last executing test programs:

5.136783052s ago: executing program 3 (id=507):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=@newtaction={0x184, 0x30, 0x10, 0x0, 0x25dfdbfd, {}, [{0x170, 0x1, [@m_ct={0x44, 0x102, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e01e7a, 0x20000000, 0x3, 0x1}}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_xt={0x128, 0x1c, 0x0, 0x0, {{0x7}, {0xf4, 0x2, 0x0, 0x1, [@TCA_IPT_TARG={0xe6, 0x6, {0xe5, 'security\x00', 0xa1, 0xfff9, "39415800ae77c240df297f9eca61fcef05b69b66d6f83c0d551eaa3e878672f76553492c32cf69b1843eca9afde199566c966154c57e8b6f008bade48f0c475549c804b39e6d2cbf20f6a2b92686442ed9d9088f3b2b4de7164105ad069e4fd98c06fa0c935fb4641a6d1f9db77a9f8133834b9808d9fc4e7ec0bbf1f1d16b829c0021f5d752265aa320f02a700bc9a79dea6a487340ebfd0b02f165c1972ed43f213e5c3f8e9cdd9a489ebd368a92d9cf269c249cddd4695f399818"}}, @TCA_IPT_HOOK={0x8, 0x2, 0x3}]}, {0x10, 0x6, "f58505710d75cd37902a7409"}, {0xc}, {0xc, 0x8, {0x0, 0x1}}}}]}]}, 0x184}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x10000000000002)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$NFULNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000440)={0x0, 0x48}, 0x1, 0x0, 0x0, 0x4000001}, 0x4000)
r3 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0, r3}, 0x18)
pipe(&(0x7f00000001c0))
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_LIST(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="1c000000070601080000000000000000000000000500010006"], 0x1c}, 0x1, 0x3f}, 0x0)
openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140), 0x42, 0x0)
r5 = syz_open_procfs(0x0, &(0x7f00000003c0)='oom_adj\x00')
writev(r5, &(0x7f0000000140)=[{&(0x7f0000000280)='0', 0x1}, {&(0x7f0000000080)="d2", 0x1}], 0x2)
r6 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000840)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe)
add_key(&(0x7f00000003c0)='dns_resolver\x00', &(0x7f0000000400)={'syz', 0x3}, &(0x7f0000000080)="00000102", 0xfffff, r6)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
mknodat$null(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x103)
mount$tmpfs(0x0, &(0x7f0000000780)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="6d706f6c3d7072f9ff65723d7374617469633a"])
sendmsg$NFT_BATCH(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="140100001000010000000000000000000300000a20000000000a03000000000000000000070000000900010073797a300000000084000000090a010400000000000000000700000008000a40000000000900020073797a30000000000900010073797a30000000114000128014000180090001006c6173740000000004000280140001800c000100636f756e7465720004000280140001800c0001006e6f747261636b00040002800800034000000110140000001000010000000000000000000084000a0000000000000000"], 0xcc}}, 0x20050800)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/keys\x00', 0x0, 0x0)
add_key$fscrypt_v1(&(0x7f00000002c0), &(0x7f0000000300)={'fscrypt:', @desc4}, &(0x7f0000000440)={0x0, "8527d2100090af54bfbca283be11c0de7af30e90937920fcba13d90af61beaa44d66a6535daf1bc35fb3af1e9197e31d26589d073c10184095fb00", 0x14}, 0x48, 0xffffffffffffffff)

4.402139553s ago: executing program 2 (id=508):
openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x1c3902, 0x0)
mount(&(0x7f0000000040)=@nullb, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000080)='cramfs\x00', 0x2a00000, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f00000000c0)='tracefs\x00', 0x1214040, 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000003c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
removexattr(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000240)=@known='system.posix_acl_access\x00')
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)

4.290206844s ago: executing program 2 (id=509):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_open_procfs$namespace(0x0, &(0x7f0000002340)='ns/user\x00')
setns(r1, 0x10000000)
sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000800)=ANY=[@ANYBLOB="1c0000002a00090042bd700004000000040000000800b400cf000000"], 0x1c}, 0x1, 0x0, 0x0, 0x42804}, 0x20000084)

4.208637632s ago: executing program 2 (id=510):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
r4 = socket$rds(0x15, 0x5, 0x0)
sendmsg$rds(r4, 0x0, 0x0)
setsockopt$RDS_CANCEL_SENT_TO(r4, 0x114, 0x1, 0x0, 0x0)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
sendmsg$RDMA_NLDEV_CMD_STAT_GET(r4, 0x0, 0x20000081)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mkdir(&(0x7f0000000100)='./file1\x00', 0x13b)
mkdir(&(0x7f0000000000)='./bus\x00', 0x0)
syz_open_pts(0xffffffffffffffff, 0x40100)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
r5 = open(&(0x7f0000000580)='./bus\x00', 0x80242, 0x100)
chdir(&(0x7f0000000400)='./file1\x00')
write$FUSE_CREATE_OPEN(r5, &(0x7f0000000180)={0xa0, 0xffffffffffffffda, 0x0, {{0x4, 0x3, 0x5, 0x6, 0x3, 0x1, {0x0, 0x9, 0x20ff, 0x5, 0x89, 0xd615, 0x9, 0x7fffffff, 0xfffffffe, 0x8000, 0x0, 0x0, 0x0, 0x3ff, 0x1}}, {0x0, 0x13}}}, 0xa0)
sendfile(r5, r5, &(0x7f0000000080), 0x7f03)
r6 = open(&(0x7f0000000180)='./bus\x00', 0x189a7c, 0x113)
r7 = socket$kcm(0x10, 0x400000002, 0x0)
write$cgroup_subtree(r7, &(0x7f00000003c0)=ANY=[@ANYBLOB="0007000042009103"], 0xfe33)
recvmsg(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000004700)=""/4083, 0xff3}, {&(0x7f0000003700)=""/4074, 0xfea}, {0x0}, {&(0x7f00000001c0)=""/189, 0xbd}, {&(0x7f0000000280)=""/164, 0xa4}], 0x5}, 0x120)
r8 = open(&(0x7f0000000040)='./bus\x00', 0x4e142, 0x0)
pwritev2(r8, &(0x7f0000000680)=[{&(0x7f0000000200)="05", 0x6a000}], 0x1, 0x6000000, 0x0, 0x0)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x37fffee, 0x4002011, r6, 0x40000000)
sendmsg$DEVLINK_CMD_RATE_GET(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000440)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01070bbd7000ffffffff410000000e0001006e65746a65c303696d000000070002006e657464657673696d300000", @ANYRES64, @ANYRES8=r3, @ANYBLOB="00dbfb044e9f0c226b03da2188ac86af2ea50163cb6503e201f75498ed8fa9b44a6b68cb7a5ec49ef13b09a8a1688d222f7c47297777d754ba3c8975bd3b506f2ed607de0f4022624191f5dc1cb0e661d590b5058f5de9d022d82271a2c0b9f9fa8855d3d1c1ea5b4c0e82eb5f34b32b13fe83b61a959777b4db32bda066844f171d", @ANYRES64=r0], 0x34}}, 0x0)

3.900175284s ago: executing program 3 (id=511):
io_uring_setup(0x1b24, 0x0)
write$binfmt_script(0xffffffffffffffff, 0x0, 0x0)
getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000080)={{{@in6=@private0, @in6=@empty}}, {{@in6=@ipv4={""/10, ""/2, @private}}, 0x0, @in6=@local}}, &(0x7f0000000180)=0xe4)
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r0, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4)
socket$nl_route(0x10, 0x3, 0x0)
socket$can_raw(0x1d, 0x3, 0x1)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={<r1=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000300)=@abs, 0x6e)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/uts\x00')
io_setup(0x2, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x1, &(0x7f0000006680))
setsockopt$inet6_tcp_int(r2, 0x6, 0x3, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r2, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c)
r3 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r3, &(0x7f0000000100)={0x3, 0x0, &(0x7f0000000000)={&(0x7f0000000240)={0x2, 0x2, 0x0, 0x2, 0xb, 0x0, 0x0, 0x0, [@sadb_key={0x1, 0x8, 0x20}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x5, 0x0, 0xa0000000}, @sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xff}}}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @empty}}]}, 0x58}, 0x1, 0x7}, 0x0)
setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2000006, 0x46032, 0xffffffffffffffff, 0x0)
setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000540)=@gcm_128={{0x303}, "ffffffffffffffe2", "8e083700daf38a6d69e9b5e9c2f133d7", "6a3a05b9", "12772541f8eb02bb"}, 0x28)
shutdown(r2, 0x1)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='freezer.state\x00', 0x275a, 0x0)
write$cgroup_int(r4, &(0x7f0000000000), 0xffffff6a)
sendfile(r2, r4, 0x0, 0xffffffff004)
r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000480)=[{0x6, 0x0, 0x0, 0x4}]})
syz_clone(0x23802400, 0x0, 0x0, 0x0, 0x0, 0x0)
close_range(r5, 0xffffffffffffffff, 0x0)
socket$inet6(0xa, 0x4, 0x4)

3.569225705s ago: executing program 0 (id=514):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
read$FUSE(0xffffffffffffffff, &(0x7f0000009780)={0x2020}, 0x2020)
r3 = syz_open_procfs(0x0, &(0x7f0000000700)='mounts\x00')
read$FUSE(r3, &(0x7f0000000980)={0x2020}, 0x2020)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
timer_create(0x0, 0x0, 0x0)
sendmsg$NFQNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x13)
bind$netlink(r5, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
r6 = socket$netlink(0x10, 0x3, 0x10)
r7 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r7, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r7, 0x1, 0x8, &(0x7f0000000000)=0x80, 0x4)
mmap(&(0x7f0000175000/0x2000)=nil, 0x2000, 0x3000009, 0x110, r4, 0xa64ef000)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r7, 0x10e, 0x4, &(0x7f0000000180)=0x800, 0x4)
r8 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RATE_NEW(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000300)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="010000000000fbdbdf25250000000e0001006e657464657673696d0000000f0002006e657464657673696d300000"], 0x34}, 0x1, 0x0, 0x0, 0x41}, 0x0)

3.330122642s ago: executing program 1 (id=516):
lstat(&(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, <r0=>0x0})
getgroups(0x1, &(0x7f0000000180)=[r0])
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x20800000000, 0xb, &(0x7f0000006680))
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x101100, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_MEMORY_ATTRIBUTES(r2, 0x4020aed2, &(0x7f0000000040)={0x1, 0x15000})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
r3 = syz_open_dev$cec(&(0x7f0000000240), 0x0, 0x2182)
ioctl$CEC_RECEIVE(r3, 0xc0386106, &(0x7f0000000180)={0xfffffffffffffffe, 0x4, 0x1, 0xfffffffd, 0x0, 0x9, '&\x00', 0x0, 0x0, 0x4a, 0x0, 0x0, 0x7, 0xe})
timer_create(0x0, &(0x7f0000000200)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000280)=<r4=>0x0)
fcntl$lock(0xffffffffffffffff, 0x26, &(0x7f0000000040)={0x0, 0x0, 0x62d3, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r4, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0xd3283d0368e269b3, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
set_mempolicy(0x4005, &(0x7f0000000080)=0x4, 0x8)

3.278941677s ago: executing program 2 (id=517):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000280)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x23, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000000002)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './cgroup\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000e00)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000000)={0x40000000, 0x0, 0x0}, 0x0)
bind$inet(r3, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16)
connect$inet(r3, &(0x7f0000000480)={0x2, 0x4, @multicast2}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f00000002c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000}}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10)
setsockopt$inet_IP_XFRM_POLICY(r3, 0x0, 0x11, &(0x7f00000002c0)={{{@in6=@mcast2, @in6=@private2, 0x0, 0x0, 0x4e21, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0x6, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x100000000000}, {}, 0x0, 0x0, 0x1, 0x0, 0x3}, {{@in6=@mcast2, 0x0, 0x33}, 0x0, @in=@loopback, 0x0, 0x0, 0x0, 0xb7, 0xfffffffe}}, 0xe8)
sendmmsg(r3, &(0x7f0000007fc0), 0x800001d, 0xf000)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000240)={0x0, &(0x7f0000000200)})
pipe2(&(0x7f00000003c0), 0x84880)
syz_init_net_socket$llc(0x1a, 0x801, 0x0)
r5 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x401)
ioctl$BLKTRACESETUP(r5, 0xc0481273, &(0x7f0000000b40)={'\x00', 0x8, 0x530, 0xc, 0x9, 0x59c})

2.582179137s ago: executing program 3 (id=518):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$SO_TIMESTAMP(r0, 0x1, 0x40, &(0x7f0000000080)=0x7, 0x4)
bind$inet(r0, 0x0, 0x0)
r1 = syz_pidfd_open(0x0, 0x0)
ioctl$EXT4_IOC_MIGRATE(r1, 0xff04)
io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, &(0x7f00000002c0), 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x17, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x3)
openat$dlm_control(0xffffff9c, &(0x7f0000000540), 0x40800, 0x0)
r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
close_range(r2, 0xffffffffffffffff, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
mount(0x0, 0x0, &(0x7f0000000080)='proc\x00', 0x10810, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f000001aa40)=""/102400, 0x19000)
ioctl$SIOCAX25ADDUID(0xffffffffffffffff, 0x89e1, 0x0)
r4 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r4}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r5 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r5, &(0x7f0000003000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
listen(r5, 0x0)
accept4$unix(r5, 0x0, 0x0, 0x80000)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0xe, 0x16, &(0x7f0000002540)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_skb=0x1000000}, 0x94)
r6 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_tx_ring(r6, 0x107, 0xd, &(0x7f0000000040)=@req3={0x410000, 0x100000001, 0x210000, 0x1, 0xa, 0x401}, 0x1c)

2.400071939s ago: executing program 0 (id=519):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x14, 0x30, 0x1}, 0x14}, 0x1, 0x0, 0x0, 0x804}, 0x4004000)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x10000000000002)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$netlink(0x10, 0x3, 0x15)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000080000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x17, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94)
r4 = socket$igmp(0x2, 0x3, 0x2)
getsockopt$EBT_SO_GET_INFO(r4, 0x0, 0x80, &(0x7f00000003c0)={'broute\x00', 0x0, 0x0, 0x0, [0x61, 0x10000, 0x9c9, 0xf, 0x4, 0x3]}, &(0x7f00000001c0)=0x50)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$HIDIOCGRAWPHYS(0xffffffffffffffff, 0x80404805, &(0x7f0000000340))
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000540)={r3, 0x0, 0x25, 0x5, @val=@netfilter={0xa, 0x0, 0xd}}, 0x20)
r5 = syz_open_dev$usbfs(&(0x7f0000000480), 0x76, 0x160341)
ioctl$USBDEVFS_IOCTL(r5, 0xc0105512, &(0x7f0000000200))
setsockopt$ARPT_SO_SET_REPLACE(r4, 0x0, 0x60, &(0x7f00000008c0)={'filter\x00', 0x7, 0x4, 0x404, 0x0, 0x218, 0x10c, 0x324, 0x324, 0x324, 0x4, &(0x7f0000000280), {[{{@arp={@initdev={0xac, 0x1e, 0x1, 0x0}, @multicast2, 0xff000330, 0xffffffff, 0x4, 0x0, {@mac, {[0xff, 0x0, 0x0, 0x0, 0xff]}}, {@mac=@local, {[0xff, 0x0, 0xff, 0xff, 0xff, 0xff]}}, 0xfff2, 0x101, 0x79, 0x1, 0x7ff, 0x8, '\x00', 'vcan0\x00', {0xff}, {0xff}, 0x0, 0x4}, 0xbc, 0x10c}, @mangle={0x50, 'mangle\x00', 0x0, {@mac=@link_local, @mac=@local, @local, @initdev={0xac, 0x1e, 0x1, 0x0}, 0x8, 0x1}}}, {{@uncond, 0xbc, 0x10c}, @mangle={0x50, 'mangle\x00', 0x0, {@mac=@random="07aebe92cc85", @empty, @loopback, @broadcast, 0x8}}}, {{@uncond, 0xbc, 0x10c}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @empty, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1, 0x1, 0x1}}}], {{'\x00', 0xbc, 0xe0}, {0x24}}}}, 0x450)
mkdir(&(0x7f00000003c0)='./file0\x00', 0x0)
set_mempolicy(0x3, &(0x7f0000000040)=0x401, 0x8)
read$FUSE(0xffffffffffffffff, &(0x7f0000002440)={0x2020}, 0x2020)
r6 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/wakeup_count', 0x22001, 0x101)
write$FUSE_NOTIFY_DELETE(r6, &(0x7f0000000140)=ANY=[@ANYBLOB="3000000006000000000000000000000001620000000000000000000000000000070000000000000027403a835e5d27"], 0x30)

2.28178086s ago: executing program 2 (id=520):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x40000)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000380)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x44, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffc}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x14}]}, @NFT_MSG_NEWSETELEM={0x4c, 0xc, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x6}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x20, 0x3, 0x0, 0x1, [{0x1c, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0xc, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0x6, 0x1, "d103"}]}, @NFTA_SET_ELEM_TIMEOUT={0xc, 0x4, 0x1, 0x0, 0x8000}]}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0xb8}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)

2.050044359s ago: executing program 2 (id=521):
r0 = openat$dsp1(0xffffffffffffff9c, &(0x7f00000000c0), 0x109801, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000080)=0x74000000)
r1 = syz_usbip_server_init(0x5)
read(r1, &(0x7f000000b1c0)=""/51, 0x33)
openat$kvm(0xffffff9c, &(0x7f0000000200), 0x6000, 0x0)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000680)=@newsa={0x13c, 0x1a, 0x713, 0x0, 0x25dfdbfc, {{@in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x0, 0xfffc, 0x4e21, 0x18, 0x2, 0x0, 0x20, 0x3b, 0x0, 0xee00}, {@in6=@private1, 0xfe, 0x32}, @in6=@dev={0xfe, 0x80, '\x00', 0x1b}, {0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x543}, {0x4, 0x7fffffffffffffff}, {0xfffffffc}, 0x70bd28, 0x3500, 0xa, 0x4}, [@algo_aead={0x4c, 0x12, {{'rfc4106(gcm(aes))\x00'}, 0x0, 0x60}}]}, 0x13c}, 0x1, 0x0, 0x0, 0x880}, 0x0)
r3 = syz_open_dev$radio(&(0x7f0000000040), 0x2, 0x2)
ioctl$VIDIOC_S_HW_FREQ_SEEK(r3, 0x40305652, &(0x7f00000000c0)={0x0, 0x1, 0x80, 0x0, 0x0, 0x2080, 0x65f40})
write$dsp(r0, &(0x7f0000002000)='`', 0x88020)
socket$inet_tcp(0x2, 0x1, 0x0)
sendto$packet(0xffffffffffffffff, &(0x7f0000000240)="cfb2c9", 0x3, 0x8000080, 0x0, 0x0)
r4 = socket$l2tp(0x2, 0x2, 0x73)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x401c2, 0x0)
ftruncate(r5, 0x8800000)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={<r6=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f00000002c0)={'veth1_vlan\x00'})
sendfile(r6, r5, 0x0, 0x578410eb)
getsockopt$inet_IP_IPSEC_POLICY(r5, 0x0, 0x10, &(0x7f0000000100)={{{@in6=@private1, @in6=@empty}}, {{@in=@multicast1}, 0x0, @in6}}, &(0x7f0000000280)=0xe4)

1.56031792s ago: executing program 3 (id=522):
r0 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000480)={'vcan0\x00', <r1=>0x0})
bind$can_j1939(r0, &(0x7f0000000100)={0x1d, r1, 0x0, {0x1, 0x1, 0x4}, 0x1}, 0x18)
setsockopt$sock_int(r0, 0x1, 0x6, &(0x7f0000000040)=0x1, 0x4)
sendto(r0, &(0x7f00000000c0)="f3c4d37be370634c4f", 0x9, 0x10, 0x0, 0x0)
readv(r0, &(0x7f00000009c0)=[{&(0x7f0000000780)=""/138, 0x8a}], 0x1)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000080)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e642c6163638173733d616e792c63616368653d667363616368652c76657273696f6e3d3970323030302e75"])
chdir(&(0x7f0000000100)='./file0\x00')
r2 = openat(0xffffffffffffff9c, &(0x7f0000000440)='./bus\x00', 0x1c1840, 0x92)
openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000e80)='./bus\x00', 0x1c1002, 0x0)
sendfile(r3, r2, 0x0, 0x40001)

1.474259684s ago: executing program 1 (id=523):
r0 = socket$inet6(0xa, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x300, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x2c25, 0x7, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x800}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x87}, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
futex(&(0x7f000000cffc), 0x0, 0x0, 0x0, 0x0, 0x0)
futex(&(0x7f000000cffc), 0x0, 0x2, 0x0, 0x0, 0x0)
futex(&(0x7f000000cffc), 0x3, 0x801, 0x0, &(0x7f0000000040), 0xfffffffc)
setrlimit(0x4, &(0x7f0000000180)={0x401, 0xffffff47})
sendmmsg$inet6(r0, &(0x7f00000002c0)=[{{&(0x7f0000000100)={0xa, 0x4e20, 0x0, @private2={0xfc, 0x2, '\x00', 0x1}}, 0x1c, 0x0}}, {{&(0x7f0000000000)={0xa, 0x4e23, 0x16f, @ipv4={'\x00', '\xff\xff', @private=0xa010100}, 0x5373}, 0x1c, 0x0, 0x0, &(0x7f0000000c40)=ANY=[@ANYBLOB="840200002900000032000000044d00000000000000010006922170d4d02860ce308f29f8f592eaa1e92946"], 0x284}}], 0x2, 0x4800)

1.320195741s ago: executing program 1 (id=524):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x6, 0x2}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x5}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x10010, r0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f0000000000), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x8002, 0x0)
chdir(&(0x7f0000000300)='./file0\x00')
rename(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='./file1\x00')
mkdir(&(0x7f00000002c0)='./file0\x00', 0x408)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
gettid()
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x54)
mount$overlay(0x0, &(0x7f00000001c0)='./file1\x00', &(0x7f0000000340), 0x0, &(0x7f0000000180)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000003c0)=@newlink={0x34, 0x10, 0x437, 0x100000, 0xffffffff, {0x0, 0x0, 0x0, 0x0, 0x1040, 0x40989}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @xfrm={{0x9}, {0x4}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x80}, 0x80)
creat(&(0x7f0000000100)='./bus\x00', 0x0)
r4 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r4, &(0x7f0000000140)={0x0, 0x2, &(0x7f0000000100)=[{&(0x7f0000000180)="5c00000013006bcd9e3fe3dc4e48aa31086b8703410000004000000000000000040014000d000a00100000009ee517d34460bc08eab556a705251e6182949a3651f60a84c9f5d1938837e786a6d0bdd7fcf50e4509c5bb5a00f69853", 0x5c}], 0x1, 0x0, 0x0, 0x1f000801}, 0x0)

1.187639094s ago: executing program 1 (id=525):
syz_io_uring_setup(0x49f, &(0x7f0000000400)={0x0, 0xe7a8, 0x2, 0x7ffe, 0x40024e}, &(0x7f0000000340), &(0x7f0000000040))
socket$netlink(0x10, 0x3, 0x2)
bpf$OBJ_GET_PROG(0x7, &(0x7f0000000080)=@generic={&(0x7f0000000000)='./file0\x00', 0x0, 0x20}, 0x14)

1.130056948s ago: executing program 0 (id=526):
r0 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000480)={'vcan0\x00', <r1=>0x0})
bind$can_j1939(r0, &(0x7f0000000100)={0x1d, r1, 0x0, {0x1, 0x1, 0x4}, 0x1}, 0x18)
setsockopt$sock_int(r0, 0x1, 0x6, &(0x7f0000000040)=0x1, 0x4)
sendto(r0, &(0x7f00000000c0)="f3c4d37be370634c4f", 0x9, 0x10, 0x0, 0x0)
readv(r0, &(0x7f00000009c0)=[{&(0x7f0000000780)=""/138, 0x8a}], 0x1)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x3f)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000080)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e642c6163638173733d616e792c63616368653d667363616368652c76657273696f6e3d3970323030302e75"])
chdir(&(0x7f0000000100)='./file0\x00')
openat$dsp(0xffffffffffffff9c, &(0x7f0000000140), 0x101480, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000440)='./bus\x00', 0x1c1840, 0x92)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x0, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000e80)='./bus\x00', 0x1c1002, 0x0)
write(r4, &(0x7f00000001c0)="f1", 0x1)
sendfile(r4, r2, 0x0, 0x40001)
sendfile(r4, r3, 0x0, 0x7ffff000)

1.129679377s ago: executing program 1 (id=527):
r0 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000480)={'vcan0\x00', <r1=>0x0})
bind$can_j1939(r0, &(0x7f0000000100)={0x1d, r1, 0x0, {0x1, 0x1, 0x4}, 0x1}, 0x18)
setsockopt$sock_int(r0, 0x1, 0x6, &(0x7f0000000040)=0x1, 0x4)
sendto(r0, &(0x7f00000000c0)="f3c4d37be370634c4f", 0x9, 0x10, 0x0, 0x0)
readv(r0, &(0x7f00000009c0)=[{&(0x7f0000000780)=""/138, 0x8a}], 0x1)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000080)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e642c6163638173733d616e792c63616368653d667363616368652c76657273696f6e3d3970323030302e75"])
chdir(&(0x7f0000000100)='./file0\x00')
openat$dsp(0xffffffffffffff9c, &(0x7f0000000140), 0x101480, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000440)='./bus\x00', 0x1c1840, 0x92)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x0, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000e80)='./bus\x00', 0x1c1002, 0x0)
write(r4, &(0x7f00000001c0)="f1", 0x1)
sendfile(r4, r2, 0x0, 0x40001)
sendfile(r4, r3, 0x0, 0x7ffff000)

711.807287ms ago: executing program 3 (id=528):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) (async)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xf, 0x31, 0xffffffffffffffff, 0x34345000)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(0xffffffffffffffff, 0xc01064c2, &(0x7f00000001c0)={<r0=>0x0})
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(0xffffffffffffffff, 0xc01064c2, &(0x7f0000000280)={<r1=>0x0})
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(0xffffffffffffffff, 0xc01064c2, &(0x7f00000002c0)={<r2=>0x0})
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(0xffffffffffffffff, 0xc01064c2, &(0x7f0000000300)={<r3=>0x0})
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(0xffffffffffffffff, 0xc01064c2, &(0x7f0000000340)) (async)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(0xffffffffffffffff, 0xc01064c2, &(0x7f0000000340)={<r4=>0x0})
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(0xffffffffffffffff, 0xc00864bf, &(0x7f0000000380)={<r5=>0x0})
ioctl$DRM_IOCTL_SYNCOBJ_RESET(0xffffffffffffffff, 0xc01064c4, &(0x7f0000000400)={&(0x7f00000003c0)=[0x0, r0, r1, 0x0, r2, r3, r4, r5], 0x8}) (async)
ioctl$DRM_IOCTL_SYNCOBJ_RESET(0xffffffffffffffff, 0xc01064c4, &(0x7f0000000400)={&(0x7f00000003c0)=[0x0, r0, r1, 0x0, r2, r3, r4, r5], 0x8})
socket$vsock_stream(0x28, 0x1, 0x0)
remap_file_pages(&(0x7f00006ca000/0x4000)=nil, 0x4000, 0x0, 0x3ff, 0x100) (async)
remap_file_pages(&(0x7f00006ca000/0x4000)=nil, 0x4000, 0x0, 0x3ff, 0x100)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x6, 0x8, &(0x7f0000006680))
setpgid(0x0, 0x0)
r6 = syz_clone(0x41800080, &(0x7f0000000040)="4544fbc8d2cd9aaf6c3e89688a5da1aa6d6261a2c7ed8804633423a522882a1f25e9a82296fbab96be64e2c25b271784a2dc8b18d013061ef0a52adb24149c45a8b4e354fbca27b984838413ed5babaf044962135a667cfdfe8acd005aaa79fe196c99677a3030e4d03e0b5d", 0x6c, &(0x7f00000000c0), &(0x7f0000000140), &(0x7f0000000200)="1c03d252dc980a23dd568e21860565e6397ff3cd67920357a7be65d78fe47d9b4e9dd45926c2ba1678dfec6a9a7df4fb6efd8f9facb76ae58a3a035987d7d03db50bd5180ccc96263975159d8aeedb733eb644c1590a9b8f5392f7ae72475fa1e0053bebe793835a")
openat$cdrom(0xffffff9c, &(0x7f0000000180), 0x40000, 0x0)
syz_pidfd_open(r6, 0x0) (async)
syz_pidfd_open(r6, 0x0)

480.352487ms ago: executing program 3 (id=529):
r0 = userfaultfd(0x80001)
r1 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0301, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r1, 0xc004500a, &(0x7f0000001340))
ioctl$SNDCTL_DSP_CHANNELS(r1, 0xc0045006, &(0x7f0000000180)=0x6f)
r2 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
read$dsp(r2, &(0x7f00000002c0)=""/4096, 0x1000)
write$dsp(r1, &(0x7f00000012c0)="a52876830a602214f6b4e928d758f38a5a7cb4b31c4c09289e9ebb6286784ca3", 0x4000)
r3 = openat$cgroup_ro(r0, &(0x7f0000000840)='io.stat\x00', 0x275a, 0x0)
write$binfmt_script(r3, &(0x7f0000000040), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r3, 0x0)
openat$vmci(0xffffff9c, 0x0, 0x2, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
ftruncate(r3, 0x5)
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs2/binder1\x00', 0x2, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000001300), 0x240c02, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080))
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs={0x1}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000240)=[{{&(0x7f00000001c0)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f00000017c0)=[{&(0x7f0000001380)="2d4c319afc6e3f7df52e4e0fca31ef232f4f1991f6fc303b4d96a62bd9b55ed80465967bcd00e90dffa56fe5f2aebfd78088085802df8258bd1f7825067915ef9486411ebab526", 0x47}, {&(0x7f0000001400)="3ef7acc70c487cd1af46c90a203a34c4a1c1888cefc22c7eb8c3a19df1d16ed443dea3c05af00a3659d75f74abc23bb94df183f81eb858efabcb3939e89f3c38dcc20821ae4b608523a6588ffab716ab85aaa71c7780e8a76d5b8fb755f8923d8152fbc854e5662fbf3603632d0fa2fc6f41d81b0c36e7893525eaa198f3d48b45959262c8cf2c91b8badb558d180b888e8bc876d713f983d83c618491dd972d5305013037909d96427d2af386864137f62b4cd8339c8b8c43", 0xb9}, {&(0x7f00000014c0)="50556a99fe2b90ea167be17753fc69dd6596fa1ec342eca6351d3b997a2bc6f3d51b694b8331f2ad53cfc7d6bcf61e18fbc9d1674635ff60969f916f8e8b62baa9d7b3c728a95ffd1047499154189412c46b403255e0bc72f237f8cb9697c4788e8f9ae27b9088e1805b06e971e83249ae95ccb58e745335d41526e49fd85199935c2f9091ae7ffedf7687594ac9bafb6af014e89aa920cb9c6f201e8a14b4ce5d5dd8b0f7af9046840813d81856a30d0d230f0e087af814ccf0", 0xba}, {&(0x7f0000001880)="c9512c188dc7d03bc08407221b3b4f57652e49023464f4aec6d89716dd3657384ffa2eb26e1ef11f66d0f77bbd0c1f316ddbf59b2b3ad90d7b5102fe99e58147791a2de44e42f0f424c80792655067c02f3fabd89f871dd2ec5cf6c30edb46da0b3673ac13185efcb0be4eb62e4114ccc695dd1169f7582af8d0554a4d75f3e71382dfe8a1ccc3d795114532d7a1a72fe37f319afeb16a3a5a3051443d937b2b5087d48fba9a8e422012ac962286125d8d94f4b3db25410e5445e7b985c19c653ee91c56ad3a3c9a8122130c549d2f3da1b7d3f2507ca7b6972894ed73fdc878047fe01e55a953df47712c141840d064541ed50891227a71803c7f09b087cb9bb9f394df7bf853ecab3b5305d727ab6c3f3dfcee534614c2bfb9a2c07b0ae61a919e17e93f6d41b7b6e786e2766359fd91def5e5c919a39bc682487864657a7bc02431ed2d69bb2c0943a5e765c8a5b84bdd473c874bb131cc40d43d79ef858cabd0d89fad2acdb3644e25c5efa09400b660c38bb89ba7e9c4269562b0b21a502e4b27baa9974b5d2b2807e6e8e3b7701207086529d9c2ee236d45e2be63e4959d9ed0860598af95cb4446cc26b4e777952eed6a8ad85ed02fc747c9d2bb013d23806a0f1c27a972000299b6805c7d938357e5e52814807199e2b8b39dc42cbba05b60aba617a550159538dc370551e10d17434c5f88ff339cba63640ce4d66828ccac64a2739d0bfa61bddb0f9af9b4ce03a229ab3186c740e010682cbcc683bdd9d0591de4d8c341bd981947d454b0d48c0907fd2707ebd88183f50394ee6db25f3c53bd7911532b0d07518c3c7dd01ece3255fd3c7136251d109638faa96e0977f6d503578672b6d462f079c846eabbf5d20d04a2d8938bfb6503fc47d9e3fbe41332a9a9bb0dbabca2536ecfe3882b23e652f583a5c6ae2e27a1cc692b318a3feb57a81acee7b72b00aa32252413d449776f0e226a9cf2c20855a86c8ff2ad08da0182e8d40e8f7d7d760be687c7d30192d4067551a142564de62c73449116633f87b1eceb1683df148f5444f4103bd1f55f5c1052ff8166d97570b231a169e1a6fee7edcb1f46485085eb1e4264fc1c808889e482f251e11a439cabff389eea5a4f64e7cb08ea53ec65055cf9683b90cb21d5c59a6fecd6ab0c16104d592fb4ab5eb150074f5d05969c36d3f9428c8768cd7538eb918fab16b7d857d836c4b3adad4d50281c727822e8bde366e8ac06664a1b1819452b5994ddfb60e3d789d2de127a46598f7a12dedb6655456ac2f1c9dc4c4d448290033506b9e94ba4ad5d1013bbb0afae0a54158d6a7122760fd27b72a25a4c9a278c687a99b7b2cfe3ade9259adbd5cfeb1788f7f53d6c45537194929d2ad2993425df2d282637b512fabc3c6b52d27dca493d36cae4e356981ec9686074db0f84c8c1d3f339d992ae0b58fbf70ba61e44c733ff2a5829c6d0574b31d645befae68d122341ec5c65e4662c9daf325683f5ea989b9f1a3f838f83d08263e55965eaa2068a2a321799c39b3b72397a16b00524b3e21167f15a7073010ae7b084a309c169a2800d3c210f39eb0a411243e5f34d872552d10ca73966dd59ded41768fc83e14fa5846623c17d5f842ef3dc5b03c372dbb25010b76492dadb3982313210fe07e17054c3f7c9fe4487555da06f8f9754c14336b96972dfb20d502ce7d5cb1bea4e8713e02cee05a77fca29cc026e897de243e0a26ec5b6baedc7736f61cb501a843fce20672966a33d3b58378d56d7784efd0bae63d9f84cb1bf111881abf1eb0a9ff6166e95837671832f5b923a8472f3f9174daedb267b661e62a899e04c1cdc6bba4ad7cfaa58ce1aab534d7763041e0ac8b32f67773a331201d498d943d1c40fe3ab55e6ce0a826e4ffbdc45ff325bcf1e42536bb9fb97838c7a9717de9a239442095b3c1772e8f8b2cfcbec5a4754c1c271383d8fc175efc30494c70e9023d15109aa9294b64141aadc01bce9e8e7ab9eeca1b48d9e3549c963c831aecf88ecffaa406c0ff18b2c40d18f37a79a3eb56996507e32ccb9bf41ef2f1ba54f2d191c6d7e1d1f8c005e7848594dee03a831edfb8c32554fc397e36ff75b0367784226b82b41a3c934332102e973a92c81da8439e358f342f08a80dac8918cdd313748b05bc0e90c08626fbf22d5c17f557bc26c254011f618cbcfc9831ea3fe0cabace7315bc44b1542f33193b168441219d8009e49633df5f9ed45887257912c44417ec52a24b4a685e47f9ee217799ca9f3394474af376bf64a5f7fa406d22695a9b0f05ec3b4f3a32aaabf5e4adec57bbe09d9b28749492db7adb659fe7e88401d28569f6a2c71a84546fa7f60a9303e10d4982d631619269a10c7a4c2731219c338b03defffd7b05f7969ede590e1f0dd5a1bb36d1ad93cb1e4db50a0491b4bf28ba5896a3d0dcb0227e27da2cba1ff25c4a7e5fa786bd575e145dd2f3ea82d9811bd0992d97eb7733f72bbcedf19c953dd1cbe1b7e03b7655313e87b8b9dd59d7c03e29c7a984d2bf06a5fe64d2068f1b2223b73f75c354a458b3dc00f06685bee5b2ae890c14298d1380d9b8541ed4d1aace816b21288b155fde4ccec83e13a402a04eda1794e307b9c5feba58e38f3a457be77d674b79d652a90cd211992bf61cfc8ea21ba9a52dc990417facc3ee3578c17d92ad3554bc38b0c7b264a7fc695d8840a5664f58104241a5d1c8851f34c90ced99d3e737cde203d5125b813ea66ba6738e58569227655c6d71e42315b16a46a398782642bf6914787082523fa3896332555128c0b7cd03698f40adebd2ac9344bdf2cd1d097eef00dc69cf209d0563b9b3bb916b1779d2ec516e947193ac54aa7c722481b3c71208b57cb1973934a2cb0a7ab4489f48aba83b941076bedfa35af5639d93d5b0b0faf13673cd570cf42c87355d47da4927a416941f464e820b07aab28a5b18f2d3b7414c868a5795b4fb14be5338a9bc8a7104dc6081a1d991d46dd2cf928f90c283d1dddd7e84f6541ca7f38e477bf3bec0f239ddbffe4a2e0bf03ed8963d6fb3d0324a5782514b35162ee6cc687df75f3518e40228064df3cc2004f513a0a777cab8961c9cfb977b582802322f21bc037b6edceab4d2eda6a9ea3dbcfc8a21a5b99fdb4ebe14c74671e2c2aad0eea55db264c84e32cd4ea1e7c6e83ca39c2d5cfb42034270713ca3361bd877117ca164e9a3d05adc7a1feb952b5625326791b60a2d830ac80c978b54a7f7782c1842956b16c47a8748e47b8468ae35d2864452a039f05339211776472bc213c001fd8aedb50128d017d55cabb3349cbb5c381c2b8e996da0622f1b389f8629ce4234bfb1a8edd1b45c23876ceb4024b869e834433ae2264841e003597df2b57ea9358f2765d86cf8a0b8ad83926b4832902fdfcfb168cf9c95b0f8b718045855b9ce396c34511f392d2fdc90374771e1c84c341e0d56f7a63aa69ccdd3c4e80ccd76a63223ac1546e2677ee8bf637c0881dab8e59cf808d0d1cf7c48c593d2eac62a63256653c97436e644e92f18276719af7d00270cc4b790559f575e06305cf5edc32eb3c72287498e1a3d19f30044f380867745351ef138209369fd71f84ca7b3ff37ee4098cc22434b23ccde3a27952cbb05ed68f42e10bc16c0e5916efd9f99bde1f0e7ec25e5b46c3449e8df2d3ef10e57478431b5d57b8f1067549fa4253f246d8a131af14cc6c987aac407dd85544d652e6a751ae90eee81e7af88b3f115807fd75b58e527f53af8bd1b968b2f6a30806dd9a5b3f594d524c8ffb3227bc7c3e653c0af1e1ea0b89369925f61588d858ab8badb66cee22ae14e9a802b9e52cd48fa7dd8a98fcc7b0aa09357779d9ffa780ff12a9a4d368416ec4daaf80c409bbb2f6ab8072b0fdb6c779e2a104a79faa56fcde61abf7bfc63cffb80a56e68e485f42934cb058411bf5c4329e0f46da88bc4c0641e1eb4d6424f4c2231f106fbf5542ff9e1eeeeca8d97ba7e826e5d7d8f132d0ebd8378c52de677af28dce2ef2fde3b9bc17cc293edb91234fb1afc84ffe533686d6288fa780cb0fa5bdea3eab2279260abd5b110aa668c970735eb3941f084eb1798d81b618f22f020101abf5429a8f1bdff548357301d721f0853b5ca603a8479fcae4c56cad0eba888aa47e58186a9cd994240886955ab1f6a87e3528fb161113d29e9582993509196084f3e688a6f378a564f16317342ea03d295f82b20c62a898325f8fd561200ad2cb760507ce9cb52faba168234703b17dc005d13ef075db823b6e360cfe3e3de73e62ef67ef7134a8c0c33ab41dd58f19286f1dcebdf6f719251e574345fe7679aafcc27da1746858dad85a5bb54b41ca9fc98ed6d00cbb15b2780117a9534acd172e3e2dc914593c851e4461deeb8c849f3162ca2e32c170c19f1f3f96f2ae8ee2b38c717caa1eb8cc6046b1cf5fddc551b2fe7469398dc792b1e2c5ed93ecb3523179289411d6ad3fbe84fb95a855cdb20accd2dd7026a162568f89f1b01a8b635a6a24c507a3e58d2864fa9fe1a9997019f69c34c8f391862a7dd0909d04e8ee57d759ab2bdd806b1942c2170e5e5e36d7d98dd95583678e836b5ca3743ff84426d437405fe1fc48be31483d1316addad253a0620ef60282f83064556ec02ebc2542dc30d260e60b72085b0213c7163fe9ee9c1e5c5f5757d5ace3b6d6babbedb716fb5955f2bec9cf288dbabfd776212bfcd4274647d09a489c350b350f4b8651c03a5643bcb9cb7af2e4b8aefbea776d2a1c8f750b1903c21dfd6b34d11acdfe74f616df8b038cb76451dea63988169e0092b25d966c1cf05509d4ef6f4d84a7f5fd138827796f6c2c8aad1478c38c43644a146d4862001e25feee237684bfafed868ff43d50df3ee8b2d9a260e2db62aea0aa9b30338c0df4749f5ccce84493931ca6f224059c2c93464004fcb87c0d60250b25b95e36840b71c5190f0a54797268a9b94bcc9d0184427d93f97b54ea297d7fdf29c6c2b46b3f02c69eba2b33eabe3c3ba31a0b088d8b164c163e63e42059ed43a5fe7c8e0b3d641c744b09267295909601c448baece0115613e31a7069235e02ed241e58a48aadc491a3ec2632cb71dc75f372026be439bcb3cf515890b0af31c5f8280286f022f695394d67d41a8ec31eccdc3e763bd3fa4dfa89ebcd31ec0ef8b022e4faa94f5420e385d91ba2071bb67145774c0a5416ba0e17137ec50acf9ddaf27083d5ddf8e28ff2cb702e5e6eaace81457f03e97aa816b5227a1cb95165ffeffe7e7fa58731429667d32a4bc954fd94d3bec4d37d221d9a4307fc5633b9b6b67ef280da2cb74eeaf536f437e1d2f81cbb80a11a1ae7c214204c4fd9d05aae222c8b76f3971f5dd6be0fef8523c5b6ef26ae0b21ac5f0ed322cf1f8630cd294489d91d281b3405953a3ecb85cbc31117bf50234bc37bab23e2b44cea14fe8f47b3178f54514e580aeea7aa8240fe36e34fa1e29ec4716c753fc695d967dff7eba367c152f9eb6ff49334c0830f18d16a305d8904e90cd5233b03f277ed1a75a289212d118db53bb2a0e72786dfccc17f4b72b56827ca410e81ae43e84fec50b9e2ad574063614060d74dd409c7886954e5543b83d9e359fc1ce800a46a87ad919e43eb37bb9575152a1891fc4454f1b6544f5d25df1047e196fa8688e23570eee9dd93b343cba6c590411a847ead2822e309a09552f044914f3f4b628043d31642b96ec4919ea67202a7db4416213aed0adf6519537afbbf855fba8bb55652c3", 0x1000}, {&(0x7f0000001580)="68ed94a4a1663e7611aa366955d7d0192125d3b013f56049f13e2afa952330163c5bcdcf24954b5d0636e09b91ccf694234ecca342346c278aab06c0ea4e8ea4a83c7e9d9f60fd03d17c81ea0078", 0x4e}, {&(0x7f0000000140)="68384f5415ec2204280d955f76", 0xd}, {&(0x7f0000001600)="783515fc96d0948979b163308e6932832571d0ac1cc345297404eb1a24d51f7afacbb767414d1f1f5e425e5325c6e614f332b298f088fd06cebfb06bdbd57731191330c0d13776c4c23764ec07da17e585b61f61e25b059ff4f576d5b1fd9fb245c29520fd3901a13e537be83af331aa6d52e2ba43564be92258a099a5b9e69977e1e20f027d9eb90d4ec4199645a3e96da754c9ec1f602ca91511396b8984ec4a96106293b0", 0xa6}, {&(0x7f00000016c0)="b3ea2682a86ecc8a0b2fe7a96395aacb60ece84858aa46d973bda649ea972bc43647b515c44b30231de2f071e5242e61e403c71c42e92c43aba3615224f14a4f61f5e7995ab050084b52bf6e8084339ea5c573d9965798416dcd8a92e171eec7392454b099b985212458f8b0e3bba88809f816471ebe84d27e7bbe53c6458528aae73abc0773e4eb6641f62ed62686fe562e02bae618e000632746cdb10b0c1f9f2ae0c964da613eef376cc4c3ae63de38d9ed0d34eca49bc168bf4809e2e56cb674c1476666c77c86d117ce4022508e8e0d5d959233950caeb2ba07185f13", 0xdf}, {&(0x7f0000002880)="85eee03cc07cd1defff802220840bbdf635d817d5f7ee2bc7ee27d1ba5819acc6589c9af64fd9177a75d19388db950a1d303165bb29731d0bf29c3e81358f383d0f1e9edfc371e050ce6944d176e974d896f8489dccfca90e4984c293a4f9cd20ea7815b3da63f6a28c10cafa6a0a225d982e8c29de5acedb9fee5912e6908fb9c44f3b87c6cf280c3eadcd2af18c2ce4785c6d51553f149ee430deaf289239ac40cdb420c5175c1b02a7b50f1", 0xad}], 0x9, 0x0, 0x0, 0x40011}}], 0x1, 0x40)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0xeb91, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x21800, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
keyctl$dh_compute(0x17, &(0x7f0000000340), &(0x7f0000000480)=""/82, 0x52, 0x0)
socket(0x1d, 0x2, 0x6)
pipe(&(0x7f00000002c0))

240.203639ms ago: executing program 0 (id=530):
socket$nl_generic(0x10, 0x3, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x14, 0x30, 0x2}, 0x14}, 0x1, 0x0, 0x0, 0x804}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r2 = socket$packet(0x11, 0x2, 0x300)
r3 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
futex_waitv(&(0x7f0000001080)=[{0x3, &(0x7f0000001040)=0x3, 0x82}], 0x1, 0x0, 0x0, 0x1) (fail_nth: 44)
prctl$PR_MCE_KILL(0x4e, 0x1, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000700)=ANY=[@ANYBLOB, @ANYRES32=r1, @ANYRES32=0x0, @ANYBLOB="cba5c978b87b9e325759e95002f673945259431a06bddd6d046c88edcac7f7c2d2a28a4e1961ce88000794ae1b943c63c71641f9c08d7d"], 0x30}}, 0x0)
recvmmsg(r2, 0x0, 0x0, 0x0, 0x0)
getsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000100)={@dev={0xfe, 0x80, '\x00', 0x39}, 0x0, 0x1, 0x0, 0x4}, 0x0)
r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3)
ioctl$FS_IOC_GETFSLABEL(r5, 0x400452c8, &(0x7f0000000100))

95.085853ms ago: executing program 1 (id=531):
io_uring_setup(0x664, &(0x7f0000000000)={0x0, 0x8dd3, 0x1, 0x42, 0x29d})
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000840), 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000a80)='./file0/file0\x00', 0x300000d, 0x21)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[@ANYRESDEC], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
r2 = syz_open_dev$vim2m(0x0, 0x7, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r2, 0xc0cc5605, &(0x7f0000000100)={0x1, @pix={0x0, 0x0, 0x59455247}})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x8, 0x40010, r0, 0x29987000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
unshare(0x6a040000)
r5 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0)
r6 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00')
fchdir(r6)
mount(0x0, &(0x7f0000000140)='.\x00', &(0x7f0000000080)='proc\x00', 0x189, 0x0)
r7 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000440)='net/stat\x00')
setresuid(0xffffffffffffffff, 0xee00, 0xffffffffffffffff)
cachestat(r7, &(0x7f0000000000)={0x264, 0x1}, 0x0, 0x0)
r8 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
ioctl$SIOCX25GSUBSCRIP(r8, 0x89e0, &(0x7f0000000a80)={'erspan0\x00', 0x0, 0x7fffffff})
write$RDMA_USER_CM_CMD_CREATE_ID(r5, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x6, &(0x7f00000000c0), 0x106}}, 0x20)
r9 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r9, 0x6, 0x13, 0x0, 0x0)

407.645µs ago: executing program 0 (id=532):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = openat$incfs(0xffffffffffffffff, &(0x7f0000000080)='.pending_reads\x00', 0x4400, 0x181)
setsockopt$SO_BINDTODEVICE_wg(r1, 0x1, 0x19, &(0x7f00000000c0)='wg1\x00', 0x4)
sendmsg$nl_generic(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="200000f7ffffff0026bdf000fcdbdf250400000004000f"], 0x20}, 0x1, 0x0, 0x0, 0x4000d}, 0x20000000)

0s ago: executing program 0 (id=533):
pipe(&(0x7f00000000c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$int_in(r0, 0x5452, &(0x7f0000000040)=0x9)
r2 = openat$vicodec0(0xffffff9c, &(0x7f0000000440), 0x2, 0x0)
ioctl$VIDIOC_G_EXT_CTRLS(r2, 0xc0185648, &(0x7f0000000080)={0x980000, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000000c0)={0x98f910, 0x80008002, '\x00', @p_u16=&(0x7f00000010c0)=0xa5b}})
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r4 = openat$cgroup_int(r3, &(0x7f0000000040)='notify_on_release\x00', 0x2, 0x0)
sendfile(r1, r4, 0x0, 0x5)

kernel console output (not intermixed with test programs):

5.439808][   T24] usb 5-1: New USB device found, idVendor=06cd, idProduct=0121, bcdDevice=dd.3d
[   75.442762][   T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   75.448395][   T24] usb 5-1: Product: syz
[   75.450209][   T24] usb 5-1: Manufacturer: syz
[   75.451986][   T24] usb 5-1: SerialNumber: syz
[   75.461521][   T24] usb 5-1: config 0 descriptor??
[   75.516981][ T6247] x_tables: duplicate underflow at hook 1
[   75.952051][   T60] usb usb44-port1: unable to enumerate USB device
[   75.988268][ T6259] netlink: 12 bytes leftover after parsing attributes in process `syz.1.61'.
[   76.078675][ T6259] bridge0: port 4(batadv2) entered blocking state
[   76.084016][ T6259] bridge0: port 4(batadv2) entered disabled state
[   76.087289][ T6259] batadv2: entered allmulticast mode
[   76.091981][ T6259] batadv2: entered promiscuous mode
[   76.175825][ T1415] ieee802154 phy0 wpan0: encryption failed: -22
[   76.178521][ T1415] ieee802154 phy1 wpan1: encryption failed: -22
[   76.466283][ T6261] xt_addrtype: both incoming and outgoing interface limitation cannot be selected
[   76.590858][   T75] batman_adv: batadv2: No IGMP Querier present - multicast optimizations disabled
[   76.594244][   T75] batman_adv: batadv2: No MLD Querier present - multicast optimizations disabled
[   77.013131][   T24] keyspan 5-1:0.133: Keyspan 1 port adapter converter detected
[   77.017536][   T24] keyspan 5-1:0.133: found no endpoint descriptor for endpoint 81
[   77.029710][   T24] keyspan 5-1:0.133: found no endpoint descriptor for endpoint 1
[   77.033156][   T24] keyspan 5-1:0.133: found no endpoint descriptor for endpoint 2
[   77.041991][   T24] usb 5-1: Keyspan 1 port adapter converter now attached to ttyUSB0
[   77.059311][   T24] usb 5-1: USB disconnect, device number 2
[   77.072216][   T24] keyspan_1 ttyUSB0: Keyspan 1 port adapter converter now disconnected from ttyUSB0
[   77.079144][   T24] keyspan 5-1:0.133: device disconnected
[   77.107851][ T6280] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(8)
[   77.111015][ T6280] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[   77.131046][ T6280] vhci_hcd vhci_hcd.0: Device attached
[   77.156561][ T6284] Zero length message leads to an empty skb
[   77.522133][ T6005] usb 40-1: SetAddress Request (2) to port 0
[   77.524974][ T6005] usb 40-1: new SuperSpeed USB device number 2 using vhci_hcd
[   77.589466][ T6290] x_tables: duplicate underflow at hook 1
[   77.594368][ T6290] hub 8-0:1.0: USB hub found
[   77.597143][ T6290] hub 8-0:1.0: 1 port detected
[   77.705323][ T6294] loop2: detected capacity change from 0 to 7
[   77.738756][ T5950] Dev loop2: unable to read RDB block 7
[   77.742518][ T5950]  loop2: AHDI p1 p2 p3
[   77.744508][ T5950] loop2: partition table partially beyond EOD, truncated
[   77.745558][ T6281] vhci_hcd: connection reset by peer
[   77.755303][ T5950] loop2: p1 start 1601398130 is beyond EOD, truncated
[   77.758659][  T173] vhci_hcd vhci_hcd.1: stop threads
[   77.758903][ T5950] loop2: p2 start 1702059890 is beyond EOD, truncated
[   77.761491][  T173] vhci_hcd vhci_hcd.1: release socket
[   77.778414][  T173] vhci_hcd vhci_hcd.1: disconnect device
[   77.785963][ T6294] Dev loop2: unable to read RDB block 7
[   77.788501][ T6294]  loop2: AHDI p1 p2 p3
[   77.790839][ T6294] loop2: partition table partially beyond EOD, truncated
[   77.799734][ T6294] loop2: p1 start 1601398130 is beyond EOD, truncated
[   77.802871][ T6294] loop2: p2 start 1702059890 is beyond EOD, truncated
[   77.932688][ T6299] netlink: 'syz.2.73': attribute type 1 has an invalid length.
[   78.043130][ T6301] netlink: 8 bytes leftover after parsing attributes in process `syz.2.73'.
[   78.634103][ T6307] netlink: 12 bytes leftover after parsing attributes in process `syz.3.74'.
[   78.654469][ T6307] bridge0: port 5(batadv3) entered blocking state
[   78.658940][ T6307] bridge0: port 5(batadv3) entered disabled state
[   78.662525][ T6307] batadv3: entered allmulticast mode
[   78.675008][ T6307] batadv3: entered promiscuous mode
[   78.840127][ T6316] FAULT_INJECTION: forcing a failure.
[   78.840127][ T6316] name fail_futex, interval 1, probability 0, space 0, times 1
[   78.869546][ T6316] CPU: 2 UID: 0 PID: 6316 Comm: syz.2.77 Not tainted syzkaller #0 PREEMPT(full) 
[   78.869573][ T6316] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   78.869583][ T6316] Call Trace:
[   78.869595][ T6316]  <TASK>
[   78.869602][ T6316]  dump_stack_lvl+0x16c/0x1f0
[   78.869632][ T6316]  should_fail_ex+0x512/0x640
[   78.869654][ T6316]  get_futex_key+0x1d0/0x15f0
[   78.869676][ T6316]  ? __pfx_get_futex_key+0x10/0x10
[   78.869695][ T6316]  ? futex_private_hash+0x198/0x470
[   78.869711][ T6316]  ? futex_private_hash+0x324/0x470
[   78.869730][ T6316]  futex_wait_multiple_setup+0x134/0x7d0
[   78.869762][ T6316]  futex_wait_multiple+0xe6/0x480
[   78.869785][ T6316]  ? __pfx_futex_wait_multiple+0x10/0x10
[   78.869806][ T6316]  ? __do_sys_futex_waitv+0x221/0x2c0
[   78.869830][ T6316]  __do_sys_futex_waitv+0x17f/0x2c0
[   78.869849][ T6316]  ? __pfx___do_sys_futex_waitv+0x10/0x10
[   78.869874][ T6316]  ? do_user_addr_fault+0x843/0x1370
[   78.869897][ T6316]  __do_fast_syscall_32+0xe8/0x680
[   78.869924][ T6316]  do_fast_syscall_32+0x32/0x80
[   78.869949][ T6316]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[   78.869969][ T6316] RIP: 0023:0xf702d579
[   78.869983][ T6316] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[   78.869998][ T6316] RSP: 002b:00000000f541d55c EFLAGS: 00000296 ORIG_RAX: 00000000000001c1
[   78.870014][ T6316] RAX: ffffffffffffffda RBX: 0000000080001080 RCX: 0000000000000001
[   78.870024][ T6316] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001
[   78.870032][ T6316] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   78.870041][ T6316] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[   78.870050][ T6316] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   78.870072][ T6316]  </TASK>
[   79.149504][   T98] batman_adv: batadv3: No IGMP Querier present - multicast optimizations disabled
[   79.152786][   T98] batman_adv: batadv3: No MLD Querier present - multicast optimizations disabled
[   79.559834][ T6322] netlink: 12 bytes leftover after parsing attributes in process `syz.2.79'.
[   79.779294][ T6331] netlink: 'syz.0.81': attribute type 1 has an invalid length.
[   79.794558][ T6331] gretap1: entered promiscuous mode
[   80.257734][ T6332] netlink: 32 bytes leftover after parsing attributes in process `syz.0.81'.
[   80.604338][ T6347] FAULT_INJECTION: forcing a failure.
[   80.604338][ T6347] name fail_usercopy, interval 1, probability 0, space 0, times 1
[   80.641529][ T6347] CPU: 0 UID: 0 PID: 6347 Comm: syz.0.88 Not tainted syzkaller #0 PREEMPT(full) 
[   80.641556][ T6347] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   80.641566][ T6347] Call Trace:
[   80.641572][ T6347]  <TASK>
[   80.641579][ T6347]  dump_stack_lvl+0x16c/0x1f0
[   80.641610][ T6347]  should_fail_ex+0x512/0x640
[   80.641633][ T6347]  save_fsave_header+0x14c/0x2f0
[   80.641658][ T6347]  ? __pfx_save_fsave_header+0x10/0x10
[   80.641691][ T6347]  ? copy_fpstate_to_sigframe+0x2c3/0xad0
[   80.641714][ T6347]  ? rcu_is_watching+0x12/0xc0
[   80.641737][ T6347]  ? __local_bh_enable_ip+0xa4/0x120
[   80.641763][ T6347]  copy_fpstate_to_sigframe+0x74f/0xad0
[   80.641910][ T6347]  ? __pfx_copy_fpstate_to_sigframe+0x10/0x10
[   80.641933][ T6347]  ? posixtimer_deliver_signal+0x105/0x6b0
[   80.641960][ T6347]  ? posixtimer_deliver_signal+0x1c7/0x6b0
[   80.641979][ T6347]  ? x86_task_fpu+0x5f/0x90
[   80.642001][ T6347]  get_sigframe+0x4a8/0x9c0
[   80.642027][ T6347]  ? __pfx_get_sigframe+0x10/0x10
[   80.642050][ T6347]  ? _raw_spin_unlock_irq+0x23/0x50
[   80.642072][ T6347]  ? siginfo_layout+0x177/0x290
[   80.642095][ T6347]  ia32_setup_rt_frame+0xe4/0xb30
[   80.642118][ T6347]  ? __pfx_ia32_setup_rt_frame+0x10/0x10
[   80.642133][ T6347]  ? lockdep_hardirqs_on+0x7c/0x110
[   80.642162][ T6347]  arch_do_signal_or_restart+0x475/0x7a0
[   80.642186][ T6347]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[   80.642222][ T6347]  exit_to_user_mode_loop+0x8c/0x540
[   80.642246][ T6347]  __do_fast_syscall_32+0x4a4/0x680
[   80.642273][ T6347]  do_fast_syscall_32+0x32/0x80
[   80.642298][ T6347]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[   80.642319][ T6347] RIP: 0023:0xf6ffd577
[   80.642333][ T6347] Code: 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 <cd> 80 5d 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00
[   80.642355][ T6347] RSP: 002b:00000000f53ed55c EFLAGS: 00000296 ORIG_RAX: 00000000000001c1
[   80.642372][ T6347] RAX: 00000000000001c1 RBX: 0000000080001080 RCX: 0000000000000001
[   80.642383][ T6347] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001
[   80.642392][ T6347] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   80.642401][ T6347] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[   80.642411][ T6347] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   80.642431][ T6347]  </TASK>
[   80.743092][ T6338] program syz.3.85 is using a deprecated SCSI ioctl, please convert it to SG_IO
[   80.828188][ T6353] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(7)
[   80.831422][ T6353] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[   80.835125][ T6353] vhci_hcd vhci_hcd.0: Device attached
[   81.050458][ T6363] capability: warning: `syz.1.90' uses deprecated v2 capabilities in a way that may be insecure
[   81.092883][ T6336] usb 43-1: new low-speed USB device number 2 using vhci_hcd
[   81.267581][ T6365] x_tables: duplicate underflow at hook 1
[   81.378764][ T6370] netlink: 4 bytes leftover after parsing attributes in process `syz.0.91'.
[   81.735392][ T6354] vhci_hcd: connection reset by peer
[   81.746406][ T1141] vhci_hcd vhci_hcd.3: stop threads
[   81.751972][ T1141] vhci_hcd vhci_hcd.3: release socket
[   81.758432][ T1141] vhci_hcd vhci_hcd.3: disconnect device
[   81.930546][ T2298] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[   82.074916][ T6373] netlink: 40 bytes leftover after parsing attributes in process `syz.1.92'.
[   82.117393][ T2298] usb 5-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[   82.122175][ T2298] usb 5-1: config 0 interface 0 has no altsetting 0
[   82.127192][ T2298] usb 5-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[   82.131430][ T2298] usb 5-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[   82.135418][ T2298] usb 5-1: Product: syz
[   82.137500][ T2298] usb 5-1: Manufacturer: syz
[   82.137571][ T6375] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(7)
[   82.142935][ T6375] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[   82.147236][ T2298] usb 5-1: SerialNumber: syz
[   82.147898][ T6375] vhci_hcd vhci_hcd.0: Device attached
[   82.160725][ T2298] usb 5-1: config 0 descriptor??
[   82.162119][ T6376] vhci_hcd: connection closed
[   82.165282][  T173] vhci_hcd vhci_hcd.2: stop threads
[   82.170358][  T173] vhci_hcd vhci_hcd.2: release socket
[   82.172925][  T173] vhci_hcd vhci_hcd.2: disconnect device
[   82.182978][ T2298] usb 5-1: selecting invalid altsetting 0
[   82.569856][ T6005] usb 40-1: device descriptor read/8, error -110
[   82.980398][ T6005] usb usb40-port1: attempt power cycle
[   83.025508][ T6389] FAULT_INJECTION: forcing a failure.
[   83.025508][ T6389] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   83.032792][ T6389] CPU: 0 UID: 0 PID: 6389 Comm: syz.2.98 Not tainted syzkaller #0 PREEMPT(full) 
[   83.032821][ T6389] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   83.032832][ T6389] Call Trace:
[   83.032838][ T6389]  <TASK>
[   83.032845][ T6389]  dump_stack_lvl+0x16c/0x1f0
[   83.033008][ T6389]  should_fail_ex+0x512/0x640
[   83.033032][ T6389]  copy_fpstate_to_sigframe+0x827/0xad0
[   83.033063][ T6389]  ? __pfx_copy_fpstate_to_sigframe+0x10/0x10
[   83.033088][ T6389]  ? posixtimer_deliver_signal+0x105/0x6b0
[   83.033118][ T6389]  ? posixtimer_deliver_signal+0x1c7/0x6b0
[   83.033139][ T6389]  ? x86_task_fpu+0x5f/0x90
[   83.033164][ T6389]  get_sigframe+0x4a8/0x9c0
[   83.033191][ T6389]  ? __pfx_get_sigframe+0x10/0x10
[   83.033217][ T6389]  ? _raw_spin_unlock_irq+0x23/0x50
[   83.033240][ T6389]  ? siginfo_layout+0x177/0x290
[   83.033266][ T6389]  ia32_setup_rt_frame+0xe4/0xb30
[   83.033288][ T6389]  ? __pfx_ia32_setup_rt_frame+0x10/0x10
[   83.033304][ T6389]  ? lockdep_hardirqs_on+0x7c/0x110
[   83.033334][ T6389]  arch_do_signal_or_restart+0x475/0x7a0
[   83.033359][ T6389]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[   83.033397][ T6389]  exit_to_user_mode_loop+0x8c/0x540
[   83.033422][ T6389]  __do_fast_syscall_32+0x4a4/0x680
[   83.033452][ T6389]  do_fast_syscall_32+0x32/0x80
[   83.033500][ T6389]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[   83.033524][ T6389] RIP: 0023:0xf702d577
[   83.033539][ T6389] Code: 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 <cd> 80 5d 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00
[   83.033555][ T6389] RSP: 002b:00000000f541d55c EFLAGS: 00000296 ORIG_RAX: 00000000000001c1
[   83.033572][ T6389] RAX: 00000000000001c1 RBX: 0000000080001080 RCX: 0000000000000001
[   83.033589][ T6389] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001
[   83.033599][ T6389] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   83.033608][ T6389] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[   83.033618][ T6389] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   83.033639][ T6389]  </TASK>
[   83.240709][ T6394] netlink: 4 bytes leftover after parsing attributes in process `syz.2.99'.
[   83.284304][ T6395] x_tables: duplicate underflow at hook 1
[   83.299926][ T6395] hub 8-0:1.0: USB hub found
[   83.302615][ T6395] hub 8-0:1.0: 1 port detected
[   83.550787][ T6005] usb usb40-port1: unable to enumerate USB device
[   83.874921][ T6413] netlink: 40 bytes leftover after parsing attributes in process `syz.3.105'.
[   84.106938][ T6414] x_tables: duplicate underflow at hook 1
[   84.190721][   T60] usb 5-1: USB disconnect, device number 3
[   84.410762][ T6421] FAULT_INJECTION: forcing a failure.
[   84.410762][ T6421] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   84.429446][ T6421] CPU: 0 UID: 0 PID: 6421 Comm: syz.0.107 Not tainted syzkaller #0 PREEMPT(full) 
[   84.429472][ T6421] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   84.429481][ T6421] Call Trace:
[   84.429488][ T6421]  <TASK>
[   84.429510][ T6421]  dump_stack_lvl+0x16c/0x1f0
[   84.429539][ T6421]  should_fail_ex+0x512/0x640
[   84.429562][ T6421]  _copy_to_user+0x32/0xd0
[   84.429582][ T6421]  __copy_siginfo_to_user32+0x96/0xf0
[   84.429608][ T6421]  ? __pfx___copy_siginfo_to_user32+0x10/0x10
[   84.429640][ T6421]  ? _raw_spin_unlock_irq+0x23/0x50
[   84.429663][ T6421]  ? siginfo_layout+0x177/0x290
[   84.429687][ T6421]  ia32_setup_rt_frame+0x6cc/0xb30
[   84.429711][ T6421]  ? __pfx_ia32_setup_rt_frame+0x10/0x10
[   84.429727][ T6421]  ? lockdep_hardirqs_on+0x7c/0x110
[   84.429757][ T6421]  arch_do_signal_or_restart+0x475/0x7a0
[   84.429782][ T6421]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[   84.429818][ T6421]  exit_to_user_mode_loop+0x8c/0x540
[   84.429841][ T6421]  __do_fast_syscall_32+0x4a4/0x680
[   84.429868][ T6421]  do_fast_syscall_32+0x32/0x80
[   84.429893][ T6421]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[   84.429911][ T6421] RIP: 0023:0xf6ffd577
[   84.429920][ T6421] Code: 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 <cd> 80 5d 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00
[   84.429930][ T6421] RSP: 002b:00000000f53ed55c EFLAGS: 00000296 ORIG_RAX: 00000000000001c1
[   84.429942][ T6421] RAX: 00000000000001c1 RBX: 0000000080001080 RCX: 0000000000000001
[   84.429948][ T6421] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001
[   84.429954][ T6421] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   84.429960][ T6421] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[   84.429978][ T6421] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   84.429992][ T6421]  </TASK>
[   84.450860][ T6423] loop2: detected capacity change from 0 to 7
[   84.524701][ T5950] Dev loop2: unable to read RDB block 7
[   84.526684][ T5950]  loop2: AHDI p1 p2 p3
[   84.528205][ T5950] loop2: partition table partially beyond EOD, truncated
[   84.531336][ T5950] loop2: p1 start 1601398130 is beyond EOD, truncated
[   84.533713][ T5950] loop2: p2 start 1702059890 is beyond EOD, truncated
[   84.606329][ T6423] Dev loop2: unable to read RDB block 7
[   84.608250][ T6423]  loop2: AHDI p1 p2 p3
[   84.610766][ T6423] loop2: partition table partially beyond EOD, truncated
[   84.615116][ T6423] loop2: p1 start 1601398130 is beyond EOD, truncated
[   84.617509][ T6423] loop2: p2 start 1702059890 is beyond EOD, truncated
[   85.058864][ T6446] Unsupported ieee802154 address type: 0
[   85.064907][ T6446] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   85.194085][ T6450] FAULT_INJECTION: forcing a failure.
[   85.194085][ T6450] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   85.200525][ T6450] CPU: 1 UID: 0 PID: 6450 Comm: syz.3.117 Not tainted syzkaller #0 PREEMPT(full) 
[   85.200544][ T6450] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   85.200551][ T6450] Call Trace:
[   85.200556][ T6450]  <TASK>
[   85.200561][ T6450]  dump_stack_lvl+0x16c/0x1f0
[   85.200582][ T6450]  should_fail_ex+0x512/0x640
[   85.200597][ T6450]  _copy_from_user+0x2e/0xd0
[   85.200611][ T6450]  ia32_restore_sigcontext+0xc3/0x630
[   85.200624][ T6450]  ? __pfx_ia32_restore_sigcontext+0x10/0x10
[   85.200638][ T6450]  ? rcu_is_watching+0x12/0xc0
[   85.200672][ T6450]  ? _raw_spin_unlock_irq+0x23/0x50
[   85.200688][ T6450]  ? lockdep_hardirqs_on+0x7c/0x110
[   85.200706][ T6450]  __do_compat_sys_rt_sigreturn+0x18c/0x270
[   85.200718][ T6450]  ? __pfx___do_compat_sys_rt_sigreturn+0x10/0x10
[   85.200732][ T6450]  ? rcu_is_watching+0x12/0xc0
[   85.200747][ T6450]  do_int80_emulation+0x104/0x480
[   85.200766][ T6450]  asm_int80_emulation+0x1a/0x20
[   85.200777][ T6450] RIP: 0023:0xf7f445a7
[   85.200786][ T6450] Code: 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 90 58 b8 77 00 00 00 cd 80 90 8d b4 26 00 00 00 00 b8 ad 00 00 00 cd 80 <90> 90 90 90 90 90 90 90 90 55 89 e5 57 8d 3d 2c dc ff ff 56 53 e8
[   85.200796][ T6450] RSP: 002b:00000000f5435940 EFLAGS: 00000286 ORIG_RAX: 00000000000000ad
[   85.200807][ T6450] RAX: ffffffffffffffda RBX: 0000000080001080 RCX: 00000000f54359cc
[   85.200814][ T6450] RDX: 00000000f543594c RSI: 0000000000000000 RDI: 0000000000000001
[   85.200820][ T6450] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   85.200825][ T6450] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   85.200832][ T6450] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   85.200845][ T6450]  </TASK>
[   85.341304][ T6453] netlink: 40 bytes leftover after parsing attributes in process `syz.2.116'.
[   85.381946][ T6456] loop2: detected capacity change from 0 to 7
[   85.386193][ T5950] Dev loop2: unable to read RDB block 7
[   85.388830][ T5950]  loop2: AHDI p1 p2 p3
[   85.391974][ T5950] loop2: partition table partially beyond EOD, truncated
[   85.396945][ T5950] loop2: p1 start 1601398130 is beyond EOD, truncated
[   85.400158][ T5950] loop2: p2 start 1702059890 is beyond EOD, truncated
[   85.410764][ T6456] Dev loop2: unable to read RDB block 7
[   85.413480][ T6456]  loop2: AHDI p1 p2 p3
[   85.415473][ T6456] loop2: partition table partially beyond EOD, truncated
[   85.418786][ T6456] loop2: p1 start 1601398130 is beyond EOD, truncated
[   85.429455][ T6456] loop2: p2 start 1702059890 is beyond EOD, truncated
[   86.149513][ T6465] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(7)
[   86.152506][ T6465] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[   86.159648][ T6470] netlink: 40 bytes leftover after parsing attributes in process `syz.2.130'.
[   86.164906][ T6465] vhci_hcd vhci_hcd.0: Device attached
[   86.185250][ T6458] x_tables: duplicate underflow at hook 1
[   86.229255][ T6468] vhci_hcd: connection closed
[   86.230664][   T75] vhci_hcd vhci_hcd.3: stop threads
[   86.234009][   T75] vhci_hcd vhci_hcd.3: release socket
[   86.235830][   T75] vhci_hcd vhci_hcd.3: disconnect device
[   86.240959][ T6336] vhci_hcd vhci_hcd.3: vhci_device speed not set
[   86.287704][ T6473] netlink: 4 bytes leftover after parsing attributes in process `syz.0.123'.
[   86.293724][ T6473] netlink: 4 bytes leftover after parsing attributes in process `syz.0.123'.
[   86.332133][ T6475] netlink: 4 bytes leftover after parsing attributes in process `syz.0.124'.
[   86.337349][ T6475] netlink: 4 bytes leftover after parsing attributes in process `syz.0.124'.
[   86.411631][    T9] cfg80211: failed to load regulatory.db
[   87.086702][ T6496] loop2: detected capacity change from 0 to 7
[   87.096303][ T6496] Dev loop2: unable to read RDB block 7
[   87.104730][ T6496]  loop2: AHDI p1 p2 p3
[   87.113901][ T6496] loop2: partition table partially beyond EOD, truncated
[   87.123092][ T6496] loop2: p1 start 1601398130 is beyond EOD, truncated
[   87.127509][ T6496] loop2: p2 start 1702059890 is beyond EOD, truncated
[   87.252972][ T6501] FAULT_INJECTION: forcing a failure.
[   87.252972][ T6501] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   87.262326][ T6501] CPU: 0 UID: 0 PID: 6501 Comm: syz.2.132 Not tainted syzkaller #0 PREEMPT(full) 
[   87.262351][ T6501] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   87.262361][ T6501] Call Trace:
[   87.262367][ T6501]  <TASK>
[   87.262375][ T6501]  dump_stack_lvl+0x16c/0x1f0
[   87.262402][ T6501]  should_fail_ex+0x512/0x640
[   87.262423][ T6501]  __fpu_restore_sig+0xfe/0x1370
[   87.262450][ T6501]  ? __lock_acquire+0x436/0x2890
[   87.262466][ T6501]  ? __pfx___fpu_restore_sig+0x10/0x10
[   87.262502][ T6501]  ? __might_fault+0xe3/0x190
[   87.262527][ T6501]  ? __might_fault+0x13b/0x190
[   87.262550][ T6501]  fpu__restore_sig+0x151/0x190
[   87.262577][ T6501]  ia32_restore_sigcontext+0x44a/0x630
[   87.262594][ T6501]  ? __pfx_ia32_restore_sigcontext+0x10/0x10
[   87.262616][ T6501]  ? rcu_is_watching+0x12/0xc0
[   87.262657][ T6501]  ? _raw_spin_unlock_irq+0x23/0x50
[   87.262682][ T6501]  ? lockdep_hardirqs_on+0x7c/0x110
[   87.262710][ T6501]  __do_compat_sys_rt_sigreturn+0x18c/0x270
[   87.262729][ T6501]  ? __pfx___do_compat_sys_rt_sigreturn+0x10/0x10
[   87.262750][ T6501]  ? rcu_is_watching+0x12/0xc0
[   87.262776][ T6501]  do_int80_emulation+0x104/0x480
[   87.262804][ T6501]  asm_int80_emulation+0x1a/0x20
[   87.262821][ T6501] RIP: 0023:0xf702d577
[   87.262834][ T6501] Code: 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 <cd> 80 5d 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00
[   87.262850][ T6501] RSP: 002b:00000000f541d55c EFLAGS: 00000296
[   87.262863][ T6501] RAX: 00000000000001c1 RBX: 0000000080001080 RCX: 0000000000000001
[   87.262873][ T6501] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001
[   87.262882][ T6501] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   87.262891][ T6501] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   87.262900][ T6501] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   87.262920][ T6501]  </TASK>
[   87.281943][ T6500] netlink: 12 bytes leftover after parsing attributes in process `syz.3.131'.
[   87.750567][ T6506] x_tables: duplicate underflow at hook 1
[   88.044296][ T6512] netlink: 4 bytes leftover after parsing attributes in process `syz.0.134'.
[   88.069978][ T6512] netlink: 4 bytes leftover after parsing attributes in process `syz.0.134'.
[   88.402323][ T6519] netlink: 40 bytes leftover after parsing attributes in process `syz.1.138'.
[   89.022589][ T6529] loop2: detected capacity change from 0 to 7
[   89.031223][ T5950] Dev loop2: unable to read RDB block 7
[   89.033868][ T5950]  loop2: AHDI p1 p2 p3
[   89.035773][ T5950] loop2: partition table partially beyond EOD, truncated
[   89.044069][ T5950] loop2: p1 start 1601398130 is beyond EOD, truncated
[   89.046554][ T5950] loop2: p2 start 1702059890 is beyond EOD, truncated
[   89.735948][ T6529] Dev loop2: unable to read RDB block 7
[   89.740996][ T6529]  loop2: AHDI p1 p2 p3
[   89.742918][ T6529] loop2: partition table partially beyond EOD, truncated
[   89.747305][ T6529] loop2: p1 start 1601398130 is beyond EOD, truncated
[   89.752566][ T6529] loop2: p2 start 1702059890 is beyond EOD, truncated
[   89.820350][ T6525] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(8)
[   89.823671][ T6525] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[   89.846904][ T6525] vhci_hcd vhci_hcd.0: Device attached
[   89.892430][   T40] audit: type=1804 audit(1767116362.841:114): pid=6537 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.141" name="/newroot/38/file0/bus" dev="9p" ino=71827601 res=1 errno=0
[   90.119602][   T24] usb 38-1: SetAddress Request (6) to port 0
[   90.122709][   T24] usb 38-1: new SuperSpeed USB device number 6 using vhci_hcd
[   90.409732][ T6525] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[   90.456139][ T6532] vhci_hcd: connection reset by peer
[   90.459669][ T1142] vhci_hcd vhci_hcd.0: stop threads
[   90.462897][ T1142] vhci_hcd vhci_hcd.0: release socket
[   90.465854][ T1142] vhci_hcd vhci_hcd.0: disconnect device
[   90.495559][ T6541] ipt_ECN: cannot use operation on non-tcp rule
[   90.842852][ T6544] netlink: 12 bytes leftover after parsing attributes in process `syz.1.145'.
[   90.937612][ T6546] netlink: 4 bytes leftover after parsing attributes in process `syz.2.144'.
[   90.946410][ T6546] netlink: 4 bytes leftover after parsing attributes in process `syz.2.144'.
[   91.038125][ T6548] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   91.413777][ T6555] kvm_intel: kvm [6553]: vcpu2, guest rIP: 0xfff0 Unhandled WRMSR(0x1d9) = 0x5
[   91.475306][ T6559] loop2: detected capacity change from 0 to 7
[   91.492413][ T5950] Dev loop2: unable to read RDB block 7
[   91.494955][ T5950]  loop2: AHDI p1 p2 p3
[   91.496898][ T5950] loop2: partition table partially beyond EOD, truncated
[   91.500670][ T5950] loop2: p1 start 1601398130 is beyond EOD, truncated
[   91.503675][ T5950] loop2: p2 start 1702059890 is beyond EOD, truncated
[   91.629275][ T6560] netlink: 40 bytes leftover after parsing attributes in process `syz.0.147'.
[   91.804332][   T40] audit: type=1804 audit(1767116364.751:115): pid=6564 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.152" name="/newroot/36/file0/bus" dev="9p" ino=71827601 res=1 errno=0
[   92.056782][ T6559] Dev loop2: unable to read RDB block 7
[   92.059948][ T6559]  loop2: AHDI p1 p2 p3
[   92.061740][ T6559] loop2: partition table partially beyond EOD, truncated
[   92.064470][ T6559] loop2: p1 start 1601398130 is beyond EOD, truncated
[   92.067469][ T6559] loop2: p2 start 1702059890 is beyond EOD, truncated
[   92.302353][ T6569] nfs4: Unknown parameter '
amfs'
[   93.455762][ T6569] overlay: ./file0 is not a directory
[   94.190504][ T6585] ALSA: mixer_oss: invalid OSS volume ''
[   94.229716][ T6585] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(10)
[   94.232804][ T6585] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[   94.247938][ T6585] vhci_hcd vhci_hcd.0: Device attached
[   94.433346][ T6596] vhci_hcd: connection closed
[   94.434567][   T46] vhci_hcd vhci_hcd.1: stop threads
[   94.439184][   T46] vhci_hcd vhci_hcd.1: release socket
[   94.446587][   T46] vhci_hcd vhci_hcd.1: disconnect device
[   94.449697][ T6007] vhci_hcd vhci_hcd.1: vhci_device speed not set
[   94.595048][ T6605] loop2: detected capacity change from 0 to 7
[   94.598550][ T6605] Dev loop2: unable to read RDB block 7
[   94.601574][ T6605]  loop2: AHDI p1 p2 p3
[   94.603472][ T6605] loop2: partition table partially beyond EOD, truncated
[   94.607121][ T6605] loop2: p1 start 1601398130 is beyond EOD, truncated
[   94.611826][ T6605] loop2: p2 start 1702059890 is beyond EOD, truncated
[   94.682167][ T6611] netlink: 4 bytes leftover after parsing attributes in process `syz.3.163'.
[   94.688968][ T6611] netlink: 4 bytes leftover after parsing attributes in process `syz.3.163'.
[   94.915736][ T6613] FAULT_INJECTION: forcing a failure.
[   94.915736][ T6613] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   94.921470][ T6613] CPU: 2 UID: 0 PID: 6613 Comm: syz.3.164 Not tainted syzkaller #0 PREEMPT(full) 
[   94.921502][ T6613] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   94.921514][ T6613] Call Trace:
[   94.921522][ T6613]  <TASK>
[   94.921529][ T6613]  dump_stack_lvl+0x16c/0x1f0
[   94.921562][ T6613]  should_fail_ex+0x512/0x640
[   94.921588][ T6613]  _copy_from_user+0x2e/0xd0
[   94.921610][ T6613]  copy_from_buffer+0x7f/0xc0
[   94.921641][ T6613]  copy_uabi_to_xstate+0x3c5/0x670
[   94.921671][ T6613]  ? __pfx_copy_uabi_to_xstate+0x10/0x10
[   94.921706][ T6613]  ? __fpu_restore_sig+0xa8a/0x1370
[   94.921732][ T6613]  ? rcu_is_watching+0x12/0xc0
[   94.921755][ T6613]  ? x86_task_fpu+0x5f/0x90
[   94.921779][ T6613]  __fpu_restore_sig+0x10a6/0x1370
[   94.921808][ T6613]  ? __pfx___fpu_restore_sig+0x10/0x10
[   94.921847][ T6613]  ? __might_fault+0xe3/0x190
[   94.921867][ T6613]  ? __might_fault+0x13b/0x190
[   94.921891][ T6613]  fpu__restore_sig+0x151/0x190
[   94.921934][ T6613]  ia32_restore_sigcontext+0x44a/0x630
[   94.921954][ T6613]  ? __pfx_ia32_restore_sigcontext+0x10/0x10
[   94.921979][ T6613]  ? rcu_is_watching+0x12/0xc0
[   94.922003][ T6613]  ? _raw_spin_unlock_irq+0x23/0x50
[   94.922025][ T6613]  ? lockdep_hardirqs_on+0x7c/0x110
[   94.922055][ T6613]  __do_compat_sys_rt_sigreturn+0x18c/0x270
[   94.922076][ T6613]  ? __pfx___do_compat_sys_rt_sigreturn+0x10/0x10
[   94.922100][ T6613]  ? rcu_is_watching+0x12/0xc0
[   94.922127][ T6613]  do_int80_emulation+0x104/0x480
[   94.922156][ T6613]  asm_int80_emulation+0x1a/0x20
[   94.922175][ T6613] RIP: 0023:0xf7f44577
[   94.922190][ T6613] Code: 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 <cd> 80 5d 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00
[   94.922204][ T6613] RSP: 002b:00000000f543655c EFLAGS: 00000296
[   94.922218][ T6613] RAX: 00000000000001c1 RBX: 0000000080001080 RCX: 0000000000000001
[   94.922228][ T6613] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001
[   94.922238][ T6613] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   94.922247][ T6613] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   94.922258][ T6613] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   94.922281][ T6613]  </TASK>
[   95.209617][   T24] usb 38-1: device descriptor read/8, error -110
[   95.610369][   T24] usb usb38-port1: attempt power cycle
[   96.180340][   T24] usb usb38-port1: unable to enumerate USB device
[   96.304504][ T6620] =======================================================
[   96.304504][ T6620] WARNING: The mand mount option has been deprecated and
[   96.304504][ T6620]          and is ignored by this kernel. Remove the mand
[   96.304504][ T6620]          option from the mount to silence this warning.
[   96.304504][ T6620] =======================================================
[   96.323257][ T6620] overlayfs: overlapping lowerdir path
[   97.691821][   T40] audit: type=1804 audit(1767116370.639:116): pid=6626 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.166" name="/newroot/43/file0/bus" dev="9p" ino=71827601 res=1 errno=0
[   97.912644][ T6628] netlink: 176 bytes leftover after parsing attributes in process `syz.3.167'.
[   98.932632][ T6647] netlink: 4 bytes leftover after parsing attributes in process `syz.2.172'.
[   98.937830][ T6647] netlink: 4 bytes leftover after parsing attributes in process `syz.2.172'.
[   98.990583][ T6649] FAULT_INJECTION: forcing a failure.
[   98.990583][ T6649] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   98.996892][ T6649] CPU: 0 UID: 0 PID: 6649 Comm: syz.2.173 Not tainted syzkaller #0 PREEMPT(full) 
[   98.996919][ T6649] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   98.996930][ T6649] Call Trace:
[   98.996938][ T6649]  <TASK>
[   98.996948][ T6649]  dump_stack_lvl+0x16c/0x1f0
[   98.996979][ T6649]  should_fail_ex+0x512/0x640
[   98.997004][ T6649]  _copy_from_user+0x2e/0xd0
[   98.997027][ T6649]  copy_from_buffer+0x7f/0xc0
[   98.997056][ T6649]  copy_uabi_to_xstate+0x26d/0x670
[   98.997090][ T6649]  ? __pfx_copy_uabi_to_xstate+0x10/0x10
[   98.997126][ T6649]  ? __fpu_restore_sig+0xa8a/0x1370
[   98.997152][ T6649]  ? rcu_is_watching+0x12/0xc0
[   98.997178][ T6649]  ? x86_task_fpu+0x5f/0x90
[   98.997202][ T6649]  __fpu_restore_sig+0x10a6/0x1370
[   98.997241][ T6649]  ? __pfx___fpu_restore_sig+0x10/0x10
[   98.997285][ T6649]  ? __might_fault+0xe3/0x190
[   98.997306][ T6649]  ? __might_fault+0x13b/0x190
[   98.997332][ T6649]  fpu__restore_sig+0x151/0x190
[   98.997362][ T6649]  ia32_restore_sigcontext+0x44a/0x630
[   98.997382][ T6649]  ? __pfx_ia32_restore_sigcontext+0x10/0x10
[   98.997408][ T6649]  ? rcu_is_watching+0x12/0xc0
[   98.997434][ T6649]  ? _raw_spin_unlock_irq+0x23/0x50
[   98.997460][ T6649]  ? lockdep_hardirqs_on+0x7c/0x110
[   98.997492][ T6649]  __do_compat_sys_rt_sigreturn+0x18c/0x270
[   98.997513][ T6649]  ? __pfx___do_compat_sys_rt_sigreturn+0x10/0x10
[   98.997559][ T6649]  ? rcu_is_watching+0x12/0xc0
[   98.997586][ T6649]  do_int80_emulation+0x104/0x480
[   98.997620][ T6649]  asm_int80_emulation+0x1a/0x20
[   98.997639][ T6649] RIP: 0023:0xf702d577
[   98.997655][ T6649] Code: 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 <cd> 80 5d 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00
[   98.997673][ T6649] RSP: 002b:00000000f541d55c EFLAGS: 00000296
[   98.997690][ T6649] RAX: 00000000000001c1 RBX: 0000000080001080 RCX: 0000000000000001
[   98.997702][ T6649] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001
[   98.997712][ T6649] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   98.997722][ T6649] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   98.997733][ T6649] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   98.997758][ T6649]  </TASK>
[   99.139466][ T6007] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[   99.301458][ T6007] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[   99.305581][ T6007] usb 6-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[   99.309119][ T6007] usb 6-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[   99.325461][ T6007] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[   99.330161][ T6007] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   99.338973][ T6007] usb 6-1: Product: syz
[   99.340508][ T6007] usb 6-1: Manufacturer: syz
[   99.342042][ T6007] usb 6-1: SerialNumber: syz
[   99.358848][ T6007] hub 6-1:1.0: bad descriptor, ignoring hub
[   99.362901][ T6007] hub 6-1:1.0: probe with driver hub failed with error -5
[   99.450156][   T40] audit: type=1804 audit(1767116372.299:117): pid=6653 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.174" name="/newroot/48/file0/bus" dev="9p" ino=71827601 res=1 errno=0
[   99.576336][ T6007] usblp 6-1:1.0: usblp0: USB Unidirectional printer dev 2 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[   99.599460][    T9] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[   99.769772][    T9] usb 5-1: Using ep0 maxpacket: 32
[   99.779555][    T9] usb 5-1: config 155 has an invalid descriptor of length 0, skipping remainder of the config
[   99.793431][    T9] usb 5-1: config 155 interface 0 altsetting 0 has an endpoint descriptor with address 0xE2, changing to 0x82
[   99.815942][    T9] usb 5-1: config 155 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[   99.827618][    T9] usb 5-1: config 155 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 11
[   99.849012][    T9] usb 5-1: New USB device found, idVendor=15c2, idProduct=ffdc, bcdDevice=bd.30
[   99.852779][    T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   99.855674][    T9] usb 5-1: Product: syz
[   99.857860][    T9] usb 5-1: Manufacturer: syz
[   99.866190][    T9] usb 5-1: SerialNumber: syz
[   99.884331][    C0] imon 5-1:155.0: imon usb_rx_callback_intf0: status(-71)
[   99.903807][    T9] input: iMON Panel, Knob and Mouse(15c2:ffdc) as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:155.0/input/input5
[   99.912054][ T6336] usb 6-1: USB disconnect, device number 2
[   99.920021][ T6336] usblp0: removed
[  100.119510][    T9] imon 5-1:155.0: Unknown 0xffdc device, defaulting to VFD and iMON IR
[  100.123181][    T9]  (id 0x00)
[  100.189460][    T9] rc_core: IR keymap rc-imon-pad not found
[  100.191823][    T9] Registered IR keymap rc-empty
[  100.193517][    T9] imon 5-1:155.0: Looks like you're trying to use an IR protocol this device does not support
[  100.196976][    T9] imon 5-1:155.0: Unsupported IR protocol specified, overriding to iMON IR protocol
[  100.313778][ T6658] loop2: detected capacity change from 0 to 7
[  100.318203][ T6658] Dev loop2: unable to read RDB block 7
[  100.320921][ T6658]  loop2: AHDI p1 p2 p3
[  100.322853][ T6658] loop2: partition table partially beyond EOD, truncated
[  100.326165][ T6658] loop2: p1 start 1601398130 is beyond EOD, truncated
[  100.329173][ T6658] loop2: p2 start 1702059890 is beyond EOD, truncated
[  100.330731][    T9] rc rc0: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:155.0/rc/rc0
[  100.343437][    T9] input: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:155.0/rc/rc0/input6
[  100.362583][    T9] imon 5-1:155.0: iMON device (15c2:ffdc, intf0) on usb<5:4> initialized
[  100.521203][ T6028] usb 5-1: USB disconnect, device number 4
[  100.701448][   T40] audit: type=1804 audit(1767116373.649:118): pid=6660 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.176" name="/newroot/46/file0/bus" dev="9p" ino=71827601 res=1 errno=0
[  100.711474][   T40] audit: type=1804 audit(1767116373.659:119): pid=6669 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.176" name="/newroot/46/file0/bus" dev="9p" ino=71827601 res=1 errno=0
[  101.274417][ T6679] netlink: 4 bytes leftover after parsing attributes in process `syz.3.181'.
[  101.279123][ T6679] netlink: 4 bytes leftover after parsing attributes in process `syz.3.181'.
[  101.316925][ T6681] FAULT_INJECTION: forcing a failure.
[  101.316925][ T6681] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  101.323165][ T6681] CPU: 0 UID: 0 PID: 6681 Comm: syz.2.182 Not tainted syzkaller #0 PREEMPT(full) 
[  101.323186][ T6681] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  101.323201][ T6681] Call Trace:
[  101.323219][ T6681]  <TASK>
[  101.323226][ T6681]  dump_stack_lvl+0x16c/0x1f0
[  101.323252][ T6681]  should_fail_ex+0x512/0x640
[  101.323271][ T6681]  _copy_from_user+0x2e/0xd0
[  101.323289][ T6681]  copy_from_buffer+0x7f/0xc0
[  101.323313][ T6681]  copy_uabi_to_xstate+0x26d/0x670
[  101.323338][ T6681]  ? __pfx_copy_uabi_to_xstate+0x10/0x10
[  101.323366][ T6681]  ? __fpu_restore_sig+0xa8a/0x1370
[  101.323387][ T6681]  ? rcu_is_watching+0x12/0xc0
[  101.323407][ T6681]  ? x86_task_fpu+0x5f/0x90
[  101.323426][ T6681]  __fpu_restore_sig+0x10a6/0x1370
[  101.323451][ T6681]  ? __pfx___fpu_restore_sig+0x10/0x10
[  101.323475][ T6681]  ? find_held_lock+0x2b/0x80
[  101.323501][ T6681]  ? __might_fault+0xe3/0x190
[  101.323517][ T6681]  ? __might_fault+0x13b/0x190
[  101.323537][ T6681]  fpu__restore_sig+0x151/0x190
[  101.323560][ T6681]  ia32_restore_sigcontext+0x44a/0x630
[  101.323576][ T6681]  ? __pfx_ia32_restore_sigcontext+0x10/0x10
[  101.323596][ T6681]  ? rcu_is_watching+0x12/0xc0
[  101.323615][ T6681]  ? _raw_spin_unlock_irq+0x23/0x50
[  101.323634][ T6681]  ? lockdep_hardirqs_on+0x7c/0x110
[  101.323658][ T6681]  __do_compat_sys_rt_sigreturn+0x18c/0x270
[  101.323673][ T6681]  ? __pfx___do_compat_sys_rt_sigreturn+0x10/0x10
[  101.323691][ T6681]  ? rcu_is_watching+0x12/0xc0
[  101.323712][ T6681]  do_int80_emulation+0x104/0x480
[  101.323736][ T6681]  asm_int80_emulation+0x1a/0x20
[  101.323751][ T6681] RIP: 0023:0xf702d577
[  101.323763][ T6681] Code: 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 <cd> 80 5d 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00
[  101.323777][ T6681] RSP: 002b:00000000f541d55c EFLAGS: 00000296
[  101.323789][ T6681] RAX: 00000000000001c1 RBX: 0000000080001080 RCX: 0000000000000001
[  101.323797][ T6681] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001
[  101.323805][ T6681] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  101.323813][ T6681] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  101.323821][ T6681] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  101.323840][ T6681]  </TASK>
[  102.667938][ T6683] faux_driver vkms: [drm] Unknown color mode 256; guessing buffer size.
[  102.709945][   T40] audit: type=1804 audit(1767116375.629:120): pid=6691 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.185" name="/newroot/39/file0/bus" dev="9p" ino=71827601 res=1 errno=0
[  102.737085][   T40] audit: type=1804 audit(1767116375.629:121): pid=6692 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.185" name="/newroot/39/file0/bus" dev="9p" ino=71827601 res=1 errno=0
[  103.440227][ T6702] loop2: detected capacity change from 0 to 7
[  103.552680][ T6697] netlink: 72 bytes leftover after parsing attributes in process `syz.1.186'.
[  103.562858][ T5950] Dev loop2: unable to read RDB block 7
[  103.565485][ T5950]  loop2: AHDI p1 p2 p3
[  103.567388][ T5950] loop2: partition table partially beyond EOD, truncated
[  103.570867][ T5950] loop2: p1 start 1601398130 is beyond EOD, truncated
[  103.575129][ T5950] loop2: p2 start 1702059890 is beyond EOD, truncated
[  103.579395][ T6702] Dev loop2: unable to read RDB block 7
[  103.582313][ T6702]  loop2: AHDI p1 p2 p3
[  103.584305][ T6702] loop2: partition table partially beyond EOD, truncated
[  103.587943][ T6702] loop2: p1 start 1601398130 is beyond EOD, truncated
[  103.591699][ T6702] loop2: p2 start 1702059890 is beyond EOD, truncated
[  103.797606][ T6704] bridge0: port 2(bridge_slave_1) entered disabled state
[  103.904962][ T6704] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  103.915781][ T6704] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  104.151323][ T6720] overlay: Unknown parameter '/'
[  104.160557][ T6716] overlayfs: missing 'lowerdir'
[  104.233912][ T6719] x_tables: duplicate underflow at hook 1
[  104.261442][ T6719] hub 8-0:1.0: USB hub found
[  104.264486][ T6719] hub 8-0:1.0: 1 port detected
[  104.279172][   T46] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  104.283245][   T46] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  104.307397][   T46] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  104.312819][   T46] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  104.490521][ T6723] 9pnet_virtio: no channels available for device syz
[  104.834332][ T6729] 9pnet_virtio: no channels available for device syz
[  105.426249][ T6732] netlink: 20 bytes leftover after parsing attributes in process `syz.1.195'.
[  105.429725][ T6732] netlink: 4 bytes leftover after parsing attributes in process `syz.1.195'.
[  106.041792][ T6740] loop2: detected capacity change from 0 to 7
[  106.045909][ T6740] Dev loop2: unable to read RDB block 7
[  106.048752][ T6740]  loop2: AHDI p1 p2 p3
[  106.050746][ T6740] loop2: partition table partially beyond EOD, truncated
[  106.054119][ T6740] loop2: p1 start 1601398130 is beyond EOD, truncated
[  106.057568][ T6740] loop2: p2 start 1702059890 is beyond EOD, truncated
[  107.636400][   T40] audit: type=1804 audit(1767116380.579:122): pid=6753 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.201" name="/newroot/51/file0/bus" dev="9p" ino=71827601 res=1 errno=0
[  107.982911][ T6751] FAULT_INJECTION: forcing a failure.
[  107.982911][ T6751] name failslab, interval 1, probability 0, space 0, times 1
[  107.988384][ T6751] CPU: 2 UID: 0 PID: 6751 Comm: syz.2.202 Not tainted syzkaller #0 PREEMPT(full) 
[  107.988399][ T6751] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  107.988406][ T6751] Call Trace:
[  107.988410][ T6751]  <TASK>
[  107.988415][ T6751]  dump_stack_lvl+0x16c/0x1f0
[  107.988436][ T6751]  should_fail_ex+0x512/0x640
[  107.988448][ T6751]  ? __kmalloc_noprof+0xca/0x910
[  107.988461][ T6751]  should_failslab+0xc2/0x120
[  107.988479][ T6751]  __kmalloc_noprof+0xeb/0x910
[  107.988489][ T6751]  ? __pfx_ia32_restore_sigcontext+0x10/0x10
[  107.988501][ T6751]  ? __do_sys_futex_waitv+0x221/0x2c0
[  107.988517][ T6751]  ? __do_sys_futex_waitv+0x221/0x2c0
[  107.988529][ T6751]  __do_sys_futex_waitv+0x221/0x2c0
[  107.988542][ T6751]  ? __pfx___do_sys_futex_waitv+0x10/0x10
[  107.988558][ T6751]  ? __pfx___do_compat_sys_rt_sigreturn+0x10/0x10
[  107.988573][ T6751]  do_int80_emulation+0x104/0x480
[  107.988592][ T6751]  asm_int80_emulation+0x1a/0x20
[  107.988603][ T6751] RIP: 0023:0xf702d579
[  107.988612][ T6751] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  107.988622][ T6751] RSP: 002b:00000000f541d55c EFLAGS: 00000296 ORIG_RAX: 00000000000001c1
[  107.988633][ T6751] RAX: ffffffffffffffda RBX: 0000000080001080 RCX: 0000000000000001
[  107.988640][ T6751] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001
[  107.988645][ T6751] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  107.988651][ T6751] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  107.988657][ T6751] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  107.988670][ T6751]  </TASK>
[  108.016752][ T6759] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(5)
[  108.050085][ T6759] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  108.068962][ T6759] vhci_hcd vhci_hcd.0: Device attached
[  108.229557][   T78] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  108.345225][ T6767] x_tables: duplicate underflow at hook 1
[  108.349585][ T6767] hub 8-0:1.0: USB hub found
[  108.353143][ T6767] hub 8-0:1.0: 1 port detected
[  108.359749][   T53] usb 38-1: SetAddress Request (10) to port 0
[  108.363551][   T53] usb 38-1: new SuperSpeed USB device number 10 using vhci_hcd
[  108.389503][   T78] usb 6-1: Using ep0 maxpacket: 8
[  108.393741][   T78] usb 6-1: config index 0 descriptor too short (expected 301, got 45)
[  108.397775][   T78] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  108.408746][   T78] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  108.422559][   T78] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  108.426942][   T78] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  108.452990][   T78] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  108.457050][   T78] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  108.637921][ T6774] bridge0: port 2(bridge_slave_1) entered disabled state
[  108.641959][ T6774] bridge0: port 1(bridge_slave_0) entered disabled state
[  108.783002][ T6774] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  108.794058][ T6774] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  108.938245][ T1141] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  108.943257][ T1141] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  108.948148][ T1141] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  108.953405][ T1141] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  108.967733][   T78] usb 6-1: usb_control_msg returned -71
[  108.976489][   T78] usbtmc 6-1:16.0: can't read capabilities
[  109.016059][   T78] usb 6-1: USB disconnect, device number 3
[  109.067641][ T6779] loop2: detected capacity change from 0 to 7
[  109.071501][ T6779] Dev loop2: unable to read RDB block 7
[  109.074020][ T6779]  loop2: AHDI p1 p2 p3
[  109.075908][ T6779] loop2: partition table partially beyond EOD, truncated
[  109.079158][ T6779] loop2: p1 start 1601398130 is beyond EOD, truncated
[  109.091360][ T6779] loop2: p2 start 1702059890 is beyond EOD, truncated
[  109.323658][ T6760] vhci_hcd: connection reset by peer
[  109.346924][ T3971] vhci_hcd vhci_hcd.0: stop threads
[  109.377861][ T3971] vhci_hcd vhci_hcd.0: release socket
[  109.396080][ T3971] vhci_hcd vhci_hcd.0: disconnect device
[  109.588491][ T6785] netlink: 4 bytes leftover after parsing attributes in process `syz.1.211'.
[  109.600532][ T6785] netlink: 4 bytes leftover after parsing attributes in process `syz.1.211'.
[  110.094382][ T6798] xt_CT: You must specify a L4 protocol and not use inversions on it
[  110.441167][ T6811] loop2: detected capacity change from 0 to 7
[  110.448896][ T6811] Dev loop2: unable to read RDB block 7
[  110.452818][ T6811]  loop2: AHDI p1 p2 p3
[  110.454837][ T6811] loop2: partition table partially beyond EOD, truncated
[  110.460170][ T6811] loop2: p1 start 1601398130 is beyond EOD, truncated
[  110.463220][ T6811] loop2: p2 start 1702059890 is beyond EOD, truncated
[  110.816593][ T6815] x_tables: duplicate underflow at hook 1
[  110.822720][ T6815] hub 8-0:1.0: USB hub found
[  110.825391][ T6815] hub 8-0:1.0: 1 port detected
[  111.161069][ T6823] netlink: 20 bytes leftover after parsing attributes in process `syz.2.221'.
[  111.165356][ T6823] netlink: 4 bytes leftover after parsing attributes in process `syz.2.221'.
[  111.864166][ T6826] netlink: 4 bytes leftover after parsing attributes in process `syz.3.222'.
[  111.884853][ T6826] netlink: 4 bytes leftover after parsing attributes in process `syz.3.222'.
[  112.210418][ T6837] ptrace attach of "/syz-executor exec"[6841] was attempted by "/syz-executor exec"[6837]
[  112.252950][ T6837] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  112.384016][ T6837] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  112.450335][ T5940] usb 8-1: new high-speed USB device number 2 using dummy_hcd
[  112.496930][ T6837] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  112.591484][   T40] audit: type=1804 audit(1767116385.539:123): pid=6857 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.229" name="/newroot/64/file0/bus" dev="9p" ino=71827601 res=1 errno=0
[  112.611574][ T5940] usb 8-1: Using ep0 maxpacket: 8
[  112.617848][ T6837] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  112.618969][ T5940] usb 8-1: config 0 interface 0 has no altsetting 0
[  112.626172][ T5940] usb 8-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  112.635587][ T5940] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  112.639922][ T5940] usb 8-1: config 0 descriptor??
[  112.716588][  T173] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  112.729251][  T173] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  112.750411][  T173] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  112.763697][  T173] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  112.929534][ T6091] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  113.053551][ T5940] mcp2221 0003:04D8:00DD.0002: unknown main item tag 0x0
[  113.055973][ T5940] mcp2221 0003:04D8:00DD.0002: unknown main item tag 0x0
[  113.060334][ T5940] mcp2221 0003:04D8:00DD.0002: unknown main item tag 0x0
[  113.063719][ T5940] mcp2221 0003:04D8:00DD.0002: unknown main item tag 0x0
[  113.067637][ T5940] mcp2221 0003:04D8:00DD.0002: unknown main item tag 0x0
[  113.073020][ T5940] mcp2221 0003:04D8:00DD.0002: USB HID vff.ff Device [HID 04d8:00dd] on usb-dummy_hcd.3-1/input0
[  113.126802][ T6091] usb 5-1: config 160 has an invalid interface number: 200 but max is 0
[  113.131300][ T6091] usb 5-1: config 160 has no interface number 0
[  113.134201][ T6091] usb 5-1: config 160 interface 200 has no altsetting 0
[  113.142118][ T6091] usb 5-1: New USB device found, idVendor=21bb, idProduct=2070, bcdDevice=87.0b
[  113.147898][ T6091] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  113.156584][ T6091] usb 5-1: Product: syz
[  113.160612][ T6091] usb 5-1: Manufacturer: syz
[  113.162803][ T6091] usb 5-1: SerialNumber: syz
[  113.326532][ T6864] overlayfs: missing 'lowerdir'
[  113.455199][   T53] usb 38-1: device descriptor read/8, error -110
[  113.480110][   T78] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None
[  113.702618][ T6862] syz.1.230 (6862) used greatest stack depth: 16872 bytes left
[  113.840229][   T53] usb usb38-port1: attempt power cycle
[  114.189898][ T6876] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(6)
[  114.192860][ T6876] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  114.196941][ T6876] vhci_hcd vhci_hcd.0: Device attached
[  114.375520][ T6876] Illegal XDP return value 3753213255 on prog  (id 33) dev N/A, expect packet loss!
[  114.410508][   T53] usb usb38-port1: unable to enumerate USB device
[  114.470250][   T74] usb 40-1: SetAddress Request (6) to port 0
[  114.473574][   T74] usb 40-1: new SuperSpeed USB device number 6 using vhci_hcd
[  114.483596][ T6879] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(10)
[  114.485830][ T6879] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  114.489434][ T6879] vhci_hcd vhci_hcd.0: Device attached
[  114.663341][ T6877] vhci_hcd: connection reset by peer
[  114.667141][   T62] vhci_hcd vhci_hcd.1: stop threads
[  114.669942][   T62] vhci_hcd vhci_hcd.1: release socket
[  114.672809][   T62] vhci_hcd vhci_hcd.1: disconnect device
[  114.693567][ T6881] vhci_hcd: connection closed
[  114.693874][   T98] vhci_hcd vhci_hcd.2: stop threads
[  114.698064][   T98] vhci_hcd vhci_hcd.2: release socket
[  114.701427][   T98] vhci_hcd vhci_hcd.2: disconnect device
[  114.750926][ T6623] usb 42-1: enqueue for inactive port 0
[  115.250378][ T6623] usb usb42-port1: attempt power cycle
[  115.282215][ T6091] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[  115.285712][ T6091] usb 5-1: MIDIStreaming interface descriptor not found
[  115.353197][ T6091] usb 5-1: USB disconnect, device number 5
[  115.354588][    T9] usb 8-1: USB disconnect, device number 2
[  115.458562][ T6279] udevd[6279]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb5/5-1/5-1:160.200/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  115.485078][ T6886] netlink: 4 bytes leftover after parsing attributes in process `syz.3.235'.
[  115.514277][ T6886] netlink: 4 bytes leftover after parsing attributes in process `syz.3.235'.
[  115.830484][ T6623] usb usb42-port1: unable to enumerate USB device
[  115.992100][ T6925] netlink: 80 bytes leftover after parsing attributes in process `syz.1.244'.
[  116.004208][ T6925] bridge0: entered promiscuous mode
[  116.006938][ T6925] macsec1: entered promiscuous mode
[  116.011414][ T6925] bridge0: port 5(macsec1) entered blocking state
[  116.014909][ T6925] bridge0: port 5(macsec1) entered disabled state
[  116.017961][ T6925] macsec1: entered allmulticast mode
[  116.020722][ T6925] bridge0: entered allmulticast mode
[  116.026224][ T6925] macsec1: left allmulticast mode
[  116.028504][ T6925] bridge0: left allmulticast mode
[  116.032375][ T6925] bridge0: left promiscuous mode
[  116.280073][ T6930] overlay: Unknown parameter 'uid<00000000000000000000'
[  116.547283][   T53] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[  116.702661][   T53] usb 7-1: config 160 has an invalid interface number: 200 but max is 0
[  116.705879][   T53] usb 7-1: config 160 has no interface number 0
[  116.708174][   T53] usb 7-1: config 160 interface 200 has no altsetting 0
[  116.738571][   T53] usb 7-1: New USB device found, idVendor=21bb, idProduct=2070, bcdDevice=87.0b
[  116.746622][   T53] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  116.751474][   T53] usb 7-1: Product: syz
[  116.753394][   T53] usb 7-1: Manufacturer: syz
[  116.755416][   T53] usb 7-1: SerialNumber: syz
[  117.890524][ T6942] netlink: 4 bytes leftover after parsing attributes in process `syz.3.248'.
[  117.937892][ T6944] loop2: detected capacity change from 0 to 7
[  117.991549][ T6944] Dev loop2: unable to read RDB block 7
[  117.994028][ T6944]  loop2: AHDI p1 p2 p3
[  117.996000][ T6944] loop2: partition table partially beyond EOD, truncated
[  117.999733][ T6944] loop2: p1 start 1601398130 is beyond EOD, truncated
[  118.003358][ T6944] loop2: p2 start 1702059890 is beyond EOD, truncated
[  118.106604][ T6949] netlink: 8 bytes leftover after parsing attributes in process `syz.1.251'.
[  118.110881][ T6949] netlink: 'syz.1.251': attribute type 5 has an invalid length.
[  118.114521][ T6949] netlink: 12 bytes leftover after parsing attributes in process `syz.1.251'.
[  118.139083][ T1141] netdevsim netdevsim1 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[  118.144278][ T1141] netdevsim netdevsim1 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[  118.147984][ T1141] netdevsim netdevsim1 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[  118.151551][ T1141] netdevsim netdevsim1 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[  118.154845][ T6949] netlink: 8 bytes leftover after parsing attributes in process `syz.1.251'.
[  118.159158][ T6949] netlink: 'syz.1.251': attribute type 5 has an invalid length.
[  118.163712][ T6949] netlink: 12 bytes leftover after parsing attributes in process `syz.1.251'.
[  118.197265][ T6949] netlink: 8 bytes leftover after parsing attributes in process `syz.1.251'.
[  118.197716][ T6951] netlink: 8 bytes leftover after parsing attributes in process `syz.1.251'.
[  118.206006][ T6949] netlink: 'syz.1.251': attribute type 5 has an invalid length.
[  118.209575][ T6951] netlink: 'syz.1.251': attribute type 5 has an invalid length.
[  118.387446][ T6956] syz_tun: entered allmulticast mode
[  118.406405][ T6956] dvmrp9: entered allmulticast mode
[  118.432130][ T6955] syz_tun: left allmulticast mode
[  118.489477][ T6091] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  118.640482][ T6091] usb 5-1: Using ep0 maxpacket: 8
[  118.657266][ T6091] usb 5-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b
[  118.661289][ T6091] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  118.706874][ T6091] pvrusb2: Hardware description: Terratec Grabster AV400
[  118.714530][ T6091] pvrusb2: **********
[  118.716787][ T6091] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental.
[  118.720531][ T6091] pvrusb2: Important functionality might not be entirely working.
[  118.723223][ T6091] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver.
[  118.727491][ T6091] pvrusb2: **********
[  119.057539][   T53] usb 7-1: Quirk or no altset; falling back to MIDI 1.0
[  119.064066][   T53] usb 7-1: MIDIStreaming interface descriptor not found
[  119.210006][   T53] usb 7-1: USB disconnect, device number 2
[  119.283040][ T6884] udevd[6884]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb7/7-1/7-1:160.200/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  119.539592][   T74] usb 40-1: device descriptor read/8, error -110
[  119.990688][   T74] usb usb40-port1: attempt power cycle
[  120.048750][ T6981] FAULT_INJECTION: forcing a failure.
[  120.048750][ T6981] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  120.062466][ T6981] CPU: 3 UID: 0 PID: 6981 Comm: syz.2.257 Not tainted syzkaller #0 PREEMPT(full) 
[  120.062483][ T6981] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  120.062503][ T6981] Call Trace:
[  120.062507][ T6981]  <TASK>
[  120.062511][ T6981]  dump_stack_lvl+0x16c/0x1f0
[  120.062533][ T6981]  should_fail_ex+0x512/0x640
[  120.062548][ T6981]  copy_fpstate_to_sigframe+0x827/0xad0
[  120.062569][ T6981]  ? __pfx_copy_fpstate_to_sigframe+0x10/0x10
[  120.062589][ T6981]  ? x86_task_fpu+0x5f/0x90
[  120.062604][ T6981]  get_sigframe+0x4a8/0x9c0
[  120.062621][ T6981]  ? __pfx_get_sigframe+0x10/0x10
[  120.062636][ T6981]  ? _raw_spin_unlock_irq+0x23/0x50
[  120.062651][ T6981]  ? siginfo_layout+0x177/0x290
[  120.062667][ T6981]  ia32_setup_rt_frame+0xe4/0xb30
[  120.062683][ T6981]  ? __pfx_ia32_setup_rt_frame+0x10/0x10
[  120.062698][ T6981]  arch_do_signal_or_restart+0x475/0x7a0
[  120.062714][ T6981]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  120.062737][ T6981]  exit_to_user_mode_loop+0x8c/0x540
[  120.062753][ T6981]  do_int80_emulation+0x3a8/0x480
[  120.062772][ T6981]  asm_int80_emulation+0x1a/0x20
[  120.062786][ T6981] RIP: 0023:0xf702d577
[  120.062799][ T6981] Code: 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 <cd> 80 5d 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00
[  120.062815][ T6981] RSP: 002b:00000000f541d55c EFLAGS: 00000296 ORIG_RAX: 00000000000001c1
[  120.062831][ T6981] RAX: 00000000000001c1 RBX: 0000000080001080 RCX: 0000000000000001
[  120.062843][ T6981] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001
[  120.062853][ T6981] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  120.062864][ T6981] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  120.062889][ T6981] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  120.062915][ T6981]  </TASK>
[  120.169564][ T6984] loop2: detected capacity change from 0 to 7
[  120.174740][ T5950] Dev loop2: unable to read RDB block 7
[  120.176838][ T5950]  loop2: AHDI p1 p2 p3
[  120.178316][ T5950] loop2: partition table partially beyond EOD, truncated
[  120.183346][ T5950] loop2: p1 start 1601398130 is beyond EOD, truncated
[  120.185617][ T5950] loop2: p2 start 1702059890 is beyond EOD, truncated
[  120.189566][ T6984] Dev loop2: unable to read RDB block 7
[  120.199491][ T6984]  loop2: AHDI p1 p2 p3
[  120.201404][ T6984] loop2: partition table partially beyond EOD, truncated
[  120.204611][ T6984] loop2: p1 start 1601398130 is beyond EOD, truncated
[  120.207584][ T6984] loop2: p2 start 1702059890 is beyond EOD, truncated
[  120.496122][ T6997] x_tables: duplicate underflow at hook 1
[  120.501294][ T6997] hub 8-0:1.0: USB hub found
[  120.504779][ T6997] hub 8-0:1.0: 1 port detected
[  120.886502][   T74] usb usb40-port1: unable to enumerate USB device
[  121.055336][ T6999] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(5)
[  121.057747][ T6999] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  121.060427][ T6999] vhci_hcd vhci_hcd.0: Device attached
[  121.123335][ T7002] vhci_hcd: connection closed
[  121.129907][  T173] vhci_hcd vhci_hcd.1: stop threads
[  121.139531][  T173] vhci_hcd vhci_hcd.1: release socket
[  121.141857][  T173] vhci_hcd vhci_hcd.1: disconnect device
[  121.173213][ T6091] usb 5-1: USB disconnect, device number 6
[  121.175210][ T2484] pvrusb2: Invalid write control endpoint
[  121.251775][ T2484] pvrusb2: Invalid write control endpoint
[  121.254392][ T2484] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work.
[  121.258494][ T2484] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device.
[  121.269802][ T2484] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups.
[  121.273705][ T2484] pvrusb2: Device being rendered inoperable
[  121.299495][ T2484] cx25840 2-0044: Unable to detect h/w, assuming cx23887
[  121.302639][ T2484] cx25840 2-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a)
[  121.308181][ T2484] pvrusb2: Attached sub-driver cx25840
[  121.311011][ T2484] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it.
[  121.312467][ T7010] tipc: Started in network mode
[  121.317561][ T7010] tipc: Node identity f607c0dd90fd, cluster identity 4711
[  121.319435][ T2484] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover.
[  121.325295][ T7010] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  121.331396][ T7010] syzkaller0: entered promiscuous mode
[  121.333900][ T7010] syzkaller0: entered allmulticast mode
[  121.346359][ T7010] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) !
[  121.401641][ T7010] tipc: Resetting bearer <eth:syzkaller0>
[  121.407376][ T7009] tipc: Resetting bearer <eth:syzkaller0>
[  121.551253][   T40] audit: type=1804 audit(1767116394.499:124): pid=7012 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.266" name="/newroot/72/file0/bus" dev="9p" ino=71827601 res=1 errno=0
[  121.562459][   T40] audit: type=1804 audit(1767116394.509:125): pid=7018 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.266" name="/newroot/72/file0/bus" dev="9p" ino=71827601 res=1 errno=0
[  121.574551][ T7009] tipc: Disabling bearer <eth:syzkaller0>
[  121.832716][ T7021] FAULT_INJECTION: forcing a failure.
[  121.832716][ T7021] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  121.838761][ T7021] CPU: 2 UID: 0 PID: 7021 Comm: syz.3.268 Not tainted syzkaller #0 PREEMPT(full) 
[  121.838787][ T7021] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  121.838798][ T7021] Call Trace:
[  121.838806][ T7021]  <TASK>
[  121.838814][ T7021]  dump_stack_lvl+0x16c/0x1f0
[  121.838847][ T7021]  should_fail_ex+0x512/0x640
[  121.838872][ T7021]  _copy_to_user+0x32/0xd0
[  121.838895][ T7021]  __copy_siginfo_to_user32+0x96/0xf0
[  121.838924][ T7021]  ? __pfx___copy_siginfo_to_user32+0x10/0x10
[  121.838986][ T7021]  ? _raw_spin_unlock_irq+0x23/0x50
[  121.839011][ T7021]  ? siginfo_layout+0x177/0x290
[  121.839038][ T7021]  ia32_setup_rt_frame+0x6cc/0xb30
[  121.839065][ T7021]  ? __pfx_ia32_setup_rt_frame+0x10/0x10
[  121.839093][ T7021]  arch_do_signal_or_restart+0x475/0x7a0
[  121.839121][ T7021]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  121.839162][ T7021]  exit_to_user_mode_loop+0x8c/0x540
[  121.839193][ T7021]  do_int80_emulation+0x3a8/0x480
[  121.839225][ T7021]  asm_int80_emulation+0x1a/0x20
[  121.839243][ T7021] RIP: 0023:0xf7f44577
[  121.839259][ T7021] Code: 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 <cd> 80 5d 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00
[  121.839276][ T7021] RSP: 002b:00000000f543655c EFLAGS: 00000296 ORIG_RAX: 00000000000001c1
[  121.839294][ T7021] RAX: 00000000000001c1 RBX: 0000000080001080 RCX: 0000000000000001
[  121.839306][ T7021] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001
[  121.839316][ T7021] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  121.839341][ T7021] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  121.839353][ T7021] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  121.839378][ T7021]  </TASK>
[  122.013314][ T7028] loop2: detected capacity change from 0 to 7
[  122.018988][ T5950] Dev loop2: unable to read RDB block 7
[  122.022060][ T5950]  loop2: AHDI p1 p2 p3
[  122.024324][ T5950] loop2: partition table partially beyond EOD, truncated
[  122.028122][ T5950] loop2: p1 start 1601398130 is beyond EOD, truncated
[  122.031300][ T5950] loop2: p2 start 1702059890 is beyond EOD, truncated
[  122.038035][ T7028] Dev loop2: unable to read RDB block 7
[  122.041226][ T7028]  loop2: AHDI p1 p2 p3
[  122.043284][ T7028] loop2: partition table partially beyond EOD, truncated
[  122.047396][ T7028] loop2: p1 start 1601398130 is beyond EOD, truncated
[  122.051230][ T7028] loop2: p2 start 1702059890 is beyond EOD, truncated
[  122.258515][ T7025] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(3)
[  122.260724][   T40] audit: type=1326 audit(1767116395.209:126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7029 comm="syz.3.271" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f44579 code=0x7ffc0000
[  122.261062][ T7025] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  122.283543][ T7026] vhci_hcd vhci_hcd.0: pdev(2) rhport(1) sockfd(6)
[  122.285862][ T7026] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  122.288808][   T40] audit: type=1326 audit(1767116395.219:127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7029 comm="syz.3.271" exe="/syz-executor" sig=0 arch=40000003 syscall=437 compat=1 ip=0xf7f44579 code=0x7ffc0000
[  122.299431][ T7025] vhci_hcd vhci_hcd.0: Device attached
[  122.302588][   T40] audit: type=1326 audit(1767116395.219:128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7029 comm="syz.3.271" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f44579 code=0x7ffc0000
[  122.304403][ T7026] vhci_hcd vhci_hcd.0: Device attached
[  122.318635][   T40] audit: type=1326 audit(1767116395.219:129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7029 comm="syz.3.271" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f44579 code=0x7ffc0000
[  122.318680][   T40] audit: type=1326 audit(1767116395.219:130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7029 comm="syz.3.271" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7f44579 code=0x7ffc0000
[  122.318719][   T40] audit: type=1326 audit(1767116395.219:131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7029 comm="syz.3.271" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f44579 code=0x7ffc0000
[  122.318758][   T40] audit: type=1326 audit(1767116395.229:132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7029 comm="syz.3.271" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7f44579 code=0x7ffc0000
[  122.318799][   T40] audit: type=1326 audit(1767116395.239:133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7029 comm="syz.3.271" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f44579 code=0x7ffc0000
[  122.375532][ T7034] pim6reg: entered allmulticast mode
[  122.392389][ T7038] vhci_hcd: connection closed
[  122.393274][ T7037] vhci_hcd: connection closed
[  122.395780][  T173] vhci_hcd vhci_hcd.2: stop threads
[  122.414592][  T173] vhci_hcd vhci_hcd.2: release socket
[  122.418412][  T173] vhci_hcd vhci_hcd.2: disconnect device
[  122.433854][  T173] vhci_hcd vhci_hcd.2: stop threads
[  122.436335][  T173] vhci_hcd vhci_hcd.2: release socket
[  122.438827][  T173] vhci_hcd vhci_hcd.2: disconnect device
[  122.543798][ T7044] tmpfs: Unknown parameter 'òÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿòÿÿÿtmpfs'
[  123.151054][ T7048] __nla_validate_parse: 3 callbacks suppressed
[  123.151069][ T7048] netlink: 20 bytes leftover after parsing attributes in process `syz.2.274'.
[  123.517830][ T7058] x_tables: duplicate underflow at hook 1
[  124.101294][ T7065] loop2: detected capacity change from 0 to 7
[  124.105689][ T5950] Dev loop2: unable to read RDB block 7
[  124.108394][ T5950]  loop2: AHDI p1 p2 p3
[  124.111500][ T5950] loop2: partition table partially beyond EOD, truncated
[  124.115173][ T5950] loop2: p1 start 1601398130 is beyond EOD, truncated
[  124.118424][ T5950] loop2: p2 start 1702059890 is beyond EOD, truncated
[  124.130617][ T7065] Dev loop2: unable to read RDB block 7
[  124.133291][ T7062] FAULT_INJECTION: forcing a failure.
[  124.133291][ T7062] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  124.133316][ T7062] CPU: 0 UID: 0 PID: 7062 Comm: syz.2.279 Not tainted syzkaller #0 PREEMPT(full) 
[  124.133329][ T7062] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  124.133335][ T7062] Call Trace:
[  124.133339][ T7062]  <TASK>
[  124.133344][ T7062]  dump_stack_lvl+0x16c/0x1f0
[  124.133364][ T7062]  should_fail_ex+0x512/0x640
[  124.133385][ T7062]  _copy_from_user+0x2e/0xd0
[  124.133398][ T7062]  ia32_restore_sigcontext+0xc3/0x630
[  124.133411][ T7062]  ? __pfx_ia32_restore_sigcontext+0x10/0x10
[  124.133425][ T7062]  ? rcu_is_watching+0x12/0xc0
[  124.133440][ T7062]  ? _raw_spin_unlock_irq+0x23/0x50
[  124.133455][ T7062]  ? lockdep_hardirqs_on+0x7c/0x110
[  124.133474][ T7062]  __do_compat_sys_rt_sigreturn+0x18c/0x270
[  124.133486][ T7062]  ? __pfx___do_compat_sys_rt_sigreturn+0x10/0x10
[  124.133499][ T7062]  ? rcu_is_watching+0x12/0xc0
[  124.133515][ T7062]  do_int80_emulation+0x104/0x480
[  124.133533][ T7062]  asm_int80_emulation+0x1a/0x20
[  124.133545][ T7062] RIP: 0023:0xf702d5a7
[  124.133554][ T7062] Code: 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 90 58 b8 77 00 00 00 cd 80 90 8d b4 26 00 00 00 00 b8 ad 00 00 00 cd 80 <90> 90 90 90 90 90 90 90 90 55 89 e5 57 8d 3d 2c dc ff ff 56 53 e8
[  124.133564][ T7062] RSP: 002b:00000000f541c940 EFLAGS: 00000286 ORIG_RAX: 00000000000000ad
[  124.133575][ T7062] RAX: ffffffffffffffda RBX: 0000000080001080 RCX: 00000000f541c9cc
[  124.133581][ T7062] RDX: 00000000f541c94c RSI: 0000000000000000 RDI: 0000000000000001
[  124.133588][ T7062] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  124.133594][ T7062] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  124.133600][ T7062] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  124.133613][ T7062]  </TASK>
[  124.220669][ T7065]  loop2: AHDI p1 p2 p3
[  124.222806][ T7065] loop2: partition table partially beyond EOD, truncated
[  124.228354][ T7065] loop2: p1 start 1601398130 is beyond EOD, truncated
[  124.231655][ T7065] loop2: p2 start 1702059890 is beyond EOD, truncated
[  124.243210][ T7067] x_tables: duplicate underflow at hook 1
[  124.246730][ T7067] hub 8-0:1.0: USB hub found
[  124.250720][ T7067] hub 8-0:1.0: 1 port detected
[  124.348382][ T7076] openvswitch: netlink: Unexpected mask (mask=20040, allowed=10048)
[  124.753364][ T7081] syz.3.282 uses obsolete (PF_INET,SOCK_PACKET)
[  124.805210][ T7081] comedi comedi0: s526: I/O port conflict (0x2f,64)
[  125.084745][ T7100] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(8)
[  125.087672][ T7100] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  125.094868][ T7100] vhci_hcd vhci_hcd.0: Device attached
[  125.359651][ T6623] usb 39-1: new low-speed USB device number 3 using vhci_hcd
[  125.403951][ T7104] loop2: detected capacity change from 0 to 7
[  125.406711][ T7104] Dev loop2: unable to read RDB block 7
[  125.409277][ T7104]  loop2: AHDI p1 p2 p3
[  125.411455][ T7104] loop2: partition table partially beyond EOD, truncated
[  125.414791][ T7104] loop2: p1 start 1601398130 is beyond EOD, truncated
[  125.417717][ T7104] loop2: p2 start 1702059890 is beyond EOD, truncated
[  125.470159][ T7089] [U] 
[  125.515539][ T7101] vhci_hcd: connection reset by peer
[  125.520220][ T3971] vhci_hcd vhci_hcd.1: stop threads
[  125.522686][ T3971] vhci_hcd vhci_hcd.1: release socket
[  125.525233][ T3971] vhci_hcd vhci_hcd.1: disconnect device
[  125.647226][ T7109] FAULT_INJECTION: forcing a failure.
[  125.647226][ T7109] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  125.652629][ T7109] CPU: 0 UID: 0 PID: 7109 Comm: syz.2.291 Not tainted syzkaller #0 PREEMPT(full) 
[  125.652652][ T7109] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  125.652662][ T7109] Call Trace:
[  125.652668][ T7109]  <TASK>
[  125.652675][ T7109]  dump_stack_lvl+0x16c/0x1f0
[  125.652720][ T7109]  should_fail_ex+0x512/0x640
[  125.652744][ T7109]  __fpu_restore_sig+0xfe/0x1370
[  125.652770][ T7109]  ? __lock_acquire+0x436/0x2890
[  125.652786][ T7109]  ? __pfx___fpu_restore_sig+0x10/0x10
[  125.652812][ T7109]  ? find_held_lock+0x2b/0x80
[  125.652840][ T7109]  ? __might_fault+0xe3/0x190
[  125.652858][ T7109]  ? __might_fault+0x13b/0x190
[  125.652880][ T7109]  fpu__restore_sig+0x151/0x190
[  125.652905][ T7109]  ia32_restore_sigcontext+0x44a/0x630
[  125.652922][ T7109]  ? __pfx_ia32_restore_sigcontext+0x10/0x10
[  125.652944][ T7109]  ? rcu_is_watching+0x12/0xc0
[  125.652966][ T7109]  ? _raw_spin_unlock_irq+0x23/0x50
[  125.652986][ T7109]  ? lockdep_hardirqs_on+0x7c/0x110
[  125.653013][ T7109]  __do_compat_sys_rt_sigreturn+0x18c/0x270
[  125.653028][ T7109]  ? __pfx___do_compat_sys_rt_sigreturn+0x10/0x10
[  125.653048][ T7109]  ? rcu_is_watching+0x12/0xc0
[  125.653070][ T7109]  do_int80_emulation+0x104/0x480
[  125.653096][ T7109]  asm_int80_emulation+0x1a/0x20
[  125.653110][ T7109] RIP: 0023:0xf702d577
[  125.653122][ T7109] Code: 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 <cd> 80 5d 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00
[  125.653135][ T7109] RSP: 002b:00000000f541d55c EFLAGS: 00000296
[  125.653148][ T7109] RAX: 00000000000001c1 RBX: 0000000080001080 RCX: 0000000000000001
[  125.653163][ T7109] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001
[  125.653171][ T7109] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  125.653179][ T7109] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  125.653188][ T7109] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  125.653206][ T7109]  </TASK>
[  125.771360][ T7113] x_tables: duplicate underflow at hook 1
[  126.109987][ T7116] 9pnet_virtio: no channels available for device syz
[  126.160830][ T7122] raw_sendmsg: syz.0.294 forgot to set AF_INET. Fix it!
[  126.313357][ T7126] netlink: 40 bytes leftover after parsing attributes in process `syz.1.295'.
[  126.869925][   T40] kauditd_printk_skb: 4 callbacks suppressed
[  126.869942][   T40] audit: type=1804 audit(1767116399.819:138): pid=7138 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.298" name="/newroot/72/file0/bus" dev="9p" ino=71827601 res=1 errno=0
[  126.885029][   T40] audit: type=1804 audit(1767116399.829:139): pid=7139 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.298" name="/newroot/72/file0/bus" dev="9p" ino=71827601 res=1 errno=0
[  127.022677][ T7141] x_tables: duplicate underflow at hook 1
[  127.027789][ T7141] hub 8-0:1.0: USB hub found
[  127.033085][ T7141] hub 8-0:1.0: 1 port detected
[  128.289514][   T40] audit: type=1326 audit(1767116401.209:140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7149 comm="syz.0.301" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf6ffd579 code=0x0
[  129.167711][ T7158] FAULT_INJECTION: forcing a failure.
[  129.167711][ T7158] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  129.167735][ T7158] CPU: 1 UID: 0 PID: 7158 Comm: syz.1.302 Not tainted syzkaller #0 PREEMPT(full) 
[  129.167749][ T7158] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  129.167757][ T7158] Call Trace:
[  129.167762][ T7158]  <TASK>
[  129.167767][ T7158]  dump_stack_lvl+0x16c/0x1f0
[  129.167787][ T7158]  should_fail_ex+0x512/0x640
[  129.167802][ T7158]  __fpu_restore_sig+0x90c/0x1370
[  129.167821][ T7158]  ? __pfx___fpu_restore_sig+0x10/0x10
[  129.167839][ T7158]  ? find_held_lock+0x2b/0x80
[  129.167861][ T7158]  ? __might_fault+0xe3/0x190
[  129.167874][ T7158]  ? __might_fault+0x13b/0x190
[  129.167889][ T7158]  fpu__restore_sig+0x151/0x190
[  129.167906][ T7158]  ia32_restore_sigcontext+0x44a/0x630
[  129.167919][ T7158]  ? __pfx_ia32_restore_sigcontext+0x10/0x10
[  129.167933][ T7158]  ? rcu_is_watching+0x12/0xc0
[  129.167949][ T7158]  ? _raw_spin_unlock_irq+0x23/0x50
[  129.167964][ T7158]  ? lockdep_hardirqs_on+0x7c/0x110
[  129.167982][ T7158]  __do_compat_sys_rt_sigreturn+0x18c/0x270
[  129.167994][ T7158]  ? __pfx___do_compat_sys_rt_sigreturn+0x10/0x10
[  129.168007][ T7158]  ? rcu_is_watching+0x12/0xc0
[  129.168023][ T7158]  do_int80_emulation+0x104/0x480
[  129.168042][ T7158]  asm_int80_emulation+0x1a/0x20
[  129.168053][ T7158] RIP: 0023:0xf70ed577
[  129.168062][ T7158] Code: 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 <cd> 80 5d 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00
[  129.168073][ T7158] RSP: 002b:00000000f54dd55c EFLAGS: 00000296
[  129.168082][ T7158] RAX: 00000000000001c1 RBX: 0000000080001080 RCX: 0000000000000001
[  129.168088][ T7158] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001
[  129.168100][ T7158] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  129.168106][ T7158] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  129.168112][ T7158] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  129.168126][ T7158]  </TASK>
[  129.792784][ T7173] x_tables: duplicate underflow at hook 1
[  130.280200][ T7186] netlink: 12 bytes leftover after parsing attributes in process `syz.3.310'.
[  130.479599][ T6623] vhci_hcd vhci_hcd.1: vhci_device speed not set
[  130.513381][   T40] audit: type=1326 audit(1767116403.459:141): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7177 comm="syz.0.309" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6ffd579 code=0x7ffc0000
[  130.558131][   T40] audit: type=1326 audit(1767116403.459:142): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7177 comm="syz.0.309" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6ffd579 code=0x7ffc0000
[  130.586577][   T40] audit: type=1326 audit(1767116403.459:143): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7177 comm="syz.0.309" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf6ffd579 code=0x7ffc0000
[  130.600766][   T40] audit: type=1326 audit(1767116403.459:144): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7177 comm="syz.0.309" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6ffd579 code=0x7ffc0000
[  130.622699][   T40] audit: type=1326 audit(1767116403.459:145): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7177 comm="syz.0.309" exe="/syz-executor" sig=0 arch=40000003 syscall=369 compat=1 ip=0xf6ffd579 code=0x7ffc0000
[  130.632684][   T40] audit: type=1326 audit(1767116403.459:146): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7177 comm="syz.0.309" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6ffd579 code=0x7ffc0000
[  130.652615][   T40] audit: type=1326 audit(1767116403.459:147): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7177 comm="syz.0.309" exe="/syz-executor" sig=0 arch=40000003 syscall=437 compat=1 ip=0xf6ffd579 code=0x7ffc0000
[  130.916308][ T7204] FAULT_INJECTION: forcing a failure.
[  130.916308][ T7204] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  130.922537][ T7204] CPU: 3 UID: 0 PID: 7204 Comm: syz.1.314 Not tainted syzkaller #0 PREEMPT(full) 
[  130.922562][ T7204] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  130.922573][ T7204] Call Trace:
[  130.922582][ T7204]  <TASK>
[  130.922591][ T7204]  dump_stack_lvl+0x16c/0x1f0
[  130.922621][ T7204]  should_fail_ex+0x512/0x640
[  130.922644][ T7204]  _copy_from_user+0x2e/0xd0
[  130.922661][ T7204]  copy_from_buffer+0x7f/0xc0
[  130.922689][ T7204]  copy_uabi_to_xstate+0xb4/0x670
[  130.922719][ T7204]  ? __pfx_copy_uabi_to_xstate+0x10/0x10
[  130.922750][ T7204]  ? __fpu_restore_sig+0xa8a/0x1370
[  130.922774][ T7204]  ? rcu_is_watching+0x12/0xc0
[  130.922796][ T7204]  ? x86_task_fpu+0x5f/0x90
[  130.922817][ T7204]  __fpu_restore_sig+0x10a6/0x1370
[  130.922844][ T7204]  ? __pfx___fpu_restore_sig+0x10/0x10
[  130.922898][ T7204]  ? find_held_lock+0x2b/0x80
[  130.922937][ T7204]  ? __might_fault+0xe3/0x190
[  130.922957][ T7204]  ? __might_fault+0x13b/0x190
[  130.922982][ T7204]  fpu__restore_sig+0x151/0x190
[  130.923010][ T7204]  ia32_restore_sigcontext+0x44a/0x630
[  130.923029][ T7204]  ? __pfx_ia32_restore_sigcontext+0x10/0x10
[  130.923053][ T7204]  ? rcu_is_watching+0x12/0xc0
[  130.923077][ T7204]  ? _raw_spin_unlock_irq+0x23/0x50
[  130.923100][ T7204]  ? lockdep_hardirqs_on+0x7c/0x110
[  130.923130][ T7204]  __do_compat_sys_rt_sigreturn+0x18c/0x270
[  130.923150][ T7204]  ? __pfx___do_compat_sys_rt_sigreturn+0x10/0x10
[  130.923171][ T7204]  ? rcu_is_watching+0x12/0xc0
[  130.923198][ T7204]  do_int80_emulation+0x104/0x480
[  130.923228][ T7204]  asm_int80_emulation+0x1a/0x20
[  130.923246][ T7204] RIP: 0023:0xf70ed577
[  130.923261][ T7204] Code: 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 <cd> 80 5d 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00
[  130.923279][ T7204] RSP: 002b:00000000f54dd55c EFLAGS: 00000296
[  130.923294][ T7204] RAX: 00000000000001c1 RBX: 0000000080001080 RCX: 0000000000000001
[  130.923306][ T7204] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001
[  130.923316][ T7204] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  130.923325][ T7204] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  130.923335][ T7204] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  130.923376][ T7204]  </TASK>
[  131.966125][ T7229] netlink: 16 bytes leftover after parsing attributes in process `syz.1.321'.
[  132.247687][ T7231] x_tables: duplicate underflow at hook 1
[  132.451425][ T7233] veth1_macvtap: left promiscuous mode
[  132.552623][ T7234] sctp: [Deprecated]: syz.0.322 (pid 7234) Use of int in maxseg socket option.
[  132.552623][ T7234] Use struct sctp_assoc_value instead
[  133.044006][ T7245] netlink: 20 bytes leftover after parsing attributes in process `syz.0.326'.
[  134.479503][   T53] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  134.629441][   T53] usb 5-1: Using ep0 maxpacket: 8
[  134.632643][   T53] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  134.636479][   T53] usb 5-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  134.639857][   T53] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  134.647376][   T53] usb 5-1: config 0 descriptor??
[  134.852680][   T53] iowarrior 5-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[  135.092612][    T9] usb 5-1: USB disconnect, device number 7
[  135.257361][ T7268] loop2: detected capacity change from 0 to 7
[  135.271798][ T7268] Dev loop2: unable to read RDB block 7
[  135.274138][ T7268]  loop2: AHDI p1 p2 p3
[  135.275927][ T7268] loop2: partition table partially beyond EOD, truncated
[  135.279138][ T7268] loop2: p1 start 1601398130 is beyond EOD, truncated
[  135.284293][ T7268] loop2: p2 start 1702059890 is beyond EOD, truncated
[  135.314580][ T7264] syzkaller0: entered promiscuous mode
[  135.316889][ T7264] syzkaller0: entered allmulticast mode
[  135.723401][ T7279] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(6)
[  135.725853][ T7279] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  135.729809][ T7279] vhci_hcd vhci_hcd.0: Device attached
[  136.139637][    T9] usb 38-1: SetAddress Request (14) to port 0
[  136.142581][    T9] usb 38-1: new SuperSpeed USB device number 14 using vhci_hcd
[  136.205572][ T7282] vhci_hcd: connection reset by peer
[  136.211814][   T98] vhci_hcd vhci_hcd.0: stop threads
[  136.219462][   T98] vhci_hcd vhci_hcd.0: release socket
[  136.222146][   T98] vhci_hcd vhci_hcd.0: disconnect device
[  136.365551][   T40] kauditd_printk_skb: 9 callbacks suppressed
[  136.365567][   T40] audit: type=1804 audit(1767116409.309:157): pid=7293 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.337" name="/newroot/90/file0/bus" dev="9p" ino=71827601 res=1 errno=0
[  137.335536][ T7299] 9pnet_virtio: no channels available for device syz
[  137.612152][ T1415] ieee802154 phy0 wpan0: encryption failed: -22
[  137.614186][ T1415] ieee802154 phy1 wpan1: encryption failed: -22
[  139.092887][   T40] audit: type=1326 audit(1767116411.799:158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7314 comm="syz.3.342" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f44579 code=0x0
[  139.485839][ T7326] warning: `syz.0.345' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  139.710300][ T7309] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(10)
[  139.713393][ T7309] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  139.716979][ T7309] vhci_hcd vhci_hcd.0: Device attached
[  139.816040][ T7336] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  139.877979][ T7333] vhci_hcd: connection closed
[  139.878341][ T6694] vhci_hcd vhci_hcd.1: stop threads
[  139.882219][ T6694] vhci_hcd vhci_hcd.1: release socket
[  139.884525][ T6694] vhci_hcd vhci_hcd.1: disconnect device
[  140.604587][ T7343] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(7)
[  140.607780][ T7343] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  140.611313][ T7343] vhci_hcd vhci_hcd.0: Device attached
[  140.795395][ T7347] vhci_hcd: connection closed
[  140.797340][   T13] vhci_hcd vhci_hcd.3: stop threads
[  140.819870][   T13] vhci_hcd vhci_hcd.3: release socket
[  140.840501][   T13] vhci_hcd vhci_hcd.3: disconnect device
[  140.859485][ T5940] usb 43-1: new low-speed USB device number 3 using vhci_hcd
[  140.862974][ T5940] usb 43-1: enqueue for inactive port 0
[  140.905822][ T7354] loop2: detected capacity change from 0 to 7
[  140.914644][ T5950] Dev loop2: unable to read RDB block 7
[  140.922086][   T40] audit: type=1804 audit(1767116413.869:159): pid=7351 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.348" name="/newroot/76/file0/bus" dev="9p" ino=71827601 res=1 errno=0
[  140.959527][ T5950]  loop2: AHDI p1 p2 p3
[  140.962234][ T5950] loop2: partition table partially beyond EOD, truncated
[  140.966544][ T5950] loop2: p1 start 1601398130 is beyond EOD, truncated
[  140.969704][ T5950] loop2: p2 start 1702059890 is beyond EOD, truncated
[  141.029539][ T5940] vhci_hcd vhci_hcd.3: vhci_device speed not set
[  141.033581][ T7354] Dev loop2: unable to read RDB block 7
[  141.039575][ T7354]  loop2: AHDI p1 p2 p3
[  141.041985][ T7354] loop2: partition table partially beyond EOD, truncated
[  141.046545][ T7354] loop2: p1 start 1601398130 is beyond EOD, truncated
[  141.050574][ T7354] loop2: p2 start 1702059890 is beyond EOD, truncated
[  141.209196][ T7363] x_tables: duplicate underflow at hook 1
[  141.212321][    T9] usb 38-1: device descriptor read/8, error -110
[  141.217994][ T7365] netlink: 60 bytes leftover after parsing attributes in process `syz.0.351'.
[  141.233813][ T7367] netlink: 12 bytes leftover after parsing attributes in process `syz.1.353'.
[  141.236556][ T7363] hub 8-0:1.0: USB hub found
[  141.241095][ T7363] hub 8-0:1.0: 1 port detected
[  141.289221][ T7370] netlink: 12 bytes leftover after parsing attributes in process `syz.0.351'.
[  141.614246][    T9] usb usb38-port1: attempt power cycle
[  141.747213][ T7387] UDF-fs: warning (device sr0): udf_load_vrs: No VRS found
[  141.749990][ T7387] UDF-fs: Scanning with blocksize 2048 failed
[  141.759598][ T7387] UDF-fs: warning (device sr0): udf_load_vrs: No VRS found
[  141.763134][ T7387] UDF-fs: Scanning with blocksize 4096 failed
[  142.117326][ T7398] loop2: detected capacity change from 0 to 7
[  142.121541][ T5950] Dev loop2: unable to read RDB block 7
[  142.124913][ T5950]  loop2: AHDI p1 p2 p3
[  142.127412][ T5950] loop2: partition table partially beyond EOD, truncated
[  142.133226][ T5950] loop2: p1 start 1601398130 is beyond EOD, truncated
[  142.133729][   T40] audit: type=1804 audit(1767116415.079:160): pid=7399 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.359" name="/newroot/86/file0/bus" dev="9p" ino=71827601 res=1 errno=0
[  142.136184][ T5950] loop2: p2 start 1702059890 is beyond EOD, truncated
[  142.428838][ T7398] Dev loop2: unable to read RDB block 7
[  142.431964][ T7398]  loop2: AHDI p1 p2 p3
[  142.433976][ T7398] loop2: partition table partially beyond EOD, truncated
[  142.437371][ T7398] loop2: p1 start 1601398130 is beyond EOD, truncated
[  142.441000][ T7398] loop2: p2 start 1702059890 is beyond EOD, truncated
[  142.519858][ T7403] capability: warning: `syz.2.361' uses 32-bit capabilities (legacy support in use)
[  142.699872][    T9] usb usb38-port1: unable to enumerate USB device
[  142.929711][ T7419] netlink: 4 bytes leftover after parsing attributes in process `syz.1.366'.
[  142.983769][ T7423] netlink: 24 bytes leftover after parsing attributes in process `syz.3.365'.
[  143.032614][ T7424] syzkaller0: entered promiscuous mode
[  143.032634][ T7424] syzkaller0: entered allmulticast mode
[  145.687410][ T7447] x_tables: duplicate underflow at hook 1
[  145.690943][ T7447] hub 8-0:1.0: USB hub found
[  145.693266][ T7447] hub 8-0:1.0: 1 port detected
[  145.721004][ T7444] FAULT_INJECTION: forcing a failure.
[  145.721004][ T7444] name failslab, interval 1, probability 0, space 0, times 0
[  145.726658][ T7444] CPU: 2 UID: 0 PID: 7444 Comm: syz.2.373 Not tainted syzkaller #0 PREEMPT(full) 
[  145.726682][ T7444] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  145.726693][ T7444] Call Trace:
[  145.726700][ T7444]  <TASK>
[  145.726707][ T7444]  dump_stack_lvl+0x16c/0x1f0
[  145.726770][ T7444]  should_fail_ex+0x512/0x640
[  145.726791][ T7444]  ? __kmalloc_noprof+0xca/0x910
[  145.726814][ T7444]  should_failslab+0xc2/0x120
[  145.726841][ T7444]  __kmalloc_noprof+0xeb/0x910
[  145.726859][ T7444]  ? __pfx_ia32_restore_sigcontext+0x10/0x10
[  145.726879][ T7444]  ? __do_sys_futex_waitv+0x221/0x2c0
[  145.726906][ T7444]  ? __do_sys_futex_waitv+0x221/0x2c0
[  145.726926][ T7444]  __do_sys_futex_waitv+0x221/0x2c0
[  145.726949][ T7444]  ? __pfx___do_sys_futex_waitv+0x10/0x10
[  145.726977][ T7444]  ? __pfx___do_compat_sys_rt_sigreturn+0x10/0x10
[  145.727004][ T7444]  do_int80_emulation+0x104/0x480
[  145.727035][ T7444]  asm_int80_emulation+0x1a/0x20
[  145.727053][ T7444] RIP: 0023:0xf702d579
[  145.727067][ T7444] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  145.727083][ T7444] RSP: 002b:00000000f541d55c EFLAGS: 00000296 ORIG_RAX: 00000000000001c1
[  145.727101][ T7444] RAX: ffffffffffffffda RBX: 0000000080001080 RCX: 0000000000000001
[  145.727112][ T7444] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001
[  145.727122][ T7444] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  145.727132][ T7444] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  145.727142][ T7444] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  145.727165][ T7444]  </TASK>
[  145.916148][ T7452] netlink: 4 bytes leftover after parsing attributes in process `syz.2.375'.
[  146.181147][ T7456] Process accounting resumed
[  146.708657][   T40] audit: type=1326 audit(1767116419.649:161): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7475 comm="syz.0.382" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6ffd579 code=0x7ffc0000
[  146.739517][   T40] audit: type=1326 audit(1767116419.669:162): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7475 comm="syz.0.382" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6ffd579 code=0x7ffc0000
[  146.748923][   T40] audit: type=1326 audit(1767116419.669:163): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7475 comm="syz.0.382" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6ffd579 code=0x7ffc0000
[  146.767185][   T40] audit: type=1326 audit(1767116419.669:164): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7475 comm="syz.0.382" exe="/syz-executor" sig=0 arch=40000003 syscall=360 compat=1 ip=0xf6ffd579 code=0x7ffc0000
[  146.779678][   T40] audit: type=1326 audit(1767116419.669:165): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7475 comm="syz.0.382" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6ffd579 code=0x7ffc0000
[  146.787587][   T40] audit: type=1326 audit(1767116419.669:166): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7475 comm="syz.0.382" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6ffd579 code=0x7ffc0000
[  146.794762][   T40] audit: type=1326 audit(1767116419.669:167): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7475 comm="syz.0.382" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf6ffd579 code=0x7ffc0000
[  146.886765][ T7487] FAULT_INJECTION: forcing a failure.
[  146.886765][ T7487] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  146.909510][ T7487] CPU: 0 UID: 0 PID: 7487 Comm: syz.3.384 Not tainted syzkaller #0 PREEMPT(full) 
[  146.909552][ T7487] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  146.909564][ T7487] Call Trace:
[  146.909570][ T7487]  <TASK>
[  146.909577][ T7487]  dump_stack_lvl+0x16c/0x1f0
[  146.909608][ T7487]  should_fail_ex+0x512/0x640
[  146.909631][ T7487]  _copy_from_user+0x2e/0xd0
[  146.909650][ T7487]  futex_parse_waitv+0x101/0x520
[  146.909673][ T7487]  ? __pfx_futex_wake_mark+0x10/0x10
[  146.909698][ T7487]  ? __pfx_futex_parse_waitv+0x10/0x10
[  146.909716][ T7487]  ? rcu_is_watching+0x12/0xc0
[  146.909741][ T7487]  ? __kmalloc_noprof+0x35d/0x910
[  146.909759][ T7487]  ? __pfx_ia32_restore_sigcontext+0x10/0x10
[  146.909778][ T7487]  ? __do_sys_futex_waitv+0x221/0x2c0
[  146.909803][ T7487]  __do_sys_futex_waitv+0x245/0x2c0
[  146.909825][ T7487]  ? __pfx___do_sys_futex_waitv+0x10/0x10
[  146.909851][ T7487]  ? __pfx___do_compat_sys_rt_sigreturn+0x10/0x10
[  146.909876][ T7487]  do_int80_emulation+0x104/0x480
[  146.909907][ T7487]  asm_int80_emulation+0x1a/0x20
[  146.909925][ T7487] RIP: 0023:0xf7f44579
[  146.909939][ T7487] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  146.909956][ T7487] RSP: 002b:00000000f543655c EFLAGS: 00000296 ORIG_RAX: 00000000000001c1
[  146.909973][ T7487] RAX: ffffffffffffffda RBX: 0000000080001080 RCX: 0000000000000001
[  146.909984][ T7487] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001
[  146.909994][ T7487] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  146.910004][ T7487] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  146.910014][ T7487] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  146.910042][ T7487]  </TASK>
[  147.402367][ T7493] x_tables: duplicate underflow at hook 1
[  147.996847][ T7498] QAT: Stopping all acceleration devices.
[  148.212733][ T7495] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  148.408253][ T7502] loop2: detected capacity change from 0 to 7
[  148.410964][ T7502] Dev loop2: unable to read RDB block 7
[  148.412539][ T7504] fuse: blksize only supported for fuseblk
[  148.412848][ T7502]  loop2: AHDI p1 p2 p3
[  148.417741][ T7502] loop2: partition table partially beyond EOD, truncated
[  148.421300][ T7502] loop2: p1 start 1601398130 is beyond EOD, truncated
[  148.424533][ T7502] loop2: p2 start 1702059890 is beyond EOD, truncated
[  148.445474][ T7508] overlayfs: missing 'lowerdir'
[  148.478732][ T7511] netlink: 4 bytes leftover after parsing attributes in process `syz.0.392'.
[  149.434840][ T7526] UDF-fs: warning (device sr0): udf_load_vrs: No VRS found
[  149.438486][ T7526] UDF-fs: Scanning with blocksize 2048 failed
[  149.445186][ T7526] UDF-fs: warning (device sr0): udf_load_vrs: No VRS found
[  149.448482][ T7526] UDF-fs: Scanning with blocksize 4096 failed
[  149.614483][ T7527] bridge_slave_1: left allmulticast mode
[  149.616979][ T7527] bridge_slave_1: left promiscuous mode
[  149.620481][ T7527] bridge0: port 2(bridge_slave_1) entered disabled state
[  149.672760][ T7527] bond0: (slave bond_slave_0): Releasing backup interface
[  149.674272][ T7531] netlink: 11228 bytes leftover after parsing attributes in process `syz.2.396'.
[  149.889160][ T7527] bond0: (slave bond_slave_1): Releasing backup interface
[  149.931489][ T7527] team0: Port device team_slave_0 removed
[  149.939192][ T7527] team0: Port device team_slave_1 removed
[  149.946153][ T7527] batman_adv: batadv0: Removing interface: batadv_slave_0
[  149.954311][ T7527] batman_adv: batadv0: Removing interface: batadv_slave_1
[  150.098977][ T7527] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[  150.596073][ T7538] rtc_cmos 00:05: Alarms can be up to one day in the future
[  150.759702][ T7544] x_tables: duplicate underflow at hook 1
[  150.877115][ T7547] loop2: detected capacity change from 0 to 7
[  150.881101][ T7547] Dev loop2: unable to read RDB block 7
[  150.883625][ T7547]  loop2: AHDI p1 p2 p3
[  150.885572][ T7547] loop2: partition table partially beyond EOD, truncated
[  150.894953][ T7548] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(8)
[  150.897858][ T7548] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  150.899545][ T7547] loop2: p1 start 1601398130 is beyond EOD, truncated
[  150.904046][ T7547] loop2: p2 start 1702059890 is beyond EOD, truncated
[  150.914939][ T7548] vhci_hcd vhci_hcd.0: Device attached
[  151.017518][   T53] rtc_cmos 00:05: Alarms can be up to one day in the future
[  151.018613][   T53] rtc_cmos 00:05: Alarms can be up to one day in the future
[  151.022588][   T53] rtc_cmos 00:05: Alarms can be up to one day in the future
[  151.023559][   T53] rtc_cmos 00:05: Alarms can be up to one day in the future
[  151.023578][   T53] rtc rtc0: __rtc_set_alarm: err=-22
[  151.162072][   T34] usb 39-1: new low-speed USB device number 4 using vhci_hcd
[  151.424727][ T7559] netlink: 45 bytes leftover after parsing attributes in process `syz.0.404'.
[  151.440064][ T7560] comedi comedi3: comedi_config --init_data is deprecated
[  151.582639][ T7549] vhci_hcd: connection reset by peer
[  151.585649][ T6694] vhci_hcd vhci_hcd.1: stop threads
[  151.588491][ T6694] vhci_hcd vhci_hcd.1: release socket
[  151.593087][ T6694] vhci_hcd vhci_hcd.1: disconnect device
[  151.894106][ T7574] loop2: detected capacity change from 0 to 7
[  151.898503][ T5950] Dev loop2: unable to read RDB block 7
[  151.909512][ T5950]  loop2: AHDI p1 p2 p3
[  151.910932][ T5950] loop2: partition table partially beyond EOD, truncated
[  151.913131][ T5950] loop2: p1 start 1601398130 is beyond EOD, truncated
[  151.915216][ T5950] loop2: p2 start 1702059890 is beyond EOD, truncated
[  151.919077][ T7574] Dev loop2: unable to read RDB block 7
[  151.922140][ T7574]  loop2: AHDI p1 p2 p3
[  151.924318][ T7574] loop2: partition table partially beyond EOD, truncated
[  151.927904][ T7574] loop2: p1 start 1601398130 is beyond EOD, truncated
[  151.931812][ T7574] loop2: p2 start 1702059890 is beyond EOD, truncated
[  153.273960][ T7594] x_tables: duplicate underflow at hook 1
[  154.243396][ T7611] ALSA: mixer_oss: invalid OSS volume ''
[  154.252674][ T7611] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(8)
[  154.254903][ T7611] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  154.257891][ T7611] vhci_hcd vhci_hcd.0: Device attached
[  154.841774][ T7612] vhci_hcd: connection closed
[  154.850373][   T62] vhci_hcd vhci_hcd.1: stop threads
[  154.861035][   T62] vhci_hcd vhci_hcd.1: release socket
[  154.952770][   T62] vhci_hcd vhci_hcd.1: disconnect device
[  155.858981][ T7628] netlink: 24 bytes leftover after parsing attributes in process `syz.3.422'.
[  156.249496][   T34] vhci_hcd vhci_hcd.1: vhci_device speed not set
[  156.558869][ T7637] x_tables: duplicate underflow at hook 1
[  157.186304][ T7645] sp0: Synchronizing with TNC
[  157.191116][ T7644] [U] è
[  157.388334][ T7652] loop2: detected capacity change from 0 to 7
[  157.402211][ T5950] Dev loop2: unable to read RDB block 7
[  157.404895][ T5950]  loop2: AHDI p1 p2 p3
[  157.409707][ T5950] loop2: partition table partially beyond EOD, truncated
[  157.414295][ T5950] loop2: p1 start 1601398130 is beyond EOD, truncated
[  157.421049][ T5950] loop2: p2 start 1702059890 is beyond EOD, truncated
[  157.786230][ T7652] Dev loop2: unable to read RDB block 7
[  157.789765][ T7652]  loop2: AHDI p1 p2 p3
[  157.791717][ T7652] loop2: partition table partially beyond EOD, truncated
[  157.795682][ T7652] loop2: p1 start 1601398130 is beyond EOD, truncated
[  157.798922][ T7652] loop2: p2 start 1702059890 is beyond EOD, truncated
[  157.994538][ T7658] netlink: 'syz.0.430': attribute type 13 has an invalid length.
[  158.840799][ T7658] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  159.319267][ T7679] netlink: 8 bytes leftover after parsing attributes in process `syz.0.444'.
[  159.974037][ T7687] loop2: detected capacity change from 0 to 7
[  159.977908][ T7687] Dev loop2: unable to read RDB block 7
[  159.980774][ T7687]  loop2: AHDI p1 p2 p3
[  159.982539][ T7687] loop2: partition table partially beyond EOD, truncated
[  159.985575][ T7687] loop2: p1 start 1601398130 is beyond EOD, truncated
[  159.988806][ T7687] loop2: p2 start 1702059890 is beyond EOD, truncated
[  162.994422][ T7698] x_tables: duplicate underflow at hook 1
[  163.011820][ T7698] hub 8-0:1.0: USB hub found
[  163.014249][ T7698] hub 8-0:1.0: 1 port detected
[  163.653800][ T7726] x_tables: duplicate underflow at hook 1
[  163.661757][ T7726] hub 8-0:1.0: USB hub found
[  163.664764][ T7726] hub 8-0:1.0: 1 port detected
[  164.133939][ T7732] x_tables: duplicate underflow at hook 1
[  164.282674][ T7734] loop2: detected capacity change from 0 to 7
[  164.289212][ T7734] Dev loop2: unable to read RDB block 7
[  164.291437][ T7734]  loop2: AHDI p1 p2 p3
[  164.294913][ T7734] loop2: partition table partially beyond EOD, truncated
[  164.338023][ T7734] loop2: p1 start 1601398130 is beyond EOD, truncated
[  164.354892][ T7734] loop2: p2 start 1702059890 is beyond EOD, truncated
[  164.473022][ T7742] netlink: 'syz.1.453': attribute type 1 has an invalid length.
[  164.476769][ T7742] netlink: 224 bytes leftover after parsing attributes in process `syz.1.453'.
[  164.483952][ T7740] fuse: Unknown parameter '€0x0000000000000004'
[  165.242948][ T7754] FAULT_INJECTION: forcing a failure.
[  165.242948][ T7754] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  165.247521][ T7754] CPU: 1 UID: 0 PID: 7754 Comm: syz.3.455 Not tainted syzkaller #0 PREEMPT(full) 
[  165.247540][ T7754] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  165.247554][ T7754] Call Trace:
[  165.247571][ T7754]  <TASK>
[  165.247579][ T7754]  dump_stack_lvl+0x16c/0x1f0
[  165.247601][ T7754]  should_fail_ex+0x512/0x640
[  165.247617][ T7754]  _copy_from_user+0x2e/0xd0
[  165.247630][ T7754]  copy_from_buffer+0x7f/0xc0
[  165.247653][ T7754]  copy_uabi_to_xstate+0xb4/0x670
[  165.247675][ T7754]  ? __pfx_copy_uabi_to_xstate+0x10/0x10
[  165.247696][ T7754]  ? __fpu_restore_sig+0xa8a/0x1370
[  165.247711][ T7754]  ? rcu_is_watching+0x12/0xc0
[  165.247727][ T7754]  ? x86_task_fpu+0x5f/0x90
[  165.247742][ T7754]  __fpu_restore_sig+0x10a6/0x1370
[  165.247760][ T7754]  ? __pfx___fpu_restore_sig+0x10/0x10
[  165.247778][ T7754]  ? find_held_lock+0x2b/0x80
[  165.247797][ T7754]  ? __might_fault+0xe3/0x190
[  165.247811][ T7754]  ? __might_fault+0x13b/0x190
[  165.247826][ T7754]  fpu__restore_sig+0x151/0x190
[  165.247843][ T7754]  ia32_restore_sigcontext+0x44a/0x630
[  165.247856][ T7754]  ? __pfx_ia32_restore_sigcontext+0x10/0x10
[  165.247871][ T7754]  ? rcu_is_watching+0x12/0xc0
[  165.247885][ T7754]  ? _raw_spin_unlock_irq+0x23/0x50
[  165.247900][ T7754]  ? lockdep_hardirqs_on+0x7c/0x110
[  165.247919][ T7754]  __do_compat_sys_rt_sigreturn+0x18c/0x270
[  165.247931][ T7754]  ? __pfx___do_compat_sys_rt_sigreturn+0x10/0x10
[  165.247944][ T7754]  ? rcu_is_watching+0x12/0xc0
[  165.247960][ T7754]  do_int80_emulation+0x104/0x480
[  165.247979][ T7754]  asm_int80_emulation+0x1a/0x20
[  165.247991][ T7754] RIP: 0023:0xf7f44577
[  165.248000][ T7754] Code: 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 <cd> 80 5d 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00
[  165.248011][ T7754] RSP: 002b:00000000f543655c EFLAGS: 00000296
[  165.248020][ T7754] RAX: 00000000000001c1 RBX: 0000000080001080 RCX: 0000000000000001
[  165.248027][ T7754] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001
[  165.248033][ T7754] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  165.248039][ T7754] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  165.248045][ T7754] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  165.248058][ T7754]  </TASK>
[  165.484044][ T7762] netlink: 8 bytes leftover after parsing attributes in process `syz.1.457'.
[  165.513048][ T7762] fuse: Unknown parameter 'fd„5ˆ(é˜h¯j7H+Çl2—ÄSÚس–âP?Ä:ƒ4•‚'
[  165.719449][   T53] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[  165.881370][   T53] usb 7-1: Using ep0 maxpacket: 16
[  165.897956][   T53] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  165.903465][   T53] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  165.909473][   T53] usb 7-1: New USB device found, idVendor=0458, idProduct=5016, bcdDevice= 0.00
[  165.931041][   T53] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  165.969251][   T53] usb 7-1: config 0 descriptor??
[  165.989970][ T7772] x_tables: duplicate underflow at hook 1
[  165.997979][ T7772] hub 8-0:1.0: USB hub found
[  166.003801][ T7772] hub 8-0:1.0: 1 port detected
[  166.557116][   T53] kye 0003:0458:5016.0003: control desc unexpectedly large
[  166.564350][   T53] input: HID 0458:5016 as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:0.0/0003:0458:5016.0003/input/input8
[  166.588941][ T7779] loop2: detected capacity change from 0 to 7
[  166.599572][ T7779] Dev loop2: unable to read RDB block 7
[  166.602243][ T7779]  loop2: AHDI p1 p2 p3
[  166.604194][ T7779] loop2: partition table partially beyond EOD, truncated
[  166.629669][ T7779] loop2: p1 start 1601398130 is beyond EOD, truncated
[  166.632908][ T7779] loop2: p2 start 1702059890 is beyond EOD, truncated
[  166.655004][   T53] input: HID 0458:5016 as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:0.0/0003:0458:5016.0003/input/input9
[  166.732792][   T53] kye 0003:0458:5016.0003: input,hiddev0,hidraw1: USB HID v0.09 Device [HID 0458:5016] on usb-dummy_hcd.2-1/input0
[  166.820869][ T7783] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  166.954893][ T7787] FAULT_INJECTION: forcing a failure.
[  166.954893][ T7787] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  166.956354][ T7783] netlink: 4 bytes leftover after parsing attributes in process `syz.1.463'.
[  166.964741][ T7783] openvswitch: netlink: nsh attribute has 4 unknown bytes.
[  166.969799][ T7787] CPU: 0 UID: 0 PID: 7787 Comm: syz.3.465 Not tainted syzkaller #0 PREEMPT(full) 
[  166.969823][ T7787] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  166.969833][ T7787] Call Trace:
[  166.969839][ T7787]  <TASK>
[  166.969846][ T7787]  dump_stack_lvl+0x16c/0x1f0
[  166.969874][ T7787]  should_fail_ex+0x512/0x640
[  166.969895][ T7787]  save_fsave_header+0x14c/0x2f0
[  166.969920][ T7787]  ? __pfx_save_fsave_header+0x10/0x10
[  166.969951][ T7787]  ? copy_fpstate_to_sigframe+0x2c3/0xad0
[  166.969974][ T7787]  ? rcu_is_watching+0x12/0xc0
[  166.969996][ T7787]  ? __local_bh_enable_ip+0xa4/0x120
[  166.970022][ T7787]  copy_fpstate_to_sigframe+0x74f/0xad0
[  166.970051][ T7787]  ? __pfx_copy_fpstate_to_sigframe+0x10/0x10
[  166.970074][ T7787]  ? posixtimer_deliver_signal+0x105/0x6b0
[  166.970101][ T7787]  ? posixtimer_deliver_signal+0x1c7/0x6b0
[  166.970119][ T7787]  ? x86_task_fpu+0x5f/0x90
[  166.970142][ T7787]  get_sigframe+0x4a8/0x9c0
[  166.970168][ T7787]  ? __pfx_get_sigframe+0x10/0x10
[  166.970191][ T7787]  ? _raw_spin_unlock_irq+0x23/0x50
[  166.970211][ T7787]  ? siginfo_layout+0x177/0x290
[  166.970234][ T7787]  ia32_setup_rt_frame+0xe4/0xb30
[  166.970257][ T7787]  ? __pfx_ia32_setup_rt_frame+0x10/0x10
[  166.970274][ T7787]  ? __lock_acquire+0x436/0x2890
[  166.970293][ T7787]  arch_do_signal_or_restart+0x475/0x7a0
[  166.970316][ T7787]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  166.970344][ T7787]  ? find_held_lock+0x2b/0x80
[  166.970363][ T7787]  ? __might_fault+0xe3/0x190
[  166.970412][ T7787]  ? __might_fault+0xe3/0x190
[  166.970434][ T7787]  exit_to_user_mode_loop+0x8c/0x540
[  166.970456][ T7787]  do_int80_emulation+0x3a8/0x480
[  166.970485][ T7787]  asm_int80_emulation+0x1a/0x20
[  166.970501][ T7787] RIP: 0023:0xf7f44577
[  166.970516][ T7787] Code: 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 <cd> 80 5d 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00
[  166.970563][ T7787] RSP: 002b:00000000f543655c EFLAGS: 00000296 ORIG_RAX: 00000000000001c1
[  166.970598][ T7787] RAX: 00000000000001c1 RBX: 0000000080001080 RCX: 0000000000000001
[  166.970609][ T7787] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001
[  166.970626][ T7787] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  166.970635][ T7787] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  166.970645][ T7787] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  166.970666][ T7787]  </TASK>
[  167.359633][ T6623] usb 7-1: USB disconnect, device number 3
[  167.433101][ T7803] x_tables: duplicate underflow at hook 1
[  168.248706][   T40] audit: type=1326 audit(1767116441.189:168): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7818 comm="syz.2.471" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702d579 code=0x7ffc0000
[  168.276649][   T40] audit: type=1326 audit(1767116441.189:169): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7818 comm="syz.2.471" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702d579 code=0x7ffc0000
[  168.304183][   T40] audit: type=1326 audit(1767116441.189:170): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7818 comm="syz.2.471" exe="/syz-executor" sig=0 arch=40000003 syscall=360 compat=1 ip=0xf702d579 code=0x7ffc0000
[  168.333820][   T40] audit: type=1326 audit(1767116441.189:171): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7818 comm="syz.2.471" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702d579 code=0x7ffc0000
[  168.353513][   T40] audit: type=1326 audit(1767116441.209:172): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7818 comm="syz.2.471" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf702d579 code=0x7ffc0000
[  168.405903][   T40] audit: type=1326 audit(1767116441.349:173): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7818 comm="syz.2.471" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702d579 code=0x7ffc0000
[  168.427525][   T40] audit: type=1326 audit(1767116441.349:174): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7818 comm="syz.2.471" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702d579 code=0x7ffc0000
[  168.477667][ T6028] libceph: connect (1)[c::]:6789 error -101
[  168.482397][ T6028] libceph: mon0 (1)[c::]:6789 connect error
[  168.714390][   T40] audit: type=1804 audit(1767116441.659:175): pid=7857 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.473" name="/newroot/105/file0/bus" dev="9p" ino=71827601 res=1 errno=0
[  168.848367][ T6028] libceph: connect (1)[c::]:6789 error -101
[  168.851110][ T6028] libceph: mon0 (1)[c::]:6789 connect error
[  168.936748][ T7862] FAULT_INJECTION: forcing a failure.
[  168.936748][ T7862] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  168.945201][ T7862] CPU: 0 UID: 0 PID: 7862 Comm: syz.3.475 Not tainted syzkaller #0 PREEMPT(full) 
[  168.945246][ T7862] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  168.945257][ T7862] Call Trace:
[  168.945263][ T7862]  <TASK>
[  168.945270][ T7862]  dump_stack_lvl+0x16c/0x1f0
[  168.945298][ T7862]  should_fail_ex+0x512/0x640
[  168.945320][ T7862]  _copy_from_user+0x2e/0xd0
[  168.945338][ T7862]  copy_from_buffer+0x7f/0xc0
[  168.945364][ T7862]  copy_uabi_to_xstate+0x26d/0x670
[  168.945392][ T7862]  ? __pfx_copy_uabi_to_xstate+0x10/0x10
[  168.945422][ T7862]  ? __fpu_restore_sig+0xa8a/0x1370
[  168.945443][ T7862]  ? rcu_is_watching+0x12/0xc0
[  168.945463][ T7862]  ? x86_task_fpu+0x5f/0x90
[  168.945484][ T7862]  __fpu_restore_sig+0x10a6/0x1370
[  168.945510][ T7862]  ? __pfx___fpu_restore_sig+0x10/0x10
[  168.945534][ T7862]  ? find_held_lock+0x2b/0x80
[  168.945562][ T7862]  ? __might_fault+0xe3/0x190
[  168.945683][ T7862]  ? __might_fault+0x13b/0x190
[  168.945727][ T7862]  fpu__restore_sig+0x151/0x190
[  168.945754][ T7862]  ia32_restore_sigcontext+0x44a/0x630
[  168.945775][ T7862]  ? __pfx_ia32_restore_sigcontext+0x10/0x10
[  168.945803][ T7862]  ? rcu_is_watching+0x12/0xc0
[  168.945824][ T7862]  ? _raw_spin_unlock_irq+0x23/0x50
[  168.945845][ T7862]  ? lockdep_hardirqs_on+0x7c/0x110
[  168.945872][ T7862]  __do_compat_sys_rt_sigreturn+0x18c/0x270
[  168.945889][ T7862]  ? __pfx___do_compat_sys_rt_sigreturn+0x10/0x10
[  168.945909][ T7862]  ? rcu_is_watching+0x12/0xc0
[  168.945931][ T7862]  do_int80_emulation+0x104/0x480
[  168.945959][ T7862]  asm_int80_emulation+0x1a/0x20
[  168.945974][ T7862] RIP: 0023:0xf7f44577
[  168.945988][ T7862] Code: 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 <cd> 80 5d 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00
[  168.946003][ T7862] RSP: 002b:00000000f543655c EFLAGS: 00000296
[  168.946016][ T7862] RAX: 00000000000001c1 RBX: 0000000080001080 RCX: 0000000000000001
[  168.946026][ T7862] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001
[  168.946035][ T7862] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  168.946043][ T7862] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  168.946052][ T7862] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  168.946073][ T7862]  </TASK>
[  169.121622][ T7840] ceph: No mds server is up or the cluster is laggy
[  169.868756][ T7894] overlayfs: missing 'workdir'
[  170.213368][ T7910] lo: entered promiscuous mode
[  170.217567][ T7910] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  170.410589][   T62] wlan0: Trigger new scan to find an IBSS to join
[  170.430764][ T7914] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  171.163456][ T7922] netlink: 4 bytes leftover after parsing attributes in process `syz.0.492'.
[  172.170154][ T6091] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  172.321234][ T6091] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  172.326383][ T6091] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  172.331596][ T6091] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  172.335628][ T6091] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  172.402311][ T7953] Cannot find add_set index 2 as target
[  173.298900][ T7944] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  173.315806][ T6091] usb 6-1: Quirk or no altset; falling back to MIDI 1.0
[  173.964606][   T40] audit: type=1326 audit(1767116446.909:176): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7961 comm="syz.3.501" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f44579 code=0x0
[  173.975574][   T40] audit: type=1326 audit(1767116446.909:177): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7961 comm="syz.3.501" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f44579 code=0x0
[  174.147788][ T7979] overlayfs: failed to resolve './file1:/': -2
[  174.238927][ T6091] usb 6-1: USB disconnect, device number 4
[  174.970498][ T7993] syz.3.507 (7993): /proc/7986/oom_adj is deprecated, please use /proc/7986/oom_score_adj instead.
[  175.003963][ T7993] tmpfs: Bad value for 'mpol'
[  175.314275][ T7997] MTD: Attempt to mount non-MTD device "/dev/nullb0"
[  175.318751][ T7997] /dev/nullb0: Can't open blockdev
[  175.449629][   T62] wlan0: Trigger new scan to find an IBSS to join
[  175.687937][   T40] audit: type=1804 audit(1767116448.629:178): pid=8003 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.510" name="/newroot/131/bus/bus" dev="overlay" ino=757 res=1 errno=0
[  175.702059][ T8003] evm: overlay not supported
[  175.726647][   T40] audit: type=1804 audit(1767116448.659:179): pid=8003 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.510" name="/newroot/131/bus/bus" dev="overlay" ino=757 res=1 errno=0
[  175.838912][   T40] audit: type=1800 audit(1767116448.659:180): pid=8003 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.510" name="bus" dev="overlay" ino=757 res=0 errno=0
[  176.012400][ T8009] bridge: RTM_NEWNEIGH with invalid ether address
[  176.027360][   T40] audit: type=1326 audit(1767116448.899:181): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8004 comm="syz.3.511" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f44579 code=0x0
[  176.097694][ T8012] bond1: option arp_validate: invalid value (524288)
[  176.108622][ T8012] bond1 (unregistering): Released all slaves
[  176.143426][ T8015] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check.
[  176.610052][ T1141] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  177.644368][ T8043] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(4)
[  177.647444][ T8043] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  177.652721][ T8043] vhci_hcd vhci_hcd.0: Device attached
[  177.711441][ T8047] netlink: 4 bytes leftover after parsing attributes in process `syz.2.521'.
[  177.939603][   T34] usb 42-1: SetAddress Request (7) to port 0
[  177.942517][   T34] usb 42-1: new SuperSpeed USB device number 7 using vhci_hcd
[  178.132770][ T8037] x_tables: duplicate underflow at hook 1
[  178.327047][   T40] audit: type=1804 audit(1767116451.269:182): pid=8055 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.522" name="/newroot/134/file0/bus" dev="9p" ino=71827601 res=1 errno=0
[  178.371647][ T8061] 9pnet_virtio: no channels available for device syz
[  178.385141][ T8061] netlink: 'syz.1.524': attribute type 10 has an invalid length.
[  178.388609][ T8061] netlink: 40 bytes leftover after parsing attributes in process `syz.1.524'.
[  178.400570][ T8061] team0: Port device geneve0 added
[  178.459541][ T8044] vhci_hcd: connection closed
[  178.459872][ T3813] vhci_hcd vhci_hcd.2: stop threads
[  178.466687][ T3813] vhci_hcd vhci_hcd.2: release socket
[  178.474078][ T3813] vhci_hcd vhci_hcd.2: disconnect device
[  178.587199][ T8069] 9pnet_virtio: no channels available for device syz
[  178.615179][ T8070] 9pnet_virtio: no channels available for device syz
[  179.058523][ T8072] mmap: syz.3.528 (8072) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  179.464090][ T8080] FAULT_INJECTION: forcing a failure.
[  179.464090][ T8080] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  179.470765][ T8080] CPU: 1 UID: 0 PID: 8080 Comm: syz.0.530 Not tainted syzkaller #0 PREEMPT(full) 
[  179.470794][ T8080] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  179.470801][ T8080] Call Trace:
[  179.470805][ T8080]  <TASK>
[  179.470810][ T8080]  dump_stack_lvl+0x16c/0x1f0
[  179.470831][ T8080]  should_fail_ex+0x512/0x640
[  179.470846][ T8080]  _copy_from_user+0x2e/0xd0
[  179.470859][ T8080]  futex_parse_waitv+0x101/0x520
[  179.470874][ T8080]  ? __pfx_futex_wake_mark+0x10/0x10
[  179.470890][ T8080]  ? __pfx_futex_parse_waitv+0x10/0x10
[  179.470902][ T8080]  ? rcu_is_watching+0x12/0xc0
[  179.470918][ T8080]  ? __kmalloc_noprof+0x35d/0x910
[  179.470930][ T8080]  ? __pfx_ia32_restore_sigcontext+0x10/0x10
[  179.470942][ T8080]  ? __do_sys_futex_waitv+0x221/0x2c0
[  179.470958][ T8080]  __do_sys_futex_waitv+0x245/0x2c0
[  179.470971][ T8080]  ? __pfx___do_sys_futex_waitv+0x10/0x10
[  179.470987][ T8080]  ? __pfx___do_compat_sys_rt_sigreturn+0x10/0x10
[  179.471004][ T8080]  do_int80_emulation+0x104/0x480
[  179.471023][ T8080]  asm_int80_emulation+0x1a/0x20
[  179.471035][ T8080] RIP: 0023:0xf6ffd579
[  179.471044][ T8080] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  179.471055][ T8080] RSP: 002b:00000000f53ed55c EFLAGS: 00000296 ORIG_RAX: 00000000000001c1
[  179.471066][ T8080] RAX: ffffffffffffffda RBX: 0000000080001080 RCX: 0000000000000001
[  179.471072][ T8080] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001
[  179.471078][ T8080] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  179.471085][ T8080] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  179.471091][ T8080] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  179.471104][ T8080]  </TASK>
[  179.699000][ T8088] 
[  179.699891][ T8088] ======================================================
[  179.702222][ T8088] WARNING: possible circular locking dependency detected
[  179.704548][ T8088] syzkaller #0 Not tainted
[  179.706252][ T8088] ------------------------------------------------------
[  179.708764][ T8088] syz.0.533/8088 is trying to acquire lock:
[  179.710853][ T8088] ffff8880248f0088 (&of->mutex){+.+.}-{4:4}, at: kernfs_seq_start+0x4f/0x2a0
[  179.713770][ T8088] 
[  179.713770][ T8088] but task is already holding lock:
[  179.716253][ T8088] ffff888028284e80 (&p->lock){+.+.}-{4:4}, at: seq_read_iter+0xe1/0x12d0
[  179.717538][ T8086] ucma_write: process 494 (syz.1.531) changed security contexts after opening file descriptor, this is not allowed.
[  179.719229][ T8088] 
[  179.719229][ T8088] which lock already depends on the new lock.
[  179.719229][ T8088] 
[  179.719238][ T8088] 
[  179.719238][ T8088] the existing dependency chain (in reverse order) is:
[  179.729897][ T8088] 
[  179.729897][ T8088] -> #3 (&p->lock){+.+.}-{4:4}:
[  179.732235][ T8088]        __mutex_lock+0x1aa/0x1ca0
[  179.733954][ T8088]        seq_read_iter+0xe1/0x12d0
[  179.735710][ T8088]        kernfs_fop_read_iter+0x46c/0x610
[  179.737627][ T8088]        copy_splice_read+0x618/0xc20
[  179.739450][ T8088]        do_splice_read+0x285/0x370
[  179.741213][ T8088]        splice_file_to_pipe+0x109/0x120
[  179.743150][ T8088]        do_sendfile+0x400/0xe50
[  179.744810][ T8088]        __ia32_compat_sys_sendfile+0x1e5/0x220
[  179.747023][ T8088]        __do_fast_syscall_32+0xe8/0x680
[  179.748953][ T8088]        do_fast_syscall_32+0x32/0x80
[  179.750752][ T8088]        entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  179.753001][ T8088] 
[  179.753001][ T8088] -> #2 (&pipe->mutex){+.+.}-{4:4}:
[  179.755471][ T8088]        __mutex_lock+0x1aa/0x1ca0
[  179.757194][ T8088]        anon_pipe_write+0x15d/0x1bd0
[  179.758997][ T8088]        __kernel_write_iter+0x720/0xb10
[  179.760913][ T8088]        __kernel_write+0xf5/0x140
[  179.762695][ T8088]        autofs_notify_daemon+0x4db/0xd60
[  179.764654][ T8088]        autofs_wait+0x10f3/0x1ac0
[  179.766500][ T8088]        autofs_mount_wait+0x132/0x3c0
[  179.768722][ T8088]        autofs_d_automount+0x4b2/0x960
[  179.770794][ T8088]        __traverse_mounts+0x1b9/0x830
[  179.772783][ T8088]        step_into_slowpath+0x772/0xf50
[  179.774843][ T8088]        path_lookupat+0x627/0xc40
[  179.776980][ T8088]        filename_lookup+0x224/0x5f0
[  179.779254][ T8088]        kern_path+0x35/0x50
[  179.781046][ T8088]        lookup_bdev+0xd8/0x280
[  179.783083][ T8088]        resume_store+0x1d6/0x490
[  179.785313][ T8088]        kobj_attr_store+0x58/0x80
[  179.787554][ T8088]        sysfs_kf_write+0xf2/0x150
[  179.789697][ T8088]        kernfs_fop_write_iter+0x3af/0x570
[  179.792269][ T8088]        vfs_write+0x7d3/0x11d0
[  179.794319][ T8088]        ksys_write+0x12a/0x250
[  179.796414][ T8088]        __do_fast_syscall_32+0xe8/0x680
[  179.798761][ T8088]        do_fast_syscall_32+0x32/0x80
[  179.800978][ T8088]        entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  179.803570][ T8088] 
[  179.803570][ T8088] -> #1 (&sbi->pipe_mutex){+.+.}-{4:4}:
[  179.806185][ T8088]        __mutex_lock+0x1aa/0x1ca0
[  179.807934][ T8088]        autofs_notify_daemon+0x4a6/0xd60
[  179.809814][ T8088]        autofs_wait+0x10f3/0x1ac0
[  179.811544][ T8088]        autofs_mount_wait+0x132/0x3c0
[  179.813416][ T8088]        autofs_d_automount+0x4b2/0x960
[  179.815295][ T8088]        __traverse_mounts+0x1b9/0x830
[  179.817110][ T8088]        step_into_slowpath+0x772/0xf50
[  179.818985][ T8088]        path_lookupat+0x627/0xc40
[  179.820697][ T8088]        filename_lookup+0x224/0x5f0
[  179.822514][ T8088]        kern_path+0x35/0x50
[  179.824067][ T8088]        lookup_bdev+0xd8/0x280
[  179.825727][ T8088]        resume_store+0x1d6/0x490
[  179.827437][ T8088]        kobj_attr_store+0x58/0x80
[  179.829244][ T8088]        sysfs_kf_write+0xf2/0x150
[  179.830986][ T8088]        kernfs_fop_write_iter+0x3af/0x570
[  179.833088][ T8088]        vfs_write+0x7d3/0x11d0
[  179.835235][ T8088]        ksys_write+0x12a/0x250
[  179.837371][ T8088]        __do_fast_syscall_32+0xe8/0x680
[  179.839771][ T8088]        do_fast_syscall_32+0x32/0x80
[  179.841562][ T8088]        entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  179.843847][ T8088] 
[  179.843847][ T8088] -> #0 (&of->mutex){+.+.}-{4:4}:
[  179.846265][ T8088]        __lock_acquire+0x1669/0x2890
[  179.848080][ T8088]        lock_acquire+0x179/0x330
[  179.849777][ T8088]        __mutex_lock+0x1aa/0x1ca0
[  179.851509][ T8088]        kernfs_seq_start+0x4f/0x2a0
[  179.853293][ T8088]        seq_read_iter+0x2c1/0x12d0
[  179.855071][ T8088]        kernfs_fop_read_iter+0x46c/0x610
[  179.856977][ T8088]        copy_splice_read+0x618/0xc20
[  179.858773][ T8088]        do_splice_read+0x285/0x370
[  179.860502][ T8088]        splice_file_to_pipe+0x109/0x120
[  179.862409][ T8088]        do_sendfile+0x400/0xe50
[  179.864086][ T8088]        __ia32_compat_sys_sendfile+0x1e5/0x220
[  179.866682][ T8088]        __do_fast_syscall_32+0xe8/0x680
[  179.868805][ T8088]        do_fast_syscall_32+0x32/0x80
[  179.870679][ T8088]        entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  179.872949][ T8088] 
[  179.872949][ T8088] other info that might help us debug this:
[  179.872949][ T8088] 
[  179.876424][ T8088] Chain exists of:
[  179.876424][ T8088]   &of->mutex --> &pipe->mutex --> &p->lock
[  179.876424][ T8088] 
[  179.880449][ T8088]  Possible unsafe locking scenario:
[  179.880449][ T8088] 
[  179.883047][ T8088]        CPU0                    CPU1
[  179.885044][ T8088]        ----                    ----
[  179.886991][ T8088]   lock(&p->lock);
[  179.888328][ T8088]                                lock(&pipe->mutex);
[  179.890636][ T8088]                                lock(&p->lock);
[  179.892745][ T8088]   lock(&of->mutex);
[  179.894075][ T8088] 
[  179.894075][ T8088]  *** DEADLOCK ***
[  179.894075][ T8088] 
[  179.896900][ T8088] 2 locks held by syz.0.533/8088:
[  179.898632][ T8088]  #0: ffff88802946a868 (&pipe->mutex){+.+.}-{4:4}, at: pipe_lock+0x64/0x80
[  179.901590][ T8088]  #1: ffff888028284e80 (&p->lock){+.+.}-{4:4}, at: seq_read_iter+0xe1/0x12d0
[  179.905252][ T8088] 
[  179.905252][ T8088] stack backtrace:
[  179.907794][ T8088] CPU: 2 UID: 0 PID: 8088 Comm: syz.0.533 Not tainted syzkaller #0 PREEMPT(full) 
[  179.907819][ T8088] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  179.907831][ T8088] Call Trace:
[  179.907838][ T8088]  <TASK>
[  179.907845][ T8088]  dump_stack_lvl+0x116/0x1f0
[  179.907877][ T8088]  print_circular_bug+0x275/0x340
[  179.907908][ T8088]  check_noncircular+0x146/0x160
[  179.907939][ T8088]  __lock_acquire+0x1669/0x2890
[  179.907957][ T8088]  ? __kvmalloc_node_noprof+0x3ac/0xa40
[  179.907982][ T8088]  ? kernfs_fop_read_iter+0x46c/0x610
[  179.908012][ T8088]  lock_acquire+0x179/0x330
[  179.908026][ T8088]  ? kernfs_seq_start+0x4f/0x2a0
[  179.908052][ T8088]  ? __pfx___might_resched+0x10/0x10
[  179.908079][ T8088]  __mutex_lock+0x1aa/0x1ca0
[  179.908105][ T8088]  ? kernfs_seq_start+0x4f/0x2a0
[  179.908132][ T8088]  ? kernfs_seq_start+0x4f/0x2a0
[  179.908159][ T8088]  ? __pfx___mutex_lock+0x10/0x10
[  179.908190][ T8088]  ? rcu_is_watching+0x12/0xc0
[  179.908214][ T8088]  ? trace_kmalloc+0x2b/0xb0
[  179.908239][ T8088]  ? __kvmalloc_node_noprof+0x3c9/0xa40
[  179.908264][ T8088]  ? kernfs_seq_start+0x4f/0x2a0
[  179.908290][ T8088]  kernfs_seq_start+0x4f/0x2a0
[  179.908318][ T8088]  seq_read_iter+0x2c1/0x12d0
[  179.908341][ T8088]  ? __pfx_alloc_pages_bulk_noprof+0x10/0x10
[  179.908367][ T8088]  kernfs_fop_read_iter+0x46c/0x610
[  179.908396][ T8088]  copy_splice_read+0x618/0xc20
[  179.908422][ T8088]  ? __pfx_aa_file_perm+0x10/0x10
[  179.908448][ T8088]  ? __pfx_copy_splice_read+0x10/0x10
[  179.908477][ T8088]  ? __fget_files+0x204/0x3c0
[  179.908502][ T8088]  ? __pfx_copy_splice_read+0x10/0x10
[  179.908526][ T8088]  do_splice_read+0x285/0x370
[  179.908552][ T8088]  splice_file_to_pipe+0x109/0x120
[  179.908580][ T8088]  do_sendfile+0x400/0xe50
[  179.908605][ T8088]  ? __pfx_do_sendfile+0x10/0x10
[  179.908628][ T8088]  ? putname+0xf5/0x1a0
[  179.908644][ T8088]  ? __ia32_sys_futex_time32+0x1d9/0x460
[  179.908666][ T8088]  ? __ia32_sys_futex_time32+0x2fc/0x460
[  179.908690][ T8088]  __ia32_compat_sys_sendfile+0x1e5/0x220
[  179.908706][ T8088]  ? xfd_validate_state+0x61/0x180
[  179.908728][ T8088]  ? __pfx___ia32_compat_sys_sendfile+0x10/0x10
[  179.908749][ T8088]  __do_fast_syscall_32+0xe8/0x680
[  179.908778][ T8088]  do_fast_syscall_32+0x32/0x80
[  179.908805][ T8088]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  179.908828][ T8088] RIP: 0023:0xf6ffd579
[  179.908841][ T8088] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  179.908858][ T8088] RSP: 002b:00000000f53ed55c EFLAGS: 00000296 ORIG_RAX: 00000000000000bb
[  179.908875][ T8088] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000000007
[  179.908887][ T8088] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000000
[  179.908897][ T8088] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  179.908907][ T8088] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  179.908917][ T8088] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  179.908933][ T8088]  </TASK>
[  180.649471][   T64] Bluetooth: hci2: command 0x0406 tx timeout
[  180.659754][ T5954] Bluetooth: hci0: command 0x0406 tx timeout
[  180.660238][ T5941] Bluetooth: hci3: command 0x0406 tx timeout
[  180.662556][ T5299] Bluetooth: hci1: command 0x0406 tx timeout
[  183.059544][   T34] usb 42-1: device descriptor read/8, error -110
[  183.460037][   T34] usb usb42-port1: attempt power cycle
[  184.020110][   T34] usb usb42-port1: unable to enumerate USB device