last executing test programs:

4.507165889s ago: executing program 2 (id=617):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x13, &(0x7f0000000240)=ANY=[@ANYBLOB="180300000005000000000000000000001801000011af000000000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000020000838500000071000000180100002020752500000000806020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000400000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x10)
syz_emit_ethernet(0x2a, &(0x7f0000000000)={@link_local, @dev, @void, {@ipv4={0x800, @igmp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, {0x12, 0x0, 0x0, @multicast1}}}}}, 0x0)
r1 = socket$nl_generic(0x11, 0x3, 0x10)
sendmsg(r1, &(0x7f0000000640)={&(0x7f00000000c0)=@caif=@dgm={0x25, 0xd}, 0x80, &(0x7f00000005c0)=[{&(0x7f0000000000)="4ba72c4cfd81685544f46c3f0800", 0x36}], 0x2, 0x0, 0x0, 0x11000000}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000400)=@gettfilter={0x2c, 0x2e, 0xf01, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x4}, {}, {0x6}}, [{0x8, 0xf}]}, 0x2c}}, 0x0)

4.440525994s ago: executing program 2 (id=619):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000c80)={0x3, 0x4, &(0x7f0000000140)=ANY=[@ANYBLOB="18020000feffffff0000000000000000850000003000000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r0, 0x0, 0xe, 0x0, &(0x7f0000000100)="e09f547ed3f02dc1fd3d6487775b", 0x0, 0x4, 0xfffff000, 0x0, 0x0, 0x0, 0x0}, 0x50)

4.378013965s ago: executing program 2 (id=620):
r0 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000), 0xffffffffffffffff)
r1 = socket(0x15, 0x5, 0x0)
bind$rds(r1, &(0x7f0000000580)={0x2, 0x0, @local}, 0x10) (async)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="140000001000010000000000000000000a00000a50000000060a0b0400000000000000000200000024000480080001400000000c080002400000000e0900010073797a30000000040900020073797a3200000000140000001100010000000000000000000000000a"], 0x78}}, 0x0) (async)
r3 = socket$inet(0x2, 0x3, 0x5)
bind$inet(r3, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) (async)
setsockopt$inet_int(r3, 0x0, 0x3, &(0x7f0000000080)=0xfffffffa, 0x4) (async)
connect$inet(r3, &(0x7f0000000340)={0x2, 0x0, @multicast1}, 0x10) (async)
write$binfmt_elf64(r3, &(0x7f0000000780)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x1f4, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}]}, 0x78) (async)
getsockname$packet(r1, 0x0, &(0x7f0000000340))
getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffffff, 0x84, 0x76, &(0x7f0000000040)={<r4=>0x0, 0x373}, &(0x7f00000000c0)=0x8) (async)
r5 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2)
ioctl$VIDIOC_DV_TIMINGS_CAP(r5, 0xc0905664, &(0x7f00000005c0)={0x0, 0x0, '\x00', @raw_data=[0x8, 0x40, 0x78, 0xb5b, 0xf705, 0x2, 0x5, 0x8, 0x8001, 0x1, 0x6, 0x5, 0x2, 0x2, 0x1, 0x9, 0x4, 0x100, 0x6, 0xff, 0xff, 0x1, 0x4, 0x334867c6, 0x80, 0x0, 0x3ff0000, 0x3, 0xffffff80, 0x80, 0x800, 0x7]}) (async)
setregid(0x0, 0xee01) (async)
getresgid(&(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000080)=<r6=>0x0)
setregid(0x0, r6) (async)
r7 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r7) (async)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r1, 0x84, 0x70, &(0x7f0000000200)={r4, @in6={{0xa, 0x4e21, 0x0, @mcast1, 0x3}}, [0x7f, 0x407c, 0xc82, 0x5, 0x86, 0xfffffffffffffffe, 0x3ff, 0x0, 0x1, 0xfc44, 0x8, 0x7, 0x10005, 0x1]}, &(0x7f0000000100)=0xfc) (async)
sendmsg$TIPC_NL_MEDIA_SET(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)={0x14, r0, 0x101, 0x70bd26, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x4000015}, 0x4000010) (async)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000300)={0xffffffffffffffff, 0x58, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r8=>0x0}}, 0x10)
sendmsg$nl_route(r1, &(0x7f00000004c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000480)={&(0x7f0000000400)=@ipv6_newaddr={0x6c, 0x14, 0x200, 0x70bd26, 0x25dfdbfd, {0xa, 0x38, 0x11, 0xfd, r8}, [@IFA_RT_PRIORITY={0x8, 0x9, 0x4}, @IFA_ADDRESS={0x14, 0x1, @private0={0xfc, 0x0, '\x00', 0x1}}, @IFA_FLAGS={0x8, 0x8, 0x202}, @IFA_LOCAL={0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x38}}, @IFA_LOCAL={0x14, 0x2, @ipv4={'\x00', '\xff\xff', @multicast2}}, @IFA_RT_PRIORITY={0x8, 0x9, 0x80000000}]}, 0x6c}, 0x1, 0x0, 0x0, 0x40040}, 0x10)

4.377672158s ago: executing program 2 (id=621):
memfd_create(&(0x7f0000000880)='C\x13\xfc2\x95WD\xaa\xba^\x90\xfd\x8d\xc2\xb1[\x81\xda\xda\xd6\x8c\xc99\xec\x0e*||\xe4\xb3\xc4\xb6\v\xaa\x15\x86,\xac\x8d\x89cu\x10\xdc\x93\x9b\xb4\x93\xafE*:\xe4\xdd\xa5\xa75\xb8\x1e;7\xb7.V\xdcrw[\r\x98\x93j\x9c\xf6\xf8\x99\xefF_\xcd\xdf!b\xc5\xec\ntb\xff\b\xaaF?!\x9f\a\x1a\x03\f\xe94\x1deU\x06zS\xc90\xb9voI\xa5/\xb4\xa7@\xa1\\B\xc2@\r_b\x9a\xeb\b\x81\x00V\xd6/N\xc5\xc6f\xb1\x95Z\xe5w^\xd8\xe7J\x80\xf7\xae\xafuv\x84\x9eG\xd1\xe7\x9b\xf0_9\xc2\x9b\xfd\xc3\xf3\xe4\x95P\xf1m\xcf\xc2\xe1\xe6\xa6\x8c\x11\xfb\xb8S\x8b\x92\\\asW-Ee\x02\x00\x00\x00\xd0;Q\xc1~\x89\xec\xc8\x9b\x88\a\xf2\x93\x82(\x8b\x00\xd8\xb4T\x80\x95\x93\x9c5\xcf\t\x04\x00\x00\x00\x00\x00\x00v\xef\xee+\xab\x9c\x00^R\xb2n?i=\xbe\x16\x8a\xbf\xe3\xcdB\xed\xe14\xe8\xd0\xb7\xff\xfeQ\x1c\x85n8\x1b\xc1\b\x00\x00\x00\x00\x00\x00\x00\x17\x94\xdfW<GE\xf1\xe9\xf1q\x8c\xf0\xae\x98\x8c\xe0\xc1g}\xaeW\xaa\xa1\x90\x8c\n$\xa6\xbb\x10\xaf\xc7~\x11\x03<v\xe9\xc7K\xf6]\x11)u\xd3\x15\x01}\xe25$\xb0\x86v\x80\r\x9c\xb8\xe6\xd3(\xa0G2s\xa9&\xb3QU~u\x13\x05kKp\xa6&\x8eu\x1d\xb2\xa9!\xc9\xfa\xd0dG5\xcbf<}r\xab\x9c\xd9f6iN\xaa>\x92z\xbe\xb2R)\xf1K\xd7\xaf\x99\xf6d\xe8\xec\xb7\xbd+T3\xa6\xa9\xfaY-1qs\x82\xefn*\x96\xc9\x1e\xf4\xd1\x02Dt\xc0\x19\xf7\x89\x96.D [F\xeeYW\x95\x13\xc7;\x94\x13^\x13\xaf\xf0C\x9c\xabf\x1daCS2\x02\xb0\xef\xc7\x8c\x9e\xed\a\n<V\xaa\xbfZ1\xa82\x85\x99\x0e$U\xb4X\xc7\xfa\f\b\x8f\xc4\xbeIt\xe4\xc51\xba\xb9H\xe8\x96\x94\xd7\xdc\x81\x111\t\xafl\x97\xd8T\xd40\x90ON\xaaFY\xb4\xb3\xf4\xf8JT\xc5:\xc5\aGc\xb5\x12\x90\x7f\x00\x91\xce@\xe5\xd3A\xcc\xd5|\x9f\x8e5\x042\x9a\xc1\xa1\a\xb7\xf5\xbc,\xd1\xd3k8\xc5', 0x0)
r0 = socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000100)={'vcan0\x00', <r1=>0x0})
r2 = io_uring_setup(0x2004c5, &(0x7f0000000240)={0x0, 0x2f22, 0x20, 0x0, 0x8a})
r3 = eventfd2(0x6, 0x80001)
io_uring_register$IORING_REGISTER_EVENTFD(r2, 0x4, &(0x7f00000002c0)=r3, 0x1)
io_uring_register$IORING_REGISTER_EVENTFD(r2, 0x4, 0x0, 0x1)
connect$can_bcm(r0, &(0x7f00000000c0)={0x1d, r1}, 0x10)
keyctl$restrict_keyring(0xa, 0x0, &(0x7f0000000300)='asymmetric\x00', 0x0)
syz_open_dev$evdev(&(0x7f0000000040), 0x2001, 0xc0100)
ioctl$int_in(r0, 0x5452, &(0x7f0000000400)=0x4)
r4 = syz_io_uring_setup(0x320e, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x3db}, &(0x7f0000000100), &(0x7f0000000440)=<r5=>0x0)
syz_io_uring_setup(0x297a, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x1d6}, &(0x7f00000002c0)=<r6=>0x0, &(0x7f0000000340))
syz_io_uring_submit(r6, r5, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0})
io_uring_enter(r4, 0x3332, 0x0, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
pipe(&(0x7f0000000080)={0xffffffffffffffff, <r9=>0xffffffffffffffff})
ioctl$ifreq_SIOCGIFINDEX_vcan(r8, 0x8933, &(0x7f0000000300)={'vxcan0\x00'})
splice(r7, 0x0, r9, 0x0, 0x7, 0x0)
r10 = fsopen(&(0x7f0000000100)='ramfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r10, 0x6, 0x0, 0x0, 0x0)
r11 = fsmount(r10, 0x0, 0x18)
symlinkat(&(0x7f00000008c0)='./file0/../file0\x00', r11, &(0x7f0000000140)='./file0\x00')
openat2(r11, &(0x7f00000003c0)='./file0/../file0\x00', &(0x7f0000000380)={0x0, 0x0, 0x8}, 0x18)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000440)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0)
mount$bind(&(0x7f0000000500)='./file0/file0\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x80001, 0x0)
open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)

2.660360176s ago: executing program 3 (id=640):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r0, 0x9)
r1 = socket$inet_mptcp(0x2, 0x1, 0x106)
r2 = syz_io_uring_setup(0x24fa, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000100), &(0x7f0000000140))
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(r0, 0xc0c09425, &(0x7f00000004c0)={"227110238be6799a70142315f602f3fa", 0x0, 0x0, {0x197d, 0x56}, {0x100000000, 0x6}, 0x5ffb, [0x81, 0x80000000, 0x7, 0x3, 0x10001, 0x2, 0x3, 0xfffffffffffffff9, 0x6, 0xd3c, 0x4, 0x5, 0xfffffffffffffff9, 0x4d0, 0x101, 0x35e08782]})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
shutdown(0xffffffffffffffff, 0x1)
sched_setscheduler(0x0, 0x1, 0x0)
r4 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r5 = dup(r4)
ioctl$TCSETSF(r5, 0x5404, &(0x7f0000000040)={0x1, 0x0, 0x40208f4, 0x515f3153, 0x13, "78e114100985a79874342a55e1133439bbd01f"})
write$UHID_INPUT(r5, &(0x7f0000001040)={0xd, {"a2e3ad21ed6b0af99cfbf4c007f70eb4d04fe7ff7fc6e5539b0872fc8b546a1b4d09940f08900c878f0e1ac6e7049b4cb4956c409b3c2a0867f3988f7ef319520100ffe8d178708c523c921b1b0f5a0a169b50d336cd3b78130daa61d8f809ea882f5802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f309f4cff7738596ecae8707ce065cd5b91cd0ae193973735b36d5b1b63e91c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecd03aded6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca5b6bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27afc953854a642c57519544ae15a7e454dea05918b4124351601611c8f11baa500a3621c56cea8d20ff911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a60560a22f1fca567e65d5e880572286522449df466c632b3570243f989cce3803f465e41e610c20d80421d653a5120000008213b704c7fb082ff27590678ef9f190bae979babc7041d860420c5664ba7921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202fd28f28381aab144a5d429a04a689b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2f05dd3318271a1f5f8528f227e79c1388dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eefc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44060bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a7288afe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f48fe4eae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf02b98a269b891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efedfd71af9444e197f47e866101496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615f7084a607a7eceb6243378e0610060f02cca4051c2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c4e15a7b6eb65ca8104e1b4da1fbb77ab2fc043aead87c32ab875ee7c2e7b7019c902cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad948741b2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd73643de50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c1023bf70cc77737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73c497579773767075428067e7f16f4dde374f8211fef42cb468e623daf60b3569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe29068c0ca3d3414442e863a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae44369ddb4581c55925d0f6f1ba471eba281f259152f85a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e05130935e00785ec27e923911fab964c271556527697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9ddbfb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e7027132f2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afae5336651b1b9bd522d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee29165895ac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463181f4b87c10772d2b13f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76d57227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f84fad6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b3110b932a4d02da711b757fe43c06d21e35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc238a081ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4908b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cb0b3e35cb80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c60edddab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec014508e5247d33ae6c962d35603ff8454c16f8342856935125102bb784ed714887071f3d998efdd9923c954ab6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee658e4cb5e930ed624806c43a006dc9336d07c2b8081c128ad2706f48261f7897084c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da3932ba5c04c24a560ad80a3ce654578376e599aff3565b1d531f30912b99e6619ebe93cc0b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e6491953264d2700c838fa2c7b34252600c9654e502dcea39cb6bc3eb69992e234b4ca7db2f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c7e36bb2fc4c40e9cf96f06817fb903729a7db6ff957697c9ede7885d94ff1aa70826ad01a9b03c37b0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1010}}, 0x1b7)
read$FUSE(r5, &(0x7f0000002080)={0x2020}, 0x2020)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(0x0, 0x2, 0x0)
r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r6, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
r7 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/partitions\x00', 0x0, 0x0)
r8 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0)
sendfile(r8, r7, &(0x7f0000002080)=0x64, 0x23b)
getsockopt$packet_int(r7, 0x107, 0x14, &(0x7f0000000280), &(0x7f0000000300)=0x4)
getsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f00000001c0)={<r9=>0x0, 0x10, &(0x7f0000000180)=[@in={0x2, 0x4e21, @broadcast}]}, &(0x7f0000000200)=0xc)
setsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r3, 0x84, 0x71, &(0x7f0000000240)={r9, 0x6}, 0x8)
io_uring_register$IORING_REGISTER_BUFFERS2(r2, 0xf, &(0x7f0000001c00)={0x1, 0x0, 0x0, &(0x7f0000000640)=[{0x0}], &(0x7f0000001bc0)=[0x172]}, 0x20)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4)
connect$inet(r1, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10)

1.730405466s ago: executing program 3 (id=654):
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = socket$unix(0x1, 0x2, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0xffffffffffffffff, 0x7e9, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r3}, 0x10)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r5 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL802154_CMD_GET_SEC_DEV(r6, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, r5, 0xe65bc375a2b46f59, 0x70bd26, 0x25dfdbff, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x20}, 0x1, 0x0, 0x0, 0x4080}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r4}, 0x10)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8003, &(0x7f0000000200)=0x9, 0x8, 0x0)
mmap(&(0x7f0000543000/0x1000)=nil, 0x1000, 0x0, 0x2031, 0xffffffffffffffff, 0xcc4c6000)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x2000, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r7 = openat$pfkey(0xffffff9c, &(0x7f0000000000), 0x0, 0x0)
fchmod(r7, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x200000005c831, 0xffffffffffffffff, 0x0)
bind$unix(r1, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
r8 = socket$unix(0x1, 0x1, 0x0)
read$FUSE(r0, &(0x7f0000000b00)={0x2020}, 0x2020)
connect$unix(r8, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x7a, 0xa, 0x0, 0xff00, 0x0, 0x71, 0x10, 0xa2}}, &(0x7f0000000480)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
mount$9p_fd(0x0, &(0x7f00000002c0)='\xe9\x1fq\x89Y\x1e\x923aK\x00', &(0x7f0000000380), 0x80, &(0x7f00000003c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r8}})
move_mount(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x320)
ioctl$TUNSETVNETHDRSZ(r7, 0x400454d8, &(0x7f0000000280)=0x15)
connect$unix(r8, &(0x7f0000000100)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)

1.670610956s ago: executing program 0 (id=655):
r0 = syz_open_procfs(0x0, &(0x7f0000000240)='clear_refs\x00')
writev(r0, &(0x7f0000000780)=[{&(0x7f00000004c0)='4', 0x1}], 0x1) (async)
r1 = userfaultfd(0x801)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000000)={0xaa, 0x2d2}) (async)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f00000001c0)={0x1, &(0x7f0000000180)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) (async)
setuid(0x0)
ioctl$UFFDIO_COPY(r1, 0xc028aa03, &(0x7f0000000040)={&(0x7f00002b9000/0x400000)=nil, &(0x7f00005cf000/0x4000)=nil, 0x400000, 0x2, 0x2}) (async)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2)

1.594325559s ago: executing program 0 (id=656):
r0 = socket$inet6(0xa, 0x6, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f0000000180)=0x5, 0x4)
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000070000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10)
pipe2(&(0x7f0000000040)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x880)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff})
r5 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_AUTOCLOSE(r5, 0x84, 0x4, &(0x7f0000000200)=0x88, 0x4)
splice(r4, 0x0, r3, 0x0, 0x1, 0x0)
fcntl$setstatus(r2, 0x4, 0x2800)
close_range(r3, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x1, 0xfffffffd, @empty}, 0x1c)

1.594165185s ago: executing program 3 (id=657):
r0 = openat$sndseq(0xffffff9c, &(0x7f0000000200), 0x2000)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000240)={0x2a0e, 0x0, 0x7, {0x3ff, 0x3}, 0x2, 0x9})
r1 = socket$inet_smc(0x2b, 0x1, 0x0)
ioctl$int_in(r1, 0x5452, &(0x7f0000000100)=0x8)
r2 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r2, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r2, 0xc01064b5, &(0x7f0000000200)={&(0x7f0000000240)=[<r3=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_GETPLANE(r2, 0xc02064b6, &(0x7f00000001c0)={r3, <r4=>0x0, <r5=>0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_SETCRTC(r2, 0xc06864a2, &(0x7f0000000300)={0x0, 0x0, r4, r5, 0x5, 0x720e, 0xffff9a4c, 0x8, {0x8, 0x0, 0x8000, 0x7ff, 0x1ff, 0x2, 0x2, 0xfffc, 0x4, 0x7, 0xd82d, 0x2cb, 0x0, 0x3, "51fa31b64243e974c55dca4fd106d1baacecbaa563784b88898e744ed77ab806"}})
sendto$inet(r1, 0x0, 0x0, 0x8815, 0x0, 0x0)
r6 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r6, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000003580)={&(0x7f0000000440)=ANY=[@ANYBLOB="84010000100001000000000000000000ac1e0101000000000000000000000000ac1e0101000000000000000000000000000000000000000000000000000000001d8c12c2b7605c51ad3a0ab4de1fae22574765af6ae44427e3a731f9b31dd504606a9a858c0e919e11fb4804d3bf4434094b32d26760c6be841d757842eaebfee463cb8072f5ad29aff4191e114b2dd4bd47c8a4d84e934f92d33d721fab684f6438f92513fd1a640e5e5688ea", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="fc000000000000000000000000000001000000006c00000000000000000000000000000000000000000000000200000000000000000000002700000000000e000000000000000000000000003000000000000000000000000000000000000010000000000000000000000000230000000400000000000000000000000000000000000000000000000000000000000000000000002abd7000000000000a00010600000000480003006c7a7300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004c00120067636d28626c6f7768697368290000000000000000008d3184b900000000000000000000000000000000000000000000000000000000000000000000000000000000000080010000"], 0x184}}, 0x20000804)
ioctl$GIO_UNIMAP(0xffffffffffffffff, 0x4b66, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{}]})
r7 = syz_open_dev$loop(&(0x7f0000000100), 0x3, 0x1001)
writev(r1, &(0x7f0000000980)=[{&(0x7f0000000640)="a7ded7eb5fe55d69b17c978948a9fc567454dd964519b65f78647e3f179b0b106da5c1a052f118e9ce5ea578c5fde2e3e3390297cf978ec6b2d8d3381da18afcd52d889ae173d6ef112aedf36a6702fc59160de5615438ca7eb8a05df68651f1a47763e6213c4c2a823b5b1f32fa6bd5b4a87424bf855a326dd1aeaa2f50e59c7736f35fe5519a1a4a7de28c62d057bb793fcefa12dcb8f34ff886250ca4b2815d24cdf969bb5479cb336dfddcf0e1125335e7c3a8d03fee9ab053f3377ef735ad8f5c1b1f21cba1766d2d", 0xcb}, {&(0x7f0000000740)="da8be88f27912c054d69fbdabf42cafa33a62e4e1b8f6e263f6c4da2a55a0fb83d80212d0edc64e65e79157d0c9d4b57e083dad66cdd03cbab9bf8c15bccc43584039640298ebf5f6ec9ea45e64ef6b0803c0a947cbec602e0b10af7be0b349e8e0af36c1bc0876f891fe1e926ff0f37be12b089f9b6498de1bd8cf5e521680d063af2aa9073c11415a131a86d423649348263d8e624661ab58846227f02f38af0531dd5f4518e21e72664f80bf7a3064e59b239744d98dcc96320c4a10ae1b3e88154032cbdb103ddacdd02dd3fde0f0b626f585e7d1c69241ea3b9dcca4def4be37b1142a3fec926efff5741fe9cee", 0xf0}, {&(0x7f0000000840)="26f42cf7b11c72c1011019c47f761b24b82cfae54cba", 0x16}, {&(0x7f0000000880)="8ba2742edac58accf2f2129ffafb93aacfd960dc45617aec95e3344775d2bce075e3cd2f63a6cf8666070278e479dd24db632636d64a470a8d3f3059a6242cdda716c8fc95e993c582184f60fcc2445f11cd12e87f419fb9d5f2f0bc25523a5fb36b413bf1393a40301590148cf816f89727520ae22eff88fe437d36649e2104601a3f66d9ae19ca95ef581e7dc61ec831b6ec339fa9d6406f2b3d1c7a2decc561979dff9a5df9df754643a70bb6850971d0f486ea3192b5d044e427a37b3cf3fdbfab6bb0bdafdd9d0d3088f2efd6cbf648a7e00c64797d3dbfd25433a2d74317d2509ee1ef5bdef764e04bf4a92a5a7774f907c3a0d28b4bb4", 0xfa}], 0x4)
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0)
fchmodat(r8, &(0x7f0000000000)='./file0\x00', 0x20)
ioctl$LOOP_CONFIGURE(r7, 0x4c0a, &(0x7f00000002c0)={r8, 0x0, {0x2a00, 0x80010000, 0x0, 0xcddc, 0x0, 0x0, 0x0, 0x0, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00", [0x1, 0x4]}})
ioctl$SNDRV_PCM_IOCTL_STATUS64(r8, 0x80804120, &(0x7f0000000180))

1.500048811s ago: executing program 0 (id=658):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000340), 0x10, 0x37, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000700)=ANY=[@ANYRES32=r0, @ANYRES64=r0, @ANYRES64=r0, @ANYRES64, @ANYRES32=<r1=>r0], 0x7c}}, 0x40)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a54000000060a0b040000000000000000020000002800048024000180090001006d65746100000000141f0280080002400000001508000340000000170900010073797a30000000000900020073797a3200000000140000001100010000000000000000000000000a"], 0x7c}}, 0x0)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
fstat(r0, &(0x7f0000000300))
statx(0xffffffffffffff9c, &(0x7f0000000240)='./file0/file0\x00', 0x2000, 0x20, &(0x7f0000000740))
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000600)={&(0x7f0000000080)=@proc={0x10, 0x0, 0x25dfdbfd, 0x200000}, 0xc, &(0x7f00000000c0), 0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="240000000100000001000000cc849e08cb2b6822d8ead52ed2eebcb544366076e340b78dfd2779fe9e2a7a0b7d8862508ec5edfcb8b74ee74e765ed6fa9fca0d2e35c6e3561222b5f468d18f2aaa5bd2527a99dc992b475a40d18dc1840570fb27e3bfa7615ea12c3a019942e7948a70ff0e73fb668d9099d2bc571fa25b49afbc4805dd262f59f08d080e9d9051253437a7f5e13a3d6320e25c8041293150aac5e077225e23b275fbf8", @ANYRES32=r0, @ANYRES32, @ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r0], 0x24, 0xc094}, 0x8004)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4)
ioctl$FS_IOC_GETVERSION(0xffffffffffffffff, 0x80047601, &(0x7f00000002c0))
syz_emit_ethernet(0x4e, &(0x7f0000000380)=ANY=[@ANYRES64=r1, @ANYRESOCT=r1], 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
syz_emit_vhci(&(0x7f0000000280)=ANY=[@ANYBLOB="040e04e04020"], 0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r4, &(0x7f0000002540)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_PROG_DETACH(0x9, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x80000000000002)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000000000))
syz_genetlink_get_family_id$smc(&(0x7f0000000040), 0xffffffffffffffff)
syz_init_net_socket$ax25(0x3, 0x2, 0x0)
close(0xffffffffffffffff)
getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, &(0x7f0000000100))
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x42031, 0xffffffffffffffff, 0x0)
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x7e832, 0xffffffffffffffff, 0x0)

1.440530136s ago: executing program 3 (id=659):
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e22, 0x3, @dev={0xfe, 0x80, '\x00', 0x2c}, 0x7}, 0x1c)
r1 = syz_open_dev$sndctrl(&(0x7f0000000280), 0x2, 0x0)
ioctl$SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE(r1, 0xc0045516, &(0x7f0000000180))
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
openat$cgroup_type(r2, &(0x7f00000000c0), 0x2, 0x0)
rmdir(&(0x7f0000000700)='./cgroup/../file0\x00')
r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
close_range(r3, 0xffffffffffffffff, 0x0)
setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f00000022c0)='dctcp\x00', 0x51)
r4 = socket$kcm(0x10, 0x2, 0x4)
r5 = socket$inet6_mptcp(0xa, 0x1, 0x106)
listen(r5, 0x1)
socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r4, 0x220c)
r6 = socket$netlink(0x10, 0x3, 0x4)
writev(r6, &(0x7f0000000300)=[{&(0x7f0000000180)="580000001400192340834b80040d8c560a11820fffff5bab4e210000000058000b4824ca945f6400940f6a0325010ebc000000000000008000f0fffeffe809005300fff5dd00000010000100090c100000000000224e0000", 0x58}], 0x1)
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r7, 0x0)
r8 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r8, 0x0)
r9 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r9, 0x0)
r10 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r10, 0x0)
recvmsg$kcm(r4, &(0x7f0000000500)={0x0, 0x0, 0x0}, 0x0)
sendmsg$kcm(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000440)="89000000120081ae08060cdc030000007f03e3f7000000006ee2ffca1b1f0000000004c00e72f750375ed08a56331dbf9ed7815e381ad6e747033a0093b837dc6cc01e32efaec8c7a6ec0012100001400d0c0c00bdad446b9bbc7a46e3988285dcdf12f21308f868fece01955fed0009d78f0a947ee2b49e33538afa8af92347514f0b56a20ff27fff", 0x89}, {&(0x7f0000000340)="cc28f95361f091daf87e55194b2fd6ef1a204cd3fdcf46552546bf691b261c6b95444a302bc3dd4e6d86bfbeacdb22d25e34f7791514c9e552ca7e36604530f4aa1e7e5d9d4a44a1aa88209053f5fbc40291ba924810203cccedcbb1122c7ce0390d0e431a2684dc3082d38b1a67dc840befa616003fb8218a4117e810e076536ae6c1ea738a4e89abee5cbb866ab617ab1baa8551d539763c5a698682c8324ead676bd80d073ef64cfc853c3d6a00f95249696fe251344df5aefa298abf69f6524e528a815f77a4a087983a7a211156621c9b440bc6d02f73c21eff2ea7cfb98e01975967fe9e0f3f2b6fe18c", 0xed}, {&(0x7f0000000040)="0cb16a2c383736f2cda5d00ed9b99760a648b45b67b41eb4b15252a1cd406d7e395691c9f589", 0x26}, {&(0x7f00000007c0)="e5888d9172d1a60349c875d1193f6027a81482e2968e35a76c147745c3c004f526478c66742b1296c41a74916686d4c39abe2fbb03207b5c6090eea62713af8a3b9817a37d8018883284a99b07ac31be24fce20b06fd7756c5268e837f15b859fab635f9b9c62fc62fa3a74135a056c5ea1851f8ac3816cb9a65e8c52ab42cd712ec08197e84d76b892cb6039a67cb5cde7e9794ebac06c2e4e9b39576349e03db69fe90149f760f5a170ff298055f6bd42e657cdd801875bbd3f79a5dba0ab75c6f3139510a134fd610d6bb535aff7c2712e313144b2a4e5f68af28db20d13e7fbc42e771defb6d9fdc46d8e7d58c06e03716e80c0a5799c0865b27dd674ce6ca2a7b646a11cf4239a1bc2c38e2cd669d0f77f52c67edbff83b8b3bc2dbd5d077ff6c867d84ce1b45bec953a7abd8765cc4e698abb7bfe797836bbcd90cb00913150ed8aef1eca455b3f1df38010b2edf55e3477a6c9b39d5058179e15dd1787e8d1709287293bba0f6515261cd833e19b962111c8b2463bea9b8bc0a1af3204420799629a0e23449f702320acc5eb5f7a23ffe15438769261b75c724d733b9289091c310cce514d12804da19536420d66784666c99aa65b570184faab98fa182bc3e45f331ebfe36a64682e9e666f81418f59bef68b52ef95c62acf4ca975ae5ad95ac4663f892ba3776b667d16dcdc3bbfaace76a3045d70ebf970d34ca3b0009c2d551025da5ec4a08ba9e8108d37f05a59c75c173ebdd7eac83fc67558f859d3d1ec5e5f6ef5652a38adad21b0040588b1506a3917f8572f7018a9a787e466a9ea02f0b5e089bf2eb1fdb8ebd035bb5e24f452c2b42351fa87a3dd509f1b66de656192170e4014ad69bb84284798d0070ad985d19ffcf183c151266c3a986a520d63c2f22e97e323b1f42dfde8dde73dc7db6a4fd43c5389e2945ba569a4d0f46bc7e2eccb9edcfb77d73559557b50b9c97c18723ab3a60ac83f0d1ad5fd60c613d2c9b5fda095cb14df0007f7abad4b5eb7e09fd85631e6c713716bd78e41d327420c6d43f5bb060fc13bf2676d87c4181584d26dd7c6ecdeceb05d44937c24b0f4c5e798a5de701579d6da09f696586a05569771878e4e56575a8396442b03ef6a788104afcb43900ddfce37ca268b1516aef335558067a7eabac119abd8240fcf40111305ccc4bded616a059b55c52aaaa87a51e8ef719c8862775882ed7194d60156e64e4f24be15c0a3ca7002e6212be06e0691f8d8699768e12fb79f987ed3267795ebe996ce3c0ebdc1f6e6c3ecc8efc16b96ce9ef142bf3e8f1a3ed4c8a6ea34953f6b618d72b51e936ef3156c1291967a2bf6f4898db44cd13e5cd14c40a5443c3a28cb20e517310c619391e7ec951ff1d83c218bc68e320c39a336bde8b613e467d6651763e95ccb51b241b47b7a72ffa5bd07784d347794f066a3f524d3d62f8068048e73f5026abb1bb28b8a8f6c42ffb7536ab102d0e225ba8ab7ad24067aebebf67cf4bdba04e7d384c2e5f5cb60aa65e602dca7556c9293714f7b56382ed8dcebde14f1979d555b82f28672547e83f1b645813a152a1637832a3ac072c926996b2b8498efbf48dd3748e0ed3014be290764849b299c1443d4c27f8b4f637bbc317616b928e5254040f8d90c3e6ffd0b59af67e386922890c0c6dd8ec04b2ab5708cba3e9f644a7853c92b699e67e729f3155ac3443a0a4d6886fe29afd68ed950a01da5fbe5a14557bad22235412dcdea1c474141d966c39105aadeb3a7d50bee15b9b4671ff3777b0218389a4037f1c909731943019c462e1997584611dca124eebd9699e2e5aa30100d970e89d58b30338b9edb0fdb812f9555308d1cd8badc327ac8fa7c8f711932a83cfc6cbcd2a319ee60854856bafad6cf5339c11bb075a73edf1eb2f456bb86d45db40fe5b5bbba8e72462b197a1c77b86e1b0a4cf407201c5b340bc07e918880c2420a5764efb276083f33ea5ccc91b171f1dfe001b9054452d2e3b2af58fb7172b094e3d3541c20e7d2c4cd59401038fa2f343cb1b94700d1f921f7fdcb6b7f47d0b93aac5208ff31872251bc0d39ca825fdca71be818e5fe9dc43ce07e94676c3031df6742e808fed5b37539b43ad149b8212ab48c261b050338b03aa069e57c4a4a76740d30d4f843814ed83011fc5ccdd9bba97f3bbe81bcb204b1b230bb2dc26208c12ab292fa77c84fc6f670c551d348a290bc154acc9b3c936d691c2a75325548fa4692b0acd5342fc62ef1f8bc21644321fa16f34b2be70aa86f76514252ef7e2338b2eba6640f29985bd06aaa7d4477ea442fbf90dd0136dbf596f724a10ab1a06ec832ed4d69b64b363eac974d3de65de1e470301d17076f1fa2978cd2ac45c60495bc99cf657733fed451a9a19971dfb1791db8852820404bd6828d68a335e3074a7115fc0f597b27f63be2110752a5c7d6a1dee0cfff88f4fe170a971e05be707ca40f8aa21811b2fe1fa6dfbbfe00dd69a131e40af3c6328d470fb9b53c7453e409a1973bd971018de8b5c7750ff700b76f646c8df9a2916b8b8ab4b503bebeca0f02bbb6ff6d38b06a5b04513b696148689ee0291da771c8a2fa92f1069cad03569c960200346313fade2d17613700005727ccd8ab9ac8473a930c69560c2b6d30464cb83d28b206c82d542f809311e659759959b959b85977793442dfa82dcfce8a90a88266615ad7743189c59dd2d9813d69ccdadf7dee7b99040a009967c045058873c20245eef5d14dfe5cbb7d4364db4cb3cc22bac33205b9974f2d8a3feb53e39e924cc7f4449d87a5a73d131395a511bc8dfaf3a8c87dec786c32684dded112cb2cbc2aa66008da771fceb3b4cf86e34d41711d2460d04bc39f421d0e4173f6a15443d66b776643e666e5cb64b5f2c38f2994ec70d5c97ef221520fffe8e686be3a06dc5beddb675bc0ebc794b89cd6f8977e01902c9a9cd3b87e417a373e526552c1d243125b2bbdb592b2c80869d5563ca09e58803518a39b6e67d508aab91ba0ebacb494086cc802c537e9feecf84169ff697d2491096ce0bb55b4e0c14dd910afda8dbb4ac1e6e38bbd789c59c72415fb828bc019d97a841c20938666618982f9d1769aacfd472bfab06b0b60ec831c3178973148b0bc21956e68e9d8da665c1803156daf5a2181835d39c0b8652a6a97d3bf18f598494605f54600e31ed807c429904015abd2c64e26d88dfbf82a3a3c6eb22342b5104d1454704e9eec6a7130556ede1269cd9340cb2ac6c6ac26f1902a68f8e00979c97e303c8ab2022cfa519b1852f6c0c1a7e928a1ded9b686473ef4f35684e96d0a41687ba4434eef1a5a6c21470c568ad495d7f2ac2b39462b954f2952cc0058321976bc799f95aed74e3e770e57ba18aa9c25d7497528b2be3247384f48bd6076c19f46fcaaa3f7bea2bfc3c828e234c641f3be43c0ea5b7082787d784e4bc873809f0405326bc768790f7d69fd214aa1841c87cb533f1d145b310c09a70653535767e0a1481919bbde38472e9568415f337bc7de832283c014717a9ea1f229d9af531bb46160e790cbe2bb335a7f5dd728ef86737aafe9a775a2a539442fbc6c3e1e6bde066fba2c702b5483713101dbca57c94b9b52a89d3c03877497a9a8eb1d80a68eba553e63b9846ef68085b0b6ec91d5e19c6e8017edfa63964f6f3d0400370782f1a4d34261d5650c30fbf93bcdf637f287908060378edcf192cfe5dcf1a42976a2dc8d9a01f0c68fa6a2774dfd7e3caf4d2ecf43b3bf04407d49db7aaa9c1ecdd03362b99a9e3503a6a48e5c3e5647d3d3a34b65b032dc6e650caab317cc3aec96364d1d52d58ac8a40bf15b2658a77dda88a87806d19fb28290bca919692522746eeff8c11fc504666f09189b4156dd99898319254b5cd83802490ca4e86c992c5c33339a922cc55088d5b58727ff657b9576e31357b2c51cd4f37a07cc75ece4f432e388fc4d42368b4bb72c9919ccca998bfb95175cad442d52a74a3341922601aec090516126dec93b3c3857416ee3e4cfd64778ad549ec9dbc6ac22a2b900746654418e4a894212358b2ad8b5037b1bdf1fa12408a7b151490d904e44c6def211c0b5966cef5b505326982c7ae012c9ce1db46af9a699107be57e39f8eeb16a1910dedc01fb014ef1c4a34c7ae874667a91be8df4b9ed13bedfb4aa0a9b12b2cd95c1d189d8b4efd1409b1a685625ec61d26c7c3846d8fc3e0ad1e2c24703895fe6a68ddfe76cab3b58dee0b29a5b272d224ff95f1dc1c6d5cab7d23df171914835c8e90385ba6cd89af0533c3d8377dcc5ac081a7b01290c66549b3d21d142fdffe280b1aff6577687869f87c92bf2189e1484f5e45889dea31f0d3a61e5e4555a23dc45f205957c96230211c4c4b9c1c3321ae01328f892ea9f440ba2cfdb758bb8f2bbf7c3fca104a632a61d58ea2bebf6f6c78ea8fe8e739986b6cb6335385f3af5b779e8c32d13655999d019878f4dc43d1af499043b70a73eab2535513d87a213617a3c49d75887442b955d4182071b4262516a3e42f1fbaadf6c8d57a8dc67239a35b5d64f8cc5ecac822ba322f5149ed31ca89accd2f4b4910b32a38663d332fbdef9503a3b890e921f65d2cd1395aace5d314815d5f4edae92cdbde0b7b0750d05c250231420ffb601a4bcf6f878a5577892652fe0573b4fc263d0952f9b36d0be76f28422befc0917aa79baf4c172333430b3009ff0bbb1fc280bfad9ade9996c53619269e465dad3fb78fd7a9580b47df45e92217e8f9b3e20f7ed6c556ed030abfebe1a029eb9874836be98e37bc7c8ccc766a8c12c1f8b019bcda4e83438fe19f4b5ab1cb3537164ef20dd6697a2fba74b6a6746a6fbbfd1c8481faf3563e9bdc44073c7f8ad8f1a052774f05f7800441800738b29fd2c09c395c39555cba4639fb97ddab0ae5a886c774a007fcb4b86fee3dfdb1ab38b744d63d89b718e2e6cfbc154ff6fa4a3d500c14adeccd994ff7545b87581fd43798ee3abefa7a5cf9c230cb9226fd622f9484faf45b52eea19812fd7ce2b9ac8c47242c8d9f28e1c5863b5cb0acf9165bec5b301abd38db9bab50d560581330c910a605182a169afdf7c1bdf70a3560d23552e3ad30d075b33293c5a4c22675c6533aeb663a9167eeaccf99274aacd1eb5fdbd99647fd9e169a85512a53fb09aca3636a129a52bce20434efd4848e54b8d1a29e239de289177f897d4b857253965ba3954b9bc89a88123d18d79587bb069a38b7a3a8f488ce250beefc7d3ab6d6a8f90e077bc573bfce51cb6a63137561635bf8cba5cd474a2e21342f4818c118fb0cbb24fb7f9b40eb412593964eacd03038b3815a6762732a87c68939a94da050288636e304715dec6ddccfca1174a84fb960efe41f90ffdef150863f1dc638a9224b6c2dfead4c0691de5c46abdc67bf7676757ad0f26a72546aa8f9bdac4093539863497a27719f4e08664979098ef6e1df60c40fe9ae7f55200bd2f3613cb040ceebfd002d9ab564d6d49f2341c096c3c176bbb11a8d40aad50cdb47d20ff4b2d58c0452e40d3edcb140ebe576b04853af8135ce96c7120e33fa8fa351d5777f3c7cbc33a7bf31a628c3a932b10b25324ded56e2a7e072345501d0496acb8570fe0d91acff48ba06ab17e815ae3941918746c4f851403639dddd2c5cc48e1d3da97b0f35afe69689d20065802e100b09e2249e2a390ff792b69003514cc954b232a6d898033fb731c44613129aedf3c7788c2d6408b2ddf4a58e6f9cd210e1acf2", 0x1000}], 0x4}, 0x40886)
mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x0)
mount$9p_tcp(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000740), 0x1800, &(0x7f0000000540)=ANY=[@ANYBLOB="7472616e733d7463702c706f72743d307830306a00304430303030303034b1a27c319f3d397000000022f6c0aa352a3deca28e4cb088e5c250609e9c77a1c89d5b8106f1a2bf6a25cc92c4e0ee8f5e143d09531cae86574e6cd997d0cc8d88cf063d2ff07686285a2d6c4d32e7d952f64aeaea1ef905451198877ebdd054af0b5c9fada234caa65e07450b2fc299ce0b31ff12f1c2529caba3219880da5674250d616c80149630bc60475d984c2e7013d45772b81689b4a0557ded39b34b4c10694c17be58e7020c55db9b6167284aa52e4180c9e843e602cf"])

1.353166785s ago: executing program 2 (id=660):
ioctl$vim2m_VIDIOC_ENUM_FMT(0xffffffffffffffff, 0xc0405602, &(0x7f0000000080)={0x3, 0x1, 0x1, "5165a41796ed6bb8c8ecf24946ef12aedd4f4bc7c546d290105b2f528e4cacf4", 0x20303159})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = timerfd_create(0x0, 0x0)
ioctl$TFD_IOC_SET_TICKS(r1, 0x541b, 0x0)
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_NMI(r3, 0xae9a)
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x100000000, 0x0, 0x0, 0x0, 0x0, 0x2004c8, 0x8000000, 0x0, 0x0, 0xfffffffffffffffe]})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0xd, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x0, 0x3, 0x9, 0x1, 0x64}]}, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x2, 0x3, 0x0, 0x4, 0x0, 0x0, 0xeffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff], 0x0, 0x1000})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
connect$rose(0xffffffffffffffff, &(0x7f00000000c0)=@short={0xb, @dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, 0x1, @null}, 0x1c)
unshare(0x68040200)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
r4 = socket(0x10, 0x803, 0x0)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r6 = socket(0x400000000010, 0x3, 0x0)
r7 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r8=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r8, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x1}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000940)=@newtfilter={0xc8, 0x2c, 0xd2b, 0x0, 0x0, {0x0, 0x0, 0x0, r8, {0x6}, {}, {0x7}}, [@filter_kind_options=@f_u32={{0x8}, {0x9c, 0x2, [@TCA_U32_SEL={0x84, 0x5, {0x5, 0x9, 0x7, 0x4, 0x9, 0x4, 0x6, 0xfffffffb, [{0x4, 0xfff, 0x9, 0x2}, {0x1, 0x8, 0x1, 0x6}, {0xb00, 0x0, 0x80000001, 0x6}, {0xff, 0xffff, 0x1, 0x7}, {0x4, 0x2, 0xf, 0xffffffeb}, {0x7, 0x1ff, 0xf8000000, 0x8}, {0x6, 0x1, 0xec8, 0x7}]}}, @TCA_U32_INDEV={0x14, 0x8, 'ip6gretap0\x00'}]}}]}, 0xc8}}, 0x4044040)

1.140759834s ago: executing program 3 (id=661):
syz_open_dev$hidraw(&(0x7f0000000080), 0x0, 0x0)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
r0 = syz_open_dev$I2C(&(0x7f00000002c0), 0x1, 0x0)
ioctl$I2C_RDWR(r0, 0x707, &(0x7f0000001100)={&(0x7f0000001200)=[{0x0, 0x0, 0x0, 0x0}, {0x0, 0xf5ff, 0xd5, &(0x7f0000001300)="b525bb325834dcaf04ab87efa7cb55518ef9a3770c47e3b64acb4352b6634a7a9e22fcea5a0417bfe92a2c1d52be65b6aa99355e6b865734f18866cb734c53d2aee73d5af64ddd8a93d0bdee64d5e4c89225ad23af187aa0b753a3770fd937e03fb683bd601891c0830bfc1c502b218ba1e8b810912adc0a3f51174fe26c2d72c0a0163f01ac2f65c1d49676b6d457189fff9bd96e4afb0b24463b897bf0aef8ce95bb0910ce89acd90fed39fb5c36af5032094d3378c99fdfc920603ae126b58a5674aec5605758a321f6c5049d03a8a63e9f97f2"}], 0x2}) (fail_nth: 10)
getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, 0x0, 0x0)
mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x2, 0x400c031, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)={0xaa, 0x740})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x1})
ioctl$UFFDIO_COPY(r1, 0xc028aa03, &(0x7f0000000100)={&(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffe000/0x2000)=nil, 0x3000})
socket$can_j1939(0x1d, 0x2, 0x7)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = dup(0xffffffffffffffff)
write$6lowpan_enable(r2, &(0x7f0000000000)='1', 0x1)
r3 = syz_io_uring_setup(0xa07, &(0x7f0000000200)={0x0, 0xcc72, 0x0, 0x3}, &(0x7f0000000340)=<r4=>0x0, &(0x7f0000000280)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL)
io_uring_enter(r3, 0x3516, 0x0, 0x0, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000c00)=ANY=[])
chdir(&(0x7f0000000100)='./file0\x00')
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
rename(&(0x7f00000001c0)='./file1\x00', &(0x7f0000000280)='./file0\x00')
r6 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r6, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x2, &(0x7f0000000040), 0x106, 0x5}}, 0x20)

941.255393ms ago: executing program 3 (id=662):
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000140)=0x14)
r1 = socket$inet6(0xa, 0x6, 0x0)
r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r2, 0xaf01, 0x0)
ioctl$VHOST_SET_LOG_FD(r2, 0x4004af07, &(0x7f0000000240))
ioctl$VHOST_SET_VRING_KICK(r2, 0x4008af20, &(0x7f0000000040))
ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f0000000380)={0x1, 0x0, 0x0, &(0x7f0000000280)=""/233, 0x0})
syz_usbip_server_init(0x3)
ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f0000000780)={0x0, 0x1, 0x0, &(0x7f0000000700)=""/88, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r2, 0x4008af03, &(0x7f0000000640))
r3 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000080), 0x4a4900, 0x0)
ioctl$SNAPSHOT_GET_IMAGE_SIZE(r3, 0x8008330e, 0x0)
ioctl$VHOST_VSOCK_SET_RUNNING(r2, 0x4004af61, &(0x7f0000000000)=0x20000)
write$eventfd(0xffffffffffffffff, 0x0, 0x0)
openat$fb0(0xffffffffffffff9c, 0x0, 0x0, 0x0)
close_range(r1, 0xffffffffffffffff, 0x0)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000480)=0x7)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f00000003c0))
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000300))
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000040)=0x9)
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0006}]})
syz_usb_connect(0x0, 0x3d, &(0x7f0000000240)=ANY=[@ANYBLOB="12010000bdce4208110f80106afc0000000109022b00010000000009043700022ee5cd0009058010ff037f790209050e0320000980070705ab0b78"], 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
close_range(r4, 0xffffffffffffffff, 0x0)

620.698654ms ago: executing program 2 (id=666):
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r2)
ptrace$getregset(0x4204, r2, 0x202, &(0x7f00000011c0)={&(0x7f0000001100)=""/168, 0xa8})
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000040)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_JOIN_IBSS(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)={0x2c, r0, 0x1, 0x0, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_IE={0x4}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}]}, 0x2c}, 0x1, 0x0, 0x0, 0x8884}, 0x14)

607.009748ms ago: executing program 32 (id=666):
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r2)
ptrace$getregset(0x4204, r2, 0x202, &(0x7f00000011c0)={&(0x7f0000001100)=""/168, 0xa8})
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000040)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_JOIN_IBSS(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)={0x2c, r0, 0x1, 0x0, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_IE={0x4}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}]}, 0x2c}, 0x1, 0x0, 0x0, 0x8884}, 0x14)

560.296493ms ago: executing program 0 (id=669):
r0 = socket$nl_route(0x10, 0x3, 0x0) (async)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TIOCPKT(r1, 0x5420, &(0x7f0000000100)=0xcf7) (async, rerun: 64)
ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000dc0)={0x0, 0x0, 0x0, 0x0, 0x11, "0062ba7d82ffff00"}) (rerun: 64)
ppoll(&(0x7f0000000140)=[{r1}], 0x1, 0x0, 0x0, 0x0) (async)
r2 = syz_open_pts(r1, 0x0)
r3 = dup3(r2, r1, 0x0)
ioctl$TCSETSW2(r3, 0x402c542c, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, "b779594300", 0x0, 0xffffffff}) (async, rerun: 64)
openat$iommufd(0xffffff9c, &(0x7f0000000000), 0x22000, 0x0) (async, rerun: 64)
r4 = socket$packet(0x11, 0x3, 0x300)
ioctl$ifreq_SIOCGIFINDEX_wireguard(r4, 0x8933, &(0x7f00000001c0)={'wg1\x00', <r5=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newlink={0x44, 0x10, 0x1, 0x10, 0x0, {0x0, 0x0, 0x0, r5, 0x20001}, [@IFLA_MTU={0x8, 0x4, 0xe}, @IFLA_AF_SPEC={0x1c, 0x1a, 0x0, 0x1, [@AF_INET6={0x18, 0xa, 0x0, 0x1, [@IFLA_INET6_TOKEN={0x14, 0x7, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}]}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x800}, 0x10)

498.410276ms ago: executing program 0 (id=671):
socket$alg(0x26, 0x5, 0x0)
r0 = socket$xdp(0x2c, 0x3, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000040)={'wlan1\x00', <r3=>0x0})
sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000008c0)={&(0x7f0000000140)=ANY=[@ANYRESDEC=r2, @ANYBLOB="828b430c22a708cbb3f25ee962e8227bea9bf100112015cc2c2fa20ce5b65459845ec01f9a0f33a653544b0a8959471f00e55f692eef64c369ca4ef367604c0779c02b64d0e997c9f9807d750a6575a0ad4bf568d72cde839d8147e30dc72d81f33c190452cca39bfa5f8108eaf4f1cf690640b0e1c8f9b8719e2d2c3fde884bafb41e768053179ba63878acf4633d7a99672ad85ba060def778122c16c6832bef37a6fcc7516749cc769e06ae3c72d9c3b69ddcccc6389458bbcf275f6a238ea5d9a620f6f814db716a4889f625", @ANYBLOB="1fe8ffff0000000000003b00000008000300", @ANYRES32=r3, @ANYBLOB="21003300d0800000080211000000080211000001505050505050000000000000", @ANYRES16=r0], 0x40}}, 0x0)

498.219534ms ago: executing program 1 (id=672):
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000180)=0x100000001, 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r1, 0x6, 0x14, &(0x7f0000000140)=0x1, 0x4)
connect$inet6(r1, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f00000002c0), 0x3)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='cpuacct.usage_sys\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f000000e0c0), 0x10010)
setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x1, &(0x7f0000000240)=@ccm_128={{0x304}, '\x00', "ed86a155b66f481507086fe637736e4c", "8968e562", "842546172794808f"}, 0x28)
sendfile(r1, r2, &(0x7f0000000100)=0x10, 0x10001)
ioctl$TUNSETOFFLOAD(r0, 0x40047438, 0x20001400)

430.532256ms ago: executing program 0 (id=673):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x8c, 0x30, 0x800, 0x70bd2c, 0x0, {}, [{0x78, 0x1, [@m_ct={0x2c, 0x2, 0x0, 0x0, {{0x7}, {0x4}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc, 0x7, {0x1}}, {0xc}}}]}]}, 0x8c}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x1, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket(0x1d, 0x3, 0x1)
r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58)
r6 = dup(r4)
r7 = accept4(r5, 0x0, 0x0, 0x0)
sendfile(r7, r6, 0x0, 0x8a000)
getsockopt$nfc_llcp(r3, 0x65, 0x8, 0x0, 0x20001008)
r8 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0)
ioctl$TCSETS(r8, 0x40045431, 0x0)
syz_open_pts(r8, 0x0)
ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0)
ioctl$SNDRV_SEQ_IOCTL_UNSUBSCRIBE_PORT(0xffffffffffffffff, 0x40505330, 0x0)
getrusage(0x0, &(0x7f0000000040))

363.011712ms ago: executing program 1 (id=674):
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TIOCGSERIAL(r0, 0x541e, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) (fail_nth: 4)

220.494358ms ago: executing program 1 (id=675):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
getpid()
ioperm(0x0, 0x4, 0x2)
fsetxattr$trusted_overlay_opaque(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x5)
sendmsg$IPSET_CMD_ADD(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)=ANY=[@ANYBLOB="54000000090601020000000000000000020000000900020073797a310000000005000100070000002c0007800c00018008000140ffffffff0500070002000000060004404e2200000c00028008000140"], 0x54}, 0x1, 0x0, 0x0, 0x10000082}, 0x80)

220.249579ms ago: executing program 1 (id=676):
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0x6, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18020000f2ffffff0000000000000000850000001700000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
iopl(0x3)
setpgid(0x0, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000005000000000000000000000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='contention_end\x00', r1}, 0x10)
r2 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000001c0)={0x114, 0x2d, 0x1, 0x0, 0x6000, "", [@nested={0x104, 0x0, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}, @typed={0x14, 0x1, 0x0, 0x0, @ipv6=@loopback={0x100000000000000}}, @generic="50bb2d6f67d29d6fabadb107d0def49c88ea04abde1d5e8d3fb22a1b5046778bdafefc46b0449ade68bf84b36ec72dd71265fc2e882348c26c2126237dd5b37f5ae655b1086cda40e00aec58754734be31d750351dc076eb43d9621dc08c029d1608a487f26fbe816b89f7cb81bff81a8b9482565856555ee923c65973deb0a99b962bc0fe94a3fcae3697bd7b85b3a682167c43dbf137115a40ebddcad74875ec58e9a3ddb9ad02a078cf0d972df9e99f079767734f69ce475f55ac64337803f5eb4e5842f4d98fe3fa370d47eb640dc5061dc35817c8a66c29be82fd3f8cd1"]}]}, 0x114}], 0x1}, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={0x0, &(0x7f0000000040)=""/155, 0x1000000, 0x9b, 0x1, 0x0, 0x0, @void, @value}, 0x20)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000200)={r0, 0x4000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, &(0x7f0000000280)="bf049f", 0x0, 0x8000}, 0x50)

202.363µs ago: executing program 1 (id=677):
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TIOCGSERIAL(r0, 0x541e, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

0s ago: executing program 1 (id=678):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000180)=@newtfilter={0x2c, 0x2c, 0x200, 0x70bd27, 0x0, {0x0, 0x0, 0x0, 0x0, {0xc, 0xffe0}, {}, {0xfff1}}, [@TCA_RATE={0x6, 0x5, {0x9, 0x3}}]}, 0x2c}, 0x1, 0x0, 0x0, 0x24004091}, 0x0)
r0 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000480)={0x0, 0x1c}}, 0x0)
getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c00000010008546000000000000ff0100000000", @ANYRES32=r1, @ANYBLOB="01000000002200001c0012000c000100626f6e64000000000c0002000800010006"], 0x3c}}, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x2)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r4)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffff11ffffffff000000", @ANYRES32=r5, @ANYBLOB="010000"], 0x3c}}, 0x0)
getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000180)=ANY=[@ANYBLOB="2c00000010000100000000000000000053000000", @ANYRES32=r6, @ANYBLOB="efdd0e4af11f02000a0001"], 0x2c}}, 0x0)

kernel console output (not intermixed with test programs):

e to avoid problems!
[   45.869742][ T5952] batman_adv: batadv0: Interface activated: batadv_slave_0
[   45.885048][ T6005] team0: Device gtp0 is of different type
[   45.894094][ T5952] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   45.896745][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   45.900073][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   45.902535][ T5952] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   45.906206][ T5952] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   45.909224][ T5952] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   45.912944][ T5952] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   45.917059][ T5952] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   45.923752][ T5952] batman_adv: batadv0: Interface activated: batadv_slave_1
[   45.940217][ T5952] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   45.944174][ T5952] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   45.947734][ T5952] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   45.950290][ T5952] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   45.955286][   T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   45.962056][   T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   45.969683][ T1170] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   45.972013][ T1170] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   45.974794][ T5945] Bluetooth: hci1: command tx timeout
[   46.004344][   T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   46.007392][   T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   46.013658][   T39] audit: type=1326 audit(1738809013.708:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6007 comm="syz.3.6" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f58579 code=0x0
[   46.013919][ T1136] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   46.024730][ T1136] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   46.037337][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   46.039821][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   46.042855][ T5945] Bluetooth: hci2: command tx timeout
[   46.042896][ T5297] Bluetooth: hci3: command tx timeout
[   46.043113][ T5948] Bluetooth: hci0: command tx timeout
[   46.653750][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   46.672336][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   46.674907][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   46.676065][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   46.677673][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   46.880875][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   46.942359][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   48.042958][ T5297] Bluetooth: hci1: command tx timeout
[   48.122391][ T5297] Bluetooth: hci0: command tx timeout
[   48.124349][ T5948] Bluetooth: hci2: command tx timeout
[   48.124354][ T5945] Bluetooth: hci3: command tx timeout
[   48.284445][ T6051] trusted_key: syz.3.13 sent an empty control message without MSG_MORE.
[   48.372543][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   48.374990][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   48.377399][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   49.075892][ T6072] netlink: 'syz.1.17': attribute type 1 has an invalid length.
[   49.079025][ T6072] netlink: 244 bytes leftover after parsing attributes in process `syz.1.17'.
[   49.289237][ T6074] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[   49.291148][ T6074] Bluetooth: hci0: Opcode 0x0406 failed: -4
[   49.296605][ T6074] Bluetooth: hci0: Opcode 0x0406 failed: -4
[   49.299803][ T6074] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[   49.301571][ T6074] Bluetooth: hci1: Opcode 0x0406 failed: -4
[   49.305706][ T6074] Bluetooth: hci1: Opcode 0x0406 failed: -4
[   49.309187][ T6074] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[   49.309526][ T6080] debugfs: Directory 'ttyS3' with parent 'caif_serial' already present!
[   49.311000][ T6074] Bluetooth: hci2: Opcode 0x0406 failed: -4
[   49.318865][ T6074] Bluetooth: hci2: Opcode 0x0406 failed: -4
[   49.321708][ T6074] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[   49.324328][ T6074] Bluetooth: hci3: Opcode 0x0406 failed: -4
[   49.335325][ T6074] Bluetooth: hci3: Opcode 0x0406 failed: -4
[   49.632614][ T6100] process 'syz.3.20' launched './file0' with NULL argv: empty string added
[   49.807656][ T6070] orangefs_mount: mount request failed with -4
[   50.762682][ T5980] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[   50.914667][ T5980] usb 5-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[   50.917619][ T5980] usb 5-1: config 27 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[   50.920702][ T5980] usb 5-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[   50.925943][ T5980] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[   50.928605][ T5980] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   50.935532][ T5980] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[   50.947490][ T5980] snd-usb-audio 5-1:27.0: probe with driver snd-usb-audio failed with error -2
[   50.963032][ T5934] udevd[5934]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb5/5-1/5-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[   51.146013][ T5999] usb 5-1: USB disconnect, device number 2
[   51.243732][ T5948] Bluetooth: hci0: command 0x0419 tx timeout
[   51.323108][ T5948] Bluetooth: hci3: command 0x0419 tx timeout
[   51.323131][ T5297] Bluetooth: hci2: command 0x0419 tx timeout
[   51.324968][ T5948] Bluetooth: hci1: command 0x0419 tx timeout
[   51.457513][ T6151] netfs: Couldn't get user pages (rc=-14)
[   51.811423][ T6157] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   51.824580][ T6157] JFS: discard option not supported on device
[   51.827197][ T6157] syz.1.31: attempt to access beyond end of device
[   51.827197][ T6157] loop1: rw=0, sector=64, nr_sectors = 8 limit=0
[   51.832689][ T6157] syz.1.31: attempt to access beyond end of device
[   51.832689][ T6157] loop1: rw=0, sector=120, nr_sectors = 8 limit=0
[   51.836709][ T6157] Mount JFS Failure: -5
[   51.838048][ T6157] jfs_mount failed w/return code = -5
[   51.848334][ T6157] xfs: Unknown parameter 'usrquotaªªªªªª'
[   51.947635][ T6161] bridge0: port 2(bridge_slave_1) entered disabled state
[   52.682535][ T5950] Bluetooth: hci4: command 0x1003 tx timeout
[   52.684429][ T5945] Bluetooth: hci4: Opcode 0x1003 failed: -110
[   52.903767][ T6177] netlink: 4 bytes leftover after parsing attributes in process `syz.1.36'.
[   53.332290][ T5945] Bluetooth: hci0: command 0x0419 tx timeout
[   53.402339][ T5945] Bluetooth: hci2: command 0x0419 tx timeout
[   53.402929][ T5950] Bluetooth: hci3: command 0x0419 tx timeout
[   53.404451][ T5948] Bluetooth: hci1: command 0x0419 tx timeout
[   54.023528][ T6203] tipc: Enabling of bearer <udp:syz1> rejected, failed to enable media
[   54.158002][ T6208] input: syz0 as /devices/virtual/input/input6
[   54.958290][ T6219] netlink: 40 bytes leftover after parsing attributes in process `syz.0.47'.
[   54.961363][ T6219] netlink: 40 bytes leftover after parsing attributes in process `syz.0.47'.
[   55.034014][ T6224] capability: warning: `syz.2.48' uses deprecated v2 capabilities in a way that may be insecure
[   55.402836][ T5950] Bluetooth: hci0: command 0x0419 tx timeout
[   55.482496][ T5950] Bluetooth: hci3: command 0x0419 tx timeout
[   55.482823][ T5945] Bluetooth: hci1: command 0x0419 tx timeout
[   55.482842][ T5948] Bluetooth: hci2: command 0x0419 tx timeout
[   56.525786][ T6253] netlink: 20 bytes leftover after parsing attributes in process `syz.2.57'.
[   56.528557][ T6253] netlink: 20 bytes leftover after parsing attributes in process `syz.2.57'.
[   56.555159][ T6253] netlink: 20 bytes leftover after parsing attributes in process `syz.2.57'.
[   56.557773][ T6253] netlink: 20 bytes leftover after parsing attributes in process `syz.2.57'.
[   56.593485][ T6253] netlink: 20 bytes leftover after parsing attributes in process `syz.2.57'.
[   56.596228][ T6253] netlink: 20 bytes leftover after parsing attributes in process `syz.2.57'.
[   56.822093][ T6262] netlink: 'syz.2.59': attribute type 1 has an invalid length.
[   57.067880][ T6267] netlink: 24 bytes leftover after parsing attributes in process `syz.3.61'.
[   57.485168][ T5945] Bluetooth: hci0: command 0x0419 tx timeout
[   57.562276][ T5945] Bluetooth: hci1: command 0x0419 tx timeout
[   57.562293][ T5950] Bluetooth: hci3: command 0x0419 tx timeout
[   57.562370][ T5948] Bluetooth: hci2: command 0x0419 tx timeout
[   57.924090][   T39] audit: type=1326 audit(1738809025.618:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6296 comm="syz.1.68" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf749e579 code=0x7ffc0000
[   57.930318][   T39] audit: type=1326 audit(1738809025.618:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6296 comm="syz.1.68" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf749e579 code=0x7ffc0000
[   57.938615][   T39] audit: type=1326 audit(1738809025.618:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6296 comm="syz.1.68" exe="/syz-executor" sig=0 arch=40000003 syscall=120 compat=1 ip=0xf749e579 code=0x7ffc0000
[   57.946995][   T39] audit: type=1326 audit(1738809025.628:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6296 comm="syz.1.68" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf749e579 code=0x7ffc0000
[   57.954434][   T39] audit: type=1326 audit(1738809025.628:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6296 comm="syz.1.68" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf749e579 code=0x7ffc0000
[   57.960774][   T39] audit: type=1326 audit(1738809025.638:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6298 comm="syz.1.68" exe="/syz-executor" sig=0 arch=40000003 syscall=267 compat=1 ip=0xf749e579 code=0x7ffc0000
[   57.971110][   T39] audit: type=1326 audit(1738809025.638:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6296 comm="syz.1.68" exe="/syz-executor" sig=0 arch=40000003 syscall=270 compat=1 ip=0xf749e579 code=0x7ffc0000
[   57.976865][   T39] audit: type=1326 audit(1738809025.638:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6296 comm="syz.1.68" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf749e579 code=0x7ffc0000
[   57.982745][   T39] audit: type=1326 audit(1738809025.638:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6296 comm="syz.1.68" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf749e579 code=0x7ffc0000
[   57.988481][   T39] audit: type=1326 audit(1738809025.638:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6298 comm="syz.1.68" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf749e598 code=0x7ffc0000
[   59.106899][ T6321] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   59.902422][ T6339] netlink: 4 bytes leftover after parsing attributes in process `syz.2.77'.
[   59.907040][ T6339] overlayfs: failed to resolve './file1': -2
[   60.183702][ T6356] netem: incorrect ge model size
[   60.186038][ T6356] netem: change failed
[   60.604657][ T6369] Zero length message leads to an empty skb
[   61.112027][ T6376] netlink: 20 bytes leftover after parsing attributes in process `syz.1.89'.
[   61.116464][ T6376] netlink: 20 bytes leftover after parsing attributes in process `syz.1.89'.
[   61.190818][ T6383] loop6: detected capacity change from 0 to 64
[   61.198360][    C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 8 prio class 0
[   61.202678][    C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[   61.206548][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[   61.210186][    C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[   61.212990][    C1] Buffer I/O error on dev loop6, logical block 0, async page read
[   61.215490][    C2] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[   61.218951][    C2] Buffer I/O error on dev loop6, logical block 0, async page read
[   61.222131][    C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[   61.225847][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[   61.504957][ T6399] ISOFS: Unable to identify CD-ROM format.
[   62.115270][ T6416] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[   62.194378][ T6420] openvswitch: netlink: Missing key (keys=40, expected=2000)
[   62.229122][ T6398] Process accounting resumed
[   62.651648][ T6432] syzkaller0: entered promiscuous mode
[   62.655177][ T6432] syzkaller0: entered allmulticast mode
[   62.658757][ T6432] FAULT_INJECTION: forcing a failure.
[   62.658757][ T6432] name failslab, interval 1, probability 0, space 0, times 1
[   62.662436][ T6432] CPU: 3 UID: 0 PID: 6432 Comm: syz.3.109 Not tainted 6.14.0-rc1-syzkaller-00034-g92514ef226f5 #0
[   62.662449][ T6432] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   62.662454][ T6432] Call Trace:
[   62.662457][ T6432]  <TASK>
[   62.662461][ T6432]  dump_stack_lvl+0x16c/0x1f0
[   62.662479][ T6432]  should_fail_ex+0x50a/0x650
[   62.662505][ T6432]  ? fs_reclaim_acquire+0xae/0x150
[   62.662524][ T6432]  should_failslab+0xc2/0x120
[   62.662537][ T6432]  __kmalloc_noprof+0xce/0x4f0
[   62.662548][ T6432]  ? __pfx___mutex_trylock_common+0x10/0x10
[   62.662561][ T6432]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290
[   62.662579][ T6432]  genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290
[   62.662597][ T6432]  genl_family_rcv_msg_doit+0xbf/0x2f0
[   62.662613][ T6432]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[   62.662628][ T6432]  ? trace_cap_capable+0x1a2/0x210
[   62.662646][ T6432]  ? bpf_lsm_capable+0x9/0x10
[   62.662658][ T6432]  ? security_capable+0x7e/0x260
[   62.662672][ T6432]  ? ns_capable+0xd7/0x110
[   62.662686][ T6432]  genl_rcv_msg+0x565/0x800
[   62.662696][ T6432]  ? __pfx_genl_rcv_msg+0x10/0x10
[   62.662705][ T6432]  ? __pfx_batadv_pre_doit+0x10/0x10
[   62.662714][ T6432]  ? __pfx_batadv_netlink_set_mesh+0x10/0x10
[   62.662722][ T6432]  ? __pfx_batadv_post_doit+0x10/0x10
[   62.662735][ T6432]  netlink_rcv_skb+0x165/0x410
[   62.662748][ T6432]  ? __pfx_genl_rcv_msg+0x10/0x10
[   62.662758][ T6432]  ? __pfx_netlink_rcv_skb+0x10/0x10
[   62.662776][ T6432]  ? down_read+0xc9/0x330
[   62.662785][ T6432]  ? __pfx_down_read+0x10/0x10
[   62.662795][ T6432]  ? netlink_deliver_tap+0x1ae/0xca0
[   62.662809][ T6432]  genl_rcv+0x28/0x40
[   62.662822][ T6432]  netlink_unicast+0x53c/0x7f0
[   62.662837][ T6432]  ? __pfx_netlink_unicast+0x10/0x10
[   62.662850][ T6432]  ? __phys_addr_symbol+0x30/0x80
[   62.662865][ T6432]  ? __check_object_size+0x488/0x710
[   62.662880][ T6432]  netlink_sendmsg+0x8b8/0xd70
[   62.662895][ T6432]  ? __pfx_netlink_sendmsg+0x10/0x10
[   62.662912][ T6432]  ____sys_sendmsg+0x9ae/0xb40
[   62.662926][ T6432]  ? __pfx_____sys_sendmsg+0x10/0x10
[   62.662937][ T6432]  ? get_compat_msghdr+0x11b/0x170
[   62.662955][ T6432]  ___sys_sendmsg+0x135/0x1e0
[   62.662965][ T6432]  ? __pfx____sys_sendmsg+0x10/0x10
[   62.662979][ T6432]  ? __pfx_lock_release+0x10/0x10
[   62.662990][ T6432]  ? trace_lock_acquire+0x14e/0x1f0
[   62.663003][ T6432]  ? __fget_files+0x206/0x3a0
[   62.663016][ T6432]  __sys_sendmsg+0x16e/0x220
[   62.663026][ T6432]  ? __pfx___sys_sendmsg+0x10/0x10
[   62.663043][ T6432]  __do_fast_syscall_32+0x73/0x120
[   62.663053][ T6432]  do_fast_syscall_32+0x32/0x80
[   62.663061][ T6432]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[   62.663077][ T6432] RIP: 0023:0xf7f58579
[   62.663084][ T6432] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[   62.663093][ T6432] RSP: 002b:00000000f507655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[   62.663102][ T6432] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000880
[   62.663108][ T6432] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   62.663113][ T6432] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   62.663117][ T6432] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[   62.663122][ T6432] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   62.663133][ T6432]  </TASK>
[   63.541506][ T6442] netlink: 'syz.2.113': attribute type 21 has an invalid length.
[   63.547723][ T6442] netlink: 'syz.2.113': attribute type 1 has an invalid length.
[   63.899758][ T6455] raw_sendmsg: syz.0.116 forgot to set AF_INET. Fix it!
[   64.162591][ T5945] Bluetooth: hci3: SCO packet for unknown connection handle 200
[   64.282275][ T5950] Bluetooth: hci4: Opcode 0x1003 failed: -110
[   64.323972][ T6472] Illegal XDP return value 4294967294 on prog  (id 17) dev N/A, expect packet loss!
[   64.621806][ T6480] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[   64.662346][    T8] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[   64.824043][    T8] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   64.832583][    T8] usb 6-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024
[   64.852006][    T8] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[   64.854862][    T8] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   64.857233][    T8] usb 6-1: Product: syz
[   64.858518][    T8] usb 6-1: Manufacturer: syz
[   64.859900][    T8] usb 6-1: SerialNumber: syz
[   65.069381][ T6476] netlink: 488 bytes leftover after parsing attributes in process `syz.1.124'.
[   65.074078][ T6476] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[   65.252324][  T834] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[   65.414834][  T834] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   65.429756][  T834] usb 7-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024
[   65.434511][  T834] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[   65.437150][  T834] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   65.439491][  T834] usb 7-1: Product: syz
[   65.440724][  T834] usb 7-1: Manufacturer: syz
[   65.442105][  T834] usb 7-1: SerialNumber: syz
[   65.656012][ T6494] netlink: 488 bytes leftover after parsing attributes in process `syz.2.131'.
[   65.659175][ T6494] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[   65.665108][ T6502] vxcan1: entered promiscuous mode
[   65.686246][ T6476] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[   65.769710][ T6510] netlink: 4 bytes leftover after parsing attributes in process `syz.0.135'.
[   65.891031][    T8] cdc_mbim 6-1:1.0: MAC-Address: 42:42:42:42:42:42
[   65.893066][    T8] cdc_mbim 6-1:1.0: dwNtbInMaxSize=0 is too small. Using 2048
[   65.895325][    T8] cdc_mbim 6-1:1.0: setting rx_max = 2048
[   65.921057][ T6526] input: syz0 as /devices/virtual/input/input8
[   65.929051][ T6526] autofs: Unknown parameter ''
[   65.931085][ T6526] netlink: 44 bytes leftover after parsing attributes in process `syz.0.141'.
[   66.091140][    T8] cdc_mbim 6-1:1.0: setting tx_max = 184
[   66.096321][    T8] cdc_mbim 6-1:1.0: cdc-wdm0: USB WDM device
[   66.101392][    T8] wwan wwan0: port wwan0mbim0 attached
[   66.110389][    T8] cdc_mbim 6-1:1.0 wwan0: register 'cdc_mbim' at usb-dummy_hcd.1-1, CDC MBIM, 42:42:42:42:42:42
[   66.245409][ T5658] 8021q: adding VLAN 0 to HW filter on device wwan0
[   66.263692][ T6494] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[   66.292892][    C0] cdc_mbim 6-1:1.0: nonzero urb status received: -71
[   66.294923][    C0] cdc_mbim 6-1:1.0: wdm_int_callback - 0 bytes
[   66.296886][    C0] cdc_mbim 6-1:1.0: nonzero urb status received: -71
[   66.298857][    C0] cdc_mbim 6-1:1.0: wdm_int_callback - 0 bytes
[   66.300837][    C0] cdc_mbim 6-1:1.0: nonzero urb status received: -71
[   66.302793][    C0] cdc_mbim 6-1:1.0: wdm_int_callback - 0 bytes
[   66.304736][    C0] cdc_mbim 6-1:1.0: nonzero urb status received: -71
[   66.306676][    C0] cdc_mbim 6-1:1.0: wdm_int_callback - 0 bytes
[   66.308702][    C0] cdc_mbim 6-1:1.0: nonzero urb status received: -71
[   66.310662][    C0] cdc_mbim 6-1:1.0: wdm_int_callback - 0 bytes
[   66.312674][    C0] cdc_mbim 6-1:1.0: nonzero urb status received: -71
[   66.314583][    C0] cdc_mbim 6-1:1.0: wdm_int_callback - 0 bytes
[   66.316658][    C0] cdc_mbim 6-1:1.0: nonzero urb status received: -71
[   66.318560][    C0] cdc_mbim 6-1:1.0: wdm_int_callback - 0 bytes
[   66.320566][    C0] cdc_mbim 6-1:1.0: nonzero urb status received: -71
[   66.322520][    C0] cdc_mbim 6-1:1.0: wdm_int_callback - 0 bytes
[   66.324455][    C0] cdc_mbim 6-1:1.0: nonzero urb status received: -71
[   66.326380][    C0] cdc_mbim 6-1:1.0: wdm_int_callback - 0 bytes
[   66.328332][    C0] cdc_mbim 6-1:1.0: nonzero urb status received: -71
[   66.330275][    C0] cdc_mbim 6-1:1.0: wdm_int_callback - 0 bytes
[   66.466781][  T834] cdc_mbim 7-1:1.0: MAC-Address: 42:42:42:42:42:42
[   66.468798][  T834] cdc_mbim 7-1:1.0: dwNtbInMaxSize=0 is too small. Using 2048
[   66.471079][  T834] cdc_mbim 7-1:1.0: setting rx_max = 2048
[   66.659167][ T6551] warning: `syz.1.124' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[   66.667346][  T834] cdc_mbim 7-1:1.0: setting tx_max = 184
[   66.670557][  T834] cdc_mbim 7-1:1.0: cdc-wdm1: USB WDM device
[   66.674233][  T834] wwan wwan1: port wwan1mbim0 attached
[   66.677966][  T834] cdc_mbim 7-1:1.0 wwan1: register 'cdc_mbim' at usb-dummy_hcd.2-1, CDC MBIM, 42:42:42:42:42:42
[   66.742636][ T5980] usb 6-1: USB disconnect, device number 2
[   66.745178][ T5980] cdc_mbim 6-1:1.0 wwan0: unregister 'cdc_mbim' usb-dummy_hcd.1-1, CDC MBIM
[   66.807036][ T5658] 8021q: adding VLAN 0 to HW filter on device wwan1
[   66.825176][ T6529] syz.0.142 (6529) used greatest stack depth: 19824 bytes left
[   66.846861][ T5980] wwan wwan0: port wwan0mbim0 disconnected
[   67.278285][ T6585] netlink: 12 bytes leftover after parsing attributes in process `syz.1.145'.
[   67.385905][ T6593] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[   67.559878][ T6621] block device autoloading is deprecated and will be removed.
[   68.190282][ T6656] netlink: 'syz.3.161': attribute type 21 has an invalid length.
[   68.251991][    T8] usb 7-1: USB disconnect, device number 2
[   68.261617][    T8] cdc_mbim 7-1:1.0 wwan1: unregister 'cdc_mbim' usb-dummy_hcd.2-1, CDC MBIM
[   68.337484][    T8] wwan wwan1: port wwan1mbim0 disconnected
[   68.525504][ T5950] Bluetooth: hci2: SCO packet for unknown connection handle 200
[   68.743004][ T6660] syz.2.162 (6660): drop_caches: 2
[   68.776492][ T6688] FAULT_INJECTION: forcing a failure.
[   68.776492][ T6688] name fail_usercopy, interval 1, probability 0, space 0, times 1
[   68.780243][ T6688] CPU: 3 UID: 0 PID: 6688 Comm: syz.1.165 Not tainted 6.14.0-rc1-syzkaller-00034-g92514ef226f5 #0
[   68.780255][ T6688] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   68.780260][ T6688] Call Trace:
[   68.780263][ T6688]  <TASK>
[   68.780267][ T6688]  dump_stack_lvl+0x16c/0x1f0
[   68.780284][ T6688]  should_fail_ex+0x50a/0x650
[   68.780298][ T6688]  _copy_from_iter+0x29b/0x1400
[   68.780312][ T6688]  ? trace_lock_acquire+0x14e/0x1f0
[   68.780322][ T6688]  ? __alloc_skb+0x200/0x380
[   68.780331][ T6688]  ? __pfx__copy_from_iter+0x10/0x10
[   68.780343][ T6688]  ? __virt_addr_valid+0x1a4/0x590
[   68.780354][ T6688]  ? __virt_addr_valid+0x5e/0x590
[   68.780362][ T6688]  ? __phys_addr_symbol+0x30/0x80
[   68.780376][ T6688]  ? __check_object_size+0x488/0x710
[   68.780389][ T6688]  netlink_sendmsg+0x813/0xd70
[   68.780405][ T6688]  ? __pfx_netlink_sendmsg+0x10/0x10
[   68.780422][ T6688]  ____sys_sendmsg+0x9ae/0xb40
[   68.780436][ T6688]  ? __pfx_____sys_sendmsg+0x10/0x10
[   68.780448][ T6688]  ? get_compat_msghdr+0x11b/0x170
[   68.780465][ T6688]  ___sys_sendmsg+0x135/0x1e0
[   68.780475][ T6688]  ? __pfx____sys_sendmsg+0x10/0x10
[   68.780489][ T6688]  ? __pfx_lock_release+0x10/0x10
[   68.780499][ T6688]  ? trace_lock_acquire+0x14e/0x1f0
[   68.780511][ T6688]  ? __fget_files+0x206/0x3a0
[   68.780525][ T6688]  __sys_sendmsg+0x16e/0x220
[   68.780535][ T6688]  ? __pfx___sys_sendmsg+0x10/0x10
[   68.780551][ T6688]  __do_fast_syscall_32+0x73/0x120
[   68.780561][ T6688]  do_fast_syscall_32+0x32/0x80
[   68.780570][ T6688]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[   68.780585][ T6688] RIP: 0023:0xf749e579
[   68.780592][ T6688] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[   68.780601][ T6688] RSP: 002b:00000000f512655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[   68.780610][ T6688] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000000
[   68.780615][ T6688] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   68.780620][ T6688] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   68.780625][ T6688] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[   68.780630][ T6688] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   68.780640][ T6688]  </TASK>
[   68.889393][ T6691] xt_hashlimit: overflow, try lower: 17592186044416/6
[   69.172263][ T5999] usb 8-1: new high-speed USB device number 2 using dummy_hcd
[   69.325001][ T5999] usb 8-1: Using ep0 maxpacket: 8
[   69.333255][ T5999] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[   69.336103][ T5999] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[   69.339110][ T5999] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0
[   69.341916][ T5999] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0
[   69.345129][ T5999] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[   69.348879][ T5999] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[   69.351591][ T5999] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   69.358182][ T5999] usbtmc 8-1:16.0: probe with driver usbtmc failed with error -22
[   69.913123][ T6710] xt_TCPMSS: Only works on TCP SYN packets
[   70.019281][ T6712] netlink: 'syz.1.173': attribute type 10 has an invalid length.
[   70.026291][ T6712] 8021q: adding VLAN 0 to HW filter on device team0
[   70.030054][ T6712] bond0: (slave team0): Enslaving as an active interface with an up link
[   70.474623][ T6719] batman_adv: batadv0: adding TT local entry aa:aa:aa:aa:aa:2a to non-existent VLAN 1280
[   70.478194][ T6719] netlink: 4 bytes leftover after parsing attributes in process `syz.0.176'.
[   70.480802][ T6719] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   70.483896][ T6719] batman_adv: batadv0: Removing interface: batadv_slave_0
[   70.486808][ T6719] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   70.489060][ T6719] batman_adv: batadv0: Removing interface: batadv_slave_1
[   70.765184][ T1414] ieee802154 phy0 wpan0: encryption failed: -22
[   70.767477][ T1414] ieee802154 phy1 wpan1: encryption failed: -22
[   72.207737][ T5999] usb 8-1: USB disconnect, device number 2
[   72.330541][ T6744] netlink: 24 bytes leftover after parsing attributes in process `syz.3.183'.
[   72.832678][ T6757] bond0: entered promiscuous mode
[   72.834777][ T6757] bond_slave_0: entered promiscuous mode
[   72.837289][ T6757] bond_slave_1: entered promiscuous mode
[   72.849283][ T6769] IPVS: length: 143 != 24
[   72.862339][ T6757] capability: warning: `syz.2.186' uses 32-bit capabilities (legacy support in use)
[   72.900217][ T5980] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None
[   73.119833][ T6786] overlayfs: workdir and upperdir must be separate subtrees
[   75.885247][   T35] cfg80211: failed to load regulatory.db
[   83.019056][ T6841] netlink: 8 bytes leftover after parsing attributes in process `syz.3.203'.
[   83.838043][ T6860] netlink: 28 bytes leftover after parsing attributes in process `syz.1.207'.
[   83.842558][ T6857] 9pnet_rdma: rdma_create_trans (6857): problem binding to privport: 13
[   83.844180][ T6860] netlink: 'syz.1.207': attribute type 7 has an invalid length.
[   83.849728][ T6860] netlink: 'syz.1.207': attribute type 8 has an invalid length.
[   83.853514][ T6860] netlink: 4 bytes leftover after parsing attributes in process `syz.1.207'.
[   83.858268][ T6858] netlink: 28 bytes leftover after parsing attributes in process `syz.1.207'.
[   83.861719][ T6858] netlink: 'syz.1.207': attribute type 7 has an invalid length.
[   83.865213][ T6858] netlink: 'syz.1.207': attribute type 8 has an invalid length.
[   83.867491][ T6858] netlink: 4 bytes leftover after parsing attributes in process `syz.1.207'.
[   83.973621][ T6872] netlink: 'syz.3.213': attribute type 9 has an invalid length.
[   83.976562][ T6872] netlink: 201392 bytes leftover after parsing attributes in process `syz.3.213'.
[   83.985982][ T6872] netlink: 4 bytes leftover after parsing attributes in process `syz.3.213'.
[   83.990826][ T6872] netlink: 104 bytes leftover after parsing attributes in process `syz.3.213'.
[   83.994244][ T6872] netlink: 104 bytes leftover after parsing attributes in process `syz.3.213'.
[   84.038381][ T6873] loop9: detected capacity change from 0 to 8
[   84.045345][ T6873]  loop9: [CUMANA/ADFS] p1 [ADFS] p1
[   84.048140][ T6873] loop9: partition table partially beyond EOD, truncated
[   84.052140][ T6873] loop9: p1 size 81768186 extends beyond EOD, truncated
[   84.138602][ T6818]  loop9: [CUMANA/ADFS] p1 [ADFS] p1
[   84.140505][ T6818] loop9: partition table partially beyond EOD, truncated
[   84.142996][ T6818] loop9: p1 size 81768186 extends beyond EOD, truncated
[   84.224000][ T6873]  loop9: [CUMANA/ADFS] p1 [ADFS] p1
[   84.225606][ T6873] loop9: partition table partially beyond EOD, truncated
[   84.227707][ T6873] loop9: p1 size 81768186 extends beyond EOD, truncated
[   84.574729][ T6889] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[   84.580744][ T5945] Bluetooth: hci2: ACL packet for unknown connection handle 201
[   84.615793][   T39] kauditd_printk_skb: 28 callbacks suppressed
[   84.615803][   T39] audit: type=1326 audit(1738809052.308:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6890 comm="syz.0.218" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf746e579 code=0x0
[   85.566762][ T6907] netlink: 'syz.0.223': attribute type 9 has an invalid length.
[   85.569028][ T6907] netlink: 201392 bytes leftover after parsing attributes in process `syz.0.223'.
[   85.852063][ T6914] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (128 ns). Using initial count to start timer.
[   85.882505][ T5950] Bluetooth: hci4: Entering manufacturer mode failed (-110)
[   85.882508][ T5945] Bluetooth: hci4: command 0xfc11 tx timeout
[   85.990398][ T1464] hid-generic 0006:0003:007F.0002: unknown main item tag 0x0
[   85.992857][ T1464] hid-generic 0006:0003:007F.0002: item fetching failed at offset 5/132
[   85.996067][ T1464] hid-generic 0006:0003:007F.0002: probe with driver hid-generic failed with error -22
[   86.544094][ T6938] gretap0: entered promiscuous mode
[   86.571104][ T6940] netlink: 'syz.1.233': attribute type 9 has an invalid length.
[   86.861767][ T6956] openvswitch: netlink: ufid size 20 bytes exceeds the range (1, 16)
[   86.864113][ T6956] openvswitch: netlink: Flow set message rejected, Key attribute missing.
[   87.087362][ T6972] netlink: 'syz.3.243': attribute type 3 has an invalid length.
[   87.240032][ T6984] FAULT_INJECTION: forcing a failure.
[   87.240032][ T6984] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   87.244519][ T6984] CPU: 0 UID: 0 PID: 6984 Comm: syz.1.248 Not tainted 6.14.0-rc1-syzkaller-00034-g92514ef226f5 #0
[   87.244533][ T6984] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   87.244538][ T6984] Call Trace:
[   87.244541][ T6984]  <TASK>
[   87.244545][ T6984]  dump_stack_lvl+0x16c/0x1f0
[   87.244579][ T6984]  should_fail_ex+0x50a/0x650
[   87.244604][ T6984]  _copy_to_user+0x32/0xd0
[   87.244619][ T6984]  simple_read_from_buffer+0xd0/0x160
[   87.244635][ T6984]  proc_fail_nth_read+0x198/0x270
[   87.244649][ T6984]  ? __pfx_proc_fail_nth_read+0x10/0x10
[   87.244663][ T6984]  ? rw_verify_area+0xcf/0x680
[   87.244676][ T6984]  ? __pfx_proc_fail_nth_read+0x10/0x10
[   87.244690][ T6984]  vfs_read+0x1df/0xbf0
[   87.244699][ T6984]  ? __fget_files+0x1fc/0x3a0
[   87.244709][ T6984]  ? __pfx___mutex_lock+0x10/0x10
[   87.244723][ T6984]  ? __pfx_vfs_read+0x10/0x10
[   87.244735][ T6984]  ? __fget_files+0x206/0x3a0
[   87.244748][ T6984]  ksys_read+0x12b/0x250
[   87.244756][ T6984]  ? __pfx_ksys_read+0x10/0x10
[   87.244769][ T6984]  __do_fast_syscall_32+0x73/0x120
[   87.244779][ T6984]  do_fast_syscall_32+0x32/0x80
[   87.244787][ T6984]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[   87.244803][ T6984] RIP: 0023:0xf749e579
[   87.244811][ T6984] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[   87.244819][ T6984] RSP: 002b:00000000f5126590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[   87.244828][ T6984] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 00000000f5126620
[   87.244834][ T6984] RDX: 000000000000000f RSI: 00000000f748cff4 RDI: 0000000000000000
[   87.244839][ T6984] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[   87.244843][ T6984] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[   87.244848][ T6984] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   87.244859][ T6984]  </TASK>
[   87.526804][ T6991] syz.1.251 uses obsolete (PF_INET,SOCK_PACKET)
[   87.601568][ T6991] vlan1: entered promiscuous mode
[   87.603889][ T6991] vlan1: entered allmulticast mode
[   87.605654][ T6991] veth0_vlan: entered allmulticast mode
[   88.033712][ T7010] xt_socket: unknown flags 0x4
[   88.412294][ T5980] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[   88.572270][ T5980] usb 7-1: Using ep0 maxpacket: 16
[   88.575288][ T5980] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   88.578272][ T5980] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   88.580947][ T5980] usb 7-1: New USB device found, idVendor=1770, idProduct=ff00, bcdDevice= 0.00
[   88.583985][ T5980] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   88.587250][ T5980] usb 7-1: config 0 descriptor??
[   88.793098][ T7021] xt_CHECKSUM: CHECKSUM should be avoided.  If really needed, restrict with "-p udp" and only use in OUTPUT
[   88.798835][ T7021] x_tables: ip_tables: rpfilter match: used from hooks FORWARD, but only valid from PREROUTING
[   88.798949][ T5980] gt683r_led 0003:1770:FF00.0003: hidraw1: USB HID v0.00 Device [HID 1770:ff00] on usb-dummy_hcd.2-1/input0
[   88.817889][    T8] usb 7-1: USB disconnect, device number 3
[   88.845155][  T834] gt683r_led 0003:1770:FF00.0003: failed to send set report request: -19
[   88.863621][  T834] gt683r_led 0003:1770:FF00.0003: failed to send set report request: -19
[   88.875465][ T7029] __nla_validate_parse: 12 callbacks suppressed
[   88.875476][ T7029] netlink: 4 bytes leftover after parsing attributes in process `syz.0.262'.
[   89.511803][ T7054] FAULT_INJECTION: forcing a failure.
[   89.511803][ T7054] name failslab, interval 1, probability 0, space 0, times 0
[   89.517780][ T7054] CPU: 0 UID: 0 PID: 7054 Comm: syz.0.267 Not tainted 6.14.0-rc1-syzkaller-00034-g92514ef226f5 #0
[   89.517811][ T7054] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   89.517818][ T7054] Call Trace:
[   89.517821][ T7054]  <TASK>
[   89.517825][ T7054]  dump_stack_lvl+0x16c/0x1f0
[   89.517843][ T7054]  should_fail_ex+0x50a/0x650
[   89.517855][ T7054]  ? fs_reclaim_acquire+0xae/0x150
[   89.517871][ T7054]  ? fuse_lookup_name+0x150/0x7e0
[   89.517881][ T7054]  should_failslab+0xc2/0x120
[   89.517893][ T7054]  __kmalloc_cache_noprof+0x68/0x420
[   89.517904][ T7054]  ? __pfx___mutex_trylock_common+0x10/0x10
[   89.517920][ T7054]  ? hlock_class+0x4e/0x130
[   89.517935][ T7054]  fuse_lookup_name+0x150/0x7e0
[   89.517946][ T7054]  ? __mutex_lock+0x1cc/0xb10
[   89.517960][ T7054]  ? __pfx_fuse_lookup_name+0x10/0x10
[   89.517971][ T7054]  ? fuse_lock_inode+0xd2/0x110
[   89.517987][ T7054]  ? mark_held_locks+0x9f/0xe0
[   89.517999][ T7054]  ? __pfx___lock_acquire+0x10/0x10
[   89.518013][ T7054]  fuse_lookup+0x1b1/0x430
[   89.518022][ T7054]  ? lock_acquire.part.0+0x11b/0x380
[   89.518033][ T7054]  ? __pfx_fuse_lookup+0x10/0x10
[   89.518045][ T7054]  ? d_alloc+0x176/0x1e0
[   89.518060][ T7054]  ? do_raw_spin_unlock+0x172/0x230
[   89.518074][ T7054]  ? _raw_spin_unlock+0x28/0x50
[   89.518088][ T7054]  lookup_one_qstr_excl+0x11d/0x190
[   89.518101][ T7054]  ? mnt_want_write+0x161/0x450
[   89.518116][ T7054]  do_renameat2+0x532/0xdd0
[   89.518131][ T7054]  ? __pfx_do_renameat2+0x10/0x10
[   89.518142][ T7054]  ? lock_acquire+0x2f/0xb0
[   89.518155][ T7054]  ? __virt_addr_valid+0x5e/0x590
[   89.518164][ T7054]  ? __phys_addr_symbol+0x30/0x80
[   89.518183][ T7054]  ? getname_flags.part.0+0x1c5/0x550
[   89.518195][ T7054]  ? __might_fault+0xe3/0x190
[   89.518209][ T7054]  __ia32_sys_rename+0x7c/0xa0
[   89.518221][ T7054]  __do_fast_syscall_32+0x73/0x120
[   89.518231][ T7054]  do_fast_syscall_32+0x32/0x80
[   89.518259][ T7054]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[   89.518275][ T7054] RIP: 0023:0xf746e579
[   89.518282][ T7054] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[   89.518291][ T7054] RSP: 002b:00000000f50b455c EFLAGS: 00000296 ORIG_RAX: 0000000000000026
[   89.518300][ T7054] RAX: ffffffffffffffda RBX: 0000000080000100 RCX: 0000000080000140
[   89.518305][ T7054] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   89.518310][ T7054] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   89.518315][ T7054] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[   89.518320][ T7054] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   89.518331][ T7054]  </TASK>
[   89.913692][ T7070] sock: sock_timestamping_bind_phc: sock not bind to device
[   90.102354][ T5999] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[   90.290203][ T7078] loop4: detected capacity change from 0 to 7
[   90.295586][ T7078] Dev loop4: unable to read RDB block 7
[   90.297326][ T7078]  loop4: unable to read partition table
[   90.299285][ T7078] loop4: partition table beyond EOD, truncated
[   90.301056][ T7078] loop_reread_partitions: partition scan of loop4 (þ被xü—ŸÑà– ) failed (rc=-5)
[   90.302419][ T5999] usb 5-1: Using ep0 maxpacket: 32
[   90.309027][ T5999] usb 5-1: config index 0 descriptor too short (expected 156, got 27)
[   90.311906][ T5999] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[   90.320830][ T5999] usb 5-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[   90.324030][ T5999] usb 5-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[   90.326529][ T5999] usb 5-1: Product: syz
[   90.327856][ T5999] usb 5-1: Manufacturer: syz
[   90.329281][ T5999] usb 5-1: SerialNumber: syz
[   90.331732][ T5999] usb 5-1: config 0 descriptor??
[   90.662783][ T7089] netlink: 68 bytes leftover after parsing attributes in process `syz.3.276'.
[   90.766555][    T8] usb 5-1: USB disconnect, device number 3
[   91.112251][  T834] usb 7-1: new high-speed USB device number 4 using dummy_hcd
[   91.266706][ T7094] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   91.270706][ T7094] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   91.282332][  T834] usb 7-1: unable to get BOS descriptor or descriptor too short
[   91.285887][  T834] usb 7-1: unable to read config index 0 descriptor/start: -71
[   91.288689][  T834] usb 7-1: can't read configurations, error -71
[   91.374716][ T7108] loop6: detected capacity change from 0 to 524287999
[   91.376994][    C3] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[   91.379468][    C3] Buffer I/O error on dev loop6, logical block 0, async page read
[   91.381726][    C3] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[   91.384322][    C3] Buffer I/O error on dev loop6, logical block 0, async page read
[   91.387158][    C3] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[   91.389725][    C3] Buffer I/O error on dev loop6, logical block 0, async page read
[   91.392003][    C3] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[   91.394594][    C3] Buffer I/O error on dev loop6, logical block 0, async page read
[   91.397137][    C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[   91.400323][    C1] Buffer I/O error on dev loop6, logical block 0, async page read
[   91.403225][    C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[   91.406054][    C1] Buffer I/O error on dev loop6, logical block 0, async page read
[   91.409165][    C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[   91.411933][    C1] Buffer I/O error on dev loop6, logical block 0, async page read
[   91.415472][    C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[   91.418885][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[   91.421810][ T7108] ldm_validate_partition_table(): Disk read failed.
[   91.428176][    C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[   91.432463][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[   91.433374][    C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[   91.433389][    C1] Buffer I/O error on dev loop6, logical block 0, async page read
[   91.433555][ T7108] Dev loop6: unable to read RDB block 0
[   91.433933][ T7108]  loop6: unable to read partition table
[   91.434002][ T7108] loop_reread_partitions: partition scan of loop6 (3Ÿ¾x³˜CÖ

) failed (rc=-5)
[   91.705755][ T7116] netlink: 8 bytes leftover after parsing attributes in process `syz.3.284'.
[   91.709011][ T7116] IPVS: Error joining to the multicast group
[   91.894254][ T7126] syz.2.289 (7126): drop_caches: 2
[   93.134545][ T7131] Process accounting paused
[   94.612273][ T1322] usb 7-1: new high-speed USB device number 6 using dummy_hcd
[   94.767666][ T1322] usb 7-1: Using ep0 maxpacket: 16
[   94.772142][ T1322] usb 7-1: config 0 has an invalid interface number: 132 but max is 0
[   94.775385][ T1322] usb 7-1: config 0 has no interface number 0
[   94.779592][ T1322] usb 7-1: New USB device found, idVendor=05ac, idProduct=0291, bcdDevice=43.25
[   94.783548][ T1322] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   94.786846][ T1322] usb 7-1: Product: syz
[   94.788722][ T1322] usb 7-1: Manufacturer: syz
[   94.790796][ T1322] usb 7-1: SerialNumber: syz
[   94.796652][ T1322] usb 7-1: config 0 descriptor??
[   94.800475][ T1322] hub 7-1:0.132: bad descriptor, ignoring hub
[   94.803090][ T1322] hub 7-1:0.132: probe with driver hub failed with error -5
[   94.809382][ T1322] input: bcm5974 as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:0.132/input/input10
[   95.017950][ T7154] netlink: 20 bytes leftover after parsing attributes in process `syz.2.296'.
[   95.020674][ T7154] netlink: 16 bytes leftover after parsing attributes in process `syz.2.296'.
[   95.212528][ T6006] usb 7-1: USB disconnect, device number 6
[   95.591800][ T7185] befs: (loop1): No write support. Marking filesystem read-only
[   95.594485][ T7185] syz.0.306: attempt to access beyond end of device
[   95.594485][ T7185] loop1: rw=0, sector=0, nr_sectors = 2 limit=0
[   95.598828][ T7185] befs: (loop1): unable to read superblock
[   96.382303][ T6006] usb 7-1: new high-speed USB device number 7 using dummy_hcd
[   96.532445][ T6006] usb 7-1: Using ep0 maxpacket: 32
[   96.536759][ T6006] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[   96.538842][ T7213] netlink: 76 bytes leftover after parsing attributes in process `syz.0.313'.
[   96.544418][ T6006] usb 7-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[   96.547839][ T6006] usb 7-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[   96.551145][ T6006] usb 7-1: Product: syz
[   96.553306][ T6006] usb 7-1: Manufacturer: syz
[   96.555387][ T6006] usb 7-1: SerialNumber: syz
[   96.558886][ T6006] usb 7-1: config 0 descriptor??
[   96.562043][ T7208] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[   96.591320][ T7215] netlink: 60 bytes leftover after parsing attributes in process `syz.0.314'.
[   96.596867][ T7215] netlink: 60 bytes leftover after parsing attributes in process `syz.0.314'.
[   96.764680][ T5945] Bluetooth: hci2: command 0x0419 tx timeout
[   96.879911][ T5980] usb 7-1: USB disconnect, device number 7
[   96.975065][ T7227] netlink: 36 bytes leftover after parsing attributes in process `syz.3.316'.
[   96.987499][ T6006] hid-generic 0006:0003:007F.0004: unknown main item tag 0x0
[   96.989831][ T6006] hid-generic 0006:0003:007F.0004: item fetching failed at offset 5/132
[   96.998444][ T6006] hid-generic 0006:0003:007F.0004: probe with driver hid-generic failed with error -22
[   97.241593][ T7230] netlink: 8 bytes leftover after parsing attributes in process `syz.1.317'.
[   97.468767][ T7236] netlink: 'syz.2.320': attribute type 3 has an invalid length.
[   97.472969][ T7236] netlink: 185280 bytes leftover after parsing attributes in process `syz.2.320'.
[   97.522414][   T35] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[   97.528527][ T7242] mmap: syz.2.321 (7242) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[   97.672304][   T35] usb 6-1: Using ep0 maxpacket: 32
[   97.676529][   T35] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[   97.685497][   T35] usb 6-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[   97.688143][   T35] usb 6-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[   97.692432][   T35] usb 6-1: Product: syz
[   97.693792][   T35] usb 6-1: Manufacturer: syz
[   97.695254][   T35] usb 6-1: SerialNumber: syz
[   97.705233][   T35] usb 6-1: config 0 descriptor??
[   97.707694][ T7232] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[   98.068259][ T5980] usb 6-1: USB disconnect, device number 3
[   98.252294][ T6500] usb 8-1: new high-speed USB device number 3 using dummy_hcd
[   98.402253][ T6500] usb 8-1: Using ep0 maxpacket: 16
[   98.405017][ T6500] usb 8-1: config 0 has no interfaces?
[   98.408033][ T6500] usb 8-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00
[   98.410663][ T6500] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   98.413538][ T6500] usb 8-1: Product: syz
[   98.414843][ T6500] usb 8-1: Manufacturer: syz
[   98.416200][ T6500] usb 8-1: SerialNumber: syz
[   98.418791][ T6500] usb 8-1: config 0 descriptor??
[   98.623710][ T6500] usb 8-1: USB disconnect, device number 3
[   98.781539][ T7293] FAULT_INJECTION: forcing a failure.
[   98.781539][ T7293] name failslab, interval 1, probability 0, space 0, times 0
[   98.785416][ T7293] CPU: 1 UID: 0 PID: 7293 Comm: syz.2.334 Not tainted 6.14.0-rc1-syzkaller-00034-g92514ef226f5 #0
[   98.785447][ T7293] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   98.785456][ T7293] Call Trace:
[   98.785461][ T7293]  <TASK>
[   98.785467][ T7293]  dump_stack_lvl+0x16c/0x1f0
[   98.785494][ T7293]  should_fail_ex+0x50a/0x650
[   98.785512][ T7293]  ? fs_reclaim_acquire+0xae/0x150
[   98.785536][ T7293]  should_failslab+0xc2/0x120
[   98.785557][ T7293]  kmem_cache_alloc_noprof+0x6e/0x3b0
[   98.785576][ T7293]  ? getname_flags.part.0+0x4c/0x550
[   98.785600][ T7293]  getname_flags.part.0+0x4c/0x550
[   98.785622][ T7293]  getname+0x8d/0xe0
[   98.785630][ T7293]  __io_openat_prep+0x16b/0x420
[   98.785641][ T7293]  io_submit_sqes+0x850/0x25f0
[   98.785660][ T7293]  __do_sys_io_uring_enter+0xd60/0x1670
[   98.785675][ T7293]  ? __fget_files+0x206/0x3a0
[   98.785685][ T7293]  ? __pfx___do_sys_io_uring_enter+0x10/0x10
[   98.785699][ T7293]  ? fput+0x67/0x440
[   98.785711][ T7293]  ? ksys_write+0x1ba/0x250
[   98.785720][ T7293]  ? __pfx_ksys_write+0x10/0x10
[   98.785733][ T7293]  __do_fast_syscall_32+0x73/0x120
[   98.785743][ T7293]  do_fast_syscall_32+0x32/0x80
[   98.785751][ T7293]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[   98.785767][ T7293] RIP: 0023:0xf7f73579
[   98.785774][ T7293] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[   98.785783][ T7293] RSP: 002b:00000000f505455c EFLAGS: 00000296 ORIG_RAX: 00000000000001aa
[   98.785792][ T7293] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000003516
[   98.785797][ T7293] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   98.785802][ T7293] RBP: 00000000fffffdcf R08: 0000000000000000 R09: 0000000000000000
[   98.785807][ T7293] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[   98.785813][ T7293] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   98.785823][ T7293]  </TASK>
[   99.199591][ T7300] netlink: 24 bytes leftover after parsing attributes in process `syz.3.337'.
[   99.202608][ T7300] pim6reg1: entered promiscuous mode
[   99.204166][ T7300] pim6reg1: entered allmulticast mode
[   99.207090][ T7300] netlink: 24 bytes leftover after parsing attributes in process `syz.3.337'.
[   99.324886][ T7304] nbd: couldn't find device at index 5312884
[  100.206840][ T7323] nfsd: Unknown parameter ']©&:@{(:\'
[  100.276160][ T7326] netlink: 4 bytes leftover after parsing attributes in process `syz.3.346'.
[  100.304578][ T7327] netlink: 'syz.0.345': attribute type 21 has an invalid length.
[  100.604195][ T7348] netlink: 'syz.2.354': attribute type 9 has an invalid length.
[  100.607146][ T7348] netlink: 201392 bytes leftover after parsing attributes in process `syz.2.354'.
[  100.613728][ T7348] netlink: 4 bytes leftover after parsing attributes in process `syz.2.354'.
[  101.261160][ T7372] netlink: 56 bytes leftover after parsing attributes in process `syz.0.361'.
[  101.264759][ T7372] netlink: 'syz.0.361': attribute type 5 has an invalid length.
[  101.270359][ T7372] netlink: 'syz.0.361': attribute type 2 has an invalid length.
[  101.277463][ T7372] Tq€!7: entered promiscuous mode
[  101.331742][ T7381] netlink: 'syz.0.363': attribute type 9 has an invalid length.
[  101.334765][ T7381] netlink: 201392 bytes leftover after parsing attributes in process `syz.0.363'.
[  101.340292][ T7381] netlink: 4 bytes leftover after parsing attributes in process `syz.0.363'.
[  101.633519][ T7390] kernel profiling enabled (shift: 7)
[  101.924462][ T7398] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  102.119991][ T7408] netlink: 'syz.1.373': attribute type 10 has an invalid length.
[  102.137715][ T7408] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  102.180486][ T7410] =======================================================
[  102.180486][ T7410] WARNING: The mand mount option has been deprecated and
[  102.180486][ T7410]          and is ignored by this kernel. Remove the mand
[  102.180486][ T7410]          option from the mount to silence this warning.
[  102.180486][ T7410] =======================================================
[  102.193822][ T7410] FAULT_INJECTION: forcing a failure.
[  102.193822][ T7410] name failslab, interval 1, probability 0, space 0, times 0
[  102.198445][ T7410] CPU: 3 UID: 0 PID: 7410 Comm: syz.1.374 Not tainted 6.14.0-rc1-syzkaller-00034-g92514ef226f5 #0
[  102.198458][ T7410] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  102.198463][ T7410] Call Trace:
[  102.198466][ T7410]  <TASK>
[  102.198469][ T7410]  dump_stack_lvl+0x16c/0x1f0
[  102.198502][ T7410]  should_fail_ex+0x50a/0x650
[  102.198525][ T7410]  ? fs_reclaim_acquire+0xae/0x150
[  102.198541][ T7410]  ? ocfs2_cluster_connect+0xd7/0x590
[  102.198550][ T7410]  should_failslab+0xc2/0x120
[  102.198562][ T7410]  __kmalloc_cache_noprof+0x68/0x420
[  102.198576][ T7410]  ocfs2_cluster_connect+0xd7/0x590
[  102.198585][ T7410]  ? __pfx_user_dlm_recovery_handler_noop+0x10/0x10
[  102.198597][ T7410]  ocfs2_cluster_connect_agnostic+0x74/0x90
[  102.198606][ T7410]  ? __pfx_user_dlm_recovery_handler_noop+0x10/0x10
[  102.198620][ T7410]  user_dlm_register+0xe0/0x220
[  102.198632][ T7410]  ? __pfx_user_dlm_register+0x10/0x10
[  102.198644][ T7410]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  102.198657][ T7410]  ? inc_nlink+0x4a/0x170
[  102.198667][ T7410]  ? dlmfs_get_inode+0x1e7/0x2e0
[  102.198698][ T7410]  ? make_vfsgid+0xf2/0x140
[  102.198713][ T7410]  dlmfs_mkdir+0xe0/0x300
[  102.198725][ T7410]  ? __pfx_dlmfs_mkdir+0x10/0x10
[  102.198737][ T7410]  ? bpf_lsm_inode_permission+0x9/0x10
[  102.198747][ T7410]  ? security_inode_permission+0xbf/0x260
[  102.198758][ T7410]  ? inode_permission+0xdd/0x5f0
[  102.198773][ T7410]  vfs_mkdir+0x57d/0x860
[  102.198788][ T7410]  do_mkdirat+0x301/0x3a0
[  102.198799][ T7410]  ? __pfx_do_mkdirat+0x10/0x10
[  102.198809][ T7410]  ? getname_flags.part.0+0x1c5/0x550
[  102.198824][ T7410]  __ia32_sys_mkdir+0x61/0x80
[  102.198835][ T7410]  __do_fast_syscall_32+0x73/0x120
[  102.198845][ T7410]  do_fast_syscall_32+0x32/0x80
[  102.198853][ T7410]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  102.198869][ T7410] RIP: 0023:0xf749e579
[  102.198876][ T7410] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  102.198885][ T7410] RSP: 002b:00000000f512655c EFLAGS: 00000296 ORIG_RAX: 0000000000000027
[  102.198894][ T7410] RAX: ffffffffffffffda RBX: 0000000080000140 RCX: 0000000000000000
[  102.198899][ T7410] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  102.198904][ T7410] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  102.198908][ T7410] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  102.198913][ T7410] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  102.198924][ T7410]  </TASK>
[  102.277064][ T7410] (syz.1.374,7410,3):user_dlm_register:674 ERROR: status = -12
[  102.279520][ T7410] (syz.1.374,7410,3):dlmfs_mkdir:437 ERROR: Error -12 could not register domain "file0"
[  102.310634][ T7413] netlink: 'syz.1.375': attribute type 30 has an invalid length.
[  102.483693][ T7422] FAULT_INJECTION: forcing a failure.
[  102.483693][ T7422] name failslab, interval 1, probability 0, space 0, times 0
[  102.487479][ T7422] CPU: 0 UID: 0 PID: 7422 Comm: syz.3.378 Not tainted 6.14.0-rc1-syzkaller-00034-g92514ef226f5 #0
[  102.487492][ T7422] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  102.487498][ T7422] Call Trace:
[  102.487501][ T7422]  <TASK>
[  102.487505][ T7422]  dump_stack_lvl+0x16c/0x1f0
[  102.487524][ T7422]  should_fail_ex+0x50a/0x650
[  102.487537][ T7422]  should_failslab+0xc2/0x120
[  102.487550][ T7422]  kmem_cache_alloc_noprof+0x6e/0x3b0
[  102.487561][ T7422]  ? trace_lock_acquire+0x14e/0x1f0
[  102.487571][ T7422]  ? skb_clone+0x190/0x3f0
[  102.487583][ T7422]  skb_clone+0x190/0x3f0
[  102.487593][ T7422]  dev_queue_xmit_nit+0x38f/0xbc0
[  102.487607][ T7422]  dev_hard_start_xmit+0x283/0x7b0
[  102.487624][ T7422]  __dev_queue_xmit+0x7f0/0x43e0
[  102.487642][ T7422]  ? __pfx___dev_queue_xmit+0x10/0x10
[  102.487663][ T7422]  ? rcu_is_watching+0x12/0xc0
[  102.487678][ T7422]  ? trace_kmem_cache_alloc+0x2d/0xd0
[  102.487692][ T7422]  ? kmem_cache_alloc_noprof+0x21b/0x3b0
[  102.487712][ T7422]  ? __copy_skb_header+0x2e8/0x5b0
[  102.487729][ T7422]  ? __skb_clone+0x570/0x760
[  102.487750][ T7422]  netlink_deliver_tap+0xa61/0xca0
[  102.487767][ T7422]  netlink_unicast+0x5e1/0x7f0
[  102.487781][ T7422]  ? __pfx_netlink_unicast+0x10/0x10
[  102.487795][ T7422]  ? __phys_addr_symbol+0x30/0x80
[  102.487810][ T7422]  ? __check_object_size+0x488/0x710
[  102.487825][ T7422]  netlink_sendmsg+0x8b8/0xd70
[  102.487840][ T7422]  ? __pfx_netlink_sendmsg+0x10/0x10
[  102.487858][ T7422]  __sys_sendto+0x488/0x4f0
[  102.487874][ T7422]  ? __pfx___sys_sendto+0x10/0x10
[  102.487892][ T7422]  ? __might_fault+0x13b/0x190
[  102.487913][ T7422]  __do_compat_sys_socketcall+0x5e2/0x700
[  102.487926][ T7422]  ? __fget_files+0x206/0x3a0
[  102.487937][ T7422]  ? __pfx___do_compat_sys_socketcall+0x10/0x10
[  102.487950][ T7422]  ? fput+0x67/0x440
[  102.487968][ T7422]  __do_fast_syscall_32+0x73/0x120
[  102.487978][ T7422]  do_fast_syscall_32+0x32/0x80
[  102.487987][ T7422]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  102.488002][ T7422] RIP: 0023:0xf7f58579
[  102.488010][ T7422] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  102.488018][ T7422] RSP: 002b:00000000f5075430 EFLAGS: 00000293 ORIG_RAX: 0000000000000066
[  102.488027][ T7422] RAX: ffffffffffffffda RBX: 000000000000000b RCX: 00000000f5075444
[  102.488032][ T7422] RDX: 0000000000000000 RSI: 00000000f5075560 RDI: 00000000f73dcff4
[  102.488037][ T7422] RBP: 00000000f5075560 R08: 0000000000000000 R09: 0000000000000000
[  102.488042][ T7422] R10: 0000000000000000 R11: 0000000000000286 R12: 0000000000000000
[  102.488047][ T7422] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  102.488058][ T7422]  </TASK>
[  102.692339][ T6500] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  102.717933][ T7424] netlink: 'syz.3.379': attribute type 21 has an invalid length.
[  102.720222][ T7424] netlink: 'syz.3.379': attribute type 1 has an invalid length.
[  102.852298][ T6500] usb 6-1: Using ep0 maxpacket: 8
[  102.858587][ T6500] usb 6-1: config index 0 descriptor too short (expected 301, got 45)
[  102.861029][ T6500] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  102.864509][ T6500] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  102.867406][ T6500] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  102.870335][ T6500] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  102.874351][ T6500] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  102.877092][ T6500] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  103.084809][ T6500] usb 6-1: usb_control_msg returned -32
[  103.086500][ T6500] usbtmc 6-1:16.0: can't read capabilities
[  103.681576][ T7442] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  103.748210][ T7442] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98
[  103.872287][  T835] usb 7-1: new high-speed USB device number 8 using dummy_hcd
[  104.033486][  T835] usb 7-1: config 1 interface 0 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 32
[  104.036562][  T835] usb 7-1: config 1 interface 0 altsetting 2 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  104.041525][  T835] usb 7-1: config 1 interface 0 has no altsetting 0
[  104.047728][  T835] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  104.051490][  T835] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  104.054255][  T835] usb 7-1: Product: syz
[  104.055606][  T835] usb 7-1: Manufacturer: syz
[  104.056989][  T835] usb 7-1: SerialNumber: syz
[  104.060349][ T7441] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  104.063324][ T7441] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  104.273075][ T7441] netlink: 8 bytes leftover after parsing attributes in process `syz.2.383'.
[  104.306289][ T7449] block device autoloading is deprecated and will be removed.
[  104.343597][ T7446] FAULT_INJECTION: forcing a failure.
[  104.343597][ T7446] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  104.348748][ T7446] CPU: 2 UID: 0 PID: 7446 Comm: syz.3.384 Not tainted 6.14.0-rc1-syzkaller-00034-g92514ef226f5 #0
[  104.348762][ T7446] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  104.348768][ T7446] Call Trace:
[  104.348772][ T7446]  <TASK>
[  104.348775][ T7446]  dump_stack_lvl+0x16c/0x1f0
[  104.348800][ T7446]  should_fail_ex+0x50a/0x650
[  104.348815][ T7446]  _copy_from_user+0x2e/0xd0
[  104.348828][ T7446]  md_ioctl+0x25cd/0x42c0
[  104.348840][ T7446]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  104.348854][ T7446]  ? __pfx_md_ioctl+0x10/0x10
[  104.348869][ T7446]  ? __pfx_lock_release+0x10/0x10
[  104.348880][ T7446]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  104.348895][ T7446]  ? __pfx_md_compat_ioctl+0x10/0x10
[  104.348904][ T7446]  compat_blkdev_ioctl+0x2f7/0x750
[  104.348919][ T7446]  ? __pfx_compat_blkdev_ioctl+0x10/0x10
[  104.348931][ T7446]  ? __fget_files+0x206/0x3a0
[  104.348943][ T7446]  ? __pfx_compat_blkdev_ioctl+0x10/0x10
[  104.348956][ T7446]  __do_compat_sys_ioctl+0x1cb/0x2c0
[  104.348971][ T7446]  __do_fast_syscall_32+0x73/0x120
[  104.348981][ T7446]  do_fast_syscall_32+0x32/0x80
[  104.348989][ T7446]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  104.349005][ T7446] RIP: 0023:0xf7f58579
[  104.349012][ T7446] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  104.349021][ T7446] RSP: 002b:00000000f507655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  104.349030][ T7446] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000040140921
[  104.349035][ T7446] RDX: 0000000000000008 RSI: 0000000000000000 RDI: 0000000000000000
[  104.349040][ T7446] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  104.349045][ T7446] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  104.349050][ T7446] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  104.349061][ T7446]  </TASK>
[  104.441720][   T39] audit: type=1804 audit(1738809585.129:42): pid=7452 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.386" name="/newroot/100/file0" dev="tmpfs" ino=545 res=1 errno=0
[  104.451941][ T7450] block device autoloading is deprecated and will be removed.
[  104.670741][ T7459] netlink: 'syz.3.390': attribute type 21 has an invalid length.
[  104.684164][ T7459] netlink: 'syz.3.390': attribute type 1 has an invalid length.
[  104.891229][ T7466] kvm: emulating exchange as write
[  105.402082][ T6006] usb 6-1: USB disconnect, device number 4
[  105.515519][ T7476] netlink: 4 bytes leftover after parsing attributes in process `syz.1.395'.
[  105.520495][ T7476] netlink: 12 bytes leftover after parsing attributes in process `syz.1.395'.
[  105.687096][ T7478] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(7)
[  105.689148][ T7478] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  105.692356][ T7478] vhci_hcd vhci_hcd.0: Device attached
[  105.696250][ T7480] vhci_hcd: connection closed
[  105.697005][   T45] vhci_hcd: stop threads
[  105.701423][   T45] vhci_hcd: release socket
[  105.703876][   T45] vhci_hcd: disconnect device
[  105.750054][ T7483] infiniband syz0: set active
[  105.751638][ T7483] infiniband syz0: added bond0
[  105.768429][ T7485] PKCS7: Unknown OID: [5] 0.0.0.0.0.0.0
[  105.770164][ T7485] PKCS7: Only support pkcs7_signedData type
[  105.776776][ T7483] RDS/IB: syz0: added
[  105.779169][ T7483] smc: adding ib device syz0 with port count 1
[  105.781681][ T7483] smc:    ib device syz0 port 1 has pnetid 
[  106.224561][ T7488] ata1.00: invalid multi_count 1 ignored
[  106.276377][ T7489] overlayfs: missing 'lowerdir'
[  106.638039][  T835] cdc_ether 7-1:1.0: probe with driver cdc_ether failed with error -22
[  106.652384][  T835] usb 7-1: USB disconnect, device number 8
[  107.016564][ T7493] Set syz1 is full, maxelem 65536 reached
[  107.453788][ T7521] netlink: 'syz.1.409': attribute type 21 has an invalid length.
[  107.456128][ T7521] netlink: 'syz.1.409': attribute type 1 has an invalid length.
[  107.840259][ T7537] FAULT_INJECTION: forcing a failure.
[  107.840259][ T7537] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  107.840277][ T7537] CPU: 3 UID: 0 PID: 7537 Comm: syz.1.415 Not tainted 6.14.0-rc1-syzkaller-00034-g92514ef226f5 #0
[  107.840288][ T7537] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  107.840293][ T7537] Call Trace:
[  107.840296][ T7537]  <TASK>
[  107.840300][ T7537]  dump_stack_lvl+0x16c/0x1f0
[  107.840318][ T7537]  should_fail_ex+0x50a/0x650
[  107.840332][ T7537]  _copy_from_iter+0x29b/0x1400
[  107.840346][ T7537]  ? trace_lock_acquire+0x14e/0x1f0
[  107.840357][ T7537]  ? __alloc_skb+0x200/0x380
[  107.840367][ T7537]  ? __pfx__copy_from_iter+0x10/0x10
[  107.840379][ T7537]  ? __virt_addr_valid+0x1a4/0x590
[  107.840390][ T7537]  ? __virt_addr_valid+0x5e/0x590
[  107.840398][ T7537]  ? __phys_addr_symbol+0x30/0x80
[  107.840412][ T7537]  ? __check_object_size+0x488/0x710
[  107.840426][ T7537]  netlink_sendmsg+0x813/0xd70
[  107.840442][ T7537]  ? __pfx_netlink_sendmsg+0x10/0x10
[  107.840459][ T7537]  ____sys_sendmsg+0x9ae/0xb40
[  107.840473][ T7537]  ? __pfx_____sys_sendmsg+0x10/0x10
[  107.840485][ T7537]  ? get_compat_msghdr+0x11b/0x170
[  107.840502][ T7537]  ___sys_sendmsg+0x135/0x1e0
[  107.840512][ T7537]  ? __pfx____sys_sendmsg+0x10/0x10
[  107.840526][ T7537]  ? __pfx_lock_release+0x10/0x10
[  107.840537][ T7537]  ? trace_lock_acquire+0x14e/0x1f0
[  107.840550][ T7537]  ? __fget_files+0x206/0x3a0
[  107.840569][ T7537]  __sys_sendmsg+0x16e/0x220
[  107.840583][ T7537]  ? __pfx___sys_sendmsg+0x10/0x10
[  107.840600][ T7537]  __do_fast_syscall_32+0x73/0x120
[  107.840609][ T7537]  do_fast_syscall_32+0x32/0x80
[  107.840618][ T7537]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  107.840634][ T7537] RIP: 0023:0xf749e579
[  107.840641][ T7537] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  107.840650][ T7537] RSP: 002b:00000000f512655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  107.840659][ T7537] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000000
[  107.840664][ T7537] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  107.840669][ T7537] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  107.840674][ T7537] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  107.840679][ T7537] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  107.840689][ T7537]  </TASK>
[  108.574199][ T7559] netlink: 4 bytes leftover after parsing attributes in process `syz.2.420'.
[  108.676955][ T7568] netlink: 8 bytes leftover after parsing attributes in process `syz.2.423'.
[  109.064735][ T5981] hid-generic 0000:0000:0000.0005: item fetching failed at offset 0/1
[  109.080935][ T5981] hid-generic 0000:0000:0000.0005: probe with driver hid-generic failed with error -22
[  109.773268][ T7589] netlink: 'syz.0.428': attribute type 9 has an invalid length.
[  109.776186][ T7589] netlink: 201392 bytes leftover after parsing attributes in process `syz.0.428'.
[  109.788391][ T7589] netlink: 4 bytes leftover after parsing attributes in process `syz.0.428'.
[  110.103254][ T7600] netlink: 'syz.1.433': attribute type 21 has an invalid length.
[  110.105575][ T7600] netlink: 'syz.1.433': attribute type 1 has an invalid length.
[  110.402349][ T6006] usb 8-1: new high-speed USB device number 4 using dummy_hcd
[  110.564158][ T6006] usb 8-1: Using ep0 maxpacket: 32
[  110.567611][ T6006] usb 8-1: config index 0 descriptor too short (expected 29220, got 36)
[  110.570074][ T6006] usb 8-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  110.572973][ T6006] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 81
[  110.575885][ T6006] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  110.578633][ T6006] usb 8-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  110.581341][ T6006] usb 8-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  110.587310][ T6006] usb 8-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  110.589955][ T6006] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  110.593614][ T6006] usb 8-1: config 0 descriptor??
[  110.767014][ T7611] netlink: 'syz.1.436': attribute type 21 has an invalid length.
[  110.769331][ T7611] netlink: 'syz.1.436': attribute type 1 has an invalid length.
[  110.800537][ T6006] usblp 8-1:0.0: usblp0: USB Bidirectional printer dev 4 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  110.877504][ T7614] netlink: 32 bytes leftover after parsing attributes in process `syz.0.437'.
[  111.006340][    C1] usblp0: nonzero read bulk status received: -71
[  111.008687][ T6006] usb 8-1: USB disconnect, device number 4
[  111.182277][ T6500] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  111.213437][ T7605] usblp0: removed
[  111.332220][ T6500] usb 5-1: Using ep0 maxpacket: 32
[  111.340564][ T6500] usb 5-1: config index 0 descriptor too short (expected 29220, got 36)
[  111.355438][ T6500] usb 5-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  111.364898][ T6500] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 81
[  111.375387][ T6500] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  111.381409][ T6500] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  111.384578][ T6500] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  111.388561][ T6500] usb 5-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  111.392247][ T6500] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  111.405014][ T6500] usb 5-1: config 0 descriptor??
[  111.479992][ T7608] Set syz1 is full, maxelem 65536 reached
[  111.626073][ T6500] usblp 5-1:0.0: usblp0: USB Bidirectional printer dev 4 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  111.780288][ T7626] netlink: 8 bytes leftover after parsing attributes in process `syz.2.442'.
[  111.792030][ T7626] netlink: 'syz.2.442': attribute type 30 has an invalid length.
[  111.795804][ T7626] netlink: 12 bytes leftover after parsing attributes in process `syz.2.442'.
[  111.801104][ T7626] netlink: 'syz.2.442': attribute type 11 has an invalid length.
[  111.803915][ T7626] netlink: 224 bytes leftover after parsing attributes in process `syz.2.442'.
[  111.833259][    C0] usblp0: nonzero read bulk status received: -71
[  111.835527][ T5981] usb 5-1: USB disconnect, device number 4
[  111.867896][ T7630] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(3)
[  111.869801][ T7630] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  111.874894][ T7630] vhci_hcd vhci_hcd.0: Device attached
[  112.035954][ T7616] usblp0: removed
[  112.198825][  T835] usb 43-1: new low-speed USB device number 2 using vhci_hcd
[  112.672485][ T7643] MTD: Attempt to mount non-MTD device "/dev/sr0"
[  112.692305][ T7631] vhci_hcd: connection reset by peer
[  112.695476][ T1170] vhci_hcd: stop threads
[  112.696744][ T1170] vhci_hcd: release socket
[  112.699438][ T1170] vhci_hcd: disconnect device
[  112.753844][ T7643] /dev/sr0: Can't open blockdev
[  112.791881][ T7643] xt_CT: You must specify a L4 protocol and not use inversions on it
[  112.795039][ T7645] netlink: 'syz.0.447': attribute type 21 has an invalid length.
[  112.797331][ T7645] netlink: 'syz.0.447': attribute type 1 has an invalid length.
[  112.873853][ T7646] /dev/sr0: Can't open blockdev
[  113.656730][ T7671] block nbd1: shutting down sockets
[  113.719845][ T7673] netlink: 'syz.1.456': attribute type 4 has an invalid length.
[  114.433324][ T7695] openvswitch: netlink: Unexpected mask (mask=c0, allowed=10048)
[  114.437273][ T7695] netlink: 8 bytes leftover after parsing attributes in process `syz.0.465'.
[  114.440410][ T7695] IPv6: NLM_F_CREATE should be specified when creating new route
[  114.550585][ T7705] netlink: 120 bytes leftover after parsing attributes in process `syz.2.466'.
[  114.744230][ T7711] FAULT_INJECTION: forcing a failure.
[  114.744230][ T7711] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  114.748422][ T7711] CPU: 0 UID: 0 PID: 7711 Comm: syz.1.470 Not tainted 6.14.0-rc1-syzkaller-00034-g92514ef226f5 #0
[  114.748435][ T7711] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  114.748440][ T7711] Call Trace:
[  114.748444][ T7711]  <TASK>
[  114.748448][ T7711]  dump_stack_lvl+0x16c/0x1f0
[  114.748467][ T7711]  should_fail_ex+0x50a/0x650
[  114.748481][ T7711]  _copy_to_user+0x32/0xd0
[  114.748508][ T7711]  simple_read_from_buffer+0xd0/0x160
[  114.748524][ T7711]  proc_fail_nth_read+0x198/0x270
[  114.748539][ T7711]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  114.748554][ T7711]  ? rw_verify_area+0xcf/0x680
[  114.748568][ T7711]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  114.748582][ T7711]  vfs_read+0x1df/0xbf0
[  114.748591][ T7711]  ? __fget_files+0x1fc/0x3a0
[  114.748601][ T7711]  ? __pfx___mutex_lock+0x10/0x10
[  114.748616][ T7711]  ? __pfx_vfs_read+0x10/0x10
[  114.748628][ T7711]  ? __fget_files+0x206/0x3a0
[  114.748641][ T7711]  ksys_read+0x12b/0x250
[  114.748650][ T7711]  ? __pfx_ksys_read+0x10/0x10
[  114.748662][ T7711]  __do_fast_syscall_32+0x73/0x120
[  114.748672][ T7711]  do_fast_syscall_32+0x32/0x80
[  114.748681][ T7711]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  114.748697][ T7711] RIP: 0023:0xf749e579
[  114.748704][ T7711] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  114.748713][ T7711] RSP: 002b:00000000f5126590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  114.748722][ T7711] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000f5126620
[  114.748727][ T7711] RDX: 000000000000000f RSI: 00000000f748cff4 RDI: 0000000000000000
[  114.748732][ T7711] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  114.748737][ T7711] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  114.748742][ T7711] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  114.748752][ T7711]  </TASK>
[  114.818917][ T6500] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  114.972556][ T6500] usb 5-1: Using ep0 maxpacket: 8
[  114.979333][ T6500] usb 5-1: config index 0 descriptor too short (expected 301, got 45)
[  114.982782][ T6500] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  114.986115][ T6500] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  114.989798][ T6500] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  114.993602][ T6500] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  114.998517][ T6500] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  115.001536][ T6500] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  115.409741][ T6500] usb 5-1: usb_control_msg returned -32
[  115.422203][ T6500] usbtmc 5-1:16.0: can't read capabilities
[  116.186569][   T25] usb 5-1: USB disconnect, device number 5
[  116.522231][ T1464] usb 7-1: new high-speed USB device number 9 using dummy_hcd
[  116.653668][ T7742] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(9)
[  116.656156][ T7742] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  116.660697][ T7742] vhci_hcd vhci_hcd.0: Device attached
[  116.675413][ T7742] can0: slcan on pts0.
[  116.692452][ T1464] usb 7-1: Using ep0 maxpacket: 32
[  116.696592][ T1464] usb 7-1: config 1 interface 0 altsetting 3 bulk endpoint 0x1 has invalid maxpacket 1023
[  116.700548][ T1464] usb 7-1: config 1 interface 0 has no altsetting 0
[  116.704974][ T1464] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  116.708313][ T1464] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  116.722235][ T1464] usb 7-1: Product: syz
[  116.724274][ T1464] usb 7-1: Manufacturer: syz
[  116.726559][ T1464] usb 7-1: SerialNumber: syz
[  116.732681][ T7733] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  116.742955][ T7742] can0 (unregistered): slcan off pts0.
[  116.792248][   T39] audit: type=1326 audit(1738809597.479:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7740 comm="syz.3.480" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f58579 code=0x7fc00000
[  116.798409][   T39] audit: type=1326 audit(1738809597.479:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7740 comm="syz.3.480" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f58579 code=0x7fc00000
[  116.804492][ T7743] vhci_hcd: connection closed
[  116.804714][   T39] audit: type=1326 audit(1738809597.479:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7740 comm="syz.3.480" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f58579 code=0x7fc00000
[  116.808206][   T45] vhci_hcd: stop threads
[  116.816807][   T39] audit: type=1326 audit(1738809597.479:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7740 comm="syz.3.480" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f58579 code=0x7fc00000
[  116.816844][   T45] vhci_hcd: release socket
[  116.824702][   T39] audit: type=1326 audit(1738809597.479:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7740 comm="syz.3.480" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f58579 code=0x7fc00000
[  116.826269][   T45] vhci_hcd: disconnect device
[  116.831974][   T39] audit: type=1326 audit(1738809597.479:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7740 comm="syz.3.480" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f58579 code=0x7fc00000
[  116.840019][   T39] audit: type=1326 audit(1738809597.479:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7740 comm="syz.3.480" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f58579 code=0x7fc00000
[  116.847466][   T39] audit: type=1326 audit(1738809597.479:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7740 comm="syz.3.480" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f58579 code=0x7fc00000
[  116.854033][   T39] audit: type=1326 audit(1738809597.479:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7740 comm="syz.3.480" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f58579 code=0x7fc00000
[  116.861101][   T39] audit: type=1326 audit(1738809597.479:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7740 comm="syz.3.480" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f58579 code=0x7fc00000
[  116.958940][ T1464] usb 7-1: USB disconnect, device number 9
[  117.322333][  T835] vhci_hcd: vhci_device speed not set
[  117.459417][ T7763] syzkaller1: entered promiscuous mode
[  117.462285][ T7763] syzkaller1: entered allmulticast mode
[  117.608619][ T7770] netlink: 4 bytes leftover after parsing attributes in process `syz.3.489'.
[  117.613043][ T7772] netlink: 'syz.2.490': attribute type 9 has an invalid length.
[  117.617749][ T7772] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.490'.
[  117.623377][ T7772] netlink: 4 bytes leftover after parsing attributes in process `syz.2.490'.
[  117.668951][ T7774] vivid-005: disconnect
[  117.672846][ T7773] vivid-005: reconnect
[  117.743497][ T7782] netlink: 'syz.2.495': attribute type 7 has an invalid length.
[  117.746150][ T7782] netlink: 8 bytes leftover after parsing attributes in process `syz.2.495'.
[  117.774578][ T7776] FAULT_INJECTION: forcing a failure.
[  117.774578][ T7776] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  117.778409][ T7776] CPU: 1 UID: 0 PID: 7776 Comm: syz.3.491 Not tainted 6.14.0-rc1-syzkaller-00034-g92514ef226f5 #0
[  117.778422][ T7776] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  117.778427][ T7776] Call Trace:
[  117.778430][ T7776]  <TASK>
[  117.778434][ T7776]  dump_stack_lvl+0x16c/0x1f0
[  117.778452][ T7776]  should_fail_ex+0x50a/0x650
[  117.778466][ T7776]  _copy_from_iter+0x29b/0x1400
[  117.778480][ T7776]  ? trace_lock_acquire+0x14e/0x1f0
[  117.778490][ T7776]  ? __alloc_skb+0x200/0x380
[  117.778499][ T7776]  ? __pfx__copy_from_iter+0x10/0x10
[  117.778512][ T7776]  ? __virt_addr_valid+0x1a4/0x590
[  117.778522][ T7776]  ? __virt_addr_valid+0x5e/0x590
[  117.778530][ T7776]  ? __phys_addr_symbol+0x30/0x80
[  117.778544][ T7776]  ? __check_object_size+0x488/0x710
[  117.778558][ T7776]  netlink_sendmsg+0x813/0xd70
[  117.778574][ T7776]  ? __pfx_netlink_sendmsg+0x10/0x10
[  117.778591][ T7776]  ____sys_sendmsg+0x9ae/0xb40
[  117.778604][ T7776]  ? __pfx_____sys_sendmsg+0x10/0x10
[  117.778616][ T7776]  ? get_compat_msghdr+0x11b/0x170
[  117.778634][ T7776]  ___sys_sendmsg+0x135/0x1e0
[  117.778649][ T7776]  ? __pfx____sys_sendmsg+0x10/0x10
[  117.778663][ T7776]  ? __pfx_lock_release+0x10/0x10
[  117.778674][ T7776]  ? trace_lock_acquire+0x14e/0x1f0
[  117.778686][ T7776]  ? __fget_files+0x206/0x3a0
[  117.778702][ T7776]  __sys_sendmsg+0x16e/0x220
[  117.778718][ T7776]  ? __pfx___sys_sendmsg+0x10/0x10
[  117.778745][ T7776]  __do_fast_syscall_32+0x73/0x120
[  117.778761][ T7776]  do_fast_syscall_32+0x32/0x80
[  117.778775][ T7776]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  117.778797][ T7776] RIP: 0023:0xf7f58579
[  117.778809][ T7776] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  117.778822][ T7776] RSP: 002b:00000000f507655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  117.778837][ T7776] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 00000000800002c0
[  117.778847][ T7776] RDX: 0000000004000080 RSI: 0000000000000000 RDI: 0000000000000000
[  117.778855][ T7776] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  117.778863][ T7776] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  117.778872][ T7776] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  117.778891][ T7776]  </TASK>
[  117.839407][ T7790] netlink: 8 bytes leftover after parsing attributes in process `syz.0.498'.
[  117.865697][ T7790] netlink: 68 bytes leftover after parsing attributes in process `syz.0.498'.
[  118.136215][ T7816] netlink: 12 bytes leftover after parsing attributes in process `syz.3.505'.
[  118.947140][ T7840] netlink: 1264 bytes leftover after parsing attributes in process `syz.3.514'.
[  118.985528][ T7842] FAULT_INJECTION: forcing a failure.
[  118.985528][ T7842] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  118.989325][ T7842] CPU: 3 UID: 0 PID: 7842 Comm: syz.3.515 Not tainted 6.14.0-rc1-syzkaller-00034-g92514ef226f5 #0
[  118.989337][ T7842] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  118.989343][ T7842] Call Trace:
[  118.989346][ T7842]  <TASK>
[  118.989350][ T7842]  dump_stack_lvl+0x16c/0x1f0
[  118.989369][ T7842]  should_fail_ex+0x50a/0x650
[  118.989383][ T7842]  _copy_from_user+0x2e/0xd0
[  118.989397][ T7842]  kstrtouint_from_user+0xd7/0x1c0
[  118.989407][ T7842]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  118.989420][ T7842]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  118.989434][ T7842]  proc_fail_nth_write+0x84/0x250
[  118.989449][ T7842]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  118.989462][ T7842]  ? ksys_write+0x12b/0x250
[  118.989474][ T7842]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  118.989487][ T7842]  vfs_write+0x24c/0x1150
[  118.989496][ T7842]  ? __fget_files+0x1fc/0x3a0
[  118.989507][ T7842]  ? __pfx___mutex_lock+0x10/0x10
[  118.989521][ T7842]  ? __pfx_vfs_write+0x10/0x10
[  118.989534][ T7842]  ? __fget_files+0x206/0x3a0
[  118.989547][ T7842]  ksys_write+0x12b/0x250
[  118.989556][ T7842]  ? __pfx_ksys_write+0x10/0x10
[  118.989568][ T7842]  __do_fast_syscall_32+0x73/0x120
[  118.989578][ T7842]  do_fast_syscall_32+0x32/0x80
[  118.989587][ T7842]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  118.989602][ T7842] RIP: 0023:0xf7f58579
[  118.989609][ T7842] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  118.989623][ T7842] RSP: 002b:00000000f5076590 EFLAGS: 00000293 ORIG_RAX: 0000000000000004
[  118.989632][ T7842] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000f5076620
[  118.989637][ T7842] RDX: 0000000000000001 RSI: 00000000f73dcff4 RDI: 0000000000000000
[  118.989642][ T7842] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000
[  118.989647][ T7842] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  118.989652][ T7842] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  118.989663][ T7842]  </TASK>
[  119.020296][ T7844] netlink: 8 bytes leftover after parsing attributes in process `syz.2.513'.
[  119.060206][ T7846] netlink: 96 bytes leftover after parsing attributes in process `syz.3.516'.
[  119.230656][ T7854] input: syz1 as /devices/virtual/input/input12
[  119.696719][ T1322] IPVS: starting estimator thread 0...
[  119.792483][ T7863] IPVS: using max 40 ests per chain, 96000 per kthread
[  121.043666][ T7897] syzkaller1: entered promiscuous mode
[  121.045320][ T7897] syzkaller1: entered allmulticast mode
[  121.062711][ T7899] netlink: 'syz.0.532': attribute type 4 has an invalid length.
[  121.109466][ T7901] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(7)
[  121.111406][ T7901] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  121.117032][ T7901] vhci_hcd vhci_hcd.0: Device attached
[  121.121544][ T7903] vhci_hcd: connection closed
[  121.123921][ T1064] vhci_hcd: stop threads
[  121.126544][ T1064] vhci_hcd: release socket
[  121.128397][ T1064] vhci_hcd: disconnect device
[  121.276452][ T7920] netlink: 'syz.3.536': attribute type 30 has an invalid length.
[  121.412333][  T835] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  121.448574][ T7929] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  121.545235][ T7929] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  121.574032][  T835] usb 5-1: Using ep0 maxpacket: 8
[  121.582897][  T835] usb 5-1: config 0 has an invalid interface number: 55 but max is 0
[  121.585803][  T835] usb 5-1: config 0 has no interface number 0
[  121.588127][  T835] usb 5-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  121.592028][  T835] usb 5-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  121.611576][  T835] usb 5-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  121.613921][ T7929] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  121.616645][  T835] usb 5-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  121.625782][  T835] usb 5-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  121.629126][  T835] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  121.638038][  T835] usb 5-1: config 0 descriptor??
[  121.645743][  T835] ldusb 5-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  121.674494][ T7929] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  121.680880][ T7944] netlink: 'syz.1.542': attribute type 7 has an invalid length.
[  121.764013][ T7929] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  121.771684][ T7929] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  121.778412][ T7929] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  121.784504][ T7929] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  121.858292][ T5999] usb 5-1: USB disconnect, device number 6
[  121.862647][ T5999] ldusb 5-1:0.55: LD USB Device #0 now disconnected
[  121.976298][ T7968] lo speed is unknown, defaulting to 1000
[  121.978913][ T7968] lo speed is unknown, defaulting to 1000
[  121.980811][ T7968] lo speed is unknown, defaulting to 1000
[  121.987026][ T7968] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[  122.000638][ T7968] lo speed is unknown, defaulting to 1000
[  122.009163][ T7968] lo speed is unknown, defaulting to 1000
[  122.011366][ T7968] lo speed is unknown, defaulting to 1000
[  122.015999][ T7968] lo speed is unknown, defaulting to 1000
[  122.452380][ T1464] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  122.600433][   T39] kauditd_printk_skb: 6303 callbacks suppressed
[  122.600444][   T39] audit: type=1326 audit(1738809603.289:6356): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7991 comm="syz.2.554" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f73579 code=0x0
[  122.624780][ T1464] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  122.630505][ T1464] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  122.638783][ T1464] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  122.780393][ T1464] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  122.786682][ T7958] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  122.794254][ T1464] usb 6-1: Quirk or no altset; falling back to MIDI 1.0
[  123.081178][ T1464] usb 6-1: USB disconnect, device number 5
[  123.411148][ T7993] Process accounting resumed
[  123.423760][ T7027] udevd[7027]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb6/6-1/6-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  123.531537][ T8009] __nla_validate_parse: 3 callbacks suppressed
[  123.531547][ T8009] netlink: 12 bytes leftover after parsing attributes in process `syz.0.560'.
[  123.547548][ T8009] 8021q: adding VLAN 0 to HW filter on device bond1
[  123.554731][ T8009] 9pnet_fd: Insufficient options for proto=fd
[  123.580217][ T8014] netlink: 'syz.2.562': attribute type 9 has an invalid length.
[  123.584067][ T8014] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.562'.
[  123.590746][ T8014] netlink: 4 bytes leftover after parsing attributes in process `syz.2.562'.
[  123.631633][ T8020] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(4)
[  123.633589][ T8020] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  123.640391][ T8020] vhci_hcd vhci_hcd.0: Device attached
[  123.644866][ T8021] usbip_core: unknown command
[  123.646295][ T8021] vhci_hcd: unknown pdu 3020978687
[  123.647831][ T8021] usbip_core: unknown command
[  123.651334][ T1170] vhci_hcd: stop threads
[  123.652682][ T1170] vhci_hcd: release socket
[  123.653993][ T1170] vhci_hcd: disconnect device
[  123.683677][ T8017] netlink: 168 bytes leftover after parsing attributes in process `syz.0.563'.
[  123.688711][ T8017] netlink: 168 bytes leftover after parsing attributes in process `syz.0.563'.
[  123.692775][ T8017] netlink: 168 bytes leftover after parsing attributes in process `syz.0.563'.
[  123.696333][ T8017] netlink: 168 bytes leftover after parsing attributes in process `syz.0.563'.
[  123.699992][ T8017] netlink: 168 bytes leftover after parsing attributes in process `syz.0.563'.
[  123.705531][ T8017] netlink: 168 bytes leftover after parsing attributes in process `syz.0.563'.
[  123.709166][ T8017] netlink: 168 bytes leftover after parsing attributes in process `syz.0.563'.
[  123.865171][ T8036] bridge0: port 3(syz_tun) entered blocking state
[  123.867726][ T8036] bridge0: port 3(syz_tun) entered disabled state
[  123.871248][ T8036] syz_tun: entered allmulticast mode
[  123.878606][ T8036] syz_tun: entered promiscuous mode
[  123.881576][ T8036] bridge0: port 3(syz_tun) entered blocking state
[  123.885379][ T8036] bridge0: port 3(syz_tun) entered forwarding state
[  123.936245][ T8043] FAULT_INJECTION: forcing a failure.
[  123.936245][ T8043] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  123.943846][ T8043] CPU: 0 UID: 0 PID: 8043 Comm: syz.1.566 Not tainted 6.14.0-rc1-syzkaller-00034-g92514ef226f5 #0
[  123.943860][ T8043] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  123.943866][ T8043] Call Trace:
[  123.943869][ T8043]  <TASK>
[  123.943873][ T8043]  dump_stack_lvl+0x16c/0x1f0
[  123.943897][ T8043]  should_fail_ex+0x50a/0x650
[  123.943909][ T8043]  ? __pfx___might_resched+0x10/0x10
[  123.943924][ T8043]  should_fail_alloc_page+0xe7/0x130
[  123.943939][ T8043]  prepare_alloc_pages.constprop.0+0x16f/0x560
[  123.943957][ T8043]  __alloc_frozen_pages_noprof+0x18e/0x2470
[  123.943973][ T8043]  ? hlock_class+0x4e/0x130
[  123.943987][ T8043]  ? __lock_acquire+0x15a9/0x3c40
[  123.944000][ T8043]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  123.944017][ T8043]  ? __mutex_trylock_common+0xea/0x250
[  123.944030][ T8043]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  123.944044][ T8043]  ? policy_nodemask+0xea/0x4e0
[  123.944057][ T8043]  alloc_pages_mpol+0x1fc/0x540
[  123.944070][ T8043]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  123.944082][ T8043]  ? lock_acquire+0x2f/0xb0
[  123.944092][ T8043]  ? hugetlb_vma_lock_read+0xb2/0x140
[  123.944107][ T8043]  alloc_pages_noprof+0x131/0x390
[  123.944119][ T8043]  __pmd_alloc+0x3f/0x870
[  123.944130][ T8043]  huge_pte_alloc+0x292/0x3a0
[  123.944140][ T8043]  hugetlb_fault+0x377/0x2fa0
[  123.944151][ T8043]  ? rwsem_read_trylock+0x12d/0x250
[  123.944164][ T8043]  ? __pfx_hugetlb_fault+0x10/0x10
[  123.944173][ T8043]  ? find_held_lock+0x2d/0x110
[  123.944191][ T8043]  ? __pfx___up_read+0x10/0x10
[  123.944206][ T8043]  handle_mm_fault+0x930/0xaa0
[  123.944219][ T8043]  __get_user_pages+0x773/0x36f0
[  123.944233][ T8043]  ? __pfx_mt_find+0x10/0x10
[  123.944247][ T8043]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  123.944258][ T8043]  ? __pfx___get_user_pages+0x10/0x10
[  123.944269][ T8043]  ? __mm_populate+0x21d/0x380
[  123.944282][ T8043]  populate_vma_page_range+0x27f/0x3a0
[  123.944294][ T8043]  ? __pfx_populate_vma_page_range+0x10/0x10
[  123.944304][ T8043]  ? __pfx_find_vma_intersection+0x10/0x10
[  123.944320][ T8043]  ? vm_mmap_pgoff+0x29b/0x3a0
[  123.944332][ T8043]  __mm_populate+0x1d6/0x380
[  123.944343][ T8043]  ? __pfx___mm_populate+0x10/0x10
[  123.944355][ T8043]  ? up_write+0x1b2/0x520
[  123.944368][ T8043]  vm_mmap_pgoff+0x2d3/0x3a0
[  123.944380][ T8043]  ? __pfx_vm_mmap_pgoff+0x10/0x10
[  123.944390][ T8043]  ? hugetlbfs_get_inode+0x323/0x740
[  123.944405][ T8043]  ksys_mmap_pgoff+0x1c8/0x5c0
[  123.944414][ T8043]  ? __ia32_sys_mmap_pgoff+0x11/0x1b0
[  123.944424][ T8043]  __do_fast_syscall_32+0x73/0x120
[  123.944434][ T8043]  do_fast_syscall_32+0x32/0x80
[  123.944443][ T8043]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  123.944458][ T8043] RIP: 0023:0xf749e579
[  123.944466][ T8043] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  123.944475][ T8043] RSP: 002b:00000000f510555c EFLAGS: 00000296 ORIG_RAX: 00000000000000c0
[  123.944484][ T8043] RAX: ffffffffffffffda RBX: 0000000080000000 RCX: 0000000000ff5000
[  123.944490][ T8043] RDX: 0000000000000003 RSI: 00000000000ec071 RDI: 00000000ffffffff
[  123.944495][ T8043] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  123.944500][ T8043] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  123.944505][ T8043] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  123.944516][ T8043]  </TASK>
[  124.094663][ T8056] netlink: 'syz.1.570': attribute type 9 has an invalid length.
[  124.229804][ T8067] FAULT_INJECTION: forcing a failure.
[  124.229804][ T8067] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  124.234313][ T8067] CPU: 0 UID: 0 PID: 8067 Comm: syz.2.575 Not tainted 6.14.0-rc1-syzkaller-00034-g92514ef226f5 #0
[  124.234328][ T8067] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  124.234335][ T8067] Call Trace:
[  124.234338][ T8067]  <TASK>
[  124.234342][ T8067]  dump_stack_lvl+0x16c/0x1f0
[  124.234361][ T8067]  should_fail_ex+0x50a/0x650
[  124.234377][ T8067]  _copy_from_user+0x2e/0xd0
[  124.234392][ T8067]  user_termios_to_kernel_termios_1+0x21/0x30
[  124.234406][ T8067]  tty_mode_ioctl+0x3ff/0xd20
[  124.234418][ T8067]  ? lock_acquire+0x2f/0xb0
[  124.234430][ T8067]  ? tty_ldisc_ref_wait+0x24/0x80
[  124.234443][ T8067]  ? __pfx_tty_mode_ioctl+0x10/0x10
[  124.234459][ T8067]  ? __pfx___ldsem_down_read_nested+0x10/0x10
[  124.234474][ T8067]  ? __pfx_n_tty_ioctl+0x10/0x10
[  124.234483][ T8067]  n_tty_ioctl_helper+0x4b/0x2b0
[  124.234496][ T8067]  n_tty_ioctl+0x7f/0x370
[  124.234508][ T8067]  ? __pfx_n_tty_ioctl+0x10/0x10
[  124.234517][ T8067]  tty_ioctl+0x6ee/0x1640
[  124.234533][ T8067]  ? __pfx_tty_ioctl+0x10/0x10
[  124.234552][ T8067]  ? __pfx_lock_release+0x10/0x10
[  124.234563][ T8067]  ? trace_lock_acquire+0x14e/0x1f0
[  124.234584][ T8067]  ? __fget_files+0x206/0x3a0
[  124.234597][ T8067]  tty_compat_ioctl+0x24a/0x4d0
[  124.234611][ T8067]  ? __pfx_tty_compat_ioctl+0x10/0x10
[  124.234629][ T8067]  __do_compat_sys_ioctl+0x1cb/0x2c0
[  124.234645][ T8067]  __do_fast_syscall_32+0x73/0x120
[  124.234656][ T8067]  do_fast_syscall_32+0x32/0x80
[  124.234665][ T8067]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  124.234681][ T8067] RIP: 0023:0xf7f73579
[  124.234689][ T8067] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  124.234699][ T8067] RSP: 002b:00000000f509655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  124.234709][ T8067] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000005457
[  124.234715][ T8067] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  124.234720][ T8067] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  124.234725][ T8067] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  124.234731][ T8067] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  124.234743][ T8067]  </TASK>
[  124.289737][ T8078] netlink: 'syz.0.579': attribute type 9 has an invalid length.
[  124.372884][ T8080] lo speed is unknown, defaulting to 1000
[  124.396295][ T8076] random: crng reseeded on system resumption
[  124.776759][ T8100] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  125.213037][ T5950] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection
[  125.218697][ T5950] Bluetooth: hci3: unexpected event 0x06 length: 4 > 3
[  125.332307][ T5950] Bluetooth: hci3: command 0x0419 tx timeout
[  125.552330][   T25] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[  125.722389][   T25] usb 6-1: Using ep0 maxpacket: 32
[  125.728490][   T25] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x85 has invalid maxpacket 59667, setting to 1024
[  125.733665][   T25] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  125.739635][   T25] usb 6-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  125.743622][   T25] usb 6-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  125.746896][   T25] usb 6-1: Product: syz
[  125.748709][   T25] usb 6-1: Manufacturer: syz
[  125.750604][   T25] usb 6-1: SerialNumber: syz
[  125.754449][   T25] usb 6-1: config 0 descriptor??
[  125.757328][ T8124] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  126.013558][ T8138] syz.2.601 (8138): /proc/8137/oom_adj is deprecated, please use /proc/8137/oom_score_adj instead.
[  126.102250][   T25] usb 8-1: new high-speed USB device number 5 using dummy_hcd
[  126.152816][ T8120] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  126.154774][ T8120] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  126.166736][ T8120] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  126.168577][ T8120] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  126.206657][ T5980] usb 6-1: USB disconnect, device number 6
[  126.262420][   T25] usb 8-1: Using ep0 maxpacket: 16
[  126.266310][   T25] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  126.270680][   T25] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  126.274757][   T25] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  126.280445][   T25] usb 8-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00
[  126.284209][   T25] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  126.288897][   T25] usb 8-1: config 0 descriptor??
[  126.404331][ T8165] netlink: 'syz.0.610': attribute type 1 has an invalid length.
[  126.415335][ T8161] team_slave_1: mtu greater than device maximum
[  126.702784][ T5980] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[  126.758102][ T8182] lo speed is unknown, defaulting to 1000
[  126.852785][ T5980] usb 6-1: too many configurations: 9, using maximum allowed: 8
[  126.859942][ T5980] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[  126.862678][ T5980] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  126.865773][ T5980] usb 6-1: config 0 interface 0 has no altsetting 0
[  126.868461][ T5980] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[  126.871486][ T5980] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  126.877339][ T5980] usb 6-1: config 0 interface 0 has no altsetting 0
[  126.881616][ T5980] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[  126.884300][ T5980] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  126.887519][ T5980] usb 6-1: config 0 interface 0 has no altsetting 0
[  126.890220][ T5980] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[  126.895414][ T5980] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  126.898588][ T5980] usb 6-1: config 0 interface 0 has no altsetting 0
[  126.901394][ T8136] random: crng reseeded on system resumption
[  126.901475][ T5980] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[  126.906112][ T5980] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  126.909194][ T5980] usb 6-1: config 0 interface 0 has no altsetting 0
[  126.911804][ T5980] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[  126.918947][ T5980] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  126.922088][ T5980] usb 6-1: config 0 interface 0 has no altsetting 0
[  126.925289][ T5980] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[  126.927971][ T5980] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  126.931054][ T5980] usb 6-1: config 0 interface 0 has no altsetting 0
[  126.934145][ T5980] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[  126.936786][ T5980] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  126.940033][ T5980] usb 6-1: config 0 interface 0 has no altsetting 0
[  126.943634][ T5980] usb 6-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e
[  126.946251][ T5980] usb 6-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168
[  126.948702][ T5980] usb 6-1: Product: syz
[  126.949967][ T5980] usb 6-1: Manufacturer: syz
[  126.951451][ T5980] usb 6-1: SerialNumber: syz
[  126.955225][ T5980] usb 6-1: config 0 descriptor??
[  126.960444][ T5980] yurex 6-1:0.0: USB YUREX device now attached to Yurex #0
[  127.083467][   T25] usbhid 8-1:0.0: can't add hid device: -71
[  127.085326][   T25] usbhid 8-1:0.0: probe with driver usbhid failed with error -71
[  127.093030][   T25] usb 8-1: USB disconnect, device number 5
[  127.098134][ T6818] udevd[6818]: setting owner of /dev/bus/usb/008/005 to uid=0, gid=0 failed: No such file or directory
[  127.685896][ T8206] netlink: 'syz.3.623': attribute type 4 has an invalid length.
[  127.724035][ T8210] FAULT_INJECTION: forcing a failure.
[  127.724035][ T8210] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  127.728194][ T8210] CPU: 0 UID: 0 PID: 8210 Comm: syz.3.624 Not tainted 6.14.0-rc1-syzkaller-00034-g92514ef226f5 #0
[  127.728208][ T8210] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  127.728213][ T8210] Call Trace:
[  127.728217][ T8210]  <TASK>
[  127.728221][ T8210]  dump_stack_lvl+0x16c/0x1f0
[  127.728239][ T8210]  should_fail_ex+0x50a/0x650
[  127.728253][ T8210]  _copy_from_iter+0x29b/0x1400
[  127.728268][ T8210]  ? trace_lock_acquire+0x14e/0x1f0
[  127.728277][ T8210]  ? skb_put+0x138/0x1b0
[  127.728290][ T8210]  ? __pfx__copy_from_iter+0x10/0x10
[  127.728303][ T8210]  ? __virt_addr_valid+0x1a4/0x590
[  127.728313][ T8210]  ? __virt_addr_valid+0x5e/0x590
[  127.728322][ T8210]  ? __phys_addr_symbol+0x30/0x80
[  127.728336][ T8210]  ? __check_object_size+0x488/0x710
[  127.728350][ T8210]  sctp_user_addto_chunk+0x87/0x230
[  127.728376][ T8210]  sctp_datamsg_from_user+0x5b3/0x1320
[  127.728397][ T8210]  sctp_sendmsg_to_asoc+0xafd/0x1ad0
[  127.728410][ T8210]  ? sctp_assoc_add_peer+0x254/0x14b0
[  127.728424][ T8210]  ? __pfx_sctp_sendmsg_to_asoc+0x10/0x10
[  127.728436][ T8210]  ? __pfx_sctp_connect_new_asoc+0x10/0x10
[  127.728449][ T8210]  ? lock_acquire+0x2f/0xb0
[  127.728460][ T8210]  ? sctp_endpoint_lookup_assoc+0xac/0x2a0
[  127.728474][ T8210]  sctp_sendmsg+0x129c/0x1f10
[  127.728486][ T8210]  ? __pfx___lock_acquire+0x10/0x10
[  127.728500][ T8210]  ? __pfx_sctp_sendmsg+0x10/0x10
[  127.728519][ T8210]  ? __pfx_aa_sk_perm+0x10/0x10
[  127.728531][ T8210]  ? __pfx_sctp_sendmsg+0x10/0x10
[  127.728544][ T8210]  inet_sendmsg+0x119/0x140
[  127.728559][ T8210]  __sys_sendto+0x42a/0x4f0
[  127.728574][ T8210]  ? __pfx___sys_sendto+0x10/0x10
[  127.728598][ T8210]  ? ksys_write+0x1ba/0x250
[  127.728608][ T8210]  ? __pfx_ksys_write+0x10/0x10
[  127.728619][ T8210]  __ia32_sys_sendto+0xdd/0x1b0
[  127.728633][ T8210]  ? lockdep_hardirqs_on+0x7c/0x110
[  127.728647][ T8210]  ? syscall_enter_from_user_mode_prepare+0x68/0xe0
[  127.728662][ T8210]  __do_fast_syscall_32+0x73/0x120
[  127.728672][ T8210]  do_fast_syscall_32+0x32/0x80
[  127.728681][ T8210]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  127.728696][ T8210] RIP: 0023:0xf7f58579
[  127.728704][ T8210] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  127.728713][ T8210] RSP: 002b:00000000f507655c EFLAGS: 00000296 ORIG_RAX: 0000000000000171
[  127.728722][ T8210] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080847fff
[  127.728728][ T8210] RDX: 0000000000034000 RSI: 0000000000000000 RDI: 000000008005ffe4
[  127.728734][ T8210] RBP: 000000000000001c R08: 0000000000000000 R09: 0000000000000000
[  127.728739][ T8210] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  127.728744][ T8210] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  127.728755][ T8210]  </TASK>
[  128.099719][ T8215] lo speed is unknown, defaulting to 1000
[  128.203047][ T5945] Bluetooth: hci2: command 0x0419 tx timeout
[  128.203082][ T5948] Bluetooth: hci3: command 0x0419 tx timeout
[  128.207054][ T5950] Bluetooth: hci1: command 0x0419 tx timeout
[  128.232582][ T8222] bridge0: port 2(bridge_slave_1) entered disabled state
[  128.235478][ T8222] bridge0: port 1(bridge_slave_0) entered disabled state
[  128.244515][ T8221] bridge_slave_1: left allmulticast mode
[  128.246308][ T8221] bridge_slave_1: left promiscuous mode
[  128.248861][ T8221] bridge0: port 2(bridge_slave_1) entered disabled state
[  128.260325][ T8221] bridge_slave_0: left allmulticast mode
[  128.262123][ T8221] bridge_slave_0: left promiscuous mode
[  128.264401][ T8221] bridge0: port 1(bridge_slave_0) entered disabled state
[  128.429974][ T8224] netlink: 'syz.3.629': attribute type 10 has an invalid length.
[  128.518442][ T8230] overlay: Bad value for 'uuid'
[  128.526032][ T8232] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off.
[  128.529910][ T8232] overlayfs: missing 'lowerdir'
[  128.900465][ T8243] overlay: Unknown parameter 'fsname'
[  128.991945][ T8251] FAULT_INJECTION: forcing a failure.
[  128.991945][ T8251] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  128.997063][ T8251] CPU: 3 UID: 0 PID: 8251 Comm: syz.3.638 Not tainted 6.14.0-rc1-syzkaller-00034-g92514ef226f5 #0
[  128.997082][ T8251] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  128.997091][ T8251] Call Trace:
[  128.997095][ T8251]  <TASK>
[  128.997101][ T8251]  dump_stack_lvl+0x16c/0x1f0
[  128.997127][ T8251]  should_fail_ex+0x50a/0x650
[  128.997149][ T8251]  _copy_from_user+0x2e/0xd0
[  128.997170][ T8251]  move_addr_to_kernel+0x68/0x160
[  128.997192][ T8251]  __get_compat_msghdr+0x3f1/0x4d0
[  128.997212][ T8251]  get_compat_msghdr+0xd3/0x170
[  128.997230][ T8251]  ? __pfx_get_compat_msghdr+0x10/0x10
[  128.997256][ T8251]  ___sys_sendmsg+0x1b0/0x1e0
[  128.997273][ T8251]  ? __pfx____sys_sendmsg+0x10/0x10
[  128.997295][ T8251]  ? __pfx_lock_release+0x10/0x10
[  128.997312][ T8251]  ? trace_lock_acquire+0x14e/0x1f0
[  128.997332][ T8251]  ? __fget_files+0x206/0x3a0
[  128.997354][ T8251]  __sys_sendmsg+0x16e/0x220
[  128.997370][ T8251]  ? __pfx___sys_sendmsg+0x10/0x10
[  128.997398][ T8251]  __do_fast_syscall_32+0x73/0x120
[  128.997415][ T8251]  do_fast_syscall_32+0x32/0x80
[  128.997430][ T8251]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  128.997455][ T8251] RIP: 0023:0xf7f58579
[  128.997469][ T8251] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  128.997484][ T8251] RSP: 002b:00000000f507655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  128.997500][ T8251] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000040
[  128.997509][ T8251] RDX: 0000000000000800 RSI: 0000000000000000 RDI: 0000000000000000
[  128.997518][ T8251] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  128.997526][ T8251] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  128.997534][ T8251] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  128.997554][ T8251]  </TASK>
[  129.095799][ T8253] __nla_validate_parse: 42 callbacks suppressed
[  129.095814][ T8253] netlink: 8 bytes leftover after parsing attributes in process `syz.3.639'.
[  129.116821][   T39] audit: type=1326 audit(1738809609.809:6357): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8252 comm="syz.3.639" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f58579 code=0x7ffc0000
[  129.123417][   T39] audit: type=1326 audit(1738809609.809:6358): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8252 comm="syz.3.639" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f58579 code=0x7ffc0000
[  129.129936][   T39] audit: type=1326 audit(1738809609.809:6359): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8252 comm="syz.3.639" exe="/syz-executor" sig=0 arch=40000003 syscall=120 compat=1 ip=0xf7f58579 code=0x7ffc0000
[  129.135954][   T39] audit: type=1326 audit(1738809609.819:6360): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8252 comm="syz.3.639" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f58579 code=0x7ffc0000
[  129.142135][   T39] audit: type=1326 audit(1738809609.819:6361): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8254 comm="syz.3.639" exe="/syz-executor" sig=0 arch=40000003 syscall=267 compat=1 ip=0xf7f58579 code=0x7ffc0000
[  129.149083][   T39] audit: type=1326 audit(1738809609.819:6362): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8252 comm="syz.3.639" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f58579 code=0x7ffc0000
[  129.155228][   T39] audit: type=1326 audit(1738809609.829:6363): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8252 comm="syz.3.639" exe="/syz-executor" sig=0 arch=40000003 syscall=270 compat=1 ip=0xf7f58579 code=0x7ffc0000
[  129.161829][   T39] audit: type=1326 audit(1738809609.829:6364): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8252 comm="syz.3.639" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f58579 code=0x7ffc0000
[  129.168112][   T39] audit: type=1326 audit(1738809609.829:6365): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8252 comm="syz.3.639" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f58579 code=0x7ffc0000
[  129.174390][   T39] audit: type=1326 audit(1738809609.829:6366): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8254 comm="syz.3.639" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f58598 code=0x7ffc0000
[  129.252477][    C2] usb 6-1: yurex_control_callback - control failed: -2
[  129.256145][   T58] usb 6-1: USB disconnect, device number 7
[  129.258959][   T58] yurex 6-1:0.0: USB YUREX #0 now disconnected
[  129.310717][ T8257] syz.3.640 (8257): drop_caches: 2
[  129.314831][ T8257] syz.3.640 (8257): drop_caches: 2
[  129.477215][ T8263] netlink: 8 bytes leftover after parsing attributes in process `syz.0.643'.
[  129.482553][ T8263] netlink: 'syz.0.643': attribute type 10 has an invalid length.
[  129.826652][ T8271] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0)
[  129.917661][ T8279] netlink: 8 bytes leftover after parsing attributes in process `syz.1.649'.
[  130.292544][ T5950] Bluetooth: hci3: command 0x0419 tx timeout
[  130.347003][ T8298] netlink: 152 bytes leftover after parsing attributes in process `syz.3.657'.
[  130.547708][ T5950] Bluetooth: hci2: unexpected event for opcode 0x2040
[  130.559616][ T8307] FAULT_INJECTION: forcing a failure.
[  130.559616][ T8307] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  130.564129][ T8307] CPU: 2 UID: 0 PID: 8307 Comm: syz.3.661 Not tainted 6.14.0-rc1-syzkaller-00034-g92514ef226f5 #0
[  130.564142][ T8307] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  130.564148][ T8307] Call Trace:
[  130.564151][ T8307]  <TASK>
[  130.564155][ T8307]  dump_stack_lvl+0x16c/0x1f0
[  130.564173][ T8307]  should_fail_ex+0x50a/0x650
[  130.564200][ T8307]  _copy_from_user+0x2e/0xd0
[  130.564214][ T8307]  memdup_user+0x71/0xd0
[  130.564230][ T8307]  i2cdev_ioctl_rdwr+0x2db/0x700
[  130.564246][ T8307]  compat_i2cdev_ioctl+0x466/0x530
[  130.564260][ T8307]  ? __pfx_compat_i2cdev_ioctl+0x10/0x10
[  130.564273][ T8307]  ? __fget_files+0x206/0x3a0
[  130.564285][ T8307]  ? __pfx_compat_i2cdev_ioctl+0x10/0x10
[  130.564298][ T8307]  __do_compat_sys_ioctl+0x1cb/0x2c0
[  130.564313][ T8307]  __do_fast_syscall_32+0x73/0x120
[  130.564323][ T8307]  do_fast_syscall_32+0x32/0x80
[  130.564331][ T8307]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  130.564348][ T8307] RIP: 0023:0xf7f58579
[  130.564355][ T8307] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  130.564364][ T8307] RSP: 002b:00000000f507655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  130.564374][ T8307] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000000707
[  130.564379][ T8307] RDX: 0000000080001100 RSI: 0000000000000000 RDI: 0000000000000000
[  130.564385][ T8307] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  130.564389][ T8307] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  130.564394][ T8307] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  130.564405][ T8307]  </TASK>
[  130.621392][    C2] vkms_vblank_simulate: vblank timer overrun
[  130.990314][ T8314] FAULT_INJECTION: forcing a failure.
[  130.990314][ T8314] name failslab, interval 1, probability 0, space 0, times 0
[  130.997607][ T8314] CPU: 2 UID: 0 PID: 8314 Comm: syz.1.664 Not tainted 6.14.0-rc1-syzkaller-00034-g92514ef226f5 #0
[  130.997621][ T8314] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  130.997627][ T8314] Call Trace:
[  130.997630][ T8314]  <TASK>
[  130.997634][ T8314]  dump_stack_lvl+0x16c/0x1f0
[  130.997651][ T8314]  should_fail_ex+0x50a/0x650
[  130.997664][ T8314]  ? fs_reclaim_acquire+0xae/0x150
[  130.997680][ T8314]  should_failslab+0xc2/0x120
[  130.997692][ T8314]  kmem_cache_alloc_noprof+0x6e/0x3b0
[  130.997704][ T8314]  ? security_inode_alloc+0x3b/0x2b0
[  130.997715][ T8314]  security_inode_alloc+0x3b/0x2b0
[  130.997724][ T8314]  inode_init_always_gfp+0xce4/0x1030
[  130.997737][ T8314]  alloc_inode+0x82/0x230
[  130.997749][ T8314]  sock_alloc+0x40/0x280
[  130.997761][ T8314]  do_accept+0xf8/0x530
[  130.997775][ T8314]  ? do_raw_spin_lock+0x12d/0x2c0
[  130.997795][ T8314]  ? __pfx_do_accept+0x10/0x10
[  130.997815][ T8314]  __sys_accept4+0xfe/0x1b0
[  130.997829][ T8314]  ? __pfx___sys_accept4+0x10/0x10
[  130.997858][ T8314]  ? __pfx_ksys_write+0x10/0x10
[  130.997871][ T8314]  __ia32_sys_accept4+0x94/0x100
[  130.997885][ T8314]  ? syscall_enter_from_user_mode_prepare+0x68/0xe0
[  130.997901][ T8314]  __do_fast_syscall_32+0x73/0x120
[  130.997911][ T8314]  do_fast_syscall_32+0x32/0x80
[  130.997919][ T8314]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  130.997934][ T8314] RIP: 0023:0xf749e579
[  130.997942][ T8314] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  130.997951][ T8314] RSP: 002b:00000000f512655c EFLAGS: 00000296 ORIG_RAX: 000000000000016c
[  130.997960][ T8314] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000000000
[  130.997966][ T8314] RDX: 0000000000000000 RSI: 0000000000000800 RDI: 0000000000000000
[  130.997971][ T8314] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  130.997976][ T8314] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  130.997981][ T8314] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  130.997991][ T8314]  </TASK>
[  131.062354][    C2] vkms_vblank_simulate: vblank timer overrun
[  131.090229][ T8316] netlink: 108 bytes leftover after parsing attributes in process `syz.1.665'.
[  131.112202][ T8318] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(7)
[  131.114146][ T8318] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  131.116374][ T8318] vhci_hcd vhci_hcd.0: Device attached
[  131.119438][ T8320] vhci_hcd: connection closed
[  131.119705][ T1064] vhci_hcd: stop threads
[  131.122556][ T1064] vhci_hcd: release socket
[  131.123902][ T1064] vhci_hcd: disconnect device
[  131.215849][ T8316] block nbd1: shutting down sockets
[  131.277632][  T219] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  131.343162][ T8347] overlayfs: conflicting options: userxattr,verity=require
[  131.362311][ T1464] usb 8-1: new high-speed USB device number 6 using dummy_hcd
[  131.383154][  T219] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  131.420521][ T5948] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  131.424486][ T5948] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  131.427796][ T5948] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  131.431261][ T5948] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  131.437278][ T5948] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  131.439795][ T5948] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  131.455726][  T219] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  131.505187][ T8356] lo speed is unknown, defaulting to 1000
[  131.524965][ T8369] FAULT_INJECTION: forcing a failure.
[  131.524965][ T8369] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  131.528732][ T8369] CPU: 2 UID: 0 PID: 8369 Comm: syz.1.674 Not tainted 6.14.0-rc1-syzkaller-00034-g92514ef226f5 #0
[  131.528744][ T8369] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  131.528750][ T8369] Call Trace:
[  131.528754][ T8369]  <TASK>
[  131.528758][ T8369]  dump_stack_lvl+0x16c/0x1f0
[  131.528776][ T8369]  should_fail_ex+0x50a/0x650
[  131.528790][ T8369]  _copy_to_user+0x32/0xd0
[  131.528805][ T8369]  simple_read_from_buffer+0xd0/0x160
[  131.528825][ T8369]  proc_fail_nth_read+0x198/0x270
[  131.528840][ T8369]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  131.528854][ T8369]  ? rw_verify_area+0xcf/0x680
[  131.528868][ T8369]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  131.528881][ T8369]  vfs_read+0x1df/0xbf0
[  131.528891][ T8369]  ? __fget_files+0x1fc/0x3a0
[  131.528901][ T8369]  ? __pfx___mutex_lock+0x10/0x10
[  131.528915][ T8369]  ? __pfx_vfs_read+0x10/0x10
[  131.528928][ T8369]  ? __fget_files+0x206/0x3a0
[  131.528941][ T8369]  ksys_read+0x12b/0x250
[  131.528950][ T8369]  ? __pfx_ksys_read+0x10/0x10
[  131.528962][ T8369]  __do_fast_syscall_32+0x73/0x120
[  131.528972][ T8369]  do_fast_syscall_32+0x32/0x80
[  131.528981][ T8369]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  131.528996][ T8369] RIP: 0023:0xf749e579
[  131.529004][ T8369] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  131.529013][ T8369] RSP: 002b:00000000f5126590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  131.529022][ T8369] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f5126620
[  131.529027][ T8369] RDX: 000000000000000f RSI: 00000000f748cff4 RDI: 0000000000000000
[  131.529032][ T8369] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  131.529037][ T8369] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  131.529042][ T8369] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  131.529053][ T8369]  </TASK>
[  131.582248][ T1464] usb 8-1: Using ep0 maxpacket: 8
[  131.583679][    C2] vkms_vblank_simulate: vblank timer overrun
[  131.592527][ T1464] usb 8-1: config 0 has an invalid interface number: 55 but max is 0
[  131.594947][ T1464] usb 8-1: config 0 has no interface number 0
[  131.603934][  T219] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  131.613330][ T1464] usb 8-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  131.616573][ T1464] usb 8-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  131.620004][ T1464] usb 8-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  131.623289][ T1464] usb 8-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  131.623355][ T8356] chnl_net:caif_netlink_parms(): no params data found
[  131.627131][ T1464] usb 8-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  131.632436][ T1464] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  131.644860][ T8377] netlink: 'syz.1.676': attribute type 1 has an invalid length.
[  131.645504][ T1464] usb 8-1: config 0 descriptor??
[  131.647133][ T8377] netlink: 224 bytes leftover after parsing attributes in process `syz.1.676'.
[  131.668219][ T1464] ldusb 8-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  131.799596][ T8356] bridge0: port 1(bridge_slave_0) entered blocking state
[  131.801699][ T8356] bridge0: port 1(bridge_slave_0) entered disabled state
[  131.803945][ T8356] bridge_slave_0: entered allmulticast mode
[  131.806143][ T8356] bridge_slave_0: entered promiscuous mode
[  131.822814][ T8356] bridge0: port 2(bridge_slave_1) entered blocking state
[  131.824873][ T8356] bridge0: port 2(bridge_slave_1) entered disabled state
[  131.826996][ T8356] bridge_slave_1: entered allmulticast mode
[  131.829237][ T8356] bridge_slave_1: entered promiscuous mode
[  131.859198][ T1464] usb 8-1: USB disconnect, device number 6
[  131.866731][ T1464] ldusb 8-1:0.55: LD USB Device #0 now disconnected
[  131.878411][  T219] bridge_slave_1: left allmulticast mode
[  131.879122][ T8386] netlink: 'syz.1.678': attribute type 1 has an invalid length.
[  131.880214][  T219] bridge_slave_1: left promiscuous mode
[  131.885769][  T219] bridge0: port 2(bridge_slave_1) entered disabled state
[  131.890404][  T219] bridge_slave_0: left allmulticast mode
[  131.892090][  T219] bridge_slave_0: left promiscuous mode
[  131.894192][  T219] bridge0: port 1(bridge_slave_0) entered disabled state
[  131.938337][ T8387] netlink: 28 bytes leftover after parsing attributes in process `syz.1.678'.
[  132.214756][ T1414] ieee802154 phy0 wpan0: encryption failed: -22
[  132.218410][ T1414] ==================================================================
[  132.220746][ T1414] BUG: KASAN: slab-use-after-free in tty_write_room+0x7d/0x90
[  132.222974][ T1414] Read of size 8 at addr ffff8880124f1020 by task aoe_tx0/1414
[  132.226218][ T1414] 
[  132.227660][ T1414] CPU: 0 UID: 0 PID: 1414 Comm: aoe_tx0 Not tainted 6.14.0-rc1-syzkaller-00034-g92514ef226f5 #0
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  132.227672][ T1414] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  132.227679][ T1414] Call Trace:
[  132.227682][ T1414]  <TASK>
[  132.227686][ T1414]  dump_stack_lvl+0x116/0x1f0
[  132.227704][ T1414]  print_report+0xc3/0x620
[  132.227716][ T1414]  ? __virt_addr_valid+0x5e/0x590
[  132.227726][ T1414]  ? __phys_addr+0xc6/0x150
[  132.227734][ T1414]  kasan_report+0xd9/0x110
[  132.227745][ T1414]  ? tty_write_room+0x7d/0x90
[  132.227757][ T1414]  ? tty_write_room+0x7d/0x90
[  132.227768][ T1414]  tty_write_room+0x7d/0x90
[  132.227779][ T1414]  handle_tx+0x151/0x630
[  132.227792][ T1414]  dev_hard_start_xmit+0x9a/0x7b0
[  132.227808][ T1414]  __dev_queue_xmit+0x7f0/0x43e0
[  132.227824][ T1414]  ? __pfx___dev_queue_xmit+0x10/0x10
[  132.227837][ T1414]  ? __pfx___lock_acquire+0x10/0x10
[  132.227848][ T1414]  ? __pfx___lock_acquire+0x10/0x10
[  132.227860][ T1414]  ? lock_acquire.part.0+0x11b/0x380
[  132.227870][ T1414]  ? find_held_lock+0x2d/0x110
[  132.227885][ T1414]  ? find_held_lock+0x2d/0x110
[  132.227899][ T1414]  ? tx+0xa8/0x190
[  132.227909][ T1414]  ? __pfx_lock_release+0x10/0x10
[  132.227920][ T1414]  ? lock_acquire+0x2f/0xb0
[  132.227932][ T1414]  tx+0xcc/0x190
[  132.227942][ T1414]  ? __pfx_tx+0x10/0x10
[  132.227952][ T1414]  kthread+0x1e7/0x3c0
[  132.227962][ T1414]  ? __pfx_kthread+0x10/0x10
[  132.227971][ T1414]  ? __pfx_default_wake_function+0x10/0x10
[  132.227983][ T1414]  ? lockdep_hardirqs_on+0x7c/0x110
[  132.227998][ T1414]  ? __kthread_parkme+0x148/0x220
[  132.228011][ T1414]  ? __pfx_kthread+0x10/0x10
[  132.228020][ T1414]  kthread+0x3af/0x750
[  132.228030][ T1414]  ? __pfx_kthread+0x10/0x10
[  132.228040][ T1414]  ? __pfx_kthread+0x10/0x10
[  132.228049][ T1414]  ret_from_fork+0x45/0x80
[  132.228061][ T1414]  ? __pfx_kthread+0x10/0x10
[  132.228069][ T1414]  ret_from_fork_asm+0x1a/0x30
[  132.228082][ T1414]  </TASK>
[  132.228085][ T1414] 
[  132.284709][ T1414] Allocated by task 8318:
[  132.285978][ T1414]  kasan_save_stack+0x33/0x60
[  132.287386][ T1414]  kasan_save_track+0x14/0x30
[  132.288785][ T1414]  __kasan_kmalloc+0xaa/0xb0
[  132.290154][ T1414]  alloc_tty_struct+0x98/0x8d0
[  132.291566][ T1414]  tty_init_dev.part.0+0x1e/0x660
[  132.293115][ T1414]  tty_init_dev+0x60/0x80
[  132.294401][ T1414]  ptmx_open+0x104/0x350
[  132.295685][ T1414]  chrdev_open+0x237/0x6a0
[  132.297100][ T1414]  do_dentry_open+0x735/0x1c40
[  132.298517][ T1414]  vfs_open+0x82/0x3f0
[  132.299724][ T1414]  path_openat+0x1e88/0x2d80
[  132.301073][ T1414]  do_filp_open+0x20c/0x470
[  132.302409][ T1414]  do_sys_openat2+0x17a/0x1e0
[  132.303789][ T1414]  __ia32_compat_sys_openat+0x16e/0x210
[  132.305392][ T1414]  __do_fast_syscall_32+0x73/0x120
[  132.306906][ T1414]  do_fast_syscall_32+0x32/0x80
[  132.308329][ T1414]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  132.310166][ T1414] 
[  132.310884][ T1414] Freed by task 5986:
[  132.312044][ T1414]  kasan_save_stack+0x33/0x60
[  132.313531][ T1414]  kasan_save_track+0x14/0x30
[  132.314934][ T1414]  kasan_save_free_info+0x3b/0x60
[  132.316424][ T1414]  __kasan_slab_free+0x51/0x70
[  132.317887][ T1414]  kfree+0x2c4/0x4d0
[  132.319046][ T1414]  process_one_work+0x958/0x1b30
[  132.320506][ T1414]  worker_thread+0x6c8/0xf00
[  132.321869][ T1414]  kthread+0x3af/0x750
[  132.323060][ T1414]  ret_from_fork+0x45/0x80
[  132.324370][ T1414]  ret_from_fork_asm+0x1a/0x30
[  132.325764][ T1414] 
[  132.326518][ T1414] Last potentially related work creation:
[  132.328213][ T1414]  kasan_save_stack+0x33/0x60
[  132.329597][ T1414]  kasan_record_aux_stack+0xb8/0xd0
[  132.331119][ T1414]  insert_work+0x36/0x230
[  132.332372][ T1414]  __queue_work+0x97e/0x1080
[  132.333729][ T1414]  queue_work_on+0x11a/0x140
[  132.335095][ T1414]  release_tty+0x4de/0x5d0
[  132.336408][ T1414]  tty_release_struct+0xb7/0xe0
[  132.337898][ T1414]  tty_release+0xe25/0x1410
[  132.339235][ T1414]  __fput+0x3ff/0xb70
[  132.340418][ T1414]  task_work_run+0x14e/0x250
[  132.341780][ T1414]  syscall_exit_to_user_mode+0x27b/0x2a0
[  132.343434][ T1414]  __do_fast_syscall_32+0x80/0x120
[  132.344936][ T1414]  do_fast_syscall_32+0x32/0x80
[  132.346361][ T1414]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  132.348229][ T1414] 
[  132.348965][ T1414] The buggy address belongs to the object at ffff8880124f1000
[  132.348965][ T1414]  which belongs to the cache kmalloc-cg-2k of size 2048
[  132.353047][ T1414] The buggy address is located 32 bytes inside of
[  132.353047][ T1414]  freed 2048-byte region [ffff8880124f1000, ffff8880124f1800)
[  132.356978][ T1414] 
[  132.357694][ T1414] The buggy address belongs to the physical page:
[  132.359552][ T1414] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x124f0
[  132.362070][ T1414] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  132.364491][ T1414] memcg:ffff8880230b8001
[  132.365732][ T1414] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  132.368039][ T1414] page_type: f5(slab)
[  132.369226][ T1414] raw: 00fff00000000040 ffff88801b050140 0000000000000000 dead000000000001
[  132.371711][ T1414] raw: 0000000000000000 0000000000080008 00000000f5000000 ffff8880230b8001
[  132.374169][ T1414] head: 00fff00000000040 ffff88801b050140 0000000000000000 dead000000000001
[  132.376657][ T1414] head: 0000000000000000 0000000000080008 00000000f5000000 ffff8880230b8001
[  132.379136][ T1414] head: 00fff00000000003 ffffea0000493c01 ffffffffffffffff 0000000000000000
[  132.381648][ T1414] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[  132.384271][ T1414] page dumped because: kasan: bad access detected
[  132.386202][ T1414] page_owner tracks the page as allocated
[  132.387877][ T1414] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 6989, tgid 6988 (syz.0.250), ts 87497191489, free_ts 87496212234
[  132.394218][ T1414]  post_alloc_hook+0x181/0x1b0
[  132.395623][ T1414]  get_page_from_freelist+0xfce/0x2f80
[  132.397223][ T1414]  __alloc_frozen_pages_noprof+0x221/0x2470
[  132.398959][ T1414]  alloc_pages_mpol+0x1fc/0x540
[  132.400383][ T1414]  new_slab+0x23d/0x330
[  132.401602][ T1414]  ___slab_alloc+0xbfa/0x1600
[  132.402986][ T1414]  __slab_alloc.constprop.0+0x56/0xb0
[  132.404546][ T1414]  __kmalloc_cache_noprof+0xf6/0x420
[  132.406084][ T1414]  bpf_prog_alloc_no_stats+0x101/0x630
[  132.407680][ T1414]  bpf_prog_alloc+0x3b/0x230
[  132.409037][ T1414]  bpf_prog_load+0x1a00/0x2480
[  132.410599][ T1414]  __sys_bpf+0x5677/0x57a0
[  132.411913][ T1414]  __ia32_sys_bpf+0x76/0xe0
[  132.413255][ T1414]  __do_fast_syscall_32+0x73/0x120
[  132.414778][ T1414]  do_fast_syscall_32+0x32/0x80
[  132.416221][ T1414]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  132.418116][ T1414] page last free pid 6989 tgid 6988 stack trace:
[  132.419929][ T1414]  free_frozen_pages+0x6db/0xfb0
[  132.421386][ T1414]  __folio_put+0x32a/0x450
[  132.422712][ T1414]  kvfree+0x47/0x50
[  132.423847][ T1414]  bpf_check+0x8b8/0xc9f0
[  132.425129][ T1414]  bpf_prog_load+0xe3c/0x2480
[  132.426530][ T1414]  __sys_bpf+0x5677/0x57a0
[  132.427852][ T1414]  __ia32_sys_bpf+0x76/0xe0
[  132.429193][ T1414]  __do_fast_syscall_32+0x73/0x120
[  132.430692][ T1414]  do_fast_syscall_32+0x32/0x80
[  132.432109][ T1414]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  132.433843][ T1414] 
[  132.434537][ T1414] Memory state around the buggy address:
[  132.436151][ T1414]  ffff8880124f0f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  132.438622][ T1414]  ffff8880124f0f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  132.440932][ T1414] >ffff8880124f1000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  132.443260][ T1414]                                ^
[  132.444811][ T1414]  ffff8880124f1080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  132.447176][ T1414]  ffff8880124f1100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  132.449529][ T1414] ==================================================================
[  132.451940][ T1414] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  132.454038][ T1414] CPU: 0 UID: 0 PID: 1414 Comm: aoe_tx0 Not tainted 6.14.0-rc1-syzkaller-00034-g92514ef226f5 #0
[  132.457032][ T1414] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  132.460160][ T1414] Call Trace:
[  132.461280][ T1414]  <TASK>
[  132.462172][ T1414]  dump_stack_lvl+0x3d/0x1f0
[  132.463535][ T1414]  panic+0x71d/0x800
[  132.464686][ T1414]  ? mark_held_locks+0x9f/0xe0
[  132.466103][ T1414]  ? __pfx_panic+0x10/0x10
[  132.467431][ T1414]  ? irqentry_exit+0x3b/0x90
[  132.468802][ T1414]  ? lockdep_hardirqs_on+0x7c/0x110
[  132.470327][ T1414]  ? check_panic_on_warn+0x1f/0xb0
[  132.471825][ T1414]  check_panic_on_warn+0xab/0xb0
[  132.473275][ T1414]  end_report+0x117/0x180
[  132.474547][ T1414]  kasan_report+0xe9/0x110
[  132.475857][ T1414]  ? tty_write_room+0x7d/0x90
[  132.477240][ T1414]  ? tty_write_room+0x7d/0x90
[  132.478629][ T1414]  tty_write_room+0x7d/0x90
[  132.479954][ T1414]  handle_tx+0x151/0x630
[  132.481197][ T1414]  dev_hard_start_xmit+0x9a/0x7b0
[  132.482682][ T1414]  __dev_queue_xmit+0x7f0/0x43e0
[  132.484131][ T1414]  ? __pfx___dev_queue_xmit+0x10/0x10
[  132.485687][ T1414]  ? __pfx___lock_acquire+0x10/0x10
[  132.487216][ T1414]  ? __pfx___lock_acquire+0x10/0x10
[  132.488743][ T1414]  ? lock_acquire.part.0+0x11b/0x380
[  132.490286][ T1414]  ? find_held_lock+0x2d/0x110
[  132.491701][ T1414]  ? find_held_lock+0x2d/0x110
[  132.493104][ T1414]  ? tx+0xa8/0x190
[  132.494218][ T1414]  ? __pfx_lock_release+0x10/0x10
[  132.495694][ T1414]  ? lock_acquire+0x2f/0xb0
[  132.497049][ T1414]  tx+0xcc/0x190
[  132.498120][ T1414]  ? __pfx_tx+0x10/0x10
[  132.499337][ T1414]  kthread+0x1e7/0x3c0
[  132.500535][ T1414]  ? __pfx_kthread+0x10/0x10
[  132.501906][ T1414]  ? __pfx_default_wake_function+0x10/0x10
[  132.503601][ T1414]  ? lockdep_hardirqs_on+0x7c/0x110
[  132.505114][ T1414]  ? __kthread_parkme+0x148/0x220
[  132.506616][ T1414]  ? __pfx_kthread+0x10/0x10
[  132.507966][ T1414]  kthread+0x3af/0x750
[  132.509174][ T1414]  ? __pfx_kthread+0x10/0x10
[  132.510540][ T1414]  ? __pfx_kthread+0x10/0x10
[  132.511879][ T1414]  ret_from_fork+0x45/0x80
[  132.513178][ T1414]  ? __pfx_kthread+0x10/0x10
[  132.514536][ T1414]  ret_from_fork_asm+0x1a/0x30
[  132.515974][ T1414]  </TASK>
[  132.517605][ T1414] Kernel Offset: disabled
[  132.518946][ T1414] Rebooting in 86400 seconds..

VM DIAGNOSIS:
02:31:40  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000000030 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff85386e75 RDI=ffffffff9aad2e20 RBP=ffffffff9aad2de0 RSP=ffffc9000786f430
R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=20666f2064616552
R12=0000000000000000 R13=0000000000000030 R14=ffffffff9aad2de0 R15=0000000000000000
RIP=ffffffff85386e9f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88802b400000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000f50e4da4 CR3=000000004c738000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 a9f3db658409ecb9 8ef886bad2ed4daa
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 7aa118c707d6975f 17b267dc53c86102
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 5c064d3c2f633841 b55a27d889147ee0
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 7cb5caacf74dee7f 77f42da47675426e
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000ffffffff 00000000000000b4
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000034
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 f37112d650c71d0f a8ffc288b5141701
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 d1f972b38e9abb6a 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 a0c36ee6c7896f01 c60b07c37e7182cf
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 1fca32a000000000 0fa0ef23f6e43047
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 2c5cab85a3ba60c4 c99bc60b9fa69c32
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 fe79890b24a74a76 0e1ca1721a5978a2
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 a54ff53a3c6ef372 bb67ae856a09e667
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 5be0cd191f83d9ab 9b05688c510e527f
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=000000000043de0d RBX=0000000000000001 RCX=ffffffff8b468e39 RDX=0000000000000000
RSI=ffffffff8b6ce5c0 RDI=ffffffff8bd2d220 RBP=ffffed1003a5e910 RSP=ffffc9000047fe08
R8 =0000000000000001 R9 =ffffed10056a6f85 R10=ffff88802b537c2b R11=0000000000000000
R12=0000000000000001 R13=ffff88801d2f4880 R14=ffffffff905fd810 R15=0000000000000000
RIP=ffffffff8b46a21f RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88802b500000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000f5105da4 CR3=0000000025a0a000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 2

CPU#2
RAX=fffffbfff2dc459f RBX=fffffbfff2dc45a0 RCX=ffffffff8195363e RDX=fffffbfff2dc45a0
RSI=0000000000000008 RDI=ffffffff96e22cf8 RBP=fffffbfff2dc459f RSP=ffffc900039cf420
R8 =0000000000000000 R9 =fffffbfff2dc459f R10=ffffffff96e22cff R11=0000000000000003
R12=ffff888027e24880 R13=0000000000000100 R14=0000000000000008 R15=1ffff92000739e90
RIP=ffffffff821bc6a1 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88802b600000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000008f000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000f7f76e40 CR3=000000004c084000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 f700585858585858 2e7a7973f740cff4
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 f700585858585858
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff 0f0e0d0c0b0a0908
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 3

CPU#3
RAX=00000000001769fd RBX=0000000000000003 RCX=ffffffff8b468e39 RDX=0000000000000000
RSI=ffffffff8b6ce5c0 RDI=ffffffff8bd2d220 RBP=ffffed100376f488 RSP=ffffc9000049fe08
R8 =0000000000000001 R9 =ffffed10056e6f85 R10=ffff88802b737c2b R11=0000000000000000
R12=0000000000000003 R13=ffff88801bb7a440 R14=ffffffff905fd810 R15=0000000000000000
RIP=ffffffff8b46a21f RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88802b700000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000d6000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000f74c5008 CR3=000000000df80000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000