last executing test programs:

5.640681618s ago: executing program 2 (id=1444):
r0 = socket$inet(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'bond0\x00'})
socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0xe, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x0, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0x3}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0xffffffffffffffff, 0x4}, 0x1}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000002000)=@newsa={0x140, 0x10, 0x633, 0x0, 0x0, {{@in6=@loopback, @in6=@dev}, {@in6=@dev, 0x0, 0x32}, @in=@local, {}, {}, {}, 0x0, 0x0, 0xa}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}, @extra_flags={0x8, 0x18, 0x3}]}, 0x140}}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
memfd_create(&(0x7f0000000280)='/dev/sg#\x00', 0x3)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10138, 0x2, 0x0)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
syz_clone3(&(0x7f00000002c0)={0x8040000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
r4 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
r5 = syz_open_dev$dri(&(0x7f0000000040), 0x0, 0x0)
ioctl$DRM_IOCTL_GET_MAGIC(r5, 0x80046402, 0x0)
ioctl$DRM_IOCTL_AUTH_MAGIC(r5, 0x40046411, &(0x7f0000000000)=0x1)
r6 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_I_WANT_MAPPED_V4_ADDR(r6, 0x84, 0xc, &(0x7f0000000380)=0x2, 0x4)
ioctl$SCSI_IOCTL_SEND_COMMAND(r4, 0x1, 0x0)
ioctl$SG_SET_TIMEOUT(r4, 0x2201, &(0x7f0000000000)=0xc)
r7 = openat$vicodec0(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0)
r8 = epoll_create(0x3)
epoll_ctl$EPOLL_CTL_ADD(r8, 0x1, r7, &(0x7f00000003c0)={0x8000201c})

4.69675278s ago: executing program 2 (id=1453):
r0 = syz_open_dev$radio(&(0x7f00000021c0), 0x1, 0x2)
r1 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_STAT_GET(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000540)=ANY=[@ANYBLOB="2000000011140100000000000000000008004a000200000008004b001300000074bf06337c57f5a9be285ad17f3a98799ccd87b2e57814fff32291a8cc9ba1bbfead1cbe8d2261f9949e8f14f75426d33533d1c8594678cf7b3fea2a2c48661392c5ddb3c41a2ac05901f878"], 0x20}}, 0x40)
r2 = openat$ppp(0xffffffffffffff9c, &(0x7f00000001c0), 0x88802, 0x0)
ioctl$PPPIOCNEWUNIT(r2, 0xc004743e, &(0x7f0000000140))
ioctl$PPPIOCSFLAGS1(r2, 0x40047459, &(0x7f00000000c0)=0x8041040)
unshare(0x62040200)
syz_usb_connect(0x0, 0x24, &(0x7f00000000c0)=ANY=[@ANYBLOB="12011003875b52734b191bdc493c01020301010002d00709048402004af81900"], 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$IP6T_SO_GET_INFO(r3, 0x29, 0x40, &(0x7f0000000000)={'nat\x00', 0x0, [0x1, 0x2, 0x107fe, 0x403, 0xfff]}, &(0x7f0000000080)=0x54)
pwritev(0xffffffffffffffff, &(0x7f0000000b40)=[{&(0x7f0000000bc0)="1eac0ee865e3455eb7170ee0ca1c99dc2894db87431fffffffffffffffff44c96d71839fe4fe2c65a5c4451a9b1f5d45829b5d6ea0412c2c1270f65669ed1426faee4f5f36895c5bf1b2e6fcee20cb09c4fde341d64d545112b0337561746a3e13305babb9ec48f882a878c379fe6d875e7f07387a89f312b6bad63064de873c27e5af3bd5cd3bc90667d7b8ef6ce1527247f3ab66207eb60496bb10b1f383c2971e8fad5d82f12caf73833f9742c670819965dc8f3fd78168ce4ec54816a38bbf80233c", 0xc4}, {&(0x7f0000000740)="43f4b99d23a22a602202f948f09edbffcc9789ac40134c27156923f4d5b460a6aa29748f0517dc1707eeace5c0e818cc3500c6e6d2b181f2963899933e5547e8091c39f0b1585b7bde20d645594750d1e40da21b82f485277bb176cebdd30b271024dbdc4b0ded205ff75eeb32a9bd9b6d0343f6f1dc801a15fa3b28f312a42670ea79fb96e0c29ba94e0c5348e97d53ac7b9b7d34c35eebd11874a716ae988b80aeb54b9f", 0xa5}, {&(0x7f0000000800)="44ee71979f0c12ad69d2c57177045e9ba013bed14b91555ec3ea820f2cea0241879566d22ff6e7637f4ddaa9a85f26982d8e81d2df66756ec458b69ddf7de5f89b446f0790572aeccca2e82b7b922e8be14938fd68c650cb973c70c8a1fd97e3c842e13b9f47db596db4a017c8ac7870b95dfb03aed403ee89ec", 0x7a}, {&(0x7f0000000880)="c34b9aa281af7ec1e04eb6bf35e3016b5748ddff80647617c0bd1d13938f4835121d1dcd7cd8e123fdfc3f478a5d7c12ca6d1194f3c33fd6fd90a0e3a656d08a4d212e6e5c17239030f9be69d70eb5e67b4ad7254a0584c8136d9786d6da2aaa7ca0274c8440e6cadc586656713fde24ce6a87ba575cf5b82c2fdc0ac3897c47515c3a131538be61b6f2cf4e97d9f9150d08091a29ec9dfd45d157c804f222b7f99fbb0a4155ebfd5d024cb52dd7963627d952a0bd1fc32d", 0xb8}, {&(0x7f0000000940)="606d6ea6b26d5d09d903dcd623f217a8e425cd20dbf3ae40a45531b8001300a3b046a136b3da1236c35cd22b0f1e8027fbfc1bf805c8e2471e9e101d04a6afb3115d21826a3af36c1b1f7d7abab26bbfff3bdf7ed54fe2db48ff03a1aa7154d1ed5778aa72ecf1aeb98fbf64f7808f0ce35ba933d3f4924159e952a53e03a240340028811f3d2b8f138e3cb4ddb2fc5c376c5396e4d67536989151ecd8f1d7a3e8de6614ccc29351c6d130c56ce0dfa3984dbdaddc2b6f375fe5177e3c11c562838f61f0377f4949a8909db63c", 0xcd}, {&(0x7f0000000640)="e9f163fba47e56f26fa7f0317092b9373e9bad24d773507007a7f9790e67150d36ce4fd73c2fca1d9c47ab6f4622644c291413b2f6f8945829989ccd6e6d1657822b2104c90454894c9df4a09fc029b2555b3c0bb917bbe9ba7721f895ee527652be5dc45921918e40c834a41536e04ee15b69e60000000000000000000000000000947986ef8666fd2f14264017ac1d34a39f25e2cc6abc1259e9b3d2e212d0d0d6bd4751756845ebb88c6b456545cc862a280d76b3dfd391ef712cf8dee8ff6e9e36f627509f7a877a7ff5a3559a87a8276e002f3afaa4f6d4c594694b96a5278f84c65de86acd0032e76299578b3b323efa593764f44ad41302", 0xfb}, {&(0x7f00000004c0)='-g', 0x2}, {&(0x7f0000000280)="1fe121be5ce8db0e003e5b0bfbe3fe3714b5b6528c17290000", 0x19}, {&(0x7f0000000a40)="286e77f9c282a0ad1067acab735648fbeaa36910582e224dabf285bb7d975699706db6626df22e15edd0c412c069", 0x2e}, {&(0x7f0000000a80)="183a1276b24a812d1dbd657d43117d0b48e3080a69dd84703f13ec092e01ec06cae191d321fa9df15de02f203017b5d8bffcba487d1fb70794f8d55e2074d682f43ca078d2f7f18c282a484b264854234b306bd75a843b24f2ec1a5c10f5d417f02d98ade4ed0f92ea89e1a08549337f0b5a2f7117b8481013cd26a797d9cbe0d26c15a092d12a4848862afdf3372795f2bff9483db337c73b7c38510dede00c74bba491de3d6ccf73b4cda9e1ba3f7e695a92fce73503", 0xb7}], 0xa, 0x5, 0x7fd)
mmap(&(0x7f0000de0000/0x4000)=nil, 0x4000, 0x0, 0x11, r0, 0x9a6df000)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000005c0)=ANY=[@ANYBLOB="18190000090f00080690c45fca22b4fe64a90000f053f942cea30cbc00000e000000850000007d00000095b989133c7f34722c8cd5beacbfde4cf7"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000500)='sys_exit\x00', r5}, 0x10)
rt_sigaction(0x21, 0x0, 0x0, 0x8, &(0x7f0000000000))
accept4(r1, 0x0, &(0x7f0000000040), 0x0)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000000100)={'sit0\x00', &(0x7f00000000c0)={'sit0\x00', <r6=>0x0, 0x700, 0x20, 0x8ced, 0x5, {{0x7, 0x4, 0x1, 0x6, 0x1c, 0x66, 0x0, 0x80, 0x29, 0x0, @multicast2, @empty, {[@generic={0x88, 0x7, "791b3113a3"}]}}}}})
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000002c0)={'ip6gre0\x00', r6, 0x4, 0x8, 0x21, 0x4, 0xc5, @mcast2, @private2={0xfc, 0x2, '\x00', 0x1}, 0x80, 0x80, 0xb, 0x1}})
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000340)={'syz_tun\x00'})
r7 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r7, 0x8933, &(0x7f00000000c0)={'vcan0\x00'})
setsockopt$sock_int(r7, 0x1, 0x6, &(0x7f0000000040)=0x1, 0x4)
r8 = openat$audio1(0xffffff9c, &(0x7f0000000600), 0x2000, 0x0)
ioctl$SNDCTL_DSP_RESET(r8, 0x5000, 0x0)
r9 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r9, 0x8933, &(0x7f0000000000)={'vcan0\x00', <r10=>0x0})
connect$can_j1939(r7, &(0x7f00000001c0)={0x1d, r10, 0x0, {0x0, 0xf1}, 0xff}, 0x18)
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000380)={0x0, @local, @initdev}, &(0x7f00000003c0)=0xc)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000000480)={'syztnl2\x00', &(0x7f0000000400)={'gre0\x00', 0x0, 0x7c1, 0x49, 0x1, 0x101, {{0x12, 0x4, 0x1, 0x3, 0x48, 0x68, 0x0, 0xf8, 0x2f, 0x0, @empty, @loopback, {[@rr={0x7, 0x17, 0x3f, [@rand_addr=0x64010102, @remote, @initdev={0xac, 0x1e, 0x1, 0x0}, @broadcast, @empty]}, @timestamp={0x44, 0x18, 0x65, 0x0, 0x7, [0xf6f1, 0x1ce, 0xfffffffd, 0x4, 0x6000000]}, @ra={0x94, 0x4, 0x1}]}}}}})

4.622201147s ago: executing program 1 (id=1454):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'macvtap0\x00', <r2=>0x0})
r3 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_int(r3, 0x0, 0x21, &(0x7f0000000040)=0x2, 0x4)
sendmsg$nl_route(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000940)=@newlink={0x44, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x215}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r2}]}, 0x44}, 0x1, 0xba01}, 0x0)

4.62200562s ago: executing program 1 (id=1455):
openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) (async)
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TIOCSSOFTCAR(r0, 0x5453, 0x0)
r1 = syz_open_dev$sndpcmc(&(0x7f0000000a00), 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_HW_REFINE(r1, 0xc25c4110, &(0x7f0000000100)={0x0, [[0x0, 0x0, 0x0, 0x0, 0x0, 0x7], [0x20000000, 0x500, 0x4], [0x3]], '\x00', [{0xfffffffe, 0x0, 0x0, 0x1, 0x1}, {0x0, 0x0, 0x0, 0x1}, {0x0, 0xe}, {0x5}, {}, {}, {}, {0x0, 0x10001}, {0x0, 0x42}, {}, {}, {0x6}], '\x00', 0x4b4})

4.552136508s ago: executing program 1 (id=1456):
r0 = socket$pppl2tp(0x18, 0x1, 0x1)
socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r0, &(0x7f0000000000)=@pppol2tp={0x18, 0x1, {0x0, r0, {0x2, 0x4e21, @broadcast}, 0x9, 0x1, 0x6, 0x1}}, 0x26)
r1 = socket$nl_route(0x10, 0x3, 0x0)
capset(&(0x7f0000000080)={0x20080522}, &(0x7f0000000040))
setgid(0x0)
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x900, &(0x7f0000000000)={&(0x7f0000000340)=@newlink={0x3c, 0x10, 0x44b, 0x0, 0x0, {0x7a, 0x0, 0x0, 0x0, 0x1840}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bridge={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BR_MCAST_ROUTER={0x5, 0x16, 0x3}]}}}]}, 0x3c}}, 0x0)
r2 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$L2TP_CMD_SESSION_DELETE(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01002cbd700205e1ffff040000000800090002"], 0x34}}, 0x4000000)

4.551604285s ago: executing program 1 (id=1457):
r0 = openat$vcsa(0xffffff9c, 0x0, 0xb0002, 0x0)
sendmsg$IPSET_CMD_SAVE(r0, &(0x7f0000000200)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000001c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="380000000806050000000000000000000000393429ea93b329a07a32000000000900020073797a32000000000900020073797a3000000000"], 0x38}, 0x1, 0x0, 0x0, 0x1}, 0x81)
mkdirat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
mount$tmpfs(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000001c0), 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="687567653d77697468696e5f73697ae9abfa"])
chdir(&(0x7f0000000280)='./file0\x00')
creat(&(0x7f0000000000)='./bus\x00', 0x4)
r1 = open(&(0x7f0000000780)='./bus\x00', 0x14d0be, 0x48)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600402, 0x7ffffe, 0x4002011, r1, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x48)
r2 = socket$packet(0x11, 0xa, 0x300)
getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x15, &(0x7f0000000280)={@private1}, &(0x7f0000000380)=0x14)
setsockopt$sock_int(r2, 0x1, 0x7, &(0x7f0000000000)=0x9, 0x4)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000007c0)=@newtaction={0x1d78, 0x30, 0x1, 0x0, 0x0, {}, [{0x1d64, 0x1, [@m_police={0x1d34, 0x16, 0x0, 0x0, {{0xb}, {0x1cfc, 0x2, 0x0, 0x1, [[@TCA_POLICE_PEAKRATE={0x404, 0x3, [0x8, 0x3, 0x1, 0x7, 0x5, 0x40, 0x10000, 0x6, 0x0, 0x3, 0x5, 0x6, 0x800, 0x7fff, 0x5, 0x2, 0xf, 0x1, 0x1, 0x1, 0x2, 0x700000, 0x2, 0x6, 0x3, 0x7, 0x9, 0x1b8e, 0x5, 0x8, 0x7, 0x1, 0xfffffff8, 0x2, 0xe, 0xcd2, 0x7, 0x4, 0x0, 0xc, 0xfffffffd, 0x9, 0x0, 0x6, 0x7, 0x0, 0x4, 0x1, 0x2, 0xa876, 0x6, 0x8000, 0x4, 0x5, 0x6, 0x0, 0x5e56dd8c, 0x80000000, 0x80000001, 0xfffffff7, 0x4, 0x8, 0x9, 0xd, 0x401, 0x3, 0x9, 0xffffffff, 0x6, 0x2, 0x8, 0x0, 0xbd3, 0x80000000, 0x6, 0x8, 0x0, 0x13, 0x6, 0x8001, 0x800, 0xc0, 0x800, 0x6, 0xffffffff, 0x7, 0x27, 0x8, 0x4, 0x8, 0x1, 0x3, 0x3, 0x7, 0x3, 0x0, 0xdbcd622, 0x48e, 0x5, 0x7, 0x6, 0x2, 0x200, 0x1000, 0x6, 0x2, 0xb4e, 0x9, 0x5, 0x2, 0xd9, 0x0, 0x0, 0xf9, 0x7, 0x2, 0xf, 0x7f, 0x3, 0x113, 0x2, 0x0, 0x6, 0x9, 0x3, 0x800, 0xa23c, 0x82, 0x58fc, 0x401, 0x0, 0xd0, 0xfffffff9, 0x1e, 0x7, 0x3, 0xffffffff, 0x2, 0x28dc, 0x1e18, 0x1, 0x4, 0x6, 0x5, 0xefa, 0x8, 0x872, 0x80000001, 0x9, 0x15, 0x3, 0x3, 0x80, 0xc, 0x1, 0x6, 0x2, 0xff, 0xcab, 0x10000, 0x6, 0x3ff, 0x7, 0xf, 0x3, 0x5, 0x5, 0x9, 0x3, 0x5, 0x7ff, 0x9, 0x1, 0x6, 0x3, 0x1af4, 0x8001, 0x3a247c1a, 0x1351, 0x1800000, 0xffffff00, 0x5f5ecbb4, 0x1, 0xfffffffd, 0x1, 0x4, 0x2, 0xdd36, 0x8, 0xfffffffe, 0x1, 0x80000001, 0x2, 0x80, 0x7ff, 0x9, 0x5, 0x2, 0x5, 0xfffff800, 0xe, 0x7, 0x3, 0x3, 0x1, 0x2, 0x7, 0x4, 0x7, 0x4, 0x7, 0x80000000, 0x8, 0x3, 0x2, 0x3, 0x5, 0x9, 0xb, 0x80, 0x0, 0xc000, 0xfffffffe, 0x9, 0x4, 0x9, 0x1ff, 0x5, 0x9, 0x5, 0x2, 0x1ff, 0xffff, 0x1, 0xc, 0x8, 0x61, 0x6, 0xd, 0x4, 0xf, 0xfffffff8, 0x1, 0x5b0, 0xf6, 0x9, 0x7, 0x6, 0x8, 0x0, 0xa8, 0xce, 0x4, 0x6, 0x0, 0x4]}, @TCA_POLICE_RATE={0x404, 0x2, [0xb, 0x6, 0x400, 0x8, 0x5, 0x9, 0x80000001, 0x1, 0x0, 0x2, 0x0, 0x8000, 0x8, 0x7, 0x5, 0xb, 0x7f, 0x5f1, 0x2, 0x5, 0x400, 0x381b, 0x8, 0x71, 0x6, 0x7, 0x2, 0x4, 0x1000, 0x4, 0x26, 0xfffffff7, 0x35ce, 0x2, 0x1072, 0x10, 0x1, 0x10, 0x5, 0x9, 0x4, 0xfffffffd, 0x9, 0x9, 0xfff, 0x9, 0x4, 0x10, 0x80, 0x3, 0x2, 0x3, 0x4, 0x1, 0x2, 0x3d, 0xb69a, 0x40, 0x82, 0x2, 0x1, 0x6, 0x1ff, 0x5, 0x3ff, 0x3ff, 0x3, 0x6, 0x4, 0x0, 0x0, 0x0, 0x10000, 0x3, 0x40, 0x3, 0x9, 0x4, 0x9, 0x8, 0x3, 0x33, 0x400, 0x0, 0x7, 0x7, 0x7, 0x9, 0x4, 0x7a, 0xb0e1, 0x9, 0x7c, 0x8, 0x8, 0x7f, 0xdd, 0x40, 0x58000000, 0x1, 0x9, 0x7f, 0xf08e, 0x1, 0x2, 0xa, 0x9, 0x27b8, 0x2, 0x8, 0x5, 0x8ef, 0x6, 0xa5a0, 0x6, 0x9, 0x80000000, 0x6, 0x6, 0x6, 0x6, 0x6, 0x2, 0x2, 0x9, 0x3, 0xab8, 0x9, 0x0, 0x9, 0xfffffe01, 0x3, 0x8000, 0xf, 0x2, 0x704c, 0x100, 0x800, 0xfffffff7, 0x0, 0x3, 0x4, 0x8, 0x3, 0xaa9, 0x5, 0x40004000, 0x2, 0x2, 0x5, 0x1ff, 0xca27, 0x5, 0xc0, 0x7f, 0xfff, 0x10000, 0x2848, 0x336, 0x7fff, 0x3, 0x401, 0x1, 0xe5e, 0x3, 0x5, 0x3, 0x5, 0x7, 0x4, 0x3, 0x80000001, 0x2, 0x6, 0xecda, 0x200, 0x6, 0x6, 0x7, 0x8, 0xc9f, 0x847, 0x41a3f730, 0x80000001, 0x7, 0x33, 0x6, 0x6, 0xa4, 0x23, 0x5, 0xf82, 0x3, 0xfffffffc, 0x7, 0x10000, 0x9, 0x80000001, 0x2, 0x98, 0x8, 0x1, 0x4, 0x3ff, 0x7, 0x6, 0x5, 0x5, 0x4, 0x5, 0x3, 0x0, 0x6a, 0x7, 0xc, 0x3, 0x9, 0x101, 0x8, 0x2, 0x1, 0x0, 0x4, 0x5, 0x8, 0x2, 0x48, 0x9, 0x9, 0x0, 0x0, 0xb, 0x6, 0x0, 0x8, 0x3, 0x3ca, 0x5510, 0x0, 0x8, 0x4, 0x9, 0x4, 0x8, 0x9, 0x5f, 0x1, 0x2, 0x335e, 0x5, 0x6, 0x2, 0x2, 0x3ff, 0x3, 0x8]}, @TCA_POLICE_RATE={0x404, 0x2, [0x8, 0x9, 0x10, 0x8, 0x451c, 0xc00000, 0xffffffff, 0x9, 0x7, 0x80000001, 0x6, 0xe, 0x7, 0x8001, 0x7, 0x2, 0x7, 0x101, 0x7, 0x8, 0x0, 0x8, 0x5, 0x2b4, 0x0, 0x35, 0x8105, 0x6, 0x5, 0x7, 0x0, 0x10, 0x9, 0x69307d37, 0x200000, 0x10000, 0x8001, 0x40, 0x24, 0x13, 0x144, 0x8, 0x4, 0x4, 0x9, 0x7fffffff, 0xdd6, 0x9, 0xb40, 0x3, 0x7f0, 0x1, 0x800, 0x9, 0x6, 0x3ff, 0x0, 0x0, 0x866, 0x101, 0x10, 0x0, 0x3, 0x4, 0x9462716, 0x3, 0x6, 0x0, 0x3, 0x7f, 0x7, 0x6, 0x6, 0x81, 0x2ce1, 0x0, 0x9, 0x6, 0x5, 0x0, 0x3, 0x0, 0x68, 0x7, 0x6, 0x9, 0x200, 0x7, 0xc, 0x6, 0xe, 0x1, 0x0, 0x6, 0x6, 0x1, 0x0, 0x9, 0x7, 0x7, 0x2c1, 0x1, 0x4, 0x9, 0x7, 0xfff, 0x4, 0x8000, 0x3fbb, 0xe, 0xffffff81, 0x6, 0x7, 0x1, 0x1000000, 0x4, 0x1, 0xa24, 0x5, 0xfff, 0x8a, 0x5b56d4b8, 0x3, 0x2, 0x9, 0x80000000, 0x9, 0x2, 0xe, 0x4, 0x2, 0x5076, 0x4, 0x1, 0x8, 0x1, 0x8, 0x59, 0x80000001, 0xfffffffd, 0x87, 0x7f, 0x1ff, 0x8, 0x10, 0xcbe, 0xfffffffd, 0x6, 0x4bd2d5fd, 0xd, 0x7, 0x8, 0x1c2, 0x7, 0x0, 0x400, 0xffff5f74, 0x7, 0x5, 0x7f, 0x5, 0x1, 0x7, 0x7fff, 0x100, 0x9, 0x8746, 0x1000, 0x2, 0xa5, 0x8, 0xa61, 0x2, 0x6, 0x0, 0x6, 0xfffffffa, 0x6, 0x4, 0x7bce, 0x5, 0x200, 0x80, 0xffffffc0, 0xffff, 0x45, 0x2, 0x0, 0x5, 0x5b6, 0x0, 0xda, 0x2, 0x7f, 0x7a5, 0x1ff, 0x6c83, 0xfffffff7, 0x8, 0x80, 0xfff, 0x8000, 0x7, 0x5, 0x400, 0x3, 0x8, 0x0, 0x0, 0x7, 0x80, 0x7f, 0x10, 0x0, 0xea, 0x9, 0x5, 0x0, 0x9d18, 0x2, 0x9, 0x6a, 0x9087, 0x10001, 0x3, 0x9, 0x6, 0x10000, 0x4, 0x0, 0x5, 0x8, 0x15, 0x1, 0x2, 0x3, 0x401, 0x8, 0x9, 0x4, 0x9, 0x101, 0x2, 0xc1, 0x3, 0x10001, 0x200, 0x9, 0xe0, 0x4, 0x4, 0x8, 0x3, 0x29, 0x8, 0x7]}, @TCA_POLICE_AVRATE={0x8, 0x4, 0x3}, @TCA_POLICE_RATE64={0xc, 0x8, 0x7}], [@TCA_POLICE_AVRATE={0x8, 0x4, 0x10}, @TCA_POLICE_RESULT={0x8, 0x5, 0x6}], [@TCA_POLICE_RATE={0x404, 0x2, [0x4, 0x354b9a98, 0x3, 0x7, 0x6, 0xc44d, 0x5, 0x8, 0x8d, 0x1, 0x9, 0x8001, 0xffffff80, 0x2, 0x0, 0xa, 0x2, 0xfffffffb, 0x0, 0x4, 0x9, 0x18, 0x5, 0x5, 0x9, 0x9, 0x3, 0x3, 0x4, 0x6, 0x1, 0x2, 0x2, 0x3, 0x5, 0x0, 0xd5dbf62, 0x6, 0x9, 0x7f, 0x1, 0x7, 0x4, 0x200, 0x0, 0x6, 0x5, 0x5, 0xa14, 0x35, 0xc, 0xfffffff9, 0x3b643ad1, 0xffffffff, 0x6, 0x8, 0x1, 0x7, 0x9, 0x4e2a, 0xcba, 0x4, 0xb, 0x3ff, 0x9, 0x2, 0x3, 0x2, 0x8, 0x7ff, 0xa, 0xc, 0x3ff, 0x7, 0x6, 0x400, 0x8, 0xfffffffa, 0x3, 0x2, 0xacf5, 0x83, 0xc8a3, 0xfff, 0x2, 0x4, 0x3, 0x0, 0x1c000, 0x800, 0x4cdb08bd, 0xfffffff9, 0xaba, 0xfffffffd, 0x80, 0x1, 0x0, 0xe, 0x4, 0xfffffffb, 0x1, 0x800, 0xf807, 0x1, 0x7, 0x3, 0x8, 0x1ff, 0x0, 0x2, 0x763, 0xd, 0x6, 0x81, 0xff, 0x8, 0x8000, 0x9, 0x7356, 0x1, 0xb611, 0xcf06, 0x2f, 0x1000, 0x9, 0xffffff84, 0x0, 0x6abc, 0x0, 0x6, 0x76, 0x2, 0x1, 0x1, 0x0, 0x9, 0x4, 0x0, 0x7ff, 0x2, 0x6, 0x1400000, 0xcf, 0x7, 0x5c, 0x0, 0x9, 0x5, 0x0, 0xffff, 0x0, 0xffffffff, 0x5, 0x3, 0x1, 0x5, 0x6, 0x5, 0x3d7, 0xffffddec, 0x22, 0x8, 0x7ff, 0x0, 0x7fff, 0x7, 0x4, 0x4, 0x8, 0x80000001, 0x7, 0x8, 0x8, 0x1ff, 0xfffffff8, 0x4, 0xfff, 0x1, 0x2, 0xee1, 0x6, 0x400, 0xfff, 0x5, 0x8, 0x91, 0xab8, 0x8, 0x8, 0x1, 0x7f, 0xffff, 0x40, 0xfffffff7, 0xfffffffd, 0x3, 0x2, 0xc1c, 0x3, 0x1ff, 0x6, 0x9, 0x102, 0xffffffff, 0x1000, 0x4, 0x6ec, 0x9, 0x5, 0xfffffffa, 0xfff, 0x7f, 0xf8ac, 0x80, 0x5, 0x88, 0xccb, 0x0, 0xfffffffe, 0x800, 0x6914, 0x8, 0x401, 0x0, 0x2, 0x25, 0x40, 0x8, 0x101, 0x80, 0x100, 0x9, 0xe57f, 0x8, 0x4, 0x2, 0x9, 0xfe, 0x2, 0x7f, 0x7, 0xfffff1af, 0x7, 0x6, 0x81, 0x326, 0x8, 0x4, 0x5, 0x3, 0x2, 0x0, 0x8, 0xee, 0xff, 0xffffffff]}, @TCA_POLICE_TBF={0x3c, 0x1, {0x94, 0x2, 0x8, 0x3, 0x7fff, {0xcf, 0x1, 0x15db, 0x6, 0x9, 0x2}, {0x0, 0x1, 0x7f, 0x0, 0x9, 0x3}, 0x0, 0x6, 0x9}}], [@TCA_POLICE_TBF={0x3c, 0x1, {0x5, 0x20000000, 0x4, 0x2, 0x7, {0x6, 0x1, 0xb9d, 0x9, 0x3, 0x80000001}, {0x35, 0x0, 0x5, 0x4, 0xc, 0x10001}, 0x0, 0x9, 0x1}}, @TCA_POLICE_RESULT={0x8, 0x5, 0x7}, @TCA_POLICE_AVRATE={0x8, 0x4, 0x43a}, @TCA_POLICE_AVRATE={0x8, 0x4, 0x1}, @TCA_POLICE_AVRATE={0x8, 0x4, 0xe4}, @TCA_POLICE_RATE={0x404, 0x2, [0xe0000, 0x2, 0x1, 0x59, 0xff, 0x10000, 0x80000001, 0x29, 0x7, 0xffffff01, 0x3ff, 0x1, 0xf, 0x7, 0x3, 0x8, 0x6, 0x91c9, 0xa1df, 0x1, 0x0, 0x400, 0x7, 0x8, 0x6, 0x8, 0x482605c9, 0x6, 0x0, 0x6, 0x4, 0x9, 0x0, 0xec, 0x6, 0x3, 0x9, 0x5, 0x5, 0x5, 0x400, 0xb27, 0x8001, 0x5, 0x2, 0x6, 0x82, 0x0, 0x0, 0x2, 0x480000, 0x1, 0x6a, 0x6, 0x400000, 0x7, 0x3, 0x6, 0xffffffff, 0x1, 0x4, 0x5, 0x3, 0xfffffffe, 0x80, 0xfffffe01, 0x6, 0x6, 0x3, 0xdee3, 0x1, 0x8, 0x0, 0x6, 0x4, 0x3, 0x2, 0x3, 0x7, 0x3ff, 0xae2, 0xff, 0x7, 0xff, 0x4b, 0x9, 0x80000001, 0x3, 0x6, 0xd, 0x5, 0x2, 0x5, 0xdd38, 0x10000, 0x0, 0x9, 0x2, 0x8, 0x984, 0x1fd, 0xa8, 0xc729, 0x6, 0x4, 0x8b24, 0x3, 0x6, 0xc0, 0xa3, 0xe, 0x35645c6e, 0xc36, 0x7, 0x2, 0x9, 0x0, 0xfffffffb, 0x9461, 0x7, 0x5, 0x8, 0x200000, 0xfd, 0x2, 0x1b, 0xd, 0x1b5c0, 0x7, 0x7, 0x9, 0x9, 0x4, 0x6, 0x8, 0xfffffffa, 0x2, 0x7fffffff, 0xc1, 0x4, 0x7fff, 0xff, 0x2, 0xa39a, 0xb, 0x100, 0x9, 0xa, 0x6, 0x6, 0xe38, 0x3ff, 0x800, 0x8000, 0x3, 0x5d, 0x564, 0x1ff, 0x9, 0x2, 0xfff, 0x7, 0x7, 0x7, 0xe, 0x200, 0x4, 0x3ff, 0x1, 0x10, 0x8, 0x1, 0x9, 0xd3, 0x65, 0x1, 0x9, 0x2, 0x1, 0x7ff, 0xffffffff, 0x1b, 0xffff, 0x9, 0x1000, 0x6, 0x3, 0x9, 0x0, 0x9, 0x5, 0x2d6, 0x2, 0x7, 0x2, 0x1, 0x8, 0x0, 0x5, 0xa3, 0x80000001, 0x7fff, 0x9, 0xdd, 0x5, 0x0, 0x4, 0x9, 0x4, 0x2, 0x8, 0x3, 0x2, 0x5, 0x5, 0x0, 0x0, 0x9, 0x1, 0x6, 0x2, 0x8, 0x0, 0x4, 0x6, 0x1, 0x180, 0xffff, 0x0, 0x8, 0xbb9, 0x6, 0x5, 0x7, 0x9, 0x1cf5, 0x0, 0x6, 0x6, 0x5, 0x9, 0xa89, 0x5, 0x8, 0x6, 0xbb, 0x696b, 0x2, 0x8, 0x6, 0x4, 0x0, 0x3, 0x40, 0x2]}], [@TCA_POLICE_RATE={0x404, 0x2, [0xffff1e35, 0x5, 0x7db, 0x4, 0x6, 0x0, 0xef3, 0xffffff00, 0x8, 0x449e71f0, 0x6, 0xf32, 0x30, 0x9, 0x0, 0x80000000, 0x7, 0x9, 0xb, 0x6, 0x1, 0x1728, 0x7, 0xf, 0x9, 0xf7, 0x9, 0xd4e2, 0x889b, 0x3ff, 0x8, 0x1, 0xff, 0x7, 0x8, 0x4, 0xc000, 0x4, 0xc29, 0xfffffffb, 0xc5, 0x4, 0x7, 0x6, 0x8, 0x1ff, 0x1, 0x7a, 0x7fff, 0x7, 0x2, 0x5, 0x39c8, 0xff, 0x6, 0x7fff, 0x6e27, 0x80, 0x14da, 0x8, 0x8000, 0x3, 0xc, 0x100, 0x3, 0x9, 0x8, 0x6, 0x5, 0x2, 0xe74, 0x1, 0x8, 0x69, 0x5, 0x3, 0x0, 0x8, 0x4, 0x1, 0xb4, 0xdb5, 0x6, 0x8, 0x0, 0x81, 0xffffffff, 0x3ff, 0x4, 0x1, 0x3080, 0x8, 0x5, 0x3, 0x233d, 0x5, 0x4, 0x0, 0x8000, 0xd9c, 0x9, 0xfffffffe, 0x8, 0x4, 0x2, 0x68a238d7, 0x101, 0xffff, 0x10, 0x5, 0x235, 0x4, 0xb, 0x3, 0x1, 0xffffffff, 0x8, 0xffff8001, 0x1, 0xea, 0x400, 0xb, 0x6, 0x80, 0x1, 0x4, 0x5, 0x3, 0x3ff, 0x8, 0x2, 0x33a, 0x4, 0x1, 0x9f, 0x8, 0x6d3, 0x6, 0x1, 0xe2d, 0x9f, 0xf619, 0x6, 0x6, 0x7, 0x2, 0x2, 0x6, 0x2, 0xfd, 0x8, 0x4, 0xffffffff, 0x6, 0x7, 0xffffffb1, 0x7, 0x5, 0x1, 0xffffffff, 0xe, 0xfffff800, 0x5, 0x2, 0x6, 0x0, 0xa62, 0x3, 0x0, 0x1, 0x9a0, 0x800, 0x7, 0x2, 0x400, 0x6173, 0x0, 0x5, 0xfffffe01, 0x7, 0x4, 0xb0c, 0xf0, 0xc, 0xffffffff, 0xdf66, 0xfffffff8, 0x4, 0x9, 0x6, 0x10001, 0x0, 0x3, 0x800, 0xaeaa, 0x3, 0x2, 0x80000001, 0x5403, 0xfe, 0x0, 0x8, 0x0, 0x8, 0x100, 0x4, 0x80000000, 0x509, 0x3, 0x6, 0x7, 0x0, 0x80000001, 0x8000, 0x8, 0x2, 0x1, 0x800, 0x7fff, 0x6, 0x800, 0x0, 0x9, 0x6, 0x1, 0x8, 0x2, 0x6, 0x4, 0x6, 0x0, 0xfffffff9, 0xb3, 0x2, 0x1, 0x0, 0x3, 0x8001, 0x9, 0x7, 0x2, 0xd94, 0x0, 0xb, 0xfffffff8, 0x1, 0x9c14, 0x8, 0x9, 0x365, 0x1, 0x7, 0x4, 0x2, 0x0, 0x1]}, @TCA_POLICE_AVRATE={0x8, 0x4, 0xfffffffe}, @TCA_POLICE_RATE={0x404, 0x2, [0x80, 0x0, 0x54, 0x0, 0x3, 0x3, 0xfffffff1, 0x6, 0x1, 0x55, 0x2, 0xfffff79b, 0x802, 0xffffff56, 0xcd, 0x7, 0x3ff, 0x574, 0x0, 0x4, 0x4, 0x7, 0x8, 0x4e, 0x0, 0x8, 0x10, 0xff, 0x0, 0x2, 0x6, 0x7, 0xfffff993, 0x4, 0x1, 0x7, 0x8, 0xf50, 0x9, 0x3, 0xf0c, 0x100, 0xfc7, 0x2, 0x7, 0xedc, 0xff, 0x4, 0x7, 0x8, 0x4, 0x8, 0x956, 0x2, 0x1, 0x3, 0x8, 0x3717, 0x7, 0x344, 0x80000001, 0x6, 0x10, 0x7d, 0x4, 0x7, 0x8, 0x13, 0xfffffff9, 0x0, 0xfffffff8, 0x9, 0x9, 0x6, 0x0, 0xfffffff6, 0x6, 0x4, 0x7f, 0x4, 0x81, 0x2, 0x1, 0x81, 0x8, 0x2, 0x3d914c64, 0x99, 0xfffffffb, 0x89, 0xf, 0x800, 0x4, 0xa34, 0x401, 0x9, 0x80000, 0x7fff, 0x4, 0x2, 0x6, 0x800, 0x6c, 0xd, 0xff, 0x7640, 0x4, 0x1, 0x0, 0x1, 0x8, 0x4ba, 0x5, 0x7, 0x7ff, 0xfff, 0xeeb6, 0x68fc, 0x6a, 0x5f, 0xfffffff7, 0x5, 0x1ff, 0x296, 0xffffa0e8, 0x9, 0xd0, 0x8, 0x7, 0x31201dca, 0x910, 0x3f, 0xfffffe01, 0x67, 0x1, 0xc2400000, 0x0, 0x4, 0x791b, 0x3, 0x2, 0x7, 0x2, 0x0, 0xd, 0x8, 0x81, 0x5, 0x2, 0x8b, 0x6, 0x2, 0x6, 0x9, 0x1, 0xffffff81, 0x8, 0x0, 0x6, 0x8, 0xe, 0x3ff, 0x6, 0x5, 0x1ee13ef5, 0xff, 0x6, 0xd8, 0x4, 0x9, 0x0, 0x40, 0x81, 0x7f, 0x2, 0x10000, 0x8, 0x8, 0x2, 0x2, 0x10, 0x5, 0x80, 0x5, 0xffff, 0x6, 0x2, 0x928, 0x7, 0x9, 0x2, 0x2, 0x7ff, 0x1, 0x4, 0x400, 0x4, 0x3, 0xfffffff7, 0x2, 0x0, 0x7, 0x6, 0x9, 0x1, 0x2, 0x7, 0x8, 0x7, 0x6, 0x1, 0x2, 0x5, 0x4, 0x101, 0x5, 0x10000, 0x8, 0x7, 0x8000, 0xf, 0xb, 0x0, 0xd, 0x7, 0x0, 0xa, 0x3, 0x143f, 0xcf2e, 0x6, 0x1, 0x5, 0x5, 0xffff, 0x7, 0x4c6, 0x2, 0x2000, 0x2, 0x6, 0x0, 0x81, 0x1000, 0x10, 0x8, 0x2, 0x9, 0xcc, 0x2, 0x0, 0x0, 0x0, 0x5, 0x8, 0x7]}, @TCA_POLICE_PEAKRATE64={0xc, 0x9, 0x6}, @TCA_POLICE_RATE64={0xc, 0x8, 0x4}]]}, {0x10, 0x6, "c5669af097c11a467c24eb34"}, {0xc, 0x7, {0x1, 0x1}}, {0xc}}}, @m_ife={0x2c, 0x3fff, 0x0, 0x0, {{0x8}, {0x4}, {0x4}, {0xc}, {0xc}}}]}]}, 0x1d78}, 0x1, 0x0, 0x0, 0x20000805}, 0x8000)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
clock_adjtime(0xffffffd3, &(0x7f0000000340))
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000440)=ANY=[@ANYBLOB="140000002500010000", @ANYRESOCT=0x0], 0x14}], 0x1, 0x0, 0x0, 0x400048c0}, 0x0)
syz_emit_ethernet(0x3e, &(0x7f0000000180)=ANY=[@ANYBLOB="aaaaaaaaffffffff0800450000300000000000a799550c0bd7c3021414aa0300907803000000450000000000000000330000000000000000000005473d78"], 0x0)
socket$packet(0x11, 0x3, 0x300)
socket$pppoe(0x18, 0x1, 0x0)

3.601865272s ago: executing program 1 (id=1460):
r0 = syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x802)
ioctl$EVIOCGBITSW(r0, 0x40044590, &(0x7f0000000300)=""/240)
ioctl$EVIOCGRAB(r0, 0x40044590, 0x0)
syz_emit_vhci(0x0, 0x0)
io_uring_setup(0x23ef, 0x0)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r1 = openat$sequencer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$SNDCTL_SEQ_NRSYNTHS(r1, 0x40045108, &(0x7f0000000040))
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r2 = openat$kvm(0xffffff9c, &(0x7f0000000240), 0x20000, 0x0)
ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x200000000000011, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'bridge0\x00', <r5=>0x0})
sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000104000000000001000000000000", @ANYRES32=r5, @ANYBLOB="00000000400000000985cf2792b71ff7ee000164676500000c00028005002d0000000000bf50da22693f075e103e210c987e583401887e10"], 0x3c}}, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x2, @pix_mp={0x0, 0x0, 0x32315258, 0x0, 0x6, [{0x0, 0x1000000}, {0x12, 0xd5a}, {0x4000000}, {0x100}, {0x0, 0x7}, {0x0, 0x9}, {}, {0x0, 0xc}], 0x20}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000000), 0xffffffffffffffff)
syz_genetlink_get_family_id$ieee802154(0x0, 0xffffffffffffffff)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r6, &(0x7f0000019680)=""/102392, 0x18ff8)
r7 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r8 = dup(r7)
write$UHID_INPUT(r8, &(0x7f0000001980)={0x9, {"a2e3ad214fc752f91b2909094bf70e0dd038e7ff7fc6e5539b324c078b089b32333b6d1a0890e0878f0e1ac6e7049b076d959b669a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b31300d076d0936cd3b78130daa61d8e809ea889b5802b77f07227227b7ba67e0e78669a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae19397d696d0d758f2dc7d1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000002335875271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1fe90a56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617601000000be70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d595a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9980000000b3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6c82fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c2021d653a5520000008213b704a5000000000000008ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc94681359bad8deff4b05f60cea0da7710a80000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4e38a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f347cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea56777e001cd34e5cb2f76cc4c24eeb8bc4e9ac2bed9e53803edf1a4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4ceb360c7e658828563e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b4bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034e00000000ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf054135bbafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c478b095b68441a34cb51682a8ae4d24ad92f243941ed274549b79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd731a0bfc1cb1a4c78f9ef799cf0630becdbe6c4579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93ae62fccfcbb2b75a2183c46eb65ca8124e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43e4fb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e01feffffffffffff83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369d75f2e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aa01b20f7694a00f16e2d0174035a2c22656dc00880acebdbe8ddbd75c2f998d8ac2dfad2ba3a50200000045a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe2907ac0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf463661c953fcad6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7cd419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b01979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaeecf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6ea94f88a4facfd4c735a20307c737afae5136651b1b9bd522dcb399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a37684f4113c48859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c105000000302a808d7f5251440613d17ca51055f2f416a44fe180d2d50c312cca7cb14a20dc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb40100000006376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab83c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7ceec7dc808bf653639d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a602000000000000007007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00303000000000000007fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf6529006c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6522fb5f6ffcdd56fed88935fcb75912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae233a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a5bd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08008897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e49336d07c2b80c1c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57fa9c0fe662a46b7f71cd47744db86c50b704c98ad90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe360500000000000000b77940b5f07722e47a08d3679507000000000000934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1062dfa13bdc1fa7cfaadba80900000000000000d0be53f8d2a1df0d07b3d5bd3b01faffd0addbed2881a9700af561ac8c7e36bb2fc4c40e9c766c06817bb903729a7db6ff957697c9ede7885d94ffb0759be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c1484d2f9c55f4901203a9a8a2c3e90f39c3dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600", 0x1000}}, 0x1006)

2.625052808s ago: executing program 1 (id=1465):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = creat(&(0x7f0000000340)='./file0\x00', 0x14)
close(r1)
r2 = getpid()
syz_open_dev$tty1(0xc, 0x4, 0x1)
r3 = syz_pidfd_open(r2, 0x0)
mount$9p_fd(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r3])
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f00000001c0))
syz_usb_connect(0x2, 0x24, &(0x7f0000000200)=ANY=[@ANYBLOB="12011001fbe25e085f0511c2e49b0102030300ea0904910b00c3dcea0900000000000000"], 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000003c0)={'wlan0\x00'})
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000)
r4 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000240)={'geneve1\x00', <r5=>0x0})
r6 = socket$inet_udp(0x2, 0x2, 0x0)
r7 = syz_open_dev$evdev(&(0x7f00000000c0), 0x1, 0x800)
ioctl$EVIOCGBITSW(r7, 0x80404525, &(0x7f0000000100)=""/136)
r8 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r8, &(0x7f0000000440)=@pppol2tp={0x18, 0x1, {0x0, r6, {0x2, 0x1, @remote}, 0xa}}, 0x26)
getresgid(&(0x7f0000000040), &(0x7f0000000180), &(0x7f00000016c0))
r9 = socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000440), 0xffffffffffffffff)
ioctl$EVIOCGKEYCODE_V2(r7, 0x80284504, &(0x7f0000000500)=""/229)
sendmsg$L2TP_CMD_SESSION_GET(r9, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000300)={0x30, r10, 0x1, 0x0, 0x0, {0x7}, [@L2TP_ATTR_SEND_SEQ={0x5}, @L2TP_ATTR_IFNAME={0x14}]}, 0x30}}, 0x0)
setsockopt$packet_int(r4, 0x107, 0xf, &(0x7f0000000140)=0x8, 0x4)
sendto$packet(r4, &(0x7f0000000340)="05030006e8fe091c6202a0ffffffff0060030000000088fb143488a87f43055762cb80948864113b022543424aa608", 0xfef2, 0x0, &(0x7f0000000a80)={0x11, 0x88a8, r5, 0x1, 0x0, 0x6, @multicast}, 0x14)
socket$nl_generic(0x10, 0x3, 0x10)
sendto$packet(r4, &(0x7f0000000000)="e771b2480fb62ebb2565579058912fea19ac3b20c71817304f1d253132db89450101921834c37dcf050ffaa46d8a9f9f95fba12cc600471050dc3a8fa00731", 0x3f, 0x800, &(0x7f00000000c0)={0x11, 0xf8, r5, 0x1, 0x6, 0x6, @broadcast}, 0x14)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
socket$inet6_tcp(0xa, 0x1, 0x0)

2.041492707s ago: executing program 0 (id=1466):
r0 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r0, &(0x7f0000000400)={0x18, 0x0, {0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}, 'lo\x00'}}, 0x1e)
r1 = socket$pppoe(0x18, 0x1, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x16, 0x0, 0x4, 0x7, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0x101442, 0x0)
r4 = dup(r3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000002, 0x13, r4, 0x1e)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000005c0)={0x3, 0xc, &(0x7f00000004c0)=ANY=[@ANYBLOB, @ANYRES32=r2, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000180)='workqueue_activate_work\x00', r5}, 0x10)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000180)='workqueue_activate_work\x00', r6}, 0x10)
socketpair(0x1e, 0x1, 0x0, &(0x7f0000000040)={<r7=>0x0, <r8=>0x0})
close(r7)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@bloom_filter={0x1e, 0x2, 0x3, 0xffff8001, 0x117, 0xffffffffffffffff, 0x1, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x3, 0x3, 0xf, @void, @value, @void, @value}, 0x48)
setsockopt$sock_attach_bpf(r8, 0x10f, 0x87, &(0x7f0000000180), 0x4bd)
connect$pppoe(r1, &(0x7f0000000080)={0x18, 0x0, {0xd, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}, 'veth1\x00'}}, 0x1e)
r9 = openat$ppp(0xffffffffffffff9c, &(0x7f00000000c0), 0x40a40, 0x0)
ioctl$PPPIOCATTCHAN(r9, 0x40047438, &(0x7f0000000040)=0x2)
ioctl$PPPIOCBRIDGECHAN(r9, 0x40047435, &(0x7f0000000200)=0x1)
r10 = socket$netlink(0x10, 0x3, 0x0)
writev(r10, &(0x7f00000003c0)=[{&(0x7f0000000300)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1)

2.040843538s ago: executing program 0 (id=1467):
r0 = socket$packet(0x11, 0x3, 0x300)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), r1)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000000)={'wlan1\x00', <r3=>0x0})
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000001000000850000000e000000850000000500000095"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000040)='sys_exit\x00', r4, 0x0, 0x4}, 0x18)
getgroups(0x0, 0x0)
sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000000c0)=ANY=[@ANYBLOB="98030000", @ANYRES16=r2, @ANYBLOB="010028057000fcdbdf253b00000008000300", @ANYRES32=r3, @ANYBLOB="04008e00080057001b0a000004006c000500190107000000080026006c0900005603330080b0c000ffffffffffff0802"], 0x398}}, 0x0)

1.961283247s ago: executing program 0 (id=1468):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000400)=@newtaction={0x118, 0x30, 0x1, 0x70bd28, 0x0, {}, [{0x104, 0x1, [@m_xt={0xb8, 0x1c, 0x0, 0x0, {{0x7}, {0x38, 0x2, 0x0, 0x1, [@TCA_IPT_TABLE={0x24, 0x1, 'raw\x00'}, @TCA_IPT_INDEX={0x8, 0x3, 0x80000000}, @TCA_IPT_HOOK={0x8, 0x2, 0x2}]}, {0x5a, 0x6, "52afb010bb8666f5154e1fac5c71183dd75c010ed3bd6d8f960293ea8faaa2b8c195ccad001421f9676766af8b98e6d0195ad4f3c34827a63ebb1a61361f6472c8e65d61e8c480e31e0571c9c3fd30d8930ce31b4a24"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x2, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x80000000, 0x0, 0x0, 0x0, 0x40000}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x118}, 0x1, 0x0, 0x0, 0x804}, 0x20048001)
syz_genetlink_get_family_id$nfc(&(0x7f0000000100), 0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f000010e000/0x3000)=nil, 0x3000, 0xb635773f06ebbeef, 0x50, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$kcm(0x10, 0x2, 0x0)
r4 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r4, 0x1, &(0x7f0000000b40)='source', &(0x7f0000000040)='c:::\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40010}, 0x10)
tkill(0x0, 0xb)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f0000003880)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-512-ce\x00'}, 0x58)
sendmmsg(0xffffffffffffffff, &(0x7f0000009640)=[{{0x0, 0x0, &(0x7f0000001980)=[{&(0x7f00000013c0)="62040a", 0x3}], 0x1}}], 0x1, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='fd=', @ANYRESHEX, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB, @ANYRESDEC=0x0])
sendmsg$nl_xfrm(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000001100)=ANY=[@ANYBLOB="ec000000210001000000000000000000fc0200000000000000000000000000006401010200000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000009c001100ac1414aa0000000000000000000000007f000001000000000000000000000000f9880000000000000000000000000101fe8000000000000000000000000000aa3c0400000200000002000a0000000000000000000000ffff7f000001fc02000000000000000000000000000064010102000000000000000000000000fc0200000000000000000000000000003c040000000000"], 0xec}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x2, &(0x7f00000000c0)=[{0x6, 0x0, 0x0, 0x7fff0000}, {0x400, 0xd, 0x2, 0x3}]})
r6 = socket$inet(0xa, 0x801, 0x84)
listen(r6, 0x8)
ioctl$F2FS_IOC_GET_COMPRESS_OPTION(r6, 0x8002f515, &(0x7f0000000040))

1.858711473s ago: executing program 3 (id=1469):
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x121602, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000003c0)=0x14)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000640)=ANY=[@ANYBLOB="3c0000001000850600000000ff6122314a000800", @ANYRES32, @ANYBLOB="00001000252155b21c0012000c000100626f6e64000000000c0002000800010001"], 0x3c}}, 0x40000)
sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000680)=ANY=[@ANYBLOB="700000001000030500000000fcdbdf2500000000", @ANYRES32=0x0, @ANYBLOB="00000000041000004800128008000100677265003c000280060002000500000008000600ac1e000106000f000d00000006000f00050000000500170001000000050017000000000008000700e000000108000a00", @ANYRES32], 0x70}, 0x1, 0x0, 0x0, 0x800}, 0x4000)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000002c0)={'wlan0\x00', <r4=>0x0})
r5 = memfd_create(&(0x7f00000005c0)=' \xc76\xbe\x91\x8d\x182)!\x9a%\xa2\xd28\xd6\x06\a\x0e\xfc\xfe\x12\x8f&\x13\xae%@T\xa3\xb0>\\\xec\xa9\xf9Q@6A\x10\x8cn|\x00\x00\x00\x00\x00\x00\x00\x00r\xbb\xdd\xe8\x87\x05=\xfb\x8b}\xfc\x1d\x03\xe1\xfcm\x9b\xf7fo\"i\xa1hk\x1f\xf5z\xc1\x7f\xa4\\]\xc4\xbe3\xf9\xa8\t?:\xd8\xda\x84\xeepI[\x1c\x00\x00\x00\x00\xf9v\x00\x00\x00\x00\x00T\xb6\xbe\x0f~\xc0\x92\xe9O{\xa8\x81(\x01\x14\xfc\x83\xf9\xfb\x05\x94T\x81@Lq]\xf9\x15zj\x87\xc4\x8e\xe8/\xb9-&R\x8e\xb2\xb3bBx\x1e1\x18\x8f\x19\xf7]#\xed,\xc7\x11\tp\xf4\xa3\xee\x00\x00\x00\x00\'}\x18\xe8O\xa8#K\xb6\xe4U\x92\xd2\x9d\xb8<X\xfa\xdd\x8a6\xa1\x82\xf7r\xd8z\x85\x8do\xa5\xed\xd4\xbc8U\x1e\xf2tl8\xfe\xd0\x94\xfe\xf5\x1c+\x00U\te\xfa6\xca\xb9\xb4Q\xd9\xee\r6\x861h{\xc7z\'F\xc7\x91\x06x\xe1`\xf1:\xcf+\xd5\f\xb2\xce\xa4\x06\x90\x90\x9b\x1d\xcaa\xf7\x8f\x9e\x80\x93\xafT\xdfl\xec\xc6\x8e\x96\r[n\xc6\x99\x1fr<\x06\xb3\xbcT\x00\xda6\x18/\x18l\xc1\x81\x8e8L\xcb*S_\xd0:\xa4V\xbd\xf1\xa4\x955\xa9\x9d\xe0\x9b\xd3\x95\xc88n:\x89>?2\xc8\xe7kovd\xa4\x1bl+\x14\x17\x14\x17C2! U\x04:\xd93F\xb9\xfc\x1b\xfd}\x05\xf9\x11\xf3)>q\x10\xd3\xf0\xaf>\xf8t(bX\xe3g\x05\xfe\b\xbcy\x95*\xca\a\xaf\xbb\xf9\xc3Y\xa2\x91\x90.\xc8\xbe\xb0\xa6\xbd\xbd\xfd\xfaf*\xb2&\x82\xa0\x17\xe7)\xf5\xa2\xccv\n\x1b\xd4\xf4\x11*\xc9\xc6*\xa4.\x94[$\xb8\xb3Q\xde\xd8A\xa4~c,`\x02\xb8\x01r\x89\x82\x13\xd0}C7\xfb\xf2\tM\x1e\xe9\xa5\v\xc5\xba(\x89\xb0l\x92H\x1cR\x1f>\xc4ie\xe0B\xf0[\xe2\xe1\x12\x1d\x8fR&\xd1\xa6#\xda.\x0f\xd7\xd7\xa4\x90\x14\x92I\xf82&\x16<\xf2RR\xc2\x02.Q\xef\x85\xef\xf9\xe5\x00\xe9\xca\xb1\x8c\x11\x11l\x9f\xc8\b\xf7A\xa6\x81\xad\xdc\x95\xc8\xef\x102\xa8\x87\x01\x00\\\xfee \n0F\xbc\x85\xc5C\xd0\x99\xe4\t\xab`\'t\xc2\xe9\x13\xcag\xea\xb3\xb5\x92\x00J\xc6y\x05\xcc\xde\xa0\xf6\xb9 \xe5\xdd\f\x18\xfc\xe0\xc3(\xd8\xeb\x1a6\xe6\xfa\x93\xc07R\x0f-\x9e\xf3\x87E\xa3\xd5o\x1bA\x88L/\xe7>45Q?\be\x7f\xa9\x9a\xcae\xd8Y\xdf]\x1bS\x825\xcb\x00\xa4}\x97\x84T\xad\x9b\x1e!\x8a\xbc\x02+#Q\xa9 \xe9\x05r\xe1\xec\x0f\xa7\xe6Of\x95\x02{', 0x4)
ftruncate(r5, 0x400000)
sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000100)=ANY=[@ANYBLOB='H\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="0100fcffffff050000003b00000008000300", @ANYRES32=r4, @ANYBLOB="2c003300d0000000080211000001080211000000505050505050"], 0x48}, 0x1, 0x0, 0x0, 0x4}, 0x90)

1.742146662s ago: executing program 3 (id=1470):
r0 = socket$l2tp6(0xa, 0x2, 0x73)
bind$l2tp6(r0, &(0x7f0000000000)={0xa, 0x0, 0x1, @empty, 0x0, 0x3}, 0x20)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$L2TP_CMD_TUNNEL_CREATE(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)={0x5c, r2, 0x917, 0x0, 0x0, {}, [@L2TP_ATTR_PROTO_VERSION={0x5}, @L2TP_ATTR_CONN_ID={0x8}, @L2TP_ATTR_IP6_DADDR={0x14, 0x20, @ipv4={'\x00', '\xff\xff', @loopback}}, @L2TP_ATTR_PEER_CONN_ID={0x8}, @L2TP_ATTR_ENCAP_TYPE={0x6, 0x2, 0x1}, @L2TP_ATTR_IP6_SADDR={0x14, 0x1f, @empty}]}, 0x5c}, 0x1, 0x620b}, 0x0) (fail_nth: 9)

1.671761839s ago: executing program 3 (id=1471):
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_tcp_int(r0, 0x6, 0x3, &(0x7f00000001c0)=0x1, 0x4) (async)
bind$inet(r0, &(0x7f0000000200)={0x2, 0x4e24, @multicast2}, 0x10)
r1 = syz_open_procfs(0x0, &(0x7f0000000240)='fdinfo/3\x00')
lseek(r1, 0x4, 0x0) (async, rerun: 32)
getsockname$packet(r1, &(0x7f0000000240)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000000280)=0x14) (rerun: 32)
r2 = getpid()
r3 = epoll_create1(0x0) (async)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0xfffffedd, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) (async)
sendmsg$NFT_BATCH(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a58000000060a0b040000000000000000020000002c0004802800018007000100637400001c0002800800014000000002080002400000000b05000300000000000900010073797a30000000000900020073797a320000000014000000110001"], 0x80}}, 0x0) (async)
syz_emit_ethernet(0xfc0, &(0x7f00000023c0)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x10}, @void, {@ipv4={0x800, @generic={{0x6, 0x4, 0x0, 0x0, 0xfb2, 0x0, 0x0, 0x0, 0x84, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0xe}, {[@timestamp_prespec={0x44, 0x4, 0x13, 0x3, 0x4}]}}, "dd9dec79219eb5499325e16c96335bc5ff0e043319357749084ca9d0ae1378f4e88112a2f7c10fd1523b9007773fd2b2bd0ebabccd2e5c35fb3baff587585840f2530c6f4d025f118440ac22a8b34da7b5e1e873bd429686be3ef84439e05fc0fefedb8b897b09445a9e10cf24aec2ff3ca6a86d94df0c4a928ed904dcfb02e6c6c5918a839d33cb9b55dfb3cd89d80eb18dc06415d313b4ea240a65eff4b941ac018e8f81de044239960271333255291b5fbfdcf8db25e175640f36986b859aeb3370ca17e6a20aeeb5c5d27eb097fc1fab796a7ff8fcbe119bbe4be2c8a5c58890191c59bea20bfe4edf9c5453e59f610d3bd1d6eb49b02e464aee0480187c5717936add1347b08cdf5b056adb941708e8a0498900419e98b75658c6dd00f88eebf8c9aaee2e38c80eafcf6ca08ea305da9c7050948ef78a1457a2e933287fe8d2e100cb00078ed829985f8812d543cc5cdb71521f4113829551efe915e4d6773f2d285cc1e8813919356ca5ef202b0d2b8a3d7de51e4635e761ffd7efe5d51dd1325596f0e4e1c0b1ce73240cb931227892d66f3629c9d152372d5790c1c25e2f6f850a5eb83654f423b84adbbf4169d472b2cddaa7137ff14c2944ade3a57613806810707a2e6c078beb4b87cf8cf39c9950bcb3f9bb42308bd5e68d81f7f4d9e528541703059787f5e342be8ebb9841d587f7455b409115d511c130d9641fc74391228bda52d2fa58e2ca74b26583e73e2cfb881945d8ecbc77eb35e783057f6c35ba06b7f639ec516ee54bf3645f6ec436ba859e22ed480a862285aa21f3d5cd3734dde388a7f8920c4a6b4a952f830e0d2811f2f2714e660e961de0b3e0b8d5fd1007690a61e414e82245dbe4e47c73465ed40af1cee2eae4801ee408ad1fce81ff8db77082c5efd93fa9a1a3e3d78eff84f326df1c6fa656cc7d4dab842fe8e0d9ce47ad0a7e74dfe1a53776a346a22dc7a0e476754d385d99aa9cbd3f445ffb2ed61e01b28fc071d706ad204b1e8014481dba0cbc460b67e64d6e955184271cedef7f951021e3595ebe9c3384b53efafb67cbed2aa1ede5d7fcff3a9d27d05766fb8894d7948609441759f4c4dfa33b6d486d4fb7e231f04d4f0f9e98f4b156129d9307fb9ebf3b278232062e7fe9ec2db7c4c991f83733368a107bf5798a1df45c919d71cce45ed907240c2f2fa6a4227e8e11cef2e7968c63e7a1adc3edec2170c17ed2cc54d0ea2b34e99b81015ffe51a501c2b73ddac5223e69d0dd451d358c0cd2ff7db256850ec1e9e349901f168d854284da68d80c68298a75c5d859008c82fe08b4cf2e68a2c0190760a03aff1be2c9425b6d5ef5c67bafb6d16fffeeb0211d90abbade4db9d6a9e9c981dde14c1d54e9138f9760bcdccbf17e7416042cfe7bbd8bba2f739f7f900ee45b965316b950e8474f3be92081fb63f43a4858b39e20e14d5a38c0973d680f2fda9e310d0e088523bdcbb728bcd0074447b4ace876da5642cd7d781cdb023a31446e0a0c59d5388674a5c8a97927e014a73d0330bd5c5187db79f1c546a8bcca008263509c23b246dea58fb36c44d373c1c92ffdd1600c27d4b10b3fc86b88ecefe8743bb59a6b8e443f06d2ae3a6908b6bc25b647deee13262225b8879dd79413ffa3d4aef91a0a04d4dc3030b5beb081c5fdf9152c3a17e6b24457fd580d84d3006af27ff44d6ec3664c4955a1d1dc5eb041682644ae564390a3d0aa602b2a18cdd3f8a1efff7b8f3afc31c283c9b74b806a98bd9f1ad8ecce410160c0a27f7ef90a2b0c1bea64e187adc04a04bff7c435659bc4c3ce5c2730e121972541062102e93d2a136e1aaaf3e25d547cad6e2b0874500fc098469494d2654808ee88588fd167f4332061a9b4cae6b22d87624e325e89a269f61ce0d26465ddfedc1f0fa2a5cf1ee7fe3e6cb375f1ff04cf8d22667debe574b8395023bde9a8302376af2e119c4c88433d1722011ade605f3a4201860742b0392ac96cc138d9ddb952f4e4742a7fd9d625465dac35347c1662b2085c357120c6ff69dedc013c5fe46555a4448b0be41e21ad73162bf9aa1cfb70f4702c7051c0a13fae918133f123d33c5c02e66ae8fceb3109b2e13a7a3e71484d59dfcba16db2d21549be1ba6cd5ad7610eefda427982384961f18bd6857ad97e868c2914d0ba934a296eda52646031c4504864061f3cba1df65cd04ef6b1050fb30b5abbbe28f8f7adb8073e452f4c0c5492a5f8d427ddf451ae303a86639e5dbccfe2b2bedb911d534a77c012e2f8a24917d98ab14557caf3e66040f21767685644f0003459762d4ab25a0e33a92b54748cf46a977505074b79b9b0746b2b5b168876a2ca10bb903edc1d1992a4a94c0ee0dd7b37add092163b5fbaf16090f8143187d060b19e3822f3def14717e41558f9582467a5a5f89148450fde235e7a5bb900e4e9d14e2147bfd2a52f84a115eb170bf3d3b9b3de9781960be4e53025c7dce005e1458140bb9cf9da8fa1124ac558fb220d57c23a7f120f5171eb2208d9e6ab7186ae457973da564f1fd45b241c15596035f55034c3995a587b4471068076839420df947f10ab2fc211732d768c135d63cc5eeda1bdfc780e7ed90855fa5a364e63f529703cd0f691b0b6a41232bfd1c1f61ef6b16ed3b9055ca888c8ebcd16a0623ede9e4e37b7d6175e3d0ddba8e7d87639eb8b0ba246131951a581575f1adf4c598a9f2f087d5eb2a0a5834d8cb12b0ad76d9381a838ccfbfcc20bbb970474c48677f10aa57be1d607d5b049d397178035f7f3393cd9000336c83218850ecd64142a22f7ae7e6a7e62013d6d105eb7c862e13979698681d44121ee9e2e552315d4d3913ff7bcd90d6bed72d50107a971a37d5a1d75efeebf03cc91239b7e427fba8df6b79674c15acd2093289fe6155063af81d85840abf4635f66083b3707d34b2149dfdf95cb4deb71e1574118c242b160c770347e6b1f135a985e89fe8e6d7f40281cfb6dc05cd8b9d4f6680c0863acb34516092acdf2bea67f54ab4282ba2d898287f34d9384e335b2ddbb87aaea8cadb8f0b397e99a68a7a214fae5a1f56c95bcd901534c23cd5cff3c168813d7fa1191dd7437c96b07324a7b21b48e205b859dcd080bd62ab7cca4bd7a73959218d0eeb21c887483201eaf3afb19efe1741b57332c5441685a7bb8324d9e85faafc785312b58aabef2eef6a8048663bf13db9ae9edd4b1dcebc99890693f11b354b1f1aad19b66251b4bcaed0daed73b87dedd140fd680e7d3355362844d1d7ba2ae6be7ffae59d7b3c679b890448b0de1acf591abfe6f3096794b7e142e0ac0862ab8cb76eb79b17d1138be3747f907c3f11c636a0f0e0d315d1ff05aab0ce62fbac03a2b4ddeac7ee192bba2da93b7a926271f6d594aa14de2c294ad0c77770a624d1ce24cc8d8f5e9b629604fa7897f0cbd641f76a85dc8df33b5715eb100e30e53b85110d2252c22575a7365eb08006b4d62d305e780101965094ce2aaad170df470870e687fb280b772d41ad5d470b71e256af3a0d2c02df95821d38f28cdff26fa7a3f6e920edbd3174d2d2bde854ef68dae8a0a4a63753c825930903a2ca75d4321bad0ad9ff6852f94dd04972a45bb9625b3726dfbcc959e85242f0d327b181aee0fdab7af064dd97151b131a5c4a51a66692cbbd9f1348a16470cedef1b255e172cd2b15184177ad43744de941869af884ff8e59ef0e63ac5e1b99c851e0f915359ce12d9c380bb6f9c2bc773267157afeda7abcc120a31a1b72af6662bff7f5f194dad00b4ebfdcbb4dfc39854412db1ae99b449d741f841239159ea467cf1e38b95bcb7603ebcb400cb31410b2a4e25126caade0019bf667cc998bc4582578da0f8a6268f6d114ccf9dd8379995e8be1b934bb5645d72f97e05628129a7d2bc548e08796341f43dc3c9fcbe89d8284dc6633bee0d17e99f600425f0172b6bc478f5117dadf15e36e850ecc0ca75664ef8e4877a44b4ffa22a6f1d6719f8d81f9937928caa0690b77406a3298aaf446e2f78343267399bb7f64c60f82bf5d07210281eaad09a3810790720c98a041332c809be7aea1480b9e5eb989085c23b4aee75143068def3e89d1c417b63321e68d340a1472d2504088c17cd75de0e700508c55a7246ca9a762cc50ca35cbcaa7dcf4ae3264c32ff2cd67566ed501fb8182b5f16c58295783f3b2b554b06aae700f198c71ad7519868c1e6fbeb0246569b04beeb8b71bcbb9af93372bee365efb1d7424689e8241b1dc346a73a84b5773487f388356b8dbec1a108846e3f8dc74865b156e8ad18b353efc4ad0b11412a381fec8f5d45678b4f8b680591be8077303e7aff71acf9052ae3b73e41e19668f9b53bfd75b778970831b6891a78ffe0d4863e62cbbf6cf8c085032864479cd3a250842984dcc2860f057f86c8e2d4d2afefb8a45b7d5b8c94e752f369a1b434c827cd26cd0276a8b40019a95ebe7c16de4c1ce8efbd5c70e0c507631818aa4fbc937d212e428aefa895069656babdbd921af974da32c49f4ca6d1e1e28319b427c8bad4d650809c673ec6073770b4097e5700a8071110fd07acbc5a59f8d7b0735a98fd40ce03718a9a93c035948859215c59f54343b08bfd95a35d73c5f09a9ebe63c509fe8443fa74e6efd0fd87defc7cb16725ce3c3d5f7664cfe253faf2cbeb307052dd2269b6266acdb31e2006b9355f673ca5c9cb907605ce071824254b139607a069531f9598f4040ddeb9cd018e9dfa1808032dfb65a4af0820da810a7b58fbb65ac8e65b017a40ec2d445a5c7b78d1f0e717b19427ef1fe6cc08c5e9da5a7d1d508fd939854589dcba8d75ff3d8d1c1fb28af1ed6900bcd4cedbe42fd6243c81264fe81be756bfd71ebcd4d96bd7ec50a676bc57e130bd8da21bb6e888eb6c8402516f6fe6dfe25be9a3e33f2cdbed9de00efb867cbe80ec2309458f41924b967d254166e5a0a5f776395214a67900d180704b9fb09f9c4c4c62fd382fcd5efe099e22d2c82f198a39d193f65b68e09454e2ab8f2d7413c64563742f1c34ca9285e501bff5efa30a0da946f875d23162eaa53c4008bed38e9a190b08ff8bfb6bfb91553c4c329fc73b8be308b00347dee2afdc08bab311c75386f452b706d1820c9038998924665010a548c09743a16167b0b09373b5cd2fb1da4f6c9ea5b1f1dd7775f6fcb23eab4fd1990364dacb2a1656b9bcf1c4866b7222872a3a3a03d397499222a3f31a35d3aeaf6a6d39f0fbee1e0f6e1e10ba0774f15f245d955cc8132d86c2d768f8a06274caa5a12c46e9e08ee556c1da49830f1e6c0a0c53a9ef1489c3fba0251c3e6839e891ac298108f3ed05066e48b8bda2c5f6e691c7a7425b7019e0a547f6560a0af41831a4a790c3a8eac9a3a9119da3eef85cb12f3f3115f04ae95534ac847b4ee2cc2fc43cdba382ecae7c4f499ce1be1ca1907313ff665c2fd7d4c8f36716f33b6861f5cf3f1c878feadfa9a664b8d629a16c750c466326a951efaa830e4f328270041f2ca0be49f0affe5806b94b027033f008957e83d167d6fe4168ec4fb79385cc06e257bba807ecfccaba56cf751dac996b7a347d36ec52b0f5d16425402416c735530bd7c545f8c753fb3b"}}}}, 0x0) (async, rerun: 64)
kcmp$KCMP_EPOLL_TFD(r2, r2, 0x7, r3, &(0x7f0000000180)={r3, 0xffffffffffffffff, 0xaa}) (async, rerun: 64)
sendmmsg$inet(r0, &(0x7f0000002f00)=[{{&(0x7f0000000000)={0x2, 0x4e24, @local}, 0x10, &(0x7f0000000600)=[{&(0x7f0000000040)="86", 0x1}], 0x1}}], 0x1, 0x20004000) (async)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0xc, &(0x7f0000000140)=ANY=[@ANYBLOB="180200000100000000000000000000008500000087000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r6, 0x0, 0xe, 0x0, &(0x7f00000000c0)="e097d1d500023dc1566fa336fc4a", 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r7 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff) (async)
r8 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCSETA(r8, 0x5406, &(0x7f0000000400)={0xfefe, 0x5, 0x8, 0x800c, 0xb, "0100000000000080"}) (async)
ioctl$TIOCL_GETMOUSEREPORTING(r8, 0x5412, &(0x7f00000006c0)=0xa) (async, rerun: 64)
sendmsg$MPTCP_PM_CMD_DEL_ADDR(r5, &(0x7f0000000140)={0x0, 0x2000, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="07000000400081001fff02000000200001801400040000000000000000000000ffffac1414aa060001000a"], 0x34}, 0x1, 0x0, 0x0, 0x8081}, 0x24000800) (rerun: 64)

1.549276811s ago: executing program 3 (id=1472):
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r0, 0x107, 0x14, &(0x7f0000000080)=0xfff, 0x4)
socket$inet_udp(0x2, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xa, 0x1, 0x40, 0x40, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
socket$nl_xfrm(0x10, 0x3, 0x6)
socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={<r1=>0xffffffffffffffff})
getpeername$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14)
sendmmsg(r0, &(0x7f0000000440)=[{{&(0x7f0000000700)=@xdp={0x2c, 0x0, r2, 0x0, 0xb00}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000180)='O', 0x36}], 0x1}}], 0x1, 0x0)

1.549015474s ago: executing program 3 (id=1473):
r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
r1 = dup(r0)
r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
mount$9p_fd(0x0, &(0x7f00000001c0)='.\x00', &(0x7f0000000180), 0x0, &(0x7f0000000040)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r2}})
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000140), 0xa0000, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r5 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r7, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r5, 0xffffffb3, &(0x7f0000000240)=0x2)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r8 = socket$inet_tcp(0x2, 0x1, 0x0)
syz_io_uring_setup(0x239, &(0x7f0000000300)={0x0, 0x200000, 0x10100, 0xfffffffd}, &(0x7f0000000180), 0x0)
bind$inet(r8, &(0x7f0000000080)={0x2, 0x4e21, @broadcast}, 0x10)
connect$inet(r8, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
sendto$inet(r8, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0)
recvfrom$inet(r8, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x720, 0x0, 0xfffffffffffffd25)
sendmsg$NL80211_CMD_SET_BEACON(r3, &(0x7f00000016c0)={0x0, 0x0, &(0x7f0000001680)={&(0x7f0000000840)={0x50, r4, 0x1, 0x200000, 0x0, {{}, {@void, @val={0xc}}}, [@NL80211_ATTR_IE_ASSOC_RESP={0x2f, 0xe, [@perr={0x84, 0x29, {0x6, 0x3, [{{}, @device_a, 0x80000000, @void, 0x3f}, {{}, @device_b, 0x8000, @void, 0x3a}, {{}, @broadcast, 0x5c45ffb4, @void, 0x43}]}}]}]}, 0x50}}, 0x2000)
r9 = socket(0x2, 0x80805, 0x0)
sendmmsg$inet(r9, &(0x7f0000000440)=[{{&(0x7f0000000280)={0x2, 0x4e22, @private=0xa010101}, 0x10, &(0x7f0000000980)=[{&(0x7f0000000200)="9c", 0x1}], 0x1}}, {{&(0x7f0000000080)={0x2, 0x4e22, @rand_addr=0x64010101}, 0x10, &(0x7f0000000180)=[{&(0x7f00000000c0)="99", 0x1}], 0x1}}], 0x2, 0x48000)
getsockopt$inet_sctp_SCTP_MAX_BURST(r9, 0x84, 0xc, &(0x7f0000000040)=@assoc_value={<r10=>0x0}, &(0x7f0000000000)=0x8)
setsockopt$inet_sctp_SCTP_MAX_BURST(r9, 0x84, 0x14, &(0x7f0000001080)=@assoc_value={r10, 0x5}, 0x8)

1.546834474s ago: executing program 2 (id=1480):
mkdir(&(0x7f0000000140)='./file0\x00', 0x12)
mount(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000280)='debugfs\x00', 0x10040, 0x0)
r0 = socket(0x840000000002, 0x3, 0xff)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000100)={0x0, <r1=>0x0}, &(0x7f0000000140)=0xc)
r2 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000080), 0x129202, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r2, 0xc0045005, &(0x7f0000000140)=0x2000)
r3 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
write$dsp(r3, &(0x7f0000000300)='U', 0x1)
ppoll(&(0x7f00000000c0)=[{r2, 0x9620}], 0x1, 0x0, 0x0, 0x0)
mount$tmpfs(0x0, &(0x7f0000000380)='./file0\x00', 0x0, 0x1830422, &(0x7f00000003c0)={[{@uid={'uid', 0x3d, r1}}]})
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
r5 = accept4$bt_l2cap(r4, &(0x7f0000000040)={0x1f, 0x0, @none}, &(0x7f0000000080)=0xe, 0x80000)
setsockopt$bt_l2cap_L2CAP_OPTIONS(r5, 0x6, 0x1, &(0x7f0000000000)={0x1, 0x745, 0x0, 0x3, 0x5, 0x16}, 0xc)

1.132568928s ago: executing program 0 (id=1474):
r0 = socket$inet(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'bond0\x00'})
socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0xe, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x0, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0x3}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0xffffffffffffffff, 0x4}, 0x1}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000002000)=@newsa={0x140, 0x10, 0x633, 0x0, 0x0, {{@in6=@loopback, @in6=@dev}, {@in6=@dev, 0x0, 0x32}, @in=@local, {}, {}, {}, 0x0, 0x0, 0xa}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}, @extra_flags={0x8, 0x18, 0x3}]}, 0x140}}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
memfd_create(&(0x7f0000000280)='/dev/sg#\x00', 0x3)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10138, 0x2, 0x0)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
syz_clone3(&(0x7f00000002c0)={0x8040000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
r4 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
r5 = syz_open_dev$dri(&(0x7f0000000040), 0x0, 0x0)
ioctl$DRM_IOCTL_GET_MAGIC(r5, 0x80046402, 0x0)
ioctl$DRM_IOCTL_AUTH_MAGIC(r5, 0x40046411, &(0x7f0000000000)=0x1)
r6 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_I_WANT_MAPPED_V4_ADDR(r6, 0x84, 0xc, &(0x7f0000000380)=0x2, 0x4)
ioctl$SCSI_IOCTL_SEND_COMMAND(r4, 0x1, 0x0)
ioctl$SG_SET_TIMEOUT(r4, 0x2201, &(0x7f0000000000)=0xc)
r7 = openat$vicodec0(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0)
r8 = epoll_create(0x3)
epoll_ctl$EPOLL_CTL_ADD(r8, 0x1, r7, &(0x7f00000003c0)={0x8000201c})

611.821444ms ago: executing program 3 (id=1475):
syz_emit_ethernet(0x66, &(0x7f0000000400)={@multicast, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "02adf7", 0x30, 0x32, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x0, {0x0, 0x6, "cb0380", 0x0, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @broadcast}, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}}}}}}, 0x0)
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
setsockopt$inet_sctp_SCTP_RECVNXTINFO(r0, 0x84, 0x21, &(0x7f0000000580)=0x9, 0x4)
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
setsockopt$bt_l2cap_L2CAP_OPTIONS(r1, 0x6, 0x1, &(0x7f0000000000)={0x0, 0x747, 0x0, 0x3}, 0xc)
r2 = openat$uhid(0xffffffffffffff9c, &(0x7f00000004c0), 0x2, 0x0)
write$UHID_CREATE(r2, &(0x7f00000002c0)={0x0, {'syz0\x00', 'syz0\x00', 'syz1\x00', &(0x7f0000000540)=""/32, 0x20, 0x1, 0x0, 0x0, 0xffffffff}}, 0x11c)
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000180)=ANY=[@ANYBLOB="1201000000000040341a02080000000000010902"], 0x0)
r3 = syz_open_dev$hidraw(&(0x7f0000000080), 0x1, 0x200)
ioctl$HIDIOCGFEATURE(r3, 0x4004480d, &(0x7f0000001a40)={0x8c, "895cd46771f00301c1ca639506f24c672ecfd2bd1050f9c5774eb3e02ce08f61bb32758aa48d8b91deae8e868458c5a16302ef180c82320b8e92c2821ee0eb19"})
connect$bt_l2cap(r1, &(0x7f0000000040)={0x1f, 0x4, @any, 0x757}, 0xe)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, 0x0}, 0x4040004)
r4 = memfd_secret(0x0)
getsockopt$inet_sctp_SCTP_STATUS(r0, 0x84, 0xe, &(0x7f0000000640)={0x0, 0xfffffff8, 0x10000000, 0xd, 0xc, 0x7, 0x7ff, 0xfff, {<r5=>0x0, @in6={{0xa, 0x4e24, 0x8, @mcast1, 0xff}}, 0x10, 0x8, 0x9, 0x204, 0xf2}}, &(0x7f0000000600)=0xb0)
r6 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TIOCPKT(r6, 0x80045430, 0x0)
getsockopt$inet_sctp_SCTP_PR_SUPPORTED(r4, 0x84, 0x71, &(0x7f0000000480)={r5, 0x1ff}, &(0x7f00000005c0)=0x29)
r7 = openat$tun(0xffffffffffffff9c, &(0x7f00000002c0), 0x80040, 0x0)
r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x40040, 0x0)
writev(r8, &(0x7f0000000080)=[{&(0x7f0000000140)="b302ac74a76630901bab553b0fd02f95b60fe644d9916f4400f376ed5e427471708b7b9073daafbc83f13967f453220a54803e371714dbae03b0a60e0a2d54806c86d5552b4c44a74f783d4d27e0eb7592fa403d29f6cef3876a9f1acd7ec6f5a219bc4be534d67c424f8a6ed9f9eb3111b394eae005f74b5a61392771d2a793a596552dd63bf3a18f0f5d993fb001ec67d59c058f2eccf80246a9c462b2678f5d92e199acc71fe08c561b6556bc", 0xae}], 0x1)
r9 = openat$procfs(0xffffff9c, &(0x7f0000000300)='/proc/stat\x00', 0x0, 0x0)
ioctl$sock_inet6_tcp_SIOCOUTQ(r9, 0x5411, &(0x7f0000000340))
ioctl$TUNSETIFF(r8, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x10})
socket$netlink(0x10, 0x3, 0x0)
preadv(r8, &(0x7f0000001300)=[{&(0x7f00000000c0)=""/111, 0x6f}], 0x1, 0x0, 0x0)
r10 = openat$6lowpan_enable(0xffffff9c, &(0x7f0000000200), 0x2, 0x0)
write$6lowpan_enable(r10, &(0x7f0000000280)='0', 0x1)
ioctl$SIOCSIFHWADDR(r7, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local})

213.337788ms ago: executing program 0 (id=1476):
r0 = socket$l2tp6(0xa, 0x2, 0x73)
bind$l2tp6(r0, &(0x7f0000000000)={0xa, 0x0, 0x1, @empty, 0x0, 0x3}, 0x20)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$L2TP_CMD_TUNNEL_CREATE(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)={0x5c, r2, 0x917, 0x0, 0x0, {}, [@L2TP_ATTR_PROTO_VERSION={0x5}, @L2TP_ATTR_CONN_ID={0x8}, @L2TP_ATTR_IP6_DADDR={0x14, 0x20, @ipv4={'\x00', '\xff\xff', @loopback}}, @L2TP_ATTR_PEER_CONN_ID={0x8}, @L2TP_ATTR_ENCAP_TYPE={0x0, 0x2, 0x1}, @L2TP_ATTR_L2SPEC_TYPE={0x0, 0x5, 0x3e2e59de4da49fd7}]}, 0x5c}, 0x1, 0x620b, 0x0, 0x20008090}, 0x0)

142.14905ms ago: executing program 0 (id=1477):
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xa, 0x6, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x63, 0x11, 0x8}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0x85, 0x0, 0x0, 0x23}, @exit], {0x95, 0x0, 0x5a5}}, &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000200)=ANY=[@ANYBLOB="b700000081000000bfa30000000000000703000009feffff720a00fef8ffffff71a400fe0000000071101000000000001d300200000000004704000001ed030407000000c00000001d440000000000006b0a00fe0000000072030000000a0000e500f9ff000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fe51bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616276fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a26048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93f04bf072f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00e10000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f6f096753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c2571f983e9673560000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d490cba8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e16e1461173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdec86f9b1eb93d491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b583cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd84990453f806694d461b76a58d88cf0f520310a1e80dc18cde9ad662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6432399f87a7a14245bbd796a090f3b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c00000000000000f59dd19e8d525206c0a728cfd42193abe8130bc01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ed1012fd7a8139166fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336d205c5913ef67cf0216e2d81e6127bd9d7fab28800eaab2355992f8ce4cd38add4b272c0bee4076ca4847ffa691cf78fb7ec212bad3bef29f577ea7159b7f3025b3d977ff7c91024cf71126233cb8791c3c"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xfffffffffffffd00, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)

141.813857ms ago: executing program 2 (id=1478):
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x121602, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000003c0)=0x14)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000640)=ANY=[@ANYBLOB="3c0000001000850600000000ff6122314a000800", @ANYRES32, @ANYBLOB="00001000252155b21c0012000c000100626f6e64000000000c0002000800010001"], 0x3c}}, 0x40000)
sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000680)=ANY=[@ANYBLOB="700000001000030500000000fcdbdf2500000000", @ANYRES32=0x0, @ANYBLOB="00000000041000004800128008000100677265003c000280060002000500000008000600ac1e000106000f000d00000006000f00050000000500170001000000050017000000000008000700e000000108000a00", @ANYRES32], 0x70}, 0x1, 0x0, 0x0, 0x800}, 0x4000)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000002c0)={'wlan0\x00', <r4=>0x0})
r5 = memfd_create(&(0x7f00000005c0)=' \xc76\xbe\x91\x8d\x182)!\x9a%\xa2\xd28\xd6\x06\a\x0e\xfc\xfe\x12\x8f&\x13\xae%@T\xa3\xb0>\\\xec\xa9\xf9Q@6A\x10\x8cn|\x00\x00\x00\x00\x00\x00\x00\x00r\xbb\xdd\xe8\x87\x05=\xfb\x8b}\xfc\x1d\x03\xe1\xfcm\x9b\xf7fo\"i\xa1hk\x1f\xf5z\xc1\x7f\xa4\\]\xc4\xbe3\xf9\xa8\t?:\xd8\xda\x84\xeepI[\x1c\x00\x00\x00\x00\xf9v\x00\x00\x00\x00\x00T\xb6\xbe\x0f~\xc0\x92\xe9O{\xa8\x81(\x01\x14\xfc\x83\xf9\xfb\x05\x94T\x81@Lq]\xf9\x15zj\x87\xc4\x8e\xe8/\xb9-&R\x8e\xb2\xb3bBx\x1e1\x18\x8f\x19\xf7]#\xed,\xc7\x11\tp\xf4\xa3\xee\x00\x00\x00\x00\'}\x18\xe8O\xa8#K\xb6\xe4U\x92\xd2\x9d\xb8<X\xfa\xdd\x8a6\xa1\x82\xf7r\xd8z\x85\x8do\xa5\xed\xd4\xbc8U\x1e\xf2tl8\xfe\xd0\x94\xfe\xf5\x1c+\x00U\te\xfa6\xca\xb9\xb4Q\xd9\xee\r6\x861h{\xc7z\'F\xc7\x91\x06x\xe1`\xf1:\xcf+\xd5\f\xb2\xce\xa4\x06\x90\x90\x9b\x1d\xcaa\xf7\x8f\x9e\x80\x93\xafT\xdfl\xec\xc6\x8e\x96\r[n\xc6\x99\x1fr<\x06\xb3\xbcT\x00\xda6\x18/\x18l\xc1\x81\x8e8L\xcb*S_\xd0:\xa4V\xbd\xf1\xa4\x955\xa9\x9d\xe0\x9b\xd3\x95\xc88n:\x89>?2\xc8\xe7kovd\xa4\x1bl+\x14\x17\x14\x17C2! U\x04:\xd93F\xb9\xfc\x1b\xfd}\x05\xf9\x11\xf3)>q\x10\xd3\xf0\xaf>\xf8t(bX\xe3g\x05\xfe\b\xbcy\x95*\xca\a\xaf\xbb\xf9\xc3Y\xa2\x91\x90.\xc8\xbe\xb0\xa6\xbd\xbd\xfd\xfaf*\xb2&\x82\xa0\x17\xe7)\xf5\xa2\xccv\n\x1b\xd4\xf4\x11*\xc9\xc6*\xa4.\x94[$\xb8\xb3Q\xde\xd8A\xa4~c,`\x02\xb8\x01r\x89\x82\x13\xd0}C7\xfb\xf2\tM\x1e\xe9\xa5\v\xc5\xba(\x89\xb0l\x92H\x1cR\x1f>\xc4ie\xe0B\xf0[\xe2\xe1\x12\x1d\x8fR&\xd1\xa6#\xda.\x0f\xd7\xd7\xa4\x90\x14\x92I\xf82&\x16<\xf2RR\xc2\x02.Q\xef\x85\xef\xf9\xe5\x00\xe9\xca\xb1\x8c\x11\x11l\x9f\xc8\b\xf7A\xa6\x81\xad\xdc\x95\xc8\xef\x102\xa8\x87\x01\x00\\\xfee \n0F\xbc\x85\xc5C\xd0\x99\xe4\t\xab`\'t\xc2\xe9\x13\xcag\xea\xb3\xb5\x92\x00J\xc6y\x05\xcc\xde\xa0\xf6\xb9 \xe5\xdd\f\x18\xfc\xe0\xc3(\xd8\xeb\x1a6\xe6\xfa\x93\xc07R\x0f-\x9e\xf3\x87E\xa3\xd5o\x1bA\x88L/\xe7>45Q?\be\x7f\xa9\x9a\xcae\xd8Y\xdf]\x1bS\x825\xcb\x00\xa4}\x97\x84T\xad\x9b\x1e!\x8a\xbc\x02+#Q\xa9 \xe9\x05r\xe1\xec\x0f\xa7\xe6Of\x95\x02{', 0x4)
ftruncate(r5, 0x400000)
sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000100)=ANY=[@ANYBLOB='H\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="0100fcffffff050000003b00000008000300", @ANYRES32=r4, @ANYBLOB="2c003300d0000000080211000001080211000000505050505050"], 0x48}, 0x1, 0x0, 0x0, 0x4}, 0x90)

371.461µs ago: executing program 2 (id=1479):
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x3, &(0x7f0000000040)=@framed={{0x45, 0xa, 0x0, 0xffff, 0x0, 0x61, 0x11, 0xc8}}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)

0s ago: executing program 2 (id=1481):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x1}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x800}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
bind$netlink(r3, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc)
connect$inet6(0xffffffffffffffff, &(0x7f0000000080)={0xa, 0x3, 0x8, @remote, 0x7}, 0x1c)
r4 = socket$inet6(0xa, 0x3, 0x7)
connect$inet6(r4, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c)
syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet6_IPV6_XFRM_POLICY(r4, 0x29, 0x23, &(0x7f0000000340)={{{@in6=@dev={0xfe, 0x80, '\x00', 0x1e}, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x20}, {0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x4, 0x2}, {}, 0x0, 0x6e6bb9, 0x1}, {{@in=@broadcast, 0xfffffffc, 0x32}, 0x0, @in=@empty, 0x0, 0x0, 0x2, 0x7, 0x200}}, 0xe8)
sendmmsg(r4, &(0x7f0000000480), 0x2e9, 0x0)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r5, &(0x7f0000000180)={0x0, 0x300, &(0x7f0000000340)={&(0x7f0000000000)=@newsa={0x138, 0x16, 0x633, 0x0, 0x80000000, {{@in=@multicast2, @in6=@dev={0xfe, 0x80, '\x00', 0xfd}, 0x0, 0x0, 0x0, 0x0, 0xa}, {@in6=@loopback={0xffffffffffffff80}, 0x4d2, 0x32}, @in=@local, {}, {0x5, 0x0, 0x0, 0x5}, {}, 0x2, 0x0, 0x2, 0x4}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuset.effective_cpus\x00', 0x275a, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$IPVS_CMD_NEW_DAEMON(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)={0x50, r7, 0x1, 0x4, 0x0, {}, [@IPVS_CMD_ATTR_DAEMON={0x3c, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'vcan0\x00'}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x1}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @mcast2}]}]}, 0x50}}, 0x0)

kernel console output (not intermixed with test programs):

x950
[  177.663726][ T8828]  ? __pfx_do_iter_readv_writev+0x10/0x10
[  177.663755][ T8828]  ? bpf_lsm_file_permission+0x9/0x10
[  177.663779][ T8828]  ? security_file_permission+0x71/0x210
[  177.663801][ T8828]  ? rw_verify_area+0xcf/0x680
[  177.663827][ T8828]  vfs_readv+0x4c5/0x8a0
[  177.663858][ T8828]  ? __pfx_vfs_readv+0x10/0x10
[  177.663902][ T8828]  ? __fget_files+0x20e/0x3c0
[  177.663934][ T8828]  ? do_readv+0x132/0x330
[  177.663955][ T8828]  do_readv+0x132/0x330
[  177.663979][ T8828]  ? __pfx_do_readv+0x10/0x10
[  177.664006][ T8828]  ? rcu_is_watching+0x12/0xc0
[  177.664024][ T8828]  __do_fast_syscall_32+0x73/0x120
[  177.664049][ T8828]  do_fast_syscall_32+0x32/0x80
[  177.664070][ T8828]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  177.664091][ T8828] RIP: 0023:0xf704e579
[  177.664105][ T8828] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  177.664120][ T8828] RSP: 002b:00000000f503e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000091
[  177.664136][ T8828] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000000
[  177.664146][ T8828] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000000000000000
[  177.664155][ T8828] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  177.664163][ T8828] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  177.664172][ T8828] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  177.664191][ T8828]  </TASK>
[  177.788826][ T8820] netlink: 100 bytes leftover after parsing attributes in process `syz.0.825'.
[  177.792924][ T8820] netlink: 12 bytes leftover after parsing attributes in process `syz.0.825'.
[  177.854395][ T8834] netlink: 28 bytes leftover after parsing attributes in process `syz.1.829'.
[  177.858175][ T8833] netlink: 4 bytes leftover after parsing attributes in process `syz.0.825'.
[  177.977733][ T8102] usb 5-1: USB disconnect, device number 15
[  179.205536][ T5945] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0
[  179.208334][ T5945] Bluetooth: hci3: Injecting HCI hardware error event
[  179.210966][ T5945] Bluetooth: hci3: hardware error 0x00
[  181.284340][ T5945] Bluetooth: hci3: Opcode 0x0c03 failed: -110
[  187.639540][ T8874] lo speed is unknown, defaulting to 1000
[  187.697551][ T8869] netlink: 12 bytes leftover after parsing attributes in process `syz.3.835'.
[  187.813153][ T8866] netlink: 12 bytes leftover after parsing attributes in process `syz.1.833'.
[  187.944372][ T1925] usb 5-1: new high-speed USB device number 16 using dummy_hcd
[  188.105895][ T1925] usb 5-1: config 0 has no interfaces?
[  188.108073][ T1925] usb 5-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[  188.111367][ T1925] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  188.116566][ T1925] usb 5-1: config 0 descriptor??
[  188.281238][ T8880] pim6reg: entered allmulticast mode
[  188.284220][ T8880] lo: entered allmulticast mode
[  188.311954][ T8889] netlink: 8 bytes leftover after parsing attributes in process `syz.2.843'.
[  188.314855][ T8891] FAULT_INJECTION: forcing a failure.
[  188.314855][ T8891] name failslab, interval 1, probability 0, space 0, times 0
[  188.314880][ T8889] netlink: 8 bytes leftover after parsing attributes in process `syz.2.843'.
[  188.318855][ T8891] CPU: 2 UID: 0 PID: 8891 Comm: syz.1.844 Not tainted 6.15.0-rc4-syzkaller-00052-g4f79eaa2ceac #0 PREEMPT(full) 
[  188.318870][ T8891] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  188.318876][ T8891] Call Trace:
[  188.318880][ T8891]  <TASK>
[  188.318884][ T8891]  dump_stack_lvl+0x16c/0x1f0
[  188.318901][ T8891]  should_fail_ex+0x512/0x640
[  188.318915][ T8891]  ? fs_reclaim_acquire+0xae/0x150
[  188.318931][ T8891]  ? tomoyo_supervisor+0x45b/0x13b0
[  188.318945][ T8891]  should_failslab+0xc2/0x120
[  188.318958][ T8891]  __kmalloc_noprof+0xd2/0x510
[  188.318968][ T8891]  ? tomoyo_profile+0x47/0x60
[  188.318985][ T8891]  tomoyo_supervisor+0x45b/0x13b0
[  188.319002][ T8891]  ? __pfx_tomoyo_supervisor+0x10/0x10
[  188.319024][ T8891]  ? rcu_is_watching+0x12/0xc0
[  188.319037][ T8891]  ? tomoyo_check_acl+0x1f7/0x410
[  188.319049][ T8891]  tomoyo_mount_acl+0x50c/0x850
[  188.319060][ T8891]  ? kernel_text_address+0x8d/0x100
[  188.319080][ T8891]  ? __pfx_tomoyo_mount_acl+0x10/0x10
[  188.319107][ T8891]  ? tomoyo_domain+0xbb/0x150
[  188.319121][ T8891]  ? tomoyo_profile+0x47/0x60
[  188.319141][ T8891]  tomoyo_mount_permission+0x16d/0x420
[  188.319152][ T8891]  ? tomoyo_mount_permission+0x14f/0x420
[  188.319165][ T8891]  ? __pfx_tomoyo_mount_permission+0x10/0x10
[  188.319186][ T8891]  security_sb_mount+0x9b/0x260
[  188.319197][ T8891]  path_mount+0x128/0x1f20
[  188.319209][ T8891]  ? kmem_cache_free+0x2d4/0x4d0
[  188.319218][ T8891]  ? __pfx_path_mount+0x10/0x10
[  188.319230][ T8891]  ? putname+0x154/0x1a0
[  188.319243][ T8891]  __ia32_sys_mount+0x28b/0x310
[  188.319253][ T8891]  ? __pfx___ia32_sys_mount+0x10/0x10
[  188.319265][ T8891]  ? rcu_is_watching+0x12/0xc0
[  188.319275][ T8891]  __do_fast_syscall_32+0x73/0x120
[  188.319290][ T8891]  do_fast_syscall_32+0x32/0x80
[  188.319303][ T8891]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  188.319316][ T8891] RIP: 0023:0xf704e579
[  188.319324][ T8891] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  188.319334][ T8891] RSP: 002b:00000000f503e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000015
[  188.319343][ T8891] RAX: ffffffffffffffda RBX: 0000000080000040 RCX: 0000000080000340
[  188.319349][ T8891] RDX: 0000000000000000 RSI: 000000000020887b RDI: 0000000000000000
[  188.319355][ T8891] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  188.319361][ T8891] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  188.319366][ T8891] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  188.319379][ T8891]  </TASK>
[  188.321827][ T1925] usb 5-1: USB disconnect, device number 16
[  188.360188][ T8896] lo speed is unknown, defaulting to 1000
[  188.552808][ T5945] Bluetooth: hci1: unexpected event for opcode 0x0035
[  188.555863][ T8904] netlink: 4 bytes leftover after parsing attributes in process `syz.1.848'.
[  188.591083][ T8904] netlink: 4 bytes leftover after parsing attributes in process `syz.1.848'.
[  188.938712][ T8923] netlink: 12 bytes leftover after parsing attributes in process `syz.2.850'.
[  189.374338][ T5980] usb 5-1: new high-speed USB device number 17 using dummy_hcd
[  189.489608][ T8933] netlink: 'syz.3.857': attribute type 1 has an invalid length.
[  189.539246][ T5980] usb 5-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice=80.00
[  189.542115][ T5980] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  189.544699][ T5980] usb 5-1: Product: syz
[  189.546117][ T5980] usb 5-1: Manufacturer: syz
[  189.547872][ T5980] usb 5-1: SerialNumber: syz
[  189.550763][ T5980] usb 5-1: config 0 descriptor??
[  189.968628][ T5980] usb 5-1: USB disconnect, device number 17
[  190.130890][ T8948] binder: 8947:8948 ioctl c0306201 800003c0 returned -14
[  190.192085][ T8953] xt_TCPMSS: Only works on TCP SYN packets
[  190.435709][ T8958] netlink: 48 bytes leftover after parsing attributes in process `syz.1.866'.
[  190.891810][ T8966] netlink: 4 bytes leftover after parsing attributes in process `syz.0.869'.
[  190.898459][ T8966] netlink: 'syz.0.869': attribute type 4 has an invalid length.
[  190.902636][ T8966] dlm: no locking on control device
[  190.905593][ T8966] netlink: 'syz.0.869': attribute type 4 has an invalid length.
[  190.912608][   T58] lo speed is unknown, defaulting to 1000
[  190.917437][   T58] syz2: Port: 1 Link ACTIVE
[  191.273143][ T8971] No control pipe specified
[  191.276765][ T8971] No control pipe specified
[  191.676976][ T8966] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  191.678156][ T8980] netlink: 'syz.1.874': attribute type 4 has an invalid length.
[  191.694493][ T8980] netlink: 152 bytes leftover after parsing attributes in process `syz.1.874'.
[  191.715720][ T8980] : renamed from bond0 (while UP)
[  191.783931][ T8980] syz.1.874: attempt to access beyond end of device
[  191.783931][ T8980] nbd1: rw=4096, sector=0, nr_sectors = 1 limit=0
[  191.788286][ T8980] XFS (nbd1): SB validate failed with error -5.
[  192.564396][ T5945] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0
[  192.567246][ T5945] Bluetooth: hci1: Injecting HCI hardware error event
[  192.571353][ T5945] Bluetooth: hci1: hardware error 0x00
[  193.687945][ T1415] ieee802154 phy0 wpan0: encryption failed: -22
[  193.690705][ T1415] ieee802154 phy1 wpan1: encryption failed: -22
[  194.493837][ T9036] netlink: 12 bytes leftover after parsing attributes in process `syz.1.888'.
[  194.644351][ T5945] Bluetooth: hci1: Opcode 0x0c03 failed: -110
[  196.032477][ T9074] netlink: 40 bytes leftover after parsing attributes in process `syz.0.902'.
[  196.242679][ T9076] netlink: 'syz.3.900': attribute type 10 has an invalid length.
[  196.272190][ T9076] veth0_vlan: left promiscuous mode
[  196.283151][ T9076] veth0_vlan: entered promiscuous mode
[  196.293643][ T9076] team0: Device veth0_vlan failed to register rx_handler
[  196.311520][ T9079] dlm: plock device version mismatch: kernel (1.2.0), user (2.0.0)
[  196.474419][ T5979] usb 5-1: new high-speed USB device number 18 using dummy_hcd
[  196.567234][   T40] audit: type=1800 audit(2000000099.640:13): pid=9083 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.904" name="SYSV00000000" dev="tmpfs" ino=0 res=0 errno=0
[  196.624461][ T5979] usb 5-1: Using ep0 maxpacket: 8
[  196.628750][ T5979] usb 5-1: config 0 has no interfaces?
[  196.639625][ T5979] usb 5-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ee
[  196.644039][ T5979] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  196.647790][ T5979] usb 5-1: Product: syz
[  196.650660][ T5979] usb 5-1: Manufacturer: syz
[  196.651336][ T9082] netlink: 'syz.2.904': attribute type 4 has an invalid length.
[  196.656694][ T5979] usb 5-1: SerialNumber: syz
[  196.667173][ T9088] lo speed is unknown, defaulting to 1000
[  196.667483][ T5979] usb 5-1: config 0 descriptor??
[  196.919370][ T5979] usb 5-1: USB disconnect, device number 18
[  197.174385][ T8102] usb 6-1: new high-speed USB device number 19 using dummy_hcd
[  197.338823][ T8102] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  197.343307][ T8102] usb 6-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  197.348903][ T8102] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66
[  197.353796][ T8102] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  197.359047][ T8102] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  197.367471][ T8102] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  197.372623][ T8102] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  197.377275][ T8102] usb 6-1: Product: syz
[  197.380326][ T8102] usb 6-1: Manufacturer: syz
[  197.387605][ T8102] cdc_wdm 6-1:1.0: skipping garbage
[  197.390908][ T8102] cdc_wdm 6-1:1.0: skipping garbage
[  197.395709][ T8102] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device
[  197.399452][ T8102] cdc_wdm 6-1:1.0: Unknown control protocol
[  197.648961][    C2] cdc_wdm 6-1:1.0: nonzero urb status received: -71
[  197.649536][ T1019] usb 6-1: USB disconnect, device number 19
[  197.651631][    C2] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes
[  197.651647][    C2] cdc_wdm 6-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19
[  197.651823][ T9091] cdc_wdm 6-1:1.0: Tx URB error: -19
[  197.786270][ T5981] usb 5-1: new high-speed USB device number 19 using dummy_hcd
[  197.944907][ T5981] usb 5-1: Using ep0 maxpacket: 8
[  197.949926][ T5981] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  197.954446][ T5981] usb 5-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  197.958120][ T5981] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  197.963201][ T5981] usb 5-1: config 0 descriptor??
[  198.124440][ T1925] usb 6-1: new high-speed USB device number 20 using dummy_hcd
[  198.174002][ T5981] iowarrior 5-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[  198.275983][ T1925] usb 6-1: config 1 interface 0 altsetting 9 bulk endpoint 0x82 has invalid maxpacket 8
[  198.279090][ T1925] usb 6-1: config 1 interface 0 altsetting 9 endpoint 0x3 has invalid wMaxPacketSize 0
[  198.283034][ T1925] usb 6-1: config 1 interface 0 altsetting 9 bulk endpoint 0x3 has invalid maxpacket 0
[  198.286977][ T1925] usb 6-1: config 1 interface 0 has no altsetting 0
[  198.290742][ T1925] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  198.293721][ T1925] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  198.296291][ T1925] usb 6-1: Product: syz
[  198.298005][ T1925] usb 6-1: Manufacturer: syz
[  198.299944][ T1925] usb 6-1: SerialNumber: syz
[  198.304695][ T9091] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  198.484912][ T8102] usb 5-1: USB disconnect, device number 19
[  198.527239][ T1925] cdc_ether 6-1:1.0: probe with driver cdc_ether failed with error -22
[  198.534096][ T1925] usb 6-1: USB disconnect, device number 20
[  198.688817][ T9109] netlink: 'syz.3.914': attribute type 1 has an invalid length.
[  198.712502][ T9109] bond1: (slave gre1): The slave device specified does not support setting the MAC address
[  198.716914][ T9109] bond1: (slave gre1): Setting fail_over_mac to active for active-backup mode
[  198.720480][ T9109] bond1: (slave gre1): Opening slave failed
[  198.777734][ T9111] Invalid ELF header magic: != ELF
[  199.506337][ T9135] netlink: 'syz.1.918': attribute type 10 has an invalid length.
[  199.520795][ T9135] team0: Device veth0_vlan is of different type
[  199.529464][ T9139] netlink: 'syz.3.923': attribute type 1 has an invalid length.
[  199.547269][ T9139] bond2: (slave gre1): The slave device specified does not support setting the MAC address
[  199.549263][ T9135] dlm: plock device version mismatch: kernel (1.2.0), user (2.0.0)
[  199.550380][ T9139] bond2: (slave gre1): Setting fail_over_mac to active for active-backup mode
[  199.564143][ T9139] bond2: (slave gre1): Opening slave failed
[  199.626110][ T9141] Invalid ELF header magic: != ELF
[  200.272646][   T40] audit: type=1800 audit(2000000103.340:14): pid=9160 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.927" name="SYSV00000000" dev="tmpfs" ino=2 res=0 errno=0
[  200.341397][ T9157] netlink: 'syz.0.927': attribute type 4 has an invalid length.
[  200.404382][ T8102] usb 6-1: new high-speed USB device number 21 using dummy_hcd
[  200.554385][ T8102] usb 6-1: Using ep0 maxpacket: 8
[  200.558890][ T8102] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  200.563013][ T8102] usb 6-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  200.569572][ T8102] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  200.578101][ T8102] usb 6-1: config 0 descriptor??
[  200.792541][ T8102] iowarrior 6-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[  201.028742][ T9163] input: syz1 as /devices/virtual/input/input15
[  201.101784][ T8102] usb 6-1: USB disconnect, device number 21
[  201.133621][ T9174] netlink: 'syz.3.932': attribute type 1 has an invalid length.
[  201.167934][ T9174] bond3: (slave gre1): The slave device specified does not support setting the MAC address
[  201.171880][ T9174] bond3: (slave gre1): Setting fail_over_mac to active for active-backup mode
[  201.176388][ T9174] bond3: (slave gre1): Opening slave failed
[  201.240122][ T9176] Invalid ELF header magic: != ELF
[  201.782919][ T9189] syz_tun: entered allmulticast mode
[  201.866952][ T9188] syz_tun: left allmulticast mode
[  201.931099][ T9193] netlink: 40 bytes leftover after parsing attributes in process `syz.1.941'.
[  202.384831][ T1925] usb 6-1: new high-speed USB device number 22 using dummy_hcd
[  202.545534][ T1925] usb 6-1: Using ep0 maxpacket: 8
[  202.550560][ T1925] usb 6-1: config 0 has no interfaces?
[  202.555866][ T1925] usb 6-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ee
[  202.559354][ T1925] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  202.561832][ T1925] usb 6-1: Product: syz
[  202.563278][ T1925] usb 6-1: Manufacturer: syz
[  202.565074][ T1925] usb 6-1: SerialNumber: syz
[  202.567915][ T1925] usb 6-1: config 0 descriptor??
[  202.674370][   T58] usb 5-1: new low-speed USB device number 20 using dummy_hcd
[  202.778811][ T5980] usb 6-1: USB disconnect, device number 22
[  202.837327][   T58] usb 5-1: No LPM exit latency info found, disabling LPM.
[  202.841006][   T58] usb 5-1: config 1 interface 0 altsetting 6 endpoint 0x81 has invalid maxpacket 16, setting to 8
[  202.845715][   T58] usb 5-1: config 1 interface 0 altsetting 6 endpoint 0x2 has invalid maxpacket 1024, setting to 8
[  202.850188][   T58] usb 5-1: config 1 interface 0 has no altsetting 0
[  203.429515][ T9221] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  203.877232][ T9232] netlink: 'syz.3.954': attribute type 1 has an invalid length.
[  203.909439][ T9232] bond4: (slave gre1): The slave device specified does not support setting the MAC address
[  203.912573][ T9232] bond4: (slave gre1): Setting fail_over_mac to active for active-backup mode
[  203.916768][ T9232] bond4: (slave gre1): Opening slave failed
[  203.973274][ T9235] Invalid ELF header magic: != ELF
[  204.257789][ T9241] ALSA: mixer_oss: invalid index 40000
[  205.366120][   T58] usb 5-1: New USB device found, idVendor=056a, idProduct=0300, bcdDevice= 0.40
[  205.374383][   T58] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  205.378969][   T58] usb 5-1: can't set config #1, error -71
[  205.381184][   T58] usb 5-1: USB disconnect, device number 20
[  205.802923][ T9274] kvm: kvm [9273]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010058) = 0xc00000008
[  206.347427][ T9283] IPv6: Can't replace route, no match found
[  206.554222][ T9287] capability: warning: `syz.1.973' uses deprecated v2 capabilities in a way that may be insecure
[  206.563968][ T9290] pim6reg: left allmulticast mode
[  206.567019][ T9290] lo: left allmulticast mode
[  206.665376][ T9297] netlink: 4 bytes leftover after parsing attributes in process `syz.1.976'.
[  207.587922][ T9300] bridge0: port 2(syz_tun) entered blocking state
[  207.590343][ T9300] bridge0: port 2(syz_tun) entered disabled state
[  207.592373][ T9300] syz_tun: entered allmulticast mode
[  207.595466][ T9300] syz_tun: entered promiscuous mode
[  207.598114][ T9300] bridge0: port 2(syz_tun) entered blocking state
[  207.600504][ T9300] bridge0: port 2(syz_tun) entered forwarding state
[  207.740927][ T9321] FAULT_INJECTION: forcing a failure.
[  207.740927][ T9321] name failslab, interval 1, probability 0, space 0, times 0
[  207.744818][ T9321] CPU: 3 UID: 0 PID: 9321 Comm: syz.1.983 Not tainted 6.15.0-rc4-syzkaller-00052-g4f79eaa2ceac #0 PREEMPT(full) 
[  207.744832][ T9321] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  207.744839][ T9321] Call Trace:
[  207.744843][ T9321]  <TASK>
[  207.744847][ T9321]  dump_stack_lvl+0x16c/0x1f0
[  207.744882][ T9321]  should_fail_ex+0x512/0x640
[  207.744899][ T9321]  ? __kmalloc_node_track_caller_noprof+0xc3/0x510
[  207.744913][ T9321]  should_failslab+0xc2/0x120
[  207.744925][ T9321]  __kmalloc_node_track_caller_noprof+0xd6/0x510
[  207.744938][ T9321]  ? kstrdup_const+0x63/0x80
[  207.744952][ T9321]  kstrdup+0x53/0x100
[  207.744964][ T9321]  kstrdup_const+0x63/0x80
[  207.744975][ T9321]  __kernfs_new_node+0x9b/0x8a0
[  207.744993][ T9321]  ? __pfx___kernfs_new_node+0x10/0x10
[  207.745012][ T9321]  ? find_held_lock+0x2b/0x80
[  207.745023][ T9321]  ? kernfs_root+0xee/0x2a0
[  207.745034][ T9321]  kernfs_new_node+0x13c/0x1e0
[  207.745048][ T9321]  kernfs_create_link+0xcc/0x240
[  207.745061][ T9321]  sysfs_do_create_link_sd+0x90/0x140
[  207.745078][ T9321]  sysfs_create_link+0x61/0xc0
[  207.745093][ T9321]  device_add+0x62c/0x1a70
[  207.745106][ T9321]  ? lockdep_init_map_type+0x5c/0x280
[  207.745119][ T9321]  ? __pfx_device_add+0x10/0x10
[  207.745131][ T9321]  ? lockdep_init_map_type+0x5c/0x280
[  207.745144][ T9321]  ? __init_waitqueue_head+0xca/0x150
[  207.745163][ T9321]  tty_register_device_attr+0x38e/0x7c0
[  207.745175][ T9321]  ? __pfx_tty_register_device_attr+0x10/0x10
[  207.745192][ T9321]  rfcomm_dev_ioctl+0x16be/0x1ca0
[  207.745206][ T9321]  ? __pfx_rfcomm_dev_ioctl+0x10/0x10
[  207.745219][ T9321]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  207.745236][ T9321]  rfcomm_sock_compat_ioctl+0xb0/0xd0
[  207.745250][ T9321]  ? __pfx_rfcomm_sock_compat_ioctl+0x10/0x10
[  207.745266][ T9321]  compat_sock_ioctl+0x173/0x730
[  207.745282][ T9321]  ? __pfx_compat_sock_ioctl+0x10/0x10
[  207.745299][ T9321]  ? __fget_files+0x20e/0x3c0
[  207.745313][ T9321]  ? __might_fault+0x80/0x190
[  207.745327][ T9321]  ? __pfx_compat_sock_ioctl+0x10/0x10
[  207.745340][ T9321]  __ia32_compat_sys_ioctl+0x24c/0x360
[  207.745356][ T9321]  __do_fast_syscall_32+0x73/0x120
[  207.745371][ T9321]  do_fast_syscall_32+0x32/0x80
[  207.745384][ T9321]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  207.745397][ T9321] RIP: 0023:0xf704e579
[  207.745405][ T9321] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  207.745415][ T9321] RSP: 002b:00000000f503e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  207.745425][ T9321] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000400452c8
[  207.745431][ T9321] RDX: 0000000080000100 RSI: 0000000000000000 RDI: 0000000000000000
[  207.745437][ T9321] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  207.745442][ T9321] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  207.745448][ T9321] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  207.745461][ T9321]  </TASK>
[  208.723753][ T9338] ntfs3(nullb0): Primary boot signature is not NTFS.
[  208.726439][ T9338] ntfs3(nullb0): try to read out of volume at offset 0x3e7ffffe00
[  208.767490][ T9342] netlink: 'syz.2.991': attribute type 1 has an invalid length.
[  208.794133][ T9342] bond0: (slave gre1): The slave device specified does not support setting the MAC address
[  208.797337][ T9342] bond0: (slave gre1): Setting fail_over_mac to active for active-backup mode
[  208.800485][ T9342] bond0: (slave gre1): Opening slave failed
[  208.861804][ T9345] Invalid ELF header magic: != ELF
[  209.898034][ T9370] netlink: 'syz.2.1000': attribute type 1 has an invalid length.
[  209.918269][ T9370] bond1: (slave gre1): The slave device specified does not support setting the MAC address
[  209.922161][ T9370] bond1: (slave gre1): Setting fail_over_mac to active for active-backup mode
[  209.927919][ T9370] bond1: (slave gre1): Opening slave failed
[  209.988473][ T9372] Invalid ELF header magic: != ELF
[  210.669009][ T9383] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  210.722254][ T9387] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  210.900019][   T46] Bluetooth: hci4: Frame reassembly failed (-84)
[  210.914379][ T1925] usb 7-1: new high-speed USB device number 23 using dummy_hcd
[  211.084377][ T1925] usb 7-1: Using ep0 maxpacket: 8
[  211.088550][ T1925] usb 7-1: config index 0 descriptor too short (expected 301, got 45)
[  211.092177][ T1925] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  211.096337][ T1925] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  211.100256][ T1925] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  211.104439][ T1925] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  211.109620][ T1925] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  211.113266][ T1925] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  211.322178][ T1925] usb 7-1: usb_control_msg returned -32
[  211.324817][ T1925] usbtmc 7-1:16.0: can't read capabilities
[  211.669256][ T9399] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off.
[  211.672804][ T9399] overlayfs: missing 'lowerdir'
[  211.677146][   T40] audit: type=1400 audit(2000000114.750:15): apparmor="DENIED" operation="change_hat" class="file" info="unconfined can not change_hat" error=-1 profile="unconfined" pid=9382 comm="syz.2.1005"
[  212.007979][ T9410] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1013'.
[  212.564408][ T8102] usb 6-1: new full-speed USB device number 23 using dummy_hcd
[  212.766549][ T8102] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  212.770871][ T8102] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  212.775400][ T8102] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  212.779506][ T8102] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5
[  212.786810][ T8102] usb 6-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  212.790616][ T8102] usb 6-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  212.793954][ T8102] usb 6-1: Manufacturer: syz
[  212.798053][ T8102] usb 6-1: config 0 descriptor??
[  212.964433][ T5945] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  212.964448][   T66] Bluetooth: hci4: command 0x1003 tx timeout
[  213.044322][ T8102] rc_core: IR keymap rc-hauppauge not found
[  213.046973][ T8102] Registered IR keymap rc-empty
[  213.049500][ T8102] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  213.064887][ T8102] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  213.087204][ T8102] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:0.0/rc/rc0
[  213.094193][ T8102] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:0.0/rc/rc0/input16
[  213.103570][ T8102] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  213.124477][ T8102] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  213.144398][ T8102] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  213.164419][ T8102] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  213.185075][ T8102] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  213.204576][ T8102] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  213.224362][ T8102] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  213.244343][ T8102] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  213.264352][ T8102] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  213.284375][ T8102] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  213.305843][ T8102] mceusb 6-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  213.309815][ T8102] mceusb 6-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  213.315940][ T8102] usb 6-1: USB disconnect, device number 23
[  213.673525][ T1019] usb 7-1: USB disconnect, device number 23
[  213.773505][ T9432] af_packet: tpacket_rcv: packet too big, clamped from 42 to 4294967286. macoff=82
[  213.785019][ T9432] nfs: Unknown parameter '.�'
[  213.980327][ T9444] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1024'.
[  214.081579][ T9448] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1021'.
[  214.993201][ T9499] FAULT_INJECTION: forcing a failure.
[  214.993201][ T9499] name failslab, interval 1, probability 0, space 0, times 0
[  214.998135][ T9499] CPU: 1 UID: 0 PID: 9499 Comm: syz.0.1029 Not tainted 6.15.0-rc4-syzkaller-00052-g4f79eaa2ceac #0 PREEMPT(full) 
[  214.998161][ T9499] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  214.998168][ T9499] Call Trace:
[  214.998171][ T9499]  <TASK>
[  214.998175][ T9499]  dump_stack_lvl+0x16c/0x1f0
[  214.998192][ T9499]  should_fail_ex+0x512/0x640
[  214.998206][ T9499]  ? __kmalloc_node_track_caller_noprof+0xc3/0x510
[  214.998221][ T9499]  should_failslab+0xc2/0x120
[  214.998233][ T9499]  __kmalloc_node_track_caller_noprof+0xd6/0x510
[  214.998245][ T9499]  ? xs_format_common_peer_addresses+0x251/0x4a0
[  214.998261][ T9499]  kstrdup+0x53/0x100
[  214.998274][ T9499]  xs_format_common_peer_addresses+0x251/0x4a0
[  214.998287][ T9499]  ? __pfx_xs_format_common_peer_addresses+0x10/0x10
[  214.998306][ T9499]  ? lockdep_init_map_type+0x5c/0x280
[  214.998319][ T9499]  ? do_init_timer+0xc9/0x110
[  214.998331][ T9499]  xs_setup_local+0x5bb/0x820
[  214.998344][ T9499]  xprt_create_transport+0x169/0x730
[  214.998357][ T9499]  rpc_create+0x38e/0x7f0
[  214.998369][ T9499]  ? __pfx_rpc_create+0x10/0x10
[  214.998386][ T9499]  ? arch_stack_walk+0xa6/0x100
[  214.998411][ T9499]  ? rpcb_create_af_local+0x6f/0x310
[  214.998421][ T9499]  ? strlen+0x51/0xa0
[  214.998436][ T9499]  rpcb_create_af_local+0x11b/0x310
[  214.998445][ T9499]  ? __pfx_rpcb_create_af_local+0x10/0x10
[  214.998468][ T9499]  ? find_held_lock+0x2b/0x80
[  214.998481][ T9499]  ? rpcb_create_local+0x1da/0x270
[  214.998501][ T9499]  rpcb_create_local+0x1ee/0x270
[  214.998519][ T9499]  svc_bind+0x1e8/0x260
[  214.998539][ T9499]  nfsd_create_serv+0x2d2/0x480
[  214.998561][ T9499]  ? __pfx_nfsd_create_serv+0x10/0x10
[  214.998589][ T9499]  nfsd_nl_listener_set_doit+0xe5/0x1a40
[  214.998615][ T9499]  ? rcu_is_watching+0x12/0xc0
[  214.998630][ T9499]  ? __pfx_nfsd_nl_listener_set_doit+0x10/0x10
[  214.998641][ T9499]  ? __nla_parse+0x40/0x60
[  214.998652][ T9499]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290
[  214.998667][ T9499]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290
[  214.998684][ T9499]  genl_family_rcv_msg_doit+0x206/0x2f0
[  214.998699][ T9499]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  214.998711][ T9499]  ? rcu_is_watching+0x12/0xc0
[  214.998725][ T9499]  ? bpf_lsm_capable+0x9/0x10
[  214.998735][ T9499]  ? security_capable+0x7e/0x260
[  214.998754][ T9499]  genl_rcv_msg+0x55c/0x800
[  214.998769][ T9499]  ? __pfx_genl_rcv_msg+0x10/0x10
[  214.998783][ T9499]  ? __pfx_nfsd_nl_listener_set_doit+0x10/0x10
[  214.998794][ T9499]  ? __lock_acquire+0xaa4/0x1ba0
[  214.998810][ T9499]  netlink_rcv_skb+0x16a/0x440
[  214.998821][ T9499]  ? __pfx_genl_rcv_msg+0x10/0x10
[  214.998834][ T9499]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  214.998853][ T9499]  ? __pfx_down_read+0x10/0x10
[  214.998868][ T9499]  ? netlink_deliver_tap+0x1ae/0xd30
[  214.998882][ T9499]  genl_rcv+0x28/0x40
[  214.998894][ T9499]  netlink_unicast+0x53a/0x7f0
[  214.998906][ T9499]  ? __pfx_netlink_unicast+0x10/0x10
[  214.998922][ T9499]  netlink_sendmsg+0x8d1/0xdd0
[  214.998936][ T9499]  ? __pfx_netlink_sendmsg+0x10/0x10
[  214.998948][ T9499]  ? __import_iovec+0x1c8/0x660
[  214.998966][ T9499]  ____sys_sendmsg+0xa95/0xc70
[  214.998981][ T9499]  ? __pfx_____sys_sendmsg+0x10/0x10
[  214.998994][ T9499]  ? get_compat_msghdr+0x11a/0x170
[  214.999010][ T9499]  ___sys_sendmsg+0x134/0x1d0
[  214.999022][ T9499]  ? __pfx____sys_sendmsg+0x10/0x10
[  214.999051][ T9499]  __sys_sendmsg+0x16d/0x220
[  214.999062][ T9499]  ? __pfx___sys_sendmsg+0x10/0x10
[  214.999079][ T9499]  ? rcu_is_watching+0x12/0xc0
[  214.999089][ T9499]  __do_fast_syscall_32+0x73/0x120
[  214.999104][ T9499]  do_fast_syscall_32+0x32/0x80
[  214.999117][ T9499]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  214.999149][ T9499] RIP: 0023:0xf704e579
[  214.999157][ T9499] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  214.999167][ T9499] RSP: 002b:00000000f4ffc55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  214.999177][ T9499] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 0000000080000040
[  214.999183][ T9499] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  214.999189][ T9499] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  214.999194][ T9499] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  214.999200][ T9499] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  214.999213][ T9499]  </TASK>
[  215.173669][ T9488] bond0: entered promiscuous mode
[  215.176379][ T9488] bond_slave_0: entered promiscuous mode
[  215.178910][ T9488] bond_slave_1: entered promiscuous mode
[  215.276999][ T9514] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  215.284192][ T9514] Illegal XDP return value 4294967282 on prog  (id 125) dev N/A, expect packet loss!
[  215.559241][ T9521] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1035'.
[  215.746670][ T9527] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1039'.
[  216.307687][ T9539] FAULT_INJECTION: forcing a failure.
[  216.307687][ T9539] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  216.311947][ T9539] CPU: 2 UID: 0 PID: 9539 Comm: syz.2.1041 Not tainted 6.15.0-rc4-syzkaller-00052-g4f79eaa2ceac #0 PREEMPT(full) 
[  216.311970][ T9539] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  216.311980][ T9539] Call Trace:
[  216.311985][ T9539]  <TASK>
[  216.311991][ T9539]  dump_stack_lvl+0x16c/0x1f0
[  216.312008][ T9539]  should_fail_ex+0x512/0x640
[  216.312025][ T9539]  _copy_from_user+0x2e/0xd0
[  216.312040][ T9539]  eventfd_write+0xdb/0x670
[  216.312051][ T9539]  ? iovec_from_user+0xbb/0x140
[  216.312066][ T9539]  ? __pfx_eventfd_write+0x10/0x10
[  216.312079][ T9539]  ? apparmor_file_permission+0x251/0x400
[  216.312091][ T9539]  ? bpf_lsm_file_permission+0x9/0x10
[  216.312105][ T9539]  ? security_file_permission+0x71/0x210
[  216.312119][ T9539]  ? rw_verify_area+0xcf/0x680
[  216.312134][ T9539]  ? __pfx_eventfd_write+0x10/0x10
[  216.312145][ T9539]  vfs_writev+0x6c4/0xdc0
[  216.312163][ T9539]  ? __pfx_vfs_writev+0x10/0x10
[  216.312187][ T9539]  ? __fget_files+0x20e/0x3c0
[  216.312206][ T9539]  ? do_writev+0x132/0x330
[  216.312219][ T9539]  do_writev+0x132/0x330
[  216.312234][ T9539]  ? __pfx_do_writev+0x10/0x10
[  216.312250][ T9539]  ? rcu_is_watching+0x12/0xc0
[  216.312261][ T9539]  __do_fast_syscall_32+0x73/0x120
[  216.312276][ T9539]  do_fast_syscall_32+0x32/0x80
[  216.312289][ T9539]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  216.312302][ T9539] RIP: 0023:0xf7fd5579
[  216.312310][ T9539] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  216.312320][ T9539] RSP: 002b:00000000f50d555c EFLAGS: 00000296 ORIG_RAX: 0000000000000092
[  216.312330][ T9539] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800002c0
[  216.312336][ T9539] RDX: 0000000000000002 RSI: 0000000000000000 RDI: 0000000000000000
[  216.312341][ T9539] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  216.312347][ T9539] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  216.312352][ T9539] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  216.312365][ T9539]  </TASK>
[  216.491245][ T9544] netlink: 'syz.1.1043': attribute type 4 has an invalid length.
[  216.720110][ T9554] netlink: 'syz.1.1044': attribute type 1 has an invalid length.
[  217.272871][ T9560] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1048'.
[  217.337003][ T9567] IPVS: sync thread started: state = MASTER, mcast_ifn = vcan0, syncid = 3, id = 0
[  217.452320][ T9571] sp0: Synchronizing with TNC
[  217.458554][ T9570] [U] �
[  217.469377][ T9573] netlink: 'syz.3.1053': attribute type 4 has an invalid length.
[  217.654701][   T40] audit: type=1326 audit(2000000120.730:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9581 comm="syz.3.1057" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f02579 code=0x7ffc0000
[  217.662515][   T40] audit: type=1326 audit(2000000120.730:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9581 comm="syz.3.1057" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f02579 code=0x7ffc0000
[  217.670203][   T40] audit: type=1326 audit(2000000120.730:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9581 comm="syz.3.1057" exe="/syz-executor" sig=0 arch=40000003 syscall=282 compat=1 ip=0xf7f02579 code=0x7ffc0000
[  217.678816][   T40] audit: type=1326 audit(2000000120.730:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9581 comm="syz.3.1057" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f02579 code=0x7ffc0000
[  217.685470][   T40] audit: type=1326 audit(2000000120.730:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9581 comm="syz.3.1057" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f02579 code=0x7ffc0000
[  217.692369][   T40] audit: type=1326 audit(2000000120.730:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9581 comm="syz.3.1057" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7f02579 code=0x7ffc0000
[  217.700086][   T40] audit: type=1326 audit(2000000120.730:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9581 comm="syz.3.1057" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f02579 code=0x7ffc0000
[  217.709195][   T40] audit: type=1326 audit(2000000120.730:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9581 comm="syz.3.1057" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f02579 code=0x7ffc0000
[  217.717954][   T40] audit: type=1326 audit(2000000120.730:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9581 comm="syz.3.1057" exe="/syz-executor" sig=0 arch=40000003 syscall=425 compat=1 ip=0xf7f02579 code=0x7ffc0000
[  217.726622][   T40] audit: type=1326 audit(2000000120.730:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9581 comm="syz.3.1057" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f02579 code=0x7ffc0000
[  217.997346][ T9591] FAULT_INJECTION: forcing a failure.
[  217.997346][ T9591] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  218.001979][ T9591] CPU: 3 UID: 0 PID: 9591 Comm: syz.2.1061 Not tainted 6.15.0-rc4-syzkaller-00052-g4f79eaa2ceac #0 PREEMPT(full) 
[  218.001993][ T9591] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  218.001999][ T9591] Call Trace:
[  218.002003][ T9591]  <TASK>
[  218.002008][ T9591]  dump_stack_lvl+0x16c/0x1f0
[  218.002024][ T9591]  should_fail_ex+0x512/0x640
[  218.002041][ T9591]  strncpy_from_user+0x3b/0x2e0
[  218.002057][ T9591]  strncpy_from_user_nofault+0x7f/0x180
[  218.002072][ T9591]  bpf_probe_read_user_str+0x26/0x70
[  218.002084][ T9591]  bpf_prog_02a70dbeb5f742df+0x43/0x45
[  218.002093][ T9591]  bpf_trace_run2+0x230/0x590
[  218.002105][ T9591]  ? __pfx_bpf_trace_run2+0x10/0x10
[  218.002117][ T9591]  ? tomoyo_realpath_from_path+0x19f/0x6e0
[  218.002131][ T9591]  ? trace_kmalloc+0x2b/0xd0
[  218.002144][ T9591]  ? __kmalloc_noprof+0x242/0x510
[  218.002156][ T9591]  kfree+0x236/0x4d0
[  218.002170][ T9591]  ? tomoyo_encode2+0x329/0x3e0
[  218.002185][ T9591]  tomoyo_realpath_from_path+0x19f/0x6e0
[  218.002200][ T9591]  ? tomoyo_profile+0x47/0x60
[  218.002222][ T9591]  tomoyo_path_number_perm+0x245/0x580
[  218.002238][ T9591]  ? tomoyo_path_number_perm+0x237/0x580
[  218.002256][ T9591]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  218.002298][ T9591]  ? find_held_lock+0x2b/0x80
[  218.002313][ T9591]  ? hook_file_ioctl_common+0x145/0x410
[  218.002331][ T9591]  ? __fget_files+0x204/0x3c0
[  218.002353][ T9591]  ? __fget_files+0x20e/0x3c0
[  218.002367][ T9591]  ? __might_fault+0x80/0x190
[  218.002380][ T9591]  security_file_ioctl_compat+0x9b/0x240
[  218.002393][ T9591]  __ia32_compat_sys_ioctl+0xc3/0x360
[  218.002409][ T9591]  __do_fast_syscall_32+0x73/0x120
[  218.002424][ T9591]  do_fast_syscall_32+0x32/0x80
[  218.002437][ T9591]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  218.002450][ T9591] RIP: 0023:0xf7fd5579
[  218.002458][ T9591] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  218.002468][ T9591] RSP: 002b:00000000f50f655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  218.002478][ T9591] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000008b28
[  218.002484][ T9591] RDX: 0000000080000000 RSI: 0000000000000000 RDI: 0000000000000000
[  218.002489][ T9591] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  218.002495][ T9591] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  218.002501][ T9591] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  218.002513][ T9591]  </TASK>
[  218.152764][ T9594] netlink: 'syz.3.1059': attribute type 1 has an invalid length.
[  218.435167][ T9607] : entered promiscuous mode
[  218.787408][ T9610] netlink: 'syz.3.1066': attribute type 12 has an invalid length.
[  218.791058][ T9610] trusted_key: syz.3.1066 sent an empty control message without MSG_MORE.
[  219.514020][ T9635] fuse: Bad value for 'fd'
[  219.525718][ T9635] syz.3.1073 (9635): drop_caches: 2
[  219.527901][ T9635] syz.3.1073 (9635): drop_caches: 2
[  219.705680][ T9637] netlink: 'syz.2.1074': attribute type 1 has an invalid length.
[  220.117861][ T9648] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1077'.
[  220.510338][ T9656] FAULT_INJECTION: forcing a failure.
[  220.510338][ T9656] name failslab, interval 1, probability 0, space 0, times 0
[  220.514340][ T9656] CPU: 2 UID: 0 PID: 9656 Comm: syz.2.1080 Not tainted 6.15.0-rc4-syzkaller-00052-g4f79eaa2ceac #0 PREEMPT(full) 
[  220.514354][ T9656] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  220.514361][ T9656] Call Trace:
[  220.514364][ T9656]  <TASK>
[  220.514368][ T9656]  dump_stack_lvl+0x16c/0x1f0
[  220.514385][ T9656]  should_fail_ex+0x512/0x640
[  220.514412][ T9656]  ? fs_reclaim_acquire+0xae/0x150
[  220.514428][ T9656]  ? tomoyo_encode2+0x100/0x3e0
[  220.514441][ T9656]  should_failslab+0xc2/0x120
[  220.514454][ T9656]  __kmalloc_noprof+0xd2/0x510
[  220.514464][ T9656]  ? d_absolute_path+0x136/0x1a0
[  220.514478][ T9656]  tomoyo_encode2+0x100/0x3e0
[  220.514493][ T9656]  tomoyo_encode+0x29/0x50
[  220.514506][ T9656]  tomoyo_realpath_from_path+0x18f/0x6e0
[  220.514523][ T9656]  tomoyo_path_number_perm+0x245/0x580
[  220.514534][ T9656]  ? tomoyo_path_number_perm+0x237/0x580
[  220.514547][ T9656]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  220.514573][ T9656]  ? find_held_lock+0x2b/0x80
[  220.514582][ T9656]  ? hook_file_ioctl_common+0x145/0x410
[  220.514593][ T9656]  ? __fget_files+0x204/0x3c0
[  220.514610][ T9656]  ? __fget_files+0x20e/0x3c0
[  220.514623][ T9656]  ? __might_fault+0x80/0x190
[  220.514637][ T9656]  security_file_ioctl_compat+0x9b/0x240
[  220.514650][ T9656]  __ia32_compat_sys_ioctl+0xc3/0x360
[  220.514666][ T9656]  __do_fast_syscall_32+0x73/0x120
[  220.514680][ T9656]  do_fast_syscall_32+0x32/0x80
[  220.514694][ T9656]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  220.514706][ T9656] RIP: 0023:0xf7fd5579
[  220.514714][ T9656] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  220.514724][ T9656] RSP: 002b:00000000f50d555c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  220.514734][ T9656] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000005402
[  220.514740][ T9656] RDX: 0000000080000080 RSI: 0000000000000000 RDI: 0000000000000000
[  220.514746][ T9656] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  220.514751][ T9656] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  220.514756][ T9656] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  220.514769][ T9656]  </TASK>
[  220.514793][ T9656] ERROR: Out of memory at tomoyo_realpath_from_path.
[  220.823360][ T9662] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1081'.
[  221.453294][ T9672] hfs: unable to load iocharset "io#harset"
[  221.897664][ T9681] geneve1: entered promiscuous mode
[  222.015000][ T9684] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[  222.017875][ T9684] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  222.726014][ T9702] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1096'.
[  222.834186][ T9704] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1095'.
[  223.164396][ T5979] usb 7-1: new high-speed USB device number 24 using dummy_hcd
[  223.317728][ T5979] usb 7-1: Using ep0 maxpacket: 8
[  223.321560][ T5979] usb 7-1: config 0 has no interfaces?
[  223.329158][ T5979] usb 7-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ee
[  223.333202][ T5979] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  223.337891][ T5979] usb 7-1: Product: syz
[  223.340393][ T5979] usb 7-1: Manufacturer: syz
[  223.342428][ T5979] usb 7-1: SerialNumber: syz
[  223.346996][ T5979] usb 7-1: config 0 descriptor??
[  223.349861][ T9716] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1099'.
[  223.553312][ T5979] usb 7-1: USB disconnect, device number 24
[  223.588434][ T9723] netlink: 'syz.1.1102': attribute type 7 has an invalid length.
[  223.986080][ T9738] bond0: (slave bond_slave_0): Releasing backup interface
[  224.037407][ T9738] bond_slave_0: left promiscuous mode
[  224.048665][ T9738] bond0: (slave bond_slave_1): Releasing backup interface
[  224.052799][ T9738] bond_slave_1: left promiscuous mode
[  224.070450][ T9738] team0: Port device team_slave_0 removed
[  224.082413][ T9738] team0: Port device team_slave_1 removed
[  224.086558][ T9738] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  224.089135][ T9738] batman_adv: batadv0: Removing interface: batadv_slave_0
[  224.096121][ T9738] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  224.098636][ T9738] batman_adv: batadv0: Removing interface: batadv_slave_1
[  224.464756][ T9753] RDS: rds_bind could not find a transport for fc00::1, load rds_tcp or rds_rdma?
[  225.752615][ T9780] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1120'.
[  226.011197][ T9793] netlink: 'syz.2.1131': attribute type 4 has an invalid length.
[  226.935063][ T9829] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1134'.
[  227.134432][  T834] usb 8-1: new high-speed USB device number 19 using dummy_hcd
[  227.261167][ T9835] hfs: unable to load iocharset "io#harset"
[  227.304321][  T834] usb 8-1: Using ep0 maxpacket: 8
[  227.311628][  T834] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  227.318913][  T834] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  227.321756][  T834] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  227.324748][  T834] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  227.328714][  T834] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  227.331515][  T834] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  227.543291][  T834] usb 8-1: GET_CAPABILITIES returned 0
[  227.545169][  T834] usbtmc 8-1:16.0: can't read capabilities
[  227.644182][ T9843] geneve1: entered promiscuous mode
[  227.758329][  T834] usb 8-1: USB disconnect, device number 19
[  227.822047][ T9843] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[  227.825517][ T9843] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  228.151653][ T9859] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1146'.
[  228.156329][ T9859] fuse: Unknown parameter 'group_i00000000000000000000'
[  228.295618][ T9864] netlink: 'syz.3.1148': attribute type 4 has an invalid length.
[  228.670295][ T9870] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1150'.
[  228.673256][ T9870] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  228.711378][ T9870] batman_adv: batadv0: Removing interface: batadv_slave_1
[  228.744593][ T9871] hsr0: entered promiscuous mode
[  228.747126][ T9871] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1150'.
[  228.753425][ T9871] hsr_slave_0: left promiscuous mode
[  228.755788][ T9871] hsr_slave_1: left promiscuous mode
[  228.765124][ T9871] hsr0 (unregistering): left promiscuous mode
[  229.134397][ T1019] usb 5-1: new high-speed USB device number 21 using dummy_hcd
[  229.314317][ T1019] usb 5-1: Using ep0 maxpacket: 8
[  229.318005][ T1019] usb 5-1: config 168 descriptor has 1 excess byte, ignoring
[  229.320809][ T1019] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  229.325411][ T1019] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  229.329317][ T1019] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  229.333147][ T1019] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  229.337776][ T1019] usb 5-1: config 168 descriptor has 1 excess byte, ignoring
[  229.340277][ T1019] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  229.343784][ T1019] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  229.347596][ T1019] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  229.351499][ T1019] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  229.355926][ T1019] usb 5-1: config 168 descriptor has 1 excess byte, ignoring
[  229.358355][ T1019] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  229.361846][ T1019] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  229.365463][ T1019] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  229.368908][ T1019] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  229.374379][ T5980] usb 8-1: new high-speed USB device number 20 using dummy_hcd
[  229.374598][ T1019] usb 5-1: string descriptor 0 read error: -22
[  229.378973][ T1019] usb 5-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  229.381736][ T1019] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  229.387620][ T1019] adutux 5-1:168.0: ADU100  now attached to /dev/usb/adutux0
[  229.525956][ T5980] usb 8-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  229.530135][ T5980] usb 8-1: config 0 interface 0 has no altsetting 0
[  229.535318][ T5980] usb 8-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  229.539025][ T5980] usb 8-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  229.542510][ T5980] usb 8-1: Product: syz
[  229.544405][ T5980] usb 8-1: Manufacturer: syz
[  229.546259][ T5980] usb 8-1: SerialNumber: syz
[  229.548915][ T5980] usb 8-1: config 0 descriptor??
[  229.553778][ T5980] usb 8-1: selecting invalid altsetting 0
[  229.587950][ T1019] usb 5-1: USB disconnect, device number 21
[  229.759614][ T1925] usb 8-1: USB disconnect, device number 20
[  230.029041][ T9897] lo speed is unknown, defaulting to 1000
[  230.121239][ T9901] netlink: 'syz.0.1158': attribute type 4 has an invalid length.
[  230.125771][   T57] lo speed is unknown, defaulting to 1000
[  230.127568][   T57] syz2: Port: 1 Link DOWN
[  230.209648][ T9910] tipc: Enabled bearer <eth:team0>, priority 0
[  230.349384][ T9917] netlink: 'syz.2.1159': attribute type 6 has an invalid length.
[  230.352421][ T9917] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.1159'.
[  230.500469][ T9919] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1159'.
[  232.133932][   T40] kauditd_printk_skb: 61 callbacks suppressed
[  232.133944][   T40] audit: type=1326 audit(2000000135.200:87): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9946 comm="syz.1.1169" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf704e579 code=0x0
[  232.226629][ T9956] block device autoloading is deprecated and will be removed.
[  232.278281][ T9957] bond0: entered promiscuous mode
[  232.279910][ T9957] bond_slave_0: entered promiscuous mode
[  232.281952][ T9957] bond_slave_1: entered promiscuous mode
[  232.284001][ T9957] batadv0: entered promiscuous mode
[  232.473843][ T9959] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1172'.
[  232.714970][ T9965] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1173'.
[  232.719079][ T9965] fuse: Unknown parameter 'group_i00000000000000000000'
[  232.998594][ T9969] autofs: Unknown parameter './file0'
[  233.307597][ T9987] lo speed is unknown, defaulting to 1000
[  233.309989][ T9987] lo speed is unknown, defaulting to 1000
[  233.313023][ T9987] lo speed is unknown, defaulting to 1000
[  233.322357][ T9987] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98
[  233.336684][ T9987] lo speed is unknown, defaulting to 1000
[  233.340217][ T9987] lo speed is unknown, defaulting to 1000
[  233.343875][ T9987] lo speed is unknown, defaulting to 1000
[  233.346848][ T9987] lo speed is unknown, defaulting to 1000
[  233.875041][ T9993] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1183'.
[  234.192517][T10002] FAULT_INJECTION: forcing a failure.
[  234.192517][T10002] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  234.200521][T10002] CPU: 2 UID: 0 PID: 10002 Comm: syz.2.1186 Not tainted 6.15.0-rc4-syzkaller-00052-g4f79eaa2ceac #0 PREEMPT(full) 
[  234.200537][T10002] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  234.200543][T10002] Call Trace:
[  234.200547][T10002]  <TASK>
[  234.200551][T10002]  dump_stack_lvl+0x16c/0x1f0
[  234.200569][T10002]  should_fail_ex+0x512/0x640
[  234.200586][T10002]  should_fail_alloc_page+0xe7/0x130
[  234.200600][T10002]  prepare_alloc_pages+0x3c2/0x610
[  234.200615][T10002]  ? __pfx_kvm_mmu_notifier_invalidate_range_end+0x10/0x10
[  234.200630][T10002]  __alloc_frozen_pages_noprof+0x18f/0x23a0
[  234.200643][T10002]  ? find_held_lock+0x2b/0x80
[  234.200654][T10002]  ? __mmu_notifier_invalidate_range_end+0x35b/0x430
[  234.200683][T10002]  ? try_to_migrate_one+0x13d8/0x3380
[  234.200694][T10002]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  234.200715][T10002]  ? __up_read+0x1f8/0x750
[  234.200728][T10002]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  234.200748][T10002]  ? policy_nodemask+0xea/0x4e0
[  234.200762][T10002]  alloc_pages_mpol+0x1fb/0x550
[  234.200775][T10002]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  234.200786][T10002]  ? rmap_walk_anon+0x503/0x710
[  234.200805][T10002]  folio_alloc_mpol_noprof+0x36/0x2f0
[  234.200821][T10002]  alloc_migration_target_by_mpol+0x246/0x490
[  234.200836][T10002]  ? __pfx_alloc_migration_target_by_mpol+0x10/0x10
[  234.200851][T10002]  ? __pfx_invalid_migration_vma+0x10/0x10
[  234.200865][T10002]  ? __pfx___might_resched+0x10/0x10
[  234.200877][T10002]  ? folio_get_anon_vma+0xdd/0x760
[  234.200889][T10002]  migrate_pages_batch+0x3bc/0x31a0
[  234.200906][T10002]  ? __pfx_alloc_migration_target_by_mpol+0x10/0x10
[  234.200926][T10002]  ? __pfx_migrate_pages_batch+0x10/0x10
[  234.200945][T10002]  migrate_pages_sync+0x12d/0x8a0
[  234.200960][T10002]  ? __pfx_alloc_migration_target_by_mpol+0x10/0x10
[  234.200977][T10002]  ? tracing_record_taskinfo_sched_switch+0x54/0x400
[  234.200992][T10002]  ? __pfx_migrate_pages_sync+0x10/0x10
[  234.201008][T10002]  ? rcu_is_watching+0x12/0xc0
[  234.201018][T10002]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  234.201031][T10002]  ? lockdep_hardirqs_on+0x7c/0x110
[  234.201046][T10002]  migrate_pages+0x1b28/0x2350
[  234.201061][T10002]  ? __pfx_alloc_migration_target_by_mpol+0x10/0x10
[  234.201079][T10002]  ? wake_up_q+0xb0/0x160
[  234.201088][T10002]  ? __pfx_migrate_pages+0x10/0x10
[  234.201102][T10002]  ? rwsem_wake.isra.0+0xc5/0x120
[  234.201116][T10002]  ? __pfx_rwsem_wake.isra.0+0x10/0x10
[  234.201130][T10002]  ? find_held_lock+0x2b/0x80
[  234.201143][T10002]  ? up_write+0x1b2/0x520
[  234.201159][T10002]  do_mbind+0x6f0/0xf30
[  234.201177][T10002]  ? __pfx_do_mbind+0x10/0x10
[  234.201191][T10002]  ? __schedule+0x1186/0x5de0
[  234.201210][T10002]  ? __pfx_get_nodes+0x10/0x10
[  234.201225][T10002]  kernel_mbind+0x1e3/0x1f0
[  234.201240][T10002]  ? __pfx_kernel_mbind+0x10/0x10
[  234.201256][T10002]  ? rcu_is_watching+0x12/0xc0
[  234.201267][T10002]  __do_fast_syscall_32+0x73/0x120
[  234.201282][T10002]  do_fast_syscall_32+0x32/0x80
[  234.201296][T10002]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  234.201309][T10002] RIP: 0023:0xf7fd5579
[  234.201317][T10002] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  234.201327][T10002] RSP: 002b:00000000f50b455c EFLAGS: 00000296 ORIG_RAX: 0000000000000112
[  234.201338][T10002] RAX: ffffffffffffffda RBX: 0000000080001000 RCX: 0000000000800000
[  234.201345][T10002] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  234.201351][T10002] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000
[  234.201357][T10002] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  234.201362][T10002] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  234.201376][T10002]  </TASK>
[  234.376883][T10016] netlink: 'syz.3.1192': attribute type 1 has an invalid length.
[  234.410354][T10016] bond5: (slave gre1): The slave device specified does not support setting the MAC address
[  234.414154][T10016] bond5: (slave gre1): Setting fail_over_mac to active for active-backup mode
[  234.418635][T10016] bond5: (slave gre1): Opening slave failed
[  234.554649][ T8102] usb 6-1: new high-speed USB device number 24 using dummy_hcd
[  234.663798][T10026] netlink: 'syz.3.1194': attribute type 7 has an invalid length.
[  234.674977][T10027] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1193'.
[  234.679185][T10027] fuse: Unknown parameter 'group_id00000000000000000000'
[  234.724353][ T8102] usb 6-1: Using ep0 maxpacket: 8
[  234.815187][ T8102] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  234.818626][ T8102] usb 6-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  234.821475][ T8102] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  234.825054][ T8102] usb 6-1: config 0 descriptor??
[  234.846038][T10031] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1195'.
[  235.030057][ T8102] iowarrior 6-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[  235.368330][T10041] siw: device registration error -23
[  235.658798][  T834] usb 6-1: USB disconnect, device number 24
[  235.797534][T10046] ALSA: mixer_oss: invalid index 40000
[  235.914155][T10052] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1202'.
[  236.115632][T10054] input: syz0 as /devices/virtual/input/input18
[  236.165406][T10058] netlink: 'syz.0.1205': attribute type 10 has an invalid length.
[  236.167874][T10058] tipc: Resetting bearer <eth:team0>
[  236.173151][T10058] batman_adv: batadv0: Adding interface: team0
[  236.175153][T10058] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  236.183119][T10058] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active
[  236.188130][T10058] netlink: 'syz.0.1205': attribute type 10 has an invalid length.
[  236.190740][T10058] netlink: 2 bytes leftover after parsing attributes in process `syz.0.1205'.
[  236.193908][T10058] team0: entered promiscuous mode
[  236.196088][T10058] 8021q: adding VLAN 0 to HW filter on device team0
[  236.199019][T10058] batman_adv: batadv0: Interface activated: team0
[  236.204367][T10058] batman_adv: batadv0: Interface deactivated: team0
[  236.206436][T10058] batman_adv: batadv0: Removing interface: team0
[  236.231960][T10061] binder: 10060:10061 ioctl c0306201 800003c0 returned -14
[  236.234665][T10061] FAULT_INJECTION: forcing a failure.
[  236.234665][T10061] name failslab, interval 1, probability 0, space 0, times 0
[  236.238460][T10061] CPU: 0 UID: 0 PID: 10061 Comm: syz.0.1206 Not tainted 6.15.0-rc4-syzkaller-00052-g4f79eaa2ceac #0 PREEMPT(full) 
[  236.238474][T10061] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  236.238480][T10061] Call Trace:
[  236.238484][T10061]  <TASK>
[  236.238488][T10061]  dump_stack_lvl+0x16c/0x1f0
[  236.238505][T10061]  should_fail_ex+0x512/0x640
[  236.238519][T10061]  ? fs_reclaim_acquire+0xae/0x150
[  236.238534][T10061]  ? tomoyo_encode2+0x100/0x3e0
[  236.238546][T10061]  should_failslab+0xc2/0x120
[  236.238559][T10061]  __kmalloc_noprof+0xd2/0x510
[  236.238570][T10061]  ? d_absolute_path+0x136/0x1a0
[  236.238584][T10061]  tomoyo_encode2+0x100/0x3e0
[  236.238598][T10061]  tomoyo_encode+0x29/0x50
[  236.238611][T10061]  tomoyo_realpath_from_path+0x18f/0x6e0
[  236.238628][T10061]  tomoyo_path_number_perm+0x245/0x580
[  236.238638][T10061]  ? tomoyo_path_number_perm+0x237/0x580
[  236.238651][T10061]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  236.238676][T10061]  ? find_held_lock+0x2b/0x80
[  236.238686][T10061]  ? hook_file_ioctl_common+0x145/0x410
[  236.238696][T10061]  ? __fget_files+0x204/0x3c0
[  236.238713][T10061]  ? __fget_files+0x20e/0x3c0
[  236.238727][T10061]  ? __might_fault+0x80/0x190
[  236.238741][T10061]  security_file_ioctl_compat+0x9b/0x240
[  236.238754][T10061]  __ia32_compat_sys_ioctl+0xc3/0x360
[  236.238770][T10061]  __do_fast_syscall_32+0x73/0x120
[  236.238784][T10061]  do_fast_syscall_32+0x32/0x80
[  236.238797][T10061]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  236.238809][T10061] RIP: 0023:0xf704e579
[  236.238817][T10061] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  236.238827][T10061] RSP: 002b:00000000f503e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  236.238836][T10061] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000040046208
[  236.238842][T10061] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  236.238860][T10061] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  236.238866][T10061] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  236.238872][T10061] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  236.238885][T10061]  </TASK>
[  236.239266][T10061] ERROR: Out of memory at tomoyo_realpath_from_path.
[  236.726722][T10076] FAULT_INJECTION: forcing a failure.
[  236.726722][T10076] name failslab, interval 1, probability 0, space 0, times 0
[  236.730800][T10076] CPU: 3 UID: 0 PID: 10076 Comm: syz.2.1211 Not tainted 6.15.0-rc4-syzkaller-00052-g4f79eaa2ceac #0 PREEMPT(full) 
[  236.730815][T10076] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  236.730822][T10076] Call Trace:
[  236.730826][T10076]  <TASK>
[  236.730831][T10076]  dump_stack_lvl+0x16c/0x1f0
[  236.730848][T10076]  should_fail_ex+0x512/0x640
[  236.730862][T10076]  ? __kmalloc_noprof+0xbf/0x510
[  236.730874][T10076]  ? tcf_idr_create+0x62/0x8c0
[  236.730886][T10076]  should_failslab+0xc2/0x120
[  236.730899][T10076]  __kmalloc_noprof+0xd2/0x510
[  236.730910][T10076]  ? tcf_idr_check_alloc+0x159/0x770
[  236.730925][T10076]  tcf_idr_create+0x62/0x8c0
[  236.730937][T10076]  ? __nla_parse+0x40/0x60
[  236.730948][T10076]  tcf_mpls_init+0x890/0x1350
[  236.730966][T10076]  ? __pfx_tcf_mpls_init+0x10/0x10
[  236.730980][T10076]  ? __pfx___nla_validate_parse+0x10/0x10
[  236.730996][T10076]  ? __asan_memcpy+0x3c/0x60
[  236.731006][T10076]  tcf_action_init_1+0x45d/0x6c0
[  236.731022][T10076]  ? __pfx_tcf_action_init_1+0x10/0x10
[  236.731043][T10076]  ? __nla_parse+0x40/0x60
[  236.731054][T10076]  tcf_action_init+0x42c/0x9c0
[  236.731072][T10076]  ? __pfx_tcf_action_init+0x10/0x10
[  236.731085][T10076]  ? lock_acquire+0x179/0x350
[  236.731109][T10076]  ? kernel_text_address+0x8d/0x100
[  236.731125][T10076]  ? __kernel_text_address+0xd/0x40
[  236.731139][T10076]  ? unwind_get_return_address+0x59/0xa0
[  236.731163][T10076]  ? kasan_save_stack+0x42/0x60
[  236.731173][T10076]  ? kasan_save_stack+0x33/0x60
[  236.731182][T10076]  ? kasan_save_track+0x14/0x30
[  236.731191][T10076]  ? kasan_save_free_info+0x3b/0x60
[  236.731204][T10076]  ? __kasan_slab_free+0x51/0x70
[  236.731216][T10076]  tcf_action_add+0xee/0x5c0
[  236.731232][T10076]  ? __pfx_tcf_action_add+0x10/0x10
[  236.731267][T10076]  ? __nla_parse+0x40/0x60
[  236.731278][T10076]  tc_ctl_action+0x35b/0x470
[  236.731292][T10076]  ? __pfx_tc_ctl_action+0x10/0x10
[  236.731311][T10076]  ? __pfx_tc_ctl_action+0x10/0x10
[  236.731326][T10076]  rtnetlink_rcv_msg+0x3c6/0xe90
[  236.731339][T10076]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  236.731356][T10076]  netlink_rcv_skb+0x16a/0x440
[  236.731368][T10076]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  236.731380][T10076]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  236.731399][T10076]  ? netlink_deliver_tap+0x1ae/0xd30
[  236.731412][T10076]  netlink_unicast+0x53a/0x7f0
[  236.731425][T10076]  ? __pfx_netlink_unicast+0x10/0x10
[  236.731440][T10076]  netlink_sendmsg+0x8d1/0xdd0
[  236.731454][T10076]  ? __pfx_netlink_sendmsg+0x10/0x10
[  236.731466][T10076]  ? __import_iovec+0x1c8/0x660
[  236.731485][T10076]  ____sys_sendmsg+0xa95/0xc70
[  236.731500][T10076]  ? __pfx_____sys_sendmsg+0x10/0x10
[  236.731512][T10076]  ? get_compat_msghdr+0x11a/0x170
[  236.731529][T10076]  ___sys_sendmsg+0x134/0x1d0
[  236.731540][T10076]  ? __pfx____sys_sendmsg+0x10/0x10
[  236.731567][T10076]  __sys_sendmsg+0x16d/0x220
[  236.731577][T10076]  ? __pfx___sys_sendmsg+0x10/0x10
[  236.731594][T10076]  ? rcu_is_watching+0x12/0xc0
[  236.731605][T10076]  __do_fast_syscall_32+0x73/0x120
[  236.731620][T10076]  do_fast_syscall_32+0x32/0x80
[  236.731633][T10076]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  236.731646][T10076] RIP: 0023:0xf7fd5579
[  236.731654][T10076] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  236.731664][T10076] RSP: 002b:00000000f50f655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  236.731673][T10076] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000180
[  236.731679][T10076] RDX: 0000000010004000 RSI: 0000000000000000 RDI: 0000000000000000
[  236.731685][T10076] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  236.731690][T10076] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  236.731696][T10076] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  236.731708][T10076]  </TASK>
[  236.732891][T10075] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1208'.
[  236.759876][T10078] netlink: 'syz.2.1212': attribute type 1 has an invalid length.
[  236.763560][T10075] fuse: Unknown parameter 'group_id00000000000000000000'
[  236.787913][T10078] bond2: (slave gre1): The slave device specified does not support setting the MAC address
[  236.862969][T10078] bond2: (slave gre1): Setting fail_over_mac to active for active-backup mode
[  236.866142][T10078] bond2: (slave gre1): Opening slave failed
[  236.947800][T10082] openvswitch: netlink: Flow key attribute not present in set flow.
[  236.974145][T10084] IPv6: Can't replace route, no match found
[  237.577139][T10092] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1217'.
[  237.741037][T10100] lo speed is unknown, defaulting to 1000
[  237.747096][T10100] lo speed is unknown, defaulting to 1000
[  237.891962][   T64] Bluetooth: hci4: Frame reassembly failed (-84)
[  237.905795][T10106] netlink: 'syz.2.1221': attribute type 1 has an invalid length.
[  237.940518][T10106] bond3: (slave gre1): The slave device specified does not support setting the MAC address
[  237.944616][T10106] bond3: (slave gre1): Setting fail_over_mac to active for active-backup mode
[  237.949040][T10106] bond3: (slave gre1): Opening slave failed
[  238.154222][   T40] audit: type=1326 audit(2000000141.220:88): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10115 comm="syz.3.1224" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f02579 code=0x0
[  238.428867][T10121] IPv6: Can't replace route, no match found
[  238.526037][T10123] openvswitch: netlink: Flow set message rejected, Key attribute missing.
[  238.585705][T10124] vivid-000: disconnect
[  239.021160][T10131] hfs: unable to load iocharset "io#harset"
[  239.283925][T10137] geneve1: entered promiscuous mode
[  239.354130][T10123] vivid-000: reconnect
[  239.797595][T10149] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1234'.
[  239.924460][   T66] Bluetooth: hci4: command 0x1003 tx timeout
[  239.924756][ T5945] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  240.152320][T10163] ALSA: mixer_oss: invalid index 40000
[  240.173190][T10163] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1239'.
[  240.320205][T10162] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1236'.
[  240.519498][T10166] netlink: 'syz.0.1240': attribute type 1 has an invalid length.
[  240.535494][T10166] bond2: (slave gre1): The slave device specified does not support setting the MAC address
[  240.538658][T10166] bond2: (slave gre1): Setting fail_over_mac to active for active-backup mode
[  240.541837][T10166] bond2: (slave gre1): Opening slave failed
[  240.657420][T10170] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1241'.
[  240.793133][T10175] virtio-fs: tag </dev/sg0> not found
[  240.795421][T10176] virtio-fs: tag </dev/sg0> not found
[  240.872678][T10183] lo speed is unknown, defaulting to 1000
[  240.883200][T10180] hfs: unable to load iocharset "io#harset"
[  240.895032][T10183] lo speed is unknown, defaulting to 1000
[  241.128802][T10192] binder: 10191:10192 ioctl c0306201 800003c0 returned -14
[  242.686664][T10225] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1255'.
[  242.691653][T10225] fuse: Bad value for 'user_id'
[  242.693558][T10225] fuse: Bad value for 'user_id'
[  243.004866][T10246] netlink: 'syz.3.1259': attribute type 6 has an invalid length.
[  243.008208][T10246] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.1259'.
[  243.168283][T10246] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1259'.
[  243.264404][T10255] sp0: Synchronizing with TNC
[  243.284648][ T1019] usb 7-1: new full-speed USB device number 25 using dummy_hcd
[  243.446054][ T1019] usb 7-1: config 0 has no interfaces?
[  243.449485][ T1019] usb 7-1: New USB device found, idVendor=054c, idProduct=02e1, bcdDevice=e2.c8
[  243.452369][ T1019] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  243.455706][ T1019] usb 7-1: Product: syz
[  243.457459][ T1019] usb 7-1: Manufacturer: syz
[  243.459156][ T1019] usb 7-1: SerialNumber: syz
[  243.462233][ T1019] usb 7-1: config 0 descriptor??
[  243.641077][T10258] binder: 10257:10258 ioctl c0306201 800003c0 returned -14
[  243.644603][T10258] FAULT_INJECTION: forcing a failure.
[  243.644603][T10258] name failslab, interval 1, probability 0, space 0, times 0
[  243.649957][T10258] CPU: 0 UID: 0 PID: 10258 Comm: syz.3.1267 Not tainted 6.15.0-rc4-syzkaller-00052-g4f79eaa2ceac #0 PREEMPT(full) 
[  243.649981][T10258] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  243.649991][T10258] Call Trace:
[  243.649997][T10258]  <TASK>
[  243.650005][T10258]  dump_stack_lvl+0x16c/0x1f0
[  243.650032][T10258]  should_fail_ex+0x512/0x640
[  243.650055][T10258]  ? fs_reclaim_acquire+0xae/0x150
[  243.650081][T10258]  ? tomoyo_encode2+0x100/0x3e0
[  243.650103][T10258]  should_failslab+0xc2/0x120
[  243.650124][T10258]  __kmalloc_noprof+0xd2/0x510
[  243.650141][T10258]  ? d_absolute_path+0x136/0x1a0
[  243.650165][T10258]  tomoyo_encode2+0x100/0x3e0
[  243.650190][T10258]  tomoyo_encode+0x29/0x50
[  243.650211][T10258]  tomoyo_realpath_from_path+0x18f/0x6e0
[  243.650241][T10258]  tomoyo_path_number_perm+0x245/0x580
[  243.650259][T10258]  ? tomoyo_path_number_perm+0x237/0x580
[  243.650278][T10258]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  243.650324][T10258]  ? find_held_lock+0x2b/0x80
[  243.650339][T10258]  ? hook_file_ioctl_common+0x145/0x410
[  243.650358][T10258]  ? __fget_files+0x204/0x3c0
[  243.650387][T10258]  ? __fget_files+0x20e/0x3c0
[  243.650409][T10258]  ? __might_fault+0x80/0x190
[  243.650432][T10258]  security_file_ioctl_compat+0x9b/0x240
[  243.650455][T10258]  __ia32_compat_sys_ioctl+0xc3/0x360
[  243.650481][T10258]  __do_fast_syscall_32+0x73/0x120
[  243.650506][T10258]  do_fast_syscall_32+0x32/0x80
[  243.650528][T10258]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  243.650549][T10258] RIP: 0023:0xf7f02579
[  243.650562][T10258] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  243.650578][T10258] RSP: 002b:00000000f502655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  243.650594][T10258] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000040046208
[  243.650604][T10258] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  243.650614][T10258] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  243.650623][T10258] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  243.650632][T10258] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  243.650655][T10258]  </TASK>
[  243.650672][T10258] ERROR: Out of memory at tomoyo_realpath_from_path.
[  243.666538][ T1925] usb 7-1: USB disconnect, device number 25
[  243.691049][T10262] trusted_key: encrypted_key: keyword 'load' not allowed when called from .update method
[  243.713690][T10266] netlink: 'syz.2.1269': attribute type 4 has an invalid length.
[  244.282206][T10282] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1272'.
[  244.286819][T10282] fuse: Bad value for 'user_id'
[  244.288794][T10282] fuse: Bad value for 'user_id'
[  244.335033][T10254] [U] �
[  244.592090][T10286] hfs: unable to load iocharset "io#harset"
[  244.698573][T10289] hfs: unable to load iocharset "io#harset"
[  244.887227][T10291] geneve1: entered promiscuous mode
[  244.969216][T10296] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1278'.
[  244.972181][T10297] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1278'.
[  245.038320][T10302] netlink: 'syz.3.1280': attribute type 1 has an invalid length.
[  245.078158][T10302] bond6: (slave gre1): The slave device specified does not support setting the MAC address
[  245.082225][T10302] bond6: (slave gre1): Setting fail_over_mac to active for active-backup mode
[  245.087415][T10302] bond6: (slave gre1): Opening slave failed
[  245.371796][T10312] FAULT_INJECTION: forcing a failure.
[  245.371796][T10312] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  245.376330][T10312] CPU: 2 UID: 0 PID: 10312 Comm: syz.3.1282 Not tainted 6.15.0-rc4-syzkaller-00052-g4f79eaa2ceac #0 PREEMPT(full) 
[  245.376344][T10312] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  245.376351][T10312] Call Trace:
[  245.376355][T10312]  <TASK>
[  245.376359][T10312]  dump_stack_lvl+0x16c/0x1f0
[  245.376377][T10312]  should_fail_ex+0x512/0x640
[  245.376394][T10312]  should_fail_alloc_page+0xe7/0x130
[  245.376407][T10312]  prepare_alloc_pages+0x3c2/0x610
[  245.376422][T10312]  ? stack_depot_save_flags+0x28/0xa50
[  245.376438][T10312]  __alloc_frozen_pages_noprof+0x18f/0x23a0
[  245.376449][T10312]  ? kasan_save_stack+0x42/0x60
[  245.376459][T10312]  ? kasan_save_stack+0x33/0x60
[  245.376468][T10312]  ? kasan_save_track+0x14/0x30
[  245.376477][T10312]  ? __kasan_slab_alloc+0x89/0x90
[  245.376487][T10312]  ? kmem_cache_alloc_noprof+0x1cb/0x3b0
[  245.376497][T10312]  ? ptlock_alloc+0x1f/0x70
[  245.376505][T10312]  ? pte_alloc_one+0x6d/0x380
[  245.376515][T10312]  ? __pte_alloc+0x6d/0x3c0
[  245.376527][T10312]  ? do_pte_missing+0x2925/0x3fb0
[  245.376535][T10312]  ? handle_mm_fault+0x3fe/0xad0
[  245.376545][T10312]  ? __lock_acquire+0x5ca/0x1ba0
[  245.376564][T10312]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  245.376576][T10312]  ? __lock_acquire+0xaa4/0x1ba0
[  245.376592][T10312]  ? __lock_acquire+0x5ca/0x1ba0
[  245.376605][T10312]  ? __lock_acquire+0xaa4/0x1ba0
[  245.376616][T10312]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  245.376631][T10312]  ? policy_nodemask+0xea/0x4e0
[  245.376644][T10312]  alloc_pages_mpol+0x1fb/0x550
[  245.376656][T10312]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  245.376667][T10312]  ? page_table_check_set+0x96f/0xb50
[  245.376682][T10312]  alloc_pages_noprof+0x131/0x390
[  245.376694][T10312]  pte_alloc_one+0x19/0x380
[  245.376705][T10312]  __pte_alloc+0x6d/0x3c0
[  245.376717][T10312]  ? __pfx___pte_alloc+0x10/0x10
[  245.376733][T10312]  do_pte_missing+0x2925/0x3fb0
[  245.376742][T10312]  ? mtree_range_walk+0x718/0xc00
[  245.376755][T10312]  ? find_held_lock+0x2b/0x80
[  245.376766][T10312]  __handle_mm_fault+0x103d/0x2a40
[  245.376779][T10312]  ? __pfx___handle_mm_fault+0x10/0x10
[  245.376801][T10312]  handle_mm_fault+0x3fe/0xad0
[  245.376813][T10312]  __get_user_pages+0x771/0x36f0
[  245.376833][T10312]  ? __pfx___get_user_pages+0x10/0x10
[  245.376848][T10312]  ? __pfx_down_read_killable+0x10/0x10
[  245.376863][T10312]  ? __gup_longterm_locked+0xfec/0x1850
[  245.376881][T10312]  __gup_longterm_locked+0x20d/0x1850
[  245.376900][T10312]  ? __pfx___gup_longterm_locked+0x10/0x10
[  245.376917][T10312]  ? find_held_lock+0x2b/0x80
[  245.376926][T10312]  ? sanity_check_pinned_pages+0x23/0x11e0
[  245.376943][T10312]  gup_fast_fallback+0x183d/0x2650
[  245.376966][T10312]  ? __pfx_gup_fast_fallback+0x10/0x10
[  245.376982][T10312]  ? irqentry_exit+0x3b/0x90
[  245.376994][T10312]  ? lockdep_hardirqs_on+0x7c/0x110
[  245.377010][T10312]  pin_user_pages_fast+0xa7/0xf0
[  245.377025][T10312]  ? __pfx_pin_user_pages_fast+0x10/0x10
[  245.377040][T10312]  ? sha256_transform_blocks+0x11df/0x2130
[  245.377056][T10312]  ? sha256_transform_blocks+0x1583/0x2130
[  245.377073][T10312]  iov_iter_extract_pages+0x3a2/0x2000
[  245.377090][T10312]  ? __pfx_sha256_transform_blocks+0x10/0x10
[  245.377108][T10312]  ? __pfx_iov_iter_extract_pages+0x10/0x10
[  245.377129][T10312]  ? register_lock_class+0x41/0x4c0
[  245.377143][T10312]  extract_iter_to_sg+0xf6e/0x2090
[  245.377158][T10312]  ? lib_sha256_base_do_update.constprop.0.isra.0+0x6f/0x140
[  245.377177][T10312]  ? __pfx_extract_iter_to_sg+0x10/0x10
[  245.377188][T10312]  ? gup_put_folio+0x71/0x230
[  245.377203][T10312]  ? __pfx_unpin_user_page+0x10/0x10
[  245.377223][T10312]  hash_sendmsg+0x43e/0xfb0
[  245.377244][T10312]  sock_write_iter+0x4fc/0x5b0
[  245.377259][T10312]  ? __pfx_sock_write_iter+0x10/0x10
[  245.377277][T10312]  ? bpf_lsm_file_permission+0x9/0x10
[  245.377292][T10312]  ? security_file_permission+0x71/0x210
[  245.377314][T10312]  ? rw_verify_area+0xcf/0x680
[  245.377332][T10312]  vfs_write+0x5ba/0x1180
[  245.377358][T10312]  ? __pfx_sock_write_iter+0x10/0x10
[  245.377373][T10312]  ? __pfx_vfs_write+0x10/0x10
[  245.377381][T10312]  ? find_held_lock+0x2b/0x80
[  245.377399][T10312]  ksys_write+0x205/0x240
[  245.377419][T10312]  ? __pfx_ksys_write+0x10/0x10
[  245.377431][T10312]  ? rcu_is_watching+0x12/0xc0
[  245.377442][T10312]  __do_fast_syscall_32+0x73/0x120
[  245.377456][T10312]  do_fast_syscall_32+0x32/0x80
[  245.377474][T10312]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  245.377486][T10312] RIP: 0023:0xf7f02579
[  245.377494][T10312] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  245.377508][T10312] RSP: 002b:00000000f502655c EFLAGS: 00000296 ORIG_RAX: 0000000000000004
[  245.377517][T10312] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000040
[  245.377523][T10312] RDX: 00000000fffffdef RSI: 0000000000000000 RDI: 0000000000000000
[  245.377529][T10312] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  245.377535][T10312] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  245.377540][T10312] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  245.377553][T10312]  </TASK>
[  245.633089][T10318] FAULT_INJECTION: forcing a failure.
[  245.633089][T10318] name failslab, interval 1, probability 0, space 0, times 0
[  245.637260][T10318] CPU: 3 UID: 0 PID: 10318 Comm: syz.0.1284 Not tainted 6.15.0-rc4-syzkaller-00052-g4f79eaa2ceac #0 PREEMPT(full) 
[  245.637274][T10318] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  245.637280][T10318] Call Trace:
[  245.637283][T10318]  <TASK>
[  245.637287][T10318]  dump_stack_lvl+0x16c/0x1f0
[  245.637305][T10318]  should_fail_ex+0x512/0x640
[  245.637319][T10318]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[  245.637332][T10318]  should_failslab+0xc2/0x120
[  245.637365][T10318]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  245.637376][T10318]  ? __alloc_skb+0x2b2/0x380
[  245.637389][T10318]  __alloc_skb+0x2b2/0x380
[  245.637398][T10318]  ? __pfx___alloc_skb+0x10/0x10
[  245.637409][T10318]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  245.637423][T10318]  netlink_alloc_large_skb+0x69/0x130
[  245.637435][T10318]  netlink_sendmsg+0x6a1/0xdd0
[  245.637448][T10318]  ? __pfx_netlink_sendmsg+0x10/0x10
[  245.637461][T10318]  ? __import_iovec+0x1c8/0x660
[  245.637478][T10318]  ____sys_sendmsg+0xa95/0xc70
[  245.637494][T10318]  ? __pfx_____sys_sendmsg+0x10/0x10
[  245.637506][T10318]  ? get_compat_msghdr+0x11a/0x170
[  245.637527][T10318]  ___sys_sendmsg+0x134/0x1d0
[  245.637538][T10318]  ? __pfx____sys_sendmsg+0x10/0x10
[  245.637564][T10318]  __sys_sendmsg+0x16d/0x220
[  245.637586][T10318]  ? __pfx___sys_sendmsg+0x10/0x10
[  245.637604][T10318]  ? rcu_is_watching+0x12/0xc0
[  245.637616][T10318]  __do_fast_syscall_32+0x73/0x120
[  245.637630][T10318]  do_fast_syscall_32+0x32/0x80
[  245.637643][T10318]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  245.637656][T10318] RIP: 0023:0xf704e579
[  245.637664][T10318] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  245.637674][T10318] RSP: 002b:00000000f503e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  245.637684][T10318] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000ac0
[  245.637690][T10318] RDX: 0000000024040080 RSI: 0000000000000000 RDI: 0000000000000000
[  245.637695][T10318] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  245.637701][T10318] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  245.637707][T10318] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  245.637719][T10318]  </TASK>
[  245.778640][T10329] netlink: 'syz.0.1288': attribute type 1 has an invalid length.
[  245.830061][T10329] bond3: (slave gre1): The slave device specified does not support setting the MAC address
[  245.833227][T10329] bond3: (slave gre1): Setting fail_over_mac to active for active-backup mode
[  245.836641][T10329] bond3: (slave gre1): Opening slave failed
[  245.844629][T10331] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1286'.
[  245.848838][T10331] fuse: Bad value for 'fd'
[  246.060937][T10338] FAULT_INJECTION: forcing a failure.
[  246.060937][T10338] name failslab, interval 1, probability 0, space 0, times 0
[  246.066020][T10338] CPU: 1 UID: 0 PID: 10338 Comm: syz.1.1289 Not tainted 6.15.0-rc4-syzkaller-00052-g4f79eaa2ceac #0 PREEMPT(full) 
[  246.066034][T10338] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  246.066040][T10338] Call Trace:
[  246.066044][T10338]  <TASK>
[  246.066048][T10338]  dump_stack_lvl+0x16c/0x1f0
[  246.066065][T10338]  should_fail_ex+0x512/0x640
[  246.066079][T10338]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[  246.066092][T10338]  should_failslab+0xc2/0x120
[  246.066104][T10338]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  246.066115][T10338]  ? security_file_alloc+0x34/0x2b0
[  246.066130][T10338]  security_file_alloc+0x34/0x2b0
[  246.066142][T10338]  init_file+0x93/0x4c0
[  246.066154][T10338]  alloc_empty_file+0x73/0x1e0
[  246.066166][T10338]  alloc_file_pseudo+0x13a/0x230
[  246.066179][T10338]  ? __pfx_alloc_file_pseudo+0x10/0x10
[  246.066192][T10338]  ? alloc_fd+0x471/0x7d0
[  246.066209][T10338]  sock_alloc_file+0x50/0x210
[  246.066221][T10338]  __sys_socket+0x1c0/0x260
[  246.066234][T10338]  ? __might_fault+0xe3/0x190
[  246.066245][T10338]  ? __pfx___sys_socket+0x10/0x10
[  246.066262][T10338]  __ia32_sys_socket+0x72/0xb0
[  246.066276][T10338]  __do_fast_syscall_32+0x73/0x120
[  246.066291][T10338]  do_fast_syscall_32+0x32/0x80
[  246.066304][T10338]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  246.066317][T10338] RIP: 0023:0xf704e579
[  246.066325][T10338] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  246.066335][T10338] RSP: 002b:00000000f4ffc55c EFLAGS: 00000296 ORIG_RAX: 0000000000000167
[  246.066344][T10338] RAX: ffffffffffffffda RBX: 0000000000000011 RCX: 0000000000000003
[  246.066351][T10338] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  246.066356][T10338] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  246.066361][T10338] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  246.066367][T10338] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  246.066380][T10338]  </TASK>
[  246.225716][T10342] random: crng reseeded on system resumption
[  246.277474][T10344] hfs: unable to load iocharset "io#harset"
[  246.476308][T10350] random: crng reseeded on system resumption
[  246.481613][T10350] FAULT_INJECTION: forcing a failure.
[  246.481613][T10350] name failslab, interval 1, probability 0, space 0, times 0
[  246.485579][T10350] CPU: 0 UID: 0 PID: 10350 Comm: syz.2.1294 Not tainted 6.15.0-rc4-syzkaller-00052-g4f79eaa2ceac #0 PREEMPT(full) 
[  246.485593][T10350] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  246.485599][T10350] Call Trace:
[  246.485602][T10350]  <TASK>
[  246.485606][T10350]  dump_stack_lvl+0x16c/0x1f0
[  246.485623][T10350]  should_fail_ex+0x512/0x640
[  246.485637][T10350]  ? fs_reclaim_acquire+0xae/0x150
[  246.485653][T10350]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[  246.485666][T10350]  should_failslab+0xc2/0x120
[  246.485679][T10350]  __kmalloc_noprof+0xd2/0x510
[  246.485693][T10350]  tomoyo_realpath_from_path+0xc2/0x6e0
[  246.485707][T10350]  ? tomoyo_profile+0x47/0x60
[  246.485723][T10350]  tomoyo_path_number_perm+0x245/0x580
[  246.485734][T10350]  ? tomoyo_path_number_perm+0x237/0x580
[  246.485747][T10350]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  246.485772][T10350]  ? find_held_lock+0x2b/0x80
[  246.485781][T10350]  ? hook_file_ioctl_common+0x145/0x410
[  246.485795][T10350]  ? __fget_files+0x204/0x3c0
[  246.485813][T10350]  ? __fget_files+0x20e/0x3c0
[  246.485826][T10350]  ? __might_fault+0x80/0x190
[  246.485839][T10350]  security_file_ioctl_compat+0x9b/0x240
[  246.485853][T10350]  __ia32_compat_sys_ioctl+0xc3/0x360
[  246.485868][T10350]  __do_fast_syscall_32+0x73/0x120
[  246.485882][T10350]  do_fast_syscall_32+0x32/0x80
[  246.485896][T10350]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  246.485908][T10350] RIP: 0023:0xf7fd5579
[  246.485915][T10350] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  246.485925][T10350] RSP: 002b:00000000f50f655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  246.485935][T10350] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000040043311
[  246.485941][T10350] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  246.485947][T10350] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  246.485952][T10350] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  246.485957][T10350] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  246.485970][T10350]  </TASK>
[  246.485974][T10350] ERROR: Out of memory at tomoyo_realpath_from_path.
[  246.757693][T10361] netlink: 'syz.1.1298': attribute type 1 has an invalid length.
[  246.786374][T10361] bond0: (slave gre1): The slave device specified does not support setting the MAC address
[  246.789632][T10361] bond0: (slave gre1): Setting fail_over_mac to active for active-backup mode
[  246.792918][T10361] bond0: (slave gre1): Opening slave failed
[  247.167277][T10371] netlink: 'syz.0.1300': attribute type 4 has an invalid length.
[  247.296504][T10375] hfs: unable to load iocharset "io#harset"
[  247.394369][   T10] usb 6-1: new high-speed USB device number 25 using dummy_hcd
[  247.545573][   T10] usb 6-1: config 1 interface 0 altsetting 8 endpoint 0x81 has an invalid bInterval 250, changing to 11
[  247.549016][   T10] usb 6-1: config 1 interface 0 altsetting 8 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  247.553045][   T10] usb 6-1: config 1 interface 0 has no altsetting 0
[  247.559844][   T10] usb 6-1: New USB device found, idVendor=046d, idProduct=c512, bcdDevice= 0.40
[  247.562864][   T10] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  247.563111][T10390] netlink: 'syz.3.1307': attribute type 1 has an invalid length.
[  247.568607][   T10] usb 6-1: Product: syz
[  247.569902][   T10] usb 6-1: Manufacturer: syz
[  247.571503][   T10] usb 6-1: SerialNumber: syz
[  247.641819][T10397] hfs: unable to load iocharset "io#harset"
[  247.853238][   T10] usbhid 6-1:1.0: can't add hid device: -71
[  247.855379][   T10] usbhid 6-1:1.0: probe with driver usbhid failed with error -71
[  247.861797][   T10] usb 6-1: USB disconnect, device number 25
[  248.221283][T10409] netlink: 'syz.0.1309': attribute type 1 has an invalid length.
[  248.251623][T10409] bond4: (slave gre1): The slave device specified does not support setting the MAC address
[  248.254789][T10409] bond4: (slave gre1): Setting fail_over_mac to active for active-backup mode
[  248.257941][T10409] bond4: (slave gre1): Opening slave failed
[  248.385008][T10418] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1312'.
[  248.385024][T10417] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1312'.
[  248.391836][T10418] openvswitch: netlink: Missing key (keys=40, expected=100)
[  248.700510][T10425] team0: Port device gtp0 removed
[  249.548071][T10433] serio: Serial port ptm1
[  250.053265][T10435] netlink: 'syz.0.1317': attribute type 1 has an invalid length.
[  250.379509][T10451] hfs: unable to load iocharset "io#harset"
[  250.989974][T10468] netlink: 'syz.3.1326': attribute type 1 has an invalid length.
[  251.279352][T10485] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1333'.
[  251.449674][T10487] FAULT_INJECTION: forcing a failure.
[  251.449674][T10487] name failslab, interval 1, probability 0, space 0, times 0
[  251.453828][T10487] CPU: 2 UID: 0 PID: 10487 Comm: syz.1.1334 Not tainted 6.15.0-rc4-syzkaller-00052-g4f79eaa2ceac #0 PREEMPT(full) 
[  251.453853][T10487] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  251.453863][T10487] Call Trace:
[  251.453868][T10487]  <TASK>
[  251.453873][T10487]  dump_stack_lvl+0x16c/0x1f0
[  251.453890][T10487]  should_fail_ex+0x512/0x640
[  251.453906][T10487]  should_failslab+0xc2/0x120
[  251.453924][T10487]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  251.453942][T10487]  ? skb_clone+0x190/0x3f0
[  251.453965][T10487]  skb_clone+0x190/0x3f0
[  251.453983][T10487]  netlink_deliver_tap+0xabd/0xd30
[  251.454008][T10487]  netlink_unicast+0x6b2/0x7f0
[  251.454028][T10487]  ? __pfx_netlink_unicast+0x10/0x10
[  251.454038][T10487]  ? genl_rcv_msg+0x4bb/0x800
[  251.454055][T10487]  netlink_ack+0x696/0xb80
[  251.454070][T10487]  netlink_rcv_skb+0x347/0x440
[  251.454081][T10487]  ? __pfx_genl_rcv_msg+0x10/0x10
[  251.454095][T10487]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  251.454113][T10487]  ? __pfx_down_read+0x10/0x10
[  251.454128][T10487]  ? netlink_deliver_tap+0x1ae/0xd30
[  251.454141][T10487]  genl_rcv+0x28/0x40
[  251.454152][T10487]  netlink_unicast+0x53a/0x7f0
[  251.454165][T10487]  ? __pfx_netlink_unicast+0x10/0x10
[  251.454181][T10487]  netlink_sendmsg+0x8d1/0xdd0
[  251.454194][T10487]  ? __pfx_netlink_sendmsg+0x10/0x10
[  251.454207][T10487]  ? __import_iovec+0x1c8/0x660
[  251.454225][T10487]  ____sys_sendmsg+0xa95/0xc70
[  251.454253][T10487]  ? __pfx_____sys_sendmsg+0x10/0x10
[  251.454266][T10487]  ? get_compat_msghdr+0x11a/0x170
[  251.454283][T10487]  ___sys_sendmsg+0x134/0x1d0
[  251.454295][T10487]  ? __pfx____sys_sendmsg+0x10/0x10
[  251.454324][T10487]  __sys_sendmsg+0x16d/0x220
[  251.454334][T10487]  ? __pfx___sys_sendmsg+0x10/0x10
[  251.454351][T10487]  ? rcu_is_watching+0x12/0xc0
[  251.454363][T10487]  __do_fast_syscall_32+0x73/0x120
[  251.454377][T10487]  do_fast_syscall_32+0x32/0x80
[  251.454391][T10487]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  251.454403][T10487] RIP: 0023:0xf704e579
[  251.454412][T10487] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  251.454421][T10487] RSP: 002b:00000000f503e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  251.454431][T10487] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000180
[  251.454437][T10487] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  251.454443][T10487] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  251.454448][T10487] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  251.454454][T10487] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  251.454467][T10487]  </TASK>
[  251.784553][ T1925] usb 5-1: new high-speed USB device number 22 using dummy_hcd
[  251.973658][ T1925] usb 5-1: Using ep0 maxpacket: 8
[  251.979941][ T1925] usb 5-1: config 0 has no interfaces?
[  251.983684][ T1925] usb 5-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ee
[  251.987267][ T1925] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  251.990399][ T1925] usb 5-1: Product: syz
[  251.992064][ T1925] usb 5-1: Manufacturer: syz
[  251.993566][ T1925] usb 5-1: SerialNumber: syz
[  251.996658][ T1925] usb 5-1: config 0 descriptor??
[  252.138810][T10506] hfs: unable to load iocharset "io#harset"
[  252.204510][ T1925] usb 5-1: USB disconnect, device number 22
[  252.303459][   T46] Bluetooth: hci4: Frame reassembly failed (-84)
[  252.812133][T10519] FAULT_INJECTION: forcing a failure.
[  252.812133][T10519] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  252.817736][T10519] CPU: 0 UID: 0 PID: 10519 Comm: syz.1.1344 Not tainted 6.15.0-rc4-syzkaller-00052-g4f79eaa2ceac #0 PREEMPT(full) 
[  252.817753][T10519] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  252.817759][T10519] Call Trace:
[  252.817763][T10519]  <TASK>
[  252.817768][T10519]  dump_stack_lvl+0x16c/0x1f0
[  252.817787][T10519]  should_fail_ex+0x512/0x640
[  252.817804][T10519]  _copy_from_user+0x2e/0xd0
[  252.817820][T10519]  get_compat_msghdr+0xa7/0x170
[  252.817831][T10519]  ? __pfx_get_compat_msghdr+0x10/0x10
[  252.817845][T10519]  ___sys_sendmsg+0x1ae/0x1d0
[  252.817858][T10519]  ? __pfx____sys_sendmsg+0x10/0x10
[  252.817884][T10519]  __sys_sendmsg+0x16d/0x220
[  252.817895][T10519]  ? __pfx___sys_sendmsg+0x10/0x10
[  252.817911][T10519]  ? rcu_is_watching+0x12/0xc0
[  252.817922][T10519]  __do_fast_syscall_32+0x73/0x120
[  252.817937][T10519]  do_fast_syscall_32+0x32/0x80
[  252.817950][T10519]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  252.817963][T10519] RIP: 0023:0xf704e579
[  252.817971][T10519] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  252.817980][T10519] RSP: 002b:00000000f503e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  252.817990][T10519] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000480
[  252.817996][T10519] RDX: 0000000000048894 RSI: 0000000000000000 RDI: 0000000000000000
[  252.818002][T10519] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  252.818007][T10519] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  252.818013][T10519] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  252.818025][T10519]  </TASK>
[  253.026683][T10538] netlink: 'syz.3.1352': attribute type 21 has an invalid length.
[  253.029117][T10538] netlink: 128 bytes leftover after parsing attributes in process `syz.3.1352'.
[  253.031931][T10538] netlink: 'syz.3.1352': attribute type 5 has an invalid length.
[  253.034468][T10538] netlink: 3 bytes leftover after parsing attributes in process `syz.3.1352'.
[  253.042893][T10540] ipvlan1: entered allmulticast mode
[  253.052983][T10540] veth0_vlan: entered allmulticast mode
[  253.092044][T10544] hfs: unable to load iocharset "io#harset"
[  253.261610][T10556] hfs: unable to load iocharset "io#harset"
[  254.152626][T10578] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1364'.
[  254.178925][T10578] netlink: 132 bytes leftover after parsing attributes in process `syz.3.1364'.
[  254.188568][   T40] audit: type=1804 audit(2000000157.260:89): pid=10578 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.1364" name="/newroot/350/file0/file0" dev="ramfs" ino=30477 res=1 errno=0
[  254.324459][ T5945] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  254.763748][T10592] netlink: 'syz.1.1369': attribute type 1 has an invalid length.
[  255.126040][ T1415] ieee802154 phy0 wpan0: encryption failed: -22
[  255.128105][ T1415] ieee802154 phy1 wpan1: encryption failed: -22
[  255.347431][T10601] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1372'.
[  255.384864][  T834] usb 8-1: new high-speed USB device number 21 using dummy_hcd
[  255.621824][T10606] hfs: unable to load iocharset "io#harset"
[  255.654487][  T834] usb 8-1: device descriptor read/64, error -71
[  255.939536][T10618] netlink: 64 bytes leftover after parsing attributes in process `syz.1.1376'.
[  255.942534][T10618] netlink: 288 bytes leftover after parsing attributes in process `syz.1.1376'.
[  255.950707][T10618] team0: Mode changed to "loadbalance"
[  256.159448][T10622] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[  256.162526][T10622] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  256.194480][  T834] usb 8-1: new high-speed USB device number 22 using dummy_hcd
[  256.324410][  T834] usb 8-1: device descriptor read/64, error -71
[  256.434450][  T834] usb usb8-port1: attempt power cycle
[  256.464599][T10639] loop6: detected capacity change from 0 to 524287999
[  256.611284][T10645] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1388'.
[  256.632938][T10645] smc: net device bond0 erased user defined pnetid SYZ0
[  256.839106][  T834] usb 8-1: new high-speed USB device number 23 using dummy_hcd
[  256.855930][  T834] usb 8-1: device descriptor read/8, error -71
[  257.007939][   T12] Bluetooth: hci4: Frame reassembly failed (-84)
[  257.114353][  T834] usb 8-1: new high-speed USB device number 24 using dummy_hcd
[  257.144786][  T834] usb 8-1: device descriptor read/8, error -71
[  257.256148][  T834] usb usb8-port1: unable to enumerate USB device
[  257.627579][T10661] hfs: unable to load iocharset "io#harset"
[  257.664054][T10653] [U] 
[  257.702884][T10666] netlink: 'syz.1.1387': attribute type 4 has an invalid length.
[  257.732394][T10668] FAULT_INJECTION: forcing a failure.
[  257.732394][T10668] name failslab, interval 1, probability 0, space 0, times 0
[  257.736365][T10668] CPU: 3 UID: 0 PID: 10668 Comm: syz.1.1389 Not tainted 6.15.0-rc4-syzkaller-00052-g4f79eaa2ceac #0 PREEMPT(full) 
[  257.736379][T10668] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  257.736385][T10668] Call Trace:
[  257.736388][T10668]  <TASK>
[  257.736392][T10668]  dump_stack_lvl+0x16c/0x1f0
[  257.736409][T10668]  should_fail_ex+0x512/0x640
[  257.736423][T10668]  ? __kmalloc_cache_noprof+0x57/0x3e0
[  257.736440][T10668]  should_failslab+0xc2/0x120
[  257.736453][T10668]  __kmalloc_cache_noprof+0x6a/0x3e0
[  257.736469][T10668]  ? alloc_netdev_mqs+0xf3a/0x1570
[  257.736481][T10668]  ? kasan_save_track+0x14/0x30
[  257.736492][T10668]  alloc_netdev_mqs+0xf3a/0x1570
[  257.736506][T10668]  rtnl_create_link+0xc10/0xfa0
[  257.736519][T10668]  rtnl_newlink+0xb69/0x2000
[  257.736534][T10668]  ? __pfx_rtnl_newlink+0x10/0x10
[  257.736551][T10668]  ? kfree_skbmem+0x1a4/0x1f0
[  257.736569][T10668]  ? rcu_is_watching+0x12/0xc0
[  257.736579][T10668]  ? trace_cap_capable+0x18d/0x200
[  257.736593][T10668]  ? find_held_lock+0x2b/0x80
[  257.736601][T10668]  ? __pfx_rtnl_newlink+0x10/0x10
[  257.736611][T10668]  ? __pfx_rtnl_newlink+0x10/0x10
[  257.736621][T10668]  ? rtnetlink_rcv_msg+0x93a/0xe90
[  257.736632][T10668]  ? __pfx_rtnl_newlink+0x10/0x10
[  257.736643][T10668]  rtnetlink_rcv_msg+0x95b/0xe90
[  257.736655][T10668]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  257.736673][T10668]  netlink_rcv_skb+0x16a/0x440
[  257.736686][T10668]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  257.736697][T10668]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  257.736717][T10668]  ? netlink_deliver_tap+0x1ae/0xd30
[  257.736730][T10668]  netlink_unicast+0x53a/0x7f0
[  257.736747][T10668]  ? __pfx_netlink_unicast+0x10/0x10
[  257.736762][T10668]  netlink_sendmsg+0x8d1/0xdd0
[  257.736776][T10668]  ? __pfx_netlink_sendmsg+0x10/0x10
[  257.736788][T10668]  ? __import_iovec+0x1c8/0x660
[  257.736807][T10668]  ____sys_sendmsg+0xa95/0xc70
[  257.736822][T10668]  ? __pfx_____sys_sendmsg+0x10/0x10
[  257.736834][T10668]  ? get_compat_msghdr+0x11a/0x170
[  257.736850][T10668]  ___sys_sendmsg+0x134/0x1d0
[  257.736862][T10668]  ? __pfx____sys_sendmsg+0x10/0x10
[  257.736889][T10668]  __sys_sendmsg+0x16d/0x220
[  257.736900][T10668]  ? __pfx___sys_sendmsg+0x10/0x10
[  257.736916][T10668]  ? rcu_is_watching+0x12/0xc0
[  257.736927][T10668]  __do_fast_syscall_32+0x73/0x120
[  257.736941][T10668]  do_fast_syscall_32+0x32/0x80
[  257.736954][T10668]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  257.736967][T10668] RIP: 0023:0xf704e579
[  257.736975][T10668] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  257.736985][T10668] RSP: 002b:00000000f503e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  257.736995][T10668] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000300
[  257.737001][T10668] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  257.737007][T10668] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  257.737012][T10668] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  257.737017][T10668] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  257.737030][T10668]  </TASK>
[  257.870260][T10672] hfs: unable to load iocharset "io#harset"
[  257.959791][T10675] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1396'.
[  257.963894][T10675] fuse: Bad value for 'fd'
[  258.452078][T10678] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[  258.455203][T10678] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  258.669015][T10691] netlink: 'syz.2.1395': attribute type 1 has an invalid length.
[  258.681206][T10691] bond4: entered promiscuous mode
[  258.683001][T10691] bond4: entered allmulticast mode
[  258.707509][T10691] bond4: (slave erspan1): making interface the new active one
[  258.709877][T10691] erspan1: entered promiscuous mode
[  258.711575][T10691] erspan1: entered allmulticast mode
[  258.713921][T10691] bond4: (slave erspan1): Enslaving as an active interface with an up link
[  258.774698][T10693] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1391'.
[  258.778939][T10693] fuse: Unknown parameter 'group_i00000000000000000000'
[  259.033836][T10698] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1398'.
[  259.036929][T10698] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1398'.
[  259.040791][T10695] hfs: unable to load iocharset "io#harset"
[  259.044393][   T66] Bluetooth: hci4: command 0x1003 tx timeout
[  259.044456][ T5945] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  260.523996][T10724] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1402'.
[  260.528429][T10724] fuse: Invalid rootmode
[  260.961504][T10730] tmpfs: Unknown parameter 'zpol'
[  261.233213][T10738] syz.2.1408: attempt to access beyond end of device
[  261.233213][T10738] md2: rw=2048, sector=0, nr_sectors = 8 limit=0
[  261.261317][T10742] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1407'.
[  261.265149][T10742] fuse: Unknown parameter 'group_i00000000000000000000'
[  261.632940][T10745] netlink: 'syz.1.1417': attribute type 1 has an invalid length.
[  261.642074][T10747] netlink: 'syz.3.1409': attribute type 4 has an invalid length.
[  261.823034][T10759] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1414'.
[  261.871359][T10766] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1416'.
[  262.040995][T10772] netlink: 'syz.1.1418': attribute type 1 has an invalid length.
[  262.044345][T10772] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1418'.
[  262.407226][T10784] netlink: 'syz.1.1423': attribute type 1 has an invalid length.
[  262.478174][T10791] overlayfs: failed to resolve './file1': -2
[  262.815638][T10800] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1427'.
[  262.819955][T10800] fuse: Unknown parameter 'group_id00000000000000000000'
[  263.329420][T10807] lo speed is unknown, defaulting to 1000
[  263.334819][T10807] lo speed is unknown, defaulting to 1000
[  263.348926][T10809] lo speed is unknown, defaulting to 1000
[  263.358541][T10809] lo speed is unknown, defaulting to 1000
[  263.405569][T10811] FAULT_INJECTION: forcing a failure.
[  263.405569][T10811] name failslab, interval 1, probability 0, space 0, times 0
[  263.410627][T10811] CPU: 3 UID: 0 PID: 10811 Comm: syz.3.1432 Not tainted 6.15.0-rc4-syzkaller-00052-g4f79eaa2ceac #0 PREEMPT(full) 
[  263.410650][T10811] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  263.410659][T10811] Call Trace:
[  263.410664][T10811]  <TASK>
[  263.410671][T10811]  dump_stack_lvl+0x16c/0x1f0
[  263.410694][T10811]  should_fail_ex+0x512/0x640
[  263.410713][T10811]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[  263.410732][T10811]  should_failslab+0xc2/0x120
[  263.410750][T10811]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  263.410766][T10811]  ? getname_flags.part.0+0x4c/0x550
[  263.410787][T10811]  getname_flags.part.0+0x4c/0x550
[  263.410808][T10811]  getname_flags+0x93/0xf0
[  263.410829][T10811]  __ia32_compat_sys_execve+0x72/0xc0
[  263.410852][T10811]  __do_fast_syscall_32+0x73/0x120
[  263.410872][T10811]  do_fast_syscall_32+0x32/0x80
[  263.410891][T10811]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  263.410909][T10811] RIP: 0023:0xf7f02579
[  263.410921][T10811] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  263.410934][T10811] RSP: 002b:00000000f500555c EFLAGS: 00000296 ORIG_RAX: 000000000000000b
[  263.410950][T10811] RAX: ffffffffffffffda RBX: 0000000080000740 RCX: 0000000000000000
[  263.410960][T10811] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  263.410968][T10811] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  263.410976][T10811] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  263.410984][T10811] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  263.411005][T10811]  </TASK>
[  263.583844][T10818] netlink: 'syz.1.1434': attribute type 1 has an invalid length.
[  263.636742][T10823] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  263.646884][T10820] lo speed is unknown, defaulting to 1000
[  263.649844][T10820] lo speed is unknown, defaulting to 1000
[  263.831448][T10828] mac80211_hwsim hwsim9 wlan1: entered allmulticast mode
[  263.840114][T10832] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1439'.
[  263.865709][T10832] Cannot find del_set index 3 as target
[  264.217097][T10843] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1441'.
[  264.221342][T10843] fuse: Unknown parameter 'group_id00000000000000000000'
[  264.491645][T10847] FAULT_INJECTION: forcing a failure.
[  264.491645][T10847] name failslab, interval 1, probability 0, space 0, times 0
[  264.498552][T10847] CPU: 0 UID: 0 PID: 10847 Comm: syz.3.1443 Not tainted 6.15.0-rc4-syzkaller-00052-g4f79eaa2ceac #0 PREEMPT(full) 
[  264.498567][T10847] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  264.498574][T10847] Call Trace:
[  264.498578][T10847]  <TASK>
[  264.498582][T10847]  dump_stack_lvl+0x16c/0x1f0
[  264.498599][T10847]  should_fail_ex+0x512/0x640
[  264.498614][T10847]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[  264.498627][T10847]  should_failslab+0xc2/0x120
[  264.498640][T10847]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  264.498651][T10847]  ? __alloc_skb+0x2b2/0x380
[  264.498663][T10847]  __alloc_skb+0x2b2/0x380
[  264.498672][T10847]  ? __pfx___alloc_skb+0x10/0x10
[  264.498684][T10847]  ? if_nlmsg_size+0x475/0xaf0
[  264.498697][T10847]  rtmsg_ifinfo_build_skb+0x81/0x280
[  264.498712][T10847]  rtmsg_ifinfo+0x9f/0x1a0
[  264.498727][T10847]  netif_state_change+0x17f/0x3b0
[  264.498740][T10847]  ? __pfx_netif_state_change+0x10/0x10
[  264.498757][T10847]  do_setlink.constprop.0+0x3632/0x44b0
[  264.498772][T10847]  ? __lock_acquire+0xaa4/0x1ba0
[  264.498787][T10847]  ? __pfx_do_setlink.constprop.0+0x10/0x10
[  264.498804][T10847]  ? kasan_save_stack+0x42/0x60
[  264.498819][T10847]  ? kasan_save_stack+0x33/0x60
[  264.498835][T10847]  ? __kasan_kmalloc+0xaa/0xb0
[  264.498853][T10847]  ? __mutex_trylock_common+0xe9/0x250
[  264.498874][T10847]  ? __pfx___mutex_trylock_common+0x10/0x10
[  264.498896][T10847]  ? __pfx___might_resched+0x10/0x10
[  264.498913][T10847]  ? rcu_is_watching+0x12/0xc0
[  264.498930][T10847]  ? trace_contention_end+0xdd/0x130
[  264.498944][T10847]  ? __mutex_lock+0x1ca/0xb90
[  264.498958][T10847]  ? rcu_is_watching+0x12/0xc0
[  264.498966][T10847]  ? rtnl_newlink+0x600/0x2000
[  264.498975][T10847]  ? trace_cap_capable+0x18d/0x200
[  264.498986][T10847]  ? __pfx___mutex_lock+0x10/0x10
[  264.498998][T10847]  ? apparmor_capable+0x114/0x1d0
[  264.499013][T10847]  ? netlink_ns_capable+0xfa/0x130
[  264.499026][T10847]  rtnl_newlink+0x18e0/0x2000
[  264.499040][T10847]  ? __pfx_rtnl_newlink+0x10/0x10
[  264.499053][T10847]  ? kasan_quarantine_put+0x10a/0x240
[  264.499062][T10847]  ? lockdep_hardirqs_on+0x7c/0x110
[  264.499077][T10847]  ? kfree_skbmem+0x1a4/0x1f0
[  264.499092][T10847]  ? __lock_acquire+0x5ca/0x1ba0
[  264.499106][T10847]  ? rcu_is_watching+0x12/0xc0
[  264.499114][T10847]  ? trace_cap_capable+0x18d/0x200
[  264.499127][T10847]  ? find_held_lock+0x2b/0x80
[  264.499135][T10847]  ? __pfx_rtnl_newlink+0x10/0x10
[  264.499145][T10847]  ? __pfx_rtnl_newlink+0x10/0x10
[  264.499155][T10847]  ? rtnetlink_rcv_msg+0x93a/0xe90
[  264.499166][T10847]  ? __pfx_rtnl_newlink+0x10/0x10
[  264.499177][T10847]  rtnetlink_rcv_msg+0x95b/0xe90
[  264.499189][T10847]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  264.499206][T10847]  netlink_rcv_skb+0x16a/0x440
[  264.499218][T10847]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  264.499230][T10847]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  264.499248][T10847]  ? netlink_deliver_tap+0x1ae/0xd30
[  264.499262][T10847]  netlink_unicast+0x53a/0x7f0
[  264.499275][T10847]  ? __pfx_netlink_unicast+0x10/0x10
[  264.499290][T10847]  netlink_sendmsg+0x8d1/0xdd0
[  264.499303][T10847]  ? __pfx_netlink_sendmsg+0x10/0x10
[  264.499315][T10847]  ? __import_iovec+0x1c8/0x660
[  264.499333][T10847]  ____sys_sendmsg+0xa95/0xc70
[  264.499352][T10847]  ? __pfx_____sys_sendmsg+0x10/0x10
[  264.499365][T10847]  ? get_compat_msghdr+0x11a/0x170
[  264.499381][T10847]  ___sys_sendmsg+0x134/0x1d0
[  264.499392][T10847]  ? __pfx____sys_sendmsg+0x10/0x10
[  264.499419][T10847]  __sys_sendmsg+0x16d/0x220
[  264.499429][T10847]  ? __pfx___sys_sendmsg+0x10/0x10
[  264.499446][T10847]  ? rcu_is_watching+0x12/0xc0
[  264.499456][T10847]  __do_fast_syscall_32+0x73/0x120
[  264.499471][T10847]  do_fast_syscall_32+0x32/0x80
[  264.499484][T10847]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  264.499497][T10847] RIP: 0023:0xf7f02579
[  264.499505][T10847] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  264.499515][T10847] RSP: 002b:00000000f502655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  264.499524][T10847] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000140
[  264.499531][T10847] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  264.499536][T10847] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  264.499542][T10847] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  264.499547][T10847] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  264.499559][T10847]  </TASK>
[  264.627340][T10850] netlink: 'syz.1.1445': attribute type 1 has an invalid length.
[  264.663729][T10853] netlink: 186984 bytes leftover after parsing attributes in process `syz.3.1446'.
[  265.046310][T10860] program syz.2.1444 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  265.049580][T10869] hfs: unable to load iocharset "io#harset"
[  265.605500][T10872] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[  265.608542][T10872] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  265.628023][T10879] vlan2: entered allmulticast mode
[  265.629954][T10879] macvtap0: entered allmulticast mode
[  265.631663][T10879] veth0_macvtap: entered allmulticast mode
[  265.638190][T10876] lo speed is unknown, defaulting to 1000
[  265.641614][T10876] lo speed is unknown, defaulting to 1000
[  265.740932][T10887] tmpfs: Bad value for 'huge'
[  265.746723][   T40] audit: type=1800 audit(2000000168.810:90): pid=10887 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1457" name="bus" dev="tmpfs" ino=1954 res=0 errno=0
[  265.927462][ T5980] usb 7-1: new high-speed USB device number 26 using dummy_hcd
[  265.999929][T10891] netlink: 96 bytes leftover after parsing attributes in process `syz.0.1458'.
[  266.126399][ T5980] usb 7-1: device descriptor read/64, error -71
[  266.250345][T10898] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1459'.
[  266.254719][T10898] fuse: Unknown parameter 'group_id00000000000000000000'
[  266.404458][ T5980] usb 7-1: new high-speed USB device number 27 using dummy_hcd
[  266.534339][ T5980] usb 7-1: device descriptor read/64, error -71
[  266.645489][ T5980] usb usb7-port1: attempt power cycle
[  266.647576][T10900] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1460'.
[  266.998682][T10903] xt_CT: You must specify a L4 protocol and not use inversions on it
[  267.074423][ T5980] usb 7-1: new high-speed USB device number 28 using dummy_hcd
[  267.095542][ T5980] usb 7-1: device descriptor read/8, error -71
[  267.519110][T10909] hfs: unable to load iocharset "io#harset"
[  267.544445][ T5980] usb 7-1: new high-speed USB device number 29 using dummy_hcd
[  267.564883][ T5980] usb 7-1: device descriptor read/8, error -71
[  267.684694][ T5980] usb usb7-port1: unable to enumerate USB device
[  267.851187][T10919] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[  267.854156][T10919] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  267.984387][ T5980] usb 6-1: new full-speed USB device number 26 using dummy_hcd
[  268.146166][ T5980] usb 6-1: unable to read config index 0 descriptor/start: -61
[  268.149253][ T5980] usb 6-1: can't read configurations, error -61
[  268.205470][T10924] netlink: 'syz.0.1466': attribute type 4 has an invalid length.
[  268.249906][T10926] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1467'.
[  268.290025][ T8102] libceph: connect (1)[c::]:6789 error -101
[  268.292676][ T8102] libceph: mon0 (1)[c::]:6789 connect error
[  268.295738][ T5980] usb 6-1: new full-speed USB device number 27 using dummy_hcd
[  268.456571][ T5980] usb 6-1: unable to read config index 0 descriptor/start: -61
[  268.459325][ T5980] usb 6-1: can't read configurations, error -61
[  268.461654][ T5980] usb usb6-port1: attempt power cycle
[  268.505729][T10937] FAULT_INJECTION: forcing a failure.
[  268.505729][T10937] name failslab, interval 1, probability 0, space 0, times 0
[  268.509878][T10937] CPU: 3 UID: 0 PID: 10937 Comm: syz.3.1470 Not tainted 6.15.0-rc4-syzkaller-00052-g4f79eaa2ceac #0 PREEMPT(full) 
[  268.509892][T10937] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  268.509898][T10937] Call Trace:
[  268.509902][T10937]  <TASK>
[  268.509906][T10937]  dump_stack_lvl+0x16c/0x1f0
[  268.509923][T10937]  should_fail_ex+0x512/0x640
[  268.509936][T10937]  ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0
[  268.509949][T10937]  should_failslab+0xc2/0x120
[  268.509962][T10937]  kmem_cache_alloc_lru_noprof+0x72/0x3b0
[  268.509973][T10937]  ? sock_alloc_inode+0x25/0x1c0
[  268.509988][T10937]  ? __pfx_sock_alloc_inode+0x10/0x10
[  268.509999][T10937]  sock_alloc_inode+0x25/0x1c0
[  268.510011][T10937]  alloc_inode+0x61/0x240
[  268.510023][T10937]  sock_alloc+0x40/0x280
[  268.510034][T10937]  __sock_create+0xc1/0x8d0
[  268.510050][T10937]  l2tp_tunnel_sock_create+0x4a0/0xaa0
[  268.510066][T10937]  ? __pfx_l2tp_tunnel_sock_create+0x10/0x10
[  268.510079][T10937]  ? node_tag_clear+0x105/0x290
[  268.510099][T10937]  ? __local_bh_enable_ip+0xa4/0x120
[  268.510112][T10937]  l2tp_tunnel_register+0x49a/0xbe0
[  268.510121][T10937]  ? __debug_object_init+0x2de/0x3d0
[  268.510132][T10937]  ? __pfx___debug_object_init+0x10/0x10
[  268.510142][T10937]  ? __pfx_l2tp_tunnel_register+0x10/0x10
[  268.510156][T10937]  ? lockdep_init_map_type+0x5c/0x280
[  268.510170][T10937]  ? l2tp_tunnel_create+0x2cf/0x460
[  268.510183][T10937]  ? l2tp_tunnel_create+0x37d/0x460
[  268.510199][T10937]  l2tp_nl_cmd_tunnel_create+0x44e/0x990
[  268.510218][T10937]  ? __pfx_l2tp_nl_cmd_tunnel_create+0x10/0x10
[  268.510244][T10937]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290
[  268.510267][T10937]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290
[  268.510294][T10937]  genl_family_rcv_msg_doit+0x206/0x2f0
[  268.510316][T10937]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  268.510337][T10937]  ? trace_cap_capable+0x18d/0x200
[  268.510360][T10937]  ? bpf_lsm_capable+0x9/0x10
[  268.510372][T10937]  ? security_capable+0x7e/0x260
[  268.510389][T10937]  ? ns_capable+0xd7/0x110
[  268.510400][T10937]  genl_rcv_msg+0x55c/0x800
[  268.510414][T10937]  ? __pfx_genl_rcv_msg+0x10/0x10
[  268.510426][T10937]  ? __pfx___dev_queue_xmit+0x10/0x10
[  268.510441][T10937]  ? __pfx_l2tp_nl_cmd_tunnel_create+0x10/0x10
[  268.510455][T10937]  ? __lock_acquire+0xaa4/0x1ba0
[  268.510470][T10937]  netlink_rcv_skb+0x16a/0x440
[  268.510481][T10937]  ? __pfx_genl_rcv_msg+0x10/0x10
[  268.510494][T10937]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  268.510512][T10937]  ? __pfx_down_read+0x10/0x10
[  268.510527][T10937]  ? netlink_deliver_tap+0x1ae/0xd30
[  268.510539][T10937]  genl_rcv+0x28/0x40
[  268.510550][T10937]  netlink_unicast+0x53a/0x7f0
[  268.510564][T10937]  ? __pfx_netlink_unicast+0x10/0x10
[  268.510579][T10937]  netlink_sendmsg+0x8d1/0xdd0
[  268.510597][T10937]  ? __pfx_netlink_sendmsg+0x10/0x10
[  268.510609][T10937]  ? __import_iovec+0x1c8/0x660
[  268.510627][T10937]  ____sys_sendmsg+0xa95/0xc70
[  268.510642][T10937]  ? __pfx_____sys_sendmsg+0x10/0x10
[  268.510654][T10937]  ? get_compat_msghdr+0x11a/0x170
[  268.510670][T10937]  ___sys_sendmsg+0x134/0x1d0
[  268.510682][T10937]  ? __pfx____sys_sendmsg+0x10/0x10
[  268.510709][T10937]  __sys_sendmsg+0x16d/0x220
[  268.510720][T10937]  ? __pfx___sys_sendmsg+0x10/0x10
[  268.510737][T10937]  ? rcu_is_watching+0x12/0xc0
[  268.510747][T10937]  __do_fast_syscall_32+0x73/0x120
[  268.510762][T10937]  do_fast_syscall_32+0x32/0x80
[  268.510776][T10937]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  268.510788][T10937] RIP: 0023:0xf7f02579
[  268.510796][T10937] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  268.510806][T10937] RSP: 002b:00000000f502655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  268.510816][T10937] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000180
[  268.510822][T10937] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  268.510827][T10937] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  268.510833][T10937] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  268.510838][T10937] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  268.510851][T10937]  </TASK>
[  268.510856][T10937] socket: no more sockets
[  268.554727][ T8102] libceph: connect (1)[c::]:6789 error -101
[  268.652975][ T8102] libceph: mon0 (1)[c::]:6789 connect error
[  268.653069][T10941] tty tty27: ldisc open failed (-12), clearing slot 26
[  268.813307][T10950] debugfs: Invalid uid '0x00000000ffffffff'
[  268.861069][ T5980] usb 6-1: new full-speed USB device number 28 using dummy_hcd
[  268.887209][ T5980] usb 6-1: unable to read config index 0 descriptor/start: -61
[  268.890355][ T5980] usb 6-1: can't read configurations, error -61
[  269.014394][ T5980] usb 6-1: new full-speed USB device number 29 using dummy_hcd
[  269.037344][ T5980] usb 6-1: unable to read config index 0 descriptor/start: -61
[  269.039903][ T5980] usb 6-1: can't read configurations, error -61
[  269.042623][ T5980] usb usb6-port1: unable to enumerate USB device
[  269.115475][T10928] ceph: No mds server is up or the cluster is laggy
[  269.389324][T10958] program syz.0.1474 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  269.640283][ T5980] hid-generic 0001:0000:0000.0005: unknown main item tag 0x0
[  269.642697][ T5980] hid-generic 0001:0000:0000.0005: unknown main item tag 0x0
[  269.645156][ T5980] hid-generic 0001:0000:0000.0005: unknown main item tag 0x0
[  269.647570][ T5980] hid-generic 0001:0000:0000.0005: unknown main item tag 0x0
[  269.649945][ T5980] hid-generic 0001:0000:0000.0005: unknown main item tag 0x0
[  269.652329][ T5980] hid-generic 0001:0000:0000.0005: unknown main item tag 0x0
[  269.655810][ T5980] hid-generic 0001:0000:0000.0005: unknown main item tag 0x0
[  269.658335][ T5980] hid-generic 0001:0000:0000.0005: unknown main item tag 0x0
[  269.660685][ T5980] hid-generic 0001:0000:0000.0005: unknown main item tag 0x0
[  269.663054][ T5980] hid-generic 0001:0000:0000.0005: unknown main item tag 0x0
[  269.665901][ T5980] hid-generic 0001:0000:0000.0005: unknown main item tag 0x0
[  269.668666][ T5980] hid-generic 0001:0000:0000.0005: unknown main item tag 0x0
[  269.671579][ T5980] hid-generic 0001:0000:0000.0005: unknown main item tag 0x0
[  269.674451][ T5980] hid-generic 0001:0000:0000.0005: unknown main item tag 0x0
[  269.677137][ T5980] hid-generic 0001:0000:0000.0005: unknown main item tag 0x0
[  269.680084][ T5980] hid-generic 0001:0000:0000.0005: unknown main item tag 0x0
[  269.682827][ T5980] hid-generic 0001:0000:0000.0005: unknown main item tag 0x0
[  269.685741][ T5980] hid-generic 0001:0000:0000.0005: unknown main item tag 0x0
[  269.688728][ T5980] hid-generic 0001:0000:0000.0005: unknown main item tag 0x0
[  269.691548][ T5980] hid-generic 0001:0000:0000.0005: unknown main item tag 0x0
[  269.694414][ T5980] hid-generic 0001:0000:0000.0005: unknown main item tag 0x0
[  269.697398][ T5980] hid-generic 0001:0000:0000.0005: unknown main item tag 0x0
[  269.700204][ T5980] hid-generic 0001:0000:0000.0005: unknown main item tag 0x0
[  269.702938][ T5980] hid-generic 0001:0000:0000.0005: unknown main item tag 0x0
[  269.705460][ T5980] hid-generic 0001:0000:0000.0005: unknown main item tag 0x0
[  269.707892][ T5980] hid-generic 0001:0000:0000.0005: unknown main item tag 0x0
[  269.710262][ T5980] hid-generic 0001:0000:0000.0005: unknown main item tag 0x0
[  269.712643][ T5980] hid-generic 0001:0000:0000.0005: unknown main item tag 0x0
[  269.715080][ T5980] hid-generic 0001:0000:0000.0005: unknown main item tag 0x0
[  269.717485][ T5980] hid-generic 0001:0000:0000.0005: unknown main item tag 0x0
[  269.720457][ T5980] hid-generic 0001:0000:0000.0005: unknown main item tag 0x0
[  269.723320][ T5980] hid-generic 0001:0000:0000.0005: unknown main item tag 0x0
[  269.727328][ T5980] hid-generic 0001:0000:0000.0005: hidraw1: <UNKNOWN> HID vffffff.ff Device [syz0] on syz0
[  269.904362][ T8102] usb 8-1: new high-speed USB device number 25 using dummy_hcd
[  270.066472][ T8102] usb 8-1: config 0 has no interfaces?
[  270.068320][ T8102] usb 8-1: New USB device found, idVendor=1a34, idProduct=0802, bcdDevice= 0.00
[  270.071786][ T8102] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  270.072960][T10963] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1476'.
[  270.078259][ T8102] usb 8-1: config 0 descriptor??
[  270.440569][T10965] ==================================================================
[  270.443498][T10965] BUG: KASAN: vmalloc-out-of-bounds in vrealloc_noprof+0x132/0x320
[  270.445986][T10965] Write of size 4064 at addr ffffc90003f39020 by task syz.0.1477/10965
[  270.450201][T10965] 
[  270.450957][T10965] CPU: 3 UID: 0 PID: 10965 Comm: syz.0.1477 Not tainted 6.15.0-rc4-syzkaller-00052-g4f79eaa2ceac #0 PREEMPT(full) 
[  270.450972][T10965] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  270.450978][T10965] Call Trace:
[  270.450982][T10965]  <TASK>
[  270.450986][T10965]  dump_stack_lvl+0x116/0x1f0
[  270.451003][T10965]  print_report+0xc3/0x670
[  270.451014][T10965]  ? __virt_addr_valid+0x5e/0x590
[  270.451028][T10965]  ? vrealloc_noprof+0x132/0x320
[  270.451036][T10965]  kasan_report+0xe0/0x110
[  270.451047][T10965]  ? vrealloc_noprof+0x132/0x320
[  270.451057][T10965]  kasan_check_range+0xef/0x1a0
[  270.451071][T10965]  __asan_memset+0x23/0x50
[  270.451086][T10965]  vrealloc_noprof+0x132/0x320
[  270.451095][T10965]  push_insn_history+0x2ae/0x6c0
[  270.451107][T10965]  do_check_common+0xbd3/0xc2a0
[  270.451123][T10965]  ? __pfx_do_check_common+0x10/0x10
[  270.451133][T10965]  ? lockdep_hardirqs_on+0x7c/0x110
[  270.451146][T10965]  ? kfree+0x2b6/0x4d0
[  270.451160][T10965]  ? bpf_check+0x6c86/0xb460
[  270.451169][T10965]  ? bpf_check+0x7b2f/0xb460
[  270.451179][T10965]  bpf_check+0x7f51/0xb460
[  270.451193][T10965]  ? __pfx_bpf_check+0x10/0x10
[  270.451202][T10965]  ? pcpu_alloc_noprof+0x949/0x1470
[  270.451222][T10965]  ? __lock_acquire+0xaa4/0x1ba0
[  270.451259][T10965]  ? find_held_lock+0x2b/0x80
[  270.451278][T10965]  ? __asan_memset+0x23/0x50
[  270.451298][T10965]  ? bpf_obj_name_cpy+0x14a/0x1a0
[  270.451319][T10965]  bpf_prog_load+0xe41/0x2490
[  270.451342][T10965]  ? __pfx_bpf_prog_load+0x10/0x10
[  270.451361][T10965]  ? __pfx___futex_wait+0x10/0x10
[  270.451378][T10965]  ? bpf_lsm_bpf+0x9/0x10
[  270.451390][T10965]  __sys_bpf+0x433c/0x4d80
[  270.451403][T10965]  ? __pfx___sys_bpf+0x10/0x10
[  270.451418][T10965]  ? __lock_acquire+0xaa4/0x1ba0
[  270.451433][T10965]  ? find_held_lock+0x2b/0x80
[  270.451441][T10965]  ? __might_fault+0xe3/0x190
[  270.451452][T10965]  ? __might_fault+0xe3/0x190
[  270.451461][T10965]  ? __might_fault+0x13b/0x190
[  270.451473][T10965]  __ia32_sys_bpf+0x76/0xe0
[  270.451487][T10965]  __do_fast_syscall_32+0x73/0x120
[  270.451501][T10965]  do_fast_syscall_32+0x32/0x80
[  270.451514][T10965]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  270.451526][T10965] RIP: 0023:0xf704e579
[  270.451535][T10965] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  270.451545][T10965] RSP: 002b:00000000f503e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000165
[  270.451556][T10965] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000800017c0
[  270.451562][T10965] RDX: 0000000000000048 RSI: 0000000000000000 RDI: 0000000000000000
[  270.451569][T10965] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  270.451575][T10965] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  270.451581][T10965] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  270.451590][T10965]  </TASK>
[  270.451593][T10965] 
[  270.457604][  T834] usb 8-1: USB disconnect, device number 25
[  270.458414][T10965] The buggy address belongs to the virtual mapping at
[  270.458414][T10965]  [ffffc90003f19000, ffffc90003f3b000) created by:
[  270.458414][T10965]  kvrealloc_noprof+0x7d/0xd0
[  270.551197][T10965] 
[  270.551976][T10965] The buggy address belongs to the physical page:
[  270.553929][T10965] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x6902d
[  270.556682][T10965] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[  270.558960][T10965] raw: 04fff00000000000 0000000000000000 dead000000000122 0000000000000000
[  270.561639][T10965] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[  270.564257][T10965] page dumped because: kasan: bad access detected
[  270.566229][T10965] page_owner tracks the page as allocated
[  270.567981][T10965] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102cc2(GFP_HIGHUSER|__GFP_NOWARN), pid 10965, tgid 10964 (syz.0.1477), ts 270440489591, free_ts 270008170766
[  270.573199][T10965]  post_alloc_hook+0x181/0x1b0
[  270.574682][T10965]  get_page_from_freelist+0x135c/0x3920
[  270.576348][T10965]  __alloc_frozen_pages_noprof+0x5a8/0x23a0
[  270.578217][T10965]  alloc_pages_mpol+0x1fb/0x550
[  270.579822][T10965]  alloc_pages_noprof+0x131/0x390
[  270.581376][T10965]  __vmalloc_node_range_noprof+0x732/0x1540
[  270.583181][T10965]  __kvmalloc_node_noprof+0x2ff/0x600
[  270.584844][T10965]  kvrealloc_noprof+0x7d/0xd0
[  270.586275][T10965]  push_insn_history+0x2ae/0x6c0
[  270.587798][T10965]  do_check_common+0xbd3/0xc2a0
[  270.589412][T10965]  bpf_check+0x7f51/0xb460
[  270.590802][T10965]  bpf_prog_load+0xe41/0x2490
[  270.592275][T10965]  __sys_bpf+0x433c/0x4d80
[  270.593682][T10965]  __ia32_sys_bpf+0x76/0xe0
[  270.595129][T10965]  __do_fast_syscall_32+0x73/0x120
[  270.596725][T10965]  do_fast_syscall_32+0x32/0x80
[  270.598270][T10965] page last free pid 10954 tgid 10954 stack trace:
[  270.600335][T10965]  __free_frozen_pages+0x69d/0xff0
[  270.602102][T10965]  vfree+0x176/0x960
[  270.603331][T10965]  vb2_vmalloc_put+0x7b/0xc0
[  270.604777][T10965]  __vb2_buf_mem_free+0x15a/0x2d0
[  270.606343][T10965]  __vb2_queue_free+0x7ee/0xa30
[  270.607835][T10965]  vb2_core_reqbufs+0x276/0xfe0
[  270.609419][T10965]  __vb2_cleanup_fileio+0xed/0x190
[  270.610986][T10965]  vb2_core_queue_release+0x1f/0x190
[  270.612914][T10965]  _vb2_fop_release+0xe8/0x280
[  270.614384][T10965]  vivid_fop_release+0x155/0xc40
[  270.615921][T10965]  v4l2_release+0x232/0x460
[  270.617318][T10965]  __fput+0x3ff/0xb70
[  270.618542][T10965]  task_work_run+0x14d/0x240
[  270.620038][T10965]  syscall_exit_to_user_mode+0x27b/0x2a0
[  270.621827][T10965]  __do_fast_syscall_32+0x80/0x120
[  270.623409][T10965]  do_fast_syscall_32+0x32/0x80
[  270.625123][T10965] 
[  270.625884][T10965] Memory state around the buggy address:
[  270.627623][T10965]  ffffc90003f38f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  270.630129][T10965]  ffffc90003f38f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  270.632897][T10965] >ffffc90003f39000: 00 00 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[  270.635339][T10965]                                ^
[  270.636917][T10965]  ffffc90003f39080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[  270.639371][T10965]  ffffc90003f39100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[  270.641855][T10965] ==================================================================
[  270.645942][T10965] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  270.648293][T10965] CPU: 3 UID: 0 PID: 10965 Comm: syz.0.1477 Not tainted 6.15.0-rc4-syzkaller-00052-g4f79eaa2ceac #0 PREEMPT(full) 
[  270.652038][T10965] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  270.655330][T10965] Call Trace:
[  270.656350][T10965]  <TASK>
[  270.657284][T10965]  dump_stack_lvl+0x3d/0x1f0
[  270.658687][T10965]  panic+0x71c/0x800
[  270.659983][T10965]  ? __pfx_panic+0x10/0x10
[  270.661405][T10965]  ? rcu_is_watching+0x12/0xc0
[  270.663356][T10965]  ? preempt_schedule_thunk+0x16/0x30
[  270.665240][T10965]  ? vrealloc_noprof+0x132/0x320
[  270.666774][T10965]  ? preempt_schedule_common+0x44/0xc0
[  270.668449][T10965]  ? vrealloc_noprof+0x132/0x320
[  270.670256][T10965]  check_panic_on_warn+0xab/0xb0
[  270.672329][T10965]  end_report+0x107/0x170
[  270.674073][T10965]  kasan_report+0xee/0x110
[  270.675950][T10965]  ? vrealloc_noprof+0x132/0x320
[  270.678049][T10965]  kasan_check_range+0xef/0x1a0
[  270.680121][T10965]  __asan_memset+0x23/0x50
[  270.682004][T10965]  vrealloc_noprof+0x132/0x320
[  270.683525][T10965]  push_insn_history+0x2ae/0x6c0
[  270.685086][T10965]  do_check_common+0xbd3/0xc2a0
[  270.686624][T10965]  ? __pfx_do_check_common+0x10/0x10
[  270.688265][T10965]  ? lockdep_hardirqs_on+0x7c/0x110
[  270.689892][T10965]  ? kfree+0x2b6/0x4d0
[  270.691212][T10965]  ? bpf_check+0x6c86/0xb460
[  270.692662][T10965]  ? bpf_check+0x7b2f/0xb460
[  270.694098][T10965]  bpf_check+0x7f51/0xb460
[  270.695575][T10965]  ? __pfx_bpf_check+0x10/0x10
[  270.697066][T10965]  ? pcpu_alloc_noprof+0x949/0x1470
[  270.698671][T10965]  ? __lock_acquire+0xaa4/0x1ba0
[  270.700262][T10965]  ? find_held_lock+0x2b/0x80
[  270.701814][T10965]  ? __asan_memset+0x23/0x50
[  270.703263][T10965]  ? bpf_obj_name_cpy+0x14a/0x1a0
[  270.704810][T10965]  bpf_prog_load+0xe41/0x2490
[  270.706273][T10965]  ? __pfx_bpf_prog_load+0x10/0x10
[  270.707906][T10965]  ? __pfx___futex_wait+0x10/0x10
[  270.709367][T10965]  ? bpf_lsm_bpf+0x9/0x10
[  270.710736][T10965]  __sys_bpf+0x433c/0x4d80
[  270.712153][T10965]  ? __pfx___sys_bpf+0x10/0x10
[  270.713658][T10965]  ? __lock_acquire+0xaa4/0x1ba0
[  270.715176][T10965]  ? find_held_lock+0x2b/0x80
[  270.716644][T10965]  ? __might_fault+0xe3/0x190
[  270.718148][T10965]  ? __might_fault+0xe3/0x190
[  270.719602][T10965]  ? __might_fault+0x13b/0x190
[  270.721130][T10965]  __ia32_sys_bpf+0x76/0xe0
[  270.722685][T10965]  __do_fast_syscall_32+0x73/0x120
[  270.724262][T10965]  do_fast_syscall_32+0x32/0x80
[  270.725760][T10965]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  270.727750][T10965] RIP: 0023:0xf704e579
[  270.728983][T10965] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  270.734915][T10965] RSP: 002b:00000000f503e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000165
[  270.737468][T10965] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000800017c0
[  270.739895][T10965] RDX: 0000000000000048 RSI: 0000000000000000 RDI: 0000000000000000
[  270.742397][T10965] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  270.744745][T10965] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  270.747110][T10965] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  270.749672][T10965]  </TASK>
[  270.751274][T10965] Kernel Offset: disabled
[  270.752741][T10965] Rebooting in 86400 seconds..

VM DIAGNOSIS:
21:05:58  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000000000 RBX=ffff88802b223b78 RCX=0000000000000001 RDX=0000000000000000
RSI=ffffffff8dbb57e4 RDI=ffff88801ce9e82c RBP=ffffffff90851bf0 RSP=ffffc900250f7b40
R8 =0000000000000000 R9 =ffffed10037ee729 R10=ffff88801bf7394f R11=ffffffff818c0c32
R12=0000000000000001 R13=ffff88801bf73800 R14=ffff8880136f2870 R15=ffff88801bf73948
RIP=ffffffff818c44b4 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0000 0000000000000000 ffffffff 00c00000
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff8880977ed000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000f73b7ad8 CR3=0000000025d12000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000080000000 RBX=0000000080b1a000 RCX=ffffffff820b4907 RDX=ffff888020702440
RSI=0000000000000080 RDI=0000000000000007 RBP=0000000021549047 RSP=ffffc900010decf8
R8 =0000000000000007 R9 =0000000000000080 R10=0000000000000000 R11=0000000000000000
R12=0000000000000047 R13=ffff888066e3a028 R14=0000000000000000 R15=000ffffffffff000
RIP=ffffffff81baa668 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880978ed000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=000000000c38a173 CR3=000000006a921000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 2

CPU#2
RAX=dffffc0000000000 RBX=ffffffff93a45de8 RCX=0000000000000002 RDX=1ffffffff1b9c9a2
RSI=ffffffff8bf46760 RDI=ffffffff8dce4d10 RBP=0000000000000002 RSP=ffffc9000108edc0
R8 =0000000000000000 R9 =0000000000000000 R10=0000000000000001 R11=000000000000fa23
R12=0000000000000000 R13=0000000000000000 R14=0000000000000000 R15=0000000000000000
RIP=ffffffff81a07411 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880979ed000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000008f000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00007f54d4716b5c CR3=000000004bacd000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000008082082 Opmask01=0000000000000000 Opmask02=00000000dfff7fff Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000001 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=6b20657479622d32 3320646e61707865 6b20657479622d32 3320646e61707865 6b20657479622d32 3320646e61707865 6b20657479622d32 3320646e61707865
ZMM17=bfc8c9dc399206eb ad5eaccd4119bba5 bfc8c9dc399206eb ad5eaccd4119bba5 bfc8c9dc399206eb ad5eaccd4119bba5 bfc8c9dc399206eb ad5eaccd4119bba5
ZMM18=960a071b99e0cad5 e712c9d1310d7764 960a071b99e0cad5 e712c9d1310d7764 960a071b99e0cad5 e712c9d1310d7764 960a071b99e0cad5 e712c9d1310d7764
ZMM19=ee09000000000000 0000000000000015 ee09000000000000 0000000000000014 ee09000000000000 0000000000000013 ee09000000000000 0000000000000012
ZMM20=0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004
ZMM21=ad5eaccdad5eaccd ad5eaccdad5eaccd ad5eaccdad5eaccd ad5eaccdad5eaccd ad5eaccdad5eaccd ad5eaccdad5eaccd ad5eaccdad5eaccd ad5eaccdad5eaccd
ZMM22=399206eb399206eb 399206eb399206eb 399206eb399206eb 399206eb399206eb 399206eb399206eb 399206eb399206eb 399206eb399206eb 399206eb399206eb
ZMM23=bfc8c9dcbfc8c9dc bfc8c9dcbfc8c9dc bfc8c9dcbfc8c9dc bfc8c9dcbfc8c9dc bfc8c9dcbfc8c9dc bfc8c9dcbfc8c9dc bfc8c9dcbfc8c9dc bfc8c9dcbfc8c9dc
ZMM24=310d7764310d7764 310d7764310d7764 310d7764310d7764 310d7764310d7764 310d7764310d7764 310d7764310d7764 310d7764310d7764 310d7764310d7764
ZMM25=e712c9d1e712c9d1 e712c9d1e712c9d1 e712c9d1e712c9d1 e712c9d1e712c9d1 e712c9d1e712c9d1 e712c9d1e712c9d1 e712c9d1e712c9d1 e712c9d1e712c9d1
ZMM26=99e0cad599e0cad5 99e0cad599e0cad5 99e0cad599e0cad5 99e0cad599e0cad5 99e0cad599e0cad5 99e0cad599e0cad5 99e0cad599e0cad5 99e0cad599e0cad5
ZMM27=960a071b960a071b 960a071b960a071b 960a071b960a071b 960a071b960a071b 960a071b960a071b 960a071b960a071b 960a071b960a071b 960a071b960a071b
ZMM28=000000200000001f 0000001e0000001d 0000001c0000001b 0000001a00000019 0000001800000017 0000001600000015 0000001400000013 0000001200000011
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=ee090000ee090000 ee090000ee090000 ee090000ee090000 ee090000ee090000 ee090000ee090000 ee090000ee090000 ee090000ee090000 ee090000ee090000
info registers vcpu 3

CPU#3
RAX=0000000000000005 RBX=00000000000003f9 RCX=0000000000000000 RDX=00000000000003f9
RSI=ffffffff854bf835 RDI=ffffffff9addebc0 RBP=ffffffff9addeb80 RSP=ffffc9000363ef00
R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=0000000074697257
R12=0000000000000000 R13=0000000000000005 R14=ffffffff9addeb80 R15=ffffffff854bf7d0
RIP=ffffffff854bf85f RFL=00000006 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff888097aed000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000d6000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000800017c0 CR3=0000000029cfe000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000