7a3d0b799ad409befe0cbe2aa781ba826918df7aa80dff4f62258e54419629eb1d37de7f6a3512bd618781d1ad3a4d4b0da44df9f9a93f0487f79a9b16dfa6f68b06ce6a96ca344d194cded05702c2300d1a4f451b33830765f8131f6c28fada65701851bba089b8a8347900e72d68cea965feb6a06225dd3f0e135323a5bde3b43c9d242b73abf9e05336af040a4a6bb5918146393f1d50705c1d1e986bf2f690de51ee8727d37339df5fc1db535bb1e9bb3e5dadb6e5a2bb4faa2dcbc6ca9b40ac96e448b9dadeb08fc2cf3a960f22bf20b9e967b7a75687372b8e3edc543896c360674d901a7f56b07ba1479b46eea3d94026a9c7e670ab40bb2c1ca1a7c90299361239bef773140af974c7efc285a64633d21513481b3ac62dec9fa3e8ce6156d76b82baa145bc550b0ccbc0934ccfea45292caa2f0654fe18dc0669a4f2af9fa232a293ad94261f55675cc686db72783a6bacc0df6a1ea943ae266af112f35319980cd681811a369e0d03cf7d22bed7cbe1afe498b88942b1bf7edae441a0d0d88fce65cb4e848793a28cbd7373f6acd3b5a48c034e487750388929d37fa3165f205dab3be5f3e5781a84298687cbf02dcaf0e14a2b260293f349d076eb75a2ddc5382d106f0beea02aa45018fe36d1176cf7704383b6922d10dc9feca3982ae232d4bb47c722c83a7cf6ee8832f038b072eb803a47cd7f753e80c9f6eedb89ee1c95361debf58f671170cfa57fb0c9cbad5c70244a2b6de2062cbd1ba2c85f73689d3ffcd37022ab9fcabd17fd40bfd316088dffe92728016ec5c72e21da52d09f849ab4a4b2d9b4799bab3a6d7f2ba57e100e7ffec0bd4c0659ebaf7b225edaa0af3f5aa99d1551d34b2d2faf0971dbe852142088b1c9b052e1177c47365d950e22c2b04283f62fec31837b5068dab60c5c2c1547acd52ab5e5cde41d24563b05e223e2aafe2c55ba3001d12e4de86597487e99c3b2bf193d7d6d0821481c16fd7cece5df2567182ca1ad6028028bf9f72d503b3d70e1c3c4b5e73ac286abb2b3b069f2ccda4c6a7a3759302b02034e8217b4ecdb9f1118a4117fd49d5467a84b70fae675af118bd885ee7798782765438caaf69856e236bf4b37bff5f971df3fd5e03a9ea39d5397b4e5c5a0d7eacf2"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x1d4, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r4, 0x300f000, 0xe, 0x0, &(0x7f0000000080)="0069c2704ade28eddb0000200000", 0x0, 0x48b8, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
r5 = socket$kcm(0x10, 0x2, 0x0)
write$cgroup_pid(0xffffffffffffffff, 0x0, 0x0)
sendmsg$kcm(r5, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="2e00000010008188040f80ec59acbc0413a1f8480f00fe005e140602000000000e000a001000000002800000121f", 0x76}], 0x1}, 0x4008800)

69.778459ms ago: executing program 0 (id=1040):
socket$nl_route(0x10, 0x3, 0x0)
socket$key(0xf, 0x3, 0x2)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(0xffffffffffffffff, 0x10e, 0xb, 0x0, 0x0)
setsockopt$inet6_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x0, 0x0)
getpid()
process_vm_readv(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prctl$PR_SET_IO_FLUSHER(0x39, 0x1)
bpf$MAP_CREATE(0x141e000000000000, &(0x7f00000000c0)=@base={0x5, 0x3f, 0x6c03, 0xee, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
socket$inet6(0xa, 0x0, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x0)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000002100)='projid_map\x00')
writev(r1, &(0x7f00000003c0)=[{&(0x7f0000000100)="7f", 0x1}], 0x2)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
r2 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'erspan0\x00'})
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan1\x00'})
ioctl(r0, 0x8b1b, &(0x7f0000000040))

67.332431ms ago: executing program 2 (id=1041):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000340)=ANY=[@ANYBLOB="12013f00000000407f04ffff00000000000109022d000100000000090400001503000000092140000001220f00090581", @ANYRES32], 0x0) (async)
r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000200)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000001c0)={<r2=>0xffffffffffffffff}, 0x106}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_ROUTE(r1, &(0x7f0000000080)={0x4, 0x8, 0xfa00, {r2}}, 0x10) (async)
syz_usb_control_io$hid(r0, 0x0, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000b40)=@mangle={'mangle\x00', 0x1f, 0x6, 0x748, 0x450, 0x580, 0x0, 0xe8, 0xe8, 0x680, 0x680, 0x680, 0x680, 0x680, 0x6, &(0x7f0000000140), {[{{@ipv6={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @mcast1, [0x800000ff, 0xff, 0xff000000, 0xffffff00], [0xff000000, 0x0, 0xffffff00], 'dvmrp1\x00', 'netdevsim0\x00', {}, {}, 0x8, 0xcf, 0x0, 0x14}, 0x0, 0xa4, 0xe8}, @DNPT={0x44, 'DNPT\x00', 0x0, {@ipv6=@mcast1, @ipv4=@local, 0x21, 0x2, 0x400}}}, {{@ipv6={@private1={0xfc, 0x1, '\x00', 0x1}, @private0, [0x0, 0x0, 0xff000000, 0xff], [0xffffff00, 0xff000000, 0xff, 0xffffff00], 'veth0_to_bridge\x00', 'vcan0\x00', {0xff}, {0xff}, 0x2e, 0xf, 0x1, 0x52}, 0x0, 0xc8, 0x10c, 0x0, {}, [@inet=@rpfilter={{0x24}, {0xa}}]}, @DNPT={0x44, 'DNPT\x00', 0x0, {@ipv4=@rand_addr=0x64010101, @ipv6=@mcast2, 0x3a, 0x4, 0x5}}}, {{@ipv6={@private1, @loopback, [0x0, 0xffffff00, 0xffff00, 0xffffff00], [0xffffffff, 0x0, 0xffffff00], 'wg0\x00', 'veth1_to_bond\x00', {}, {0xff}, 0x0, 0x81, 0x5, 0x2e}, 0x0, 0x218, 0x25c, 0x0, {}, [@common=@rt={{0x138}, {0xfffffffa, [0xffb, 0x2], 0xc, 0x10, 0x1, [@local, @local, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @private2={0xfc, 0x2, '\x00', 0x1}, @remote, @mcast2, @dev={0xfe, 0x80, '\x00', 0x3d}, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @loopback, @mcast2, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @private0={0xfc, 0x0, '\x00', 0x1}, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, @private2={0xfc, 0x2, '\x00', 0x1}, @empty], 0x6}}, @common=@unspec=@limit={{0x3c}, {0x3, 0x3, 0x1, 0xfff, 0x2, 0x1130, 0x7ff}}]}, @SNPT={0x44, 'SNPT\x00', 0x0, {@ipv6=@empty, @ipv4=@rand_addr=0x64010102, 0x1b, 0x2b, 0x2}}}, {{@ipv6={@local, @local, [0x0, 0xffffffff, 0xffffffff], [0xff, 0x0, 0xffffff00, 0xffffff00], 'wlan1\x00', 'gretap0\x00', {0xff}, {}, 0x1, 0x6, 0x1, 0x2}, 0x0, 0xec, 0x130, 0x0, {}, [@inet=@rpfilter={{0x24}, {0x7}}, @inet=@rpfilter={{0x24}, {0xf}}]}, @DNPT={0x44, 'DNPT\x00', 0x0, {@ipv6=@dev={0xfe, 0x80, '\x00', 0x31}, @ipv6=@dev={0xfe, 0x80, '\x00', 0x24}, 0x33, 0xb, 0xfff}}}, {{@uncond, 0x0, 0xdc, 0x100, 0x0, {}, [@common=@unspec=@time={{0x38}, {0x4, 0x10000, 0xcb6, 0x6e2, 0x0, 0x6}}]}, @unspec=@CHECKSUM={0x24}}], {{'\x00', 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x7a4) (async)
r3 = syz_usb_connect$cdc_ncm(0x2, 0x7a, &(0x7f00000001c0)={{0x12, 0x1, 0x250, 0x2, 0x0, 0x0, 0xff, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x68, 0x2, 0x1, 0x7, 0xb0, 0xfd, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x9, 0x24, 0x6, 0x0, 0x1, "192d54f8"}, {0x5, 0x24, 0x0, 0x3}, {0xd, 0x24, 0xf, 0x1, 0x8, 0x4, 0x7, 0xff}, {0x6, 0x24, 0x1a, 0x3ff, 0x34}, [@mbim_extended={0x8, 0x24, 0x1c, 0x6, 0x8, 0x8}]}, {{0x9, 0x5, 0x81, 0x3, 0x8, 0x2, 0x0, 0x2}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200, 0x6b, 0x13, 0x3}}, {{0x9, 0x5, 0x3, 0x2, 0x200, 0x4, 0x64, 0x4}}}}}}}]}}, &(0x7f0000000840)={0xa, &(0x7f0000000040)={0xa, 0x6, 0x310, 0x44, 0x2, 0x5, 0x10, 0x6}, 0x117, &(0x7f0000000380)={0x5, 0xf, 0x117, 0x5, [@wireless={0xb, 0x10, 0x1, 0x4, 0xc, 0x9, 0xb9, 0x6, 0xe9}, @ss_container_id={0x14, 0x10, 0x4, 0x5, "6dd0eefb0a946a361e15116b3ce34205"}, @generic={0xe9, 0x10, 0x3, "a92e77fd5649981470847bd939f973981de9497a8f09b0da873c3570ecd903f8eefb2a54cd4bf117d977a368a8f1d2b79742ce534218e6ab281937c5d178499f8fac875051f1cbf9efd9b68b5ce9e4f0d42172bf2c5e58567cb216bc403330e62b489118d1167d849fda9dcdfcaec2b98dea4409a866bba434158c70ebc519c70d11d54e91aaa8e4238afef9170fa9ff7c009c4ec46e30a0386d093207e79357d54243b66efe691b447d8f2ad0e1a54f74c8fbaa12ea9605f4f131a96395e9012d68ab5dd5734280331cd50c7c27bea4b07f07aaff0fd49910135e1ea35ae174d2be7aa524b3"}, @ptm_cap={0x3}, @ext_cap={0x7, 0x10, 0x2, 0xc, 0x0, 0x6, 0x1}]}, 0x7, [{0x76, &(0x7f0000000240)=@string={0x76, 0x3, "c3507a6725a0edda532f1303b4fec7f73e27537aa3059ba550f615e592384540dcc995cf3a0377156d90fa4b039008c9dada4ef64d2ac563e78e5b43fb6eb50eb1767b4edd64294c3d6eb1aabd2e93811fe6dbb43aa014243e167942d0b156bd045613fb2c4e564766344d9c492a86835f4f1912"}}, {0x6d, &(0x7f00000002c0)=@string={0x6d, 0x3, "55a52c5b19a7a4d6a41a78f92794cc88babc9c8f5f55ae6b16721efbb561397d2ad566a6d24e46db5ca5aad01fd42e9706643cec0eb6fb9c546c4046acdc7bea2fd116be1742c5e478fbde17e43d7b3a5baada630811d834b9e8e4382399b508f8869b2cda54bfbcf6a2e0"}}, {0xf4, &(0x7f00000004c0)=@string={0xf4, 0x3, "86860830db8537beda2e9b30ddec30182b7abc76ed4107d245125b60ce87c7db2fc29f3e16e324a682268d30d10709a2f82c3da6508d2528b5b0b263b728f245f23b236f45cf8083b0977aad480c30ed6527da60e8460e247300f8ef60618a0e0768d89fab602fce310b5ba4f24b33aec161adf32d83f72706193dcf242fcaa9c4ffc653aeb3bc8b59b6f3513e50f99a485e40acf104f21c593bf692e765fbefb6227dbf6320eb20ed7633c7004a79859782a995521bbb3e925beb9391bbe1c092d3a6877c63128176c188ed3ce9f1ebab1ba63fd9ba0b64bd55e25684505542378e63e7a32f0308deac850db36576e7231f"}}, {0xbb, &(0x7f00000005c0)=@string={0xbb, 0x3, "1f21813435e98086e708e6a931f3a55ee13b5314cce42426da822fa2cb85bf0556186429a2632b87fe1bae316eaea896a49cbc463fc40b2c5c3a1daff5bc13225f4b6526d60d387b061877923c50046f3080092a8270de5c4ca544368723cba90d4066b1db0d16d83f710595427cfe98072973304fda886587fa7505993cb6c048a8928185c2ca93380e01f174b1a72b4aee662e6db7732aca6ffabb14abe5e7f9fc67234bc28c41c80f07d8588baf810dbcf63389ede0122b"}}, {0x6a, &(0x7f0000000680)=@string={0x6a, 0x3, "c0bad2d5f9d263f281a46573c5c30534535280ae3c5e7837a0ce31cf06fea84ce9582eb9d086cdd483198a403851e069428903408fc40d6ef40f5b20cc98ddbbbe004ad3daacf9247f354832ffa1dfbb0e932e0b8b37f452319ee2c06432bb0fd8c5f4a4bd98f8be"}}, {0x88, &(0x7f0000000700)=@string={0x88, 0x3, "718994deb8947601f26dd069e9100803e94a80472dc5ea5c8914b72457a948a79695c88959c525fa93044d0b0f30d1300f11fd2e692b592fed76ab0bf2dc6222d32c4d6763a90268e76f02e1b8f946f06becc20c2fbe056a4d3bcf901d614f40b6bc1544af20db66cbce20b156c9d336313a3f97c53ecd53009e199224e0656fbcab1d2a5a7b"}}, {0x4f, &(0x7f00000007c0)=@string={0x4f, 0x3, "e2d093cebc2e2d36e23941d1bda581bdee22ea4e6a2033c8afe42a21eaa107042d08e4ccd813352770f961d649a8b5569b485ccf99db9406c5fbfb9d14b91386791f12d413258896928c5a477c"}}]})
syz_usb_control_io$cdc_ncm(r3, &(0x7f00000009c0)={0xc, &(0x7f00000008c0)={0x0, 0x4, 0xd4, {0xd4, 0xf, "c9aecdc9814a750e294f6d9de62388e4ec7fa25338d9438c3cd7761b7e20e6fa86f5e3008c2fd3b772a0dbbf474f27ee39654b3b77ad67ea5dc8f23b369ac5d8bd202fcbb614fd62b6e5467cc83a368b9617da16b943f0d3c70d94820142903018b6e55275f7d32668ff1acc1011650d40f8619f9c5b70b4c663a226937a939b49bd895e66b2d258d27f26cbf2a52de9d2d0ecaec477909c346e4e5d2b218970812d0bb4f33241f50488a6d15b6ff0e76c0e2e34c3785f37d9d9e618b10cc9aa4fd665963861eb9bea699333888af0d27805"}}, &(0x7f00000000c0)={0x0, 0x3, 0x1a, {0x1a}}}, &(0x7f0000001480)={0x24, &(0x7f0000000a00)={0x20, 0x14, 0xa5, "869908d54f1b71e1e296112136d23cac539c232c60ef1d3bdb553817cd54a88067866a211b6dd657f0b5e53d254261648a3d7490cfb59ec78fd88bcb161ec35716bc86a1fc85c29bbaf5a8fce953a40085c72d35e0f5725cbbb330a0cdb544364a5931e318326c683531a29f345b1afa20ef1fd1ab72239191c1707e711a6bd46e577c0dd2c81bb6c86cca2d7bc0e094286c286ee654af689c6af1889d7afb751543e2ac1f"}, &(0x7f0000000ac0)={0x0, 0xa, 0x1, 0xff}, &(0x7f0000001300)={0x0, 0x8, 0x1, 0x20}, &(0x7f0000001340)={0x20, 0x80, 0x1c, {0x6, 0x9, 0x0, 0xe, 0x2, 0xf000, 0x4, 0x6, 0x5b2, 0x8b, 0x6}}, &(0x7f0000001380)={0x20, 0x85, 0x4, 0x8}, &(0x7f00000013c0)={0x20, 0x83, 0x2}, &(0x7f0000001400)={0x20, 0x87, 0x2, 0x100}, &(0x7f0000001440)={0x20, 0x89, 0x2, 0xe000}})
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x16, 0x16, &(0x7f0000000240)=ANY=[@ANYBLOB="61124c00000000006113500000000000bf2000000000000007000000180000003d030100000000009500f000000000006926000000000000bf67000000000000560602000fff07006706000020000000170200000ee60000bf050000000000002d350000000000006507000002080000070700004c0000001f75000000000000bf54000000000000070400000400f9ffad35010000000000840400000000000014000000000000009500000000000000db13d5d8b741f2cdaabc83df03395287fd51a700ea6553f304000000815dcf00c3eebc52267b042d196bde7c382d21ff79a8583a7482c5994747e19325b1ee980cbd800d845dacbcf5ad8cdbc7abf9"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
bpf$BPF_LINK_CREATE(0xa, &(0x7f0000000340)={r4, 0xffffffffffffffff, 0x24, 0x7, @val=@iter={0x0}}, 0x3c) (async)
syz_usb_control_io(r0, &(0x7f0000000b00)={0x2c, &(0x7f0000000100)=ANY=[@ANYBLOB="00000f"], 0x0, 0x0, 0x0, 0x0}, 0x0) (async)
r5 = syz_open_dev$hiddev(&(0x7f0000000080), 0x0, 0x0)
ioctl$HIDIOCGUCODE(r5, 0xc018480d, &(0x7f0000000000)={0x2, 0xbc9b5d057a9359b8, 0x0, 0x9, 0x0, 0x5})

67.110139ms ago: executing program 2 (id=1042):
socket$inet6(0xa, 0x2, 0x1000) (async)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0) (async, rerun: 64)
r2 = socket(0x10, 0x803, 0x0) (rerun: 64)
sendmsg$nl_route_sched(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x24}}, 0x0) (async)
getsockname$packet(r2, &(0x7f0000000200)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES16=r1, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) (async)
sendmsg$nl_route_sched(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000007400)=@newqdisc={0x2c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {0x0, 0xffff}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_qfg={0x8}]}, 0x2c}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000840)=@newchain={0x24, 0x2e, 0x901, 0x8000, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xfff1}}}, 0x24}}, 0x800)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000480), r2)
r5 = socket$nl_generic(0x10, 0x3, 0x10) (async)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r6=>0x0}) (async)
r7 = socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 32)
r8 = socket$nl_generic(0x10, 0x3, 0x10) (rerun: 32)
ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f0000000040)={'wlan1\x00', <r9=>0x0}) (async)
r10 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), 0xffffffffffffffff)
sendmsg$NL80211_CMD_NEW_STATION(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="ae7fd623", @ANYRES16=r10, @ANYBLOB="cf0400000000000000001300000008000300", @ANYRES32=r9, @ANYBLOB="0400130006001200000000000a000600ffffffffffff000006001000b00300000600bd0000000000"], 0x44}}, 0x0) (async)
sendmsg$NL80211_CMD_REGISTER_FRAME(r7, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000400)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010000000000000000003a00000008000300", @ANYRES32=r6, @ANYBLOB="3a776d1f"], 0x20}}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0xd, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x9, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) (async)
r11 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r11, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58) (async)
setsockopt$ALG_SET_KEY(r11, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10)
r12 = accept4(r11, 0x0, 0x0, 0x0)
sendmsg$nl_route_sched_retired(r12, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000012100), 0xe078}}, 0x0) (async, rerun: 64)
recvmmsg(r12, &(0x7f0000000700)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000300)=""/222, 0xde}, {&(0x7f0000000840)=""/123, 0x7b}], 0x2}}], 0x2, 0x0, 0x0) (rerun: 64)
sendmsg$NL80211_CMD_REGISTER_FRAME(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000004c0)=ANY=[@ANYBLOB='(@\x00\x00', @ANYRES32=r4, @ANYBLOB="010000000000fcdbdf253a00000008000300", @ANYRES32=r6, @ANYBLOB="8600cd0610e9000000000000143d00cb1d5297a49d77f3f3"], 0x28}, 0x1, 0x0, 0x0, 0x4875}, 0x0) (async)
socket$nl_generic(0x10, 0x3, 0x10) (async)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)

507.217µs ago: executing program 0 (id=1043):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)=@newlink={0x3c, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @batadv={{0xb}, {0x4}}}, @IFLA_NUM_TX_QUEUES={0x8, 0x1f, 0x4}]}, 0x3c}}, 0x0)
r1 = syz_open_dev$evdev(&(0x7f0000000000), 0x4, 0x0)
ioctl$EVIOCGKEYCODE_V2(r1, 0x80284504, &(0x7f0000000180)=""/199)

211.215µs ago: executing program 2 (id=1044):
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x42031, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs$pagemap(0xffffffffffffffff, &(0x7f0000000000))
r1 = syz_io_uring_complete(0x0)
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
connect$bt_l2cap(r2, &(0x7f0000000100)={0x1f, 0x1}, 0xe)
getsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000100)={@dev, 0x0, 0x2}, 0x0)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
ioctl$FS_IOC_GETFSLABEL(r3, 0x400452c8, &(0x7f0000000100))
sendmsg$kcm(r1, &(0x7f0000000500)={&(0x7f0000000080)=@hci={0x1f, 0x1}, 0x80, &(0x7f0000000280)=[{&(0x7f0000000200)="fe584e00028e7caa6b4b3bcea77577616585833f98125e37667dd3e12b7d9961b5c10ea616d57a72ece91bf48de42dfc2d3d0ae9095e2bcf8ca2a54e6e0578d4d195f17710ad682e9ca8a486909cbe973ba62ad1fc024020223d3f6246d9ebc083f36bfe2fac19df7f6fd206462537", 0x6f}, {&(0x7f0000000300)="21f5baf9687a5945efb44227df15718a9947ee17c02abe0b0ec1751f2d915a2ee3574c3ece3ca0d713baaca3da32db5a4496b9208a7e6932e83b4b300bc291f54ad21fd1bc85e8a04c569c33770a2994e8f278d029", 0x55}, {&(0x7f0000000380)="b339de32f70e386aa1d9d011fe07ca08a012fa1f620a9cbeaca61f5f972cd255bac96e4b92eeb5fe1002f527b063a23d63a37663c2f94a2c27cbefb3205d861a53dc2698d6af656f584ef113286d334a30c8a6b7be4ea56f0b2e55128321", 0x5e}, {&(0x7f0000000400)="e0a25ad717bec7c17f0885931bc1963e5b015c54a7912278ca9883bb4782a13245958be5bcf2137493becc66b346f86e02c49e9ae572fabe74dc40426e2cdf9fff430d839dd260fff1f9c18f152443bceaa0477fc8d7070ebc497ff520ce1c54131a3d82ea572a254efafedf86103840a353c6c0f8ed6d379553428c874d3c4c5d1fd6d1caf0c418dbe4757b02b2cc4679c6d47d6e528551818736c83b6967a490a530fcb9f48396897a74ba9f0704fc1d34448c3a4ae6a97b5c4b65b0c55953a005e4c7263949fccaa98f31429bae183e2e1f20587857d4015f75e1147f3fc3e003eb0ba0f24bff19f9eafe1be45380abb4350a54bf0139", 0xf8}], 0x4}, 0x8004)
ioctl$TIOCGDEV(r1, 0x80045432, &(0x7f0000000040))
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = dup(r4)
ioctl$KVM_SET_MSRS(r5, 0xc008ae88, &(0x7f0000000040)=ANY=[@ANYBLOB="01000000000800008304"])
r6 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)
ioctl$SNDCTL_DSP_RESET(r6, 0x80044d76, 0x0)
r7 = openat$binderfs(0xffffff9c, &(0x7f0000000000)='./binderfs/binder1\x00', 0x800, 0x0)
r8 = socket$unix(0x1, 0x1, 0x0)
r9 = socket$unix(0x1, 0x1, 0x0)
r10 = landlock_create_ruleset(&(0x7f00000002c0)={0x2001, 0x0, 0x1}, 0x18, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000640)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1804000000000000000000000000000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r11 = bpf$PROG_LOAD(0x5, &(0x7f0000000b80)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r11}, 0x10)
r12 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r12, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[], 0xac}}, 0x0)
landlock_restrict_self(r10, 0x0)
bind$unix(r9, &(0x7f0000003000)=@file={0x1}, 0x6e)
listen(r9, 0x0)
connect$unix(r8, &(0x7f0000000640)=@abs={0x1, 0x0, 0x4e23}, 0x6e)
ioctl$BINDER_GET_EXTENDED_ERROR(r7, 0xc00c6211, 0x0)
ioctl$PAGEMAP_SCAN(r0, 0xc0606610, &(0x7f0000000100)={0x60, 0x0, &(0x7f0000dc3000/0x3000)=nil, &(0x7f0000ac3000/0x4000)=nil, 0x9a3a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8})

0s ago: executing program 0 (id=1045):
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x2000007, 0x401d031, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00')
ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0xc0686611, &(0x7f0000000180)={0x18, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil})
creat(&(0x7f0000000240)='./file0\x00', 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f00000000c0))
acct(0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
sendmsg$NFT_MSG_GETFLOWTABLE(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000480)=ANY=[@ANYBLOB="20000000170a00000000000000000000000000060c0005400000000000000002aaa4468be19c963ebbcb290000000000000000"], 0x20}}, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000240)={@in6={{0xa, 0x0, 0x0, @remote}}, 0x0, 0x0, 0x26, 0x0, "8ddbb51a3cfd954e41e8ccb21f650fa6a867fb9bbcf0feeee4dc036d0675af58b39fa8d54ee8323507a61a95cf134ce8f605671338c7f8838a00bdfba71bc4b828c7de258b6b9ca1fc52bcc83e2a016a"}, 0xd8)
socket$key(0xf, 0x3, 0x2)
bind$inet6(r3, &(0x7f0000000100)={0xa, 0x4e22, 0x0, @rand_addr, 0x3}, 0x1c)
r4 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
preadv(r4, &(0x7f0000000180)=[{&(0x7f0000000000)=""/150, 0x96}], 0x1, 0x0, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f0000000380)={'batadv_slave_1\x00', <r5=>0x0})
sendmsg$BATADV_CMD_SET_MESH(r4, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000400)={&(0x7f00000003c0)=ANY=[@ANYBLOB="01003800", @ANYRES16=0x0, @ANYBLOB="02002abd7000fbdbdf250f00000008002b000100000008000600", @ANYRES32=r5, @ANYBLOB="0500300001000000"], 0x2c}, 0x1, 0x0, 0x0, 0x400c010}, 0x40001)
ioctl$FS_IOC_GETVERSION(r0, 0x80047601, &(0x7f0000000080))
listen(r3, 0x0)
syz_emit_ethernet(0x5e, &(0x7f0000000140)=ANY=[@ANYBLOB="aaaaaaaaaaaa00000000000086dd60083ff200280600fe71eea41100000000000000000000bbff2200000000", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="a0040000907800001312fb6b90339d1800"/28], 0x0)
sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="580000000002000000000000000000000000000010000180f7000280050001000000000030"], 0x58}}, 0x0)
r6 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000001c0)=ANY=[], 0x24d8}], 0x1}, 0x0)
ioctl$KVM_SET_IRQCHIP(r2, 0x4048aec9, &(0x7f0000000680)={0x2, 0x0, @pic={0x42, 0xb7, 0x3, 0xe, 0x3, 0x4, 0x6, 0x0, 0x40, 0x9, 0xfd, 0x7f, 0x7, 0x8, 0xf2, 0xe}})
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r7, &(0x7f0000000600)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000005c0)={&(0x7f0000000540)={0x68, 0x2, 0x6, 0x404, 0x0, 0x0, {0x3, 0x0, 0x7}, [@IPSET_ATTR_REVISION={0x5, 0x4, 0x2}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_TYPENAME={0x13, 0x3, 'hash:net,iface\x00'}, @IPSET_ATTR_DATA={0x1c, 0x7, 0x0, 0x1, [@IPSET_ATTR_SIZE={0x8, 0x17, 0x1, 0x0, 0x7}, @IPSET_ATTR_PORT={0x6, 0x4, 0x1, 0x0, 0x4e20}, @IPSET_ATTR_CIDR={0x5, 0x3, 0x8}]}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x68}, 0x1, 0x0, 0x0, 0x50}, 0x6090)

kernel console output (not intermixed with test programs):

noprof+0x1e8/0x410
[  138.060509][ T7575]  ? __pfx___alloc_pages_noprof+0x10/0x10
[  138.062034][ T7575]  ? __do_fast_syscall_32+0x73/0x120
[  138.063443][ T7575]  ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  138.065194][ T7575]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  138.066771][ T7575]  ? policy_nodemask+0xea/0x4e0
[  138.068085][ T7575]  alloc_pages_mpol_noprof+0x2c9/0x610
[  138.069540][ T7575]  ? __pfx_alloc_pages_mpol_noprof+0x10/0x10
[  138.071149][ T7575]  get_zeroed_page_noprof+0x14/0x50
[  138.072569][ T7575]  mon_alloc_buff+0xc0/0x190
[  138.073821][ T7575]  mon_bin_ioctl+0x48e/0xcd0
[  138.075062][ T7575]  ? __pfx_mon_bin_ioctl+0x10/0x10
[  138.076444][ T7575]  ? trace_lock_acquire+0x14a/0x1d0
[  138.077831][ T7575]  mon_bin_compat_ioctl+0x25c/0x3c0
[  138.079242][ T7575]  ? __pfx_mon_bin_compat_ioctl+0x10/0x10
[  138.080788][ T7575]  ? __pfx_mon_bin_compat_ioctl+0x10/0x10
[  138.082300][ T7575]  __do_compat_sys_ioctl+0x259/0x2b0
[  138.083718][ T7575]  __do_fast_syscall_32+0x73/0x120
[  138.085083][ T7575]  do_fast_syscall_32+0x32/0x80
[  138.086379][ T7575]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  138.088067][ T7575] RIP: 0023:0xf741e579
[  138.089156][ T7575] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  138.094208][ T7575] RSP: 002b:00000000f570656c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  138.096418][ T7575] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000009204
[  138.098499][ T7575] RDX: 0000000000129f1d RSI: 0000000000000000 RDI: 0000000000000000
[  138.100582][ T7575] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  138.102659][ T7575] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  138.104741][ T7575] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  138.106828][ T7575]  </TASK>
[  138.133717][ T5384] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  138.136345][ T5384] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 2
[  138.138625][ T5384] usb 7-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[  138.140935][ T5384] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  138.147097][ T5384] usb 7-1: config 0 descriptor??
[  138.151879][ T5384] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[  138.153798][ T5384] dvb-usb: bulk message failed: -22 (3/0)
[  138.156580][ T5384] dvb-usb: will use the device's hardware PID filter (table count: 16).
[  138.158986][ T5410] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  138.161330][ T5384] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[  138.163259][ T5384] usb 7-1: media controller created
[  138.165020][ T5384] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  138.167422][ T5410] usb 6-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  138.170041][ T5410] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66
[  138.172434][ T5410] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9
[  138.175235][ T5410] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024
[  138.179146][ T5384] dvb-usb: bulk message failed: -22 (6/0)
[  138.180669][ T5384] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[  138.183335][ T5410] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  138.185712][ T5410] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  138.187755][ T5410] usb 6-1: Product: syz
[  138.188839][ T5410] usb 6-1: Manufacturer: syz
[  138.202668][ T5384] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.2/usb7/7-1/input/input26
[  138.206740][ T5384] dvb-usb: schedule remote query interval to 150 msecs.
[  138.208652][ T5384] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[  138.215910][ T5410] cdc_wdm 6-1:1.0: skipping garbage
[  138.217342][ T5410] cdc_wdm 6-1:1.0: skipping garbage
[  138.221781][ T5410] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device
[  138.223432][ T5410] cdc_wdm 6-1:1.0: Unknown control protocol
[  138.352305][ T7570] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  138.354867][ T7570] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  138.361891][    T8] usb 7-1: USB disconnect, device number 11
[  138.362483][ T5410] dvb-usb: bulk message failed: -22 (1/0)
[  138.366022][ T5410] dvb-usb: error while querying for an remote control event.
[  138.374312][    T8] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[  138.412957][ T7572] netlink: get zone limit has 4 unknown bytes
[  138.418477][ T7584] netlink: 12 bytes leftover after parsing attributes in process `syz.1.642'.
[  139.518426][ T7598] IPVS: rr: TCP 172.20.20.170:0 - no destination available
[  139.800049][ T7600] netlink: 'syz.2.649': attribute type 1 has an invalid length.
[  139.803361][ T7600] netlink: 224 bytes leftover after parsing attributes in process `syz.2.649'.
[  140.269945][ T7616] program syz.3.654 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  140.929118][ T7624] netlink: 'syz.0.657': attribute type 10 has an invalid length.
[  140.955066][ T7624] team0: Port device  added
[  140.996257][ T7630] netlink: 'syz.2.658': attribute type 1 has an invalid length.
[  140.998391][ T7630] netlink: 224 bytes leftover after parsing attributes in process `syz.2.658'.
[  141.043657][ T7635] netlink: 732 bytes leftover after parsing attributes in process `syz.0.659'.
[  141.046088][ T7635] netlink: 732 bytes leftover after parsing attributes in process `syz.0.659'.
[  141.152126][ T7642] FAULT_INJECTION: forcing a failure.
[  141.152126][ T7642] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  141.155721][ T7642] CPU: 1 UID: 0 PID: 7642 Comm: syz.0.662 Not tainted 6.12.0-rc2-syzkaller-00058-g75b607fab38d #0
[  141.158472][ T7642] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  141.161273][ T7642] Call Trace:
[  141.162164][ T7642]  <TASK>
[  141.163052][ T7642]  dump_stack_lvl+0x16c/0x1f0
[  141.164356][ T7642]  should_fail_ex+0x497/0x5b0
[  141.165619][ T7642]  _copy_from_user+0x30/0xf0
[  141.166852][ T7642]  get_compat_msghdr+0xa8/0x170
[  141.168206][ T7642]  ? __pfx_get_compat_msghdr+0x10/0x10
[  141.169650][ T7642]  ? find_held_lock+0x2d/0x110
[  141.170934][ T7642]  ___sys_recvmsg+0x193/0x1a0
[  141.172228][ T7642]  ? __pfx____sys_recvmsg+0x10/0x10
[  141.173617][ T7642]  ? lock_acquire+0x2f/0xb0
[  141.174831][ T7642]  ? __fget_files+0x40/0x3f0
[  141.176081][ T7642]  ? __pfx___might_resched+0x10/0x10
[  141.177482][ T7642]  ? fdget+0x176/0x210
[  141.178575][ T7642]  do_recvmmsg+0x51a/0x750
[  141.179776][ T7642]  ? __pfx_do_recvmmsg+0x10/0x10
[  141.181093][ T7642]  ? __pfx_lock_release+0x10/0x10
[  141.182445][ T7642]  ? vfs_write+0x14d/0x1140
[  141.183671][ T7642]  ? __fget_files+0x244/0x3f0
[  141.184918][ T7642]  __sys_recvmmsg+0x21e/0x280
[  141.186171][ T7642]  ? __pfx___sys_recvmmsg+0x10/0x10
[  141.187558][ T7642]  ? __pfx_ksys_write+0x10/0x10
[  141.188856][ T7642]  __ia32_compat_sys_recvmmsg_time32+0xc4/0x160
[  141.190498][ T7642]  ? lockdep_hardirqs_on+0x7c/0x110
[  141.191882][ T7642]  ? syscall_enter_from_user_mode_prepare+0x68/0xe0
[  141.193617][ T7642]  __do_fast_syscall_32+0x73/0x120
[  141.194975][ T7642]  do_fast_syscall_32+0x32/0x80
[  141.196284][ T7642]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  141.197959][ T7642] RIP: 0023:0xf7fb6579
[  141.199062][ T7642] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  141.204109][ T7642] RSP: 002b:00000000f573656c EFLAGS: 00000296 ORIG_RAX: 0000000000000151
[  141.206308][ T7642] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000020000d80
[  141.208374][ T7642] RDX: 000000000000036f RSI: 0000000000020102 RDI: 0000000000000000
[  141.210460][ T7642] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  141.212606][ T7642] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  141.214689][ T7642] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  141.216797][ T7642]  </TASK>
[  141.217728][    C1] vkms_vblank_simulate: vblank timer overrun
[  141.301134][ T7645] netlink: 8 bytes leftover after parsing attributes in process `syz.0.663'.
[  141.420520][ T7647] FAULT_INJECTION: forcing a failure.
[  141.420520][ T7647] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  141.424337][ T7647] CPU: 3 UID: 0 PID: 7647 Comm: syz.0.664 Not tainted 6.12.0-rc2-syzkaller-00058-g75b607fab38d #0
[  141.427127][ T7647] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  141.429856][ T7647] Call Trace:
[  141.430724][ T7647]  <TASK>
[  141.431498][ T7647]  dump_stack_lvl+0x16c/0x1f0
[  141.432774][ T7647]  should_fail_ex+0x497/0x5b0
[  141.434010][ T7647]  __fpu_restore_sig+0xa9c/0x1430
[  141.435332][ T7647]  ? __pfx___fpu_restore_sig+0x10/0x10
[  141.436818][ T7647]  ? lock_acquire+0x2f/0xb0
[  141.437997][ T7647]  ? __might_fault+0xe3/0x190
[  141.439217][ T7647]  ? __might_fault+0xe3/0x190
[  141.440441][ T7647]  fpu__restore_sig+0x102/0x180
[  141.441705][ T7647]  ia32_restore_sigcontext+0x40f/0x5d0
[  141.443110][ T7647]  ? __pfx_ia32_restore_sigcontext+0x10/0x10
[  141.444664][ T7647]  ? __pfx_lock_release+0x10/0x10
[  141.446007][ T7647]  ? _raw_spin_unlock_irq+0x23/0x50
[  141.447358][ T7647]  ? lockdep_hardirqs_on+0x7c/0x110
[  141.448722][ T7647]  __do_compat_sys_rt_sigreturn+0x116/0x1f0
[  141.450248][ T7647]  ? __pfx___do_compat_sys_rt_sigreturn+0x10/0x10
[  141.451912][ T7647]  do_int80_emulation+0x104/0x200
[  141.453280][ T7647]  asm_int80_emulation+0x1a/0x20
[  141.454569][ T7647] RIP: 0023:0xf7fb6577
[  141.455682][ T7647] Code: 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 <cd> 80 5d 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00
[  141.460588][ T7647] RSP: 002b:00000000f573656c EFLAGS: 00000296
[  141.462156][ T7647] RAX: 000000000000013c RBX: 0000000000000005 RCX: 00000000200014c0
[  141.464200][ T7647] RDX: 000000000000000f RSI: 0000000000000000 RDI: 0000000000000000
[  141.466284][ T7647] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  141.468324][ T7647] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  141.470317][ T7647] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  141.472368][ T7647]  </TASK>
[  141.547085][ T7658] netlink: 'syz.0.668': attribute type 1 has an invalid length.
[  141.549101][ T7658] netlink: 224 bytes leftover after parsing attributes in process `syz.0.668'.
[  141.555252][ T7658] netlink: 88 bytes leftover after parsing attributes in process `syz.0.668'.
[  143.172267][ T1422] usb 5-1: new full-speed USB device number 11 using dummy_hcd
[  143.333887][ T1422] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  143.337998][ T1422] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 2
[  143.340317][ T1422] usb 5-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[  143.349136][ T1422] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  143.352000][ T1422] usb 5-1: config 0 descriptor??
[  143.356835][ T1422] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[  143.358754][ T1422] dvb-usb: bulk message failed: -22 (3/0)
[  143.365109][ T1422] dvb-usb: will use the device's hardware PID filter (table count: 16).
[  143.369243][ T1422] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[  143.372354][ T1422] usb 5-1: media controller created
[  143.374070][ T1422] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  143.378655][ T1422] dvb-usb: bulk message failed: -22 (6/0)
[  143.380225][ T1422] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[  143.385388][ T1422] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.0/usb5/5-1/input/input27
[  143.392591][ T1422] dvb-usb: schedule remote query interval to 150 msecs.
[  143.395666][ T1422] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[  143.458935][ T7682] netlink: 'syz.2.677': attribute type 1 has an invalid length.
[  143.461115][ T7682] netlink: 224 bytes leftover after parsing attributes in process `syz.2.677'.
[  143.494142][ T7682] netlink: 88 bytes leftover after parsing attributes in process `syz.2.677'.
[  143.552360][ T1422] dvb-usb: bulk message failed: -22 (1/0)
[  143.553895][ T1422] dvb-usb: error while querying for an remote control event.
[  143.560094][ T7669] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  143.567469][ T7669] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  143.574817][ T1422] usb 5-1: USB disconnect, device number 11
[  143.589381][ T1422] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[  144.238324][ T7696] netlink: 8 bytes leftover after parsing attributes in process `syz.3.682'.
[  144.243219][ T7696] macsec0: entered promiscuous mode
[  144.275558][   T39] kauditd_printk_skb: 12 callbacks suppressed
[  144.275570][   T39] audit: type=1326 audit(1728505382.881:522): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7698 comm="syz.3.683" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf741e579 code=0x7ffc0000
[  144.293448][   T39] audit: type=1326 audit(1728505382.891:523): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7698 comm="syz.3.683" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf741e579 code=0x7ffc0000
[  144.306736][   T39] audit: type=1326 audit(1728505382.891:524): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7698 comm="syz.3.683" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf741e579 code=0x7ffc0000
[  144.322335][   T39] audit: type=1326 audit(1728505382.891:525): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7698 comm="syz.3.683" exe="/syz-executor" sig=0 arch=40000003 syscall=434 compat=1 ip=0xf741e579 code=0x7ffc0000
[  144.329325][   T39] audit: type=1326 audit(1728505382.891:526): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7698 comm="syz.3.683" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf741e579 code=0x7ffc0000
[  144.344076][   T39] audit: type=1326 audit(1728505382.891:527): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7698 comm="syz.3.683" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf741e579 code=0x7ffc0000
[  144.351299][   T39] audit: type=1326 audit(1728505382.891:528): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7698 comm="syz.3.683" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf741e579 code=0x7ffc0000
[  144.359733][   T39] audit: type=1326 audit(1728505382.891:529): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7698 comm="syz.3.683" exe="/syz-executor" sig=0 arch=40000003 syscall=424 compat=1 ip=0xf741e579 code=0x7ffc0000
[  144.367520][   T39] audit: type=1326 audit(1728505382.891:530): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7698 comm="syz.3.683" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf741e579 code=0x7ffc0000
[  144.390746][ T7705] FAULT_INJECTION: forcing a failure.
[  144.390746][ T7705] name failslab, interval 1, probability 0, space 0, times 0
[  144.394483][ T7705] CPU: 0 UID: 0 PID: 7705 Comm: syz.3.684 Not tainted 6.12.0-rc2-syzkaller-00058-g75b607fab38d #0
[  144.397528][ T7705] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  144.400775][ T7705] Call Trace:
[  144.401731][ T7705]  <TASK>
[  144.402659][ T7705]  dump_stack_lvl+0x16c/0x1f0
[  144.404073][ T7705]  should_fail_ex+0x497/0x5b0
[  144.405554][ T7705]  should_failslab+0xc2/0x120
[  144.407161][ T7705]  kmem_cache_alloc_noprof+0x6e/0x2f0
[  144.408965][ T7705]  ? skb_clone+0x190/0x3f0
[  144.410408][ T7705]  skb_clone+0x190/0x3f0
[  144.411708][ T7705]  netlink_deliver_tap+0xb26/0xcf0
[  144.413362][ T7705]  netlink_unicast+0x5e1/0x7f0
[  144.414655][ T7705]  ? __pfx_netlink_unicast+0x10/0x10
[  144.416366][ T7705]  ? __phys_addr_symbol+0x30/0x80
[  144.417675][ T7705]  ? __check_object_size+0x488/0x710
[  144.419059][ T7705]  netlink_sendmsg+0x8b8/0xd70
[  144.420461][ T7705]  ? __pfx_netlink_sendmsg+0x10/0x10
[  144.421944][ T7709] netlink: 'syz.0.686': attribute type 1 has an invalid length.
[  144.421979][ T7705]  ? lock_acquire+0x2f/0xb0
[  144.425167][ T7705]  ____sys_sendmsg+0x9ae/0xb40
[  144.426425][ T7705]  ? __pfx_____sys_sendmsg+0x10/0x10
[  144.427822][ T7705]  ? get_compat_msghdr+0x11b/0x170
[  144.429168][ T7705]  ? __pfx___lock_acquire+0x10/0x10
[  144.430714][ T7705]  ___sys_sendmsg+0x135/0x1e0
[  144.432349][ T7705]  ? __pfx____sys_sendmsg+0x10/0x10
[  144.434131][ T7705]  ? lock_acquire+0x2f/0xb0
[  144.435719][ T7705]  ? __fget_files+0x40/0x3f0
[  144.437302][ T7705]  ? fdget+0x176/0x210
[  144.438703][ T7705]  __sys_sendmsg+0x117/0x1f0
[  144.440305][ T7705]  ? __pfx___sys_sendmsg+0x10/0x10
[  144.442048][ T7705]  ? __fget_files+0x244/0x3f0
[  144.443675][ T7705]  __do_fast_syscall_32+0x73/0x120
[  144.445425][ T7705]  do_fast_syscall_32+0x32/0x80
[  144.447086][ T7705]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  144.449240][ T7705] RIP: 0023:0xf741e579
[  144.450659][ T7705] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  144.457216][ T7705] RSP: 002b:00000000f570656c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  144.460039][ T7705] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000020000140
[  144.462707][ T7705] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  144.465380][ T7705] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  144.468059][ T7705] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  144.470726][ T7705] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  144.473421][ T7705]  </TASK>
[  144.542466][ T7705] x_tables: ip6_tables: TCPMSS target: only valid for protocol 6
[  144.772559][ T1422] usb 5-1: new full-speed USB device number 12 using dummy_hcd
[  144.832273][   T57] usb 7-1: new high-speed USB device number 12 using dummy_hcd
[  144.926157][ T1422] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  144.928826][ T1422] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 2
[  144.931128][ T1422] usb 5-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[  144.935185][ T1422] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  144.939117][ T1422] usb 5-1: config 0 descriptor??
[  144.941940][ T1422] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[  144.944679][ T1422] dvb-usb: bulk message failed: -22 (3/0)
[  144.946808][ T1422] dvb-usb: will use the device's hardware PID filter (table count: 16).
[  144.949837][ T1422] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[  144.951700][ T1422] usb 5-1: media controller created
[  144.954275][ T1422] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  144.957415][ T1422] dvb-usb: bulk message failed: -22 (6/0)
[  144.958943][ T1422] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[  144.961914][ T1422] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.0/usb5/5-1/input/input28
[  144.965864][ T1422] dvb-usb: schedule remote query interval to 150 msecs.
[  144.967696][ T1422] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[  144.982254][   T57] usb 7-1: Using ep0 maxpacket: 32
[  144.985748][   T57] usb 7-1: config index 0 descriptor too short (expected 29220, got 36)
[  144.987937][   T57] usb 7-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  144.990172][   T57] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  144.993448][   T57] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 81
[  144.995837][   T57] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  144.998323][   T57] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  145.000814][   T57] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 18
[  145.004256][   T57] usb 7-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  145.006598][   T57] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  145.009491][   T57] usb 7-1: config 0 descriptor??
[  145.122217][   T57] dvb-usb: bulk message failed: -22 (1/0)
[  145.123794][   T57] dvb-usb: error while querying for an remote control event.
[  145.143138][ T7712] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  145.146495][ T7712] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  145.150879][ T1297] usb 5-1: USB disconnect, device number 12
[  145.159342][ T1297] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[  145.214619][ T7728] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  145.217274][ T7728] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  145.267487][ T7729] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  145.276429][    T8] usb 7-1: USB disconnect, device number 12
[  145.685013][ T7737] __nla_validate_parse: 4 callbacks suppressed
[  145.685026][ T7737] netlink: 32 bytes leftover after parsing attributes in process `syz.0.694'.
[  145.690378][ T7737] netlink: 32 bytes leftover after parsing attributes in process `syz.0.694'.
[  145.693691][ T7737] IPVS: rr: TCP 172.20.20.170:0 - no destination available
[  145.748781][ T7738] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  145.789525][ T7740] netlink: 'syz.3.695': attribute type 1 has an invalid length.
[  145.791655][ T7740] netlink: 224 bytes leftover after parsing attributes in process `syz.3.695'.
[  145.801766][ T7740] netlink: 88 bytes leftover after parsing attributes in process `syz.3.695'.
[  145.802056][ T7741] netlink: 36 bytes leftover after parsing attributes in process `syz.0.694'.
[  145.810266][ T7741] netlink: 16 bytes leftover after parsing attributes in process `syz.0.694'.
[  145.813482][ T7741] netlink: 36 bytes leftover after parsing attributes in process `syz.0.694'.
[  145.816202][ T7741] netlink: 36 bytes leftover after parsing attributes in process `syz.0.694'.
[  146.634003][ T7752] netlink: 52 bytes leftover after parsing attributes in process `syz.0.698'.
[  146.684950][ T7757] program syz.0.699 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  147.112333][ T1422] usb 7-1: new full-speed USB device number 13 using dummy_hcd
[  147.287482][ T1422] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  147.290074][ T1422] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 2
[  147.292667][ T1422] usb 7-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[  147.295006][ T1422] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  147.298505][ T1422] usb 7-1: config 0 descriptor??
[  147.303878][ T1422] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[  147.305623][ T1422] dvb-usb: bulk message failed: -22 (3/0)
[  147.312723][ T1422] dvb-usb: will use the device's hardware PID filter (table count: 16).
[  147.316371][ T1422] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[  147.318193][ T1422] usb 7-1: media controller created
[  147.320048][ T1422] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  147.328629][ T1422] dvb-usb: bulk message failed: -22 (6/0)
[  147.330145][ T1422] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[  147.337675][ T1422] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.2/usb7/7-1/input/input29
[  147.348915][ T1422] dvb-usb: schedule remote query interval to 150 msecs.
[  147.350720][ T1422] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[  147.504521][ T7764] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  147.507950][ T7764] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  147.512343][ T1422] dvb-usb: bulk message failed: -22 (1/0)
[  147.513867][ T1422] dvb-usb: error while querying for an remote control event.
[  147.518496][ T1422] usb 7-1: USB disconnect, device number 13
[  147.529893][ T1422] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[  147.684404][ T7772] netlink: 4 bytes leftover after parsing attributes in process `syz.0.704'.
[  148.059632][ T5352] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  148.062998][ T5352] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  148.065759][ T5352] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  148.070047][ T5352] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  148.072297][ T5352] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[  148.074226][ T5352] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  148.181012][ T7788] RDS: rds_bind could not find a transport for fe80::aa, load rds_tcp or rds_rdma?
[  148.202929][ T7781] chnl_net:caif_netlink_parms(): no params data found
[  148.303323][ T7781] bridge0: port 1(bridge_slave_0) entered blocking state
[  148.305225][ T7781] bridge0: port 1(bridge_slave_0) entered disabled state
[  148.307124][ T7781] bridge_slave_0: entered allmulticast mode
[  148.308981][ T7781] bridge_slave_0: entered promiscuous mode
[  148.311786][ T7781] bridge0: port 2(bridge_slave_1) entered blocking state
[  148.313710][ T7781] bridge0: port 2(bridge_slave_1) entered disabled state
[  148.315491][ T7781] bridge_slave_1: entered allmulticast mode
[  148.317419][ T7781] bridge_slave_1: entered promiscuous mode
[  148.339172][ T7781] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  148.340259][ T7781] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  148.386300][ T7781] team0: Port device team_slave_0 added
[  148.388990][ T7781] team0: Port device team_slave_1 added
[  148.411174][ T7781] batman_adv: batadv0: Adding interface: batadv_slave_0
[  148.413525][ T7781] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  148.420212][ T7781] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  148.426940][ T7781] batman_adv: batadv0: Adding interface: batadv_slave_1
[  148.428838][ T7781] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  148.435654][ T7781] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  148.466424][ T7781] hsr_slave_0: entered promiscuous mode
[  148.468888][ T7781] hsr_slave_1: entered promiscuous mode
[  148.470810][ T7781] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  148.473724][ T7781] Cannot create hsr debugfs directory
[  148.566854][ T7781] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  148.647585][ T7781] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  148.698788][ T7781] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  148.798977][ T7781] netdevsim netdevsim1  (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  148.884596][ T7781] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  148.887790][ T7781] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  148.890777][ T7781] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  148.896142][ T7781] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  148.909698][ T7781] bridge0: port 2(bridge_slave_1) entered blocking state
[  148.911575][ T7781] bridge0: port 2(bridge_slave_1) entered forwarding state
[  148.913613][ T7781] bridge0: port 1(bridge_slave_0) entered blocking state
[  148.915484][ T7781] bridge0: port 1(bridge_slave_0) entered forwarding state
[  148.945969][ T7781] 8021q: adding VLAN 0 to HW filter on device bond0
[  148.957610][ T1100] bridge0: port 1(bridge_slave_0) entered disabled state
[  148.962019][ T1100] bridge0: port 2(bridge_slave_1) entered disabled state
[  148.983135][ T7781] 8021q: adding VLAN 0 to HW filter on device team0
[  148.988875][  T105] bridge0: port 1(bridge_slave_0) entered blocking state
[  148.990784][  T105] bridge0: port 1(bridge_slave_0) entered forwarding state
[  148.995737][  T105] bridge0: port 2(bridge_slave_1) entered blocking state
[  148.997621][  T105] bridge0: port 2(bridge_slave_1) entered forwarding state
[  149.080095][ T7781] 8021q: adding VLAN 0 to HW filter on device batadv0
[  149.098200][ T7781] veth0_vlan: entered promiscuous mode
[  149.105820][ T7781] veth1_vlan: entered promiscuous mode
[  149.118110][ T7781] veth0_macvtap: entered promiscuous mode
[  149.121012][ T7781] veth1_macvtap: entered promiscuous mode
[  149.127882][ T7781] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  149.130586][ T7781] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  149.133180][ T7781] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  149.135906][ T7781] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  149.138419][ T7781] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  149.141110][ T7781] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  149.144180][ T7781] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  149.146863][ T7781] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  149.149381][ T7781] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  149.152054][ T7781] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  149.155662][ T7781] batman_adv: batadv0: Interface activated: batadv_slave_0
[  149.161511][ T7781] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  149.164582][ T7781] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  149.167075][ T7781] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  149.169804][ T7781] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  149.177201][ T7781] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  149.179888][ T7781] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  149.182877][ T7781] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  149.185564][ T7781] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  149.188065][ T7781] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  149.190770][ T7781] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  149.194311][ T7781] batman_adv: batadv0: Interface activated: batadv_slave_1
[  149.198398][ T7781] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  149.200690][ T7781] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  149.203359][ T7781] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  149.205612][ T7781] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  149.235552][  T105] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  149.237610][  T105] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  149.248738][  T105] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  149.250774][  T105] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  149.590374][ T7811] netlink: 'syz.0.713': attribute type 1 has an invalid length.
[  149.882393][   T57] usb 5-1: new full-speed USB device number 13 using dummy_hcd
[  150.012316][ T1297] usb 7-1: new high-speed USB device number 14 using dummy_hcd
[  150.045216][   T57] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  150.047755][   T57] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 2
[  150.050153][   T57] usb 5-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[  150.052712][   T57] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  150.055994][   T57] usb 5-1: config 0 descriptor??
[  150.062755][   T57] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[  150.064493][   T57] dvb-usb: bulk message failed: -22 (3/0)
[  150.066718][   T57] dvb-usb: will use the device's hardware PID filter (table count: 16).
[  150.069204][   T57] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[  150.073681][   T57] usb 5-1: media controller created
[  150.075430][   T57] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  150.078990][   T57] dvb-usb: bulk message failed: -22 (6/0)
[  150.080726][   T57] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[  150.086780][   T57] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.0/usb5/5-1/input/input31
[  150.092524][   T57] dvb-usb: schedule remote query interval to 150 msecs.
[  150.094505][   T57] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[  150.122447][ T5342] Bluetooth: hci5: command tx timeout
[  150.177024][ T1297] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  150.179650][ T1297] usb 7-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  150.183279][ T1297] usb 7-1: New USB device found, idVendor=0499, idProduct=1035, bcdDevice=56.12
[  150.185869][ T1297] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  150.189750][ T1297] usb 7-1: config 0 descriptor??
[  150.194140][ T1297] usb 7-1: Quirk or no altset; falling back to MIDI 1.0
[  150.220062][ T1297] snd-usb-audio 7-1:0.0: probe with driver snd-usb-audio failed with error -2
[  150.221084][ T5344] udevd[5344]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb7/7-1/7-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  150.252791][ T5403] dvb-usb: bulk message failed: -22 (1/0)
[  150.254300][ T5403] dvb-usb: error while querying for an remote control event.
[  150.260563][ T7815] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  150.266483][ T7815] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  150.271342][ T5403] usb 5-1: USB disconnect, device number 13
[  150.277190][ T5403] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[  150.381769][ T7831] x_tables: ip6_tables: TCPMSS target: only valid for protocol 6
[  150.415352][ T5410] usb 7-1: USB disconnect, device number 14
[  150.575524][ T7834] veth0_macvtap: left promiscuous mode
[  150.814002][ T7837] __nla_validate_parse: 3 callbacks suppressed
[  150.814014][ T7837] netlink: 8 bytes leftover after parsing attributes in process `syz.0.722'.
[  150.818040][ T7837] netlink: 36 bytes leftover after parsing attributes in process `syz.0.722'.
[  150.822402][ T7837] vlan0: entered allmulticast mode
[  150.823850][ T7837] mac80211_hwsim hwsim5 wlan1: entered allmulticast mode
[  150.918717][ T7843] netlink: 'syz.3.725': attribute type 1 has an invalid length.
[  150.921407][ T7843] netlink: 224 bytes leftover after parsing attributes in process `syz.3.725'.
[  150.929080][ T7843] netlink: 40 bytes leftover after parsing attributes in process `syz.3.725'.
[  151.037554][ T7850] netlink: 820 bytes leftover after parsing attributes in process `syz.3.728'.
[  151.165100][ T7854] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  151.167866][ T7854] overlayfs: failed to set xattr on upper
[  151.169877][ T7854] overlayfs: ...falling back to redirect_dir=nofollow.
[  151.171935][ T7854] overlayfs: ...falling back to index=off.
[  151.288106][ T7860] EXT4-fs warning (device sda1): ext4_resize_fs:2019: can't read last block, resize aborted
[  151.340511][ T7865] netlink: 4 bytes leftover after parsing attributes in process `syz.2.734'.
[  151.716649][ T7886] capability: warning: `syz.2.741' uses 32-bit capabilities (legacy support in use)
[  151.753757][ T7888] netlink: 'syz.2.742': attribute type 1 has an invalid length.
[  151.755964][ T7888] netlink: 224 bytes leftover after parsing attributes in process `syz.2.742'.
[  151.818300][ T7893] netlink: 24 bytes leftover after parsing attributes in process `syz.2.742'.
[  151.877787][ T7896] overlayfs: failed to resolve './file1': -2
[  152.212297][ T5342] Bluetooth: hci5: command tx timeout
[  152.519592][ T7883] block nbd3: shutting down sockets
[  152.749588][ T7918] fuse: Bad value for 'fd'
[  152.764309][ T7918] netlink: 52 bytes leftover after parsing attributes in process `syz.0.749'.
[  153.092336][ T7924] netlink: 'syz.2.751': attribute type 1 has an invalid length.
[  153.094322][ T7924] netlink: 224 bytes leftover after parsing attributes in process `syz.2.751'.
[  154.282642][ T5342] Bluetooth: hci5: command tx timeout
[  154.421200][    T8] IPVS: starting estimator thread 0...
[  154.522274][ T7953] IPVS: using max 34 ests per chain, 81600 per kthread
[  154.805641][ T7973] netlink: 'syz.3.766': attribute type 1 has an invalid length.
[  154.872249][ T1297] usb 7-1: new high-speed USB device number 15 using dummy_hcd
[  154.994349][ T7982] x_tables: ip6_tables: mh match: only valid for protocol 135
[  155.033405][ T1297] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  155.036046][ T1297] usb 7-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  155.039307][ T1297] usb 7-1: New USB device found, idVendor=0499, idProduct=1035, bcdDevice=56.12
[  155.045039][ T1297] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  155.053296][ T1297] usb 7-1: config 0 descriptor??
[  155.058150][ T1297] usb 7-1: Quirk or no altset; falling back to MIDI 1.0
[  155.090126][ T1297] snd-usb-audio 7-1:0.0: probe with driver snd-usb-audio failed with error -2
[  155.272094][ T2786] usb 7-1: USB disconnect, device number 15
[  155.977775][ T7997] netlink: 'syz.2.776': attribute type 1 has an invalid length.
[  156.212353][ T8008] netlink: 'syz.0.775': attribute type 1 has an invalid length.
[  156.214393][ T8008] __nla_validate_parse: 3 callbacks suppressed
[  156.214400][ T8008] netlink: 224 bytes leftover after parsing attributes in process `syz.0.775'.
[  156.222000][ T8008] netlink: 12 bytes leftover after parsing attributes in process `syz.0.775'.
[  156.373915][ T5342] Bluetooth: hci5: command tx timeout
[  156.824999][ T8037] netlink: 12 bytes leftover after parsing attributes in process `syz.3.785'.
[  157.522228][ T5384] usb 7-1: new full-speed USB device number 16 using dummy_hcd
[  157.685951][ T5384] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  157.688563][ T5384] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 2
[  157.690885][ T5384] usb 7-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[  157.695572][ T5384] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  157.699018][ T5384] usb 7-1: config 0 descriptor??
[  157.701798][ T5384] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[  157.708413][ T5384] dvb-usb: bulk message failed: -22 (3/0)
[  157.710919][ T8048] netlink: 'syz.0.788': attribute type 1 has an invalid length.
[  157.713526][ T5384] dvb-usb: will use the device's hardware PID filter (table count: 16).
[  157.715957][ T5384] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[  157.717735][ T5384] usb 7-1: media controller created
[  157.719263][ T5384] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  157.721613][ T8048] netlink: 224 bytes leftover after parsing attributes in process `syz.0.788'.
[  157.732295][ T5384] dvb-usb: bulk message failed: -22 (6/0)
[  157.742323][ T5384] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[  157.745338][ T5384] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.2/usb7/7-1/input/input33
[  157.749314][ T5384] dvb-usb: schedule remote query interval to 150 msecs.
[  157.751422][ T8048] netlink: 12 bytes leftover after parsing attributes in process `syz.0.788'.
[  157.755173][ T5384] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[  157.902872][ T8046] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  157.905645][ T8046] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  157.912231][ T5384] dvb-usb: bulk message failed: -22 (1/0)
[  157.914005][ T5384] dvb-usb: error while querying for an remote control event.
[  157.916411][ T1297] usb 7-1: USB disconnect, device number 16
[  157.923523][ T1297] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[  158.082846][ T8064] FAULT_INJECTION: forcing a failure.
[  158.082846][ T8064] name failslab, interval 1, probability 0, space 0, times 0
[  158.086420][ T8064] CPU: 3 UID: 0 PID: 8064 Comm: syz.0.794 Not tainted 6.12.0-rc2-syzkaller-00058-g75b607fab38d #0
[  158.089028][ T8064] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  158.091769][ T8064] Call Trace:
[  158.092654][ T8064]  <TASK>
[  158.093428][ T8064]  dump_stack_lvl+0x16c/0x1f0
[  158.094663][ T8064]  should_fail_ex+0x497/0x5b0
[  158.095904][ T8064]  ? fs_reclaim_acquire+0xae/0x160
[  158.097239][ T8064]  should_failslab+0xc2/0x120
[  158.098464][ T8064]  __kmalloc_node_noprof+0xd1/0x440
[  158.099811][ T8064]  ? __vmalloc_node_range_noprof+0x3d8/0x15a0
[  158.101386][ T8064]  __vmalloc_node_range_noprof+0x3d8/0x15a0
[  158.102920][ T8064]  ? bpf_prog_calc_tag+0x100/0x780
[  158.104262][ T8064]  ? find_held_lock+0x2d/0x110
[  158.105518][ T8064]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  158.107153][ T8064]  ? pcpu_memcg_post_alloc_hook.part.0+0x2c2/0x640
[  158.108832][ T8064]  ? __pfx_lock_release+0x10/0x10
[  158.110144][ T8064]  ? trace_lock_acquire+0x14a/0x1d0
[  158.111494][ T8064]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  158.113047][ T8064]  ? bpf_prog_calc_tag+0x100/0x780
[  158.114370][ T8064]  vmalloc_noprof+0x6b/0x90
[  158.115569][ T8064]  ? bpf_prog_calc_tag+0x100/0x780
[  158.116890][ T8064]  bpf_prog_calc_tag+0x100/0x780
[  158.118174][ T8064]  ? __pfx_bpf_prog_calc_tag+0x10/0x10
[  158.119590][ T8064]  ? debug_mutex_init+0x37/0x70
[  158.120848][ T8064]  ? bpf_prog_alloc_no_stats+0x3d9/0x5e0
[  158.122304][ T8064]  jit_subprogs+0x719/0x3120
[  158.123516][ T8064]  ? __pfx_jit_subprogs+0x10/0x10
[  158.124773][ T8064]  bpf_check+0xa3ec/0xc7c0
[  158.125896][ T8064]  ? __pfx_bpf_check+0x10/0x10
[  158.127066][ T8064]  ? find_held_lock+0x2d/0x110
[  158.128246][ T8064]  ? ktime_get_with_offset+0x13a/0x240
[  158.129608][ T8064]  ? trace_lock_acquire+0x14a/0x1d0
[  158.130894][ T8064]  ? ktime_get_with_offset+0x13a/0x240
[  158.132257][ T8064]  ? timekeeping_debug_get_ns+0x3e0/0x5b0
[  158.133788][ T8064]  ? lockdep_hardirqs_on+0x7c/0x110
[  158.135048][ T8064]  ? bpf_obj_name_cpy+0x156/0x1b0
[  158.136283][ T8064]  bpf_prog_load+0xe3f/0x2670
[  158.137513][ T8064]  ? __pfx_bpf_prog_load+0x10/0x10
[  158.138797][ T8064]  ? find_held_lock+0x2d/0x110
[  158.139982][ T8064]  __sys_bpf+0x4c8c/0x5780
[  158.141095][ T8064]  ? ksys_write+0x21e/0x260
[  158.142229][ T8064]  ? __pfx___sys_bpf+0x10/0x10
[  158.143440][ T8064]  ? vfs_write+0x14d/0x1140
[  158.144570][ T8064]  ? __mutex_unlock_slowpath+0x164/0x650
[  158.145922][ T8064]  ? fput+0x30/0x390
[  158.146910][ T8064]  ? ksys_write+0x1ad/0x260
[  158.148029][ T8064]  ? __pfx_ksys_write+0x10/0x10
[  158.149214][ T8064]  __ia32_sys_bpf+0x76/0xe0
[  158.150384][ T8064]  __do_fast_syscall_32+0x73/0x120
[  158.151717][ T8064]  do_fast_syscall_32+0x32/0x80
[  158.152989][ T8064]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  158.154623][ T8064] RIP: 0023:0xf7fb6579
[  158.155701][ T8064] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  158.160635][ T8064] RSP: 002b:00000000f573656c EFLAGS: 00000296 ORIG_RAX: 0000000000000165
[  158.162794][ T8064] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000020000700
[  158.164846][ T8064] RDX: 0000000000000090 RSI: 0000000000000000 RDI: 0000000000000000
[  158.166914][ T8064] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  158.168963][ T8064] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  158.171025][ T8064] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  158.173107][ T8064]  </TASK>
[  158.174201][    C3] vkms_vblank_simulate: vblank timer overrun
[  158.176449][ T8064] syz.0.794: vmalloc error: size 4096, failed to allocated page array size 8, mode:0xcc2(GFP_KERNEL|__GFP_HIGHMEM), nodemask=(null),cpuset=/,mems_allowed=0-1
[  158.180624][ T8064] CPU: 3 UID: 0 PID: 8064 Comm: syz.0.794 Not tainted 6.12.0-rc2-syzkaller-00058-g75b607fab38d #0
[  158.183290][ T8064] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  158.186043][ T8064] Call Trace:
[  158.186918][ T8064]  <TASK>
[  158.187700][ T8064]  dump_stack_lvl+0x16c/0x1f0
[  158.188917][ T8064]  warn_alloc+0x24d/0x3a0
[  158.189960][ T8064]  ? __pfx_warn_alloc+0x10/0x10
[  158.191189][ T8064]  ? dump_stack_lvl+0x1a1/0x1f0
[  158.192401][ T8064]  ? dump_stack_lvl+0x1a3/0x1f0
[  158.193671][ T8064]  ? rcu_is_watching+0x12/0xc0
[  158.194918][ T8064]  ? __kmalloc_node_noprof+0x22f/0x440
[  158.196357][ T8064]  __vmalloc_node_range_noprof+0x114a/0x15a0
[  158.197939][ T8064]  ? bpf_prog_calc_tag+0x100/0x780
[  158.199287][ T8064]  ? find_held_lock+0x2d/0x110
[  158.200552][ T8064]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  158.202203][ T8064]  ? pcpu_memcg_post_alloc_hook.part.0+0x2c2/0x640
[  158.203898][ T8064]  ? __pfx_lock_release+0x10/0x10
[  158.205227][ T8064]  ? trace_lock_acquire+0x14a/0x1d0
[  158.206579][ T8064]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  158.208150][ T8064]  ? bpf_prog_calc_tag+0x100/0x780
[  158.209493][ T8064]  vmalloc_noprof+0x6b/0x90
[  158.210699][ T8064]  ? bpf_prog_calc_tag+0x100/0x780
[  158.212077][ T8064]  bpf_prog_calc_tag+0x100/0x780
[  158.213377][ T8064]  ? __pfx_bpf_prog_calc_tag+0x10/0x10
[  158.214792][ T8064]  ? debug_mutex_init+0x37/0x70
[  158.216078][ T8064]  ? bpf_prog_alloc_no_stats+0x3d9/0x5e0
[  158.217556][ T8064]  jit_subprogs+0x719/0x3120
[  158.218767][ T8064]  ? __pfx_jit_subprogs+0x10/0x10
[  158.220091][ T8064]  bpf_check+0xa3ec/0xc7c0
[  158.221266][ T8064]  ? __pfx_bpf_check+0x10/0x10
[  158.222519][ T8064]  ? find_held_lock+0x2d/0x110
[  158.223773][ T8064]  ? ktime_get_with_offset+0x13a/0x240
[  158.225186][ T8064]  ? trace_lock_acquire+0x14a/0x1d0
[  158.226539][ T8064]  ? ktime_get_with_offset+0x13a/0x240
[  158.227958][ T8064]  ? timekeeping_debug_get_ns+0x3e0/0x5b0
[  158.229438][ T8064]  ? lockdep_hardirqs_on+0x7c/0x110
[  158.230838][ T8064]  ? bpf_obj_name_cpy+0x156/0x1b0
[  158.232160][ T8064]  bpf_prog_load+0xe3f/0x2670
[  158.233387][ T8064]  ? __pfx_bpf_prog_load+0x10/0x10
[  158.234712][ T8064]  ? find_held_lock+0x2d/0x110
[  158.235990][ T8064]  __sys_bpf+0x4c8c/0x5780
[  158.237156][ T8064]  ? ksys_write+0x21e/0x260
[  158.238342][ T8064]  ? __pfx___sys_bpf+0x10/0x10
[  158.239598][ T8064]  ? vfs_write+0x14d/0x1140
[  158.240779][ T8064]  ? __mutex_unlock_slowpath+0x164/0x650
[  158.242241][ T8064]  ? fput+0x30/0x390
[  158.243267][ T8064]  ? ksys_write+0x1ad/0x260
[  158.244455][ T8064]  ? __pfx_ksys_write+0x10/0x10
[  158.245721][ T8064]  __ia32_sys_bpf+0x76/0xe0
[  158.246905][ T8064]  __do_fast_syscall_32+0x73/0x120
[  158.248246][ T8064]  do_fast_syscall_32+0x32/0x80
[  158.249508][ T8064]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  158.251178][ T8064] RIP: 0023:0xf7fb6579
[  158.252301][ T8064] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  158.257221][ T8064] RSP: 002b:00000000f573656c EFLAGS: 00000296 ORIG_RAX: 0000000000000165
[  158.259356][ T8064] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000020000700
[  158.261380][ T8064] RDX: 0000000000000090 RSI: 0000000000000000 RDI: 0000000000000000
[  158.263406][ T8064] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  158.265422][ T8064] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  158.267445][ T8064] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  158.269481][ T8064]  </TASK>
[  158.270359][    C3] vkms_vblank_simulate: vblank timer overrun
[  158.273160][ T8064] Mem-Info:
[  158.274022][ T8064] active_anon:7473 inactive_anon:3 isolated_anon:0
[  158.274022][ T8064]  active_file:15392 inactive_file:29556 isolated_file:0
[  158.274022][ T8064]  unevictable:768 dirty:252 writeback:0
[  158.274022][ T8064]  slab_reclaimable:4827 slab_unreclaimable:57656
[  158.274022][ T8064]  mapped:21504 shmem:3809 pagetables:765
[  158.274022][ T8064]  sec_pagetables:317 bounce:0
[  158.274022][ T8064]  kernel_misc_reclaimable:0
[  158.274022][ T8064]  free:62931 free_pcp:881 free_cma:0
[  158.285369][ T8064] Node 0 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:24kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:6752kB dirty:20kB writeback:0kB shmem:1556kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:9744kB pagetables:1432kB sec_pagetables:1224kB all_unreclaimable? no
[  158.292939][ T8064] Node 1 active_anon:29992kB inactive_anon:12kB active_file:61568kB inactive_file:118200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:79268kB dirty:988kB writeback:0kB shmem:13684kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:2096kB pagetables:1628kB sec_pagetables:44kB all_unreclaimable? no
[  158.301174][ T8064] Node 0 DMA free:916kB boost:0kB min:760kB low:948kB high:1136kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:4kB unevictable:0kB writepending:4kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:104kB local_pcp:0kB free_cma:0kB
[  158.308162][ T8064] lowmem_reserve[]: 0 273 0 0 0
[  158.309364][ T8064] Node 0 DMA32 free:21096kB boost:0kB min:13904kB low:17380kB high:20856kB reserved_highatomic:4096KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:20kB unevictable:1536kB writepending:16kB present:1032196kB managed:306280kB mlocked:0kB bounce:0kB free_pcp:508kB local_pcp:8kB free_cma:0kB
[  158.316609][ T8064] lowmem_reserve[]: 0 0 0 0 0
[  158.317860][ T8064] Node 1 DMA32 free:229712kB boost:0kB min:47144kB low:58928kB high:70712kB reserved_highatomic:0KB active_anon:29992kB inactive_anon:12kB active_file:61568kB inactive_file:118200kB unevictable:1536kB writepending:988kB present:1048432kB managed:948252kB mlocked:0kB bounce:0kB free_pcp:2984kB local_pcp:620kB free_cma:0kB
[  158.325528][ T8064] lowmem_reserve[]: 0 0 0 0 0
[  158.327096][ T8064] Node 0 DMA: 10*4kB (U) 0*8kB 3*16kB (U) 27*32kB (U) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 952kB
[  158.330339][ T8064] Node 0 DMA32: 136*4kB (UMEH) 87*8kB (UMEH) 39*16kB (UMEH) 43*32kB (UMEH) 45*64kB (UMEH) 23*128kB (UME) 3*256kB (M) 8*512kB (UMH) 3*1024kB (UM) 2*2048kB (M) 0*4096kB = 21096kB
[  158.335025][ T8064] Node 1 DMA32: 55*4kB (UME) 130*8kB (UME) 212*16kB (UME) 233*32kB (UME) 146*64kB (UME) 10*128kB (ME) 10*256kB (M) 29*512kB (UME) 27*1024kB (UME) 19*2048kB (UME) 30*4096kB (UM) = 229580kB
[  158.339828][ T8064] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  158.342334][ T8064] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  158.344701][ T8064] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  158.347172][ T8064] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  158.349557][ T8064] 49537 total pagecache pages
[  158.350795][ T8064] 775 pages in swap cache
[  158.351933][ T8064] Free swap  = 113252kB
[  158.353105][ T8064] Total swap = 124996kB
[  158.354199][ T8064] 524155 pages RAM
[  158.355184][ T8064] 0 pages HighMem/MovableOnly
[  158.356422][ T8064] 206682 pages reserved
[  158.357510][ T8064] 0 pages cma reserved
[  158.380072][ T8066] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check.
[  158.459501][ T8070] FAULT_INJECTION: forcing a failure.
[  158.459501][ T8070] name failslab, interval 1, probability 0, space 0, times 0
[  158.463152][ T8070] CPU: 0 UID: 0 PID: 8070 Comm: syz.2.797 Not tainted 6.12.0-rc2-syzkaller-00058-g75b607fab38d #0
[  158.465888][ T8070] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  158.468658][ T8070] Call Trace:
[  158.469631][ T8070]  <TASK>
[  158.470428][ T8070]  dump_stack_lvl+0x16c/0x1f0
[  158.471771][ T8070]  should_fail_ex+0x497/0x5b0
[  158.473024][ T8070]  ? fs_reclaim_acquire+0xae/0x160
[  158.474365][ T8070]  should_failslab+0xc2/0x120
[  158.475615][ T8070]  kmem_cache_alloc_lru_noprof+0x72/0x2f0
[  158.477093][ T8070]  ? __d_alloc+0x35/0x8c0
[  158.478241][ T8070]  __d_alloc+0x35/0x8c0
[  158.479345][ T8070]  d_alloc+0x4a/0x1e0
[  158.480399][ T8070]  d_alloc_parallel+0xe9/0x12b0
[  158.481681][ T8070]  ? __pfx_d_alloc_parallel+0x10/0x10
[  158.483084][ T8070]  ? lockdep_init_map_type+0x16d/0x7d0
[  158.484548][ T8070]  ? mark_lock+0xb5/0xc60
[  158.485687][ T8070]  ? lockdep_init_map_type+0x16d/0x7d0
[  158.487116][ T8070]  __lookup_slow+0x194/0x460
[  158.488346][ T8070]  ? __pfx___lookup_slow+0x10/0x10
[  158.489683][ T8070]  ? __pfx_lock_release+0x10/0x10
[  158.491011][ T8070]  ? d_lookup+0xe9/0x180
[  158.492141][ T8070]  lookup_one_len+0x181/0x1b0
[  158.493386][ T8070]  ? __pfx_lookup_one_len+0x10/0x10
[  158.494750][ T8070]  ? mntput+0x10/0x90
[  158.495820][ T8070]  start_creating.part.0+0x12f/0x3a0
[  158.497242][ T8070]  __debugfs_create_file+0xa5/0x660
[  158.498609][ T8070]  kvm_dev_ioctl+0x16ba/0x1ab0
[  158.499875][ T8070]  ? __pfx_kvm_dev_ioctl+0x10/0x10
[  158.501224][ T8070]  ? __pfx_kvm_dev_ioctl+0x10/0x10
[  158.502566][ T8070]  __do_compat_sys_ioctl+0x259/0x2b0
[  158.503956][ T8070]  __do_fast_syscall_32+0x73/0x120
[  158.505296][ T8070]  do_fast_syscall_32+0x32/0x80
[  158.506572][ T8070]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  158.508231][ T8070] RIP: 0023:0xf7f32579
[  158.509304][ T8070] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  158.514256][ T8070] RSP: 002b:00000000f56b656c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  158.516422][ T8070] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000000ae01
[  158.518454][ T8070] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  158.520513][ T8070] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  158.522564][ T8070] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  158.524616][ T8070] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  158.526673][ T8070]  </TASK>
[  158.701036][ T8079] FAULT_INJECTION: forcing a failure.
[  158.701036][ T8079] name failslab, interval 1, probability 0, space 0, times 0
[  158.704530][ T8079] CPU: 0 UID: 0 PID: 8079 Comm: syz.2.799 Not tainted 6.12.0-rc2-syzkaller-00058-g75b607fab38d #0
[  158.707287][ T8079] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  158.710064][ T8079] Call Trace:
[  158.710943][ T8079]  <TASK>
[  158.711727][ T8079]  dump_stack_lvl+0x16c/0x1f0
[  158.712968][ T8079]  should_fail_ex+0x497/0x5b0
[  158.714208][ T8079]  ? fs_reclaim_acquire+0xae/0x160
[  158.715565][ T8079]  should_failslab+0xc2/0x120
[  158.716793][ T8079]  __kmalloc_cache_noprof+0x6b/0x310
[  158.718167][ T8079]  ? tcf_block_get_ext+0x15c/0x17e0
[  158.719526][ T8079]  tcf_block_get_ext+0x15c/0x17e0
[  158.720845][ T8079]  ? kasan_save_track+0x14/0x30
[  158.722119][ T8079]  clsact_init+0x209/0xbb0
[  158.723290][ T8079]  ? __pfx_clsact_init+0x10/0x10
[  158.724617][ T8079]  ? __pfx_clsact_egress_block_set+0x10/0x10
[  158.726176][ T8079]  qdisc_create+0x4f1/0x1100
[  158.727401][ T8079]  ? __pfx_qdisc_create+0x10/0x10
[  158.728755][ T8079]  tc_modify_qdisc+0xd55/0x1c40
[  158.730006][ T8079]  ? __pfx_tc_modify_qdisc+0x10/0x10
[  158.731389][ T8079]  ? __mutex_lock+0x1a6/0x9c0
[  158.732632][ T8079]  ? __pfx_tc_modify_qdisc+0x10/0x10
[  158.734006][ T8079]  rtnetlink_rcv_msg+0x3c7/0xea0
[  158.735326][ T8079]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  158.736749][ T8079]  ? __pfx___dev_queue_xmit+0x10/0x10
[  158.738156][ T8079]  netlink_rcv_skb+0x165/0x410
[  158.739411][ T8079]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  158.740825][ T8079]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  158.742196][ T8079]  ? netlink_deliver_tap+0x1ae/0xcf0
[  158.743576][ T8079]  netlink_unicast+0x53c/0x7f0
[  158.744828][ T8079]  ? __pfx_netlink_unicast+0x10/0x10
[  158.746204][ T8079]  ? __phys_addr_symbol+0x30/0x80
[  158.747521][ T8079]  ? __check_object_size+0x488/0x710
[  158.748909][ T8079]  netlink_sendmsg+0x8b8/0xd70
[  158.750176][ T8079]  ? __pfx_netlink_sendmsg+0x10/0x10
[  158.751543][ T8079]  ? lock_acquire+0x2f/0xb0
[  158.752690][ T8079]  ____sys_sendmsg+0x9ae/0xb40
[  158.753909][ T8079]  ? __pfx_____sys_sendmsg+0x10/0x10
[  158.755282][ T8079]  ? get_compat_msghdr+0x11b/0x170
[  158.756628][ T8079]  ? __pfx___lock_acquire+0x10/0x10
[  158.757996][ T8079]  ___sys_sendmsg+0x135/0x1e0
[  158.759235][ T8079]  ? __pfx____sys_sendmsg+0x10/0x10
[  158.760606][ T8079]  ? lock_acquire+0x2f/0xb0
[  158.761794][ T8079]  ? __fget_files+0x40/0x3f0
[  158.763008][ T8079]  ? fdget+0x176/0x210
[  158.764084][ T8079]  __sys_sendmsg+0x117/0x1f0
[  158.765299][ T8079]  ? __pfx___sys_sendmsg+0x10/0x10
[  158.766641][ T8079]  ? __fget_files+0x244/0x3f0
[  158.767852][ T8079]  __do_fast_syscall_32+0x73/0x120
[  158.769177][ T8079]  do_fast_syscall_32+0x32/0x80
[  158.770421][ T8079]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  158.772043][ T8079] RIP: 0023:0xf7f32579
[  158.773089][ T8079] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  158.777927][ T8079] RSP: 002b:00000000f569556c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  158.780078][ T8079] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 00000000200012c0
[  158.782087][ T8079] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  158.784107][ T8079] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  158.786143][ T8079] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  158.788221][ T8079] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  158.790254][ T8079]  </TASK>
[  159.276000][ T8081] IPVS: rr: TCP 172.20.20.170:0 - no destination available
[  159.951921][ T8122] input: syz1 as /devices/virtual/input/input34
[  159.955429][ T8122] FAULT_INJECTION: forcing a failure.
[  159.955429][ T8122] name failslab, interval 1, probability 0, space 0, times 0
[  159.959600][ T8122] CPU: 0 UID: 0 PID: 8122 Comm: syz.2.814 Not tainted 6.12.0-rc2-syzkaller-00058-g75b607fab38d #0
[  159.962536][ T8122] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  159.965286][ T8122] Call Trace:
[  159.966153][ T8122]  <TASK>
[  159.966925][ T8122]  dump_stack_lvl+0x16c/0x1f0
[  159.968166][ T8122]  should_fail_ex+0x497/0x5b0
[  159.969392][ T8122]  ? fs_reclaim_acquire+0xae/0x160
[  159.970717][ T8122]  should_failslab+0xc2/0x120
[  159.971946][ T8122]  __kmalloc_cache_noprof+0x6b/0x310
[  159.973311][ T8122]  ? kobject_uevent_env+0x265/0x1670
[  159.974572][ T8122]  kobject_uevent_env+0x265/0x1670
[  159.975869][ T8122]  ? __pfx_dev_uevent_name+0x10/0x10
[  159.977249][ T8122]  ? sysfs_do_create_link_sd+0xbb/0x140
[  159.978550][ T8122]  ? bus_to_subsys+0x12d/0x160
[  159.979677][ T8122]  device_add+0x10e0/0x1a70
[  159.980849][ T8122]  ? __pfx_device_add+0x10/0x10
[  159.982109][ T8122]  ? __pfx_exact_lock+0x10/0x10
[  159.983372][ T8122]  ? kobject_get+0xbb/0x150
[  159.984560][ T8122]  cdev_device_add+0x12b/0x270
[  159.985808][ T8122]  evdev_connect+0x3a4/0x4c0
[  159.987009][ T8122]  input_attach_handler.isra.0+0x181/0x260
[  159.988523][ T8122]  input_register_device+0xa14/0x10e0
[  159.989907][ T8122]  uinput_ioctl_handler.isra.0+0x130c/0x1d70
[  159.991463][ T8122]  ? __pfx_uinput_ioctl_handler.isra.0+0x10/0x10
[  159.993099][ T8122]  ? trace_lock_acquire+0x14a/0x1d0
[  159.994448][ T8122]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  159.995988][ T8122]  ? __pfx_uinput_compat_ioctl+0x10/0x10
[  159.997437][ T8122]  __do_compat_sys_ioctl+0x259/0x2b0
[  159.998811][ T8122]  __do_fast_syscall_32+0x73/0x120
[  160.000126][ T8122]  do_fast_syscall_32+0x32/0x80
[  160.001279][ T8122]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  160.002738][ T8122] RIP: 0023:0xf7f32579
[  160.003767][ T8122] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  160.008509][ T8122] RSP: 002b:00000000f56b656c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  160.010627][ T8122] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000005501
[  160.012606][ T8122] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  160.014641][ T8122] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  160.016594][ T8122] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  160.018461][ T8122] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  160.020460][ T8122]  </TASK>
[  160.156171][ T8129] netlink: 4 bytes leftover after parsing attributes in process `syz.2.817'.
[  160.500253][ T8148] FAULT_INJECTION: forcing a failure.
[  160.500253][ T8148] name failslab, interval 1, probability 0, space 0, times 0
[  160.505446][ T8148] CPU: 3 UID: 0 PID: 8148 Comm: syz.1.822 Not tainted 6.12.0-rc2-syzkaller-00058-g75b607fab38d #0
[  160.508165][ T8148] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  160.510906][ T8148] Call Trace:
[  160.511784][ T8148]  <TASK>
[  160.512567][ T8148]  dump_stack_lvl+0x16c/0x1f0
[  160.513920][ T8148]  should_fail_ex+0x497/0x5b0
[  160.515321][ T8148]  ? fs_reclaim_acquire+0xae/0x160
[  160.516650][ T8148]  should_failslab+0xc2/0x120
[  160.517881][ T8148]  __kmalloc_noprof+0xcb/0x410
[  160.519132][ T8148]  io_alloc_async_data+0x9d/0x150
[  160.520453][ T8148]  __io_timeout_prep+0x2eb/0x8e0
[  160.521743][ T8148]  io_submit_sqes+0x8aa/0x2530
[  160.522994][ T8148]  __do_sys_io_uring_enter+0xc0f/0x1170
[  160.524444][ T8148]  ? __fget_files+0x244/0x3f0
[  160.525671][ T8148]  ? __pfx___do_sys_io_uring_enter+0x10/0x10
[  160.527230][ T8148]  ? fput+0x30/0x390
[  160.528268][ T8148]  ? ksys_write+0x1ad/0x260
[  160.529460][ T8148]  ? __pfx_ksys_write+0x10/0x10
[  160.530735][ T8148]  __do_fast_syscall_32+0x73/0x120
[  160.532085][ T8148]  do_fast_syscall_32+0x32/0x80
[  160.533351][ T8148]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  160.535025][ T8148] RIP: 0023:0xf7f71579
[  160.536099][ T8148] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  160.540973][ T8148] RSP: 002b:00000000f56f656c EFLAGS: 00000296 ORIG_RAX: 00000000000001aa
[  160.543131][ T8148] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000000045f6
[  160.545171][ T8148] RDX: 000000000000d761 RSI: 0000000000000000 RDI: 0000000000000000
[  160.547200][ T8148] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  160.549241][ T8148] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  160.551272][ T8148] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  160.553340][ T8148]  </TASK>
[  160.554235][    C3] vkms_vblank_simulate: vblank timer overrun
[  160.907761][ T8162] binder: 8161:8162 ioctl 5393 200000c0 returned -22
[  160.909646][ T8162] binder: 8161:8162 ioctl 5393 200000c0 returned -22
[  160.911467][ T8162] binder: 8161:8162 ioctl 5393 200000c0 returned -22
[  160.930478][ T8162] binder: 8161:8162 ioctl 5393 200000c0 returned -22
[  160.940319][ T8165] FAULT_INJECTION: forcing a failure.
[  160.940319][ T8165] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  160.942273][ T8162] binder: 8161:8162 ioctl 5393 200000c0 returned -22
[  160.944077][ T8165] CPU: 2 UID: 0 PID: 8165 Comm: syz.3.826 Not tainted 6.12.0-rc2-syzkaller-00058-g75b607fab38d #0
[  160.945679][ T8162] binder: 8161:8162 ioctl 5393 200000c0 returned -22
[  160.948342][ T8165] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  160.950090][ T8162] binder: 8161:8162 ioctl 5393 200000c0 returned -22
[  160.952808][ T8165] Call Trace:
[  160.952816][ T8165]  <TASK>
[  160.952821][ T8165]  dump_stack_lvl+0x16c/0x1f0
[  160.952842][ T8165]  should_fail_ex+0x497/0x5b0
[  160.952861][ T8165]  _copy_from_user+0x30/0xf0
[  160.952873][ T8165]  input_event_from_user+0x22d/0x3b0
[  160.961321][ T8165]  ? __pfx_input_event_from_user+0x10/0x10
[  160.962848][ T8165]  ? input_inject_event+0x193/0x370
[  160.964176][ T8165]  evdev_write+0x377/0x750
[  160.965291][ T8165]  ? __pfx_evdev_write+0x10/0x10
[  160.966494][ T8165]  ? bpf_lsm_file_permission+0x9/0x10
[  160.967833][ T8165]  ? security_file_permission+0x71/0x210
[  160.969163][ T8165]  ? __pfx_evdev_write+0x10/0x10
[  160.970449][ T8165]  vfs_write+0x28e/0x1140
[  160.971580][ T8165]  ? __fget_files+0x23a/0x3f0
[  160.972786][ T8165]  ? __pfx_lock_release+0x10/0x10
[  160.973982][ T8165]  ? trace_lock_acquire+0x14a/0x1d0
[  160.975239][ T8165]  ? __pfx_vfs_write+0x10/0x10
[  160.976444][ T8165]  ? lock_acquire+0x2f/0xb0
[  160.977526][ T8165]  ? __fget_files+0x40/0x3f0
[  160.978732][ T8165]  ? __fget_files+0x244/0x3f0
[  160.980088][ T8165]  ksys_write+0x1fa/0x260
[  160.981216][ T8165]  ? __pfx_ksys_write+0x10/0x10
[  160.982489][ T8165]  __do_fast_syscall_32+0x73/0x120
[  160.983828][ T8165]  do_fast_syscall_32+0x32/0x80
[  160.985092][ T8165]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  160.986723][ T8165] RIP: 0023:0xf741e579
[  160.987791][ T8165] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  160.992753][ T8165] RSP: 002b:00000000f56e556c EFLAGS: 00000296 ORIG_RAX: 0000000000000004
[  160.994887][ T8165] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 0000000020000040
[  160.996936][ T8165] RDX: 00000000000012d8 RSI: 0000000000000000 RDI: 0000000000000000
[  160.998955][ T8165] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  161.001116][ T8165] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  161.003011][ T8165] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  161.004970][ T8165]  </TASK>
[  161.005838][ T8162] binder: 8161:8162 ioctl 5393 200000c0 returned -22
[  161.007743][ T8162] binder: 8161:8162 ioctl 5393 200000c0 returned -22
[  161.009996][ T8162] binder: 8161:8162 ioctl 5393 200000c0 returned -22
[  161.032293][ T8162] binder: 8161:8162 ioctl 5393 200000c0 returned -22
[  161.034121][ T8162] binder: 8161:8162 ioctl 5393 200000c0 returned -22
[  161.035938][ T8162] binder: 8161:8162 ioctl 5393 200000c0 returned -22
[  161.037720][ T8162] binder: 8161:8162 ioctl 5393 200000c0 returned -22
[  161.039508][ T8162] binder: 8161:8162 ioctl 5393 200000c0 returned -22
[  161.041284][ T8162] binder: 8161:8162 ioctl 5393 200000c0 returned -22
[  161.047216][ T8162] binder: 8161:8162 ioctl 5393 200000c0 returned -22
[  161.049355][ T8162] binder: 8161:8162 ioctl 5393 200000c0 returned -22
[  161.051152][ T8162] binder: 8161:8162 ioctl 5393 200000c0 returned -22
[  161.053536][ T8162] binder: 8161:8162 ioctl 5393 200000c0 returned -22
[  161.055380][ T8162] binder: 8161:8162 ioctl 5393 200000c0 returned -22
[  161.057178][ T8162] binder: 8161:8162 ioctl 5393 200000c0 returned -22
[  161.059250][ T8162] binder: 8161:8162 ioctl 5393 200000c0 returned -22
[  161.061077][ T8162] binder: 8161:8162 ioctl 5393 200000c0 returned -22
[  161.063126][ T8162] binder: 8161:8162 ioctl 5393 200000c0 returned -22
[  161.064932][ T8162] binder: 8161:8162 ioctl 5393 200000c0 returned -22
[  161.066690][ T8162] binder: 8161:8162 ioctl 5393 200000c0 returned -22
[  161.068443][ T8162] binder: 8161:8162 ioctl 5393 200000c0 returned -22
[  161.070816][ T8162] binder: 8161:8162 ioctl 5393 200000c0 returned -22
[  161.075060][ T8162] binder: 8161:8162 ioctl 5393 200000c0 returned -22
[  161.076893][ T8162] binder: 8161:8162 ioctl 5393 200000c0 returned -22
[  161.078671][ T8162] binder: 8161:8162 ioctl 5393 200000c0 returned -22
[  161.080489][ T8162] binder: 8161:8162 ioctl 5393 200000c0 returned -22
[  161.155665][ T8177] netlink: 'syz.3.831': attribute type 1 has an invalid length.
[  161.157677][ T8177] netlink: 224 bytes leftover after parsing attributes in process `syz.3.831'.
[  161.165022][ T8177] netlink: 4 bytes leftover after parsing attributes in process `syz.3.831'.
[  161.431390][ T8188] netlink: 224 bytes leftover after parsing attributes in process `syz.3.835'.
[  162.175463][ T8207] netlink: 'syz.0.840': attribute type 1 has an invalid length.
[  162.178919][ T8207] netlink: 224 bytes leftover after parsing attributes in process `syz.0.840'.
[  162.211778][ T8207] netlink: 4 bytes leftover after parsing attributes in process `syz.0.840'.
[  162.775647][ T8234] netlink: 'syz.3.849': attribute type 1 has an invalid length.
[  162.778382][ T8234] netlink: 224 bytes leftover after parsing attributes in process `syz.3.849'.
[  162.794094][ T8234] netlink: 4 bytes leftover after parsing attributes in process `syz.3.849'.
[  162.894694][ T8238] openvswitch: netlink: Actions may not be safe on all matching packets
[  163.152790][ T8243] FAULT_INJECTION: forcing a failure.
[  163.152790][ T8243] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  163.156139][ T8243] CPU: 2 UID: 0 PID: 8243 Comm: syz.3.853 Not tainted 6.12.0-rc2-syzkaller-00058-g75b607fab38d #0
[  163.158830][ T8243] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  163.161615][ T8243] Call Trace:
[  163.162489][ T8243]  <TASK>
[  163.163259][ T8243]  dump_stack_lvl+0x16c/0x1f0
[  163.164508][ T8243]  should_fail_ex+0x497/0x5b0
[  163.165738][ T8243]  __fpu_restore_sig+0xa9c/0x1430
[  163.167048][ T8243]  ? __pfx___fpu_restore_sig+0x10/0x10
[  163.168457][ T8243]  ? lock_acquire+0x2f/0xb0
[  163.169638][ T8243]  ? __might_fault+0xe3/0x190
[  163.170861][ T8243]  ? __might_fault+0xe3/0x190
[  163.172093][ T8243]  fpu__restore_sig+0x102/0x180
[  163.173358][ T8243]  ia32_restore_sigcontext+0x40f/0x5d0
[  163.174761][ T8243]  ? __pfx_ia32_restore_sigcontext+0x10/0x10
[  163.176315][ T8243]  ? __pfx_lock_release+0x10/0x10
[  163.177632][ T8243]  ? _raw_spin_unlock_irq+0x23/0x50
[  163.178976][ T8243]  ? lockdep_hardirqs_on+0x7c/0x110
[  163.180330][ T8243]  __do_compat_sys_rt_sigreturn+0x116/0x1f0
[  163.181846][ T8243]  ? __pfx___do_compat_sys_rt_sigreturn+0x10/0x10
[  163.183510][ T8243]  do_int80_emulation+0x104/0x200
[  163.184825][ T8243]  asm_int80_emulation+0x1a/0x20
[  163.186113][ T8243] RIP: 0023:0xf741e577
[  163.187170][ T8243] Code: 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 <cd> 80 5d 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00
[  163.191970][ T8243] RSP: 002b:00000000f570656c EFLAGS: 00000296
[  163.193548][ T8243] RAX: 0000000000000003 RBX: 0000000000000004 RCX: 00000000200002c0
[  163.195587][ T8243] RDX: 0000000000002020 RSI: 0000000000000000 RDI: 0000000000000000
[  163.197608][ T8243] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  163.199644][ T8243] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  163.201666][ T8243] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  163.203719][ T8243]  </TASK>
[  163.593601][ T8263] FAULT_INJECTION: forcing a failure.
[  163.593601][ T8263] name failslab, interval 1, probability 0, space 0, times 0
[  163.601780][ T8263] CPU: 1 UID: 0 PID: 8263 Comm: syz.0.859 Not tainted 6.12.0-rc2-syzkaller-00058-g75b607fab38d #0
[  163.604534][ T8263] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  163.607334][ T8263] Call Trace:
[  163.608217][ T8263]  <TASK>
[  163.609005][ T8263]  dump_stack_lvl+0x16c/0x1f0
[  163.610284][ T8263]  should_fail_ex+0x497/0x5b0
[  163.611579][ T8263]  ? fs_reclaim_acquire+0xae/0x160
[  163.613025][ T8263]  should_failslab+0xc2/0x120
[  163.614330][ T8263]  kmem_cache_alloc_noprof+0x6e/0x2f0
[  163.615693][ T8263]  ? getname_flags.part.0+0x379/0x550
[  163.617031][ T8263]  ? getname_flags.part.0+0x4c/0x550
[  163.618413][ T8263]  getname_flags.part.0+0x4c/0x550
[  163.619766][ T8263]  getname_uflags+0x9d/0xf0
[  163.620910][ T8263]  io_linkat_prep+0x205/0x3f0
[  163.622154][ T8263]  io_submit_sqes+0x8aa/0x2530
[  163.623426][ T8263]  __do_sys_io_uring_enter+0xc0f/0x1170
[  163.624872][ T8263]  ? __fget_files+0x244/0x3f0
[  163.626272][ T8263]  ? __pfx___do_sys_io_uring_enter+0x10/0x10
[  163.627841][ T8263]  ? fput+0x30/0x390
[  163.628878][ T8263]  ? ksys_write+0x1ad/0x260
[  163.630072][ T8263]  ? __pfx_ksys_write+0x10/0x10
[  163.631358][ T8263]  __do_fast_syscall_32+0x73/0x120
[  163.632700][ T8263]  do_fast_syscall_32+0x32/0x80
[  163.633977][ T8263]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  163.635636][ T8263] RIP: 0023:0xf7fb6579
[  163.636704][ T8263] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  163.641626][ T8263] RSP: 002b:00000000f571556c EFLAGS: 00000296 ORIG_RAX: 00000000000001aa
[  163.643780][ T8263] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 00000000000047f9
[  163.645752][ T8263] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  163.647792][ T8263] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  163.649826][ T8263] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  163.651880][ T8263] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  163.653926][ T8263]  </TASK>
[  163.701741][ T8273] netlink: 'syz.2.863': attribute type 10 has an invalid length.
[  163.906206][ T8281] netlink: 48 bytes leftover after parsing attributes in process `syz.1.866'.
[  164.127746][ T8292] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(5)
[  164.130128][ T8292] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  164.132922][ T8292] vhci_hcd vhci_hcd.0: Device attached
[  164.137619][ T8292] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(7)
[  164.139910][ T8292] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  164.149526][ T8292] vhci_hcd vhci_hcd.0: Device attached
[  164.152331][ T8295] usbip_core: unknown command
[  164.154040][ T8295] vhci_hcd: unknown pdu 0
[  164.155549][ T8295] usbip_core: unknown command
[  164.162042][ T1100] vhci_hcd: stop threads
[  164.169292][ T1100] vhci_hcd: release socket
[  164.171895][ T1100] vhci_hcd: disconnect device
[  164.205379][ T8293] vhci_hcd: connection closed
[  164.205561][ T1100] vhci_hcd: stop threads
[  164.208052][ T1100] vhci_hcd: release socket
[  164.209216][ T1100] vhci_hcd: disconnect device
[  165.219000][ T8330] netlink: 112 bytes leftover after parsing attributes in process `syz.0.876'.
[  165.313339][ T8339] netlink: 'syz.1.881': attribute type 1 has an invalid length.
[  165.315431][ T8339] netlink: 224 bytes leftover after parsing attributes in process `syz.1.881'.
[  165.325163][ T8339] netlink: 88 bytes leftover after parsing attributes in process `syz.1.881'.
[  165.698345][ T8361] netlink: 32 bytes leftover after parsing attributes in process `syz.3.887'.
[  165.920213][ T5403] usb 7-1: new full-speed USB device number 17 using dummy_hcd
[  166.074121][ T5403] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  166.076763][ T5403] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 2
[  166.079045][ T5403] usb 7-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[  166.081356][ T5403] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  166.086668][ T5403] usb 7-1: config 0 descriptor??
[  166.089715][ T5403] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[  166.091669][ T5403] dvb-usb: bulk message failed: -22 (3/0)
[  166.095515][ T5403] dvb-usb: will use the device's hardware PID filter (table count: 16).
[  166.100470][ T5403] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[  166.104417][ T5403] usb 7-1: media controller created
[  166.106150][ T5403] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  166.111523][ T5403] dvb-usb: bulk message failed: -22 (6/0)
[  166.113076][ T5403] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[  166.124860][ T5403] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.2/usb7/7-1/input/input36
[  166.129405][ T5403] dvb-usb: schedule remote query interval to 150 msecs.
[  166.131264][ T5403] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[  166.297927][ T8354] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  166.300916][ T5403] dvb-usb: bulk message failed: -22 (1/0)
[  166.303001][ T5403] dvb-usb: error while querying for an remote control event.
[  166.303380][ T8354] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  166.321470][    T8] usb 7-1: USB disconnect, device number 17
[  166.337655][    T8] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[  166.567683][ T8372] netlink: 'syz.3.890': attribute type 1 has an invalid length.
[  166.569703][ T8372] netlink: 224 bytes leftover after parsing attributes in process `syz.3.890'.
[  166.579167][ T8372] netlink: 88 bytes leftover after parsing attributes in process `syz.3.890'.
[  167.070647][ T8393] program syz.0.896 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  168.114285][ T8405] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  168.118063][ T8405] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  168.187146][   T39] audit: type=1326 audit(1728505406.791:531): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8407 comm="syz.0.900" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7fb6579 code=0x0
[  168.712216][    T8] usb 7-1: new full-speed USB device number 18 using dummy_hcd
[  168.865358][    T8] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  168.868144][    T8] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 2
[  168.870562][    T8] usb 7-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[  168.877263][    T8] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  168.890834][    T8] usb 7-1: config 0 descriptor??
[  168.896270][    T8] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[  168.900626][    T8] dvb-usb: bulk message failed: -22 (3/0)
[  168.908754][    T8] dvb-usb: will use the device's hardware PID filter (table count: 16).
[  168.914562][    T8] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[  168.916669][    T8] usb 7-1: media controller created
[  168.919912][    T8] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  168.932854][    T8] dvb-usb: bulk message failed: -22 (6/0)
[  168.935655][    T8] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[  168.949886][    T8] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.2/usb7/7-1/input/input38
[  168.959101][    T8] dvb-usb: schedule remote query interval to 150 msecs.
[  168.960947][    T8] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[  169.096666][ T8416] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  169.106568][ T8416] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  169.112220][    T8] dvb-usb: bulk message failed: -22 (1/0)
[  169.113919][    T8] dvb-usb: error while querying for an remote control event.
[  169.116596][ T5403] usb 7-1: USB disconnect, device number 18
[  169.124830][ T5403] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[  169.489740][ T8439] netlink: 'syz.1.908': attribute type 1 has an invalid length.
[  169.491992][ T8439] netlink: 224 bytes leftover after parsing attributes in process `syz.1.908'.
[  169.686457][ T8445] FAULT_INJECTION: forcing a failure.
[  169.686457][ T8445] name failslab, interval 1, probability 0, space 0, times 0
[  169.689760][ T8445] CPU: 1 UID: 0 PID: 8445 Comm: syz.2.911 Not tainted 6.12.0-rc2-syzkaller-00058-g75b607fab38d #0
[  169.692515][ T8445] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  169.695269][ T8445] Call Trace:
[  169.696146][ T8445]  <TASK>
[  169.696924][ T8445]  dump_stack_lvl+0x16c/0x1f0
[  169.698166][ T8445]  should_fail_ex+0x497/0x5b0
[  169.699411][ T8445]  ? fs_reclaim_acquire+0xae/0x160
[  169.700751][ T8445]  should_failslab+0xc2/0x120
[  169.701987][ T8445]  kmem_cache_alloc_node_noprof+0x71/0x310
[  169.703530][ T8445]  ? __alloc_skb+0x2b3/0x380
[  169.704746][ T8445]  ? __pfx_mark_lock+0x10/0x10
[  169.706008][ T8445]  __alloc_skb+0x2b3/0x380
[  169.707187][ T8445]  ? __pfx___alloc_skb+0x10/0x10
[  169.708470][ T8445]  ? aa_get_newest_label+0x376/0x680
[  169.709852][ T8445]  ? kasan_save_free_info+0x3b/0x60
[  169.711221][ T8445]  tipc_nl_compat_doit+0x1a1/0x670
[  169.712623][ T8445]  ? __pfx_tipc_nl_compat_doit+0x10/0x10
[  169.714087][ T8445]  ? security_capable+0x7e/0x260
[  169.715406][ T8445]  ? ns_capable+0xd7/0x110
[  169.716578][ T8445]  tipc_nl_compat_recv+0x8e8/0xc00
[  169.717919][ T8445]  ? __pfx_tipc_nl_compat_recv+0x10/0x10
[  169.719390][ T8445]  ? __pfx_tipc_nl_node_set_link+0x10/0x10
[  169.720913][ T8445]  ? __pfx_tipc_nl_compat_link_set+0x10/0x10
[  169.722475][ T8445]  ? __mutex_trylock_common+0xea/0x250
[  169.723907][ T8445]  ? rcu_is_watching+0x12/0xc0
[  169.725162][ T8445]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290
[  169.727073][ T8445]  genl_family_rcv_msg_doit+0x202/0x2f0
[  169.728526][ T8445]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  169.730115][ T8445]  ? __radix_tree_lookup+0x21f/0x2c0
[  169.731503][ T8445]  genl_rcv_msg+0x565/0x800
[  169.732697][ T8445]  ? __pfx_genl_rcv_msg+0x10/0x10
[  169.734013][ T8445]  ? __pfx_tipc_nl_compat_recv+0x10/0x10
[  169.735499][ T8445]  netlink_rcv_skb+0x165/0x410
[  169.736749][ T8445]  ? __pfx_genl_rcv_msg+0x10/0x10
[  169.738070][ T8445]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  169.739449][ T8445]  ? down_read+0xc9/0x330
[  169.740580][ T8445]  ? __pfx_down_read+0x10/0x10
[  169.741836][ T8445]  ? netlink_deliver_tap+0x1ae/0xcf0
[  169.743233][ T8445]  genl_rcv+0x28/0x40
[  169.744282][ T8445]  netlink_unicast+0x53c/0x7f0
[  169.745536][ T8445]  ? __pfx_netlink_unicast+0x10/0x10
[  169.746905][ T8445]  ? __phys_addr_symbol+0x30/0x80
[  169.748222][ T8445]  ? __check_object_size+0x488/0x710
[  169.749621][ T8445]  netlink_sendmsg+0x8b8/0xd70
[  169.750872][ T8445]  ? __pfx_netlink_sendmsg+0x10/0x10
[  169.752255][ T8445]  ? lock_acquire+0x2f/0xb0
[  169.753454][ T8445]  ____sys_sendmsg+0x9ae/0xb40
[  169.754707][ T8445]  ? __pfx_____sys_sendmsg+0x10/0x10
[  169.756106][ T8445]  ? get_compat_msghdr+0x11b/0x170
[  169.757440][ T8445]  ? __pfx___lock_acquire+0x10/0x10
[  169.758746][ T8445]  ___sys_sendmsg+0x135/0x1e0
[  169.759985][ T8445]  ? __pfx____sys_sendmsg+0x10/0x10
[  169.761347][ T8445]  ? lock_acquire+0x2f/0xb0
[  169.762535][ T8445]  ? __fget_files+0x40/0x3f0
[  169.763755][ T8445]  ? fdget+0x176/0x210
[  169.764823][ T8445]  __sys_sendmsg+0x117/0x1f0
[  169.766037][ T8445]  ? __pfx___sys_sendmsg+0x10/0x10
[  169.767375][ T8445]  ? __fget_files+0x244/0x3f0
[  169.768613][ T8445]  __do_fast_syscall_32+0x73/0x120
[  169.769958][ T8445]  do_fast_syscall_32+0x32/0x80
[  169.771241][ T8445]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  169.772893][ T8445] RIP: 0023:0xf7f32579
[  169.773961][ T8445] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  169.778913][ T8445] RSP: 002b:00000000f56b656c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  169.781083][ T8445] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000020000140
[  169.783124][ T8445] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  169.785173][ T8445] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  169.787209][ T8445] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  169.789260][ T8445] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  169.791321][ T8445]  </TASK>
[  169.990183][ T8450] netlink: 32 bytes leftover after parsing attributes in process `syz.2.911'.
[  170.007327][ T8450] x_tables: ip6_tables: TCPMSS target: only valid for protocol 6
[  170.927292][ T8479] netlink: 'syz.0.918': attribute type 1 has an invalid length.
[  170.929579][ T8479] netlink: 224 bytes leftover after parsing attributes in process `syz.0.918'.
[  171.325933][ T8490] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check.
[  172.145489][ T8504] netlink: 'syz.3.927': attribute type 1 has an invalid length.
[  172.147483][ T8504] netlink: 224 bytes leftover after parsing attributes in process `syz.3.927'.
[  173.695717][ T8513] netlink: 'syz.0.937': attribute type 11 has an invalid length.
[  173.709903][ T8513] netlink: 'syz.0.937': attribute type 11 has an invalid length.
[  173.918123][ T8525] EXT4-fs (sda1): resizing filesystem from 262144 to 262144 blocks
[  173.977315][ T8532] netlink: 'syz.0.936': attribute type 1 has an invalid length.
[  173.979423][ T8532] netlink: 224 bytes leftover after parsing attributes in process `syz.0.936'.
[  174.162082][ T8548] netlink: 72 bytes leftover after parsing attributes in process `syz.3.942'.
[  174.243647][    T8] usb 7-1: new high-speed USB device number 19 using dummy_hcd
[  174.302290][ T8558] netlink: 12 bytes leftover after parsing attributes in process `syz.3.945'.
[  174.402414][    T8] usb 7-1: Using ep0 maxpacket: 32
[  174.405722][    T8] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  174.409127][    T8] usb 7-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  174.418656][    T8] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  174.421550][    T8] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  174.424455][    T8] usb 7-1: Product: syz
[  174.425939][    T8] usb 7-1: Manufacturer: syz
[  174.427571][    T8] usb 7-1: SerialNumber: syz
[  174.634432][    T8] usblp 7-1:1.0: usblp1: USB Unidirectional printer dev 19 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[  175.299282][ T8580] FAULT_INJECTION: forcing a failure.
[  175.299282][ T8580] name failslab, interval 1, probability 0, space 0, times 0
[  175.302957][ T8580] CPU: 1 UID: 0 PID: 8580 Comm: syz.3.952 Not tainted 6.12.0-rc2-syzkaller-00058-g75b607fab38d #0
[  175.305675][ T8580] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  175.308304][ T8580] Call Trace:
[  175.309186][ T8580]  <TASK>
[  175.310177][ T8580]  dump_stack_lvl+0x16c/0x1f0
[  175.311782][ T8580]  should_fail_ex+0x497/0x5b0
[  175.313172][ T8580]  ? fs_reclaim_acquire+0xae/0x160
[  175.314500][ T8580]  should_failslab+0xc2/0x120
[  175.315772][ T8580]  kmem_cache_alloc_node_noprof+0x71/0x310
[  175.317283][ T8580]  ? __alloc_skb+0x2b3/0x380
[  175.318494][ T8580]  __alloc_skb+0x2b3/0x380
[  175.319722][ T8580]  ? __pfx___alloc_skb+0x10/0x10
[  175.320988][ T8580]  ? lock_acquire+0x2f/0xb0
[  175.322163][ T8580]  netlink_alloc_large_skb+0x69/0x130
[  175.323617][ T8580]  netlink_sendmsg+0x689/0xd70
[  175.324810][ T8580]  ? __pfx_netlink_sendmsg+0x10/0x10
[  175.326164][ T8580]  ? lock_acquire+0x2f/0xb0
[  175.327355][ T8580]  ____sys_sendmsg+0x9ae/0xb40
[  175.328591][ T8580]  ? __pfx_____sys_sendmsg+0x10/0x10
[  175.329936][ T8580]  ? get_compat_msghdr+0x11b/0x170
[  175.331260][ T8580]  ? __pfx___lock_acquire+0x10/0x10
[  175.332610][ T8580]  ___sys_sendmsg+0x135/0x1e0
[  175.333815][ T8580]  ? __pfx____sys_sendmsg+0x10/0x10
[  175.335175][ T8580]  ? lock_acquire+0x2f/0xb0
[  175.336329][ T8580]  ? __fget_files+0x40/0x3f0
[  175.337513][ T8580]  ? fdget+0x176/0x210
[  175.338574][ T8580]  __sys_sendmsg+0x117/0x1f0
[  175.339764][ T8580]  ? __pfx___sys_sendmsg+0x10/0x10
[  175.341037][ T8580]  ? __fget_files+0x244/0x3f0
[  175.342225][ T8580]  __do_fast_syscall_32+0x73/0x120
[  175.343559][ T8580]  do_fast_syscall_32+0x32/0x80
[  175.344792][ T8580]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  175.346347][ T8580] RIP: 0023:0xf741e579
[  175.347387][ T8580] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  175.352201][ T8580] RSP: 002b:00000000f56e556c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  175.354314][ T8580] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000020000140
[  175.356319][ T8580] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  175.358330][ T8580] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  175.360342][ T8580] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  175.362346][ T8580] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  175.364351][ T8580]  </TASK>
[  175.392662][   T39] audit: type=1326 audit(1728505413.991:532): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8578 comm="syz.3.952" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf741e579 code=0x7ffc0000
[  175.398230][   T39] audit: type=1326 audit(1728505413.991:533): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8578 comm="syz.3.952" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf741e579 code=0x7ffc0000
[  175.406376][   T39] audit: type=1326 audit(1728505413.991:534): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8578 comm="syz.3.952" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf741e579 code=0x7ffc0000
[  175.413617][   T39] audit: type=1326 audit(1728505413.991:535): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8578 comm="syz.3.952" exe="/syz-executor" sig=0 arch=40000003 syscall=340 compat=1 ip=0xf741e579 code=0x7ffc0000
[  175.420774][   T39] audit: type=1326 audit(1728505413.991:536): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8578 comm="syz.3.952" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf741e579 code=0x7ffc0000
[  175.430071][   T39] audit: type=1326 audit(1728505413.991:537): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8578 comm="syz.3.952" exe="/syz-executor" sig=0 arch=40000003 syscall=156 compat=1 ip=0xf741e579 code=0x7ffc0000
[  175.438391][   T39] audit: type=1326 audit(1728505413.991:538): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8578 comm="syz.3.952" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf741e579 code=0x7ffc0000
[  175.445441][   T39] audit: type=1326 audit(1728505413.991:539): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8578 comm="syz.3.952" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf741e579 code=0x7ffc0000
[  175.452698][   T39] audit: type=1326 audit(1728505413.991:540): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8578 comm="syz.3.952" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf741e579 code=0x7ffc0000
[  175.459729][   T39] audit: type=1326 audit(1728505413.991:541): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8578 comm="syz.3.952" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf741e579 code=0x7ffc0000
[  176.127849][ T8591] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check.
[  176.165583][ T8592] netlink: 60 bytes leftover after parsing attributes in process `syz.1.955'.
[  176.667116][ T8607] 9pnet_fd: Insufficient options for proto=fd
[  176.981114][ T5382] usb 7-1: USB disconnect, device number 19
[  176.992311][ T5382] usblp1: removed
[  177.056934][ T8609] netlink: 4 bytes leftover after parsing attributes in process `syz.2.960'.
[  178.752990][    T8] usb 5-1: new full-speed USB device number 14 using dummy_hcd
[  178.905681][    T8] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  178.908501][    T8] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 2
[  178.911108][    T8] usb 5-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[  178.913597][    T8] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  178.922117][    T8] usb 5-1: config 0 descriptor??
[  178.925927][    T8] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[  178.929980][    T8] dvb-usb: bulk message failed: -22 (3/0)
[  178.945839][    T8] dvb-usb: will use the device's hardware PID filter (table count: 16).
[  178.950777][    T8] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[  178.952967][    T8] usb 5-1: media controller created
[  178.956180][    T8] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  178.962434][    T8] dvb-usb: bulk message failed: -22 (6/0)
[  178.964308][    T8] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[  178.968767][    T8] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.0/usb5/5-1/input/input39
[  178.973312][    T8] dvb-usb: schedule remote query interval to 150 msecs.
[  178.975453][    T8] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[  178.976491][ T8632] FAULT_INJECTION: forcing a failure.
[  178.976491][ T8632] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  178.981292][ T8632] CPU: 1 UID: 0 PID: 8632 Comm: syz.2.967 Not tainted 6.12.0-rc2-syzkaller-00058-g75b607fab38d #0
[  178.984012][ T8632] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  178.986757][ T8632] Call Trace:
[  178.987645][ T8632]  <TASK>
[  178.988422][ T8632]  dump_stack_lvl+0x16c/0x1f0
[  178.989654][ T8632]  should_fail_ex+0x497/0x5b0
[  178.990890][ T8632]  ? fs_reclaim_acquire+0xae/0x160
[  178.992232][ T8632]  should_fail_alloc_page+0xe7/0x130
[  178.993636][ T8632]  prepare_alloc_pages.constprop.0+0x16f/0x560
[  178.995252][ T8632]  __alloc_pages_noprof+0x190/0x25c0
[  178.996632][ T8632]  ? stack_depot_save_flags+0x31b/0x900
[  178.998073][ T8632]  ? __pfx_lock_release+0x10/0x10
[  178.999397][ T8632]  ? hlock_class+0x4e/0x130
[  179.000586][ T8632]  ? __pfx___alloc_pages_noprof+0x10/0x10
[  179.002079][ T8632]  ? __pfx___lock_acquire+0x10/0x10
[  179.003445][ T8632]  ? kasan_save_stack+0x42/0x60
[  179.004714][ T8632]  ? kasan_save_stack+0x33/0x60
[  179.005984][ T8632]  ? kasan_save_track+0x14/0x30
[  179.007269][ T8632]  ? kasan_save_free_info+0x3b/0x60
[  179.008622][ T8632]  ? __kasan_slab_free+0x51/0x70
[  179.009912][ T8632]  ? kmem_cache_free+0x152/0x4b0
[  179.011220][ T8632]  ? alloc_vmap_area+0x1f99/0x2a70
[  179.012556][ T8632]  ? __get_vm_area_node+0x17e/0x2d0
[  179.013909][ T8632]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  179.015470][ T8632]  ? policy_nodemask+0xea/0x4e0
[  179.016749][ T8632]  alloc_pages_mpol_noprof+0x2c9/0x610
[  179.018169][ T8632]  ? __pfx_alloc_pages_mpol_noprof+0x10/0x10
[  179.019735][ T8632]  ? do_raw_spin_lock+0x12d/0x2c0
[  179.021052][ T8632]  ? lock_acquire+0x2f/0xb0
[  179.022248][ T8632]  ? kasan_populate_vmalloc_pte+0xfb/0x160
[  179.023772][ T8632]  ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10
[  179.025406][ T8632]  get_free_pages_noprof+0xc/0x40
[  179.026720][ T8632]  kasan_populate_vmalloc_pte+0x2d/0x160
[  179.028183][ T8632]  ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10
[  179.029799][ T8632]  __apply_to_page_range+0x5fd/0xd30
[  179.031186][ T8632]  ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10
[  179.032812][ T8632]  ? __pfx___apply_to_page_range+0x10/0x10
[  179.034330][ T8632]  ? insert_vmap_area+0x2ef/0x4d0
[  179.035662][ T8632]  alloc_vmap_area+0x93e/0x2a70
[  179.036939][ T8632]  ? __pfx_alloc_vmap_area+0x10/0x10
[  179.038264][ T8632]  __get_vm_area_node+0x17e/0x2d0
[  179.039590][ T8632]  __vmalloc_node_range_noprof+0x26a/0x15a0
[  179.041131][ T8632]  ? __snd_dma_alloc_pages+0x50/0x90
[  179.042429][ T8632]  ? __snd_dma_alloc_pages+0x50/0x90
[  179.043803][ T8632]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  179.045445][ T8632]  ? __mutex_unlock_slowpath+0x164/0x650
[  179.046915][ T8632]  ? __pfx___mutex_lock+0x10/0x10
[  179.048237][ T8632]  ? __snd_dma_alloc_pages+0x50/0x90
[  179.049621][ T8632]  vmalloc_noprof+0x6b/0x90
[  179.050815][ T8632]  ? __snd_dma_alloc_pages+0x50/0x90
[  179.052203][ T8632]  ? __pfx_snd_dma_vmalloc_alloc+0x10/0x10
[  179.053722][ T8632]  __snd_dma_alloc_pages+0x50/0x90
[  179.055080][ T8632]  snd_dma_alloc_dir_pages+0x151/0x240
[  179.056513][ T8632]  do_alloc_pages+0x126/0x200
[  179.057746][ T8632]  snd_pcm_lib_malloc_pages+0x3df/0x980
[  179.059195][ T8632]  snd_pcm_hw_params+0x152b/0x1a30
[  179.060532][ T8632]  ? __pfx_snd_pcm_hw_params+0x10/0x10
[  179.061953][ T8632]  ? snd_pcm_hw_param_near.constprop.0+0x743/0x8f0
[  179.063645][ T8632]  ? __pfx_snd_pcm_hw_param_near.constprop.0+0x10/0x10
[  179.065411][ T8632]  ? kfree+0x14f/0x4b0
[  179.066483][ T8632]  snd_pcm_kernel_ioctl+0x147/0x2d0
[  179.067850][ T8632]  snd_pcm_oss_change_params_locked+0x1410/0x3a50
[  179.069518][ T8632]  ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10
[  179.071275][ T8632]  ? __mutex_lock+0x1a6/0x9c0
[  179.072522][ T8632]  ? snd_pcm_oss_sync+0x306/0x7f0
[  179.073839][ T8632]  ? __pfx___mutex_lock+0x10/0x10
[  179.075169][ T8632]  snd_pcm_oss_make_ready_locked+0xb7/0x130
[  179.076627][ T8632]  snd_pcm_oss_sync+0x326/0x7f0
[  179.077897][ T8632]  ? __pfx_snd_pcm_oss_release+0x10/0x10
[  179.079363][ T8632]  snd_pcm_oss_release+0x28b/0x310
[  179.080702][ T8632]  ? __pfx_snd_pcm_oss_release+0x10/0x10
[  179.082161][ T8632]  __fput+0x3f6/0xb60
[  179.083194][ T8632]  task_work_run+0x14e/0x250
[  179.084360][ T8632]  ? __pfx_task_work_run+0x10/0x10
[  179.085634][ T8632]  syscall_exit_to_user_mode+0x27b/0x2a0
[  179.087075][ T8632]  do_int80_emulation+0x111/0x200
[  179.088405][ T8632]  asm_int80_emulation+0x1a/0x20
[  179.089637][ T8632] RIP: 0023:0xf7f32579
[  179.090669][ T8632] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  179.095459][ T8632] RSP: 002b:00000000f56b656c EFLAGS: 00000296 ORIG_RAX: 0000000000000033
[  179.097545][ T8632] RAX: fffffffffffffff3 RBX: 0000000020000140 RCX: 0000000000000000
[  179.099506][ T8632] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  179.101568][ T8632] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  179.103550][ T8632] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  179.105565][ T8632] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  179.107593][ T8632]  </TASK>
[  179.117949][ T8632] syz.2.967: vmalloc error: size 2097152, vm_struct allocation failed, mode:0xcc0(GFP_KERNEL), nodemask=(null),cpuset=/,mems_allowed=0-1
[  179.121536][ T8632] CPU: 3 UID: 0 PID: 8632 Comm: syz.2.967 Not tainted 6.12.0-rc2-syzkaller-00058-g75b607fab38d #0
[  179.124165][ T8632] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  179.126838][ T8632] Call Trace:
[  179.127744][ T8632]  <TASK>
[  179.128527][ T8632]  dump_stack_lvl+0x16c/0x1f0
[  179.129771][ T8632]  warn_alloc+0x24d/0x3a0
[  179.130909][ T8632]  ? __pfx_warn_alloc+0x10/0x10
[  179.132204][ T8632]  ? kfree+0x14f/0x4b0
[  179.132327][    T8] dvb-usb: bulk message failed: -22 (1/0)
[  179.133273][ T8632]  ? __get_vm_area_node+0x1bc/0x2d0
[  179.134898][    T8] dvb-usb: error while querying for an remote control event.
[  179.136241][ T8632]  __vmalloc_node_range_noprof+0xd27/0x15a0
[  179.140112][ T8632]  ? __snd_dma_alloc_pages+0x50/0x90
[  179.141497][ T8632]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  179.143155][ T8632]  ? __mutex_unlock_slowpath+0x164/0x650
[  179.144615][ T8632]  ? __pfx___mutex_lock+0x10/0x10
[  179.145977][ T8632]  ? __snd_dma_alloc_pages+0x50/0x90
[  179.147311][ T8632]  vmalloc_noprof+0x6b/0x90
[  179.148500][ T8632]  ? __snd_dma_alloc_pages+0x50/0x90
[  179.149878][ T8632]  ? __pfx_snd_dma_vmalloc_alloc+0x10/0x10
[  179.151402][ T8632]  __snd_dma_alloc_pages+0x50/0x90
[  179.152739][ T8632]  snd_dma_alloc_dir_pages+0x151/0x240
[  179.154161][ T8632]  do_alloc_pages+0x126/0x200
[  179.155410][ T8632]  snd_pcm_lib_malloc_pages+0x3df/0x980
[  179.156849][ T8632]  snd_pcm_hw_params+0x152b/0x1a30
[  179.158131][ T8632]  ? __pfx_snd_pcm_hw_params+0x10/0x10
[  179.159549][ T8632]  ? snd_pcm_hw_param_near.constprop.0+0x743/0x8f0
[  179.161205][ T8632]  ? __pfx_snd_pcm_hw_param_near.constprop.0+0x10/0x10
[  179.162884][ T8632]  ? kfree+0x14f/0x4b0
[  179.163917][ T8632]  snd_pcm_kernel_ioctl+0x147/0x2d0
[  179.165272][ T8632]  snd_pcm_oss_change_params_locked+0x1410/0x3a50
[  179.166937][ T8632]  ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10
[  179.168706][ T8632]  ? __mutex_lock+0x1a6/0x9c0
[  179.169951][ T8632]  ? snd_pcm_oss_sync+0x306/0x7f0
[  179.171270][ T8632]  ? __pfx___mutex_lock+0x10/0x10
[  179.172584][ T8632]  snd_pcm_oss_make_ready_locked+0xb7/0x130
[  179.174115][ T8632]  snd_pcm_oss_sync+0x326/0x7f0
[  179.175400][ T8632]  ? __pfx_snd_pcm_oss_release+0x10/0x10
[  179.176852][ T8632]  snd_pcm_oss_release+0x28b/0x310
[  179.178187][ T8632]  ? __pfx_snd_pcm_oss_release+0x10/0x10
[  179.179647][ T8632]  __fput+0x3f6/0xb60
[  179.180692][ T8632]  task_work_run+0x14e/0x250
[  179.181901][ T8632]  ? __pfx_task_work_run+0x10/0x10
[  179.183450][ T8632]  syscall_exit_to_user_mode+0x27b/0x2a0
[  179.184891][ T8632]  do_int80_emulation+0x111/0x200
[  179.186159][ T8632]  asm_int80_emulation+0x1a/0x20
[  179.187418][ T8632] RIP: 0023:0xf7f32579
[  179.188610][ T8632] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  179.193578][ T8632] RSP: 002b:00000000f56b656c EFLAGS: 00000296 ORIG_RAX: 0000000000000033
[  179.195755][ T8632] RAX: fffffffffffffff3 RBX: 0000000020000140 RCX: 0000000000000000
[  179.198356][ T8632] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  179.200657][ T8632] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  179.203335][ T8632] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  179.205373][ T8632] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  179.207719][ T8632]  </TASK>
[  179.210133][ T8632] Mem-Info:
[  179.211550][ T8632] active_anon:8370 inactive_anon:3 isolated_anon:0
[  179.211550][ T8632]  active_file:16596 inactive_file:29563 isolated_file:0
[  179.211550][ T8632]  unevictable:1792 dirty:420 writeback:0
[  179.211550][ T8632]  slab_reclaimable:4849 slab_unreclaimable:58023
[  179.211550][ T8632]  mapped:21122 shmem:4833 pagetables:907
[  179.211550][ T8632]  sec_pagetables:318 bounce:0
[  179.211550][ T8632]  kernel_misc_reclaimable:0
[  179.211550][ T8632]  free:57767 free_pcp:1828 free_cma:0
[  179.224017][ T8632] Node 0 active_anon:0kB inactive_anon:0kB active_file:12kB inactive_file:8kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:6740kB dirty:16kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:9768kB pagetables:1544kB sec_pagetables:1224kB all_unreclaimable? no
[  179.231927][ T8632] Node 1 active_anon:33480kB inactive_anon:12kB active_file:66372kB inactive_file:118244kB unevictable:5632kB isolated(anon):0kB isolated(file):0kB mapped:77748kB dirty:1664kB writeback:0kB shmem:17796kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:2584kB pagetables:2084kB sec_pagetables:48kB all_unreclaimable? no
[  179.240765][ T8632] Node 0 DMA free:924kB boost:0kB min:760kB low:948kB high:1136kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:4kB inactive_file:0kB unevictable:0kB writepending:4kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:132kB local_pcp:4kB free_cma:0kB
[  179.250154][ T8632] lowmem_reserve[]: 0 273 0 0 0
[  179.251544][ T8632] Node 0 DMA32 free:19320kB boost:0kB min:13904kB low:17380kB high:20856kB reserved_highatomic:4096KB active_anon:0kB inactive_anon:0kB active_file:8kB inactive_file:8kB unevictable:1536kB writepending:12kB present:1032196kB managed:306280kB mlocked:0kB bounce:0kB free_pcp:2532kB local_pcp:32kB free_cma:0kB
[  179.259089][ T8623] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  179.264620][ T8632] lowmem_reserve[]: 0 0 0 0 0
[  179.265998][ T8632] Node 1 DMA32 free:210568kB boost:0kB min:47144kB low:58928kB high:70712kB reserved_highatomic:0KB active_anon:33480kB inactive_anon:12kB active_file:66372kB inactive_file:118244kB unevictable:5632kB writepending:1664kB present:1048432kB managed:948252kB mlocked:0kB bounce:0kB free_pcp:4860kB local_pcp:972kB free_cma:0kB
[  179.274031][ T8632] lowmem_reserve[]: 0 0 0 0 0
[  179.275609][ T8623] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  179.278959][ T8632] Node 0 DMA: 1*4kB (U) 1*8kB (U) 1*16kB (U) 28*32kB (U) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 924kB
[  179.283734][ T8632] Node 0 DMA32: 124*4kB (UMEH) 88*8kB (UMEH) 46*16kB (UMEH) 57*32kB (UMEH) 50*64kB (UMEH) 23*128kB (UME) 3*256kB (M) 10*512kB (UMH) 4*1024kB (UM) 0*2048kB 0*4096kB = 19888kB
[  179.290698][ T8632] Node 1 DMA32: 184*4kB (UME) 344*8kB (UME) 299*16kB (UME) 209*32kB (UM) 88*64kB (UME) 51*128kB (UME) 35*256kB (UM) 37*512kB (UME) 15*1024kB (UME) 19*2048kB (UME) 25*4096kB (UM) = 211696kB
[  179.292369][    T8] dvb-usb: bulk message failed: -22 (1/0)
[  179.297187][ T8632] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  179.298232][    T8] dvb-usb: error while querying for an remote control event.
[  179.301276][ T8632] Node 0 hugepages_total=2 hugepages_free=1 hugepages_surp=0 hugepages_size=2048kB
[  179.301296][ T8632] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  179.309868][ T8632] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  179.310277][    T8] usb 5-1: USB disconnect, device number 14
[  179.319091][ T8632] 51819 total pagecache pages
[  179.324594][    T8] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[  179.328091][ T8632] 827 pages in swap cache
[  179.329471][ T8632] Free swap  = 113068kB
[  179.330577][ T8632] Total swap = 124996kB
[  179.331680][ T8632] 524155 pages RAM
[  179.341078][ T8632] 0 pages HighMem/MovableOnly
[  179.342555][ T8632] 206682 pages reserved
[  179.343723][ T8632] 0 pages cma reserved
[  179.515504][ T8641] EXT4-fs warning (device sda1): ext4_resize_fs:2019: can't read last block, resize aborted
[  179.881875][ T8656] sp0: Synchronizing with TNC
[  179.888685][ T8656] netlink: 'syz.0.974': attribute type 11 has an invalid length.
[  179.896939][ T8655] [U] è
[  180.278161][ T8669] netlink: 28 bytes leftover after parsing attributes in process `syz.3.978'.
[  180.445193][ T8672] No control pipe specified
[  180.699788][ T8674] FAULT_INJECTION: forcing a failure.
[  180.699788][ T8674] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  180.704286][ T8674] CPU: 0 UID: 0 PID: 8674 Comm: syz.1.980 Not tainted 6.12.0-rc2-syzkaller-00058-g75b607fab38d #0
[  180.707062][ T8674] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  180.709735][ T8674] Call Trace:
[  180.710544][ T8674]  <TASK>
[  180.711308][ T8674]  dump_stack_lvl+0x16c/0x1f0
[  180.712542][ T8674]  should_fail_ex+0x497/0x5b0
[  180.713765][ T8674]  ? fs_reclaim_acquire+0xae/0x160
[  180.715075][ T8674]  should_fail_alloc_page+0xe7/0x130
[  180.716429][ T8674]  prepare_alloc_pages.constprop.0+0x16f/0x560
[  180.717987][ T8674]  ? __pfx_mark_lock+0x10/0x10
[  180.719228][ T8674]  __alloc_pages_noprof+0x190/0x25c0
[  180.720578][ T8674]  ? mark_lock+0xb5/0xc60
[  180.721695][ T8674]  ? __pfx_mark_lock+0x10/0x10
[  180.722905][ T8674]  ? lock_acquire.part.0+0x11b/0x380
[  180.724226][ T8674]  ? __pfx___alloc_pages_noprof+0x10/0x10
[  180.725688][ T8674]  ? hlock_class+0x4e/0x130
[  180.726845][ T8674]  ? __lock_acquire+0xbdd/0x3ce0
[  180.728097][ T8674]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  180.729585][ T8674]  ? policy_nodemask+0xea/0x4e0
[  180.730858][ T8674]  alloc_pages_mpol_noprof+0x2c9/0x610
[  180.732250][ T8674]  ? __pfx_alloc_pages_mpol_noprof+0x10/0x10
[  180.733748][ T8674]  ? find_held_lock+0x2d/0x110
[  180.734953][ T8674]  folio_alloc_mpol_noprof+0x36/0xd0
[  180.736293][ T8674]  shmem_alloc_folio+0x135/0x160
[  180.737548][ T8674]  shmem_alloc_and_add_folio+0x48b/0xc00
[  180.738936][ T8674]  ? __pfx_shmem_alloc_and_add_folio+0x10/0x10
[  180.740488][ T8674]  ? shmem_allowable_huge_orders+0x208/0x440
[  180.741987][ T8674]  shmem_get_folio_gfp+0x689/0x1530
[  180.743295][ T8674]  ? __pfx_shmem_get_folio_gfp+0x10/0x10
[  180.744678][ T8674]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  180.746011][ T8674]  ? __pfx___might_resched+0x10/0x10
[  180.747334][ T8674]  shmem_fallocate+0x7c0/0xfb0
[  180.748477][ T8674]  ? __pfx_shmem_fallocate+0x10/0x10
[  180.749735][ T8674]  ? __pfx___lock_acquire+0x10/0x10
[  180.751018][ T8674]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  180.752454][ T8674]  ? rcu_is_watching+0x12/0xc0
[  180.753612][ T8674]  ? trace_lock_acquire+0x14a/0x1d0
[  180.754915][ T8674]  ? compat_ioctl_preallocate+0x1b0/0x220
[  180.756315][ T8674]  ? __pfx_shmem_fallocate+0x10/0x10
[  180.757590][ T8674]  vfs_fallocate+0x459/0xf90
[  180.758748][ T8674]  compat_ioctl_preallocate+0x1b0/0x220
[  180.760136][ T8674]  ? __pfx_compat_ioctl_preallocate+0x10/0x10
[  180.761663][ T8674]  __do_compat_sys_ioctl+0x1b7/0x2b0
[  180.762976][ T8674]  __do_fast_syscall_32+0x73/0x120
[  180.764275][ T8674]  do_fast_syscall_32+0x32/0x80
[  180.765498][ T8674]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  180.767073][ T8674] RIP: 0023:0xf7f71579
[  180.768114][ T8674] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  180.772876][ T8674] RSP: 002b:00000000f56f656c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  180.774967][ T8674] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000402c5828
[  180.776932][ T8674] RDX: 00000000200000c0 RSI: 0000000000000000 RDI: 0000000000000000
[  180.778834][ T8674] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  180.780783][ T8674] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  180.782692][ T8674] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  180.784778][ T8674]  </TASK>
[  181.092672][    T9] usb 5-1: new high-speed USB device number 15 using dummy_hcd
[  181.252467][    T9] usb 5-1: Using ep0 maxpacket: 8
[  181.257243][    T9] usb 5-1: New USB device found, idVendor=05d1, idProduct=9003, bcdDevice= 2.00
[  181.265817][    T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  181.271736][    T9] usb 5-1: Product: syz
[  181.273927][    T9] usb 5-1: Manufacturer: syz
[  181.275198][    T9] usb 5-1: SerialNumber: syz
[  181.279169][    T9] usb 5-1: config 0 descriptor??
[  181.283175][    T9] ftdi_sio 5-1:0.0: FTDI USB Serial Device converter detected
[  181.287500][    T9] usb 5-1: Detected FT232A
[  181.291939][    T9] usb 5-1: FTDI USB Serial Device converter now attached to ttyUSB0
[  181.510403][    T9] usb 5-1: USB disconnect, device number 15
[  181.515571][    T9] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[  181.520186][    T9] ftdi_sio 5-1:0.0: device disconnected
[  181.713391][ T8700] netlink: 'syz.2.989': attribute type 1 has an invalid length.
[  181.715470][ T8700] netlink: 224 bytes leftover after parsing attributes in process `syz.2.989'.
[  181.802249][ T8700] netlink: 96 bytes leftover after parsing attributes in process `syz.2.989'.
[  182.134371][ T8714] EXT4-fs warning (device sda1): ext4_resize_fs:2019: can't read last block, resize aborted
[  182.318249][ T8721] FAULT_INJECTION: forcing a failure.
[  182.318249][ T8721] name failslab, interval 1, probability 0, space 0, times 0
[  182.323493][ T8721] CPU: 0 UID: 0 PID: 8721 Comm: syz.3.993 Not tainted 6.12.0-rc2-syzkaller-00058-g75b607fab38d #0
[  182.326196][ T8721] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  182.328934][ T8721] Call Trace:
[  182.329793][ T8721]  <TASK>
[  182.330554][ T8721]  dump_stack_lvl+0x16c/0x1f0
[  182.331801][ T8721]  should_fail_ex+0x497/0x5b0
[  182.333051][ T8721]  ? fs_reclaim_acquire+0xae/0x160
[  182.334378][ T8721]  should_failslab+0xc2/0x120
[  182.335635][ T8721]  __kmalloc_cache_noprof+0x6b/0x310
[  182.337017][ T8721]  ? flow_indr_dev_setup_offload+0x27a/0x890
[  182.338568][ T8721]  ? __pfx_tc_block_indr_cleanup+0x10/0x10
[  182.340084][ T8721]  flow_indr_dev_setup_offload+0x27a/0x890
[  182.341586][ T8721]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  182.343045][ T8721]  tcf_block_offload_cmd.isra.0+0x2c9/0x310
[  182.344586][ T8721]  ? __pfx_tcf_block_offload_cmd.isra.0+0x10/0x10
[  182.346349][ T8721]  ? lock_acquire+0x2f/0xb0
[  182.347491][ T8721]  ? tcf_block_get_ext+0x6f8/0x17e0
[  182.348885][ T8721]  ? __pfx_down_write+0x10/0x10
[  182.350136][ T8721]  tcf_block_get_ext+0x7da/0x17e0
[  182.351432][ T8721]  clsact_init+0x209/0xbb0
[  182.352578][ T8721]  ? __pfx_clsact_init+0x10/0x10
[  182.353837][ T8721]  ? __pfx_clsact_egress_block_set+0x10/0x10
[  182.355389][ T8721]  qdisc_create+0x4f1/0x1100
[  182.356600][ T8721]  ? __pfx_qdisc_create+0x10/0x10
[  182.357879][ T8721]  tc_modify_qdisc+0xd55/0x1c40
[  182.359137][ T8721]  ? __pfx_tc_modify_qdisc+0x10/0x10
[  182.360510][ T8721]  ? __mutex_lock+0x1a6/0x9c0
[  182.361745][ T8721]  ? __pfx_tc_modify_qdisc+0x10/0x10
[  182.363121][ T8721]  rtnetlink_rcv_msg+0x3c7/0xea0
[  182.364382][ T8721]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  182.365761][ T8721]  ? __pv_queued_spin_lock_slowpath+0x28a/0xc90
[  182.367358][ T8721]  ? __pfx___pv_queued_spin_lock_slowpath+0x10/0x10
[  182.369034][ T8721]  netlink_rcv_skb+0x165/0x410
[  182.370260][ T8721]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  182.371656][ T8721]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  182.373015][ T8721]  ? rcu_is_watching+0x12/0xc0
[  182.374242][ T8721]  netlink_unicast+0x53c/0x7f0
[  182.375478][ T8721]  ? __pfx_netlink_unicast+0x10/0x10
[  182.376816][ T8721]  ? __phys_addr_symbol+0x30/0x80
[  182.378102][ T8721]  ? __check_object_size+0x488/0x710
[  182.379445][ T8721]  netlink_sendmsg+0x8b8/0xd70
[  182.380669][ T8721]  ? __pfx_netlink_sendmsg+0x10/0x10
[  182.382018][ T8721]  ? lock_acquire+0x2f/0xb0
[  182.383187][ T8721]  ____sys_sendmsg+0x9ae/0xb40
[  182.384404][ T8721]  ? __pfx_____sys_sendmsg+0x10/0x10
[  182.385687][ T8721]  ? get_compat_msghdr+0x11b/0x170
[  182.386996][ T8721]  ? __pfx___lock_acquire+0x10/0x10
[  182.388330][ T8721]  ___sys_sendmsg+0x135/0x1e0
[  182.389561][ T8721]  ? __pfx____sys_sendmsg+0x10/0x10
[  182.390908][ T8721]  ? lock_acquire+0x2f/0xb0
[  182.392089][ T8721]  ? __fget_files+0x40/0x3f0
[  182.393284][ T8721]  ? fdget+0x176/0x210
[  182.394322][ T8721]  __sys_sendmsg+0x117/0x1f0
[  182.395528][ T8721]  ? __pfx___sys_sendmsg+0x10/0x10
[  182.396849][ T8721]  ? __fget_files+0x244/0x3f0
[  182.398082][ T8721]  __do_fast_syscall_32+0x73/0x120
[  182.399392][ T8721]  do_fast_syscall_32+0x32/0x80
[  182.400630][ T8721]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  182.402244][ T8721] RIP: 0023:0xf741e579
[  182.403271][ T8721] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  182.408151][ T8721] RSP: 002b:00000000f56e556c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  182.410267][ T8721] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 00000000200012c0
[  182.412276][ T8721] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  182.414263][ T8721] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  182.416285][ T8721] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  182.418267][ T8721] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  182.420260][ T8721]  </TASK>
[  182.865239][ T8727] binder_alloc: 8726: binder_alloc_buf size -168 failed, no address space
[  182.867442][ T8727] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288)
[  183.123214][ T8733] Bluetooth: MGMT ver 1.23
[  183.289980][ T8743] overlayfs: failed to resolve './file0': -2
[  183.416140][ T8744] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  183.462537][ T8741] vcan1: entered promiscuous mode
[  183.463895][ T8741] vcan1: entered allmulticast mode
[  183.465178][ T8741] team0: Device vcan1 is of different type
[  183.649160][ T8754] IPVS: rr: TCP 172.20.20.170:0 - no destination available
[  183.992489][   T30] usb 8-1: new high-speed USB device number 9 using dummy_hcd
[  184.152206][   T30] usb 8-1: Using ep0 maxpacket: 8
[  184.156522][   T30] usb 8-1: config index 0 descriptor too short (expected 301, got 45)
[  184.158651][   T30] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  184.161502][   T30] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  184.164035][   T30] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  184.166784][   T30] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  184.170120][   T30] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  184.172871][   T30] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  184.228602][   T39] kauditd_printk_skb: 7 callbacks suppressed
[  184.228646][   T39] audit: type=1326 audit(1728505422.831:549): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8761 comm="syz.1.1006" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f71579 code=0x7ffc0000
[  184.237879][   T39] audit: type=1326 audit(1728505422.841:550): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8761 comm="syz.1.1006" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f71579 code=0x7ffc0000
[  184.243463][   T39] audit: type=1326 audit(1728505422.841:551): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8761 comm="syz.1.1006" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7f71579 code=0x7ffc0000
[  184.251786][   T39] audit: type=1326 audit(1728505422.841:552): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8761 comm="syz.1.1006" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f71579 code=0x7ffc0000
[  184.261214][   T39] audit: type=1326 audit(1728505422.841:553): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8761 comm="syz.1.1006" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f71579 code=0x7ffc0000
[  184.267321][   T39] audit: type=1326 audit(1728505422.851:554): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8761 comm="syz.1.1006" exe="/syz-executor" sig=0 arch=40000003 syscall=340 compat=1 ip=0xf7f71579 code=0x7ffc0000
[  184.273184][   T39] audit: type=1326 audit(1728505422.851:555): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8761 comm="syz.1.1006" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f71579 code=0x7ffc0000
[  184.278922][   T39] audit: type=1326 audit(1728505422.851:556): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8761 comm="syz.1.1006" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f71579 code=0x7ffc0000
[  184.289374][   T39] audit: type=1326 audit(1728505422.851:557): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8761 comm="syz.1.1006" exe="/syz-executor" sig=0 arch=40000003 syscall=156 compat=1 ip=0xf7f71579 code=0x7ffc0000
[  184.295376][   T39] audit: type=1326 audit(1728505422.851:558): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8761 comm="syz.1.1006" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f71579 code=0x7ffc0000
[  184.380392][   T30] usb 8-1: usb_control_msg returned -32
[  184.383501][   T30] usbtmc 8-1:16.0: can't read capabilities
[  184.497720][ T8766] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1007'.
[  184.508100][ T8766] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1007'.
[  184.567587][ T8766] syz.0.1007 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  184.646509][ T8771] netlink: 'syz.0.1008': attribute type 1 has an invalid length.
[  184.648828][ T8771] netlink: 224 bytes leftover after parsing attributes in process `syz.0.1008'.
[  185.604897][ T8780] netlink: 'syz.1.1010': attribute type 1 has an invalid length.
[  185.607557][ T8780] netlink: 636 bytes leftover after parsing attributes in process `syz.1.1010'.
[  185.612538][ T8780] mmap: syz.1.1010 (8780) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  185.837867][ T8782] x_tables: ip6_tables: mh match: only valid for protocol 135
[  185.878827][ T8789] binder: 8788:8789 ioctl c0306201 20000680 returned -14
[  186.095112][ T8796] netlink: 'syz.0.1017': attribute type 1 has an invalid length.
[  186.097104][ T8796] netlink: 224 bytes leftover after parsing attributes in process `syz.0.1017'.
[  186.369233][ T8816] team0: entered promiscuous mode
[  186.370648][ T8816] team_slave_0: entered promiscuous mode
[  186.372729][ T8816] team_slave_1: entered promiscuous mode
[  186.374458][ T8816] netdevsim netdevsim0 : entered promiscuous mode
[  186.457318][ T8824] netlink: 'syz.1.1026': attribute type 1 has an invalid length.
[  186.459500][ T8824] netlink: 224 bytes leftover after parsing attributes in process `syz.1.1026'.
[  186.475510][ T8824] netlink: 88 bytes leftover after parsing attributes in process `syz.1.1026'.
[  186.491790][ T8826] FAULT_INJECTION: forcing a failure.
[  186.491790][ T8826] name failslab, interval 1, probability 0, space 0, times 0
[  186.495541][ T8826] CPU: 0 UID: 0 PID: 8826 Comm: syz.2.1027 Not tainted 6.12.0-rc2-syzkaller-00058-g75b607fab38d #0
[  186.498370][ T8826] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  186.501206][ T8826] Call Trace:
[  186.502103][ T8826]  <TASK>
[  186.502935][ T8826]  dump_stack_lvl+0x16c/0x1f0
[  186.504237][ T8826]  should_fail_ex+0x497/0x5b0
[  186.505504][ T8826]  ? fs_reclaim_acquire+0xae/0x160
[  186.506875][ T8826]  should_failslab+0xc2/0x120
[  186.508187][ T8826]  kmem_cache_alloc_noprof+0x6e/0x2f0
[  186.509626][ T8826]  ? vm_area_dup+0x21/0x300
[  186.510842][ T8826]  vm_area_dup+0x21/0x300
[  186.512005][ T8826]  copy_mm+0xe5a/0x2550
[  186.513122][ T8826]  ? __pfx_copy_mm+0x10/0x10
[  186.514353][ T8826]  ? copy_process+0x3c7d/0x6ee0
[  186.515688][ T8826]  ? __raw_spin_lock_init+0x3a/0x110
[  186.517095][ T8826]  copy_process+0x3e43/0x6ee0
[  186.518389][ T8826]  ? __pfx_copy_process+0x10/0x10
[  186.519735][ T8826]  ? find_held_lock+0x2d/0x110
[  186.521015][ T8826]  kernel_clone+0xfd/0x960
[  186.522207][ T8826]  ? __pfx_kernel_clone+0x10/0x10
[  186.523560][ T8826]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  186.525135][ T8826]  __do_compat_sys_ia32_clone+0xb7/0x100
[  186.526580][ T8826]  ? __pfx___do_compat_sys_ia32_clone+0x10/0x10
[  186.528210][ T8826]  __do_fast_syscall_32+0x73/0x120
[  186.529527][ T8826]  do_fast_syscall_32+0x32/0x80
[  186.530820][ T8826]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  186.532627][ T8826] RIP: 0023:0xf7f32579
[  186.533948][ T8826] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  186.539013][ T8826] RSP: 002b:00000000f56b651c EFLAGS: 00000246 ORIG_RAX: 0000000000000078
[  186.541202][ T8826] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000000000
[  186.543282][ T8826] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  186.545410][ T8826] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  186.547503][ T8826] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  186.549736][ T8826] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  186.551845][ T8826]  </TASK>
[  186.552746][    C0] vkms_vblank_simulate: vblank timer overrun
[  186.596488][ T8832] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1029'.
[  186.613480][ T8832] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1029'.
[  186.753838][ T8814] team0: left promiscuous mode
[  186.755541][ T8814] team_slave_0: left promiscuous mode
[  186.759005][ T8814] team_slave_1: left promiscuous mode
[  186.762038][ T8814] netdevsim netdevsim0 : left promiscuous mode
[  186.789857][ T8842] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  186.792778][ T8842] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  186.952788][ T1422] usb 8-1: USB disconnect, device number 9
[  186.981241][ T8856] netlink: 'syz.2.1037': attribute type 1 has an invalid length.
[  186.984349][ T8856] netlink: 224 bytes leftover after parsing attributes in process `syz.2.1037'.
[  187.039184][ T8860] netlink: 'syz.0.1039': attribute type 10 has an invalid length.
[  187.041893][ T8856] netlink: 88 bytes leftover after parsing attributes in process `syz.2.1037'.
[  187.066889][ T8867] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  187.071080][ T8867] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  187.099976][ T8873] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1042'.
[  187.200404][ T8883] 
[  187.201092][ T8883] ======================================================
[  187.202905][ T8883] WARNING: possible circular locking dependency detected
[  187.204720][ T8883] 6.12.0-rc2-syzkaller-00058-g75b607fab38d #0 Not tainted
[  187.206792][ T8883] ------------------------------------------------------
[  187.209692][ T8883] syz.2.1044/8883 is trying to acquire lock:
[  187.211255][ T8883] ffffffff8fd521e8 (rfcomm_mutex){+.+.}-{3:3}, at: rfcomm_dlc_exists+0x5f/0x1a0
[  187.213639][ T8883] 
[  187.213639][ T8883] but task is already holding lock:
[  187.215563][ T8883] ffffffff8fd571a8 (rfcomm_ioctl_mutex){+.+.}-{3:3}, at: rfcomm_dev_ioctl+0x9db/0x1e70
[  187.218067][ T8883] 
[  187.218067][ T8883] which lock already depends on the new lock.
[  187.218067][ T8883] 
[  187.220741][ T8883] 
[  187.220741][ T8883] the existing dependency chain (in reverse order) is:
[  187.223084][ T8883] 
[  187.223084][ T8883] -> #3 (rfcomm_ioctl_mutex){+.+.}-{3:3}:
[  187.225137][ T8883]        __mutex_lock+0x175/0x9c0
[  187.226469][ T8883]        rfcomm_dev_ioctl+0x9db/0x1e70
[  187.227913][ T8883]        rfcomm_sock_compat_ioctl+0xba/0xe0
[  187.229502][ T8883]        compat_sock_ioctl+0x17b/0x7e0
[  187.230933][ T8883]        __do_compat_sys_ioctl+0x259/0x2b0
[  187.232508][ T8883]        __do_fast_syscall_32+0x73/0x120
[  187.234068][ T8883]        do_fast_syscall_32+0x32/0x80
[  187.235503][ T8883]        entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  187.237276][ T8883] 
[  187.237276][ T8883] -> #2 (sk_lock-AF_BLUETOOTH-BTPROTO_RFCOMM){+.+.}-{0:0}:
[  187.239705][ T8883]        lock_sock_nested+0x3a/0xf0
[  187.241077][ T8883]        rfcomm_sk_state_change+0x6d/0x3b0
[  187.242602][ T8883]        __rfcomm_dlc_close+0x28c/0x700
[  187.244055][ T8883]        rfcomm_dlc_close+0x1eb/0x240
[  187.245452][ T8883]        __rfcomm_sock_close+0xa7/0x230
[  187.246892][ T8883]        rfcomm_sock_shutdown+0xd5/0x230
[  187.248375][ T8883]        rfcomm_sock_release+0x5d/0x140
[  187.249864][ T8883]        __sock_release+0xb0/0x270
[  187.251209][ T8883]        sock_close+0x1c/0x30
[  187.252464][ T8883]        __fput+0x3f6/0xb60
[  187.253648][ T8883]        task_work_run+0x14e/0x250
[  187.254998][ T8883]        get_signal+0x1d3/0x26d0
[  187.256306][ T8883]        arch_do_signal_or_restart+0x90/0x7e0
[  187.257893][ T8883]        syscall_exit_to_user_mode+0x150/0x2a0
[  187.259497][ T8883]        __do_fast_syscall_32+0x80/0x120
[  187.260945][ T8883]        do_fast_syscall_32+0x32/0x80
[  187.262331][ T8883]        entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  187.264085][ T8883] 
[  187.264085][ T8883] -> #1 (&d->lock){+.+.}-{3:3}:
[  187.265888][ T8883]        __mutex_lock+0x175/0x9c0
[  187.267203][ T8883]        __rfcomm_dlc_close+0x235/0x700
[  187.268642][ T8883]        rfcomm_dlc_close+0x1eb/0x240
[  187.270272][ T8883]        __rfcomm_sock_close+0xa7/0x230
[  187.271766][ T8883]        rfcomm_sock_shutdown+0xd5/0x230
[  187.273212][ T8883]        rfcomm_sock_release+0x5d/0x140
[  187.274632][ T8883]        __sock_release+0xb0/0x270
[  187.275968][ T8883]        sock_close+0x1c/0x30
[  187.277178][ T8883]        __fput+0x3f6/0xb60
[  187.278352][ T8883]        task_work_run+0x14e/0x250
[  187.279685][ T8883]        get_signal+0x1d3/0x26d0
[  187.280975][ T8883]        arch_do_signal_or_restart+0x90/0x7e0
[  187.282542][ T8883]        syscall_exit_to_user_mode+0x150/0x2a0
[  187.284133][ T8883]        __do_fast_syscall_32+0x80/0x120
[  187.285571][ T8883]        do_fast_syscall_32+0x32/0x80
[  187.287006][ T8883]        entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  187.288780][ T8883] 
[  187.288780][ T8883] -> #0 (rfcomm_mutex){+.+.}-{3:3}:
[  187.290710][ T8883]        __lock_acquire+0x250b/0x3ce0
[  187.292120][ T8883]        lock_acquire.part.0+0x11b/0x380
[  187.293567][ T8883]        __mutex_lock+0x175/0x9c0
[  187.294886][ T8883]        rfcomm_dlc_exists+0x5f/0x1a0
[  187.296302][ T8883]        rfcomm_dev_ioctl+0xabc/0x1e70
[  187.297717][ T8883]        rfcomm_sock_compat_ioctl+0xba/0xe0
[  187.299269][ T8883]        compat_sock_ioctl+0x17b/0x7e0
[  187.300686][ T8883]        __do_compat_sys_ioctl+0x259/0x2b0
[  187.302207][ T8883]        __do_fast_syscall_32+0x73/0x120
[  187.303682][ T8883]        do_fast_syscall_32+0x32/0x80
[  187.305087][ T8883]        entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  187.306857][ T8883] 
[  187.306857][ T8883] other info that might help us debug this:
[  187.306857][ T8883] 
[  187.309549][ T8883] Chain exists of:
[  187.309549][ T8883]   rfcomm_mutex --> sk_lock-AF_BLUETOOTH-BTPROTO_RFCOMM --> rfcomm_ioctl_mutex
[  187.309549][ T8883] 
[  187.313534][ T8883]  Possible unsafe locking scenario:
[  187.313534][ T8883] 
[  187.315445][ T8883]        CPU0                    CPU1
[  187.316811][ T8883]        ----                    ----
[  187.318181][ T8883]   lock(rfcomm_ioctl_mutex);
[  187.319399][ T8883]                                lock(sk_lock-AF_BLUETOOTH-BTPROTO_RFCOMM);
[  187.321595][ T8883]                                lock(rfcomm_ioctl_mutex);
[  187.323441][ T8883]   lock(rfcomm_mutex);
[  187.324511][ T8883] 
[  187.324511][ T8883]  *** DEADLOCK ***
[  187.324511][ T8883] 
[  187.326561][ T8883] 2 locks held by syz.2.1044/8883:
[  187.327874][ T8883]  #0: ffff88802508a258 (sk_lock-AF_BLUETOOTH-BTPROTO_RFCOMM){+.+.}-{0:0}, at: rfcomm_sock_compat_ioctl+0xac/0xe0
[  187.330937][ T8883]  #1: ffffffff8fd571a8 (rfcomm_ioctl_mutex){+.+.}-{3:3}, at: rfcomm_dev_ioctl+0x9db/0x1e70
[  187.333519][ T8883] 
[  187.333519][ T8883] stack backtrace:
[  187.335059][ T8883] CPU: 1 UID: 0 PID: 8883 Comm: syz.2.1044 Not tainted 6.12.0-rc2-syzkaller-00058-g75b607fab38d #0
[  187.337786][ T8883] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  187.340566][ T8883] Call Trace:
[  187.341442][ T8883]  <TASK>
[  187.342221][ T8883]  dump_stack_lvl+0x116/0x1f0
[  187.343468][ T8883]  print_circular_bug+0x419/0x5d0
[  187.344796][ T8883]  check_noncircular+0x31a/0x400
[  187.346096][ T8883]  ? __pfx_check_noncircular+0x10/0x10
[  187.347522][ T8883]  ? __kernel_text_address+0xd/0x40
[  187.348876][ T8883]  ? lockdep_lock+0xc6/0x200
[  187.350087][ T8883]  ? __pfx_lockdep_lock+0x10/0x10
[  187.351404][ T8883]  __lock_acquire+0x250b/0x3ce0
[  187.352684][ T8883]  ? __pfx___lock_acquire+0x10/0x10
[  187.354147][ T8883]  ? add_lock_to_list+0x17d/0x390
[  187.355516][ T8883]  lock_acquire.part.0+0x11b/0x380
[  187.356875][ T8883]  ? rfcomm_dlc_exists+0x5f/0x1a0
[  187.358212][ T8883]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  187.359707][ T8883]  ? rcu_is_watching+0x12/0xc0
[  187.360970][ T8883]  ? trace_lock_acquire+0x14a/0x1d0
[  187.362342][ T8883]  ? rfcomm_dlc_exists+0x5f/0x1a0
[  187.363680][ T8883]  ? lock_acquire+0x2f/0xb0
[  187.364892][ T8883]  ? rfcomm_dlc_exists+0x5f/0x1a0
[  187.366228][ T8883]  __mutex_lock+0x175/0x9c0
[  187.367438][ T8883]  ? rfcomm_dlc_exists+0x5f/0x1a0
[  187.368733][ T8883]  ? find_held_lock+0x2d/0x110
[  187.369997][ T8883]  ? rfcomm_dlc_exists+0x5f/0x1a0
[  187.371340][ T8883]  ? __pfx___mutex_lock+0x10/0x10
[  187.372665][ T8883]  ? __pfx_lock_release+0x10/0x10
[  187.373995][ T8883]  ? trace_lock_acquire+0x14a/0x1d0
[  187.375381][ T8883]  ? apparmor_capable+0x114/0x1d0
[  187.376716][ T8883]  ? rfcomm_dlc_exists+0x5f/0x1a0
[  187.378038][ T8883]  rfcomm_dlc_exists+0x5f/0x1a0
[  187.379335][ T8883]  rfcomm_dev_ioctl+0xabc/0x1e70
[  187.380701][ T8883]  ? irqentry_exit+0x3b/0x90
[  187.381919][ T8883]  ? __pfx_rfcomm_dev_ioctl+0x10/0x10
[  187.383335][ T8883]  rfcomm_sock_compat_ioctl+0xba/0xe0
[  187.384735][ T8883]  compat_sock_ioctl+0x17b/0x7e0
[  187.386044][ T8883]  ? __pfx_rfcomm_sock_compat_ioctl+0x10/0x10
[  187.387644][ T8883]  ? __pfx_compat_sock_ioctl+0x10/0x10
[  187.389073][ T8883]  ? __fget_files+0x244/0x3f0
[  187.390372][ T8883]  ? __pfx_compat_sock_ioctl+0x10/0x10
[  187.391798][ T8883]  __do_compat_sys_ioctl+0x259/0x2b0
[  187.393181][ T8883]  __do_fast_syscall_32+0x73/0x120
[  187.394524][ T8883]  do_fast_syscall_32+0x32/0x80
[  187.395824][ T8883]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  187.397481][ T8883] RIP: 0023:0xf7f32579
[  187.398550][ T8883] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  187.403286][ T8883] RSP: 002b:00000000f569556c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  187.405427][ T8883] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000400452c8
[  187.407492][ T8883] RDX: 0000000020000100 RSI: 0000000000000000 RDI: 0000000000000000
[  187.409595][ T8883] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  187.411661][ T8883] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  187.413713][ T8883] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  187.415795][ T8883]  </TASK>
[  187.431939][ T8883] binder: 8878:8883 ioctl c00c6211 0 returned -14
[  193.563175][ T1374] ieee802154 phy1 wpan1: encryption failed: -22

VM DIAGNOSIS:
20:23:45  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000ba7944 RBX=0000000000000000 RCX=ffffffff8b131a39 RDX=ffffed1005687026
RSI=ffffffff8bb12360 RDI=ffffffff816418fc RBP=fffffbfff1b52af8 RSP=ffffffff8da07e20
R8 =0000000000000000 R9 =ffffed1005687025 R10=ffff88802b43812b R11=0000000000000001
R12=0000000000000000 R13=ffffffff8da957c0 R14=ffffffff901cd248 R15=0000000000000000
RIP=ffffffff8b132e1f RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88802b400000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000ffeff220 CR3=000000005d730000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=000000000000002d RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff850374c5 RDI=ffffffff9a63a220 RBP=ffffffff9a63a1e0 RSP=ffffc9002e4bf278
R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=2d2d2d2d2d2d2d2d
R12=0000000000000000 R13=000000000000002d R14=ffffffff85037460 R15=0000000000000000
RIP=ffffffff850374ef RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff88802b500000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=000000000c3a2bd3 CR3=000000006bc4a000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 2

CPU#2
RAX=0000000000000000 RBX=ffffc9000331f538 RCX=ffffffff848f04c4 RDX=ffff888024850000
RSI=ffffffff848f0606 RDI=0000000000000001 RBP=0000000000000004 RSP=ffffc9000331f320
R8 =0000000000000001 R9 =0000000000000008 R10=0000000000000004 R11=00000000000a2012
R12=0000000000000004 R13=0000000000000004 R14=0000000000000584 R15=0000000000000588
RIP=ffffffff818cb901 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0000 0000000000000000 ffffffff 00c00000
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007fe04328fd00 ffffffff 00c00000
GS =0000 ffff88802b600000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000008f000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=000055dcf7597000 CR3=00000000237a6000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000008082082 Opmask01=0000000000000000 Opmask02=00000000dfff7fff Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000001 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 554245440045534f 4252455600524f52 5245004c41544146 0054454955510029
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 554245440045534f 4252455600524f52 5245004c41544146 005445495551000c
ZMM20=0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004
ZMM21=6852dbb06852dbb0 6852dbb06852dbb0 6852dbb06852dbb0 6852dbb06852dbb0 6852dbb06852dbb0 6852dbb06852dbb0 6852dbb06852dbb0 6852dbb06852dbb0
ZMM22=759e55d6759e55d6 759e55d6759e55d6 759e55d6759e55d6 759e55d6759e55d6 759e55d6759e55d6 759e55d6759e55d6 759e55d6759e55d6 759e55d6759e55d6
ZMM23=484dce30484dce30 484dce30484dce30 484dce30484dce30 484dce30484dce30 484dce30484dce30 484dce30484dce30 484dce30484dce30 484dce30484dce30
ZMM24=f00fe26df00fe26d f00fe26df00fe26d f00fe26df00fe26d f00fe26df00fe26d f00fe26df00fe26d f00fe26df00fe26d f00fe26df00fe26d f00fe26df00fe26d
ZMM25=bee8cfbcbee8cfbc bee8cfbcbee8cfbc bee8cfbcbee8cfbc bee8cfbcbee8cfbc bee8cfbcbee8cfbc bee8cfbcbee8cfbc bee8cfbcbee8cfbc bee8cfbcbee8cfbc
ZMM26=179ee93c179ee93c 179ee93c179ee93c 179ee93c179ee93c 179ee93c179ee93c 179ee93c179ee93c 179ee93c179ee93c 179ee93c179ee93c 179ee93c179ee93c
ZMM27=08bca2a608bca2a6 08bca2a608bca2a6 08bca2a608bca2a6 08bca2a608bca2a6 08bca2a608bca2a6 08bca2a608bca2a6 08bca2a608bca2a6 08bca2a608bca2a6
ZMM28=000000200000001f 0000001e0000001d 0000001c0000001b 0000001a00000019 0000001800000017 0000001600000015 0000001400000013 0000001200000011
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=a9070000a9070000 a9070000a9070000 a9070000a9070000 a9070000a9070000 a9070000a9070000 a9070000a9070000 a9070000a9070000 a9070000a9070000
info registers vcpu 3

CPU#3
RAX=0000000080000000 RBX=0000000000000001 RCX=ffffffff81cb03b0 RDX=ffff88801f8cc880
RSI=0000000000000000 RDI=0000000000000005 RBP=ffff88801f70b520 RSP=ffffc90000f1f7b0
R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000002 R11=00000000a9b9eeb3
R12=ffff88801f70b500 R13=dffffc0000000000 R14=0000000000000002 R15=ffff8880404de000
RIP=ffffffff818cb8d8 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88802b700000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000d6000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000000000000000 CR3=000000006fad6000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000008
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000022800000000 0000000400000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000