last executing test programs:

4.959569354s ago: executing program 2 (id=595):
r0 = socket$can_bcm(0x1d, 0x2, 0x2)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x10, 0xffffffffffffffff, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x25dfdbfd, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x1}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x800}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x4)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x4)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r4, 0x8933, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
dup(0xffffffffffffffff)
r5 = socket(0x10, 0x2, 0x0)
write(r5, &(0x7f0000000040)="1c0000001a009b8a140000003b9b301f00"/28, 0x1c)
recvmmsg(r5, &(0x7f00000004c0)=[{{0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000340)=""/54, 0x36}], 0x1, &(0x7f00000003c0)=""/216, 0xd8}, 0x9}], 0x1, 0x2, &(0x7f00000001c0)={0x77359400})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
map_shadow_stack(&(0x7f00008fb000/0x3000)=nil, 0x3000, 0x0)
connect$can_bcm(r0, &(0x7f0000000040), 0x10)
sendmsg$can_bcm(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)=ANY=[@ANYBLOB="05"], 0x48}}, 0x0)

4.959175422s ago: executing program 3 (id=596):
r0 = add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffa)
keyctl$instantiate(0xc, r0, &(0x7f0000000240)=@encrypted_new={'new ', 'default', 0x20, 'user:', '\x00', 0x20, 0x7}, 0x28, 0xfffffffffffffffd)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f0000000000)=ANY=[@ANYBLOB="180000002c00010026bd70f7fbdbdf250400002804001d00"], 0x18}, 0x1, 0x0, 0x0, 0x404000c}, 0x40000)
socket$igmp6(0xa, 0x3, 0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffffff, 0x84, 0x13, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r5 = openat$fb0(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
socket$l2tp6(0xa, 0x2, 0x73)
creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc)
lsetxattr$security_ima(&(0x7f0000000480)='./file0\x00', &(0x7f0000000100), &(0x7f0000000380)=@v2={0x3, 0x2, 0xfe, 0xe79f, 0x2, 'JE'}, 0xb, 0x1)
ioctl$FBIOPUT_VSCREENINFO(r5, 0x4601, &(0x7f0000000380)={0x3c0, 0x78, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x1, 0x4, 0x8, 0x3, 0x1ff, 0x3d, 0x5, 0x3, 0x53, 0x202, 0x1, 0xc}) (fail_nth: 1)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000001880)=ANY=[@ANYBLOB="b700000081000000bfa30000000000000703000000feffff720af0fff8ffffff71a4f0ff0000000071100000000000001d400500000000004704000001ed00000f030000000000001d44000000000000620a00fe000000007203000000000000b5000000000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fe51bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a22048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93f04bf072f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00e10000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f6f096753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c2571f983e9673560000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d490cba8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e16e1461173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b583cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd84990453f006694d461b76a58d88cf0f520310a1e80dc18cde98d662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6432399f87a7a14245bbd796a09313b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c00000000000000f59dd19e8d525206c0a728cfd42193abe8130bc01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ed1012fd7a8139166fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336d205c5913ef67cf0216e2d81e6127bd9d7fab28800eaab2355992f8ce4cd38add4b272c0bee4076ca4847ffa691cf78fb7ec212bad3bef29f577ea7159b7f3025b3d977ff7c91024cf71126233cb8791c"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r8=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r7, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r8}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_START_AP(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)={0x94, r7, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r8}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x63, 0xe, {{{}, {}, @broadcast, @device_a, @from_mac, {0x0, 0x9}}, 0x0, @default, 0x1882, @void, @val={0x1, 0x4, [{0x79, 0x1}, {0x17, 0x1}, {0x2}, {0x4}]}, @void, @val={0x4, 0x6, {0x7, 0x4, 0x1, 0x4}}, @void, @val={0x5, 0x26, {0x6, 0xac, 0x26, "4535a7d15d92ed3883177b0403cbc09fa3dbf799bd588a59887355f0766d272c4f077e"}}, @val={0x25, 0x3, {0x0, 0x38, 0x6b}}, @void, @void, @void, @void, @void, @void}}], @chandef_params, @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_HE_BSS_COLOR={0x4}]}, 0x94}}, 0x0)

4.11585724s ago: executing program 3 (id=597):
r0 = add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffa)
keyctl$instantiate(0xc, r0, &(0x7f0000000240)=@encrypted_new={'new ', 'default', 0x20, 'user:', '\x00', 0x20, 0x7}, 0x28, 0xfffffffffffffffd)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f0000000000)=ANY=[@ANYBLOB="180000002c00010026bd70f7fbdbdf250400002804001d00"], 0x18}, 0x1, 0x0, 0x0, 0x404000c}, 0x40000)
socket$igmp6(0xa, 0x3, 0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffffff, 0x84, 0x13, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r5 = openat$fb0(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
socket$l2tp6(0xa, 0x2, 0x73)
creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc)
lsetxattr$security_ima(&(0x7f0000000480)='./file0\x00', &(0x7f0000000100), &(0x7f0000000380)=@v2={0x3, 0x2, 0xfe, 0xe79f, 0x2, 'JE'}, 0xb, 0x1)
ioctl$FBIOPUT_VSCREENINFO(r5, 0x4601, &(0x7f0000000380)={0x3c0, 0x78, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x1, 0x4, 0x8, 0x3, 0x1ff, 0x3d, 0x5, 0x3, 0x53, 0x202, 0x1, 0xc})
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000001880)=ANY=[@ANYBLOB="b700000081000000bfa30000000000000703000000feffff720af0fff8ffffff71a4f0ff0000000071100000000000001d400500000000004704000001ed00000f030000000000001d44000000000000620a00fe000000007203000000000000b5000000000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fe51bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a22048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93f04bf072f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00e10000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f6f096753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c2571f983e9673560000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d490cba8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e16e1461173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b583cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd84990453f006694d461b76a58d88cf0f520310a1e80dc18cde98d662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6432399f87a7a14245bbd796a09313b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c00000000000000f59dd19e8d525206c0a728cfd42193abe8130bc01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ed1012fd7a8139166fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336d205c5913ef67cf0216e2d81e6127bd9d7fab28800eaab2355992f8ce4cd38add4b272c0bee4076ca4847ffa691cf78fb7ec212bad3bef29f577ea7159b7f3025b3d977ff7c91024cf71126233cb8791c"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r8=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x24, r7, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r8}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x0)
sendmsg$NL80211_CMD_START_AP(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000580)={0x9c, r7, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r8}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x6b, 0xe, {{{}, {}, @broadcast, @device_a, @from_mac, {0x0, 0x9}}, 0x0, @default, 0x1882, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x4, [{0x79, 0x1}, {0x17, 0x1}, {0x2}, {0x4}]}, @void, @val={0x4, 0x6, {0x7, 0x4, 0x1, 0x4}}, @void, @val={0x5, 0x26, {0x6, 0xac, 0x26, "4535a7d15d92ed3883177b0403cbc09fa3dbf799bd588a59887355f0766d272c4f077e"}}, @val={0x25, 0x3, {0x0, 0x38, 0x6b}}, @void, @void, @void, @void, @void, @void}}], @chandef_params, @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_HE_BSS_COLOR={0x4}]}, 0x9c}}, 0x0)

3.973960048s ago: executing program 2 (id=599):
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
socket$kcm(0x10, 0x2, 0x4)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = syz_io_uring_setup(0x19f2, &(0x7f0000000300)={0x0, 0x0, 0x10100, 0x8000000}, &(0x7f0000000140)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x38, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='pids.events\x00', 0x275a, 0x0)
write$UHID_CREATE2(r4, &(0x7f0000000180)=ANY=[@ANYRES64=r3], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r4, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_EPOLL_CTL=@add={0x1d, 0x0, 0x0, r4, 0x0})
io_uring_enter(r0, 0x2d3e, 0x0, 0xff000000, 0x0, 0x0)

3.973417579s ago: executing program 2 (id=601):
symlink(&(0x7f0000000080)='.\x00', &(0x7f0000000240)='./file0\x00')
chmod(&(0x7f0000000180)='./file0\x00', 0x23f)
setuid(0xee01)
removexattr(&(0x7f0000000200)='./file0\x00', &(0x7f00000006c0)=@known='user.syz\x00')
syz_clone(0x22180, 0x0, 0xa42f, 0x0, 0x0, 0x0)
r0 = getpgid(0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r0, 0x0, 0x0)
r1 = epoll_create1(0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = epoll_create1(0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="5c000000020601020000000000000000000000000c00078008001240000600000500010006000000050005000a00000005000400000000000900020073797a310000000016000300686173683a6e65742c6e6574000000"], 0x5c}}, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r3, &(0x7f0000000100)={0x20000014})
epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r1, &(0x7f0000000000)={0xa0000001})
epoll_wait(r4, &(0x7f0000000240)=[{}], 0x1, 0x100)
ioperm(0x2, 0x8, 0x3)
r6 = landlock_create_ruleset(&(0x7f0000000040)={0x48c2, 0x2, 0x3}, 0x18, 0x2)
prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1)
landlock_restrict_self(r6, 0x3)

2.844787652s ago: executing program 2 (id=604):
io_setup(0xd72, &(0x7f0000002e80)=<r0=>0x0)
r1 = socket$rds(0x15, 0x5, 0x0)
io_submit(r0, 0x1, &(0x7f0000002500)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x5, 0x0, r1, 0x0}])
syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141503)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x24000805}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r2 = openat$cuse(0xffffffffffffff9c, &(0x7f0000001f80), 0x2, 0x0)
setsockopt$inet6_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000080)='westwood\x00', 0x9)
bind$inet6(0xffffffffffffffff, &(0x7f0000d84000)={0xa, 0x2, 0x0, @loopback, 0x7}, 0x1c)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x20000045, &(0x7f00000001c0)={0xa, 0x2, 0x397, @empty}, 0x1c)
write$FUSE_NOTIFY_INVAL_ENTRY(r2, &(0x7f0000001fc0)=ANY=[@ANYBLOB], 0x42)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r6 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r6, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16)
connect$inet(r6, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
setsockopt$inet_IP_XFRM_POLICY(r6, 0x0, 0x11, &(0x7f00000002c0)={{{@in6=@mcast1, @in6=@mcast1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}, {0x10000, 0x0, 0x0, 0x2, 0xfffffffffffffffc, 0x0, 0x0, 0xfffffffffffffffd}, {0x0, 0x0, 0x0, 0x8}, 0x0, 0x0, 0x1}, {{@in6=@ipv4={'\x00', '\xff\xff', @multicast1}, 0x2, 0x6c}, 0x0, @in=@empty, 0x0, 0x5, 0x0, 0xb7}}, 0xe8)
sendmmsg(r6, &(0x7f0000007fc0), 0x800001d, 0x60)

2.685936126s ago: executing program 3 (id=605):
fsopen(&(0x7f0000000000)='sysfs\x00', 0x0)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$igmp(0x2, 0x3, 0x2)
brk(0x55555ede6000)
brk(0x55555ede6001)
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
r3 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="6c8000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="debf0100e10000004c0012800b00010062726964676500003c000280050024000100000005002900010000000500250000000000060006000600000008001d008000000005001800010000000800050001000000"], 0x6c}}, 0x0)
mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='tmpfs\x00', 0x0, &(0x7f00000001c0)='grpquota')
migrate_pages(r0, 0xa94b, &(0x7f0000000b80), &(0x7f0000000bc0)=0x27e0407a)
r4 = syz_open_dev$sndctrl(&(0x7f0000000300), 0x1, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r4, 0xc2c45512, 0x0)
umount2(&(0x7f0000000340)='./file0\x00', 0x0)
recvmmsg$unix(0xffffffffffffffff, &(0x7f0000000ac0)=[{{&(0x7f0000000000)=@abs, 0x6e, &(0x7f0000000100)=[{&(0x7f0000000c00)=""/21, 0x15}], 0x1, &(0x7f0000000200)=[@cred={{0x18}}, @cred={{0x18}}, @cred={{0x18}}, @cred={{0x18}}, @rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x18}}], 0x9c}}, {{0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000000140)=""/34, 0x22}, {&(0x7f0000000680)=""/66, 0x42}, {&(0x7f00000002c0)}], 0x3}}, {{&(0x7f0000000740), 0x6e, &(0x7f0000000980)=[{&(0x7f00000007c0)=""/179, 0xb3}, {&(0x7f0000000880)=""/204, 0xcc}], 0x2, &(0x7f00000009c0)=[@cred={{0x18}}, @cred={{0x18}}, @cred={{0x18}}, @cred={{0x18}}, @cred={{0x18}}, @rights={{0x10, 0x1, 0x1, [0xffffffffffffffff]}}, @cred={{0x18}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x18}}], 0xe4}}], 0x3, 0x0, &(0x7f0000000b40)={0x0, 0x3938700})

1.895824304s ago: executing program 0 (id=609):
socket$nl_netfilter(0x10, 0x3, 0xc)
write$tun(0xffffffffffffffff, &(0x7f0000000000)={@void, @val={0x1, 0x80, 0x0, 0xc, 0xf, 0x800}, @ipv4=@udp={{0xe, 0x4, 0x1, 0x16, 0x80, 0x65, 0x0, 0x0, 0x11, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @private=0xa010100, {[@ra={0x94, 0x4, 0x1}, @generic={0x88, 0x9, "ede982dc501c15"}, @ra={0x94, 0x4}, @ssrr={0x89, 0x13, 0x33, [@rand_addr=0x64010102, @multicast2, @empty, @remote]}]}}, {0x4e23, 0x4e22, 0x48, 0x0, @wg=@cookie={0x3, 0x2, "f6504e23efcebc4504f61593a386ad8065699a7dd3711043", "cbf5d3e0aa54cf0f5e56d83e040db253d8ae514ba02d337a96c771c4a86b9f40"}}}}, 0x8a)
r0 = open$dir(&(0x7f00000000c0)='./file0\x00', 0x240, 0x5694d17d71a803ad)
r1 = openat(r0, &(0x7f0000000100)='./file0\x00', 0x80002, 0xb1)
statx(r0, &(0x7f0000000140)='./file0/file0\x00', 0x6500, 0x100, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, <r2=>0x0, <r3=>0x0})
rt_sigprocmask(0x2, &(0x7f0000000280)={[0x5, 0x7]}, &(0x7f00000002c0), 0x8)
getsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, &(0x7f0000000380)={{{@in6=@mcast1, @in=@empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r4=>0x0}}, {{@in6=@loopback}, 0x0, @in=@local}}, &(0x7f0000000480)=0xe4)
mount$9p_fd(0x0, &(0x7f0000000300)='./file0/file0\x00', &(0x7f0000000340), 0x20000, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@afid={'afid', 0x3d, 0x5}}, {@privport}, {@cachetag={'cachetag', 0x3d, '('}}, {@loose}, {@afid={'afid', 0x3d, 0x6}}, {@debug={'debug', 0x3d, 0x10000}}], [{@dont_measure}, {@uid_eq={'uid', 0x3d, r2}}, {@defcontext={'defcontext', 0x3d, 'root'}}, {@fsmagic={'fsmagic', 0x3d, 0x7}}, {@fowner_eq={'fowner', 0x3d, r4}}, {@fscontext={'fscontext', 0x3d, 'unconfined_u'}}]}})
r5 = dup3(r1, 0xffffffffffffffff, 0x80000)
quotactl_fd$Q_QUOTAON(r0, 0xffffffff80000201, r4, &(0x7f0000000600)='./file0\x00')
ppoll(&(0x7f0000000640)=[{r5, 0x4000}, {r1, 0x8}], 0x2, &(0x7f0000000680)={0x77359400}, &(0x7f00000006c0)={[0x1, 0x6]}, 0x8)
r6 = socket$inet6(0xa, 0x800, 0x40)
write$FUSE_INIT(r1, &(0x7f0000000700)={0x50, 0x0, 0x0, {0x7, 0x2b, 0x5, 0x22240, 0x6, 0x8, 0xfffffff9, 0x8, 0x0, 0x0, 0x40, 0x2}}, 0x50)
setsockopt$WPAN_WANTLQI(r1, 0x0, 0x3, &(0x7f0000000780)=0x1, 0x4)
mount$9p_fd(0x0, &(0x7f00000007c0)='./file0\x00', &(0x7f0000000800), 0x8, &(0x7f0000000840)={'trans=fd,', {'rfdno', 0x3d, r5}, 0x2c, {}, 0x2c, {[{@noxattr}, {@noextend}, {@directio}, {@uname={'uname', 0x3d, 'rfdno'}}, {@cache_none}, {@dfltgid={'dfltgid', 0x3d, r3}}, {@cache_readahead}, {@version_u}], [{@dont_measure}]}})
setsockopt$XDP_UMEM_FILL_RING(r1, 0x11b, 0x5, &(0x7f0000000900)=0x20000, 0x4)
setsockopt$IP_VS_SO_SET_FLUSH(r5, 0x0, 0x485, 0x0, 0x0)
quotactl$Q_SETQUOTA(0xffffffff80000801, &(0x7f0000000940)=@nbd={'/dev/nbd', 0x0}, r4, &(0x7f0000000980)={0x8, 0xd7, 0x100000000, 0x6, 0x9, 0x1, 0xffffffffffffffff, 0x9, 0x5})
fsopen(&(0x7f0000000a00)='romfs\x00', 0x0)
r7 = fspick(r1, &(0x7f0000000a40)='./file0/file0\x00', 0x1)
fsconfig$FSCONFIG_CMD_CREATE(r7, 0x6, 0x0, 0x0, 0x0)
setsockopt$inet_opts(r1, 0x0, 0x4, &(0x7f0000000a80)="ed094abc15a2a33aaf2609ffc2590fabc4e0d54a26033a189c2a9a41b436a36e8b74af7658d26da7aaed982104565e5e74facaa5293a0ba04d31c93046b072e544e90da1b719ae6d50917992d520a598d2b9fa86873b53cd5483dd9db7a639256d389b72f2fb17cb7c5fcfb7a23c776ef8668f1d39b15bb6afb3def45cb648aa25c085c90ddbee96af6b749ce50c", 0x8e)
ioctl$sock_FIOGETOWN(r6, 0x8903, &(0x7f0000000b40)=<r8=>0x0)
tkill(r8, 0x5)
lsetxattr$trusted_overlay_redirect(&(0x7f0000000b80)='./file0/file0\x00', &(0x7f0000000bc0), &(0x7f0000000c00)='./file0\x00', 0x8, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8924, &(0x7f0000000c40)={'veth1_to_bridge\x00', @multicast})
socket$nl_route(0x10, 0x3, 0x0)
r9 = socket$l2tp6(0xa, 0x2, 0x73)
recvfrom$l2tp6(r9, &(0x7f0000000c80), 0x0, 0x10000, &(0x7f0000000cc0)={0xa, 0x0, 0x0, @private0}, 0x20)
openat$ptmx(0xffffff9c, &(0x7f0000000d00), 0x6a200, 0x0)

1.802888292s ago: executing program 3 (id=610):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ppoll(&(0x7f0000000080)=[{r0}], 0x1, 0x0, 0x0, 0x0)
ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000100)=0xcf5)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000dc0)={0x0, 0x0, 0x0, 0x0, 0x0, "0062ba7d82000000000000000000f7ffffff00"})
r1 = syz_open_pts(r0, 0x121500)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000280)=0x3)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x2000, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_PIT(r3, 0x8048ae66, &(0x7f0000000040)={[{0xc, 0x3, 0x4, 0xc, 0x7, 0x2, 0x0, 0x3, 0xfe, 0x5, 0x5, 0x80, 0x5}, {0x6, 0x9, 0x3, 0xd, 0xb5, 0x40, 0x2, 0xc, 0xfe, 0x41, 0x6, 0x18, 0xa}, {0x9, 0x8, 0x3, 0xc, 0x2, 0x78, 0x3, 0x9, 0x2, 0x13, 0x7, 0x54, 0x18bf}], 0xd9})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
syz_kvm_setup_cpu$x86(r3, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text16={0x10, &(0x7f0000000200)="0f01c466b80500000066b9090000000f01d94c4cf80c66b8e4ed4b8a66efbafc0cb80b68ef0f01ca0f3236660ff95f6c0f0fac9200a6baf80c66b87478528966efbafc0cb86ac1ef360f01fb66b80500000066b9243800000f01d9", 0x5b}], 0x1, 0x21, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

1.736999849s ago: executing program 2 (id=611):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f0000000200)=@framed, &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x70bd2b, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7b, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_MD5SIG(r4, 0x6, 0xe, &(0x7f00000010c0)={@in6={{0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @multicast2}}}, 0x0, 0x0, 0x1b, 0x0, "61a1ed8439cde8054f2ada6fcd5fe76b933e8bb0ac60081e33dffa150835f7519d5f73b4f5d80eb4881a5b98cb9fb96d225d602392f816d0bdcc09b5063087117502d8c24f1fe97f61fd27a06d6a38a7"}, 0xd8)
fcntl$getownex(r3, 0x10, &(0x7f0000000180))
sendto$inet6(r4, 0x0, 0x0, 0x20000841, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @empty}, 0x1c)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="6c00000002060104db406e3e0004000200000000100003006269746d61703a706f72740005000400000000000900020073797a32000000000500050000006c00050001000600000024000780080008400000137906000440fffff0000600054000000000080006"], 0x6c}}, 0x0)
r6 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/resume', 0x149a82, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
add_key$fscrypt_v1(&(0x7f0000000040), &(0x7f0000000080)={'fscrypt:', @desc2}, &(0x7f00000000c0)={0xfffffe00, "f1a1173fb9462d3589e67197f90be6e423ceb0ab4912f9f6a31854ec98e950cfed21fcad7ff0fbcb566a0982f8938caa52dd8d39af14c31ed56ad59300"}, 0x52ba, 0xffffffffffffffff)
add_key$fscrypt_v1(&(0x7f0000000400), &(0x7f0000000440)={'fscrypt:', @desc3}, &(0x7f0000000480)={0x0, "6035ae1e0fe721441705322225930e6c1e3e2a51a92fd796bc34d7cf6e0236805b4377f7ab1a9b01c103a4c6a7ef54e6763fd7264c39ea00c508ba6062696138"}, 0x48, 0xfffffffffffffffe)
write$cgroup_int(r6, &(0x7f0000000040)=0x1c9, 0x12)
r7 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1)
bind$bt_hci(r7, &(0x7f0000000000)={0x27}, 0x74)

1.035958537s ago: executing program 0 (id=613):
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
syz_open_pts(r0, 0x20400)
mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB='trans=fd', @ANYBLOB=',cache=loose,trans=f'])
r1 = openat$sndseq(0xffffff9c, &(0x7f0000000000), 0x31080)
ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_PORT(r1, 0xc0a45352, &(0x7f00000000c0)={{0x2, 0x24}, 'port0\x00', 0x3, 0x800, 0x690, 0xffffffff, 0xa4c0, 0x4, 0x8, 0x0, 0x0, 0x2})

1.035773106s ago: executing program 0 (id=614):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000000), r0)
sendmsg$NL802154_CMD_NEW_SEC_LEVEL(r0, &(0x7f0000001700)={0x0, 0x0, &(0x7f00000016c0)={&(0x7f00000001c0)={0x24, r1, 0x1, 0x70bd25, 0x25df5bff, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_SEC_LEVEL={0x4}]}, 0x24}, 0x1, 0x0, 0x0, 0x4004805}, 0x20000000)

975.179072ms ago: executing program 0 (id=615):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=@base={0xe, 0x4, 0x4, 0x3, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0xb, 0xf, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0x70}, {{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {0x85, 0x0, 0x0, 0x5}}, {{0x5, 0x0, 0x3}, {0x95, 0x0, 0x0, 0x700}}, [], {{0x5, 0x1, 0x4, 0x8}, {0x6, 0x0, 0x5, 0x8}}}, &(0x7f0000000040)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0xc5, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0xf00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = syz_io_uring_setup(0x49a, &(0x7f0000000400)={0x0, 0x79af, 0x3180, 0x7fff, 0x40024e}, &(0x7f0000000340)=<r2=>0x0, &(0x7f0000000040)=<r3=>0x0)
timer_create(0x8, &(0x7f00000002c0)={0x0, 0x21, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x3a366d1c952a243b, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x2003, 0x1})
io_uring_enter(r1, 0x627, 0x4c1, 0x43, 0x0, 0x0)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000000), r4)
sendmsg$NL802154_CMD_NEW_SEC_LEVEL(r4, &(0x7f0000001700)={0x0, 0x0, &(0x7f00000016c0)={&(0x7f0000000080)={0x2c, r5, 0x1, 0x70bd25, 0x25dfdbfb, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_WPAN_DEV={0xc}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40891}, 0x20000000)

883.951469ms ago: executing program 0 (id=616):
r0 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000900), 0x2, 0x0)
lseek(r0, 0x3, 0x3)
socket$nl_netfilter(0x10, 0x3, 0xc)
mremap(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x2000, 0x3, &(0x7f00007fe000/0x800000)=nil)
syz_emit_ethernet(0x76, &(0x7f0000000080)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}, @remote, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0xe, 0x68, 0x0, 0x0, 0x0, 0x11, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}, @dev={0xac, 0x14, 0x14, 0x15}}, {0x0, 0xe21, 0x54, 0x0, @opaque="c01d4b3fa674f409c7d08222f30c1f79fe6e0527df4a927af0931ce3845bb777e0919ebbcf02839a5fb777c9458fdb8a0e13c1bb77a9e81121c645d77cac81d675f9ea62a9d08cd065336fe8"}}}}}, 0x0)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000840), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$ETHTOOL_MSG_CHANNELS_SET(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)={0x34, r1, 0x401, 0x0, 0x0, {}, [@ETHTOOL_A_CHANNELS_TX_COUNT={0x8, 0x7, 0x2}, @ETHTOOL_A_CHANNELS_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_bond\x00'}]}]}, 0x34}}, 0x0)
mbind(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x4003, &(0x7f0000000200)=0x40000000007d, 0x5, 0x0)
mbind(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x4003, &(0x7f0000000000)=0x7, 0x44, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
pipe2(0x0, 0x80800)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x2, @pix_mp={0x4, 0x9, 0x41495043, 0x9, 0x5, [{0x1, 0xb}, {0x3, 0x9}, {0x3, 0x3ff}, {0x8, 0x7a25}, {}, {0xffff, 0xffff8000}, {0x7, 0x4}, {0x4, 0x10000}], 0xa, 0x7f, 0x4, 0x0, 0x1}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
r4 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r4, 0xaf01, 0x0)
set_mempolicy(0x2, &(0x7f0000000080)=0x51e1, 0x3ff)
socket$nl_route(0x10, 0x3, 0x0)
setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xf, 0x0, 0x0)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x401c2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
ftruncate(r5, 0x8800000)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
recvmmsg(r7, &(0x7f00000034c0)=[{{0x0, 0x0, &(0x7f0000001e40)=[{&(0x7f0000000b80)=""/4096, 0x20001b80}, {&(0x7f0000001b80)=""/112, 0x70}], 0x2, 0x0, 0xa0028cb4}}], 0x40000000000013c, 0x700, 0x0)
sendfile(r6, r5, 0x0, 0x578410eb)

805.750868ms ago: executing program 2 (id=617):
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r2 = dup(r1)
write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c)
socket$packet(0x11, 0x3, 0x300)
r3 = openat$cgroup_ro(r2, &(0x7f0000000100)='cpuacct.usage_percpu_user\x00', 0x0, 0x0)
pipe(&(0x7f0000000040)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
io_setup(0x3ff, &(0x7f0000000500)=<r6=>0x0)
r7 = syz_io_uring_setup(0x75ae, &(0x7f0000000380)={0x0, 0x33f8, 0x200}, &(0x7f0000000180)=<r8=>0x0, &(0x7f00000000c0)=<r9=>0x0)
syz_io_uring_submit(r8, r9, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1})
io_uring_enter(r7, 0x708, 0x41e3, 0x0, 0x0, 0x0)
read$FUSE(r4, &(0x7f00000095c0)={0x2020}, 0xfffffc8b)
io_submit(r6, 0xf000, &(0x7f0000000300)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x5, 0x0, r4, 0x0}, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, r5, &(0x7f00000001c0)='m', 0xfffffdfc}])
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_open_dev$vbi(&(0x7f0000000040), 0x0, 0x2)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[], &(0x7f0000001dc0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
mkdirat(r3, &(0x7f0000000140)='./file0\x00', 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
recvmsg$unix(0xffffffffffffffff, 0x0, 0x60000021)
getsockopt$IP_VS_SO_GET_INFO(r0, 0x0, 0x481, &(0x7f0000005fc0), &(0x7f0000000000)=0xc)
socket$xdp(0x2c, 0x3, 0x0)

805.557651ms ago: executing program 3 (id=618):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
syz_open_dev$usbfs(&(0x7f0000000100), 0x205, 0x8401)
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_int(r0, 0x107, 0xf, 0x0, 0x0)
sendto$packet(r0, 0x0, 0x0, 0x0, 0x0, 0x0)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x80800)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r2 = dup(r1)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0xc, 0x0, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
syz_emit_ethernet(0x4a, &(0x7f0000000240)={@local, @dev, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x14, 0x6, 0x1, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x8, 0xf, &(0x7f0000000200)=ANY=[@ANYBLOB="1800008080b63428e900"/20, @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7020000000000008500000051000000bf0900000000000055"], 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6, @void, @value}, 0x94)
r3 = syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_misc(r4, &(0x7f0000000040), 0xe09)
ioctl$LOOP_CONFIGURE(r3, 0x4c0a, &(0x7f00000002c0)={r4, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0xb, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "f4bd000000801900", [0x0, 0x2000000000001]}})
write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd74)
r5 = syz_io_uring_setup(0x497, &(0x7f0000000480)={0x0, 0x7079, 0x10, 0x4, 0x285}, &(0x7f0000000340)=<r6=>0x0, &(0x7f0000000280)=<r7=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000080)=0xfffffffd, 0x0, 0x4)
syz_io_uring_submit(r6, r7, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
io_uring_enter(r5, 0x3516, 0x0, 0x0, 0x0, 0x0)
r8 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0)
ioctl$TIOCSETD(r8, 0x5423, &(0x7f0000000040)=0x3)
ioctl$FIONREAD(r8, 0x541b, &(0x7f0000002300))

455.707755ms ago: executing program 1 (id=619):
memfd_create(&(0x7f0000000300)='+\x8b\x8a\x16\x11O\xdd\xdfk(F\x99\xdf\x92\xd5>oJ\x02u\x9b\xafa\xac\x06\x9c&\xf5\xe3j\xfa\tcqM\xb8R\x86\xd9\xd2.\x9f\x12\xed\x10\f\xbd\x1a|\x8a\xbb\xda\xcfY\x98gU@\xf2M\xc0\xb5\xdf\x9a\x8d\xdb,n\xae\x0eT\x80\x8c\xfd\xd7\xb0\x94\x82t\x96\rKx\xc5\x9b\x8c\x87\x96\x8bc\xbc\xee\xcc\x9f\xe3F\x99V4\x8e;M\xa9\x823\xe3\xb3mG\x8f\xdb\xed\x1b\x05\xec\xfc\xd1\xb5\xfd\xec@\xdeU\xdd\xa4\xc1\xe4L)\x8e\xe5\x91\x8e\xd4\x89\xef\x95T\x05G\xac\xb8\xc1: )mh\xc7\xf1?\xbb\x13;\xad\x95\xd70\xb6\x0e\x7f\x84r\x0e\xbf\xc5\xf6\xd4\xdd\t\x14\x18\xf7\xefi\x93\x03\xd2\xf2\bK\"\xd2\xb5\xaa\xb8\xc8\xe0\xac\x99\xe8su\xcd\xc3E\x12\xd7\xdd\x96!\x16Tu\xe3\xf0\x84#R\xd9\xe3~Wj\xb0r\x87\'\xea\a\xcfOeK\x9daW\xf4\x87@\x9c\xf3\xf1K\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x91\xe6\xdb\xc2\xa5h\'\xdfIn\x97\x0263~\xeb\xbe(i\n\xc2k4\x7f\x12\xa9e`SOs\x8c\xb4\xe7FeQ\xc6$\x92j_U\xfa\b\xea\xb0bYkW\xc0\x05\aC{\xcc\x03T\x17\xa5Sk\x87P\xc2\x97D\xb2\xfa\x1b\x9fe\xf4\x10\x1a\xad\x92\xce\x88\x1b\xbc\xe14\x19\xaa\xd3\r\xf4\xa2\xc3\x9e=\xa0 \xe6j\xe5\x85\xf8\x97\x03\x15\xaa\x920\xdcrI\xd8\b\xfb\xc7\xe7xX\x00>d\xbb\xa71\xad\x9a\xfb\xe6\x13\x87\x93\\\xe5W-\xfc\xfd\xb8O\xb9j\xb8\xf2\x9dx\xb2\x86\xad\x92', 0x3)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bf"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @void, @value}, 0x94)
r0 = syz_io_uring_setup(0x19f2, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000140)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='pids.events\x00', 0x275a, 0x0)
write$UHID_CREATE2(r3, &(0x7f0000000180)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0)
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
getsockopt(0xffffffffffffffff, 0x200000000114, 0x2710, 0x0, &(0x7f0000000100))
socket$qrtr(0x2a, 0x2, 0x0)
r5 = gettid()
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000008000)={0x1, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="b70000000000000007000000000000009500000000000000a9171809f8dcf159569d5475991f7de1a0d0c119cfcf6b98741c23fb7f8d3002ec85db75af955427e91496087a51a0a78f269a9e216a0d0177c4fe3552396a180330807a5b6e8c79aa92038c78d1f16c1323f0e0c8d45c641a21757847cb22230e4321cc3581e40c62c4defee8cffe359cfeef7f58fffdb48647d28ae810f6d22d20271e9e88e94aa6982bf48356652b08e2fbd404e41e0058aae0478fbe542b648421d1b4486a542a7d478fbe6b5e000000293853f9c68e235184b7ad5b6c4fe70ec8320500db0db7fda3da6171a05509ffecef2cb9802d4f36c9a1ce46d3b355fec188ccfc2f0fc89e164561fb06ee9a0153981a47b5de9edd3536d5534f9a699f73b2c9341d2d05043748ce1f4577ed76cdf5b3c697089daa4abda69a8c0c992404610a6be9e103c972459065dec0488e85a6a0418fc87dd8019ef7bb4ef4fa6ee08d81797570578f2e8198e687012f25a69a90e7515e35f8abbddfa96c3f0485f01f0e9e144a2bd31c1b594c50de7c9efd826f1e19b7bd89ca4052b1985287bd13957a48467e0eeddf564d175bf4340885b63976df609806c3b2a3667539dfd66a7400000000003be6026e60205f761ce85cdf75cdb95ca5d32b5bf87eed4184d49f8f48181ef2419efe82ebb18ee55772d562b3b49551714e805a5211a3f4e8e703c03e23b2074bc573dbb66d59e269b722637c4a2efb5241cae2f14774609ad91d66724c438455dc4fcf0b4c8fc235f6c190b4c82bb2556d1fbcd4468369e98e989986dcbc900c743162ce2c7e60610acf0c8e4ba94a7e7127c7de0e6c35acecee1b8434fdca4579f9ebc6a515f7d910b466eb583fb0a7e65fbecb2b8ee0e9da33afb88aa5da8da3a5e0e58fcb48de6f165826b046a8951a47e040bd419d0efa0f54e8e3694085a7bde6f6494968d820"], &(0x7f0000003ff6)='syzkaller\x00', 0x1, 0xc3, &(0x7f00000002c0)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xffffffffffffff37, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
r7 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$sock_int(r7, 0x1, 0x1000000000000f, &(0x7f0000000080)=0x7fffffff, 0x4)
sendmmsg(r7, &(0x7f0000003880)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)
setsockopt$sock_attach_bpf(r7, 0x1, 0x34, &(0x7f0000000040)=r6, 0x4)
write$cgroup_subtree(0xffffffffffffffff, 0x0, 0x32600)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, 0xffffffffffffffff, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0)
ioctl$sock_FIOSETOWN(r4, 0x8901, &(0x7f0000000000)=r5)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_EPOLL_CTL=@add={0x1d, 0x0, 0x0, r3, 0x0})
io_uring_enter(r0, 0x2d3e, 0x0, 0x0, 0x0, 0x0)
mprotect(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1)
socket(0x2, 0x80805, 0x0)
r8 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x4, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r9 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="1b000000000000000000000000660000762a6e00000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r9, @ANYBLOB="0000000000000000b702000002000000850000008600000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r10=>0xffffffffffffffff, <r11=>0xffffffffffffffff})
r12 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x10, &(0x7f0000000180)=ANY=[], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
setsockopt$sock_attach_bpf(r10, 0x1, 0x32, &(0x7f00000000c0)=r12, 0x4)
sendmsg$unix(r11, &(0x7f00000006c0)={0x0, 0x0, 0x0}, 0x0)

392.602382ms ago: executing program 1 (id=620):
r0 = memfd_create(&(0x7f0000000200)='\x103q}2\x9a\xce\xaf\x03\xdfy[\xd9\xffR8\xf4\x1c\bi\xe4^\xd5\xfd\xa9\r\xac7A\x94\xa0\x00\x00\x00\x90+\xd6\x05\r\x84\x87\x1c\b\xdb\xe2\x00\x00A\x90m\xb6&\xd0\x9d\x00\x00\xc5\xb8,\f\xd4s\xb2\x99/\xc0\x9a\xf2O\xdb\x00\x00\x00\x00\x00\x00\r\x1b\xd3\xff<\x83z\x80\x8fQ|\xf5d\x10\x10\xd7\x01M\x7fML\x18\'\x1a<\xfee7{l\x16}\xa0I\x7f\xb5)l\xbb\x02\xfa\xb7\xb6\xa0]\xda8\xe0~\x1c \x91\t\x8b\xbd\x1f\xb3834d1i\x9b\x94\xa6\\\x0e\xe2\xfa\xe5!\xd3\xcf\xfc\xce\xba\xe2\x9f\x05xgL5\x14Y+\xb3\x1axi)<\xf7\x98\xc1\xba\xf4|\xe7|\xc4\xd7\x03\x00\x00\x00\x04D\x15E^7%8\x94y\x98\xf0l\xa0\'Q%\xd4\xda\xee\x81}\xcc\xfd\xa2\xe3M~x\x96\xe3]\xd70\xa2\x17\xca\xde\x1b\xaa\xe0l\xfc\x85\x8fc\x1c{|e\x8bs\xb0\x85E\xce;p)\xf8\xa6\xaa&QC4V\x81\x04\xcf\xd2\x81\xdc\xdf\xd7<\x9f\x93\x8bX\xd4\xea\xb2\xff\b\x92\xc7\x00\xef\xff\x00\x93\x1f\x92\xa7dcY\x9c\x9e9O-\xfcF\xbb\xbd{:IR\xea\xd8$\xe2\xa0\xc2\x8b\x1a\xead\xb8\xe1:6\x15M\x1d\xdak\x8c\x909\xd8\xb3\x02\xe0\x04\x9c\xc2\x06|\xf0\x0f\xa6Y&r\x9b\xc7\x1d\xe7jDf\x87@\x8fg\x15RJwe\xe2\xdcunu\xff`\xa40\xce\xffB%\xe4k\xff\x8d\x06\x0e\x89\xd9DC\x9fF\x9c[M=\xe0^\xa8\xed)\xe8Z\xe8\x99&\x87\x04\xa4\t\xaa\xd8\xd6\xd5pG\xcb\xc4\x8b\xf7\xb8#\xcb\xd8|\xa5\xa6S\x8b\x8cv\xb7)\x02k\xf3L\x03\xbb\xfa\xe1\\\xf1\x8cUj\xd5\xa5\x88GL\xe7_\xfd\x17C=G\x0f\xe9u\x1d\xfeg\xfex\xcd\xaa\xad\x906\xd0sy\xc6T\x93\xae\xd5r\xc8G\xc5\xfdS\xff\x04:`\x1e\xe3;l\xcd&\xd4\xf4\x8eum\x04\x00~\xfa\x05', 0x0)
ftruncate(r0, 0x80079a0)
r1 = openat$vimc2(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
close_range(r2, 0xffffffffffffffff, 0x0)
r3 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x1a8)
r4 = fanotify_init(0xf00, 0x0)
fanotify_mark(r4, 0x451, 0x8000010, r3, 0x0)
ioctl$VIDIOC_G_SELECTION(r1, 0xc040565e, &(0x7f0000000380)={0x1, 0x100, 0x4, {0x4, 0x7, 0x780000, 0xfcad}})
mmap(&(0x7f0000200000/0x400000)=nil, 0x400000, 0xb, 0x2012, r0, 0x0)
lseek(r0, 0x2, 0x1)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000015c0)=ANY=[@ANYBLOB="4800020010000126bd70000000000000000000", @ANYRES32=0x0, @ANYBLOB="0221000000000000140003006e657464657673696d3000000000000014001680100001800c0009008000000000000100"], 0x48}}, 0x24040800)

391.470222ms ago: executing program 1 (id=621):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@chandef_params, @NL80211_ATTR_BEACON_INTERVAL={0x8}]}, 0x24}}, 0x0) (fail_nth: 1)

271.826346ms ago: executing program 1 (id=622):
r0 = syz_open_dev$video(&(0x7f0000000040), 0xa7, 0x0)
ioctl$VIDIOC_S_FMT(r0, 0xc0d05640, &(0x7f0000000580)={0x8, @pix_mp={0xe9, 0x82, 0x32315659, 0x7, 0x0, [{}, {}, {0x0, 0x9}, {0x0, 0x320}, {0x7c4, 0x4}, {0x2, 0xfffffff9}, {0x0, 0x8}, {0x5b1, 0x3}], 0x0, 0x5, 0x8, 0x0, 0x5}})
r1 = socket$nl_generic(0x10, 0x3, 0x10)
syz_open_dev$cec(&(0x7f0000000080), 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/4\x00')
mount$9p_fd(0x0, &(0x7f0000000180)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYBLOB="6e093084884da804c97ca05601901e35d3b5c7a6e8f88bb5e4443c0bee3652cc852cb2edd7d3b6a519f32be837d90b"])
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r4=>0x0})
sendmsg$NL80211_CMD_START_AP(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)={0x24, r3, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@chandef_params, @NL80211_ATTR_BEACON_INTERVAL={0x8}]}, 0x24}}, 0x0)

271.551262ms ago: executing program 1 (id=623):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x80, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x2b38094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmsg$inet(r1, &(0x7f00000008c0)={0x0, 0x0, 0x0}, 0x4048010)
close(r2)
sendmsg$inet(r1, &(0x7f0000002800)={0x0, 0x0, 0x0}, 0x8010)
chdir(&(0x7f0000000080)='./file1\x00')
r3 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
chdir(&(0x7f0000000140)='./bus\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x4, &(0x7f0000000180)=ANY=[@ANYRES32=r3], 0x0, 0x8, 0x28, 0x0, 0x0, 0x50, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r3, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
ioctl$AUTOFS_IOC_PROTOSUBVER(r3, 0x40049366, &(0x7f0000000180))

125.503904ms ago: executing program 1 (id=624):
unshare(0x68040200)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = openat$6lowpan_control(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$6lowpan_control(r1, &(0x7f0000000180)='connect aa:aa:aa:aa:aa:11 0', 0x1b) (fail_nth: 3)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000002c0), 0x40000, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r2 = socket$kcm(0x2, 0xa, 0x2)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
lsm_list_modules(0x0, &(0x7f0000000340), 0x0)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="000086dd0000120000000000000060ec97000f982c00fb8000000000000000000000000000aaff02000000000000000000000000000189"], 0xfce)

75.833445ms ago: executing program 3 (id=625):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r1 = dup(r0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000007, 0x38011, r1, 0x0)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000380), 0x4000000004882, 0x0)
io_setup(0x1, &(0x7f00000004c0)=<r3=>0x0)
io_submit(r3, 0xca, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a0012fb, 0x2759, 0x7, 0x0, 0x0, r2, &(0x7f0000000000)="98", 0x3e8000072a, 0x1000000, 0x0, 0x10}])
sync()
bpf$MAP_CREATE(0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="0900000007000000000001"], 0x50)
r4 = syz_open_dev$evdev(&(0x7f0000000100), 0x0, 0x862b01)
r5 = syz_open_dev$evdev(&(0x7f0000000280), 0x0, 0x0)
ioctl$int_in(r5, 0x5452, &(0x7f0000000180)=0x800)
write$char_usb(r4, &(0x7f0000000040)="e2", 0x2250)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)

0s ago: executing program 0 (id=626):
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x0, 0x2}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socket$igmp6(0xa, 0x3, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
r4 = dup(r3)
sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=ANY=[@ANYBLOB="640000000206030000000000fffff0000000000016000300686173683a6e65742c706f72742c6e6574000000050004000000000005000500020000000900020073797a320000000005000100070000001400078008001340000000000800124009"], 0x64}}, 0x0)
r5 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r5, 0x84, 0x9, &(0x7f0000000140)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3f8, 0x0, 0x32}, 0x9c)
unlink(&(0x7f0000000000)='./file0\x00')
bind$inet6(r5, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r5, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
socket$netlink(0x10, 0x3, 0x8000000004)
mknod$loop(&(0x7f0000000140)='./file0\x00', 0x20, 0x1)
r6 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r6, @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r6, &(0x7f0000006300)={0x2020, 0x0, <r7=>0x0}, 0x2020)
write$FUSE_INIT(r6, &(0x7f0000000040)={0x50, 0x0, r7, {0x7, 0x1f, 0x0, 0x10408}}, 0x50)

kernel console output (not intermixed with test programs):

 T5951] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   48.529636][ T5937] 8021q: adding VLAN 0 to HW filter on device bond0
[   48.532400][ T5951] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   48.537830][ T5951] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   48.541847][ T5951] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   48.573153][ T5937] 8021q: adding VLAN 0 to HW filter on device team0
[   48.581715][ T1137] bridge0: port 1(bridge_slave_0) entered blocking state
[   48.584808][ T1137] bridge0: port 1(bridge_slave_0) entered forwarding state
[   48.590713][ T5941] 8021q: adding VLAN 0 to HW filter on device team0
[   48.609828][ T1137] bridge0: port 2(bridge_slave_1) entered blocking state
[   48.612067][ T1137] bridge0: port 2(bridge_slave_1) entered forwarding state
[   48.615692][ T1137] bridge0: port 1(bridge_slave_0) entered blocking state
[   48.617818][ T1137] bridge0: port 1(bridge_slave_0) entered forwarding state
[   48.638988][   T46] bridge0: port 2(bridge_slave_1) entered blocking state
[   48.641137][   T46] bridge0: port 2(bridge_slave_1) entered forwarding state
[   48.680524][ T5947] 8021q: adding VLAN 0 to HW filter on device bond0
[   48.708021][ T5941] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   48.726856][ T5947] 8021q: adding VLAN 0 to HW filter on device team0
[   48.734030][ T5951] 8021q: adding VLAN 0 to HW filter on device bond0
[   48.741550][ T1170] bridge0: port 1(bridge_slave_0) entered blocking state
[   48.743801][ T1170] bridge0: port 1(bridge_slave_0) entered forwarding state
[   48.751999][  T182] bridge0: port 2(bridge_slave_1) entered blocking state
[   48.754177][  T182] bridge0: port 2(bridge_slave_1) entered forwarding state
[   48.758405][ T5951] 8021q: adding VLAN 0 to HW filter on device team0
[   48.775660][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[   48.777808][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[   48.783088][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[   48.785272][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[   48.835620][ T5941] 8021q: adding VLAN 0 to HW filter on device batadv0
[   48.851424][ T5937] 8021q: adding VLAN 0 to HW filter on device batadv0
[   48.872822][ T5941] veth0_vlan: entered promiscuous mode
[   48.881429][ T5941] veth1_vlan: entered promiscuous mode
[   48.911696][ T5937] veth0_vlan: entered promiscuous mode
[   48.915509][ T5941] veth0_macvtap: entered promiscuous mode
[   48.921159][ T5947] 8021q: adding VLAN 0 to HW filter on device batadv0
[   48.927391][ T5941] veth1_macvtap: entered promiscuous mode
[   48.933470][ T5937] veth1_vlan: entered promiscuous mode
[   48.947320][ T5941] batman_adv: batadv0: Interface activated: batadv_slave_0
[   48.958592][ T5951] 8021q: adding VLAN 0 to HW filter on device batadv0
[   48.967508][ T5941] batman_adv: batadv0: Interface activated: batadv_slave_1
[   48.976613][ T5941] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   48.980154][ T5941] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   48.982901][ T5941] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   48.985884][ T5941] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   49.003415][ T5937] veth0_macvtap: entered promiscuous mode
[   49.013142][ T5937] veth1_macvtap: entered promiscuous mode
[   49.028597][ T5947] veth0_vlan: entered promiscuous mode
[   49.039567][ T5951] veth0_vlan: entered promiscuous mode
[   49.059084][ T5951] veth1_vlan: entered promiscuous mode
[   49.061591][ T5947] veth1_vlan: entered promiscuous mode
[   49.067605][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   49.070179][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   49.075572][ T5937] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   49.078794][ T5937] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   49.082500][ T5937] batman_adv: batadv0: Interface activated: batadv_slave_0
[   49.099924][ T5937] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   49.103146][ T5937] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   49.108909][ T5937] batman_adv: batadv0: Interface activated: batadv_slave_1
[   49.112555][   T46] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   49.113842][ T5937] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   49.116047][   T46] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   49.118530][ T5937] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   49.124044][ T5937] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   49.127782][ T5937] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   49.140946][ T5951] veth0_macvtap: entered promiscuous mode
[   49.151395][ T5951] veth1_macvtap: entered promiscuous mode
[   49.155763][ T5947] veth0_macvtap: entered promiscuous mode
[   49.166941][ T5947] veth1_macvtap: entered promiscuous mode
[   49.179435][ T5941] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   49.185658][ T5951] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   49.185685][ T5951] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   49.185693][ T5951] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   49.185703][ T5951] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   49.186929][ T5951] batman_adv: batadv0: Interface activated: batadv_slave_0
[   49.220901][ T5951] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   49.224095][ T5951] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   49.227588][ T5951] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   49.230662][ T5951] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   49.234472][ T5951] batman_adv: batadv0: Interface activated: batadv_slave_1
[   49.238070][ T5947] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   49.241452][ T5947] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   49.244342][ T5947] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   49.247816][ T5947] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   49.252238][ T5947] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   49.257085][ T5947] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   49.262423][ T5947] batman_adv: batadv0: Interface activated: batadv_slave_0
[   49.266784][   T86] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   49.270590][   T86] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   49.272252][ T5951] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   49.277606][ T5951] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   49.281247][ T5951] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   49.285321][ T5951] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   49.292674][ T5947] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   49.297374][ T5947] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   49.301333][ T5947] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   49.306671][ T5947] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   49.315289][ T5947] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   49.319537][ T5947] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   49.326660][ T5947] batman_adv: batadv0: Interface activated: batadv_slave_1
[   49.343473][ T5947] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   49.348840][ T5947] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   49.352459][ T5947] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   49.356528][ T5947] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   49.397202][  T182] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   49.399669][  T182] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   49.450623][   T86] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   49.453121][   T86] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   49.457425][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   49.459930][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   49.492321][  T182] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   49.499002][  T182] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   49.516534][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   49.519123][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   50.091495][ T6014] netlink: 256 bytes leftover after parsing attributes in process `syz.3.6'.
[   50.099373][ T6014] netlink: 56 bytes leftover after parsing attributes in process `syz.3.6'.
[   50.161050][    C1] IPv4: Oversized IP packet from 127.0.0.1
[   50.163674][    C1] IPv4: Oversized IP packet from 127.0.0.1
[   50.166208][    C1] IPv4: Oversized IP packet from 127.0.0.1
[   50.168489][    C1] IPv4: Oversized IP packet from 127.0.0.1
[   50.171014][    C1] IPv4: Oversized IP packet from 127.0.0.1
[   50.173299][    C1] IPv4: Oversized IP packet from 127.0.0.1
[   50.177951][    C1] IPv4: Oversized IP packet from 127.0.0.1
[   50.180337][    C1] IPv4: Oversized IP packet from 127.0.0.1
[   50.182621][    C1] IPv4: Oversized IP packet from 127.0.0.1
[   50.184915][    C1] IPv4: Oversized IP packet from 127.0.0.1
[   50.218878][ T6019] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   50.494936][ T5294] Bluetooth: hci1: command tx timeout
[   50.496824][ T5294] Bluetooth: hci0: command tx timeout
[   50.584797][   T67] Bluetooth: hci2: command tx timeout
[   50.584860][ T5294] Bluetooth: hci3: command tx timeout
[   51.526416][    T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!!
[   51.626322][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   51.704819][    T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!!
[   51.715175][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   51.717905][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   51.720563][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   51.723524][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   51.726432][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   51.729079][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   51.731910][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   51.752832][ T6052] netlink: 8 bytes leftover after parsing attributes in process `syz.2.18'.
[   51.755984][ T6052] netlink: 'syz.2.18': attribute type 5 has an invalid length.
[   51.757869][ T6055] netlink: 256 bytes leftover after parsing attributes in process `syz.1.20'.
[   51.761757][ T6052] netlink: 20 bytes leftover after parsing attributes in process `syz.2.18'.
[   51.763938][ T6055] netlink: 56 bytes leftover after parsing attributes in process `syz.1.20'.
[   51.769978][ T6052] netdevsim netdevsim2 netdevsim0: set [1, 1] type 2 family 0 port 256 - 0
[   51.772727][ T6052] netdevsim netdevsim2 netdevsim1: set [1, 1] type 2 family 0 port 256 - 0
[   51.777684][ T6052] netdevsim netdevsim2 netdevsim2: set [1, 1] type 2 family 0 port 256 - 0
[   51.781952][ T6052] netdevsim netdevsim2 netdevsim3: set [1, 1] type 2 family 0 port 256 - 0
[   51.786790][ T6052] geneve2: entered promiscuous mode
[   51.789282][ T6052] geneve2: entered allmulticast mode
[   51.859871][ T6051] syz.3.19 uses obsolete (PF_INET,SOCK_PACKET)
[   52.585262][ T5294] Bluetooth: hci0: command tx timeout
[   52.585281][   T67] Bluetooth: hci1: command tx timeout
[   52.664732][ T5294] Bluetooth: hci3: command tx timeout
[   52.666377][   T67] Bluetooth: hci2: command tx timeout
[   52.947795][ T6083] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   53.569550][ T6092] netlink: 4 bytes leftover after parsing attributes in process `syz.3.29'.
[   53.579304][ T6092] bridge0: port 2(bridge_slave_1) entered disabled state
[   53.609515][ T6092] bridge_slave_1 (unregistering): left allmulticast mode
[   53.612200][ T6092] bridge_slave_1 (unregistering): left promiscuous mode
[   53.617567][ T6092] bridge0: port 2(bridge_slave_1) entered disabled state
[   53.625283][ T6093] netlink: 56 bytes leftover after parsing attributes in process `syz.3.29'.
[   53.720114][ T6095] capability: warning: `syz.2.30' uses deprecated v2 capabilities in a way that may be insecure
[   53.726135][ T6095] process 'syz.2.30' launched './file1' with NULL argv: empty string added
[   54.665526][   T67] Bluetooth: hci1: command tx timeout
[   54.667471][   T67] Bluetooth: hci0: command tx timeout
[   54.734870][ T5294] Bluetooth: hci2: command tx timeout
[   54.737345][   T67] Bluetooth: hci3: command tx timeout
[   54.869226][ T6127] FAULT_INJECTION: forcing a failure.
[   54.869226][ T6127] name failslab, interval 1, probability 0, space 0, times 1
[   54.873614][ T6127] CPU: 3 UID: 0 PID: 6127 Comm: syz.2.38 Not tainted 6.15.0-rc4-syzkaller-00042-gb6ea1680d0ac #0 PREEMPT(full) 
[   54.873628][ T6127] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   54.873634][ T6127] Call Trace:
[   54.873638][ T6127]  <TASK>
[   54.873641][ T6127]  dump_stack_lvl+0x16c/0x1f0
[   54.873658][ T6127]  should_fail_ex+0x512/0x640
[   54.873671][ T6127]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[   54.873685][ T6127]  should_failslab+0xc2/0x120
[   54.873697][ T6127]  kmem_cache_alloc_noprof+0x6d/0x3b0
[   54.873707][ T6127]  ? alloc_pid+0xc7/0xbc0
[   54.873722][ T6127]  alloc_pid+0xc7/0xbc0
[   54.873737][ T6127]  copy_process+0x3872/0x91a0
[   54.873749][ T6127]  ? kasan_save_track+0x14/0x30
[   54.873758][ T6127]  ? __kasan_kmalloc+0xaa/0xb0
[   54.873766][ T6127]  ? vhost_task_create+0xe5/0x2e0
[   54.873779][ T6127]  ? kvm_mmu_post_init_vm+0x1b7/0x370
[   54.873794][ T6127]  ? kvm_arch_vcpu_ioctl_run+0x66/0x18c0
[   54.873807][ T6127]  ? kvm_vcpu_ioctl+0x5e9/0x1680
[   54.873821][ T6127]  ? __ia32_compat_sys_ioctl+0x24c/0x360
[   54.873833][ T6127]  ? __do_fast_syscall_32+0x73/0x120
[   54.873846][ T6127]  ? do_fast_syscall_32+0x32/0x80
[   54.873864][ T6127]  ? __pfx_copy_process+0x10/0x10
[   54.873882][ T6127]  ? lockdep_init_map_type+0x5c/0x280
[   54.873896][ T6127]  ? lockdep_init_map_type+0x5c/0x280
[   54.873909][ T6127]  ? __pfx_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10
[   54.873919][ T6127]  ? __pfx_kvm_nx_huge_page_recovery_worker+0x10/0x10
[   54.873932][ T6127]  vhost_task_create+0x1d2/0x2e0
[   54.873945][ T6127]  ? __pfx_vhost_task_create+0x10/0x10
[   54.873961][ T6127]  ? __pfx_vhost_task_fn+0x10/0x10
[   54.873980][ T6127]  kvm_mmu_post_init_vm+0x1b7/0x370
[   54.873996][ T6127]  kvm_arch_vcpu_ioctl_run+0x66/0x18c0
[   54.874010][ T6127]  ? kvm_vcpu_ioctl+0x14c2/0x1680
[   54.874025][ T6127]  kvm_vcpu_ioctl+0x5e9/0x1680
[   54.874040][ T6127]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[   54.874081][ T6127]  ? tomoyo_path_number_perm+0x18d/0x580
[   54.874094][ T6127]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[   54.874104][ T6127]  ? __sanitizer_cov_trace_switch+0x54/0x90
[   54.874118][ T6127]  ? do_vfs_ioctl+0x512/0x1990
[   54.874130][ T6127]  ? __pfx_do_vfs_ioctl+0x10/0x10
[   54.874153][ T6127]  kvm_vcpu_compat_ioctl+0x20f/0x3d0
[   54.874168][ T6127]  ? __pfx_kvm_vcpu_compat_ioctl+0x10/0x10
[   54.874182][ T6127]  ? __fget_files+0x20e/0x3c0
[   54.874195][ T6127]  ? fput+0x60/0xf0
[   54.874208][ T6127]  ? __pfx_kvm_vcpu_compat_ioctl+0x10/0x10
[   54.874222][ T6127]  __ia32_compat_sys_ioctl+0x24c/0x360
[   54.874237][ T6127]  __do_fast_syscall_32+0x73/0x120
[   54.874250][ T6127]  do_fast_syscall_32+0x32/0x80
[   54.874263][ T6127]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[   54.874275][ T6127] RIP: 0023:0xf7f85579
[   54.874289][ T6127] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[   54.874298][ T6127] RSP: 002b:00000000f50a655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[   54.874308][ T6127] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000000ae80
[   54.874313][ T6127] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   54.874318][ T6127] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   54.874323][ T6127] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[   54.874329][ T6127] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   54.874340][ T6127]  </TASK>
[   55.185910][ T6130] Zero length message leads to an empty skb
[   55.541415][ T6144] warning: `syz.0.44' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[   55.880221][ T6152] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   55.921364][ T6152] netlink: 4 bytes leftover after parsing attributes in process `syz.2.46'.
[   55.925195][ T6152] bridge_slave_1: left allmulticast mode
[   55.927596][ T6152] bridge_slave_1: left promiscuous mode
[   55.931144][ T6152] bridge0: port 2(bridge_slave_1) entered disabled state
[   55.937961][ T6152] bridge_slave_0: left allmulticast mode
[   55.940167][ T6152] bridge_slave_0: left promiscuous mode
[   55.942649][ T6152] bridge0: port 1(bridge_slave_0) entered disabled state
[   56.022883][ T6155] netlink: 16 bytes leftover after parsing attributes in process `syz.2.46'.
[   56.416858][ T6165] Cannot find del_set index 3 as target
[   56.709657][ T6169] FAULT_INJECTION: forcing a failure.
[   56.709657][ T6169] name failslab, interval 1, probability 0, space 0, times 0
[   56.714087][ T6169] CPU: 2 UID: 0 PID: 6169 Comm: syz.1.50 Not tainted 6.15.0-rc4-syzkaller-00042-gb6ea1680d0ac #0 PREEMPT(full) 
[   56.714102][ T6169] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   56.714110][ T6169] Call Trace:
[   56.714115][ T6169]  <TASK>
[   56.714121][ T6169]  dump_stack_lvl+0x16c/0x1f0
[   56.714143][ T6169]  should_fail_ex+0x512/0x640
[   56.714159][ T6169]  ? __kmalloc_cache_noprof+0x57/0x3e0
[   56.714183][ T6169]  should_failslab+0xc2/0x120
[   56.714197][ T6169]  __kmalloc_cache_noprof+0x6a/0x3e0
[   56.714212][ T6169]  ? mark_held_locks+0x49/0x80
[   56.714225][ T6169]  ? ovs_ct_limit_cmd_set+0x30a/0xa90
[   56.714241][ T6169]  ovs_ct_limit_cmd_set+0x30a/0xa90
[   56.714253][ T6169]  ? __pfx_ovs_ct_limit_cmd_set+0x10/0x10
[   56.714263][ T6169]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290
[   56.714277][ T6169]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290
[   56.714293][ T6169]  genl_family_rcv_msg_doit+0x206/0x2f0
[   56.714307][ T6169]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[   56.714320][ T6169]  ? trace_cap_capable+0x18d/0x200
[   56.714332][ T6169]  ? bpf_lsm_capable+0x9/0x10
[   56.714342][ T6169]  ? security_capable+0x7e/0x260
[   56.714358][ T6169]  ? ns_capable+0xd7/0x110
[   56.714369][ T6169]  genl_rcv_msg+0x55c/0x800
[   56.714383][ T6169]  ? __pfx_genl_rcv_msg+0x10/0x10
[   56.714395][ T6169]  ? __pfx___dev_queue_xmit+0x10/0x10
[   56.714409][ T6169]  ? __pfx_ovs_ct_limit_cmd_set+0x10/0x10
[   56.714419][ T6169]  ? __lock_acquire+0xaa4/0x1ba0
[   56.714433][ T6169]  netlink_rcv_skb+0x16a/0x440
[   56.714444][ T6169]  ? __pfx_genl_rcv_msg+0x10/0x10
[   56.714457][ T6169]  ? __pfx_netlink_rcv_skb+0x10/0x10
[   56.714474][ T6169]  ? __pfx_down_read+0x10/0x10
[   56.714493][ T6169]  ? netlink_deliver_tap+0x1ae/0xd30
[   56.714505][ T6169]  genl_rcv+0x28/0x40
[   56.714515][ T6169]  netlink_unicast+0x53a/0x7f0
[   56.714528][ T6169]  ? __pfx_netlink_unicast+0x10/0x10
[   56.714537][ T6169]  ? __build_skb_around+0x278/0x3b0
[   56.714552][ T6169]  ? __build_skb+0x6e/0x90
[   56.714560][ T6169]  ? is_vmalloc_addr+0x30/0x40
[   56.714572][ T6169]  netlink_sendmsg+0x8d1/0xdd0
[   56.714585][ T6169]  ? __pfx_netlink_sendmsg+0x10/0x10
[   56.714596][ T6169]  ? __import_iovec+0x1c8/0x660
[   56.714613][ T6169]  ____sys_sendmsg+0xa95/0xc70
[   56.714627][ T6169]  ? __pfx_____sys_sendmsg+0x10/0x10
[   56.714654][ T6169]  ? get_compat_msghdr+0x11a/0x170
[   56.714670][ T6169]  ___sys_sendmsg+0x134/0x1d0
[   56.714681][ T6169]  ? __pfx____sys_sendmsg+0x10/0x10
[   56.714707][ T6169]  __sys_sendmsg+0x16d/0x220
[   56.714729][ T6169]  ? __pfx___sys_sendmsg+0x10/0x10
[   56.714745][ T6169]  ? rcu_is_watching+0x12/0xc0
[   56.714756][ T6169]  __do_fast_syscall_32+0x73/0x120
[   56.714770][ T6169]  do_fast_syscall_32+0x32/0x80
[   56.714783][ T6169]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[   56.714795][ T6169] RIP: 0023:0xf7f87579
[   56.714804][ T6169] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[   56.714813][ T6169] RSP: 002b:00000000f50a655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[   56.714822][ T6169] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000000
[   56.714828][ T6169] RDX: 0000000000004010 RSI: 0000000000000000 RDI: 0000000000000000
[   56.714833][ T6169] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   56.714838][ T6169] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[   56.714844][ T6169] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   56.714856][ T6169]  </TASK>
[   57.148107][ T6180] can0: slcan on ttyprintk.
[   57.247047][ T6179] can0 (unregistered): slcan off ttyprintk.
[   57.375553][ T5294] Bluetooth: hci2: command tx timeout
[   57.441806][ T6198] syz.1.58: attempt to access beyond end of device
[   57.441806][ T6198] nbd1: rw=0, sector=64, nr_sectors = 1 limit=0
[   57.449466][ T6198] syz.1.58: attempt to access beyond end of device
[   57.449466][ T6198] nbd1: rw=0, sector=256, nr_sectors = 1 limit=0
[   57.453339][ T6198] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256
[   57.457415][ T6198] syz.1.58: attempt to access beyond end of device
[   57.457415][ T6198] nbd1: rw=0, sector=512, nr_sectors = 1 limit=0
[   57.461243][ T6198] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512
[   57.467817][ T6198] syz.1.58: attempt to access beyond end of device
[   57.467817][ T6198] nbd1: rw=0, sector=64, nr_sectors = 2 limit=0
[   57.471949][ T6198] syz.1.58: attempt to access beyond end of device
[   57.471949][ T6198] nbd1: rw=0, sector=512, nr_sectors = 2 limit=0
[   57.477567][ T6198] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256
[   57.480573][ T6198] syz.1.58: attempt to access beyond end of device
[   57.480573][ T6198] nbd1: rw=0, sector=1024, nr_sectors = 2 limit=0
[   57.485860][ T6198] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512
[   57.489093][ T6198] syz.1.58: attempt to access beyond end of device
[   57.489093][ T6198] nbd1: rw=0, sector=64, nr_sectors = 4 limit=0
[   57.492734][ T6198] syz.1.58: attempt to access beyond end of device
[   57.492734][ T6198] nbd1: rw=0, sector=1024, nr_sectors = 4 limit=0
[   57.496801][ T6198] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256
[   57.499685][ T6198] syz.1.58: attempt to access beyond end of device
[   57.499685][ T6198] nbd1: rw=0, sector=2048, nr_sectors = 4 limit=0
[   57.503394][ T6198] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512
[   57.506818][ T6198] syz.1.58: attempt to access beyond end of device
[   57.506818][ T6198] nbd1: rw=0, sector=64, nr_sectors = 8 limit=0
[   57.510676][ T6198] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256
[   57.513948][ T6198] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512
[   57.518894][ T6198] UDF-fs: warning (device nbd1): udf_fill_super: No partition found (1)
[   57.528779][ T6201] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256
[   57.532237][ T6201] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512
[   57.538245][ T6201] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256
[   57.541727][ T6201] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512
[   57.545465][ T6201] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256
[   57.548562][ T6201] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512
[   57.552114][ T6201] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256
[   57.555573][ T6201] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512
[   57.558576][ T6201] UDF-fs: warning (device nbd1): udf_fill_super: No partition found (1)
[   57.604131][ T6203] netlink: 12 bytes leftover after parsing attributes in process `syz.1.59'.
[   57.811562][ T6214] netlink: 12 bytes leftover after parsing attributes in process `syz.1.63'.
[   57.817155][ T6214] netlink: 12 bytes leftover after parsing attributes in process `syz.1.63'.
[   58.068790][ T6223] Cannot find del_set index 3 as target
[   58.261518][ T6225] FAULT_INJECTION: forcing a failure.
[   58.261518][ T6225] name fail_usercopy, interval 1, probability 0, space 0, times 1
[   58.267057][ T6225] CPU: 3 UID: 0 PID: 6225 Comm: syz.2.66 Not tainted 6.15.0-rc4-syzkaller-00042-gb6ea1680d0ac #0 PREEMPT(full) 
[   58.267079][ T6225] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   58.267088][ T6225] Call Trace:
[   58.267094][ T6225]  <TASK>
[   58.267100][ T6225]  dump_stack_lvl+0x16c/0x1f0
[   58.267126][ T6225]  should_fail_ex+0x512/0x640
[   58.267151][ T6225]  _copy_from_iter+0x2a4/0x15b0
[   58.267179][ T6225]  ? alloc_pages_mpol+0x25a/0x550
[   58.267198][ T6225]  ? __pfx__copy_from_iter+0x10/0x10
[   58.267220][ T6225]  ? __pfx_alloc_pages_mpol+0x10/0x10
[   58.267236][ T6225]  ? trace_mm_page_alloc+0x11f/0x1a0
[   58.267266][ T6225]  copy_page_from_iter+0xa5/0x120
[   58.267298][ T6225]  tun_build_skb.constprop.0+0x292/0x1480
[   58.267323][ T6225]  ? __pfx_tun_build_skb.constprop.0+0x10/0x10
[   58.267339][ T6225]  ? __lock_acquire+0x5ca/0x1ba0
[   58.267372][ T6225]  ? find_held_lock+0x2b/0x80
[   58.267391][ T6225]  tun_get_user+0x165f/0x3b10
[   58.267414][ T6225]  ? __pfx_tun_get_user+0x10/0x10
[   58.267428][ T6225]  ? __pfx_ref_tracker_alloc+0x10/0x10
[   58.267456][ T6225]  ? find_held_lock+0x2b/0x80
[   58.267471][ T6225]  ? tun_get+0x191/0x370
[   58.267500][ T6225]  tun_chr_write_iter+0xdc/0x210
[   58.267518][ T6225]  vfs_write+0x5ba/0x1180
[   58.267533][ T6225]  ? __pfx_tun_chr_write_iter+0x10/0x10
[   58.267551][ T6225]  ? __pfx_vfs_write+0x10/0x10
[   58.267563][ T6225]  ? find_held_lock+0x2b/0x80
[   58.267589][ T6225]  ksys_write+0x12a/0x240
[   58.267603][ T6225]  ? __pfx_ksys_write+0x10/0x10
[   58.267620][ T6225]  ? rcu_is_watching+0x12/0xc0
[   58.267638][ T6225]  __do_fast_syscall_32+0x73/0x120
[   58.267661][ T6225]  do_fast_syscall_32+0x32/0x80
[   58.267683][ T6225]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[   58.267702][ T6225] RIP: 0023:0xf7f85579
[   58.267715][ T6225] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[   58.267729][ T6225] RSP: 002b:00000000f50a6520 EFLAGS: 00000293 ORIG_RAX: 0000000000000004
[   58.267744][ T6225] RAX: ffffffffffffffda RBX: 00000000000000c8 RCX: 00000000800004c0
[   58.267753][ T6225] RDX: 000000000000007e RSI: 00000000f7412ff4 RDI: 0000000000000000
[   58.267762][ T6225] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   58.267770][ T6225] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[   58.267779][ T6225] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   58.267799][ T6225]  </TASK>
[   59.648349][ T6267] netlink: 8 bytes leftover after parsing attributes in process `syz.2.81'.
[   59.706874][ T6268] ªªªªªª†³?ÂHºm: renamed from lo (while UP)
[   59.895622][ T6264] netlink: 4 bytes leftover after parsing attributes in process `syz.1.80'.
[   60.452706][ T6278] Cannot find del_set index 3 as target
[   60.551122][ T6275] netlink: 4 bytes leftover after parsing attributes in process `syz.2.84'.
[   60.724816][   T34] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[   60.877917][   T34] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[   60.881332][   T34] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[   60.884536][   T34] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[   60.888293][   T34] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   60.896963][ T6288] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[   60.913584][   T34] usb 6-1: Quirk or no altset; falling back to MIDI 1.0
[   61.137478][   T34] usb 6-1: USB disconnect, device number 2
[   61.943581][ T6315] batman_adv: batadv0: Adding interface: dummy0
[   61.945701][ T6315] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   61.953382][ T6315] batman_adv: batadv0: Interface activated: dummy0
[   61.960619][ T6315] net_ratelimit: 22 callbacks suppressed
[   61.960628][ T6315] batadv0: mtu less than device minimum
[   61.964756][ T6315] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[   61.968408][ T6315] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[   61.972037][ T6315] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[   61.975721][ T6315] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[   61.979335][ T6315] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[   61.982980][ T6315] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[   61.986866][ T6315] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[   61.990516][ T6315] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[   61.994257][ T6315] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[   62.548647][ T6331] Cannot find del_set index 3 as target
[   62.783543][ T6327] syz.1.94 (6327) used greatest stack depth: 20504 bytes left
[   63.092400][ T6338] FAULT_INJECTION: forcing a failure.
[   63.092400][ T6338] name failslab, interval 1, probability 0, space 0, times 0
[   63.096625][ T6338] CPU: 1 UID: 0 PID: 6338 Comm: syz.1.99 Not tainted 6.15.0-rc4-syzkaller-00042-gb6ea1680d0ac #0 PREEMPT(full) 
[   63.096649][ T6338] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   63.096655][ T6338] Call Trace:
[   63.096659][ T6338]  <TASK>
[   63.096662][ T6338]  dump_stack_lvl+0x16c/0x1f0
[   63.096679][ T6338]  should_fail_ex+0x512/0x640
[   63.096693][ T6338]  ? fs_reclaim_acquire+0xae/0x150
[   63.096709][ T6338]  should_failslab+0xc2/0x120
[   63.096720][ T6338]  kmem_cache_alloc_noprof+0x6d/0x3b0
[   63.096731][ T6338]  ? security_inode_alloc+0x3b/0x2b0
[   63.096743][ T6338]  security_inode_alloc+0x3b/0x2b0
[   63.096753][ T6338]  inode_init_always_gfp+0xce4/0x1030
[   63.096771][ T6338]  alloc_inode+0x86/0x240
[   63.096782][ T6338]  new_inode+0x22/0x1c0
[   63.096792][ T6338]  ? proc_lookup_de+0x217/0x320
[   63.096803][ T6338]  proc_get_inode+0x1d/0x780
[   63.096814][ T6338]  proc_lookup_de+0x253/0x320
[   63.096825][ T6338]  proc_lookup+0xcf/0x110
[   63.096836][ T6338]  __lookup_slow+0x24e/0x460
[   63.096848][ T6338]  ? __pfx___lookup_slow+0x10/0x10
[   63.096868][ T6338]  ? lookup_fast+0x156/0x610
[   63.096883][ T6338]  walk_component+0x353/0x5b0
[   63.096898][ T6338]  link_path_walk.part.0.constprop.0+0x685/0xd60
[   63.096917][ T6338]  path_openat+0x227/0x2d40
[   63.096925][ T6338]  ? __ia32_compat_sys_openat+0x16d/0x210
[   63.096938][ T6338]  ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[   63.096955][ T6338]  ? __pfx_path_openat+0x10/0x10
[   63.096967][ T6338]  do_filp_open+0x20b/0x470
[   63.096976][ T6338]  ? __pfx_do_filp_open+0x10/0x10
[   63.096994][ T6338]  ? alloc_fd+0x471/0x7d0
[   63.097012][ T6338]  do_sys_openat2+0x11b/0x1d0
[   63.097024][ T6338]  ? __pfx_do_sys_openat2+0x10/0x10
[   63.097037][ T6338]  ? __fget_files+0x20e/0x3c0
[   63.097054][ T6338]  __ia32_compat_sys_openat+0x16d/0x210
[   63.097067][ T6338]  ? __pfx___ia32_compat_sys_openat+0x10/0x10
[   63.097080][ T6338]  ? ksys_write+0x1b9/0x240
[   63.097090][ T6338]  ? rcu_is_watching+0x12/0xc0
[   63.097101][ T6338]  __do_fast_syscall_32+0x73/0x120
[   63.097116][ T6338]  do_fast_syscall_32+0x32/0x80
[   63.097128][ T6338]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[   63.097140][ T6338] RIP: 0023:0xf7f87579
[   63.097148][ T6338] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[   63.097157][ T6338] RSP: 002b:00000000f506455c EFLAGS: 00000296 ORIG_RAX: 0000000000000127
[   63.097166][ T6338] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 00000000800004c0
[   63.097172][ T6338] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   63.097177][ T6338] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   63.097182][ T6338] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[   63.097187][ T6338] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   63.097199][ T6338]  </TASK>
[   64.840267][ T6372] Cannot find del_set index 3 as target
[   65.228675][ T6380] binder: 6379:6380 ioctl c0306201 0 returned -14
[   65.281669][ T6384] overlayfs: upper fs does not support RENAME_WHITEOUT.
[   65.283961][ T6384] overlayfs: failed to set xattr on upper
[   65.287883][ T6384] overlayfs: ...falling back to redirect_dir=nofollow.
[   65.290046][ T6384] overlayfs: ...falling back to index=off.
[   65.291945][ T6384] overlayfs: maximum fs stacking depth exceeded
[   65.296707][ T6384] MTD: Attempt to mount non-MTD device "/dev/sr0"
[   65.299735][ T6384] /dev/sr0: Can't open blockdev
[   65.302925][ T6384] overlayfs: upper fs does not support RENAME_WHITEOUT.
[   65.307296][ T6384] overlayfs: failed to set xattr on upper
[   65.309180][ T6384] overlayfs: ...falling back to redirect_dir=nofollow.
[   65.311333][ T6384] overlayfs: ...falling back to uuid=null.
[   65.313247][ T6384] overlayfs: maximum fs stacking depth exceeded
[   65.456778][ T6389] block nbd2: shutting down sockets
[   65.545392][ T6391] FAULT_INJECTION: forcing a failure.
[   65.545392][ T6391] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   65.549660][ T6391] CPU: 1 UID: 0 PID: 6391 Comm: syz.2.117 Not tainted 6.15.0-rc4-syzkaller-00042-gb6ea1680d0ac #0 PREEMPT(full) 
[   65.549674][ T6391] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   65.549680][ T6391] Call Trace:
[   65.549683][ T6391]  <TASK>
[   65.549687][ T6391]  dump_stack_lvl+0x16c/0x1f0
[   65.549703][ T6391]  should_fail_ex+0x512/0x640
[   65.549719][ T6391]  _copy_from_user+0x2e/0xd0
[   65.549734][ T6391]  get_compat_msghdr+0xa7/0x170
[   65.549745][ T6391]  ? __pfx_get_compat_msghdr+0x10/0x10
[   65.549755][ T6391]  ? __lock_acquire+0x5ca/0x1ba0
[   65.549770][ T6391]  ___sys_recvmsg+0x191/0x1a0
[   65.549781][ T6391]  ? __pfx____sys_recvmsg+0x10/0x10
[   65.549796][ T6391]  ? get_pid_task+0xb0/0x250
[   65.549810][ T6391]  ? __pfx___might_resched+0x10/0x10
[   65.549822][ T6391]  do_recvmmsg+0x568/0x740
[   65.549834][ T6391]  ? __pfx_do_recvmmsg+0x10/0x10
[   65.549851][ T6391]  ? __fget_files+0x20e/0x3c0
[   65.549868][ T6391]  __sys_recvmmsg+0x21c/0x280
[   65.549878][ T6391]  ? __pfx___sys_recvmmsg+0x10/0x10
[   65.549889][ T6391]  ? __pfx_ksys_write+0x10/0x10
[   65.549914][ T6391]  __ia32_compat_sys_recvmmsg_time32+0xc4/0x160
[   65.549924][ T6391]  ? lockdep_hardirqs_on+0x7c/0x110
[   65.549936][ T6391]  ? syscall_enter_from_user_mode_prepare+0x68/0xe0
[   65.549968][ T6391]  __do_fast_syscall_32+0x73/0x120
[   65.549988][ T6391]  do_fast_syscall_32+0x32/0x80
[   65.550000][ T6391]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[   65.550013][ T6391] RIP: 0023:0xf7f85579
[   65.550021][ T6391] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[   65.550030][ T6391] RSP: 002b:00000000f50a655c EFLAGS: 00000296 ORIG_RAX: 0000000000000151
[   65.550040][ T6391] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800000c0
[   65.550046][ T6391] RDX: 0000000000010106 RSI: 0000000000000002 RDI: 0000000000000000
[   65.550051][ T6391] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   65.550056][ T6391] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[   65.550061][ T6391] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   65.550073][ T6391]  </TASK>
[   65.693935][ T6397] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   65.987437][ T6400] overlayfs: failed to clone upperpath
[   66.512991][ T6418] Cannot find del_set index 3 as target
[   67.052877][ T6434] FAULT_INJECTION: forcing a failure.
[   67.052877][ T6434] name failslab, interval 1, probability 0, space 0, times 0
[   67.057920][ T6434] CPU: 1 UID: 0 PID: 6434 Comm: syz.1.130 Not tainted 6.15.0-rc4-syzkaller-00042-gb6ea1680d0ac #0 PREEMPT(full) 
[   67.057961][ T6434] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   67.057970][ T6434] Call Trace:
[   67.057976][ T6434]  <TASK>
[   67.057982][ T6434]  dump_stack_lvl+0x16c/0x1f0
[   67.058004][ T6434]  should_fail_ex+0x512/0x640
[   67.058018][ T6434]  ? __kmalloc_cache_noprof+0x57/0x3e0
[   67.058036][ T6434]  should_failslab+0xc2/0x120
[   67.058047][ T6434]  __kmalloc_cache_noprof+0x6a/0x3e0
[   67.058062][ T6434]  ? lockdep_init_map_type+0x5c/0x280
[   67.058074][ T6434]  ? shmem_init_fs_context+0x45/0x2b0
[   67.058091][ T6434]  shmem_init_fs_context+0x45/0x2b0
[   67.058106][ T6434]  ? __pfx_shmem_init_fs_context+0x10/0x10
[   67.058120][ T6434]  alloc_fs_context+0x54a/0x9c0
[   67.058132][ T6434]  path_mount+0xb06/0x1f20
[   67.058143][ T6434]  ? kmem_cache_free+0x2d4/0x4d0
[   67.058152][ T6434]  ? __pfx_path_mount+0x10/0x10
[   67.058163][ T6434]  ? putname+0x154/0x1a0
[   67.058175][ T6434]  __ia32_sys_mount+0x28b/0x310
[   67.058186][ T6434]  ? __pfx___ia32_sys_mount+0x10/0x10
[   67.058201][ T6434]  ? rcu_is_watching+0x12/0xc0
[   67.058212][ T6434]  __do_fast_syscall_32+0x73/0x120
[   67.058226][ T6434]  do_fast_syscall_32+0x32/0x80
[   67.058239][ T6434]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[   67.058251][ T6434] RIP: 0023:0xf7f87579
[   67.058259][ T6434] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[   67.058268][ T6434] RSP: 002b:00000000f506455c EFLAGS: 00000296 ORIG_RAX: 0000000000000015
[   67.058277][ T6434] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000800000c0
[   67.058283][ T6434] RDX: 0000000080000180 RSI: 0000000000000000 RDI: 00000000800001c0
[   67.058288][ T6434] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   67.058293][ T6434] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[   67.058299][ T6434] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   67.058310][ T6434]  </TASK>
[   67.062576][ T6434] Cannot find del_set index 3 as target
[   67.193043][ T6431] netlink: 'syz.1.130': attribute type 11 has an invalid length.
[   67.195767][ T6431] netlink: 224 bytes leftover after parsing attributes in process `syz.1.130'.
[   67.249571][    C0] net_ratelimit: 42 callbacks suppressed
[   67.249588][    C0] IPv4: Oversized IP packet from 127.0.0.1
[   67.255188][    C0] IPv4: Oversized IP packet from 127.0.0.1
[   67.258345][    C0] IPv4: Oversized IP packet from 127.0.0.1
[   67.261516][    C0] IPv4: Oversized IP packet from 127.0.0.1
[   67.263902][    C0] IPv4: Oversized IP packet from 127.0.0.1
[   67.266268][    C0] IPv4: Oversized IP packet from 127.0.0.1
[   67.268459][    C0] IPv4: Oversized IP packet from 127.0.0.1
[   67.270665][    C0] IPv4: Oversized IP packet from 127.0.0.1
[   67.272865][    C0] IPv4: Oversized IP packet from 127.0.0.1
[   67.275168][    C0] IPv4: Oversized IP packet from 127.0.0.1
[   67.290230][ T6438] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   69.001037][ T6496] Cannot find del_set index 3 as target
[   69.235980][ T5294] Bluetooth: hci0: Unable to find connection for big 0x00
[   69.238558][ T6502] Cannot find del_set index 3 as target
[   69.242214][ T6502] netlink: 'syz.1.143': attribute type 11 has an invalid length.
[   69.244885][ T6502] netlink: 224 bytes leftover after parsing attributes in process `syz.1.143'.
[   69.569170][ T6515] mmap: syz.3.146 (6515) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[   69.910139][ T6533] can0: slcan on ttyprintk.
[   70.107835][ T6532] can0 (unregistered): slcan off ttyprintk.
[   70.826785][ T1416] ieee802154 phy0 wpan0: encryption failed: -22
[   70.828987][ T1416] ieee802154 phy1 wpan1: encryption failed: -22
[   71.318398][ T6572] Cannot find del_set index 3 as target
[   71.952883][ T6585] overlayfs: upper fs does not support RENAME_WHITEOUT.
[   71.955816][ T6585] overlayfs: failed to set xattr on upper
[   71.958126][ T6585] overlayfs: ...falling back to redirect_dir=nofollow.
[   71.960866][ T6585] overlayfs: ...falling back to index=off.
[   71.962682][ T6585] overlayfs: maximum fs stacking depth exceeded
[   71.966748][ T6585] MTD: Attempt to mount non-MTD device "/dev/sr0"
[   72.024625][ T6590] overlayfs: upper fs does not support RENAME_WHITEOUT.
[   72.028420][ T6590] overlayfs: failed to set xattr on upper
[   72.030696][ T6590] overlayfs: ...falling back to redirect_dir=nofollow.
[   72.033404][ T6590] overlayfs: ...falling back to uuid=null.
[   72.036513][ T6590] overlayfs: maximum fs stacking depth exceeded
[   72.073329][ T6591] block device autoloading is deprecated and will be removed.
[   72.078277][ T6587] md: md2 stopped.
[   72.196388][ T6585] /dev/sr0: Can't open blockdev
[   72.220900][ T6597] netlink: 20 bytes leftover after parsing attributes in process `syz.1.163'.
[   72.694931][  T837] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[   72.844752][  T837] usb 6-1: Using ep0 maxpacket: 16
[   72.849819][  T837] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 99, changing to 10
[   72.911311][ T6615] Cannot find del_set index 3 as target
[   73.194013][  T837] usb 6-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 8
[   73.224200][  T837] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[   73.227146][  T837] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   73.230010][  T837] usb 6-1: Product: syz
[   73.231319][  T837] usb 6-1: Manufacturer: syz
[   73.232720][  T837] usb 6-1: SerialNumber: syz
[   73.464503][  T837] cdc_ncm 6-1:1.0: bind() failure
[   73.468573][  T837] cdc_ncm 6-1:1.1: CDC Union missing and no IAD found
[   73.471214][  T837] cdc_ncm 6-1:1.1: bind() failure
[   73.474954][  T837] usb 6-1: USB disconnect, device number 3
[   74.164351][ T6633] overlayfs: upper fs does not support RENAME_WHITEOUT.
[   74.168126][ T6633] overlayfs: failed to set xattr on upper
[   74.169983][ T6633] overlayfs: ...falling back to redirect_dir=nofollow.
[   74.172098][ T6633] overlayfs: ...falling back to index=off.
[   74.173926][ T6633] overlayfs: maximum fs stacking depth exceeded
[   74.178096][ T6633] overlayfs: upper fs does not support RENAME_WHITEOUT.
[   74.180284][ T6633] overlayfs: failed to set xattr on upper
[   74.182082][ T6633] overlayfs: ...falling back to redirect_dir=nofollow.
[   74.184191][ T6633] overlayfs: ...falling back to uuid=null.
[   74.186163][ T6633] overlayfs: maximum fs stacking depth exceeded
[   74.514757][ T6279] usb 6-1: new full-speed USB device number 4 using dummy_hcd
[   74.737679][ T6279] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   74.745942][ T6279] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[   74.755487][ T6279] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[   74.758903][ T6279] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5
[   74.768760][ T6279] usb 6-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[   74.772053][ T6279] usb 6-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[   74.774851][ T6279] usb 6-1: Manufacturer: syz
[   74.783092][ T6279] usb 6-1: config 0 descriptor??
[   75.034770][ T6279] rc_core: IR keymap rc-hauppauge not found
[   75.037239][ T6279] Registered IR keymap rc-empty
[   75.039188][ T6279] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[   75.054828][ T6279] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[   75.077418][ T6279] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:0.0/rc/rc0
[   75.087909][ T6279] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:0.0/rc/rc0/input5
[   75.103341][ T6279] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[   75.124772][ T6279] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[   75.144752][ T6279] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[   75.165490][ T6279] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[   75.199228][ T6637] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   75.204309][ T6637] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   75.260999][ T6279] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[   75.284791][ T6279] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[   75.304734][ T6279] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[   75.324955][ T6279] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[   75.355006][ T6279] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[   75.378453][ T6655] Cannot find del_set index 3 as target
[   75.394752][ T6279] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[   75.431026][ T6279] mceusb 6-1:0.0: Registered 424242424242 with mce emulator interface version 1
[   75.434032][ T6279] mceusb 6-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[   75.454921][ T6279] usb 6-1: USB disconnect, device number 4
[   75.503364][ T6657] netfs: Duplicate cookie detected
[   75.505155][ T6657] netfs: O-cookie c=00000005 [fl=4000 na=0 nA=0 s=-]
[   75.507268][ T6657] netfs: O-cookie V=00000002 [9p,syz,]
[   75.508964][ T6657] netfs: O-key=[8] 'c500240200000000'
[   75.510698][ T6657] netfs: N-cookie c=00000006 [fl=8 na=0 nA=0 s=-]
[   75.512648][ T6657] netfs: N-cookie V=00000002 [9p,syz,]
[   75.514431][ T6657] netfs: N-key=[8] 'c500240200000000'
[   75.622552][ T6663] overlayfs: upper fs does not support RENAME_WHITEOUT.
[   75.624859][ T6663] overlayfs: failed to set xattr on upper
[   75.626625][ T6663] overlayfs: ...falling back to redirect_dir=nofollow.
[   75.628769][ T6663] overlayfs: ...falling back to index=off.
[   75.630595][ T6663] overlayfs: maximum fs stacking depth exceeded
[   75.634503][ T6663] overlayfs: upper fs does not support RENAME_WHITEOUT.
[   75.637003][ T6663] overlayfs: failed to set xattr on upper
[   75.639337][ T6663] overlayfs: ...falling back to redirect_dir=nofollow.
[   75.642012][ T6663] overlayfs: ...falling back to uuid=null.
[   75.644116][ T6663] overlayfs: maximum fs stacking depth exceeded
[   75.677735][ T6667] netlink: 36 bytes leftover after parsing attributes in process `syz.2.183'.
[   75.721630][  T837] IPVS: starting estimator thread 0...
[   75.804974][ T6668] IPVS: using max 47 ests per chain, 112800 per kthread
[   75.872478][    C0] net_ratelimit: 22 callbacks suppressed
[   75.872489][    C0] IPv4: Oversized IP packet from 127.0.0.1
[   75.877979][    C0] IPv4: Oversized IP packet from 127.0.0.1
[   75.880333][    C0] IPv4: Oversized IP packet from 127.0.0.1
[   75.882587][    C0] IPv4: Oversized IP packet from 127.0.0.1
[   75.884852][    C0] IPv4: Oversized IP packet from 127.0.0.1
[   75.887919][    C0] IPv4: Oversized IP packet from 127.0.0.1
[   75.890380][    C0] IPv4: Oversized IP packet from 127.0.0.1
[   75.892759][    C0] IPv4: Oversized IP packet from 127.0.0.1
[   75.895681][    C0] IPv4: Oversized IP packet from 127.0.0.1
[   75.898403][    C0] IPv4: Oversized IP packet from 127.0.0.1
[   75.924714][ T6677] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   76.506399][ T6686] kvm: requested 3352 ns i8254 timer period limited to 200000 ns
[   76.648519][ T6695] ubi31: attaching mtd0
[   77.314295][ T6703] team0: Device gtp0 is of different type
[   77.774826][   T67] Bluetooth: hci2: command tx timeout
[   77.829763][ T6715] overlayfs: unescaped trailing colons in lowerdir mount option.
[   77.879492][ T6713] Cannot find del_set index 3 as target
[   78.094743][ T6337] usb 8-1: new high-speed USB device number 2 using dummy_hcd
[   78.251325][ T6337] usb 8-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f
[   78.255357][ T6337] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   78.257988][ T6337] usb 8-1: Product: syz
[   78.259407][ T6337] usb 8-1: Manufacturer: syz
[   78.260883][ T6337] usb 8-1: SerialNumber: syz
[   78.263531][ T6337] usb 8-1: config 0 descriptor??
[   78.475087][ T6337] usb 8-1: USB disconnect, device number 2
[   79.050411][ T6743] overlayfs: upper fs does not support RENAME_WHITEOUT.
[   79.052621][ T6743] overlayfs: failed to set xattr on upper
[   79.054399][ T6743] overlayfs: ...falling back to redirect_dir=nofollow.
[   79.057237][ T6743] overlayfs: ...falling back to uuid=null.
[   79.059384][ T6743] overlayfs: maximum fs stacking depth exceeded
[   79.878196][ T6767] Cannot find del_set index 3 as target
[   81.076779][   T64] cfg80211: failed to load regulatory.db
[   81.096024][ T6783] usb 2-1: USB disconnect, device number 2
[   81.352689][ T6794] hub 2-0:1.0: USB hub found
[   81.362877][ T6799] ubi31: attaching mtd0
[   81.385005][ T6794] hub 2-0:1.0: 6 ports detected
[   81.574757][   T64] usb 2-1: new high-speed USB device number 3 using ehci-pci
[   81.757000][   T64] usb 2-1: New USB device found, idVendor=0627, idProduct=0001, bcdDevice= 0.00
[   81.759822][   T64] usb 2-1: New USB device strings: Mfr=1, Product=3, SerialNumber=10
[   81.762252][   T64] usb 2-1: Product: QEMU USB Tablet
[   81.763825][   T64] usb 2-1: Manufacturer: QEMU
[   81.850243][   T64] usb 2-1: SerialNumber: 28754-0000:00:1d.7-1
[   81.873743][   T64] input: QEMU QEMU USB Tablet as /devices/pci0000:00/0000:00:1d.7/usb2/2-1/2-1:1.0/0003:0627:0001.0002/input/input6
[   81.944302][   T64] hid-generic 0003:0627:0001.0002: input,hidraw0: USB HID v0.01 Mouse [QEMU QEMU USB Tablet] on usb-0000:00:1d.7-1/input0
[   82.418730][ T6815] Cannot find del_set index 3 as target
[   83.743008][   T40] audit: type=1326 audit(1746057155.631:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6818 comm="syz.3.224" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc1579 code=0x7fc00000
[   84.481080][ T6856] ubi31: attaching mtd0
[   84.673622][ T6871] netlink: 128 bytes leftover after parsing attributes in process `syz.3.238'.
[   84.678624][    C0] net_ratelimit: 22 callbacks suppressed
[   84.678633][    C0] IPv4: Oversized IP packet from 127.0.0.1
[   84.683047][    C0] IPv4: Oversized IP packet from 127.0.0.1
[   84.687756][    C0] IPv4: Oversized IP packet from 127.0.0.1
[   84.690389][    C0] IPv4: Oversized IP packet from 127.0.0.1
[   84.692658][    C0] IPv4: Oversized IP packet from 127.0.0.1
[   84.694909][    C0] IPv4: Oversized IP packet from 127.0.0.1
[   84.698146][    C0] IPv4: Oversized IP packet from 127.0.0.1
[   84.700915][    C0] IPv4: Oversized IP packet from 127.0.0.1
[   84.703097][    C0] IPv4: Oversized IP packet from 127.0.0.1
[   84.708503][    C0] IPv4: Oversized IP packet from 127.0.0.1
[   84.728376][ T6871] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   85.040328][ T6881] overlayfs: failed to resolve './file1': -2
[   86.115890][ T6906] FAULT_INJECTION: forcing a failure.
[   86.115890][ T6906] name failslab, interval 1, probability 0, space 0, times 0
[   86.121275][ T6906] CPU: 2 UID: 0 PID: 6906 Comm: syz.1.249 Not tainted 6.15.0-rc4-syzkaller-00042-gb6ea1680d0ac #0 PREEMPT(full) 
[   86.121298][ T6906] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   86.121307][ T6906] Call Trace:
[   86.121312][ T6906]  <TASK>
[   86.121319][ T6906]  dump_stack_lvl+0x16c/0x1f0
[   86.121346][ T6906]  should_fail_ex+0x512/0x640
[   86.121372][ T6906]  should_failslab+0xc2/0x120
[   86.121391][ T6906]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[   86.121412][ T6906]  ? __alloc_skb+0x2b2/0x380
[   86.121433][ T6906]  __alloc_skb+0x2b2/0x380
[   86.121448][ T6906]  ? __pfx___alloc_skb+0x10/0x10
[   86.121461][ T6906]  ? add_lock_to_list+0x120/0x130
[   86.121479][ T6906]  ? add_lock_to_list+0x9d/0x130
[   86.121498][ T6906]  __pskb_copy_fclone+0xef/0xc40
[   86.121520][ T6906]  hwsim_hw_xmit+0x43c/0x1490
[   86.121540][ T6906]  ? __pfx_hwsim_hw_xmit+0x10/0x10
[   86.121554][ T6906]  ? ieee802154_hold_queue+0x2a4/0x450
[   86.121571][ T6906]  ? find_held_lock+0x2b/0x80
[   86.121584][ T6906]  ? mark_held_locks+0x49/0x80
[   86.121600][ T6906]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[   86.121617][ T6906]  ? __pfx_hwsim_hw_xmit+0x10/0x10
[   86.121630][ T6906]  ieee802154_tx+0x320/0x570
[   86.121653][ T6906]  ieee802154_subif_start_xmit+0xd0/0x140
[   86.121674][ T6906]  dev_hard_start_xmit+0x93/0x740
[   86.121720][ T6906]  sch_direct_xmit+0x1b2/0xcf0
[   86.121736][ T6906]  ? lock_acquire+0x179/0x350
[   86.121752][ T6906]  ? __pfx_sch_direct_xmit+0x10/0x10
[   86.121787][ T6906]  ? do_raw_spin_lock+0x280/0x2b0
[   86.121815][ T6906]  __dev_queue_xmit+0x13c7/0x43e0
[   86.121843][ T6906]  ? __pfx___dev_queue_xmit+0x10/0x10
[   86.121862][ T6906]  ? find_held_lock+0x2b/0x80
[   86.121873][ T6906]  ? __might_fault+0xe3/0x190
[   86.121888][ T6906]  ? __might_fault+0xe3/0x190
[   86.121901][ T6906]  ? __might_fault+0x13b/0x190
[   86.121923][ T6906]  ? _copy_from_iter+0x161/0x15b0
[   86.121949][ T6906]  ? __pfx__copy_from_iter+0x10/0x10
[   86.121980][ T6906]  dgram_sendmsg+0x9bc/0xeb0
[   86.121999][ T6906]  ? __pfx_dgram_sendmsg+0x10/0x10
[   86.122023][ T6906]  ? __pfx_aa_sk_perm+0x10/0x10
[   86.122049][ T6906]  __sys_sendto+0x495/0x510
[   86.122072][ T6906]  ? __pfx___sys_sendto+0x10/0x10
[   86.122092][ T6906]  ? __lock_acquire+0xaa4/0x1ba0
[   86.122141][ T6906]  __ia32_compat_sys_socketcall+0x625/0x770
[   86.122162][ T6906]  ? __fget_files+0x20e/0x3c0
[   86.122187][ T6906]  ? __pfx___ia32_compat_sys_socketcall+0x10/0x10
[   86.122209][ T6906]  ? fput+0x70/0xf0
[   86.122232][ T6906]  ? rcu_is_watching+0x12/0xc0
[   86.122252][ T6906]  __do_fast_syscall_32+0x73/0x120
[   86.122276][ T6906]  do_fast_syscall_32+0x32/0x80
[   86.122299][ T6906]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[   86.122320][ T6906] RIP: 0023:0xf7f87579
[   86.122335][ T6906] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[   86.122350][ T6906] RSP: 002b:00000000f50a5430 EFLAGS: 00000293 ORIG_RAX: 0000000000000066
[   86.122367][ T6906] RAX: ffffffffffffffda RBX: 000000000000000b RCX: 00000000f50a5444
[   86.122378][ T6906] RDX: 0000000000000000 RSI: 00000000f50a5560 RDI: 00000000f7412ff4
[   86.122387][ T6906] RBP: 00000000f50a5560 R08: 0000000000000000 R09: 0000000000000000
[   86.122396][ T6906] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[   86.122405][ T6906] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   86.122428][ T6906]  </TASK>
[   86.235838][    C2] vkms_vblank_simulate: vblank timer overrun
[   86.554108][ T6919] ubi31: attaching mtd0
[   86.572600][ T6921] overlayfs: failed to resolve './file1': -2
[   87.276590][ T6946] netlink: 40 bytes leftover after parsing attributes in process `syz.2.262'.
[   87.541874][ T6960] loop6: detected capacity change from 0 to 524287999
[   87.559302][ T6961] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer.
[   88.113490][ T6980] ubi31: attaching mtd0
[   88.251511][ T6985] usb 2-1: USB disconnect, device number 3
[   88.474133][ T6987] hub 2-0:1.0: USB hub found
[   88.501960][ T6987] hub 2-0:1.0: 6 ports detected
[   88.555013][ T5942] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[   88.714805][   T64] usb 2-1: new high-speed USB device number 4 using ehci-pci
[   88.764738][ T5942] usb 7-1: Using ep0 maxpacket: 8
[   88.800199][ T5942] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[   88.806672][ T5942] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[   88.814779][ T5942] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[   88.818843][ T5942] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[   88.826401][ T5942] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[   88.830142][ T5942] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   88.914861][   T64] usb 2-1: New USB device found, idVendor=0627, idProduct=0001, bcdDevice= 0.00
[   88.934750][   T64] usb 2-1: New USB device strings: Mfr=1, Product=3, SerialNumber=10
[   88.956894][   T64] usb 2-1: Product: QEMU USB Tablet
[   88.958889][   T64] usb 2-1: Manufacturer: QEMU
[   88.960420][   T64] usb 2-1: SerialNumber: 28754-0000:00:1d.7-1
[   88.997159][   T64] input: QEMU QEMU USB Tablet as /devices/pci0000:00/0000:00:1d.7/usb2/2-1/2-1:1.0/0003:0627:0001.0003/input/input7
[   89.135160][   T64] hid-generic 0003:0627:0001.0003: input,hidraw0: USB HID v0.01 Mouse [QEMU QEMU USB Tablet] on usb-0000:00:1d.7-1/input0
[   89.316343][ T6999] usb 2-1: USB disconnect, device number 4
[   89.492003][ T7001] hub 2-0:1.0: USB hub found
[   89.500188][ T7001] hub 2-0:1.0: 6 ports detected
[   89.666720][   T64] usb 2-1: new high-speed USB device number 5 using ehci-pci
[   89.869053][   T64] usb 2-1: New USB device found, idVendor=0627, idProduct=0001, bcdDevice= 0.00
[   89.871990][   T64] usb 2-1: New USB device strings: Mfr=1, Product=3, SerialNumber=10
[   89.874541][   T64] usb 2-1: Product: QEMU USB Tablet
[   89.876384][   T64] usb 2-1: Manufacturer: QEMU
[   89.877933][   T64] usb 2-1: SerialNumber: 28754-0000:00:1d.7-1
[   89.899449][   T64] input: QEMU QEMU USB Tablet as /devices/pci0000:00/0000:00:1d.7/usb2/2-1/2-1:1.0/0003:0627:0001.0004/input/input8
[   89.968685][   T64] hid-generic 0003:0627:0001.0004: input,hidraw0: USB HID v0.01 Mouse [QEMU QEMU USB Tablet] on usb-0000:00:1d.7-1/input0
[   90.093188][ T7006] loop6: detected capacity change from 0 to 524287999
[   90.220910][ T7006] FAULT_INJECTION: forcing a failure.
[   90.220910][ T7006] name failslab, interval 1, probability 0, space 0, times 0
[   90.226526][ T7006] CPU: 1 UID: 0 PID: 7006 Comm: syz.1.278 Not tainted 6.15.0-rc4-syzkaller-00042-gb6ea1680d0ac #0 PREEMPT(full) 
[   90.226548][ T7006] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   90.226557][ T7006] Call Trace:
[   90.226577][ T7006]  <TASK>
[   90.226584][ T7006]  dump_stack_lvl+0x16c/0x1f0
[   90.226622][ T7006]  should_fail_ex+0x512/0x640
[   90.226648][ T7006]  should_failslab+0xc2/0x120
[   90.226667][ T7006]  __kmalloc_cache_noprof+0x6a/0x3e0
[   90.226693][ T7006]  ? sctp_add_bind_addr+0xae/0x3f0
[   90.226715][ T7006]  sctp_add_bind_addr+0xae/0x3f0
[   90.226736][ T7006]  sctp_copy_local_addr_list+0x39d/0x5a0
[   90.226762][ T7006]  ? __pfx_sctp_copy_local_addr_list+0x10/0x10
[   90.226788][ T7006]  ? sctp_auth_asoc_copy_shkeys+0x2a5/0x360
[   90.226817][ T7006]  ? sctp_bind_addr_copy+0xe0/0x530
[   90.226836][ T7006]  sctp_bind_addr_copy+0xe0/0x530
[   90.226860][ T7006]  sctp_connect_new_asoc+0x1d7/0x790
[   90.226876][ T7006]  ? __pfx_sctp_connect_new_asoc+0x10/0x10
[   90.226892][ T7006]  ? sctp_endpoint_lookup_assoc+0x15c/0x2a0
[   90.226920][ T7006]  __sctp_connect+0x3f3/0xc60
[   90.226938][ T7006]  ? do_raw_spin_lock+0x12c/0x2b0
[   90.226963][ T7006]  ? __pfx___sctp_connect+0x10/0x10
[   90.226980][ T7006]  ? __pfx_sctp_inet_connect+0x10/0x10
[   90.227012][ T7006]  ? __sanitizer_cov_trace_switch+0x54/0x90
[   90.227035][ T7006]  ? __pfx_sctp_inet_connect+0x10/0x10
[   90.227049][ T7006]  sctp_inet_connect+0x15f/0x200
[   90.227066][ T7006]  __sys_connect_file+0x13e/0x1a0
[   90.227093][ T7006]  __sys_connect+0x14d/0x170
[   90.227116][ T7006]  ? __pfx___sys_connect+0x10/0x10
[   90.227145][ T7006]  ? __pfx_ksys_write+0x10/0x10
[   90.227159][ T7006]  ? rcu_is_watching+0x12/0xc0
[   90.227184][ T7006]  __ia32_sys_connect+0x71/0xb0
[   90.227208][ T7006]  ? syscall_enter_from_user_mode_prepare+0x68/0xe0
[   90.227230][ T7006]  __do_fast_syscall_32+0x73/0x120
[   90.227253][ T7006]  do_fast_syscall_32+0x32/0x80
[   90.227274][ T7006]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[   90.227294][ T7006] RIP: 0023:0xf7f87579
[   90.227306][ T7006] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[   90.227321][ T7006] RSP: 002b:00000000f50a655c EFLAGS: 00000296 ORIG_RAX: 000000000000016a
[   90.227337][ T7006] RAX: ffffffffffffffda RBX: 000000000000000d RCX: 0000000080000000
[   90.227347][ T7006] RDX: 000000000000001c RSI: 0000000000000000 RDI: 0000000000000000
[   90.227356][ T7006] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   90.227364][ T7006] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[   90.227373][ T7006] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   90.227394][ T7006]  </TASK>
[   90.973973][ T5942] usb 7-1: usb_control_msg returned -71
[   90.976062][ T5942] usbtmc 7-1:16.0: can't read capabilities
[   91.004489][ T5942] usb 7-1: USB disconnect, device number 2
[   91.136880][ T7021] IPVS: set_ctl: invalid protocol: 41 172.20.20.187:20003
[   92.425415][   T10] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[   92.874870][   T10] usb 7-1: Using ep0 maxpacket: 32
[   92.887949][   T10] usb 7-1: config index 0 descriptor too short (expected 35577, got 27)
[   92.902112][   T10] usb 7-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[   92.905095][   T10] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[   92.910683][   T10] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 92
[   92.914761][   T10] usb 7-1: config 1 has no interface number 0
[   92.922406][   T10] usb 7-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[   92.926579][   T10] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   92.944597][   T10] snd_usb_pod 7-1:1.1: Line 6 Pocket POD found
[   93.171814][   T10] snd_usb_pod 7-1:1.1: set_interface failed
[   93.195123][   T10] snd_usb_pod 7-1:1.1: Line 6 Pocket POD now disconnected
[   93.208591][   T10] snd_usb_pod 7-1:1.1: probe with driver snd_usb_pod failed with error -71
[   93.212531][   T10] usb 7-1: USB disconnect, device number 3
[   93.883080][ T7060] ubi31: attaching mtd0
[   94.139353][ T7069] overlayfs: failed to clone upperpath
[   95.316724][ T7096] net_ratelimit: 23 callbacks suppressed
[   95.316742][ T7096] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[   95.321305][ T7096] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[   95.419463][ T7098] input: syz1 as /devices/virtual/input/input9
[   95.600507][ T7100] overlayfs: maximum fs stacking depth exceeded
[   95.986313][ T7118] ubi31: attaching mtd0
[   96.071668][ T7125] netlink: 'syz.3.315': attribute type 21 has an invalid length.
[   96.100291][ T7127] overlayfs: maximum fs stacking depth exceeded
[   96.185191][ T7129] FAULT_INJECTION: forcing a failure.
[   96.185191][ T7129] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   96.189488][ T7129] CPU: 3 UID: 0 PID: 7129 Comm: syz.2.317 Not tainted 6.15.0-rc4-syzkaller-00042-gb6ea1680d0ac #0 PREEMPT(full) 
[   96.189501][ T7129] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   96.189507][ T7129] Call Trace:
[   96.189511][ T7129]  <TASK>
[   96.189515][ T7129]  dump_stack_lvl+0x16c/0x1f0
[   96.189532][ T7129]  should_fail_ex+0x512/0x640
[   96.189547][ T7129]  _copy_from_user+0x2e/0xd0
[   96.189562][ T7129]  input_event_from_user+0x137/0x290
[   96.189575][ T7129]  ? __pfx_input_event_from_user+0x10/0x10
[   96.189591][ T7129]  evdev_write+0x26b/0x440
[   96.189604][ T7129]  ? __pfx_evdev_write+0x10/0x10
[   96.189616][ T7129]  ? bpf_lsm_file_permission+0x9/0x10
[   96.189631][ T7129]  ? security_file_permission+0x71/0x210
[   96.189643][ T7129]  ? rw_verify_area+0xcf/0x680
[   96.189659][ T7129]  vfs_write+0x25c/0x1180
[   96.189667][ T7129]  ? __pfx_evdev_write+0x10/0x10
[   96.189709][ T7129]  ? __pfx_vfs_write+0x10/0x10
[   96.189717][ T7129]  ? find_held_lock+0x2b/0x80
[   96.189727][ T7129]  ? __fget_files+0x204/0x3c0
[   96.189743][ T7129]  ? __fget_files+0x20e/0x3c0
[   96.189761][ T7129]  ksys_write+0x205/0x240
[   96.189787][ T7129]  ? __pfx_ksys_write+0x10/0x10
[   96.189799][ T7129]  ? rcu_is_watching+0x12/0xc0
[   96.189810][ T7129]  __do_fast_syscall_32+0x73/0x120
[   96.189827][ T7129]  do_fast_syscall_32+0x32/0x80
[   96.189845][ T7129]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[   96.189864][ T7129] RIP: 0023:0xf7f85579
[   96.189878][ T7129] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[   96.189898][ T7129] RSP: 002b:00000000f50a655c EFLAGS: 00000296 ORIG_RAX: 0000000000000004
[   96.189915][ T7129] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000080000040
[   96.189924][ T7129] RDX: 0000000000000918 RSI: 0000000000000000 RDI: 0000000000000000
[   96.189933][ T7129] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   96.189939][ T7129] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[   96.189944][ T7129] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   96.189956][ T7129]  </TASK>
[   97.546674][ T7158] netlink: 120 bytes leftover after parsing attributes in process `syz.2.325'.
[   97.550281][    C3] IPv4: Oversized IP packet from 127.0.0.1
[   97.552558][    C3] IPv4: Oversized IP packet from 127.0.0.1
[   97.555091][    C3] IPv4: Oversized IP packet from 127.0.0.1
[   97.557284][    C3] IPv4: Oversized IP packet from 127.0.0.1
[   97.559564][    C3] IPv4: Oversized IP packet from 127.0.0.1
[   97.562424][    C3] IPv4: Oversized IP packet from 127.0.0.1
[   97.564876][    C3] IPv4: Oversized IP packet from 127.0.0.1
[   97.567104][    C3] IPv4: Oversized IP packet from 127.0.0.1
[   97.583993][ T7158] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   99.236834][ T7184] FAULT_INJECTION: forcing a failure.
[   99.236834][ T7184] name (null), interval 1, probability 0, space 0, times 1
[   99.241973][ T7184] CPU: 3 UID: 0 PID: 7184 Comm: syz.1.332 Not tainted 6.15.0-rc4-syzkaller-00042-gb6ea1680d0ac #0 PREEMPT(full) 
[   99.241994][ T7184] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   99.242003][ T7184] Call Trace:
[   99.242010][ T7184]  <TASK>
[   99.242017][ T7184]  dump_stack_lvl+0x16c/0x1f0
[   99.242043][ T7184]  should_fail_ex+0x512/0x640
[   99.242068][ T7184]  null_queue_rq+0x24d/0xfd0
[   99.242089][ T7184]  null_queue_rqs+0xe9/0x2f0
[   99.242105][ T7184]  ? __pfx_null_queue_rqs+0x10/0x10
[   99.242127][ T7184]  __blk_mq_flush_plug_list+0x97/0xc0
[   99.242153][ T7184]  blk_mq_flush_plug_list+0x1698/0x1c70
[   99.242177][ T7184]  ? mpage_readahead+0x421/0x590
[   99.242200][ T7184]  ? __pfx_blk_mq_flush_plug_list+0x10/0x10
[   99.242228][ T7184]  __blk_flush_plug+0x2c4/0x4b0
[   99.242252][ T7184]  ? __pfx___blk_flush_plug+0x10/0x10
[   99.242270][ T7184]  ? folio_batch_move_lru+0x2c3/0x3b0
[   99.242292][ T7184]  ? __pfx_lru_add+0x10/0x10
[   99.242316][ T7184]  blk_finish_plug+0x53/0xa0
[   99.242335][ T7184]  read_pages+0x583/0xc70
[   99.242357][ T7184]  ? __pfx_read_pages+0x10/0x10
[   99.242385][ T7184]  page_cache_ra_order+0x69a/0xd00
[   99.242414][ T7184]  filemap_fault+0x147c/0x2740
[   99.242440][ T7184]  ? __pfx_filemap_fault+0x10/0x10
[   99.242474][ T7184]  __do_fault+0x10a/0x490
[   99.242496][ T7184]  do_pte_missing+0x1031/0x3fb0
[   99.242512][ T7184]  ? mtree_range_walk+0x718/0xc00
[   99.242533][ T7184]  ? find_held_lock+0x2b/0x80
[   99.242550][ T7184]  __handle_mm_fault+0x103d/0x2a40
[   99.242573][ T7184]  ? __pfx___handle_mm_fault+0x10/0x10
[   99.242604][ T7184]  ? find_vma+0xbf/0x140
[   99.242624][ T7184]  ? __pfx_find_vma+0x10/0x10
[   99.242647][ T7184]  handle_mm_fault+0x3fe/0xad0
[   99.242667][ T7184]  do_user_addr_fault+0x7a6/0x1370
[   99.242687][ T7184]  ? rcu_is_watching+0x12/0xc0
[   99.242704][ T7184]  exc_page_fault+0x5c/0xc0
[   99.242724][ T7184]  asm_exc_page_fault+0x26/0x30
[   99.242740][ T7184] RIP: 0010:_copy_from_user+0x93/0xd0
[   99.242763][ T7184] Code: 1f ed fc 89 ee 4c 89 ef 48 b8 00 f0 ff ff ff 7f 00 00 48 39 c3 48 0f 47 d8 e8 d9 a9 51 fd 0f 01 cb 4c 89 ef 48 89 de 48 89 e9 <f3> a4 0f 1f 00 49 89 cc 48 89 cb 0f 01 ca 31 ff 48 89 ce e8 95 1a
[   99.242778][ T7184] RSP: 0018:ffffc90002f4f7b8 EFLAGS: 00050246
[   99.242791][ T7184] RAX: 0000000000000001 RBX: 0000000080000140 RCX: 0000000000000068
[   99.242800][ T7184] RDX: fffff520005e9f53 RSI: 0000000080000140 RDI: ffffc90002f4fa30
[   99.242809][ T7184] RBP: 0000000000000068 R08: 0000000000000001 R09: fffff520005e9f52
[   99.242818][ T7184] R10: ffffc90002f4fa97 R11: 0000000000000000 R12: 0000000000000000
[   99.242827][ T7184] R13: ffffc90002f4fa30 R14: 000000004068aea3 R15: 0000000080000140
[   99.242849][ T7184]  ? _copy_from_user+0x87/0xd0
[   99.242873][ T7184]  kvm_arch_vcpu_ioctl+0x23a0/0x4f00
[   99.242901][ T7184]  ? is_bpf_text_address+0x94/0x1a0
[   99.242920][ T7184]  ? kernel_text_address+0x8d/0x100
[   99.242944][ T7184]  ? __kernel_text_address+0xd/0x40
[   99.242970][ T7184]  ? __pfx_kvm_arch_vcpu_ioctl+0x10/0x10
[   99.242999][ T7184]  ? stack_trace_save+0x8e/0xc0
[   99.243018][ T7184]  ? __lock_acquire+0xaa4/0x1ba0
[   99.243041][ T7184]  ? kasan_save_stack+0x42/0x60
[   99.243057][ T7184]  ? kasan_save_track+0x14/0x30
[   99.243075][ T7184]  ? __mutex_trylock_common+0xe9/0x250
[   99.243097][ T7184]  ? __pfx___mutex_trylock_common+0x10/0x10
[   99.243118][ T7184]  ? __pfx___might_resched+0x10/0x10
[   99.243144][ T7184]  ? kvm_vcpu_ioctl+0x27e/0x1680
[   99.243169][ T7184]  ? __pfx___mutex_lock+0x10/0x10
[   99.243200][ T7184]  ? kasan_quarantine_put+0x10a/0x240
[   99.243220][ T7184]  ? kvm_vcpu_ioctl+0x1232/0x1680
[   99.243237][ T7184]  kvm_vcpu_ioctl+0x1232/0x1680
[   99.243259][ T7184]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[   99.243281][ T7184]  ? tomoyo_path_number_perm+0x18d/0x580
[   99.243299][ T7184]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[   99.243313][ T7184]  ? __sanitizer_cov_trace_switch+0x54/0x90
[   99.243328][ T7184]  ? do_vfs_ioctl+0x512/0x1990
[   99.243341][ T7184]  ? __pfx_do_vfs_ioctl+0x10/0x10
[   99.243364][ T7184]  kvm_vcpu_compat_ioctl+0x20f/0x3d0
[   99.243379][ T7184]  ? __pfx_kvm_vcpu_compat_ioctl+0x10/0x10
[   99.243393][ T7184]  ? __fget_files+0x20e/0x3c0
[   99.243406][ T7184]  ? fput+0x60/0xf0
[   99.243419][ T7184]  ? __pfx_kvm_vcpu_compat_ioctl+0x10/0x10
[   99.243433][ T7184]  __ia32_compat_sys_ioctl+0x24c/0x360
[   99.243448][ T7184]  __do_fast_syscall_32+0x73/0x120
[   99.243462][ T7184]  do_fast_syscall_32+0x32/0x80
[   99.243474][ T7184]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[   99.243486][ T7184] RIP: 0023:0xf7f87579
[   99.243494][ T7184] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[   99.243503][ T7184] RSP: 002b:00000000f50a655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[   99.243512][ T7184] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000004068aea3
[   99.243518][ T7184] RDX: 0000000080000140 RSI: 0000000000000000 RDI: 0000000000000000
[   99.243523][ T7184] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   99.243528][ T7184] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[   99.243534][ T7184] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   99.243545][ T7184]  </TASK>
[  100.011901][ T7193] loop6: detected capacity change from 0 to 524287999
[  100.887208][ T7208] netlink: 4 bytes leftover after parsing attributes in process `syz.3.339'.
[  100.893792][ T7208] ubi31: attaching mtd0
[  103.022857][   T67] Bluetooth: hci0: Malformed LE Event: 0x02
[  103.200971][ T7240] netlink: 4 bytes leftover after parsing attributes in process `syz.1.349'.
[  103.235115][ T7240] ubi31: attaching mtd0
[  103.897248][ T7244] syz_tun: entered allmulticast mode
[  104.011134][ T7250] netlink: 52 bytes leftover after parsing attributes in process `syz.0.351'.
[  104.017392][ T7250] netlink: 8 bytes leftover after parsing attributes in process `syz.0.351'.
[  104.022544][ T7250] syz_tun: left allmulticast mode
[  104.735691][   T71] null_blk: rq ffff888024eaab80 timed out
[  104.738904][   T71] timeout error, dev nullb0, sector 255 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0
[  104.757576][ T7193] Dev loop6: unable to read RDB block 8
[  104.760143][ T7193]  loop6: unable to read partition table
[  104.762699][ T7193] loop_reread_partitions: partition scan of loop6 (3Ÿ¾x³˜CÖ

) failed (rc=-5)
[  105.404855][ T7274] =======================================================
[  105.404855][ T7274] WARNING: The mand mount option has been deprecated and
[  105.404855][ T7274]          and is ignored by this kernel. Remove the mand
[  105.404855][ T7274]          option from the mount to silence this warning.
[  105.404855][ T7274] =======================================================
[  105.466690][ T7276] usb 2-1: USB disconnect, device number 5
[  105.479991][ T7277] netlink: 4 bytes leftover after parsing attributes in process `syz.3.361'.
[  105.485131][ T7277] ubi31: attaching mtd0
[  105.576161][ T7276] hub 2-0:1.0: USB hub found
[  105.579072][ T7276] hub 2-0:1.0: 6 ports detected
[  105.782736][ T6279] usb 2-1: new high-speed USB device number 6 using ehci-pci
[  105.863949][   T40] audit: type=1326 audit(1746057177.751:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7279 comm="syz.2.362" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f85579 code=0x7ffc0000
[  105.874785][   T40] audit: type=1326 audit(1746057177.751:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7279 comm="syz.2.362" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f85579 code=0x7ffc0000
[  105.881600][   T40] audit: type=1326 audit(1746057177.751:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7279 comm="syz.2.362" exe="/syz-executor" sig=0 arch=40000003 syscall=178 compat=1 ip=0xf7f85579 code=0x7ffc0000
[  105.888906][   T40] audit: type=1326 audit(1746057177.751:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7279 comm="syz.2.362" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f85579 code=0x7ffc0000
[  105.895879][   T40] audit: type=1326 audit(1746057177.761:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7279 comm="syz.2.362" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7f85579 code=0x7ffc0000
[  105.902285][   T40] audit: type=1326 audit(1746057177.761:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7279 comm="syz.2.362" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f85579 code=0x7ffc0000
[  105.911068][   T40] audit: type=1326 audit(1746057177.761:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7279 comm="syz.2.362" exe="/syz-executor" sig=0 arch=40000003 syscall=366 compat=1 ip=0xf7f85579 code=0x7ffc0000
[  105.918130][   T40] audit: type=1326 audit(1746057177.761:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7279 comm="syz.2.362" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f85579 code=0x7ffc0000
[  105.926920][   T40] audit: type=1326 audit(1746057177.761:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7279 comm="syz.2.362" exe="/syz-executor" sig=0 arch=40000003 syscall=4 compat=1 ip=0xf7f85579 code=0x7ffc0000
[  105.935070][   T40] audit: type=1326 audit(1746057177.761:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7279 comm="syz.2.362" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f85579 code=0x7ffc0000
[  105.945995][ T7285] ubi31: attaching mtd0
[  105.952990][ T7284] block device autoloading is deprecated and will be removed.
[  105.966906][ T6279] usb 2-1: New USB device found, idVendor=0627, idProduct=0001, bcdDevice= 0.00
[  105.969939][ T6279] usb 2-1: New USB device strings: Mfr=1, Product=3, SerialNumber=10
[  105.972546][ T6279] usb 2-1: Product: QEMU USB Tablet
[  105.974257][ T6279] usb 2-1: Manufacturer: QEMU
[  105.977171][ T6279] usb 2-1: SerialNumber: 28754-0000:00:1d.7-1
[  105.993080][ T6279] input: QEMU QEMU USB Tablet as /devices/pci0000:00/0000:00:1d.7/usb2/2-1/2-1:1.0/0003:0627:0001.0005/input/input10
[  106.060662][ T6279] hid-generic 0003:0627:0001.0005: input,hidraw0: USB HID v0.01 Mouse [QEMU QEMU USB Tablet] on usb-0000:00:1d.7-1/input0
[  106.221611][ T7280] syz.2.362 (7280): drop_caches: 2
[  106.223716][ T7280] syz.2.362 (7280): drop_caches: 2
[  107.264526][ T7309] netlink: 4 bytes leftover after parsing attributes in process `syz.2.371'.
[  107.269953][ T7309] ubi31: attaching mtd0
[  107.468809][ T7300] [U] .ú
[  108.052436][ T7329] netlink: 4 bytes leftover after parsing attributes in process `syz.1.377'.
[  108.055450][ T7329] bridge_slave_1: left allmulticast mode
[  108.057357][ T7329] bridge_slave_1: left promiscuous mode
[  108.059414][ T7329] bridge0: port 2(bridge_slave_1) entered disabled state
[  108.535431][ T7329] bridge_slave_0: left allmulticast mode
[  108.537247][ T7329] bridge_slave_0: left promiscuous mode
[  108.539205][ T7329] bridge0: port 1(bridge_slave_0) entered disabled state
[  108.579266][ T7335] netlink: 8 bytes leftover after parsing attributes in process `syz.0.379'.
[  108.668905][ T7340] 9pnet: Unknown protocol version 9p200
[  108.678011][ T7340] bond0: (slave bond_slave_0): Releasing backup interface
[  108.683527][ T7340] bond0: (slave bond_slave_1): Releasing backup interface
[  108.709887][ T7340] team0: Port device team_slave_0 removed
[  108.717009][ T7340] team0: Port device team_slave_1 removed
[  108.720323][ T7340] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  108.724016][ T7340] batman_adv: batadv0: Removing interface: batadv_slave_0
[  108.732833][ T7340] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  108.736102][ T7340] batman_adv: batadv0: Removing interface: batadv_slave_1
[  108.766911][ T7342] netlink: 4 bytes leftover after parsing attributes in process `syz.3.382'.
[  108.771967][ T7342] ubi31: attaching mtd0
[  108.873481][ T7347] bpf: Bad value for 'mode'
[  109.624593][ T7361] netlink: 12 bytes leftover after parsing attributes in process `syz.2.387'.
[  109.864807][   T65] usb 7-1: new high-speed USB device number 4 using dummy_hcd
[  110.036875][   T65] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  110.040263][   T65] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  110.043240][   T65] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  110.047541][   T65] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  110.050345][   T65] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  110.057834][   T65] usb 7-1: config 0 descriptor??
[  110.467022][ T7358] bpf: Bad value for 'mode'
[  110.631582][   T65] usbhid 7-1:0.0: can't add hid device: -71
[  110.633586][   T65] usbhid 7-1:0.0: probe with driver usbhid failed with error -71
[  110.637790][   T65] usb 7-1: USB disconnect, device number 4
[  111.554976][ T7387] FAULT_INJECTION: forcing a failure.
[  111.554976][ T7387] name failslab, interval 1, probability 0, space 0, times 0
[  111.558874][ T7387] CPU: 2 UID: 0 PID: 7387 Comm: syz.3.395 Not tainted 6.15.0-rc4-syzkaller-00042-gb6ea1680d0ac #0 PREEMPT(full) 
[  111.558887][ T7387] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  111.558893][ T7387] Call Trace:
[  111.558896][ T7387]  <TASK>
[  111.558900][ T7387]  dump_stack_lvl+0x16c/0x1f0
[  111.558917][ T7387]  should_fail_ex+0x512/0x640
[  111.558931][ T7387]  ? __kvmalloc_node_noprof+0x122/0x600
[  111.558942][ T7387]  should_failslab+0xc2/0x120
[  111.558954][ T7387]  __kvmalloc_node_noprof+0x135/0x600
[  111.558963][ T7387]  ? bpf_opcode_in_insntable+0xf/0x50
[  111.558975][ T7387]  ? resolve_pseudo_ldimm64+0x71f/0x1a80
[  111.558989][ T7387]  ? check_cfg+0x107/0xab0
[  111.559005][ T7387]  ? check_cfg+0x107/0xab0
[  111.559017][ T7387]  check_cfg+0x107/0xab0
[  111.559034][ T7387]  bpf_check+0x61f0/0xb460
[  111.559044][ T7387]  ? __mutex_trylock_common+0xe9/0x250
[  111.559068][ T7387]  ? __pfx_bpf_check+0x10/0x10
[  111.559077][ T7387]  ? pcpu_alloc_noprof+0x949/0x1470
[  111.559092][ T7387]  ? __lock_acquire+0xaa4/0x1ba0
[  111.559109][ T7387]  ? find_held_lock+0x2b/0x80
[  111.559119][ T7387]  ? rcu_is_watching+0x12/0xc0
[  111.559127][ T7387]  ? ktime_get_with_offset+0x26e/0x3b0
[  111.559139][ T7387]  ? __asan_memset+0x23/0x50
[  111.559154][ T7387]  ? bpf_obj_name_cpy+0x14a/0x1a0
[  111.559167][ T7387]  bpf_prog_load+0xe41/0x2490
[  111.559182][ T7387]  ? __pfx_bpf_prog_load+0x10/0x10
[  111.559204][ T7387]  ? bpf_lsm_bpf+0x9/0x10
[  111.559215][ T7387]  __sys_bpf+0x433c/0x4d80
[  111.559236][ T7387]  ? __pfx___sys_bpf+0x10/0x10
[  111.559255][ T7387]  ? ksys_write+0x190/0x240
[  111.559270][ T7387]  ? __mutex_unlock_slowpath+0x161/0x6a0
[  111.559297][ T7387]  ? fput+0x70/0xf0
[  111.559313][ T7387]  ? ksys_write+0x1b9/0x240
[  111.559326][ T7387]  ? __pfx_ksys_write+0x10/0x10
[  111.559341][ T7387]  __ia32_sys_bpf+0x76/0xe0
[  111.559360][ T7387]  __do_fast_syscall_32+0x73/0x120
[  111.559382][ T7387]  do_fast_syscall_32+0x32/0x80
[  111.559403][ T7387]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  111.559417][ T7387] RIP: 0023:0xf7fc1579
[  111.559426][ T7387] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  111.559435][ T7387] RSP: 002b:00000000f50e655c EFLAGS: 00000296 ORIG_RAX: 0000000000000165
[  111.559444][ T7387] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000800006c0
[  111.559450][ T7387] RDX: 0000000000000094 RSI: 0000000000000000 RDI: 0000000000000000
[  111.559456][ T7387] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  111.559461][ T7387] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  111.559466][ T7387] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  111.559477][ T7387]  </TASK>
[  113.035369][  T837] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None
[  114.063275][ T7452] macsec0: entered promiscuous mode
[  114.074906][ T7452] macsec0: entered allmulticast mode
[  114.077130][ T7452] veth1_macvtap: entered allmulticast mode
[  123.305252][ T7478] netlink: 'syz.2.411': attribute type 1 has an invalid length.
[  123.307761][ T7478] netlink: 224 bytes leftover after parsing attributes in process `syz.2.411'.
[  123.310896][ T7478] netlink: 8 bytes leftover after parsing attributes in process `syz.2.411'.
[  123.512224][ T7490] netlink: 12 bytes leftover after parsing attributes in process `syz.1.410'.
[  124.031702][ T7502] netlink: 8 bytes leftover after parsing attributes in process `syz.0.415'.
[  124.315208][ T7507] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  124.318389][ T7507] IPv6: NLM_F_CREATE should be set when creating new route
[  124.380914][ T7509] Bluetooth: MGMT ver 1.23
[  124.383667][ T7509] FAULT_INJECTION: forcing a failure.
[  124.383667][ T7509] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  124.390666][ T7509] CPU: 3 UID: 0 PID: 7509 Comm: syz.2.420 Not tainted 6.15.0-rc4-syzkaller-00042-gb6ea1680d0ac #0 PREEMPT(full) 
[  124.390680][ T7509] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  124.390686][ T7509] Call Trace:
[  124.390690][ T7509]  <TASK>
[  124.390694][ T7509]  dump_stack_lvl+0x16c/0x1f0
[  124.390711][ T7509]  should_fail_ex+0x512/0x640
[  124.390728][ T7509]  _copy_from_user+0x2e/0xd0
[  124.390744][ T7509]  kstrtouint_from_user+0xd6/0x1d0
[  124.390755][ T7509]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  124.390766][ T7509]  ? __lock_acquire+0xaa4/0x1ba0
[  124.390785][ T7509]  proc_fail_nth_write+0x83/0x250
[  124.390800][ T7509]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  124.390817][ T7509]  vfs_write+0x25c/0x1180
[  124.390827][ T7509]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  124.390842][ T7509]  ? __pfx___mutex_lock+0x10/0x10
[  124.390856][ T7509]  ? __pfx_vfs_write+0x10/0x10
[  124.390869][ T7509]  ? __fget_files+0x20e/0x3c0
[  124.390888][ T7509]  ksys_write+0x12a/0x240
[  124.390897][ T7509]  ? __pfx_ksys_write+0x10/0x10
[  124.390907][ T7509]  ? rcu_is_watching+0x12/0xc0
[  124.390918][ T7509]  __do_fast_syscall_32+0x73/0x120
[  124.390933][ T7509]  do_fast_syscall_32+0x32/0x80
[  124.390947][ T7509]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  124.390960][ T7509] RIP: 0023:0xf7f85579
[  124.390968][ T7509] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  124.390978][ T7509] RSP: 002b:00000000f50a6590 EFLAGS: 00000293 ORIG_RAX: 0000000000000004
[  124.390988][ T7509] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000f50a6620
[  124.390994][ T7509] RDX: 0000000000000001 RSI: 00000000f7412ff4 RDI: 0000000000000000
[  124.390999][ T7509] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000
[  124.391005][ T7509] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  124.391010][ T7509] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  124.391023][ T7509]  </TASK>
[  125.057885][ T7522] usb 2-1: USB disconnect, device number 6
[  125.139300][ T7523] hub 2-0:1.0: USB hub found
[  125.141245][ T7523] hub 2-0:1.0: 6 ports detected
[  125.304905][ T6279] usb 2-1: new high-speed USB device number 7 using ehci-pci
[  125.399931][ T7528] netlink: 4 bytes leftover after parsing attributes in process `syz.1.424'.
[  125.404320][ T7528] ubi31: attaching mtd0
[  125.499207][ T6279] usb 2-1: New USB device found, idVendor=0627, idProduct=0001, bcdDevice= 0.00
[  125.502068][ T6279] usb 2-1: New USB device strings: Mfr=1, Product=3, SerialNumber=10
[  125.504605][ T6279] usb 2-1: Product: QEMU USB Tablet
[  125.516738][ T6279] usb 2-1: Manufacturer: QEMU
[  125.520550][ T6279] usb 2-1: SerialNumber: 28754-0000:00:1d.7-1
[  125.550879][ T6279] input: QEMU QEMU USB Tablet as /devices/pci0000:00/0000:00:1d.7/usb2/2-1/2-1:1.0/0003:0627:0001.0006/input/input11
[  125.633846][ T6279] hid-generic 0003:0627:0001.0006: input,hidraw0: USB HID v0.01 Mouse [QEMU QEMU USB Tablet] on usb-0000:00:1d.7-1/input0
[  125.859284][ T7532] FAULT_INJECTION: forcing a failure.
[  125.859284][ T7532] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  125.865967][ T7532] CPU: 3 UID: 0 PID: 7532 Comm: syz.3.425 Not tainted 6.15.0-rc4-syzkaller-00042-gb6ea1680d0ac #0 PREEMPT(full) 
[  125.865990][ T7532] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  125.866000][ T7532] Call Trace:
[  125.866006][ T7532]  <TASK>
[  125.866013][ T7532]  dump_stack_lvl+0x16c/0x1f0
[  125.866039][ T7532]  should_fail_ex+0x512/0x640
[  125.866065][ T7532]  _copy_to_user+0x32/0xd0
[  125.866090][ T7532]  simple_read_from_buffer+0xcb/0x170
[  125.866115][ T7532]  proc_fail_nth_read+0x197/0x270
[  125.866140][ T7532]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  125.866163][ T7532]  ? rw_verify_area+0xcf/0x680
[  125.866187][ T7532]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  125.866209][ T7532]  vfs_read+0x1de/0xc70
[  125.866227][ T7532]  ? __pfx___mutex_lock+0x10/0x10
[  125.866248][ T7532]  ? __pfx_vfs_read+0x10/0x10
[  125.866269][ T7532]  ? __fget_files+0x20e/0x3c0
[  125.866301][ T7532]  ksys_read+0x12a/0x240
[  125.866315][ T7532]  ? __pfx_ksys_read+0x10/0x10
[  125.866333][ T7532]  ? rcu_is_watching+0x12/0xc0
[  125.866353][ T7532]  __do_fast_syscall_32+0x73/0x120
[  125.866376][ T7532]  do_fast_syscall_32+0x32/0x80
[  125.866399][ T7532]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  125.866419][ T7532] RIP: 0023:0xf7fc1579
[  125.866432][ T7532] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  125.866447][ T7532] RSP: 002b:00000000f50e6590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  125.866462][ T7532] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000f50e6620
[  125.866473][ T7532] RDX: 000000000000000f RSI: 00000000f7452ff4 RDI: 0000000000000000
[  125.866481][ T7532] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  125.866490][ T7532] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  125.866500][ T7532] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  125.866522][ T7532]  </TASK>
[  126.259892][   T40] kauditd_printk_skb: 12 callbacks suppressed
[  126.259907][   T40] audit: type=1326 audit(1746057198.151:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7533 comm="syz.3.426" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7fc1579 code=0x0
[  126.414756][   T67] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  126.414781][ T5294] Bluetooth: hci0: command 0x0c1a tx timeout
[  126.456428][    C2] net_ratelimit: 24 callbacks suppressed
[  126.456439][    C2] IPv4: Oversized IP packet from 127.0.0.1
[  126.461432][    C2] IPv4: Oversized IP packet from 127.0.0.1
[  126.463793][    C2] IPv4: Oversized IP packet from 127.0.0.1
[  126.466575][    C2] IPv4: Oversized IP packet from 127.0.0.1
[  126.468905][    C2] IPv4: Oversized IP packet from 127.0.0.1
[  126.471316][    C2] IPv4: Oversized IP packet from 127.0.0.1
[  126.473630][    C2] IPv4: Oversized IP packet from 127.0.0.1
[  126.476097][    C2] IPv4: Oversized IP packet from 127.0.0.1
[  126.478474][    C2] IPv4: Oversized IP packet from 127.0.0.1
[  126.481062][    C2] IPv4: Oversized IP packet from 127.0.0.1
[  126.497462][ T7545] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  126.678525][ T7547] netlink: 'syz.2.430': attribute type 1 has an invalid length.
[  126.691300][ T7547] 8021q: adding VLAN 0 to HW filter on device bond1
[  127.129609][ T7560] overlayfs: failed to resolve './file0': -2
[  127.192105][ T7562] netlink: 16 bytes leftover after parsing attributes in process `syz.3.436'.
[  127.250991][ T7565] netlink: 2 bytes leftover after parsing attributes in process `syz.2.437'.
[  128.168746][ T7588] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  128.282692][ T7591] overlayfs: failed to resolve './file0': -2
[  128.391292][ T7594] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(11)
[  128.393754][ T7594] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  128.399257][ T7594] vhci_hcd vhci_hcd.0: Device attached
[  128.644755][ T6279] usb 39-1: new high-speed USB device number 2 using vhci_hcd
[  129.011535][ T7595] vhci_hcd: connection reset by peer
[  129.017151][ T1219] vhci_hcd: stop threads
[  129.019940][ T1219] vhci_hcd: release socket
[  129.025736][ T1219] vhci_hcd: disconnect device
[  129.207265][   T40] audit: type=1326 audit(1746057201.101:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7592 comm="syz.2.445" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f85579 code=0x7fc00000
[  129.216988][   T40] audit: type=1326 audit(1746057201.101:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7592 comm="syz.2.445" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7f85579 code=0x7fc00000
[  129.223739][   T40] audit: type=1326 audit(1746057201.111:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7592 comm="syz.2.445" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f85579 code=0x7fc00000
[  129.253129][   T40] audit: type=1326 audit(1746057201.111:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7592 comm="syz.2.445" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f85579 code=0x7fc00000
[  129.260346][   T40] audit: type=1326 audit(1746057201.111:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7592 comm="syz.2.445" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f85579 code=0x7fc00000
[  129.267283][   T40] audit: type=1326 audit(1746057201.111:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7592 comm="syz.2.445" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f85579 code=0x7fc00000
[  129.274049][   T40] audit: type=1326 audit(1746057201.111:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7592 comm="syz.2.445" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f85579 code=0x7fc00000
[  129.280722][   T40] audit: type=1326 audit(1746057201.111:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7592 comm="syz.2.445" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f85579 code=0x7fc00000
[  129.287602][   T40] audit: type=1326 audit(1746057201.111:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7592 comm="syz.2.445" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f85579 code=0x7fc00000
[  129.985040][ T7620] netlink: 96 bytes leftover after parsing attributes in process `syz.3.452'.
[  130.078855][ T7625] overlayfs: failed to resolve './file1': -2
[  130.128531][ T7627] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  130.130908][ T7627] IPv6: NLM_F_CREATE should be set when creating new route
[  130.635075][ T7638] mkiss: ax0: crc mode is auto.
[  130.653270][ T5294] Bluetooth: hci1: adv larger than maximum supported
[  131.332627][ T7642] netlink: 'syz.2.458': attribute type 4 has an invalid length.
[  131.346340][ T7642] netlink: 28 bytes leftover after parsing attributes in process `syz.2.458'.
[  131.680096][ T7656] x_tables: ip_tables: MASQUERADE target: used from hooks INPUT, but only usable from POSTROUTING
[  132.259089][ T1416] ieee802154 phy0 wpan0: encryption failed: -22
[  132.261868][ T1416] ieee802154 phy1 wpan1: encryption failed: -22
[  132.394946][ T7659] netlink: 'syz.2.463': attribute type 27 has an invalid length.
[  132.674394][ T7671] overlayfs: failed to resolve './file1': -2
[  133.143998][ T5294] Bluetooth: hci0: Unable to find connection for big 0x00
[  133.147212][ T7690] Cannot find del_set index 3 as target
[  133.796415][ T6279] vhci_hcd: vhci_device speed not set
[  134.296900][ T7708] netlink: 4768 bytes leftover after parsing attributes in process `syz.0.473'.
[  135.045231][ T7726] Cannot find del_set index 3 as target
[  135.461520][ T7738] netlink: 56 bytes leftover after parsing attributes in process `syz.0.487'.
[  135.618903][ T7748] trusted_key: encrypted_key: key description must be 16 hexadecimal characters long
[  136.100857][ T7761] netlink: 'syz.3.496': attribute type 1 has an invalid length.
[  136.152646][   T67] Bluetooth: hci3: Unable to find connection for big 0x00
[  136.155257][ T7766] Cannot find del_set index 3 as target
[  136.284842][ T7770] serio: Serial port ptm0
[  136.897937][ T7781] FAULT_INJECTION: forcing a failure.
[  136.897937][ T7781] name failslab, interval 1, probability 0, space 0, times 0
[  136.903148][ T7781] CPU: 1 UID: 0 PID: 7781 Comm: syz.1.501 Not tainted 6.15.0-rc4-syzkaller-00042-gb6ea1680d0ac #0 PREEMPT(full) 
[  136.903169][ T7781] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  136.903177][ T7781] Call Trace:
[  136.903184][ T7781]  <TASK>
[  136.903190][ T7781]  dump_stack_lvl+0x16c/0x1f0
[  136.903214][ T7781]  should_fail_ex+0x512/0x640
[  136.903236][ T7781]  ? fs_reclaim_acquire+0xae/0x150
[  136.903260][ T7781]  should_failslab+0xc2/0x120
[  136.903278][ T7781]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  136.903295][ T7781]  ? p9_tag_alloc+0x9c/0x640
[  136.903318][ T7781]  p9_tag_alloc+0x9c/0x640
[  136.903336][ T7781]  ? __pfx_p9_tag_alloc+0x10/0x10
[  136.903352][ T7781]  ? stack_depot_save_flags+0x28/0xa50
[  136.903383][ T7781]  p9_client_prepare_req+0x19b/0x4d0
[  136.903404][ T7781]  ? __pfx_p9_client_prepare_req+0x10/0x10
[  136.903423][ T7781]  ? __ia32_compat_sys_openat+0x16d/0x210
[  136.903448][ T7781]  ? __lock_acquire+0xaa4/0x1ba0
[  136.903470][ T7781]  p9_client_rpc+0x1c4/0xc50
[  136.903491][ T7781]  ? node_tag_clear+0x105/0x290
[  136.903508][ T7781]  ? __pfx_p9_client_rpc+0x10/0x10
[  136.903529][ T7781]  ? idr_alloc_u32+0x20f/0x2f0
[  136.903552][ T7781]  ? idr_preload_end+0xc2/0x230
[  136.903573][ T7781]  ? rcu_is_watching+0x12/0xc0
[  136.903591][ T7781]  p9_client_walk+0x1ab/0x530
[  136.903612][ T7781]  ? v9fs_fid_lookup+0xb1e/0xeb0
[  136.903629][ T7781]  ? __pfx_p9_client_walk+0x10/0x10
[  136.903650][ T7781]  ? do_raw_spin_unlock+0x172/0x230
[  136.903671][ T7781]  ? v9fs_fid_lookup+0xe9/0xeb0
[  136.903692][ T7781]  v9fs_vfs_lookup+0x206/0x5b0
[  136.903713][ T7781]  ? __pfx_v9fs_vfs_lookup+0x10/0x10
[  136.903742][ T7781]  v9fs_vfs_atomic_open_dotl+0x215/0xd40
[  136.903769][ T7781]  ? __pfx_v9fs_vfs_atomic_open_dotl+0x10/0x10
[  136.903788][ T7781]  ? map_id_range_up+0x2ce/0x3b0
[  136.903808][ T7781]  ? make_vfsuid+0xec/0x140
[  136.903834][ T7781]  ? apparmor_path_mknod+0x16a/0x460
[  136.903855][ T7781]  ? generic_permission+0xad/0x7d0
[  136.903879][ T7781]  ? inode_permission+0xdd/0x5f0
[  136.903897][ T7781]  ? __pfx_v9fs_vfs_atomic_open_dotl+0x10/0x10
[  136.903921][ T7781]  lookup_open.isra.0+0x83a/0x1580
[  136.903947][ T7781]  ? __pfx_lookup_open.isra.0+0x10/0x10
[  136.903981][ T7781]  ? __pfx_down_write+0x10/0x10
[  136.904001][ T7781]  ? mnt_get_write_access+0x20c/0x300
[  136.904025][ T7781]  path_openat+0x905/0x2d40
[  136.904048][ T7781]  ? __pfx_path_openat+0x10/0x10
[  136.904068][ T7781]  do_filp_open+0x20b/0x470
[  136.904085][ T7781]  ? __pfx_do_filp_open+0x10/0x10
[  136.904115][ T7781]  ? alloc_fd+0x471/0x7d0
[  136.904144][ T7781]  do_sys_openat2+0x11b/0x1d0
[  136.904164][ T7781]  ? __pfx_do_sys_openat2+0x10/0x10
[  136.904201][ T7781]  ? __fget_files+0x20e/0x3c0
[  136.904228][ T7781]  __ia32_compat_sys_openat+0x16d/0x210
[  136.904248][ T7781]  ? __pfx___ia32_compat_sys_openat+0x10/0x10
[  136.904265][ T7781]  ? ksys_write+0x1b9/0x240
[  136.904283][ T7781]  ? rcu_is_watching+0x12/0xc0
[  136.904299][ T7781]  __do_fast_syscall_32+0x73/0x120
[  136.904322][ T7781]  do_fast_syscall_32+0x32/0x80
[  136.904340][ T7781]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  136.904358][ T7781] RIP: 0023:0xf7f87579
[  136.904370][ T7781] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  136.904385][ T7781] RSP: 002b:00000000f50a655c EFLAGS: 00000296 ORIG_RAX: 0000000000000127
[  136.904401][ T7781] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 0000000080000040
[  136.904412][ T7781] RDX: 000000000000275a RSI: 0000000000000000 RDI: 0000000000000000
[  136.904420][ T7781] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  136.904429][ T7781] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  136.904437][ T7781] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  136.904453][ T7781]  </TASK>
[  137.110582][   T40] kauditd_printk_skb: 43 callbacks suppressed
[  137.110593][   T40] audit: type=1326 audit(1746057209.001:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7776 comm="syz.0.500" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f37579 code=0x7ffc0000
[  137.120327][   T40] audit: type=1326 audit(1746057209.001:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7776 comm="syz.0.500" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f37579 code=0x7ffc0000
[  137.126790][   T40] audit: type=1326 audit(1746057209.001:80): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7776 comm="syz.0.500" exe="/syz-executor" sig=0 arch=40000003 syscall=15 compat=1 ip=0xf7f37579 code=0x7ffc0000
[  137.133366][   T40] audit: type=1326 audit(1746057209.001:81): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7776 comm="syz.0.500" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f37579 code=0x7ffc0000
[  137.141224][   T40] audit: type=1326 audit(1746057209.001:82): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7776 comm="syz.0.500" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f37579 code=0x7ffc0000
[  137.147853][   T40] audit: type=1326 audit(1746057209.001:83): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7776 comm="syz.0.500" exe="/syz-executor" sig=0 arch=40000003 syscall=337 compat=1 ip=0xf7f37579 code=0x7ffc0000
[  137.161467][ T7785] befs: (nbd3): No write support. Marking filesystem read-only
[  137.164186][ T7785] bio_check_eod: 14 callbacks suppressed
[  137.164195][ T7785] syz.3.503: attempt to access beyond end of device
[  137.164195][ T7785] nbd3: rw=0, sector=0, nr_sectors = 2 limit=0
[  137.170526][ T7785] befs: (nbd3): unable to read superblock
[  137.524156][   T40] audit: type=1326 audit(1746057209.411:84): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7776 comm="syz.0.500" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f37579 code=0x7ffc0000
[  137.534832][   T40] audit: type=1326 audit(1746057209.411:85): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7776 comm="syz.0.500" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f37579 code=0x7ffc0000
[  137.623825][ T7793] overlay: filesystem on ./file0 not supported
[  138.260419][ T7808] Cannot find del_set index 3 as target
[  138.260556][   T67] Bluetooth: hci1: Unable to find connection for big 0x00
[  138.969041][ T7822] FAULT_INJECTION: forcing a failure.
[  138.969041][ T7822] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  138.973327][ T7822] CPU: 3 UID: 0 PID: 7822 Comm: syz.1.515 Not tainted 6.15.0-rc4-syzkaller-00042-gb6ea1680d0ac #0 PREEMPT(full) 
[  138.973341][ T7822] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  138.973347][ T7822] Call Trace:
[  138.973351][ T7822]  <TASK>
[  138.973355][ T7822]  dump_stack_lvl+0x16c/0x1f0
[  138.973372][ T7822]  should_fail_ex+0x512/0x640
[  138.973388][ T7822]  should_fail_alloc_page+0xe7/0x130
[  138.973401][ T7822]  prepare_alloc_pages+0x3c2/0x610
[  138.973416][ T7822]  ? rcu_is_watching+0x12/0xc0
[  138.973427][ T7822]  __alloc_frozen_pages_noprof+0x18f/0x23a0
[  138.973440][ T7822]  ? do_raw_spin_lock+0x12c/0x2b0
[  138.973454][ T7822]  ? find_held_lock+0x2b/0x80
[  138.973465][ T7822]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  138.973476][ T7822]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[  138.973489][ T7822]  ? stack_depot_save_flags+0x3e6/0xa50
[  138.973505][ T7822]  ? kasan_save_stack+0x42/0x60
[  138.973517][ T7822]  ? __lock_acquire+0xaa4/0x1ba0
[  138.973528][ T7822]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  138.973542][ T7822]  ? policy_nodemask+0xea/0x4e0
[  138.973554][ T7822]  alloc_pages_mpol+0x1fb/0x550
[  138.973566][ T7822]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  138.973576][ T7822]  ? __page_table_check_ptes_set+0x1ae/0x420
[  138.973589][ T7822]  ? find_held_lock+0x2b/0x80
[  138.973600][ T7822]  alloc_pages_noprof+0x131/0x390
[  138.973611][ T7822]  ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10
[  138.973620][ T7822]  get_free_pages_noprof+0xc/0x40
[  138.973632][ T7822]  kasan_populate_vmalloc_pte+0x2d/0x160
[  138.973642][ T7822]  ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10
[  138.973650][ T7822]  __apply_to_page_range+0x617/0xd60
[  138.973667][ T7822]  ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10
[  138.973678][ T7822]  ? __pfx___apply_to_page_range+0x10/0x10
[  138.973692][ T7822]  ? alloc_vmap_area+0x872/0x2970
[  138.973708][ T7822]  alloc_vmap_area+0x919/0x2970
[  138.973726][ T7822]  ? __pfx_alloc_vmap_area+0x10/0x10
[  138.973742][ T7822]  __get_vm_area_node+0x1a7/0x300
[  138.973759][ T7822]  __vmalloc_node_range_noprof+0x277/0x1540
[  138.973774][ T7822]  ? sock_hash_alloc+0x336/0x510
[  138.973789][ T7822]  ? sock_hash_alloc+0x336/0x510
[  138.973802][ T7822]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  138.973822][ T7822]  ? rcu_is_watching+0x12/0xc0
[  138.973830][ T7822]  ? trace_kmalloc+0x2b/0xd0
[  138.973842][ T7822]  ? __kmalloc_node_noprof+0x23b/0x500
[  138.973852][ T7822]  ? trace_cap_capable+0x18d/0x200
[  138.973862][ T7822]  ? sock_hash_alloc+0x336/0x510
[  138.973873][ T7822]  __bpf_map_area_alloc+0xeb/0x190
[  138.973887][ T7822]  ? sock_hash_alloc+0x336/0x510
[  138.973899][ T7822]  sock_hash_alloc+0x336/0x510
[  138.973911][ T7822]  map_create+0x58f/0x1db0
[  138.973928][ T7822]  ? __pfx_map_create+0x10/0x10
[  138.973938][ T7822]  ? __might_fault+0xe3/0x190
[  138.973948][ T7822]  ? __might_fault+0xe3/0x190
[  138.973957][ T7822]  ? __might_fault+0x13b/0x190
[  138.973972][ T7822]  __sys_bpf+0x47cc/0x4d80
[  138.973987][ T7822]  ? __pfx___sys_bpf+0x10/0x10
[  138.974000][ T7822]  ? ksys_write+0x190/0x240
[  138.974011][ T7822]  ? __mutex_unlock_slowpath+0x161/0x6a0
[  138.974031][ T7822]  ? fput+0x70/0xf0
[  138.974042][ T7822]  ? ksys_write+0x1b9/0x240
[  138.974050][ T7822]  ? __pfx_ksys_write+0x10/0x10
[  138.974061][ T7822]  __ia32_sys_bpf+0x76/0xe0
[  138.974075][ T7822]  __do_fast_syscall_32+0x73/0x120
[  138.974089][ T7822]  do_fast_syscall_32+0x32/0x80
[  138.974102][ T7822]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  138.974115][ T7822] RIP: 0023:0xf7f87579
[  138.974123][ T7822] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  138.974132][ T7822] RSP: 002b:00000000f50a655c EFLAGS: 00000296 ORIG_RAX: 0000000000000165
[  138.974142][ T7822] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000080000600
[  138.974148][ T7822] RDX: 0000000000000048 RSI: 0000000000000000 RDI: 0000000000000000
[  138.974153][ T7822] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  138.974159][ T7822] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  138.974164][ T7822] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  138.974176][ T7822]  </TASK>
[  139.153882][ T7824] FAULT_INJECTION: forcing a failure.
[  139.153882][ T7824] name failslab, interval 1, probability 0, space 0, times 0
[  139.161275][ T7824] CPU: 3 UID: 0 PID: 7824 Comm: syz.1.516 Not tainted 6.15.0-rc4-syzkaller-00042-gb6ea1680d0ac #0 PREEMPT(full) 
[  139.161318][ T7824] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  139.161325][ T7824] Call Trace:
[  139.161329][ T7824]  <TASK>
[  139.161332][ T7824]  dump_stack_lvl+0x16c/0x1f0
[  139.161350][ T7824]  should_fail_ex+0x512/0x640
[  139.161363][ T7824]  ? __kmalloc_noprof+0xbf/0x510
[  139.161375][ T7824]  ? io_cache_alloc_new+0x45/0xf0
[  139.161384][ T7824]  should_failslab+0xc2/0x120
[  139.161395][ T7824]  __kmalloc_noprof+0xd2/0x510
[  139.161408][ T7824]  io_cache_alloc_new+0x45/0xf0
[  139.161417][ T7824]  __io_prep_rw+0x227/0xf40
[  139.161428][ T7824]  ? __pfx___io_prep_rw+0x10/0x10
[  139.161437][ T7824]  ? __pfx___io_alloc_req_refill+0x10/0x10
[  139.161451][ T7824]  io_prep_rw+0x24/0x220
[  139.161461][ T7824]  io_submit_sqes+0x825/0x25d0
[  139.161479][ T7824]  __do_sys_io_uring_enter+0xd6a/0x1630
[  139.161493][ T7824]  ? __fget_files+0x20e/0x3c0
[  139.161507][ T7824]  ? __pfx___do_sys_io_uring_enter+0x10/0x10
[  139.161520][ T7824]  ? fput+0x70/0xf0
[  139.161531][ T7824]  ? ksys_write+0x1b9/0x240
[  139.161539][ T7824]  ? __pfx_ksys_write+0x10/0x10
[  139.161549][ T7824]  ? rcu_is_watching+0x12/0xc0
[  139.161560][ T7824]  __do_fast_syscall_32+0x73/0x120
[  139.161574][ T7824]  do_fast_syscall_32+0x32/0x80
[  139.161587][ T7824]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  139.161599][ T7824] RIP: 0023:0xf7f87579
[  139.161607][ T7824] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  139.161616][ T7824] RSP: 002b:00000000f50a655c EFLAGS: 00000296 ORIG_RAX: 00000000000001aa
[  139.161626][ T7824] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000000048eb
[  139.161631][ T7824] RDX: 0000000000001158 RSI: 0000000000000002 RDI: 0000000000000000
[  139.161637][ T7824] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  139.161642][ T7824] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  139.161647][ T7824] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  139.161659][ T7824]  </TASK>
[  139.230945][ T7826] IPVS: set_ctl: invalid protocol: 0 172.20.20.45:20000
[  139.666236][ T7833] netlink: 4 bytes leftover after parsing attributes in process `syz.1.519'.
[  139.670098][ T7833] ubi31: attaching mtd0
[  139.789007][ T7838] netlink: 12 bytes leftover after parsing attributes in process `syz.2.520'.
[  140.409848][    C2] net_ratelimit: 54 callbacks suppressed
[  140.409925][    C2] IPv4: Oversized IP packet from 127.0.0.1
[  140.418788][    C0] IPv4: Oversized IP packet from 127.0.0.1
[  140.425563][    C0] IPv4: Oversized IP packet from 127.0.0.1
[  140.428888][    C0] IPv4: Oversized IP packet from 127.0.0.1
[  140.432375][    C0] IPv4: Oversized IP packet from 127.0.0.1
[  140.445413][    C2] IPv4: Oversized IP packet from 127.0.0.1
[  140.447706][    C2] IPv4: Oversized IP packet from 127.0.0.1
[  140.450947][    C2] IPv4: Oversized IP packet from 127.0.0.1
[  140.454206][    C2] IPv4: Oversized IP packet from 127.0.0.1
[  140.462957][    C2] IPv4: Oversized IP packet from 127.0.0.1
[  140.482389][ T7869] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  140.489793][ T7876] usb 2-1: USB disconnect, device number 7
[  140.579692][ T7879] hub 2-0:1.0: USB hub found
[  140.581732][ T7879] hub 2-0:1.0: 6 ports detected
[  140.690627][ T7883] binder: 7882:7883 ioctl c0306201 80000040 returned -22
[  140.877216][ T6279] usb 2-1: new high-speed USB device number 8 using ehci-pci
[  141.266149][ T6279] usb 2-1: New USB device found, idVendor=0627, idProduct=0001, bcdDevice= 0.00
[  141.281897][ T6279] usb 2-1: New USB device strings: Mfr=1, Product=3, SerialNumber=10
[  141.287613][ T6279] usb 2-1: Product: QEMU USB Tablet
[  141.289348][ T6279] usb 2-1: Manufacturer: QEMU
[  141.294001][ T6279] usb 2-1: SerialNumber: 28754-0000:00:1d.7-1
[  141.318155][ T6279] input: QEMU QEMU USB Tablet as /devices/pci0000:00/0000:00:1d.7/usb2/2-1/2-1:1.0/0003:0627:0001.0007/input/input12
[  141.371553][ T7900] netlink: 4 bytes leftover after parsing attributes in process `syz.0.532'.
[  141.387811][ T6279] hid-generic 0003:0627:0001.0007: input,hidraw0: USB HID v0.01 Mouse [QEMU QEMU USB Tablet] on usb-0000:00:1d.7-1/input0
[  141.788951][ T5294] Bluetooth: hci0: Unable to find connection for big 0x00
[  141.792033][ T7910] Cannot find del_set index 3 as target
[  142.265971][   T40] audit: type=1804 audit(1746057214.161:86): pid=7914 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.535" name="/newroot/135/file0" dev="tmpfs" ino=769 res=1 errno=0
[  142.461117][ T7916] netlink: 24 bytes leftover after parsing attributes in process `syz.1.536'.
[  143.195146][ T7933] netlink: 12 bytes leftover after parsing attributes in process `syz.2.541'.
[  143.948147][ T7955] x_tables: duplicate underflow at hook 1
[  144.059895][ T1219] Bluetooth: hci4: Frame reassembly failed (-84)
[  144.504740][ T6337] usb 7-1: new high-speed USB device number 5 using dummy_hcd
[  145.208548][ T7975] netlink: 4 bytes leftover after parsing attributes in process `syz.0.553'.
[  145.520286][ T7984] hub 6-0:1.0: USB hub found
[  145.524462][ T7984] hub 6-0:1.0: 1 port detected
[  146.030962][ T7987] sp0: Synchronizing with TNC
[  146.034584][ T7986] [U] è
[  146.095458][   T67] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  146.095598][ T5294] Bluetooth: hci4: command 0x1003 tx timeout
[  147.222392][ T8023] FAULT_INJECTION: forcing a failure.
[  147.222392][ T8023] name failslab, interval 1, probability 0, space 0, times 0
[  147.228022][ T8023] CPU: 1 UID: 0 PID: 8023 Comm: syz.1.567 Not tainted 6.15.0-rc4-syzkaller-00042-gb6ea1680d0ac #0 PREEMPT(full) 
[  147.228037][ T8023] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  147.228043][ T8023] Call Trace:
[  147.228047][ T8023]  <TASK>
[  147.228050][ T8023]  dump_stack_lvl+0x16c/0x1f0
[  147.228081][ T8023]  should_fail_ex+0x512/0x640
[  147.228098][ T8023]  ? __kmalloc_cache_noprof+0x57/0x3e0
[  147.228115][ T8023]  should_failslab+0xc2/0x120
[  147.228128][ T8023]  __kmalloc_cache_noprof+0x6a/0x3e0
[  147.228142][ T8023]  ? get_mm_exe_file+0x8a/0x1a0
[  147.228154][ T8023]  ? landlock_init_hierarchy_log+0xa7/0x810
[  147.228170][ T8023]  landlock_init_hierarchy_log+0xa7/0x810
[  147.228184][ T8023]  landlock_merge_ruleset+0x6e1/0x870
[  147.228193][ T8023]  ? prepare_creds+0x583/0x7d0
[  147.228208][ T8023]  __do_sys_landlock_restrict_self+0x2a2/0x910
[  147.228225][ T8023]  __do_fast_syscall_32+0x73/0x120
[  147.228240][ T8023]  do_fast_syscall_32+0x32/0x80
[  147.228252][ T8023]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  147.228265][ T8023] RIP: 0023:0xf7f87579
[  147.228272][ T8023] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  147.228282][ T8023] RSP: 002b:00000000f50a655c EFLAGS: 00000296 ORIG_RAX: 00000000000001be
[  147.228291][ T8023] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000000
[  147.228297][ T8023] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  147.228302][ T8023] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  147.228308][ T8023] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  147.228313][ T8023] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  147.228325][ T8023]  </TASK>
[  147.297036][ T5294] Bluetooth: hci4: sending frame failed (-49)
[  147.300023][   T67] Bluetooth: hci4: Opcode 0x1003 failed: -49
[  148.006583][ T8024] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  148.010201][ T8024] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  148.024120][ T8024] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  148.029117][ T8024] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  148.031181][ T8024] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  148.033784][ T8024] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  148.037291][ T8024] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  148.039491][ T8024] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  148.043034][ T8024] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  148.049412][ T8024] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  148.052012][ T8024] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  148.055582][ T8024] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  148.221238][ T8040] overlayfs: missing 'lowerdir'
[  149.425030][   T67] Bluetooth: hci1: ACL packet for unknown connection handle 201
[  149.605474][    C1] net_ratelimit: 22 callbacks suppressed
[  149.605486][    C1] IPv4: Oversized IP packet from 127.0.0.1
[  149.609686][    C1] IPv4: Oversized IP packet from 127.0.0.1
[  149.612074][    C1] IPv4: Oversized IP packet from 127.0.0.1
[  149.614463][    C1] IPv4: Oversized IP packet from 127.0.0.1
[  149.616893][    C1] IPv4: Oversized IP packet from 127.0.0.1
[  149.619312][    C1] IPv4: Oversized IP packet from 127.0.0.1
[  149.621741][    C1] IPv4: Oversized IP packet from 127.0.0.1
[  149.624075][    C1] IPv4: Oversized IP packet from 127.0.0.1
[  149.627228][    C1] IPv4: Oversized IP packet from 127.0.0.1
[  149.629617][    C1] IPv4: Oversized IP packet from 127.0.0.1
[  149.651240][ T8067] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  149.694794][   T67] Bluetooth: hci0: command 0x0c1a tx timeout
[  149.697498][ T8024] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  150.104815][   T67] Bluetooth: hci2: command 0x0c1a tx timeout
[  150.104840][ T5294] Bluetooth: hci1: command 0x0c1a tx timeout
[  150.107580][   T67] Bluetooth: hci3: command 0x0c1a tx timeout
[  150.455239][  T837] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None
[  150.579582][ T8095] bridge_slave_0: left allmulticast mode
[  150.582384][ T8095] bridge_slave_0: left promiscuous mode
[  150.589976][ T8095] bridge0: port 1(bridge_slave_0) entered disabled state
[  150.652489][ T8095] bond0: (slave bond_slave_0): Releasing backup interface
[  150.687005][ T8095] bond0: (slave bond_slave_1): Releasing backup interface
[  150.786952][ T8095] team0: Port device team_slave_0 removed
[  150.807818][ T8095] team0: Port device team_slave_1 removed
[  150.816563][ T8095] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  150.824763][ T8095] batman_adv: batadv0: Removing interface: batadv_slave_0
[  150.856304][ T8095] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  150.859012][ T8095] batman_adv: batadv0: Removing interface: batadv_slave_1
[  150.927652][ T8108] nvme_fabrics: missing parameter 'transport=%s'
[  150.931591][ T8108] nvme_fabrics: missing parameter 'nqn=%s'
[  150.934519][ T8108] netlink: 'syz.1.588': attribute type 32 has an invalid length.
[  150.937096][ T8108] netlink: 8 bytes leftover after parsing attributes in process `syz.1.588'.
[  150.940071][ T8108] (unnamed net_device) (uninitialized): option coupled_control: invalid value (46)
[  151.006305][ T8116] usb usb1: usbfs: process 8116 (syz.1.589) did not claim interface 42 before use
[  151.015267][ T8116] overlayfs: failed to decode file handle (len=6, type=248, flags=0, err=-22)
[  151.031411][ T8117] ipt_ECN: cannot use operation on non-tcp rule
[  151.053053][ T8122] loop6: detected capacity change from 0 to 524287999
[  151.774881][   T67] Bluetooth: hci0: command 0x0c1a tx timeout
[  152.184915][   T67] Bluetooth: hci3: command 0x0c1a tx timeout
[  152.184938][ T5944] Bluetooth: hci1: command 0x0c1a tx timeout
[  152.185014][ T5294] Bluetooth: hci2: command 0x0c1a tx timeout
[  153.864813][ T5944] Bluetooth: hci0: command 0x0c1a tx timeout
[  154.254916][ T5944] Bluetooth: hci2: command 0x0c1a tx timeout
[  154.255029][   T67] Bluetooth: hci1: command 0x0c1a tx timeout
[  154.257590][ T5944] Bluetooth: hci3: command 0x0c1a tx timeout
[  155.934923][ T5944] Bluetooth: hci0: command 0x0c1a tx timeout
[  161.070079][ T8160] usb 2-1: USB disconnect, device number 8
[  161.167741][ T8164] hub 2-0:1.0: USB hub found
[  161.171577][ T8164] hub 2-0:1.0: 6 ports detected
[  161.384834][   T29] usb 2-1: new high-speed USB device number 9 using ehci-pci
[  161.390567][ T8165] FAULT_INJECTION: forcing a failure.
[  161.390567][ T8165] name failslab, interval 1, probability 0, space 0, times 0
[  161.398706][ T8165] CPU: 0 UID: 0 PID: 8165 Comm: syz.3.596 Not tainted 6.15.0-rc4-syzkaller-00042-gb6ea1680d0ac #0 PREEMPT(full) 
[  161.398721][ T8165] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  161.398727][ T8165] Call Trace:
[  161.398732][ T8165]  <TASK>
[  161.398736][ T8165]  dump_stack_lvl+0x16c/0x1f0
[  161.398752][ T8165]  should_fail_ex+0x512/0x640
[  161.398766][ T8165]  ? fs_reclaim_acquire+0xae/0x150
[  161.398782][ T8165]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[  161.398795][ T8165]  should_failslab+0xc2/0x120
[  161.398807][ T8165]  __kmalloc_noprof+0xd2/0x510
[  161.398821][ T8165]  tomoyo_realpath_from_path+0xc2/0x6e0
[  161.398835][ T8165]  ? tomoyo_profile+0x47/0x60
[  161.398863][ T8165]  tomoyo_path_number_perm+0x245/0x580
[  161.398874][ T8165]  ? tomoyo_path_number_perm+0x237/0x580
[  161.398886][ T8165]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  161.398911][ T8165]  ? find_held_lock+0x2b/0x80
[  161.398920][ T8165]  ? hook_file_ioctl_common+0x145/0x410
[  161.398931][ T8165]  ? __fget_files+0x204/0x3c0
[  161.398947][ T8165]  ? __fget_files+0x20e/0x3c0
[  161.398960][ T8165]  ? fput+0x60/0xf0
[  161.398973][ T8165]  security_file_ioctl_compat+0x9b/0x240
[  161.398986][ T8165]  __ia32_compat_sys_ioctl+0xc3/0x360
[  161.399001][ T8165]  __do_fast_syscall_32+0x73/0x120
[  161.399015][ T8165]  do_fast_syscall_32+0x32/0x80
[  161.399028][ T8165]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  161.399040][ T8165] RIP: 0023:0xf7fc1579
[  161.399048][ T8165] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  161.399058][ T8165] RSP: 002b:00000000f50a455c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  161.399068][ T8165] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 0000000000004601
[  161.399074][ T8165] RDX: 0000000080000380 RSI: 0000000000000000 RDI: 0000000000000000
[  161.399079][ T8165] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  161.399085][ T8165] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  161.399090][ T8165] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  161.399103][ T8165]  </TASK>
[  161.399540][ T8165] ERROR: Out of memory at tomoyo_realpath_from_path.
[  161.569168][   T29] usb 2-1: New USB device found, idVendor=0627, idProduct=0001, bcdDevice= 0.00
[  161.572882][   T29] usb 2-1: New USB device strings: Mfr=1, Product=3, SerialNumber=10
[  161.584911][   T29] usb 2-1: Product: QEMU USB Tablet
[  161.587239][   T29] usb 2-1: Manufacturer: QEMU
[  161.590156][   T29] usb 2-1: SerialNumber: 28754-0000:00:1d.7-1
[  161.608898][   T29] input: QEMU QEMU USB Tablet as /devices/pci0000:00/0000:00:1d.7/usb2/2-1/2-1:1.0/0003:0627:0001.0008/input/input13
[  161.693900][ T8170] netlink: 'syz.0.598': attribute type 11 has an invalid length.
[  161.768424][   T29] hid-generic 0003:0627:0001.0008: input,hidraw0: USB HID v0.01 Mouse [QEMU QEMU USB Tablet] on usb-0000:00:1d.7-1/input0
[  162.602314][ T5944] Bluetooth: hci0: Unable to find connection for big 0x00
[  163.288162][ T5944] Bluetooth: hci3: Unable to find connection for big 0x00
[  163.901774][ T8212] 9pnet_fd: Insufficient options for proto=fd
[  164.703801][ T8228] 9pnet: Could not find request transport: f
[  165.100107][ T8241] loop2: detected capacity change from 0 to 7
[  165.104893][ T8163] Dev loop2: unable to read RDB block 7
[  165.106733][ T8163]  loop2: unable to read partition table
[  165.108907][ T8163] loop2: partition table beyond EOD, truncated
[  165.118354][ T8241] Dev loop2: unable to read RDB block 7
[  165.122010][ T8241]  loop2: unable to read partition table
[  165.127490][ T8241] loop2: partition table beyond EOD, truncated
[  165.130244][ T8241] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[  165.375144][ T8250] FAULT_INJECTION: forcing a failure.
[  165.375144][ T8250] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  165.379387][ T8250] CPU: 0 UID: 0 PID: 8250 Comm: syz.1.621 Not tainted 6.15.0-rc4-syzkaller-00042-gb6ea1680d0ac #0 PREEMPT(full) 
[  165.379412][ T8250] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  165.379419][ T8250] Call Trace:
[  165.379423][ T8250]  <TASK>
[  165.379427][ T8250]  dump_stack_lvl+0x16c/0x1f0
[  165.379460][ T8250]  should_fail_ex+0x512/0x640
[  165.379480][ T8250]  _copy_from_user+0x2e/0xd0
[  165.379496][ T8250]  get_compat_msghdr+0xa7/0x170
[  165.379506][ T8250]  ? __pfx_get_compat_msghdr+0x10/0x10
[  165.379521][ T8250]  ___sys_sendmsg+0x1ae/0x1d0
[  165.379532][ T8250]  ? __pfx____sys_sendmsg+0x10/0x10
[  165.379568][ T8250]  __sys_sendmsg+0x16d/0x220
[  165.379581][ T8250]  ? __pfx___sys_sendmsg+0x10/0x10
[  165.379595][ T8250]  ? rcu_is_watching+0x12/0xc0
[  165.379605][ T8250]  ? rcu_is_watching+0x12/0xc0
[  165.379615][ T8250]  __do_fast_syscall_32+0x73/0x120
[  165.379629][ T8250]  do_fast_syscall_32+0x32/0x80
[  165.379642][ T8250]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  165.379655][ T8250] RIP: 0023:0xf7f87579
[  165.379663][ T8250] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  165.379672][ T8250] RSP: 002b:00000000f50a655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  165.379682][ T8250] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800001c0
[  165.379688][ T8250] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  165.379693][ T8250] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  165.379699][ T8250] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  165.379704][ T8250] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  165.379716][ T8250]  </TASK>
[  165.438006][    C0] vkms_vblank_simulate: vblank timer overrun
[  165.470744][ T8252] 9pnet_fd: Insufficient options for proto=fd
[  165.787116][ T8267] 
[  165.787958][ T8267] =====================================================
[  165.790170][ T8267] WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected
[  165.792475][ T8267] 6.15.0-rc4-syzkaller-00042-gb6ea1680d0ac #0 Not tainted
[  165.795654][ T8267] -----------------------------------------------------
[  165.798321][ T8267] syz.3.625/8267 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire:
[  165.800697][ T8267] ffff888050cd8018 (&new->fa_lock){....}-{3:3}, at: kill_fasync+0x138/0x510
[  165.803401][ T8267] 
[  165.803401][ T8267] and this task is already holding:
[  165.805697][ T8267] ffff88801325d028 (&client->buffer_lock){....}-{3:3}, at: evdev_pass_values+0x10e/0x9b0
[  165.808696][ T8267] which would create a new lock dependency:
[  165.810692][ T8267]  (&client->buffer_lock){....}-{3:3} -> (&new->fa_lock){....}-{3:3}
[  165.813281][ T8267] 
[  165.813281][ T8267] but this new dependency connects a SOFTIRQ-irq-safe lock:
[  165.816185][ T8267]  (&dev->event_lock#2){..-.}-{3:3}
[  165.816206][ T8267] 
[  165.816206][ T8267] ... which became SOFTIRQ-irq-safe at:
[  165.820262][ T8267]   lock_acquire+0x179/0x350
[  165.821730][ T8267]   _raw_spin_lock_irqsave+0x3a/0x60
[  165.823371][ T8267]   input_inject_event+0x9f/0x390
[  165.824956][ T8267]   led_set_brightness+0x214/0x290
[  165.826573][ T8267]   led_trigger_event+0xda/0x270
[  165.828109][ T8267]   kbd_bh+0x21b/0x300
[  165.829436][ T8267]   tasklet_action_common+0x281/0x400
[  165.831098][ T8267]   handle_softirqs+0x216/0x8e0
[  165.832639][ T8267]   run_ksoftirqd+0x3a/0x60
[  165.834133][ T8267]   smpboot_thread_fn+0x3f4/0xae0
[  165.835805][ T8267]   kthread+0x3c2/0x780
[  165.837129][ T8267]   ret_from_fork+0x45/0x80
[  165.838573][ T8267]   ret_from_fork_asm+0x1a/0x30
[  165.840152][ T8267] 
[  165.840152][ T8267] to a SOFTIRQ-irq-unsafe lock:
[  165.842322][ T8267]  (tasklist_lock){.+.?}-{3:3}
[  165.842338][ T8267] 
[  165.842338][ T8267] ... which became SOFTIRQ-irq-unsafe at:
[  165.846287][ T8267] ...
[  165.846291][ T8267]   lock_acquire+0x179/0x350
[  165.848554][ T8267]   _raw_read_lock+0x5f/0x70
[  165.850016][ T8267]   __do_wait+0x105/0x890
[  165.851345][ T8267]   do_wait+0x21e/0x5a0
[  165.852665][ T8267]   kernel_wait+0x9f/0x160
[  165.854113][ T8267]   call_usermodehelper_exec_work+0xf1/0x170
[  165.855996][ T8267]   process_one_work+0x9cc/0x1b70
[  165.857626][ T8267]   worker_thread+0x6c8/0xf10
[  165.859127][ T8267]   kthread+0x3c2/0x780
[  165.860498][ T8267]   ret_from_fork+0x45/0x80
[  165.861920][ T8267]   ret_from_fork_asm+0x1a/0x30
[  165.863477][ T8267] 
[  165.863477][ T8267] other info that might help us debug this:
[  165.863477][ T8267] 
[  165.866624][ T8267] Chain exists of:
[  165.866624][ T8267]   &dev->event_lock#2 --> &client->buffer_lock --> tasklist_lock
[  165.866624][ T8267] 
[  165.870687][ T8267]  Possible interrupt unsafe locking scenario:
[  165.870687][ T8267] 
[  165.873227][ T8267]        CPU0                    CPU1
[  165.874899][ T8267]        ----                    ----
[  165.876546][ T8267]   lock(tasklist_lock);
[  165.877886][ T8267]                                local_irq_disable();
[  165.879963][ T8267]                                lock(&dev->event_lock#2);
[  165.882220][ T8267]                                lock(&client->buffer_lock);
[  165.884554][ T8267]   <Interrupt>
[  165.885666][ T8267]     lock(&dev->event_lock#2);
[  165.887194][ T8267] 
[  165.887194][ T8267]  *** DEADLOCK ***
[  165.887194][ T8267] 
[  165.889706][ T8267] 7 locks held by syz.3.625/8267:
[  165.891253][ T8267]  #0: ffff888026a3a118 (&evdev->mutex){+.+.}-{4:4}, at: evdev_write+0x184/0x440
[  165.894031][ T8267]  #1: ffff888021919230 (&dev->event_lock#2){..-.}-{3:3}, at: input_inject_event+0x9f/0x390
[  165.897089][ T8267]  #2: ffffffff8e3bf440 (rcu_read_lock){....}-{1:3}, at: input_inject_event+0xbb/0x390
[  165.900033][ T8267]  #3: ffffffff8e3bf440 (rcu_read_lock){....}-{1:3}, at: input_pass_values+0x80/0x890
[  165.902911][ T8267]  #4: ffffffff8e3bf440 (rcu_read_lock){....}-{1:3}, at: evdev_events+0x7b/0x390
[  165.905747][ T8267]  #5: ffff88801325d028 (&client->buffer_lock){....}-{3:3}, at: evdev_pass_values+0x10e/0x9b0
[  165.908885][ T8267]  #6: ffffffff8e3bf440 (rcu_read_lock){....}-{1:3}, at: kill_fasync+0x62/0x510
[  165.911723][ T8267] 
[  165.911723][ T8267] the dependencies between SOFTIRQ-irq-safe lock and the holding lock:
[  165.914968][ T8267]  -> (&dev->event_lock#2){..-.}-{3:3} {
[  165.916737][ T8267]     IN-SOFTIRQ-W at:
[  165.918049][ T8267]                       lock_acquire+0x179/0x350
[  165.920127][ T8267]                       _raw_spin_lock_irqsave+0x3a/0x60
[  165.922356][ T8267]                       input_inject_event+0x9f/0x390
[  165.924500][ T8267]                       led_set_brightness+0x214/0x290
[  165.926630][ T8267]                       led_trigger_event+0xda/0x270
[  165.928688][ T8267]                       kbd_bh+0x21b/0x300
[  165.930576][ T8267]                       tasklet_action_common+0x281/0x400
[  165.932755][ T8267]                       handle_softirqs+0x216/0x8e0
[  165.934801][ T8267]                       run_ksoftirqd+0x3a/0x60
[  165.936738][ T8267]                       smpboot_thread_fn+0x3f4/0xae0
[  165.938854][ T8267]                       kthread+0x3c2/0x780
[  165.940699][ T8267]                       ret_from_fork+0x45/0x80
[  165.942669][ T8267]                       ret_from_fork_asm+0x1a/0x30
[  165.944740][ T8267]     INITIAL USE at:
[  165.946018][ T8267]                      lock_acquire+0x179/0x350
[  165.947962][ T8267]                      _raw_spin_lock_irqsave+0x3a/0x60
[  165.950185][ T8267]                      input_inject_event+0x9f/0x390
[  165.952275][ T8267]                      led_set_brightness+0x214/0x290
[  165.954353][ T8267]                      kbd_led_trigger_activate+0xcb/0x110
[  165.956546][ T8267]                      led_trigger_set+0x597/0xc50
[  165.958552][ T8267]                      led_trigger_set_default+0x1bd/0x2a0
[  165.960716][ T8267]                      led_classdev_register_ext+0x7b8/0xa10
[  165.962945][ T8267]                      input_leds_connect+0x552/0x8e0
[  165.965029][ T8267]                      input_attach_handler.isra.0+0x181/0x260
[  165.967373][ T8267]                      input_register_device+0xa84/0x1130
[  165.969595][ T8267]                      atkbd_connect+0x5da/0xa20
[  165.971594][ T8267]                      serio_driver_probe+0x74/0xb0
[  165.973665][ T8267]                      really_probe+0x23e/0xa90
[  165.975613][ T8267]                      __driver_probe_device+0x1de/0x440
[  165.977762][ T8267]                      driver_probe_device+0x4c/0x1b0
[  165.979772][ T8267]                      __driver_attach+0x283/0x580
[  165.981808][ T8267]                      bus_for_each_dev+0x13b/0x1d0
[  165.983869][ T8267]                      serio_handle_event+0x247/0xa50
[  165.985976][ T8267]                      process_one_work+0x9cc/0x1b70
[  165.988041][ T8267]                      worker_thread+0x6c8/0xf10
[  165.990098][ T8267]                      kthread+0x3c2/0x780
[  165.991916][ T8267]                      ret_from_fork+0x45/0x80
[  165.993891][ T8267]                      ret_from_fork_asm+0x1a/0x30
[  165.995917][ T8267]   }
[  165.996759][ T8267]   ... key      at: [<ffffffff9ae2c760>] __key.7+0x0/0x40
[  165.999028][ T8267] -> (&client->buffer_lock){....}-{3:3} {
[  166.000893][ T8267]    INITIAL USE at:
[  166.002183][ T8267]                    lock_acquire+0x179/0x350
[  166.004118][ T8267]                    _raw_spin_lock+0x2e/0x40
[  166.006023][ T8267]                    evdev_pass_values+0x10e/0x9b0
[  166.008034][ T8267]                    evdev_events+0x1bb/0x390
[  166.009939][ T8267]                    input_pass_values+0x6c4/0x890
[  166.011956][ T8267]                    input_handle_event+0xf00/0x14d0
[  166.014085][ T8267]                    input_inject_event+0x1cd/0x390
[  166.016128][ T8267]                    evdev_write+0x2e1/0x440
[  166.018029][ T8267]                    vfs_write+0x25c/0x1180
[  166.019904][ T8267]                    ksys_write+0x205/0x240
[  166.021783][ T8267]                    __do_fast_syscall_32+0x73/0x120
[  166.023843][ T8267]                    do_fast_syscall_32+0x32/0x80
[  166.025819][ T8267]                    entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  166.028220][ T8267]  }
[  166.029062][ T8267]  ... key      at: [<ffffffff9ae2cbe0>] __key.1+0x0/0x40
[  166.031386][ T8267]  ... acquired at:
[  166.032594][ T8267]    _raw_spin_lock+0x2e/0x40
[  166.034109][ T8267]    evdev_pass_values+0x10e/0x9b0
[  166.035825][ T8267]    evdev_events+0x1bb/0x390
[  166.037330][ T8267]    input_pass_values+0x6c4/0x890
[  166.038936][ T8267]    input_handle_event+0xf00/0x14d0
[  166.040599][ T8267]    input_inject_event+0x1cd/0x390
[  166.042237][ T8267]    evdev_write+0x2e1/0x440
[  166.043690][ T8267]    vfs_write+0x25c/0x1180
[  166.045132][ T8267]    ksys_write+0x205/0x240
[  166.046554][ T8267]    __do_fast_syscall_32+0x73/0x120
[  166.048197][ T8267]    do_fast_syscall_32+0x32/0x80
[  166.049788][ T8267]    entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  166.051799][ T8267] 
[  166.052568][ T8267] 
[  166.052568][ T8267] the dependencies between the lock to be acquired
[  166.052574][ T8267]  and SOFTIRQ-irq-unsafe lock:
[  166.056814][ T8267]   -> (tasklist_lock){.+.?}-{3:3} {
[  166.058515][ T8267]      HARDIRQ-ON-R at:
[  166.059824][ T8267]                         lock_acquire+0x179/0x350
[  166.061867][ T8267]                         _raw_read_lock+0x5f/0x70
[  166.063906][ T8267]                         __do_wait+0x105/0x890
[  166.065870][ T8267]                         do_wait+0x21e/0x5a0
[  166.067764][ T8267]                         kernel_wait+0x9f/0x160
[  166.069752][ T8267]                         call_usermodehelper_exec_work+0xf1/0x170
[  166.072179][ T8267]                         process_one_work+0x9cc/0x1b70
[  166.074383][ T8267]                         worker_thread+0x6c8/0xf10
[  166.076455][ T8267]                         kthread+0x3c2/0x780
[  166.078379][ T8267]                         ret_from_fork+0x45/0x80
[  166.080369][ T8267]                         ret_from_fork_asm+0x1a/0x30
[  166.082497][ T8267]      IN-SOFTIRQ-R at:
[  166.083837][ T8267]                         lock_acquire+0x179/0x350
[  166.085874][ T8267]                         _raw_read_lock+0x3a/0x70
[  166.087878][ T8267]                         send_sigurg+0xed/0xc80
[  166.089878][ T8267]                         sk_send_sigurg+0x76/0x360
[  166.091916][ T8267]                         tcp_urg+0x341/0xb80
[  166.093737][ T8267]                         tcp_rcv_established+0x7cc/0x2180
[  166.095837][ T8267]                         tcp_v4_do_rcv+0x5ca/0xa90
[  166.097894][ T8267]                         tcp_v4_rcv+0x3601/0x4640
[  166.099919][ T8267]                         ip_protocol_deliver_rcu+0xba/0x4c0
[  166.102220][ T8267]                         ip_local_deliver_finish+0x316/0x570
[  166.104594][ T8267]                         ip_local_deliver+0x18e/0x1f0
[  166.106741][ T8267]                         ip_rcv+0x2c3/0x5d0
[  166.108608][ T8267]                         __netif_receive_skb_one_core+0x197/0x1e0
[  166.111050][ T8267]                         __netif_receive_skb+0x1d/0x160
[  166.113238][ T8267]                         process_backlog+0x442/0x15e0
[  166.115357][ T8267]                         __napi_poll.constprop.0+0xb7/0x550
[  166.117656][ T8267]                         net_rx_action+0xa97/0x1010
[  166.119761][ T8267]                         handle_softirqs+0x216/0x8e0
[  166.121888][ T8267]                         do_softirq+0xb2/0xf0
[  166.123820][ T8267]                         __local_bh_enable_ip+0x100/0x120
[  166.126088][ T8267]                         sk_stream_wait_memory+0x65d/0x10e0
[  166.128376][ T8267]                         tcp_sendmsg_locked+0xa75/0x3930
[  166.130633][ T8267]                         tcp_sendmsg+0x2e/0x50
[  166.132599][ T8267]                         inet_sendmsg+0xb9/0x140
[  166.134630][ T8267]                         __sys_sendto+0x431/0x510
[  166.136766][ T8267]                         __ia32_sys_sendto+0xdd/0x1b0
[  166.138979][ T8267]                         __do_fast_syscall_32+0x73/0x120
[  166.141430][ T8267]                         do_fast_syscall_32+0x32/0x80
[  166.143564][ T8267]                         entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  166.146266][ T8267]      SOFTIRQ-ON-R at:
[  166.147574][ T8267]                         lock_acquire+0x179/0x350
[  166.149617][ T8267]                         _raw_read_lock+0x5f/0x70
[  166.151639][ T8267]                         __do_wait+0x105/0x890
[  166.153625][ T8267]                         do_wait+0x21e/0x5a0
[  166.155543][ T8267]                         kernel_wait+0x9f/0x160
[  166.157530][ T8267]                         call_usermodehelper_exec_work+0xf1/0x170
[  166.159967][ T8267]                         process_one_work+0x9cc/0x1b70
[  166.162134][ T8267]                         worker_thread+0x6c8/0xf10
[  166.164208][ T8267]                         kthread+0x3c2/0x780
[  166.166126][ T8267]                         ret_from_fork+0x45/0x80
[  166.168244][ T8267]                         ret_from_fork_asm+0x1a/0x30
[  166.170403][ T8267]      INITIAL USE at:
[  166.171677][ T8267]                        lock_acquire+0x179/0x350
[  166.173903][ T8267]                        _raw_write_lock_irq+0x36/0x50
[  166.176004][ T8267]                        copy_process+0x3f09/0x91a0
[  166.178017][ T8267]                        kernel_clone+0xfc/0x960
[  166.179948][ T8267]                        user_mode_thread+0xc7/0x110
[  166.182030][ T8267]                        rest_init+0x23/0x2b0
[  166.184189][ T8267]                        start_kernel+0x3e9/0x4d0
[  166.186200][ T8267]                        x86_64_start_reservations+0x18/0x30
[  166.188512][ T8267]                        x86_64_start_kernel+0xb0/0xc0
[  166.190704][ T8267]                        common_startup_64+0x13e/0x148
[  166.192845][ T8267]      INITIAL READ USE at:
[  166.194567][ T8267]                             lock_acquire+0x179/0x350
[  166.196697][ T8267]                             _raw_read_lock+0x5f/0x70
[  166.198913][ T8267]                             __do_wait+0x105/0x890
[  166.201063][ T8267]                             do_wait+0x21e/0x5a0
[  166.203240][ T8267]                             kernel_wait+0x9f/0x160
[  166.205446][ T8267]                             call_usermodehelper_exec_work+0xf1/0x170
[  166.208030][ T8267]                             process_one_work+0x9cc/0x1b70
[  166.210342][ T8267]                             worker_thread+0x6c8/0xf10
[  166.212478][ T8267]                             kthread+0x3c2/0x780
[  166.214546][ T8267]                             ret_from_fork+0x45/0x80
[  166.216637][ T8267]                             ret_from_fork_asm+0x1a/0x30
[  166.218922][ T8267]    }
[  166.219797][ T8267]    ... key      at: [<ffffffff8e00c098>] tasklist_lock+0x18/0x40
[  166.222257][ T8267]    ... acquired at:
[  166.223738][ T8267]    _raw_read_lock+0x5f/0x70
[  166.225374][ T8267]    send_sigurg+0xed/0xc80
[  166.226802][ T8267]    sk_send_sigurg+0x76/0x360
[  166.228310][ T8267]    tcp_urg+0x341/0xb80
[  166.229690][ T8267]    tcp_rcv_established+0x7cc/0x2180
[  166.231371][ T8267]    tcp_v4_do_rcv+0x5ca/0xa90
[  166.232895][ T8267]    __release_sock+0x31b/0x400
[  166.234506][ T8267]    release_sock+0x5a/0x220
[  166.235955][ T8267]    sk_stream_wait_memory+0x65d/0x10e0
[  166.237710][ T8267]    tcp_sendmsg_locked+0xa75/0x3930
[  166.239687][ T8267]    tcp_sendmsg+0x2e/0x50
[  166.241511][ T8267]    inet_sendmsg+0xb9/0x140
[  166.243463][ T8267]    __sys_sendto+0x431/0x510
[  166.245472][ T8267]    __ia32_sys_sendto+0xdd/0x1b0
[  166.247623][ T8267]    __do_fast_syscall_32+0x73/0x120
[  166.249865][ T8267]    do_fast_syscall_32+0x32/0x80
[  166.252001][ T8267]    entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  166.254737][ T8267] 
[  166.255728][ T8267]  -> (&f_owner->lock){...-}-{3:3} {
[  166.257553][ T8267]     IN-SOFTIRQ-R at:
[  166.258847][ T8267]                       lock_acquire+0x179/0x350
[  166.260805][ T8267]                       _raw_read_lock_irqsave+0x46/0x90
[  166.262967][ T8267]                       send_sigurg+0x5f/0xc80
[  166.265472][ T8267]                       sk_send_sigurg+0x76/0x360
[  166.268110][ T8267]                       tcp_urg+0x341/0xb80
[  166.270060][ T8267]                       tcp_rcv_established+0x7cc/0x2180
[  166.272560][ T8267]                       tcp_v4_do_rcv+0x5ca/0xa90
[  166.275162][ T8267]                       tcp_v4_rcv+0x3601/0x4640
[  166.277758][ T8267]                       ip_protocol_deliver_rcu+0xba/0x4c0
[  166.280557][ T8267]                       ip_local_deliver_finish+0x316/0x570
[  166.283552][ T8267]                       ip_local_deliver+0x18e/0x1f0
[  166.286290][ T8267]                       ip_rcv+0x2c3/0x5d0
[  166.288641][ T8267]                       __netif_receive_skb_one_core+0x197/0x1e0
[  166.291722][ T8267]                       __netif_receive_skb+0x1d/0x160
[  166.294156][ T8267]                       process_backlog+0x442/0x15e0
[  166.296514][ T8267]                       __napi_poll.constprop.0+0xb7/0x550
[  166.299450][ T8267]                       net_rx_action+0xa97/0x1010
[  166.302137][ T8267]                       handle_softirqs+0x216/0x8e0
[  166.304918][ T8267]                       do_softirq+0xb2/0xf0
[  166.307438][ T8267]                       __local_bh_enable_ip+0x100/0x120
[  166.310311][ T8267]                       sk_stream_wait_memory+0x65d/0x10e0
[  166.313292][ T8267]                       tcp_sendmsg_locked+0xa75/0x3930
[  166.316073][ T8267]                       tcp_sendmsg+0x2e/0x50
[  166.318332][ T8267]                       inet_sendmsg+0xb9/0x140
[  166.320712][ T8267]                       __sys_sendto+0x431/0x510
[  166.323129][ T8267]                       __ia32_sys_sendto+0xdd/0x1b0
[  166.325923][ T8267]                       __do_fast_syscall_32+0x73/0x120
[  166.328772][ T8267]                       do_fast_syscall_32+0x32/0x80
[  166.331461][ T8267]                       entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  166.334378][ T8267]     INITIAL USE at:
[  166.335631][ T8267]                      lock_acquire+0x179/0x350
[  166.337588][ T8267]                      _raw_write_lock_irq+0x36/0x50
[  166.339665][ T8267]                      __f_setown+0x61/0x3c0
[  166.341549][ T8267]                      f_setown+0x122/0x290
[  166.343491][ T8267]                      do_fcntl+0xf70/0x1590
[  166.345423][ T8267]                      do_compat_fcntl64+0x370/0x700
[  166.347520][ T8267]                      __do_fast_syscall_32+0x73/0x120
[  166.349624][ T8267]                      do_fast_syscall_32+0x32/0x80
[  166.351654][ T8267]                      entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  166.354368][ T8267]     INITIAL READ USE at:
[  166.355815][ T8267]                           lock_acquire+0x179/0x350
[  166.358009][ T8267]                           _raw_read_lock_irqsave+0x74/0x90
[  166.360996][ T8267]                           send_sigurg+0x5f/0xc80
[  166.363750][ T8267]                           sk_send_sigurg+0x76/0x360
[  166.366524][ T8267]                           unix_stream_sendmsg+0xe77/0x1160
[  166.368949][ T8267]                           ____sys_sendmsg+0xa95/0xc70
[  166.371776][ T8267]                           ___sys_sendmsg+0x134/0x1d0
[  166.374640][ T8267]                           __sys_sendmsg+0x16d/0x220
[  166.377485][ T8267]                           __do_fast_syscall_32+0x73/0x120
[  166.380598][ T8267]                           do_fast_syscall_32+0x32/0x80
[  166.383411][ T8267]                           entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  166.386378][ T8267]   }
[  166.387520][ T8267]   ... key      at: [<ffffffff9ab5afe0>] __key.1+0x0/0x40
[  166.390574][ T8267]   ... acquired at:
[  166.392252][ T8267]    _raw_read_lock_irqsave+0x74/0x90
[  166.394560][ T8267]    send_sigio+0x31/0x3e0
[  166.396472][ T8267]    kill_fasync+0x214/0x510
[  166.398480][ T8267]    lease_break_callback+0x23/0x30
[  166.400611][ T8267]    __break_lease+0x671/0x1810
[  166.402704][ T8267]    do_dentry_open+0x6e1/0x1c10
[  166.404821][ T8267]    vfs_open+0x82/0x3f0
[  166.406696][ T8267]    path_openat+0x1e5e/0x2d40
[  166.408746][ T8267]    do_filp_open+0x20b/0x470
[  166.410773][ T8267]    do_sys_openat2+0x11b/0x1d0
[  166.412720][ T8267]    __ia32_compat_sys_openat+0x16d/0x210
[  166.415128][ T8267]    __do_fast_syscall_32+0x73/0x120
[  166.417330][ T8267]    do_fast_syscall_32+0x32/0x80
[  166.419416][ T8267]    entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  166.422152][ T8267] 
[  166.423151][ T8267] -> (&new->fa_lock){....}-{3:3} {
[  166.425382][ T8267]    INITIAL USE at:
[  166.427037][ T8267]                    lock_acquire+0x179/0x350
[  166.429532][ T8267]                    _raw_write_lock_irq+0x36/0x50
[  166.432256][ T8267]                    fasync_remove_entry+0xb2/0x1e0
[  166.434972][ T8267]                    fasync_helper+0xaf/0xd0
[  166.437421][ T8267]                    lease_modify+0x232/0x500
[  166.439992][ T8267]                    locks_remove_file+0x29e/0x5b0
[  166.442612][ T8267]                    __fput+0x351/0xb70
[  166.444828][ T8267]                    task_work_run+0x14d/0x240
[  166.447376][ T8267]                    syscall_exit_to_user_mode+0x27b/0x2a0
[  166.450401][ T8267]                    __do_fast_syscall_32+0x80/0x120
[  166.453211][ T8267]                    do_fast_syscall_32+0x32/0x80
[  166.455932][ T8267]                    entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  166.459261][ T8267]    INITIAL READ USE at:
[  166.461119][ T8267]                         lock_acquire+0x179/0x350
[  166.463836][ T8267]                         _raw_read_lock_irqsave+0x74/0x90
[  166.466868][ T8267]                         kill_fasync+0x138/0x510
[  166.469464][ T8267]                         lease_break_callback+0x23/0x30
[  166.471624][ T8267]                         __break_lease+0x671/0x1810
[  166.473730][ T8267]                         do_dentry_open+0x6e1/0x1c10
[  166.475819][ T8267]                         vfs_open+0x82/0x3f0
[  166.477732][ T8267]                         path_openat+0x1e5e/0x2d40
[  166.479785][ T8267]                         do_filp_open+0x20b/0x470
[  166.481818][ T8267]                         do_sys_openat2+0x11b/0x1d0
[  166.483923][ T8267]                         __ia32_compat_sys_openat+0x16d/0x210
[  166.486286][ T8267]                         __do_fast_syscall_32+0x73/0x120
[  166.488586][ T8267]                         do_fast_syscall_32+0x32/0x80
[  166.490781][ T8267]                         entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  166.493291][ T8267]  }
[  166.494133][ T8267]  ... key      at: [<ffffffff9ab5afa0>] __key.0+0x0/0x40
[  166.496406][ T8267]  ... acquired at:
[  166.497687][ T8267]    lock_acquire+0x179/0x350
[  166.499200][ T8267]    _raw_read_lock_irqsave+0x74/0x90
[  166.500885][ T8267]    kill_fasync+0x138/0x510
[  166.502357][ T8267]    evdev_pass_values+0x619/0x9b0
[  166.503985][ T8267]    evdev_events+0x1bb/0x390
[  166.505483][ T8267]    input_pass_values+0x6c4/0x890
[  166.507012][ T8267]    input_handle_event+0xf00/0x14d0
[  166.508587][ T8267]    input_inject_event+0x1cd/0x390
[  166.510136][ T8267]    evdev_write+0x2e1/0x440
[  166.511533][ T8267]    vfs_write+0x25c/0x1180
[  166.512886][ T8267]    ksys_write+0x205/0x240
[  166.514258][ T8267]    __do_fast_syscall_32+0x73/0x120
[  166.515845][ T8267]    do_fast_syscall_32+0x32/0x80
[  166.517433][ T8267]    entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  166.519407][ T8267] 
[  166.520141][ T8267] 
[  166.520141][ T8267] stack backtrace:
[  166.521907][ T8267] CPU: 2 UID: 0 PID: 8267 Comm: syz.3.625 Not tainted 6.15.0-rc4-syzkaller-00042-gb6ea1680d0ac #0 PREEMPT(full) 
[  166.521920][ T8267] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  166.521926][ T8267] Call Trace:
[  166.521931][ T8267]  <TASK>
[  166.521936][ T8267]  dump_stack_lvl+0x116/0x1f0
[  166.521950][ T8267]  check_irq_usage+0x7dc/0x920
[  166.521962][ T8267]  ? tracing_record_taskinfo_sched_switch+0x54/0x400
[  166.521978][ T8267]  ? check_path.constprop.0+0x24/0x50
[  166.521989][ T8267]  ? __lock_acquire+0x1189/0x1ba0
[  166.522000][ T8267]  __lock_acquire+0x1189/0x1ba0
[  166.522014][ T8267]  lock_acquire+0x179/0x350
[  166.522025][ T8267]  ? kill_fasync+0x138/0x510
[  166.522038][ T8267]  _raw_read_lock_irqsave+0x74/0x90
[  166.522050][ T8267]  ? kill_fasync+0x138/0x510
[  166.522060][ T8267]  kill_fasync+0x138/0x510
[  166.522071][ T8267]  evdev_pass_values+0x619/0x9b0
[  166.522084][ T8267]  evdev_events+0x1bb/0x390
[  166.522095][ T8267]  input_pass_values+0x6c4/0x890
[  166.522107][ T8267]  input_handle_event+0xf00/0x14d0
[  166.522118][ T8267]  ? _copy_from_user+0x59/0xd0
[  166.522133][ T8267]  input_inject_event+0x1cd/0x390
[  166.522145][ T8267]  evdev_write+0x2e1/0x440
[  166.522156][ T8267]  ? __pfx_evdev_write+0x10/0x10
[  166.522167][ T8267]  ? bpf_lsm_file_permission+0x9/0x10
[  166.522182][ T8267]  ? security_file_permission+0x71/0x210
[  166.522195][ T8267]  ? rw_verify_area+0xcf/0x680
[  166.522209][ T8267]  vfs_write+0x25c/0x1180
[  166.522216][ T8267]  ? __pfx_evdev_write+0x10/0x10
[  166.522228][ T8267]  ? __pfx_vfs_write+0x10/0x10
[  166.522235][ T8267]  ? find_held_lock+0x2b/0x80
[  166.522244][ T8267]  ? __fget_files+0x204/0x3c0
[  166.522259][ T8267]  ? __fget_files+0x20e/0x3c0
[  166.522274][ T8267]  ksys_write+0x205/0x240
[  166.522282][ T8267]  ? __pfx_ksys_write+0x10/0x10
[  166.522290][ T8267]  ? rcu_is_watching+0x12/0xc0
[  166.522299][ T8267]  ? rcu_is_watching+0x12/0xc0
[  166.522307][ T8267]  __do_fast_syscall_32+0x73/0x120
[  166.522320][ T8267]  do_fast_syscall_32+0x32/0x80
[  166.522333][ T8267]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  166.522345][ T8267] RIP: 0023:0xf7fc1579
[  166.522352][ T8267] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  166.522362][ T8267] RSP: 002b:00000000f50a455c EFLAGS: 00000296 ORIG_RAX: 0000000000000004
[  166.522371][ T8267] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000080000040
[  166.522377][ T8267] RDX: 0000000000002250 RSI: 0000000000000000 RDI: 0000000000000000
[  166.522383][ T8267] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  166.522388][ T8267] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  166.522394][ T8267] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  166.522402][ T8267]  </TASK>
[  166.654902][ T8256] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  166.656880][ T8256] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  166.659278][ T8256] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  166.661451][ T8256] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  167.774875][ T5294] Bluetooth: hci0: command 0x0c1a tx timeout
[  167.777157][ T8256] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  168.734713][ T5294] Bluetooth: hci3: command 0x0c1a tx timeout
[  168.744846][ T5294] Bluetooth: hci2: command 0x0c1a tx timeout
[  168.744871][ T5944] Bluetooth: hci1: command 0x0c1a tx timeout
[  169.854787][ T5944] Bluetooth: hci0: command 0x0c1a tx timeout

VM DIAGNOSIS:
23:53:57  Registers:
info registers vcpu 0

CPU#0
RAX=000000000028bf23 RBX=0000000000000000 RCX=ffffffff8b6903e9 RDX=0000000000000000
RSI=ffffffff8dbdad3b RDI=ffffffff8bf467e0 RBP=fffffbfff1c12ee8 RSP=ffffffff8e007e10
R8 =0000000000000001 R9 =ffffed10056465bd R10=ffff88802b232deb R11=0000000000000000
R12=0000000000000000 R13=ffffffff8e097740 R14=ffffffff90851a10 R15=0000000000000000
RIP=ffffffff8b68ec7f RFL=00000282 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880977ed000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=000000000c2795dc CR3=000000001216e000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000011400000000 0000000200000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000080000000 RBX=0000000000000000 RCX=ffffc9000c001000 RDX=ffff888069772440
RSI=ffffffff81fc1c8b RDI=0000000000000005 RBP=0000000000000000 RSP=ffffc900228b75c0
R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000000 R11=00000000000103c2
R12=0000000000000000 R13=ffff88804f46af38 R14=000000000000040e R15=0000000000000000
RIP=ffffffff81baab1b RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff8880978ed000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=000000005770c4c0 CR3=000000006b3ea000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000011400000000 0000000200000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 2

CPU#2
RAX=dffffc0000000060 RBX=00000000000003fd RCX=0000000000000000 RDX=00000000000003fd
RSI=ffffffff854bf670 RDI=ffffffff9addebc0 RBP=ffffffff9addeb80 RSP=ffffc900257272a8
R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=2d2d2d2d2d2d2d2d
R12=0000000000000000 R13=0000000000000020 R14=fffffbfff35bbdca R15=dffffc0000000000
RIP=ffffffff854bf697 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff8880979ed000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000008f000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=000000002f211ffc CR3=000000001216e000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 2323232323232323 2323232323232323
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff ffffffffffffff00
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 3

CPU#3
RAX=0000000000000000 RBX=ffff88802b4414a0 RCX=ffffffff81ae9c79 RDX=ffff88801da8c880
RSI=ffffffff81ae9c53 RDI=0000000000000005 RBP=0000000000000003 RSP=ffffc900001e6bf8
R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000003
R12=ffffed1005688295 R13=0000000000000001 R14=dffffc0000000000 R15=ffff88802b53b180
RIP=ffffffff81ae9c5a RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0000 0000000000000000 ffffffff 00c00000
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff888097aed000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000d6000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000f50c5ba4 CR3=00000000270e9000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000