last executing test programs:

2m42.359967112s ago: executing program 3 (id=1376):
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000240)={0x1, @raw_data="a425e2f1a54d24f15842313560608d70566e425a6c36af37b33fac9d31c8a9c7044410d324b03e044e454d2092a62fea8f13441431ce248bfc73a6726ee61ba491d15d8f392ff66fe0b17f0e11f5d2367d5593205ab1efa97d40619a553e7da2518125b850a186ef691daa55c9e50ffaf6ddc25220ded32aeba4524cec1afbd17abba1d15ea05e97ed3dcad452db6e08a991e2c78b057f55de7fdeba7411ce65700c0a1ad7946ff7c355db87566e3e5abb7a37a06731ed19ddfa970bb58a27fd9fa194c092730319"})

2m42.359588034s ago: executing program 3 (id=1377):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x11, 0x3, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xffffff7d, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = socket$pppl2tp(0x18, 0x1, 0x1)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r2, &(0x7f0000000000)={0xa, 0x3, 0x0, @local, 0x3}, 0x1c)
connect$pppl2tp(r1, &(0x7f00000002c0)=@pppol2tpin6={0x18, 0x1, {0x0, r2, 0x8, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @rand_addr=' \x01\x00'}}}, 0x32)
writev(r1, &(0x7f0000000180)=[{0x0}], 0x1)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
fsopen(0x0, 0x0)
pipe(&(0x7f0000000200))
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000003c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r3 = getpid()
sched_setscheduler(r3, 0x1, &(0x7f0000000100)=0x5)
openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
r5 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r7, &(0x7f00000bd000), 0x1a9, 0x0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB, @ANYRESHEX=r5, @ANYBLOB=',wfdno=', @ANYRESHEX=r7])
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x0, 0x0)
r8 = socket$nl_route(0x10, 0x3, 0x0)
r9 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="4c00000010004b0422000000000000007a000000", @ANYRES32=0x0, @ANYBLOB="00000000000000002c0012800b00010062726964676500001c0002800800040000000000"], 0x4c}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), r9)

2m41.479446318s ago: executing program 3 (id=1381):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB="1400000010000100000a2c1b0000050a03000000000000000000020000000c00024000000000000000010900010073797a30000000002c000000030a01020000000000000000020078ab4201569716da7a30000000000900030073797a3200000000a8d97effb6d9cf140000001100013a"], 0x80}}, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000001940), 0x0, 0x0)
ioctl$SCSI_IOCTL_SEND_COMMAND(r1, 0x1, &(0x7f00000000c0)={0x2, 0x0, 0xffffff95})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="4400000010001fff00"/20, @ANYRES32=0x0, @ANYBLOB="81ffffff000000001c0012800b00010067726574617000000c000280080001"], 0x44}}, 0x0)
writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000000c0)="390000001000111867090707a640400f0021ff3f30000000170a00170000000004003700090003", 0x27}], 0x1)
r2 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000002f80)={0x0, 0x55, &(0x7f0000002f40)={&(0x7f0000000080)=@newtaction={0x60, 0x30, 0x0, 0x70bd2b, 0x0, {}, [{0x4c, 0x1, [@m_skbedit={0x48, 0x7, 0x0, 0x0, {{0xc}, {0x1c, 0x2, 0x0, 0x1, [@TCA_SKBEDIT_PARMS={0x18}]}, {0x4}, {0xc}, {0xc, 0x9}}}]}]}, 0x60}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
sendmsg$kcm(r2, &(0x7f0000000000)={0x0, 0xffffff2d, &(0x7f0000000080)=[{&(0x7f0000000040)="c00e02003c000b05d25a806f8c6394f90324fc602f00001550000100053582c137153e370248018086dd1700d1bd", 0x33fe0}], 0x1}, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000900)='stat\x00')
lseek(r3, 0x7, 0x1)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)={0x78, 0x2, 0x6, 0x3, 0x0, 0x0, {0x0, 0x0, 0x7}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_MAXELEM={0x8, 0x13, 0x0}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5, 0x4, 0x1}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:net\x00'}, @IPSET_ATTR_REVISION={0x5, 0x4, 0x3}, @IPSET_ATTR_REVISION={0x5, 0x4, 0x1}, @IPSET_ATTR_TYPENAME={0x16, 0x3, 'hash:net,port,net\x00'}]}, 0x78}, 0x1, 0x0, 0x0, 0x4000}, 0x1)
r4 = syz_clone(0x800, &(0x7f0000000100)="06827d57483197db843786985e4d3164028a5f192db63d43dcd6b7272a0533b7baa68444f2c301a4bce1d462b6aaf14a6cd032eefcbb28f0446f0f", 0x3b, &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="95629b277217f208b2fa9dad0542010c0ae6e5e0ff569a600bf6a49670e8199b478ed005aeb81c02a08c10c3cc78a1df585036f3809a526ea538350e52faf0fcbda63c3a232c2422f6598eeffc50fe7693e5b638ca5c2ca979137a704c14772769fe968fb4e68e6c57a4ee29eca68c1889b8a5192dd93b43218f9434a9c2f572b9154c5989d1bf84ca9a085f4439a2058017dbb03bc556bdb4eadb1c61a416d8faf3d97a215e9fcb94d413cf3e05329556825d56bcec9fcf3db7cac9fbf7be290c8514f1d04b8226f675312caaa32a5cc9e8cfc3dc51d9c5b2959b0f6d4419639fd06cf80678dd66a097be70b2f319727548882decf3f9cf2af0b54064845819c9f6e2fb060126632d1d2231cdf8eb52838ecf8069eca9f9d4c1d0bef3ea9fbf07bfe41e250484cd0632c3acaeeb0889218d7b90eee09fb31b2faaf87f2c0751d596a827e3829627c3232336f6a851832aa0fc884161b2df92a9e2446a6293090a7028e95cf9cae6a087b5572c1e22dd29a1ec8b8731a41eed270758893b15fe58a97f41d243c39da53567ab168bb55791b29cc6d9fae44b5116f37090aa47bf2cad12350ec8f5c5b280e5a03cf50e70fb3fa73f95d4218af3ffba225270e8f0d4d35a3d657e01bab4345e6e4f9ddebd28864684f4adfb38b6126720a4929e0bbe8448ba83cb5b647a802f53d1410059029b60d20fb709d6dba87c99e47f5691ea354e1e6530f013ccc9c97f63a555556a5d0e53e6d7645042d572f16f929339bbbf9451fec034da91b04507458c49ecf06cc16f7d3e323a0b4a0f9a64d5160ebcd848221533d362b5bfeb8bcce1e3b24320037959d27e5250b3679245f3aee6e5c5c86fa0346965da3056e7866c6f9eefef512840f659d5dd441d263f45b9696cf9a79b43a33444aafeebd4d02a1b6d4e8f9cffdb25b168d6da44b9a5068873fdceecbff3fe1cdaa5e005efc08f21daa5e2e6dd923b726fd92cf031b4b31d786f91cf5b262441792fe128a6c9de8972a97aec8717a1c2234a49690831450f98d374dfcf56b332c6d3bf72ac5947981e2299348380da890f4f559d91f8e719fb4cdc168130ae839dabee77bb9f1615ad13478b0b0a04ff2ecb9692c57722cf61db7f4edf9e69fe5bc673021c959aee5c228a8371a3d785e7702cbfb34b5ef0e8bd5d65c7e85aa5d2d2cabac18d7e488c57440635160e03fe536aff501025faaca8251b097a8035ac7072e5348b31463175b546315c492d3d26aaef4ad2262b775dd40d762dc4c46008a0f1cc1148cedaf7e789957be3574f7455f66a01d87cf004f7b68081724c758bf9113a61f68ab214fa572e20a6ddaf848724705254982b4acecc42d65d2212f68f841d50d69046195b1d578dca422ea13739b2e1dedde11b28bbbfcbda3e6858b2f47f93e69ca14a703bb9ca3aff83dcc62f0257a006c5cc35cf434b76a03c8f34f6d9860658153af41bac565239769c6511c92c8707ea806e85f1890cbfb3622a04e26255e0f8e82103428c9aa1b56e2d93a7af33a5ade06a45063dfe3c00689f7f90f44cb7f2841d30747ff131807b4f639e41e41032c1a5636c650621cfc71dea62f5667b6509b77902e1ded07882e26455c61e6b01f10a0644f29124beee6cb134d61b131ce31e448bb45fffd0aa173b55a227578ab33f099ec94f450c0e60e0c34ce48abf100870105200c49d29f38c572e0fdd6f78dc6af7628a0bb7dfda6eabdcc1f2881a9bf60c393033ff5614b5c4630940fd3fc0f661fbc10fed2d8c0b0adcfd4c2b71b82897e47d4315429c6b99861c5a9a6f372f2eb8e615a464e2b6ef91787baca8b212627fbee57a688066aa8ca37ec7a6094f41d197cb6858c50bdaa8b5f9b0646df59c934c2f0afccb32362772edb46cc8f159f6be607574e0daedee4851c74615edc6e1c60e8c56053078780e4704ce9b9f6022028edc6ff20b02b45691247a4cb06d716434ed6559e26185c5c756e45896176bdf3a97eb84fff9efb57b8d8b747baa1b787895ebad1ffd92c703d07a48e62ce55a32d19a64d9c8d4ebb3aecfba741fadcc4d99770db0f1e9479133e42c11ea9087ad350f0e28188874415225be0dc64190c83262ce2440d20838505d281223d0fd913ca047e1c60d32e437e4c95672445211834224f70de258ed50232738aa0931f2cf0f54d6cd9010ce6e94c66550d49695992b8852094429a3c67a74f5e9bfa1d0dc09ed9eb6811dea9822c461dd0c14c66c9f9177edb9859715d9202cc177d2b487bcf04ac61dc4133724a881bb94f6423d3ba3e2318ef50d1efc1659393c81029dc04ddeb77ed02382f8ea47f6b25c782b4180bb378abb411292003e3a7a301797176a3c44b665bdaf78e79b22b20d94a8c57f2bae2c94625cf7d17bb9a95878e0346b3e144a4ab988eeaabc651d17daad21fd021bace51d75543226d926cf9c14b66170a65764ac9aea5d2ef2c961ff2f177363ef37f375335c2c03ff58664eb69f1302fb5ce5251b6ea1b4c783d0ce3b53db9d84ee64bd9877ee6820c28a5f1fe422e844f26d18fe5993388aabcece1bc29cab05dd6d80474afebec7dbe04d74749a342fca36b2be6171812e19f3a026f1bfb201bfc11a2a5819255c9f1c01f3f9ab9c54ea05b008cd01b7113ebae7f724288ad1e2775e836e54d73aa2aa9aa61ff29373a90aa1b5d10f78d8f722fc6b1d27f76a5bfd98ca8c482c188e7ec5d1f04d5b63ec836ca580889dd186aa3b146249a064b7a41a2a77694192e1128209889f6d1af67e5ca971e5975c80b7e4cfe665e3b622924e88238d0bdf68acf34a9f2c00b7713e0998c105a0973e5bbc026e98c2f66b1fba90f280759ad203f8ebb3176c53a4b38101a7d8d61f78d0fb3a63bf1194c25fb69f6455cd9921b5a168a02da3726fa2138c52eb0e16ec0f23d72d9414d18b83a0fc2a6a7dc8125803de2aeab433791fc0a50658c50057a313b04398db063703860fe77495522caa2f406ed286bf34a4f9fff4af8c6aafb0a04317f1b87fadd856d33006acc143318af64bfbf51ae2b1e6f249d4a5abd03743c62f71fbd79d4cd01c2ac6f83879c7ff0559bcdd79874595bb8eed26392c54ea6462683b14e8849945c6ac4a14a33b32f705ad10be28cadb3ed2f925d588244fbeac6bd0fb0f049c59bfcb1ed4de8354a51cc41d6187451447726a83bd3ce1d835cb5b638a73b2519c9800401ac856f2d36dabdd795c29ce32788ea327a767acbe6adfc599e7070f78d323927f77f0b130a5a1d35bdf7ce7a44920bbebb0fc62c366a34850578c1768bf78c535e58924da389e3a6b35371e8a5a595d472a12871b518edaec27ef521dd109581d66a659b3c3459437ec5c1ff5b09b3b1822fae6831b0b577424f13c70ed5ccf4ef40fd084660035abecc5d7af6768915790114d4c92f600d38862f930f1089b808c1eacb76163a1c60e4f0a328dabf4122c1aeef1c50bbe9d3ba270eed4b44ac5552d48e410ffbc261a998c67477ebe89cf8a325620907ef235864e4a93a933c77f23ca6fb040df7905b1b96d6838a315f7daef72cc142f795f1f0fa18f9f83123b01b2c98326bf500edf58d12536d1c7c4036a541d0d0f951d7653469cb920853a2970355dd7fabc1744b1815d6a7f12375cc097968858f6ed2d040b3255002398a44602ef675aba8f6125d96e5f0f0490a18b9373fb94a68befc8110bd0f3304b23fd3b32bee17f9fa8f1faf5a828d0ee62e0bd72d4da5797a3fc834b7e355ccdc46387b1bf7dc617387e8e5cfc73bc5e18e6fd187ad1c02e8cc2021ae531a3af94f07737472a7af24908ff89b708f323a0ceef503c6ad9c9955ef1a622fe21bd5b5a5cc44bcbf24134a1649d611ef976f57160d5c97e69ff706dbd6df34001ba5a817e5116ab60a41b79971e385504ffc3e9f9e1ab187dc6d5cde33461711cddf6e0482eaa8eb7bef4da9e8fb5d8b06726651531bf3ba8d4a7251f7d6f4a7502f6fb70022dcc3760f9b52540c18fa8a98ae71da02ed309c0b49d714c7c3f5d958c01dd5cb3eadf3b02747775b6123c0470d9115d53f1ce6de0fdbed9ae79d75a8375f83e5174f0cf5922409faef89a97f7e1681bf857c986ae21c41d8828a0c1a092865e4630b9d47f4846a40669e5583087ca2af910d5532ea03d072231584682f31e9b53e606f84c171d5b782c5cb637b041051233516a4566da09e1d56f9a7d539135e5735736e88a0f8ce13b201ca3df76681bc0f0e47ea48fc06daf13084679d7600b746a2ed620d425fe4ad11308a6137452e933c39d4c6ba0bab9e222ab7b4a5d827126ccd0075b8f29739d37cbe7a554ed47c9592ee2af53d97b2ddeaf0b7514ede55542600f6c9d3cf81a00354c1b00802001beae4448cf74890fcb73f9985d80a8d9bb7a2106a9ef91363884ffcef18b2c49ff4ba30416f9c84e3db6395d371ca300adc6b122f4ab763edbc5d892064ee6916722a0befabf3333c4072d3f4015b56f0d37307e2f9d9a5ffc8238280fb73c1ee7d88a7a9ba429018a9e32773185b49f3678070e9d1626c2fad216671930f971f6c15d22ed4fa8777fb372e300e791d3fa5b3f5c8231b2c4d17b3ac666103d0afa326cd58dc13d08e4802b9036e5e1d728620d008c332a0e2cef44925231cca2f7f0d83aba57a2fa65037fde5a9fccdb7ccc9dd623a8aedc82f09bcc87c85b3bbb2bc2ae7d8d4a30f99127abf020df89fdfa92801072d3f1234f10e13f9356e5c6af1e7d60dd3db37481b39e31abe1c51d38466281257888d2b56dda4475fd6eaf895e55671b0c6e2d18cd2e787f42eb3ed9ea33b9eea92f75a3cc6a1c73c578a8d3e52f913f207835d635dac0d286478a1c48e0808a68ddbdac24cd6e131f7623aba87cfb6efb30ecfd5f94dcfa9778205b500031aee12d7264af90ca2353217f3336e1bd17ee80466fca55b88e20c9cb1802fcd1e6ea3f6f611c8ddc58b017821b1f5de4abd174646401990c97c91189437910dcf7a795396c4a558946ba3406c9a01423bd8c7191200ee0e63938c4ef0e0d34b2e6b35831164585f08ef13621e3a6a6b8f818485ad681d0b1fa209224463a4f8fb9ae67d4d8088fc6b010c308a28a53eec086db389d2771ecb3fe84bbe684437baaae51bb1b9528f01bdfa4636aa4e61d3a079a344e00cb5db69bc93fb6e4ed7edbb8433915bd221bc0499b1a20893d0c341c87df8119e05702c807d9b73f826b8a5921ad82f2365be1d444f5ce64185509993450b744814d16ecdaf045b2526c8ca533b5ebcb511f084396c4c45f66f9fafc1ee4abc1e7ac6e2301e730562a8c3355ca451e02d1a39f1f87ec6cd7fcbc0519ae479ca05ca292c7be4fb29a4efa7f0bcef69c8c105049b5b1ea13bd14b405f932346be37cdb3de5f1ac0ed83e2b49808643a7872710e0ab2e864d30fb835a5e330ca3f9456c8261eb91603f29d86abce9c3949ce8e0ef041bc5901cc811cdc292e7ff683e75a788392615a3168719ceb2cb7c2f79a3b856f57594213e9b1ea514543bfaefc7bdf75c700040c78fcc178a8acf1a8794b9f157f50265627bc90bb1d561c0ae42fa494696ada199afdf263fd7f0625873aee78fb6f7349f60a83dcea2602024e13ca6f27d3b31e63dcd926ce9be9289f74b849b634e9b1a6d78fbd24b831944d162f48270aef71955a32972c1b016de5a71e6cbd4cd5fe869adac8aa17bf8c2a429e6aaa4344d588624e2d75a6b6a0e6fc208ea6af82e95bdf5aff7cb5531680ae8c1d60c3a13efc396336b96e3fbaea02f5f6524e3ef96")
tkill(r4, 0x2a)
openat$sndseq(0xffffffffffffff9c, &(0x7f00000000c0), 0x20402)
r5 = openat$cgroup_procs(r3, &(0x7f0000000200)='tasks\x00', 0x2, 0x0)
dup(r5)
openat$nullb(0xffffffffffffff9c, &(0x7f00000001c0), 0x40, 0x0)

2m41.479067636s ago: executing program 3 (id=1382):
r0 = fsopen(&(0x7f0000000100)='romfs\x00', 0x1)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000100)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@index_off}]})
r1 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
mknodat$loop(r1, &(0x7f0000001600)='./file1\x00', 0x0, 0x0)
chdir(&(0x7f00000003c0)='./bus\x00')
linkat(r1, &(0x7f0000000100)='./file1\x00', r1, &(0x7f0000000240)='./file0\x00', 0x0)
rename(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000f40)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x3000000, 0x0)
chdir(&(0x7f0000000280)='./file0\x00')
r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
ftruncate(r2, 0x800)
r3 = open(&(0x7f0000000200)='./bus\x00', 0x40000, 0x0)
sendfile(r2, r3, 0x0, 0x1dd00)
close_range(r0, 0xffffffffffffffff, 0x0)

2m41.36937011s ago: executing program 3 (id=1383):
keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='new defau'], 0x2a, 0xfffffffffffffffc)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000900)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(&(0x7f00000003c0)='./bus\x00')
creat(&(0x7f0000000400)='./bus\x00', 0x0)
lsetxattr$security_ima(&(0x7f00000002c0)='./bus\x00', &(0x7f0000000180), &(0x7f0000000480)=@ng={0x4, 0x6}, 0x2, 0x0)
open(&(0x7f0000000100)='./bus\x00', 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)={0x3})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000040)={[{0x10, 0x3, 0x14, 0xc, 0x1d, 0xfa, 0xfe, 0x3, 0x2, 0x1, 0x10, 0xf8, 0x5}, {0x6, 0x9, 0x3, 0xd, 0xae, 0x5, 0x2, 0xc, 0xfe, 0x40, 0x6, 0x17, 0x3c}, {0xa20000, 0xa, 0x4, 0x7, 0x2, 0x77, 0x1, 0x9, 0x2, 0x5, 0x8, 0x54, 0x18bb}], 0xd9})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text16={0x10, &(0x7f0000000b40)="f30f09ba6100b8c400ef66b9eb0a00000f3266b9830000c066b84700000066ba000000000f30f2a60fc75add650fdabc755ac09af67f0066b98004000066b8532ebe1866ba0bffd3710f3066b9830500000f32", 0x53}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

2m39.425694201s ago: executing program 3 (id=1395):
r0 = syz_open_dev$vim2m(0x0, 0x10001, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f0000000240)={0x1, @raw_data="a425e2f1a54d24f15842313560608d70566e425a6c36af37b33fac9d31c8a9c7044410d324b03e044e454d2092a62fea8f13441431ce248bfc73a6726ee61ba491d15d8f392ff66fe0b17f0e11f5d2367d5593205ab1efa97d40619a553e7da2518125b850a186ef691daa55c9e50ffaf6ddc25220ded32aeba4524cec1afbd17abba1d15ea05e97ed3dcad452db6e08a991e2c78b057f55de7fdeba7411ce65700c0a1ad7946ff7c355db87566e3e5abb7a37a06731ed19ddfa970bb58a27fd9fa194c092730319"})

2m39.406381747s ago: executing program 32 (id=1395):
r0 = syz_open_dev$vim2m(0x0, 0x10001, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f0000000240)={0x1, @raw_data="a425e2f1a54d24f15842313560608d70566e425a6c36af37b33fac9d31c8a9c7044410d324b03e044e454d2092a62fea8f13441431ce248bfc73a6726ee61ba491d15d8f392ff66fe0b17f0e11f5d2367d5593205ab1efa97d40619a553e7da2518125b850a186ef691daa55c9e50ffaf6ddc25220ded32aeba4524cec1afbd17abba1d15ea05e97ed3dcad452db6e08a991e2c78b057f55de7fdeba7411ce65700c0a1ad7946ff7c355db87566e3e5abb7a37a06731ed19ddfa970bb58a27fd9fa194c092730319"})

1m47.588509271s ago: executing program 2 (id=1752):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000d00)={{0x14, 0x10, 0x1, 0xffffffff}, [@NFT_MSG_NEWCHAIN={0x14, 0x3, 0xa, 0x801, 0x0, 0x0, {0x1, 0x0, 0x4000}}], {0x14}}, 0x3c}}, 0x0)

1m47.575774885s ago: executing program 2 (id=1753):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="5c000000040605000000000000000000030004000900020073797a3200000000090002000100000000000000050001000700000005000100070000000900020073797a310000000005000100050000000900020073797a30"], 0x5c}}, 0x0)

1m47.509202019s ago: executing program 2 (id=1754):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x11, 0x3, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xffffff7d, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = socket$pppl2tp(0x18, 0x1, 0x1)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r2, &(0x7f0000000000)={0xa, 0x3, 0x0, @local, 0x3}, 0x1c)
connect$pppl2tp(r1, &(0x7f00000002c0)=@pppol2tpin6={0x18, 0x1, {0x0, r2, 0x8, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @rand_addr=' \x01\x00'}}}, 0x32)
writev(r1, &(0x7f0000000180)=[{0x0}], 0x1)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
fsopen(0x0, 0x0)
pipe(&(0x7f0000000200))
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000003c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r3 = getpid()
sched_setscheduler(r3, 0x1, &(0x7f0000000100)=0x5)
openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
r5 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r7, &(0x7f00000bd000), 0x1a9, 0x0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r5, @ANYBLOB=',wfdno=', @ANYRESHEX=r7])
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x0, 0x0)
r8 = socket$nl_route(0x10, 0x3, 0x0)
r9 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), r9)

1m46.638553938s ago: executing program 2 (id=1759):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(serpent)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0)
r1 = accept4(r0, 0x0, 0x0, 0x0)
sendmsg$alg(r1, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), r1)
sendmsg$nl_route_sched_retired(r1, &(0x7f000001be80)={0x0, 0x0, &(0x7f000001be40)={&(0x7f0000000980)=@newchain={0xfe0, 0x64, 0x100, 0x70bd2b, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, {0x7, 0x6}, {0x6, 0x7}, {0xa, 0xf}}, [@f_rsvp={{0x9}, {0xfb0, 0x2, [@TCA_RSVP_CLASSID={0x8, 0x1, {0xfff4, 0xfff2}}, @TCA_RSVP_ACT={0xfa4, 0x6, [@m_simple={0x150, 0x13, 0x0, 0x0, {{0xb}, {0x6c, 0x2, 0x0, 0x1, [@TCA_DEF_DATA={0xa, 0x3, '!-\xe9}!\x00'}, @TCA_DEF_DATA={0x6, 0x3, '&\x00'}, @TCA_DEF_DATA={0x5, 0x3, '\x00'}, @TCA_DEF_PARMS={0x18, 0x2, {0x7, 0x8, 0x4, 0x2, 0xff}}, @TCA_DEF_DATA={0x9, 0x3, '-^*&\x00'}, @TCA_DEF_DATA={0x8, 0x3, 'sed\x00'}, @TCA_DEF_DATA={0x5, 0x3, '\x00'}, @TCA_DEF_PARMS={0x18, 0x2, {0x6, 0x7, 0x7, 0x3}}]}, {0xb9, 0x6, "3aeb214131b1ca0ddfdfc97966f4133276ce372b1f37f7a024c7d80664c4021b18789751bf564c85f46b3f2f9fd1323172f2bc755f9ed46eed281bd263fff883b2d09b5ae72ccb742d4ce24c6c8c4f710fd58f0727290e248a9ba8371f4b9f547e4e7e1f1fbaa55bd0a7435c5434310395baebae817fc8db057a2bf305ec913ca7fed0f649fdc57a2f270becdde96a34e44bfb9f8ccaa9af8c9f6f66e149874c9286fb383cb328b3e2e6fda8e49c5632bbe9e0c58c"}, {0xc}, {0xc, 0x8, {0x1, 0x1}}}}, @m_skbmod={0x134, 0x2, 0x0, 0x0, {{0xb}, {0x28, 0x2, 0x0, 0x1, [@TCA_SKBMOD_DMAC={0xa, 0x3, @local}, @TCA_SKBMOD_SMAC={0xa, 0x4, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}}, @TCA_SKBMOD_SMAC={0xa, 0x4, @random='uteVz '}]}, {0xe1, 0x6, "16b0a7632f59d0719fdf15badb74a2d9518c6ce1f3958bb8c8c58de1fe38ee4ae8766ff84a95d768cca9d6a9e0afe72db12a0907498415454a32259ae10fc51c280cc411cc96f23dedc76d17540c637a58ed1ebc147ebf0ce4abdb9a036638dc1aebfa80a5950f410778d6ce6861016dcb28075917ce925866c4983a55f1bc5857f3ed79813727b52ad7dea697b42594e09b5bf2f02c37fc5de3fd4c4ef2c01f32bd351d40f4a66b58238ad3a92a782c13d560ae8d4d55f44151a558ad82fd36c7411bcf55de787524c8e5e443611c20219b3209431c7f427ac660250c"}, {0xc}, {0xc, 0x8, {0x3, 0x2}}}}, @m_police={0xd1c, 0xb, 0x0, 0x0, {{0xb}, {0xc2c, 0x2, 0x0, 0x1, [[@TCA_POLICE_RESULT={0x8, 0x5, 0x5}, @TCA_POLICE_PEAKRATE={0x404, 0x3, [0x3ff, 0x1, 0x1, 0x2, 0x0, 0x9, 0x0, 0x8, 0x0, 0x4, 0xf8, 0x7, 0x5, 0x9, 0x7, 0x4ff7, 0x8000, 0x1, 0x9, 0x1000, 0x7, 0x5, 0x3, 0x0, 0xa90, 0x7f, 0x5, 0x8, 0x0, 0x2, 0xffff9c0e, 0xd9, 0x5, 0x4, 0x7, 0x2084, 0x1, 0xb, 0xfffffffd, 0x6, 0x8, 0x400, 0x3, 0x7ff, 0x7, 0x80000001, 0x7, 0x7ea, 0xa, 0x7, 0x7ff80, 0x2, 0xa8ba, 0x8, 0x6000, 0x3, 0x2, 0xffffffff, 0x2, 0xc, 0x100, 0x1, 0xeba, 0x0, 0x9, 0xd410, 0x0, 0x769aff06, 0xb60c, 0x5, 0x0, 0x8, 0x0, 0x0, 0x5, 0x7f, 0x4, 0xbd, 0xd, 0x800, 0x9, 0x5, 0x6, 0x8000, 0x2, 0x1, 0x1000, 0x9, 0xb8a0, 0x8, 0x2, 0x111f, 0x40000000, 0x3ff, 0x6, 0x4, 0x6, 0x1, 0x7, 0x0, 0xda58, 0xa60000, 0x5, 0x0, 0x6, 0xab, 0x2, 0x7, 0x3ad, 0x3, 0x814, 0x1, 0xc, 0x4, 0x6, 0x40ba, 0x1, 0x9, 0x4, 0x2, 0x8, 0x6, 0x7fff, 0x2, 0x7, 0x8, 0x7fff, 0x70, 0x80000000, 0xe4e, 0xd9, 0x4, 0x3a, 0x2, 0x0, 0x6, 0x6, 0x9, 0x3, 0x25, 0x8, 0x7c, 0x101, 0x7f, 0xc79c, 0x6, 0x9, 0x10001, 0xa, 0x5, 0x6, 0x9, 0x3, 0x9, 0x4, 0x4, 0x81, 0x82, 0x0, 0x4, 0x137, 0x140, 0xd, 0x1, 0x3, 0x6, 0x401, 0x9, 0x2, 0x8000, 0x1, 0x0, 0x4963, 0x400, 0x6, 0x2, 0x2, 0xc62a, 0x2, 0xfffff7fd, 0x80, 0x80, 0x9, 0x6, 0x3ff, 0x9, 0x7fffffff, 0xfffffff0, 0x7, 0xd9, 0x7, 0x7fff, 0x800, 0xf, 0x5, 0x7, 0x8, 0x3, 0x5, 0x200, 0x4, 0xa2b, 0x8, 0xa, 0xffff, 0x40000, 0x80, 0x7, 0x8, 0x9, 0x8, 0x8, 0x2, 0x0, 0x2, 0x276, 0x40, 0x80000000, 0x4, 0x7fff, 0x1, 0x3, 0x3, 0x7f, 0x10001, 0x6, 0x7, 0x3, 0x100, 0x3, 0x1, 0xffffffff, 0x80000000, 0x1, 0xb, 0x3e, 0xc, 0x401, 0xc63f, 0x1, 0xf, 0x7fff, 0x0, 0x3, 0x9, 0x8, 0x9, 0x10, 0x28000000, 0x5, 0x6, 0xeff, 0x4b32, 0x256c, 0x4, 0x6]}, @TCA_POLICE_RATE64={0xc, 0x8, 0x9}, @TCA_POLICE_AVRATE={0x8, 0x4, 0x240}], [@TCA_POLICE_PEAKRATE={0x404, 0x3, [0x7, 0x4, 0x101, 0x9, 0x3, 0x5, 0xfffffff8, 0x9, 0x15668cd8, 0x2, 0x16, 0x2, 0x60, 0xf026, 0x84, 0x4, 0x3, 0x80, 0x3, 0x9, 0x2, 0x5, 0x6, 0x1, 0x3, 0x9, 0x9, 0x3ff, 0x0, 0x5, 0x0, 0x200, 0x7fff, 0x4d97, 0x9, 0x9e70, 0x9, 0xfffffffa, 0x200, 0x7, 0x7ff, 0x3, 0x9, 0x9, 0x7fffffff, 0x2, 0x81, 0x5, 0x4, 0x7, 0x7, 0x0, 0x0, 0x7, 0x7fffffff, 0x3, 0x2, 0x6, 0x3, 0x40, 0x7, 0x9, 0x5, 0x8, 0x1, 0x261, 0x8001, 0x10, 0x6, 0x4, 0x1, 0x6, 0x6, 0x80, 0xcbb, 0x13a, 0x6, 0x4, 0x181, 0x8, 0x0, 0xb6, 0x7f, 0x6d25, 0x2, 0x7f, 0x9bd3, 0x9, 0x80000001, 0x10001, 0x101, 0x200, 0x7, 0x2, 0x7f, 0x9, 0xfff, 0x8, 0xac04, 0x401, 0x400, 0x4, 0x800, 0x3, 0x0, 0x8000, 0xa, 0x3ff, 0x9, 0x1ff, 0x1, 0x5, 0x9, 0xf, 0x6, 0x5, 0x498ed63a, 0xffff, 0x7, 0x80, 0x7, 0x2, 0x52df, 0x3f5, 0x6, 0x6, 0x4, 0xfffffffd, 0x9, 0x81, 0x401, 0x7, 0x13de, 0x1, 0x3, 0xae, 0xfff, 0x5d5f2381, 0x7, 0xd42e, 0x3, 0xfff, 0x3, 0x7, 0x2, 0x6, 0x8495, 0xc1e0, 0x6, 0x6, 0x3, 0x7, 0x10000, 0x4, 0x2, 0x101, 0x7000000, 0x5, 0x7, 0x2, 0x3a702146, 0xfffffffc, 0xd, 0x5, 0x5, 0x7, 0x2a62, 0x8, 0x3, 0x4, 0x6, 0x2faf, 0x6fb, 0x2, 0x6, 0x0, 0xb0, 0x0, 0x81, 0x1, 0x800, 0x1, 0x7, 0x8, 0x1000, 0x1ff, 0x2, 0x4, 0x7, 0x80, 0x9, 0xf, 0x2, 0xffffffff, 0xffffffff, 0x20bb, 0x0, 0xfbf6, 0x1000, 0x2f7, 0x7, 0xfffffffe, 0x7, 0xf6b, 0x5, 0x9, 0x0, 0xffffffe2, 0x6, 0x1, 0x5, 0x6, 0x6, 0x1fa8d260, 0x10, 0x80000000, 0x6, 0x3, 0x7f, 0x10, 0x8, 0x9, 0xd5fc, 0xa7, 0xc, 0x6, 0x3, 0x80000001, 0x3, 0xfff, 0x5a242b2, 0x7ff, 0x3, 0x1000, 0x2, 0xff, 0x3, 0xdc, 0x7, 0x1, 0x9b, 0x5, 0xfffff17b, 0x0, 0x80, 0xc8, 0x4, 0x8000, 0x6, 0xc, 0x7ff, 0x7, 0x0, 0x0, 0x2, 0x3]}], [@TCA_POLICE_PEAKRATE={0x404, 0x3, [0x9, 0x1ff, 0x5, 0x0, 0x6, 0x7fffffff, 0x7, 0x3, 0xee, 0x7e06d55, 0x1, 0x10000, 0x9, 0x7fffffff, 0x3ff, 0x8, 0xff, 0xf, 0x0, 0x7, 0x2, 0x1eb1, 0x0, 0xb8c0, 0xa, 0xffff0000, 0xe, 0x82, 0x1, 0x2, 0x3, 0xa, 0xe555, 0x100, 0xfffffff9, 0x8, 0x7f, 0x7fff, 0x3, 0x1ff, 0x1, 0x3, 0x0, 0x8, 0x0, 0x7, 0x6, 0x7, 0x7f, 0x7, 0x5, 0x7, 0x5, 0xffffff00, 0xfffffff9, 0x7ff, 0xfff, 0x8, 0xfda, 0x9, 0xe, 0x400, 0xd, 0x4, 0x9, 0x7ff, 0x9, 0xe931, 0x4, 0x274faac7, 0x9, 0xffff, 0x8000, 0x7, 0x4, 0x8, 0x401, 0xbf, 0x3, 0x80000000, 0x2, 0x8001, 0x8, 0xffff8001, 0x6, 0x9, 0x8, 0x4, 0xffffffff, 0x4, 0x2, 0xd, 0x0, 0xe525, 0x5, 0x7, 0x1, 0x0, 0x3, 0x180000, 0x3ff, 0xfff, 0x8, 0xff, 0x8, 0x94c, 0x8001, 0x5, 0x7, 0x200, 0xffffff81, 0x0, 0x1, 0x0, 0x10000, 0x6, 0x7, 0x4, 0x6, 0x6, 0x6, 0x0, 0x4, 0x706d, 0x59f, 0x1, 0x5, 0x2, 0x9, 0xc610, 0x25b, 0xd, 0x8, 0x2, 0x2, 0x1, 0x2, 0x3, 0x2, 0xd2, 0x80000001, 0x6c87, 0x5, 0x3d1, 0x80, 0x27, 0xa542, 0x5, 0x18, 0x10, 0x8, 0x9, 0x9, 0xcb4, 0x401, 0x1, 0x1, 0xfffffff6, 0x4cdb, 0x5, 0x7, 0x60, 0x2, 0x7ff, 0x7257, 0x500, 0x8, 0x1394, 0x7, 0x40, 0x3, 0x8, 0xfffffff7, 0x1ff, 0x9, 0x2, 0x3, 0x4, 0xf, 0x298350d9, 0x9, 0xae76276c, 0x2, 0x6, 0x5, 0x8001, 0x9, 0xa1, 0x3ff, 0x7, 0x2, 0x0, 0x5, 0x0, 0x6, 0x80, 0x7, 0x0, 0x1, 0x3700, 0x937, 0x1, 0x2f0, 0x6, 0x3, 0x2, 0xb6, 0x6, 0x7, 0x4d, 0xffff, 0xb66, 0x9, 0x2, 0xa3e4, 0x40, 0x0, 0x9, 0x4, 0x3, 0x2, 0xfffffffe, 0x9, 0x4, 0x3, 0x10000, 0x9, 0x1ff, 0x4, 0x81, 0x2, 0x1a, 0x9, 0x7, 0x7, 0x9, 0x8001, 0x8001, 0x8001, 0x0, 0x400, 0x4, 0x9, 0xffff, 0x7fffffff, 0xe, 0xd9, 0x1, 0x0, 0x0, 0x1, 0x5, 0x3, 0x7, 0x10000, 0x6]}]]}, {0xc5, 0x6, "dc4c2e96fdc54e2582d1301bf55ce22b6d4518d480da4a5b3b4fe902d39a462f81d89d70da4437f76b7e2afdad4f93e54f85d8e97969933e04c3b3aeb8ea92c40463b46d643ec0ada79866daff768319911ff45b41077c9666036ab61dba706603368192993a41496fb58aea13bd94df50aabd6f5d98489af38204eab236f64931fb916ad3cd70abb7db163d7050e969e8d2c44bc47558b19405fd502a5ca659b09e43991de33378ff860d61dc1165df4185c5a56a7c96326e47962bffb6964715"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}]}]}}]}, 0xfe0}}, 0x0)
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
r3 = accept$unix(0xffffffffffffffff, 0x0, &(0x7f0000000580))
fstat(r2, &(0x7f00000008c0)={0x0, 0x0, 0x0, 0x0, <r4=>0x0})
getresgid(&(0x7f0000000940), &(0x7f0000000980), &(0x7f00000009c0)=<r5=>0x0)
sendmsg$unix(r3, &(0x7f0000000ac0)={&(0x7f00000006c0)=@abs={0x0, 0x0, 0x4e24}, 0x6e, &(0x7f0000000880)=[{&(0x7f0000000740)="8965a00557c73d1d61b7b6f978c37da55ceb038201da99067b1bed186db7226cd274144a7ae4a6fee8b1b57f77463e0cadf424c5a173125275ea76078e72b674b0dd3421db1193c8e000debcd951b14df94b09c0f356dfa740d868cd8b8bc40e5d6f0d8e7c02ca073ceef00843faa24958ee5f97d964ae88e66ecd3388c35978d7f67651543773fcef1d6e3bfd2567634f26971995", 0x95}, {&(0x7f0000000800)="a24daf753c1186053416e9fc7d740ace5a321846c859a7d956b98d7161debea31e97fd19353c4b42303eee595f7bb84eff00fb6c56d9315ca5fd82874e284c9ad76878058369", 0x46}], 0x2, &(0x7f0000000a80)=ANY=[@ANYBLOB="18000000000000000100000001000000", @ANYRES32=r2, @ANYRES32=r2, @ANYBLOB="1c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=r4, @ANYRES32=r5, @ANYBLOB="00271e00"], 0x38, 0x10}, 0x81)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r2, @ANYRESHEX=r4, @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
mknod$loop(&(0x7f00000002c0)='./file0/../file0/file0\x00', 0x0, 0x0)
write$FUSE_INIT(r2, &(0x7f0000000380)={0x50}, 0x50)
r6 = openat2$dir(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', &(0x7f00000001c0)={0x200301, 0x1, 0x26}, 0x18)
mknodat(r6, &(0x7f00000000c0)='./file2\x00', 0x81c0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000280)='./file2\x00', 0x0, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
write(0xffffffffffffffff, &(0x7f00000002c0)="6f88b2a60614ef91a3f8ef9e1220b2675bce0f59b2336b1e3eb222ffa77b91bd642da8472b07a5059831e5c03734ccff6480db993a9be5198f428be1838bef5847f8452dab06605676dc879a87d9c28bf128eb784296078f4a28e8a2595743bd65e4e6a9e5ced66e5524edc432ceaab8552a2c2f179d91122a961061343c8695c39084b2370dae938e8d43b6d6fbd905eff6c6360e26d2ef525c6a46357a0f26061ba8da82c8c39b5ac93cea456c8ed747b85fa822136714ad8bdb0d36d7c9c75354e5d73d216e45cb24fc975e092c08bd1bfb1102952f580acce4909b84036801c1f0b88c7508aa2bf5999b5f8b0da1b6d5a83203cf784ce1e8a562c75310eea1c28d9f650073742c8e9311718b35ac6e6a272bd76b7e547c06b9b9c461163e18f48033a79c7f3a6574c234d84fa9c569100e6c088070010175611c6643b7cd4eb643ab300fa1e46fb4027fe48882975fcfd5a5295ead29b97cb0e86af8a0b4beb400d3b54774eafac72f7d222a4248662afdd0072963aef817701d5ffc09f61d563c3ed0992670002289a555f7bebfec91b5c75e9222b17ed54aff16a3d6a0cfab24f8bffcaef7c61f2be13411eb800853f37dd2d0efc25abc246e833d350206539d5160991f02e4b0201f14ed8fdc814c4034ed7e438934b250352ece17f1147ba3265caf7d6dcc71b59da7ea72c698adfeeb89e4e1090000000000000037f0a1459629821e194a2601310dc37e5d25c9b21055681830bf06fc121191758bf9e1d11571ee3a3a41ec52dc12d74f657a35f396e51b22ab9955933cd68d838dfe6ff69882554c01", 0x248)
r7 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r7, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x3}, 0x6)
write$bt_hci(r7, &(0x7f0000000500)=ANY=[@ANYBLOB="0e0001000200"], 0x8)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0286405, &(0x7f0000000480)={0xc1, 0x548, {}, {<r8=>0x0}, 0x3, 0x3})
mount$overlay(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000440), 0x4c, &(0x7f00000004c0)={[{@redirect_dir_off}, {@volatile}, {@nfs_export_on}, {@volatile}], [{@appraise_type}, {@measure}, {@uid_lt={'uid<', r8}}, {@smackfstransmute={'smackfstransmute', 0x3d, '$-\xd7.$'}}, {@seclabel}, {@subj_user={'subj_user', 0x3d, 'tmpfs\x00'}}, {@seclabel}]})
mount$bind(&(0x7f0000000300)='./file0/file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x89101a, 0x0)
mount$bind(&(0x7f0000000100)='./file0\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x1adc51, 0x0)

1m46.581894906s ago: executing program 2 (id=1760):
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f00000003c0), 0x135800, 0x0)
r1 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7f, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r1, 0xc0d05605, &(0x7f0000000140)={0x1, @pix={0x0, 0x0, 0x32315559, 0x6, 0x40, 0x10, 0x1, 0x40}})
r2 = socket$xdp(0x2c, 0x3, 0x0)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0)
r4 = openat$ppp(0xffffffffffffff9c, 0x0, 0x1a01, 0x0)
ioctl$EVIOCGPROP(r4, 0x40047438, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x6, &(0x7f0000000100)=0x4)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$PROG_LOAD(0x5, &(0x7f0000002c40)={0xa, 0x17, &(0x7f00000007c0)=@ringbuf={{0x18, 0x7}, {{0x18, 0x1, 0x1, 0x0, r3}}, {}, [@printk={@p, {}, {0x5}, {0x7, 0x0, 0xa}, {}, {}, {0x62, 0x9}}], {{}, {0x5}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000040)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
accept4$packet(0xffffffffffffffff, 0x0, 0x0, 0x0)
r6 = socket$inet_tcp(0x2, 0x1, 0x0)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_SET(r7, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYRESHEX=0x0], 0x30}}, 0x20044801)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
mremap(&(0x7f00002d7000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f000082a000/0x400000)=nil)
r8 = userfaultfd(0x801)
ioctl$UFFDIO_REGISTER(r8, 0xc020aa00, &(0x7f0000000000)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})
ioctl$UFFDIO_COPY(0xffffffffffffffff, 0xc028aa03, &(0x7f0000000400)={&(0x7f0000b36000/0x12000)=nil, &(0x7f0000167000/0x1000)=nil, 0x12000})
syz_io_uring_setup(0x6866, &(0x7f0000000300)={0x0, 0x1, 0x2000, 0x2, 0x18e}, &(0x7f0000000080), &(0x7f0000000140))
close_range(r6, 0xffffffffffffffff, 0x0)
bind$x25(0xffffffffffffffff, 0x0, 0x0)
socket$inet_icmp(0x2, 0x2, 0x1)
close_range(r2, 0xffffffffffffffff, 0x0)
ioctl$RTC_SET_TIME(r0, 0x40247007, &(0x7f00000000c0)={0x2, 0x2b, 0x6, 0xf, 0x0, 0x2, 0x5, 0x0, 0xffffffffffffffff})

1m46.449090617s ago: executing program 2 (id=1761):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907001175f37538e486dd6300"], 0xfdef)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0xf0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) (fail_nth: 8)

1m46.432684892s ago: executing program 33 (id=1761):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907001175f37538e486dd6300"], 0xfdef)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0xf0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) (fail_nth: 8)

17.878210231s ago: executing program 1 (id=2289):
rename(&(0x7f0000000e00)='./bus\x00', &(0x7f0000001080)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x400000bce)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = shmget$private(0x0, 0x3000, 0x0, &(0x7f0000ff6000/0x3000)=nil)
shmat(r2, &(0x7f00006a0000/0x4000)=nil, 0x6000)
r3 = memfd_create(&(0x7f0000000600)='\x00\xac=\x9d\xd2\xdb\x1a\'\xf8\n\xedcJ\x8e\x84\xd4N\x00\x9b\x1f\t\xbd\x11\x86T\x16\xa3\xb3\xae0\x9f9?\xefo\xa4k\x012>\xa1\x9c\x86x\x1c\x9f\x84\x195\xde\x97_\t~\xf3\xceB\xfc\xd4c\x1a\x8d>Xt\xdd\xbb\x80!Y\x12\"p^\x00\x02\xb4\xfdHA\xce\x9a\xde\xe4\xb6\xbcK#^\x00}2\xc6\xde7\x17\x95$\xdd\x8ew\a\xe5\x1f\xe0:|R\x04\xc2\xb8I\xa3\xb9\xe2\xa2\xebw\xdeI\x0f7i$\xf1\xd4\x9b\xc7\xb2\xbeD`\x8f\t\xdbb\x9d\x9dN\xa2\xee\xb8\xf6\xe2\xb4c\xc4\xb0\xc3\x964\x17\xf5\xb3\xc9\xb2\x94\xa8_f!\xdf\x90}\xba\xa3\x01\xe2\xcf\xb7\"S\a\x04ry\x00#4\x87m\xf7\xe3\xf5\xa7\xda\xb9\xcbU\xbe\x06]\xa9\xb6R~\xc9l}\xb7I\xfe\xae>\xf6quc9\xe0\xbf\x94\xdc\x99\xf4\\\xd0\x96:\xfb\x8c\x12o\xcc-\x13\x14\xbev\xae\x80Zp\x95c]\x98\x8c\x01\x8fo\xafjN\xcb\x98\xdf\xd3[V\xbd[\xb9\x10v\xee\xdc\xc8G\xd0\xdc9\xccO\xf74\x84o\x99\xe9\x14\x00\x00dU\x00\x00\x00\b\xfb\xb5Z\xb0-\xc8\xdb\x88f\xf4W\xeb\x06\xc2\xd1\xb6\xd1%\xca\x8f\x013|\x8ez\x1eo\x18\xb6#@P&[\xe0\xad\xda\nmU\x823\\&P\xdc\xbcS\x80\xc1dJ!LH\xaa\a\x82\f=_\t\x18L&\xaf\xb4v\"ukO\xa6\xf3\xde\x96\x85\xc5\xdd\x12|C.\x91\xf2[Y\x06\x8a\x9fN\x10\xb9\xf4\xecq\xce\xd2\x17\x88\xae\xcc7r\xd7\xeaz\xcevR\xcau\r\xf1\t\xc2$k\xdf\x8f\xe2\xbe\xfe\x14AN\xf8\xc6\xa8`Fs[6k\x00\x00+\xa5\xdcxUY3<v\xf1\r\xaei\xa0Xam\vN\x7fR\x96*h\xd3\x01VbON\xc3P\xe7\x16\xcc\xca\xd6\xe5\xe8\r\x9b\x8d.\xdd\x1a\xaa\xa6*\xed\xe1\xb1\xf4\x7f\xca\xbeg\xb1bEm[\x04\tX8\x15#\x94\xa6M?\xe0\x871\x80\xc5~_\x12J\xeb \x00R\xa7=/\xfd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xfe\x90\x13\t\xd2\xf0\x16Rx\x89w\x0eG\xe8t\xf7fG[\x94\x93\x88\x0e8*lI\x16\x14\x9b\x11\r\xcf^\xfa5=\xf4\xb1s>\xeb\xf6\xa3\x95!:\xd1CF\xfd\xcdx\x86\xe3\x19\xb2u[2\xd6=\xd6\'\n\xc1\xdc\x7f\x8c\xdc\x02\xb7=\xc1\xf9\xb5\xa8\x88\a\xbbL\x87\xa5\xd8_\xae\xa4\r\xc9\b6)&\xe1\xea\xcdo\xa3\xcc\x9d`.\xdb\"Y\xd8\x86J#o\xcc\xff\xaaS\x03\xa8~\x99\xe5\n\x00\x00\x00\x00\x00\x00\x03\xcd\xab\x89h6FvS\xf9\x1a\xa0\xba\xed\xcc\x94\x91\xfez\x96MQ\x99{w\x82ge5\xa0K\xd8\xba\x87u\xe19\x8a{,\x06\x06\xcb\x17:~\xa0@\xefF?\x00\x00\x00\x00\xb6\x9ff\x96\x0e\x1b/\x12lUpW@\x90\"\x02L\"S\xeb\xd6\xb3\xf1\a\x8f\x93\xb5P\xd5\x892\xaa\xa4N\xf9\xf6C\xc4\n\xe3\xf9\xcb\xce\xe7\xdcS\xb0r\xf6M0\xe3y\xcdQ\xfc9C<\x06W\x8f\n\xa13L\xfb\xee?dN\"\xa8\xe6\x10L\xd9\xc6|\xear\r\xb7\xda`\xb8\xf2\b\xf6\xa76\xdb\xbe&\x16\x06\xc0\x97\xab\x98\xcdA\x1f&\x98\xb4\xf0g\x05\xe2[\x97\xbb\xd7\xba\xcc\x9b3L5\x06\x95!\\\x81\x16\xdeY\xcb=\x8e\xe4\xd5\xc1\xbd!\x1dp]Q\x03\x1e0\xb0\x05\xe6Frv\xf5Lu\xdc7\xa13s\xd9j\xe2\b\x00\x00\x00\x00\x00\x00\x00/\x1b(\xeea(~\xb7\xf2\xd7\xdc\xea\x02f\x04\x14\x0e\xcc\x99\x9ff\xa0\xaa\xe2\x94\xfd\xfa\xfbW\xa8\xe0\x00\x00\xb8\xb4o\xdd\xd0\xd1\x9a\xc9\xc2\xfc(\x8c7\xce\xf8N\xa3\x91R&\xb2\x04;g\x8c/x~\x16\x8co<\x8bh\xdd\x87&\x01y\x9b\n_|\x06<\xd7n\xff\xd0\xdd0\x1d?\x88m\aB_\x94(XAv\x10\x14\x9c\xb1\xb7\xcf\x02\x1f4\xa5\xd7\x14\xd6Y*\x02\x06j\x87\x89G\xfb\xce6\x0e\x95h4-\xbc\x11a4\"@qs\xf4\x9a\xc8\xbfyo\x12\b\x9b\xb9}\x00\xd534\xc7(\x01w\x9c\x94u\x8b!\xac\xd6\x89\x19J\xae\x7fE\x0eB\x9a\xc4%\xf8\xa7\x16\x8a\x05Rj\x85\xeb\xa3L\xcc\x9a\x02\xe5\x83h!\x99\x93lD\xe1\xa7\xfe>\xdb\x9d\xab\x1d\xb6r\xee\x04D\xa0\x94(\xdb\xe1&\x11\xdf\xb3\xa7b\x14\xda^U5\xf6\x9dN\x9d\x9cM\xb2\xf5\x10\xc4QW\xe2\xe0\xf4\x7f\x0e\xd3\xd9)\x9eq2\xeb\xd8\xbf\xfe\xef^\x1e\xb2\x7f\xf1\xb3\xa7\xe1G\xc1\x06Q7\x95\x02`\x93\xf4\xb6YM_\xa3\x94q\xb0\xe1\x01\xf1 \f\xaeM\xa7\x8e\r:A\x1b\x06\xd6e\x85\xf1\x7fG\xf6\x9aa?\xd6v\x9f\xe2\xdd\xd9\xb6\x87\x88\xc2+\xc4\xfb\xdc\x95\x89\xc1\xd0yD\xac\x1b\x00Zo\xd4\xcf\'+\x00e\x85\x00'/1214, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r4, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1b}, 0xd}, 0x1c)
setsockopt$inet6_tcp_TCP_CONGESTION(r4, 0x6, 0xd, &(0x7f0000000040)='cdg\x00', 0x4)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.throttle.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r5, &(0x7f0000000100), 0xfffffd9d)
sendfile(r4, r5, 0x0, 0x8000002b)
accept$unix(r0, &(0x7f00000000c0), &(0x7f0000000140)=0x6e)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x9e)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x6000009, 0x10, r3, 0x0)
openat(r5, &(0x7f0000000000)='./bus\x00', 0x0, 0x114)
r6 = gettid()
tkill(r6, 0x20000b)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0xeee141d97fdc3b1c, 0x8010, 0xffffffffffffffff, 0x0)
shmctl$IPC_STAT(r2, 0x2, &(0x7f0000000200)=""/17)
shmctl$IPC_RMID(0x0, 0x0)
shmget$private(0x0, 0x4000, 0x0, &(0x7f000069f000/0x4000)=nil)
mlock2(&(0x7f0000048000/0x2000)=nil, 0x2000, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.throttle.io_service_bytes_recursive\x00', 0x275a, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)

17.128060251s ago: executing program 1 (id=2298):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000001dc0)=ANY=[@ANYBLOB="1800"/15], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10)
unshare(0x2a000600)
r1 = accept$alg(0xffffffffffffffff, 0x0, 0x0)
setsockopt(r1, 0x5, 0x7, &(0x7f0000000140)="8e0fd0baefb4fb03f74881eb2216e6ee3ea71d378e4d2c288897dcb12ab2fc0ed2d240c894f0c87f5c7509527a21d4c335b45d6daae989d39d1ab1a65f1e1b52bc00761de85d09744d89811a27a3bc9799c2b6ec29412a1236f9bd500c37b5ea9c944100a321d434", 0x68)
mmap(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0xa, 0x11, r0, 0x98d0d000)
r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000940)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRESHEX=r1, @ANYRES16=r0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00'/28], 0xe)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xe, 0x10, &(0x7f0000000740)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000020000006b8a00fe00000000c7080000010000007b8af0ff00000000bda100000000000007000000f8ffffffbfa400000000000007040000f0ffffffb7020000080000fa18230000", @ANYRES32=<r3=>r2, @ANYBLOB="0000000000000000b704000008000000850000001a00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000700)={r2, 0x58, &(0x7f00000007c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r4=>0x0}}, 0x10)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x1f, 0xd, &(0x7f0000000840)=ANY=[@ANYRESOCT=0x0, @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff000010000000b803000008000079b7040000000000008500000003000000850000000f000000f6"], &(0x7f00000006c0)='GPL\x00', 0xd67, 0x0, 0x0, 0x0, 0x25, '\x00', r4, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r5}, 0x10)
socket$inet6_tcp(0xa, 0x1, 0x0)
r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x440100, 0x0)
ioctl$KDFONTOP_GET(r6, 0x4b72, &(0x7f0000000100)={0x1, 0x1, 0x2, 0x7, 0x1fc, &(0x7f00000002c0)})
syz_io_uring_setup(0x5c23, &(0x7f0000000240)={0x0, 0xfba6, 0x2, 0xfffffffe, 0x0, 0x0, r0}, 0x0, 0x0)

17.127751658s ago: executing program 1 (id=2299):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NBD_CMD_CONNECT(r1, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f0000001a00)={0x38, r2, 0x1, 0x0, 0x0, {}, [@NBD_ATTR_CLIENT_FLAGS={0xc, 0x6, 0x1}, @NBD_ATTR_SIZE_BYTES={0xc}, @NBD_ATTR_SOCKETS={0x4}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x38}}, 0x0)
sendmsg$NBD_CMD_RECONFIGURE(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x1c, r2, 0x181, 0x0, 0x0, {0x2}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x1c}}, 0x0)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000040)="1400000016000b63d25a80648c2594f913", 0x11}], 0x1}, 0x0)
r4 = openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000000280)='/proc/sys/net/ipv4/tcp_rmem\x00', 0x1, 0x0)
write$tcp_mem(r4, &(0x7f0000000300)={0x6, 0x20, 0x1, 0x20, 0xce}, 0x48)
sendmsg$NLBL_CIPSOV4_C_ADD(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000040)=ANY=[], 0x34}}, 0x0)

17.0487137s ago: executing program 1 (id=2300):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000040)=@framed, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
socket$inet6_sctp(0xa, 0x1, 0x84)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r1, 0xae03, 0xea)
socket$packet(0x11, 0x3, 0x300)
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
futex(0x0, 0xc, 0x1, 0x0, &(0x7f0000000080), 0x0)
r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/route\x00')
preadv(r2, &(0x7f0000000280)=[{&(0x7f0000000000)=""/142, 0x8e}], 0x1, 0xffffffff, 0x800)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB="18000000000000000000000000ed000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r3}, 0x10)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000380), r4)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_802154(r6, 0x8933, &(0x7f0000000340)={'wpan1\x00', <r7=>0x0})
sendmsg$IEEE802154_LLSEC_ADD_DEV(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)={0x50, r5, 0x852dd6c070cd7e4d, 0x0, 0x0, {}, [@IEEE802154_ATTR_LLSEC_FRAME_COUNTER={0x8}, @IEEE802154_ATTR_LLSEC_DEV_OVERRIDE={0x5}, @IEEE802154_ATTR_HW_ADDR={0xc}, @IEEE802154_ATTR_LLSEC_DEV_KEY_MODE={0x5}, @IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r7}, @IEEE802154_ATTR_PAN_ID={0x6}, @IEEE802154_ATTR_SHORT_ADDR={0x6}]}, 0x50}, 0x4, 0x700000000000000}, 0x0)
r8 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x18, 0x4, &(0x7f00000003c0)=ANY=[@ANYBLOB="b4000000000b00007910000000000000c310000401000000950074000000000031fb0d3a42319fa204399d17d34e075fdcda533ab1aa71ab1d764152e63925789381db3fe455e8dadc7dcf81189517730bed5d8036168bd2e27cc611027d29066927603deb92de3141e8ed7ac5b8902070213cdfdc506c4890cdeb50347c32060581172b94c6ba22a2b58eb6cbad46ed6e7964a2ba103b0b36f790bb41931f9a3d4dd127c1b4e49f7468f5e623950c4f67581c92ef9e7e8ece17d566c93a114d68c577d694b9844e0d9e306404cfc3bfbead9e1b96c6a6cb639bca6d"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='fscache_access_volume\x00', r8}, 0x10)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x101091, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000300)='./file0/../file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x891012, 0x0)
fadvise64(r2, 0x7fff, 0x7, 0x6)
r9 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r9, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r9, 0x84, 0x6f, &(0x7f0000000000)={<r10=>0x0, 0x1c, &(0x7f00000000c0)=[@in6={0xa, 0x0, 0x0, @private2}]}, &(0x7f0000000180)=0x10)
r11 = socket$inet_sctp(0x2, 0x0, 0x84)
getsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r11, 0x84, 0x22, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, r10}, &(0x7f0000000140)=0x10)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x3, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x61, 0x10, 0x8c}, [@ldst={0x3, 0x0, 0x3}], {0x95, 0x0, 0xc00}}, &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x5, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x1f2, 0x10, &(0x7f0000000000), 0xfffffe51, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)

16.888795625s ago: executing program 1 (id=2301):
r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f00000003c0)={0x1, @pix={0x6, 0x2, 0x36314d59, 0x5, 0xe, 0xd, 0x4, 0xf5e4, 0x0, 0x0, 0x1, 0x2}}) (fail_nth: 1)

16.888638072s ago: executing program 1 (id=2302):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x10000001, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
socket(0x0, 0x0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_int(r1, 0x29, 0x21, 0x0, 0x0)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
connect$inet6(r2, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r2, 0x84, 0x76, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'wlan0\x00'})
sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, 0x0, 0x0)
getpid()
r3 = dup2(r1, r1)
landlock_restrict_self(r3, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="07000000040000001800000042a0000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000000000000000930000000000000000feffffff7f00000000"], 0x50)

16.833955221s ago: executing program 34 (id=2302):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x10000001, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
socket(0x0, 0x0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_int(r1, 0x29, 0x21, 0x0, 0x0)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
connect$inet6(r2, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r2, 0x84, 0x76, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'wlan0\x00'})
sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, 0x0, 0x0)
getpid()
r3 = dup2(r1, r1)
landlock_restrict_self(r3, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="07000000040000001800000042a0000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000000000000000930000000000000000feffffff7f00000000"], 0x50)

4.84505854s ago: executing program 6 (id=2359):
sched_setscheduler(0x0, 0x1, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000080000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000014000000b7030000000040008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r3}, 0x10)
sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000300)=@newtaction={0xe6c, 0x30, 0x25, 0x0, 0x0, {}, [{0xe58, 0x1, [@m_pedit={0xe54, 0x1, 0x0, 0x0, {{0xa}, {0xe28, 0x2, 0x0, 0x1, [@TCA_PEDIT_KEYS_EX={0x4}, @TCA_PEDIT_PARMS_EX={0xe20, 0x4, {{{}, 0x2}, [{}, {}, {}, {}, {}, {}, {}, {0x0, 0x800}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x10}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0xfffffffe}, {}, {}, {}, {}, {0x0, 0x0, 0x20000000}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0xfffffffe}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, {0x0, 0x0, 0x0, 0x0, 0x2}, {}, {}, {0x8}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x8}], [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x5}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x2}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x4}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}]}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xe6c}}, 0x0)
socket$inet6_udplite(0xa, 0x2, 0x88)
lgetxattr(&(0x7f0000000200)='./file0\x00', &(0x7f0000000280)=ANY=[], 0x0, 0x0)
r4 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000001280), 0x8801, 0x0)
io_setup(0x3, &(0x7f00000003c0)=<r5=>0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r6}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
stat(&(0x7f0000000280)='./file0\x00', &(0x7f0000001180)={0x0, 0x0, 0x0, 0x0, <r7=>0x0})
mount$overlay(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0), 0x1000, &(0x7f0000001200)={[{@default_permissions}, {@redirect_dir_nofollow}, {@userxattr}, {@redirect_dir_nofollow}, {@lowerdir={'lowerdir', 0x3d, './file0/file0'}}], [{@uid_eq={'uid', 0x3d, r7}}]})
modify_ldt$write(0x1, 0x0, 0x0)
io_submit(r5, 0x1, &(0x7f0000000000)=[0x0])
write$rfkill(r4, &(0x7f0000000080)={0x0, 0x0, 0x3, 0x1}, 0x8)

4.398592269s ago: executing program 4 (id=2364):
mkdir(&(0x7f0000000280)='./file0\x00', 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f000000b380)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr(serpent)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0)
r1 = accept$alg(r0, 0x0, 0x0)
recvmmsg(r1, &(0x7f0000008ec0)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000100)=""/207, 0xb3c4}], 0x1}}], 0x1, 0x0, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='freezer.self_freezing\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000080), 0x208e24b)
sendmmsg$alg(r1, &(0x7f00000049c0)=[{0x0, 0x0, &(0x7f0000000800)=[{&(0x7f00000000c0)="f3be27c112ab645ac1dabef5f7", 0xd}], 0x1, 0x0, 0x0, 0x24000000}], 0x1, 0x80)
sendfile(r1, r2, 0x0, 0xb3c4)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000100)={0x3})
r3 = syz_open_pts(0xffffffffffffffff, 0x0)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000180)=0x2)
r4 = socket(0x200000100000011, 0x3, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f00000005c0)={'gre0\x00', <r6=>0x0})
r7 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r7, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r7, 0xc04064a0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)=[<r8=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_ATOMIC(0xffffffffffffffff, 0xc03864bc, &(0x7f0000000500)={0x200, 0x1, &(0x7f0000000200)=[r8], &(0x7f00000000c0), 0x0, 0x0, 0x0, 0x80000000000000})
r9 = fsopen(&(0x7f0000000040)='nfsd\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r9, 0x6, 0x0, 0x0, 0x3)
bind$packet(r4, &(0x7f0000000180)={0x11, 0x0, r6, 0x1, 0x0, 0x6, @random="4e84e5679f60"}, 0x14)
setsockopt$packet_int(r4, 0x107, 0xf, &(0x7f00000003c0)=0x1e9, 0x4)
sendmsg$netlink(r4, &(0x7f0000002ac0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)=ANY=[@ANYBLOB="0201140088dc19000e000002ad000114000000840600ac141420e0010001808a8972bd0b72e410820c520f0688097dea4c3511f6567f7219891727af628d6d00621adfe968fad5d78d003c981e9878a798"], 0xdd12}], 0x1}, 0x0)
timer_create(0x2, 0x0, &(0x7f0000000100))
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}}, 0x0)
timer_delete(0x0)
socket$netlink(0x10, 0x3, 0x0)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000240), &(0x7f00000001c0)=0xc)

4.188061885s ago: executing program 4 (id=2365):
openat$dlm_control(0xffffffffffffff9c, 0x0, 0x0, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
socket(0x0, 0x0, 0x0)
r2 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @local, 0x4}, 0x1c)
sendmsg(r2, &(0x7f00000000c0)={0x0, 0x9504, &(0x7f0000000100)=[{&(0x7f0000000000)="2b10", 0xffbd}], 0x1, 0x0, 0x0, 0x2c}, 0x4)
syz_socket_connect_nvme_tcp()
ioctl$FS_IOC_READ_VERITY_METADATA(r0, 0xc0286687, &(0x7f0000000180)={0x2, 0x7, 0xd1, &(0x7f0000000340)=""/209})
ioctl$int_in(r2, 0x5452, &(0x7f0000000040)=0x5)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000004c0)={0x20, r4, 0x1, 0x70bd27, 0x25dfdbfc, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x10}, 0x24000000)
ppoll(&(0x7f0000000080)=[{r2}], 0x1, &(0x7f0000000240), 0x0, 0x0)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x17)
mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil)
r5 = socket$kcm(0x29, 0x5, 0x0)
write$cgroup_pressure(r5, &(0x7f0000000140)={'full'}, 0xfffffdef)

3.827570557s ago: executing program 0 (id=2367):
syz_emit_ethernet(0x46, &(0x7f0000000ac0)=ANY=[@ANYBLOB="ffffffffffffaaaaaaaaaa0100000001000000102c00fe8000000000000000000000000000aafe8000000000000000000000000000aa00000000000000f40402000000000000"], 0x0)
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000001740), 0x101042, 0x0)
ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000100))
ioctl$PPPIOCSACTIVE(r0, 0x40107446, &(0x7f0000000080)={0x1, &(0x7f0000000000)=[{0x6}]})
write$ppp(r0, &(0x7f0000000140)="1627", 0x2)
sendmsg$IPSET_CMD_DESTROY(0xffffffffffffffff, 0x0, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
socket$inet(0x2, 0x0, 0x84)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x2, 0x4, 0x6, 0x504, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000), &(0x7f0000000200), 0xa7c, r1}, 0x38)
r2 = socket$packet(0x11, 0x3, 0x300)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000000)={'wlan1\x00', <r5=>0x0})
r6 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendto$inet6(r6, &(0x7f0000000200)="18", 0x1, 0x0, &(0x7f0000000000)={0xa, 0x0, 0x0, @rand_addr=' \x01\x00'}, 0x1c)
shutdown(r6, 0x1)
ioctl$FS_IOC_SETVERSION(0xffffffffffffffff, 0x40087602, 0x0)
syz_genetlink_get_family_id$devlink(0x0, 0xffffffffffffffff)
sendmsg$sock(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWFLOWTABLE={0x58, 0x16, 0xa, 0x1, 0x0, 0x0, {0x1}, [@NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0x2c, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8}, @NFTA_FLOWTABLE_HOOK_DEVS={0x18, 0x3, 0x0, 0x1, [{0x14, 0x1, 'veth0_to_hsr\x00'}]}]}]}, @NFT_MSG_DELFLOWTABLE={0x50, 0x16, 0xa, 0x101, 0xb00, 0x0, {0x1}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0x1c, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_DEVS={0x18, 0x3, 0x0, 0x1, [{0x14, 0x1, 'veth0_to_hsr\x00'}]}]}, @NFTA_FLOWTABLE_FLAGS={0x8, 0x7, 0x1, 0x0, 0x1}]}], {0x14, 0x10}}, 0xf0}}, 0x0)
sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000100)=ANY=[@ANYBLOB="98030000", @ANYRES16=r4, @ANYBLOB="010028057000fcdbdf253b00000008000300", @ANYRES32=r5, @ANYBLOB="04008e00080057001b0a000004006c000500190107000000080026006c0900005603330080b0c000ffffffffffff080211000001"], 0x398}}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)

3.827226392s ago: executing program 6 (id=2368):
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r0, 0x8914, &(0x7f0000000900)={'bridge0\x00', @remote})
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=@framed={{}, [@printk={@p, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x83000000}, {0x85, 0x0, 0x0, 0x71}}]}, &(0x7f0000000200)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040))
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000000c0)=0xf)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$TCFLSH(r3, 0x400455c8, 0x0)
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r4, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6)
syz_emit_ethernet(0x66, &(0x7f0000000340)={@random="0f539af21094", @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "1200b0", 0x30, 0x3a, 0x0, @empty, @mcast2, {[], @dest_unreach={0x4, 0x0, 0x0, 0x1, '\x00', {0x0, 0x6, '\x00', 0x0, 0x2c, 0x0, @private1, @mcast1}}}}}}}, 0x0)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
syz_genetlink_get_family_id$l2tp(&(0x7f0000000140), 0xffffffffffffffff)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000b40))
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r8=>0x0})
syz_genetlink_get_family_id$mptcp(0x0, 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_SUBFLOW_CREATE(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r7, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r8}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x28, r7, 0x5, 0x2, 0x0, {{}, {@val={0x8, 0x3, r8}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}]}, 0x28}}, 0x0)
write$UHID_CREATE2(r5, &(0x7f00000001c0)=ANY=[@ANYBLOB='='], 0x118)
mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x5, 0x12, r5, 0x0)
ioctl$GIO_UNISCRNMAP(r2, 0x4b69, &(0x7f0000000240)=""/205)
write$binfmt_misc(r4, &(0x7f0000000000), 0x6)

3.606026799s ago: executing program 0 (id=2369):
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000002640), 0x0)
ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT(r0, 0xc0bc5351, &(0x7f0000002680)={0xffffff7f, 0x2, 'client1\x00', 0x0, "2245941080736c1d", "db7895b88a8cfee74a15e0c3d0a55a5cb7f822ac34a3a29d6da58b5d00001000"})
r1 = socket(0x11, 0x800000003, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000600))
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000dc0)=@newqdisc={0x34, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x12, 0x0, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x4}}]}, 0x34}}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_SET_MESH_CONFIG(r2, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000140)={&(0x7f0000000300)=ANY=[@ANYBLOB="34000000d1879cf1d89123770cfebcf9a5c356e9c03ab19d0d8d26f5b0e97768c8e5aa15a51d8375cbbb33df230b717b06b92399", @ANYRES16=0x0, @ANYBLOB="00012cbd7000ffdbdf251d00000008000300", @ANYRES32=r3, @ANYBLOB="0c009900810000000d0000000c00238006001b0061000000"], 0x34}, 0x1, 0x0, 0x0, 0x800}, 0x40000)
socket$inet_udp(0x2, 0x2, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4400ae8f, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000feffff10850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101, @void, @value}, 0x94)
r5 = creat(&(0x7f00000001c0)='./file0\x00', 0x0)
pwritev(r5, &(0x7f0000000380)=[{&(0x7f0000000280)="ff701003c259632e80399c32186b4ca8b8fb00d3b22567b69c3ce1517527887f4b19d1561a11e91bf7ff3f14ed2eb571c61dffbdbe6e02acee98", 0x3a}, {&(0x7f0000000500)="24990a", 0x3}], 0x2, 0xc2, 0x2006)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000012c0)={r4, 0x0, 0x30, 0xe1515f8735398fb, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000002c0)=[0xff, 0x452], 0x0, 0x0, 0x2, 0x1}}, 0x40)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f00000000c0)=0x15)
io_setup(0x8, &(0x7f0000004200)=<r6=>0x0)
r7 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
io_submit(r6, 0x1, &(0x7f0000004540)=[&(0x7f0000004280)={0x0, 0x0, 0x0, 0x0, 0x0, r7, 0x0}])
io_setup(0x6, &(0x7f0000000040))
r8 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCSETSW(r8, 0x5403, &(0x7f0000000080)={0xfffffffc, 0x0, 0x8251, 0x3, 0x4, "7e12105588e633bbb1df022dace17a32d211ee"})
r9 = getpid()
r10 = getpid()
kcmp(r9, r10, 0xa1b9a111c5d79193, 0xffffffffffffffff, 0xffffffffffffffff)
ioctl$TIOCL_GETMOUSEREPORTING(r8, 0x5412, &(0x7f00000006c0)=0x2)
ioctl$KVM_SET_IRQCHIP(0xffffffffffffffff, 0x8208ae63, 0x0)
r11 = landlock_create_ruleset(&(0x7f00000002c0)={0x2001}, 0x10, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f00000000c0))
brk(0x0)
landlock_restrict_self(r11, 0x0)

3.426718543s ago: executing program 0 (id=2370):
syz_80211_inject_frame(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="8000000008021100000108"], 0x36)
ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f00000006c0)={0x0, 0x200, 0x0, {0x0, 0x1}, {0x49, 0x2}, @period={0x0, 0x0, 0x10, 0x0, 0x1, {0x0, 0x0, 0x40}, 0x0, 0x0}})
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
rt_sigaction(0x19, &(0x7f0000000000)={0xfffffffffffffffc, 0x44000006, 0x0}, 0x0, 0x8, &(0x7f0000000440))
r0 = memfd_create(&(0x7f00000006c0)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\xf2\xed\x04\x00\x00\x00\xd4N\x12\x9b\x1f\t\xd1Z+\x86T\x16\xf8\x01\x00\x00\x00\x9f+\x8d!\x0fG\xab\xc2\xdc\xa3\xb3\xae8\x9f9?\xefo\xa4k\x01\xb2>\xa1\x9c\x86xm\xe6\x9bZ4\x91\x1a\xdb\xdd\x89\xb9\xc0LF;\xd6\x84\x195\x06\x00\x00\x00~\xf3S\x12\"p^\xc1jP\x8a\xc6[\xbd\xe7q]\xdd\r\x1aZS\x01*\x1b\xfd\xbcMA\xdcq\xa1\x00\xb3\xf9\x91r\x7f\xdc\xf1\xc3G,\xdb\xccS\x15\x95b\x17\xab\xe4?\x96\x95\xa4kP\x99YO\xb8V\xd5p\x90X\xaaf', 0x0)
fallocate(r0, 0x0, 0x400000000000000, 0x7)
r1 = syz_open_dev$evdev(&(0x7f0000000000), 0x1, 0x8c2b01)
write$char_usb(r1, &(0x7f0000000040)="e2", 0x12d8)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)
mincore(&(0x7f0000000000/0x800000)=nil, 0x800000, &(0x7f0000000000)=""/188)
r2 = socket$inet_sctp(0x2, 0x1, 0x84)
getresgid(&(0x7f0000000040), &(0x7f0000000180), &(0x7f00000016c0))
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r2, 0x84, 0x25, &(0x7f0000000080)=[@in={0x2, 0x0, @dev}], 0xffe2)
syz_80211_inject_frame(&(0x7f0000000000)=@broadcast, &(0x7f0000000140)=@mgmt_frame=@action_no_ack={{{0x0, 0x0, 0xe, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1}, {0x8}, @device_a, @device_b, @from_mac}, @tdls_teardown={0xc, 0x3, {0x24, {0x37, 0x9c, {0x1, 0x3, "a0be17440110693a8c3b8c3e8f8da7e3", "2488449f2f064312714438780e2be01446c93989f420f64fd55ceccaa21e9947", "1fd10776c33252c0e96a94a8ac407486aae4274ddc355acf268c4d6816ffdd12", [{0x1, 0x1, '4'}, {0x2, 0x1c, "406adb4308546bc6d05d67c4a4512c096f5f2dc3e8cc7e90806c5865"}, {0x4, 0x27, "b22c2f622737784b53984cfbb120b2d3850eb025701f1e61561a02b94929f36b99ca54d69db242"}]}}, {0x65, 0x12, {@initial, @device_a, @broadcast}}}}}, 0xce)

3.226935317s ago: executing program 4 (id=2371):
syz_open_dev$vbi(&(0x7f0000000080), 0x1, 0x2) (async)
syz_open_dev$vbi(&(0x7f0000000080), 0x1, 0x2)
socket$nl_generic(0x10, 0x3, 0x10) (async)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000001200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000000)={'wlan1\x00', <r2=>0x0})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x1, &(0x7f0000000200)=0x6)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB='(\x00\x00', @ANYBLOB="01030000000000000000320000000c009900000000001200000005001c01"], 0x28}}, 0x0) (async)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB='(\x00\x00', @ANYBLOB="01030000000000000000320000000c009900000000001200000005001c01"], 0x28}}, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
sendmsg$key(0xffffffffffffffff, 0x0, 0x0) (async)
sendmsg$key(0xffffffffffffffff, 0x0, 0x0)
bind$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
r4 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000007c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="9feb0100180000e0ffffffff63000000640000000a000000030000000500000f0100000004000000010000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000081000000000108000000000000000000000000000000000000032a0800000061305f2e000000549a60f31197c07e"], 0x0, 0x86, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x4801}) (async)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x4801})
ioctl$KVM_PPC_ALLOCATE_HTAB(r4, 0xc004aea7, &(0x7f0000000280))
r5 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r6 = dup(r5)
write$UHID_INPUT(r6, &(0x7f0000001040)={0xe, {"a2e3ad099b0d09f91b5e090987f70e06d038e7ff7fc6e5539b0d3d0e8b089b3f323063090810e0879b0f0ac6e70a9b334d959b669a240d5b0af3988f7ef31952010affe8d178708c523c921b1b5b07070d075b0936cd3b78130daa61d8e81a0000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b7638354a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130bb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f19d684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a4f0492d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb9754fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94e7475cb74642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd72ea4998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5ff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b50517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864af090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d885b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1a85ae7e69fd1a47a284f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdc020000002d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c2e14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec685f068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1000}}, 0x1006)
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) (async)
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
dup(r7) (async)
r8 = dup(r7)
ioctl$KVM_SET_MSRS(r8, 0xae00, 0x0)
sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x2c, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="1778b61f7426a1d7b0afd90ca29819287653ed252b272bc60e67836396db858ae1b16cc363f77a9b238ae6b67919ebf4249a75040683e0129fe8b5ba973ae0edbb5a1fa7f3d058e5d159cb84d240979a7632a727f60017b25c9bdcf1f406b758e9ec295fa5c5ca80cc6b9fbc35543766795f028487af7db47e32bc920b11892fee7bce1eb7f6be9b8382b1871965124efcb23c23ccbe82d5b4f40f0ec74204c818a7ba3e5bd8a07870de6456764e4f9d92f0642302b4c388e5ebf3674d2dff1f08718dde979e70cb16cbd8ded6ebcfe0680b7ebd0b3d50ca54", @ANYRES16=r1, @ANYBLOB="050000000000000000000f00000008000300", @ANYRES32=r2, @ANYBLOB="3c000e0080000000080211000000ffffffffffff50505050505000000000000000000000640000002a0100720603030303030371078000000000000008000c006400000008000d000000000008007e0000000000"], 0x70}}, 0x0)

3.068181067s ago: executing program 4 (id=2372):
syz_init_net_socket$rose(0xb, 0x5, 0x0)
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000040)=0x200, 0x4)
write$UHID_CREATE(0xffffffffffffffff, &(0x7f00000002c0)={0x0, {'syz0\x00', 'syz0\x00', 'syz1\x00', &(0x7f0000000540)=""/32, 0x20}}, 0x120)
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000180)=ANY=[@ANYBLOB="1201000000000040341a02080000000000010902"], 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
futex(&(0x7f000000cffc), 0x0, 0x0, 0x0, 0x0, 0x0)
futex(&(0x7f000000cffc), 0x0, 0x0, 0x0, 0x0, 0x0)
futex(&(0x7f000000cffc), 0x3, 0x801, 0x0, &(0x7f0000000040), 0x0)
mlock2(&(0x7f0000ff5000/0x9000)=nil, 0x9000, 0x0)
mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x5000000, 0x3, &(0x7f0000ffd000/0x1000)=nil)
mlock2(&(0x7f0000ff8000/0x2000)=nil, 0x2000, 0x0)
mincore(&(0x7f0000ff5000/0x4000)=nil, 0x4000, 0x0)

3.057960423s ago: executing program 5 (id=2373):
r0 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x7)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000080)=0xe2)
r1 = syz_open_procfs$userns(0x0, &(0x7f0000000040))
fsetxattr$system_posix_acl(r1, &(0x7f00000000c0)='system.posix_acl_default\x00', 0x0, 0x0, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000240)='net/raw\x00')
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
r3 = openat$6lowpan_control(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$FS_IOC_FSSETXATTR(r3, 0x401c5820, &(0x7f0000000200)={0xe, 0x0, 0x5, 0x7f, 0x9})
write$6lowpan_control(r3, &(0x7f00000001c0)='connect aa:aa:aa:aa:aa:11 1', 0x1b)
r4 = openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VIDIOC_SUBSCRIBE_EVENT(r4, 0x4020565a, &(0x7f0000000040)={0x0, 0x7fffffff, 0x1})
r5 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$SO_TIMESTAMP(r5, 0x1, 0x40, &(0x7f0000000100), &(0x7f0000000140)=0x4)

2.888538872s ago: executing program 5 (id=2374):
prlimit64(0x0, 0xe, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000feffff10850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = getpid()
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000012c0)={r0, 0x0, 0x30, 0xe1515f8735398fb, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000002c0)=[0x45c], 0x0, 0x0, 0x1, 0x1, r1}}, 0x3c)
sched_setscheduler(r1, 0x5, 0x0)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
recvmmsg(r3, 0x0, 0x0, 0x2, 0x0)
ioctl$sock_SIOCGIFCONF(r3, 0x8912, &(0x7f0000000100))

2.888174434s ago: executing program 0 (id=2375):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x11, 0x3, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xffffff7d, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = socket$pppl2tp(0x18, 0x1, 0x1)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r2, &(0x7f0000000000)={0xa, 0x3, 0x0, @local, 0x3}, 0x1c)
connect$pppl2tp(r1, &(0x7f00000002c0)=@pppol2tpin6={0x18, 0x1, {0x0, r2, 0x8, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @rand_addr=' \x01\x00'}}}, 0x32)
writev(r1, &(0x7f0000000180)=[{0x0}], 0x1)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
fsopen(0x0, 0x0)
pipe(&(0x7f0000000200))
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000003c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r3 = getpid()
sched_setscheduler(r3, 0x1, &(0x7f0000000100)=0x5)
openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
r5 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r7, &(0x7f00000bd000), 0x1a9, 0x0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r5, @ANYBLOB=',wfdno=', @ANYRESHEX=r7])
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x0, 0x0)
r8 = socket$nl_route(0x10, 0x3, 0x0)
r9 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="4c00000010004b0422", @ANYRES32=0x0, @ANYBLOB="00000000000000002c0012800b00010062726964676500001c000280080004000000"], 0x4c}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), r9)

2.758216491s ago: executing program 5 (id=2376):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
fsopen(&(0x7f0000000040)='bdev\x00', 0x0)
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
syz_genetlink_get_family_id$nfc(0x0, 0xffffffffffffffff)
syz_emit_ethernet(0x7f, &(0x7f0000000300)=ANY=[@ANYBLOB="ffffffffffff00230000000086dd60f2a40000492f00fe880000000000000000000000000001fe8000000000000000000000000000aa342088be0005000054812cbd3b00000800000086dd430588be00000000100000000100000000000000080022eb00000000200000000200000000000000000000000800655800000000"], 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000280)=<r4=>0x0)
sched_setaffinity(r4, 0x8, &(0x7f0000000240)=0x1004)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
times(&(0x7f00000001c0))
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$netlink(r5, &(0x7f0000001f80)={0x0, 0x0, &(0x7f0000001f00)=[{&(0x7f0000002840)=ANY=[@ANYBLOB="140000002700133300000000000000"], 0x14}], 0x1}, 0x0)
syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
mknod$loop(&(0x7f0000000000)='./file0\x00', 0x8, 0x1)
r6 = socket$kcm(0x2, 0x200000000000001, 0x106)
sendmsg$inet(r6, &(0x7f0000000240)={&(0x7f0000000140)={0x2, 0x4001, @local}, 0x10, 0x0}, 0x30004001)
close(r6)
sendto$inet6(r0, 0x0, 0x0, 0x200008d4, &(0x7f000072e000)={0xa, 0x4e22, 0x0, @loopback}, 0x1c)
setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f0000000280)=ANY=[], 0x8)
r7 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x1822b7d49c4abb7e, &(0x7f0000000040)=0x6, 0x4)
sendmsg$nl_route(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c0000001900010000000000000000100a000000000300020000"], 0x1c}}, 0x0)

2.018619934s ago: executing program 0 (id=2377):
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$TCFLSH(r1, 0x400455c8, 0x4)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000040)=0x33)
setsockopt$IP_VS_SO_SET_STARTDAEMON(r0, 0x0, 0x48b, &(0x7f00000000c0)={0x2, 'veth1_macvtap\x00'}, 0x18)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000005e00))
r2 = openat$audio(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$SNDCTL_DSP_RESET(r2, 0x80044dff, 0x1000000000000)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="18000000000000000000000000000000181100", @ANYRES32=r3, @ANYBLOB], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000004c0)={r4, 0xfca804a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
socket$nl_route(0x10, 0x3, 0x0)
r5 = open(&(0x7f0000000400)='./file1/file0\x00', 0x2, 0x0)
getsockname$packet(r5, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
io_uring_setup(0x35cd, &(0x7f0000000180))
r6 = socket$inet6(0xa, 0x6, 0x0)
bind$inet6(r6, &(0x7f0000000000)={0xa, 0x4e20}, 0x1c)
socket$inet_dccp(0x2, 0x6, 0x0)
close(0xffffffffffffffff)
memfd_secret(0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x13, 0xb, 0x0, &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
socket$inet6(0xa, 0x3, 0x7)
mount$fuse(0x0, 0x0, 0x0, 0x0, 0x0)
syz_open_dev$loop(0x0, 0x0, 0x4a202)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0x11, &(0x7f00000002c0)={0x10000, 0x100008e}, 0x0)
getpgid(0x0)

1.855245195s ago: executing program 5 (id=2378):
getpid()
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
openat$udambuf(0xffffffffffffff9c, &(0x7f0000000140), 0x2)
memfd_create(&(0x7f0000000340)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\x008\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf8\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xd9\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00', 0x3)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f00000003c0)=ANY=[@ANYBLOB="b702000000000000bfa300000000000007030000fdfdfff67a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040000010000400404000001000000b7050000020000006a0a00fe00000000850000000b000000b70000000000000095000000000000009cc6b3fcd62c7d376238975d43a4505f80fc88943c4f0cf08e467b592f868ee30a0e8c1bf176db2a6b2feb4b6fd3d5707bfd2d84aaa3b1d4e984c46ea7e2a447a36f5662403e1b2be4cc7c2683908a0d411a9872971c7c56f0979bd10b97163c1d6d0e196bf02f46e8953ab1abda45cbe8d0d26b5069f8a98f7dc8f76b74635fc9f9de9ca3c00cb9bf4e418d07fa22f0610a70f2bdf4000000000000b0c2940dd8e263aa743f7555193161f45346b1004006000000e1ffff8816326d7d35c32aac1c7d5b5be399f6609876b5887437a172fbc02a74067529194e533583412dff048f0000000000000000b2728a04816cfb851cd364ff19ffcafe3e64be033c9d2f002cc93c1c13caec04a347383420336bec88c24a9fb6a6991ddb737d527d6acb15426415b6e8b14fdfa2c6e94bd0339454c13ad30000000000000003626165866c154e2514890000b515a1000000000000000eb2e9c15b6c8f6198282d0086fa0000c2ccf3f6d69cfcf1e15ea7a9e57aee78e12ace55736fa42811654e19a7e9b531636794a718b4766d744263b6681da2b2204d848619a3eb62e77460c048df8e72bfe31438163ec4270439b350274e5aa941bfc32ce08e3790dfb0c59bbe45cd27264669c187eed6d67b3be191137814bcb226b2078a1bc45502705d538d8723113445b08b0ac8dc2dfa17fd79ed5fd33b14b0adabf72df024dcde1ef330b927ce1a80474ce4f99a292c71456ec1abbfbb61dc9f0f71395a1751d35fa1"], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r3, 0xffff0000, 0xb00, 0x0, &(0x7f0000001a40)="2b206d074843b397737ea49da2aa", 0x0, 0xf000, 0x720e, 0x0, 0x0, 0x0, 0x0}, 0x48)
syz_emit_ethernet(0x36, &(0x7f0000000000)={@random="53df2b456239", @remote, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x88, 0x0, @empty, @broadcast}, @timestamp_reply={0xe, 0x0, 0x0, 0x4, 0x1000}}}}}, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
sendmsg$TIPC_NL_LINK_GET(0xffffffffffffffff, &(0x7f0000000900)={&(0x7f0000000680)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000a80)={0x1ac, 0x0, 0x400, 0x70bd28, 0x25dfdbfe, {}, [@TIPC_NLA_NODE={0x4}, @TIPC_NLA_BEARER={0x3c, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e22, 0x7b6e088, @local, 0x100}}, {0x14, 0x2, @in={0x2, 0x0, @remote}}}}]}, @TIPC_NLA_MEDIA={0x50, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_PROP={0x1c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x2}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}]}, @TIPC_NLA_MEDIA_PROP={0x24, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x2}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x81}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x2}]}, @TIPC_NLA_MEDIA_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0xca2}]}]}, @TIPC_NLA_BEARER={0x28, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_PROP={0x24, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x40}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x80}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1}]}]}, @TIPC_NLA_LINK={0x8c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x100}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1f}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xd1}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xa6}]}, @TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_MEDIA={0x54, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x2}]}, @TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_PROP={0x2c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x101}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x11}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x20}]}]}]}, 0x1ac}, 0x1, 0x0, 0x0, 0x4000}, 0x4040)
socket$netlink(0x10, 0x3, 0x0)
r4 = creat(&(0x7f0000000e00)='./file0\x00', 0x0)
setsockopt$inet6_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x29, 0x6, &(0x7f0000000140)={0x0, {{0x29, 0x0, 0x3e000000, @mcast1}}}, 0x88)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x18, 0x27, &(0x7f00000006c0)=ANY=[@ANYBLOB="b7080000000000007b8af8ff00000000b7080000020000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb702000008000000182300000c8f086c2f0c53dd908c631e2ac1fb404bd1f3b3d973ad9c2330b698799ecac7e1ea2f1b6d83d937090ec2864f56af8aeb9cdb66bd9685f914398bad0f40753628f61806777f958e952b72a6484078cf71021f802396d1d8674e39f9ae6fe8fe8495451130a6514f2f191f69135786c445cdc65fe0d32eaf1cd57f1760a4b2d848d1f3f123b4601acf66d5d793761ccfa76f8674f0b23c6d80d93a103ed505c8ed62872c34848d30d5e70dacadcb2ab7c03d5dc7e3a74119760c53ddc6982d85d4c8ab8e", @ANYRES32=r4, @ANYBLOB="0000000000000000b70500000800000085000000a500000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000060000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000045eb333385000000820000001800000000000000000000000100000005b00600f0ffffff850000002d0000003a70fefff0ffffff186400000a000000000000003f00000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000820000008500000084000000"], &(0x7f0000000440)='GPL\x00', 0x8001, 0x26, &(0x7f0000000480)=""/38, 0x41000, 0x5, '\x00', 0x0, 0x0, r4, 0x8, &(0x7f00000004c0)={0x8, 0x5}, 0x8, 0x10, &(0x7f0000000540)={0x5, 0x1, 0x6f, 0xd617}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1f, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000640)={&(0x7f0000000100)='bcache_alloc\x00', r5}, 0x10)
unshare(0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000a00)=ANY=[@ANYBLOB="1b00000000000000000000000001000000000000", @ANYRES32, @ANYBLOB="7f00"/19, @ANYRES32=0x0, @ANYRES32=r4, @ANYBLOB="00000000030000000100"/28], 0x48)
fadvise64(0xffffffffffffffff, 0x0, 0x0, 0x3)
syz_emit_ethernet(0x4a, &(0x7f0000000440)={@local, @dev, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x14, 0x6, 0x0, @remote, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}, {[], {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0)

1.629826253s ago: executing program 6 (id=2379):
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000300)=ANY=[], 0xfdef)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$TIPC_NL_KEY_SET(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000017000000400006"], 0x54}}, 0x0)
socket$kcm(0x11, 0x3, 0x0)
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x20001, 0x4)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', &(0x7f00000000c0)={0x0, 0x0, 0x3}, 0x65)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r2, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x33, 0x0, 0x0)
r3 = socket$inet6_dccp(0xa, 0x6, 0x0)
setsockopt$inet6_dccp_int(r3, 0x21, 0x6, &(0x7f0000000100)=0x5, 0x4)
r4 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, &(0x7f0000000100))
r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x5c, 0x0, &(0x7f0000000480)=[@transaction_sg={0x40486311, {0x3, 0x0, 0x0, 0x0, 0x30, 0x0, 0x0, 0x68, 0x18, &(0x7f00000003c0)={@ptr={0x70742a85, 0x1, &(0x7f0000000300)=""/136, 0x88, 0x2, 0xf}, @fda={0x66646185, 0x7, 0x0, 0x1f}, @fda={0x66646185, 0xa, 0x2, 0x400000000002b}}, &(0x7f0000000440)={0x0, 0x28, 0x48}}, 0x1000}, @dead_binder_done, @enter_looper], 0x0, 0x0, 0x0})
r7 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r7, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r7, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x0, 0xfffffffffffffffd})
mprotect(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200), 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000740)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
writev(r4, &(0x7f00000000c0)=[{&(0x7f0000000140)='2', 0x1}], 0x1)
set_mempolicy(0x2, &(0x7f0000000080)=0xfffffffffffffffd, 0x4)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r8 = socket$igmp6(0xa, 0x3, 0x2)
ioctl$sock_inet6_SIOCADDRT(r8, 0x890b, &(0x7f0000000000)={@loopback={0xfec0ffff00000000}, @loopback, @loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2})

1.167937503s ago: executing program 4 (id=2380):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
syz_io_uring_setup(0x239, 0x0, &(0x7f0000000180), &(0x7f00000001c0))
bpf$MAP_CREATE(0x0, &(0x7f0000000540)=ANY=[], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
madvise(&(0x7f0000000000/0x4000)=nil, 0xffffffffdfffffff, 0x1)
pipe(&(0x7f0000000040)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
write$P9_RGETLOCK(r2, &(0x7f00000002c0)=ANY=[], 0x200002e6)
fcntl$setpipe(r2, 0x407, 0x7000000)
r3 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0xc0803, 0x0)
ioctl$PPPIOCNEWUNIT(r3, 0xc004743e, &(0x7f00000000c0)=0x3)
creat(&(0x7f0000000040)='./file0\x00', 0x0)
ioctl$PPPIOCSMAXCID(0xffffffffffffffff, 0x40047451, &(0x7f0000000280)=0xffffffff)
munmap(&(0x7f0000002000/0x1000)=nil, 0x1000)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, &(0x7f00000002c0), 0x4)
r5 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r5, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c)
setsockopt$sock_int(r5, 0x1, 0x0, &(0x7f0000000000), 0x4)
recvmmsg(r5, &(0x7f0000008880), 0x45b, 0x44000102, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, 0x0, 0x0)

1.001279713s ago: executing program 5 (id=2381):
socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = gettid()
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$inet6_int(r2, 0x29, 0x10, &(0x7f0000000180), &(0x7f0000000440)=0x4)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r3 = syz_open_dev$sndpcmp(&(0x7f0000000000), 0x100000001, 0x44000)
ioctl$SNDRV_PCM_IOCTL_RESUME(r3, 0x4147, 0x0)
r4 = mq_open(&(0x7f000084dff0)='!selinuxselinux\x00', 0x6e93ebbbcc0884f2, 0x0, &(0x7f0000000100)={0xb6, 0x1, 0x7, 0xfffffffffffffffa})
mq_timedreceive(r4, &(0x7f0000000340)=""/221, 0xdd, 0x0, 0x0)
openat$userio(0xffffffffffffff9c, &(0x7f0000000080), 0x22242, 0x0)
syz_genetlink_get_family_id$devlink(&(0x7f0000000300), 0xffffffffffffffff)
r5 = creat(&(0x7f0000000300)='./file0\x00', 0x0)
write$FUSE_DIRENTPLUS(r5, &(0x7f0000000580)=ANY=[@ANYBLOB, @ANYRES64=0x0], 0xfdef)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$ethtool(&(0x7f0000002080), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_CHANNELS_SET(r6, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000480)=ANY=[@ANYBLOB="3400000f00", @ANYRES16=r7, @ANYBLOB="010000000000000000001000000018000180140002006e657464657673696d3000000000000008000800ff070000"], 0x34}}, 0x0)
mkdirat(r5, &(0x7f0000000040)='./file1\x00', 0xd4)
mount$afs(0x0, &(0x7f0000002840)='./file0\x00', &(0x7f0000002880), 0x0, &(0x7f0000000200)={[{@dyn}, {@flock_local}]})
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="5fd6efc0c6c5968bcfd39c17000000", @ANYRES32=0x1, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/27], 0x48)
r8 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r8, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r9}, 0x10)

568.28088ms ago: executing program 6 (id=2382):
r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0xc0041)
ppoll(&(0x7f0000000280)=[{r0, 0x5044}], 0x1, 0x0, 0x0, 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f00000083c0)={{0x1}})
mkdir(&(0x7f0000000440)='./file1\x00', 0xc)
mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x0, &(0x7f0000000300)='usrquota')
chdir(&(0x7f0000000100)='./file1\x00')
r1 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
quotactl_fd$Q_SETINFO(r1, 0xffffffff80000600, 0x0, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x3})
ioctl$SNDRV_TIMER_IOCTL_START(r0, 0x54a0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000400), 0x8a602, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f0000000240)='clear_refs\x00')
writev(r4, &(0x7f0000000780)=[{&(0x7f00000004c0)='4', 0x1}], 0x1)
r5 = socket(0x10, 0x3, 0x0)
r6 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f00000007c0)={0x0, 0x60, &(0x7f0000000240)={&(0x7f0000000540)=@newqdisc={0x38, 0x24, 0x3fe3aa0262d8c583, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hhf={{0x8}, {0xc, 0x2, [@TCA_HHF_BACKLOG_LIMIT={0x8, 0x1, 0x80000000}]}}]}, 0x38}}, 0x0)
r8 = openat$uinput(0xffffffffffffff9c, 0x0, 0x2, 0x0)
copy_file_range(r8, 0x0, r6, &(0x7f00000000c0)=0x3, 0x3, 0x0)
r9 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
preadv(r9, &(0x7f00000000c0)=[{&(0x7f0000000000)=""/142, 0x8e}], 0x1, 0x3, 0x7f)
r10 = gettid()
r11 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r12 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000001c0)='sched_process_wait\x00', r11}, 0x10)
r13 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r12}, 0x8)
close(r13)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000440)={r10, r13, 0x0, 0x0, 0x0}, 0x30)
syz_genetlink_get_family_id$devlink(&(0x7f0000000180), 0xffffffffffffffff)

258.003906ms ago: executing program 6 (id=2383):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$sock_buf(r0, 0x1, 0x1f, &(0x7f00000000c0)=""/112, &(0x7f0000000040)=0x70)
bind$inet6(r0, &(0x7f0000000080)={0xa, 0x14e22, 0x0, @ipv4}, 0x1c)
listen(r0, 0x5)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000000), r1)
r2 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000140), 0x311000, 0x0)
ioctl$RTC_EPOCH_READ(r2, 0x8008700d, &(0x7f00000001c0))
syz_emit_ethernet(0x3a, &(0x7f0000000180)={@broadcast, @local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x7, 0x2c, 0x0, 0x0, 0x0, 0x6, 0x0, @broadcast, @multicast1}, {{0x0, 0x4e25, 0x41424344, 0x41424344, 0x0, 0x6, 0x6, 0xc2, 0x0, 0x0, 0x0, {[@window={0x3, 0x3, 0xc5}]}}}}}}}, 0x0)

178.347723ms ago: executing program 6 (id=2384):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x19, 0x4, 0x8, 0xb, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000ac0), 0xffffffffffffffff)
r2 = openat$cdrom(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$CDROM_SEND_PACKET(r2, 0x5393, &(0x7f0000000100)={"850ff5e60600", 0x0, 0x0, 0x0, 0x0, 0x2, 0x10000, 0x0, 0x0})
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_open_dev$vim2m(&(0x7f00000000c0), 0x7, 0x2)
ioctl$vim2m_VIDIOC_ENUM_FMT(r4, 0xc0405602, &(0x7f0000000480)={0x2a, 0x1, 0x0, "3ad3cbcfd20fb29634b50b097fae23ee506c00000700000000000000cc0a00", 0x31303551})
sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_SET(r3, &(0x7f0000001b80)={0x0, 0x0, &(0x7f0000001b40)={&(0x7f0000000540)={0x64, r1, 0x800, 0x0, 0x0, {}, [{{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}, {0x8}, {0x6}, {0x5}, {0x6}, {0x8}}]}, 0x64}}, 0x40000)
r5 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r6 = dup(r5)
ioctl$KDSKBSENT(r6, 0x4b49, &(0x7f0000000840)={0x0, "d6cecf87037ce66b93aa99c7c491418f8bc160f100f7922da1816af0a8dd3859f5c15c7d71793763e2fd49e0ed9504d523ef137d9313da8ebd313333ec25c7276e534e3aa36b6a04c491d3b177a326a44c48a69d86d13ef59698cf95f879092ea5a428c5e803de2bfaaf5beeb7654c1972cef9ca404563f4a50ca4253b5d961685328d92c4b5597396d2e9686c206bb13b613383d82cc992f7f5111b54b1fb0fa8ffa03a28c3631fdf1f191a77d8037e534c8cbe136425065b86aa53bb212835a249f90eea8090bfe6ca325e84cec9a52245d8224864e5982fa07f46fa1ab7319666f6706d1f7c2a4e6dee089834dc8b88bfdfdc66a5bff8cf42085b4a5a5d66117f5370be5c685d371806d3e13c142a7bbdf0406790d74289777db2b882f04f042107646a9599446d4f135067d343beb2129cde76e9526abce1738e3a117abe9441834bf2a1a4bf1a4815352ebd0576e285441f83e4d0c6e17ea7059bf7e21cd9ba843cc000829257c5571f6f96ca7689959c6d8c51dce17d1691483582d2d741e8c5ea218e99fe4683d1866e63fd17c7ab93c395b90049a0ef65ced48476e0ad627fe1ae1f498a827138242a35ec50e56d9eb176f89aa7055752385eee86ae6a8f4a778ffbca3ec5d25fa34b27b33e1cc34204edfa177621faa66274ca0c8ee359a3608a77b0e8e572165ba948ffa3008763015166c4ea2f7eb5732a3fbc15"})
io_uring_setup(0x3b63, &(0x7f0000000340)={0x0, 0x9d46, 0x2, 0x1, 0x0, 0x0, r6})
read$alg(r6, &(0x7f00000002c0)=""/60, 0x3c)
ioctl$KVM_GET_VCPU_EVENTS(r6, 0x4048aecb, &(0x7f0000000080))
bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000040)={r6, &(0x7f0000000000)="94323019a098addec518e9bc3ed0bf6789b8c611ecaa5a121bb1a8d5e9664dba25cf658dd0"}, 0x20)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002300000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r7}, 0x10)
r8 = socket$nl_route(0x10, 0x3, 0x0)
r9 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r9, 0x1, r9, &(0x7f0000000000)={0xa0000001})
r10 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r10, &(0x7f0000000100), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r10, 0x0)
preadv(r10, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0)
getpeername$packet(r10, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000400)=0x14)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r8, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00'})
r11 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r11, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000002280)=ANY=[@ANYBLOB="420000001800010000000000000000000a800000000000000000000018001600140001000000000000000000000010000000000008000400", @ANYRES32, @ANYBLOB="0600150003"], 0x44}}, 0x0)
r12 = socket$inet6(0xa, 0x6, 0x0)
close_range(r12, 0xffffffffffffffff, 0x0)

68.140298ms ago: executing program 4 (id=2385):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x11, 0x3, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xffffff7d, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = socket$pppl2tp(0x18, 0x1, 0x1)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r2, &(0x7f0000000000)={0xa, 0x3, 0x0, @local, 0x3}, 0x1c)
connect$pppl2tp(r1, &(0x7f00000002c0)=@pppol2tpin6={0x18, 0x1, {0x0, r2, 0x8, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @rand_addr=' \x01\x00'}}}, 0x32)
writev(r1, &(0x7f0000000180)=[{0x0}], 0x1)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
fsopen(0x0, 0x0)
pipe(&(0x7f0000000200))
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000003c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r3 = getpid()
sched_setscheduler(r3, 0x1, &(0x7f0000000100)=0x5)
openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
r5 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r7, &(0x7f00000bd000), 0x1a9, 0x0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r5, @ANYBLOB=',wfdno=', @ANYRESHEX=r7])
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x0, 0x0)
r8 = socket$nl_route(0x10, 0x3, 0x0)
r9 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="4c00000010004b042200", @ANYRES32=0x0, @ANYBLOB="00000000000000002c0012800b00010062726964676500001c000280080004000000"], 0x4c}}, 0x0)
syz_genetlink_get_family_id$nl80211(0x0, r9)

198.832µs ago: executing program 5 (id=2386):
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x1a, &(0x7f0000000000)=0x6, 0x4)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="60000000100001040100"/20, @ANYRES32=0x0, @ANYBLOB="7b130000000000003800128008000100677470002c00028008000100", @ANYRES32, @ANYBLOB="080003000800000008000100", @ANYRES32=r0], 0x60}}, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x8031, 0xffffffffffffffff, 0x0)
getrandom(0x0, 0x0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@textreal={0x8, &(0x7f0000000240)="f381c70a0066b8dc95fc9a0f23d00f21f866350000000b0f23f8c59f0060440f20c0663504000000440f22c00f20d86635200000000f22d82ef00fc09cfa4e0f0138653e66f20f38f07300b8420e8ed036652e362e26360f01ca", 0x5a}], 0x1, 0x0, 0x0, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0)
write$binfmt_script(r4, &(0x7f0000000240), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r4, 0x0)
r5 = dup(r3)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0xffff, 0x0, 0x0, 0x0)
open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(r3, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r3, 0x4010ae67, &(0x7f00000001c0)={0x0, 0xd000})
ioctl$KVM_NMI(r6, 0xae9a)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, 0x0)
close(r0)

0s ago: executing program 0 (id=2387):
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x1000000, &(0x7f0000000840)=ANY=[@ANYBLOB="78226e6f65786163638173733d616e792c63616368653d66736361636865"])
chdir(&(0x7f0000000280)='./file0\x00')
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x20c01, 0x0)
io_setup(0x1fe, &(0x7f0000000200)=<r2=>0x0)
io_setup(0x7ff, &(0x7f0000002080)=<r3=>0x0)
io_submit(r3, 0x1, &(0x7f00000005c0)=[0x0])
io_submit(r2, 0x1, &(0x7f0000000040)=[&(0x7f0000000440)={0x18, 0x7000000, 0x4, 0x1, 0x0, r1, &(0x7f0000000180)='\x00', 0x1, 0x2}]) (fail_nth: 15)
getsockopt$inet6_mreq(r0, 0x3a, 0x1, 0x0, 0x0)

kernel console output (not intermixed with test programs):

814]  </TASK>
[  373.509260][   T75] Bluetooth: hci4: Frame reassembly failed (-84)
[  373.712359][T12862] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1972'.
[  373.921065][T12864] SELinux:  Context #! ./cgroup/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
[  375.246412][T12893] FAULT_INJECTION: forcing a failure.
[  375.246412][T12893] name failslab, interval 1, probability 0, space 0, times 0
[  375.273843][T12893] CPU: 2 UID: 0 PID: 12893 Comm: syz.4.1980 Not tainted 6.12.0-rc4-syzkaller-00261-g850925a8133c #0
[  375.276703][T12893] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  375.279520][T12893] Call Trace:
[  375.280400][T12893]  <TASK>
[  375.281128][T12893]  dump_stack_lvl+0x16c/0x1f0
[  375.282368][T12893]  should_fail_ex+0x497/0x5b0
[  375.283605][T12893]  ? fs_reclaim_acquire+0xae/0x150
[  375.284973][T12893]  should_failslab+0xc2/0x120
[  375.286502][T12893]  kmem_cache_alloc_noprof+0x6e/0x2f0
[  375.288596][T12893]  ? alloc_empty_file+0x73/0x1e0
[  375.290360][T12893]  alloc_empty_file+0x73/0x1e0
[  375.291644][T12893]  alloc_file_pseudo+0x147/0x210
[  375.292896][T12893]  ? __pfx_alloc_file_pseudo+0x10/0x10
[  375.294269][T12893]  ? do_raw_spin_unlock+0x172/0x230
[  375.295634][T12893]  ? _raw_spin_unlock+0x28/0x50
[  375.297041][T12893]  ? alloc_fd+0x2d7/0x6c0
[  375.298195][T12893]  sock_alloc_file+0x50/0x1d0
[  375.299446][T12893]  __sys_socket+0x1c2/0x260
[  375.300655][T12893]  ? __pfx___sys_socket+0x10/0x10
[  375.301996][T12893]  ? ksys_write+0x1ad/0x260
[  375.303241][T12893]  ? __pfx_ksys_write+0x10/0x10
[  375.304529][T12893]  __x64_sys_socket+0x72/0xb0
[  375.305893][T12893]  ? lockdep_hardirqs_on+0x7c/0x110
[  375.307787][T12893]  do_syscall_64+0xcd/0x250
[  375.309615][T12893]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  375.311383][T12893] RIP: 0033:0x7ff04037e719
[  375.312555][T12893] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  375.317624][T12893] RSP: 002b:00007ff041132038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029
[  375.319780][T12893] RAX: ffffffffffffffda RBX: 00007ff040535f80 RCX: 00007ff04037e719
[  375.321831][T12893] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 000000000000002b
[  375.323862][T12893] RBP: 00007ff041132090 R08: 0000000000000000 R09: 0000000000000000
[  375.326058][T12893] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  375.328936][T12893] R13: 0000000000000001 R14: 00007ff040535f80 R15: 00007ffead707738
[  375.331237][T12893]  </TASK>
[  375.369304][T12895] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1979'.
[  375.528700][ T5294] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  375.753801][   T11] Bluetooth: hci4: received HCILL_GO_TO_SLEEP_ACK in state 1
[  375.759760][ T1141] Bluetooth: hci4: Frame reassembly failed (-84)
[  376.118773][   T30] usb 5-1: new high-speed USB device number 41 using dummy_hcd
[  376.258862][   T30] usb 5-1: device descriptor read/64, error -71
[  376.320586][   T11] Bluetooth: hci5: Frame reassembly failed (-84)
[  376.499308][   T30] usb 5-1: new high-speed USB device number 42 using dummy_hcd
[  376.628912][   T30] usb 5-1: device descriptor read/64, error -71
[  376.742490][   T30] usb usb5-port1: attempt power cycle
[  377.007871][T12925] netlink: 'syz.4.1991': attribute type 1 has an invalid length.
[  377.078791][   T30] usb 5-1: new high-speed USB device number 43 using dummy_hcd
[  377.107751][   T30] usb 5-1: device descriptor read/8, error -71
[  377.275035][T12936] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1995'.
[  377.348749][   T30] usb 5-1: new high-speed USB device number 44 using dummy_hcd
[  377.369418][   T30] usb 5-1: device descriptor read/8, error -71
[  377.489750][   T30] usb usb5-port1: unable to enumerate USB device
[  377.768785][ T5939] Bluetooth: hci4: command 0x1003 tx timeout
[  377.768888][ T5294] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  377.861165][T12940] program syz.5.1996 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  378.343958][ T5294] Bluetooth: hci5: command 0x1003 tx timeout
[  378.347400][ T5951] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  378.418469][T12953] Process accounting resumed
[  378.421746][ T1408] ieee802154 phy0 wpan0: encryption failed: -22
[  378.421826][ T1408] ieee802154 phy1 wpan1: encryption failed: -22
[  378.688947][ T1456] usb 10-1: new high-speed USB device number 6 using dummy_hcd
[  378.738881][ T5999] usb 6-1: new high-speed USB device number 33 using dummy_hcd
[  378.850930][ T1456] usb 10-1: config 0 has no interfaces?
[  378.853057][ T1456] usb 10-1: New USB device found, idVendor=1a34, idProduct=0802, bcdDevice= 0.00
[  378.856662][ T1456] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  378.861444][ T1456] usb 10-1: config 0 descriptor??
[  378.908758][ T5999] usb 6-1: Using ep0 maxpacket: 8
[  378.914206][ T5999] usb 6-1: config 0 has an invalid interface number: 1 but max is 0
[  378.917105][ T5999] usb 6-1: config 0 has no interface number 0
[  378.919507][ T5999] usb 6-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  378.923412][ T5999] usb 6-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  378.926466][ T5999] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  378.931626][ T5999] usb 6-1: config 0 descriptor??
[  378.939436][ T5999] iowarrior 6-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0
[  379.139405][   T35] usb 6-1: USB disconnect, device number 33
[  379.141702][    C3] iowarrior 6-1:0.1: iowarrior_callback - usb_submit_urb failed with result -19
[  379.146485][   T35] iowarrior 6-1:0.1: I/O-Warror #0 now disconnected
[  379.259231][T12966] kvm: pic: non byte read
[  379.261762][T12966] kvm: pic: non byte read
[  379.264246][T12966] kvm: pic: non byte read
[  379.266744][T12966] kvm: pic: non byte read
[  379.269428][T12966] kvm: pic: non byte read
[  379.271287][T12966] kvm: pic: level sensitive irq not supported
[  379.271532][T12966] kvm: pic: non byte read
[  379.275855][T12966] kvm: pic: non byte read
[  379.277927][T12966] kvm: pic: non byte read
[  379.792050][T12983] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2008'.
[  379.833062][   T39] audit: type=1400 audit(1730113114.511:1388): avc:  denied  { accept } for  pid=12981 comm="syz.4.2008" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[  379.839284][ T5980] usb 10-1: USB disconnect, device number 6
[  380.037986][   T39] audit: type=1326 audit(1730113114.711:1389): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13000 comm="syz.4.2014" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff04037e719 code=0x0
[  380.150639][T13007] FAULT_INJECTION: forcing a failure.
[  380.150639][T13007] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  380.154902][T13007] CPU: 0 UID: 0 PID: 13007 Comm: syz.1.2016 Not tainted 6.12.0-rc4-syzkaller-00261-g850925a8133c #0
[  380.157995][T13007] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  380.160794][T13007] Call Trace:
[  380.162000][T13007]  <TASK>
[  380.163087][T13007]  dump_stack_lvl+0x16c/0x1f0
[  380.164872][T13007]  should_fail_ex+0x497/0x5b0
[  380.166631][T13007]  _copy_from_iter+0x2a1/0x1560
[  380.168158][T13007]  ? __pfx__copy_from_iter+0x10/0x10
[  380.169583][T13007]  ? __virt_addr_valid+0x1a4/0x590
[  380.170951][T13007]  ? __virt_addr_valid+0x5e/0x590
[  380.172799][T13007]  ? __phys_addr_symbol+0x30/0x80
[  380.174391][T13007]  ? __check_object_size+0x488/0x710
[  380.175763][T13007]  netlink_sendmsg+0x813/0xd70
[  380.177094][T13007]  ? __pfx_netlink_sendmsg+0x10/0x10
[  380.178478][T13007]  ? __might_fault+0xe3/0x190
[  380.179851][T13007]  ____sys_sendmsg+0xaaf/0xc90
[  380.181236][T13007]  ? copy_msghdr_from_user+0x10b/0x160
[  380.182654][T13007]  ? __pfx_____sys_sendmsg+0x10/0x10
[  380.184057][T13007]  ? __pfx___lock_acquire+0x10/0x10
[  380.185435][T13007]  ___sys_sendmsg+0x135/0x1e0
[  380.186677][T13007]  ? __pfx____sys_sendmsg+0x10/0x10
[  380.188046][T13007]  ? lock_acquire+0x2f/0xb0
[  380.189263][T13007]  ? __fget_files+0x40/0x3f0
[  380.190483][T13007]  ? fdget+0x176/0x210
[  380.191885][T13007]  __sys_sendmsg+0x117/0x1f0
[  380.193599][T13007]  ? __pfx___sys_sendmsg+0x10/0x10
[  380.195228][T13007]  ? __fget_files+0x244/0x3f0
[  380.196496][T13007]  do_syscall_64+0xcd/0x250
[  380.197774][T13007]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  380.199386][T13007] RIP: 0033:0x7f1dc937e719
[  380.200575][T13007] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  380.205865][T13007] RSP: 002b:00007f1dca211038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  380.208327][T13007] RAX: ffffffffffffffda RBX: 00007f1dc9535f80 RCX: 00007f1dc937e719
[  380.210417][T13007] RDX: 0000000000000080 RSI: 00000000200002c0 RDI: 0000000000000003
[  380.212550][T13007] RBP: 00007f1dca211090 R08: 0000000000000000 R09: 0000000000000000
[  380.214670][T13007] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  380.216767][T13007] R13: 0000000000000000 R14: 00007f1dc9535f80 R15: 00007fff863e0dc8
[  380.218840][T13007]  </TASK>
[  380.258347][T13010] tmpfs: Bad value for 'mpol'
[  380.268339][   T39] audit: type=1400 audit(1730113114.941:1390): avc:  denied  { getopt } for  pid=13009 comm="syz.1.2017" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1
[  380.271309][T13010] netdevsim netdevsim1: Direct firmware load for 8 04bd 0120 0000 0000 001d
[  380.271309][T13010]  failed with error -2
[  380.276767][T13010] netdevsim netdevsim1: Falling back to sysfs fallback for: 8 04bd 0120 0000 0000 001d
[  380.276767][T13010] 
[  380.908791][   T35] usb 10-1: new high-speed USB device number 7 using dummy_hcd
[  381.078732][   T35] usb 10-1: Using ep0 maxpacket: 8
[  381.082130][   T35] usb 10-1: config 0 has an invalid interface number: 1 but max is 0
[  381.084271][   T35] usb 10-1: config 0 has no interface number 0
[  381.085974][   T35] usb 10-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  381.089092][   T35] usb 10-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  381.091550][   T35] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  381.094875][   T35] usb 10-1: config 0 descriptor??
[  381.098512][   T35] iowarrior 10-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0
[  381.131836][T13021] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2020'.
[  381.135451][T13021] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2020'.
[  381.306716][    C3] iowarrior 10-1:0.1: iowarrior_callback - usb_submit_urb failed with result -19
[  381.306755][ T5999] usb 10-1: USB disconnect, device number 7
[  381.322555][ T5999] iowarrior 10-1:0.1: I/O-Warror #0 now disconnected
[  381.548363][   T39] audit: type=1400 audit(1730113116.221:1391): avc:  denied  { accept } for  pid=13027 comm="syz.1.2023" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  381.628884][T13029] loop7: detected capacity change from 16320 to 0
[  381.844493][T13036] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2025'.
[  381.914373][T13036] ipt_REJECT: TCP_RESET invalid for non-tcp
[  381.920647][T13037] binder_alloc: binder_alloc_mmap_handler: 13034 20ffd000-21000000 already mapped failed -16
[  381.927376][T13036] binder: BINDER_SET_CONTEXT_MGR already set
[  381.938697][T13036] binder: 13034:13036 ioctl 4018620d 20000040 returned -16
[  381.940130][T13037] binder: BINDER_SET_CONTEXT_MGR already set
[  381.943519][T13037] binder: 13034:13037 ioctl 4018620d 20000040 returned -16
[  382.047667][T13046] FAULT_INJECTION: forcing a failure.
[  382.047667][T13046] name failslab, interval 1, probability 0, space 0, times 0
[  382.051210][T13046] CPU: 3 UID: 0 PID: 13046 Comm: syz.5.2029 Not tainted 6.12.0-rc4-syzkaller-00261-g850925a8133c #0
[  382.054051][T13046] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  382.056896][T13046] Call Trace:
[  382.057784][T13046]  <TASK>
[  382.058793][T13046]  dump_stack_lvl+0x16c/0x1f0
[  382.060017][T13046]  should_fail_ex+0x497/0x5b0
[  382.061265][T13046]  ? fs_reclaim_acquire+0xae/0x150
[  382.062580][T13046]  should_failslab+0xc2/0x120
[  382.063792][T13046]  __kmalloc_noprof+0xcb/0x400
[  382.065055][T13046]  sock_kmalloc+0x111/0x170
[  382.066346][T13046]  af_alg_alloc_areq+0xbc/0x2e0
[  382.067647][T13046]  skcipher_recvmsg+0x326/0x1020
[  382.068983][T13046]  ? __pfx_skcipher_recvmsg+0x10/0x10
[  382.070400][T13046]  sock_recvmsg+0x1f6/0x250
[  382.071609][T13046]  __sys_recvfrom+0x1a5/0x2e0
[  382.072871][T13046]  ? __pfx___sys_recvfrom+0x10/0x10
[  382.074269][T13046]  ? reacquire_held_locks+0x20b/0x4c0
[  382.075677][T13046]  ? do_user_addr_fault+0xdc7/0x13f0
[  382.077128][T13046]  __x64_sys_recvfrom+0xe0/0x1c0
[  382.078426][T13046]  ? do_syscall_64+0x91/0x250
[  382.079666][T13046]  ? lockdep_hardirqs_on+0x7c/0x110
[  382.081002][T13046]  do_syscall_64+0xcd/0x250
[  382.082181][T13046]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  382.083759][T13046] RIP: 0033:0x7fbc9ad804e4
[  382.084943][T13046] Code: 89 4c 24 1c e8 ed 5a 02 00 44 8b 54 24 1c 8b 3c 24 45 31 c9 89 c5 48 8b 54 24 10 48 8b 74 24 08 45 31 c0 b8 2d 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 89 ef 48 89 04 24 e8 39 5b 02 00 48 8b 04
[  382.089938][T13046] RSP: 002b:00007fbc9bc4fed0 EFLAGS: 00000246 ORIG_RAX: 000000000000002d
[  382.092394][T13046] RAX: ffffffffffffffda RBX: 00007fbc9bc4ffc0 RCX: 00007fbc9ad804e4
[  382.095256][T13046] RDX: 0000000000001000 RSI: 00007fbc9bc50010 RDI: 0000000000000004
[  382.098323][T13046] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  382.101221][T13046] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
[  382.104121][T13046] R13: 00007fbc9bc4ff68 R14: 00007fbc9bc50010 R15: 0000000000000000
[  382.107046][T13046]  </TASK>
[  382.108359][    C3] vkms_vblank_simulate: vblank timer overrun
[  382.115397][   T39] audit: type=1326 audit(1730113116.791:1392): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13040 comm="syz.4.2027" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff04037e719 code=0x0
[  382.638762][   T39] audit: type=1400 audit(1730113117.311:1393): avc:  denied  { watch watch_reads } for  pid=13054 comm="syz.5.2031" path="/proc/186/net/unix" dev="proc" ino=4026533215 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1
[  382.651785][T13055] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  382.662251][T13055] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  382.856220][T13068] FAULT_INJECTION: forcing a failure.
[  382.856220][T13068] name failslab, interval 1, probability 0, space 0, times 0
[  382.860540][T13068] CPU: 3 UID: 0 PID: 13068 Comm: syz.1.2035 Not tainted 6.12.0-rc4-syzkaller-00261-g850925a8133c #0
[  382.863393][T13068] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  382.866410][T13068] Call Trace:
[  382.867352][T13068]  <TASK>
[  382.868210][T13068]  dump_stack_lvl+0x16c/0x1f0
[  382.869567][T13068]  should_fail_ex+0x497/0x5b0
[  382.870898][T13068]  ? fs_reclaim_acquire+0xae/0x150
[  382.872377][T13068]  should_failslab+0xc2/0x120
[  382.873795][T13068]  __kmalloc_noprof+0xcb/0x400
[  382.875442][T13068]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  382.877443][T13068]  tomoyo_realpath_from_path+0xb9/0x720
[  382.879025][T13068]  ? tomoyo_path_number_perm+0x232/0x590
[  382.880573][T13068]  tomoyo_path_number_perm+0x245/0x590
[  382.882153][T13068]  ? tomoyo_path_number_perm+0x232/0x590
[  382.883719][T13068]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  382.885347][T13068]  ? trace_lock_acquire+0x14a/0x1d0
[  382.886767][T13068]  ? lock_acquire+0x2f/0xb0
[  382.888045][T13068]  ? __fget_files+0x40/0x3f0
[  382.889287][T13068]  ? __fget_files+0x244/0x3f0
[  382.890587][T13068]  security_file_ioctl+0x9b/0x240
[  382.892032][T13068]  __x64_sys_ioctl+0xbb/0x220
[  382.893367][T13068]  do_syscall_64+0xcd/0x250
[  382.894642][T13068]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  382.896262][T13068] RIP: 0033:0x7f1dc937e719
[  382.897547][T13068] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  382.903041][T13068] RSP: 002b:00007f1dca211038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  382.905396][T13068] RAX: ffffffffffffffda RBX: 00007f1dc9535f80 RCX: 00007f1dc937e719
[  382.907577][T13068] RDX: 0000000020000040 RSI: 00000000c1105518 RDI: 0000000000000003
[  382.909826][T13068] RBP: 00007f1dca211090 R08: 0000000000000000 R09: 0000000000000000
[  382.912127][T13068] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  382.914505][T13068] R13: 0000000000000000 R14: 00007f1dc9535f80 R15: 00007fff863e0dc8
[  382.916738][T13068]  </TASK>
[  382.917756][    C3] vkms_vblank_simulate: vblank timer overrun
[  382.928661][T13068] ERROR: Out of memory at tomoyo_realpath_from_path.
[  383.027885][T13071] netlink: 'syz.1.2036': attribute type 9 has an invalid length.
[  383.030247][T13071] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2036'.
[  383.062959][   T39] audit: type=1326 audit(1730113117.731:1394): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13072 comm="syz.4.2037" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff04037e719 code=0x7ffc0000
[  383.071997][   T39] audit: type=1326 audit(1730113117.731:1395): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13072 comm="syz.4.2037" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff04037e719 code=0x7ffc0000
[  383.081627][   T39] audit: type=1326 audit(1730113117.731:1396): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13072 comm="syz.4.2037" exe="/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff04037e719 code=0x7ffc0000
[  383.090311][   T39] audit: type=1326 audit(1730113117.741:1397): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13072 comm="syz.4.2037" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff04037e719 code=0x7ffc0000
[  383.681866][T13083] 9pnet_fd: Insufficient options for proto=fd
[  383.735540][T13085] openvswitch: netlink: Actions may not be safe on all matching packets
[  383.837984][T13087] FAULT_INJECTION: forcing a failure.
[  383.837984][T13087] name failslab, interval 1, probability 0, space 0, times 0
[  383.841780][T13087] CPU: 1 UID: 0 PID: 13087 Comm: syz.5.2042 Not tainted 6.12.0-rc4-syzkaller-00261-g850925a8133c #0
[  383.844643][T13087] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  383.847472][T13087] Call Trace:
[  383.848373][T13087]  <TASK>
[  383.849195][T13087]  dump_stack_lvl+0x16c/0x1f0
[  383.850613][T13087]  should_fail_ex+0x497/0x5b0
[  383.851962][T13087]  ? fs_reclaim_acquire+0xae/0x150
[  383.853369][T13087]  should_failslab+0xc2/0x120
[  383.854673][T13087]  kmem_cache_alloc_noprof+0x6e/0x2f0
[  383.856199][T13087]  ? skb_clone+0x190/0x3f0
[  383.857584][T13087]  skb_clone+0x190/0x3f0
[  383.859163][T13087]  netlink_trim+0x1b3/0x250
[  383.860649][T13087]  netlink_broadcast_filtered+0xc7/0xef0
[  383.862288][T13087]  ? __pfx_tcf_action_dump_1+0x10/0x10
[  383.863944][T13087]  ? __nla_put+0x27/0x40
[  383.865203][T13087]  ? __pfx_netlink_broadcast_filtered+0x10/0x10
[  383.866952][T13087]  nlmsg_notify+0x9e/0x220
[  383.868243][T13087]  tcf_action_add+0x364/0x5d0
[  383.869654][T13087]  ? __pfx_tcf_action_add+0x10/0x10
[  383.871169][T13087]  ? __pfx_lock_release+0x10/0x10
[  383.872666][T13087]  ? __nla_parse+0x40/0x60
[  383.873994][T13087]  tc_ctl_action+0x35d/0x470
[  383.875398][T13087]  ? __pfx_tc_ctl_action+0x10/0x10
[  383.877021][T13087]  ? __pfx_tc_ctl_action+0x10/0x10
[  383.878544][T13087]  rtnetlink_rcv_msg+0x3c7/0xea0
[  383.879963][T13087]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  383.881552][T13087]  netlink_rcv_skb+0x16b/0x440
[  383.882973][T13087]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  383.884465][T13087]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  383.885997][T13087]  ? netlink_deliver_tap+0x1ae/0xd90
[  383.887481][T13087]  netlink_unicast+0x53c/0x7f0
[  383.888919][T13087]  ? __pfx_netlink_unicast+0x10/0x10
[  383.890492][T13087]  netlink_sendmsg+0x8b8/0xd70
[  383.891867][T13087]  ? __pfx_netlink_sendmsg+0x10/0x10
[  383.893403][T13087]  ? __might_fault+0xe3/0x190
[  383.895146][T13087]  ____sys_sendmsg+0xaaf/0xc90
[  383.896651][T13087]  ? copy_msghdr_from_user+0x10b/0x160
[  383.898425][T13087]  ? __pfx_____sys_sendmsg+0x10/0x10
[  383.900334][T13087]  ? __pfx___lock_acquire+0x10/0x10
[  383.902129][T13087]  ___sys_sendmsg+0x135/0x1e0
[  383.903841][T13087]  ? __pfx____sys_sendmsg+0x10/0x10
[  383.905366][T13087]  ? lock_acquire+0x2f/0xb0
[  383.906642][T13087]  ? __fget_files+0x40/0x3f0
[  383.908016][T13087]  ? fdget+0x176/0x210
[  383.909203][T13087]  __sys_sendmsg+0x117/0x1f0
[  383.910512][T13087]  ? __pfx___sys_sendmsg+0x10/0x10
[  383.912176][T13087]  ? __fget_files+0x244/0x3f0
[  383.913693][T13087]  do_syscall_64+0xcd/0x250
[  383.915173][T13087]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  383.916937][T13087] RIP: 0033:0x7fbc9ad7e719
[  383.918437][T13087] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  383.924670][T13087] RSP: 002b:00007fbc9bc51038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  383.927303][T13087] RAX: ffffffffffffffda RBX: 00007fbc9af35f80 RCX: 00007fbc9ad7e719
[  383.929599][T13087] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000003
[  383.931955][T13087] RBP: 00007fbc9bc51090 R08: 0000000000000000 R09: 0000000000000000
[  383.934350][T13087] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  383.936632][T13087] R13: 0000000000000000 R14: 00007fbc9af35f80 R15: 00007ffdaa261db8
[  383.938876][T13087]  </TASK>
[  384.139612][T13100] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2046'.
[  384.144871][T13090] netlink: 5 bytes leftover after parsing attributes in process `syz.1.2043'.
[  384.839224][   T39] kauditd_printk_skb: 84 callbacks suppressed
[  384.839265][   T39] audit: type=1400 audit(1730113119.521:1482): avc:  denied  { getopt } for  pid=13107 comm="syz.0.2049" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  385.073163][T13117] No control pipe specified
[  385.292558][T13128] netlink: 20 bytes leftover after parsing attributes in process `syz.5.2050'.
[  385.494511][   T39] audit: type=1326 audit(1730113120.171:1483): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13138 comm="syz.0.2056" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1ef957e719 code=0x0
[  385.545551][T13142] 9pnet_fd: Insufficient options for proto=fd
[  385.848725][ T5294] Bluetooth: hci1: command 0x0c1a tx timeout
[  386.005852][T13147] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=23 sclass=netlink_route_socket pid=13147 comm=syz.5.2058
[  386.022849][T13146] [U] 
[  386.162214][T13155] FAULT_INJECTION: forcing a failure.
[  386.162214][T13155] name failslab, interval 1, probability 0, space 0, times 0
[  386.166487][T13155] CPU: 0 UID: 0 PID: 13155 Comm: syz.5.2060 Not tainted 6.12.0-rc4-syzkaller-00261-g850925a8133c #0
[  386.169519][T13155] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  386.172288][T13155] Call Trace:
[  386.173421][T13155]  <TASK>
[  386.174208][T13155]  dump_stack_lvl+0x16c/0x1f0
[  386.175446][T13155]  should_fail_ex+0x497/0x5b0
[  386.176660][T13155]  ? fs_reclaim_acquire+0xae/0x150
[  386.178223][T13155]  should_failslab+0xc2/0x120
[  386.179680][T13155]  kmem_cache_alloc_noprof+0x6e/0x2f0
[  386.181431][T13155]  ? alloc_empty_file+0x73/0x1e0
[  386.183063][T13155]  alloc_empty_file+0x73/0x1e0
[  386.184591][T13155]  alloc_file_pseudo+0x147/0x210
[  386.186230][T13155]  ? __pfx_alloc_file_pseudo+0x10/0x10
[  386.187969][T13155]  ? tipc_sk_finish_conn+0x580/0x790
[  386.189631][T13155]  sock_alloc_file+0x50/0x1d0
[  386.190970][T13155]  __sys_socketpair+0x31d/0x5a0
[  386.192195][T13155]  ? __pfx___sys_socketpair+0x10/0x10
[  386.193734][T13155]  ? fput+0x30/0x390
[  386.195039][T13155]  ? __pfx_ksys_write+0x10/0x10
[  386.196376][T13155]  __x64_sys_socketpair+0x96/0x100
[  386.197733][T13155]  ? lockdep_hardirqs_on+0x7c/0x110
[  386.199062][T13155]  do_syscall_64+0xcd/0x250
[  386.200209][T13155]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  386.201746][T13155] RIP: 0033:0x7fbc9ad7e719
[  386.202902][T13155] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  386.209012][T13155] RSP: 002b:00007fbc9bc51038 EFLAGS: 00000246 ORIG_RAX: 0000000000000035
[  386.211440][T13155] RAX: ffffffffffffffda RBX: 00007fbc9af35f80 RCX: 00007fbc9ad7e719
[  386.214025][T13155] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 000000000000001e
[  386.216635][T13155] RBP: 00007fbc9bc51090 R08: 0000000000000000 R09: 0000000000000000
[  386.218815][T13155] R10: 0000000020000200 R11: 0000000000000246 R12: 0000000000000002
[  386.221387][T13155] R13: 0000000000000001 R14: 00007fbc9af35f80 R15: 00007ffdaa261db8
[  386.223496][T13155]  </TASK>
[  386.307466][   T39] audit: type=1400 audit(1730113120.981:1484): avc:  denied  { mounton } for  pid=13167 comm="syz.1.2063" path="mnt:[4026533163]" dev="nsfs" ino=4026533163 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  387.513388][T13195] 9pnet_fd: Insufficient options for proto=fd
[  387.564384][T13197] FAULT_INJECTION: forcing a failure.
[  387.564384][T13197] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  387.569154][T13197] CPU: 3 UID: 0 PID: 13197 Comm: syz.1.2072 Not tainted 6.12.0-rc4-syzkaller-00261-g850925a8133c #0
[  387.572921][T13197] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  387.575689][T13197] Call Trace:
[  387.576577][T13197]  <TASK>
[  387.577390][T13197]  dump_stack_lvl+0x16c/0x1f0
[  387.578793][T13197]  should_fail_ex+0x497/0x5b0
[  387.580397][T13197]  _copy_from_user+0x32/0x100
[  387.581790][T13197]  input_event_from_user+0x134/0x3b0
[  387.583380][T13197]  ? __pfx_input_event_from_user+0x10/0x10
[  387.585155][T13197]  ? __pfx___might_resched+0x10/0x10
[  387.586626][T13197]  ? input_inject_event+0x193/0x370
[  387.587924][T13197]  evdev_write+0x377/0x750
[  387.589072][T13197]  ? __pfx_evdev_write+0x10/0x10
[  387.590325][T13197]  ? bpf_lsm_file_permission+0x9/0x10
[  387.591682][T13197]  ? security_file_permission+0x71/0x210
[  387.593107][T13197]  ? __pfx_evdev_write+0x10/0x10
[  387.594354][T13197]  vfs_write+0x24c/0x1150
[  387.595481][T13197]  ? __fget_files+0x23a/0x3f0
[  387.597073][T13197]  ? __pfx_lock_release+0x10/0x10
[  387.598709][T13197]  ? trace_lock_acquire+0x14a/0x1d0
[  387.600429][T13197]  ? __pfx_vfs_write+0x10/0x10
[  387.602030][T13197]  ? lock_acquire+0x2f/0xb0
[  387.603604][T13197]  ? __fget_files+0x40/0x3f0
[  387.605209][T13197]  ? __fget_files+0x244/0x3f0
[  387.606670][T13197]  ksys_write+0x1fa/0x260
[  387.608135][T13197]  ? __pfx_ksys_write+0x10/0x10
[  387.609877][T13197]  do_syscall_64+0xcd/0x250
[  387.611448][T13197]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  387.613469][T13197] RIP: 0033:0x7f1dc937e719
[  387.614815][T13197] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  387.619620][T13197] RSP: 002b:00007f1dca211038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  387.621742][T13197] RAX: ffffffffffffffda RBX: 00007f1dc9535f80 RCX: 00007f1dc937e719
[  387.623699][T13197] RDX: 0000000000002250 RSI: 0000000020000040 RDI: 0000000000000007
[  387.625800][T13197] RBP: 00007f1dca211090 R08: 0000000000000000 R09: 0000000000000000
[  387.628359][T13197] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  387.630630][T13197] R13: 0000000000000000 R14: 00007f1dc9535f80 R15: 00007fff863e0dc8
[  387.632784][T13197]  </TASK>
[  387.753228][T13215] overlayfs: option "uuid=on" requires an upper fs, falling back to uuid=null.
[  387.755761][T13215] overlayfs: missing 'lowerdir'
[  388.168884][T13152] Bluetooth: hci0: Opcode 0x0c03 failed: -110
[  388.810725][   T39] audit: type=1400 audit(1730113123.491:1485): avc:  denied  { setattr } for  pid=13226 comm="syz.0.2081" name="cec0" dev="devtmpfs" ino=973 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  388.932570][T13234] netlink: 'syz.5.2084': attribute type 7 has an invalid length.
[  388.937697][T13234] netlink: 20 bytes leftover after parsing attributes in process `syz.5.2084'.
[  389.018739][ T6001] usb 9-1: new high-speed USB device number 19 using dummy_hcd
[  389.032133][   T39] audit: type=1400 audit(1730113123.711:1486): avc:  denied  { ioctl } for  pid=13241 comm="syz.0.2087" path="socket:[48281]" dev="sockfs" ino=48281 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  389.179843][ T6001] usb 9-1: config 0 has no interfaces?
[  389.181190][ T6001] usb 9-1: New USB device found, idVendor=1a34, idProduct=0802, bcdDevice= 0.00
[  389.183626][ T6001] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  389.187058][ T6001] usb 9-1: config 0 descriptor??
[  389.871991][T13258] netlink: 'syz.0.2090': attribute type 9 has an invalid length.
[  389.874076][T13258] netlink: 209836 bytes leftover after parsing attributes in process `syz.0.2090'.
[  389.901292][T13258] netlink: 'syz.0.2090': attribute type 9 has an invalid length.
[  389.903635][T13258] netlink: 196992 bytes leftover after parsing attributes in process `syz.0.2090'.
[  389.925305][ T5999] usb 9-1: USB disconnect, device number 19
[  389.928902][ T5951] Bluetooth: hci4: command 0x1003 tx timeout
[  389.932314][ T5294] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  390.050221][   T39] audit: type=1326 audit(1730113124.731:1487): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13261 comm="syz.1.2092" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1dc937e719 code=0x0
[  390.266399][T13276] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2096'.
[  390.312103][T13278] netlink: 24062 bytes leftover after parsing attributes in process `syz.5.2097'.
[  390.315084][T13278] netlink: 188348 bytes leftover after parsing attributes in process `syz.5.2097'.
[  390.324330][ T6001] IPVS: starting estimator thread 0...
[  390.408785][T13280] IPVS: using max 34 ests per chain, 81600 per kthread
[  390.558788][ T5979] usb 10-1: new high-speed USB device number 8 using dummy_hcd
[  390.712255][ T1141] Bluetooth: hci4: Frame reassembly failed (-84)
[  390.731509][ T5979] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  390.734893][ T5979] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  390.737487][ T5979] usb 10-1: New USB device found, idVendor=04b4, idProduct=de61, bcdDevice= 0.00
[  390.741037][ T5979] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  390.746652][ T5979] usb 10-1: config 0 descriptor??
[  390.927638][T13286] FAULT_INJECTION: forcing a failure.
[  390.927638][T13286] name failslab, interval 1, probability 0, space 0, times 0
[  390.930992][T13286] CPU: 3 UID: 0 PID: 13286 Comm: syz.1.2100 Not tainted 6.12.0-rc4-syzkaller-00261-g850925a8133c #0
[  390.933957][T13286] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  390.936816][T13286] Call Trace:
[  390.937708][T13286]  <TASK>
[  390.938522][T13286]  dump_stack_lvl+0x16c/0x1f0
[  390.939796][T13286]  should_fail_ex+0x497/0x5b0
[  390.941053][T13286]  ? fs_reclaim_acquire+0xae/0x150
[  390.942560][T13286]  should_failslab+0xc2/0x120
[  390.944206][T13286]  __kmalloc_noprof+0xcb/0x400
[  390.945934][T13286]  ? d_absolute_path+0x137/0x1b0
[  390.947310][T13286]  tomoyo_encode2+0x100/0x3e0
[  390.948607][T13286]  tomoyo_encode+0x29/0x50
[  390.950090][T13286]  tomoyo_realpath_from_path+0x19d/0x720
[  390.951806][T13286]  tomoyo_path_number_perm+0x245/0x590
[  390.953485][T13286]  ? tomoyo_path_number_perm+0x232/0x590
[  390.955179][T13286]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  390.956956][T13286]  ? trace_lock_acquire+0x14a/0x1d0
[  390.958544][T13286]  ? lock_acquire+0x2f/0xb0
[  390.960257][T13286]  ? __fget_files+0x40/0x3f0
[  390.962115][T13286]  ? __fget_files+0x244/0x3f0
[  390.963789][T13286]  security_file_ioctl+0x9b/0x240
[  390.965378][T13286]  __x64_sys_ioctl+0xbb/0x220
[  390.966890][T13286]  do_syscall_64+0xcd/0x250
[  390.967576][ T5979] cypress 0003:04B4:DE61.000A: item fetching failed at offset 5/7
[  390.968261][T13286]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  390.968294][T13286] RIP: 0033:0x7f1dc937e719
[  390.970721][ T5979] cypress 0003:04B4:DE61.000A: parse failed
[  390.971994][T13286] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  390.972017][T13286] RSP: 002b:00007f1dca211038 EFLAGS: 00000246
[  390.973291][ T5979] cypress 0003:04B4:DE61.000A: probe with driver cypress failed with error -22
[  390.974833][T13286]  ORIG_RAX: 0000000000000010
[  390.974842][T13286] RAX: ffffffffffffffda RBX: 00007f1dc9535f80 RCX: 00007f1dc937e719
[  390.974851][T13286] RDX: 0000000020000280 RSI: 00000000c03064ca RDI: 0000000000000004
[  390.974863][T13286] RBP: 00007f1dca211090 R08: 0000000000000000 R09: 0000000000000000
[  390.974875][T13286] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  390.974888][T13286] R13: 0000000000000000 R14: 00007f1dc9535f80 R15: 00007fff863e0dc8
[  390.974913][T13286]  </TASK>
[  390.997486][T13286] ERROR: Out of memory at tomoyo_realpath_from_path.
[  391.174204][ T5979] usb 10-1: USB disconnect, device number 8
[  391.208970][T13304] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2101'.
[  391.228920][   T39] audit: type=1800 audit(1730113125.901:1488): pid=13304 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.0.2101" name="bus" dev="9p" ino=36574959 res=0 errno=0
[  391.704773][T13306] 9pnet_fd: Insufficient options for proto=fd
[  391.729915][T13308] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  391.785175][T13308] batman_adv: batadv0: Removing interface: batadv_slave_1
[  391.997943][T13324] netlink: 'syz.0.2110': attribute type 3 has an invalid length.
[  392.221149][T13334] 8021q: adding VLAN 0 to HW filter on device bond0
[  392.248398][T13334] bond0: (slave rose0): Enslaving as an active interface with an up link
[  392.679038][T13346] netlink: 72 bytes leftover after parsing attributes in process `syz.1.2113'.
[  392.728804][ T5951] Bluetooth: hci4: command 0x1003 tx timeout
[  392.729209][ T5294] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  393.125196][T13362] FAULT_INJECTION: forcing a failure.
[  393.125196][T13362] name failslab, interval 1, probability 0, space 0, times 0
[  393.138801][T13362] CPU: 3 UID: 0 PID: 13362 Comm: syz.4.2116 Not tainted 6.12.0-rc4-syzkaller-00261-g850925a8133c #0
[  393.142303][T13362] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  393.145576][T13362] Call Trace:
[  393.146640][T13362]  <TASK>
[  393.147589][T13362]  dump_stack_lvl+0x16c/0x1f0
[  393.149310][T13362]  should_fail_ex+0x497/0x5b0
[  393.150860][T13362]  ? fs_reclaim_acquire+0xae/0x150
[  393.152462][T13362]  should_failslab+0xc2/0x120
[  393.153914][T13362]  __kmalloc_cache_noprof+0x6b/0x300
[  393.155524][T13362]  ? p9_client_create+0xc8/0x1200
[  393.157193][T13362]  p9_client_create+0xc8/0x1200
[  393.158752][T13362]  ? __pfx_p9_client_create+0x10/0x10
[  393.160331][T13362]  ? rcu_is_watching+0x12/0xc0
[  393.161812][T13362]  ? lockdep_init_map_type+0x16d/0x7d0
[  393.163650][T13362]  ? __kmalloc_node_track_caller_noprof+0x22d/0x430
[  393.165725][T13362]  ? __raw_spin_lock_init+0x3a/0x110
[  393.167416][T13362]  v9fs_session_init+0x1f8/0x1a80
[  393.169126][T13362]  ? __pfx_v9fs_session_init+0x10/0x10
[  393.170668][T13362]  ? kasan_save_track+0x14/0x30
[  393.172326][T13362]  v9fs_mount+0xc6/0xa30
[  393.173712][T13362]  ? __pfx_v9fs_mount+0x10/0x10
[  393.175247][T13362]  ? selinux_sb_eat_lsm_opts+0x594/0x700
[  393.176982][T13362]  ? cap_capable+0x1cf/0x240
[  393.178510][T13362]  ? __pfx_v9fs_mount+0x10/0x10
[  393.180114][T13362]  legacy_get_tree+0x109/0x220
[  393.181414][T13362]  vfs_get_tree+0x8f/0x380
[  393.182821][T13362]  path_mount+0x14e6/0x1f20
[  393.184390][T13362]  ? kmem_cache_free+0x152/0x4b0
[  393.186111][T13362]  ? __pfx_path_mount+0x10/0x10
[  393.187695][T13362]  ? putname+0x12e/0x170
[  393.189138][T13362]  __x64_sys_mount+0x294/0x320
[  393.190699][T13362]  ? __pfx___x64_sys_mount+0x10/0x10
[  393.192430][T13362]  do_syscall_64+0xcd/0x250
[  393.193935][T13362]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  393.195784][T13362] RIP: 0033:0x7ff04037e719
[  393.197192][T13362] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  393.203000][T13362] RSP: 002b:00007ff041132038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  393.205567][T13362] RAX: ffffffffffffffda RBX: 00007ff040535f80 RCX: 00007ff04037e719
[  393.208002][T13362] RDX: 0000000020000180 RSI: 0000000020000140 RDI: 0000000000000000
[  393.210486][T13362] RBP: 00007ff041132090 R08: 0000000020000240 R09: 0000000000000000
[  393.213071][T13362] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  393.215511][T13362] R13: 0000000000000000 R14: 00007ff040535f80 R15: 00007ffead707738
[  393.217973][T13362]  </TASK>
[  393.467034][T13382] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2119'.
[  393.887983][   T12] Bluetooth: hci4: Frame reassembly failed (-84)
[  394.280289][   T39] audit: type=1326 audit(1730113128.961:1489): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13404 comm="syz.5.2126" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fbc9ad7e719 code=0x0
[  394.354661][T13403] batadv_slave_1 (unregistering): left promiscuous mode
[  394.514936][   T39] audit: type=1326 audit(1730113129.191:1490): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13414 comm="syz.0.2128" exe="/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f1ef957e719 code=0x0
[  394.665454][T13423] serio: Serial port ptm0
[  394.811892][T13430] xt_hashlimit: size too large, truncated to 1048576
[  395.312152][T13439] binfmt_misc: register: failed to install interpreter file ./file0
[  395.929007][ T5294] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  396.058559][T13450] bridge0: left allmulticast mode
[  396.145496][T13450] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3832186367 (7664372734 ns) > initial count (4194304 ns). Using initial count to start timer.
[  396.209488][T13454] bridge0: port 3(team0) entered blocking state
[  396.211490][T13454] bridge0: port 3(team0) entered forwarding state
[  396.213585][T13454] bridge0: port 1(bridge_slave_0) entered blocking state
[  396.215797][T13454] bridge0: port 1(bridge_slave_0) entered forwarding state
[  396.219792][T13454] bridge0: entered promiscuous mode
[  396.221639][T13454] bridge0: entered allmulticast mode
[  396.872217][   T39] audit: type=1400 audit(1730113131.551:1491): avc:  denied  { open } for  pid=13460 comm="syz.4.2138" path="/193/file0" dev="tmpfs" ino=1054 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  396.915028][T13454] 9pnet_fd: p9_fd_create_tcp (13454): problem connecting socket to 127.0.0.1
[  396.929839][   T39] audit: type=1400 audit(1730113131.611:1492): avc:  denied  { ioctl } for  pid=13460 comm="syz.4.2138" path="/193/file0" dev="tmpfs" ino=1054 ioctlcmd=0x70c8 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  397.098777][T13467] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(3)
[  397.100496][T13467] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  397.102656][T13467] vhci_hcd vhci_hcd.0: Device attached
[  397.106647][T13467] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(5)
[  397.109063][T13467] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  397.115717][T13470] FAULT_INJECTION: forcing a failure.
[  397.115717][T13470] name failslab, interval 1, probability 0, space 0, times 0
[  397.116127][T13467] vhci_hcd vhci_hcd.0: Device attached
[  397.119261][T13470] CPU: 0 UID: 0 PID: 13470 Comm: syz.1.2139 Not tainted 6.12.0-rc4-syzkaller-00261-g850925a8133c #0
[  397.124594][T13470] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  397.124802][T13471] usbip_core: unknown command
[  397.128270][T13470] Call Trace:
[  397.128280][T13470]  <TASK>
[  397.130652][T13471] vhci_hcd: unknown pdu 1196444672
[  397.131174][T13470]  dump_stack_lvl+0x16c/0x1f0
[  397.132257][T13471] usbip_core: unknown command
[  397.132921][ T1131] vhci_hcd: stop threads
[  397.134074][T13470]  should_fail_ex+0x497/0x5b0
[  397.135575][ T1131] vhci_hcd: release socket
[  397.135591][ T1131] vhci_hcd: disconnect device
[  397.137251][T13470]  ? fs_reclaim_acquire+0xae/0x150
[  397.145443][T13470]  should_failslab+0xc2/0x120
[  397.147014][T13470]  kmem_cache_alloc_noprof+0x6e/0x2f0
[  397.148800][T13470]  ? vm_area_dup+0x21/0x2f0
[  397.150336][T13470]  vm_area_dup+0x21/0x2f0
[  397.151855][T13470]  __split_vma+0x181/0x1160
[  397.153092][T13470]  ? find_held_lock+0x2d/0x110
[  397.154336][T13470]  ? __pfx___split_vma+0x10/0x10
[  397.155596][T13470]  vma_modify.constprop.0+0x1445/0x2440
[  397.157012][T13470]  ? __pfx_vma_modify.constprop.0+0x10/0x10
[  397.158502][T13470]  vma_modify_flags+0x209/0x2a0
[  397.159789][T13470]  ? __pfx_vma_modify_flags+0x10/0x10
[  397.161190][T13470]  ? mas_next_slot+0x12d3/0x21b0
[  397.162506][T13470]  mlock_fixup+0x282/0xfc0
[  397.163570][T13470]  apply_vma_lock_flags+0x262/0x390
[  397.165186][T13470]  ? __pfx_apply_vma_lock_flags+0x10/0x10
[  397.167021][T13470]  ? lock_acquire+0x2f/0xb0
[  397.168522][T13470]  ? do_mlock+0x1c0/0x7d0
[  397.169938][T13470]  ? __pfx_down_write_killable+0x10/0x10
[  397.171451][T13470]  ? __mutex_unlock_slowpath+0x164/0x650
[  397.173427][T13470]  do_mlock+0x26c/0x7d0
[  397.174897][T13470]  ? __pfx_do_mlock+0x10/0x10
[  397.176561][T13470]  ? fput+0x30/0x390
[  397.177951][T13470]  ? ksys_write+0x1ad/0x260
[  397.179559][T13470]  ? __pfx_ksys_write+0x10/0x10
[  397.181020][   T39] audit: type=1400 audit(1730113131.861:1493): avc:  denied  { wake_alarm } for  pid=13466 comm="syz.5.2140" capability=35  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  397.181419][T13470]  __x64_sys_mlock2+0xbd/0x100
[  397.187910][T13470]  do_syscall_64+0xcd/0x250
[  397.189075][T13470]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  397.190508][T13470] RIP: 0033:0x7f1dc937e719
[  397.191850][T13470] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  397.198056][T13470] RSP: 002b:00007f1dca1cf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000145
[  397.200822][T13470] RAX: ffffffffffffffda RBX: 00007f1dc9536130 RCX: 00007f1dc937e719
[  397.203244][T13470] RDX: 0000000000000000 RSI: 0000000000002000 RDI: 0000000020ffa000
[  397.205643][T13470] RBP: 00007f1dca1cf090 R08: 0000000000000000 R09: 0000000000000000
[  397.207572][T13470] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  397.209551][T13470] R13: 0000000000000000 R14: 00007f1dc9536130 R15: 00007fff863e0dc8
[  397.211569][T13470]  </TASK>
[  397.261667][T13468] vhci_hcd: connection closed
[  397.261856][   T11] vhci_hcd: stop threads
[  397.264875][   T11] vhci_hcd: release socket
[  397.266468][   T11] vhci_hcd: disconnect device
[  398.460990][ T5979] usb 6-1: new high-speed USB device number 34 using dummy_hcd
[  398.608841][ T5979] usb 6-1: Using ep0 maxpacket: 8
[  398.631299][ T5979] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  398.633766][ T5979] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  398.636264][ T5979] usb 6-1: Product: syz
[  398.637739][ T5979] usb 6-1: Manufacturer: syz
[  398.660276][ T5979] usb 6-1: SerialNumber: syz
[  398.806226][   T39] audit: type=1400 audit(1730113133.481:1494): avc:  denied  { listen } for  pid=13501 comm="syz.4.2149" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[  398.813912][   T39] audit: type=1400 audit(1730113133.481:1495): avc:  denied  { accept } for  pid=13501 comm="syz.4.2149" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[  398.900857][ T5979] usblp 6-1:1.0: usblp0: USB Unidirectional printer dev 34 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[  399.180989][   T35] usb 6-1: USB disconnect, device number 34
[  399.184460][   T35] usblp0: removed
[  399.750927][T13531] futex_wake_op: syz.1.2155 tries to shift op by 32; fix this program
[  399.898108][T13534] tipc: Started in network mode
[  399.899741][T13534] tipc: Node identity 640101, cluster identity 4711
[  399.902001][T13534] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[  400.618308][T13547] netlink: 'syz.5.2159': attribute type 10 has an invalid length.
[  400.643631][T13547] batman_adv: batadv0: Adding interface: team0
[  400.645610][T13547] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  400.653721][T13547] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active
[  401.061324][T13568] FAULT_INJECTION: forcing a failure.
[  401.061324][T13568] name failslab, interval 1, probability 0, space 0, times 0
[  401.064749][T13568] CPU: 2 UID: 0 PID: 13568 Comm: syz.1.2164 Not tainted 6.12.0-rc4-syzkaller-00261-g850925a8133c #0
[  401.067493][T13568] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  401.070367][T13568] Call Trace:
[  401.071253][T13568]  <TASK>
[  401.072033][T13568]  dump_stack_lvl+0x16c/0x1f0
[  401.073289][T13568]  should_fail_ex+0x497/0x5b0
[  401.074527][T13568]  should_failslab+0xc2/0x120
[  401.075784][T13568]  kmem_cache_alloc_noprof+0x6e/0x2f0
[  401.077218][T13568]  ? skb_clone+0x190/0x3f0
[  401.078395][T13568]  skb_clone+0x190/0x3f0
[  401.079523][T13568]  netlink_deliver_tap+0xab3/0xd90
[  401.080917][T13568]  netlink_unicast+0x5e1/0x7f0
[  401.082184][T13568]  ? __pfx_netlink_unicast+0x10/0x10
[  401.083615][T13568]  netlink_sendmsg+0x8b8/0xd70
[  401.084989][T13568]  ? __pfx_netlink_sendmsg+0x10/0x10
[  401.086404][T13568]  ? stack_trace_save+0x95/0xd0
[  401.087715][T13568]  ? stack_depot_save_flags+0x28/0x8f0
[  401.089182][T13568]  sock_sendmsg+0x3cb/0x470
[  401.090426][T13568]  ? __kasan_slab_free+0x51/0x70
[  401.091729][T13568]  ? __pfx_sock_sendmsg+0x10/0x10
[  401.093065][T13568]  ? splice_direct_to_actor+0x2a4/0xa40
[  401.094531][T13568]  splice_to_socket+0xaac/0x1040
[  401.095838][T13568]  ? __pfx_splice_to_socket+0x10/0x10
[  401.097288][T13568]  ? kasan_quarantine_put+0x10a/0x240
[  401.098713][T13568]  ? __pfx_splice_to_socket+0x10/0x10
[  401.100157][T13568]  direct_splice_actor+0x18f/0x6c0
[  401.101674][T13568]  splice_direct_to_actor+0x346/0xa40
[  401.103060][T13568]  ? __pfx_direct_splice_actor+0x10/0x10
[  401.104525][T13568]  ? __pfx_splice_direct_to_actor+0x10/0x10
[  401.106073][T13568]  ? __pfx_file_has_perm+0x10/0x10
[  401.107415][T13568]  do_splice_direct+0x178/0x250
[  401.108706][T13568]  ? __pfx_do_splice_direct+0x10/0x10
[  401.110139][T13568]  ? __pfx_direct_file_splice_eof+0x10/0x10
[  401.111795][T13568]  ? bpf_lsm_file_permission+0x9/0x10
[  401.113179][T13568]  ? security_file_permission+0x71/0x210
[  401.114638][T13568]  do_sendfile+0xb0c/0xe40
[  401.115820][T13568]  ? __pfx_do_sendfile+0x10/0x10
[  401.117141][T13568]  ? __fget_files+0x244/0x3f0
[  401.118381][T13568]  __x64_sys_sendfile64+0x1da/0x220
[  401.119742][T13568]  ? ksys_write+0x1ad/0x260
[  401.120989][T13568]  ? __pfx___x64_sys_sendfile64+0x10/0x10
[  401.122468][T13568]  do_syscall_64+0xcd/0x250
[  401.123660][T13568]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  401.125199][T13568] RIP: 0033:0x7f1dc937e719
[  401.126366][T13568] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  401.131397][T13568] RSP: 002b:00007f1dca211038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  401.133558][T13568] RAX: ffffffffffffffda RBX: 00007f1dc9535f80 RCX: 00007f1dc937e719
[  401.135587][T13568] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000008
[  401.137652][T13568] RBP: 00007f1dca211090 R08: 0000000000000000 R09: 0000000000000000
[  401.139689][T13568] R10: 0000000100000002 R11: 0000000000000246 R12: 0000000000000002
[  401.141782][T13568] R13: 0000000000000000 R14: 00007f1dc9535f80 R15: 00007fff863e0dc8
[  401.143830][T13568]  </TASK>
[  402.654621][T13583] FAULT_INJECTION: forcing a failure.
[  402.654621][T13583] name failslab, interval 1, probability 0, space 0, times 0
[  402.659825][T13583] CPU: 3 UID: 0 PID: 13583 Comm: syz.5.2168 Not tainted 6.12.0-rc4-syzkaller-00261-g850925a8133c #0
[  402.662935][T13583] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  402.666103][T13583] Call Trace:
[  402.666988][T13583]  <TASK>
[  402.667758][T13583]  dump_stack_lvl+0x16c/0x1f0
[  402.668951][T13583]  should_fail_ex+0x497/0x5b0
[  402.670148][T13583]  ? fs_reclaim_acquire+0xae/0x150
[  402.671599][T13583]  should_failslab+0xc2/0x120
[  402.673040][T13583]  __kmalloc_cache_noprof+0x6b/0x300
[  402.674848][T13583]  ? snd_mixer_oss_put_volume1_vol.constprop.0.isra.0+0x98/0x560
[  402.676959][T13583]  snd_mixer_oss_put_volume1_vol.constprop.0.isra.0+0x98/0x560
[  402.678940][T13583]  snd_mixer_oss_put_volume1+0x937/0xd30
[  402.680457][T13583]  ? __pfx_snd_mixer_oss_put_volume1+0x10/0x10
[  402.682103][T13583]  snd_mixer_oss_ioctl1+0x611/0x1cf0
[  402.683502][T13583]  ? __pfx_snd_mixer_oss_ioctl1+0x10/0x10
[  402.684929][T13583]  ? ioctl_has_perm.constprop.0.isra.0+0x2f3/0x460
[  402.686522][T13583]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[  402.688201][T13583]  ? trace_lock_acquire+0x14a/0x1d0
[  402.689569][T13583]  ? selinux_file_ioctl+0x180/0x270
[  402.690871][T13583]  snd_mixer_oss_ioctl+0x3e/0x50
[  402.692134][T13583]  ? __pfx_snd_mixer_oss_ioctl+0x10/0x10
[  402.693576][T13583]  __x64_sys_ioctl+0x18f/0x220
[  402.694790][T13583]  do_syscall_64+0xcd/0x250
[  402.695945][T13583]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  402.697403][T13583] RIP: 0033:0x7fbc9ad7e719
[  402.698491][T13583] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  402.703447][T13583] RSP: 002b:00007fbc9bc51038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  402.705661][T13583] RAX: ffffffffffffffda RBX: 00007fbc9af35f80 RCX: 00007fbc9ad7e719
[  402.707751][T13583] RDX: 0000000020000040 RSI: 0000000040086603 RDI: 0000000000000003
[  402.709866][T13583] RBP: 00007fbc9bc51090 R08: 0000000000000000 R09: 0000000000000000
[  402.711969][T13583] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  402.714066][T13583] R13: 0000000000000000 R14: 00007fbc9af35f80 R15: 00007ffdaa261db8
[  402.716152][T13583]  </TASK>
[  402.717124][    C3] vkms_vblank_simulate: vblank timer overrun
[  403.030341][   T39] audit: type=1326 audit(1730113137.711:1496): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13598 comm="syz.5.2174" exe="/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fbc9ad7e719 code=0x0
[  403.126401][   T39] audit: type=1326 audit(1730113137.801:1497): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13601 comm="syz.1.2175" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1dc937e719 code=0x0
[  403.260690][T13606] FAULT_INJECTION: forcing a failure.
[  403.260690][T13606] name failslab, interval 1, probability 0, space 0, times 0
[  403.264643][T13606] CPU: 2 UID: 0 PID: 13606 Comm: syz.4.2176 Not tainted 6.12.0-rc4-syzkaller-00261-g850925a8133c #0
[  403.267663][T13606] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  403.271350][T13606] Call Trace:
[  403.272499][T13606]  <TASK>
[  403.273560][T13606]  dump_stack_lvl+0x16c/0x1f0
[  403.275134][T13606]  should_fail_ex+0x497/0x5b0
[  403.276338][T13606]  ? fs_reclaim_acquire+0xae/0x150
[  403.278019][T13606]  should_failslab+0xc2/0x120
[  403.279553][T13606]  kmem_cache_alloc_noprof+0x6e/0x2f0
[  403.281028][T13606]  ? security_inode_alloc+0x3b/0x2b0
[  403.282358][T13606]  security_inode_alloc+0x3b/0x2b0
[  403.283655][T13606]  inode_init_always_gfp+0xc5f/0xfb0
[  403.285387][T13606]  ? debug_mutex_init+0x37/0x70
[  403.286971][T13606]  ? __pfx_ovl_inode_set+0x10/0x10
[  403.288725][T13606]  alloc_inode+0x82/0x230
[  403.290176][T13606]  iget5_locked+0x33b/0x3d0
[  403.291392][T13606]  ? __pfx_ovl_inode_test+0x10/0x10
[  403.292784][T13606]  ? __pfx_ovl_inode_set+0x10/0x10
[  403.294134][T13606]  ? __pfx_iget5_locked+0x10/0x10
[  403.295377][T13606]  ? lock_acquire.part.0+0x11b/0x380
[  403.296770][T13606]  ovl_get_inode+0xceb/0x13c0
[  403.298348][T13606]  ? __pfx_ovl_get_inode+0x10/0x10
[  403.299697][T13606]  ? lockref_get+0x15/0x50
[  403.300890][T13606]  ? do_raw_spin_unlock+0x172/0x230
[  403.302344][T13606]  ? _raw_spin_unlock+0x28/0x50
[  403.303637][T13606]  ovl_lookup+0xd4f/0x21f0
[  403.304859][T13606]  ? __pfx_ovl_lookup+0x10/0x10
[  403.306146][T13606]  ? __pfx_d_alloc_parallel+0x10/0x10
[  403.307567][T13606]  ? lockdep_init_map_type+0x16d/0x7d0
[  403.309020][T13606]  __lookup_slow+0x24f/0x460
[  403.310270][T13606]  ? __pfx___lookup_slow+0x10/0x10
[  403.311767][T13606]  ? walk_component+0x342/0x5b0
[  403.313066][T13606]  ? lookup_fast+0x155/0x540
[  403.314269][T13606]  walk_component+0x350/0x5b0
[  403.315471][T13606]  path_lookupat+0x17f/0x770
[  403.316691][T13606]  filename_lookup+0x1e5/0x5b0
[  403.317887][T13606]  ? find_held_lock+0x2d/0x110
[  403.319178][T13606]  ? __pfx_filename_lookup+0x10/0x10
[  403.320526][T13606]  ? __might_fault+0x13b/0x190
[  403.321771][T13606]  ? getname_flags.part.0+0x1c5/0x550
[  403.323129][T13606]  user_path_at+0x3a/0x60
[  403.324242][T13606]  do_fchownat+0xfa/0x200
[  403.325337][T13606]  ? __pfx_do_fchownat+0x10/0x10
[  403.326584][T13606]  ? ksys_write+0x1ad/0x260
[  403.327750][T13606]  ? __pfx_ksys_write+0x10/0x10
[  403.329031][T13606]  __x64_sys_lchown+0x7e/0xc0
[  403.330343][T13606]  ? lockdep_hardirqs_on+0x7c/0x110
[  403.331704][T13606]  do_syscall_64+0xcd/0x250
[  403.332986][T13606]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  403.334519][T13606] RIP: 0033:0x7ff04037e719
[  403.335662][T13606] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  403.340579][T13606] RSP: 002b:00007ff041132038 EFLAGS: 00000246 ORIG_RAX: 000000000000005e
[  403.342686][T13606] RAX: ffffffffffffffda RBX: 00007ff040535f80 RCX: 00007ff04037e719
[  403.344679][T13606] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000000
[  403.346630][T13606] RBP: 00007ff041132090 R08: 0000000000000000 R09: 0000000000000000
[  403.348587][T13606] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  403.348799][ T1456] usb 10-1: new high-speed USB device number 9 using dummy_hcd
[  403.350589][T13606] R13: 0000000000000000 R14: 00007ff040535f80 R15: 00007ffead707738
[  403.350633][T13606]  </TASK>
[  403.356272][T13606] overlayfs: failed to get inode (-12)
[  403.498696][ T1456] usb 10-1: Using ep0 maxpacket: 8
[  403.502140][ T1456] usb 10-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  403.504652][ T1456] usb 10-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  403.507194][ T1456] usb 10-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  403.510493][ T1456] usb 10-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  403.518683][ T1456] usb 10-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  403.525854][ T1456] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  403.734778][ T1456] usb 10-1: GET_CAPABILITIES returned 0
[  403.736234][ T1456] usbtmc 10-1:16.0: can't read capabilities
[  404.164529][   T39] audit: type=1400 audit(1730113138.841:1498): avc:  denied  { map } for  pid=13614 comm="syz.0.2180" path="/496/file0/blkio.bfq.io_serviced" dev="9p" ino=36574947 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  404.379097][ T5999] usb 6-1: new high-speed USB device number 35 using dummy_hcd
[  404.540671][ T5999] usb 6-1: config 0 has no interfaces?
[  404.542700][ T5999] usb 6-1: New USB device found, idVendor=1a34, idProduct=0802, bcdDevice= 0.00
[  404.546074][ T5999] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  404.553610][ T5999] usb 6-1: config 0 descriptor??
[  405.315903][ T5999] usb 6-1: USB disconnect, device number 35
[  406.032919][ T1456] usb 10-1: USB disconnect, device number 9
[  406.249577][T13636] FAULT_INJECTION: forcing a failure.
[  406.249577][T13636] name failslab, interval 1, probability 0, space 0, times 0
[  406.253237][T13636] CPU: 1 UID: 0 PID: 13636 Comm: syz.1.2184 Not tainted 6.12.0-rc4-syzkaller-00261-g850925a8133c #0
[  406.256906][T13636] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  406.259903][T13636] Call Trace:
[  406.260889][T13636]  <TASK>
[  406.261750][T13636]  dump_stack_lvl+0x16c/0x1f0
[  406.263074][T13636]  should_fail_ex+0x497/0x5b0
[  406.264499][T13636]  ? fs_reclaim_acquire+0xae/0x150
[  406.265999][T13636]  should_failslab+0xc2/0x120
[  406.267318][T13636]  kmem_cache_alloc_node_noprof+0x71/0x310
[  406.268933][T13636]  ? alloc_vmap_area+0x636/0x2a70
[  406.270359][T13636]  alloc_vmap_area+0x636/0x2a70
[  406.272021][T13636]  ? __pfx_alloc_vmap_area+0x10/0x10
[  406.274134][T13636]  __get_vm_area_node+0x17e/0x2d0
[  406.276073][T13636]  __vmalloc_node_range_noprof+0x26a/0x15a0
[  406.277695][T13636]  ? bpf_prog_calc_tag+0x108/0x720
[  406.279070][T13636]  ? arch_stack_walk+0xa7/0x100
[  406.280348][T13636]  ? bpf_prog_calc_tag+0x108/0x720
[  406.281853][T13636]  ? __pfx_stack_trace_save+0x10/0x10
[  406.283370][T13636]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  406.285268][T13636]  ? kasan_save_stack+0x42/0x60
[  406.286826][T13636]  ? kasan_save_stack+0x33/0x60
[  406.288213][T13636]  ? kasan_save_track+0x14/0x30
[  406.289641][T13636]  ? bpf_prog_calc_tag+0x108/0x720
[  406.291064][T13636]  vmalloc_noprof+0x6b/0x90
[  406.292776][T13636]  ? bpf_prog_calc_tag+0x108/0x720
[  406.294378][T13636]  bpf_prog_calc_tag+0x108/0x720
[  406.295743][T13636]  ? __pfx_bpf_prog_calc_tag+0x10/0x10
[  406.297254][T13636]  ? __pfx_add_subprog+0x10/0x10
[  406.298607][T13636]  ? add_subprog_and_kfunc+0x5e5/0x1b90
[  406.300160][T13636]  resolve_pseudo_ldimm64+0xcd/0x2950
[  406.301716][T13636]  ? __pfx_add_subprog_and_kfunc+0x10/0x10
[  406.303323][T13636]  ? __pfx_resolve_pseudo_ldimm64+0x10/0x10
[  406.305267][T13636]  ? trace_kmalloc+0x2d/0xe0
[  406.306866][T13636]  ? __kmalloc_node_noprof+0x22f/0x430
[  406.308378][T13636]  ? security_capable+0x21/0x260
[  406.309710][T13636]  ? __kvmalloc_node_noprof+0xad/0x1a0
[  406.311165][T13636]  bpf_check+0x6e0f/0xb430
[  406.312733][T13636]  ? kasan_save_stack+0x42/0x60
[  406.314299][T13636]  ? __pfx_bpf_check+0x10/0x10
[  406.315551][T13636]  ? __kasan_kmalloc+0xaa/0xb0
[  406.316947][T13636]  ? selinux_bpf_prog_load+0x15f/0x1c0
[  406.318364][T13636]  bpf_prog_load+0xedb/0x2660
[  406.319630][T13636]  ? __pfx_bpf_prog_load+0x10/0x10
[  406.320993][T13636]  ? avc_has_perm_noaudit+0x143/0x3a0
[  406.322340][T13636]  ? selinux_bpf+0xde/0x130
[  406.323492][T13636]  __sys_bpf+0x402b/0x49a0
[  406.324931][T13636]  ? ksys_write+0x21e/0x260
[  406.326410][T13636]  ? reacquire_held_locks+0x4a0/0x4c0
[  406.328299][T13636]  ? __pfx___sys_bpf+0x10/0x10
[  406.330006][T13636]  ? vfs_write+0x306/0x1150
[  406.331616][T13636]  ? __mutex_unlock_slowpath+0x164/0x650
[  406.333775][T13636]  ? fput+0x30/0x390
[  406.335127][T13636]  ? ksys_write+0x1ad/0x260
[  406.336610][T13636]  ? __pfx_ksys_write+0x10/0x10
[  406.338089][T13636]  __x64_sys_bpf+0x78/0xc0
[  406.339506][T13636]  ? lockdep_hardirqs_on+0x7c/0x110
[  406.341265][T13636]  do_syscall_64+0xcd/0x250
[  406.342871][T13636]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  406.344942][T13636] RIP: 0033:0x7f1dc937e719
[  406.346826][T13636] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  406.354963][T13636] RSP: 002b:00007f1dca211038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  406.358480][T13636] RAX: ffffffffffffffda RBX: 00007f1dc9535f80 RCX: 00007f1dc937e719
[  406.361802][T13636] RDX: 0000000000000094 RSI: 0000000020000840 RDI: 0000000000000005
[  406.365146][T13636] RBP: 00007f1dca211090 R08: 0000000000000000 R09: 0000000000000000
[  406.368076][T13636] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  406.370944][T13636] R13: 0000000000000000 R14: 00007f1dc9535f80 R15: 00007fff863e0dc8
[  406.373839][T13636]  </TASK>
[  406.379416][T13636] syz.1.2184: vmalloc error: size 192, vm_struct allocation failed, mode:0xcc0(GFP_KERNEL), nodemask=(null),cpuset=/,mems_allowed=0-1
[  406.384943][T13636] CPU: 2 UID: 0 PID: 13636 Comm: syz.1.2184 Not tainted 6.12.0-rc4-syzkaller-00261-g850925a8133c #0
[  406.389027][T13636] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  406.392736][T13636] Call Trace:
[  406.393973][T13636]  <TASK>
[  406.395058][T13636]  dump_stack_lvl+0x16c/0x1f0
[  406.396887][T13636]  warn_alloc+0x24d/0x3a0
[  406.398480][T13636]  ? __pfx_warn_alloc+0x10/0x10
[  406.400271][T13636]  ? kfree+0x14f/0x4b0
[  406.401887][T13636]  ? __get_vm_area_node+0x1bc/0x2d0
[  406.403806][T13636]  __vmalloc_node_range_noprof+0xd27/0x15a0
[  406.406037][T13636]  ? arch_stack_walk+0xa7/0x100
[  406.407828][T13636]  ? bpf_prog_calc_tag+0x108/0x720
[  406.409710][T13636]  ? __pfx_stack_trace_save+0x10/0x10
[  406.411823][T13636]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  406.414232][T13636]  ? kasan_save_stack+0x42/0x60
[  406.415994][T13636]  ? kasan_save_stack+0x33/0x60
[  406.417859][T13636]  ? kasan_save_track+0x14/0x30
[  406.419863][T13636]  ? bpf_prog_calc_tag+0x108/0x720
[  406.421763][T13636]  vmalloc_noprof+0x6b/0x90
[  406.423538][T13636]  ? bpf_prog_calc_tag+0x108/0x720
[  406.425532][T13636]  bpf_prog_calc_tag+0x108/0x720
[  406.427418][T13636]  ? __pfx_bpf_prog_calc_tag+0x10/0x10
[  406.429573][T13636]  ? __pfx_add_subprog+0x10/0x10
[  406.431407][T13636]  ? add_subprog_and_kfunc+0x5e5/0x1b90
[  406.433624][T13636]  resolve_pseudo_ldimm64+0xcd/0x2950
[  406.435633][T13636]  ? __pfx_add_subprog_and_kfunc+0x10/0x10
[  406.437782][T13636]  ? __pfx_resolve_pseudo_ldimm64+0x10/0x10
[  406.440156][T13636]  ? trace_kmalloc+0x2d/0xe0
[  406.442067][T13636]  ? __kmalloc_node_noprof+0x22f/0x430
[  406.444245][T13636]  ? security_capable+0x21/0x260
[  406.446249][T13636]  ? __kvmalloc_node_noprof+0xad/0x1a0
[  406.448502][T13636]  bpf_check+0x6e0f/0xb430
[  406.450231][T13636]  ? kasan_save_stack+0x42/0x60
[  406.452053][T13636]  ? __pfx_bpf_check+0x10/0x10
[  406.453975][T13636]  ? __kasan_kmalloc+0xaa/0xb0
[  406.455718][T13636]  ? selinux_bpf_prog_load+0x15f/0x1c0
[  406.457753][T13636]  bpf_prog_load+0xedb/0x2660
[  406.459556][T13636]  ? __pfx_bpf_prog_load+0x10/0x10
[  406.461513][T13636]  ? avc_has_perm_noaudit+0x143/0x3a0
[  406.463461][T13636]  ? selinux_bpf+0xde/0x130
[  406.465118][T13636]  __sys_bpf+0x402b/0x49a0
[  406.466734][T13636]  ? ksys_write+0x21e/0x260
[  406.468400][T13636]  ? reacquire_held_locks+0x4a0/0x4c0
[  406.470521][T13636]  ? __pfx___sys_bpf+0x10/0x10
[  406.472282][T13636]  ? vfs_write+0x306/0x1150
[  406.473982][T13636]  ? __mutex_unlock_slowpath+0x164/0x650
[  406.476077][T13636]  ? fput+0x30/0x390
[  406.477572][T13636]  ? ksys_write+0x1ad/0x260
[  406.479247][T13636]  ? __pfx_ksys_write+0x10/0x10
[  406.481046][T13636]  __x64_sys_bpf+0x78/0xc0
[  406.482676][T13636]  ? lockdep_hardirqs_on+0x7c/0x110
[  406.484547][T13636]  do_syscall_64+0xcd/0x250
[  406.486188][T13636]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  406.488311][T13636] RIP: 0033:0x7f1dc937e719
[  406.488946][ T5951] Bluetooth: hci4: command 0x1003 tx timeout
[  406.489797][T13636] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  406.489819][T13636] RSP: 002b:00007f1dca211038 EFLAGS: 00000246
[  406.493497][ T5294] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  406.497090][T13636]  ORIG_RAX: 0000000000000141
[  406.497099][T13636] RAX: ffffffffffffffda RBX: 00007f1dc9535f80 RCX: 00007f1dc937e719
[  406.497106][T13636] RDX: 0000000000000094 RSI: 0000000020000840 RDI: 0000000000000005
[  406.497114][T13636] RBP: 00007f1dca211090 R08: 0000000000000000 R09: 0000000000000000
[  406.497121][T13636] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  406.497128][T13636] R13: 0000000000000000 R14: 00007f1dc9535f80 R15: 00007fff863e0dc8
[  406.497142][T13636]  </TASK>
[  406.497399][T13636] Mem-Info:
[  406.515411][T13636] active_anon:18562 inactive_anon:0 isolated_anon:0
[  406.515411][T13636]  active_file:4472 inactive_file:60595 isolated_file:0
[  406.515411][T13636]  unevictable:1784 dirty:7745 writeback:0
[  406.515411][T13636]  slab_reclaimable:12397 slab_unreclaimable:77934
[  406.515411][T13636]  mapped:21718 shmem:13299 pagetables:1073
[  406.515411][T13636]  sec_pagetables:320 bounce:0
[  406.515411][T13636]  kernel_misc_reclaimable:0
[  406.515411][T13636]  free:442617 free_pcp:5161 free_cma:0
[  406.528358][T13636] Node 0 active_anon:74244kB inactive_anon:0kB active_file:17888kB inactive_file:242552kB unevictable:3600kB isolated(anon):0kB isolated(file):0kB mapped:86996kB dirty:31240kB writeback:0kB shmem:49656kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:12592kB pagetables:4288kB sec_pagetables:1280kB all_unreclaimable? yes
[  406.538927][T13636] Node 1 active_anon:4kB inactive_anon:0kB active_file:0kB inactive_file:76kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:3540kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:80kB pagetables:4kB sec_pagetables:0kB all_unreclaimable? no
[  406.547635][T13636] Node 0 DMA free:15148kB boost:2048kB min:2388kB low:2472kB high:2556kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:100kB local_pcp:0kB free_cma:0kB
[  406.556065][T13636] lowmem_reserve[]: 0 1214 0 0 0
[  406.558437][T13636] Node 0 DMA32 free:173436kB boost:62176kB min:89812kB low:96720kB high:103628kB reserved_highatomic:0KB active_anon:74120kB inactive_anon:0kB active_file:17888kB inactive_file:243048kB unevictable:3600kB writepending:31736kB present:2080628kB managed:1272192kB mlocked:64kB bounce:0kB free_pcp:13356kB local_pcp:324kB free_cma:0kB
[  406.570054][T13636] lowmem_reserve[]: 0 0 0 0 0
[  406.572265][T13636] Node 1 Normal free:1588896kB boost:0kB min:39600kB low:49500kB high:59400kB reserved_highatomic:0KB active_anon:4kB inactive_anon:0kB active_file:0kB inactive_file:76kB unevictable:3536kB writepending:0kB present:2097152kB managed:1781924kB mlocked:0kB bounce:0kB free_pcp:36kB local_pcp:0kB free_cma:0kB
[  406.583347][T13636] lowmem_reserve[]: 0 0 0 0 0
[  406.585585][T13636] Node 0 DMA: 11*4kB (U) 10*8kB (UM) 13*16kB (UM) 13*32kB (UM) 9*64kB (UM) 12*128kB (UM) 8*256kB (UM) 8*512kB (UM) 4*1024kB (UM) 1*2048kB (U) 0*4096kB = 15148kB
[  406.591314][T13636] Node 0 DMA32: 363*4kB (UME) 396*8kB (UE) 128*16kB (UE) 217*32kB (UME) 607*64kB (UME) 318*128kB (UM) 151*256kB (UME) 53*512kB (UME) 16*1024kB (UME) 5*2048kB (M) 0*4096kB = 185580kB
[  406.597256][T13636] Node 1 Normal: 82*4kB (UME) 83*8kB (UME) 86*16kB (UME) 261*32kB (UME) 125*64kB (UME) 87*128kB (UME) 70*256kB (UE) 68*512kB (UME) 55*1024kB (U) 6*2048kB (UM) 351*4096kB (UM) = 1588896kB
[  406.601237][ T1141] Bluetooth: hci4: Frame reassembly failed (-84)
[  406.603539][T13636] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  406.609989][T13636] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  406.612535][T13636] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  406.615281][T13636] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  406.618810][T13636] 78688 total pagecache pages
[  406.620461][T13636] 0 pages in swap cache
[  406.621890][T13636] Free swap  = 124108kB
[  406.623347][T13636] Total swap = 124996kB
[  406.625075][T13636] 1048443 pages RAM
[  406.626393][T13636] 0 pages HighMem/MovableOnly
[  406.628191][T13636] 281074 pages reserved
[  406.629968][T13636] 0 pages cma reserved
[  406.919504][   T39] audit: type=1326 audit(1730113141.601:1499): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13642 comm="syz.5.2187" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fbc9ad7e719 code=0x0
[  407.100282][   T39] audit: type=1326 audit(1730113141.781:1500): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13650 comm="syz.1.2190" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1dc937e719 code=0x0
[  407.941302][T13663] bridge0: port 3(team0) entered disabled state
[  407.943631][T13663] bridge0: port 1(bridge_slave_0) entered disabled state
[  407.946583][T13663] bridge0: left promiscuous mode
[  407.997624][T13661] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=13661 comm=syz.5.2192
[  408.063423][T13672] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2196'.
[  408.082931][T13672] fuse: Bad value for 'fd'
[  408.648767][ T5951] Bluetooth: hci4: command 0x1003 tx timeout
[  408.650868][ T5294] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  408.979842][   T39] audit: type=1400 audit(1730113143.661:1501): avc:  denied  { map } for  pid=13685 comm="syz.1.2200" path="socket:[49971]" dev="sockfs" ino=49971 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1
[  408.998657][   T39] audit: type=1400 audit(1730113143.661:1502): avc:  denied  { getopt } for  pid=13685 comm="syz.1.2200" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[  409.100992][T13689] mac80211_hwsim hwsim8 syzkaller0: entered promiscuous mode
[  409.102896][T13689] mac80211_hwsim hwsim8 syzkaller0: entered allmulticast mode
[  409.163544][T13695] FAULT_INJECTION: forcing a failure.
[  409.163544][T13695] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  409.167596][T13695] CPU: 3 UID: 0 PID: 13695 Comm: syz.0.2203 Not tainted 6.12.0-rc4-syzkaller-00261-g850925a8133c #0
[  409.170691][T13695] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  409.173930][T13695] Call Trace:
[  409.175006][T13695]  <TASK>
[  409.175934][T13695]  dump_stack_lvl+0x16c/0x1f0
[  409.177517][T13695]  should_fail_ex+0x497/0x5b0
[  409.179013][T13695]  _copy_to_user+0x32/0xd0
[  409.180301][T13695]  simple_read_from_buffer+0xd0/0x160
[  409.181817][T13695]  proc_fail_nth_read+0x198/0x270
[  409.183134][T13695]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  409.184716][T13695]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  409.186119][T13695]  vfs_read+0x1df/0xbe0
[  409.187447][T13695]  ? __fget_files+0x23a/0x3f0
[  409.188728][T13695]  ? fdget_pos+0x24c/0x360
[  409.189865][T13695]  ? __pfx_lock_release+0x10/0x10
[  409.191193][T13695]  ? trace_lock_acquire+0x14a/0x1d0
[  409.192863][T13695]  ? __pfx_vfs_read+0x10/0x10
[  409.194367][T13695]  ? __pfx___mutex_lock+0x10/0x10
[  409.196030][T13695]  ? __fget_files+0x244/0x3f0
[  409.197447][T13695]  ksys_read+0x12f/0x260
[  409.198766][T13695]  ? __pfx_ksys_read+0x10/0x10
[  409.200187][T13695]  do_syscall_64+0xcd/0x250
[  409.201622][T13695]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  409.203357][T13695] RIP: 0033:0x7f1ef957d15c
[  409.204606][T13695] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8e 02 00 48
[  409.210117][T13695] RSP: 002b:00007f1efa2a9030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  409.212470][T13695] RAX: ffffffffffffffda RBX: 00007f1ef9735f80 RCX: 00007f1ef957d15c
[  409.214723][T13695] RDX: 000000000000000f RSI: 00007f1efa2a90a0 RDI: 0000000000000006
[  409.217156][T13695] RBP: 00007f1efa2a9090 R08: 0000000000000000 R09: 0000000000000000
[  409.219373][T13695] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  409.221553][T13695] R13: 0000000000000000 R14: 00007f1ef9735f80 R15: 00007ffec8b8ac28
[  409.223594][T13695]  </TASK>
[  409.279628][T13696] REISERFS warning (device nullb0): sh-2021 reiserfs_fill_super: can not find reiserfs on nullb0
[  409.340313][   T12] Bluetooth: hci4: Frame reassembly failed (-84)
[  409.943341][   T39] audit: type=1326 audit(1730113144.621:1503): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13711 comm="syz.1.2208" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1dc937e719 code=0x7ffc0000
[  409.949300][   T39] audit: type=1326 audit(1730113144.621:1504): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13711 comm="syz.1.2208" exe="/syz-executor" sig=0 arch=c000003e syscall=190 compat=0 ip=0x7f1dc937e719 code=0x7ffc0000
[  409.955474][   T39] audit: type=1326 audit(1730113144.621:1505): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13711 comm="syz.1.2208" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1dc937e719 code=0x7ffc0000
[  409.962025][   T39] audit: type=1326 audit(1730113144.621:1506): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13711 comm="syz.1.2208" exe="/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f1dc937e719 code=0x7ffc0000
[  409.968777][   T39] audit: type=1326 audit(1730113144.621:1507): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13711 comm="syz.1.2208" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1dc937e719 code=0x7ffc0000
[  409.974799][   T39] audit: type=1326 audit(1730113144.621:1508): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13711 comm="syz.1.2208" exe="/syz-executor" sig=0 arch=c000003e syscall=191 compat=0 ip=0x7f1dc937e719 code=0x7ffc0000
[  409.980869][   T39] audit: type=1326 audit(1730113144.621:1509): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13711 comm="syz.1.2208" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1dc937e719 code=0x7ffc0000
[  409.988510][   T39] audit: type=1326 audit(1730113144.621:1510): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13711 comm="syz.1.2208" exe="/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f1dc937e719 code=0x7ffc0000
[  410.090873][T13716] pimreg: entered allmulticast mode
[  410.182930][T13721] binder: 13720:13721 ioctl c00c6211 0 returned -14
[  410.214447][T13724] FAULT_INJECTION: forcing a failure.
[  410.214447][T13724] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  410.217915][T13724] CPU: 1 UID: 0 PID: 13724 Comm: syz.1.2212 Not tainted 6.12.0-rc4-syzkaller-00261-g850925a8133c #0
[  410.220821][T13724] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  410.223708][T13724] Call Trace:
[  410.224662][T13724]  <TASK>
[  410.225452][T13724]  dump_stack_lvl+0x16c/0x1f0
[  410.226769][T13724]  should_fail_ex+0x497/0x5b0
[  410.228105][T13724]  _copy_to_user+0x32/0xd0
[  410.229423][T13724]  vmci_host_unlocked_ioctl+0x97e/0x1fb0
[  410.230881][T13724]  ? __pfx_vmci_host_unlocked_ioctl+0x10/0x10
[  410.232451][T13724]  ? ioctl_has_perm.constprop.0.isra.0+0x2ea/0x460
[  410.234287][T13724]  ? ioctl_has_perm.constprop.0.isra.0+0x2f3/0x460
[  410.235944][T13724]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[  410.237652][T13724]  ? trace_lock_acquire+0x14a/0x1d0
[  410.238998][T13724]  ? selinux_file_ioctl+0x180/0x270
[  410.240476][T13724]  ? selinux_file_ioctl+0xb4/0x270
[  410.241779][T13724]  ? __pfx_vmci_host_unlocked_ioctl+0x10/0x10
[  410.243323][T13724]  __x64_sys_ioctl+0x18f/0x220
[  410.244566][T13724]  do_syscall_64+0xcd/0x250
[  410.245727][T13724]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  410.247226][T13724] RIP: 0033:0x7f1dc937e719
[  410.248353][T13724] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  410.253213][T13724] RSP: 002b:00007f1dca211038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  410.255266][T13724] RAX: ffffffffffffffda RBX: 00007f1dc9535f80 RCX: 00007f1dc937e719
[  410.257282][T13724] RDX: 00000000200000c0 RSI: 00000000000007a5 RDI: 0000000000000004
[  410.259386][T13724] RBP: 00007f1dca211090 R08: 0000000000000000 R09: 0000000000000000
[  410.261422][T13724] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  410.263671][T13724] R13: 0000000000000000 R14: 00007f1dc9535f80 R15: 00007fff863e0dc8
[  410.265966][T13724]  </TASK>
[  410.281413][T13718] netlink: 176 bytes leftover after parsing attributes in process `syz.0.2210'.
[  410.287536][T13718] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=35 sclass=netlink_route_socket pid=13718 comm=syz.0.2210
[  410.295315][T13726] netlink: 'syz.1.2213': attribute type 10 has an invalid length.
[  410.302081][T13726] netlink: 9412 bytes leftover after parsing attributes in process `syz.1.2213'.
[  410.794049][T13746] 9pnet_fd: Insufficient options for proto=fd
[  410.864712][T13751] binder: 13750:13751 ioctl c0306201 20000000 returned -14
[  410.871873][T13751] binder: BINDER_SET_CONTEXT_MGR already set
[  410.873742][T13751] binder: 13750:13751 ioctl 4018620d 20000040 returned -16
[  411.269769][   T45] Bluetooth: hci5: Frame reassembly failed (-84)
[  411.368821][ T5939] Bluetooth: hci4: command 0x1003 tx timeout
[  411.368846][ T5294] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  411.527604][T13769] RDS: rds_bind could not find a transport for fe80::bb, load rds_tcp or rds_rdma?
[  413.038691][  T828] usb 9-1: new high-speed USB device number 20 using dummy_hcd
[  413.128434][T13808] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2238'.
[  413.198710][  T828] usb 9-1: Using ep0 maxpacket: 8
[  413.201162][  T828] usb 9-1: config 0 has an invalid interface number: 1 but max is 0
[  413.203163][  T828] usb 9-1: config 0 has no interface number 0
[  413.204807][  T828] usb 9-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  413.207518][  T828] usb 9-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  413.209955][  T828] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  413.213184][  T828] usb 9-1: config 0 descriptor??
[  413.219040][  T828] iowarrior 9-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0
[  413.288919][ T5951] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  413.428419][    C3] iowarrior 9-1:0.1: iowarrior_callback - usb_submit_urb failed with result -19
[  413.431843][   T35] usb 9-1: USB disconnect, device number 20
[  413.438750][   T35] iowarrior 9-1:0.1: I/O-Warror #0 now disconnected
[  414.114110][   T39] kauditd_printk_skb: 49 callbacks suppressed
[  414.114121][   T39] audit: type=1326 audit(1730113148.791:1560): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13826 comm="syz.5.2244" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fbc9ad7e719 code=0x0
[  414.494446][T13838] mapping of prio or/and queue is allowed only from OUTPUT/FORWARD/POSTROUTING chains
[  414.494546][T13840] mapping of prio or/and queue is allowed only from OUTPUT/FORWARD/POSTROUTING chains
[  414.883326][   T39] audit: type=1400 audit(1730113149.551:1561): avc:  denied  { name_connect } for  pid=13846 comm="syz.1.2248" dest=252 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=sctp_socket permissive=1
[  416.316738][ T5951] Bluetooth: hci1: Received unexpected HCI Event 0x00
[  416.412209][   T39] audit: type=1400 audit(1730113151.091:1562): avc:  denied  { getopt } for  pid=13880 comm="syz.0.2255" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  416.555080][T13886] netlink: 84 bytes leftover after parsing attributes in process `syz.5.2254'.
[  416.705334][T13892] syzkaller0: default qdisc (pfifo_fast) fail, fallback to noqueue
[  416.708719][T13894] FAULT_INJECTION: forcing a failure.
[  416.708719][T13894] name failslab, interval 1, probability 0, space 0, times 0
[  416.713282][T13894] CPU: 2 UID: 0 PID: 13894 Comm: syz.0.2259 Not tainted 6.12.0-rc4-syzkaller-00261-g850925a8133c #0
[  416.716440][T13894] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  416.719752][T13894] Call Trace:
[  416.720866][T13894]  <TASK>
[  416.721675][T13894]  dump_stack_lvl+0x16c/0x1f0
[  416.721979][T13892] syzkaller0: entered promiscuous mode
[  416.723089][T13894]  should_fail_ex+0x497/0x5b0
[  416.724475][T13892] syzkaller0: entered allmulticast mode
[  416.725973][T13894]  ? fs_reclaim_acquire+0xae/0x150
[  416.728709][T13894]  should_failslab+0xc2/0x120
[  416.730055][T13894]  kmem_cache_alloc_noprof+0x6e/0x2f0
[  416.731529][T13894]  ? alloc_vfsmnt+0x23/0x6e0
[  416.732723][T13894]  alloc_vfsmnt+0x23/0x6e0
[  416.733741][T13894]  clone_mnt+0x6d/0xf90
[  416.734938][T13894]  copy_tree+0x3a1/0x910
[  416.736413][T13894]  copy_mnt_ns+0x1b5/0xa80
[  416.737951][T13894]  ? trace_kmem_cache_alloc+0x2d/0xe0
[  416.739822][T13894]  ? kmem_cache_alloc_noprof+0x174/0x2f0
[  416.741765][T13894]  ? __asan_memcpy+0x3c/0x60
[  416.742956][T13894]  ? create_new_namespaces+0x30/0xad0
[  416.744315][T13894]  create_new_namespaces+0xd3/0xad0
[  416.745675][T13894]  ? bpf_lsm_capable+0x9/0x10
[  416.746883][T13894]  ? security_capable+0x7e/0x260
[  416.748139][T13894]  unshare_nsproxy_namespaces+0xc0/0x1f0
[  416.749587][T13894]  ksys_unshare+0x45d/0xa40
[  416.750753][T13894]  ? __pfx_ksys_unshare+0x10/0x10
[  416.752059][T13894]  ? ksys_write+0x1ad/0x260
[  416.753271][T13894]  __x64_sys_unshare+0x31/0x40
[  416.754526][T13894]  do_syscall_64+0xcd/0x250
[  416.755698][T13894]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  416.757182][T13894] RIP: 0033:0x7f1ef957e719
[  416.758303][T13894] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  416.762937][T13894] RSP: 002b:00007f1efa2a9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110
[  416.764945][T13894] RAX: ffffffffffffffda RBX: 00007f1ef9735f80 RCX: 00007f1ef957e719
[  416.766866][T13894] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000060400
[  416.768842][T13894] RBP: 00007f1efa2a9090 R08: 0000000000000000 R09: 0000000000000000
[  416.770792][T13894] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  416.772735][T13894] R13: 0000000000000000 R14: 00007f1ef9735f80 R15: 00007ffec8b8ac28
[  416.774633][T13894]  </TASK>
[  416.841527][T13896] can: request_module (can-proto-3) failed.
[  417.075068][T13903] can: request_module (can-proto-4) failed.
[  418.432255][   T39] audit: type=1326 audit(1730113153.111:1563): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13925 comm="syz.1.2266" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1dc937e719 code=0x7ffc0000
[  418.442939][   T39] audit: type=1326 audit(1730113153.121:1564): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13925 comm="syz.1.2266" exe="/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f1dc937e719 code=0x7ffc0000
[  418.451965][   T39] audit: type=1326 audit(1730113153.121:1565): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13925 comm="syz.1.2266" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1dc937e719 code=0x7ffc0000
[  418.466290][   T39] audit: type=1326 audit(1730113153.121:1566): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13925 comm="syz.1.2266" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1dc937e719 code=0x7ffc0000
[  418.475638][   T39] audit: type=1326 audit(1730113153.121:1567): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13925 comm="syz.1.2266" exe="/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f1dc937e719 code=0x7ffc0000
[  418.487374][   T39] audit: type=1326 audit(1730113153.121:1568): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13925 comm="syz.1.2266" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1dc937e719 code=0x7ffc0000
[  418.497691][   T39] audit: type=1326 audit(1730113153.121:1569): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13925 comm="syz.1.2266" exe="/syz-executor" sig=0 arch=c000003e syscall=268 compat=0 ip=0x7f1dc937e719 code=0x7ffc0000
[  419.051964][   T45] Bluetooth: hci4: Frame reassembly failed (-84)
[  419.073545][ T1456] usb 6-1: new high-speed USB device number 36 using dummy_hcd
[  419.098290][T13936] FAULT_INJECTION: forcing a failure.
[  419.098290][T13936] name failslab, interval 1, probability 0, space 0, times 0
[  419.101724][T13936] CPU: 3 UID: 0 PID: 13936 Comm: syz.4.2270 Not tainted 6.12.0-rc4-syzkaller-00261-g850925a8133c #0
[  419.104563][T13936] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  419.107367][T13936] Call Trace:
[  419.108261][T13936]  <TASK>
[  419.109054][T13936]  dump_stack_lvl+0x16c/0x1f0
[  419.110306][T13936]  should_fail_ex+0x497/0x5b0
[  419.111571][T13936]  ? fs_reclaim_acquire+0xae/0x150
[  419.112938][T13936]  should_failslab+0xc2/0x120
[  419.114203][T13936]  __kmalloc_node_noprof+0xd1/0x430
[  419.115579][T13936]  ? __kvmalloc_node_noprof+0xad/0x1a0
[  419.117034][T13936]  __kvmalloc_node_noprof+0xad/0x1a0
[  419.118418][T13936]  vmemdup_user+0x25/0x100
[  419.119596][T13936]  __sys_bpf+0x4568/0x49a0
[  419.120777][T13936]  ? ksys_write+0x21e/0x260
[  419.121983][T13936]  ? __pfx___sys_bpf+0x10/0x10
[  419.123253][T13936]  ? vfs_write+0x306/0x1150
[  419.124480][T13936]  ? __mutex_unlock_slowpath+0x164/0x650
[  419.125955][T13936]  ? fput+0x30/0x390
[  419.126989][T13936]  ? ksys_write+0x1ad/0x260
[  419.128189][T13936]  ? __pfx_ksys_write+0x10/0x10
[  419.129487][T13936]  __x64_sys_bpf+0x78/0xc0
[  419.130669][T13936]  ? lockdep_hardirqs_on+0x7c/0x110
[  419.132037][T13936]  do_syscall_64+0xcd/0x250
[  419.133252][T13936]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  419.134778][T13936] RIP: 0033:0x7ff04037e719
[  419.135959][T13936] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  419.140974][T13936] RSP: 002b:00007ff041132038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  419.143163][T13936] RAX: ffffffffffffffda RBX: 00007ff040535f80 RCX: 00007ff04037e719
[  419.145231][T13936] RDX: 0000000000000020 RSI: 0000000020000240 RDI: 0000000000000001
[  419.147286][T13936] RBP: 00007ff041132090 R08: 0000000000000000 R09: 0000000000000000
[  419.149469][T13936] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  419.151646][T13936] R13: 0000000000000000 R14: 00007ff040535f80 R15: 00007ffead707738
[  419.153724][T13936]  </TASK>
[  419.154634][    C3] vkms_vblank_simulate: vblank timer overrun
[  419.176311][ T5294] Bluetooth: hci1: unexpected event for opcode 0x203d
[  419.238770][ T1456] usb 6-1: Using ep0 maxpacket: 8
[  419.241316][ T1456] usb 6-1: config 0 has an invalid interface number: 1 but max is 0
[  419.243375][ T1456] usb 6-1: config 0 has no interface number 0
[  419.245039][ T1456] usb 6-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  419.247988][ T1456] usb 6-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  419.258105][ T1456] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  419.261260][ T1456] usb 6-1: config 0 descriptor??
[  419.264403][ T1456] iowarrior 6-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0
[  419.469688][ T5981] usb 6-1: USB disconnect, device number 36
[  419.469716][    C1] iowarrior 6-1:0.1: iowarrior_callback - usb_submit_urb failed with result -19
[  419.474264][ T5981] iowarrior 6-1:0.1: I/O-Warror #0 now disconnected
[  420.149611][T13958] netlink: 44 bytes leftover after parsing attributes in process `syz.4.2277'.
[  420.168106][T13958] syz.4.2277(13958): Attempt to set a LOCK_MAND lock via flock(2). This support has been removed and the request ignored.
[  420.378710][  T828] usb 5-1: new high-speed USB device number 45 using dummy_hcd
[  420.555394][  T828] usb 5-1: config 0 has no interfaces?
[  420.556966][  T828] usb 5-1: New USB device found, idVendor=1a34, idProduct=0802, bcdDevice= 0.00
[  420.563721][  T828] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  420.574336][  T828] usb 5-1: config 0 descriptor??
[  420.699358][T13975] netlink: 751 bytes leftover after parsing attributes in process `syz.1.2281'.
[  421.050206][ T5951] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  421.274977][T13992] binder: 13991:13992 ioctl c018620c 20000000 returned -22
[  421.282312][   T35] usb 5-1: USB disconnect, device number 45
[  421.493246][T13997] FAULT_INJECTION: forcing a failure.
[  421.493246][T13997] name failslab, interval 1, probability 0, space 0, times 0
[  421.496553][T13997] CPU: 2 UID: 0 PID: 13997 Comm: syz.1.2288 Not tainted 6.12.0-rc4-syzkaller-00261-g850925a8133c #0
[  421.499353][T13997] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  421.502143][T13997] Call Trace:
[  421.503017][T13997]  <TASK>
[  421.503789][T13997]  dump_stack_lvl+0x16c/0x1f0
[  421.505044][T13997]  should_fail_ex+0x497/0x5b0
[  421.506283][T13997]  ? fs_reclaim_acquire+0xae/0x150
[  421.507625][T13997]  should_failslab+0xc2/0x120
[  421.508874][T13997]  __kmalloc_cache_noprof+0x6b/0x300
[  421.510253][T13997]  ? io_sq_offload_create+0x3c6/0x1190
[  421.511713][T13997]  io_sq_offload_create+0x3c6/0x1190
[  421.513101][T13997]  ? __pfx_io_sq_offload_create+0x10/0x10
[  421.514594][T13997]  ? io_pages_map+0x1dd/0x510
[  421.515825][T13997]  io_uring_setup+0x1824/0x3750
[  421.517125][T13997]  ? __pfx_io_uring_setup+0x10/0x10
[  421.518509][T13997]  ? ksys_write+0x1ad/0x260
[  421.519708][T13997]  ? __pfx_ksys_write+0x10/0x10
[  421.521026][T13997]  __x64_sys_io_uring_setup+0x98/0x140
[  421.522451][T13997]  do_syscall_64+0xcd/0x250
[  421.523649][T13997]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  421.525200][T13997] RIP: 0033:0x7f1dc937e719
[  421.526373][T13997] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  421.531344][T13997] RSP: 002b:00007f1dca210fc8 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9
[  421.533488][T13997] RAX: ffffffffffffffda RBX: 00007f1dc9535f80 RCX: 00007f1dc937e719
[  421.535526][T13997] RDX: 0000000000000000 RSI: 0000000020000240 RDI: 0000000000005c23
[  421.537584][T13997] RBP: 0000000020000240 R08: 0000000000000000 R09: 0000000000000000
[  421.539620][T13997] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000002
[  421.541803][T13997] R13: 0000000000000000 R14: 0000000000005c23 R15: 0000000000000000
[  421.543837][T13997]  </TASK>
[  421.731054][T14002] netlink: 134744 bytes leftover after parsing attributes in process `syz.5.2290'.
[  421.866495][T14008] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2292'.
[  422.458991][T14031] nbd: device at index 1 is going down
[  422.841506][ T5294] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  422.846117][ T5294] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  422.848818][ T5294] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  422.852554][ T5294] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  422.855309][ T5294] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  422.857259][ T5294] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  423.024397][T14043] chnl_net:caif_netlink_parms(): no params data found
[  423.086709][T14043] bridge0: port 1(bridge_slave_0) entered blocking state
[  423.088800][T14043] bridge0: port 1(bridge_slave_0) entered disabled state
[  423.090727][T14043] bridge_slave_0: entered allmulticast mode
[  423.092834][T14043] bridge_slave_0: entered promiscuous mode
[  423.096742][T14043] bridge0: port 2(bridge_slave_1) entered blocking state
[  423.099127][T14043] bridge0: port 2(bridge_slave_1) entered disabled state
[  423.101044][T14043] bridge_slave_1: entered allmulticast mode
[  423.103210][T14043] bridge_slave_1: entered promiscuous mode
[  423.122919][T14043] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  423.126403][T14043] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  423.157627][T14043] team0: Port device team_slave_0 added
[  423.160622][T14043] team0: Port device team_slave_1 added
[  423.179937][T14043] batman_adv: batadv0: Adding interface: batadv_slave_0
[  423.181812][T14043] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  423.188475][T14043] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  423.192108][T14043] batman_adv: batadv0: Adding interface: batadv_slave_1
[  423.193938][T14043] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  423.201022][T14043] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  423.208796][ T5951] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0
[  423.211541][ T5951] Bluetooth: hci1: Injecting HCI hardware error event
[  423.215581][ T5294] Bluetooth: hci1: hardware error 0x00
[  423.230769][T14043] hsr_slave_0: entered promiscuous mode
[  423.232757][T14043] hsr_slave_1: entered promiscuous mode
[  423.234638][T14043] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  423.236572][T14043] Cannot create hsr debugfs directory
[  423.314848][T14043] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  423.320364][T14043] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  423.323867][T14043] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  423.327274][T14043] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  423.337404][T14043] bridge0: port 2(bridge_slave_1) entered blocking state
[  423.339365][T14043] bridge0: port 2(bridge_slave_1) entered forwarding state
[  423.341525][T14043] bridge0: port 1(bridge_slave_0) entered blocking state
[  423.343354][T14043] bridge0: port 1(bridge_slave_0) entered forwarding state
[  423.368227][T14043] 8021q: adding VLAN 0 to HW filter on device bond0
[  423.380331][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  423.385675][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  423.406671][T14043] 8021q: adding VLAN 0 to HW filter on device team0
[  423.425913][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  423.428662][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  423.432166][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  423.434701][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  423.560475][T14043] 8021q: adding VLAN 0 to HW filter on device batadv0
[  423.607020][   T39] kauditd_printk_skb: 27 callbacks suppressed
[  423.607031][   T39] audit: type=1400 audit(1730113158.281:1597): avc:  denied  { compute_member } for  pid=14067 comm="syz.0.2307" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1
[  423.672298][T14043] veth0_vlan: entered promiscuous mode
[  423.676324][T14043] veth1_vlan: entered promiscuous mode
[  423.686792][T14043] veth0_macvtap: entered promiscuous mode
[  423.690471][T14043] veth1_macvtap: entered promiscuous mode
[  423.702467][T14043] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  423.705894][T14043] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  423.710027][T14043] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  423.712945][T14043] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  423.716938][T14043] batman_adv: batadv0: Interface activated: batadv_slave_0
[  423.722943][T14043] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  423.725686][T14043] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  423.728836][T14043] batman_adv: batadv0: Interface activated: batadv_slave_1
[  423.732897][T14043] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  423.735186][T14043] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  423.737760][T14043] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  423.742293][T14043] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  423.775280][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  423.777548][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  423.792467][   T45] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  423.794725][   T45] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  423.838748][  T828] usb 9-1: new full-speed USB device number 21 using dummy_hcd
[  424.014286][  T828] usb 9-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  424.017293][  T828] usb 9-1: config 1 has 1 interface, different from the descriptor's value: 2
[  424.020249][  T828] usb 9-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 26984, setting to 64
[  424.024561][  T828] usb 9-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00
[  424.027003][  T828] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  424.036741][T14070] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  424.047186][  T828] hub 9-1:1.0: bad descriptor, ignoring hub
[  424.049390][  T828] hub 9-1:1.0: probe with driver hub failed with error -5
[  424.051707][  T828] cdc_wdm 9-1:1.0: skipping garbage
[  424.053165][  T828] cdc_wdm 9-1:1.0: skipping garbage
[  424.060793][  T828] cdc_wdm 9-1:1.0: cdc-wdm0: USB WDM device
[  424.062445][  T828] cdc_wdm 9-1:1.0: Unknown control protocol
[  424.097896][T14090] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2310'.
[  424.198813][ T5979] usb 11-1: new high-speed USB device number 2 using dummy_hcd
[  424.351389][ T5979] usb 11-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  424.353948][ T5979] usb 11-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  424.357747][ T5979] usb 11-1: config 1 has 1 interface, different from the descriptor's value: 66
[  424.361026][ T5979] usb 11-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  424.365078][ T5979] usb 11-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  424.368249][ T5979] usb 11-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  424.371353][ T5979] usb 11-1: Product: syz
[  424.372814][ T5979] usb 11-1: Manufacturer: syz
[  424.377031][ T5979] cdc_wdm 11-1:1.0: skipping garbage
[  424.378451][ T5979] cdc_wdm 11-1:1.0: skipping garbage
[  424.398663][  T828] usb 5-1: new high-speed USB device number 46 using dummy_hcd
[  424.578903][  T828] usb 5-1: Using ep0 maxpacket: 8
[  424.583276][  T828] usb 5-1: config 0 has an invalid interface number: 1 but max is 0
[  424.585382][  T828] usb 5-1: config 0 has no interface number 0
[  424.587052][  T828] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  424.590423][  T828] usb 5-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  424.592893][  T828] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  424.595972][  T828] usb 5-1: config 0 descriptor??
[  424.888942][ T5951] Bluetooth: hci2: command tx timeout
[  424.951555][T14058] usb 9-1: reset full-speed USB device number 21 using dummy_hcd
[  425.115178][T14070] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  425.125407][ T5979] cdc_wdm 11-1:1.0: cdc-wdm1: USB WDM device
[  425.127703][ T5979] cdc_wdm 11-1:1.0: Unknown control protocol
[  425.299036][ T5294] Bluetooth: hci1: Opcode 0x0c03 failed: -110
[  425.300783][    C1] cdc_wdm 9-1:1.0: nonzero urb status received: -71
[  425.302931][    C1] cdc_wdm 9-1:1.0: wdm_int_callback - 0 bytes
[  425.303634][  T828] iowarrior 5-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior2
[  425.309230][  T828] usb 5-1: USB disconnect, device number 46
[  425.311954][  T828] iowarrior 5-1:0.1: I/O-Warror #2 now disconnected
[  425.345554][T14058] syz.4.2306[14058] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  425.345604][T14058] syz.4.2306[14058] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  425.348955][T14058] syz.4.2306[14058] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  425.355664][ T1456] usb 9-1: USB disconnect, device number 21
[  425.710889][T14101] bridge: RTM_NEWNEIGH with invalid ether address
[  425.737634][   T39] audit: type=1400 audit(1730113160.411:1598): avc:  denied  { read } for  pid=14100 comm="syz.5.2313" dev="sockfs" ino=52510 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  425.832387][T14106] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2314'.
[  425.934377][   T39] audit: type=1400 audit(1730113160.611:1599): avc:  denied  { recv } for  pid=5908 comm="syz-executor" saddr=127.0.0.1 src=49352 daddr=127.0.0.1 dest=30000 netif=lo scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unlabeled_t tclass=peer permissive=1
[  425.944387][   T39] audit: type=1400 audit(1730113160.611:1600): avc:  denied  { recv } for  pid=5905 comm="sshd" saddr=127.0.0.1 src=30000 daddr=127.0.0.1 dest=49352 netif=lo scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=peer permissive=1
[  426.878207][  T828] usb 11-1: USB disconnect, device number 2
[  426.968703][ T5294] Bluetooth: hci2: command tx timeout
[  427.112746][   T39] audit: type=1400 audit(1730113161.791:1601): avc:  denied  { ioctl } for  pid=14136 comm="syz.0.2323" path="socket:[54899]" dev="sockfs" ino=54899 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1
[  427.348684][  T828] usb 11-1: new high-speed USB device number 3 using dummy_hcd
[  427.508715][  T828] usb 11-1: Using ep0 maxpacket: 8
[  427.512032][  T828] usb 11-1: config 0 has an invalid interface number: 1 but max is 0
[  427.514825][  T828] usb 11-1: config 0 has no interface number 0
[  427.517036][  T828] usb 11-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  427.521512][  T828] usb 11-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  427.524647][  T828] usb 11-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  427.529048][  T828] usb 11-1: config 0 descriptor??
[  427.536007][  T828] iowarrior 11-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0
[  427.654942][T14154] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2327'.
[  427.736940][  T828] usb 11-1: USB disconnect, device number 3
[  427.738571][    C0] iowarrior 11-1:0.1: iowarrior_callback - usb_submit_urb failed with result -19
[  427.741796][  T828] iowarrior 11-1:0.1: I/O-Warror #0 now disconnected
[  428.412056][   T39] audit: type=1400 audit(1730113163.091:1602): avc:  denied  { egress } for  pid=29 comm="ksoftirqd/1" saddr=fe80::1c daddr=ff02::2 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:netif_t tclass=netif permissive=1
[  428.418149][   T39] audit: type=1400 audit(1730113163.091:1603): avc:  denied  { sendto } for  pid=29 comm="ksoftirqd/1" saddr=fe80::1c daddr=ff02::2 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:node_t tclass=node permissive=1
[  429.050967][ T5294] Bluetooth: hci2: command tx timeout
[  429.350895][T14187] FAULT_INJECTION: forcing a failure.
[  429.350895][T14187] name failslab, interval 1, probability 0, space 0, times 0
[  429.355423][T14187] CPU: 3 UID: 0 PID: 14187 Comm: syz.0.2337 Not tainted 6.12.0-rc4-syzkaller-00261-g850925a8133c #0
[  429.359007][T14187] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  429.362235][T14187] Call Trace:
[  429.363114][T14187]  <TASK>
[  429.364099][T14187]  dump_stack_lvl+0x16c/0x1f0
[  429.365525][T14187]  should_fail_ex+0x497/0x5b0
[  429.366070][T14189] netlink: 'syz.6.2338': attribute type 6 has an invalid length.
[  429.366752][T14187]  ? fs_reclaim_acquire+0xae/0x150
[  429.370470][T14187]  should_failslab+0xc2/0x120
[  429.371990][T14187]  __kmalloc_cache_noprof+0x6b/0x300
[  429.373366][T14187]  ? sr_read_tocentry.isra.0+0xac/0x540
[  429.374902][T14187]  ? sr_read_tochdr.isra.0+0x1dc/0x270
[  429.376502][T14187]  sr_read_tocentry.isra.0+0xac/0x540
[  429.378311][T14187]  ? __pfx_sr_read_tocentry.isra.0+0x10/0x10
[  429.380073][T14187]  ? __pfx_sr_read_tochdr.isra.0+0x10/0x10
[  429.381969][T14187]  sr_fake_playtrkind+0x1f3/0x390
[  429.383594][T14187]  ? __pfx_sr_fake_playtrkind+0x10/0x10
[  429.385449][T14187]  ? __pfx_sr_do_ioctl+0x10/0x10
[  429.387041][T14187]  ? __might_fault+0x13b/0x190
[  429.388376][T14187]  sr_audio_ioctl+0x29b/0x2f0
[  429.389802][T14187]  ? __pfx_sr_audio_ioctl+0x10/0x10
[  429.391402][T14187]  cdrom_ioctl+0x2b3d/0x3290
[  429.392887][T14187]  ? mark_lock+0xb5/0xc60
[  429.394360][T14187]  ? __pfx_cdrom_ioctl+0x10/0x10
[  429.396044][T14187]  ? __pfx_mark_lock+0x10/0x10
[  429.397693][T14187]  ? rpm_resume+0x81d/0x1330
[  429.399388][T14187]  ? lock_acquire.part.0+0x11b/0x380
[  429.401012][T14187]  ? find_held_lock+0x2d/0x110
[  429.402296][T14187]  ? __pm_runtime_resume+0xc3/0x170
[  429.403603][T14187]  ? __pfx_lock_release+0x10/0x10
[  429.405273][T14187]  ? lockdep_hardirqs_on+0x7c/0x110
[  429.407031][T14187]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[  429.408713][T14187]  ? __pm_runtime_resume+0xc3/0x170
[  429.410475][T14187]  sr_block_ioctl+0x1b0/0x250
[  429.412084][T14187]  ? __pfx_sr_block_ioctl+0x10/0x10
[  429.413902][T14187]  blkdev_ioctl+0x276/0x6d0
[  429.415449][T14187]  ? __pfx_blkdev_ioctl+0x10/0x10
[  429.417094][T14187]  ? selinux_file_ioctl+0x180/0x270
[  429.418877][T14187]  ? selinux_file_ioctl+0xb4/0x270
[  429.420585][T14187]  ? __pfx_blkdev_ioctl+0x10/0x10
[  429.422187][T14187]  __x64_sys_ioctl+0x18f/0x220
[  429.423597][T14187]  do_syscall_64+0xcd/0x250
[  429.425146][T14187]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  429.426994][T14187] RIP: 0033:0x7f1ef957e719
[  429.428281][T14187] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  429.433770][T14187] RSP: 002b:00007f1efa2a9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  429.436595][T14187] RAX: ffffffffffffffda RBX: 00007f1ef9735f80 RCX: 00007f1ef957e719
[  429.438871][T14187] RDX: 0000000020000c80 RSI: 0000000000005304 RDI: 0000000000000003
[  429.441427][T14187] RBP: 00007f1efa2a9090 R08: 0000000000000000 R09: 0000000000000000
[  429.444067][T14187] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  429.446423][T14187] R13: 0000000000000000 R14: 00007f1ef9735f80 R15: 00007ffec8b8ac28
[  429.448641][T14187]  </TASK>
[  429.484500][T14191] FAULT_INJECTION: forcing a failure.
[  429.484500][T14191] name failslab, interval 1, probability 0, space 0, times 0
[  429.490803][   T45] Bluetooth: hci4: Frame reassembly failed (-84)
[  429.491179][T14191] CPU: 3 UID: 0 PID: 14191 Comm: syz.6.2339 Not tainted 6.12.0-rc4-syzkaller-00261-g850925a8133c #0
[  429.493108][  T104] Bluetooth: hci4: Frame reassembly failed (-84)
[  429.495031][T14191] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  429.495042][T14191] Call Trace:
[  429.495047][T14191]  <TASK>
[  429.495052][T14191]  dump_stack_lvl+0x16c/0x1f0
[  429.503412][T14191]  should_fail_ex+0x497/0x5b0
[  429.504915][T14191]  ? fs_reclaim_acquire+0xae/0x150
[  429.506281][T14191]  should_failslab+0xc2/0x120
[  429.507678][T14191]  kmem_cache_alloc_noprof+0x6e/0x2f0
[  429.509055][T14191]  ? dup_fd+0x50/0xc00
[  429.510117][T14191]  dup_fd+0x50/0xc00
[  429.511087][T14191]  ? __pfx_audit_alloc+0x10/0x10
[  429.512583][T14191]  copy_process+0x25d6/0x8db0
[  429.514176][T14191]  ? __pfx___lock_acquire+0x10/0x10
[  429.515503][T14191]  ? __pfx_copy_process+0x10/0x10
[  429.517104][T14191]  ? get_pid_task+0xfc/0x250
[  429.518682][T14191]  ? __pfx_lock_release+0x10/0x10
[  429.520387][T14191]  ? trace_lock_acquire+0x14a/0x1d0
[  429.521947][T14191]  ? find_held_lock+0x2d/0x110
[  429.523165][T14191]  ? find_held_lock+0x2d/0x110
[  429.524393][T14191]  kernel_clone+0xfd/0x960
[  429.525538][T14191]  ? __pfx_kernel_clone+0x10/0x10
[  429.526811][T14191]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  429.528341][T14191]  __do_sys_clone+0xba/0x100
[  429.529547][T14191]  ? __pfx___do_sys_clone+0x10/0x10
[  429.530869][T14191]  do_syscall_64+0xcd/0x250
[  429.532050][T14191]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  429.533577][T14191] RIP: 0033:0x7fb7b637e719
[  429.534761][T14191] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  429.539623][T14191] RSP: 002b:00007fb7b720dfe8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  429.542086][T14191] RAX: ffffffffffffffda RBX: 00007fb7b6535f80 RCX: 00007fb7b637e719
[  429.544057][T14191] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000081088000
[  429.546050][T14191] RBP: 00007fb7b720e090 R08: 0000000000000000 R09: 0000000000000000
[  429.548060][T14191] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[  429.550089][T14191] R13: 0000000000000000 R14: 00007fb7b6535f80 R15: 00007ffc20cc7a58
[  429.552065][T14191]  </TASK>
[  429.605248][T14196] netlink: 20 bytes leftover after parsing attributes in process `syz.6.2341'.
[  429.609645][   T39] audit: type=1400 audit(1730113164.291:1604): avc:  denied  { ioctl } for  pid=14195 comm="syz.6.2341" path="socket:[51998]" dev="sockfs" ino=51998 ioctlcmd=0x941b scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[  429.641953][T14198] bridge0: port 2(bridge_slave_1) entered disabled state
[  429.644573][T14198] bridge0: port 1(bridge_slave_0) entered disabled state
[  429.647409][T14198] bridge0: entered allmulticast mode
[  429.664915][  T104] Bluetooth: hci5: Frame reassembly failed (-84)
[  430.169018][   T35] usb 9-1: new high-speed USB device number 22 using dummy_hcd
[  430.318742][   T35] usb 9-1: Using ep0 maxpacket: 8
[  430.321581][   T35] usb 9-1: config 0 has an invalid interface number: 1 but max is 0
[  430.323628][   T35] usb 9-1: config 0 has no interface number 0
[  430.325291][   T35] usb 9-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  430.327726][   T35] usb 9-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  430.330538][   T35] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  430.333513][   T35] usb 9-1: config 0 descriptor??
[  430.335917][   T35] iowarrior 9-1:0.1: no interrupt-in endpoint found
[  430.539966][ T5979] usb 9-1: USB disconnect, device number 22
[  431.128692][ T5939] Bluetooth: hci2: command tx timeout
[  431.383259][T14203] hub 2-0:1.0: USB hub found
[  431.384656][T14203] hub 2-0:1.0: 2 ports detected
[  431.538702][ T5294] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  431.539553][ T5939] Bluetooth: hci4: command 0x1003 tx timeout
[  431.698754][ T5294] Bluetooth: hci5: command 0x1003 tx timeout
[  431.699382][ T5951] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  431.819078][   T35] usb 5-1: new high-speed USB device number 47 using dummy_hcd
[  431.893964][   T39] audit: type=1326 audit(1730113166.571:1605): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14211 comm="syz.5.2348" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fbc9ad7e719 code=0x0
[  431.968744][   T35] usb 5-1: Using ep0 maxpacket: 8
[  431.972127][   T35] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  431.974728][   T35] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  431.977673][   T35] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  431.981121][   T35] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  431.985176][   T35] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  431.988188][   T35] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  432.138434][   T39] audit: type=1326 audit(1730113166.811:1606): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14214 comm="syz.4.2349" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff04037e719 code=0x7ffc0000
[  432.148743][   T39] audit: type=1326 audit(1730113166.811:1607): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14214 comm="syz.4.2349" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff04037e719 code=0x7ffc0000
[  432.154870][   T39] audit: type=1326 audit(1730113166.821:1608): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14214 comm="syz.4.2349" exe="/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7ff04037e719 code=0x7ffc0000
[  432.161079][   T39] audit: type=1326 audit(1730113166.821:1609): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14214 comm=6C2586CE36DB0CCF197CC94F7FCE8F exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff04037e719 code=0x7ffc0000
[  432.167629][   T39] audit: type=1326 audit(1730113166.821:1610): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14214 comm=6C2586CE36DB0CCF197CC94F7FCE8F exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff04037e719 code=0x7ffc0000
[  432.174417][   T39] audit: type=1326 audit(1730113166.821:1611): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14214 comm=6C2586CE36DB0CCF197CC94F7FCE8F exe="/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7ff04037e719 code=0x7ffc0000
[  432.181151][   T39] audit: type=1326 audit(1730113166.821:1612): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14214 comm=6C2586CE36DB0CCF197CC94F7FCE8F exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff04037e719 code=0x7ffc0000
[  432.187656][   T39] audit: type=1326 audit(1730113166.821:1613): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14214 comm=6C2586CE36DB0CCF197CC94F7FCE8F exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff04037e719 code=0x7ffc0000
[  432.197351][   T35] usb 5-1: GET_CAPABILITIES returned 0
[  432.199346][   T35] usbtmc 5-1:16.0: can't read capabilities
[  432.409136][T14205] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  432.412300][T14205] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  432.422099][  T828] usb 5-1: USB disconnect, device number 47
[  432.626709][ T1131] Bluetooth: hci4: Frame reassembly failed (-84)
[  434.658817][ T5939] Bluetooth: hci4: command 0x1003 tx timeout
[  434.660976][ T5951] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  434.814843][   T39] kauditd_printk_skb: 310 callbacks suppressed
[  434.814854][   T39] audit: type=1326 audit(1730113169.491:1924): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14255 comm="syz.6.2359" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb7b637e719 code=0x7ffc0000
[  434.825140][   T39] audit: type=1326 audit(1730113169.491:1925): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14255 comm="syz.6.2359" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb7b637e719 code=0x7ffc0000
[  434.835327][   T39] audit: type=1326 audit(1730113169.501:1926): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14255 comm="syz.6.2359" exe="/syz-executor" sig=0 arch=c000003e syscall=4 compat=0 ip=0x7fb7b637e719 code=0x7ffc0000
[  434.848751][   T39] audit: type=1326 audit(1730113169.501:1927): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14255 comm="syz.6.2359" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb7b637e719 code=0x7ffc0000
[  434.854946][   T39] audit: type=1326 audit(1730113169.501:1928): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14255 comm="syz.6.2359" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb7b637e719 code=0x7ffc0000
[  434.861070][   T39] audit: type=1326 audit(1730113169.501:1929): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14255 comm="syz.6.2359" exe="/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7fb7b637e719 code=0x7ffc0000
[  434.866880][   T39] audit: type=1326 audit(1730113169.501:1930): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14255 comm="syz.6.2359" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb7b637e719 code=0x7ffc0000
[  434.873548][   T39] audit: type=1326 audit(1730113169.501:1931): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14255 comm="syz.6.2359" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb7b637e719 code=0x7ffc0000
[  434.880161][   T39] audit: type=1326 audit(1730113169.501:1932): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14255 comm="syz.6.2359" exe="/syz-executor" sig=0 arch=c000003e syscall=154 compat=0 ip=0x7fb7b637e719 code=0x7ffc0000
[  434.885995][   T39] audit: type=1326 audit(1730113169.501:1933): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14255 comm="syz.6.2359" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb7b637e719 code=0x7ffc0000
[  434.893989][ T5294] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  434.894081][ T5951] Bluetooth: hci5: command 0x1003 tx timeout
[  435.071818][T14267] netlink: 44 bytes leftover after parsing attributes in process `syz.0.2363'.
[  435.543576][T14260] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  435.546209][T14260] Bluetooth: hci2: Error when powering off device on rfkill (-4)
[  435.786036][   T75] Bluetooth: hci4: Frame reassembly failed (-84)
[  435.896046][T14285] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2367'.
[  435.974709][T14293] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=34769 sclass=netlink_route_socket pid=14293 comm=syz.0.2369
[  436.122617][T14294] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  436.549640][T14304] sp0: Synchronizing with TNC
[  436.557901][T14303] [U] è`
[  436.728969][ T6001] usb 9-1: new high-speed USB device number 23 using dummy_hcd
[  436.816072][T14309] netlink: 44 bytes leftover after parsing attributes in process `syz.0.2375'.
[  436.883759][ T6001] usb 9-1: config 0 has no interfaces?
[  436.885895][ T6001] usb 9-1: New USB device found, idVendor=1a34, idProduct=0802, bcdDevice= 0.00
[  436.889714][ T6001] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  436.894338][ T6001] usb 9-1: config 0 descriptor??
[  436.997350][T14316] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  437.519677][T14321] Bluetooth: received HCILL_WAKE_UP_ACK in state 2
[  437.527078][  T104] Bluetooth: hci5: Frame reassembly failed (-84)
[  437.530859][  T104] Bluetooth: hci5: Frame reassembly failed (-84)
[  437.532124][T14322] IPVS: sync thread started: state = BACKUP, mcast_ifn = veth1_macvtap, syncid = 0, id = 0
[  437.540474][ T6001] usb 9-1: USB disconnect, device number 23
[  437.848998][ T5951] Bluetooth: hci4: command 0x1003 tx timeout
[  437.851188][ T5294] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  438.067370][T14329] binder: BINDER_SET_CONTEXT_MGR already set
[  438.070121][T14329] binder: 14326:14329 ioctl 4018620d 20000040 returned -16
[  438.867660][T14329] syz.6.2379 (14329): drop_caches: 2
[  439.153684][T14341] dlm: non-version read from control device 142
[  439.528844][ T5939] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  439.573393][T14357] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2386'.
[  439.575972][T14357] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2386'.
[  439.582104][T14357] gtp0: entered promiscuous mode
[  439.583210][T14358] FAULT_INJECTION: forcing a failure.
[  439.583210][T14358] name failslab, interval 1, probability 0, space 0, times 0
[  439.583549][T14357] gtp0: entered allmulticast mode
[  439.588572][T14358] CPU: 3 UID: 0 PID: 14358 Comm: syz.0.2387 Not tainted 6.12.0-rc4-syzkaller-00261-g850925a8133c #0
[  439.591385][T14358] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  439.594237][T14358] Call Trace:
[  439.595137][T14358]  <TASK>
[  439.595936][T14358]  dump_stack_lvl+0x16c/0x1f0
[  439.597261][T14358]  should_fail_ex+0x497/0x5b0
[  439.598537][T14358]  ? fs_reclaim_acquire+0xae/0x150
[  439.599900][T14358]  should_failslab+0xc2/0x120
[  439.601163][T14358]  __kmalloc_cache_noprof+0x6b/0x300
[  439.602556][T14358]  ? netfs_buffer_make_space+0x432/0x6b0
[  439.604048][T14358]  netfs_buffer_make_space+0x432/0x6b0
[  439.605507][T14358]  netfs_buffer_append_folio+0x298/0x360
[  439.607012][T14358]  netfs_write_folio+0x540/0x1930
[  439.608371][T14358]  ? trace_netfs_folio+0x193/0x220
[  439.609736][T14358]  ? __pfx___might_resched+0x10/0x10
[  439.611123][T14358]  netfs_end_writethrough+0x53/0x170
[  439.612707][T14358]  netfs_perform_write+0x1b1c/0x21a0
[  439.614114][T14358]  ? hlock_class+0x4e/0x130
[  439.615327][T14358]  ? __pfx_netfs_perform_write+0x10/0x10
[  439.616856][T14358]  ? generic_update_time+0xcf/0xf0
[  439.618221][T14358]  ? mnt_put_write_access_file+0x45/0xf0
[  439.619711][T14358]  netfs_file_write_iter+0x432/0x4f0
[  439.621137][T14358]  v9fs_file_write_iter+0x9b/0x100
[  439.622498][T14358]  aio_write+0x3b2/0x8c0
[  439.623738][T14358]  ? __pfx_aio_write+0x10/0x10
[  439.625048][T14358]  ? find_held_lock+0x2d/0x110
[  439.626430][T14358]  ? lock_acquire+0x2f/0xb0
[  439.627741][T14358]  ? __might_fault+0xe3/0x190
[  439.628994][T14358]  ? io_submit_one+0x1248/0x1da0
[  439.630395][T14358]  io_submit_one+0x1248/0x1da0
[  439.631720][T14358]  ? __pfx_io_submit_one+0x10/0x10
[  439.633152][T14358]  ? __might_fault+0x13b/0x190
[  439.634506][T14358]  ? __pfx_lock_release+0x10/0x10
[  439.635924][T14358]  ? lock_acquire+0x2f/0xb0
[  439.637182][T14358]  ? __might_fault+0xe3/0x190
[  439.638466][T14358]  ? __might_fault+0xe3/0x190
[  439.639843][T14358]  ? __x64_sys_io_submit+0x19d/0x330
[  439.641264][T14358]  __x64_sys_io_submit+0x19d/0x330
[  439.642657][T14358]  ? __pfx___x64_sys_io_submit+0x10/0x10
[  439.644152][T14358]  do_syscall_64+0xcd/0x250
[  439.645391][T14358]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  439.646973][T14358] RIP: 0033:0x7f1ef957e719
[  439.648169][T14358] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  439.653377][T14358] RSP: 002b:00007f1efa2a9038 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
[  439.655563][T14358] RAX: ffffffffffffffda RBX: 00007f1ef9735f80 RCX: 00007f1ef957e719
[  439.657638][T14358] RDX: 0000000020000040 RSI: 0000000000000001 RDI: 00007f1efa281000
[  439.659685][T14358] RBP: 00007f1efa2a9090 R08: 0000000000000000 R09: 0000000000000000
[  439.661747][T14358] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  439.663776][T14358] R13: 0000000000000000 R14: 00007f1ef9735f80 R15: 00007ffec8b8ac28
[  439.665853][T14358]  </TASK>
[  439.670743][T14358] ------------[ cut here ]------------
[  439.672252][T14358] WARNING: CPU: 3 PID: 14358 at lib/iov_iter.c:255 _copy_from_iter+0x3a0/0x1560
[  439.674740][T14358] Modules linked in:
[  439.675919][T14358] CPU: 3 UID: 0 PID: 14358 Comm: syz.0.2387 Not tainted 6.12.0-rc4-syzkaller-00261-g850925a8133c #0
[  439.681330][T14358] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  439.684404][T14358] RIP: 0010:_copy_from_iter+0x3a0/0x1560
[  439.686004][T14358] Code: 60 fd 0f 01 cb 48 89 d9 4c 89 f7 48 89 ee f3 a4 0f 1f 00 48 89 cd 0f 01 ca 49 89 df 49 29 cf e9 1e ff ff ff e8 11 92 fe fc 90 <0f> 0b 90 e9 ae fd ff ff e8 03 92 fe fc 89 ee bf 01 00 00 00 e8 d7
[  439.691341][T14358] RSP: 0018:ffffc90005936fd0 EFLAGS: 00010293
[  439.692964][T14358] RAX: 0000000000000000 RBX: 0000000000000001 RCX: ffffffff848eeb48
[  439.695019][T14358] RDX: ffff8880231a8000 RSI: ffffffff848eee2f RDI: 0000000000000001
[  439.697215][T14358] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000
[  439.699400][T14358] R10: 0000000000000000 R11: 0000000000000000 R12: ffff88806132ece0
[  439.701483][T14358] R13: ffffc900059373c0 R14: ffff88806132ece0 R15: dffffc0000000000
[  439.703542][T14358] FS:  00007f1efa2a96c0(0000) GS:ffff88806a900000(0000) knlGS:0000000000000000
[  439.705838][T14358] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  439.707571][T14358] CR2: 00007f1ef8fded58 CR3: 000000005ce72000 CR4: 0000000000352ef0
[  439.709839][T14358] Call Trace:
[  439.710737][T14358]  <TASK>
[  439.711517][T14358]  ? __warn+0xea/0x3d0
[  439.712606][T14358]  ? _copy_from_iter+0x3a0/0x1560
[  439.713916][T14358]  ? report_bug+0x3c0/0x580
[  439.715118][T14358]  ? handle_bug+0x54/0xa0
[  439.716259][T14358]  ? exc_invalid_op+0x17/0x50
[  439.717567][T14358]  ? asm_exc_invalid_op+0x1a/0x20
[  439.719111][T14358]  ? _copy_from_iter+0xb8/0x1560
[  439.720677][T14358]  ? _copy_from_iter+0x39f/0x1560
[  439.722192][T14358]  ? _copy_from_iter+0x3a0/0x1560
[  439.723597][T14358]  ? __pfx_lock_release+0x10/0x10
[  439.724747][T14354] netlink: 44 bytes leftover after parsing attributes in process `syz.4.2385'.
[  439.724985][T14358]  ? __pfx__copy_from_iter+0x10/0x10
[  439.729674][T14358]  ? __virt_addr_valid+0x1a4/0x590
[  439.731056][T14358]  ? __virt_addr_valid+0x5e/0x590
[  439.732567][T14358]  ? __phys_addr_symbol+0x30/0x80
[  439.733993][T14358]  ? __check_object_size+0x488/0x710
[  439.735507][T14358]  p9pdu_vwritef+0x2d0/0x1cf0
[  439.736803][T14358]  ? p9pdu_writef+0xc4/0x100
[  439.738102][T14358]  ? __pfx_p9pdu_vwritef+0x10/0x10
[  439.739605][T14358]  ? __pfx_p9_tag_alloc+0x10/0x10
[  439.741035][T14358]  ? hlock_class+0x4e/0x130
[  439.742349][T14358]  ? mark_lock+0xb5/0xc60
[  439.743526][T14358]  p9_client_prepare_req+0x244/0x4d0
[  439.744955][T14358]  ? __pfx_p9_client_prepare_req+0x10/0x10
[  439.746591][T14358]  ? register_lock_class+0xb1/0x1240
[  439.748133][T14358]  ? mark_lock+0xb5/0xc60
[  439.749572][T14358]  ? __pfx_p9_virtio_zc_request+0x10/0x10
[  439.751158][T14358]  p9_client_rpc+0x1c3/0xc10
[  439.752457][T14358]  ? __pfx_p9_client_rpc+0x10/0x10
[  439.753856][T14358]  ? hlock_class+0x4e/0x130
[  439.755070][T14358]  ? __lock_acquire+0x163e/0x3ce0
[  439.756407][T14358]  ? hlock_class+0x4e/0x130
[  439.757621][T14358]  ? __pfx___lock_acquire+0x10/0x10
[  439.759086][T14358]  ? __pfx_p9_virtio_zc_request+0x10/0x10
[  439.760601][T14358]  p9_client_write+0x31f/0x680
[  439.761909][T14358]  ? __pfx_p9_client_write+0x10/0x10
[  439.763476][T14358]  v9fs_issue_write+0xe2/0x180
[  439.764749][T14358]  ? __pfx_v9fs_issue_write+0x10/0x10
[  439.766167][T14358]  ? __local_bh_enable_ip+0xa4/0x120
[  439.767590][T14358]  ? rcu_is_watching+0x12/0xc0
[  439.769120][T14358]  ? trace_netfs_sreq+0x193/0x220
[  439.770654][T14358]  netfs_do_issue_write+0x92/0x110
[  439.772177][T14358]  netfs_write_folio+0x82f/0x1930
[  439.773804][T14358]  ? __pfx___might_resched+0x10/0x10
[  439.775501][T14358]  netfs_end_writethrough+0x53/0x170
[  439.777255][T14358]  netfs_perform_write+0x1b1c/0x21a0
[  439.778813][T14358]  ? hlock_class+0x4e/0x130
[  439.779993][T14358]  ? __pfx_netfs_perform_write+0x10/0x10
[  439.781460][T14358]  ? generic_update_time+0xcf/0xf0
[  439.782805][T14358]  ? mnt_put_write_access_file+0x45/0xf0
[  439.784293][T14358]  netfs_file_write_iter+0x432/0x4f0
[  439.785679][T14358]  v9fs_file_write_iter+0x9b/0x100
[  439.787026][T14358]  aio_write+0x3b2/0x8c0
[  439.788154][T14358]  ? __pfx_aio_write+0x10/0x10
[  439.789495][T14358]  ? find_held_lock+0x2d/0x110
[  439.790764][T14358]  ? lock_acquire+0x2f/0xb0
[  439.791958][T14358]  ? __might_fault+0xe3/0x190
[  439.793211][T14358]  ? io_submit_one+0x1248/0x1da0
[  439.794507][T14358]  io_submit_one+0x1248/0x1da0
[  439.795789][T14358]  ? __pfx_io_submit_one+0x10/0x10
[  439.797154][T14358]  ? __might_fault+0x13b/0x190
[  439.798422][T14358]  ? __pfx_lock_release+0x10/0x10
[  439.799824][T14358]  ? lock_acquire+0x2f/0xb0
[  439.801034][T14358]  ? __might_fault+0xe3/0x190
[  439.802292][T14358]  ? __might_fault+0xe3/0x190
[  439.803497][T14358]  ? __x64_sys_io_submit+0x19d/0x330
[  439.804904][T14358]  __x64_sys_io_submit+0x19d/0x330
[  439.806267][T14358]  ? __pfx___x64_sys_io_submit+0x10/0x10
[  439.807754][T14358]  do_syscall_64+0xcd/0x250
[  439.809045][T14358]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  439.810607][T14358] RIP: 0033:0x7f1ef957e719
[  439.811786][T14358] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  439.816719][T14358] RSP: 002b:00007f1efa2a9038 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
[  439.818979][T14358] RAX: ffffffffffffffda RBX: 00007f1ef9735f80 RCX: 00007f1ef957e719
[  439.821042][T14358] RDX: 0000000020000040 RSI: 0000000000000001 RDI: 00007f1efa281000
[  439.823070][T14358] RBP: 00007f1efa2a9090 R08: 0000000000000000 R09: 0000000000000000
[  439.825238][T14358] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  439.827301][T14358] R13: 0000000000000000 R14: 00007f1ef9735f80 R15: 00007ffec8b8ac28
[  439.829454][T14358]  </TASK>
[  439.830289][T14358] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  439.832208][T14358] CPU: 3 UID: 0 PID: 14358 Comm: syz.0.2387 Not tainted 6.12.0-rc4-syzkaller-00261-g850925a8133c #0
[  439.834974][T14358] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  439.837778][T14358] Call Trace:
[  439.838674][T14358]  <TASK>
[  439.839455][T14358]  dump_stack_lvl+0x3d/0x1f0
[  439.840805][T14358]  panic+0x71d/0x800
[  439.841862][T14358]  ? __pfx_panic+0x10/0x10
[  439.843144][T14358]  ? show_trace_log_lvl+0x29d/0x3d0
[  439.844544][T14358]  ? check_panic_on_warn+0x1f/0xb0
[  439.845894][T14358]  ? _copy_from_iter+0x3a0/0x1560
[  439.847213][T14358]  check_panic_on_warn+0xab/0xb0
[  439.848530][T14358]  __warn+0xf6/0x3d0
[  439.849574][T14358]  ? _copy_from_iter+0x3a0/0x1560
[  439.850904][T14358]  report_bug+0x3c0/0x580
[  439.852171][T14358]  handle_bug+0x54/0xa0
[  439.853265][T14358]  exc_invalid_op+0x17/0x50
[  439.854466][T14358]  asm_exc_invalid_op+0x1a/0x20
[  439.855752][T14358] RIP: 0010:_copy_from_iter+0x3a0/0x1560
[  439.857294][T14358] Code: 60 fd 0f 01 cb 48 89 d9 4c 89 f7 48 89 ee f3 a4 0f 1f 00 48 89 cd 0f 01 ca 49 89 df 49 29 cf e9 1e ff ff ff e8 11 92 fe fc 90 <0f> 0b 90 e9 ae fd ff ff e8 03 92 fe fc 89 ee bf 01 00 00 00 e8 d7
[  439.862398][T14358] RSP: 0018:ffffc90005936fd0 EFLAGS: 00010293
[  439.864012][T14358] RAX: 0000000000000000 RBX: 0000000000000001 RCX: ffffffff848eeb48
[  439.866118][T14358] RDX: ffff8880231a8000 RSI: ffffffff848eee2f RDI: 0000000000000001
[  439.868206][T14358] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000
[  439.870303][T14358] R10: 0000000000000000 R11: 0000000000000000 R12: ffff88806132ece0
[  439.872599][T14358] R13: ffffc900059373c0 R14: ffff88806132ece0 R15: dffffc0000000000
[  439.874680][T14358]  ? _copy_from_iter+0xb8/0x1560
[  439.876017][T14358]  ? _copy_from_iter+0x39f/0x1560
[  439.877378][T14358]  ? __pfx_lock_release+0x10/0x10
[  439.878702][T14358]  ? __pfx__copy_from_iter+0x10/0x10
[  439.880084][T14358]  ? __virt_addr_valid+0x1a4/0x590
[  439.881524][T14358]  ? __virt_addr_valid+0x5e/0x590
[  439.882856][T14358]  ? __phys_addr_symbol+0x30/0x80
[  439.884177][T14358]  ? __check_object_size+0x488/0x710
[  439.885554][T14358]  p9pdu_vwritef+0x2d0/0x1cf0
[  439.886798][T14358]  ? p9pdu_writef+0xc4/0x100
[  439.888023][T14358]  ? __pfx_p9pdu_vwritef+0x10/0x10
[  439.889379][T14358]  ? __pfx_p9_tag_alloc+0x10/0x10
[  439.890698][T14358]  ? hlock_class+0x4e/0x130
[  439.891872][T14358]  ? mark_lock+0xb5/0xc60
[  439.893021][T14358]  p9_client_prepare_req+0x244/0x4d0
[  439.894395][T14358]  ? __pfx_p9_client_prepare_req+0x10/0x10
[  439.895917][T14358]  ? register_lock_class+0xb1/0x1240
[  439.897341][T14358]  ? mark_lock+0xb5/0xc60
[  439.898481][T14358]  ? __pfx_p9_virtio_zc_request+0x10/0x10
[  439.900080][T14358]  p9_client_rpc+0x1c3/0xc10
[  439.901503][T14358]  ? __pfx_p9_client_rpc+0x10/0x10
[  439.902971][T14358]  ? hlock_class+0x4e/0x130
[  439.904449][T14358]  ? __lock_acquire+0x163e/0x3ce0
[  439.905857][T14358]  ? hlock_class+0x4e/0x130
[  439.907065][T14358]  ? __pfx___lock_acquire+0x10/0x10
[  439.908449][T14358]  ? __pfx_p9_virtio_zc_request+0x10/0x10
[  439.909960][T14358]  p9_client_write+0x31f/0x680
[  439.911244][T14358]  ? __pfx_p9_client_write+0x10/0x10
[  439.912730][T14358]  v9fs_issue_write+0xe2/0x180
[  439.913999][T14358]  ? __pfx_v9fs_issue_write+0x10/0x10
[  439.915392][T14358]  ? __local_bh_enable_ip+0xa4/0x120
[  439.916759][T14358]  ? rcu_is_watching+0x12/0xc0
[  439.918009][T14358]  ? trace_netfs_sreq+0x193/0x220
[  439.919346][T14358]  netfs_do_issue_write+0x92/0x110
[  439.920692][T14358]  netfs_write_folio+0x82f/0x1930
[  439.922015][T14358]  ? __pfx___might_resched+0x10/0x10
[  439.923404][T14358]  netfs_end_writethrough+0x53/0x170
[  439.924850][T14358]  netfs_perform_write+0x1b1c/0x21a0
[  439.926257][T14358]  ? hlock_class+0x4e/0x130
[  439.927463][T14358]  ? __pfx_netfs_perform_write+0x10/0x10
[  439.928960][T14358]  ? generic_update_time+0xcf/0xf0
[  439.930328][T14358]  ? mnt_put_write_access_file+0x45/0xf0
[  439.931820][T14358]  netfs_file_write_iter+0x432/0x4f0
[  439.933239][T14358]  v9fs_file_write_iter+0x9b/0x100
[  439.934628][T14358]  aio_write+0x3b2/0x8c0
[  439.935759][T14358]  ? __pfx_aio_write+0x10/0x10
[  439.937068][T14358]  ? find_held_lock+0x2d/0x110
[  439.938344][T14358]  ? lock_acquire+0x2f/0xb0
[  439.939539][T14358]  ? __might_fault+0xe3/0x190
[  439.940798][T14358]  ? io_submit_one+0x1248/0x1da0
[  439.942101][T14358]  io_submit_one+0x1248/0x1da0
[  439.943397][T14358]  ? __pfx_io_submit_one+0x10/0x10
[  439.944781][T14358]  ? __might_fault+0x13b/0x190
[  439.946036][T14358]  ? __pfx_lock_release+0x10/0x10
[  439.947366][T14358]  ? lock_acquire+0x2f/0xb0
[  439.948573][T14358]  ? __might_fault+0xe3/0x190
[  439.949816][T14358]  ? __might_fault+0xe3/0x190
[  439.951037][T14358]  ? __x64_sys_io_submit+0x19d/0x330
[  439.952461][T14358]  __x64_sys_io_submit+0x19d/0x330
[  439.953812][T14358]  ? __pfx___x64_sys_io_submit+0x10/0x10
[  439.955427][T14358]  do_syscall_64+0xcd/0x250
[  439.957056][T14358]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  439.958709][T14358] RIP: 0033:0x7f1ef957e719
[  439.959931][T14358] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  439.965472][T14358] RSP: 002b:00007f1efa2a9038 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
[  439.967660][T14358] RAX: ffffffffffffffda RBX: 00007f1ef9735f80 RCX: 00007f1ef957e719
[  439.969766][T14358] RDX: 0000000020000040 RSI: 0000000000000001 RDI: 00007f1efa281000
[  439.972500][T14358] RBP: 00007f1efa2a9090 R08: 0000000000000000 R09: 0000000000000000
[  439.975167][T14358] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  439.977578][T14358] R13: 0000000000000000 R14: 00007f1ef9735f80 R15: 00007ffec8b8ac28
[  439.980275][T14358]  </TASK>
[  439.981592][T14358] Kernel Offset: disabled
[  439.982817][T14358] Rebooting in 86400 seconds..

VM DIAGNOSIS:
16:43:29  Registers:
info registers vcpu 0

CPU#0
RAX=000000000107af79 RBX=0000000000000000 RCX=ffffffff8b2305c9 RDX=0000000000000000
RSI=ffffffff8b6cd0c0 RDI=ffffffff8bd1ad40 RBP=fffffbfff1bd2af8 RSP=ffffffff8de07e20
R8 =0000000000000001 R9 =ffffed100d4c7025 R10=ffff88806a63812b R11=0000000000000000
R12=0000000000000000 R13=ffffffff8de957c0 R14=ffffffff905f4fc8 R15=0000000000000000
RIP=ffffffff8b2319af RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88806a600000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00007fbc9bc30d58 CR3=0000000055592000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000208001 Opmask01=0000000000000000 Opmask02=00000000000003ff Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000305f6576616c 735f766461746162
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fb7b63f21cb
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fb7b63f21d8
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fb7b63f21d2
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fb7b63f21e6
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fb7b63f226c
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fb7b63f234a
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0004000800000000 0010000000000000 0000000000010014 0016001800000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fb7b706d100 00007fb7b650c440 00007fb7b6500004 0000000b000c000a
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fb7b650c498 00007fb7b650c490 00007fb7b650c488 00007fb7b650c480
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 7684d4ce65efa049 00b995c393abc717 fd636e86d18346fe 998e21eac5e841d7
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 15bc3f2a73b57e2f eac4665101638700 a3ff48a95b1672e5 e8b0778a60a359e3
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 8e0cca7462a6fa21 7617faed0442c31c 3eb3274ba35fd2c5 3ecafb8f774a8f6a
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 ae86ee5e38525705 a79af876b19e6de5 50ec352a24387182 8a491faee17f62ad
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 e07684d4ce65efa0 4900b995c393abc7 17fd636e86d18346 fe998e21eac5e841
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=00000000018b4ae5 RBX=0000000000000001 RCX=ffffffff8b2305c9 RDX=0000000000000000
RSI=ffffffff8b6cd0c0 RDI=ffffffff8bd1ad40 RBP=ffffed1003b56910 RSP=ffffc90000187e08
R8 =0000000000000001 R9 =ffffed100d4e7025 R10=ffff88806a73812b R11=0000000000000000
R12=0000000000000001 R13=ffff88801dab4880 R14=ffffffff905f4fc8 R15=0000000000000000
RIP=ffffffff8b2319af RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88806a700000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000559bb41a2908 CR3=000000005ce72000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000208001 Opmask01=0000000000000000 Opmask02=00000000000000ff Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f1ef95f21cb
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f1ef95f21d8
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f1ef95f21d2
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f1ef95f21e6
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f1ef95f226c
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f1ef95f234a
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f1ef970c488 00007f1ef970c480 00007f1ef970c478 00007f1ef970c450
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f1efa26d100 00007f1ef970c440 00007f1ef970c458 0004000b000c0008
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f1ef970c498 00007f1ef970c490 00007f1ef970c488 00007f1ef970c480
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000001 0000000000000000 0000000000000000 00000000000000c4
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 2

CPU#2
RAX=0000000000000002 RBX=000000000003cf03 RCX=ffffc9000cc71000 RDX=0000000000000001
RSI=ffffffff8bd1acc0 RDI=ffffffff8bd1ad00 RBP=ffff88807ffd6620 RSP=ffffc900059eec00
R8 =0000000000000007 R9 =000000000007ffff R10=0000000000000007 R11=0000000000000000
R12=ffff88801be80000 R13=0000000000000000 R14=0000000000000001 R15=ffff888034845580
RIP=ffffffff8b230d74 RFL=00000282 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007fbc9bc516c0 ffffffff 00c00000
GS =0000 ffff88806a800000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000008f000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=000000110c3a8bed CR3=000000003557a000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000208001 Opmask01=0000000001000001 Opmask02=00000000ffffffef Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fbc9adf21cb
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fbc9adf21d8
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fbc9adf21d2
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fbc9adf21e6
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fbc9adf226c
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fbc9adf234a
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fbc9af0c488 00007fbc9af0c480 00007fbc9af0c478 00007fbc9af0c450
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fbc9ba6d100 00007fbc9af0c440 00007fbc9af0c458 00007fbc9af0c4a0
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fbc9af0c498 00007fbc9af0c490 00007fbc9af0c488 00007fbc9af0c480
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000001 0000000000000000 0000000000000000 0000000000000048
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 3

CPU#3
RAX=0000000000000030 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff850b4965 RDI=ffffffff9aae8bc0 RBP=ffffffff9aae8b80 RSP=ffffc90005936938
R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=0000000000000000
R12=0000000000000000 R13=0000000000000030 R14=ffffffff850b4900 R15=0000000000000000
RIP=ffffffff850b498f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007f1efa2a96c0 ffffffff 00c00000
GS =0000 ffff88806a900000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000d6000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00007f1ef8fded58 CR3=000000005ce72000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000208001 Opmask01=0000000000000000 Opmask02=00000000000000ff Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f1ef95f21cb
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f1ef95f21d8
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f1ef95f21d2
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f1ef95f21e6
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f1ef95f226c
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f1ef95f234a
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f1ef970c488 00007f1ef970c480 00007f1ef970c478 00007f1ef970c450
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f1efa26d100 00007f1ef970c440 00007f1ef970c458 0004000b000c0008
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f1ef970c498 00007f1ef970c490 00007f1ef970c488 00007f1ef970c480
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000001 0000000000000000 0000000000000000 00000000000000c4
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000