last executing test programs:

59.121587345s ago: executing program 1 (id=1098):
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000080)=0x1, 0x4)
setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000140)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x7ff, 0xf83, 0xa}, 0x1c)
syz_emit_ethernet(0x3e, &(0x7f00000002c0)=ANY=[@ANYBLOB="ffffffffffffaaaaaa"], 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = dup(r1)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}})
write$tun(r3, &(0x7f00000002c0)=ANY=[@ANYBLOB="080086dd0011"], 0xfdef)

58.881450493s ago: executing program 1 (id=1100):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_MSRS(r0, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="0100000005000000014d564b00000000af"])
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000040)={0x3, 0x2, 0xeeee0000, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_RUN(r0, 0xae80, 0x0)

58.79226765s ago: executing program 1 (id=1102):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
setrlimit(0x40000000000008, &(0x7f0000000000))
mlockall(0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'bridge0\x00', <r1=>0x0})
r2 = socket$rxrpc(0x21, 0x2, 0x2)
connect$rxrpc(r2, &(0x7f0000000000)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @dev}}, 0x24)
r3 = socket$inet(0x2, 0x3, 0x4)
setsockopt$inet_opts(r3, 0x0, 0x4, 0x0, 0x0)
connect$inet(r3, &(0x7f0000000080)={0x2, 0x4e20, @remote}, 0x10)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000780)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x202b}, [@IFLA_GROUP={0x8}]}, 0x28}, 0x1, 0x0, 0x0, 0x20048054}, 0x8000)
getsockopt$inet_IP_IPSEC_POLICY(r3, 0x0, 0x10, 0x0, &(0x7f0000004000))
setsockopt$RXRPC_SECURITY_KEY(r2, 0x110, 0x1, 0x0, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)=ANY=[@ANYBLOB="380000005400019b4abd70010000000007000000", @ANYRES32=r1, @ANYBLOB="20000100", @ANYRES32=r1, @ANYBLOB="000002000000000000000000000000000000000186dd"], 0x38}}, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r5, &(0x7f00000002c0), 0x40000000000009f, 0x0)
ioctl$sock_SIOCGIFVLAN_SET_VLAN_EGRESS_PRIORITY_CMD(r5, 0x8982, &(0x7f0000000000)={0x3, 'vlan0\x00', {0x4}, 0x2ddf})

58.660282481s ago: executing program 1 (id=1103):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
r1 = dup(r0)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x3, 0x0, 0x111, 0x4}}, 0x20)
r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x141220, 0x0)
r3 = syz_open_dev$radio(&(0x7f0000002b40), 0x3, 0x2)
ioctl$VIDIOC_QUERYMENU(r3, 0xc02c5625, &(0x7f0000000000)={0x98f907, 0x1, @name="03489dc364b8b035b088af7cd259cf32928518e18ff9ffffff08581448a7fc5e"})
ioctl$PPPIOCNEWUNIT(r2, 0xc004743e, &(0x7f00000000c0))
ioctl$PPPIOCSMRRU(r2, 0x4010744d, &(0x7f0000000080)=0xc)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e24, 0x6, @empty, 0x3}], 0x1c)
sendmsg$inet6(r0, &(0x7f0000000100)={&(0x7f0000000080)={0xa, 0x4e24, 0x8, @loopback, 0xc}, 0x1c, &(0x7f00000003c0)=[{&(0x7f00000000c0)="88", 0x1}], 0x1}, 0x4048043)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000000)='syz_tun\x00', 0x10)
shutdown(r0, 0x1)
sendmsg$inet(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000002c0)="4a378d", 0x34000}], 0x1}, 0x10)

58.431461806s ago: executing program 1 (id=1104):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, 0xffffffffffffffff, 0x0)
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_GET_DEVICE_ATTR_vcpu(r3, 0x4018aee2, &(0x7f0000000300)=@attr_other={0x0, 0x0, 0x51, 0x0})

58.211857243s ago: executing program 1 (id=1106):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', <r2=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000800)=@newqdisc={0x3c, 0x24, 0x3fe3aa0262d8c583, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}, {0x6, 0x6}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0xc, 0x8002, [@TCA_FQ_PIE_QUANTUM={0x8}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x803}, 0x20004004)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000100)={0x0, 0xfffffffc, 0xffdffff8, 0xffffffff, 0x5, "ff000000000000000000000000000200"})
r3 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
mount$9p_fd(0x0, &(0x7f00000001c0)='.\x00', &(0x7f0000000180), 0x0, &(0x7f0000000300)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
r5 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_ADD_MFC_PROXY(r5, 0x0, 0xd2, &(0x7f0000000000)={@empty, @empty, 0x0, "daf86eed51d59c3b227a93fc7264db425e9d015e14f17c0900497e00b3bb00", 0x7, 0x6, 0xffffff9d, 0xffffe6df}, 0x3c)
r6 = socket$igmp(0x2, 0x3, 0x2)
ioctl$SIOCGETSGCNT_IN6(r6, 0x89e1, &(0x7f0000000040)={@empty, @ipv4={'\x00', '\xff\xff', @local}})
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), r1)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r4, &(0x7f00000003c0)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000380)={&(0x7f0000000300)={0x70, r7, 0x400, 0x70bd2d, 0x25dfdbfb, {{}, {@void, @val={0xc, 0x99, {0x8, 0x26}}}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x97b}], @chandef_params=[@NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0x4}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0x6}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x5}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0xfffffffb}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x2fc}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x2}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x21d}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x241}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x156}]]}, 0x70}, 0x1, 0x0, 0x0, 0x305b712d493fcb5}, 0x4048010)
r8 = syz_open_pts(r0, 0x0)
mkdirat(0xffffffffffffffff, &(0x7f0000000400)='./file0\x00', 0xc1)
ioctl$TIOCSTI(r8, 0x5412, &(0x7f0000000000)=0x13)
r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_genetlink_get_family_id$nl802154(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'wpan0\x00', <r11=>0x0})
sendmsg$NL802154_CMD_NEW_INTERFACE(r9, &(0x7f0000000240)={&(0x7f0000000080), 0xc, &(0x7f0000000200)={&(0x7f0000000180)={0x60, r10, 0x8, 0x70bd2c, 0x25dfdbfb, {}, [@NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_IFNAME={0xa, 0x4, 'wpan4\x00'}, @NL802154_ATTR_WPAN_PHY={0x8}, @NL802154_ATTR_IFTYPE={0x8, 0x5, 0x1}, @NL802154_ATTR_EXTENDED_ADDR={0xc, 0x17, {0xaaaaaaaaaaaa0202}}, @NL802154_ATTR_WPAN_DEV={0xc}, @NL802154_ATTR_IFTYPE={0x8, 0x5, 0xffffffff}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r11}]}, 0x60}, 0x1, 0x0, 0x0, 0x88}, 0x20000000)
ioctl$TCXONC(r8, 0x540a, 0x0)

43.171787212s ago: executing program 32 (id=1106):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', <r2=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000800)=@newqdisc={0x3c, 0x24, 0x3fe3aa0262d8c583, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}, {0x6, 0x6}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0xc, 0x8002, [@TCA_FQ_PIE_QUANTUM={0x8}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x803}, 0x20004004)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000100)={0x0, 0xfffffffc, 0xffdffff8, 0xffffffff, 0x5, "ff000000000000000000000000000200"})
r3 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
mount$9p_fd(0x0, &(0x7f00000001c0)='.\x00', &(0x7f0000000180), 0x0, &(0x7f0000000300)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
r5 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_ADD_MFC_PROXY(r5, 0x0, 0xd2, &(0x7f0000000000)={@empty, @empty, 0x0, "daf86eed51d59c3b227a93fc7264db425e9d015e14f17c0900497e00b3bb00", 0x7, 0x6, 0xffffff9d, 0xffffe6df}, 0x3c)
r6 = socket$igmp(0x2, 0x3, 0x2)
ioctl$SIOCGETSGCNT_IN6(r6, 0x89e1, &(0x7f0000000040)={@empty, @ipv4={'\x00', '\xff\xff', @local}})
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), r1)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r4, &(0x7f00000003c0)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000380)={&(0x7f0000000300)={0x70, r7, 0x400, 0x70bd2d, 0x25dfdbfb, {{}, {@void, @val={0xc, 0x99, {0x8, 0x26}}}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x97b}], @chandef_params=[@NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0x4}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0x6}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x5}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0xfffffffb}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x2fc}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x2}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x21d}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x241}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x156}]]}, 0x70}, 0x1, 0x0, 0x0, 0x305b712d493fcb5}, 0x4048010)
r8 = syz_open_pts(r0, 0x0)
mkdirat(0xffffffffffffffff, &(0x7f0000000400)='./file0\x00', 0xc1)
ioctl$TIOCSTI(r8, 0x5412, &(0x7f0000000000)=0x13)
r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_genetlink_get_family_id$nl802154(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'wpan0\x00', <r11=>0x0})
sendmsg$NL802154_CMD_NEW_INTERFACE(r9, &(0x7f0000000240)={&(0x7f0000000080), 0xc, &(0x7f0000000200)={&(0x7f0000000180)={0x60, r10, 0x8, 0x70bd2c, 0x25dfdbfb, {}, [@NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_IFNAME={0xa, 0x4, 'wpan4\x00'}, @NL802154_ATTR_WPAN_PHY={0x8}, @NL802154_ATTR_IFTYPE={0x8, 0x5, 0x1}, @NL802154_ATTR_EXTENDED_ADDR={0xc, 0x17, {0xaaaaaaaaaaaa0202}}, @NL802154_ATTR_WPAN_DEV={0xc}, @NL802154_ATTR_IFTYPE={0x8, 0x5, 0xffffffff}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r11}]}, 0x60}, 0x1, 0x0, 0x0, 0x88}, 0x20000000)
ioctl$TCXONC(r8, 0x540a, 0x0)

5.149669691s ago: executing program 3 (id=1472):
ioctl$vim2m_VIDIOC_REQBUFS(0xffffffffffffffff, 0xc0145608, 0x0)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
sendmsg$NL80211_CMD_NEW_STATION(0xffffffffffffffff, 0x0, 0x80a0)
r1 = eventfd(0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0x4008af12, &(0x7f0000000080)={0x1, 0x7f})
ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, 0x0)
ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000180)=""/53, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000780)={0x1, 0x1, &(0x7f0000000380)=""/240, &(0x7f0000000900)=""/103, &(0x7f0000000800)=""/90})
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000680))
ioctl$VHOST_SET_VRING_ERR(r0, 0x4008af22, &(0x7f00000002c0)={0x1, r1})
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000340)=0x1)
r2 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r2, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000000000)=[{0x0}], 0x1, 0x0, 0x0, 0xc0000}, 0x4000000)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="041817aaaaaaaaaa10"], 0x1a)

5.0994324s ago: executing program 3 (id=1474):
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
r1 = syz_init_net_socket$bt_bnep(0x1f, 0x3, 0x4)
getsockopt$bt_BT_RCVMTU(r1, 0x112, 0xd, &(0x7f0000000040)=0x7fff, &(0x7f0000000100)=0x2)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000040)=@ipv6_newaddr={0x40, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x40}, [@IFA_LOCAL={0x14, 0x2, @ipv4}, @IFA_CACHEINFO={0x14, 0x6, {0x0, 0x7, 0x9, 0xe555}}]}, 0x40}}, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00', <r3=>0x0})
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xc, &(0x7f0000000140)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020692500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000072000000850000000e00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='signal_generate\x00', r5}, 0x18)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0x10, &(0x7f0000000d40)=ANY=[@ANYBLOB="1800000000000000000000000700000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000000b7030000000400008500000083000000bf0900000000000055090100000000009500000000000000850000000f000000bf91000000000000b7020000010000008500000084000000b70000000000000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000180)='signal_generate\x00', r6}, 0x18)
syz_open_procfs$namespace(0x0, 0xfffffffffffffffe)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000b80)=ANY=[@ANYBLOB="700200001300290a000000000000000007000000", @ANYRES32=r3, @ANYBLOB="000000000000000008001a80100003800c0005800800000000000000100003803000018005000c000000000014000500714abbd2547de97cbbf6efb226f19bf90d0002003a288e5e5b5b5a40000000006000078014000400293a0201003b75a67093c28fd6f55a2314000400e48f01e49713f0c2d839f940d9f088d80500060000000000130002006272696467655f696c6176655f30000007000200293a00000500060000000000080001000000000018000180140004004d2906d0880fc8acc30fe2020f9849675000018014000500a1085e7df341b9dc3d8008a2fe5bdaad140004009c7e472c916020fe41bcc5aa8f56c9471400050080ab8be51421cfa3c9e5cbfe8217e0af080001000000000008000100000000006000018005000600000000000500060000000000080001000000000005000600000000000c00020073797a746e6c30000800010000000000130002006272696467655f736c6176655f30000014000500e078d277f38ed3a40a448f3f6b6763e8e0000c8008002b"], 0x270}}, 0x0)
mprotect(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x4)
r7 = socket$nl_route(0x10, 0x3, 0x0)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
r9 = socket$packet(0x11, 0x3, 0x300)
r10 = socket$nl_route(0x10, 0x3, 0x0)
r11 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route(r11, &(0x7f0000000380)={0x0, 0x4076cbba9945d516, &(0x7f0000000340)={0x0, 0x14}}, 0x0)
getsockname$packet(r11, &(0x7f0000000140)={0x11, 0x0, <r12=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r10, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000480)=@newlink={0x54, 0x10, 0x439, 0x70bd29, 0x25dfdbfb, {0x0, 0x0, 0x0, r12, 0x9801}, [@IFLA_LINKINFO={0x34, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0x24, 0x2, 0x0, 0x1, [@IFLA_IPTUN_COLLECT_METADATA={0x4}, @IFLA_IPTUN_FWMARK={0x8, 0x14, 0x3}, @IFLA_IPTUN_REMOTE={0x14, 0x3, @private2}]}}}]}, 0x54}, 0x1, 0x0, 0x0, 0x20048001}, 0x4000004)
sendto$packet(r9, &(0x7f0000000640)="e8b77052a9", 0x28, 0x40, &(0x7f0000000200)={0x11, 0x86dd, r12, 0x1, 0x0, 0x6, @local}, 0x14)
sendmsg$NFT_BATCH(r8, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000800)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01080000000000020000010000000900010073797a30000000002c000000030a05000000000000000000010000000900030073797a31000000000900010073797a300000000084000000060a010400000000000000000100000008000b40000000000900010073797a30000000005c00048040000180080001006e6174003400028008000540eb0000090800014000000001080002"], 0xf8}, 0x1, 0x0, 0x0, 0x814}, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x20040040)
r13 = socket$inet6(0xa, 0x1, 0x4)
getsockopt$inet6_IPV6_IPSEC_POLICY(r13, 0x29, 0x22, &(0x7f00000001c0)={{{@in6=@mcast1, @in6=@private0}}, {{@in=@empty}, 0x0, @in6}}, &(0x7f00000002c0)=0xe4)

4.919708725s ago: executing program 3 (id=1476):
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34)
setsockopt$inet6_IPV6_RTHDR(r0, 0x29, 0x39, &(0x7f0000000500)=ANY=[@ANYBLOB="730a01fa000000000000000000000000000000000000000000000000000000000000ffffffffffff0000000000000000000116ffffffffff20010000000000000000000000000001ff020000000000000000000000000001"], 0x58)
r1 = getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_usbip_server_init(0x1)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000001080)=ANY=[@ANYBLOB="02000000040000000800000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x6, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="09000000060000000800000001"], 0x48)
close(0x3)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004"], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='percpu_alloc_percpu\x00', r5}, 0x10)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='percpu_alloc_percpu\x00', r6}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x3, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r7}, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
r8 = socket(0x1d, 0x2, 0x6)
ioctl$ifreq_SIOCGIFINDEX_vcan(r8, 0x8933, &(0x7f0000000000)={'vcan0\x00'})

2.725258188s ago: executing program 3 (id=1496):
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34)
setsockopt$inet6_IPV6_RTHDR(r0, 0x29, 0x39, &(0x7f0000000500)=ANY=[@ANYBLOB="730a01fa000000000000000000000000000000000000000000000000000000000000ffffffffffff0000000000000000000116ffffffffff20010000000000000000000000000001ff020000000000000000000000000001"], 0x58)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_usbip_server_init(0x1)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000001080)=ANY=[@ANYBLOB="02000000040000000800000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x6, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="09000000060000000800000001"], 0x48)
close(0x3)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004"], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='percpu_alloc_percpu\x00', r4}, 0x10)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='percpu_alloc_percpu\x00', r5}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x3, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x1d, 0x2, 0x6)
ioctl$ifreq_SIOCGIFINDEX_vcan(r7, 0x8933, &(0x7f0000000000)={'vcan0\x00'})

2.525067174s ago: executing program 4 (id=1501):
r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0)
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r2 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x18, 0x3, &(0x7f0000000000)=ANY=[@ANYRESHEX=r2, @ANYRES32=r1], &(0x7f0000000280)='GPL\x00', 0xa, 0xb7, &(0x7f0000000140)=""/183, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, 0x0)
ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, &(0x7f00000000c0)={'aio_iiro_16\x00', [0x4f27, 0x8, 0x10000, 0x10000004, 0x8, 0xfffffbf9, 0x80000003, 0x40000000, 0x800000, 0x100, 0x2, 0x1, 0x1, 0x80000001, 0x4, 0xf, 0x0, 0x0, 0x3, 0x40000003, 0x89, 0xfffffffd, 0x0, 0x20001e56, 0xb, 0xfff, 0x3c, 0x7fffffff, 0x7, 0x8000000, 0xfffffff8]})

2.381725003s ago: executing program 0 (id=1502):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x5, 0x1, 0x0, 0x2000, &(0x7f0000fe5000/0x2000)=nil})
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000200)=ANY=[@ANYBLOB])
ioctl$KVM_RUN(r2, 0xae80, 0x0)

2.231788137s ago: executing program 0 (id=1503):
r0 = socket$qrtr(0x2a, 0x2, 0x0)
sendfile(0xffffffffffffffff, r0, 0x0, 0x9)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x82)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(serpent)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, 0x0, 0x0)
r5 = accept4(r4, 0x0, 0x0, 0x0)
sendmsg$kcm(r5, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000b00)=[{&(0x7f00000003c0)="22a9f90a46390d951b6a9adcb8334c1d9433547660b623f35414674d5918f166ac42ca6801aff7a685de821a873adeda9de7a1e6b0c04849032fa52a90c829b19cd0dac48b2fcf37de88", 0x4a}, {&(0x7f0000000580)="80e3c30995beb709f4e1d4c8d240b5ceccdc469345b7deae8f385f56639e31961f647d7f43cf556ab27152927361ed6be10ac43d25a5b7ac1d6e348231e65710000000000000004c64517f16c3c32864782b92f34b17ccd0bb675d1f30b4a9cd50f0a30349647f76b7a15754c82276d3fa2991125718cb7f679f5af735c998050c78baf3d31a967f0a05c66b35af7c433b2fe845bf3fb66543653e6b446b6fc1fd3746252caec60d94e3d0bd8163561b61703c24112bb999aec443645962a33cde85a4f7d5a060dc35ed8d257b8a3e33d3fab8dc85a00d5a2455d433f9eb8e421b9c23e84952e729dedbb8688fe5f3a1fae319359f3632d750d37dd87410b88761d2801cae271431df80119b11b993b73d4d5dd0687f19cea249d7a3a9b7c054ecc869c628c16dc5e4596ed9f2adbc387ff87dd7a912f752745b04118e31ff7f000000000000744168f3df1c0e8780f3", 0x150}, {&(0x7f0000000900)="a0352269a695013d64d4ae2ad02fafa3272576457d896f4d7f1bb177a85e89c4f91da84ddca5e1c6394ce7e14bd96cac1db918377ff6cda0eab2e85df84e3c1ec65a9743ecd807b0cead57d2eeed02beed266eb9883d7d03be361f69031932bdf88cf300b8c2429cb4c4e656427d9d98f7f4e5a554e1ff32a04d18e3cd9bc7cc75fbe3512d0cf3e7011119982db2af6ed75dfe73658ec12221c273eb0c60dc40edebb45f8a188054bbd6560d3ba09c83c27d23bba2ca92ec63b686d3e5b63a9ace1b69bb7420683bb9868166590fb51b2a", 0xd1}, {&(0x7f0000000180)="442306971c41d898dc06e431256aca", 0xf}], 0x4}, 0x4004011)
recvmsg$unix(r5, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000001f00)=""/4096, 0x1000}], 0x1}, 0x12060)

1.859844585s ago: executing program 0 (id=1505):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f0000000c40)=[{{0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000000)=""/17, 0x11}, {&(0x7f0000000240)=""/197, 0xc5}], 0x2, &(0x7f00000001c0)=""/10, 0xa}, 0x7fff}, {{&(0x7f00000004c0)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @local}}, 0x80, &(0x7f0000000400)=[{&(0x7f0000000540)=""/170, 0xaa}], 0x1, &(0x7f0000000600)=""/59, 0x3b}, 0xfffffffc}, {{&(0x7f0000000740)=@l2={0x1f, 0x0, @none}, 0x80, &(0x7f0000000c00)=[{&(0x7f0000000640)}, {&(0x7f00000007c0)=""/230, 0xe6}, {&(0x7f0000000940)=""/252, 0xfc}, {&(0x7f00000008c0)=""/42, 0x2a}, {&(0x7f0000000a40)=""/207, 0xcf}, {&(0x7f0000000bc0)=""/4, 0x4}], 0x6}, 0xc31}], 0x3, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x8000, 0x0, 0xb49, 0x9, 0x8, 0x1, 0x3}, 0x0)
r2 = inotify_init()
syz_open_pts(0xffffffffffffffff, 0x0)
io_setup(0x7, 0x0)
getpid()
inotify_add_watch(r2, &(0x7f00000000c0)='.\x00', 0x5000009)
r3 = open(&(0x7f0000000180)='./bus\x00', 0x189a7c, 0x113)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, 0x0, 0x0)
r4 = open(&(0x7f0000000040)='./bus\x00', 0x4e142, 0x0)
pwritev2(r4, &(0x7f0000000680)=[{&(0x7f0000000200)="05", 0x6a000}], 0x1, 0x6000000, 0x0, 0x0)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x37fffee, 0x4002011, r3, 0x0)
r5 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000001400), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r5, &(0x7f0000000380)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000340), 0x106}}, 0x20)
r6 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r6, &(0x7f0000000700)={0x0, 0x18, 0xfa00, {0x4000000000000, &(0x7f00000006c0), 0x13f}}, 0x20)
write$RDMA_USER_CM_CMD_CREATE_ID(r6, &(0x7f0000000b80)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000b40), 0x106}}, 0x20)
write$RDMA_USER_CM_CMD_CREATE_ID(r6, &(0x7f00000003c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000900), 0x13f}}, 0x20)
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000001400), 0x2, 0x0)
r7 = socket$inet6(0xa, 0x5, 0x0)
setsockopt$inet_int(r7, 0x0, 0xf, &(0x7f0000d10ffc)=0xfffffffffffffff9, 0x4)
bind$inet6(r7, &(0x7f0000000040)={0xa, 0x0, 0x0, @remote, 0x1}, 0x1c)
r8 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000440), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r8, &(0x7f0000000700)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000006c0), 0x2}}, 0x20)
write$RDMA_USER_CM_CMD_CREATE_ID(r8, &(0x7f0000000b80)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000b40), 0x106}}, 0x20)
write$RDMA_USER_CM_CMD_CREATE_ID(r8, &(0x7f00000003c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000900), 0x111}}, 0x20)

1.801631967s ago: executing program 2 (id=1507):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
r1 = dup(r0)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e24, 0x5, @loopback, 0x3}], 0x1c)
sendmsg$inet6(r0, &(0x7f0000000800)={&(0x7f0000000080)={0xa, 0x4e24, 0x8, @loopback, 0x4}, 0x1c, &(0x7f0000000380)=[{&(0x7f00000000c0)="88", 0x1}], 0x1}, 0x4048043)
syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "8a37f2", 0x14, 0x2c, 0x0, @remote, @local, {[], {{0x2b00, 0xfffc, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0)
r2 = syz_open_dev$video4linux(&(0x7f0000000680), 0x10, 0x204100)
fsetxattr$trusted_overlay_opaque(r2, &(0x7f00000008c0), 0x0, 0x0, 0x2)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)=ANY=[@ANYBLOB="280000001000000200ff76749904b2c4de000000", @ANYRES32=0x0, @ANYBLOB="158804000300000008001b0000000000"], 0x28}, 0x1, 0x0, 0x0, 0x40801}, 0x4000000)
r4 = dup(r0)
setsockopt$SO_BINDTODEVICE(r4, 0x1, 0x19, &(0x7f0000000000)='bond_slave_1\x00', 0x10)
sendmsg$nl_route_sched(r1, &(0x7f0000000b00)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000140)=@newtaction={0x14, 0x30, 0x1, 0x70bd2b, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x2000c800}, 0x2400c800)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000a00), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000480)={'wlan0\x00', <r7=>0x0})
sendmsg$NL80211_CMD_SET_WIPHY(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="000228bd3000fbdbdf2502000000ff"], 0x24}, 0x1, 0x0, 0x0, 0x4008091}, 0x41)
sendmsg$NL80211_CMD_SET_COALESCE(r5, &(0x7f0000000200)={0x0, 0xffffffffffffff8c, &(0x7f0000000b00)={&(0x7f0000000280)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010000000000000000000200000008000300", @ANYRES32=r7, @ANYBLOB="c61837d6e9e49ee1101704255a649f12fd10f4243da19c79f7b28ac7a4f675b21e89f847ee458484d45be119cbc80645c06ee49fdcd8ac83d8"], 0x28}}, 0x0)
setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f00000001c0)={0x0, @in6={{0xa, 0x4e60, 0xfffffff2, @empty, 0x3}}, 0x1000000, 0x31, 0xffff1896, 0x3, 0x6, 0x8, 0x1b}, 0x9c)

1.761235281s ago: executing program 2 (id=1508):
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0) (async)
writev(0xffffffffffffffff, 0x0, 0x0) (async, rerun: 64)
ioctl$MEDIA_IOC_REQUEST_ALLOC(0xffffffffffffffff, 0x80047c05, 0x0) (async, rerun: 64)
sched_setscheduler(0x0, 0x1, 0x0) (async)
openat(0xffffffffffffffff, &(0x7f00000006c0)='./file0\x00', 0x6a001, 0x49) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) (async)
r2 = syz_io_uring_setup(0x23a, &(0x7f00000004c0)={0x0, 0x1c2a, 0x10100, 0x2, 0x0, 0x0, r1}, &(0x7f0000000180)=<r3=>0x0, &(0x7f0000000080)=<r4=>0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r0, 0x0, 0x0, 0x0, {}, 0x1}) (async)
clock_gettime(0x0, &(0x7f0000000200)={<r5=>0x0, <r6=>0x0})
ppoll(&(0x7f00000001c0)=[{r2, 0x21bd}], 0x1, &(0x7f0000000300)={r5, r6+10000000}, &(0x7f0000000340)={[0x7ff, 0x8]}, 0x8) (async, rerun: 64)
io_uring_enter(r2, 0x2ded, 0x4000, 0x0, 0x0, 0x0) (async, rerun: 64)
r7 = openat$ptp0(0xffffffffffffff9c, &(0x7f00000000c0), 0xc0542, 0x0)
readv(r7, &(0x7f00000018c0)=[{&(0x7f0000000840)=""/4096, 0x1000}], 0x1)
r8 = socket$nl_rdma(0x10, 0x3, 0x14)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
socket$netlink(0x10, 0x3, 0x10) (async)
sendmsg$RDMA_NLDEV_CMD_SET(r8, &(0x7f0000000680)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000600)={&(0x7f00000005c0)={0x10, 0x1402, 0x612, 0x70bd29, 0x25dfdbfe}, 0x10}, 0x1, 0x0, 0x0, 0x44850}, 0x8000) (async, rerun: 32)
syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) (rerun: 32)
r10 = syz_open_dev$vim2m(&(0x7f0000000000), 0x800, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r10, 0xc008561c, &(0x7f0000000040)={0xf0f048}) (async)
sendmsg$DEVLINK_CMD_SB_PORT_POOL_GET(r9, &(0x7f0000000540)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x8000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x2}, 0x40801) (async)
syz_emit_ethernet(0xd2, &(0x7f0000000700)=ANY=[@ANYRESDEC=r1], 0x0) (async)
sendmsg$RDMA_NLDEV_CMD_SET(r8, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000002c0)={0x28, 0x1402, 0x1, 0x70bd2c, 0x25dfdbfd, "", [@RDMA_NLDEV_ATTR_DEV_NAME={0x9, 0x2, 'syz2\x00'}, @RDMA_NLDEV_ATTR_DEV_NAME={0x9, 0x2, 'syz1\x00'}]}, 0x28}, 0x1, 0x0, 0x0, 0x24000841}, 0x2000000) (async)
r11 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x5414c2, 0x90)
close(r11) (async, rerun: 32)
socket$nl_netfilter(0x10, 0x3, 0xc) (async, rerun: 32)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000380)={0xf4, 0x0, 0x1, 0x5, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x98, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast2}, {0x8, 0x2, @dev={0xac, 0x14, 0x14, 0x10}}}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, {0x14, 0x4, @rand_addr=' \x01\x00'}}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @empty}, {0x8, 0x2, @remote}}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x3a}}]}, @CTA_TUPLE_REPLY={0x6e, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast2}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_SEQ_ADJ_ORIG={0x1c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x2}, @CTA_SEQADJ_CORRECTION_POS={0x8}, @CTA_SEQADJ_OFFSET_AFTER={0xfffffffffffffd89}]}]}, 0xf4}}, 0x0)

1.602153646s ago: executing program 2 (id=1509):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x21, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000006c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000400)='io_uring_create\x00', r0}, 0x18)
io_uring_setup(0x1de0, &(0x7f00000000c0)={0x0, 0x45d6, 0x70, 0x0, 0x0, 0x0, r0})

1.531783223s ago: executing program 2 (id=1510):
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000000)=0x13)
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0)
r1 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCSETSW2(r1, 0x402c542c, &(0x7f0000000280)={0xffffffff, 0x10000007, 0xc4, 0xfb, 0x1, "09000000b77dad4f0d71652838014cc40bfe00", 0x7, 0x1})
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000140)={0x0, 0x10, &(0x7f0000000100)=[@in={0x2, 0x4e20, @private=0xa010100}]}, &(0x7f0000000180)=0x10)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r2, 0x84, 0x1d, &(0x7f0000000000)={0x1, [<r3=>0x0]}, &(0x7f0000000080)=0x8)
getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r2, 0x84, 0x22, &(0x7f00000000c0)={0x8, 0x8000, 0x7fff, 0x6b, r3}, &(0x7f00000001c0)=0x10)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000080)=0xd)

1.042250931s ago: executing program 4 (id=1511):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x5, 0x1, 0x0, 0x2000, &(0x7f0000fe5000/0x2000)=nil})
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000200)=ANY=[@ANYBLOB="010000000000000003"])
ioctl$KVM_RUN(r2, 0xae80, 0x0)

1.041521244s ago: executing program 3 (id=1512):
ioctl$vim2m_VIDIOC_REQBUFS(0xffffffffffffffff, 0xc0145608, 0x0)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
sendmsg$NL80211_CMD_NEW_STATION(0xffffffffffffffff, 0x0, 0x80a0)
r1 = eventfd(0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0x4008af12, &(0x7f0000000080)={0x1, 0x7f})
ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1)
ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000780)={0x1, 0x1, &(0x7f0000000380)=""/240, &(0x7f0000000900)=""/103, &(0x7f0000000800)=""/90})
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000680))
ioctl$VHOST_SET_VRING_ERR(r0, 0x4008af22, &(0x7f00000002c0)={0x1, r1})
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000340)=0x1)
r2 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r2, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000000000)=[{0x0}], 0x1, 0x0, 0x0, 0xc0000}, 0x4000000)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="041817aaaaaaaaaa10"], 0x1a)

948.541563ms ago: executing program 3 (id=1513):
socketpair$unix(0x1, 0x3, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="190000003fe80000040000000200000000000000cda51022051357cb5db65f849c0c13ee", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000000008000"/28], 0xffffffffffffffb8)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xd, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb70300100800d8b69c9c00000000000085000000330000009500000000000000"], &(0x7f00000004c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000b80)={r1, 0x2000012, 0xe, 0x0, &(0x7f0000000280)="63ec33c9e9b98600000000000000", 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xb}, 0x50)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x3, @pix={0x434c, 0x8, 0x584e4f53, 0x5, 0x4, 0x7, 0x0, 0x5, 0x1, 0x3, 0x2, 0x7}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x1)
removexattr(&(0x7f0000000200)='./cgroup\x00', 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
r3 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCETHTOOL(r3, 0x8946, 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000600)='/sys/power/pm_print_times', 0x2040, 0x1)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
read(r4, &(0x7f0000000080)=""/186, 0xba)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r5, 0x5)
accept4(r5, 0x0, 0x0, 0x80800)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x24040014, &(0x7f0000000000)={0xa, 0x4e22, 0x7, @empty, 0xfffffffe}, 0x1c)
openat$sequencer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
bpf$MAP_CREATE(0x600000000000000, &(0x7f0000000580)=@base={0xf, 0x4, 0x4, 0x20002, 0x0, 0x1, 0xfffffffd, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x4}, 0x48)
socket$inet(0x10, 0x3, 0x0)

947.223179ms ago: executing program 4 (id=1514):
r0 = socket$qrtr(0x2a, 0x2, 0x0)
sendfile(0xffffffffffffffff, r0, 0x0, 0x9)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x82)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(serpent)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, 0x0, 0x0)
r5 = accept4(r4, 0x0, 0x0, 0x0)
sendmsg$kcm(r5, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000b00)=[{&(0x7f00000003c0)="22a9f90a46390d951b6a9adcb8334c1d9433547660b623f35414674d5918f166ac42ca6801aff7a685de821a873adeda9de7a1e6b0c04849032fa52a90c829b19cd0dac48b2fcf37de88", 0x4a}, {&(0x7f0000000580)="80e3c30995beb709f4e1d4c8d240b5ceccdc469345b7deae8f385f56639e31961f647d7f43cf556ab27152927361ed6be10ac43d25a5b7ac1d6e348231e65710000000000000004c64517f16c3c32864782b92f34b17ccd0bb675d1f30b4a9cd50f0a30349647f76b7a15754c82276d3fa2991125718cb7f679f5af735c998050c78baf3d31a967f0a05c66b35af7c433b2fe845bf3fb66543653e6b446b6fc1fd3746252caec60d94e3d0bd8163561b61703c24112bb999aec443645962a33cde85a4f7d5a060dc35ed8d257b8a3e33d3fab8dc85a00d5a2455d433f9eb8e421b9c23e84952e729dedbb8688fe5f3a1fae319359f3632d750d37dd87410b88761d2801cae271431df80119b11b993b73d4d5dd0687f19cea249d7a3a9b7c054ecc869c628c16dc5e4596ed9f2adbc387ff87dd7a912f752745b04118e31ff7f000000000000744168f3df1c0e8780f3", 0x150}, {&(0x7f0000000900)="a0352269a695013d64d4ae2ad02fafa3272576457d896f4d7f1bb177a85e89c4f91da84ddca5e1c6394ce7e14bd96cac1db918377ff6cda0eab2e85df84e3c1ec65a9743ecd807b0cead57d2eeed02beed266eb9883d7d03be361f69031932bdf88cf300b8c2429cb4c4e656427d9d98f7f4e5a554e1ff32a04d18e3cd9bc7cc75fbe3512d0cf3e7011119982db2af6ed75dfe73658ec12221c273eb0c60dc40edebb45f8a188054bbd6560d3ba09c83c27d23bba2ca92ec63b686d3e5b63a9ace1b69bb7420683bb9868166590fb51b2a44b688", 0xd4}, {&(0x7f0000000180)="442306971c41d898dc06e431256aca", 0xf}], 0x4}, 0x4004011)
recvmsg$unix(r5, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000001f00)=""/4096, 0x1000}], 0x1}, 0x12060)

831.588238ms ago: executing program 0 (id=1515):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000004c0), r0)
sendmsg$IEEE802154_LLSEC_DEL_DEVKEY(r1, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000540)={0x20, r2, 0x1, 0x70bd27, 0x25dfdbfd, {}, [@IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan1\x00'}]}, 0x20}, 0x1, 0x0, 0x0, 0x48050}, 0x40)

828.728671ms ago: executing program 0 (id=1516):
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
r0 = open(&(0x7f0000000040)='./file0\x00', 0x400, 0x43)
mknodat$loop(r0, &(0x7f0000000200)='./file1\x00', 0x1000, 0x1)
chdir(&(0x7f00000003c0)='./bus\x00')
linkat(r0, &(0x7f0000000100)='./file1\x00', r0, &(0x7f0000000240)='./file0\x00', 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x86400, 0x0) (fail_nth: 6)

561.918783ms ago: executing program 4 (id=1517):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000004c0), r0)
sendmsg$IEEE802154_LLSEC_DEL_DEVKEY(r1, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000540)={0x2c, r2, 0x1, 0x70bd27, 0x25dfdbfd, {}, [@IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan1\x00'}, @IEEE802154_ATTR_HW_ADDR={0xc, 0x5, {0xaaaaaaaaaaaa0102}}]}, 0x2c}, 0x1, 0x0, 0x0, 0x48050}, 0x40)

561.534955ms ago: executing program 2 (id=1518):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='freezer.state\x00', 0x275a, 0x0)
sendfile(r0, r0, 0x0, 0xffffffff004)
r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_TRAP_GET(r0, &(0x7f00000002c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYBLOB="b0010000", @ANYRES16=r1, @ANYBLOB="bfbb2bbd7000fbdbdf253d0000000e0001006e657464657673696d0000000f0002006e657464657673696d3000001c008200736f757263655f6d61635f69735f6d756c746963617374000e0001006e657464657673696d0000000f0002006e657464657673696d3000001c008200736f757263655f6d61635f69735f6d756c746963617374000e0006006e657464657673696d0000000f0002006e657464657673696d3000001c008200736f757263655f6d61635f69735f6d756c74696361737400080001007063690011000200303030303a30303a31302e30000000001c008200736f757263655f6d61635f69735f6d756c746963617374000e0001006e657464657673696d0000000f0002006e657464657673696d3000001c008200736f757263655f6d61635f69735f6d756c746963617374000e0001006e657464657673696d0000000f0002006e657464657673696d3000001c008200736f757263655f6d61635f69735f6d756c74696361737400080001007063690011000200303030303a30303a31302e30000000001c008200736f757263655f6d61635f69735f6d756c74696361737400e0c11677a81086a7bdd3a2ab4246c326f0750e23a54a6c991a893926fee9db834903c5f4592717969aec8af443cbdb901c19e618267fb12a9e2d5217a217f573e72c38bfdd596e77f03ed56a0f90c855a8fc31905756c3e280ed6e74"], 0x1b0}, 0x1, 0x0, 0x0, 0x20000000}, 0x4048000)
mmap(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x300000a, 0x6031, 0xffffffffffffffff, 0x4466e000)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x13, &(0x7f0000000240)=ANY=[@ANYBLOB="180300000005000000000000000000001801000011af000000000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000020000838500000070000000180100002020752500000000806020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000400000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_emit_ethernet(0xfdef, &(0x7f0000001200)={@local, @broadcast, @void, {@ipv6={0x86dd, @generic={0x0, 0x6, "b81923", 0x0, 0x0, 0x0, @local, @local}}}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000500)={&(0x7f00000005c0)='sys_exit\x00', r2, 0x0, 0x8}, 0x18)
getxattr(0x0, 0x0, 0x0, 0x0)
mbind(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x4006, &(0x7f0000000000)=0x4, 0x5, 0x2)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='freezer.state\x00', 0x275a, 0x0) (async)
sendfile(r0, r0, 0x0, 0xffffffff004) (async)
syz_genetlink_get_family_id$devlink(&(0x7f0000000080), 0xffffffffffffffff) (async)
sendmsg$DEVLINK_CMD_TRAP_GET(r0, &(0x7f00000002c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYBLOB="b0010000", @ANYRES16=r1, @ANYBLOB="bfbb2bbd7000fbdbdf253d0000000e0001006e657464657673696d0000000f0002006e657464657673696d3000001c008200736f757263655f6d61635f69735f6d756c746963617374000e0001006e657464657673696d0000000f0002006e657464657673696d3000001c008200736f757263655f6d61635f69735f6d756c746963617374000e0006006e657464657673696d0000000f0002006e657464657673696d3000001c008200736f757263655f6d61635f69735f6d756c74696361737400080001007063690011000200303030303a30303a31302e30000000001c008200736f757263655f6d61635f69735f6d756c746963617374000e0001006e657464657673696d0000000f0002006e657464657673696d3000001c008200736f757263655f6d61635f69735f6d756c746963617374000e0001006e657464657673696d0000000f0002006e657464657673696d3000001c008200736f757263655f6d61635f69735f6d756c74696361737400080001007063690011000200303030303a30303a31302e30000000001c008200736f757263655f6d61635f69735f6d756c74696361737400e0c11677a81086a7bdd3a2ab4246c326f0750e23a54a6c991a893926fee9db834903c5f4592717969aec8af443cbdb901c19e618267fb12a9e2d5217a217f573e72c38bfdd596e77f03ed56a0f90c855a8fc31905756c3e280ed6e74"], 0x1b0}, 0x1, 0x0, 0x0, 0x20000000}, 0x4048000) (async)
mmap(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x300000a, 0x6031, 0xffffffffffffffff, 0x4466e000) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x13, &(0x7f0000000240)=ANY=[@ANYBLOB="180300000005000000000000000000001801000011af000000000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000020000838500000070000000180100002020752500000000806020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000400000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) (async)
syz_emit_ethernet(0xfdef, &(0x7f0000001200)={@local, @broadcast, @void, {@ipv6={0x86dd, @generic={0x0, 0x6, "b81923", 0x0, 0x0, 0x0, @local, @local}}}}, 0x0) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000500)={&(0x7f00000005c0)='sys_exit\x00', r2, 0x0, 0x8}, 0x18) (async)
getxattr(0x0, 0x0, 0x0, 0x0) (async)
mbind(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x4006, &(0x7f0000000000)=0x4, 0x5, 0x2) (async)

490.064055ms ago: executing program 4 (id=1519):
openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f00000014c0)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000702000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff6d6405000000000065040400010000000404000001000000b7050000400000006a0a80fe000000008500000053000000b7000000000000009500001000000000a80501363034fdb117168bd07ba00af739d1a1ee35fe163a255c33282044b32495ef8ab9adc67ccc945f105d802f5132143c0a9fc7a84452569957c1002ed7d4d8e17f791f4798c8eb483e9973320d046c3126c6afcfd84de03352c69b3edff5be26f8ffa5f8f2879021c2ea53ea79acd7fb38dd1abb75aa393cea26d465637d11f705000000473e7b7c4ae7dd5e4dee88518ddf12dddd4bfc6a4dd3b6beba51074229b0d4b504516c4c3e5d1aa044d8d00728141cd67bcd68f253288e655c6b34e02e90637ef2912ba7de26ff2357ef17f95a25780c3a057844f226ef4e912f01a201e694e3806e8c70e8b69524cd19f7525d8d66bb766f7f3f918c86a70252236800001897133af94a5a4cfc794d8b9d7c33632152c48eaf302f0b2e0c252b00000000000000006f1bbefbe08de65e3762e194ba4cae8b13535d7d11ee917bca4885bbf597a14ab2458efce78510d86272d88e0c8088f404f011289ebc5623faa1182632161e073af1d69a2e36bed435000025ecd201d2ffb0a7fa4f5d11060cdcf071defd0a8be3b69ce3e4f361aca75827426dde87fdf4617222674280f55e98107450c19b9d86329bd5b4697336112b0b8754ce3574046bf6114d1a88597850b77378fa8edfff8faf8b8ec039bab385cac0535373bb8fab90539b1a65ddff841eb671f3faf37ebdfccea0c002ad2b42047c9ec43193ccf617dbf8a12b4f189edbf9fb7c42b1f435ccd4d96822e6b70100912c92e3943e9c4f45d8bcd528fa8a3ea847f10e9b2506f3bb506f1d7fbde8010000000000a073d0de5538ab42e170b3baae34c35987b0dda497ac3f5e97e6e6aeea15c6d5ed24310100000003bb6030f84b63aaf8690db0221b1705c501f802ff59b4e683efa4b6e77e042072bd2ac37d413008ec9eb8166f6e28b49a77ed91befc65315896f88a8fb1dd679fb4c515f8b7a5b7aca6a251a89d47b728502f7e621cc0e3ba04000000c149ee6601728c750d304197c22da8650579475afd96187d881e93b42a5fdfd686d8900c44c67133dad58037fda65885a15a429edfe3027a5ebf95254744f10fd607bc3300b94932b8d944e0b083bbd86b19cb074577a25ff581d92af08a06f857310a2f14326b0b290205e91a682e00c8762cbc6b904c980eef6e6a1def886c95676dce6a8194479700a02b92bdc8d05eae1f24fdd7b80d1bb404c22f681594de2ebb9687219de8d73ac83823feb402a2415a9850d5f0183ec67be96dc0e4c2d7acf1dfe79d6771903b76e21190c22d641030e1ddacf006c3116e1803af20a5f2b5f7ba58aca5bcabbbab24414a3810788e5503e4be66d683daac5f0001000077339b4200000000108a3c87b19d5b9a00c75d84a92d6dcf00ba96edf35ede0e2b57c26e94801b498924166bde57d5f24258d9fd028096cc15a8b912b494d4bbe609031ea1ca65a548971d5d16296dd08e020000007a27310d5d01f8a8a0f5212d7f628f554afea715ccbc66cbb1016490f5d579308cb3188cf2fcaf67e0c16443d526ba4b968f07ae362c2133c168313e84beb871203880dd453c45d0a137d7f5a8b039dbfa62fb2b4214f8e69f967bf1fbd89e77fcca110000000800000000000000f8877994ebdc35f7efd41e3babd9b3782edd6776d5b6cb4ecd72c9de9b5503747d71440378cf2c2c7ea2dc5febb654a867f853713cf4c0bb322fbbe446d18dee4c821275ef18259cafc346c8b3b9fb0f3adcf6ea310a6b9a3f59e29a5909ea047fb61affb4bc8bbea1fb761b8933795b1a91358a7791aa843d07020e8bb6fc18458c49ac6313e7165b7d9f65e94a62b69f1011b94340cdb7303f01e5cdb5682ddf73d65c3de1d88dd7496d6345d5b9de0223988056a53e19a8b96b9640bc6c09d3c2ff894d626b57c776ed53f94d5e22ff148061b37f72bd92924cb1d0a725e19b264346b7cae0251a850de78316503f3c3d395c7e3f04fc8d52583327cd2341ce4b2d092815376299686f41353b2823814563011a2223b9dd00000000000000000000003a131374a3371cb3e2a9bb4d798b91cefa444501f40b7c9589e8c0bb6c82123d2b45ce905d0903b32ecf30e828c71a07a83f3275f3d661d1af0ffbd5d7f0"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
r1 = bpf$OBJ_GET_PROG(0x7, &(0x7f0000000180)=@generic={&(0x7f0000000080)='./file0\x00', 0x0, 0x10}, 0x14)
dup(r1)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000280)={r0, 0xfeffff, 0xe80, 0x3f000002, &(0x7f0000000700)="c45c57ce395de5b289f07d637a223920f181c2e57d71483cfb2d075a3ff07258e080a194805cdb0c26d3f7ffb1e0d9cf4fa36dcb2168b72de48ac8f93e6804f1c4d70898d0810e044d7e1778eaac5dfdcc9f1208905522025bcfdf1b6f969b094d5c022c2b7ffefde71e0627b9a2069cc1e0175c4b8860aad4b0a103c589f676b6c4e85eb3950c533b6e62c39ccf9ae9bfe54ee5887358d44f46337fbe090d7c7e55847edee8130ffd3d1e719e01a68b0e691c0d35b0b56e0b514036342fd56f08ac0083f3c2fe41a1295a3d23cf3d160d4fd90f66beba68860456ed41272e1e68d16c2564c85f5556e18784113c493d13253e14d6eb891707fba3c30d07d5ee8619e4426cafec4cf6a3723c455d09b586b248", 0x0, 0xf0, 0x0, 0xf0, 0xffffff0c}, 0x40)
openat$kvm(0x0, 0x0, 0x0, 0x0)
r2 = io_uring_setup(0x2e15, &(0x7f00000002c0)={0x0, 0x1, 0x1, 0x1, 0x1be})
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
shutdown(r3, 0x0)
r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x2, 0x0, &(0x7f0000000140)={0x0, 0x0})
write(r4, &(0x7f0000000000)="fa", 0xfffffdef)
r5 = socket(0x848000000015, 0x805, 0x0)
bind$inet6(r5, &(0x7f0000000040)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0x1a}, 0x10}, 0x1c)
sendto$inet6(r5, 0x0, 0x0, 0x0, &(0x7f00000003c0)={0xa, 0x0, 0x0, @private2, 0x3ff}, 0x1c)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000005000000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='sched_switch\x00', r6}, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0xb2e}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r7 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r7, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r8 = socket$inet6(0xa, 0x1, 0x8010000000000084)
r9 = syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x101301)
ioctl$USBDEVFS_ALLOW_SUSPEND(r9, 0x5522)
bind$inet6(r8, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c)
connect$inet6(r8, &(0x7f0000000000)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}}, 0x1c)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r8, 0x84, 0x9, &(0x7f0000000300)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x317, 0x1, 0x34, 0x9}, 0x9c)
close_range(r2, 0xffffffffffffffff, 0x0)

170.355085ms ago: executing program 0 (id=1520):
r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0)
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r2 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x18, 0x3, &(0x7f0000000000)=ANY=[@ANYRESHEX=r2, @ANYRES32=r1], &(0x7f0000000280)='GPL\x00', 0xa, 0xb7, &(0x7f0000000140)=""/183, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, 0x0)
ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, &(0x7f00000000c0)={'aio_iiro_16\x00', [0x4f27, 0x8, 0x10000, 0x10000004, 0x8, 0xfffffbf9, 0x80000003, 0x40000000, 0x800000, 0x100, 0x2, 0x1, 0x1, 0x80000001, 0x4, 0xf, 0x0, 0x0, 0x3, 0x40000003, 0x89, 0xfffffffd, 0x0, 0x20001e56, 0xb, 0xfff, 0x3c, 0x7fffffff, 0x7, 0x8000000, 0xfffffff8]})

169.841858ms ago: executing program 2 (id=1521):
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34)
setsockopt$inet6_IPV6_RTHDR(r0, 0x29, 0x39, &(0x7f0000000500)=ANY=[@ANYBLOB="730a01fa000000000000000000000000000000000000000000000000000000000000ffffffffffff0000000000000000000116ffffffffff20010000000000000000000000000001ff020000000000000000000000000001"], 0x58)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_usbip_server_init(0x1)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000001080)=ANY=[@ANYBLOB="02000000040000000800000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x6, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="09000000060000000800000001"], 0x48)
close(0x3)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004"], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='percpu_alloc_percpu\x00', r4}, 0x10)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='percpu_alloc_percpu\x00', r5}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x3, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x1d, 0x2, 0x6)
ioctl$ifreq_SIOCGIFINDEX_vcan(r7, 0x8933, &(0x7f0000000000)={'vcan0\x00'})

0s ago: executing program 4 (id=1522):
ioctl$vim2m_VIDIOC_REQBUFS(0xffffffffffffffff, 0xc0145608, 0x0)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
sendmsg$NL80211_CMD_NEW_STATION(0xffffffffffffffff, 0x0, 0x80a0)
r1 = eventfd(0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0x4008af12, &(0x7f0000000080)={0x1, 0x7f})
ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1)
ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000780)={0x1, 0x1, &(0x7f0000000380)=""/240, &(0x7f0000000900)=""/103, &(0x7f0000000800)=""/90})
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000680))
ioctl$VHOST_SET_VRING_ERR(r0, 0x4008af22, &(0x7f00000002c0)={0x1, r1})
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000340)=0x1)
r2 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r2, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000000000)=[{0x0}], 0x1, 0x0, 0x0, 0xc0000}, 0x4000000)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="041817aaaaaaaaaa10"], 0x1a)

kernel console output (not intermixed with test programs):

97][   T46] vhci_hcd: release socket
[  122.590209][   T46] vhci_hcd: disconnect device
[  122.864413][  T840] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  123.036130][  T840] usb 5-1: config index 0 descriptor too short (expected 39, got 27)
[  123.039620][  T840] usb 5-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  123.043211][  T840] usb 5-1: config 0 interface 0 has no altsetting 0
[  123.048250][  T840] usb 5-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  123.050495][ T7353] netlink: 16 bytes leftover after parsing attributes in process `syz.3.373'.
[  123.051107][  T840] usb 5-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  123.051121][  T840] usb 5-1: Product: syz
[  123.051129][  T840] usb 5-1: Manufacturer: syz
[  123.061938][  T840] usb 5-1: SerialNumber: syz
[  123.071116][  T840] usb 5-1: config 0 descriptor??
[  123.080383][  T840] hub 5-1:0.0: bad descriptor, ignoring hub
[  123.083100][  T840] hub 5-1:0.0: probe with driver hub failed with error -5
[  123.090849][  T840] usb 5-1: selecting invalid altsetting 0
[  123.102576][ T7356] FAULT_INJECTION: forcing a failure.
[  123.102576][ T7356] name failslab, interval 1, probability 0, space 0, times 0
[  123.111178][ T7356] CPU: 2 UID: 0 PID: 7356 Comm: syz.1.375 Not tainted syzkaller #0 PREEMPT(full) 
[  123.111209][ T7356] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  123.111224][ T7356] Call Trace:
[  123.111231][ T7356]  <TASK>
[  123.111241][ T7356]  dump_stack_lvl+0x16c/0x1f0
[  123.111273][ T7356]  should_fail_ex+0x512/0x640
[  123.111301][ T7356]  ? __kvmalloc_node_noprof+0x12e/0x9c0
[  123.111359][ T7356]  should_failslab+0xc2/0x120
[  123.111391][ T7356]  __kvmalloc_node_noprof+0x141/0x9c0
[  123.111429][ T7356]  ? traverse.part.0.constprop.0+0x397/0x650
[  123.111472][ T7356]  ? traverse.part.0.constprop.0+0x397/0x650
[  123.111507][ T7356]  traverse.part.0.constprop.0+0x397/0x650
[  123.111554][ T7356]  seq_lseek+0x2bb/0x450
[  123.111595][ T7356]  proc_reg_llseek+0x205/0x2f0
[  123.111631][ T7356]  ksys_lseek+0xf3/0x1b0
[  123.111669][ T7356]  __do_fast_syscall_32+0x7c/0x300
[  123.111701][ T7356]  do_fast_syscall_32+0x32/0x80
[  123.111728][ T7356]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  123.111757][ T7356] RIP: 0023:0xf70bd579
[  123.111775][ T7356] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  123.111796][ T7356] RSP: 002b:00000000f54ad55c EFLAGS: 00000296 ORIG_RAX: 0000000000000013
[  123.111819][ T7356] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000401
[  123.111834][ T7356] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  123.111846][ T7356] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  123.111859][ T7356] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  123.111872][ T7356] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  123.111904][ T7356]  </TASK>
[  123.335911][ T7364] netlink: 'syz.1.379': attribute type 10 has an invalid length.
[  123.342282][ T7364] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  123.361505][ T7363] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  123.693523][ T7371] netlink: 40 bytes leftover after parsing attributes in process `syz.3.382'.
[  123.699097][ T7371] netlink: 28 bytes leftover after parsing attributes in process `syz.3.382'.
[  125.055851][ T6026] vhci_hcd: vhci_device speed not set
[  125.555630][ T7418] netlink: 16 bytes leftover after parsing attributes in process `syz.2.391'.
[  125.594215][ T7413] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6)
[  125.596536][ T7413] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  125.604386][ T7413] vhci_hcd vhci_hcd.0: Device attached
[  125.802967][ T7420] vhci_hcd: connection closed
[  125.803370][   T12] vhci_hcd: stop threads
[  125.807481][   T12] vhci_hcd: release socket
[  125.809578][   T12] vhci_hcd: disconnect device
[  125.914228][ T6026] vhci_hcd: vhci_device speed not set
[  126.777219][  T839] usb 5-1: USB disconnect, device number 4
[  126.827198][ T7453] netlink: 16 bytes leftover after parsing attributes in process `syz.3.408'.
[  127.170891][ T7462] netlink: 48 bytes leftover after parsing attributes in process `syz.2.411'.
[  127.178643][ T7462] overlayfs: failed to resolve './file2': -2
[  127.329887][ T7467] 9pnet_virtio: no channels available for device syz
[  127.384363][   T53] vhci_hcd: vhci_device speed not set
[  127.833563][ T7486] fuse: Bad value for 'fd'
[  128.595714][ T7527] netlink: 'syz.3.435': attribute type 5 has an invalid length.
[  128.602900][   T40] kauditd_printk_skb: 6 callbacks suppressed
[  128.602912][   T40] audit: type=1326 audit(1759825616.062:356): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7525 comm="syz.3.435" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f46579 code=0x7ffc0000
[  128.611717][   T40] audit: type=1326 audit(1759825616.062:357): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7525 comm="syz.3.435" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f46579 code=0x7ffc0000
[  128.613876][ T7527] netlink: 8 bytes leftover after parsing attributes in process `syz.3.435'.
[  128.618653][   T40] audit: type=1326 audit(1759825616.072:358): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7525 comm="syz.3.435" exe="/syz-executor" sig=0 arch=40000003 syscall=323 compat=1 ip=0xf7f46579 code=0x7ffc0000
[  128.618680][   T40] audit: type=1326 audit(1759825616.072:359): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7525 comm="syz.3.435" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f46579 code=0x7ffc0000
[  128.618700][   T40] audit: type=1326 audit(1759825616.072:360): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7525 comm="syz.3.435" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f46579 code=0x7ffc0000
[  128.645385][   T40] audit: type=1326 audit(1759825616.072:361): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7525 comm="syz.3.435" exe="/syz-executor" sig=0 arch=40000003 syscall=370 compat=1 ip=0xf7f46579 code=0x7ffc0000
[  128.652531][   T40] audit: type=1326 audit(1759825616.072:362): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7525 comm="syz.3.435" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f46579 code=0x7ffc0000
[  128.659967][   T40] audit: type=1326 audit(1759825616.072:363): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7525 comm="syz.3.435" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7f46579 code=0x7ffc0000
[  128.666881][   T40] audit: type=1326 audit(1759825616.072:364): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7525 comm="syz.3.435" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f46579 code=0x7ffc0000
[  128.673849][   T40] audit: type=1326 audit(1759825616.072:365): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7525 comm="syz.3.435" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f46579 code=0x7ffc0000
[  130.260511][ T7545] netlink: 208 bytes leftover after parsing attributes in process `syz.1.440'.
[  131.049623][ T7566] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(6)
[  131.052092][ T7566] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  131.058309][ T7566] vhci_hcd vhci_hcd.0: Device attached
[  131.279300][ T7577] FAULT_INJECTION: forcing a failure.
[  131.279300][ T7577] name failslab, interval 1, probability 0, space 0, times 0
[  131.284702][ T7577] CPU: 3 UID: 0 PID: 7577 Comm: syz.3.450 Not tainted syzkaller #0 PREEMPT(full) 
[  131.284738][ T7577] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  131.284748][ T7577] Call Trace:
[  131.284754][ T7577]  <TASK>
[  131.284761][ T7577]  dump_stack_lvl+0x16c/0x1f0
[  131.284784][ T7577]  should_fail_ex+0x512/0x640
[  131.284808][ T7577]  should_failslab+0xc2/0x120
[  131.284830][ T7577]  kmem_cache_alloc_noprof+0x75/0x6e0
[  131.284847][ T7577]  ? skb_clone+0x190/0x3f0
[  131.284870][ T7577]  ? skb_clone+0x190/0x3f0
[  131.284887][ T7577]  skb_clone+0x190/0x3f0
[  131.284906][ T7577]  netlink_deliver_tap+0xabd/0xd30
[  131.284930][ T7577]  netlink_dump+0x881/0xd30
[  131.284951][ T7577]  ? __pfx_netlink_dump+0x10/0x10
[  131.284980][ T7577]  ? __inet_diag_dump_start+0x541/0x960
[  131.285008][ T7577]  __netlink_dump_start+0x6d6/0x990
[  131.285030][ T7577]  inet_diag_handler_cmd+0x282/0x2e0
[  131.285052][ T7577]  ? __pfx_inet_diag_handler_cmd+0x10/0x10
[  131.285074][ T7577]  ? __pfx_inet_diag_dump_start+0x10/0x10
[  131.285093][ T7577]  ? __pfx_inet_diag_dump+0x10/0x10
[  131.285112][ T7577]  ? __pfx_inet_diag_dump_done+0x10/0x10
[  131.285135][ T7577]  ? sock_diag_lock_handler+0x10f/0x2e0
[  131.285158][ T7577]  sock_diag_rcv_msg+0x438/0x790
[  131.285177][ T7577]  netlink_rcv_skb+0x155/0x420
[  131.285196][ T7577]  ? __pfx_sock_diag_rcv_msg+0x10/0x10
[  131.285214][ T7577]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  131.285249][ T7577]  netlink_unicast+0x5aa/0x870
[  131.285272][ T7577]  ? __pfx_netlink_unicast+0x10/0x10
[  131.285308][ T7577]  netlink_sendmsg+0x8c8/0xdd0
[  131.285331][ T7577]  ? __pfx_netlink_sendmsg+0x10/0x10
[  131.285354][ T7577]  ? aa_sock_msg_perm.constprop.0+0x100/0x1d0
[  131.285381][ T7577]  ____sys_sendmsg+0xa98/0xc70
[  131.285407][ T7577]  ? __pfx_____sys_sendmsg+0x10/0x10
[  131.285428][ T7577]  ? get_compat_msghdr+0x11a/0x170
[  131.285457][ T7577]  ___sys_sendmsg+0x134/0x1d0
[  131.285477][ T7577]  ? __pfx____sys_sendmsg+0x10/0x10
[  131.285508][ T7577]  ? find_held_lock+0x2b/0x80
[  131.285540][ T7577]  __sys_sendmsg+0x16d/0x220
[  131.285560][ T7577]  ? __pfx___sys_sendmsg+0x10/0x10
[  131.285589][ T7577]  ? rcu_is_watching+0x12/0xc0
[  131.285611][ T7577]  __do_fast_syscall_32+0x7c/0x300
[  131.285632][ T7577]  do_fast_syscall_32+0x32/0x80
[  131.285651][ T7577]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  131.285671][ T7577] RIP: 0023:0xf7f46579
[  131.285685][ T7577] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  131.285701][ T7577] RSP: 002b:00000000f53f055c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  131.285717][ T7577] RAX: ffffffffffffffda RBX: 000000000000000d RCX: 0000000080000180
[  131.285728][ T7577] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  131.285737][ T7577] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  131.285746][ T7577] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  131.285755][ T7577] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  131.285778][ T7577]  </TASK>
[  131.304138][   T53] usb 37-1: new low-speed USB device number 3 using vhci_hcd
[  131.539272][ T7569] vhci_hcd: connection closed
[  131.542603][   T12] vhci_hcd: stop threads
[  131.550216][   T12] vhci_hcd: release socket
[  131.552057][   T12] vhci_hcd: disconnect device
[  131.564128][   T53] usb 37-1: enqueue for inactive port 0
[  131.644251][   T53] vhci_hcd: vhci_device speed not set
[  132.663204][ T7612] netlink: 12 bytes leftover after parsing attributes in process `syz.3.462'.
[  132.681408][ T7613] netlink: 12 bytes leftover after parsing attributes in process `syz.3.462'.
[  133.215589][ T7643] 9pnet_virtio: no channels available for device syz
[  134.083949][ T7655] tipc: Started in network mode
[  134.086330][ T7655] tipc: Node identity d6836c31907a, cluster identity 4711
[  134.089329][ T7655] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  134.092897][ T7655] syzkaller0: entered promiscuous mode
[  134.094842][ T7655] syzkaller0: entered allmulticast mode
[  134.136382][ T7655] tipc: Resetting bearer <eth:syzkaller0>
[  134.142474][ T7655] 9pnet_virtio: no channels available for device syz
[  134.151354][ T7654] tipc: Resetting bearer <eth:syzkaller0>
[  134.193386][ T7654] tipc: Disabling bearer <eth:syzkaller0>
[  134.317444][ T7661] fuse: Bad value for 'rootmode'
[  135.544181][ T6005] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  135.693534][ T7691] FAULT_INJECTION: forcing a failure.
[  135.693534][ T7691] name failslab, interval 1, probability 0, space 0, times 0
[  135.697510][ T7691] CPU: 0 UID: 0 PID: 7691 Comm: syz.1.491 Not tainted syzkaller #0 PREEMPT(full) 
[  135.697525][ T7691] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  135.697532][ T7691] Call Trace:
[  135.697536][ T7691]  <TASK>
[  135.697540][ T7691]  dump_stack_lvl+0x16c/0x1f0
[  135.697557][ T7691]  should_fail_ex+0x512/0x640
[  135.697573][ T7691]  should_failslab+0xc2/0x120
[  135.697588][ T7691]  kmem_cache_alloc_noprof+0x75/0x6e0
[  135.697599][ T7691]  ? dst_alloc+0x99/0x1a0
[  135.697612][ T7691]  ? __pfx_ip6_dst_gc+0x10/0x10
[  135.697622][ T7691]  ? dst_alloc+0x99/0x1a0
[  135.697631][ T7691]  dst_alloc+0x99/0x1a0
[  135.697642][ T7691]  ip6_pol_route+0x96b/0x1230
[  135.697660][ T7691]  ? __pfx_ip6_pol_route+0x10/0x10
[  135.697680][ T7691]  ? __local_bh_enable_ip+0xa4/0x120
[  135.697695][ T7691]  ? __pfx_ip6_pol_route_input+0x10/0x10
[  135.697711][ T7691]  fib6_rule_lookup+0x536/0x720
[  135.697727][ T7691]  ? __pfx_fib6_rule_lookup+0x10/0x10
[  135.697742][ T7691]  ? nf_nat_ipv6_fn+0xff/0x2e0
[  135.697758][ T7691]  ? __pfx_nf_nat_ipv6_fn+0x10/0x10
[  135.697774][ T7691]  ? inet6_ehashfn+0x87/0x4f0
[  135.697787][ T7691]  ? __pfx_inet6_ehashfn+0x10/0x10
[  135.697800][ T7691]  ? ip6table_mangle_hook+0xcb/0x770
[  135.697818][ T7691]  ip6_route_input+0x662/0xc70
[  135.697834][ T7691]  ? __inet6_lookup_established+0x66e/0xc60
[  135.697848][ T7691]  ? __pfx_ip6_route_input+0x10/0x10
[  135.697869][ T7691]  ? __pfx___inet6_lookup_established+0x10/0x10
[  135.697886][ T7691]  ? tcp_v6_early_demux+0x3f3/0xbe0
[  135.697904][ T7691]  ip6_rcv_finish_core.constprop.0+0x1a0/0x5d0
[  135.697923][ T7691]  ipv6_rcv+0x1e8/0x650
[  135.697940][ T7691]  ? __pfx_ipv6_rcv+0x10/0x10
[  135.697955][ T7691]  __netif_receive_skb_one_core+0x12d/0x1e0
[  135.697966][ T7691]  ? __pfx___netif_receive_skb_one_core+0x10/0x10
[  135.697977][ T7691]  ? lock_acquire+0x179/0x350
[  135.697993][ T7691]  ? __phys_addr+0xe8/0x180
[  135.698009][ T7691]  __netif_receive_skb+0x1d/0x160
[  135.698019][ T7691]  netif_receive_skb+0x137/0x7b0
[  135.698029][ T7691]  ? __pfx_netif_receive_skb+0x10/0x10
[  135.698048][ T7691]  tun_rx_batched.isra.0+0x3ee/0x740
[  135.698065][ T7691]  ? __pfx_tun_rx_batched.isra.0+0x10/0x10
[  135.698082][ T7691]  ? tun_get_user+0x1ded/0x3cc0
[  135.698096][ T7691]  ? rcu_is_watching+0x12/0xc0
[  135.698110][ T7691]  tun_get_user+0x28b2/0x3cc0
[  135.698131][ T7691]  ? __pfx_tun_get_user+0x10/0x10
[  135.698147][ T7691]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  135.698166][ T7691]  ? find_held_lock+0x2b/0x80
[  135.698177][ T7691]  ? tun_get+0x191/0x370
[  135.698194][ T7691]  tun_chr_write_iter+0xdc/0x210
[  135.698210][ T7691]  vfs_write+0x7d3/0x11d0
[  135.698223][ T7691]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  135.698240][ T7691]  ? __pfx_vfs_write+0x10/0x10
[  135.698250][ T7691]  ? find_held_lock+0x2b/0x80
[  135.698269][ T7691]  ksys_write+0x12a/0x250
[  135.698283][ T7691]  ? __pfx_ksys_write+0x10/0x10
[  135.698295][ T7691]  ? rcu_is_watching+0x12/0xc0
[  135.698308][ T7691]  __do_fast_syscall_32+0x7c/0x300
[  135.698323][ T7691]  do_fast_syscall_32+0x32/0x80
[  135.698335][ T7691]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  135.698349][ T7691] RIP: 0023:0xf70bd579
[  135.698358][ T7691] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  135.698368][ T7691] RSP: 002b:00000000f54ad520 EFLAGS: 00000293 ORIG_RAX: 0000000000000004
[  135.698379][ T7691] RAX: ffffffffffffffda RBX: 00000000000000c8 RCX: 0000000080000000
[  135.698385][ T7691] RDX: 000000000000004a RSI: 00000000f7455ff4 RDI: 0000000000000000
[  135.698391][ T7691] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  135.698397][ T7691] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  135.698403][ T7691] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  135.698416][ T7691]  </TASK>
[  135.705964][ T6005] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  135.838146][ T6005] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  135.930487][ T6005] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66
[  135.933232][ T6005] usb 5-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  135.939823][ T6005] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  135.943215][ T6005] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  135.946032][ T6005] usb 5-1: Product: syz
[  135.947337][ T6005] usb 5-1: Manufacturer: syz
[  136.010721][ T7645] Set syz1 is full, maxelem 65536 reached
[  136.158327][ T7679] netlink: 32 bytes leftover after parsing attributes in process `syz.0.485'.
[  136.163145][   T10] usb 5-1: USB disconnect, device number 5
[  136.169532][ T7694] netlink: 16 bytes leftover after parsing attributes in process `syz.1.492'.
[  136.251750][ T7700] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(6)
[  136.253919][ T7700] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  136.257777][ T7700] vhci_hcd vhci_hcd.0: Device attached
[  136.387736][ T7708] tipc: Started in network mode
[  136.389407][ T7708] tipc: Node identity 52b4b850d016, cluster identity 4711
[  136.392330][ T7708] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  136.397153][ T7708] syzkaller0: entered promiscuous mode
[  136.399522][ T7708] syzkaller0: entered allmulticast mode
[  136.420484][ T7708] tipc: Resetting bearer <eth:syzkaller0>
[  136.538599][ T7707] tipc: Resetting bearer <eth:syzkaller0>
[  136.548785][ T7707] tipc: Disabling bearer <eth:syzkaller0>
[  136.554196][ T6005] usb 41-1: new low-speed USB device number 5 using vhci_hcd
[  136.741685][ T7718] netlink: 8 bytes leftover after parsing attributes in process `syz.1.501'.
[  136.950482][   T40] kauditd_printk_skb: 17 callbacks suppressed
[  136.950493][   T40] audit: type=1326 audit(1759825624.412:383): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7723 comm="syz.0.503" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6ffd579 code=0x7ffc0000
[  136.960310][   T40] audit: type=1326 audit(1759825624.432:384): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7723 comm="syz.0.503" exe="/syz-executor" sig=0 arch=40000003 syscall=394 compat=1 ip=0xf6ffd579 code=0x7ffc0000
[  136.968829][   T40] audit: type=1326 audit(1759825624.432:385): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7723 comm="syz.0.503" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6ffd579 code=0x7ffc0000
[  136.976899][   T40] audit: type=1326 audit(1759825624.442:386): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7723 comm="syz.0.503" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf6ffd579 code=0x7ffc0000
[  136.983566][   T40] audit: type=1326 audit(1759825624.442:387): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7723 comm="syz.0.503" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6ffd579 code=0x7ffc0000
[  136.992908][   T40] audit: type=1326 audit(1759825624.462:388): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7723 comm="syz.0.503" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf6ffd579 code=0x7ffc0000
[  136.993092][ T7701] vhci_hcd: connection reset by peer
[  137.001302][   T40] audit: type=1326 audit(1759825624.472:389): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7723 comm="syz.0.503" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6ffd579 code=0x7ffc0000
[  137.010431][   T40] audit: type=1326 audit(1759825624.472:390): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7723 comm="syz.0.503" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf6ffd579 code=0x7ffc0000
[  137.018427][   T40] audit: type=1326 audit(1759825624.482:391): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7723 comm="syz.0.503" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6ffd579 code=0x7ffc0000
[  137.025896][   T40] audit: type=1326 audit(1759825624.492:392): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7723 comm="syz.0.503" exe="/syz-executor" sig=0 arch=40000003 syscall=4 compat=1 ip=0xf6ffd579 code=0x7ffc0000
[  137.051724][   T61] vhci_hcd: stop threads
[  137.053319][   T61] vhci_hcd: release socket
[  137.055564][   T61] vhci_hcd: disconnect device
[  137.558495][ T1416] ieee802154 phy0 wpan0: encryption failed: -22
[  137.561182][ T1416] ieee802154 phy1 wpan1: encryption failed: -22
[  137.763792][ T7737] overlayfs: overlapping lowerdir path
[  137.776641][ T7741] netlink: 144 bytes leftover after parsing attributes in process `syz.0.508'.
[  137.780687][ T7741] netlink: 144 bytes leftover after parsing attributes in process `syz.0.508'.
[  139.126417][ T7771] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(6)
[  139.128493][ T7771] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  139.131134][ T7771] vhci_hcd vhci_hcd.0: Device attached
[  139.996598][ T7773] vhci_hcd: connection closed
[  139.996866][ T1151] vhci_hcd: stop threads
[  140.000220][ T1151] vhci_hcd: release socket
[  140.001858][ T1151] vhci_hcd: disconnect device
[  140.227868][ T7811] bridge: RTM_NEWNEIGH with invalid ether address
[  141.714415][ T6005] vhci_hcd: vhci_device speed not set
[  142.160942][ T7866] mmap: syz.3.532 (7866) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  142.364244][   T10] usb 5-1: new full-speed USB device number 6 using dummy_hcd
[  142.578931][   T10] usb 5-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  142.591175][   T10] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x94, changing to 0x84
[  142.596571][   T10] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid maxpacket 12336, setting to 64
[  142.598129][ T5943] Bluetooth: hci2: command 0x0406 tx timeout
[  142.600227][   T10] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[  142.616897][   T10] usb 5-1: New USB device found, idVendor=084e, idProduct=1001, bcdDevice=ed.ae
[  142.619454][ T7898] netlink: 16 bytes leftover after parsing attributes in process `syz.1.538'.
[  142.630554][   T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  142.638550][   T10] usb 5-1: Product: syz
[  142.640441][   T10] usb 5-1: Manufacturer: syz
[  142.642147][   T10] usb 5-1: SerialNumber: syz
[  142.649081][   T10] usb 5-1: config 0 descriptor??
[  142.660154][   T10] input: KB Gear Tablet as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.0/input/input9
[  142.700577][ T7902] netlink: 44 bytes leftover after parsing attributes in process `syz.3.541'.
[  142.842305][ T7906] netlink: 340 bytes leftover after parsing attributes in process `syz.3.543'.
[  142.855080][ T7906] bridge: RTM_NEWNEIGH with invalid ether address
[  142.945234][ T7910] evm: overlay not supported
[  142.960937][  T840] usb 5-1: USB disconnect, device number 6
[  143.415255][ T7920] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  143.470096][ T7920] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  143.629209][ T7920] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  143.640103][ T7933] ipvlan1: entered promiscuous mode
[  143.642375][ T7933] ipvlan1: entered allmulticast mode
[  143.644454][ T7933] veth0_vlan: entered allmulticast mode
[  143.646355][ T7933] FAULT_INJECTION: forcing a failure.
[  143.646355][ T7933] name failslab, interval 1, probability 0, space 0, times 0
[  143.651020][ T7933] CPU: 3 UID: 0 PID: 7933 Comm: syz.2.552 Not tainted syzkaller #0 PREEMPT(full) 
[  143.651039][ T7933] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  143.651047][ T7933] Call Trace:
[  143.651053][ T7933]  <TASK>
[  143.651059][ T7933]  dump_stack_lvl+0x16c/0x1f0
[  143.651081][ T7933]  should_fail_ex+0x512/0x640
[  143.651099][ T7933]  should_failslab+0xc2/0x120
[  143.651116][ T7933]  __kmalloc_cache_noprof+0x72/0x780
[  143.651134][ T7933]  ? __lock_acquire+0xb97/0x1ce0
[  143.651157][ T7933]  ? __hw_addr_add_ex+0x3c9/0x7c0
[  143.651177][ T7933]  ? __hw_addr_add_ex+0x3c9/0x7c0
[  143.651193][ T7933]  __hw_addr_add_ex+0x3c9/0x7c0
[  143.651211][ T7933]  ? __pfx___hw_addr_add_ex+0x10/0x10
[  143.651226][ T7933]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  143.651243][ T7933]  ? arp_mc_map+0x1df/0x9c0
[  143.651257][ T7933]  dev_mc_add+0xb6/0x110
[  143.651274][ T7933]  igmp_group_added+0x82f/0x980
[  143.651289][ T7933]  ? __pfx_igmp_group_added+0x10/0x10
[  143.651306][ T7933]  ? __local_bh_enable_ip+0xa4/0x120
[  143.651322][ T7933]  ____ip_mc_inc_group+0x7d6/0x10f0
[  143.651336][ T7933]  ? ib_device_get_by_netdev+0x1b8/0x520
[  143.651352][ T7933]  ? __pfx_____ip_mc_inc_group+0x10/0x10
[  143.651366][ T7933]  ? ib_device_get_by_netdev+0x1c2/0x520
[  143.651382][ T7933]  ip_mc_up+0x154/0x3b0
[  143.651398][ T7933]  inetdev_event+0xafb/0x18a0
[  143.651416][ T7933]  ? ib_netdevice_event+0xfc/0x330
[  143.651428][ T7933]  ? __pfx_inetdev_event+0x10/0x10
[  143.651443][ T7933]  ? wext_netdev_notifier_call+0xe/0x20
[  143.651456][ T7933]  ? cfg802154_netdev_notifier_call+0x391/0xa00
[  143.651471][ T7933]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  143.651493][ T7933]  notifier_call_chain+0xbc/0x410
[  143.651508][ T7933]  ? __pfx_inetdev_event+0x10/0x10
[  143.651526][ T7933]  call_netdevice_notifiers_info+0xbe/0x140
[  143.651544][ T7933]  __dev_notify_flags+0x12c/0x2e0
[  143.651558][ T7933]  ? __pfx___dev_notify_flags+0x10/0x10
[  143.651571][ T7933]  ? __pfx___dev_change_flags+0x10/0x10
[  143.651582][ T7933]  ? find_held_lock+0x2b/0x80
[  143.651592][ T7933]  ? validate_linkmsg+0x57c/0xb60
[  143.651609][ T7933]  netif_change_flags+0x108/0x160
[  143.651622][ T7933]  do_setlink.constprop.0+0xb53/0x4380
[  143.651641][ T7933]  ? __pfx_do_setlink.constprop.0+0x10/0x10
[  143.651657][ T7933]  ? __lock_acquire+0xb97/0x1ce0
[  143.651674][ T7933]  ? kasan_save_stack+0x42/0x60
[  143.651688][ T7933]  ? __mutex_trylock_common+0xe9/0x250
[  143.651704][ T7933]  ? __pfx___mutex_trylock_common+0x10/0x10
[  143.651720][ T7933]  ? __pfx___might_resched+0x10/0x10
[  143.651733][ T7933]  ? rcu_is_watching+0x12/0xc0
[  143.651761][ T7933]  ? trace_contention_end+0xdd/0x130
[  143.651777][ T7933]  ? __mutex_lock+0x1c5/0x1060
[  143.651790][ T7933]  ? __nla_validate_parse+0x600/0x2880
[  143.651809][ T7933]  ? rcu_is_watching+0x12/0xc0
[  143.651821][ T7933]  ? __pfx___mutex_lock+0x10/0x10
[  143.651838][ T7933]  ? full_name_hash+0xbc/0x110
[  143.651853][ T7933]  ? netdev_name_node_lookup+0x127/0x180
[  143.651873][ T7933]  rtnl_newlink+0x1446/0x2000
[  143.651892][ T7933]  ? __pfx_rtnl_newlink+0x10/0x10
[  143.651907][ T7933]  ? kmem_cache_free+0x2d4/0x6c0
[  143.651919][ T7933]  ? kfree_skbmem+0x1a4/0x1f0
[  143.651940][ T7933]  ? __lock_acquire+0x62e/0x1ce0
[  143.651956][ T7933]  ? rcu_is_watching+0x12/0xc0
[  143.651973][ T7933]  ? __pfx_rtnl_newlink+0x10/0x10
[  143.651985][ T7933]  ? __pfx_rtnl_newlink+0x10/0x10
[  143.651996][ T7933]  ? rtnetlink_rcv_msg+0x93a/0xe90
[  143.652010][ T7933]  ? __pfx_rtnl_newlink+0x10/0x10
[  143.652023][ T7933]  rtnetlink_rcv_msg+0x95b/0xe90
[  143.652037][ T7933]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  143.652054][ T7933]  ? ref_tracker_free+0x37c/0x830
[  143.652070][ T7933]  netlink_rcv_skb+0x155/0x420
[  143.652085][ T7933]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  143.652100][ T7933]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  143.652117][ T7933]  ? netlink_deliver_tap+0x1ae/0xd30
[  143.652133][ T7933]  netlink_unicast+0x5aa/0x870
[  143.652159][ T7933]  ? __pfx_netlink_unicast+0x10/0x10
[  143.652177][ T7933]  netlink_sendmsg+0x8c8/0xdd0
[  143.652193][ T7933]  ? __pfx_netlink_sendmsg+0x10/0x10
[  143.652207][ T7933]  ? aa_sock_msg_perm.constprop.0+0x100/0x1d0
[  143.652226][ T7933]  ____sys_sendmsg+0xa98/0xc70
[  143.652245][ T7933]  ? __pfx_____sys_sendmsg+0x10/0x10
[  143.652260][ T7933]  ? get_compat_msghdr+0x11a/0x170
[  143.652279][ T7933]  ___sys_sendmsg+0x134/0x1d0
[  143.652292][ T7933]  ? __pfx____sys_sendmsg+0x10/0x10
[  143.652311][ T7933]  ? find_held_lock+0x2b/0x80
[  143.652330][ T7933]  __sys_sendmsg+0x16d/0x220
[  143.652343][ T7933]  ? __pfx___sys_sendmsg+0x10/0x10
[  143.652360][ T7933]  ? rcu_is_watching+0x12/0xc0
[  143.652373][ T7933]  __do_fast_syscall_32+0x7c/0x300
[  143.652389][ T7933]  do_fast_syscall_32+0x32/0x80
[  143.652403][ T7933]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  143.652418][ T7933] RIP: 0023:0xf7fb2579
[  143.652428][ T7933] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  143.652439][ T7933] RSP: 002b:00000000f54a655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  143.652450][ T7933] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000080
[  143.652457][ T7933] RDX: 0000000024000090 RSI: 0000000000000000 RDI: 0000000000000000
[  143.652464][ T7933] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  143.652469][ T7933] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  143.652475][ T7933] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  143.652489][ T7933]  </TASK>
[  143.914363][ T7920] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  143.922804][ T7938] lo speed is unknown, defaulting to 1000
[  143.925684][ T7938] lo speed is unknown, defaulting to 1000
[  143.929688][ T7938] lo speed is unknown, defaulting to 1000
[  143.936372][ T7938] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  143.949734][ T7938] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[  143.973691][ T7938] lo speed is unknown, defaulting to 1000
[  143.977955][ T7938] lo speed is unknown, defaulting to 1000
[  143.980584][ T7938] lo speed is unknown, defaulting to 1000
[  143.986613][ T7938] lo speed is unknown, defaulting to 1000
[  143.993042][ T7939] smc: removing ib device syz1
[  144.055015][ T1142] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  144.181813][ T1151] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  144.227349][   T61] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  144.261239][   T61] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  144.758967][ T7958] netlink: 16 bytes leftover after parsing attributes in process `syz.3.555'.
[  145.760984][ T7998] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(6)
[  145.763873][ T7998] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  145.771547][ T7998] vhci_hcd vhci_hcd.0: Device attached
[  146.292087][   T53] usb 39-1: new low-speed USB device number 2 using vhci_hcd
[  146.334870][ T7999] vhci_hcd: connection reset by peer
[  146.339566][ T1151] vhci_hcd: stop threads
[  146.341549][ T1151] vhci_hcd: release socket
[  146.343833][ T1151] vhci_hcd: disconnect device
[  146.420407][ T8009] netlink: 44 bytes leftover after parsing attributes in process `syz.2.567'.
[  146.476486][ T8011] netlink: 16 bytes leftover after parsing attributes in process `syz.3.566'.
[  147.468222][ T8025] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(5)
[  147.470694][ T8025] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  147.473583][ T8025] vhci_hcd vhci_hcd.0: Device attached
[  147.754286][ T6005] usb 42-1: SetAddress Request (2) to port 0
[  147.756481][ T6005] usb 42-1: new SuperSpeed USB device number 2 using vhci_hcd
[  147.976247][ T8041] overlayfs: failed to resolve './bus': -2
[  147.980115][ T8041] netlink: 56 bytes leftover after parsing attributes in process `syz.3.578'.
[  148.104343][ T8026] vhci_hcd: connection reset by peer
[  148.108124][ T1151] vhci_hcd: stop threads
[  148.109667][ T1151] vhci_hcd: release socket
[  148.112342][ T1151] vhci_hcd: disconnect device
[  149.277656][ T8060] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(6)
[  149.279770][ T8060] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  149.282705][ T8060] vhci_hcd vhci_hcd.0: Device attached
[  149.677549][ T8076] netlink: 16 bytes leftover after parsing attributes in process `syz.0.584'.
[  149.993414][ T8064] vhci_hcd: connection closed
[  149.993778][   T61] vhci_hcd: stop threads
[  149.997426][   T61] vhci_hcd: release socket
[  149.999324][   T61] vhci_hcd: disconnect device
[  151.404439][   T53] vhci_hcd: vhci_device speed not set
[  151.649140][ T8104] FAULT_INJECTION: forcing a failure.
[  151.649140][ T8104] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  151.654352][ T8104] CPU: 2 UID: 0 PID: 8104 Comm: syz.1.596 Not tainted syzkaller #0 PREEMPT(full) 
[  151.654378][ T8104] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  151.654389][ T8104] Call Trace:
[  151.654395][ T8104]  <TASK>
[  151.654403][ T8104]  dump_stack_lvl+0x16c/0x1f0
[  151.654429][ T8104]  should_fail_ex+0x512/0x640
[  151.654454][ T8104]  ? __pfx_compat_drm_mode_addfb2+0x10/0x10
[  151.654477][ T8104]  _copy_from_user+0x2e/0xd0
[  151.654500][ T8104]  compat_drm_mode_addfb2+0xd9/0x1b0
[  151.654521][ T8104]  ? __pfx_compat_drm_mode_addfb2+0x10/0x10
[  151.654542][ T8104]  ? __pfx___drm_dev_dbg+0x10/0x10
[  151.654573][ T8104]  ? hook_file_ioctl_common+0x145/0x410
[  151.654607][ T8104]  drm_compat_ioctl+0x29b/0x460
[  151.654632][ T8104]  ? __pfx_drm_compat_ioctl+0x10/0x10
[  151.654654][ T8104]  __ia32_compat_sys_ioctl+0x23f/0x370
[  151.654684][ T8104]  __do_fast_syscall_32+0x7c/0x300
[  151.654706][ T8104]  do_fast_syscall_32+0x32/0x80
[  151.654727][ T8104]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  151.654748][ T8104] RIP: 0023:0xf70bd579
[  151.654762][ T8104] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  151.654778][ T8104] RSP: 002b:00000000f54ad55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  151.654794][ T8104] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c06864b8
[  151.654805][ T8104] RDX: 00000000800001c0 RSI: 0000000000000000 RDI: 0000000000000000
[  151.654815][ T8104] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  151.654842][ T8104] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  151.654855][ T8104] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  151.654878][ T8104]  </TASK>
[  151.736827][    C2] vkms_vblank_simulate: vblank timer overrun
[  152.016412][ T8124] netlink: 16 bytes leftover after parsing attributes in process `syz.0.598'.
[  152.834241][ T6005] usb 42-1: device descriptor read/8, error -110
[  152.994309][ T5943] Bluetooth: hci3: command 0x0405 tx timeout
[  153.014250][  T839] vhci_hcd: vhci_device speed not set
[  153.055152][ T8140] lo speed is unknown, defaulting to 1000
[  153.057552][ T8140] lo speed is unknown, defaulting to 1000
[  153.063782][ T8140] lo speed is unknown, defaulting to 1000
[  153.082602][ T8140] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98
[  153.101687][ T8140] lo speed is unknown, defaulting to 1000
[  153.109326][ T8140] lo speed is unknown, defaulting to 1000
[  153.112609][ T8140] lo speed is unknown, defaulting to 1000
[  153.134913][ T8140] lo speed is unknown, defaulting to 1000
[  154.075581][ T6005] usb usb42-port1: attempt power cycle
[  154.665195][ T6005] usb usb42-port1: unable to enumerate USB device
[  154.687595][ T8174] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(6)
[  154.689751][ T8174] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  154.692395][ T8174] vhci_hcd vhci_hcd.0: Device attached
[  154.934404][ T6005] usb 37-1: new low-speed USB device number 4 using vhci_hcd
[  155.253829][ T8175] vhci_hcd: connection reset by peer
[  155.256627][ T1143] vhci_hcd: stop threads
[  155.258653][ T1143] vhci_hcd: release socket
[  155.261015][ T1143] vhci_hcd: disconnect device
[  155.849648][ T8200] tipc: New replicast peer: 255.255.255.255
[  155.852458][ T8200] tipc: Enabled bearer <udp:syz2>, priority 10
[  156.114234][ T5943] Bluetooth: hci1: command 0x0406 tx timeout
[  156.161834][ T8219] netlink: 16 bytes leftover after parsing attributes in process `syz.1.624'.
[  156.172545][ T8220] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(6)
[  156.176064][ T8220] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  156.192395][ T8220] vhci_hcd vhci_hcd.0: Device attached
[  156.317021][ T8230] ubi24: attaching mtd0
[  156.320367][ T8230] ubi24: scanning is finished
[  156.322109][ T8230] ubi24: empty MTD device detected
[  156.331013][ T8229] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  156.407347][ T8229] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  156.538583][ T8229] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  156.620788][ T8229] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  156.692227][   T46] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  156.699924][   T46] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  156.709899][   T46] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  156.719242][   T46] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  156.845824][   T54] tipc: Node number set to 2191702096
[  156.877112][ T8230] ubi24: attached mtd0 (name "mtdram test device", size 0 MiB)
[  156.880941][ T8230] ubi24: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[  156.884383][ T8230] ubi24: min./max. I/O unit sizes: 1/64, sub-page size 1
[  156.887771][ T8230] ubi24: VID header offset: 64 (aligned 64), data offset: 128
[  156.893610][ T8230] ubi24: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[  156.896686][ T8230] ubi24: user volume: 0, internal volumes: 1, max. volumes count: 23
[  156.900255][ T8230] ubi24: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 2699388982
[  156.905980][ T8230] ubi24: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[  156.911411][ T8233] ubi24: background thread "ubi_bgt24d" started, PID 8233
[  156.917240][ T8232] ubi24: detaching mtd0
[  156.922920][ T8224] vhci_hcd: connection closed
[  156.923161][ T1151] vhci_hcd: stop threads
[  156.928000][ T1151] vhci_hcd: release socket
[  156.929259][ T8232] ubi24: mtd0 is detached
[  156.931517][ T1151] vhci_hcd: disconnect device
[  157.004885][ T8237] netlink: 'syz.3.633': attribute type 11 has an invalid length.
[  157.843794][ T8236] ALSA: mixer_oss: invalid OSS volume 'u'
[  158.236736][ T8273] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6)
[  158.239041][ T8273] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  158.243235][ T8273] vhci_hcd vhci_hcd.0: Device attached
[  158.474488][ T7452] usb 43-1: new low-speed USB device number 4 using vhci_hcd
[  158.760272][ T8289] FAULT_INJECTION: forcing a failure.
[  158.760272][ T8289] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  158.764686][ T8289] CPU: 0 UID: 0 PID: 8289 Comm: syz.0.649 Not tainted syzkaller #0 PREEMPT(full) 
[  158.764701][ T8289] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  158.764708][ T8289] Call Trace:
[  158.764712][ T8289]  <TASK>
[  158.764716][ T8289]  dump_stack_lvl+0x16c/0x1f0
[  158.764733][ T8289]  should_fail_ex+0x512/0x640
[  158.764749][ T8289]  strncpy_from_user+0x3b/0x2e0
[  158.764763][ T8289]  getname_flags.part.0+0x8f/0x550
[  158.764781][ T8289]  getname_flags+0x93/0xf0
[  158.764791][ T8289]  __ia32_sys_rename+0x64/0xa0
[  158.764805][ T8289]  __do_fast_syscall_32+0x7c/0x300
[  158.764820][ T8289]  do_fast_syscall_32+0x32/0x80
[  158.764833][ T8289]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  158.764849][ T8289] RIP: 0023:0xf6ffd579
[  158.764858][ T8289] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  158.764868][ T8289] RSP: 002b:00000000f53ab55c EFLAGS: 00000296 ORIG_RAX: 0000000000000026
[  158.764879][ T8289] RAX: ffffffffffffffda RBX: 0000000080000280 RCX: 00000000800000c0
[  158.764886][ T8289] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  158.764892][ T8289] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  158.764898][ T8289] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  158.764904][ T8289] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  158.764918][ T8289]  </TASK>
[  158.889531][ T8274] vhci_hcd: connection reset by peer
[  158.893902][   T61] vhci_hcd: stop threads
[  158.895997][   T61] vhci_hcd: release socket
[  158.897637][   T61] vhci_hcd: disconnect device
[  159.113728][ T8293] hub 2-0:1.0: USB hub found
[  159.119090][ T8293] hub 2-0:1.0: 2 ports detected
[  159.664616][ T8321] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(6)
[  159.667384][ T8321] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  159.670877][ T8321] vhci_hcd vhci_hcd.0: Device attached
[  159.884185][  T840] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  159.914204][  T839] usb 39-1: new low-speed USB device number 3 using vhci_hcd
[  160.034289][ T6005] vhci_hcd: vhci_device speed not set
[  160.055128][  T840] usb 5-1: Using ep0 maxpacket: 16
[  160.058680][  T840] usb 5-1: config 0 has an invalid interface number: 132 but max is 0
[  160.061716][  T840] usb 5-1: config 0 has no interface number 0
[  160.075918][  T840] usb 5-1: New USB device found, idVendor=05ac, idProduct=0291, bcdDevice=43.25
[  160.078890][  T840] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  160.081540][  T840] usb 5-1: Product: syz
[  160.082894][  T840] usb 5-1: Manufacturer: syz
[  160.084519][  T840] usb 5-1: SerialNumber: syz
[  160.088148][  T840] usb 5-1: config 0 descriptor??
[  160.092617][  T840] hub 5-1:0.132: bad descriptor, ignoring hub
[  160.094986][  T840] hub 5-1:0.132: probe with driver hub failed with error -5
[  160.102522][  T840] input: bcm5974 as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.132/input/input11
[  160.269908][ T8322] vhci_hcd: connection reset by peer
[  160.271976][   T61] vhci_hcd: stop threads
[  160.273359][   T61] vhci_hcd: release socket
[  160.275154][   T61] vhci_hcd: disconnect device
[  160.686509][ T5943] Bluetooth: hci0: command 0x0406 tx timeout
[  160.707069][ T8341] netlink: 380 bytes leftover after parsing attributes in process `syz.3.666'.
[  160.713433][ T8341] tmpfs: Bad value for 'mpol'
[  162.149811][ T8368] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(6)
[  162.152058][ T8368] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  162.155361][ T8368] vhci_hcd vhci_hcd.0: Device attached
[  162.741036][ T8375] netlink: 'syz.0.675': attribute type 11 has an invalid length.
[  162.757849][ T8369] vhci_hcd: connection closed
[  162.759331][ T1151] vhci_hcd: stop threads
[  162.762337][ T1151] vhci_hcd: release socket
[  162.764329][ T1151] vhci_hcd: disconnect device
[  162.794470][   T53] usb 5-1: USB disconnect, device number 7
[  163.565736][ T8374] ALSA: mixer_oss: invalid OSS volume 'u'
[  163.624509][ T7452] vhci_hcd: vhci_device speed not set
[  164.048245][ T8415] netlink: 16 bytes leftover after parsing attributes in process `syz.2.685'.
[  164.208140][ T8417] netlink: 16 bytes leftover after parsing attributes in process `syz.0.687'.
[  164.904764][ T8432] netlink: 4 bytes leftover after parsing attributes in process `syz.2.693'.
[  164.968331][ T8442] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  164.973278][ T5955] lo speed is unknown, defaulting to 1000
[  165.214168][  T839] vhci_hcd: vhci_device speed not set
[  165.264504][ T8451] netlink: 16 bytes leftover after parsing attributes in process `syz.1.698'.
[  166.331356][ T8484] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  166.484668][ T8492] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(6)
[  166.487660][ T8492] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  166.491451][ T8492] vhci_hcd vhci_hcd.0: Device attached
[  166.744100][  T839] usb 39-1: new low-speed USB device number 4 using vhci_hcd
[  167.199703][ T8508] ucma_write: process 548 (syz.2.714) changed security contexts after opening file descriptor, this is not allowed.
[  167.256092][ T8493] vhci_hcd: connection reset by peer
[  167.259124][   T77] vhci_hcd: stop threads
[  167.260830][   T77] vhci_hcd: release socket
[  167.262713][   T77] vhci_hcd: disconnect device
[  167.343981][ T8510] netlink: 12 bytes leftover after parsing attributes in process `syz.2.716'.
[  168.524395][ T8551] ipvlan1: entered promiscuous mode
[  168.526075][ T8551] ipvlan1: entered allmulticast mode
[  168.527900][ T8551] veth0_vlan: entered allmulticast mode
[  169.005078][ T8556] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(13)
[  169.008039][ T8556] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  169.011332][ T8556] vhci_hcd vhci_hcd.0: Device attached
[  169.407856][ T8557] vhci_hcd: connection closed
[  169.408177][ T1151] vhci_hcd: stop threads
[  169.412526][ T1151] vhci_hcd: release socket
[  169.414662][ T1151] vhci_hcd: disconnect device
[  171.335322][ T8625] tipc: Started in network mode
[  171.337046][ T8625] tipc: Node identity 42f168ea6da2, cluster identity 4711
[  171.339628][ T8625] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  171.351111][ T8625] syzkaller0: entered promiscuous mode
[  171.353461][ T8625] syzkaller0: entered allmulticast mode
[  171.370992][ T8625] syzkaller0: mtu less than device minimum
[  171.373989][ T8624] tipc: Resetting bearer <eth:syzkaller0>
[  171.393270][ T8624] tipc: Disabling bearer <eth:syzkaller0>
[  171.765933][ T8637] netlink: 4 bytes leftover after parsing attributes in process `syz.1.759'.
[  171.799809][ T8637] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  171.807891][   T54] lo speed is unknown, defaulting to 1000
[  171.884301][  T839] vhci_hcd: vhci_device speed not set
[  174.954365][ T8725] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(6)
[  174.956999][ T8725] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  174.961006][ T8725] vhci_hcd vhci_hcd.0: Device attached
[  175.214420][ T6005] usb 37-1: new low-speed USB device number 5 using vhci_hcd
[  175.250882][ T8724] netlink: 4 bytes leftover after parsing attributes in process `syz.3.783'.
[  175.281360][ T8724] macvlan2: entered promiscuous mode
[  175.530944][ T8726] vhci_hcd: connection reset by peer
[  175.533446][ T1142] vhci_hcd: stop threads
[  175.537011][ T1142] vhci_hcd: release socket
[  175.539685][ T1142] vhci_hcd: disconnect device
[  175.566599][ T8737] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  175.629019][ T8737] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  176.431173][ T8757] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(6)
[  176.431358][   T64] Bluetooth: hci1: unexpected event for opcode 0x0c26
[  176.434159][ T8757] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  176.435433][ T8757] vhci_hcd vhci_hcd.0: Device attached
[  176.447905][ T8753] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  176.465132][ T8762] netlink: 8 bytes leftover after parsing attributes in process `syz.2.793'.
[  176.469439][ T8762] netlink: 4 bytes leftover after parsing attributes in process `syz.2.793'.
[  176.832395][ T8765] infiniband syz1: set active
[  176.834776][ T8765] infiniband syz1: added syz_tun
[  176.927398][ T8765] RDS/IB: syz1: added
[  176.928831][ T8765] smc: adding ib device syz1 with port count 1
[  176.930926][ T8765] smc:    ib device syz1 port 1 has no pnetid
[  177.026025][ T8766] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  177.032870][ T8776] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(6)
[  177.035193][ T8776] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  177.042479][ T8776] vhci_hcd vhci_hcd.0: Device attached
[  177.061686][ T8773] netlink: 16 bytes leftover after parsing attributes in process `syz.3.794'.
[  177.157059][ T8766] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  177.220490][ T8766] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  177.251522][ T8758] vhci_hcd: connection closed
[  177.251887][ T1142] vhci_hcd: stop threads
[  177.256538][ T1142] vhci_hcd: release socket
[  177.258329][ T1142] vhci_hcd: disconnect device
[  177.341440][ T8766] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  177.423794][   T61] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  177.432924][   T61] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  177.445373][ T1151] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  177.457096][ T1151] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  177.584437][  T839] usb 41-1: new low-speed USB device number 7 using vhci_hcd
[  177.650231][ T8777] vhci_hcd: connection reset by peer
[  177.653010][   T61] vhci_hcd: stop threads
[  177.655166][   T61] vhci_hcd: release socket
[  177.657694][   T61] vhci_hcd: disconnect device
[  178.001812][ T8790] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  178.004347][ T8790] syzkaller0: entered promiscuous mode
[  178.005993][ T8790] syzkaller0: entered allmulticast mode
[  178.020302][ T8790] FAULT_INJECTION: forcing a failure.
[  178.020302][ T8790] name failslab, interval 1, probability 0, space 0, times 0
[  178.024808][ T8790] CPU: 2 UID: 0 PID: 8790 Comm: syz.1.800 Not tainted syzkaller #0 PREEMPT(full) 
[  178.024825][ T8790] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  178.024832][ T8790] Call Trace:
[  178.024837][ T8790]  <TASK>
[  178.024842][ T8790]  dump_stack_lvl+0x16c/0x1f0
[  178.024861][ T8790]  should_fail_ex+0x512/0x640
[  178.024876][ T8790]  ? kmem_cache_alloc_node_noprof+0x65/0x770
[  178.024890][ T8790]  should_failslab+0xc2/0x120
[  178.024906][ T8790]  kmem_cache_alloc_node_noprof+0x78/0x770
[  178.024917][ T8790]  ? __alloc_skb+0x2b2/0x380
[  178.024934][ T8790]  ? __alloc_skb+0x2b2/0x380
[  178.024944][ T8790]  __alloc_skb+0x2b2/0x380
[  178.024955][ T8790]  ? __pfx___alloc_skb+0x10/0x10
[  178.024970][ T8790]  ? if_nlmsg_size+0x475/0xaf0
[  178.024986][ T8790]  rtmsg_ifinfo_build_skb+0x81/0x280
[  178.025005][ T8790]  rtnetlink_event+0xf3/0x1f0
[  178.025021][ T8790]  notifier_call_chain+0xbc/0x410
[  178.025037][ T8790]  ? __pfx_rtnetlink_event+0x10/0x10
[  178.025055][ T8790]  call_netdevice_notifiers_info+0xbe/0x140
[  178.025074][ T8790]  netif_set_mtu_ext+0x590/0x7d0
[  178.025088][ T8790]  ? __pfx_netif_set_mtu_ext+0x10/0x10
[  178.025104][ T8790]  ? kasan_save_stack+0x42/0x60
[  178.025116][ T8790]  ? kasan_save_stack+0x33/0x60
[  178.025133][ T8790]  netif_set_mtu+0x98/0x140
[  178.025145][ T8790]  ? __pfx_netif_set_mtu+0x10/0x10
[  178.025164][ T8790]  ? full_name_hash+0xbc/0x110
[  178.025181][ T8790]  dev_set_mtu+0xb2/0x260
[  178.025196][ T8790]  dev_ifsioc+0xd1f/0x1ee0
[  178.025210][ T8790]  ? __pfx_dev_ifsioc+0x10/0x10
[  178.025223][ T8790]  ? __pfx___mutex_lock+0x10/0x10
[  178.025242][ T8790]  ? dev_load+0x8e/0x240
[  178.025256][ T8790]  dev_ioctl+0x223/0x1060
[  178.025269][ T8790]  sock_do_ioctl+0x19d/0x280
[  178.025285][ T8790]  ? __pfx_sock_do_ioctl+0x10/0x10
[  178.025301][ T8790]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  178.025324][ T8790]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  178.025343][ T8790]  compat_sock_ioctl+0x301/0x730
[  178.025362][ T8790]  ? __pfx_compat_sock_ioctl+0x10/0x10
[  178.025379][ T8790]  ? hook_file_ioctl_common+0x145/0x410
[  178.025402][ T8790]  ? __fget_files+0x20e/0x3c0
[  178.025417][ T8790]  ? __pfx_compat_sock_ioctl+0x10/0x10
[  178.025433][ T8790]  __ia32_compat_sys_ioctl+0x23f/0x370
[  178.025452][ T8790]  __do_fast_syscall_32+0x7c/0x300
[  178.025468][ T8790]  do_fast_syscall_32+0x32/0x80
[  178.025481][ T8790]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  178.025496][ T8790] RIP: 0023:0xf70bd579
[  178.025506][ T8790] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  178.025517][ T8790] RSP: 002b:00000000f54ad55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  178.025529][ T8790] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000008922
[  178.025536][ T8790] RDX: 0000000080002280 RSI: 0000000000000000 RDI: 0000000000000000
[  178.025543][ T8790] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  178.025549][ T8790] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  178.025556][ T8790] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  178.025580][ T8790]  </TASK>
[  178.028011][ T8790] tipc: Resetting bearer <eth:syzkaller0>
[  178.136852][ T8789] tipc: Resetting bearer <eth:syzkaller0>
[  178.148722][ T8789] tipc: Disabling bearer <eth:syzkaller0>
[  178.489844][ T8798] netlink: 16 bytes leftover after parsing attributes in process `syz.1.801'.
[  178.631549][ T8797] netlink: 4 bytes leftover after parsing attributes in process `syz.2.802'.
[  178.645247][ T8797] macvlan0: entered promiscuous mode
[  178.804277][   T54] usb 8-1: new high-speed USB device number 2 using dummy_hcd
[  178.908633][ T8811] 8021q: adding VLAN 0 to HW filter on device bond0
[  178.918058][ T8811] bond0: (slave rose0): Enslaving as an active interface with an up link
[  178.944189][   T54] usb 8-1: device descriptor read/64, error -71
[  179.014013][   T40] kauditd_printk_skb: 32 callbacks suppressed
[  179.017254][   T40] audit: type=1326 audit(1759825666.472:425): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8819 comm="syz.2.807" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb2579 code=0x7ffc0000
[  179.026742][   T40] audit: type=1326 audit(1759825666.482:426): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8819 comm="syz.2.807" exe="/syz-executor" sig=0 arch=40000003 syscall=361 compat=1 ip=0xf7fb2579 code=0x7ffc0000
[  179.036554][   T40] audit: type=1326 audit(1759825666.482:427): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8819 comm="syz.2.807" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb2579 code=0x7ffc0000
[  179.046109][   T40] audit: type=1326 audit(1759825666.482:428): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8819 comm="syz.2.807" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb2579 code=0x7ffc0000
[  179.062291][   T40] audit: type=1326 audit(1759825666.482:429): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8819 comm="syz.2.807" exe="/syz-executor" sig=0 arch=40000003 syscall=363 compat=1 ip=0xf7fb2579 code=0x7ffc0000
[  179.072029][   T40] audit: type=1326 audit(1759825666.482:430): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8819 comm="syz.2.807" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb2579 code=0x7ffc0000
[  179.092668][   T40] audit: type=1326 audit(1759825666.482:431): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8819 comm="syz.2.807" exe="/syz-executor" sig=0 arch=40000003 syscall=3 compat=1 ip=0xf7fb2579 code=0x7ffc0000
[  179.111280][   T40] audit: type=1326 audit(1759825666.482:432): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8819 comm="syz.2.807" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb2579 code=0x7ffc0000
[  179.121734][   T40] audit: type=1326 audit(1759825666.482:433): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8819 comm="syz.2.807" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb2579 code=0x7ffc0000
[  179.128878][   T40] audit: type=1326 audit(1759825666.482:434): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8819 comm="syz.2.807" exe="/syz-executor" sig=0 arch=40000003 syscall=172 compat=1 ip=0xf7fb2579 code=0x7ffc0000
[  179.534255][   T54] usb 8-1: new high-speed USB device number 3 using dummy_hcd
[  179.664185][   T54] usb 8-1: device descriptor read/64, error -71
[  179.764588][ T8846] FAULT_INJECTION: forcing a failure.
[  179.764588][ T8846] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  179.771230][ T8846] CPU: 0 UID: 0 PID: 8846 Comm: syz.1.811 Not tainted syzkaller #0 PREEMPT(full) 
[  179.771256][ T8846] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  179.771266][ T8846] Call Trace:
[  179.771275][ T8846]  <TASK>
[  179.771284][ T8846]  dump_stack_lvl+0x16c/0x1f0
[  179.771310][ T8846]  should_fail_ex+0x512/0x640
[  179.771334][ T8846]  _copy_from_user+0x2e/0xd0
[  179.771356][ T8846]  compat_do_ebt_get_ctl+0xea/0x5a0
[  179.771382][ T8846]  ? __pfx_compat_do_ebt_get_ctl+0x10/0x10
[  179.771403][ T8846]  ? bpf_lsm_capable+0x9/0x10
[  179.771419][ T8846]  ? security_capable+0x7e/0x260
[  179.771437][ T8846]  do_ebt_get_ctl+0x2c4/0x6d0
[  179.771453][ T8846]  ? __pfx_do_ebt_get_ctl+0x10/0x10
[  179.771485][ T8846]  ? __mutex_trylock_common+0xe9/0x250
[  179.771511][ T8846]  ? nf_sockopt_find.constprop.0+0x222/0x290
[  179.771531][ T8846]  nf_getsockopt+0x7c/0xe0
[  179.771547][ T8846]  ip_getsockopt+0x18c/0x1e0
[  179.771566][ T8846]  ? __pfx_ip_getsockopt+0x10/0x10
[  179.771587][ T8846]  tcp_getsockopt+0x9e/0x100
[  179.771602][ T8846]  smc_getsockopt+0x165/0x370
[  179.771620][ T8846]  ? __pfx_sock_common_getsockopt+0x10/0x10
[  179.771637][ T8846]  ? __pfx_smc_getsockopt+0x10/0x10
[  179.771652][ T8846]  ? aa_sock_opt_perm+0xfd/0x1c0
[  179.771669][ T8846]  ? __pfx_smc_getsockopt+0x10/0x10
[  179.771685][ T8846]  do_sock_getsockopt+0x34d/0x440
[  179.771702][ T8846]  ? __pfx_do_sock_getsockopt+0x10/0x10
[  179.771716][ T8846]  ? __fget_files+0x204/0x3c0
[  179.771734][ T8846]  __sys_getsockopt+0x123/0x1b0
[  179.771751][ T8846]  __ia32_sys_getsockopt+0xbc/0x160
[  179.771762][ T8846]  ? lockdep_hardirqs_on+0x7c/0x110
[  179.771775][ T8846]  ? syscall_enter_from_user_mode_prepare+0x68/0xe0
[  179.771795][ T8846]  __do_fast_syscall_32+0x7c/0x300
[  179.771811][ T8846]  do_fast_syscall_32+0x32/0x80
[  179.771824][ T8846]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  179.771840][ T8846] RIP: 0023:0xf70bd579
[  179.771850][ T8846] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  179.771861][ T8846] RSP: 002b:00000000f54ad55c EFLAGS: 00000296 ORIG_RAX: 000000000000016d
[  179.771873][ T8846] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000000
[  179.771880][ T8846] RDX: 0000000000000082 RSI: 0000000080000200 RDI: 0000000080000280
[  179.771887][ T8846] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  179.771893][ T8846] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  179.771899][ T8846] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  179.771914][ T8846]  </TASK>
[  179.774615][   T54] usb usb8-port1: attempt power cycle
[  180.364255][   T54] usb 8-1: new high-speed USB device number 4 using dummy_hcd
[  180.384902][   T54] usb 8-1: device descriptor read/8, error -71
[  180.412435][ T6005] vhci_hcd: vhci_device speed not set
[  180.644214][   T54] usb 8-1: new high-speed USB device number 5 using dummy_hcd
[  180.664881][   T54] usb 8-1: device descriptor read/8, error -71
[  180.774437][   T54] usb usb8-port1: unable to enumerate USB device
[  181.060666][ T8886] netlink: 4 bytes leftover after parsing attributes in process `syz.0.823'.
[  181.067489][ T8886] netlink: 'syz.0.823': attribute type 27 has an invalid length.
[  181.118787][ T8886] bridge0: port 2(bridge_slave_1) entered disabled state
[  181.121345][ T8886] bridge0: port 1(bridge_slave_0) entered disabled state
[  181.188158][ T8890] netlink: 4 bytes leftover after parsing attributes in process `syz.0.823'.
[  181.217613][ T8886] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  181.227989][ T8886] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  181.300159][ T8890] netlink: 4 bytes leftover after parsing attributes in process `syz.0.823'.
[  181.351805][ T8887] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  181.358732][   T46] netdevsim netdevsim0 eth0: unset [1, 0] type 2 family 0 port 6081 - 0
[  181.362321][   T46] netdevsim netdevsim0 eth1: unset [1, 0] type 2 family 0 port 6081 - 0
[  181.366209][   T46] netdevsim netdevsim0 eth2: unset [1, 0] type 2 family 0 port 6081 - 0
[  181.464935][ T8896] netlink: 4 bytes leftover after parsing attributes in process `syz.2.825'.
[  181.478908][ T8896] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  181.478908][ T8896]    program syz.2.825 not setting count and/or reply_len properly
[  182.674473][  T839] vhci_hcd: vhci_device speed not set
[  182.831842][ T8927] netlink: 36 bytes leftover after parsing attributes in process `syz.3.834'.
[  182.837352][ T8927] netlink: 36 bytes leftover after parsing attributes in process `syz.3.834'.
[  183.228925][ T8934] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  183.404113][   T64] Bluetooth: hci3: Received unexpected HCI Event 0x00
[  183.752683][ T8956] : renamed from dummy0 (while UP)
[  184.327050][   T40] kauditd_printk_skb: 14 callbacks suppressed
[  184.327066][   T40] audit: type=1326 audit(1759825671.792:449): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8969 comm="syz.1.847" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70bd579 code=0x7ffc0000
[  184.338653][   T40] audit: type=1326 audit(1759825671.792:450): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8969 comm="syz.1.847" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70bd579 code=0x7ffc0000
[  184.346599][   T40] audit: type=1326 audit(1759825671.792:451): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8969 comm="syz.1.847" exe="/syz-executor" sig=0 arch=40000003 syscall=361 compat=1 ip=0xf70bd579 code=0x7ffc0000
[  184.353417][   T40] audit: type=1326 audit(1759825671.792:452): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8969 comm="syz.1.847" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70bd579 code=0x7ffc0000
[  184.360033][   T40] audit: type=1326 audit(1759825671.792:453): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8969 comm="syz.1.847" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70bd579 code=0x7ffc0000
[  184.368611][   T40] audit: type=1326 audit(1759825671.792:454): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8969 comm="syz.1.847" exe="/syz-executor" sig=0 arch=40000003 syscall=363 compat=1 ip=0xf70bd579 code=0x7ffc0000
[  184.375558][   T40] audit: type=1326 audit(1759825671.792:455): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8969 comm="syz.1.847" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70bd579 code=0x7ffc0000
[  184.382914][   T40] audit: type=1326 audit(1759825671.792:456): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8969 comm="syz.1.847" exe="/syz-executor" sig=0 arch=40000003 syscall=3 compat=1 ip=0xf70bd579 code=0x7ffc0000
[  184.390475][   T40] audit: type=1326 audit(1759825671.792:457): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8969 comm="syz.1.847" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70bd579 code=0x7ffc0000
[  184.397506][   T40] audit: type=1326 audit(1759825671.792:458): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8969 comm="syz.1.847" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70bd579 code=0x7ffc0000
[  184.563836][   T46] Bluetooth: hci4: Frame reassembly failed (-84)
[  184.779933][ T8987] FAULT_INJECTION: forcing a failure.
[  184.779933][ T8987] name failslab, interval 1, probability 0, space 0, times 0
[  184.783882][ T8987] CPU: 1 UID: 0 PID: 8987 Comm: syz.2.852 Not tainted syzkaller #0 PREEMPT(full) 
[  184.783896][ T8987] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  184.783904][ T8987] Call Trace:
[  184.783909][ T8987]  <TASK>
[  184.783914][ T8987]  dump_stack_lvl+0x16c/0x1f0
[  184.783930][ T8987]  should_fail_ex+0x512/0x640
[  184.783945][ T8987]  ? kmem_cache_alloc_noprof+0x62/0x6e0
[  184.783958][ T8987]  should_failslab+0xc2/0x120
[  184.783973][ T8987]  kmem_cache_alloc_noprof+0x75/0x6e0
[  184.783984][ T8987]  ? do_fast_syscall_32+0x32/0x80
[  184.783997][ T8987]  ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  184.784010][ T8987]  ? radix_tree_node_alloc.constprop.0+0x7c/0x350
[  184.784043][ T8987]  ? radix_tree_node_alloc.constprop.0+0x7c/0x350
[  184.784059][ T8987]  radix_tree_node_alloc.constprop.0+0x7c/0x350
[  184.784079][ T8987]  idr_get_free+0x528/0xa30
[  184.784094][ T8987]  idr_alloc_u32+0x190/0x2f0
[  184.784107][ T8987]  ? __pfx_idr_alloc_u32+0x10/0x10
[  184.784119][ T8987]  ? tcf_exts_init_ex+0x1bc/0x610
[  184.784134][ T8987]  basic_change+0xcb1/0x1400
[  184.784167][ T8987]  ? __pfx_basic_change+0x10/0x10
[  184.784197][ T8987]  ? __pfx_basic_change+0x10/0x10
[  184.784209][ T8987]  tc_new_tfilter+0xa35/0x2340
[  184.784232][ T8987]  ? __pfx_tc_new_tfilter+0x10/0x10
[  184.784251][ T8987]  ? __lock_acquire+0x62e/0x1ce0
[  184.784275][ T8987]  ? find_held_lock+0x2b/0x80
[  184.784286][ T8987]  ? __pfx_tc_new_tfilter+0x10/0x10
[  184.784298][ T8987]  ? rtnetlink_rcv_msg+0x93a/0xe90
[  184.784313][ T8987]  ? __pfx_tc_new_tfilter+0x10/0x10
[  184.784327][ T8987]  rtnetlink_rcv_msg+0x95b/0xe90
[  184.784342][ T8987]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  184.784359][ T8987]  ? ref_tracker_free+0x37c/0x830
[  184.784375][ T8987]  netlink_rcv_skb+0x155/0x420
[  184.784389][ T8987]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  184.784403][ T8987]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  184.784422][ T8987]  ? netlink_deliver_tap+0x1ae/0xd30
[  184.784437][ T8987]  netlink_unicast+0x5aa/0x870
[  184.784452][ T8987]  ? __pfx_netlink_unicast+0x10/0x10
[  184.784465][ T8987]  ? __pfx___might_resched+0x10/0x10
[  184.784482][ T8987]  netlink_sendmsg+0x8c8/0xdd0
[  184.784498][ T8987]  ? __pfx_netlink_sendmsg+0x10/0x10
[  184.784513][ T8987]  ? aa_sock_msg_perm.constprop.0+0x100/0x1d0
[  184.784531][ T8987]  ____sys_sendmsg+0xa98/0xc70
[  184.784549][ T8987]  ? __pfx_____sys_sendmsg+0x10/0x10
[  184.784564][ T8987]  ? get_compat_msghdr+0x11a/0x170
[  184.784583][ T8987]  ___sys_sendmsg+0x134/0x1d0
[  184.784600][ T8987]  ? __pfx____sys_sendmsg+0x10/0x10
[  184.784619][ T8987]  ? find_held_lock+0x2b/0x80
[  184.784639][ T8987]  __sys_sendmsg+0x16d/0x220
[  184.784652][ T8987]  ? __pfx___sys_sendmsg+0x10/0x10
[  184.784670][ T8987]  ? rcu_is_watching+0x12/0xc0
[  184.784685][ T8987]  __do_fast_syscall_32+0x7c/0x300
[  184.784699][ T8987]  do_fast_syscall_32+0x32/0x80
[  184.784712][ T8987]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  184.784725][ T8987] RIP: 0023:0xf7fb2579
[  184.784734][ T8987] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  184.784745][ T8987] RSP: 002b:00000000f54a655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  184.784756][ T8987] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080006040
[  184.784763][ T8987] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  184.784769][ T8987] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  184.784775][ T8987] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  184.784781][ T8987] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  184.784796][ T8987]  </TASK>
[  185.553922][ T8998] 9pnet_fd: Insufficient options for proto=fd
[  185.953020][ T9001] netlink: 'syz.2.854': attribute type 1 has an invalid length.
[  186.022910][ T9000] nvme_fabrics: missing parameter 'transport=%s'
[  186.025515][ T9000] nvme_fabrics: missing parameter 'nqn=%s'
[  186.565160][ T9018] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(6)
[  186.567864][ T9018] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  186.574246][ T9018] vhci_hcd vhci_hcd.0: Device attached
[  186.594263][   T64] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  186.864449][  T839] usb 39-1: new low-speed USB device number 5 using vhci_hcd
[  187.195110][ T9019] vhci_hcd: connection reset by peer
[  187.207736][   T77] vhci_hcd: stop threads
[  187.209376][   T77] vhci_hcd: release socket
[  187.211925][   T77] vhci_hcd: disconnect device
[  187.426110][ T9042] bond_slave_0: entered promiscuous mode
[  187.428155][ T9042] bond_slave_1: entered promiscuous mode
[  187.430902][ T9042] 8021q: adding VLAN 0 to HW filter on device macvtap1
[  187.436190][ T9042] bond_slave_0: left promiscuous mode
[  187.438055][ T9042] bond_slave_1: left promiscuous mode
[  187.889789][ T9049] Attempt to restore checkpoint with obsolete wellknown handles
[  188.242079][ T1142] Bluetooth: hci4: Frame reassembly failed (-84)
[  188.244687][ T1142] Bluetooth: hci4: Frame reassembly failed (-84)
[  190.284676][ T5942] Bluetooth: hci4: command 0x1003 tx timeout
[  190.284701][ T5943] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  190.516831][ T9087] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(6)
[  190.519598][ T9087] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  190.524788][ T9087] vhci_hcd vhci_hcd.0: Device attached
[  190.784137][ T6005] usb 37-1: new low-speed USB device number 6 using vhci_hcd
[  190.839597][ T9089] vhci_hcd: connection reset by peer
[  190.842387][ T1151] vhci_hcd: stop threads
[  190.843956][ T1151] vhci_hcd: release socket
[  190.846167][ T1151] vhci_hcd: disconnect device
[  191.263880][ T9116] /dev/nullb0: Can't open blockdev
[  191.975808][  T839] vhci_hcd: vhci_device speed not set
[  191.991749][ T9129] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(6)
[  191.993899][ T9129] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  192.014791][ T9129] vhci_hcd vhci_hcd.0: Device attached
[  192.121124][   T40] kauditd_printk_skb: 16 callbacks suppressed
[  192.121142][   T40] audit: type=1326 audit(1759825679.582:475): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9127 comm="syz.3.886" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f46579 code=0x7ffc0000
[  192.148991][   T40] audit: type=1326 audit(1759825679.602:476): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9127 comm="syz.3.886" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7f46579 code=0x7ffc0000
[  192.178414][   T40] audit: type=1326 audit(1759825679.602:477): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9127 comm="syz.3.886" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f46579 code=0x7ffc0000
[  192.196935][   T40] audit: type=1326 audit(1759825679.602:478): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9127 comm="syz.3.886" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f46579 code=0x7ffc0000
[  192.206163][   T40] audit: type=1326 audit(1759825679.602:479): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9127 comm="syz.3.886" exe="/syz-executor" sig=0 arch=40000003 syscall=351 compat=1 ip=0xf7f46579 code=0x7ffc0000
[  192.216414][   T40] audit: type=1326 audit(1759825679.602:480): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9127 comm="syz.3.886" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f46579 code=0x7ffc0000
[  192.226061][   T40] audit: type=1326 audit(1759825679.602:481): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9127 comm="syz.3.886" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f46579 code=0x7ffc0000
[  192.243066][   T40] audit: type=1326 audit(1759825679.602:482): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9127 comm="syz.3.886" exe="/syz-executor" sig=0 arch=40000003 syscall=297 compat=1 ip=0xf7f46579 code=0x7ffc0000
[  192.251945][   T40] audit: type=1326 audit(1759825679.602:483): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9127 comm="syz.3.886" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f46579 code=0x7ffc0000
[  192.318894][   T40] audit: type=1326 audit(1759825679.602:484): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9127 comm="syz.3.886" exe="/syz-executor" sig=0 arch=40000003 syscall=358 compat=1 ip=0xf7f46579 code=0x7ffc0000
[  192.344196][  T839] usb 39-1: device descriptor read/64, error -110
[  192.548465][ T9144] @: renamed from vlan0
[  192.584259][  T839] usb 39-1: new low-speed USB device number 6 using vhci_hcd
[  192.627497][ T9130] vhci_hcd: connection reset by peer
[  192.629795][   T77] vhci_hcd: stop threads
[  192.631392][   T77] vhci_hcd: release socket
[  192.633027][   T77] vhci_hcd: disconnect device
[  193.632940][ T9163] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6)
[  193.635794][ T9163] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  193.639293][ T9163] vhci_hcd vhci_hcd.0: Device attached
[  194.026242][ T7452] usb 43-1: new low-speed USB device number 5 using vhci_hcd
[  194.312714][ T9164] vhci_hcd: connection reset by peer
[  194.320920][ T1143] vhci_hcd: stop threads
[  194.322737][ T1143] vhci_hcd: release socket
[  194.324822][ T1143] vhci_hcd: disconnect device
[  195.257144][ T9208] kvm: requested 162590 ns i8254 timer period limited to 200000 ns
[  195.665379][ T9229] kvm: kvm [9227]: vcpu3, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010002) = 0xffff00
[  195.864229][ T6005] vhci_hcd: vhci_device speed not set
[  195.942386][ T9240] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  196.224816][ T9250] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  196.241357][ T9250] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  196.447131][ T9263] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=4230725332 (8461450664 ns) > initial count (7339279930 ns). Using initial count to start timer.
[  196.621714][ T9271] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  197.437451][ T9300] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  197.726394][  T839] vhci_hcd: vhci_device speed not set
[  198.098090][ T9320] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6)
[  198.100479][ T9320] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  198.114530][ T9320] vhci_hcd vhci_hcd.0: Device attached
[  198.326358][ T9330] kvm: requested 162590 ns i8254 timer period limited to 200000 ns
[  198.731692][ T9335] nvme_fabrics: missing parameter 'transport=%s'
[  198.738630][ T9335] nvme_fabrics: missing parameter 'nqn=%s'
[  198.746559][ T9335] netlink: 'syz.0.954': attribute type 1 has an invalid length.
[  198.791701][ T9321] vhci_hcd: connection closed
[  198.792072][   T61] vhci_hcd: stop threads
[  198.796486][   T61] vhci_hcd: release socket
[  198.798307][   T61] vhci_hcd: disconnect device
[  198.979941][ T9345] 9pnet_fd: Insufficient options for proto=fd
[  199.005738][ T1416] ieee802154 phy0 wpan0: encryption failed: -22
[  199.007785][ T1416] ieee802154 phy1 wpan1: encryption failed: -22
[  199.154319][ T7452] vhci_hcd: vhci_device speed not set
[  200.558453][ T9372] kvm: requested 162590 ns i8254 timer period limited to 200000 ns
[  201.168502][ T9403] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(6)
[  201.170680][ T9403] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  201.173746][ T9403] vhci_hcd vhci_hcd.0: Device attached
[  201.434272][  T839] usb 39-1: new low-speed USB device number 7 using vhci_hcd
[  201.468150][ T9407] kvm: requested 162590 ns i8254 timer period limited to 200000 ns
[  201.792287][ T9404] vhci_hcd: connection reset by peer
[  201.796979][ T1151] vhci_hcd: stop threads
[  201.798853][ T1151] vhci_hcd: release socket
[  201.800640][ T1151] vhci_hcd: disconnect device
[  203.629497][ T9448] netlink: 108 bytes leftover after parsing attributes in process `syz.3.987'.
[  204.399194][ T9461] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(6)
[  204.401961][ T9461] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  204.426069][ T9461] vhci_hcd vhci_hcd.0: Device attached
[  204.900008][ T9463] vhci_hcd: connection closed
[  204.902191][   T61] vhci_hcd: stop threads
[  204.907180][   T61] vhci_hcd: release socket
[  204.908686][   T61] vhci_hcd: disconnect device
[  204.914264][ T7452] usb 37-1: new low-speed USB device number 7 using vhci_hcd
[  204.916986][ T7452] usb 37-1: enqueue for inactive port 0
[  204.984661][ T7452] vhci_hcd: vhci_device speed not set
[  205.645934][ T9495] netlink: 'syz.0.1000': attribute type 10 has an invalid length.
[  206.321438][ T9524] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(6)
[  206.323829][ T9524] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  206.328101][ T9524] vhci_hcd vhci_hcd.0: Device attached
[  206.479542][ T9532] kvm: requested 162590 ns i8254 timer period limited to 200000 ns
[  206.887300][ T9525] vhci_hcd: connection reset by peer
[  206.889323][ T1142] vhci_hcd: stop threads
[  206.891228][ T1142] vhci_hcd: release socket
[  206.894579][ T1142] vhci_hcd: disconnect device
[  206.936489][ T9542] pim6reg: entered allmulticast mode
[  206.964335][  T839] vhci_hcd: vhci_device speed not set
[  206.997971][ T9540] pim6reg: left allmulticast mode
[  207.453088][ T9556] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1019'.
[  208.144136][   T34] usb 6-1: new low-speed USB device number 3 using dummy_hcd
[  208.294208][   T34] usb 6-1: Invalid ep0 maxpacket: 32
[  208.434305][   T34] usb 6-1: new low-speed USB device number 4 using dummy_hcd
[  208.584150][   T34] usb 6-1: Invalid ep0 maxpacket: 32
[  208.586829][   T34] usb usb6-port1: attempt power cycle
[  208.924192][   T34] usb 6-1: new low-speed USB device number 5 using dummy_hcd
[  208.944766][   T34] usb 6-1: Invalid ep0 maxpacket: 32
[  209.074367][   T34] usb 6-1: new low-speed USB device number 6 using dummy_hcd
[  209.094748][   T34] usb 6-1: Invalid ep0 maxpacket: 32
[  209.097193][   T34] usb usb6-port1: unable to enumerate USB device
[  209.729585][ T9593] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1030'.
[  209.965745][ T9599] fuse: Unknown parameter '2oo000000\‘0Cï9Vî’M�|59°!Z'
[  210.293207][ T9610] 9pnet: Could not find request transport: mdÙ†V
[  210.930640][ T9626] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1043'.
[  211.105042][ T9635] kvm: requested 162590 ns i8254 timer period limited to 200000 ns
[  216.685171][ T9747] netfs: Couldn't get user pages (rc=-14)
[  219.301636][ T9798] 9pnet_fd: Insufficient options for proto=fd
[  219.336914][ T9800] FAULT_INJECTION: forcing a failure.
[  219.336914][ T9800] name failslab, interval 1, probability 0, space 0, times 0
[  219.341801][ T9800] CPU: 2 UID: 0 PID: 9800 Comm: syz.1.1092 Not tainted syzkaller #0 PREEMPT(full) 
[  219.341826][ T9800] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  219.341836][ T9800] Call Trace:
[  219.341846][ T9800]  <TASK>
[  219.341853][ T9800]  dump_stack_lvl+0x16c/0x1f0
[  219.341873][ T9800]  should_fail_ex+0x512/0x640
[  219.341888][ T9800]  ? __kmalloc_noprof+0xca/0x880
[  219.341908][ T9800]  should_failslab+0xc2/0x120
[  219.341924][ T9800]  __kmalloc_noprof+0xdd/0x880
[  219.341941][ T9800]  ? __d_alloc+0x32/0xae0
[  219.341953][ T9800]  ? __d_alloc+0x673/0xae0
[  219.341967][ T9800]  ? __d_alloc+0x673/0xae0
[  219.341978][ T9800]  __d_alloc+0x673/0xae0
[  219.341990][ T9800]  ? lockdep_hardirqs_on+0x7c/0x110
[  219.342005][ T9800]  d_alloc_parallel+0x111/0x1480
[  219.342028][ T9800]  ? __pfx_d_alloc_parallel+0x10/0x10
[  219.342045][ T9800]  ? lockdep_init_map_type+0x5c/0x280
[  219.342064][ T9800]  ? lockdep_init_map_type+0x5c/0x280
[  219.342082][ T9800]  __lookup_slow+0x193/0x460
[  219.342098][ T9800]  ? __pfx___lookup_slow+0x10/0x10
[  219.342116][ T9800]  ? wb_shutdown+0xb0/0x240
[  219.342133][ T9800]  ? wb_shutdown+0xb0/0x240
[  219.342145][ T9800]  ? d_lookup+0xe7/0x190
[  219.342163][ T9800]  lookup_one_unlocked+0xd4/0x120
[  219.342180][ T9800]  lookup_one_positive_unlocked+0x24/0xc0
[  219.342197][ T9800]  ovl_lookup_index+0x20d/0x800
[  219.342217][ T9800]  ? __pfx_ovl_lookup_index+0x10/0x10
[  219.342238][ T9800]  ovl_lookup+0x98f/0x21a0
[  219.342256][ T9800]  ? privileged_wrt_inode_uidgid+0xca/0x1d0
[  219.342274][ T9800]  ? __pfx_ovl_lookup+0x10/0x10
[  219.342289][ T9800]  ? generic_permission+0xad/0x7d0
[  219.342305][ T9800]  ? bpf_lsm_inode_permission+0x9/0x10
[  219.342318][ T9800]  ? inode_permission+0x156/0x630
[  219.342334][ T9800]  ? ovl_revert_creds+0x13/0x50
[  219.342352][ T9800]  ? ovl_permission+0xcd/0x290
[  219.342367][ T9800]  ? __pfx_ovl_permission+0x10/0x10
[  219.342385][ T9800]  ? bpf_lsm_inode_permission+0x9/0x10
[  219.342395][ T9800]  ? security_inode_permission+0xbf/0x260
[  219.342413][ T9800]  ? inode_permission+0x156/0x630
[  219.342430][ T9800]  ? __pfx_ovl_lookup+0x10/0x10
[  219.342452][ T9800]  lookup_open.isra.0+0x4da/0x1580
[  219.342479][ T9800]  ? __pfx_lookup_open.isra.0+0x10/0x10
[  219.342499][ T9800]  ? find_held_lock+0x2b/0x80
[  219.342519][ T9800]  ? __pfx_down_write+0x10/0x10
[  219.342547][ T9800]  path_openat+0x893/0x2cb0
[  219.342568][ T9800]  ? __pfx_path_openat+0x10/0x10
[  219.342583][ T9800]  do_filp_open+0x20b/0x470
[  219.342652][ T9800]  ? __pfx_do_filp_open+0x10/0x10
[  219.342675][ T9800]  ? alloc_fd+0x471/0x7d0
[  219.342691][ T9800]  do_sys_openat2+0x11b/0x1d0
[  219.342708][ T9800]  ? __pfx_do_sys_openat2+0x10/0x10
[  219.342725][ T9800]  ? __fget_files+0x20e/0x3c0
[  219.342734][ T9800]  ? handle_mm_fault+0x270/0xd10
[  219.342754][ T9800]  __ia32_compat_sys_open+0x146/0x1e0
[  219.342771][ T9800]  ? __pfx___ia32_compat_sys_open+0x10/0x10
[  219.342790][ T9800]  ? rcu_is_watching+0x12/0xc0
[  219.342803][ T9800]  ? syscall_enter_from_user_mode_prepare+0x68/0xe0
[  219.342820][ T9800]  __do_fast_syscall_32+0x7c/0x300
[  219.342834][ T9800]  do_fast_syscall_32+0x32/0x80
[  219.342847][ T9800]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  219.342861][ T9800] RIP: 0023:0xf70bd579
[  219.342871][ T9800] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  219.342881][ T9800] RSP: 002b:00000000f54ad55c EFLAGS: 00000296 ORIG_RAX: 0000000000000005
[  219.342892][ T9800] RAX: ffffffffffffffda RBX: 0000000080000200 RCX: 00000000001612c2
[  219.342899][ T9800] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  219.342905][ T9800] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  219.342911][ T9800] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  219.342917][ T9800] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  219.342932][ T9800]  </TASK>
[  219.468870][ T9800] overlayfs: failed inode index lookup (ino=1448, key=00fb210001ecaa3d4535a44bc6985f62f2f91c46d89555b64ca805000000000000, err=-12);
[  219.468870][ T9800] overlayfs: mount with '-o index=off' to disable inodes index.
[  219.935921][ T9813] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1096'.
[  220.243910][ T9825] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  223.826068][   T40] kauditd_printk_skb: 26 callbacks suppressed
[  223.826084][   T40] audit: type=1800 audit(1759825711.292:511): pid=9905 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.1128" name="SYSV00000000" dev="hugetlbfs" ino=8 res=0 errno=0
[  224.807839][ T9933] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1136'.
[  227.247233][ T9958] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(6)
[  227.250704][ T9958] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  227.256151][ T9958] vhci_hcd vhci_hcd.0: Device attached
[  227.386298][ T9960] vhci_hcd: connection closed
[  227.392443][ T1151] vhci_hcd: stop threads
[  227.396409][ T1151] vhci_hcd: release socket
[  227.398481][ T1151] vhci_hcd: disconnect device
[  227.444424][   T24] vhci_hcd: vhci_device speed not set
[  228.529681][ T9987] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1154'.
[  229.451177][T10006] kernel profiling enabled (shift: 6)
[  229.500042][T10006] can-isotp: isotp_sendmsg: can_send_ret -ENETDOWN
[  229.502810][T10006] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1162'.
[  230.079054][   T54] libceph: connect (1)[c::]:6789 error -13
[  230.087147][   T54] libceph: mon0 (1)[c::]:6789 connect error
[  230.345641][   T54] libceph: connect (1)[c::]:6789 error -13
[  230.347369][T10024] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1164'.
[  230.347572][   T54] libceph: mon0 (1)[c::]:6789 connect error
[  230.620729][T10015] ceph: No mds server is up or the cluster is laggy
[  232.295202][T10065] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1179'.
[  232.724808][T10076] netlink: 'syz.0.1181': attribute type 4 has an invalid length.
[  232.741273][T10076] netlink: 'syz.0.1181': attribute type 4 has an invalid length.
[  233.223203][   T40] audit: type=1326 audit(1759825720.682:512): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10067 comm="syz.2.1180" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb2579 code=0x7fc00000
[  233.233044][   T40] audit: type=1326 audit(1759825720.682:513): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10067 comm="syz.2.1180" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7fb2579 code=0x7fc00000
[  233.242774][   T40] audit: type=1326 audit(1759825720.682:514): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10067 comm="syz.2.1180" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb2579 code=0x7fc00000
[  233.251494][   T40] audit: type=1326 audit(1759825720.682:515): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10067 comm="syz.2.1180" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb2579 code=0x7fc00000
[  233.259241][   T40] audit: type=1326 audit(1759825720.682:516): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10067 comm="syz.2.1180" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb2579 code=0x7fc00000
[  233.267797][   T40] audit: type=1326 audit(1759825720.682:517): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10067 comm="syz.2.1180" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb2579 code=0x7fc00000
[  233.275069][   T40] audit: type=1326 audit(1759825720.682:518): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10067 comm="syz.2.1180" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb2579 code=0x7fc00000
[  233.282315][   T40] audit: type=1326 audit(1759825720.682:519): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10067 comm="syz.2.1180" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb2579 code=0x7fc00000
[  233.289455][   T40] audit: type=1326 audit(1759825720.682:520): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10067 comm="syz.2.1180" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb2579 code=0x7fc00000
[  233.304272][   T40] audit: type=1326 audit(1759825720.682:521): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10067 comm="syz.2.1180" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb2579 code=0x7fc00000
[  233.677763][T10094] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1188'.
[  234.718161][T10110] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(6)
[  234.720313][T10110] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  234.722866][T10110] vhci_hcd vhci_hcd.0: Device attached
[  234.974164][   T24] usb 41-1: new low-speed USB device number 8 using vhci_hcd
[  235.062631][ T5955] libceph: connect (1)[c::]:6789 error -101
[  235.064843][ T5955] libceph: mon0 (1)[c::]:6789 connect error
[  235.335446][ T5955] libceph: connect (1)[c::]:6789 error -101
[  235.337839][ T5955] libceph: mon0 (1)[c::]:6789 connect error
[  235.355305][T10111] vhci_hcd: connection reset by peer
[  235.359743][   T61] vhci_hcd: stop threads
[  235.361781][   T61] vhci_hcd: release socket
[  235.364228][   T61] vhci_hcd: disconnect device
[  235.648211][T10117] ceph: No mds server is up or the cluster is laggy
[  235.929109][ T5943] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  235.932717][ T5943] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  235.937256][ T5943] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  235.955441][ T5943] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  235.961164][ T5943] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  235.990236][T10129] lo speed is unknown, defaulting to 1000
[  235.993730][T10129] lo speed is unknown, defaulting to 1000
[  236.188791][T10129] chnl_net:caif_netlink_parms(): no params data found
[  236.202351][T10144] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1203'.
[  236.319898][T10129] bridge0: port 1(bridge_slave_0) entered blocking state
[  236.322967][T10129] bridge0: port 1(bridge_slave_0) entered disabled state
[  236.325778][T10129] bridge_slave_0: entered allmulticast mode
[  236.329063][T10129] bridge_slave_0: entered promiscuous mode
[  236.332773][T10129] bridge0: port 2(bridge_slave_1) entered blocking state
[  236.336062][T10129] bridge0: port 2(bridge_slave_1) entered disabled state
[  236.339410][T10129] bridge_slave_1: entered allmulticast mode
[  236.343120][T10129] bridge_slave_1: entered promiscuous mode
[  236.458245][T10129] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  236.463282][T10129] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  236.528625][T10129] team0: Port device team_slave_0 added
[  236.532302][T10129] team0: Port device team_slave_1 added
[  236.571924][T10129] batman_adv: batadv0: Adding interface: batadv_slave_0
[  236.574643][T10129] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  236.583052][T10129] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  236.587971][T10129] batman_adv: batadv0: Adding interface: batadv_slave_1
[  236.589954][T10129] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  236.598232][T10129] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  236.650925][T10129] hsr_slave_0: entered promiscuous mode
[  236.653262][T10129] hsr_slave_1: entered promiscuous mode
[  236.655867][T10129] debugfs: 'hsr0' already exists in 'hsr'
[  236.657686][T10129] Cannot create hsr debugfs directory
[  236.781997][T10129] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  236.792245][T10129] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  236.803701][T10129] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  236.812700][T10129] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  236.858375][T10129] bridge0: port 2(bridge_slave_1) entered blocking state
[  236.860850][T10129] bridge0: port 2(bridge_slave_1) entered forwarding state
[  236.863295][T10129] bridge0: port 1(bridge_slave_0) entered blocking state
[  236.866024][T10129] bridge0: port 1(bridge_slave_0) entered forwarding state
[  236.916675][T10129] 8021q: adding VLAN 0 to HW filter on device bond0
[  236.929585][ T1151] bridge0: port 1(bridge_slave_0) entered disabled state
[  236.933801][ T1151] bridge0: port 2(bridge_slave_1) entered disabled state
[  237.045988][T10129] 8021q: adding VLAN 0 to HW filter on device team0
[  237.053938][   T61] bridge0: port 1(bridge_slave_0) entered blocking state
[  237.056837][   T61] bridge0: port 1(bridge_slave_0) entered forwarding state
[  237.063391][ T1151] bridge0: port 2(bridge_slave_1) entered blocking state
[  237.065785][ T1151] bridge0: port 2(bridge_slave_1) entered forwarding state
[  237.072022][T10179] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1208'.
[  237.072032][T10180] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1208'.
[  237.208953][T10129] 8021q: adding VLAN 0 to HW filter on device batadv0
[  237.340910][T10129] veth0_vlan: entered promiscuous mode
[  237.346308][T10129] veth1_vlan: entered promiscuous mode
[  237.362395][T10129] veth0_macvtap: entered promiscuous mode
[  237.367246][T10129] veth1_macvtap: entered promiscuous mode
[  237.377290][T10129] batman_adv: batadv0: Interface activated: batadv_slave_0
[  237.385987][T10129] batman_adv: batadv0: Interface activated: batadv_slave_1
[  237.391893][ T1142] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  237.395466][ T1142] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  237.401860][ T1142] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  237.405197][ T1142] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  237.451330][ T1151] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  237.455630][ T1151] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  237.471386][ T1143] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  237.473853][ T1143] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  237.819272][T10204] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1197'.
[  238.035064][ T5942] Bluetooth: hci4: command tx timeout
[  238.454163][T10209] usb 9-1: new high-speed USB device number 2 using dummy_hcd
[  238.615052][T10209] usb 9-1: Using ep0 maxpacket: 32
[  238.625617][T10209] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  238.628627][T10209] usb 9-1: config 0 has no interfaces?
[  238.630294][T10209] usb 9-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  238.636513][T10209] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  238.642118][T10209] usb 9-1: config 0 descriptor??
[  239.095229][T10247] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1224'.
[  239.127798][T10249] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(6)
[  239.129987][T10249] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  239.132774][T10249] vhci_hcd vhci_hcd.0: Device attached
[  239.374147][   T54] usb 37-1: new low-speed USB device number 9 using vhci_hcd
[  239.859058][T10252] vhci_hcd: connection reset by peer
[  239.864395][ T1143] vhci_hcd: stop threads
[  239.865890][ T1143] vhci_hcd: release socket
[  239.867427][ T1143] vhci_hcd: disconnect device
[  240.114178][ T5942] Bluetooth: hci4: command tx timeout
[  240.114345][   T24] vhci_hcd: vhci_device speed not set
[  241.036408][  T840] usb 9-1: USB disconnect, device number 2
[  241.552310][T10330] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1251'.
[  241.596972][T10331] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(6)
[  241.599159][T10331] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  241.601875][T10331] vhci_hcd vhci_hcd.0: Device attached
[  241.844225][ T1022] usb 41-1: new low-speed USB device number 9 using vhci_hcd
[  242.140944][T10333] vhci_hcd: connection reset by peer
[  242.143650][   T12] vhci_hcd: stop threads
[  242.145246][   T12] vhci_hcd: release socket
[  242.146917][   T12] vhci_hcd: disconnect device
[  242.194164][ T5942] Bluetooth: hci4: command tx timeout
[  242.448894][T10360] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  243.367328][T10392] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1272'.
[  244.304253][ T5942] Bluetooth: hci4: command tx timeout
[  244.524230][   T54] vhci_hcd: vhci_device speed not set
[  244.844315][T10434] usb usb5: usbfs: process 10434 (syz.4.1282) did not claim interface 0 before use
[  244.851018][T10434] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1282'.
[  244.853976][T10434] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1282'.
[  244.992661][T10435] lo speed is unknown, defaulting to 1000
[  245.008095][T10435] lo speed is unknown, defaulting to 1000
[  246.040065][T10466] kvm: requested 162590 ns i8254 timer period limited to 200000 ns
[  246.396141][T10492] befs: (loop7): No write support. Marking filesystem read-only
[  246.399021][T10492] befs: (loop7): unable to read superblock
[  246.649792][T10509] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1313'.
[  246.728818][   T24] libceph: connect (1)[c::]:6789 error -101
[  246.730821][   T24] libceph: mon0 (1)[c::]:6789 connect error
[  246.773748][T10511] ceph: No mds server is up or the cluster is laggy
[  247.004428][ T1022] vhci_hcd: vhci_device speed not set
[  247.037359][ T5943] Bluetooth: hci3: Dropping invalid advertising data
[  247.040016][ T5943] Bluetooth: hci3: Dropping invalid advertising data
[  247.042563][ T5943] Bluetooth: hci3: Malformed LE Event: 0x02
[  247.178802][T10526] FAULT_INJECTION: forcing a failure.
[  247.178802][T10526] name failslab, interval 1, probability 0, space 0, times 0
[  247.183956][T10526] CPU: 3 UID: 0 PID: 10526 Comm: syz.0.1318 Not tainted syzkaller #0 PREEMPT(full) 
[  247.183972][T10526] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  247.183979][T10526] Call Trace:
[  247.183983][T10526]  <TASK>
[  247.183988][T10526]  dump_stack_lvl+0x16c/0x1f0
[  247.184005][T10526]  should_fail_ex+0x512/0x640
[  247.184039][T10526]  ? trace_fib_table_lookup+0x19f/0x220
[  247.184061][T10526]  should_failslab+0xc2/0x120
[  247.184087][T10526]  kmem_cache_alloc_noprof+0x75/0x6e0
[  247.184106][T10526]  ? dst_alloc+0x99/0x1a0
[  247.184125][T10526]  ? dst_alloc+0x99/0x1a0
[  247.184136][T10526]  dst_alloc+0x99/0x1a0
[  247.184152][T10526]  rt_dst_alloc+0x35/0x3a0
[  247.184175][T10526]  ip_route_output_key_hash_rcu+0x87a/0x28e0
[  247.184206][T10526]  ip_route_output_key_hash+0x10f/0x2b0
[  247.184224][T10526]  ? __pfx_ip_route_output_key_hash+0x10/0x10
[  247.184241][T10526]  ? aa_label_sk_perm+0x195/0x600
[  247.184280][T10526]  tcp_v4_connect+0x81c/0x1bb0
[  247.184312][T10526]  ? __pfx_tcp_v4_connect+0x10/0x10
[  247.184337][T10526]  ? __lock_acquire+0xb97/0x1ce0
[  247.184364][T10526]  __inet_stream_connect+0x912/0xf50
[  247.184398][T10526]  ? __pfx___inet_stream_connect+0x10/0x10
[  247.184424][T10526]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  247.184453][T10526]  ? __pfx_inet_stream_connect+0x10/0x10
[  247.184480][T10526]  ? __local_bh_enable_ip+0xa4/0x120
[  247.184495][T10526]  ? __pfx_inet_stream_connect+0x10/0x10
[  247.184511][T10526]  inet_stream_connect+0x57/0xa0
[  247.184529][T10526]  __sys_connect_file+0x141/0x1a0
[  247.184542][T10526]  __sys_connect+0x13b/0x160
[  247.184552][T10526]  ? __pfx___sys_connect+0x10/0x10
[  247.184561][T10526]  ? handle_mm_fault+0x270/0xd10
[  247.184583][T10526]  ? __pfx_ksys_write+0x10/0x10
[  247.184599][T10526]  __ia32_sys_connect+0x71/0xb0
[  247.184609][T10526]  ? syscall_enter_from_user_mode_prepare+0x68/0xe0
[  247.184623][T10526]  __do_fast_syscall_32+0x7c/0x300
[  247.184637][T10526]  do_fast_syscall_32+0x32/0x80
[  247.184650][T10526]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  247.184664][T10526] RIP: 0023:0xf6ffd579
[  247.184673][T10526] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  247.184684][T10526] RSP: 002b:00000000f53ed55c EFLAGS: 00000296 ORIG_RAX: 000000000000016a
[  247.184695][T10526] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000180
[  247.184702][T10526] RDX: 0000000000000010 RSI: 0000000000000000 RDI: 0000000000000000
[  247.184709][T10526] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  247.184715][T10526] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  247.184721][T10526] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  247.184735][T10526]  </TASK>
[  247.855695][T10546] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6)
[  247.857783][T10546] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  247.860334][T10546] vhci_hcd vhci_hcd.0: Device attached
[  248.006895][T10557] vhci_hcd: connection closed
[  248.007264][   T77] vhci_hcd: stop threads
[  248.010410][   T77] vhci_hcd: release socket
[  248.011867][   T77] vhci_hcd: disconnect device
[  248.594259][ T5943] Bluetooth: hci4: command 0x0406 tx timeout
[  248.799945][T10572] FAULT_INJECTION: forcing a failure.
[  248.799945][T10572] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  248.805664][T10572] CPU: 3 UID: 0 PID: 10572 Comm: syz.0.1337 Not tainted syzkaller #0 PREEMPT(full) 
[  248.805681][T10572] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  248.805689][T10572] Call Trace:
[  248.805692][T10572]  <TASK>
[  248.805697][T10572]  dump_stack_lvl+0x16c/0x1f0
[  248.805713][T10572]  should_fail_ex+0x512/0x640
[  248.805729][T10572]  _copy_to_user+0x32/0xd0
[  248.805744][T10572]  mptcp_getsockopt_full_info+0x5f4/0x6e0
[  248.805759][T10572]  ? __alloc_frozen_pages_noprof+0x292/0x2470
[  248.805774][T10572]  ? __pfx_mptcp_getsockopt_full_info+0x10/0x10
[  248.805787][T10572]  ? find_held_lock+0x2b/0x80
[  248.805800][T10572]  ? is_bpf_text_address+0x8a/0x1a0
[  248.805817][T10572]  ? __lock_acquire+0x62e/0x1ce0
[  248.805838][T10572]  ? __lock_acquire+0x62e/0x1ce0
[  248.805854][T10572]  ? __lock_acquire+0xb97/0x1ce0
[  248.805873][T10572]  ? register_lock_class+0x41/0x4c0
[  248.805890][T10572]  ? __lock_acquire+0xb97/0x1ce0
[  248.805906][T10572]  ? mptcp_release_cb+0x746/0xa60
[  248.805918][T10572]  ? reacquire_held_locks+0xcd/0x1f0
[  248.805933][T10572]  ? release_sock+0x21/0x220
[  248.805946][T10572]  ? do_raw_spin_lock+0x12c/0x2b0
[  248.805964][T10572]  ? find_held_lock+0x2b/0x80
[  248.805976][T10572]  ? mptcp_getsockopt+0x16a/0xe20
[  248.805989][T10572]  ? rcu_is_watching+0x12/0xc0
[  248.806000][T10572]  ? __local_bh_enable_ip+0xa4/0x120
[  248.806019][T10572]  mptcp_getsockopt+0x2b5/0xe20
[  248.806033][T10572]  ? __pfx_mptcp_getsockopt+0x10/0x10
[  248.806047][T10572]  ? __lock_acquire+0x62e/0x1ce0
[  248.806064][T10572]  ? aa_sock_opt_perm+0xfd/0x1c0
[  248.806080][T10572]  ? __pfx_sock_common_getsockopt+0x10/0x10
[  248.806094][T10572]  do_sock_getsockopt+0x34d/0x440
[  248.806110][T10572]  ? __pfx_do_sock_getsockopt+0x10/0x10
[  248.806124][T10572]  ? __fget_files+0x204/0x3c0
[  248.806142][T10572]  __sys_getsockopt+0x123/0x1b0
[  248.806156][T10572]  __ia32_sys_getsockopt+0xbc/0x160
[  248.806167][T10572]  ? lockdep_hardirqs_on+0x7c/0x110
[  248.806179][T10572]  ? syscall_enter_from_user_mode_prepare+0x68/0xe0
[  248.806193][T10572]  __do_fast_syscall_32+0x7c/0x300
[  248.806207][T10572]  do_fast_syscall_32+0x32/0x80
[  248.806220][T10572]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  248.806234][T10572] RIP: 0023:0xf6ffd579
[  248.806243][T10572] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  248.806254][T10572] RSP: 002b:00000000f53ed55c EFLAGS: 00000296 ORIG_RAX: 000000000000016d
[  248.806265][T10572] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000000011c
[  248.806271][T10572] RDX: 0000000000000004 RSI: 0000000080000100 RDI: 00000000800001c0
[  248.806278][T10572] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  248.806284][T10572] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  248.806290][T10572] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  248.806304][T10572]  </TASK>
[  250.045045][T10601] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1342'.
[  251.555642][T10608] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(4)
[  251.557717][T10608] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  251.560238][T10608] vhci_hcd vhci_hcd.0: Device attached
[  251.601166][T10616] vhci_hcd: connection closed
[  251.601373][   T12] vhci_hcd: stop threads
[  251.605039][   T12] vhci_hcd: release socket
[  251.606636][   T12] vhci_hcd: disconnect device
[  252.406015][T10622] FAULT_INJECTION: forcing a failure.
[  252.406015][T10622] name failslab, interval 1, probability 0, space 0, times 0
[  252.411828][T10622] CPU: 2 UID: 0 PID: 10622 Comm: syz.4.1351 Not tainted syzkaller #0 PREEMPT(full) 
[  252.411853][T10622] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  252.411865][T10622] Call Trace:
[  252.411872][T10622]  <TASK>
[  252.411879][T10622]  dump_stack_lvl+0x16c/0x1f0
[  252.411904][T10622]  should_fail_ex+0x512/0x640
[  252.411924][T10622]  ? fs_reclaim_acquire+0xae/0x150
[  252.411950][T10622]  should_failslab+0xc2/0x120
[  252.411973][T10622]  __kmalloc_noprof+0xdd/0x880
[  252.412001][T10622]  ? tomoyo_encode2+0x100/0x3e0
[  252.412023][T10622]  ? tomoyo_encode2+0x100/0x3e0
[  252.412040][T10622]  tomoyo_encode2+0x100/0x3e0
[  252.412061][T10622]  tomoyo_encode+0x29/0x50
[  252.412077][T10622]  tomoyo_realpath_from_path+0x18f/0x6e0
[  252.412104][T10622]  tomoyo_path_number_perm+0x245/0x580
[  252.412128][T10622]  ? tomoyo_path_number_perm+0x237/0x580
[  252.412162][T10622]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  252.412216][T10622]  ? find_held_lock+0x2b/0x80
[  252.412234][T10622]  ? hook_file_ioctl_common+0x145/0x410
[  252.412267][T10622]  ? __fget_files+0x20e/0x3c0
[  252.412288][T10622]  security_file_ioctl_compat+0x9b/0x240
[  252.412316][T10622]  __ia32_compat_sys_ioctl+0xc3/0x370
[  252.412345][T10622]  __do_fast_syscall_32+0x7c/0x300
[  252.412368][T10622]  do_fast_syscall_32+0x32/0x80
[  252.412389][T10622]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  252.412411][T10622] RIP: 0023:0xf7f33579
[  252.412425][T10622] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  252.412442][T10622] RSP: 002b:00000000f542655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  252.412462][T10622] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c0d05605
[  252.412472][T10622] RDX: 00000000800000c0 RSI: 0000000000000000 RDI: 0000000000000000
[  252.412482][T10622] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  252.412492][T10622] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  252.412501][T10622] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  252.412526][T10622]  </TASK>
[  252.412546][T10622] ERROR: Out of memory at tomoyo_realpath_from_path.
[  254.455682][T10687] 9pnet_virtio: no channels available for device syz
[  254.539457][T10689] kvm: Disabled LAPIC found during irq injection
[  255.857710][T10704] bond0: (slave bond_slave_0): Releasing backup interface
[  255.895617][T10704] bond0: (slave bond_slave_1): Releasing backup interface
[  255.920273][T10704] team0: Port device team_slave_0 removed
[  255.930608][T10704] team0: Port device team_slave_1 removed
[  255.933058][T10704] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  255.944803][T10704] batman_adv: batadv0: Removing interface: batadv_slave_0
[  255.958145][T10707] netlink: 'syz.3.1374': attribute type 10 has an invalid length.
[  255.973397][T10704] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  255.976370][T10704] batman_adv: batadv0: Removing interface: batadv_slave_1
[  255.997177][T10704] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[  256.120469][T10714] xt_l2tp: v2 sid > 0xffff: 1114112
[  256.138909][T10706] team0: Mode changed to "loadbalance"
[  256.149273][T10714] 9pnet_fd: Insufficient options for proto=fd
[  256.162199][T10707] 8021q: adding VLAN 0 to HW filter on device bond0
[  256.172852][T10707] team0: Port device bond0 added
[  256.418581][T10730] usb usb5: usbfs: process 10730 (syz.2.1377) did not claim interface 0 before use
[  256.429145][T10730] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1377'.
[  256.431969][T10730] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1377'.
[  256.576996][T10732] lo speed is unknown, defaulting to 1000
[  256.587372][T10732] lo speed is unknown, defaulting to 1000
[  256.879706][T10734] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(12)
[  256.881833][T10734] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  256.884793][T10734] vhci_hcd vhci_hcd.0: Device attached
[  256.915576][T10734] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1380'.
[  257.179766][T10739] FAULT_INJECTION: forcing a failure.
[  257.179766][T10739] name failslab, interval 1, probability 0, space 0, times 0
[  257.183776][T10739] CPU: 3 UID: 0 PID: 10739 Comm: syz.4.1383 Not tainted syzkaller #0 PREEMPT(full) 
[  257.183791][T10739] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  257.183798][T10739] Call Trace:
[  257.183803][T10739]  <TASK>
[  257.183808][T10739]  dump_stack_lvl+0x16c/0x1f0
[  257.183825][T10739]  should_fail_ex+0x512/0x640
[  257.183839][T10739]  ? fs_reclaim_acquire+0xae/0x150
[  257.183861][T10739]  should_failslab+0xc2/0x120
[  257.183876][T10739]  __kmalloc_noprof+0xdd/0x880
[  257.183896][T10739]  ? tomoyo_encode2+0x100/0x3e0
[  257.183910][T10739]  ? tomoyo_encode2+0x100/0x3e0
[  257.183920][T10739]  tomoyo_encode2+0x100/0x3e0
[  257.183932][T10739]  tomoyo_encode+0x29/0x50
[  257.183943][T10739]  tomoyo_realpath_from_path+0x18f/0x6e0
[  257.183959][T10739]  tomoyo_path_number_perm+0x245/0x580
[  257.183975][T10739]  ? tomoyo_path_number_perm+0x237/0x580
[  257.183992][T10739]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  257.184034][T10739]  ? find_held_lock+0x2b/0x80
[  257.184048][T10739]  ? hook_file_ioctl_common+0x145/0x410
[  257.184069][T10739]  ? __fget_files+0x20e/0x3c0
[  257.184083][T10739]  security_file_ioctl_compat+0x9b/0x240
[  257.184102][T10739]  __ia32_compat_sys_ioctl+0xc3/0x370
[  257.184121][T10739]  __do_fast_syscall_32+0x7c/0x300
[  257.184136][T10739]  do_fast_syscall_32+0x32/0x80
[  257.184149][T10739]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  257.184164][T10739] RIP: 0023:0xf7f33579
[  257.184172][T10739] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  257.184183][T10739] RSP: 002b:00000000f542655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  257.184193][T10739] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c008551a
[  257.184200][T10739] RDX: 0000000080000540 RSI: 0000000000000000 RDI: 0000000000000000
[  257.184207][T10739] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  257.184213][T10739] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  257.184219][T10739] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  257.184233][T10739]  </TASK>
[  257.194498][ T6005] usb 37-1: new low-speed USB device number 10 using vhci_hcd
[  257.216039][T10739] ERROR: Out of memory at tomoyo_realpath_from_path.
[  257.458967][T10735] vhci_hcd: connection reset by peer
[  257.488245][ T1151] vhci_hcd: stop threads
[  257.489853][ T1151] vhci_hcd: release socket
[  257.491318][ T1151] vhci_hcd: disconnect device
[  259.754550][T10789] syz_tun: entered allmulticast mode
[  260.436708][ T1416] ieee802154 phy0 wpan0: encryption failed: -22
[  260.439025][ T1416] ieee802154 phy1 wpan1: encryption failed: -22
[  262.543416][ T6005] vhci_hcd: vhci_device speed not set
[  262.720847][T10838] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1413'.
[  262.894376][ T6875] udevd[6875]: inotify_add_watch(7, /dev/loop0, 10) failed: No such file or directory
[  263.699033][T10882] lo speed is unknown, defaulting to 1000
[  263.701627][T10882] lo speed is unknown, defaulting to 1000
[  263.765709][T10886] FAULT_INJECTION: forcing a failure.
[  263.765709][T10886] name failslab, interval 1, probability 0, space 0, times 0
[  263.771199][T10886] CPU: 0 UID: 0 PID: 10886 Comm: syz.0.1429 Not tainted syzkaller #0 PREEMPT(full) 
[  263.771215][T10886] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  263.771222][T10886] Call Trace:
[  263.771226][T10886]  <TASK>
[  263.771231][T10886]  dump_stack_lvl+0x16c/0x1f0
[  263.771248][T10886]  should_fail_ex+0x512/0x640
[  263.771261][T10886]  ? fs_reclaim_acquire+0xae/0x150
[  263.771277][T10886]  should_failslab+0xc2/0x120
[  263.771291][T10886]  __kmalloc_noprof+0xdd/0x880
[  263.771309][T10886]  ? tomoyo_encode2+0x100/0x3e0
[  263.771323][T10886]  ? tomoyo_encode2+0x100/0x3e0
[  263.771333][T10886]  tomoyo_encode2+0x100/0x3e0
[  263.771345][T10886]  tomoyo_encode+0x29/0x50
[  263.771367][T10886]  tomoyo_realpath_from_path+0x18f/0x6e0
[  263.771385][T10886]  tomoyo_path_number_perm+0x245/0x580
[  263.771430][T10886]  ? tomoyo_path_number_perm+0x237/0x580
[  263.771450][T10886]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  263.771495][T10886]  ? find_held_lock+0x2b/0x80
[  263.771508][T10886]  ? hook_file_ioctl_common+0x145/0x410
[  263.771529][T10886]  ? __fget_files+0x20e/0x3c0
[  263.771543][T10886]  security_file_ioctl_compat+0x9b/0x240
[  263.771562][T10886]  __ia32_compat_sys_ioctl+0xc3/0x370
[  263.771580][T10886]  __do_fast_syscall_32+0x7c/0x300
[  263.771595][T10886]  do_fast_syscall_32+0x32/0x80
[  263.771607][T10886]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  263.771622][T10886] RIP: 0023:0xf6ffd579
[  263.771631][T10886] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  263.771642][T10886] RSP: 002b:00000000f53ed55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  263.771653][T10886] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c0d05640
[  263.771660][T10886] RDX: 00000000800001c0 RSI: 0000000000000000 RDI: 0000000000000000
[  263.771666][T10886] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  263.771672][T10886] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  263.771678][T10886] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  263.771692][T10886]  </TASK>
[  263.771815][T10886] ERROR: Out of memory at tomoyo_realpath_from_path.
[  265.061835][T10876] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1427'.
[  265.330169][T10913] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(12)
[  265.333546][T10913] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  265.338101][T10913] vhci_hcd vhci_hcd.0: Device attached
[  265.404807][T10913] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1435'.
[  265.607023][   T54] usb 41-1: new low-speed USB device number 10 using vhci_hcd
[  266.221661][T10916] vhci_hcd: connection reset by peer
[  266.224944][   T46] vhci_hcd: stop threads
[  266.230722][   T46] vhci_hcd: release socket
[  266.233843][   T46] vhci_hcd: disconnect device
[  266.895314][T10935] netlink: 'syz.2.1441': attribute type 30 has an invalid length.
[  267.075345][T10935] bond2: option arp_missed_max: invalid value (0)
[  267.077519][T10935] bond2: option arp_missed_max: allowed values 1 - 255
[  267.104596][T10942] netlink: 'syz.2.1441': attribute type 10 has an invalid length.
[  267.220996][T10935] bond2 (unregistering): Released all slaves
[  267.274808][T10936] bridge_slave_0: left allmulticast mode
[  267.277097][T10936] bridge_slave_0: left promiscuous mode
[  267.279885][T10936] bridge0: port 1(bridge_slave_0) entered disabled state
[  267.298982][T10936] bridge_slave_1: left allmulticast mode
[  267.301909][T10936] bridge_slave_1: left promiscuous mode
[  267.305286][T10936] bridge0: port 2(bridge_slave_1) entered disabled state
[  267.359242][T10936] bond0: (slave bond_slave_0): Releasing backup interface
[  267.367784][T10936] bond0: (slave bond_slave_1): Releasing backup interface
[  267.384182][T10936] team0: Port device team_slave_0 removed
[  267.394715][T10936] team0: Port device team_slave_1 removed
[  267.398980][T10936] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  267.403529][T10936] batman_adv: batadv0: Removing interface: batadv_slave_0
[  267.409886][T10936] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  267.413227][T10936] batman_adv: batadv0: Removing interface: batadv_slave_1
[  267.438728][T10936] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[  267.483113][T10938] team0: Mode changed to "loadbalance"
[  267.560713][T10942] 8021q: adding VLAN 0 to HW filter on device bond0
[  267.581935][T10942] team0: Port device bond0 added
[  270.471908][T10973] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  270.478509][T10973] sit0: entered promiscuous mode
[  270.486634][T10973] netlink: 'syz.3.1451': attribute type 1 has an invalid length.
[  270.492404][T10973] netlink: 1 bytes leftover after parsing attributes in process `syz.3.1451'.
[  270.695263][T10978] Mount JFS Failure: -5
[  270.697709][T10978] jfs_mount failed w/return code = -5
[  270.744258][   T54] vhci_hcd: vhci_device speed not set
[  271.713596][T10998] netlink: 'syz.4.1460': attribute type 1 has an invalid length.
[  271.789527][T11002] sp0: Synchronizing with TNC
[  273.901686][T11042] FAULT_INJECTION: forcing a failure.
[  273.901686][T11042] name failslab, interval 1, probability 0, space 0, times 0
[  273.908522][T11042] CPU: 2 UID: 0 PID: 11042 Comm: syz.0.1473 Not tainted syzkaller #0 PREEMPT(full) 
[  273.908548][T11042] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  273.908559][T11042] Call Trace:
[  273.908566][T11042]  <TASK>
[  273.908573][T11042]  dump_stack_lvl+0x16c/0x1f0
[  273.908600][T11042]  should_fail_ex+0x512/0x640
[  273.908622][T11042]  ? fs_reclaim_acquire+0xae/0x150
[  273.908649][T11042]  should_failslab+0xc2/0x120
[  273.908673][T11042]  __kmalloc_noprof+0xdd/0x880
[  273.908702][T11042]  ? tomoyo_encode2+0x100/0x3e0
[  273.908725][T11042]  ? tomoyo_encode2+0x100/0x3e0
[  273.908743][T11042]  tomoyo_encode2+0x100/0x3e0
[  273.908765][T11042]  tomoyo_encode+0x29/0x50
[  273.908790][T11042]  tomoyo_realpath_from_path+0x18f/0x6e0
[  273.908812][T11042]  ? tomoyo_profile+0x47/0x60
[  273.908836][T11042]  tomoyo_path_number_perm+0x245/0x580
[  273.908862][T11042]  ? tomoyo_path_number_perm+0x237/0x580
[  273.908892][T11042]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  273.908947][T11042]  ? find_held_lock+0x2b/0x80
[  273.908966][T11042]  ? hook_file_ioctl_common+0x145/0x410
[  273.909001][T11042]  ? __fget_files+0x20e/0x3c0
[  273.909023][T11042]  security_file_ioctl_compat+0x9b/0x240
[  273.909054][T11042]  __ia32_compat_sys_ioctl+0xc3/0x370
[  273.909085][T11042]  __do_fast_syscall_32+0x7c/0x300
[  273.909108][T11042]  do_fast_syscall_32+0x32/0x80
[  273.909130][T11042]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  273.909153][T11042] RIP: 0023:0xf6ffd579
[  273.909167][T11042] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  273.909185][T11042] RSP: 002b:00000000f53ed55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  273.909203][T11042] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000004140aecd
[  273.909215][T11042] RDX: 0000000080000080 RSI: 0000000000000000 RDI: 0000000000000000
[  273.909225][T11042] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  273.909236][T11042] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  273.909247][T11042] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  273.909272][T11042]  </TASK>
[  273.909290][T11042] ERROR: Out of memory at tomoyo_realpath_from_path.
[  274.707926][T11073] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6)
[  274.710018][T11073] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  274.712510][T11073] vhci_hcd vhci_hcd.0: Device attached
[  275.034614][ T7452] usb 43-1: new low-speed USB device number 6 using vhci_hcd
[  275.533772][T11074] vhci_hcd: connection reset by peer
[  275.537792][   T12] vhci_hcd: stop threads
[  275.539422][   T12] vhci_hcd: release socket
[  275.541291][   T12] vhci_hcd: disconnect device
[  275.559439][T11087] hugetlbfs: Unknown parameter ''
[  275.646587][T11091] pimreg: entered allmulticast mode
[  276.169898][   T40] kauditd_printk_skb: 49 callbacks suppressed
[  276.169916][   T40] audit: type=1804 audit(1759825763.632:571): pid=11115 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.1495" name="/newroot/340/file0" dev="tmpfs" ino=1791 res=1 errno=0
[  276.367127][T11127] netlink: 'syz.0.1499': attribute type 27 has an invalid length.
[  276.401313][T11127] 8021q: adding VLAN 0 to HW filter on device bond0
[  276.405727][T11127] 8021q: adding VLAN 0 to HW filter on device team0
[  276.410272][T11127] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  276.487120][T11133] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6)
[  276.489801][T11133] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  276.492640][T11133] vhci_hcd vhci_hcd.0: Device attached
[  277.129847][T11134] vhci_hcd: connection closed
[  277.130103][   T46] vhci_hcd: stop threads
[  277.133280][   T46] vhci_hcd: release socket
[  277.135254][   T46] vhci_hcd: disconnect device
[  277.162800][T11154] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1507'.
[  277.194770][   T40] audit: type=1804 audit(1759825764.652:572): pid=11155 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.1505" name="/newroot/347/bus" dev="tmpfs" ino=1828 res=1 errno=0
[  278.176956][T11184] FAULT_INJECTION: forcing a failure.
[  278.176956][T11184] name failslab, interval 1, probability 0, space 0, times 0
[  278.182381][T11184] CPU: 2 UID: 0 PID: 11184 Comm: syz.0.1516 Not tainted syzkaller #0 PREEMPT(full) 
[  278.182400][T11184] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  278.182408][T11184] Call Trace:
[  278.182412][T11184]  <TASK>
[  278.182418][T11184]  dump_stack_lvl+0x16c/0x1f0
[  278.182437][T11184]  should_fail_ex+0x512/0x640
[  278.182453][T11184]  ? kmem_cache_alloc_lru_noprof+0x66/0x6e0
[  278.182469][T11184]  should_failslab+0xc2/0x120
[  278.182486][T11184]  kmem_cache_alloc_lru_noprof+0x79/0x6e0
[  278.182500][T11184]  ? __d_alloc+0x32/0xae0
[  278.182517][T11184]  ? __d_alloc+0x32/0xae0
[  278.182529][T11184]  __d_alloc+0x32/0xae0
[  278.182545][T11184]  d_alloc_parallel+0x111/0x1480
[  278.182569][T11184]  ? map_id_range_up+0x2ce/0x3b0
[  278.182582][T11184]  ? __pfx_d_alloc_parallel+0x10/0x10
[  278.182603][T11184]  ? lockdep_init_map_type+0x5c/0x280
[  278.182623][T11184]  ? lockdep_init_map_type+0x5c/0x280
[  278.182643][T11184]  __lookup_slow+0x193/0x460
[  278.182662][T11184]  ? __pfx___lookup_slow+0x10/0x10
[  278.182688][T11184]  ? wb_shutdown+0xb0/0x240
[  278.182708][T11184]  ? wb_shutdown+0xb0/0x240
[  278.182722][T11184]  ? d_lookup+0xe7/0x190
[  278.182743][T11184]  lookup_one_unlocked+0xd4/0x120
[  278.182762][T11184]  ovl_lookup_single+0x435/0x1330
[  278.182787][T11184]  ? __pfx_ovl_lookup_single+0x10/0x10
[  278.182810][T11184]  ovl_lookup_layer+0x3d4/0x480
[  278.182832][T11184]  ? __pfx_ovl_lookup_layer+0x10/0x10
[  278.182849][T11184]  ? __lock_acquire+0xb97/0x1ce0
[  278.182870][T11184]  ovl_lookup+0x5bc/0x21a0
[  278.182892][T11184]  ? find_held_lock+0x2b/0x80
[  278.182907][T11184]  ? __pfx_ovl_lookup+0x10/0x10
[  278.182927][T11184]  ? d_alloc_parallel+0x828/0x1480
[  278.182949][T11184]  ? find_held_lock+0x2b/0x80
[  278.182966][T11184]  ? __d_lookup+0x266/0x4a0
[  278.182987][T11184]  ? __pfx_ovl_lookup+0x10/0x10
[  278.183005][T11184]  lookup_open.isra.0+0x4da/0x1580
[  278.183029][T11184]  ? __pfx_lookup_open.isra.0+0x10/0x10
[  278.183056][T11184]  ? lookup_fast+0x156/0x610
[  278.183076][T11184]  path_openat+0x893/0x2cb0
[  278.183093][T11184]  ? __pfx_path_openat+0x10/0x10
[  278.183106][T11184]  ? __lock_acquire+0xb97/0x1ce0
[  278.183123][T11184]  do_filp_open+0x20b/0x470
[  278.183136][T11184]  ? __pfx_do_filp_open+0x10/0x10
[  278.183159][T11184]  ? _raw_spin_unlock+0x28/0x50
[  278.183169][T11184]  ? alloc_fd+0x471/0x7d0
[  278.183185][T11184]  do_sys_openat2+0x11b/0x1d0
[  278.183201][T11184]  ? __pfx_do_sys_openat2+0x10/0x10
[  278.183219][T11184]  ? __fget_files+0x20e/0x3c0
[  278.183229][T11184]  ? handle_mm_fault+0x270/0xd10
[  278.183249][T11184]  __ia32_compat_sys_openat+0x16d/0x210
[  278.183271][T11184]  ? __pfx___ia32_compat_sys_openat+0x10/0x10
[  278.183319][T11184]  ? ksys_write+0x1ac/0x250
[  278.183342][T11184]  ? rcu_is_watching+0x12/0xc0
[  278.183358][T11184]  __do_fast_syscall_32+0x7c/0x300
[  278.183374][T11184]  do_fast_syscall_32+0x32/0x80
[  278.183387][T11184]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  278.183402][T11184] RIP: 0023:0xf6ffd579
[  278.183411][T11184] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  278.183423][T11184] RSP: 002b:00000000f53ed55c EFLAGS: 00000296 ORIG_RAX: 0000000000000127
[  278.183434][T11184] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 0000000080000080
[  278.183441][T11184] RDX: 0000000000086400 RSI: 0000000000000000 RDI: 0000000000000000
[  278.183448][T11184] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  278.183454][T11184] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  278.183461][T11184] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  278.183476][T11184]  </TASK>
[  279.003333][ T5943] ------------[ cut here ]------------
[  279.005306][ T5943] WARNING: CPU: 3 PID: 5943 at net/bluetooth/hci_conn.c:567 hci_conn_timeout+0x11a/0x210
[  279.008313][ T5943] Modules linked in:
[  279.009737][ T5943] CPU: 3 UID: 0 PID: 5943 Comm: kworker/u33:4 Not tainted syzkaller #0 PREEMPT(full) 
[  279.014816][ T5943] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  279.018248][ T5943] Workqueue: hci4 hci_conn_timeout
[  279.020288][ T5943] RIP: 0010:hci_conn_timeout+0x11a/0x210
[  279.022391][ T5943] Code: 00 e8 8a 49 61 f7 4c 89 f1 4c 89 e2 48 c7 c6 a0 8d d8 8c 48 c7 c7 d8 f8 7e 90 e8 f1 ff 7f fa e9 4d ff ff ff e8 67 49 61 f7 90 <0f> 0b 90 e8 5e 49 61 f7 48 8d bb f5 f6 ff ff 48 b8 00 00 00 00 00
[  279.029477][ T5943] RSP: 0018:ffffc90003bd7c20 EFLAGS: 00010293
[  279.031508][ T5943] RAX: 0000000000000000 RBX: ffff888073b68948 RCX: ffffffff8a5a8a5f
[  279.034443][ T5943] RDX: ffff8880229aa480 RSI: ffffffff8a5a8b09 RDI: 0000000000000005
[  279.037034][ T5943] RBP: 00000000ffffffff R08: 0000000000000005 R09: 0000000000000000
[  279.039590][ T5943] R10: 00000000ffffffff R11: 0000000000000000 R12: ffff888073b68000
[  279.043128][ T5943] R13: 0000000000000000 R14: ffffffff90838934 R15: ffffc90003bd7d00
[  279.046546][ T5943] FS:  0000000000000000(0000) GS:ffff888097ae7000(0000) knlGS:0000000000000000
[  279.049456][ T5943] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  279.051725][ T5943] CR2: 000000000c2b5cd2 CR3: 000000006c089000 CR4: 0000000000352ef0
[  279.055083][ T5943] Call Trace:
[  279.056192][ T5943]  <TASK>
[  279.057183][ T5943]  process_one_work+0x9cf/0x1b70
[  279.059004][ T5943]  ? __pfx_hci_cmd_sync_cancel_work+0x10/0x10
[  279.061377][ T5943]  ? __pfx_process_one_work+0x10/0x10
[  279.063431][ T5943]  ? assign_work+0x1a0/0x250
[  279.065284][ T5943]  worker_thread+0x6c8/0xf10
[  279.066753][ T5943]  ? __kthread_parkme+0x19e/0x250
[  279.068349][ T5943]  ? __pfx_worker_thread+0x10/0x10
[  279.070003][ T5943]  kthread+0x3c2/0x780
[  279.071741][ T5943]  ? __pfx_kthread+0x10/0x10
[  279.073375][ T5943]  ? rcu_is_watching+0x12/0xc0
[  279.075205][ T5943]  ? __pfx_kthread+0x10/0x10
[  279.076790][ T5943]  ret_from_fork+0x675/0x7d0
[  279.078298][ T5943]  ? __pfx_kthread+0x10/0x10
[  279.080028][ T5943]  ret_from_fork_asm+0x1a/0x30
[  279.082116][ T5943]  </TASK>
[  279.083314][ T5943] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  279.086155][ T5943] CPU: 3 UID: 0 PID: 5943 Comm: kworker/u33:4 Not tainted syzkaller #0 PREEMPT(full) 
[  279.089121][ T5943] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  279.092569][ T5943] Workqueue: hci4 hci_conn_timeout
[  279.094215][ T5943] Call Trace:
[  279.095325][ T5943]  <TASK>
[  279.096275][ T5943]  dump_stack_lvl+0x3d/0x1f0
[  279.097853][ T5943]  vpanic+0x640/0x6f0
[  279.099432][ T5943]  ? hci_conn_timeout+0x11a/0x210
[  279.101431][ T5943]  panic+0xca/0xd0
[  279.102931][ T5943]  ? __pfx_panic+0x10/0x10
[  279.104409][ T5943]  ? check_panic_on_warn+0x1f/0xb0
[  279.106059][ T5943]  check_panic_on_warn+0xab/0xb0
[  279.107681][ T5943]  __warn+0xf6/0x3c0
[  279.108931][ T5943]  ? hci_conn_timeout+0x11a/0x210
[  279.110716][ T5943]  report_bug+0x3c3/0x580
[  279.112110][ T5943]  ? hci_conn_timeout+0x11a/0x210
[  279.113735][ T5943]  handle_bug+0x184/0x210
[  279.115560][ T5943]  exc_invalid_op+0x17/0x50
[  279.117037][ T5943]  asm_exc_invalid_op+0x1a/0x20
[  279.118721][ T5943] RIP: 0010:hci_conn_timeout+0x11a/0x210
[  279.120920][ T5943] Code: 00 e8 8a 49 61 f7 4c 89 f1 4c 89 e2 48 c7 c6 a0 8d d8 8c 48 c7 c7 d8 f8 7e 90 e8 f1 ff 7f fa e9 4d ff ff ff e8 67 49 61 f7 90 <0f> 0b 90 e8 5e 49 61 f7 48 8d bb f5 f6 ff ff 48 b8 00 00 00 00 00
[  279.129162][ T5943] RSP: 0018:ffffc90003bd7c20 EFLAGS: 00010293
[  279.131705][ T5943] RAX: 0000000000000000 RBX: ffff888073b68948 RCX: ffffffff8a5a8a5f
[  279.134718][ T5943] RDX: ffff8880229aa480 RSI: ffffffff8a5a8b09 RDI: 0000000000000005
[  279.137245][ T5943] RBP: 00000000ffffffff R08: 0000000000000005 R09: 0000000000000000
[  279.140389][ T5943] R10: 00000000ffffffff R11: 0000000000000000 R12: ffff888073b68000
[  279.143865][ T5943] R13: 0000000000000000 R14: ffffffff90838934 R15: ffffc90003bd7d00
[  279.147015][ T5943]  ? hci_conn_timeout+0x6f/0x210
[  279.148927][ T5943]  ? hci_conn_timeout+0x119/0x210
[  279.151187][ T5943]  process_one_work+0x9cf/0x1b70
[  279.152945][ T5943]  ? __pfx_hci_cmd_sync_cancel_work+0x10/0x10
[  279.154848][ T5943]  ? __pfx_process_one_work+0x10/0x10
[  279.156689][ T5943]  ? assign_work+0x1a0/0x250
[  279.158350][ T5943]  worker_thread+0x6c8/0xf10
[  279.160106][ T5943]  ? __kthread_parkme+0x19e/0x250
[  279.161981][ T5943]  ? __pfx_worker_thread+0x10/0x10
[  279.163716][ T5943]  kthread+0x3c2/0x780
[  279.165271][ T5943]  ? __pfx_kthread+0x10/0x10
[  279.167231][ T5943]  ? rcu_is_watching+0x12/0xc0
[  279.169231][ T5943]  ? __pfx_kthread+0x10/0x10
[  279.170927][ T5943]  ret_from_fork+0x675/0x7d0
[  279.172427][ T5943]  ? __pfx_kthread+0x10/0x10
[  279.173940][ T5943]  ret_from_fork_asm+0x1a/0x30
[  279.175606][ T5943]  </TASK>
[  279.177449][ T5943] Kernel Offset: disabled
[  279.179110][ T5943] Rebooting in 86400 seconds..

VM DIAGNOSIS:
08:29:26  Registers:
info registers vcpu 0

CPU#0
RAX=0000000080010001 RBX=0000000000000001 RCX=ffffffff8167c56e RDX=ffffffff8e097a00
RSI=0000000000000000 RDI=0000000000000001 RBP=0000000000000001 RSP=ffffc90000007fe0
R8 =0000000000000001 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000000
R12=0000000000000000 R13=0000000000000000 R14=0000000000000000 R15=0000000000000000
RIP=ffffffff81bbd470 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880977e7000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=000000002fd21ffe CR3=0000000074456000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000000000000 RBX=ffffc9000e20fb68 RCX=0000000000000000 RDX=ffffffff9addb280
RSI=ffffffff8bf4a680 RDI=ffffc9000e20fb80 RBP=ffffc9000e20fba8 RSP=ffffc9000e20fa98
R8 =0000000000000002 R9 =0000000000000000 R10=ffffc9000e20fb40 R11=0000000000000000
R12=ffffffff9addb280 R13=0000000000000000 R14=0000000000000000 R15=0000000000000000
RIP=ffffffff8197d976 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff8880978e7000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000000080027000 CR3=000000004ec9f000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000008
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000d000000000 0000000300000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 2

CPU#2
RAX=00000002000008fd RBX=ffff88806b64a480 RCX=0000000000000830 RDX=0000000000000002
RSI=00000000000000fd RDI=0000000000000002 RBP=0000000000000010 RSP=ffffc9000e13f588
R8 =0000000000000000 R9 =fffffbfff2106b1a R10=ffffffff908358d7 R11=0000000000000001
R12=1ffff92001c27eb2 R13=0000000000000004 R14=0000000000000001 R15=ffffc9000e13f5b0
RIP=ffffffff8169ab68 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff8880979e7000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000008f000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00007f0ab19225d0 CR3=0000000076a62000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 f700585858585858 2e7a7973f73e5ff4
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 f700585858585858
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff 0f0e0d0c0b0a0908
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 3

CPU#3
RAX=0000000000000064 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff852ca415 RDI=ffffffff9adeae20 RBP=ffffffff9adeade0 RSP=ffffc90003bd7590
R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=0000000000000000
R12=0000000000000000 R13=0000000000000064 R14=ffffffff9adeade0 R15=ffffffff852ca3b0
RIP=ffffffff852ca43f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff888097ae7000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000d6000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=000000000c2b5cd2 CR3=000000006c089000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000038000000000 0000000800000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000