last executing test programs:

1m25.676418289s ago: executing program 2 (id=3579):
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
fcntl$getown(0xffffffffffffffff, 0x9)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000180)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(&(0x7f00000003c0)='./bus\x00')
socket$nl_route(0x10, 0x3, 0x0)
ioctl$KVM_CAP_DIRTY_LOG_RING(0xffffffffffffffff, 0x4068aea3, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000140)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3f8, 0x0, 0x32}, 0x9c)
bind$inet6(r3, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
setsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r3, 0x84, 0x13, &(0x7f0000000040)=0xa, 0x4)
sendto$inet6(r3, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
r4 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
lseek(r4, 0x7ff, 0x1)

1m24.567764239s ago: executing program 2 (id=3583):
close(0xffffffffffffffff)
r0 = gettid()
sendmsg$unix(0xffffffffffffffff, &(0x7f0000001740)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000180)=[@cred={{0x18, 0x1, 0x2, {r0}}}], 0x18, 0x24040000}, 0x880)

1m24.488987945s ago: executing program 2 (id=3584):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x70bd2d, 0x25dfdbfb, {}, [{0x90, 0x1, [@m_ct={0x44, 0x7, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9c, 0x11e41e7a, 0x7, 0x2, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000180)=0x8)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$netlink(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000700)=ANY=[@ANYBLOB="2c0000002e0001002abd70000000000008000000", @ANYRES32, @ANYBLOB="0b00e880976b6408686030000500018099000000"], 0x2c}], 0x1}, 0x0)
r4 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r4, &(0x7f0000000440), 0x10)
listen(r4, 0x0)
r5 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r5, &(0x7f0000000100)={0x28, 0x0, 0x0, @local}, 0x10)
sendto$packet(r5, &(0x7f0000000600)="5f0efc", 0xfffffffffffffe4c, 0x44, 0x0, 0x0)
r6 = syz_init_net_socket$llc(0x1a, 0x2, 0x0)
setsockopt$llc_int(r6, 0x10c, 0x4, &(0x7f0000000000)=0xfffffffc, 0x4)
r7 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r7, &(0x7f00000000c0), 0x12)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
r8 = openat$sysfs(0xffffff9c, &(0x7f0000000080)='/sys/power/pm_test', 0x0, 0x0)
syz_clone3(&(0x7f0000000300)={0x385200080, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x0, {r8}}, 0x58)

1m23.588988963s ago: executing program 2 (id=3587):
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000440)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0)
mount$bind(&(0x7f0000000100)='./file0\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x18d811, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)

1m23.583631551s ago: executing program 2 (id=3588):
r0 = syz_genetlink_get_family_id$ipvs(&(0x7f00000001c0), 0xffffffffffffffff)
r1 = syz_open_dev$vim2m(&(0x7f0000000040), 0x0, 0x2)
ioctl$vim2m_VIDIOC_DQBUF(r1, 0xc0585611, &(0x7f0000000240)=@multiplanar_fd={0x0, 0x2, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "19893bbb"}, 0x0, 0x4, {0x0}})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
syz_genetlink_get_family_id$nfc(&(0x7f0000000100), 0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000600)=ANY=[@ANYBLOB="240000001a00010000000000000000000a0000000000000002000000080019"], 0x24}}, 0x0)
socket$nl_generic(0x11, 0x3, 0x10)
r7 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r7, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00', <r8=>0x0})
r9 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r9, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000600)=@ipv6_newroute={0x38, 0x18, 0x309, 0x70bd27, 0x0, {}, [@RTA_OIF={0x8, 0x4, r8}, @RTA_ENCAP_TYPE={0x6, 0x15, 0x7}, @RTA_ENCAP={0xc, 0x16, 0x0, 0x1, @LWTUNNEL_IP_FLAGS={0x6, 0x6, 0x8}}]}, 0x38}}, 0x1000c840)
r10 = syz_open_procfs(0x0, &(0x7f0000000080)='net/anycast6\x00')
preadv(r10, &(0x7f0000000280)=[{&(0x7f0000000480)=""/66, 0x42}], 0x1, 0x0, 0x0)
sendmsg$IPVS_CMD_NEW_DAEMON(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="0100000000000000000009000000440003800800010002000000140002007663616e300000000000000000000000080003000000000014000600ff"], 0x58}}, 0x0)
io_setup(0x1, &(0x7f00000004c0))

1m23.310897414s ago: executing program 2 (id=3589):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x11, 0x4, &(0x7f0000000240)=ANY=[@ANYBLOB="180100001700000000000000a54b0000850000007500000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000280)='svcrdma_qp_error\x00', r1, 0x0, 0x5}, 0x18)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000100)={r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xef7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x9}, 0xfffffffffffffdf9)
getpid()
r2 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0, r2, 0x0, 0x7}, 0xf)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000380), 0x1c2, 0x0)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000080)=0x3)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0, 0x67d2, 0x0, 0x0, 0x0, 0x28, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r4 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x1a01, 0x0)
ioctl$PPPIOCNEWUNIT(r4, 0xc004743e, &(0x7f0000000340))
ioctl$EVIOCGPROP(0xffffffffffffffff, 0x40047438, &(0x7f0000000180)=""/246)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r5 = dup(0xffffffffffffffff)
ioctl$PPPIOCSFLAGS1(r5, 0x4004743a, &(0x7f0000000300)=0x10100)
write$binfmt_aout(r4, &(0x7f0000000100)=ANY=[], 0xfce1)
ioctl$TCFLSH(r3, 0x80047456, 0x2)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_HYPERV_EVENTFD(r7, 0x4048aec9, &(0x7f0000000080)={0x6})
syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_COALESCE_SET(r0, 0x0, 0x80)
write$cgroup_devices(0xffffffffffffffff, &(0x7f00000000c0)=ANY=[@ANYRESOCT], 0x9)
socket$kcm(0x2b, 0x1, 0x0)
r8 = socket$inet6_sctp(0xa, 0x801, 0x84)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r8, 0x84, 0x7c, 0x0, 0x0)
socket$kcm(0x10, 0x2, 0x4)

1m23.267305843s ago: executing program 32 (id=3589):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x11, 0x4, &(0x7f0000000240)=ANY=[@ANYBLOB="180100001700000000000000a54b0000850000007500000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000280)='svcrdma_qp_error\x00', r1, 0x0, 0x5}, 0x18)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000100)={r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xef7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x9}, 0xfffffffffffffdf9)
getpid()
r2 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0, r2, 0x0, 0x7}, 0xf)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000380), 0x1c2, 0x0)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000080)=0x3)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0, 0x67d2, 0x0, 0x0, 0x0, 0x28, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r4 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x1a01, 0x0)
ioctl$PPPIOCNEWUNIT(r4, 0xc004743e, &(0x7f0000000340))
ioctl$EVIOCGPROP(0xffffffffffffffff, 0x40047438, &(0x7f0000000180)=""/246)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r5 = dup(0xffffffffffffffff)
ioctl$PPPIOCSFLAGS1(r5, 0x4004743a, &(0x7f0000000300)=0x10100)
write$binfmt_aout(r4, &(0x7f0000000100)=ANY=[], 0xfce1)
ioctl$TCFLSH(r3, 0x80047456, 0x2)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_HYPERV_EVENTFD(r7, 0x4048aec9, &(0x7f0000000080)={0x6})
syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_COALESCE_SET(r0, 0x0, 0x80)
write$cgroup_devices(0xffffffffffffffff, &(0x7f00000000c0)=ANY=[@ANYRESOCT], 0x9)
socket$kcm(0x2b, 0x1, 0x0)
r8 = socket$inet6_sctp(0xa, 0x801, 0x84)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r8, 0x84, 0x7c, 0x0, 0x0)
socket$kcm(0x10, 0x2, 0x4)

3.628509197s ago: executing program 1 (id=4000):
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f00000006c0)='tracefs\x00', 0x0, 0x0)
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000340)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@xino_on}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='mounts\x00')
pread64(r0, &(0x7f0000004180)=""/4096, 0x1000, 0x0)
syz_emit_vhci(&(0x7f0000000380)=ANY=[@ANYBLOB="8900eaffffff00"], 0x7)

3.61429436s ago: executing program 3 (id=4001):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x70bd2d, 0x25dfdbfb, {}, [{0x90, 0x1, [@m_ct={0x44, 0x7, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9c, 0x11e41e7a, 0x7, 0x2, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000180)=0x8)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x3)
r3 = socket$netlink(0x10, 0x3, 0x0)
getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000000040)={0x0, <r4=>0x0}, &(0x7f0000000080)=0xc)
sendmsg$netlink(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000700)=ANY=[@ANYBLOB="2c0000002e0001002abd", @ANYRES32=r4, @ANYBLOB="0b00e880976b6408686030000500018099000000"], 0x2c}], 0x1}, 0x0)
r5 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r5, &(0x7f0000000440), 0x10)
listen(r5, 0x0)
r6 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r6, &(0x7f0000000100)={0x28, 0x0, 0x0, @local}, 0x10)
sendto$packet(r6, &(0x7f0000000600)="5f0efc", 0xfffffffffffffe4c, 0x44, 0x0, 0x0)
r7 = syz_init_net_socket$llc(0x1a, 0x2, 0x0)
setsockopt$llc_int(r7, 0x10c, 0x4, &(0x7f0000000000)=0xfffffffc, 0x4)
r8 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r8, &(0x7f00000000c0), 0x12)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
r9 = openat$sysfs(0xffffff9c, &(0x7f0000000080)='/sys/power/pm_test', 0x0, 0x0)
syz_clone3(&(0x7f0000000300)={0x385200080, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x0, {r9}}, 0x58)

3.529916661s ago: executing program 1 (id=4002):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x70bd2d, 0x25dfdbfb, {}, [{0x90, 0x1, [@m_ct={0x44, 0x7, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9c, 0x11e41e7a, 0x7, 0x2, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000180)=0x8)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x3)
r3 = socket$netlink(0x10, 0x3, 0x0)
getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000000040)={0x0, <r4=>0x0}, &(0x7f0000000080)=0xc)
sendmsg$netlink(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000700)=ANY=[@ANYRES32=r4, @ANYBLOB="0b00e880976b6408686030000500018099000000"], 0x2c}], 0x1}, 0x0)
r5 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r5, &(0x7f0000000440), 0x10)
listen(r5, 0x0)
r6 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r6, &(0x7f0000000100)={0x28, 0x0, 0x0, @local}, 0x10)
sendto$packet(r6, &(0x7f0000000600)="5f0efc", 0xfffffffffffffe4c, 0x44, 0x0, 0x0)
r7 = syz_init_net_socket$llc(0x1a, 0x2, 0x0)
setsockopt$llc_int(r7, 0x10c, 0x4, &(0x7f0000000000)=0xfffffffc, 0x4)
r8 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r8, &(0x7f00000000c0), 0x12)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
r9 = openat$sysfs(0xffffff9c, &(0x7f0000000080)='/sys/power/pm_test', 0x0, 0x0)
syz_clone3(&(0x7f0000000300)={0x385200080, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x0, {r9}}, 0x58)

2.70798465s ago: executing program 3 (id=4008):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0xd, 0x0, 0x0, 0x0, 0x13, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10)
keyctl$instantiate_iov(0x14, 0x0, 0x0, 0x0, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r3 = dup(r2)
write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c)
r4 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r4, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x1})
madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x19)
r5 = socket$xdp(0x2c, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000400)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
recvmsg(r7, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f00000004c0)=""/226, 0xe2}, {&(0x7f0000000680)=""/174, 0xae}, {&(0x7f0000000740)=""/159, 0x9f}, {&(0x7f0000000800)=""/168, 0xa8}, {&(0x7f00000008c0)=""/145, 0x91}, {&(0x7f0000000980)=""/150, 0x96}], 0x6, &(0x7f0000000a40)=""/250, 0xfa}, 0x40000141)
pipe(&(0x7f0000000080)={<r8=>0xffffffffffffffff, <r9=>0xffffffffffffffff})
splice(r8, 0x0, r6, 0x0, 0x408cd, 0x0)
write$cgroup_int(r9, &(0x7f0000000380)=0xfffffffffffff800, 0x12)
setsockopt$XDP_UMEM_REG(r5, 0x11b, 0x4, &(0x7f0000000340)={&(0x7f0000000000)=""/59, 0x304000, 0x800, 0x0, 0x3}, 0x20)
ioctl$UFFDIO_COPY(r4, 0xc028aa05, &(0x7f0000000040)={&(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000000/0x3000)=nil, 0x3000, 0x2})
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r10 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x12, 0x6, 0x4, 0x2, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xf, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r10}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_device, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)

2.633599955s ago: executing program 1 (id=4009):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0xd, 0x0, 0x0, 0x0, 0x13, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10)
keyctl$instantiate_iov(0x14, 0x0, 0x0, 0x0, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r3 = dup(r2)
write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c)
r4 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r4, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x1})
madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x19)
r5 = socket$xdp(0x2c, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000400)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
recvmsg(r7, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f00000004c0)=""/226, 0xe2}, {&(0x7f0000000680)=""/174, 0xae}, {&(0x7f0000000740)=""/159, 0x9f}, {&(0x7f0000000800)=""/168, 0xa8}, {&(0x7f00000008c0)=""/145, 0x91}, {&(0x7f0000000980)=""/150, 0x96}], 0x6, &(0x7f0000000a40)=""/250, 0xfa}, 0x40000141)
pipe(&(0x7f0000000080)={<r8=>0xffffffffffffffff, <r9=>0xffffffffffffffff})
splice(r8, 0x0, r6, 0x0, 0x408cd, 0x0)
write$cgroup_int(r9, &(0x7f0000000380)=0xfffffffffffff800, 0x12)
setsockopt$XDP_UMEM_REG(r5, 0x11b, 0x4, &(0x7f0000000340)={&(0x7f0000000000)=""/59, 0x304000, 0x800, 0x0, 0x3}, 0x20)
ioctl$UFFDIO_COPY(r4, 0xc028aa05, &(0x7f0000000040)={&(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000000/0x3000)=nil, 0x3000, 0x2})
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r10 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x12, 0x6, 0x4, 0x2, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xf, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r10}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_device, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)

2.378000779s ago: executing program 4 (id=4014):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-3way\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5910fae9d6dcd3292ea54c7b6ef915d564c90c200", 0x18)
r1 = accept4(r0, 0x0, 0x0, 0x0)
recvmmsg(r1, &(0x7f0000001fc0)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000300)=""/96, 0x60}], 0x1}, 0xc}], 0x1, 0x60002000, 0x0)
sendmsg$NL80211_CMD_ADD_NAN_FUNCTION(r1, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0)

1.898635912s ago: executing program 3 (id=4017):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = io_uring_setup(0x4d5b, &(0x7f00000001c0)={0x0, 0xfdc9, 0x4000, 0xfffffffc, 0x103})
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0)
write$P9_RSTATu(r3, &(0x7f0000000700)={0x2b4, 0x7d, 0x0, {{0x500, 0x173, 0x0, 0x0, {}, 0x200000, 0x0, 0x0, 0x0, 0x1f, ' nodev{cvfox\x92\xff\xff\xff\x81\x02\x00\x00\x00\x00\x001\xff\xce\xbc\x92\x00\x00\x00', 0x38, 'pJ\x86\xce\xc6\x02\x00}\xfag>\xff\xeb\t\xb55\x1f[\xde\x05\xf7\x00\x00\x00\x00\x18{\x82\x00\xb5\x00\x00;Y_\xcb\x14\x03CT\xb9\xfd\x9e\xf1\x96\xa5\x1c\xd5\x15z\xdc\x81\x06\xb4\x94\xe1', 0x94, '\xcf\xc7\x00\x00\x00\x00\xe5]\x8d\xf8\xd5[\xbfL\xce,\xa4\xa7\x95\xd3O\b8D\xcad+s\xfc\xb8-\xcf\x8e\xf0\xcb^\xea\xfb\x1a1m\x19\xed\x02\xbd\x94\xf1\x1c\xab\xe8\xe5\x98R8(\x9dV\x91\x8f\xc7\xa6\xd91f\xa5\xed/OSS@ \x18\xac\xbdV\xc7!,\x11\xb8\xcd\x00\x00\ay{\xe0\n\xae\xba\'\x87\x0f\xa6s\xdb\x1c\x84\xc2T\x11\x1b\x946\xe8\x84\xdc\x83>B\xeeS\xbb5T\xf6\x860\x18\xb7J\xa0\x18\x82\xed\xad\x8c\xd2\x1cC\x1eD~\xfeZ=\x19cm(w\xbdP\xf7ZD+', 0x55, '\xf8\xf6i\xfbqm\xcf1^\xca\xf3\x85@\x9a\xc6[\x94\bg\x8c,;\x9e\x1dR\xc3l\xde{\xa4\xa4\x00\xb4\xb0\xb4\xf1t\xa6f\xa8R\x9aE\x1b4\a\xdb\xda\xb2\x88K\xaf\x05\x00\x00\x00\x00\x00\x00\x00G\xec!\xca\xbf\xf2\x0f\x9c\x1c\xbe6\xf4\xfd\x1aL\xc2\x80\xe8\xd4\x89\xdad\x9a7\x00'}, 0x12c, 'odev-n\xb1{#\x00\xf9\xda\xa5\xee#&n\xcf\x85\xfe\xa6^B\xd9y\xa3\xfd\xe5\xf4u\xda\xf0;\x11r\xd9{\xad\xc7\tZ\xfdv\xfeO\x04A\xf7\xf7t\x1e\xac\x03\x00\x00\xec\xff\x00\x00\xdb\xa0\xc2\xf7\xf0\x9f\xf5<~M\x1a\xd6n-\a\x01\x98\x01\x9f0\x11\x84G\xaa\x9at\xf5\x16\x85\xf5\x06\xae\x89H\x06\x87\x82g\xd5\xa1)\x8dy,J7\xf2\xe1\xcb\xbd$\x82\x92\x9a\r\x89r\xb5\xcfs.\xa5\xb0\xd7#\x85\x9d\xba?\x93\xae\xd3\xb4.\xe7\xca\xc0}\xe0\x9d\x1dh\xa6\x033\xa8\x82F}+1\xaa\xcd\xf9\x18\x85I\xb1\x12]lL\x9b\x18\xc2\xfbV\xc5}}\xc6&\xe49\a\x96\xa1\xebH\'Fi\xab\x13\xf8\xb1\x1d\x14`Y\xf3\x10\xe2cMY?\xece\xd5)\xf3\x82\x06fd\xdf$NL\x90W\np\x04\x9f9\x9f\x06\x1fu\xb7y|\xe1\xfe\x11\xea\x91\x96\t\xd5\x1aA\xdd=\xe3\x04\xbd|~\xd0\xa4V\xf0\xae\x12Qa\x05\xc9\xce\x88}\xf5\xa6\xe0\xb6\xa7}Yl\xf8\x8b\xa6\xe5\xc69|}P!\xd7\x98\x95(\xfd\x179\xe1\xc2\xd8\x7f\xff\x00'/300}}, 0x2b4)
r4 = memfd_create(&(0x7f0000000240)='+\x8b\x8a\xa9\x16\x11\x91J\xbc+  \x18\x17\xc2:}\xa3\x9bO\xdd\xdf\xdf\x92\xd5\xed\xb4\x17\xe5\xd6\x9a\xb2\xd8\x9ba\xde\xb2.F\xc0\x99}|\xaf\xd3\x1d\x84[*_\x9f\x9d\xb0rYP\x1b\x9f \xe0\x9cgq\x103\x89\x11\x87Rv\x169\xdf\xe3>B\x04\x00\x00\x00W\xd3\xec\xfb\xdf?\xa2\x90+\xa4!\xb2\xf2\xff\x90\a\xc3\x12\xc4;\xffh\xf1x=\xb9c\xce\x03h\xdap\x88U\x1788\x82\xd7\xfd\x83\x00Sx\x91%\x99_\xfe\xd4c\x83\x86\x0f\xa4a-\xaf\x9e\xd9\xef\xe0)]\x00F\xfa\x03\xbc4\xc4\x9a\v\x03\x8b\xa4\xf3\x8f\xf4\"\'\xd3\a9\x14H}j&~\xe9\x16\x83o\xbd\xab\xcd[\xbd\xcb\x04\xfc\xe7\xe3\x9e?\x12\xf0\xf4\x83M3\xd88\x92?@\v\xe6\xd1\xd2\xe4\xde\xdaUeJ\x9fR\xd1`\xfa\xc8\v\xed\xfd\x0e\xc8\x89W\x847\x88\x82\x94\x14\xe33\xb7H\xc8b\xd6@3F#\xb7\x04C\x8dm\t\x16a\x0fI\xf4\xfe\xf8\x06j\x19Pz&\xb8\x0f\x98`W\xdb\xc6\"81A\xa4\x8bT\xf1\xcb\xab\xa3\t\xef\xdf&\x0e\xad\x03\x123.\xc2V\xaa\xd5\xf8\xde\x8aV\xa4p{\xcez\xa2\x92\xdb8*wLO\f\x97X\x05\x9a\xc2\xe8\x85\x9d\xcb\xc8\xf0\xc4\x01\x03\xe3?\x9f1\xf4\xfb\xa5y`KB\xdf\xae#\x94C\a\x04\xea\xccG\xf2\b\x8f\xf7\xb1\xe96\x90\xf5P\xa4\'\xce\xe3\xa24\x196\xc5Q\xa1K\x95\xd6\xfal\xe9\xd1\\\r&\xb2c\xb3\x8d\xa7\xb7\xa8\x03S\xbd\xdd\b{\xae\f\x10\xc2\xbb\xd0\xdd*\xa3\xb4\fJ\x00X\xab`N; LF\xa5D\xee\xdf\x7f\x80p\xf6o\x1c\xbdXR\xf2\xa0\x81a\xa1\xe1B\x93Xn\xaf\xfc\x05?\xab\xac\x91x\xa8#\xe1\xbeQ\xd1^\x9b\xb9)\xd3\n\xf7(3!\x18\b\xc0\xaampRl\xfdQ\x03\x8c\xd5\xe4\\\xed\x9a\xd1?\xd21\xc8\x90\x1dl|\xd1\x14\xbc3\xe0\x1e\x0e\xe6\x88Y\x99K\x93\x1c@_P\x8c\xc7\x9eZ\xb74KT:\x8a\xdbJ#w\x18\x14\x00\x93\x86\xa5wo\xf6M\xe7D\xf4*\xe3X\x1d\x19\x83\xa7w\xc7+7\x89s\xed\x8a\xd7O\xdd\rhh`\xc0\xa8$\x06pu\xa0\xd0L\x0ez@I\xb8\x83\xb2f\x93j\a0I\xc8l\xe5\x9b\x06\xb5\xac`d\xa3\xcf/\x14\x10\xab\xab\t\xec\xc1c\fA\xaf\x14\xef\xbap@*7\x86\xdf\',\x03Y\xb1$\xf0\xb5}\xf0\x82%)9`\x8f\x04\x85m\x80\xd2\xcf@\x06}\xea\xe7w`\xa5\x11\x9f\x9b\x9e\x8f\xb7cb\x1a\xe1\xcf\x87\x1c\\\xf5\xc21\xf7\x82C*\xd5;\x00\x00\x00\x00\x03\xba\xe3\xdc\x92\'\x8e\xd5\x7fG\xfd.\x91\x89T\x99t\xd4d,\xd5\x92O\xf1\xafT!Y\x8e\\\xac\xf7\x11R\x05p\x1a\"\r\xe9\xe5\x8b&\x0f\x8c\xfb\xef\xf8\xd5\x18\xde\xeb\xe5\x19\xdd\xebQ8\xc5iS+\x06D\x16\xfe\xf5.\xe5\v\x89\xb0\"\xa3M\xe9\x81\x11P\xdb\xc4\xc2y\x14\x04\x06\xf6\f\xb0\xecz\x8d`\xb5\x9b\xb43\xcc1\xa7\x9e\xa8\xb5\'\xc6MAe\x0f\xd1\xfcG\xc2/\xe8\xe9t\xcaQ\xf1\fI\x1chM\xc1\x92\xe3\xc3\x01M\xc8/\xefJ\xcb\xd0]\f\xff\xf5\x92\xce\x97Z\xea\xe8\x99\xfa\x96\xce\xa7\x02\xad\xa2\xce\x955\xeaNg\x02\xcd\xfd\x1a}.\xd3\"x\x89/8H\xc2\x93B\na)\x86\xa9U\xa0\xb7\x18\xfb\xe9\xd1\x97', 0x3)
write$binfmt_misc(r4, &(0x7f0000000740), 0xff67)
sendfile(r2, r4, &(0x7f0000000000), 0xfffb)
fcntl$addseals(r4, 0x409, 0x8)
ftruncate(r4, 0x0)
close_range(r1, 0xffffffffffffffff, 0x0)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)={0x50, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_TYPENAME={0x16, 0x3, 'hash:net,port,net\x00'}]}, 0x50}}, 0x0)
sendmsg$IPSET_CMD_DESTROY(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000680)=ANY=[@ANYBLOB="3c0000000306010300000000000000000000000605000100070000000900020073797a30"], 0x3c}, 0x1, 0x0, 0x0, 0x40}, 0x4000840)

1.867418223s ago: executing program 1 (id=4018):
ioctl$MON_IOCQ_RING_SIZE(0xffffffffffffffff, 0x9205)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000540)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000fef000/0x1000)=nil})
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socket$igmp6(0xa, 0x3, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000000140)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3f8, 0x0, 0x32}, 0x9c)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000040)={'wlan0\x00'})
sendmsg$NL80211_CMD_JOIN_IBSS(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)={0x14, r3, 0x200, 0x0, 0xfffffffc, {{}, {@void, @void}}, [@NL80211_ATTR_HIDDEN_SSID={0x0, 0x7e, @default_ibss_ssid}]}, 0xfffffffffffffe57}, 0x1, 0x0, 0x0, 0x50}, 0x4844)
bind$inet6(0xffffffffffffffff, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
close(r6)
sendmsg$unix(r5, &(0x7f0000001740)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001700)=[@rights={{0x10}}], 0x10, 0x24040000}, 0x880)
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r7}, 0x10)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000004900), 0x0, 0x11)

1.678913571s ago: executing program 3 (id=4019):
r0 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
r1 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r1, 0x40345410, &(0x7f0000000040)={{0x3, 0x0, 0x0, 0x0, 0x6}})
ioctl$SNDRV_TIMER_IOCTL_STATUS32(r1, 0xc0f85403, &(0x7f0000000040))
bind$802154_raw(r0, &(0x7f0000000040)={0x24, @short={0x2, 0x2, 0xaaa3}}, 0x14)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x1e)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
r3 = getpid()
mount$bpf(0x0, &(0x7f0000000300)='./file0/../file0\x00', &(0x7f0000000340), 0x1000044, 0x0)
mount$tmpfs(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x1230023, 0x0)
r4 = syz_pidfd_open(r3, 0x0)
setns(r4, 0x24020000)
syz_clone(0xfdba2180, 0x0, 0x0, 0x0, 0x0, 0x0)
r5 = socket(0x10, 0x803, 0x0)
r6 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x2c, 0x24, 0x200, 0x70bd2c, 0xffffffff, {0x0, 0x0, 0x0, r7, {0xfff4, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_qfg={0x8}]}, 0x2c}}, 0x0)
r8 = socket(0x10, 0x803, 0x0)
r9 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r10=>0x0})
sendmsg$nl_route_sched(r8, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000680)=@newtfilter={0x24, 0x2c, 0xd2b, 0x0, 0x8000, {0x0, 0x0, 0x0, r10, {0x0, 0x7}, {0xf, 0xfff1}, {0x1, 0x9}}}, 0x24}, 0x1, 0x0, 0x0, 0x400c804}, 0x48854)
setsockopt$MRT_INIT(0xffffffffffffffff, 0x0, 0xc8, &(0x7f0000000240), 0x4)
openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r11 = syz_io_uring_setup(0x4ba5, &(0x7f0000000080)={0x0, 0x0, 0x13100}, &(0x7f0000000180)=<r12=>0x0, &(0x7f00000001c0)=<r13=>0x0)
syz_io_uring_submit(r12, r13, &(0x7f0000000040)=@IORING_OP_CONNECT={0x10, 0x12, 0x0, 0xffffffffffffffff, 0x80, &(0x7f0000000280)=@hci={0x1f, 0xffffffffffffffff}})
io_uring_enter(r11, 0x2def, 0x0, 0x0, 0x0, 0x0)
capset(&(0x7f0000000100)={0x20071026}, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x81, 0xfffffffb})

1.479110943s ago: executing program 4 (id=4020):
r0 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r1, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) (async)
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r1, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[<r2=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_GETPLANE(r1, 0xc02064b6, &(0x7f00000003c0)={r2, <r3=>0x0, <r4=>0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_SETPLANE(r1, 0xc03064b7, &(0x7f0000000280)={r2, r3, r4, 0x3ff00000, 0x16, 0x8, 0x8001, 0x0, 0x3, 0x9, 0x1, 0xfffffff8}) (async)
syz_genetlink_get_family_id$batadv(&(0x7f00000005c0), 0xffffffffffffffff) (async)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000700)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000400)=ANY=[], 0x1c}, 0x1, 0x0, 0x0, 0x44}, 0x40)
flock(r0, 0x4) (async)
r5 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCETHTOOL(r5, 0x8946, &(0x7f0000000040)={'bridge0\x00', &(0x7f0000000080)=@ethtool_rxfh={0x1}}) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0xe1}, 0x0) (async)
r6 = getpid()
sched_setscheduler(r6, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x2000000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) (async)
connect$unix(r7, &(0x7f000057eff8)=@abs, 0x6e) (async)
sendmmsg$unix(r8, &(0x7f00000bd000), 0x318, 0x0) (async)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
ioctl$BLKRRPART(0xffffffffffffffff, 0x125f, 0x0) (async)
recvmmsg(r7, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async)
sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2) (async)
preadv2(0xffffffffffffffff, 0x0, 0x0, 0x2b, 0x0, 0x0)
write$tun(0xffffffffffffffff, &(0x7f0000000740)=ANY=[@ANYBLOB="05800078c40040000c00000186dd061000090180c200000bfc000000000000000000000000000001000000000000fc000000000000000000000000000023be05ff96b2c178d325d4d3284f940c20b55011eb377268a6e7fdc6e663e89268b20fa0bf3b0c2c5788248352bf880665d8264739a6d91ffed973aaff16af82a2d2ab9da2f6d85d2af7823549b970e0a62401e8a3ae881a2f415607bb8f2ecc3306e5a3464d376c6ee0a0326c48668499e5fe92329f859f46446dc52ff2ed596ed1b2e3b47bd37eec396b6acbeb6760b8db0e0cbc2a7495af121df312737f8c47a5cbcb5c4a66f49bb7f2bf10c5e15044321c4a08e464dc7f047791020a272d8dfdd5f8b893e27217b659ea13295c1d77fa5b4cc09df15275e94db0ae67412a5b09c80a63e706c9e6ce37b574db01d421d196546f39a6f1a2137fd7a64ad01886785b5b767987de315d561267f5d9356a50cd2e066aecc031aa593e2e4d20e8e32685c63c1636f15d8c3fd3661db72baa3069d5f370f5fb933ce4feaadc333e4d4d9179c9fb86900c8dd496c2acc688c97e4f8e4265b79639b673c7fd"], 0x3e) (async)
mkdirat(0xffffffffffffff9c, 0x0, 0x1c0) (async)
landlock_create_ruleset(&(0x7f0000000180)={0x482, 0x0, 0x1}, 0x18, 0x0) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x18, 0xb, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000004f4b000000000000000000180100002020702000000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000fdffffff850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) (async)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)

1.139979687s ago: executing program 3 (id=4021):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x70bd2d, 0x25dfdbfb, {}, [{0x90, 0x1, [@m_ct={0x44, 0x7, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9c, 0x11e41e7a, 0x7, 0x2, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000180)=0x8)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x3)
r3 = socket$netlink(0x10, 0x3, 0x0)
getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000000040)={0x0, <r4=>0x0}, &(0x7f0000000080)=0xc)
sendmsg$netlink(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000700)=ANY=[@ANYBLOB="2c0000002e0001002abd7000000000000800", @ANYRES32=r4, @ANYBLOB="0b00e880976b6408686030000500018099000000"], 0x2c}], 0x1}, 0x0)
r5 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r5, &(0x7f0000000440), 0x10)
listen(r5, 0x0)
r6 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r6, &(0x7f0000000100)={0x28, 0x0, 0x0, @local}, 0x10)
sendto$packet(r6, &(0x7f0000000600)="5f0efc", 0xfffffffffffffe4c, 0x44, 0x0, 0x0)
r7 = syz_init_net_socket$llc(0x1a, 0x2, 0x0)
setsockopt$llc_int(r7, 0x10c, 0x4, &(0x7f0000000000)=0xfffffffc, 0x4)
r8 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r8, &(0x7f00000000c0), 0x12)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
r9 = openat$sysfs(0xffffff9c, &(0x7f0000000080)='/sys/power/pm_test', 0x0, 0x0)
syz_clone3(&(0x7f0000000300)={0x385200080, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x0, {r9}}, 0x58)

1.000080522s ago: executing program 4 (id=4022):
getrandom(0x0, 0x0, 0x82c1ecb149a4e48c)
sched_setscheduler(0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
mkdir(&(0x7f0000000340)='./file0\x00', 0x0)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
r0 = socket$inet6_sctp(0xa, 0x4, 0x84)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000100)=@rc={0x1f, @none, 0x7f}, 0x80, &(0x7f0000000240)=[{&(0x7f0000000500)="755812e1b4017723e5fec07f1e35387d9f804a698a66fc735cb904a1a23a70a854ef09ef8c3122d1a0df99616b557f41a3bf7523351d1754f0a70c15543d241825e706d5ffc70d2ff81b85fc6ca3326eb53dd85724dc7e70fff5901d1fa6672d354bef7d87be324985bb703b79cafc4d81d5a5acad8a11ada4b953e92db0b38197f32f6cb319691289fddc3bb0abff850a3bc82f0d6534d4f997d82dceaab3ee7598724f6392", 0xa6}], 0x1, &(0x7f0000001ac0)=ANY=[@ANYBLOB="d000000011000000030000007bfded44af84652192c82c054636880046c8dd4016f0e2b4c6af3d45e20445080922468c0f9673afb03414ebe59b268a3ed2ac24d709609f227118ee216faf1ac29d86579c674f8ec79d75c53d10cd21e46a7095d77707dacac430168da4fe1347f71e4944610262e7972bf790700a4d533d50e1374212cc505f5a8467baaadb42b88ae5c960a0f399e15697fb9edd9a249485ac5c69ee571d71ab30828eb39ef42ec2ff41580f7f9766fffcd6e80670aafc4af0e83457c2772e4197d30fb69ab6880000000100001201000000000000ae22f5a6d30adf7ad129788ad0f1546ee8e4848c40955a7c5f652d18634e47d2b51332d76bf7ca3594be20e32b32a1553a40ac311e4260f33bf3ba37a8aef3f4059282b74bb8b2358399103cf649108a475dad56281a5caf0416e71b1d958f3ccbfdd14bc2e297625dbf30db83fe913a614905470f09c818fd7fec8767b27b2695d5947deee678ce948791d57d76437708218de35498d207acd2ae3547310280e2a3b279a5cc9364babafd34562a8588661936b801e397a72f31477e883de624fd83d08d0095323087d3db06485e690cb94ec0ec9473932d95c4592c1eec39f57b985478800000d400000001000000010000000bc3f71c28394f9a2721fcb24e73bf4b0bae6bf2bceb4ee5356356966100d318e6f4e565aaea393f15628dd1efb8c366f4aa1c69d52a43f95c7fe8414612e9c8f892d37c44054c82364d05b525a4e50fd9ef60e8f27a6b963fda44ad29fb4432dd563acdb465bdefcada64036006282e25d06a1ab69bab71f7c81631a8a2cfa4ac68832bfb0d48647a4549c4c1b0437b48f713c2eb9ad184c606422e70ed884543529b1bcb06ef2c41abd59d82b7323df2b44e0392295da2f44d38e145a9f7e23794cd884ea0300bac0000000b01000008000000553aa6671ca6342d86cdafce1605839ac3c1e15b22799ca11daa520e23282d3ccfdb64eba7ba8a4cba2e81d4d0207329c483ce270ddfbac1312a36222766485fd6d3159152b107c612ef66582c614566909a857279ba0fb3ff4f58f08a912467f45d882e6dd861cf29fe375acdf4a6f252db9aeef5a76fd0769dd561f63a29a68cfa9f030bedb648f1bcafa6d94de10f0ae8203ea11e5415d7a1861524319c00000084000000ffffff7f1f8b7d6da21f2ee8731768c2feaaefc986fad74ebdbd6ca79618a7db3985b87ce7ec2a3beb18556d511d3c793bc5c881299171311131ef89c025d0bf642193cbc7bd845062a42bad850ca60b3554ffda3834ad3466194b313793682541ba16052630ae3fa69c4aaf3034a3b4190e3462493d9b582e40afc8d4f00e2433f228c8519b304ecab230fdbdae675cfb00000024000000130100000500000033e1c8ddef175bafbe89419d0060ba6abcc084f9864e0000d80000001901000003000000b6fa4c9615fb5db864aad85211fc68f0b6c432318dee16372dd665481f7325ab2ac77e95873a4801fa56505752e0dc94c62507a005bbb008bb54443f9efa59cd56a1f7b5b578075f13f6457d2bf4133599d7774972e1cf96500444bdd9917e8caacb02c2b82acd66ac915e2a9d8bc0db8a23de93c00490f7802664c10db407e7abfec696ac798bff34c2c528bcfaed8dee6a183fd71e7cd5bc3cddf6ce7ee59c306061279395b2d8b2e9026a59816e27c10291371c34f73ae6e389fbbda78c8f36736000000087010000040000005cdb8d9fb2fca03e40bd47ce689684fc218cff9d7d43bf5be4840da8a65edf7b44687c609fe94752a954655658261971142e899f695817f7e8241f86e6a179b3b6fda3237b02a23aecbc6fea084d4a8f0da200005400000011010000000000806d4c2d25f56ee7782ccdb3f42209351c9aabd03980cb4710b1aab4056e9b44fe2e708ccd961ae6dfc1e22043b486c107dc8c2952e460d77706217ae1923a88b9b65158fd62bc35003c000000030100000f000000c6b3ffa5af4b95fe064822d838adceb0ff88a9ffb055f92b534747775b300e9801b3ee863fd3672ca67cc956345a00"/1496, @ANYRESHEX=r0, @ANYRES16=r0, @ANYRESDEC=0x0, @ANYRESHEX, @ANYRESHEX=0x0], 0x5d8}, 0x0)
recvmmsg(r0, 0x0, 0x0, 0x0, 0x0)
sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000300), 0x80, 0x0)
io_setup(0x104, &(0x7f0000000180)=<r3=>0x0)
io_submit(r3, 0x2, &(0x7f0000000480)=[&(0x7f00000000c0)={0x0, 0x0, 0x1f, 0x1, 0x0, r2, &(0x7f0000000000)="de", 0x1}, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x8, 0x74, r1, &(0x7f0000000380)="e9af7bb1252a680814a4f56b69773ed46e19db53e48c8c0b7b1f19abe812deb471bbcbe68bf79102548e7b3bc6d52adaa395b589887395bcc1e7f33f5498fa", 0x3f, 0x10001, 0x0, 0x1}])
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.current\x00', 0x275a, 0x0)
fsetxattr$security_capability(r4, &(0x7f0000000000), 0x0, 0x0, 0x0)
getsockname$packet(0xffffffffffffffff, &(0x7f00000003c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000200)=0x14)
openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000002c0), 0x13f}}, 0x20)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f00000005c0)=@raw={'raw\x00', 0x3c1, 0x3, 0x2c4, 0x0, 0x18c, 0x203, 0x340, 0x19030000, 0x450, 0x2e0, 0x2e0, 0x450, 0x2e0, 0x3, 0x0, {[{{@uncond, 0x300, 0xc8, 0x110, 0x0, {}, [@common=@hl={{0x24}}]}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz0\x00'}}}, {{@uncond, 0x0, 0xa4, 0xec}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz1\x00'}}}], {{'\x00', 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x320)
openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f0000000100)={0x26, 'skcipher\x00', 0x0, 0x0, 'xchacha12\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, 0x0, 0x20000)
write$UHID_CREATE2(0xffffffffffffffff, &(0x7f0000000380)=ANY=[], 0x17a)
socket$nl_route(0x10, 0x3, 0x0)
r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r6, &(0x7f0000000040)={0x1f, 0xffff, 0x3}, 0x6)
syz_open_dev$usbfs(&(0x7f0000001240), 0x6, 0x400140)

993.148498ms ago: executing program 0 (id=4023):
unshare(0x22020400)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, 0x0, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000400)={{0x14}, [@NFT_MSG_NEWRULE={0x5c, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x30, 0x4, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, @socket={{0xb}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_SOCKET_DREG={0x8, 0x2, 0x1, 0x0, 0xb}, @NFTA_SOCKET_KEY={0x8, 0x1, 0x1, 0x0, 0x3}, @NFTA_SOCKET_LEVEL={0x8, 0x3, 0x89}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x84}}, 0x0)

848.591345ms ago: executing program 0 (id=4024):
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x7)
ioctl$TIOCVHANGUP(r0, 0x5437, 0x1916)
r1 = openat$uhid(0xffffffffffffff9c, &(0x7f00000004c0), 0x2, 0x0)
r2 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r2, &(0x7f0000000440), 0x10)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000700)={0x1f, 0x2, &(0x7f0000000580)=ANY=[@ANYRES64=r0], &(0x7f0000000480)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x13, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x400000, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r4, 0xc08c5332, &(0x7f00000003c0)={0x3, 0x80cf, 0x0, 'queue0\x00', 0x40000})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r4, 0x40605346, &(0x7f0000000280)={0x1, 0x0, {0x3, 0x0, 0x0, 0x2, 0x7ff}, 0xfffffffe})
r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0xa8c01)
write$sndseq(r5, &(0x7f0000000640)=[{0x0, 0x11, 0x7, 0x9, @time={0x400, 0x2}, {0x0, 0x6}, {0x4, 0xff}, @connect={{0xb2, 0x9}, {0x3, 0xc}}}, {0x3, 0x4, 0x3, 0x4, @tick=0x9, {0xd, 0x6}, {0xd, 0x7}, @note={0x3, 0xc3, 0x4, 0xfe, 0x3}}, {0x63, 0x2, 0x7f, 0x7, @time={0x7, 0x7}, {0x4, 0x3}, {0x0, 0x19}, @connect={{0x6, 0x4f}, {0x7, 0x6}}}, {0xff, 0x40, 0x3, 0x3, @tick=0x1, {0x5}, {0x4}, @control={0x6, 0xffffffff}}, {0x80, 0x8, 0x6, 0xb9, @tick=0x7, {0x4, 0xf}, {0x7f}, @connect={{0x2, 0x1}, {0x7f}}}, {0x8, 0x0, 0x10, 0x7f, @time={0xffff, 0x4}, {0x80, 0x7}, {0x6, 0x2}, @raw8={"00000000000000009ec700"}}], 0xa8)
bpf$MAP_CREATE(0x0, &(0x7f0000000140)=ANY=[], 0x66)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0c000000040000000400000009"], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000024c0), &(0x7f0000001280), 0xffffffff, r6}, 0x38)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x7, r6}, 0x38)
listen(r2, 0x2)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c0000000000001c14006996b352e508551500ecff000000000000009da0d6a9a5a953db2424135b1b98139b996cb685096f6808156456"], 0x1c}}, 0x0)
r8 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r8, &(0x7f0000000100)={0x28, 0x0, 0xffffffff, @hyper}, 0x10)
sendto$packet(r8, &(0x7f0000000600)="5f0efc3e1792a50972d2eb21bdff9ca4ac804c2847fe7bf05ddc63ff512d4074687760a5fbd1fc97772c6f5027dcea15b6658d", 0x33, 0x0, 0x0, 0x0)
openat$ttyS3(0xffffff9c, &(0x7f0000000000), 0x40300, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
write$UHID_CREATE(r1, &(0x7f00000002c0)={0x0, {'syz1\x00', 'syz0\x00', 'syz1\x00', &(0x7f0000000040)=""/25, 0x19, 0x8, 0xf, 0x5, 0xc}}, 0x11c)
r9 = syz_open_dev$hidraw(&(0x7f0000000080), 0x1, 0x200)
write$sndseq(r4, &(0x7f0000000140)=[{0xc2, 0x0, 0x9, 0x3b, @time={0x87a, 0x3}, {0x9, 0x5}, {0x1, 0x37}, @raw32={[0x0, 0x10001, 0x6]}}, {0x7, 0x1, 0x99, 0x6, @time={0x0, 0x9}, {0x7, 0x7}, {0x8, 0x9}, @raw8={"f448b12e011ca19bad2f564c"}}], 0x38)
ioctl$HIDIOCGFEATURE(r9, 0xc0404807, &(0x7f0000000200)={0xb, "8ed83ea4cde5486be2750fcd0bbed096f29c2087b4f1de5f62e177f96d6e7911e23e33f4939c0bf9f63fe583452c6e1787563d4b825ecae97d022b91636ade14"})

699.739579ms ago: executing program 0 (id=4025):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0xd, 0x0, 0x0, 0x0, 0x13, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10)
keyctl$instantiate_iov(0x14, 0x0, 0x0, 0x0, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r3 = dup(r2)
write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c)
r4 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r4, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x1})
madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x19)
r5 = socket$xdp(0x2c, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000400)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
recvmsg(r7, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f00000004c0)=""/226, 0xe2}, {&(0x7f0000000680)=""/174, 0xae}, {&(0x7f0000000740)=""/159, 0x9f}, {&(0x7f0000000800)=""/168, 0xa8}, {&(0x7f00000008c0)=""/145, 0x91}, {&(0x7f0000000980)=""/150, 0x96}], 0x6, &(0x7f0000000a40)=""/250, 0xfa}, 0x40000141)
pipe(&(0x7f0000000080)={<r8=>0xffffffffffffffff, <r9=>0xffffffffffffffff})
splice(r8, 0x0, r6, 0x0, 0x408cd, 0x0)
write$cgroup_int(r9, &(0x7f0000000380)=0xfffffffffffff800, 0x12)
setsockopt$XDP_UMEM_REG(r5, 0x11b, 0x4, &(0x7f0000000340)={&(0x7f0000000000)=""/59, 0x304000, 0x800, 0x0, 0x3}, 0x20)
ioctl$UFFDIO_COPY(r4, 0xc028aa05, &(0x7f0000000040)={&(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000000/0x3000)=nil, 0x3000, 0x2})
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r10 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x12, 0x6, 0x4, 0x2, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xf, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r10}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_device, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={0xffffffffffffffff, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

560.561095ms ago: executing program 1 (id=4026):
r0 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r0, &(0x7f0000000100)={0x18, 0x0, {0x11ff, @broadcast, 'bond_slave_1\x00'}}, 0x1e)
mknod(&(0x7f0000000080)='./bus\x00', 0xc000, 0x0)
mount(&(0x7f0000000000)=@nbd={'/dev/nbd', 0x0}, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000040)='ntfs3\x00', 0x8080, &(0x7f00000001c0)='discard')
r1 = syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r1, 0x40405515, &(0x7f0000000040)={{0x0, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ad, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8]})
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000040)="2e00000010008108040f80ecdb4cb92e0a480e000f000000e8bd6efb250314000e000100240248ff050005001200", 0x2e}], 0x1}, 0x40880)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
pipe2$9p(&(0x7f0000001900), 0x0)
bpf$MAP_CREATE(0x4000000000000, &(0x7f0000000380)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/14], 0x48)
sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="02030609100000000000004c9e000000020013000200000000000000ff0800ed05000600200000000a0006000000000026"], 0x80}}, 0x0)
r2 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="02030609100000000000004c9e0000000200130002eb0e00000000000000000105000600200000000a00000040010000000500e50000070000001f00001a000000030000a95a6e870200010000e9ff070040000200000000050005000000cc580a"], 0x80}}, 0x0)
sendmmsg(r2, &(0x7f0000000180), 0x400008a, 0x0) (fail_nth: 7)

560.089161ms ago: executing program 4 (id=4027):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0xd, 0x0, 0x0, 0x0, 0x13, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
ioctl$HIDIOCGFEATURE(0xffffffffffffffff, 0xc0404807, &(0x7f0000000380)={0x5, "11ae93bf1c7e03ff8061fc54e4a0010ff6c42445c0f1d64062d88c1cc314fc60e9c7a08d49d7f438e72233e3a12d403d62520ab70f5c019ad992704dcfdc500b"})
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r3 = dup(r2)
write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c)
r4 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r4, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x1})
madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x19)
socket$xdp(0x2c, 0x3, 0x0)
ioctl$UFFDIO_COPY(r4, 0xc028aa05, &(0x7f0000000040)={&(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000000/0x3000)=nil, 0x3000, 0x2})
r5 = openat$kvm(0x0, &(0x7f00000002c0), 0x0, 0x0)
syz_genetlink_get_family_id$fou(&(0x7f0000000340), r3)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CAP_SPLIT_IRQCHIP(r6, 0x4068aea3, &(0x7f00000000c0)={0x79, 0x0, 0x1})
r7 = socket(0x10, 0x803, 0x0)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000000540)={'wlan0\x00', <r10=>0x0})
sendmsg$NL80211_CMD_NEW_KEY(r9, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000080)={0x4c, r8, 0x801, 0x70bd25, 0x3, {{}, {@val={0x8, 0x3, r10}, @void}}, [@NL80211_ATTR_KEY={0x30, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "5a080039084eeef16f162471f4"}, @NL80211_KEY_MODE={0x5, 0x9, 0x1}, @NL80211_KEY_IDX={0x5}, @NL80211_KEY_CIPHER={0x8, 0x3, 0xfac02}]}]}, 0x4c}, 0x1, 0x0, 0x0, 0x228c755bd72ca5cf}, 0x0)
ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000080)={0xffffffffffffffff, 0x14})
write$eventfd(0xffffffffffffffff, &(0x7f0000000080)=0x1000430f, 0x8)
ioctl$SOUND_MIXER_READ_RECMASK(r3, 0x80044dfd, &(0x7f0000000300))
syz_open_dev$mouse(&(0x7f0000000180), 0x1, 0x84000)

533.713582ms ago: executing program 1 (id=4028):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-3way\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5910fae9d6dcd3292ea54c7b6ef915d564c90c200", 0x18)
r1 = accept4(r0, 0x0, 0x0, 0x0)
recvmmsg(r1, &(0x7f0000001fc0)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000300)=""/96, 0x60}], 0x1}, 0xc}], 0x1, 0x60002000, 0x0)
sendmsg$NL80211_CMD_ADD_NAN_FUNCTION(r1, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0)

230.037359ms ago: executing program 4 (id=4029):
r0 = socket$inet(0x2, 0x3, 0x2)
setsockopt$inet_mreqsrc(r0, 0x0, 0x27, &(0x7f0000000280)={@multicast2, @local, @remote}, 0xc)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f00000000c0)=ANY=[@ANYBLOB="e0000002ac1414aa"], 0x1c)
syz_emit_ethernet(0x36, &(0x7f0000001800)={@link_local, @dev, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x64, 0x0, 0x0, 0x2, 0x0, @empty=0xb00, @multicast2}, @timestamp_reply={0x11, 0x0, 0x0, 0xe000, 0x2, 0x2, 0x1000000}}}}}, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000001800)={@link_local, @dev, @void, {@ipv4={0x8e0, @icmp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x2, 0x0, @empty, @multicast2}, @timestamp_reply={0x11, 0x0, 0x0, 0xe000, 0x2, 0x2, 0x80000000}}}}}, 0x0)

229.62258ms ago: executing program 3 (id=4030):
sendmsg$key(0xffffffffffffffff, 0x0, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)=ANY=[@ANYBLOB], 0x10}}, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x82, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text16={0x10, &(0x7f0000000280)="0f22c23e66640f0666b9b400004066b8965a000066ba000000000f306766c7442400000000006766c7442402f33f00006766c744240600000000670f011c240f0d8e0090f2f02803642ed9fb6766c74424000c0000006766c74424020c0000006766c744240600000000670f0114240f326467cf", 0x74}], 0x1, 0x1b, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

229.49322ms ago: executing program 4 (id=4031):
sendmsg$key(0xffffffffffffffff, 0x0, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)=ANY=[], 0x10}}, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x82, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text16={0x10, &(0x7f0000000280)="0f22c23e66640f0666b9b400004066b8965a000066ba000000000f306766c7442400000000006766c7442402f33f00006766c744240600000000670f011c240f0d8e0090f2f02803642ed9fb6766c74424000c0000006766c74424020c0000006766c744240600000000670f0114240f326467cf", 0x74}], 0x1, 0x1b, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

229.074986ms ago: executing program 0 (id=4032):
unshare(0x22020400)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, 0x0, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000400)={{0x14}, [@NFT_MSG_NEWRULE={0x5c, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x30, 0x4, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, @socket={{0xb}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_SOCKET_DREG={0x8, 0x2, 0x1, 0x0, 0xb}, @NFTA_SOCKET_KEY={0x8, 0x1, 0x1, 0x0, 0x3}, @NFTA_SOCKET_LEVEL={0x8, 0x3, 0x89}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x84}}, 0x0)

139.281055ms ago: executing program 0 (id=4033):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CAP_EXIT_HYPERCALL(r1, 0x4068aea3, &(0x7f0000000480)={0xc9, 0x0, 0xc})
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f00000002c0)='./file0\x00', &(0x7f00000004c0), 0x14, &(0x7f00000007c0)={'trans=virtio,', {[{@cache_mmap}]}})
openat(0xffffffffffffff9c, &(0x7f0000000a80)='./file0/file0\x00', 0x0, 0x0)

0s ago: executing program 0 (id=4034):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
bpf$TOKEN_CREATE(0x24, &(0x7f00000000c0)={0x0, r3}, 0x8)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
mprotect(&(0x7f0000008000/0x11000)=nil, 0x11000, 0x100000c)
r5 = syz_pidfd_open(0x0, 0x0)
setns(r5, 0x2000000)
ioctl$USBDEVFS_SETINTERFACE(0xffffffffffffffff, 0x80085504, 0x0)
r6 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r6, &(0x7f0000000dc0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-twofish-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r6, 0x117, 0x1, &(0x7f00000001c0)="ad56b6c5910fae9d6dcd3292ea54c7b6ef915d564c90c200", 0x18)
r7 = accept4(r6, 0x0, 0x0, 0x80000)
sendmmsg$alg(r7, &(0x7f000000ff40)=[{0x0, 0x0, &(0x7f00000097c0)=[{&(0x7f00000073c0)="a42e0ce53b4df4f33fbc2462110d33dd0b9a985cf6e6115f19c52ef367a9ddd16fb567397de0334585185e84461994d6486e4b8616e4075a9d71e958c46285de610cffa630ac926b2195009615f3d3ff7119ee0634", 0x55}, {&(0x7f0000007440)="1f902d825d174b0325afd7ce84f5f0e60eea0c6be8d3ec2a8369103dc58ecf2b10deefcfd59237dff48d28dc376276", 0x2f}, {&(0x7f0000007480)="3408cd1ef2013b0dde9aab32a3a343ed0c4e9eef973a843cd257b3fb5cc440f0193d1baa7566cdf94eb9361c6a0c395f7c0e182dd69f403d99fa8bb5c187ede78abfb514570350bfc62508f714b3708b4769f2f89aa31752097271c53d0be2053557a09ed89a692a4c74391dbdfd407ff83b", 0x72}, {&(0x7f0000007500)="6010ca1a9e696a7cf9ac7f83435794d2dfe7107862a9a7b12210713d7616047a55c85e6f500b2b496d7a702dd0c013985603b33b7fb3fca38d2de262f742584984729d78a34c3606e3877ef811e24b5b9059bfe7e5b5c30ef87e382f711123e704a2be818becb647615b4b40040ef0f6b89033a8847eb10cbee956637d4bb95fde5e30d549b1258d0decf24c3db64665e00d69d5cf3e887594f60c6fab59d6a5784272eae12404690c2fdf6656ef0f60b42dae8ef7f5a407ce22cc", 0xbb}, {&(0x7f00000075c0)="73836b8709d03876257080ed28b33b03a84ce16997a59efed73d74d4c906062eae838ec914b16cb57af3b69d1402da5c4e7a1ee5d49d2ba8877ddda460e3072893f500e1bdad4af38b4b7e0a8435c59d4af23a9053a3b74f63b9727170fac6fd4da528d20b9a9c6fdc7ae23c03604b39f8dd7325faa4daabd14c932129a0cf905d3917ad194a30ae5d7d6abb1010121003fcd7aad0ed1d219c68bae9b0e0c42e89a000be66a52333a9b64eb4a29b417e4400f39f3a1b7771fd156026893ea7adecc1656ef86d2564b1f792d747daa996e090a84ca9b6ec2eb8802b7fd54a10a03c25c7ed0c10067bd0f4962af6a3849f2cd6169130781e788d33889d5c61c36d3b128664057c12ede58b15b92e384be9339e06d5984696c64651815fddf789ce3a88406f9273dc0074554ae609d1d32421afbf9ca8ae5d9f591e37a4a962a0c9f388fe5bb82b5026044bbecebd9dffb19df9c2f92f77e3675e9884de86934df373ea3378294e2f6d10eba65afb2fafda5451f6e79831a393848fea6d846c5343d49bf4c52e6c169fe9dc2e985780416e69f8a341f98e834d6c5abee9b34ca624cb630da1c56e57879d9515396cf337580068881037c84ecae4ccc6bff119b145f99ac9510e8a26a3ba6b90d05459ffbb4642c518a9772022083e2575393f1d02df640246c54c0322359c07aa77e72d5bfccd7e86d4f2c5c98ac873ce5967b4a8863178d513bb64d5bfef8fd4de6170b463f4a2ba0c8afbc4f9a4746b1cab83054911fc37abe1f8bb54543e73ab1baecf341b96aa4461b16575094c5756b42aa9ca9af1328689d36108654d160bff51b029a8b6ace9b021f52ed36e8a31d3e473340981ccca68ee09d7df86ad91c296f63f5553ca1dc84c06aa85bf6f60025e5d5ee31a0a9905e71e873a2cff705ec9a1bef281c96259159d1dc7808f7c5ea9d56469da60ee44810f98ea64421f79eaf01706f461457cbeba401007853333f185fe283b94abd3372a44c709ca1f3c52a9226cbfc3f6e936f8ef4d8cb97124ea5df45eefde63da267ea072fa35854c4f20ffb70fd233e26d9f8bef86b78b3c16b6fcfc8be42cf7256f80d87d15699ae6f9a97ad0b3f08a2d62eb20161813850f5c76c8629b2732efadbb8c7bbb45c6426495f15ea5ee9710b03b80d314bdbbbbebf4fb08a2ba4add82590c3342fbdb535780e02c22aaa50261949103aa77ce6d8dc2b00dbc28fb9d0680438c9cc37cbc17113bde1912602f345b583e64a41b91d17f80c5e63efac9c15cf56cc9413326800c1e7fc2b9f6a4403dbedfd6611127bd2abc4e39f5b38019e9db953e2c7b1047cf26630ad8d2abe0a81dc9ebd66d6d5dda4a7e1eaf74e9cea5e76a03b5e30e46d6f510d3c54f67bcba2f348d37738026451632ee300c8920d41ee6e43ab2925355979fe96ce72792d85e5cad822c711a840c58d4408a6a0b35a028f2abc295161e840cc2ad7bc2093b47976e2e1bdfe09372cbdf3d172ee7cd7cf06a721241569e3be10c124755f7ece001b5fb62c822c8973723f1f1ba454d422a4bfbeb17b7b87382dc947f14674bcdda8daaaf83da88f8b63fdd0f7bc1502366e10ce883d081656a1a4724bf97aaf5aea948468105290d7289fb0a1c848899cbe97f53eac5ec152b0948ef5f3fcaa84cc27d6cddf11afe50054c8c57ada68bd5ead6b2c15166e16938e916a9aeec5766c71111ef455050f32d72c6db83bf2eca5bae6d63acb32e149be6fc7a93546557cb0513416d29f1ffaad9ac6eeef7e72ea5eb00153f19c7e0954845aaa6e755ad6243e388f7bd2ff88e2deef6c07d3da17b276c1d8821786d9e51fe45ab1b3c255c269c48933f5a18b896e5a507d04412b7ab81c5014d5236c2c8740f1e355a35618e5d6f35b48e1a44e739c6f56ae61587014a83c8d9d8696b055f904535d3fab68712a114b34357aed4baee9540c8e2442891a92d5559aba6ca0b7266e1663c79671b44fa99e400914d36d17a2326b1f46f8aab17f787b360210cbb57045cad89a53b3edfc0f4b8e5542572b94bfdeb479dd1c35ed14620fbab4eedec3fa9364db943408302739e9233871c2af279f42944ce2900802f6a058ea1fa36dbfe936f763f3fe32d78155396b0bdd789c02e98ff2c944e8ba9b4b8a07decabadd6be90b613bd40fb6801d648c95f93827d93dade532a571d2039d060d8cf9fde472977e894caf8d39f971d123bcdea92863fdb3f34e21f89502dde08fda1603605d1492a2ca80b187f4166cf5194e43c1b3e6f1421b0c5cd5478862b0ecc9e53c79398b3736508d531adaaf66f6ac6e55ec6a5781c29c098c006052996c32adcd837115f07713c9f2039e9bdf8f240e3d2d1af8ba872e3367af013d9a22ebd5b24dbac5738ac73ae2faaa552dc51099a2fa7a974bdf2f65242d14d65688dbd86258b95f721ac4c568786fe0b26103e0fa58a42353d14c1e96c8de5b6f31ec71fa1223c70c6d4520ef3b96510ab2583d0a7e713c261042cf858825d42f5ef877fd583ac04dd1dae4cdbaf0045f82b923782c194437765232164a0ebecf1784cebe844a5eccd987ba8114eac963c5b8fcea8a2d7e54c417d27e83b7d198dcf224fe95244ef80a10c1089fa078a76ec984865abbd49406bc1d2f9148aac79f87b39ea7d81539c186ef4c5e2a57522cf4adcf542ba04d0fc868142d0fea93c1a86020bbaec42c1b0681ab1799deacf9d946eee90e2922509be8fd6e3015dcd16289a18345f0cfbde267250bfd74d9f9799a371abddf6db00864c179bb004e22286dc95e52fbb16d1a63aaaf1a50754fdce86696ab326a04e01a6022e50097d8df1a54c1ef25e7938ada5e9feda1c876e41edd09591c71bddcbdac153db72cc032ae07d318d4e0040c421b13ed683b5ae3a856b1d217ec83beef56cd65a4f33e46a3c6dcf7bd883fb6796c0f6d472091b6ac5df12897415ce19aa1216dd4d9173378d61181817242f6ef63c3bd12dd76558e37e81517083ce2cb6c4419b847722996f06f661d10680672ad3cf5d530b0d7bf9cdc45bd57df4368e2e96437d44c1ad91066d2a4fcec8cf251860e33a7626ac0d42e6fa2125e039b9488f819a8b30d49a4037bb0f3b30223dd03db253f2b15343d9884881bdc0ab7bead7ebe6193eeb6037095f505ce3d5b8f9c2911f6fa908e4a23b5e4be4d66a6741af1b3ccb7edaa7bd7acabb98ddee22dfebec49fcbd70c476fbaa9ad05d6e2896fdd87d4a44c966c87dedca748f8bfa8466a5b7c3d59d598726a64a41f79307f2fea33f11723560100015422a1591767b6ae1805f71f410c7af04b9ec44e4d424a5acc790d03b0ce71c824f4868dc0c64782788731543df7574da791b5027c778997ec61d5ee42e662b862f8e311b0865c58793af0a591c309b39d9372aa2cbcabebc4fcb57f8643e72b0296ef89c47ddda2c80d9d48f5633de5276904befb861967a70099876965f87d67ac232f0c2b44f1af78623793a45fe81fb7bfc021c525be92b4c6eea3dc15bdbe5992bb5715e8f4d0db6631be1a2f10d2f4de2641888f86bcd3af5ac139f8f7d1ffc4df11be1de9aead960edc937a00defc4566cc405e149b960245889f8d608a679f7cfbfe86e4a7814e3e73b12a673c8cafadba395346b88d94ab2333fb6e2bd1be8313ef89806f73ddff89ecac327b6912cbb94a4cc745f0e5117402eb90d7ef19ae9ced2ffc13436d2bd0ba179e39e2c13429e603feaf48b9ef5c01102c3dbbae072d9054f1d337557e34f4b88a94e6a7c2787dec014ba771a47c7ebac73bcd49ec162c29e31c56b361dd876c7e6c6f787a3af5eba28bef31161f16e4bf577a6fe422bf332c451d6617cf518b1f85949efe8b5044fd4921a1f927f30a6d0877be227d6ebafaef539c767b8021d3159d9d0bae408a10d92cf63f4214ecd40dbf81d087c796b32e2f4e602eefa99b0a3ff360639ab6278251baefa2e00f2af481fe7943d01b7353b6bb36732114057c5672572b997d35563b600431e4471f7d0aca0b2d4652754da32e12f546e9d02c693855072ee14d4d1761786b619957ec0937f4e9b7f9115701d7e158d3cd954dedb60c380ccab7c0c78003986888f44572db80ec70506f6aec929f77de7b84c04d24de864d7a98e2ea5abb8f45061cbd464fcf3a2f2c041742c6b2a0e76f0666000b973e5086f66c296a64204f4f9162e2ed494072885429cd336f0d66649c511c8cdc6bac572f9e1afba8fe2209ee0868b65f74e7a8ce2839d743cc31b698007b21eaef195a7ff7a4c322ba52ab3469f52761897be3522e7665fb927ffa044d127e8d56a12f3dc3b7b6b7d6275d01472d5f0f9ba88c55afe4994e83f2d81ee2a452203e698ebe381aa56f1298eed26f1f01d96d049e4e10bc6d2e1e61051a144b310b93accd1f58ed0def5cee3ecbdfe1484a1315088ffad3164e0be56268443160044547cc94a769475070d64447fcdd5ab1fabee162390ef603b4b2cfc580e52095ca4fc718fd0f97c5c3733ca7568ec038ce1fddda1cb0e9e4a83b778175c001f90976f661f4fc543ac58c8846f58faea8846e5caa39c9554b2e47ed79843427172f447137ace3ac9f702d829247ff23aa6cb09e3a56f39930adb6bc9ed4a03b2ecd60e8f46599ee43b27708f2554a67380708fc66d6ab1690aa16c11793d27f5257651e7f315f8c8502773f418eacf6913c99cd644b29df76095136e2a5e62bea5fe0a5c58741edb1418e6fe096a0d6cf9ef9647e01d48110ef346bf46ffc2aa019e725676b06ebbf330b3512d9961bb8d32a5ffb3ea75d3ccf0689390bd341bbe4c93c9ad1a5c2c92e1b0066fa42bab3d460cb105b629fca8194ebc09e6f24764b77f437ada91337f7fbd23cc04af04ddc2cc504cc1b228d0cbd4369109ed3c767af5d1af17e3945463183638abdc4fbb102985d63ccddad1e8321c624ab8be6a54f161d61b9dceda3b74c22fc5fc503878fb3ec144f73246dfba252df6ccda9e7e7598114b1af1875b3d369d5146f655df964f0373c5c8f3b118d6ef260e1a5989dff6890310f46efe9b8340a711bcfd4efc9483c74ce89eb6703806e0b89624d93b96b8f46d2dd98034f3f4b5c35a0c208aece0f5e85a9f30826606bc88bb", 0xe2f}], 0x5, 0x0, 0x0, 0x8000}], 0x1, 0x80)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)
r8 = socket$pppl2tp(0x18, 0x1, 0x1)
mmap$KVM_VCPU(&(0x7f00000dc000/0x1000)=nil, 0x0, 0x2, 0x10, r4, 0x0)
r9 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r8, &(0x7f0000000740)=@pppol2tpv3={0x18, 0x1, {0x3, r9, {0x2, 0x4e24, @broadcast}, 0x2, 0x0, 0x4}}, 0x2e)
r10 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r10, &(0x7f0000000040)={0x0, 0x7, 0xfa00, {0x0, &(0x7f0000000000)={<r11=>0xffffffffffffffff}, 0x13f}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r10, &(0x7f0000000280)={0x15, 0x110, 0xfa00, {r11, 0x0, 0x0, 0x30, 0x0, @in6={0x1b, 0x4e23, 0x2, @empty, 0x3}, @ib={0x1b, 0xfffe, 0x8000000, {"7d900600080000000900"}, 0x0, 0x0, 0x6}}}, 0x118)
syz_usb_connect(0x4, 0x57, &(0x7f00000003c0)={{0x12, 0x1, 0x200, 0xd5, 0x60, 0xa8, 0x0, 0x20a6, 0x1105, 0x81dd, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x45, 0x1, 0x80, 0x5, 0x80, 0x10, [{{0x9, 0x4, 0x21, 0x9, 0x0, 0x98, 0x1f, 0xf7, 0x5, [@uac_as={[@format_type_i_discrete={0x9, 0x24, 0x2, 0x1, 0x4a, 0x3, 0x0, 0x7, "ea"}, @format_type_i_discrete={0x10, 0x24, 0x2, 0x1, 0x0, 0x4, 0x3, 0xd, "e5cfc01c3881fee3"}, @as_header={0x7, 0x24, 0x1, 0x9, 0xdf, 0x1002}, @format_type_i_continuous={0xb, 0x24, 0x2, 0x1, 0x7, 0x3, 0xf7, 0x1, "01b3d7"}, @format_type_i_continuous={0x8, 0x24, 0x2, 0x1, 0x7, 0x4, 0xa9}]}]}}]}}]}}, &(0x7f0000000700)={0x0, 0x0, 0x37, &(0x7f0000000140)={0x5, 0xf, 0x37, 0x3, [@ss_container_id={0x14, 0x10, 0x4, 0x3d, "e44ae56a030cdc250af8c721229e4138"}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0x0, 0xe9, 0x4, 0x7f}, @ss_container_id={0x14, 0x10, 0x4, 0x8, "d1fb22cd19ee5a789e54b268694a973d"}]}, 0x4, [{0x62, &(0x7f00000001c0)=@string={0x62, 0x3, "c666061396d1731545e41527f8f91379159f1666c36e100de50d9d891c41933bb6c1261c7adb32baa07ca6d03fa629b2c6781c33e9ed81774079c12596cfb825615543972a441de68b578cc3db89950b725088996891147512ad3e54034c9723"}}, {0xad, &(0x7f0000000600)=@string={0xad, 0x3, "829f2f524b83b05b9b48118811089be5a93e769da483a65e7b787ced40b0e7b17e73ec5ce78553780a9e0aa8f4b5272fe59d26438209b527dcea0bfee8afd4530a32c7021673b235ed689c0f6a6a6f66d383b58a599ce7ae300d2cc13c57662f6e400ee5c7d0868a49b368ba44e76c0d592ceb50b5db23566020ca9848261aed637cda663071b8a4fb9b7f4ec54f73dc4077cbe5d2bfe9bef46791d5f87ab7d316ac8a96653470dd03a6fd"}}, {0x4, &(0x7f0000000240)=@lang_id={0x4, 0x3, 0x423}}, {0x31, &(0x7f00000006c0)=@string={0x31, 0x3, "94ce673ce7414addf80a2fe4bc4411fb496d7dfc803a639796661d9356b3f2bcf72f59338afd48703fdcfd64b01cc6"}}]})
syz_genetlink_get_family_id$l2tp(0x0, 0xffffffffffffffff)
sendmsg$L2TP_CMD_SESSION_DELETE(0xffffffffffffffff, 0x0, 0x20)
socket$pppl2tp(0x18, 0x1, 0x1)

kernel console output (not intermixed with test programs):

 ? get_compat_msghdr+0x11b/0x170
[  690.005067][T18221]  ___sys_sendmsg+0x135/0x1e0
[  690.005082][T18221]  ? __pfx____sys_sendmsg+0x10/0x10
[  690.005101][T18221]  ? trace_lock_acquire+0x14e/0x1f0
[  690.005121][T18221]  __sys_sendmmsg+0x2fa/0x420
[  690.005136][T18221]  ? __pfx___sys_sendmmsg+0x10/0x10
[  690.005154][T18221]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  690.005172][T18221]  ? fput+0x67/0x440
[  690.005182][T18221]  ? ksys_write+0x1ba/0x250
[  690.005195][T18221]  ? __pfx_ksys_write+0x10/0x10
[  690.005211][T18221]  __ia32_compat_sys_sendmmsg+0x9d/0x100
[  690.005223][T18221]  ? syscall_enter_from_user_mode_prepare+0x68/0xe0
[  690.005235][T18221]  __do_fast_syscall_32+0x73/0x120
[  690.005249][T18221]  do_fast_syscall_32+0x32/0x80
[  690.005261][T18221]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  690.005279][T18221] RIP: 0023:0xf7fd2579
[  690.005288][T18221] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  690.005298][T18221] RSP: 002b:00000000f50f655c EFLAGS: 00000296 ORIG_RAX: 0000000000000159
[  690.005308][T18221] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080003e00
[  690.005315][T18221] RDX: 0000000000000001 RSI: 0000000000008000 RDI: 0000000000000000
[  690.005321][T18221] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  690.005326][T18221] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  690.005332][T18221] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  690.005343][T18221]  </TASK>
[  690.176645][T18226] FAULT_INJECTION: forcing a failure.
[  690.176645][T18226] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  690.183215][T18226] CPU: 1 UID: 0 PID: 18226 Comm: syz.2.3440 Not tainted 6.14.0-rc3-syzkaller #0
[  690.183231][T18226] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  690.183239][T18226] Call Trace:
[  690.183243][T18226]  <TASK>
[  690.183248][T18226]  dump_stack_lvl+0x16c/0x1f0
[  690.183268][T18226]  should_fail_ex+0x50a/0x650
[  690.183287][T18226]  _copy_from_iter+0x2a1/0x1560
[  690.183300][T18226]  ? trace_lock_acquire+0x14e/0x1f0
[  690.183313][T18226]  ? __alloc_skb+0x1fe/0x380
[  690.183328][T18226]  ? __pfx__copy_from_iter+0x10/0x10
[  690.183338][T18226]  ? __virt_addr_valid+0x1a4/0x590
[  690.183352][T18226]  ? __virt_addr_valid+0x5e/0x590
[  690.183363][T18226]  ? __phys_addr_symbol+0x30/0x80
[  690.183373][T18226]  ? __check_object_size+0x488/0x710
[  690.183387][T18226]  netlink_sendmsg+0x813/0xd70
[  690.183404][T18226]  ? __pfx_netlink_sendmsg+0x10/0x10
[  690.183422][T18226]  ____sys_sendmsg+0xaaf/0xc90
[  690.183435][T18226]  ? __pfx_____sys_sendmsg+0x10/0x10
[  690.183446][T18226]  ? get_compat_msghdr+0x11b/0x170
[  690.183463][T18226]  ___sys_sendmsg+0x135/0x1e0
[  690.183479][T18226]  ? __pfx____sys_sendmsg+0x10/0x10
[  690.183499][T18226]  ? __pfx_lock_release+0x10/0x10
[  690.183514][T18226]  ? trace_lock_acquire+0x14e/0x1f0
[  690.183530][T18226]  ? __fget_files+0x206/0x3a0
[  690.183549][T18226]  __sys_sendmsg+0x16e/0x220
[  690.183564][T18226]  ? __pfx___sys_sendmsg+0x10/0x10
[  690.183587][T18226]  __do_fast_syscall_32+0x73/0x120
[  690.183602][T18226]  do_fast_syscall_32+0x32/0x80
[  690.183615][T18226]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  690.183633][T18226] RIP: 0023:0xf73be579
[  690.183642][T18226] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  690.183653][T18226] RSP: 002b:00000000f504655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  690.183664][T18226] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000200
[  690.183671][T18226] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  690.183677][T18226] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  690.183683][T18226] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  690.183689][T18226] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  690.183701][T18226]  </TASK>
[  690.358201][ T5956] Bluetooth: hci3: Opcode 0x1003 failed: -110
[  690.358296][T15718] Bluetooth: hci3: command 0x1003 tx timeout
[  690.518690][T15718] Bluetooth: hci4: command 0x0406 tx timeout
[  690.598789][   T67] Bluetooth: hci2: command 0x0406 tx timeout
[  690.598785][T15718] Bluetooth: hci1: command 0x0406 tx timeout
[  690.600547][ T5956] Bluetooth: hci0: command 0x0406 tx timeout
[  690.964030][T14407] IPVS: starting estimator thread 0...
[  691.048256][T18250] IPVS: using max 24 ests per chain, 57600 per kthread
[  691.543904][T18257] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3446'.
[  692.135575][T18266] FAULT_INJECTION: forcing a failure.
[  692.135575][T18266] name failslab, interval 1, probability 0, space 0, times 0
[  692.140170][T18266] CPU: 2 UID: 0 PID: 18266 Comm: syz.1.3449 Not tainted 6.14.0-rc3-syzkaller #0
[  692.140188][T18266] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  692.140198][T18266] Call Trace:
[  692.140203][T18266]  <TASK>
[  692.140209][T18266]  dump_stack_lvl+0x16c/0x1f0
[  692.140234][T18266]  should_fail_ex+0x50a/0x650
[  692.140260][T18266]  should_failslab+0xc2/0x120
[  692.140274][T18266]  kmem_cache_alloc_noprof+0x6e/0x3d0
[  692.140297][T18266]  ? skb_clone+0x190/0x3f0
[  692.140321][T18266]  skb_clone+0x190/0x3f0
[  692.140341][T18266]  netlink_deliver_tap+0xabd/0xd30
[  692.140364][T18266]  netlink_unicast+0x5e1/0x7f0
[  692.140384][T18266]  ? __pfx_netlink_unicast+0x10/0x10
[  692.140402][T18266]  ? __phys_addr_symbol+0x30/0x80
[  692.140417][T18266]  ? __check_object_size+0x488/0x710
[  692.140434][T18266]  netlink_sendmsg+0x8b8/0xd70
[  692.140455][T18266]  ? __pfx_netlink_sendmsg+0x10/0x10
[  692.140481][T18266]  ____sys_sendmsg+0xaaf/0xc90
[  692.140497][T18266]  ? __pfx_____sys_sendmsg+0x10/0x10
[  692.140512][T18266]  ? get_compat_msghdr+0x11b/0x170
[  692.140537][T18266]  ___sys_sendmsg+0x135/0x1e0
[  692.140558][T18266]  ? __pfx____sys_sendmsg+0x10/0x10
[  692.140586][T18266]  ? __pfx_lock_release+0x10/0x10
[  692.140605][T18266]  ? trace_lock_acquire+0x14e/0x1f0
[  692.140628][T18266]  ? __fget_files+0x206/0x3a0
[  692.140653][T18266]  __sys_sendmsg+0x16e/0x220
[  692.140672][T18266]  ? __pfx___sys_sendmsg+0x10/0x10
[  692.140709][T18266]  __do_fast_syscall_32+0x73/0x120
[  692.140730][T18266]  do_fast_syscall_32+0x32/0x80
[  692.140747][T18266]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  692.140770][T18266] RIP: 0023:0xf7f96579
[  692.140783][T18266] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  692.140797][T18266] RSP: 002b:00000000f50b655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  692.140812][T18266] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080001540
[  692.140822][T18266] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  692.140830][T18266] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  692.140838][T18266] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  692.140847][T18266] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  692.140866][T18266]  </TASK>
[  692.236314][    C2] vkms_vblank_simulate: vblank timer overrun
[  692.238705][    C2] hrtimer: interrupt took 90788243 ns
[  692.329541][    C2] vkms_vblank_simulate: vblank timer overrun
[  692.334838][T18281] random: crng reseeded on system resumption
[  693.282263][T18310] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3462'.
[  693.423034][T18312] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  693.533260][T18312] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  693.584975][T18312] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  693.663200][T18312] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  693.752533][T18312] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  693.762101][T18312] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  693.774491][T18312] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  693.785671][T18312] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  693.878432][T18323] IPVS: fo: SCTP 172.20.20.187:0 - no destination available
[  694.652966][T18330] FAULT_INJECTION: forcing a failure.
[  694.652966][T18330] name failslab, interval 1, probability 0, space 0, times 0
[  694.656524][T18330] CPU: 3 UID: 0 PID: 18330 Comm: syz.3.3467 Not tainted 6.14.0-rc3-syzkaller #0
[  694.656538][T18330] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  694.656545][T18330] Call Trace:
[  694.656549][T18330]  <TASK>
[  694.656554][T18330]  dump_stack_lvl+0x16c/0x1f0
[  694.656572][T18330]  should_fail_ex+0x50a/0x650
[  694.656588][T18330]  ? fs_reclaim_acquire+0xae/0x150
[  694.656603][T18330]  ? tomoyo_encode2+0x100/0x3e0
[  694.656644][T18330]  should_failslab+0xc2/0x120
[  694.656655][T18330]  __kmalloc_noprof+0xcb/0x510
[  694.656673][T18330]  ? rcu_is_watching+0x12/0xc0
[  694.656686][T18330]  tomoyo_encode2+0x100/0x3e0
[  694.656701][T18330]  tomoyo_encode+0x29/0x50
[  694.656713][T18330]  tomoyo_realpath_from_path+0x19d/0x720
[  694.656728][T18330]  ? tomoyo_path_number_perm+0x235/0x590
[  694.656741][T18330]  tomoyo_path_number_perm+0x248/0x590
[  694.656752][T18330]  ? tomoyo_path_number_perm+0x235/0x590
[  694.656765][T18330]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  694.656781][T18330]  ? find_held_lock+0x2d/0x110
[  694.656799][T18330]  ? __pfx_lock_release+0x10/0x10
[  694.656813][T18330]  ? trace_lock_acquire+0x14e/0x1f0
[  694.656824][T18330]  ? find_held_lock+0x2d/0x110
[  694.656835][T18330]  ? lock_acquire+0x2f/0xb0
[  694.656847][T18330]  ? __fget_files+0x40/0x3a0
[  694.656864][T18330]  ? __fget_files+0x206/0x3a0
[  694.656880][T18330]  security_file_ioctl_compat+0x9b/0x240
[  694.656925][T18330]  __do_compat_sys_ioctl+0x4e/0x2c0
[  694.656939][T18330]  __do_fast_syscall_32+0x73/0x120
[  694.656953][T18330]  do_fast_syscall_32+0x32/0x80
[  694.656965][T18330]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  694.656982][T18330] RIP: 0023:0xf7fd2579
[  694.656992][T18330] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  694.657001][T18330] RSP: 002b:00000000f50f655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  694.657011][T18330] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000400442c9
[  694.657017][T18330] RDX: 0000000080000040 RSI: 0000000000000000 RDI: 0000000000000000
[  694.657023][T18330] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  694.657028][T18330] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  694.657034][T18330] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  694.657046][T18330]  </TASK>
[  694.657056][T18330] ERROR: Out of memory at tomoyo_realpath_from_path.
[  694.986901][T18341] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3468'.
[  695.188365][T18345] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3470'.
[  695.190936][T18345] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3470'.
[  696.918305][   T56] usb 5-1: new high-speed USB device number 25 using dummy_hcd
[  696.995133][T18375] netlink: 'syz.1.3478': attribute type 12 has an invalid length.
[  697.093993][ T5984] usb 7-1: new high-speed USB device number 20 using dummy_hcd
[  697.108214][   T56] usb 5-1: Using ep0 maxpacket: 32
[  697.114044][   T56] usb 5-1: config 0 has an invalid interface number: 67 but max is 0
[  697.116998][   T56] usb 5-1: config 0 has no interface number 0
[  697.122151][   T56] usb 5-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  697.125554][   T56] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  697.128521][   T56] usb 5-1: Product: syz
[  697.130322][   T56] usb 5-1: Manufacturer: syz
[  697.132100][   T56] usb 5-1: SerialNumber: syz
[  697.135394][   T56] usb 5-1: config 0 descriptor??
[  697.139452][   T56] smsc95xx v2.0.0
[  697.141393][   T56] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22
[  697.145220][   T56] smsc95xx 5-1:0.67: probe with driver smsc95xx failed with error -22
[  697.147790][T18379] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  697.228143][T18379] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  697.268011][ T5984] usb 7-1: Using ep0 maxpacket: 32
[  697.270923][ T5984] usb 7-1: config 0 has an invalid interface number: 67 but max is 0
[  697.273298][ T5984] usb 7-1: config 0 has no interface number 0
[  697.276909][ T5984] usb 7-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  697.279643][ T5984] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  697.281925][ T5984] usb 7-1: Product: syz
[  697.283175][ T5984] usb 7-1: Manufacturer: syz
[  697.284527][ T5984] usb 7-1: SerialNumber: syz
[  697.287585][ T5984] usb 7-1: config 0 descriptor??
[  697.290130][ T5984] smsc95xx v2.0.0
[  697.291245][ T5984] smsc95xx 7-1:0.67 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22
[  697.294384][ T5984] smsc95xx 7-1:0.67: probe with driver smsc95xx failed with error -22
[  697.318216][T18379] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  697.371632][T18379] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  697.479019][T18379] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  697.486081][T18379] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  697.492665][T18379] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  697.498348][T18379] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  697.574428][   T39] audit: type=1326 audit(1739814086.682:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18384 comm="syz.3.3481" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd2579 code=0x7ffc0000
[  697.580125][T18385] ip6gretap0: entered promiscuous mode
[  697.582798][   T39] audit: type=1326 audit(1739814086.682:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18384 comm="syz.3.3481" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd2579 code=0x7ffc0000
[  697.593687][   T39] audit: type=1326 audit(1739814086.682:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18384 comm="syz.3.3481" exe="/syz-executor" sig=0 arch=40000003 syscall=82 compat=1 ip=0xf7fd2579 code=0x7ffc0000
[  697.601796][   T39] audit: type=1326 audit(1739814086.682:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18384 comm="syz.3.3481" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd2579 code=0x7ffc0000
[  697.609869][   T39] audit: type=1326 audit(1739814086.682:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18384 comm="syz.3.3481" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd2579 code=0x7ffc0000
[  697.617897][   T39] audit: type=1326 audit(1739814086.682:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18384 comm="syz.3.3481" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7fd2579 code=0x7ffc0000
[  697.625976][   T39] audit: type=1326 audit(1739814086.682:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18384 comm="syz.3.3481" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd2579 code=0x7ffc0000
[  697.634105][   T39] audit: type=1326 audit(1739814086.682:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18384 comm="syz.3.3481" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd2579 code=0x7ffc0000
[  697.642841][   T39] audit: type=1326 audit(1739814086.682:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18384 comm="syz.3.3481" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7fd2579 code=0x7ffc0000
[  697.651775][   T39] audit: type=1326 audit(1739814086.682:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18384 comm="syz.3.3481" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd2579 code=0x7ffc0000
[  697.880550][ T5956] Bluetooth: hci2: unexpected event for opcode 0x0c23
[  698.303099][T18400] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3487'.
[  698.327460][T18399] FAULT_INJECTION: forcing a failure.
[  698.327460][T18399] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  698.331195][T18399] CPU: 0 UID: 0 PID: 18399 Comm: syz.1.3486 Not tainted 6.14.0-rc3-syzkaller #0
[  698.331208][T18399] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  698.331215][T18399] Call Trace:
[  698.331219][T18399]  <TASK>
[  698.331224][T18399]  dump_stack_lvl+0x16c/0x1f0
[  698.331241][T18399]  should_fail_ex+0x50a/0x650
[  698.331259][T18399]  _copy_from_user+0x2e/0xd0
[  698.331271][T18399]  get_compat_msghdr+0xa8/0x170
[  698.331283][T18399]  ? __pfx_get_compat_msghdr+0x10/0x10
[  698.331295][T18399]  ? ___sys_sendmsg+0x142/0x1e0
[  698.331311][T18399]  ___sys_sendmsg+0x1b0/0x1e0
[  698.331327][T18399]  ? __pfx____sys_sendmsg+0x10/0x10
[  698.331346][T18399]  ? trace_lock_acquire+0x14e/0x1f0
[  698.331363][T18399]  ? __pfx___might_resched+0x10/0x10
[  698.331382][T18399]  __sys_sendmmsg+0x2fa/0x420
[  698.331398][T18399]  ? __pfx___sys_sendmmsg+0x10/0x10
[  698.331416][T18399]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  698.331434][T18399]  ? fput+0x67/0x440
[  698.331445][T18399]  ? ksys_write+0x1ba/0x250
[  698.331459][T18399]  ? __pfx_ksys_write+0x10/0x10
[  698.331474][T18399]  __ia32_compat_sys_sendmmsg+0x9d/0x100
[  698.331486][T18399]  ? syscall_enter_from_user_mode_prepare+0x68/0xe0
[  698.331499][T18399]  __do_fast_syscall_32+0x73/0x120
[  698.331513][T18399]  do_fast_syscall_32+0x32/0x80
[  698.331526][T18399]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  698.331543][T18399] RIP: 0023:0xf7f96579
[  698.331552][T18399] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  698.331561][T18399] RSP: 002b:00000000f509555c EFLAGS: 00000296 ORIG_RAX: 0000000000000159
[  698.331572][T18399] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000080003cc0
[  698.331578][T18399] RDX: 0000000000000172 RSI: 0000000000000000 RDI: 0000000000000000
[  698.331584][T18399] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  698.331589][T18399] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  698.331595][T18399] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  698.331607][T18399]  </TASK>
[  698.894340][ T5984] usb 5-1: USB disconnect, device number 25
[  698.936229][T18405] netlink: 'syz.0.3489': attribute type 1 has an invalid length.
[  699.158062][ T6025] usb 7-1: USB disconnect, device number 20
[  699.620480][T18420] ipvlan1: entered allmulticast mode
[  699.623392][T18420] veth0_vlan: entered allmulticast mode
[  700.688197][ T5984] usb 5-1: new high-speed USB device number 26 using dummy_hcd
[  700.838904][ T5984] usb 5-1: Using ep0 maxpacket: 32
[  700.849931][ T5984] usb 5-1: config 0 has an invalid interface number: 67 but max is 0
[  700.858029][ T5984] usb 5-1: config 0 has no interface number 0
[  700.863049][ T5984] usb 5-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  700.867866][ T5984] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  700.872185][ T5984] usb 5-1: Product: syz
[  700.873878][ T5984] usb 5-1: Manufacturer: syz
[  700.875784][ T5984] usb 5-1: SerialNumber: syz
[  700.882343][ T5984] usb 5-1: config 0 descriptor??
[  700.887565][ T5984] smsc95xx v2.0.0
[  700.889563][ T5984] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22
[  700.892852][ T5984] smsc95xx 5-1:0.67: probe with driver smsc95xx failed with error -22
[  701.728165][T14407] usb 6-1: new high-speed USB device number 19 using dummy_hcd
[  701.888152][T14407] usb 6-1: Using ep0 maxpacket: 32
[  701.893275][T14407] usb 6-1: config 0 has an invalid interface number: 67 but max is 0
[  701.896345][T14407] usb 6-1: config 0 has no interface number 0
[  701.900866][T14407] usb 6-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  701.904503][T14407] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  701.907493][T14407] usb 6-1: Product: syz
[  701.909271][T14407] usb 6-1: Manufacturer: syz
[  701.911054][T14407] usb 6-1: SerialNumber: syz
[  701.915155][T14407] usb 6-1: config 0 descriptor??
[  701.918600][T14407] smsc95xx v2.0.0
[  701.920080][T14407] smsc95xx 6-1:0.67 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22
[  701.923932][T14407] smsc95xx 6-1:0.67: probe with driver smsc95xx failed with error -22
[  702.535443][T18486] IPVS: sync thread started: state = MASTER, mcast_ifn = wg1, syncid = 262145, id = 0
[  703.064196][T18499] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3515'.
[  703.218970][ T5984] usb 5-1: USB disconnect, device number 26
[  704.149776][ T6040] usb 6-1: USB disconnect, device number 19
[  704.538594][T18520] FAULT_INJECTION: forcing a failure.
[  704.538594][T18520] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  704.542479][T18520] CPU: 0 UID: 0 PID: 18520 Comm: syz.1.3520 Not tainted 6.14.0-rc3-syzkaller #0
[  704.542493][T18520] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  704.542500][T18520] Call Trace:
[  704.542513][T18520]  <TASK>
[  704.542519][T18520]  dump_stack_lvl+0x16c/0x1f0
[  704.542537][T18520]  should_fail_ex+0x50a/0x650
[  704.542556][T18520]  _copy_from_user+0x2e/0xd0
[  704.542568][T18520]  move_addr_to_kernel+0x68/0x160
[  704.542581][T18520]  __get_compat_msghdr+0x3f1/0x4d0
[  704.542595][T18520]  get_compat_msghdr+0xd3/0x170
[  704.542605][T18520]  ? __pfx_get_compat_msghdr+0x10/0x10
[  704.542620][T18520]  ___sys_sendmsg+0x1b0/0x1e0
[  704.542635][T18520]  ? __pfx____sys_sendmsg+0x10/0x10
[  704.542654][T18520]  ? __pfx_lock_release+0x10/0x10
[  704.542668][T18520]  ? trace_lock_acquire+0x14e/0x1f0
[  704.542684][T18520]  ? __fget_files+0x206/0x3a0
[  704.542703][T18520]  __sys_sendmsg+0x16e/0x220
[  704.542718][T18520]  ? __pfx___sys_sendmsg+0x10/0x10
[  704.542739][T18520]  __do_fast_syscall_32+0x73/0x120
[  704.542753][T18520]  do_fast_syscall_32+0x32/0x80
[  704.542766][T18520]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  704.542783][T18520] RIP: 0023:0xf7f96579
[  704.542792][T18520] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  704.542802][T18520] RSP: 002b:00000000f50b655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  704.542812][T18520] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800011c0
[  704.542818][T18520] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  704.542824][T18520] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  704.542830][T18520] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  704.542836][T18520] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  704.542847][T18520]  </TASK>
[  704.620109][   T39] kauditd_printk_skb: 3 callbacks suppressed
[  704.620150][   T39] audit: type=1326 audit(1739814093.732:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18516 comm="syz.2.3521" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73be579 code=0x7ffc0000
[  704.669761][   T39] audit: type=1326 audit(1739814093.732:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18516 comm="syz.2.3521" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73be579 code=0x7ffc0000
[  705.252250][T18517] orangefs_mount: mount request failed with -4
[  705.314119][T18529] fuse: root generation should be zero
[  705.533313][T18538] netlink: 32 bytes leftover after parsing attributes in process `syz.3.3526'.
[  705.537778][T18538] netlink: 32 bytes leftover after parsing attributes in process `syz.3.3526'.
[  706.207779][T18549] netlink: 'syz.2.3529': attribute type 10 has an invalid length.
[  706.281011][T18549] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  706.651574][T18565] netlink: 'syz.3.3533': attribute type 1 has an invalid length.
[  707.200082][T18584] lo speed is unknown, defaulting to 1000
[  707.202486][T18584] lo speed is unknown, defaulting to 1000
[  707.205861][T18584] lo speed is unknown, defaulting to 1000
[  707.215143][T18584] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[  707.284568][T18584] lo speed is unknown, defaulting to 1000
[  707.286981][T18584] lo speed is unknown, defaulting to 1000
[  707.299079][T18587] lo speed is unknown, defaulting to 1000
[  707.317109][T18584] lo speed is unknown, defaulting to 1000
[  707.324434][T18584] lo speed is unknown, defaulting to 1000
[  707.533783][T18596] netlink: 32 bytes leftover after parsing attributes in process `syz.2.3539'.
[  708.176047][T18607] openvswitch: netlink: IPv4 frag type 255 is out of range max 2
[  708.181600][T18598] netlink: 32 bytes leftover after parsing attributes in process `syz.2.3539'.
[  708.329453][T18609] lo speed is unknown, defaulting to 1000
[  709.968784][T18662] 9pnet_fd: Insufficient options for proto=fd
[  710.262766][T18668] netlink: 'syz.2.3558': attribute type 1 has an invalid length.
[  710.265646][T18668] netlink: 'syz.2.3558': attribute type 1 has an invalid length.
[  710.628157][ T1327] usb 8-1: new high-speed USB device number 20 using dummy_hcd
[  711.001155][ T1327] usb 8-1: Using ep0 maxpacket: 32
[  711.004480][ T1327] usb 8-1: config 0 has an invalid interface number: 67 but max is 0
[  711.007387][ T1327] usb 8-1: config 0 has no interface number 0
[  711.011697][ T1327] usb 8-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  711.015078][ T1327] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  711.018141][ T1327] usb 8-1: Product: syz
[  711.019748][ T1327] usb 8-1: Manufacturer: syz
[  711.021548][ T1327] usb 8-1: SerialNumber: syz
[  711.025244][ T1327] usb 8-1: config 0 descriptor??
[  711.028680][ T1327] smsc95xx v2.0.0
[  711.030120][ T1327] smsc95xx 8-1:0.67 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22
[  711.033890][ T1327] smsc95xx 8-1:0.67: probe with driver smsc95xx failed with error -22
[  711.717665][T18697] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3565'.
[  711.720262][T18697] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3565'.
[  711.732488][T18697] bridge0: port 3(vlan1) entered blocking state
[  711.734443][T18697] bridge0: port 3(vlan1) entered disabled state
[  711.736499][T18697] vlan1: entered allmulticast mode
[  711.748763][T18697] vlan1: left allmulticast mode
[  711.810703][T18696] FAULT_INJECTION: forcing a failure.
[  711.810703][T18696] name failslab, interval 1, probability 0, space 0, times 0
[  711.814803][T18696] CPU: 3 UID: 0 PID: 18696 Comm: syz.1.3566 Not tainted 6.14.0-rc3-syzkaller #0
[  711.814828][T18696] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  711.814835][T18696] Call Trace:
[  711.814841][T18696]  <TASK>
[  711.814846][T18696]  dump_stack_lvl+0x16c/0x1f0
[  711.814865][T18696]  should_fail_ex+0x50a/0x650
[  711.814881][T18696]  ? fs_reclaim_acquire+0xae/0x150
[  711.814896][T18696]  ? iter_file_splice_write+0x1cd/0x10b0
[  711.814910][T18696]  should_failslab+0xc2/0x120
[  711.814920][T18696]  __kmalloc_noprof+0xcb/0x510
[  711.814939][T18696]  iter_file_splice_write+0x1cd/0x10b0
[  711.814957][T18696]  ? rwsem_down_write_slowpath+0xa81/0x12a0
[  711.814972][T18696]  ? __pfx___lock_acquire+0x10/0x10
[  711.814988][T18696]  ? __pfx_iter_file_splice_write+0x10/0x10
[  711.815002][T18696]  ? find_held_lock+0x2d/0x110
[  711.815017][T18696]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  711.815033][T18696]  ? ovl_splice_write+0x38e/0x630
[  711.815078][T18696]  backing_file_splice_write+0x277/0x880
[  711.815097][T18696]  ovl_splice_write+0x38e/0x630
[  711.815110][T18696]  ? __pfx_ovl_splice_write+0x10/0x10
[  711.815121][T18696]  ? __pfx_ovl_file_end_write+0x10/0x10
[  711.815137][T18696]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  711.815151][T18696]  ? rcu_is_watching+0x12/0xc0
[  711.815164][T18696]  ? splice_direct_to_actor+0x346/0xa40
[  711.815178][T18696]  ? __pfx_ovl_splice_write+0x10/0x10
[  711.815193][T18696]  direct_splice_actor+0x18f/0x6c0
[  711.815213][T18696]  splice_direct_to_actor+0x346/0xa40
[  711.815233][T18696]  ? __pfx_direct_splice_actor+0x10/0x10
[  711.815257][T18696]  ? __pfx_splice_direct_to_actor+0x10/0x10
[  711.815277][T18696]  ? __fget_files+0x1fc/0x3a0
[  711.815301][T18696]  do_splice_direct+0x178/0x250
[  711.815326][T18696]  ? __pfx_do_splice_direct+0x10/0x10
[  711.815346][T18696]  ? __pfx_direct_file_splice_eof+0x10/0x10
[  711.815368][T18696]  ? rw_verify_area+0xcf/0x680
[  711.815383][T18696]  do_sendfile+0xafb/0xe40
[  711.815399][T18696]  ? __pfx_do_sendfile+0x10/0x10
[  711.815412][T18696]  ? __fget_files+0x206/0x3a0
[  711.815429][T18696]  __ia32_compat_sys_sendfile+0x1e7/0x230
[  711.815440][T18696]  ? ksys_write+0x1ba/0x250
[  711.815453][T18696]  ? __pfx___ia32_compat_sys_sendfile+0x10/0x10
[  711.815467][T18696]  __do_fast_syscall_32+0x73/0x120
[  711.815482][T18696]  do_fast_syscall_32+0x32/0x80
[  711.815494][T18696]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  711.815512][T18696] RIP: 0023:0xf7f96579
[  711.815521][T18696] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  711.815531][T18696] RSP: 002b:00000000f509555c EFLAGS: 00000296 ORIG_RAX: 00000000000000bb
[  711.815542][T18696] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000000007
[  711.815548][T18696] RDX: 0000000000000000 RSI: 0000000080000001 RDI: 0000000000000000
[  711.815556][T18696] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  711.815561][T18696] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  711.815567][T18696] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  711.815579][T18696]  </TASK>
[  712.138702][T14407] usb 6-1: new high-speed USB device number 20 using dummy_hcd
[  712.311527][T14407] usb 6-1: config 0 has no interfaces?
[  712.318895][T14407] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  712.321410][T14407] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  712.323588][T14407] usb 6-1: Product: syz
[  712.324743][T14407] usb 6-1: Manufacturer: syz
[  712.326188][T14407] usb 6-1: SerialNumber: syz
[  712.360429][T14407] usb 6-1: config 0 descriptor??
[  712.819369][ T5984] usb 8-1: USB disconnect, device number 20
[  714.222123][T18733] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3577'.
[  714.616880][ T6436] usb 6-1: USB disconnect, device number 20
[  714.708167][ T5984] usb 5-1: new high-speed USB device number 27 using dummy_hcd
[  714.714102][T18742] ieee802154 phy0 wpan0: encryption failed: -22
[  714.858002][ T5984] usb 5-1: Using ep0 maxpacket: 32
[  714.866159][ T5984] usb 5-1: config 0 has an invalid interface number: 67 but max is 0
[  714.868758][ T5984] usb 5-1: config 0 has no interface number 0
[  714.880048][ T5984] usb 5-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  714.882683][ T5984] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  714.884963][ T5984] usb 5-1: Product: syz
[  714.886232][ T5984] usb 5-1: Manufacturer: syz
[  714.895967][ T5984] usb 5-1: SerialNumber: syz
[  714.899558][ T5984] usb 5-1: config 0 descriptor??
[  714.910565][ T5984] smsc95xx v2.0.0
[  714.911725][ T5984] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22
[  714.914650][ T5984] smsc95xx 5-1:0.67: probe with driver smsc95xx failed with error -22
[  716.719223][T14264] syz_tun: left allmulticast mode
[  716.720763][T14264] syz_tun: left promiscuous mode
[  717.129314][ T5984] usb 5-1: USB disconnect, device number 27
[  717.130151][T15718] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  717.140354][T15718] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  717.145185][T15718] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  717.154343][T15718] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  717.158954][T15718] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  717.161738][T15718] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  717.190339][T18775] lo speed is unknown, defaulting to 1000
[  717.259759][T18775] chnl_net:caif_netlink_parms(): no params data found
[  717.479478][T18775] bridge0: port 1(bridge_slave_0) entered blocking state
[  717.482241][T18775] bridge0: port 1(bridge_slave_0) entered disabled state
[  717.485181][T18775] bridge_slave_0: entered allmulticast mode
[  717.488683][T18775] bridge_slave_0: entered promiscuous mode
[  717.495621][T18775] bridge0: port 2(bridge_slave_1) entered blocking state
[  717.501863][T18775] bridge0: port 2(bridge_slave_1) entered disabled state
[  717.504626][T18775] bridge_slave_1: entered allmulticast mode
[  717.508346][T18775] bridge_slave_1: entered promiscuous mode
[  717.542407][T18775] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  717.547003][T18775] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  717.573864][T18775] team0: Port device team_slave_0 added
[  717.577779][T18775] team0: Port device team_slave_1 added
[  717.601703][T18775] batman_adv: batadv0: Adding interface: batadv_slave_0
[  717.604114][T18775] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  717.613107][T18775] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  717.617452][T18775] batman_adv: batadv0: Adding interface: batadv_slave_1
[  717.621693][T18775] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  717.629214][T18775] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  717.661253][T18775] hsr_slave_0: entered promiscuous mode
[  717.663217][T18775] hsr_slave_1: entered promiscuous mode
[  718.037482][T18775] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  718.044042][T18775] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  718.048279][T18775] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  718.051615][T18775] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  718.088951][T18775] 8021q: adding VLAN 0 to HW filter on device bond0
[  718.097063][T18775] 8021q: adding VLAN 0 to HW filter on device team0
[  718.102393][   T79] bridge0: port 1(bridge_slave_0) entered blocking state
[  718.105210][   T79] bridge0: port 1(bridge_slave_0) entered forwarding state
[  718.112921][ T5004] bridge0: port 2(bridge_slave_1) entered blocking state
[  718.115760][ T5004] bridge0: port 2(bridge_slave_1) entered forwarding state
[  718.236918][T18775] 8021q: adding VLAN 0 to HW filter on device batadv0
[  718.267903][T18811] xt_CT: You must specify a L4 protocol and not use inversions on it
[  718.280966][T18811] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98
[  718.299484][ T6025] hid (null): invalid report_count 50829
[  718.301469][ T6025] hid (null): invalid report_size 1628835084
[  718.304754][ T6025] hid-generic 0001:E5F9:0002.0006: unknown main item tag 0x3
[  718.306770][ T6025] hid-generic 0001:E5F9:0002.0006: collection stack underflow
[  718.309371][ T6025] hid-generic 0001:E5F9:0002.0006: item 0 2 0 12 parsing failed
[  718.311668][ T6025] hid-generic 0001:E5F9:0002.0006: probe with driver hid-generic failed with error -22
[  718.387250][T18775] veth0_vlan: entered promiscuous mode
[  718.391521][T18775] veth1_vlan: entered promiscuous mode
[  718.408728][T18775] veth0_macvtap: entered promiscuous mode
[  718.411876][T18775] veth1_macvtap: entered promiscuous mode
[  718.417755][T18775] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  718.420765][T18775] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  718.423625][T18775] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  718.427847][T18775] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  718.431733][T18775] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  718.434634][T18775] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  718.438260][T18775] batman_adv: batadv0: Interface activated: batadv_slave_0
[  718.443403][T18775] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  718.446368][T18775] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  718.449329][T18775] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  718.452233][T18775] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  718.456487][T18775] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  718.459775][T18775] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  718.463828][T18775] batman_adv: batadv0: Interface activated: batadv_slave_1
[  718.469899][T18775] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  718.473201][T18775] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  718.476487][T18775] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  718.479992][T18775] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  718.526342][T18822] ieee802154 phy0 wpan0: encryption failed: -22
[  718.529127][ T5004] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  718.532663][ T5004] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  718.551241][   T79] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  718.553527][   T79] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  718.641660][T18825] lo speed is unknown, defaulting to 1000
[  718.884107][T18835] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3602'.
[  719.238218][ T5956] Bluetooth: hci1: command tx timeout
[  719.458411][T18844] 9pnet: Could not find request transport: rdmaÿÿ
[  719.803769][T18855] ref_tracker: memory allocation failure, unreliable refcount tracker.
[  720.187665][T18861] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  720.220959][T18861] kvm: pic: non byte read
[  720.223789][T18861] kvm: pic: non byte read
[  720.392774][T18870] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3611'.
[  720.931908][T18885] Cannot find add_set index 3 as target
[  721.318131][ T5956] Bluetooth: hci1: command tx timeout
[  721.424780][T18889] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3617'.
[  721.470350][   T39] audit: type=1326 audit(1739814110.582:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18890 comm="syz.4.3618" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf749e579 code=0x7ffc0000
[  721.476197][   T39] audit: type=1326 audit(1739814110.582:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18890 comm="syz.4.3618" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf749e579 code=0x7ffc0000
[  721.486117][   T39] audit: type=1326 audit(1739814110.582:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18890 comm="syz.4.3618" exe="/syz-executor" sig=0 arch=40000003 syscall=105 compat=1 ip=0xf749e579 code=0x7ffc0000
[  721.486143][   T39] audit: type=1326 audit(1739814110.582:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18890 comm="syz.4.3618" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf749e579 code=0x7ffc0000
[  721.486161][   T39] audit: type=1326 audit(1739814110.582:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18890 comm="syz.4.3618" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf749e579 code=0x7ffc0000
[  721.486180][   T39] audit: type=1326 audit(1739814110.582:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18890 comm="syz.4.3618" exe="/syz-executor" sig=0 arch=40000003 syscall=241 compat=1 ip=0xf749e579 code=0x7ffc0000
[  721.486197][   T39] audit: type=1326 audit(1739814110.582:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18890 comm="syz.4.3618" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf749e579 code=0x7ffc0000
[  721.486215][   T39] audit: type=1326 audit(1739814110.582:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18890 comm="syz.4.3618" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf749e579 code=0x7ffc0000
[  721.486232][   T39] audit: type=1326 audit(1739814110.582:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18890 comm="syz.4.3618" exe="/syz-executor" sig=0 arch=40000003 syscall=337 compat=1 ip=0xf749e579 code=0x7ffc0000
[  721.486249][   T39] audit: type=1326 audit(1739814110.582:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18890 comm="syz.4.3618" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf749e579 code=0x7ffc0000
[  722.098587][T18894] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3619'.
[  722.272651][T18906] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3621'.
[  723.337072][T18959] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3631'.
[  723.398498][ T5956] Bluetooth: hci1: command tx timeout
[  723.683932][T18969] trusted_key: encrypted_key: key user:syz not found
[  724.754431][T18999] rdma_rxe: rxe_newlink: rxe creation allowed on top of a real device only
[  724.772041][T18999] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3639'.
[  724.942516][T19001] lo speed is unknown, defaulting to 1000
[  724.998060][   T56] usb 5-1: new high-speed USB device number 28 using dummy_hcd
[  725.168056][   T56] usb 5-1: Using ep0 maxpacket: 32
[  725.232921][   T12] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  725.269143][   T56] usb 5-1: config 0 has an invalid interface number: 67 but max is 0
[  725.271523][   T56] usb 5-1: config 0 has no interface number 0
[  725.274921][   T56] usb 5-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  725.277580][   T56] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  725.280052][   T56] usb 5-1: Product: syz
[  725.281324][   T56] usb 5-1: Manufacturer: syz
[  725.282661][   T56] usb 5-1: SerialNumber: syz
[  725.299018][   T56] usb 5-1: config 0 descriptor??
[  725.301932][   T56] smsc95xx v2.0.0
[  725.303038][   T56] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22
[  725.305959][   T56] smsc95xx 5-1:0.67: probe with driver smsc95xx failed with error -22
[  725.328427][   T12] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  725.414164][   T12] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  725.433720][T19020] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(9)
[  725.435645][T19020] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  725.438077][T19020] vhci_hcd vhci_hcd.0: Device attached
[  725.478102][ T5956] Bluetooth: hci1: command tx timeout
[  725.484110][   T12] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  725.498071][ T3220] usb 9-1: new high-speed USB device number 2 using dummy_hcd
[  725.606361][T19021] vhci_hcd: connection closed
[  725.606685][ T5004] vhci_hcd: stop threads
[  725.609500][ T5004] vhci_hcd: release socket
[  725.611261][ T5004] vhci_hcd: disconnect device
[  725.613286][   T12] bridge_slave_1: left allmulticast mode
[  725.615290][   T12] bridge_slave_1: left promiscuous mode
[  725.617353][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  725.618313][ T6040] vhci_hcd: vhci_device speed not set
[  725.622836][   T12] bridge_slave_0: left allmulticast mode
[  725.624748][   T12] bridge_slave_0: left promiscuous mode
[  725.626759][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  725.658130][ T3220] usb 9-1: Using ep0 maxpacket: 32
[  725.661327][ T3220] usb 9-1: config 0 has an invalid interface number: 67 but max is 0
[  725.664035][ T3220] usb 9-1: config 0 has no interface number 0
[  725.669106][ T3220] usb 9-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  725.672145][ T3220] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  725.674815][ T3220] usb 9-1: Product: syz
[  725.676261][ T3220] usb 9-1: Manufacturer: syz
[  725.677840][ T3220] usb 9-1: SerialNumber: syz
[  725.681129][ T3220] usb 9-1: config 0 descriptor??
[  725.684357][ T3220] smsc95xx v2.0.0
[  725.689376][ T3220] smsc95xx 9-1:0.67 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22
[  725.692965][ T3220] smsc95xx 9-1:0.67: probe with driver smsc95xx failed with error -22
[  726.042537][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  726.046563][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  726.051981][   T12] bond0 (unregistering): (slave wlan1): Releasing backup interface
[  726.057210][   T12] bond0 (unregistering): Released all slaves
[  726.178785][   T12] IPVS: stopping master sync thread 18486 ...
[  726.436529][   T12] hsr_slave_0: left promiscuous mode
[  726.441922][   T12] hsr_slave_1: left promiscuous mode
[  726.443736][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  726.445834][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[  726.448499][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  726.450581][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[  726.474356][   T12] veth1_macvtap: left promiscuous mode
[  726.475969][   T12] veth0_macvtap: left promiscuous mode
[  726.477775][   T12] veth1_vlan: left promiscuous mode
[  726.481300][   T12] veth0_vlan: left promiscuous mode
[  727.382022][   T56] usb 5-1: USB disconnect, device number 28
[  727.614792][   T12] team0 (unregistering): Port device team_slave_1 removed
[  727.707587][T19053] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3646'.
[  727.709246][   T56] usb 9-1: USB disconnect, device number 2
[  727.717429][T19053] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3646'.
[  727.846714][   T12] team0 (unregistering): Port device team_slave_0 removed
[  727.978010][T19056] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  729.678407][ T3220] usb 6-1: new high-speed USB device number 21 using dummy_hcd
[  729.848052][ T3220] usb 6-1: Using ep0 maxpacket: 32
[  729.852160][ T3220] usb 6-1: config 0 has an invalid interface number: 67 but max is 0
[  729.856734][ T3220] usb 6-1: config 0 has no interface number 0
[  729.862864][ T3220] usb 6-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  729.866628][ T3220] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  729.871206][ T3220] usb 6-1: Product: syz
[  729.873534][ T3220] usb 6-1: Manufacturer: syz
[  729.874934][ T3220] usb 6-1: SerialNumber: syz
[  729.881975][ T3220] usb 6-1: config 0 descriptor??
[  729.888722][ T3220] smsc95xx v2.0.0
[  729.891450][ T3220] smsc95xx 6-1:0.67 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22
[  729.901570][ T3220] smsc95xx 6-1:0.67: probe with driver smsc95xx failed with error -22
[  730.112176][   T12] IPVS: stop unused estimator thread 0...
[  730.617999][ T3220] usb 9-1: new high-speed USB device number 3 using dummy_hcd
[  730.768033][ T3220] usb 9-1: Using ep0 maxpacket: 32
[  730.771126][ T3220] usb 9-1: config 0 has an invalid interface number: 67 but max is 0
[  730.773778][ T3220] usb 9-1: config 0 has no interface number 0
[  730.784234][ T3220] usb 9-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  730.789148][ T3220] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  730.792448][ T3220] usb 9-1: Product: syz
[  730.793989][ T3220] usb 9-1: Manufacturer: syz
[  730.797769][ T3220] usb 9-1: SerialNumber: syz
[  730.811647][T19127] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3659'.
[  730.814580][T19127] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3659'.
[  730.927297][ T3220] usb 9-1: config 0 descriptor??
[  730.931728][ T3220] smsc95xx v2.0.0
[  730.932987][ T3220] smsc95xx 9-1:0.67 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22
[  730.936556][ T3220] smsc95xx 9-1:0.67: probe with driver smsc95xx failed with error -22
[  731.349796][T19130] lo speed is unknown, defaulting to 1000
[  731.373251][T19133] ata1.00: invalid command format 189
[  732.078466][ T6040] usb 6-1: USB disconnect, device number 21
[  732.909579][   T56] usb 9-1: USB disconnect, device number 3
[  735.108981][ T5956] Bluetooth: unknown link type 108
[  735.111962][ T5956] Bluetooth: hci2: connection err: -111
[  735.498123][   T56] usb 5-1: new high-speed USB device number 29 using dummy_hcd
[  735.608103][   T64] usb 9-1: new high-speed USB device number 4 using dummy_hcd
[  735.678128][   T56] usb 5-1: Using ep0 maxpacket: 32
[  735.680803][T19195] ISOFS: Unable to identify CD-ROM format.
[  735.681699][   T56] usb 5-1: config 0 has an invalid interface number: 67 but max is 0
[  735.686132][   T56] usb 5-1: config 0 has no interface number 0
[  735.689972][   T56] usb 5-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  735.692594][   T56] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  735.695095][   T56] usb 5-1: Product: syz
[  735.696486][   T56] usb 5-1: Manufacturer: syz
[  735.698601][   T56] usb 5-1: SerialNumber: syz
[  735.702966][   T56] usb 5-1: config 0 descriptor??
[  735.706404][   T56] smsc95xx v2.0.0
[  735.707755][   T56] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22
[  735.711391][   T56] smsc95xx 5-1:0.67: probe with driver smsc95xx failed with error -22
[  735.760946][   T64] usb 9-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  735.764220][   T64] usb 9-1: config 1 has an invalid descriptor of length 48, skipping remainder of the config
[  735.768798][   T64] usb 9-1: config 1 has 1 interface, different from the descriptor's value: 66
[  735.772295][   T64] usb 9-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 48, changing to 9
[  735.776458][   T64] usb 9-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24624, setting to 1024
[  735.782666][   T64] usb 9-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  735.785995][   T64] usb 9-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  735.789597][   T64] usb 9-1: Product: syz
[  735.791279][   T64] usb 9-1: Manufacturer: syz
[  735.795948][   T64] cdc_wdm 9-1:1.0: skipping garbage
[  735.798158][   T64] cdc_wdm 9-1:1.0: skipping garbage
[  735.801039][   T64] cdc_wdm 9-1:1.0: cdc-wdm0: USB WDM device
[  735.803513][   T64] cdc_wdm 9-1:1.0: Unknown control protocol
[  736.002633][ T6040] usb 9-1: USB disconnect, device number 4
[  736.498117][ T6040] usb 9-1: new high-speed USB device number 5 using dummy_hcd
[  736.649482][ T6040] usb 9-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  736.651965][ T6040] usb 9-1: config 1 has an invalid descriptor of length 48, skipping remainder of the config
[  736.655849][ T6040] usb 9-1: config 1 has 1 interface, different from the descriptor's value: 66
[  736.659148][ T6040] usb 9-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 48, changing to 9
[  736.662594][ T6040] usb 9-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24624, setting to 1024
[  736.667295][ T6040] usb 9-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  736.670498][ T6040] usb 9-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  736.672772][ T6040] usb 9-1: Product: syz
[  736.673995][ T6040] usb 9-1: Manufacturer: syz
[  736.677477][ T6040] cdc_wdm 9-1:1.0: skipping garbage
[  736.679378][ T6040] cdc_wdm 9-1:1.0: skipping garbage
[  736.681557][ T6040] cdc_wdm 9-1:1.0: cdc-wdm0: USB WDM device
[  736.683293][ T6040] cdc_wdm 9-1:1.0: Unknown control protocol
[  737.147830][   T56] usb 5-1: USB disconnect, device number 29
[  737.504095][T19220] lo speed is unknown, defaulting to 1000
[  737.508622][T19221] 9pnet_fd: Insufficient options for proto=fd
[  737.652379][T19224] netlink: 'syz.0.3682': attribute type 5 has an invalid length.
[  738.787486][    C1] cdc_wdm 9-1:1.0: nonzero urb status received: -71
[  738.787569][    T8] usb 9-1: USB disconnect, device number 5
[  738.789581][    C1] cdc_wdm 9-1:1.0: wdm_int_callback - 0 bytes
[  738.793535][    C1] cdc_wdm 9-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19
[  739.830052][T19260] netlink: 'syz.4.3693': attribute type 1 has an invalid length.
[  740.035132][T19263] CIFS mount error: No usable UNC path provided in device string!
[  740.035132][T19263] 
[  740.038179][T19263] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  740.330711][T19269] kvm: MONITOR instruction emulated as NOP!
[  740.334151][T19269] FAULT_INJECTION: forcing a failure.
[  740.334151][T19269] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  740.338417][T19269] CPU: 3 UID: 0 PID: 19269 Comm: syz.4.3697 Not tainted 6.14.0-rc3-syzkaller #0
[  740.338433][T19269] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  740.338439][T19269] Call Trace:
[  740.338472][T19269]  <TASK>
[  740.338478][T19269]  dump_stack_lvl+0x16c/0x1f0
[  740.338543][T19269]  should_fail_ex+0x50a/0x650
[  740.338598][T19269]  __kvm_read_guest_page+0x16b/0x210
[  740.338631][T19269]  kvm_fetch_guest_virt+0x128/0x1a0
[  740.338672][T19269]  __do_insn_fetch_bytes+0x420/0x6d0
[  740.338690][T19269]  ? __pfx___do_insn_fetch_bytes+0x10/0x10
[  740.338708][T19269]  ? vmx_vcpu_load_vmcs+0x26b/0x850
[  740.338738][T19269]  x86_decode_insn+0xb91/0x5530
[  740.338755][T19269]  ? vmx_segment_cache_test_set+0x14b/0x400
[  740.338771][T19269]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  740.338813][T19269]  ? __pfx_x86_decode_insn+0x10/0x10
[  740.338825][T19269]  ? vmx_cache_reg+0x333/0x5e0
[  740.338838][T19269]  ? kvm_register_read_raw+0xe9/0x240
[  740.338853][T19269]  ? init_decode_cache+0xd/0x210
[  740.338865][T19269]  ? init_emulate_ctxt+0x338/0x510
[  740.338876][T19269]  ? __pfx_init_emulate_ctxt+0x10/0x10
[  740.338887][T19269]  ? mark_lock+0xb5/0xc60
[  740.338921][T19269]  x86_emulate_instruction+0x9c1/0x1a90
[  740.338937][T19269]  handle_ud+0x104/0x280
[  740.338947][T19269]  ? __pfx_handle_ud+0x10/0x10
[  740.338964][T19269]  handle_exception_nmi+0x83e/0x1410
[  740.338981][T19269]  ? trace_lock_acquire+0x14e/0x1f0
[  740.338992][T19269]  ? __pfx_handle_exception_nmi+0x10/0x10
[  740.339009][T19269]  vmx_handle_exit+0x6a4/0x1a30
[  740.339027][T19269]  vcpu_run+0x3032/0x4f50
[  740.339044][T19269]  ? __pfx_vcpu_run+0x10/0x10
[  740.339054][T19269]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  740.339068][T19269]  ? rcu_is_watching+0x12/0xc0
[  740.339080][T19269]  ? trace_lock_acquire+0x14e/0x1f0
[  740.339091][T19269]  ? __local_bh_enable_ip+0xa4/0x120
[  740.339127][T19269]  ? lockdep_hardirqs_on+0x7c/0x110
[  740.339155][T19269]  ? kvm_arch_vcpu_ioctl_run+0x1a8/0x17f0
[  740.339167][T19269]  ? lock_acquire+0x2f/0xb0
[  740.339183][T19269]  ? kvm_arch_vcpu_ioctl_run+0x865/0x17f0
[  740.339194][T19269]  kvm_arch_vcpu_ioctl_run+0x865/0x17f0
[  740.339209][T19269]  kvm_vcpu_ioctl+0x5ea/0x16b0
[  740.339223][T19269]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  740.339235][T19269]  ? tomoyo_path_number_perm+0x190/0x590
[  740.339266][T19269]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  740.339278][T19269]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  740.339294][T19269]  ? do_vfs_ioctl+0x513/0x1990
[  740.339323][T19269]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  740.339342][T19269]  ? __pfx_lock_release+0x10/0x10
[  740.339355][T19269]  ? trace_lock_acquire+0x14e/0x1f0
[  740.339368][T19269]  kvm_vcpu_compat_ioctl+0x210/0x3d0
[  740.339381][T19269]  ? __pfx_kvm_vcpu_compat_ioctl+0x10/0x10
[  740.339394][T19269]  ? __fget_files+0x206/0x3a0
[  740.339432][T19269]  ? __pfx_kvm_vcpu_compat_ioctl+0x10/0x10
[  740.339457][T19269]  __do_compat_sys_ioctl+0x1cb/0x2c0
[  740.339471][T19269]  __do_fast_syscall_32+0x73/0x120
[  740.339485][T19269]  do_fast_syscall_32+0x32/0x80
[  740.339497][T19269]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  740.339515][T19269] RIP: 0023:0xf749e579
[  740.339524][T19269] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  740.339534][T19269] RSP: 002b:00000000f512655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  740.339561][T19269] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000000ae80
[  740.339568][T19269] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  740.339574][T19269] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  740.339579][T19269] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  740.339585][T19269] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  740.339598][T19269]  </TASK>
[  740.995142][T19285] netlink: 'syz.4.3702': attribute type 1 has an invalid length.
[  741.791360][T19304] netdevsim netdevsim0: loading /lib/firmware/. failed with error -22
[  741.795813][T19304] netdevsim netdevsim0: Direct firmware load for . failed with error -22
[  741.799512][T19304] netdevsim netdevsim0: Falling back to sysfs fallback for: .
[  742.711926][T19317] netlink: 'syz.0.3711': attribute type 1 has an invalid length.
[  742.738133][   T56] usb 8-1: new high-speed USB device number 21 using dummy_hcd
[  742.918108][   T56] usb 8-1: Using ep0 maxpacket: 32
[  742.925430][   T56] usb 8-1: config 0 has an invalid interface number: 67 but max is 0
[  742.927681][   T56] usb 8-1: config 0 has no interface number 0
[  742.933544][   T56] usb 8-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  742.936129][   T56] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  742.938457][   T56] usb 8-1: Product: syz
[  742.939666][   T56] usb 8-1: Manufacturer: syz
[  742.940964][   T56] usb 8-1: SerialNumber: syz
[  742.947496][   T56] usb 8-1: config 0 descriptor??
[  742.970906][   T56] smsc95xx v2.0.0
[  742.972133][   T56] smsc95xx 8-1:0.67 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22
[  742.975441][   T56] smsc95xx 8-1:0.67: probe with driver smsc95xx failed with error -22
[  743.608720][ T3220] usb 9-1: new high-speed USB device number 6 using dummy_hcd
[  743.938015][ T3220] usb 9-1: Using ep0 maxpacket: 32
[  743.940856][ T3220] usb 9-1: config 0 has an invalid interface number: 67 but max is 0
[  743.943219][ T3220] usb 9-1: config 0 has no interface number 0
[  743.946709][ T3220] usb 9-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  743.949444][ T3220] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  743.951791][ T3220] usb 9-1: Product: syz
[  743.953098][ T3220] usb 9-1: Manufacturer: syz
[  743.955733][ T3220] usb 9-1: SerialNumber: syz
[  743.960321][ T3220] usb 9-1: config 0 descriptor??
[  743.963956][ T3220] smsc95xx v2.0.0
[  743.966228][ T3220] smsc95xx 9-1:0.67 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22
[  743.971950][ T3220] smsc95xx 9-1:0.67: probe with driver smsc95xx failed with error -22
[  744.173964][   T56] usb 5-1: new high-speed USB device number 30 using dummy_hcd
[  744.338015][   T56] usb 5-1: Using ep0 maxpacket: 32
[  744.341567][   T56] usb 5-1: config 0 has an invalid interface number: 67 but max is 0
[  744.344757][   T56] usb 5-1: config 0 has no interface number 0
[  744.350072][   T56] usb 5-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  744.354048][   T56] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  744.357382][   T56] usb 5-1: Product: syz
[  744.365642][   T56] usb 5-1: Manufacturer: syz
[  744.367649][   T56] usb 5-1: SerialNumber: syz
[  744.371116][   T56] usb 5-1: config 0 descriptor??
[  744.374532][   T56] smsc95xx v2.0.0
[  744.375811][   T56] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22
[  744.379016][   T56] smsc95xx 5-1:0.67: probe with driver smsc95xx failed with error -22
[  745.212370][   T56] usb 8-1: USB disconnect, device number 21
[  745.803987][   T56] usb 9-1: USB disconnect, device number 6
[  745.900429][ T3220] usb 5-1: USB disconnect, device number 30
[  746.405440][T19349] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3719'.
[  746.412152][T19349] x_tables: ip_tables: rpfilter match: used from hooks FORWARD, but only valid from PREROUTING
[  746.840317][ T1412] ieee802154 phy0 wpan0: encryption failed: -22
[  746.842826][ T1412] ieee802154 phy1 wpan1: encryption failed: -22
[  747.116146][T19361] xt_TPROXY: Can be used only with -p tcp or -p udp
[  747.404574][T19374] netlink: 'syz.4.3727': attribute type 1 has an invalid length.
[  748.203846][T19391] veth1_macvtap: left promiscuous mode
[  748.394653][T19392] lo speed is unknown, defaulting to 1000
[  749.142732][T19413] FAULT_INJECTION: forcing a failure.
[  749.142732][T19413] name failslab, interval 1, probability 0, space 0, times 0
[  749.146288][T19413] CPU: 0 UID: 0 PID: 19413 Comm: syz.4.3740 Not tainted 6.14.0-rc3-syzkaller #0
[  749.146304][T19413] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  749.146311][T19413] Call Trace:
[  749.146316][T19413]  <TASK>
[  749.146320][T19413]  dump_stack_lvl+0x16c/0x1f0
[  749.146338][T19413]  should_fail_ex+0x50a/0x650
[  749.146354][T19413]  ? fs_reclaim_acquire+0xae/0x150
[  749.146395][T19413]  ? bpf_ctx_init+0xf8/0x1d0
[  749.146430][T19413]  should_failslab+0xc2/0x120
[  749.146464][T19413]  __kmalloc_noprof+0xcb/0x510
[  749.146481][T19413]  ? _copy_from_user+0x59/0xd0
[  749.146516][T19413]  bpf_ctx_init+0xf8/0x1d0
[  749.146528][T19413]  bpf_prog_test_run_nf+0x2a3/0xb10
[  749.146542][T19413]  ? __pfx_bpf_prog_test_run_nf+0x10/0x10
[  749.146559][T19413]  ? fput+0x67/0x440
[  749.146571][T19413]  ? __bpf_prog_get+0xa0/0x290
[  749.146604][T19413]  ? __pfx_bpf_prog_test_run_nf+0x10/0x10
[  749.146617][T19413]  __sys_bpf+0xfc6/0x49c0
[  749.146632][T19413]  ? __pfx_lock_release+0x10/0x10
[  749.146650][T19413]  ? __pfx___sys_bpf+0x10/0x10
[  749.146664][T19413]  ? vfs_write+0x306/0x1150
[  749.146681][T19413]  ? __mutex_unlock_slowpath+0x164/0x6a0
[  749.146702][T19413]  ? fput+0x67/0x440
[  749.146711][T19413]  ? ksys_write+0x1ba/0x250
[  749.146724][T19413]  ? __pfx_ksys_write+0x10/0x10
[  749.146740][T19413]  __ia32_sys_bpf+0x76/0xe0
[  749.146750][T19413]  __do_fast_syscall_32+0x73/0x120
[  749.146763][T19413]  do_fast_syscall_32+0x32/0x80
[  749.146776][T19413]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  749.146794][T19413] RIP: 0023:0xf749e579
[  749.146804][T19413] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  749.146814][T19413] RSP: 002b:00000000f512655c EFLAGS: 00000296 ORIG_RAX: 0000000000000165
[  749.146824][T19413] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 00000000800002c0
[  749.146831][T19413] RDX: 0000000000000050 RSI: 0000000000000000 RDI: 0000000000000000
[  749.146836][T19413] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  749.146842][T19413] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  749.146847][T19413] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  749.146859][T19413]  </TASK>
[  749.210438][    C0] vkms_vblank_simulate: vblank timer overrun
[  749.613712][T19433] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3744'.
[  750.118078][T15718] Bluetooth: hci1: command 0x0405 tx timeout
[  750.537541][T19449] netfs: Couldn't get user pages (rc=-14)
[  751.036206][T19448] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  751.042446][T19448] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  751.044593][T19448] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  751.046577][T19448] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  751.048800][T19448] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  751.058621][T19448] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  751.621055][T19472] ata3.00: invalid multi_count 1 ignored
[  752.518116][T15718] Bluetooth: hci4: command 0x0406 tx timeout
[  752.982635][T19472] lo speed is unknown, defaulting to 1000
[  753.078138][T15718] Bluetooth: hci1: command 0x0405 tx timeout
[  753.078234][ T5956] Bluetooth: hci0: command 0x0406 tx timeout
[  753.080555][T15718] Bluetooth: hci2: command 0x0406 tx timeout
[  753.268065][ T3220] usb 9-1: new high-speed USB device number 7 using dummy_hcd
[  753.418014][ T3220] usb 9-1: Using ep0 maxpacket: 32
[  753.426913][ T3220] usb 9-1: config 0 has an invalid interface number: 67 but max is 0
[  753.431585][ T3220] usb 9-1: config 0 has no interface number 0
[  753.439106][ T3220] usb 9-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  753.446862][ T3220] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  753.452051][ T3220] usb 9-1: Product: syz
[  753.455813][ T3220] usb 9-1: Manufacturer: syz
[  753.458643][ T3220] usb 9-1: SerialNumber: syz
[  753.465461][ T3220] usb 9-1: config 0 descriptor??
[  753.472033][ T3220] smsc95xx v2.0.0
[  753.474465][ T3220] smsc95xx 9-1:0.67 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22
[  753.480977][ T3220] smsc95xx 9-1:0.67: probe with driver smsc95xx failed with error -22
[  755.160773][ T3220] usb 9-1: USB disconnect, device number 7
[  755.168140][T15718] Bluetooth: hci1: command 0x0405 tx timeout
[  755.914649][T19545] cgroup: name respecified
[  755.918139][ T6040] kernel write not supported for file /sequencer (pid: 6040 comm: kworker/2:4)
[  757.238019][T15718] Bluetooth: hci1: command 0x0405 tx timeout
[  757.328170][   T35] usb 9-1: new high-speed USB device number 8 using dummy_hcd
[  757.488209][   T35] usb 9-1: Using ep0 maxpacket: 32
[  757.495124][   T35] usb 9-1: config 0 has an invalid interface number: 67 but max is 0
[  757.498463][   T35] usb 9-1: config 0 has no interface number 0
[  757.503768][   T35] usb 9-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  757.507099][   T35] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  757.510052][   T35] usb 9-1: Product: syz
[  757.511251][   T35] usb 9-1: Manufacturer: syz
[  757.512635][   T35] usb 9-1: SerialNumber: syz
[  757.516952][   T35] usb 9-1: config 0 descriptor??
[  757.521301][   T35] smsc95xx v2.0.0
[  757.522773][   T35] smsc95xx 9-1:0.67 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22
[  757.526708][   T35] smsc95xx 9-1:0.67: probe with driver smsc95xx failed with error -22
[  757.891108][T19581] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3782'.
[  757.895689][T19581] x_tables: ip_tables: rpfilter match: used from hooks FORWARD, but only valid from PREROUTING
[  758.081365][T19586] ntfs3(nbd3): try to read out of volume at offset 0x0
[  759.229500][T19616] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3791'.
[  759.609654][ T5984] usb 9-1: USB disconnect, device number 8
[  759.713301][T19624] netlink: 'syz.4.3794': attribute type 1 has an invalid length.
[  759.836715][T19629] FAULT_INJECTION: forcing a failure.
[  759.836715][T19629] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  759.850179][T19629] CPU: 0 UID: 0 PID: 19629 Comm: syz.0.3796 Not tainted 6.14.0-rc3-syzkaller #0
[  759.850195][T19629] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  759.850202][T19629] Call Trace:
[  759.850215][T19629]  <TASK>
[  759.850222][T19629]  dump_stack_lvl+0x16c/0x1f0
[  759.850240][T19629]  should_fail_ex+0x50a/0x650
[  759.850256][T19629]  ? __pfx_device_write+0x10/0x10
[  759.850300][T19629]  ? __pfx_device_write+0x10/0x10
[  759.850309][T19629]  _copy_from_user+0x2e/0xd0
[  759.850321][T19629]  memdup_user_nul+0x72/0x110
[  759.850358][T19629]  device_write+0xc2/0x1e60
[  759.850369][T19629]  ? __pfx_device_write+0x10/0x10
[  759.850379][T19629]  ? apparmor_file_permission+0x251/0x400
[  759.850392][T19629]  ? bpf_lsm_file_permission+0x9/0x10
[  759.850432][T19629]  ? security_file_permission+0x71/0x210
[  759.850474][T19629]  ? rw_verify_area+0xcf/0x680
[  759.850488][T19629]  ? __pfx_device_write+0x10/0x10
[  759.850497][T19629]  vfs_write+0x24c/0x1150
[  759.850512][T19629]  ? __fget_files+0x1fc/0x3a0
[  759.850528][T19629]  ? __pfx_lock_release+0x10/0x10
[  759.850543][T19629]  ? __pfx_vfs_write+0x10/0x10
[  759.850556][T19629]  ? lock_acquire+0x2f/0xb0
[  759.850577][T19629]  ? __fget_files+0x40/0x3a0
[  759.850595][T19629]  ? __fget_files+0x206/0x3a0
[  759.850612][T19629]  ksys_write+0x12b/0x250
[  759.850625][T19629]  ? __pfx_ksys_write+0x10/0x10
[  759.850642][T19629]  __do_fast_syscall_32+0x73/0x120
[  759.850657][T19629]  do_fast_syscall_32+0x32/0x80
[  759.850669][T19629]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  759.850686][T19629] RIP: 0023:0xf7fc6579
[  759.850695][T19629] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  759.850705][T19629] RSP: 002b:00000000f50e655c EFLAGS: 00000296 ORIG_RAX: 0000000000000004
[  759.850715][T19629] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800005c0
[  759.850721][T19629] RDX: 0000000000000070 RSI: 0000000000000000 RDI: 0000000000000000
[  759.850727][T19629] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  759.850733][T19629] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  759.850739][T19629] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  759.850751][T19629]  </TASK>
[  760.139143][T19635] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3797'.
[  760.908171][ T5984] usb 6-1: new high-speed USB device number 22 using dummy_hcd
[  760.966282][T19656] netlink: 'syz.4.3805': attribute type 1 has an invalid length.
[  761.073243][T19657] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3803'.
[  761.159136][T19663] IPVS: sync thread started: state = MASTER, mcast_ifn = wg1, syncid = 262145, id = 0
[  761.168688][T19664] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3804'.
[  761.228061][ T5984] usb 6-1: Using ep0 maxpacket: 32
[  761.231890][ T5984] usb 6-1: config 0 has an invalid interface number: 67 but max is 0
[  761.234488][ T5984] usb 6-1: config 0 has no interface number 0
[  761.240769][ T5984] usb 6-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  761.243587][ T5984] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  761.246096][ T5984] usb 6-1: Product: syz
[  761.247429][ T5984] usb 6-1: Manufacturer: syz
[  761.249103][ T5984] usb 6-1: SerialNumber: syz
[  761.256069][ T5984] usb 6-1: config 0 descriptor??
[  761.261514][ T5984] smsc95xx v2.0.0
[  761.262901][ T5984] smsc95xx 6-1:0.67 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22
[  761.270521][ T5984] smsc95xx 6-1:0.67: probe with driver smsc95xx failed with error -22
[  761.872137][T19671] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3807'.
[  762.028505][T19685] FAULT_INJECTION: forcing a failure.
[  762.028505][T19685] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  762.031842][T19685] CPU: 2 UID: 0 PID: 19685 Comm: syz.0.3813 Not tainted 6.14.0-rc3-syzkaller #0
[  762.031856][T19685] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  762.031863][T19685] Call Trace:
[  762.031868][T19685]  <TASK>
[  762.031874][T19685]  dump_stack_lvl+0x16c/0x1f0
[  762.031891][T19685]  should_fail_ex+0x50a/0x650
[  762.031909][T19685]  _copy_to_user+0x32/0xd0
[  762.031922][T19685]  simple_read_from_buffer+0xd0/0x160
[  762.031937][T19685]  proc_fail_nth_read+0x198/0x270
[  762.031979][T19685]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  762.031992][T19685]  ? rw_verify_area+0xcf/0x680
[  762.032005][T19685]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  762.032017][T19685]  vfs_read+0x1df/0xbf0
[  762.032031][T19685]  ? __fget_files+0x1fc/0x3a0
[  762.032048][T19685]  ? __pfx___mutex_lock+0x10/0x10
[  762.032061][T19685]  ? __pfx_vfs_read+0x10/0x10
[  762.032078][T19685]  ? __fget_files+0x206/0x3a0
[  762.032096][T19685]  ksys_read+0x12b/0x250
[  762.032109][T19685]  ? __pfx_ksys_read+0x10/0x10
[  762.032124][T19685]  ? rcu_is_watching+0x12/0xc0
[  762.032137][T19685]  __do_fast_syscall_32+0x73/0x120
[  762.032150][T19685]  do_fast_syscall_32+0x32/0x80
[  762.032163][T19685]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  762.032181][T19685] RIP: 0023:0xf7fc6579
[  762.032189][T19685] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  762.032199][T19685] RSP: 002b:00000000f50e6590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  762.032209][T19685] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000f50e6620
[  762.032216][T19685] RDX: 000000000000000f RSI: 00000000f744cff4 RDI: 0000000000000000
[  762.032222][T19685] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  762.032227][T19685] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  762.032233][T19685] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  762.032245][T19685]  </TASK>
[  762.083605][    C2] vkms_vblank_simulate: vblank timer overrun
[  762.179342][T19687] netlink: 'syz.0.3814': attribute type 1 has an invalid length.
[  762.449119][T19695] openvswitch: netlink: Actions may not be safe on all matching packets
[  762.670166][T19703] input: syz1 as /devices/virtual/input/input15
[  762.817457][T19701] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3820'.
[  763.370954][ T5984] usb 6-1: USB disconnect, device number 22
[  764.469147][T19741] lo speed is unknown, defaulting to 1000
[  764.680252][T19746] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3832'.
[  764.993453][T19725] block nbd3: shutting down sockets
[  765.293121][T19752] FAULT_INJECTION: forcing a failure.
[  765.293121][T19752] name failslab, interval 1, probability 0, space 0, times 0
[  765.296938][T19752] CPU: 2 UID: 0 PID: 19752 Comm: syz.4.3834 Not tainted 6.14.0-rc3-syzkaller #0
[  765.296955][T19752] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  765.296963][T19752] Call Trace:
[  765.296968][T19752]  <TASK>
[  765.296973][T19752]  dump_stack_lvl+0x16c/0x1f0
[  765.296993][T19752]  should_fail_ex+0x50a/0x650
[  765.297010][T19752]  ? fs_reclaim_acquire+0xae/0x150
[  765.297025][T19752]  should_failslab+0xc2/0x120
[  765.297037][T19752]  kmem_cache_alloc_node_noprof+0x72/0x3c0
[  765.297053][T19752]  ? __pfx_mark_lock+0x10/0x10
[  765.297068][T19752]  ? __alloc_skb+0x2b1/0x380
[  765.297110][T19752]  __alloc_skb+0x2b1/0x380
[  765.297126][T19752]  ? __pfx___alloc_skb+0x10/0x10
[  765.297140][T19752]  ? hlock_class+0x4e/0x130
[  765.297150][T19752]  ? __lock_acquire+0xcc5/0x3c40
[  765.297165][T19752]  ? aa_label_sk_perm+0x19d/0x5a0
[  765.297178][T19752]  alloc_skb_with_frags+0xe4/0x850
[  765.297195][T19752]  ? __pfx_aa_label_sk_perm+0x10/0x10
[  765.297209][T19752]  sock_alloc_send_pskb+0x7f1/0x980
[  765.297228][T19752]  ? __pfx_sock_alloc_send_pskb+0x10/0x10
[  765.297244][T19752]  ? trace_lock_acquire+0x14e/0x1f0
[  765.297256][T19752]  ? __pfx___might_resched+0x10/0x10
[  765.297297][T19752]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  765.297316][T19752]  hci_sock_sendmsg+0x1c8/0x25e0
[  765.297356][T19752]  ? __pfx_aa_sk_perm+0x10/0x10
[  765.297367][T19752]  ? __pfx_hci_sock_sendmsg+0x10/0x10
[  765.297386][T19752]  sock_write_iter+0x4fe/0x5b0
[  765.297398][T19752]  ? __pfx_sock_write_iter+0x10/0x10
[  765.297413][T19752]  ? bpf_lsm_file_permission+0x9/0x10
[  765.297430][T19752]  ? security_file_permission+0x71/0x210
[  765.297444][T19752]  ? rw_verify_area+0xcf/0x680
[  765.297458][T19752]  vfs_write+0x5ae/0x1150
[  765.297473][T19752]  ? __pfx_sock_write_iter+0x10/0x10
[  765.297485][T19752]  ? __pfx_vfs_write+0x10/0x10
[  765.297500][T19752]  ? __fget_files+0x40/0x3a0
[  765.297521][T19752]  ksys_write+0x207/0x250
[  765.297536][T19752]  ? __pfx_ksys_write+0x10/0x10
[  765.297553][T19752]  __do_fast_syscall_32+0x73/0x120
[  765.297568][T19752]  do_fast_syscall_32+0x32/0x80
[  765.297581][T19752]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  765.297599][T19752] RIP: 0023:0xf749e579
[  765.297608][T19752] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  765.297618][T19752] RSP: 002b:00000000f512655c EFLAGS: 00000296 ORIG_RAX: 0000000000000004
[  765.297629][T19752] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000000
[  765.297635][T19752] RDX: 000000000000000d RSI: 0000000000000000 RDI: 0000000000000000
[  765.297642][T19752] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  765.297648][T19752] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  765.297654][T19752] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  765.297665][T19752]  </TASK>
[  765.381992][    C2] vkms_vblank_simulate: vblank timer overrun
[  765.530481][T19760] 9pnet_fd: p9_fd_create_unix (19760): address too long: ./file1aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
[  765.599666][T19760] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  766.016573][T19760] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  766.135418][T19760] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  766.147375][T19770] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap1
[  766.149329][T19770] batman_adv: batadv0: Adding interface: gretap1
[  766.149345][T19770] batman_adv: batadv0: The MTU of interface gretap1 is too small (1462) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  766.149368][T19770] batman_adv: batadv0: Not using interface gretap1 (retrying later): interface not active
[  766.237801][T19760] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  766.351402][T19760] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  766.357145][T19760] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  766.363427][T19760] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  766.371323][T19760] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  766.818128][T19795] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3845'.
[  767.346114][T19800] IPVS: sync thread started: state = MASTER, mcast_ifn = wg1, syncid = 262145, id = 0
[  767.432668][T19805] lo speed is unknown, defaulting to 1000
[  767.591599][T19803] /dev/nullb0: Can't open blockdev
[  768.324536][T19829] nbd1: detected capacity change from 0 to 12
[  768.343124][T16533] block nbd1: Send control failed (result -89)
[  768.345203][T16533] block nbd1: Request send failed, requeueing
[  768.351075][T15718] block nbd1: Receive control failed (result -32)
[  768.355185][   T71] block nbd1: Dead connection, failed to find a fallback
[  768.357199][   T71] block nbd1: shutting down sockets
[  768.359455][   T71] blk_print_req_error: 92 callbacks suppressed
[  768.359464][   T71] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  768.365644][   T71] buffer_io_error: 62 callbacks suppressed
[  768.365656][   T71] Buffer I/O error on dev nbd1, logical block 0, async page read
[  768.373943][T16533] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  768.378851][T16533] Buffer I/O error on dev nbd1, logical block 0, async page read
[  768.387157][T16533] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  768.398001][T16533] Buffer I/O error on dev nbd1, logical block 0, async page read
[  768.400962][T16533] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  768.403892][T16533] Buffer I/O error on dev nbd1, logical block 0, async page read
[  768.406159][T16533] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  768.410330][T16533] Buffer I/O error on dev nbd1, logical block 0, async page read
[  768.413017][T16533] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  768.416492][T16533] Buffer I/O error on dev nbd1, logical block 0, async page read
[  768.419211][T16533] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  768.422423][T16533] Buffer I/O error on dev nbd1, logical block 0, async page read
[  768.425206][T16533] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  768.428508][T16533] Buffer I/O error on dev nbd1, logical block 0, async page read
[  768.431335][T16533] ldm_validate_partition_table(): Disk read failed.
[  768.433701][T16533] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  768.436665][T16533] Buffer I/O error on dev nbd1, logical block 0, async page read
[  768.439776][T16533] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  768.442879][T16533] Buffer I/O error on dev nbd1, logical block 0, async page read
[  768.445723][T16533] Dev nbd1: unable to read RDB block 0
[  768.448044][T16533]  nbd1: unable to read partition table
[  768.450225][T16533] nbd1: partition table beyond EOD, truncated
[  768.457107][T16533] ldm_validate_partition_table(): Disk read failed.
[  768.459916][T16533] Dev nbd1: unable to read RDB block 0
[  768.462049][T16533]  nbd1: unable to read partition table
[  768.464090][T16533] nbd1: partition table beyond EOD, truncated
[  768.489422][T19828] cgroup: none used incorrectly
[  769.504620][T19858] netlink: 'syz.4.3862': attribute type 1 has an invalid length.
[  770.183276][T19869] lo speed is unknown, defaulting to 1000
[  770.211850][ T5984] usb 8-1: new high-speed USB device number 22 using dummy_hcd
[  770.388082][ T5984] usb 8-1: Using ep0 maxpacket: 32
[  770.391752][ T5984] usb 8-1: config 0 has an invalid interface number: 67 but max is 0
[  770.403123][ T5984] usb 8-1: config 0 has no interface number 0
[  770.415992][ T5984] usb 8-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  770.436356][ T5984] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  770.454829][ T5984] usb 8-1: Product: syz
[  770.460581][ T5984] usb 8-1: Manufacturer: syz
[  770.465118][ T5984] usb 8-1: SerialNumber: syz
[  770.490533][ T5984] usb 8-1: config 0 descriptor??
[  770.503234][ T5984] smsc95xx v2.0.0
[  770.507051][ T5984] smsc95xx 8-1:0.67 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22
[  770.527706][ T5984] smsc95xx 8-1:0.67: probe with driver smsc95xx failed with error -22
[  771.048992][T15718] Bluetooth: unknown link type 108
[  771.051314][T15718] Bluetooth: hci0: connection err: -111
[  772.217691][ T5984] usb 8-1: USB disconnect, device number 22
[  772.433177][T19909] overlayfs: missing 'lowerdir'
[  772.488988][T19909] netlink: 40 bytes leftover after parsing attributes in process `syz.3.3877'.
[  772.518101][   T35] usb 9-1: new high-speed USB device number 9 using dummy_hcd
[  772.668075][   T35] usb 9-1: Using ep0 maxpacket: 8
[  772.671122][   T35] usb 9-1: config 168 descriptor has 1 excess byte, ignoring
[  772.673297][   T35] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  772.676398][   T35] usb 9-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  772.680440][   T35] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  772.683565][   T35] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  772.687406][   T35] usb 9-1: config 168 descriptor has 1 excess byte, ignoring
[  772.689942][   T35] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  772.693218][   T35] usb 9-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  772.696442][   T35] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  772.700282][   T35] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  772.704336][   T35] usb 9-1: config 168 descriptor has 1 excess byte, ignoring
[  772.706448][   T35] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  772.709926][   T35] usb 9-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  772.713228][   T35] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  772.716392][   T35] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  772.999442][   T35] usb 9-1: string descriptor 0 read error: -22
[  773.001320][   T35] usb 9-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  773.003845][   T35] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  773.010809][   T35] adutux 9-1:168.0: ADU100  now attached to /dev/usb/adutux0
[  773.217085][T19920] netlink: 'syz.0.3879': attribute type 1 has an invalid length.
[  773.348800][ T5984] usb 8-1: new high-speed USB device number 23 using dummy_hcd
[  773.507989][ T5984] usb 8-1: Using ep0 maxpacket: 32
[  773.513191][ T5984] usb 8-1: config 0 has an invalid interface number: 67 but max is 0
[  773.517491][ T5984] usb 8-1: config 0 has no interface number 0
[  773.536525][ T5984] usb 8-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  773.560350][ T5984] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  773.577389][ T5984] usb 8-1: Product: syz
[  773.589225][ T5984] usb 8-1: Manufacturer: syz
[  773.601436][ T5984] usb 8-1: SerialNumber: syz
[  773.632840][ T5984] usb 8-1: config 0 descriptor??
[  773.638918][ T5984] smsc95xx v2.0.0
[  773.643645][ T5984] smsc95xx 8-1:0.67 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22
[  773.649266][ T5984] smsc95xx 8-1:0.67: probe with driver smsc95xx failed with error -22
[  773.678081][   T35] usb 6-1: new high-speed USB device number 23 using dummy_hcd
[  773.829780][   T35] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  773.834091][   T35] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  773.845614][   T35] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  773.859549][   T35] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  773.865769][   T35] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  773.879375][   T35] usb 6-1: config 0 descriptor??
[  774.288543][   T35] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x0
[  774.291323][   T35] plantronics 0003:047F:FFFF.0007: No inputs registered, leaving
[  774.317719][   T35] plantronics 0003:047F:FFFF.0007: hiddev1,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0
[  774.500747][ T6436] usb 6-1: USB disconnect, device number 23
[  774.716636][    C1] dccp_invalid_packet: P.type (REQUEST) not Data || [Data]Ack, while P.X == 0
[  774.720500][    C1] dccp_invalid_packet: P.type (REQUEST) not Data || [Data]Ack, while P.X == 0
[  774.724098][    C1] dccp_invalid_packet: P.type (REQUEST) not Data || [Data]Ack, while P.X == 0
[  774.727604][    C1] dccp_invalid_packet: P.type (REQUEST) not Data || [Data]Ack, while P.X == 0
[  774.731286][    C1] dccp_invalid_packet: P.type (REQUEST) not Data || [Data]Ack, while P.X == 0
[  774.734856][    C1] dccp_invalid_packet: P.type (REQUEST) not Data || [Data]Ack, while P.X == 0
[  774.738488][    C1] dccp_invalid_packet: P.type (REQUEST) not Data || [Data]Ack, while P.X == 0
[  774.741977][    C1] dccp_invalid_packet: P.type (REQUEST) not Data || [Data]Ack, while P.X == 0
[  774.745515][    C1] dccp_invalid_packet: P.type (REQUEST) not Data || [Data]Ack, while P.X == 0
[  774.749096][    C1] dccp_invalid_packet: P.type (REQUEST) not Data || [Data]Ack, while P.X == 0
[  775.059602][T19945] netlink: 6 bytes leftover after parsing attributes in process `syz.1.3884'.
[  775.319021][   T35] usb 9-1: USB disconnect, device number 9
[  775.604751][ T5984] usb 8-1: USB disconnect, device number 23
[  776.104158][T19971] 9pnet_fd: Insufficient options for proto=fd
[  776.106728][T19971] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3888'.
[  777.752419][T20002] FAULT_INJECTION: forcing a failure.
[  777.752419][T20002] name failslab, interval 1, probability 0, space 0, times 0
[  777.757821][T20002] CPU: 3 UID: 0 PID: 20002 Comm: syz.3.3900 Not tainted 6.14.0-rc3-syzkaller #0
[  777.757837][T20002] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  777.757844][T20002] Call Trace:
[  777.757874][T20002]  <TASK>
[  777.757879][T20002]  dump_stack_lvl+0x16c/0x1f0
[  777.757927][T20002]  should_fail_ex+0x50a/0x650
[  777.757967][T20002]  ? fs_reclaim_acquire+0xae/0x150
[  777.758017][T20002]  should_failslab+0xc2/0x120
[  777.758049][T20002]  kmem_cache_alloc_noprof+0x6e/0x3d0
[  777.758067][T20002]  ? alloc_empty_file+0x73/0x1e0
[  777.758098][T20002]  alloc_empty_file+0x73/0x1e0
[  777.758110][T20002]  path_openat+0xe1/0x2d80
[  777.758125][T20002]  ? hlock_class+0x4e/0x130
[  777.758160][T20002]  ? __lock_acquire+0x15a9/0x3c40
[  777.758185][T20002]  ? __pfx_path_openat+0x10/0x10
[  777.758200][T20002]  ? __pfx___lock_acquire+0x10/0x10
[  777.758216][T20002]  do_filp_open+0x20c/0x470
[  777.758230][T20002]  ? __pfx_do_filp_open+0x10/0x10
[  777.758244][T20002]  ? find_held_lock+0x2d/0x110
[  777.758263][T20002]  ? _raw_spin_unlock+0x28/0x50
[  777.758291][T20002]  ? alloc_fd+0x41f/0x760
[  777.758330][T20002]  io_openat2+0x207/0x850
[  777.758375][T20002]  ? __pfx_io_openat2+0x10/0x10
[  777.758398][T20002]  ? getname_flags.part.0+0x1c5/0x550
[  777.758416][T20002]  io_issue_sqe+0x4ed/0x1300
[  777.758435][T20002]  io_submit_sqes+0x95a/0x25c0
[  777.758452][T20002]  __do_sys_io_uring_enter+0xd60/0x1670
[  777.758465][T20002]  ? __fget_files+0x206/0x3a0
[  777.758478][T20002]  ? __pfx___do_sys_io_uring_enter+0x10/0x10
[  777.758490][T20002]  ? fput+0x67/0x440
[  777.758502][T20002]  ? ksys_write+0x1ba/0x250
[  777.758522][T20002]  ? __pfx_ksys_write+0x10/0x10
[  777.758549][T20002]  __do_fast_syscall_32+0x73/0x120
[  777.758569][T20002]  do_fast_syscall_32+0x32/0x80
[  777.758581][T20002]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  777.758599][T20002] RIP: 0023:0xf7fd2579
[  777.758608][T20002] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  777.758618][T20002] RSP: 002b:00000000f50f655c EFLAGS: 00000296 ORIG_RAX: 00000000000001aa
[  777.758648][T20002] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000003516
[  777.758654][T20002] RDX: 0000000000000004 RSI: 0000000000000000 RDI: 0000000000000000
[  777.758660][T20002] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  777.758666][T20002] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  777.758671][T20002] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  777.758683][T20002]  </TASK>
[  778.093365][T20011] lo speed is unknown, defaulting to 1000
[  778.778075][   T56] usb 6-1: new high-speed USB device number 24 using dummy_hcd
[  779.168116][   T56] usb 6-1: Using ep0 maxpacket: 32
[  779.171138][   T56] usb 6-1: config 0 has an invalid interface number: 67 but max is 0
[  779.173432][   T56] usb 6-1: config 0 has no interface number 0
[  779.176863][   T56] usb 6-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  779.179513][   T56] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  779.181753][   T56] usb 6-1: Product: syz
[  779.182939][   T56] usb 6-1: Manufacturer: syz
[  779.184260][   T56] usb 6-1: SerialNumber: syz
[  779.194104][   T56] usb 6-1: config 0 descriptor??
[  779.197858][   T56] smsc95xx v2.0.0
[  779.199031][   T56] smsc95xx 6-1:0.67 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22
[  779.201965][   T56] smsc95xx 6-1:0.67: probe with driver smsc95xx failed with error -22
[  779.258951][T20025] 9pnet_fd: Insufficient options for proto=fd
[  780.088122][T14407] usb 5-1: new high-speed USB device number 31 using dummy_hcd
[  780.238021][T14407] usb 5-1: Using ep0 maxpacket: 8
[  780.242967][T14407] usb 5-1: config index 0 descriptor too short (expected 5924, got 36)
[  780.245456][T14407] usb 5-1: config 250 has an invalid interface number: 228 but max is -1
[  780.248105][T14407] usb 5-1: config 250 has 1 interface, different from the descriptor's value: 0
[  780.250697][T14407] usb 5-1: config 250 has no interface number 0
[  780.252553][T14407] usb 5-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024
[  780.255887][T14407] usb 5-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024
[  780.259116][T14407] usb 5-1: config 250 interface 228 altsetting 255 bulk endpoint 0x82 has invalid maxpacket 185
[  780.263190][T14407] usb 5-1: config 250 interface 228 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 17
[  780.267739][T14407] usb 5-1: config 250 interface 228 has no altsetting 0
[  780.271089][T14407] usb 5-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07
[  780.274524][T14407] usb 5-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59
[  780.277549][T14407] usb 5-1: Product: syz
[  780.279288][T14407] usb 5-1: SerialNumber: syz
[  780.284341][T14407] hub 5-1:250.228: bad descriptor, ignoring hub
[  780.286583][T14407] hub 5-1:250.228: probe with driver hub failed with error -5
[  780.486933][T14407] usblp 5-1:250.228: usblp0: USB Bidirectional printer dev 31 if 228 alt 255 proto 3 vid 0x0525 pid 0xD292
[  780.782691][    C3] usblp0: nonzero read bulk status received: -71
[  780.889917][ T3220] usb 6-1: USB disconnect, device number 24
[  780.969933][   T35] usb 5-1: USB disconnect, device number 31
[  780.976275][   T35] usblp0: removed
[  781.381658][T20070] fuse: Unknown parameter 'r½'
[  781.557652][T20079] netlink: 'syz.4.3922': attribute type 4 has an invalid length.
[  781.867302][T20086] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3923'.
[  782.111987][T20090] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3924'.
[  782.293188][T20090] lo speed is unknown, defaulting to 1000
[  782.888148][   T56] usb 6-1: new high-speed USB device number 25 using dummy_hcd
[  783.138320][   T56] usb 6-1: Using ep0 maxpacket: 32
[  783.143819][   T56] usb 6-1: config 0 has an invalid interface number: 67 but max is 0
[  783.150207][   T56] usb 6-1: config 0 has no interface number 0
[  783.156807][   T56] usb 6-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  783.165070][   T56] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  783.171646][   T56] usb 6-1: Product: syz
[  783.175513][   T56] usb 6-1: Manufacturer: syz
[  783.178411][   T56] usb 6-1: SerialNumber: syz
[  783.184434][   T56] usb 6-1: config 0 descriptor??
[  783.191580][   T56] smsc95xx v2.0.0
[  783.196381][   T56] smsc95xx 6-1:0.67 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22
[  783.203610][   T56] smsc95xx 6-1:0.67: probe with driver smsc95xx failed with error -22
[  783.709710][T20123] netlink: 'syz.3.3931': attribute type 1 has an invalid length.
[  784.138078][ T3220] usb 5-1: new high-speed USB device number 32 using dummy_hcd
[  784.186631][T20139] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3935'.
[  784.318059][ T3220] usb 5-1: Using ep0 maxpacket: 32
[  784.326755][ T3220] usb 5-1: config 0 has an invalid interface number: 67 but max is 0
[  784.331041][ T3220] usb 5-1: config 0 has no interface number 0
[  784.346901][ T3220] usb 5-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  784.350211][ T3220] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  784.352677][ T3220] usb 5-1: Product: syz
[  784.354058][ T3220] usb 5-1: Manufacturer: syz
[  784.355558][ T3220] usb 5-1: SerialNumber: syz
[  784.369532][ T3220] usb 5-1: config 0 descriptor??
[  784.378985][ T3220] smsc95xx v2.0.0
[  784.380568][ T3220] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22
[  784.388645][ T3220] smsc95xx 5-1:0.67: probe with driver smsc95xx failed with error -22
[  785.335756][ T3220] usb 6-1: USB disconnect, device number 25
[  785.604196][T20158] netlink: 'syz.1.3940': attribute type 1 has an invalid length.
[  785.800421][T20169] FAULT_INJECTION: forcing a failure.
[  785.800421][T20169] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  785.806391][T20169] CPU: 2 UID: 0 PID: 20169 Comm: syz.4.3945 Not tainted 6.14.0-rc3-syzkaller #0
[  785.806410][T20169] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  785.806420][T20169] Call Trace:
[  785.806426][T20169]  <TASK>
[  785.806448][T20169]  dump_stack_lvl+0x16c/0x1f0
[  785.806478][T20169]  should_fail_ex+0x50a/0x650
[  785.806501][T20169]  ? __pfx___might_resched+0x10/0x10
[  785.806561][T20169]  should_fail_alloc_page+0xe7/0x130
[  785.806578][T20169]  prepare_alloc_pages.constprop.0+0x16f/0x560
[  785.806600][T20169]  __alloc_frozen_pages_noprof+0x18e/0x2470
[  785.806625][T20169]  ? __pfx_mark_lock+0x10/0x10
[  785.806646][T20169]  ? lock_acquire.part.0+0x11b/0x380
[  785.806671][T20169]  ? hlock_class+0x4e/0x130
[  785.806687][T20169]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  785.806709][T20169]  ? __pfx_mark_lock+0x10/0x10
[  785.806740][T20169]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  785.806787][T20169]  ? policy_nodemask+0xea/0x4e0
[  785.806812][T20169]  alloc_pages_mpol+0x1fc/0x540
[  785.806837][T20169]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  785.806868][T20169]  ? find_held_lock+0x2d/0x110
[  785.806888][T20169]  folio_alloc_mpol_noprof+0x36/0x2f0
[  785.806907][T20169]  shmem_alloc_folio+0x135/0x160
[  785.806965][T20169]  shmem_alloc_and_add_folio+0x48e/0xc10
[  785.806987][T20169]  ? shmem_huge_global_enabled+0x72/0x6b0
[  785.807002][T20169]  ? __pfx_shmem_alloc_and_add_folio+0x10/0x10
[  785.807022][T20169]  ? shmem_allowable_huge_orders+0xd0/0x410
[  785.807045][T20169]  shmem_get_folio_gfp+0x689/0x1530
[  785.807064][T20169]  ? __pfx_shmem_get_folio_gfp+0x10/0x10
[  785.807087][T20169]  shmem_fault+0x200/0xae0
[  785.807104][T20169]  ? hlock_class+0x4e/0x130
[  785.807120][T20169]  ? __pfx_shmem_fault+0x10/0x10
[  785.807143][T20169]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  785.807165][T20169]  ? rcu_is_watching+0x12/0xc0
[  785.807180][T20169]  ? __pfx_filemap_map_pages+0x10/0x10
[  785.807226][T20169]  __do_fault+0x10a/0x490
[  785.807245][T20169]  ? __pfx_filemap_map_pages+0x10/0x10
[  785.807262][T20169]  do_pte_missing+0x1a8/0x3e10
[  785.807290][T20169]  __handle_mm_fault+0x1166/0x2c60
[  785.807318][T20169]  ? __pfx___handle_mm_fault+0x10/0x10
[  785.807338][T20169]  ? follow_page_pte+0x3ac/0x1490
[  785.807360][T20169]  ? __pfx_lock_release+0x10/0x10
[  785.807396][T20169]  handle_mm_fault+0x3fa/0xaa0
[  785.807420][T20169]  __get_user_pages+0x773/0x36f0
[  785.807449][T20169]  ? __pfx___get_user_pages+0x10/0x10
[  785.807469][T20169]  ? __pfx_down_read_killable+0x10/0x10
[  785.807492][T20169]  ? rcu_is_watching+0x12/0xc0
[  785.807507][T20169]  __gup_longterm_locked+0x212/0x1870
[  785.807536][T20169]  ? __pfx___gup_longterm_locked+0x10/0x10
[  785.807557][T20169]  ? gup_fast_fallback+0x1218/0x2690
[  785.807577][T20169]  ? __pfx_lock_release+0x10/0x10
[  785.807593][T20169]  ? trace_lock_acquire+0x14e/0x1f0
[  785.807609][T20169]  ? kasan_save_stack+0x33/0x60
[  785.807630][T20169]  ? __kasan_kmalloc+0xaa/0xb0
[  785.807651][T20169]  ? sanity_check_pinned_pages+0x23/0x11e0
[  785.807675][T20169]  gup_fast_fallback+0x1802/0x2690
[  785.807711][T20169]  ? __pfx_gup_fast_fallback+0x10/0x10
[  785.807743][T20169]  pin_user_pages_fast+0xa8/0x100
[  785.807761][T20169]  ? __pfx_pin_user_pages_fast+0x10/0x10
[  785.807780][T20169]  ? __kmalloc_noprof+0x23b/0x510
[  785.807803][T20169]  ? __might_fault+0x51/0x190
[  785.807822][T20169]  rds_info_getsockopt+0x39a/0x4f0
[  785.807872][T20169]  ? __might_fault+0x13b/0x190
[  785.807888][T20169]  ? __pfx_rds_info_getsockopt+0x10/0x10
[  785.807904][T20169]  ? trace_lock_acquire+0x14e/0x1f0
[  785.807924][T20169]  ? lock_acquire+0x2f/0xb0
[  785.807942][T20169]  ? __might_fault+0xe3/0x190
[  785.807953][T20169]  ? __might_fault+0xe3/0x190
[  785.807971][T20169]  rds_getsockopt+0x173/0x2d0
[  785.807994][T20169]  ? __pfx_rds_getsockopt+0x10/0x10
[  785.808017][T20169]  do_sock_getsockopt+0x3fe/0x800
[  785.808057][T20169]  ? __pfx_do_sock_getsockopt+0x10/0x10
[  785.808072][T20169]  ? lock_acquire+0x2f/0xb0
[  785.808090][T20169]  ? __fget_files+0x40/0x3a0
[  785.808116][T20169]  ? __fget_files+0x206/0x3a0
[  785.808137][T20169]  __sys_getsockopt+0x12f/0x260
[  785.808163][T20169]  __ia32_sys_getsockopt+0xbc/0x160
[  785.808182][T20169]  ? syscall_trace_enter+0xf0/0x260
[  785.808231][T20169]  __do_fast_syscall_32+0x73/0x120
[  785.808250][T20169]  do_fast_syscall_32+0x32/0x80
[  785.808267][T20169]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  785.808291][T20169] RIP: 0023:0xf749e579
[  785.808304][T20169] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  785.808319][T20169] RSP: 002b:00000000f512655c EFLAGS: 00000296 ORIG_RAX: 000000000000016d
[  785.808334][T20169] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000000114
[  785.808344][T20169] RDX: 0000000000002710 RSI: 0000000080c35fff RDI: 0000000080000000
[  785.808351][T20169] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  785.808357][T20169] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  785.808366][T20169] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  785.808387][T20169]  </TASK>
[  786.104993][   T56] usb 5-1: USB disconnect, device number 32
[  786.112567][T20172] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3946'.
[  786.668799][T20193] netlink: 'syz.4.3952': attribute type 1 has an invalid length.
[  786.738667][T20200] netlink: 'syz.0.3955': attribute type 10 has an invalid length.
[  786.745896][T20200] team0: Device ipvlan1 failed to register rx_handler
[  787.218997][T20214] lo speed is unknown, defaulting to 1000
[  787.224344][T20214] lo speed is unknown, defaulting to 1000
[  787.229108][T20214] lo speed is unknown, defaulting to 1000
[  787.273975][T20214] infiniband s
z1: set active
[  787.276867][ T6040] lo speed is unknown, defaulting to 1000
[  787.279091][T20214] infiniband s
z1: added lo
[  787.325802][T20214] RDS/IB: s
z1: added
[  787.327176][T20214] smc: adding ib device s
z1 with port count 1
[  787.329743][T20214] smc:    ib device s
z1 port 1 has pnetid 
[  787.331699][   T35] lo speed is unknown, defaulting to 1000
[  787.346153][T20214] lo speed is unknown, defaulting to 1000
[  787.406272][T20214] lo speed is unknown, defaulting to 1000
[  787.408834][T20216] »»»»»»: renamed from lo (while UP)
[  787.491399][T20214] »»»»»» speed is unknown, defaulting to 1000
[  787.597657][T20214] »»»»»» speed is unknown, defaulting to 1000
[  787.675500][T20210] »»»»»» speed is unknown, defaulting to 1000
[  787.678098][T20210] »»»»»» speed is unknown, defaulting to 1000
[  787.680768][T20210] »»»»»» speed is unknown, defaulting to 1000
[  787.687881][T20210] infiniband syú2: RDMA CMA: cma_listen_on_dev, error -98
[  787.691029][   T56] usb 5-1: new high-speed USB device number 33 using dummy_hcd
[  787.698920][T20210] »»»»»» speed is unknown, defaulting to 1000
[  787.702022][T20210] »»»»»» speed is unknown, defaulting to 1000
[  787.705433][T20210] »»»»»» speed is unknown, defaulting to 1000
[  787.708379][T20210] »»»»»» speed is unknown, defaulting to 1000
[  787.828762][ T6436] usb 6-1: new high-speed USB device number 26 using dummy_hcd
[  787.878109][   T56] usb 5-1: Using ep0 maxpacket: 32
[  787.881077][   T56] usb 5-1: config 0 has an invalid interface number: 67 but max is 0
[  787.883322][   T56] usb 5-1: config 0 has no interface number 0
[  787.886661][   T56] usb 5-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  787.889907][   T56] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  787.892228][   T56] usb 5-1: Product: syz
[  787.893448][   T56] usb 5-1: Manufacturer: syz
[  787.894764][   T56] usb 5-1: SerialNumber: syz
[  787.900814][   T56] usb 5-1: config 0 descriptor??
[  787.903353][   T56] smsc95xx v2.0.0
[  787.904422][   T56] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22
[  787.907256][   T56] smsc95xx 5-1:0.67: probe with driver smsc95xx failed with error -22
[  787.928573][T20224] bridge0: port 2(bridge_slave_1) entered disabled state
[  787.978066][ T6436] usb 6-1: Using ep0 maxpacket: 8
[  787.979753][   T39] kauditd_printk_skb: 13 callbacks suppressed
[  787.979909][   T39] audit: type=1326 audit(1739814177.092:93): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20226 comm="syz.4.3963" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf749e579 code=0x7ffc0000
[  787.988633][ T6436] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  787.991652][ T6436] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  787.992240][   T39] audit: type=1326 audit(1739814177.092:94): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20226 comm="syz.4.3963" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf749e579 code=0x7ffc0000
[  787.994433][ T6436] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  788.000566][   T39] audit: type=1326 audit(1739814177.102:95): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20226 comm="syz.4.3963" exe="/syz-executor" sig=0 arch=40000003 syscall=274 compat=1 ip=0xf749e579 code=0x7ffc0000
[  788.003274][ T6436] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  788.009518][   T39] audit: type=1326 audit(1739814177.102:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20226 comm="syz.4.3963" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf749e579 code=0x7ffc0000
[  788.013168][ T6436] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  788.019945][   T39] audit: type=1326 audit(1739814177.102:97): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20226 comm="syz.4.3963" exe="/syz-executor" sig=0 arch=40000003 syscall=450 compat=1 ip=0xf749e579 code=0x7ffc0000
[  788.021372][ T6436] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  788.027484][   T39] audit: type=1326 audit(1739814177.102:98): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20226 comm="syz.4.3963" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf749e579 code=0x7ffc0000
[  788.036172][   T39] audit: type=1326 audit(1739814177.102:99): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20226 comm="syz.4.3963" exe="/syz-executor" sig=0 arch=40000003 syscall=12 compat=1 ip=0xf749e579 code=0x7ffc0000
[  788.042290][   T39] audit: type=1326 audit(1739814177.102:100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20226 comm="syz.4.3963" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf749e579 code=0x7ffc0000
[  788.048435][   T39] audit: type=1326 audit(1739814177.102:101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20226 comm="syz.4.3963" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf749e579 code=0x7ffc0000
[  788.054399][   T39] audit: type=1326 audit(1739814177.102:102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20226 comm="syz.4.3963" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf749e579 code=0x7ffc0000
[  788.240789][ T6436] usb 6-1: usb_control_msg returned -32
[  788.242439][ T6436] usbtmc 6-1:16.0: can't read capabilities
[  788.606991][   T56] usb 6-1: USB disconnect, device number 26
[  788.845766][T20237] netlink: 'syz.1.3966': attribute type 1 has an invalid length.
[  788.941221][T20241] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3968'.
[  788.945783][T20241] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3968'.
[  788.972982][T20241] netlink: 'syz.1.3968': attribute type 1 has an invalid length.
[  790.408887][T20251] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3971'.
[  790.418464][   T56] usb 5-1: USB disconnect, device number 33
[  790.524241][T20260] fuse: Unknown parameter 'fdå'
[  790.715828][T15718] Bluetooth: hci4: unexpected cc 0x1001 length: 8 < 9
[  790.725720][T15718] Bluetooth: hci4: unexpected event for opcode 0x1001
[  791.494319][T20267] ceph: No mds server is up or the cluster is laggy
[  792.268038][ T6025] usb 8-1: new high-speed USB device number 24 using dummy_hcd
[  792.428218][ T6025] usb 8-1: Using ep0 maxpacket: 32
[  792.436864][ T6025] usb 8-1: config 0 has an invalid interface number: 67 but max is 0
[  792.446211][ T6025] usb 8-1: config 0 has no interface number 0
[  792.452943][ T6025] usb 8-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  792.455468][ T6025] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  792.460894][ T6025] usb 8-1: Product: syz
[  792.462792][ T6025] usb 8-1: Manufacturer: syz
[  792.468292][ T6025] usb 8-1: SerialNumber: syz
[  792.477676][ T6025] usb 8-1: config 0 descriptor??
[  792.480483][ T6025] smsc95xx v2.0.0
[  792.488093][ T6025] smsc95xx 8-1:0.67 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22
[  792.503778][ T6025] smsc95xx 8-1:0.67: probe with driver smsc95xx failed with error -22
[  793.488096][   T56] usb 5-1: new high-speed USB device number 34 using dummy_hcd
[  793.668161][   T56] usb 5-1: Using ep0 maxpacket: 32
[  793.676387][   T56] usb 5-1: config 0 has an invalid interface number: 67 but max is 0
[  793.680569][   T56] usb 5-1: config 0 has no interface number 0
[  793.684872][   T56] usb 5-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  793.692124][   T56] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  793.695014][   T56] usb 5-1: Product: syz
[  793.696200][   T56] usb 5-1: Manufacturer: syz
[  793.697535][   T56] usb 5-1: SerialNumber: syz
[  793.700164][   T56] usb 5-1: config 0 descriptor??
[  793.702831][   T56] smsc95xx v2.0.0
[  793.704085][   T56] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22
[  793.707103][   T56] smsc95xx 5-1:0.67: probe with driver smsc95xx failed with error -22
[  793.882550][T20315] syz.1.3986: attempt to access beyond end of device
[  793.882550][T20315] nbd1: rw=0, sector=64, nr_sectors = 2 limit=0
[  793.889232][T20315] syz.1.3986: attempt to access beyond end of device
[  793.889232][T20315] nbd1: rw=0, sector=512, nr_sectors = 2 limit=0
[  793.893030][T20315] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256
[  793.895790][T20315] syz.1.3986: attempt to access beyond end of device
[  793.895790][T20315] nbd1: rw=0, sector=1024, nr_sectors = 2 limit=0
[  793.899809][T20315] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512
[  793.902787][T20315] syz.1.3986: attempt to access beyond end of device
[  793.902787][T20315] nbd1: rw=0, sector=64, nr_sectors = 4 limit=0
[  793.906979][T20315] syz.1.3986: attempt to access beyond end of device
[  793.906979][T20315] nbd1: rw=0, sector=1024, nr_sectors = 4 limit=0
[  793.910776][T20315] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256
[  793.913526][T20315] syz.1.3986: attempt to access beyond end of device
[  793.913526][T20315] nbd1: rw=0, sector=2048, nr_sectors = 4 limit=0
[  793.917193][T20315] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512
[  793.920227][T20315] syz.1.3986: attempt to access beyond end of device
[  793.920227][T20315] nbd1: rw=0, sector=64, nr_sectors = 8 limit=0
[  793.923862][T20315] syz.1.3986: attempt to access beyond end of device
[  793.923862][T20315] nbd1: rw=0, sector=2048, nr_sectors = 8 limit=0
[  793.927508][T20315] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256
[  793.930482][T20315] syz.1.3986: attempt to access beyond end of device
[  793.930482][T20315] nbd1: rw=0, sector=4096, nr_sectors = 8 limit=0
[  793.934409][T20315] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512
[  793.937081][T20315] UDF-fs: warning (device nbd1): udf_fill_super: No partition found (1)
[  794.717894][ T5984] usb 8-1: USB disconnect, device number 24
[  794.934059][T20330] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3991'.
[  794.955532][T20334] lo speed is unknown, defaulting to 1000
[  794.959977][T20334] »»»»»» speed is unknown, defaulting to 1000
[  795.026420][T20334] »»»»»» speed is unknown, defaulting to 1000
[  795.148591][T20344] FAULT_INJECTION: forcing a failure.
[  795.148591][T20344] name failslab, interval 1, probability 0, space 0, times 0
[  795.153624][T20344] CPU: 0 UID: 0 PID: 20344 Comm: syz.1.3992 Not tainted 6.14.0-rc3-syzkaller #0
[  795.153659][T20344] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  795.153670][T20344] Call Trace:
[  795.153677][T20344]  <TASK>
[  795.153684][T20344]  dump_stack_lvl+0x16c/0x1f0
[  795.153711][T20344]  should_fail_ex+0x50a/0x650
[  795.153738][T20344]  ? fs_reclaim_acquire+0xae/0x150
[  795.153762][T20344]  ? tomoyo_encode2+0x100/0x3e0
[  795.153825][T20344]  should_failslab+0xc2/0x120
[  795.153843][T20344]  __kmalloc_noprof+0xcb/0x510
[  795.153871][T20344]  ? rcu_is_watching+0x12/0xc0
[  795.153892][T20344]  tomoyo_encode2+0x100/0x3e0
[  795.153918][T20344]  tomoyo_encode+0x29/0x50
[  795.153939][T20344]  tomoyo_realpath_from_path+0x19d/0x720
[  795.153965][T20344]  ? tomoyo_path_number_perm+0x235/0x590
[  795.153987][T20344]  tomoyo_path_number_perm+0x248/0x590
[  795.154005][T20344]  ? tomoyo_path_number_perm+0x235/0x590
[  795.154026][T20344]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  795.154068][T20344]  ? __pfx_lock_release+0x10/0x10
[  795.154092][T20344]  ? trace_lock_acquire+0x14e/0x1f0
[  795.154115][T20344]  ? lock_acquire+0x2f/0xb0
[  795.154136][T20344]  ? __fget_files+0x40/0x3a0
[  795.154163][T20344]  ? __fget_files+0x206/0x3a0
[  795.154190][T20344]  security_file_ioctl_compat+0x9b/0x240
[  795.154246][T20344]  __do_compat_sys_ioctl+0x4e/0x2c0
[  795.154271][T20344]  __do_fast_syscall_32+0x73/0x120
[  795.154294][T20344]  do_fast_syscall_32+0x32/0x80
[  795.154315][T20344]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  795.154343][T20344] RIP: 0023:0xf7f96579
[  795.154356][T20344] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  795.154373][T20344] RSP: 002b:00000000f509555c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  795.154391][T20344] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000c0285700
[  795.154402][T20344] RDX: 0000000080000000 RSI: 0000000000000000 RDI: 0000000000000000
[  795.154412][T20344] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  795.154421][T20344] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  795.154432][T20344] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  795.154455][T20344]  </TASK>
[  795.154810][T20344] ERROR: Out of memory at tomoyo_realpath_from_path.
[  795.350118][T20344] 9pnet: Could not find request transport: fd00000000000000000000010
[  795.653584][   T56] usb 5-1: USB disconnect, device number 34
[  795.956108][T15718] Bluetooth: hci1: SCO packet for unknown connection handle 200
[  796.499929][T20370] FAULT_INJECTION: forcing a failure.
[  796.499929][T20370] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  796.506112][T20370] CPU: 0 UID: 0 PID: 20370 Comm: syz.1.3998 Not tainted 6.14.0-rc3-syzkaller #0
[  796.506125][T20370] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  796.506132][T20370] Call Trace:
[  796.506138][T20370]  <TASK>
[  796.506143][T20370]  dump_stack_lvl+0x16c/0x1f0
[  796.506161][T20370]  should_fail_ex+0x50a/0x650
[  796.506179][T20370]  _copy_from_user+0x2e/0xd0
[  796.506218][T20370]  input_event_from_user+0x22d/0x3b0
[  796.506252][T20370]  ? __pfx_input_event_from_user+0x10/0x10
[  796.506265][T20370]  ? input_inject_event+0x1a0/0x380
[  796.506278][T20370]  evdev_write+0x377/0x750
[  796.506291][T20370]  ? __pfx_evdev_write+0x10/0x10
[  796.506303][T20370]  ? bpf_lsm_file_permission+0x9/0x10
[  796.506319][T20370]  ? security_file_permission+0x71/0x210
[  796.506334][T20370]  ? rw_verify_area+0xcf/0x680
[  796.506347][T20370]  ? __pfx_evdev_write+0x10/0x10
[  796.506357][T20370]  vfs_write+0x24c/0x1150
[  796.506372][T20370]  ? __fget_files+0x1fc/0x3a0
[  796.506387][T20370]  ? __pfx_lock_release+0x10/0x10
[  796.506402][T20370]  ? __pfx_vfs_write+0x10/0x10
[  796.506416][T20370]  ? lock_acquire+0x2f/0xb0
[  796.506430][T20370]  ? __fget_files+0x40/0x3a0
[  796.506445][T20370]  ? __fget_files+0x206/0x3a0
[  796.506463][T20370]  ksys_write+0x207/0x250
[  796.506476][T20370]  ? __pfx_ksys_write+0x10/0x10
[  796.506494][T20370]  __do_fast_syscall_32+0x73/0x120
[  796.506508][T20370]  do_fast_syscall_32+0x32/0x80
[  796.506521][T20370]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  796.506538][T20370] RIP: 0023:0xf7f96579
[  796.506547][T20370] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  796.506562][T20370] RSP: 002b:00000000f50b655c EFLAGS: 00000296 ORIG_RAX: 0000000000000004
[  796.506572][T20370] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000040
[  796.506578][T20370] RDX: 0000000000000918 RSI: 0000000000000000 RDI: 0000000000000000
[  796.506584][T20370] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  796.506590][T20370] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  796.506596][T20370] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  796.506608][T20370]  </TASK>
[  796.665496][T20377] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  796.670055][T20377] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  797.052138][T20384] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4001'.
[  797.393816][T20399] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4007'.
[  798.470490][T20438] netlink: 20 bytes leftover after parsing attributes in process `syz.3.4017'.
[  798.712767][T20443] lo speed is unknown, defaulting to 1000
[  798.726249][T20443] »»»»»» speed is unknown, defaulting to 1000
[  798.830834][T20443] »»»»»» speed is unknown, defaulting to 1000
[  799.332960][T20460] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4021'.
[  799.405096][T20464] sp0: Synchronizing with TNC
[  799.475169][    T8] hid-generic 0008:000F:0005.0008: unknown main item tag 0x0
[  799.477344][    T8] hid-generic 0008:000F:0005.0008: item fetching failed at offset 4/25
[  799.484629][    T8] hid-generic 0008:000F:0005.0008: probe with driver hid-generic failed with error -22
[  799.490502][T20464] [U] è
[  799.605887][T20469] ntfs3(nbd1): try to read out of volume at offset 0x0
[  799.622477][T20469] FAULT_INJECTION: forcing a failure.
[  799.622477][T20469] name failslab, interval 1, probability 0, space 0, times 0
[  799.626062][T20469] CPU: 2 UID: 0 PID: 20469 Comm: syz.1.4026 Not tainted 6.14.0-rc3-syzkaller #0
[  799.626076][T20469] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  799.626084][T20469] Call Trace:
[  799.626088][T20469]  <TASK>
[  799.626093][T20469]  dump_stack_lvl+0x16c/0x1f0
[  799.626110][T20469]  should_fail_ex+0x50a/0x650
[  799.626127][T20469]  ? fs_reclaim_acquire+0xae/0x150
[  799.626141][T20469]  ? pfkey_add+0x2653/0x2eb0
[  799.626185][T20469]  should_failslab+0xc2/0x120
[  799.626197][T20469]  __kmalloc_cache_noprof+0x68/0x410
[  799.626212][T20469]  ? __raw_spin_lock_init+0x3a/0x110
[  799.626231][T20469]  pfkey_add+0x2653/0x2eb0
[  799.626249][T20469]  ? __pfx_pfkey_add+0x10/0x10
[  799.626263][T20469]  ? kfree_skbmem+0x1a4/0x1f0
[  799.626276][T20469]  ? sk_skb_reason_drop+0x136/0x1a0
[  799.626293][T20469]  ? pfkey_broadcast+0x2ab/0x460
[  799.626309][T20469]  ? __pfx_pfkey_add+0x10/0x10
[  799.626323][T20469]  pfkey_process+0x6db/0x840
[  799.626340][T20469]  ? __pfx_pfkey_process+0x10/0x10
[  799.626364][T20469]  ? __virt_addr_valid+0x5e/0x590
[  799.626399][T20469]  ? __phys_addr_symbol+0x30/0x80
[  799.626413][T20469]  pfkey_sendmsg+0x43b/0x840
[  799.626431][T20469]  ____sys_sendmsg+0xaaf/0xc90
[  799.626443][T20469]  ? __pfx_____sys_sendmsg+0x10/0x10
[  799.626453][T20469]  ? get_compat_msghdr+0x11b/0x170
[  799.626471][T20469]  ___sys_sendmsg+0x135/0x1e0
[  799.626486][T20469]  ? __pfx____sys_sendmsg+0x10/0x10
[  799.626506][T20469]  ? trace_lock_acquire+0x14e/0x1f0
[  799.626526][T20469]  __sys_sendmmsg+0x2fa/0x420
[  799.626542][T20469]  ? __pfx___sys_sendmmsg+0x10/0x10
[  799.626561][T20469]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  799.626579][T20469]  ? fput+0x67/0x440
[  799.626590][T20469]  ? ksys_write+0x1ba/0x250
[  799.626603][T20469]  ? __pfx_ksys_write+0x10/0x10
[  799.626619][T20469]  __ia32_compat_sys_sendmmsg+0x9d/0x100
[  799.626630][T20469]  ? syscall_enter_from_user_mode_prepare+0x68/0xe0
[  799.626644][T20469]  __do_fast_syscall_32+0x73/0x120
[  799.626657][T20469]  do_fast_syscall_32+0x32/0x80
[  799.626670][T20469]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  799.626687][T20469] RIP: 0023:0xf7f96579
[  799.626696][T20469] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  799.626706][T20469] RSP: 002b:00000000f50b655c EFLAGS: 00000296 ORIG_RAX: 0000000000000159
[  799.626716][T20469] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 0000000080000180
[  799.626722][T20469] RDX: 000000000400008a RSI: 0000000000000000 RDI: 0000000000000000
[  799.626728][T20469] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  799.626734][T20469] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  799.626740][T20469] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  799.626752][T20469]  </TASK>
[  800.602573][   T43] page: refcount:2 mapcount:0 mapping:0000000000000000 index:0x2bd pfn:0x1223a
[  800.603501][   T79]  slab kmalloc-96
[  800.605165][   T43] flags: 0xfff00000010001(locked|reclaim|node=0|zone=1|lastcpupid=0x7ff)
[  800.605188][   T43] raw: 00fff00000010001 ffffc900006a75a8 ffffc900006a75a8 ffffffff8b7df642
[  800.605198][   T43] raw: 00000000000002bd 0000000000000000 00000002ffffffff 0000000000000000
[  800.605204][   T43] page dumped because: VM_BUG_ON_PAGE(!((__builtin_constant_p(PAGE_CLAIMED) && __builtin_constant_p((uintptr_t)(&page->private) != (uintptr_t)((void *)0)) && (uintptr_t)(&page->private) != (uintptr_t)((void *)0) && __builtin_constant_p(*(const unsigned long *)(&page->private))) ? const_test_bit(PAGE_CLAIMED, &page->private) : _test_bit(PAGE_CLAIMED, &page->private)))
[  800.605220][   T43] page_owner tracks the page as allocated
[  800.606952][   T79]  start ffff8880228c5000
[  800.618843][   T43] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12800(GFP_NOWAIT|__GFP_NORETRY), pid 109, tgid 109 (kswapd0), ts 800076006290, free_ts 800071054023
[  800.624517][   T79]  pointer offset 0 size 96
[  800.627407][   T43]  post_alloc_hook+0x181/0x1b0
[  800.627884][   T79] 
[  800.636246][   T79] list_add corruption. next->prev should be prev (ffffe8ffac439150), but was ffffffff848ad950. (next=ffff8880228c5000).
[  800.638155][   T43]  get_page_from_freelist+0xfce/0x2f80
[  800.640422][   T79] ------------[ cut here ]------------
[  800.642382][   T43]  __alloc_frozen_pages_noprof+0x221/0x2470
[  800.643530][   T79] kernel BUG at lib/list_debug.c:29!
[  800.643583][   T79] Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN NOPTI
[  800.648262][   T43]  alloc_pages_mpol+0x1fc/0x540
[  800.649409][   T79] CPU: 2 UID: 0 PID: 79 Comm: kworker/u32:4 Not tainted 6.14.0-rc3-syzkaller #0
[  800.649425][   T79] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  800.649433][   T79] Workqueue: zswap1 compact_page_work
[  800.652010][   T43]  alloc_pages_noprof+0x131/0x390
[  800.654844][   T79] 
[  800.654851][   T79] RIP: 0010:__list_add_valid_or_report+0xec/0x190
[  800.654870][   T79] Code: 00 00 00 00 00 fc ff df 48 c1 ea 03 80 3c 02 00 0f 85 a5 00 00 00 48 8b 55 08 48 89 e9 48 c7 c7 c0 44 d3 8b e8 b5 ac d1 fc 90 <0f> 0b 48 89 f7 48 89 34 24 e8 b6 33 33 fd 48 8b 34 24 48 b8 00 00
[  800.654880][   T79] RSP: 0018:ffffc9000101fb88 EFLAGS: 00010282
[  800.654889][   T79] RAX: 0000000000000075 RBX: ffff88801223a000 RCX: ffffffff819943d9
[  800.654895][   T79] RDX: 0000000000000000 RSI: ffffffff8199a74e RDI: 0000000000000005
[  800.654902][   T79] RBP: ffff8880228c5000 R08: 0000000000000005 R09: 0000000000000000
[  800.654908][   T79] R10: 0000000000000002 R11: 0000000000000007 R12: ffff88801223a000
[  800.654914][   T79] R13: ffff8880228c5008 R14: ffffea0000488e80 R15: ffff88801223a008
[  800.654920][   T79] FS:  0000000000000000(0000) GS:ffff88802b600000(0000) knlGS:0000000000000000
[  800.654940][   T79] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  800.654949][   T79] CR2: 00000000f3a51000 CR3: 000000004af2e000 CR4: 0000000000352ef0
[  800.654956][   T79] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  800.654962][   T79] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  800.654968][   T79] Call Trace:
[  800.654972][   T79]  <TASK>
[  800.654977][   T79]  ? die+0x31/0x80
[  800.655025][   T79]  ? do_trap+0x232/0x430
[  800.655042][   T79]  ? __list_add_valid_or_report+0xec/0x190
[  800.669313][   T43]  z3fold_zpool_malloc+0x853/0x14f0
[  800.671645][   T79]  ? __list_add_valid_or_report+0xec/0x190
[  800.671670][   T79]  ? do_error_trap+0xf4/0x230
[  800.675089][   T43]  zswap_store+0xfbc/0x26c0
[  800.676290][   T79]  ? __list_add_valid_or_report+0xec/0x190
[  800.676309][   T79]  ? handle_invalid_op+0x34/0x40
[  800.676321][   T79]  ? __list_add_valid_or_report+0xec/0x190
[  800.717038][   T79]  ? exc_invalid_op+0x2e/0x50
[  800.718515][   T79]  ? asm_exc_invalid_op+0x1a/0x20
[  800.719978][   T79]  ? __wake_up_klogd.part.0+0x99/0xf0
[  800.721543][   T79]  ? vprintk_emit+0x39e/0x6f0
[  800.722892][   T79]  ? __list_add_valid_or_report+0xec/0x190
[  800.724809][   T79]  ? __list_add_valid_or_report+0xeb/0x190
[  800.726934][   T79]  do_compact_page+0x10f2/0x27b0
[  800.728654][   T79]  ? lock_acquire+0x2f/0xb0
[  800.730129][   T79]  ? process_one_work+0x921/0x1ba0
[  800.731799][   T79]  process_one_work+0x9c5/0x1ba0
[  800.733536][   T79]  ? __pfx_compact_page_work+0x10/0x10
[  800.735195][   T79]  ? __pfx_process_one_work+0x10/0x10
[  800.736765][   T79]  ? assign_work+0x1a0/0x250
[  800.738411][   T79]  worker_thread+0x6c8/0xf00
[  800.739771][   T79]  ? __kthread_parkme+0x148/0x220
[  800.741448][   T79]  ? __pfx_worker_thread+0x10/0x10
[  800.743380][   T79]  kthread+0x3af/0x750
[  800.744941][   T79]  ? __pfx_kthread+0x10/0x10
[  800.746685][   T79]  ? lock_acquire+0x2f/0xb0
[  800.748426][   T79]  ? __pfx_kthread+0x10/0x10
[  800.750190][   T79]  ret_from_fork+0x45/0x80
[  800.751942][   T79]  ? __pfx_kthread+0x10/0x10
[  800.753722][   T79]  ret_from_fork_asm+0x1a/0x30
[  800.755551][   T79]  </TASK>
[  800.756739][   T79] Modules linked in:
[  800.758826][   T79] ---[ end trace 0000000000000000 ]---
[  800.760750][   T79] RIP: 0010:__list_add_valid_or_report+0xec/0x190
[  800.763100][   T79] Code: 00 00 00 00 00 fc ff df 48 c1 ea 03 80 3c 02 00 0f 85 a5 00 00 00 48 8b 55 08 48 89 e9 48 c7 c7 c0 44 d3 8b e8 b5 ac d1 fc 90 <0f> 0b 48 89 f7 48 89 34 24 e8 b6 33 33 fd 48 8b 34 24 48 b8 00 00
[  800.771324][   T79] RSP: 0018:ffffc9000101fb88 EFLAGS: 00010282
[  800.773668][   T79] RAX: 0000000000000075 RBX: ffff88801223a000 RCX: ffffffff819943d9
[  800.776633][   T79] RDX: 0000000000000000 RSI: ffffffff8199a74e RDI: 0000000000000005
[  800.779786][   T79] RBP: ffff8880228c5000 R08: 0000000000000005 R09: 0000000000000000
[  800.782860][   T79] R10: 0000000000000002 R11: 0000000000000007 R12: ffff88801223a000
[  800.785807][   T79] R13: ffff8880228c5008 R14: ffffea0000488e80 R15: ffff88801223a008
[  800.788951][   T79] FS:  0000000000000000(0000) GS:ffff88802b600000(0000) knlGS:0000000000000000
[  800.792256][   T79] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  800.794766][   T79] CR2: 00000000f3a51000 CR3: 000000004af2e000 CR4: 0000000000352ef0
[  800.797776][   T79] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  800.800748][   T79] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  800.803623][   T79] Kernel panic - not syncing: Fatal exception
[  800.806741][   T79] Kernel Offset: disabled
[  800.808439][   T79] Rebooting in 86400 seconds..

VM DIAGNOSIS:
17:43:09  Registers:
info registers vcpu 0

CPU#0
RAX=0000000001e34934 RBX=0000000000000000 RCX=ffffffff8b550469 RDX=ffffed1005686f86
RSI=ffffffff8bd342c0 RDI=ffffffff81907289 RBP=fffffbfff1bd2ee8 RSP=ffffffff8de07e20
R8 =0000000000000000 R9 =ffffed1005686f85 R10=ffff88802b437c2b R11=0000000000000001
R12=0000000000000000 R13=ffffffff8de97740 R14=ffffffff90627010 R15=0000000000000000
RIP=ffffffff8b55184f RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
GS =0000 ffff88802b400000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000000080800000 CR3=0000000025a08000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=000000000000000e 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000005000000000 0000000100000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
EAX=00005a96 EBX=00000000 ECX=400000b4 EDX=00000000
ESI=00005a96 EDI=00000000 EBP=00000000 ESP=0000dcde
EIP=0000029a EFL=00010086 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 00000000 0000ffff 00009300
CS =0000 00000000 0000ffff 00009b00
SS =0000 00000000 0000ffff 00009300
DS =0000 00000000 0000ffff 00009300
FS =0000 00000000 0000ffff 00009300
GS =0000 00000000 0000ffff 00009300
LDT=0000 00000000 0000ffff 00008200
TR =0000 00000000 0000ffff 00008b00
GDT=     00000000 0000ffff
IDT=     00000000 0000ffff
CR0=00000030 CR2=00000000 CR3=00000000 CR4=00002040
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000000
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 2

CPU#2
RAX=0000000000000000 RBX=0000000000000023 RCX=ffffffff8199a97a RDX=ffff8880200e8000
RSI=ffffffff8199a966 RDI=0000000000000001 RBP=1ffff92000203ed7 RSP=ffffc9000101f6a8
R8 =0000000000000001 R9 =0000000000000000 R10=0000000000000001 R11=6e69203a73706f4f
R12=0000000000000001 R13=0000000000000000 R14=ffff88801d304880 R15=ffffc9000101f770
RIP=ffffffff8199a968 RFL=00000093 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88802b600000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000008f000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000f3a51000 CR3=000000004af2e000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 f700585858585858 2e7a7973f73acff4
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 f700585858585858
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff 0f0e0d0c0b0a0908
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 3

CPU#3
RAX=0000000000000000 RBX=000000000000001f RCX=ffffffff8199a97a RDX=ffff88801d304880
RSI=ffffffff8199a966 RDI=0000000000000001 RBP=1ffff920000d4e38 RSP=ffffc900006a71b0
R8 =0000000000000001 R9 =0000000000000000 R10=0000000000000001 R11=705f636f6c6c6120
R12=0000000000000001 R13=0000000000000200 R14=ffff8880200e8000 R15=ffffc900006a7278
RIP=ffffffff8199a968 RFL=00000093 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
GS =0000 ffff88802b700000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000d6000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000000000000000 CR3=0000000025a86000 CR4=00352ef0
DR0=0000000000000002 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000008
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000018800000000 0000000200000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000