last executing test programs:

3m7.845251374s ago: executing program 2 (id=3041):
r0 = socket$nl_route(0x10, 0x3, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x4, &(0x7f0000006680))
openat$autofs(0xffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = openat$mixer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$mixer_OSS_GETVERSION(r1, 0x40086602, &(0x7f0000000000))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
shmdt(0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r3, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x3c, r3, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_IE={0xf, 0x2a, [@random={0xdd, 0x9, 'abcdefghi'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x3c}}, 0x0)
syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
r5 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000400)=ANY=[@ANYBLOB="12013f00000000407f04ffff0000000000010902240001000000000904000015030000", @ANYRES8], 0x0)
syz_usb_control_io$hid(r5, 0x0, 0x0)
syz_usb_control_io(r5, &(0x7f0000000b00)={0x18, &(0x7f0000000040)=ANY=[@ANYBLOB="00000f00"], 0x0, 0x0, 0x0, 0x0}, 0x0)
r6 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
close(r6)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000100)=@mgmt_frame=@beacon={{{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @val={0x71, 0x7, {0x0, 0x0, 0x1, 0xffffffffffffffff, 0xffffffffffffffff, 0x80, 0x40}}, @void}, 0x3f)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={{{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000000))
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x80)

3m5.394614293s ago: executing program 2 (id=3051):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdir(&(0x7f00000000c0)='./bus\x00', 0x0)
mkdir(&(0x7f0000000440)='./file1\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000a00)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
r0 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
mknodat$loop(r0, &(0x7f0000001600)='./file1\x00', 0x0, 0x0)
chdir(&(0x7f00000003c0)='./bus\x00')
linkat(r0, &(0x7f0000000100)='./file1\x00', r0, &(0x7f0000000240)='./file0\x00', 0x0)
chown(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0)

3m5.049936896s ago: executing program 2 (id=3052):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
r1 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000100)=0xd)
ioctl$TCSETAF(r1, 0x5408, &(0x7f0000000080)={0x0, 0xc, 0x95, 0x8000, 0x14, "0cc35df0871868a7"})
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000400)='dctcp\x00', 0x6)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000001c0), r2)
sendmsg$IEEE802154_LLSEC_LIST_DEVKEY(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000280)={0x14, r3, 0x301, 0x70bd25, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x40}, 0x8400)
socket$netlink(0x10, 0x3, 0x4)
sendmmsg(r0, &(0x7f0000000040)=[{{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000100)='7', 0x1}], 0x1}}], 0x1, 0x1)
r4 = socket$inet6(0x10, 0x2, 0x4)
sendto$inet6(r4, &(0x7f0000000080)="4c00000012001f15b9409b849ac00a00a5784002000000000000030038c88cc055c5ac27a6c5b068d0bf46d323452536005ad94a461cdbfee9bdb942352359a351d1ec0cffc8792cd8000080", 0x4c, 0x0, 0x0, 0x0)

3m3.927454781s ago: executing program 2 (id=3056):
r0 = openat$cdrom(0xffffff9c, &(0x7f0000000400), 0x101000, 0x0)
r1 = socket$kcm(0x10, 0x3, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000800)=@newtaction={0x234, 0x30, 0x300, 0x0, 0x1, {}, [{0x220, 0x1, [@m_csum={0xd8, 0x4, 0x0, 0x0, {{0x9}, {0x20, 0x2, 0x0, 0x1, [@TCA_CSUM_PARMS={0x1c, 0x1, {{0x6, 0x3, 0x0, 0xf984, 0x7}, 0x31}}]}, {0x90, 0x6, "1ea481c35270f86e2082ae14ebbd5b5f6bd6dd6db382598ad8c7ea1fe40112eedf98ee1bbbd9dccce92230a070cf9105b3fe24af9181a819c684fc94134ca6c634817f2cf019d1d90ecc105dd98455ce9e3159157b67e2935119bc8f3eb9ea0b6ed0416078879431a7d65fc1fe392c74859a6f317c0be6d630f6343c60ea7084cde3e114daafe0b96522fcb3"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0x2}}}}, @m_csum={0x144, 0x6, 0x0, 0x0, {{0x9}, {0x90, 0x2, 0x0, 0x1, [@TCA_CSUM_PARMS={0x1c, 0x1, {{0x8, 0x10001, 0xffffffffffffffff, 0x2, 0x2fea}, 0x41}}, @TCA_CSUM_PARMS={0x1c, 0x1, {{0x1000, 0x2, 0x1, 0x3, 0x6}, 0x1}}, @TCA_CSUM_PARMS={0x1c, 0x1, {{0x2, 0x1, 0x20000000, 0x763, 0x7}, 0x6e}}, @TCA_CSUM_PARMS={0x1c, 0x1, {{0x2000001, 0x0, 0x6, 0x7, 0x6}, 0xe}}, @TCA_CSUM_PARMS={0x1c, 0x1, {{0x516d, 0xfffffff7, 0x30000002, 0x6, 0x80}, 0x46}}]}, {0x8b, 0x6, "bfdaceb1eb268e4675176ab5b3157d38759a30afe4cef6e80bb41799b9b154d7e2053d30a2cb7c3ba4d40b42bf84ae42064d5aabc0d2872e8ade9764bedd81c915114182e6176b7cf1b7b46df9b88427a921521be47a0fa64c78f1a5c5e2862dff718d1e6a9e167c16019f1b8bb454d1f0b6461740c38952549e30cf623c178c0a446973fb55c9"}, {0xc}, {0xc, 0x8, {0x1}}}}]}]}, 0x234}, 0x1, 0x0, 0x0, 0x200008a4}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000000, 0x110, r1, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_SYS_SET(r5, &(0x7f0000000440)={0x0, 0x7, &(0x7f0000000400)={&(0x7f0000000480)=ANY=[@ANYBLOB="1800000007140100000032c83a110000050042"], 0x18}}, 0x0)
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$pptp(0x18, 0x1, 0x2)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$CDROM_DISC_STATUS(r1, 0x5327)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="03050000000000001c0012690b00010062726964676500000c0002800800020080000000"], 0x3c}, 0x1, 0x0, 0x0, 0x8800}, 0x0)
r7 = openat$yama_ptrace_scope(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r8 = syz_open_procfs(0x0, 0x0)
mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd', @ANYRESHEX=r8, @ANYBLOB, @ANYRESHEX=r7, @ANYBLOB="2c00b7aceb7e4d447e283c8a567204cb92fc26d5abc456dc0e6f7109d9cf3706636d77e960f3036ab08d32c0e1157adbe51a565c1de9d88b447b4bcbfb0b28f9fd100f832049e6c349b05093c0197fc2ac8ba5f96967b0c36bdaeeac143f73b38c53de4a374b6a"])
ioctl$VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000180)={0x1, @pix={0x200, 0x2f5380, 0x41414770, 0x58595556, 0x425, 0x10001, 0x4, 0x9e0, 0x1, 0x3, 0x0, 0x7}})
quotactl$Q_SYNC(0xffffffff80000101, 0x0, 0x0, 0x0)
sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0)
ioctl$CDROM_NEXT_WRITABLE(r0, 0x5394, &(0x7f0000000440))
ioctl$VIDIOC_SUBSCRIBE_EVENT(r0, 0x4020565a, &(0x7f0000000340)={0x4, 0x0, 0x3})

3m1.331366017s ago: executing program 2 (id=3060):
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000003c0)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_CHANNEL_SWITCH(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010008020000001800006600000008000300", @ANYRES32=r2, @ANYBLOB="08002600940900000800b7"], 0x2c}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)

3m1.171256046s ago: executing program 2 (id=3061):
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7ff, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0) (async)
sched_setscheduler(0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CAP_DIRTY_LOG_RING(r3, 0x4068aea3, &(0x7f0000000180)={0xc0, 0x0, 0x4000})
ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x1)
ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x1)
socket$nl_route(0x10, 0x3, 0x0) (async)
r4 = socket$nl_route(0x10, 0x3, 0x0)
socket$rxrpc(0x21, 0x2, 0x2)
sendmsg$nl_route(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000280)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x3}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bridge={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BR_MCAST_SNOOPING={0x5}]}}}, @IFLA_MTU={0x8, 0x4, 0x200}]}, 0x44}}, 0x20000804) (async)
sendmsg$nl_route(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000280)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x3}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bridge={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BR_MCAST_SNOOPING={0x5}]}}}, @IFLA_MTU={0x8, 0x4, 0x200}]}, 0x44}}, 0x20000804)
r5 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r5, 0x0) (async)
shutdown(r5, 0x0)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r5, 0x84, 0x25, &(0x7f0000000280)={0x0, @in={{0x2, 0x4e21, @empty}}, 0x0, 0x1, 0x0, 0x8}, 0x9c) (async)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r5, 0x84, 0x25, &(0x7f0000000280)={0x0, @in={{0x2, 0x4e21, @empty}}, 0x0, 0x1, 0x0, 0x8}, 0x9c)
ioctl$VHOST_SET_VRING_BASE(0xffffffffffffffff, 0xaf01, 0x0)
writev(r1, &(0x7f0000000080)=[{&(0x7f0000000440)="a43feca3dd2b59e788641835ea619dd3e922af009567a39595b0a1dd858b5b9fcfda0d97808ab6329542fa4cc128e337820e07b3dc436534bf6609f610175feb39e835baaa603a7c4ab38c3ef6d5e552a6ee913b1a1aaa638b41ce92182b5b9359e728d3f13f97cd54d2a71be4e80232285a4ac96ea6d0bc123a5632e1954955474976280836e15dcd8edd7540e4029099749b8af0b3914790a5163d31d2d312088101db1db45fcec3785be75fec688a5d0bdd4a48159dd6df30d85a6aee1ab5ba4e2563f17be33da8743d", 0xcb}, {&(0x7f0000000540)="ddf1b4cac6bb5acb2878916038342802c3bb52a12edbaa9f4e5bb1973e02e0905729fb857b19f70c3ccbc81fb6c1d58c8e904918015e376186fd63e109566fcb850a3a9eebabda76ad00b82038d983aa49c1fc0b13c6fdb585c26a3fe59305939ec27932575a5a436feb8b76e8ccbf6163a1a0c273abb84c78a26820f0e55733c53617dbca9c869cd95271c7100cb00fccafbde22a39c92237e90a5b572c2a658bb7bcf3daca3239d96458b820d3fcdab52b9103412d1c80d774a7d3d3", 0xbd}], 0x2) (async)
writev(r1, &(0x7f0000000080)=[{&(0x7f0000000440)="a43feca3dd2b59e788641835ea619dd3e922af009567a39595b0a1dd858b5b9fcfda0d97808ab6329542fa4cc128e337820e07b3dc436534bf6609f610175feb39e835baaa603a7c4ab38c3ef6d5e552a6ee913b1a1aaa638b41ce92182b5b9359e728d3f13f97cd54d2a71be4e80232285a4ac96ea6d0bc123a5632e1954955474976280836e15dcd8edd7540e4029099749b8af0b3914790a5163d31d2d312088101db1db45fcec3785be75fec688a5d0bdd4a48159dd6df30d85a6aee1ab5ba4e2563f17be33da8743d", 0xcb}, {&(0x7f0000000540)="ddf1b4cac6bb5acb2878916038342802c3bb52a12edbaa9f4e5bb1973e02e0905729fb857b19f70c3ccbc81fb6c1d58c8e904918015e376186fd63e109566fcb850a3a9eebabda76ad00b82038d983aa49c1fc0b13c6fdb585c26a3fe59305939ec27932575a5a436feb8b76e8ccbf6163a1a0c273abb84c78a26820f0e55733c53617dbca9c869cd95271c7100cb00fccafbde22a39c92237e90a5b572c2a658bb7bcf3daca3239d96458b820d3fcdab52b9103412d1c80d774a7d3d3", 0xbd}], 0x2)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x5, 0x4, 0x4, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x1}, 0x50)
bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYRES32, @ANYRES8=r0, @ANYBLOB="00000000000000000000000080592ee66f0000005efa1c85758cd25e45a634d344411b30d6ab57515b5de9fc9003ecf9d4a09f1f8b8b9a3401b01b4c", @ANYRES32=0x0, @ANYRESDEC=r5, @ANYBLOB='\x00'/28], 0x48) (async)
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYRES32, @ANYRES8=r0, @ANYBLOB="00000000000000000000000080592ee66f0000005efa1c85758cd25e45a634d344411b30d6ab57515b5de9fc9003ecf9d4a09f1f8b8b9a3401b01b4c", @ANYRES32=0x0, @ANYRESDEC=r5, @ANYBLOB='\x00'/28], 0x48)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r5, 0x84, 0x72, &(0x7f0000000340)={0x0, 0xa0, 0x10}, 0xc) (async)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r5, 0x84, 0x72, &(0x7f0000000340)={0x0, 0xa0, 0x10}, 0xc)
bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x11, 0x10, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b702000002000000850000008600000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r8 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x401c2, 0x0)
ftruncate(r8, 0x8800000)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={<r9=>0xffffffffffffffff, <r10=>0xffffffffffffffff})
recvmmsg(r10, &(0x7f00000034c0)=[{{0x0, 0x0, &(0x7f0000001e40)=[{&(0x7f0000000b80)=""/4096, 0x20001b80}, {&(0x7f0000001b80)=""/112, 0x70}], 0x2, 0x0, 0xa0028cb4}}], 0x40000000000013c, 0x700, 0x0)
sendfile(r9, r8, 0x0, 0x578410eb) (async)
sendfile(r9, r8, 0x0, 0x578410eb)
process_vm_readv(0x0, &(0x7f0000008400), 0x0, &(0x7f00000000c0)=[{&(0x7f0000001e80)=""/4096, 0x1000}], 0x1, 0x0)

2m45.189469567s ago: executing program 32 (id=3061):
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7ff, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0) (async)
sched_setscheduler(0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CAP_DIRTY_LOG_RING(r3, 0x4068aea3, &(0x7f0000000180)={0xc0, 0x0, 0x4000})
ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x1)
ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x1)
socket$nl_route(0x10, 0x3, 0x0) (async)
r4 = socket$nl_route(0x10, 0x3, 0x0)
socket$rxrpc(0x21, 0x2, 0x2)
sendmsg$nl_route(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000280)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x3}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bridge={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BR_MCAST_SNOOPING={0x5}]}}}, @IFLA_MTU={0x8, 0x4, 0x200}]}, 0x44}}, 0x20000804) (async)
sendmsg$nl_route(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000280)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x3}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bridge={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BR_MCAST_SNOOPING={0x5}]}}}, @IFLA_MTU={0x8, 0x4, 0x200}]}, 0x44}}, 0x20000804)
r5 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r5, 0x0) (async)
shutdown(r5, 0x0)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r5, 0x84, 0x25, &(0x7f0000000280)={0x0, @in={{0x2, 0x4e21, @empty}}, 0x0, 0x1, 0x0, 0x8}, 0x9c) (async)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r5, 0x84, 0x25, &(0x7f0000000280)={0x0, @in={{0x2, 0x4e21, @empty}}, 0x0, 0x1, 0x0, 0x8}, 0x9c)
ioctl$VHOST_SET_VRING_BASE(0xffffffffffffffff, 0xaf01, 0x0)
writev(r1, &(0x7f0000000080)=[{&(0x7f0000000440)="a43feca3dd2b59e788641835ea619dd3e922af009567a39595b0a1dd858b5b9fcfda0d97808ab6329542fa4cc128e337820e07b3dc436534bf6609f610175feb39e835baaa603a7c4ab38c3ef6d5e552a6ee913b1a1aaa638b41ce92182b5b9359e728d3f13f97cd54d2a71be4e80232285a4ac96ea6d0bc123a5632e1954955474976280836e15dcd8edd7540e4029099749b8af0b3914790a5163d31d2d312088101db1db45fcec3785be75fec688a5d0bdd4a48159dd6df30d85a6aee1ab5ba4e2563f17be33da8743d", 0xcb}, {&(0x7f0000000540)="ddf1b4cac6bb5acb2878916038342802c3bb52a12edbaa9f4e5bb1973e02e0905729fb857b19f70c3ccbc81fb6c1d58c8e904918015e376186fd63e109566fcb850a3a9eebabda76ad00b82038d983aa49c1fc0b13c6fdb585c26a3fe59305939ec27932575a5a436feb8b76e8ccbf6163a1a0c273abb84c78a26820f0e55733c53617dbca9c869cd95271c7100cb00fccafbde22a39c92237e90a5b572c2a658bb7bcf3daca3239d96458b820d3fcdab52b9103412d1c80d774a7d3d3", 0xbd}], 0x2) (async)
writev(r1, &(0x7f0000000080)=[{&(0x7f0000000440)="a43feca3dd2b59e788641835ea619dd3e922af009567a39595b0a1dd858b5b9fcfda0d97808ab6329542fa4cc128e337820e07b3dc436534bf6609f610175feb39e835baaa603a7c4ab38c3ef6d5e552a6ee913b1a1aaa638b41ce92182b5b9359e728d3f13f97cd54d2a71be4e80232285a4ac96ea6d0bc123a5632e1954955474976280836e15dcd8edd7540e4029099749b8af0b3914790a5163d31d2d312088101db1db45fcec3785be75fec688a5d0bdd4a48159dd6df30d85a6aee1ab5ba4e2563f17be33da8743d", 0xcb}, {&(0x7f0000000540)="ddf1b4cac6bb5acb2878916038342802c3bb52a12edbaa9f4e5bb1973e02e0905729fb857b19f70c3ccbc81fb6c1d58c8e904918015e376186fd63e109566fcb850a3a9eebabda76ad00b82038d983aa49c1fc0b13c6fdb585c26a3fe59305939ec27932575a5a436feb8b76e8ccbf6163a1a0c273abb84c78a26820f0e55733c53617dbca9c869cd95271c7100cb00fccafbde22a39c92237e90a5b572c2a658bb7bcf3daca3239d96458b820d3fcdab52b9103412d1c80d774a7d3d3", 0xbd}], 0x2)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x5, 0x4, 0x4, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x1}, 0x50)
bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYRES32, @ANYRES8=r0, @ANYBLOB="00000000000000000000000080592ee66f0000005efa1c85758cd25e45a634d344411b30d6ab57515b5de9fc9003ecf9d4a09f1f8b8b9a3401b01b4c", @ANYRES32=0x0, @ANYRESDEC=r5, @ANYBLOB='\x00'/28], 0x48) (async)
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYRES32, @ANYRES8=r0, @ANYBLOB="00000000000000000000000080592ee66f0000005efa1c85758cd25e45a634d344411b30d6ab57515b5de9fc9003ecf9d4a09f1f8b8b9a3401b01b4c", @ANYRES32=0x0, @ANYRESDEC=r5, @ANYBLOB='\x00'/28], 0x48)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r5, 0x84, 0x72, &(0x7f0000000340)={0x0, 0xa0, 0x10}, 0xc) (async)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r5, 0x84, 0x72, &(0x7f0000000340)={0x0, 0xa0, 0x10}, 0xc)
bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x11, 0x10, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b702000002000000850000008600000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r8 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x401c2, 0x0)
ftruncate(r8, 0x8800000)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={<r9=>0xffffffffffffffff, <r10=>0xffffffffffffffff})
recvmmsg(r10, &(0x7f00000034c0)=[{{0x0, 0x0, &(0x7f0000001e40)=[{&(0x7f0000000b80)=""/4096, 0x20001b80}, {&(0x7f0000001b80)=""/112, 0x70}], 0x2, 0x0, 0xa0028cb4}}], 0x40000000000013c, 0x700, 0x0)
sendfile(r9, r8, 0x0, 0x578410eb) (async)
sendfile(r9, r8, 0x0, 0x578410eb)
process_vm_readv(0x0, &(0x7f0000008400), 0x0, &(0x7f00000000c0)=[{&(0x7f0000001e80)=""/4096, 0x1000}], 0x1, 0x0)

6.245232896s ago: executing program 1 (id=3616):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet6_int(r0, 0x29, 0x4e, &(0x7f0000000040)=0x2, 0x4)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f00000000c0)=[@in6={0xa, 0x4e23, 0x0, @local, 0xf}], 0x1c)
sendmmsg$inet6(r0, &(0x7f0000000080)=[{{&(0x7f0000000000)={0xa, 0x4e24, 0xf, @private1, 0xa}, 0x1c, &(0x7f0000000880)=[{&(0x7f0000000100)="c4", 0x1}], 0x1}}], 0x1, 0x5dc) (fail_nth: 9)

5.97540699s ago: executing program 4 (id=3617):
r0 = gettid()
setpriority(0x1, r0, 0xffffffff)
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
bind$bt_l2cap(r1, &(0x7f0000000000), 0xe)
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
bind$bt_l2cap(r2, &(0x7f0000000000), 0xe)
listen(r2, 0x0)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet6_int(r3, 0x29, 0x4e, &(0x7f0000000040)=0x2, 0x4)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r4, 0x29, 0x40, &(0x7f0000000500)=@raw={'raw\x00', 0x3c1, 0x3, 0x2f4, 0x0, 0x168, 0x9, 0x134, 0xb, 0x22c, 0x250, 0x250, 0x22c, 0x250, 0x3, 0x0, {[{{@ipv6={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @rand_addr=' \x01\x00', [], [], 'ip6tnl0\x00', 'sit0\x00', {}, {}, 0x6c}, 0x6000000, 0xf4, 0x134, 0x0, {0x0, 0x28e}, [@inet=@rpfilter={{0x24}}, @common=@inet=@ipcomp={{0x2c}, {[], 0x12}}]}, @common=@inet=@LOG={0x40, 'LOG\x00', 0x0, {0x0, 0x0, "48c01c5140d722edd3fb24545886bbd1be494201b400"}}}, {{@uncond, 0x0, 0xc8, 0xf8, 0x0, {}, [@common=@inet=@set2={{0x24}}]}, @common=@unspec=@CONNMARK={0x30, 'CONNMARK\x00', 0x1, {0x3, 0x7, 0x8}}}], {{'\x00', 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x350)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r3, 0x84, 0x64, &(0x7f00000000c0)=[@in6={0xa, 0x4e23, 0x0, @local, 0xf}], 0x1c)
sendmmsg$inet6(r3, &(0x7f0000000080)=[{{&(0x7f0000000000)={0xa, 0x4e24, 0xf, @private1, 0xa}, 0x1c, &(0x7f0000000880)=[{&(0x7f0000000100)="c4", 0x1}], 0x1}}], 0x1, 0x5dc)

5.864836624s ago: executing program 1 (id=3618):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000ac0), r1)
sendmsg$IEEE802154_LLSEC_SETPARAMS(r1, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000b40)={&(0x7f00000003c0)={0x20, r2, 0x5, 0x0, 0x0, {0x22}, [@IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan1\x00'}]}, 0x20}}, 0x2000c094)
sendmsg$IEEE802154_LLSEC_LIST_SECLEVEL(r0, &(0x7f0000000140)={&(0x7f0000000000), 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x14, r2, 0x2, 0x70bd29, 0x25dfdbfe, {}, ["", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x20000090}, 0x0)
r3 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), r0)
sendmsg$NLBL_CIPSOV4_C_ADD(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)={0x74, r3, 0x1, 0x70bd25, 0x0, {}, [@NLBL_CIPSOV4_A_DOI={0x8, 0x1, 0x3}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x3}, @NLBL_CIPSOV4_A_TAGLST={0xc, 0x4, 0x0, 0x1, [{0x5, 0x3, 0x7}]}, @NLBL_CIPSOV4_A_TAGLST={0x3c, 0x4, 0x0, 0x1, [{0x5, 0x3, 0x6}, {0x5, 0x3, 0x6}, {0x5, 0x3, 0x5}, {0x5, 0x3, 0x2}, {0x5, 0x3, 0x1}, {0x5}, {0x5, 0x3, 0x2}]}, @NLBL_CIPSOV4_A_DOI={0x8, 0x1, 0x1}]}, 0x74}}, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
statx(0xffffffffffffff9c, 0x0, 0x2000, 0x40, 0x0)
r4 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000080), 0x256f16877c8c0da9, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
writev(r4, &(0x7f0000000ac0)=[{&(0x7f0000000540)="fda30e2ed46d812ed92603b91ac31eefb5b2ccfa1cb7a0ca9c2bd0222c413df2ccb809667f75c65acbafdb4ad02cd328496ac923d3ac3d68534bee0591dceeb1cf9c827efb64904c90456df08642720402e3dd23ac2772d5cd3abe9d605231d941fbb92dfa7b99d5703da533caefd7b7a44240faac7692e9d6d82a7b277fc0dd869b34d9355b6e09dac2aafc20a9c25af1267aed165ecc63c88e8cf616fdafbfbb98efc63920fc7afa36be78d02fe5f1627f", 0xb2}, {&(0x7f00000006c0)="93e43645e17fae8ec433dcbe8e7d749daec93b1863502570f54c5a0d9487155d6bd6cadf025c2b4b6e22219cb6c99624451a7c20c5fed5df6ce8199a64320abbf447e4711ffb58123c354db8b9246fab592bd6ba2b49605c2955", 0x5a}, {&(0x7f0000000b40)="69911be93b1f41f874f25217a50473ac98310c835f0f591cbcdfeda181489fd01440a9dae5cb16070c60ea51a1b728d517209bfaafd04fbb4a6caabe116fd2d79c217f3387731c014b0e9fce63b88c97f2663c3ad6d1489e083186336952689b16e4fb81b0f9fc3b681023ffd071b94a677383abfc9aa41d9a694672703de4f8861c4a876fbc43c8348a0398fbb1d18525e26ab2042dc7e4ef7a9b86feda0b36cca8ebd0fd2abcf389896cfbd7a26ad2efa2b9c3b43e0be0154146e55b4f8913644cec8b8a879120d5df63ae0f27ac2f951b728ea535f975d59d125804873180ba97f5736374dc430a1adf8736f4b8871c751619f9ec67c569", 0xf9}, {&(0x7f0000000840)="5c4a5600c958caf6081d414a835d82c25586c49ee6870eaf106684391fd4008384f0200fb0297fb793ad8cae9fba30b7a28a9103b36f8746226d9cfa1f85f88eb77b845a510317c12a1de55209676e", 0x4f}, {&(0x7f0000000280)="12157f9d06de06f1fcba", 0xa}, {&(0x7f00000008c0)="920e1edd0572fc19c13473c425350a7202955ac2db7ba8d786393df7271adc836e3b1fc01450e692232c4534233fda66768180dbd3ff01b0b9bacc759cfd95afa8d10add87d168868150cdcd5f3fd6c564c72485a56d676227", 0x59}, {&(0x7f0000000940)="b31de5abcc9b194bad8a16355b3cc006c2e1eabeed99a85a9464493c1cf5892509004e261cac7a3ef10800000000000000bf1f2146f3b8f1ed5daa9bbbdb49c479987389", 0x44}, {&(0x7f0000000300)="fa4f3fcde774", 0x6}, {&(0x7f0000002700)="84d6da857409875e7f6cb952b3000872999c23f6ebca32c4b51ba951332428d72067e46b622b033abd385a1fe229bade840eb62d3d2161f2901bc4415671d3a262f7c992b16726d2981a73653e7d77c447a9d6a162819b48d20d10f67ea663065d0d89c40b3a24885dbb9259f7fcdf811e793271fe0194f36460d92fcc8c3528e64abc4aef0380cf6a30a4dc79e212900268e241752c0956242b780c2f742966797e9ec8b88e3af293ad2beda23a30ff425933aa40f6bbcb60ed76b615986dde5a66b6d61ce716f61768e80fbbb3901647499882289633c21153abe932a52bcda96b293adc82042224502779300ab0427a6392f034883d105c66cde4cadce3d6d2701d0e50f25b12f5181888e63893952b826c892e461364e551d440d403ced5d1d872e95ab2eeb86a23830b78879d6c8a9c4d8f37fe444fe8484f907b1fe9c0a165f9741ad7c9bb87f565005d4bfaf8ab6346f0ae5de165c406def9d22a1838dc07c9f8e8563a8c352fb7acb259ef2880f681120f82431ed79c897acdef259eae385206e66508282584e16b9fc0e00445496508fe33f565495a998541e4253435240fcce74a9ba38ad89f0490ae9b4337b66d62d627f2091d273bc340d3fd5edcb28edd743c52fe634536a5687a2930d6066f32483c42e016bbc1f721c93207d8780f9a0dc628b1ae70e365e2e07c1fd96f7149ed88f344b117d3dcb0a1958ff0ca5285933ebe0ca1c072fee398c73a7ac886949646a86361e61965463ec1c3c35418f39e1353f313b6c145f8dd8704f599b25f93bafbc3370ccc547ec3dae622f7629aad87465b3639ef002e1dce1a04483f6a4f52f9e2d15e22e3c67dda7fcf85e8baf935bb61d17e5991fada9cb1d500fdb4c21a1aefa8de81ebd1db31108f6461e33e13bd015731bc6ba388cdaaad6466902747589844e9c537dd726242fc0edb167025058d7fbdc0d703b8a96dde0cc5724e82926db09ace1daaf4b4f850c07b799dfbaf50c5b08032bf20551bd70e248ddf082fb75e3d7503329ea2107a93515e35c90cac11bb983ad9345a356fbbba84c7171c4ddd277d12d90c47f69e783729d8277a86f2dc057517e1a1d7e82475927c4f091efa18768796507622a1319ea27cad3dbfcc4af5d519d654090d5bd74089d2d56446be9ff3eb24ab31701fd38fe197dd1f135e86fc5e2e05554ab5e79622eb97a2c2031ebadd12f4a18b2156905daa65effae9e7091b591305013b0e16000c99a1b2a6be2e95c8b06d8a47e95867b1d385122beafa736e48bcaddcf399e28362a649a6c2388b8d486e0fa7d98167f102df8ea9e92383d86b0ea642fe8a73518ac9945eb692011cf08575a705adc8880fc79d684781779a1c35efd1d38afce01986ed4e2b4e21e5bf03542a150af2e731553c3fa815c313a2e75ae09c50922b2e5607ab41d91fff6890597f88a1ce62baa7257c2b0ec0744f7eac0cdb0e51ca3198ad2d9f4549143f7d8a7702eacfcf4d6c6430bedf02c0814d291064e7dfbe8e547b8d42179e4cde2d821cf6e407b28483d52a2382d4684385a0e168c017d5dc8e37e63b379df3bdf6209c3a7bd4e0f8396234010153a44d6f6a12b6edd7050ec7d5144f2d47dd1dd65a192fad295300ac5773ecb70c1dcda5063da67c1362740a91df8068bd4d556bb30f77a02029de98e039a7f1555aa84cb64f1228d361d3d43eb08db0a15d573b948efcf8bf2fb35c47eeefb16d9ecdc686725cc8c8e378b8a61e53185da8abac9950b5129dbae171b8a9baced6ef8f6c68baba3c514b80753f0277858826569ff636f70c7597b9ae13c7824491c96d479d1ef2d62461cf6b42f49ad602756da03f27857809001bf6482e605f659e30178cae04e1f2ff86aba9da33f07da5d0fce17a6f99b0eb6ba01013c81b4bf9814ee83ca0bdfc23ff61aa523cfd8f1c5ee2fdd80a40e8925bce6b3c5b52183fcba61b952fb7caddfff251d9bc9752cac6efa009b5329a14c5da12cbe969049ce62a313259b97fffb8476bf767d8dbb74e3dc4dacc8814f082886818dcde97c2a39f209ba5998bb8cba09bfef484034afc336e0ddf6fd33950cebe25b9a80ab4635876a3a5fc0459d16503061c85791d0b580d6fcbc37a9b688be49018c686a66458898cea989500602b187be1455b1f5d9f14423b212e532a0e1f2925fa5df335fce1f4c06b5e00614d0cca5a8460824ee2efa2cbba5f34286dd3897511701faa5c7213b2825823870844747c824424a28441a1b9f7c82454c2eb52eff603208c2bdc7dca01c5df42724b51ece81bb489dace70dd6f20b6cb24ded661fd71df9b0beed8e75c0b192a09fc0b82a46758bc561e1d80ff86174a64220fb9bf58d418ef0004f094f02969406754e288b5e2ca69462817606b04838d718f793c411f3cef1f2d9ae45df07eb96ea34f7ad255b9c33c5b17797a83f22ed59dff472851b9664524fbb775e10025e30d520186278abe71a650cf50050629d9f0be28a247c31295b4ecde25eea5fa6b64f9d614dc111867002d0ac174994064bf6c37a0036b14ee266b0f83022768bfacd9c658b42ec98addec809a115da93bfc7bc7232e48d5554b6a939dd8eccf8c26a1d3ba1ccc44ad2825503c3a9440b2fe425371d4910b3efbde0a42489994c462d8771d59bf8261d48a40997e8d5539ce957db188fc26f8c04702d0f0220d1878ac6473de7fda327451f15c260f73375d6ae8439770480522fe72fe0cc3f43e5600376429d0f969709ea1805cc9795430702e813631b2a5e7e513846a652ee0ae8c0959a00239c7296d8276b9bfe9f6caf667b99dfcd4596c12e2577a76430892345112ee415a6ffa5696cb3bbb13f0cc77579e6d52bcf0cb60d0ce084d722041c99ae0f18488ec613d00cea8770d1247439199b77b31b30d9ab9c38d15353e584370819c36da22ce953e48d3d1e58e7955e47bbc0da56c30daf1da6c7661af5881f5e42e865644200ee42f0564d15fa5ed28791e7455d097c0bb509c65adbb94449d72ce74a54d791d0c5d6d57b9bdea5d356b5255a177213fe840facc9a1f9452f600006aebc8c47aa737f95df5968e8a1d831d3bf2eee5f6a914e42f54e7b4dfaf0de51bb1e9be1ac69653cfae462d4d0457f054ad7734726380c2ce14ca40198be30b110023835606ca4f8e440441abfee8f4abf112af86799ca0c2bcf5796f5ebf75f31af1d96b98f9a2de9852c1518d252ade415f608e47bf357b2367d3552c3a68d698e4082ccbd45295bf019a7d0aba1ce0a3b587459af04d62e6b161c115e7527ab88dcb87143db5bbead23da06bc13b027cfe1d850a2049f9b4f3e17bdc0c057a7f4cbdff2af7e0954f516e81243ca7411b0a30ff34d3d400cf35597b01048b37dc56fea18230e9dcca6c27cce5a1dee263ccb889a00f85d6166696b1b6ea9a1be07f64a1d9fa9da308969b5b762448d5bf373358187f23c8e91b376144394f62e81a133532e4a924e153290850849ff05aadc8c85c0f30e894111fa56a5d1773b58102740be20e1708e260beca13e03109c06a8527f6ec5ca6bdb1a51edd67cfde6563a0e29fac14f9195f61b2f52fbef83def4b6aa5bd961cef53f8b5b6f62348b1fe010fa488aed054d702d7636b1b7b80ca1bb0363a80766d8da3d6abbc56a8cd230abc54b03758b1a8c97bb3e326d3249fadde8eb3f9c37d078fb25a0396727655b45146dc5ce9816a381a4a5ec26b4aac8dce324452b6901b086115c02f2e7d4731cddc4be2121778eb14b980bcebeaf0b7650f451f1b23af984e81d8b8043161f7d174e06b6490bc7b2c72f83f881059557c4571fe536018903fa5aa9e1adf4518871ee3f4288e0860db63aea5337fdbcf86cf4a56e07598c77a1ff8453ed4cbd426ca66eaa57e6f5510bcb3b8ebd7c0eab505aea8379c3556becb7dccface3b11bc2153e1f33448ce293c1859bdc35b0db4c7ce00fbaef80f6e9811e1a8b757b6e2be756bdd4a3c5750a60aa39b7c236182d1729d79106d63e6e2746b3effd7d1e600c47f85b8198b8bcb56ad6957539ca65d166c2cd1200689f1a6fe17ad8f38a7806c4c4b85ce94b5dc3944f5d2059d7386c100c3bdd697738220f7a77476776220c80354500e26c27ef664e5b5c3e2211b3e319374d98dd26634384ab67105f51acb30f159c41b5a898454b722b76c181a6d945e450b988732ed778c4510844d5cdbc050c1e23ccce7e6c6a94bde7aec5b1eb32a820a0a65669b8afc31215dff6fac14c208417d6959015b11f75d6ce4aba07d513b30253faad894384f799ae553a9b63fd2f7ab7a07a13d032e275391e0ea3dfd2b968c08799e0074d1f88ef25decb05425b649930e896b8f707fb4c613a6097dfcefa6b56719c0259df12f4391e97a7fd9cf3876c6147e2ca984fec7d25d6b3c365d3768f39a3412cdf8363b52710f868c33d3fcb9af9f3b07f8fade6417893b9f7d834aab0081f6f3d41441fc3592549bbfadfade9e9c77728f27ad9da03f71e1f4e5d17fd59f3208c07f36d25397e23c3e5440b68d075dea634f94a8138fadf8e876765d1ff7ca0cd609b2f4775715c97e25e2e5f459c238d3deb791af91516cca44528d171443f17cac56373e31cba26d1ec3e5238675ece9866d448ec73872a090ff4112068d72ef2fe0c417040e0db75c9738ea60a592a4f5e05651fd165762375025", 0xcfd}], 0x9)
r5 = socket$inet_udp(0x2, 0x2, 0x0)
r6 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r7=>0x0})
r8 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r9 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x8}, 0x48)
r10 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x10, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b702000002000000850000008600000018110000", @ANYRES32=r9, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r10, r7, 0x25, 0x0, @val=@tcx}, 0x40)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r5, 0x89f0, &(0x7f0000000180)={'tunl0\x00', &(0x7f0000000440)={'gretap0\x00', r7, 0x7, 0x10, 0x4, 0x60e, {{0x20, 0x4, 0x2, 0x20, 0x80, 0x65, 0x0, 0x4, 0x29, 0x0, @local, @private=0xa010102, {[@end, @timestamp_prespec={0x44, 0x2c, 0xe6, 0x3, 0xf, [{@initdev={0xac, 0x1e, 0x1, 0x0}, 0x8000}, {@local, 0x1}, {@rand_addr=0x64010100, 0x5}, {@multicast2, 0x10}, {@private=0xa010100}]}, @timestamp={0x44, 0x1c, 0x17, 0x0, 0xe, [0x8, 0x0, 0x7fff, 0xc, 0x401, 0x80]}, @lsrr={0x83, 0x23, 0x7a, [@local, @multicast1, @private=0xa010101, @local, @multicast2, @broadcast, @loopback, @dev={0xac, 0x14, 0x14, 0x3e}]}]}}}}})
getpeername(r5, &(0x7f0000000340)=@can, &(0x7f00000001c0)=0x80)

5.568112014s ago: executing program 4 (id=3619):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x70bd2b, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x6, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x8d, 0x11e41e7b, 0x20000000, 0x0, 0x12}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x4, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x4}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x24000815}, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={0x0, 0x0, 0x4a}, 0x28)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
r1 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), r1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
r2 = syz_open_dev$mouse(&(0x7f0000000180), 0x9, 0x208000)
ioctl$DRM_IOCTL_RES_CTX(0xffffffffffffffff, 0xc0086426, &(0x7f0000000300)={0x1, &(0x7f00000001c0)=[{<r3=>0x0}]})
ioctl$DRM_IOCTL_DMA(r2, 0xc0286429, &(0x7f0000000480)={r3, 0x2, &(0x7f0000000340)=[0x7, 0x0], &(0x7f00000003c0)=[0xffff5d4d], 0x62, 0x3, 0x9, &(0x7f0000000400)=[0x0, 0x81, 0x4], &(0x7f0000000440)=[0x3, 0x2, 0x2]})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e23}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
getsockopt$IP_VS_SO_GET_TIMEOUT(0xffffffffffffffff, 0x0, 0xf, 0x0, &(0x7f0000000640))
openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0x282, 0x0)
r6 = syz_open_dev$usbfs(&(0x7f0000000380), 0x1ff, 0x2)
r7 = dup(r6)
ioctl$USBDEVFS_CONTROL(r7, 0xc0185500, &(0x7f0000000040)={0x23, 0x1, 0x10, 0x1, 0x0, 0x0, 0x0})
setsockopt$inet6_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, 0x0, 0x0)
socket$igmp6(0xa, 0x3, 0x2)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)

4.839956707s ago: executing program 0 (id=3621):
syz_genetlink_get_family_id$netlbl_calipso(0x0, 0xffffffffffffffff)
r0 = socket$kcm(0x10, 0x2, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
socket(0x2a, 0x2, 0x0)
socket$netlink(0x10, 0x3, 0x0)
r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
sendto$inet6(0xffffffffffffffff, &(0x7f00000007c0)="7800000018002507b9199b02ffff48000203be04020406050a02040c5c000900580006020a0000000d0085a168d0cb46d32345653600648d07000b000a00070849935ade4a460c89b6ec0cff3959547f509058ba86c902007a", 0x59, 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r2, 0x0, 0x4100000000}, 0x18)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c0000002d00090028bd7000fcdbdf25040000b208"], 0x1c}, 0x1, 0x0, 0x0, 0x4008090}, 0x200c0084)
bpf$BPF_PROG_DETACH(0x1c, &(0x7f0000000000)={@cgroup=r1, r2, 0x2e}, 0x20)
r4 = socket$alg(0x26, 0x5, 0x0)
ioctl$sock_inet_SIOCSIFFLAGS(r4, 0x8914, &(0x7f0000000040)={'wg2\x00', 0x1000})
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, 0x0, 0x0)
r5 = accept4(r4, 0x0, 0x0, 0x0)
r6 = syz_genetlink_get_family_id$smc(&(0x7f0000000000), 0xffffffffffffffff)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$SMC_PNETID_ADD(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f00000006c0)={0x34, r6, 0x1, 0x0, 0x0, {}, [@SMC_PNETID_ETHNAME={0x14, 0x2, 'bond0\x00'}, @SMC_PNETID_NAME={0x9, 0x1, 'syz2\x00'}]}, 0x34}}, 0x800)
sendmsg$IPVS_CMD_DEL_DEST(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000300)={0x20, 0x0, 0x20, 0x70bd2c, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_DEST={0xc, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0x5}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x1}, 0x400c000)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f00000002c0)="2e00000011008b88040f80ee59acbc04130800480f0000005e2900421803001825800000000000000280000c0012", 0x2e}], 0x1}, 0x0)
r8 = memfd_create(&(0x7f0000000300)='+\x8b\x8a\x16\x11O\xdd\xdfk(F\x99\xdf\x92\xd5>oJ\x02u\x9b\xafa\xac\x06\x9c&\xf5\xe3j\xfa\tcqM\xb8R\x86\xd9\xd2.\x9f\x12\xed\x10\f\xbd\x1a|\x8a\xbb\xda\xcfY\x98gU@\xf2M\xc0\xb5\xdf\x9a\x8d\xdb,n\xae\x0eT\x80\x8c\xfd\xd7\xb0\x94\x82t\x96\rKx\xc5\x9b\x8c\x87\x96\x8bc\xbc\xee\xcc\x9f\xe3F\x99V4\x8e;M\xa9\x823\xe3\xb3mG\x8f\xdb\xed\x1b\x05\xec\xfc\xd1\xb5\xfd\xec@\xdeU\xdd\xa4\xc1\xe4L)\x8e\xe5\x91\x8e\xd4\x89\xef\x95T\x05G\xac\xb8\xc1: )mh\xc7\xf1?\xbb\x13;\xad\x95\xd70\xb6\x0e\x7f\x84r\x0e\xbf\xc5\xf6\xd4\xdd\t\x14\x18\xf7\xefi\x93\x03\xd2\xf2\bK\"\xd2\xb5\xaa\xb8\xc8\xe0\xac\x99\xe8su\xcd\xc3E\x12\xd7\xdd\x96!\x16Tu\xe3\xf0\x84#R\xd9\xe3~Wj\xb0r\x87\'\xea\a\xcfOeK\x9daW\xf4\x87@\x9c\xf3\xf1K\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x91\xe6\xdb\xc2\xa5h\'\xdfIn\x97\x0263~\xeb\xbe(i\n\xc2k4\x7f\x12\xa9e`SOs\x8c\xb4\xe7FeQ\xc6$\x92j_U\xfa\b\xea\xb0bYkW\xc0\x05\aC{\xcc\x03T\x17\xa5Sk\x87P\xc2\x97D\xb2\xfa\x1b\x9fe\xf4\x10\x1a\xad\x92\xce\x88\x1b\xbc\xe14\x19\xaa\xd3\r\xf4\xa2\xc3\x9e=\xa0 \xe6j\xe5\x85\xf8\x97\x03\x15\xaa\x920\xdcrI\xd8\b\xfb\xc7\xe7xX\x00>d\xbb\xa71\xad\x9a\xfb\xe6\x13\x87\x93\\\xe5W-\xfc\xfd\xb8O\xb9j\xb8\xf2\x9dx\xb2\x86\xad\x92', 0x3)
write$binfmt_elf64(r8, &(0x7f0000000180)=ANY=[], 0xfffffffffffffd65)
sendfile(0xffffffffffffffff, r8, &(0x7f00000001c0), 0x8)

4.195494587s ago: executing program 3 (id=3622):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000100)={0x1, "ff0f000000000000f5a72d866b0000000000f0ffdefe00"})
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x6, &(0x7f0000000400)={0x1, &(0x7f0000000200)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
r2 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'macvlan1\x00', <r5=>0x0})
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000000)=ANY=[@ANYBLOB="280000001c0001010a00cd1e00f2ff0007000000", @ANYRES32=r5, @ANYBLOB="c300a6000a00020001"], 0x28}}, 0x0)
r6 = syz_io_uring_setup(0x404, &(0x7f0000000100)={0x0, 0x7b51, 0x0, 0x1, 0x376}, &(0x7f0000000000), &(0x7f0000000300))
io_uring_register$IORING_REGISTER_BUFFERS(r6, 0x0, &(0x7f00000002c0)=[{&(0x7f0000003440)=""/4097, 0xfc9e}], 0x1)
io_uring_enter(r6, 0x7be, 0x10dc, 0x4a, &(0x7f0000000180)={[0x8, 0x6]}, 0x8)
ioctl$DMA_HEAP_IOCTL_ALLOC(r2, 0xc0184800, &(0x7f0000000100)={0x4, <r7=>r1})
rseq(&(0x7f0000000140), 0x20, 0x1, 0x0)
ioctl$DMA_BUF_SET_NAME_A(r7, 0x40086203, &(0x7f00000001c0)='\x02\x00\x00\x00\x05\x00\x00\x00-control\x00')
r8 = socket$phonet_pipe(0x23, 0x5, 0x2)
io_setup(0x3ff, &(0x7f0000000200)=<r9=>0x0)
io_submit(r9, 0x1, &(0x7f0000000240)=[&(0x7f00000001c0)={0x0, 0x0, 0x0, 0x8, 0x0, r8, &(0x7f00000002c0)="0bb60d000000000000", 0x9}])
ioctl$DMA_BUF_IOCTL_SYNC(r7, 0x40086200, &(0x7f0000000080)=0x2)
r10 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0006}]})
close_range(r10, 0xffffffffffffffff, 0x2000000)
ioctl$DMA_BUF_SET_NAME_A(r7, 0x40046201, &(0x7f0000000040)='f*%$\xd7:%)/*-]-\x00')

3.893645241s ago: executing program 1 (id=3623):
ioctl$KVM_XEN_HVM_CONFIG(0xffffffffffffffff, 0x4038ae7a, &(0x7f0000000180)={0x1, 0xaa4, 0x0, &(0x7f0000000340)})
r0 = fsopen(&(0x7f0000000040)='fuseblk\x00', 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r1, 0x0)
io_setup(0x5, &(0x7f0000000140)=<r2=>0x0)
r3 = eventfd2(0x0, 0x0)
io_submit(r2, 0x1, &(0x7f0000000280)=[&(0x7f0000000000)={0x1802, 0x0, 0x0, 0x5, 0x0, r1, 0x0, 0x0, 0x0, 0x0, 0x1, r3}])
ppoll(&(0x7f0000000040)=[{r3, 0xc591}], 0x1, 0x0, 0x0, 0x0)
shutdown(r1, 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f00000001c0)='fuseblk\x00', &(0x7f0000000200)='fuseblk\x00', 0x0)
read(r0, 0x0, 0x27)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
ioctl$KVM_SET_SREGS(r6, 0x4138ae84, &(0x7f0000000280)={{0x1, 0x8080000, 0xf, 0x5, 0x4, 0x9, 0x3, 0xb, 0x0, 0x1, 0x3, 0x3}, {0x8080000, 0x1000, 0xe, 0x14, 0x1, 0x9, 0x3, 0xe, 0x40, 0x6, 0x6}, {0x3000, 0x5000, 0x4, 0xf, 0x5, 0x3, 0xc3, 0x80, 0x3, 0x8, 0x5, 0x3}, {0x100000, 0x3000, 0x1a, 0xf9, 0x7f, 0x6, 0x8, 0x7f, 0x9, 0x2, 0x3, 0x2}, {0xd000, 0x8000000, 0x0, 0xd, 0x3, 0x2d, 0x6, 0xc, 0xfc, 0x0, 0xff, 0xe5}, {0x2, 0x10000, 0x8, 0x15, 0x6, 0x7, 0x10, 0x1, 0xbf, 0x98, 0x2, 0x4}, {0xd000, 0x8000000, 0x83eba38b718fbea4, 0x7, 0x0, 0xf, 0x10, 0x3, 0x4, 0x0, 0x4, 0x9}, {0xdddd0000, 0x10000, 0xa, 0x4, 0x3, 0x3, 0x0, 0xf9, 0x9e, 0x8, 0x0, 0xfe}, {0x3000, 0xcc}, {0xd000, 0x17}, 0x40019, 0x0, 0x2000, 0x0, 0x100000002, 0x1000, 0xdddd1000, [0x2, 0x3, 0x9, 0x7]})
ioctl$KVM_SET_CPUID2(r6, 0x4008ae90, &(0x7f0000000480)=ANY=[@ANYBLOB="01000000ffffff7f050000000000000003000000020000000400000000000000000000e900"/48])
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
ioctl$KVM_SET_CLOCK(r8, 0x4188aec6, &(0x7f0000000040))
r9 = socket$inet6_icmp(0xa, 0x2, 0x3a)
setsockopt$inet6_icmp_ICMP_FILTER(r9, 0x1, 0x1, &(0x7f0000000080)={0xacc}, 0x4)
syz_emit_ethernet(0x140, &(0x7f0000000600)={@remote, @multicast, @void, {@ipv4={0x800, @udp={{0xe, 0x4, 0x1, 0x8, 0x132, 0x67, 0x0, 0x3, 0x11, 0x0, @private=0xa010100, @broadcast, {[@timestamp_prespec={0x44, 0x14, 0x79, 0x3, 0x7, [{@private=0xa010102}, {@empty, 0x6}]}, @lsrr={0x83, 0xb, 0x79, [@rand_addr=0x64010102, @dev={0xac, 0x14, 0x14, 0x1a}]}, @ra={0x94, 0x4, 0x1}]}}, {0x4e23, 0x4e23, 0xfa, 0x0, @gue={{0x1, 0x1, 0x1, 0x0, 0x100, @void}, "b63f91ebe522b000202839407b898aa56be859d1c8b05b2918ce71ae5dfcb700d00124fa0e70d5076f26fa042da32b00ea78d72948c646e0201f992d6f55c86b80ec6ff6c1e218e16ea33f644c6a43a2d55789d94018a1c0143e5983c0d8ab21cbe8e1e0f844690237ff00d4a433527c3f3c233761ec88a527080ababc55887dec116ba3555f454e81e0025b94193f10ff4ae595b6535ae43c6ea13afdc3c37c92f2669662efcb6fe0cf3e9974e394a0a8c76255808ae5e62e06bf62769549293f97a3197fb90351cc17977cfbe211049c2a91fa5fc35e36dd5ff28f377dfe42546b4b2546b463bee73ea3e91561"}}}}}}, 0x0)
r10 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r10, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0x18ff2}], 0x1, 0x0, 0x0)
ioctl$KVM_SET_CLOCK(r8, 0x4188aec6, &(0x7f0000000040)={0x0, 0x8, 0x0, 0x95d})

3.343920407s ago: executing program 4 (id=3624):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x3, 0xc, 0x0, &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$SO_BINDTODEVICE_wg(r2, 0x1, 0x19, &(0x7f0000000040)='wg1\x00', 0x4)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r4 = dup(r3)
write$6lowpan_enable(r4, &(0x7f0000000000)='0', 0xfffffd2c)
syz_io_uring_setup(0x121d, &(0x7f0000000480)={0x0, 0xfffffffd, 0x80, 0x0, 0x2ef}, &(0x7f00000002c0), &(0x7f0000000080))
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x2, @val=@uprobe_multi={0x0, 0x0, 0x0, 0x6, 0x0, 0x1}}, 0x40)
r5 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r5, 0xaf01, 0x0)
r6 = eventfd(0xffffffff)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=ANY=[@ANYBLOB="340000003e0007010000000000000000017c00000400fc800c000180060006006558000008000280040011"], 0x34}, 0x1, 0x0, 0x0, 0xc000}, 0xc010)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r8 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_TEST_OP_ADD_RESERVED(r8, 0x3ba0, &(0x7f0000000740)={0x48, 0x1, 0x0, 0x0, 0x10000, 0x80000001})
ioctl$IOMMU_IOAS_MAP(r4, 0x3b85, &(0x7f00000007c0)={0x28, 0x2, 0x0, 0x0, &(0x7f0000000780)="5dfeff4ba80d7db15cd787", 0xb, 0xa})
ioctl$VHOST_SET_LOG_FD(r5, 0x4004af07, &(0x7f0000000240)=r6)
ioctl$VHOST_SET_VRING_KICK(r5, 0x4008af20, &(0x7f0000000040)={0x1, r6})
ioctl$VHOST_SET_VRING_ADDR(r5, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r5, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74})
ioctl$VHOST_SET_MEM_TABLE(r5, 0x4008af03, &(0x7f0000000680)={0x1, 0x0, [{0x0, 0xfffffeac, &(0x7f00000001c0)=""/115}]})
ioctl$VHOST_VSOCK_SET_RUNNING(r5, 0x4004af61, &(0x7f0000000000)=0x1)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000003c0)={r1, 0x0, 0xe, 0x0, &(0x7f0000000340)="c1dfb080cd21d308098e00000000", 0x0, 0x6, 0x0, 0x0, 0xfffffffffffffdcc, 0x0, 0x0}, 0x4c)
r9 = dup(r0)
write$6lowpan_enable(r9, &(0x7f0000000000)='0', 0xfffffd2c)

3.132257829s ago: executing program 0 (id=3625):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x3, 0x8, &(0x7f0000000d80)=ANY=[@ANYBLOB="1800000000000000000000000000000018020000", @ANYRES32, @ANYBLOB="0000000000000000b703000000000000850000000d000000b70000000000000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000003c0)={r0, 0x0, 0xe, 0x0, &(0x7f0000000340)="c1dfb080cd21d308098ee68888a8", 0x0, 0xadf0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) (fail_nth: 9)

2.919764784s ago: executing program 3 (id=3626):
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r1 = syz_open_dev$video4linux(&(0x7f0000000000), 0x2ee, 0x282)
ioctl$VIDIOC_S_STD(r1, 0x40085618, &(0x7f0000000180)=0xf900)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002040)={0x18, 0x3, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000c8c60000000000000000009500000000000000"], &(0x7f0000000000)='syzkaller\x00'}, 0x94)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'generic-gcm-aesni\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, 0x0, 0x0)
r4 = accept4(r3, 0x0, 0x0, 0x0)
sendmsg$alg(r4, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=[@assoc={0x18, 0x117, 0x4, 0x202}], 0x18}, 0x0)
sendmsg$nl_route_sched_retired(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000012100), 0xe078}}, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0x8e70c90ea0a5a1a1, 0x3, 0x0, 0x8000, 0x80}, 0x50)
r6 = syz_io_uring_setup(0x7f39, &(0x7f0000000700)={0x0, 0x982, 0x400, 0x2, 0x10a}, &(0x7f00000007c0), &(0x7f0000000800))
io_uring_register$IORING_REGISTER_RESIZE_RINGS(0xffffffffffffffff, 0x21, &(0x7f0000000840)={0x0, 0xf136, 0x20, 0x3, 0x1ef, 0x0, r6}, 0x1)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x1f, 0x10, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000005000000000000008000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b702000003f80000850000008600000018010000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000050000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000200000085000000a600000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x11}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffd85, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4001b}, 0x4c)
recvmmsg(r4, &(0x7f0000002180)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000000780)=[{&(0x7f0000000500)=""/254, 0xfe}, {&(0x7f00000000c0)=""/50, 0x32}, {&(0x7f0000000600)=""/97, 0x61}, {&(0x7f0000000680)=""/114, 0x72}], 0x4}, 0x3f}], 0x2, 0x60, 0x0)
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_int(r7, 0x29, 0xb, &(0x7f0000000000)=0x205, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r2}, 0x10)
sendmsg$netlink(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000005d00)=ANY=[@ANYBLOB="140100002e00010000000000fcdbdf250301f2800c00180008ac0f00000000001400010000000000000000000000ffffac14141650bb2d6f67d29d6fabadb107d0def49c88ea04abde1d5e8d3fb22a1b5046778bdafefc46b0449ade68bf84b36ec72dd71265fc2e882348c26c2126237dd5b37f5ae655b1086cda402202ec58754734be319750351dc076eb43d9621dc08c029d1608a46cf26fbe816b89f7cb81bff81a8b9482565856555ee923c65973deb0a99b962bc0fe94a3fcae3697bd7b85b3a682167c43dbf137115a40ebddcad74875ec58e9a3ddb9ad02a078cf0d972df9e99f079767734f69ce475f00ac64337803f5eb4e5842f4d98fe3fa370d47eb640dc5061dc35817c8a66c29be0400e90000"], 0x114}], 0x1, 0x0, 0x0, 0x1}, 0x4040000)
r8 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r8, &(0x7f00000000c0)={0x18, 0x0, {0x4, @local, 'veth0_virt_wifi\x00'}}, 0x1e)
connect$phonet_pipe(r4, &(0x7f0000000200)={0x23, 0x4, 0x7, 0x7c}, 0x10)
ioctl$PPPOEIOCSFWD(r8, 0x80047453, &(0x7f0000000040)={0x18, 0x0, {0x4, @local, 'bridge_slave_1\x00'}})
r9 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000040)={'bridge_slave_0\x00', <r10=>0x0})
r11 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r11, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000440)={0x38, 0x0, 0x8, 0x201, 0x0, 0x0, {0xa, 0x0, 0x5}, [@CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x11}, @CTA_TIMEOUT_DATA={0xc, 0x4, 0x0, 0x1, @tcp=[@CTA_TIMEOUT_TCP_FIN_WAIT={0x8, 0x4, 0x1, 0x0, 0x10001}]}, @CTA_TIMEOUT_L4PROTO={0x5}, @CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x6}]}, 0x38}, 0x1, 0x0, 0x0, 0xc048801}, 0x24008064)
sendmsg$nl_route(r9, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@bridge_newneigh={0x28, 0x1c, 0x401, 0x70bd28, 0x25dfdbfd, {0x7, 0x0, 0x0, r10, 0x80, 0x9058f1eb70562f67, 0x1}, [@NDA_LLADDR={0xa, 0x2, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}]}, 0x28}, 0x1, 0x0, 0x0, 0x1}, 0x24040040)

2.622121116s ago: executing program 0 (id=3627):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="440000000206030000000000000004000000000005000100070000000900020073797a31000000000c000780050015001200000010000300686173683a69702c6d616300"], 0x44}}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000740)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
r4 = socket$kcm(0x10, 0x2, 0x0)
recvmsg(r4, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000002640)=""/4096, 0x1000}, {&(0x7f0000000600)=""/235, 0xeb}, {&(0x7f0000000540)=""/167, 0xa7}], 0x3}, 0x0)
write$cgroup_subtree(r4, &(0x7f0000000000)=ANY=[@ANYBLOB="364000002600913e"], 0xfe33)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = socket$inet6_sctp(0xa, 0x5, 0x84)
io_uring_setup(0x58e1, &(0x7f0000000440)={0x0, 0x730a, 0x40, 0x1, 0x1ea})
io_uring_register$IORING_REGISTER_PBUF_RING(0xffffffffffffffff, 0x16, &(0x7f0000000140)={&(0x7f0000001000)={[{0x0, 0x5, 0x3, 0x700}]}, 0x1, 0x1}, 0x1)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(0x0, 0x0, &(0x7f00000002c0)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x20, 0x10, r5, 0x0, 0x0, 0x0, 0x60, 0x1, {0x1}})
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r6, 0x0, 0x4000)
io_uring_enter(0xffffffffffffffff, 0x3517, 0x173d, 0x42, 0x0, 0x0)
r7 = syz_open_dev$sndctrl(&(0x7f0000002b80), 0x1, 0x8000)
ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r7, 0xc2c45513, &(0x7f0000002e00)={{0x8, 0x7, 0x3, 0x1ff, 'syz0\x00', 0x7e}, 0x0, [0x8, 0x8, 0x1000, 0x0, 0xb3d, 0xffffffff, 0x5, 0x901, 0xbbf, 0x7, 0x15b, 0x9, 0x5944, 0x5, 0x7, 0x4a7, 0x9, 0x5, 0xfff, 0x3, 0x2c, 0x400, 0x40, 0x10000000, 0x6, 0x0, 0xfffffffe, 0x800, 0x3, 0x3, 0x4, 0x6, 0x6, 0xfff, 0x3ff, 0x9, 0x5, 0x3, 0x5, 0x9, 0x7, 0x8000, 0xffff8000, 0x80000001, 0xe, 0x0, 0x2, 0x0, 0xe, 0x4, 0x9, 0x5, 0x400, 0xffffffff, 0x9, 0xfffff647, 0x8, 0x4, 0x5, 0x0, 0x9, 0x9, 0x5, 0x8, 0x98, 0xbe, 0x6, 0xa, 0x7, 0x80000000, 0x81, 0x10001, 0x2, 0x80000001, 0x69d, 0xb, 0x3, 0x1, 0x8, 0x9, 0x7, 0x9, 0x1, 0x3, 0x1, 0xffff, 0x6, 0x8, 0x7ff, 0x4, 0xef, 0xff, 0x6, 0x3, 0xf86, 0x589f, 0x3, 0x9, 0x895, 0xfff, 0x9, 0x89, 0x4, 0x1, 0xe0b2, 0x9, 0xfffff561, 0xe, 0x3, 0x3, 0xfffffffa, 0x3, 0x2, 0x1, 0x2ba, 0x1, 0xe, 0x0, 0xf, 0x2, 0xf2, 0x4, 0x0, 0x7, 0x2, 0x7, 0x6, 0x100]})
r8 = syz_open_pts(0xffffffffffffffff, 0x802)
ioctl$TIOCSTI(r8, 0x5412, &(0x7f0000000100)=0x95)

2.490816154s ago: executing program 3 (id=3628):
r0 = syz_open_procfs(0x0, &(0x7f0000000280)='net/netstat\x00')
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
pread64(r0, &(0x7f0000000480)=""/177, 0xb1, 0xa6)

2.296437522s ago: executing program 3 (id=3629):
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x100)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000180)={0x0, 0x0, 0x0, 'queue0\x00', 0x80000000})
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000600), 0x4000, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000040)={0x0, 0x2, 0x7ffffffff000, 0x1000, &(0x7f0000ffb000/0x1000)=nil})
r3 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
listen(r3, 0x200)
ioctl$SIOCX25SFACILITIES(r3, 0x89e3, &(0x7f0000000000)={0x64, 0x81, 0xb, 0x6, 0x400, 0x81})
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000240)={0x5, 0x6, 0x0, 'queue1\x00', 0x7})
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = socket(0x10, 0x2, 0x0)
sendmsg$nl_generic(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000280)=ANY=[@ANYBLOB="1c00000015000103000000000000e7ff0b00000008000100", @ANYRES8=r5], 0x1c}, 0x1, 0x0, 0x0, 0xc001}, 0x4000000)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r8, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha384\x00'}, 0x58)
ioctl$KVM_CREATE_IRQCHIP(r7, 0xae60)
r9 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000680)=ANY=[@ANYBLOB="9feb010018000000000000000ce8ffff0b00b79bcd4ddfce88f1d5530000020000000000000000000088000000000000"], 0x0, 0x26, 0x0, 0x1}, 0x28)
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, &(0x7f0000000340)={{0x1, 0x1, 0x18, <r10=>r2}, './bus\x00'})
r11 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_FLUSH_PMKSA(r10, &(0x7f0000000480)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x20, r11, 0x10, 0x70bd2c, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x7, 0x18}}}}, [""]}, 0x20}, 0x1, 0x0, 0x0, 0x20000000}, 0x40080)
r12 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x2)
getsockopt$inet_pktinfo(r10, 0x0, 0x8, &(0x7f00000004c0)={<r13=>0x0, @initdev, @multicast1}, &(0x7f0000000500)=0xc)
bpf$MAP_CREATE(0x0, &(0x7f0000000580)=@base={0x21, 0x5, 0x9, 0x3, 0x100, r10, 0x4, '\x00', r13, r9, 0x0, 0x5, 0x3}, 0x50)
r14 = dup(r12)
ioctl$KVM_SET_MSRS(r14, 0xc008ae88, &(0x7f0000000640)=ANY=[@ANYBLOB="820000000000000072000040"])
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
ioctl$sock_bt_bnep_BNEPGETCONNLIST(0xffffffffffffffff, 0x800442d2, 0xfffffffffffffffe)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000100), 0x40, &(0x7f0000000540)={[{@redirect_dir_off}, {@userxattr}]})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r0, 0x40605346, &(0x7f0000000100)={0x1000000, 0x1, {0xffffffffffffffff, 0x2, 0xe}, 0x8001})

2.029111779s ago: executing program 3 (id=3630):
r0 = socket(0xa, 0x3, 0x8)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f00000002c0)={'veth0_to_team\x00', &(0x7f0000000280)=@ethtool_channels={0x3d, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1}})
r1 = socket$inet_udp(0x2, 0x2, 0x0)
r2 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r2, &(0x7f0000000000)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB="0207a20802"], 0x10}}, 0x0)
bind$inet(r1, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
connect$inet(r1, &(0x7f0000000480)={0x2, 0x0, @multicast1}, 0x10)
setsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000080)={{{@in=@broadcast, @in6=@dev={0xfe, 0x80, '\x00', 0x31}, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x4}, {0x1}, 0x0, 0x0, 0x1}, {{@in=@multicast1, 0x4d5, 0x32}, 0x0, @in6=@ipv4={'\x00', '\xff\xff', @remote}, 0x0, 0x0, 0x0, 0xb7}}, 0xe8)
sendmmsg(r1, &(0x7f0000000180), 0x400000000000077, 0x0)
r3 = socket(0x10, 0x803, 0x0)
ioctl$sock_SIOCETHTOOL(r3, 0x8946, &(0x7f00000002c0)={'veth0_to_team\x00', &(0x7f0000000000)=@ethtool_channels={0x3d, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2}})

1.937731151s ago: executing program 1 (id=3631):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000ac0), r1)
sendmsg$IEEE802154_LLSEC_SETPARAMS(r1, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000b40)={&(0x7f00000003c0)={0x20, r2, 0x5, 0x0, 0x0, {0x22}, [@IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan1\x00'}]}, 0x20}}, 0x2000c094)
sendmsg$IEEE802154_LLSEC_LIST_SECLEVEL(r0, &(0x7f0000000140)={&(0x7f0000000000), 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x14, r2, 0x2, 0x70bd29, 0x25dfdbfe, {}, ["", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x20000090}, 0x0)
r3 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), r0)
sendmsg$NLBL_CIPSOV4_C_ADD(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)={0x74, r3, 0x1, 0x70bd25, 0x0, {}, [@NLBL_CIPSOV4_A_DOI={0x8, 0x1, 0x3}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x3}, @NLBL_CIPSOV4_A_TAGLST={0xc, 0x4, 0x0, 0x1, [{0x5, 0x3, 0x7}]}, @NLBL_CIPSOV4_A_TAGLST={0x3c, 0x4, 0x0, 0x1, [{0x5, 0x3, 0x6}, {0x5, 0x3, 0x6}, {0x5, 0x3, 0x5}, {0x5, 0x3, 0x2}, {0x5, 0x3, 0x1}, {0x5}, {0x5, 0x3, 0x2}]}, @NLBL_CIPSOV4_A_DOI={0x8, 0x1, 0x1}]}, 0x74}}, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
statx(0xffffffffffffff9c, 0x0, 0x2000, 0x40, 0x0)
r4 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000080), 0x256f16877c8c0da9, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
writev(r4, &(0x7f0000000ac0)=[{&(0x7f0000000540)="fda30e2ed46d812ed92603b91ac31eefb5b2ccfa1cb7a0ca9c2bd0222c413df2ccb809667f75c65acbafdb4ad02cd328496ac923d3ac3d68534bee0591dceeb1cf9c827efb64904c90456df08642720402e3dd23ac2772d5cd3abe9d605231d941fbb92dfa7b99d5703da533caefd7b7a44240faac7692e9d6d82a7b277fc0dd869b34d9355b6e09dac2aafc20a9c25af1267aed165ecc63c88e8cf616fdafbfbb98efc63920fc7afa36be78d02fe5f1627f", 0xb2}, {&(0x7f00000006c0)="93e43645e17fae8ec433dcbe8e7d749daec93b1863502570f54c5a0d9487155d6bd6cadf025c2b4b6e22219cb6c99624451a7c20c5fed5df6ce8199a64320abbf447e4711ffb58123c354db8b9246fab592bd6ba2b49605c2955", 0x5a}, {&(0x7f0000000b40)="69911be93b1f41f874f25217a50473ac98310c835f0f591cbcdfeda181489fd01440a9dae5cb16070c60ea51a1b728d517209bfaafd04fbb4a6caabe116fd2d79c217f3387731c014b0e9fce63b88c97f2663c3ad6d1489e083186336952689b16e4fb81b0f9fc3b681023ffd071b94a677383abfc9aa41d9a694672703de4f8861c4a876fbc43c8348a0398fbb1d18525e26ab2042dc7e4ef7a9b86feda0b36cca8ebd0fd2abcf389896cfbd7a26ad2efa2b9c3b43e0be0154146e55b4f8913644cec8b8a879120d5df63ae0f27ac2f951b728ea535f975d59d125804873180ba97f5736374dc430a1adf8736f4b8871c751619f9ec67c569", 0xf9}, {&(0x7f0000000840)="5c4a5600c958caf6081d414a835d82c25586c49ee6870eaf106684391fd4008384f0200fb0297fb793ad8cae9fba30b7a28a9103b36f8746226d9cfa1f85f88eb77b845a510317c12a1de55209676e", 0x4f}, {&(0x7f0000000280)="12157f9d06de06f1fcba", 0xa}, {&(0x7f00000008c0)="920e1edd0572fc19c13473c425350a7202955ac2db7ba8d786393df7271adc836e3b1fc01450e692232c4534233fda66768180dbd3ff01b0b9bacc759cfd95afa8d10add87d168868150cdcd5f3fd6c564c72485a56d676227", 0x59}, {&(0x7f0000000940)="b31de5abcc9b194bad8a16355b3cc006c2e1eabeed99a85a9464493c1cf5892509004e261cac7a3ef10800000000000000bf1f2146f3b8f1ed5daa9bbbdb49c479987389", 0x44}, {&(0x7f0000000300)="fa4f3fcde774", 0x6}, {&(0x7f0000002700)="84d6da857409875e7f6cb952b3000872999c23f6ebca32c4b51ba951332428d72067e46b622b033abd385a1fe229bade840eb62d3d2161f2901bc4415671d3a262f7c992b16726d2981a73653e7d77c447a9d6a162819b48d20d10f67ea663065d0d89c40b3a24885dbb9259f7fcdf811e793271fe0194f36460d92fcc8c3528e64abc4aef0380cf6a30a4dc79e212900268e241752c0956242b780c2f742966797e9ec8b88e3af293ad2beda23a30ff425933aa40f6bbcb60ed76b615986dde5a66b6d61ce716f61768e80fbbb3901647499882289633c21153abe932a52bcda96b293adc82042224502779300ab0427a6392f034883d105c66cde4cadce3d6d2701d0e50f25b12f5181888e63893952b826c892e461364e551d440d403ced5d1d872e95ab2eeb86a23830b78879d6c8a9c4d8f37fe444fe8484f907b1fe9c0a165f9741ad7c9bb87f565005d4bfaf8ab6346f0ae5de165c406def9d22a1838dc07c9f8e8563a8c352fb7acb259ef2880f681120f82431ed79c897acdef259eae385206e66508282584e16b9fc0e00445496508fe33f565495a998541e4253435240fcce74a9ba38ad89f0490ae9b4337b66d62d627f2091d273bc340d3fd5edcb28edd743c52fe634536a5687a2930d6066f32483c42e016bbc1f721c93207d8780f9a0dc628b1ae70e365e2e07c1fd96f7149ed88f344b117d3dcb0a1958ff0ca5285933ebe0ca1c072fee398c73a7ac886949646a86361e61965463ec1c3c35418f39e1353f313b6c145f8dd8704f599b25f93bafbc3370ccc547ec3dae622f7629aad87465b3639ef002e1dce1a04483f6a4f52f9e2d15e22e3c67dda7fcf85e8baf935bb61d17e5991fada9cb1d500fdb4c21a1aefa8de81ebd1db31108f6461e33e13bd015731bc6ba388cdaaad6466902747589844e9c537dd726242fc0edb167025058d7fbdc0d703b8a96dde0cc5724e82926db09ace1daaf4b4f850c07b799dfbaf50c5b08032bf20551bd70e248ddf082fb75e3d7503329ea2107a93515e35c90cac11bb983ad9345a356fbbba84c7171c4ddd277d12d90c47f69e783729d8277a86f2dc057517e1a1d7e82475927c4f091efa18768796507622a1319ea27cad3dbfcc4af5d519d654090d5bd74089d2d56446be9ff3eb24ab31701fd38fe197dd1f135e86fc5e2e05554ab5e79622eb97a2c2031ebadd12f4a18b2156905daa65effae9e7091b591305013b0e16000c99a1b2a6be2e95c8b06d8a47e95867b1d385122beafa736e48bcaddcf399e28362a649a6c2388b8d486e0fa7d98167f102df8ea9e92383d86b0ea642fe8a73518ac9945eb692011cf08575a705adc8880fc79d684781779a1c35efd1d38afce01986ed4e2b4e21e5bf03542a150af2e731553c3fa815c313a2e75ae09c50922b2e5607ab41d91fff6890597f88a1ce62baa7257c2b0ec0744f7eac0cdb0e51ca3198ad2d9f4549143f7d8a7702eacfcf4d6c6430bedf02c0814d291064e7dfbe8e547b8d42179e4cde2d821cf6e407b28483d52a2382d4684385a0e168c017d5dc8e37e63b379df3bdf6209c3a7bd4e0f8396234010153a44d6f6a12b6edd7050ec7d5144f2d47dd1dd65a192fad295300ac5773ecb70c1dcda5063da67c1362740a91df8068bd4d556bb30f77a02029de98e039a7f1555aa84cb64f1228d361d3d43eb08db0a15d573b948efcf8bf2fb35c47eeefb16d9ecdc686725cc8c8e378b8a61e53185da8abac9950b5129dbae171b8a9baced6ef8f6c68baba3c514b80753f0277858826569ff636f70c7597b9ae13c7824491c96d479d1ef2d62461cf6b42f49ad602756da03f27857809001bf6482e605f659e30178cae04e1f2ff86aba9da33f07da5d0fce17a6f99b0eb6ba01013c81b4bf9814ee83ca0bdfc23ff61aa523cfd8f1c5ee2fdd80a40e8925bce6b3c5b52183fcba61b952fb7caddfff251d9bc9752cac6efa009b5329a14c5da12cbe969049ce62a313259b97fffb8476bf767d8dbb74e3dc4dacc8814f082886818dcde97c2a39f209ba5998bb8cba09bfef484034afc336e0ddf6fd33950cebe25b9a80ab4635876a3a5fc0459d16503061c85791d0b580d6fcbc37a9b688be49018c686a66458898cea989500602b187be1455b1f5d9f14423b212e532a0e1f2925fa5df335fce1f4c06b5e00614d0cca5a8460824ee2efa2cbba5f34286dd3897511701faa5c7213b2825823870844747c824424a28441a1b9f7c82454c2eb52eff603208c2bdc7dca01c5df42724b51ece81bb489dace70dd6f20b6cb24ded661fd71df9b0beed8e75c0b192a09fc0b82a46758bc561e1d80ff86174a64220fb9bf58d418ef0004f094f02969406754e288b5e2ca69462817606b04838d718f793c411f3cef1f2d9ae45df07eb96ea34f7ad255b9c33c5b17797a83f22ed59dff472851b9664524fbb775e10025e30d520186278abe71a650cf50050629d9f0be28a247c31295b4ecde25eea5fa6b64f9d614dc111867002d0ac174994064bf6c37a0036b14ee266b0f83022768bfacd9c658b42ec98addec809a115da93bfc7bc7232e48d5554b6a939dd8eccf8c26a1d3ba1ccc44ad2825503c3a9440b2fe425371d4910b3efbde0a42489994c462d8771d59bf8261d48a40997e8d5539ce957db188fc26f8c04702d0f0220d1878ac6473de7fda327451f15c260f73375d6ae8439770480522fe72fe0cc3f43e5600376429d0f969709ea1805cc9795430702e813631b2a5e7e513846a652ee0ae8c0959a00239c7296d8276b9bfe9f6caf667b99dfcd4596c12e2577a76430892345112ee415a6ffa5696cb3bbb13f0cc77579e6d52bcf0cb60d0ce084d722041c99ae0f18488ec613d00cea8770d1247439199b77b31b30d9ab9c38d15353e584370819c36da22ce953e48d3d1e58e7955e47bbc0da56c30daf1da6c7661af5881f5e42e865644200ee42f0564d15fa5ed28791e7455d097c0bb509c65adbb94449d72ce74a54d791d0c5d6d57b9bdea5d356b5255a177213fe840facc9a1f9452f600006aebc8c47aa737f95df5968e8a1d831d3bf2eee5f6a914e42f54e7b4dfaf0de51bb1e9be1ac69653cfae462d4d0457f054ad7734726380c2ce14ca40198be30b110023835606ca4f8e440441abfee8f4abf112af86799ca0c2bcf5796f5ebf75f31af1d96b98f9a2de9852c1518d252ade415f608e47bf357b2367d3552c3a68d698e4082ccbd45295bf019a7d0aba1ce0a3b587459af04d62e6b161c115e7527ab88dcb87143db5bbead23da06bc13b027cfe1d850a2049f9b4f3e17bdc0c057a7f4cbdff2af7e0954f516e81243ca7411b0a30ff34d3d400cf35597b01048b37dc56fea18230e9dcca6c27cce5a1dee263ccb889a00f85d6166696b1b6ea9a1be07f64a1d9fa9da308969b5b762448d5bf373358187f23c8e91b376144394f62e81a133532e4a924e153290850849ff05aadc8c85c0f30e894111fa56a5d1773b58102740be20e1708e260beca13e03109c06a8527f6ec5ca6bdb1a51edd67cfde6563a0e29fac14f9195f61b2f52fbef83def4b6aa5bd961cef53f8b5b6f62348b1fe010fa488aed054d702d7636b1b7b80ca1bb0363a80766d8da3d6abbc56a8cd230abc54b03758b1a8c97bb3e326d3249fadde8eb3f9c37d078fb25a0396727655b45146dc5ce9816a381a4a5ec26b4aac8dce324452b6901b086115c02f2e7d4731cddc4be2121778eb14b980bcebeaf0b7650f451f1b23af984e81d8b8043161f7d174e06b6490bc7b2c72f83f881059557c4571fe536018903fa5aa9e1adf4518871ee3f4288e0860db63aea5337fdbcf86cf4a56e07598c77a1ff8453ed4cbd426ca66eaa57e6f5510bcb3b8ebd7c0eab505aea8379c3556becb7dccface3b11bc2153e1f33448ce293c1859bdc35b0db4c7ce00fbaef80f6e9811e1a8b757b6e2be756bdd4a3c5750a60aa39b7c236182d1729d79106d63e6e2746b3effd7d1e600c47f85b8198b8bcb56ad6957539ca65d166c2cd1200689f1a6fe17ad8f38a7806c4c4b85ce94b5dc3944f5d2059d7386c100c3bdd697738220f7a77476776220c80354500e26c27ef664e5b5c3e2211b3e319374d98dd26634384ab67105f51acb30f159c41b5a898454b722b76c181a6d945e450b988732ed778c4510844d5cdbc050c1e23ccce7e6c6a94bde7aec5b1eb32a820a0a65669b8afc31215dff6fac14c208417d6959015b11f75d6ce4aba07d513b30253faad894384f799ae553a9b63fd2f7ab7a07a13d032e275391e0ea3dfd2b968c08799e0074d1f88ef25decb05425b649930e896b8f707fb4c613a6097dfcefa6b56719c0259df12f4391e97a7fd9cf3876c6147e2ca984fec7d25d6b3c365d3768f39a3412cdf8363b52710f868c33d3fcb9af9f3b07f8fade6417893b9f7d834aab0081f6f3d41441fc3592549bbfadfade9e9c77728f27ad9da03f71e1f4e5d17fd59f3208c07f36d25397e23c3e5440b68d075dea634f94a8138fadf8e876765d1ff7ca0cd609b2f4775715c97e25e2e5f459c238d3deb791af91516cca44528d171443f17cac56373e31cba26d1ec3e5238675ece9866d448ec73872a090ff4112068d72ef2fe0c417040e0db75c9738ea60a592a4f5e05651fd165762375025", 0xcfd}], 0x9)
r5 = socket$inet_udp(0x2, 0x2, 0x0)
r6 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r7=>0x0})
r8 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r9 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x8}, 0x48)
r10 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x10, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b702000002000000850000008600000018110000", @ANYRES32=r9, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r10, r7, 0x25, 0x0, @val=@tcx}, 0x40)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r5, 0x89f0, &(0x7f0000000180)={'tunl0\x00', &(0x7f0000000440)={'gretap0\x00', r7, 0x7, 0x10, 0x4, 0x60e, {{0x20, 0x4, 0x2, 0x20, 0x80, 0x65, 0x0, 0x4, 0x29, 0x0, @local, @private=0xa010102, {[@end, @timestamp_prespec={0x44, 0x2c, 0xe6, 0x3, 0xf, [{@initdev={0xac, 0x1e, 0x1, 0x0}, 0x8000}, {@local, 0x1}, {@rand_addr=0x64010100, 0x5}, {@multicast2, 0x10}, {@private=0xa010100}]}, @timestamp={0x44, 0x1c, 0x17, 0x0, 0xe, [0x8, 0x0, 0x7fff, 0xc, 0x401, 0x80]}, @lsrr={0x83, 0x23, 0x7a, [@local, @multicast1, @private=0xa010101, @local, @multicast2, @broadcast, @loopback, @dev={0xac, 0x14, 0x14, 0x3e}]}]}}}}})
getpeername(r5, &(0x7f0000000340)=@can, &(0x7f00000001c0)=0x80)

1.89387702s ago: executing program 4 (id=3632):
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r1 = syz_open_dev$video4linux(&(0x7f0000000000), 0x2ee, 0x282)
ioctl$VIDIOC_S_STD(r1, 0x40085618, &(0x7f0000000180)=0xf900)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002040)={0x18, 0x3, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000c8c60000000000000000009500000000000000"], &(0x7f0000000000)='syzkaller\x00'}, 0x94)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'generic-gcm-aesni\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000140), 0x0)
r4 = accept4(r3, 0x0, 0x0, 0x0)
sendmsg$alg(r4, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=[@assoc={0x18, 0x117, 0x4, 0x202}], 0x18}, 0x0)
sendmsg$nl_route_sched_retired(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000012100), 0xe078}}, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0x8e70c90ea0a5a1a1, 0x3, 0x0, 0x8000, 0x80}, 0x50)
r6 = syz_io_uring_setup(0x7f39, &(0x7f0000000700)={0x0, 0x982, 0x400, 0x2, 0x10a}, &(0x7f00000007c0), &(0x7f0000000800))
io_uring_register$IORING_REGISTER_RESIZE_RINGS(0xffffffffffffffff, 0x21, &(0x7f0000000840)={0x0, 0xf136, 0x20, 0x3, 0x1ef, 0x0, r6}, 0x1)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x1f, 0x10, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000005000000000000008000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b702000003f80000850000008600000018010000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000050000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000200000085000000a600000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x11}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffd85, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4001b}, 0x4c)
recvmmsg(r4, &(0x7f0000002180)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000000780)=[{&(0x7f0000000500)=""/254, 0xfe}, {&(0x7f00000000c0)=""/50, 0x32}, {&(0x7f0000000600)=""/97, 0x61}, {&(0x7f0000000680)=""/114, 0x72}], 0x4}, 0x3f}], 0x2, 0x60, 0x0)
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_int(r7, 0x29, 0xb, &(0x7f0000000000)=0x205, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r2}, 0x10)
sendmsg$netlink(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000005d00)=ANY=[@ANYBLOB="140100002e00010000000000fcdbdf250301f2800c00180008ac0f00000000001400010000000000000000000000ffffac14141650bb2d6f67d29d6fabadb107d0def49c88ea04abde1d5e8d3fb22a1b5046778bdafefc46b0449ade68bf84b36ec72dd71265fc2e882348c26c2126237dd5b37f5ae655b1086cda402202ec58754734be319750351dc076eb43d9621dc08c029d1608a46cf26fbe816b89f7cb81bff81a8b9482565856555ee923c65973deb0a99b962bc0fe94a3fcae3697bd7b85b3a682167c43dbf137115a40ebddcad74875ec58e9a3ddb9ad02a078cf0d972df9e99f079767734f69ce475f00ac64337803f5eb4e5842f4d98fe3fa370d47eb640dc5061dc35817c8a66c29be0400e90000"], 0x114}], 0x1, 0x0, 0x0, 0x1}, 0x4040000)
r8 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r8, &(0x7f00000000c0)={0x18, 0x0, {0x4, @local, 'veth0_virt_wifi\x00'}}, 0x1e)
connect$phonet_pipe(r4, &(0x7f0000000200)={0x23, 0x4, 0x7, 0x7c}, 0x10)
ioctl$PPPOEIOCSFWD(r8, 0x80047453, &(0x7f0000000040)={0x18, 0x0, {0x4, @local, 'bridge_slave_1\x00'}})
r9 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000040)={'bridge_slave_0\x00', <r10=>0x0})
r11 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r11, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000440)={0x38, 0x0, 0x8, 0x201, 0x0, 0x0, {0xa, 0x0, 0x5}, [@CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x11}, @CTA_TIMEOUT_DATA={0xc, 0x4, 0x0, 0x1, @tcp=[@CTA_TIMEOUT_TCP_FIN_WAIT={0x8, 0x4, 0x1, 0x0, 0x10001}]}, @CTA_TIMEOUT_L4PROTO={0x5}, @CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x6}]}, 0x38}, 0x1, 0x0, 0x0, 0xc048801}, 0x24008064)
sendmsg$nl_route(r9, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@bridge_newneigh={0x28, 0x1c, 0x401, 0x70bd28, 0x25dfdbfd, {0x7, 0x0, 0x0, r10, 0x80, 0x9058f1eb70562f67, 0x1}, [@NDA_LLADDR={0xa, 0x2, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}]}, 0x28}, 0x1, 0x0, 0x0, 0x1}, 0x24040040)

1.739006885s ago: executing program 3 (id=3633):
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000380)={'bond0\x00', 0x0})
socket$inet(0x2, 0x3, 0x2)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000066000000004b64ffec850000006d000000c50000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
unshare(0x6a040000)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
socket$inet6(0xa, 0x6, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
r2 = dup(r1)
r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$ARPT_SO_SET_REPLACE(r3, 0xa02000000000000, 0x60, &(0x7f0000000000)={'filter\x00', 0x1002, 0x4, 0x3ac, 0x0, 0x0, 0x0, 0x2cc, 0x2cc, 0x2cc, 0x7fffffe, 0x0, {[{{@uncond, 0xbc, 0xe0}, @unspec=@STANDARD={0x24, '\x00', 0x0, 0xe0}}, {{@uncond, 0xbc, 0x10c}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @mac=@multicast, @rand_addr=0x64010102, @rand_addr=0x64010101, 0x4}}}, {{@arp={@remote, @remote, 0xff000000, 0x80800000, 0x6, 0x4, {@mac=@multicast, {[0x0, 0x0, 0x0, 0x0, 0xff, 0xff]}}, {@mac=@local, {[0x0, 0xff, 0x0, 0xff, 0x0, 0xff]}}, 0x6, 0x81, 0x1, 0x1, 0xd13, 0xe106, 'pimreg1\x00', 'veth1_virt_wifi\x00', {0xff}, {0xff}, 0x0, 0x119}, 0xbc, 0xe0}, @unspec=@NFQUEUE0={0x24, 'NFQUEUE\x00', 0x0, {0xfff9}}}], {{'\x00', 0xbc, 0xe0}, {0x24}}}}, 0x3f8)
write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c)
r4 = socket(0x21, 0x2, 0x10000000000002)
connect$rxrpc(r4, &(0x7f0000000140)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x8000, @multicast2}}, 0x24)
sendmmsg(r4, &(0x7f0000000180)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[{0x10, 0x110, 0x1}], 0x10, 0xe000}, 0x5}], 0x1, 0x0)
recvmmsg(r4, &(0x7f0000002940)=[{{0x0, 0x0, 0x0}}], 0xf000, 0x10002, 0x0)
r5 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2)
r6 = memfd_create(&(0x7f0000000540)='y\x105\xfb\xf7u\x83%\x1f\xe09@:r\xc2\xb9x0\x90P\x03\x00\x00\x00\x00\x00\x00\x00\xfe,\x1c\xf1\xdd\xcf]\xac\xbc\t\xbb\xfc\xa4j\x9f\xceX\x8f5=\xaa\xd5\xe9n\xab s\xa5\x00\x8d\tV\t\x91\x18\x06O\xb0=D\xda\xb6F\x1a\xc82\x8b\xc0l\xd0\x89d\xe6\xb7\xd8\x97\xb8\xde\xa3\x89\"%/u\x17\xdam\x8d\x01Lh\x1e^\x9ej\x1c\xc5\xf0\xf6\x92\x05\x9aH\x00\'\xd4\x94d[\v\xfc\xad\x0f\xa8\xc5\xad\x001\x8b%\xaa?\x00\x00\x00\x00\x00\x00\x00\nj\x8c\xef\x90\xc0Z\xfa\x1a\xb3\xf0wVq\xe9d\xf8N\x80\xd1g\xd8e\xc8\x16\xad1\x02\xab\xce3\xb2\xb0\xd1\x11\xf0\xc2Gj+kV', 0x3)
ftruncate(r6, 0xffff)
fcntl$addseals(r6, 0x409, 0x6)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000080)={{0x1, 0x1, 0x18, <r7=>r5, {<r8=>0xffffffffffffffff, 0xee01}}, './file0\x00'})
quotactl_fd$Q_QUOTAOFF(r6, 0xffffffff80000302, r8, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f00000000c0)={'batadv0\x00'})
r9 = ioctl$UDMABUF_CREATE(r5, 0x40187542, &(0x7f0000000000)={r6, 0x0, 0x0, 0x8000})
lseek(r9, 0x3, 0x0)

1.510913829s ago: executing program 0 (id=3634):
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000180)={0x0, 0x0, 0x0, 'queue0\x00', 0x80000000})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r0, 0x40605346, &(0x7f0000000100)={0x64})

1.503334209s ago: executing program 4 (id=3635):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000580), 0x202, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$packet(0x11, 0x2, 0x300)
write(r2, &(0x7f0000000500)="14df806c9ab8c15f433568097c1919976c64a129a2cf0e0b7437dc2224b0331ed79b939408ba59f10a764a6c001d3d12a755709b27da753d606cad9efd97c42e4930f97c3c580e539b0436f9d424c9d78db470e3bcf4b1956106f2b7145a863a42f610974a7e619575e655ab2260fd921b0a500419e3e8e87a5c3311c859bce984740b0281f5e166a2f3303e6a8077cf4b6ffe6f944f8c57eb008bfc2fd74a5bb5b751f53c26f381bee70e06e87da71bbae3c9adfc5b8d11fb48ffb5c45c80812b8f6e998612324b43c09e5f54e28e6c1eb3ece7b50406e791d89e5aded351ac019bace04986cdbf16b00e472af5ec2c44b58f6fa5ab023c8b6e3907047c0064b168b3b83b51f9e05b9cd717c9f688d8742029603ffef23e1d9107096551638a3edbbdd07a8a526756df76a57ff0fce20dc1604c93d5fba0ca151c1b0a15dc8db94e90ba504537b89b8b084b8e5e06ec18cdb6fded2af9f4e5d32349d286ea5597271806ebde0d1e542d41ee686410c912410e14ad2c5a1ff260d9c8cffe47814c095a3371a627d3276a818dfee3ba1b68ca74d19e6e629d28478ed3220c3b87a7c0ffc3da66ded17c252b43c8eddb709c6ca5ff10ca7bbb514838c1edaee12fc9d21bb3bc3d1466753f6f05d725eeab4b3e7d254bfa396891623db5943c4d69ef97d53539694d2754834d058e9bbaae704e740c93c4fc42b300301fab025797b2ffd65671af57d5f7956accedfae08e4908257c9abd570ab4f1da5ff1b51d8eb99ce53a7093d1841fffd88599fd8bc741f62a9dd9c7a2b779bdd114b07b21152cec92c2b99c8c8db561b136409f48b16ba287683b96dbd9bb6d9c9dc0f6811acb993950b6af8a3c294ddd9f62eb1e56ba3951bad6f9e982563150669e9c83e865a5d617cf071e64963cccd9e60c11eed7bda5810de6e48840d5097f24c211034c6147b029adc2fda25f4162f8ece4c83c17a3bbb78cfb40d86fdc3f9d4e281e66ac03ef7d715ff0a1a7f35b22eb40fc3a1ad73596a5258ec3a851385f940e73205640fe1a2d61db5cc1a1a7350b0b98d8ee076984c6c03928e0807dddd8f67065c244b1328746ba29c107199c531d127b7cadd3b2fec1531ef74a2e286d7c0c1eb8a1ab8ecc099aca53512e417f213c42a5839a3e767b635cbe5ab759eaaa8c62edd77323a786b9688804fc099da865cabb5c376dbcd817fbef69b5b24103f9191e5ac3b9357737759284659349cff53bf5f9794ea8eda8ce315743f0c6755c327809cc4528614061ccd6d0579a7f90a9c6f169eccaa8e87ab358d7efc29aca3d6777f5c7449f7f13482098de2bae29d1025e35db22a1a8d1c5a813e8e2427cef541d8f9ac5aa506e195d45a4ae183a5f75c1b11cd89152507a6fc35a696c8c06944d49dcbd794df945364f1b1ab0763d9427df6d7dcb8a23ea95c4b47192b259d7b2e1d062973c5e5323486ab84993dc0bc2547cad4297026283f5c77e83e7e5962f6a11c66536928dfd22541718c84a9bddeda6c7359afd0708e56b8ee811d418dbbc048c9ecfe6aac3e85314991bdad7f96b3820e939b998a7b0fe60355a65a112cee7c591d0ad66bb56b093cf4d023f9bf581103f2c2850f1761ab1d88992202f690d202c0da7a7b7f0417b8eb6535c15e293e8e0dbfe33e1874b78b0ab7d3b89ab0579575e4a2be999773773066cc4cfb38ca21e5aecafe5e18f5f457ac30b5214e5655fcbf6ae640bfe0638fdb5410ff38984480181be7ffbe228977edf358d90b83b3d288f1d5455cf6b58444aab165a30c045b92202c45b112d1efcd88544518c2f7a6de9644c8db0993acfcafc936a6ecca270ab3b93c19792d6b03fdffa40c5dc9de33ef6bea5e0077abd01bcccc50f375428dfe3c55cb7638a381e8b9af81b07a3915c9eaf3ef07726c1ffdb825f82c4c5c6af6727a1c04984fede1e892cf27eda13fac1b144041b73b0d71375c4cca819afc8f895e4c42d9fee05a3ea29c28aab097f797e32f63bed1a2e15bb6ee0888388cb015e10dbeb07f0a42ad0398919a14863022fea24f4de7b66d973f767de91534db4e19cda7a318d25c78789e804da93ed7115792b5e55806fbc85a1bcd20e2dfd4df155d273636b75be0d551cebc5aa", 0x5e8)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'vcan0\x00'})
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000010000000900010073797a30000000003c000000090a010400000000000000000100000008000a40000000000900020073797a32000000000900010073797a30000000000800054000000006540000000c0a01010000000000000000010000000900020073797a32000000002800038024000080090026400000000018000b80140001800a0001006c696d697400000004fe02800900010073797a30"], 0xd8}}, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080))
r7 = socket(0x2b, 0x80801, 0x1)
setsockopt$inet_tcp_int(r7, 0x6, 0x9, &(0x7f0000000080)=0xffffb77a, 0x4)
openat$dsp1(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r8 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)=ANY=[@ANYBLOB="500000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="7fff0000000000002800128009000100766c616e000000001800028006000100340200000c0002001f0000001e00000008000500", @ANYRES32=r6], 0x50}}, 0x0)
r9 = socket$nl_route(0x10, 0x3, 0x0)
r10 = socket(0x1, 0x803, 0x0)
getsockname$packet(r10, &(0x7f0000000100)={0x11, 0x0, <r11=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r9, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000001880)=ANY=[@ANYBLOB="500000001000210400000000fedbdf2500000000", @ANYRES32=0x0, @ANYBLOB="adffa888e16000002800128009000100766c616e00000000180002800c0002000e0000000a000000060001000004000008000500", @ANYRES32=r11], 0x50}}, 0x2)
syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'veth1_to_hsr\x00', <r12=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000004c00)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x74, r12}}, 0x24}, 0x1, 0xf0ffffffffffff}, 0x0)
r13 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r13, &(0x7f0000fe6000/0x18000)=nil, &(0x7f0000001200)=[@text64={0x40, &(0x7f0000000200)="f7790066baa00066b86b4266ef66ba420066b8e20066ef0f29902cbb0000c4e2b1ba8c88d9000000666666440f38826b410f7842280f07b8010000000f01d9c4033921820f47a753fd", 0x49}], 0x1, 0x48, 0x0, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r13, 0x4400ae8f, &(0x7f0000000140)=@arm64={0x80, 0x3, 0xef, '\x00', 0x3})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x4c2880, 0x0)
ioctl$KVM_RUN(r13, 0xae80, 0x0)

1.335249208s ago: executing program 0 (id=3636):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000580), 0x202, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$packet(0x11, 0x2, 0x300)
write(r2, &(0x7f0000000500)="14df806c9ab8c15f433568097c1919976c64a129a2cf0e0b7437dc2224b0331ed79b939408ba59f10a764a6c001d3d12a755709b27da753d606cad9efd97c42e4930f97c3c580e539b0436f9d424c9d78db470e3bcf4b1956106f2b7145a863a42f610974a7e619575e655ab2260fd921b0a500419e3e8e87a5c3311c859bce984740b0281f5e166a2f3303e6a8077cf4b6ffe6f944f8c57eb008bfc2fd74a5bb5b751f53c26f381bee70e06e87da71bbae3c9adfc5b8d11fb48ffb5c45c80812b8f6e998612324b43c09e5f54e28e6c1eb3ece7b50406e791d89e5aded351ac019bace04986cdbf16b00e472af5ec2c44b58f6fa5ab023c8b6e3907047c0064b168b3b83b51f9e05b9cd717c9f688d8742029603ffef23e1d9107096551638a3edbbdd07a8a526756df76a57ff0fce20dc1604c93d5fba0ca151c1b0a15dc8db94e90ba504537b89b8b084b8e5e06ec18cdb6fded2af9f4e5d32349d286ea5597271806ebde0d1e542d41ee686410c912410e14ad2c5a1ff260d9c8cffe47814c095a3371a627d3276a818dfee3ba1b68ca74d19e6e629d28478ed3220c3b87a7c0ffc3da66ded17c252b43c8eddb709c6ca5ff10ca7bbb514838c1edaee12fc9d21bb3bc3d1466753f6f05d725eeab4b3e7d254bfa396891623db5943c4d69ef97d53539694d2754834d058e9bbaae704e740c93c4fc42b300301fab025797b2ffd65671af57d5f7956accedfae08e4908257c9abd570ab4f1da5ff1b51d8eb99ce53a7093d1841fffd88599fd8bc741f62a9dd9c7a2b779bdd114b07b21152cec92c2b99c8c8db561b136409f48b16ba287683b96dbd9bb6d9c9dc0f6811acb993950b6af8a3c294ddd9f62eb1e56ba3951bad6f9e982563150669e9c83e865a5d617cf071e64963cccd9e60c11eed7bda5810de6e48840d5097f24c211034c6147b029adc2fda25f4162f8ece4c83c17a3bbb78cfb40d86fdc3f9d4e281e66ac03ef7d715ff0a1a7f35b22eb40fc3a1ad73596a5258ec3a851385f940e73205640fe1a2d61db5cc1a1a7350b0b98d8ee076984c6c03928e0807dddd8f67065c244b1328746ba29c107199c531d127b7cadd3b2fec1531ef74a2e286d7c0c1eb8a1ab8ecc099aca53512e417f213c42a5839a3e767b635cbe5ab759eaaa8c62edd77323a786b9688804fc099da865cabb5c376dbcd817fbef69b5b24103f9191e5ac3b9357737759284659349cff53bf5f9794ea8eda8ce315743f0c6755c327809cc4528614061ccd6d0579a7f90a9c6f169eccaa8e87ab358d7efc29aca3d6777f5c7449f7f13482098de2bae29d1025e35db22a1a8d1c5a813e8e2427cef541d8f9ac5aa506e195d45a4ae183a5f75c1b11cd89152507a6fc35a696c8c06944d49dcbd794df945364f1b1ab0763d9427df6d7dcb8a23ea95c4b47192b259d7b2e1d062973c5e5323486ab84993dc0bc2547cad4297026283f5c77e83e7e5962f6a11c66536928dfd22541718c84a9bddeda6c7359afd0708e56b8ee811d418dbbc048c9ecfe6aac3e85314991bdad7f96b3820e939b998a7b0fe60355a65a112cee7c591d0ad66bb56b093cf4d023f9bf581103f2c2850f1761ab1d88992202f690d202c0da7a7b7f0417b8eb6535c15e293e8e0dbfe33e1874b78b0ab7d3b89ab0579575e4a2be999773773066cc4cfb38ca21e5aecafe5e18f5f457ac30b5214e5655fcbf6ae640bfe0638fdb5410ff38984480181be7ffbe228977edf358d90b83b3d288f1d5455cf6b58444aab165a30c045b92202c45b112d1efcd88544518c2f7a6de9644c8db0993acfcafc936a6ecca270ab3b93c19792d6b03fdffa40c5dc9de33ef6bea5e0077abd01bcccc50f375428dfe3c55cb7638a381e8b9af81b07a3915c9eaf3ef07726c1ffdb825f82c4c5c6af6727a1c04984fede1e892cf27eda13fac1b144041b73b0d71375c4cca819afc8f895e4c42d9fee05a3ea29c28aab097f797e32f63bed1a2e15bb6ee0888388cb015e10dbeb07f0a42ad0398919a14863022fea24f4de7b66d973f767de91534db4e19cda7a318d25c78789e804da93ed7115792b5e55806fbc85a1bcd20e2dfd4df155d273636b75be0d551cebc5aa", 0x5e8)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'vcan0\x00'})
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000010000000900010073797a30000000003c000000090a010400000000000000000100000008000a40000000000900020073797a32000000000900010073797a30000000000800054000000006540000000c0a01010000000000000000010000000900020073797a32000000002800038024000080090026400000000018000b80140001800a0001006c696d697400000004fe02800900010073797a30"], 0xd8}}, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080))
r7 = socket(0x2b, 0x80801, 0x1)
setsockopt$inet_tcp_int(r7, 0x6, 0x9, &(0x7f0000000080)=0xffffb77a, 0x4)
openat$dsp1(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r8 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)=ANY=[@ANYBLOB="500000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="7fff0000000000002800128009000100766c616e000000001800028006000100340200000c0002001f0000001e00000008000500", @ANYRES32=r6], 0x50}}, 0x0)
r9 = socket$nl_route(0x10, 0x3, 0x0)
r10 = socket(0x1, 0x803, 0x0)
getsockname$packet(r10, &(0x7f0000000100)={0x11, 0x0, <r11=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r9, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000001880)=ANY=[@ANYBLOB="500000001000210400000000fedbdf2500000000", @ANYRES32=0x0, @ANYBLOB="adffa888e16000002800128009000100766c616e00000000180002800c0002000e0000000a000000060001000004000008000500", @ANYRES32=r11], 0x50}}, 0x2)
syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'veth1_to_hsr\x00', <r12=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000004c00)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x74, r12}}, 0x24}, 0x1, 0xf0ffffffffffff}, 0x0)
r13 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r13, &(0x7f0000fe6000/0x18000)=nil, &(0x7f0000001200)=[@text64={0x40, &(0x7f0000000200)="f7790066baa00066b86b4266ef66ba420066b8e20066ef0f29902cbb0000c4e2b1ba8c88d9000000666666440f38826b410f7842280f07b8010000000f01d9c4033921820f47a753fd", 0x49}], 0x1, 0x48, 0x0, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r13, 0x4400ae8f, &(0x7f0000000140)=@arm64={0x80, 0x3, 0xef, '\x00', 0x3})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x4c2880, 0x0)
ioctl$KVM_RUN(r13, 0xae80, 0x0)

323.321697ms ago: executing program 1 (id=3637):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$sock_SIOCETHTOOL(r0, 0x89f1, &(0x7f0000000340)={'sit0\x00', &(0x7f00000001c0)=@ethtool_pauseparam={0x13, 0x2, 0x5, 0x3}})

220.354326ms ago: executing program 4 (id=3638):
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
ioctl$sock_ifreq(r0, 0x8949, &(0x7f0000000000)={'xfrm0\x00', @ifru_ivalue=0x4})
ioctl$sock_netdev_private(r0, 0x89f4, &(0x7f0000000000))
r1 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000180), 0x20802, 0x0)
writev(r1, &(0x7f0000000040)=[{&(0x7f0000000000)="cfe9ef6d6ee1d433ba73a5ddf753c74ac91bc34a934afacb0751028db60a", 0x1e}], 0x1)
openat$kvm(0xffffffffffffff9c, 0x0, 0x202, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
r3 = syz_open_dev$admmidi(&(0x7f0000000140), 0x20, 0x0)
socket$qrtr(0x2a, 0x2, 0x0)
io_setup(0x6, 0x0)
read$midi(r3, &(0x7f0000001e40)=""/4096, 0x1000)
ioctl$SNDRV_RAWMIDI_IOCTL_PARAMS(r3, 0xc0305710, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x80383, 0x0)
read$midi(r3, 0x0, 0x20)
openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0), 0x84000, 0x0)
ioctl$sock_SIOCETHTOOL(r2, 0x8946, &(0x7f0000000000)={'wlan1\x00', &(0x7f0000000f40)=@ethtool_stats})

219.932305ms ago: executing program 1 (id=3639):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x3, 0xc, &(0x7f0000000500)=ANY=[@ANYBLOB="180000000000000000000000ffffffff8500000097000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000009b00000095000000000000005fa295b00b74e2f9ad94adc1a5b7b796c9199e7163ebc385c222fd97847530cc26758f996c2c011fc5c25ba4c81b2cbab351f18450134e7d85d9a0e4490d4697528d403a13ec"], &(0x7f0000000200)='GPL\x00', 0x4, 0x0, 0x0, 0x40f00, 0x8, '\x00', 0x0, @fallback=0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r0, 0x0, 0x10, 0x10, &(0x7f00000002c0)='\x00\x00\x00\x00\x00\x00\x00\x00', &(0x7f0000000300)=""/8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)
mkdir(&(0x7f0000000400)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='devtmpfs\x00', 0x0, 0x0)
mount$tmpfs(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x20, &(0x7f0000000380)={[{@inode32}]})
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0xfffffffffffffd72)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0)
r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r3, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r3, &(0x7f0000002140)={0x2020, 0x0, <r4=>0x0}, 0x2020)
write$FUSE_INIT(r3, &(0x7f0000000440)={0x50, 0x0, r4, {0x7, 0x29, 0x0, 0x14c0348, 0x0, 0x1, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x7fffffff}}, 0x50)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000a80)='./file0/file0\x00', 0x0, 0x1)
ioctl$TIOCGPTPEER(r5, 0x40480923, 0x8)
bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x41000, 0x40, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94)
ioctl$vim2m_VIDIOC_ENUM_FMT(0xffffffffffffffff, 0xc0405602, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
getpid()
pselect6(0x40, &(0x7f0000000280)={0x5, 0x0, 0x120000000000, 0x2, 0x500, 0x0, 0x1000001000, 0x49}, 0x0, &(0x7f0000000180)={0x3fe, 0x7, 0x0, 0x9, 0x86, 0x800, 0x80000002}, 0x0, 0x0)
close_range(r1, 0xffffffffffffffff, 0x0)
io_uring_register$IORING_UNREGISTER_RING_FDS(0xffffffffffffffff, 0x15, 0x0, 0x0)

0s ago: executing program 0 (id=3640):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000000100)=0x5e1, 0x4)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000000100)=0x5e1, 0x4)
bind$inet6(r1, &(0x7f0000000500)={0xa, 0x5e20, 0xffffffff, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x1f}}, 0x4}, 0x1c)
bind$inet6(r0, &(0x7f0000000500)={0xa, 0x5e20, 0xffffffff, @empty, 0x4}, 0x1c)
socket$inet_udp(0x2, 0x2, 0x0)
r2 = openat$procfs(0xffffffffffffff9c, &(0x7f00000004c0)='/proc/asound/seq/clients\x00', 0x0, 0x0)
lseek(r2, 0x9, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0x3, &(0x7f0000000140)=ANY=[@ANYBLOB="180000000005000000000000000001009500000000000000d8f0bf94b58aaa650ccb76c29ecd28afabef275af1a36d9b794cd4d401241af65cca1fa5451ed36f9d21ddb4210b0b42e6324d754bc05fbd38e5b682dd2283c53ed10675b12f551bdf25c3759d73670ca46d67ff5406d9258e6af9ff4864b8a2f5a40bb1f92e92"], &(0x7f00000001c0)='syzkaller\x00'}, 0x80)
r5 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000080)={'wg2\x00', <r6=>0x0})
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r7}, 0x10)
r8 = bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000000c0)={r4, r6, 0x25, 0x0, @void}, 0x25)
sendmsg$nl_route_sched(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000004c00)=@newtfilter={0x24, 0x11, 0xd27, 0x1000000, 0x0, {0x0, 0x0, 0x74, r6}}, 0x24}, 0x1, 0xf0ffffffffffff}, 0x0)
close(r8)
socket$netlink(0x10, 0x3, 0x0)
r9 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r9, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r10 = dup(0xffffffffffffffff)
creat(&(0x7f00000001c0)='./file0\x00', 0x8)
mount$9p_virtio(&(0x7f00000000c0), &(0x7f00000001c0)='./file0\x00', &(0x7f0000000200), 0x2, &(0x7f0000002580)={'trans=virtio,', {[{@version_9p2000}]}})
write$6lowpan_enable(r10, &(0x7f0000000000)='0', 0xfffffd2c)
r11 = syz_io_uring_setup(0x239, &(0x7f0000000380)={0x0, 0x1ffffe, 0x10100, 0x0, 0x0, 0x0, r10}, &(0x7f0000000080), &(0x7f00000001c0))
io_uring_enter(r11, 0x385a, 0xce8f, 0x2, 0x0, 0xfffffffffffffc95)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)

kernel console output (not intermixed with test programs):

 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  697.441554][T17853] RSP: 002b:00000000f5116590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  697.441571][T17853] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000f5116620
[  697.441583][T17853] RDX: 000000000000000f RSI: 00000000f7484ff4 RDI: 0000000000000000
[  697.441594][T17853] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  697.441604][T17853] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  697.441614][T17853] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  697.441638][T17853]  </TASK>
[  697.473411][   T70] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  697.671064][   T70] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  697.683611][   T70] usb 6-1: config 0 descriptor??
[  698.128020][T17820] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  698.203296][T17820] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  698.471868][   T70] usb 6-1: string descriptor 0 read error: -71
[  698.481491][   T70] usbhid 6-1:0.0: couldn't find an input interrupt endpoint
[  698.487567][   T70] usb 6-1: USB disconnect, device number 33
[  698.643912][   T46] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  698.678711][T17866] xt_CT: You must specify a L4 protocol and not use inversions on it
[  699.084018][T17871] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3285'.
[  699.143058][T17877] input: syz0 as /devices/virtual/input/input15
[  699.680126][T17886] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3289'.
[  699.941902][T17890] FAULT_INJECTION: forcing a failure.
[  699.941902][T17890] name failslab, interval 1, probability 0, space 0, times 0
[  699.947649][T17890] CPU: 3 UID: 0 PID: 17890 Comm: syz.3.3291 Not tainted 6.16.0-rc6-syzkaller-00121-g6832a9317eee #0 PREEMPT(full) 
[  699.947683][T17890] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  699.947694][T17890] Call Trace:
[  699.947702][T17890]  <TASK>
[  699.947711][T17890]  dump_stack_lvl+0x16c/0x1f0
[  699.947741][T17890]  should_fail_ex+0x512/0x640
[  699.947766][T17890]  ? fs_reclaim_acquire+0xae/0x150
[  699.947806][T17890]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[  699.947830][T17890]  should_failslab+0xc2/0x120
[  699.947847][T17890]  __kmalloc_noprof+0xd2/0x510
[  699.947878][T17890]  tomoyo_realpath_from_path+0xc2/0x6e0
[  699.947909][T17890]  tomoyo_check_open_permission+0x2ab/0x3c0
[  699.947932][T17890]  ? __pfx_tomoyo_check_open_permission+0x10/0x10
[  699.947978][T17890]  ? do_raw_spin_lock+0x12c/0x2b0
[  699.948014][T17890]  tomoyo_file_open+0x6b/0x90
[  699.948042][T17890]  security_file_open+0x84/0x1e0
[  699.948065][T17890]  do_dentry_open+0x596/0x1c10
[  699.948099][T17890]  vfs_open+0x82/0x3f0
[  699.948122][T17890]  path_openat+0x1de4/0x2cb0
[  699.948155][T17890]  ? __pfx_path_openat+0x10/0x10
[  699.948188][T17890]  do_filp_open+0x20b/0x470
[  699.948213][T17890]  ? __pfx_do_filp_open+0x10/0x10
[  699.948257][T17890]  ? _raw_spin_unlock+0x28/0x50
[  699.948280][T17890]  ? alloc_fd+0x471/0x7d0
[  699.948311][T17890]  do_sys_openat2+0x11b/0x1d0
[  699.948330][T17890]  ? __pfx_do_sys_openat2+0x10/0x10
[  699.948352][T17890]  ? __fget_files+0x20e/0x3c0
[  699.948373][T17890]  ? handle_mm_fault+0x240/0xd10
[  699.948400][T17890]  __ia32_compat_sys_openat+0x16d/0x210
[  699.948422][T17890]  ? __pfx___ia32_compat_sys_openat+0x10/0x10
[  699.948443][T17890]  ? ksys_write+0x1ac/0x250
[  699.948470][T17890]  ? rcu_is_watching+0x12/0xc0
[  699.948493][T17890]  __do_fast_syscall_32+0x7c/0x3a0
[  699.948522][T17890]  do_fast_syscall_32+0x32/0x80
[  699.948548][T17890]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  699.948570][T17890] RIP: 0023:0xf7ff7579
[  699.948585][T17890] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  699.948602][T17890] RSP: 002b:00000000f5116100 EFLAGS: 00000293 ORIG_RAX: 0000000000000127
[  699.948619][T17890] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 00000000f5116150
[  699.948631][T17890] RDX: 0000000000122c42 RSI: 0000000000000000 RDI: 00000000f7484ff4
[  699.948641][T17890] RBP: 0000000000122c42 R08: 0000000000000000 R09: 0000000000000000
[  699.948652][T17890] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  699.948670][T17890] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  699.948694][T17890]  </TASK>
[  699.948972][T17890] ERROR: Out of memory at tomoyo_realpath_from_path.
[  700.163007][T17818] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  700.567730][T14020] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  700.860747][T17900] FAULT_INJECTION: forcing a failure.
[  700.860747][T17900] name failslab, interval 1, probability 0, space 0, times 0
[  700.890688][T17900] CPU: 3 UID: 0 PID: 17900 Comm: syz.4.3296 Not tainted 6.16.0-rc6-syzkaller-00121-g6832a9317eee #0 PREEMPT(full) 
[  700.890736][T17900] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  700.890749][T17900] Call Trace:
[  700.891206][T17900]  <TASK>
[  700.891216][T17900]  dump_stack_lvl+0x16c/0x1f0
[  700.891248][T17900]  should_fail_ex+0x512/0x640
[  700.891273][T17900]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[  700.891303][T17900]  should_failslab+0xc2/0x120
[  700.891322][T17900]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  700.891348][T17900]  ? getname_kernel+0x52/0x370
[  700.891372][T17900]  getname_kernel+0x52/0x370
[  700.891397][T17900]  kern_path+0x1d/0x50
[  700.891421][T17900]  unix_find_other+0x3d5/0xb50
[  700.891449][T17900]  ? __pfx_unix_find_other+0x10/0x10
[  700.891483][T17900]  unix_dgram_sendmsg+0x67b/0x1840
[  700.891512][T17900]  ? aa_sk_perm+0x2f4/0xb10
[  700.891534][T17900]  ? __pfx_unix_dgram_sendmsg+0x10/0x10
[  700.891559][T17900]  ? __pfx_aa_sk_perm+0x10/0x10
[  700.891581][T17900]  ? __import_iovec+0x1dd/0x650
[  700.891605][T17900]  ____sys_sendmsg+0xa95/0xc70
[  700.891629][T17900]  ? __pfx_____sys_sendmsg+0x10/0x10
[  700.891647][T17900]  ? get_compat_msghdr+0x11a/0x170
[  700.891678][T17900]  ? __pfx__kstrtoull+0x10/0x10
[  700.891704][T17900]  ___sys_sendmsg+0x134/0x1d0
[  700.891732][T17900]  ? __pfx____sys_sendmsg+0x10/0x10
[  700.891755][T17900]  ? __lock_acquire+0x622/0x1c90
[  700.891804][T17900]  ? __pfx___might_resched+0x10/0x10
[  700.891830][T17900]  __sys_sendmmsg+0x2f9/0x420
[  700.891859][T17900]  ? __pfx___sys_sendmmsg+0x10/0x10
[  700.891893][T17900]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  700.891931][T17900]  ? fput+0x70/0xf0
[  700.891949][T17900]  ? ksys_write+0x1ac/0x250
[  700.891973][T17900]  ? __pfx_ksys_write+0x10/0x10
[  700.892002][T17900]  __ia32_compat_sys_sendmmsg+0x9d/0x100
[  700.892030][T17900]  ? syscall_enter_from_user_mode_prepare+0x68/0xe0
[  700.892057][T17900]  __do_fast_syscall_32+0x7c/0x3a0
[  700.892086][T17900]  do_fast_syscall_32+0x32/0x80
[  700.892113][T17900]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  700.892136][T17900] RIP: 0023:0xf7ff6579
[  700.892151][T17900] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  700.892168][T17900] RSP: 002b:00000000f511655c EFLAGS: 00000296 ORIG_RAX: 0000000000000159
[  700.892185][T17900] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000800001c0
[  700.892197][T17900] RDX: 0000000000000002 RSI: 0000000000000000 RDI: 0000000000000000
[  700.892207][T17900] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  700.892218][T17900] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  700.892228][T17900] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  700.892252][T17900]  </TASK>
[  701.014333][T17907] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  701.221188][   T53] usb 6-1: new high-speed USB device number 34 using dummy_hcd
[  701.377550][   T53] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  701.386824][   T53] usb 6-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 21
[  701.395160][   T53] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  701.401452][   T53] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  701.406897][   T53] usb 6-1: config 0 descriptor??
[  701.451703][ T1116] sr 2:0:0:0: [sr0] tag#27 FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_OK cmd_age=0s
[  701.455527][ T1116] sr 2:0:0:0: [sr0] tag#27 Sense Key : Illegal Request [current] 
[  701.459707][ T1116] sr 2:0:0:0: [sr0] tag#27 Add. Sense: Invalid command operation code
[  701.466077][ T1116] sr 2:0:0:0: [sr0] tag#27 CDB: Write(10) 2a 00 00 00 00 00 00 00 04 00
[  701.472189][ T1116] critical target error, dev sr0, sector 0 op 0x1:(WRITE) flags 0x800 phys_seg 2 prio class 0
[  701.494828][ T1116] buffer_io_error: 9 callbacks suppressed
[  701.494842][ T1116] Buffer I/O error on dev sr0, logical block 0, lost async page write
[  701.505914][ T1116] Buffer I/O error on dev sr0, logical block 1, lost async page write
[  701.820803][T17898] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  701.835276][T17898] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  701.999630][   T53] usb 6-1: string descriptor 0 read error: -71
[  702.007908][   T53] usbhid 6-1:0.0: couldn't find an input interrupt endpoint
[  702.048309][   T53] usb 6-1: USB disconnect, device number 34
[  702.113401][T17917] xt_CT: You must specify a L4 protocol and not use inversions on it
[  702.483587][   T46] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  702.635799][T17926] FAULT_INJECTION: forcing a failure.
[  702.635799][T17926] name failslab, interval 1, probability 0, space 0, times 0
[  702.642209][T17926] CPU: 1 UID: 0 PID: 17926 Comm: syz.0.3299 Not tainted 6.16.0-rc6-syzkaller-00121-g6832a9317eee #0 PREEMPT(full) 
[  702.642256][T17926] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  702.642268][T17926] Call Trace:
[  702.642276][T17926]  <TASK>
[  702.642283][T17926]  dump_stack_lvl+0x16c/0x1f0
[  702.642315][T17926]  should_fail_ex+0x512/0x640
[  702.642339][T17926]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[  702.642367][T17926]  should_failslab+0xc2/0x120
[  702.642385][T17926]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  702.642410][T17926]  ? mas_alloc_nodes+0x18b/0x8b0
[  702.642437][T17926]  mas_alloc_nodes+0x18b/0x8b0
[  702.642464][T17926]  mas_node_count_gfp+0x105/0x130
[  702.642489][T17926]  mas_preallocate+0x7e0/0xde0
[  702.642511][T17926]  ? __pfx_mas_preallocate+0x10/0x10
[  702.642537][T17926]  ? anon_vma_name+0x75/0x100
[  702.642559][T17926]  __split_vma+0x34a/0x1070
[  702.642588][T17926]  ? __pfx___split_vma+0x10/0x10
[  702.642609][T17926]  ? mas_next_slot+0x12d3/0x21b0
[  702.642654][T17926]  vms_gather_munmap_vmas+0x392/0x1310
[  702.642681][T17926]  ? __pfx_vms_gather_munmap_vmas+0x10/0x10
[  702.642705][T17926]  ? mas_walk+0x6a6/0x910
[  702.642734][T17926]  __mmap_region+0x3c7/0x25e0
[  702.642759][T17926]  ? __pfx___mmap_region+0x10/0x10
[  702.642781][T17926]  ? find_held_lock+0x2b/0x80
[  702.642803][T17926]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  702.642824][T17926]  ? is_bpf_text_address+0x94/0x1a0
[  702.642849][T17926]  ? kernel_text_address+0x8d/0x100
[  702.642864][T17926]  ? __kernel_text_address+0xd/0x40
[  702.642880][T17926]  ? unwind_get_return_address+0x59/0xa0
[  702.642907][T17926]  ? arch_stack_walk+0xa6/0x100
[  702.642928][T17926]  ? __lock_acquire+0x622/0x1c90
[  702.642956][T17926]  ? _parse_integer_limit+0x17f/0x1d0
[  702.643012][T17926]  ? __lock_acquire+0xb8a/0x1c90
[  702.643041][T17926]  mmap_region+0x1ab/0x3f0
[  702.643066][T17926]  ? __get_unmapped_area+0x267/0x440
[  702.643090][T17926]  do_mmap+0xa3e/0x1210
[  702.643113][T17926]  ? __pfx_do_mmap+0x10/0x10
[  702.643134][T17926]  ? __pfx_down_write_killable+0x10/0x10
[  702.643157][T17926]  vm_mmap_pgoff+0x281/0x450
[  702.643181][T17926]  ? __pfx_vm_mmap_pgoff+0x10/0x10
[  702.643204][T17926]  ? __fget_files+0x20e/0x3c0
[  702.643233][T17926]  ksys_mmap_pgoff+0x32c/0x5c0
[  702.643252][T17926]  ? __ia32_sys_mmap_pgoff+0x11/0x1b0
[  702.643274][T17926]  __do_fast_syscall_32+0x7c/0x3a0
[  702.643303][T17926]  do_fast_syscall_32+0x32/0x80
[  702.643329][T17926]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  702.643351][T17926] RIP: 0023:0xf708e579
[  702.643368][T17926] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  702.643384][T17926] RSP: 002b:00000000f503c55c EFLAGS: 00000296 ORIG_RAX: 00000000000000c0
[  702.643401][T17926] RAX: ffffffffffffffda RBX: 0000000080ffc000 RCX: 0000000000001000
[  702.643413][T17926] RDX: 0000000000000000 RSI: 0000000000000012 RDI: 000000000000000b
[  702.643424][T17926] RBP: 0000000000100000 R08: 0000000000000000 R09: 0000000000000000
[  702.643435][T17926] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  702.643445][T17926] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  702.643469][T17926]  </TASK>
[  702.876636][T17930] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3302'.
[  702.981685][T17934] netlink: 'syz.3.3304': attribute type 1 has an invalid length.
[  702.987500][T17934] netlink: 224 bytes leftover after parsing attributes in process `syz.3.3304'.
[  703.100257][    C1] vkms_vblank_simulate: vblank timer overrun
[  703.142419][    C1] vkms_vblank_simulate: vblank timer overrun
[  703.149538][T17941] PKCS7: Unknown OID: [5] 0.0.0.0.64.7.0.0.0.0.0.8197.0
[  703.169232][T17941] PKCS7: Only support pkcs7_signedData type
[  703.204187][T17944] netlink: 'syz.3.3306': attribute type 1 has an invalid length.
[  703.227861][T17818] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  703.243982][T17944] netlink: 224 bytes leftover after parsing attributes in process `syz.3.3306'.
[  703.528476][T17956] netlink: 'syz.1.3308': attribute type 1 has an invalid length.
[  703.537609][T17956] netlink: 224 bytes leftover after parsing attributes in process `syz.1.3308'.
[  703.589327][    C1] vkms_vblank_simulate: vblank timer overrun
[  703.771341][T17031] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  703.772694][    C1] vkms_vblank_simulate: vblank timer overrun
[  704.247755][T17964] xt_CT: You must specify a L4 protocol and not use inversions on it
[  704.546578][T17976] siw: device registration error -23
[  704.676358][T17981] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3315'.
[  704.683160][T17981] FAULT_INJECTION: forcing a failure.
[  704.683160][T17981] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  704.703180][T17981] CPU: 3 UID: 0 PID: 17981 Comm: syz.0.3315 Not tainted 6.16.0-rc6-syzkaller-00121-g6832a9317eee #0 PREEMPT(full) 
[  704.703205][T17981] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  704.703215][T17981] Call Trace:
[  704.703221][T17981]  <TASK>
[  704.703228][T17981]  dump_stack_lvl+0x16c/0x1f0
[  704.703257][T17981]  should_fail_ex+0x512/0x640
[  704.703285][T17981]  _copy_to_user+0x32/0xd0
[  704.703311][T17981]  simple_read_from_buffer+0xcb/0x170
[  704.703334][T17981]  proc_fail_nth_read+0x197/0x270
[  704.703354][T17981]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  704.703383][T17981]  ? rw_verify_area+0xcf/0x680
[  704.703404][T17981]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  704.703423][T17981]  vfs_read+0x1e1/0xc60
[  704.703446][T17981]  ? fdget_pos+0x2a2/0x370
[  704.703471][T17981]  ? __pfx_vfs_read+0x10/0x10
[  704.703492][T17981]  ? find_held_lock+0x2b/0x80
[  704.703516][T17981]  ? __fget_files+0x20e/0x3c0
[  704.703544][T17981]  ksys_read+0x12a/0x250
[  704.703567][T17981]  ? __pfx_ksys_read+0x10/0x10
[  704.703590][T17981]  ? rcu_is_watching+0x12/0xc0
[  704.703611][T17981]  __do_fast_syscall_32+0x7c/0x3a0
[  704.703638][T17981]  do_fast_syscall_32+0x32/0x80
[  704.703663][T17981]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  704.703683][T17981] RIP: 0023:0xf708e579
[  704.703697][T17981] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  704.703712][T17981] RSP: 002b:00000000f507e590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  704.703728][T17981] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f507e620
[  704.703742][T17981] RDX: 000000000000000f RSI: 00000000f73f4ff4 RDI: 0000000000000000
[  704.703753][T17981] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  704.703762][T17981] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  704.703772][T17981] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  704.703795][T17981]  </TASK>
[  704.711170][T17973] siw: device registration error -23
[  705.248023][T17990] FAULT_INJECTION: forcing a failure.
[  705.248023][T17990] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  705.287603][    C1] vkms_vblank_simulate: vblank timer overrun
[  705.297317][T17990] CPU: 1 UID: 0 PID: 17990 Comm: syz.3.3317 Not tainted 6.16.0-rc6-syzkaller-00121-g6832a9317eee #0 PREEMPT(full) 
[  705.297432][T17990] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  705.297443][T17990] Call Trace:
[  705.297496][T17990]  <TASK>
[  705.298296][T17990]  dump_stack_lvl+0x16c/0x1f0
[  705.298421][T17990]  should_fail_ex+0x512/0x640
[  705.298533][T17990]  should_fail_alloc_page+0xe7/0x130
[  705.298599][T17990]  prepare_alloc_pages+0x3c2/0x610
[  705.298660][T17990]  ? rcu_is_watching+0x12/0xc0
[  705.298839][T17990]  __alloc_frozen_pages_noprof+0x18b/0x23f0
[  705.298953][T17990]  ? rcu_is_watching+0x12/0xc0
[  705.299014][T17990]  ? trace_mm_page_alloc+0x11f/0x1a0
[  705.299080][T17990]  ? __alloc_frozen_pages_noprof+0x294/0x23f0
[  705.299330][T17990]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  705.299365][T17990]  ? is_bpf_text_address+0x8a/0x1a0
[  705.299389][T17990]  ? bpf_ksym_find+0x124/0x1c0
[  705.299409][T17990]  ? is_bpf_text_address+0x94/0x1a0
[  705.299433][T17990]  ? __kernel_text_address+0xd/0x40
[  705.299449][T17990]  ? unwind_get_return_address+0x59/0xa0
[  705.299484][T17990]  alloc_pages_bulk_noprof+0x71c/0x1410
[  705.299509][T17990]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  705.299536][T17990]  ? policy_nodemask+0xea/0x4e0
[  705.299556][T17990]  ? __pfx_alloc_pages_bulk_noprof+0x10/0x10
[  705.299582][T17990]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  705.299609][T17990]  kasan_populate_vmalloc+0xf1/0x1f0
[  705.299638][T17990]  alloc_vmap_area+0x959/0x29c0
[  705.299668][T17990]  ? __pfx_alloc_vmap_area+0x10/0x10
[  705.299692][T17990]  __get_vm_area_node+0x1ca/0x330
[  705.299715][T17990]  __vmalloc_node_range_noprof+0x271/0x14b0
[  705.299736][T17990]  ? bpf_prog_alloc_no_stats+0x54/0x630
[  705.299756][T17990]  ? __lock_acquire+0xb8a/0x1c90
[  705.299785][T17990]  ? bpf_prog_alloc_no_stats+0x54/0x630
[  705.299813][T17990]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  705.299836][T17990]  ? aa_get_newest_label+0x375/0x680
[  705.299856][T17990]  ? __pfx_aa_get_newest_label+0x10/0x10
[  705.299876][T17990]  ? bpf_prog_alloc_no_stats+0x54/0x630
[  705.299898][T17990]  __vmalloc_node_noprof+0xad/0xf0
[  705.299919][T17990]  ? bpf_prog_alloc_no_stats+0x54/0x630
[  705.299943][T17990]  bpf_prog_alloc_no_stats+0x54/0x630
[  705.299963][T17990]  ? security_capable+0x7e/0x260
[  705.299983][T17990]  bpf_prog_alloc+0x3b/0x230
[  705.300002][T17990]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  705.300028][T17990]  bpf_prog_load+0x1a04/0x2490
[  705.300060][T17990]  ? __pfx_bpf_prog_load+0x10/0x10
[  705.300109][T17990]  __sys_bpf+0x433c/0x4d80
[  705.300130][T17990]  ? __pfx___sys_bpf+0x10/0x10
[  705.300146][T17990]  ? ksys_write+0x190/0x250
[  705.300173][T17990]  ? __mutex_unlock_slowpath+0x161/0x6a0
[  705.300208][T17990]  ? fput+0x70/0xf0
[  705.300223][T17990]  ? ksys_write+0x1ac/0x250
[  705.300246][T17990]  ? __pfx_ksys_write+0x10/0x10
[  705.300455][T17990]  __ia32_sys_bpf+0x76/0xe0
[  705.300475][T17990]  __do_fast_syscall_32+0x7c/0x3a0
[  705.300502][T17990]  do_fast_syscall_32+0x32/0x80
[  705.300673][T17990]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  705.300694][T17990] RIP: 0023:0xf7ff7579
[  705.300708][T17990] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  705.300724][T17990] RSP: 002b:00000000f50d455c EFLAGS: 00000296 ORIG_RAX: 0000000000000165
[  705.300742][T17990] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000800002c0
[  705.300753][T17990] RDX: 0000000000000090 RSI: 0000000000000000 RDI: 0000000000000000
[  705.300763][T17990] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  705.300773][T17990] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  705.300783][T17990] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  705.300804][T17990]  </TASK>
[  705.582587][    C1] vkms_vblank_simulate: vblank timer overrun
[  705.590253][T17990] syz.3.3317: vmalloc error: size 4096, vm_struct allocation failed, mode:0x500dc0(GFP_USER|__GFP_ZERO|__GFP_ACCOUNT), nodemask=(null),cpuset=/,mems_allowed=0-1
[  705.604908][T17990] CPU: 1 UID: 0 PID: 17990 Comm: syz.3.3317 Not tainted 6.16.0-rc6-syzkaller-00121-g6832a9317eee #0 PREEMPT(full) 
[  705.604931][T17990] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  705.604943][T17990] Call Trace:
[  705.604949][T17990]  <TASK>
[  705.604956][T17990]  dump_stack_lvl+0x16c/0x1f0
[  705.604986][T17990]  warn_alloc+0x248/0x3a0
[  705.605014][T17990]  ? __pfx_warn_alloc+0x10/0x10
[  705.605039][T17990]  ? kfree+0x2b4/0x4d0
[  705.605064][T17990]  ? __get_vm_area_node+0x208/0x330
[  705.605089][T17990]  __vmalloc_node_range_noprof+0xb2d/0x14b0
[  705.605109][T17990]  ? __lock_acquire+0xb8a/0x1c90
[  705.605139][T17990]  ? bpf_prog_alloc_no_stats+0x54/0x630
[  705.605192][T17990]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  705.605212][T17990]  ? aa_get_newest_label+0x375/0x680
[  705.605229][T17990]  ? __pfx_aa_get_newest_label+0x10/0x10
[  705.605248][T17990]  ? bpf_prog_alloc_no_stats+0x54/0x630
[  705.605267][T17990]  __vmalloc_node_noprof+0xad/0xf0
[  705.605286][T17990]  ? bpf_prog_alloc_no_stats+0x54/0x630
[  705.605308][T17990]  bpf_prog_alloc_no_stats+0x54/0x630
[  705.605328][T17990]  ? security_capable+0x7e/0x260
[  705.605345][T17990]  bpf_prog_alloc+0x3b/0x230
[  705.605371][T17990]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  705.605399][T17990]  bpf_prog_load+0x1a04/0x2490
[  705.605429][T17990]  ? __pfx_bpf_prog_load+0x10/0x10
[  705.605476][T17990]  __sys_bpf+0x433c/0x4d80
[  705.605495][T17990]  ? __pfx___sys_bpf+0x10/0x10
[  705.605512][T17990]  ? ksys_write+0x190/0x250
[  705.605539][T17990]  ? __mutex_unlock_slowpath+0x161/0x6a0
[  705.605755][T17990]  ? fput+0x70/0xf0
[  705.605771][T17990]  ? ksys_write+0x1ac/0x250
[  705.605793][T17990]  ? __pfx_ksys_write+0x10/0x10
[  705.605819][T17990]  __ia32_sys_bpf+0x76/0xe0
[  705.605838][T17990]  __do_fast_syscall_32+0x7c/0x3a0
[  705.605866][T17990]  do_fast_syscall_32+0x32/0x80
[  705.605891][T17990]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  705.605912][T17990] RIP: 0023:0xf7ff7579
[  705.605925][T17990] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  705.605941][T17990] RSP: 002b:00000000f50d455c EFLAGS: 00000296 ORIG_RAX: 0000000000000165
[  705.605958][T17990] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000800002c0
[  705.605969][T17990] RDX: 0000000000000090 RSI: 0000000000000000 RDI: 0000000000000000
[  705.605979][T17990] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  705.605989][T17990] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  705.605999][T17990] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  705.606021][T17990]  </TASK>
[  705.606027][T17990] Mem-Info:
[  705.695931][T17031] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  705.709706][T17990] active_anon:17009 inactive_anon:35 isolated_anon:0
[  705.709706][T17990]  active_file:18107 inactive_file:19606 isolated_file:0
[  705.709706][T17990]  unevictable:1768 dirty:259 writeback:0
[  705.709706][T17990]  slab_reclaimable:6314 slab_unreclaimable:69855
[  705.709706][T17990]  mapped:32997 shmem:12950 pagetables:1290
[  705.709706][T17990]  sec_pagetables:327 bounce:0
[  705.709706][T17990]  kernel_misc_reclaimable:0
[  705.709706][T17990]  free:33791 free_pcp:11456 free_cma:0
[  705.709758][T17990] Node 0 active_anon:824kB inactive_anon:140kB active_file:0kB inactive_file:24kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:5836kB dirty:4kB writeback:0kB shmem:6208kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:8112kB pagetables:1456kB sec_pagetables:1160kB all_unreclaimable? yes Balloon:0kB
[  705.709801][T17990] Node 1 active_anon:67212kB inactive_anon:0kB active_file:72428kB inactive_file:78400kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:126152kB dirty:1032kB writeback:0kB shmem:45592kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:8004kB pagetables:3704kB sec_pagetables:148kB all_unreclaimable? no Balloon:0kB
[  705.709844][T17990] Node 0 DMA free:2064kB boost:0kB min:760kB low:948kB high:1136kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:4kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:532kB local_pcp:216kB free_cma:0kB
[  705.709892][T17990] lowmem_reserve[]: 0 288 288 288 288
[  705.709926][T17990] Node 0 DMA32 free:15208kB boost:0kB min:13220kB low:16524kB high:19828kB reserved_highatomic:4096KB free_highatomic:392KB active_anon:824kB inactive_anon:136kB active_file:0kB inactive_file:24kB unevictable:3536kB writepending:4kB present:1032196kB managed:295876kB mlocked:0kB bounce:0kB free_pcp:13732kB local_pcp:2908kB free_cma:0kB
[  705.709974][T17990] lowmem_reserve[]: 0 0 0 0 0
[  705.710005][T17990] Node 1 DMA32 free:117892kB boost:0kB min:47144kB low:58928kB high:70712kB reserved_highatomic:0KB free_highatomic:0KB active_anon:67212kB inactive_anon:0kB active_file:72428kB inactive_file:78400kB unevictable:3536kB writepending:1032kB present:1048432kB managed:948284kB mlocked:0kB bounce:0kB free_pcp:31560kB local_pcp:2232kB free_cma:0kB
[  705.710053][T17990] lowmem_reserve[]: 0 0 0 0 0
[  705.710084][T17990] Node 0 DMA: 20*4kB (U) 24*8kB (U) 18*16kB (U) 5*32kB (U) 1*64kB (U) 0*128kB 1*256kB (U) 0*512kB 1*1024kB (U) 0*2048kB 0*4096kB = 2064kB
[  705.710205][T17990] Node 0 DMA32: 26*4kB (MEH) 136*8kB (UMEH) 48*16kB (UMEH) 112*32kB (UMEH) 35*64kB (UMEH) 20*128kB (UME) 7*256kB (UM) 6*512kB (UME) 0*1024kB 0*2048kB 0*4096kB = 15208kB
[  705.710330][T17990] Node 1 DMA32: 1*4kB (M) 203*8kB (UME) 261*16kB (UME) 221*32kB (UME) 122*64kB (UME) 51*128kB (UME) 24*256kB (UME) 
[  705.906152][    C1] vkms_vblank_simulate: vblank timer overrun
[  705.952922][    C1] vkms_vblank_simulate: vblank timer overrun
[  705.991625][    C1] vkms_vblank_simulate: vblank timer overrun
[  706.029757][    C1] vkms_vblank_simulate: vblank timer overrun
[  706.082022][    C1] vkms_vblank_simulate: vblank timer overrun
[  706.120642][    C1] vkms_vblank_simulate: vblank timer overrun
[  706.253812][T17818] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  706.276388][T17990] 17*512kB (UME) 24*1024kB (UME) 11*2048kB (UM) 7*4096kB (UM) = 117836kB
[  706.279894][T17990] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  706.287586][T17990] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[  706.293390][T17990] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  706.297671][T17990] Node 1 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB
[  706.302921][T17990] 50511 total pagecache pages
[  706.305538][T17990] 285 pages in swap cache
[  706.306823][T17992] netlink: 'syz.0.3318': attribute type 1 has an invalid length.
[  706.307833][T17990] Free swap  = 119580kB
[  706.307846][T17990] Total swap = 124996kB
[  706.307856][T17990] 524155 pages RAM
[  706.307863][T17990] 0 pages HighMem/MovableOnly
[  706.307870][T17990] 209275 pages reserved
[  706.313490][T17992] netlink: 224 bytes leftover after parsing attributes in process `syz.0.3318'.
[  706.314443][T17990] 0 pages cma reserved
[  706.465645][T17998] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3320'.
[  706.580915][T18003] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3320'.
[  706.988210][T17031] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  707.006523][    C1] vkms_vblank_simulate: vblank timer overrun
[  707.472030][T18005] x_tables: ip6_tables: CLASSIFY target: used from hooks INPUT, but only usable from FORWARD/OUTPUT/POSTROUTING
[  707.602786][T18013] libceph: resolve '400' (ret=-3): failed
[  707.613726][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  707.729245][T18007] xt_CT: You must specify a L4 protocol and not use inversions on it
[  707.773248][    C1] vkms_vblank_simulate: vblank timer overrun
[  708.029832][    C1] vkms_vblank_simulate: vblank timer overrun
[  708.087252][T18024] netlink: 'syz.0.3327': attribute type 1 has an invalid length.
[  708.090995][T18024] netlink: 224 bytes leftover after parsing attributes in process `syz.0.3327'.
[  708.241038][   T13] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  708.800842][   T13] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  709.209258][T18047] siw: device registration error -23
[  709.286663][   T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  709.999941][T18052] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  710.358823][T18056] netlink: 'syz.4.3337': attribute type 1 has an invalid length.
[  710.365816][T18056] netlink: 224 bytes leftover after parsing attributes in process `syz.4.3337'.
[  710.807401][ T1225] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  711.761306][    C2] vkms_vblank_simulate: vblank timer overrun
[  711.797204][    C2] vkms_vblank_simulate: vblank timer overrun
[  712.468400][T18088] 9pnet_fd: Insufficient options for proto=fd
[  712.645405][T17818] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  712.722963][T17031] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  712.782294][T18090] siw: device registration error -23
[  713.093213][T18095] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(3)
[  713.105243][T18095] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  713.175402][T18095] vhci_hcd vhci_hcd.0: Device attached
[  713.195940][T18096] usbip_core: unknown command
[  713.198102][T18096] vhci_hcd: unknown pdu 0
[  713.201300][T18096] usbip_core: unknown command
[  713.210618][   T60] vhci_hcd: stop threads
[  713.217655][   T60] vhci_hcd: release socket
[  713.219835][   T60] vhci_hcd: disconnect device
[  713.369213][  T216] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  713.417303][    C2] vkms_vblank_simulate: vblank timer overrun
[  713.654339][T18095] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3348'.
[  713.679006][T18095] netlink: 'syz.0.3348': attribute type 10 has an invalid length.
[  713.952942][T18112] siw: device registration error -23
[  713.993315][    C2] vkms_vblank_simulate: vblank timer overrun
[  714.377294][    C2] vkms_vblank_simulate: vblank timer overrun
[  714.545148][    C2] vkms_vblank_simulate: vblank timer overrun
[  714.650972][ T1225] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  714.843798][T18108] xt_CT: You must specify a L4 protocol and not use inversions on it
[  715.259532][    C2] vkms_vblank_simulate: vblank timer overrun
[  715.699209][T17818] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  715.811246][T18124] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(3)
[  715.814243][T18124] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  715.824304][T18124] vhci_hcd vhci_hcd.0: Device attached
[  715.937637][ T6002] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  715.954199][   T13] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  716.018359][T18130] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3356'.
[  716.077168][    C2] vkms_vblank_simulate: vblank timer overrun
[  716.091600][T18131] netlink: 'syz.4.3356': attribute type 10 has an invalid length.
[  716.161290][    C2] vkms_vblank_simulate: vblank timer overrun
[  716.337221][    C2] vkms_vblank_simulate: vblank timer overrun
[  716.365563][T18131] 8021q: adding VLAN 0 to HW filter on device bond0
[  716.371483][T18131] team0: Port device bond0 added
[  716.415857][   T29] usb 45-1: new high-speed USB device number 2 using vhci_hcd
[  716.420645][T18138] netlink: 'syz.0.3357': attribute type 1 has an invalid length.
[  716.445239][T18138] netlink: 224 bytes leftover after parsing attributes in process `syz.0.3357'.
[  716.489108][    C2] vkms_vblank_simulate: vblank timer overrun
[  716.635233][T18125] vhci_hcd: connection reset by peer
[  716.676358][   T60] vhci_hcd: stop threads
[  716.679394][   T60] vhci_hcd: release socket
[  716.683020][   T60] vhci_hcd: disconnect device
[  717.117445][T18147] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3360'.
[  717.121519][T18147] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3360'.
[  717.470376][T18158] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3359'.
[  717.523052][T18159] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  717.868375][T18152] loop6: detected capacity change from 0 to 63
[  717.891829][T17794] Buffer I/O error on dev loop6, logical block 0, async page read
[  717.899786][T17794] Buffer I/O error on dev loop6, logical block 0, async page read
[  717.904083][T17794] Buffer I/O error on dev loop6, logical block 0, async page read
[  717.911384][T17794] Buffer I/O error on dev loop6, logical block 0, async page read
[  717.930619][T17794] Buffer I/O error on dev loop6, logical block 0, async page read
[  718.223998][T18170] netlink: 40 bytes leftover after parsing attributes in process `syz.4.3365'.
[  718.447174][T18176] netlink: 'syz.0.3366': attribute type 10 has an invalid length.
[  718.484971][   T13] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  718.516427][   T13] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  718.589748][    C2] vkms_vblank_simulate: vblank timer overrun
[  718.692419][T18168] e1000e 0000:00:02.0 eth1: NIC Link is Down
[  718.739107][    C2] vkms_vblank_simulate: vblank timer overrun
[  718.873228][T18183] netlink: 'syz.4.3367': attribute type 1 has an invalid length.
[  718.882372][T18183] netlink: 224 bytes leftover after parsing attributes in process `syz.4.3367'.
[  718.906945][    C2] vkms_vblank_simulate: vblank timer overrun
[  718.965166][    C2] vkms_vblank_simulate: vblank timer overrun
[  718.972029][T17818] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  719.689127][    C2] vkms_vblank_simulate: vblank timer overrun
[  719.757296][    C2] vkms_vblank_simulate: vblank timer overrun
[  719.818216][  T216] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  720.188709][    C2] vkms_vblank_simulate: vblank timer overrun
[  721.073154][    C2] vkms_vblank_simulate: vblank timer overrun
[  721.321148][    C2] vkms_vblank_simulate: vblank timer overrun
[  721.499742][   T34] usb 6-1: new high-speed USB device number 35 using dummy_hcd
[  721.519864][    C2] vkms_vblank_simulate: vblank timer overrun
[  721.533322][   T29] vhci_hcd: vhci_device speed not set
[  721.690928][   T60] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  721.830072][   T34] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  721.834329][   T34] usb 6-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 21
[  721.879855][   T34] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  721.933330][   T34] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  721.941490][   T34] usb 6-1: config 0 descriptor??
[  721.977110][    C2] vkms_vblank_simulate: vblank timer overrun
[  722.028314][T18228] syzkaller0: entered promiscuous mode
[  722.088745][T17818] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  722.243028][T18228] syzkaller0: entered allmulticast mode
[  722.339614][    C2] vkms_vblank_simulate: vblank timer overrun
[  722.385099][T18231] sp0: Synchronizing with TNC
[  722.555152][T18202] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  722.588243][T18202] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  723.473648][T18247] netlink: 40 bytes leftover after parsing attributes in process `syz.3.3375'.
[  723.612194][T14020] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  723.820972][T18252] netlink: 'syz.3.3376': attribute type 1 has an invalid length.
[  723.828756][T18252] netlink: 224 bytes leftover after parsing attributes in process `syz.3.3376'.
[  724.268268][   T12] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  725.165344][ T1325] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  725.520929][   T13] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  726.159788][    C3] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  726.203016][T10495] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  726.801189][T14020] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  727.413496][   T34] usb 6-1: string descriptor 0 read error: -32
[  727.420560][   T34] usbhid 6-1:0.0: couldn't find an input interrupt endpoint
[  728.726269][  T216] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  729.290543][ T1325] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  729.586535][   T10] usb 6-1: USB disconnect, device number 35
[  730.011507][  T216] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  730.083329][T18275] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3379'.
[  730.813389][T18283] netlink: 120 bytes leftover after parsing attributes in process `syz.3.3381'.
[  731.279477][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  731.290729][ T1225] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  731.348756][T18290] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3385'.
[  731.492006][T18294] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3385'.
[  731.514261][T18288] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(5)
[  731.530673][T18288] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  731.536592][T18288] vhci_hcd vhci_hcd.0: Device attached
[  731.541094][T18296] usbip_core: unknown command
[  731.546740][T18296] vhci_hcd: unknown pdu 0
[  731.569184][T18296] usbip_core: unknown command
[  731.573042][ T1225] vhci_hcd: stop threads
[  731.575289][ T1225] vhci_hcd: release socket
[  731.576969][ T1225] vhci_hcd: disconnect device
[  731.745810][T18303] siw: device registration error -23
[  731.879654][T18295] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3386'.
[  731.931650][  T216] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  731.951579][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  732.114785][T18300] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3386'.
[  732.326671][T17818] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  732.478719][T18316] ieee802154 phy0 wpan0: encryption failed: -22
[  733.213357][  T837] usb 9-1: new high-speed USB device number 2 using dummy_hcd
[  733.395960][T18329] input: syz0 as /devices/virtual/input/input16
[  733.488472][  T837] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  733.492730][  T837] usb 9-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 21
[  733.557432][  T837] usb 9-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  733.564355][  T837] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  733.574962][  T837] usb 9-1: config 0 descriptor??
[  733.716222][T18334] siw: device registration error -23
[  733.942735][  T216] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  734.437652][T18319] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  734.449453][T18341] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount.
[  734.495330][T18341] CIFS: Unable to determine destination address
[  734.502175][T18319] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  734.599977][  T837] usb 9-1: string descriptor 0 read error: -71
[  734.694506][  T837] usbhid 9-1:0.0: couldn't find an input interrupt endpoint
[  734.783234][  T837] usb 9-1: USB disconnect, device number 2
[  734.899926][T18347] FAULT_INJECTION: forcing a failure.
[  734.899926][T18347] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  734.906347][T18347] CPU: 0 UID: 0 PID: 18347 Comm: syz.0.3397 Not tainted 6.16.0-rc6-syzkaller-00121-g6832a9317eee #0 PREEMPT(full) 
[  734.906374][T18347] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  734.906383][T18347] Call Trace:
[  734.906387][T18347]  <TASK>
[  734.906393][T18347]  dump_stack_lvl+0x16c/0x1f0
[  734.906419][T18347]  should_fail_ex+0x512/0x640
[  734.906442][T18347]  strncpy_from_user+0x3b/0x2e0
[  734.906464][T18347]  getname_flags.part.0+0x8f/0x550
[  734.906482][T18347]  getname_flags+0x93/0xf0
[  734.906501][T18347]  do_sys_openat2+0xb8/0x1d0
[  734.906517][T18347]  ? __pfx_do_sys_openat2+0x10/0x10
[  734.906534][T18347]  ? __fget_files+0x20e/0x3c0
[  734.906552][T18347]  ? handle_mm_fault+0x240/0xd10
[  734.906573][T18347]  __ia32_compat_sys_openat+0x16d/0x210
[  734.906590][T18347]  ? __pfx___ia32_compat_sys_openat+0x10/0x10
[  734.906606][T18347]  ? ksys_write+0x1ac/0x250
[  734.906628][T18347]  ? rcu_is_watching+0x12/0xc0
[  734.906646][T18347]  __do_fast_syscall_32+0x7c/0x3a0
[  734.906669][T18347]  do_fast_syscall_32+0x32/0x80
[  734.906690][T18347]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  734.906707][T18347] RIP: 0023:0xf708e579
[  734.906718][T18347] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  734.906731][T18347] RSP: 002b:00000000f507e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000127
[  734.906745][T18347] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 0000000080000600
[  734.906754][T18347] RDX: 0000000000004000 RSI: 0000000000000000 RDI: 0000000000000000
[  734.906762][T18347] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  734.906770][T18347] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  734.906778][T18347] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  734.906796][T18347]  </TASK>
[  735.129466][   T13] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  735.199843][    T9] usb 8-1: new high-speed USB device number 39 using dummy_hcd
[  735.359384][T17818] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  735.378971][    T9] usb 8-1: Using ep0 maxpacket: 16
[  735.391634][    T9] usb 8-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 16
[  735.400537][    T9] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  735.404944][    T9] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  735.413135][    T9] usb 8-1: Product: 㐉
[  735.416547][    T9] usb 8-1: Manufacturer: 慁즘ꉫ㸘馆儷̆冒Ⱄ㎑稸ڨ㸩␀洓붕뀀鰯舘ሥꩦ㳣ㅦᛳ縉灣餕⻏ⵛ⇭臔늪썛䀺ഝ㦴ኈ螦즑儒姘펷䖻⭗쭒셲蹌罥콒消㎘鎶ꃴ꾌⏦釘뻺ꜱ뮹吐᷌곳ඌ
[  735.439916][    T9] usb 8-1: SerialNumber: 邺湟觞囹뽁闤Ḧ龑漰魫뤶ô嗫罌ꡖ隁傮̤洄钼細‿와宾눎৤≎窸៎䪌㢚쐛ⳍ叄＂ﺎ਽㰅蟃犘犸忝쯺逤ᎆʵ怆ኻ偼ꁟ⼤ᚮ㎶౴芢泿ѷ㎚숵흥鐴ኒ䭻﷮㈟ﺼ俱암샓᫇䈊
[  735.591629][T18363] netlink: 52 bytes leftover after parsing attributes in process `syz.4.3403'.
[  735.598807][T18362] siw: device registration error -23
[  736.009311][    T9] cdc_ncm 8-1:1.0: bind() failure
[  736.016223][    T9] cdc_ncm 8-1:1.1: CDC Union missing and no IAD found
[  736.049053][    T9] cdc_ncm 8-1:1.1: bind() failure
[  736.098445][    T9] usb 8-1: USB disconnect, device number 39
[  736.577188][T15936] Bluetooth: hci0: command tx timeout
[  736.590300][T18376] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3406'.
[  736.703123][T18376] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3406'.
[  737.109970][T17031] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  737.604687][T18397] FAULT_INJECTION: forcing a failure.
[  737.604687][T18397] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  737.613920][T18397] CPU: 3 UID: 0 PID: 18397 Comm: syz.0.3412 Not tainted 6.16.0-rc6-syzkaller-00121-g6832a9317eee #0 PREEMPT(full) 
[  737.613942][T18397] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  737.613951][T18397] Call Trace:
[  737.613957][T18397]  <TASK>
[  737.613963][T18397]  dump_stack_lvl+0x16c/0x1f0
[  737.613992][T18397]  should_fail_ex+0x512/0x640
[  737.614017][T18397]  _copy_to_user+0x32/0xd0
[  737.614042][T18397]  copy_ctl_value_to_user+0xd8/0x260
[  737.614075][T18397]  snd_ctl_ioctl_compat+0x5dc/0xc50
[  737.614099][T18397]  ? __pfx_snd_ctl_ioctl_compat+0x10/0x10
[  737.614120][T18397]  ? find_held_lock+0x2b/0x80
[  737.614142][T18397]  ? __fget_files+0x20e/0x3c0
[  737.614161][T18397]  ? fput+0x20/0xf0
[  737.614179][T18397]  ? __pfx_snd_ctl_ioctl_compat+0x10/0x10
[  737.614201][T18397]  __ia32_compat_sys_ioctl+0x242/0x370
[  737.614224][T18397]  __do_fast_syscall_32+0x7c/0x3a0
[  737.614249][T18397]  do_fast_syscall_32+0x32/0x80
[  737.614271][T18397]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  737.614291][T18397] RIP: 0023:0xf708e579
[  737.614305][T18397] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  737.614320][T18397] RSP: 002b:00000000f507e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  737.614336][T18397] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c2c45513
[  737.614346][T18397] RDX: 0000000080002e00 RSI: 0000000000000000 RDI: 0000000000000000
[  737.614355][T18397] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  737.614364][T18397] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  737.614372][T18397] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  737.614390][T18397]  </TASK>
[  737.719292][   T12] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  738.226560][T18411] siw: device registration error -23
[  738.280583][T18413] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(3)
[  738.281606][T18404] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3413'.
[  738.296137][T18413] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  738.299085][T18413] vhci_hcd vhci_hcd.0: Device attached
[  738.572167][  T837] usb 43-1: new high-speed USB device number 6 using vhci_hcd
[  738.712162][ T1325] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  738.981242][T18416] netlink: 'syz.3.3415': attribute type 10 has an invalid length.
[  739.649541][T14020] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  739.823971][T18429] netlink: 120 bytes leftover after parsing attributes in process `syz.4.3417'.
[  740.181391][T18432] capability: warning: `syz.0.3418' uses 32-bit capabilities (legacy support in use)
[  740.363301][T18437] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3420'.
[  740.468814][T18437] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3420'.
[  740.893620][T14020] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  741.033538][T18445] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  741.119614][T18446] siw: device registration error -23
[  741.679771][T15936] Bluetooth: hci2: unexpected event for opcode 0x2031
[  741.764804][T17818] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  741.809794][T18414] vhci_hcd: connection reset by peer
[  741.843458][T17031] vhci_hcd: stop threads
[  741.897810][T17031] vhci_hcd: release socket
[  741.909896][T17031] vhci_hcd: disconnect device
[  741.954608][T18459] sctp: [Deprecated]: syz.0.3428 (pid 18459) Use of int in max_burst socket option deprecated.
[  741.954608][T18459] Use struct sctp_assoc_value instead
[  741.980539][T18459] cgroup: subsys name conflicts with all
[  742.045856][T18462] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3425'.
[  742.172100][T17031] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  742.198395][   T40] kauditd_printk_skb: 20 callbacks suppressed
[  742.198415][   T40] audit: type=1326 audit(1752815319.936:226): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18458 comm="syz.0.3428" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf708e579 code=0x0
[  742.370813][   T40] audit: type=1326 audit(1752815320.056:227): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18472 comm="syz.1.3429" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f07579 code=0x0
[  742.862625][T18479] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3431'.
[  742.928343][T18482] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3431'.
[  743.490167][   T60] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  743.694392][T18495] FAULT_INJECTION: forcing a failure.
[  743.694392][T18495] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  743.699354][T18495] CPU: 0 UID: 0 PID: 18495 Comm: syz.4.3436 Not tainted 6.16.0-rc6-syzkaller-00121-g6832a9317eee #0 PREEMPT(full) 
[  743.699380][T18495] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  743.699392][T18495] Call Trace:
[  743.699399][T18495]  <TASK>
[  743.699407][T18495]  dump_stack_lvl+0x16c/0x1f0
[  743.699438][T18495]  should_fail_ex+0x512/0x640
[  743.699467][T18495]  strncpy_from_user+0x3b/0x2e0
[  743.699493][T18495]  bpf_prog_load+0x1aef/0x2490
[  743.699527][T18495]  ? __pfx_bpf_prog_load+0x10/0x10
[  743.699576][T18495]  __sys_bpf+0x433c/0x4d80
[  743.699596][T18495]  ? __pfx___sys_bpf+0x10/0x10
[  743.699612][T18495]  ? ksys_write+0x190/0x250
[  743.699640][T18495]  ? __lock_acquire+0xb8a/0x1c90
[  743.699675][T18495]  ? find_held_lock+0x2b/0x80
[  743.699691][T18495]  ? __might_fault+0xe3/0x190
[  743.699714][T18495]  ? __might_fault+0xe3/0x190
[  743.699735][T18495]  ? __might_fault+0x13b/0x190
[  743.699766][T18495]  __ia32_sys_bpf+0x76/0xe0
[  743.699784][T18495]  __do_fast_syscall_32+0x7c/0x3a0
[  743.699811][T18495]  do_fast_syscall_32+0x32/0x80
[  743.699837][T18495]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  743.699860][T18495] RIP: 0023:0xf7ff6579
[  743.699876][T18495] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  743.699892][T18495] RSP: 002b:00000000f511655c EFLAGS: 00000296 ORIG_RAX: 0000000000000165
[  743.699910][T18495] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000080000080
[  743.699920][T18495] RDX: 0000000000000094 RSI: 0000000000000000 RDI: 0000000000000000
[  743.699932][T18495] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  743.699942][T18495] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  743.699952][T18495] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  743.699975][T18495]  </TASK>
[  744.089504][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  744.200978][T18505] FAULT_INJECTION: forcing a failure.
[  744.200978][T18505] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  744.235510][T18505] CPU: 2 UID: 0 PID: 18505 Comm: syz.1.3440 Not tainted 6.16.0-rc6-syzkaller-00121-g6832a9317eee #0 PREEMPT(full) 
[  744.235539][T18505] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  744.235552][T18505] Call Trace:
[  744.235559][T18505]  <TASK>
[  744.235567][T18505]  dump_stack_lvl+0x16c/0x1f0
[  744.235599][T18505]  should_fail_ex+0x512/0x640
[  744.235630][T18505]  _copy_from_user+0x2e/0xd0
[  744.235659][T18505]  bpf_prog_load+0x1a8d/0x2490
[  744.235695][T18505]  ? __pfx_bpf_prog_load+0x10/0x10
[  744.235748][T18505]  __sys_bpf+0x433c/0x4d80
[  744.235769][T18505]  ? __pfx___sys_bpf+0x10/0x10
[  744.235793][T18505]  ? __lock_acquire+0xb8a/0x1c90
[  744.235833][T18505]  ? find_held_lock+0x2b/0x80
[  744.235851][T18505]  ? __might_fault+0xe3/0x190
[  744.235877][T18505]  ? __might_fault+0xe3/0x190
[  744.235901][T18505]  ? __might_fault+0x13b/0x190
[  744.235933][T18505]  __ia32_sys_bpf+0x76/0xe0
[  744.235953][T18505]  __do_fast_syscall_32+0x7c/0x3a0
[  744.235982][T18505]  do_fast_syscall_32+0x32/0x80
[  744.236009][T18505]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  744.236044][T18505] RIP: 0023:0xf7f07579
[  744.236059][T18505] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  744.236077][T18505] RSP: 002b:00000000f502655c EFLAGS: 00000296 ORIG_RAX: 0000000000000165
[  744.236096][T18505] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000080000b00
[  744.236108][T18505] RDX: 0000000000000094 RSI: 0000000000000000 RDI: 0000000000000000
[  744.236119][T18505] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  744.236129][T18505] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  744.236140][T18505] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  744.236165][T18505]  </TASK>
[  744.324219][T18507] : entered promiscuous mode
[  744.372650][T17031] Bluetooth: hci1: Frame reassembly failed (-84)
[  744.809512][T18517] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3442'.
[  744.820763][T17818] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  744.837079][T18519] FAULT_INJECTION: forcing a failure.
[  744.837079][T18519] name failslab, interval 1, probability 0, space 0, times 0
[  744.849888][T18519] CPU: 2 UID: 0 PID: 18519 Comm: syz.0.3444 Not tainted 6.16.0-rc6-syzkaller-00121-g6832a9317eee #0 PREEMPT(full) 
[  744.849915][T18519] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  744.849927][T18519] Call Trace:
[  744.849933][T18519]  <TASK>
[  744.849941][T18519]  dump_stack_lvl+0x16c/0x1f0
[  744.849971][T18519]  should_fail_ex+0x512/0x640
[  744.849994][T18519]  ? fs_reclaim_acquire+0xae/0x150
[  744.850027][T18519]  should_failslab+0xc2/0x120
[  744.850044][T18519]  __kmalloc_cache_noprof+0x6a/0x3e0
[  744.850066][T18519]  ? idr_get_next+0xec/0x150
[  744.850087][T18519]  ? nbd_alloc_and_init_config+0x97/0x2a0
[  744.850115][T18519]  nbd_alloc_and_init_config+0x97/0x2a0
[  744.850141][T18519]  nbd_genl_connect+0x490/0x1c60
[  744.850172][T18519]  ? __pfx_nbd_genl_connect+0x10/0x10
[  744.850203][T18519]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290
[  744.850226][T18519]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290
[  744.850253][T18519]  genl_family_rcv_msg_doit+0x206/0x2f0
[  744.850275][T18519]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  744.850296][T18519]  ? genl_get_cmd+0x194/0x580
[  744.850322][T18519]  ? __sys_sendmsg+0x16d/0x220
[  744.850345][T18519]  ? __do_fast_syscall_32+0x7c/0x3a0
[  744.850369][T18519]  ? __radix_tree_lookup+0x21f/0x2c0
[  744.850396][T18519]  genl_rcv_msg+0x55c/0x800
[  744.850420][T18519]  ? __pfx_genl_rcv_msg+0x10/0x10
[  744.850441][T18519]  ? __pfx_nbd_genl_connect+0x10/0x10
[  744.850469][T18519]  ? __lock_acquire+0x622/0x1c90
[  744.850495][T18519]  netlink_rcv_skb+0x155/0x420
[  744.850512][T18519]  ? __pfx_genl_rcv_msg+0x10/0x10
[  744.850534][T18519]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  744.850562][T18519]  ? netlink_deliver_tap+0x1ae/0xd30
[  744.850587][T18519]  ? is_vmalloc_addr+0x86/0xa0
[  744.850614][T18519]  genl_rcv+0x28/0x40
[  744.850631][T18519]  netlink_unicast+0x58d/0x850
[  744.850653][T18519]  ? __pfx_netlink_unicast+0x10/0x10
[  744.850678][T18519]  netlink_sendmsg+0x8d1/0xdd0
[  744.850701][T18519]  ? __pfx_netlink_sendmsg+0x10/0x10
[  744.850720][T18519]  ? __import_iovec+0x1dd/0x650
[  744.850743][T18519]  ____sys_sendmsg+0xa95/0xc70
[  744.850764][T18519]  ? __pfx_____sys_sendmsg+0x10/0x10
[  744.850782][T18519]  ? get_compat_msghdr+0x11a/0x170
[  744.850820][T18519]  ___sys_sendmsg+0x134/0x1d0
[  744.850846][T18519]  ? __pfx____sys_sendmsg+0x10/0x10
[  744.850883][T18519]  ? find_held_lock+0x2b/0x80
[  744.850916][T18519]  __sys_sendmsg+0x16d/0x220
[  744.850940][T18519]  ? __pfx___sys_sendmsg+0x10/0x10
[  744.850975][T18519]  ? rcu_is_watching+0x12/0xc0
[  744.850997][T18519]  __do_fast_syscall_32+0x7c/0x3a0
[  744.851031][T18519]  do_fast_syscall_32+0x32/0x80
[  744.851055][T18519]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  744.851077][T18519] RIP: 0023:0xf708e579
[  744.851092][T18519] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  744.851109][T18519] RSP: 002b:00000000f507e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  744.851125][T18519] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080001100
[  744.851137][T18519] RDX: 0000000000040100 RSI: 0000000000000000 RDI: 0000000000000000
[  744.851147][T18519] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  744.851156][T18519] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  744.851167][T18519] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  744.851189][T18519]  </TASK>
[  744.851198][T18519] nbd: couldn't allocate config
[  744.909742][T18517] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3442'.
[  745.359729][  T216] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  746.040481][T18534] netlink: 120 bytes leftover after parsing attributes in process `syz.3.3449'.
[  746.398435][T15936] Bluetooth: hci1: Opcode 0x1003 failed: -110
[  746.398895][ T5971] Bluetooth: hci1: command 0x1003 tx timeout
[  746.634584][  T837] vhci_hcd: vhci_device speed not set
[  746.678553][ T1416] ieee802154 phy0 wpan0: encryption failed: -22
[  746.688673][   T12] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  746.879254][T10495] usb 5-1: new high-speed USB device number 34 using dummy_hcd
[  747.062028][T10495] usb 5-1: config index 0 descriptor too short (expected 45, got 36)
[  747.065253][T10495] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  747.069927][T10495] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  747.086357][T10495] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  747.093509][T10495] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  747.112897][T10495] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  747.119600][T10495] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  747.134435][T10495] usb 5-1: config 0 descriptor??
[  747.182614][T18555] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(3)
[  747.186824][T18555] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  747.194568][T18555] vhci_hcd vhci_hcd.0: Device attached
[  747.208143][T18556] usbip_core: unknown command
[  747.212259][T18556] vhci_hcd: unknown pdu 0
[  747.214374][T18556] usbip_core: unknown command
[  747.222242][   T60] vhci_hcd: stop threads
[  747.223877][   T60] vhci_hcd: release socket
[  747.225554][   T60] vhci_hcd: disconnect device
[  747.330396][T18561] netlink: 'syz.4.3455': attribute type 10 has an invalid length.
[  747.564268][T10495] plantronics 0003:047F:FFFF.000A: unknown main item tag 0x0
[  747.589700][T10495] plantronics 0003:047F:FFFF.000A: unknown main item tag 0x0
[  747.594464][T10495] plantronics 0003:047F:FFFF.000A: unknown main item tag 0x0
[  747.603430][T10495] plantronics 0003:047F:FFFF.000A: unknown main item tag 0x0
[  747.610353][T10495] plantronics 0003:047F:FFFF.000A: unknown main item tag 0x0
[  747.615148][T10495] plantronics 0003:047F:FFFF.000A: unknown main item tag 0x0
[  747.622255][T10495] plantronics 0003:047F:FFFF.000A: unknown main item tag 0x0
[  747.627365][T10495] plantronics 0003:047F:FFFF.000A: unknown main item tag 0x0
[  747.634291][T10495] plantronics 0003:047F:FFFF.000A: unknown main item tag 0x0
[  747.642561][T10495] plantronics 0003:047F:FFFF.000A: unknown main item tag 0x0
[  747.653146][T10495] plantronics 0003:047F:FFFF.000A: unknown main item tag 0x0
[  747.657745][T10495] plantronics 0003:047F:FFFF.000A: unknown main item tag 0x0
[  747.670053][T10495] plantronics 0003:047F:FFFF.000A: unknown main item tag 0x0
[  747.672465][T10495] plantronics 0003:047F:FFFF.000A: unknown main item tag 0x0
[  747.674825][T10495] plantronics 0003:047F:FFFF.000A: unknown main item tag 0x0
[  747.782062][T10495] plantronics 0003:047F:FFFF.000A: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0
[  747.788958][T18547] FAULT_INJECTION: forcing a failure.
[  747.788958][T18547] name failslab, interval 1, probability 0, space 0, times 0
[  747.827180][T18547] CPU: 3 UID: 0 PID: 18547 Comm: syz.0.3453 Not tainted 6.16.0-rc6-syzkaller-00121-g6832a9317eee #0 PREEMPT(full) 
[  747.827205][T18547] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  747.827215][T18547] Call Trace:
[  747.827223][T18547]  <TASK>
[  747.827230][T18547]  dump_stack_lvl+0x16c/0x1f0
[  747.827267][T18547]  should_fail_ex+0x512/0x640
[  747.827292][T18547]  ? fs_reclaim_acquire+0xae/0x150
[  747.827316][T18547]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[  747.827340][T18547]  should_failslab+0xc2/0x120
[  747.827358][T18547]  __kmalloc_noprof+0xd2/0x510
[  747.827388][T18547]  tomoyo_realpath_from_path+0xc2/0x6e0
[  747.827419][T18547]  tomoyo_check_open_permission+0x2ab/0x3c0
[  747.827442][T18547]  ? __pfx_tomoyo_check_open_permission+0x10/0x10
[  747.827488][T18547]  ? do_raw_spin_lock+0x12c/0x2b0
[  747.827522][T18547]  tomoyo_file_open+0x6b/0x90
[  747.827550][T18547]  security_file_open+0x84/0x1e0
[  747.827571][T18547]  do_dentry_open+0x596/0x1c10
[  747.827605][T18547]  vfs_open+0x82/0x3f0
[  747.827627][T18547]  path_openat+0x1de4/0x2cb0
[  747.827660][T18547]  ? __pfx_path_openat+0x10/0x10
[  747.827692][T18547]  do_filp_open+0x20b/0x470
[  747.827715][T18547]  ? __pfx_do_filp_open+0x10/0x10
[  747.828636][T18547]  ? _raw_spin_unlock+0x28/0x50
[  747.828658][T18547]  ? alloc_fd+0x471/0x7d0
[  747.828689][T18547]  do_sys_openat2+0x11b/0x1d0
[  747.828710][T18547]  ? __pfx_do_sys_openat2+0x10/0x10
[  747.828733][T18547]  ? __fget_files+0x20e/0x3c0
[  747.828760][T18547]  __ia32_compat_sys_openat+0x16d/0x210
[  747.828800][T18547]  ? __pfx___ia32_compat_sys_openat+0x10/0x10
[  747.828820][T18547]  ? ksys_write+0x1ac/0x250
[  747.828848][T18547]  ? rcu_is_watching+0x12/0xc0
[  747.828870][T18547]  __do_fast_syscall_32+0x7c/0x3a0
[  747.828899][T18547]  do_fast_syscall_32+0x32/0x80
[  747.828925][T18547]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  747.828947][T18547] RIP: 0023:0xf708e579
[  747.828962][T18547] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  747.828978][T18547] RSP: 002b:00000000f507e100 EFLAGS: 00000293 ORIG_RAX: 0000000000000127
[  747.828997][T18547] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 00000000f507e150
[  747.829007][T18547] RDX: 0000000000046400 RSI: 0000000000000000 RDI: 00000000f73f4ff4
[  747.829018][T18547] RBP: 0000000000046400 R08: 0000000000000000 R09: 0000000000000000
[  747.829028][T18547] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  747.829038][T18547] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  747.829061][T18547]  </TASK>
[  747.853144][T17818] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  747.857208][T18547] ERROR: Out of memory at tomoyo_realpath_from_path.
[  747.966576][   T12] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  748.039960][  T837] usb 5-1: USB disconnect, device number 34
[  748.198941][T18572] FAULT_INJECTION: forcing a failure.
[  748.198941][T18572] name failslab, interval 1, probability 0, space 0, times 0
[  748.207086][T18572] CPU: 3 UID: 0 PID: 18572 Comm: syz.1.3459 Not tainted 6.16.0-rc6-syzkaller-00121-g6832a9317eee #0 PREEMPT(full) 
[  748.207111][T18572] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  748.207123][T18572] Call Trace:
[  748.207131][T18572]  <TASK>
[  748.207139][T18572]  dump_stack_lvl+0x16c/0x1f0
[  748.207170][T18572]  should_fail_ex+0x512/0x640
[  748.207195][T18572]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[  748.207225][T18572]  should_failslab+0xc2/0x120
[  748.207243][T18572]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  748.207273][T18572]  ? d_instantiate+0x77/0x90
[  748.207290][T18572]  ? alloc_empty_file+0x55/0x1e0
[  748.207312][T18572]  alloc_empty_file+0x55/0x1e0
[  748.207332][T18572]  alloc_file_pseudo+0x13a/0x230
[  748.207353][T18572]  ? __pfx_alloc_file_pseudo+0x10/0x10
[  748.207374][T18572]  ? find_held_lock+0x2b/0x80
[  748.207398][T18572]  __anon_inode_getfile+0xe8/0x280
[  748.207427][T18572]  bpf_link_prime+0x10f/0x290
[  748.207457][T18572]  bpf_xdp_link_attach+0x249/0x8f0
[  748.207488][T18572]  ? __pfx_bpf_xdp_link_attach+0x10/0x10
[  748.207514][T18572]  ? find_held_lock+0x2b/0x80
[  748.207533][T18572]  ? __fget_files+0x204/0x3c0
[  748.207568][T18572]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  748.207600][T18572]  __sys_bpf+0x19ef/0x4d80
[  748.207621][T18572]  ? __pfx___sys_bpf+0x10/0x10
[  748.207638][T18572]  ? ksys_write+0x190/0x250
[  748.207667][T18572]  ? __mutex_unlock_slowpath+0x161/0x6a0
[  748.207711][T18572]  ? fput+0x70/0xf0
[  748.207727][T18572]  ? ksys_write+0x1ac/0x250
[  748.207751][T18572]  ? __pfx_ksys_write+0x10/0x10
[  748.207781][T18572]  __ia32_sys_bpf+0x76/0xe0
[  748.207799][T18572]  __do_fast_syscall_32+0x7c/0x3a0
[  748.207830][T18572]  do_fast_syscall_32+0x32/0x80
[  748.207857][T18572]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  748.207879][T18572] RIP: 0023:0xf7f07579
[  748.207894][T18572] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  748.207912][T18572] RSP: 002b:00000000f502655c EFLAGS: 00000296 ORIG_RAX: 0000000000000165
[  748.207930][T18572] RAX: ffffffffffffffda RBX: 000000000000001c RCX: 0000000080000000
[  748.207941][T18572] RDX: 000000000000001c RSI: 0000000000000000 RDI: 0000000000000000
[  748.207952][T18572] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  748.207962][T18572] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  748.207973][T18572] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  748.207997][T18572]  </TASK>
[  749.201470][   T60] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  749.534376][T18595] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(3)
[  749.536924][T18595] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  749.547427][T18595] vhci_hcd vhci_hcd.0: Device attached
[  749.569251][T18596] usbip_core: unknown command
[  749.571144][T18596] vhci_hcd: unknown pdu 0
[  749.572744][T18596] usbip_core: unknown command
[  749.575055][  T216] vhci_hcd: stop threads
[  749.577295][  T216] vhci_hcd: release socket
[  749.579982][  T216] vhci_hcd: disconnect device
[  749.846252][T18599] netlink: 'syz.1.3466': attribute type 10 has an invalid length.
[  749.903940][T18602] siw: device registration error -23
[  750.493125][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  750.496676][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  751.094586][T18619] fuse: Bad value for 'fd'
[  751.197173][ T1325] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  752.399322][T17031] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  752.653447][T18640] lo speed is unknown, defaulting to 1000
[  753.690720][T14020] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  753.797495][T18655] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3481'.
[  753.826044][T18655] FAULT_INJECTION: forcing a failure.
[  753.826044][T18655] name failslab, interval 1, probability 0, space 0, times 0
[  753.849059][T18655] CPU: 2 UID: 0 PID: 18655 Comm: syz.3.3481 Not tainted 6.16.0-rc6-syzkaller-00121-g6832a9317eee #0 PREEMPT(full) 
[  753.849089][T18655] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  753.849101][T18655] Call Trace:
[  753.849108][T18655]  <TASK>
[  753.849116][T18655]  dump_stack_lvl+0x16c/0x1f0
[  753.849148][T18655]  should_fail_ex+0x512/0x640
[  753.849177][T18655]  should_failslab+0xc2/0x120
[  753.849194][T18655]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  753.849228][T18655]  ? skb_clone+0x190/0x3f0
[  753.849258][T18655]  skb_clone+0x190/0x3f0
[  753.849284][T18655]  netlink_deliver_tap+0xabd/0xd30
[  753.849318][T18655]  netlink_unicast+0x702/0x850
[  753.849339][T18655]  ? __pfx_netlink_unicast+0x10/0x10
[  753.849355][T18655]  ? genl_rcv_msg+0x4bb/0x800
[  753.849383][T18655]  netlink_ack+0x696/0xb80
[  753.849408][T18655]  netlink_rcv_skb+0x332/0x420
[  753.849427][T18655]  ? __pfx_genl_rcv_msg+0x10/0x10
[  753.849448][T18655]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  753.849477][T18655]  ? netlink_deliver_tap+0x1ae/0xd30
[  753.849508][T18655]  genl_rcv+0x28/0x40
[  753.849526][T18655]  netlink_unicast+0x58d/0x850
[  753.849546][T18655]  ? __pfx_netlink_unicast+0x10/0x10
[  753.849572][T18655]  netlink_sendmsg+0x8d1/0xdd0
[  753.849594][T18655]  ? __pfx_netlink_sendmsg+0x10/0x10
[  753.849614][T18655]  ? __import_iovec+0x1dd/0x650
[  753.849637][T18655]  ____sys_sendmsg+0xa95/0xc70
[  753.849655][T18655]  ? buf_lo_after_commit+0x110/0x210
[  753.849677][T18655]  ? __pfx_____sys_sendmsg+0x10/0x10
[  753.849695][T18655]  ? get_compat_msghdr+0x11a/0x170
[  753.849732][T18655]  ___sys_sendmsg+0x134/0x1d0
[  753.849758][T18655]  ? __pfx____sys_sendmsg+0x10/0x10
[  753.849792][T18655]  ? find_held_lock+0x2b/0x80
[  753.849826][T18655]  __sys_sendmsg+0x16d/0x220
[  753.849852][T18655]  ? __pfx___sys_sendmsg+0x10/0x10
[  753.849887][T18655]  ? rcu_is_watching+0x12/0xc0
[  753.849910][T18655]  __do_fast_syscall_32+0x7c/0x3a0
[  753.849939][T18655]  do_fast_syscall_32+0x32/0x80
[  753.849964][T18655]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  753.849986][T18655] RIP: 0023:0xf7ff7579
[  753.850001][T18655] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  753.850018][T18655] RSP: 002b:00000000f511655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  753.850036][T18655] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800000c0
[  753.850048][T18655] RDX: 0000000004040140 RSI: 0000000000000000 RDI: 0000000000000000
[  753.850058][T18655] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  753.850069][T18655] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  753.850078][T18655] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  753.850102][T18655]  </TASK>
[  754.018616][T18658] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3482'.
[  754.241378][T17818] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  754.974749][T14020] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  755.140270][T18669] lo speed is unknown, defaulting to 1000
[  755.151325][   T40] audit: type=1326 audit(1752815332.887:228): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18668 comm="syz.0.3487" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf708e579 code=0x0
[  755.163667][T18671] netlink: 'syz.3.3486': attribute type 1 has an invalid length.
[  755.405330][T18675] bond2: (slave ip6gretap1): Enslaving as a backup interface with an up link
[  755.477508][   T13] bond2: Warning: No 802.3ad response from the link partner for any adapters in the bond
[  755.495531][T18671] 8021q: adding VLAN 0 to HW filter on device bond2
[  755.529345][T17031] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  755.579993][T18669] netlink: 88 bytes leftover after parsing attributes in process `syz.0.3487'.
[  755.847926][T17818] usb 5-1: new full-speed USB device number 35 using dummy_hcd
[  755.944900][T18671] bond2 (unregistering): (slave ip6gretap1): Removing an active aggregator
[  755.959052][T18671] bond2 (unregistering): (slave ip6gretap1): Releasing backup interface
[  755.987492][T18671] bond2 (unregistering): Released all slaves
[  756.027990][T17818] usb 5-1: device descriptor read/64, error -71
[  756.094497][T18693] netlink: 'syz.4.3491': attribute type 39 has an invalid length.
[  756.267878][T18695] netlink: 'syz.3.3492': attribute type 1 has an invalid length.
[  756.271308][T18695] netlink: 224 bytes leftover after parsing attributes in process `syz.3.3492'.
[  756.317954][T17818] usb 5-1: new full-speed USB device number 36 using dummy_hcd
[  756.448796][T17818] usb 5-1: device descriptor read/64, error -71
[  756.569593][T17818] usb usb5-port1: attempt power cycle
[  756.610082][T18701] input: syz1 as /devices/virtual/input/input17
[  756.830992][T18705] FAULT_INJECTION: forcing a failure.
[  756.830992][T18705] name failslab, interval 1, probability 0, space 0, times 0
[  756.849371][T18705] CPU: 0 UID: 0 PID: 18705 Comm: syz.3.3493 Not tainted 6.16.0-rc6-syzkaller-00121-g6832a9317eee #0 PREEMPT(full) 
[  756.849396][T18705] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  756.849408][T18705] Call Trace:
[  756.849415][T18705]  <TASK>
[  756.849423][T18705]  dump_stack_lvl+0x16c/0x1f0
[  756.849454][T18705]  should_fail_ex+0x512/0x640
[  756.849477][T18705]  ? fs_reclaim_acquire+0xae/0x150
[  756.849500][T18705]  should_failslab+0xc2/0x120
[  756.849518][T18705]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  756.849544][T18705]  ? __alloc_skb+0x2b2/0x380
[  756.849569][T18705]  __alloc_skb+0x2b2/0x380
[  756.849592][T18705]  ? __pfx___alloc_skb+0x10/0x10
[  756.849620][T18705]  ? netlink_has_listeners+0x20f/0x430
[  756.849652][T18705]  alloc_uevent_skb+0x7d/0x210
[  756.849673][T18705]  kobject_uevent_env+0xca4/0x1870
[  756.849699][T18705]  ? bus_to_subsys+0x131/0x160
[  756.849723][T18705]  device_del+0x623/0x9f0
[  756.849749][T18705]  ? __pfx_device_del+0x10/0x10
[  756.849773][T18705]  ? __pfx___might_resched+0x10/0x10
[  756.849793][T18705]  ? __pfx_input_leds_brightness_set+0x10/0x10
[  756.849819][T18705]  device_unregister+0x1d/0xc0
[  756.849842][T18705]  led_classdev_unregister+0x178/0x340
[  756.849866][T18705]  input_leds_disconnect+0xab/0x160
[  756.849889][T18705]  __input_unregister_device+0x1f8/0x470
[  756.849918][T18705]  input_unregister_device+0xb9/0x100
[  756.849943][T18705]  uinput_destroy_device+0x1f4/0x260
[  756.849967][T18705]  uinput_ioctl_handler.isra.0+0x8a9/0x1df0
[  756.849987][T18705]  ? __pfx_uinput_ioctl_handler.isra.0+0x10/0x10
[  756.850013][T18705]  ? find_held_lock+0x2b/0x80
[  756.850040][T18705]  ? fput+0x20/0xf0
[  756.850057][T18705]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  756.850085][T18705]  ? __pfx_uinput_compat_ioctl+0x10/0x10
[  756.850104][T18705]  __ia32_compat_sys_ioctl+0x242/0x370
[  756.850128][T18705]  __do_fast_syscall_32+0x7c/0x3a0
[  756.850156][T18705]  do_fast_syscall_32+0x32/0x80
[  756.850181][T18705]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  756.850202][T18705] RIP: 0023:0xf7ff7579
[  756.850224][T18705] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  756.850240][T18705] RSP: 002b:00000000f50d455c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  756.850257][T18705] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000005502
[  756.850268][T18705] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  756.850278][T18705] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  756.850289][T18705] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  756.850299][T18705] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  756.850323][T18705]  </TASK>
[  756.927843][T17818] usb 5-1: new full-speed USB device number 37 using dummy_hcd
[  757.292742][ T1325] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  757.321926][T17818] usb 5-1: device descriptor read/8, error -71
[  757.335419][T18703] lo speed is unknown, defaulting to 1000
[  757.568885][T17818] usb 5-1: new full-speed USB device number 38 using dummy_hcd
[  757.608153][T17818] usb 5-1: device descriptor read/8, error -71
[  757.762041][T17818] usb usb5-port1: unable to enumerate USB device
[  758.339609][T18722] program syz.0.3498 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  758.426283][T18725] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3498'.
[  758.911288][T18726] block nbd0: server does not support multiple connections per device.
[  758.915586][T18726] block nbd0: shutting down sockets
[  759.451424][   T13] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  759.457309][   T13] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  759.692488][T18737] siw: device registration error -23
[  759.697064][T18740] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3503'.
[  760.018774][ T1225] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  760.093211][T18750] siw: device registration error -23
[  760.328871][ T1325] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  760.746032][T18761] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(3)
[  760.760416][ T1225] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  760.772493][T18761] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  760.777083][T18761] vhci_hcd vhci_hcd.0: Device attached
[  761.018851][T18764] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3506'.
[  761.026269][T18764] netlink: 'syz.0.3506': attribute type 10 has an invalid length.
[  761.043875][ T6002] usb 37-1: new high-speed USB device number 9 using vhci_hcd
[  761.403843][T18775] lo speed is unknown, defaulting to 1000
[  761.448136][T18777] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3510'.
[  762.664967][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  762.924740][    C1] vkms_vblank_simulate: vblank timer overrun
[  763.312751][    C1] vkms_vblank_simulate: vblank timer overrun
[  763.361911][ T1325] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  763.413247][    C1] vkms_vblank_simulate: vblank timer overrun
[  763.717977][T18762] vhci_hcd: connection reset by peer
[  763.753817][T14020] vhci_hcd: stop threads
[  763.753846][T14020] vhci_hcd: release socket
[  763.753885][T14020] vhci_hcd: disconnect device
[  763.804320][T18801] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  763.805471][T18798] vxfs: WRONG superblock magic 00000000 at 1
[  763.827091][T18801] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  763.853370][    C1] vkms_vblank_simulate: vblank timer overrun
[  763.901327][T18798] vxfs: WRONG superblock magic 00000000 at 8
[  763.904283][T18798] vxfs: can't find superblock.
[  763.957449][    T9] usb 9-1: new high-speed USB device number 3 using dummy_hcd
[  764.028675][T13814] usb 5-1: new low-speed USB device number 39 using dummy_hcd
[  764.117472][    T9] usb 9-1: Using ep0 maxpacket: 32
[  764.122763][    T9] usb 9-1: config index 0 descriptor too short (expected 156, got 27)
[  764.126543][    T9] usb 9-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30
[  764.132015][    T9] usb 9-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7
[  764.148474][    T9] usb 9-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144
[  764.167874][    T9] usb 9-1: config 0 interface 0 has no altsetting 0
[  764.177845][    T9] usb 9-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  764.190167][    T9] usb 9-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  764.206149][    T9] usb 9-1: Product: syz
[  764.209328][T13814] usb 5-1: config 0 has an invalid interface number: 198 but max is 0
[  764.215072][T13814] usb 5-1: config 0 has no interface number 0
[  764.228815][    T9] usb 9-1: Manufacturer: syz
[  764.237771][    T9] usb 9-1: SerialNumber: syz
[  764.248045][T13814] usb 5-1: config 0 interface 198 altsetting 8 endpoint 0x4 has invalid maxpacket 64, setting to 8
[  764.279945][T13814] usb 5-1: config 0 interface 198 altsetting 8 endpoint 0x86 is Bulk; changing to Interrupt
[  764.284400][    T9] usb 9-1: config 0 descriptor??
[  764.312927][T13814] usb 5-1: config 0 interface 198 has no altsetting 0
[  764.315663][T13814] usb 5-1: New USB device found, idVendor=1b3d, idProduct=0138, bcdDevice=74.e6
[  764.343403][T13814] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  764.349180][T13814] usb 5-1: config 0 descriptor??
[  764.351771][T18800] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  764.355651][T18800] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  764.370427][    T9] ldusb 9-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  764.377740][    T9] ldusb 9-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  764.610640][T13814] usb 5-1: string descriptor 0 read error: -71
[  764.631715][T13814] ftdi_sio 5-1:0.198: FTDI USB Serial Device converter detected
[  764.639334][T13814] ftdi_sio ttyUSB0: unknown device type: 0x74e6
[  764.653129][T13814] usb 5-1: USB disconnect, device number 39
[  764.679208][T13814] ftdi_sio 5-1:0.198: device disconnected
[  764.680764][    C1] vkms_vblank_simulate: vblank timer overrun
[  764.715804][T18814] siw: device registration error -23
[  764.747187][    C1] vkms_vblank_simulate: vblank timer overrun
[  764.768072][   T10] usb 9-1: USB disconnect, device number 3
[  764.791985][   T10] ldusb 9-1:0.0: LD USB Device #0 now disconnected
[  764.816841][    C1] vkms_vblank_simulate: vblank timer overrun
[  765.112791][    C1] vkms_vblank_simulate: vblank timer overrun
[  765.208091][T17031] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  765.211626][T17031] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  765.544687][    C1] vkms_vblank_simulate: vblank timer overrun
[  765.581459][T18823] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3520'.
[  765.695248][T18823] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3520'.
[  765.850424][T17031] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  766.053197][T18832] xt_CT: You must specify a L4 protocol and not use inversions on it
[  766.157276][ T6002] vhci_hcd: vhci_device speed not set
[  766.184801][T18836] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  766.191764][T18836] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  766.209157][T18836] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  766.235875][T18836] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  766.270972][T18836] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  766.294372][    C1] vkms_vblank_simulate: vblank timer overrun
[  766.323978][T18836] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  766.328146][T18836] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  766.349968][T18833] xt_CT: You must specify a L4 protocol and not use inversions on it
[  766.563113][    C1] vkms_vblank_simulate: vblank timer overrun
[  766.599991][T18839] lo speed is unknown, defaulting to 1000
[  766.780902][T18850] FAULT_INJECTION: forcing a failure.
[  766.780902][T18850] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  766.804790][T18850] CPU: 2 UID: 0 PID: 18850 Comm: syz.0.3524 Not tainted 6.16.0-rc6-syzkaller-00121-g6832a9317eee #0 PREEMPT(full) 
[  766.804814][T18850] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  766.804824][T18850] Call Trace:
[  766.804830][T18850]  <TASK>
[  766.804837][T18850]  dump_stack_lvl+0x16c/0x1f0
[  766.804862][T18850]  should_fail_ex+0x512/0x640
[  766.804885][T18850]  strncpy_from_user+0x3b/0x2e0
[  766.804906][T18850]  bpf_prog_load+0x1aef/0x2490
[  766.804933][T18850]  ? __pfx_bpf_prog_load+0x10/0x10
[  766.804972][T18850]  __sys_bpf+0x433c/0x4d80
[  766.804986][T18850]  ? __pfx___sys_bpf+0x10/0x10
[  766.805002][T18850]  ? ksys_write+0x190/0x250
[  766.805033][T18850]  ? __mutex_unlock_slowpath+0x161/0x6a0
[  766.805073][T18850]  ? fput+0x70/0xf0
[  766.805094][T18850]  ? ksys_write+0x1ac/0x250
[  766.805119][T18850]  ? __pfx_ksys_write+0x10/0x10
[  766.805144][T18850]  __ia32_sys_bpf+0x76/0xe0
[  766.805162][T18850]  __do_fast_syscall_32+0x7c/0x3a0
[  766.805188][T18850]  do_fast_syscall_32+0x32/0x80
[  766.805213][T18850]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  766.805234][T18850] RIP: 0023:0xf708e579
[  766.805248][T18850] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  766.805262][T18850] RSP: 002b:00000000f505d55c EFLAGS: 00000296 ORIG_RAX: 0000000000000165
[  766.805278][T18850] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000080000140
[  766.805289][T18850] RDX: 000000000000003b RSI: 0000000000000000 RDI: 0000000000000000
[  766.805299][T18850] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  766.805308][T18850] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  766.805319][T18850] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  766.805342][T18850]  </TASK>
[  767.218043][T18857] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3526'.
[  767.245713][   T40] audit: type=1326 audit(1752815344.977:229): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18859 comm="syz.1.3527" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f07579 code=0x7ffc0000
[  767.268588][   T40] audit: type=1326 audit(1752815344.977:230): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18859 comm="syz.1.3527" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f07579 code=0x7ffc0000
[  767.308557][   T40] audit: type=1326 audit(1752815345.037:231): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18859 comm="syz.1.3527" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7f07579 code=0x7ffc0000
[  767.324850][T18864] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3526'.
[  767.339836][   T40] audit: type=1326 audit(1752815345.037:232): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18859 comm="syz.1.3527" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f07579 code=0x7ffc0000
[  767.339887][   T40] audit: type=1326 audit(1752815345.037:233): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18859 comm="syz.1.3527" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7f07579 code=0x7ffc0000
[  767.339926][   T40] audit: type=1326 audit(1752815345.037:234): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18859 comm="syz.1.3527" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f07579 code=0x7ffc0000
[  767.339965][   T40] audit: type=1326 audit(1752815345.037:235): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18859 comm="syz.1.3527" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7f07579 code=0x7ffc0000
[  767.340004][   T40] audit: type=1326 audit(1752815345.037:236): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18859 comm="syz.1.3527" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f07579 code=0x7ffc0000
[  767.340042][   T40] audit: type=1326 audit(1752815345.037:237): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18859 comm="syz.1.3527" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7f07579 code=0x7ffc0000
[  767.340081][   T40] audit: type=1326 audit(1752815345.037:238): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18859 comm="syz.1.3527" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f07579 code=0x7ffc0000
[  767.352770][    C1] vkms_vblank_simulate: vblank timer overrun
[  767.420821][    C1] vkms_vblank_simulate: vblank timer overrun
[  767.444775][    C1] vkms_vblank_simulate: vblank timer overrun
[  767.547341][    C1] vkms_vblank_simulate: vblank timer overrun
[  767.574070][T18873] netlink: 76 bytes leftover after parsing attributes in process `syz.1.3527'.
[  768.531227][    C1] vkms_vblank_simulate: vblank timer overrun
[  768.564654][    C1] vkms_vblank_simulate: vblank timer overrun
[  768.668729][    C1] vkms_vblank_simulate: vblank timer overrun
[  769.082407][T18879] xt_CT: You must specify a L4 protocol and not use inversions on it
[  769.346105][T18890] netlink: 'syz.3.3535': attribute type 1 has an invalid length.
[  769.370640][T18890] netlink: 224 bytes leftover after parsing attributes in process `syz.3.3535'.
[  769.526766][T18896] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  769.533673][T18896] batman_adv: batadv0: Removing interface: batadv_slave_0
[  769.573370][T18896] FAULT_INJECTION: forcing a failure.
[  769.573370][T18896] name failslab, interval 1, probability 0, space 0, times 0
[  769.582312][T18896] CPU: 0 UID: 0 PID: 18896 Comm: syz.4.3536 Not tainted 6.16.0-rc6-syzkaller-00121-g6832a9317eee #0 PREEMPT(full) 
[  769.582337][T18896] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  769.582347][T18896] Call Trace:
[  769.582353][T18896]  <TASK>
[  769.582360][T18896]  dump_stack_lvl+0x16c/0x1f0
[  769.582390][T18896]  should_fail_ex+0x512/0x640
[  769.582419][T18896]  should_failslab+0xc2/0x120
[  769.582437][T18896]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  769.582462][T18896]  ? __alloc_skb+0x2b2/0x380
[  769.582489][T18896]  __alloc_skb+0x2b2/0x380
[  769.582511][T18896]  ? __pfx___alloc_skb+0x10/0x10
[  769.582532][T18896]  ? lock_acquire+0x179/0x350
[  769.582555][T18896]  ? find_held_lock+0x2b/0x80
[  769.582580][T18896]  arp_create+0x1ef/0xa10
[  769.582606][T18896]  ? __pfx_arp_create+0x10/0x10
[  769.582627][T18896]  ? batadv_primary_if_get_selected+0x223/0x440
[  769.582653][T18896]  batadv_bla_send_claim+0x14f/0xbc0
[  769.582676][T18896]  ? __pfx_batadv_bla_send_claim+0x10/0x10
[  769.582696][T18896]  ? __local_bh_enable_ip+0xa4/0x120
[  769.582720][T18896]  batadv_bla_send_announce+0x12d/0x180
[  769.582736][T18896]  ? __pfx_batadv_bla_send_announce+0x10/0x10
[  769.582757][T18896]  ? batadv_bla_update_orig_address+0x47b/0x760
[  769.582779][T18896]  batadv_bla_update_orig_address+0x41b/0x760
[  769.582809][T18896]  batadv_primary_if_update_addr+0x272/0x370
[  769.582836][T18896]  batadv_primary_if_select+0x15b/0x3d0
[  769.582860][T18896]  batadv_hardif_disable_interface+0xb59/0xf20
[  769.582892][T18896]  ? __pfx_batadv_hardif_disable_interface+0x10/0x10
[  769.582926][T18896]  batadv_meshif_destroy_netlink+0xaf/0x180
[  769.582947][T18896]  rtnl_dellink+0x3ba/0xa80
[  769.582970][T18896]  ? __pfx_batadv_meshif_destroy_netlink+0x10/0x10
[  769.582987][T18896]  ? __dev_queue_xmit+0x7eb/0x43e0
[  769.583006][T18896]  ? netlink_deliver_tap+0xa87/0xd30
[  769.583030][T18896]  ? netlink_unicast+0x62f/0x850
[  769.583045][T18896]  ? netlink_sendmsg+0x8d1/0xdd0
[  769.583061][T18896]  ? __pfx_rtnl_dellink+0x10/0x10
[  769.583090][T18896]  ? __do_fast_syscall_32+0x7c/0x3a0
[  769.583165][T18896]  ? __lock_acquire+0x622/0x1c90
[  769.583191][T18896]  ? rcu_is_watching+0x12/0xc0
[  769.583210][T18896]  ? trace_cap_capable+0x18d/0x200
[  769.583234][T18896]  ? find_held_lock+0x2b/0x80
[  769.583249][T18896]  ? __pfx_rtnl_dellink+0x10/0x10
[  769.583272][T18896]  ? __pfx_rtnl_dellink+0x10/0x10
[  769.583294][T18896]  ? rtnetlink_rcv_msg+0x93a/0xe90
[  769.583343][T18896]  ? __pfx_rtnl_dellink+0x10/0x10
[  769.583367][T18896]  rtnetlink_rcv_msg+0x95e/0xe90
[  769.583395][T18896]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  769.583426][T18896]  ? ref_tracker_free+0x37c/0x830
[  769.583454][T18896]  netlink_rcv_skb+0x155/0x420
[  769.583472][T18896]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  769.583500][T18896]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  769.583527][T18896]  ? netlink_deliver_tap+0x1ae/0xd30
[  769.583559][T18896]  netlink_unicast+0x58d/0x850
[  769.583580][T18896]  ? __pfx_netlink_unicast+0x10/0x10
[  769.583606][T18896]  netlink_sendmsg+0x8d1/0xdd0
[  769.583628][T18896]  ? __pfx_netlink_sendmsg+0x10/0x10
[  769.583647][T18896]  ? __import_iovec+0x1dd/0x650
[  769.583667][T18896]  ____sys_sendmsg+0xa95/0xc70
[  769.583687][T18896]  ? __pfx_____sys_sendmsg+0x10/0x10
[  769.583704][T18896]  ? get_compat_msghdr+0x11a/0x170
[  769.583741][T18896]  ___sys_sendmsg+0x134/0x1d0
[  769.583768][T18896]  ? __pfx____sys_sendmsg+0x10/0x10
[  769.583803][T18896]  ? find_held_lock+0x2b/0x80
[  769.583835][T18896]  __sys_sendmsg+0x16d/0x220
[  769.583860][T18896]  ? __pfx___sys_sendmsg+0x10/0x10
[  769.583894][T18896]  ? rcu_is_watching+0x12/0xc0
[  769.583916][T18896]  __do_fast_syscall_32+0x7c/0x3a0
[  769.583943][T18896]  do_fast_syscall_32+0x32/0x80
[  769.583967][T18896]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  769.583988][T18896] RIP: 0023:0xf7ff6579
[  769.584003][T18896] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  769.584019][T18896] RSP: 002b:00000000f511655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  769.584036][T18896] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800001c0
[  769.584047][T18896] RDX: 0000000000000080 RSI: 0000000000000000 RDI: 0000000000000000
[  769.584057][T18896] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  769.584067][T18896] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  769.584076][T18896] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  769.584106][T18896]  </TASK>
[  769.584887][T18896] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  769.669692][T18903] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3538'.
[  769.676184][T18902] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(5)
[  769.919526][T18902] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  769.925022][T18896] batman_adv: batadv0: Removing interface: batadv_slave_1
[  769.931736][T18902] vhci_hcd vhci_hcd.0: Device attached
[  770.061099][T18902] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3539'.
[  770.177499][T13814] usb 43-1: new high-speed USB device number 7 using vhci_hcd
[  770.251436][T17031] net_ratelimit: 4 callbacks suppressed
[  770.251454][T17031] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  770.254045][T18912] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3538'.
[  770.314119][T18910] team0: No ports can be present during mode change
[  770.321245][T18902] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3539'.
[  770.890871][T18902] team0 (unregistering): Port device bond0 removed
[  770.967500][   T12] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  770.973190][   T12] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  771.527390][   T46] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  772.036268][T18922] loop6: detected capacity change from 0 to 524287999
[  772.498441][ T1325] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  772.744062][T18904] vhci_hcd: connection reset by peer
[  772.746708][   T12] vhci_hcd: stop threads
[  772.757340][   T12] vhci_hcd: release socket
[  772.762740][   T12] vhci_hcd: disconnect device
[  773.208969][ T6002] usb 8-1: new full-speed USB device number 40 using dummy_hcd
[  773.372880][ T6002] usb 8-1: device descriptor read/64, error -71
[  773.374254][T18929] siw: device registration error -23
[  773.478414][T18931] siw: device registration error -23
[  773.629243][ T6002] usb 8-1: new full-speed USB device number 41 using dummy_hcd
[  773.776858][ T6002] usb 8-1: device descriptor read/64, error -71
[  773.887486][ T6002] usb usb8-port1: attempt power cycle
[  774.266920][ T6002] usb 8-1: new full-speed USB device number 42 using dummy_hcd
[  774.292836][ T6002] usb 8-1: device descriptor read/8, error -71
[  774.337413][T18943] smc: net device bond0 applied user defined pnetid SYZ2
[  774.449956][T18945] netlink: 'syz.1.3546': attribute type 1 has an invalid length.
[  774.454314][T18945] netlink: 224 bytes leftover after parsing attributes in process `syz.1.3546'.
[  774.546978][ T6002] usb 8-1: new full-speed USB device number 43 using dummy_hcd
[  774.587409][ T6002] usb 8-1: device descriptor read/8, error -71
[  774.642989][T18951] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3548'.
[  774.697201][ T6002] usb usb8-port1: unable to enumerate USB device
[  774.762755][T18957] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3550'.
[  774.857959][T18960] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3550'.
[  774.862833][T18951] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer.
[  774.899723][T18951] netlink: 72 bytes leftover after parsing attributes in process `syz.1.3548'.
[  775.300373][T13814] vhci_hcd: vhci_device speed not set
[  775.457121][T17031] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  775.675598][ T6002] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  775.695537][T14020] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  775.703721][ T1325] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  775.716014][   T29] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  776.359290][T18982] netlink: 'syz.4.3558': attribute type 1 has an invalid length.
[  776.364875][T18982] netlink: 224 bytes leftover after parsing attributes in process `syz.4.3558'.
[  776.454508][T18983] siw: device registration error -23
[  776.718556][   T12] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  776.740964][   T46] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  776.745748][   T46] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  776.895344][T18994] siw: device registration error -23
[  777.224228][T19000] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3560'.
[  777.304714][T19003] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3560'.
[  777.525448][T19006] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3561'.
[  777.654773][T19008] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3562'.
[  778.422129][T19028] FAULT_INJECTION: forcing a failure.
[  778.422129][T19028] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  778.427312][T19028] CPU: 1 UID: 0 PID: 19028 Comm: syz.1.3566 Not tainted 6.16.0-rc6-syzkaller-00121-g6832a9317eee #0 PREEMPT(full) 
[  778.427333][T19028] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  778.427342][T19028] Call Trace:
[  778.427349][T19028]  <TASK>
[  778.427355][T19028]  dump_stack_lvl+0x16c/0x1f0
[  778.427381][T19028]  should_fail_ex+0x512/0x640
[  778.427404][T19028]  _copy_from_user+0x2e/0xd0
[  778.427426][T19028]  get_compat_msghdr+0xa7/0x170
[  778.427450][T19028]  ? __pfx_get_compat_msghdr+0x10/0x10
[  778.427473][T19028]  ? __lock_acquire+0x622/0x1c90
[  778.427496][T19028]  ___sys_recvmsg+0x191/0x1a0
[  778.427518][T19028]  ? __pfx____sys_recvmsg+0x10/0x10
[  778.427555][T19028]  __sys_recvmsg+0x16a/0x220
[  778.427575][T19028]  ? __pfx___sys_recvmsg+0x10/0x10
[  778.427609][T19028]  do_int80_emulation+0x104/0x460
[  778.427632][T19028]  asm_int80_emulation+0x1a/0x20
[  778.427646][T19028] RIP: 0023:0xf7f07579
[  778.427657][T19028] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  778.427670][T19028] RSP: 002b:00000000f4fe455c EFLAGS: 00000296 ORIG_RAX: 0000000000000174
[  778.427684][T19028] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000080000300
[  778.427698][T19028] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  778.427706][T19028] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  778.427715][T19028] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  778.427723][T19028] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  778.427743][T19028]  </TASK>
[  778.798635][ T6002] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  779.182692][T19038] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6)
[  779.185271][T19038] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  779.188303][T19038] vhci_hcd vhci_hcd.0: Device attached
[  779.696606][T19045] siw: device registration error -23
[  779.954288][   T34] usb 43-1: new high-speed USB device number 8 using vhci_hcd
[  780.447999][T19040] vhci_hcd: connection closed
[  780.466573][   T46] vhci_hcd: stop threads
[  780.471344][   T46] vhci_hcd: release socket
[  780.473518][   T46] vhci_hcd: disconnect device
[  780.629270][   T34] usb 43-1: enqueue for inactive port 0
[  780.696553][   T34] vhci_hcd: vhci_device speed not set
[  780.818704][T19056] siw: device registration error -23
[  780.933701][T19057] __nla_validate_parse: 1 callbacks suppressed
[  780.933718][T19057] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3568'.
[  780.996593][T19057] netlink: 'syz.1.3568': attribute type 5 has an invalid length.
[  781.026630][T19057] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3568'.
[  781.200093][T17031] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  781.243431][T19057] netdevsim netdevsim1 netdevsim0: set [1, 1] type 2 family 0 port 256 - 0
[  781.348717][T19057] netdevsim netdevsim1 netdevsim1: set [1, 1] type 2 family 0 port 256 - 0
[  781.352759][T19057] netdevsim netdevsim1 netdevsim2: set [1, 1] type 2 family 0 port 256 - 0
[  781.356689][T19057] netdevsim netdevsim1 netdevsim3: set [1, 1] type 2 family 0 port 256 - 0
[  781.373086][T19069] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3574'.
[  781.375569][T19057] geneve2: entered promiscuous mode
[  781.383518][T19057] geneve2: entered allmulticast mode
[  781.518763][T19072] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3574'.
[  781.868848][ T6002] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  781.873022][T14020] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  782.488175][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  782.504648][T14020] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  782.518421][T14020] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  782.667886][T19084] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3578'.
[  782.779413][T19084] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3578'.
[  782.786254][T19086] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3577'.
[  783.210066][T19083] Cannot find del_set index 3 as target
[  783.407143][T19093] siw: device registration error -23
[  784.478292][T19109] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(3)
[  784.487579][T19109] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  784.492298][T19109] vhci_hcd vhci_hcd.0: Device attached
[  784.498460][T19110] usbip_core: unknown command
[  784.501289][T19110] vhci_hcd: unknown pdu 0
[  784.504548][T19110] usbip_core: unknown command
[  784.518544][   T46] vhci_hcd: stop threads
[  784.525779][   T46] vhci_hcd: release socket
[  784.533131][   T46] vhci_hcd: disconnect device
[  784.580963][T19114] netlink: 'syz.3.3583': attribute type 10 has an invalid length.
[  784.886497][   T53] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  785.526003][T19121] FAULT_INJECTION: forcing a failure.
[  785.526003][T19121] name failslab, interval 1, probability 0, space 0, times 0
[  785.547799][T19121] CPU: 2 UID: 0 PID: 19121 Comm: syz.4.3585 Not tainted 6.16.0-rc6-syzkaller-00121-g6832a9317eee #0 PREEMPT(full) 
[  785.547826][T19121] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  785.547837][T19121] Call Trace:
[  785.547843][T19121]  <TASK>
[  785.547849][T19121]  dump_stack_lvl+0x16c/0x1f0
[  785.547879][T19121]  should_fail_ex+0x512/0x640
[  785.547902][T19121]  ? __kmalloc_cache_noprof+0x57/0x3e0
[  785.547926][T19121]  should_failslab+0xc2/0x120
[  785.547949][T19121]  __kmalloc_cache_noprof+0x6a/0x3e0
[  785.547970][T19121]  ? alloc_bprm+0x86/0x6f0
[  785.547995][T19121]  alloc_bprm+0x86/0x6f0
[  785.548018][T19121]  do_execveat_common.isra.0+0x1ce/0x610
[  785.548226][T19121]  __ia32_compat_sys_execve+0x92/0xc0
[  785.548252][T19121]  __do_fast_syscall_32+0x7c/0x3a0
[  785.548280][T19121]  do_fast_syscall_32+0x32/0x80
[  785.548303][T19121]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  785.548340][T19121] RIP: 0023:0xf7ff6579
[  785.548354][T19121] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  785.548370][T19121] RSP: 002b:00000000f511655c EFLAGS: 00000296 ORIG_RAX: 000000000000000b
[  785.548387][T19121] RAX: ffffffffffffffda RBX: 00000000800000c0 RCX: 0000000000000000
[  785.548397][T19121] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  785.548407][T19121] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  785.548417][T19121] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  785.548445][T19121] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  785.548469][T19121]  </TASK>
[  785.771247][T19123] netlink: 'syz.1.3584': attribute type 1 has an invalid length.
[  785.849742][T19134] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3590'.
[  785.936533][T19136] netlink: 'syz.0.3589': attribute type 1 has an invalid length.
[  785.939979][T19136] netlink: 224 bytes leftover after parsing attributes in process `syz.0.3589'.
[  786.017292][T19138] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3590'.
[  786.247110][T14020] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  786.355676][T19151] siw: device registration error -23
[  786.926774][T19156] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(3)
[  786.931614][T19156] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  786.950055][T19156] vhci_hcd vhci_hcd.0: Device attached
[  786.957446][T19157] usbip_core: unknown command
[  786.959520][T19157] vhci_hcd: unknown pdu 0
[  786.961360][T19157] usbip_core: unknown command
[  786.963655][ T1225] vhci_hcd: stop threads
[  786.974260][ T1225] vhci_hcd: release socket
[  786.976181][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  786.978298][ T1225] vhci_hcd: disconnect device
[  787.093518][T19160] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3594'.
[  787.218909][T19156] netlink: 'syz.3.3594': attribute type 10 has an invalid length.
[  787.256715][T19166] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(3)
[  787.260166][T19166] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  787.267500][T19166] vhci_hcd vhci_hcd.0: Device attached
[  787.275068][T19167] usbip_core: unknown command
[  787.279597][T19167] vhci_hcd: unknown pdu 0
[  787.282294][T19167] usbip_core: unknown command
[  787.292892][   T46] vhci_hcd: stop threads
[  787.295295][   T46] vhci_hcd: release socket
[  787.297713][   T46] vhci_hcd: disconnect device
[  787.318324][T19166] netlink: 'syz.0.3595': attribute type 10 has an invalid length.
[  787.420503][T19171] FAULT_INJECTION: forcing a failure.
[  787.420503][T19171] name failslab, interval 1, probability 0, space 0, times 0
[  787.425821][T19171] CPU: 1 UID: 0 PID: 19171 Comm: syz.1.3596 Not tainted 6.16.0-rc6-syzkaller-00121-g6832a9317eee #0 PREEMPT(full) 
[  787.425847][T19171] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  787.425859][T19171] Call Trace:
[  787.425868][T19171]  <TASK>
[  787.425876][T19171]  dump_stack_lvl+0x16c/0x1f0
[  787.427697][T19171]  should_fail_ex+0x512/0x640
[  787.427728][T19171]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[  787.427755][T19171]  should_failslab+0xc2/0x120
[  787.427771][T19171]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  787.427795][T19171]  ? __alloc_skb+0x2b2/0x380
[  787.427822][T19171]  __alloc_skb+0x2b2/0x380
[  787.427847][T19171]  ? __pfx___alloc_skb+0x10/0x10
[  787.427868][T19171]  ? __pfx___mutex_trylock_common+0x10/0x10
[  787.427900][T19171]  ? rcu_is_watching+0x12/0xc0
[  787.427924][T19171]  netlink_dump+0x192/0xd00
[  787.427942][T19171]  ? __rhashtable_lookup.constprop.0+0x3a5/0x760
[  787.427964][T19171]  ? __pfx_netlink_dump+0x10/0x10
[  787.428000][T19171]  __netlink_dump_start+0x6d6/0x990
[  787.428023][T19171]  ? __pfx_neigh_dump_info+0x10/0x10
[  787.428042][T19171]  rtnetlink_rcv_msg+0xb3e/0xe90
[  787.428070][T19171]  ? __pfx_neigh_dump_info+0x10/0x10
[  787.428091][T19171]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  787.428120][T19171]  ? __pfx_neigh_dump_info+0x10/0x10
[  787.428144][T19171]  ? ref_tracker_free+0x37c/0x830
[  787.428176][T19171]  netlink_rcv_skb+0x155/0x420
[  787.428196][T19171]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  787.428227][T19171]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  787.428255][T19171]  ? netlink_deliver_tap+0x1ae/0xd30
[  787.428289][T19171]  netlink_unicast+0x58d/0x850
[  787.428312][T19171]  ? __pfx_netlink_unicast+0x10/0x10
[  787.428338][T19171]  netlink_sendmsg+0x8d1/0xdd0
[  787.428360][T19171]  ? __pfx_netlink_sendmsg+0x10/0x10
[  787.428381][T19171]  ? __import_iovec+0x1dd/0x650
[  787.428405][T19171]  ____sys_sendmsg+0xa95/0xc70
[  787.428450][T19171]  ? __pfx_____sys_sendmsg+0x10/0x10
[  787.428469][T19171]  ? get_compat_msghdr+0x11a/0x170
[  787.428672][T19171]  ___sys_sendmsg+0x134/0x1d0
[  787.428699][T19171]  ? __pfx____sys_sendmsg+0x10/0x10
[  787.428736][T19171]  ? find_held_lock+0x2b/0x80
[  787.428771][T19171]  __sys_sendmsg+0x16d/0x220
[  787.428797][T19171]  ? __pfx___sys_sendmsg+0x10/0x10
[  787.428834][T19171]  ? rcu_is_watching+0x12/0xc0
[  787.428856][T19171]  __do_fast_syscall_32+0x7c/0x3a0
[  787.428885][T19171]  do_fast_syscall_32+0x32/0x80
[  787.428912][T19171]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  787.428934][T19171] RIP: 0023:0xf7f07579
[  787.428949][T19171] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  787.428964][T19171] RSP: 002b:00000000f502655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  787.428979][T19171] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 00000000800009c0
[  787.428988][T19171] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  787.428996][T19171] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  787.429003][T19171] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  787.429011][T19171] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  787.429033][T19171]  </TASK>
[  787.597353][   T46] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  787.816896][   T46] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  787.929862][ T6002] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  788.253402][T19174] 9pnet: Could not find request transport: od
[  788.257691][   T12] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  788.455235][T19171] Invalid source name
[  788.470172][T19171] UBIFS error (pid: 19171): cannot open "./file0", error -22
[  788.589139][   T40] kauditd_printk_skb: 21 callbacks suppressed
[  788.589157][   T40] audit: type=1804 audit(1752815366.299:260): pid=19183 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.3600" name="/newroot/125/bus" dev="tmpfs" ino=678 res=1 errno=0
[  788.628542][T19185] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3601'.
[  789.702540][T19203] lo speed is unknown, defaulting to 1000
[  789.712009][T19205] siw: device registration error -23
[  789.812797][T19213] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3605'.
[  789.937616][T19213] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3605'.
[  790.040901][T19219] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(3)
[  790.043737][T19219] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  790.047693][T19219] vhci_hcd vhci_hcd.0: Device attached
[  790.052625][T19220] usbip_core: unknown command
[  790.054652][T19220] vhci_hcd: unknown pdu 0
[  790.057493][T19220] usbip_core: unknown command
[  790.082024][T17031] vhci_hcd: stop threads
[  790.110283][T17031] vhci_hcd: release socket
[  790.112249][T17031] vhci_hcd: disconnect device
[  790.158909][T19225] netlink: 'syz.3.3606': attribute type 10 has an invalid length.
[  790.981372][ T6002] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  791.377538][T19234] xt_CT: You must specify a L4 protocol and not use inversions on it
[  792.076917][   T12] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  792.595101][T19262] FAULT_INJECTION: forcing a failure.
[  792.595101][T19262] name failslab, interval 1, probability 0, space 0, times 0
[  792.618504][T19262] CPU: 1 UID: 0 PID: 19262 Comm: syz.4.3614 Not tainted 6.16.0-rc6-syzkaller-00121-g6832a9317eee #0 PREEMPT(full) 
[  792.618529][T19262] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  792.618541][T19262] Call Trace:
[  792.618547][T19262]  <TASK>
[  792.618555][T19262]  dump_stack_lvl+0x16c/0x1f0
[  792.618585][T19262]  should_fail_ex+0x512/0x640
[  792.618609][T19262]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[  792.618646][T19262]  should_failslab+0xc2/0x120
[  792.618664][T19262]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  792.618691][T19262]  ? security_file_alloc+0x34/0x2b0
[  792.618717][T19262]  security_file_alloc+0x34/0x2b0
[  792.618739][T19262]  init_file+0x93/0x4c0
[  792.618759][T19262]  alloc_empty_file+0x73/0x1e0
[  792.618779][T19262]  path_openat+0xda/0x2cb0
[  792.618800][T19262]  ? do_fast_syscall_32+0x32/0x80
[  792.618824][T19262]  ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  792.618853][T19262]  ? __pfx_path_openat+0x10/0x10
[  792.618883][T19262]  do_filp_open+0x20b/0x470
[  792.618908][T19262]  ? __pfx_do_filp_open+0x10/0x10
[  792.618947][T19262]  ? _raw_spin_unlock+0x28/0x50
[  792.618969][T19262]  ? alloc_fd+0x471/0x7d0
[  792.618997][T19262]  do_sys_openat2+0x11b/0x1d0
[  792.619016][T19262]  ? __pfx_do_sys_openat2+0x10/0x10
[  792.619036][T19262]  ? __pfx___schedule+0x10/0x10
[  792.619058][T19262]  ? __fget_files+0x20e/0x3c0
[  792.619085][T19262]  __ia32_compat_sys_openat+0x16d/0x210
[  792.619105][T19262]  ? __pfx___ia32_compat_sys_openat+0x10/0x10
[  792.619125][T19262]  ? ksys_write+0x1ac/0x250
[  792.619152][T19262]  ? rcu_is_watching+0x12/0xc0
[  792.619174][T19262]  __do_fast_syscall_32+0x7c/0x3a0
[  792.619201][T19262]  do_fast_syscall_32+0x32/0x80
[  792.619226][T19262]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  792.619246][T19262] RIP: 0023:0xf7ff6579
[  792.619262][T19262] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  792.619279][T19262] RSP: 002b:00000000f50d4100 EFLAGS: 00000293 ORIG_RAX: 0000000000000127
[  792.619298][T19262] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 00000000f50d4150
[  792.619309][T19262] RDX: 0000000000000002 RSI: 0000000000000000 RDI: 00000000f7484ff4
[  792.619320][T19262] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000
[  792.619330][T19262] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  792.619340][T19262] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  792.619363][T19262]  </TASK>
[  793.144168][T19265] FAULT_INJECTION: forcing a failure.
[  793.144168][T19265] name failslab, interval 1, probability 0, space 0, times 0
[  793.211412][T19265] CPU: 2 UID: 0 PID: 19265 Comm: syz.1.3616 Not tainted 6.16.0-rc6-syzkaller-00121-g6832a9317eee #0 PREEMPT(full) 
[  793.211442][T19265] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  793.211453][T19265] Call Trace:
[  793.211460][T19265]  <TASK>
[  793.211468][T19265]  dump_stack_lvl+0x16c/0x1f0
[  793.211499][T19265]  should_fail_ex+0x512/0x640
[  793.211529][T19265]  should_failslab+0xc2/0x120
[  793.211547][T19265]  __kmalloc_cache_noprof+0x6a/0x3e0
[  793.211571][T19265]  ? __sctp_v6_cmp_addr+0x206/0x530
[  793.211587][T19265]  ? sctp_add_bind_addr+0xae/0x3f0
[  793.211623][T19265]  sctp_add_bind_addr+0xae/0x3f0
[  793.211650][T19265]  sctp_copy_local_addr_list+0x39d/0x5a0
[  793.211671][T19265]  ? __pfx_sctp_copy_local_addr_list+0x10/0x10
[  793.211692][T19265]  ? sctp_auth_asoc_copy_shkeys+0x2a5/0x360
[  793.211715][T19265]  ? sctp_bind_addr_copy+0xe0/0x530
[  793.211739][T19265]  sctp_bind_addr_copy+0xe0/0x530
[  793.211768][T19265]  sctp_connect_new_asoc+0x1d7/0x790
[  793.211791][T19265]  ? __pfx_sctp_connect_new_asoc+0x10/0x10
[  793.211817][T19265]  ? bpf_lsm_sctp_bind_connect+0x9/0x10
[  793.211838][T19265]  sctp_sendmsg+0x15f9/0x1ee0
[  793.211865][T19265]  ? __pfx_sctp_sendmsg+0x10/0x10
[  793.211886][T19265]  ? __pfx___might_resched+0x10/0x10
[  793.211914][T19265]  ? find_held_lock+0x2b/0x80
[  793.211934][T19265]  ? __pfx_aa_sk_perm+0x10/0x10
[  793.211957][T19265]  ? __import_iovec+0x1dd/0x650
[  793.211972][T19265]  ? __pfx_sctp_sendmsg+0x10/0x10
[  793.211994][T19265]  inet_sendmsg+0x119/0x140
[  793.212019][T19265]  ____sys_sendmsg+0x973/0xc70
[  793.212040][T19265]  ? __pfx_____sys_sendmsg+0x10/0x10
[  793.212058][T19265]  ? get_compat_msghdr+0x11a/0x170
[  793.212087][T19265]  ? __pfx__kstrtoull+0x10/0x10
[  793.212111][T19265]  ___sys_sendmsg+0x134/0x1d0
[  793.212138][T19265]  ? __pfx____sys_sendmsg+0x10/0x10
[  793.212159][T19265]  ? __lock_acquire+0x622/0x1c90
[  793.212214][T19265]  __sys_sendmmsg+0x2f9/0x420
[  793.212243][T19265]  ? __pfx___sys_sendmmsg+0x10/0x10
[  793.212276][T19265]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  793.212312][T19265]  ? fput+0x70/0xf0
[  793.212331][T19265]  ? ksys_write+0x1ac/0x250
[  793.212353][T19265]  ? __pfx_ksys_write+0x10/0x10
[  793.212414][T19265]  __ia32_compat_sys_sendmmsg+0x9d/0x100
[  793.212442][T19265]  ? syscall_enter_from_user_mode_prepare+0x68/0xe0
[  793.212469][T19265]  __do_fast_syscall_32+0x7c/0x3a0
[  793.212497][T19265]  do_fast_syscall_32+0x32/0x80
[  793.212523][T19265]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  793.212545][T19265] RIP: 0023:0xf7f07579
[  793.212560][T19265] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  793.212578][T19265] RSP: 002b:00000000f502655c EFLAGS: 00000296 ORIG_RAX: 0000000000000159
[  793.212596][T19265] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000080
[  793.212614][T19265] RDX: 0000000000000001 RSI: 00000000000005dc RDI: 0000000000000000
[  793.212624][T19265] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  793.212634][T19265] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  793.212644][T19265] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  793.212667][T19265]  </TASK>
[  793.368448][T14020] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  793.494411][T19267] xt_ipcomp: unknown flags 12
[  793.497026][T14020] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  794.016501][T14020] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  794.047529][ T6002] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  794.759632][T19285] netlink: 14 bytes leftover after parsing attributes in process `syz.0.3621'.
[  795.577671][T19285] team0: Port device bond0 removed
[  795.607542][T19285] smc: removing net device bond0 with user defined pnetid SYZ2
[  795.699387][T19285] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  795.806954][T19285] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  795.852906][T19285] bond0 (unregistering): (slave syz_tun): Releasing backup interface
[  795.928807][T19285] bond0 (unregistering): Released all slaves
[  796.141931][T19302] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3624'.
[  796.146994][T19302] openvswitch: netlink: nsh attribute has 65532 unknown bytes.
[  796.150440][T19302] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  796.440794][T19305] FAULT_INJECTION: forcing a failure.
[  796.440794][T19305] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  796.450242][T19305] CPU: 3 UID: 0 PID: 19305 Comm: syz.0.3625 Not tainted 6.16.0-rc6-syzkaller-00121-g6832a9317eee #0 PREEMPT(full) 
[  796.450270][T19305] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  796.450282][T19305] Call Trace:
[  796.450288][T19305]  <TASK>
[  796.450295][T19305]  dump_stack_lvl+0x16c/0x1f0
[  796.450326][T19305]  should_fail_ex+0x512/0x640
[  796.450353][T19305]  _copy_to_user+0x32/0xd0
[  796.450382][T19305]  bpf_test_finish.isra.0+0x570/0x6e0
[  796.450415][T19305]  ? __pfx_bpf_test_finish.isra.0+0x10/0x10
[  796.450447][T19305]  ? __asan_memset+0x23/0x50
[  796.450479][T19305]  bpf_prog_test_run_skb+0x1368/0x2280
[  796.450508][T19305]  ? __pfx_bpf_prog_test_run_skb+0x10/0x10
[  796.450526][T19305]  ? fput+0x70/0xf0
[  796.450546][T19305]  ? __pfx_bpf_prog_test_run_skb+0x10/0x10
[  796.450563][T19305]  __sys_bpf+0x1488/0x4d80
[  796.450583][T19305]  ? __pfx___sys_bpf+0x10/0x10
[  796.450599][T19305]  ? ksys_write+0x190/0x250
[  796.450625][T19305]  ? __mutex_unlock_slowpath+0x161/0x6a0
[  796.450664][T19305]  ? fput+0x70/0xf0
[  796.450679][T19305]  ? ksys_write+0x1ac/0x250
[  796.450700][T19305]  ? __pfx_ksys_write+0x10/0x10
[  796.450727][T19305]  __ia32_sys_bpf+0x76/0xe0
[  796.450744][T19305]  __do_fast_syscall_32+0x7c/0x3a0
[  796.450773][T19305]  do_fast_syscall_32+0x32/0x80
[  796.450798][T19305]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  796.450819][T19305] RIP: 0023:0xf708e579
[  796.450854][T19305] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  796.450870][T19305] RSP: 002b:00000000f507e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000165
[  796.450894][T19305] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 00000000800003c0
[  796.450904][T19305] RDX: 0000000000000050 RSI: 0000000000000000 RDI: 0000000000000000
[  796.450915][T19305] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  796.450925][T19305] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  796.450935][T19305] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  796.450959][T19305]  </TASK>
[  796.561925][T19307] netlink: 'syz.3.3626': attribute type 1 has an invalid length.
[  796.592952][T19307] netlink: 224 bytes leftover after parsing attributes in process `syz.3.3626'.
[  797.132565][ T1325] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  797.147765][T19316] overlayfs: conflicting options: userxattr,redirect_dir=on
[  797.163638][T19317] netlink: 16402 bytes leftover after parsing attributes in process `syz.0.3627'.
[  797.171598][T19313] netlink: 16402 bytes leftover after parsing attributes in process `syz.0.3627'.
[  797.580912][T19324] netlink: 'syz.4.3632': attribute type 1 has an invalid length.
[  797.596671][T19324] netlink: 224 bytes leftover after parsing attributes in process `syz.4.3632'.
[  797.926925][T19335] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3635'.
[  798.011591][T19330] lo speed is unknown, defaulting to 1000
[  798.032463][T19335] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3635'.
[  798.058453][T19341] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3636'.
[  798.246703][T19338] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3636'.
[  798.588810][   T46] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  798.663796][T14020] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  799.147061][T14020] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  799.524378][    C0] ==================================================================
[  799.528050][    C0] BUG: KASAN: slab-use-after-free in _raw_spin_lock_irqsave+0x3a/0x60
[  799.534303][    C0] Read of size 1 at addr ffff8880603d8418 by task syz.1.3639/19363
[  799.548572][    C0] 
[  799.549487][    C0] CPU: 0 UID: 0 PID: 19363 Comm: syz.1.3639 Not tainted 6.16.0-rc6-syzkaller-00121-g6832a9317eee #0 PREEMPT(full) 
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  799.549507][    C0] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  799.549516][    C0] Call Trace:
[  799.549523][    C0]  <IRQ>
[  799.549531][    C0]  dump_stack_lvl+0x116/0x1f0
[  799.549556][    C0]  print_report+0xcd/0x610
[  799.549570][    C0]  ? __virt_addr_valid+0x81/0x610
[  799.549589][    C0]  ? __phys_addr+0xe8/0x180
[  799.549607][    C0]  ? _raw_spin_lock_irqsave+0x3a/0x60
[  799.549625][    C0]  kasan_report+0xe0/0x110
[  799.549639][    C0]  ? _raw_spin_lock_irqsave+0x3a/0x60
[  799.549660][    C0]  ? _raw_spin_lock_irqsave+0x3a/0x60
[  799.549679][    C0]  __kasan_check_byte+0x36/0x50
[  799.549694][    C0]  lock_acquire+0xfc/0x350
[  799.549716][    C0]  ? do_raw_spin_unlock+0x53/0x230
[  799.549729][    C0]  ? .slowpath+0x9/0x18
[  799.549756][    C0]  _raw_spin_lock_irqsave+0x3a/0x60
[  799.549778][    C0]  ? p9_req_put+0xaf/0x250
[  799.549799][    C0]  p9_req_put+0xaf/0x250
[  799.549819][    C0]  req_done+0x1dc/0x2e0
[  799.549841][    C0]  ? __pfx_req_done+0x10/0x10
[  799.549861][    C0]  ? __pfx_req_done+0x10/0x10
[  799.549882][    C0]  vring_interrupt+0x31e/0x400
[  799.549903][    C0]  ? __pfx_vring_interrupt+0x10/0x10
[  799.549923][    C0]  __handle_irq_event_percpu+0x22c/0x7d0
[  799.549943][    C0]  handle_irq_event+0xab/0x1e0
[  799.549960][    C0]  handle_edge_irq+0x28e/0xab0
[  799.549979][    C0]  __common_interrupt+0xe2/0x250
[  799.549999][    C0]  common_interrupt+0xba/0xe0
[  799.550017][    C0]  </IRQ>
[  799.550023][    C0]  <TASK>
[  799.550030][    C0]  asm_common_interrupt+0x26/0x40
[  799.550046][    C0] RIP: 0010:_raw_spin_unlock_irqrestore+0x31/0x80
[  799.550067][    C0] Code: f5 53 48 8b 74 24 10 48 89 fb 48 83 c7 18 e8 36 d6 10 f6 48 89 df e8 1e 2a 11 f6 f7 c5 00 02 00 00 75 23 9c 58 f6 c4 02 75 37 <bf> 01 00 00 00 e8 45 4c 01 f6 65 8b 05 9e c9 48 08 85 c0 74 16 5b
[  799.550082][    C0] RSP: 0018:ffffc90002f878f8 EFLAGS: 00000246
[  799.550097][    C0] RAX: 0000000000000006 RBX: ffffffff9afba630 RCX: ffffffff81c32d0f
[  799.550107][    C0] RDX: 0000000000000000 RSI: ffffffff8de2d10c RDI: ffffffff8c157960
[  799.550116][    C0] RBP: 0000000000000206 R08: 0000000000000001 R09: 0000000000000001
[  799.550124][    C0] R10: ffffffff90a9a657 R11: 0000000000000001 R12: 1ffff920005f0f26
[  799.550134][    C0] R13: ffffc90002f87a58 R14: 0000000000000000 R15: ffffffff9afba630
[  799.550149][    C0]  ? trace_irq_enable.constprop.0+0x2f/0x120
[  799.550177][    C0]  __debug_object_init+0x2de/0x3d0
[  799.550199][    C0]  ? __pfx___debug_object_init+0x10/0x10
[  799.550221][    C0]  ? __pfx_process_timeout+0x10/0x10
[  799.550238][    C0]  timer_init_key_on_stack+0x2e/0x120
[  799.550261][    C0]  schedule_timeout+0x111/0x290
[  799.550278][    C0]  ? __pfx_schedule_timeout+0x10/0x10
[  799.550301][    C0]  ? rcu_is_watching+0x12/0xc0
[  799.550318][    C0]  ? _raw_spin_unlock_irq+0x23/0x50
[  799.550337][    C0]  snd_rawmidi_write+0x496/0xc10
[  799.550361][    C0]  ? __pfx_snd_rawmidi_write+0x10/0x10
[  799.550380][    C0]  ? __pfx_default_wake_function+0x10/0x10
[  799.550398][    C0]  ? bpf_lsm_file_permission+0x9/0x10
[  799.550416][    C0]  ? security_file_permission+0x71/0x210
[  799.550436][    C0]  ? rw_verify_area+0xcf/0x680
[  799.550462][    C0]  ? __pfx_snd_rawmidi_write+0x10/0x10
[  799.550479][    C0]  vfs_writev+0x5df/0xde0
[  799.550501][    C0]  ? __pfx_vfs_writev+0x10/0x10
[  799.550521][    C0]  ? kmem_cache_free+0x2d1/0x4d0
[  799.550550][    C0]  ? __fget_files+0x20e/0x3c0
[  799.550572][    C0]  ? do_writev+0x28c/0x340
[  799.550591][    C0]  do_writev+0x28c/0x340
[  799.550609][    C0]  ? __pfx_do_writev+0x10/0x10
[  799.550630][    C0]  ? rcu_is_watching+0x12/0xc0
[  799.550648][    C0]  __do_fast_syscall_32+0x7c/0x3a0
[  799.550672][    C0]  do_fast_syscall_32+0x32/0x80
[  799.550693][    C0]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  799.550713][    C0] RIP: 0023:0xf7f07579
[  799.550727][    C0] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  799.550747][    C0] RSP: 002b:00000000f500555c EFLAGS: 00000296 ORIG_RAX: 0000000000000092
[  799.550761][    C0] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000080000840
[  799.550770][    C0] RDX: 0000000000000002 RSI: 0000000000000000 RDI: 0000000000000000
[  799.550783][    C0] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  799.550793][    C0] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  799.550803][    C0] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  799.550818][    C0]  </TASK>
[  799.550824][    C0] 
[  799.942108][    C0] Allocated by task 19370:
[  799.944954][    C0]  kasan_save_stack+0x33/0x60
[  799.948457][    C0]  kasan_save_track+0x14/0x30
[  799.951666][    C0]  __kasan_kmalloc+0xaa/0xb0
[  799.954837][    C0]  p9_client_create+0xc7/0x11c0
[  799.958187][    C0]  v9fs_session_init+0x1f7/0x1a80
[  799.971455][    C0]  v9fs_mount+0xc5/0xa30
[  799.974442][    C0]  legacy_get_tree+0x109/0x220
[  799.977361][    C0]  vfs_get_tree+0x8e/0x340
[  799.979420][    C0]  path_mount+0x1414/0x2020
[  799.981865][    C0]  __ia32_sys_mount+0x28b/0x310
[  799.984677][    C0]  __do_fast_syscall_32+0x7c/0x3a0
[  799.988637][    C0]  do_fast_syscall_32+0x32/0x80
[  799.990932][    C0]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  799.994424][    C0] 
[  799.996357][    C0] Freed by task 19370:
[  799.998378][    C0]  kasan_save_stack+0x33/0x60
[  800.000449][    C0]  kasan_save_track+0x14/0x30
[  800.003418][    C0]  kasan_save_free_info+0x3b/0x60
[  800.006425][    C0]  __kasan_slab_free+0x51/0x70
[  800.009602][    C0]  kfree+0x2b4/0x4d0
[  800.012253][    C0]  p9_client_create+0xa28/0x11c0
[  800.015646][    C0]  v9fs_session_init+0x1f7/0x1a80
[  800.018534][    C0]  v9fs_mount+0xc5/0xa30
[  800.020713][    C0]  legacy_get_tree+0x109/0x220
[  800.023961][    C0]  vfs_get_tree+0x8e/0x340
[  800.028338][    C0]  path_mount+0x1414/0x2020
[  800.031283][    C0]  __ia32_sys_mount+0x28b/0x310
[  800.034592][    C0]  __do_fast_syscall_32+0x7c/0x3a0
[  800.039201][    C0]  do_fast_syscall_32+0x32/0x80
[  800.042470][    C0]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  800.046309][    C0] 
[  800.047905][    C0] The buggy address belongs to the object at ffff8880603d8400
[  800.047905][    C0]  which belongs to the cache kmalloc-512 of size 512
[  800.056810][    C0] The buggy address is located 24 bytes inside of
[  800.056810][    C0]  freed 512-byte region [ffff8880603d8400, ffff8880603d8600)
[  800.065216][    C0] 
[  800.066840][    C0] The buggy address belongs to the physical page:
[  800.070863][    C0] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x603d8
[  800.074476][    C0] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  800.078599][    C0] flags: 0x4fff00000000040(head|node=1|zone=1|lastcpupid=0x7ff)
[  800.083459][    C0] page_type: f5(slab)
[  800.086044][    C0] raw: 04fff00000000040 ffff88801b842c80 dead000000000100 dead000000000122
[  800.091650][    C0] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  800.097199][    C0] head: 04fff00000000040 ffff88801b842c80 dead000000000100 dead000000000122
[  800.102461][    C0] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  800.106272][    C0] head: 04fff00000000002 ffffea000180f601 00000000ffffffff 00000000ffffffff
[  800.113410][    C0] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[  800.117361][    C0] page dumped because: kasan: bad access detected
[  800.120224][    C0] page_owner tracks the page as allocated
[  800.122638][    C0] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5960, tgid 5960 (syz-executor), ts 47294368405, free_ts 47126969291
[  800.147463][    C0]  post_alloc_hook+0x1c0/0x230
[  800.162116][    C0]  get_page_from_freelist+0x1321/0x3890
[  800.164555][    C0]  __alloc_frozen_pages_noprof+0x261/0x23f0
[  800.167045][    C0]  alloc_pages_mpol+0x1fb/0x550
[  800.169128][    C0]  new_slab+0x23b/0x330
[  800.170913][    C0]  ___slab_alloc+0xd9c/0x1940
[  800.173069][    C0]  __slab_alloc.constprop.0+0x56/0xb0
[  800.182469][    C0]  __kmalloc_cache_noprof+0xfb/0x3e0
[  800.184742][    C0]  __ipv6_dev_mc_inc+0x2b9/0xc10
[  800.186892][    C0]  ipv6_add_dev+0xbbf/0x15f0
[  800.188933][    C0]  addrconf_notify+0x53e/0x19e0
[  800.191025][    C0]  notifier_call_chain+0xbc/0x410
[  800.193330][    C0]  call_netdevice_notifiers_info+0xbe/0x140
[  800.195859][    C0]  register_netdevice+0x182e/0x2270
[  800.198128][    C0]  veth_newlink+0x446/0xa00
[  800.199949][    C0]  rtnl_newlink+0xc42/0x2000
[  800.201831][    C0] page last free pid 5967 tgid 5967 stack trace:
[  800.204446][    C0]  __free_frozen_pages+0x7fe/0x1180
[  800.206624][    C0]  qlist_free_all+0x4d/0x120
[  800.208801][    C0]  kasan_quarantine_reduce+0x195/0x1e0
[  800.211186][    C0]  __kasan_slab_alloc+0x69/0x90
[  800.228754][    C0]  __kmalloc_cache_noprof+0x1f1/0x3e0
[  800.230800][    C0]  ref_tracker_alloc+0x18e/0x5b0
[  800.232741][    C0]  netdev_queue_update_kobjects+0x2db/0x720
[  800.242367][    C0]  netdev_register_kobject+0x28c/0x3a0
[  800.256891][    C0]  register_netdevice+0x13dc/0x2270
[  800.259088][    C0]  veth_newlink+0x446/0xa00
[  800.261019][    C0]  rtnl_newlink+0xc42/0x2000
[  800.263007][    C0]  rtnetlink_rcv_msg+0x95e/0xe90
[  800.265164][    C0]  netlink_rcv_skb+0x155/0x420
[  800.267158][    C0]  netlink_unicast+0x58d/0x850
[  800.269143][    C0]  netlink_sendmsg+0x8d1/0xdd0
[  800.271130][    C0]  __sys_sendto+0x4a0/0x520
[  800.289665][    C0] 
[  800.290697][    C0] Memory state around the buggy address:
[  800.293088][    C0]  ffff8880603d8300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  800.296938][    C0]  ffff8880603d8380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  800.300695][    C0] >ffff8880603d8400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  800.303910][    C0]                             ^
[  800.305948][    C0]  ffff8880603d8480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  800.330428][    C0]  ffff8880603d8500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  800.334367][    C0] ==================================================================
[  800.341103][    C0] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  800.373608][    C0] CPU: 0 UID: 0 PID: 19363 Comm: syz.1.3639 Not tainted 6.16.0-rc6-syzkaller-00121-g6832a9317eee #0 PREEMPT(full) 
[  800.380488][    C0] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  800.385729][    C0] Call Trace:
[  800.387227][    C0]  <IRQ>
[  800.404441][    C0]  dump_stack_lvl+0x3d/0x1f0
[  800.406943][    C0]  panic+0x71c/0x800
[  800.409088][    C0]  ? __pfx_panic+0x10/0x10
[  800.411428][    C0]  ? __pfx__printk+0x10/0x10
[  800.413849][    C0]  ? end_report+0x4c/0x170
[  800.416152][    C0]  ? check_panic_on_warn+0x1f/0xb0
[  800.418864][    C0]  ? _raw_spin_lock_irqsave+0x3a/0x60
[  800.421705][    C0]  check_panic_on_warn+0xab/0xb0
[  800.444552][    C0]  end_report+0x107/0x170
[  800.446662][    C0]  kasan_report+0xee/0x110
[  800.448471][    C0]  ? _raw_spin_lock_irqsave+0x3a/0x60
[  800.450955][    C0]  ? _raw_spin_lock_irqsave+0x3a/0x60
[  800.453946][    C0]  __kasan_check_byte+0x36/0x50
[  800.456633][    C0]  lock_acquire+0xfc/0x350
[  800.458938][    C0]  ? do_raw_spin_unlock+0x53/0x230
[  800.462216][    C0]  ? .slowpath+0x9/0x18
[  800.463964][    C0]  _raw_spin_lock_irqsave+0x3a/0x60
[  800.466426][    C0]  ? p9_req_put+0xaf/0x250
[  800.476098][    C0]  p9_req_put+0xaf/0x250
[  800.477839][    C0]  req_done+0x1dc/0x2e0
[  800.479447][    C0]  ? __pfx_req_done+0x10/0x10
[  800.481389][    C0]  ? __pfx_req_done+0x10/0x10
[  800.491443][    C0]  vring_interrupt+0x31e/0x400
[  800.495111][    C0]  ? __pfx_vring_interrupt+0x10/0x10
[  800.497331][    C0]  __handle_irq_event_percpu+0x22c/0x7d0
[  800.507388][    C0]  handle_irq_event+0xab/0x1e0
[  800.509461][    C0]  handle_edge_irq+0x28e/0xab0
[  800.511463][    C0]  __common_interrupt+0xe2/0x250
[  800.513546][    C0]  common_interrupt+0xba/0xe0
[  800.528149][    C0]  </IRQ>
[  800.529414][    C0]  <TASK>
[  800.530785][    C0]  asm_common_interrupt+0x26/0x40
[  800.532930][    C0] RIP: 0010:_raw_spin_unlock_irqrestore+0x31/0x80
[  800.535663][    C0] Code: f5 53 48 8b 74 24 10 48 89 fb 48 83 c7 18 e8 36 d6 10 f6 48 89 df e8 1e 2a 11 f6 f7 c5 00 02 00 00 75 23 9c 58 f6 c4 02 75 37 <bf> 01 00 00 00 e8 45 4c 01 f6 65 8b 05 9e c9 48 08 85 c0 74 16 5b
[  800.543512][    C0] RSP: 0018:ffffc90002f878f8 EFLAGS: 00000246
[  800.546025][    C0] RAX: 0000000000000006 RBX: ffffffff9afba630 RCX: ffffffff81c32d0f
[  800.549365][    C0] RDX: 0000000000000000 RSI: ffffffff8de2d10c RDI: ffffffff8c157960
[  800.552336][    C0] RBP: 0000000000000206 R08: 0000000000000001 R09: 0000000000000001
[  800.556991][    C0] R10: ffffffff90a9a657 R11: 0000000000000001 R12: 1ffff920005f0f26
[  800.560405][    C0] R13: ffffc90002f87a58 R14: 0000000000000000 R15: ffffffff9afba630
[  800.582115][    C0]  ? trace_irq_enable.constprop.0+0x2f/0x120
[  800.585599][    C0]  __debug_object_init+0x2de/0x3d0
[  800.588523][    C0]  ? __pfx___debug_object_init+0x10/0x10
[  800.591502][    C0]  ? __pfx_process_timeout+0x10/0x10
[  800.594842][    C0]  timer_init_key_on_stack+0x2e/0x120
[  800.606124][    C0]  schedule_timeout+0x111/0x290
[  800.608272][    C0]  ? __pfx_schedule_timeout+0x10/0x10
[  800.610606][    C0]  ? rcu_is_watching+0x12/0xc0
[  800.612688][    C0]  ? _raw_spin_unlock_irq+0x23/0x50
[  800.623380][    C0]  snd_rawmidi_write+0x496/0xc10
[  800.626022][    C0]  ? __pfx_snd_rawmidi_write+0x10/0x10
[  800.628602][    C0]  ? __pfx_default_wake_function+0x10/0x10
[  800.637197][    C0]  ? bpf_lsm_file_permission+0x9/0x10
[  800.641230][    C0]  ? security_file_permission+0x71/0x210
[  800.645333][    C0]  ? rw_verify_area+0xcf/0x680
[  800.647331][    C0]  ? __pfx_snd_rawmidi_write+0x10/0x10
[  800.649600][    C0]  vfs_writev+0x5df/0xde0
[  800.651419][    C0]  ? __pfx_vfs_writev+0x10/0x10
[  800.653479][    C0]  ? kmem_cache_free+0x2d1/0x4d0
[  800.667443][    C0]  ? __fget_files+0x20e/0x3c0
[  800.681086][    C0]  ? do_writev+0x28c/0x340
[  800.682907][    C0]  do_writev+0x28c/0x340
[  800.684582][    C0]  ? __pfx_do_writev+0x10/0x10
[  800.696673][    C0]  ? rcu_is_watching+0x12/0xc0
[  800.706017][    C0]  __do_fast_syscall_32+0x7c/0x3a0
[  800.711197][    C0]  do_fast_syscall_32+0x32/0x80
[  800.713236][    C0]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  800.715814][    C0] RIP: 0023:0xf7f07579
[  800.718230][    C0] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  800.734678][    C0] RSP: 002b:00000000f500555c EFLAGS: 00000296 ORIG_RAX: 0000000000000092
[  800.751875][    C0] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000080000840
[  800.768274][    C0] RDX: 0000000000000002 RSI: 0000000000000000 RDI: 0000000000000000
[  800.771958][    C0] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  800.776471][    C0] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  800.782952][    C0] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  800.786456][    C0]  </TASK>
[  800.812639][    C0] Kernel Offset: disabled
[  800.814280][    C0] Rebooting in 86400 seconds..

VM DIAGNOSIS:
05:09:38  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000000020 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff85584815 RDI=ffffffff9b0ac980 RBP=ffffffff9b0ac940 RSP=ffffc90000007768
R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=3630383838666666
R12=0000000000000000 R13=0000000000000020 R14=ffffffff9b0ac940 R15=ffffffff855847b0
RIP=ffffffff8558483f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff888097520000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000f4fe4da4 CR3=0000000049f7a000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=00000000029528a7 RBX=0000000000000001 RCX=ffffffff8b849c69 RDX=0000000000000000
RSI=ffffffff8de2d10c RDI=ffffffff8c157960 RBP=ffffed1003bdb488 RSP=ffffc9000046fdf8
R8 =0000000000000001 R9 =ffffed1005666645 R10=ffff88802b33322b R11=0000000000000001
R12=0000000000000001 R13=ffff88801deda440 R14=ffffffff90a9a650 R15=0000000000000000
RIP=ffffffff8b8487cf RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff888097620000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000f4bc1da4 CR3=0000000049f7a000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 2

CPU#2
RAX=0000000000000007 RBX=ffffc900071c3818 RCX=ffffffff86a5ab39 RDX=1ffff1100458c3f3
RSI=ffffffff86a5ab46 RDI=ffff888022c61faa RBP=0000000000000007 RSP=ffffc90002faee88
R8 =0000000000000001 R9 =0000000000000000 R10=0000000000000000 R11=0000000000000001
R12=00000000ab10007c R13=dffffc0000000000 R14=ffff8880416b0000 R15=ffff888022c61f80
RIP=ffffffff86a5abdb RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007f5c4af8d300 ffffffff 00c00000
GS =0000 ffff888097720000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000008f000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00007ffe24a33ff0 CR3=000000004b702000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=00000000fcffc200 Opmask01=000000000000ffff Opmask02=00000000ffffffff Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000001 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=8afc81ce1b5d98ab d75269abba454c0c 8afc81ce1b5d98ab d75269abba454c0c 8afc81ce1b5d98ab d75269abba454c0c 8afc81ce1b5d98ab d75269abba454c0c
ZMM18=7e52ce666ca6e4c0 e2e6de1786608b82 7e52ce666ca6e4c0 e2e6de1786608b82 7e52ce666ca6e4c0 e2e6de1786608b82 7e52ce666ca6e4c0 e2e6de1786608b82
ZMM19=4a25000000000000 0000000000000005 4a25000000000000 0000000000000004 4a25000000000000 0000000000000003 4a25000000000000 0000000000000002
ZMM20=0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0204800200020a04 2cf8020802800300 0200048803460180 8080808200048603
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 7a797301ffffffff fffffffff9080480 03007265766c6f73 65725f646901ffff
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffe708 0003084688020502 8008004680020401 4be4018002020072
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000a080606017c b607fe0400018408 0000000008080601 c70800080a48c050
ZMM25=e2e6de17e2e6de17 e2e6de17e2e6de17 e2e6de17e2e6de17 e2e6de17e2e6de17 e2e6de17e2e6de17 e2e6de17e2e6de17 e2e6de17e2e6de17 e2e6de17e2e6de17
ZMM26=6ca6e4c06ca6e4c0 6ca6e4c06ca6e4c0 6ca6e4c06ca6e4c0 6ca6e4c06ca6e4c0 6ca6e4c06ca6e4c0 6ca6e4c06ca6e4c0 6ca6e4c06ca6e4c0 6ca6e4c06ca6e4c0
ZMM27=7e52ce667e52ce66 7e52ce667e52ce66 7e52ce667e52ce66 7e52ce667e52ce66 7e52ce667e52ce66 7e52ce667e52ce66 7e52ce667e52ce66 7e52ce667e52ce66
ZMM28=000001300000012f 0000012e0000012d 0000012c0000012b 0000012a00000129 0000012800000127 0000012600000125 0000012400000123 0000012200000121
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=4825000048250000 4825000048250000 4825000048250000 4825000048250000 4825000048250000 4825000048250000 4825000048250000 4825000048250000
info registers vcpu 3

CPU#3
RAX=0000000000000000 RBX=ffff88802b241f60 RCX=ffffffff81af496d RDX=ffff88802775c880
RSI=ffffffff81af4949 RDI=0000000000000005 RBP=0000000000000001 RSP=ffffc9000421f8a0
R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000001
R12=dffffc0000000000 R13=0000000000000003 R14=ffffed10056483ed R15=ffff88802b53b6c0
RIP=ffffffff81af494b RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 000fffff 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 000fffff 00000000
FS =0000 0000000000000000 000fffff 00000000
GS =0000 ffff888097820000 000fffff 00000000
LDT=0000 0000000000000000 000fffff 00000000
TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000d6000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000f7219f00 CR3=000000000e382000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000