last executing test programs:

7.382538296s ago: executing program 0 (id=9133):
socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000000100)=0x9, 0x4)
socket$inet6_tcp(0xa, 0x1, 0x0)
syz_emit_ethernet(0xcb, &(0x7f0000000300)={@local, @broadcast, @val={@val={0x88a8, 0x6, 0x1, 0x3}}, {@ipv6={0x86dd, @udp={0x0, 0x6, "1600", 0x8d, 0x2b, 0x0, @private1, @local, {[], {0x0, 0x0, 0x8d, 0x0, @gue={{0x2}, "ed96bd1842a546758a49c805115c6e0b104fc0d3fba711b3adc6eab9d3e18100bf62cd79391147ce41d1d7a28cf8782fcc7212e9a0240f6efb2d6fb6117f034a5051b1c6cbfc2f299f257d692e809d8e538940e02d72c64dad849d0e2af6f4c7168113a990ea962efa597ab1afe74853b937db8bc42c11109108000000"}}}}}}}, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
connect$l2tp6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @remote, 0xa}, 0x20)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r2, 0x10e, 0xc, &(0x7f0000000040)={0x80}, 0x213)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text32={0x20, &(0x7f0000000180)="66b80e010f00d0b0060f21a20f01c40f009b2700000066b80c008ee00f3235008000000f30b80e0000000f23d80f21f835800000a00f23f8c9b9490300000f60b932c00a00b9730200000f32328fe858b660002fb90d090000b800680000ba000000000f30", 0x65}], 0x1, 0x0, 0x0, 0x0)
close(0xffffffffffffffff)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(0xffffffffffffffff, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
connect$bt_l2cap(r4, &(0x7f0000000240)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe)
r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5)
bind$bt_hci(0xffffffffffffffff, &(0x7f0000000000)={0x1f, 0x4}, 0x6)
ioctl$AUTOFS_IOC_CATATONIC(r5, 0x400443c8, 0x20000002)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000140))
ioctl$KVM_RUN(r3, 0xae80, 0x0)

7.042030016s ago: executing program 0 (id=9135):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = getpid()
process_vm_readv(r0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x200000000000005a, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/diskstats\x00', 0x0, 0x0)
r2 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000200)='/proc/sys/net/ipv4/vs/drop_entry\x00', 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000440)=@base={0x5, 0x4, 0x8, 0xc, 0x0, r2, 0x0, '\x00', 0x0, r1, 0xfffffffd, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x10, &(0x7f0000000280)=ANY=[@ANYBLOB="050000ab6d8327000000000000000000181100ff", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000002000000850000008600000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff000000c29c39f200bfa20000000000f8ffffffb703000008000000030000000000"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r2, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r5 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$inet6_opts(r5, 0x29, 0x40, &(0x7f0000000340)=ANY=[@ANYBLOB="000a0000000000000730000000000a000000000000000000000000000000000000000000000000000000000000000000000000000000000000000720000000000600"/83], 0x60)
r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f00001f0000), 0x0, 0x0)
ioctl$TIOCSETD(r6, 0x5423, &(0x7f0000000240)=0xe)
r7 = dup(r6)
ioctl$TIOCSTI(r7, 0x5412, &(0x7f0000000080))
socket$packet(0x11, 0x2, 0x300)
r8 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r8, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_hmac_sha512\x00'}, 0xfffffdc3)
sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000140)="b57523cb1a2c90d8acad2e2d98dfc9ea7a5843c3b63b683ced2b3266175599b779617e66e6b3e15c042be90635a2d36160bbf9a2edcacc0bbe015b84150a1928de94397894ff36aa430fc2a0814ba634308d6d0837250dfd1eca5383f9d151449743b1a0c4ffc51242a229c5d6d06f147a61d797ea7ffeda95b76f5623", 0x7d}, {&(0x7f00000001c0)="66f7", 0x2}, {&(0x7f0000000300)='l', 0x1}], 0x3}], 0x1, 0x0)
r9 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000040)={'ip6gretap0\x00'})
socket$nl_generic(0x10, 0x3, 0x10)
ptrace$setsig(0x4203, r0, 0xfff, &(0x7f0000000100)={0x2c, 0x6, 0xd956})

6.921402668s ago: executing program 1 (id=9137):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x5, &(0x7f0000000240)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r0}, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = socket$key(0xf, 0x3, 0x2)
accept4(r1, 0x0, 0x0, 0x0)
r2 = getpid()
process_vm_readv(r2, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000004c0)={0x1, 0x80000000, 0x2})
socket$inet_udp(0x2, 0x2, 0x0)
socket$kcm(0x10, 0x0, 0x10)
r4 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f00000011c0)={'vxcan0\x00', <r5=>0x0})
bind$can_j1939(r4, &(0x7f0000001200)={0x1d, r5, 0x0, {0x0, 0x0, 0x1}}, 0x18)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="180000000000000000000000ff010000850000000e000000850000005000000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='kmem_cache_free\x00', r6}, 0x9)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
rt_sigtimedwait(0x0, 0x0, 0x0, 0x0)
sendmsg$can_j1939(r4, &(0x7f0000000440)={&(0x7f0000000140), 0x18, &(0x7f0000000180)={&(0x7f0000000340)="aed76e2e", 0x4}}, 0x0)
r7 = socket$kcm(0x10, 0x2, 0x0)
socket$netlink(0x10, 0x3, 0xb)
sendmsg$kcm(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000500)=[{&(0x7f00000000c0)="2e00000010008188040f46ecdb4cb9cca7480ef4100000", 0x17}], 0x1}, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x0, 0x0)
r8 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
r9 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$netlink(r9, &(0x7f0000001f80)={0x0, 0x0, &(0x7f0000001f00)=[{&(0x7f0000002840)=ANY=[@ANYBLOB="140000002700010000000080"], 0x14}], 0x1}, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
write$uinput_user_dev(r8, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ea], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1]}, 0x45c)
ioctl$UI_SET_EVBIT(r8, 0x40045564, 0x5)

6.27085862s ago: executing program 1 (id=9141):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x11, 0x80a, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'bond0\x00', <r2=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="540000001000010400"/20, @ANYRES32=r2, @ANYBLOB="00000000000000013400128009000100626f6e64000000002400028005001600000000000500110001"], 0x54}}, 0x0)

6.121088071s ago: executing program 2 (id=9142):
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa0000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800]}, 0x45c)
ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x5)
ioctl$UI_SET_SWBIT(r0, 0x4004556d, 0x0)
ioctl$UI_SET_SWBIT(r0, 0x4004556d, 0x3)
ioctl$UI_DEV_CREATE(r0, 0x5501)
write$uinput_user_dev(r0, &(0x7f0000000500)={'syz0\x00', {0x5, 0x17d, 0xf1b, 0x5}, 0x41, [0x3, 0x653, 0x8, 0x5c, 0xfffffff8, 0xdbf, 0x2dc1, 0x7ff, 0xcbee, 0xe1, 0xa9, 0x8, 0x8, 0x8, 0x22, 0x101, 0x2, 0x7, 0x7, 0x5, 0x67ca, 0x4, 0x1, 0x9, 0x1, 0x3b, 0x9, 0x5, 0x5, 0x7, 0x800, 0xc, 0x80, 0x18a6d220, 0x3ff, 0x39, 0x2, 0x0, 0xe18, 0x88f, 0x8, 0x9, 0x5, 0xfc93, 0x80, 0x0, 0x80, 0x8, 0x401, 0xc, 0xfffffff7, 0x3, 0x101, 0x1, 0x0, 0x6, 0x8, 0xd, 0xff, 0xfff, 0x2, 0x80, 0x3, 0xfffffffb], [0x9, 0x8d38, 0x9, 0x8, 0x3, 0x81, 0x9, 0x6, 0x3213, 0x3, 0x2, 0x92, 0x1, 0x8001, 0x10, 0xfffff94c, 0x80000001, 0x7ff, 0x3, 0xfffff000, 0x0, 0x3c, 0xff, 0x5, 0x0, 0x6, 0x10001, 0x81, 0x93, 0x2, 0x2ef9, 0x80000, 0x27cf, 0x4, 0xa, 0x2, 0x3, 0x7491, 0x1ff, 0x7, 0x6, 0x6, 0x5, 0x7, 0x5e67b86, 0x6, 0x3, 0x4, 0x2, 0x73ad932, 0x9, 0x0, 0x9, 0x6, 0x2, 0x9, 0x8, 0x2, 0x9, 0x10, 0x54000000, 0x92, 0x80000001, 0x4], [0x9, 0x4, 0x5, 0x5, 0x4, 0x8000, 0x8, 0x3, 0x5, 0x4, 0x4, 0x3, 0x7fab, 0x2, 0x3, 0x3, 0x7, 0x1, 0x8, 0x6, 0xfffff259, 0x7, 0x633, 0x0, 0xcf4b, 0xff0, 0xda9d, 0x8, 0x81, 0x9, 0xa35, 0x2, 0xfffffffb, 0x3, 0xbe, 0x0, 0x8, 0x1, 0x91, 0x401, 0x40, 0xea, 0x6, 0x8ec, 0x1, 0x9, 0x10, 0x7, 0x4, 0x8, 0x203, 0x5, 0x7, 0x0, 0xe42b, 0x4, 0xff, 0x6, 0x2, 0x9, 0x1, 0x5, 0x7, 0xbb6], [0x0, 0x5, 0x5, 0x2, 0x9, 0x960, 0x2, 0x0, 0x0, 0xffffffff, 0x1, 0x5, 0x3, 0x1, 0xfac6, 0x6, 0x55, 0x400, 0x5, 0x5, 0x6, 0x3ff, 0x7eec2ea8, 0x3ff, 0x7fff, 0x80000001, 0x6, 0x24a, 0xdbd, 0x7, 0x7, 0x2, 0x15d, 0xfffffffd, 0x8, 0x0, 0x8f82, 0x1, 0xfffffffb, 0xf7539c7f, 0x3ff, 0x2, 0x4, 0x1, 0xffffffff, 0xffffffff, 0x2, 0x8, 0x2, 0x401, 0x10001, 0x904, 0x100, 0x3, 0x3, 0x80, 0x80, 0x9, 0x347, 0x3, 0x1, 0x9, 0x7fff, 0xd6]}, 0x45c) (fail_nth: 58)

6.120845748s ago: executing program 1 (id=9143):
r0 = getpid()
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYRES8], &(0x7f0000000280)='GPL\x00', 0x40000000, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xfffffe3a, 0x0, 0x0, 0x10, 0x200, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r1}, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
process_vm_readv(r0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/41, 0x29}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x5f}], 0x1, 0x0)
r2 = openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
syz_open_procfs(0x0, &(0x7f0000000000)='net/raw\x00')
rt_sigprocmask(0x2, &(0x7f0000001280)={[0x1c0, 0x401]}, &(0x7f0000001300), 0x8)
open(&(0x7f00000012c0)='./file0\x00', 0x6800, 0x1)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r3 = eventfd(0x0)
ioctl$VHOST_SET_VRING_BASE(r2, 0x4008af12, &(0x7f0000000080)={0x1, 0x7f})
ioctl$VHOST_SET_LOG_FD(r2, 0x4004af07, &(0x7f0000000240)=r3)
ioctl$VHOST_SET_VRING_KICK(r2, 0x4008af20, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = syz_open_dev$cec(&(0x7f0000000100), 0x0, 0x0)
ioctl$CEC_S_MODE(r4, 0x40046109, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0600"/20, @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f00000000c0)={0x5c, 0x0, &(0x7f0000000480)=[@clear_death={0x400c630f, 0x2}, @transaction_sg={0x40486311, {0x3, 0x0, 0x0, 0x0, 0x30, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000340)={@fda={0x66646185, 0x9, 0x0, 0x33}, @flat=@weak_handle={0x77682a85, 0x3101, 0x1}, @flat=@binder={0x73622a85, 0xa, 0x1}}, &(0x7f00000003c0)={0x0, 0x1c, 0x34}}, 0x400}], 0x0, 0x0, 0x0})
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60)
ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
r7 = syz_open_dev$admmidi(&(0x7f0000000140), 0x20, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x80383, 0x0)
read$midi(r7, &(0x7f00000001c0)=""/98, 0x62)
readv(r7, &(0x7f0000000180)=[{&(0x7f0000000400)=""/118, 0x76}], 0x1)

5.856395479s ago: executing program 2 (id=9144):
socket$inet_tcp(0x2, 0x1, 0x0)
mkdir(0x0, 0x0)
mount$tmpfs(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000040), 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a14000000000a000000000300000000000000140a000000000000000000000000000009000800fb35b4d5d1000000140000001000010000000000000000000084000a000000000000"], 0x5c}}, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='freezer.self_freezing\x00', 0x275a, 0x0)
ioctl$FS_IOC_SETFLAGS(r0, 0xc0189436, &(0x7f0000000140))
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="180100000000000000000000bb810000850000006d00000085000000d000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='hrtimer_start\x00', r1}, 0x10)
syz_usb_connect(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400011b00000009040000022a3e740009058bff7f0000100109050b362f"], 0x0)
syz_open_dev$midi(&(0x7f0000000000), 0x3, 0x0)
r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
accept4(r0, &(0x7f00000002c0)=@ethernet={0x0, @local}, &(0x7f0000000240)=0x80, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001200)={{0x14}, [@NFT_MSG_NEWTABLE={0x14, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7}}, @NFT_MSG_NEWSET={0x38, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0x3}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0x2}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x21}]}, @NFT_MSG_NEWSETELEM={0x27fc, 0xc, 0xa, 0x101, 0x0, 0x0, {0x7}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x10, 0x3, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0x8, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0x4}]}]}]}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x2790, 0x3, 0x0, 0x1, [{0x15b8, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_DATA={0xfc, 0x2, 0x0, 0x1, [@NFTA_DATA_VERDICT={0x2c, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x4}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x1}]}, @NFTA_DATA_VERDICT={0xc, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffc}]}, @NFTA_DATA_VALUE={0xbf, 0x1, "0b2c0383d37ad1ea4faab5a7dfb2653a9ffde847915f3e284a7c3efc75db1dd9668cb7f61e0b9de0d9f025d4cb86d0760f26c0e419ac0d08a8e2df55848147d2817b11b3a95394ef7c97a9fd054899aeec0ca265c325c502e83f15f0b003bdd6fe9fcfa9988c9a526bf1b33954037bcffe7f285dfdc30ad950347cee6694e95d03ea477b8022d5c7cf0bae3ea8d6650bc31c7db56c2aac46ff4a05f9f3887c8cb128ea50e5ca21607bd48e92b3196ead54b80ebc1f6e4fa9f6f09e"}]}, @NFTA_SET_ELEM_DATA={0x1100, 0x2, 0x0, 0x1, [@NFTA_DATA_VALUE={0xf2, 0x1, "c85a8440f78f02c4d09bd238b5dc4b534ec8b0904af7a6a754f7bc7c9ec088da5bc821dad53bf1e8c622c84beba19d163fd545fb0e099c06986fd4551216634e719b91457740d829576f6ca517871a8b9986be5ad45c9ba4c5f48acaf280fd30f34d14b1e70151a9a00a296d38210fb4a154ba186224a5183948cd7a8bed8f8cb176f52a4e02972bc7814156457449297c08ef240babae3b72b9ea3ff71f968da09afe95677c347fbd34f36a0414cae8306e06d04b6b49b73268f6bcc35ddd8b2ce4fb81d9894ac8d19634d9d227ed238e90755411ffbeefed6ae17f43e2635a6eca4aa0b475346fb2951947e764"}, @NFTA_DATA_VERDICT={0x4}, @NFTA_DATA_VALUE={0x1004, 0x1, "739e51ae0685defe97a8fb77cbd34fd023511143dbe248fb22e9844ec11fff913507fa2b724b6a2ed484a78600a076fd344e2d45996f686d843a1b6113be13cb2234157ff706f57f7e10e1e2c7695f08af41e57da0f60bedff51f78092616082c97fe09a420dbe9d9c7bdae175c30eaddbe3abe414f5cc6003d353bedc60eced58ef6a4fa002a34790399ae3fb30e45f4b9813d51966807e7c36a1ab2815c8e6d3ae44d918ef1a14ccb2a4cbeb5d147511b7d387887fd5b6ea163c91dd58515923c0aa60222068c9095e2ca516f21a2e428eb6a1dc0aea93d4c6dad75e0a929a5312468d7c7b82130a281e521747589eda7683e50607285c57095f906479f245b134e9f180f153a7c9761967fb60cb3479f2c7aeabc98fb74ecc24eadd60bdadd30d998cc4fdb70fcb2d97c3f798850a545285af989df8b02d1f89a179891d02af5d397e2b6490c8e959c9ae152d2dc11fda42d19e65569e756eafd10e1e498f585dcc52448ebe6672404987825731fc540235bce6965b874d2cc6d2871d17066958816b6def509482dda98fb0c4260eb5a3da0cedb741798d8c47a47f01c85334a1ab2a3868d71b0fc2aee184526c375378c5ccf4a388a1d226860067902308ffdcaa5484b97322cb9bfe3ee386f95b8291f9cc70d7c1bc8421c1504a2f2b63fcbc19a43069bc6189ff15dd6e8ad114dba957bad6a5f88a032f34ca0052ba12881a6da37c94a7c25aec71dcc4e33626391c38fdbb6921c1ae99c285b1b293342a35b6248c37f574b3d0a5ae35a53154e1ade0c17ae88b48851f3f9782e686efecd4956712f20cc2fbced3fed5e83bb21cf7459d3881c2162f170026fe7aa7a160718948567c63ee4771e67ba55def6ce06aa0a7348d8ae04ff68f0ba682e867034e2ea70750c4300bf5b2c773fd1a4c55979e1bdad55cd5ce9e3fbc4dc38f4842ca22d213e236bf896e6f0e0ddf0a7895191e4b204455d76d07424042e4d436b7331308d9b341241cad07fcc3763dfeebabc1be49501a76f61f5ada9ecf73514bede199cf131e52f51f05bc812e8f77fc1092320ab1e738972aab3df23771a5c220836fa9f1b9c43ca7fb1f2814c7ccc95ca1f622514b92d9977e4e35163d5ae6e47d5b1e24332b20da3fd877cbe0d5c3e0d7922e76cbca3b8da703b9c8408566283a5c3cfcfb9670a37156dedb85606570b99c6f3b4f63cc5a5e3778c72eede706e8c58f8b288b8c497efc86c9ae2094271f3411e634b2ba6c5cc4db620ac37a7af765a4ec9c550ee7ba86a42b8c3db988fec744ff00f24f94962c509000caa98e16c97f6b9e462f984c54e97b84af23859cc1386a81ac2e39407e2d576e62d5616c63dadfaac717b68fc59874e12939eceffa9e343a8f51e37f8e19da7ca7576d162eae99e59c539fae0a9fc4de29f526face50108cacdf3dc384be4982c318a83acb9ae1ccf7fa450b2f905f6ec41d88ec781332928ceac3a762af4b1dc7a974b026af9574162dd8d561d42e72bfebdfb0ed32dfe0b74de12b8908a32fdd92dd8408fcead754ca506b168e8bdc1c2ebde211023487ffc5a56e72a899ed0d7ad313353017feaa4f3d37231baeee67091f04a42eb14dd7254ece30ae19fed8564a4cab6b075be782601a916a0db6ec705a3b714d303422754d7e3c6d2a1b78124ff010ba51c2fcc022936b158c431cc1ee2b4e4a4181cd5d30be4ace911ce420accdf33d9c58c81e15b5e6db1cc44fcd7609a0f064c0fabea6c1354781dbe5786794f74a6365468404abf28b3426d13ef588f1030b6fb43a925bfcce2f0d21f418f80db187d0161a4e4bd164c9c218dd36f35a0ff0b83aff3d864e14649525f73190c52b5457af39f1bf6bd9ed4a09726a32f977c90b6a3588b274314880bdadcd7980015132d6d6529eacb8971a2bed24108fb9e4236e7e758d5d4dff309e3cb22c8c02bcf8c3a6c0c597867065b76a1bca36877ba9d742cd8b6c3a5808d44b867b22c861dc6db2642746fc8feec2b92ddd7b2237d296752a64d35aaa921c14abb6776e48c7a5c6e6a45d17f28a81e8cceb604c0ab48e561f5a0b33437a2a22a9b3bbd973cd0e17dc2c44147cb2b00c40e1dfd9724e13347ad99148e6e03ecac4dbad8c8db9cee2792c6561d4bf946e762fd9f74b55b4db1a31fc838cfed05f55bf085da2519f4c87e6457753de31a690d931783233ff505bcc7928d32c987a499acd39bab8d0f08e031ec2f58ece12e72b2ffa66e4a993b87fd9465594a2768998e1935c665f09e49352380f7276e4a79bc9908efd111399d75cf63b5a32d327efab7186db1eb48aa41dbdbcc34e26282a40bf9548e3864e2375e3a3380f2b1a417accfb92d7b0182f609bac18f4b4fc74ae01a918294fddee30ea2b6c809f3e36d966f98b9ce6e040f25e36c7c1daf7bcb8acf5478c4b34584cf605000454fc021b774ab404cb8e4375ba21aa834a264de26c274af35de60cdb5e125508fa58ec4de63459d1734f0c439effd35098053628dec1af2e1c60b6998f7d4cd1e35e87e92ab94715d76f864688c7a8bfbe8ba30a4ade70aecf0ad1b5d79338ffdd738317cdd0fb51140641a895ec23f90e83ea8b32f9b57676b2c44aa09dda0636a7df76925fac68ad3eab0b0d6d27d397ff7b9cec0311a1f165e062814631668edcb54d5161a5185f5f6a3b25b8533869c782ff9b29c0db5c3ad9b88252e2bb7fb7ed5695164481d446b9fc622eacab795e14b843d866c860628c60a91b6ac6c12d7c7600337fef7ced8aa7c704575aa5afcdefbd89680911733e8ef18ed503740684bf75a5b9ee4d10ccdfbd5cbc6a1f1f3389972122f6d157fa7dcec2f6f60ac64916444995fd57852c086b4dd40e36d7d30e84b8cacffcd72366ee311ce8fc4f7ca571a5677515c0bdcd8b1afe359dcfbed4f3de479e35317bba8a03f1cb6872477d7d17ed878bfc4fe5328944443fbe525d8a1ce430cced978a8f752bedbdea307719ecc897efa218261f5f32487d6580d6c2e7148783df3a2f970b3d87285607d83f3da25d28d8ab57b56077d7f6680d2e808460f6742cd8920f5150cd810395bcba53f9b16a5f599bae1020f5a2abe6e8bc79c0d73a541f0052f6d02334123fa715aa3770acf3b5c4701b914e6d5df70c04fd449388534a81e222372b81955a3e7699a81c94b691fb4bb4ddfb2c9f474354bd88403c7185af83f56be7846199ff8529f8d20e01b7952ae6b6aaf27f744abf5d73e4da46b51734d8cd744d6cb03a070f55b1b03dc9829db5f3f6e0b808299bb932b2aa6e0db4d38b1e5232a0eb361fa8e2132c78a735db35873cf2b655b3a4c80a4a6d98d7adf887923e9d2b0c3991e4ed577fd831358a63c6c3f2f4130f38c91ae4f8a53ca8a36c3016a7044eab900afdebf60a26c3f640cafc13cb6151b7afec7268f98e83ebed5f554b7a80dbfe7bd674fcb5d56e7f334b5f506c8fc7b66fca70632eaaf9398917579c8121794768e26d16e55f2d6d7aca6722afae2baa264c29d68c55360ba181202b23aa486eaa16a4f2f28f7039355aa1f20394f668377404576d6e144e2d705cb319f5dc5a993e5c86f66ee8dd30a0e5469819dcd7ebf258359b6161b195ac78d86ef5747e3f4cefd265ed7c1c8b3273241a5c6ec370196625efcbbb1172b967fd64787dce54a880c2764eca118ff53e7165298257419eb46a27f675f8d22b91023bcd99fd39c562d09aa143facc96c816713a90f25cb3ea2fa33f2067a64bc2136f9985b4a03e30a5b673c7c2a1a2cee566d8428ad8a8321d71c4b0c6e80c336f5a49de69a436776eb8dfc00c2f329f149ed70af7e2aba262934064e4aa20094a81e3a8b37e07ba137b54c9586bd194bc1d58e4605cf0664d5015f738aa01f2be2a88ed684d83750281e40b968278788939512acdcea08ad1cb859ec28a02dca487bf4f4a62e8de64b0081d256f2212079902b1561a7179b0a6f6c0dfad54d5f785402f870e5c9f4cea5fd17c43e41ad5cf7bfa72c3d2d4431ce6d09f53b6b4087f59d2076c8dad1db6ea1670ee6de50644a8cd3b5795e5f14825d1c07d777a9f0b64afac5014adb522bd215baf7c1e1177868cf6701ea0a985b1d51bc841e335c7ab429f470e6327f925dcd65a9d2b7b1c98353fe652e99eb26a4653e0f4d46ed09df7ea6debd5abc4a7a0e64d24ffeac40eeda673efa3104666d7479e6dcfcb20d869eee53a2b7b93c9cac7aa6e13fd5d901c71ce63ff604f24f835898179990ac8e9ee5e48e77073130b3803a715be1f7b3f9d55c0ec6f9004cff9f6d7c4f2091450a5a3429c40a63905d20de95348344f75be14d24c0d0ea942a63cc6be9429124a193888875e10d3643ba9157685a5b0eb55d338322ca2216b72fe64103e7f18e9a48968c5c7d28d2005f9f5a9b79d75c1097c71e41b8ccb3944e04b20fffb21026679b31bdc5f3003026162bd13b9e83b9a9ea94a4817836fb70827558c06ec05cb4360f0059702cd614d3c65fe91356fb2b9ae3352f3b4374e8fc19a90f3996789e7671560ed7d7cd6491f663a9852f539892255fda2399f7312df273ab75d0b276cd6bf3eb18961a4de67834005b0cac6a2cf69cfbab33070136d818297e345bcb0ff08b5d317e699d75867df724d53c1979165583523daf44537166f07fee4e4d3cd2fa44e5011fe2b96eb62c9140c335146a52f800b1daff21633d42bdc03f4c6cee5c762d701ad78d182dced0e73a6099ed5d874080c0e3c9bd4a10d931938d8493ab410adb8edeb76ed4990a9e5b8451339904d714faa08d6993177ecbf24f25bd59424a9f0a866f252ba01ac771dd8f264c2d2200fb05637594254e86f4af73ef535a8e8ffb39b22fc2407015ec89e17a30deb67a121180145e457643ddb3f66cce93d092425bc75c8df38c0d4be1ecc585d86be3ef94dc4be719e47ff454e36d777bbc3954eef30f09fc144547c460c7f44ef86a42ae5c19c4beb485012d405f662f496898b0e3fe99e1bcc222c0e999dbb201a6ac78dacc7377c6a37c0ac6d3d2a00d60a28194422da7ef4a558d377dd750a2598b06cfa620c3a3202f16e7dc138f94bd2c81e05149165474dd158c52e35ec5a0d8b2ff16b8da4d6fcd2eef00f49ec804010b55259f41c4d306ef8c5b8cab9dfa6afc5af68f75ee14f89fae154dfc952435d945c1ece80edabd4f63e68e33d664f2d6e25877ccd4bc6b0a660517596375cb8c6cdbcfff33f3d4382296a9757145bfd17ab617b3df1a6e73063df769b0c6d9b16c1b9e259196eb94c238258b5764e0470dc74c3013b274e723aa8b88d89c19f5c0bd77859dae29eef997feffb2a7b9d7545bcf78bc61097dc37111647bde8f2664ac02e805afa09c10758ea172ce4194da9cfdc388356099324f98a399cf1b4e6f3e65f8a71a4c0e2026bdf639f491c07407fd9388a1c112e93b58eff6bc97618f03b68bc05f8a4c0d84c7cec29bbe636a088ab74aa04fdd0607a024cd2f3e5e396d0dedaf79794635449446cc6748548ccc160f20131043b2769061acaded145b112320b6a14a0d09f11d5eae7023673c8304aaa83e271a3dc06cabb3f14c7fff101748a41f1d04f7c38c67da34698539a6ec9930c78168cbcdd7a450f01467405f5f12522a9ebfb6af32de8eab67571b0f231cf193d601421b7a601a51fb4f7c397757079580041d7fd7bd99c3a18d7b64d2c61c825d9dce4cf28d8fadd16c0726ac4f8e98faeaf7f44fd7de8df00f3ab2e1892bd363a708df196f33b51a08e1588079d0d4274d5eb81804977963e78a564"}]}, @NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_SET_ELEM_EXPIRATION={0xc, 0x5, 0x1, 0x0, 0x7fffffff}, @NFTA_SET_ELEM_KEY_END={0x2b8, 0xa, 0x0, 0x1, [@NFTA_DATA_VALUE={0xb8, 0x1, "3b26b00d18ccaab73b411276b5ca251f3ea47796d613976e1c9a1db79a8191aace4d4811b84401a17e4a1a77ee8eca6aa64055975a047c189d742bb37b4acca7bd4d640e5b831e91d80b20bdaf213c88599692f8553a36d211f225c8cb43b86a7fa64a8713e0c15ec52546beb3fcebad8e8b16c47a71dc4487965aebbec7f6ddfd53d275aca4cd4f4abd802b484ad2907e731f7bee349e7d05f50c51d28eda7e4065c13729ff60934c94b2355400e593b6406b9f"}, @NFTA_DATA_VALUE={0x2a, 0x1, "3c33f8f5c221eda7b69ed1c0128ff5e00aea84f6c1ad8e88310177835ef2e5a60d4240c27d03"}, @NFTA_DATA_VERDICT={0x3c, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x4}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xffffffffffffffff}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}]}, @NFTA_DATA_VERDICT={0x2c, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffc}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffd}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x2}]}, @NFTA_DATA_VERDICT={0x44, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffe}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffc}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x2}]}, @NFTA_DATA_VALUE={0xc, 0x1, "bee7167c44df2535"}, @NFTA_DATA_VALUE={0x7, 0x1, "da29f6"}, @NFTA_DATA_VALUE={0x4c, 0x1, "c0352018d27fdbf3caa6b307787b9959ca37f8cea89a545d4a4de3b59865e0c1c1353e7a6dfab71213ca5f8acc2a06bcddcbc060f5a7b4de5ea26e618ba41598e74b2cf638851578"}, @NFTA_DATA_VALUE={0x91, 0x1, "adf97eaa4323eea9977c7f868563058a5b9f81702e3557d6e8cee85496dcd562de2d420743fe8aa728107679b8e58767c59a958ebe981e18fcfd99836a427656b81143cdcd4de426dafdb1e376e0c955c29324dcd89de1eeaf8a626bd0d5c73770d7bc4176a46148762ec0876b2a5ed496ab203beaa6c9040069aa6517a98d94b74bf2145e9a3f59a9d6916c56"}, @NFTA_DATA_VERDICT={0x30, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x3}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}]}]}, @NFTA_SET_ELEM_EXPRESSIONS={0xec, 0xb, 0x0, 0x1, [{0x3c, 0x1, 0x0, 0x1, @exthdr={{0xb}, @val={0x2c, 0x2, 0x0, 0x1, [@NFTA_EXTHDR_DREG={0x8, 0x1, 0x1, 0x0, 0x16}, @NFTA_EXTHDR_SREG={0x8, 0x7, 0x1, 0x0, 0xe}, @NFTA_EXTHDR_TYPE={0x5, 0x2, 0x83}, @NFTA_EXTHDR_FLAGS={0x8}, @NFTA_EXTHDR_OP={0x8, 0x6, 0x1, 0x0, 0x6}]}}}, {0x14, 0x1, 0x0, 0x1, @quota={{0xa}, @val={0x4}}}, {0x40, 0x1, 0x0, 0x1, @nat={{0x8}, @val={0x34, 0x2, 0x0, 0x1, [@NFTA_NAT_FAMILY={0x8, 0x2, 0x1, 0x0, 0x2}, @NFTA_NAT_REG_PROTO_MIN={0x8, 0x5, 0x1, 0x0, 0x11}, @NFTA_NAT_FLAGS={0x8, 0x7, 0x1, 0x0, 0xc}, @NFTA_NAT_REG_ADDR_MIN={0x8, 0x3, 0x1, 0x0, 0xd}, @NFTA_NAT_REG_ADDR_MAX={0x8, 0x4, 0x1, 0x0, 0x1}, @NFTA_NAT_REG_PROTO_MIN={0x8, 0x5, 0x1, 0x0, 0x15}]}}}, {0x10, 0x1, 0x0, 0x1, @counter={{0xc}, @void}}, {0x10, 0x1, 0x0, 0x1, @reject={{0xb}, @void}}, {0x38, 0x1, 0x0, 0x1, @fwd={{0x8}, @val={0x2c, 0x2, 0x0, 0x1, [@NFTA_FWD_SREG_ADDR={0x8, 0x2, 0x1, 0x0, 0x15}, @NFTA_FWD_SREG_DEV={0x8, 0x1, 0x1, 0x0, 0x8}, @NFTA_FWD_SREG_ADDR={0x8, 0x2, 0x1, 0x0, 0x4}, @NFTA_FWD_SREG_DEV={0x8}, @NFTA_FWD_SREG_DEV={0x8, 0x1, 0x1, 0x0, 0x14}]}}}]}]}, {0x11d4, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_EXPRESSIONS={0x11b4, 0xb, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, @xfrm={{0x9}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_XFRM_KEY={0x8, 0x2, 0x1, 0x0, 0x6}, @NFTA_XFRM_DREG={0x8, 0x1, 0x1, 0x0, 0x14}, @NFTA_XFRM_DIR={0x5, 0x3, 0x1}, @NFTA_XFRM_DREG={0x8, 0x1, 0x1, 0x0, 0x4}]}}}, {0x1138, 0x1, 0x0, 0x1, @inner={{0xa}, @val={0x1128, 0x2, 0x0, 0x1, [@NFTA_INNER_TYPE={0x8, 0x2, 0x1, 0x0, 0xbd}, @NFTA_INNER_EXPR={0x1114, 0x5, 0x0, 0x1, @immediate={{0xe}, @val={0x1100, 0x2, 0x0, 0x1, [@NFTA_IMMEDIATE_DREG={0x8, 0x1, 0x1, 0x0, 0xe}, @NFTA_IMMEDIATE_DREG={0x8, 0x1, 0x1, 0x0, 0x13}, @NFTA_IMMEDIATE_DATA={0x1008, 0x2, 0x0, 0x1, [@NFTA_DATA_VALUE={0x1004, 0x1, "28371c86a4db4c2b53c8c156091c4e24929fe3b4d8f4a4b6d0cf17e337d3016421879dbc640a138bcfcc716a3beb86d53bbef5412b232d3a2de8e3dc81517c577f2b2d649a3cfe063e53b9ee2166097fbd2975ab21a02115bb7060d0e7690ef7b85e3f9d03c007089c146ee453d8858a64b76dd5909fbecba5d4bdb7764cae86e19b2c71a27b56cb089ae2b210045dae4abc3612357142d6933e4d95805cca6d0c5c6c23b8799c5077ad199da4949ffb2fa4e44558c60af69cfcfada1bad70d2604c1fc011e59a4a821151f128cb4745680201e653da099ee1749d4a3a1a7fa6e589eeef82ad3be46871e8d85bfb8b81436256e8f6e2203fdd5d9aa6748dc4959da42c159a312e6debc8960367b618e51567595957bd34f6780b9f83c7ef93c5f92c0b62249786616879a1e21afc711e4640a935f5ca6e8ac7a9cf89dd12c1bf5597452df06a7eb3934d09510e4b24f5ca2b86fa4b57a263afac10906d0f3e320d957ddfa3a1197c15843dffc32fa050a1201dab6c22f66758ba133607077dd6f6a57ebfc6cb4b685cc7c2465c8d0d392b5b40ae1a7fd935752e66b7dea34b6a7701d765e95221cdaded235e870151eba39654f9a49aeeb3e5cb5ef11985edb130e679b24c5ef1a53326d82058c84d5e4bd2aa91957c154c0fa2f4ef02d09426c611147ab065dec364509d0ab04f68a4e57c07a8529c73a68615da38fe09bf888eba3906d1fbf8dcd9d85956214b27f56678f57a7aa01ce283d0d4f50aade736a4887d18781784170332934a0c7144e1f80f3d1b42ddcd47dea18f9e0c2558bb5c6349729633313aad679b7b2ee4a1e2ebea5267a4f953b0cb58c351de5ac94d2de6b12bd69882f62b71021aacbb34d0d1f14a56d44858e94b2d6874d2c593c1d73fdd82b67faec533c9254f218edcb995ebe7a9e2f40579513fa34498d8e48d6558bfdaeb188618892e1d881de8230893edacf9050b68dc3e0dbd0ac896f90a49e33458baaca28ac754b0b2ca9f0f52699ebb09510a2a9679f1dd4f6c074f2ff977444c0deb481de7f25405f35f7edee2fd2449ebf33b7202b2e51d677abd7500519fc021efedea549fb27fcd9d04ee2c72ff91ccdcf295d8d4b37403911e88428639076014eb9ff4d4c2fcc051f35038a56fd0f382b6668ca07cce658c172a6be7febfc87dc236b8c67aea9998a79c1eb24b3f54b6720e98480e0f09f3793f8717ffec99d2673e78615c2a08f640deb4874008e90a8efb02caf5ca0940802dfcdc536fee5aaac063ed10827144e3da018175d24c240a756f02530261e24e3150db18d71361a898c65b91b18fbdceafb8ec520a318d7c36c499bf8a975b1a319e11cd509b1f887d617b0d813a68e69b2b678ea07ab013fa45db8ab7b9477506f8e75e82d49d73865d3c373adc7a417a8a39265ecce721bd4c4da933a93ec9f6dfba620d9c0dc0e95f25116d1fb866600c544b445a10a2d2b5b391cb04ba4f35d4a5244cf0bd8225bcb0f40b3d51f0695bec18ce847561fa41e8c3c5cc5478ba614c202036d2451ab729ab2c1ecd30fca6738f515c3c24484b93ff78f35820355658b81d3b4d934ce7f29e305b31e9e0b77c92798db5b5ea0f4c5666d7ef2de467329fb9206d21922d9515023b4e21793c39f7954cbba18862f28b1da7c9ff403d4bf30b067d5fb8dd0a7e82e703c5391ba242bcd1671173f189ad700c580afb96691829a2b484a8a7c7b36c46cb2bec22e867a199f309d3abc9f0df46ce29beda08e94520287646c46b2aab4595000bf1df904077da16c4c60080d012c108a6d34914117753ffaaec69d6c61bcc475de38bb4681904e9fff71d30d90419c3b04340ad05f0fc9b692665655b6b140cb8d490af76561a54fc16990061138c80eae1a03926bacc9348ec95eeb7244b325ab785950c13714448cd9d4712a6db43314d4633b1404a2679e8fd12cc15f8474da756ea85fa2de26b209b67a2c17ab92b67f184f38e7854a9bed24917b8cb3f658ad703933bd6d4ad32a9647a8e52788c613af9c0130ff2594fdcdd25b54f651ef2898b47c2798cf800eb1a887561424d511b8fdb8f38a68ad54db3b5674c37bf82d772013331af87729d91bcacc7f828c9755755fb43b36cc1bc4c61232aa82a3f4fdb366a2b9ee549176d8c8e94c751e609b6a4a11f72dc2057b20f8de070c1922654459ff489c444abf36d2236fde56eb0dc4f88a2824b7a049e6b41eab4ef17d2e127b603f6e045b01d1ea3e01a04a032128413c9a0b1384ed4dcdb54070b2407ff060ddb8adf9695c897f6ee4112151a933119d45aa36ede0a67cb0d3b5086988a8dc2e21cdc2c7ac91787652e1bf3cca2da427c529e1c15a7a4f3b2e3151880c00868f07395918297166c3085a1b2aaf7396581f18bd7ddd58248bf4e1e00f18b56fc38583ded4e54d17ed584bc76aaa7c69455c673ea9f1b75b95f41facae4951c904422b5d72cb48ba594309ff12290926e55c4dc1c889fcd0bce403562c00ba4119ccc155f4cd9f32b236ae676325be1b3c9e37bf0c899559054cde3f428c6870cb3936465cdc7bf6898db062baa4ff7f9249c308bf8173a394e221fced551754291752d146be3e4396ba98ff8011702502c4aba4b705c63b4a3ec0ce33173895e298e66b2b81ee69ee4fada55381977590c8676496c5ce4643e4c259ec982ad3503d352c09fb80e808ebd7e90339d7b8a5d4c434291d5342b931e02aba242f8f4967869381c76ba31749cc4b551a67ad4fc385f2b8039bc619f8b3c2647b70baba9c9be291ff07c5d8cf09c6533a3cca023b1403b001b6ac9c5222c136130a1f377c0e70f5141ddef738ba9eb4ed72495e5ede08720446c56e5fabb76f4b5cb684303f78680032e20835ba26f5c801eb303f61bf13d728e4391425c70017a1d5b3fc1e4660a500fb6d3a21ffe830455c0b23e68b219832f0ba0575edd9dab8229a9ab0fce1db5c4013176eb95252b4cb9f5fe36e960cc070fe296e9ded337812eee1294d2b9fdebf77bf5d2159ad614a9d105afbe65c8acc60ea58d00a97eb86be2d0cb223cda7f1a6223bad57a180b4fb84e4e565e0afaf9347ed551725b547f803e91f460b079154698be34be2655c29548b0b70cf9520e387fc0ccb458b3565fdccff5f41730aaa3b1a056ba79d1df064d389d3486bb8a99dc7634efc165aebd00debb0517a2cff7e015f8b53c721e4615ddfcb6f6348fd388a329ac574014087b7f631f37b09cdb86ac656e2e1b4c59cfdad45c034bed6fa25b93fbb27d570b41e36a460ef064c74db80717c70f7221b3ab8382800a6ef8ce6c0394a09599e268159566a428c33c3f49806e301ad8ed86c8976debc0924266d8aca0ca3ce9850b5e83c354f82a79c80c1c3ab5ea4b1169025c6b0e8d40c55fe9fbdc22e2c83c356b7c86243045a215d0374fa177dd07135cc33a7713cd3d82f19027ef5a9cc5e563b93a434465a3c376d66874ab80c93b8a0151c3641c01527cf0a747847e51fcfa69d6f397360912d4f9e52cb1bfdcd5253b52d87c6ef7c84f69d967afd5b3580ed75543074947186ca9d26b4bc3fa00436f903a4336eef98bb83aae300996af4efa727027a92c983ef5cf262c3c4d68a6ff9cdb984f2717adf41d79d9c41618f8f9c5d961d8de0b078e37c753a0084c7ce486b1d7b586f4601a37b9bb863308c2fdc45f6f7df9a1babbdab8357a87c3f036d9d2fb0ebdf7b63e363a985ddbe40c489a9c0b43ede4d6342dbf7d40dfa1fc9bf55197896cd6390d9657102a0cf6d00cad7ac561e2e55e6c0031e29406a5e88400b530d19d01f36ee3d2ca218816e17978fe784443291717bb74a9509afccfc486415326fb8ca2490eeaa29a925e0e44ff3dbbe011d46817c6bcf0568400ba5f3183baa6dc96127e779e979490a7f86215d1f2de91b19eca82e4b7672302ae6ce14f3d3bc71d69df0526eacc018cf4a31f0a4f8acfad2e49de9070c65147675af4c57e5f28ed64f34d827c8b181c5e9a17cc863c01c86e686def59e0124eb52c808063fab45540f74f9c7610a1e60781fc2881cf969cec1656aad8019c110478f3f9ef43069ccb66121acc3df506260f6d896fd694695d256c5187f22db6b9694ce68a7ae64878d2e7aa168981c30c43a9e6b55fd725de51d4a5ca32deb879528cb7e9bd2f4fe8f20c95cbc5fd1c3a4e2928786d11e682619efeaab7a750ad4f643991baab1cd5b7e1f85d2e5bf97f93187e6cccef07a8dcfff935b40495bb79528c7d813ffbd0443aa8852d8cf07d418462c95cbcadce621fef7b9ea7ed6b32d9289f30618342c6badd807c4d87bce9b025b5e0ff3df4d254b0a7b4088c8e4667842651dd4b9dd691630fc2c24bb13d4e8cfb8872fde64a1fff4259603d57b172943a7d04513147d01dc40d3820250b7087c9ab1321ff12629a607110e45698bb405f6fc9225426c487b36fb1ea0b77e91aa31cdb44929a8c3e5719a69c06c3ea06d996ee425e7b9f46169d0a25af7e42adbe6885edd7af9a3a4b1ed6fda892f4819b3c533840160a8f2bfe3aa1b53eb2fc35e25fe90ac3ab41105289ed52132124373664c724b89b375c859cb39948eb707d7e9e825102775f383dd0589475e4b008d9a328153f340f2342abd4a168f418ee60669e67d0761c3d8bd274757df6b433665eaf1cb134ea1003b58866e431516de359789bfd3a632d1b781d4b422a034cb06da28702bdf74b3a1216d08d83236438264563639382ba93c27dabe3c10832d81e847b5ee9b693d301599f6d826573cc2ea31bb42c8785e810e78d075badc391c97d0004394c6761fd058876a20bca2e1cf86c33b7354d04b61845ff3c6879cb094038e01d09ca6f3604361e907042db5e5caacb6af92628ecc05230fea6a872bdc5e4264b114aec05de7fa4bb755131d9404e96c0e291c70f3f1aa838a23f3b7f2a4f1dde787f0659affcc09d90fbcba0c2ed910a222a893c551de52e75ea63c7165539ad8de8b901dc9b3e5b9a10dffe817aeae4ff4102fa25272d20ddd51db04f90746642e23aa80dc39ea66f21454de011bbafdfa2b75462d7cb1dc20b19ff2f307cf698928814f8b064c197d03bb8167f86fbf3ab4fcfcd90221a01a4a434f68a9d0b18af46843fbe2f458a65ef85ece69b4d64553ac06c8b78952295d4507069d591ad04d26fccd03e2d108ec3cfbd4f54b5e1006fed8c4beffac95ca77ab9cefd97c6f710506856938b38f0ebc9f08a58df5f632aad8db5a9b2cbee472c90a47ae92e065e4912cbc3b8c852bb94bdd846c1ab825bd05c763ae41be41a532e67131d735142b21ab603c2dcbe1a8012c4dc5b359225a26073e7c77727e90dfe3d8cd721c035afebd45f93edde70509fc5ef73f8abbfb7aa6f90c0f7d764173f97847910fd7ca3b063d92955c03407ba123cb676946b27fb20e4c3dda5860c7299acf20b653e6bedabc33c9a41aa9c5131a7dc2fd662e1a96e9515ca707464ce55b3961f3556237136843a08620b429bc700ba48a482baf9bdb5e479f1c39ea29d1b855d680ac32751bdca0305ef4ceb6ea439bfc87cf0bb0efb4179c1fb6557bf0d4b001c1285bd19cf135f0283eddd1c6280515aba8efc4b179bbe100e70454e730f723365834cfb380e25981deb4845d0016e171646d61a27707c5a1b3894c11293280d806158d21946af490112c0611e486b78085af71af36b3ca7c85ab8f2e1e625a4c829d97e035809528646b8caa885fe4aacf5021cd3063b609b3634c51100bee5b19d364e2b061129b0a466d5"}]}, @NFTA_IMMEDIATE_DATA={0xdc, 0x2, 0x0, 0x1, [@NFTA_DATA_VALUE={0x6d, 0x1, "91405e56d8f0b4357dee1b24bbbe75bea84649f904a4cf1d94a19488d3da3826fd09c1f18adf34c4e9d83f7ce7ca2f26a96ff5deb83ab3d821307b4b9e57621025125ad3102d429c834c8f7d97632406be3ea4af5d4dfa2814bc6d9bf36e7fd61d051e7d68653ccb47"}, @NFTA_DATA_VERDICT={0x24, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xffffffffffffffff}]}, @NFTA_DATA_VERDICT={0x20, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffc}]}, @NFTA_DATA_VERDICT={0x14, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x4}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x1}]}, @NFTA_DATA_VERDICT={0x10, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}]}]}, @NFTA_IMMEDIATE_DREG={0x8, 0x1, 0x1, 0x0, 0xa}]}}}, @NFTA_INNER_NUM={0x8}]}}}, {0x10, 0x1, 0x0, 0x1, @redir={{0xa}, @void}}, {0x24, 0x1, 0x0, 0x1, @tunnel={{0xb}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_TUNNEL_DREG={0x8}, @NFTA_TUNNEL_MODE={0x8, 0x3, 0x1, 0x0, 0x1}]}}}, {0x10, 0x1, 0x0, 0x1, @tproxy={{0xb}, @void}}]}, @NFTA_SET_ELEM_DATA={0x1c, 0x2, 0x0, 0x1, [@NFTA_DATA_VERDICT={0x18, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x4}]}]}]}]}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0x2870}}, 0x0)
ftruncate(r2, 0x8208200)
r4 = open(&(0x7f0000000780)='./bus\x00', 0x14117e, 0x0)
mmap(&(0x7f0000000000/0x600000)=nil, 0x604100, 0x7ffffe, 0x4002011, r4, 0x0)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x8000, 0x0, 0x359, 0x0)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(0xffffffffffffffff, 0xc00464b4, &(0x7f00000011c0))
r5 = getpid()
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r6}, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
process_vm_readv(r5, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
syz_open_dev$usbfs(0x0, 0x77, 0x581280)
open_tree(0xffffffffffffff9c, 0x0, 0x9801)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x1000006, 0x13, 0xffffffffffffffff, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)

5.68209604s ago: executing program 0 (id=9145):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001808ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) (async)
socketpair(0x0, 0x1, 0x0, 0x0) (async)
socketpair(0x0, 0x0, 0x0, 0x0) (async)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xc, &(0x7f0000000b80)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000b40)={&(0x7f0000000600)='kfree\x00', r1}, 0x10) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0xe, 0x16, &(0x7f0000000940)=ANY=[@ANYBLOB="61158800000000006113500000000000bfa000000000000007000000ee0016055e03010000000000640500000000000069163e0000000000bf07000000000000260507000fff07206706000020000000070600000ee60060bf500000000000002f650000000000006507f9ff0100000007070000cddfffff1e75000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000001500000000000000950000000000000032ed3c12dc8c27df8ecf264e0f84f9f17d3c30e32f1754558f2278af6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd3997f9c9c4f6f3be4b369289aa6812b8e007e733a9a4f1b0af3dda82ee45a010fb94fe9de57b9d8a814261bdb94a05002000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546cad3f1d5ace0600006e7c955ccefa1f6ab689b555202da2e0ec2871b4a7e65836429a527dc47ebe84a423b6c8d345dc0da3085b0ab71ca1b901627b562ed04ae76002d4519af619e3cca4d69e0dee5eb106774a8f3e6916dfec88158f0200000000c8fb730a5c1bf2b2bb71a629361997a75fd552bdc206438b8ef4901fd03c16dfda44e2a2235c8ac86d8a297dff0445a15f21dce431e56723888fb126a163f16f920ae2fb494059bba8e3b680324a188076eb685d00c4e9b2ad9bc1172ba7cbebe174aba210d739a018f9bbec63222d20cecac4d03723f1c932fb3bba54b3a6aa57f1ad2e99e0e67ab9ff16d20000009f0f53acbb40b4f8e2738270001562ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb4000000000000000000000000004000bc00f679629709e7e78f4ddc211bc3ebe6bd9d42ca0140a7afaab43176e65ec1118d50d1e827f3472f4445d253880800000000000000690884f800031e03a651bb96589a7e2e509bcc1d161347623cb5e7ac4629c8ab04871bc47287cd31cc43010000007b40407d000000210000000000000000005f37d83f84e98a523d80bd970d703f37ca364a601ae899a56715a0a62a34c6c94cce6994521629ab028acfc1d926a0f6a5489af8dc2f17923f3c40dfd1970a55c22fe3a5ac000000000000000000000000000000c1eb2d91fb79ea00000000815266b2c9e1bfadc7498e9dda5d000000bb0d00000000000000000000e4007be511fe32fbc90e2364a55e9bb66ac64423d2d00fea2594e190deae46e26c596f84eba9000000000000003cc3aa39ee4b1386bab561cda886fa642994cacd473b543ccb5f0d7b63924f17c67b13631822a11dc3c693962895496d4f6e9cc54db6c7205a6b26f92121ef53e553acdf42068fff496d2da7d6327f31d7c8cc5d325c5379b0363ce8bd1f61b007e1ff5f1be1969a1ba791ad46d800000000c7f26a0337302f3b41eae59809fd05d12f6186f117b062df67d3a63f3265dd1410eea68208a3f26b2989b832d8b34a34a4f08b34b3042065acaa10856e858d27adee7daf32903d3fc78700d429a2d4c8b6d803eb83eecfe4c7ff9e6ab5a52e83d089dad7a8710eec53f1b11cced7bc3c8da0c44d2fbf9f6f3ff3be4d1458077c2253b0c7c7a0a9fdd63bf910dc20e5cb2a88e59febc47f1212a21f631dbaa74f22bad050e9856b48ae3a03a497c37758537650fe6db80300c41fdc3d78e046f6160e1741299e8dc29906870e6431ed1eab5d067a183f064b060a8ec12725d42e3a74863d66bee966b1574f8e01b3f34a267ff0afa1e1c758a0079b747067312e9815a21cb3f1f8150d999d788535a4d3114dbc7e2bf2402a75fd7a55733360040855ed5d1c0d634fc5fb38f8709d87b27f8a5d9121fdc058447b728f134f72062fc4b1ca0780b1a7af137ff7b4ff139604faf0453b65586f65c7943d56b52f06c870edf0c5d744b5272b44c23480b2bdbff947c4dfa108cbb88202eeb81f428a5b3c299848649e1a6bff52f657a67463d7dbf85ae9321fc2cc17dc4a29b9cba8ded5de8206c812439ab129ae818837ee1562078fc524b3baf49a0be9bb7d958d5e87c6c09bf71a894bad62934782cc308e936d7637e07c4a2a3bc87b0da20000d9ef418cf19e7a8c4c328be0ce91798adc2dca871073f6bd61940aabc86b94f8cbde4d47060400e722a6a2af483ad0d3415ed0f9db009acaba9eaea93f811d434e00000000000000000000d154672fea96aedf346279ec00000000000000000000d535d41b0067f01e2e54b9154d876020b669640ead4ca44631fadf7c4ac39a1b331dbdcd52b36df021b731ef1f92330d347f88ced5c1aaadbcdd8d2257e3a9a7c7494fadf9be36f7a2334ee6e9446fa1fd486f85d672a77dc5bd21463994d49f12016305a1e394d292b66840fe32b40ad665d241a8b8a32b3100450c32832789aa8a096f41201b585cd76631c88cf958e9e9047f5af1730c5e83db12460a0768fd4b62be6c41eed307048bac8d1f7f164574241e06027654b248dcc38749eee0c1ee7c61b3f6411a559c3d45637b11e440ed5a99109b8e71d28c3d677af5f0499c6d3fc6a129775056958c9df824ebe5fa9fb306b24a8a8334910627d03efe69d4b61c4345f048c5da8aca16cea848fa77d2507c920a6bd654b00e07789382ed902c80deeff2fd5c78f42e4353e5360c3e55962efd1331e6736eaf4ee27736fa54803ee8ec1a15266ffcd8b30368740b584c2559e691e542cab3d49db327db62328f159d1e0900b3e23e84dedcd1377aa15dbeab7db181bd66980c3557c7d9f7377fcb6023accb5c368a121acf70e5f4c3f2a0ea07011c7149ea979cab2ee65cf7ffa29152b7a8fed89575e6e6fd77d4d9463d21775abac886ee6a1f2d7d8523840438a73d6307a87e2f525867fc3af7ab74520a773ae26bae74cdd405a211e8833e1ba523cde51d04a7ca6732"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xffffffffffffffd2, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x11, 0x4, 0x4, 0xff, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) (async)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f00000003c0)={'netdevsim0\x00', <r4=>0x0})
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f0000000400)=ANY=[@ANYBLOB="180000014000000000000000002419b6d3ab450031110000045cdbb88bbcab27d2f847937a7bc4d8af9ec9e48946e061b4d1d7be16fe399e9d2ecac2cb81a91299397d661bf0f6373cd2942642d318b6be7477ad0df529a1806b1c7feb6d00d7e0e977238c1da82b282a44d284394be676c05f68219a8cb2e71554e5fb835aea261d0c7ff7532308af94a64eb6", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb7030000feffffffb70400000000000085000000820000009500000000000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r4, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r5 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r5, 0x7a7, 0x0) (async)
r6 = socket(0x10, 0x3, 0x0)
munmap(&(0x7f0000002000/0x2000)=nil, 0x2000)
r7 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r7, 0x8933, &(0x7f00000000c0)={'vxcan0\x00', <r8=>0x0})
bind$can_j1939(r7, &(0x7f0000000040)={0x1d, r8}, 0x18) (async)
connect$can_j1939(0xffffffffffffffff, &(0x7f0000000080)={0x1d, r8}, 0x18) (async)
r9 = dup(r7)
sendmsg$nl_generic(r9, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)=ANY=[@ANYBLOB="c0000000000000e3a65fcf05046d7a53822b6607"], 0x33fe0}}, 0x0) (async)
bind$vsock_stream(r9, &(0x7f0000000240)={0x28, 0x0, 0xffffffff}, 0x10)
setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) (async)
connect$can_j1939(r7, &(0x7f0000000000)={0x1d, r8, 0x2, {}, 0xfd}, 0x18)
write(r6, &(0x7f0000000000)="2400000011005f0414f9f4070009040081000000160000000000000008000f0001000000", 0x24)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r5, 0x7a0, &(0x7f0000000140)={@my=0x1}) (async)
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r5, 0x7a8, &(0x7f00000000c0)={{@my=0x1, 0x4}, @local, 0x0, 0x0, 0x5})
r10 = socket$xdp(0x2c, 0x3, 0x0)
getsockopt$XDP_MMAP_OFFSETS(r10, 0x11b, 0x1, 0x0, &(0x7f00000002c0))
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r5, 0x7a8, &(0x7f0000000040)={{@my=0x1, 0x10000}, @host, 0x0, 0x0, 0x7})

5.132676333s ago: executing program 1 (id=9147):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000600), 0xffffffffffffffff)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x27, &(0x7f0000000040)={@multicast2, @local, @local}, 0xc)
syz_emit_ethernet(0x36, 0x0, 0x0)
syz_emit_ethernet(0x11, &(0x7f0000000080)=ANY=[], 0x0)
setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x20, 0x0, 0x0)
gettid()
clock_gettime(0x0, &(0x7f0000000000))
openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
socket$inet6_mptcp(0xa, 0x1, 0x106)
listen(0xffffffffffffffff, 0x9)
r3 = socket$inet_mptcp(0x2, 0x1, 0x106)
sendmmsg(r3, &(0x7f0000002840)=[{{0x0, 0x0, 0x0}}], 0x1, 0x20000000)
syz_genetlink_get_family_id$mptcp(&(0x7f00000002c0), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_GET(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000001f0000540000000e0001006e657464657673696d0000000f0002"], 0x34}}, 0x0)
syz_genetlink_get_family_id$devlink(&(0x7f0000000600), 0xffffffffffffffff)

4.672582244s ago: executing program 0 (id=9148):
r0 = socket$inet6(0xa, 0x805, 0x0)
r1 = socket(0x28, 0x5, 0x0)
ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0)
r2 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000018105e04da0700000000000109022400010000"], 0x0)
syz_usb_control_io$hid(r2, 0x0, 0x0)
syz_usb_control_io$hid(r2, &(0x7f00000001c0)={0x14, 0x0, 0x0, &(0x7f0000000000)={0x0, 0x22, 0x10, {[@global, @global=@item_4={0x3, 0x1, 0x0, "0900be00"}, @local=@item_4={0x3, 0x2, 0x0, "d601301a"}, @local=@item_4={0x3, 0x2, 0x0, "09007a15"}]}}, 0x0}, 0x0)
gettid()
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000740)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d0000006700000005000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x85c, @void, @value}, 0x90)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = getpid()
process_vm_readv(r3, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
mkdir(0x0, 0x0)
setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, 0x0, 0x0)
openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r4 = socket$key(0xf, 0x3, 0x2)
recvmmsg(r4, &(0x7f0000000440), 0x6f5, 0x2000000022, &(0x7f0000000480)={0x77359400})
setsockopt$sock_int(r4, 0x1, 0x4b, &(0x7f0000000040)=0xfd87, 0x4)
sendmsg$key(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[@ANYBLOB="0216000002"], 0x10}}, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x60341, 0x0)
recvmmsg$unix(r1, &(0x7f00000035c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40, 0x0)
getsockopt$bt_hci(r0, 0x84, 0x81, &(0x7f0000000080)=""/4076, &(0x7f00000010c0)=0xfec)

4.395302888s ago: executing program 3 (id=9150):
r0 = socket$netlink(0x10, 0x3, 0x0)
writev(r0, &(0x7f0000000180)=[{&(0x7f0000000240)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1)
r1 = socket(0x11, 0x800000003, 0x0)
bind(r1, &(0x7f0000000100)=@generic={0x11, "00000100000000000874e4bf7fb3a6835b76e252922cb18f6e2e2aba0000040000003836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e156c5027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
writev(r0, &(0x7f00000001c0), 0x0)

4.330785964s ago: executing program 2 (id=9151):
r0 = socket$inet(0x2, 0x0, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, 0x0, 0x0)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='dctcp\x00', 0x6)
r1 = getpid()
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.stat\x00', 0x275a, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000640)={0x18, 0x5, &(0x7f00000003c0)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec85000000750033b5f65de4a72ecf0000670000000500000095"], &(0x7f0000000100)='GPL\x00', 0x82, 0x0, 0x0, 0x41000, 0x28, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000002140)={&(0x7f0000000180)='tlb_flush\x00', r3}, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
process_vm_readv(r1, &(0x7f0000008400), 0x0, &(0x7f0000008640)=[{&(0x7f00000005c0)=""/102, 0x66}], 0x1, 0x0)
r4 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, 0x0, &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r4, 0xf, 0x25, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000001500)=ANY=[@ANYBLOB, @ANYBLOB, @ANYBLOB="0000000000000000b7080000000000007b8af80801000000bfa200000000000007020000f8ffffffb703000008000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000480)=ANY=[@ANYRES64=r2, @ANYBLOB="04fc5f69300e2603f47cff8e98a031536f371b105c8c0eb5ab19a5376d05ab3bb38a7985bf0c7400ea76602563ea9df81322906bedacc5b8eb658c94566ff05716e79cc28b8f68b4c2a0cc60df31002d7a06575a61f49e8e3716a748eae7b45fe919e3cb9a0f4b920f740b6391a86b90e0398eecd2dc97db817b202071a6e017d23e767c7fe3eb31e2a39bb7c1fcef0487768a14828e5cf56d048489db9387a2e5a7a37f7a701b6e64ec64f0e678d7509e88cc0b7ebc77a176c2b74f24c265aa3be94beaef07a072217944ff91e5c5f0a681a687f76a40685055c61599f80250fbd634bad123be9eae6c92636c7c5539c2dc00", @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
r5 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r5, 0x4010640d, 0x0)
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r5, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000180)=[<r6=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_GET_LEASE(0xffffffffffffffff, 0xc01064c8, &(0x7f00000001c0)={0x1, 0x0, &(0x7f0000000340)=[0x0]})
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r5, 0xc02064b9, &(0x7f0000000dc0)={0x0, &(0x7f0000000400)=[0x0, 0x0, 0x0, 0x0], 0x0, r6, 0xe0e0e0e0})
ioctl$DRM_IOCTL_MODE_ATOMIC(r5, 0xc03864bc, &(0x7f0000000440)={0x0, 0x0, 0x0, &(0x7f0000000180), &(0x7f00000004c0), 0x0, 0x0, 0xfffffffffffffffa})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
ioctl$IOCTL_VMCI_VERSION2(0xffffffffffffffff, 0x7a7, &(0x7f0000000100)=0x80000)
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(0xffffffffffffffff, 0x7a8, &(0x7f00000000c0)={{@my=0x1, 0x4}, @local, 0x0, 0x0, 0x5})
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(0xffffffffffffffff, 0x7a8, &(0x7f0000000040)={{@my=0x1, 0x10000}, @host, 0x5, 0x6, 0x7})
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mmap(&(0x7f00004e7000/0x2000)=nil, 0x2000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r7 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)=ANY=[@ANYBLOB="380000000314010000000000000000000900020073797a31000000000800410072786500140033006970766c616e31000000000000000000b95de198"], 0x38}}, 0x0) (fail_nth: 5)
r8 = openat$cdrom(0xffffff9c, &(0x7f0000000000), 0x800, 0x0)
ioctl$CDROM_SELECT_SPEED(r8, 0x5322, 0xd7d9)

4.212332867s ago: executing program 3 (id=9152):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000600), 0xffffffffffffffff)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x27, &(0x7f0000000040)={@multicast2, @local, @local}, 0xc)
syz_emit_ethernet(0x36, 0x0, 0x0)
syz_emit_ethernet(0x11, &(0x7f0000000080)=ANY=[], 0x0)
setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x20, 0x0, 0x0)
gettid()
clock_gettime(0x0, &(0x7f0000000000))
openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
socket$inet6_mptcp(0xa, 0x1, 0x106)
listen(0xffffffffffffffff, 0x9)
r3 = socket$inet_mptcp(0x2, 0x1, 0x106)
sendmmsg(r3, &(0x7f0000002840)=[{{0x0, 0x0, 0x0}}], 0x1, 0x20000000)
syz_genetlink_get_family_id$mptcp(&(0x7f00000002c0), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_GET(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000001f0000540000000e0001006e657464657673696d0000000f0002"], 0x34}}, 0x0)
syz_genetlink_get_family_id$devlink(&(0x7f0000000600), 0xffffffffffffffff)

3.942438759s ago: executing program 2 (id=9153):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = getpid()
process_vm_readv(r0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x200000000000005a, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/diskstats\x00', 0x0, 0x0)
r2 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000200)='/proc/sys/net/ipv4/vs/drop_entry\x00', 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000440)=@base={0x5, 0x4, 0x8, 0xc, 0x0, r2, 0x0, '\x00', 0x0, r1, 0xfffffffd, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x10, &(0x7f0000000280)=ANY=[@ANYBLOB="050000ab6d8327000000000000000000181100ff", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000002000000850000008600000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff000000c29c39f200bfa20000000000f8ffffffb703000008000000030000000000"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r2, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r5 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$inet6_opts(r5, 0x29, 0x40, &(0x7f0000000340)=ANY=[@ANYBLOB="000a0000000000000730000000000a000000000000000000000000000000000000000000000000000000000000000000000000000000000000000720000000000600"/83], 0x60)
r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f00001f0000), 0x0, 0x0)
ioctl$TIOCSETD(r6, 0x5423, &(0x7f0000000240)=0xe)
r7 = dup(r6)
ioctl$TIOCSTI(r7, 0x5412, &(0x7f0000000080))
socket$packet(0x11, 0x2, 0x300)
r8 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r8, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_hmac_sha512\x00'}, 0xfffffdc3)
sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000140)="b57523cb1a2c90d8acad2e2d98dfc9ea7a5843c3b63b683ced2b3266175599b779617e66e6b3e15c042be90635a2d36160bbf9a2edcacc0bbe015b84150a1928de94397894ff36aa430fc2a0814ba634308d6d0837250dfd1eca5383f9d151449743b1a0c4ffc51242a229c5d6d06f147a61d797ea7ffeda95b76f5623", 0x7d}, {&(0x7f00000001c0)="66f7", 0x2}, {&(0x7f0000000300)='l', 0x1}], 0x3}], 0x1, 0x0)
r9 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000040)={'ip6gretap0\x00'})
socket$nl_generic(0x10, 0x3, 0x10)
ptrace$setsig(0x4203, r0, 0xfff, &(0x7f0000000100)={0x2c, 0x6, 0xd956})

3.364756088s ago: executing program 2 (id=9154):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020207025000000002dba513d7b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000008fd88500000004000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x60, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000240)={{}, &(0x7f0000000000), &(0x7f0000000080)=r0}, 0x20)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x606)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0xc000000000}, 0x0)
sched_setaffinity(0x0, 0x3c, &(0x7f0000000200)=0x400000bce)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080))
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f00000004c0)=ANY=[@ANYBLOB="ffffffffffffff7f6e9ee39dfc21aac75eb1ecdc61323f737a1f6f98f60ea77b5a09aa1267fc1d6d6fa1477f85b1a28f187b5a1aa79461e82692b715609f08cd41e8b99dd86c9aebd49e4a7a72e3b1cdafc5e9c761f940128d730a8e7065169a44e943833a19f0248b8c0247882c7ae7119cd3246688cad9cd824896c07109c37d22fcbb6f9d0a990064623214d3e4b87780688191f39493d6248b2f8d34558b2d10bb3e8e70b7a082a297bd4989c0b20154b0e25421e4e6bf1120ec5f0d99ec8e8ac8788423513cd23057c0", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000030000009500000000000000"], 0x0, 0x0, 0xffffffffffffffa8, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00'}, 0x10)
r3 = userfaultfd(0x1)
ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f0000000040))
ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000000100)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})
read(r3, 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r4 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$UI_DEV_SETUP(r4, 0x405c5503, &(0x7f0000000180)={{}, 'syz1\x00', 0x3e})
ioctl$UI_DEV_CREATE(r4, 0x5501)
r5 = syz_open_dev$evdev(&(0x7f00000000c0), 0x40, 0x0)
ioctl$EVIOCSFF(r5, 0x40044581, &(0x7f0000000300)={0x53, 0x0, 0x4d, {}, {0x0, 0x1}, @ramp={0x9, 0xb64, {0x101, 0x7f, 0x1, 0x101}}})
close(r3)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, &(0x7f0000b4bffc), 0x4)
ioctl$TUNGETVNETLE(0xffffffffffffffff, 0x800454dd, &(0x7f0000000280))
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
r6 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$IP6T_SO_SET_REPLACE(r6, 0x29, 0x40, &(0x7f0000000840)=@raw={'raw\x00', 0x3c1, 0x3, 0x35c, 0x0, 0x111, 0x4b4, 0x1c0, 0xd4feffff, 0x308, 0x20a, 0x278, 0x308, 0x278, 0x3, 0x0, {[{{@ipv6={@empty, @empty, [], [0x0, 0x7000000], 'ipvlan0\x00', 'team_slave_0\x00', {}, {}, 0x6}, 0x7a, 0x164, 0x188, 0x0, {}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'bm\x00', "6d93eb04697dfa39de04767f46614613a407abbf4ed2e83a63b484dbb3bf6b2a850e79009e2905d2f98ba19f91f3c9faee6d3686e9bee067f4e77d9ad66238750c4100d7ee97ec7646259d90edece6e9787a97bc956c01754c34c5c9518c46178ed5f9194454980e579c80eca35a58dc47d1d5e4ff6e216c724e88c702448587", 0x28}}]}, @common=@inet=@TCPMSS={0x24}}, {{@ipv6={@loopback, @private1, [], [], 'veth1_to_hsr\x00', 'pim6reg1\x00'}, 0x0, 0xa4, 0x10c}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'pptp\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x3b8)

3.155678413s ago: executing program 3 (id=9155):
openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)
syz_open_dev$vim2m(&(0x7f0000000500), 0xffffffff, 0x2)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r0}, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = getpid()
process_vm_readv(r1, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x0, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf09000000000000550901000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000640), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r2, 0xaf01, 0x0)
r3 = eventfd(0x0)
syz_emit_ethernet(0x46, &(0x7f0000000340)=ANY=[@ANYBLOB="3c82bf073aaebbbbbbbbbbbb86dd6001010000101100fe8000000000000000000000000000bbfe8000000000000000000000000000aa00000000001090780200000000"], 0x0)
ioctl$VHOST_SET_VRING_BASE(r2, 0x4008af12, &(0x7f0000000200)={0x1, 0x101})
ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f00000001c0)={0x0, 0x0, 0x0, &(0x7f00000002c0)=""/138, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r2, 0x4008af03, &(0x7f0000000940)={0x1, 0x0, [{0x0, 0xc3, &(0x7f0000000540)=""/195}]})
ioctl$VHOST_SET_LOG_FD(r2, 0x4004af07, &(0x7f0000000240)=r3)
ioctl$VHOST_SET_VRING_KICK(r2, 0x4008af20, &(0x7f0000000040)={0x1, r3})
syz_emit_ethernet(0x3e, &(0x7f00000006c0)=ANY=[@ANYBLOB], 0x0)
ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f00000000c0)={0x1, 0x1, &(0x7f0000000380)=""/233, &(0x7f0000000700)=""/99, &(0x7f0000000480)=""/74})
ioctl$VHOST_VSOCK_SET_RUNNING(r2, 0x4004af61, &(0x7f0000000000)=0x20000)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r4, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x0, 0xf, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
socket$nl_xfrm(0x10, 0x3, 0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
getpid()
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xc, &(0x7f0000000800)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)

3.13129222s ago: executing program 1 (id=9156):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xf, &(0x7f00000003c0)=ANY=[@ANYBLOB="1000000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000020000008500000085000000b7000000000000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0xef)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
r3 = openat$vcsu(0xffffff9c, &(0x7f0000000000), 0x80000, 0x0)
sendmsg$IPSET_CMD_CREATE(r3, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000180)={&(0x7f0000000080)={0x40, 0x2, 0x6, 0x801, 0x0, 0x0, {0xa, 0x0, 0x6}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_REVISION={0x5, 0x4, 0x1}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_REVISION={0x5, 0x4, 0x1}]}, 0x40}, 0x1, 0x0, 0x0, 0x4014}, 0x20008004)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000003c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="050000000000000000002100000008000300", @ANYRES32=r2, @ANYBLOB="08009e"], 0x24}}, 0x0)

2.352443641s ago: executing program 1 (id=9157):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000600), 0xffffffffffffffff)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x27, &(0x7f0000000040)={@multicast2, @local, @local}, 0xc)
syz_emit_ethernet(0x36, 0x0, 0x0)
syz_emit_ethernet(0x11, &(0x7f0000000080)=ANY=[], 0x0)
setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x20, &(0x7f0000000180)={@multicast2, @remote}, 0xc)
gettid()
clock_gettime(0x0, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
socket$inet6_mptcp(0xa, 0x1, 0x106)
listen(0xffffffffffffffff, 0x9)
r3 = socket$inet_mptcp(0x2, 0x1, 0x106)
sendmmsg(r3, &(0x7f0000002840)=[{{0x0, 0x0, 0x0}}], 0x1, 0x20000000)
syz_genetlink_get_family_id$mptcp(&(0x7f00000002c0), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_GET(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000001f0000540000000e0001006e657464657673696d0000000f0002"], 0x34}}, 0x0)
syz_genetlink_get_family_id$devlink(&(0x7f0000000600), 0xffffffffffffffff)

1.243494381s ago: executing program 3 (id=9158):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000800)={0x6, 0xf, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000001600000000000000000000183900da8c56258d03c76dea434642a308000000000000001fbcdb8af53fe3728069ff8b3d1a54de0dad730c8c028fff8b8247ce", @ANYRES32], 0x0, 0x800000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) (async)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000dc0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = memfd_create(&(0x7f0000000480)='\x9d#\x00\xe6Z\x00\xafq%\xa5\x83\xa6\xb5\x00\x83y\xf3\xb2\xe6b\x00\x00\x00\x00\x00\x00\x17?&^\xe1Ob\xe1Y\x01\xeb\x91\x83;\xeb\xf1\xd0\xe3\xe5\x19T\xff\x01\x00\x00\xe2\x9f\xd9\xae\xcf>/\x05V%$6\x9fU\x86\xbe\xcbx\x00\x00\x00\x15\x00\x00\x00\xa1\xa2\xe0g\x98\xe1*\xa2c\x12.\xf25\x957\xec\xfb\xe6|\\\xe4h\xfc\x14\x06\xb5\xaa\xe6\x05\xe4\xc3\x90\x91\x98\x15\xec\xdb\xaa\t9\x11\xb4\x84$&0\xdd\x19\x86\x90\xbe\xd7\xdc\n\xcbC\x15\xfcp\x11\xdai\f{a?\xd0\xe1{\x84\xb5\x82q\x19\xacS\x88|\x99\xfd\x9eS\x80\xcb\x14G\xfa\xff\xff\xff\xf7\xff\xff\xff\xcd\xf0%\x97!\xba\xe3J\xc2t\x96\xf8\xb1\xd2\x168\xbf`$\xbf\xca\xea\xa3\x83\x8e-k\x12\xdf\xb9q\xb6Pr\xd4\xb5X\\\xdbD\n\x03G\x00\x04\x00\x00\xbc\xac\b\xba\xce\xb3%QF\x03\b\x9dh\xcb)\xf4f\x12[\xf9\r\t\xef{h\xb0\xc0:\x8f|\x8f\x06\xf8\x83\x87+nM\x11\x1c\xb0*8\v\x1e\xcf\x03\xd3\xe8,?\x87\x84\\/y\xed\x01#?\xab\x1c\x11\x00\xc5\x8d\x1f\x00\x00\x00\x00\x00\x00\x00]\x81\xf3\xf9\x06M\xbe\xf9\xba\x9em\xe9\"\x03\x933P\xa3\xcc\x9b\f\xa7\x8f\x91O\xc9\xb9\x10M\xa3\xac9&\xe6\xbd\x1c4\xb59\x988\tgC\xbc\xe0\xc5\xf4\xe0E%\xd9\xd8w\x00k\x042Y\xdc\xc5\xe59\xa95\xd1m\xd8hCuZYi\x10D\xb9\xe6\xff\x04K%yH\xe5W\xfb\x82\xac\x19,\\D\x91T\xfd\x9c\xb8\x8b\x88\xa5\xcc\x8fI\x00\xf0\xc9\x1f\n\xa7\xd6\x0f:\xb0\xf5?\xc3\x88\x1e\xbb-\xa6\xecA\x92\xaf\xa4X,\v\xa5\xca\v|\xe2L\xac\x80\xc7\x11\x96fh\x83\x15\xc7\xea\xd5\xe8\x89W\x11=\x87\x93\x0f\x87I\xdf\xb1\xeb\x89\x11.\x01\x00\r`\x1e8\x94\v)\x06B\xf0\x01\x91 )y\xb4\xba\xba\xb7\xbc\xc3\xad\xf1\x92/(A=A\x8b\xa5\x92\xc3V\x116jY-\x83\xdf\xf4\xea\xc6\xc7\x10g\x1d\xd5\xb0\xbb\xd2\xfc]fC\x8d\x0f\xa6q\x0f\xef\x90\xfe\x94k\xf1\xb8\xfa\xbbb\xb1\x03\x99\xf7\xfd\'\xae\x906\xe0\xaa\xdbtWWH\xa4L\xb5pe,\xdfN\x0f8\t\xe7X_H\xd4\xe3\xb2,oj\xac\xd7\xbd\xd0\xadW\x1f<\xd0s\xa8\x1f(\x00/ \xe4]@\xf7mA\xe8\xd1\xf4:\xb3\xeb\x81\xb9\x018\x1c\x95%o\x05x\x1a\x90\xf4\x03\xe7\xe9\xa9\x00\x00\x00\x00\x00\x00\x00\x00SDl\xc6\xe0\xc5\xbc\x9c\xe8\x15\xe5kJ\xc2\x8a\x9a7\xff\xd1\r\x96=\x81\xb6\xdb\xf8\x03\x91L\b\xa3\r#\x9cX\xc4\x92\x90[p\xbb]X\rm^}\xa3\xe46(\x9d-\xf8\xf9o\xa9\x13\x00\x00\x00\x00\x00\x00&2\xdfy\xd0\x15\x9d`\x83\xa4\xa6\x14^9]H\xd7/KP\xae\xa8\a.\fHo\xaa\x85@\xae\x8d\xfag\xa5F\xe6\xdf\xc1\x80Sv\x92\x01?\xf6\xad\xe2\xf9A\'\xf49\xb1uo\xc1\x95H\xd6\xdew-;\vR\x15z8\xfe\xcb\xd1]\xe1\xebF\xe8\xe7\x9b\xa81\x8eEp\x99\xd8X\x06\'\xff2\xa8Q\v\x19)\xc35\x03Z0\xfcd5\xb1\x89v?4R,\xd8\x1e\xb3\xfa \x80t\xd8\xc3 \x97A\xef\xc5.\xb1\x02b\xb9\xab\x12@\xa9\x18\x84\xb2\xf6\x16\xb7\xbb\xa4\x89G\b\xc1\n\x04\xbb\a\x14DC#V>\x88\xa09\x8aPU\xf1\xebXn%$\x13\xaa\x80\x86Fb\xc0\\Z\xb3U\x00\xd3\xbb\xbb\xe3\xfe\x9br\xa2\x06\xe63\x1a/(s\xce\xda\x83n-v\x17\xf1D\x8c\xf4x\xc1v\a%\x87\x11\x86\xc92\xb7\x06\xe2\x0e\xb1\xe3KoE#\x88\xdb\xa5\x7fc[\xfd]\r\x87\x94\xf4\x0e47Bo\x8a\xfc\xb9\xcd\xbcK\xc9\x02\x00&\xae*\xa7\xfc\xc6\xf6-T\x1f\xad.\xf0\x00\x00\xf2\xb5\xafq?/\xc0\xec7\xe6>\xa2\x02\xc7x\x98#\xb6\xac\xfd\x86\x91%\x0f\xca><\x02.\xcb3\xfc\ns\xea\xbf&\xae`\x1d\x0f\xd4g\xd7\x81g:u9\xa3\xb2(yK\xcd\xa7\xa1\xc9%\x1b\xee\xd6Ob>\x8c\xde-#W\xfc&-\xd2\xc9\x0eW\xfcV?\x81\x9f+\xda<p\"\xd8\xe8\x98\xd2$\x1f\xa0=\xfc{\x13&\x0f \xe5\x14\x13ln\xc1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xfb\x97\xbcl\x9fc\x9c\xdfz\xaa\xbbd\x9c\x1fU\x10\x00\xad\x9cZ\xcf\x92\x17\xfa`\xad!\x1a$\xc30\t9\xbcG!\x8eI\x01\r\x91\x1e(\xfb\xb0N\xdb\xe8\x95\x13\x1a\t\xe0\x9e_\b\xa4\xec\xb1PD\x1bj\xc2\x84%\xb7]nQ}y\x84\xf8\x96\x1f\x19\xc7\xf4\x106\x99a\n\x94\xe4j\xe3\x7f%\x95\x82\x84\'\xcf\x19\xa7\x05\xd6h$C\xa4C\x94\xf9P\xf2K~\x1c\x80\xa0\xbeA\xf4\x15\xe7\xdb\x19g4O\xd4\x01\xeaaa\xe8\xef\xc6\xa6\xecp\x9fI\xc4\x01\x16\xe9\x00'/1222, 0x7)
fchmod(r2, 0x0) (async)
r3 = openat$proc_capi20ncci(0xffffff9c, &(0x7f0000000140), 0x1c0, 0x0) (async)
setsockopt$sock_attach_bpf(r0, 0x1, 0x4c, &(0x7f0000000300), 0xd) (async)
prlimit64(0x0, 0x7, &(0x7f0000000000), 0x0)
r4 = socket$kcm(0x29, 0x0, 0x0) (async)
r5 = openat$cachefiles(0xffffff9c, &(0x7f0000000400), 0x40600, 0x0)
setsockopt$packet_tx_ring(r5, 0x107, 0xd, &(0x7f0000000100)=@req={0x8, 0x8, 0xfffffffb, 0xffffffff}, 0x10)
ioctl$sock_kcm_SIOCKCMCLONE(r4, 0x89e2, &(0x7f0000000040)={r1})
ioctl$MEDIA_IOC_G_TOPOLOGY(r5, 0xc0487c04, &(0x7f0000000280)={0x0, 0x5, 0x0, &(0x7f0000000540)=[{}, {}, {}, {}, {}], 0x0, 0x0, &(0x7f0000000080), 0x9, 0x0, &(0x7f00000008c0)=[{}, {}, {}, {0x0, <r6=>0x80000000}, {0x0, 0x80000000, 0x0, {<r7=>0x0}}, {}, {}, {}, {}], 0xb, 0x0, &(0x7f0000000ec0)=[{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}]}) (async)
r8 = signalfd4(0xffffffffffffffff, &(0x7f0000000000), 0x8, 0x0)
close_range(r8, 0xffffffffffffffff, 0x0) (async)
r9 = syz_open_dev$media(&(0x7f00000010c0), 0x2, 0x0)
ioctl$MEDIA_IOC_G_TOPOLOGY(r9, 0xc0487c04, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000200)=[{}, {}, {0x0, <r10=>0x80000000, 0x0, {<r11=>0x0}}, {}], 0x0, 0x0, 0x0})
ioctl$MEDIA_IOC_SETUP_LINK(r8, 0xc0347c03, &(0x7f0000000700)={{0x80000000, r11}, {r10, r7, 0x2}, 0x0, [0x66]}) (async)
ioctl$MEDIA_IOC_G_TOPOLOGY(r5, 0xc0487c04, &(0x7f0000000d00)={0x0, 0x8, 0x0, &(0x7f00000016c0)=[{}, {<r12=>0x80000000}, {}, {}, {}, {}, {}, {}], 0x3, 0x0, &(0x7f0000000a00)=[{}, {}, {}], 0x4f, 0x0, &(0x7f0000001340), 0x0, 0x0, &(0x7f0000001100)})
ioctl$MEDIA_IOC_SETUP_LINK(r3, 0xc0347c03, &(0x7f0000000e80)={{r6, r11, 0x1, [0x3748, 0x20000]}, {r12, 0x0, 0x2, [0x877, 0x10]}, 0x1, [0x6, 0x7]}) (async)
bpf$PROG_LOAD(0x5, 0x0, 0x0) (async)
r13 = bpf$MAP_CREATE(0x0, &(0x7f0000001100)=ANY=[@ANYBLOB="1b00000000000000008000000080000000000000", @ANYBLOB="a9a92843ae5b2060cdde4b2a78f01885c004eb44bf04f621ea0d2a00de4b6907bd939e3eb355a19dfe3451409ff57d4ad6c87ac90a33bed1841f88c2c312ec350a32f4b5212828054809e4847f76498e2a97b497fc693a3704118d486f0fcdea8292900c94d212b54a3d5739ba9459f42c27a5071a63134393ca2cced05f99ee84ba6404ca4f27", @ANYBLOB="000000007824021700050000000000debf1b8c10d5c9ee0f2ef8e406f934000000000000000000dbbfcc83f42ccf82fc46d81a2c8eedbc92a84b501ceec684d113e7cf8f7f998592eee5af1e5d7fe748e5ba72fffd455c31ef5480d7c93ad13068c0f885bda778920bab5959a6a0f3bd5a41342f7c0dc5143bccaa0221e966922d93ba2e8c4fd9020a3b7a2541de67c51baf2b1e565d90b62e039a1b2fdb66a8d11190d537aa7298615b0df140fa4a94d0b86e9f921d0ed2e4eba82f0cc11999e2", @ANYRESDEC=r3, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r13], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) (async)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000740)='/proc/consoles\x00', 0x0, 0x0)
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) (async)
openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0) (async)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) (async)
r14 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r14, &(0x7f0000019680)=""/102392, 0x18ff8) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async)
openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)

1.137663862s ago: executing program 0 (id=9159):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={0xffffffffffffffff, 0xf, 0x25, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000040)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280), &(0x7f0000000900)="8c85ff9fbb89ead882486b624a831ae210cd60e31dec2115", 0x37db, r0}, 0x38)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000700)={r0}, 0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000740)={0x1f, 0x10, &(0x7f0000000880)=@framed={{0x18, 0x0, 0x0, 0xfffa}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}}]}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3a, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)

1.071087706s ago: executing program 3 (id=9160):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095", @ANYRES64], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r0}, 0x10)
ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0186405, &(0x7f00000002c0)={0x9, 0xa, {<r1=>0xffffffffffffffff}, {}, 0x5, 0x1})
prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x2, 0x0)
r2 = getpid()
process_vm_readv(r2, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x6, 0xc, &(0x7f0000000380)=ANY=[@ANYRES8, @ANYRES16, @ANYRESHEX], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0xc, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r3 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_int(r3, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4)
setsockopt$packet_rx_ring(r3, 0x107, 0x5, &(0x7f0000000040)=@req={0x0, 0x6, 0xffa0468}, 0x10)
r4 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCL_SCROLLCONSOLE(r4, 0x541c, &(0x7f0000000040))
r5 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_int(r5, 0x29, 0x19, &(0x7f0000000140)=0xa80, 0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000800000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r6 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000300)="d8000000100081044e81f782db44b904021d006a10000000e8fe55a1180015000600142603600e1209000a0044000000a80016000a00014000000000f6000000b94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef52a98516277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f1aeb4edbb57a5025ccca9e00360db70100000040fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9701", 0xd8}], 0x1}, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'team_slave_0\x00'})
sendmmsg$inet6(r5, &(0x7f0000006b80)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000b00)=ANY=[@ANYBLOB="e80200002900000004000000005a000000000000c2040000000000dfaac7f65dde66007550d861b7b537fd49b44ed35b0b7c2ed243f39735881ba7309715165c3b9edec92e7dadb7a5bb76e68b4ce5350b4f2671dd45a5fd4320d89ed45cf375461e38967ad0f0891dc4bbba54a2c4b99498353dcc9f0233d55a6e0fbf78c3ba94983f48b6f65060c96fd75c4a82e937f62c958445a04c99c7646db75133bf141405b7db695b0de9a482a9dc8dc3c15f15db0153211c3604213a2baf4222bf165fdfa2ca3fddc94be49ac220c6fec65b5f419d364efc16072c068df6df4ff736f92d14e2d5c87eb699c31f1755ba93bf935b06fb93bdb863bb796b4fa365b5b80e7eacb78b04010007180000000004000000000000000000000000000000000000000774000000000a00000000000000000000000000000000000000000000000000000000000000000700000000000000000000000000000000000000000000000000000000000000000002229d40aeab2ece2763e7895cbddd3bcef323f53499b24b0bc57e8e417e20893cedcc8e4f10efdeb88f5e0c3de3fe3ca7d3e9d153f8829a9ace483ea348411f9c44740bfb23125dd1a1609525b9042df61031991b12c271afeb2aad"], 0x2e8}}], 0x1, 0x800)
recvfrom$inet6(r5, 0x0, 0x0, 0x12020, 0x0, 0x0)
r7 = socket$inet6_mptcp(0xa, 0x1, 0x106)
listen(r7, 0x0)
syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000440)='ext4_es_shrink\x00'}, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r8 = getpid()
process_vm_readv(r8, &(0x7f0000008400)=[{&(0x7f0000000340)=""/69, 0x623c41ea}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
socket$inet6(0xa, 0x2, 0x0)

901.840835ms ago: executing program 0 (id=9161):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
setsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, &(0x7f0000000040)=0xb6, 0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000000300)=""/102400, 0x19000)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$BATADV_CMD_GET_DAT_CACHE(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, r3, 0x303, 0x0, 0x0, {0x6}}, 0x14}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f000000c140), r2)
r4 = syz_genetlink_get_family_id$smc(&(0x7f0000000000), r2)
r5 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$SMC_PNETID_ADD(r5, &(0x7f0000000140)={0x0, 0x600, &(0x7f0000000340)={&(0x7f0000000040)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="01030000000e0000000001"], 0x34}}, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000100), 0x141a42, 0x0)
mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file2\x00', 0x81c0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000040)='./file2\x00', 0x0, 0x0, 0x0)
r6 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/block/loop0', 0x0, 0x0)
symlinkat(&(0x7f0000000280)='./file2\x00', r6, &(0x7f0000000100)='./file2\x00')
lsm_set_self_attr(0x65, &(0x7f0000000240)=ANY=[@ANYRESDEC=r6], 0x20, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x8, 0x5, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x3000}, [@alu={0x7, 0x0, 0x2, 0x0, 0x0, 0x0, 0x2f22}, @jmp={0x5, 0x0, 0x2, 0x0, 0x0, 0xfffffffffffffffe}]}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x78)
ioctl$FAT_IOCTL_SET_ATTRIBUTES(0xffffffffffffffff, 0x40047211, &(0x7f0000000180)=0x2)
r7 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$VT_RELDISP(r7, 0x5605)
r8 = socket$inet(0x2, 0x0, 0x2)
setsockopt$inet_msfilter(r8, 0x0, 0x29, &(0x7f0000000200)=ANY=[@ANYBLOB="e0000002ea0000000000000000"], 0x10)
ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, &(0x7f0000000080))
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000140)='contention_end\x00'}, 0x10)
ioctl$VIDIOC_LOG_STATUS(0xffffffffffffffff, 0x5646, 0x0)

401.885298ms ago: executing program 2 (id=9162):
mkdir(&(0x7f0000000400)='./file1\x00', 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000002ac0)=@newtaction={0x88c, 0x30, 0xffff, 0x0, 0x0, {}, [{0x878, 0x1, [@m_police={0x874, 0x1, 0x0, 0x0, {{0xb}, {0x848, 0x2, 0x0, 0x1, [[@TCA_POLICE_RATE={0x404, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xcfe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x40, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, @TCA_POLICE_PEAKRATE={0x404, 0x3, [0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800, 0x20000000, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401]}], [@TCA_POLICE_TBF={0x3c, 0x1, {0xe, 0x3, 0x6, 0x80000000, 0x4, {0x5, 0x0, 0x8, 0x1, 0x7, 0x1f9}, {0x5, 0x0, 0x6, 0x800, 0xf0, 0x4}, 0x40, 0x82e, 0x9}}]]}, {0x4}, {0xc, 0xb}, {0xc, 0xa}}}]}]}, 0x88c}}, 0x0)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x0, &(0x7f0000000080)=0x7)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x0, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000ed07449e000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10)
symlinkat(&(0x7f0000000140)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', r1, &(0x7f0000000000)='./file0\x00')
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
rename(&(0x7f0000000380)='./file1\x00', &(0x7f00000003c0)='./bus\x00')
chdir(&(0x7f0000000140)='./bus\x00')
link(&(0x7f0000000280)='./file0\x00', &(0x7f00000002c0)='./bus\x00')
syz_open_dev$tty20(0xc, 0x4, 0x1)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$netlink(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000004c0)=ANY=[@ANYBLOB="2800000013002108000000000000000008000000", @ANYRES32=r7, @ANYBLOB='\b\x00G@', @ANYRES32=0x0, @ANYBLOB="08003a8004006400"], 0x28}], 0x1}, 0x0)
mount$tmpfs(0x0, &(0x7f00000006c0)='./bus\x00', 0x0, 0x40024, 0x0)

0s ago: executing program 3 (id=9163):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = getpid()
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
process_vm_readv(r1, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030"], 0x15)
write$FUSE_BMAP(0xffffffffffffffff, 0x0, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={0x0, 0x98}}, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000480)={0x30, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa}, [@CTA_TUPLE_REPLY={0x4}, @CTA_NAT_SRC={0x18, 0x6, 0x0, 0x1, [@CTA_NAT_V6_MINIP={0x14, 0x4, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}]}]}, 0x30}, 0x1, 0x0, 0x0, 0x40004}, 0x0)
syz_emit_ethernet(0x5a, 0x0, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f00000022c0)=ANY=[@ANYBLOB="b702000001020000bfa300000000000007030000fdfdfff67a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040000010000400404000001f7ff04b7050000040000006a0a00fe00000000850000000a000000b70000000000000095000000000000009cc6b3fcd62c061c6238975d43a4505f80e39c9f3c530cf08e467b592f868ee3b0a435df0a0e8c1bf176db2a6b2feb4b77d339707bfd2d84aaa3b1d4e984c46ea7e2b347a36f5662403e1b2be4284322a4908a0d411a9872971c7c56f0979bd10b97163c066d0e196bf02f46c7953ab1abdaf90a70f2bdf4000200000000b0c2c125080963f63223b7b80197aa3161f45346b100000000000000000089070000009876b588743794298b79dc192dff048fc207c81f28bdd3e26a1a8a0481e9f0da43bb6ca66e2f55a9ff19ffcafe3e64be06000000000000005064caec04a367c23d9fb6a6991ddb737d527d6acb15426406991c3b404984dfa2c6e94bd0339454c13a0100000082c15dc760a313e3b3ca5d3393404029e98fa883c71949a34d84030323e3d54fc5b29d27643453ad9211e3550ee5520211d9370175133f260c6882a146880b9387f1beb5418618bc83a3becf9bb57da7ba8b913c685fc6700848dc6665d73248c1f74e08ad04ce905faf32706e0000249a028044ede964362cfb2f30a246c3b2f60000fc4deb91da1368b0960b8d69bd99c64893d44f962524429dc058528e7e541c903869d96989b9a986620cb2c95c83f2a082c52764f49e51188f9418b01bcd8ae164acdac95318ec8b2c6feacdcf4b528e5e58219bc54f6ad5679e7f430e6960ed048c46e1dccca05bfa1d67c83795eae2d31968c055d325a9c794ef88b30c2de4a274878b73c05ffa88b7073be648b12bb1fee58958d6a6f31bfe568215dfbde59dad00008a73b40f09cf018cd496b36050d7fd45e3620c28f76749262e33e16429a6da35ceb1a989de81c3f8b8bc348ef2ac3781b847611fcb0a26acafdd6d9a1b17dcb9f7c493d8f8cd344a1d470ca0d6f16ab0293774b5509fb0e7113936d59d5a60dbd84a938476adeebab9ff44f531bb0200000000000000cc1fbc455a64fd449284f71761092a0302000000000000008a05d36fd9b814b4292745418c92d944763a4bf5e138d810e29a31f08f7dea7762d2d8f7e1d24cabe17ad4135d8872935ceac6eb4f046f2acc1b0efb4438abddcabb4e4e72705edfa2cddb01f44c850e4ea450aab72b589bec83bbb688e659fb426cb43d0ee993516fd4e867232cde69b6ffad447dcd92e0ef8234ff850ec3948dd1fa7afb77d951fe4abf618121b7894c106beb49a71c62df5544ef221973432ccc7e62b151eb898a01010a7ec5acd0a5dcb2de443880c8a682515d1da9a3048744acb44384d1591df789883c0560495cb0cb32283529926d25e5c7f481112ab8a82247e927fb6f256830dab3671f00500d36a17790bab7d0e89e6c15314f2b963bfc867953476b0505c7d728326d666f39e82cfcf7e7a85df288d75df24c5e4d529c349923f9a4fb882310391dd58b4cbd8def239a227724d39c3e6c40e20e07e68a22888a5c3941b7a765b92bcb37f302487bcbd93ccf3a104021ff34ddf7ffcca1a04eae963e25516a114573779b24a341dfb2e80f1f345c6d96493ffc2a18478b5bf3aab2ea59c51cf0678e1a57d0ea042d911548ff612002ddb2d54d42fbdde42b56887003d27468225b2594a05044baf314113e8894680600000000000000db6b56557a5adad95cb9a69d4de50642b4b9d6d3ba7eb534c88d443ac8b3685135dfc4da06e7f8695be614c557caed7eb0120516e1351fed7d8ffa31c8f4be364185469cfc5f25c90d71bce745dd2d58a30e0844f12c4cbbdd7a08465e665c2620d78673dfb6d9263ed7def8924cfcd48a8a3534f1a3eac9ee9f18a18106ba3d7c7a62330f5c0e98cb7982dd7bad02c8dba9c13894185bfc4bd2520b6e2043fcb3fc5eb55ecf9e6e363ea2ac40a14a6faa21b0f5a0fdb6487c51ef12c27b30255bc4f8813be88beeb5aa6f6a4151cfb90644e50630ed474df7d1635afcb1ea3f6c47b5acbba2ce5099a9387c7acb9bbd1da497611ceda25049e48ddacccbb58dddaf9a3510d65383829a51e0f416661fa80ca1eaaa6cf0824305ba4ec80400c50ffe83ccb0e6fef321190c58aca8c7c8c6d26ff5cbc2cadebda8e1219e04f8dacffd33db1a0a2e74c9eb978d80a12d0b5327bfd053000000000000000000be0d02a14708504412fa93d335992b2983c5addc191b4a21c7b340d0536b01958e15315eb5f3f9f4992c18f666359f40295fa73284c4b607669bae75bd68c3e2b770c324a0ab26b6065d7ea6a7bd80052db57506ec7cc861bf3998d07484c66630ca8173fea3f06ed1dfc70a8b90418e2dc76137e0f68cb1c8a908aef9f0f85647dba54e05028c33d94d463fb20d2e7547184b8d3611e45dff02144387f342ef9b9bf650e9d049bf65258a7bc094a6965e24611c077e1ca0891362a9d68f3ec7610c0449acf18459500f024f9b75885cd79ba32776e4a511c8a4ad922b00000000000000a9241220dfbf7d02ef507ec6fc7f5d37d835f7bed71283c431b9d8cbd9003972bf1dc6a71bedad8e19efc3edd2a7a7e555d5f3176af69920471e6e5bcb8966c813c132d65e2b99d3015e06b372e1aefaae14ee3fbc6349af362c19b59c214de66912d1a9a98d92dc197a51c29443de62caca334c46d110e50896fe50d0477771d387f40c8ef05750ca651e6e69a237dcf78666d6ab2bda1f853525494e4efdd93be38bb5fc671f8794002d7a951fd336aaf4ed1166cb459df70218c571ba1c40b028234505e5477e268326af8812c2fbb8785a223fce0a0601c2a3b58bea8c6216eadabcabe86ab46e4cd3d58ef7ce8d3c4b0bc5952e81dfc0a490d8568db6f9c51fe703c6864fae0053d2f91f49e977cdc1962dbc28c29471a72199862bc8fc6e211d136ecc87185f2437c4fce146d8579cab4fba94b2b613c9b8148d05e0690a4c4ab35aabc45801d2b82081e62b23a01b58b1ffb624f63ad2246796796160cd3682374364edac52f1becb7c6eff50823b75fb2ef516ec4ec1cb20a2535b504502d744f2099674e58f2c117c980cf0d041c8ea5c4f166bab4aa5ed200ef4dcff96f7c9c1ab8c22db0f439b23b04bcd41ffc3a0e01976ca1cf43e12d7d72f3faa4979faabd62e2dc54a980eae4d5e8c6498de331c3aba1144ef1190ea6cda641d9416c4560cab2d819eac7b04c70f141754c3ffd79da363fe8859afee531710caf1b2bf5a51142f4755cbb700c28083525a9093790096cb93417f1216000000000000000000000000000040ceb244e4cae2b65a76d41793aabccd3d0c50486eae0000000000007c012779c14ca94759266200229b58c12279817869e831cade7b09ddffffff9d93e2ad25eed43c0b9ee4fd209b5b919a42f676b9d7236fc8dd5040899d0676291407ce9ac8101dd3512f5b3ac8cf8179d1749de324000030d0f942ec4604c28d5c287d1435956784003a53eb5fe535ead8857acf0166dbd9f30a9b9c8a9b9faf1356faf269cded935b07863e4fdad8aab52686c81babd1c08f6700a2fadd413443022ea5c774ffefdd426abed08d437a4db48611fc82a18ab9f54758a1aad86d95cd186ceb55fafa3930090467b8b7bb8ae7e1c8b4b4106a381cb67fdb86def4de2076dc538bb97502b4b4350e633dc0a53d2f64ec521f6fa1cd02843a5e16074d86c9a01bc5cfae0245f1fab843c633446f5f3a43226109b7dafe7815773bd6969f04cbe15236b90000000000000000000000000000000000000000000000000000ff0779b9c005da21073c6d9680d4e547cb727addb2efe11b8b3a706569f1522b57d71bb0beccab7c8fe9e1330b2f501b2ac3cf4eba7ceda6ff8a0c8b18c5e9e2f505e833217557abb257d61af8e8c473a7585436730db75da167481ab8921fe051b250f8d8ef9c8481bb28a137d15040b0181c28dfad7c17b30c452a64c43a1167b948247c33abc765a6ba695c3cea5e32a4d1ae2dcbec2ff4268e03aad15efc6004e6b3d7f0edf8b5d4ae7846a6d43c16c90b7c5dc13ac2ff0439ab693498964cad2bb533bcd240778b7e49145c48efde42b44c01517f1a7c7707b4c4fc0900e7086ec40354504590696282286db9030f0320e2fcba8723939005347b3f744ff1973431000000000000000000000000000000000000003495d69aaf9a1d83e83511a3bf44fe753b8ad83bc34ea4d46b397e000ff267c50122aa5aaf8474ec2e57d960d963900bef84a4b3c7dd01ae4d6b5522aa8a35ae7996e298bcfea4d3677a67b52041ec21ae8003aa1c9969178b1b00e4d12ac9741fd788fb6260ec043c013907523c77f8acc20b9e2fd224ca8f0000b2b10991881e0a12f4e1c4f54b9ca7c9a0c8298d60b8b6eaa023418992d6d62b0e9faca4a3b3a805e859137cd933ef5eb8db16f159f32505725da51414562d064b551246dacd586f42d04d3fed3c087bb52ae4bc09f3846c785d1b278e661ed01fbc2415288bc9c808c4aef648d431b3029da0dec8886c3ee9cad996843d00a3b5eb54e270dd2e96c8f2fdb4c27c2d1bd467f2a14867dec67730d8a68329839d9feff688dfbe25c73f936338e7b057980da58a6303d95f17712d01005a1066ae457ae32925ce658b559c1182a74e267da57fe25b19153f1cdebaddf3f7a3479c09f2303d000000000000000000000000000000b17fedd6b6501a47d0e5b510f4a4fab5a62d5fa7e8ead851b01dbfdfe5823c2600"/3432], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
syz_open_dev$tty20(0xc, 0x4, 0x1)
process_vm_readv(0x0, &(0x7f0000008400)=[{0x0}], 0x1, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x5f}], 0x1, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000780)={r2, 0x18000000000002a0, 0xe80, 0x0, &(0x7f0000000080)="5aee41dea43e63a3f7fb7f110000", 0x0, 0xf004, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) (fail_nth: 8)
setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(r0, 0x84, 0x15, &(0x7f0000000180)={0x6}, 0x1)

kernel console output (not intermixed with test programs):

kipping remainder of the config
[ 2329.068644][T13266] usb 7-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 9
[ 2329.072000][T13266] usb 7-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[ 2329.074460][T13266] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2329.080308][ T4948] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 2329.084117][ T4948] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2329.100214][ T4948] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 2329.103447][ T4948] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2329.109231][T13266] usb 7-1: config 0 descriptor??
[ 2329.117840][ T4948] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 2329.119857][T13266] usbhid 7-1:0.0: couldn't find an input interrupt endpoint
[ 2329.120898][ T4948] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2329.125719][ T4948] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 2329.159281][ T4948] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2329.161781][ T4948] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 2329.164961][ T4948] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2329.167921][ T4948] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 2329.181868][ T4948] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2329.191240][ T4948] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 2329.203722][ T4948] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2329.213371][ T4948] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 2329.226971][ T4948] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2329.376865][ T4954] FAULT_INJECTION: forcing a failure.
[ 2329.376865][ T4954] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2329.397574][ T4954] CPU: 0 UID: 0 PID: 4954 Comm: syz.3.8632 Not tainted 6.11.0-syzkaller #0
[ 2329.400379][ T4954] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 2329.403546][ T4954] Call Trace:
[ 2329.404469][ T4954]  <TASK>
[ 2329.405290][ T4954]  dump_stack_lvl+0x16c/0x1f0
[ 2329.406653][ T4954]  should_fail_ex+0x497/0x5b0
[ 2329.408156][ T4954]  _copy_from_user+0x30/0xf0
[ 2329.409683][ T4954]  dev_set_hwtstamp+0x148/0x5c0
[ 2329.411282][ T4954]  ? __pfx_dev_set_hwtstamp+0x10/0x10
[ 2329.412699][ T4954]  ? __pfx___lock_acquire+0x10/0x10
[ 2329.414360][ T4954]  ? __pfx___mutex_trylock_common+0x10/0x10
[ 2329.415834][ T4954]  ? full_name_hash+0xbc/0x110
[ 2329.417351][ T4954]  ? netdev_name_node_lookup+0xf0/0x140
[ 2329.418866][ T4954]  dev_ifsioc+0x642/0x10b0
[ 2329.420023][ T4954]  ? __pfx_dev_ifsioc+0x10/0x10
[ 2329.421421][ T4954]  ? dev_ioctl+0x213/0x10c0
[ 2329.422603][ T4954]  ? __pfx___mutex_lock+0x10/0x10
[ 2329.423895][ T4954]  ? __pfx_lock_release+0x10/0x10
[ 2329.425246][ T4954]  ? netdev_name_node_lookup_rcu+0xf0/0x140
[ 2329.426786][ T4954]  dev_ioctl+0x224/0x10c0
[ 2329.427924][ T4954]  compat_sock_ioctl+0x452/0x7f0
[ 2329.429218][ T4954]  ? __pfx_compat_sock_ioctl+0x10/0x10
[ 2329.430649][ T4954]  ? bpf_lsm_file_ioctl_compat+0x9/0x10
[ 2329.432101][ T4954]  ? __pfx_compat_sock_ioctl+0x10/0x10
[ 2329.433547][ T4954]  __do_compat_sys_ioctl+0x2c3/0x330
[ 2329.434932][ T4954]  __do_fast_syscall_32+0x73/0x120
[ 2329.436289][ T4954]  do_fast_syscall_32+0x32/0x80
[ 2329.437585][ T4954]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 2329.439229][ T4954] RIP: 0023:0xf7f31579
[ 2329.440306][ T4954] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[ 2329.445322][ T4954] RSP: 002b:00000000f56b656c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[ 2329.447425][ T4954] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000000089b0
[ 2329.449481][ T4954] RDX: 0000000020000180 RSI: 0000000000000000 RDI: 0000000000000000
[ 2329.451523][ T4954] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 2329.453573][ T4954] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[ 2329.455636][ T4954] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 2329.457705][ T4954]  </TASK>
[ 2329.458599][    C0] vkms_vblank_simulate: vblank timer overrun
[ 2329.682073][ T4958] netlink: 96 bytes leftover after parsing attributes in process `syz.3.8634'.
[ 2329.687734][ T4958] netlink: 96 bytes leftover after parsing attributes in process `syz.3.8634'.
[ 2331.508096][ T4965] netlink: 'syz.3.8635': attribute type 4 has an invalid length.
[ 2331.573862][ T4967] netlink: 'syz.3.8635': attribute type 4 has an invalid length.
[ 2331.818502][T23425] usb 7-1: USB disconnect, device number 18
[ 2331.894126][ T4969] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8636'.
[ 2333.622084][ T5006] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[ 2333.671047][ T5006] kvm: pic: level sensitive irq not supported
[ 2333.671914][ T5006] picdev_read: 13 callbacks suppressed
[ 2333.671925][ T5006] kvm: pic: non byte read
[ 2333.681568][ T5006] kvm: pic: level sensitive irq not supported
[ 2333.682862][ T5006] kvm: pic: non byte read
[ 2334.378590][ T5039] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[ 2334.600488][ T5035] netlink: 12 bytes leftover after parsing attributes in process `syz.3.8656'.
[ 2334.856136][ T5054] netlink: 4544 bytes leftover after parsing attributes in process `syz.2.8660'.
[ 2334.860662][ T5054] netlink: 4544 bytes leftover after parsing attributes in process `syz.2.8660'.
[ 2334.908952][ T5054] usb usb1: usbfs: interface 0 claimed by hub while 'syz.2.8660' sets config #3
[ 2336.316405][ T5084] netlink: 16 bytes leftover after parsing attributes in process `syz.2.8669'.
[ 2336.574165][ T5089] FAULT_INJECTION: forcing a failure.
[ 2336.574165][ T5089] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2336.578065][ T5089] CPU: 3 UID: 0 PID: 5089 Comm: syz.2.8670 Not tainted 6.11.0-syzkaller #0
[ 2336.580730][ T5089] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 2336.583797][ T5089] Call Trace:
[ 2336.584755][ T5089]  <TASK>
[ 2336.585660][ T5089]  dump_stack_lvl+0x16c/0x1f0
[ 2336.587038][ T5089]  should_fail_ex+0x497/0x5b0
[ 2336.588500][ T5089]  _copy_from_user+0x30/0xf0
[ 2336.589870][ T5089]  ucma_destroy_id+0xb7/0x2a0
[ 2336.591138][ T5089]  ? __pfx_ucma_destroy_id+0x10/0x10
[ 2336.592552][ T5089]  ? __might_fault+0xe3/0x190
[ 2336.593900][ T5089]  ? __pfx_ucma_destroy_id+0x10/0x10
[ 2336.595451][ T5089]  ucma_write+0x205/0x340
[ 2336.596829][ T5089]  ? __pfx_ucma_write+0x10/0x10
[ 2336.598223][ T5089]  ? security_file_permission+0x98/0xc0
[ 2336.599733][ T5089]  ? __pfx_ucma_write+0x10/0x10
[ 2336.601103][ T5089]  vfs_write+0x29a/0x1140
[ 2336.602344][ T5089]  ? __pfx_vfs_write+0x10/0x10
[ 2336.603662][ T5089]  ? __fget_files+0x256/0x400
[ 2336.605122][ T5089]  ? __fget_light+0x173/0x210
[ 2336.606662][ T5089]  ksys_write+0x1f8/0x260
[ 2336.608034][ T5089]  ? __pfx_ksys_write+0x10/0x10
[ 2336.609580][ T5089]  __do_fast_syscall_32+0x73/0x120
[ 2336.611165][ T5089]  do_fast_syscall_32+0x32/0x80
[ 2336.612531][ T5089]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 2336.614332][ T5089] RIP: 0023:0xf73fe579
[ 2336.615566][ T5089] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[ 2336.621238][ T5089] RSP: 002b:00000000f56c556c EFLAGS: 00000296 ORIG_RAX: 0000000000000004
[ 2336.623891][ T5089] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000020000280
[ 2336.625976][ T5089] RDX: 0000000000000018 RSI: 0000000000000000 RDI: 0000000000000000
[ 2336.628070][ T5089] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 2336.630264][ T5089] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[ 2336.632439][ T5089] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 2336.634560][ T5089]  </TASK>
[ 2336.787742][   T63] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[ 2336.868368][T13266] usb 6-1: new high-speed USB device number 122 using dummy_hcd
[ 2336.897471][ T5100] netlink: 72 bytes leftover after parsing attributes in process `syz.2.8674'.
[ 2336.904622][ T5100] netlink: 72 bytes leftover after parsing attributes in process `syz.2.8674'.
[ 2337.017807][   T63] usb 5-1: Using ep0 maxpacket: 16
[ 2337.025263][   T63] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 2337.027932][   T63] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 9
[ 2337.030307][ T5104] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8676'.
[ 2337.041407][   T63] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[ 2337.043810][   T63] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2337.047592][T13266] usb 6-1: Using ep0 maxpacket: 16
[ 2337.048653][ T5104] erspan0: entered promiscuous mode
[ 2337.050361][ T5104] macvtap3: entered promiscuous mode
[ 2337.050379][T13266] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 2337.051815][ T5104] macvtap3: entered allmulticast mode
[ 2337.055827][ T5104] erspan0: entered allmulticast mode
[ 2337.057669][T13266] usb 6-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 9
[ 2337.078346][   T63] usb 5-1: config 0 descriptor??
[ 2337.079828][T13266] usb 6-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[ 2337.082827][T13266] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2337.087824][ T5104] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8676'.
[ 2337.090021][   T63] usbhid 5-1:0.0: couldn't find an input interrupt endpoint
[ 2337.092755][ T5104] erspan0: left allmulticast mode
[ 2337.094206][ T5104] erspan0: left promiscuous mode
[ 2337.098148][T13266] usb 6-1: config 0 descriptor??
[ 2337.103374][T13266] usbhid 6-1:0.0: couldn't find an input interrupt endpoint
[ 2337.493955][ T5113] FAULT_INJECTION: forcing a failure.
[ 2337.493955][ T5113] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2337.497392][ T5113] CPU: 2 UID: 0 PID: 5113 Comm: syz.2.8679 Not tainted 6.11.0-syzkaller #0
[ 2337.499655][ T5113] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 2337.502449][ T5113] Call Trace:
[ 2337.503333][ T5113]  <TASK>
[ 2337.504122][ T5113]  dump_stack_lvl+0x16c/0x1f0
[ 2337.505385][ T5113]  should_fail_ex+0x497/0x5b0
[ 2337.506629][ T5113]  _copy_from_user+0x30/0xf0
[ 2337.507849][ T5113]  generic_map_update_batch+0x3ff/0x5f0
[ 2337.509328][ T5113]  ? __pfx_generic_map_update_batch+0x10/0x10
[ 2337.510949][ T5113]  ? __pfx_generic_map_update_batch+0x10/0x10
[ 2337.512544][ T5113]  bpf_map_do_batch+0x615/0x6e0
[ 2337.513844][ T5113]  __sys_bpf+0x151b/0x55e0
[ 2337.515021][ T5113]  ? __pfx___sys_bpf+0x10/0x10
[ 2337.516278][ T5113]  ? ksys_write+0x12f/0x260
[ 2337.517489][ T5113]  ? find_held_lock+0x2d/0x110
[ 2337.518748][ T5113]  ? ksys_write+0x21c/0x260
[ 2337.519949][ T5113]  ? __pfx_lock_release+0x10/0x10
[ 2337.521287][ T5113]  ? vfs_write+0x14d/0x1140
[ 2337.522488][ T5113]  ? __mutex_unlock_slowpath+0x164/0x650
[ 2337.524003][ T5113]  ? fput+0x32/0x390
[ 2337.525063][ T5113]  ? ksys_write+0x1ab/0x260
[ 2337.526265][ T5113]  ? __pfx_ksys_write+0x10/0x10
[ 2337.527548][ T5113]  __ia32_sys_bpf+0x76/0xe0
[ 2337.528750][ T5113]  __do_fast_syscall_32+0x73/0x120
[ 2337.530104][ T5113]  do_fast_syscall_32+0x32/0x80
[ 2337.531395][ T5113]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 2337.533072][ T5113] RIP: 0023:0xf73fe579
[ 2337.534152][ T5113] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[ 2337.539131][ T5113] RSP: 002b:00000000f56c556c EFLAGS: 00000296 ORIG_RAX: 0000000000000165
[ 2337.541289][ T5113] RAX: ffffffffffffffda RBX: 000000000000001a RCX: 0000000020000200
[ 2337.543338][ T5113] RDX: 0000000000000038 RSI: 0000000000000000 RDI: 0000000000000000
[ 2337.545402][ T5113] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 2337.547458][ T5113] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[ 2337.549516][ T5113] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 2337.551566][ T5113]  </TASK>
[ 2338.407610][T13266] usb 7-1: new high-speed USB device number 19 using dummy_hcd
[ 2338.587717][T13266] usb 7-1: Using ep0 maxpacket: 16
[ 2338.596262][T13266] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 2338.599018][T13266] usb 7-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 9
[ 2338.602373][T13266] usb 7-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[ 2338.604753][T13266] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2338.615211][T13266] usb 7-1: config 0 descriptor??
[ 2338.622649][T13266] usbhid 7-1:0.0: couldn't find an input interrupt endpoint
[ 2338.793888][ T5131] FAULT_INJECTION: forcing a failure.
[ 2338.793888][ T5131] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2338.805213][ T5131] CPU: 0 UID: 0 PID: 5131 Comm: syz.3.8683 Not tainted 6.11.0-syzkaller #0
[ 2338.807484][ T5131] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 2338.810151][ T5131] Call Trace:
[ 2338.811040][ T5131]  <TASK>
[ 2338.811829][ T5131]  dump_stack_lvl+0x16c/0x1f0
[ 2338.813102][ T5131]  should_fail_ex+0x497/0x5b0
[ 2338.814350][ T5131]  _copy_from_iter+0x27a/0xfc0
[ 2338.815613][ T5131]  ? __mutex_lock+0x1a6/0x9c0
[ 2338.816889][ T5131]  ? __pfx__copy_from_iter+0x10/0x10
[ 2338.818284][ T5131]  ? __pfx___mutex_lock+0x10/0x10
[ 2338.819641][ T5131]  ? __pfx_lock_release+0x10/0x10
[ 2338.821008][ T5131]  copy_page_from_iter+0xa5/0x120
[ 2338.822322][ T5131]  pipe_write+0xd30/0x1b50
[ 2338.823512][ T5131]  ? __pfx_pipe_write+0x10/0x10
[ 2338.824830][ T5131]  ? __pfx_autoremove_wake_function+0x10/0x10
[ 2338.826454][ T5131]  ? bpf_lsm_file_permission+0x9/0x10
[ 2338.827869][ T5131]  ? security_file_permission+0x98/0xc0
[ 2338.829356][ T5131]  vfs_write+0x6b6/0x1140
[ 2338.830505][ T5131]  ? __pfx_pipe_write+0x10/0x10
[ 2338.831794][ T5131]  ? __pfx_vfs_write+0x10/0x10
[ 2338.833080][ T5131]  ? __fget_files+0x256/0x400
[ 2338.834330][ T5131]  ? __fget_light+0x173/0x210
[ 2338.835597][ T5131]  ksys_write+0x1f8/0x260
[ 2338.836732][ T5131]  ? __pfx_ksys_write+0x10/0x10
[ 2338.838052][ T5131]  __do_fast_syscall_32+0x73/0x120
[ 2338.839508][ T5131]  do_fast_syscall_32+0x32/0x80
[ 2338.840847][ T5131]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 2338.842546][ T5131] RIP: 0023:0xf7f31579
[ 2338.843649][ T5131] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[ 2338.848923][ T5131] RSP: 002b:00000000f56b656c EFLAGS: 00000296 ORIG_RAX: 0000000000000004
[ 2338.851135][ T5131] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000020000000
[ 2338.853263][ T5131] RDX: 00000000fffffdef RSI: 0000000000000000 RDI: 0000000000000000
[ 2338.855422][ T5131] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 2338.857583][ T5131] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[ 2338.859671][ T5131] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 2338.862068][ T5131]  </TASK>
[ 2338.862968][    C0] vkms_vblank_simulate: vblank timer overrun
[ 2339.689683][T13266] usb 5-1: USB disconnect, device number 4
[ 2339.769362][T23425] usb 6-1: USB disconnect, device number 122
[ 2339.868965][ T5143] netlink: 76 bytes leftover after parsing attributes in process `syz.1.8686'.
[ 2340.033547][ T5145] netlink: 68 bytes leftover after parsing attributes in process `syz.0.8685'.
[ 2340.098691][ T5148] FAULT_INJECTION: forcing a failure.
[ 2340.098691][ T5148] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2340.102170][ T5148] CPU: 0 UID: 0 PID: 5148 Comm: syz.1.8687 Not tainted 6.11.0-syzkaller #0
[ 2340.104422][ T5148] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 2340.107258][ T5148] Call Trace:
[ 2340.108155][ T5148]  <TASK>
[ 2340.108970][ T5148]  dump_stack_lvl+0x16c/0x1f0
[ 2340.110208][ T5148]  should_fail_ex+0x497/0x5b0
[ 2340.111450][ T5148]  _copy_from_user+0x30/0xf0
[ 2340.112672][ T5148]  kstrtouint_from_user+0xd7/0x1c0
[ 2340.114035][ T5148]  ? __pfx_kstrtouint_from_user+0x10/0x10
[ 2340.115534][ T5148]  ? __pfx_lock_acquire+0x10/0x10
[ 2340.116867][ T5148]  proc_fail_nth_write+0x84/0x260
[ 2340.118210][ T5148]  ? __pfx_proc_fail_nth_write+0x10/0x10
[ 2340.119695][ T5148]  ? __pfx_proc_fail_nth_write+0x10/0x10
[ 2340.121199][ T5148]  vfs_write+0x29a/0x1140
[ 2340.122390][ T5148]  ? __fdget_pos+0xeb/0x180
[ 2340.123704][ T5148]  ? __pfx_vfs_write+0x10/0x10
[ 2340.125080][ T5148]  ? __pfx___mutex_lock+0x10/0x10
[ 2340.126666][ T5148]  ? __fget_files+0x256/0x400
[ 2340.127908][ T5148]  ksys_write+0x12f/0x260
[ 2340.129060][ T5148]  ? __pfx_ksys_write+0x10/0x10
[ 2340.130346][ T5148]  __do_fast_syscall_32+0x73/0x120
[ 2340.131708][ T5148]  do_fast_syscall_32+0x32/0x80
[ 2340.133014][ T5148]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 2340.134669][ T5148] RIP: 0023:0xf73de579
[ 2340.135749][ T5148] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[ 2340.140757][ T5148] RSP: 002b:00000000f56c65a0 EFLAGS: 00000293 ORIG_RAX: 0000000000000004
[ 2340.142944][ T5148] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f56c6620
[ 2340.145024][ T5148] RDX: 0000000000000001 RSI: 00000000f73cbff4 RDI: 0000000000000000
[ 2340.147094][ T5148] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000
[ 2340.149203][ T5148] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[ 2340.151355][ T5148] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 2340.153472][ T5148]  </TASK>
[ 2340.154387][    C0] vkms_vblank_simulate: vblank timer overrun
[ 2341.339630][T23425] usb 7-1: USB disconnect, device number 19
[ 2341.599858][    C2] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies.
[ 2341.827034][   T39] kauditd_printk_skb: 29 callbacks suppressed
[ 2341.827045][   T39] audit: type=1326 audit(1726471394.674:17406): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5166 comm="syz.1.8694" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf73de579 code=0x0
[ 2341.904187][ T5168] netlink: 12 bytes leftover after parsing attributes in process `syz.0.8693'.
[ 2341.909203][ T5168] netlink: 12 bytes leftover after parsing attributes in process `syz.0.8693'.
[ 2342.486938][   T39] audit: type=1326 audit(1726471395.334:17407): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5173 comm="syz.3.8696" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f31579 code=0x0
[ 2343.013405][ T5182] EXT4-fs warning (device sda1): ext4_resize_fs:2018: can't read last block, resize aborted
[ 2344.074204][ T5194] netlink: set zone limit has 8 unknown bytes
[ 2344.185285][ T5176] syz.3.8696 (5176): drop_caches: 1
[ 2344.365791][ T5198] fuse: Bad value for 'fd'
[ 2346.189651][ T5229] block nbd1: Unsupported socket: shutdown callout must be supported.
[ 2346.857948][T24909] usb 7-1: new high-speed USB device number 20 using dummy_hcd
[ 2347.052598][T24909] usb 7-1: Using ep0 maxpacket: 16
[ 2347.055570][T24909] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 2347.058636][T24909] usb 7-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 9
[ 2347.061891][T24909] usb 7-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[ 2347.064323][T24909] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2347.082513][T24909] usb 7-1: config 0 descriptor??
[ 2347.085998][T24909] usbhid 7-1:0.0: couldn't find an input interrupt endpoint
[ 2347.287792][T23426] usb 6-1: new high-speed USB device number 123 using dummy_hcd
[ 2347.495363][ T5247] x_tables: ip6_tables: mh match: only valid for protocol 135
[ 2347.509525][T23426] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[ 2347.512429][T23426] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[ 2347.523431][T23426] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 2347.525926][T23426] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2347.534085][ T5245] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[ 2347.540581][T23426] usb 6-1: Quirk or no altset; falling back to MIDI 1.0
[ 2347.748561][   T63] usb 6-1: USB disconnect, device number 123
[ 2347.917984][ T5256] xt_hashlimit: max too large, truncated to 1048576
[ 2347.920919][ T5256] xt_hashlimit: overflow, try lower: 0/0
[ 2348.033719][ T5257] netlink: 188 bytes leftover after parsing attributes in process `syz.0.8716'.
[ 2348.260777][ T5260] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[ 2348.338578][   T39] audit: type=1804 audit(1726471401.194:17408): pid=5260 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.8717" name="/newroot/373/bus/file0" dev="overlay" ino=39059527 res=1 errno=0
[ 2348.339171][ T5260] FAULT_INJECTION: forcing a failure.
[ 2348.339171][ T5260] name failslab, interval 1, probability 0, space 0, times 0
[ 2348.379539][ T5260] CPU: 0 UID: 0 PID: 5260 Comm: syz.3.8717 Not tainted 6.11.0-syzkaller #0
[ 2348.381836][ T5260] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 2348.384624][ T5260] Call Trace:
[ 2348.385508][ T5260]  <TASK>
[ 2348.386296][ T5260]  dump_stack_lvl+0x16c/0x1f0
[ 2348.387556][ T5260]  should_fail_ex+0x497/0x5b0
[ 2348.388817][ T5260]  ? fs_reclaim_acquire+0xae/0x160
[ 2348.390203][ T5260]  should_failslab+0xc2/0x120
[ 2348.391433][ T5260]  __kmalloc_noprof+0xcb/0x410
[ 2348.392701][ T5260]  ? __pfx_d_absolute_path+0x10/0x10
[ 2348.394192][ T5260]  tomoyo_encode2+0x100/0x3e0
[ 2348.395546][ T5260]  tomoyo_realpath_from_path+0x1a7/0x710
[ 2348.397235][ T5260]  tomoyo_check_open_permission+0x2a7/0x3b0
[ 2348.399062][ T5260]  ? __pfx_tomoyo_check_open_permission+0x10/0x10
[ 2348.400763][ T5260]  ? __pfx___lock_acquire+0x10/0x10
[ 2348.402141][ T5260]  ? __pfx_hook_file_open+0x10/0x10
[ 2348.403504][ T5260]  ? path_get+0x61/0x80
[ 2348.404615][ T5260]  tomoyo_file_open+0x71/0x90
[ 2348.405863][ T5260]  security_file_open+0x78/0x8b0
[ 2348.407159][ T5260]  do_dentry_open+0x5c7/0x15f0
[ 2348.408395][ T5260]  ? inode_permission+0xdd/0x5f0
[ 2348.409670][ T5260]  vfs_open+0x82/0x3f0
[ 2348.410710][ T5260]  ? may_open+0x1f2/0x400
[ 2348.412094][ T5260]  path_openat+0x2141/0x2d20
[ 2348.413786][ T5260]  ? __pfx_path_openat+0x10/0x10
[ 2348.415403][ T5260]  ? __pfx___lock_acquire+0x10/0x10
[ 2348.417085][ T5260]  ? find_held_lock+0x2d/0x110
[ 2348.418279][ T5260]  do_filp_open+0x1dc/0x430
[ 2348.419394][ T5260]  ? __pfx_do_filp_open+0x10/0x10
[ 2348.420644][ T5260]  ? find_held_lock+0x2d/0x110
[ 2348.421847][ T5260]  ? _raw_spin_unlock+0x28/0x50
[ 2348.423046][ T5260]  ? alloc_fd+0x2d7/0x6c0
[ 2348.424114][ T5260]  do_sys_openat2+0x17a/0x1e0
[ 2348.425307][ T5260]  ? __pfx_do_sys_openat2+0x10/0x10
[ 2348.426626][ T5260]  __ia32_compat_sys_openat+0x16e/0x210
[ 2348.427993][ T5260]  ? __pfx___ia32_compat_sys_openat+0x10/0x10
[ 2348.429544][ T5260]  ? ksys_write+0x1ab/0x260
[ 2348.430710][ T5260]  __do_fast_syscall_32+0x73/0x120
[ 2348.432233][ T5260]  do_fast_syscall_32+0x32/0x80
[ 2348.433663][ T5260]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 2348.435518][ T5260] RIP: 0023:0xf7f31579
[ 2348.436813][ T5260] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[ 2348.442792][ T5260] RSP: 002b:00000000f56b656c EFLAGS: 00000296 ORIG_RAX: 0000000000000127
[ 2348.445329][ T5260] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 00000000200002c0
[ 2348.447663][ T5260] RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000000
[ 2348.449620][ T5260] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 2348.451935][ T5260] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[ 2348.454368][ T5260] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 2348.456842][ T5260]  </TASK>
[ 2348.457932][    C0] vkms_vblank_simulate: vblank timer overrun
[ 2348.648151][ T5260] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 2348.657735][   T39] audit: type=1804 audit(1726471401.504:17409): pid=5260 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.8717" name="/newroot/373/bus/file0" dev="overlay" ino=39059527 res=1 errno=0
[ 2349.587586][T24909] usb 6-1: new high-speed USB device number 124 using dummy_hcd
[ 2349.676618][ T1429] usb 7-1: USB disconnect, device number 20
[ 2349.796702][T24909] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[ 2349.827746][T24909] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 2349.838553][T24909] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66
[ 2349.841678][T24909] usb 6-1: config 1 interface 0 altsetting 0 has an endpoint descriptor with address 0xF7, changing to 0x87
[ 2349.845261][T24909] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x87 has an invalid bInterval 0, changing to 7
[ 2349.859288][T24909] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[ 2349.862392][T24909] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[ 2349.864824][T24909] usb 6-1: Product: syz
[ 2349.865918][T24909] usb 6-1: Manufacturer: syz
[ 2349.874197][T24909] cdc_wdm 6-1:1.0: skipping garbage
[ 2349.876219][T24909] cdc_wdm 6-1:1.0: skipping garbage
[ 2349.881155][T24909] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device
[ 2349.883236][T24909] cdc_wdm 6-1:1.0: Unknown control protocol
[ 2350.132642][ T5272] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2350.136082][ T5272] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2350.237837][ T5288] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[ 2350.360218][   T56] usb 6-1: USB disconnect, device number 124
[ 2350.484184][ T5293] netlink: 24 bytes leftover after parsing attributes in process `syz.2.8728'.
[ 2351.298926][ T5313] usb usb4: usbfs: process 5313 (syz.1.8734) did not claim interface 0 before use
[ 2351.490880][ T5318] netlink: 'syz.1.8735': attribute type 1 has an invalid length.
[ 2351.493055][ T5318] netlink: 193500 bytes leftover after parsing attributes in process `syz.1.8735'.
[ 2352.747752][   T39] audit: type=1326 audit(1726471405.594:17410): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5353 comm="syz.2.8742" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73fe579 code=0x7ffc0000
[ 2352.753419][   T39] audit: type=1326 audit(1726471405.594:17411): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5353 comm="syz.2.8742" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73fe579 code=0x7ffc0000
[ 2352.768591][   T39] audit: type=1326 audit(1726471405.594:17412): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5353 comm="syz.2.8742" exe="/syz-executor" sig=0 arch=40000003 syscall=437 compat=1 ip=0xf73fe579 code=0x7ffc0000
[ 2352.775444][   T39] audit: type=1326 audit(1726471405.594:17413): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5353 comm="syz.2.8742" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73fe579 code=0x7ffc0000
[ 2352.787591][   T39] audit: type=1326 audit(1726471405.594:17414): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5353 comm="syz.2.8742" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73fe579 code=0x7ffc0000
[ 2352.793376][   T39] audit: type=1326 audit(1726471405.594:17415): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5353 comm="syz.2.8742" exe="/syz-executor" sig=0 arch=40000003 syscall=439 compat=1 ip=0xf73fe579 code=0x7ffc0000
[ 2352.802375][   T39] audit: type=1326 audit(1726471405.594:17416): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5353 comm="syz.2.8742" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73fe579 code=0x7ffc0000
[ 2352.810278][   T39] audit: type=1326 audit(1726471405.594:17417): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5353 comm="syz.2.8742" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73fe579 code=0x7ffc0000
[ 2354.216143][ T5363] netlink: 'syz.2.8745': attribute type 10 has an invalid length.
[ 2354.223582][ T5363] bridge0: port 1(team0) entered blocking state
[ 2354.230507][ T5363] bridge0: port 1(team0) entered disabled state
[ 2354.232579][ T5363] team0: entered allmulticast mode
[ 2354.234147][ T5363] team_slave_0: entered allmulticast mode
[ 2354.235669][ T5363] team_slave_1: entered allmulticast mode
[ 2354.250030][ T5363] mac80211_hwsim hwsim82 ÿÿÿÿÿÿ: entered allmulticast mode
[ 2354.256455][ T5363] team0: entered promiscuous mode
[ 2354.270682][ T5363] team_slave_0: entered promiscuous mode
[ 2354.273170][ T5363] team_slave_1: entered promiscuous mode
[ 2354.275511][ T5363] mac80211_hwsim hwsim82 ÿÿÿÿÿÿ: entered promiscuous mode
[ 2354.665051][ T5365] netlink: 44 bytes leftover after parsing attributes in process `syz.1.8746'.
[ 2355.684553][    C1] dccp_check_seqno: Step 6 failed for CLOSEREQ packet, (LSWL(153962255551176) <= P.seqno(153962255551175) <= S.SWH(153962255551250)) and (P.ackno exists or LAWL(258898497153239) <= P.ackno(258898497153239) <= S.AWH(258898497153247), sending SYNC...
[ 2355.992148][ T5390] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8752'.
[ 2356.526822][ T5402] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8755'.
[ 2356.540363][ T5402] bridge_slave_1: left allmulticast mode
[ 2356.542177][ T5402] bridge_slave_1: left promiscuous mode
[ 2356.544135][ T5402] bridge0: port 2(bridge_slave_1) entered disabled state
[ 2356.574122][ T5402] bridge_slave_0: left allmulticast mode
[ 2356.575896][ T5402] bridge_slave_0: left promiscuous mode
[ 2356.587798][ T5402] bridge0: port 1(bridge_slave_0) entered disabled state
[ 2356.868742][ T5401] netlink: 'syz.0.8755': attribute type 10 has an invalid length.
[ 2356.870874][ T5401] netlink: 40 bytes leftover after parsing attributes in process `syz.0.8755'.
[ 2356.878604][ T5405] input: syz0 as /devices/virtual/input/input300
[ 2356.882484][ T5401] team0: Device lo is loopback device. Loopback devices can't be added as a team port
[ 2356.892227][ T5401] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 2356.926318][ T5405] FAULT_INJECTION: forcing a failure.
[ 2356.926318][ T5405] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2356.942145][ T5405] CPU: 0 UID: 0 PID: 5405 Comm: syz.3.8756 Not tainted 6.11.0-syzkaller #0
[ 2356.944464][ T5405] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 2356.947455][ T5405] Call Trace:
[ 2356.948520][ T5405]  <TASK>
[ 2356.949416][ T5405]  dump_stack_lvl+0x16c/0x1f0
[ 2356.950746][ T5405]  should_fail_ex+0x497/0x5b0
[ 2356.952316][ T5405]  _copy_from_user+0x30/0xf0
[ 2356.953685][ T5405]  input_event_from_user+0x22d/0x3b0
[ 2356.955088][ T5405]  ? __pfx_input_event_from_user+0x10/0x10
[ 2356.956622][ T5405]  ? input_event+0x57/0xa0
[ 2356.957819][ T5405]  uinput_write+0xbc2/0x12c0
[ 2356.959055][ T5405]  ? __pfx_uinput_write+0x10/0x10
[ 2356.960385][ T5405]  ? bpf_lsm_file_permission+0x9/0x10
[ 2356.961811][ T5405]  ? security_file_permission+0x98/0xc0
[ 2356.963264][ T5405]  ? __pfx_uinput_write+0x10/0x10
[ 2356.964601][ T5405]  vfs_write+0x29a/0x1140
[ 2356.965772][ T5405]  ? __pfx_vfs_write+0x10/0x10
[ 2356.967042][ T5405]  ? __fget_files+0x256/0x400
[ 2356.968311][ T5405]  ? __fget_light+0x173/0x210
[ 2356.969567][ T5405]  ksys_write+0x1f8/0x260
[ 2356.970719][ T5405]  ? __pfx_ksys_write+0x10/0x10
[ 2356.972040][ T5405]  __do_fast_syscall_32+0x73/0x120
[ 2356.973413][ T5405]  do_fast_syscall_32+0x32/0x80
[ 2356.974713][ T5405]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 2356.976384][ T5405] RIP: 0023:0xf7f31579
[ 2356.977467][ T5405] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[ 2356.982450][ T5405] RSP: 002b:00000000f56b656c EFLAGS: 00000296 ORIG_RAX: 0000000000000004
[ 2356.984655][ T5405] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000500
[ 2356.985553][ T5407] netlink: 'syz.0.8757': attribute type 4 has an invalid length.
[ 2356.986711][ T5405] RDX: 000000000000045c RSI: 0000000000000000 RDI: 0000000000000000
[ 2356.990898][ T5405] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 2356.993008][ T5405] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[ 2356.995092][ T5405] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 2356.997163][ T5405]  </TASK>
[ 2356.998045][    C0] vkms_vblank_simulate: vblank timer overrun
[ 2357.086309][ T5409] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[ 2357.092885][ T5407] netlink: 'syz.0.8757': attribute type 17 has an invalid length.
[ 2357.250785][ T5412] netlink: 'syz.2.8761': attribute type 7 has an invalid length.
[ 2357.252905][ T5412] netlink: 256 bytes leftover after parsing attributes in process `syz.2.8761'.
[ 2358.371897][ T5449] 9pnet_fd: Insufficient options for proto=fd
[ 2358.411451][ T5449] netlink: 'syz.0.8770': attribute type 3 has an invalid length.
[ 2358.413838][ T5449] netlink: 102460 bytes leftover after parsing attributes in process `syz.0.8770'.
[ 2358.569307][ T5457] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8771'.
[ 2361.294685][ T5473] tipc: Enabled bearer <udp:s>, priority 10
[ 2361.500012][ T5479] netlink: 36 bytes leftover after parsing attributes in process `syz.1.8780'.
[ 2361.711265][ T5483] input: syz1 as /devices/virtual/input/input301
[ 2361.988417][ T5491] rtc_cmos 00:05: Alarms can be up to one day in the future
[ 2362.047929][ T5491] netlink: 232 bytes leftover after parsing attributes in process `syz.3.8783'.
[ 2362.728954][ T5487] rtc_cmos 00:05: Alarms can be up to one day in the future
[ 2362.867712][T16975] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[ 2363.047569][T16975] usb 5-1: Using ep0 maxpacket: 16
[ 2363.051564][T16975] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 2363.054082][T16975] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 9
[ 2363.077925][T16975] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[ 2363.080717][T16975] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2363.088960][T16975] usb 5-1: config 0 descriptor??
[ 2363.094538][T16975] usbhid 5-1:0.0: couldn't find an input interrupt endpoint
[ 2363.496445][T16975] rtc_cmos 00:05: Alarms can be up to one day in the future
[ 2363.521602][T16975] rtc_cmos 00:05: Alarms can be up to one day in the future
[ 2363.524071][T16975] rtc_cmos 00:05: Alarms can be up to one day in the future
[ 2363.526523][T16975] rtc_cmos 00:05: Alarms can be up to one day in the future
[ 2363.528693][T16975] rtc rtc0: __rtc_set_alarm: err=-22
[ 2363.535316][ T5507] 8021q: adding VLAN 0 to HW filter on device bond0
[ 2363.651755][ T5509] overlayfs: missing 'lowerdir'
[ 2364.766911][ T5526] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8795'.
[ 2365.061133][ T5528] netlink: 10 bytes leftover after parsing attributes in process `syz.2.8796'.
[ 2365.133664][ T5528] sctp: [Deprecated]: syz.2.8796 (pid 5528) Use of int in max_burst socket option deprecated.
[ 2365.133664][ T5528] Use struct sctp_assoc_value instead
[ 2365.659147][   T56] usb 5-1: USB disconnect, device number 5
[ 2366.799390][ T5553] input: syz0 as /devices/virtual/input/input302
[ 2366.821971][ T5551] EXT4-fs warning (device sda1): ext4_resize_fs:2018: can't read last block, resize aborted
[ 2367.877720][T23426] usb 6-1: new high-speed USB device number 125 using dummy_hcd
[ 2368.086621][T23426] usb 6-1: Using ep0 maxpacket: 16
[ 2368.094597][T23426] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 2368.097342][T23426] usb 6-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 9
[ 2368.105866][T23426] usb 6-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[ 2368.115934][T23426] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2368.124327][T23426] usb 6-1: config 0 descriptor??
[ 2368.127893][T23426] usbhid 6-1:0.0: couldn't find an input interrupt endpoint
[ 2368.302332][ T5565] netlink: 320 bytes leftover after parsing attributes in process `syz.3.8808'.
[ 2368.322068][ T5565] netlink: 100 bytes leftover after parsing attributes in process `syz.3.8808'.
[ 2369.655448][ T5582] syz_tun: entered promiscuous mode
[ 2369.666417][ T5581] syz_tun: left promiscuous mode
[ 2369.698804][ T5584] netlink: 'syz.2.8813': attribute type 4 has an invalid length.
[ 2369.701897][ T5584] netlink: 'syz.2.8813': attribute type 17 has an invalid length.
[ 2370.376009][ T5594] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[ 2370.690700][T16975] usb 6-1: USB disconnect, device number 125
[ 2371.217605][T16975] usb 6-1: new high-speed USB device number 126 using dummy_hcd
[ 2371.407632][T16975] usb 6-1: Using ep0 maxpacket: 16
[ 2371.410443][T16975] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 2371.413105][T16975] usb 6-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 9
[ 2371.416213][T16975] usb 6-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[ 2371.423262][T16975] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2371.437695][T16975] usb 6-1: config 0 descriptor??
[ 2371.440763][T16975] usbhid 6-1:0.0: couldn't find an input interrupt endpoint
[ 2372.176043][ T5612] netlink: 'syz.2.8822': attribute type 4 has an invalid length.
[ 2372.208998][ T5612] netlink: 'syz.2.8822': attribute type 17 has an invalid length.
[ 2372.322999][ T5616] netlink: 'syz.3.8824': attribute type 4 has an invalid length.
[ 2372.870253][ T5616] netlink: 'syz.3.8824': attribute type 17 has an invalid length.
[ 2373.168725][ T5630] netlink: 20 bytes leftover after parsing attributes in process `syz.3.8826'.
[ 2373.720865][ T5641] netlink: 'syz.3.8828': attribute type 22 has an invalid length.
[ 2373.723124][ T5641] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8828'.
[ 2373.984062][ T5650] input: syz1 as /devices/virtual/input/input303
[ 2374.007215][ T5650] FAULT_INJECTION: forcing a failure.
[ 2374.007215][ T5650] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2374.017638][ T5650] CPU: 2 UID: 0 PID: 5650 Comm: syz.2.8832 Not tainted 6.11.0-syzkaller #0
[ 2374.019832][ T5650] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 2374.022573][ T5650] Call Trace:
[ 2374.023413][ T5650]  <TASK>
[ 2374.024134][ T5650]  dump_stack_lvl+0x16c/0x1f0
[ 2374.025344][ T5650]  should_fail_ex+0x497/0x5b0
[ 2374.026735][ T5650]  _copy_from_user+0x30/0xf0
[ 2374.027887][ T5650]  input_event_from_user+0x22d/0x3b0
[ 2374.029244][ T5650]  ? __pfx_input_event_from_user+0x10/0x10
[ 2374.030736][ T5650]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[ 2374.032199][ T5650]  ? input_event+0x8e/0xa0
[ 2374.033377][ T5650]  uinput_write+0xbc2/0x12c0
[ 2374.034565][ T5650]  ? __pfx_uinput_write+0x10/0x10
[ 2374.035792][ T5650]  ? bpf_lsm_file_permission+0x9/0x10
[ 2374.037269][ T5650]  ? security_file_permission+0x98/0xc0
[ 2374.038719][ T5650]  ? __pfx_uinput_write+0x10/0x10
[ 2374.040003][ T5650]  vfs_write+0x29a/0x1140
[ 2374.041132][ T5650]  ? __pfx_vfs_write+0x10/0x10
[ 2374.042352][ T5650]  ? __fget_files+0x256/0x400
[ 2374.043612][ T5650]  ? __fget_light+0x173/0x210
[ 2374.044915][ T5650]  ksys_write+0x1f8/0x260
[ 2374.046035][ T5650]  ? __pfx_ksys_write+0x10/0x10
[ 2374.047280][ T5650]  __do_fast_syscall_32+0x73/0x120
[ 2374.048583][ T5650]  do_fast_syscall_32+0x32/0x80
[ 2374.049827][ T5650]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 2374.051497][ T5650] RIP: 0023:0xf73fe579
[ 2374.052588][ T5650] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[ 2374.057522][ T5650] RSP: 002b:00000000f56e656c EFLAGS: 00000296 ORIG_RAX: 0000000000000004
[ 2374.059769][ T5650] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020001100
[ 2374.061792][ T5650] RDX: 000000000000045c RSI: 0000000000000000 RDI: 0000000000000000
[ 2374.063846][ T5650] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 2374.065418][ T5652] netlink: 'syz.0.8833': attribute type 4 has an invalid length.
[ 2374.065883][ T5650] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[ 2374.065892][ T5650] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 2374.065906][ T5650]  </TASK>
[ 2374.113411][ T5652] netlink: 'syz.0.8833': attribute type 17 has an invalid length.
[ 2374.343641][T16975] usb 6-1: USB disconnect, device number 126
[ 2374.740568][ T5674] netlink: 'syz.0.8841': attribute type 11 has an invalid length.
[ 2374.742920][ T5674] netlink: 211132 bytes leftover after parsing attributes in process `syz.0.8841'.
[ 2375.309686][ T5681] xt_connbytes: Forcing CT accounting to be enabled
[ 2375.311449][ T5681] xt_CT: You must specify a L4 protocol and not use inversions on it
[ 2377.103538][ T5691] netlink: 56 bytes leftover after parsing attributes in process `syz.1.8845'.
[ 2378.519136][ T5718] mkiss: ax0: crc mode is auto.
[ 2379.089494][ T5724] netlink: 'syz.0.8854': attribute type 4 has an invalid length.
[ 2379.145140][ T5724] netlink: 'syz.0.8854': attribute type 17 has an invalid length.
[ 2379.621289][ T5737] VFS: could not find a valid V7 on nullb0.
[ 2379.658359][ T5735] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 2379.683344][   T39] kauditd_printk_skb: 12 callbacks suppressed
[ 2379.683360][   T39] audit: type=1326 audit(1726471432.535:17430): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5738 comm="syz.1.8860" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73de579 code=0x7ffc0000
[ 2379.707669][ T5735] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 2379.712789][   T39] audit: type=1326 audit(1726471432.535:17431): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5738 comm="syz.1.8860" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73de579 code=0x7ffc0000
[ 2379.722420][   T39] audit: type=1326 audit(1726471432.535:17432): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5738 comm="syz.1.8860" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf73de579 code=0x7ffc0000
[ 2379.727608][T23425] usb 7-1: new high-speed USB device number 21 using dummy_hcd
[ 2379.741085][   T39] audit: type=1326 audit(1726471432.575:17433): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5738 comm="syz.1.8860" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf73de579 code=0x7ffc0000
[ 2379.746641][   T39] audit: type=1326 audit(1726471432.575:17434): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5738 comm="syz.1.8860" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73de579 code=0x7ffc0000
[ 2379.764161][   T39] audit: type=1326 audit(1726471432.575:17435): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5738 comm="syz.1.8860" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73de579 code=0x7ffc0000
[ 2379.778842][   T39] audit: type=1326 audit(1726471432.585:17436): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5738 comm="syz.1.8860" exe="/syz-executor" sig=0 arch=40000003 syscall=376 compat=1 ip=0xf73de579 code=0x7ffc0000
[ 2379.796807][   T39] audit: type=1326 audit(1726471432.585:17437): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5738 comm="syz.1.8860" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73de579 code=0x7ffc0000
[ 2379.808301][   T39] audit: type=1326 audit(1726471432.585:17438): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5738 comm="syz.1.8860" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73de579 code=0x7ffc0000
[ 2379.834181][   T39] audit: type=1326 audit(1726471432.585:17439): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5738 comm="syz.1.8860" exe="/syz-executor" sig=0 arch=40000003 syscall=133 compat=1 ip=0xf73de579 code=0x7ffc0000
[ 2379.917573][T23425] usb 7-1: Using ep0 maxpacket: 16
[ 2379.920682][T23425] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 2379.927556][T23425] usb 7-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 9
[ 2379.931235][T23425] usb 7-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[ 2379.943794][T23425] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2379.955599][T23425] usb 7-1: config 0 descriptor??
[ 2379.963317][T23425] usbhid 7-1:0.0: couldn't find an input interrupt endpoint
[ 2380.712482][ T5749] ip6t_REJECT: TCP_RESET illegal for non-tcp
[ 2381.035654][ T5757] netlink: 12 bytes leftover after parsing attributes in process `syz.1.8867'.
[ 2381.319034][ T5764] overlayfs: missing 'lowerdir'
[ 2381.626187][ T5782] netlink: 'syz.0.8875': attribute type 17 has an invalid length.
[ 2381.679172][ T5785] netlink: 'syz.0.8876': attribute type 17 has an invalid length.
[ 2382.550878][ T1429] usb 7-1: USB disconnect, device number 21
[ 2382.738849][ T5795] netlink: 12 bytes leftover after parsing attributes in process `syz.2.8878'.
[ 2385.009559][ T5820] netlink: 12 bytes leftover after parsing attributes in process `syz.2.8887'.
[ 2385.203367][ T5820] bridge4: entered promiscuous mode
[ 2385.207752][ T5820] bridge4: entered allmulticast mode
[ 2385.209919][ T5820] team0: Port device bridge4 added
[ 2385.337695][ T5830] input: syz0 as /devices/virtual/input/input305
[ 2385.479133][ T5833] tmpfs: Bad value for 'mpol'
[ 2386.328531][ T5841] mac80211_hwsim hwsim92 
: renamed from wlan1
[ 2387.287563][T23425] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[ 2387.316974][ T5874] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.8903'.
[ 2387.319729][ T5874] openvswitch: netlink: Tunnel attr 0 has unexpected len 13 expected 8
[ 2387.437559][T23425] usb 5-1: device descriptor read/64, error -71
[ 2387.628148][ T5880] netlink: 12 bytes leftover after parsing attributes in process `syz.3.8905'.
[ 2387.707750][T23425] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[ 2387.867593][T23425] usb 5-1: device descriptor read/64, error -71
[ 2387.997732][T23425] usb usb5-port1: attempt power cycle
[ 2388.407562][T23425] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[ 2388.449603][T23425] usb 5-1: device descriptor read/8, error -71
[ 2388.727566][T23425] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[ 2388.775335][T23425] usb 5-1: device descriptor read/8, error -71
[ 2388.891045][T23425] usb usb5-port1: unable to enumerate USB device
[ 2389.225952][ T5905] tipc: Enabling of bearer <eth:team0> rejected, already enabled
[ 2390.034224][ T5925] netlink: 'syz.0.8916': attribute type 17 has an invalid length.
[ 2390.037248][ T5927] program syz.2.8918 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 2390.143642][   T39] kauditd_printk_skb: 62 callbacks suppressed
[ 2390.143653][   T39] audit: type=1804 audit(1726471442.995:17502): pid=5930 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.8921" name="/newroot/234/bus/bus" dev="overlay" ino=1291 res=1 errno=0
[ 2390.145446][ T5930] Invalid ELF header magic: != ELF
[ 2390.353380][  T112] EXT4-fs warning (device sda1): es_reclaim_extents:1827: forced shrink of precached extents
[ 2390.356139][  T112] EXT4-fs warning (device sda1): es_reclaim_extents:1827: forced shrink of precached extents
[ 2390.861085][T22587] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 2390.889500][T22587] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 2390.896062][T22587] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 2390.904257][T22587] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 2390.908903][T22587] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 2390.911972][T22587] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 2390.931083][ T4780] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 2390.937961][ T4780] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 2390.940380][ T4780] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 2390.943099][ T4780] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 2390.945522][ T4780] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 2390.947798][ T4780] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 2391.497853][ T5955] tipc: Enabling of bearer <
dp:s> rejected, media not registered
[ 2391.567269][ T5958] netlink: 'syz.0.8928': attribute type 17 has an invalid length.
[ 2391.632112][ T5945] chnl_net:caif_netlink_parms(): no params data found
[ 2391.970779][ T5945] bridge0: port 1(bridge_slave_0) entered blocking state
[ 2391.973014][ T5945] bridge0: port 1(bridge_slave_0) entered disabled state
[ 2391.975313][ T5945] bridge_slave_0: entered allmulticast mode
[ 2392.005660][ T5945] bridge_slave_0: entered promiscuous mode
[ 2392.045778][ T5945] bridge0: port 2(bridge_slave_1) entered blocking state
[ 2392.063324][ T5945] bridge0: port 2(bridge_slave_1) entered disabled state
[ 2392.077813][ T5945] bridge_slave_1: entered allmulticast mode
[ 2392.081191][ T5945] bridge_slave_1: entered promiscuous mode
[ 2392.127801][T24627] usb 6-1: new high-speed USB device number 127 using dummy_hcd
[ 2392.190338][ T5945] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 2392.201149][ T5945] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 2392.328918][T24627] usb 6-1: Using ep0 maxpacket: 8
[ 2392.331744][T24627] usb 6-1: config 168 descriptor has 1 excess byte, ignoring
[ 2392.333751][T24627] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[ 2392.336281][T24627] usb 6-1: config 168 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 0
[ 2392.339106][T24627] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 208, changing to 11
[ 2392.340258][ T5945] team0: Port device team_slave_0 added
[ 2392.342358][T24627] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid maxpacket 42076, setting to 1024
[ 2392.343699][T24627] usb 6-1: config 168 descriptor has 1 excess byte, ignoring
[ 2392.346434][ T5945] team0: Port device team_slave_1 added
[ 2392.347211][T24627] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[ 2392.356682][T24627] usb 6-1: config 168 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 0
[ 2392.364945][T24627] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 208, changing to 11
[ 2392.368203][T24627] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid maxpacket 42076, setting to 1024
[ 2392.376094][T24627] usb 6-1: config 168 descriptor has 1 excess byte, ignoring
[ 2392.378132][T24627] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[ 2392.380629][T24627] usb 6-1: config 168 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 0
[ 2392.383062][T24627] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 208, changing to 11
[ 2392.396193][T24627] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid maxpacket 42076, setting to 1024
[ 2392.400898][T24627] usb 6-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[ 2392.403214][T24627] usb 6-1: New USB device strings: Mfr=1, Product=34, SerialNumber=3
[ 2392.405269][T24627] usb 6-1: Product: syz
[ 2392.406478][T24627] usb 6-1: Manufacturer: syz
[ 2392.407699][T24627] usb 6-1: SerialNumber: syz
[ 2392.535229][ T5945] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 2392.537976][ T5945] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 2392.567589][ T5945] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 2392.592234][ T5945] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 2392.594789][ T5945] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 2392.615516][ T5945] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 2392.665498][ T5955] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2392.688286][ T5955] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2392.705933][T24627] adutux 6-1:168.0: interrupt endpoints not found
[ 2392.711031][T24627] usb 6-1: USB disconnect, device number 127
[ 2392.766789][ T5945] hsr_slave_0: entered promiscuous mode
[ 2392.772113][ T5945] hsr_slave_1: entered promiscuous mode
[ 2392.785086][ T5945] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 2392.787166][ T5945] Cannot create hsr debugfs directory
[ 2393.019137][T22587] Bluetooth: hci0: command tx timeout
[ 2393.411805][ T5945] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2393.599267][ T5945] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2393.651562][ T5988] FAULT_INJECTION: forcing a failure.
[ 2393.651562][ T5988] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 2393.655458][ T5988] CPU: 2 UID: 0 PID: 5988 Comm: syz.1.8936 Not tainted 6.11.0-syzkaller #0
[ 2393.657603][ T5988] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 2393.660527][ T5988] Call Trace:
[ 2393.661410][ T5988]  <TASK>
[ 2393.662224][ T5988]  dump_stack_lvl+0x16c/0x1f0
[ 2393.663489][ T5988]  should_fail_ex+0x497/0x5b0
[ 2393.664810][ T5988]  ? fs_reclaim_acquire+0xae/0x160
[ 2393.666213][ T5988]  should_fail_alloc_page+0xe7/0x130
[ 2393.667717][ T5988]  prepare_alloc_pages.constprop.0+0x16f/0x560
[ 2393.669467][ T5988]  __alloc_pages_noprof+0x194/0x2460
[ 2393.670917][ T5988]  ? __pfx_mark_lock+0x10/0x10
[ 2393.672195][ T5988]  ? __pfx___lock_acquire+0x10/0x10
[ 2393.673575][ T5988]  ? hlock_class+0x4e/0x130
[ 2393.674770][ T5988]  ? __lock_acquire+0xbdd/0x3cb0
[ 2393.676076][ T5988]  ? __pfx___alloc_pages_noprof+0x10/0x10
[ 2393.677589][ T5988]  ? __pfx___lock_acquire+0x10/0x10
[ 2393.678973][ T5988]  ? __lock_acquire+0x1620/0x3cb0
[ 2393.680338][ T5988]  ? __sanitizer_cov_trace_switch+0x54/0x90
[ 2393.681943][ T5988]  ? policy_nodemask+0xea/0x4e0
[ 2393.683313][ T5988]  alloc_pages_mpol_noprof+0x275/0x610
[ 2393.684871][ T5988]  ? __pfx_alloc_pages_mpol_noprof+0x10/0x10
[ 2393.686486][ T5988]  ? find_held_lock+0x2d/0x110
[ 2393.687745][ T5988]  folio_alloc_mpol_noprof+0x36/0xd0
[ 2393.689142][ T5988]  vma_alloc_folio_noprof+0xee/0x1b0
[ 2393.690514][ T5988]  ? __pfx_vma_alloc_folio_noprof+0x10/0x10
[ 2393.692076][ T5988]  ? find_held_lock+0x2d/0x110
[ 2393.693354][ T5988]  __handle_mm_fault+0x2d33/0x5480
[ 2393.694712][ T5988]  ? __pfx___handle_mm_fault+0x10/0x10
[ 2393.696135][ T5988]  ? follow_page_pte+0x3dc/0x1cf0
[ 2393.697474][ T5988]  handle_mm_fault+0x498/0xa60
[ 2393.698747][ T5988]  __get_user_pages+0x475/0x15c0
[ 2393.700073][ T5988]  ? __pfx___get_user_pages+0x10/0x10
[ 2393.701512][ T5988]  ? down_read_killable+0xcc/0x380
[ 2393.702874][ T5988]  ? __pfx_down_read_killable+0x10/0x10
[ 2393.704417][ T5988]  __gup_longterm_locked+0x22e/0x1b30
[ 2393.705929][ T5988]  ? __pfx_lock_release+0x10/0x10
[ 2393.707344][ T5988]  ? __pfx___gup_longterm_locked+0x10/0x10
[ 2393.708963][ T5988]  ? const_folio_flags.constprop.0+0x56/0x150
[ 2393.710581][ T5988]  ? sanity_check_pinned_pages+0x384/0x1220
[ 2393.712160][ T5988]  gup_fast_fallback+0x153d/0x24e0
[ 2393.713542][ T5988]  ? __pfx_gup_fast_fallback+0x10/0x10
[ 2393.715010][ T5988]  pin_user_pages_fast+0xa8/0x100
[ 2393.716362][ T5988]  ? __pfx_pin_user_pages_fast+0x10/0x10
[ 2393.717953][ T5988]  ? __kmalloc_noprof+0x207/0x410
[ 2393.719427][ T5988]  ? __might_fault+0xe3/0x190
[ 2393.720809][ T5988]  rds_info_getsockopt+0x39a/0x4f0
[ 2393.722238][ T5988]  ? __might_fault+0x13b/0x190
[ 2393.723505][ T5988]  ? __pfx_rds_info_getsockopt+0x10/0x10
[ 2393.725002][ T5988]  ? __pfx_aa_sk_perm+0x10/0x10
[ 2393.726282][ T5988]  ? find_held_lock+0x2d/0x110
[ 2393.727545][ T5988]  ? __might_fault+0xe3/0x190
[ 2393.728802][ T5988]  rds_getsockopt+0x173/0x2d0
[ 2393.730051][ T5988]  ? __pfx_rds_getsockopt+0x10/0x10
[ 2393.731385][ T5988]  do_sock_getsockopt+0x3fe/0x870
[ 2393.732802][ T5988]  ? __pfx_do_sock_getsockopt+0x10/0x10
[ 2393.734283][ T5988]  ? __fget_files+0x256/0x400
[ 2393.735603][ T5988]  ? __fget_light+0x173/0x210
[ 2393.736992][ T5988]  __sys_getsockopt+0x1a1/0x270
[ 2393.738449][ T5988]  ? __pfx___sys_getsockopt+0x10/0x10
[ 2393.739962][ T5988]  ? fput+0x32/0x390
[ 2393.741055][ T5988]  ? ksys_write+0x1ab/0x260
[ 2393.742306][ T5988]  ? __pfx_ksys_write+0x10/0x10
[ 2393.743613][ T5988]  __ia32_sys_getsockopt+0xbc/0x160
[ 2393.744975][ T5988]  ? lockdep_hardirqs_on+0x7c/0x110
[ 2393.746307][ T5988]  ? syscall_enter_from_user_mode_prepare+0x68/0xe0
[ 2393.747959][ T5988]  __do_fast_syscall_32+0x73/0x120
[ 2393.749638][ T5988]  do_fast_syscall_32+0x32/0x80
[ 2393.750921][ T5988]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 2393.752807][ T5988] RIP: 0023:0xf73de579
[ 2393.754241][ T5988] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[ 2393.760502][ T5988] RSP: 002b:00000000f56c656c EFLAGS: 00000296 ORIG_RAX: 000000000000016d
[ 2393.763263][ T5988] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000114
[ 2393.765312][ T5988] RDX: 000000000000271c RSI: 0000000020000580 RDI: 0000000020000000
[ 2393.767369][ T5988] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 2393.769448][ T5988] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[ 2393.771529][ T5988] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 2393.773614][ T5988]  </TASK>
[ 2393.795530][ T5979] netlink: 120 bytes leftover after parsing attributes in process `syz.0.8932'.
[ 2393.798472][ T5979] netlink: 12 bytes leftover after parsing attributes in process `syz.0.8932'.
[ 2393.870570][ T5945] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2393.994504][ T5997] xt_hashlimit: max too large, truncated to 1048576
[ 2393.996578][ T5997] xt_hashlimit: overflow, try lower: 0/0
[ 2394.029001][ T5945] bond0: (slave netdevsim0): Releasing backup interface
[ 2394.035176][ T5945] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2394.062645][ T6001] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[ 2394.104832][ T6003] FAULT_INJECTION: forcing a failure.
[ 2394.104832][ T6003] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2394.116889][ T6003] CPU: 0 UID: 0 PID: 6003 Comm: syz.1.8940 Not tainted 6.11.0-syzkaller #0
[ 2394.119275][ T6003] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 2394.122139][ T6003] Call Trace:
[ 2394.123024][ T6003]  <TASK>
[ 2394.123807][ T6003]  dump_stack_lvl+0x16c/0x1f0
[ 2394.125067][ T6003]  should_fail_ex+0x497/0x5b0
[ 2394.126307][ T6003]  _copy_from_user+0x30/0xf0
[ 2394.127526][ T6003]  get_compat_msghdr+0xa8/0x170
[ 2394.128814][ T6003]  ? __pfx_get_compat_msghdr+0x10/0x10
[ 2394.130243][ T6003]  ? kfree+0x245/0x3b0
[ 2394.131319][ T6003]  ? find_held_lock+0x2d/0x110
[ 2394.132606][ T6003]  ___sys_recvmsg+0x193/0x1a0
[ 2394.133825][ T6003]  ? __pfx____sys_recvmsg+0x10/0x10
[ 2394.135196][ T6003]  ? __pfx___might_resched+0x10/0x10
[ 2394.136709][ T6003]  ? __fget_light+0x173/0x210
[ 2394.138065][ T6003]  do_recvmmsg+0x51a/0x750
[ 2394.139364][ T6003]  ? __pfx_do_recvmmsg+0x10/0x10
[ 2394.140683][ T6003]  ? __pfx_lock_release+0x10/0x10
[ 2394.142002][ T6003]  ? vfs_write+0x14d/0x1140
[ 2394.143189][ T6003]  __sys_recvmmsg+0x21e/0x280
[ 2394.144342][ T6003]  ? __pfx___sys_recvmmsg+0x10/0x10
[ 2394.145707][ T6003]  ? __pfx_ksys_write+0x10/0x10
[ 2394.146984][ T6003]  __ia32_compat_sys_recvmmsg_time32+0xc4/0x160
[ 2394.148622][ T6003]  ? lockdep_hardirqs_on+0x7c/0x110
[ 2394.149952][ T6003]  ? syscall_enter_from_user_mode_prepare+0x68/0xe0
[ 2394.151724][ T6003]  __do_fast_syscall_32+0x73/0x120
[ 2394.153231][ T6003]  do_fast_syscall_32+0x32/0x80
[ 2394.154611][ T6003]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 2394.156327][ T6003] RIP: 0023:0xf73de579
[ 2394.157399][ T6003] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[ 2394.162433][ T6003] RSP: 002b:00000000f56a556c EFLAGS: 00000296 ORIG_RAX: 0000000000000151
[ 2394.164805][ T6003] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000200004c0
[ 2394.167070][ T6003] RDX: 0000000000000f00 RSI: 0000000000000000 RDI: 0000000000000000
[ 2394.169149][ T6003] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 2394.171189][ T6003] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[ 2394.173229][ T6003] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 2394.175279][ T6003]  </TASK>
[ 2394.176204][    C0] vkms_vblank_simulate: vblank timer overrun
[ 2394.181366][ T6002] netlink: 188 bytes leftover after parsing attributes in process `syz.3.8939'.
[ 2394.349882][ T5945] netdevsim netdevsim2 netdevsim0: renamed from eth0
[ 2394.353977][ T5945] netdevsim netdevsim2 netdevsim1: renamed from eth1
[ 2394.369882][ T5945] netdevsim netdevsim2 netdevsim2: renamed from eth2
[ 2394.373866][ T5945] netdevsim netdevsim2 netdevsim3: renamed from eth3
[ 2394.483351][ T5945] 8021q: adding VLAN 0 to HW filter on device bond0
[ 2394.503586][ T5945] 8021q: adding VLAN 0 to HW filter on device team0
[ 2394.534217][ T2015] bridge0: port 1(bridge_slave_0) entered blocking state
[ 2394.536778][ T2015] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 2394.571119][ T2007] bridge0: port 2(bridge_slave_1) entered blocking state
[ 2394.573055][ T2007] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 2394.942305][ T5945] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 2395.049081][ T5945] veth0_vlan: entered promiscuous mode
[ 2395.074331][ T5945] veth1_vlan: entered promiscuous mode
[ 2395.087719][T22587] Bluetooth: hci0: command tx timeout
[ 2395.115596][ T5945] veth0_macvtap: entered promiscuous mode
[ 2395.139563][ T5945] veth1_macvtap: entered promiscuous mode
[ 2395.173762][ T5945] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 2395.183375][ T5945] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2395.193742][ T5945] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 2395.201636][ T5945] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2395.220641][ T5945] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 2395.230907][ T5945] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2395.237705][ T5945] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 2395.245049][ T5945] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2395.256524][ T5945] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 2395.265585][ T5945] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2395.278006][ T5945] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 2395.284663][ T5945] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2395.294790][ T5945] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 2395.304909][ T5945] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2395.310649][ T5945] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 2395.319966][ T5945] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2395.326767][ T5945] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 2395.337123][ T5945] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2395.342832][ T5945] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 2395.365035][ T5945] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 2395.376957][ T5945] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2395.383904][ T5945] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 2395.399060][ T5945] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2395.408112][ T5945] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 2395.421904][ T5945] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2395.431212][ T5945] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 2395.444734][ T5945] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2395.477587][ T5945] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 2395.480835][ T5945] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2395.483257][ T5945] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 2395.486351][ T5945] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2395.517582][ T5945] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 2395.520540][ T5945] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2395.523066][ T5945] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 2395.525753][ T5945] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2395.528257][ T5945] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 2395.530873][ T5945] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2395.534550][ T5945] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 2395.566212][ T5945] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 2395.568665][ T5945] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 2395.570810][ T5945] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 2395.572984][ T5945] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 2395.690766][ T2017] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 2395.692923][ T2017] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 2395.723236][ T2017] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 2395.726685][ T2017] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 2396.135426][ T6014] x_tables: ip6_tables: mh match: only valid for protocol 135
[ 2397.007646][   T39] audit: type=1326 audit(1726471449.845:17503): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6037 comm="syz.1.8949" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf73de579 code=0x0
[ 2397.011058][ T6040] syz.2.8948 (6040): drop_caches: 2
[ 2397.019650][ T6040] syz.2.8948 (6040): drop_caches: 2
[ 2397.080854][   T39] audit: type=1326 audit(1726471449.895:17504): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6037 comm="syz.1.8949" exe="/syz-executor" sig=31 arch=40000003 syscall=267 compat=1 ip=0xf73de579 code=0x0
[ 2397.177577][T22587] Bluetooth: hci0: command tx timeout
[ 2397.286974][   T39] audit: type=1326 audit(1726471450.125:17505): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6037 comm="syz.1.8949" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf73de579 code=0x0
[ 2397.416402][ T6050] FAULT_INJECTION: forcing a failure.
[ 2397.416402][ T6050] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 2397.420027][ T6050] CPU: 3 UID: 0 PID: 6050 Comm: syz.2.8951 Not tainted 6.11.0-syzkaller #0
[ 2397.422303][ T6050] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 2397.425143][ T6050] Call Trace:
[ 2397.426028][ T6050]  <TASK>
[ 2397.426812][ T6050]  dump_stack_lvl+0x16c/0x1f0
[ 2397.428081][ T6050]  should_fail_ex+0x497/0x5b0
[ 2397.429309][ T6050]  ? fs_reclaim_acquire+0xae/0x160
[ 2397.430678][ T6050]  should_fail_alloc_page+0xe7/0x130
[ 2397.432081][ T6050]  prepare_alloc_pages.constprop.0+0x16f/0x560
[ 2397.433743][ T6050]  __alloc_pages_noprof+0x194/0x2460
[ 2397.435147][ T6050]  ? __pfx_mark_lock+0x10/0x10
[ 2397.436761][ T6050]  ? __pfx___lock_acquire+0x10/0x10
[ 2397.438039][ T6050]  ? hlock_class+0x4e/0x130
[ 2397.439258][ T6050]  ? __lock_acquire+0xbdd/0x3cb0
[ 2397.440603][ T6050]  ? __pfx___alloc_pages_noprof+0x10/0x10
[ 2397.442118][ T6050]  ? __pfx___lock_acquire+0x10/0x10
[ 2397.443499][ T6050]  ? __lock_acquire+0x1620/0x3cb0
[ 2397.444876][ T6050]  ? __sanitizer_cov_trace_switch+0x54/0x90
[ 2397.446386][ T6050]  ? policy_nodemask+0xea/0x4e0
[ 2397.447653][ T6050]  alloc_pages_mpol_noprof+0x275/0x610
[ 2397.449054][ T6050]  ? __pfx_alloc_pages_mpol_noprof+0x10/0x10
[ 2397.450601][ T6050]  ? find_held_lock+0x2d/0x110
[ 2397.451835][ T6050]  folio_alloc_mpol_noprof+0x36/0xd0
[ 2397.453202][ T6050]  vma_alloc_folio_noprof+0xee/0x1b0
[ 2397.454551][ T6050]  ? __pfx_vma_alloc_folio_noprof+0x10/0x10
[ 2397.456057][ T6050]  ? find_held_lock+0x2d/0x110
[ 2397.457301][ T6050]  __handle_mm_fault+0x2d33/0x5480
[ 2397.458515][ T6050]  ? __pfx___handle_mm_fault+0x10/0x10
[ 2397.459761][ T6050]  ? follow_page_pte+0x3dc/0x1cf0
[ 2397.461037][ T6050]  handle_mm_fault+0x498/0xa60
[ 2397.462314][ T6050]  __get_user_pages+0x475/0x15c0
[ 2397.463572][ T6050]  ? __pfx___get_user_pages+0x10/0x10
[ 2397.464941][ T6050]  ? down_read_killable+0xcc/0x380
[ 2397.466237][ T6050]  ? __pfx_down_read_killable+0x10/0x10
[ 2397.467619][ T6050]  __gup_longterm_locked+0x22e/0x1b30
[ 2397.468968][ T6050]  ? __pfx_lock_release+0x10/0x10
[ 2397.470267][ T6050]  ? kasan_save_stack+0x42/0x60
[ 2397.471498][ T6050]  ? __pfx___gup_longterm_locked+0x10/0x10
[ 2397.472958][ T6050]  ? __kmalloc_noprof+0x1e8/0x410
[ 2397.474214][ T6050]  ? rds_getsockopt+0x173/0x2d0
[ 2397.475423][ T6050]  ? do_sock_getsockopt+0x3fe/0x870
[ 2397.476770][ T6050]  ? sanity_check_pinned_pages+0x23/0x1220
[ 2397.478267][ T6050]  gup_fast_fallback+0x153d/0x24e0
[ 2397.479606][ T6050]  ? __pfx_gup_fast_fallback+0x10/0x10
[ 2397.480996][ T6050]  pin_user_pages_fast+0xa8/0x100
[ 2397.482484][ T6050]  ? __pfx_pin_user_pages_fast+0x10/0x10
[ 2397.484192][ T6050]  ? __kmalloc_noprof+0x207/0x410
[ 2397.485593][ T6050]  ? __might_fault+0xe3/0x190
[ 2397.486823][ T6050]  rds_info_getsockopt+0x39a/0x4f0
[ 2397.488145][ T6050]  ? __might_fault+0x13b/0x190
[ 2397.489536][ T6050]  ? __pfx_rds_info_getsockopt+0x10/0x10
[ 2397.491115][ T6050]  ? __pfx_aa_sk_perm+0x10/0x10
[ 2397.492410][ T6050]  ? find_held_lock+0x2d/0x110
[ 2397.493651][ T6050]  ? __might_fault+0xe3/0x190
[ 2397.494865][ T6050]  rds_getsockopt+0x173/0x2d0
[ 2397.496163][ T6050]  ? __pfx_rds_getsockopt+0x10/0x10
[ 2397.497507][ T6050]  do_sock_getsockopt+0x3fe/0x870
[ 2397.498818][ T6050]  ? __pfx_do_sock_getsockopt+0x10/0x10
[ 2397.500315][ T6050]  ? __fget_files+0x256/0x400
[ 2397.501609][ T6050]  ? __fget_light+0x173/0x210
[ 2397.502878][ T6050]  __sys_getsockopt+0x1a1/0x270
[ 2397.504169][ T6050]  ? __pfx___sys_getsockopt+0x10/0x10
[ 2397.505614][ T6050]  ? fput+0x32/0x390
[ 2397.506674][ T6050]  ? ksys_write+0x1ab/0x260
[ 2397.507883][ T6050]  ? __pfx_ksys_write+0x10/0x10
[ 2397.509177][ T6050]  __ia32_sys_getsockopt+0xbc/0x160
[ 2397.510528][ T6050]  ? lockdep_hardirqs_on+0x7c/0x110
[ 2397.511844][ T6050]  ? syscall_enter_from_user_mode_prepare+0x68/0xe0
[ 2397.513546][ T6050]  __do_fast_syscall_32+0x73/0x120
[ 2397.514879][ T6050]  do_fast_syscall_32+0x32/0x80
[ 2397.516147][ T6050]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 2397.517809][ T6050] RIP: 0023:0xf7ff2579
[ 2397.518887][ T6050] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[ 2397.524019][ T6050] RSP: 002b:00000000f577656c EFLAGS: 00000296 ORIG_RAX: 000000000000016d
[ 2397.526246][ T6050] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000114
[ 2397.528413][ T6050] RDX: 000000000000271b RSI: 0000000020c35fff RDI: 0000000020000000
[ 2397.530517][ T6050] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 2397.532618][ T6050] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[ 2397.534688][ T6050] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 2397.536757][ T6050]  </TASK>
[ 2398.141701][ T6059] fuse: Bad value for 'user_id'
[ 2398.143099][ T6059] fuse: Bad value for 'user_id'
[ 2398.171502][ T6060] dccp_invalid_packet: pskb_may_pull failed
[ 2398.623321][ T6062] kAFS: No cell specified
[ 2398.697573][ T1429] usb 7-1: new high-speed USB device number 22 using dummy_hcd
[ 2398.879998][ T1429] usb 7-1: New USB device found, idVendor=077b, idProduct=2226, bcdDevice=ca.8b
[ 2398.883011][ T1429] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2398.889967][ T1429] usb 7-1: config 0 descriptor??
[ 2399.097360][ T1429] asix 7-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[ 2399.104358][ T1429] asix 7-1:0.0: probe with driver asix failed with error -71
[ 2399.115261][ T1429] usb 7-1: USB disconnect, device number 22
[ 2399.237658][T23425] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[ 2399.247585][T22587] Bluetooth: hci0: command tx timeout
[ 2399.388163][T23425] usb 5-1: device descriptor read/64, error -71
[ 2399.568429][ T6077] input: syz1 as /devices/virtual/input/input306
[ 2399.657732][T23425] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[ 2399.697029][ T6082] overlayfs: upper fs does not support RENAME_WHITEOUT.
[ 2399.705731][ T6082] overlayfs: failed to set xattr on upper
[ 2399.707255][ T6082] overlayfs: ...falling back to redirect_dir=nofollow.
[ 2399.711790][ T6082] overlayfs: ...falling back to index=off.
[ 2399.715811][ T6082] overlayfs: ...falling back to uuid=null.
[ 2399.808343][T23425] usb 5-1: device descriptor read/64, error -71
[ 2399.928031][T23425] usb usb5-port1: attempt power cycle
[ 2400.290037][ T6086] netlink: 'syz.2.8962': attribute type 4 has an invalid length.
[ 2400.338054][T23425] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[ 2400.349795][ T6087] netlink: 'syz.2.8962': attribute type 4 has an invalid length.
[ 2400.368629][T23425] usb 5-1: device descriptor read/8, error -71
[ 2400.641579][T23425] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[ 2400.678486][T23425] usb 5-1: device descriptor read/8, error -71
[ 2400.801479][T23425] usb usb5-port1: unable to enumerate USB device
[ 2401.965673][ T6101] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8969'.
[ 2402.178833][ T6107] netlink: 20 bytes leftover after parsing attributes in process `syz.1.8971'.
[ 2402.637668][   T39] audit: type=1804 audit(1726471455.485:17506): pid=6111 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.8971" name="/newroot/246/bus/file0" dev="overlay" ino=1362 res=1 errno=0
[ 2405.389930][ T6147] netlink: 72 bytes leftover after parsing attributes in process `syz.1.8983'.
[ 2405.461917][ T6147] netlink: 'syz.1.8983': attribute type 10 has an invalid length.
[ 2406.084592][ T6153] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8986'.
[ 2407.111986][ T6170] FAULT_INJECTION: forcing a failure.
[ 2407.111986][ T6170] name failslab, interval 1, probability 0, space 0, times 0
[ 2407.116979][ T6170] CPU: 3 UID: 0 PID: 6170 Comm: syz.1.8989 Not tainted 6.11.0-syzkaller #0
[ 2407.119858][ T6170] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 2407.123624][ T6170] Call Trace:
[ 2407.124835][ T6170]  <TASK>
[ 2407.126013][ T6170]  dump_stack_lvl+0x16c/0x1f0
[ 2407.127690][ T6170]  should_fail_ex+0x497/0x5b0
[ 2407.129046][ T6170]  ? fs_reclaim_acquire+0xae/0x160
[ 2407.130854][ T6170]  should_failslab+0xc2/0x120
[ 2407.132533][ T6170]  __kmalloc_noprof+0xcb/0x410
[ 2407.134228][ T6170]  ? __pfx_lock_acquire+0x10/0x10
[ 2407.136007][ T6170]  tomoyo_realpath_from_path+0xbf/0x710
[ 2407.137905][ T6170]  ? tomoyo_profile+0x47/0x60
[ 2407.139194][ T6170]  tomoyo_path_perm+0x273/0x480
[ 2407.140865][ T6170]  ? tomoyo_path_perm+0x25f/0x480
[ 2407.142669][ T6170]  ? __pfx_tomoyo_path_perm+0x10/0x10
[ 2407.144593][ T6170]  ? is_bpf_text_address+0x8a/0x1a0
[ 2407.146427][ T6170]  ? __pfx_lock_release+0x10/0x10
[ 2407.148076][ T6170]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 2407.150235][ T6170]  security_inode_getattr+0xf4/0x160
[ 2407.152132][ T6170]  vfs_getattr+0x36/0xb0
[ 2407.153944][ T6170]  ovl_copy_up_one+0x511/0x3490
[ 2407.155830][ T6170]  ? hlock_class+0x4e/0x130
[ 2407.157442][ T6170]  ? mark_lock+0xb5/0xc60
[ 2407.158763][ T6170]  ? hlock_class+0x4e/0x130
[ 2407.160655][ T6170]  ? mark_lock+0xb5/0xc60
[ 2407.162149][ T6170]  ? __pfx_mark_lock+0x10/0x10
[ 2407.163814][ T6170]  ? mark_lock+0xb5/0xc60
[ 2407.165349][ T6170]  ? __pfx_mark_lock+0x10/0x10
[ 2407.167010][ T6170]  ? __pfx_ovl_copy_up_one+0x10/0x10
[ 2407.168848][ T6170]  ? __pfx_mark_lock+0x10/0x10
[ 2407.170471][ T6170]  ? __pfx_mark_lock+0x10/0x10
[ 2407.171950][ T6170]  ? hlock_class+0x4e/0x130
[ 2407.173514][ T6170]  ? __lock_acquire+0x1620/0x3cb0
[ 2407.175262][ T6170]  ? do_raw_spin_unlock+0x172/0x230
[ 2407.177083][ T6170]  ovl_copy_up_flags+0x18d/0x200
[ 2407.178518][ T6170]  ovl_xattr_set+0x3bd/0x530
[ 2407.180076][ T6170]  ? __pfx_ovl_xattr_set+0x10/0x10
[ 2407.181876][ T6170]  ? xattr_resolve_name+0x27b/0x3f0
[ 2407.183678][ T6170]  ? __pfx_ovl_other_xattr_set+0x10/0x10
[ 2407.185475][ T6170]  __vfs_removexattr+0x153/0x1c0
[ 2407.187144][ T6170]  ? __pfx___vfs_removexattr+0x10/0x10
[ 2407.188831][ T6170]  ? xattr_resolve_name+0x27b/0x3f0
[ 2407.190862][ T6170]  ? make_vfsuid+0xe0/0x130
[ 2407.192477][ T6170]  cap_inode_killpriv+0x23/0x50
[ 2407.194174][ T6170]  security_inode_killpriv+0x6d/0xc0
[ 2407.196042][ T6170]  setattr_prepare+0x1ad/0x9a0
[ 2407.197706][ T6170]  ovl_setattr+0xb3/0x560
[ 2407.198911][ T6170]  ? security_inode_setattr+0xfc/0x140
[ 2407.200590][ T6170]  ? __pfx_ovl_setattr+0x10/0x10
[ 2407.202285][ T6170]  notify_change+0x6a6/0x1230
[ 2407.203981][ T6170]  chown_common+0x598/0x660
[ 2407.205852][ T6170]  ? __pfx_chown_common+0x10/0x10
[ 2407.207811][ T6170]  ? __pfx_lock_acquire+0x10/0x10
[ 2407.209801][ T6170]  ? mnt_get_write_access+0x20c/0x300
[ 2407.211929][ T6170]  do_fchownat+0x1ac/0x200
[ 2407.213631][ T6170]  ? __pfx_do_fchownat+0x10/0x10
[ 2407.215790][ T6170]  ? __pfx_ksys_write+0x10/0x10
[ 2407.217453][ T6170]  __ia32_sys_lchown16+0xe6/0x120
[ 2407.218880][ T6170]  __do_fast_syscall_32+0x73/0x120
[ 2407.220236][ T6170]  do_fast_syscall_32+0x32/0x80
[ 2407.221552][ T6170]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 2407.223245][ T6170] RIP: 0023:0xf73de579
[ 2407.224393][ T6170] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[ 2407.229539][ T6170] RSP: 002b:00000000f56c656c EFLAGS: 00000296 ORIG_RAX: 0000000000000010
[ 2407.231698][ T6170] RAX: ffffffffffffffda RBX: 00000000200003c0 RCX: 0000000000000000
[ 2407.233790][ T6170] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 2407.235921][ T6170] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 2407.238194][ T6170] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[ 2407.240428][ T6170] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 2407.242535][ T6170]  </TASK>
[ 2407.349021][ T6170] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 2408.284435][ T6171] [U] ¯èrb±%�F
[ 2408.617563][ T6186] FAULT_INJECTION: forcing a failure.
[ 2408.617563][ T6186] name failslab, interval 1, probability 0, space 0, times 0
[ 2408.625010][ T6186] CPU: 0 UID: 0 PID: 6186 Comm: syz.3.8993 Not tainted 6.11.0-syzkaller #0
[ 2408.627265][ T6186] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 2408.630056][ T6186] Call Trace:
[ 2408.630934][ T6186]  <TASK>
[ 2408.631744][ T6186]  dump_stack_lvl+0x16c/0x1f0
[ 2408.633012][ T6186]  should_fail_ex+0x497/0x5b0
[ 2408.634259][ T6186]  ? fs_reclaim_acquire+0xae/0x160
[ 2408.635610][ T6186]  should_failslab+0xc2/0x120
[ 2408.636877][ T6186]  kmem_cache_alloc_lru_noprof+0x72/0x2f0
[ 2408.638377][ T6186]  ? alloc_inode+0xba/0x230
[ 2408.639104][ T6188] overlayfs: missing 'lowerdir'
[ 2408.639562][ T6186]  alloc_inode+0xba/0x230
[ 2408.642076][ T6186]  new_inode+0x22/0x210
[ 2408.643181][ T6186]  ? start_creating.part.0+0x25d/0x3a0
[ 2408.644639][ T6186]  __debugfs_create_file+0x11a/0x660
[ 2408.646030][ T6186]  kvm_dev_ioctl+0x161a/0x1c50
[ 2408.647300][ T6186]  ? __pfx_kvm_dev_ioctl+0x10/0x10
[ 2408.648663][ T6186]  ? bpf_lsm_file_ioctl_compat+0x9/0x10
[ 2408.650108][ T6186]  ? __pfx_kvm_dev_ioctl+0x10/0x10
[ 2408.651444][ T6186]  __do_compat_sys_ioctl+0x2c3/0x330
[ 2408.652843][ T6186]  __do_fast_syscall_32+0x73/0x120
[ 2408.654199][ T6186]  do_fast_syscall_32+0x32/0x80
[ 2408.655472][ T6186]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 2408.657143][ T6186] RIP: 0023:0xf7f31579
[ 2408.658214][ T6186] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[ 2408.663183][ T6186] RSP: 002b:00000000f567456c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[ 2408.665389][ T6186] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 000000000000ae01
[ 2408.667445][ T6186] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 2408.669521][ T6186] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 2408.671582][ T6186] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[ 2408.673649][ T6186] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 2408.675673][ T6186]  </TASK>
[ 2408.676572][    C0] vkms_vblank_simulate: vblank timer overrun
[ 2409.004028][ T6186] debugfs: out of free dentries, can not create file 'mmu_recycled'
[ 2409.097593][ T2623] usb 7-1: new high-speed USB device number 23 using dummy_hcd
[ 2409.297634][ T2623] usb 7-1: Using ep0 maxpacket: 16
[ 2409.300737][ T2623] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 2409.303379][ T2623] usb 7-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 9
[ 2409.306824][ T2623] usb 7-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[ 2409.309559][ T2623] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2409.315079][ T2623] usb 7-1: config 0 descriptor??
[ 2409.318578][ T2623] usbhid 7-1:0.0: couldn't find an input interrupt endpoint
[ 2409.583534][ T6205] netlink: 20 bytes leftover after parsing attributes in process `syz.3.8999'.
[ 2409.728126][ T6213] netlink: 'syz.1.9001': attribute type 17 has an invalid length.
[ 2409.867845][ T6215] syz_tun: entered promiscuous mode
[ 2409.881944][ T6214] syz_tun: left promiscuous mode
[ 2409.895059][   T39] audit: type=1804 audit(1726471462.745:17507): pid=6211 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.8999" name="/newroot/446/bus/file0" dev="overlay" ino=2481 res=1 errno=0
[ 2411.169205][ T6234] input: syz1 as /devices/virtual/input/input308
[ 2411.172405][ T6233] netlink: 220 bytes leftover after parsing attributes in process `syz.3.9008'.
[ 2411.194746][ T5498] udevd[5498]: setting owner of /dev/input/event3 to uid=0, gid=104 failed: No such file or directory
[ 2411.895027][   T63] usb 7-1: USB disconnect, device number 23
[ 2411.958157][ T6256] kvm: apic: phys broadcast and lowest prio
[ 2412.040830][ T6262] netlink: 'syz.1.9019': attribute type 21 has an invalid length.
[ 2412.660038][ T6275] bridge0: port 2(bridge_slave_1) entered disabled state
[ 2412.662116][ T6275] bridge0: port 2(bridge_slave_1) entered blocking state
[ 2412.663934][ T6275] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 2413.268009][ T6294] overlay: ./bus is not a directory
[ 2414.175290][ T6301] syzkaller1: entered promiscuous mode
[ 2414.180850][ T6301] syzkaller1: entered allmulticast mode
[ 2416.117279][ T6323] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[ 2417.485475][ T6339] FAULT_INJECTION: forcing a failure.
[ 2417.485475][ T6339] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2417.499543][ T6339] CPU: 0 UID: 0 PID: 6339 Comm: syz.1.9044 Not tainted 6.11.0-syzkaller #0
[ 2417.502856][ T6339] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 2417.506838][ T6339] Call Trace:
[ 2417.508050][ T6339]  <TASK>
[ 2417.509140][ T6339]  dump_stack_lvl+0x16c/0x1f0
[ 2417.510855][ T6339]  should_fail_ex+0x497/0x5b0
[ 2417.512579][ T6339]  _copy_to_user+0x30/0xc0
[ 2417.514215][ T6339]  simple_read_from_buffer+0xd0/0x160
[ 2417.516242][ T6339]  proc_fail_nth_read+0x19e/0x280
[ 2417.518235][ T6339]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 2417.520252][ T6339]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 2417.522203][ T6339]  vfs_read+0x1d4/0xbd0
[ 2417.523874][ T6339]  ? __fdget_pos+0xeb/0x180
[ 2417.525706][ T6339]  ? __pfx_vfs_read+0x10/0x10
[ 2417.527700][ T6339]  ? __pfx___mutex_lock+0x10/0x10
[ 2417.529737][ T6339]  ? __fget_files+0x256/0x400
[ 2417.531509][ T6339]  ksys_read+0x12f/0x260
[ 2417.532972][ T6339]  ? __pfx_ksys_read+0x10/0x10
[ 2417.534868][ T6339]  __do_fast_syscall_32+0x73/0x120
[ 2417.536493][ T6339]  do_fast_syscall_32+0x32/0x80
[ 2417.537917][ T6339]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 2417.539800][ T6339] RIP: 0023:0xf73de579
[ 2417.541085][ T6339] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[ 2417.546851][ T6339] RSP: 002b:00000000f56a55a0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 2417.549230][ T6339] RAX: ffffffffffffffda RBX: 000000000000000b RCX: 00000000f56a5620
[ 2417.551729][ T6339] RDX: 000000000000000f RSI: 00000000f73cbff4 RDI: 0000000000000000
[ 2417.554004][ T6339] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[ 2417.556288][ T6339] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[ 2417.558732][ T6339] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 2417.561110][ T6339]  </TASK>
[ 2417.562245][    C0] vkms_vblank_simulate: vblank timer overrun
[ 2417.876619][ T6358] VFS: could not find a valid V7 on nullb0.
[ 2417.936236][ T6364] openvswitch: netlink: Missing key (keys=20040, expected=200000)
[ 2418.333314][    C3] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies.
[ 2418.438427][ T6374] netlink: 12 bytes leftover after parsing attributes in process `syz.3.9052'.
[ 2418.456607][ T6376] netlink: 8 bytes leftover after parsing attributes in process `syz.2.9055'.
[ 2418.467549][ T6376] netlink: 36 bytes leftover after parsing attributes in process `syz.2.9055'.
[ 2418.479845][ T6376] vlan2: entered allmulticast mode
[ 2418.487834][ T6376] mac80211_hwsim hwsim94 wlan1: entered allmulticast mode
[ 2418.623449][ T6374] bridge1: entered promiscuous mode
[ 2418.653898][ T6374] bridge1: entered allmulticast mode
[ 2418.665278][ T6374] team0: Port device bridge1 added
[ 2419.048538][ T6384] FAULT_INJECTION: forcing a failure.
[ 2419.048538][ T6384] name failslab, interval 1, probability 0, space 0, times 0
[ 2419.051787][ T6384] CPU: 3 UID: 0 PID: 6384 Comm: syz.2.9059 Not tainted 6.11.0-syzkaller #0
[ 2419.054002][ T6384] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 2419.056764][ T6384] Call Trace:
[ 2419.057719][ T6384]  <TASK>
[ 2419.058492][ T6384]  dump_stack_lvl+0x16c/0x1f0
[ 2419.059718][ T6384]  should_fail_ex+0x497/0x5b0
[ 2419.061073][ T6384]  ? fs_reclaim_acquire+0xae/0x160
[ 2419.062465][ T6384]  should_failslab+0xc2/0x120
[ 2419.063704][ T6384]  __kmalloc_cache_noprof+0x6b/0x310
[ 2419.065111][ T6384]  ? krealloc_noprof+0xbc/0x100
[ 2419.066383][ T6384]  ? copy_verifier_state+0xabe/0xeb0
[ 2419.067756][ T6384]  copy_verifier_state+0xabe/0xeb0
[ 2419.069211][ T6384]  ? kasan_save_track+0x14/0x30
[ 2419.070700][ T6384]  do_check_common+0x4dea/0xd610
[ 2419.072016][ T6384]  ? kasan_quarantine_put+0x10a/0x240
[ 2419.073440][ T6384]  ? local_clock_noinstr+0xc1/0xe0
[ 2419.074794][ T6384]  ? __pfx_do_check_common+0x10/0x10
[ 2419.076188][ T6384]  ? kvfree+0x47/0x50
[ 2419.077294][ T6384]  ? check_cfg+0x400/0x840
[ 2419.078462][ T6384]  bpf_check+0x57bb/0xb3b0
[ 2419.079632][ T6384]  ? __pfx_bpf_check+0x10/0x10
[ 2419.080895][ T6384]  ? ktime_get_with_offset+0x13a/0x240
[ 2419.082304][ T6384]  ? __pfx_lock_release+0x10/0x10
[ 2419.083611][ T6384]  ? find_held_lock+0x2d/0x110
[ 2419.084850][ T6384]  ? timekeeping_debug_get_ns+0x3e0/0x5b0
[ 2419.086256][ T6384]  ? lockdep_hardirqs_on+0x7c/0x110
[ 2419.087774][ T6384]  ? bpf_obj_name_cpy+0x156/0x1b0
[ 2419.089289][ T6384]  bpf_prog_load+0xe3f/0x2670
[ 2419.090523][ T6384]  ? __pfx_bpf_prog_load+0x10/0x10
[ 2419.091848][ T6384]  ? find_held_lock+0x2d/0x110
[ 2419.093118][ T6384]  ? security_bpf+0x8c/0xc0
[ 2419.094345][ T6384]  __sys_bpf+0x9e0/0x55e0
[ 2419.095514][ T6384]  ? __pfx___sys_bpf+0x10/0x10
[ 2419.096853][ T6384]  ? ksys_write+0x12f/0x260
[ 2419.098163][ T6384]  ? find_held_lock+0x2d/0x110
[ 2419.099467][ T6384]  ? ksys_write+0x21c/0x260
[ 2419.100659][ T6384]  ? __pfx_lock_release+0x10/0x10
[ 2419.101970][ T6384]  ? vfs_write+0x14d/0x1140
[ 2419.103154][ T6384]  ? __mutex_unlock_slowpath+0x164/0x650
[ 2419.104639][ T6384]  ? fput+0x32/0x390
[ 2419.105666][ T6384]  ? ksys_write+0x1ab/0x260
[ 2419.106841][ T6384]  ? __pfx_ksys_write+0x10/0x10
[ 2419.108119][ T6384]  __ia32_sys_bpf+0x76/0xe0
[ 2419.109309][ T6384]  __do_fast_syscall_32+0x73/0x120
[ 2419.110634][ T6384]  do_fast_syscall_32+0x32/0x80
[ 2419.111900][ T6384]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 2419.113518][ T6384] RIP: 0023:0xf7ff2579
[ 2419.114578][ T6384] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[ 2419.119540][ T6384] RSP: 002b:00000000f577656c EFLAGS: 00000296 ORIG_RAX: 0000000000000165
[ 2419.121683][ T6384] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000020000040
[ 2419.123714][ T6384] RDX: 0000000000000090 RSI: 0000000000000000 RDI: 0000000000000000
[ 2419.125765][ T6384] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 2419.127792][ T6384] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[ 2419.129825][ T6384] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 2419.131856][ T6384]  </TASK>
[ 2419.167603][T23426] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[ 2419.358838][T23426] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2419.361798][T23426] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 2419.364321][T23426] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 2419.377578][T23426] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 2419.380012][T23426] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2419.383736][T23426] usb 6-1: config 0 descriptor??
[ 2419.714663][ T6391] VFS: could not find a valid V7 on nullb0.
[ 2419.822384][T23426] plantronics 0003:047F:FFFF.002A: ignoring exceeding usage max
[ 2419.827469][T23426] plantronics 0003:047F:FFFF.002A: No inputs registered, leaving
[ 2419.852433][T23426] plantronics 0003:047F:FFFF.002A: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0
[ 2420.460760][ T6419] netlink: 104 bytes leftover after parsing attributes in process `syz.0.9067'.
[ 2420.463156][ T6419] netlink: 104 bytes leftover after parsing attributes in process `syz.0.9067'.
[ 2420.578088][ T6423] netlink: 68 bytes leftover after parsing attributes in process `syz.0.9069'.
[ 2421.289064][ T6432] 9pnet_fd: Insufficient options for proto=fd
[ 2421.397333][ T6435] FAULT_INJECTION: forcing a failure.
[ 2421.397333][ T6435] name failslab, interval 1, probability 0, space 0, times 0
[ 2421.416875][ T6435] CPU: 3 UID: 0 PID: 6435 Comm: syz.0.9072 Not tainted 6.11.0-syzkaller #0
[ 2421.418914][ T6435] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 2421.421438][ T6435] Call Trace:
[ 2421.422213][ T6435]  <TASK>
[ 2421.422891][ T6435]  dump_stack_lvl+0x16c/0x1f0
[ 2421.424008][ T6435]  should_fail_ex+0x497/0x5b0
[ 2421.425215][ T6435]  ? fs_reclaim_acquire+0xae/0x160
[ 2421.426517][ T6435]  should_failslab+0xc2/0x120
[ 2421.427746][ T6435]  __kmalloc_cache_noprof+0x6b/0x310
[ 2421.429049][ T6435]  ? genl_start+0x1e7/0x950
[ 2421.430123][ T6435]  genl_start+0x1e7/0x950
[ 2421.431154][ T6435]  __netlink_dump_start+0x615/0x980
[ 2421.432394][ T6435]  genl_family_rcv_msg_dumpit+0x1e1/0x2e0
[ 2421.433684][ T6435]  ? __pfx_genl_family_rcv_msg_dumpit+0x10/0x10
[ 2421.435082][ T6435]  ? __pfx_genl_get_cmd+0x10/0x10
[ 2421.436280][ T6435]  ? __pfx_genl_start+0x10/0x10
[ 2421.437436][ T6435]  ? __pfx_genl_dumpit+0x10/0x10
[ 2421.438560][ T6435]  ? __pfx_genl_done+0x10/0x10
[ 2421.439648][ T6435]  ? __radix_tree_lookup+0x21f/0x2c0
[ 2421.440887][ T6435]  genl_rcv_msg+0x470/0x800
[ 2421.441981][ T6435]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 2421.443242][ T6435]  ? __pfx_nfsd_nl_rpc_status_get_dumpit+0x10/0x10
[ 2421.444937][ T6435]  netlink_rcv_skb+0x165/0x410
[ 2421.446176][ T6435]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 2421.447443][ T6435]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 2421.448711][ T6435]  ? down_read+0xc9/0x330
[ 2421.449693][ T6435]  ? __pfx_down_read+0x10/0x10
[ 2421.450836][ T6435]  ? netlink_deliver_tap+0x1ae/0xcf0
[ 2421.452106][ T6435]  genl_rcv+0x28/0x40
[ 2421.453065][ T6435]  netlink_unicast+0x53c/0x7f0
[ 2421.454204][ T6435]  ? __pfx_netlink_unicast+0x10/0x10
[ 2421.455463][ T6435]  ? __phys_addr_symbol+0x30/0x80
[ 2421.456657][ T6435]  ? __check_object_size+0x497/0x720
[ 2421.457906][ T6435]  netlink_sendmsg+0x8b8/0xd70
[ 2421.459044][ T6435]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 2421.460310][ T6435]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[ 2421.461549][ T6435]  ____sys_sendmsg+0x9b4/0xb50
[ 2421.462713][ T6435]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 2421.463974][ T6435]  ? get_compat_msghdr+0x11b/0x170
[ 2421.465186][ T6435]  ? __pfx___lock_acquire+0x10/0x10
[ 2421.466424][ T6435]  ___sys_sendmsg+0x135/0x1e0
[ 2421.467553][ T6435]  ? __pfx____sys_sendmsg+0x10/0x10
[ 2421.468847][ T6435]  ? ksys_write+0x21c/0x260
[ 2421.470018][ T6435]  ? __fget_light+0x173/0x210
[ 2421.471133][ T6435]  __sys_sendmsg+0x117/0x1f0
[ 2421.472259][ T6435]  ? __pfx___sys_sendmsg+0x10/0x10
[ 2421.473481][ T6435]  __do_fast_syscall_32+0x73/0x120
[ 2421.474696][ T6435]  do_fast_syscall_32+0x32/0x80
[ 2421.475855][ T6435]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 2421.477358][ T6435] RIP: 0023:0xf7f07579
[ 2421.478325][ T6435] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[ 2421.482757][ T6435] RSP: 002b:00000000f568656c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[ 2421.484747][ T6435] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000180
[ 2421.486621][ T6435] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 2421.488514][ T6435] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 2421.490403][ T6435] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[ 2421.492320][ T6435] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 2421.494232][ T6435]  </TASK>
[ 2422.029137][T13266] usb 6-1: USB disconnect, device number 2
[ 2422.087638][ T1429] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[ 2422.291830][ T1429] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[ 2422.294942][ T1429] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 2422.303046][ T1429] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66
[ 2422.305743][ T1429] usb 5-1: config 1 interface 0 altsetting 0 has an endpoint descriptor with address 0xF7, changing to 0x87
[ 2422.314613][ T1429] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x87 has an invalid bInterval 0, changing to 7
[ 2422.322271][ T1429] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[ 2422.326125][ T1429] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[ 2422.330371][ T1429] usb 5-1: Product: syz
[ 2422.331409][ T1429] usb 5-1: Manufacturer: syz
[ 2422.345049][ T1429] cdc_wdm 5-1:1.0: skipping garbage
[ 2422.346457][ T1429] cdc_wdm 5-1:1.0: skipping garbage
[ 2422.362394][ T1429] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device
[ 2422.364056][ T1429] cdc_wdm 5-1:1.0: Unknown control protocol
[ 2422.397193][   T39] audit: type=1326 audit(1726471475.245:17508): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6453 comm="syz.2.9079" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7ff2579 code=0x0
[ 2422.577412][ T6442] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2422.629067][ T6442] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2422.767998][ T6456] syz.2.9079: attempt to access beyond end of device
[ 2422.767998][ T6456] nbd2: rw=0, sector=16, nr_sectors = 8 limit=0
[ 2422.781805][ T6456] REISERFS warning (device nbd2): sh-2006 read_super_block: bread failed (dev nbd2, block 2, size 4096)
[ 2422.784974][ T6456] syz.2.9079: attempt to access beyond end of device
[ 2422.784974][ T6456] nbd2: rw=0, sector=128, nr_sectors = 8 limit=0
[ 2422.788636][ T6456] REISERFS warning (device nbd2): sh-2006 read_super_block: bread failed (dev nbd2, block 16, size 4096)
[ 2422.791616][ T6456] REISERFS warning (device nbd2): sh-2021 reiserfs_fill_super: can not find reiserfs on nbd2
[ 2422.856916][ T6012] usb 5-1: USB disconnect, device number 14
[ 2423.216102][ T6466] netlink: 'syz.1.9082': attribute type 17 has an invalid length.
[ 2423.239039][ T6468] netlink: 220 bytes leftover after parsing attributes in process `syz.3.9081'.
[ 2423.314675][ T6471] FAULT_INJECTION: forcing a failure.
[ 2423.314675][ T6471] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 2423.350173][ T6471] CPU: 1 UID: 0 PID: 6471 Comm: syz.1.9083 Not tainted 6.11.0-syzkaller #0
[ 2423.353044][ T6471] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 2423.356672][ T6471] Call Trace:
[ 2423.357890][ T6471]  <TASK>
[ 2423.358945][ T6471]  dump_stack_lvl+0x16c/0x1f0
[ 2423.360728][ T6471]  should_fail_ex+0x497/0x5b0
[ 2423.362375][ T6471]  ? fs_reclaim_acquire+0xae/0x160
[ 2423.364121][ T6471]  should_fail_alloc_page+0xe7/0x130
[ 2423.365802][ T6471]  prepare_alloc_pages.constprop.0+0x16f/0x560
[ 2423.367807][ T6471]  ? consume_skb+0xdd/0x160
[ 2423.369332][ T6471]  ? netlink_recvmsg+0x606/0xf30
[ 2423.371265][ T6471]  __alloc_pages_noprof+0x194/0x2460
[ 2423.373064][ T6471]  ? __lock_acquire+0x1620/0x3cb0
[ 2423.374768][ T6471]  ? hlock_class+0x4e/0x130
[ 2423.376298][ T6471]  ? mark_lock+0xb5/0xc60
[ 2423.377773][ T6471]  ? __pfx___alloc_pages_noprof+0x10/0x10
[ 2423.379725][ T6471]  ? __pfx_mark_lock+0x10/0x10
[ 2423.381347][ T6471]  ? hlock_class+0x4e/0x130
[ 2423.383226][ T6471]  ? mark_lock+0xb5/0xc60
[ 2423.384691][ T6471]  ? __pfx_mark_lock+0x10/0x10
[ 2423.386250][ T6471]  ? __sanitizer_cov_trace_switch+0x54/0x90
[ 2423.388144][ T6471]  ? policy_nodemask+0xea/0x4e0
[ 2423.389798][ T6471]  alloc_pages_mpol_noprof+0x275/0x610
[ 2423.391574][ T6471]  ? __pfx_alloc_pages_mpol_noprof+0x10/0x10
[ 2423.393677][ T6471]  ? hlock_class+0x4e/0x130
[ 2423.395307][ T6471]  ? hlock_class+0x4e/0x130
[ 2423.396891][ T6471]  ? find_held_lock+0x2d/0x110
[ 2423.398445][ T6471]  folio_alloc_mpol_noprof+0x36/0xd0
[ 2423.400189][ T6471]  vma_alloc_folio_noprof+0xee/0x1b0
[ 2423.401853][ T6471]  ? __pfx_vma_alloc_folio_noprof+0x10/0x10
[ 2423.403700][ T6471]  ? __pfx___lock_acquire+0x10/0x10
[ 2423.405433][ T6471]  ? __pfx_lock_acquire+0x10/0x10
[ 2423.407079][ T6471]  ? __lock_acquire+0xbdd/0x3cb0
[ 2423.408894][ T6471]  do_wp_page+0x1ada/0x3360
[ 2423.410534][ T6471]  ? __pfx_lock_acquire+0x10/0x10
[ 2423.412457][ T6471]  ? __pfx_do_wp_page+0x10/0x10
[ 2423.414252][ T6471]  ? __pfx_do_raw_spin_lock+0x10/0x10
[ 2423.416103][ T6471]  ? lock_vma_under_rcu+0x1e2/0x8f0
[ 2423.417865][ T6471]  __handle_mm_fault+0x23d0/0x5480
[ 2423.419672][ T6471]  ? __pfx_lock_release+0x10/0x10
[ 2423.421340][ T6471]  ? down_read_trylock+0x1ed/0x3f0
[ 2423.422987][ T6471]  ? lock_vma_under_rcu+0x1e2/0x8f0
[ 2423.424707][ T6471]  ? __pfx___handle_mm_fault+0x10/0x10
[ 2423.426450][ T6471]  ? __pfx_lock_vma_under_rcu+0x10/0x10
[ 2423.428352][ T6471]  handle_mm_fault+0x498/0xa60
[ 2423.429855][ T6471]  ? spurious_kernel_fault+0x361/0x3c0
[ 2423.431683][ T6471]  do_user_addr_fault+0x60d/0x13f0
[ 2423.433435][ T6471]  exc_page_fault+0x5c/0xc0
[ 2423.434909][ T6471]  asm_exc_page_fault+0x26/0x30
[ 2423.436594][ T6471] RIP: 0023:0xf71f22e2
[ 2423.437878][ T6471] Code: c7 3d 9d 1d 00 56 53 83 ec 1c 8b 6c 24 30 8b 55 1c 65 a1 68 00 00 00 39 c2 0f 84 11 01 00 00 80 7d 18 02 74 2b b8 08 00 00 00 <f0> 0f c1 45 00 83 c0 08 85 c0 0f 88 0e 01 00 00 a8 01 75 7a 31 d2
[ 2423.444475][ T6471] RSP: 002b:00000000f56c5390 EFLAGS: 00010293
[ 2423.446369][ T6471] RAX: 0000000000000008 RBX: 00000000f73cbff4 RCX: 00000000ffffffff
[ 2423.448994][ T6471] RDX: 0000000000000000 RSI: 00000000f72d7236 RDI: 00000000f73cbff4
[ 2423.451568][ T6471] RBP: 00000000f7f36e40 R08: 0000000000000000 R09: 0000000000000000
[ 2423.454323][ T6471] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[ 2423.457279][ T6471] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 2423.459878][ T6471]  </TASK>
[ 2423.547788][ T6471] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[ 2423.549967][ T6471] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 2423.678187][ T6477] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[ 2423.721644][ T6480] netlink: 'syz.0.9087': attribute type 4 has an invalid length.
[ 2423.731839][ T6480] netlink: 'syz.0.9087': attribute type 17 has an invalid length.
[ 2425.000176][ T6496] FAULT_INJECTION: forcing a failure.
[ 2425.000176][ T6496] name failslab, interval 1, probability 0, space 0, times 0
[ 2425.027339][ T6496] CPU: 1 UID: 0 PID: 6496 Comm: syz.2.9092 Not tainted 6.11.0-syzkaller #0
[ 2425.029651][ T6496] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 2425.032459][ T6496] Call Trace:
[ 2425.033334][ T6496]  <TASK>
[ 2425.034113][ T6496]  dump_stack_lvl+0x16c/0x1f0
[ 2425.035338][ T6496]  should_fail_ex+0x497/0x5b0
[ 2425.036565][ T6496]  ? fs_reclaim_acquire+0xae/0x160
[ 2425.038176][ T6496]  should_failslab+0xc2/0x120
[ 2425.039868][ T6496]  kmem_cache_alloc_noprof+0x6e/0x2f0
[ 2425.041782][ T6496]  ? security_file_alloc+0x41/0x260
[ 2425.043611][ T6496]  security_file_alloc+0x41/0x260
[ 2425.045418][ T6496]  ? kmem_cache_alloc_noprof+0x174/0x2f0
[ 2425.047372][ T6496]  init_file+0x99/0x260
[ 2425.048485][ T6496]  alloc_empty_file+0x91/0x1e0
[ 2425.049769][ T6496]  alloc_file_clone+0x5f/0x110
[ 2425.051067][ T6496]  create_pipe_files+0x3e6/0x7e0
[ 2425.052301][ T6504] binder: 6501:6504 unknown command 1074553618
[ 2425.052350][ T6496]  do_pipe2+0xb0/0x1d0
[ 2425.052366][ T6496]  ? __pfx_do_pipe2+0x10/0x10
[ 2425.054607][ T6504] binder: 6501:6504 ioctl c0306201 20000540 returned -22
[ 2425.056875][ T6496]  __ia32_sys_pipe2+0x53/0x80
[ 2425.061000][ T6496]  __do_fast_syscall_32+0x73/0x120
[ 2425.062849][ T6496]  do_fast_syscall_32+0x32/0x80
[ 2425.064642][ T6496]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 2425.066900][ T6496] RIP: 0023:0xf7ff2579
[ 2425.068240][ T6496] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[ 2425.073335][ T6496] RSP: 002b:00000000f577656c EFLAGS: 00000296 ORIG_RAX: 000000000000014b
[ 2425.076128][ T6496] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000000080
[ 2425.078361][ T6496] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 2425.080784][ T6496] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 2425.083205][ T6496] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[ 2425.085292][ T6496] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 2425.087352][ T6496]  </TASK>
[ 2425.623512][ T6515] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[ 2425.640683][   T39] audit: type=1804 audit(1726471478.495:17509): pid=6515 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.9097" name="/newroot/288/bus/file0" dev="overlay" ino=39059527 res=1 errno=0
[ 2425.650133][ T6515] FAULT_INJECTION: forcing a failure.
[ 2425.650133][ T6515] name failslab, interval 1, probability 0, space 0, times 0
[ 2425.654801][ T6515] CPU: 1 UID: 0 PID: 6515 Comm: syz.1.9097 Not tainted 6.11.0-syzkaller #0
[ 2425.657937][ T6515] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 2425.661711][ T6515] Call Trace:
[ 2425.662960][ T6515]  <TASK>
[ 2425.664078][ T6515]  dump_stack_lvl+0x16c/0x1f0
[ 2425.665789][ T6515]  should_fail_ex+0x497/0x5b0
[ 2425.667491][ T6515]  ? fs_reclaim_acquire+0xae/0x160
[ 2425.669416][ T6515]  should_failslab+0xc2/0x120
[ 2425.671165][ T6515]  kmem_cache_alloc_noprof+0x6e/0x2f0
[ 2425.673099][ T6515]  ? security_file_alloc+0x41/0x260
[ 2425.674899][ T6515]  security_file_alloc+0x41/0x260
[ 2425.676666][ T6515]  init_file+0x99/0x260
[ 2425.678202][ T6515]  alloc_empty_backing_file+0x63/0x100
[ 2425.680272][ T6515]  backing_file_open+0x2d/0x110
[ 2425.682208][ T6515]  ovl_open_realfile+0x290/0x3b0
[ 2425.684173][ T6515]  ovl_open+0x1ee/0x2b0
[ 2425.685736][ T6515]  ? __pfx_ovl_open+0x10/0x10
[ 2425.687437][ T6515]  ? bpf_lsm_file_open+0x9/0x10
[ 2425.689197][ T6515]  ? security_file_open+0x9d/0x8b0
[ 2425.691048][ T6515]  do_dentry_open+0x91f/0x15f0
[ 2425.692781][ T6515]  ? __pfx_ovl_open+0x10/0x10
[ 2425.694484][ T6515]  ? inode_permission+0xdd/0x5f0
[ 2425.696308][ T6515]  vfs_open+0x82/0x3f0
[ 2425.697849][ T6515]  ? may_open+0x1f2/0x400
[ 2425.699481][ T6515]  path_openat+0x2141/0x2d20
[ 2425.701182][ T6515]  ? __pfx_path_openat+0x10/0x10
[ 2425.703021][ T6515]  ? __pfx___lock_acquire+0x10/0x10
[ 2425.704894][ T6515]  ? find_held_lock+0x2d/0x110
[ 2425.706593][ T6515]  do_filp_open+0x1dc/0x430
[ 2425.708250][ T6515]  ? __pfx_do_filp_open+0x10/0x10
[ 2425.710038][ T6515]  ? find_held_lock+0x2d/0x110
[ 2425.711776][ T6515]  ? _raw_spin_unlock+0x28/0x50
[ 2425.713555][ T6515]  ? alloc_fd+0x2d7/0x6c0
[ 2425.715155][ T6515]  do_sys_openat2+0x17a/0x1e0
[ 2425.716925][ T6515]  ? __pfx_do_sys_openat2+0x10/0x10
[ 2425.718819][ T6515]  __ia32_compat_sys_openat+0x16e/0x210
[ 2425.720759][ T6515]  ? __pfx___ia32_compat_sys_openat+0x10/0x10
[ 2425.722846][ T6515]  ? ksys_write+0x1ab/0x260
[ 2425.724489][ T6515]  __do_fast_syscall_32+0x73/0x120
[ 2425.726344][ T6515]  do_fast_syscall_32+0x32/0x80
[ 2425.728098][ T6515]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 2425.730342][ T6515] RIP: 0023:0xf73de579
[ 2425.731829][ T6515] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[ 2425.738338][ T6515] RSP: 002b:00000000f56c656c EFLAGS: 00000296 ORIG_RAX: 0000000000000127
[ 2425.741429][ T6515] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 00000000200002c0
[ 2425.744434][ T6515] RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000000
[ 2425.747199][ T6515] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 2425.749927][ T6515] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[ 2425.752745][ T6515] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 2425.755674][ T6515]  </TASK>
[ 2426.118582][ T6526] input: syz0 as /devices/virtual/input/input309
[ 2426.391635][ T6540] binder: 6534:6540 unknown command 0
[ 2426.393435][ T6540] binder: 6534:6540 ioctl c0306201 20000080 returned -22
[ 2426.423395][ T6541] cgroup: none used incorrectly
[ 2426.773015][ T6547] netlink: 12 bytes leftover after parsing attributes in process `syz.2.9108'.
[ 2426.954154][ T6551] sg_write: data in/out 206/251 bytes for SCSI command 0x15-- guessing data in;
[ 2426.954154][ T6551]    program syz.1.9110 not setting count and/or reply_len properly
[ 2427.001376][ T6553] netlink: 216 bytes leftover after parsing attributes in process `syz.1.9111'.
[ 2427.004011][ T6553] netlink: 220 bytes leftover after parsing attributes in process `syz.1.9111'.
[ 2428.418569][ T6578] overlay: Unknown parameter 'func'
[ 2429.192713][ T6583] tipc: New replicast peer: 255.255.255.255
[ 2429.196615][ T6583] tipc: Enabled bearer <udp:syz2>, priority 10
[ 2429.684148][ T6600] team0: MTU too low for tipc bearer
[ 2429.690719][ T6600] tipc: Disabling bearer <eth:team0>
[ 2429.695999][ T6598] input: syz0 as /devices/virtual/input/input310
[ 2429.862372][ T6602] netlink: 'syz.1.9127': attribute type 8 has an invalid length.
[ 2430.074246][ T6607] FAULT_INJECTION: forcing a failure.
[ 2430.074246][ T6607] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2430.090256][ T6607] CPU: 2 UID: 0 PID: 6607 Comm: syz.2.9129 Not tainted 6.11.0-syzkaller #0
[ 2430.093297][ T6607] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 2430.096752][ T6607] Call Trace:
[ 2430.097711][ T6607]  <TASK>
[ 2430.098539][ T6607]  dump_stack_lvl+0x16c/0x1f0
[ 2430.099874][ T6607]  should_fail_ex+0x497/0x5b0
[ 2430.101561][ T6607]  _copy_from_user+0x30/0xf0
[ 2430.102945][ T6607]  get_compat_msghdr+0xa8/0x170
[ 2430.104351][ T6607]  ? __pfx_get_compat_msghdr+0x10/0x10
[ 2430.105841][ T6607]  ? kfree+0x245/0x3b0
[ 2430.106922][ T6607]  ? find_held_lock+0x2d/0x110
[ 2430.108213][ T6607]  ___sys_recvmsg+0x193/0x1a0
[ 2430.109474][ T6607]  ? __pfx____sys_recvmsg+0x10/0x10
[ 2430.110849][ T6607]  ? __pfx___might_resched+0x10/0x10
[ 2430.112256][ T6607]  ? __fget_light+0x173/0x210
[ 2430.113510][ T6607]  do_recvmmsg+0x51a/0x750
[ 2430.114838][ T6607]  ? __pfx_do_recvmmsg+0x10/0x10
[ 2430.116257][ T6607]  ? __pfx_lock_release+0x10/0x10
[ 2430.117594][ T6607]  ? vfs_write+0x14d/0x1140
[ 2430.118821][ T6607]  __sys_recvmmsg+0x21e/0x280
[ 2430.120099][ T6607]  ? __pfx___sys_recvmmsg+0x10/0x10
[ 2430.121589][ T6607]  ? __pfx_ksys_write+0x10/0x10
[ 2430.122895][ T6607]  __ia32_compat_sys_recvmmsg_time32+0xc4/0x160
[ 2430.124914][ T6607]  ? lockdep_hardirqs_on+0x7c/0x110
[ 2430.126729][ T6607]  ? syscall_enter_from_user_mode_prepare+0x68/0xe0
[ 2430.128819][ T6607]  __do_fast_syscall_32+0x73/0x120
[ 2430.130349][ T6607]  do_fast_syscall_32+0x32/0x80
[ 2430.132063][ T6607]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 2430.134347][ T6607] RIP: 0023:0xf7ff2579
[ 2430.135777][ T6607] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[ 2430.142507][ T6607] RSP: 002b:00000000f575556c EFLAGS: 00000296 ORIG_RAX: 0000000000000151
[ 2430.145429][ T6607] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000200004c0
[ 2430.148159][ T6607] RDX: 0000000000000f00 RSI: 0000000000000000 RDI: 0000000000000000
[ 2430.150860][ T6607] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 2430.153584][ T6607] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[ 2430.156315][ T6607] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 2430.159047][ T6607]  </TASK>
[ 2431.436089][   T39] audit: type=1326 audit(1726471484.285:17510): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6629 comm="syz.1.9137" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73de579 code=0x7ffc0000
[ 2431.459780][   T39] audit: type=1326 audit(1726471484.295:17511): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6629 comm="syz.1.9137" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73de579 code=0x7ffc0000
[ 2431.477682][   T39] audit: type=1326 audit(1726471484.305:17512): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6629 comm="syz.1.9137" exe="/syz-executor" sig=0 arch=40000003 syscall=177 compat=1 ip=0xf73de579 code=0x7ffc0000
[ 2431.483319][   T39] audit: type=1326 audit(1726471484.305:17513): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6629 comm="syz.1.9137" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73de579 code=0x7ffc0000
[ 2431.495410][ T6630] netlink: 4 bytes leftover after parsing attributes in process `syz.1.9137'.
[ 2431.501811][   T39] audit: type=1326 audit(1726471484.305:17514): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6629 comm="syz.1.9137" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73de579 code=0x7ffc0000
[ 2431.510948][   T39] audit: type=1326 audit(1726471484.305:17515): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6629 comm="syz.1.9137" exe="/syz-executor" sig=0 arch=40000003 syscall=370 compat=1 ip=0xf73de579 code=0x7ffc0000
[ 2431.517125][   T39] audit: type=1326 audit(1726471484.305:17516): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6629 comm="syz.1.9137" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73de579 code=0x7ffc0000
[ 2431.532876][   T39] audit: type=1326 audit(1726471484.305:17517): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6629 comm="syz.1.9137" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73de579 code=0x7ffc0000
[ 2431.547456][   T39] audit: type=1326 audit(1726471484.305:17518): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6629 comm="syz.1.9137" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf73de579 code=0x7ffc0000
[ 2431.566089][   T39] audit: type=1326 audit(1726471484.305:17519): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6629 comm="syz.1.9137" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73de579 code=0x7ffc0000
[ 2431.709702][ T6640] netlink: 16 bytes leftover after parsing attributes in process `syz.1.9141'.
[ 2431.713001][ T6640] bond0: option ad_select: unable to set because the bond device is up
[ 2431.815708][ T6643] input: syz0 as /devices/virtual/input/input312
[ 2431.844283][ T6643] FAULT_INJECTION: forcing a failure.
[ 2431.844283][ T6643] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2431.850706][ T6643] CPU: 2 UID: 0 PID: 6643 Comm: syz.2.9142 Not tainted 6.11.0-syzkaller #0
[ 2431.853575][ T6643] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 2431.857197][ T6643] Call Trace:
[ 2431.858429][ T6643]  <TASK>
[ 2431.859476][ T6643]  dump_stack_lvl+0x16c/0x1f0
[ 2431.860855][ T6643]  should_fail_ex+0x497/0x5b0
[ 2431.862427][ T6643]  _copy_from_user+0x30/0xf0
[ 2431.863734][ T6643]  input_event_from_user+0x22d/0x3b0
[ 2431.865432][ T6643]  ? __pfx_input_event_from_user+0x10/0x10
[ 2431.867513][ T6643]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[ 2431.869477][ T6643]  ? input_event+0x8e/0xa0
[ 2431.871065][ T6643]  uinput_write+0xbc2/0x12c0
[ 2431.872721][ T6643]  ? __pfx_uinput_write+0x10/0x10
[ 2431.874728][ T6643]  ? bpf_lsm_file_permission+0x9/0x10
[ 2431.876326][ T6643]  ? security_file_permission+0x98/0xc0
[ 2431.878116][ T6643]  ? __pfx_uinput_write+0x10/0x10
[ 2431.879773][ T6643]  vfs_write+0x29a/0x1140
[ 2431.881316][ T6643]  ? __pfx_vfs_write+0x10/0x10
[ 2431.883054][ T6643]  ? __fget_files+0x256/0x400
[ 2431.884789][ T6643]  ? __fget_light+0x173/0x210
[ 2431.886127][ T6643]  ksys_write+0x1f8/0x260
[ 2431.887702][ T6643]  ? __pfx_ksys_write+0x10/0x10
[ 2431.889172][ T6643]  __do_fast_syscall_32+0x73/0x120
[ 2431.891032][ T6643]  do_fast_syscall_32+0x32/0x80
[ 2431.892824][ T6643]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 2431.895089][ T6643] RIP: 0023:0xf7ff2579
[ 2431.896256][ T6643] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[ 2431.902995][ T6643] RSP: 002b:00000000f577656c EFLAGS: 00000296 ORIG_RAX: 0000000000000004
[ 2431.905770][ T6643] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000500
[ 2431.908276][ T6643] RDX: 000000000000045c RSI: 0000000000000000 RDI: 0000000000000000
[ 2431.910595][ T6643] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 2431.913432][ T6643] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[ 2431.916274][ T6643] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 2431.919226][ T6643]  </TASK>
[ 2431.920380][    C2] vkms_vblank_simulate: vblank timer overrun
[ 2432.400342][ T6659] netlink: 4 bytes leftover after parsing attributes in process `syz.0.9145'.
[ 2432.427206][   T56] usb 7-1: new high-speed USB device number 24 using dummy_hcd
[ 2432.619186][   T56] usb 7-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[ 2432.621968][   T56] usb 7-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[ 2432.625837][   T56] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 2432.634712][   T56] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2432.640410][ T6655] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[ 2432.646266][   T56] usb 7-1: Quirk or no altset; falling back to MIDI 1.0
[ 2433.281168][ T1429] usb 7-1: USB disconnect, device number 24
[ 2433.364228][ T6673] netlink: 'syz.3.9149': attribute type 4 has an invalid length.
[ 2433.425965][ T6673] netlink: 'syz.3.9149': attribute type 17 has an invalid length.
[ 2433.487658][T22587] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0
[ 2433.490863][T22587] Bluetooth: hci0: Injecting HCI hardware error event
[ 2433.495975][T22587] Bluetooth: hci0: hardware error 0x00
[ 2433.588928][ T6675] netlink: 'syz.3.9150': attribute type 4 has an invalid length.
[ 2433.608201][T23426] usb 5-1: new high-speed USB device number 15 using dummy_hcd
[ 2433.789674][ T6682] FAULT_INJECTION: forcing a failure.
[ 2433.789674][ T6682] name failslab, interval 1, probability 0, space 0, times 0
[ 2433.792912][ T6682] CPU: 3 UID: 0 PID: 6682 Comm: syz.2.9151 Not tainted 6.11.0-syzkaller #0
[ 2433.795122][ T6682] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 2433.797893][ T6682] Call Trace:
[ 2433.798762][ T6682]  <TASK>
[ 2433.799537][ T6682]  dump_stack_lvl+0x16c/0x1f0
[ 2433.800767][ T6682]  should_fail_ex+0x497/0x5b0
[ 2433.801993][ T6682]  ? fs_reclaim_acquire+0xae/0x160
[ 2433.803332][ T6682]  should_failslab+0xc2/0x120
[ 2433.804588][ T6682]  __kmalloc_noprof+0xcb/0x410
[ 2433.805841][ T6682]  ? __pfx_ib_device_get_by_netdev+0x10/0x10
[ 2433.807403][ T6682]  _ib_alloc_device+0x3a/0x800
[ 2433.808622][ T6682]  rxe_net_add+0x1d/0x110
[ 2433.809758][ T6682]  rxe_newlink+0x70/0x190
[ 2433.810894][ T6682]  nldev_newlink+0x373/0x5e0
[ 2433.812126][ T6682]  ? __pfx_nldev_newlink+0x10/0x10
[ 2433.813499][ T6682]  ? aa_get_newest_label+0x376/0x680
[ 2433.814896][ T6682]  ? __pfx_lock_acquire+0x10/0x10
[ 2433.816217][ T6682]  ? __pfx_aa_get_newest_label+0x10/0x10
[ 2433.817674][ T6682]  ? __pfx_rwsem_read_trylock+0x10/0x10
[ 2433.819093][ T6682]  ? __pfx_stack_trace_save+0x10/0x10
[ 2433.820488][ T6682]  ? __pfx___might_resched+0x10/0x10
[ 2433.821877][ T6682]  ? apparmor_capable+0x114/0x1d0
[ 2433.823201][ T6682]  ? ns_capable+0xd7/0x110
[ 2433.824391][ T6682]  ? __pfx_nldev_newlink+0x10/0x10
[ 2433.825717][ T6682]  rdma_nl_rcv_msg+0x388/0x6e0
[ 2433.826978][ T6682]  ? __pfx_rdma_nl_rcv_msg+0x10/0x10
[ 2433.828382][ T6682]  ? __pfx___lock_acquire+0x10/0x10
[ 2433.829734][ T6682]  ? find_held_lock+0x2d/0x110
[ 2433.831006][ T6682]  rdma_nl_rcv_skb.constprop.0.isra.0+0x2e6/0x450
[ 2433.832692][ T6682]  ? __pfx_rdma_nl_rcv_skb.constprop.0.isra.0+0x10/0x10
[ 2433.834499][ T6682]  ? netlink_deliver_tap+0x1ae/0xcf0
[ 2433.835885][ T6682]  netlink_unicast+0x53c/0x7f0
[ 2433.837138][ T6682]  ? __pfx_netlink_unicast+0x10/0x10
[ 2433.838196][T23426] usb 5-1: Using ep0 maxpacket: 16
[ 2433.838469][ T6682]  ? __phys_addr_symbol+0x30/0x80
[ 2433.841350][ T6682]  ? __check_object_size+0x497/0x720
[ 2433.842745][ T6682]  netlink_sendmsg+0x8b8/0xd70
[ 2433.843972][ T6682]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 2433.845294][ T6682]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[ 2433.846682][ T6682]  ____sys_sendmsg+0x9b4/0xb50
[ 2433.847749][T23426] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 2433.847895][ T6682]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 2433.850753][T23426] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[ 2433.852140][ T6682]  ? get_compat_msghdr+0x11b/0x170
[ 2433.854463][T23426] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[ 2433.855779][ T6682]  ? __pfx___lock_acquire+0x10/0x10
[ 2433.855806][ T6682]  ___sys_sendmsg+0x135/0x1e0
[ 2433.855822][ T6682]  ? __pfx____sys_sendmsg+0x10/0x10
[ 2433.862144][ T6682]  ? ksys_write+0x21c/0x260
[ 2433.863350][ T6682]  ? __fget_light+0x173/0x210
[ 2433.864602][ T6682]  __sys_sendmsg+0x117/0x1f0
[ 2433.865820][ T6682]  ? __pfx___sys_sendmsg+0x10/0x10
[ 2433.867164][ T6682]  __do_fast_syscall_32+0x73/0x120
[ 2433.868499][ T6682]  do_fast_syscall_32+0x32/0x80
[ 2433.869768][ T6682]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 2433.871481][ T6682] RIP: 0023:0xf7ff2579
[ 2433.872554][ T6682] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[ 2433.873432][T23426] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2433.877509][ T6682] RSP: 002b:00000000f575556c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[ 2433.877530][ T6682] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000200000c0
[ 2433.877537][ T6682] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 2433.877543][ T6682] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 2433.877549][ T6682] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[ 2433.877555][ T6682] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 2433.877569][ T6682]  </TASK>
[ 2433.902772][ T6682] rdma_rxe: rxe_newlink: failed to add ipvlan1
[ 2434.047800][ T4780] Bluetooth: hci0: command 0x0c1a tx timeout
[ 2434.053597][ T6012] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[ 2434.055251][ T6012] Bluetooth: hci0: Error when powering off device on rfkill (-110)
[ 2434.062910][T23426] usb 5-1: config 0 descriptor??
[ 2434.737159][ T6690] input: syz1 as /devices/virtual/input/input313
[ 2436.769976][T23426] usb 5-1: USB disconnect, device number 15
[ 2437.035412][ T6716] netlink: 'syz.3.9160': attribute type 10 has an invalid length.
[ 2437.040673][ T6716] netlink: 152 bytes leftover after parsing attributes in process `syz.3.9160'.
[ 2437.049758][ T6716] tipc: Resetting bearer <eth:team0>
[ 2437.054920][ T6716] team0: left allmulticast mode
[ 2437.081867][ T6716] team_slave_0: left allmulticast mode
[ 2437.083344][ T6716] team_slave_1: left allmulticast mode
[ 2437.084802][ T6716] bridge1: left allmulticast mode
[ 2437.086218][ T6716] team0: left promiscuous mode
[ 2437.101871][ T6716] team_slave_0: left promiscuous mode
[ 2437.103443][ T6716] team_slave_1: left promiscuous mode
[ 2437.104999][ T6716] bridge1: left promiscuous mode
[ 2437.106498][ T6716] bridge0: port 3(team0) entered disabled state
[ 2437.160297][ T6716] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check.
[ 2437.222369][ T6720] netlink: 32 bytes leftover after parsing attributes in process `syz.0.9161'.
[ 2437.972295][ T6726] syz.2.9162[6726] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 2437.972441][ T6726] syz.2.9162[6726] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 2438.143058][ T6729] FAULT_INJECTION: forcing a failure.
[ 2438.143058][ T6729] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2438.143118][ T6729] 
[ 2438.143121][ T6729] ======================================================
[ 2438.143124][ T6729] WARNING: possible circular locking dependency detected
[ 2438.143128][ T6729] 6.11.0-syzkaller #0 Not tainted
[ 2438.143133][ T6729] ------------------------------------------------------
[ 2438.143136][ T6729] syz.3.9163/6729 is trying to acquire lock:
[ 2438.143141][ T6729] ffffffff8dda75d8 ((console_sem).lock){-.-.}-{2:2}, at: down_trylock+0x12/0x70
[ 2438.143167][ T6729] 
[ 2438.143167][ T6729] but task is already holding lock:
[ 2438.143169][ T6729] ffff88802b63edd8 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x7e/0x130
[ 2438.143191][ T6729] 
[ 2438.143191][ T6729] which lock already depends on the new lock.
[ 2438.143191][ T6729] 
[ 2438.143193][ T6729] 
[ 2438.143193][ T6729] the existing dependency chain (in reverse order) is:
[ 2438.143195][ T6729] 
[ 2438.143195][ T6729] -> #2 (&rq->__lock){-.-.}-{2:2}:
[ 2438.143205][ T6729]        _raw_spin_lock_nested+0x31/0x40
[ 2438.143216][ T6729]        raw_spin_rq_lock_nested+0x29/0x130
[ 2438.143227][ T6729]        task_fork_fair+0x73/0x250
[ 2438.143236][ T6729]        sched_cgroup_fork+0x3cf/0x510
[ 2438.143244][ T6729]        copy_process+0x4710/0x6f50
[ 2438.143253][ T6729]        kernel_clone+0xfd/0x960
[ 2438.143262][ T6729]        user_mode_thread+0xb4/0xf0
[ 2438.143270][ T6729]        rest_init+0x23/0x2b0
[ 2438.143277][ T6729]        start_kernel+0x3df/0x4c0
[ 2438.143289][ T6729]        x86_64_start_reservations+0x18/0x30
[ 2438.143300][ T6729]        x86_64_start_kernel+0xb2/0xc0
[ 2438.143310][ T6729]        common_startup_64+0x13e/0x148
[ 2438.143319][ T6729] 
[ 2438.143319][ T6729] -> #1 (&p->pi_lock){-.-.}-{2:2}:
[ 2438.143330][ T6729]        _raw_spin_lock_irqsave+0x3a/0x60
[ 2438.143339][ T6729]        try_to_wake_up+0x9a/0x13e0
[ 2438.143350][ T6729]        up+0x79/0xb0
[ 2438.143360][ T6729]        console_unlock+0x23e/0x290
[ 2438.143373][ T6729]        vga_remove_vgacon+0x90/0xd0
[ 2438.143383][ T6729]        aperture_remove_conflicting_pci_devices+0x16a/0x1e0
[ 2438.143397][ T6729]        bochs_pci_probe+0x101/0x1150
[ 2438.143409][ T6729]        local_pci_probe+0xde/0x1b0
[ 2438.143422][ T6729]        pci_device_probe+0x29d/0x7b0
[ 2438.143433][ T6729]        really_probe+0x23e/0xa90
[ 2438.143440][ T6729]        __driver_probe_device+0x1de/0x440
[ 2438.143448][ T6729]        driver_probe_device+0x4c/0x1b0
[ 2438.143455][ T6729]        __driver_attach+0x283/0x580
[ 2438.143461][ T6729]        bus_for_each_dev+0x13c/0x1d0
[ 2438.143472][ T6729]        bus_add_driver+0x2e9/0x690
[ 2438.143483][ T6729]        driver_register+0x15c/0x4b0
[ 2438.143491][ T6729]        bochs_pci_driver_init+0x67/0x80
[ 2438.143502][ T6729]        do_one_initcall+0x128/0x630
[ 2438.143514][ T6729]        kernel_init_freeable+0x660/0xc50
[ 2438.143525][ T6729]        kernel_init+0x1c/0x2b0
[ 2438.143531][ T6729]        ret_from_fork+0x45/0x80
[ 2438.143543][ T6729]        ret_from_fork_asm+0x1a/0x30
[ 2438.143554][ T6729] 
[ 2438.143554][ T6729] -> #0 ((console_sem).lock){-.-.}-{2:2}:
[ 2438.143564][ T6729]        __lock_acquire+0x24ed/0x3cb0
[ 2438.143585][ T6729]        lock_acquire+0x1b1/0x560
[ 2438.143597][ T6729]        _raw_spin_lock_irqsave+0x3a/0x60
[ 2438.143606][ T6729]        down_trylock+0x12/0x70
[ 2438.143617][ T6729]        __down_trylock_console_sem+0x40/0x140
[ 2438.143628][ T6729]        vprintk_emit+0x3d3/0x600
[ 2438.143635][ T6729]        vprintk+0x7f/0xa0
[ 2438.143643][ T6729]        _printk+0xc8/0x100
[ 2438.143652][ T6729]        should_fail_ex+0x46c/0x5b0
[ 2438.143662][ T6729]        copy_to_user_nofault+0x9f/0x1a0
[ 2438.143672][ T6729]        bpf_probe_write_user+0xaf/0xf0
[ 2438.143680][ T6729]        bpf_prog_6303d92f98284ad8+0x43/0x47
[ 2438.143687][ T6729]        bpf_trace_run4+0x245/0x5a0
[ 2438.143696][ T6729]        __traceiter_sched_switch+0x6c/0xc0
[ 2438.143707][ T6729]        __schedule+0x17cf/0x5490
[ 2438.143716][ T6729]        preempt_schedule_common+0x44/0xc0
[ 2438.143726][ T6729]        preempt_schedule_thunk+0x1a/0x30
[ 2438.143734][ T6729]        migrate_enable+0x1fe/0x260
[ 2438.143744][ T6729]        bpf_test_timer_leave+0xc8/0x170
[ 2438.143755][ T6729]        bpf_test_timer_continue+0x32e/0x3d0
[ 2438.143769][ T6729]        bpf_test_run+0x3c6/0xa90
[ 2438.143778][ T6729]        bpf_prog_test_run_skb+0xb8b/0x2140
[ 2438.143789][ T6729]        __sys_bpf+0x1af6/0x55e0
[ 2438.143800][ T6729]        __ia32_sys_bpf+0x76/0xe0
[ 2438.143811][ T6729]        __do_fast_syscall_32+0x73/0x120
[ 2438.143822][ T6729]        do_fast_syscall_32+0x32/0x80
[ 2438.143834][ T6729]        entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 2438.143845][ T6729] 
[ 2438.143845][ T6729] other info that might help us debug this:
[ 2438.143845][ T6729] 
[ 2438.143847][ T6729] Chain exists of:
[ 2438.143847][ T6729]   (console_sem).lock --> &p->pi_lock --> &rq->__lock
[ 2438.143847][ T6729] 
[ 2438.143858][ T6729]  Possible unsafe locking scenario:
[ 2438.143858][ T6729] 
[ 2438.143860][ T6729]        CPU0                    CPU1
[ 2438.143862][ T6729]        ----                    ----
[ 2438.143864][ T6729]   lock(&rq->__lock);
[ 2438.143869][ T6729]                                lock(&p->pi_lock);
[ 2438.143873][ T6729]                                lock(&rq->__lock);
[ 2438.143878][ T6729]   lock((console_sem).lock);
[ 2438.143883][ T6729] 
[ 2438.143883][ T6729]  *** DEADLOCK ***
[ 2438.143883][ T6729] 
[ 2438.143885][ T6729] 3 locks held by syz.3.9163/6729:
[ 2438.143911][ T6729]  #0: ffffffff8ddb94a0 (rcu_read_lock){....}-{1:2}, at: bpf_test_timer_enter+0x30/0x180
[ 2438.143944][ T6729]  #1: ffff88802b63edd8 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x7e/0x130
[ 2438.143967][ T6729]  #2: ffffffff8ddb94a0 (rcu_read_lock){....}-{1:2}, at: bpf_trace_run4+0x1d6/0x5a0
[ 2438.143985][ T6729] 
[ 2438.143985][ T6729] stack backtrace:
[ 2438.143989][ T6729] CPU: 0 UID: 0 PID: 6729 Comm: syz.3.9163 Not tainted 6.11.0-syzkaller #0
[ 2438.143999][ T6729] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 2438.144004][ T6729] Call Trace:
[ 2438.144008][ T6729]  <TASK>
[ 2438.144012][ T6729]  dump_stack_lvl+0x116/0x1f0
[ 2438.144023][ T6729]  check_noncircular+0x31a/0x400
[ 2438.144034][ T6729]  ? __pfx_check_noncircular+0x10/0x10
[ 2438.144045][ T6729]  ? __pfx__prb_read_valid+0x10/0x10
[ 2438.144055][ T6729]  ? __pfx_format_decode+0x10/0x10
[ 2438.144068][ T6729]  ? lockdep_lock+0xc6/0x200
[ 2438.144077][ T6729]  ? __pfx_lockdep_lock+0x10/0x10
[ 2438.144085][ T6729]  ? vsnprintf+0x40f/0x1870
[ 2438.144100][ T6729]  __lock_acquire+0x24ed/0x3cb0
[ 2438.144113][ T6729]  ? __pfx___lock_acquire+0x10/0x10
[ 2438.144125][ T6729]  ? vprintk_store+0x222/0xbb0
[ 2438.144139][ T6729]  lock_acquire+0x1b1/0x560
[ 2438.144150][ T6729]  ? down_trylock+0x12/0x70
[ 2438.144163][ T6729]  ? __pfx_lock_acquire+0x10/0x10
[ 2438.144175][ T6729]  ? mark_lock+0xb5/0xc60
[ 2438.144186][ T6729]  ? vprintk+0x7f/0xa0
[ 2438.144194][ T6729]  _raw_spin_lock_irqsave+0x3a/0x60
[ 2438.144204][ T6729]  ? down_trylock+0x12/0x70
[ 2438.144216][ T6729]  down_trylock+0x12/0x70
[ 2438.144229][ T6729]  __down_trylock_console_sem+0x40/0x140
[ 2438.144241][ T6729]  vprintk_emit+0x3d3/0x600
[ 2438.144250][ T6729]  vprintk+0x7f/0xa0
[ 2438.144259][ T6729]  _printk+0xc8/0x100
[ 2438.144270][ T6729]  ? __pfx__printk+0x10/0x10
[ 2438.144280][ T6729]  ? __lock_acquire+0x1620/0x3cb0
[ 2438.144292][ T6729]  ? ___ratelimit+0x24c/0x580
[ 2438.144300][ T6729]  ? __pfx____ratelimit+0x10/0x10
[ 2438.144310][ T6729]  should_fail_ex+0x46c/0x5b0
[ 2438.144319][ T6729]  ? hlock_class+0x4e/0x130
[ 2438.144328][ T6729]  copy_to_user_nofault+0x9f/0x1a0
[ 2438.144340][ T6729]  bpf_probe_write_user+0xaf/0xf0
[ 2438.144349][ T6729]  bpf_prog_6303d92f98284ad8+0x43/0x47
[ 2438.144356][ T6729]  bpf_trace_run4+0x245/0x5a0
[ 2438.144367][ T6729]  ? __pfx_bpf_trace_run4+0x10/0x10
[ 2438.144378][ T6729]  ? tracing_record_taskinfo_sched_switch+0x54/0x400
[ 2438.144392][ T6729]  __traceiter_sched_switch+0x6c/0xc0
[ 2438.144403][ T6729]  ? _find_next_bit+0x11b/0x150
[ 2438.144414][ T6729]  __schedule+0x17cf/0x5490
[ 2438.144428][ T6729]  ? __pfx___schedule+0x10/0x10
[ 2438.144439][ T6729]  ? __do_set_cpus_allowed+0x1c8/0x6a0
[ 2438.144453][ T6729]  ? __set_cpus_allowed_ptr_locked+0x32e/0x6d0
[ 2438.144465][ T6729]  ? preempt_schedule_thunk+0x1a/0x30
[ 2438.144474][ T6729]  preempt_schedule_common+0x44/0xc0
[ 2438.144486][ T6729]  preempt_schedule_thunk+0x1a/0x30
[ 2438.144496][ T6729]  migrate_enable+0x1fe/0x260
[ 2438.144507][ T6729]  ? __pfx_migrate_enable+0x10/0x10
[ 2438.144518][ T6729]  ? read_tsc+0x9/0x20
[ 2438.144530][ T6729]  bpf_test_timer_leave+0xc8/0x170
[ 2438.144541][ T6729]  bpf_test_timer_continue+0x32e/0x3d0
[ 2438.144553][ T6729]  bpf_test_run+0x3c6/0xa90
[ 2438.144566][ T6729]  ? __pfx_bpf_test_run+0x10/0x10
[ 2438.144582][ T6729]  ? krealloc_noprof+0xa7/0x100
[ 2438.144596][ T6729]  bpf_prog_test_run_skb+0xb8b/0x2140
[ 2438.144611][ T6729]  ? __pfx_bpf_prog_test_run_skb+0x10/0x10
[ 2438.144624][ T6729]  ? fput+0x32/0x390
[ 2438.144639][ T6729]  ? __pfx_bpf_prog_test_run_skb+0x10/0x10
[ 2438.144651][ T6729]  __sys_bpf+0x1af6/0x55e0
[ 2438.144663][ T6729]  ? __pfx___sys_bpf+0x10/0x10
[ 2438.144675][ T6729]  ? ksys_write+0x12f/0x260
[ 2438.144685][ T6729]  ? find_held_lock+0x2d/0x110
[ 2438.144695][ T6729]  ? ksys_write+0x21c/0x260
[ 2438.144705][ T6729]  ? __pfx_lock_release+0x10/0x10
[ 2438.144717][ T6729]  ? vfs_write+0x14d/0x1140
[ 2438.144728][ T6729]  ? __mutex_unlock_slowpath+0x164/0x650
[ 2438.144744][ T6729]  ? fput+0x32/0x390
[ 2438.144760][ T6729]  ? ksys_write+0x1ab/0x260
[ 2438.144770][ T6729]  ? __pfx_ksys_write+0x10/0x10
[ 2438.144782][ T6729]  __ia32_sys_bpf+0x76/0xe0
[ 2438.144794][ T6729]  __do_fast_syscall_32+0x73/0x120
[ 2438.144807][ T6729]  do_fast_syscall_32+0x32/0x80
[ 2438.144819][ T6729]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 2438.144830][ T6729] RIP: 0023:0xf7f31579
[ 2438.144837][ T6729] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[ 2438.144845][ T6729] RSP: 002b:00000000f569556c EFLAGS: 00000296 ORIG_RAX: 0000000000000165
[ 2438.144854][ T6729] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000020000780
[ 2438.144859][ T6729] RDX: 0000000000000050 RSI: 0000000000000000 RDI: 0000000000000000
[ 2438.144865][ T6729] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 2438.144870][ T6729] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[ 2438.144875][ T6729] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 2438.144883][ T6729]  </TASK>
[ 2438.409670][ T6729] CPU: 0 UID: 0 PID: 6729 Comm: syz.3.9163 Not tainted 6.11.0-syzkaller #0
[ 2438.412072][ T6729] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 2438.414885][ T6729] Call Trace:
[ 2438.415748][ T6729]  <TASK>
[ 2438.416541][ T6729]  dump_stack_lvl+0x116/0x1f0
[ 2438.417826][ T6729]  should_fail_ex+0x497/0x5b0
[ 2438.419046][ T6729]  ? hlock_class+0x4e/0x130
[ 2438.420321][ T6729]  copy_to_user_nofault+0x9f/0x1a0
[ 2438.421652][ T6729]  bpf_probe_write_user+0xaf/0xf0
[ 2438.422951][ T6729]  bpf_prog_6303d92f98284ad8+0x43/0x47
[ 2438.424381][ T6729]  bpf_trace_run4+0x245/0x5a0
[ 2438.425598][ T6729]  ? __pfx_bpf_trace_run4+0x10/0x10
[ 2438.426942][ T6729]  ? tracing_record_taskinfo_sched_switch+0x54/0x400
[ 2438.428669][ T6729]  __traceiter_sched_switch+0x6c/0xc0
[ 2438.430091][ T6729]  ? _find_next_bit+0x11b/0x150
[ 2438.431366][ T6729]  __schedule+0x17cf/0x5490
[ 2438.432553][ T6729]  ? __pfx___schedule+0x10/0x10
[ 2438.433808][ T6729]  ? __do_set_cpus_allowed+0x1c8/0x6a0
[ 2438.435218][ T6729]  ? __set_cpus_allowed_ptr_locked+0x32e/0x6d0
[ 2438.436817][ T6729]  ? preempt_schedule_thunk+0x1a/0x30
[ 2438.438277][ T6729]  preempt_schedule_common+0x44/0xc0
[ 2438.439645][ T6729]  preempt_schedule_thunk+0x1a/0x30
[ 2438.441050][ T6729]  migrate_enable+0x1fe/0x260
[ 2438.442271][ T6729]  ? __pfx_migrate_enable+0x10/0x10
[ 2438.443625][ T6729]  ? read_tsc+0x9/0x20
[ 2438.444685][ T6729]  bpf_test_timer_leave+0xc8/0x170
[ 2438.445965][ T6729]  bpf_test_timer_continue+0x32e/0x3d0
[ 2438.447419][ T6729]  bpf_test_run+0x3c6/0xa90
[ 2438.448616][ T6729]  ? __pfx_bpf_test_run+0x10/0x10
[ 2438.449963][ T6729]  ? krealloc_noprof+0xa7/0x100
[ 2438.451224][ T6729]  bpf_prog_test_run_skb+0xb8b/0x2140
[ 2438.452617][ T6729]  ? __pfx_bpf_prog_test_run_skb+0x10/0x10
[ 2438.454129][ T6729]  ? fput+0x32/0x390
[ 2438.455155][ T6729]  ? __pfx_bpf_prog_test_run_skb+0x10/0x10
[ 2438.456680][ T6729]  __sys_bpf+0x1af6/0x55e0
[ 2438.457886][ T6729]  ? __pfx___sys_bpf+0x10/0x10
[ 2438.459143][ T6729]  ? ksys_write+0x12f/0x260
[ 2438.460382][ T6729]  ? find_held_lock+0x2d/0x110
[ 2438.461629][ T6729]  ? ksys_write+0x21c/0x260
[ 2438.462809][ T6729]  ? __pfx_lock_release+0x10/0x10
[ 2438.464176][ T6729]  ? vfs_write+0x14d/0x1140
[ 2438.465419][ T6729]  ? __mutex_unlock_slowpath+0x164/0x650
[ 2438.466893][ T6729]  ? fput+0x32/0x390
[ 2438.467938][ T6729]  ? ksys_write+0x1ab/0x260
[ 2438.469134][ T6729]  ? __pfx_ksys_write+0x10/0x10
[ 2438.470412][ T6729]  __ia32_sys_bpf+0x76/0xe0
[ 2438.471611][ T6729]  __do_fast_syscall_32+0x73/0x120
[ 2438.472958][ T6729]  do_fast_syscall_32+0x32/0x80
[ 2438.474218][ T6729]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 2438.475869][ T6729] RIP: 0023:0xf7f31579
[ 2438.476956][ T6729] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[ 2438.482104][ T6729] RSP: 002b:00000000f569556c EFLAGS: 00000296 ORIG_RAX: 0000000000000165
[ 2438.484275][ T6729] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000020000780
[ 2438.486322][ T6729] RDX: 0000000000000050 RSI: 0000000000000000 RDI: 0000000000000000
[ 2438.488365][ T6729] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 2438.490451][ T6729] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[ 2438.492538][ T6729] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 2438.494607][ T6729]  </TASK>
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[ 2439.334456][ T2017] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2439.423021][ T2017] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2439.494736][ T2017] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2439.572177][ T2017] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2439.695137][ T2017] bridge_slave_1: left allmulticast mode
[ 2439.696678][ T2017] bridge_slave_1: left promiscuous mode
[ 2439.698308][ T2017] bridge0: port 2(bridge_slave_1) entered disabled state
[ 2439.710303][ T2017] bridge_slave_0: left allmulticast mode
[ 2439.712195][ T2017] bridge_slave_0: left promiscuous mode
[ 2439.714184][ T2017] bridge0: port 1(bridge_slave_0) entered disabled state
[ 2440.012486][ T2017] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 2440.017704][ T2017] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 2440.028498][ T2017] bond0 (unregistering): Released all slaves
[ 2440.228774][ T2017] mac80211_hwsim hwsim94 wlan1 (unregistering): left allmulticast mode
[ 2440.607711][ T2017] hsr_slave_0: left promiscuous mode
[ 2440.609823][ T2017] hsr_slave_1: left promiscuous mode
[ 2440.611817][ T2017] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 2440.613745][ T2017] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 2440.616152][ T2017] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 2440.618089][ T2017] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 2440.630783][ T2017] veth1_macvtap: left promiscuous mode
[ 2440.632267][ T2017] veth0_macvtap: left promiscuous mode
[ 2440.633785][ T2017] veth1_vlan: left promiscuous mode
[ 2440.635203][ T2017] veth0_vlan: left promiscuous mode
[ 2441.111685][ T2017] team0 (unregistering): Port device team_slave_1 removed
[ 2441.216595][ T2017] team0 (unregistering): Port device team_slave_0 removed
[ 2442.054481][ T2017] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2442.142784][ T2017] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2442.218875][ T2017] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2442.313316][ T2017] bond0: (slave netdevsim0): Releasing backup interface
[ 2442.316354][ T2017] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2442.437804][ T2017] bridge_slave_1: left allmulticast mode
[ 2442.439326][ T2017] bridge_slave_1: left promiscuous mode
[ 2442.440895][ T2017] bridge0: port 2(bridge_slave_1) entered disabled state
[ 2442.443919][ T2017] bridge_slave_0: left allmulticast mode
[ 2442.445402][ T2017] bridge_slave_0: left promiscuous mode
[ 2442.446941][ T2017] bridge0: port 1(bridge_slave_0) entered disabled state
[ 2443.026332][ T2017] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 2443.031525][ T2017] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 2443.035613][ T2017] bond0 (unregistering): Released all slaves
[ 2443.041413][ T2017] bond1 (unregistering): Released all slaves
[ 2443.151777][ T2017] tipc: Left network mode
[ 2443.582834][ T2017] hsr_slave_0: left promiscuous mode
[ 2443.584847][ T2017] hsr_slave_1: left promiscuous mode
[ 2443.586836][ T2017] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 2443.588936][ T2017] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 2443.596677][ T2017] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 2443.599249][ T2017] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 2443.605027][ T2017] veth1_macvtap: left promiscuous mode
[ 2443.610741][ T2017] veth0_macvtap: left promiscuous mode
[ 2443.612352][ T2017] veth1_vlan: left promiscuous mode
[ 2443.613861][ T2017] veth0_vlan: left promiscuous mode
[ 2444.006704][ T2017] team0 (unregistering): Port device team_slave_1 removed
[ 2444.092450][ T2017] team0 (unregistering): Port device team_slave_0 removed

VM DIAGNOSIS:
04:07:19  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000000031 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff84fc2b75 RDI=ffffffff9a516680 RBP=ffffffff9a516640 RSP=ffffc9002662ef58
R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=2d2d2d2d2d2d2d2d
R12=0000000000000000 R13=0000000000000031 R14=ffffffff84fc2b10 R15=0000000000000000
RIP=ffffffff84fc2b9f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff88802b600000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000ffffffff CR3=000000004d260000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=000000000000000e 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000a000000000 0000000200000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000080010003 RBX=0000000000000003 RCX=ffffffff813be4ae RDX=ffff88801b7ec880
RSI=ffffffff813be4cb RDI=0000000000000000 RBP=ffff88802b63edc0 RSP=ffffc90000598b30
R8 =0000000000000000 R9 =0000000000000003 R10=0000000000000003 R11=ffff88802b73fd00
R12=0000000000000003 R13=0000000000000003 R14=ffff88802b73fc80 R15=ffffed10056c7db8
RIP=ffffffff813be4cc RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0000 0000000000000000 ffffffff 00c00000
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88802b700000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000ffffffff CR3=0000000077780000 CR4=00350ef0
DR0=0000000000000000 DR1=000000000000000a DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000a000000000 0000000200000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 2

CPU#2
RAX=0000000000000000 RBX=0000000000000040 RCX=ffffffff848868bd RDX=ffff888025ffc880
RSI=ffffffff84886799 RDI=0000000000000005 RBP=ffffc90003827508 RSP=ffffc900038273c0
R8 =0000000000000005 R9 =0000000000000004 R10=0000000000000003 R11=dffffc0000000000
R12=ffffffff8bb12b53 R13=dffffc0000000000 R14=0000000000000003 R15=0000000000000040
RIP=ffffffff818b1a51 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0000 0000000000000000 ffffffff 00c00000
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007f130ff8dd00 ffffffff 00c00000
GS =0000 ffff88802b800000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000008f000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00005633947a9000 CR3=00000000471ce000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000008082082 Opmask01=0000000000000000 Opmask02=00000000dfff7fff Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000001 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 554245440045534f 4252455600524f52 5245004c41544146 0054454955510029
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 554245440045534f 4252455600524f52 5245004c41544146 005445495551000c
ZMM20=0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004
ZMM21=9b3babd79b3babd7 9b3babd79b3babd7 9b3babd79b3babd7 9b3babd79b3babd7 9b3babd79b3babd7 9b3babd79b3babd7 9b3babd79b3babd7 9b3babd79b3babd7
ZMM22=0c7806820c780682 0c7806820c780682 0c7806820c780682 0c7806820c780682 0c7806820c780682 0c7806820c780682 0c7806820c780682 0c7806820c780682
ZMM23=cdde8c4ecdde8c4e cdde8c4ecdde8c4e cdde8c4ecdde8c4e cdde8c4ecdde8c4e cdde8c4ecdde8c4e cdde8c4ecdde8c4e cdde8c4ecdde8c4e cdde8c4ecdde8c4e
ZMM24=02fb8f0802fb8f08 02fb8f0802fb8f08 02fb8f0802fb8f08 02fb8f0802fb8f08 02fb8f0802fb8f08 02fb8f0802fb8f08 02fb8f0802fb8f08 02fb8f0802fb8f08
ZMM25=384dbfbe384dbfbe 384dbfbe384dbfbe 384dbfbe384dbfbe 384dbfbe384dbfbe 384dbfbe384dbfbe 384dbfbe384dbfbe 384dbfbe384dbfbe 384dbfbe384dbfbe
ZMM26=7e3272c07e3272c0 7e3272c07e3272c0 7e3272c07e3272c0 7e3272c07e3272c0 7e3272c07e3272c0 7e3272c07e3272c0 7e3272c07e3272c0 7e3272c07e3272c0
ZMM27=e63ff411e63ff411 e63ff411e63ff411 e63ff411e63ff411 e63ff411e63ff411 e63ff411e63ff411 e63ff411e63ff411 e63ff411e63ff411 e63ff411e63ff411
ZMM28=000000200000001f 0000001e0000001d 0000001c0000001b 0000001a00000019 0000001800000017 0000001600000015 0000001400000013 0000001200000011
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=7141000071410000 7141000071410000 7141000071410000 7141000071410000 7141000071410000 7141000071410000 7141000071410000 7141000071410000
info registers vcpu 3

CPU#3
RAX=0000000080000000 RBX=0000000000000000 RCX=ffffffff889c457e RDX=ffff88801fc4a440
RSI=ffffffff889c458c RDI=0000000000000005 RBP=0000000000000000 RSP=ffffc90000e8f6e0
R8 =0000000000000005 R9 =0000000000000040 R10=0000000000000001 R11=ffff88802b928a40
R12=0000000000000000 R13=fffffbfff2023e2a R14=0000000000000001 R15=0000000000000001
RIP=ffffffff818b1a4b RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88802b900000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000d6000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000ffffffff CR3=000000006cf56000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ff00000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000