last executing test programs:

45.84386998s ago: executing program 2 (id=377):
socket$kcm(0x10, 0x2, 0x0)
r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0)
write$UHID_DESTROY(r0, &(0x7f0000000100), 0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7, @void, @value}, 0x94)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000980)='sys_exit\x00', r1}, 0x10)
write$UHID_INPUT(r0, &(0x7f00000003c0)={0x8, {"af0017fef6cac234b620d307e5e6c2c606e2f2ab320e7a3ca8796870d47be5a4cf5b1b53f50a743e751a3a0f7413c438796811aebd9a070f86a26f8a2d1b4a5518fae4726564bbb6293b9e267f2ed01c33bf7d187214734803de91c7a7692829c56a072854eb8a30e653fee4329b85dfe562a2f353a5eb507a09cb11bdb0ef1df3461bb13759b84fb73a290a5347a0882d4d9e02924c259e6ff9bf04dc8f11f89601e4de62a41d0344451576bc98cc94e50acadde707c23b477344c7a48b83d6a5de4dee3c9da1abb64f8cbd75811e5996d03c6ce39c2ed9ec329ae8ee870bd69e012863cb99702873ac4846de7929c803e2a98061bb313b036b98a8d23f0dbd559459d53bca6c2c9e101d809a6ba00247266918a7585b3a2f10aedee5c8bab8a0669b0d2f784f021a719e868e055b2a9974ee4e0e3baae8e4e5e42f576e2be3b0bb1c104fd6129e4909722912e4a873655ebaf23fa02795746e0e03afc991987ef7e10695c681180ca633549890bb8c6876ceaa77568544b03c7814d84219a1e6a84b2978b365d05770e9a9b27a295419df35b3125f2ca5276a3eabc42a3a0411c81ffa02095050c4c82f43f3381ce7f35711c1fc83550f7770b697ee77f0a5f037d98bfe8dff1932f1beabf0cdd34fe3ad87ba4b499ef99d593623b7f74e927072e4e86da41161498093c8ea32be9dd6cb171b96b2f64c97b47c6e19c295eb8ddfef41b8c6d70422e55330e2c943fe3771ae5d35121fb5649d5f92c7b69000b79300cb13771757608851c05e6534c74d5d9339a213faa1a23194db81d45efdc961cd559f24e9b4d6990b6b2b804a61827985ca044fd10ef7777eb842975757747c5cb1bd02d4deb54876f3e97290987a70a214140f022991751708cf7d358be884cac3b4eb94fa5feb4bec289c7b9309f85609c47fc2eb73c6fa16c4fdd0414efe519a17ce1556e1c591bdda95476dc38fe1920e7552542f558fd6ac1b61e152fb8066ac87b43c627655e8337356d508932b2d31e9dd7923fd037b5ce0eac695fe5ebf1303995634c6638a6a577f7ce00f7577359342805b09856f57fc2a559fbba97abfb3b63a91ac2a3806e6567bf657bcd7487a011e7766adf8bb659fe9dd855febfbd6bdd505f15bd513e60f26d1f3ffe3674251048afa704048693cd3c976c15ed2133c6d4dea777354ab9c62df72e22f10d060ec1f6f42deaa393e9ff5db4fc194707b701f14f81924e29a9e7ede940309183c04ee63265cbca32b30fe157ed28c64121d9b2ffca60e2aa8ce00d7d2d8ff5fd479df431aa25a53802c4f2608a6dfd61d0bf5e5f00cfb6c7035a009f1913a3f638ac5efc841876b2ec664a4957658908d5efa62a9286668a8ca5820a5f7bc32cb6479db8a2d2b4d153d7d54bca3e096ba34e90ca6b6f6863504a5cbb1711f40a9c0c0737228b5a55c9044ff09778085e307498a4c79a874e31eadb07ca6fe15c22dab474418b0f68c47b2d0e3ba644794331035129ec68fb483966540ab359ad05a2e3b1412cc61797f98b5dc6d8878a39a841ec25b720707139fe1915711c95fd322c9589136ea972a41ceb39af5e8d582d2739f24a8ee387610a43984d3b426e00d7fa6c0cfb4e351327ea9a87b21709d8c3f2484c2f06b788e924f20e68605b44e2f0a7e7a6c277230cd2c72fce914aa13ebae4623a5b402a5d5f00cf5b0e51583739e32a452c4e4b1fcbaaf930f1d18d23ce3b2b31803a83707b9aa865bb91fd4126a79a69cf3914e23e45ae3512d2b50c4c7b2c9a6e11f36d45d8123a3822dfbe4236bb3c6c78303f765c93f35978a8651314dbdfd131f1f259218ecd2d9125dd960f9950a5636192e17292db25225a30130788c07cc94dadefd14a441c1b73114b16e7fb0554a81f52453aecef0052192c67f6a4cde5a8e0d2c1101cbf9fea30a8e1a579d5ca6ce495b510ac704f0804c025f778c658d82fea5fc15f6074ce9806c5b8a48d815fb7090355b918a2bd16955b9a6dfdbb445316211eacc25fb97fc806deefec434ef50f1223322f4539ec6a35f2917cf06e412fc3d435dd6341a55c9597f6145aadef596857d712005297b8cc2153ef142c34600c4c7d0140b7cf998a056de4802beb5d9450e9878544ed1b878a34e6af36821fbe3b9b8cb0d6e6b6722054ad230463f7a3c5841af7713ecf01fd723fc688df488a008a3bf5c7a4f93b8b8ecc378c4b59ceaa87931d4740701c7613dd4ae57bf26d45cf916cb002d2e5bc5a1454ae99782deab5e76abc4d8caa7f4b4b5fb1633674394588eb07894ba7b25c6dd22599885ad97e4d24388f083368e3bbb0a574bef5967cdf4b038c564b25504d4185e65b80944aa2a1782fb1f32ea3fcb6f7a3b1bc5cf2bebb967e67b211b205e746a229fea8a8e67aa195a58f374f511631580a702eb92f6161cf657d949c04211d598acf12518dfa9a7b9797148b7d8554f187a6a3aa4512e84d03b5c77f89023c16cee7ce5386da04aa17e5b91c157d7940ed6c0cc134cc784594f33e5cbc09ac09594f8cccd63def91db18ac8ba4c7805374c6fed3d5632eab11e95729c08ad6448a31cb025bc92985e0146d0bb95fa7f7d5f2245629806e6df80a76354cf23d13b1909268a24678fc8e0f802a6c17b1e4618a5812d8c728fe7437d6ebc37b8f37bfda7792be21502a9e1787838e6fd48ebb0718071f62f1ce9e91840e572d5386e751c0cbaf397b1693df1ba2299aef65b7a5d4b06615b2c336a9ee3408a4c649e8fc993bf310d4c2d65e66efa7aed829634a0b5848c0bb4a775af90d09be0ac71d2b2c9f08376631f55cf66af4ec50f7a95c2e72c65c829141403b920ccd3c6df4dd5fbc5cf2297da8ae23b53acd655237ed8490b34059dcb0e6c5955f54627863009e2c166ea8d28b9794bb5d1a5acbdd2d855a3017d33c27730ec0d652b6e9cbdc9e10e4380ae777434d463decbf3650c6bedc430388c31fe572519be53b059c36ebbbeb7e7d79f5823f6cd483745cd1fd2c2f19793d2f7eae642d5d707ba988370e730a5a05e80061ba16a24c5ad7b1c064a38885d64956299643cb0aab2e5d659ebb1466b361eb04a561593c9945e42d2162285f3c5dfc50292ff6c8246783a26bbc1b12534f6db5e52993ba080cce223212270a9a106a98bad4b1cd4850744cc8588c715fb37de04eb4bdaf32c9cca3a80bea0bc3bc8d2abd43ac8ac2bc784d96c1244e7c44846ff42848f470fe1a41c01e77f370913fca6039ac716f8f50d0966b0b54e60f5be82616bb90ac7ce881c9cd9d883e1e50103398dc6a63e59aef7f1354ca936ac34bfe8c463b443e806f86d323dc850ead3eb2c64879f38e2e1f2a45b657bd90a8d8f187cf0536286198f8207853b4127d23deeb76808ccd9c6eca025cf90b18382b2a18f4ddc3e060871ae3e638f517d1678b7a918890d5098cd2b06cb21bb65dc3255f936302712081bbb84b72d4bb7c5139f25396504ad68685c3a8a15bba6d8c7a9537a8ac85f1ebb534833410d77744a1b8a512e1c7d735b4f04377252837e22c3934965c03678c43d7cb7e4fee54f1fe95d211261a1b8d7f47356522579b98ccd6de9bf08a525cfdfce6d701b2ee62a3fccd1f4e69eab38dc32f4cb656ffa6aa07e8749ad2d96c38df3bb69f6d5a54e52fd4c657c9a81520c20503ba236b568b38853d521d31c962456fe76bd4bb0eee0b598299390be01bd3d55d5a2dacd0e3ed93bddc2b7bb2afdd8600247e776e6e40dc317d9928ffc50e9f21364fba01ef2c05c15c59fb21c8fa2a2035328b46ec006babb79fbd0e97ff1bf1106c6b1eadc95750cee1abc85915c3f5752b9bc014c134de689ea80c3da726c8fcca3dbbce1e75c7e3324802a5af3ce5c0da68c1b9c805b34234cd005ecf8e892c2149315b5404ffeaa3884be94d7629b08b41ce25e743dfb4b968f647584e7ee02af2fa5347d26b571a473cff97a661b31ea7b4c8b3aef303743cbe19090f4a266f78d39c37b6c52c0c8c2cc5a4cdc96d10efaa7b6bc520d51f2f91b4b5408b7a0d4d9909a2df0780147d40110addc8c0374e289a27b357e9da5ac88a8683dc3be044af37270fca70a38adc0e83c745ee89e80d0a806f033d2d0c022dbb226c1f80569d7529d188ae661ae2cd5286cd3f965fedaacb8679b6e7497a352db4cd9b087e89c3323bafda47ff33d1cbdba0ffbd9b1de4f6435aeeed00c60e0f6d81961df49d57e3c67af6ca37a02ca60aeadb69fe0ca734af02958fa10214f29847fe08f592daaea5d993b2bbd7e444f883a0fd88d4abfcdca5d4f4305afc55ff81d01e5e772db94a4650d53b24be82db133a6c8c2cfca6de22b63d90dd009849022c10ab225a005c4b88f56fe1f29c4d2011ada41a9c315a989d0332411d192bf2e195030bd3aff221344cab637970338079cf0f4c2eebb40521aba1ec97467ff0205bd01aff68c3a3d24c2748b5716d859f1a52f8abf4464e246b57089f3dd08d9cde208204e30509d6069944d15961b1c969e54bcd59e03952568b4bb4c25640f09aeceb162ff8e886e8b0abbf950510a256075c951cb4c4e8e6281b17b71925ceac8e8f0b78a41f865a9fa093841f91f01d7c62ee341544041fc9fcbebbc7412a956bdd38ad05fb6c90a169fc4f22dd7a895fd193365a6d6950b153c7003618f00c1c269e035d9b9770bc8970c04b64bd7bee63386297b2e508e168cbd54bc7ed68184a4b627ec164fe40467c4d8e19dc94e254fa5fb3ae8045f5ceb1812569415adf0f6e9131454c154f1b9e9332ec8e336338f3278fb6da9d42e2cbb7ff23bb6cc9629401471b1f68d891844db8231ed81098ceae6bc7280f0a3051c4bb83f507fdff3052c9724ab0882cad6cf74d9e8c78abfdda13ea18f5a84dfa21e4ebcf1702feeeac51605dcf969c46829b16884ec38712d977d2c2d1a14b3233713100f7053e8394e7357863c2269eef0d07afa6b9991f7a7bd14c826cbd6bc5f03f2256baf19ccfccc3aa1f02875f458906d78a730698cf16bce2a60ad687b10ccdd5f9032313cee634a55894831f92a135c69b29f11ce16e3c789846ba98ee51e182b20936570edd8e7d1cb90e1ec6c02731db64bf8eea75144105f0653914857c22d237bd03902957513c1dea03ba04d666ca2f8afc3b3706397c704b619e2512fadcaa90f23d6de09c15c1f165a6db29803799b61962240d58b045e939cd5fe443ba0a6a991ae9e4cc97f0fcdc9ee4dd21a9128a208afb56758d01a545d95fe8d291985c5be00b4826b46911ce3da26eaade5331daa2a1730c0fac3de2c672cb725859b2ffd67d5a1eea2a66bc9fc9005b63efa132d9d30b90cf7c51547f6ca9e5d038ce8c147451e7d5d73e16dd87c9a90792884b7cf91f1a355ab759a5867991c465993691a7ad959351ba6b9cd1af13dd55983fd893df1add73bc4a38b87fe2551a3569b100e4971848da4eb88051ff0f24e76a6c42d1ae470967c9e607eabc9db89d6c94e5d1a4e26ffca46be2000572b3caf35dfd92b8029fe4fa49c304d272e0cd8e49d6ce86e605e11bbd02e28ed94fe2f389f052f97d7e9dc6a16eb8819871e528983398fb98f6c226c7d72c89361ef4ba4cc97a2ab256b28df208363800b8712b61c0377bc4a8904878b5de1c45da8b83dba6e5e5799724d9cd515dcb7430e73321cdc0ebe4a1208baae9819382e118615bada569192a7c2b7823ce08495310040c4c2dbc28fc29ce5bbcfb266e7c36a8900e8d578023c16ffbb956d0abf68124aced56deb0d1a149e4cc0ec8554b7862ae647a8", 0x1000}}, 0x1006)
sched_setscheduler(0x0, 0x1, 0x0)
bpf$OBJ_GET_PROG(0x7, &(0x7f0000000080)=@generic={&(0x7f0000000000)='./file0\x00', 0x0, 0x18}, 0x14)
r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r3 = dup(r2)
write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c)
sendto$inet(r3, &(0x7f0000000140)="5799493725b4ff8e72e48e43d95b76943dd232a9b856d559a59000c274b6f35124edb9543517a1bb35ea43fcedec810252cf0d144adf280605f78724519627927e7a4eda7ed3fe", 0x47, 0x4090, 0x0, 0x0)

45.742952324s ago: executing program 2 (id=378):
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000080)={0xfff, 0x3, 0x8, 0x2b35, 0x3, 0x7})
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0xe, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="180000000014083d40d504622996c3a0680131d08c4ff1000000000010000000009500e4ffffff0000b57d7efdca1d1cfbc4de361f554b81d55a5a944756eceb592b648e9f460467cce689162c0efd3b9585c005"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000cc0)={r0, 0xe0, &(0x7f0000000bc0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f00000013c0)=[0x0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10)

45.741041802s ago: executing program 2 (id=379):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x48, 0x2, 0x6, 0x201, 0xe4340000, 0x0, {0x1, 0x0, 0x1}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:net\x00'}]}, 0x48}, 0x1, 0x0, 0x0, 0xc041}, 0x0) (fail_nth: 11)

45.664732165s ago: executing program 2 (id=380):
mknod$loop(0x0, 0x0, 0x1)
syz_usbip_server_init(0x4)
ioctl(0xffffffffffffffff, 0x3, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=ANY=[], 0x48)
setsockopt$TIPC_IMPORTANCE(0xffffffffffffffff, 0x10f, 0x7f, &(0x7f00000000c0), 0x4)
bpf$PROG_BIND_MAP(0xa, &(0x7f00000004c0), 0xc)
r1 = openat$autofs(0xffffff9c, &(0x7f0000000380), 0xe8980dfcf06574f6, 0x0)
ioctl$AUTOFS_DEV_IOCTL_READY(r1, 0xc0189376, &(0x7f00000003c0)={{0x1, 0x1, 0x18, r0, {0x1}}, './file0\x00'})
socket$nl_netfilter(0x10, 0x3, 0xc)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x7ff)
syz_open_dev$evdev(&(0x7f0000000000), 0xc0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0x1, &(0x7f0000000000)={0x4000008, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
syz_open_dev$MSR(&(0x7f0000000100), 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
r3 = getpid()
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000001000)=ANY=[@ANYBLOB='trans=virtio,noextend,access=any,cache=fscache,version=9p2000.u'])
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000000)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
r4 = open(&(0x7f0000000380)='./file0\x00', 0x0, 0x0)
getdents(r4, &(0x7f0000000180)=""/98, 0x62)
getpgrp(r3)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f0000000240)=ANY=[@ANYBLOB="1400000010"], 0x74}}, 0x0)
r6 = socket$netlink(0x10, 0x3, 0xe)
sendmsg$nl_route_sched(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000002580)=@newtaction={0x70, 0x30, 0x1, 0x0, 0x0, {0x7a}, [{0x5c, 0x1, [@m_ife={0x58, 0x18, 0x0, 0x0, {{0x8}, {0x4}, {0x30, 0x6, "2bd89d29db9cd3d3421247653117cc1ee73f9f117b1a7f08d6b97561bede0c5e5bb2d516bb47f67acc1cd3a1"}, {0xc, 0x7, {0x1, 0x1}}, {0xc}}}]}]}, 0x70}}, 0x0)
syz_io_uring_setup(0x0, 0x0, &(0x7f00000003c0), &(0x7f0000000440))

44.211717003s ago: executing program 2 (id=384):
socket$nl_route(0x10, 0x3, 0x0) (async)
r0 = socket$nl_route(0x10, 0x3, 0x0)
io_uring_setup(0x0, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x3, 0xffffff7f})
r1 = openat$ndctl0(0xffffff9c, &(0x7f00000000c0), 0x40202, 0x0)
ioctl$DRM_IOCTL_GEM_FLINK(r1, 0xc008640a, &(0x7f0000000180))
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000080)=ANY=[@ANYBLOB="440000001000030500"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000002400128009000100626f6e64000000001400028008001f80ac1414aa08000700f9", @ANYRES32=r0], 0x44}}, 0x0)

43.993263776s ago: executing program 2 (id=385):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0x3, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast})
r2 = gettid()
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r4 = openat$cgroup_procs(r3, &(0x7f0000000100)='cgroup.procs\x00', 0x2, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
write$cgroup_pid(r4, &(0x7f00000001c0), 0x12)
r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r6 = openat$cgroup_ro(r5, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0)
write$cgroup_int(r6, &(0x7f0000000200)=0x1, 0x12)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff)
r7 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r8 = openat$cgroup_ro(r7, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0)
write$cgroup_int(r8, &(0x7f0000000200)=0x1, 0x12)
r9 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
read(r9, &(0x7f0000000200)=""/209, 0xd1)
ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r9, 0x4040534e, &(0x7f0000000080)={0x335})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(r9, 0xc0105303, &(0x7f0000000500))
tkill(r2, 0x7)
write$tun(r0, &(0x7f00000024c0)=ANY=[@ANYBLOB="3a2f080000030300000000000000450a0fc0006400c404069078ac1e0101642101004e204e2147fd6be4208a70c3d4e238eec0aa64861010d88aaf3b906ed390b26bbfefed8bc65372e1a768c0727b8c92f6506de613cc82a025525e1b6800e1e0c3b16a0afefc2b61075c", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5140141a90780002b898f48a5203aec1c20360cd2ef7d58da55b659aa6992f305f3fb5d188f517abf96e559cce7d2282a54862bc80a51035e81c9f2d030a6cd6e7c83ed735fe91a467f79be2c7d85f7529eff6f03e92199b12eae0ad8d098f78165de6ccd711c6be47076c700a8a74e5b91a9355bb250b70cc5af2c4219f1cf2fa23910722a02956f3612fc9f024e77b9d745b22dacc05c41e125d6487e6ffd4ca8db7a1f2befb5708d551a43ad989dc418b24f8fefc9febd72b8504db532be5759ec8a0e4e48662c5f29dd566101c64946a9c9b8e12fd22f56093a80f345a106dc2b95ccb043f0131602e6ef13caddcc9fcfa2e40ab3b603ff5881f4fba3c8bbfffd05510a5952a6335b6e02fe85927bd050bfc265b2afd2735345a9380f5af879144d2479fc06afc9252d7d28710570837daa46d2b942be5433f46ca6cc0efe65e5b874fede589d6026c20e28749a857eb0b9bd9157a247cde360572592da40909d903ef6c4c10cc06f59b45d0e0991bc820bfef700ca4e2b6aad5c32d2a8a807e9333e0eddec1c0ed393deb690e1b827db9f5da75dbc32874e5fcc5c76c05c0ec2fb1e8d5918cd09023865e9008cca311ed9672237bcf925fa09ae410683726998bf0ef51937e764e55a09e009429c8eeae288eda500541b7a33d29d492493084ba2c0a89dc61126d3fae08440bb57473adfdeadb98bdada889ebc36ae25649e5b7187e0d2dd011b39e037f3cad6e0e2161ab344173e125545945b1debe71f24213f581df639d486bf77ccc6da56997708b76eb6cbde470ad004fbfb84e8d1495a2d7bb544f282dad56316b50472015c74847e3209ef4a6edbff327ec99dd0288214d9329f433bc71698808201bf0a769d608fac5faf16c32a09c34750040d9d19aa8b4071c051338527952e5afcfd2e33a14d9f123c6dd5f1a3c47583ff6e3c154eff46c1942bbc357add5253d96f5b6dc6e440271a377b03db190ed081e2989dec4a839e1c2d7fecfaa2459f62151b9ef4716fbc15fd86812763fbaf38e4d5af6d0c8b830436770819361104f30bd8ba795f9104dfb7370d1c6940819d6432b159fbbe633a093ff4dc3c44c4623e16eddb6151ef904fc96b87957ab22230dd6c2458fbaa438d3c22ac055ce4253db8fdda2077f0159fddc1306b0277d122c51cc577b2b6dee459f1bf28c6d94178a0fc3e382f6b58e1db6cda5eca7dc0720e61d59ec794a02295ccdeedc811457e30e8548a8be271c69f0cbfd08fdcfa281ec3b1ea7bb2ff784be0a732344cc0978b37507d448330149537f1de512d4952e2d6a8901be7bf9c8497ffdc3910096e2ef5c2d056f909621f1c8c90702c9469fcfb9ccda91123da96c4c8381718624e74948ce35b4ddc47982d392d84fe377a0e4edcf34f4bc814d12a5fee04ed6750b074fd046a47c59b84c6d465bce16101ced3d8f6b8a9d1d8b96f730569dd4bce831c188c236b5c600349932d42d846dbd6d5ecd07a89c6f535237567aebd4eb12bbfe5120e0c0e5f077005394e71772d796bbe82be4e014c63c8a1c4bbbddf186d94eb73313e91a97ce8ade5c6ec3defd412842f1afc7c642bbb94ce29a16ea298291519a5f5a6f5782a17fcd9af20699f70307270c5b6f88606c986aae6766130d63278b64a09fa4850ec92b72d2e19f1b8a305c237061af9f85ea6d2d33ea5c77754eaaa0b221e7883da6e95d6f031f033df057faa24c078a7ad1e922f371b076d7b492d5837f6f4a0980f882b160f581f2fdd551baf1fdccfb2677871eb55bdaf8c6c158bb9ae0684fec562045ba365ff7443c60e7381d0ffa426b98640bc6f95b8191dc2e14cec948871d5fbbfe46c6f669c1a4f98dc4cfdebe8bca4fd627acb475c9c80875d766c976116e7a2245088cc70a51242756710a6164e417d4fe7f2bb4f878df548598021f246492211d9c780a9d66b47c19e4924f2ba392a54ddbf73d61eab4c45dfa3510f705bd23c0ecc7210b3f982e328142f74e10edce9677990b862965594b9c671dc0e7c193b7df65de53f953e53ec0789a36c0895cf063ff0d2711b28e177d457192493454d07ad162c8f4a2db7db5761928fdb45311a44be6af7e170b3dd38783ceb9c5745deb957f6fc1cc073d7abe2cc5c58c29136b89c745085304457ce9e1394b1c4de3c664fa843c5183e45f65137e57b627a9938dfcb3cdf60829e5d8014534df04da80c53613a419d8811a4cc9f8a483a3488f942b1e9f69730f9861b70d6e42efbb147ce969854a56877c64a9c5e7e3852994d8d36b86aadc74c3b765307af433c23b0e963f95966beb7cc859bcf9217a52df243a41532cb4b0b316677db0104f12aca9fee6fd5908169451b0fcccf0cfdfbf3de802cc2488a532d5d7de6582c5645160c5ef673d2c95d5b8b2d99ed9486c069798f13c14eab4c99fd509fa9f879d18a5f0bdefd8f44ad0c9280ca9335ed661cb6cc22264f95e1f3443b41a044e4a15ab73f20bed9f6caa6bf231351fd882c11320e40f61718d4c43e99f98a72b459e9ce6eab66903a4ca67560e6c3579c558140e9a365d380b21064f70ed5ad62be784e4f75619fe92a4b6c22438a5907bb234570b962389228a9a454caa0579253a8d697dd890663f0bbed83e2c249dcab4db3d4124202abed769bbc90aa21ae521d9153352bec7eb6e0623fe9486bb2c1dbda0726daa64343304e6b878f768404848e5df3be0f1838f71a232cc8737fbc62172c7ee73306edf0b621e76ef35d76c86473926f47bfaaf943abcf63a81449006583ecfbbc3c498f5dd176bbff6e4e51134ffa5b92dcf4719cb789c9fec63955607da72b335ef7fe1c12dc9cdf44a9e83d7ab5a51977ba1168354a1e89bc5e420329c5864393bd3c72cd9f2c9d7b8e79f661a37f4a03105e77aaa28f4978f44abc4f89c458080e93cfaa043c105f396badc033d12dbed823a2e4d24406c7b77cd33630e6257d21a27857beaad037c1031a319d79e6103e1b7600ad9d418e5af02d372d0ddd5e328edf7245b7907632eae607992a8048a24eae71280324cae721e8ce32a5be8adc4704c58de99613bf254d0448c452b7e81fdfd8b3c1b3ff8d573678448aef089e5477e1174bc424c77b08bf81144faadd289d04a02fc19cab03ff2cee402693fb215c4b4b12afcbc532646eed43aa6408df1b2d738e611d5082053882b5a69e0e6ae967c89ebb2980c933c04337acac94130de8e1e99acb3878685a4d0e3f7c95179f4e8d6674ced26a91099da84fa0ff485a0cab23b35de4f8091a22e22a969d1daf17549b092b0353468b3d0918f514a1248a3d4a19767bf037cff673771fa22c6ee4952728a8126eac03e50aece013d0c59bb9bc230c48f3115b37a482bae47ca56f8b10419b78195ec89dbd381a04a7ffb645ad53f60783d4997d7cab42591735ad56d565d33325715e2fc29ed8c64869485fd6e14136f4a5f66681668b519c749a790b6417a853ef04015aeeefc48bd85aa351186f728b5f1b0183c03d2168d52dbed1ce13aa3c673458dabeed746d513593b6c561a79f399b498396fd94473aa2acea127591eeeff8f691dddf95288e06203c1e779ba7f5b2b7764e8aad4a44e547d5470193acfbfac984bdda75d8b35eb2258abdcf47ee7df549d499204d19c0b89a91f1aef847f375b5cf1f0829d538d14361327073c0edb6605810f330c401270c8eb35eb97aed751feb21211a51a9031ed386fa1598618a38ae9a1c86ae64c84727b1864f64b4da71a7a3195c2757fed49945d63458d89cf5c536bdd441f3f265fc9d61a554087a9b2b83660c0c17e15d9d1d40065ba244453fb08b4ea027e3301ea254513633704ca1a496c7ad2227ca99cf07c58b1c11deb9216e940e2e1243d75b4a6882e84581cc727bcfea0d20d39cb545830a99da07659b347922df1f29ca7496e493826fac4b8f1d641fee7460e99fccd8672473e59a6c240d09a541e460e5f2945776c707212bb33a5ee5051961f21592d9ea3ae018b8fbc2140e6151f14ff033a6dbb1afbddd684b6a9d5f29b7f273b430dab91c53cd89e191adc78c7ce20bb4340425531cfc23f119a5eab1d7c73bc703b7fba48c8038c068df1f77eda5e18b2f2609d9d99de2768349987ba51cb98f698797051844c0c8637bf2f7ffac991ccf95e1b5eae9d7d25e7f3e0bdc788d99754a8be1baddafc4f0914f1a05bf8bec1a40bd2135539150da59d4163c67a575bc6dd7f2f786114c372842795601e8569e28c949e8bdc96e5a43cb6639dedf1ef1f054e0d42589a16d30e296b6dfdac6e13a6c68e03bd39dc172b6007b01793ceafa13c6379d2b820e98e9e87891e3bbdc688f62c56ef80c67ad066a53e36141af58fa9734429498580dc6d32d1c2e8cc722b4f9dd9d165d07b7b536c398df39dee06f48ad422492fe1777619f49e153ad276c86fbf8f607e7b1e9d6040889f166eb8a73ddba4668d6618b31c36b6427b1cd3cb97ef268ec1f1b049a35bceddff9147fde7309db0c474be42a6d54150172df4d5614106ea5f134cf543a70105a0a75f649d6de1a9bd3858bcccf3b220886ea6a7702dbe7f17e03a022a0ffc5145da4895bcb41da3fc5a2a10bc7b2a70a3a86ef8fa600d24894260cdbbf3c36313f3b1e9e8096921b625cb9c7f3ab8423277c9b80743a2185c95e9e7fb3f6d63669257fac197b7a73c5a4a2c4a2df52af705b46b56ade64c8a4265373a770676ec7fe3738843402f63a79f0ddb59e4bf439e4eac709a0127e9588e1538872af3916a12a1a850206392c16e17fab5a7d72bc3e9caad7bab64481728861016c124888210d06e31005ffbd39a65abbf69ce1683de2bb9f90e4955deb7afd23e90e3e11fcbd55627ab48cea806cf5da35e094bbaab42dbbdb454599a6659c2ce10845dc2beba123ae01f043c8c13c463634546e3fc913360adf2441ce3753840af235b0828ee6f74bac40d08d7b8dd8828af44a577e52e9adc86d895e1e561881320091c18bf7c466c945c4872dfc884858f5d710e0f9786878e09a906896308135097da35e465e140f22171878a42f3fe2f0872656b4ffbacc54dd99baef3c58450f1d585e3e3b8c1a9bf0f6afb9858fd6f58791382ff65d926d49f5e02abc84bd4df49ed5beec83517fbf782f983353398063831a1a4668afd7bbe2275c712497686ccff4c447f34cb4dd6b5af0f2e517fea11783d265db2c6dacb393fa3e2d484c3a62c516fe24294ca324bea8095265d560c6f68ae278c7bc34afb7309eb96fbf851af3616fd07e335d010804e60e44a57d38a2d79a19a5f9b22daec534d0379b3fe8a3a6cd8c63b585dcf00abef832b402fd3c0dd95037bb5be517b14ac6627408ba35f15cc4aa0fa96d888baa2d82b4efdf27a018330cca8a83eb587ca8a2536bdd5ab7d783044c76166d27c15299cbe3d82a612236157d25c73b19a3f454309500822206d9ea91f77ea58291d3527f85fcd7f44f1dd4bec1fdd26ee5bbc11620a62fc8c6887904b9f3bde3c640b7e4ba801f49f90e191ade5df7d39f0999a2b5e32f3385c0ec657c6ea6da3bc3d417b3b3856f92bcbbf0eb30ef02715a53dfece840180678d156e79d8149987a1172212529cec710a2bed59478371ab88b8c769ae17b8cf8b1f3d3161f629b1"], 0xfce)

3.503916552s ago: executing program 1 (id=635):
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/partitions\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
getsockopt$IP6T_SO_GET_ENTRIES(0xffffffffffffffff, 0x29, 0x41, 0x0, &(0x7f0000000740)=0xfffffffffffffede)
socket$kcm(0x10, 0x2, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r2 = dup(r1)
write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c)
syz_io_uring_setup(0x239, &(0x7f0000000380)={0x0, 0x7e38, 0x8}, 0x0, 0x0)
mknod(0x0, 0x8001420, 0x0)
timer_create(0x0, 0x0, 0x0)
bind$vsock_stream(0xffffffffffffffff, 0x0, 0x0)
r3 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r3, 0x7a7, &(0x7f00000000c0)=0xa0000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r3, 0x7a0, &(0x7f0000000040)={@host})
ioctl$IOCTL_VMCI_DATAGRAM_SEND(r3, 0x7ab, &(0x7f0000000000)={&(0x7f0000000540)={{@host=0x10}, {@host}, 0x400, "d49e0b1f09a3e05cb898141464441748655937bb34d22f02362479246bb6372d891a3b5dafa58a6abc5a678d6874fc8fb5f8a529c6e30103484f2667c174fb6cda19ea0a9301bc3238eb816e9c3882f243bcd4bd7115b26dacf5923f060498d471cb4f789562fcda119739dd1a5b0e4e1a4a64dbd7b398bd4e7a247d81f968f2e945f293fc3860bf11f0424193fce743067d27f0ac187b44b128a4999547f73d8c35d3c2bd8b51bbc9a31123f773be89e109cc71b8ec29a539083c0cba15b0899c7181ba154c28b3c4e2ebe360ac44f942a703b9a3a37fbbefe9ae0de04a32336a6eba07b2fb6ad426d56e17291bb1a9d1fcdaa939378bab6dd2eac37b369ef163c9e0fc8039352c24d8147fcc2e2559b47066abd21a3a5f83f239a2227d17d4ca90f60ed9acc243ed38818e3883a985106b54dc157b67022525a74e8f9cb99852760359278d5d22294a70433ba4cec5147fbb09b1d0008ba76257f1c5af6b8d6bf3bcfd5a468a566a4e98fe5f264f2663b72cb421c90d8b7883ddfb5749b27a3e146f9d8538706fea61b07c6e064446337439b9d5a5dc82f6c63c57d6ba0e709b7c1b15fa8367f8e6df2cf59b0b30740ef47c5cccffce5911569591ce4ab62275964cd147e87a30cc6e71f7e40e161997cdbadcfbfb6c54e0289ac137508b7b5339414e4ab7afcc420148e37d49b664cc07c8178a3b50f566c5bdd3aa9217ef909805972bd63ee1d729b282cd866c183744b20da3227f9d43843236b571c8d3237408c266e08d0699ebd30e0820362664ab323b15d3ae9896d6120aae6ef9085f53a2b39cc31238b031476c86e6b16d7703fcbacc7269ce8622eab1cfdf82a364209ec4ac912db924bb76bc35ddf8d0e7a3aff0d08a48c07be47303b59653d9409f14dc59ac33cae5e010466f54d86772e43e3680863bb9bf10c971f16a731e601d7fcdbb91d7146e7834d89059ad522d70398c2bacf113ed791e32f933dfa23f5d6d11bfc9d9e0f04a34b0eddd99d16cd9712485e0a5c9aaf1ebf3f14d00005f8960b6145cbb7d4522692ebe1f9491f87a29ed67c5fb60f5e69bde2a758742999fc986a2dbf6199977e9b446691bf9f95d0abd84557c77ea13356c977d0f098ab9fec85acbd6447f2e6893e2fa6a0a7b272dab66e69b7def48f8b3583a53a0941fb3e4367fa8d56e05ee3b265f17ca0439fcdcea276f7f0a9bf4c2a324d7143658007cf4019e8da69ba1b7dff4383714cbcb71dfe6f1b1ac5d5e99394cb2c360ddb1889d92cd36f8fc72ac865f1c6445957b2a57c1af59ef8d2e9fe328ec2bde763d65c4dea965042f540515bf2f879d1b26309ebc1d7f76c569fa88fbe61845e96e93d3b6025b6285777e59495943596c128fdacc545263ce458bf99f57d7e5dc77f65cf650902b5b6d5af9359334759843365bf0dfb244817a40e8cc9030"}, 0x418})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, 0x0)
r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
fcntl$getownex(r3, 0x10, &(0x7f00000001c0)={0x0, <r5=>0x0})
ptrace$getenv(0x4201, r5, 0x6, &(0x7f0000000200))
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'macvlan0\x00', <r6=>0x0})
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000400)=ANY=[@ANYBLOB="740000001000030500"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000004c0012800c0001e7006d6163766c616e003c0002800850a20dcd0000001c0005800a000400aaaaaaaaaabb000002000400d8928afb70280000080003000300000018000400aaaaaaaaaabb000008000500", @ANYRES32=r6], 0x74}}, 0x0)
ioctl$IOCTL_VMCI_DATAGRAM_RECEIVE(r3, 0x7ac, &(0x7f0000000980)={0x0, 0x418})
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r3, 0x7a8, &(0x7f0000000180)={{@my=0x0, 0x9}, @hyper, 0x0, 0x4, 0x140000000000000, 0x3, 0x9, 0x8})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100))
r8 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/compact_memory\x00', 0x1, 0x0)
sendfile(r8, r0, &(0x7f00000000c0)=0x58, 0x5)
getsockopt$MRT6(r2, 0x29, 0xcf, &(0x7f0000000140), &(0x7f0000000240)=0x4)

3.503417276s ago: executing program 3 (id=636):
ioperm(0xfffffffffffffffe, 0x9, 0x0)
openat$uinput(0xffffffffffffff9c, &(0x7f0000000080), 0x802, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0x1, 0x8, 0x2, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
close(r0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x6, 0x5, 0x1000, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, &(0x7f0000000200)=ANY=[@ANYBLOB="1802000000000000000000000000000018010000786c6c3a00000000070000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000080000850000000600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = gettid()
timer_create(0x0, &(0x7f00000001c0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
connect$inet(0xffffffffffffffff, &(0x7f0000000200)={0x2, 0x4e20, @loopback}, 0x10)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f00000008c0)=0x2, 0x4)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x8, &(0x7f00006dbffc), 0x4)
bind$inet(0xffffffffffffffff, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57)
sendmsg$xdp(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000600)=[{&(0x7f0000000940)="b961d2f27c17de791c37dcb4e84cacc08072e280a7dbaba20ce02a4e9ea0f8bc694411c335b8858bda3a168c6172b1ca7ab72989f4d836f4e0c2602e806848c1bd2ea1e71928db18e9f6478f44fb56f5eb8796a09669d58a17e7b9a9738caf5b354e2c49483de43062505c932e9afb872305e08d38231464e0ce8917b714a72bc3a7ce98a456ffd6a77b4ff027057c9005a9db348f6a7f24129c9627d7df0091ad2ea48c62709777d4faf2ff41e0c454bc6536c608931926629bbe148044ee2ffda647d86a035545638494aaf8029ae0f23fec1af4d20a8e9b2ae6081f60c71ca4938c9c71c39755434f3e403dfbcace5c62ac8aec39a86ca22be14dc29df5d4e0d48356c598ee5063bc9e8dd2df49d2f7daa188c6d70b8f89db366e476836d2b59d1c5ce103b7fd4206ccbfff24172267056546ac0848aba73d759e0fbd6ec7cf0e2b31ea6adb0ea9ef986d7a829ace2a6669058d5601aea9e97074e2ad864aba112a16fa9e52a999447993fabc205e1171915d72ab40100d911a0c395e0b58d48065f3814da4a240ee5782839863d6b918a9c554c1178b73544d6fb9f01708f43b92753905c1ccc94100cb22cd842d6ef0f74bcc08beaa6a920b88f69eb3f638ca5a16b9ea9e339013a18d682326cd749b8d12833960f8305eeaf028810f79f43eac990755df3fe59e3e4a9a7e508676dac1183f92e9a35f1d7e34f285bccc6ad9c7bc037d8bf4e64ac7a377d88add6b686e38c10cf50ed7d8d0e186a26ce9d15d076cb3b22f02457cca794038bf8dde1e57d05bbec774244828f59f8d9b739bb160272e7e09c0e9813bd93465d9467a9d7276e2f7019779de9cfa9dad515330fc59e61c6ccf1ee5869e59c18e6d07bc9c91d2f1a6405e89c3931734f3788aa32235c715f8361a4b231d7b7eea28860ffd095acbb7428465a01dd7eacb5a21055bffc3ee30da0181bae3916b0fe503908adc29de0f90d8b483ea7358d128ba7b9a3a3f89b03920fbc6253a23f225d7fb1857923acd4f7e01192a58a1104fe97443343268830f07737f4e11f6a5121522cf723b04877af2dc7bc6162a9a0ffdb41a662389d60abe9e521cbf15b6da7932a19fcf501da4ed90a55f48e865078883b240d83b175158926c83c9e421835e29be77fc3fbd41ca2d2b85e9d9075464216abac993f2130bc3628966f0695bf8d6483b4c60d7ebaceccbcffd762939ba1afdf4370fd0486454186c6fd9e67f492ed1841fbe28fb59f91cf5e5c1f76122a5d9f872d6a8a383655583923c4c15df8f0868e1cf5ea3de58c0c12d39edb1f8953a2ff4c4a7c5eb74fd0e975a859a84876f618c1af0df83eaf22fc53ff15a9f14bba0d7c730b8291d2e17e53078303a2c0df7aceac9c147b215d35e992e4af957610cd8e0de70906d599caef004e609021e0989f3800e835bc1ef08010dae0651b545ac40c5544433dd47e8e3afc77dedab66332c47807450a9da135dc9ac12438cb758baef5034013132c76b0e337c2411c4c4119c0f82b77d5dac4af39b779cd5577f521ffd26686b761f67298ecb3ee283f95b7d96732941977bebad36c5d19e053fc9ecccd1f6b46e47d50107a5228836b64404de203d24faf21245d051a6363e38d2ed2b40d5c395351e81854041fca953319e1cc8cc8d4b221fd7bfb091ef309760d91e8c60939af69212332b9507b111ecc63e3fca11f8ac45acd9cb81e0557ef8ea0ec509894bf054acf9163ca58d917e088f42edb0454bd8a902d35d61d50ca421e40c6acf915149c2b55af761bbd7902263d5308b31877a4b25eb6401e2f8b9cd81903d3f525a17e7113e912dde23bcd09e08c71e519fba0c69431728ebefe465687c3b76e4fd0583a0a82b9b1ff1250a6e524e2c89d4d7bbf8a8bf59432d4721a38201058e54515c09bd470f105c06cc11daa22e82a0ba772642e5a5050cd0663c34c64501ac32c6266866706e555c6eda5c7755fc56addd898a58626172cd965d718cc0eede1495a4f90f1e327ef613b8586c5bad6e3d72e5a6abfcc53d4645a9e02a55f43b8c7bcf96f9cc3c916f4b850b572f901120cccc4e298a3fc1e2342a93583680d293c5f5079d050013a6f44308e1fe6f0ce8b6cf9ef03418633a228bf49870438297ee8992dcc643a46a48ff3ccd2cfcca3ffbba4a9526557f7f550ed8d23f228b0c14cfad5ac68dfce898516c836d05914c728725f93104a55374fabb37df038118eb4795500ed5d6b9a5ac1a910ed57d2c507cf8093773ffd0959adcabebda7ad8bec5fac6c8e237ae56a4ff44f10d906200635a728cbb51", 0x664}, {0x0}, {0x0}], 0x3}, 0x0)
sendmsg$alg(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, 0x0}, 0x0)
ioperm(0xfffffffffffffffe, 0x9, 0x0) (async)
openat$uinput(0xffffffffffffff9c, &(0x7f0000000080), 0x802, 0x0) (async)
bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0x1, 0x8, 0x2, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) (async)
close(r0) (async)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x6, 0x5, 0x1000, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, &(0x7f0000000200)=ANY=[@ANYBLOB="1802000000000000000000000000000018010000786c6c3a00000000070000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000080000850000000600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) (async)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) (async)
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) (async)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async)
gettid() (async)
timer_create(0x0, &(0x7f00000001c0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000000000)) (async)
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) (async)
connect$inet(0xffffffffffffffff, &(0x7f0000000200)={0x2, 0x4e20, @loopback}, 0x10) (async)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f00000008c0)=0x2, 0x4) (async)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x8, &(0x7f00006dbffc), 0x4) (async)
bind$inet(0xffffffffffffffff, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57) (async)
sendmsg$xdp(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000600)=[{&(0x7f0000000940)="b961d2f27c17de791c37dcb4e84cacc08072e280a7dbaba20ce02a4e9ea0f8bc694411c335b8858bda3a168c6172b1ca7ab72989f4d836f4e0c2602e806848c1bd2ea1e71928db18e9f6478f44fb56f5eb8796a09669d58a17e7b9a9738caf5b354e2c49483de43062505c932e9afb872305e08d38231464e0ce8917b714a72bc3a7ce98a456ffd6a77b4ff027057c9005a9db348f6a7f24129c9627d7df0091ad2ea48c62709777d4faf2ff41e0c454bc6536c608931926629bbe148044ee2ffda647d86a035545638494aaf8029ae0f23fec1af4d20a8e9b2ae6081f60c71ca4938c9c71c39755434f3e403dfbcace5c62ac8aec39a86ca22be14dc29df5d4e0d48356c598ee5063bc9e8dd2df49d2f7daa188c6d70b8f89db366e476836d2b59d1c5ce103b7fd4206ccbfff24172267056546ac0848aba73d759e0fbd6ec7cf0e2b31ea6adb0ea9ef986d7a829ace2a6669058d5601aea9e97074e2ad864aba112a16fa9e52a999447993fabc205e1171915d72ab40100d911a0c395e0b58d48065f3814da4a240ee5782839863d6b918a9c554c1178b73544d6fb9f01708f43b92753905c1ccc94100cb22cd842d6ef0f74bcc08beaa6a920b88f69eb3f638ca5a16b9ea9e339013a18d682326cd749b8d12833960f8305eeaf028810f79f43eac990755df3fe59e3e4a9a7e508676dac1183f92e9a35f1d7e34f285bccc6ad9c7bc037d8bf4e64ac7a377d88add6b686e38c10cf50ed7d8d0e186a26ce9d15d076cb3b22f02457cca794038bf8dde1e57d05bbec774244828f59f8d9b739bb160272e7e09c0e9813bd93465d9467a9d7276e2f7019779de9cfa9dad515330fc59e61c6ccf1ee5869e59c18e6d07bc9c91d2f1a6405e89c3931734f3788aa32235c715f8361a4b231d7b7eea28860ffd095acbb7428465a01dd7eacb5a21055bffc3ee30da0181bae3916b0fe503908adc29de0f90d8b483ea7358d128ba7b9a3a3f89b03920fbc6253a23f225d7fb1857923acd4f7e01192a58a1104fe97443343268830f07737f4e11f6a5121522cf723b04877af2dc7bc6162a9a0ffdb41a662389d60abe9e521cbf15b6da7932a19fcf501da4ed90a55f48e865078883b240d83b175158926c83c9e421835e29be77fc3fbd41ca2d2b85e9d9075464216abac993f2130bc3628966f0695bf8d6483b4c60d7ebaceccbcffd762939ba1afdf4370fd0486454186c6fd9e67f492ed1841fbe28fb59f91cf5e5c1f76122a5d9f872d6a8a383655583923c4c15df8f0868e1cf5ea3de58c0c12d39edb1f8953a2ff4c4a7c5eb74fd0e975a859a84876f618c1af0df83eaf22fc53ff15a9f14bba0d7c730b8291d2e17e53078303a2c0df7aceac9c147b215d35e992e4af957610cd8e0de70906d599caef004e609021e0989f3800e835bc1ef08010dae0651b545ac40c5544433dd47e8e3afc77dedab66332c47807450a9da135dc9ac12438cb758baef5034013132c76b0e337c2411c4c4119c0f82b77d5dac4af39b779cd5577f521ffd26686b761f67298ecb3ee283f95b7d96732941977bebad36c5d19e053fc9ecccd1f6b46e47d50107a5228836b64404de203d24faf21245d051a6363e38d2ed2b40d5c395351e81854041fca953319e1cc8cc8d4b221fd7bfb091ef309760d91e8c60939af69212332b9507b111ecc63e3fca11f8ac45acd9cb81e0557ef8ea0ec509894bf054acf9163ca58d917e088f42edb0454bd8a902d35d61d50ca421e40c6acf915149c2b55af761bbd7902263d5308b31877a4b25eb6401e2f8b9cd81903d3f525a17e7113e912dde23bcd09e08c71e519fba0c69431728ebefe465687c3b76e4fd0583a0a82b9b1ff1250a6e524e2c89d4d7bbf8a8bf59432d4721a38201058e54515c09bd470f105c06cc11daa22e82a0ba772642e5a5050cd0663c34c64501ac32c6266866706e555c6eda5c7755fc56addd898a58626172cd965d718cc0eede1495a4f90f1e327ef613b8586c5bad6e3d72e5a6abfcc53d4645a9e02a55f43b8c7bcf96f9cc3c916f4b850b572f901120cccc4e298a3fc1e2342a93583680d293c5f5079d050013a6f44308e1fe6f0ce8b6cf9ef03418633a228bf49870438297ee8992dcc643a46a48ff3ccd2cfcca3ffbba4a9526557f7f550ed8d23f228b0c14cfad5ac68dfce898516c836d05914c728725f93104a55374fabb37df038118eb4795500ed5d6b9a5ac1a910ed57d2c507cf8093773ffd0959adcabebda7ad8bec5fac6c8e237ae56a4ff44f10d906200635a728cbb51", 0x664}, {0x0}, {0x0}], 0x3}, 0x0) (async)
sendmsg$alg(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, 0x0}, 0x0) (async)

3.121257179s ago: executing program 3 (id=637):
r0 = io_uring_setup(0x7867, &(0x7f00000003c0)={0x0, 0x4f4c, 0x80, 0x1, 0x286})
io_uring_register$IORING_REGISTER_BUFFERS2(r0, 0xf, &(0x7f00000004c0)={0x1, 0x1, 0x0, &(0x7f0000000340)=[{0x0}], 0x0}, 0x20)

3.061729565s ago: executing program 3 (id=638):
r0 = io_uring_setup(0x155, &(0x7f0000000000)={0x0, 0x4, 0x20, 0x1, 0x219})
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.bfq.io_serviced\x00', 0x26e1, 0x0)
close(r1)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000))
ioctl$SIOCSIFHWADDR(r1, 0x8b0b, &(0x7f0000000080)={'wlan1\x00', @random="02000000000a"})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[@ANYBLOB], &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2)
r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000000)={r4}, 0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0x4, &(0x7f0000000140)=@framed={{0x18, 0x2, 0x0, 0x0, 0xb31}, [@call={0x85, 0x0, 0x0, 0x87}]}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r5 = io_uring_setup(0x7f37, &(0x7f00000003c0)={0x0, 0x4f4c, 0x80, 0x1, 0x5e, 0x0, r0})
io_uring_register$IORING_REGISTER_BUFFERS2(r5, 0xf, &(0x7f00000004c0)={0x1, 0x1, 0x0, &(0x7f0000000340)=[{0x0}], 0x0}, 0x20)

2.833184843s ago: executing program 1 (id=640):
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000300)={0x15, 0x65, 0xffff, 0x0, 0x8, '9P2000.u'}, 0x15)
pipe2$9p(&(0x7f0000000140)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180"], 0x15)
r2 = dup(r1)
write$P9_RLERRORu(r2, &(0x7f0000000040)=ANY=[@ANYBLOB="8b"], 0x53)
write$RDMA_USER_CM_CMD_SET_OPTION(r2, &(0x7f0000000180)={0xe, 0x18, 0xfa00, @id_afonly={0x0}}, 0x20)
write$RDMA_USER_CM_CMD_BIND_IP(r2, &(0x7f00000002c0)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}}}, 0x30)
write$binfmt_elf64(r2, &(0x7f0000000280)=ANY=[@ANYBLOB="7f450700000053c407cd"], 0x7c8)
mount$9p_fd(0x0, 0x0, &(0x7f00000000c0), 0x0, &(0x7f0000001340)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid}], [], 0x6b}})

2.763027176s ago: executing program 1 (id=641):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
process_vm_readv(0x0, &(0x7f0000008400), 0x0, 0x0, 0x0, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_open_dev$radio(&(0x7f0000000000), 0x0, 0x2)
pwritev(r1, &(0x7f0000000240)=[{&(0x7f0000000040)="0c70a57814f2", 0x6}], 0x1, 0x5, 0x0)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r3=>0x0})
ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000000100)={<r4=>r0})
getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, &(0x7f0000000280)={<r5=>0x0, 0xd5, "39db80a308626811aa17e2ae6a029b2513ad5947b4cf35b4840ab3c844b140c6ff745d70b3349396ccfffc5a1f97df675541699fc29fdb60150de8328723765516aaaa61c188ba6de4fcacefb560b514c9fed6d1da4a7d2f00875022eda9469c8327eb6fd33ebdf0eecee7eef8f98c6ea007d644caa58ff86ec83550be287953633684f1ea42a009dcf962065f4bb4b18b4a8266d381a1bf6ae0eed9ecbd0662be83ac3acf63d47ffcd09d56a3e78f6e56b773f540cdee0e112094c387affa98a85aeed16419d888b3e19ebc8ca4444ca804bcc41d"}, &(0x7f0000000140)=0xdd)
setsockopt$inet_sctp6_SCTP_AUTH_DEACTIVATE_KEY(r4, 0x84, 0x23, &(0x7f0000000180)={r5, 0x3}, 0x8)
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r3, @ANYBLOB="25003300d0000000080211000001080211000000505050505050000003"], 0x44}}, 0x0)

2.762612356s ago: executing program 1 (id=642):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xfffffffffffffd4a)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, 0x0, 0x0)
r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000940), 0x0)
r2 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000001700), 0x0, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r2, 0xc0285700, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r4, 0x8933, &(0x7f0000000040)={'batadv0\x00', <r5=>0x0})
sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)=ANY=[@ANYBLOB="4800000010000104000000000101000000000000", @ANYRES32=0x0, @ANYBLOB="0900000020000200200012800e0001006970366772657461700000000c00028008000100", @ANYRES32, @ANYBLOB='\b\x00\n\x00', @ANYRES32=r5], 0x48}}, 0x0)
ioctl$SYNC_IOC_MERGE(0xffffffffffffffff, 0xc0303e03, 0x0)
r6 = dup(0xffffffffffffffff)
r7 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(r7, 0x400454ca, &(0x7f0000000080)={'nicvf0\x00', 0x3666b165f8ff1357})
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r8 = syz_io_uring_setup(0x23b, &(0x7f0000000280)={0x0, 0x0, 0x10100, 0x0, 0xfffffffe}, 0x0, 0x0)
io_uring_enter(r8, 0x0, 0x0, 0x0, 0x0, 0x0)
write$binfmt_aout(r6, &(0x7f0000000a40)=ANY=[@ANYBLOB="0b010a05520100009101000001000000ea0200000100000000000000000000007c583bb37667e48e33656d1cdb7caa1bfa619fd7993ca5f319514030de1973c90a8a0fba7ec22c1de00d5e4204255a1e4d6b392c2b5141440cf8ac8ac7896e7144ab2e3b21e109b5fc2d0aade4a2958560287f2e396d55235315b31a17716a4fa07858d84d1a653af33e8f178a3ceb236148fca98516e1d8a693714a4dd290ae5a9f3b8cc5ffd03500"/1947], 0x7a8)
pselect6(0x40, &(0x7f00000045c0)={0x5, 0x800, 0x4, 0x2, 0x0, 0x0, 0x1}, 0x0, &(0x7f0000004640)={0xf6, 0x0, 0x80000000000000, 0xffffffffffffffff, 0x200000, 0x5, 0x1000000000000000}, 0x0, 0x0)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000000000)=0xc)
ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r1, 0xc004500a, &(0x7f0000000080))
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000))
r9 = epoll_create(0x7)
epoll_ctl$EPOLL_CTL_ADD(r9, 0x1, 0xffffffffffffffff, &(0x7f0000000a00))
mmap$dsp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000b, 0x8012, r1, 0x0)

2.08998146s ago: executing program 3 (id=646):
creat(&(0x7f0000003dc0)='./file0\x00', 0x27)
openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$KVM_SET_IRQCHIP(0xffffffffffffffff, 0x8208ae63, &(0x7f0000000280)={0x2, 0x0, @ioapic={0x8000000, 0x0, 0xffffffff, 0x1, 0x0, [{0x0, 0x0, 0x0, '\x00', 0x80}, {}, {0x4, 0xfd}, {0x0, 0x35}, {}, {0x0, 0x4, 0x4}, {}, {0x0, 0x4}, {}, {0x0, 0x0, 0x3, '\x00', 0x48}, {0x0, 0x79, 0x7f}, {0x0, 0x0, 0x0, '\x00', 0xff}, {}, {0x0, 0x0, 0x10}, {0x0, 0x7, 0x6}, {0x0, 0x0, 0x0, '\x00', 0xfe}, {}, {}, {0x43}, {}, {0xa, 0xff}, {}, {}, {0xfc}]}})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f00000000c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x7, 0x0, 0x0, 0x0, 0xc})
ptrace$pokeuser(0x6, 0x0, 0x3, 0xa0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r3, 0x29, 0x1b, &(0x7f0000000000)={@remote, 0x3, 0x1}, 0x20)
r4 = syz_open_procfs(0x0, &(0x7f0000000080)='net/anycast6\x00')
preadv(r4, &(0x7f0000000040)=[{&(0x7f00000001c0)=""/70, 0x46}], 0x1, 0x25, 0x0)

1.583452471s ago: executing program 1 (id=648):
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x3, 0x0, @loopback}, 0x1c)
connect$inet6(r0, 0x0, 0x0)
sendmmsg$inet6(r0, &(0x7f0000002b00)=[{{0x0, 0x0, &(0x7f00000017c0)=[{&(0x7f0000001600)='/', 0x1}], 0x1}}], 0x1, 0x0)
r1 = syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x2, 0x1}, &(0x7f00000000c0)=<r2=>0x0, &(0x7f0000000280)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_SHUTDOWN={0x22, 0x9})
io_uring_enter(r1, 0x3516, 0x0, 0x0, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r5 = openat$cgroup_type(r4, &(0x7f00000001c0), 0x2, 0x0)
write$cgroup_type(r5, &(0x7f0000000280), 0x9)
r6 = openat$cgroup_procs(r4, &(0x7f00000002c0)='cgroup.threads\x00', 0x2, 0x0)
syz_open_dev$video4linux(&(0x7f0000000040), 0x0, 0x0)
openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0)
write$cgroup_pid(r6, &(0x7f0000000c40), 0x12)
r7 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r8 = openat$cgroup_ro(r7, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0)
syz_io_uring_setup(0x406f, &(0x7f0000000640)={0x0, 0x0, 0x10100}, 0x0, &(0x7f0000000600)=<r9=>0x0)
syz_io_uring_submit(0x0, r9, &(0x7f0000000180)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
write$cgroup_int(r8, &(0x7f0000000200)=0x1, 0x12)

1.177468656s ago: executing program 3 (id=649):
r0 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
fcntl$getown(r1, 0x9) (async)
r2 = fcntl$getown(r1, 0x9)
sched_setscheduler(r2, 0x5, &(0x7f0000000080)=0x2)
mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x0, 0x12, r1, 0x0)
bind$bt_hci(r1, &(0x7f0000000380), 0x6)
r3 = socket$unix(0x1, 0x5, 0x0)
openat$sr(0xffffff9c, &(0x7f00000002c0), 0x0, 0x0) (async)
r4 = openat$sr(0xffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r5 = openat$procfs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/meminfo\x00', 0x0, 0x0)
read$FUSE(r5, &(0x7f000000ac40)={0x2020, 0x0, 0x0, <r6=>0x0, <r7=>0x0}, 0x2020)
setreuid(0x0, r6) (async)
setreuid(0x0, r6)
lstat(&(0x7f0000000140)='./file0\x00', &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, 0x0, <r8=>0x0})
lstat(&(0x7f0000000500)='./file0\x00', &(0x7f0000000600)={0x0, 0x0, 0x0, 0x0, 0x0, <r9=>0x0})
setregid(r8, r9)
getsockopt$inet_IP_XFRM_POLICY(r3, 0x0, 0x11, &(0x7f00000003c0)={{{@in6=@private1, @in6=@private1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r10=>0x0}}, {{@in6=@remote}, 0x0, @in6=@private2}}, &(0x7f0000000300)=0xe4)
fstat(0xffffffffffffffff, &(0x7f00000004c0)) (async)
fstat(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, 0x0, <r11=>0x0})
r12 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r12, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000cab000)=0xc) (async)
getsockopt$sock_cred(r12, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r13=>0x0, <r14=>0x0}, &(0x7f0000cab000)=0xc)
setresuid(r13, r13, r13)
stat(&(0x7f0000000340)='./file0\x00', &(0x7f0000000540))
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r15 = socket$nl_netfilter(0x10, 0x3, 0xc)
syz_clone(0x800000, &(0x7f0000000340)="94ac0221cba736df250fb8fb2834965a0d5abda8428520ab0eb75b433d61be3506c977471f0207ddae81c9677fc207b5543a679602cdabe6371c7aea80d8d50c916d26bae2adc2cd9736fada855659bb24790e273379d7fd195f904a8bb83992f4", 0x61, &(0x7f0000000280), &(0x7f00000003c0), &(0x7f0000000400)="fc3dc377bc9a8af2c677695259b8895bd0e563a01090269cc895104e321b8fe46ed06fc1584b96c9874845cdaf540b670f3c1f19cd8956f4b7216314e6a77eeab40bc66b609bfe2a263b99c5f91f5d102cd4cc05840faf76c91503107e9c24319c96e402684f5e47c0116cfb4d9c0dade66b65cb4f5ff8447c0aaf784d76bd4d0a8717762458b284fa69550b220ad5193449b11a181b6f6a103aa9418f86a4e791bc2d77ad85dba2e1802fb0b5321a717af6744081a3aeff7525ab35053ec3c8ed548bc658b63ca03b9b179e06d395f2f655575251ef3acb7685de7ddb4f5f84") (async)
syz_clone(0x800000, &(0x7f0000000340)="94ac0221cba736df250fb8fb2834965a0d5abda8428520ab0eb75b433d61be3506c977471f0207ddae81c9677fc207b5543a679602cdabe6371c7aea80d8d50c916d26bae2adc2cd9736fada855659bb24790e273379d7fd195f904a8bb83992f4", 0x61, &(0x7f0000000280), &(0x7f00000003c0), &(0x7f0000000400)="fc3dc377bc9a8af2c677695259b8895bd0e563a01090269cc895104e321b8fe46ed06fc1584b96c9874845cdaf540b670f3c1f19cd8956f4b7216314e6a77eeab40bc66b609bfe2a263b99c5f91f5d102cd4cc05840faf76c91503107e9c24319c96e402684f5e47c0116cfb4d9c0dade66b65cb4f5ff8447c0aaf784d76bd4d0a8717762458b284fa69550b220ad5193449b11a181b6f6a103aa9418f86a4e791bc2d77ad85dba2e1802fb0b5321a717af6744081a3aeff7525ab35053ec3c8ed548bc658b63ca03b9b179e06d395f2f655575251ef3acb7685de7ddb4f5f84")
sendmmsg$unix(r3, &(0x7f0000000bc0)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x24000000}}, {{&(0x7f00000000c0)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f0000000140)=[{&(0x7f00000001c0)="e45e581c8ac6abc9b9a6a004b8ba613195fc3316d1a23193664866f44880522571c6b5ed5323d278fd7546ac2ea4b14c10a12adc50a550384686654a2ecb0c7ca6b83573dd065343a77b4b661e33e311e465c1ae00eb32f3c8979b2be279dc9da14c83391e9a38ece9c1d0429e42aa99b7d64bc555189c18ca8b69105909deca07a3a117f8329cb43f7d582630dce93daa70e45c9770458bea22aa3ef9c87f536be4510fa30f2a7247f36534971756666781a67cebe3fded1dd7a34c29f1dcd4b4f5ab2a51fa7b85e2edb8bba8f4202f8094", 0xd2}], 0x1, &(0x7f0000000c40)=[@rights={{0x34, 0x1, 0x1, [r1, r3, r0, r0, r3, 0xffffffffffffffff, r4, r3, r0, r1]}}, @cred={{0x18, 0x1, 0x2, {r2, r6, r9}}}, @cred={{0x18, 0x1, 0x2, {r2, r10, r11}}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, r12, r1, r12]}}, @cred={{0x18, 0x1, 0x2, {r2}}}, @cred={{0x18, 0x1, 0x2, {r2}}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, r0, 0xffffffffffffffff, r0]}}], 0xcc, 0x4000004}}, {{0x0, 0x0, &(0x7f0000000a00)=[{&(0x7f0000000680)="c6b3feceb0071ea1efca07e034b450ddfa709c10fe37acc79adbe46e96b22591172ab098a6e63774e0062a23cf52b33d14b1d598bb7c32779f2a903b2b78289721ed65e00e946bb8cf0dcd2e2a89dba3a40f53f3f3d93408ee2f554e7c39ff865b719d2b301c022e0f7c5c071630c1ab29e7dd3fc4992617b5e4c6891452adf179a0a4089b074e79bfb33e6fbcbf8ad1d748a375b1622b", 0x97}, {&(0x7f00000008c0)="a9e3690220bf3decb1a9ddb842d34eecd7788714111511e20903ee4e7c1bd80f2ceba39dcfa9eacfd2ceb4a200ddc190ba5143eb85f65336a29b075e0e5c006dc1a7a70a", 0x44}, {&(0x7f0000000940)="cd678c5031ed044557bb9cb4a2d6ba57704f5e9c0a90e76b848f3443ee10fa99e8180fbe2edd30a48f5555016eae2b695824bf39b40729d9c8ad94c5ea7c4712a3ea4d63c63ac140344bb1440583ce700752390b027757500b32c2eb58e54718d9a00c4b379101b6afc9fe88787e3353c19971f64be47ec08a5dbebc0fdf6de96670f18697ecfb021810aeea3193c5aab5feff814449a06ea04cc9d632ed5c9020c3abad8ff6e0dadaaa9880", 0xac}], 0x3, &(0x7f0000000740)=ANY=[@ANYBLOB="180000000100000002000000", @ANYRES32=0x0, @ANYRES32=r13, @ANYRES32=0x0, @ANYBLOB="180000000100000002000000", @ANYRES32=r2, @ANYRES32=0x0, @ANYRES32=r7, @ANYBLOB="2c0036616a45cdff1d491505c23bf119022e672ad95815711d31f127ff7f2eaefe643c1d1d043402b2f750fed6f5ad94afde292e47401f49780cdf16d8112f3edd2415d83f27adb7d577", @ANYRES32=r4, @ANYRES32, @ANYRES32=r12, @ANYRES32=r1, @ANYRES32=r3, @ANYRES32, @ANYRES32=r12, @ANYRES32=r12, @ANYBLOB="180000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=r14, @ANYBLOB="240000000100000001000000", @ANYRES32, @ANYRES32=r4, @ANYRES32=r1, @ANYRES32=r3, @ANYRES32=r3, @ANYRES32, @ANYBLOB="240000000100000001000000", @ANYRES32, @ANYRES32=r4, @ANYRES32=r4, @ANYRES32=r1, @ANYRES32=r15, @ANYRES32=r12], 0xbc, 0x2000c800}}], 0x3, 0x8800)
dup2(r1, r0) (async)
r16 = dup2(r1, r0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) (async)
r17 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r17, 0xc0045005, &(0x7f0000000000)=0x1a7) (async)
ioctl$SNDCTL_DSP_SETFMT(r17, 0xc0045005, &(0x7f0000000000)=0x1a7)
mmap$dsp(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x300000d, 0x8012, r17, 0x0)
read$dsp(r17, 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_S_FMT(r16, 0xc0585605, &(0x7f0000000000)={0x0, 0x0, {0x7, 0x6a, 0x200b, 0x9, 0x0, 0x7, 0x0, 0x1}})
sendmsg$tipc(r16, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000240)}, 0x0)

1.123335553s ago: executing program 3 (id=651):
syz_usb_connect$hid(0x0, 0x0, 0x0, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc)
connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000002c0), 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000400)=0x1, 0x4)
recvmmsg(r0, &(0x7f00000061c0)=[{{0x0, 0x300, &(0x7f0000000280)=[{&(0x7f0000000180)=""/153, 0x99}], 0x1}}], 0xffffff1f, 0x102, 0x0)
syz_usb_connect$cdc_ncm(0x0, 0x98, &(0x7f0000000300)={{0x12, 0x1, 0x300, 0x2, 0x0, 0x0, 0x8, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x86, 0x2, 0x1, 0x7, 0x80, 0x7, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x6, 0x24, 0x6, 0x0, 0x1, "f2"}, {0x5, 0x24, 0x0, 0xa}, {0xd, 0x24, 0xf, 0x1, 0x77, 0x6, 0x800, 0x11}, {0x6, 0x24, 0x1a, 0x3}, [@mbim_extended={0x8, 0x24, 0x1c, 0x9008, 0xe9, 0x6}, @country_functional={0xc, 0x24, 0x7, 0x9, 0x3, [0x400, 0x90, 0x40]}, @network_terminal={0x7, 0x24, 0xa, 0x6, 0x3, 0x2, 0xf8}, @country_functional={0xe, 0x24, 0x7, 0x5, 0x5, [0x101, 0x7, 0x4, 0x7]}]}, {{0x9, 0x5, 0x81, 0x3, 0x200, 0x1, 0x2, 0x7}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x210, 0xfd, 0x7, 0x2}}, {{0x9, 0x5, 0x3, 0x2, 0x8, 0x81, 0x0, 0x3}}}}}}}]}}, &(0x7f0000000700)={0xa, &(0x7f0000000080)={0xa, 0x6, 0x310, 0x7f, 0x8, 0x9, 0x20, 0x3}, 0x5, &(0x7f0000000140)={0x5, 0xf, 0x5}, 0x6, [{0x8c, &(0x7f0000000440)=@string={0x8c, 0x3, "dcd8068f88767d6c6e63d104d2416099acb3c68bc3748ccd289710677a2bdfea15c4fefefd0640f4adc740700dcc36794d6f66da593a77c1b08eb441bb00988f4c79655ce1b900348dd79529362dd131791428916b5bb40e7f7518b4c23061db2c73ec79a0516035077d7e34d27361d82ec37eb0d6ce72d13eace79f0993f998f767b3cb38e5b103a4a1"}}, {0x4, &(0x7f0000000240)=@lang_id={0x4, 0x3, 0x459}}, {0x86, &(0x7f0000000500)=@string={0x86, 0x3, "e5cfd575860730f93f6fee67e5507171ddb66dda361a0d8e3b4ea21e635161f5f04aa5e9c395860ca4c2620474a3552535e2197c2c756c95506fcf31ccfbc81dbc9701ec07a8e31a3c9d34cabc604e1a34adf00c33e7ae21d34e8d90fb0051860d459e74755929c7003bd15d4707fc8be1f59dacc696915b6ebd40f370983ba7e5691d2d"}}, {0x17, &(0x7f00000003c0)=@string={0x17, 0x3, "5d327f48747787936f4d8e5e7df6303931dc5346ee"}}, {0x4, &(0x7f00000005c0)=@lang_id={0x4, 0x3, 0x40b}}, {0xe9, &(0x7f0000000600)=@string={0xe9, 0x3, "76b9e66620ffbd34c4debf1449abf74ef0a510246236be161c44f03a310cd298a5912374cb4e865aa2ac81f42e0236eb51a2ffdfdb92514dc60a9842f1267d00e738f233bef58dff4ee670449a8f43596f7e64a081d31b69b3d12c7511750882b9b5f661ee019b8527558c4739c8cd80665a751f82badcc8b066403706567ead977337473bb72cf7cba7b71cbb00b12374ad156f037887fc56ac4b33459fdbb1c04b10739f12defacb64b8cc5fd90005b04c3d1d7e89e1a5ac00b250103909e1536ad81c0b7eb83d1b137d368412c477dd19adf58e2011b317c4ccb89c1f05260c1725f0c8842f"}}]})
write$binfmt_script(r0, &(0x7f0000000000), 0x61)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x2, &(0x7f00000000c0)=@ccm_128={{0x303}, "4f7df9573633230b", "98b8e74af660fac8cebb21603fd6e801", "5d702f9f", "90a1718694dd0ed4"}, 0x28)
prctl$PR_SET_TSC(0x1a, 0x0)

1.018604251s ago: executing program 0 (id=652):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)=ANY=[@ANYBLOB="8c000000090601029e000000000000000200ffff080009400000003909000200"], 0x8c}, 0x1, 0x0, 0x0, 0x10000082}, 0x4000080)

943.666871ms ago: executing program 0 (id=653):
iopl(0x3)
personality(0x8001a0ffffffff)
sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)={0x38, 0x0, 0x1, 0x0, 0x0, {{}, {}, {0x1c, 0x17, {0x0, 0x0, @l2={'eth', 0x3a, 'syzkaller0\x00'}}}}}, 0x38}, 0x1, 0x0, 0x0, 0x8804}, 0x20000001)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000000)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r1, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r2, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

943.534134ms ago: executing program 0 (id=654):
socket(0x10, 0x3, 0x0)
r0 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000340)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', <r2=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000100)=@newqdisc={0x38, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0xf0, r2, {}, {0xfff2, 0xa}}, [@qdisc_kind_options=@q_skbprio={{0xc}, {0x8, 0x2, 0xe}}]}, 0x38}}, 0x4000)

943.352593ms ago: executing program 0 (id=655):
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000300)={0x15, 0x65, 0xffff, 0x0, 0x8, '9P2000.u'}, 0x15)
pipe2$9p(&(0x7f0000000140)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180"], 0x15)
r2 = dup(r1)
write$P9_RLERRORu(r2, &(0x7f0000000040)=ANY=[@ANYBLOB="8b"], 0x53)
write$RDMA_USER_CM_CMD_SET_OPTION(r2, &(0x7f0000000180)={0xe, 0x18, 0xfa00, @id_afonly={0x0}}, 0x20)
write$RDMA_USER_CM_CMD_BIND_IP(r2, &(0x7f00000002c0)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}}}, 0x30)
write$binfmt_elf64(r2, &(0x7f0000000280)=ANY=[@ANYBLOB="7f450700000053c407cd"], 0x7c8)
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, &(0x7f0000001340)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid}], [], 0x6b}})

843.428967ms ago: executing program 0 (id=656):
openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040))
socketpair(0x0, 0x0, 0x0, &(0x7f0000000000))
r0 = socket$inet_dccp(0x2, 0x6, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000002c0)={'bridge0\x00', <r3=>0x0})
sendmsg$nl_route(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@RTM_DELMDB={0x38, 0x55, 0x1, 0x0, 0x0, {0x7, r3}, [@MDBA_SET_ENTRY={0x20, 0x1, {r3, 0x0, 0x0, 0x0, {@ip4=@empty, 0x86dd}}}]}, 0x38}}, 0x0)
getsockopt$inet_mreqsrc(r0, 0x0, 0x53, &(0x7f0000000000)={@dev, @local, @broadcast}, &(0x7f00000000c0)=0x44)
bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0a00000004000000080000000800000000000000006fa90874dec3503c26615d07823f2b82da67349cbf5c566cb834b260c56d9b26db61d6ae6b4077c07e0b38e1381444d0d23ee666bd564b", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000001bc0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES8, @ANYBLOB="0000000000000000b7080000000900007b8af8ff00000000bfa200000000000007020000faffffffb703000008000000b7040000000000008500000003000000850000005000000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x78, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffe16, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r4}, 0x10)
mkdir(&(0x7f0000000440)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000000c0), &(0x7f0000000300)='./file0\x00', &(0x7f0000000080), 0x0, 0x0)
utimes(&(0x7f0000000200)='./file0\x00', &(0x7f0000000240)={{0x0, 0x2710}})
r5 = syz_open_dev$usbmon(&(0x7f0000000140), 0x2, 0x101000)
ioctl$MON_IOCX_GETX(r5, 0x400c920a, &(0x7f00000002c0)={&(0x7f00000001c0), &(0x7f0000000280)=""/53, 0x35})
bind$tipc(0xffffffffffffffff, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x1}, 0x10)
r6 = socket(0x200000000000011, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000080)={'bridge0\x00'})
ioctl$VHOST_SET_LOG_FD(0xffffffffffffffff, 0x4004af07, &(0x7f0000000240))
r7 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='net/arp\x00')
preadv(r7, &(0x7f0000000100)=[{&(0x7f0000000040)=""/38, 0x26}, {&(0x7f0000000580)=""/145, 0x91}], 0x2, 0x8fffb, 0x0)

761.16128ms ago: executing program 1 (id=657):
openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x2, @pix_mp={0x0, 0x0, 0x34324152, 0x0, 0xa, [{}, {0x10}]}})
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000040)={0x4}, 0x4)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0)
r2 = eventfd(0x0)
ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f00000001c0)={0x0, 0x0, 0x0, &(0x7f0000000380)=""/138, 0x0})
ioctl$VHOST_SET_VRING_KICK(r1, 0x4008af20, &(0x7f0000000040)={0x0, r2})
ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000280)={0x1, 0x0, 0x0, &(0x7f00000000c0)=""/87, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000680))
ioctl$VHOST_SET_VRING_ERR(r1, 0x4008af22, &(0x7f0000001480)={0x0, r2})
ioctl$VHOST_VSOCK_SET_RUNNING(r1, 0x4004af61, &(0x7f0000000000)=0x20000)
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0)
unshare(0x4000ff0f)

0s ago: executing program 0 (id=658):
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00')
fchdir(r0)
mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0)
r1 = inotify_init1(0x0)
fcntl$setown(r1, 0x8, 0xffffffffffffffff)
fcntl$getownex(r1, 0x10, &(0x7f0000000140)={0x0, <r2=>0x0})
fcntl$lock(0xffffffffffffffff, 0x7, 0x0)
r3 = socket$phonet_pipe(0x23, 0x5, 0x2)
ioctl$FS_IOC_FIEMAP(r3, 0xc020660b, &(0x7f0000000200)={0x175, 0x86, 0x1, 0x4, 0x2, [{0x6, 0x8, 0x6000000000000000, '\x00', 0x7c86}, {0x0, 0x5}]})
r4 = syz_open_procfs(r2, &(0x7f0000000040)='fd/4\x00')
ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r4, 0x40086610, &(0x7f0000000180)={@desc={0x1, 0x0, @desc3}})
write$USERIO_CMD_SEND_INTERRUPT(r4, &(0x7f0000000100)={0x2, 0x4}, 0x2)

kernel console output (not intermixed with test programs):

 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[   82.869217][ T7041] RSP: 002b:00000000f573556c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[   82.871369][ T7041] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 00000000000089f1
[   82.873407][ T7041] RDX: 0000000020000040 RSI: 0000000000000000 RDI: 0000000000000000
[   82.875740][ T7041] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   82.878043][ T7041] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[   82.880041][ T7041] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   82.882035][ T7041]  </TASK>
[   82.970266][ T7047] 9pnet_fd: Insufficient options for proto=fd
[   83.009448][ T7052] netlink: 'syz.0.202': attribute type 21 has an invalid length.
[   83.017007][ T7036] binder: 7035:7036 ioctl c0306201 20000580 returned -22
[   83.062122][ T7055] binder_alloc: 7054: binder_alloc_buf, no vma
[   83.289989][ T7067] can0: slcan on ttyS3.
[   83.383892][ T7085] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   83.432274][ T7052] syz.0.202 (7052): drop_caches: 1
[   83.447217][ T7086] mkiss: ax0: crc mode is auto.
[   83.455480][ T7052] syz.0.202 (7052): drop_caches: 1
[   83.584728][ T5386] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[   83.789845][ T5386] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[   83.795937][ T5386] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[   83.799789][ T5386] usb 6-1: config 1 has 0 interfaces, different from the descriptor's value: 66
[   83.808080][ T5386] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[   83.812293][ T5386] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[   83.815483][ T5386] usb 6-1: Product: syz
[   83.817054][ T5386] usb 6-1: Manufacturer: syz
[   84.034448][ T7107] FAULT_INJECTION: forcing a failure.
[   84.034448][ T7107] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   84.038331][ T7107] CPU: 3 UID: 0 PID: 7107 Comm: syz.2.217 Not tainted 6.12.0-rc4-syzkaller-00047-gc2ee9f594da8 #0
[   84.041024][ T7107] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   84.043806][ T7107] Call Trace:
[   84.044691][ T7107]  <TASK>
[   84.045476][ T7107]  dump_stack_lvl+0x16c/0x1f0
[   84.046702][ T7107]  should_fail_ex+0x497/0x5b0
[   84.047929][ T7107]  _copy_to_user+0x30/0xc0
[   84.049112][ T7107]  msr_read+0x14f/0x250
[   84.050192][ T7107]  ? __pfx_msr_read+0x10/0x10
[   84.051417][ T7107]  ? bpf_lsm_file_permission+0x9/0x10
[   84.052882][ T7107]  ? security_file_permission+0x71/0x210
[   84.054336][ T7107]  ? __pfx_msr_read+0x10/0x10
[   84.055558][ T7107]  vfs_read+0x1ce/0xbd0
[   84.056648][ T7107]  ? __fget_files+0x23a/0x3f0
[   84.057904][ T7107]  ? __pfx_lock_release+0x10/0x10
[   84.059216][ T7107]  ? trace_lock_acquire+0x14a/0x1d0
[   84.060586][ T7107]  ? __pfx_vfs_read+0x10/0x10
[   84.061818][ T7107]  ? lock_acquire+0x2f/0xb0
[   84.063024][ T7107]  ? __fget_files+0x40/0x3f0
[   84.064437][ T7107]  ? __fget_files+0x244/0x3f0
[   84.065514][ T7108] binder_alloc: 7105: binder_alloc_buf, no vma
[   84.065786][ T7107]  ksys_read+0x12f/0x260
[   84.065801][ T7107]  ? __pfx_ksys_read+0x10/0x10
[   84.065814][ T7107]  __do_fast_syscall_32+0x73/0x120
[   84.071116][ T7107]  do_fast_syscall_32+0x32/0x80
[   84.072404][ T7107]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[   84.074047][ T7107] RIP: 0023:0xf747e579
[   84.075109][ T7107] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[   84.080439][ T7107] RSP: 002b:00000000f576656c EFLAGS: 00000296 ORIG_RAX: 0000000000000003
[   84.082962][ T7107] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020019680
[   84.085338][ T7107] RDX: 0000000000018ff8 RSI: 0000000000000000 RDI: 0000000000000000
[   84.087896][ T7107] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   84.090014][ T7107] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[   84.092030][ T7107] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   84.094099][ T7107]  </TASK>
[   84.107332][ T7111] fuse: Bad value for 'fd'
[   84.108341][ T7080] 9pnet_fd: Insufficient options for proto=fd
[   84.140537][ T7111] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_tx_wq": -EINTR
[   84.174381][ T7080] rdma_rxe: rxe_newlink: failed to add vcan0
[   84.203175][ T5386] usb 6-1: USB disconnect, device number 7
[   84.496342][ T7095] can0 (unregistered): slcan off ttyS3.
[   84.528903][ T7124] 9pnet_fd: Insufficient options for proto=fd
[   84.563669][ T7126] FAULT_INJECTION: forcing a failure.
[   84.563669][ T7126] name failslab, interval 1, probability 0, space 0, times 0
[   84.568764][ T7126] CPU: 1 UID: 0 PID: 7126 Comm: syz.0.212 Not tainted 6.12.0-rc4-syzkaller-00047-gc2ee9f594da8 #0
[   84.571613][ T7126] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   84.574376][ T7126] Call Trace:
[   84.575268][ T7126]  <TASK>
[   84.576211][ T7126]  dump_stack_lvl+0x16c/0x1f0
[   84.577578][ T7126]  should_fail_ex+0x497/0x5b0
[   84.578843][ T7126]  ? fs_reclaim_acquire+0xae/0x150
[   84.580515][ T7126]  should_failslab+0xc2/0x120
[   84.581880][ T7126]  kmem_cache_alloc_noprof+0x6e/0x2f0
[   84.583299][ T7126]  ? __kernfs_new_node+0xd3/0x890
[   84.584826][ T7126]  __kernfs_new_node+0xd3/0x890
[   84.586661][ T7126]  ? __pfx___kernfs_new_node+0x10/0x10
[   84.588686][ T7126]  ? __pfx_lock_release+0x10/0x10
[   84.590559][ T7126]  ? kernfs_add_one+0x39d/0x520
[   84.592056][ T7126]  ? up_write+0x1b2/0x520
[   84.593652][ T7126]  kernfs_new_node+0x186/0x240
[   84.595362][ T7126]  __kernfs_create_file+0x53/0x350
[   84.596697][ T7126]  sysfs_add_file_mode_ns+0x1ff/0x3b0
[   84.598126][ T7126]  internal_create_group+0x565/0xe50
[   84.599517][ T7126]  ? __pfx_internal_create_group+0x10/0x10
[   84.601335][ T7126]  sysfs_slab_add+0x1a3/0x1e0
[   84.602629][ T7126]  do_kmem_cache_create+0x606/0x700
[   84.603976][ T7126]  ? kstrdup+0x5c/0x80
[   84.605039][ T7126]  __kmem_cache_create_args+0x242/0x3c0
[   84.606646][ T7126]  p9_client_create+0xe43/0x11a0
[   84.608501][ T7126]  ? __pfx_p9_client_create+0x10/0x10
[   84.610511][ T7126]  ? __raw_spin_lock_init+0x3a/0x110
[   84.612260][ T7126]  v9fs_session_init+0x1f8/0x1a80
[   84.613580][ T7126]  ? __pfx_v9fs_session_init+0x10/0x10
[   84.614999][ T7126]  ? kasan_save_track+0x14/0x30
[   84.616237][ T7126]  v9fs_mount+0xc6/0xa50
[   84.617397][ T7126]  ? __pfx_v9fs_mount+0x10/0x10
[   84.619180][ T7126]  ? __pfx_v9fs_mount+0x10/0x10
[   84.620934][ T7126]  legacy_get_tree+0x109/0x220
[   84.622674][ T7126]  vfs_get_tree+0x8f/0x380
[   84.624255][ T7126]  path_mount+0x6e1/0x1f10
[   84.625811][ T7126]  ? kmem_cache_free+0x152/0x4b0
[   84.627392][ T7126]  ? __pfx_path_mount+0x10/0x10
[   84.629124][ T7126]  ? putname+0x12e/0x170
[   84.630614][ T7126]  __ia32_sys_mount+0x292/0x310
[   84.632307][ T7126]  ? __pfx___ia32_sys_mount+0x10/0x10
[   84.634188][ T7126]  __do_fast_syscall_32+0x73/0x120
[   84.635977][ T7126]  do_fast_syscall_32+0x32/0x80
[   84.637702][ T7126]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[   84.639819][ T7126] RIP: 0023:0xf746e579
[   84.641339][ T7126] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[   84.647834][ T7126] RSP: 002b:00000000f575656c EFLAGS: 00000296 ORIG_RAX: 0000000000000015
[   84.650694][ T7126] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000020000000
[   84.653359][ T7126] RDX: 0000000020000040 RSI: 0000000000000000 RDI: 0000000020000140
[   84.655761][ T7126] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   84.657818][ T7126] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[   84.659880][ T7126] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   84.661954][ T7126]  </TASK>
[   84.673994][ T7126] __kmem_cache_create_args(9p-fcall-cache-17) failed with error -12
[   84.676139][ T7126] CPU: 3 UID: 0 PID: 7126 Comm: syz.0.212 Not tainted 6.12.0-rc4-syzkaller-00047-gc2ee9f594da8 #0
[   84.678789][ T7126] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   84.681600][ T7126] Call Trace:
[   84.682663][ T7126]  <TASK>
[   84.683688][ T7126]  dump_stack_lvl+0x16c/0x1f0
[   84.685304][ T7126]  __kmem_cache_create_args+0x130/0x3c0
[   84.687172][ T7126]  p9_client_create+0xe43/0x11a0
[   84.688953][ T7126]  ? __pfx_p9_client_create+0x10/0x10
[   84.690896][ T7126]  ? __raw_spin_lock_init+0x3a/0x110
[   84.692678][ T7126]  v9fs_session_init+0x1f8/0x1a80
[   84.694402][ T7126]  ? __pfx_v9fs_session_init+0x10/0x10
[   84.696232][ T7126]  ? kasan_save_track+0x14/0x30
[   84.697903][ T7126]  v9fs_mount+0xc6/0xa50
[   84.699328][ T7126]  ? __pfx_v9fs_mount+0x10/0x10
[   84.700974][ T7126]  ? __pfx_v9fs_mount+0x10/0x10
[   84.702645][ T7126]  legacy_get_tree+0x109/0x220
[   84.704265][ T7126]  vfs_get_tree+0x8f/0x380
[   84.705783][ T7126]  path_mount+0x6e1/0x1f10
[   84.707284][ T7126]  ? kmem_cache_free+0x152/0x4b0
[   84.708959][ T7126]  ? __pfx_path_mount+0x10/0x10
[   84.710834][ T7126]  ? putname+0x12e/0x170
[   84.712474][ T7126]  __ia32_sys_mount+0x292/0x310
[   84.714159][ T7126]  ? __pfx___ia32_sys_mount+0x10/0x10
[   84.716003][ T7126]  __do_fast_syscall_32+0x73/0x120
[   84.717724][ T7126]  do_fast_syscall_32+0x32/0x80
[   84.719483][ T7126]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[   84.721590][ T7126] RIP: 0023:0xf746e579
[   84.722971][ T7126] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[   84.729354][ T7126] RSP: 002b:00000000f575656c EFLAGS: 00000296 ORIG_RAX: 0000000000000015
[   84.732098][ T7126] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000020000000
[   84.734735][ T7126] RDX: 0000000020000040 RSI: 0000000000000000 RDI: 0000000020000140
[   84.737340][ T7126] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   84.739905][ T7126] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[   84.742472][ T7126] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   84.745045][ T7126]  </TASK>
[   84.785486][ T7126] netfs: Couldn't get user pages (rc=-14)
[   84.792755][ T7126] 9pnet_virtio: no channels available for device syz
[   84.913650][ T7136] FAULT_INJECTION: forcing a failure.
[   84.913650][ T7136] name failslab, interval 1, probability 0, space 0, times 0
[   84.923129][ T7136] CPU: 0 UID: 0 PID: 7136 Comm: syz.2.215 Not tainted 6.12.0-rc4-syzkaller-00047-gc2ee9f594da8 #0
[   84.926782][ T7136] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   84.930562][ T7136] Call Trace:
[   84.931764][ T7136]  <TASK>
[   84.932863][ T7136]  dump_stack_lvl+0x16c/0x1f0
[   84.934605][ T7136]  should_fail_ex+0x497/0x5b0
[   84.936336][ T7136]  ? fs_reclaim_acquire+0xae/0x150
[   84.938220][ T7136]  should_failslab+0xc2/0x120
[   84.940066][ T7136]  kmem_cache_alloc_node_noprof+0x71/0x310
[   84.942237][ T7136]  ? __alloc_skb+0x2b3/0x380
[   84.943892][ T7136]  __alloc_skb+0x2b3/0x380
[   84.945511][ T7136]  ? __pfx___alloc_skb+0x10/0x10
[   84.946995][ T7136]  ? hlock_class+0x4e/0x130
[   84.948185][ T7136]  ? __lock_acquire+0x163e/0x3ce0
[   84.949538][ T7136]  __ip_append_data+0x2f79/0x4090
[   84.950893][ T7136]  ? __pfx_lock_release+0x10/0x10
[   84.952292][ T7136]  ? __pfx_raw_getfrag+0x10/0x10
[   84.953621][ T7136]  ? __pfx___ip_append_data+0x10/0x10
[   84.955030][ T7136]  ip_append_data+0x10f/0x1a0
[   84.956259][ T7136]  ? __pfx_raw_getfrag+0x10/0x10
[   84.957565][ T7136]  raw_sendmsg+0xdf7/0x3ad0
[   84.958702][ T7136]  ? __pfx_raw_sendmsg+0x10/0x10
[   84.960023][ T7136]  ? hlock_class+0x4e/0x130
[   84.961212][ T7136]  ? __lock_acquire+0x163e/0x3ce0
[   84.962538][ T7136]  ? __pfx___might_resched+0x10/0x10
[   84.963919][ T7136]  ? __sanitizer_cov_trace_switch+0x54/0x90
[   84.965476][ T7136]  ? __pfx_aa_sk_perm+0x10/0x10
[   84.966771][ T7136]  ? __import_iovec+0x1fd/0x6e0
[   84.968089][ T7136]  ? __pfx_raw_sendmsg+0x10/0x10
[   84.969414][ T7136]  ? inet_sendmsg+0x119/0x140
[   84.970676][ T7136]  inet_sendmsg+0x119/0x140
[   84.971860][ T7136]  ____sys_sendmsg+0x907/0xb40
[   84.973122][ T7136]  ? __pfx_____sys_sendmsg+0x10/0x10
[   84.974484][ T7136]  ? get_compat_msghdr+0x11b/0x170
[   84.975755][ T7136]  ? __pfx_lock_release+0x10/0x10
[   84.977016][ T7136]  ? find_held_lock+0x2d/0x110
[   84.978571][ T7136]  ___sys_sendmsg+0x135/0x1e0
[   84.980294][ T7136]  ? __up_read+0x1fb/0x760
[   84.981911][ T7136]  ? __pfx____sys_sendmsg+0x10/0x10
[   84.983813][ T7136]  ? handle_mm_fault+0x497/0xaa0
[   84.985807][ T7136]  ? __pfx___might_resched+0x10/0x10
[   84.987814][ T7136]  ? __sys_sendmmsg+0x2bd/0x450
[   84.989634][ T7136]  __sys_sendmmsg+0x2a5/0x450
[   84.991364][ T7136]  ? __pfx___sys_sendmmsg+0x10/0x10
[   84.993289][ T7136]  ? vfs_write+0x14d/0x1140
[   84.994976][ T7136]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[   84.997206][ T7136]  ? fput+0x30/0x390
[   84.998694][ T7136]  ? ksys_write+0x1ad/0x260
[   85.000357][ T7136]  ? __pfx_ksys_write+0x10/0x10
[   85.002166][ T7136]  __ia32_compat_sys_sendmmsg+0x9d/0x100
[   85.004241][ T7136]  ? syscall_enter_from_user_mode_prepare+0x68/0xe0
[   85.006682][ T7136]  __do_fast_syscall_32+0x73/0x120
[   85.008577][ T7136]  do_fast_syscall_32+0x32/0x80
[   85.010389][ T7136]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[   85.012707][ T7136] RIP: 0023:0xf747e579
[   85.014217][ T7136] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[   85.021183][ T7136] RSP: 002b:00000000f576656c EFLAGS: 00000296 ORIG_RAX: 0000000000000159
[   85.024189][ T7136] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020005240
[   85.027062][ T7136] RDX: 0000000000264e33 RSI: 0000000000000000 RDI: 0000000000000000
[   85.029958][ T7136] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   85.032802][ T7136] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[   85.035678][ T7136] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   85.038572][ T7136]  </TASK>
[   85.094798][ T5994] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[   85.266402][ T5994] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[   85.269618][ T5994] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[   85.273171][ T5994] usb 6-1: config 1 has 0 interfaces, different from the descriptor's value: 66
[   85.278447][ T5994] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[   85.281845][ T5994] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[   85.284896][ T5994] usb 6-1: Product: syz
[   85.286564][ T5994] usb 6-1: Manufacturer: syz
[   85.540985][ T7133] rdma_rxe: rxe_newlink: failed to add vcan0
[   85.547973][ T5994] usb 6-1: USB disconnect, device number 8
[   85.842690][ T7151] EXT4-fs (sda1): resizing filesystem from 262144 to 1 blocks
[   85.845980][ T7151] EXT4-fs warning (device sda1): ext4_resize_fs:2042: can't shrink FS - resize aborted
[   85.896416][ T7157] can0: slcan on ttyS3.
[   85.907702][ T7160] 9pnet_fd: Insufficient options for proto=fd
[   86.249507][ T5409] usb 8-1: new high-speed USB device number 3 using dummy_hcd
[   86.374053][ T7177] binder: 7176:7177 ioctl c0306201 20000580 returned -14
[   86.411822][ T5409] usb 8-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[   86.414411][ T5409] usb 8-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[   86.418731][ T5409] usb 8-1: config 1 has 0 interfaces, different from the descriptor's value: 66
[   86.422973][ T5409] usb 8-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[   86.430036][ T5409] usb 8-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[   86.431906][ T5409] usb 8-1: Product: syz
[   86.432902][ T5409] usb 8-1: Manufacturer: syz
[   86.648070][ T7165] 9pnet_fd: Insufficient options for proto=fd
[   86.715178][ T7197] rdma_rxe: rxe_newlink: failed to add vcan0
[   86.736067][ T5409] usb 8-1: USB disconnect, device number 3
[   86.777276][ T7199] afs: Unknown parameter '00000000000000000000012'
[   86.805306][ T7153] can0 (unregistered): slcan off ttyS3.
[   86.862100][ T7210] overlayfs: failed to resolve './file0': -2
[   87.001479][ T7208] netlink: 'syz.1.227': attribute type 3 has an invalid length.
[   87.003972][ T7208] netlink: 130984 bytes leftover after parsing attributes in process `syz.1.227'.
[   87.037339][ T7208] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   87.045412][ T7208] batadv_slave_0: entered promiscuous mode
[   87.354757][ T5994] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[   87.525127][ T5994] usb 5-1: Using ep0 maxpacket: 8
[   87.529781][ T5994] usb 5-1: config index 0 descriptor too short (expected 301, got 45)
[   87.532350][ T5994] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[   87.536096][ T5994] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[   87.539268][ T5994] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[   87.542435][ T5994] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[   87.546728][ T5994] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[   87.549755][ T5994] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   87.722398][ T7272] binder: 7271:7272 ioctl c0306201 20000580 returned -14
[   87.760881][ T5994] usb 5-1: GET_CAPABILITIES returned 0
[   87.762899][ T5994] usbtmc 5-1:16.0: can't read capabilities
[   87.945897][ T7276] netlink: 12 bytes leftover after parsing attributes in process `syz.2.237'.
[   87.979470][ T7241] netlink: 4 bytes leftover after parsing attributes in process `syz.0.229'.
[   88.131252][ T7241] hsr_slave_1 (unregistering): left promiscuous mode
[   88.187546][ T7284] netlink: 56 bytes leftover after parsing attributes in process `syz.1.240'.
[   88.190666][ T7284] netlink: 'syz.1.240': attribute type 5 has an invalid length.
[   88.193130][ T7284] netlink: 44 bytes leftover after parsing attributes in process `syz.1.240'.
[   88.204498][ T7284] Zero length message leads to an empty skb
[   88.228595][ T5994] usb 5-1: USB disconnect, device number 7
[   88.434792][    T9] usb 7-1: new high-speed USB device number 7 using dummy_hcd
[   88.586367][    T9] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   88.589222][    T9] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   88.592085][    T9] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[   88.596408][    T9] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[   88.598815][    T9] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   88.603368][    T9] usb 7-1: config 0 descriptor??
[   88.778670][ T7305] binder_alloc: 7304: binder_alloc_buf, no vma
[   88.967618][ T7318] can0: slcan on ttyS3.
[   89.055727][    T9] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0
[   89.058267][    T9] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0
[   89.060637][    T9] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0
[   89.063026][    T9] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0
[   89.070552][    T9] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0
[   89.073345][    T9] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0
[   89.075903][    T9] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0
[   89.078396][    T9] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0
[   89.080770][    T9] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0
[   89.083169][    T9] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0
[   89.085634][    T9] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0
[   89.087902][    T9] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0
[   89.090260][    T9] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0
[   89.092525][    T9] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0
[   89.095151][    T9] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0
[   89.098085][    T9] plantronics 0003:047F:FFFF.0002: No inputs registered, leaving
[   89.108056][    T9] plantronics 0003:047F:FFFF.0002: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0
[   89.151975][ T7328] binder: 7314:7328 ioctl c0306201 20000580 returned -14
[   89.265750][ T7299] can0 (unregistered): slcan off ttyS3.
[   89.921174][ T5411] usb 7-1: USB disconnect, device number 7
[   90.188754][ T7377] can0: slcan on ttyS3.
[   90.275778][ T7374] binder_alloc: 7373: binder_alloc_buf, no vma
[   90.327030][ T7371] can0 (unregistered): slcan off ttyS3.
[   90.601888][   T39] audit: type=1326 audit(1729584094.152:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7391 comm="syz.3.260" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf745e579 code=0x0
[   90.725426][ T7396] binder: 7389:7396 ioctl c0306201 20000580 returned -14
[   91.453603][ T7411] netlink: 68 bytes leftover after parsing attributes in process `syz.1.263'.
[   91.457564][ T7411] netlink: 12 bytes leftover after parsing attributes in process `syz.1.263'.
[   91.461485][ T7411] netlink: 48 bytes leftover after parsing attributes in process `syz.1.263'.
[   92.032535][ T7431] capability: warning: `syz.0.266' uses deprecated v2 capabilities in a way that may be insecure
[   92.199545][ T7437] =======================================================
[   92.199545][ T7437] WARNING: The mand mount option has been deprecated and
[   92.199545][ T7437]          and is ignored by this kernel. Remove the mand
[   92.199545][ T7437]          option from the mount to silence this warning.
[   92.199545][ T7437] =======================================================
[   92.217396][ T7446] Bluetooth: MGMT ver 1.23
[   92.308175][ T7457] binder_alloc: 7456: binder_alloc_buf, no vma
[   92.405446][ T7463] overlayfs: "xino=on" is useless with all layers on same fs, ignore.
[   92.610519][ T7471] netfs: Couldn't get user pages (rc=-14)
[   92.649810][ T7474] netlink: 'syz.1.275': attribute type 1 has an invalid length.
[   92.651788][ T7474] netlink: 244 bytes leftover after parsing attributes in process `syz.1.275'.
[   92.719093][ T7479] input: syz0 as /devices/virtual/input/input5
[   92.967625][   T39] audit: type=1326 audit(1729584096.522:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7489 comm="syz.2.278" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf747e579 code=0x7ffc0000
[   92.974388][   T39] audit: type=1326 audit(1729584096.522:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7489 comm="syz.2.278" exe="/syz-executor" sig=0 arch=40000003 syscall=5 compat=1 ip=0xf747e579 code=0x7ffc0000
[   92.981899][   T39] audit: type=1326 audit(1729584096.522:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7489 comm="syz.2.278" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf747e579 code=0x7ffc0000
[   92.990887][   T39] audit: type=1326 audit(1729584096.522:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7489 comm="syz.2.278" exe="/syz-executor" sig=0 arch=40000003 syscall=21 compat=1 ip=0xf747e579 code=0x7ffc0000
[   92.996399][   T39] audit: type=1326 audit(1729584096.522:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7489 comm="syz.2.278" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf747e579 code=0x7ffc0000
[   93.002604][   T39] audit: type=1326 audit(1729584096.522:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7489 comm="syz.2.278" exe="/syz-executor" sig=0 arch=40000003 syscall=5 compat=1 ip=0xf747e579 code=0x7ffc0000
[   93.011509][ T7489] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   93.011515][   T39] audit: type=1326 audit(1729584096.522:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7489 comm="syz.2.278" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf747e579 code=0x7ffc0000
[   93.011546][   T39] audit: type=1326 audit(1729584096.522:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7489 comm="syz.2.278" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf747e579 code=0x7ffc0000
[   93.029582][   T39] audit: type=1326 audit(1729584096.522:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7489 comm="syz.2.278" exe="/syz-executor" sig=0 arch=40000003 syscall=379 compat=1 ip=0xf747e579 code=0x7ffc0000
[   93.140334][ T7501] Process accounting resumed
[   93.316881][ T7503] binder_alloc: 7502: binder_alloc_buf, no vma
[   93.826054][ T7536] FAULT_INJECTION: forcing a failure.
[   93.826054][ T7536] name fail_page_alloc, interval 1, probability 0, space 0, times 1
[   93.829990][ T7536] CPU: 3 UID: 0 PID: 7536 Comm: syz.3.285 Not tainted 6.12.0-rc4-syzkaller-00047-gc2ee9f594da8 #0
[   93.832764][ T7536] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   93.835571][ T7536] Call Trace:
[   93.836462][ T7536]  <TASK>
[   93.837267][ T7536]  dump_stack_lvl+0x16c/0x1f0
[   93.838485][ T7536]  should_fail_ex+0x497/0x5b0
[   93.839713][ T7536]  ? fs_reclaim_acquire+0xae/0x150
[   93.841159][ T7536]  should_fail_alloc_page+0xe7/0x130
[   93.842542][ T7536]  prepare_alloc_pages.constprop.0+0x16f/0x560
[   93.844096][ T7536]  __alloc_pages_noprof+0x190/0x25a0
[   93.845458][ T7536]  ? mark_held_locks+0x9f/0xe0
[   93.846660][ T7536]  ? finish_task_switch.isra.0+0x217/0xcc0
[   93.848131][ T7536]  ? lockdep_hardirqs_on+0x7c/0x110
[   93.849514][ T7536]  ? finish_task_switch.isra.0+0x217/0xcc0
[   93.851115][ T7536]  ? hlock_class+0x4e/0x130
[   93.852309][ T7536]  ? __pfx___alloc_pages_noprof+0x10/0x10
[   93.853802][ T7536]  ? __pfx___lock_acquire+0x10/0x10
[   93.855173][ T7536]  ? __pfx___schedule+0x10/0x10
[   93.856449][ T7536]  ? __sanitizer_cov_trace_switch+0x54/0x90
[   93.857996][ T7536]  ? policy_nodemask+0xea/0x4e0
[   93.859265][ T7536]  alloc_pages_mpol_noprof+0x2c9/0x610
[   93.860692][ T7536]  ? __pfx_alloc_pages_mpol_noprof+0x10/0x10
[   93.862750][ T7536]  ? do_raw_spin_lock+0x12d/0x2c0
[   93.864419][ T7536]  ? lock_acquire+0x2f/0xb0
[   93.865640][ T7536]  ? kasan_populate_vmalloc_pte+0xfb/0x160
[   93.867136][ T7536]  ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10
[   93.868680][ T7536]  get_free_pages_noprof+0xc/0x40
[   93.870004][ T7536]  kasan_populate_vmalloc_pte+0x2d/0x160
[   93.871474][ T7536]  ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10
[   93.873103][ T7536]  __apply_to_page_range+0x5fd/0xd30
[   93.874481][ T7536]  ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10
[   93.876221][ T7536]  ? __pfx___apply_to_page_range+0x10/0x10
[   93.877748][ T7536]  ? insert_vmap_area+0x2ef/0x4d0
[   93.879070][ T7536]  alloc_vmap_area+0x93e/0x2a70
[   93.880365][ T7536]  ? __pfx_alloc_vmap_area+0x10/0x10
[   93.881761][ T7536]  __get_vm_area_node+0x17e/0x2d0
[   93.883083][ T7536]  __vmalloc_node_range_noprof+0x26a/0x15a0
[   93.884582][ T7536]  ? __snd_dma_alloc_pages+0x50/0x90
[   93.885975][ T7536]  ? __snd_dma_alloc_pages+0x50/0x90
[   93.887357][ T7536]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[   93.889016][ T7536]  ? __mutex_unlock_slowpath+0x164/0x650
[   93.890623][ T7536]  ? __pfx___mutex_lock+0x10/0x10
[   93.891946][ T7536]  ? __snd_dma_alloc_pages+0x50/0x90
[   93.893337][ T7536]  vmalloc_noprof+0x6b/0x90
[   93.894533][ T7536]  ? __snd_dma_alloc_pages+0x50/0x90
[   93.895917][ T7536]  ? __pfx_snd_dma_vmalloc_alloc+0x10/0x10
[   93.897464][ T7536]  __snd_dma_alloc_pages+0x50/0x90
[   93.898810][ T7536]  snd_dma_alloc_dir_pages+0x151/0x240
[   93.900237][ T7536]  do_alloc_pages+0x126/0x200
[   93.901489][ T7536]  snd_pcm_lib_malloc_pages+0x3df/0x980
[   93.902935][ T7536]  snd_pcm_hw_params+0x152b/0x1a30
[   93.904291][ T7536]  ? __pfx_snd_pcm_hw_params+0x10/0x10
[   93.905731][ T7536]  ? snd_pcm_hw_param_near.constprop.0+0x743/0x8f0
[   93.907415][ T7536]  ? __pfx_snd_pcm_hw_param_near.constprop.0+0x10/0x10
[   93.909221][ T7536]  ? kfree+0x14f/0x4b0
[   93.910296][ T7536]  snd_pcm_kernel_ioctl+0x147/0x2d0
[   93.911658][ T7536]  snd_pcm_oss_change_params_locked+0x1410/0x3a50
[   93.913364][ T7536]  ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10
[   93.915147][ T7536]  ? __mutex_lock+0x2cc/0x9c0
[   93.916394][ T7536]  ? snd_pcm_oss_sync+0x306/0x7f0
[   93.917728][ T7536]  ? __pfx___mutex_lock+0x10/0x10
[   93.919017][ T7536]  ? do_vfs_ioctl+0x513/0x1950
[   93.920283][ T7536]  snd_pcm_oss_make_ready_locked+0xb7/0x130
[   93.921802][ T7536]  snd_pcm_oss_sync+0x326/0x7f0
[   93.923058][ T7536]  snd_pcm_oss_ioctl+0x114a/0x3780
[   93.924380][ T7536]  ? __pfx_snd_pcm_oss_ioctl+0x10/0x10
[   93.926053][ T7536]  ? __fget_files+0x244/0x3f0
[   93.927347][ T7536]  ? __pfx_snd_pcm_oss_ioctl_compat+0x10/0x10
[   93.928896][ T7536]  __do_compat_sys_ioctl+0x259/0x2b0
[   93.930298][ T7536]  __do_fast_syscall_32+0x73/0x120
[   93.931649][ T7536]  do_fast_syscall_32+0x32/0x80
[   93.932937][ T7536]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[   93.934616][ T7536] RIP: 0023:0xf745e579
[   93.935703][ T7536] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[   93.940605][ T7536] RSP: 002b:00000000f570456c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[   93.942631][ T7536] RAX: ffffffffffffffda RBX: 000000000000000b RCX: 0000000000005001
[   93.944546][ T7536] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   93.946475][ T7536] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   93.948419][ T7536] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[   93.950470][ T7536] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   93.952535][ T7536]  </TASK>
[   93.968286][ T7536] syz.3.285: vmalloc error: size 2097152, vm_struct allocation failed, mode:0xcc0(GFP_KERNEL), nodemask=(null),cpuset=/,mems_allowed=0-1
[   93.973371][ T7536] CPU: 3 UID: 0 PID: 7536 Comm: syz.3.285 Not tainted 6.12.0-rc4-syzkaller-00047-gc2ee9f594da8 #0
[   93.975975][ T7536] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   93.978649][ T7536] Call Trace:
[   93.979496][ T7536]  <TASK>
[   93.980239][ T7536]  dump_stack_lvl+0x16c/0x1f0
[   93.981404][ T7536]  warn_alloc+0x24d/0x3a0
[   93.982474][ T7536]  ? __pfx_warn_alloc+0x10/0x10
[   93.983675][ T7536]  ? kfree+0x14f/0x4b0
[   93.984714][ T7536]  ? __get_vm_area_node+0x1bc/0x2d0
[   93.986025][ T7536]  __vmalloc_node_range_noprof+0xd27/0x15a0
[   93.987503][ T7536]  ? __snd_dma_alloc_pages+0x50/0x90
[   93.988824][ T7536]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[   93.990353][ T7536]  ? __mutex_unlock_slowpath+0x164/0x650
[   93.991689][ T7536]  ? __pfx___mutex_lock+0x10/0x10
[   93.992927][ T7536]  ? __snd_dma_alloc_pages+0x50/0x90
[   93.994226][ T7536]  vmalloc_noprof+0x6b/0x90
[   93.995353][ T7536]  ? __snd_dma_alloc_pages+0x50/0x90
[   93.996645][ T7536]  ? __pfx_snd_dma_vmalloc_alloc+0x10/0x10
[   93.998117][ T7536]  __snd_dma_alloc_pages+0x50/0x90
[   93.999416][ T7536]  snd_dma_alloc_dir_pages+0x151/0x240
[   94.000761][ T7536]  do_alloc_pages+0x126/0x200
[   94.001921][ T7536]  snd_pcm_lib_malloc_pages+0x3df/0x980
[   94.003324][ T7536]  snd_pcm_hw_params+0x152b/0x1a30
[   94.004671][ T7536]  ? __pfx_snd_pcm_hw_params+0x10/0x10
[   94.006102][ T7536]  ? snd_pcm_hw_param_near.constprop.0+0x743/0x8f0
[   94.007699][ T7536]  ? __pfx_snd_pcm_hw_param_near.constprop.0+0x10/0x10
[   94.009428][ T7536]  ? kfree+0x14f/0x4b0
[   94.010476][ T7536]  snd_pcm_kernel_ioctl+0x147/0x2d0
[   94.011791][ T7536]  snd_pcm_oss_change_params_locked+0x1410/0x3a50
[   94.013575][ T7536]  ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10
[   94.015252][ T7536]  ? __mutex_lock+0x2cc/0x9c0
[   94.016428][ T7536]  ? snd_pcm_oss_sync+0x306/0x7f0
[   94.017676][ T7536]  ? __pfx___mutex_lock+0x10/0x10
[   94.018899][ T7536]  ? do_vfs_ioctl+0x513/0x1950
[   94.020108][ T7536]  snd_pcm_oss_make_ready_locked+0xb7/0x130
[   94.021588][ T7536]  snd_pcm_oss_sync+0x326/0x7f0
[   94.022837][ T7536]  snd_pcm_oss_ioctl+0x114a/0x3780
[   94.024138][ T7536]  ? __pfx_snd_pcm_oss_ioctl+0x10/0x10
[   94.025533][ T7536]  ? __fget_files+0x244/0x3f0
[   94.026727][ T7536]  ? __pfx_snd_pcm_oss_ioctl_compat+0x10/0x10
[   94.028283][ T7536]  __do_compat_sys_ioctl+0x259/0x2b0
[   94.029671][ T7536]  __do_fast_syscall_32+0x73/0x120
[   94.030979][ T7536]  do_fast_syscall_32+0x32/0x80
[   94.032184][ T7536]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[   94.033724][ T7536] RIP: 0023:0xf745e579
[   94.034767][ T7536] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[   94.039404][ T7536] RSP: 002b:00000000f570456c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[   94.041416][ T7536] RAX: ffffffffffffffda RBX: 000000000000000b RCX: 0000000000005001
[   94.043349][ T7536] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   94.045287][ T7536] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   94.047352][ T7536] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[   94.049441][ T7536] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   94.051549][ T7536]  </TASK>
[   94.055246][ T7536] Mem-Info:
[   94.056389][ T7536] active_anon:7338 inactive_anon:0 isolated_anon:0
[   94.056389][ T7536]  active_file:11352 inactive_file:2497 isolated_file:0
[   94.056389][ T7536]  unevictable:768 dirty:312 writeback:0
[   94.056389][ T7536]  slab_reclaimable:9121 slab_unreclaimable:57204
[   94.056389][ T7536]  mapped:17863 shmem:1272 pagetables:738
[   94.056389][ T7536]  sec_pagetables:305 bounce:0
[   94.056389][ T7536]  kernel_misc_reclaimable:0
[   94.056389][ T7536]  free:109262 free_pcp:1468 free_cma:0
[   94.068744][ T7536] Node 0 active_anon:3940kB inactive_anon:0kB active_file:3140kB inactive_file:6300kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:6200kB dirty:4kB writeback:0kB shmem:1980kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:8748kB pagetables:944kB sec_pagetables:1152kB all_unreclaimable? yes
[   94.077395][ T7536] Node 1 active_anon:25612kB inactive_anon:0kB active_file:42268kB inactive_file:3688kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:65252kB dirty:1244kB writeback:0kB shmem:3108kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:2568kB pagetables:2008kB sec_pagetables:68kB all_unreclaimable? no
[   94.086690][ T7536] Node 0 DMA free:2976kB boost:2048kB min:2808kB low:2996kB high:3184kB reserved_highatomic:0KB active_anon:1624kB inactive_anon:0kB active_file:496kB inactive_file:128kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:460kB local_pcp:148kB free_cma:0kB
[   94.095728][ T7536] lowmem_reserve[]: 0 273 0 0 0
[   94.097291][ T7536] Node 0 DMA32 free:36384kB boost:14336kB min:28240kB low:31716kB high:35192kB reserved_highatomic:4096KB active_anon:2344kB inactive_anon:0kB active_file:2644kB inactive_file:6172kB unevictable:1536kB writepending:4kB present:1032196kB managed:306288kB mlocked:0kB bounce:0kB free_pcp:1276kB local_pcp:148kB free_cma:0kB
[   94.105356][ T7536] lowmem_reserve[]: 0 0 0 0 0
[   94.106729][ T7536] Node 1 DMA32 free:400080kB boost:0kB min:47144kB low:58928kB high:70712kB reserved_highatomic:0KB active_anon:25812kB inactive_anon:0kB active_file:42268kB inactive_file:3688kB unevictable:1536kB writepending:1244kB present:1048432kB managed:948252kB mlocked:0kB bounce:0kB free_pcp:3344kB local_pcp:836kB free_cma:0kB
[   94.114711][ T7536] lowmem_reserve[]: 0 0 0 0 0
[   94.116238][ T7536] Node 0 DMA: 132*4kB (UME) 70*8kB (UME) 70*16kB (UM) 18*32kB (UME) 5*64kB (UM) 1*128kB (U) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 3232kB
[   94.120369][ T7536] Node 0 DMA32: 843*4kB (UEH) 252*8kB (UEH) 47*16kB (UMEH) 296*32kB (UMEH) 112*64kB (UMEH) 18*128kB (UME) 9*256kB (UME) 5*512kB (UM) 4*1024kB (ME) 1*2048kB (M) 0*4096kB = 36092kB
[   94.125829][ T7536] Node 1 DMA32: 300*4kB (UME) 246*8kB (UME) 554*16kB (UME) 555*32kB (UME) 383*64kB (UME) 72*128kB (UME) 13*256kB (UM) 7*512kB (UM) 10*1024kB (UM) 6*2048kB (UME) 75*4096kB (UM) = 400160kB
[   94.130873][ T7536] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[   94.133263][ T7536] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[   94.136140][ T7536] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[   94.138577][ T7536] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[   94.140949][ T7536] 15120 total pagecache pages
[   94.142190][ T7536] 0 pages in swap cache
[   94.143212][ T7536] Free swap  = 124728kB
[   94.144425][ T7536] Total swap = 124996kB
[   94.145844][ T7536] 524155 pages RAM
[   94.146837][ T7536] 0 pages HighMem/MovableOnly
[   94.148087][ T7536] 206680 pages reserved
[   94.149262][ T7536] 0 pages cma reserved
[   94.603471][ T7571] binder: 7556:7571 ioctl c0306201 20000580 returned -14
[   94.646433][ T7575] binder_alloc: 7574: binder_alloc_buf, no vma
[   95.392378][ T7599] netlink: 40 bytes leftover after parsing attributes in process `syz.2.300'.
[   95.435402][   T35] usb 6-1: new high-speed USB device number 9 using dummy_hcd
[   95.586265][   T35] usb 6-1: config 0 has an invalid interface number: 135 but max is 0
[   95.589068][   T35] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   95.591832][   T35] usb 6-1: config 0 has no interface number 0
[   95.593863][   T35] usb 6-1: config 0 interface 135 altsetting 0 endpoint 0xA has invalid maxpacket 1023, setting to 64
[   95.597842][   T35] usb 6-1: config 0 interface 135 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 14
[   95.606903][   T35] usb 6-1: New USB device found, idVendor=0403, idProduct=dafb, bcdDevice=2f.d8
[   95.610065][   T35] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   95.612855][   T35] usb 6-1: Product: syz
[   95.614258][   T35] usb 6-1: Manufacturer: syz
[   95.616083][   T35] usb 6-1: SerialNumber: syz
[   95.619144][   T35] usb 6-1: config 0 descriptor??
[   95.622546][   T35] ftdi_sio 6-1:0.135: FTDI USB Serial Device converter detected
[   95.626445][   T35] ftdi_sio ttyUSB0: unknown device type: 0x2fd8
[   95.831023][ T7584] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   95.835076][ T7584] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   95.849260][ T5388] usb 6-1: USB disconnect, device number 9
[   95.865309][ T5388] ftdi_sio 6-1:0.135: device disconnected
[   95.908023][   T39] kauditd_printk_skb: 7 callbacks suppressed
[   95.908033][   T39] audit: type=1804 audit(1729584099.462:19): pid=7608 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.302" name="/" dev="pidfs" ino=7907 res=1 errno=0
[   96.447794][ T7610] IPv6: Can't replace route, no match found
[   96.773933][ T7627] vcan0 speed is unknown, defaulting to 1000
[   96.825377][ T7631] vcan0 speed is unknown, defaulting to 1000
[   96.887492][ T7636] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.308'.
[   96.891245][ T7627] netlink: 'syz.0.307': attribute type 4 has an invalid length.
[   96.893225][ T7627] netlink: 'syz.0.307': attribute type 1 has an invalid length.
[   96.896106][ T7636] pimreg: entered allmulticast mode
[   96.896720][ T7627] netlink: 88156 bytes leftover after parsing attributes in process `syz.0.307'.
[   96.901242][ T7636] netlink: 88 bytes leftover after parsing attributes in process `syz.1.308'.
[   96.904589][ T7627] nbd: must specify a device to reconfigure
[   96.947953][   T39] audit: type=1400 audit(1729584100.502:20): apparmor="DENIED" operation="change_profile" class="file" info="label not found" error=-2 profile="unconfined" name="dvmrp1" pid=7642 comm="syz.1.309"
[   97.302144][ T7655] netlink: 'syz.2.311': attribute type 5 has an invalid length.
[   98.653260][ T7703] binder: 7698:7703 ioctl c0306201 20000580 returned -14
[   98.715401][ T5345] Bluetooth: hci2: unexpected event 0x31 length: 23 > 6
[   99.104771][ T5994] usb 7-1: new high-speed USB device number 8 using dummy_hcd
[   99.173592][ T7716] tipc: Started in network mode
[   99.175351][ T7716] tipc: Node identity 00000000000000000000000000000001, cluster identity 4711
[   99.179740][ T7716] tipc: New replicast peer: fe80:0000:0000:0000:0000:0000:0000:00bb
[   99.182875][ T7716] tipc: Enabled bearer <udp:syz1>, priority 10
[   99.287085][ T5994] usb 7-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[   99.289478][ T5994] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[   99.292231][ T5994] usb 7-1: config 1 has 0 interfaces, different from the descriptor's value: 66
[   99.299099][ T5994] usb 7-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[   99.301660][ T5994] usb 7-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[   99.303855][ T5994] usb 7-1: Product: syz
[   99.305430][ T5994] usb 7-1: Manufacturer: syz
[   99.539661][ T7712] 9pnet_fd: Insufficient options for proto=fd
[   99.625655][ T7712] rdma_rxe: rxe_newlink: failed to add vcan0
[   99.633320][ T5994] usb 7-1: USB disconnect, device number 8
[   99.895383][ T5345] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0
[   99.898213][ T5345] Bluetooth: hci1: Injecting HCI hardware error event
[   99.901417][ T5345] Bluetooth: hci1: hardware error 0x00
[  100.183574][ T5994] tipc: Node number set to 1
[  100.596736][ T7755] binder: 7754:7755 ioctl c0306201 20000580 returned -14
[  100.604755][ T5356] Bluetooth: hci2: command tx timeout
[  100.962463][ T7777] fuse: Bad value for 'user_id'
[  100.963775][ T7777] fuse: Bad value for 'user_id'
[  101.005830][ T7781] FAULT_INJECTION: forcing a failure.
[  101.005830][ T7781] name failslab, interval 1, probability 0, space 0, times 0
[  101.009760][ T7781] CPU: 1 UID: 0 PID: 7781 Comm: syz.1.339 Not tainted 6.12.0-rc4-syzkaller-00047-gc2ee9f594da8 #0
[  101.012532][ T7781] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  101.015496][ T7781] Call Trace:
[  101.016405][ T7781]  <TASK>
[  101.017220][ T7781]  dump_stack_lvl+0x16c/0x1f0
[  101.018505][ T7781]  should_fail_ex+0x497/0x5b0
[  101.019816][ T7781]  ? fs_reclaim_acquire+0xae/0x150
[  101.021218][ T7781]  should_failslab+0xc2/0x120
[  101.022511][ T7781]  __kmalloc_noprof+0xcb/0x410
[  101.023813][ T7781]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  101.025567][ T7781]  tomoyo_realpath_from_path+0xbf/0x710
[  101.027613][ T7781]  ? tomoyo_path_number_perm+0x232/0x5b0
[  101.029723][ T7781]  tomoyo_path_number_perm+0x245/0x5b0
[  101.031195][ T7781]  ? tomoyo_path_number_perm+0x232/0x5b0
[  101.032710][ T7781]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  101.034373][ T7781]  ? trace_lock_acquire+0x14a/0x1d0
[  101.035832][ T7781]  ? lock_acquire+0x2f/0xb0
[  101.037093][ T7781]  ? __fget_files+0x40/0x3f0
[  101.038332][ T7781]  ? __fget_files+0x244/0x3f0
[  101.039612][ T7781]  security_file_ioctl_compat+0x9b/0x240
[  101.041178][ T7781]  __do_compat_sys_ioctl+0x52/0x2b0
[  101.042576][ T7781]  __do_fast_syscall_32+0x73/0x120
[  101.043973][ T7781]  do_fast_syscall_32+0x32/0x80
[  101.045342][ T7781]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  101.047431][ T7781] RIP: 0023:0xf746e579
[  101.049014][ T7781] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  101.055372][ T7781] RSP: 002b:00000000f575656c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  101.057679][ T7781] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000c048aeca
[  101.059812][ T7781] RDX: 0000000020000580 RSI: 0000000000000000 RDI: 0000000000000000
[  101.062147][ T7781] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  101.064661][ T7781] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  101.066769][ T7781] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  101.069168][ T7781]  </TASK>
[  101.081947][ T7781] ERROR: Out of memory at tomoyo_realpath_from_path.
[  101.236437][ T7799] FAULT_INJECTION: forcing a failure.
[  101.236437][ T7799] name failslab, interval 1, probability 0, space 0, times 0
[  101.241056][ T7799] CPU: 3 UID: 0 PID: 7799 Comm: syz.1.342 Not tainted 6.12.0-rc4-syzkaller-00047-gc2ee9f594da8 #0
[  101.244706][ T7799] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  101.247655][ T7799] Call Trace:
[  101.248557][ T7799]  <TASK>
[  101.249302][ T7799]  dump_stack_lvl+0x16c/0x1f0
[  101.250454][ T7799]  should_fail_ex+0x497/0x5b0
[  101.251688][ T7799]  ? fs_reclaim_acquire+0xae/0x150
[  101.253027][ T7799]  should_failslab+0xc2/0x120
[  101.254326][ T7799]  kmem_cache_alloc_node_noprof+0x71/0x310
[  101.256695][ T7799]  ? __alloc_skb+0x2b3/0x380
[  101.258429][ T7799]  __alloc_skb+0x2b3/0x380
[  101.260113][ T7799]  ? __pfx___alloc_skb+0x10/0x10
[  101.261920][ T7799]  ? __pfx___lock_acquire+0x10/0x10
[  101.263773][ T7799]  ? hlock_class+0x4e/0x130
[  101.265445][ T7799]  ? __lock_acquire+0x163e/0x3ce0
[  101.267309][ T7799]  __ip6_append_data.isra.0+0x2a9e/0x4540
[  101.269415][ T7799]  ? __pfx_raw6_getfrag+0x10/0x10
[  101.270979][ T7799]  ? __pfx___ip6_append_data.isra.0+0x10/0x10
[  101.272772][ T7799]  ? ip6_mtu+0x231/0x4a0
[  101.274338][ T7799]  ? ip6_setup_cork+0xc1b/0x1360
[  101.276179][ T7799]  ip6_append_data+0x1e6/0x500
[  101.277971][ T7799]  ? __pfx_raw6_getfrag+0x10/0x10
[  101.279833][ T7799]  rawv6_sendmsg+0x1578/0x43e0
[  101.281587][ T7799]  ? __pfx_rawv6_sendmsg+0x10/0x10
[  101.283460][ T7799]  ? hlock_class+0x4e/0x130
[  101.284793][ T7799]  ? __lock_acquire+0x163e/0x3ce0
[  101.286345][ T7799]  ? __pfx___might_resched+0x10/0x10
[  101.287715][ T7799]  ? __pfx_aa_sk_perm+0x10/0x10
[  101.289492][ T7799]  ? __import_iovec+0x1fd/0x6e0
[  101.291273][ T7799]  ? __pfx_rawv6_sendmsg+0x10/0x10
[  101.293071][ T7799]  ? inet_sendmsg+0x119/0x140
[  101.294298][ T7799]  inet_sendmsg+0x119/0x140
[  101.295840][ T7799]  ____sys_sendmsg+0x907/0xb40
[  101.297455][ T7799]  ? __pfx_____sys_sendmsg+0x10/0x10
[  101.298806][ T7799]  ? get_compat_msghdr+0x11b/0x170
[  101.300128][ T7799]  ? __pfx___lock_acquire+0x10/0x10
[  101.301840][ T7799]  ___sys_sendmsg+0x135/0x1e0
[  101.303540][ T7799]  ? __pfx____sys_sendmsg+0x10/0x10
[  101.305288][ T7799]  ? lock_acquire+0x2f/0xb0
[  101.306701][ T7799]  ? __fget_files+0x40/0x3f0
[  101.308260][ T7799]  ? __pfx___might_resched+0x10/0x10
[  101.310219][ T7799]  ? fdget+0x176/0x210
[  101.311733][ T7799]  __sys_sendmmsg+0x2a5/0x450
[  101.313478][ T7799]  ? __pfx___sys_sendmmsg+0x10/0x10
[  101.315378][ T7799]  ? vfs_write+0x14d/0x1140
[  101.317066][ T7799]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  101.318720][ T7799]  ? fput+0x30/0x390
[  101.320065][ T7799]  ? ksys_write+0x1ad/0x260
[  101.321742][ T7799]  ? __pfx_ksys_write+0x10/0x10
[  101.323544][ T7799]  __ia32_compat_sys_sendmmsg+0x9d/0x100
[  101.325319][ T7799]  ? syscall_enter_from_user_mode_prepare+0x68/0xe0
[  101.327014][ T7799]  __do_fast_syscall_32+0x73/0x120
[  101.328381][ T7799]  do_fast_syscall_32+0x32/0x80
[  101.330064][ T7799]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  101.332350][ T7799] RIP: 0023:0xf746e579
[  101.333858][ T7799] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  101.340802][ T7799] RSP: 002b:00000000f575656c EFLAGS: 00000296 ORIG_RAX: 0000000000000159
[  101.343207][ T7799] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000480
[  101.345799][ T7799] RDX: 00000000000002e9 RSI: 0000000000000000 RDI: 0000000000000000
[  101.348713][ T7799] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  101.351210][ T7799] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  101.353295][ T7799] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  101.355424][ T7799]  </TASK>
[  101.539319][ T7809] can0: slcan on ttyS3.
[  101.654860][ T7812] binder: 7802:7812 ioctl c0306201 20000580 returned -14
[  101.964828][ T5345] Bluetooth: hci1: Opcode 0x0c03 failed: -110
[  102.364826][ T7804] can0 (unregistered): slcan off ttyS3.
[  102.466301][ T7826] netlink: 'syz.3.346': attribute type 60 has an invalid length.
[  102.629540][ T7840] FAULT_INJECTION: forcing a failure.
[  102.629540][ T7840] name failslab, interval 1, probability 0, space 0, times 0
[  102.634203][ T7840] CPU: 1 UID: 0 PID: 7840 Comm: syz.1.348 Not tainted 6.12.0-rc4-syzkaller-00047-gc2ee9f594da8 #0
[  102.637754][ T7840] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  102.641309][ T7840] Call Trace:
[  102.642445][ T7840]  <TASK>
[  102.643446][ T7840]  dump_stack_lvl+0x16c/0x1f0
[  102.645064][ T7840]  should_fail_ex+0x497/0x5b0
[  102.646662][ T7840]  ? fs_reclaim_acquire+0xae/0x150
[  102.648407][ T7840]  should_failslab+0xc2/0x120
[  102.650068][ T7840]  __kmalloc_noprof+0xcb/0x410
[  102.651815][ T7840]  ? snd_ctl_new+0x13c/0x1a0
[  102.653407][ T7840]  snd_ctl_elem_add+0x521/0x1360
[  102.655097][ T7840]  ? lock_acquire+0x2f/0xb0
[  102.656657][ T7840]  ? __might_fault+0xe3/0x190
[  102.658274][ T7840]  ? __pfx_snd_ctl_elem_add+0x10/0x10
[  102.660108][ T7840]  snd_ctl_elem_add_compat+0x299/0x3f0
[  102.661975][ T7840]  snd_ctl_ioctl_compat+0x13b/0x990
[  102.663775][ T7840]  ? __pfx_snd_ctl_ioctl_compat+0x10/0x10
[  102.665988][ T7840]  ? __fget_files+0x244/0x3f0
[  102.667503][ T7840]  ? __pfx_snd_ctl_ioctl_compat+0x10/0x10
[  102.669132][ T7840]  __do_compat_sys_ioctl+0x259/0x2b0
[  102.670531][ T7840]  __do_fast_syscall_32+0x73/0x120
[  102.671888][ T7840]  do_fast_syscall_32+0x32/0x80
[  102.673510][ T7840]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  102.675643][ T7840] RIP: 0023:0xf746e579
[  102.676978][ T7840] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  102.683431][ T7840] RSP: 002b:00000000f575656c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  102.686246][ T7840] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c1105517
[  102.688963][ T7840] RDX: 0000000020001340 RSI: 0000000000000000 RDI: 0000000000000000
[  102.691667][ T7840] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  102.694379][ T7840] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  102.697076][ T7840] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  102.699718][ T7840]  </TASK>
[  102.769440][ T5411] usb 8-1: new high-speed USB device number 4 using dummy_hcd
[  103.064008][ T7854] vcan0 speed is unknown, defaulting to 1000
[  103.126220][ T5411] usb 8-1: too many configurations: 9, using maximum allowed: 8
[  103.225601][ T5411] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9
[  103.228842][ T5411] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  103.232635][ T5411] usb 8-1: config 0 interface 0 has no altsetting 0
[  103.256951][ T5411] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9
[  103.260190][ T5411] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  103.263828][ T5411] usb 8-1: config 0 interface 0 has no altsetting 0
[  103.267060][ T5411] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9
[  103.270144][ T5411] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  103.273968][ T5411] usb 8-1: config 0 interface 0 has no altsetting 0
[  103.304757][ T5411] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9
[  103.307864][ T5411] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  103.311597][ T5411] usb 8-1: config 0 interface 0 has no altsetting 0
[  103.315206][ T5411] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9
[  103.318213][ T5411] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  103.321860][ T5411] usb 8-1: config 0 interface 0 has no altsetting 0
[  103.327332][ T5411] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9
[  103.330260][ T5411] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  103.333955][ T5411] usb 8-1: config 0 interface 0 has no altsetting 0
[  103.338596][ T5411] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9
[  103.341988][ T5411] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  103.345726][ T5411] usb 8-1: config 0 interface 0 has no altsetting 0
[  103.349190][ T5411] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9
[  103.352234][ T5411] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  103.356015][ T5411] usb 8-1: config 0 interface 0 has no altsetting 0
[  103.359682][ T5411] usb 8-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e
[  103.361944][ T5411] usb 8-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168
[  103.364039][ T5411] usb 8-1: Product: syz
[  103.365219][ T5411] usb 8-1: Manufacturer: syz
[  103.366435][ T5411] usb 8-1: SerialNumber: syz
[  103.368484][ T5411] usb 8-1: config 0 descriptor??
[  103.373294][ T5411] yurex 8-1:0.0: USB YUREX device now attached to Yurex #0
[  103.581706][ T5994] usb 8-1: USB disconnect, device number 4
[  103.585485][ T5994] yurex 8-1:0.0: USB YUREX #0 now disconnected
[  103.691086][ T7875] 9pnet_fd: Insufficient options for proto=fd
[  104.163948][ T7897] vivid-007: disconnect
[  104.287310][ T7901] vivid-007: reconnect
[  104.890778][ T7926] binder: 7925:7926 ioctl c0306201 20000580 returned -14
[  105.064810][ T5411] usb 8-1: new high-speed USB device number 5 using dummy_hcd
[  105.208431][ T7936] FAULT_INJECTION: forcing a failure.
[  105.208431][ T7936] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  105.213667][ T7936] CPU: 2 UID: 0 PID: 7936 Comm: syz.2.379 Not tainted 6.12.0-rc4-syzkaller-00047-gc2ee9f594da8 #0
[  105.217462][ T7936] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  105.221187][ T7936] Call Trace:
[  105.222347][ T7936]  <TASK>
[  105.223300][ T7936]  dump_stack_lvl+0x16c/0x1f0
[  105.224691][ T7936]  should_fail_ex+0x497/0x5b0
[  105.226337][ T7936]  _copy_to_user+0x30/0xc0
[  105.227843][ T7936]  simple_read_from_buffer+0xd0/0x160
[  105.229725][ T7936]  proc_fail_nth_read+0x198/0x270
[  105.231476][ T7936]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  105.233446][ T7936]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  105.235210][ T7936]  vfs_read+0x1ce/0xbd0
[  105.236526][ T7936]  ? __fget_files+0x23a/0x3f0
[  105.237913][ T7936]  ? fdget_pos+0x24c/0x360
[  105.239525][ T7936]  ? __pfx_lock_release+0x10/0x10
[  105.241280][ T7936]  ? trace_lock_acquire+0x14a/0x1d0
[  105.243041][ T7936]  ? __pfx_vfs_read+0x10/0x10
[  105.244674][ T7936]  ? __pfx___mutex_lock+0x10/0x10
[  105.246359][ T7936]  ? __fget_files+0x244/0x3f0
[  105.247992][ T7936]  ksys_read+0x12f/0x260
[  105.249296][ T7936]  ? __pfx_ksys_read+0x10/0x10
[  105.250972][ T7936]  __do_fast_syscall_32+0x73/0x120
[  105.252689][ T7936]  do_fast_syscall_32+0x32/0x80
[  105.254363][ T7936]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  105.256541][ T7936] RIP: 0023:0xf747e579
[  105.257856][ T7936] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  105.263710][ T7936] RSP: 002b:00000000f57665a0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  105.266526][ T7936] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f5766620
[  105.269072][ T7936] RDX: 000000000000000f RSI: 00000000f746bff4 RDI: 0000000000000000
[  105.271828][ T7936] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000
[  105.274454][ T7936] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  105.277490][ T7936] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  105.280106][ T7936]  </TASK>
[  105.282751][ T5411] usb 8-1: Using ep0 maxpacket: 8
[  105.287491][ T5411] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  105.290692][ T5411] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  105.296712][ T5411] usb 8-1: New USB device found, idVendor=6666, idProduct=8804, bcdDevice= 0.00
[  105.299627][ T5411] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  105.302940][ T5411] usb 8-1: config 0 descriptor??
[  105.307644][ T5411] usbhid 8-1:0.0: can't add hid device: -22
[  105.309573][ T7938] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(3)
[  105.309979][ T5411] usbhid 8-1:0.0: probe with driver usbhid failed with error -22
[  105.312535][ T7938] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  105.318541][ T7938] vhci_hcd vhci_hcd.0: Device attached
[  105.495564][ T5388] vhci_hcd: vhci_device speed not set
[  105.555651][ T5388] usb 17-1: new full-speed USB device number 2 using vhci_hcd
[  105.587243][   T35] usb 8-1: USB disconnect, device number 5
[  105.858730][ T7947] can0: slcan on ttyS3.
[  106.193323][ T7939] vhci_hcd: connection reset by peer
[  106.197184][ T1098] vhci_hcd: stop threads
[  106.199334][ T1098] vhci_hcd: release socket
[  106.200734][ T1098] vhci_hcd: disconnect device
[  106.901725][ T7962] (unnamed net_device) (uninitialized): Removing last ns target with arp_interval on
[  107.020546][ T7966] syzkaller1: entered promiscuous mode
[  107.022263][ T7966] syzkaller1: entered allmulticast mode
[  107.084927][ T7954] can0 (unregistered): slcan off ttyS3.
[  107.348259][ T7983] netlink: 188 bytes leftover after parsing attributes in process `syz.3.386'.
[  108.033109][ T7996] random: crng reseeded on system resumption
[  108.043774][ T7996] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(7)
[  108.045526][ T7996] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  108.050343][ T7996] vhci_hcd vhci_hcd.0: Device attached
[  108.224877][    T9] vhci_hcd: vhci_device speed not set
[  108.284758][    T9] usb 19-1: new full-speed USB device number 2 using vhci_hcd
[  108.390014][ T8003] binder: 8001:8003 ioctl c0306201 20000580 returned -14
[  108.888558][ T7997] vhci_hcd: connection reset by peer
[  108.893473][ T1019] vhci_hcd: stop threads
[  108.894730][ T1019] vhci_hcd: release socket
[  108.895951][ T1019] vhci_hcd: disconnect device
[  109.135729][ T8018] syzkaller1: entered promiscuous mode
[  109.137630][ T8018] syzkaller1: entered allmulticast mode
[  110.074612][ T8054] Process accounting resumed
[  110.290924][ T8063] netlink: 'syz.3.403': attribute type 2 has an invalid length.
[  110.293363][ T8063] netlink: 'syz.3.403': attribute type 11 has an invalid length.
[  110.296161][ T8063] netlink: 132 bytes leftover after parsing attributes in process `syz.3.403'.
[  110.674750][ T5388] vhci_hcd: vhci_device speed not set
[  111.217574][ T8122] warning: `syz.3.411' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  111.299720][ T8126] binder: 8125:8126 ioctl 4018620d 0 returned -22
[  111.327038][ T8128] ecryptfs_parse_options: You must supply at least one valid auth tok signature as a mount parameter; see the eCryptfs README
[  111.333275][ T8128] Error parsing options; rc = [-22]
[  111.425463][ T8133] FAULT_INJECTION: forcing a failure.
[  111.425463][ T8133] name failslab, interval 1, probability 0, space 0, times 0
[  111.429155][ T8133] CPU: 3 UID: 0 PID: 8133 Comm: syz.3.416 Not tainted 6.12.0-rc4-syzkaller-00047-gc2ee9f594da8 #0
[  111.432000][ T8133] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  111.435137][ T8133] Call Trace:
[  111.436428][ T8133]  <TASK>
[  111.437477][ T8133]  dump_stack_lvl+0x16c/0x1f0
[  111.439243][ T8133]  should_fail_ex+0x497/0x5b0
[  111.440691][ T8133]  should_failslab+0xc2/0x120
[  111.441882][ T8133]  __kmalloc_cache_noprof+0x6b/0x310
[  111.443207][ T8133]  ? sctp_add_bind_addr+0x9d/0x3e0
[  111.444487][ T8133]  sctp_add_bind_addr+0x9d/0x3e0
[  111.445761][ T8133]  sctp_copy_local_addr_list+0x39e/0x5a0
[  111.447307][ T8133]  ? __pfx_sctp_copy_local_addr_list+0x10/0x10
[  111.448891][ T8133]  ? sctp_auth_asoc_copy_shkeys+0x2a7/0x360
[  111.450691][ T8133]  ? sctp_bind_addr_copy+0xe0/0x530
[  111.452547][ T8133]  sctp_bind_addr_copy+0xe0/0x530
[  111.454322][ T8133]  sctp_connect_new_asoc+0x1d8/0x790
[  111.456130][ T8133]  ? __pfx_sctp_connect_new_asoc+0x10/0x10
[  111.458266][ T8133]  ? mark_held_locks+0x9f/0xe0
[  111.459892][ T8133]  ? sctp_sendmsg+0x112f/0x1f10
[  111.461241][ T8133]  ? bpf_lsm_sctp_bind_connect+0x9/0x10
[  111.462612][ T8133]  sctp_sendmsg+0x162a/0x1f10
[  111.463797][ T8133]  ? __pfx___lock_acquire+0x10/0x10
[  111.465107][ T8133]  ? __pfx_sctp_sendmsg+0x10/0x10
[  111.466507][ T8133]  ? lock_acquire+0x2f/0xb0
[  111.468046][ T8133]  ? __pfx_aa_sk_perm+0x10/0x10
[  111.469917][ T8133]  ? __pfx_sctp_sendmsg+0x10/0x10
[  111.471293][ T8133]  inet_sendmsg+0x119/0x140
[  111.472719][ T8133]  __sys_sendto+0x426/0x4d0
[  111.474296][ T8133]  ? __pfx___sys_sendto+0x10/0x10
[  111.476281][ T8133]  ? ksys_write+0x1ad/0x260
[  111.477900][ T8133]  ? __pfx_ksys_write+0x10/0x10
[  111.479578][ T8133]  __ia32_sys_sendto+0xdd/0x1b0
[  111.481315][ T8133]  ? lockdep_hardirqs_on+0x7c/0x110
[  111.483235][ T8133]  ? syscall_enter_from_user_mode_prepare+0x68/0xe0
[  111.485682][ T8133]  __do_fast_syscall_32+0x73/0x120
[  111.487152][ T8133]  do_fast_syscall_32+0x32/0x80
[  111.488429][ T8133]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  111.490226][ T8133] RIP: 0023:0xf745e579
[  111.491655][ T8133] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  111.497571][ T8133] RSP: 002b:00000000f574656c EFLAGS: 00000296 ORIG_RAX: 0000000000000171
[  111.500056][ T8133] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000020000300
[  111.502153][ T8133] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000000020000040
[  111.504171][ T8133] RBP: 0000000000000010 R08: 0000000000000000 R09: 0000000000000000
[  111.506244][ T8133] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  111.508299][ T8133] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  111.510445][ T8133]  </TASK>
[  111.511337][    C3] vkms_vblank_simulate: vblank timer overrun
[  111.520430][ T8132] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  111.985709][ T8147] can0: slcan on ttyS3.
[  112.113975][ T8155] netlink: 24 bytes leftover after parsing attributes in process `syz.3.424'.
[  112.224538][ T5388] libceph: connect (1)[c::]:6789 error -101
[  112.227041][ T5388] libceph: mon0 (1)[c::]:6789 connect error
[  112.230881][ T5388] libceph: connect (1)[c::]:6789 error -101
[  112.232585][ T5388] libceph: mon0 (1)[c::]:6789 connect error
[  112.378247][ T8170] can0 (unregistered): slcan off ttyS3.
[  112.412244][ T8159] ceph: No mds server is up or the cluster is laggy
[  113.029626][ T8232] netlink: 68 bytes leftover after parsing attributes in process `syz.0.436'.
[  113.036032][ T8234] netlink: 68 bytes leftover after parsing attributes in process `syz.0.436'.
[  113.084838][ T8230] capability: warning: `syz.3.435' uses 32-bit capabilities (legacy support in use)
[  113.239981][ T8256] netlink: 20 bytes leftover after parsing attributes in process `syz.1.440'.
[  113.242773][ T8256] netlink: 24 bytes leftover after parsing attributes in process `syz.1.440'.
[  113.341839][ T8270] netlink: 4 bytes leftover after parsing attributes in process `syz.3.444'.
[  113.394838][    T9] vhci_hcd: vhci_device speed not set
[  113.446090][ T8282] netlink: 16 bytes leftover after parsing attributes in process `syz.1.445'.
[  113.558653][ T8293] IPVS: set_ctl: invalid protocol: 1 255.255.255.255:0
[  114.198287][ T8313] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  114.202513][ T8313] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98
[  114.419215][   T39] audit: type=1326 audit(1729584117.972:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8321 comm="syz.1.451" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf746e579 code=0x0
[  114.480402][ T8328] netlink: 8 bytes leftover after parsing attributes in process `syz.1.451'.
[  114.532407][ T8331] binder: 8319:8331 ioctl c0306201 20000580 returned -14
[  114.564508][ T8332] netlink: 8 bytes leftover after parsing attributes in process `syz.3.453'.
[  114.567087][ T8332] netlink: 36 bytes leftover after parsing attributes in process `syz.3.453'.
[  114.571846][ T8332] vlan2: entered allmulticast mode
[  115.412287][ T8342] delete_channel: no stack
[  115.436806][ T8342] vcan0 speed is unknown, defaulting to 1000
[  116.153592][ T8348] binder: BINDER_SET_CONTEXT_MGR already set
[  116.155375][ T8348] binder: 8347:8348 ioctl 4018620d 20004a80 returned -16
[  116.235945][ T8338] delete_channel: no stack
[  116.486170][ T8357] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(5)
[  116.487958][ T8357] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  116.490377][ T8357] vhci_hcd vhci_hcd.0: Device attached
[  116.690033][    T9] vhci_hcd: vhci_device speed not set
[  116.745145][    T9] usb 15-1: new full-speed USB device number 3 using vhci_hcd
[  117.130474][ T5356] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  117.133531][ T5356] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  117.139053][ T5356] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  117.143665][ T5356] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  117.147865][ T5356] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  117.151022][ T5356] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  117.173020][ T8364] vcan0 speed is unknown, defaulting to 1000
[  117.268404][ T8358] vhci_hcd: connection reset by peer
[  117.271559][ T1101] vhci_hcd: stop threads
[  117.273712][ T1101] vhci_hcd: release socket
[  117.275158][ T1101] vhci_hcd: disconnect device
[  117.302355][ T8364] chnl_net:caif_netlink_parms(): no params data found
[  117.323584][ T1098] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  117.359360][ T8364] bridge0: port 1(bridge_slave_0) entered blocking state
[  117.361287][ T8364] bridge0: port 1(bridge_slave_0) entered disabled state
[  117.363214][ T8364] bridge_slave_0: entered allmulticast mode
[  117.365316][ T8364] bridge_slave_0: entered promiscuous mode
[  117.367879][ T8364] bridge0: port 2(bridge_slave_1) entered blocking state
[  117.370174][ T8364] bridge0: port 2(bridge_slave_1) entered disabled state
[  117.372038][ T8364] bridge_slave_1: entered allmulticast mode
[  117.374082][ T8364] bridge_slave_1: entered promiscuous mode
[  117.393101][ T8364] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  117.398202][ T8364] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  117.411442][ T1098] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  117.432264][ T8364] team0: Port device team_slave_0 added
[  117.435661][ T8364] team0: Port device team_slave_1 added
[  117.454365][ T8364] batman_adv: batadv0: Adding interface: batadv_slave_0
[  117.456330][ T8364] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  117.462873][ T8364] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  117.466550][ T8364] batman_adv: batadv0: Adding interface: batadv_slave_1
[  117.468346][ T8364] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  117.475102][ T8364] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  117.500273][ T8364] hsr_slave_0: entered promiscuous mode
[  117.502256][ T8364] hsr_slave_1: entered promiscuous mode
[  117.503988][ T8364] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  117.506930][ T8364] Cannot create hsr debugfs directory
[  117.516549][ T1098] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  117.616982][ T1098] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  117.708806][ T1098] bridge_slave_1: left allmulticast mode
[  117.711185][ T1098] bridge_slave_1: left promiscuous mode
[  117.715008][ T1098] bridge0: port 2(bridge_slave_1) entered disabled state
[  117.721407][ T1098] bridge_slave_0: left allmulticast mode
[  117.722990][ T1098] bridge_slave_0: left promiscuous mode
[  117.724481][ T1098] bridge0: port 1(bridge_slave_0) entered disabled state
[  117.785920][ T1098] batman_adv: batadv0: Removing interface: ip6gretap1
[  118.068964][ T8389] process 'syz.0.468' launched './file1' with NULL argv: empty string added
[  118.072209][ T8389] ERROR: Out of memory at tomoyo_memory_ok.
[  118.076111][ T8389] ERROR: Domain '<kernel> /sbin/init /etc/init.d/rcS /etc/init.d/S50sshd /usr/sbin/sshd /usr/sbin/sshd /bin/sh /syz-executor /syz-executor /newroot/121/file1' not defined.
[  118.102146][ T1098] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  118.106946][ T1098] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  118.111353][ T1098] bond0 (unregistering): Released all slaves
[  118.119092][ T1098] bond1 (unregistering): Released all slaves
[  118.185950][ T8394] binder: BINDER_SET_CONTEXT_MGR already set
[  118.187526][ T8394] binder: 8393:8394 ioctl 4018620d 20004a80 returned -16
[  118.304484][ T8406] can0: slcan on ttyS3.
[  118.619588][ T1098] hsr_slave_0: left promiscuous mode
[  118.622501][ T1098] hsr_slave_1: left promiscuous mode
[  118.628813][ T1098] batman_adv: batadv0: Removing interface: batadv_slave_0
[  118.632225][ T1098] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  118.637972][ T1098] batman_adv: batadv0: Removing interface: batadv_slave_1
[  118.669182][ T1098] veth1_macvtap: left promiscuous mode
[  118.672197][ T1098] veth0_macvtap: left promiscuous mode
[  118.674238][ T1098] veth1_vlan: left promiscuous mode
[  118.676905][ T1098] veth0_vlan: left promiscuous mode
[  119.176318][ T5345] Bluetooth: hci3: command tx timeout
[  119.373582][ T1098] team0 (unregistering): Port device team_slave_1 removed
[  119.454518][ T1098] team0 (unregistering): Port device team_slave_0 removed
[  119.953329][ T8364] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  119.957552][ T8364] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  119.962321][ T8364] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  119.965330][ T8364] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  120.021154][ T8364] 8021q: adding VLAN 0 to HW filter on device bond0
[  120.029190][ T8364] 8021q: adding VLAN 0 to HW filter on device team0
[  120.034545][  T204] bridge0: port 1(bridge_slave_0) entered blocking state
[  120.035355][ T8400] can0 (unregistered): slcan off ttyS3.
[  120.036465][  T204] bridge0: port 1(bridge_slave_0) entered forwarding state
[  120.058864][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  120.061087][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  120.139141][   T39] audit: type=1804 audit(1729584123.692:22): pid=8425 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.474" name="/newroot/138/file1" dev="fuse" ino=1 res=1 errno=0
[  120.147383][   T39] audit: type=1800 audit(1729584123.692:23): pid=8425 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.474" name="/" dev="fuse" ino=1 res=0 errno=0
[  120.155480][   T39] audit: type=1804 audit(1729584123.692:24): pid=8425 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.474" name="/newroot/138/file1" dev="fuse" ino=1 res=1 errno=0
[  120.162581][   T39] audit: type=1804 audit(1729584123.692:25): pid=8425 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.474" name="/newroot/138/file1" dev="fuse" ino=1 res=1 errno=0
[  120.170311][   T39] audit: type=1800 audit(1729584123.692:26): pid=8425 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.474" name="/" dev="fuse" ino=1 res=0 errno=0
[  120.196775][ T8364] 8021q: adding VLAN 0 to HW filter on device batadv0
[  120.232545][ T8364] veth0_vlan: entered promiscuous mode
[  120.243795][ T8364] veth1_vlan: entered promiscuous mode
[  120.256981][ T8364] veth0_macvtap: entered promiscuous mode
[  120.264545][ T8364] veth1_macvtap: entered promiscuous mode
[  120.272172][ T8364] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  120.275117][ T8364] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  120.277809][ T8364] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  120.280796][ T8364] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  120.285177][ T8364] batman_adv: batadv0: Interface activated: batadv_slave_0
[  120.288612][ T8364] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  120.291327][ T8364] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  120.293868][ T8364] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  120.297775][ T8364] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  120.300317][ T8364] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  120.303017][ T8364] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  120.307620][ T8364] batman_adv: batadv0: Interface activated: batadv_slave_1
[  120.324876][ T8364] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  120.327329][ T8364] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  120.330847][ T8364] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  120.333932][ T8364] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  120.377267][   T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  120.380094][   T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  120.400103][  T204] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  120.402298][  T204] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  120.484886][ T5386] usb 6-1: new full-speed USB device number 10 using dummy_hcd
[  120.615204][ T5386] usb 6-1: device descriptor read/64, error -71
[  120.855520][ T5386] usb 6-1: new full-speed USB device number 11 using dummy_hcd
[  120.994873][ T5386] usb 6-1: device descriptor read/64, error -71
[  121.010731][ T8453] binder: BINDER_SET_CONTEXT_MGR already set
[  121.012355][ T8453] binder: 8452:8453 ioctl 4018620d 20004a80 returned -16
[  121.105015][ T5386] usb usb6-port1: attempt power cycle
[  121.244871][ T5345] Bluetooth: hci3: command tx timeout
[  121.444977][ T5386] usb 6-1: new full-speed USB device number 12 using dummy_hcd
[  121.465609][ T5386] usb 6-1: device descriptor read/8, error -71
[  121.704813][ T5386] usb 6-1: new full-speed USB device number 13 using dummy_hcd
[  121.725404][ T5386] usb 6-1: device descriptor read/8, error -71
[  121.842459][ T5386] usb usb6-port1: unable to enumerate USB device
[  121.875164][    T9] vhci_hcd: vhci_device speed not set
[  122.001329][ T8456] autofs: Bad value for 'fd'
[  122.094769][ T8462] FAULT_INJECTION: forcing a failure.
[  122.094769][ T8462] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  122.098526][ T8462] CPU: 0 UID: 0 PID: 8462 Comm: syz.0.482 Not tainted 6.12.0-rc4-syzkaller-00047-gc2ee9f594da8 #0
[  122.102037][ T8462] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  122.105901][ T8462] Call Trace:
[  122.107152][ T8462]  <TASK>
[  122.108264][ T8462]  dump_stack_lvl+0x16c/0x1f0
[  122.110038][ T8462]  should_fail_ex+0x497/0x5b0
[  122.111809][ T8462]  _copy_from_user+0x30/0xf0
[  122.113552][ T8462]  get_compat_msghdr+0xa8/0x170
[  122.115360][ T8462]  ? __pfx_get_compat_msghdr+0x10/0x10
[  122.117396][ T8462]  ? find_held_lock+0x2d/0x110
[  122.119192][ T8462]  ___sys_recvmsg+0x193/0x1a0
[  122.120911][ T8462]  ? __pfx____sys_recvmsg+0x10/0x10
[  122.122801][ T8462]  ? lock_acquire+0x2f/0xb0
[  122.124501][ T8462]  ? __fget_files+0x40/0x3f0
[  122.126241][ T8462]  ? __pfx___might_resched+0x10/0x10
[  122.128176][ T8462]  ? fdget+0x176/0x210
[  122.129733][ T8462]  do_recvmmsg+0x51a/0x750
[  122.130943][ T8462]  ? __pfx_do_recvmmsg+0x10/0x10
[  122.132355][ T8462]  ? __pfx_lock_release+0x10/0x10
[  122.133716][ T8462]  ? vfs_write+0x14d/0x1140
[  122.134939][ T8462]  ? __fget_files+0x244/0x3f0
[  122.136303][ T8462]  __sys_recvmmsg+0x21e/0x280
[  122.137654][ T8462]  ? __pfx___sys_recvmmsg+0x10/0x10
[  122.139036][ T8462]  ? __pfx_ksys_write+0x10/0x10
[  122.140603][ T8462]  __ia32_compat_sys_recvmmsg_time32+0xc4/0x160
[  122.142918][ T8462]  ? lockdep_hardirqs_on+0x7c/0x110
[  122.144869][ T8462]  ? syscall_enter_from_user_mode_prepare+0x68/0xe0
[  122.147301][ T8462]  __do_fast_syscall_32+0x73/0x120
[  122.149335][ T8462]  do_fast_syscall_32+0x32/0x80
[  122.151163][ T8462]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  122.153508][ T8462] RIP: 0023:0xf746e579
[  122.155028][ T8462] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  122.161328][ T8462] RSP: 002b:00000000f575656c EFLAGS: 00000296 ORIG_RAX: 0000000000000151
[  122.163471][ T8462] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000200061c0
[  122.165657][ T8462] RDX: 00000000ffffff1f RSI: 0000000000000102 RDI: 0000000000000000
[  122.167688][ T8462] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  122.169811][ T8462] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  122.172494][ T8462] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  122.175387][ T8462]  </TASK>
[  123.326521][ T5345] Bluetooth: hci3: command tx timeout
[  123.349887][ T8478] netlink: 4 bytes leftover after parsing attributes in process `syz.1.487'.
[  123.362088][ T8478] (unnamed net_device) (uninitialized): option lacp_rate: invalid value (255)
[  123.624788][   T35] usb 6-1: new high-speed USB device number 14 using dummy_hcd
[  123.779547][   T35] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  123.782709][   T35] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  123.786586][   T35] usb 6-1: config 1 has 0 interfaces, different from the descriptor's value: 66
[  123.791296][   T35] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  123.794578][   T35] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  123.798044][   T35] usb 6-1: Product: syz
[  123.799588][   T35] usb 6-1: Manufacturer: syz
[  124.030697][ T8480] 9pnet: Could not find request transport: fd0x00000000000000050xffffffffffffffff
[  124.089668][ T8488] rdma_rxe: rxe_newlink: failed to add vcan0
[  124.099468][   T35] usb 6-1: USB disconnect, device number 14
[  124.843139][ T8505] binder: 8492:8505 ioctl c0306201 20000580 returned -14
[  124.949002][ T8507] netdevsim netdevsim0 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[  124.951418][ T8507] netdevsim netdevsim0 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[  124.953530][ T8507] netdevsim netdevsim0 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[  124.955836][ T8507] netdevsim netdevsim0 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[  124.958191][ T8507] vxlan0: entered promiscuous mode
[  124.959541][ T8507] vxlan0: entered allmulticast mode
[  124.962692][ T8507] netdevsim netdevsim0 eth0: unset [0, 0] type 1 family 0 port 8472 - 0
[  124.965078][ T8507] netdevsim netdevsim0 eth1: unset [0, 0] type 1 family 0 port 8472 - 0
[  124.967231][ T8507] netdevsim netdevsim0 eth2: unset [0, 0] type 1 family 0 port 8472 - 0
[  124.969427][ T8507] netdevsim netdevsim0 eth3: unset [0, 0] type 1 family 0 port 8472 - 0
[  125.405634][ T5345] Bluetooth: hci3: command tx timeout
[  125.659366][ T8518] netlink: 8 bytes leftover after parsing attributes in process `syz.0.497'.
[  125.662767][ T8518] vcan0 speed is unknown, defaulting to 1000
[  125.685116][ T8518] FAULT_INJECTION: forcing a failure.
[  125.685116][ T8518] name failslab, interval 1, probability 0, space 0, times 0
[  125.688878][ T8518] CPU: 0 UID: 0 PID: 8518 Comm: syz.0.497 Not tainted 6.12.0-rc4-syzkaller-00047-gc2ee9f594da8 #0
[  125.691574][ T8518] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  125.694896][ T8518] Call Trace:
[  125.695766][ T8518]  <TASK>
[  125.696542][ T8518]  dump_stack_lvl+0x116/0x1f0
[  125.697819][ T8518]  should_fail_ex+0x497/0x5b0
[  125.699072][ T8518]  should_failslab+0xc2/0x120
[  125.700399][ T8518]  kmem_cache_alloc_noprof+0x6e/0x2f0
[  125.701850][ T8518]  ? __sigqueue_alloc+0x244/0x6b0
[  125.703192][ T8518]  __sigqueue_alloc+0x244/0x6b0
[  125.704488][ T8518]  __send_signal_locked+0x74c/0x1090
[  125.705937][ T8518]  group_send_sig_info+0x2aa/0x300
[  125.707290][ T8518]  ? __pfx_group_send_sig_info+0x10/0x10
[  125.709053][ T8518]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  125.710563][ T8518]  ? rcu_is_watching+0x12/0xc0
[  125.711817][ T8518]  bpf_send_signal_common+0x2e8/0x3a0
[  125.713232][ T8518]  bpf_send_signal+0x19/0x30
[  125.714450][ T8518]  bpf_prog_7ba5217f62dcd359+0x41/0x45
[  125.715872][ T8518]  bpf_trace_run2+0x231/0x590
[  125.717103][ T8518]  ? __pfx_bpf_trace_run2+0x10/0x10
[  125.718571][ T8518]  ? __pfx_ksys_write+0x10/0x10
[  125.719863][ T8518]  syscall_trace_enter+0x1b2/0x240
[  125.721245][ T8518]  __do_fast_syscall_32+0xc2/0x120
[  125.722592][ T8518]  do_fast_syscall_32+0x32/0x80
[  125.723874][ T8518]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  125.725538][ T8518] RIP: 0023:0xf746e579
[  125.726613][ T8518] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  125.731615][ T8518] RSP: 002b:00000000f575656c EFLAGS: 00000296 ORIG_RAX: 00000000000000d9
[  125.733789][ T8518] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000000000
[  125.735860][ T8518] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  125.737914][ T8518] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  125.739914][ T8518] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  125.741979][ T8518] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  125.744028][ T8518]  </TASK>
[  125.785394][ T8518] bridge0: port 2(bridge_slave_1) entered disabled state
[  125.809095][ T8520] usb 2-1: USB disconnect, device number 2
[  125.925039][ T5356] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  125.929923][ T5356] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  125.932961][ T5356] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  125.936444][ T5356] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  125.938553][ T5356] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  125.940605][ T5356] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  125.964183][ T8516] vcan0 speed is unknown, defaulting to 1000
[  126.083034][ T8516] chnl_net:caif_netlink_parms(): no params data found
[  126.145174][ T8516] bridge0: port 1(bridge_slave_0) entered blocking state
[  126.147173][ T8516] bridge0: port 1(bridge_slave_0) entered disabled state
[  126.149237][ T8516] bridge_slave_0: entered allmulticast mode
[  126.152735][ T8516] bridge_slave_0: entered promiscuous mode
[  126.157617][ T8516] bridge0: port 2(bridge_slave_1) entered blocking state
[  126.160092][ T8516] bridge0: port 2(bridge_slave_1) entered disabled state
[  126.162140][ T8516] bridge_slave_1: entered allmulticast mode
[  126.164317][ T8516] bridge_slave_1: entered promiscuous mode
[  126.193864][ T8516] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  126.200628][ T8516] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  126.247255][ T8516] team0: Port device team_slave_0 added
[  126.252992][ T8516] team0: Port device team_slave_1 added
[  126.290716][ T8516] batman_adv: batadv0: Adding interface: batadv_slave_0
[  126.293306][ T8516] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  126.301887][ T8516] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  126.305523][ T8516] batman_adv: batadv0: Adding interface: batadv_slave_1
[  126.307345][ T8516] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  126.314030][ T8516] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  126.346532][ T8516] hsr_slave_0: entered promiscuous mode
[  126.349215][ T8516] hsr_slave_1: entered promiscuous mode
[  126.351988][ T8516] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  126.356353][ T8516] Cannot create hsr debugfs directory
[  126.462530][ T8516] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  126.559733][ T8516] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  126.628492][ T8516] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  126.715800][ T8516] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  126.774759][ T1281] usb 6-1: new high-speed USB device number 15 using dummy_hcd
[  126.936925][ T1281] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  126.940100][ T1281] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  126.943736][ T8516] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  126.946575][ T1281] usb 6-1: config 1 has 0 interfaces, different from the descriptor's value: 66
[  126.951712][ T1281] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  126.951810][ T8516] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  126.955262][ T1281] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  126.960596][ T1281] usb 6-1: Product: syz
[  126.962143][ T1281] usb 6-1: Manufacturer: syz
[  126.966836][ T8516] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  126.974408][ T8516] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  127.023004][ T8516] 8021q: adding VLAN 0 to HW filter on device bond0
[  127.033800][ T8516] 8021q: adding VLAN 0 to HW filter on device team0
[  127.040757][ T1189] bridge0: port 1(bridge_slave_0) entered blocking state
[  127.042652][ T1189] bridge0: port 1(bridge_slave_0) entered forwarding state
[  127.047101][ T1098] bridge0: port 2(bridge_slave_1) entered blocking state
[  127.048970][ T1098] bridge0: port 2(bridge_slave_1) entered forwarding state
[  127.129432][ T8516] 8021q: adding VLAN 0 to HW filter on device batadv0
[  127.148016][ T8516] veth0_vlan: entered promiscuous mode
[  127.152406][ T8516] veth1_vlan: entered promiscuous mode
[  127.163304][ T8516] veth0_macvtap: entered promiscuous mode
[  127.166749][ T8516] veth1_macvtap: entered promiscuous mode
[  127.172179][ T8516] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  127.175681][ T8516] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  127.178217][ T8516] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  127.180892][ T8516] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  127.183401][ T8516] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  127.186151][ T8516] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  127.189311][ T8516] batman_adv: batadv0: Interface activated: batadv_slave_0
[  127.190873][ T8534] 9pnet: Could not find request transport: fd0x00000000000000050xffffffffffffffff
[  127.195642][ T8516] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  127.198422][ T8516] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  127.201127][ T8516] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  127.203801][ T8516] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  127.206468][ T8516] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  127.209183][ T8516] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  127.211719][ T8516] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  127.214403][ T8516] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  127.217586][ T8516] batman_adv: batadv0: Interface activated: batadv_slave_1
[  127.223223][ T8516] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  127.225842][ T8516] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  127.228134][ T8516] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  127.230458][ T8516] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  127.235688][ T8534] rdma_rxe: rxe_newlink: failed to add vcan0
[  127.243016][ T1281] usb 6-1: USB disconnect, device number 15
[  127.266355][ T1098] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  127.268447][ T1098] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  127.284977][ T1189] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  127.287049][ T1189] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  127.324918][ T8544] netlink: 8 bytes leftover after parsing attributes in process `syz.3.495'.
[  127.327931][ T8544] netlink: 8 bytes leftover after parsing attributes in process `syz.3.495'.
[  127.363897][ T8546] binder: 8545:8546 ioctl c0306201 0 returned -14
[  127.884171][ T8562] netlink: 8 bytes leftover after parsing attributes in process `syz.0.504'.
[  127.888640][ T8562] netlink: 8 bytes leftover after parsing attributes in process `syz.0.504'.
[  128.025173][   T39] audit: type=1804 audit(1729584131.582:27): pid=8567 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.508" name="/newroot/153/file1" dev="fuse" ino=1 res=1 errno=0
[  128.032014][   T39] audit: type=1800 audit(1729584131.582:28): pid=8567 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.508" name="/" dev="fuse" ino=1 res=0 errno=0
[  128.054872][ T5356] Bluetooth: hci4: command tx timeout
[  128.442989][ T8589] vcan0 speed is unknown, defaulting to 1000
[  128.464812][   T62] usb 6-1: new high-speed USB device number 16 using dummy_hcd
[  128.712289][   T62] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  128.715554][   T62] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  128.718955][   T62] usb 6-1: config 1 has 0 interfaces, different from the descriptor's value: 66
[  128.726572][   T62] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  128.730032][   T62] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  128.732441][   T62] usb 6-1: Product: syz
[  128.733839][   T62] usb 6-1: Manufacturer: syz
[  128.876841][ T8597] batadv1: entered promiscuous mode
[  128.879604][ T8597] 8021q: adding VLAN 0 to HW filter on device batadv1
[  128.903346][ T8599] binder: 8598:8599 ioctl c0306201 0 returned -14
[  128.954926][ T8576] 9pnet: Could not find request transport: fd0x00000000000000050xffffffffffffffff
[  128.996527][ T8576] rdma_rxe: rxe_newlink: failed to add vcan0
[  129.002770][   T62] usb 6-1: USB disconnect, device number 16
[  129.784955][ T5380] usb 6-1: new full-speed USB device number 17 using dummy_hcd
[  129.903163][ T8614] vcan0 speed is unknown, defaulting to 1000
[  129.956308][ T5380] usb 6-1: unable to get BOS descriptor or descriptor too short
[  129.959132][ T5380] usb 6-1: not running at top speed; connect to a high speed hub
[  129.962760][ T5380] usb 6-1: config 9 has an invalid interface number: 227 but max is 0
[  129.966306][ T5380] usb 6-1: config 9 has no interface number 0
[  129.968583][ T5380] usb 6-1: config 9 interface 227 altsetting 58 has an invalid endpoint descriptor of length 5, skipping
[  129.972443][ T5380] usb 6-1: config 9 interface 227 altsetting 58 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[  129.979409][ T5380] usb 6-1: config 9 interface 227 has no altsetting 0
[  129.982932][ T5380] usb 6-1: New USB device found, idVendor=5050, idProduct=0900, bcdDevice=f1.de
[  129.986583][ T5380] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  129.989560][ T5380] usb 6-1: Product: syz
[  129.990703][ T5380] usb 6-1: Manufacturer: syz
[  129.991948][ T5380] usb 6-1: SerialNumber: syz
[  129.999077][ T8609] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  130.124825][ T5356] Bluetooth: hci4: command tx timeout
[  130.223095][ T5380] ftdi_sio 6-1:9.227: FTDI USB Serial Device converter detected
[  130.225749][ T5380] ftdi_sio ttyUSB0: unknown device type: 0xf1de
[  130.231267][ T5380] usb 6-1: USB disconnect, device number 17
[  130.237340][ T5380] ftdi_sio 6-1:9.227: device disconnected
[  130.824794][   T62] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  130.977857][   T62] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  130.981128][   T62] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  130.984932][   T62] usb 5-1: config 1 has 0 interfaces, different from the descriptor's value: 66
[  130.990164][   T62] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  130.993447][   T62] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  130.997019][   T62] usb 5-1: Product: syz
[  130.998571][   T62] usb 5-1: Manufacturer: syz
[  131.209446][ T8630] 9pnet_fd: Insufficient options for proto=fd
[  131.248809][ T8630] syz1: rxe_newlink: already configured on vcan0
[  131.255884][   T62] usb 5-1: USB disconnect, device number 8
[  131.935899][ T8658] netlink: 16 bytes leftover after parsing attributes in process `syz.3.538'.
[  132.127978][ T1374] ieee802154 phy0 wpan0: encryption failed: -22
[  132.130326][ T1374] ieee802154 phy1 wpan1: encryption failed: -22
[  132.214805][   T62] usb 6-1: new high-speed USB device number 18 using dummy_hcd
[  132.215037][ T5356] Bluetooth: hci4: command tx timeout
[  132.376671][   T62] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  132.379948][   T62] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  132.383607][   T62] usb 6-1: config 1 has 0 interfaces, different from the descriptor's value: 66
[  132.388417][   T62] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  132.391732][   T62] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  132.394710][   T62] usb 6-1: Product: syz
[  132.396242][   T62] usb 6-1: Manufacturer: syz
[  132.602912][ T8665] 9pnet_fd: Insufficient options for proto=fd
[  132.661164][ T8665] rdma_rxe: rxe_newlink: failed to add vcan0
[  132.673082][   T62] usb 6-1: USB disconnect, device number 18
[  133.128017][   T39] audit: type=1800 audit(1729584136.682:29): pid=8681 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.545" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0
[  133.237407][ T8686] netlink: 4 bytes leftover after parsing attributes in process `syz.3.547'.
[  133.241588][ T8686] net veth1_virt_wifi virt_wifi0: entered allmulticast mode
[  134.295279][ T5356] Bluetooth: hci4: command tx timeout
[  134.464746][ T5405] usb 6-1: new high-speed USB device number 19 using dummy_hcd
[  134.637222][ T5405] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  134.639483][ T5405] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  134.642083][ T5405] usb 6-1: config 1 has 0 interfaces, different from the descriptor's value: 66
[  134.646727][ T5405] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  134.649095][ T5405] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  134.651124][ T5405] usb 6-1: Product: syz
[  134.652200][ T5405] usb 6-1: Manufacturer: syz
[  134.829758][ T8716] FAULT_INJECTION: forcing a failure.
[  134.829758][ T8716] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  134.833757][ T8716] CPU: 2 UID: 0 PID: 8716 Comm: syz.0.556 Not tainted 6.12.0-rc4-syzkaller-00047-gc2ee9f594da8 #0
[  134.836907][ T8716] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  134.840215][ T8716] Call Trace:
[  134.841291][ T8716]  <TASK>
[  134.842224][ T8716]  dump_stack_lvl+0x16c/0x1f0
[  134.843720][ T8716]  should_fail_ex+0x497/0x5b0
[  134.845222][ T8716]  _copy_from_user+0x30/0xf0
[  134.846684][ T8716]  kstrtouint_from_user+0xd7/0x1c0
[  134.848420][ T8716]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  134.850251][ T8716]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  134.852020][ T8716]  proc_fail_nth_write+0x84/0x250
[  134.853618][ T8716]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  134.855370][ T8716]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  134.857118][ T8716]  vfs_write+0x28e/0x1140
[  134.858350][ T8716]  ? __fget_files+0x23a/0x3f0
[  134.859583][ T8706] 9pnet_fd: Insufficient options for proto=fd
[  134.859720][ T8716]  ? fdget_pos+0x24c/0x360
[  134.862771][ T8716]  ? __pfx_lock_release+0x10/0x10
[  134.864356][ T8716]  ? trace_lock_acquire+0x14a/0x1d0
[  134.865999][ T8716]  ? __pfx_vfs_write+0x10/0x10
[  134.867456][ T8716]  ? __pfx___mutex_lock+0x10/0x10
[  134.869077][ T8716]  ? __fget_files+0x244/0x3f0
[  134.870554][ T8716]  ksys_write+0x12f/0x260
[  134.871915][ T8716]  ? __pfx_ksys_write+0x10/0x10
[  134.873465][ T8716]  __do_fast_syscall_32+0x73/0x120
[  134.875078][ T8716]  do_fast_syscall_32+0x32/0x80
[  134.876625][ T8716]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  134.878727][ T8716] RIP: 0023:0xf746e579
[  134.880009][ T8716] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  134.886086][ T8716] RSP: 002b:00000000f57565a0 EFLAGS: 00000293 ORIG_RAX: 0000000000000004
[  134.888700][ T8716] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f5756620
[  134.891156][ T8716] RDX: 0000000000000001 RSI: 00000000f745bff4 RDI: 0000000000000000
[  134.893639][ T8716] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000
[  134.896086][ T8716] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  134.898558][ T8716] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  134.901053][ T8716]  </TASK>
[  134.910906][ T8706] rdma_rxe: rxe_newlink: failed to add vcan0
[  134.917589][ T5405] usb 6-1: USB disconnect, device number 19
[  135.026649][ T8722] netlink: 'syz.0.559': attribute type 1 has an invalid length.
[  135.028922][ T8722] netlink: 9328 bytes leftover after parsing attributes in process `syz.0.559'.
[  135.031544][ T8722] netlink: 44 bytes leftover after parsing attributes in process `syz.0.559'.
[  135.034424][ T8722] netlink: 'syz.0.559': attribute type 1 has an invalid length.
[  135.367977][ T8729] binder: 8723:8729 ioctl c0306201 20000580 returned -14
[  135.522099][ T8732] can0: slcan on ttyS3.
[  136.250129][ T8743] netlink: 84 bytes leftover after parsing attributes in process `syz.0.564'.
[  136.338729][ T8730] can0 (unregistered): slcan off ttyS3.
[  136.404473][   T39] audit: type=1804 audit(1729584139.952:30): pid=8757 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.565" name="/" dev="pidfs" ino=9056 res=1 errno=0
[  136.410948][ T8759] FAULT_INJECTION: forcing a failure.
[  136.410948][ T8759] name failslab, interval 1, probability 0, space 0, times 0
[  136.416691][ T8759] CPU: 3 UID: 0 PID: 8759 Comm: syz.1.566 Not tainted 6.12.0-rc4-syzkaller-00047-gc2ee9f594da8 #0
[  136.420528][ T8759] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  136.424444][ T8759] Call Trace:
[  136.425732][ T8759]  <TASK>
[  136.426847][ T8759]  dump_stack_lvl+0x16c/0x1f0
[  136.428614][ T8759]  should_fail_ex+0x497/0x5b0
[  136.430336][ T8759]  ? fs_reclaim_acquire+0xae/0x150
[  136.432212][ T8759]  should_failslab+0xc2/0x120
[  136.433954][ T8759]  kmem_cache_alloc_noprof+0x6e/0x2f0
[  136.435863][ T8759]  ? __kernfs_new_node+0xd3/0x890
[  136.437736][ T8759]  __kernfs_new_node+0xd3/0x890
[  136.439549][ T8759]  ? __pfx___kernfs_new_node+0x10/0x10
[  136.441552][ T8759]  ? __pfx___lock_acquire+0x10/0x10
[  136.443465][ T8759]  ? lock_acquire.part.0+0x11b/0x380
[  136.445432][ T8759]  ? find_held_lock+0x2d/0x110
[  136.447394][ T8759]  kernfs_new_node+0x186/0x240
[  136.449207][ T8759]  kernfs_create_link+0xcc/0x240
[  136.451053][ T8759]  sysfs_do_create_link_sd+0x90/0x140
[  136.453058][ T8759]  sysfs_create_link+0x61/0xc0
[  136.454600][ T8759]  device_add+0x50c/0x1a70
[  136.455862][ T8759]  ? __pfx_device_add+0x10/0x10
[  136.457140][ T8759]  ? kfree+0x274/0x4b0
[  136.458217][ T8759]  device_create_groups_vargs+0x1f8/0x270
[  136.459711][ T8759]  device_create+0xe9/0x130
[  136.460916][ T8759]  ? __pfx_device_create+0x10/0x10
[  136.462268][ T8759]  ? rcu_is_watching+0x12/0xc0
[  136.463547][ T8759]  ? do_init_timer+0xc9/0x110
[  136.464807][ T8759]  ? ieee80211_roc_setup+0x136/0x270
[  136.466206][ T8759]  ? ieee80211_alloc_hw_nm+0x231/0x2260
[  136.468157][ T8759]  mac80211_hwsim_new_radio+0x3df/0x56c0
[  136.470240][ T8759]  ? __sys_sendmsg+0x117/0x1f0
[  136.472007][ T8759]  ? __do_fast_syscall_32+0x73/0x120
[  136.473896][ T8759]  ? do_fast_syscall_32+0x32/0x80
[  136.475218][ T8759]  ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  136.476917][ T8759]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  136.478500][ T8759]  hwsim_new_radio_nl+0xb42/0x12b0
[  136.479833][ T8759]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  136.481285][ T8759]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290
[  136.483192][ T8759]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290
[  136.485136][ T8759]  genl_family_rcv_msg_doit+0x202/0x2f0
[  136.486577][ T8759]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  136.488165][ T8759]  ? bpf_lsm_capable+0x9/0x10
[  136.489422][ T8759]  ? security_capable+0x7e/0x260
[  136.490743][ T8759]  ? ns_capable+0xd7/0x110
[  136.491920][ T8759]  genl_rcv_msg+0x565/0x800
[  136.493137][ T8759]  ? __pfx_genl_rcv_msg+0x10/0x10
[  136.494565][ T8759]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  136.496025][ T8759]  netlink_rcv_skb+0x165/0x410
[  136.497295][ T8759]  ? __pfx_genl_rcv_msg+0x10/0x10
[  136.498617][ T8759]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  136.500018][ T8759]  ? down_read+0xc9/0x330
[  136.501163][ T8759]  ? __pfx_down_read+0x10/0x10
[  136.502422][ T8759]  ? netlink_deliver_tap+0x1ae/0xcf0
[  136.503941][ T8759]  genl_rcv+0x28/0x40
[  136.505427][ T8759]  netlink_unicast+0x53c/0x7f0
[  136.507192][ T8759]  ? __pfx_netlink_unicast+0x10/0x10
[  136.509147][ T8759]  ? __phys_addr_symbol+0x30/0x80
[  136.510998][ T8759]  ? __check_object_size+0x488/0x710
[  136.512894][ T8759]  netlink_sendmsg+0x8b8/0xd70
[  136.514370][ T8759]  ? __pfx_netlink_sendmsg+0x10/0x10
[  136.515746][ T8759]  ? lock_acquire+0x2f/0xb0
[  136.516957][ T8759]  ____sys_sendmsg+0x9ae/0xb40
[  136.518426][ T8759]  ? __pfx_____sys_sendmsg+0x10/0x10
[  136.519978][ T8759]  ? get_compat_msghdr+0x11b/0x170
[  136.521330][ T8759]  ? __pfx___lock_acquire+0x10/0x10
[  136.522684][ T8759]  ___sys_sendmsg+0x135/0x1e0
[  136.524112][ T8759]  ? __pfx____sys_sendmsg+0x10/0x10
[  136.526008][ T8759]  ? lock_acquire+0x2f/0xb0
[  136.527694][ T8759]  ? __fget_files+0x40/0x3f0
[  136.529442][ T8759]  ? fdget+0x176/0x210
[  136.530965][ T8759]  __sys_sendmsg+0x117/0x1f0
[  136.532227][ T8759]  ? __pfx___sys_sendmsg+0x10/0x10
[  136.533596][ T8759]  ? __fget_files+0x244/0x3f0
[  136.535032][ T8759]  __do_fast_syscall_32+0x73/0x120
[  136.536341][ T8759]  do_fast_syscall_32+0x32/0x80
[  136.537611][ T8759]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  136.539243][ T8759] RIP: 0023:0xf746e579
[  136.540300][ T8759] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  136.546049][ T8759] RSP: 002b:00000000f575656c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  136.549115][ T8759] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000040
[  136.552135][ T8759] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  136.554944][ T8759] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  136.557919][ T8759] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  136.560999][ T8759] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  136.564120][ T8759]  </TASK>
[  136.914847][   T35] usb 6-1: new high-speed USB device number 20 using dummy_hcd
[  137.076510][   T35] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  137.079567][   T35] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  137.083118][   T35] usb 6-1: config 1 has 0 interfaces, different from the descriptor's value: 66
[  137.087887][   T35] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  137.091131][   T35] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  137.093952][   T35] usb 6-1: Product: syz
[  137.095544][   T35] usb 6-1: Manufacturer: syz
[  137.244781][    T9] usb 8-1: new high-speed USB device number 6 using dummy_hcd
[  137.302468][ T8773] 9pnet_fd: Insufficient options for proto=fd
[  137.340956][ T8773] rdma_rxe: rxe_newlink: failed to add vcan0
[  137.346499][   T35] usb 6-1: USB disconnect, device number 20
[  137.347490][ T8781] netlink: 4 bytes leftover after parsing attributes in process `syz.0.573'.
[  137.394769][    T9] usb 8-1: Using ep0 maxpacket: 8
[  137.398722][    T9] usb 8-1: config 168 descriptor has 1 excess byte, ignoring
[  137.401300][    T9] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  137.405633][    T9] usb 8-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  137.409543][    T9] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  137.413330][    T9] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  137.418243][    T9] usb 8-1: config 168 descriptor has 1 excess byte, ignoring
[  137.420780][    T9] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  137.424821][    T9] usb 8-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  137.428773][    T9] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  137.432463][    T9] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  137.437762][    T9] usb 8-1: config 168 descriptor has 1 excess byte, ignoring
[  137.441326][    T9] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  137.445220][    T9] usb 8-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  137.449301][    T9] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  137.452985][    T9] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  137.459336][    T9] usb 8-1: string descriptor 0 read error: -22
[  137.461614][    T9] usb 8-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  137.464803][    T9] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  137.473866][    T9] adutux 8-1:168.0: ADU100  now attached to /dev/usb/adutux0
[  137.783958][   T62] usb 8-1: USB disconnect, device number 6
[  138.762740][ T8808] team0: No ports can be present during mode change
[  140.217068][   T39] audit: type=1800 audit(1729584143.772:31): pid=8855 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.584" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0
[  140.471936][ T8886] netlink: 12 bytes leftover after parsing attributes in process `syz.3.588'.
[  140.624408][ T5386] libceph: connect (1)[c::]:6789 error -101
[  140.626632][ T5386] libceph: mon0 (1)[c::]:6789 connect error
[  140.628778][ T8901] ceph: No mds server is up or the cluster is laggy
[  140.679435][ T8915] netlink: 24 bytes leftover after parsing attributes in process `syz.0.591'.
[  141.390170][ T8940] tipc: Started in network mode
[  141.391502][ T8940] tipc: Node identity aaaaaaaaaa1a, cluster identity 4711
[  141.393359][ T8940] tipc: Enabled bearer <eth:team0>, priority 0
[  141.717082][   T62] usb 6-1: new high-speed USB device number 21 using dummy_hcd
[  141.864797][   T62] usb 6-1: Using ep0 maxpacket: 32
[  141.868252][   T62] usb 6-1: config index 0 descriptor too short (expected 29220, got 36)
[  141.871253][   T62] usb 6-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  141.874260][   T62] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 81
[  141.877760][   T62] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  141.881165][   T62] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  141.884547][   T62] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  141.889488][   T62] usb 6-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  141.892649][   T62] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  141.898101][   T62] usb 6-1: config 0 descriptor??
[  142.113123][   T62] usblp 6-1:0.0: usblp0: USB Bidirectional printer dev 21 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  142.118359][   T62] usb 6-1: USB disconnect, device number 21
[  142.121684][   T62] usblp0: removed
[  142.460473][ T8968] team_slave_0: entered promiscuous mode
[  142.462858][ T8968] team_slave_1: entered promiscuous mode
[  142.465490][ T8968] macvlan2: entered promiscuous mode
[  142.467484][ T8968] team0: entered promiscuous mode
[  142.469748][ T8968] macvlan2: entered allmulticast mode
[  142.471681][ T8968] team0: entered allmulticast mode
[  142.473585][ T8968] team_slave_0: entered allmulticast mode
[  142.475934][ T8968] team_slave_1: entered allmulticast mode
[  142.478904][ T8968] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  142.487461][ T8968] macvlan3: entered promiscuous mode
[  142.488948][ T8968] macvlan3: entered allmulticast mode
[  142.514793][   T62] tipc: Node number set to 11578026
[  142.563313][ T8975] netlink: 'syz.0.605': attribute type 8 has an invalid length.
[  142.565878][ T8975] netlink: 8 bytes leftover after parsing attributes in process `syz.0.605'.
[  142.575525][ T5406] usb 6-1: new high-speed USB device number 22 using dummy_hcd
[  142.734818][ T5406] usb 6-1: Using ep0 maxpacket: 32
[  142.741421][ T5406] usb 6-1: config index 0 descriptor too short (expected 29220, got 36)
[  142.744830][ T5406] usb 6-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  142.747593][ T5406] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 81
[  142.750175][ T5406] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  142.752693][ T5406] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  142.755279][ T5406] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  142.758728][ T5406] usb 6-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  142.761440][ T5406] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  142.769904][ T5406] usb 6-1: config 0 descriptor??
[  142.980896][ T5406] usblp 6-1:0.0: usblp0: USB Bidirectional printer dev 22 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  143.277967][ T8998] FAULT_INJECTION: forcing a failure.
[  143.277967][ T8998] name failslab, interval 1, probability 0, space 0, times 0
[  143.282002][ T8998] CPU: 1 UID: 0 PID: 8998 Comm: syz.0.612 Not tainted 6.12.0-rc4-syzkaller-00047-gc2ee9f594da8 #0
[  143.285357][ T8998] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  143.288909][ T8998] Call Trace:
[  143.289735][ T8998]  <TASK>
[  143.290511][ T8998]  dump_stack_lvl+0x16c/0x1f0
[  143.291741][ T8998]  should_fail_ex+0x497/0x5b0
[  143.292999][ T8998]  ? fs_reclaim_acquire+0xae/0x150
[  143.294352][ T8998]  should_failslab+0xc2/0x120
[  143.295612][ T8998]  kmem_cache_alloc_noprof+0x6e/0x2f0
[  143.297030][ T8998]  ? __kernfs_new_node+0xd3/0x890
[  143.298351][ T8998]  __kernfs_new_node+0xd3/0x890
[  143.299802][ T8998]  ? __pfx___kernfs_new_node+0x10/0x10
[  143.301258][ T8998]  ? __pfx___lock_acquire+0x10/0x10
[  143.302631][ T8998]  ? lock_acquire.part.0+0x11b/0x380
[  143.304414][ T8998]  ? find_held_lock+0x2d/0x110
[  143.306046][ T8998]  kernfs_new_node+0x186/0x240
[  143.307331][ T8998]  kernfs_create_link+0xcc/0x240
[  143.308758][ T8998]  sysfs_do_create_link_sd+0x90/0x140
[  143.310187][ T8998]  sysfs_create_link+0x61/0xc0
[  143.311472][ T8998]  device_add+0x50c/0x1a70
[  143.312791][ T8998]  ? rcu_is_watching+0x12/0xc0
[  143.314294][ T8998]  ? __pfx_device_add+0x10/0x10
[  143.315676][ T8998]  ? kstrdup+0x5c/0x80
[  143.316958][ T8998]  device_create_groups_vargs+0x1f8/0x270
[  143.318635][ T8998]  device_create+0xe9/0x130
[  143.320003][ T8998]  ? __pfx_device_create+0x10/0x10
[  143.321532][ T8998]  ? __pfx_vsnprintf+0x10/0x10
[  143.322815][ T8998]  bdi_register_va+0x116/0x820
[  143.324090][ T8998]  ? __pfx_bdi_register_va+0x10/0x10
[  143.325508][ T8998]  ? do_init_timer+0xc9/0x110
[  143.326909][ T8998]  super_setup_bdi_name+0x100/0x250
[  143.328352][ T8998]  ? __pfx_super_setup_bdi_name+0x10/0x10
[  143.329965][ T8998]  ? fuse_fill_super_common+0x48c/0x1040
[  143.331442][ T8998]  ? lock_acquire+0x2f/0xb0
[  143.332661][ T8998]  ? fuse_dev_install+0xa9/0x220
[  143.333970][ T8998]  fuse_fill_super_common+0x5eb/0x1040
[  143.335432][ T8998]  ? __pfx_fuse_fill_super_common+0x10/0x10
[  143.337061][ T8998]  ? irqentry_exit+0x3b/0x90
[  143.338384][ T8998]  ? lockdep_hardirqs_on+0x7c/0x110
[  143.339848][ T8998]  ? __pfx_fuse_fill_super+0x10/0x10
[  143.341326][ T8998]  ? __pfx_fuse_fill_super+0x10/0x10
[  143.342762][ T8998]  fuse_fill_super+0x1f2/0x2d0
[  143.344033][ T8998]  get_tree_nodev+0xda/0x190
[  143.345264][ T8998]  fuse_get_tree+0x26d/0x600
[  143.346491][ T8998]  vfs_get_tree+0x8f/0x380
[  143.347677][ T8998]  path_mount+0x6e1/0x1f10
[  143.348950][ T8998]  ? kmem_cache_free+0x152/0x4b0
[  143.350627][ T8998]  ? __pfx_path_mount+0x10/0x10
[  143.352277][ T8998]  ? putname+0x12e/0x170
[  143.353736][ T8998]  __ia32_sys_mount+0x292/0x310
[  143.355387][ T8998]  ? __pfx___ia32_sys_mount+0x10/0x10
[  143.357214][ T8998]  __do_fast_syscall_32+0x73/0x120
[  143.358953][ T8998]  do_fast_syscall_32+0x32/0x80
[  143.360711][ T8998]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  143.362874][ T8998] RIP: 0023:0xf746e579
[  143.364273][ T8998] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  143.370869][ T8998] RSP: 002b:00000000f571456c EFLAGS: 00000296 ORIG_RAX: 0000000000000015
[  143.373797][ T8998] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000020000000
[  143.376512][ T8998] RDX: 00000000200012c0 RSI: 0000000000000000 RDI: 0000000020001500
[  143.379205][ T8998] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  143.381880][ T8998] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  143.384556][ T8998] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  143.387254][ T8998]  </TASK>
[  143.642248][ T8999] netlink: 'syz.1.596': attribute type 7 has an invalid length.
[  143.656054][ T8999] ��: entered promiscuous mode
[  143.841940][ T5380] usb 6-1: USB disconnect, device number 22
[  143.846984][ T5380] usblp0: removed
[  143.954431][ T9005] xt_CHECKSUM: CHECKSUM should be avoided.  If really needed, restrict with "-p udp" and only use in OUTPUT
[  143.959012][ T9005] x_tables: ip6_tables: TCPOPTSTRIP target: only valid for protocol 6
[  144.234880][ T5386] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  144.396663][ T5386] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  144.399774][ T5386] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  144.403766][ T5386] usb 5-1: config 1 has 0 interfaces, different from the descriptor's value: 66
[  144.408547][ T5386] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  144.411808][ T5386] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  144.414599][ T5386] usb 5-1: Product: syz
[  144.416175][ T5386] usb 5-1: Manufacturer: syz
[  144.625029][ T9007] 9pnet_fd: Insufficient options for proto=fd
[  144.687584][ T9007] syz1: rxe_newlink: already configured on vcan0
[  144.692647][ T5386] usb 5-1: USB disconnect, device number 9
[  145.281850][   T39] audit: type=1400 audit(1729584148.832:32): apparmor="DENIED" operation="setprocattr" info="invalid" error=-22 profile="unconfined" pid=9023 comm="syz.0.620"
[  145.323385][ T9026] netlink: 4 bytes leftover after parsing attributes in process `syz.0.621'.
[  145.503298][ T9034] FAULT_INJECTION: forcing a failure.
[  145.503298][ T9034] name failslab, interval 1, probability 0, space 0, times 0
[  145.508069][ T9034] CPU: 0 UID: 0 PID: 9034 Comm: syz.3.623 Not tainted 6.12.0-rc4-syzkaller-00047-gc2ee9f594da8 #0
[  145.510905][ T9034] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  145.513769][ T9034] Call Trace:
[  145.514806][ T9034]  <TASK>
[  145.515814][ T9034]  dump_stack_lvl+0x16c/0x1f0
[  145.517474][ T9034]  should_fail_ex+0x497/0x5b0
[  145.519137][ T9034]  ? fs_reclaim_acquire+0xae/0x150
[  145.520961][ T9034]  should_failslab+0xc2/0x120
[  145.522647][ T9034]  kmem_cache_alloc_noprof+0x6e/0x2f0
[  145.524545][ T9034]  ? ptlock_alloc+0x1f/0x70
[  145.526154][ T9034]  ptlock_alloc+0x1f/0x70
[  145.527703][ T9034]  pte_alloc_one+0x74/0x360
[  145.529313][ T9034]  __pte_alloc+0x6e/0x390
[  145.530851][ T9034]  ? __pfx___pte_alloc+0x10/0x10
[  145.532686][ T9034]  ? __pfx___might_resched+0x10/0x10
[  145.534492][ T9034]  copy_page_range+0x3889/0x5a20
[  145.536217][ T9034]  ? __pfx_copy_page_range+0x10/0x10
[  145.538045][ T9034]  ? mas_store+0x53b/0xad0
[  145.539608][ T9034]  ? lock_acquire+0x2f/0xb0
[  145.541215][ T9034]  ? copy_mm+0x1063/0x2550
[  145.542796][ T9034]  ? up_write+0x1b2/0x520
[  145.544289][ T9034]  copy_mm+0x134f/0x2550
[  145.545799][ T9034]  ? __pfx_copy_mm+0x10/0x10
[  145.547451][ T9034]  ? copy_process+0x3c7d/0x6ee0
[  145.549239][ T9034]  ? __raw_spin_lock_init+0x3a/0x110
[  145.551175][ T9034]  copy_process+0x3e43/0x6ee0
[  145.552954][ T9034]  ? __pfx_copy_process+0x10/0x10
[  145.554474][ T9034]  ? find_held_lock+0x2d/0x110
[  145.554996][ T9035] netlink: 8 bytes leftover after parsing attributes in process `syz.0.621'.
[  145.555738][ T9034]  kernel_clone+0xfd/0x960
[  145.560302][ T9034]  ? __pfx_kernel_clone+0x10/0x10
[  145.562070][ T9034]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  145.564099][ T9034]  __do_compat_sys_ia32_clone+0xb7/0x100
[  145.565899][ T9034]  ? __pfx___do_compat_sys_ia32_clone+0x10/0x10
[  145.568046][ T9034]  __do_fast_syscall_32+0x73/0x120
[  145.569911][ T9034]  do_fast_syscall_32+0x32/0x80
[  145.571682][ T9034]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  145.573967][ T9034] RIP: 0023:0xf73de579
[  145.575466][ T9034] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  145.581722][ T9034] RSP: 002b:00000000f56c651c EFLAGS: 00000246 ORIG_RAX: 0000000000000078
[  145.585259][ T9034] RAX: ffffffffffffffda RBX: 0000000007080000 RCX: 0000000000000000
[  145.588935][ T9034] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  145.592220][ T9034] RBP: 0000000000000020 R08: 0000000000000000 R09: 0000000000000000
[  145.595024][ T9034] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  145.598127][ T9034] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  145.601021][ T9034]  </TASK>
[  145.752735][ T9044] xt_TCPMSS: Only works on TCP SYN packets
[  146.409598][ T9046] bridge2: entered promiscuous mode
[  146.411686][ T9046] bridge2: entered allmulticast mode
[  146.422401][ T9046] team0: Port device bridge2 added
[  146.462150][ T9052] FAULT_INJECTION: forcing a failure.
[  146.462150][ T9052] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  146.466632][ T9052] CPU: 3 UID: 0 PID: 9052 Comm: syz.1.629 Not tainted 6.12.0-rc4-syzkaller-00047-gc2ee9f594da8 #0
[  146.470491][ T9052] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  146.474330][ T9052] Call Trace:
[  146.475207][ T9052]  <TASK>
[  146.475984][ T9052]  dump_stack_lvl+0x16c/0x1f0
[  146.477241][ T9052]  should_fail_ex+0x497/0x5b0
[  146.478482][ T9052]  _copy_from_iter+0x29b/0x13e0
[  146.479889][ T9052]  ? __pfx__copy_from_iter+0x10/0x10
[  146.481291][ T9052]  ? __virt_addr_valid+0x1a4/0x590
[  146.482633][ T9052]  ? __virt_addr_valid+0x5e/0x590
[  146.483977][ T9052]  ? __phys_addr_symbol+0x30/0x80
[  146.485372][ T9052]  ? __check_object_size+0x488/0x710
[  146.486754][ T9052]  netlink_sendmsg+0x813/0xd70
[  146.488011][ T9052]  ? __pfx_netlink_sendmsg+0x10/0x10
[  146.489417][ T9052]  __sys_sendto+0x479/0x4d0
[  146.490618][ T9052]  ? __pfx___sys_sendto+0x10/0x10
[  146.491949][ T9052]  ? __might_fault+0x13b/0x190
[  146.493208][ T9052]  ? __pfx_lock_release+0x10/0x10
[  146.494512][ T9052]  __do_compat_sys_socketcall+0x5e2/0x700
[  146.496137][ T9052]  ? __fget_files+0x244/0x3f0
[  146.497495][ T9052]  ? __pfx___do_compat_sys_socketcall+0x10/0x10
[  146.499135][ T9052]  ? fput+0x30/0x390
[  146.500183][ T9052]  __do_fast_syscall_32+0x73/0x120
[  146.501539][ T9052]  do_fast_syscall_32+0x32/0x80
[  146.502816][ T9052]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  146.504463][ T9052] RIP: 0023:0xf746e579
[  146.505546][ T9052] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  146.510770][ T9052] RSP: 002b:00000000f5755440 EFLAGS: 00000293 ORIG_RAX: 0000000000000066
[  146.512943][ T9052] RAX: ffffffffffffffda RBX: 000000000000000b RCX: 00000000f5755454
[  146.514972][ T9052] RDX: 0000000000000000 RSI: 00000000f5755570 RDI: 00000000f745bff4
[  146.516948][ T9052] RBP: 00000000f5755570 R08: 0000000000000000 R09: 0000000000000000
[  146.519538][ T9052] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  146.522266][ T9052] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  146.525028][ T9052]  </TASK>
[  146.805162][ T5345] Bluetooth: hci4: command 0x0405 tx timeout
[  147.030195][ T9067] netlink: 'syz.0.633': attribute type 2 has an invalid length.
[  147.408116][ T9070] netlink: 8 bytes leftover after parsing attributes in process `syz.0.634'.
[  147.411280][ T9070] netlink: 60 bytes leftover after parsing attributes in process `syz.0.634'.
[  147.501838][ T9076] netlink: 8 bytes leftover after parsing attributes in process `syz.1.635'.
[  147.504371][ T9076] netlink: 60 bytes leftover after parsing attributes in process `syz.1.635'.
[  148.655388][ T9103] netlink: 100 bytes leftover after parsing attributes in process `syz.0.644'.
[  148.776306][ T9106] netlink: 24 bytes leftover after parsing attributes in process `syz.0.645'.
[  149.947284][ T9131] netlink: 100 bytes leftover after parsing attributes in process `syz.0.652'.
[  150.145452][ T5406] usb 8-1: new high-speed USB device number 7 using dummy_hcd
[  150.294761][ T5406] usb 8-1: Using ep0 maxpacket: 8
[  150.303398][ T5406] usb 8-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 528
[  150.311703][ T5406] usb 8-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 8
[  150.320720][ T5406] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  150.323200][ T5406] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  150.325514][ T5406] usb 8-1: Product: 쿥痕ކ擄漿柮僥煱뛝ᨶ踍主Ả兣䫰闃ಆ스Ѣꍴ╕簙甬镬潐㇏﯌᷈鞼ꠇ᫣鴼쨴悼ᩎ괴೰↮仓邍û虑䔍璞奵윩㬀巑݇诼겝集宑뵮顰ꜻ槥ⴝ
[  150.331359][ T5406] usb 8-1: Manufacturer: љ
[  150.332585][ T5406] usb 8-1: SerialNumber: ㉝䡿睴鎇䵯庎㤰䙓
[  151.064312][ T9148] EXT4-fs (sda1): resizing filesystem from 262144 to 1 blocks
[  151.066465][ T9148] EXT4-fs warning (device sda1): ext4_resize_fs:2042: can't shrink FS - resize aborted
SYZFAIL: bad allocate request
allocated=0 size=4194802/4194808 (errno 9: Bad file descriptor)
[  151.487156][   T12] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  151.601646][   T12] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  151.708877][   T12] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  151.778714][   T12] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  151.918828][   T12] bridge_slave_1: left allmulticast mode
[  151.920970][   T12] bridge_slave_1: left promiscuous mode
[  151.923108][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  151.927222][   T12] bridge_slave_0: left allmulticast mode
[  151.928794][   T12] bridge_slave_0: left promiscuous mode
[  151.930350][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  152.201339][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  152.206136][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  152.210588][   T12] bond0 (unregistering): Released all slaves
[  152.580848][   T12] hsr_slave_0: left promiscuous mode
[  152.582861][   T12] hsr_slave_1: left promiscuous mode
[  152.585435][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  152.587389][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[  152.589743][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  152.591673][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[  152.629192][   T12] veth1_macvtap: left promiscuous mode
[  152.631202][   T12] veth0_macvtap: left promiscuous mode
[  152.633188][   T12] veth1_vlan: left promiscuous mode
[  152.635207][   T12] veth0_vlan: left promiscuous mode
[  152.689832][ T5406] cdc_ncm 8-1:1.0: bind() failure
[  152.692725][ T5406] cdc_ncm 8-1:1.1: CDC Union missing and no IAD found
[  152.694510][ T5406] cdc_ncm 8-1:1.1: bind() failure
[  152.697178][ T5406] usb 8-1: USB disconnect, device number 7
[  153.230262][   T12] team0 (unregistering): Port device team_slave_1 removed
[  153.298727][   T12] team0 (unregistering): Port device team_slave_0 removed
[  154.281023][   T12] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  154.375047][   T12] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  154.470449][   T12] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  154.558905][   T12] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  154.684499][   T12] bridge_slave_1: left allmulticast mode
[  154.686586][   T12] bridge_slave_1: left promiscuous mode
[  154.688618][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  154.694480][   T12] bridge_slave_0: left allmulticast mode
[  154.696858][   T12] bridge_slave_0: left promiscuous mode
[  154.698342][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  154.744129][   T12] batman_adv: batadv0: Removing interface: ip6gretap1
[  154.914251][   T12] bond1 (unregistering): (slave bridge1): Releasing backup interface
[  155.004586][   T12] team0: Port device bridge2 removed
[  155.134234][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  155.139572][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  155.144810][   T12] bond0 (unregistering): Released all slaves
[  155.228341][   T12] bond1 (unregistering): Released all slaves
[  155.289137][   T12] ��: left promiscuous mode
[  155.417092][   T12] tipc: Disabling bearer <udp:syz1>
[  155.420876][   T12] tipc: Left network mode
[  155.636970][   T12] hsr_slave_0: left promiscuous mode
[  155.639015][   T12] hsr_slave_1: left promiscuous mode
[  155.647601][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[  155.650037][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  155.652014][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[  155.670010][   T12] veth1_macvtap: left promiscuous mode
[  155.672106][   T12] veth0_macvtap: left promiscuous mode
[  155.674210][   T12] veth1_vlan: left promiscuous mode
[  155.676268][   T12] veth0_vlan: left promiscuous mode
[  155.746846][   T12] pimreg (unregistering): left allmulticast mode
[  156.343877][   T12] team0 (unregistering): Port device team_slave_1 removed
[  156.412804][   T12] team0 (unregistering): Port device team_slave_0 removed

VM DIAGNOSIS:
08:02:34  Registers:
info registers vcpu 0

CPU#0
RAX=0000000080000102 RBX=0000000000007286 RCX=ffffffff817ae954 RDX=ffff8880295f2440
RSI=7fffffffffffffff RDI=0000000000000006 RBP=ffff88802b42ca08 RSP=ffffc90000007e98
R8 =0000000000000006 R9 =7fffffffffffffff R10=0000002329033c1a R11=0000000000000000
R12=0000002329033c1a R13=ffff88802b42cb28 R14=0000000000000003 R15=7fffffffffffffff
RIP=ffffffff818cb863 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88802b400000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00007ffdad7d3fa8 CR3=0000000051e60000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000000000001 RBX=000000000000064c RCX=ffffffff81694e6e RDX=fffffbfff2d321a2
RSI=0000000000000008 RDI=ffffffff96990d08 RBP=0000000000000000 RSP=ffffc90003167500
R8 =0000000000000000 R9 =fffffbfff2d321a1 R10=ffffffff96990d0f R11=0000000000000000
R12=dffffc0000000000 R13=ffff888025830b08 R14=0000000000000004 R15=ffff888025830000
RIP=ffffffff81ee0758 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0000 0000000000000000 ffffffff 00c00000
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff88802b500000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00000000203b3018 CR3=0000000051e60000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000008
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000005000000000 0000000100000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 2

CPU#2
RAX=0000000000000001 RBX=0000000000000022 RCX=ffffffff81694e6e RDX=fffffbfff2d32189
RSI=0000000000000008 RDI=ffffffff96990c40 RBP=ffffc90007107950 RSP=ffffc90007107800
R8 =0000000000000000 R9 =fffffbfff2d32188 R10=ffffffff96990c47 R11=0000000000000002
R12=ffff8880252aa440 R13=0000000000000200 R14=0000000000000009 R15=1ffff92000e20f08
RIP=ffffffff81694e76 RFL=00000047 [---Z-PC] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88802b600000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000008f000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=000000005734c99c CR3=0000000056cbc000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000008
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000005000000000 0000000100000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 3

CPU#3
RAX=000000000038edf1 RBX=0000000000000003 RCX=ffffffff8b139ef9 RDX=0000000000000000
RSI=ffffffff8b4cc960 RDI=ffffffff8bb12d60 RBP=ffffed100376e488 RSP=ffffc90000497e08
R8 =0000000000000001 R9 =ffffed10056e7025 R10=ffff88802b73812b R11=0000000000000000
R12=0000000000000003 R13=ffff88801bb72440 R14=ffffffff901ce608 R15=0000000000000000
RIP=ffffffff8b13b2df RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88802b700000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000d6000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000000020030000 CR3=0000000066f68000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000a60ce07b 00000000cec3662e
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 7c27f25f5b89b599
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 4c35e35f4e6ea187
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 a33960866e59d546 caf2fc6e2897ba48
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000980
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000040
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 9f918bd29fb42b26 0000005c9fbc58fa
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0080010000800100 008001009fcc81c8
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000005c00800100 9fa2bb4a0000005c
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 008001000000005c 0000005c00800100
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0ec551410d82135d 0abe08c74a7b8588
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 9e0aae34155a7bc4 cae57c1156a5aea7
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 a54ff53a3c6ef372 bb67ae856a09e667
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 5be0cd191f83d9ab 9b05688c510e527f
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000