last executing test programs:

5.691085692s ago: executing program 3 (id=3547):
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wlan0\x00'})
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000440)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-cipher_null\x00'}, 0x58)
r1 = accept$alg(r0, 0x0, 0x0)
r2 = dup(r1)
write$FUSE_INIT(r2, &(0x7f0000000080)={0x4f}, 0xfffffdef)
setsockopt(r2, 0x1, 0x20, &(0x7f0000000040)="c04bfa0a", 0x4)
read$FUSE(r2, &(0x7f0000002000)={0x2020}, 0xfffffc7c)
ioctl$SNDCTL_DSP_GETODELAY(r2, 0x80045017, &(0x7f0000000200))
setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000012c0)={<r3=>0xffffffffffffffff})
sendmsg$inet(r3, &(0x7f0000000080)={0x0, 0xffffffc9, &(0x7f0000000040)=[{&(0x7f0000000000), 0x1}], 0x1}, 0x0)
sendmsg(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000005c0)='O', 0x1}], 0x1}, 0x0)
r4 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x256c, 0x6d, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0)
syz_usb_control_io$hid(r4, 0x0, 0x0)
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='devpts\x00', 0x0, 0x0)
mount$binder(0x0, &(0x7f0000000280)='./file0\x00', 0x0, 0xa0, &(0x7f00000000c0)=ANY=[@ANYBLOB="6d61783d3138343436373434303733378aaf3535313631322c00"])
syz_usb_control_io$hid(r4, &(0x7f0000001440)={0x24, 0x0, 0x0, &(0x7f0000000000)={0x0, 0x22, 0x6, {[@main=@item_4={0x3, 0x0, 0xa, "0c84b2ad"}, @main=@item_012={0x0, 0x0, 0x9}]}}, 0x0}, 0x0)
syz_usb_control_io$hid(r4, &(0x7f0000000500)={0x24, &(0x7f0000000180)={0x0, 0x22, 0x20, {0x20, 0x2, "3101b3223bb20271edb3a59f49572314fa9fc85643cb3bd25441b7961365"}}, &(0x7f0000000600)={0x0, 0x3, 0xd1, @string={0xd1, 0x3, "8296922fd400281df3026300f2392c32ea1eb057f6b696021ff857f1c29200bf8eb1bd6f3f4104d62f681351e76ea6cf2c91c0bac89f08740569b1e37399382a761b9d0957f148e4c1c0fda414467f303979a357e26860e45455efc3a4eee469c810d5117894781ce31295ee163784c37ac1f59e6ee694a083fc9b44f430e0c36df0ad9d1edaa68af0e7ef090af4f2f3eb3a1b14e5b6f5817e7f30f2ed963db5739e4e7461d3a3fbe2dd3d8713471d323a06a0f2642c74a4770b9f3af047ab8f786d4e3bea783fa40f7244dd0bb89b"}}, &(0x7f00000001c0)={0x0, 0x22, 0x2, {[@main=@item_012={0x1, 0x0, 0xc, 'Y'}]}}, &(0x7f0000000300)={0x0, 0x21, 0x9, {0x9, 0x21, 0x40, 0x61, 0x1, {0x22, 0xb64}}}}, &(0x7f0000000900)={0x2c, &(0x7f0000000700)={0x0, 0x13, 0x82, "f9190352d1577ce8055c722fbde111ed24b699b19f9899518fbed2c1c036f6dbe779813c4c03c31f989f1a271fec657365fb7cc7f529e0ef898788a2cf5ba1fb9634c8d8697f5fdca41e732c2723792abadefa4ea6ba2467e57ae5f6d2615a1d7eee2b6a6143c2a2c74675a754b4bb1885e3aa5b13e7d8411472fdac0ea7989afabd"}, &(0x7f00000007c0)={0x0, 0xa, 0x1, 0x3}, &(0x7f0000000800)={0x0, 0x8, 0x1, 0x7}, &(0x7f0000000840)={0x20, 0x1, 0x50, "171c0e3951731aceb107b13e8f6eaa5db3bb38e2fea76592f75938324c37447ab4cc5b673f927c97d496370bca28516f36aaa908521177a9fe73b22a8e2cbe3ab357af2adcb7d9b092f5dcb47423a19e"}, &(0x7f00000008c0)={0x20, 0x3, 0x1}})
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_io_uring_setup(0x740b, &(0x7f0000000200), 0x0, 0x0)
syz_io_uring_setup(0x32ac, &(0x7f0000000140), 0x0, 0x0)
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x0)
socket(0x10, 0x803, 0x0)
r5 = socket$packet(0x11, 0x2, 0x300)
socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={<r6=>0xffffffffffffffff})
getpeername$packet(r6, &(0x7f0000000000)={0x11, 0x0, <r7=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14)
sendmmsg(r5, &(0x7f0000005d40)=[{{&(0x7f0000000180)=@can={0x1d, r7}, 0x80, 0x0}}], 0x1, 0x0)

5.160923182s ago: executing program 2 (id=3553):
r0 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1edb23610000000109022d0101100000000904000003fe03010009cd8d1f0002000000"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
ioctl$EVIOCGMASK(r1, 0x80015b11, 0x0)

5.040299324s ago: executing program 1 (id=3555):
socket(0x2, 0x2, 0x0)
syz_open_dev$ndb(&(0x7f0000000080), 0x0, 0x44000)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000d40), 0x0, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000670000000500000095"], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x80000000}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r1}, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = getpid()
process_vm_readv(r2, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x0, 0x81, 0xfff, 0x9}, 0x48)
r3 = socket$inet_smc(0x2b, 0x1, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r6 = openat$cuse(0xffffffffffffff9c, 0x0, 0x2, 0x0)
fcntl$setstatus(r6, 0x4, 0x0)
r7 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r7, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast})
write$tun(r5, &(0x7f0000000300)=ANY=[], 0xc2)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r8=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000040)={'macsec0\x00', <r9=>0x0})
sendmsg$nl_route(r4, &(0x7f0000000880)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000004c0)=ANY=[@ANYBLOB="34000000100001040000000000000000002fee6e000000a3b2774947f7cbd91f5a7fa57bdaf4c107ccf0ecadd4daa45940a96be81792ea954f42e4c9cf3e4fe6c28a374d1cff45981ca987d2583b65c527ef248f76fd7a02dbf6f0decf01d92019d5c273b04245b45703a8b5d4c8", @ANYRES32=r9, @ANYBLOB="80480000000000001400140074756c6c3000"/28], 0x34}}, 0x0)
setsockopt$inet_mreqsrc(r3, 0x0, 0x27, &(0x7f0000000000)={@multicast2, @loopback, @empty}, 0xc)
close(r3)
r10 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r10, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000040)=@deltfilter={0x7c, 0x2d, 0x200, 0x70bd28, 0x25dfdbfc, {0x0, 0x0, 0x0, r9, {0x3, 0xffff}, {0x8, 0xd}, {0xa, 0xfff3}}, [@filter_kind_options=@f_bpf={{0x8}, {0x38, 0x2, [@TCA_BPF_OPS={{0xffffffffffffff14, 0x4, 0x5}, {0x2c, 0x5, [{0x7, 0x66, 0xfa, 0x7}, {0x9, 0x81, 0x0, 0x100}, {0x800, 0x4, 0x5, 0x6}, {0xd82b, 0x7, 0xbe, 0x1}, {0x9, 0x9, 0x9}]}}]}}, @TCA_CHAIN={0x8, 0xb, 0xb}, @TCA_RATE={0x6, 0x5, {0xc, 0xff}}, @TCA_RATE={0x6, 0x5, {0x1, 0x77}}]}, 0x7c}}, 0x0)
r11 = socket$pppl2tp(0x18, 0x1, 0x1)
socket$nl_rdma(0x10, 0x3, 0x14)
ioctl$SIOCSIFMTU(r11, 0x8922, &(0x7f0000000000)={'lo\x00'})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1d, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x98, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2c, r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

3.954590465s ago: executing program 1 (id=3559):
r0 = io_uring_setup(0x497c, &(0x7f00000001c0)={0x0, 0x0, 0x10})
prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x3, 0x0)
openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_usb_connect(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400011b00000009040000022a3e740009058bff7f0000100109050b362f"], 0x0)
fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
sendmsg$key(0xffffffffffffffff, 0x0, 0x0)
fadvise64(0xffffffffffffffff, 0x0, 0x0, 0x4)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040), 0x6, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
r2 = socket$packet(0x11, 0x2, 0x300)
setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000280)={0x2, &(0x7f0000000240)=[{0x48, 0x0, 0x0, 0xfff00001}, {0x6}]}, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f00000005c0), 0xffffffffffffffff)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
fsopen(&(0x7f0000000000)='ubifs\x00', 0x1)
close_range(r0, 0xffffffffffffffff, 0x0)

3.494325301s ago: executing program 3 (id=3565):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r1)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000040)=@framed, &(0x7f0000000000)='GPL\x00'}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r2}, 0x10)
openat$iommufd(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x1})
ioctl$TUNSETLINK(r3, 0x400454cd, 0x308)
close(r0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000))
ioctl$SIOCSIFHWADDR(r0, 0x8914, &(0x7f0000000140)={'syzkaller0\x00', @random="171692e7f7ef"})

2.362118154s ago: executing program 0 (id=3568):
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x200000005c832, 0xffffffffffffffff, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = getpid()
r2 = socket$inet_sctp(0x2, 0x1, 0x84)
bind$inet(r2, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
sendto$inet(r2, &(0x7f0000000300)="ab", 0x34000, 0x0, &(0x7f0000000380)={0x2, 0x4e22, @local}, 0x10) (fail_nth: 2)
ioctl$BTRFS_IOC_ADD_DEV(r2, 0x5000940a, &(0x7f0000000300)={{}, "61fcc0d029bb3f7143155aa66c4690d2f5bb102883b7510cdb61103e04cf30bc7f624e2c1ba531204309fd1dd125ae72bad3feebaed5e8f2625de0ad9529e3e37e1e574b2e1c5904311259864ebb1d2ecd4a240b9b87c1fe6583d52a64e95d7d85775e2ad1386a66dcfa592939753fa9c2bc3343718cb3df357f3c1df41713a3c39ecce6237a39a6638bba5efcceabb2fc9ccb84b257d058cdfbcf288a2c2b142bc998cc148e34f1d5893e95423b9af95e5d841b0b75ead35165f1e0d72a68e08fd21478a10264c3737879a92de5832b4f2af73be0b2a0a07e75432f3a1bdc7d4dac6638f021f7d30a0b16298971026331fa412b4e339b2bd84921f6ab77a81d0eb5c424f6ed0ea72248ad2b49d1bc08519a055a80ef6e643880efaa2f892bbf8c94ccf90a6594356db4adb28c18fa82db3ec98b346fe448a237fd642257fd374e5b0c700a4f5445d1c96b67cb1f1e66f444d39f344dac58bb2a7e0f054d7ed56dd9a7ea8785494af6bf6d486390e6fbd2670ea6f7669bf7ee435c2e80a2b1c157e5c243046a6e4292b0c57f692b91dcddcd64f92136a96c32e9130abd594ec50c18f9df0a43add62622d85f0ab07f3aae8a4e96a3fef31648306c220519e3cb6b3865a7c88ce0fcc9e240324d2aa9a3d651b5ba5350feb91a1f1aa5b297f1f24c6c5ac72772bb6e8826d201f0c820896d7aeba95115166fef927863d11da1c8115c3de777fed87e80747b89008da724ac85fa674302bc19fd49fc7de8fe9b6998b5498b57e9d29520887a8d598b008275062a450a4b0830f58d022bd9be6c7747120b567af7ae4080fd42f9ba75368872df576d3cbd081e093ee0fc1957747f63b514fd5b73beef6d16d0ea56961f73917d012ba2d99225ab07fd7217944d665e21932a4c2886de00ec602e532e156c9555d07019ed5dd1a0735d5ba94c0e0ffb351993157b3bda7e8b6f62c5db871b0f31239467cc41125afc4d3c49682d05b10cb51fcf0d64cf11a159a59844c3a5879e7cd7347c6b157c0600344a60cd6c41a338d8358df76245d57e17745d49ed8e17f00c1ef8ca8969584f5d2e1bdc4b530546ff378506ebf92e27bb9f6b1600269577495c62d229e3715553b3696d36f7c1fd9b69a7c6309276f22a636b29eb938ff0293ef889510a63b8b4a936084d2edc3e1a67011f133c0cb78c9cdb219d72883d5a8915228689a2f3ee706392443d36044e5b4b652b67b76a29ced560c61a681095edc9d8f7705dc000738156ac085d770c90370fffd959b98a8a121629a427adc89a30702816fd508385506563c7a1c6dbc06e322e9a0bdb287ac7b30354ced54de0c2d3f604fd9a75af43b1f4f5b71cab1ab11638d1c844b0cd3063ff6cc0b3ac866b0453136ecfd94849061a8b4ae28142a2befec641866960db3dab39a59d5a0fdef9294c59df3b70c223560688f7fa50cccef1ac41b7590dae568bd6a19beafe2a9c4e1b65502cd4833781398c3d40d53d5f9c0c23a4a37d5c0c4488ac7c51ec6860e150ad1ca4c1555d7657ed56189bfa661278dd65a97dcac075c71a868f307d710fa5b46f88a93ea332f9af70b5596194a2fb052bf37b18873fc9389d47511864637463355227693ef87b63f4677ebf5ff980eaeb198b7404ccb332a381589968048ddc849349f68a5e3bb07e27bf4870f02558f70bf8bcd9d7431f0f0299c98c3b6c7a08f480ee4716b969cb30c19fb1410dd5e7f00ccfb74272f6e2be84acd6c23fcf3a5b441a96c22100ebffd50c4a043f749c23085db69b6f5bbbfb6e9f735f72249c2fb66feb38e05339b2d64ab978b4bcbba417f7de33872a1c5ec792de28edf97e01c23bb308978cc16bf763faadf0750ae8719828be1fb66471bc4152dba20c58ef044ac94de8c184b1dfe4cba5b6cec490010b42ec8d47fa75106683cf6ac73a93c55915137b0e1abd1536696a3dcd6f0ff4bf3fcac871f8cc182c8b77145159de5de94f7e00c7d407ee1748f7d9668d99bd5155d2876c8d32600810695c389f945094c133a8f24d0a8378aca4104568216e6a94fce6790b073de2cff9921947686e8b00170e476d6a4dfef4f4f3d7a4d6cae0b4617fc9feb8fa9996229fcdd65b72627bc09fe90373f594acb01bf95ac46e5b433ae9cec9852f463560028ff722746dc07d3d36377c69a0cd0e6a4d4d17f769723f07b5a01975a941bd754f316ae8c8ecd3eaa3d53710decab0f031a94b31263b20c94b3947d6fcb60d1bbf4f533278b3b3090237a6147b40191d2976b8ca41f603f3851c9490d90e17ff950a35532561497585424a41de572f11222148421be5ecb517f818e8b18585cf8efa44922b41785606b1ce0977c8979ab8f4d63b692ed82b7c19c1704ff898a4f60a4fee1bc7acc0de84292dc61b8947c2e21c5e100a894e2e827d88f487525880ce1160129d8eac572f6469d185cbffbe0dc380f5caca50ab8fbe83b26169582829cb4009d830c573317d785992170d8ae761cf772e2ff3436b5c0c5e983a8ca08ca3bbf8b97feb67f589cd9f365bb8fa9af0de4e45049c4c38d045f6dc3a897242cd053e7f2ca8d3e661b927eb4e925d403e3aa00a5ecacd625ae3e6a00a7f2b8dee65c7e85c21b44a0e542001f682b8e357b0e814230fc4fda54588dab23eb9592c27b57ad6562c38f2de4951c3d4ba3a212d3158e87392e309dc200745288f23e383f5247c787782f07be25e75fada776bdcbbea612eba776e0f5c526ba4f2a7f82105b7169ab02df8a63cf5ae6669860c5a310854f3ba54948fb19585508156a7767424859768ec97b4f15ec520c790c2d1a0dd66ffa4234790f448991c589c6aacd074cb9124b37ed5cba93bcfe6c2e71c95db609d53a6918689c3ef50ac1e37f691abd721414eeed4b902a97ff4c2fb0e4ff4a0f9f66f326b9d99c9740062087bde65534c0ab685ce3aeacf112d480daeba9ffef5a78ce0fa50498a1b69b8b3a0b560aa48ce4058ee9096bc04daf0fb49a802d12aeb3a7a548a80048679da57c57166515946416645139644ff8bd050969af5818cf646ad9c1f06c712052522ea1904438c49c9f4e7a7d0f876d2db550abf16edc8b2bf58ec32f07a35492da9e48f6ff46365618ce94f756f941aab723a1708aa9bb644bed1b454f444709eda31bb7a7dd936049673e7e0a7a871c998c35b61da9c9080d44839762e531a0b23ee1318336cb1732cbe598be252112ed8d4daa89f48aae624cdcd634d31da35b002e3419b3f217cd357a1120ab132c97d48001af906a3bed6e35b0b5a2a4d06230eacdda0f7285bd803f168988781c3e3fe46a8b5ffdbc8393830a442f83af9881687eb65722725043a8d67561403ca882bcfe454eeb42a4cb687ca235d917dabf30327ed391f74081a8be539fe2169b8a50a75039d9117875c214d20b74259d68e15c69d547358ffd4876e992453445fc3f478cf10efa4adda88b1502403c1411df21b37a212c11379ed29723318a0de92f8b27fb9600ba614c302b329ed47d228b4ee5ed7d3a82207237728ae7e92cc0b8aa4ed0fbd3fe1b67b2c0936cc554c8de7d8da511f80fcb7a7ae7109ca86e8dfd97447eee41f838911c430d5fa0a50dd8bf1424f76a38c60c27ccab6b8e790e20b38355693b60b84ed27628b07d940f16d85b261f33a73c841212c22bb10d7c3eb12dd451a70eccc4c8a85f124ec6fb372123adab3599e05e16c7428bb22151ef2e788b819b9ab8dfd7cb703333bc119d6a706953ca2fe05b8314a181f8d8cfae8a320e4a852e0a5b4555a39612ae5970b5ec10d5417e6c147f15f4e004f07912e14bc45e153524f1d128a02dc07e515239fc19d5147933d7144b62a14ff0bea1fc44522dc8d159efaf2b0ec0d70664ff9490bc6fac750baab08023ffa3ddd6d1d367b551e8045420dea8a2ed4a17ce510cd3137d9b127888674a2dc1221600ca3d5a18c10786d2fa722e4bb36746a774ecdd8ad507008d3fe81594b806c4468e6368cf994347440b5b7c03b5592194b5c89126b5b292af36594d0d4559f9c9c52472242e2c783ac3f6f74462ddeffebdc1f7f8eb9472f45582fdd9620fdc04a5b125ae5c1d7276c692e9e4e5e6b24f95f8e26aa34ed104d9f082de9ccb083c134d0ada95413855a11135b981e439b38d8899b493f8155d10e4cdddcfc44282b40c15e9dd68e4f166589ea9a4788668f7d9387e46ae58de0b774268dcd6532b4fa788d75c79efd1b0894a247a8bff20e110dfe6597e5a7a18433f0d155c61570c5fce79ddd81247207ccbf4498d1ccf334bb8beead1e55ccb0a70ede723364715edfde20db868caf39d698a69d533e5227db78b34d24f15b581a55fc5c1407622ace8739b8f684ccd5b2aa47925395f956450d60a2b73b97b8dd663fcd219ea3f04a99d0ab3cdfa61f6fcb9c2aa22d84752d9841c3de7e2a5bb0783fcc15bed860230e63ad3cd0400a8804d7a070db4b3b9e62d0884d38eae833e55635ee4d303194e4ba604072fe75029335c30da1f047e631a0e4c7dbc77b3d3516a8f606874bb5cfb6ba2b4ea25c933e02c86cf79b3e7a9c12f775933082d9b2a5bc5da75877054ca09d16738b5c6e7759c88e7e095b000dca18c6a4b64c52acc1d434badbb232f1a7b7778a5bf7de6d51fc3a5e21cf860a3bb5c3436b64661abf94a063fa07f1016c41006d72df3ba9ebe557498810207d30686ec4fdf4ef00aca5a83d5e176dfd554163c2eb4d0806626cc26400ac3694810109b02fd4d7f1a48570c1b330d29b2be1e7f94882430b3ae14907ae7122817282d2c4661ac24cddbe8aaed15a16b9a8b9310d264c3f6bafb4368d0ca638d15ed3b50fcfc164d38543e5d9c182c897f604fd8eeda1a96f3be94f3aaab944003fe38b33d89245d7e8d460a9f4386929146867741b37f08463f5a7e1e3a6ca4488fde971a7d1392a5eff88b753ad98605de91ee1fd5f20281111e15606e69db0818dad6413938a58440a4c50b3d909a962de9e20b6c9a8eacb05706c92644d7c31280d4998a8d4ba6a9525669ee22d24e1ca04daa9f54e006248fa2fe08e8ed56b52cfe125e705c87750170c43019e9545ce6589cc929637a96c98b74f6b15d3943ae805461f3dda5b29823229fd93d47103257cb8fb941c8a765163f56ebbc0484936b4aaf090217e6e46ba668e50435df80e82fe3db368e931fcddd5acd2ca07cdab8c6640a13cc7c4bc99b8db2d728a545782e4826cab66d9d8df30068f2939ad3f9547cb07e93c5c87f32bf55214ab7bc33152475de2018a02e41e22d0abedf2e792d0cbb0305079b3804106b42df1c4ce2a7b2fd510cbcfdad4f3f10f68e8ab2208ca3145775eff5f11889bca5811c1ffabd91526bf1b52ac3d97990baa8e29ba669bf3ffbe93c20cf7b7483303365d76afa52ce6d783d68dc0a4197e3f1b575e355d83a8f3bcbff052a6e6da2f7282c55a3e935f5f9106cf2168430e69ae0b721cd61f3f580bdd267369825dbc8b0cc444fc258d8fd79688a302b008ce89354791e01f1654b02ad94c6be66f280249b7a993e59a7b06d6b7cfcb860b80abcbbc0c76ee3e600e926e5bf443aa270b6a8f96d96f4604a98a28bc45ee6faf7394058756bc741131d79a8b0f02a1bb0b20a788178ad742cb866436644d76c5967d402a4c14933ba08c39d33f34db79641e000dde0f3760e48707c0277ad81200a7d49decdf035b54b0a89c56bc88066de63910aa74a08161ad3a09cbcd9b0a3c9cf5d73e1fec0f947bfba07501c31f12f59ed59d8b7863"})
sched_setscheduler(r1, 0x2, &(0x7f0000000200))
fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
socket$inet_tcp(0x2, 0x1, 0x0)
r3 = socket$inet(0x2, 0x2, 0x1)
setsockopt$inet_opts(r3, 0x0, 0x4, &(0x7f0000000000)="8907040400", 0x5)
setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, 0x0, 0x0)
sendmsg$inet(r3, &(0x7f0000000040)={&(0x7f0000000000)={0x2, 0x0, @multicast1}, 0x10, 0x0, 0x0, 0x0, 0x0, 0xe0000000}, 0x0)
sendto$inet6(0xffffffffffffffff, &(0x7f0000000080)="4c00000012001f15b9409b849ac00a00a5784002000000000000030038c88cc055c5ac27a6c5b068d0bf46d323452536005ad94a461cdbfee9bdb942352359a351d1ec0c", 0x44, 0x20000000, 0x0, 0x0)
ioctl$VIDIOC_S_EXT_CTRLS(0xffffffffffffffff, 0xc0205648, &(0x7f0000000100)={0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000040)={0x98f90b, 0xf4c, '\x00', @p_u16=&(0x7f00000000c0)}})
r4 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000140)={0x0, 0x1000}, 0x4)
r5 = socket$kcm(0x10, 0x0, 0x0)
sendmsg$kcm(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080), 0x0, 0x0, 0x0, 0x5865}, 0x0)
r6 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='ns\x00')
fchdir(r6)
socket$tipc(0x1e, 0x2, 0x0)

2.139246079s ago: executing program 1 (id=3569):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
sendmsg$TEAM_CMD_OPTIONS_SET(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000003c0)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000000000000000000000d00000008000100", @ANYRES32, @ANYBLOB="3c000280380001", @ANYRES32=r0, @ANYRESHEX=r0, @ANYRES16=r0, @ANYRES32=r0], 0x58}, 0x1, 0xf000}, 0x0)
r1 = getpid()
process_vm_readv(r1, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x36}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, 0x0, 0x0, 0x0)
syz_open_procfs$namespace(r1, 0x0)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000500)=ANY=[@ANYBLOB="68000000140001000000000000000000ac141400000000000000000000000000ac1414aa00"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000200000000597b0800c2fe08dbff0000000c00150000080000f517d5f9"], 0x68}}, 0x0)
r4 = socket$phonet(0x23, 0x2, 0x1)
sendmmsg$inet(r4, &(0x7f00000018c0)=[{{&(0x7f0000000140)={0x2, 0x0, @private}, 0x10, 0x0}}], 0x1, 0x0)
ioctl$KVM_NMI(r2, 0xae9a)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r5, &(0x7f00000035c0)={0x0, 0x0, &(0x7f0000003580)={&(0x7f0000000940)=@newsa={0x184, 0x10, 0x1, 0x0, 0x0, {{@in=@local, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {@in6=@loopback, 0x0, 0x6c}, @in6=@remote, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_aead={0x4c, 0x12, {{'gcm-aes-ce\x00'}}}, @algo_comp={0x48, 0x3, {{'deflate\x00'}}}]}, 0x184}}, 0x0)
r6 = socket$nl_sock_diag(0x10, 0x3, 0x4)
sendmsg$SOCK_DIAG_BY_FAMILY(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001400010000000000000cf67f1a"], 0x14}}, 0x0)
r7 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000240)={0x6, 0x3, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x90)
r8 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000080)={'syz_tun\x00', <r9=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000000c0)={r7, r9, 0x25, 0x0, @void}, 0x10)
io_uring_register$IORING_REGISTER_RING_FDS(0xffffffffffffffff, 0x14, &(0x7f0000004900)=[{0x3, 0x0, 0x0, &(0x7f0000000780)=[{&(0x7f0000000e40)=""/9, 0x9}, {&(0x7f0000000600)=""/149, 0x95}, {&(0x7f00000006c0)=""/181, 0xb5}], &(0x7f00000007c0)}, {0x3, 0x0, 0x0, &(0x7f0000000980)=[{&(0x7f0000000800)=""/25, 0x19}, {&(0x7f0000000840)=""/52, 0x34}, {&(0x7f0000000880)=""/217, 0xd9}], &(0x7f00000009c0)=[0x0, 0x0]}, {0xa, 0x0, 0x0, &(0x7f0000000d40)=[{&(0x7f0000000a00)=""/101, 0x65}, {&(0x7f0000000a80)=""/118, 0x76}, {&(0x7f0000000b00)=""/51, 0x33}, {&(0x7f0000000f00)=""/12, 0xc}, {&(0x7f0000000b80)=""/69, 0x45}, {&(0x7f0000000c00)=""/9, 0x9}, {&(0x7f0000001900)=""/4096, 0x1000}, {&(0x7f00000007c0)=""/25, 0x19}, {&(0x7f0000002900)=""/4096, 0x1000}, {&(0x7f0000000c80)=""/175, 0xaf}], &(0x7f0000000e00)=[0x0, 0x56c, 0x6, 0x8, 0xfe, 0x2000000000000000, 0xc161, 0x4]}, {0x2, 0x0, 0x0, &(0x7f0000000ec0)=[{&(0x7f0000001440)=""/43, 0x2b}, {&(0x7f0000000e80)=""/48, 0x30}], &(0x7f0000001400)=[0x9, 0x7f]}, {0x0, 0x0, 0x0, 0x0, &(0x7f0000001140)=[0x0, 0xc0, 0x4, 0x2, 0x7, 0x0]}, {0x4, 0x0, 0x0, &(0x7f0000001380)=[{&(0x7f0000001180)=""/17, 0x11}, {&(0x7f00000011c0)=""/143, 0x8f}, {&(0x7f0000001280)=""/48, 0x30}, {&(0x7f00000012c0)=""/137, 0x89}], &(0x7f00000013c0)=[0x40a, 0x4d]}, {0x0, 0x0, 0x0, &(0x7f00000017c0), &(0x7f0000001840)=[0x9, 0x2a0000, 0x1, 0x8, 0xe349, 0x3, 0x2, 0xc3, 0x9, 0xff]}], 0x7)
r10 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000000000000095000000000000002f0285fc7dcc65d38c2e346b4566cb1470fdaf829a6373f00442479a345ca1e9b3ffdd52ee044a2c8aeecfc433e507dcbbd3de5d8d2bcb551778fd1addd88d9ac5ee35163e04dce7b35b4b785a3969c914b9f1c066"], &(0x7f0000000580)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x5c, '\x00', r9, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x10000}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r10}, 0x10)
r11 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r11)
ptrace$pokeuser(0x6, r11, 0x358, 0xffff88806b13da00)

2.070956561s ago: executing program 2 (id=3570):
ioperm(0x0, 0x6, 0x4000004)
r0 = syz_open_procfs(0x0, &(0x7f00000008c0)='wchan\x00')
pread64(r0, 0x0, 0x0, 0x0)

2.070326358s ago: executing program 1 (id=3571):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x17, &(0x7f0000000140)={&(0x7f0000000040)=@bridge_getvlan={0x20, 0x72, 0x333, 0x0, 0x0, {}, [@BRIDGE_VLANDB_DUMP_FLAGS={0x8, 0x1, 0x2}]}, 0x20}}, 0x0)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, 0x0, 0x0)
add_key$keyring(&(0x7f0000000100), 0x0, 0x0, 0x0, 0xfffffffffffffffd)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae03, 0x4a)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r2 = dup(r1)
write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c)
r3 = socket$kcm(0x29, 0x0, 0x0)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r5, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r5, 0x84, 0x6f, &(0x7f0000000000)={<r6=>0x0, 0x0, 0x0}, &(0x7f0000000180)=0x10)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r5, 0x84, 0x85, &(0x7f0000000000)={r6, @in={{0x2, 0x0, @empty}}, 0x0, 0x7ffe}, 0x90)
setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(r5, 0x84, 0x15, &(0x7f00000000c0)={0x7}, 0x1)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r5, 0x84, 0x9, &(0x7f0000000280)={r6, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x0, 0x0, 0x2c}, 0x9c)
syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000bc0), r4)
sendmsg$NLBL_CIPSOV4_C_ADD(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000340)={0x0}}, 0x0)
r7 = socket$kcm(0xa, 0x5, 0x0)
ioctl$sock_SIOCSIFBR(r3, 0x8941, &(0x7f0000000140)=@get={0x1, &(0x7f00000001c0)=""/189, 0x23})
sendmsg$kcm(r7, &(0x7f00000017c0)={&(0x7f0000000040)=@in6={0xa, 0x0, 0x0, @private1}, 0x80, &(0x7f0000000540)=[{&(0x7f00000000c0)="7f", 0x1}], 0x1, &(0x7f0000000580)=[{0x18, 0x84, 0x0, "7f"}], 0x18}, 0x80c4)
close(r7)
r8 = memfd_create(&(0x7f0000000000)='e\xf4E\x88-\x00', 0x0)
pwritev(r8, &(0x7f0000000040), 0x0, 0x4000001, 0x0)
sendfile(r3, r8, 0x0, 0x8000fb00)

1.980006205s ago: executing program 2 (id=3572):
r0 = socket$inet(0xa, 0x801, 0x84)
ioctl$int_in(r0, 0x5452, &(0x7f0000000280)=0x32d)
connect$inet(r0, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10)
listen(r0, 0xfff7fffd)
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f00000001c0)={0x2005, 0xfffffffd, 0x0, 'queue0\x00'})
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000002, 0x50032, 0xffffffffffffffff, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='memory.current\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f00000006c0), 0x208e24b)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xb, 0xe, &(0x7f0000000800)=ANY=[@ANYBLOB="b702000007000000bfa30000000000000703000000feffff7a0af0ff1200000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010001010404000015000000b7030000000000006a0a00fe000000008500000032000000b700000001000000950000000000000075cdc4b57b0c65752a3ad50000007ddd0000cb4500639100002000000000000000ff7f0000b52f17cee19d0001000000000000000000cb04fcbb0b9bafe3ba431351a58a885ba9918d37b056b9bbd11b6b9f6cf7db6d574620260000000000008062d77e84cef4a2ab938f65aac33c4d620de2c9b7dc10d7d313f9f57606b83b994fb484510bef2e4872f5c2fe6faaf75e5cc4051ade12f41deff6df6a936b4ec3827c739bb39aad16cc75fe369258673b5df11cc2afb53611cc32a790bc0b80e80eae8f5e64be2c9d2d29db3d36cd015c7bd3f15aa6aadbeab2a01685108e61aa000000000000000000000000008b798b4f7458d1863cc67c4c6a06e828e5216f601b19db1af1b5d356d0f062137d866d11be4ba3f0151fdbbd4e97d62ecc645e143a60f10800000000000000826151a8cc245cc5a4de925ca2a730a00c87c493dbfa60e63fda97a29682881eb8c9cfa72b08eecc952a3fd2c46f3c1cde71a19d1a2982492a210e00d2bfea3b8d188df2eff8d56aaae7d32a2e183722537395019f02ec4b85f6aad7faca088de9b26797a8446b16c28d85f225992dbdd5bb01ba51508951c7a7d6ca0916c3a12912715649c2b1c75e0cf2f94b13ecb66d20e48d192a4251b59d378d0616a48c7957e122665c8b7e89eddfc3783f6c9129a7c5f8ee5f50579e2f638f7eb12f63be72a3d817b324d6e417b1c2cbfdcada0a16e31790e26cf19588a7e0496ee2782224cf30f810da86cf1a3204f4c9404f5d7321a4fefc4d1c9139ca4b65b99909950000006b42077ca60fdecb2717e21f8f187b1866108b6e8c71e26032176066599783568628f0309c3afa716d3706e1fa89917e131f4034a8383e99c3568fd04201b37cd92ca6ebf94a2d8310f7032775cfd75652f87b039d5430b3c6643e9146d2478ce31344b554aca78a0000000000000010c65608fda6ed5d08e7a796042aa127d8740e5787d0347aa37801faff5b9050803a19ff6205aa5c263e407a2f7de57f9c4af1e094fa4e3f05528c2a165996efaab5a430c08dd810bc97204b767dd969721a26aa74"], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1f, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0x4000}, 0x8, 0x10, &(0x7f0000000100), 0x10}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r3, 0x1f2f, 0xf, 0x3ce, &(0x7f00000007c0)="9f44948721919580684010a40800", 0x0, 0x241, 0x0, 0xb1, 0x0, &(0x7f0000000700)="389ceff69d08b0af1cc71b6262d50660bbaf31a7f8cd6a6f911beb65d5fe6b54bf21a66489121f24fefd198059288c9b735e1898e77a7469489a249292c02a72bc193a3008ebdbf4e9dd4ee8fcceef55402c913c8dd0ebece1330aaa93ece835c5044a246a5967e3acd7c950b3b19f351830e545eb9bc3a9c6dd22ce97f1f857cfe8b68a2370b69ea336006b589368f92deb68f3dfc6f2bfee09f8342da437fce5dcdf658e453e3132bb42067575318c39"}, 0x23)
r4 = userfaultfd(0x801)
ioctl$UFFDIO_REGISTER(r4, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x5})
ioctl$UFFDIO_CONTINUE(r4, 0xc020aa08, &(0x7f0000000000)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}})
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="300000002000010000000000002000000200000000000000000000000c001440b7"], 0x30}}, 0x0)
r6 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x0, &(0x7f0000000300)='qsr\x04uota')
chdir(&(0x7f0000000080)='./file1\x00')
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='net_prio.prioidx\x00', 0x275a, 0x0)
quotactl_fd$Q_SETQUOTA(r7, 0xffffffff80000801, 0xffffffffffffffff, &(0x7f00000000c0))
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f0000000340)={0x0, 0x0, 0x0, 'queue0\x00'})
ioctl$SNDRV_TIMER_IOCTL_GINFO(r6, 0xc0f85403, &(0x7f0000000040)={{0x1, 0x0, 0x0, 0x3}, 0x0, 0x0, 'id0\x00', 'timer1\x00'})
socket$nl_route(0x10, 0x3, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000900)={&(0x7f0000000140)=ANY=[@ANYBLOB="9f27d006b3b8dc7d0d4d58eb010018000000000000f6230000002400000007000000050000000000000800000000020000000000000801000000753300000000000d0000000000501f932e5f00"], 0x0, 0x43, 0x0, 0x0, 0x6}, 0x20)
setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, &(0x7f0000000080)={0x4}, 0x10)
write(0xffffffffffffffff, &(0x7f0000000040)="1c0000001a009b8a140000003b9b301f00"/28, 0x1c)

1.578940954s ago: executing program 2 (id=3573):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000180)='oom_adj\x00')
socket$packet(0x11, 0x2, 0x300)
write$sysctl(r2, &(0x7f0000000140)='5\x00', 0x2)
read$rfkill(r2, 0x0, 0x0)
recvmmsg(r0, 0x0, 0x0, 0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r1, &(0x7f0000000100)={0x20000014})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x30, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x80000}, 0x90)
bind$inet6(0xffffffffffffffff, &(0x7f000047b000)={0xa, 0x0, 0x0, @empty}, 0x1c)
listen(0xffffffffffffffff, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
recvfrom$unix(r0, &(0x7f0000000300)=""/237, 0xed, 0x40010000, &(0x7f0000000440)=@file={0x0, './file0\x00'}, 0x6e)
r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$TIPC_NL_BEARER_ENABLE(r3, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000400)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="011a000000000000000003000000200001800d0001006574683a68737230000000000c000280080003008000"], 0x34}}, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r5, 0x8933, &(0x7f0000000140)={'batadv0\x00', <r7=>0x0})
socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r8=>0xffffffffffffffff})
r9 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
setsockopt$sock_int(r9, 0x1, 0x10, &(0x7f0000000080)=0x9, 0x4)
bind$bt_hci(r9, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x2}, 0x6)
recvmmsg(r9, &(0x7f0000000a00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)
getpeername$packet(r8, &(0x7f0000000000)={0x11, 0x0, <r10=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040))
sendmsg$BATADV_CMD_GET_NEIGHBORS(r5, &(0x7f0000004340)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)={0x24, r6, 0x331, 0x0, 0x0, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r7}, @BATADV_ATTR_HARD_IFINDEX={0x8, 0x6, r10}]}, 0x24}}, 0x0)
ioperm(0x0, 0x6, 0x4000004)
r11 = syz_open_procfs(0x0, &(0x7f00000008c0)='wchan\x00')
pread64(r11, 0x0, 0x0, 0x0)

1.491847943s ago: executing program 3 (id=3574):
socket$netlink(0x10, 0x3, 0x15)
openat$procfs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/keys\x00', 0x0, 0x0)
add_key$fscrypt_provisioning(&(0x7f0000000040), &(0x7f0000000080)={'syz', 0x0}, &(0x7f0000000140)=ANY=[@ANYBLOB="0100000000000000006263646566676869026b6c6d6e75767778797a30313233343536"], 0x29, 0xffffffffffffffff)
r0 = syz_open_dev$cec(&(0x7f0000000100), 0x0, 0x0)
ioctl$CEC_ADAP_S_LOG_ADDRS(r0, 0xc05c6104, &(0x7f00000001c0)={"f2efe21e", 0x0, 0x6, 0x4d, 0x0, 0x7, "2179d46fd08e3c0ced34c7d0c7e6d7", "7ca24a13", "5161dc20", "a2d1d4a2", ["1af0b1ba1cb8fd54c9c9b587", "bed0f3d6ce7a5f7389827f04", "33af343c60abc64f2fdc9ddf", "9b3842fc63849f62b6eb1c3c"]})
r1 = syz_open_dev$cec(&(0x7f0000000d00), 0x0, 0x0)
ioctl$CEC_TRANSMIT(r1, 0xc0386105, &(0x7f0000000d40)={0x0, 0x0, 0x4, 0x0, 0x0, 0x4063, "57c1169b6664ea61326ac71ae7213059"})
r2 = socket$inet6(0xa, 0x806, 0x0)
bind$inet6(r2, &(0x7f0000000100)={0xa, 0x4e23}, 0x1c)
listen(r2, 0x3)
r3 = socket$inet_dccp(0x2, 0x6, 0x0)
connect$inet(r3, &(0x7f0000772000)={0x2, 0x4e23}, 0x10)
r4 = accept4(r2, 0x0, 0x0, 0x0)
sendmmsg(r4, &(0x7f0000001940)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000940)=ANY=[], 0x10}}], 0x1, 0x0)
r5 = syz_open_dev$cec(&(0x7f0000000000), 0x0, 0x0)
r6 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
ioctl$EVIOCGNAME(r6, 0x80404506, &(0x7f00000000c0)=""/144)
r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$SO_BINDTODEVICE(r7, 0x1, 0x19, &(0x7f0000000080)='bridge0\x00', 0x10)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
openat$null(0xffffffffffffff9c, &(0x7f0000000180), 0x4b558b34d36f1496, 0x0)
ioctl$CEC_ADAP_S_LOG_ADDRS(r5, 0xc05c6104, &(0x7f0000000340)={"6d71f879", 0x0, 0x0, 0x0, 0x0, 0x0, "244a18d1c4e6469a005caf0c0ff58a", "ce4250d8", "bf513d1d", "a6070ca7", ["040000f8ffffffffffffff4f", "5e10229555954b0f02cd1469", "cb0e83d3a15978145c38df4d", "79f56ca74227234da829edb7"]})
socket$pppl2tp(0x18, 0x1, 0x1)
close(0xffffffffffffffff)
socket$inet6_sctp(0xa, 0x801, 0x84)
sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0)
shutdown(0xffffffffffffffff, 0x1)
r8 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000340)={'bridge0\x00'})
socket(0x25, 0x80002, 0x0)

1.370908347s ago: executing program 3 (id=3575):
socket(0x2, 0x2, 0x0)
syz_open_dev$ndb(&(0x7f0000000080), 0x0, 0x44000)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000d40), 0x0, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000670000000500000095"], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x80000000}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r1}, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = getpid()
process_vm_readv(r2, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x0, 0x81, 0xfff, 0x9}, 0x48)
r3 = socket$inet_smc(0x2b, 0x1, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r6 = openat$cuse(0xffffffffffffff9c, 0x0, 0x2, 0x0)
fcntl$setstatus(r6, 0x4, 0x0)
r7 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r7, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast})
write$tun(r5, &(0x7f0000000300)=ANY=[], 0xc2)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r8=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000040)={'macsec0\x00', <r9=>0x0})
sendmsg$nl_route(r4, &(0x7f0000000880)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000004c0)=ANY=[@ANYBLOB="34000000100001040000000000000000002fee6e000000a3b2774947f7cbd91f5a7fa57bdaf4c107ccf0ecadd4daa45940a96be81792ea954f42e4c9cf3e4fe6c28a374d1cff45981ca987d2583b65c527ef248f76fd7a02dbf6f0decf01d92019d5c273b04245b45703a8b5d4c8", @ANYRES32=r9, @ANYBLOB="80480000000000001400140074756c6c3000"/28], 0x34}}, 0x0)
setsockopt$inet_mreqsrc(r3, 0x0, 0x27, &(0x7f0000000000)={@multicast2, @loopback, @empty}, 0xc)
close(r3)
r10 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r10, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000040)=@deltfilter={0x7c, 0x2d, 0x200, 0x70bd28, 0x25dfdbfc, {0x0, 0x0, 0x0, r9, {0x3, 0xffff}, {0x8, 0xd}, {0xa, 0xfff3}}, [@filter_kind_options=@f_bpf={{0x8}, {0x38, 0x2, [@TCA_BPF_OPS={{0xffffffffffffff14, 0x4, 0x5}, {0x2c, 0x5, [{0x7, 0x66, 0xfa, 0x7}, {0x9, 0x81, 0x0, 0x100}, {0x800, 0x4, 0x5, 0x6}, {0xd82b, 0x7, 0xbe, 0x1}, {0x9, 0x9, 0x9}]}}]}}, @TCA_CHAIN={0x8, 0xb, 0xb}, @TCA_RATE={0x6, 0x5, {0xc, 0xff}}, @TCA_RATE={0x6, 0x5, {0x1, 0x77}}]}, 0x7c}}, 0x0)
r11 = socket$pppl2tp(0x18, 0x1, 0x1)
socket$nl_rdma(0x10, 0x3, 0x14)
ioctl$SIOCSIFMTU(r11, 0x8922, &(0x7f0000000000)={'lo\x00'})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1d, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x98, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2c, r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

1.250766458s ago: executing program 0 (id=3576):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000700)={0x18, 0x3, &(0x7f0000000300)=ANY=[@ANYRESDEC=0x0], &(0x7f00000000c0)='syzkaller\x00'}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r0}, 0x10)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000180)='tlb_flush\x00', r1}, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = getpid()
process_vm_readv(r2, &(0x7f0000008400)=[{&(0x7f0000000340)=""/69, 0x623c41ea}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
r3 = socket$inet6(0xa, 0x2, 0x0)
shutdown(r3, 0x0)
syz_open_dev$usbfs(&(0x7f0000000480), 0x77, 0x101641)
fgetxattr(0xffffffffffffffff, 0x0, &(0x7f0000000240)=""/145, 0x91)
openat$loop_ctrl(0xffffff9c, 0x0, 0x0, 0x0)
r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/address_bits', 0x0, 0x44)
ioctl$SNDRV_TIMER_IOCTL_STOP(r4, 0x54a1)
socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0)
ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(r5, 0x80041285, &(0x7f0000001080))
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
r6 = syz_clone(0x80000, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x0, 0x13, 0xffffffffffffffff, 0x0)
ptrace(0x10, r6)
ptrace(0x8, r6)
wait4(0x0, 0x0, 0x0, 0x0)

1.069111777s ago: executing program 1 (id=3577):
r0 = socket$alg(0x26, 0x5, 0x0)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r1 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
shmget$private(0x0, 0x4000, 0x54001800, &(0x7f0000000000/0x4000)=nil)
shmat(0x0, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffcfff)
mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x1, 0x0, 0x0, 0x0)
syz_emit_ethernet(0xbe, &(0x7f00000000c0)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x2f, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, {0x2001, 0x0, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "dbdd9ede7e2313a7a23925f03dbbcf5cde982cab6b38bf7b463ae5f42c35dd1d", "6a7710ebcf02000000000000002e3502b74659d7dbde072d61b6238412ad5f1a0a4f358515e4d90000009e5126806f68", "dd72b3bd460f4ebd662f8cd823dfd0d963970deffa6dd57d8176d2b5", {"4e3bc06c34c945e45e27e747494b407f", "256d9ddc3e6e1f7c5f7b4c5e69c1dd72"}}}}}}}, 0x0)
sendmsg$alg(r1, 0x0, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f0000000740)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000cc0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a5c000000090a0300000000000000000000000000080005400000000208000a40000000000900010073797a3000000000200009801c0002800c00018008000140000000069bff0180080001400000006b090002"], 0x84}}, 0x0)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000), 0x0}, 0x38)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x9, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x0, 0x3, 0x2, 0x1, 0xc}]}, &(0x7f0000000080)='syzkaller\x00', 0x4, 0x98, &(0x7f00000000c0)=""/152}, 0x80)
socket$packet(0x11, 0x3, 0x300)
r3 = openat$capi20(0xffffffffffffff9c, &(0x7f0000002540), 0x0, 0x0)
ioctl$CAPI_GET_ERRCODE(r3, 0x80024321, 0x0)
syz_init_net_socket$ax25(0x3, 0x5, 0xcd)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOCTL_START_ACCEL_DEV(r5, 0x40096102, &(0x7f0000000100))
r6 = socket(0x200000000000011, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000000)={'bridge0\x00', <r7=>0x0})
sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)=ANY=[@ANYBLOB="4c00000010000304000000010000000000007400", @ANYRES32=r7, @ANYBLOB="00000000031201002c0012800b00010062726964676500001c000280050019000700000008000500010000000500170000000000"], 0x4c}, 0x1, 0x0, 0x0, 0x800}, 0x0)

715.821228ms ago: executing program 1 (id=3578):
r0 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1edb23610000000109022d0101100000000904000003fe03010009cd8d1f0002000000"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
ioctl$EVIOCGMASK(r1, 0x80015b11, 0x0)

572.207657ms ago: executing program 0 (id=3579):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
sendmsg$TEAM_CMD_OPTIONS_SET(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000003c0)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000000000000000000000d00000008000100", @ANYRES32, @ANYBLOB="3c000280380001", @ANYRES32=r0, @ANYRESHEX=r0, @ANYRES16=r0, @ANYRES32=r0], 0x58}, 0x1, 0xf000}, 0x0)
r1 = getpid()
process_vm_readv(r1, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x36}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, 0x0, 0x0, 0x0)
syz_open_procfs$namespace(r1, 0x0)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000500)=ANY=[@ANYBLOB="68000000140001000000000000000000ac141400000000000000000000000000ac1414aa00"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000200000000597b0800c2fe08dbff0000000c00150000080000f517d5f9"], 0x68}}, 0x0)
r4 = socket$phonet(0x23, 0x2, 0x1)
sendmmsg$inet(r4, &(0x7f00000018c0)=[{{&(0x7f0000000140)={0x2, 0x0, @private}, 0x10, 0x0}}], 0x1, 0x0)
ioctl$KVM_NMI(r2, 0xae9a)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r5, &(0x7f00000035c0)={0x0, 0x0, &(0x7f0000003580)={&(0x7f0000000940)=@newsa={0x184, 0x10, 0x1, 0x0, 0x0, {{@in=@local, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {@in6=@loopback, 0x0, 0x6c}, @in6=@remote, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_aead={0x4c, 0x12, {{'gcm-aes-ce\x00'}}}, @algo_comp={0x48, 0x3, {{'deflate\x00'}}}]}, 0x184}}, 0x0)
r6 = socket$nl_sock_diag(0x10, 0x3, 0x4)
sendmsg$SOCK_DIAG_BY_FAMILY(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001400010000000000000cf67f1a"], 0x14}}, 0x0)
r7 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000240)={0x6, 0x3, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x90)
r8 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000080)={'syz_tun\x00', <r9=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000000c0)={r7, r9, 0x25, 0x0, @void}, 0x10)
io_uring_register$IORING_REGISTER_RING_FDS(0xffffffffffffffff, 0x14, &(0x7f0000004900)=[{0x3, 0x0, 0x0, &(0x7f0000000780)=[{&(0x7f0000000e40)=""/9, 0x9}, {&(0x7f0000000600)=""/149, 0x95}, {&(0x7f00000006c0)=""/181, 0xb5}], &(0x7f00000007c0)}, {0x3, 0x0, 0x0, &(0x7f0000000980)=[{&(0x7f0000000800)=""/25, 0x19}, {&(0x7f0000000840)=""/52, 0x34}, {&(0x7f0000000880)=""/217, 0xd9}], &(0x7f00000009c0)=[0x0, 0x0]}, {0xa, 0x0, 0x0, &(0x7f0000000d40)=[{&(0x7f0000000a00)=""/101, 0x65}, {&(0x7f0000000a80)=""/118, 0x76}, {&(0x7f0000000b00)=""/51, 0x33}, {&(0x7f0000000f00)=""/12, 0xc}, {&(0x7f0000000b80)=""/69, 0x45}, {&(0x7f0000000c00)=""/9, 0x9}, {&(0x7f0000001900)=""/4096, 0x1000}, {&(0x7f00000007c0)=""/25, 0x19}, {&(0x7f0000002900)=""/4096, 0x1000}, {&(0x7f0000000c80)=""/175, 0xaf}], &(0x7f0000000e00)=[0x0, 0x56c, 0x6, 0x8, 0xfe, 0x2000000000000000, 0xc161, 0x4]}, {0x2, 0x0, 0x0, &(0x7f0000000ec0)=[{&(0x7f0000001440)=""/43, 0x2b}, {&(0x7f0000000e80)=""/48, 0x30}], &(0x7f0000001400)=[0x9, 0x7f]}, {0x0, 0x0, 0x0, 0x0, &(0x7f0000001140)=[0x0, 0xc0, 0x4, 0x2, 0x7, 0x0]}, {0x4, 0x0, 0x0, &(0x7f0000001380)=[{&(0x7f0000001180)=""/17, 0x11}, {&(0x7f00000011c0)=""/143, 0x8f}, {&(0x7f0000001280)=""/48, 0x30}, {&(0x7f00000012c0)=""/137, 0x89}], &(0x7f00000013c0)=[0x40a, 0x4d]}, {0x0, 0x0, 0x0, &(0x7f00000017c0), &(0x7f0000001840)=[0x9, 0x2a0000, 0x1, 0x8, 0xe349, 0x3, 0x2, 0xc3, 0x9, 0xff]}], 0x7)
r10 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000000000000095000000000000002f0285fc7dcc65d38c2e346b4566cb1470fdaf829a6373f00442479a345ca1e9b3ffdd52ee044a2c8aeecfc433e507dcbbd3de5d8d2bcb551778fd1addd88d9ac5ee35163e04dce7b35b4b785a3969c914b9f1c066"], &(0x7f0000000580)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x5c, '\x00', r9, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x10000}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r10}, 0x10)
r11 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r11)
ptrace$pokeuser(0x6, r11, 0x358, 0xffff88806b13da00)

429.672035ms ago: executing program 0 (id=3580):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CAP_HALT_POLL(r0, 0x4068aea3, &(0x7f00000000c0)={0xb6, 0x0, 0x7fffffffffffffff})

429.177098ms ago: executing program 0 (id=3581):
r0 = socket$nl_route(0x10, 0x3, 0x0)
syz_io_uring_setup(0x4b02, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000040), &(0x7f0000000140))
syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_SENDMSG={0x9, 0x40, 0x0, r0, 0x0, 0x0})
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
r1 = getpid()
r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/cgroup.procs\x00', 0x2, 0x0)
read(r2, &(0x7f0000000080)=""/1, 0x1)
write$cgroup_pid(r2, &(0x7f00000000c0)=r1, 0x12)
mknodat$null(r2, &(0x7f0000000180)='./cgroup.cpu/cgroup.procs\x00', 0x2, 0x103)
close(r2)
r3 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000bc0), 0x0, 0x0)
ioctl$VFAT_IOCTL_READDIR_SHORT(r3, 0x541b, 0x0)
r4 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'veth0\x00'})
sendmsg$TEAM_CMD_OPTIONS_SET(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x1, 0xf000}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008d}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f00000005c0)=ANY=[@ANYBLOB="1c0000001e000100"/20, @ANYRES32=0x0, @ANYBLOB="6a797fb77fe104319539b9b01c84163c0405b8055362b8e21fd3e5071da70a2cd9515632167475f64838c6aef7ca98e4e611e8ff5d589a2bd15054f137429afe40ccfed5fcb8e6e35d224f12c91530d23eaaca13070e9264377063bf40a787d44c334c39325e665fe8a60224bb223e13b149a656e25bb61d4e818c0017fe8d8344f3020cfe4e143ff7a55af0f4e0d4f7e6a41fba456f115f5231039a322dee183d83a6160bce1415ead0b4d400919267eae5c3bdd4eee814eb58563c9e"], 0x1c}}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@bloom_filter={0x1e, 0x1, 0x0, 0x9, 0x911, r2, 0x5, '\x00', 0x0, r2, 0x5, 0x2, 0x2, 0x5}, 0x4)
r6 = socket$netlink(0x10, 0x3, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="000000000006000008000a00", @ANYRES32=0x0, @ANYBLOB="08001b0000000000"], 0x30}}, 0x0)
ioctl$sock_SIOCBRDELBR(r6, 0x89a2, &(0x7f0000000000)='bridge0\x00')
openat(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/pids.max\x00', 0x301002, 0x80)
openat(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.cpu/cgroup.procs\x00', 0x2, 0x0)
r8 = syz_open_dev$tty20(0xc, 0x4, 0x1)
r9 = dup(r8)
ioctl$TCSETAF(r9, 0x5408, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x3f, 0x0, "00efffffff00"})

410.135748ms ago: executing program 3 (id=3582):
clock_nanosleep(0x12, 0x0, 0x0, 0xfffffffffffffffe)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f0000000100)='GPL\x00', 0x80074e, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, 0x2}, 0x90)
r1 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f0000000040)={0x5}, 0x10)
sendmsg$nl_route(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="1c1d00001a0010002dbd700002dcdf258014104d0000fd0a00130000"], 0x1c}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r0}, 0x10)
r2 = syz_open_dev$dri(&(0x7f0000000540), 0x5, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000580), 0x20, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r3, 0xc04064a0, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000080)={&(0x7f0000000000)=[0x0], 0x1})
ioctl$DRM_IOCTL_MODE_LIST_LESSEES(r3, 0xc01064c7, &(0x7f0000000440)={0x0, 0x0, 0x0})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000004c0)=ANY=[], 0x2c}}, 0x240040c5)
r5 = getpid()
process_vm_readv(r5, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
openat$vcsu(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000008c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1}, 0x48)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000b80)={@map=0x1, 0x2f, 0x0, 0x6588e010, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
open(0x0, 0x0, 0x0)
r6 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
symlinkat(&(0x7f00000000c0)='./file1\x00', r6, &(0x7f0000000100)='./file1\x00')
open(&(0x7f0000000000)='.\x00', 0x0, 0x0)

301.162091ms ago: executing program 2 (id=3583):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'bridge_slave_1\x00', <r1=>0x0})
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f00000009c0)={0x0, 0xa00, &(0x7f0000000100)={&(0x7f0000000a00)=@newlink={0x28, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, r1}, [@IFLA_PROTO_DOWN={0x5}]}, 0x28}}, 0x0)

70.828668ms ago: executing program 2 (id=3584):
socket$nl_netfilter(0x10, 0x3, 0xc)
unshare(0x68040200)
socket$inet6_sctp(0xa, 0x5, 0x84)
r0 = socket$inet6_sctp(0xa, 0x0, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000380)}, 0x0)
r1 = syz_open_dev$sndpcmc(&(0x7f0000000000), 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_HW_REFINE(r1, 0xc2604110, &(0x7f0000000040)={0x0, [[0x9ef9], [0x1000000], [0xfb]]})
socket$inet(0x2, 0x0, 0x0)
pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
r3 = fcntl$dupfd(r2, 0x408, 0xffffffffffffffff)
signalfd4(r3, &(0x7f0000000000), 0x8, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$ipvs(&(0x7f00000001c0), 0xffffffffffffffff)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
openat2(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0xe0400, 0x14, 0x14}, 0x18)
sendmsg$IPVS_CMD_NEW_DAEMON(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000004c0)={0x3c, r4, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_DAEMON={0x28, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'bridge0\x00'}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x2}]}]}, 0x3c}}, 0x0)

7.35207ms ago: executing program 0 (id=3585):
syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x101301)
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
bind$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x40000000008b}, 0x0)
r0 = gettid()
r1 = socket$inet(0x2, 0x0, 0x0)
setsockopt$inet_mreqn(r1, 0x0, 0x27, &(0x7f0000000000)={@multicast1, @local}, 0xc)
r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/mcfilter\x00')
preadv(r2, &(0x7f00000002c0)=[{&(0x7f00000001c0)=""/234, 0xea}], 0x1, 0x61, 0x0)
r3 = socket(0x11, 0xa, 0xd)
syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmmsg$alg(r3, 0x0, 0x0, 0x8011)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
set_mempolicy(0x0, 0x0, 0x0)
syz_open_dev$video4linux(&(0x7f0000000080), 0x3, 0x101800)
r5 = syz_genetlink_get_family_id$nbd(&(0x7f0000000880), 0xffffffffffffffff)
sendmsg$NBD_CMD_RECONFIGURE(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)={0x1c, r5, 0x1, 0x0, 0x0, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x1c}}, 0x0)
ioprio_get$pid(0x3, r0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r6 = getpid()
sched_setscheduler(r6, 0x2, &(0x7f0000000100)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
connect$unix(r7, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r8, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r7, &(0x7f00000000c0), 0x0, 0x40000103, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)

0s ago: executing program 3 (id=3586):
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, <r1=>0x0}, &(0x7f0000000280)=0x5)
setreuid(0x0, r1)
r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0xf, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r2}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x3}, {0x85, 0x0, 0x0, 0x5}}, {}, [], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="580000001400192340834b", 0xb}, {&(0x7f00000002c0)="db6dfa07d8098bd2ced64ad5edc54382ee45da9203efd5732acfcc727b53d3079ed06ecae1342e4ec9c8283311dceddf89948d3ef84ff58ffb015760e03187c365999492cb07f544c5f8e72917b4af1e3e47b4655360c078947e62afae62d2ec31a3e0043a888d2096a4fe21b43cef30a6299fda9e752ea4ac9bd768a5a01356f8f5d1dae5c092d7f0fba15747b05104819751a787c6202cca9911ddff6f00ddc9997b", 0xa3}], 0x100000e0)
r3 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000000c0)=@newlink={0x3c, 0x10, 0x503, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @macsec={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_MACSEC_VALIDATION={0x5, 0xd, 0x3}]}}}]}, 0x3c}}, 0x0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22)
syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0)
r4 = io_uring_setup(0x4011, &(0x7f0000000180)={0x0, 0x6e42, 0x2000, 0x3, 0x3d7})
syz_io_uring_setup(0x8a5, &(0x7f0000000080)={0x0, 0xc524, 0x4, 0x0, 0x0, 0x0, r4}, &(0x7f0000000200)=<r5=>0x0, &(0x7f0000000140)=<r6=>0x0)
syz_io_uring_submit(r5, r6, &(0x7f0000000280)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index})
r7 = openat$vcs(0xffffffffffffff9c, &(0x7f0000001880), 0x400000, 0x0)
dup(r7)
r8 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r8, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r8, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r8, 0x6, 0x1f, &(0x7f00000001c0), 0x4)
setsockopt$inet6_tcp_TLS_TX(r8, 0x11a, 0x1, &(0x7f0000000140)=@gcm_256={{0x304}, "85406704bbcd6043", "898e9d750bfd000000000400", "a22300", "8ce3a39e3181899b"}, 0x38)
setsockopt$inet6_tcp_TLS_TX(r8, 0x11a, 0x2, &(0x7f0000000280)=@ccm_128={{0x304}, "3a997aae6644173f", "b9c0a8cd2707555d2fd4cc373ac51cf2", "1784fe44", "d3e69d47722a0439"}, 0x28)
ioctl$IOCTL_VMCI_VERSION2(r7, 0x7a7, &(0x7f0000000240)=0x10000)
r9 = socket$rxrpc(0x21, 0x2, 0xa)
sendmmsg(r9, &(0x7f0000000900)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x20}}], 0x1, 0x0)
setsockopt$RXRPC_SECURITY_KEY(r9, 0x110, 0x1, 0x0, 0x0)

kernel console output (not intermixed with test programs):

130.845948][T16555] usb usb8-port1: attempt power cycle
[ 1131.200548][ T6116] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1131.209336][ T6116] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1131.216169][ T6116] bond0 (unregistering): Released all slaves
[ 1131.228968][T16688] team0: Port device team_slave_1 added
[ 1131.284162][T16555] usb 8-1: new high-speed USB device number 46 using dummy_hcd
[ 1131.336139][T16555] usb 8-1: device descriptor read/8, error -71
[ 1131.343662][T16688] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1131.351572][T16688] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1131.364838][T16688] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1131.403009][T16688] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1131.407076][T16688] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1131.419483][T16688] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1131.558590][T16688] hsr_slave_0: entered promiscuous mode
[ 1131.562598][T16688] hsr_slave_1: entered promiscuous mode
[ 1131.566986][T16688] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1131.570580][T16688] Cannot create hsr debugfs directory
[ 1131.674108][ T6116] hsr_slave_0: left promiscuous mode
[ 1131.681522][ T6116] hsr_slave_1: left promiscuous mode
[ 1131.684777][ T6116] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1131.687916][ T6116] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1131.691664][ T6116] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1131.694626][ T6116] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1131.765342][T16555] usb 8-1: new high-speed USB device number 47 using dummy_hcd
[ 1131.783678][ T6116] veth1_macvtap: left promiscuous mode
[ 1131.786286][ T6116] veth0_macvtap: left promiscuous mode
[ 1131.789149][ T6116] veth1_vlan: left promiscuous mode
[ 1131.791998][ T6116] veth0_vlan: left promiscuous mode
[ 1131.795864][T16555] usb 8-1: device descriptor read/8, error -71
[ 1131.839440][ T5428] usb 6-1: new high-speed USB device number 44 using dummy_hcd
[ 1131.923734][T16555] usb usb8-port1: unable to enumerate USB device
[ 1131.956788][ T4766] Bluetooth: hci0: command tx timeout
[ 1132.006933][ T5428] usb 6-1: device descriptor read/64, error -71
[ 1132.295829][ T5428] usb 6-1: new high-speed USB device number 45 using dummy_hcd
[ 1132.456887][ T5428] usb 6-1: device descriptor read/64, error -71
[ 1132.588708][ T5428] usb usb6-port1: attempt power cycle
[ 1132.889877][   T39] kauditd_printk_skb: 70 callbacks suppressed
[ 1132.889891][   T39] audit: type=1400 audit(1722639707.447:9052): avc:  denied  { ioctl } for  pid=16720 comm="syz.0.3235" path="socket:[81264]" dev="sockfs" ino=81264 ioctlcmd=0x89fd scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[ 1132.945064][ T6116] team0 (unregistering): Port device team_slave_1 removed
[ 1133.041470][ T5428] usb 6-1: new high-speed USB device number 46 using dummy_hcd
[ 1133.070345][ T5428] usb 6-1: device descriptor read/8, error -71
[ 1133.070525][ T6116] team0 (unregistering): Port device team_slave_0 removed
[ 1133.336169][ T5428] usb 6-1: new high-speed USB device number 47 using dummy_hcd
[ 1133.365923][ T5428] usb 6-1: device descriptor read/8, error -71
[ 1133.485723][ T5428] usb usb6-port1: unable to enumerate USB device
[ 1133.879422][T16727] FAULT_INJECTION: forcing a failure.
[ 1133.879422][T16727] name failslab, interval 1, probability 0, space 0, times 0
[ 1133.885755][T16727] CPU: 2 UID: 0 PID: 16727 Comm: syz.3.3236 Not tainted 6.11.0-rc1-syzkaller-00233-g948752d2e010 #0
[ 1133.890390][T16727] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 1133.895064][T16727] Call Trace:
[ 1133.896542][T16727]  <TASK>
[ 1133.897882][T16727]  dump_stack_lvl+0x16c/0x1f0
[ 1133.899952][T16727]  should_fail_ex+0x497/0x5b0
[ 1133.901976][T16727]  ? fs_reclaim_acquire+0xae/0x160
[ 1133.904090][T16727]  should_failslab+0xc2/0x120
[ 1133.906025][T16727]  kmem_cache_alloc_noprof+0x6e/0x2f0
[ 1133.908426][T16727]  ? mas_alloc_nodes+0x176/0x860
[ 1133.910598][T16727]  mas_alloc_nodes+0x176/0x860
[ 1133.912647][T16727]  mas_node_count_gfp+0x105/0x130
[ 1133.914609][T16727]  mas_preallocate+0x3bb/0x1020
[ 1133.916498][T16727]  ? __pfx_mas_preallocate+0x10/0x10
[ 1133.918729][T16727]  ? anon_vma_name+0x75/0x100
[ 1133.920587][T16727]  __split_vma+0x474/0x11c0
[ 1133.922375][T16727]  ? __pfx___split_vma+0x10/0x10
[ 1133.924434][T16727]  ? __sanitizer_cov_trace_switch+0x54/0x90
[ 1133.926983][T16727]  ? percpu_counter_add_batch+0xb5/0x1e0
[ 1133.929394][T16727]  do_vmi_align_munmap+0x362/0x19c0
[ 1133.931654][T16727]  ? __pfx_do_vmi_align_munmap+0x10/0x10
[ 1133.933977][T16727]  do_vmi_munmap+0x231/0x410
[ 1133.935998][T16727]  do_munmap+0xb0/0xf0
[ 1133.937798][T16727]  ? __pfx_do_munmap+0x10/0x10
[ 1133.939882][T16727]  ? vfs_write+0x14d/0x1140
[ 1133.941783][T16727]  __do_sys_mremap+0xb84/0x1610
[ 1133.943954][T16727]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 1133.946578][T16727]  ? __pfx___do_sys_mremap+0x10/0x10
[ 1133.948891][T16727]  ? fput+0x32/0x390
[ 1133.950592][T16727]  ? ksys_write+0x1ab/0x260
[ 1133.952583][T16727]  ? __pfx_ksys_write+0x10/0x10
[ 1133.954678][T16727]  do_syscall_64+0xcd/0x250
[ 1133.956686][T16727]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1133.959237][T16727] RIP: 0033:0x7f697e5779f9
[ 1133.960984][T16727] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1133.968694][T16727] RSP: 002b:00007f697f2df048 EFLAGS: 00000246 ORIG_RAX: 0000000000000019
[ 1133.972336][T16727] RAX: ffffffffffffffda RBX: 00007f697e705f80 RCX: 00007f697e5779f9
[ 1133.975524][T16727] RDX: 0000000000001000 RSI: 0000000000002000 RDI: 0000000020fa4000
[ 1133.978951][T16727] RBP: 00007f697f2df0a0 R08: 0000000020fa2000 R09: 0000000000000000
[ 1133.982347][T16727] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000001
[ 1133.985666][T16727] R13: 000000000000000b R14: 00007f697e705f80 R15: 00007ffd25980038
[ 1133.989039][T16727]  </TASK>
[ 1134.036437][ T4766] Bluetooth: hci0: command tx timeout
[ 1134.041499][   T39] audit: type=1326 audit(1722639708.597:9053): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16730 comm="syz.3.3238" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f697e5779f9 code=0x7ffc0000
[ 1134.051468][   T39] audit: type=1326 audit(1722639708.597:9054): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16730 comm="syz.3.3238" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f697e5779f9 code=0x7ffc0000
[ 1134.064543][   T39] audit: type=1326 audit(1722639708.597:9055): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16730 comm="syz.3.3238" exe="/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f697e5779f9 code=0x7ffc0000
[ 1134.074789][   T39] audit: type=1326 audit(1722639708.597:9056): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16730 comm="syz.3.3238" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f697e5779f9 code=0x7ffc0000
[ 1134.084567][   T39] audit: type=1326 audit(1722639708.597:9057): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16730 comm="syz.3.3238" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f697e5779f9 code=0x7ffc0000
[ 1134.093951][   T39] audit: type=1326 audit(1722639708.597:9058): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16730 comm="syz.3.3238" exe="/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f697e5779f9 code=0x7ffc0000
[ 1134.104020][   T39] audit: type=1326 audit(1722639708.597:9059): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16730 comm="syz.3.3238" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f697e5779f9 code=0x7ffc0000
[ 1134.114570][   T39] audit: type=1326 audit(1722639708.597:9060): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16730 comm="syz.3.3238" exe="/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f697e5779f9 code=0x7ffc0000
[ 1134.124822][   T39] audit: type=1326 audit(1722639708.607:9061): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16730 comm="syz.3.3238" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f697e5779f9 code=0x7ffc0000
[ 1134.247751][T16748] Bluetooth: MGMT ver 1.23
[ 1134.405338][T16688] netdevsim netdevsim2 netdevsim0: renamed from eth0
[ 1134.411702][T16688] netdevsim netdevsim2 netdevsim1: renamed from eth1
[ 1134.425215][T16688] netdevsim netdevsim2 netdevsim2: renamed from eth2
[ 1134.430640][T16688] netdevsim netdevsim2 netdevsim3: renamed from eth3
[ 1134.494648][T16688] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1134.509039][T16688] 8021q: adding VLAN 0 to HW filter on device team0
[ 1134.516566][  T830] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1134.519592][  T830] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1134.531186][  T830] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1134.534357][  T830] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1134.555331][ T5862] usb 5-1: new high-speed USB device number 42 using dummy_hcd
[ 1134.593827][T16688] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1134.605992][T15774] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1134.610028][T15774] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1134.734020][T16688] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1134.750707][ T5862] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1134.756769][ T5862] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1134.760795][ T5862] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 1134.766613][ T5862] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1134.770070][ T5862] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1134.774236][T16688] veth0_vlan: entered promiscuous mode
[ 1134.775389][ T5862] usb 5-1: config 0 descriptor??
[ 1134.784831][T16688] veth1_vlan: entered promiscuous mode
[ 1134.810945][T16688] veth0_macvtap: entered promiscuous mode
[ 1134.816468][T16688] veth1_macvtap: entered promiscuous mode
[ 1134.831436][T16688] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1134.840837][T16688] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1134.844490][T16688] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1134.848825][T16688] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1134.852986][T16688] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1134.857260][T16688] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1134.862562][T16688] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1134.873168][T16688] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1134.878705][T16688] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1134.882794][T16688] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1134.887321][T16688] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1134.891367][T16688] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1134.896124][T16688] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1134.901484][T16688] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1134.911570][T16688] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1134.915047][T16688] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1134.919926][T16688] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1134.923606][T16688] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1134.928808][T16773] FAULT_INJECTION: forcing a failure.
[ 1134.928808][T16773] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1134.934679][T16773] CPU: 1 UID: 0 PID: 16773 Comm: syz.1.3250 Not tainted 6.11.0-rc1-syzkaller-00233-g948752d2e010 #0
[ 1134.939393][T16773] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 1134.944000][T16773] Call Trace:
[ 1134.945207][T16773]  <TASK>
[ 1134.946345][T16773]  dump_stack_lvl+0x16c/0x1f0
[ 1134.948509][T16773]  should_fail_ex+0x497/0x5b0
[ 1134.950509][T16773]  _copy_from_user+0x30/0xf0
[ 1134.952585][T16773]  memdup_user+0x71/0xd0
[ 1134.954401][T16773]  strndup_user+0x78/0xe0
[ 1134.955952][T16773]  __keyctl_dh_compute+0x285/0xf50
[ 1134.958216][T16773]  ? __pfx___lock_acquire+0x10/0x10
[ 1134.960609][T16773]  ? __pfx___keyctl_dh_compute+0x10/0x10
[ 1134.963016][T16773]  ? ksys_write+0x12f/0x260
[ 1134.964720][T16773]  ? __pfx_lock_release+0x10/0x10
[ 1134.966756][T16773]  keyctl_dh_compute+0xd3/0x140
[ 1134.968646][T16773]  ? __pfx_keyctl_dh_compute+0x10/0x10
[ 1134.971020][T16773]  ? ksys_write+0x1ab/0x260
[ 1134.973067][T16773]  ? __pfx_ksys_write+0x10/0x10
[ 1134.975219][T16773]  __do_sys_keyctl+0x4df/0x590
[ 1134.977127][T16773]  do_syscall_64+0xcd/0x250
[ 1134.979001][T16773]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1134.981708][T16773] RIP: 0033:0x7f2977f779f9
[ 1134.983533][T16773] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1134.991953][T16773] RSP: 002b:00007f2978c61048 EFLAGS: 00000246 ORIG_RAX: 00000000000000fa
[ 1134.996136][T16773] RAX: ffffffffffffffda RBX: 00007f2978105f80 RCX: 00007f2977f779f9
[ 1134.999915][T16773] RDX: 00000000200001c0 RSI: 0000000020000100 RDI: 0000000000000017
[ 1135.003644][T16773] RBP: 00007f2978c610a0 R08: 0000000020004400 R09: 0000000000000000
[ 1135.007303][T16773] R10: 0000000000000033 R11: 0000000000000246 R12: 0000000000000001
[ 1135.007318][T16773] R13: 000000000000000b R14: 00007f2978105f80 R15: 00007ffca015a6c8
[ 1135.007334][T16773]  </TASK>
[ 1135.104622][T15773] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1135.109526][T15773] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1135.160923][T14068] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1135.166868][T14068] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1135.189497][ T5862] plantronics 0003:047F:FFFF.004C: unknown main item tag 0x0
[ 1135.193773][ T5862] plantronics 0003:047F:FFFF.004C: unknown main item tag 0x0
[ 1135.197544][ T5862] plantronics 0003:047F:FFFF.004C: unknown main item tag 0x0
[ 1135.200952][ T5862] plantronics 0003:047F:FFFF.004C: unknown main item tag 0x0
[ 1135.204296][ T5862] plantronics 0003:047F:FFFF.004C: unknown main item tag 0x0
[ 1135.213153][ T5862] plantronics 0003:047F:FFFF.004C: unknown main item tag 0x0
[ 1135.217496][ T5862] plantronics 0003:047F:FFFF.004C: unknown main item tag 0x0
[ 1135.222564][ T5862] plantronics 0003:047F:FFFF.004C: unknown main item tag 0x0
[ 1135.226840][ T5862] plantronics 0003:047F:FFFF.004C: unknown main item tag 0x0
[ 1135.234102][ T5862] plantronics 0003:047F:FFFF.004C: unknown main item tag 0x0
[ 1135.239877][ T5862] plantronics 0003:047F:FFFF.004C: unknown main item tag 0x0
[ 1135.253448][ T5862] plantronics 0003:047F:FFFF.004C: unknown main item tag 0x0
[ 1135.258145][ T5862] plantronics 0003:047F:FFFF.004C: unknown main item tag 0x0
[ 1135.261196][ T5862] plantronics 0003:047F:FFFF.004C: unknown main item tag 0x0
[ 1135.264402][ T5862] plantronics 0003:047F:FFFF.004C: unknown main item tag 0x0
[ 1135.267536][ T5862] plantronics 0003:047F:FFFF.004C: No inputs registered, leaving
[ 1135.272911][ T5862] plantronics 0003:047F:FFFF.004C: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0
[ 1135.431177][T16784] syzkaller1: entered promiscuous mode
[ 1135.434147][T16784] syzkaller1: entered allmulticast mode
[ 1135.462333][T16784] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3223'.
[ 1135.495319][ T5862] usb 5-1: USB disconnect, device number 42
[ 1135.962119][T16793] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3257'.
[ 1136.115328][ T4766] Bluetooth: hci0: command tx timeout
[ 1136.443558][T16815] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3265'.
[ 1137.116600][T16555] usb 8-1: new high-speed USB device number 48 using dummy_hcd
[ 1137.307311][T16555] usb 8-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[ 1137.321992][T16555] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1137.328001][T16555] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1137.333638][T16555] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[ 1137.342706][T16555] usb 8-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[ 1137.347856][T16555] usb 8-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[ 1137.352190][T16555] usb 8-1: Manufacturer: syz
[ 1137.359290][T16555] usb 8-1: config 0 descriptor??
[ 1137.470037][T16832] FAULT_INJECTION: forcing a failure.
[ 1137.470037][T16832] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1137.476023][T16832] CPU: 2 UID: 0 PID: 16832 Comm: syz.1.3271 Not tainted 6.11.0-rc1-syzkaller-00233-g948752d2e010 #0
[ 1137.481098][T16832] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 1137.485945][T16832] Call Trace:
[ 1137.487465][T16832]  <TASK>
[ 1137.488867][T16832]  dump_stack_lvl+0x16c/0x1f0
[ 1137.491066][T16832]  should_fail_ex+0x497/0x5b0
[ 1137.493211][T16832]  _copy_to_user+0x30/0xc0
[ 1137.495756][T16832]  simple_read_from_buffer+0xd0/0x160
[ 1137.498939][T16832]  proc_fail_nth_read+0x1b0/0x290
[ 1137.501149][T16832]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1137.503790][T16832]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1137.506186][T16832]  vfs_read+0x1d4/0xbd0
[ 1137.507950][T16832]  ? __fdget_pos+0xeb/0x180
[ 1137.510204][T16832]  ? __pfx_vfs_read+0x10/0x10
[ 1137.512334][T16832]  ? __pfx___mutex_lock+0x10/0x10
[ 1137.514479][T16832]  ? __fget_files+0x256/0x400
[ 1137.516681][T16832]  ksys_read+0x12f/0x260
[ 1137.518603][T16832]  ? __pfx_ksys_read+0x10/0x10
[ 1137.520967][T16832]  do_syscall_64+0xcd/0x250
[ 1137.523558][T16832]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1137.526267][T16832] RIP: 0033:0x7f2977f7643c
[ 1137.528140][T16832] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8d 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8d 02 00 48
[ 1137.537993][T16832] RSP: 002b:00007f2978c61040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1137.541760][T16832] RAX: ffffffffffffffda RBX: 00007f2978105f80 RCX: 00007f2977f7643c
[ 1137.545386][T16832] RDX: 000000000000000f RSI: 00007f2978c610b0 RDI: 0000000000000004
[ 1137.548662][T16832] RBP: 00007f2978c610a0 R08: 0000000000000000 R09: 0000000000000000
[ 1137.551903][T16832] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1137.555964][T16832] R13: 000000000000000b R14: 00007f2978105f80 R15: 00007ffca015a6c8
[ 1137.559508][T16832]  </TASK>
[ 1137.654418][T16834] 9pnet_fd: Insufficient options for proto=fd
[ 1137.658592][T16834] tmpfs: Bad value for 'mpol'
[ 1137.775061][T16555] appleir 0003:05AC:8243.004D: unknown main item tag 0x0
[ 1137.779056][T16555] appleir 0003:05AC:8243.004D: No inputs registered, leaving
[ 1137.784843][T16555] appleir 0003:05AC:8243.004D: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.3-1/input0
[ 1138.048869][   T57] usb 8-1: USB disconnect, device number 48
[ 1138.212483][ T4766] Bluetooth: hci0: command tx timeout
[ 1138.378259][T16845] syzkaller1: entered promiscuous mode
[ 1138.380648][T16845] syzkaller1: entered allmulticast mode
[ 1138.413531][T16845] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3276'.
[ 1139.064067][T16855] xt_SECMARK: invalid security context 'system_u:object_r:devicekit_exec_t:s0'
[ 1139.142808][   T39] kauditd_printk_skb: 20 callbacks suppressed
[ 1139.142825][   T39] audit: type=1400 audit(1722639713.687:9082): avc:  denied  { map } for  pid=16850 comm="syz.3.3279" path="socket:[81679]" dev="sockfs" ino=81679 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[ 1139.183281][   T39] audit: type=1400 audit(1722639713.687:9083): avc:  denied  { read } for  pid=16850 comm="syz.3.3279" path="socket:[81679]" dev="sockfs" ino=81679 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[ 1139.567240][   T39] audit: type=1326 audit(1722639714.127:9084): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16860 comm="syz.0.3281" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f821d1779f9 code=0x7ffc0000
[ 1139.577659][   T39] audit: type=1326 audit(1722639714.127:9085): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16860 comm="syz.0.3281" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f821d1779f9 code=0x7ffc0000
[ 1139.593659][   T39] audit: type=1326 audit(1722639714.127:9086): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16860 comm="syz.0.3281" exe="/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f821d176390 code=0x7ffc0000
[ 1139.605958][   T39] audit: type=1326 audit(1722639714.127:9087): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16860 comm="syz.0.3281" exe="/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f821d1775fb code=0x7ffc0000
[ 1139.617093][   T39] audit: type=1326 audit(1722639714.127:9088): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16860 comm="syz.0.3281" exe="/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f821d1775fb code=0x7ffc0000
[ 1139.695503][   T39] audit: type=1326 audit(1722639714.127:9089): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16860 comm="syz.0.3281" exe="/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f821d1775fb code=0x7ffc0000
[ 1139.712653][   T39] audit: type=1326 audit(1722639714.127:9090): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16860 comm="syz.0.3281" exe="/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f821d1775fb code=0x7ffc0000
[ 1139.722438][   T39] audit: type=1326 audit(1722639714.247:9091): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16860 comm="syz.0.3281" exe="/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f821d1775fb code=0x7ffc0000
[ 1139.852113][ T5862] usb 5-1: new high-speed USB device number 43 using dummy_hcd
[ 1139.871357][T16865] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(4)
[ 1139.874042][T16865] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[ 1139.889233][T16865] vhci_hcd vhci_hcd.0: Device attached
[ 1139.912886][T16866] vhci_hcd: connection closed
[ 1139.915133][T15774] vhci_hcd: stop threads
[ 1139.925578][T15774] vhci_hcd: release socket
[ 1139.927609][T15774] vhci_hcd: disconnect device
[ 1140.051979][ T5862] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[ 1140.056850][ T5862] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[ 1140.061008][ T5862] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 1140.064955][ T5862] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1140.075643][T16861] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[ 1140.081952][ T5862] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[ 1140.305954][T16861] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[ 1140.341983][ T5429] usb 5-1: USB disconnect, device number 43
[ 1140.546012][T16872] syzkaller1: entered promiscuous mode
[ 1140.548564][T16872] syzkaller1: entered allmulticast mode
[ 1140.569807][T16872] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3285'.
[ 1141.410430][T16895] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3294'.
[ 1141.815377][ T5360] usb 6-1: new high-speed USB device number 48 using dummy_hcd
[ 1141.975440][ T5360] usb 6-1: device descriptor read/64, error -71
[ 1142.129473][ T5429] usb 8-1: new high-speed USB device number 49 using dummy_hcd
[ 1142.190929][T16910] syzkaller1: entered promiscuous mode
[ 1142.193876][T16910] syzkaller1: entered allmulticast mode
[ 1142.211221][T16910] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3299'.
[ 1142.255369][ T5360] usb 6-1: new high-speed USB device number 49 using dummy_hcd
[ 1142.353737][ T5429] usb 8-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[ 1142.363948][ T5429] usb 8-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[ 1142.368261][ T5429] usb 8-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 1142.373573][ T5429] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1142.393289][T16907] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[ 1142.417102][ T5429] usb 8-1: Quirk or no altset; falling back to MIDI 1.0
[ 1142.459391][ T5360] usb 6-1: device descriptor read/64, error -71
[ 1142.575532][ T5360] usb usb6-port1: attempt power cycle
[ 1142.673533][T16907] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[ 1142.714314][ T5429] usb 8-1: USB disconnect, device number 49
[ 1142.924323][T16918] syzkaller0: entered allmulticast mode
[ 1142.924410][T16920] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3303'.
[ 1143.008645][ T5360] usb 6-1: new high-speed USB device number 50 using dummy_hcd
[ 1143.036911][ T5360] usb 6-1: device descriptor read/8, error -71
[ 1143.155415][ T5396] Bluetooth: hci0: command 0x0405 tx timeout
[ 1143.258689][T16926] openvswitch: netlink: Either Ethernet header or EtherType is required.
[ 1143.315307][ T5360] usb 6-1: new high-speed USB device number 51 using dummy_hcd
[ 1143.356164][ T5360] usb 6-1: device descriptor read/8, error -71
[ 1143.385481][  T830] usb 5-1: new high-speed USB device number 44 using dummy_hcd
[ 1143.449159][T16931] syzkaller1: entered promiscuous mode
[ 1143.451874][T16931] syzkaller1: entered allmulticast mode
[ 1143.466615][T16931] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3308'.
[ 1143.475645][ T5360] usb usb6-port1: unable to enumerate USB device
[ 1143.599144][  T830] usb 5-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[ 1143.602544][  T830] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1143.606418][  T830] usb 5-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[ 1143.613566][  T830] usb 5-1: config 1 has no interface number 1
[ 1143.623245][  T830] usb 5-1: Duplicate descriptor for config 1 interface 0 altsetting 0, skipping
[ 1143.631764][  T830] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1143.636139][  T830] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1143.639737][  T830] usb 5-1: Product: syz
[ 1143.641575][  T830] usb 5-1: Manufacturer: syz
[ 1143.643680][  T830] usb 5-1: SerialNumber: syz
[ 1143.890910][  T830] usb 5-1: USB disconnect, device number 44
[ 1144.743402][T16946] syzkaller1: entered promiscuous mode
[ 1144.747215][T16946] syzkaller1: entered allmulticast mode
[ 1144.763488][T16946] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3312'.
[ 1144.900917][T16949] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3313'.
[ 1144.927931][   T39] kauditd_printk_skb: 142 callbacks suppressed
[ 1144.927947][   T39] audit: type=1326 audit(1722639719.477:9234): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16952 comm="syz.3.3314" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f697e5779f9 code=0x7ffc0000
[ 1144.946588][   T39] audit: type=1326 audit(1722639719.477:9235): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16952 comm="syz.3.3314" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f697e5779f9 code=0x7ffc0000
[ 1144.958987][   T39] audit: type=1326 audit(1722639719.487:9236): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16952 comm="syz.3.3314" exe="/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f697e576390 code=0x7ffc0000
[ 1144.969922][   T39] audit: type=1326 audit(1722639719.487:9237): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16952 comm="syz.3.3314" exe="/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f697e5775fb code=0x7ffc0000
[ 1144.980347][   T39] audit: type=1326 audit(1722639719.487:9238): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16952 comm="syz.3.3314" exe="/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f697e5775fb code=0x7ffc0000
[ 1144.990106][   T39] audit: type=1326 audit(1722639719.487:9239): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16952 comm="syz.3.3314" exe="/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f697e5775fb code=0x7ffc0000
[ 1145.001465][   T39] audit: type=1326 audit(1722639719.487:9240): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16952 comm="syz.3.3314" exe="/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f697e5775fb code=0x7ffc0000
[ 1145.046332][   T39] audit: type=1326 audit(1722639719.607:9241): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16952 comm="syz.3.3314" exe="/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f697e5775fb code=0x7ffc0000
[ 1145.117937][T16956] fuse: Unknown parameter 'f@'
[ 1145.126372][   T39] audit: type=1326 audit(1722639719.687:9242): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16952 comm="syz.3.3314" exe="/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f697e5775fb code=0x7ffc0000
[ 1145.135315][T16956] overlayfs: overlapping lowerdir path
[ 1145.153346][T16956] overlayfs: overlapping lowerdir path
[ 1145.205771][ T5328] usb 8-1: new high-speed USB device number 50 using dummy_hcd
[ 1145.279776][   T39] audit: type=1400 audit(1722639719.837:9243): avc:  denied  { getopt } for  pid=16959 comm="syz.2.3317" lport=48658 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1
[ 1145.358713][T16967] syz.1.3320: vmalloc error: size 4096, failed to allocate pages, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=syz1,mems_allowed=0-1
[ 1145.373453][T16967] CPU: 3 UID: 0 PID: 16967 Comm: syz.1.3320 Not tainted 6.11.0-rc1-syzkaller-00233-g948752d2e010 #0
[ 1145.378571][T16967] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 1145.383099][T16967] Call Trace:
[ 1145.384550][T16967]  <TASK>
[ 1145.385861][T16967]  dump_stack_lvl+0x16c/0x1f0
[ 1145.388540][T16967]  warn_alloc+0x24d/0x3a0
[ 1145.390729][T16967]  ? __pfx_warn_alloc+0x10/0x10
[ 1145.393045][T16967]  ? policy_nodemask+0xea/0x4e0
[ 1145.395281][T16967]  ? alloc_pages_mpol_noprof+0x2c1/0x610
[ 1145.397690][T16967]  ? __pfx_alloc_pages_mpol_noprof+0x10/0x10
[ 1145.400338][T16967]  ? __pfx___might_resched+0x10/0x10
[ 1145.402604][T16967]  __vmalloc_node_range_noprof+0x12b8/0x1520
[ 1145.404980][T16967]  ? kernel_clone+0xfd/0x980
[ 1145.406719][T16967]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[ 1145.409668][T16967]  ? trace_kmem_cache_alloc+0x2d/0xe0
[ 1145.412021][T16967]  ? kmem_cache_alloc_node_noprof+0x1a2/0x310
[ 1145.414724][T16967]  ? copy_process+0x4ba/0x8de0
[ 1145.417017][T16967]  ? kernel_clone+0xfd/0x980
[ 1145.418956][T16967]  copy_process+0x2f3b/0x8de0
[ 1145.420904][T16967]  ? kernel_clone+0xfd/0x980
[ 1145.423202][T16967]  ? __pfx___lock_acquire+0x10/0x10
[ 1145.425455][T16967]  ? __pfx_copy_process+0x10/0x10
[ 1145.427755][T16967]  ? __might_fault+0x13b/0x190
[ 1145.429828][T16967]  ? __pfx_lock_release+0x10/0x10
[ 1145.431993][T16967]  ? __pfx___might_resched+0x10/0x10
[ 1145.434357][T16967]  ? __might_fault+0xe3/0x190
[ 1145.436478][T16967]  ? _copy_from_user+0x5d/0xf0
[ 1145.438472][T16967]  kernel_clone+0xfd/0x980
[ 1145.440259][T16967]  ? ksys_write+0x12f/0x260
[ 1145.442060][T16967]  ? __pfx_kernel_clone+0x10/0x10
[ 1145.444005][T16967]  ? vfs_write+0x14d/0x1140
[ 1145.445790][T16967]  __do_sys_clone3+0x1f5/0x270
[ 1145.447903][T16967]  ? __pfx___do_sys_clone3+0x10/0x10
[ 1145.450211][T16967]  do_syscall_64+0xcd/0x250
[ 1145.452387][T16967]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1145.455422][T16967] RIP: 0033:0x7f2977f779f9
[ 1145.457432][T16967] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1145.465884][T16967] RSP: 002b:00007f2978c60f18 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3
[ 1145.469652][T16967] RAX: ffffffffffffffda RBX: 0000000000000058 RCX: 00007f2977f779f9
[ 1145.473324][T16967] RDX: 00007f2978c60f30 RSI: 0000000000000058 RDI: 00007f2978c60f30
[ 1145.477593][T16967] RBP: 00007f2978c610a0 R08: 0000000000000000 R09: 0000000000000058
[ 1145.481805][T16967] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1145.485597][T16967] R13: 000000000000000b R14: 00007f2978105f80 R15: 00007ffca015a6c8
[ 1145.489372][T16967]  </TASK>
[ 1145.490874][T16967] Mem-Info:
[ 1145.492424][T16967] active_anon:7703 inactive_anon:0 isolated_anon:0
[ 1145.492424][T16967]  active_file:5683 inactive_file:51975 isolated_file:0
[ 1145.492424][T16967]  unevictable:1768 dirty:654 writeback:0
[ 1145.492424][T16967]  slab_reclaimable:10739 slab_unreclaimable:71715
[ 1145.492424][T16967]  mapped:21116 shmem:5167 pagetables:1081
[ 1145.492424][T16967]  sec_pagetables:325 bounce:0
[ 1145.492424][T16967]  kernel_misc_reclaimable:0
[ 1145.492424][T16967]  free:509213 free_pcp:2873 free_cma:0
[ 1145.517499][T16967] Node 0 active_anon:30812kB inactive_anon:0kB active_file:22732kB inactive_file:207828kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:84464kB dirty:2616kB writeback:0kB shmem:17132kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:12048kB pagetables:4324kB sec_pagetables:1300kB all_unreclaimable? no
[ 1145.531059][T16967] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:72kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:3536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:80kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no
[ 1145.545917][T16967] Node 0 DMA free:15296kB boost:0kB min:328kB low:408kB high:488kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:64kB local_pcp:0kB free_cma:0kB
[ 1145.558238][T16967] lowmem_reserve[]: 0 1313 0 0 0
[ 1145.560191][T16967] Node 0 DMA32 free:382928kB boost:0kB min:28924kB low:36152kB high:43380kB reserved_highatomic:0KB active_anon:30812kB inactive_anon:0kB active_file:22732kB inactive_file:207828kB unevictable:3536kB writepending:2616kB present:2080628kB managed:1372148kB mlocked:0kB bounce:0kB free_pcp:6776kB local_pcp:1152kB free_cma:0kB
[ 1145.573842][T16967] lowmem_reserve[]: 0 0 0 0 0
[ 1145.577553][T16967] Node 1 Normal free:1638628kB boost:0kB min:38324kB low:47904kB high:57484kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:72kB unevictable:3536kB writepending:0kB present:2097152kB managed:1781924kB mlocked:0kB bounce:0kB free_pcp:4728kB local_pcp:2048kB free_cma:0kB
[ 1145.590048][T16967] lowmem_reserve[]: 0 0 0 0 0
[ 1145.591921][T16967] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 1*64kB (U) 1*128kB (U) 1*256kB (U) 1*512kB (U) 2*1024kB (U) 0*2048kB 3*4096kB (U) = 15296kB
[ 1145.598040][T16967] Node 0 DMA32: 2*4kB (UE) 8*8kB (E) 116*16kB (ME) 122*32kB (UME) 300*64kB (UME) 123*128kB (UME) 127*256kB (UME) 166*512kB (UME) 137*1024kB (UME) 15*2048kB (UM) 13*4096kB (M) = 382536kB
[ 1145.606675][T16967] Node 1 Normal: 5*4kB (UM) 8*8kB (UM) 7*16kB (UM) 27*32kB (UM) 19*64kB (UM) 24*128kB (UM) 12*256kB (U) 10*512kB (UM) 7*1024kB (U) 8*2048kB (UM) 391*4096kB (UM) = 1638628kB
[ 1145.614398][T16967] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1145.618445][T16967] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB
[ 1145.622365][T16967] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1145.626540][T16967] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1145.630801][T16967] 62825 total pagecache pages
[ 1145.633109][T16967] 0 pages in swap cache
[ 1145.634917][T16967] Free swap  = 123904kB
[ 1145.636896][T16967] Total swap = 124996kB
[ 1145.638803][T16967] 1048443 pages RAM
[ 1145.640457][T16967] 0 pages HighMem/MovableOnly
[ 1145.642535][T16967] 256085 pages reserved
[ 1145.644375][T16967] 0 pages cma reserved
[ 1145.748102][ T5328] usb 8-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[ 1145.756093][ T5328] usb 8-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[ 1145.761491][ T5328] usb 8-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 1145.767703][ T5328] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1145.807619][T16953] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[ 1145.837117][ T5328] usb 8-1: Quirk or no altset; falling back to MIDI 1.0
[ 1146.050141][T16953] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[ 1146.078990][  T830] usb 8-1: USB disconnect, device number 50
[ 1146.431849][T16995] autofs: Bad value for 'fd'
[ 1147.055422][T17007] FAULT_INJECTION: forcing a failure.
[ 1147.055422][T17007] name failslab, interval 1, probability 0, space 0, times 0
[ 1147.061195][T17007] CPU: 1 UID: 0 PID: 17007 Comm: syz.0.3328 Not tainted 6.11.0-rc1-syzkaller-00233-g948752d2e010 #0
[ 1147.065990][T17007] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 1147.070871][T17007] Call Trace:
[ 1147.072393][T17007]  <TASK>
[ 1147.073732][T17007]  dump_stack_lvl+0x16c/0x1f0
[ 1147.075895][T17007]  should_fail_ex+0x497/0x5b0
[ 1147.078016][T17007]  ? fs_reclaim_acquire+0xae/0x160
[ 1147.080281][T17007]  should_failslab+0xc2/0x120
[ 1147.082152][T17007]  __kmalloc_noprof+0xcb/0x400
[ 1147.084198][T17007]  ? audit_alloc+0xa3/0x7b0
[ 1147.086258][T17007]  security_task_alloc+0x1e4/0x280
[ 1147.088407][T17007]  copy_process+0x2509/0x8de0
[ 1147.090272][T17007]  ? __pfx___lock_acquire+0x10/0x10
[ 1147.092336][T17007]  ? __pfx_copy_process+0x10/0x10
[ 1147.094348][T17007]  ? __might_fault+0x13b/0x190
[ 1147.096017][T17007]  ? __pfx_lock_release+0x10/0x10
[ 1147.097653][T17007]  ? __pfx___might_resched+0x10/0x10
[ 1147.099517][T17007]  ? __might_fault+0xe3/0x190
[ 1147.101220][T17007]  ? _copy_from_user+0x5d/0xf0
[ 1147.102767][T17007]  kernel_clone+0xfd/0x980
[ 1147.104294][T17007]  ? ksys_write+0x12f/0x260
[ 1147.105845][T17007]  ? __pfx_kernel_clone+0x10/0x10
[ 1147.107578][T17007]  ? vfs_write+0x14d/0x1140
[ 1147.109166][T17007]  __do_sys_clone3+0x1f5/0x270
[ 1147.110904][T17007]  ? __pfx___do_sys_clone3+0x10/0x10
[ 1147.112870][T17007]  do_syscall_64+0xcd/0x250
[ 1147.114417][T17007]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1147.116507][T17007] RIP: 0033:0x7f821d1779f9
[ 1147.118363][T17007] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1147.125135][T17007] RSP: 002b:00007f821df86f18 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3
[ 1147.127952][T17007] RAX: ffffffffffffffda RBX: 0000000000000058 RCX: 00007f821d1779f9
[ 1147.131257][T17007] RDX: 00007f821df86f30 RSI: 0000000000000058 RDI: 00007f821df86f30
[ 1147.134303][T17007] RBP: 00007f821df870a0 R08: 0000000000000000 R09: 0000000000000058
[ 1147.137509][T17007] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1147.140069][T17007] R13: 000000000000006e R14: 00007f821d306130 R15: 00007ffeae029418
[ 1147.143282][T17007]  </TASK>
[ 1147.374398][T17019] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3332'.
[ 1147.551425][T17030] mac80211_hwsim hwsim39 wlan1: entered allmulticast mode
[ 1147.576560][T15773] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1147.580106][T15773] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1147.775306][ T5429] usb 6-1: new high-speed USB device number 52 using dummy_hcd
[ 1147.837997][T17040] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3339'.
[ 1147.884296][T17040] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3339'.
[ 1147.974540][ T5429] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[ 1147.979297][ T5429] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[ 1147.983537][ T5429] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 1147.987358][ T5429] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1147.994149][T17028] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[ 1148.000349][ T5429] usb 6-1: Quirk or no altset; falling back to MIDI 1.0
[ 1148.165345][  T830] usb 5-1: new high-speed USB device number 45 using dummy_hcd
[ 1148.231221][T17028] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[ 1148.273393][T16554] usb 6-1: USB disconnect, device number 52
[ 1148.357848][  T830] usb 5-1: Using ep0 maxpacket: 32
[ 1148.363453][  T830] usb 5-1: config 7 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1148.377765][  T830] usb 5-1: config 7 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1148.382245][  T830] usb 5-1: config 7 interface 0 altsetting 0 endpoint 0x2 has an invalid bInterval 0, changing to 7
[ 1148.386787][  T830] usb 5-1: config 7 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[ 1148.391640][  T830] usb 5-1: config 7 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5
[ 1148.405271][  T830] usb 5-1: New USB device found, idVendor=1b96, idProduct=000a, bcdDevice= 0.00
[ 1148.411211][  T830] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1148.465802][T17057] ptrace attach of "/syz-executor exec"[14945] was attempted by "/syz-executor exec"[17057]
[ 1148.471240][T17057] (unnamed net_device) (uninitialized): option primary: mode dependency failed, not supported in mode balance-rr(0)
[ 1148.630049][  T830] usbhid 5-1:7.0: can't add hid device: -71
[ 1148.632466][  T830] usbhid 5-1:7.0: probe with driver usbhid failed with error -71
[ 1148.639344][  T830] usb 5-1: USB disconnect, device number 45
[ 1149.025369][T17063] FAULT_INJECTION: forcing a failure.
[ 1149.025369][T17063] name failslab, interval 1, probability 0, space 0, times 0
[ 1149.030685][T17063] CPU: 0 UID: 0 PID: 17063 Comm: syz.2.3342 Not tainted 6.11.0-rc1-syzkaller-00233-g948752d2e010 #0
[ 1149.035211][T17063] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 1149.039608][T17063] Call Trace:
[ 1149.041060][T17063]  <TASK>
[ 1149.042300][T17063]  dump_stack_lvl+0x16c/0x1f0
[ 1149.044298][T17063]  should_fail_ex+0x497/0x5b0
[ 1149.046293][T17063]  ? fs_reclaim_acquire+0xae/0x160
[ 1149.048482][T17063]  should_failslab+0xc2/0x120
[ 1149.050483][T17063]  __kmalloc_noprof+0xcb/0x400
[ 1149.052544][T17063]  ? __pfx_lock_acquire+0x10/0x10
[ 1149.054709][T17063]  tomoyo_realpath_from_path+0xb9/0x720
[ 1149.057107][T17063]  ? tomoyo_profile+0x47/0x60
[ 1149.059131][T17063]  tomoyo_path_number_perm+0x245/0x590
[ 1149.061498][T17063]  ? tomoyo_path_number_perm+0x232/0x590
[ 1149.063911][T17063]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1149.066480][T17063]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 1149.069041][T17063]  ? __fget_files+0x256/0x400
[ 1149.071056][T17063]  security_file_ioctl+0x75/0xc0
[ 1149.073158][T17063]  __x64_sys_ioctl+0xbb/0x220
[ 1149.075195][T17063]  do_syscall_64+0xcd/0x250
[ 1149.077146][T17063]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1149.079686][T17063] RIP: 0033:0x7f3a8eb779f9
[ 1149.081596][T17063] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1149.089682][T17063] RSP: 002b:00007f3a8f9ff048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1149.093191][T17063] RAX: ffffffffffffffda RBX: 00007f3a8ed06058 RCX: 00007f3a8eb779f9
[ 1149.096553][T17063] RDX: 0000000020000502 RSI: 0000000040046f41 RDI: 000000000000000a
[ 1149.099907][T17063] RBP: 00007f3a8f9ff0a0 R08: 0000000000000000 R09: 0000000000000000
[ 1149.103368][T17063] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1149.106853][T17063] R13: 000000000000006e R14: 00007f3a8ed06058 R15: 00007ffccd84c678
[ 1149.110338][T17063]  </TASK>
[ 1149.112218][T17063] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1149.745410][T17096] program syz.1.3352 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1149.774757][T17097] netlink: 'syz.3.3351': attribute type 10 has an invalid length.
[ 1149.781037][T17097] batman_adv: batadv0: Adding interface: team0
[ 1149.783894][T17097] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1149.798617][T17097] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active
[ 1149.870151][T17097] usb usb1: usbfs: process 17097 (syz.3.3351) did not claim interface 0 before use
[ 1150.125851][ T5328] usb 6-1: new high-speed USB device number 53 using dummy_hcd
[ 1150.137639][T17100] FAULT_INJECTION: forcing a failure.
[ 1150.137639][T17100] name failslab, interval 1, probability 0, space 0, times 0
[ 1150.143105][T17100] CPU: 1 UID: 0 PID: 17100 Comm: syz.0.3353 Not tainted 6.11.0-rc1-syzkaller-00233-g948752d2e010 #0
[ 1150.146857][T17100] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 1150.151494][T17100] Call Trace:
[ 1150.153025][T17100]  <TASK>
[ 1150.154446][T17100]  dump_stack_lvl+0x16c/0x1f0
[ 1150.157396][T17100]  should_fail_ex+0x497/0x5b0
[ 1150.159734][T17100]  ? fs_reclaim_acquire+0xae/0x160
[ 1150.162046][T17100]  should_failslab+0xc2/0x120
[ 1150.164128][T17100]  __kmalloc_node_noprof+0xd1/0x430
[ 1150.166692][T17100]  ? __vmalloc_node_range_noprof+0x401/0x1520
[ 1150.169577][T17100]  __vmalloc_node_range_noprof+0x401/0x1520
[ 1150.172844][T17100]  ? bpf_check+0x1f0/0xa210
[ 1150.175428][T17100]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[ 1150.178693][T17100]  ? ___kmalloc_large_node+0x127/0x1a0
[ 1150.181242][T17100]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1150.183965][T17100]  ? bpf_check+0x1f0/0xa210
[ 1150.186512][T17100]  vzalloc_noprof+0x6b/0x90
[ 1150.189145][T17100]  ? bpf_check+0x1f0/0xa210
[ 1150.191663][T17100]  bpf_check+0x1f0/0xa210
[ 1150.194078][T17100]  ? __sys_bpf+0x8e9/0x4a20
[ 1150.196482][T17100]  ? __x64_sys_bpf+0x78/0xc0
[ 1150.199141][T17100]  ? do_syscall_64+0xcd/0x250
[ 1150.201461][T17100]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1150.204266][T17100]  ? __pfx_bpf_check+0x10/0x10
[ 1150.206487][T17100]  ? kasan_save_track+0x14/0x30
[ 1150.208627][T17100]  ? __kasan_kmalloc+0xaa/0xb0
[ 1150.211064][T17100]  ? selinux_bpf_prog_load+0x15f/0x1c0
[ 1150.213645][T17100]  bpf_prog_load+0xedb/0x2660
[ 1150.215740][T17100]  ? __pfx_bpf_prog_load+0x10/0x10
[ 1150.217989][T17100]  ? avc_has_perm+0x11b/0x1c0
[ 1150.220076][T17100]  ? selinux_bpf+0xde/0x130
[ 1150.222055][T17100]  ? security_bpf+0x8c/0xc0
[ 1150.224589][T17100]  __sys_bpf+0x8e9/0x4a20
[ 1150.227153][T17100]  ? ksys_write+0x21c/0x260
[ 1150.229539][T17100]  ? reacquire_held_locks+0x3f0/0x4c0
[ 1150.232060][T17100]  ? __pfx___sys_bpf+0x10/0x10
[ 1150.234363][T17100]  ? vfs_write+0x14d/0x1140
[ 1150.236551][T17100]  ? __mutex_unlock_slowpath+0x164/0x650
[ 1150.248741][T17100]  ? fput+0x32/0x390
[ 1150.250495][T17100]  ? ksys_write+0x1ab/0x260
[ 1150.252542][T17100]  ? __pfx_ksys_write+0x10/0x10
[ 1150.254848][T17100]  __x64_sys_bpf+0x78/0xc0
[ 1150.256934][T17100]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1150.259289][T17100]  do_syscall_64+0xcd/0x250
[ 1150.261468][T17100]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1150.264147][T17100] RIP: 0033:0x7f821d1779f9
[ 1150.266265][T17100] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1150.275170][T17100] RSP: 002b:00007f821dfc9048 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 1150.278937][T17100] RAX: ffffffffffffffda RBX: 00007f821d305f80 RCX: 00007f821d1779f9
[ 1150.282596][T17100] RDX: 0000000000000048 RSI: 000000002000e000 RDI: 0000000000000005
[ 1150.286194][T17100] RBP: 00007f821dfc90a0 R08: 0000000000000000 R09: 0000000000000000
[ 1150.289888][T17100] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1150.293446][T17100] R13: 000000000000000b R14: 00007f821d305f80 R15: 00007ffeae029418
[ 1150.296998][T17100]  </TASK>
[ 1150.408568][ T5328] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1150.418518][ T5328] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1150.434536][ T5328] usb 6-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0
[ 1150.442423][ T5328] usb 6-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0
[ 1150.454131][ T5328] usb 6-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0
[ 1150.459091][ T5328] usb 6-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0
[ 1150.469349][ T5328] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1150.473565][ T5328] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1150.477454][ T5328] usb 6-1: Product: syz
[ 1150.479497][ T5328] usb 6-1: Manufacturer: syz
[ 1150.481847][ T5328] usb 6-1: SerialNumber: syz
[ 1151.399038][T17113] mac80211_hwsim hwsim35 wlan1: entered allmulticast mode
[ 1151.441479][ T6116] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1151.445502][ T6116] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1151.711153][ T6116] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1151.731533][ T6116] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1151.966211][T17133] FAULT_INJECTION: forcing a failure.
[ 1151.966211][T17133] name failslab, interval 1, probability 0, space 0, times 0
[ 1151.976700][T17133] CPU: 3 UID: 0 PID: 17133 Comm: syz.2.3365 Not tainted 6.11.0-rc1-syzkaller-00233-g948752d2e010 #0
[ 1151.983963][T17133] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 1151.990156][T17133] Call Trace:
[ 1151.999258][T17133]  <TASK>
[ 1152.001076][T17133]  dump_stack_lvl+0x16c/0x1f0
[ 1152.003569][T17133]  should_fail_ex+0x497/0x5b0
[ 1152.005929][T17133]  ? fs_reclaim_acquire+0xae/0x160
[ 1152.008312][T17133]  should_failslab+0xc2/0x120
[ 1152.015236][T17133]  kmem_cache_alloc_node_noprof+0x71/0x310
[ 1152.019502][T17133]  ? __alloc_skb+0x2b1/0x380
[ 1152.022039][T17133]  __alloc_skb+0x2b1/0x380
[ 1152.024629][T17133]  ? __pfx___alloc_skb+0x10/0x10
[ 1152.028145][T17133]  netlink_ack+0x164/0xb90
[ 1152.031790][T17133]  netlink_rcv_skb+0x348/0x440
[ 1152.034767][T17133]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[ 1152.038262][T17133]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1152.040826][T17133]  ? security_capable+0x98/0xd0
[ 1152.043213][T17133]  ? ns_capable+0xd7/0x110
[ 1152.045396][T17133]  nfnetlink_rcv+0x1b4/0x430
[ 1152.048394][T17133]  ? __pfx_nfnetlink_rcv+0x10/0x10
[ 1152.051936][T17133]  ? netlink_deliver_tap+0x1ae/0xd90
[ 1152.054951][T17133]  netlink_unicast+0x544/0x830
[ 1152.058108][T17133]  ? __pfx_netlink_unicast+0x10/0x10
[ 1152.060610][T17133]  netlink_sendmsg+0x8b8/0xd70
[ 1152.078926][T17133]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1152.081904][T17133]  ? __import_iovec+0x1fd/0x6e0
[ 1152.084581][T17133]  ____sys_sendmsg+0xab5/0xc90
[ 1152.090429][T17133]  ? copy_msghdr_from_user+0x10b/0x160
[ 1152.094242][T17133]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1152.096955][T17133]  ? find_held_lock+0x2d/0x110
[ 1152.099951][T17133]  ? __pfx___lock_acquire+0x10/0x10
[ 1152.103270][T17133]  ___sys_sendmsg+0x135/0x1e0
[ 1152.105909][T17133]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1152.108566][T17133]  ? ksys_write+0x21c/0x260
[ 1152.110934][T17133]  ? __fget_light+0x173/0x210
[ 1152.113415][T17133]  __sys_sendmsg+0x117/0x1f0
[ 1152.115791][T17133]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1152.118154][T17133]  do_syscall_64+0xcd/0x250
[ 1152.120394][T17133]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1152.123960][T17133] RIP: 0033:0x7f3a8eb779f9
[ 1152.126682][T17133] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1152.137166][T17133] RSP: 002b:00007f3a8fa20048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1152.141627][T17133] RAX: ffffffffffffffda RBX: 00007f3a8ed05f80 RCX: 00007f3a8eb779f9
[ 1152.146385][T17133] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000000000003
[ 1152.151623][T17133] RBP: 00007f3a8fa200a0 R08: 0000000000000000 R09: 0000000000000000
[ 1152.156508][T17133] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1152.160441][T17133] R13: 000000000000000b R14: 00007f3a8ed05f80 R15: 00007ffccd84c678
[ 1152.163943][T17133]  </TASK>
[ 1152.255979][   T39] kauditd_printk_skb: 124 callbacks suppressed
[ 1152.256058][   T39] audit: type=1400 audit(1722639726.807:9368): avc:  denied  { watch } for  pid=17134 comm="syz.3.3366" path="/182/file0" dev="9p" ino=36185984 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[ 1152.305491][   T39] audit: type=1400 audit(1722639726.847:9369): avc:  denied  { setattr } for  pid=17134 comm="syz.3.3366" name="file0" dev="9p" ino=36185985 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[ 1152.644444][T17143] syzkaller1: entered promiscuous mode
[ 1152.647253][T17143] syzkaller1: entered allmulticast mode
[ 1152.680231][T17143] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3367'.
[ 1152.766504][ T5328] cdc_ncm 6-1:1.0: bind() failure
[ 1152.822523][ T5328] cdc_ncm 6-1:1.1: CDC Union missing and no IAD found
[ 1152.825777][ T5328] cdc_ncm 6-1:1.1: bind() failure
[ 1152.845902][ T5328] usb 6-1: USB disconnect, device number 53
[ 1153.642112][T17161] FAULT_INJECTION: forcing a failure.
[ 1153.642112][T17161] name failslab, interval 1, probability 0, space 0, times 0
[ 1153.661797][T17161] CPU: 2 UID: 0 PID: 17161 Comm: syz.2.3376 Not tainted 6.11.0-rc1-syzkaller-00233-g948752d2e010 #0
[ 1153.666704][T17161] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 1153.671453][T17161] Call Trace:
[ 1153.673235][T17161]  <TASK>
[ 1153.674649][T17161]  dump_stack_lvl+0x16c/0x1f0
[ 1153.676751][T17161]  should_fail_ex+0x497/0x5b0
[ 1153.678612][T17161]  ? fs_reclaim_acquire+0xae/0x160
[ 1153.681289][T17161]  should_failslab+0xc2/0x120
[ 1153.683312][T17161]  __kmalloc_cache_noprof+0x6b/0x300
[ 1153.685916][T17161]  ? hash_ipportip_create+0x36b/0x1250
[ 1153.688694][T17161]  hash_ipportip_create+0x36b/0x1250
[ 1153.690967][T17161]  ? __pfx_hash_ipportip_create+0x10/0x10
[ 1153.693609][T17161]  ip_set_create+0x7cb/0x14d0
[ 1153.696266][T17161]  ? __pfx_ip_set_create+0x10/0x10
[ 1153.698607][T17161]  nfnetlink_rcv_msg+0x9c3/0x11e0
[ 1153.700673][T17161]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[ 1153.702870][T17161]  ? find_held_lock+0x2d/0x110
[ 1153.704722][T17161]  ? avc_has_perm_noaudit+0x143/0x3a0
[ 1153.706827][T17161]  netlink_rcv_skb+0x16b/0x440
[ 1153.709064][T17161]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[ 1153.711163][T17161]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1153.713344][T17161]  ? security_capable+0x98/0xd0
[ 1153.715534][T17161]  ? ns_capable+0xd7/0x110
[ 1153.717422][T17161]  nfnetlink_rcv+0x1b4/0x430
[ 1153.721344][T17161]  ? __pfx_nfnetlink_rcv+0x10/0x10
[ 1153.723376][T17161]  ? netlink_deliver_tap+0x1ae/0xd90
[ 1153.725555][T17161]  netlink_unicast+0x544/0x830
[ 1153.727604][T17161]  ? __pfx_netlink_unicast+0x10/0x10
[ 1153.729937][T17161]  netlink_sendmsg+0x8b8/0xd70
[ 1153.731866][T17161]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1153.733890][T17161]  ? __import_iovec+0x1fd/0x6e0
[ 1153.735776][T17161]  ____sys_sendmsg+0xab5/0xc90
[ 1153.737593][T17161]  ? copy_msghdr_from_user+0x10b/0x160
[ 1153.739783][T17161]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1153.741814][T17161]  ? find_held_lock+0x2d/0x110
[ 1153.743979][T17161]  ? __pfx___lock_acquire+0x10/0x10
[ 1153.746121][T17161]  ___sys_sendmsg+0x135/0x1e0
[ 1153.747948][T17161]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1153.750060][T17161]  ? ksys_write+0x21c/0x260
[ 1153.751842][T17161]  ? __fget_light+0x173/0x210
[ 1153.753714][T17161]  __sys_sendmsg+0x117/0x1f0
[ 1153.755558][T17161]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1153.757675][T17161]  do_syscall_64+0xcd/0x250
[ 1153.759520][T17161]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1153.761794][T17161] RIP: 0033:0x7f3a8eb779f9
[ 1153.763540][T17161] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1153.771418][T17161] RSP: 002b:00007f3a8fa20048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1153.774915][T17161] RAX: ffffffffffffffda RBX: 00007f3a8ed05f80 RCX: 00007f3a8eb779f9
[ 1153.778263][T17161] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000000000003
[ 1153.781577][T17161] RBP: 00007f3a8fa200a0 R08: 0000000000000000 R09: 0000000000000000
[ 1153.785076][T17161] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1153.788539][T17161] R13: 000000000000000b R14: 00007f3a8ed05f80 R15: 00007ffccd84c678
[ 1153.792456][T17161]  </TASK>
[ 1153.825836][   T39] audit: type=1326 audit(1722639728.367:9370): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17162 comm="syz.0.3377" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f821d1779f9 code=0x7ffc0000
[ 1153.839951][   T39] audit: type=1326 audit(1722639728.367:9371): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17162 comm="syz.0.3377" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f821d1779f9 code=0x7ffc0000
[ 1154.115436][ T5360] usb 5-1: new high-speed USB device number 46 using dummy_hcd
[ 1154.222208][T17170] block nbd3: shutting down sockets
[ 1154.303225][ T5360] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[ 1154.323533][ T5360] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[ 1154.338564][ T5360] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 1154.342219][ T5360] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1154.352960][T17164] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[ 1154.358936][ T5360] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[ 1154.566404][   T39] audit: type=1326 audit(1722639729.127:9372): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17162 comm="syz.0.3377" exe="/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f821d176390 code=0x7ffc0000
[ 1154.579372][   T39] audit: type=1326 audit(1722639729.137:9373): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17162 comm="syz.0.3377" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f821d1779f9 code=0x7ffc0000
[ 1154.589628][   T39] audit: type=1326 audit(1722639729.137:9374): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17162 comm="syz.0.3377" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f821d1779f9 code=0x7ffc0000
[ 1154.593762][T17163] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[ 1154.611309][   T39] audit: type=1326 audit(1722639729.137:9375): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17162 comm="syz.0.3377" exe="/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7f821d1779f9 code=0x7ffc0000
[ 1154.624230][   T39] audit: type=1326 audit(1722639729.137:9376): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17162 comm="syz.0.3377" exe="/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f821d177a33 code=0x7ffc0000
[ 1154.633673][   T39] audit: type=1326 audit(1722639729.137:9377): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17162 comm="syz.0.3377" exe="/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f821d177a33 code=0x7ffc0000
[ 1154.643234][T16551] usb 5-1: USB disconnect, device number 46
[ 1155.515294][ T5360] usb 5-1: new high-speed USB device number 47 using dummy_hcd
[ 1155.643302][ T5328] usb 6-1: new high-speed USB device number 54 using dummy_hcd
[ 1155.666203][ T5360] usb 5-1: device descriptor read/64, error -71
[ 1155.798074][ T5328] usb 6-1: device descriptor read/64, error -71
[ 1155.810378][T17210] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1155.945435][ T5360] usb 5-1: new high-speed USB device number 48 using dummy_hcd
[ 1155.975326][ T5429] usb 8-1: new high-speed USB device number 51 using dummy_hcd
[ 1156.065281][ T5328] usb 6-1: new high-speed USB device number 55 using dummy_hcd
[ 1156.095373][ T5360] usb 5-1: device descriptor read/64, error -71
[ 1156.158651][ T5429] usb 8-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[ 1156.164110][ T5429] usb 8-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[ 1156.168640][ T5429] usb 8-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 1156.172664][ T5429] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1156.180618][T17206] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22
[ 1156.186795][ T5429] usb 8-1: Quirk or no altset; falling back to MIDI 1.0
[ 1156.215694][ T5360] usb usb5-port1: attempt power cycle
[ 1156.235323][ T5328] usb 6-1: device descriptor read/64, error -71
[ 1156.365725][ T5328] usb usb6-port1: attempt power cycle
[ 1156.405444][T17206] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[ 1156.435507][ T5862] usb 8-1: USB disconnect, device number 51
[ 1156.638795][ T5360] usb 5-1: new high-speed USB device number 49 using dummy_hcd
[ 1156.667848][ T5360] usb 5-1: device descriptor read/8, error -71
[ 1156.825369][ T5328] usb 6-1: new high-speed USB device number 56 using dummy_hcd
[ 1156.876597][ T5328] usb 6-1: device descriptor read/8, error -71
[ 1156.935406][ T5360] usb 5-1: new high-speed USB device number 50 using dummy_hcd
[ 1156.974272][ T5360] usb 5-1: device descriptor read/8, error -71
[ 1157.095778][ T5360] usb usb5-port1: unable to enumerate USB device
[ 1157.165321][ T5328] usb 6-1: new high-speed USB device number 57 using dummy_hcd
[ 1157.206106][ T5328] usb 6-1: device descriptor read/8, error -71
[ 1157.345372][ T5328] usb usb6-port1: unable to enumerate USB device
[ 1157.553343][T17230] FAULT_INJECTION: forcing a failure.
[ 1157.553343][T17230] name failslab, interval 1, probability 0, space 0, times 0
[ 1157.560531][T17230] CPU: 3 UID: 0 PID: 17230 Comm: syz.2.3401 Not tainted 6.11.0-rc1-syzkaller-00233-g948752d2e010 #0
[ 1157.565025][T17230] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 1157.569657][T17230] Call Trace:
[ 1157.571135][T17230]  <TASK>
[ 1157.572587][T17230]  dump_stack_lvl+0x16c/0x1f0
[ 1157.574651][T17230]  should_fail_ex+0x497/0x5b0
[ 1157.576709][T17230]  ? fs_reclaim_acquire+0xae/0x160
[ 1157.579015][T17230]  should_failslab+0xc2/0x120
[ 1157.581095][T17230]  __kmalloc_cache_noprof+0x6b/0x300
[ 1157.583372][T17230]  ? smc_pnet_add+0xe4b/0x1750
[ 1157.585508][T17230]  smc_pnet_add+0xe4b/0x1750
[ 1157.587544][T17230]  ? __pfx_smc_pnet_add+0x10/0x10
[ 1157.589704][T17230]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290
[ 1157.592885][T17230]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290
[ 1157.595996][T17230]  genl_family_rcv_msg_doit+0x202/0x2f0
[ 1157.598230][T17230]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[ 1157.600803][T17230]  ? security_capable+0x98/0xd0
[ 1157.602909][T17230]  genl_rcv_msg+0x565/0x800
[ 1157.604815][T17230]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1157.606941][T17230]  ? __pfx___lock_acquire+0x10/0x10
[ 1157.609105][T17230]  ? __pfx_smc_pnet_add+0x10/0x10
[ 1157.611222][T17230]  ? __pfx___lock_acquire+0x10/0x10
[ 1157.613400][T17230]  netlink_rcv_skb+0x16b/0x440
[ 1157.615436][T17230]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1157.617521][T17230]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1157.619672][T17230]  ? down_read+0xc9/0x330
[ 1157.621502][T17230]  ? __pfx_down_read+0x10/0x10
[ 1157.623530][T17230]  ? netlink_deliver_tap+0x1ae/0xd90
[ 1157.625790][T17230]  genl_rcv+0x28/0x40
[ 1157.627450][T17230]  netlink_unicast+0x544/0x830
[ 1157.629459][T17230]  ? __pfx_netlink_unicast+0x10/0x10
[ 1157.631686][T17230]  netlink_sendmsg+0x8b8/0xd70
[ 1157.633703][T17230]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1157.635876][T17230]  ? __import_iovec+0x1fd/0x6e0
[ 1157.637939][T17230]  ____sys_sendmsg+0xab5/0xc90
[ 1157.639958][T17230]  ? copy_msghdr_from_user+0x10b/0x160
[ 1157.642177][T17230]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1157.644355][T17230]  ? find_held_lock+0x2d/0x110
[ 1157.646327][T17230]  ? __pfx___lock_acquire+0x10/0x10
[ 1157.648495][T17230]  ___sys_sendmsg+0x135/0x1e0
[ 1157.650476][T17230]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1157.652693][T17230]  ? ksys_write+0x21c/0x260
[ 1157.654597][T17230]  ? __fget_light+0x173/0x210
[ 1157.656549][T17230]  __sys_sendmsg+0x117/0x1f0
[ 1157.658380][T17230]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1157.660483][T17230]  do_syscall_64+0xcd/0x250
[ 1157.662296][T17230]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1157.664781][T17230] RIP: 0033:0x7f3a8eb779f9
[ 1157.667213][T17230] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1157.676058][T17230] RSP: 002b:00007f3a8fa20048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1157.681263][T17230] RAX: ffffffffffffffda RBX: 00007f3a8ed05f80 RCX: 00007f3a8eb779f9
[ 1157.684981][T17230] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000006
[ 1157.688598][T17230] RBP: 00007f3a8fa200a0 R08: 0000000000000000 R09: 0000000000000000
[ 1157.692264][T17230] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1157.695695][T17230] R13: 000000000000000b R14: 00007f3a8ed05f80 R15: 00007ffccd84c678
[ 1157.698930][T17230]  </TASK>
[ 1158.469164][   T39] kauditd_printk_skb: 97 callbacks suppressed
[ 1158.469181][   T39] audit: type=1400 audit(1722639733.027:9475): avc:  denied  { bind } for  pid=17254 comm="syz.3.3409" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[ 1158.480102][   T39] audit: type=1400 audit(1722639733.027:9476): avc:  denied  { name_bind } for  pid=17254 comm="syz.3.3409" src=576 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=icmp_socket permissive=1
[ 1158.489845][   T39] audit: type=1400 audit(1722639733.027:9477): avc:  denied  { node_bind } for  pid=17254 comm="syz.3.3409" saddr=::4000:20:0:0 src=576 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=icmp_socket permissive=1
[ 1158.641649][   T39] audit: type=1400 audit(1722639733.197:9478): avc:  denied  { map } for  pid=17261 comm="syz.1.3412" path="socket:[83782]" dev="sockfs" ino=83782 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[ 1158.642024][   T39] audit: type=1400 audit(1722639733.197:9479): avc:  denied  { map } for  pid=17261 comm="syz.1.3412" path="socket:[83782]" dev="sockfs" ino=83782 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[ 1158.642255][   T39] audit: type=1400 audit(1722639733.197:9480): avc:  denied  { accept } for  pid=17261 comm="syz.1.3412" path="socket:[83782]" dev="sockfs" ino=83782 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[ 1158.845135][T17275] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3413'.
[ 1158.853606][T17275] tmpfs: Unknown parameter 'qsruota'
[ 1159.015271][ T5850] usb 7-1: new high-speed USB device number 42 using dummy_hcd
[ 1159.274420][ T5850] usb 7-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 1159.278727][ T5850] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1159.282263][ T5850] usb 7-1: Product: syz
[ 1159.284120][ T5850] usb 7-1: Manufacturer: syz
[ 1159.286719][ T5850] usb 7-1: SerialNumber: syz
[ 1159.296832][ T5850] usb 7-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[ 1159.323314][ T5850] usb 7-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 1160.003342][T17300] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3422'.
[ 1160.355511][ T5850] ath9k_htc 7-1:1.0: ath9k_htc: Target is unresponsive
[ 1160.361204][ T5850] ath9k_htc: Failed to initialize the device
[ 1160.416462][ T5850] usb 7-1: ath9k_htc: USB layer deinitialized
[ 1160.542887][T17310] FAULT_INJECTION: forcing a failure.
[ 1160.542887][T17310] name failslab, interval 1, probability 0, space 0, times 0
[ 1160.552772][T17310] CPU: 2 UID: 0 PID: 17310 Comm: syz.3.3424 Not tainted 6.11.0-rc1-syzkaller-00233-g948752d2e010 #0
[ 1160.557486][T17310] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 1160.562497][T17310] Call Trace:
[ 1160.564079][T17310]  <TASK>
[ 1160.565393][T17310]  dump_stack_lvl+0x16c/0x1f0
[ 1160.567444][T17310]  should_fail_ex+0x497/0x5b0
[ 1160.570878][T17310]  ? fs_reclaim_acquire+0xae/0x160
[ 1160.574008][T17310]  should_failslab+0xc2/0x120
[ 1160.576996][T17310]  __kmalloc_node_noprof+0xd1/0x430
[ 1160.579533][T17310]  ? __kvmalloc_node_noprof+0x9d/0x1a0
[ 1160.582830][T17310]  __kvmalloc_node_noprof+0x9d/0x1a0
[ 1160.586600][T17310]  alloc_netdev_mqs+0xcc0/0x13d0
[ 1160.589673][T17310]  rtnl_create_link+0xc10/0xfa0
[ 1160.592656][T17310]  __rtnl_newlink+0x10ae/0x1960
[ 1160.595181][T17310]  ? __pfx___rtnl_newlink+0x10/0x10
[ 1160.598127][T17310]  rtnl_newlink+0x67/0xa0
[ 1160.600658][T17310]  ? __pfx_rtnl_newlink+0x10/0x10
[ 1160.603427][T17310]  rtnetlink_rcv_msg+0x3c7/0xea0
[ 1160.606354][T17310]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1160.609707][T17310]  netlink_rcv_skb+0x16b/0x440
[ 1160.612465][T17310]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1160.615175][T17310]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1160.617915][T17310]  ? netlink_deliver_tap+0x1ae/0xd90
[ 1160.620473][T17310]  netlink_unicast+0x544/0x830
[ 1160.622854][T17310]  ? __pfx_netlink_unicast+0x10/0x10
[ 1160.625775][T17310]  netlink_sendmsg+0x8b8/0xd70
[ 1160.628722][T17310]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1160.631909][T17310]  ? __import_iovec+0x1fd/0x6e0
[ 1160.635429][T17310]  ____sys_sendmsg+0xab5/0xc90
[ 1160.637697][T17310]  ? copy_msghdr_from_user+0x10b/0x160
[ 1160.640576][T17310]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1160.642673][T17310]  ? find_held_lock+0x2d/0x110
[ 1160.644937][T17310]  ? __pfx___lock_acquire+0x10/0x10
[ 1160.647348][T17310]  ___sys_sendmsg+0x135/0x1e0
[ 1160.649858][T17310]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1160.652159][T17310]  ? ksys_write+0x21c/0x260
[ 1160.654584][T17310]  ? __fget_light+0x173/0x210
[ 1160.656913][T17310]  __sys_sendmsg+0x117/0x1f0
[ 1160.659540][T17310]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1160.662673][T17310]  do_syscall_64+0xcd/0x250
[ 1160.664679][T17310]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1160.667435][T17310] RIP: 0033:0x7f697e5779f9
[ 1160.669785][T17310] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1160.679921][T17310] RSP: 002b:00007f697f2df048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1160.683530][T17310] RAX: ffffffffffffffda RBX: 00007f697e705f80 RCX: 00007f697e5779f9
[ 1160.687125][T17310] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000003
[ 1160.691340][T17310] RBP: 00007f697f2df0a0 R08: 0000000000000000 R09: 0000000000000000
[ 1160.695781][T17310] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1160.700553][T17310] R13: 000000000000000b R14: 00007f697e705f80 R15: 00007ffd25980038
[ 1160.705425][T17310]  </TASK>
[ 1161.520023][T17319] FAULT_INJECTION: forcing a failure.
[ 1161.520023][T17319] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1161.545924][T17319] CPU: 0 UID: 0 PID: 17319 Comm: syz.1.3428 Not tainted 6.11.0-rc1-syzkaller-00233-g948752d2e010 #0
[ 1161.550851][T17319] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 1161.555528][T17319] Call Trace:
[ 1161.556996][T17319]  <TASK>
[ 1161.558415][T17319]  dump_stack_lvl+0x16c/0x1f0
[ 1161.560510][T17319]  should_fail_ex+0x497/0x5b0
[ 1161.562648][T17319]  _copy_from_user+0x30/0xf0
[ 1161.564678][T17319]  move_addr_to_kernel+0x68/0x160
[ 1161.566866][T17319]  __sys_connect+0xbd/0x170
[ 1161.568864][T17319]  ? __pfx___sys_connect+0x10/0x10
[ 1161.571150][T17319]  ? __pfx_ksys_write+0x10/0x10
[ 1161.573275][T17319]  __x64_sys_connect+0x72/0xb0
[ 1161.575402][T17319]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1161.577807][T17319]  do_syscall_64+0xcd/0x250
[ 1161.579860][T17319]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1161.582471][T17319] RIP: 0033:0x7f2977f779f9
[ 1161.584523][T17319] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1161.592721][T17319] RSP: 002b:00007f2978c61048 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[ 1161.596135][T17319] RAX: ffffffffffffffda RBX: 00007f2978105f80 RCX: 00007f2977f779f9
[ 1161.599607][T17319] RDX: 000000000000001c RSI: 0000000020000080 RDI: 0000000000000003
[ 1161.602998][T17319] RBP: 00007f2978c610a0 R08: 0000000000000000 R09: 0000000000000000
[ 1161.606430][T17319] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1161.611154][T17319] R13: 000000000000000b R14: 00007f2978105f80 R15: 00007ffca015a6c8
[ 1161.614674][T17319]  </TASK>
[ 1162.174849][ T5429] usb 7-1: USB disconnect, device number 42
[ 1162.255305][   T39] audit: type=1400 audit(1722639736.777:9481): avc:  denied  { setopt } for  pid=17330 comm="syz.2.3432" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[ 1162.380965][T17337] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3433'.
[ 1162.401107][T17337] FAULT_INJECTION: forcing a failure.
[ 1162.401107][T17337] name failslab, interval 1, probability 0, space 0, times 0
[ 1162.415342][T17337] CPU: 1 UID: 0 PID: 17337 Comm: syz.3.3433 Not tainted 6.11.0-rc1-syzkaller-00233-g948752d2e010 #0
[ 1162.420085][T17337] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 1162.424766][T17337] Call Trace:
[ 1162.426253][T17337]  <TASK>
[ 1162.427601][T17337]  dump_stack_lvl+0x16c/0x1f0
[ 1162.429738][T17337]  should_fail_ex+0x497/0x5b0
[ 1162.431764][T17337]  ? fs_reclaim_acquire+0xae/0x160
[ 1162.434014][T17337]  should_failslab+0xc2/0x120
[ 1162.436208][T17337]  __kmalloc_node_noprof+0xd1/0x430
[ 1162.438430][T17337]  ? __kvmalloc_node_noprof+0x9d/0x1a0
[ 1162.440775][T17337]  __kvmalloc_node_noprof+0x9d/0x1a0
[ 1162.442933][T17337]  alloc_netdev_mqs+0xcc0/0x13d0
[ 1162.444947][T17337]  rtnl_create_link+0xc10/0xfa0
[ 1162.447257][T17337]  __rtnl_newlink+0x10ae/0x1960
[ 1162.449286][T17337]  ? __pfx___rtnl_newlink+0x10/0x10
[ 1162.451707][T17337]  rtnl_newlink+0x67/0xa0
[ 1162.453969][T17337]  ? __pfx_rtnl_newlink+0x10/0x10
[ 1162.456091][T17337]  rtnetlink_rcv_msg+0x3c7/0xea0
[ 1162.458164][T17337]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1162.460819][T17337]  netlink_rcv_skb+0x16b/0x440
[ 1162.462851][T17337]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1162.465088][T17337]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1162.467280][T17337]  ? netlink_deliver_tap+0x1ae/0xd90
[ 1162.469441][T17337]  netlink_unicast+0x544/0x830
[ 1162.471402][T17337]  ? __pfx_netlink_unicast+0x10/0x10
[ 1162.473564][T17337]  netlink_sendmsg+0x8b8/0xd70
[ 1162.475673][T17337]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1162.477962][T17337]  ? __import_iovec+0x1fd/0x6e0
[ 1162.480275][T17337]  ____sys_sendmsg+0xab5/0xc90
[ 1162.482446][T17337]  ? copy_msghdr_from_user+0x10b/0x160
[ 1162.484828][T17337]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1162.487106][T17337]  ? find_held_lock+0x2d/0x110
[ 1162.489204][T17337]  ? __pfx___lock_acquire+0x10/0x10
[ 1162.492213][T17337]  ___sys_sendmsg+0x135/0x1e0
[ 1162.494699][T17337]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1162.497176][T17337]  ? ksys_write+0x21c/0x260
[ 1162.499508][T17337]  ? __fget_light+0x173/0x210
[ 1162.501628][T17337]  __sys_sendmsg+0x117/0x1f0
[ 1162.503697][T17337]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1162.505998][T17337]  do_syscall_64+0xcd/0x250
[ 1162.508132][T17337]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1162.510699][T17337] RIP: 0033:0x7f697e5779f9
[ 1162.513310][T17337] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1162.522526][T17337] RSP: 002b:00007f697f2df048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1162.526265][T17337] RAX: ffffffffffffffda RBX: 00007f697e705f80 RCX: 00007f697e5779f9
[ 1162.530062][T17337] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000000000003
[ 1162.533959][T17337] RBP: 00007f697f2df0a0 R08: 0000000000000000 R09: 0000000000000000
[ 1162.537713][T17337] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1162.541798][T17337] R13: 000000000000000b R14: 00007f697e705f80 R15: 00007ffd25980038
[ 1162.545322][T17337]  </TASK>
[ 1162.766980][    C3] vkms_vblank_simulate: vblank timer overrun
[ 1162.968112][   T39] audit: type=1326 audit(1722639737.527:9482): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17340 comm="syz.3.3436" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f697e5779f9 code=0x7ffc0000
[ 1162.986336][   T39] audit: type=1326 audit(1722639737.527:9483): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17340 comm="syz.3.3436" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f697e5779f9 code=0x7ffc0000
[ 1163.001150][   T39] audit: type=1326 audit(1722639737.567:9484): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17340 comm="syz.3.3436" exe="/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f697e576390 code=0x7ffc0000
[ 1163.265376][ T5429] usb 8-1: new high-speed USB device number 52 using dummy_hcd
[ 1163.366476][T16554] usb 5-1: new high-speed USB device number 51 using dummy_hcd
[ 1163.450610][ T5429] usb 8-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[ 1163.456046][ T5429] usb 8-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[ 1163.460452][ T5429] usb 8-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 1163.464510][ T5429] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1163.472882][T17341] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[ 1163.478221][   T39] kauditd_printk_skb: 20 callbacks suppressed
[ 1163.478234][   T39] audit: type=1326 audit(1722639738.037:9505): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17340 comm="syz.3.3436" exe="/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f697e5775fb code=0x7ffc0000
[ 1163.496582][ T5429] usb 8-1: Quirk or no altset; falling back to MIDI 1.0
[ 1163.498608][   T39] audit: type=1326 audit(1722639738.047:9506): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17340 comm="syz.3.3436" exe="/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f697e5a99e5 code=0x7ffc0000
[ 1163.522758][ T4766] Bluetooth: hci0: SCO packet for unknown connection handle 0
[ 1163.557256][T16554] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1163.568317][T16554] usb 5-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[ 1163.572638][T16554] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1163.583658][T16554] usb 5-1: config 0 descriptor??
[ 1163.592409][T16554] usbhid 5-1:0.0: couldn't find an input interrupt endpoint
[ 1163.699233][   T39] audit: type=1326 audit(1722639738.247:9507): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17340 comm="syz.3.3436" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f697e5779f9 code=0x7ffc0000
[ 1163.710618][   T39] audit: type=1326 audit(1722639738.257:9508): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17340 comm="syz.3.3436" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f697e5779f9 code=0x7ffc0000
[ 1163.721552][   T39] audit: type=1326 audit(1722639738.257:9509): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17340 comm="syz.3.3436" exe="/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f697e576390 code=0x7ffc0000
[ 1163.732341][T17341] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[ 1163.739729][   T39] audit: type=1326 audit(1722639738.267:9510): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17340 comm="syz.3.3436" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f697e5779f9 code=0x7ffc0000
[ 1163.758685][   T39] audit: type=1326 audit(1722639738.267:9511): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17340 comm="syz.3.3436" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f697e5779f9 code=0x7ffc0000
[ 1163.760955][T16554] usb 8-1: USB disconnect, device number 52
[ 1163.769857][   T39] audit: type=1326 audit(1722639738.267:9512): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17340 comm="syz.3.3436" exe="/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7f697e5779f9 code=0x7ffc0000
[ 1163.781446][   T39] audit: type=1326 audit(1722639738.267:9513): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17340 comm="syz.3.3436" exe="/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f697e577a33 code=0x7ffc0000
[ 1163.791257][   T39] audit: type=1326 audit(1722639738.267:9514): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17340 comm="syz.3.3436" exe="/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f697e577a33 code=0x7ffc0000
[ 1164.275525][ T4766] Bluetooth: hci0: command 0x0405 tx timeout
[ 1164.356674][T17366] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3445'.
[ 1164.380145][T17369] netlink: 'syz.1.3446': attribute type 29 has an invalid length.
[ 1164.386504][T17369] netlink: 'syz.1.3446': attribute type 29 has an invalid length.
[ 1164.572924][T17376] netlink: 'syz.0.3438': attribute type 29 has an invalid length.
[ 1164.577653][T17376] netlink: 'syz.0.3438': attribute type 29 has an invalid length.
[ 1165.256493][T17398] FAULT_INJECTION: forcing a failure.
[ 1165.256493][T17398] name failslab, interval 1, probability 0, space 0, times 0
[ 1165.261949][T17398] CPU: 1 UID: 0 PID: 17398 Comm: syz.2.3456 Not tainted 6.11.0-rc1-syzkaller-00233-g948752d2e010 #0
[ 1165.266476][T17398] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 1165.271067][T17398] Call Trace:
[ 1165.272548][T17398]  <TASK>
[ 1165.273853][T17398]  dump_stack_lvl+0x16c/0x1f0
[ 1165.275985][T17398]  should_fail_ex+0x497/0x5b0
[ 1165.278207][T17398]  ? fs_reclaim_acquire+0xae/0x160
[ 1165.280402][T17398]  should_failslab+0xc2/0x120
[ 1165.282475][T17398]  __kmalloc_cache_noprof+0x6b/0x300
[ 1165.284775][T17398]  ? input_allocate_device+0xc5/0x350
[ 1165.287215][T17398]  input_allocate_device+0xc5/0x350
[ 1165.289536][T17398]  uinput_ioctl_handler.isra.0+0x897/0x1d70
[ 1165.292091][T17398]  ? __pfx_uinput_ioctl_handler.isra.0+0x10/0x10
[ 1165.294889][T17398]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 1165.297733][T17398]  ? selinux_file_ioctl+0xb4/0x270
[ 1165.300204][T17398]  ? __pfx_uinput_ioctl+0x10/0x10
[ 1165.302625][T17398]  __x64_sys_ioctl+0x193/0x220
[ 1165.304833][T17398]  do_syscall_64+0xcd/0x250
[ 1165.307288][T17398]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1165.311601][T17398] RIP: 0033:0x7f3a8eb779f9
[ 1165.314608][T17398] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1165.322760][T17398] RSP: 002b:00007f3a8fa20048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1165.328679][T17398] RAX: ffffffffffffffda RBX: 00007f3a8ed05f80 RCX: 00007f3a8eb779f9
[ 1165.331670][T17398] RDX: 0000000000000000 RSI: 0000000000005502 RDI: 0000000000000003
[ 1165.335047][T17398] RBP: 00007f3a8fa200a0 R08: 0000000000000000 R09: 0000000000000000
[ 1165.338014][T17398] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1165.341060][T17398] R13: 000000000000000b R14: 00007f3a8ed05f80 R15: 00007ffccd84c678
[ 1165.344027][T17398]  </TASK>
[ 1166.090682][T16555] usb 5-1: USB disconnect, device number 51
[ 1166.514375][T17424] syzkaller1: entered promiscuous mode
[ 1166.524663][T17424] syzkaller1: entered allmulticast mode
[ 1166.557747][T17424] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3464'.
[ 1167.010886][T17430] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3467'.
[ 1167.126423][T17436] FAULT_INJECTION: forcing a failure.
[ 1167.126423][T17436] name failslab, interval 1, probability 0, space 0, times 0
[ 1167.132463][T17436] CPU: 1 UID: 0 PID: 17436 Comm: syz.2.3469 Not tainted 6.11.0-rc1-syzkaller-00233-g948752d2e010 #0
[ 1167.137359][T17436] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 1167.142311][T17436] Call Trace:
[ 1167.143861][T17436]  <TASK>
[ 1167.145253][T17436]  dump_stack_lvl+0x16c/0x1f0
[ 1167.147447][T17436]  should_fail_ex+0x497/0x5b0
[ 1167.149814][T17436]  ? fs_reclaim_acquire+0xae/0x160
[ 1167.152214][T17436]  should_failslab+0xc2/0x120
[ 1167.154592][T17436]  __kmalloc_noprof+0xcb/0x400
[ 1167.157033][T17436]  copy_splice_read+0x1a8/0xb80
[ 1167.159310][T17436]  ? look_up_lock_class+0x68/0x140
[ 1167.161665][T17436]  ? __pfx_copy_splice_read+0x10/0x10
[ 1167.164070][T17436]  ? __pfx_register_lock_class+0x10/0x10
[ 1167.166633][T17436]  ? __pfx_copy_splice_read+0x10/0x10
[ 1167.169234][T17436]  do_splice_read+0x294/0x380
[ 1167.171415][T17436]  splice_direct_to_actor+0x2a4/0xa40
[ 1167.173770][T17436]  ? __pfx_direct_splice_actor+0x10/0x10
[ 1167.176521][T17436]  ? __pfx_splice_direct_to_actor+0x10/0x10
[ 1167.179444][T17436]  ? __pfx___might_resched+0x10/0x10
[ 1167.182007][T17436]  ? __pfx_lock_release+0x10/0x10
[ 1167.184483][T17436]  do_splice_direct+0x17e/0x250
[ 1167.186798][T17436]  ? __pfx_do_splice_direct+0x10/0x10
[ 1167.189341][T17436]  ? avc_policy_seqno+0x9/0x20
[ 1167.191532][T17436]  ? __pfx_direct_file_splice_eof+0x10/0x10
[ 1167.194011][T17436]  do_sendfile+0xb1e/0xe50
[ 1167.195822][T17436]  ? __pfx_do_sendfile+0x10/0x10
[ 1167.197889][T17436]  __x64_sys_sendfile64+0x1da/0x220
[ 1167.200132][T17436]  ? ksys_write+0x1ab/0x260
[ 1167.202339][T17436]  ? __pfx___x64_sys_sendfile64+0x10/0x10
[ 1167.205001][T17436]  do_syscall_64+0xcd/0x250
[ 1167.207025][T17436]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1167.209815][T17436] RIP: 0033:0x7f3a8eb779f9
[ 1167.211965][T17436] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1167.221134][T17436] RSP: 002b:00007f3a8fa20048 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 1167.225049][T17436] RAX: ffffffffffffffda RBX: 00007f3a8ed05f80 RCX: 00007f3a8eb779f9
[ 1167.228796][T17436] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000009
[ 1167.232458][T17436] RBP: 00007f3a8fa200a0 R08: 0000000000000000 R09: 0000000000000000
[ 1167.235776][T17436] R10: 000000000000067f R11: 0000000000000246 R12: 0000000000000001
[ 1167.239125][T17436] R13: 000000000000000b R14: 00007f3a8ed05f80 R15: 00007ffccd84c678
[ 1167.243039][T17436]  </TASK>
[ 1167.981765][T17447] syzkaller1: entered promiscuous mode
[ 1167.984194][T17447] syzkaller1: entered allmulticast mode
[ 1168.013590][T17447] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3471'.
[ 1168.579571][   T39] kauditd_printk_skb: 28 callbacks suppressed
[ 1168.579582][   T39] audit: type=1326 audit(1722639743.137:9543): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17452 comm="syz.2.3475" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3a8eb779f9 code=0x7ffc0000
[ 1168.593531][   T39] audit: type=1326 audit(1722639743.137:9544): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17452 comm="syz.2.3475" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3a8eb779f9 code=0x7ffc0000
[ 1168.603426][   T39] audit: type=1326 audit(1722639743.137:9545): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17452 comm="syz.2.3475" exe="/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f3a8eb76390 code=0x7ffc0000
[ 1168.613507][   T39] audit: type=1326 audit(1722639743.137:9546): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17452 comm="syz.2.3475" exe="/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f3a8eb775fb code=0x7ffc0000
[ 1168.624355][   T39] audit: type=1326 audit(1722639743.137:9547): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17452 comm="syz.2.3475" exe="/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f3a8eb775fb code=0x7ffc0000
[ 1168.635649][   T39] audit: type=1326 audit(1722639743.137:9548): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17452 comm="syz.2.3475" exe="/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f3a8eb775fb code=0x7ffc0000
[ 1168.641432][T17460] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3477'.
[ 1168.650418][   T39] audit: type=1326 audit(1722639743.137:9549): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17452 comm="syz.2.3475" exe="/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f3a8eb775fb code=0x7ffc0000
[ 1168.696172][   T39] audit: type=1326 audit(1722639743.257:9550): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17452 comm="syz.2.3475" exe="/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f3a8eb775fb code=0x7ffc0000
[ 1168.775740][   T39] audit: type=1326 audit(1722639743.337:9551): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17452 comm="syz.2.3475" exe="/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f3a8eb775fb code=0x7ffc0000
[ 1168.846972][ T5328] usb 7-1: new high-speed USB device number 43 using dummy_hcd
[ 1168.871213][   T39] audit: type=1326 audit(1722639743.427:9552): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17452 comm="syz.2.3475" exe="/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f3a8eb775fb code=0x7ffc0000
[ 1168.900386][T17470] xt_CT: You must specify a L4 protocol and not use inversions on it
[ 1169.068276][ T5328] usb 7-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[ 1169.073711][ T5328] usb 7-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[ 1169.077847][ T5328] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 1169.081476][ T5328] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1169.088250][T17455] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[ 1169.096185][ T5328] usb 7-1: Quirk or no altset; falling back to MIDI 1.0
[ 1169.323290][T17455] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[ 1169.326675][T17455] IPv6: NLM_F_CREATE should be set when creating new route
[ 1169.329659][T17455] IPv6: NLM_F_CREATE should be set when creating new route
[ 1169.353583][ T5850] usb 7-1: USB disconnect, device number 43
[ 1169.616370][T17482] syzkaller1: entered promiscuous mode
[ 1169.618749][T17482] syzkaller1: entered allmulticast mode
[ 1169.631301][T17482] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3481'.
[ 1169.975674][T17489] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.3483'.
[ 1169.980030][T17489] openvswitch: netlink: Tunnel attr 5 has unexpected len 4 expected 0
[ 1170.663475][T17511] FAULT_INJECTION: forcing a failure.
[ 1170.663475][T17511] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1170.669591][T17511] CPU: 1 UID: 0 PID: 17511 Comm: syz.3.3491 Not tainted 6.11.0-rc1-syzkaller-00233-g948752d2e010 #0
[ 1170.674156][T17511] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 1170.678786][T17511] Call Trace:
[ 1170.680263][T17511]  <TASK>
[ 1170.681582][T17511]  dump_stack_lvl+0x16c/0x1f0
[ 1170.683686][T17511]  should_fail_ex+0x497/0x5b0
[ 1170.685784][T17511]  strncpy_from_user+0x38/0x320
[ 1170.687960][T17511]  getname_flags.part.0+0x8f/0x550
[ 1170.690256][T17511]  getname_flags+0x93/0xf0
[ 1170.692240][T17511]  user_path_at+0x24/0x60
[ 1170.694107][T17511]  __x64_sys_mount+0x1fc/0x320
[ 1170.696215][T17511]  ? __pfx___x64_sys_mount+0x10/0x10
[ 1170.698504][T17511]  do_syscall_64+0xcd/0x250
[ 1170.700412][T17511]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1170.702788][T17511] RIP: 0033:0x7f697e5779f9
[ 1170.704654][T17511] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1170.712856][T17511] RSP: 002b:00007f697f2df048 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 1170.716503][T17511] RAX: ffffffffffffffda RBX: 00007f697e705f80 RCX: 00007f697e5779f9
[ 1170.719906][T17511] RDX: 0000000020000300 RSI: 00000000200002c0 RDI: 0000000020000100
[ 1170.723802][T17511] RBP: 00007f697f2df0a0 R08: 0000000020000340 R09: 0000000000000000
[ 1170.727319][T17511] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1170.730755][T17511] R13: 000000000000000b R14: 00007f697e705f80 R15: 00007ffd25980038
[ 1170.734201][T17511]  </TASK>
[ 1170.735622][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1170.874605][T17516] FAULT_INJECTION: forcing a failure.
[ 1170.874605][T17516] name failslab, interval 1, probability 0, space 0, times 0
[ 1170.894500][T17516] CPU: 1 UID: 0 PID: 17516 Comm: syz.3.3493 Not tainted 6.11.0-rc1-syzkaller-00233-g948752d2e010 #0
[ 1170.899111][T17516] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 1170.904341][T17516] Call Trace:
[ 1170.905876][T17516]  <TASK>
[ 1170.906920][T17516]  dump_stack_lvl+0x16c/0x1f0
[ 1170.908917][T17516]  should_fail_ex+0x497/0x5b0
[ 1170.911643][T17516]  should_failslab+0xc2/0x120
[ 1170.914577][T17516]  kmem_cache_alloc_noprof+0x6e/0x2f0
[ 1170.917594][T17516]  ? skb_clone+0x190/0x3f0
[ 1170.921204][T17516]  skb_clone+0x190/0x3f0
[ 1170.923092][T17516]  packet_rcv+0x586/0x1520
[ 1170.925088][T17516]  ? __pfx_packet_rcv+0x10/0x10
[ 1170.927392][T17516]  dev_queue_xmit_nit+0x373/0xba0
[ 1170.930121][T17516]  dev_hard_start_xmit+0x56/0x790
[ 1170.932751][T17516]  ? __kasan_slab_alloc+0x89/0x90
[ 1170.935019][T17516]  __dev_queue_xmit+0x7c7/0x4300
[ 1170.937461][T17516]  ? __pfx___dev_queue_xmit+0x10/0x10
[ 1170.940642][T17516]  ? __asan_memcpy+0x3c/0x60
[ 1170.943064][T17516]  ? __asan_memcpy+0x3c/0x60
[ 1170.945741][T17516]  ? __skb_clone+0x570/0x760
[ 1170.948350][T17516]  netlink_deliver_tap+0xa7d/0xd90
[ 1170.951295][T17516]  netlink_unicast+0x606/0x830
[ 1170.954242][T17516]  ? __pfx_netlink_unicast+0x10/0x10
[ 1170.957354][T17516]  netlink_sendmsg+0x8b8/0xd70
[ 1170.959582][T17516]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1170.962321][T17516]  ? __import_iovec+0x1fd/0x6e0
[ 1170.964890][T17516]  ____sys_sendmsg+0xab5/0xc90
[ 1170.967634][T17516]  ? copy_msghdr_from_user+0x10b/0x160
[ 1170.970161][T17516]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1170.973040][T17516]  ? find_held_lock+0x2d/0x110
[ 1170.975445][T17516]  ? __pfx___lock_acquire+0x10/0x10
[ 1170.977669][T17516]  ___sys_sendmsg+0x135/0x1e0
[ 1170.979816][T17516]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1170.982190][T17516]  ? ksys_write+0x21c/0x260
[ 1170.985677][T17516]  ? __fget_light+0x173/0x210
[ 1170.987684][T17516]  __sys_sendmsg+0x117/0x1f0
[ 1170.989751][T17516]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1170.991968][T17516]  do_syscall_64+0xcd/0x250
[ 1170.993874][T17516]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1170.996401][T17516] RIP: 0033:0x7f697e5779f9
[ 1170.998323][T17516] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1171.006672][T17516] RSP: 002b:00007f697f2df048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1171.010343][T17516] RAX: ffffffffffffffda RBX: 00007f697e705f80 RCX: 00007f697e5779f9
[ 1171.014193][T17516] RDX: 0000000000000000 RSI: 0000000020000240 RDI: 0000000000000003
[ 1171.017351][T17516] RBP: 00007f697f2df0a0 R08: 0000000000000000 R09: 0000000000000000
[ 1171.020624][T17516] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1171.024265][T17516] R13: 000000000000000b R14: 00007f697e705f80 R15: 00007ffd25980038
[ 1171.027743][T17516]  </TASK>
[ 1171.029256][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1171.285549][T17523] FAULT_INJECTION: forcing a failure.
[ 1171.285549][T17523] name failslab, interval 1, probability 0, space 0, times 0
[ 1171.291182][T17523] CPU: 0 UID: 0 PID: 17523 Comm: syz.1.3496 Not tainted 6.11.0-rc1-syzkaller-00233-g948752d2e010 #0
[ 1171.295765][T17523] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 1171.300292][T17523] Call Trace:
[ 1171.302630][T17523]  <TASK>
[ 1171.304079][T17523]  dump_stack_lvl+0x16c/0x1f0
[ 1171.306428][T17523]  should_fail_ex+0x497/0x5b0
[ 1171.328291][T17523]  ? fs_reclaim_acquire+0xae/0x160
[ 1171.330128][T17523]  should_failslab+0xc2/0x120
[ 1171.331950][T17523]  kmem_cache_alloc_node_noprof+0x71/0x310
[ 1171.334051][T17523]  ? __alloc_skb+0x2b1/0x380
[ 1171.335577][T17523]  __alloc_skb+0x2b1/0x380
[ 1171.337320][T17523]  ? __pfx___alloc_skb+0x10/0x10
[ 1171.339073][T17523]  ? kasan_quarantine_put+0xf0/0x240
[ 1171.341011][T17523]  inet_netconf_notify_devconf+0x8b/0x1f0
[ 1171.356037][T17523]  inetdev_event+0xf99/0x19b0
[ 1171.358094][T17523]  ? __pfx_inetdev_event+0x10/0x10
[ 1171.360499][T17523]  ? cfg802154_netdev_notifier_call+0x391/0xa00
[ 1171.363658][T17523]  ? __sanitizer_cov_trace_switch+0x54/0x90
[ 1171.366367][T17523]  notifier_call_chain+0xb9/0x410
[ 1171.368464][T17523]  ? __pfx_inetdev_event+0x10/0x10
[ 1171.370519][T17523]  call_netdevice_notifiers_info+0xbe/0x140
[ 1171.372912][T17523]  unregister_netdevice_many_notify+0x8bb/0x1e40
[ 1171.375416][T17523]  ? find_held_lock+0x2d/0x110
[ 1171.377339][T17523]  ? __pfx_unregister_netdevice_many_notify+0x10/0x10
[ 1171.379983][T17523]  ? find_held_lock+0x2d/0x110
[ 1171.381867][T17523]  ? net_generic+0xea/0x2a0
[ 1171.383763][T17523]  ? __pfx_lock_release+0x10/0x10
[ 1171.386041][T17523]  unregister_netdevice_queue+0x307/0x3f0
[ 1171.388651][T17523]  ? net_generic+0xf4/0x2a0
[ 1171.390717][T17523]  ? __pfx_unregister_netdevice_queue+0x10/0x10
[ 1171.393520][T17523]  ? caif_device_notify+0x21d/0x12d0
[ 1171.395831][T17523]  ? __pfx_lowpan_event+0x10/0x10
[ 1171.398088][T17523]  lowpan_dellink+0xb2/0x190
[ 1171.400071][T17523]  lowpan_device_event+0x107/0x140
[ 1171.402073][T17523]  notifier_call_chain+0xb9/0x410
[ 1171.404253][T17523]  ? __pfx_lowpan_device_event+0x10/0x10
[ 1171.406450][T17523]  call_netdevice_notifiers_info+0xbe/0x140
[ 1171.408902][T17523]  __dev_change_net_namespace+0x463/0x1360
[ 1171.411200][T17523]  ? __pfx___lock_acquire+0x10/0x10
[ 1171.413246][T17523]  ? __pfx___dev_change_net_namespace+0x10/0x10
[ 1171.415708][T17523]  ? find_held_lock+0x2d/0x110
[ 1171.417754][T17523]  ? find_held_lock+0x2d/0x110
[ 1171.419830][T17523]  ? get_net_ns_by_pid+0x184/0x2e0
[ 1171.422259][T17523]  ? __pfx_lock_release+0x10/0x10
[ 1171.424658][T17523]  ? do_raw_spin_lock+0x12d/0x2c0
[ 1171.426941][T17523]  ? __pfx_do_raw_spin_lock+0x10/0x10
[ 1171.429377][T17523]  cfg802154_switch_netns+0xbf/0x450
[ 1171.431873][T17523]  nl802154_wpan_phy_netns+0x134/0x2d0
[ 1171.434359][T17523]  genl_family_rcv_msg_doit+0x202/0x2f0
[ 1171.436836][T17523]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[ 1171.440088][T17523]  ? security_capable+0x98/0xd0
[ 1171.442227][T17523]  genl_rcv_msg+0x565/0x800
[ 1171.444359][T17523]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1171.446688][T17523]  ? __pfx___lock_acquire+0x10/0x10
[ 1171.449203][T17523]  ? __pfx_nl802154_pre_doit+0x10/0x10
[ 1171.452138][T17523]  ? __pfx_nl802154_wpan_phy_netns+0x10/0x10
[ 1171.455084][T17523]  ? __pfx_nl802154_post_doit+0x10/0x10
[ 1171.457710][T17523]  ? __pfx___lock_acquire+0x10/0x10
[ 1171.460594][T17523]  netlink_rcv_skb+0x16b/0x440
[ 1171.462886][T17523]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1171.465123][T17523]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1171.467252][T17523]  ? down_read+0xc9/0x330
[ 1171.469377][T17523]  ? __pfx_down_read+0x10/0x10
[ 1171.471581][T17523]  ? netlink_deliver_tap+0x1ae/0xd90
[ 1171.473962][T17523]  genl_rcv+0x28/0x40
[ 1171.475929][T17523]  netlink_unicast+0x544/0x830
[ 1171.478218][T17523]  ? __pfx_netlink_unicast+0x10/0x10
[ 1171.480891][T17523]  netlink_sendmsg+0x8b8/0xd70
[ 1171.483200][T17523]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1171.485650][T17523]  ? __import_iovec+0x1fd/0x6e0
[ 1171.487819][T17523]  ____sys_sendmsg+0xab5/0xc90
[ 1171.489971][T17523]  ? copy_msghdr_from_user+0x10b/0x160
[ 1171.492829][T17523]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1171.495440][T17523]  ? find_held_lock+0x2d/0x110
[ 1171.497770][T17523]  ? __pfx___lock_acquire+0x10/0x10
[ 1171.500213][T17523]  ___sys_sendmsg+0x135/0x1e0
[ 1171.502371][T17523]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1171.504772][T17523]  ? ksys_write+0x21c/0x260
[ 1171.506879][T17523]  ? __fget_light+0x173/0x210
[ 1171.508985][T17523]  __sys_sendmsg+0x117/0x1f0
[ 1171.511084][T17523]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1171.513411][T17523]  do_syscall_64+0xcd/0x250
[ 1171.515495][T17523]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1171.518262][T17523] RIP: 0033:0x7f2977f779f9
[ 1171.520340][T17523] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1171.528694][T17523] RSP: 002b:00007f2978c61048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1171.531931][T17523] RAX: ffffffffffffffda RBX: 00007f2978105f80 RCX: 00007f2977f779f9
[ 1171.535465][T17523] RDX: 0000000000000000 RSI: 0000000020000200 RDI: 000000000000000a
[ 1171.539011][T17523] RBP: 00007f2978c610a0 R08: 0000000000000000 R09: 0000000000000000
[ 1171.542471][T17523] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1171.546040][T17523] R13: 000000000000000b R14: 00007f2978105f80 R15: 00007ffca015a6c8
[ 1171.549614][T17523]  </TASK>
[ 1171.604739][T17532] FAULT_INJECTION: forcing a failure.
[ 1171.604739][T17532] name failslab, interval 1, probability 0, space 0, times 0
[ 1171.618730][T17532] CPU: 0 UID: 0 PID: 17532 Comm: syz.0.3498 Not tainted 6.11.0-rc1-syzkaller-00233-g948752d2e010 #0
[ 1171.623306][T17532] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 1171.627901][T17532] Call Trace:
[ 1171.629324][T17532]  <TASK>
[ 1171.630637][T17532]  dump_stack_lvl+0x16c/0x1f0
[ 1171.632726][T17532]  should_fail_ex+0x497/0x5b0
[ 1171.634782][T17532]  ? fs_reclaim_acquire+0xae/0x160
[ 1171.637033][T17532]  should_failslab+0xc2/0x120
[ 1171.639089][T17532]  __kmalloc_cache_noprof+0x6b/0x300
[ 1171.641389][T17532]  ? snd_pcm_oss_change_params_locked+0x1d6/0x3a60
[ 1171.644224][T17532]  snd_pcm_oss_change_params_locked+0x1d6/0x3a60
[ 1171.646998][T17532]  ? trace_contention_end+0xea/0x140
[ 1171.649112][T17532]  ? __mutex_lock+0x1a6/0x9c0
[ 1171.650762][T17532]  ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10
[ 1171.653334][T17532]  ? snd_pcm_oss_make_ready+0xc4/0x1b0
[ 1171.655646][T17532]  ? __pfx___mutex_lock+0x10/0x10
[ 1171.657762][T17532]  ? snd_pcm_stream_unlock_irq+0x90/0xb0
[ 1171.660212][T17532]  snd_pcm_oss_make_ready+0xe6/0x1b0
[ 1171.662519][T17532]  snd_pcm_oss_set_trigger.isra.0+0x211/0x6b0
[ 1171.665198][T17532]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1171.667475][T17532]  snd_pcm_oss_poll+0x9a0/0xb80
[ 1171.669635][T17532]  ? __pfx_snd_pcm_oss_poll+0x10/0x10
[ 1171.672022][T17532]  do_select+0xca0/0x17b0
[ 1171.673940][T17532]  ? __pfx_snd_pcm_oss_poll+0x10/0x10
[ 1171.676314][T17532]  ? __pfx_do_select+0x10/0x10
[ 1171.678391][T17532]  ? mark_lock+0xb5/0xc60
[ 1171.680113][T17532]  ? hlock_class+0x4e/0x130
[ 1171.682018][T17532]  ? mark_lock+0xb5/0xc60
[ 1171.683749][T17532]  ? __pfx___lock_acquire+0x10/0x10
[ 1171.685961][T17532]  ? __pfx___pollwait+0x10/0x10
[ 1171.698835][T17532]  ? __pfx_pollwake+0x10/0x10
[ 1171.700886][T17532]  ? __pfx_pollwake+0x10/0x10
[ 1171.702787][T17532]  ? __pfx_pollwake+0x10/0x10
[ 1171.704660][T17532]  ? __pfx_pollwake+0x10/0x10
[ 1171.706646][T17532]  ? __pfx___might_resched+0x10/0x10
[ 1171.708968][T17532]  ? __pfx_lock_release+0x10/0x10
[ 1171.711185][T17532]  ? __might_fault+0xe3/0x190
[ 1171.713296][T17532]  ? core_sys_select+0x459/0xb80
[ 1171.715465][T17532]  core_sys_select+0x459/0xb80
[ 1171.717522][T17532]  ? __pfx_core_sys_select+0x10/0x10
[ 1171.719821][T17532]  ? get_pid_task+0xfc/0x250
[ 1171.721861][T17532]  ? set_user_sigmask+0x217/0x2a0
[ 1171.724085][T17532]  ? __pfx_set_user_sigmask+0x10/0x10
[ 1171.726422][T17532]  do_pselect.constprop.0+0x1a0/0x1f0
[ 1171.728788][T17532]  ? __pfx_do_pselect.constprop.0+0x10/0x10
[ 1171.731396][T17532]  __x64_sys_pselect6+0x183/0x240
[ 1171.733653][T17532]  ? __pfx___x64_sys_pselect6+0x10/0x10
[ 1171.736053][T17532]  do_syscall_64+0xcd/0x250
[ 1171.738077][T17532]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1171.740802][T17532] RIP: 0033:0x7f821d1779f9
[ 1171.742833][T17532] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1171.751437][T17532] RSP: 002b:00007f821dfc9048 EFLAGS: 00000246 ORIG_RAX: 000000000000010e
[ 1171.755039][T17532] RAX: ffffffffffffffda RBX: 00007f821d305f80 RCX: 00007f821d1779f9
[ 1171.758395][T17532] RDX: 0000000000000000 RSI: 00000000200001c0 RDI: 0000000000000040
[ 1171.761805][T17532] RBP: 00007f821dfc90a0 R08: 0000000000000000 R09: 0000000000000000
[ 1171.765258][T17532] R10: 00000000200002c0 R11: 0000000000000246 R12: 0000000000000001
[ 1171.768639][T17532] R13: 000000000000000b R14: 00007f821d305f80 R15: 00007ffeae029418
[ 1171.771978][T17532]  </TASK>
[ 1171.907032][T17537] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3499'.
[ 1171.914917][T17537] tmpfs: Unknown parameter 'qsruota'
[ 1172.073247][T17540] syzkaller1: entered promiscuous mode
[ 1172.077689][T17540] syzkaller1: entered allmulticast mode
[ 1172.093408][T17540] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3500'.
[ 1172.385301][ T5360] usb 8-1: new high-speed USB device number 53 using dummy_hcd
[ 1172.508253][ T4766] Bluetooth: hci1: Received unexpected HCI Event 0x00
[ 1172.523652][T17546] netlink: 'syz.0.3503': attribute type 5 has an invalid length.
[ 1172.554419][T17550] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3505'.
[ 1172.585411][ T5360] usb 8-1: Using ep0 maxpacket: 8
[ 1172.600034][ T5360] usb 8-1: config index 0 descriptor too short (expected 301, got 45)
[ 1172.603778][ T5360] usb 8-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config
[ 1172.608998][ T5360] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[ 1172.612854][ T5360] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1172.642869][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1172.855382][ T5328] usb 5-1: new high-speed USB device number 52 using dummy_hcd
[ 1173.015985][ T5328] usb 5-1: device descriptor read/64, error -71
[ 1173.295757][ T5328] usb 5-1: new high-speed USB device number 53 using dummy_hcd
[ 1173.465330][ T5328] usb 5-1: device descriptor read/64, error -71
[ 1173.585596][ T5328] usb usb5-port1: attempt power cycle
[ 1173.897799][T17574] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3510'.
[ 1173.919852][T17574] tmpfs: Unknown parameter 'qsruota'
[ 1173.995280][ T5328] usb 5-1: new high-speed USB device number 54 using dummy_hcd
[ 1174.025942][ T5328] usb 5-1: device descriptor read/8, error -71
[ 1174.305285][ T5328] usb 5-1: new high-speed USB device number 55 using dummy_hcd
[ 1174.346070][ T5328] usb 5-1: device descriptor read/8, error -71
[ 1174.465532][ T5328] usb usb5-port1: unable to enumerate USB device
[ 1174.641802][ T4766] Bluetooth: hci0: unexpected event for opcode 0x0c03
[ 1174.763766][T17585] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3513'.
[ 1174.773177][T17585] tmpfs: Unknown parameter 'qsruota'
[ 1175.107928][T16555] usb 8-1: USB disconnect, device number 53
[ 1175.312749][T17591] netlink: 84 bytes leftover after parsing attributes in process `syz.3.3515'.
[ 1175.325306][ T5360] usb 7-1: new high-speed USB device number 44 using dummy_hcd
[ 1175.515935][ T5360] usb 7-1: Using ep0 maxpacket: 8
[ 1175.543407][ T5360] usb 7-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config
[ 1175.548267][ T5360] usb 7-1: config 16 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[ 1175.554255][ T5360] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[ 1175.568729][ T5360] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1175.577976][ T5360] usbtmc 7-1:16.0: bulk endpoints not found
[ 1175.689482][T17595] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3517'.
[ 1175.803073][T17602] syz.1.3519: attempt to access beyond end of device
[ 1175.803073][T17602] nbd1: rw=0, sector=6, nr_sectors = 2 limit=0
[ 1175.811345][T17604] audit_log_lost: 50 callbacks suppressed
[ 1175.811358][T17604] audit: audit_lost=1 audit_rate_limit=0 audit_backlog_limit=64
[ 1175.814097][T17602] ADFS-fs (nbd1): error: unable to read block 3, try 0
[ 1175.817694][T17604] audit: out of memory in audit_log_start
[ 1176.163206][T17617] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3524'.
[ 1176.169770][T17617] tmpfs: Unknown parameter 'qsruota'
[ 1176.305438][   T57] usb 5-1: new high-speed USB device number 56 using dummy_hcd
[ 1176.494222][   T57] usb 5-1: Using ep0 maxpacket: 8
[ 1176.510098][T17621] dummy0: entered promiscuous mode
[ 1176.546499][T17621] dummy0: left promiscuous mode
[ 1176.621415][   T57] usb 5-1: config index 0 descriptor too short (expected 301, got 45)
[ 1176.625387][   T57] usb 5-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config
[ 1176.630061][   T57] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[ 1176.634036][   T57] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1176.789278][T17631] netlink: 68 bytes leftover after parsing attributes in process `syz.3.3530'.
[ 1176.827052][   T39] audit: type=1400 audit(1722639751.387:9602): avc:  denied  { write } for  pid=17628 comm="syz.1.3529" name="sg0" dev="devtmpfs" ino=707 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[ 1178.223860][ T6146] usb 7-1: USB disconnect, device number 44
[ 1178.387130][T17663] tmpfs: Bad value for 'mpol'
[ 1178.676184][ T4766] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0
[ 1178.680984][ T4766] Bluetooth: hci0: Injecting HCI hardware error event
[ 1178.687555][ T5396] Bluetooth: hci0: hardware error 0x00
[ 1178.751009][T17675] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3542'.
[ 1178.844760][ T4766] Bluetooth: hci4: unexpected event for opcode 0x040e
[ 1179.038515][T16555] usb 5-1: USB disconnect, device number 56
[ 1179.193589][   T39] audit: type=1400 audit(1722639753.747:9603): avc:  denied  { map } for  pid=17685 comm="syz.1.3544" path="/dev/binderfs/binder0" dev="binder" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[ 1179.194576][T17686] binder: BINDER_SET_CONTEXT_MGR already set
[ 1179.236931][T17686] binder: 17685:17686 ioctl 4018620d 200001c0 returned -16
[ 1179.278942][T17686] binder: 17685:17686 ioctl c0306201 20000480 returned -22
[ 1180.204262][T17715] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3551'.
[ 1180.234379][   T39] audit: type=1400 audit(1722639754.787:9604): avc:  denied  { ioctl } for  pid=17717 comm="syz.2.3552" path="socket:[87010]" dev="sockfs" ino=87010 ioctlcmd=0x8bdf scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[ 1180.279495][T14283] usb 8-1: new high-speed USB device number 54 using dummy_hcd
[ 1180.487098][T14283] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1180.491957][T14283] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1180.505243][T14283] usb 8-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[ 1180.509515][T14283] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1180.516796][T14283] usb 8-1: config 0 descriptor??
[ 1180.535357][T16555] usb 7-1: new high-speed USB device number 45 using dummy_hcd
[ 1180.644486][T17727] syzkaller1: entered promiscuous mode
[ 1180.652029][T17727] syzkaller1: entered allmulticast mode
[ 1180.705220][T17727] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3555'.
[ 1180.713719][   T39] audit: type=1400 audit(1722639755.267:9605): avc:  denied  { mount } for  pid=17722 comm="syz.0.3554" name="/" dev="configfs" ino=2101 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=filesystem permissive=1
[ 1180.735423][T16555] usb 7-1: Using ep0 maxpacket: 8
[ 1180.740246][T16555] usb 7-1: config index 0 descriptor too short (expected 301, got 45)
[ 1180.746567][T16555] usb 7-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config
[ 1180.754328][T16555] usb 7-1: config 16 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[ 1180.765328][ T5396] Bluetooth: hci0: Opcode 0x0c03 failed: -110
[ 1180.775412][T16555] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[ 1180.779112][T16555] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1180.788643][T16555] usbtmc 7-1:16.0: bulk endpoints not found
[ 1180.931097][   T39] audit: type=1400 audit(1722639755.487:9606): avc:  denied  { remount } for  pid=17705 comm="syz.3.3547" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1
[ 1180.931204][T17706] devpts: called with bogus options
[ 1181.250995][T17730] FAULT_INJECTION: forcing a failure.
[ 1181.250995][T17730] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1181.257390][T17730] CPU: 3 UID: 0 PID: 17730 Comm: syz.0.3556 Not tainted 6.11.0-rc1-syzkaller-00233-g948752d2e010 #0
[ 1181.261875][T17730] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 1181.266334][T17730] Call Trace:
[ 1181.267793][T17730]  <TASK>
[ 1181.268968][T17730]  dump_stack_lvl+0x16c/0x1f0
[ 1181.271008][T17730]  should_fail_ex+0x497/0x5b0
[ 1181.273032][T17730]  _copy_from_user+0x30/0xf0
[ 1181.275049][T17730]  bpf_prog_load+0x1bc1/0x2660
[ 1181.277068][T17730]  ? __pfx_bpf_prog_load+0x10/0x10
[ 1181.279277][T17730]  ? avc_has_perm+0x11b/0x1c0
[ 1181.281258][T17730]  ? selinux_bpf+0xde/0x130
[ 1181.283204][T17730]  ? security_bpf+0x8c/0xc0
[ 1181.285124][T17730]  __sys_bpf+0x8e9/0x4a20
[ 1181.286974][T17730]  ? ksys_write+0x21c/0x260
[ 1181.288913][T17730]  ? reacquire_held_locks+0x3f0/0x4c0
[ 1181.291173][T17730]  ? __pfx___sys_bpf+0x10/0x10
[ 1181.293089][T17730]  ? vfs_write+0x14d/0x1140
[ 1181.295001][T17730]  ? __mutex_unlock_slowpath+0x164/0x650
[ 1181.297345][T17730]  ? fput+0x32/0x390
[ 1181.299027][T17730]  ? ksys_write+0x1ab/0x260
[ 1181.300952][T17730]  ? __pfx_ksys_write+0x10/0x10
[ 1181.302776][T17730]  __x64_sys_bpf+0x78/0xc0
[ 1181.304438][T17730]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1181.306505][T17730]  do_syscall_64+0xcd/0x250
[ 1181.308477][T17730]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1181.310993][T17730] RIP: 0033:0x7f821d1779f9
[ 1181.312866][T17730] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1181.320844][T17730] RSP: 002b:00007f821dfc9048 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 1181.324319][T17730] RAX: ffffffffffffffda RBX: 00007f821d305f80 RCX: 00007f821d1779f9
[ 1181.327607][T17730] RDX: 0000000000000090 RSI: 0000000020000440 RDI: 0000000000000005
[ 1181.330909][T17730] RBP: 00007f821dfc90a0 R08: 0000000000000000 R09: 0000000000000000
[ 1181.334186][T17730] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1181.337464][T17730] R13: 000000000000000b R14: 00007f821d305f80 R15: 00007ffeae029418
[ 1181.340736][T17730]  </TASK>
[ 1181.377201][T14283] uclogic 0003:256C:006D.004E: failed retrieving Huion firmware version: -71
[ 1181.381385][T14283] uclogic 0003:256C:006D.004E: failed probing parameters: -71
[ 1181.384795][T14283] uclogic 0003:256C:006D.004E: probe with driver uclogic failed with error -71
[ 1181.390942][T14283] usb 8-1: USB disconnect, device number 54
[ 1181.795286][T16551] usb 6-1: new high-speed USB device number 58 using dummy_hcd
[ 1182.011085][T16551] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[ 1182.016652][T16551] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[ 1182.021162][T16551] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 1182.025641][T16551] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1182.032795][T17737] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[ 1182.047377][T16551] usb 6-1: Quirk or no altset; falling back to MIDI 1.0
[ 1182.137730][T17753] syzkaller0: entered allmulticast mode
[ 1182.618067][ T5436] usb 6-1: USB disconnect, device number 58
[ 1183.187305][T17769] FAULT_INJECTION: forcing a failure.
[ 1183.187305][T17769] name failslab, interval 1, probability 0, space 0, times 0
[ 1183.195927][T17769] CPU: 3 UID: 0 PID: 17769 Comm: syz.0.3568 Not tainted 6.11.0-rc1-syzkaller-00233-g948752d2e010 #0
[ 1183.201435][T17769] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 1183.208908][T17769] Call Trace:
[ 1183.210977][T17769]  <TASK>
[ 1183.212571][T17769]  dump_stack_lvl+0x16c/0x1f0
[ 1183.217079][T17769]  should_fail_ex+0x497/0x5b0
[ 1183.219346][T17769]  ? fs_reclaim_acquire+0xae/0x160
[ 1183.221786][T17769]  should_failslab+0xc2/0x120
[ 1183.224089][T17769]  __kmalloc_cache_noprof+0x6b/0x300
[ 1183.226546][T17769]  ? sctp_association_new+0x97/0x2ad0
[ 1183.229177][T17769]  sctp_association_new+0x97/0x2ad0
[ 1183.231691][T17769]  ? __sanitizer_cov_trace_switch+0x54/0x90
[ 1183.234472][T17769]  ? sctp_v4_scope+0x183/0x1a0
[ 1183.236797][T17769]  sctp_connect_new_asoc+0x1b7/0x790
[ 1183.239527][T17769]  ? __pfx_sctp_connect_new_asoc+0x10/0x10
[ 1183.243537][T17769]  ? selinux_sctp_bind_connect+0x112/0x2c0
[ 1183.247395][T17769]  sctp_sendmsg+0x1610/0x1eb0
[ 1183.250398][T17769]  ? __pfx_sctp_sendmsg+0x10/0x10
[ 1183.252681][T17769]  ? sock_has_perm+0x25a/0x2f0
[ 1183.255474][T17769]  ? __might_fault+0xe3/0x190
[ 1183.258039][T17769]  ? __pfx_sctp_sendmsg+0x10/0x10
[ 1183.260463][T17769]  inet_sendmsg+0x119/0x140
[ 1183.264585][T17769]  __sys_sendto+0x42c/0x4e0
[ 1183.266628][T17769]  ? __pfx___sys_sendto+0x10/0x10
[ 1183.269145][T17769]  ? ksys_write+0x1ab/0x260
[ 1183.271371][T17769]  ? __pfx_ksys_write+0x10/0x10
[ 1183.274011][T17769]  __x64_sys_sendto+0xe0/0x1c0
[ 1183.276550][T17769]  ? do_syscall_64+0x91/0x250
[ 1183.278847][T17769]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1183.281297][T17769]  do_syscall_64+0xcd/0x250
[ 1183.283395][T17769]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1183.286111][T17769] RIP: 0033:0x7f821d1779f9
[ 1183.288424][T17769] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1183.297768][T17769] RSP: 002b:00007f821dfa8048 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[ 1183.301558][T17769] RAX: ffffffffffffffda RBX: 00007f821d306058 RCX: 00007f821d1779f9
[ 1183.305500][T17769] RDX: 0000000000034000 RSI: 0000000020000300 RDI: 0000000000000004
[ 1183.309504][T17769] RBP: 00007f821dfa80a0 R08: 0000000020000380 R09: 0000000000000010
[ 1183.313332][T17769] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1183.317038][T17769] R13: 000000000000006e R14: 00007f821d306058 R15: 00007ffeae029418
[ 1183.320711][T17769]  </TASK>
[ 1183.334534][T17771] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3569'.
[ 1183.343673][ T5429] usb 7-1: USB disconnect, device number 45
[ 1183.597275][T17782] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3572'.
[ 1183.602937][T17782] tmpfs: Unknown parameter 'qsruota'
[ 1184.008466][   T39] audit: type=1400 audit(1722639758.567:9607): avc:  denied  { bind } for  pid=17783 comm="syz.3.3574" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1
[ 1184.016826][   T39] audit: type=1400 audit(1722639758.577:9608): avc:  denied  { name_bind } for  pid=17783 comm="syz.3.3574" src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=dccp_socket permissive=1
[ 1184.035356][   T39] audit: type=1400 audit(1722639758.577:9609): avc:  denied  { node_bind } for  pid=17783 comm="syz.3.3574" src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=dccp_socket permissive=1
[ 1184.054987][   T39] audit: type=1400 audit(1722639758.587:9610): avc:  denied  { accept } for  pid=17783 comm="syz.3.3574" lport=20003 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1
[ 1184.070312][   T39] audit: type=1400 audit(1722639758.587:9611): avc:  denied  { create } for  pid=17783 comm="syz.3.3574" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1
[ 1184.291318][T17788] syzkaller1: entered promiscuous mode
[ 1184.293584][T17788] syzkaller1: entered allmulticast mode
[ 1184.312282][T17788] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3575'.
[ 1184.317435][T17792] syz.2.3573 (17792): /proc/17787/oom_adj is deprecated, please use /proc/17787/oom_score_adj instead.
[ 1184.363433][T17792] tipc: Started in network mode
[ 1184.370351][T17792] tipc: Node identity ae19b715e4ed, cluster identity 4711
[ 1184.374108][T17792] tipc: Enabled bearer <eth:hsr0>, priority 10
[ 1184.613129][T17796] bridge0: port 3(team0) entered disabled state
[ 1184.615813][T17796] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1184.619483][T17796] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1184.926426][T17800] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3579'.
[ 1185.076856][  T830] usb 6-1: new high-speed USB device number 59 using dummy_hcd
[ 1185.103016][T17806] bridge_slave_0: left allmulticast mode
[ 1185.105888][T17806] bridge_slave_0: left promiscuous mode
[ 1185.108814][T17806] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1185.132775][T17806] bridge_slave_1: left allmulticast mode
[ 1185.138910][T17806] bridge_slave_1: left promiscuous mode
[ 1185.143761][T17806] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1185.154279][T17806] bond0: (slave bond_slave_0): Releasing backup interface
[ 1185.172527][T17806] bond0: (slave bond_slave_1): Releasing backup interface
[ 1185.220348][T17806] team0: Port device team_slave_0 removed
[ 1185.239451][T17806] team0: Port device team_slave_1 removed
[ 1185.242943][T17806] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1185.249374][T17806] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1185.254587][T17806] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1185.258040][T17806] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1185.266511][  T830] usb 6-1: Using ep0 maxpacket: 8
[ 1185.279313][T17806] mac80211_hwsim hwsim35 wlan1: left allmulticast mode
[ 1185.281294][  T830] usb 6-1: config index 0 descriptor too short (expected 301, got 45)
[ 1185.287505][  T830] usb 6-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config
[ 1185.291241][T17811] bridge0: port 1(veth0) entered blocking state
[ 1185.294257][T17811] bridge0: port 1(veth0) entered disabled state
[ 1185.297627][  T830] usb 6-1: config 16 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[ 1185.297671][  T830] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[ 1185.297691][  T830] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1185.301613][  T830] usbtmc 6-1:16.0: bulk endpoints not found
[ 1185.314075][T17811] veth0: entered allmulticast mode
[ 1185.320090][T17811] veth0: entered promiscuous mode
[ 1185.323257][T17811] bridge0: port 1(veth0) entered blocking state
[ 1185.325925][T17811] bridge0: port 1(veth0) entered forwarding state
[ 1185.367874][  T830] tipc: Node number set to 1257551637
[ 1185.500296][ T5396] BUG: sleeping function called from invalid context at kernel/locking/mutex.c:585
[ 1185.507847][ T5396] in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 5396, name: kworker/u33:4
[ 1185.509600][   T39] audit: type=1400 audit(1722639760.067:9612): avc:  denied  { write } for  pid=5373 comm="syz-executor" path="pipe:[1924]" dev="pipefs" ino=1924 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1
[ 1185.513769][ T5396] preempt_count: 0, expected: 0
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[ 1185.526348][ T5396] RCU nest depth: 1, expected: 0
[ 1185.528538][ T5396] 4 locks held by kworker/u33:4/5396:
[ 1185.530797][ T5396]  #0: ffff888045a21948 ((wq_completion)hci4#2){+.+.}-{0:0}, at: process_one_work+0x1277/0x1b40
[ 1185.537494][ T5396]  #1: ffffc9000334fd80 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work+0x921/0x1b40
[ 1185.545634][ T5396]  #2: ffff888024c5c078 (&hdev->lock){+.+.}-{3:3}, at: hci_le_create_big_complete_evt+0xde/0xb30
[ 1185.549517][ T5396]  #3: ffffffff8ddb53a0 (rcu_read_lock){....}-{1:2}, at: hci_le_create_big_complete_evt+0x100/0xb30
[ 1185.558542][ T5396] CPU: 3 UID: 0 PID: 5396 Comm: kworker/u33:4 Not tainted 6.11.0-rc1-syzkaller-00233-g948752d2e010 #0
[ 1185.563436][ T5396] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 1185.567928][ T5396] Workqueue: hci4 hci_rx_work
[ 1185.569925][ T5396] Call Trace:
[ 1185.571400][ T5396]  <TASK>
[ 1185.572784][ T5396]  dump_stack_lvl+0x16c/0x1f0
[ 1185.575055][ T5396]  __might_resched+0x3c0/0x5e0
[ 1185.577182][ T5396]  ? __pfx___might_resched+0x10/0x10
[ 1185.579575][ T5396]  ? __pfx___lock_acquire+0x10/0x10
[ 1185.581637][ T5396]  ? rcu_is_watching+0x12/0xc0
[ 1185.583505][ T5396]  __mutex_lock+0xe2/0x9c0
[ 1185.585232][ T5396]  ? hci_le_create_big_complete_evt+0x387/0xb30
[ 1185.587587][ T5396]  ? __pfx___mutex_lock+0x10/0x10
[ 1185.589521][ T5396]  ? __pfx_lock_acquire+0x10/0x10
[ 1185.591446][ T5396]  ? find_held_lock+0x2d/0x110
[ 1185.593300][ T5396]  ? hci_event_packet+0x438/0x1180
[ 1185.595447][ T5396]  ? __pfx_lock_release+0x10/0x10
[ 1185.597432][ T5396]  ? hci_le_create_big_complete_evt+0x387/0xb30
[ 1185.599801][ T5396]  hci_le_create_big_complete_evt+0x387/0xb30
[ 1185.602104][ T5396]  ? __mutex_unlock_slowpath+0x164/0x650
[ 1185.604240][ T5396]  ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[ 1185.606779][ T5396]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 1185.609362][ T5396]  ? skb_pull_data+0x166/0x210
[ 1185.611463][ T5396]  hci_le_meta_evt+0x2e2/0x5d0
[ 1185.613536][ T5396]  ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[ 1185.616530][ T5396]  hci_event_packet+0x666/0x1180
[ 1185.618685][ T5396]  ? __pfx_hci_le_meta_evt+0x10/0x10
[ 1185.621238][ T5396]  ? __pfx_hci_event_packet+0x10/0x10
[ 1185.623555][ T5396]  ? mark_held_locks+0x9f/0xe0
[ 1185.625621][ T5396]  ? kcov_remote_start+0x3d1/0x6e0
[ 1185.627931][ T5396]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1185.630407][ T5396]  hci_rx_work+0x2c6/0x1610
[ 1185.632427][ T5396]  process_one_work+0x9c5/0x1b40
[ 1185.634665][ T5396]  ? __pfx_lock_acquire+0x10/0x10
[ 1185.635265][   T39] audit: type=1400 audit(1722639760.187:9613): avc:  denied  { read } for  pid=4809 comm="syslogd" name="log" dev="sda1" ino=1915 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1
[ 1185.636919][ T5396]  ? __pfx_process_one_work+0x10/0x10
[ 1185.647187][   T39] audit: type=1400 audit(1722639760.187:9614): avc:  denied  { search } for  pid=4809 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 1185.649310][ T5396]  ? assign_work+0x1a0/0x250
[ 1185.661500][ T5396]  worker_thread+0x6c8/0xf20
[ 1185.663544][ T5396]  ? __pfx_worker_thread+0x10/0x10
[ 1185.665847][ T5396]  kthread+0x2c1/0x3a0
[ 1185.667650][ T5396]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1185.669900][ T5396]  ? __pfx_kthread+0x10/0x10
[ 1185.671919][ T5396]  ret_from_fork+0x45/0x80
[ 1185.673900][ T5396]  ? __pfx_kthread+0x10/0x10
[ 1185.675916][ T5396]  ret_from_fork_asm+0x1a/0x30
[ 1185.678006][ T5396]  </TASK>
[ 1185.679527][   T39] audit: type=1400 audit(1722639760.187:9615): avc:  denied  { append } for  pid=4809 comm="syslogd" name="messages" dev="tmpfs" ino=10 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 1185.679801][ T5396] 
[ 1185.689721][ T5396] =============================
[ 1185.691566][ T5396] [ BUG: Invalid wait context ]
[ 1185.693416][ T5396] 6.11.0-rc1-syzkaller-00233-g948752d2e010 #0 Tainted: G        W         
[ 1185.696972][ T5396] -----------------------------
[ 1185.699108][ T5396] kworker/u33:4/5396 is trying to lock:
[ 1185.701483][ T5396] ffffffff8fc84368 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_le_create_big_complete_evt+0x387/0xb30
[ 1185.706062][ T5396] other info that might help us debug this:
[ 1185.708641][ T5396] context-{4:4}
[ 1185.710169][ T5396] 4 locks held by kworker/u33:4/5396:
[ 1185.712476][ T5396]  #0: ffff888045a21948 ((wq_completion)hci4#2){+.+.}-{0:0}, at: process_one_work+0x1277/0x1b40
[ 1185.716979][ T5396]  #1: ffffc9000334fd80 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work+0x921/0x1b40
[ 1185.721822][ T5396]  #2: ffff888024c5c078 (&hdev->lock){+.+.}-{3:3}, at: hci_le_create_big_complete_evt+0xde/0xb30
[ 1185.726367][ T5396]  #3: ffffffff8ddb53a0 (rcu_read_lock){....}-{1:2}, at: hci_le_create_big_complete_evt+0x100/0xb30
[ 1185.730965][ T5396] stack backtrace:
[ 1185.732603][ T5396] CPU: 3 UID: 0 PID: 5396 Comm: kworker/u33:4 Tainted: G        W          6.11.0-rc1-syzkaller-00233-g948752d2e010 #0
[ 1185.737922][ T5396] Tainted: [W]=WARN
[ 1185.739603][ T5396] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 1185.744169][ T5396] Workqueue: hci4 hci_rx_work
[ 1185.746077][ T5396] Call Trace:
[ 1185.747548][ T5396]  <TASK>
[ 1185.748848][ T5396]  dump_stack_lvl+0x116/0x1f0
[ 1185.750896][ T5396]  __lock_acquire+0x13cc/0x3cb0
[ 1185.752998][ T5396]  ? __pfx___lock_acquire+0x10/0x10
[ 1185.755264][ T5396]  ? irqentry_exit+0x3b/0x90
[ 1185.757257][ T5396]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1185.759462][ T5396]  lock_acquire+0x1b1/0x560
[ 1185.761420][ T5396]  ? hci_le_create_big_complete_evt+0x387/0xb30
[ 1185.764090][ T5396]  ? __pfx_lock_acquire+0x10/0x10
[ 1185.766231][ T5396]  ? dump_stack_lvl+0x1a3/0x1f0
[ 1185.768427][ T5396]  ? add_taint+0x5f/0xd0
[ 1185.770244][ T5396]  ? __might_resched+0x3cc/0x5e0
[ 1185.772422][ T5396]  ? __pfx___might_resched+0x10/0x10
[ 1185.774728][ T5396]  ? __pfx___lock_acquire+0x10/0x10
[ 1185.776922][ T5396]  __mutex_lock+0x175/0x9c0
[ 1185.778829][ T5396]  ? hci_le_create_big_complete_evt+0x387/0xb30
[ 1185.781470][ T5396]  ? hci_le_create_big_complete_evt+0x387/0xb30
[ 1185.783714][ T5429] usb 6-1: USB disconnect, device number 59
[ 1185.784139][ T5396]  ? __pfx___mutex_lock+0x10/0x10
[ 1185.788454][ T5396]  ? __pfx_lock_acquire+0x10/0x10
[ 1185.790354][ T5396]  ? find_held_lock+0x2d/0x110
[ 1185.792227][ T5396]  ? hci_event_packet+0x438/0x1180
[ 1185.794432][ T5396]  ? __pfx_lock_release+0x10/0x10
[ 1185.796623][ T5396]  ? hci_le_create_big_complete_evt+0x387/0xb30
[ 1185.799310][ T5396]  hci_le_create_big_complete_evt+0x387/0xb30
[ 1185.801869][ T5396]  ? __mutex_unlock_slowpath+0x164/0x650
[ 1185.804337][ T5396]  ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[ 1185.807187][ T5396]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 1185.809702][ T5396]  ? skb_pull_data+0x166/0x210
[ 1185.811667][ T5396]  hci_le_meta_evt+0x2e2/0x5d0
[ 1185.813751][ T5396]  ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[ 1185.816593][ T5396]  hci_event_packet+0x666/0x1180
[ 1185.818751][ T5396]  ? __pfx_hci_le_meta_evt+0x10/0x10
[ 1185.821038][ T5396]  ? __pfx_hci_event_packet+0x10/0x10
[ 1185.823376][ T5396]  ? mark_held_locks+0x9f/0xe0
[ 1185.825474][ T5396]  ? kcov_remote_start+0x3d1/0x6e0
[ 1185.827708][ T5396]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1185.829873][ T5396]  hci_rx_work+0x2c6/0x1610
[ 1185.831688][ T5396]  process_one_work+0x9c5/0x1b40
[ 1185.833818][ T5396]  ? __pfx_lock_acquire+0x10/0x10
[ 1185.836024][ T5396]  ? __pfx_process_one_work+0x10/0x10
[ 1185.838350][ T5396]  ? assign_work+0x1a0/0x250
[ 1185.840360][ T5396]  worker_thread+0x6c8/0xf20
[ 1185.842364][ T5396]  ? __pfx_worker_thread+0x10/0x10
[ 1185.844579][ T5396]  kthread+0x2c1/0x3a0
[ 1185.846345][ T5396]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1185.848608][ T5396]  ? __pfx_kthread+0x10/0x10
[ 1185.850614][ T5396]  ret_from_fork+0x45/0x80
[ 1185.852570][ T5396]  ? __pfx_kthread+0x10/0x10
[ 1185.854568][ T5396]  ret_from_fork_asm+0x1a/0x30
[ 1185.856655][ T5396]  </TASK>
[ 1185.858977][ T5396] ==================================================================
[ 1185.862391][ T5396] BUG: KASAN: slab-use-after-free in hci_le_create_big_complete_evt+0xa62/0xb30
[ 1185.865799][ T5396] Read of size 8 at addr ffff8880253f0000 by task kworker/u33:4/5396
[ 1185.869064][ T5396] 
[ 1185.870082][ T5396] CPU: 3 UID: 0 PID: 5396 Comm: kworker/u33:4 Tainted: G        W          6.11.0-rc1-syzkaller-00233-g948752d2e010 #0
[ 1185.875141][ T5396] Tainted: [W]=WARN
[ 1185.876673][ T5396] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 1185.880963][ T5396] Workqueue: hci4 hci_rx_work
[ 1185.882892][ T5396] Call Trace:
[ 1185.884391][ T5396]  <TASK>
[ 1185.885724][ T5396]  dump_stack_lvl+0x116/0x1f0
[ 1185.887851][ T5396]  print_report+0xc3/0x620
[ 1185.889731][ T5396]  ? __virt_addr_valid+0x5e/0x590
[ 1185.891698][ T5396]  ? __phys_addr+0xc6/0x150
[ 1185.893462][ T5396]  kasan_report+0xd9/0x110
[ 1185.895209][ T5396]  ? hci_le_create_big_complete_evt+0xa62/0xb30
[ 1185.897609][ T5396]  ? hci_le_create_big_complete_evt+0xa62/0xb30
[ 1185.899972][ T5396]  hci_le_create_big_complete_evt+0xa62/0xb30
[ 1185.902038][ T5396]  ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[ 1185.904820][ T5396]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 1185.907329][ T5396]  ? skb_pull_data+0x166/0x210
[ 1185.909403][ T5396]  hci_le_meta_evt+0x2e2/0x5d0
[ 1185.911230][ T5396]  ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[ 1185.914097][ T5396]  hci_event_packet+0x666/0x1180
[ 1185.915980][ T5396]  ? __pfx_hci_le_meta_evt+0x10/0x10
[ 1185.918153][ T5396]  ? __pfx_hci_event_packet+0x10/0x10
[ 1185.920412][ T5396]  ? mark_held_locks+0x9f/0xe0
[ 1185.922606][ T5396]  ? kcov_remote_start+0x3d1/0x6e0
[ 1185.924928][ T5396]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1185.927285][ T5396]  hci_rx_work+0x2c6/0x1610
[ 1185.929341][ T5396]  process_one_work+0x9c5/0x1b40
[ 1185.931727][ T5396]  ? __pfx_lock_acquire+0x10/0x10
[ 1185.934031][ T5396]  ? __pfx_process_one_work+0x10/0x10
[ 1185.936420][ T5396]  ? assign_work+0x1a0/0x250
[ 1185.938484][ T5396]  worker_thread+0x6c8/0xf20
[ 1185.940556][ T5396]  ? __pfx_worker_thread+0x10/0x10
[ 1185.942680][ T5396]  kthread+0x2c1/0x3a0
[ 1185.944091][ T5396]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1185.945893][ T5396]  ? __pfx_kthread+0x10/0x10
[ 1185.947582][ T5396]  ret_from_fork+0x45/0x80
[ 1185.949658][ T5396]  ? __pfx_kthread+0x10/0x10
[ 1185.951773][ T5396]  ret_from_fork_asm+0x1a/0x30
[ 1185.953866][ T5396]  </TASK>
[ 1185.955096][ T5396] 
[ 1185.956141][ T5396] Allocated by task 5396:
[ 1185.957976][ T5396]  kasan_save_stack+0x33/0x60
[ 1185.959895][ T5396]  kasan_save_track+0x14/0x30
[ 1185.961688][ T5396]  __kasan_kmalloc+0xaa/0xb0
[ 1185.963456][ T5396]  __hci_conn_add+0x131/0x1a50
[ 1185.965312][ T5396]  hci_conn_add+0x56/0x70
[ 1185.967219][ T5396]  hci_le_big_sync_established_evt+0x73f/0xad0
[ 1185.970006][ T5396]  hci_le_meta_evt+0x2e2/0x5d0
[ 1185.972212][ T5396]  hci_event_packet+0x666/0x1180
[ 1185.974459][ T5396]  hci_rx_work+0x2c6/0x1610
[ 1185.976324][ T5396]  process_one_work+0x9c5/0x1b40
[ 1185.978290][ T5396]  worker_thread+0x6c8/0xf20
[ 1185.980128][ T5396]  kthread+0x2c1/0x3a0
[ 1185.981702][ T5396]  ret_from_fork+0x45/0x80
[ 1185.984123][ T5396]  ret_from_fork_asm+0x1a/0x30
[ 1185.986301][ T5396] 
[ 1185.987417][ T5396] Freed by task 5396:
[ 1185.989240][ T5396]  kasan_save_stack+0x33/0x60
[ 1185.991397][ T5396]  kasan_save_track+0x14/0x30
[ 1185.993549][ T5396]  kasan_save_free_info+0x3b/0x60
[ 1185.995851][ T5396]  poison_slab_object+0xf7/0x160
[ 1185.998018][ T5396]  __kasan_slab_free+0x32/0x50
[ 1186.000103][ T5396]  kfree+0x12a/0x3b0
[ 1186.001585][ T5396]  device_release+0xa1/0x240
[ 1186.003720][ T5396]  kobject_put+0x1fa/0x5b0
[ 1186.005665][ T5396]  put_device+0x1f/0x30
[ 1186.007139][ T5396]  hci_conn_del_sysfs+0x151/0x180
[ 1186.008934][ T5396]  hci_conn_del+0x54e/0xdb0
[ 1186.010616][ T5396]  hci_le_create_big_complete_evt+0x4ba/0xb30
[ 1186.013346][ T5396]  hci_le_meta_evt+0x2e2/0x5d0
[ 1186.015435][ T5396]  hci_event_packet+0x666/0x1180
[ 1186.017453][ T5396]  hci_rx_work+0x2c6/0x1610
[ 1186.019554][ T5396]  process_one_work+0x9c5/0x1b40
[ 1186.021770][ T5396]  worker_thread+0x6c8/0xf20
[ 1186.023858][ T5396]  kthread+0x2c1/0x3a0
[ 1186.025715][ T5396]  ret_from_fork+0x45/0x80
[ 1186.027755][ T5396]  ret_from_fork_asm+0x1a/0x30
[ 1186.029955][ T5396] 
[ 1186.030947][ T5396] The buggy address belongs to the object at ffff8880253f0000
[ 1186.030947][ T5396]  which belongs to the cache kmalloc-8k of size 8192
[ 1186.036496][ T5396] The buggy address is located 0 bytes inside of
[ 1186.036496][ T5396]  freed 8192-byte region [ffff8880253f0000, ffff8880253f2000)
[ 1186.042404][ T5396] 
[ 1186.043499][ T5396] The buggy address belongs to the physical page:
[ 1186.046349][ T5396] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff8880253f4000 pfn:0x253f0
[ 1186.050390][ T5396] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 1186.054448][ T5396] flags: 0xfff00000000240(workingset|head|node=0|zone=1|lastcpupid=0x7ff)
[ 1186.058161][ T5396] page_type: 0xfdffffff(slab)
[ 1186.060206][ T5396] raw: 00fff00000000240 ffff888015843180 ffffea000120f210 ffff888015840ac8
[ 1186.063959][ T5396] raw: ffff8880253f4000 0000000000020001 00000001fdffffff 0000000000000000
[ 1186.067765][ T5396] head: 00fff00000000240 ffff888015843180 ffffea000120f210 ffff888015840ac8
[ 1186.071758][ T5396] head: ffff8880253f4000 0000000000020001 00000001fdffffff 0000000000000000
[ 1186.075638][ T5396] head: 00fff00000000003 ffffea000094fc01 ffffffffffffffff 0000000000000000
[ 1186.079537][ T5396] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[ 1186.083466][ T5396] page dumped because: kasan: bad access detected
[ 1186.086320][ T5396] page_owner tracks the page as allocated
[ 1186.088873][ T5396] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 10773, tgid 10773 (syz-executor), ts 862334047436, free_ts 862293636655
[ 1186.099010][ T5396]  post_alloc_hook+0x2d1/0x350
[ 1186.101168][ T5396]  get_page_from_freelist+0x1351/0x2e50
[ 1186.103682][ T5396]  __alloc_pages_noprof+0x22b/0x2460
[ 1186.105946][ T5396]  alloc_slab_page+0x4e/0xf0
[ 1186.108076][ T5396]  new_slab+0x84/0x260
[ 1186.109926][ T5396]  ___slab_alloc+0xdac/0x1870
[ 1186.112082][ T5396]  __slab_alloc.constprop.0+0x56/0xb0
[ 1186.114421][ T5396]  __kmalloc_node_noprof+0x357/0x430
[ 1186.116795][ T5396]  __kvmalloc_node_noprof+0x6f/0x1a0
[ 1186.119239][ T5396]  wg_packet_queue_init+0x95/0x360
[ 1186.121545][ T5396]  wg_newlink+0x301/0x700
[ 1186.123514][ T5396]  __rtnl_newlink+0x1197/0x1960
[ 1186.125718][ T5396]  rtnl_newlink+0x67/0xa0
[ 1186.127654][ T5396]  rtnetlink_rcv_msg+0x3c7/0xea0
[ 1186.129934][ T5396]  netlink_rcv_skb+0x16b/0x440
[ 1186.132144][ T5396]  netlink_unicast+0x544/0x830
[ 1186.134293][ T5396] page last free pid 5047 tgid 5047 stack trace:
[ 1186.137132][ T5396]  free_unref_page+0x64a/0xe40
[ 1186.139153][ T5396]  __put_partials+0x14c/0x170
[ 1186.141294][ T5396]  qlist_free_all+0x4e/0x140
[ 1186.143400][ T5396]  kasan_quarantine_reduce+0x192/0x1e0
[ 1186.145835][ T5396]  __kasan_slab_alloc+0x69/0x90
[ 1186.148044][ T5396]  kmem_cache_alloc_lru_noprof+0x121/0x2f0
[ 1186.150717][ T5396]  __d_alloc+0x31/0xaa0
[ 1186.152601][ T5396]  d_alloc+0x4a/0x1e0
[ 1186.154369][ T5396]  d_alloc_parallel+0xe9/0x12b0
[ 1186.156552][ T5396]  __lookup_slow+0x194/0x460
[ 1186.158600][ T5396]  walk_component+0x350/0x5b0
[ 1186.160678][ T5396]  link_path_walk.part.0.constprop.0+0x669/0xd40
[ 1186.163495][ T5396]  path_openat+0x238/0x2d20
[ 1186.165476][ T5396]  do_filp_open+0x1dc/0x430
[ 1186.167509][ T5396]  do_sys_openat2+0x17a/0x1e0
[ 1186.169605][ T5396]  __x64_sys_openat+0x175/0x210
[ 1186.171767][ T5396] 
[ 1186.172827][ T5396] Memory state around the buggy address:
[ 1186.175274][ T5396]  ffff8880253eff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 1186.178839][ T5396]  ffff8880253eff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 1186.182362][ T5396] >ffff8880253f0000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1186.185880][ T5396]                    ^
[ 1186.187710][ T5396]  ffff8880253f0080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1186.191279][ T5396]  ffff8880253f0100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1186.194408][ T5396] ==================================================================
[ 1186.199269][ T5396] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 1186.202454][ T5396] CPU: 3 UID: 0 PID: 5396 Comm: kworker/u33:4 Tainted: G        W          6.11.0-rc1-syzkaller-00233-g948752d2e010 #0
[ 1186.207970][ T5396] Tainted: [W]=WARN
[ 1186.209682][ T5396] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 1186.214400][ T5396] Workqueue: hci4 hci_rx_work
[ 1186.216471][ T5396] Call Trace:
[ 1186.217970][ T5396]  <TASK>
[ 1186.219317][ T5396]  dump_stack_lvl+0x3d/0x1f0
[ 1186.221229][ T5396]  panic+0x6f5/0x7a0
[ 1186.222893][ T5396]  ? __pfx_panic+0x10/0x10
[ 1186.224814][ T5396]  ? trace_irq_enable.constprop.0+0xe4/0x130
[ 1186.227483][ T5396]  ? preempt_schedule_thunk+0x1a/0x30
[ 1186.229903][ T5396]  ? preempt_schedule_common+0x44/0xc0
[ 1186.232301][ T5396]  check_panic_on_warn+0xab/0xb0
[ 1186.234428][ T5396]  end_report+0x117/0x180
[ 1186.236319][ T5396]  kasan_report+0xe9/0x110
[ 1186.238301][ T5396]  ? hci_le_create_big_complete_evt+0xa62/0xb30
[ 1186.241005][ T5396]  ? hci_le_create_big_complete_evt+0xa62/0xb30
[ 1186.243688][ T5396]  hci_le_create_big_complete_evt+0xa62/0xb30
[ 1186.246302][ T5396]  ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[ 1186.249211][ T5396]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 1186.251869][ T5396]  ? skb_pull_data+0x166/0x210
[ 1186.253969][ T5396]  hci_le_meta_evt+0x2e2/0x5d0
[ 1186.256075][ T5396]  ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[ 1186.258964][ T5396]  hci_event_packet+0x666/0x1180
[ 1186.261119][ T5396]  ? __pfx_hci_le_meta_evt+0x10/0x10
[ 1186.263397][ T5396]  ? __pfx_hci_event_packet+0x10/0x10
[ 1186.265735][ T5396]  ? mark_held_locks+0x9f/0xe0
[ 1186.267839][ T5396]  ? kcov_remote_start+0x3d1/0x6e0
[ 1186.270079][ T5396]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1186.272464][ T5396]  hci_rx_work+0x2c6/0x1610
[ 1186.274446][ T5396]  process_one_work+0x9c5/0x1b40
[ 1186.276650][ T5396]  ? __pfx_lock_acquire+0x10/0x10
[ 1186.278832][ T5396]  ? __pfx_process_one_work+0x10/0x10
[ 1186.281211][ T5396]  ? assign_work+0x1a0/0x250
[ 1186.283247][ T5396]  worker_thread+0x6c8/0xf20
[ 1186.285286][ T5396]  ? __pfx_worker_thread+0x10/0x10
[ 1186.287463][ T5396]  kthread+0x2c1/0x3a0
[ 1186.289236][ T5396]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1186.291444][ T5396]  ? __pfx_kthread+0x10/0x10
[ 1186.293452][ T5396]  ret_from_fork+0x45/0x80
[ 1186.295398][ T5396]  ? __pfx_kthread+0x10/0x10
[ 1186.297436][ T5396]  ret_from_fork_asm+0x1a/0x30
[ 1186.299574][ T5396]  </TASK>
[ 1186.301774][ T5396] Kernel Offset: disabled
[ 1186.303627][ T5396] Rebooting in 86400 seconds..

VM DIAGNOSIS:
23:02:40  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000000000 RBX=ffffc900032cf0b0 RCX=ffffffff813ce0de RDX=ffff88801b444880
RSI=ffffffff8b013585 RDI=0000000000000006 RBP=0000000000000001 RSP=ffffc900032cf030
R8 =0000000000000006 R9 =ffffffff8b013585 R10=ffffffff81000000 R11=0000000000000000
R12=ffffffff8b013585 R13=0000000000000000 R14=ffffc900032cf170 R15=ffffc900032cf0e5
RIP=ffffffff813ce0de RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88806b000000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00007f20ee7540a0 CR3=0000000058c56000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff ffffff0000000000
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffff000000000000 ffffffffffffffff
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff ffffffffffffffff
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000000000000 RBX=ffffc90005fe7360 RCX=ffffffff813cd424 RDX=ffff88802423c880
RSI=ffffffff813ce23d RDI=0000000000000006 RBP=0000000000000001 RSP=ffffc90005fe72d8
R8 =0000000000000006 R9 =ffffffff81f6fc75 R10=ffffffff81f6fb68 R11=0000000000000000
R12=ffffffff90b1bc44 R13=ffffffff90b1bc44 R14=0000000000036b16 R15=ffffc90005fe7395
RIP=ffffffff818a7b30 RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00005555842c6500 ffffffff 00c00000
GS =0000 ffff88806b100000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00007fff6d0e9030 CR3=0000000021a1a000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000044402 Opmask01=0000000000000054 Opmask02=00000000000000ff Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fc12ced66a3 00007fc12ced66a3
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fff6d0eb170 0000003000000010
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00005555842d9490
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00005555842df1e0
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00005555842debd0
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fff6d0eb4f0
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 616e676973206e77 6f6e6b6e75000a29 7325203a6425206f 6e7272652820000a
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 444b424c56054b52 4a4b4e4b50000a0c 5600051f4100054a 4b5757400d05000a
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0130860e08000280 0303ffffffff0408 8080848610000010 000380040100000e
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0102800402100000 0800060130860e08 0002800303ffffff ff04088080848610
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000100003800401 00000e08060a012f be00100019a21000 0004010000100806
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 080130ca01dc1000 05bfbff004010000 0e0806060102fa00 080005bfbff80300
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 020005bfbff40300 040005bfbff00308 038810050803800e 0503800400080004
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 2

CPU#2
RAX=0000000000c5c367 RBX=0000000000000002 RCX=ffffffff8b11c529 RDX=0000000000000000
RSI=ffffffff8b4cc500 RDI=ffffffff8bb08400 RBP=ffffed10030d3000 RSP=ffffc90000197e08
R8 =0000000000000001 R9 =ffffed100d646fd9 R10=ffff88806b237ecb R11=0000000000000000
R12=0000000000000002 R13=ffff888018698000 R14=ffffffff9012b958 R15=0000000000000000
RIP=ffffffff8b11d91f RFL=00000242 [---Z---] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88806b200000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000008f000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00007f821dfc8fa8 CR3=000000002c4f8000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000001000000 Opmask01=0000000001000001 Opmask02=00000000ffffffef Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffca015aa50 0000003000000018
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f2977fe66e4
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f2977fe66f1
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f2977fe66eb
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f2977fe66ff
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f2977fe6785
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f2977fe6863
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000001 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000000000004c
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000001 0000000000000000 0000000000000000 000000000000004c
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 3

CPU#3
RAX=0000000000000020 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff84fe2765 RDI=ffffffff9519d720 RBP=ffffffff9519d6e0 RSP=ffffc9000334f418
R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=0000000000000000
R12=0000000000000000 R13=0000000000000020 R14=ffffffff84fe2700 R15=0000000000000000
RIP=ffffffff84fe278f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88806b300000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000d6000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000001b31d12ff8 CR3=000000002f9ea000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000040001 Opmask01=0000000000000000 Opmask02=00000000ffffffef Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f697e5e66e4
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f697e5e66f1
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f697e5e66eb
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f697e5e66ff
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f697e5e6785
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f697e5e6863
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f697e6d6488 00007f697e6d6480 00007f697e6d6478 00007f697e6d6450
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f697f23d100 00007f697e6d6440 00007f697e6d6458 00007f697e6d64a0
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f697e6d6498 00007f697e6d6490 00007f697e6d6488 00007f697e6d6480
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000