last executing test programs:

5m44.253450962s ago: executing program 32 (id=173):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0)
r3 = openat$vim2m(0xffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$vim2m_VIDIOC_TRY_FMT(r3, 0xc0cc5640, &(0x7f0000000640)={0x1, @sliced={0x0, [0x12a6, 0x400, 0xea, 0x8, 0xffff, 0x3, 0x6, 0x8, 0x83, 0x1, 0xe3c7, 0x5, 0x6, 0x8, 0x9, 0x200, 0x7, 0x9, 0x5, 0x3, 0x1ff, 0xad3f, 0x5, 0x4, 0x0, 0x7, 0x6, 0x8, 0x101, 0x515, 0x7, 0x2, 0x5, 0x9, 0x2, 0xfc01, 0x10, 0xf, 0x9, 0x23, 0x13b, 0x4, 0xfff4, 0x675, 0x3, 0x6, 0x800, 0x8], 0x3}})
r4 = syz_io_uring_setup(0x10d, &(0x7f0000000300)={0x0, 0xce5d, 0x80, 0x0, 0x89}, &(0x7f0000000240)=<r5=>0x0, &(0x7f0000000280))
mmap$IORING_OFF_SQ_RING(&(0x7f0000994000/0x2000)=nil, 0x2000, 0x0, 0x8010, r4, 0x0)
openat$iommufd(0xffffffffffffff9c, &(0x7f00000001c0), 0x200000, 0x0)
mount$9p_unix(&(0x7f0000000000)='\x00', &(0x7f0000000040)='.\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="7472616e733d756e69782c0053cae5a9010ee3f5abeebf4292811761c83c4b4f6f13c93c1629cb2a3cc3"])
r6 = userfaultfd(0x801)
ioctl$UFFDIO_API(r6, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r6, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x5})
ioctl$UFFDIO_CONTINUE(r6, 0xc020aa08, &(0x7f0000000180)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x1})
ioctl$PAGEMAP_SCAN(0xffffffffffffffff, 0xc0606610, &(0x7f0000000100)={0x60, 0x0, &(0x7f0000f1d000/0x1000)=nil, &(0x7f0000ffd000/0x2000)=nil, 0xfffffffffffffffd, 0x0, 0x0, 0x96f, 0x32, 0x20, 0x1, 0x21})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, 0x0, 0x0, 0x4)
r7 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(0xffffffffffffffff, 0xc040564a, &(0x7f0000000000)={0x8, 0x0, 0x3017, 0x1, 0x7, 0x2, 0xc, 0x1})
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r7, 0x8933, &(0x7f0000000440)={'batadv0\x00', <r8=>0x0})
sendmsg$nl_route(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB="440000001000210400"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000001c0012800b00010067726574617000000c00028008000100", @ANYRES32, @ANYBLOB='\b\x00\n\x00', @ANYRES32=r8], 0x44}}, 0x0)

5m33.604267401s ago: executing program 33 (id=195):
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000003080)=[{{0x0, 0x0, &(0x7f0000002c00)=[{&(0x7f0000006040)="258317537a451e282dbab261d133e71ce26a4f83cecc51c9", 0x18}], 0x1}}], 0x1, 0x48994)
ioprio_set$uid(0x3, 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00')
r0 = socket$nl_generic(0x11, 0x3, 0x10)
syz_emit_ethernet(0x2a, &(0x7f0000000000)=ANY=[@ANYBLOB="0180c2960a00a538ae4646ac1e0301ac1414aa177c9078ac141424"], 0x0)
sendmsg(r0, &(0x7f0000000640)={&(0x7f00000000c0)=@caif=@dgm={0x25, 0xd}, 0x80, &(0x7f00000005c0)=[{&(0x7f0000000000)="4ba72c4cfd81685544f46c3f0800", 0x36}], 0x2, 0x0, 0x0, 0x11000000}, 0x0)
syz_open_dev$vim2m(&(0x7f0000000000), 0x2, 0x2)
syz_open_procfs(0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
r3 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
connect$llc(r3, &(0x7f0000000180)={0x1a, 0x0, 0x80, 0x0, 0x0, 0x0, @multicast}, 0x10)
syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
sendmmsg(r3, &(0x7f0000001380), 0x3fffffffffffeed, 0x0)

5m29.979489645s ago: executing program 34 (id=201):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000000)={'wlan0\x00', <r4=>0x0})
r5 = syz_genetlink_get_family_id$tipc2(&(0x7f00000002c0), r1)
sendmsg$TIPC_NL_NET_SET(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000300)={&(0x7f00000004c0)={0x9c, r5, 0x200, 0x70bd27, 0x25dfdbfc, {}, [@TIPC_NLA_NET={0x50, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ID={0x8, 0x1, 0x1}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x40}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x1}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x9}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x5}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x8001}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x7}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x8}]}, @TIPC_NLA_PUBL={0x2c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x9}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x525}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x100}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0xa}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x1ff}]}, @TIPC_NLA_MON={0xc, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x2}]}]}, 0x9c}}, 0x4008000)
sendmsg$NL80211_CMD_SET_INTERFACE(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r3, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB='d\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="0503000300", @ANYRES32=r4, @ANYBLOB="050034008b0000001e001f00000417000000000000000009000d00100000000008010100000400001e001f00080009f8ffffffffffffff0a00050007000000060005000000400000"], 0x64}}, 0x0)
r6 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
r7 = fcntl$dupfd(r6, 0x0, r6)
syz_io_uring_setup(0x239, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000000)=<r8=>0x0, &(0x7f0000000480)=<r9=>0x0)
syz_io_uring_submit(r8, r9, &(0x7f0000000200)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x77359400}})
syz_io_uring_submit(r8, r9, &(0x7f0000000040)=@IORING_OP_SEND={0x1a, 0x60, 0x0, r7, 0x0, &(0x7f00000002c0)="f39b6b2d79dece95bdfd937a40870a566bdb792ec8d58f946f28bf631f2a854c269c684c99fb084ea865046b4ea997025e28b31430a28138e73ebea728ce4a2cda3bf62fa18bd558985b91c2cb6fef35c226359eb0f9300a4baf4cd48b79cce346649299c57c32f2e04766dcfbbe04bc09b88dece42597e83c9821733263d9d94240671eaf840d65d20c817ddd67982069c17fafe5a8390c74c6a63749b41477651659b2ff517f6b6ec371dacdd3aebde050a14f1fa9d99ab5", 0xb9, 0x20000000, 0x1})
write$sndseq(r7, &(0x7f0000000180)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time}], 0x38)
syz_io_uring_setup(0x7350, &(0x7f00000005c0)={0x0, 0x2833, 0x40, 0x2, 0x1ba, 0x0, r7}, &(0x7f0000000640), &(0x7f0000000680))
r10 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="4000000010003b15000000000000000000004888", @ANYRES32=0x0, @ANYBLOB="d530d995212cf95a2000128008000100687372001400028008000200", @ANYBLOB="54e43c0e8ffbcadfa48c523c93ce1ccd26a3bb787955b35e48e048db7f8395708095b0435f5ebd8a965b8641399e07cfaf366e666b9ab7a2dff76450493e6cf492c6eae98dca271867b044edf5f718d3cb2acaecfebd89d84abe00a5b5355e2cf704b9e378e078998ad270b4d9fc3b0b322c41675f5edaf1c1939b56fe807f751fe50e47355f8abbac8e9032c7622b6ef21d36ccfa4dd9063ecfe3d1493460ded4429f64293d9031efe21d665ae0d2b8669e6405478d45a4694b705d6767a8108dc07e02349abcb998a34a16f9ea130193a93f885d57908f74968bc92ecb8cb18fe33062bce1768cef758be786480cc298ab", @ANYBLOB="08000100", @ANYRESOCT=r10], 0x40}}, 0x0)

5m29.830928547s ago: executing program 4 (id=203):
r0 = openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0)
ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000000540)={0x900, 0x3, 0x5, 0x1, 0xffff0000})

5m29.688052039s ago: executing program 4 (id=205):
syz_open_dev$MSR(&(0x7f0000000200), 0x1, 0x0) (async)
socket$nl_route(0x10, 0x3, 0x0) (async)
r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GET_LEASE(r0, 0xc01064c8, &(0x7f0000000240)={0x0, 0x0, 0x0}) (async)
fsopen(&(0x7f0000000040)='devpts\x00', 0x0)
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r1, &(0x7f0000000040)={0x1f, 0x0, @any, 0xfffa}, 0xe) (async)
syz_open_dev$vbi(&(0x7f0000000000), 0x1, 0x2)
timer_create(0x4, &(0x7f0000000140)={0x0, 0x2c, 0x2}, &(0x7f0000000180)) (async)
connect$bt_l2cap(r1, 0x0, 0x0) (async)
syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) (async)
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) (async)
r2 = openat$dlm_control(0xffffffffffffff9c, 0x0, 0x2, 0x0) (async)
prlimit64(0x0, 0x6, &(0x7f0000000140)={0x8, 0x88}, 0x0) (async)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
keyctl$session_to_parent(0x12) (async)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) (async)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) (async)
bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0)
bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000340)=ANY=[@ANYBLOB="1700000002000000000000000900000000000000", @ANYRESHEX=r5, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32=r2, @ANYBLOB="03130000000000000000000000568a25d50237e7cc331ef856b2f11b5cdd738d1648df08a08c35725d8f763fbcd57706b13012f79ff92cd8992e3a1d397e53edcea05ea1d91a1754c97798791b575b960cd19fc474ee4b714bd46fe5e873611056678ac27f7f1755a769e929d2e7fae7b83dd852ee143799719700000000f853cd567635dfa964755daeb556"], 0x50)
r6 = socket$nl_rdma(0x10, 0x3, 0x14)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000001740)={@ifindex, 0xffffffffffffffff, 0x6, 0x2c, 0x0, @void, @void, @void, @value}, 0x20) (async)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x38, 0x1403, 0x1, 0x70ad30, 0x25dfdbfb, "", [{{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'veth0_virt_wifi\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x4048086}, 0x4040000) (async)
r7 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r7, 0x4018620d, &(0x7f0000000100))

5m29.052760463s ago: executing program 4 (id=206):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
syz_open_dev$dri(&(0x7f0000000040), 0x3, 0x20000)
syz_emit_ethernet(0x3a, &(0x7f0000000600)={@multicast, @dev, @val, {@ipv4={0x800, @dccp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x21, 0x0, @broadcast, @dev={0xac, 0x14, 0x14, 0x20}}, {{0x0, 0x0, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, '=.R', 0x0, "b09809"}}}}}}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000002000000000000a20000000000a03000000000000000000010000000900010073797a300000000044000000090a010400320000000000000100000008000a40000000000900020073797a32000000000900010073797a3000000000080005400000001f08000340000000074c0000000c0a01020000000000000000010000000900020073797a3200000000200003801c0000800800034000000001040001800c00044000000000000000000900010073797a30"], 0xd8}}, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x12, 0x3, &(0x7f0000000000)=@framed, &(0x7f0000000480)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x33, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r2 = openat$kvm(0x0, &(0x7f0000000080), 0x2382, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CAP_SPLIT_IRQCHIP(r3, 0x4068aea3, &(0x7f00000000c0)={0x79, 0x0, 0x1})
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f00000005c0)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@redirect_dir_follow}, {@userxattr}, {@nfs_export_on}]})
ioctl$KVM_SET_GSI_ROUTING(r3, 0x4008ae6a, &(0x7f0000000000)=ANY=[@ANYBLOB="01000000000000000400000004"])
mknod(&(0x7f0000000040)='./file0\x00', 0x0, 0x3)
mount$nfs4(&(0x7f0000001440)='/proc/sys/net/ipv4/tcp_congestion_control\x00', &(0x7f0000001480)='./file0\x00', 0x0, 0x101400, 0x0)
statx(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0xf0cb2f4a0c2cfc5d, &(0x7f0000000080))
ioctl$KVM_IRQ_LINE_STATUS(r3, 0xc008ae67, &(0x7f0000000180)={0x4, 0x2007})
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000004c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000000900010073797a300000000048000000090a01ffffffff00000000000700000708000a40000000000900020000000000000000000900010073797a3000000000080005400000000d"], 0x90}}, 0x20050800)

5m28.79759534s ago: executing program 4 (id=207):
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
mkdir(&(0x7f00000001c0)='./file0\x00', 0x232)
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$AUTOFS_IOC_FAIL(r0, 0x9361, 0x6)
pipe2(&(0x7f0000000040), 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000740)='cgroup2\x00', 0x0, 0x0)
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
chdir(&(0x7f00000003c0)='./bus\x00')
r4 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
getdents(r4, &(0x7f0000001fc0)=""/184, 0x20002078)

5m27.867677097s ago: executing program 4 (id=208):
unshare(0x20000400)
r0 = socket(0x8, 0xdf52104091a614fa, 0xfffffff3)
bind$inet6(r0, 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0xb19, 0x40000)
ioctl$SG_EMULATED_HOST(r1, 0x2203, &(0x7f0000000040))

5m27.372386982s ago: executing program 4 (id=210):
r0 = socket(0xa, 0x3, 0x3a)
socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, 0x0, 0xc000845)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_IRQCHIP(r2, 0x4048aec9, &(0x7f0000000140)={0x6, 0x0, @ioapic={0x1, 0x40, 0x0, 0x0, 0x0, [{}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, '\x00', 0x2}, {0x0, 0x0, 0x0, '\x00', 0x84}, {0x0, 0x0, 0x0, '\x00', 0x6}, {}, {}, {}, {0x0, 0x0, 0x4}, {}, {0x0, 0x9}, {}, {}, {}, {}, {}, {}, {}, {0xfc}]}})
shutdown(0xffffffffffffffff, 0x2)
r3 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488)
bpf$MAP_CREATE(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="050000000100000040"], 0x48)
syz_emit_ethernet(0x128, &(0x7f00000003c0)=ANY=[@ANYBLOB="e33110495bfdaaaaaaaaaa0086dd60cb653e00f23afffe800000000000000000000000000000fe800000000000000700000000000000890090780000000020010000000000000000000000000000fc01000000000000000000000000000004199595f429ae08a565c9a41d41ac70a44d2e6f790a38612f0bb14d25344dc5b3a281f175f5ee04aab21301b94d966c72c15a143c69205625466855101cf44d89d9f6ee47d77c0d4e53e34b67c542fc6f6f6c60139c43b78286f5bb8f4f11d164af24e2633a45bf4ed944b0ef6a7b7167f73cf54e78686ac09402659c29eb0ce380654c1bb0f61d255b1556b7a311096b7aab867396997ffab76abca01185b08d1e29ee14d8fe61245487104b1c5205c6adc794ba413b92d2d208b86f4018964819c33b59c1abe2a4b0fcf3d51b17e29fbd6a4b9e281a15a89f967a1f16ea2c84cb972e44eba34c935f7da6f8a4082104666d04a1218c0702e34a23ef36e3c4f3aa1b314270641e1c5c6f695ad53b6adce3339c0371a9168903", @ANYBLOB="6c77a982b5e4cde60698b20d15b15b14178121c6109cbb0f7fce3420f383f54b43feb5e6ae8d7af8136a52418a24a6a1242bdad895", @ANYRES32=r3], 0x0)
r4 = socket(0x2b, 0x80801, 0x1)
connect$inet6(r4, &(0x7f0000000380)={0xa, 0x4e21, 0x0, @private2}, 0x1c)
setsockopt$IP6T_SO_SET_REPLACE(r4, 0x29, 0x40, &(0x7f0000000fc0)=@raw={'raw\x00', 0x3c1, 0x3, 0x320, 0x0, 0x5c, 0x160, 0x0, 0x3e0, 0x250, 0x228, 0x25a, 0x250, 0x228, 0x4, 0x0, {[{{@ipv6={@remote, @dev, [], [], 'veth0_to_batadv\x00', 'pim6reg\x00', {}, {}, 0x3a}, 0x5002, 0xf8, 0x140, 0x52020000, {0x0, 0x6802000000000000}, [@common=@icmp6={{0x28}, {0x0, "d176"}}, @common=@unspec=@state={{0x28}}]}, @unspec=@CT0={0x48}}, {{@ipv6={@local, @empty, [], [], 'veth1_to_hsr\x00', 'dummy0\x00'}, 0x0, 0xa8, 0x110}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'snmp\x00', 'syz0\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x380)
setsockopt$MRT6_FLUSH(r0, 0x29, 0xd1, 0x0, 0x0)
r5 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
ioctl$sock_SIOCGPGRP(r5, 0x8904, &(0x7f0000000080))
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x420000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r6 = getpid()
sched_setscheduler(r6, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
sendmmsg$unix(r8, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r7, &(0x7f0000000100), 0x0, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYRES32=r7], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffd, @void, @value}, 0x94)
mknodat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
mkdir(&(0x7f00000000c0)='./file0\x00', 0xb8)
r9 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
r10 = fcntl$dupfd(r9, 0x0, r9)
write$sndseq(r10, &(0x7f0000000200)=[{0x0, 0x0, 0x0, 0x0, @tick=0x402f, {}, {0x0, 0xef}, @raw32={[0x0, 0x0, 0x7fffffff]}}, {0x0, 0x2, 0x0, 0x5a, @tick=0x7, {}, {}, @time}], 0x38)

5m27.042513614s ago: executing program 35 (id=210):
r0 = socket(0xa, 0x3, 0x3a)
socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, 0x0, 0xc000845)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_IRQCHIP(r2, 0x4048aec9, &(0x7f0000000140)={0x6, 0x0, @ioapic={0x1, 0x40, 0x0, 0x0, 0x0, [{}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, '\x00', 0x2}, {0x0, 0x0, 0x0, '\x00', 0x84}, {0x0, 0x0, 0x0, '\x00', 0x6}, {}, {}, {}, {0x0, 0x0, 0x4}, {}, {0x0, 0x9}, {}, {}, {}, {}, {}, {}, {}, {0xfc}]}})
shutdown(0xffffffffffffffff, 0x2)
r3 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488)
bpf$MAP_CREATE(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="050000000100000040"], 0x48)
syz_emit_ethernet(0x128, &(0x7f00000003c0)=ANY=[@ANYBLOB="e33110495bfdaaaaaaaaaa0086dd60cb653e00f23afffe800000000000000000000000000000fe800000000000000700000000000000890090780000000020010000000000000000000000000000fc01000000000000000000000000000004199595f429ae08a565c9a41d41ac70a44d2e6f790a38612f0bb14d25344dc5b3a281f175f5ee04aab21301b94d966c72c15a143c69205625466855101cf44d89d9f6ee47d77c0d4e53e34b67c542fc6f6f6c60139c43b78286f5bb8f4f11d164af24e2633a45bf4ed944b0ef6a7b7167f73cf54e78686ac09402659c29eb0ce380654c1bb0f61d255b1556b7a311096b7aab867396997ffab76abca01185b08d1e29ee14d8fe61245487104b1c5205c6adc794ba413b92d2d208b86f4018964819c33b59c1abe2a4b0fcf3d51b17e29fbd6a4b9e281a15a89f967a1f16ea2c84cb972e44eba34c935f7da6f8a4082104666d04a1218c0702e34a23ef36e3c4f3aa1b314270641e1c5c6f695ad53b6adce3339c0371a9168903", @ANYBLOB="6c77a982b5e4cde60698b20d15b15b14178121c6109cbb0f7fce3420f383f54b43feb5e6ae8d7af8136a52418a24a6a1242bdad895", @ANYRES32=r3], 0x0)
r4 = socket(0x2b, 0x80801, 0x1)
connect$inet6(r4, &(0x7f0000000380)={0xa, 0x4e21, 0x0, @private2}, 0x1c)
setsockopt$IP6T_SO_SET_REPLACE(r4, 0x29, 0x40, &(0x7f0000000fc0)=@raw={'raw\x00', 0x3c1, 0x3, 0x320, 0x0, 0x5c, 0x160, 0x0, 0x3e0, 0x250, 0x228, 0x25a, 0x250, 0x228, 0x4, 0x0, {[{{@ipv6={@remote, @dev, [], [], 'veth0_to_batadv\x00', 'pim6reg\x00', {}, {}, 0x3a}, 0x5002, 0xf8, 0x140, 0x52020000, {0x0, 0x6802000000000000}, [@common=@icmp6={{0x28}, {0x0, "d176"}}, @common=@unspec=@state={{0x28}}]}, @unspec=@CT0={0x48}}, {{@ipv6={@local, @empty, [], [], 'veth1_to_hsr\x00', 'dummy0\x00'}, 0x0, 0xa8, 0x110}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'snmp\x00', 'syz0\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x380)
setsockopt$MRT6_FLUSH(r0, 0x29, 0xd1, 0x0, 0x0)
r5 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
ioctl$sock_SIOCGPGRP(r5, 0x8904, &(0x7f0000000080))
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x420000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r6 = getpid()
sched_setscheduler(r6, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
sendmmsg$unix(r8, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r7, &(0x7f0000000100), 0x0, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYRES32=r7], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffd, @void, @value}, 0x94)
mknodat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
mkdir(&(0x7f00000000c0)='./file0\x00', 0xb8)
r9 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
r10 = fcntl$dupfd(r9, 0x0, r9)
write$sndseq(r10, &(0x7f0000000200)=[{0x0, 0x0, 0x0, 0x0, @tick=0x402f, {}, {0x0, 0xef}, @raw32={[0x0, 0x0, 0x7fffffff]}}, {0x0, 0x2, 0x0, 0x5a, @tick=0x7, {}, {}, @time}], 0x38)

5m27.037959456s ago: executing program 0 (id=212):
r0 = openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0)
ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000000540)={0x900, 0x3, 0x5, 0x1, 0xffff0000})

5m26.793290074s ago: executing program 0 (id=213):
ioperm(0x0, 0x2, 0x2)
timerfd_create(0x2, 0x0)
r0 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f000200000009050502000000001009058b1e20"], 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000300)={0x84, &(0x7f0000001a80)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
ioctl$FS_IOC_GETVERSION(r1, 0x40045b0a, &(0x7f0000000040))

5m25.104872452s ago: executing program 0 (id=214):
add_key$fscrypt_provisioning(&(0x7f0000000000), 0x0, 0x0, 0x0, 0xfffffffffffffffd)
r0 = add_key$keyring(&(0x7f0000000100), &(0x7f0000000140)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffc)
keyctl$clear(0x7, r0)
getpid()
pipe(&(0x7f0000000100)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
tee(r1, 0xffffffffffffffff, 0x3, 0x0)
read$FUSE(r2, &(0x7f0000000180)={0x2020}, 0x2020)

5m25.019598431s ago: executing program 0 (id=215):
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
mkdir(&(0x7f00000001c0)='./file0\x00', 0x232)
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$AUTOFS_IOC_FAIL(r0, 0x9361, 0x6)
pipe2(&(0x7f0000000040), 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000740)='cgroup2\x00', 0x0, 0x0)
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
chdir(&(0x7f00000003c0)='./bus\x00')
r4 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
getdents(r4, &(0x7f0000001fc0)=""/184, 0x20002078)

5m24.064504951s ago: executing program 0 (id=216):
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3000012, 0x5d031, 0xffffffffffffffff, 0x0)
rt_sigprocmask(0x0, &(0x7f000078b000), 0x0, 0x8)
remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0)

5m23.612681717s ago: executing program 0 (id=217):
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000200)='fd\x00')
fanotify_mark(0xffffffffffffffff, 0x1, 0x40000011, r0, 0x0)
getdents(r0, 0x0, 0x0)
syz_usb_connect(0x3, 0xd, 0x0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0})
openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(0xffffffffffffffff, 0x84, 0x12, 0x0, 0x0)
r2 = openat$binfmt_format(0xffffff9c, &(0x7f0000000080)='/proc/sys/fs/binfmt_misc/syz1\x00', 0x2, 0x0)
preadv(r2, &(0x7f0000001440)=[{0x0}, {&(0x7f0000000040)=""/4, 0x4}], 0x2, 0x83, 0x4)
r3 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x481, 0x0)
syz_usb_connect$hid(0xf63067478e218e8, 0x36, &(0x7f0000000040)=ANY=[], 0x0)
ioctl$SNAPSHOT_UNFREEZE(r3, 0x3314)
pipe(&(0x7f00000000c0)={<r4=>0xffffffffffffffff})
r5 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={r1, 0x0, 0x75, 0xa, &(0x7f0000000180)="5de4e8c5a08aac3a102ac6258659038d439269f269c675b5761274308e0ef71b9d5423e0c011deb9bbccc0745a1cabd649f724d4c4fb40e903860beb1cec6ff4364774e20df1bf8e8afeba2c4d6d829a6c82105ce0bc5a6fc9898af48dedbd06d96a3f9c0c7111ea306d386f849715d7fb88df5231", &(0x7f0000000300)=""/10, 0xdbb, 0x0, 0x1, 0xa5, &(0x7f0000000340)='o', &(0x7f0000000380)="8d9d8215709eda1a385ce3de1c33228fbe7d4682ef624d3afd421ee30a77e6622ea52ffff384d955972bec50664cdc43050e7b335058e3c8ef70575aa3a645b3585bc7212d09cd6a604d8b7ff9f7c4a0a39e01b5f6929621b0a0cd6c8ac95c289bdda49b77070415860db5c449bfb8a01c4d7d2a4be6b50a063b3f8f6a01767d5be346f11425bb9f473570977943012e152d3b01154af72bc1cfcb84be6aa4bbf87b445149", 0x1, 0x0, 0x800}, 0x50)
r6 = syz_genetlink_get_family_id$smc(&(0x7f0000000dc0), 0xffffffffffffffff)
sendmsg$SMC_PNETID_GET(r5, &(0x7f0000000ec0)={0x0, 0x0, &(0x7f0000000e80)={&(0x7f0000000080)=ANY=[@ANYBLOB="14000000", @ANYRES16=r6], 0x14}, 0x1, 0x0, 0x0, 0x40004}, 0x8010)
socket(0x2000000015, 0x80005, 0x0)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
r8 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
sendto$inet6(r8, &(0x7f0000000240)="9fbadd81910168dc4de659e3db92238800da2b1788925ed2ee615802995af3068fe3b871984c76a3405603eed15f87390694f65520f67efd7a5fc0360571e9587816dfc614f43ab912861e2188816c272ea05a89669b44a917f79130774775e4fbb44a44a084ccf04ff6bace912a44e64989215642915e2370769a", 0x7b, 0x4, &(0x7f00000002c0)={0xa, 0x4e20, 0x300000, @empty, 0x7fffffff}, 0x1c)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000011540)=ANY=[@ANYBLOB], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a2800"], 0x1e4}}, 0x0)
splice(r4, 0x0, r7, 0x0, 0x7fff, 0x0)

5m23.321339967s ago: executing program 36 (id=217):
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000200)='fd\x00')
fanotify_mark(0xffffffffffffffff, 0x1, 0x40000011, r0, 0x0)
getdents(r0, 0x0, 0x0)
syz_usb_connect(0x3, 0xd, 0x0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0})
openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(0xffffffffffffffff, 0x84, 0x12, 0x0, 0x0)
r2 = openat$binfmt_format(0xffffff9c, &(0x7f0000000080)='/proc/sys/fs/binfmt_misc/syz1\x00', 0x2, 0x0)
preadv(r2, &(0x7f0000001440)=[{0x0}, {&(0x7f0000000040)=""/4, 0x4}], 0x2, 0x83, 0x4)
r3 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x481, 0x0)
syz_usb_connect$hid(0xf63067478e218e8, 0x36, &(0x7f0000000040)=ANY=[], 0x0)
ioctl$SNAPSHOT_UNFREEZE(r3, 0x3314)
pipe(&(0x7f00000000c0)={<r4=>0xffffffffffffffff})
r5 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={r1, 0x0, 0x75, 0xa, &(0x7f0000000180)="5de4e8c5a08aac3a102ac6258659038d439269f269c675b5761274308e0ef71b9d5423e0c011deb9bbccc0745a1cabd649f724d4c4fb40e903860beb1cec6ff4364774e20df1bf8e8afeba2c4d6d829a6c82105ce0bc5a6fc9898af48dedbd06d96a3f9c0c7111ea306d386f849715d7fb88df5231", &(0x7f0000000300)=""/10, 0xdbb, 0x0, 0x1, 0xa5, &(0x7f0000000340)='o', &(0x7f0000000380)="8d9d8215709eda1a385ce3de1c33228fbe7d4682ef624d3afd421ee30a77e6622ea52ffff384d955972bec50664cdc43050e7b335058e3c8ef70575aa3a645b3585bc7212d09cd6a604d8b7ff9f7c4a0a39e01b5f6929621b0a0cd6c8ac95c289bdda49b77070415860db5c449bfb8a01c4d7d2a4be6b50a063b3f8f6a01767d5be346f11425bb9f473570977943012e152d3b01154af72bc1cfcb84be6aa4bbf87b445149", 0x1, 0x0, 0x800}, 0x50)
r6 = syz_genetlink_get_family_id$smc(&(0x7f0000000dc0), 0xffffffffffffffff)
sendmsg$SMC_PNETID_GET(r5, &(0x7f0000000ec0)={0x0, 0x0, &(0x7f0000000e80)={&(0x7f0000000080)=ANY=[@ANYBLOB="14000000", @ANYRES16=r6], 0x14}, 0x1, 0x0, 0x0, 0x40004}, 0x8010)
socket(0x2000000015, 0x80005, 0x0)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
r8 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
sendto$inet6(r8, &(0x7f0000000240)="9fbadd81910168dc4de659e3db92238800da2b1788925ed2ee615802995af3068fe3b871984c76a3405603eed15f87390694f65520f67efd7a5fc0360571e9587816dfc614f43ab912861e2188816c272ea05a89669b44a917f79130774775e4fbb44a44a084ccf04ff6bace912a44e64989215642915e2370769a", 0x7b, 0x4, &(0x7f00000002c0)={0xa, 0x4e20, 0x300000, @empty, 0x7fffffff}, 0x1c)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000011540)=ANY=[@ANYBLOB], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a2800"], 0x1e4}}, 0x0)
splice(r4, 0x0, r7, 0x0, 0x7fff, 0x0)

5m13.117132375s ago: executing program 5 (id=219):
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8a}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00'}, 0x10)
unshare(0x0)
kexec_load(0x0, 0x2, &(0x7f00000002c0)=[{0x0, 0x0, 0x0, 0x10000}, {0x0, 0x0, 0x3e0000}], 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, 0x0)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x18, &(0x7f0000000040)=0x2800, 0x4)

5m11.803091021s ago: executing program 5 (id=220):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000100900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000010000000000000000000a28000000000a0101804bc9555e1affd5020000000900010001797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a300000000009000300737975320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a2c000000030a03000000000000000000020000000c00024000000000020000020900010073797a30"], 0x54}}, 0x0) (fail_nth: 3)

5m11.612896348s ago: executing program 5 (id=221):
creat(&(0x7f0000000000)='./file0\x00', 0xc2) (async)
r0 = socket$inet6(0xa, 0x80002, 0x0)
ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f0000000380)={@mcast2, @private1, @ipv4={'\x00', '\xff\xff', @remote}, 0x4, 0x7f, 0x7, 0x100, 0x6}) (async, rerun: 64)
mount(&(0x7f00000000c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000140)='./file0\x00', &(0x7f0000000080)='udf\x00', 0x1000000, 0x0) (rerun: 64)
r1 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
ioctl$NBD_CLEAR_SOCK(r1, 0xab04)

5m10.565649864s ago: executing program 5 (id=222):
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
mkdir(&(0x7f00000001c0)='./file0\x00', 0x232)
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$AUTOFS_IOC_FAIL(r0, 0x9361, 0x6)
pipe2(&(0x7f0000000040), 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000740)='cgroup2\x00', 0x0, 0x0)
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
chdir(&(0x7f00000003c0)='./bus\x00')
r4 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
getdents(r4, &(0x7f0000001fc0)=""/184, 0x20002078)

5m9.608097266s ago: executing program 5 (id=223):
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3000012, 0x5d031, 0xffffffffffffffff, 0x0)
rt_sigprocmask(0x0, &(0x7f000078b000), 0x0, 0x8)
remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0)

5m9.349862706s ago: executing program 5 (id=224):
socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x5)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r1 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
setreuid(0xee01, 0xee01)
r2 = getpid()
sched_setaffinity(r2, 0xffffffffffffff87, &(0x7f0000000380))

5m9.100864737s ago: executing program 37 (id=224):
socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x5)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r1 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
setreuid(0xee01, 0xee01)
r2 = getpid()
sched_setaffinity(r2, 0xffffffffffffff87, &(0x7f0000000380))

4m48.772384173s ago: executing program 8 (id=271):
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='fd\x00')
prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0)
read$FUSE(r0, 0x0, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000d00), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_FEATURES_SET(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000580)=ANY=[@ANYBLOB='H\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000000c000000200001801400020073797a5f74756e00000000000000000008000300030000001400038010000380"], 0x48}}, 0x0)
syz_usb_connect(0x0, 0x1f8, &(0x7f00000005c0)={{0x12, 0x1, 0x110, 0x9c, 0x69, 0xf, 0x20, 0xe66, 0x20, 0xbac5, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1e6, 0x2, 0x40, 0x3, 0x0, 0x9, [{{0x9, 0x4, 0xd, 0x2, 0x5, 0xff, 0xff, 0xff, 0x9, [@cdc_ecm={{0x6, 0x24, 0x6, 0x0, 0x0, 'D'}, {0x5, 0x24, 0x0, 0x2000}, {0xd, 0x24, 0xf, 0x1, 0x3ff, 0x8d6f, 0x7, 0x9}, [@obex={0x5, 0x24, 0x15, 0x1}, @mdlm={0x15, 0x24, 0x12, 0x2}]}], [{{0x9, 0x5, 0x2, 0x2, 0x10, 0xd, 0xf, 0x20}}, {{0x9, 0x5, 0x4, 0x10, 0x200, 0x80, 0x4, 0x1}}, {{0x9, 0x5, 0x7, 0x0, 0x20, 0x31, 0x7, 0x0, [@uac_iso={0x7, 0x25, 0x1, 0x81, 0x4, 0x6}]}}, {{0x9, 0x5, 0x8, 0x4, 0x10, 0x0, 0x4, 0x7}}, {{0x9, 0x5, 0x7, 0x1, 0x20, 0x0, 0x6, 0x1, [@generic={0x2d, 0x23, "eb3b823e853190d61f2fe3d2f749ce29bcfaa667281d278fae75e5b5ede7bd5058e70dbf7b85f2507e4b7f"}]}}]}}, {{0x9, 0x4, 0xd6, 0xa, 0x6, 0xaf, 0x4b, 0x6d, 0xf7, [], [{{0x9, 0x5, 0x4, 0x0, 0x10, 0x38, 0x3, 0x91, [@generic={0xa9, 0x23, "e5534cdb4987ab87c132ab060afc3d6786f3d7a399b987b776f0ad23f089ec84090e5735e301e0e865e78bebd7f979c38f6da8995721f2d36f05a8576eaec551fdde6fdc9170e950d75932b47eeb803a68390ebe62a040675ddd2db663774339e766eb701dc992189fe6de241e3dc34552593cc63f9e74f38bf77afb46b68e94378e6a89e2344cdeffaf3bdfadcf7f30aa5358a0d84045fbfc7f882ba692d21545c75728c1c09d"}]}}, {{0x9, 0x5, 0xe, 0x4, 0x3ff, 0x9, 0x33, 0xcd}}, {{0x9, 0x5, 0x6, 0x0, 0x139159b4c5f148f6, 0x1, 0x5, 0x8, [@generic={0x44, 0x10, "fe7adb299e12cb81750381d86f363540f1e6358bb77deac263af859221029e66890e584feff39e4ba608f462dd9a41a713175a5f408746aa3721d365a395f371d91e"}]}}, {{0x9, 0x5, 0x0, 0xc, 0x20, 0x9, 0x9, 0xe4}}, {{0x9, 0x5, 0x4, 0x1, 0x3ff, 0x10, 0x7e, 0xf, [@uac_iso={0x7, 0x25, 0x1, 0x80, 0x3, 0x8}, @uac_iso={0x7, 0x25, 0x1, 0x2, 0x1, 0xad}]}}, {{0x9, 0x5, 0x9, 0x2, 0x20, 0x8, 0xff, 0x80, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0x7f, 0x2}]}}]}}]}}]}}, 0x0)
r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000440)='loginuid\x00')
pwritev(r3, &(0x7f0000000240)=[{0x0}], 0x1, 0x0, 0x0)
ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000000)=0x3)

4m45.232798732s ago: executing program 8 (id=282):
socket$nl_route(0x10, 0x3, 0x0) (async)
socket(0x10, 0x3, 0x0) (async)
socket$packet(0x11, 0x3, 0x300) (async)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
socket$inet_tcp(0x2, 0x1, 0x0) (async)
socket$igmp(0x2, 0x3, 0x2) (async)
socket$nl_generic(0x10, 0x3, 0x10) (async)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000380)={0x6, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000fff8000000c732637763769f244590c07de67be79500000000000008"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) (async)
socket$nl_route(0x10, 0x3, 0x0) (async)
socket$inet_tcp(0x2, 0x1, 0x0) (async)
r1 = socket$netlink(0x10, 0x3, 0x0) (async)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'bridge0\x00', <r2=>0x0})
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="2c0000001d00070f000000000000000007000000", @ANYRES32=r2, @ANYBLOB="00005200060005000100000008000800", @ANYRES32=r1], 0x2c}}, 0x0)

4m44.856710437s ago: executing program 8 (id=285):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a032c6f418eff2fefbae647338c000000000000000000030000000900010073797a30000000005c000000030a0300000000000000000003000000e7000000000000005c0000000900010073797a300000000014000480080002400000000008000140000000001c0008090000004000000000000000000c000140000000000000000014000000000a01040000000000000000030000001400000011000100e4ed8470984a7f723d37de60af1613f3e05973d06575806dad8963c48576a27612153c585538c1184e791d7cf79a66ba0a31b97f1f1affd6ca0b34a13a378bda6376c94462c002577a67ad04d088be554454c73442e6fb08d58dc6b571602db5085ae72ffc1806c513"], 0xb8}}, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000080)={0x19})
socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000a80)='kfree\x00', r2}, 0x10)
pipe2$9p(&(0x7f0000000240)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0x0)
r5 = dup(r4)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB=',wfdno=', @ANYRESHEX=r5])

4m44.60293798s ago: executing program 8 (id=289):
socket$inet_udp(0x2, 0x2, 0x0)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0x1100, 0x1})
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000005c0)={0x0, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x4, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4, @void, @value}, 0x94)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000240)={0x4})
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x8000000000000000)
syz_genetlink_get_family_id$gtp(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$KVM_SET_PIT(r3, 0x8048ae66, &(0x7f00000000c0)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xab, 0x4, 0x0, 0x0, 0x40000000}, {0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0xff, 0x0, 0x0, 0x8}, {0x3fe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x2}]})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4040084}, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text32={0x20, &(0x7f0000000180)="66ba4300b006ee0f01c40f009b27000000b9800000c00f3235008000000f30b80e0000000f23d80f21f835800000a00f23f8c9b9490300000f60b932c00a000000328fe858b660002fb90d090000b800680000ba000000000f30", 0x5a}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
socketpair(0xa, 0x2, 0x40, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
dup3(r1, r0, 0x0)
r5 = syz_open_procfs(0x0, 0x0)
r6 = fanotify_init(0x8, 0x80000)
fanotify_mark(r6, 0x1, 0x40000011, r5, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x10, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="18020000004000000000000000000000850000007a00000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
openat$dsp(0xffffffffffffff9c, &(0x7f00000002c0), 0x109000, 0x0)
r7 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x1, 0x11, r7, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r7, 0x4018620d, &(0x7f00000001c0))
ioctl$BINDER_WRITE_READ(r7, 0xc0306201, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f00000004c0)="e0"})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000480)={0x60, 0x0, &(0x7f0000001540)=[@decrefs, @dead_binder_done, @transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0})

4m42.752899045s ago: executing program 8 (id=294):
mkdir(&(0x7f00000003c0)='./file1\x00', 0x16)
mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
mkdir(&(0x7f0000000440)='./file0\x00', 0x0)
openat$autofs(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x1607010, 0x0)
r0 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
r1 = syz_open_dev$vim2m(0x0, 0x7, 0x2)
ioctl$vim2m_VIDIOC_G_FMT(r1, 0xc0285629, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r3, 0x0, 0x0, 0x0)
recvmmsg(r0, 0x0, 0x0, 0x40002162, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000040)={0x2, &(0x7f0000000140)=[{0x20, 0x0, 0x0, 0xfffff024}, {0x6}]}, 0x10)
chmod(&(0x7f0000004480)='./file0\x00', 0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000004c0)={0x1ff, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r5 = socket$igmp6(0xa, 0x3, 0x2)
bind(r5, &(0x7f00000000c0)=@sco, 0x80)
r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
read$msr(r6, &(0x7f0000019680)=""/102392, 0x18ff8)

4m41.713023577s ago: executing program 8 (id=297):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='net/fib_trie\x00')
preadv(r1, &(0x7f0000000040), 0x0, 0x1fffffc, 0x100)
ioctl$sock_inet6_SIOCADDRT(r1, 0x890b, 0x0)
socket$inet6_mptcp(0xa, 0x1, 0x106)
socket$inet6_mptcp(0xa, 0x1, 0x106)
ioctl$sock_inet_SIOCSIFADDR(r0, 0x891c, &(0x7f0000000540)={'batadv_slave_1\x00', {0x2, 0x0, @private=0xfffffffe}})

4m39.122921901s ago: executing program 7 (id=308):
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000100)=0xc)
sendmsg$TIPC_NL_BEARER_ENABLE(0xffffffffffffffff, 0x0, 0x0)
pipe2$watch_queue(0x0, 0x80)
r0 = add_key(&(0x7f0000000000)='id_resolver\x00', &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$KEYCTL_WATCH_KEY(0x20, r0, 0xffffffffffffffff, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000740)={'wlan1\x00', <r3=>0x0})
sendmsg$NL80211_CMD_REGISTER_FRAME(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000200)={0x28, 0x0, 0x1, 0x70bd25, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_FRAME_MATCH={0x4}, @NL80211_ATTR_FRAME_TYPE={0x6, 0x65, 0x9}]}, 0x28}}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r7 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000040)={'sit0\x00', <r8=>0x0})
sendmsg$nl_route(r7, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=@ipv6_newnexthop={0x3c, 0x68, 0x1, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x4}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x4}, @NHA_ENCAP={0xc, 0x8, 0x0, 0x1, @LWTUNNEL_IP6_TC={0x5}}, @NHA_ID={0x8, 0x6}, @NHA_OIF={0x8, 0x5, r8}]}, 0x3c}}, 0x0)

4m36.069386885s ago: executing program 7 (id=312):
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, &(0x7f0000000140)={[{@xino_off}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@index_on}]})

4m35.902139409s ago: executing program 7 (id=315):
r0 = socket$unix(0x1, 0x2, 0x0)
bind$unix(r0, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
r1 = socket$unix(0x1, 0x2, 0x0)
connect$unix(r1, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
sendmmsg(r1, &(0x7f0000002dc0), 0x307017fdb7a66cb, 0x3ec0)
r2 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
sendmsg$802154_raw(r2, &(0x7f0000000140)={&(0x7f0000000040)={0x24, @long={0x3, 0x2, {0xaaaaaaaaaaaa0102}}}, 0x14, &(0x7f0000000100)={&(0x7f00000003c0)="2cc8b822d34f1b0d0e1f2a492552508fe4a781e6e52346303f8c69eff5e12ae8be4dd106d4a208ff5962a02c14a1ffb78ce2e55fad15e7f7010f6c98b6976451ac3a86ccad5b0fada7e8e8b47611a44511fc69e1340157c3cc8e10a4f220c5a806df6d7fe65bc69350b259be62906f6151e14be37787aac1d2b15896b691cc8ad14b29130c70c63e3463f023727910a0639d4adb3821101c8fc302d04a7085d04b8567090c46593c12626b245bf2a5514daeea0ebc25a08da9cbc670", 0xbc}}, 0x20040040)
readv(r1, &(0x7f00000005c0)=[{&(0x7f00000002c0)=""/252, 0xfc}], 0x1)
readv(r0, &(0x7f0000000000)=[{&(0x7f0000000200)=""/150, 0x96}], 0x1)

4m34.736665585s ago: executing program 7 (id=317):
socket$netlink(0x10, 0x3, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="180000000000000000000000000008009500000000000000"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r1 = syz_open_dev$cec(&(0x7f0000000040), 0x0, 0x2)
ioctl$CEC_S_MODE(r1, 0x40046109, &(0x7f0000000000)=0x6)
ioctl$CEC_S_MODE(r1, 0x40046109, &(0x7f0000000100)=0x21)
socket$inet6_udp(0xa, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$netlink(0x10, 0x3, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000440)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0)
mount$bind(0x0, &(0x7f0000000240)='./file0/file0\x00', 0x0, 0x80000, 0x0)
mount$bind(&(0x7f0000000100)='./file0\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x1adc51, 0x0)
r5 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r5, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
r6 = syz_open_procfs(0x0, &(0x7f0000000100)='mountinfo\x00')
r7 = open(&(0x7f0000000080)='./file1\x00', 0x10b942, 0x0)
sendfile(r7, r6, 0x0, 0x80000000)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10)
socket$nl_netfilter(0x10, 0x3, 0xc)

4m33.59094056s ago: executing program 7 (id=321):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e21, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4)
r1 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f00000003c0)="89000000120081ae08060cdc030ec0007f03e3f70000000000e2ffca1b1f0000000004c00e72f750375ed08a56331dbf9ed7815e381ad6e747033a0093b837dc6cc01e32efaec8c7a6ec08120c000200040000000400446b9bbc7a46e3988285dcdf12f21308f868fece01955fed0009d78f0a947ee2b49e33538afa8af92347514f0b56a20ff27fff", 0x89}], 0x1}, 0x0) (fail_nth: 6)

4m33.199751343s ago: executing program 7 (id=323):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x7, 0x0, 0xffffffffffffffff, 0x4, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0xc, 0xc, &(0x7f0000000880)=@framed={{0x18, 0x0, 0x0, 0x1f}, [@ringbuf_output={{0x18, 0x5, 0x1, 0x0, r0}, {}, {0x3, 0x3, 0x3, 0xa, 0x5}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x28}}]}, &(0x7f0000000840)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)

4m32.743992763s ago: executing program 38 (id=323):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x7, 0x0, 0xffffffffffffffff, 0x4, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0xc, 0xc, &(0x7f0000000880)=@framed={{0x18, 0x0, 0x0, 0x1f}, [@ringbuf_output={{0x18, 0x5, 0x1, 0x0, r0}, {}, {0x3, 0x3, 0x3, 0xa, 0x5}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x28}}]}, &(0x7f0000000840)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)

4m26.510387826s ago: executing program 39 (id=297):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='net/fib_trie\x00')
preadv(r1, &(0x7f0000000040), 0x0, 0x1fffffc, 0x100)
ioctl$sock_inet6_SIOCADDRT(r1, 0x890b, 0x0)
socket$inet6_mptcp(0xa, 0x1, 0x106)
socket$inet6_mptcp(0xa, 0x1, 0x106)
ioctl$sock_inet_SIOCSIFADDR(r0, 0x891c, &(0x7f0000000540)={'batadv_slave_1\x00', {0x2, 0x0, @private=0xfffffffe}})

10.704533447s ago: executing program 9 (id=1049):
ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8914, 0x0)
r0 = accept4$tipc(0xffffffffffffffff, &(0x7f0000000100)=@name, 0x0, 0x80000)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB, @ANYRES32=0x1, @ANYBLOB="ca8bfa0b1a5915d5136edf7c99d202c0c9bbbec4827112600a36fefcb9f361aca0b86f3529f5e5d61805b63599e1c2c78d4938ea80d278edfb3bed1682477004b9ba0044799d0862aa3454a84b30223cd92347b6c026b409d6d7d8c00ee73a48f5f8f2957327ca6b28e427a0d6fb27ed5fc08577868930002ee6daa2f94a70a215d6deedc8aca20dd6404efad6f6f8", @ANYRES32=0x0, @ANYRESOCT=r0, @ANYBLOB='\x00'/25], 0x48)
r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000002380)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r2}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r4 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000040)='tlb_flush\x00', r3}, 0x10)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbee3, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000600)={{r1}, &(0x7f0000000580), &(0x7f00000005c0)='%+9llu \x00'}, 0x20)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, 0x0)
mlock2(&(0x7f0000018000/0x2000)=nil, 0x2000, 0x0)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
openat(r4, &(0x7f00000001c0)='./file0\x00', 0x1, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
r6 = accept4$tipc(r0, &(0x7f0000000200)=@id, &(0x7f0000000240)=0x10, 0x800)
bind$tipc(r6, &(0x7f0000000280)=@nameseq={0x1e, 0x1, 0x2, {0x40}}, 0x10)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r7, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x48, 0x2, 0x6, 0x301, 0x0, 0x0, {}, [@IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'list:set\x00'}]}, 0x48}}, 0x0)
sendmsg$IPSET_CMD_DEL(r5, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000300)={0x44, 0xa, 0x6, 0x101, 0xd000000, 0x0, {0x1}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_ADT={0x14, 0x8, 0x0, 0x1, [{0x10, 0x7, 0x0, 0x1, @IPSET_ATTR_NAME={0x9, 0x12, 'syz2\x00'}}]}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_LINENO={0x8}]}, 0x44}}, 0x0)
r8 = timerfd_create(0x8, 0x0)
timerfd_settime(r8, 0x3, &(0x7f00000000c0)={{0x77359400}, {0x0, 0x3938700}}, 0x0)
timerfd_settime(r8, 0x3, &(0x7f0000000000)={{}, {0x77359400}}, 0x0)
openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x100, 0x0)
socket$tipc(0x1e, 0x4, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000440), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000000480)={'wlan1\x00'})

9.879408864s ago: executing program 6 (id=1058):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$nl_route(0x10, 0x3, 0x0)
set_mempolicy(0x0, &(0x7f0000000000)=0x8, 0xfffffffffffffffb)
setuid(0xee00)
r1 = add_key$keyring(&(0x7f0000000280), &(0x7f00000002c0)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffff8)
request_key(&(0x7f0000000080)='id_legacy\x00', &(0x7f00000000c0)={'syz', 0x2}, &(0x7f0000000100)='&\x00', r1)
r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x8, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000a0000000000000000000000b7080000000000007baa00fe00000000b5080200000000007b8af0ff00000000bf8100000000000007010000a8d5b100bfa400000000000007040000f0ffffffb7", @ANYRES32=r2, @ANYBLOB="0000000000000000b705000008000000850000000800000095"], &(0x7f0000000300)='GPL\x00', 0x3, 0xff7, &(0x7f0000001e00)=""/4087, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
syz_clone3(&(0x7f0000000200)={0x184060100, 0x0, 0x0, 0x0, {0x3e}, 0x0, 0x0, 0x0, &(0x7f00000001c0)=[0x0], 0x1}, 0x58)
setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, 0x0, 0x220)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x8000, 0x2)

8.044867633s ago: executing program 3 (id=1060):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b708000000dfff007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
syz_open_dev$usbfs(&(0x7f0000000100), 0x205, 0x8401) (fail_nth: 7)

7.732577556s ago: executing program 9 (id=1061):
r0 = fsopen(&(0x7f0000000140)='udf\x00', 0x1)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000540)='\xd0\x9e^\xa0\xee\xc8\x17T\xb1GI\x90\xe2Q1\xb0\x8f\xe1\xa8\x95\xa0\xcd\fL\xf1<e\a\xa5\x8f\xab\x1a\xdaY\xfb\x03dhS\x97nZ\xf8\xc6\x1f\xd3K\xfa\xc8\x8d#\xce)\x9bg-D#g\x16\xf4\xd9\x00\x00\x00\x00\x00eA\x9f\xc3\x11\x18\xe6\xc5\x95\x9e!^\x97\b\x14\xc5\xad\t\f\xdeg\x8d\x16wW\xf6\xacE\xa3\xc8\xe7\xec\xd6\xbd\x1c+\n\xc7Q( \xba\xff\x17N\x1fB\x91\x15\x83\xec(B4/#W\xc5\x05\x9d\xd6\x02\x8cU!a\xdc|6\xdc\xee$\xb5\x1deC\xfb\xa2\xaa\xe0#\xcb\xde;sA\xad\xa6\xb6P\xa3\xf7\xc3\x93\xd4\xb6\x95\x02\xd8*\xa8\xd2\x94\xa3\x89\xa9\xa0\xc5\xc9=\xa5^', &(0x7f0000000240)='sockfs\x00', 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xc, 0x8b}, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
ioctl$BLKROGET(0xffffffffffffffff, 0x125e, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x3)
syz_clone(0x0, 0x0, 0xfffffe11, 0x0, 0x0, 0x0)
r2 = socket(0x10, 0x3, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$inet6(0xa, 0x802, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f00000021c0)='maps\x00')
read$char_usb(r4, &(0x7f0000000040)=""/4122, 0x101a)
r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000500)='status\x00')
setgroups(0x400000000000026f, &(0x7f0000000080)=[0x0, 0xee00])
lseek(r5, 0x9, 0x0)
syz_genetlink_get_family_id$ipvs(&(0x7f0000000180), r2)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000000)='\xd1S{O', &(0x7f0000000080)='\x1e\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000001680)='\xd0\x9e^\xa0\xee\xc8\x17T\xb1GI\x90\xe2Q1\xb0\x8f\xe1\xa8\x95\xa0\xcd\fL\xf1<e\a\xa5\x8f\xab\x1a\xdaY\xfb\x03dhS\x97nZ\xf8\xc6\x1f\xd3K\xfa\xc8\x8d#\xce)\x9bg-D#g\x16\xf4\xd9\x00\x00\x00\x00\x00eA\x9f\xc3\x11\x18\xe6\xc5\x95\x9e!^\x97\b\x14\xc5\xad\t\f\xdeg\x8d\x16wW\xf6\xacE\xa3\xc8\xe7\xec\xd6\xbd\x1c+\n\xc7Q( \xba\xff\x17N\x1fB\x91\x15\x83\xec(B4/#W\xc5\x05\x9d\xd6\x02\x8cU!a\xdc|6\xdc\xee$\xb5\x1deC\xfb\xa2\xaa\xe0#\xcb\xde;sA\xad\xa6\xb6P\xa3\xf7\xc3\x93\xd4\xb6\x95\x02\xd8*\xa8\xd2\x94\xa3\x89\xa9\xa0\xc5\xc9=\xa5^', &(0x7f0000000640)='dU|\xcbM\xe6\x91q\xe0\x05\xbes\xc0\xd2\xdb0}\xa6\xc4tly\xe0+\xb8~\xd9ymx\xa1\x06\xb4F\xf3Q:\xfem\xea\xed\xfc\x04\xf88\xe0\xa1&\xa8\xff\x10\xb3\xb2\x92N\f\x00!\xdbV\xc3\xca\r\x8c\xfb\x8esJ\xb3\x1bf\xce\v\x0e\xe3\xd5', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000280)='\xd0\x9e^\xa0\xee\xc8\x17T\xb1GI\x90\xe2Q1\xb0\x8f\xe1\xa8\x95\xa0\xcd\fL\xf1<e\a\xa5\x8f\xab\x1a\xdaY\xfb\x03dhS\x97nZ\xf8\xc6\x1f\xd3K\xfa\xc8\x8d#\xce)\x9bg-D#g\x16\xf4\xd9\x00\x00\x00\x00\x00eA\x9f\xc3\x11\x18\xe6\xc5\x95\x9e!^\x97\b\x14\xc5\xad\t\f\xdeg\x8d\x16wW\xf6\xacE\xa3\xc8\xe7\xec\xd6\xbd\x1c+\n\xc7Q( \xba\xff\x17N\x1fB\x91\x15\x83\xec(B4/#W\xc5\x05\x9d\xd6\x02\x8cU!a\xdc|6\xdc\xee$\xb5\x1deC\xfb\xa2\xaa\xe0#\xcb\xde;sA\xad\xa6\xb6P\xa3\xf7\xc3\x8f\xd4\xb6\x95\x02\xd8*\xa8\xd2\x94\xa3\x89\xa9\xa0\xc5\xc9=\xa5^', &(0x7f0000000100)='dm\x83:>\x18\xd5\a\xab\xbc\x0eP\t9\xe7\xf7', 0x0)
fsconfig$FSCONFIG_SET_FD(r0, 0x5, &(0x7f0000000ec0)='\xcfD\xbc\xbf\x95@\xd6j\'$\x1d\x14\xb7!\x8b\xff\xdc\x83\xc5$\xb3\xecr\xe4G:\x93\xdfj\x96\x7f\x03\xe5\x94\x04[\x02\xa9[>\xf9\x9c\x83@\x1e\x99\xcah\x85\xb8\xbeSAk\xf4\xb6 \xdf\xa0P\x18\x19\xae\x8c\x9a\x19mm\r<|\xe8\x9e\xa0x\x84p2\xf9\xe2\xed\xb0\f\x7f;\xf6J18G\x84c\x88\x9d{\xf4~\xdby\xe1\xdf\x1a\xae\xd6ez\xe5\xa8\xe1\'', 0x0, r0)
fsconfig$FSCONFIG_SET_BINARY(r0, 0x2, &(0x7f0000000a00)='u\xd3C1~', &(0x7f0000000b40)="b2", 0x1)
close(r0)

7.150293524s ago: executing program 3 (id=1062):
utime(0x0, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="18050000000000fe000000004b64ffec850000007d000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r0}, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
capset(0x0, &(0x7f0000000140))
setsockopt$bt_hci_HCI_FILTER(r3, 0x0, 0x2, 0x0, 0x0)

6.782484999s ago: executing program 9 (id=1063):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x8000, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'\x00', 0x2})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
ioctl$TCSETAF(0xffffffffffffffff, 0x5408, 0x0)
ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
openat$tcp_congestion(0xffffffffffffff9c, 0x0, 0x1, 0x0)
r2 = socket$inet6(0xa, 0x802, 0x0)
connect$inet6(r2, &(0x7f0000000000)={0xa, 0xe0, 0x0, @loopback}, 0x1c)
sendmmsg$inet6(r2, &(0x7f0000002940)=[{{0x0, 0x0, 0x0}}], 0x62, 0xff00)
ioctl$TUNSETLINK(r0, 0x400454cd, 0x300)

6.316720562s ago: executing program 1 (id=1064):
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000001c0)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000180)=@framed, &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000500)={&(0x7f0000000200)='contention_begin\x00', r0}, 0x10)
r1 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, 0x0, 0x0)
socket$key(0xf, 0x3, 0x2)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800"/13], 0x0, 0x0, 0x5b, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = socket(0x40000000015, 0x5, 0x0)
connect$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmsg$sock(0xffffffffffffffff, 0x0, 0x40400a0)
read$char_usb(0xffffffffffffffff, &(0x7f00000001c0)=""/4068, 0xfe4)
socket$inet6_mptcp(0xa, 0x1, 0x106)
r4 = userfaultfd(0x1)
ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x7d})
r5 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001480), 0x42002, 0x0)
r6 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x20000023896)
ioctl$TIOCVHANGUP(r5, 0x5437, 0x0)

5.706625733s ago: executing program 6 (id=1065):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0) (async, rerun: 64)
openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x80, 0x0) (rerun: 64)
setsockopt$inet6_IPV6_RTHDRDSTOPTS(r0, 0x29, 0x37, &(0x7f0000000340)=ANY=[@ANYBLOB="0c1d00000000000008e6cde0b848fa63688d6255068ca62a5639a78084c2f2b2f998b58862f626a985aee453ab8194f147fec4a1f9153d32a84ff34f983fd84fb7f1e5465232a31150ac169d496cd077459f4d198f68e47802d11c81d9546d17f8cc1d7bcb8e111836dc2739c4856fc7eceba0f37b43abfe8e9ac98e6c6f5cbdba97991c3013138e946d9feea3b5ff896edd99f009b297d5ce8d08cd5f47ab0cf5976b04500e5e7f01ac7ddeee41c4f6b13da120b83a68b24a77223ae872d90a87ecd75009c8f8976dba6654c4f8a4e17561dadab1287d1e2369e5272ad5044072bd1000000000000000803d1f52ba862ecbd9000000000000"], 0xf0) (async)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c) (async, rerun: 32)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0) (async, rerun: 32)
listen(r0, 0x0)
r1 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000040), 0x149642, 0x0)
setsockopt$inet_sctp6_SCTP_EVENTS(r1, 0x84, 0xb, &(0x7f0000000080)={0x8, 0x8, 0x3, 0x0, 0xb, 0xb, 0x8, 0x8, 0x0, 0x3, 0x3, 0x5, 0x7, 0x1}, 0xe)
syz_emit_ethernet(0x4a, &(0x7f0000000240)=ANY=[@ANYBLOB="aaaaaaaaaaaa00000000000086dd60ff00f500140600fe8000000000000000000000000000aafe8000000000000000000000000000aa00004e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="0000000000000000000000000000340bfd02e633de95513cbe109b7309a027a26cb1088b856ddf8aeed1f22e8586227b3d32dc7043039bb823246485c62b82375569d2e321baa04a40f13222beebf8fb9f945f71a1a337a61e1815d5f542c32ea540c95cd0ad754fc1aaacad21cb71a9b8d9d2fe2ad6ca9ffb7fe7c570e2f56c16d2134d926ae5801a36b1d427232cac2c52fa099f0ec2ca4b08a9"], 0x0)

5.416689003s ago: executing program 2 (id=1066):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000a80)='kfree\x00', r0}, 0x10)
pipe2$9p(&(0x7f0000000240)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
r3 = dup(r2)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB, @ANYRESHEX=r3])

4.92119876s ago: executing program 2 (id=1067):
bpf$BPF_PROG_QUERY(0x10, &(0x7f00000000c0)={@fallback, 0xd, 0x0, 0x1003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)

4.291420687s ago: executing program 6 (id=1068):
pipe(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
write$binfmt_script(r1, 0x0, 0x4e)
pipe(&(0x7f00000002c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
tee(r0, r2, 0x3, 0x0)
vmsplice(r0, &(0x7f0000000140)=[{&(0x7f00000003c0)='H', 0x1}], 0x1, 0x6)
preadv(r0, &(0x7f0000000300)=[{&(0x7f0000000000)=""/122, 0x7a}, {&(0x7f0000000180)=""/199, 0xc7}, {&(0x7f0000000400)=""/236, 0xec}, {&(0x7f0000000080)=""/124, 0x7c}, {&(0x7f0000000500)=""/202, 0xca}, {&(0x7f0000000600)=""/220, 0xdc}, {&(0x7f0000000280)=""/51, 0x33}], 0x7, 0x80000001, 0xe36)

4.196582412s ago: executing program 2 (id=1069):
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000001c0)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000180)=@framed, &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000500)={&(0x7f0000000200)='contention_begin\x00', r0}, 0x10)
r1 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, 0x0, 0x0)
socket$key(0xf, 0x3, 0x2)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800"/13], 0x0, 0x0, 0x5b, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = socket(0x40000000015, 0x5, 0x0)
connect$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmsg$sock(0xffffffffffffffff, 0x0, 0x40400a0)
read$char_usb(0xffffffffffffffff, &(0x7f00000001c0)=""/4068, 0xfe4)
socket$inet6_mptcp(0xa, 0x1, 0x106)
userfaultfd(0x1)
madvise(&(0x7f00000ee000/0x2000)=nil, 0x2000, 0x8)
r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001480), 0x42002, 0x0)
r5 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0)
sendfile(r4, r5, 0x0, 0x20000023896)
ioctl$TIOCVHANGUP(r4, 0x5437, 0x0)

4.091692766s ago: executing program 9 (id=1070):
socket$nl_route(0x10, 0x3, 0x0) (async)
r0 = socket$nl_route(0x10, 0x3, 0x0)
pipe2$9p(&(0x7f0000000240)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15)
getsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, 0x0, &(0x7f00000010c0))
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00304, 0x15)
syz_open_dev$sndctrl(&(0x7f0000004e80), 0x0, 0x0) (async)
r3 = syz_open_dev$sndctrl(&(0x7f0000004e80), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_LIST(r3, 0xc0505510, &(0x7f0000000140)={0x0, 0x2, 0x0, 0x0, &(0x7f0000001600)=[{}]}) (async)
ioctl$SNDRV_CTL_IOCTL_ELEM_LIST(r3, 0xc0505510, &(0x7f0000000140)={0x0, 0x2, 0x0, 0x0, &(0x7f0000001600)=[{}]})
r4 = dup(r2)
write$FUSE_BMAP(r4, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENTPLUS(r4, &(0x7f0000000500)=ANY=[@ANYBLOB="b0000000000000008d15c937040795e9ec0400339b8fd15e58a83b3da942"], 0xb0) (async)
write$FUSE_DIRENTPLUS(r4, &(0x7f0000000500)=ANY=[@ANYBLOB="b0000000000000008d15c937040795e9ec0400339b8fd15e58a83b3da942"], 0xb0)
getresuid(&(0x7f0000000440), &(0x7f0000000480), &(0x7f00000004c0)=<r5=>0x0)
r6 = syz_io_uring_setup(0xd79, &(0x7f00000035c0)={0x0, 0x0, 0x10100, 0x0, 0x1000}, &(0x7f0000000100)=<r7=>0x0, &(0x7f0000000440)=<r8=>0x0)
r9 = socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r7, r8, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r9, 0x0, 0x0})
io_uring_enter(r6, 0x291c, 0x0, 0x0, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0) (async)
r10 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r10, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=@newlink={0x40, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_AF_SPEC={0x4}, @IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @xfrm={{0x9}, {0x4}}}, @IFLA_MTU={0x8}]}, 0x40}}, 0x0)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r4, @ANYBLOB=',privport,access=', @ANYRESDEC=r5])
setsockopt$MRT_ADD_MFC(r4, 0x0, 0xcc, &(0x7f0000000000)={@private=0xa010100, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x1, "a8f81a6acc4df6af79a0f8050fdd1fa694f76af9e03a8fbdae07b8ad43f1e552", 0x8, 0x2, 0x43b, 0xfffffff8}, 0x3c) (async)
setsockopt$MRT_ADD_MFC(r4, 0x0, 0xcc, &(0x7f0000000000)={@private=0xa010100, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x1, "a8f81a6acc4df6af79a0f8050fdd1fa694f76af9e03a8fbdae07b8ad43f1e552", 0x8, 0x2, 0x43b, 0xfffffff8}, 0x3c)
sendmsg$nl_route_sched(r0, &(0x7f0000000300)={0x0, 0x2c, &(0x7f00000002c0)={&(0x7f00000004c0)=@newtaction={0x84, 0x30, 0xffff, 0x0, 0x0, {}, [{0x70, 0x1, [@m_police={0x6c, 0x1, 0x0, 0x0, {{0xb}, {0x5c, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x30, 0x1, {0x0, 0x0, 0x0, 0x0, 0x0, {}, {}, 0x9}}]]}, {0x10}, {0xc, 0xb}, {0xc, 0xa}}}]}]}, 0x84}}, 0x0)

4.091282956s ago: executing program 6 (id=1071):
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x7, 0x6, &(0x7f0000000700)=ANY=[@ANYBLOB="b601000000000000bd110000000000008510000002000000850000007600000095000000000000009500a5050000000077d8f3b4000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f68a7d06d75357f21699cdc6751dfb265a0e3ccae669e173a649c1cfd6587d472d64e7cc955d77578f4c35235138d5421f9453559c35da860e8ef14142b2a3e314422b854421eed734ceb1efeecb9c66854c3b3ffe1b4ce25d7c983c005c03bf3a48dfe3e26e7a23129d6606fd28a697a9d552af6d9a9df2c3af333e2008e11bbec0727cb3f647535deb6277f5696833a71011a7d06602e2fd5234712596b696418f163d1a13ed38a682f87925bfa753f631cd027edd68149ee99eebc6f7d6dd4ae59af7588c8e1f4efab57644ccb1973d7879b70a70001040000000000000000d7900a820b63278f4e9a217b98ef7042ad2a923132f208fd8289eaf8cd00000000000009d27d753a300800000000000000a5686f2fccc33e3e34c3969c5ad781302d40e97a8ad10ce0cbe17366d5ac6af2fca2360a15b80400d52040ef7b28d300747877e176fe4c4b8e40dbf260f5a9f7eee30293c1b163b795d0aef4deb851a30000f569dc8f39943f889008e1ec914faa9e6cd0b3b4b3b5db666ebeb49d6a62019d76459e70b459543c4ac42e53b4ad4c77cff373ebd95848f01864e456969cd28000170996016aceb583df5ee4dd722e8c350af489f9a900000000a0dcc36b3d7c734a9cce0439f832a20d7cbdcda5dff3ba92dd66afb9d74aa222038994dcd3e7784dbea1e51a15b0f1a040cc63177f8fafa3192fc8e5552da1a982ab8dfe31ad1a0968faa47c2069d6bf09c3aa4f0fc128cb578d99b08a150b4cc4b22f6a464c6398c952519818a44a1b223ff502df87865c276588ea478e328e8277e811b99ce1acfecaf8e2c55ccc4b8eae0a61635514e99ffd438784060f23ba74c0b30b1180d935832deb686d789ba1d436d116394534e88492a42b8bf050c719661a2dc50b3a1dcfbc871e5c27e3d7260f6fa589e40000b89db451ff994845f6b49c12e89291398bcb3c06ef1289f74e0b0e2cab592d35f82a69e7284223a171c616b1f0fee6c4711d7aecb69746064d2c096554975d605ebe646302bf3d5cf32a9a09915ae3f3d4eb96615d7b237da56cd5e9904a19e145f25b6d98eb2c019967f553b61d0e80d6913cee9f8d18469a654a239a84a85debbc02846ac5791278f18c6759e3b513a68284d2efc30587e433431b2896a3bd48020af67e9ac071b2dd6dc3b9efae4ff03558fa619aea909c7f2416e7e7da1c51ccc7e6ac27412f728dc6d80da8adf317ca863ed683897321f8c8bb5a5d953d6783b7a06353ee496bbdff418de3e53234df87756eb99e330253cf5da4aa1a9648a38f07e2d302b4165983db4f7b8972923fffa8c03c288512a3a38fbd7c816a44634f7a03fab30811b7b93257bea4369ba46024dee5e9b0b2c3d3324e9b7c1f99ab9bb3f498b1485373b79ec84a67dad4e37575dab87ce55a9a69ed856a4c4410d1242ac1bd1539094a641cc086c2c53e363beafc74ab4e9ff320373705cbf5644586ffe60d293944fa2d9dc18b55f1af5c42f27747bef1ffd0c1766f062d47d61bf9f64e6ee288fa7fc12d48da526527b9f5c318c93ec447cb8b5eee7aa8a1e85696af3dfef96657c0545c8ebd96528d9c28828e5befd80d684b03b6d153da3e3cbd3bfbf4a9375b8ad04a1d241bcb5d5505cb6cc7a44e2e24bd0b1ca4879caaff59d0ce39dc7f3fea447f4e46967855208e63ec988bd2692afefbed2b001205e4b30ee8fe417defa566a73ace8f01f7181de0ef25f1744896a3c38859e6148c42454949cd64b1a888e7fe9c2d86bb01023b6ddeb67f5eb038af3e460c771518a4126c338b0390d459361e03adf6e6b558b3651a0e33d101b5febfff82794203da18db6fcf89715c2d338f78d8b9220171b41f528f857a7cb79ca990de1208777e13faaa9b9cb9e67797b07d9eb9e909410b50c5d981d9a72aa36498b630519d1530ef0000000000000000000037fcffffffffffffff8db8379bd2044c652dff399a9f8bfa4e9c507f049d18837464276830461ee203ba51f6102d262fc9a26bc3638ecce24e65c55da6efaa462f03d0e119c963a8c7a522b59f5a7b44d018cb2648383073d9e032492cae44350bc0a85697f431392eb22cae093e85954af97d6d7b2e6e8f43353062275ad1578a431594243452a2bfb89f91d8eaac038e9e17136e7c698f73faaabb3d00000000000080014573789425c4c32da528d89356aa6d2ae6da082e756c80cf39053431080ea6cbf9997a5a0ddad0b9d12bc3f880476ab32f0feaac5f16e61f7b72b8c9082eec423c6b3eaecfdcc9ec72795e7696421c83b76c2d6bac19bc875d009679778d8ef97d7e05329649d97b0dc54bea9b650873de2d3d702690176e0b23ee5cb5e469a8d1612d611722e6200e3a297d92f8e1de98326c5ef2b89d4e2d47767cd755783e5d865e373338e96ceb8399f296c59b2d70ca27735ecaff62982616d3ac1ab041733bce119d8002a6c8a2b08b32551b2313b1a2ff41b3f04af61c69c85cb2da48215727271bac2ffdeb62d9f5dc4845f1c3f63dc806e615ee8d28d6d7f181e30807afa27f41d0364c746a65a47464db68f3c433d88dd625db35fded2c86d75af88efaf20c8b37c644b6c4e773a9589200faa553bc92f916b75ddbfa18ab73979f46947b35914286d2499a0b8c970000000000000000f4fe74e0c26ab52329bd600627b256ca44dd121ffc8dbb6e5f70cbe03efccac70375b30cc927574d254d1b46c607e8b1ca7d1511568c3ef4b6b885f4582bdcef74e5e010627fc8e4fe00000000000000000000869d9640f06b11df2971909b90133983308ea4f033de613763f32d913bcbe9dd082a6fff197a20730269e6cfd31275395833f1c2b8a50a94c30cceae2a11fe9b9b835d0da73891c0b3ce22dea6bf31e7f51808cf72f44b4455b77a778440795e152dc1b7bb0a5636aa4742ce4d331a47de5836539cdf289176527277b70c8162aaf6f9475418b478329f3565450acfaf07000000eab8cabfa97e35081967bb92a264b07e8003d2f15537e72a1e4ca5ec1e2aaaf8236ecdefbaf512c75e636b6b6f518ad20521f909b12e9bc97e408e0dc82f950d12705f35708bc862196abb27e8d7991b5273987f38c4706289ff4f6130cee76465d487a07a74452f87da2029bd3debd9870335d58d3fe1ac80574fa3ea312997ab81bc6f569ffdb10ba3f20a86d95128d13e0c778998d3b3114bfb07bd61e4bff8a5e2ce4aa572c63e09b44ca4a181bcfe4eec3ce843c65c4948169fe639a186acc2b4a96c6b8d4d2e6d53ab97bea01eab953e6e89e3af34d4ada217bc6fda0fb2095c49195d0d6f365ca80a955b9ec81240a84ef672afa369fc8e3d444ba35d0f51a0065a3b982d09dfc6874fc0d8079b185447cb8a695e132d4d613a529d9c77e2a8f7320ecf698e8a2b170fd601dc1a9767a38b10788e92d1356f6a6c1bcfb2d31b46e735db13f1be80bac1b6be04fd98610000000000000000000000000000139af5493f74751c5e2501a4936bc4a0fa516117f4ccadc692003adee0a080eba2f1059660c0ee0e9aec72d4d0fe095632e4f641b0e34c611c5b3e0ba05fa36542d40837dda323910672a9097d68398fd3539686e4288db0d6bf7cb8a1835f46dfe11865a66ef47e736dada06677a5bca133d6cbc8fe5c4557e51b006bdccd7c5f32ff1d9e8b130f77df09236870fb3de5b87b4f8acc13df534eba329b86670000000000000000b27a2616c03cdf6c009447a652bca9b325e73c0737d5b717945e4fe7a169c5e2c54fc71a4104aa7cf0f5d30e2fcd9503650edbd8a5971a9a1fde5e5df37469ae204a6e899eacc1e63034cbabc5604739881cb82604bed3e53696a0606b26b879ef232a1a038291389593d1575cb79aa8284cf01a7e1a456acab9d8d608ad69d4c4b56492af7004e7ed9d47c5db3d76a00bea7c804f3a3638408bc1636f1009b7f185f51606918eaa0ab6bef11ae3d300"], &(0x7f0000000080)='GPL\x00', 0x9, 0xc4, &(0x7f00000000c0)=""/196, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
syz_usb_connect(0x5, 0x24, &(0x7f0000000580)=ANY=[@ANYBLOB="12010000e2793b10d10501200036a85128010902120001000010000904"], 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x7, 0x6, &(0x7f0000000700)=ANY=[@ANYBLOB="b601000000000000bd110000000000008510000002000000850000007600000095000000000000009500a5050000000077d8f3b4000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f68a7d06d75357f21699cdc6751dfb265a0e3ccae669e173a649c1cfd6587d472d64e7cc955d77578f4c35235138d5421f9453559c35da860e8ef14142b2a3e314422b854421eed734ceb1efeecb9c66854c3b3ffe1b4ce25d7c983c005c03bf3a48dfe3e26e7a23129d6606fd28a697a9d552af6d9a9df2c3af333e2008e11bbec0727cb3f647535deb6277f5696833a71011a7d06602e2fd5234712596b696418f163d1a13ed38a682f87925bfa753f631cd027edd68149ee99eebc6f7d6dd4ae59af7588c8e1f4efab57644ccb1973d7879b70a70001040000000000000000d7900a820b63278f4e9a217b98ef7042ad2a923132f208fd8289eaf8cd00000000000009d27d753a300800000000000000a5686f2fccc33e3e34c3969c5ad781302d40e97a8ad10ce0cbe17366d5ac6af2fca2360a15b80400d52040ef7b28d300747877e176fe4c4b8e40dbf260f5a9f7eee30293c1b163b795d0aef4deb851a30000f569dc8f39943f889008e1ec914faa9e6cd0b3b4b3b5db666ebeb49d6a62019d76459e70b459543c4ac42e53b4ad4c77cff373ebd95848f01864e456969cd28000170996016aceb583df5ee4dd722e8c350af489f9a900000000a0dcc36b3d7c734a9cce0439f832a20d7cbdcda5dff3ba92dd66afb9d74aa222038994dcd3e7784dbea1e51a15b0f1a040cc63177f8fafa3192fc8e5552da1a982ab8dfe31ad1a0968faa47c2069d6bf09c3aa4f0fc128cb578d99b08a150b4cc4b22f6a464c6398c952519818a44a1b223ff502df87865c276588ea478e328e8277e811b99ce1acfecaf8e2c55ccc4b8eae0a61635514e99ffd438784060f23ba74c0b30b1180d935832deb686d789ba1d436d116394534e88492a42b8bf050c719661a2dc50b3a1dcfbc871e5c27e3d7260f6fa589e40000b89db451ff994845f6b49c12e89291398bcb3c06ef1289f74e0b0e2cab592d35f82a69e7284223a171c616b1f0fee6c4711d7aecb69746064d2c096554975d605ebe646302bf3d5cf32a9a09915ae3f3d4eb96615d7b237da56cd5e9904a19e145f25b6d98eb2c019967f553b61d0e80d6913cee9f8d18469a654a239a84a85debbc02846ac5791278f18c6759e3b513a68284d2efc30587e433431b2896a3bd48020af67e9ac071b2dd6dc3b9efae4ff03558fa619aea909c7f2416e7e7da1c51ccc7e6ac27412f728dc6d80da8adf317ca863ed683897321f8c8bb5a5d953d6783b7a06353ee496bbdff418de3e53234df87756eb99e330253cf5da4aa1a9648a38f07e2d302b4165983db4f7b8972923fffa8c03c288512a3a38fbd7c816a44634f7a03fab30811b7b93257bea4369ba46024dee5e9b0b2c3d3324e9b7c1f99ab9bb3f498b1485373b79ec84a67dad4e37575dab87ce55a9a69ed856a4c4410d1242ac1bd1539094a641cc086c2c53e363beafc74ab4e9ff320373705cbf5644586ffe60d293944fa2d9dc18b55f1af5c42f27747bef1ffd0c1766f062d47d61bf9f64e6ee288fa7fc12d48da526527b9f5c318c93ec447cb8b5eee7aa8a1e85696af3dfef96657c0545c8ebd96528d9c28828e5befd80d684b03b6d153da3e3cbd3bfbf4a9375b8ad04a1d241bcb5d5505cb6cc7a44e2e24bd0b1ca4879caaff59d0ce39dc7f3fea447f4e46967855208e63ec988bd2692afefbed2b001205e4b30ee8fe417defa566a73ace8f01f7181de0ef25f1744896a3c38859e6148c42454949cd64b1a888e7fe9c2d86bb01023b6ddeb67f5eb038af3e460c771518a4126c338b0390d459361e03adf6e6b558b3651a0e33d101b5febfff82794203da18db6fcf89715c2d338f78d8b9220171b41f528f857a7cb79ca990de1208777e13faaa9b9cb9e67797b07d9eb9e909410b50c5d981d9a72aa36498b630519d1530ef0000000000000000000037fcffffffffffffff8db8379bd2044c652dff399a9f8bfa4e9c507f049d18837464276830461ee203ba51f6102d262fc9a26bc3638ecce24e65c55da6efaa462f03d0e119c963a8c7a522b59f5a7b44d018cb2648383073d9e032492cae44350bc0a85697f431392eb22cae093e85954af97d6d7b2e6e8f43353062275ad1578a431594243452a2bfb89f91d8eaac038e9e17136e7c698f73faaabb3d00000000000080014573789425c4c32da528d89356aa6d2ae6da082e756c80cf39053431080ea6cbf9997a5a0ddad0b9d12bc3f880476ab32f0feaac5f16e61f7b72b8c9082eec423c6b3eaecfdcc9ec72795e7696421c83b76c2d6bac19bc875d009679778d8ef97d7e05329649d97b0dc54bea9b650873de2d3d702690176e0b23ee5cb5e469a8d1612d611722e6200e3a297d92f8e1de98326c5ef2b89d4e2d47767cd755783e5d865e373338e96ceb8399f296c59b2d70ca27735ecaff62982616d3ac1ab041733bce119d8002a6c8a2b08b32551b2313b1a2ff41b3f04af61c69c85cb2da48215727271bac2ffdeb62d9f5dc4845f1c3f63dc806e615ee8d28d6d7f181e30807afa27f41d0364c746a65a47464db68f3c433d88dd625db35fded2c86d75af88efaf20c8b37c644b6c4e773a9589200faa553bc92f916b75ddbfa18ab73979f46947b35914286d2499a0b8c970000000000000000f4fe74e0c26ab52329bd600627b256ca44dd121ffc8dbb6e5f70cbe03efccac70375b30cc927574d254d1b46c607e8b1ca7d1511568c3ef4b6b885f4582bdcef74e5e010627fc8e4fe00000000000000000000869d9640f06b11df2971909b90133983308ea4f033de613763f32d913bcbe9dd082a6fff197a20730269e6cfd31275395833f1c2b8a50a94c30cceae2a11fe9b9b835d0da73891c0b3ce22dea6bf31e7f51808cf72f44b4455b77a778440795e152dc1b7bb0a5636aa4742ce4d331a47de5836539cdf289176527277b70c8162aaf6f9475418b478329f3565450acfaf07000000eab8cabfa97e35081967bb92a264b07e8003d2f15537e72a1e4ca5ec1e2aaaf8236ecdefbaf512c75e636b6b6f518ad20521f909b12e9bc97e408e0dc82f950d12705f35708bc862196abb27e8d7991b5273987f38c4706289ff4f6130cee76465d487a07a74452f87da2029bd3debd9870335d58d3fe1ac80574fa3ea312997ab81bc6f569ffdb10ba3f20a86d95128d13e0c778998d3b3114bfb07bd61e4bff8a5e2ce4aa572c63e09b44ca4a181bcfe4eec3ce843c65c4948169fe639a186acc2b4a96c6b8d4d2e6d53ab97bea01eab953e6e89e3af34d4ada217bc6fda0fb2095c49195d0d6f365ca80a955b9ec81240a84ef672afa369fc8e3d444ba35d0f51a0065a3b982d09dfc6874fc0d8079b185447cb8a695e132d4d613a529d9c77e2a8f7320ecf698e8a2b170fd601dc1a9767a38b10788e92d1356f6a6c1bcfb2d31b46e735db13f1be80bac1b6be04fd98610000000000000000000000000000139af5493f74751c5e2501a4936bc4a0fa516117f4ccadc692003adee0a080eba2f1059660c0ee0e9aec72d4d0fe095632e4f641b0e34c611c5b3e0ba05fa36542d40837dda323910672a9097d68398fd3539686e4288db0d6bf7cb8a1835f46dfe11865a66ef47e736dada06677a5bca133d6cbc8fe5c4557e51b006bdccd7c5f32ff1d9e8b130f77df09236870fb3de5b87b4f8acc13df534eba329b86670000000000000000b27a2616c03cdf6c009447a652bca9b325e73c0737d5b717945e4fe7a169c5e2c54fc71a4104aa7cf0f5d30e2fcd9503650edbd8a5971a9a1fde5e5df37469ae204a6e899eacc1e63034cbabc5604739881cb82604bed3e53696a0606b26b879ef232a1a038291389593d1575cb79aa8284cf01a7e1a456acab9d8d608ad69d4c4b56492af7004e7ed9d47c5db3d76a00bea7c804f3a3638408bc1636f1009b7f185f51606918eaa0ab6bef11ae3d300"], &(0x7f0000000080)='GPL\x00', 0x9, 0xc4, &(0x7f00000000c0)=""/196, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) (async)
syz_usb_connect(0x5, 0x24, &(0x7f0000000580)=ANY=[@ANYBLOB="12010000e2793b10d10501200036a85128010902120001000010000904"], 0x0) (async)

3.504753415s ago: executing program 1 (id=1072):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL802154_CMD_GET_WPAN_PHY(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, r1, 0x7d243a6ea807936d, 0x70bd25, 0xfffffffe}, 0x14}, 0x1, 0x0, 0x0, 0x810}, 0x800)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000280)={'wpan4\x00', <r3=>0x0})
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'wpan4\x00', <r4=>0x0})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r5 = getpid()
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
sendmmsg$unix(r6, &(0x7f00000bd000), 0x318, 0x0)
r7 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x80042, 0x0)
writev(r7, &(0x7f00000000c0)=[{&(0x7f0000000340)="031f31b1f09d76af21e3b0224966a232dc1f5bfd8a29f730b10a53e756087a1df416fd804b636964220910b05962d95d7fb7873e8a0b7b62d7384dbd12b536f0e55e588092441663f9665e4b39f8eb3430840ac3c6ad014d6268fca6b3fc43da09b1d0a95d18e26a8e0ddd857f4911abb72ced02e4f1fe5ebb35042436374c7119229c019819a8491bdd74a299ca4fa71ee05f4c49c99de404b76d08fb1938674fa45fd06104cfcc08e9c017a2769a77e1a9e4da0e451353ca53b990500b18e4f4bb5cf1309fe4707c3f7200"/218, 0xda}, {&(0x7f0000000640)="ffb3ef96fd55310531a92b9d4b2ebcb168c3e90db153fe8bc3c9e2cfd50d22329495b92a7e12a948fff8e40f44798512135fd8fec900cca0c10e9e61d61cff5507f9298209ab8dd95ba0cb024a07dc20d07ac8940c729de29318e23818b2169da4374e8ec904573105b3dafbed9c3958b6570ec6117f2a8b7823b94056c0bcfd679f57db483bb7631bfd74f5f73cdebd19d4bd31a81d7c73c4428a65dc3820987e1ea1c45773112d4e2b1cc8064f220c7b2d673f84d4b1a5a9aedc2063b740198f57d0848358b2cf118bfcdc7c40303dee672f1ca6384e006460df438bde154a0c", 0xe1}, {&(0x7f0000000140)="74812905b8bd297a48dc5adfa4052d6e7cdd8c1615a231859ac522b4ae78d7f1b3619ed73f0e93cf3ccd30f4e58303dfd9d20af483a3406d486bad53698267735b", 0x41}, {&(0x7f0000000000)="7c73c1e117e291cb6cef4163ed06963af9a19a5183aa91163ef7aa02b707e09546e781172decfece433c", 0x2a}, {&(0x7f00000004c0)="790f076461633e860315f3328f99377a0aa835675115acd2b7f10f5db17ec3fde9b974183c45cef27e5f95a42d5eee4f9c3ba0ef5c6601d08076576cddefe74f2b3b23c3b16076675cb1bcdede8d819967d59a7b7c2c34e76233d38be07bc9d91e27bfe688115bb226db5e1179a69c22357df381e6a73bd8b4132f610008d32103ebde594b4611450ab4bd7e97a51718c9e186ee8ae006e66ea2c6afbdfc76b2c4ba738000000021bfce27e702bb3159ac514b3b7141d184fc95a53e825dd7a264360483622d808bcc55ecdc58eaba26d65e8fb40c1446c7d56358b40a0632a44acdfd8232d2e421f97e40b190155087b0bab3d0d816eb3671842438c631384ca936a989ecb918492452a72e4c60592557ca046e36b047c4ca8a7a82b79e1bebf1d3668eceaf6899dc759640ba5fc108ada047d13471fc5aed0dcf3ba6ea78297ef956f42c6d5786f099da4e55771ad021baea2b99a7", 0xfe44}], 0x5)
ioctl$TIOCVHANGUP(r7, 0x5437, 0x0)
sendmsg$NL802154_CMD_SET_SHORT_ADDR(r0, &(0x7f0000000380)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x3c, r1, 0x800, 0x70bd2a, 0x25dfdbfe, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r3}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r4}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4000000}, 0x8000)
r8 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$TIPC_NL_MON_GET(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000001c0)={&(0x7f0000000080)={0x128, r8, 0x10, 0x70bd28, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0xb0, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_PROP={0x4c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x2}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x80}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xe7f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1ff}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xfffffe00}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}]}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7eee}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x19}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x91}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}]}]}, @TIPC_NLA_NET={0x18, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ADDR={0x8, 0x2, 0x1000}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x4800000000000000}]}, @TIPC_NLA_LINK={0x4c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_PROP={0x24, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x401}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xd71}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x2}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0xfffffffa}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}]}, 0x128}, 0x1, 0x0, 0x0, 0x40}, 0x80)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r9 = getpid()
sched_setscheduler(r9, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r10=>0xffffffffffffffff, <r11=>0xffffffffffffffff})
connect$unix(r10, &(0x7f0000000380)=@abs, 0x6e)
sendmmsg$unix(r11, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r10, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r12 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r12}, 0x10)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)
openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0)

3.31276646s ago: executing program 9 (id=1073):
r0 = syz_io_uring_setup(0xd79, &(0x7f00000035c0)={0x0, 0x0, 0x10100, 0x0, 0x1000}, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000440)=<r2=>0x0)
r3 = socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x0, 0x0})
io_uring_enter(r0, 0x291c, 0xeffdffff, 0x0, 0x0, 0x0)

3.258567384s ago: executing program 2 (id=1074):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000400)=@raw={'raw\x00', 0x3c1, 0x1a6cc7, 0x3a8, 0x0, 0x5802, 0x294, 0x0, 0x294, 0x2d8, 0x378, 0x378, 0x2d8, 0x378, 0x3, 0x0, {[{{@ipv6={@mcast2, @remote, [0xffffff00, 0xff, 0xff000000, 0xff000000], [0xff, 0xff, 0xff, 0xff000000], 'veth0_to_hsr\x00', 'bond_slave_0\x00', {0xff}, {0xff}, 0x0, 0x0, 0x2, 0x80}, 0x0, 0xa8, 0x1d0, 0x52020000}, @common=@unspec=@SECMARK={0x128, 'SECMARK\x00', 0x0, {0x1, 0xe5f6, 'system_u:object_r:etc_aliases_t:s0\x00'}}}, {{@ipv6={@loopback, @remote, [], [0x0, 0x0, 0x0, 0xffffffff], 'pim6reg0\x00', 'gre0\x00', {0xff}, {}, 0x0, 0x81}, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@multicast2, [0xff, 0xff000000, 0xffffff00, 0xffffff], 0x4e22, 0x4e20, 0x4e23, 0x4e23, 0xfff, 0x7, 0xc, 0x3, 0x8}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x408)

3.178748864s ago: executing program 9 (id=1075):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$nl_route(0x10, 0x3, 0x0)
set_mempolicy(0x0, &(0x7f0000000000)=0x8, 0xfffffffffffffffb)
setuid(0xee00)
r1 = add_key$keyring(&(0x7f0000000280), &(0x7f00000002c0)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffff8)
request_key(&(0x7f0000000080)='id_legacy\x00', &(0x7f00000000c0)={'syz', 0x2}, &(0x7f0000000100)='&\x00', r1)
r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x8, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000a0000000000000000000000b7080000000000007baa00fe00000000b5080200000000007b8af0ff00000000bf8100000000000007010000a8d5b100bfa400000000000007040000f0ffffffb7", @ANYRES32=r2, @ANYBLOB="0000000000000000b705000008000000850000000800000095"], &(0x7f0000000300)='GPL\x00', 0x3, 0xff7, &(0x7f0000001e00)=""/4087, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
syz_clone3(&(0x7f0000000200)={0x184060100, 0x0, 0x0, 0x0, {0x3e}, 0x0, 0x0, 0x0, &(0x7f00000001c0)=[0x0], 0x1}, 0x58)
setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, 0x0, 0x220)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x8000, 0x2)

2.958770003s ago: executing program 2 (id=1076):
socket$inet6(0xa, 0x3, 0x3c)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x2200, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xc, 0x10, &(0x7f0000000500)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, {}, {}, [@call={0x85, 0x0, 0x0, 0x7}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f00000007c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r2, 0xfca804a0, 0x10, 0x38, &(0x7f00000002c0)="b800000500000000", &(0x7f0000000300)=""/8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_CPUID2(r3, 0x4008ae90, &(0x7f0000000040)=ANY=[@ANYBLOB="02000000006d000000000000f8ffffff020000000800000002000000050000000b0c00000000000000eaffffff00000100000000000000610500000008000000fa"])
ioctl$KVM_SET_VCPU_EVENTS(r3, 0x4400ae8f, &(0x7f0000000000)=@arm64={0x81, 0x10, 0x5, '\x00', 0x8000000000000003})
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f00000004c0)=ANY=[@ANYBLOB="010000000015000072000040"])

2.572251102s ago: executing program 3 (id=1077):
r0 = openat$vimc2(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0)
r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
r2 = syz_open_procfs$pagemap(0xffffffffffffffff, &(0x7f0000000280))
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000001fc0)=@delchain={0x4c0, 0x65, 0x200, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff2}, {0x4, 0xe}}, [@filter_kind_options=@f_route={{0xa}, {0x490, 0x2, [@TCA_ROUTE4_FROM={0x8, 0x3, 0x40}, @TCA_ROUTE4_ACT={0x484, 0x6, [@m_simple={0x21c, 0x1f, 0x0, 0x0, {{0xb}, {0x98, 0x2, 0x0, 0x1, [@TCA_DEF_PARMS={0x18, 0x2, {0x8401, 0x2, 0x1, 0x2, 0x8}}, @TCA_DEF_DATA={0x2d, 0x3, '@-^[\xa5&,.\x00pe\xe9\xb9\xf1Q+=\xdf\xacqd\xb4\xd3\rj6\xb4\xa6fz\x91\xa6\xe9\xdfy\xef\xbcY\xbb[a'}, @TCA_DEF_DATA={0x7, 0x3, 'lo\x00'}, @TCA_DEF_PARMS={0x18, 0x2, {0x0, 0x403, 0xfffffffffffffffe, 0x6, 0x2}}, @TCA_DEF_DATA={0x7, 0x3, '\xfc}\x00'}, @TCA_DEF_PARMS={0x18, 0x2, {0x6, 0x1, 0x0, 0x4, 0x8}}, @TCA_DEF_DATA={0xb, 0x3, 'j\xbf!*{$\x00'}]}, {0x159, 0x6, "bb56072c27c5e2984fb9b39740c7dea2e6372a168bf1fdb8ecb6019c9f5db834fcaca18620641b7aab2922e19d2f9b062f5ec4be8a5a603fe7236ffd67f60e9e007b34543ac14c27acd7e5a1f78c6de0f9cb58fc8855dae5289e4e856559f64bc5a1c5683263937fdd088e5f34874e0d2d2273a7a09810d9042b32fb69223c74e88c41fda5268c22a3107d32ee49d3a99665178abfde24d27a872b23ece9d09c9560070a6e3cca383ccb4d1a6d7c302ab3ee820e67d26e78f72566a2f9765698d783e6c14d8da6156473bc39143eaba66c1921f94f19f65bc88b127c0eb8ac765b9220105c7c1060a0ddc63f80d90bc3848a4fa52f73aaa4e21a1f0d6078cc5386cdfb2eef199f5261cf64455c3d8b7584e7e01a4e794f882f04307913cd5e00e1ebd8bbb0e6ed906dfc64b4608f285ecdef3d31a8bdcee436f22615785877343e6d37e39f8da9b11c6d72daba3a7fadbbfc2dce2c"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x3, 0x1}}}}, @m_vlan={0x180, 0x1a, 0x0, 0x0, {{0x9}, {0x14, 0x2, 0x0, 0x1, [@TCA_VLAN_PUSH_VLAN_PROTOCOL={0x6, 0x4, 0x88a8}, @TCA_VLAN_PUSH_VLAN_ID={0x6, 0x3, 0xb7e}]}, {0x144, 0x6, "b4f5f8a000aed611d1e3ee1aaa84601c97299db7511af811242f5e599e70462ff947d7fce8171ca76d6272e5926e4bcc41c5f2a45eda585981ca0de6f00b6a83a630a32eb3d933702dde61376ab26952f74f090fb6858f97715363bfca363004ef43db3a48e84090d7517b700dc6a2a2f94e7329147f25670ca37779fb3bb34630b673bfa93845abd7c43a11e2c7d51cd033af07fdedab1b0a4fd3289168734a438364c97d8981f7ea99970add192fb533e3fc0791494427d5c5c48b1f99b2933a263cfb4ca5c4ae41bb0d4ad806597b90b1569a91f0af9997eb0a37a98b616eeb9b0e0d88e3faa90e480ed36ed0731503f2a4bda6e9158fad7756a073b2cec8125c7d5602435a45a08326af0e7747f578e665ebb2f9ab898c667a3ca1a6eed951af651f993921fe32aecbeb8ef820086bf30231e14fc982f6cb6989aa897dfb"}, {0xc}, {0xc, 0x8, {0x3, 0x3}}}}, @m_vlan={0xe4, 0xc, 0x0, 0x0, {{0x9}, {0x3c, 0x2, 0x0, 0x1, [@TCA_VLAN_PUSH_VLAN_ID={0x6, 0x3, 0x30a}, @TCA_VLAN_PUSH_VLAN_ID={0x6, 0x3, 0x4e9}, @TCA_VLAN_PUSH_VLAN_PROTOCOL={0x6, 0x4, 0x8100}, @TCA_VLAN_PUSH_VLAN_ID={0x6, 0x3, 0x715}, @TCA_VLAN_PUSH_VLAN_ID={0x6, 0x3, 0x8a7}, @TCA_VLAN_PUSH_VLAN_ID={0x6, 0x3, 0xb35}, @TCA_VLAN_PUSH_VLAN_ID={0x6, 0x3, 0x5d9}]}, {0x7d, 0x6, "eda7d7a535361ed0c9b32a364b522addd6669254402ee3ff325c8cea5004909bdc00830603507c7cc3cb8a9b0bfd1aa374f3d137bd1e7f8b57e264a568809005b37e0f9e7b458fe6d976cd4a52b8661fb1fc93f220613f0a0b672f610c1e30c05bb4f3d26355d6814b92f64fbdf7f78493ce0e94faef87090b"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x1}}}}]}]}}]}, 0x4c0}, 0x1, 0x0, 0x0, 0x40}, 0x0)
ioctl$VIDIOC_SUBDEV_S_SELECTION(r0, 0xc040563e, &(0x7f0000000100)={0x1, 0x0, 0x1, 0x5, {0x5, 0xffff, 0x100, 0x2}})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)=@newlink={0x60, 0x10, 0x705, 0x0, 0x20000000, {0x0, 0x0, 0x600, 0x0, 0x20040}, [@IFLA_LINKINFO={0x40, 0x12, 0x0, 0x1, @macvlan={{0xc}, {0x30, 0x2, 0x0, 0x1, [@IFLA_MACVLAN_MODE={0x8}, @IFLA_MACVLAN_MACADDR={0xa, 0x4, @random="5cfedd01a69e"}, @IFLA_MACVLAN_MACADDR_DATA={0x10, 0x5, 0x0, 0x1, [{0xa, 0x4, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}]}, @IFLA_MACVLAN_MACADDR_MODE={0x8}]}}}]}, 0x60}}, 0x0)
r3 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0)
writev(0xffffffffffffffff, &(0x7f0000000040)=[{&(0x7f00000005c0)="58020000140091d427323b4725458db45602117fffefd7ff81000e224e227f0000017b00090080007f000001e809000000ff0000f03ac7100003ffffffffffff0000000110", 0x45}], 0x1)
capset(&(0x7f0000000140)={0x20071026}, &(0x7f0000000240))
r4 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0)
ioctl$DRM_IOCTL_GET_STATS(r4, 0x80f86406, 0x0)
ioctl$SCSI_IOCTL_SEND_COMMAND(r3, 0x1, &(0x7f0000000040)=ANY=[@ANYRES64=0x0])
r5 = socket(0x10, 0x803, 0x0)
sendto(r5, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r5, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x14}, {&(0x7f00000007c0)=""/154, 0x7e}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41, 0xb00}}], 0x4000000000003b4, 0x0, &(0x7f0000003700)={0x77359400})
ioctl$PAGEMAP_SCAN(r2, 0xc0606610, &(0x7f0000000340)={0x60, 0x0, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x100000001, &(0x7f00000002c0)=[{0x10000, 0x3, 0x4}], 0x1, 0x400, 0x22, 0x13, 0x7c, 0x25})
connect$netrom(r1, &(0x7f0000000000)={{0x6, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}}, [@default, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @default, @bcast]}, 0x48)
connect$netrom(r1, &(0x7f0000000080)={{0x6, @rose={0xbb, 0xbb, 0xbb, 0x2}}, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @default, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x8, 0x0}, @default, @bcast]}, 0x10)
syz_emit_ethernet(0x32, &(0x7f0000000000)=ANY=[@ANYBLOB="bbbbbbbbbb1ccc000000000008004500002400000000002f9078ac141400e0000001000065580401907800d8621b002c17a9"], 0x0)
ioctl$VIDIOC_ENUM_FRAMESIZES(r0, 0xc02c564a, &(0x7f0000000280)={0xff, 0x59565955, 0x3, @stepwise={0xffff, 0xf, 0x5bfe, 0x0, 0x0, 0x2}})

2.564091419s ago: executing program 1 (id=1078):
fsetxattr$security_capability(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000080)=@v2={0x2000000, [{0x401, 0xf8}, {0x7, 0x80000000}]}, 0x14, 0x1)
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000206d049cc20000000000010902a400010000000009040000010300000009210000000122050009058103"], 0x0) (async)
signalfd(0xffffffffffffffff, &(0x7f00007aeff8), 0x8)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x8b}, 0x0) (async)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) (async, rerun: 64)
kcmp(0x0, 0x0, 0x2, 0xffffffffffffffff, 0xffffffffffffffff) (async, rerun: 64)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) (async, rerun: 32)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) (rerun: 32)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) (async, rerun: 64)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) (async, rerun: 64)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async)
r5 = mq_open(&(0x7f0000001140)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xd3\xa7\xd8J\xfd\x94#KT\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\x88N\xb8\xde\xeb)\xcd\xc56m\n\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88|0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc\x02\xea\x91\xe8\xd8\x01YZy\xe6!\x89\x9c\xd1\xa6\x167\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1[\x84\x10aF\x9b\xda\xeb\xc4*\x02q\xb2\x92\x00\x8cv\xac AN\xb9\xaa\xe0\x9d\x97Te\x81\x98L\xfe\x97+u\xd3^\xb1\xf0\xe0\x1f\xbd\a\xbb\xe5\x18\x9ds\x12ha\x00\xeb\x84\x99\xc6\x0f\xf1\xd5LD\xa87\xa0DQ\x8a2\x16!8,\xbc%$\xf1\xf2\xd6\x9cy\xecK\xda\xc5\xdc\xfa\xdd\xf6\b\xc6\xb4\x14\x16\x9c\x7f\x92\x85\xb0\xa2%:\xf0\xf4\x150\x0f\xb4\xa6d\xb4\xe4L\x19W\xd5\x90\xf7l\x1b\xfe\xde\vh\x97=m\x82.\xac\vh\xfe\x84Q}\x838/\x83\xebP\xbe\xd6+:\xceE\\\x95\xd4\xac\x92\x87\xd7\x98\x97\xe3\xec\xad\xd5\xac\x80C\x84R\x88r^g\xbaQ(\x9a>\xe2\xba\xa8=\x17\f04\x8f\x1f\xf2\x88*@v\xe7\xd1\xee\xb3\xc2\x8dT\xda\x81g\xd9\x1a:hzW6s)x\x06\xae\x11\xf2\x1e\xcd\v\xe5L\x19\x96s\xbc\x9e\xf4\x10$\r\xa4\xd8\xa2\xa2\xfcM\xc5R3~$\xc0\xa5n\x9a W\xb1e\xcc<$\xdf\x15\f]\x15\xf5#G\xce\xaf\x88U\xfa\x80\xf24\xf6\xb5\xef\xe2z\xcf\x9eN\x92\xac\x81{\xe6\xbd\xd7\x16\xe6F\xe2\x9e\x91%\x94\v\xb9\xdc\xd6\x87\x8f\xcd\xc1\xb05\x81\x81\xf8\xe9X\xe8Kt9@\xf4\xe1\xa6=\xc9\xe1:p4\nP[f\x1d\xfd\xfa\x839\x8d\x0e\xd1\xf9\xa0\xd2^E\xe5\xedo.\xaa\xf2\xb4\xcdn\x14\f\xcd\x83_yk\xda\xc5\x89\xf0Z\xea\x1d\xbd\xc00\v\xa3\xb3\xbe\xe6\x8b\x18/\xa8\xaaY\xf2\x89\x0f\x9enOOr\x00\xb2\x01\x1f:Z\xb8\xee;\xe3;\x8aPV\xce\xee\xf8[\x16\n\xe6:z\xb8\x1dvk\a{\xc1\x14\xd9+\xdb\t\x11\x90y\xe8\\\xe6\xfc\xca\xb4\xcbC\xd6\xd0\xbeC\xce\xc0L\xdb\xcd\xb3\x907c\xb4\xa6\xce\xdb[\xce\x122N\xa3\xc7Q<\x1a\xa5\xb3)\xc5\x98\x84\x8a\x82\x19\xb0\t\xac\x10\\\x8c\xbe\xcb\raIYe[\xa8\xc4\xac\x0e\xbb\x0f\b^\xdag\xe2\xa9\"\xf5h\'\xcf\xd9\x1b\xef\xe3\xe7y\x82\x1e\xca\x7f\x02 \xcf\x9e\xe0\xd9TM\xb9\n\xa9\xad3\x91\xa5\xe6!\xcd\xa2\xa4\x14\x12\xf9\xbf\xa8b\xcec:\xd7\'\f\f\x957\xc9}\r\xa6\xaa\x0f\xca\x96\xeb', 0x42, 0x0, 0x0)
mq_unlink(0x0) (async, rerun: 32)
close(r5) (async, rerun: 32)
syz_genetlink_get_family_id$nbd(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NBD_CMD_STATUS(r1, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x7a0f5125e42cab0c}, 0x8000) (async)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000640)=@newlink={0x40, 0x10, 0x437, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x4048b}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @sit={{0x8}, {0x14, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LOCAL={0x8, 0x2, @loopback}, @IFLA_IPTUN_REMOTE={0x8, 0x3, @initdev={0xac, 0x1e, 0x1, 0x0}}]}}}]}, 0x40}}, 0x0) (async)
mkdir(&(0x7f00000000c0)='./control\x00', 0x0) (async)
r7 = fsopen(&(0x7f0000000080)='devtmpfs\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r7, 0x0, 0x0, 0x0, 0x0) (async)
mount$nfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="01000000262c61756469742c61756469742c66756e633d4d090000a7254845434b2c6f626a5f726f6c653d2c00"]) (async)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFQNL_MSG_CONFIG(r8, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x24, 0x2, 0x3, 0x201, 0x0, 0x0, {0x2, 0x0, 0xa}, [@NFQA_CFG_QUEUE_MAXLEN={0x8, 0x3, 0x1, 0x0, 0x4}, @NFQA_CFG_CMD={0x8, 0x1, {0x1, 0x0, 0xa}}]}, 0x24}, 0x1, 0x0, 0x0, 0x8081}, 0x404c050)
bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0x18, &(0x7f00000001c0)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
syz_usb_control_io(r0, 0x0, 0x0)

2.433906287s ago: executing program 3 (id=1079):
r0 = socket$nl_sock_diag(0x10, 0x3, 0x4)
capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200000, 0x0, 0x0, 0x0, 0x20000})
sendmsg$TCPDIAG_GETSOCK(r0, &(0x7f0000001500)={0x0, 0x0, &(0x7f00000014c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="ac0000001200010500"/56, @ANYRES32=0x0, @ANYBLOB="00000000000000feffffff0000000000040002"], 0xac}}, 0x0)
ioctl$vim2m_VIDIOC_G_FMT(0xffffffffffffffff, 0xc0d05604, &(0x7f0000000100)={0x1, @sliced={0x0, [0xffe9, 0x3, 0xf993, 0xfffb, 0x1, 0x8, 0x4, 0x9, 0x1ff, 0x2000, 0x2, 0xcd0, 0x84, 0x8, 0xfff, 0xe, 0x8, 0x4769, 0x200, 0x401, 0x1, 0x8, 0x8, 0xf, 0x3, 0x3, 0x6, 0x9, 0x8, 0x6, 0x3, 0x5, 0xc3ea, 0x101, 0x80, 0x1, 0x7, 0xffff, 0x40, 0xa771, 0x0, 0x3, 0x1, 0x7fff, 0x8, 0xd, 0x58, 0x8000], 0xf6}})
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
ioctl$FS_IOC_GETFSLABEL(r1, 0x800452d2, &(0x7f0000000100))

2.22462984s ago: executing program 1 (id=1080):
r0 = openat$vcs(0xffffffffffffff9c, 0x0, 0x2080, 0x0)
ioctl$KVM_SET_SREGS(r0, 0x4138ae84, 0x0)
sendmsg$IEEE802154_LLSEC_DEL_KEY(0xffffffffffffffff, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000008c0)={0x0, 0x20}, 0x1, 0x0, 0x0, 0x80}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = openat$iommufd(0xffffffffffffff9c, 0x0, 0x6000, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x5)
mmap(&(0x7f0000002000/0x1000)=nil, 0x1000, 0x4, 0x1c1913, r1, 0xe2b2b000)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x10)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x100000004, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
r3 = syz_io_uring_setup(0x7de, &(0x7f0000000240)={0x0, 0x49cb, 0x10100, 0x40, 0x95}, &(0x7f0000000140)=<r4=>0x0, &(0x7f0000000540)=<r5=>0x0)
syz_io_uring_submit(r4, r5, &(0x7f0000000000)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0})
io_uring_enter(r3, 0x2d3e, 0x0, 0x0, 0x0, 0x0)

2.172857213s ago: executing program 3 (id=1081):
r0 = mq_open(&(0x7f00000003c0)='eth0\x00#\x13\xaeu\xe0\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xb8\x93\xc3C\xae\x9dc\xd1T\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88\x9e0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQX~\x80\x99\xcc7\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1J\xec\x926\xb5a0\xa0B\xae|\xbe\xa8\x1dOu\xd1S\xb0r\xc2\x16\xfb\xcc\xaa\xc0\x05\xa9\xb0\xf3\xda:Rw\x86c\x91y\x88bx\xd5\xb4\tK\xbfO\x98\x99\xea\t\x7f\xd8\\\xa4\xcavR\a\xbc\xa0\x8b\xe9N0\x9dy\xc3\x00\x00\x00\x00\x00_2I.\xcb\xee#:\xe2fk\x18j\xe6\x8b\xf6\x9d+\xd9B.\x83\x03\xf7\x15\x01\xad]\xf7cj\x1f\x82\x9e\xc7\xff\xadS\x822\x8a@\xc3Ix\xc7\x96\x95\xbc\xfe\x17h\xfb\xbb?\x90\b\x8fx5I\xa1\x06 \x8c\xa9\r\xd3\xb9#c>\xb9\xb93Cnv\x9a\xfd)\xa2\x96^\xa2\xd3 |l\x87\x00\xf9\xd9\xc8\xa7\xd6\xcc\xeeyO\x81\xec\xf6\x1a\"\xc9\xbd\xff$4\x16Mj>\x11\xa2\x03\xcf\x98\xe8g\x96,\xdd\x94\v\xa3At4\xfd\xf22\xe0\x93^\x86\xc9\x8fy{\xabl\xcet\xd3\xfd!\x1f\x8d\x159\xdf\x87\r\xc7\xf1\xfa\x8f\x7fb\xd2`\xc6\xb3\xadv\xc4\xb4G4gu\xe3\xd6\xbf\xfb\xc1\xce\x9bW\xa603Jc\x84?\xc1D$\xb2F\x87v\xa5', 0x2, 0x0, 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
r1 = openat$drirender128(0xffffffffffffff9c, &(0x7f0000000240), 0x40080, 0x0)
r2 = openat$drirender128(0xffffffffffffff9c, &(0x7f0000000280), 0x2000, 0x0)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000002c0)={0x0, 0x0, r2})
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
r3 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000040)=ANY=[@ANYBLOB="1b00000000000000000000000020"], 0x48)
r4 = bpf$ITER_CREATE(0x21, &(0x7f0000000180), 0x8)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000800)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0xffffff20}, {{0x18, 0x1, 0x1, 0x0, r3}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r4}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x8}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}, @alu={0x3, 0x0, 0x7, 0x8, 0x0, 0xffffffffffffffc0, 0xfffffffffffffffc}, @cb_func={0x18, 0x5, 0x4, 0x0, 0xfffffffffffffff8}, @tail_call={{0x18, 0x2, 0x1, 0x0, r3}}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x90}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r3}}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x4}, @generic={0xe, 0x2, 0xb, 0xffff}, @generic={0x7, 0x6, 0x3, 0x5, 0x1}, @map_idx={0x18, 0x0, 0x5, 0x0, 0x7}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x5}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000000)='GPL\x00', 0x0, 0x36, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) (async)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000800)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0xffffff20}, {{0x18, 0x1, 0x1, 0x0, r3}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r4}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x8}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}, @alu={0x3, 0x0, 0x7, 0x8, 0x0, 0xffffffffffffffc0, 0xfffffffffffffffc}, @cb_func={0x18, 0x5, 0x4, 0x0, 0xfffffffffffffff8}, @tail_call={{0x18, 0x2, 0x1, 0x0, r3}}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x90}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r3}}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x4}, @generic={0xe, 0x2, 0xb, 0xffff}, @generic={0x7, 0x6, 0x3, 0x5, 0x1}, @map_idx={0x18, 0x0, 0x5, 0x0, 0x7}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x5}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000000)='GPL\x00', 0x0, 0x36, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r5}, 0x10) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r5}, 0x10)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) (async)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@metacopy_on}]})
r6 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
mknodat$loop(r6, &(0x7f0000001600)='./file1\x00', 0x0, 0x0)
chdir(&(0x7f0000000140)='./bus\x00') (async)
chdir(&(0x7f0000000140)='./bus\x00')
link(&(0x7f0000000200)='./file1\x00', &(0x7f0000000300)='./bus\x00') (async)
link(&(0x7f0000000200)='./file1\x00', &(0x7f0000000300)='./bus\x00')
creat(&(0x7f0000000300)='./bus\x00', 0x0) (async)
creat(&(0x7f0000000300)='./bus\x00', 0x0)
io_uring_setup(0x175c, &(0x7f000009df80)={0x0, 0x0, 0x2, 0x2, 0x3a4}) (async)
r7 = io_uring_setup(0x175c, &(0x7f000009df80)={0x0, 0x0, 0x2, 0x2, 0x3a4})
close_range(r7, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000400)=@bpf_lsm={0x6, 0x5, &(0x7f00000006c0)=ANY=[@ANYBLOB="180000000400000000000000fcffffff6111000000000000620000000000000095"], &(0x7f0000000100)='GPL\x00', 0xd, 0xd7, &(0x7f0000000700)=""/215, 0x0, 0x5, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) (async)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000400)=@bpf_lsm={0x6, 0x5, &(0x7f00000006c0)=ANY=[@ANYBLOB="180000000400000000000000fcffffff6111000000000000620000000000000095"], &(0x7f0000000100)='GPL\x00', 0xd, 0xd7, &(0x7f0000000700)=""/215, 0x0, 0x5, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
mq_timedreceive(r0, &(0x7f000001d600)=""/102381, 0xec29, 0x20000004, 0x0)
r8 = syz_open_pts(0xffffffffffffffff, 0x400000)
ioctl$GIO_CMAP(r8, 0x4b70, &(0x7f0000000000))
ioctl$F2FS_IOC_RELEASE_VOLATILE_WRITE(r7, 0xf504, 0x0)

1.627378338s ago: executing program 6 (id=1082):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-twofish-3way\x00'}, 0x58)
r1 = socket$inet_mptcp(0x2, 0x1, 0x106)
bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10)
connect$inet(r1, &(0x7f0000000480)={0x2, 0x4e24, @loopback}, 0x10)
syz_io_uring_setup(0x237, &(0x7f0000000200)={0x0, 0x0, 0x10100}, &(0x7f0000000180)=<r2=>0x0, &(0x7f00000001c0)=<r3=>0x0)
r4 = syz_open_dev$ttys(0xc, 0x2, 0x1)
ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000400)=0x2)
ioctl$TIOCSTI(r4, 0x5412, &(0x7f00000005c0)=0x3f)
syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r5 = getpid()
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000001480)={0x16, 0x10, &(0x7f0000001600)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @flow_dissector=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r8, 0x0, 0x0, 0x0, &(0x7f00000002c0), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r9 = socket(0x10, 0x80002, 0x0)
recvmmsg$unix(r9, &(0x7f0000002380)=[{{0x0, 0x0, 0x0}}], 0x1, 0x34000, 0x0)
r10 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$SO_ATTACH_FILTER(r10, 0x1, 0x1a, &(0x7f0000000040)={0x1, &(0x7f0000000340)=[{0x6, 0x1, 0x0, 0x67b}]}, 0x10)
bind$inet6(r10, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r10, &(0x7f0000000180)='X', 0x1, 0x48810, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
r11 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r11, 0x84, 0xd, &(0x7f0000001300)=@assoc_value={<r12=>0x0}, &(0x7f00000012c0)=0x8)
getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r10, 0x84, 0x72, &(0x7f0000000100)={r12, 0x7d, 0x30}, &(0x7f0000000240)=0xc)

1.539674016s ago: executing program 1 (id=1083):
r0 = syz_open_dev$sndctrl(&(0x7f0000000440), 0x0, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x147c40, 0x0)
preadv2(r1, &(0x7f0000000080)=[{&(0x7f0000000300)=""/4105, 0xffe00}], 0x4, 0x20000000, 0x0, 0xf2ef7f)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000000c0)={0x12, 0x4, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000000000000000000040000014720118000000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xe, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r2 = syz_open_dev$sndctrl(&(0x7f0000001ac0), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(r2, 0xc4c85513, &(0x7f0000000040)={0xb, 0x5})
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r2, 0xc1105511, &(0x7f0000000040))
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r0, 0x40045532, &(0x7f0000001440)=0x9)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000001380)={0x11, 0x8, &(0x7f0000002840)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546000677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289d01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5467a932b77674e802a0d42bc6099ad238af770b5ed8925161729298700000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809b5b9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed3957f813567f7a95435ac15fc0288d9b2a169cdcacc413b48dafb7a2c8cb482bac0ac559eaf39027ceb379a902d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bff57002c1097f92e91002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff7a1ef3282830689da6b53b263339863297771429d120000003341bf4abacac94500fca0493cf29b33dcc9ffffffffffffffd39f6ce0c6ff01589646efd1cf870cd7bb2366fdf870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1293b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd000c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c7df8be5877050c91301fb997316dbf17866fb84d4173731efe895ff2e1c55ef08235a0126e01254c44060926e90109b598502d3e959efc71f665c4d75cf2458e3542c9062ece84c99a861887a20639b41c8096d5742db41bd61080dcbe40e0f802fc12ee86c50804042b3eac1f879b136345cf67ca3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc74aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7ad333545794f37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f4df90400000000000000d6b2c5ea139376f24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8e3070000001e48418046c216c1f895778cb25122a2a998de0842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec84ac3571f02f647b3385b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba2f58ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df986741517abf11389b751f4e109b60000000000000000d6d5210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750890ae71555b3228b1bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e7a45319f18101288d139bd3da230ed05a8fe64680b0a3f9f2dd704e4214de5946912d6c98cd1a9fbe1e7d58c08acaf30235b9100000000a55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854356cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c776f4b4ce07e1c6fa66fcfc7a228805f76785efc0ceb1c8e5729c66418d169fc03aa18854693ad2a182068e1e3a0e2505bc7f41019645466ac96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a428f1da1f68df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7e478950aa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab848753203b458b97ec1afb079b4b4ba686fcdf240430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7db3c4be290159f6bcd75f0dda9de5532e71ae9e48b0ed1254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b70ebc660309e1e245b0fdf9743af932cd6db49a47613808bad959719c0000000000378ac2e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6ca0400966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e3030108000000000000c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bffef97dcecc467ace456597685c5870d25f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4cba6e6390a9f302c6eb2df7766411bef0ebb5000000000006065d6735eb7a00e127c0000000000000000000000bfb0bba79344643b1d8daa9f38e4b62c1e2af68c6f5054b078acd74b4a9c944e4505da485a3a4154387a0a88370d9ed9467b09c5888a06431df3f68abf0b366c4d5f8bea7b29c257ed756dff7a21c6b661cbdd43de65afd7f661d5c84f915c90e3d6ea012b68b787eb01d8320000000000000060176dacba0ec503a37fae6b472ec369c79ee6a420c0fd8d8d82fe136d5af6c30bfeb0a7275babfdb96a127aa9386e0671c6454245a18c1c8c49552cff5d27b547cdc34c0858c77a47a9ff86ee9fbd9ceda428716a4218821176d8067997527230fa67d26950d3e4f2750fa7c872874ad3a2d11f9f6eb08e6d7b6fa257b04d8ce36360f524e3dfd2211641f3d2637d86b80681eca50ce0eecafdd22d41fa515c15591e70ded4b70efac3cb42fb352d82e8f7573e8ed8248da356fa91a252976d3a4d8c1843a8d5bb7f5f1028453a0562a3ea93117076dd4940b7df50d78289fe66197525f6095f8662d232970bef61b03fa83027963a1a2e07cfee30c0d0b4c5877f93b3637ca21eab5afcf5d4638dfe8f9202aaad51c979049dd76d65368cbd4187d9f74257c7c4a23ac4a34eec5aa17e78c5167216f5e72138d20f8325dd5f8f96c32189c904eaef580987f1ce601a7cdc35461db9981ac42f9e24b0699bbe4e3d986e38952b0b7938eefd9e7a292bbb66367ad77045fdc18855c81c031dedd185c723238373fc698d676791d04f1ff5f0825a6619e844882f31ed190233d58ecee949e310bf2b1a51b8a33ae65a06d2b6ad386bf8dc49dd328bcd75d1843a13d68560175a18af7efc3c0f20e32f84f6aaaf000000000000000000000013a6c66bce74a8fb9092023df695da2714a7933d699d42de2bc4a85e0a0e22228290a7a7553ab93a16e42453ed86869a02df2f47d4088fac1772d3cd955c81cbf91c2ca7942942f61723b558079b82547844f92df2499c4b2c2ef2539e5daa8d8727baaa6b5755e6f83bbfca00"/3261], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000)={0x8}, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_NO_ENOBUFS(r5, 0x10e, 0xc, &(0x7f0000000040)=0x7f, 0x4)
r6 = syz_open_dev$evdev(&(0x7f0000000000), 0xa00, 0xc0002)
ioctl$EVIOCSCLOCKID(r6, 0x400445a0, &(0x7f0000000100)=0x7)
sendmsg$nl_route(r5, &(0x7f0000000980)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="240000001a001fffffffff7f0000000080000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\b\x00', @ANYRES32=r4], 0x24}}, 0x0)
r7 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r7, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'morus1280-sse2\x00'}, 0x58)
r8 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fc00100}]})
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r8, 0xc0502100, &(0x7f00000003c0)={<r9=>0x0})
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r8, 0xc0502100, &(0x7f0000000340))
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r8, 0xc0502100, &(0x7f0000000480))
ioctl$SECCOMP_IOCTL_NOTIF_SEND(r8, 0xc0182101, &(0x7f0000000640)={r9})
setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000280)={0x4, 0x7}, 0x4)

1.160357987s ago: executing program 3 (id=1084):
r0 = syz_open_dev$sndctrl(&(0x7f0000000440), 0x0, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x147c40, 0x0)
preadv2(r1, &(0x7f0000000080)=[{&(0x7f0000000300)=""/4105, 0xffe00}], 0x4, 0x20000000, 0x0, 0xf2ef7f)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000000c0)={0x12, 0x4, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000000000000000000040000014720118000000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xe, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r2 = syz_open_dev$sndctrl(&(0x7f0000001ac0), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(r2, 0xc4c85513, &(0x7f0000000040)={0xb, 0x5})
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r2, 0xc1105511, &(0x7f0000000040))
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r0, 0x40045532, &(0x7f0000001440)=0x9)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000001380)={0x11, 0x8, &(0x7f0000002840)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546000677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289d01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5467a932b77674e802a0d42bc6099ad238af770b5ed8925161729298700000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809b5b9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed3957f813567f7a95435ac15fc0288d9b2a169cdcacc413b48dafb7a2c8cb482bac0ac559eaf39027ceb379a902d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bff57002c1097f92e91002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff7a1ef3282830689da6b53b263339863297771429d120000003341bf4abacac94500fca0493cf29b33dcc9ffffffffffffffd39f6ce0c6ff01589646efd1cf870cd7bb2366fdf870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1293b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd000c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c7df8be5877050c91301fb997316dbf17866fb84d4173731efe895ff2e1c55ef08235a0126e01254c44060926e90109b598502d3e959efc71f665c4d75cf2458e3542c9062ece84c99a861887a20639b41c8096d5742db41bd61080dcbe40e0f802fc12ee86c50804042b3eac1f879b136345cf67ca3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc74aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7ad333545794f37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f4df90400000000000000d6b2c5ea139376f24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8e3070000001e48418046c216c1f895778cb25122a2a998de0842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec84ac3571f02f647b3385b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba2f58ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df986741517abf11389b751f4e109b60000000000000000d6d5210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750890ae71555b3228b1bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e7a45319f18101288d139bd3da230ed05a8fe64680b0a3f9f2dd704e4214de5946912d6c98cd1a9fbe1e7d58c08acaf30235b9100000000a55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854356cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c776f4b4ce07e1c6fa66fcfc7a228805f76785efc0ceb1c8e5729c66418d169fc03aa18854693ad2a182068e1e3a0e2505bc7f41019645466ac96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a428f1da1f68df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7e478950aa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab848753203b458b97ec1afb079b4b4ba686fcdf240430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7db3c4be290159f6bcd75f0dda9de5532e71ae9e48b0ed1254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b70ebc660309e1e245b0fdf9743af932cd6db49a47613808bad959719c0000000000378ac2e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6ca0400966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e3030108000000000000c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bffef97dcecc467ace456597685c5870d25f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4cba6e6390a9f302c6eb2df7766411bef0ebb5000000000006065d6735eb7a00e127c0000000000000000000000bfb0bba79344643b1d8daa9f38e4b62c1e2af68c6f5054b078acd74b4a9c944e4505da485a3a4154387a0a88370d9ed9467b09c5888a06431df3f68abf0b366c4d5f8bea7b29c257ed756dff7a21c6b661cbdd43de65afd7f661d5c84f915c90e3d6ea012b68b787eb01d8320000000000000060176dacba0ec503a37fae6b472ec369c79ee6a420c0fd8d8d82fe136d5af6c30bfeb0a7275babfdb96a127aa9386e0671c6454245a18c1c8c49552cff5d27b547cdc34c0858c77a47a9ff86ee9fbd9ceda428716a4218821176d8067997527230fa67d26950d3e4f2750fa7c872874ad3a2d11f9f6eb08e6d7b6fa257b04d8ce36360f524e3dfd2211641f3d2637d86b80681eca50ce0eecafdd22d41fa515c15591e70ded4b70efac3cb42fb352d82e8f7573e8ed8248da356fa91a252976d3a4d8c1843a8d5bb7f5f1028453a0562a3ea93117076dd4940b7df50d78289fe66197525f6095f8662d232970bef61b03fa83027963a1a2e07cfee30c0d0b4c5877f93b3637ca21eab5afcf5d4638dfe8f9202aaad51c979049dd76d65368cbd4187d9f74257c7c4a23ac4a34eec5aa17e78c5167216f5e72138d20f8325dd5f8f96c32189c904eaef580987f1ce601a7cdc35461db9981ac42f9e24b0699bbe4e3d986e38952b0b7938eefd9e7a292bbb66367ad77045fdc18855c81c031dedd185c723238373fc698d676791d04f1ff5f0825a6619e844882f31ed190233d58ecee949e310bf2b1a51b8a33ae65a06d2b6ad386bf8dc49dd328bcd75d1843a13d68560175a18af7efc3c0f20e32f84f6aaaf000000000000000000000013a6c66bce74a8fb9092023df695da2714a7933d699d42de2bc4a85e0a0e22228290a7a7553ab93a16e42453ed86869a02df2f47d4088fac1772d3cd955c81cbf91c2ca7942942f61723b558079b82547844f92df2499c4b2c2ef2539e5daa8d8727baaa6b5755e6f83bbfca00"/3261], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000)={0x8}, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_NO_ENOBUFS(r5, 0x10e, 0xc, &(0x7f0000000040)=0x7f, 0x4)
r6 = syz_open_dev$evdev(&(0x7f0000000000), 0xa00, 0xc0002)
ioctl$EVIOCSCLOCKID(r6, 0x400445a0, &(0x7f0000000100)=0x7)
sendmsg$nl_route(r5, &(0x7f0000000980)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="240000001a001fffffffff7f0000000080000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\b\x00', @ANYRES32=r4], 0x24}}, 0x0)
r7 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r7, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'morus1280-sse2\x00'}, 0x58)
r8 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fc00100}]})
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r8, 0xc0502100, &(0x7f00000003c0)={<r9=>0x0})
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r8, 0xc0502100, &(0x7f0000000340))
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r8, 0xc0502100, &(0x7f0000000480))
ioctl$SECCOMP_IOCTL_NOTIF_SEND(r8, 0xc0182101, &(0x7f0000000640)={r9})
setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000280)={0x4, 0x7}, 0x4)

399.68397ms ago: executing program 6 (id=1085):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x8000, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'\x00', 0x2})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
ioctl$TCSETAF(0xffffffffffffffff, 0x5408, 0x0)
ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
openat$tcp_congestion(0xffffffffffffff9c, 0x0, 0x1, 0x0)
r2 = socket$inet6(0xa, 0x802, 0x0)
connect$inet6(r2, &(0x7f0000000000)={0xa, 0xe0, 0x0, @loopback}, 0x1c)
sendmmsg$inet6(r2, &(0x7f0000002940)=[{{0x0, 0x0, 0x0}}], 0x62, 0xff00)
ioctl$TUNSETLINK(r0, 0x400454cd, 0x300)

308.135868ms ago: executing program 1 (id=1086):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000480)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x1, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x0, 0x40000040, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = fsopen(&(0x7f0000000000)='rpc_pipefs\x00', 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x30, 0x3d, 0x9, 0x0, 0x0, {0x1}, [@typed={0x4}, @nested={0x10, 0x1, 0x0, 0x1, [@nested={0xc, 0x10, 0x0, 0x1, [@typed={0x8, 0x1, 0x0, 0x0, @ipv4=@private=0xa010100}]}]}, @typed={0x8, 0x2, 0x0, 0x0, @pid=0xffffffffffffffff}]}, 0x30}}, 0x0)
sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_GET(r4, &(0x7f0000000400)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000300)={0x90, 0x0, 0x0, 0x70bd29, 0x25dfdbff, {}, [{{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x2}}, {0x8, 0xb, 0x7ff}, {0x6, 0x16, 0x6}, {0x5}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}, {0x8, 0xb, 0x3}, {0x6, 0x16, 0xff44}, {0x5}}]}, 0x90}, 0x1, 0x0, 0x0, 0x4080}, 0x2000e8c0)
fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0)
unshare(0x2a060400)
openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r5, 0x10e, 0xc, &(0x7f0000000000)=0x201, 0x4)
sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)=@ipv6_getaddrlabel={0x1c, 0x4a, 0x3, 0x0, 0x0, {0xa, 0x0, 0x80}}, 0x1c}}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
pidfd_send_signal(0xffffffffffffffff, 0x2e, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'netdevsim0\x00'})
syz_io_uring_setup(0x203b, &(0x7f0000000800)={0x0, 0xd11f, 0x8, 0x0, 0x1c0}, &(0x7f00000004c0), 0x0)
r6 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
r7 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000940)=@newtaction={0x60, 0x30, 0x48b, 0x0, 0x0, {}, [{0x4c, 0x1, [@m_simple={0x48, 0x1, 0x0, 0x0, {{0xb}, {0x1c, 0x2, 0x0, 0x1, [@TCA_DEF_PARMS={0x18, 0x2, {0x6f8, 0x55, 0x4, 0x6, 0x1ff}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x1, 0x2}}}}]}]}, 0x60}}, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000180)={'veth0_virt_wifi\x00'})
ioctl$VHOST_SET_VRING_BASE(r6, 0xaf01, 0x0)

0s ago: executing program 2 (id=1087):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x6, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="180200002343ffff0000000000000000850000004100000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x28, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r2=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000300)={r1, r2, 0x25, 0x2, @val=@perf_event={0xff}}, 0x18)
syz_emit_ethernet(0x11dc0, &(0x7f00000004c0)=ANY=[], 0x0)

kernel console output (not intermixed with test programs):

e840 code=0x7ffc0000
[  303.752681][   T29] audit: type=1326 audit(1733645323.088:260): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8086 comm="syz.6.518" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7f6018181707 code=0x7ffc0000
[  303.774999][   T29] audit: type=1326 audit(1733645323.088:261): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8086 comm="syz.6.518" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f601817fed9 code=0x7ffc0000
[  303.801971][   T29] audit: type=1326 audit(1733645323.108:262): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8086 comm="syz.6.518" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7f6018181707 code=0x7ffc0000
[  303.853905][   T29] audit: type=1326 audit(1733645323.368:263): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8086 comm="syz.6.518" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f601817eb3a code=0x7ffc0000
[  303.877424][   T29] audit: type=1326 audit(1733645323.368:264): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8086 comm="syz.6.518" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f601817fed9 code=0x7ffc0000
[  303.899498][   T29] audit: type=1326 audit(1733645323.368:265): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8086 comm="syz.6.518" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f601817fed9 code=0x7ffc0000
[  304.167574][   T29] audit: type=1326 audit(1733645323.518:266): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8086 comm="syz.6.518" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f601817fed9 code=0x7ffc0000
[  304.211155][   T29] audit: type=1326 audit(1733645323.518:267): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8086 comm="syz.6.518" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f601817fed9 code=0x7ffc0000
[  304.232639][    C1] vkms_vblank_simulate: vblank timer overrun
[  304.350620][ T8102] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci0/hci0:200/input16
[  305.006445][  T838] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  305.649887][  T838] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  305.675620][  T838] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  305.712033][  T838] usb 2-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[  305.835925][  T838] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  306.326522][  T838] usb 2-1: config 0 descriptor??
[  306.458354][ T8119] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  306.477814][ T8119] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  306.736859][  T838] cm6533_jd 0003:0D8C:0022.0005: unknown main item tag 0x0
[  306.747902][  T838] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:0D8C:0022.0005/input/input17
[  306.904471][ T8129] netlink: 'syz.3.531': attribute type 13 has an invalid length.
[  306.917619][ T8128] mkiss: ax0: crc mode is auto.
[  306.926194][  T838] cm6533_jd 0003:0D8C:0022.0005: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.1-1/input0
[  307.093569][  T838] usb 2-1: USB disconnect, device number 7
[  308.885276][ T8145] netlink: 104 bytes leftover after parsing attributes in process `syz.1.533'.
[  309.431919][ T5824] Bluetooth: hci3: command 0x0406 tx timeout
[  309.783748][ T8155] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci0/hci0:200/input18
[  310.527386][ T8159] netlink: 12 bytes leftover after parsing attributes in process `syz.6.535'.
[  310.828169][ T8153] xt_CT: You must specify a L4 protocol and not use inversions on it
[  311.282379][ T8176] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  311.301606][ T8176] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  311.852877][  T838] IPVS: starting estimator thread 0...
[  311.976398][ T8191] IPVS: using max 20 ests per chain, 48000 per kthread
[  312.905084][ T8198] process 'syz.9.550' launched '/dev/fd/3' with NULL argv: empty string added
[  313.538672][ T8202] FAULT_INJECTION: forcing a failure.
[  313.538672][ T8202] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  313.610120][ T8202] CPU: 1 UID: 0 PID: 8202 Comm: syz.1.549 Not tainted 6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0
[  313.620781][ T8202] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  313.630895][ T8202] Call Trace:
[  313.634203][ T8202]  <TASK>
[  313.637170][ T8202]  dump_stack_lvl+0x241/0x360
[  313.641907][ T8202]  ? __pfx_dump_stack_lvl+0x10/0x10
[  313.647146][ T8202]  ? __pfx__printk+0x10/0x10
[  313.651778][ T8202]  ? __pfx_lock_release+0x10/0x10
[  313.656834][ T8202]  ? __lock_acquire+0x1397/0x2100
[  313.661901][ T8202]  should_fail_ex+0x3b0/0x4e0
[  313.666618][ T8202]  _copy_from_user+0x2f/0xc0
[  313.671253][ T8202]  kstrtouint_from_user+0xc6/0x190
[  313.676403][ T8202]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  313.682164][ T8202]  ? __pfx_lock_acquire+0x10/0x10
[  313.687250][ T8202]  proc_fail_nth_write+0xaa/0x2d0
[  313.692318][ T8202]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[  313.698262][ T8202]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  313.703933][ T8202]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  313.709603][ T8202]  vfs_write+0x2a3/0xd30
[  313.713893][ T8202]  ? __pfx_vfs_write+0x10/0x10
[  313.718707][ T8202]  ? __fget_files+0x2a/0x410
[  313.723339][ T8202]  ? __fget_files+0x395/0x410
[  313.728055][ T8202]  ? __fget_files+0x2a/0x410
[  313.732694][ T8202]  ksys_write+0x18f/0x2b0
[  313.737067][ T8202]  ? __pfx_ksys_write+0x10/0x10
[  313.741963][ T8202]  ? do_syscall_64+0x100/0x230
[  313.746771][ T8202]  ? do_syscall_64+0xb6/0x230
[  313.751496][ T8202]  do_syscall_64+0xf3/0x230
[  313.756043][ T8202]  ? clear_bhb_loop+0x35/0x90
[  313.760756][ T8202]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  313.766699][ T8202] RIP: 0033:0x7f853db7e98f
[  313.771254][ T8202] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  313.790909][ T8202] RSP: 002b:00007f853e9ca050 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  313.799378][ T8202] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f853db7e98f
[  313.807395][ T8202] RDX: 0000000000000001 RSI: 00007f853e9ca0b0 RDI: 0000000000000007
[  313.815416][ T8202] RBP: 00007f853e9ca0a0 R08: 0000000000000000 R09: 0000000000000000
[  313.823432][ T8202] R10: 0000000020000040 R11: 0000000000000293 R12: 0000000000000001
[  313.831438][ T8202] R13: 0000000000000000 R14: 00007f853dd46080 R15: 00007ffe547a4df8
[  313.839463][ T8202]  </TASK>
[  314.203421][ T8209] netlink: 120 bytes leftover after parsing attributes in process `syz.9.552'.
[  314.236351][ T8209] tc_dump_action: action bad kind
[  314.249690][ T8213] FAULT_INJECTION: forcing a failure.
[  314.249690][ T8213] name failslab, interval 1, probability 0, space 0, times 0
[  314.262945][ T8213] CPU: 0 UID: 0 PID: 8213 Comm: syz.1.553 Not tainted 6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0
[  314.273587][ T8213] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  314.283692][ T8213] Call Trace:
[  314.287009][ T8213]  <TASK>
[  314.289979][ T8213]  dump_stack_lvl+0x241/0x360
[  314.294733][ T8213]  ? __pfx_dump_stack_lvl+0x10/0x10
[  314.299991][ T8213]  ? __pfx__printk+0x10/0x10
[  314.304639][ T8213]  ? __kmalloc_cache_node_noprof+0x47/0x3a0
[  314.310604][ T8213]  ? __pfx___might_resched+0x10/0x10
[  314.315948][ T8213]  should_fail_ex+0x3b0/0x4e0
[  314.320675][ T8213]  should_failslab+0xac/0x100
[  314.325395][ T8213]  ? __get_vm_area_node+0x132/0x2d0
[  314.330636][ T8213]  __kmalloc_cache_node_noprof+0x6f/0x3a0
[  314.336408][ T8213]  __get_vm_area_node+0x132/0x2d0
[  314.341479][ T8213]  __vmalloc_node_range_noprof+0x344/0x1380
[  314.347423][ T8213]  ? bpf_prog_alloc_no_stats+0x4d/0x4d0
[  314.353010][ T8213]  ? mark_lock+0x9a/0x360
[  314.357410][ T8213]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  314.363886][ T8213]  ? bpf_prog_alloc_no_stats+0x4d/0x4d0
[  314.369481][ T8213]  __vmalloc_noprof+0x79/0x90
[  314.374208][ T8213]  ? bpf_prog_alloc_no_stats+0x4d/0x4d0
[  314.379810][ T8213]  bpf_prog_alloc_no_stats+0x4d/0x4d0
[  314.385314][ T8213]  ? bpf_prog_alloc+0x28/0x1b0
[  314.390119][ T8213]  bpf_prog_alloc+0x3a/0x1b0
[  314.394753][ T8213]  bpf_prog_load+0x7f7/0x20f0
[  314.399480][ T8213]  ? __pfx_bpf_prog_load+0x10/0x10
[  314.404629][ T8213]  ? __pfx___might_resched+0x10/0x10
[  314.409979][ T8213]  ? __might_fault+0xc6/0x120
[  314.414709][ T8213]  __sys_bpf+0x4ee/0x810
[  314.418995][ T8213]  ? __pfx___sys_bpf+0x10/0x10
[  314.423813][ T8213]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  314.429836][ T8213]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  314.436210][ T8213]  ? do_syscall_64+0x100/0x230
[  314.441034][ T8213]  __x64_sys_bpf+0x7c/0x90
[  314.445495][ T8213]  do_syscall_64+0xf3/0x230
[  314.450048][ T8213]  ? clear_bhb_loop+0x35/0x90
[  314.454767][ T8213]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  314.460711][ T8213] RIP: 0033:0x7f853db7fed9
[  314.465163][ T8213] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  314.484818][ T8213] RSP: 002b:00007f853e9eb058 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  314.493299][ T8213] RAX: ffffffffffffffda RBX: 00007f853dd45fa0 RCX: 00007f853db7fed9
[  314.501410][ T8213] RDX: 0000000000000094 RSI: 0000000020000280 RDI: 0000000000000005
[  314.509447][ T8213] RBP: 00007f853e9eb0a0 R08: 0000000000000000 R09: 0000000000000000
[  314.517463][ T8213] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  314.525475][ T8213] R13: 0000000000000000 R14: 00007f853dd45fa0 R15: 00007ffe547a4df8
[  314.533496][ T8213]  </TASK>
[  314.702796][ T8213] syz.1.553: vmalloc error: size 4096, vm_struct allocation failed, mode:0x500dc0(GFP_USER|__GFP_ZERO|__GFP_ACCOUNT), nodemask=(null),cpuset=/,mems_allowed=0-1
[  315.212529][ T8213] CPU: 1 UID: 0 PID: 8213 Comm: syz.1.553 Not tainted 6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0
[  315.223188][ T8213] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  315.233274][ T8213] Call Trace:
[  315.236579][ T8213]  <TASK>
[  315.239552][ T8213]  dump_stack_lvl+0x241/0x360
[  315.244278][ T8213]  ? __pfx_dump_stack_lvl+0x10/0x10
[  315.249513][ T8213]  ? __pfx__printk+0x10/0x10
[  315.254147][ T8213]  ? __rcu_read_unlock+0xa1/0x110
[  315.259245][ T8213]  warn_alloc+0x278/0x410
[  315.263625][ T8213]  ? __pfx_warn_alloc+0x10/0x10
[  315.268864][ T8213]  ? __kasan_kmalloc+0x23/0xb0
[  315.273672][ T8213]  ? __kmalloc_cache_node_noprof+0x25d/0x3a0
[  315.279699][ T8213]  ? __get_vm_area_node+0x280/0x2d0
[  315.284945][ T8213]  __vmalloc_node_range_noprof+0x369/0x1380
[  315.290890][ T8213]  ? mark_lock+0x9a/0x360
[  315.295285][ T8213]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  315.301672][ T8213]  ? bpf_prog_alloc_no_stats+0x4d/0x4d0
[  315.307257][ T8213]  __vmalloc_noprof+0x79/0x90
[  315.311981][ T8213]  ? bpf_prog_alloc_no_stats+0x4d/0x4d0
[  315.317568][ T8213]  bpf_prog_alloc_no_stats+0x4d/0x4d0
[  315.322975][ T8213]  ? bpf_prog_alloc+0x28/0x1b0
[  315.327778][ T8213]  bpf_prog_alloc+0x3a/0x1b0
[  315.332407][ T8213]  bpf_prog_load+0x7f7/0x20f0
[  315.337135][ T8213]  ? __pfx_bpf_prog_load+0x10/0x10
[  315.342286][ T8213]  ? __pfx___might_resched+0x10/0x10
[  315.347636][ T8213]  ? __might_fault+0xc6/0x120
[  315.352365][ T8213]  __sys_bpf+0x4ee/0x810
[  315.356649][ T8213]  ? __pfx___sys_bpf+0x10/0x10
[  315.361461][ T8213]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  315.367482][ T8213]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  315.373850][ T8213]  ? do_syscall_64+0x100/0x230
[  315.378662][ T8213]  __x64_sys_bpf+0x7c/0x90
[  315.383122][ T8213]  do_syscall_64+0xf3/0x230
[  315.387676][ T8213]  ? clear_bhb_loop+0x35/0x90
[  315.392402][ T8213]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  315.398348][ T8213] RIP: 0033:0x7f853db7fed9
[  315.402800][ T8213] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  315.422450][ T8213] RSP: 002b:00007f853e9eb058 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  315.430915][ T8213] RAX: ffffffffffffffda RBX: 00007f853dd45fa0 RCX: 00007f853db7fed9
[  315.438929][ T8213] RDX: 0000000000000094 RSI: 0000000020000280 RDI: 0000000000000005
[  315.446941][ T8213] RBP: 00007f853e9eb0a0 R08: 0000000000000000 R09: 0000000000000000
[  315.454953][ T8213] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  315.462964][ T8213] R13: 0000000000000000 R14: 00007f853dd45fa0 R15: 00007ffe547a4df8
[  315.471005][ T8213]  </TASK>
[  315.484211][ T8213] Mem-Info:
[  315.487474][ T8213] active_anon:363 inactive_anon:17467 isolated_anon:0
[  315.487474][ T8213]  active_file:18830 inactive_file:37607 isolated_file:0
[  315.487474][ T8213]  unevictable:768 dirty:213 writeback:25
[  315.487474][ T8213]  slab_reclaimable:9898 slab_unreclaimable:103579
[  315.487474][ T8213]  mapped:31697 shmem:15503 pagetables:638
[  315.487474][ T8213]  sec_pagetables:0 bounce:0
[  315.487474][ T8213]  kernel_misc_reclaimable:0
[  315.487474][ T8213]  free:1304329 free_pcp:184 free_cma:0
[  315.539086][ T8213] Node 0 active_anon:1452kB inactive_anon:69868kB active_file:75248kB inactive_file:150428kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:126788kB dirty:852kB writeback:0kB shmem:60476kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:10956kB pagetables:2552kB sec_pagetables:0kB all_unreclaimable? no
[  315.580512][ T8213] Node 1 active_anon:0kB inactive_anon:0kB active_file:72kB inactive_file:0kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no
[  315.705127][ T8213] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  315.805922][ T8213] lowmem_reserve[]: 0 2465 2466 0 0
[  315.827655][ T8213] Node 0 DMA32 free:1314292kB boost:0kB min:34200kB low:42748kB high:51296kB reserved_highatomic:0KB active_anon:10648kB inactive_anon:37536kB active_file:74456kB inactive_file:150376kB unevictable:1536kB writepending:452kB present:3129332kB managed:2552840kB mlocked:0kB bounce:0kB free_pcp:5596kB local_pcp:3532kB free_cma:0kB
[  316.048514][ T8213] lowmem_reserve[]: 0 0 0 0 0
[  316.053344][ T8213] Node 0 Normal free:0kB boost:0kB min:8kB low:8kB high:8kB reserved_highatomic:0KB active_anon:4kB inactive_anon:32kB active_file:792kB inactive_file:52kB unevictable:0kB writepending:0kB present:1048580kB managed:880kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  316.705821][ T8229] misc userio: The device must be registered before sending interrupts
[  317.305938][ T8213] lowmem_reserve[]: 0 0 0 0 0
[  317.316594][ T8213] Node 1 Normal free:3910072kB boost:0kB min:55688kB low:69608kB high:83528kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:72kB inactive_file:0kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111168kB mlocked:0kB bounce:0kB free_pcp:4kB local_pcp:4kB free_cma:0kB
[  317.345464][    C1] vkms_vblank_simulate: vblank timer overrun
[  317.436282][ T1295] ieee802154 phy0 wpan0: encryption failed: -22
[  317.442673][ T1295] ieee802154 phy1 wpan1: encryption failed: -22
[  317.476150][ T8213] lowmem_reserve[]: 0 0 0 0 0
[  317.486483][ T8213] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  317.568276][ T8213] Node 0 DMA32: 653*4kB (UME) 637*8kB (UME) 616*16kB (UME) 366*32kB (UME) 255*64kB (UME) 51*128kB (UME) 58*256kB (UME) 27*512kB (UME) 19*1024kB (UME) 11*2048kB (UME) 295*4096kB (UM) = 1331100kB
[  317.636006][ T8213] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[  317.649063][ T8213] Node 1 Normal: 190*4kB (UME) 42*8kB (UME) 47*16kB (UME) 200*32kB (UME) 86*64kB (UME) 40*128kB (UME) 14*256kB (UM) 9*512kB (UME) 6*1024kB (UME) 3*2048kB (UE) 945*4096kB (UM) = 3910072kB
[  317.670953][    C1] vkms_vblank_simulate: vblank timer overrun
[  317.746816][ T8213] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  317.786500][ T8213] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  317.840248][ T8213] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  317.948828][ T8213] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  318.054979][ T8213] 60228 total pagecache pages
[  318.116307][ T8213] 0 pages in swap cache
[  318.183701][ T8213] Free swap  = 124728kB
[  318.247446][ T8213] Total swap = 124996kB
[  318.390709][ T8213] 2097051 pages RAM
[  318.417782][ T8213] 0 pages HighMem/MovableOnly
[  318.422512][ T8213] 426989 pages reserved
[  318.434497][ T8213] 0 pages cma reserved
[  318.506459][ T8240] netlink: 'syz.2.561': attribute type 4 has an invalid length.
[  318.819888][ T8257] netlink: 52 bytes leftover after parsing attributes in process `syz.6.564'.
[  318.893274][ T8254] syz.1.565: attempt to access beyond end of device
[  318.893274][ T8254] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  320.146520][ T5869] usb 7-1: new high-speed USB device number 14 using dummy_hcd
[  320.690774][ T8285] syz.9.576: attempt to access beyond end of device
[  320.690774][ T8285] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  320.708971][ T5869] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  320.721367][ T5869] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  320.731636][ T5869] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  320.745243][ T5869] usb 7-1: New USB device found, idVendor=056a, idProduct=0314, bcdDevice= 0.00
[  320.754898][ T5869] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  320.786538][ T5869] usb 7-1: config 0 descriptor??
[  321.320133][ T8267] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci0/hci0:200/input19
[  321.516991][ T8270] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  321.536251][ T8270] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  321.560990][ T8270] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  321.593660][ T8270] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  321.863482][ T5869] wacom 0003:056A:0314.0006: Unknown device_type for 'HID 056a:0314'. Assuming pen.
[  321.873058][ T5870] usb 10-1: new high-speed USB device number 6 using dummy_hcd
[  321.899916][ T5869] wacom 0003:056A:0314.0006: hidraw0: USB HID v0.00 Device [HID 056a:0314] on usb-dummy_hcd.6-1/input0
[  322.004625][ T8297] netlink: 12 bytes leftover after parsing attributes in process `syz.3.578'.
[  322.013748][ T8297] netlink: 12 bytes leftover after parsing attributes in process `syz.3.578'.
[  322.805148][ T5869] input: Wacom Intuos Pro S Pen as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/0003:056A:0314.0006/input/input20
[  322.915548][ T5870] usb 10-1: Using ep0 maxpacket: 32
[  322.985043][ T5870] usb 10-1: config index 0 descriptor too short (expected 35577, got 27)
[  322.993903][ T5870] usb 10-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[  323.007045][ T5869] usb 7-1: USB disconnect, device number 14
[  323.026000][ T5870] usb 10-1: config 1 has 1 interface, different from the descriptor's value: 92
[  323.056233][ T5870] usb 10-1: config 1 has no interface number 0
[  323.062517][ T5870] usb 10-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  323.253834][ T5870] usb 10-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[  323.269491][ T5870] usb 10-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[  323.278876][ T5870] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  323.300219][ T5870] snd_usb_pod 10-1:1.1: Line 6 Pocket POD found
[  324.862273][ T8305] wireguard0: entered promiscuous mode
[  324.867939][ T8305] wireguard0: entered allmulticast mode
[  326.016107][ T5870] snd_usb_pod 10-1:1.1: Line 6 Pocket POD now attached
[  326.297013][ T5901] usb 10-1: USB disconnect, device number 6
[  326.306151][ T5901] snd_usb_pod 10-1:1.1: Line 6 Pocket POD now disconnected
[  327.041350][ T8341] bond0: entered promiscuous mode
[  327.149690][ T8348] misc userio: The device must be registered before sending interrupts
[  327.164462][ T8341] bond_slave_0: entered promiscuous mode
[  327.179041][ T8341] bond_slave_1: entered promiscuous mode
[  328.048396][ T8350] netlink: 40 bytes leftover after parsing attributes in process `syz.9.592'.
[  328.110909][ T8347] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  328.216043][ T8356] syz.1.596: attempt to access beyond end of device
[  328.216043][ T8356] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  329.084550][ T8358] delete_channel: no stack
[  329.094522][ T8361] delete_channel: no stack
[  331.516944][ T8373] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  331.522967][ T8373] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  331.576157][ T8373] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  331.583391][ T8373] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  331.600052][ T8373] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  331.861135][ T8373] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  331.874112][ T8387] bond0: entered promiscuous mode
[  331.877154][ T8373] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  331.879513][ T8387] bond_slave_0: entered promiscuous mode
[  331.886522][ T8373] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  331.892215][ T8387] bond_slave_1: entered promiscuous mode
[  332.501934][ T5824] Bluetooth: hci0: command 0x0405 tx timeout
[  332.561539][ T8373] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  332.655021][ T8387] netlink: 8 bytes leftover after parsing attributes in process `syz.2.605'.
[  332.679142][ T8373] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  332.685166][ T8373] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  332.753297][ T8373] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  333.218007][ T8408] RDS: rds_bind could not find a transport for ::ffff:100.1.1.1, load rds_tcp or rds_rdma?
[  333.258332][ T8408] 9pnet_fd: Insufficient options for proto=fd
[  333.677980][   T54] Bluetooth: hci2: command 0x0406 tx timeout
[  333.684330][   T54] Bluetooth: hci3: command 0x0406 tx timeout
[  333.686963][ T5832] Bluetooth: hci4: command 0x0406 tx timeout
[  334.001500][ T8416] misc userio: The device must be registered before sending interrupts
[  334.148842][ T5824] Bluetooth: hci1: command 0x0c1a tx timeout
[  334.706758][ T5824] Bluetooth: hci0: command 0x0405 tx timeout
[  336.275861][ T5824] Bluetooth: hci3: command 0x0406 tx timeout
[  336.287575][ T5824] Bluetooth: hci2: command 0x0406 tx timeout
[  336.294628][ T5824] Bluetooth: hci4: command 0x0406 tx timeout
[  336.300243][ T5832] Bluetooth: hci1: command 0x0c1a tx timeout
[  337.505265][ T5832] Bluetooth: hci0: command 0x0405 tx timeout
[  337.594906][ T8444] netlink: 'syz.6.623': attribute type 4 has an invalid length.
[  337.807396][   T29] kauditd_printk_skb: 10 callbacks suppressed
[  337.807424][   T29] audit: type=1326 audit(1733645357.338:278): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8443 comm="syz.6.623" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f601817fed9 code=0x7ffc0000
[  337.899217][ T8450] misc userio: No port type given on /dev/userio
[  337.908940][ T8450] misc userio: The device must be registered before sending interrupts
[  338.386108][   T29] audit: type=1326 audit(1733645357.338:279): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8443 comm="syz.6.623" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f601817fed9 code=0x7ffc0000
[  338.475870][ T5832] Bluetooth: hci1: command 0x0c1a tx timeout
[  338.499106][   T29] audit: type=1326 audit(1733645358.028:280): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8443 comm="syz.6.623" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f601817fed9 code=0x7ffc0000
[  338.521003][   T29] audit: type=1326 audit(1733645358.028:281): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8443 comm="syz.6.623" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f601817fed9 code=0x7ffc0000
[  339.022417][ T8468] misc userio: The device must be registered before sending interrupts
[  339.599166][ T5832] Bluetooth: hci0: command 0x0405 tx timeout
[  341.215961][ T8487] syz.9.633: attempt to access beyond end of device
[  341.215961][ T8487] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  344.548415][ T8509] netlink: 'syz.3.640': attribute type 4 has an invalid length.
[  344.645391][ T8516] overlayfs: failed to resolve './file1': -2
[  344.682166][   T29] audit: type=1326 audit(1733645364.088:282): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8508 comm="syz.3.640" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8a28d7fed9 code=0x7ffc0000
[  344.704486][   T29] audit: type=1326 audit(1733645364.088:283): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8508 comm="syz.3.640" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f8a28d7fed9 code=0x7ffc0000
[  344.726641][   T29] audit: type=1326 audit(1733645364.088:284): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8508 comm="syz.3.640" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8a28d7fed9 code=0x7ffc0000
[  344.748433][   T29] audit: type=1326 audit(1733645364.088:285): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8508 comm="syz.3.640" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f8a28d7fed9 code=0x7ffc0000
[  344.770062][   T29] audit: type=1326 audit(1733645364.088:286): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8508 comm="syz.3.640" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8a28d7fed9 code=0x7ffc0000
[  344.792022][   T29] audit: type=1326 audit(1733645364.088:287): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8508 comm="syz.3.640" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f8a28d7fed9 code=0x7ffc0000
[  344.814176][   T29] audit: type=1326 audit(1733645364.088:288): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8508 comm="syz.3.640" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8a28d7fed9 code=0x7ffc0000
[  345.494140][ T8541] RDS: rds_bind could not find a transport for ::ffff:100.1.1.1, load rds_tcp or rds_rdma?
[  346.077140][   T54] Bluetooth: hci0: command 0x0405 tx timeout
[  346.114752][ T8549] netlink: 'syz.9.654': attribute type 4 has an invalid length.
[  346.375332][   T29] audit: type=1326 audit(1733645366.024:289): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8548 comm="syz.9.654" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0e0c17fed9 code=0x7ffc0000
[  346.461903][   T29] audit: type=1326 audit(1733645366.057:290): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8548 comm="syz.9.654" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0e0c17fed9 code=0x7ffc0000
[  346.575707][   T29] audit: type=1326 audit(1733645366.057:291): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8548 comm="syz.9.654" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0e0c17fed9 code=0x7ffc0000
[  346.654386][ T5869] usb 2-1: new full-speed USB device number 8 using dummy_hcd
[  347.013427][ T8564] infiniband syz2: set active
[  347.342404][ T5869] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x6D, changing to 0xD
[  347.369959][ T5869] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0xD has invalid wMaxPacketSize 0
[  347.503602][ T5869] usb 2-1: New USB device found, idVendor=0e9c, idProduct=0000, bcdDevice=5b.1e
[  347.538840][ T5869] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  347.547270][ T5869] usb 2-1: Product: syz
[  347.552391][ T5869] usb 2-1: Manufacturer: syz
[  347.557040][ T5869] usb 2-1: SerialNumber: syz
[  347.739470][ T5869] usb 2-1: config 0 descriptor??
[  347.749982][ T5869] streamzap 2-1:0.0: streamzap_probe: endpoint doesn't match input device 020d
[  348.732776][ T5870] usb 2-1: USB disconnect, device number 8
[  349.430830][ T8584] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  350.427901][ T8592] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  350.542504][ T8592] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  350.548848][ T8592] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  350.572003][ T8592] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  350.663543][ T8592] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  350.838564][ T8619] netlink: 'syz.2.674': attribute type 4 has an invalid length.
[  351.325277][ T8631] misc userio: No port type given on /dev/userio
[  351.333419][ T8631] misc userio: The device must be registered before sending interrupts
[  351.995150][ T5832] Bluetooth: hci2: command 0x0406 tx timeout
[  352.120744][ T8638] overlayfs: failed to resolve './file0': -2
[  352.290503][ T8641] FAULT_INJECTION: forcing a failure.
[  352.290503][ T8641] name failslab, interval 1, probability 0, space 0, times 0
[  352.356544][ T8641] CPU: 0 UID: 0 PID: 8641 Comm: syz.1.682 Not tainted 6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0
[  352.367304][ T8641] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  352.377409][ T8641] Call Trace:
[  352.380725][ T8641]  <TASK>
[  352.383687][ T8641]  dump_stack_lvl+0x241/0x360
[  352.388426][ T8641]  ? __pfx_dump_stack_lvl+0x10/0x10
[  352.393681][ T8641]  ? __pfx__printk+0x10/0x10
[  352.398320][ T8641]  ? __kmalloc_node_track_caller_noprof+0xb4/0x4c0
[  352.404872][ T8641]  ? __pfx___might_resched+0x10/0x10
[  352.410218][ T8641]  should_fail_ex+0x3b0/0x4e0
[  352.414940][ T8641]  should_failslab+0xac/0x100
[  352.419697][ T8641]  __kmalloc_node_track_caller_noprof+0xdc/0x4c0
[  352.426083][ T8641]  ? smk_write_net6addr+0x141/0x18b0
[  352.431523][ T8641]  memdup_user_nul+0x2f/0x100
[  352.436264][ T8641]  smk_write_net6addr+0x141/0x18b0
[  352.441517][ T8641]  ? __pfx_lock_acquire+0x10/0x10
[  352.446601][ T8641]  ? __pfx_smk_write_net6addr+0x10/0x10
[  352.452203][ T8641]  ? rcu_read_lock_any_held+0xb7/0x160
[  352.457736][ T8641]  ? __pfx_smk_write_net6addr+0x10/0x10
[  352.463332][ T8641]  vfs_write+0x2a3/0xd30
[  352.467640][ T8641]  ? __pfx_vfs_write+0x10/0x10
[  352.472465][ T8641]  ? __fget_files+0x2a/0x410
[  352.477107][ T8641]  ? __fget_files+0x395/0x410
[  352.481840][ T8641]  ? __fget_files+0x2a/0x410
[  352.486495][ T8641]  ksys_write+0x18f/0x2b0
[  352.490878][ T8641]  ? __pfx_ksys_write+0x10/0x10
[  352.495778][ T8641]  ? do_syscall_64+0x100/0x230
[  352.500685][ T8641]  ? do_syscall_64+0xb6/0x230
[  352.505434][ T8641]  do_syscall_64+0xf3/0x230
[  352.510002][ T8641]  ? clear_bhb_loop+0x35/0x90
[  352.514730][ T8641]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  352.520682][ T8641] RIP: 0033:0x7f853db7fed9
[  352.525141][ T8641] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  352.544811][ T8641] RSP: 002b:00007f853e9eb058 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  352.553287][ T8641] RAX: ffffffffffffffda RBX: 00007f853dd45fa0 RCX: 00007f853db7fed9
[  352.561312][ T8641] RDX: 00000000000000b0 RSI: 0000000020000380 RDI: 0000000000000003
[  352.569330][ T8641] RBP: 00007f853e9eb0a0 R08: 0000000000000000 R09: 0000000000000000
[  352.572931][ T5832] Bluetooth: hci1: command 0x0c1a tx timeout
[  352.577322][ T8641] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  352.583451][   T54] Bluetooth: hci3: command 0x0406 tx timeout
[  352.591265][ T8641] R13: 0000000000000000 R14: 00007f853dd45fa0 R15: 00007ffe547a4df8
[  352.597675][ T5824] Bluetooth: hci4: command 0x0406 tx timeout
[  352.605217][ T8641]  </TASK>
[  352.605245][    C0] vkms_vblank_simulate: vblank timer overrun
[  352.623042][   T54] Bluetooth: hci0: command 0x0405 tx timeout
[  352.751771][ T8645] overlayfs: failed to resolve './file1': -2
[  352.812491][ T8651] netlink: 32 bytes leftover after parsing attributes in process `syz.3.686'.
[  352.857768][ T8653] netlink: 'syz.1.687': attribute type 4 has an invalid length.
[  353.002448][ T8660] syz.1.690: attempt to access beyond end of device
[  353.002448][ T8660] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  353.915180][ T8676] misc userio: No port type given on /dev/userio
[  354.008483][ T8676] misc userio: The device must be registered before sending interrupts
[  357.363819][   T54] Bluetooth: hci1: Unknown advertising packet type: 0x5f
[  357.364098][   T54] Bluetooth: hci1: Malformed LE Event: 0x0d
[  357.772101][ T8709] syz.9.700: attempt to access beyond end of device
[  357.772101][ T8709] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  358.621551][ T8712] bond0: entered promiscuous mode
[  358.658711][ T8712] bond_slave_0: entered promiscuous mode
[  358.667170][ T8712] bond_slave_1: entered promiscuous mode
[  358.683076][ T8713] netlink: 8 bytes leftover after parsing attributes in process `syz.6.701'.
[  358.698523][ T8712] netlink: 8 bytes leftover after parsing attributes in process `syz.3.702'.
[  359.670631][ T8733] netlink: 'syz.9.707': attribute type 3 has an invalid length.
[  360.160862][ T8745] syz.3.710: attempt to access beyond end of device
[  360.160862][ T8745] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  362.475534][ T8776] bridge0: port 1(bridge_slave_0) entered disabled state
[  362.488577][ T8776] bridge0: port 2(bridge_slave_1) entered disabled state
[  362.516183][   T29] kauditd_printk_skb: 6 callbacks suppressed
[  362.516204][   T29] audit: type=1326 audit(1733645383.341:298): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8773 comm="syz.9.718" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0e0c17fed9 code=0x7ffc0000
[  362.571141][   T29] audit: type=1326 audit(1733645383.341:299): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8773 comm="syz.9.718" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7f0e0c17fed9 code=0x7ffc0000
[  362.592915][   T29] audit: type=1326 audit(1733645383.341:300): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8773 comm="syz.9.718" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0e0c17fed9 code=0x7ffc0000
[  362.614744][   T29] audit: type=1326 audit(1733645383.341:301): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8773 comm="syz.9.718" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7f0e0c17fed9 code=0x7ffc0000
[  362.636776][   T29] audit: type=1326 audit(1733645383.341:302): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8773 comm="syz.9.718" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0e0c17fed9 code=0x7ffc0000
[  362.667018][   T29] audit: type=1326 audit(1733645383.341:303): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8773 comm="syz.9.718" exe="/root/syz-executor" sig=0 arch=c000003e syscall=83 compat=0 ip=0x7f0e0c17fed9 code=0x7ffc0000
[  362.688580][   T29] audit: type=1326 audit(1733645383.341:304): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8773 comm="syz.9.718" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0e0c17fed9 code=0x7ffc0000
[  362.710159][   T29] audit: type=1326 audit(1733645383.395:305): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8773 comm="syz.9.718" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7f0e0c17fed9 code=0x7ffc0000
[  362.794233][   T29] audit: type=1326 audit(1733645383.609:306): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8773 comm="syz.9.718" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0e0c17fed9 code=0x7ffc0000
[  362.798513][ T8776] infiniband syz2: set active
[  362.819093][   T29] audit: type=1326 audit(1733645383.609:307): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8773 comm="syz.9.718" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0e0c17fed9 code=0x7ffc0000
[  362.837612][ T8776] infiniband syz2: set active
[  362.886118][ T8787] xt_recent: Unsupported userspace flags (00000042)
[  363.028703][ T8791] overlayfs: failed to resolve './file1': -2
[  363.109782][ T5869] usb 7-1: new high-speed USB device number 15 using dummy_hcd
[  363.274489][ T5869] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  363.287022][ T5869] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  363.415811][ T5869] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  363.567337][ T5869] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  363.627245][ T5869] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  363.648748][ T5869] usb 7-1: config 0 descriptor??
[  363.900199][ T8786] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  363.924897][ T8786] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  365.183672][ T8809] ebtables: ebtables: counters copy to user failed while replacing table
[  365.342624][ T8829] syz.3.729: attempt to access beyond end of device
[  365.342624][ T8829] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  366.067670][ T5869] usbhid 7-1:0.0: can't add hid device: -71
[  366.073931][ T5869] usbhid 7-1:0.0: probe with driver usbhid failed with error -71
[  366.086045][ T5869] usb 7-1: USB disconnect, device number 15
[  366.739034][ T8847] netlink: 40 bytes leftover after parsing attributes in process `syz.9.735'.
[  366.837984][ T8847] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  367.463992][ T8867] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  368.197383][ T5868] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  368.352177][ T5868] usb 2-1: Using ep0 maxpacket: 32
[  368.368173][ T5868] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  368.395260][ T5868] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  368.415723][ T5868] usb 2-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  368.451391][ T5868] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  368.619795][ T8877] syz.2.743: attempt to access beyond end of device
[  368.619795][ T8877] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  369.415202][ T5868] usb 2-1: config 0 descriptor??
[  369.426646][ T5868] hub 2-1:0.0: USB hub found
[  369.901053][ T5868] hub 2-1:0.0: 1 port detected
[  370.249592][ T8893] syz.2.745: attempt to access beyond end of device
[  370.249592][ T8893] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  371.364498][ T5868] hub 2-1:0.0: hub_hub_status failed (err = -32)
[  371.371682][ T5868] hub 2-1:0.0: config failed, can't get hub status (err -32)
[  371.410199][ T5868] usbhid 2-1:0.0: can't add hid device: -32
[  371.418290][ T5868] usbhid 2-1:0.0: probe with driver usbhid failed with error -32
[  371.966834][ T5900] usb 10-1: new high-speed USB device number 7 using dummy_hcd
[  372.091534][ T8900] syz.6.746: attempt to access beyond end of device
[  372.091534][ T8900] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  372.414830][  T838] usb 2-1: USB disconnect, device number 9
[  372.496314][ T5900] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  372.514909][ T5900] usb 10-1: New USB device found, idVendor=0ccd, idProduct=0093, bcdDevice=23.5a
[  372.524723][ T5900] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  372.533084][ T5900] usb 10-1: Product: syz
[  372.537841][ T5900] usb 10-1: Manufacturer: syz
[  372.542563][ T5900] usb 10-1: SerialNumber: syz
[  372.550123][ T5900] usb 10-1: config 0 descriptor??
[  372.847660][ T5868] usb 2-1: new full-speed USB device number 10 using dummy_hcd
[  372.996833][ T5868] usb 2-1: config 5 has an invalid interface number: 123 but max is 0
[  373.023607][ T5868] usb 2-1: config 5 has no interface number 0
[  373.061479][ T5868] usb 2-1: config 5 interface 123 altsetting 7 has an endpoint descriptor with address 0xEB, changing to 0x8B
[  373.137324][ T5868] usb 2-1: config 5 interface 123 altsetting 7 has an endpoint descriptor with address 0xE6, changing to 0x86
[  373.229636][ T5868] usb 2-1: config 5 interface 123 altsetting 7 endpoint 0x86 has invalid wMaxPacketSize 0
[  373.297218][ T5868] usb 2-1: config 5 interface 123 has no altsetting 0
[  373.350221][ T5868] usb 2-1: New USB device found, idVendor=3923, idProduct=718a, bcdDevice=d8.d7
[  373.421817][ T5868] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  373.485661][ T5868] usb 2-1: Product: syz
[  373.530046][ T5868] usb 2-1: Manufacturer: syz
[  373.554693][ T5868] usb 2-1: SerialNumber: syz
[  373.636133][ T5900] usb 10-1: dvb_usb_v2: usb_bulk_msg() failed=-8
[  373.643315][ T5900] dvb_usb_af9035 10-1:0.0: probe with driver dvb_usb_af9035 failed with error -8
[  373.655611][ T5900] usb 10-1: USB disconnect, device number 7
[  374.242601][ T8922] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  375.792686][ T8929] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  375.883405][ T8929] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  375.900075][ T8929] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  375.911806][ T8929] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  375.938731][ T8940] FAULT_INJECTION: forcing a failure.
[  375.938731][ T8940] name failslab, interval 1, probability 0, space 0, times 0
[  375.940457][ T8929] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  375.960359][ T8940] CPU: 0 UID: 0 PID: 8940 Comm: syz.6.757 Not tainted 6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0
[  375.970998][ T8940] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  375.981095][ T8940] Call Trace:
[  375.984416][ T8940]  <TASK>
[  375.987384][ T8940]  dump_stack_lvl+0x241/0x360
[  375.992123][ T8940]  ? __pfx_dump_stack_lvl+0x10/0x10
[  375.997366][ T8940]  ? __pfx__printk+0x10/0x10
[  376.002010][ T8940]  ? __kmalloc_noprof+0xb5/0x4c0
[  376.006976][ T8940]  ? __pfx___might_resched+0x10/0x10
[  376.012323][ T8940]  should_fail_ex+0x3b0/0x4e0
[  376.017049][ T8940]  should_failslab+0xac/0x100
[  376.021772][ T8940]  __kmalloc_noprof+0xdd/0x4c0
[  376.026612][ T8940]  ? iovec_from_user+0x87/0x240
[  376.031517][ T8940]  iovec_from_user+0x87/0x240
[  376.036251][ T8940]  __import_iovec+0x152/0x870
[  376.041004][ T8940]  import_iovec+0xeb/0x120
[  376.045482][ T8940]  copy_msghdr_from_user+0x52f/0x680
[  376.050826][ T8940]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  376.056687][ T8940]  ? __fget_files+0x2a/0x410
[  376.061352][ T8940]  ? __fget_files+0x2a/0x410
[  376.065990][ T8940]  __sys_sendmmsg+0x32b/0x720
[  376.070722][ T8940]  ? __pfx___sys_sendmmsg+0x10/0x10
[  376.075967][ T8940]  ? __pfx_lock_release+0x10/0x10
[  376.081018][ T8940]  ? kstrtouint_from_user+0x128/0x190
[  376.081077][ T8940]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[  376.081112][ T8940]  ? ksys_write+0x22a/0x2b0
[  376.081153][ T8940]  ? __pfx_lock_release+0x10/0x10
[  376.081186][ T8940]  ? vfs_write+0x730/0xd30
[  376.081226][ T8940]  ? __mutex_unlock_slowpath+0x21e/0x790
[  376.112127][ T8940]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  376.118172][ T8940]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  376.124561][ T8940]  ? do_syscall_64+0x100/0x230
[  376.129395][ T8940]  __x64_sys_sendmmsg+0xa0/0xb0
[  376.134286][ T8940]  do_syscall_64+0xf3/0x230
[  376.138834][ T8940]  ? clear_bhb_loop+0x35/0x90
[  376.143548][ T8940]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  376.149480][ T8940] RIP: 0033:0x7f601817fed9
[  376.153933][ T8940] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  376.173588][ T8940] RSP: 002b:00007f6018f64058 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  376.182038][ T8940] RAX: ffffffffffffffda RBX: 00007f6018345fa0 RCX: 00007f601817fed9
[  376.190058][ T8940] RDX: 0400000000000172 RSI: 0000000020003cc0 RDI: 0000000000000003
[  376.198089][ T8940] RBP: 00007f6018f640a0 R08: 0000000000000000 R09: 0000000000000000
[  376.206107][ T8940] R10: 0000000004000000 R11: 0000000000000246 R12: 0000000000000001
[  376.214128][ T8940] R13: 0000000000000000 R14: 00007f6018345fa0 R15: 00007ffe7a0a2028
[  376.222162][ T8940]  </TASK>
[  376.402208][ T5868] ni6501 2-1:5.123: driver 'ni6501' failed to auto-configure device.
[  376.417979][ T5868] usb 2-1: USB disconnect, device number 10
[  376.473986][ T1295] ieee802154 phy0 wpan0: encryption failed: -22
[  376.481810][ T1295] ieee802154 phy1 wpan1: encryption failed: -22
[  376.724743][ T8948] netlink: 'syz.6.759': attribute type 1 has an invalid length.
[  376.743756][ T8948] netlink: 'syz.6.759': attribute type 4 has an invalid length.
[  376.789504][   T54] Bluetooth: hci2: command 0x0406 tx timeout
[  376.800336][ T8948] netlink: 14694 bytes leftover after parsing attributes in process `syz.6.759'.
[  377.090546][ T8960] FAULT_INJECTION: forcing a failure.
[  377.090546][ T8960] name fail_futex, interval 1, probability 0, space 0, times 1
[  377.103534][ T8960] CPU: 1 UID: 0 PID: 8960 Comm: syz.9.760 Not tainted 6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0
[  377.114176][ T8960] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  377.124264][ T8960] Call Trace:
[  377.127574][ T8960]  <TASK>
[  377.130537][ T8960]  dump_stack_lvl+0x241/0x360
[  377.135264][ T8960]  ? __pfx_dump_stack_lvl+0x10/0x10
[  377.140521][ T8960]  ? __pfx__printk+0x10/0x10
[  377.145181][ T8960]  ? __pfx_lock_acquire+0x10/0x10
[  377.150261][ T8960]  ? get_futex_key+0x313/0x1110
[  377.155175][ T8960]  should_fail_ex+0x3b0/0x4e0
[  377.159901][ T8960]  get_futex_key+0x1d7/0x1110
[  377.164633][ T8960]  ? __pfx_get_futex_key+0x10/0x10
[  377.169805][ T8960]  ? __pfx_get_futex_key+0x10/0x10
[  377.174959][ T8960]  ? __hrtimer_init+0x170/0x250
[  377.179857][ T8960]  futex_wait_setup+0x43/0x2a0
[  377.184656][ T8960]  ? ktime_add_safe+0x38/0x70
[  377.189378][ T8960]  futex_wait_requeue_pi+0x324/0xe30
[  377.194708][ T8960]  ? __pfx_futex_wait_requeue_pi+0x10/0x10
[  377.200557][ T8960]  ? __pfx_hrtimer_wakeup+0x10/0x10
[  377.205833][ T8960]  ? __pfx_futex_wake_mark+0x10/0x10
[  377.211178][ T8960]  ? __might_fault+0xc6/0x120
[  377.215896][ T8960]  do_futex+0x1b5/0x560
[  377.220110][ T8960]  ? __pfx_do_futex+0x10/0x10
[  377.224837][ T8960]  ? __pfx___schedule+0x10/0x10
[  377.229735][ T8960]  __se_sys_futex+0x3f9/0x480
[  377.234468][ T8960]  ? __pfx___se_sys_futex+0x10/0x10
[  377.239714][ T8960]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  377.246089][ T8960]  ? do_syscall_64+0x100/0x230
[  377.250909][ T8960]  ? __x64_sys_futex+0x21/0xf0
[  377.255721][ T8960]  do_syscall_64+0xf3/0x230
[  377.260267][ T8960]  ? clear_bhb_loop+0x35/0x90
[  377.264982][ T8960]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  377.270913][ T8960] RIP: 0033:0x7f0e0c17fed9
[  377.275357][ T8960] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  377.294998][ T8960] RSP: 002b:00007f0e09fb4058 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  377.303457][ T8960] RAX: ffffffffffffffda RBX: 00007f0e0c346160 RCX: 00007f0e0c17fed9
[  377.311458][ T8960] RDX: 0000000000000004 RSI: 000080000000000b RDI: 000000002000cffc
[  377.319455][ T8960] RBP: 00007f0e09fb40a0 R08: 0000000020048000 R09: 0000000000000000
[  377.327451][ T8960] R10: 000000002000b000 R11: 0000000000000246 R12: 0000000000000001
[  377.335470][ T8960] R13: 0000000000000000 R14: 00007f0e0c346160 R15: 00007ffc52712a28
[  377.343503][ T8960]  </TASK>
[  377.821990][   T54] Bluetooth: hci0: command 0x0405 tx timeout
[  377.829754][   T54] Bluetooth: hci1: command 0x0c1a tx timeout
[  377.831537][ T5824] Bluetooth: hci3: command 0x0406 tx timeout
[  377.836579][   T54] Bluetooth: hci4: command 0x0406 tx timeout
[  377.851565][ T8970] sctp: [Deprecated]: syz.2.766 (pid 8970) Use of struct sctp_assoc_value in delayed_ack socket option.
[  377.851565][ T8970] Use struct sctp_sack_info instead
[  377.889342][ T8970] netlink: 4 bytes leftover after parsing attributes in process `syz.2.766'.
[  379.219961][ T5900] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[  379.820041][ T9001] FAULT_INJECTION: forcing a failure.
[  379.820041][ T9001] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  379.836894][ T5900] usb 4-1: Using ep0 maxpacket: 16
[  379.848605][ T9001] CPU: 0 UID: 0 PID: 9001 Comm: syz.2.777 Not tainted 6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0
[  379.859263][ T9001] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  379.869364][ T9001] Call Trace:
[  379.872686][ T9001]  <TASK>
[  379.875648][ T9001]  dump_stack_lvl+0x241/0x360
[  379.880376][ T9001]  ? __pfx_dump_stack_lvl+0x10/0x10
[  379.885619][ T9001]  ? __pfx__printk+0x10/0x10
[  379.890265][ T9001]  ? __pfx___might_resched+0x10/0x10
[  379.895617][ T9001]  should_fail_ex+0x3b0/0x4e0
[  379.900349][ T9001]  _copy_from_user+0x2f/0xc0
[  379.904995][ T9001]  copy_folio_from_user+0x164/0x370
[  379.910247][ T9001]  hugetlb_mfill_atomic_pte+0xf93/0x19d0
[  379.915951][ T9001]  ? __pfx_hugetlb_mfill_atomic_pte+0x10/0x10
[  379.922065][ T9001]  ? huge_pte_alloc+0x37b/0x520
[  379.926968][ T9001]  ? __pfx_huge_pte_alloc+0x10/0x10
[  379.932218][ T9001]  ? hugetlb_vma_lock_read+0xfa/0x140
[  379.937644][ T9001]  mfill_atomic_copy+0x15a5/0x1b40
[  379.942820][ T9001]  ? __pfx___might_resched+0x10/0x10
[  379.948197][ T9001]  ? __pfx_mfill_atomic_copy+0x10/0x10
[  379.953693][ T9001]  ? __pfx_lock_release+0x10/0x10
[  379.958742][ T9001]  ? preempt_count_add+0x93/0x190
[  379.963794][ T9001]  ? __might_fault+0xc6/0x120
[  379.968499][ T9001]  userfaultfd_ioctl+0x2906/0x66f0
[  379.973631][ T9001]  ? __kernel_text_address+0xd/0x40
[  379.978864][ T9001]  ? __pfx_userfaultfd_ioctl+0x10/0x10
[  379.984363][ T9001]  ? stack_trace_save+0x118/0x1d0
[  379.989410][ T9001]  ? __pfx_stack_trace_save+0x10/0x10
[  379.994807][ T9001]  ? stack_depot_save_flags+0x29/0x830
[  380.000290][ T9001]  ? kasan_save_track+0x51/0x80
[  380.005189][ T9001]  ? kasan_save_track+0x3f/0x80
[  380.010055][ T9001]  ? kasan_save_free_info+0x40/0x50
[  380.015265][ T9001]  ? __kasan_slab_free+0x59/0x70
[  380.020218][ T9001]  ? kfree+0x196/0x430
[  380.024290][ T9001]  ? tomoyo_path_number_perm+0x679/0x860
[  380.029933][ T9001]  ? security_file_ioctl+0xc6/0x2a0
[  380.035144][ T9001]  ? __se_sys_ioctl+0x46/0x170
[  380.039925][ T9001]  ? do_syscall_64+0xf3/0x230
[  380.044642][ T9001]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  380.050733][ T9001]  ? do_vfs_ioctl+0xf07/0x2e40
[  380.055520][ T9001]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  380.060577][ T9001]  ? mark_lock+0x9a/0x360
[  380.064950][ T9001]  ? tomoyo_path_number_perm+0x206/0x860
[  380.070592][ T9001]  ? __pfx_lock_release+0x10/0x10
[  380.075630][ T9001]  ? tomoyo_path_number_perm+0x679/0x860
[  380.081285][ T9001]  ? tomoyo_path_number_perm+0x679/0x860
[  380.086931][ T9001]  ? tomoyo_path_number_perm+0x6f9/0x860
[  380.092582][ T9001]  ? __lock_acquire+0x1397/0x2100
[  380.097627][ T9001]  ? tomoyo_path_number_perm+0x206/0x860
[  380.103275][ T9001]  ? smack_log+0x123/0x540
[  380.107709][ T9001]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  380.113706][ T9001]  ? __pfx_smack_log+0x10/0x10
[  380.118488][ T9001]  ? smk_access+0x4ab/0x4e0
[  380.123016][ T9001]  ? smk_tskacc+0x300/0x370
[  380.127545][ T9001]  ? smack_file_ioctl+0x2f7/0x3a0
[  380.132588][ T9001]  ? __pfx_smack_file_ioctl+0x10/0x10
[  380.137973][ T9001]  ? __fget_files+0x2a/0x410
[  380.142581][ T9001]  ? __fget_files+0x2a/0x410
[  380.147189][ T9001]  ? __pfx_userfaultfd_ioctl+0x10/0x10
[  380.152670][ T9001]  __se_sys_ioctl+0xf5/0x170
[  380.157280][ T9001]  do_syscall_64+0xf3/0x230
[  380.161802][ T9001]  ? clear_bhb_loop+0x35/0x90
[  380.166490][ T9001]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  380.172411][ T9001] RIP: 0033:0x7f4d7e37fed9
[  380.176837][ T9001] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  380.196463][ T9001] RSP: 002b:00007f4d7f195058 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  380.204983][ T9001] RAX: ffffffffffffffda RBX: 00007f4d7e545fa0 RCX: 00007f4d7e37fed9
[  380.212989][ T9001] RDX: 0000000020000080 RSI: 00000000c028aa03 RDI: 0000000000000003
[  380.220988][ T9001] RBP: 00007f4d7f1950a0 R08: 0000000000000000 R09: 0000000000000000
[  380.228978][ T9001] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  380.236965][ T9001] R13: 0000000000000000 R14: 00007f4d7e545fa0 R15: 00007ffe3ccfb108
[  380.244967][ T9001]  </TASK>
[  380.248160][    C0] vkms_vblank_simulate: vblank timer overrun
[  380.334376][ T5900] usb 4-1: New USB device found, idVendor=054c, idProduct=002e, bcdDevice= 5.00
[  380.363421][ T5900] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  380.394309][ T5900] usb 4-1: Product: syz
[  380.398543][ T5900] usb 4-1: Manufacturer: syz
[  380.415986][ T5900] usb 4-1: SerialNumber: syz
[  380.453716][ T5900] usb 4-1: config 0 descriptor??
[  380.471742][ T5900] usb-storage 4-1:0.0: USB Mass Storage device detected
[  380.633125][ T5900] usb-storage 4-1:0.0: Quirks match for vid 054c pid 002e: 1
[  380.706373][ T8979] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  380.757812][ T5900] usb-storage 4-1:0.0: This device (054c,002e,0500 S 04 P c9) has an unneeded SubClass entry in unusual_devs.h (kernel 6.13.0-rc1-syzkaller-00337-g7503345ac5f5)
[  380.757812][ T5900]    Please send a copy of this message to <linux-usb@vger.kernel.org> and <usb-storage@lists.one-eyed-alien.net>
[  380.785843][    C0] vkms_vblank_simulate: vblank timer overrun
[  380.798007][ T8979] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  380.857604][ T8979] (unnamed net_device) (uninitialized): option downdelay: invalid value (18446744073709551614)
[  380.982818][ T8979] (unnamed net_device) (uninitialized): option downdelay: allowed values 0 - 2147483647
[  381.047368][ T9019] syz.2.780: attempt to access beyond end of device
[  381.047368][ T9019] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  381.523267][ T5900] usb 4-1: USB disconnect, device number 8
[  383.666227][ T9057] sctp: [Deprecated]: syz.3.785 (pid 9057) Use of struct sctp_assoc_value in delayed_ack socket option.
[  383.666227][ T9057] Use struct sctp_sack_info instead
[  383.716842][ T9057] netlink: 4 bytes leftover after parsing attributes in process `syz.3.785'.
[  384.169294][ T9065] netlink: 'syz.9.790': attribute type 4 has an invalid length.
[  384.365347][ T3077] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[  384.808386][ T3077] usb 4-1: Using ep0 maxpacket: 32
[  385.541898][ T3077] usb 4-1: New USB device found, idVendor=0b54, idProduct=62a0, bcdDevice=a0.56
[  385.551093][ T3077] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  385.559551][ T3077] usb 4-1: Product: syz
[  385.563767][ T3077] usb 4-1: Manufacturer: syz
[  385.568677][ T3077] usb 4-1: SerialNumber: syz
[  385.580545][ T3077] usb 4-1: config 0 descriptor??
[  387.802137][ T5900] usb 4-1: USB disconnect, device number 9
[  387.866852][ T9102] 9pnet_fd: Insufficient options for proto=fd
[  392.366557][ T9137] netlink: 8 bytes leftover after parsing attributes in process `syz.2.811'.
[  392.578191][ T9138] overlayfs: failed to resolve './file0': -2
[  392.614565][ T9140] overlayfs: failed to resolve './file0': -2
[  392.840133][ T9146] 9pnet_fd: Insufficient options for proto=fd
[  392.861363][ T9147] netlink: 8 bytes leftover after parsing attributes in process `syz.3.813'.
[  394.214155][ T9165] syz.9.819: attempt to access beyond end of device
[  394.214155][ T9165] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  394.884710][ T9178] FAULT_INJECTION: forcing a failure.
[  394.884710][ T9178] name failslab, interval 1, probability 0, space 0, times 0
[  394.904835][ T9178] CPU: 1 UID: 0 PID: 9178 Comm: syz.6.821 Not tainted 6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0
[  394.915516][ T9178] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  394.925637][ T9178] Call Trace:
[  394.928971][ T9178]  <TASK>
[  394.931949][ T9178]  dump_stack_lvl+0x241/0x360
[  394.936656][ T9178]  ? __pfx_dump_stack_lvl+0x10/0x10
[  394.941877][ T9178]  ? __pfx__printk+0x10/0x10
[  394.946483][ T9178]  ? __kmalloc_noprof+0xb5/0x4c0
[  394.951432][ T9178]  ? __pfx___might_resched+0x10/0x10
[  394.956757][ T9178]  should_fail_ex+0x3b0/0x4e0
[  394.961461][ T9178]  should_failslab+0xac/0x100
[  394.966165][ T9178]  __kmalloc_noprof+0xdd/0x4c0
[  394.971052][ T9178]  ? iovec_from_user+0x87/0x240
[  394.975934][ T9178]  iovec_from_user+0x87/0x240
[  394.980682][ T9178]  __import_iovec+0x152/0x870
[  394.985404][ T9178]  import_iovec+0xeb/0x120
[  394.989867][ T9178]  copy_msghdr_from_user+0x52f/0x680
[  394.995286][ T9178]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  395.001128][ T9178]  ? __fget_files+0x2a/0x410
[  395.005759][ T9178]  ? __fget_files+0x2a/0x410
[  395.010394][ T9178]  __sys_sendmmsg+0x32b/0x720
[  395.015135][ T9178]  ? __pfx___sys_sendmmsg+0x10/0x10
[  395.017437][ T9181] syz.3.822: attempt to access beyond end of device
[  395.017437][ T9181] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  395.020390][ T9178]  ? __pfx_lock_release+0x10/0x10
[  395.020421][ T9178]  ? kstrtouint_from_user+0x128/0x190
[  395.038218][ T9178]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[  395.049575][ T9178]  ? ksys_write+0x22a/0x2b0
[  395.054177][ T9178]  ? __pfx_lock_release+0x10/0x10
[  395.059262][ T9178]  ? vfs_write+0x730/0xd30
[  395.063727][ T9178]  ? __mutex_unlock_slowpath+0x21e/0x790
[  395.069470][ T9178]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  395.075481][ T9178]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  395.081850][ T9178]  ? do_syscall_64+0x100/0x230
[  395.086696][ T9178]  __x64_sys_sendmmsg+0xa0/0xb0
[  395.091578][ T9178]  do_syscall_64+0xf3/0x230
[  395.096144][ T9178]  ? clear_bhb_loop+0x35/0x90
[  395.100860][ T9178]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  395.106788][ T9178] RIP: 0033:0x7f601817fed9
[  395.111214][ T9178] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  395.130844][ T9178] RSP: 002b:00007f6018f64058 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  395.139310][ T9178] RAX: ffffffffffffffda RBX: 00007f6018345fa0 RCX: 00007f601817fed9
[  395.147341][ T9178] RDX: 0400000000000172 RSI: 0000000020003cc0 RDI: 0000000000000003
[  395.155366][ T9178] RBP: 00007f6018f640a0 R08: 0000000000000000 R09: 0000000000000000
[  395.163377][ T9178] R10: 0000000004000000 R11: 0000000000000246 R12: 0000000000000001
[  395.171382][ T9178] R13: 0000000000000000 R14: 00007f6018345fa0 R15: 00007ffe7a0a2028
[  395.179404][ T9178]  </TASK>
[  395.453566][ T9189] overlayfs: missing 'lowerdir'
[  397.064000][ T9196] 9pnet_fd: Insufficient options for proto=fd
[  398.449083][ T9202] netlink: 8 bytes leftover after parsing attributes in process `syz.3.827'.
[  398.976210][ T9215] netlink: 8 bytes leftover after parsing attributes in process `syz.6.833'.
[  399.138086][ T3077] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[  399.293960][ T3077] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  399.319124][ T3077] usb 3-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  399.348140][ T3077] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  399.413243][ T3077] usb 3-1: config 0 descriptor??
[  399.576694][ T3077] pwc: Askey VC010 type 2 USB webcam detected.
[  399.744150][ T5870] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[  400.073634][ T5870] usb 4-1: config 1 has too many interfaces: 36, using maximum allowed: 32
[  400.088376][ T5870] usb 4-1: config 1 contains an unexpected descriptor of type 0x1, skipping
[  400.097123][ T5870] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  400.112648][ T3077] pwc: recv_control_msg error -32 req 02 val 2b00
[  400.120532][ T3077] pwc: recv_control_msg error -32 req 02 val 2700
[  400.135112][ T5870] usb 4-1: config 1 has 0 interfaces, different from the descriptor's value: 36
[  400.145073][ T3077] pwc: recv_control_msg error -32 req 02 val 2c00
[  400.162019][ T5870] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  400.175645][ T5870] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  400.184385][ T5870] usb 4-1: Product: syz
[  400.188636][ T5870] usb 4-1: Manufacturer: syz
[  400.197642][ T5870] usb 4-1: SerialNumber: syz
[  400.562062][ T3077] pwc: recv_control_msg error -71 req 04 val 1300
[  400.570505][ T3077] pwc: recv_control_msg error -71 req 04 val 1400
[  400.592455][ T5870] usb 4-1: USB disconnect, device number 10
[  400.599079][ T3077] pwc: recv_control_msg error -71 req 02 val 2000
[  400.626673][ T3077] pwc: recv_control_msg error -71 req 02 val 2100
[  400.653101][ T3077] pwc: recv_control_msg error -71 req 04 val 1500
[  400.688897][ T3077] pwc: recv_control_msg error -71 req 02 val 2500
[  400.712350][ T3077] pwc: recv_control_msg error -71 req 02 val 2400
[  400.730347][ T3077] pwc: recv_control_msg error -71 req 02 val 2600
[  400.746138][ T3077] pwc: recv_control_msg error -71 req 02 val 2900
[  400.756155][ T3077] pwc: recv_control_msg error -71 req 02 val 2800
[  400.768005][ T3077] pwc: recv_control_msg error -71 req 04 val 1100
[  400.933515][ T3077] pwc: recv_control_msg error -71 req 04 val 1200
[  400.941484][ T3077] pwc: Registered as video103.
[  400.955368][ T3077] input: PWC snapshot button as /devices/platform/dummy_hcd.2/usb3/3-1/input/input26
[  401.755570][ T3077] usb 3-1: USB disconnect, device number 9
[  402.986811][ T9256] A link change request failed with some changes committed already. Interface vlan1 may have been left with an inconsistent configuration, please check.
[  403.291533][ T9264] netlink: 8 bytes leftover after parsing attributes in process `syz.3.845'.
[  405.226142][ T5872] usb 7-1: new high-speed USB device number 16 using dummy_hcd
[  405.364271][ T5872] usb 7-1: device descriptor read/64, error -71
[  405.630950][ T5872] usb 7-1: new high-speed USB device number 17 using dummy_hcd
[  410.476750][ T9326] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  411.492996][ T9337] FAULT_INJECTION: forcing a failure.
[  411.492996][ T9337] name failslab, interval 1, probability 0, space 0, times 0
[  411.505744][ T9337] CPU: 1 UID: 0 PID: 9337 Comm: syz.3.868 Not tainted 6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0
[  411.516379][ T9337] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  411.526472][ T9337] Call Trace:
[  411.529823][ T9337]  <TASK>
[  411.532782][ T9337]  dump_stack_lvl+0x241/0x360
[  411.537512][ T9337]  ? __pfx_dump_stack_lvl+0x10/0x10
[  411.542758][ T9337]  ? __pfx__printk+0x10/0x10
[  411.547399][ T9337]  ? kernel_text_address+0xa7/0xe0
[  411.552560][ T9337]  ? __kernel_text_address+0xd/0x40
[  411.557819][ T9337]  should_fail_ex+0x3b0/0x4e0
[  411.562525][ T9337]  should_failslab+0xac/0x100
[  411.567218][ T9337]  __kmalloc_noprof+0xdd/0x4c0
[  411.572002][ T9337]  ? switchdev_deferred_enqueue+0x44/0x260
[  411.577834][ T9337]  ? __pfx_switchdev_port_attr_set_deferred+0x10/0x10
[  411.584616][ T9337]  switchdev_deferred_enqueue+0x44/0x260
[  411.590444][ T9337]  ? switchdev_port_attr_set+0xdf/0x2e0
[  411.596455][ T9337]  switchdev_port_attr_set+0xf8/0x2e0
[  411.601854][ T9337]  ? __pfx_switchdev_port_attr_set+0x10/0x10
[  411.607865][ T9337]  br_set_state+0x2c9/0x7b0
[  411.612394][ T9337]  ? do_raw_spin_lock+0x14f/0x370
[  411.617463][ T9337]  ? __pfx_br_set_state+0x10/0x10
[  411.622653][ T9337]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  411.628067][ T9337]  ? br_setlink+0x46b/0x8b0
[  411.632614][ T9337]  br_setlink+0x6bb/0x8b0
[  411.636966][ T9337]  ? __pfx_br_setlink+0x10/0x10
[  411.641834][ T9337]  ? __mutex_trylock_common+0x183/0x2e0
[  411.647433][ T9337]  ? __pfx___mutex_lock+0x10/0x10
[  411.652481][ T9337]  ? mutex_is_locked+0x17/0x50
[  411.657268][ T9337]  rtnl_bridge_setlink+0x46e/0x730
[  411.662402][ T9337]  ? __pfx_rtnl_bridge_setlink+0x10/0x10
[  411.668056][ T9337]  rtnetlink_rcv_msg+0x73f/0xcf0
[  411.673096][ T9337]  ? rtnetlink_rcv_msg+0x1a7/0xcf0
[  411.678229][ T9337]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  411.683713][ T9337]  ? ref_tracker_free+0x643/0x7e0
[  411.688759][ T9337]  netlink_rcv_skb+0x1e3/0x430
[  411.693543][ T9337]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  411.699022][ T9337]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  411.704341][ T9337]  ? netlink_deliver_tap+0x2e/0x1b0
[  411.709578][ T9337]  netlink_unicast+0x7f6/0x990
[  411.714371][ T9337]  ? __pfx_netlink_unicast+0x10/0x10
[  411.719676][ T9337]  ? __virt_addr_valid+0x183/0x530
[  411.724804][ T9337]  ? __check_object_size+0x48e/0x900
[  411.730104][ T9337]  netlink_sendmsg+0x8e4/0xcb0
[  411.734892][ T9337]  ? __pfx_netlink_sendmsg+0x10/0x10
[  411.740204][ T9337]  ? __pfx_netlink_sendmsg+0x10/0x10
[  411.745508][ T9337]  __sock_sendmsg+0x221/0x270
[  411.750214][ T9337]  ____sys_sendmsg+0x52a/0x7e0
[  411.755004][ T9337]  ? __pfx_____sys_sendmsg+0x10/0x10
[  411.760304][ T9337]  ? __fget_files+0x2a/0x410
[  411.764912][ T9337]  ? __fget_files+0x2a/0x410
[  411.769524][ T9337]  __sys_sendmsg+0x269/0x350
[  411.774125][ T9337]  ? __pfx_lock_release+0x10/0x10
[  411.779166][ T9337]  ? __pfx___sys_sendmsg+0x10/0x10
[  411.784313][ T9337]  ? __pfx_vfs_write+0x10/0x10
[  411.789127][ T9337]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  411.795480][ T9337]  ? do_syscall_64+0x100/0x230
[  411.800269][ T9337]  ? do_syscall_64+0xb6/0x230
[  411.804971][ T9337]  do_syscall_64+0xf3/0x230
[  411.809496][ T9337]  ? clear_bhb_loop+0x35/0x90
[  411.814192][ T9337]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  411.820107][ T9337] RIP: 0033:0x7f8a28d7fed9
[  411.824534][ T9337] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  411.844329][ T9337] RSP: 002b:00007f8a29c24058 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  411.852759][ T9337] RAX: ffffffffffffffda RBX: 00007f8a28f45fa0 RCX: 00007f8a28d7fed9
[  411.860746][ T9337] RDX: 0000000000000000 RSI: 0000000020000200 RDI: 0000000000000003
[  411.868725][ T9337] RBP: 00007f8a29c240a0 R08: 0000000000000000 R09: 0000000000000000
[  411.876707][ T9337] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  411.884693][ T9337] R13: 0000000000000000 R14: 00007f8a28f45fa0 R15: 00007ffd17b6d718
[  411.892704][ T9337]  </TASK>
[  411.895818][ T9337] bridge0: error setting offload STP state on port 1(bridge_slave_0)
[  412.472468][ T9338] overlayfs: failed to resolve './file1': -2
[  412.502427][ T9347] FAULT_INJECTION: forcing a failure.
[  412.502427][ T9347] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  412.515877][ T9347] CPU: 1 UID: 0 PID: 9347 Comm: syz.9.870 Not tainted 6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0
[  412.526600][ T9347] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  412.536697][ T9347] Call Trace:
[  412.540007][ T9347]  <TASK>
[  412.542962][ T9347]  dump_stack_lvl+0x241/0x360
[  412.547688][ T9347]  ? __pfx_dump_stack_lvl+0x10/0x10
[  412.552929][ T9347]  ? __pfx__printk+0x10/0x10
[  412.557561][ T9347]  ? __pfx_lock_release+0x10/0x10
[  412.562636][ T9347]  should_fail_ex+0x3b0/0x4e0
[  412.567351][ T9347]  _copy_from_iter+0x4ae/0x1e70
[  412.572240][ T9347]  ? mark_lock+0x9a/0x360
[  412.576623][ T9347]  ? __pfx__copy_from_iter+0x10/0x10
[  412.581953][ T9347]  ? smack_socket_sendmsg+0x178/0x540
[  412.587369][ T9347]  bcm_sendmsg+0x157/0x7a0
[  412.591837][ T9347]  ? __pfx_bcm_sendmsg+0x10/0x10
[  412.596853][ T9347]  ? __import_iovec+0x3a8/0x870
[  412.601759][ T9347]  ? __pfx_bcm_sendmsg+0x10/0x10
[  412.606740][ T9347]  __sock_sendmsg+0x221/0x270
[  412.611467][ T9347]  ____sys_sendmsg+0x52a/0x7e0
[  412.616279][ T9347]  ? __pfx_____sys_sendmsg+0x10/0x10
[  412.621600][ T9347]  ? __fget_files+0x2a/0x410
[  412.626230][ T9347]  ? __sys_sendmmsg+0x392/0x720
[  412.631116][ T9347]  ? __might_fault+0xaa/0x120
[  412.635837][ T9347]  __sys_sendmmsg+0x36a/0x720
[  412.640568][ T9347]  ? __pfx___sys_sendmmsg+0x10/0x10
[  412.645823][ T9347]  ? __pfx_lock_release+0x10/0x10
[  412.650898][ T9347]  ? kstrtouint_from_user+0x128/0x190
[  412.656335][ T9347]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[  412.662280][ T9347]  ? ksys_write+0x22a/0x2b0
[  412.666830][ T9347]  ? __pfx_lock_release+0x10/0x10
[  412.671886][ T9347]  ? vfs_write+0x730/0xd30
[  412.676327][ T9347]  ? __mutex_unlock_slowpath+0x21e/0x790
[  412.682002][ T9347]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  412.687999][ T9347]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  412.694365][ T9347]  ? do_syscall_64+0x100/0x230
[  412.699150][ T9347]  __x64_sys_sendmmsg+0xa0/0xb0
[  412.704022][ T9347]  do_syscall_64+0xf3/0x230
[  412.708556][ T9347]  ? clear_bhb_loop+0x35/0x90
[  412.713256][ T9347]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  412.719187][ T9347] RIP: 0033:0x7f0e0c17fed9
[  412.723615][ T9347] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  412.743236][ T9347] RSP: 002b:00007f0e09ff6058 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  412.751694][ T9347] RAX: ffffffffffffffda RBX: 00007f0e0c345fa0 RCX: 00007f0e0c17fed9
[  412.759675][ T9347] RDX: 040000000000003a RSI: 0000000020001b00 RDI: 0000000000000004
[  412.767672][ T9347] RBP: 00007f0e09ff60a0 R08: 0000000000000000 R09: 0000000000000000
[  412.775651][ T9347] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  412.783640][ T9347] R13: 0000000000000000 R14: 00007f0e0c345fa0 R15: 00007ffc52712a28
[  412.791636][ T9347]  </TASK>
[  413.576264][ T9353] FAULT_INJECTION: forcing a failure.
[  413.576264][ T9353] name failslab, interval 1, probability 0, space 0, times 0
[  413.589502][ T9353] CPU: 1 UID: 0 PID: 9353 Comm: syz.9.872 Not tainted 6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0
[  413.600157][ T9353] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  413.610245][ T9353] Call Trace:
[  413.613554][ T9353]  <TASK>
[  413.616530][ T9353]  dump_stack_lvl+0x241/0x360
[  413.621255][ T9353]  ? __pfx_dump_stack_lvl+0x10/0x10
[  413.626498][ T9353]  ? __pfx__printk+0x10/0x10
[  413.631143][ T9353]  should_fail_ex+0x3b0/0x4e0
[  413.635860][ T9353]  should_failslab+0xac/0x100
[  413.640576][ T9353]  __kmalloc_noprof+0xdd/0x4c0
[  413.645373][ T9353]  ? ___neigh_create+0x72b/0x2320
[  413.650440][ T9353]  ___neigh_create+0x72b/0x2320
[  413.655333][ T9353]  ? __pfx_ndisc_key_eq+0x10/0x10
[  413.660394][ T9353]  ? __pfx_ndisc_hash+0x10/0x10
[  413.665281][ T9353]  ? neigh_lookup+0xb9/0x700
[  413.669906][ T9353]  ? __pfx_neigh_lookup+0x10/0x10
[  413.674969][ T9353]  ? __pfx_ipv6_get_ifaddr+0x10/0x10
[  413.680293][ T9353]  ? ndisc_parse_options+0x651/0x680
[  413.685627][ T9353]  __neigh_lookup+0x56/0x80
[  413.690174][ T9353]  ndisc_recv_ns+0x8a5/0x1240
[  413.694914][ T9353]  ? __pfx_ndisc_recv_ns+0x10/0x10
[  413.700095][ T9353]  ? __asan_memset+0x23/0x50
[  413.704734][ T9353]  ? ndisc_rcv+0x4a7/0x6f0
[  413.709206][ T9353]  icmpv6_rcv+0x1128/0x19e0
[  413.713766][ T9353]  ? __pfx_icmpv6_rcv+0x10/0x10
[  413.718660][ T9353]  ? __pfx_tcp_v6_rcv+0x10/0x10
[  413.723558][ T9353]  ip6_protocol_deliver_rcu+0x105b/0x1580
[  413.729351][ T9353]  ? ip6_input_finish+0xdc/0x2d0
[  413.734328][ T9353]  ip6_input_finish+0x187/0x2d0
[  413.739222][ T9353]  ? __pfx_ip6_input_finish+0x10/0x10
[  413.744661][ T9353]  NF_HOOK+0x3a4/0x450
[  413.748777][ T9353]  ? NF_HOOK+0x9a/0x450
[  413.752966][ T9353]  ? __pfx_NF_HOOK+0x10/0x10
[  413.757597][ T9353]  ? __pfx_ip6_input_finish+0x10/0x10
[  413.763004][ T9353]  ? ipv6_chk_mcast_addr+0x2e/0x840
[  413.768246][ T9353]  ? ipv6_chk_mcast_addr+0x78f/0x840
[  413.773587][ T9353]  ? ipv6_chk_mcast_addr+0x2e/0x840
[  413.778833][ T9353]  ip6_mc_input+0x9c5/0xc30
[  413.783383][ T9353]  ? __pfx_ip6_mc_input+0x10/0x10
[  413.788454][ T9353]  ? skb_dst+0x72/0xd0
[  413.792573][ T9353]  ? __pfx_ip6_rcv_finish+0x10/0x10
[  413.797835][ T9353]  NF_HOOK+0x3a4/0x450
[  413.801942][ T9353]  ? skb_orphan+0x4b/0xd0
[  413.806308][ T9353]  ? NF_HOOK+0x9a/0x450
[  413.810495][ T9353]  ? __pfx_NF_HOOK+0x10/0x10
[  413.815124][ T9353]  ? __pfx_ip6_rcv_finish+0x10/0x10
[  413.820367][ T9353]  ? __pfx_ipv6_rcv+0x10/0x10
[  413.825081][ T9353]  __netif_receive_skb+0x1ea/0x650
[  413.830241][ T9353]  ? __pfx_lock_acquire+0x10/0x10
[  413.835408][ T9353]  ? seqcount_lockdep_reader_access+0x1d7/0x220
[  413.841695][ T9353]  ? __pfx___netif_receive_skb+0x10/0x10
[  413.847366][ T9353]  ? build_skb+0x52/0x2a0
[  413.851730][ T9353]  ? tun_get_user+0x2177/0x4890
[  413.856620][ T9353]  ? tun_chr_write_iter+0x10d/0x1f0
[  413.861864][ T9353]  ? do_syscall_64+0xf3/0x230
[  413.866580][ T9353]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  413.872694][ T9353]  ? tun_rx_batched+0x160/0x8f0
[  413.877675][ T9353]  ? __pfx_lockdep_softirqs_off+0x10/0x10
[  413.883444][ T9353]  ? read_tsc+0x9/0x20
[  413.887550][ T9353]  ? netif_receive_skb+0x131/0x890
[  413.892725][ T9353]  ? netif_receive_skb+0x131/0x890
[  413.897883][ T9353]  netif_receive_skb+0x1e8/0x890
[  413.902865][ T9353]  ? tun_rx_batched+0x160/0x8f0
[  413.907764][ T9353]  ? __pfx_netif_receive_skb+0x10/0x10
[  413.913283][ T9353]  ? tun_rx_batched+0x160/0x8f0
[  413.918227][ T9353]  tun_rx_batched+0x1b7/0x8f0
[  413.922946][ T9353]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  413.929320][ T9353]  ? __pfx_lock_acquire+0x10/0x10
[  413.934384][ T9353]  ? __pfx_tun_rx_batched+0x10/0x10
[  413.939655][ T9353]  tun_get_user+0x30d6/0x4890
[  413.944380][ T9353]  ? tun_get_user+0x2bbe/0x4890
[  413.949277][ T9353]  ? tun_get_user+0x86e/0x4890
[  413.954093][ T9353]  ? __lock_acquire+0x1397/0x2100
[  413.959167][ T9353]  ? __pfx_tun_get_user+0x10/0x10
[  413.964256][ T9353]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  413.969753][ T9353]  ? tun_get+0x1e/0x2f0
[  413.973954][ T9353]  ? __pfx_lock_release+0x10/0x10
[  413.979064][ T9353]  ? tun_get+0x1e/0x2f0
[  413.983264][ T9353]  ? tun_get+0x27d/0x2f0
[  413.987555][ T9353]  tun_chr_write_iter+0x10d/0x1f0
[  413.992629][ T9353]  vfs_write+0xaeb/0xd30
[  413.996930][ T9353]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  414.002520][ T9353]  ? __pfx_vfs_write+0x10/0x10
[  414.007336][ T9353]  ? __fget_files+0x2a/0x410
[  414.011972][ T9353]  ? __fget_files+0x2a/0x410
[  414.016621][ T9353]  ksys_write+0x18f/0x2b0
[  414.021007][ T9353]  ? __pfx_ksys_write+0x10/0x10
[  414.025912][ T9353]  ? do_syscall_64+0x100/0x230
[  414.030697][ T9353]  ? do_syscall_64+0xb6/0x230
[  414.035403][ T9353]  do_syscall_64+0xf3/0x230
[  414.039942][ T9353]  ? clear_bhb_loop+0x35/0x90
[  414.044628][ T9353]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  414.050533][ T9353] RIP: 0033:0x7f0e0c17e98f
[  414.054953][ T9353] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  414.074575][ T9353] RSP: 002b:00007f0e09ff6020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  414.083020][ T9353] RAX: ffffffffffffffda RBX: 00007f0e0c345fa0 RCX: 00007f0e0c17e98f
[  414.091009][ T9353] RDX: 0000000000000066 RSI: 0000000020000c00 RDI: 00000000000000c8
[  414.098993][ T9353] RBP: 00007f0e09ff60a0 R08: 0000000000000000 R09: 0000000000000000
[  414.106970][ T9353] R10: 0000000000000066 R11: 0000000000000293 R12: 0000000000000001
[  414.115029][ T9353] R13: 0000000000000001 R14: 00007f0e0c345fa0 R15: 00007ffc52712a28
[  414.123042][ T9353]  </TASK>
[  416.363097][ T9362] 9pnet_fd: Insufficient options for proto=fd
[  416.540901][ T9371] FAULT_INJECTION: forcing a failure.
[  416.540901][ T9371] name failslab, interval 1, probability 0, space 0, times 0
[  416.561764][ T9371] CPU: 0 UID: 0 PID: 9371 Comm: syz.9.879 Not tainted 6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0
[  416.572430][ T9371] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  416.582530][ T9371] Call Trace:
[  416.585851][ T9371]  <TASK>
[  416.588816][ T9371]  dump_stack_lvl+0x241/0x360
[  416.593521][ T9371]  ? __pfx_dump_stack_lvl+0x10/0x10
[  416.598818][ T9371]  ? __pfx__printk+0x10/0x10
[  416.603419][ T9371]  ? fs_reclaim_acquire+0x93/0x130
[  416.608540][ T9371]  ? __pfx___might_resched+0x10/0x10
[  416.613856][ T9371]  should_fail_ex+0x3b0/0x4e0
[  416.618573][ T9371]  should_failslab+0xac/0x100
[  416.623274][ T9371]  __kmalloc_noprof+0xdd/0x4c0
[  416.628082][ T9371]  ? kstrtouint_from_user+0x128/0x190
[  416.633506][ T9371]  ? tomoyo_realpath_from_path+0xcf/0x5e0
[  416.639717][ T9371]  tomoyo_realpath_from_path+0xcf/0x5e0
[  416.645326][ T9371]  tomoyo_path_number_perm+0x236/0x860
[  416.650827][ T9371]  ? __lock_acquire+0x1397/0x2100
[  416.655901][ T9371]  ? tomoyo_path_number_perm+0x206/0x860
[  416.661599][ T9371]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  416.667663][ T9371]  ? __fget_files+0x2a/0x410
[  416.672307][ T9371]  ? __fget_files+0x2a/0x410
[  416.676953][ T9371]  security_file_ioctl+0xc6/0x2a0
[  416.682026][ T9371]  __se_sys_ioctl+0x46/0x170
[  416.686682][ T9371]  do_syscall_64+0xf3/0x230
[  416.691239][ T9371]  ? clear_bhb_loop+0x35/0x90
[  416.695958][ T9371]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  416.701902][ T9371] RIP: 0033:0x7f0e0c17fed9
[  416.706363][ T9371] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  416.726017][ T9371] RSP: 002b:00007f0e09ff6058 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  416.734484][ T9371] RAX: ffffffffffffffda RBX: 00007f0e0c345fa0 RCX: 00007f0e0c17fed9
[  416.742501][ T9371] RDX: 0000000000000000 RSI: 00000000c0045004 RDI: 0000000000000003
[  416.750490][ T9371] RBP: 00007f0e09ff60a0 R08: 0000000000000000 R09: 0000000000000000
[  416.758477][ T9371] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  416.766467][ T9371] R13: 0000000000000000 R14: 00007f0e0c345fa0 R15: 00007ffc52712a28
[  416.774461][ T9371]  </TASK>
[  416.777583][    C0] vkms_vblank_simulate: vblank timer overrun
[  416.784329][ T9371] ERROR: Out of memory at tomoyo_realpath_from_path.
[  418.161262][   T29] kauditd_printk_skb: 30 callbacks suppressed
[  418.161286][   T29] audit: type=1400 audit(1733645443.037:338): lsm=SMACK fn=smack_inode_remove_acl action=denied subject="N" object="_" requested=w pid=9394 comm="syz.1.886" name="vcsa" dev="devtmpfs" ino=16
[  418.288657][ T9404] netlink: 12 bytes leftover after parsing attributes in process `syz.2.884'.
[  420.636177][ T9416] syz.1.888: attempt to access beyond end of device
[  420.636177][ T9416] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  421.517247][ T9418] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  422.159677][ T9427] FAULT_INJECTION: forcing a failure.
[  422.159677][ T9427] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  422.180347][ T9427] CPU: 0 UID: 0 PID: 9427 Comm: syz.3.893 Not tainted 6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0
[  422.191006][ T9427] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  422.201105][ T9427] Call Trace:
[  422.204415][ T9427]  <TASK>
[  422.207373][ T9427]  dump_stack_lvl+0x241/0x360
[  422.212102][ T9427]  ? __pfx_dump_stack_lvl+0x10/0x10
[  422.217347][ T9427]  ? __pfx__printk+0x10/0x10
[  422.221992][ T9427]  ? snprintf+0xda/0x120
[  422.226276][ T9427]  should_fail_ex+0x3b0/0x4e0
[  422.230998][ T9427]  _copy_to_user+0x31/0xb0
[  422.235646][ T9427]  simple_read_from_buffer+0xca/0x150
[  422.241091][ T9427]  proc_fail_nth_read+0x1e9/0x250
[  422.246174][ T9427]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  422.251776][ T9427]  ? rw_verify_area+0x55e/0x6f0
[  422.256693][ T9427]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  422.262290][ T9427]  vfs_read+0x1fc/0xb70
[  422.266505][ T9427]  ? __pfx___mutex_lock+0x10/0x10
[  422.271592][ T9427]  ? __pfx_vfs_read+0x10/0x10
[  422.276331][ T9427]  ? __fget_files+0x2a/0x410
[  422.280983][ T9427]  ? __fget_files+0x395/0x410
[  422.285706][ T9427]  ? __fget_files+0x2a/0x410
[  422.290358][ T9427]  ksys_read+0x18f/0x2b0
[  422.294657][ T9427]  ? __pfx_ksys_read+0x10/0x10
[  422.299473][ T9427]  ? do_syscall_64+0x100/0x230
[  422.304299][ T9427]  ? do_syscall_64+0xb6/0x230
[  422.309034][ T9427]  do_syscall_64+0xf3/0x230
[  422.313593][ T9427]  ? clear_bhb_loop+0x35/0x90
[  422.318330][ T9427]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  422.324281][ T9427] RIP: 0033:0x7f8a28d7e8ec
[  422.328741][ T9427] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  422.346668][ T9433] netlink: 'syz.9.894': attribute type 4 has an invalid length.
[  422.348377][ T9427] RSP: 002b:00007f8a29c24050 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  422.348439][ T9427] RAX: ffffffffffffffda RBX: 00007f8a28f45fa0 RCX: 00007f8a28d7e8ec
[  422.356898][ T9431] syz.1.892: attempt to access beyond end of device
[  422.356898][ T9431] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  422.364489][ T9427] RDX: 000000000000000f RSI: 00007f8a29c240b0 RDI: 0000000000000004
[  422.364516][ T9427] RBP: 00007f8a29c240a0 R08: 0000000000000000 R09: 0000000000000000
[  422.364532][ T9427] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  422.364546][ T9427] R13: 0000000000000000 R14: 00007f8a28f45fa0 R15: 00007ffd17b6d718
[  422.364581][ T9427]  </TASK>
[  423.370071][   T29] audit: type=1326 audit(1733645448.627:339): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9432 comm="syz.9.894" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0e0c17fed9 code=0x7ffc0000
[  423.409313][   T29] audit: type=1326 audit(1733645448.627:340): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9432 comm="syz.9.894" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f0e0c181df7 code=0x7ffc0000
[  423.431257][   T29] audit: type=1326 audit(1733645448.627:341): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9432 comm="syz.9.894" exe="/root/syz-executor" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7f0e0c181d6c code=0x7ffc0000
[  423.453252][   T29] audit: type=1326 audit(1733645448.627:342): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9432 comm="syz.9.894" exe="/root/syz-executor" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7f0e0c181ca4 code=0x7ffc0000
[  423.474946][   T29] audit: type=1326 audit(1733645448.627:343): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9432 comm="syz.9.894" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f0e0c17eb3a code=0x7ffc0000
[  423.496294][   T29] audit: type=1326 audit(1733645448.627:344): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9432 comm="syz.9.894" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0e0c17fed9 code=0x7ffc0000
[  423.518056][   T29] audit: type=1326 audit(1733645448.627:345): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9432 comm="syz.9.894" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0e0c17fed9 code=0x7ffc0000
[  423.540244][   T29] audit: type=1326 audit(1733645448.627:346): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9432 comm="syz.9.894" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0e0c17fed9 code=0x7ffc0000
[  423.562404][   T29] audit: type=1326 audit(1733645448.627:347): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9432 comm="syz.9.894" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0e0c17fed9 code=0x7ffc0000
[  423.584117][   T29] audit: type=1326 audit(1733645448.627:348): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9432 comm="syz.9.894" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0e0c17fed9 code=0x7ffc0000
[  428.035369][ T9476] netlink: 24 bytes leftover after parsing attributes in process `syz.1.906'.
[  428.059889][   T54] Bluetooth: hci0: unexpected event for opcode 0x0413
[  428.109337][ T9476] smc: net device lo applied user defined pnetid SYZ2
[  428.141038][ T9476] smc: net device lo erased user defined pnetid SYZ2
[  428.189873][ T5870] usb 4-1: new high-speed USB device number 11 using dummy_hcd
[  428.220467][ T9476] overlayfs: failed to resolve '!Ó*‚5÷Q¥': -2
[  428.570047][ T5870] usb 4-1: device descriptor read/64, error -71
[  429.346737][ T3077] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[  429.354760][ T5870] usb 4-1: new high-speed USB device number 12 using dummy_hcd
[  429.505273][ T5870] usb 4-1: device descriptor read/64, error -71
[  429.529686][ T3077] usb 2-1: New USB device found, idVendor=0547, idProduct=0201, bcdDevice=11.64
[  429.551427][ T3077] usb 2-1: New USB device strings: Mfr=1, Product=242, SerialNumber=2
[  429.577378][ T3077] usb 2-1: Product: syz
[  429.798091][ T5870] usb usb4-port1: attempt power cycle
[  429.808489][ T3077] usb 2-1: Manufacturer: syz
[  429.813181][ T3077] usb 2-1: SerialNumber: syz
[  429.820472][ T3077] usb 2-1: config 0 descriptor??
[  429.829526][ T3077] dvb-usb: found a 'Nebula Electronics uDigiTV DVB-T USB2.0)' in warm state.
[  429.847964][ T3077] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  429.860017][ T3077] dvbdev: DVB: registering new adapter (Nebula Electronics uDigiTV DVB-T USB2.0))
[  429.870112][ T3077] usb 2-1: media controller created
[  430.404197][ T3077] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  430.978715][ T3077] DVB: Unable to find symbol mt352_attach()
[  431.260980][ T5869] usb 7-1: new high-speed USB device number 18 using dummy_hcd
[  431.381346][ T9508] netlink: 'syz.3.916': attribute type 10 has an invalid length.
[  431.405514][ T3077] DVB: Unable to find symbol nxt6000_attach()
[  431.411728][ T3077] dvb-usb: no frontend was attached by 'Nebula Electronics uDigiTV DVB-T USB2.0)'
[  431.425705][ T9510] netlink: 40 bytes leftover after parsing attributes in process `syz.2.917'.
[  431.436792][ T9510] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  431.438524][ T3077] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.1/usb2/2-1/input/input35
[  431.561403][ T3077] dvb-usb: schedule remote query interval to 1000 msecs.
[  431.577116][ T3077] dvb-usb: Nebula Electronics uDigiTV DVB-T USB2.0) successfully initialized and connected.
[  431.587400][ T3077] dvb-usb: bulk message failed: -22 (7/0)
[  431.593280][ T3077] dvb-usb: bulk message failed: -22 (7/0)
[  431.675840][ T5869] usb 7-1: Using ep0 maxpacket: 32
[  431.682843][ T5869] usb 7-1: config 0 has an invalid interface number: 132 but max is 0
[  431.696648][ T5869] usb 7-1: config 0 has no interface number 0
[  431.708216][ T5869] usb 7-1: config 0 interface 132 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32
[  431.734316][ T5869] usb 7-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5
[  431.749120][ T5869] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  431.765912][ T5869] usb 7-1: Product: syz
[  431.775674][ T5869] usb 7-1: Manufacturer: syz
[  431.783406][ T5869] usb 7-1: SerialNumber: syz
[  431.794295][ T5869] usb 7-1: config 0 descriptor??
[  431.800668][   T54] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0
[  431.810751][   T54] Bluetooth: hci0: Injecting HCI hardware error event
[  431.821391][ T5832] Bluetooth: hci0: hardware error 0x00
[  431.844242][ T9504] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[  431.857469][ T5869] em28xx 7-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132)
[  431.867723][ T5869] em28xx 7-1:0.132: Video interface 132 found: bulk
[  431.926316][ T9519] netlink: 652 bytes leftover after parsing attributes in process `syz.9.920'.
[  431.964942][ T9523] netlink: 'syz.3.921': attribute type 4 has an invalid length.
[  431.976762][   T29] kauditd_printk_skb: 5 callbacks suppressed
[  431.976848][   T29] audit: type=1326 audit(1733645457.865:354): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9522 comm="syz.3.921" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8a28d7fed9 code=0x7ffc0000
[  432.005036][   T29] audit: type=1326 audit(1733645457.865:355): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9522 comm="syz.3.921" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f8a28d81df7 code=0x7ffc0000
[  432.027840][   T29] audit: type=1326 audit(1733645457.865:356): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9522 comm="syz.3.921" exe="/root/syz-executor" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7f8a28d81d6c code=0x7ffc0000
[  432.061939][   T29] audit: type=1326 audit(1733645457.865:357): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9522 comm="syz.3.921" exe="/root/syz-executor" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7f8a28d81ca4 code=0x7ffc0000
[  432.100112][   T29] audit: type=1326 audit(1733645457.865:358): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9522 comm="syz.3.921" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f8a28d7eb3a code=0x7ffc0000
[  432.157738][   T29] audit: type=1326 audit(1733645457.875:359): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9522 comm="syz.3.921" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8a28d7fed9 code=0x7ffc0000
[  432.206584][   T29] audit: type=1326 audit(1733645457.875:360): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9522 comm="syz.3.921" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8a28d7fed9 code=0x7ffc0000
[  432.243328][ T9504] (unnamed net_device) (uninitialized): peer notification delay (3) is not a multiple of miimon (9), value rounded to 0 ms
[  432.267930][   T29] audit: type=1326 audit(1733645457.886:361): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9522 comm="syz.3.921" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f8a28d7fed9 code=0x7ffc0000
[  432.312478][   T29] audit: type=1326 audit(1733645457.993:362): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9522 comm="syz.3.921" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8a28d7fed9 code=0x7ffc0000
[  432.342196][   T29] audit: type=1326 audit(1733645458.004:363): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9522 comm="syz.3.921" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f8a28d7fed9 code=0x7ffc0000
[  432.610723][ T5868] dvb-usb: bulk message failed: -22 (7/0)
[  432.618618][ T5868] dvb-usb: error while querying for an remote control event.
[  432.630477][ T3077] usb 2-1: USB disconnect, device number 11
[  432.638655][ T5869] em28xx 7-1:0.132: unknown em28xx chip ID (0)
[  433.265864][ T3077] dvb-usb: Nebula Electronics uDigiTV DVB-T USB2.0 successfully deinitialized and disconnected.
[  433.724281][ T5869] em28xx 7-1:0.132: reading from i2c device at 0xa0 failed: couldn't get the received message from the bridge (error=-5)
[  433.741724][ T5869] em28xx 7-1:0.132: board has no eeprom
[  433.748426][ T5832] Bluetooth: hci0: Opcode 0x0c03 failed: -110
[  433.755564][ T1295] ieee802154 phy0 wpan0: encryption failed: -22
[  433.820104][ T5869] em28xx 7-1:0.132: Identified as Leadtek Winfast USB II (card=7)
[  433.828467][ T5869] em28xx 7-1:0.132: analog set to bulk mode.
[  433.840738][ T3077] em28xx 7-1:0.132: Registering V4L2 extension
[  434.300056][ T5869] usb 7-1: USB disconnect, device number 18
[  434.363300][ T5869] em28xx 7-1:0.132: Disconnecting em28xx
[  435.909876][ T9566] netlink: 'syz.1.934': attribute type 4 has an invalid length.
[  436.220712][ T9570] netlink: 40 bytes leftover after parsing attributes in process `syz.6.933'.
[  436.249239][ T9570] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  437.061269][ T3077] em28xx 7-1:0.132: Config register raw data: 0xffffffed
[  437.068951][ T3077] em28xx 7-1:0.132: AC97 chip type couldn't be determined
[  437.076662][ T3077] em28xx 7-1:0.132: No AC97 audio processor
[  437.089280][ T3077] usb 7-1: Decoder not found
[  437.094152][ T3077] em28xx 7-1:0.132: failed to create media graph
[  437.100613][ T3077] em28xx 7-1:0.132: V4L2 device video103 deregistered
[  439.201109][ T3077] em28xx 7-1:0.132: Remote control support is not available for this card.
[  439.210263][ T5869] em28xx 7-1:0.132: Closing input extension
[  439.858393][ T5869] em28xx 7-1:0.132: Freeing device
[  441.447668][ T9604] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap1
[  441.544224][ T9608] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  442.447877][ T9614] netlink: 40 bytes leftover after parsing attributes in process `syz.6.944'.
[  442.461491][ T9604] batman_adv: batadv0: Adding interface: gretap1
[  442.506511][ T9604] batman_adv: batadv0: The MTU of interface gretap1 is too small (1462) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  442.559821][ T9604] batman_adv: batadv0: Not using interface gretap1 (retrying later): interface not active
[  442.580348][ T9619] FAULT_INJECTION: forcing a failure.
[  442.580348][ T9619] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  442.594622][ T9616] (unnamed net_device) (uninitialized): option lacp_rate: invalid value (3)
[  442.609895][ T9619] CPU: 0 UID: 0 PID: 9619 Comm: syz.3.946 Not tainted 6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0
[  442.620548][ T9619] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  442.630629][ T9619] Call Trace:
[  442.633940][ T9619]  <TASK>
[  442.636878][ T9619]  dump_stack_lvl+0x241/0x360
[  442.641576][ T9619]  ? __pfx_dump_stack_lvl+0x10/0x10
[  442.646804][ T9619]  ? __pfx__printk+0x10/0x10
[  442.651412][ T9619]  ? snprintf+0xda/0x120
[  442.655669][ T9619]  should_fail_ex+0x3b0/0x4e0
[  442.660378][ T9619]  _copy_to_user+0x31/0xb0
[  442.664816][ T9619]  simple_read_from_buffer+0xca/0x150
[  442.670201][ T9619]  proc_fail_nth_read+0x1e9/0x250
[  442.675241][ T9619]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  442.680806][ T9619]  ? rw_verify_area+0x55e/0x6f0
[  442.685673][ T9619]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  442.691233][ T9619]  vfs_read+0x1fc/0xb70
[  442.695416][ T9619]  ? __pfx___mutex_lock+0x10/0x10
[  442.700462][ T9619]  ? __pfx_vfs_read+0x10/0x10
[  442.705168][ T9619]  ? __fget_files+0x2a/0x410
[  442.709784][ T9619]  ? __fget_files+0x395/0x410
[  442.714493][ T9619]  ? __fget_files+0x2a/0x410
[  442.719113][ T9619]  ksys_read+0x18f/0x2b0
[  442.723383][ T9619]  ? __pfx_ksys_read+0x10/0x10
[  442.728165][ T9619]  ? do_syscall_64+0x100/0x230
[  442.732952][ T9619]  ? do_syscall_64+0xb6/0x230
[  442.737685][ T9619]  do_syscall_64+0xf3/0x230
[  442.742209][ T9619]  ? clear_bhb_loop+0x35/0x90
[  442.746902][ T9619]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  442.752815][ T9619] RIP: 0033:0x7f8a28d7e8ec
[  442.757251][ T9619] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  442.776873][ T9619] RSP: 002b:00007f8a29c24050 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  442.785331][ T9619] RAX: ffffffffffffffda RBX: 00007f8a28f45fa0 RCX: 00007f8a28d7e8ec
[  442.793312][ T9619] RDX: 000000000000000f RSI: 00007f8a29c240b0 RDI: 0000000000000004
[  442.801304][ T9619] RBP: 00007f8a29c240a0 R08: 0000000000000000 R09: 0000000000000000
[  442.809289][ T9619] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  442.817271][ T9619] R13: 0000000000000000 R14: 00007f8a28f45fa0 R15: 00007ffd17b6d718
[  442.825267][ T9619]  </TASK>
[  442.929674][ T9622] netlink: 40 bytes leftover after parsing attributes in process `syz.1.947'.
[  442.940738][ T9622] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  442.963055][ T5872] usb 7-1: new high-speed USB device number 19 using dummy_hcd
[  443.112719][ T5872] usb 7-1: Using ep0 maxpacket: 32
[  443.122252][ T5872] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA6, changing to 0x86
[  443.156504][ T5872] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x86 has an invalid bInterval 0, changing to 7
[  443.204001][ T5872] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x86 has invalid wMaxPacketSize 0
[  443.222548][ T5872] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x4 has invalid wMaxPacketSize 0
[  443.243364][ T5872] usb 7-1: New USB device found, idVendor=05ef, idProduct=020a, bcdDevice=91.36
[  443.259156][ T5872] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  443.274100][ T5872] usb 7-1: Product: syz
[  443.283163][ T5872] usb 7-1: Manufacturer: syz
[  443.298662][ T5872] usb 7-1: SerialNumber: syz
[  443.315029][ T5872] usb 7-1: config 0 descriptor??
[  443.520312][ T5872] usb 7-1: USB disconnect, device number 19
[  443.733696][ T9635] netlink: 8 bytes leftover after parsing attributes in process `syz.9.951'.
[  447.885852][ T9653] bond0: entered promiscuous mode
[  447.891104][ T9653] bond_slave_0: entered promiscuous mode
[  447.922700][ T9653] bond_slave_1: entered promiscuous mode
[  448.094744][ T9653] netlink: 8 bytes leftover after parsing attributes in process `syz.9.954'.
[  448.215245][ T9662] FAULT_INJECTION: forcing a failure.
[  448.215245][ T9662] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  448.247807][ T9662] CPU: 0 UID: 0 PID: 9662 Comm: syz.1.959 Not tainted 6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0
[  448.258497][ T9662] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  448.268598][ T9662] Call Trace:
[  448.271922][ T9662]  <TASK>
[  448.274903][ T9662]  dump_stack_lvl+0x241/0x360
[  448.279640][ T9662]  ? __pfx_dump_stack_lvl+0x10/0x10
[  448.284901][ T9662]  ? __pfx__printk+0x10/0x10
[  448.289547][ T9662]  ? __pfx_lock_release+0x10/0x10
[  448.294628][ T9662]  should_fail_ex+0x3b0/0x4e0
[  448.299357][ T9662]  _copy_from_user+0x2f/0xc0
[  448.304073][ T9662]  ucma_resolve_route+0xa7/0x330
[  448.309069][ T9662]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  448.315312][ T9662]  ? __pfx_ucma_resolve_route+0x10/0x10
[  448.320923][ T9662]  ? __might_fault+0xc6/0x120
[  448.325661][ T9662]  ? __pfx_ucma_resolve_route+0x10/0x10
[  448.331253][ T9662]  ucma_write+0x2d9/0x420
[  448.335640][ T9662]  ? __pfx_ucma_write+0x10/0x10
[  448.340547][ T9662]  ? bpf_lsm_file_permission+0x9/0x10
[  448.345973][ T9662]  ? security_file_permission+0x74/0x280
[  448.351659][ T9662]  ? rw_verify_area+0x1c3/0x6f0
[  448.356570][ T9662]  vfs_writev+0x5a9/0xba0
[  448.360971][ T9662]  ? __pfx_ucma_write+0x10/0x10
[  448.365947][ T9662]  ? __pfx_vfs_writev+0x10/0x10
[  448.370901][ T9662]  ? __fget_files+0x2a/0x410
[  448.375555][ T9662]  ? __fget_files+0x395/0x410
[  448.380280][ T9662]  ? __fget_files+0x2a/0x410
[  448.384929][ T9662]  do_writev+0x1b6/0x360
[  448.389236][ T9662]  ? irqentry_exit+0x63/0x90
[  448.393883][ T9662]  ? lockdep_hardirqs_on+0x99/0x150
[  448.399142][ T9662]  ? __pfx_do_writev+0x10/0x10
[  448.404044][ T9662]  do_syscall_64+0xf3/0x230
[  448.408605][ T9662]  ? clear_bhb_loop+0x35/0x90
[  448.413325][ T9662]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  448.419270][ T9662] RIP: 0033:0x7f853db7fed9
[  448.423724][ T9662] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  448.443379][ T9662] RSP: 002b:00007f853e9eb058 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[  448.451846][ T9662] RAX: ffffffffffffffda RBX: 00007f853dd45fa0 RCX: 00007f853db7fed9
[  448.459851][ T9662] RDX: 0000000000000001 RSI: 00000000200000c0 RDI: 0000000000000004
[  448.467861][ T9662] RBP: 00007f853e9eb0a0 R08: 0000000000000000 R09: 0000000000000000
[  448.475869][ T9662] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  448.483878][ T9662] R13: 0000000000000000 R14: 00007f853dd45fa0 R15: 00007ffe547a4df8
[  448.491905][ T9662]  </TASK>
[  449.030938][ T3077] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[  449.189181][ T3077] usb 3-1: device descriptor read/64, error -71
[  449.265800][ T9677] netlink: 'syz.1.964': attribute type 32 has an invalid length.
[  449.357558][ T9677] netlink: 8 bytes leftover after parsing attributes in process `syz.1.964'.
[  449.385937][ T9681] FAULT_INJECTION: forcing a failure.
[  449.385937][ T9681] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  449.430293][ T9681] CPU: 0 UID: 0 PID: 9681 Comm: syz.9.966 Not tainted 6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0
[  449.440963][ T9681] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  449.451055][ T9681] Call Trace:
[  449.454394][ T9681]  <TASK>
[  449.457371][ T9681]  dump_stack_lvl+0x241/0x360
[  449.462112][ T9681]  ? __pfx_dump_stack_lvl+0x10/0x10
[  449.467360][ T9681]  ? __pfx__printk+0x10/0x10
[  449.471997][ T9681]  ? __pfx_lock_release+0x10/0x10
[  449.477069][ T9681]  should_fail_ex+0x3b0/0x4e0
[  449.481782][ T9681]  _copy_to_iter+0x4ae/0x1e70
[  449.486505][ T9681]  ? __virt_addr_valid+0x183/0x530
[  449.491682][ T9681]  ? __pfx__copy_to_iter+0x10/0x10
[  449.496938][ T9681]  ? kasan_save_track+0x51/0x80
[  449.501853][ T9681]  ? __virt_addr_valid+0x183/0x530
[  449.507028][ T9681]  ? __virt_addr_valid+0x183/0x530
[  449.512184][ T9681]  ? __virt_addr_valid+0x45f/0x530
[  449.517337][ T9681]  ? __phys_addr_symbol+0x2f/0x70
[  449.522395][ T9681]  ? __check_object_size+0x48e/0x900
[  449.527722][ T9681]  __skb_datagram_iter+0x107/0x900
[  449.532872][ T9681]  ? __pfx_simple_copy_to_iter+0x10/0x10
[  449.538548][ T9681]  skb_copy_datagram_iter+0xd1/0x250
[  449.543874][ T9681]  netlink_recvmsg+0x2d0/0x11d0
[  449.548769][ T9681]  ? __pfx_netlink_recvmsg+0x10/0x10
[  449.554086][ T9681]  ? rcu_is_watching+0x15/0xb0
[  449.558889][ T9681]  ? trace_kmalloc+0x1f/0xd0
[  449.563515][ T9681]  ? __kmalloc_noprof+0x2a5/0x4c0
[  449.568577][ T9681]  ? iovec_from_user+0x87/0x240
[  449.573476][ T9681]  ? iovec_from_user+0x1b4/0x240
[  449.578463][ T9681]  ? bpf_lsm_socket_recvmsg+0x9/0x10
[  449.583790][ T9681]  ? __pfx_netlink_recvmsg+0x10/0x10
[  449.589120][ T9681]  sock_recvmsg+0x22f/0x280
[  449.593677][ T9681]  ____sys_recvmsg+0x1c6/0x480
[  449.598491][ T9681]  ? __pfx_____sys_recvmsg+0x10/0x10
[  449.603844][ T9681]  do_recvmmsg+0x426/0xab0
[  449.608312][ T9681]  ? __pfx_do_recvmmsg+0x10/0x10
[  449.613313][ T9681]  ? __pfx___might_resched+0x10/0x10
[  449.618670][ T9681]  ? __might_fault+0xaa/0x120
[  449.623385][ T9681]  ? __pfx_lock_release+0x10/0x10
[  449.628445][ T9681]  ? vfs_write+0x730/0xd30
[  449.632913][ T9681]  ? get_timespec64+0x19c/0x280
[  449.637817][ T9681]  __x64_sys_recvmmsg+0x1b8/0x250
[  449.641848][ T9677] (unnamed net_device) (uninitialized): Setting coupled_control to off (0)
[  449.642863][ T9681]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  449.657039][ T9681]  ? do_syscall_64+0x100/0x230
[  449.661866][ T9681]  ? do_syscall_64+0xb6/0x230
[  449.666596][ T9681]  do_syscall_64+0xf3/0x230
[  449.671149][ T9681]  ? clear_bhb_loop+0x35/0x90
[  449.675844][ T9681]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  449.681754][ T9681] RIP: 0033:0x7f0e0c17fed9
[  449.686192][ T9681] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  449.705851][ T9681] RSP: 002b:00007f0e09ff6058 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  449.714317][ T9681] RAX: ffffffffffffffda RBX: 00007f0e0c345fa0 RCX: 00007f0e0c17fed9
[  449.722413][ T9681] RDX: 04000000000003b4 RSI: 00000000200037c0 RDI: 0000000000000003
[  449.730419][ T9681] RBP: 00007f0e09ff60a0 R08: 0000000020003700 R09: 0000000000000000
[  449.738418][ T9681] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  449.746413][ T9681] R13: 0000000000000000 R14: 00007f0e0c345fa0 R15: 00007ffc52712a28
[  449.754421][ T9681]  </TASK>
[  449.758627][ T3077] usb 3-1: new high-speed USB device number 11 using dummy_hcd
[  449.898015][ T3077] usb 3-1: device descriptor read/64, error -71
[  450.096588][ T3077] usb usb3-port1: attempt power cycle
[  450.866812][ T9692] 9pnet_fd: p9_fd_create_unix (9692): problem connecting socket: ./file0: -111
[  451.100176][ T5901] usb 4-1: new high-speed USB device number 14 using dummy_hcd
[  452.219484][ T3077] usb 3-1: new high-speed USB device number 12 using dummy_hcd
[  453.150187][ T5901] usb 4-1: Using ep0 maxpacket: 32
[  453.194997][ T5901] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  453.212740][ T5901] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  453.265255][ T5901] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  453.304776][ T5901] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  453.336888][ T3077] usb 3-1: device descriptor read/8, error -71
[  453.352840][ T5901] usb 4-1: config 0 descriptor??
[  453.387853][ T5901] hub 4-1:0.0: USB hub found
[  453.575104][ T5901] hub 4-1:0.0: 1 port detected
[  454.139195][ T5901] hub 4-1:0.0: activate --> -90
[  455.287509][ T5832] Bluetooth: hci5: Entering manufacturer mode failed (-110)
[  455.353686][ T5901] hub 4-1:0.0: hub_ext_port_status failed (err = -32)
[  455.367133][ T9730] tap0: tun_chr_ioctl cmd 1074025677
[  455.577064][ T9730] tap0: linktype set to 768
[  455.919850][ T9734] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  456.776938][ T3077] usb 4-1: USB disconnect, device number 14
[  456.991694][ T9741] FAULT_INJECTION: forcing a failure.
[  456.991694][ T9741] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  457.019240][ T9741] CPU: 0 UID: 0 PID: 9741 Comm: syz.3.981 Not tainted 6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0
[  457.029929][ T9741] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  457.040068][ T9741] Call Trace:
[  457.043366][ T9741]  <TASK>
[  457.046311][ T9741]  dump_stack_lvl+0x241/0x360
[  457.051018][ T9741]  ? __pfx_dump_stack_lvl+0x10/0x10
[  457.056281][ T9741]  ? __pfx__printk+0x10/0x10
[  457.060896][ T9741]  ? __pfx_lock_release+0x10/0x10
[  457.065949][ T9741]  should_fail_ex+0x3b0/0x4e0
[  457.070649][ T9741]  _copy_to_iter+0x4ae/0x1e70
[  457.075347][ T9741]  ? __virt_addr_valid+0x183/0x530
[  457.080496][ T9741]  ? __pfx__copy_to_iter+0x10/0x10
[  457.085641][ T9741]  ? kasan_save_track+0x51/0x80
[  457.090514][ T9741]  ? __virt_addr_valid+0x183/0x530
[  457.095636][ T9741]  ? __virt_addr_valid+0x183/0x530
[  457.100763][ T9741]  ? __virt_addr_valid+0x45f/0x530
[  457.105889][ T9741]  ? __phys_addr_symbol+0x2f/0x70
[  457.110940][ T9741]  ? __check_object_size+0x48e/0x900
[  457.116245][ T9741]  __skb_datagram_iter+0x107/0x900
[  457.121386][ T9741]  ? __pfx_simple_copy_to_iter+0x10/0x10
[  457.127046][ T9741]  skb_copy_datagram_iter+0xd1/0x250
[  457.132353][ T9741]  netlink_recvmsg+0x2d0/0x11d0
[  457.137224][ T9741]  ? __pfx_netlink_recvmsg+0x10/0x10
[  457.142526][ T9741]  ? rcu_is_watching+0x15/0xb0
[  457.147312][ T9741]  ? trace_kmalloc+0x1f/0xd0
[  457.151929][ T9741]  ? __kmalloc_noprof+0x2a5/0x4c0
[  457.156965][ T9741]  ? iovec_from_user+0x87/0x240
[  457.161838][ T9741]  ? iovec_from_user+0x1b4/0x240
[  457.166797][ T9741]  ? bpf_lsm_socket_recvmsg+0x9/0x10
[  457.172101][ T9741]  ? __pfx_netlink_recvmsg+0x10/0x10
[  457.177402][ T9741]  sock_recvmsg+0x22f/0x280
[  457.181931][ T9741]  ____sys_recvmsg+0x1c6/0x480
[  457.186718][ T9741]  ? __pfx_____sys_recvmsg+0x10/0x10
[  457.192033][ T9741]  do_recvmmsg+0x426/0xab0
[  457.196479][ T9741]  ? __pfx_do_recvmmsg+0x10/0x10
[  457.201451][ T9741]  ? __pfx___might_resched+0x10/0x10
[  457.206756][ T9741]  ? __might_fault+0xaa/0x120
[  457.211451][ T9741]  ? __pfx_lock_release+0x10/0x10
[  457.216489][ T9741]  ? vfs_write+0x730/0xd30
[  457.220934][ T9741]  ? get_timespec64+0x19c/0x280
[  457.225811][ T9741]  __x64_sys_recvmmsg+0x1b8/0x250
[  457.230856][ T9741]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  457.236419][ T9741]  ? do_syscall_64+0x100/0x230
[  457.241204][ T9741]  ? do_syscall_64+0xb6/0x230
[  457.245907][ T9741]  do_syscall_64+0xf3/0x230
[  457.250432][ T9741]  ? clear_bhb_loop+0x35/0x90
[  457.255122][ T9741]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  457.261041][ T9741] RIP: 0033:0x7f8a28d7fed9
[  457.265469][ T9741] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  457.285112][ T9741] RSP: 002b:00007f8a29c24058 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  457.293546][ T9741] RAX: ffffffffffffffda RBX: 00007f8a28f45fa0 RCX: 00007f8a28d7fed9
[  457.301545][ T9741] RDX: 04000000000003b4 RSI: 00000000200037c0 RDI: 0000000000000003
[  457.309530][ T9741] RBP: 00007f8a29c240a0 R08: 0000000020003700 R09: 0000000000000000
[  457.317519][ T9741] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  457.325520][ T9741] R13: 0000000000000000 R14: 00007f8a28f45fa0 R15: 00007ffd17b6d718
[  457.333544][ T9741]  </TASK>
[  457.527185][ T9748] netlink: 28 bytes leftover after parsing attributes in process `syz.3.983'.
[  457.575262][ T9748] netlink: 28 bytes leftover after parsing attributes in process `syz.3.983'.
[  457.619704][ T9748] FAULT_INJECTION: forcing a failure.
[  457.619704][ T9748] name failslab, interval 1, probability 0, space 0, times 0
[  457.652895][ T9748] CPU: 0 UID: 0 PID: 9748 Comm: syz.3.983 Not tainted 6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0
[  457.663566][ T9748] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  457.673674][ T9748] Call Trace:
[  457.677004][ T9748]  <TASK>
[  457.679976][ T9748]  dump_stack_lvl+0x241/0x360
[  457.684708][ T9748]  ? __pfx_dump_stack_lvl+0x10/0x10
[  457.689954][ T9748]  ? __pfx__printk+0x10/0x10
[  457.694594][ T9748]  ? kmem_cache_alloc_noprof+0x48/0x380
[  457.700183][ T9748]  ? __pfx___might_resched+0x10/0x10
[  457.705539][ T9748]  should_fail_ex+0x3b0/0x4e0
[  457.710261][ T9748]  should_failslab+0xac/0x100
[  457.714979][ T9748]  ? radix_tree_node_alloc+0x8b/0x3c0
[  457.720401][ T9748]  kmem_cache_alloc_noprof+0x70/0x380
[  457.725828][ T9748]  radix_tree_node_alloc+0x8b/0x3c0
[  457.731094][ T9748]  idr_get_free+0x296/0xab0
[  457.735653][ T9748]  idr_alloc_u32+0x195/0x330
[  457.740297][ T9748]  ? __pfx_idr_alloc_u32+0x10/0x10
[  457.745458][ T9748]  ? __pfx_lock_acquire+0x10/0x10
[  457.750529][ T9748]  tcf_idr_check_alloc+0x703/0x940
[  457.755689][ T9748]  ? tcf_idr_check_alloc+0xcc/0x940
[  457.760942][ T9748]  ? __pfx_tcf_idr_check_alloc+0x10/0x10
[  457.766625][ T9748]  ? __nla_parse+0x40/0x60
[  457.771099][ T9748]  tcf_mpls_init+0x342/0x15f0
[  457.775831][ T9748]  ? __pfx_tcf_mpls_init+0x10/0x10
[  457.781021][ T9748]  ? __nla_parse+0x40/0x60
[  457.785479][ T9748]  ? __pfx_tcf_mpls_init+0x10/0x10
[  457.790645][ T9748]  tcf_action_init_1+0x5d7/0x890
[  457.795636][ T9748]  ? nla_strscpy+0x100/0x180
[  457.800281][ T9748]  ? __pfx_tcf_action_init_1+0x10/0x10
[  457.805787][ T9748]  ? _raw_read_unlock+0x28/0x50
[  457.810679][ T9748]  ? tc_action_load_ops+0x26d/0x590
[  457.815939][ T9748]  ? __pfx_lock_release+0x10/0x10
[  457.821004][ T9748]  ? __nla_parse+0x40/0x60
[  457.825468][ T9748]  tcf_action_init+0x2e8/0xae0
[  457.830543][ T9748]  ? 0xffffffffa0000950
[  457.834738][ T9748]  ? __pfx_tcf_action_init+0x10/0x10
[  457.840107][ T9748]  ? cap_capable+0x1b4/0x250
[  457.844713][ T9748]  ? __lock_acquire+0x1397/0x2100
[  457.849748][ T9748]  ? cap_capable+0x1b4/0x250
[  457.854347][ T9748]  ? safesetid_security_capable+0xb2/0x1d0
[  457.860181][ T9748]  tc_ctl_action+0x47d/0xcf0
[  457.864819][ T9748]  ? __pfx_tc_ctl_action+0x10/0x10
[  457.870006][ T9748]  ? __pfx_tc_ctl_action+0x10/0x10
[  457.875143][ T9748]  rtnetlink_rcv_msg+0x73f/0xcf0
[  457.880098][ T9748]  ? rtnetlink_rcv_msg+0x1a7/0xcf0
[  457.885237][ T9748]  ? rcu_preempt_deferred_qs_irqrestore+0x87b/0xc70
[  457.891855][ T9748]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  457.897458][ T9748]  netlink_rcv_skb+0x1e3/0x430
[  457.902237][ T9748]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  457.907715][ T9748]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  457.913063][ T9748]  ? __rcu_read_unlock+0xa1/0x110
[  457.918104][ T9748]  netlink_unicast+0x7f6/0x990
[  457.922898][ T9748]  ? __pfx_netlink_unicast+0x10/0x10
[  457.928199][ T9748]  ? __virt_addr_valid+0x183/0x530
[  457.933328][ T9748]  ? __check_object_size+0x48e/0x900
[  457.938629][ T9748]  netlink_sendmsg+0x8e4/0xcb0
[  457.943415][ T9748]  ? __pfx_netlink_sendmsg+0x10/0x10
[  457.948721][ T9748]  ? __pfx_netlink_sendmsg+0x10/0x10
[  457.954019][ T9748]  __sock_sendmsg+0x221/0x270
[  457.958723][ T9748]  ____sys_sendmsg+0x52a/0x7e0
[  457.963503][ T9748]  ? __pfx_____sys_sendmsg+0x10/0x10
[  457.968797][ T9748]  ? __fget_files+0x2a/0x410
[  457.973427][ T9748]  ? __fget_files+0x2a/0x410
[  457.978046][ T9748]  __sys_sendmsg+0x269/0x350
[  457.982655][ T9748]  ? finish_task_switch+0x1e5/0x870
[  457.987881][ T9748]  ? __pfx___sys_sendmsg+0x10/0x10
[  457.993101][ T9748]  ? __pfx___schedule+0x10/0x10
[  457.997974][ T9748]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  458.004319][ T9748]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  458.010659][ T9748]  ? do_syscall_64+0xb6/0x230
[  458.015357][ T9748]  do_syscall_64+0xf3/0x230
[  458.019878][ T9748]  ? clear_bhb_loop+0x35/0x90
[  458.024564][ T9748]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  458.030496][ T9748] RIP: 0033:0x7f8a28d7fed9
[  458.034935][ T9748] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  458.054583][ T9748] RSP: 002b:00007f8a29c24058 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  458.063029][ T9748] RAX: ffffffffffffffda RBX: 00007f8a28f45fa0 RCX: 00007f8a28d7fed9
[  458.071013][ T9748] RDX: 0000000000000000 RSI: 0000000020000240 RDI: 0000000000000003
[  458.078997][ T9748] RBP: 00007f8a29c240a0 R08: 0000000000000000 R09: 0000000000000000
[  458.086985][ T9748] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  458.094969][ T9748] R13: 0000000000000000 R14: 00007f8a28f45fa0 R15: 00007ffd17b6d718
[  458.102970][ T9748]  </TASK>
[  459.224684][ T9763] syz.6.986: attempt to access beyond end of device
[  459.224684][ T9763] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  463.064072][   T29] kauditd_printk_skb: 17 callbacks suppressed
[  463.064095][   T29] audit: type=1800 audit(1733645491.221:381): pid=9788 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.3.995" name="/" dev="9p" ino=2 res=0 errno=0
[  465.111215][ T9809] fuseblk: Bad value for 'rootmode'
[  465.633819][ T9812] 9pnet_fd: Insufficient options for proto=fd
[  465.663744][   T29] audit: type=1326 audit(1733645494.000:382): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9813 comm="syz.2.1001" exe="/root/syz-executor" sig=31 arch=c000003e syscall=39 compat=0 ip=0x7f4d7e376ea7 code=0x0
[  465.742838][   T29] audit: type=1326 audit(1733645494.053:383): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9813 comm="syz.2.1001" exe="/root/syz-executor" sig=31 arch=c000003e syscall=39 compat=0 ip=0x7f4d7e376ea7 code=0x0
[  465.897164][ T9820] netlink: 44 bytes leftover after parsing attributes in process `syz.9.999'.
[  469.331652][   T29] audit: type=1326 audit(1733645497.905:384): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9846 comm="syz.9.1013" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0e0c17fed9 code=0x7ffc0000
[  469.353222][    C0] vkms_vblank_simulate: vblank timer overrun
[  469.396174][   T29] audit: type=1326 audit(1733645497.905:385): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9846 comm="syz.9.1013" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0e0c17fed9 code=0x7ffc0000
[  469.417755][    C0] vkms_vblank_simulate: vblank timer overrun
[  469.517607][   T29] audit: type=1326 audit(1733645497.905:386): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9846 comm="syz.9.1013" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f0e0c181df7 code=0x7ffc0000
[  469.713107][ T5901] usb 4-1: new full-speed USB device number 15 using dummy_hcd
[  469.731852][   T29] audit: type=1326 audit(1733645497.905:387): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9846 comm="syz.9.1013" exe="/root/syz-executor" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7f0e0c181d6c code=0x7ffc0000
[  469.808234][   T29] audit: type=1326 audit(1733645497.905:388): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9846 comm="syz.9.1013" exe="/root/syz-executor" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7f0e0c181ca4 code=0x7ffc0000
[  470.141566][   T29] audit: type=1326 audit(1733645497.905:389): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9846 comm="syz.9.1013" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f0e0c17eb3a code=0x7ffc0000
[  470.198944][   T29] audit: type=1326 audit(1733645497.916:390): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9846 comm="syz.9.1013" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0e0c17fed9 code=0x7ffc0000
[  470.297660][   T29] audit: type=1326 audit(1733645497.916:391): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9846 comm="syz.9.1013" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0e0c17fed9 code=0x7ffc0000
[  470.465378][   T29] audit: type=1326 audit(1733645497.916:392): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9846 comm="syz.9.1013" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0e0c17fed9 code=0x7ffc0000
[  470.717930][ T5901] usb 4-1: config 0 has an invalid interface number: 175 but max is 0
[  470.738317][ T5901] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  470.760912][ T5901] usb 4-1: config 0 has no interface number 0
[  470.771439][ T5901] usb 4-1: config 0 interface 175 altsetting 0 has an endpoint descriptor with address 0xBC, changing to 0x8C
[  470.784809][ T5901] usb 4-1: config 0 interface 175 altsetting 0 endpoint 0x8C has an invalid bInterval 0, changing to 10
[  470.796315][ T5901] usb 4-1: config 0 interface 175 altsetting 0 endpoint 0x8C has invalid wMaxPacketSize 0
[  470.814945][ T5901] usb 4-1: config 0 interface 175 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 16
[  470.943711][ T5901] usb 4-1: New USB device found, idVendor=05e0, idProduct=0600, bcdDevice=f9.9b
[  470.957983][ T5901] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  470.984116][ T5901] usb 4-1: Product: syz
[  470.999348][   T29] audit: type=1326 audit(1733645497.916:393): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9846 comm="syz.9.1013" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0e0c17fed9 code=0x7ffc0000
[  471.021296][ T5901] usb 4-1: Manufacturer: syz
[  471.026540][ T5901] usb 4-1: SerialNumber: syz
[  471.065083][ T5901] usb 4-1: config 0 descriptor??
[  471.072647][ T5901] symbolserial 4-1:0.175: symbol converter detected
[  471.082171][ T5901] usb 4-1: symbol converter now attached to ttyUSB0
[  471.154017][ T9865] openvswitch: netlink: Missing key (keys=40, expected=200000)
[  471.463986][ T9875] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  471.499859][ T9875] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  471.540720][ T9877] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1019'.
[  471.554891][ T9877] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  472.257484][ T5900] usb 4-1: USB disconnect, device number 15
[  472.287710][ T5900] symbol ttyUSB0: symbol converter now disconnected from ttyUSB0
[  472.338196][ T5900] symbolserial 4-1:0.175: device disconnected
[  472.493296][ T9882] 9pnet_fd: Insufficient options for proto=fd
[  475.895512][ T9911] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1030'.
[  476.199616][ T5900] libceph: connect (1)[c::]:6789 error -101
[  476.208266][ T5900] libceph: mon0 (1)[c::]:6789 connect error
[  476.275833][ T9922] ceph: No mds server is up or the cluster is laggy
[  476.433146][ T9931] syz.3.1033: attempt to access beyond end of device
[  476.433146][ T9931] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  477.149472][ T5900] libceph: connect (1)[c::]:6789 error -101
[  477.158594][ T5900] libceph: mon0 (1)[c::]:6789 connect error
[  479.525935][ T9946] erofs (device nullb0): cannot find valid erofs superblock
[  480.900224][ T9957] 9pnet_fd: Insufficient options for proto=fd
[  481.963159][ T9973] netdevsim netdevsim3 netdevsim0: entered promiscuous mode
[  481.971640][ T9973] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1046'.
[  482.065755][ T9970] syz.2.1043: attempt to access beyond end of device
[  482.065755][ T9970] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  482.128030][ T5868] IPVS: starting estimator thread 0...
[  482.184616][ T9972] netdevsim netdevsim3 netdevsim0: left promiscuous mode
[  482.220963][ T9977] IPVS: using max 18 ests per chain, 43200 per kthread
[  482.734025][   T46] usb 4-1: new high-speed USB device number 16 using dummy_hcd
[  482.892418][   T46] usb 4-1: Using ep0 maxpacket: 32
[  482.908515][   T46] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  482.946501][   T46] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  482.973439][   T46] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  482.993203][   T46] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  483.014012][   T46] usb 4-1: config 0 descriptor??
[  483.026735][   T46] hub 4-1:0.0: USB hub found
[  483.214367][   T46] hub 4-1:0.0: 1 port detected
[  483.522638][   T46] usb 4-1: USB disconnect, device number 16
[  483.693180][ T9999] 9pnet_fd: Insufficient options for proto=fd
[  485.805333][T10019] overlayfs: missing 'lowerdir'
[  486.015469][T10024] FAULT_INJECTION: forcing a failure.
[  486.015469][T10024] name failslab, interval 1, probability 0, space 0, times 0
[  486.105664][T10024] CPU: 0 UID: 0 PID: 10024 Comm: syz.3.1060 Not tainted 6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0
[  486.116519][T10024] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  486.126587][T10024] Call Trace:
[  486.129880][T10024]  <TASK>
[  486.132838][T10024]  dump_stack_lvl+0x241/0x360
[  486.137573][T10024]  ? __pfx_dump_stack_lvl+0x10/0x10
[  486.142792][T10024]  ? __pfx__printk+0x10/0x10
[  486.147396][T10024]  ? __kmalloc_cache_noprof+0x48/0x390
[  486.152893][T10024]  ? __pfx___might_resched+0x10/0x10
[  486.158207][T10024]  should_fail_ex+0x3b0/0x4e0
[  486.162918][T10024]  should_failslab+0xac/0x100
[  486.167611][T10024]  __kmalloc_cache_noprof+0x70/0x390
[  486.172913][T10024]  ? usbdev_open+0xa8/0x770
[  486.177441][T10024]  usbdev_open+0xa8/0x770
[  486.181791][T10024]  ? kobject_get_unless_zero+0x22d/0x330
[  486.187452][T10024]  ? __pfx_usbdev_open+0x10/0x10
[  486.192405][T10024]  ? do_raw_spin_unlock+0x13c/0x8b0
[  486.197632][T10024]  chrdev_open+0x521/0x600
[  486.202083][T10024]  ? __pfx_chrdev_open+0x10/0x10
[  486.207031][T10024]  ? do_raw_spin_unlock+0x13c/0x8b0
[  486.212250][T10024]  ? __pfx_chrdev_open+0x10/0x10
[  486.217200][T10024]  do_dentry_open+0xbe1/0x1b70
[  486.221989][T10024]  vfs_open+0x3e/0x330
[  486.226073][T10024]  path_openat+0x2c84/0x3590
[  486.230712][T10024]  ? __pfx_path_openat+0x10/0x10
[  486.235683][T10024]  do_filp_open+0x27f/0x4e0
[  486.240206][T10024]  ? __pfx_do_filp_open+0x10/0x10
[  486.245244][T10024]  ? do_raw_spin_lock+0x14f/0x370
[  486.250322][T10024]  do_sys_openat2+0x13e/0x1d0
[  486.255021][T10024]  ? __pfx_do_sys_openat2+0x10/0x10
[  486.260243][T10024]  __x64_sys_openat+0x247/0x2a0
[  486.265112][T10024]  ? __pfx___x64_sys_openat+0x10/0x10
[  486.270502][T10024]  ? exc_page_fault+0x590/0x8b0
[  486.275368][T10024]  ? do_syscall_64+0xb6/0x230
[  486.280062][T10024]  do_syscall_64+0xf3/0x230
[  486.284597][T10024]  ? clear_bhb_loop+0x35/0x90
[  486.289293][T10024]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  486.295207][T10024] RIP: 0033:0x7f8a28d7e840
[  486.299638][T10024] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 49 94 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 9c 94 02 00 8b 44
[  486.319278][T10024] RSP: 002b:00007f8a29c23b90 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[  486.327716][T10024] RAX: ffffffffffffffda RBX: 0000000000008401 RCX: 00007f8a28d7e840
[  486.335704][T10024] RDX: 0000000000008401 RSI: 00007f8a29c23c30 RDI: 00000000ffffff9c
[  486.343686][T10024] RBP: 00007f8a29c23c30 R08: 0000000000000000 R09: 0000000000000000
[  486.351666][T10024] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[  486.359657][T10024] R13: 0000000000000000 R14: 00007f8a28f45fa0 R15: 00007ffd17b6d718
[  486.367652][T10024]  </TASK>
[  488.829171][T10043] 9pnet_fd: Insufficient options for proto=fd
[  490.554351][ T5900] usb 7-1: new high-speed USB device number 20 using dummy_hcd
[  490.702805][ T5900] usb 7-1: Using ep0 maxpacket: 16
[  490.714583][ T5900] usb 7-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice=36.00
[  490.724022][ T5900] usb 7-1: New USB device strings: Mfr=168, Product=81, SerialNumber=40
[  490.746593][ T5900] usb 7-1: Product: syz
[  490.759539][ T5900] usb 7-1: Manufacturer: syz
[  490.769582][ T5900] usb 7-1: SerialNumber: syz
[  490.795903][ T5900] usb 7-1: config 0 descriptor??
[  490.818946][ T5900] ftdi_sio 7-1:0.0: FTDI USB Serial Device converter detected
[  490.840394][ T5900] usb 7-1: Detected FT4232HA
[  491.017694][T10074] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  491.035869][ T1295] ieee802154 phy0 wpan0: encryption failed: -22
[  491.201071][T10074] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  491.252308][ T5900] ftdi_sio ttyUSB0: Unable to read latency timer: -71
[  491.282436][ T5900] ftdi_sio ttyUSB0: Unable to write latency timer: -71
[  491.298299][T10078] program syz.3.1077 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  491.322136][ T5900] usb 7-1: FTDI USB Serial Device converter now attached to ttyUSB0
[  491.352112][ T5900] usb 7-1: USB disconnect, device number 20
[  491.458532][ T5900] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[  491.487609][ T5900] ftdi_sio 7-1:0.0: device disconnected
[  491.588510][ T5872] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[  493.860481][T10127] openvswitch: netlink: IPv4 tunnel dst address is zero
[  493.959986][T10132] BUG: Bad page state in process syz.2.1087  pfn:60f0e
[  493.967013][T10132] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888060f0ef00 pfn:0x60f0e
[  493.977180][T10132] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  493.984478][T10132] raw: 00fff00000000000 dead000000000040 ffff888021ac2000 0000000000000000
[  493.993165][T10132] raw: ffff888060f0ef00 0000000000000001 00000000ffffffff 0000000000000000
[  494.001784][T10132] page dumped because: page_pool leak
[  494.007279][T10132] page_owner tracks the page as allocated
[  494.013062][T10132] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 10132, tgid 10131 (syz.2.1087), ts 493959854592, free_ts 489623816317
[  494.030406][T10132]  post_alloc_hook+0x1f3/0x230
[  494.035229][T10132]  get_page_from_freelist+0x3651/0x37a0
[  494.040903][T10132]  __alloc_pages_noprof+0x292/0x710
[  494.046147][T10132]  alloc_pages_bulk_noprof+0x70b/0xcc0
[  494.051669][T10132]  __page_pool_alloc_pages_slow+0x122/0x690
[  494.057606][T10132]  page_pool_alloc_pages+0xd0/0x1c0
[  494.062859][T10132]  skb_pp_cow_data+0xc43/0x1640
[  494.067797][T10132]  do_xdp_generic+0x505/0xd30
[  494.072491][T10132]  __netif_receive_skb_core+0x1ce9/0x4690
[  494.078251][T10132]  __netif_receive_skb+0x12f/0x650
[  494.083383][T10132]  netif_receive_skb+0x1e8/0x890
[  494.088387][T10132]  tun_rx_batched+0x1b7/0x8f0
[  494.093098][T10132]  tun_get_user+0x30d6/0x4890
[  494.097821][T10132]  tun_chr_write_iter+0x10d/0x1f0
[  494.102900][T10132]  vfs_write+0xaeb/0xd30
[  494.107182][T10132]  ksys_write+0x18f/0x2b0
[  494.111524][T10132] page last free pid 10049 tgid 10049 stack trace:
[  494.118081][T10132]  free_unref_folios+0xf38/0x1a60
[  494.123132][T10132]  folios_put_refs+0x76c/0x860
[  494.127943][T10132]  free_pages_and_swap_cache+0x5c8/0x690
[  494.133647][T10132]  tlb_flush_mmu+0x3a3/0x680
[  494.138251][T10132]  tlb_finish_mmu+0xd4/0x200
[  494.142895][T10132]  exit_mmap+0x496/0xc20
[  494.147211][T10132]  __mmput+0x115/0x3b0
[  494.151348][T10132]  exit_mm+0x220/0x310
[  494.155444][T10132]  do_exit+0x9b2/0x28e0
[  494.159607][T10132]  do_group_exit+0x207/0x2c0
[  494.164253][T10132]  __x64_sys_exit_group+0x3f/0x40
[  494.169290][T10132]  x64_sys_call+0x26a8/0x26b0
[  494.174015][T10132]  do_syscall_64+0xf3/0x230
[  494.178555][T10132]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  494.184494][T10132] Modules linked in:
[  494.188428][T10132] CPU: 1 UID: 0 PID: 10132 Comm: syz.2.1087 Not tainted 6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0
[  494.199217][T10132] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  494.209308][T10132] Call Trace:
[  494.212596][T10132]  <TASK>
[  494.215535][T10132]  dump_stack_lvl+0x241/0x360
[  494.220233][T10132]  ? __pfx_dump_stack_lvl+0x10/0x10
[  494.225464][T10132]  ? __pfx_print_modules+0x10/0x10
[  494.230597][T10132]  bad_page+0x176/0x1d0
[  494.234788][T10132]  free_unref_page+0x1048/0x1130
[  494.239767][T10132]  bpf_xdp_frags_shrink_tail+0x3ee/0x7e0
[  494.245435][T10132]  bpf_xdp_adjust_tail+0x1c3/0x200
[  494.250575][T10132]  bpf_prog_f476d5219b92964a+0x1e/0x20
[  494.256042][T10132]  bpf_prog_run_generic_xdp+0x686/0x1510
[  494.261715][T10132]  do_xdp_generic+0x757/0xd30
[  494.266410][T10132]  ? __pfx_do_xdp_generic+0x10/0x10
[  494.271631][T10132]  ? __skb_flow_dissect+0x4f1/0x7d00
[  494.276941][T10132]  __netif_receive_skb_core+0x1ce9/0x4690
[  494.282721][T10132]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  494.288805][T10132]  ? mark_lock+0x9a/0x360
[  494.293153][T10132]  ? __lock_acquire+0x1397/0x2100
[  494.298206][T10132]  __netif_receive_skb+0x12f/0x650
[  494.303338][T10132]  ? __pfx_lock_acquire+0x10/0x10
[  494.308369][T10132]  ? seqcount_lockdep_reader_access+0x1d7/0x220
[  494.314659][T10132]  ? __pfx___netif_receive_skb+0x10/0x10
[  494.320313][T10132]  ? tun_rx_batched+0x160/0x8f0
[  494.325179][T10132]  ? __pfx_lockdep_softirqs_off+0x10/0x10
[  494.330926][T10132]  ? read_tsc+0x9/0x20
[  494.335011][T10132]  ? netif_receive_skb+0x131/0x890
[  494.340144][T10132]  ? netif_receive_skb+0x131/0x890
[  494.345288][T10132]  netif_receive_skb+0x1e8/0x890
[  494.350248][T10132]  ? tun_rx_batched+0x160/0x8f0
[  494.355133][T10132]  ? __pfx_netif_receive_skb+0x10/0x10
[  494.360615][T10132]  ? tun_rx_batched+0x160/0x8f0
[  494.365489][T10132]  tun_rx_batched+0x1b7/0x8f0
[  494.370218][T10132]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  494.376554][T10132]  ? __pfx_lock_acquire+0x10/0x10
[  494.381595][T10132]  ? __pfx_tun_rx_batched+0x10/0x10
[  494.386847][T10132]  tun_get_user+0x30d6/0x4890
[  494.391751][T10132]  ? tun_get_user+0x2bbe/0x4890
[  494.396712][T10132]  ? __lock_acquire+0x1397/0x2100
[  494.401796][T10132]  ? __pfx_tun_get_user+0x10/0x10
[  494.406982][T10132]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  494.412491][T10132]  ? tun_get+0x1e/0x2f0
[  494.416705][T10132]  ? __pfx_lock_release+0x10/0x10
[  494.421775][T10132]  ? tun_get+0x1e/0x2f0
[  494.425948][T10132]  ? tun_get+0x27d/0x2f0
[  494.430210][T10132]  tun_chr_write_iter+0x10d/0x1f0
[  494.435258][T10132]  vfs_write+0xaeb/0xd30
[  494.439540][T10132]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  494.445141][T10132]  ? __pfx_vfs_write+0x10/0x10
[  494.449952][T10132]  ? __fget_files+0x2a/0x410
[  494.454568][T10132]  ? __fget_files+0x2a/0x410
[  494.459268][T10132]  ksys_write+0x18f/0x2b0
[  494.463632][T10132]  ? __pfx_ksys_write+0x10/0x10
[  494.468687][T10132]  ? do_syscall_64+0x100/0x230
[  494.473513][T10132]  ? do_syscall_64+0xb6/0x230
[  494.478206][T10132]  do_syscall_64+0xf3/0x230
[  494.482721][T10132]  ? clear_bhb_loop+0x35/0x90
[  494.487417][T10132]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  494.493349][T10132] RIP: 0033:0x7f4d7e37e98f
[  494.497773][T10132] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  494.517385][T10132] RSP: 002b:00007f4d7f195020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  494.525823][T10132] RAX: ffffffffffffffda RBX: 00007f4d7e545fa0 RCX: 00007f4d7e37e98f
[  494.533857][T10132] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[  494.541843][T10132] RBP: 00007f4d7e3f3cc8 R08: 0000000000000000 R09: 0000000000000000
[  494.549838][T10132] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  494.557807][T10132] R13: 0000000000000000 R14: 00007f4d7e545fa0 R15: 00007ffe3ccfb108
[  494.565791][T10132]  </TASK>
[  494.568882][    C1] vkms_vblank_simulate: vblank timer overrun
[  494.574905][T10132] Disabling lock debugging due to kernel taint
[  494.581077][T10132] BUG: Bad page state in process syz.2.1087  pfn:7ace3
[  494.587922][T10132] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88807ace3f00 pfn:0x7ace3
[  494.598028][T10132] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  494.605192][T10132] raw: 00fff00000000000 dead000000000040 ffff888021ac2000 0000000000000000
[  494.613796][T10132] raw: ffff88807ace3f00 0000000000000001 00000000ffffffff 0000000000000000
[  494.622385][T10132] page dumped because: page_pool leak
[  494.627795][T10132] page_owner tracks the page as allocated
[  494.633518][T10132] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 10132, tgid 10131 (syz.2.1087), ts 493959842886, free_ts 489623847059
[  494.650744][T10132]  post_alloc_hook+0x1f3/0x230
[  494.655575][T10132]  get_page_from_freelist+0x3651/0x37a0
[  494.661141][T10132]  __alloc_pages_noprof+0x292/0x710
[  494.666359][T10132]  alloc_pages_bulk_noprof+0x70b/0xcc0
[  494.671818][T10132]  __page_pool_alloc_pages_slow+0x122/0x690
[  494.677755][T10132]  page_pool_alloc_pages+0xd0/0x1c0
[  494.682998][T10132]  skb_pp_cow_data+0xc43/0x1640
[  494.687852][T10132]  do_xdp_generic+0x505/0xd30
[  494.692575][T10132]  __netif_receive_skb_core+0x1ce9/0x4690
[  494.698326][T10132]  __netif_receive_skb+0x12f/0x650
[  494.703475][T10132]  netif_receive_skb+0x1e8/0x890
[  494.708437][T10132]  tun_rx_batched+0x1b7/0x8f0
[  494.713142][T10132]  tun_get_user+0x30d6/0x4890
[  494.717843][T10132]  tun_chr_write_iter+0x10d/0x1f0
[  494.722916][T10132]  vfs_write+0xaeb/0xd30
[  494.727187][T10132]  ksys_write+0x18f/0x2b0
[  494.731538][T10132] page last free pid 10049 tgid 10049 stack trace:
[  494.738041][T10132]  free_unref_folios+0xf38/0x1a60
[  494.743095][T10132]  folios_put_refs+0x76c/0x860
[  494.747876][T10132]  free_pages_and_swap_cache+0x5c8/0x690
[  494.753535][T10132]  tlb_flush_mmu+0x3a3/0x680
[  494.758146][T10132]  tlb_finish_mmu+0xd4/0x200
[  494.762764][T10132]  exit_mmap+0x496/0xc20
[  494.767034][T10132]  __mmput+0x115/0x3b0
[  494.771109][T10132]  exit_mm+0x220/0x310
[  494.775188][T10132]  do_exit+0x9b2/0x28e0
[  494.779394][T10132]  do_group_exit+0x207/0x2c0
[  494.783994][T10132]  __x64_sys_exit_group+0x3f/0x40
[  494.789120][T10132]  x64_sys_call+0x26a8/0x26b0
[  494.793800][T10132]  do_syscall_64+0xf3/0x230
[  494.798375][T10132]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  494.804306][T10132] Modules linked in:
[  494.808214][T10132] CPU: 1 UID: 0 PID: 10132 Comm: syz.2.1087 Tainted: G    B              6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0
[  494.820447][T10132] Tainted: [B]=BAD_PAGE
[  494.824614][T10132] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  494.834665][T10132] Call Trace:
[  494.837970][T10132]  <TASK>
[  494.840904][T10132]  dump_stack_lvl+0x241/0x360
[  494.845588][T10132]  ? __pfx_dump_stack_lvl+0x10/0x10
[  494.850789][T10132]  ? __pfx_print_modules+0x10/0x10
[  494.855910][T10132]  bad_page+0x176/0x1d0
[  494.860071][T10132]  free_unref_page+0x1048/0x1130
[  494.865037][T10132]  bpf_xdp_frags_shrink_tail+0x3ee/0x7e0
[  494.870683][T10132]  bpf_xdp_adjust_tail+0x1c3/0x200
[  494.875802][T10132]  bpf_prog_f476d5219b92964a+0x1e/0x20
[  494.881257][T10132]  bpf_prog_run_generic_xdp+0x686/0x1510
[  494.886902][T10132]  do_xdp_generic+0x757/0xd30
[  494.891604][T10132]  ? __pfx_do_xdp_generic+0x10/0x10
[  494.896806][T10132]  ? __skb_flow_dissect+0x4f1/0x7d00
[  494.902106][T10132]  __netif_receive_skb_core+0x1ce9/0x4690
[  494.907844][T10132]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  494.913933][T10132]  ? mark_lock+0x9a/0x360
[  494.918286][T10132]  ? __lock_acquire+0x1397/0x2100
[  494.923335][T10132]  __netif_receive_skb+0x12f/0x650
[  494.928449][T10132]  ? __pfx_lock_acquire+0x10/0x10
[  494.933471][T10132]  ? seqcount_lockdep_reader_access+0x1d7/0x220
[  494.939718][T10132]  ? __pfx___netif_receive_skb+0x10/0x10
[  494.945355][T10132]  ? tun_rx_batched+0x160/0x8f0
[  494.950206][T10132]  ? __pfx_lockdep_softirqs_off+0x10/0x10
[  494.955936][T10132]  ? read_tsc+0x9/0x20
[  494.960025][T10132]  ? netif_receive_skb+0x131/0x890
[  494.965188][T10132]  ? netif_receive_skb+0x131/0x890
[  494.970340][T10132]  netif_receive_skb+0x1e8/0x890
[  494.975290][T10132]  ? tun_rx_batched+0x160/0x8f0
[  494.980150][T10132]  ? __pfx_netif_receive_skb+0x10/0x10
[  494.985619][T10132]  ? tun_rx_batched+0x160/0x8f0
[  494.990497][T10132]  tun_rx_batched+0x1b7/0x8f0
[  494.995200][T10132]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  495.001532][T10132]  ? __pfx_lock_acquire+0x10/0x10
[  495.006556][T10132]  ? __pfx_tun_rx_batched+0x10/0x10
[  495.011768][T10132]  tun_get_user+0x30d6/0x4890
[  495.016452][T10132]  ? tun_get_user+0x2bbe/0x4890
[  495.021310][T10132]  ? __lock_acquire+0x1397/0x2100
[  495.026358][T10132]  ? __pfx_tun_get_user+0x10/0x10
[  495.031396][T10132]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  495.036858][T10132]  ? tun_get+0x1e/0x2f0
[  495.041022][T10132]  ? __pfx_lock_release+0x10/0x10
[  495.046053][T10132]  ? tun_get+0x1e/0x2f0
[  495.050229][T10132]  ? tun_get+0x27d/0x2f0
[  495.054474][T10132]  tun_chr_write_iter+0x10d/0x1f0
[  495.059502][T10132]  vfs_write+0xaeb/0xd30
[  495.063751][T10132]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  495.069340][T10132]  ? __pfx_vfs_write+0x10/0x10
[  495.074117][T10132]  ? __fget_files+0x2a/0x410
[  495.078713][T10132]  ? __fget_files+0x2a/0x410
[  495.083311][T10132]  ksys_write+0x18f/0x2b0
[  495.087656][T10132]  ? __pfx_ksys_write+0x10/0x10
[  495.092512][T10132]  ? do_syscall_64+0x100/0x230
[  495.097306][T10132]  ? do_syscall_64+0xb6/0x230
[  495.101989][T10132]  do_syscall_64+0xf3/0x230
[  495.106506][T10132]  ? clear_bhb_loop+0x35/0x90
[  495.111198][T10132]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  495.117108][T10132] RIP: 0033:0x7f4d7e37e98f
[  495.121528][T10132] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  495.141165][T10132] RSP: 002b:00007f4d7f195020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  495.149598][T10132] RAX: ffffffffffffffda RBX: 00007f4d7e545fa0 RCX: 00007f4d7e37e98f
[  495.157583][T10132] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[  495.165569][T10132] RBP: 00007f4d7e3f3cc8 R08: 0000000000000000 R09: 0000000000000000
[  495.173554][T10132] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  495.181555][T10132] R13: 0000000000000000 R14: 00007f4d7e545fa0 R15: 00007ffe3ccfb108
[  495.189537][T10132]  </TASK>
[  495.192614][    C1] vkms_vblank_simulate: vblank timer overrun
[  495.198628][T10132] BUG: Bad page state in process syz.2.1087  pfn:341c0
[  495.205519][T10132] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff8880341c0f00 pfn:0x341c0
[  495.215619][T10132] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  495.222763][T10132] raw: 00fff00000000000 dead000000000040 ffff888021ac2000 0000000000000000
[  495.231385][T10132] raw: ffff8880341c0f00 0000000000000001 00000000ffffffff 0000000000000000
[  495.239995][T10132] page dumped because: page_pool leak
[  495.245379][T10132] page_owner tracks the page as allocated
[  495.251112][T10132] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 10132, tgid 10131 (syz.2.1087), ts 493959831016, free_ts 489623853930
[  495.268349][T10132]  post_alloc_hook+0x1f3/0x230
[  495.273138][T10132]  get_page_from_freelist+0x3651/0x37a0
[  495.278704][T10132]  __alloc_pages_noprof+0x292/0x710
[  495.283961][T10132]  alloc_pages_bulk_noprof+0x70b/0xcc0
[  495.289464][T10132]  __page_pool_alloc_pages_slow+0x122/0x690
[  495.295419][T10132]  page_pool_alloc_pages+0xd0/0x1c0
[  495.300678][T10132]  skb_pp_cow_data+0xc43/0x1640
[  495.305534][T10132]  do_xdp_generic+0x505/0xd30
[  495.310257][T10132]  __netif_receive_skb_core+0x1ce9/0x4690
[  495.316000][T10132]  __netif_receive_skb+0x12f/0x650
[  495.321137][T10132]  netif_receive_skb+0x1e8/0x890
[  495.326122][T10132]  tun_rx_batched+0x1b7/0x8f0
[  495.330823][T10132]  tun_get_user+0x30d6/0x4890
[  495.335531][T10132]  tun_chr_write_iter+0x10d/0x1f0
[  495.340576][T10132]  vfs_write+0xaeb/0xd30
[  495.344892][T10132]  ksys_write+0x18f/0x2b0
[  495.349255][T10132] page last free pid 10049 tgid 10049 stack trace:
[  495.355777][T10132]  free_unref_folios+0xf38/0x1a60
[  495.360830][T10132]  folios_put_refs+0x76c/0x860
[  495.365618][T10132]  free_pages_and_swap_cache+0x5c8/0x690
[  495.371283][T10132]  tlb_flush_mmu+0x3a3/0x680
[  495.375918][T10132]  tlb_finish_mmu+0xd4/0x200
[  495.380539][T10132]  exit_mmap+0x496/0xc20
[  495.384805][T10132]  __mmput+0x115/0x3b0
[  495.388892][T10132]  exit_mm+0x220/0x310
[  495.392990][T10132]  do_exit+0x9b2/0x28e0
[  495.397154][T10132]  do_group_exit+0x207/0x2c0
[  495.401782][T10132]  __x64_sys_exit_group+0x3f/0x40
[  495.406848][T10132]  x64_sys_call+0x26a8/0x26b0
[  495.411555][T10132]  do_syscall_64+0xf3/0x230
[  495.416068][T10132]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  495.422005][T10132] Modules linked in:
[  495.425935][T10132] CPU: 1 UID: 0 PID: 10132 Comm: syz.2.1087 Tainted: G    B              6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0
[  495.438175][T10132] Tainted: [B]=BAD_PAGE
[  495.442319][T10132] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  495.452387][T10132] Call Trace:
[  495.455664][T10132]  <TASK>
[  495.458592][T10132]  dump_stack_lvl+0x241/0x360
[  495.463274][T10132]  ? __pfx_dump_stack_lvl+0x10/0x10
[  495.468605][T10132]  ? __pfx_print_modules+0x10/0x10
[  495.473752][T10132]  bad_page+0x176/0x1d0
[  495.477930][T10132]  free_unref_page+0x1048/0x1130
[  495.482885][T10132]  bpf_xdp_frags_shrink_tail+0x3ee/0x7e0
[  495.488534][T10132]  bpf_xdp_adjust_tail+0x1c3/0x200
[  495.493657][T10132]  bpf_prog_f476d5219b92964a+0x1e/0x20
[  495.499114][T10132]  bpf_prog_run_generic_xdp+0x686/0x1510
[  495.504769][T10132]  do_xdp_generic+0x757/0xd30
[  495.509449][T10132]  ? __pfx_do_xdp_generic+0x10/0x10
[  495.514653][T10132]  ? __skb_flow_dissect+0x4f1/0x7d00
[  495.519942][T10132]  __netif_receive_skb_core+0x1ce9/0x4690
[  495.525678][T10132]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  495.531761][T10132]  ? mark_lock+0x9a/0x360
[  495.536094][T10132]  ? __lock_acquire+0x1397/0x2100
[  495.541122][T10132]  __netif_receive_skb+0x12f/0x650
[  495.546234][T10132]  ? __pfx_lock_acquire+0x10/0x10
[  495.551255][T10132]  ? seqcount_lockdep_reader_access+0x1d7/0x220
[  495.557499][T10132]  ? __pfx___netif_receive_skb+0x10/0x10
[  495.563132][T10132]  ? tun_rx_batched+0x160/0x8f0
[  495.567987][T10132]  ? __pfx_lockdep_softirqs_off+0x10/0x10
[  495.573705][T10132]  ? read_tsc+0x9/0x20
[  495.577800][T10132]  ? netif_receive_skb+0x131/0x890
[  495.582909][T10132]  ? netif_receive_skb+0x131/0x890
[  495.588032][T10132]  netif_receive_skb+0x1e8/0x890
[  495.593008][T10132]  ? tun_rx_batched+0x160/0x8f0
[  495.597865][T10132]  ? __pfx_netif_receive_skb+0x10/0x10
[  495.603328][T10132]  ? tun_rx_batched+0x160/0x8f0
[  495.608184][T10132]  tun_rx_batched+0x1b7/0x8f0
[  495.612868][T10132]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  495.619196][T10132]  ? __pfx_lock_acquire+0x10/0x10
[  495.624306][T10132]  ? __pfx_tun_rx_batched+0x10/0x10
[  495.629514][T10132]  tun_get_user+0x30d6/0x4890
[  495.634193][T10132]  ? tun_get_user+0x2bbe/0x4890
[  495.639069][T10132]  ? __lock_acquire+0x1397/0x2100
[  495.644092][T10132]  ? __pfx_tun_get_user+0x10/0x10
[  495.649143][T10132]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  495.654600][T10132]  ? tun_get+0x1e/0x2f0
[  495.658804][T10132]  ? __pfx_lock_release+0x10/0x10
[  495.663855][T10132]  ? tun_get+0x1e/0x2f0
[  495.668030][T10132]  ? tun_get+0x27d/0x2f0
[  495.672282][T10132]  tun_chr_write_iter+0x10d/0x1f0
[  495.677315][T10132]  vfs_write+0xaeb/0xd30
[  495.681562][T10132]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  495.687127][T10132]  ? __pfx_vfs_write+0x10/0x10
[  495.691926][T10132]  ? __fget_files+0x2a/0x410
[  495.696539][T10132]  ? __fget_files+0x2a/0x410
[  495.701164][T10132]  ksys_write+0x18f/0x2b0
[  495.705502][T10132]  ? __pfx_ksys_write+0x10/0x10
[  495.710359][T10132]  ? do_syscall_64+0x100/0x230
[  495.715148][T10132]  ? do_syscall_64+0xb6/0x230
[  495.719831][T10132]  do_syscall_64+0xf3/0x230
[  495.724338][T10132]  ? clear_bhb_loop+0x35/0x90
[  495.729017][T10132]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  495.734914][T10132] RIP: 0033:0x7f4d7e37e98f
[  495.739331][T10132] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  495.758936][T10132] RSP: 002b:00007f4d7f195020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  495.767348][T10132] RAX: ffffffffffffffda RBX: 00007f4d7e545fa0 RCX: 00007f4d7e37e98f
[  495.775336][T10132] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[  495.783318][T10132] RBP: 00007f4d7e3f3cc8 R08: 0000000000000000 R09: 0000000000000000
[  495.791289][T10132] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  495.799257][T10132] R13: 0000000000000000 R14: 00007f4d7e545fa0 R15: 00007ffe3ccfb108
[  495.807233][T10132]  </TASK>
[  495.810276][    C1] vkms_vblank_simulate: vblank timer overrun
[  495.816266][T10132] BUG: Bad page state in process syz.2.1087  pfn:28551
[  495.823146][T10132] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888028551f00 pfn:0x28551
[  495.833313][T10132] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  495.840471][T10132] raw: 00fff00000000000 dead000000000040 ffff888021ac2000 0000000000000000
[  495.849079][T10132] raw: ffff888028551f00 0000000000000001 00000000ffffffff 0000000000000000
[  495.857676][T10132] page dumped because: page_pool leak
[  495.863056][T10132] page_owner tracks the page as allocated
[  495.868802][T10132] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 10132, tgid 10131 (syz.2.1087), ts 493959819708, free_ts 489623860217
[  495.886016][    C1] vkms_vblank_simulate: vblank timer overrun
[  495.892022][T10132]  post_alloc_hook+0x1f3/0x230
[  495.896806][T10132]  get_page_from_freelist+0x3651/0x37a0
[  495.902368][T10132]  __alloc_pages_noprof+0x292/0x710
[  495.907602][T10132]  alloc_pages_bulk_noprof+0x70b/0xcc0
[  495.913087][T10132]  __page_pool_alloc_pages_slow+0x122/0x690
[  495.919005][T10132]  page_pool_alloc_pages+0xd0/0x1c0
[  495.924243][T10132]  skb_pp_cow_data+0xc43/0x1640
[  495.929179][T10132]  do_xdp_generic+0x505/0xd30
[  495.933876][T10132]  __netif_receive_skb_core+0x1ce9/0x4690
[  495.939599][T10132]  __netif_receive_skb+0x12f/0x650
[  495.944729][T10132]  netif_receive_skb+0x1e8/0x890
[  495.949679][T10132]  tun_rx_batched+0x1b7/0x8f0
[  495.954379][T10132]  tun_get_user+0x30d6/0x4890
[  495.959059][T10132]  tun_chr_write_iter+0x10d/0x1f0
[  495.964138][T10132]  vfs_write+0xaeb/0xd30
[  495.968388][T10132]  ksys_write+0x18f/0x2b0
[  495.972737][T10132] page last free pid 10049 tgid 10049 stack trace:
[  495.979257][T10132]  free_unref_folios+0xf38/0x1a60
[  495.984285][T10132]  folios_put_refs+0x76c/0x860
[  495.989081][T10132]  free_pages_and_swap_cache+0x5c8/0x690
[  495.994735][T10132]  tlb_flush_mmu+0x3a3/0x680
[  495.999366][T10132]  tlb_finish_mmu+0xd4/0x200
[  496.003959][T10132]  exit_mmap+0x496/0xc20
[  496.008221][T10132]  __mmput+0x115/0x3b0
[  496.012304][T10132]  exit_mm+0x220/0x310
[  496.016385][T10132]  do_exit+0x9b2/0x28e0
[  496.020537][T10132]  do_group_exit+0x207/0x2c0
[  496.025156][T10132]  __x64_sys_exit_group+0x3f/0x40
[  496.030181][T10132]  x64_sys_call+0x26a8/0x26b0
[  496.034884][T10132]  do_syscall_64+0xf3/0x230
[  496.039392][T10132]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  496.045312][T10132] Modules linked in:
[  496.049206][T10132] CPU: 1 UID: 0 PID: 10132 Comm: syz.2.1087 Tainted: G    B              6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0
[  496.061459][T10132] Tainted: [B]=BAD_PAGE
[  496.065605][T10132] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  496.075656][T10132] Call Trace:
[  496.078952][T10132]  <TASK>
[  496.081896][T10132]  dump_stack_lvl+0x241/0x360
[  496.086589][T10132]  ? __pfx_dump_stack_lvl+0x10/0x10
[  496.091790][T10132]  ? __pfx_print_modules+0x10/0x10
[  496.096901][T10132]  bad_page+0x176/0x1d0
[  496.101054][T10132]  free_unref_page+0x1048/0x1130
[  496.106001][T10132]  bpf_xdp_frags_shrink_tail+0x3ee/0x7e0
[  496.111637][T10132]  bpf_xdp_adjust_tail+0x1c3/0x200
[  496.116756][T10132]  bpf_prog_f476d5219b92964a+0x1e/0x20
[  496.122207][T10132]  bpf_prog_run_generic_xdp+0x686/0x1510
[  496.127855][T10132]  do_xdp_generic+0x757/0xd30
[  496.132534][T10132]  ? __pfx_do_xdp_generic+0x10/0x10
[  496.137736][T10132]  ? __skb_flow_dissect+0x4f1/0x7d00
[  496.143028][T10132]  __netif_receive_skb_core+0x1ce9/0x4690
[  496.148765][T10132]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  496.154845][T10132]  ? mark_lock+0x9a/0x360
[  496.159181][T10132]  ? __lock_acquire+0x1397/0x2100
[  496.164253][T10132]  __netif_receive_skb+0x12f/0x650
[  496.169390][T10132]  ? __pfx_lock_acquire+0x10/0x10
[  496.174437][T10132]  ? seqcount_lockdep_reader_access+0x1d7/0x220
[  496.180701][T10132]  ? __pfx___netif_receive_skb+0x10/0x10
[  496.186353][T10132]  ? tun_rx_batched+0x160/0x8f0
[  496.191212][T10132]  ? __pfx_lockdep_softirqs_off+0x10/0x10
[  496.196940][T10132]  ? read_tsc+0x9/0x20
[  496.201017][T10132]  ? netif_receive_skb+0x131/0x890
[  496.206134][T10132]  ? netif_receive_skb+0x131/0x890
[  496.211261][T10132]  netif_receive_skb+0x1e8/0x890
[  496.216226][T10132]  ? tun_rx_batched+0x160/0x8f0
[  496.221084][T10132]  ? __pfx_netif_receive_skb+0x10/0x10
[  496.226577][T10132]  ? tun_rx_batched+0x160/0x8f0
[  496.231431][T10132]  tun_rx_batched+0x1b7/0x8f0
[  496.236125][T10132]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  496.242453][T10132]  ? __pfx_lock_acquire+0x10/0x10
[  496.247490][T10132]  ? __pfx_tun_rx_batched+0x10/0x10
[  496.252712][T10132]  tun_get_user+0x30d6/0x4890
[  496.257393][T10132]  ? tun_get_user+0x2bbe/0x4890
[  496.262272][T10132]  ? __lock_acquire+0x1397/0x2100
[  496.267296][T10132]  ? __pfx_tun_get_user+0x10/0x10
[  496.272329][T10132]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  496.277790][T10132]  ? tun_get+0x1e/0x2f0
[  496.282034][T10132]  ? __pfx_lock_release+0x10/0x10
[  496.287061][T10132]  ? tun_get+0x1e/0x2f0
[  496.291232][T10132]  ? tun_get+0x27d/0x2f0
[  496.295485][T10132]  tun_chr_write_iter+0x10d/0x1f0
[  496.300534][T10132]  vfs_write+0xaeb/0xd30
[  496.304796][T10132]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  496.310380][T10132]  ? __pfx_vfs_write+0x10/0x10
[  496.315170][T10132]  ? __fget_files+0x2a/0x410
[  496.319782][T10132]  ? __fget_files+0x2a/0x410
[  496.324374][T10132]  ksys_write+0x18f/0x2b0
[  496.328713][T10132]  ? __pfx_ksys_write+0x10/0x10
[  496.333587][T10132]  ? do_syscall_64+0x100/0x230
[  496.338355][T10132]  ? do_syscall_64+0xb6/0x230
[  496.343038][T10132]  do_syscall_64+0xf3/0x230
[  496.347553][T10132]  ? clear_bhb_loop+0x35/0x90
[  496.352244][T10132]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  496.358146][T10132] RIP: 0033:0x7f4d7e37e98f
[  496.362651][T10132] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  496.382271][T10132] RSP: 002b:00007f4d7f195020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  496.390733][T10132] RAX: ffffffffffffffda RBX: 00007f4d7e545fa0 RCX: 00007f4d7e37e98f
[  496.398745][T10132] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[  496.406759][T10132] RBP: 00007f4d7e3f3cc8 R08: 0000000000000000 R09: 0000000000000000
[  496.414830][T10132] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  496.422806][T10132] R13: 0000000000000000 R14: 00007f4d7e545fa0 R15: 00007ffe3ccfb108
[  496.430884][T10132]  </TASK>
[  496.433936][    C1] vkms_vblank_simulate: vblank timer overrun
[  496.439941][T10132] BUG: Bad page state in process syz.2.1087  pfn:60783
[  496.446831][T10132] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888060783f00 pfn:0x60783
[  496.456926][T10132] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  496.464067][T10132] raw: 00fff00000000000 dead000000000040 ffff888021ac2000 0000000000000000
[  496.473144][T10132] raw: ffff888060783f00 0000000000000001 00000000ffffffff 0000000000000000
[  496.481769][T10132] page dumped because: page_pool leak
[  496.487153][T10132] page_owner tracks the page as allocated
[  496.492922][T10132] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 10132, tgid 10131 (syz.2.1087), ts 493959806717, free_ts 489623866287
[  496.510156][T10132]  post_alloc_hook+0x1f3/0x230
[  496.514929][T10132]  get_page_from_freelist+0x3651/0x37a0
[  496.520503][T10132]  __alloc_pages_noprof+0x292/0x710
[  496.525742][T10132]  alloc_pages_bulk_noprof+0x70b/0xcc0
[  496.531253][T10132]  __page_pool_alloc_pages_slow+0x122/0x690
[  496.537214][T10132]  page_pool_alloc_pages+0xd0/0x1c0
[  496.542503][T10132]  skb_pp_cow_data+0xc43/0x1640
[  496.547395][T10132]  do_xdp_generic+0x505/0xd30
[  496.552095][T10132]  __netif_receive_skb_core+0x1ce9/0x4690
[  496.557887][T10132]  __netif_receive_skb+0x12f/0x650
[  496.563027][T10132]  netif_receive_skb+0x1e8/0x890
[  496.568105][T10132]  tun_rx_batched+0x1b7/0x8f0
[  496.572811][T10132]  tun_get_user+0x30d6/0x4890
[  496.577520][T10132]  tun_chr_write_iter+0x10d/0x1f0
[  496.582553][T10132]  vfs_write+0xaeb/0xd30
[  496.586834][T10132]  ksys_write+0x18f/0x2b0
[  496.591170][T10132] page last free pid 10049 tgid 10049 stack trace:
[  496.597706][T10132]  free_unref_folios+0xf38/0x1a60
[  496.602778][T10132]  folios_put_refs+0x76c/0x860
[  496.607540][T10132]  free_pages_and_swap_cache+0x5c8/0x690
[  496.613283][T10132]  tlb_flush_mmu+0x3a3/0x680
[  496.617903][T10132]  tlb_finish_mmu+0xd4/0x200
[  496.622511][T10132]  exit_mmap+0x496/0xc20
[  496.626755][T10132]  __mmput+0x115/0x3b0
[  496.630830][T10132]  exit_mm+0x220/0x310
[  496.634937][T10132]  do_exit+0x9b2/0x28e0
[  496.639106][T10132]  do_group_exit+0x207/0x2c0
[  496.643739][T10132]  __x64_sys_exit_group+0x3f/0x40
[  496.648800][T10132]  x64_sys_call+0x26a8/0x26b0
[  496.653529][T10132]  do_syscall_64+0xf3/0x230
[  496.658045][T10132]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  496.663968][T10132] Modules linked in:
[  496.667877][T10132] CPU: 1 UID: 0 PID: 10132 Comm: syz.2.1087 Tainted: G    B              6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0
[  496.680121][T10132] Tainted: [B]=BAD_PAGE
[  496.684263][T10132] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  496.694313][T10132] Call Trace:
[  496.697588][T10132]  <TASK>
[  496.700530][T10132]  dump_stack_lvl+0x241/0x360
[  496.705231][T10132]  ? __pfx_dump_stack_lvl+0x10/0x10
[  496.710435][T10132]  ? __pfx_print_modules+0x10/0x10
[  496.715550][T10132]  bad_page+0x176/0x1d0
[  496.719706][T10132]  free_unref_page+0x1048/0x1130
[  496.724657][T10132]  bpf_xdp_frags_shrink_tail+0x3ee/0x7e0
[  496.730350][T10132]  bpf_xdp_adjust_tail+0x1c3/0x200
[  496.735476][T10132]  bpf_prog_f476d5219b92964a+0x1e/0x20
[  496.740944][T10132]  bpf_prog_run_generic_xdp+0x686/0x1510
[  496.746604][T10132]  do_xdp_generic+0x757/0xd30
[  496.751301][T10132]  ? __pfx_do_xdp_generic+0x10/0x10
[  496.756509][T10132]  ? __skb_flow_dissect+0x4f1/0x7d00
[  496.761809][T10132]  __netif_receive_skb_core+0x1ce9/0x4690
[  496.767556][T10132]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  496.773670][T10132]  ? mark_lock+0x9a/0x360
[  496.778021][T10132]  ? __lock_acquire+0x1397/0x2100
[  496.783070][T10132]  __netif_receive_skb+0x12f/0x650
[  496.788194][T10132]  ? __pfx_lock_acquire+0x10/0x10
[  496.793227][T10132]  ? seqcount_lockdep_reader_access+0x1d7/0x220
[  496.799476][T10132]  ? __pfx___netif_receive_skb+0x10/0x10
[  496.805132][T10132]  ? tun_rx_batched+0x160/0x8f0
[  496.809988][T10132]  ? __pfx_lockdep_softirqs_off+0x10/0x10
[  496.815708][T10132]  ? read_tsc+0x9/0x20
[  496.819791][T10132]  ? netif_receive_skb+0x131/0x890
[  496.824927][T10132]  ? netif_receive_skb+0x131/0x890
[  496.830045][T10132]  netif_receive_skb+0x1e8/0x890
[  496.835003][T10132]  ? tun_rx_batched+0x160/0x8f0
[  496.839891][T10132]  ? __pfx_netif_receive_skb+0x10/0x10
[  496.845371][T10132]  ? tun_rx_batched+0x160/0x8f0
[  496.850230][T10132]  tun_rx_batched+0x1b7/0x8f0
[  496.854912][T10132]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  496.861253][T10132]  ? __pfx_lock_acquire+0x10/0x10
[  496.866287][T10132]  ? __pfx_tun_rx_batched+0x10/0x10
[  496.871592][T10132]  tun_get_user+0x30d6/0x4890
[  496.876290][T10132]  ? tun_get_user+0x2bbe/0x4890
[  496.881256][T10132]  ? __lock_acquire+0x1397/0x2100
[  496.886285][T10132]  ? __pfx_tun_get_user+0x10/0x10
[  496.891332][T10132]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  496.896796][T10132]  ? tun_get+0x1e/0x2f0
[  496.900956][T10132]  ? __pfx_lock_release+0x10/0x10
[  496.905998][T10132]  ? tun_get+0x1e/0x2f0
[  496.910170][T10132]  ? tun_get+0x27d/0x2f0
[  496.914420][T10132]  tun_chr_write_iter+0x10d/0x1f0
[  496.919455][T10132]  vfs_write+0xaeb/0xd30
[  496.923710][T10132]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  496.929263][T10132]  ? __pfx_vfs_write+0x10/0x10
[  496.934046][T10132]  ? __fget_files+0x2a/0x410
[  496.938658][T10132]  ? __fget_files+0x2a/0x410
[  496.943271][T10132]  ksys_write+0x18f/0x2b0
[  496.947610][T10132]  ? __pfx_ksys_write+0x10/0x10
[  496.952466][T10132]  ? do_syscall_64+0x100/0x230
[  496.957332][T10132]  ? do_syscall_64+0xb6/0x230
[  496.962102][T10132]  do_syscall_64+0xf3/0x230
[  496.966618][T10132]  ? clear_bhb_loop+0x35/0x90
[  496.971308][T10132]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  496.977206][T10132] RIP: 0033:0x7f4d7e37e98f
[  496.981617][T10132] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  497.001221][T10132] RSP: 002b:00007f4d7f195020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  497.009637][T10132] RAX: ffffffffffffffda RBX: 00007f4d7e545fa0 RCX: 00007f4d7e37e98f
[  497.017611][T10132] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[  497.025590][T10132] RBP: 00007f4d7e3f3cc8 R08: 0000000000000000 R09: 0000000000000000
[  497.033572][T10132] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  497.041553][T10132] R13: 0000000000000000 R14: 00007f4d7e545fa0 R15: 00007ffe3ccfb108
[  497.049529][T10132]  </TASK>
[  497.052575][    C1] vkms_vblank_simulate: vblank timer overrun
[  497.058559][T10132] BUG: Bad page state in process syz.2.1087  pfn:6ac29
[  497.065420][T10132] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88806ac29f00 pfn:0x6ac29
[  497.075505][T10132] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  497.082644][T10132] raw: 00fff00000000000 dead000000000040 ffff888021ac2000 0000000000000000
[  497.091248][T10132] raw: ffff88806ac29f00 0000000000000001 00000000ffffffff 0000000000000000
[  497.099843][T10132] page dumped because: page_pool leak
[  497.105207][T10132] page_owner tracks the page as allocated
[  497.110974][T10132] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 10132, tgid 10131 (syz.2.1087), ts 493959797374, free_ts 489623872543
[  497.128165][    C1] vkms_vblank_simulate: vblank timer overrun
[  497.134199][T10132]  post_alloc_hook+0x1f3/0x230
[  497.138983][T10132]  get_page_from_freelist+0x3651/0x37a0
[  497.144573][T10132]  __alloc_pages_noprof+0x292/0x710
[  497.149775][T10132]  alloc_pages_bulk_noprof+0x70b/0xcc0
[  497.155255][T10132]  __page_pool_alloc_pages_slow+0x122/0x690
[  497.161167][T10132]  page_pool_alloc_pages+0xd0/0x1c0
[  497.166403][T10132]  skb_pp_cow_data+0xc43/0x1640
[  497.171277][T10132]  do_xdp_generic+0x505/0xd30
[  497.175970][T10132]  __netif_receive_skb_core+0x1ce9/0x4690
[  497.181717][T10132]  __netif_receive_skb+0x12f/0x650
[  497.186828][T10132]  netif_receive_skb+0x1e8/0x890
[  497.191802][T10132]  tun_rx_batched+0x1b7/0x8f0
[  497.196482][T10132]  tun_get_user+0x30d6/0x4890
[  497.201179][T10132]  tun_chr_write_iter+0x10d/0x1f0
[  497.206226][T10132]  vfs_write+0xaeb/0xd30
[  497.210497][T10132]  ksys_write+0x18f/0x2b0
[  497.214828][T10132] page last free pid 10049 tgid 10049 stack trace:
[  497.221347][T10132]  free_unref_folios+0xf38/0x1a60
[  497.226373][T10132]  folios_put_refs+0x76c/0x860
[  497.231147][T10132]  free_pages_and_swap_cache+0x5c8/0x690
[  497.236818][T10132]  tlb_flush_mmu+0x3a3/0x680
[  497.241417][T10132]  tlb_finish_mmu+0xd4/0x200
[  497.246011][T10132]  exit_mmap+0x496/0xc20
[  497.250275][T10132]  __mmput+0x115/0x3b0
[  497.254359][T10132]  exit_mm+0x220/0x310
[  497.258440][T10132]  do_exit+0x9b2/0x28e0
[  497.262595][T10132]  do_group_exit+0x207/0x2c0
[  497.267200][T10132]  __x64_sys_exit_group+0x3f/0x40
[  497.272247][T10132]  x64_sys_call+0x26a8/0x26b0
[  497.276949][T10132]  do_syscall_64+0xf3/0x230
[  497.281455][T10132]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  497.287376][T10132] Modules linked in:
[  497.291268][T10132] CPU: 1 UID: 0 PID: 10132 Comm: syz.2.1087 Tainted: G    B              6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0
[  497.303525][T10132] Tainted: [B]=BAD_PAGE
[  497.307687][T10132] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  497.317738][T10132] Call Trace:
[  497.321127][T10132]  <TASK>
[  497.324088][T10132]  dump_stack_lvl+0x241/0x360
[  497.328783][T10132]  ? __pfx_dump_stack_lvl+0x10/0x10
[  497.333988][T10132]  ? __pfx_print_modules+0x10/0x10
[  497.339119][T10132]  bad_page+0x176/0x1d0
[  497.343300][T10132]  free_unref_page+0x1048/0x1130
[  497.348245][T10132]  bpf_xdp_frags_shrink_tail+0x3ee/0x7e0
[  497.353897][T10132]  bpf_xdp_adjust_tail+0x1c3/0x200
[  497.359018][T10132]  bpf_prog_f476d5219b92964a+0x1e/0x20
[  497.364472][T10132]  bpf_prog_run_generic_xdp+0x686/0x1510
[  497.370119][T10132]  do_xdp_generic+0x757/0xd30
[  497.374803][T10132]  ? __pfx_do_xdp_generic+0x10/0x10
[  497.380008][T10132]  ? __skb_flow_dissect+0x4f1/0x7d00
[  497.385317][T10132]  __netif_receive_skb_core+0x1ce9/0x4690
[  497.391089][T10132]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  497.397194][T10132]  ? mark_lock+0x9a/0x360
[  497.401533][T10132]  ? __lock_acquire+0x1397/0x2100
[  497.406569][T10132]  __netif_receive_skb+0x12f/0x650
[  497.411697][T10132]  ? __pfx_lock_acquire+0x10/0x10
[  497.416756][T10132]  ? seqcount_lockdep_reader_access+0x1d7/0x220
[  497.423006][T10132]  ? __pfx___netif_receive_skb+0x10/0x10
[  497.428645][T10132]  ? tun_rx_batched+0x160/0x8f0
[  497.433502][T10132]  ? __pfx_lockdep_softirqs_off+0x10/0x10
[  497.439226][T10132]  ? read_tsc+0x9/0x20
[  497.443299][T10132]  ? netif_receive_skb+0x131/0x890
[  497.448411][T10132]  ? netif_receive_skb+0x131/0x890
[  497.453538][T10132]  netif_receive_skb+0x1e8/0x890
[  497.458592][T10132]  ? tun_rx_batched+0x160/0x8f0
[  497.463556][T10132]  ? __pfx_netif_receive_skb+0x10/0x10
[  497.469028][T10132]  ? tun_rx_batched+0x160/0x8f0
[  497.473900][T10132]  tun_rx_batched+0x1b7/0x8f0
[  497.478584][T10132]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  497.484920][T10132]  ? __pfx_lock_acquire+0x10/0x10
[  497.489958][T10132]  ? __pfx_tun_rx_batched+0x10/0x10
[  497.495212][T10132]  tun_get_user+0x30d6/0x4890
[  497.499896][T10132]  ? tun_get_user+0x2bbe/0x4890
[  497.504771][T10132]  ? __lock_acquire+0x1397/0x2100
[  497.509874][T10132]  ? __pfx_tun_get_user+0x10/0x10
[  497.514908][T10132]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  497.520367][T10132]  ? tun_get+0x1e/0x2f0
[  497.524542][T10132]  ? __pfx_lock_release+0x10/0x10
[  497.529592][T10132]  ? tun_get+0x1e/0x2f0
[  497.533755][T10132]  ? tun_get+0x27d/0x2f0
[  497.537998][T10132]  tun_chr_write_iter+0x10d/0x1f0
[  497.543027][T10132]  vfs_write+0xaeb/0xd30
[  497.547279][T10132]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  497.552851][T10132]  ? __pfx_vfs_write+0x10/0x10
[  497.557620][T10132]  ? __fget_files+0x2a/0x410
[  497.562219][T10132]  ? __fget_files+0x2a/0x410
[  497.566813][T10132]  ksys_write+0x18f/0x2b0
[  497.571249][T10132]  ? __pfx_ksys_write+0x10/0x10
[  497.576192][T10132]  ? do_syscall_64+0x100/0x230
[  497.581044][T10132]  ? do_syscall_64+0xb6/0x230
[  497.585762][T10132]  do_syscall_64+0xf3/0x230
[  497.590303][T10132]  ? clear_bhb_loop+0x35/0x90
[  497.594987][T10132]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  497.600913][T10132] RIP: 0033:0x7f4d7e37e98f
[  497.605325][T10132] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  497.624932][T10132] RSP: 002b:00007f4d7f195020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  497.633348][T10132] RAX: ffffffffffffffda RBX: 00007f4d7e545fa0 RCX: 00007f4d7e37e98f
[  497.641320][T10132] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[  497.649289][T10132] RBP: 00007f4d7e3f3cc8 R08: 0000000000000000 R09: 0000000000000000
[  497.657259][T10132] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  497.665227][T10132] R13: 0000000000000000 R14: 00007f4d7e545fa0 R15: 00007ffe3ccfb108
[  497.673204][T10132]  </TASK>
[  497.676282][    C1] vkms_vblank_simulate: vblank timer overrun
[  497.682286][T10132] BUG: Bad page state in process syz.2.1087  pfn:63618
[  497.689161][T10132] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888063618f00 pfn:0x63618
[  497.699328][T10132] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  497.706481][T10132] raw: 00fff00000000000 dead000000000040 ffff888021ac2000 0000000000000000
[  497.715088][T10132] raw: ffff888063618f00 0000000000000001 00000000ffffffff 0000000000000000
[  497.723687][T10132] page dumped because: page_pool leak
[  497.729048][T10132] page_owner tracks the page as allocated
[  497.734787][T10132] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 10132, tgid 10131 (syz.2.1087), ts 493959784816, free_ts 489623878838
[  497.752005][T10132]  post_alloc_hook+0x1f3/0x230
[  497.756776][T10132]  get_page_from_freelist+0x3651/0x37a0
[  497.762358][T10132]  __alloc_pages_noprof+0x292/0x710
[  497.767592][T10132]  alloc_pages_bulk_noprof+0x70b/0xcc0
[  497.773066][T10132]  __page_pool_alloc_pages_slow+0x122/0x690
[  497.779012][T10132]  page_pool_alloc_pages+0xd0/0x1c0
[  497.784237][T10132]  skb_pp_cow_data+0xc43/0x1640
[  497.789110][T10132]  do_xdp_generic+0x505/0xd30
[  497.793818][T10132]  __netif_receive_skb_core+0x1ce9/0x4690
[  497.799663][T10132]  __netif_receive_skb+0x12f/0x650
[  497.804803][T10132]  netif_receive_skb+0x1e8/0x890
[  497.809759][T10132]  tun_rx_batched+0x1b7/0x8f0
[  497.814469][T10132]  tun_get_user+0x30d6/0x4890
[  497.819146][T10132]  tun_chr_write_iter+0x10d/0x1f0
[  497.824186][T10132]  vfs_write+0xaeb/0xd30
[  497.828444][T10132]  ksys_write+0x18f/0x2b0
[  497.832808][T10132] page last free pid 10049 tgid 10049 stack trace:
[  497.839325][T10132]  free_unref_folios+0xf38/0x1a60
[  497.844376][T10132]  folios_put_refs+0x76c/0x860
[  497.849136][T10132]  free_pages_and_swap_cache+0x5c8/0x690
[  497.854804][T10132]  tlb_flush_mmu+0x3a3/0x680
[  497.859425][T10132]  tlb_finish_mmu+0xd4/0x200
[  497.864036][T10132]  exit_mmap+0x496/0xc20
[  497.868281][T10132]  __mmput+0x115/0x3b0
[  497.872385][T10132]  exit_mm+0x220/0x310
[  497.876477][T10132]  do_exit+0x9b2/0x28e0
[  497.880661][T10132]  do_group_exit+0x207/0x2c0
[  497.885254][T10132]  __x64_sys_exit_group+0x3f/0x40
[  497.890337][T10132]  x64_sys_call+0x26a8/0x26b0
[  497.895021][T10132]  do_syscall_64+0xf3/0x230
[  497.899638][T10132]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  497.905551][T10132] Modules linked in:
[  497.909466][T10132] CPU: 1 UID: 0 PID: 10132 Comm: syz.2.1087 Tainted: G    B              6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0
[  497.921702][T10132] Tainted: [B]=BAD_PAGE
[  497.925863][T10132] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  497.935919][T10132] Call Trace:
[  497.939198][T10132]  <TASK>
[  497.942137][T10132]  dump_stack_lvl+0x241/0x360
[  497.946820][T10132]  ? __pfx_dump_stack_lvl+0x10/0x10
[  497.952020][T10132]  ? __pfx_print_modules+0x10/0x10
[  497.957131][T10132]  bad_page+0x176/0x1d0
[  497.961283][T10132]  free_unref_page+0x1048/0x1130
[  497.966228][T10132]  bpf_xdp_frags_shrink_tail+0x3ee/0x7e0
[  497.971872][T10132]  bpf_xdp_adjust_tail+0x1c3/0x200
[  497.977006][T10132]  bpf_prog_f476d5219b92964a+0x1e/0x20
[  497.982469][T10132]  bpf_prog_run_generic_xdp+0x686/0x1510
[  497.988117][T10132]  do_xdp_generic+0x757/0xd30
[  497.992801][T10132]  ? __pfx_do_xdp_generic+0x10/0x10
[  497.998006][T10132]  ? __skb_flow_dissect+0x4f1/0x7d00
[  498.003310][T10132]  __netif_receive_skb_core+0x1ce9/0x4690
[  498.009054][T10132]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  498.015137][T10132]  ? mark_lock+0x9a/0x360
[  498.019469][T10132]  ? __lock_acquire+0x1397/0x2100
[  498.024511][T10132]  __netif_receive_skb+0x12f/0x650
[  498.029633][T10132]  ? __pfx_lock_acquire+0x10/0x10
[  498.034664][T10132]  ? seqcount_lockdep_reader_access+0x1d7/0x220
[  498.040927][T10132]  ? __pfx___netif_receive_skb+0x10/0x10
[  498.046590][T10132]  ? tun_rx_batched+0x160/0x8f0
[  498.051446][T10132]  ? __pfx_lockdep_softirqs_off+0x10/0x10
[  498.057172][T10132]  ? read_tsc+0x9/0x20
[  498.061251][T10132]  ? netif_receive_skb+0x131/0x890
[  498.066368][T10132]  ? netif_receive_skb+0x131/0x890
[  498.071499][T10132]  netif_receive_skb+0x1e8/0x890
[  498.076439][T10132]  ? tun_rx_batched+0x160/0x8f0
[  498.081295][T10132]  ? __pfx_netif_receive_skb+0x10/0x10
[  498.086772][T10132]  ? tun_rx_batched+0x160/0x8f0
[  498.091629][T10132]  tun_rx_batched+0x1b7/0x8f0
[  498.096322][T10132]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  498.102650][T10132]  ? __pfx_lock_acquire+0x10/0x10
[  498.107671][T10132]  ? __pfx_tun_rx_batched+0x10/0x10
[  498.112882][T10132]  tun_get_user+0x30d6/0x4890
[  498.117584][T10132]  ? tun_get_user+0x2bbe/0x4890
[  498.122442][T10132]  ? __lock_acquire+0x1397/0x2100
[  498.127470][T10132]  ? __pfx_tun_get_user+0x10/0x10
[  498.132512][T10132]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  498.137987][T10132]  ? tun_get+0x1e/0x2f0
[  498.142144][T10132]  ? __pfx_lock_release+0x10/0x10
[  498.147257][T10132]  ? tun_get+0x1e/0x2f0
[  498.151414][T10132]  ? tun_get+0x27d/0x2f0
[  498.155658][T10132]  tun_chr_write_iter+0x10d/0x1f0
[  498.160810][T10132]  vfs_write+0xaeb/0xd30
[  498.165097][T10132]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  498.170667][T10132]  ? __pfx_vfs_write+0x10/0x10
[  498.175470][T10132]  ? __fget_files+0x2a/0x410
[  498.180074][T10132]  ? __fget_files+0x2a/0x410
[  498.184697][T10132]  ksys_write+0x18f/0x2b0
[  498.189060][T10132]  ? __pfx_ksys_write+0x10/0x10
[  498.193935][T10132]  ? do_syscall_64+0x100/0x230
[  498.198712][T10132]  ? do_syscall_64+0xb6/0x230
[  498.203397][T10132]  do_syscall_64+0xf3/0x230
[  498.207908][T10132]  ? clear_bhb_loop+0x35/0x90
[  498.212589][T10132]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  498.218489][T10132] RIP: 0033:0x7f4d7e37e98f
[  498.223422][T10132] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  498.243036][T10132] RSP: 002b:00007f4d7f195020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  498.251470][T10132] RAX: ffffffffffffffda RBX: 00007f4d7e545fa0 RCX: 00007f4d7e37e98f
[  498.259464][T10132] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[  498.267456][T10132] RBP: 00007f4d7e3f3cc8 R08: 0000000000000000 R09: 0000000000000000
[  498.275427][T10132] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  498.283396][T10132] R13: 0000000000000000 R14: 00007f4d7e545fa0 R15: 00007ffe3ccfb108
[  498.291381][T10132]  </TASK>
[  498.294463][    C1] vkms_vblank_simulate: vblank timer overrun
[  498.300479][T10132] BUG: Bad page state in process syz.2.1087  pfn:6b302
[  498.307336][T10132] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88806b302780 pfn:0x6b302
[  498.317459][T10132] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  498.324602][T10132] raw: 00fff00000000000 dead000000000040 ffff888021ac2000 0000000000000000
[  498.333216][T10132] raw: ffff88806b302780 0000000000000001 00000000ffffffff 0000000000000000
[  498.341836][T10132] page dumped because: page_pool leak
[  498.347257][T10132] page_owner tracks the page as allocated
[  498.352996][T10132] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 10132, tgid 10131 (syz.2.1087), ts 493959776359, free_ts 489623886721
[  498.370243][T10132]  post_alloc_hook+0x1f3/0x230
[  498.375046][T10132]  get_page_from_freelist+0x3651/0x37a0
[  498.380599][T10132]  __alloc_pages_noprof+0x292/0x710
[  498.385825][T10132]  alloc_pages_bulk_noprof+0x70b/0xcc0
[  498.391305][T10132]  __page_pool_alloc_pages_slow+0x122/0x690
[  498.397253][T10132]  page_pool_alloc_pages+0xd0/0x1c0
[  498.402496][T10132]  skb_pp_cow_data+0xc43/0x1640
[  498.407354][T10132]  do_xdp_generic+0x505/0xd30
[  498.412230][T10132]  __netif_receive_skb_core+0x1ce9/0x4690
[  498.417971][T10132]  __netif_receive_skb+0x12f/0x650
[  498.423108][T10132]  netif_receive_skb+0x1e8/0x890
[  498.428049][T10132]  tun_rx_batched+0x1b7/0x8f0
[  498.432768][T10132]  tun_get_user+0x30d6/0x4890
[  498.437447][T10132]  tun_chr_write_iter+0x10d/0x1f0
[  498.442488][T10132]  vfs_write+0xaeb/0xd30
[  498.446755][T10132]  ksys_write+0x18f/0x2b0
[  498.451124][T10132] page last free pid 10049 tgid 10049 stack trace:
[  498.457630][T10132]  free_unref_folios+0xf38/0x1a60
[  498.462659][T10132]  folios_put_refs+0x76c/0x860
[  498.467462][T10132]  free_pages_and_swap_cache+0x5c8/0x690
[  498.473111][T10132]  tlb_flush_mmu+0x3a3/0x680
[  498.477748][T10132]  tlb_finish_mmu+0xd4/0x200
[  498.482353][T10132]  exit_mmap+0x496/0xc20
[  498.486616][T10132]  __mmput+0x115/0x3b0
[  498.490685][T10132]  exit_mm+0x220/0x310
[  498.494747][T10132]  do_exit+0x9b2/0x28e0
[  498.498923][T10132]  do_group_exit+0x207/0x2c0
[  498.503509][T10132]  __x64_sys_exit_group+0x3f/0x40
[  498.508554][T10132]  x64_sys_call+0x26a8/0x26b0
[  498.513287][T10132]  do_syscall_64+0xf3/0x230
[  498.517802][T10132]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  498.523729][T10132] Modules linked in:
[  498.527647][T10132] CPU: 1 UID: 0 PID: 10132 Comm: syz.2.1087 Tainted: G    B              6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0
[  498.539886][T10132] Tainted: [B]=BAD_PAGE
[  498.544046][T10132] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  498.554107][T10132] Call Trace:
[  498.557384][T10132]  <TASK>
[  498.560317][T10132]  dump_stack_lvl+0x241/0x360
[  498.565011][T10132]  ? __pfx_dump_stack_lvl+0x10/0x10
[  498.570217][T10132]  ? __pfx_print_modules+0x10/0x10
[  498.575343][T10132]  bad_page+0x176/0x1d0
[  498.579500][T10132]  free_unref_page+0x1048/0x1130
[  498.584463][T10132]  bpf_xdp_frags_shrink_tail+0x3ee/0x7e0
[  498.590116][T10132]  bpf_xdp_adjust_tail+0x1c3/0x200
[  498.595255][T10132]  bpf_prog_f476d5219b92964a+0x1e/0x20
[  498.600731][T10132]  bpf_prog_run_generic_xdp+0x686/0x1510
[  498.606465][T10132]  do_xdp_generic+0x757/0xd30
[  498.611159][T10132]  ? __pfx_do_xdp_generic+0x10/0x10
[  498.616366][T10132]  ? __skb_flow_dissect+0x4f1/0x7d00
[  498.621665][T10132]  __netif_receive_skb_core+0x1ce9/0x4690
[  498.627405][T10132]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  498.633571][T10132]  ? mark_lock+0x9a/0x360
[  498.637912][T10132]  ? __lock_acquire+0x1397/0x2100
[  498.642946][T10132]  __netif_receive_skb+0x12f/0x650
[  498.648064][T10132]  ? __pfx_lock_acquire+0x10/0x10
[  498.653084][T10132]  ? seqcount_lockdep_reader_access+0x1d7/0x220
[  498.659343][T10132]  ? __pfx___netif_receive_skb+0x10/0x10
[  498.664984][T10132]  ? tun_rx_batched+0x160/0x8f0
[  498.669838][T10132]  ? __pfx_lockdep_softirqs_off+0x10/0x10
[  498.675560][T10132]  ? read_tsc+0x9/0x20
[  498.679645][T10132]  ? netif_receive_skb+0x131/0x890
[  498.684758][T10132]  ? netif_receive_skb+0x131/0x890
[  498.689876][T10132]  netif_receive_skb+0x1e8/0x890
[  498.694818][T10132]  ? tun_rx_batched+0x160/0x8f0
[  498.699672][T10132]  ? __pfx_netif_receive_skb+0x10/0x10
[  498.705138][T10132]  ? tun_rx_batched+0x160/0x8f0
[  498.710010][T10132]  tun_rx_batched+0x1b7/0x8f0
[  498.714700][T10132]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  498.721041][T10132]  ? __pfx_lock_acquire+0x10/0x10
[  498.726077][T10132]  ? __pfx_tun_rx_batched+0x10/0x10
[  498.731305][T10132]  tun_get_user+0x30d6/0x4890
[  498.735996][T10132]  ? tun_get_user+0x2bbe/0x4890
[  498.740853][T10132]  ? __lock_acquire+0x1397/0x2100
[  498.745877][T10132]  ? __pfx_tun_get_user+0x10/0x10
[  498.750911][T10132]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  498.756381][T10132]  ? tun_get+0x1e/0x2f0
[  498.760564][T10132]  ? __pfx_lock_release+0x10/0x10
[  498.765593][T10132]  ? tun_get+0x1e/0x2f0
[  498.769751][T10132]  ? tun_get+0x27d/0x2f0
[  498.773992][T10132]  tun_chr_write_iter+0x10d/0x1f0
[  498.779029][T10132]  vfs_write+0xaeb/0xd30
[  498.783283][T10132]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  498.788834][T10132]  ? __pfx_vfs_write+0x10/0x10
[  498.793604][T10132]  ? __fget_files+0x2a/0x410
[  498.798194][T10132]  ? __fget_files+0x2a/0x410
[  498.802786][T10132]  ksys_write+0x18f/0x2b0
[  498.807122][T10132]  ? __pfx_ksys_write+0x10/0x10
[  498.811985][T10132]  ? do_syscall_64+0x100/0x230
[  498.816759][T10132]  ? do_syscall_64+0xb6/0x230
[  498.821442][T10132]  do_syscall_64+0xf3/0x230
[  498.825951][T10132]  ? clear_bhb_loop+0x35/0x90
[  498.830638][T10132]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  498.836550][T10132] RIP: 0033:0x7f4d7e37e98f
[  498.840998][T10132] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  498.860612][T10132] RSP: 002b:00007f4d7f195020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  498.869236][T10132] RAX: ffffffffffffffda RBX: 00007f4d7e545fa0 RCX: 00007f4d7e37e98f
[  498.877224][T10132] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[  498.885197][T10132] RBP: 00007f4d7e3f3cc8 R08: 0000000000000000 R09: 0000000000000000
[  498.893164][T10132] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  498.901133][T10132] R13: 0000000000000000 R14: 00007f4d7e545fa0 R15: 00007ffe3ccfb108
[  498.909115][T10132]  </TASK>
[  498.912161][    C1] vkms_vblank_simulate: vblank timer overrun
[  498.918168][T10132] BUG: Bad page state in process syz.2.1087  pfn:6bde2
[  498.925034][T10132] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88806bde2f00 pfn:0x6bde2
[  498.935123][T10132] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  498.942235][T10132] raw: 00fff00000000000 dead000000000040 ffff888021ac2000 0000000000000000
[  498.950848][T10132] raw: ffff88806bde2f00 0000000000000001 00000000ffffffff 0000000000000000
[  498.959446][T10132] page dumped because: page_pool leak
[  498.964837][T10132] page_owner tracks the page as allocated
[  498.970573][T10132] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 10132, tgid 10131 (syz.2.1087), ts 493959767788, free_ts 489623892997
[  498.987831][T10132]  post_alloc_hook+0x1f3/0x230
[  498.992644][T10132]  get_page_from_freelist+0x3651/0x37a0
[  498.998229][T10132]  __alloc_pages_noprof+0x292/0x710
[  499.003450][T10132]  alloc_pages_bulk_noprof+0x70b/0xcc0
[  499.008973][T10132]  __page_pool_alloc_pages_slow+0x122/0x690
[  499.014884][T10132]  page_pool_alloc_pages+0xd0/0x1c0
[  499.020126][T10132]  skb_pp_cow_data+0xc43/0x1640
[  499.025024][T10132]  do_xdp_generic+0x505/0xd30
[  499.029734][T10132]  __netif_receive_skb_core+0x1ce9/0x4690
[  499.035481][T10132]  __netif_receive_skb+0x12f/0x650
[  499.040637][T10132]  netif_receive_skb+0x1e8/0x890
[  499.045604][T10132]  tun_rx_batched+0x1b7/0x8f0
[  499.050302][T10132]  tun_get_user+0x30d6/0x4890
[  499.055030][T10132]  tun_chr_write_iter+0x10d/0x1f0
[  499.060078][T10132]  vfs_write+0xaeb/0xd30
[  499.064367][T10132]  ksys_write+0x18f/0x2b0
[  499.068721][T10132] page last free pid 10049 tgid 10049 stack trace:
[  499.075243][T10132]  free_unref_folios+0xf38/0x1a60
[  499.080277][T10132]  folios_put_refs+0x76c/0x860
[  499.085069][T10132]  free_pages_and_swap_cache+0x5c8/0x690
[  499.090711][T10132]  tlb_flush_mmu+0x3a3/0x680
[  499.095330][T10132]  tlb_finish_mmu+0xd4/0x200
[  499.099925][T10132]  exit_mmap+0x496/0xc20
[  499.104193][T10132]  __mmput+0x115/0x3b0
[  499.108282][T10132]  exit_mm+0x220/0x310
[  499.112380][T10132]  do_exit+0x9b2/0x28e0
[  499.116581][T10132]  do_group_exit+0x207/0x2c0
[  499.121193][T10132]  __x64_sys_exit_group+0x3f/0x40
[  499.126227][T10132]  x64_sys_call+0x26a8/0x26b0
[  499.130925][T10132]  do_syscall_64+0xf3/0x230
[  499.135449][T10132]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  499.141372][T10132] Modules linked in:
[  499.145275][T10132] CPU: 1 UID: 0 PID: 10132 Comm: syz.2.1087 Tainted: G    B              6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0
[  499.157512][T10132] Tainted: [B]=BAD_PAGE
[  499.161670][T10132] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  499.171742][T10132] Call Trace:
[  499.175029][T10132]  <TASK>
[  499.177959][T10132]  dump_stack_lvl+0x241/0x360
[  499.182733][T10132]  ? __pfx_dump_stack_lvl+0x10/0x10
[  499.188081][T10132]  ? __pfx_print_modules+0x10/0x10
[  499.193236][T10132]  bad_page+0x176/0x1d0
[  499.197420][T10132]  free_unref_page+0x1048/0x1130
[  499.202393][T10132]  bpf_xdp_frags_shrink_tail+0x3ee/0x7e0
[  499.208144][T10132]  bpf_xdp_adjust_tail+0x1c3/0x200
[  499.213291][T10132]  bpf_prog_f476d5219b92964a+0x1e/0x20
[  499.218749][T10132]  bpf_prog_run_generic_xdp+0x686/0x1510
[  499.224399][T10132]  do_xdp_generic+0x757/0xd30
[  499.229084][T10132]  ? __pfx_do_xdp_generic+0x10/0x10
[  499.234288][T10132]  ? __skb_flow_dissect+0x4f1/0x7d00
[  499.239586][T10132]  __netif_receive_skb_core+0x1ce9/0x4690
[  499.245323][T10132]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  499.251400][T10132]  ? mark_lock+0x9a/0x360
[  499.255734][T10132]  ? __lock_acquire+0x1397/0x2100
[  499.260777][T10132]  __netif_receive_skb+0x12f/0x650
[  499.265907][T10132]  ? __pfx_lock_acquire+0x10/0x10
[  499.270931][T10132]  ? seqcount_lockdep_reader_access+0x1d7/0x220
[  499.277175][T10132]  ? __pfx___netif_receive_skb+0x10/0x10
[  499.282814][T10132]  ? tun_rx_batched+0x160/0x8f0
[  499.287670][T10132]  ? __pfx_lockdep_softirqs_off+0x10/0x10
[  499.293388][T10132]  ? read_tsc+0x9/0x20
[  499.297466][T10132]  ? netif_receive_skb+0x131/0x890
[  499.302578][T10132]  ? netif_receive_skb+0x131/0x890
[  499.307698][T10132]  netif_receive_skb+0x1e8/0x890
[  499.312641][T10132]  ? tun_rx_batched+0x160/0x8f0
[  499.317499][T10132]  ? __pfx_netif_receive_skb+0x10/0x10
[  499.322963][T10132]  ? tun_rx_batched+0x160/0x8f0
[  499.327818][T10132]  tun_rx_batched+0x1b7/0x8f0
[  499.332523][T10132]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  499.338869][T10132]  ? __pfx_lock_acquire+0x10/0x10
[  499.343904][T10132]  ? __pfx_tun_rx_batched+0x10/0x10
[  499.349127][T10132]  tun_get_user+0x30d6/0x4890
[  499.353953][T10132]  ? tun_get_user+0x2bbe/0x4890
[  499.358820][T10132]  ? __lock_acquire+0x1397/0x2100
[  499.363850][T10132]  ? __pfx_tun_get_user+0x10/0x10
[  499.368894][T10132]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  499.374360][T10132]  ? tun_get+0x1e/0x2f0
[  499.378520][T10132]  ? __pfx_lock_release+0x10/0x10
[  499.383561][T10132]  ? tun_get+0x1e/0x2f0
[  499.387729][T10132]  ? tun_get+0x27d/0x2f0
[  499.391975][T10132]  tun_chr_write_iter+0x10d/0x1f0
[  499.397003][T10132]  vfs_write+0xaeb/0xd30
[  499.401253][T10132]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  499.406814][T10132]  ? __pfx_vfs_write+0x10/0x10
[  499.411671][T10132]  ? __fget_files+0x2a/0x410
[  499.416262][T10132]  ? __fget_files+0x2a/0x410
[  499.420856][T10132]  ksys_write+0x18f/0x2b0
[  499.425203][T10132]  ? __pfx_ksys_write+0x10/0x10
[  499.430057][T10132]  ? do_syscall_64+0x100/0x230
[  499.434828][T10132]  ? do_syscall_64+0xb6/0x230
[  499.439511][T10132]  do_syscall_64+0xf3/0x230
[  499.444019][T10132]  ? clear_bhb_loop+0x35/0x90
[  499.448702][T10132]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  499.454598][T10132] RIP: 0033:0x7f4d7e37e98f
[  499.459011][T10132] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  499.478612][T10132] RSP: 002b:00007f4d7f195020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  499.487035][T10132] RAX: ffffffffffffffda RBX: 00007f4d7e545fa0 RCX: 00007f4d7e37e98f
[  499.495018][T10132] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[  499.502998][T10132] RBP: 00007f4d7e3f3cc8 R08: 0000000000000000 R09: 0000000000000000
[  499.510969][T10132] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  499.518950][T10132] R13: 0000000000000000 R14: 00007f4d7e545fa0 R15: 00007ffe3ccfb108
[  499.526941][T10132]  </TASK>
[  499.529989][    C1] vkms_vblank_simulate: vblank timer overrun
[  499.535981][T10132] BUG: Bad page state in process syz.2.1087  pfn:684d9
[  499.542850][T10132] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff8880684d9f00 pfn:0x684d9
[  499.552940][T10132] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  499.560089][T10132] raw: 00fff00000000000 dead000000000040 ffff888021ac2000 0000000000000000
[  499.568709][T10132] raw: ffff8880684d9f00 0000000000000001 00000000ffffffff 0000000000000000
[  499.577307][T10132] page dumped because: page_pool leak
[  499.582703][T10132] page_owner tracks the page as allocated
[  499.588442][T10132] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 10132, tgid 10131 (syz.2.1087), ts 493959759578, free_ts 489623899308
[  499.605700][T10132]  post_alloc_hook+0x1f3/0x230
[  499.610497][T10132]  get_page_from_freelist+0x3651/0x37a0
[  499.616111][T10132]  __alloc_pages_noprof+0x292/0x710
[  499.621342][T10132]  alloc_pages_bulk_noprof+0x70b/0xcc0
[  499.626868][T10132]  __page_pool_alloc_pages_slow+0x122/0x690
[  499.632812][T10132]  page_pool_alloc_pages+0xd0/0x1c0
[  499.638032][T10132]  skb_pp_cow_data+0xc43/0x1640
[  499.642929][T10132]  do_xdp_generic+0x505/0xd30
[  499.647624][T10132]  __netif_receive_skb_core+0x1ce9/0x4690
[  499.653371][T10132]  __netif_receive_skb+0x12f/0x650
[  499.658496][T10132]  netif_receive_skb+0x1e8/0x890
[  499.663496][T10132]  tun_rx_batched+0x1b7/0x8f0
[  499.668179][T10132]  tun_get_user+0x30d6/0x4890
[  499.672877][T10132]  tun_chr_write_iter+0x10d/0x1f0
[  499.677930][T10132]  vfs_write+0xaeb/0xd30
[  499.682196][T10132]  ksys_write+0x18f/0x2b0
[  499.686588][T10132] page last free pid 10049 tgid 10049 stack trace:
[  499.693136][T10132]  free_unref_folios+0xf38/0x1a60
[  499.698189][T10132]  folios_put_refs+0x76c/0x860
[  499.702970][T10132]  free_pages_and_swap_cache+0x5c8/0x690
[  499.708667][T10132]  tlb_flush_mmu+0x3a3/0x680
[  499.713273][T10132]  tlb_finish_mmu+0xd4/0x200
[  499.717915][T10132]  exit_mmap+0x496/0xc20
[  499.722199][T10132]  __mmput+0x115/0x3b0
[  499.726302][T10132]  exit_mm+0x220/0x310
[  499.730395][T10132]  do_exit+0x9b2/0x28e0
[  499.734557][T10132]  do_group_exit+0x207/0x2c0
[  499.739191][T10132]  __x64_sys_exit_group+0x3f/0x40
[  499.744240][T10132]  x64_sys_call+0x26a8/0x26b0
[  499.748927][T10132]  do_syscall_64+0xf3/0x230
[  499.753462][T10132]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  499.759368][T10132] Modules linked in:
[  499.763282][T10132] CPU: 1 UID: 0 PID: 10132 Comm: syz.2.1087 Tainted: G    B              6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0
[  499.775520][T10132] Tainted: [B]=BAD_PAGE
[  499.779663][T10132] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  499.789732][T10132] Call Trace:
[  499.793018][T10132]  <TASK>
[  499.795947][T10132]  dump_stack_lvl+0x241/0x360
[  499.800636][T10132]  ? __pfx_dump_stack_lvl+0x10/0x10
[  499.805841][T10132]  ? __pfx_print_modules+0x10/0x10
[  499.810957][T10132]  bad_page+0x176/0x1d0
[  499.815119][T10132]  free_unref_page+0x1048/0x1130
[  499.820151][T10132]  bpf_xdp_frags_shrink_tail+0x3ee/0x7e0
[  499.825797][T10132]  bpf_xdp_adjust_tail+0x1c3/0x200
[  499.830919][T10132]  bpf_prog_f476d5219b92964a+0x1e/0x20
[  499.836389][T10132]  bpf_prog_run_generic_xdp+0x686/0x1510
[  499.842041][T10132]  do_xdp_generic+0x757/0xd30
[  499.846730][T10132]  ? __pfx_do_xdp_generic+0x10/0x10
[  499.851933][T10132]  ? __skb_flow_dissect+0x4f1/0x7d00
[  499.857227][T10132]  __netif_receive_skb_core+0x1ce9/0x4690
[  499.862974][T10132]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  499.869049][T10132]  ? mark_lock+0x9a/0x360
[  499.873381][T10132]  ? __lock_acquire+0x1397/0x2100
[  499.878421][T10132]  __netif_receive_skb+0x12f/0x650
[  499.883553][T10132]  ? __pfx_lock_acquire+0x10/0x10
[  499.888595][T10132]  ? seqcount_lockdep_reader_access+0x1d7/0x220
[  499.894847][T10132]  ? __pfx___netif_receive_skb+0x10/0x10
[  499.900487][T10132]  ? tun_rx_batched+0x160/0x8f0
[  499.905352][T10132]  ? __pfx_lockdep_softirqs_off+0x10/0x10
[  499.911074][T10132]  ? read_tsc+0x9/0x20
[  499.915148][T10132]  ? netif_receive_skb+0x131/0x890
[  499.920263][T10132]  ? netif_receive_skb+0x131/0x890
[  499.925378][T10132]  netif_receive_skb+0x1e8/0x890
[  499.930318][T10132]  ? tun_rx_batched+0x160/0x8f0
[  499.935264][T10132]  ? __pfx_netif_receive_skb+0x10/0x10
[  499.940734][T10132]  ? tun_rx_batched+0x160/0x8f0
[  499.945589][T10132]  tun_rx_batched+0x1b7/0x8f0
[  499.950290][T10132]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  499.956619][T10132]  ? __pfx_lock_acquire+0x10/0x10
[  499.961643][T10132]  ? __pfx_tun_rx_batched+0x10/0x10
[  499.966866][T10132]  tun_get_user+0x30d6/0x4890
[  499.971558][T10132]  ? tun_get_user+0x2bbe/0x4890
[  499.976441][T10132]  ? __lock_acquire+0x1397/0x2100
[  499.981469][T10132]  ? __pfx_tun_get_user+0x10/0x10
[  499.986509][T10132]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  499.991968][T10132]  ? tun_get+0x1e/0x2f0
[  499.996157][T10132]  ? __pfx_lock_release+0x10/0x10
[  500.001185][T10132]  ? tun_get+0x1e/0x2f0
[  500.005345][T10132]  ? tun_get+0x27d/0x2f0
[  500.009595][T10132]  tun_chr_write_iter+0x10d/0x1f0
[  500.014676][T10132]  vfs_write+0xaeb/0xd30
[  500.018934][T10132]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  500.024489][T10132]  ? __pfx_vfs_write+0x10/0x10
[  500.029260][T10132]  ? __fget_files+0x2a/0x410
[  500.033862][T10132]  ? __fget_files+0x2a/0x410
[  500.038463][T10132]  ksys_write+0x18f/0x2b0
[  500.042799][T10132]  ? __pfx_ksys_write+0x10/0x10
[  500.047655][T10132]  ? do_syscall_64+0x100/0x230
[  500.052448][T10132]  ? do_syscall_64+0xb6/0x230
[  500.057135][T10132]  do_syscall_64+0xf3/0x230
[  500.061646][T10132]  ? clear_bhb_loop+0x35/0x90
[  500.066328][T10132]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  500.072231][T10132] RIP: 0033:0x7f4d7e37e98f
[  500.076653][T10132] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  500.096268][T10132] RSP: 002b:00007f4d7f195020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  500.104692][T10132] RAX: ffffffffffffffda RBX: 00007f4d7e545fa0 RCX: 00007f4d7e37e98f
[  500.112666][T10132] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[  500.120642][T10132] RBP: 00007f4d7e3f3cc8 R08: 0000000000000000 R09: 0000000000000000
[  500.128615][T10132] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  500.136587][T10132] R13: 0000000000000000 R14: 00007f4d7e545fa0 R15: 00007ffe3ccfb108
[  500.144596][T10132]  </TASK>
[  500.147640][    C1] vkms_vblank_simulate: vblank timer overrun
[  500.153676][T10132] BUG: Bad page state in process syz.2.1087  pfn:7b656
[  500.160538][T10132] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88807b656f00 pfn:0x7b656
[  500.170650][T10132] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  500.177805][T10132] raw: 00fff00000000000 dead000000000040 ffff888021ac2000 0000000000000000
[  500.186423][T10132] raw: ffff88807b656f00 0000000000000001 00000000ffffffff 0000000000000000
[  500.195027][T10132] page dumped because: page_pool leak
[  500.200428][T10132] page_owner tracks the page as allocated
[  500.206188][T10132] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 10132, tgid 10131 (syz.2.1087), ts 493959751894, free_ts 489623905372
[  500.223447][T10132]  post_alloc_hook+0x1f3/0x230
[  500.228225][T10132]  get_page_from_freelist+0x3651/0x37a0
[  500.233828][T10132]  __alloc_pages_noprof+0x292/0x710
[  500.239074][T10132]  alloc_pages_bulk_noprof+0x70b/0xcc0
[  500.244545][T10132]  __page_pool_alloc_pages_slow+0x122/0x690
[  500.250481][T10132]  page_pool_alloc_pages+0xd0/0x1c0
[  500.255699][T10132]  skb_pp_cow_data+0xc43/0x1640
[  500.260610][T10132]  do_xdp_generic+0x505/0xd30
[  500.265300][T10132]  __netif_receive_skb_core+0x1ce9/0x4690
[  500.271168][T10132]  __netif_receive_skb+0x12f/0x650
[  500.276390][T10132]  netif_receive_skb+0x1e8/0x890
[  500.281356][T10132]  tun_rx_batched+0x1b7/0x8f0
[  500.286088][T10132]  tun_get_user+0x30d6/0x4890
[  500.290773][T10132]  tun_chr_write_iter+0x10d/0x1f0
[  500.295819][T10132]  vfs_write+0xaeb/0xd30
[  500.300082][T10132]  ksys_write+0x18f/0x2b0
[  500.304439][T10132] page last free pid 10049 tgid 10049 stack trace:
[  500.311022][T10132]  free_unref_folios+0xf38/0x1a60
[  500.316079][T10132]  folios_put_refs+0x76c/0x860
[  500.320841][T10132]  free_pages_and_swap_cache+0x5c8/0x690
[  500.326505][T10132]  tlb_flush_mmu+0x3a3/0x680
[  500.331125][T10132]  tlb_finish_mmu+0xd4/0x200
[  500.335731][T10132]  exit_mmap+0x496/0xc20
[  500.339973][T10132]  __mmput+0x115/0x3b0
[  500.344071][T10132]  exit_mm+0x220/0x310
[  500.348138][T10132]  do_exit+0x9b2/0x28e0
[  500.352307][T10132]  do_group_exit+0x207/0x2c0
[  500.357601][T10132]  __x64_sys_exit_group+0x3f/0x40
[  500.362664][T10132]  x64_sys_call+0x26a8/0x26b0
[  500.367354][T10132]  do_syscall_64+0xf3/0x230
[  500.371968][T10132]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  500.377899][T10132] Modules linked in:
[  500.381794][T10132] CPU: 1 UID: 0 PID: 10132 Comm: syz.2.1087 Tainted: G    B              6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0
[  500.394137][T10132] Tainted: [B]=BAD_PAGE
[  500.398290][T10132] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  500.408363][T10132] Call Trace:
[  500.411642][T10132]  <TASK>
[  500.414590][T10132]  dump_stack_lvl+0x241/0x360
[  500.419282][T10132]  ? __pfx_dump_stack_lvl+0x10/0x10
[  500.424489][T10132]  ? __pfx_print_modules+0x10/0x10
[  500.429617][T10132]  bad_page+0x176/0x1d0
[  500.433788][T10132]  free_unref_page+0x1048/0x1130
[  500.438751][T10132]  bpf_xdp_frags_shrink_tail+0x3ee/0x7e0
[  500.444389][T10132]  bpf_xdp_adjust_tail+0x1c3/0x200
[  500.449608][T10132]  bpf_prog_f476d5219b92964a+0x1e/0x20
[  500.455076][T10132]  bpf_prog_run_generic_xdp+0x686/0x1510
[  500.460739][T10132]  do_xdp_generic+0x757/0xd30
[  500.465442][T10132]  ? __pfx_do_xdp_generic+0x10/0x10
[  500.470653][T10132]  ? __skb_flow_dissect+0x4f1/0x7d00
[  500.475950][T10132]  __netif_receive_skb_core+0x1ce9/0x4690
[  500.481689][T10132]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  500.487789][T10132]  ? mark_lock+0x9a/0x360
[  500.492218][T10132]  ? __lock_acquire+0x1397/0x2100
[  500.497257][T10132]  __netif_receive_skb+0x12f/0x650
[  500.502380][T10132]  ? __pfx_lock_acquire+0x10/0x10
[  500.507414][T10132]  ? seqcount_lockdep_reader_access+0x1d7/0x220
[  500.513670][T10132]  ? __pfx___netif_receive_skb+0x10/0x10
[  500.519310][T10132]  ? tun_rx_batched+0x160/0x8f0
[  500.524169][T10132]  ? __pfx_lockdep_softirqs_off+0x10/0x10
[  500.529902][T10132]  ? read_tsc+0x9/0x20
[  500.533982][T10132]  ? netif_receive_skb+0x131/0x890
[  500.539099][T10132]  ? netif_receive_skb+0x131/0x890
[  500.544225][T10132]  netif_receive_skb+0x1e8/0x890
[  500.549194][T10132]  ? tun_rx_batched+0x160/0x8f0
[  500.554054][T10132]  ? __pfx_netif_receive_skb+0x10/0x10
[  500.559522][T10132]  ? tun_rx_batched+0x160/0x8f0
[  500.564381][T10132]  tun_rx_batched+0x1b7/0x8f0
[  500.569075][T10132]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  500.575411][T10132]  ? __pfx_lock_acquire+0x10/0x10
[  500.580430][T10132]  ? __pfx_tun_rx_batched+0x10/0x10
[  500.585640][T10132]  tun_get_user+0x30d6/0x4890
[  500.590321][T10132]  ? tun_get_user+0x2bbe/0x4890
[  500.595190][T10132]  ? __lock_acquire+0x1397/0x2100
[  500.600229][T10132]  ? __pfx_tun_get_user+0x10/0x10
[  500.605266][T10132]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  500.610726][T10132]  ? tun_get+0x1e/0x2f0
[  500.614887][T10132]  ? __pfx_lock_release+0x10/0x10
[  500.619911][T10132]  ? tun_get+0x1e/0x2f0
[  500.624073][T10132]  ? tun_get+0x27d/0x2f0
[  500.628321][T10132]  tun_chr_write_iter+0x10d/0x1f0
[  500.633356][T10132]  vfs_write+0xaeb/0xd30
[  500.637621][T10132]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  500.643187][T10132]  ? __pfx_vfs_write+0x10/0x10
[  500.647992][T10132]  ? __fget_files+0x2a/0x410
[  500.652601][T10132]  ? __fget_files+0x2a/0x410
[  500.657205][T10132]  ksys_write+0x18f/0x2b0
[  500.661551][T10132]  ? __pfx_ksys_write+0x10/0x10
[  500.666411][T10132]  ? do_syscall_64+0x100/0x230
[  500.671185][T10132]  ? do_syscall_64+0xb6/0x230
[  500.675869][T10132]  do_syscall_64+0xf3/0x230
[  500.680378][T10132]  ? clear_bhb_loop+0x35/0x90
[  500.687806][T10132]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  500.695806][T10132] RIP: 0033:0x7f4d7e37e98f
[  500.700225][T10132] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  500.719835][T10132] RSP: 002b:00007f4d7f195020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  500.728341][T10132] RAX: ffffffffffffffda RBX: 00007f4d7e545fa0 RCX: 00007f4d7e37e98f
[  500.736320][T10132] RDX: 0000000000011dc0 RSI: 00000000200004c0 RDI: 00000000000000c8
[  500.744290][T10132] RBP: 00007f4d7e3f3cc8 R08: 0000000000000000 R09: 0000000000000000
[  500.752259][T10132] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  500.760228][T10132] R13: 0000000000000000 R14: 00007f4d7e545fa0 R15: 00007ffe3ccfb108
[  500.768205][T10132]  </TASK>
[  500.771274][    C1] vkms_vblank_simulate: vblank timer overrun