last executing test programs:

9.52124298s ago: executing program 3 (id=2985):
r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)
r1 = syz_open_dev$dri(0x0, 0xd21, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, 0x0)
r2 = socket(0x10, 0x80002, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8b24, &(0x7f0000000000)={'wlan0\x00'})
readv(r2, &(0x7f0000000ac0), 0x0)
ioctl$DRM_IOCTL_MODE_GETCRTC(r1, 0xc06864a1, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000008c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1}, 0x48)
bpf$BPF_PROG_QUERY(0x10, 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_GETFB2(r1, 0xc06864ce, &(0x7f0000000540))
socket$inet_udp(0x2, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = getpid()
process_vm_readv(r3, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x3, 0x4, &(0x7f00000004c0)=ANY=[@ANYBLOB="8500000097000000350000000000000085000000230000009500000000000000f4670880271e3503200ffa95a2c8c037c5a142dfa8ba6287066c5197fabd5f7010e81ae0b737126e0000000000000009ed8d38665cb6e22ff5dde54704d25c79949c23e2eb15d755a2410ea7c09cc28de194f44800000000b0d3712c7e93363af3c075ff1e23160104d95433bb755af3d576090c4867a7b6393e366c6386d5ec7201d031f40f3012e9576e51a7f550afc852003b2f7846c744ae6af3c037102124d85cec074c6949e1d76d067a97000247fe5f17fdab800f4104dbaba46aac3abe6c4d7f47ef6d02ba536cdacecf7eb6baaa4a9779f8555eaea768c1f2c221c155411c5483b8741036674d41513656d400ef050000000ee282ab76f593d828cf95846be6277c04b8c5324812696a623cd8a4f8dc8dcba00b1b2d2547c45b0c52087b5efabf8496b9a951667dd5b5a0327b56c0ebfb19a34268335648e1f844ce328c10752a42dca52fb98c1452b651ebffffffff00000000419a2f238f173d0cd46dafc6e95500f53e5309ec91d83cf4fbd775d9c07d8d591a4dac60ff00e609b3b20000000000000000000000000000000000000000000000004e41ffd11d49614fc97bff9cfa13a834a8b7d58ef7845b492b808b59a29b3bfa21b4ce7abc79e8279ef3e2151281fe64f52fc86715aca2e027cb0d5ae3a489dd4f97e6dfdaf622a6964faea221d4b6a7d5fbaeb8ce597ec671a0f8cab6877df3ef4b21d902a66f091947f1a69f09007d1c22c1fa85de1caa493de14810f42ed36488b944b3ca4e86a4738f730f473f3f29d592549b220d051c3b31e321d426ac7b28e8204d3253184d307966ad8ef7482da915473bd11a72e9acefc61cb7a40b78a066f120cf5acc12e56107f7cd8144c4b1df091e9fb661120eaeaa4efe4a9e798925a72da837a364c0051118dd744db455ae5e9a579f97b4fcf60e26c7fcbd31ccc030f2a8077e089b36d6a5"], &(0x7f0000000140)='GPL\x00', 0x0, 0xe0, &(0x7f0000000180)=""/153, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x50, 0x10, 0x0, 0xfffffc1a}, 0x15)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={r4, 0xfffff000, 0xd, 0x0, &(0x7f00000000c0)="61df712bc884fed5722780b6c2", 0x0, 0x8000}, 0x50)
openat$drirender128(0xffffffffffffff9c, &(0x7f0000000040), 0x101080, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

8.481276762s ago: executing program 3 (id=2990):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000000002000000000000000000018190000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x4, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000280)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='percpu_alloc_percpu\x00', r1}, 0x10)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
r3 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000080)=0xa, 0x4)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000003c0)={'wlan0\x00', <r4=>0x0})
sendto$packet(r3, &(0x7f0000000180)="0b031000e0ff030002004788aa96a13bb1000000000008000500", 0x10000, 0x0, &(0x7f0000000140)={0x11, 0x0, r4}, 0x14)
socket$nl_generic(0x10, 0x3, 0x10)
r5 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001400)=ANY=[@ANYBLOB="1c0000005e0021a5553f8c6b23"], 0x1c}}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
read$FUSE(0xffffffffffffffff, &(0x7f0000001300)={0x2020}, 0x2020)
ioctl$RFKILL_IOCTL_NOINPUT(0xffffffffffffffff, 0x5201)
pipe(&(0x7f0000000040)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
r8 = fsopen(&(0x7f0000000080)='autofs\x00', 0x0)
fsconfig$FSCONFIG_SET_FD(r8, 0x5, &(0x7f00000005c0)='fd', 0x0, r7)
r9 = socket$inet_sctp(0x2, 0x1, 0x84)
ioctl$sock_SIOCETHTOOL(r9, 0x8946, &(0x7f0000000040)={'netdevsim0\x00', &(0x7f0000000080)=@ethtool_test={0xf, 0x0, 0x0, 0xa, [0x0, 0x8000000000000000, 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, 0xabca, 0x9]}})
fsconfig$FSCONFIG_CMD_CREATE(r8, 0x6, 0x0, 0x0, 0x0)
close_range(r6, 0xffffffffffffffff, 0x0)
r10 = syz_open_procfs(0x0, &(0x7f0000000080)='coredump_filter\x00')
prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1)
syz_emit_ethernet(0x4e, &(0x7f00000001c0)={@local, @remote, @val={@void, {0x8100, 0x6, 0x0, 0x3}}, {@ipv6={0x86dd, @tcp={0x0, 0x6, "f11b8c", 0x14, 0x6, 0x0, @loopback, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, {[], {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0)
preadv(r10, &(0x7f0000000000), 0xc, 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x6, &(0x7f0000000000)=[{0x4, 0xd6, 0x5, 0xa}, {0x3, 0x2, 0x0, 0x8}, {0x1, 0x1, 0x6, 0x2}, {0x5, 0x2f, 0x1f}, {0x4, 0x0, 0x3, 0x3}, {0x6, 0x0, 0x2b, 0x6}]})
ioctl$SECCOMP_IOCTL_NOTIF_SEND(r10, 0xc0182101, &(0x7f0000000000)={0x0, 0x2332, 0x1})

7.168324692s ago: executing program 3 (id=2993):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_SAVE(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)=ANY=[@ANYBLOB="1c000000080601010000000000000000200000000500010007000000"], 0x1c}}, 0x0)

6.791397903s ago: executing program 3 (id=2996):
mkdir(&(0x7f0000000440)='./file1\x00', 0xd4)
io_uring_register$IORING_REGISTER_RESTRICTIONS(0xffffffffffffffff, 0xb, 0x0, 0x0)
io_uring_register$IORING_REGISTER_ENABLE_RINGS(0xffffffffffffffff, 0xc, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0)
io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
userfaultfd(0x1)
gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x4, @thr={&(0x7f00000004c0)="e756794832bd367a5616d82e51451ce38f2f6e214eb457fecd79133c80c72d6a6d246185cf1beabb3b02138609d2037337a2aaf2f411a96fd34cb39e5ddd00f434ac70d756e12cc1c486168811812675964424349913fc805fa7339aa6663e511af396dc46736815c1e06053757f6ed97ed34302bb3948e80e543032b55eec54460880aba0f566dd34faeafd84c3fbf4d894069263fa620abfdb98dcdb201521b36100ef9aaef1122c8e9c29f32e7ea2712655c30e35989e76164785b6f2d29206318191d67aba35fcd1a2daf2ad5bdb0cfe6ef2ceb51ee783497933d8754fa77b118c8493a6fd71f03857dd67a4958ca3d7fd7dc09b787e38d988", &(0x7f0000000040)="86a433f014b89d4c4aa9bdf1db69b8f2ec21ee4866f6c57746428b1ea8dd33ec2b3f7324836e21b02e07be470c7d264e148fb3af595698c1e69617488141139cc9643174d7e3c51db6cd90e901af6c97e604590a6d8c1706b138d01497fc8ab773cd2a85b4ec267a6e99754667f3b3ea5972eba70a61c3cb53d6038c9a9d6585"}}, &(0x7f0000bbdffc)=<r1=>0x0)
timer_settime(r1, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r2 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
bind$nfc_llcp(r2, &(0x7f00000000c0)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "edd0961fcbe3a714699b769277aa362003e40900661e12bcca7f88cd6d07f3648c21a4b612af05000000a25b96f8fffffffffffffffe700a13056afd600927", 0x8000000004}, 0x60)
sendmsg$nl_netfilter(0xffffffffffffffff, 0x0, 0x0)
recvmsg(r2, &(0x7f0000000800)={0x0, 0x0, 0x0}, 0x0)
setsockopt$inet_sctp6_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, 0x0)
sendmsg$IPCTNL_MSG_TIMEOUT_NEW(0xffffffffffffffff, 0x0, 0x4008081)
add_key(&(0x7f0000000000)='pkcs7_test\x00', 0x0, &(0x7f00000021c0)="305c0607e182087051667557c7d7982b8f57fb20a3adc9e3baa292ce8f0a861e6417acfc8648ad1b86400393d502b0cd490635d54cdf5bd0461690982b236949ab5e000000808ce41d86b9b949004fd8fe45b91e8fe7ec7c49750a1b0ade", 0x5e, 0xfffffffffffffffe)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000440)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-cipher_null\x00'}, 0x58)
r4 = accept$alg(r3, 0x0, 0x0)
read$alg(r4, &(0x7f0000000340)=""/154, 0x9a)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000003c0)={<r5=>0xffffffffffffffff})
r6 = creat(&(0x7f0000000000)='./file0\x00', 0x0)
dup3(r5, r6, 0x0)

5.975078264s ago: executing program 1 (id=3000):
r0 = getpid()
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
process_vm_readv(r0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
r1 = syz_open_dev$loop(&(0x7f00000001c0), 0x100000, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="3400000021000100000000000000000002000000faff000000000000080018004e284e2205001600000000000800"], 0x34}}, 0x0)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=@newspdinfo={0x1c, 0x24, 0x21, 0x0, 0x0, 0x0, [@XFRMA_SPD_IPV4_HTHRESH={0x6}]}, 0x1c}}, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000003c0)=@updpolicy={0xb8, 0x19, 0xfd3649826d894c67, 0x0, 0x0, {{@in=@dev, @in6=@mcast1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x2b}}}, 0xb8}}, 0x0)
syz_emit_ethernet(0x3a, &(0x7f0000000180)={@link_local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x2c, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @multicast1}, {0x0, 0x4e22, 0x18, 0x0, @wg=@data}}}}}, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$SNDRV_PCM_IOCTL_UNLINK(0xffffffffffffffff, 0x40044160, 0x3)
r3 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VIDIOC_REQBUFS(r3, 0xc0145608, &(0x7f0000000040)={0x204, 0xa, 0x4})
r4 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VIDIOC_REQBUFS(r4, 0xc0585609, &(0x7f0000000040)={0x20, 0xa})
ioctl$LOOP_CONFIGURE(0xffffffffffffffff, 0x4c0a, &(0x7f0000000000)={0xffffffffffffffff, 0x0, {0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x3, 0x8, 0x0, "82ffe9a7ca8d338e0978c80c568a9d94969744223a3bf7b1ce1f566ac0b5502df67a3a54817e92bda7e02337b5186bf1532b41dc173f2ef38ea641dbf4bea193", "2c8d978bbbaf836770b6bc05c7d33d4ba1eeb28b81365fd5b98b898cd82f59b99d77af213e51d53d7e04d4e85e1d41ee121ea3aad63b499c7a25e1b181ac9ebf", "9fef7affaecac6ed08f4c36330801327cabc8491b2a7e8063de5ae1f02b8cb3a", [0x0, 0x3]}})
symlinkat(&(0x7f0000000180)='.\x00', 0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00')
mount(&(0x7f00000000c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000100)='./file0\x00', &(0x7f00000001c0)='efs\x00', 0x0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f00000000c0)=""/223, 0xdf}], 0x1, 0xfffff62d, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
sendfile(r1, 0xffffffffffffffff, 0x0, 0x1)
r5 = socket$inet_tcp(0x2, 0x1, 0x0)
getsockopt$inet_tcp_buf(r5, 0x6, 0x1c, 0x0, &(0x7f0000000080))
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000480)=ANY=[@ANYRESDEC, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
unshare(0x62040200)

3.900280703s ago: executing program 0 (id=3009):
socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080))
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000818010000", @ANYRES32, @ANYBLOB="0000000000008da4b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000100)='kfree\x00', r0}, 0x10)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='attr/exec\x00')
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x8, 0x10001, 0x9, 0x1}, 0x48)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES64=r2, @ANYBLOB="0000000000000000b702000014002000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
flistxattr(r3, 0x0, 0xdeff)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r2, &(0x7f0000000080), &(0x7f0000001540)=""/155}, 0x20)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000ac0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000020000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000d00)='sched_switch\x00', r4}, 0x10)
syz_open_dev$usbfs(&(0x7f0000000000), 0x1ff, 0x0)
ioctl$SNDRV_PCM_IOCTL_DRAIN(r1, 0x4144, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000980)='/proc/bus/input/handlers\x00', 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x0, &(0x7f0000000040)={0x4, &(0x7f0000000300)=[{0x3, 0x9, 0x0, 0x80000000}, {0x8, 0x4, 0x7, 0xb}, {0xb, 0x10, 0x1}, {0x7, 0x3, 0x8, 0x10003}]})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x2, &(0x7f0000000100)=[{0x54}, {0x6}]})
openat$sndseq(0xffffffffffffff9c, &(0x7f00000001c0), 0x100580)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = dup(r6)
ioctl$KVM_REGISTER_COALESCED_MMIO(r7, 0x4010ae67, &(0x7f0000000280)={0xf000})
ioctl$KVM_REGISTER_COALESCED_MMIO(r6, 0x4010ae67, &(0x7f00000001c0))
ioctl$KVM_UNREGISTER_COALESCED_MMIO(r6, 0x4010ae68, &(0x7f0000000040))

3.560257823s ago: executing program 1 (id=3010):
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f0000000240), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r1, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x15)
syz_emit_vhci(0x0, 0x22)
ioctl$VIDIOC_REQBUFS(0xffffffffffffffff, 0xc0145608, &(0x7f0000000140)={0x0, 0xa, 0x2})
syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB], 0x7)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f0000000980)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a4c000000060a090400000000000000000200000018000480140001800a0001006c696d6974000000040002800900010073797a30000000000900020073797a3200000000050007409c000000140000001100010000000000000000000000000a5723666cc55e7a0494e695056f827b153e7c916149205e74a383f26f0e722fcd616c1902ec3fd6a63534454a3985a85d5b3ab66e12ea99a1b3f8a31d6c19fe1037757924460c4add147c1088d89baa7553dd1b9c753a0533a31d57d194f0813837a8cacda007cc3e830e2cb73843cb12409cf787ec2a72f5bde8b10bfad1bd8dd7c31c929c9e6a50cb27"], 0x74}}, 0x0)
socket(0x0, 0x0, 0x0)
syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x12}, @l2cap_cid_le_signaling={{0xe}, @l2cap_le_conn_rsp={{0x15, 0x3, 0xa}, {0x5, 0x6, 0x8, 0x8, 0x1}}}}, 0x17)
write$uinput_user_dev(r0, &(0x7f0000000500)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}, 0x45c)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_inet_SIOCGIFADDR(r2, 0x8915, &(0x7f0000000440)={'veth0_vlan\x00', {0x2, 0x0, @multicast1}})

3.313587293s ago: executing program 1 (id=3011):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000001240)=ANY=[@ANYBLOB="1800000014000200000000000000000095"], &(0x7f0000000000)='GPL\x00'}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r0}, 0x10)
r1 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$int_in(r1, 0x40000000af01, 0x0)
r2 = syz_open_dev$vcsn(&(0x7f00000036c0), 0x4, 0x200)
sendmsg$nl_route(r2, &(0x7f00000035c0)={&(0x7f0000003700), 0xc, &(0x7f00000037c0)={&(0x7f0000003600)=@bridge_newvlan={0x54, 0x70, 0x0, 0x70bd2d, 0x25dfdbfd, {}, [@BRIDGE_VLANDB_ENTRY={0xc, 0x1, 0x0, 0x1, @BRIDGE_VLANDB_ENTRY_RANGE={0x6, 0x2, 0xa}}, @BRIDGE_VLANDB_ENTRY={0xc, 0x1, 0x0, 0x1, @BRIDGE_VLANDB_ENTRY_STATE={0x5, 0x3, 0x1}}, @BRIDGE_VLANDB_ENTRY={0xc, 0x1, 0x0, 0x1, @BRIDGE_VLANDB_ENTRY_INFO={0x8, 0x1, {0x3}}}, @BRIDGE_VLANDB_ENTRY={0xc, 0x1, 0x0, 0x1, @BRIDGE_VLANDB_ENTRY_STATE={0x5, 0x3, 0x3}}, @BRIDGE_VLANDB_ENTRY={0xc, 0x1, 0x0, 0x1, @BRIDGE_VLANDB_ENTRY_INFO={0x8, 0x1, {0x52, 0x3}}}]}, 0x54}}, 0xe010)
r3 = syz_genetlink_get_family_id$mptcp(&(0x7f0000003a40), r2)
sendmsg$MPTCP_PM_CMD_GET_LIMITS(r2, &(0x7f0000003f00)={&(0x7f0000003a00)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000003ec0)={&(0x7f0000003a80)={0x24, r3, 0x4, 0x70bd28, 0x25dfdbfb, {}, [@MPTCP_PM_ATTR_TOKEN={0x8, 0x4, 0x7f}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x5}]}, 0x24}, 0x1, 0x0, 0x0, 0x4800}, 0x44000000)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r6=>0x0})
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001000)=ANY=[@ANYBLOB="200000001100010100"/20, @ANYRES32=r6], 0x20}}, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000040)={0x2, 0x4, 0x8, 0x1, 0x80, r2, 0x1, '\x00', r6, 0xffffffffffffffff, 0x4, 0x3, 0x5}, 0x48)
r7 = syz_open_dev$dri(&(0x7f0000000000), 0x2, 0x0)
r8 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0)
r9 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000140), r2)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r2, &(0x7f0000000400)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000900)={0x19c, r9, 0x400, 0x70bd28, 0x25dfdbfc, {}, [@ETHTOOL_A_LINKMODES_AUTONEG={0x5, 0x2, 0x8}, @ETHTOOL_A_LINKMODES_DUPLEX={0x5}, @ETHTOOL_A_LINKMODES_LANES={0x8, 0x9, 0x6}, @ETHTOOL_A_LINKMODES_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}]}, @ETHTOOL_A_LINKMODES_LANES={0x8, 0x9, 0x3}, @ETHTOOL_A_LINKMODES_LANES={0x8, 0x9, 0x6}, @ETHTOOL_A_LINKMODES_OURS={0x12c, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0x9}, @ETHTOOL_A_BITSET_NOMASK={0x4}, @ETHTOOL_A_BITSET_VALUE={0xde, 0x4, "2c496f7f8a366431473a77557e45c16b5bd6f393b710b95c852c9dbc034c6783c32bb26949b1e123c6a9cde5722c4e3f1519236efb6cbdc67e2146dbf5fd8dd0ee0cfc9782f28f55700d5f2bb0d42666adbf2b5caa687f1ad57077f6653dd35d64efc980a4bf88730ca93c6de652460b4f7233ad30d9b5106fba14f0a5e43495fd64236d7b9b3c7e319921954dc3529c5f56ab2b557ab44dc1c2d44100d783d3431a83bd07d0c40a2aa5d8d30d2296c195626be2966d18a516c6ad1bbc3deec5640c1e3feb34aa3f25b24985f7d475dab760ff6182066eb42d3b"}, @ETHTOOL_A_BITSET_NOMASK={0x4}, @ETHTOOL_A_BITSET_VALUE={0x1d, 0x4, "5f40847d875e4cd63105e63e0c252628c0589dafd9d1be7d9c"}, @ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0xffff}, @ETHTOOL_A_BITSET_NOMASK={0x4}, @ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0x7fff}, @ETHTOOL_A_BITSET_NOMASK={0x4}]}, @ETHTOOL_A_LINKMODES_HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'pim6reg1\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8}]}, @ETHTOOL_A_LINKMODES_MASTER_SLAVE_CFG={0x5, 0x7, 0x5}]}, 0x19c}, 0x1, 0x0, 0x0, 0x2005}, 0x20008005)
ioctl$DRM_IOCTL_MODE_GETCRTC(r8, 0xc06864a1, &(0x7f00000002c0)={0x0, 0x0, 0x0, <r10=>0x0})
ioctl$DRM_IOCTL_MODE_GETFB2(r8, 0xc06864ce, &(0x7f0000000440)={r10, 0x0, 0x0, 0x0, 0x0, [<r11=>0x0]})
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r8, 0xc00c642d, &(0x7f0000000100)={r11, 0x0, <r12=>0xffffffffffffffff})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r7, 0xc00c642e, &(0x7f0000000800)={0x0, 0x0, r12})

3.011591152s ago: executing program 2 (id=3012):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00'}, 0x10)
creat(&(0x7f0000000140)='./bus\x00', 0x0)
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000001140)='net/softnet_stat\x00')
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000001400), r0)
preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x305380, 0x98)
getpgrp(0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x11, 0xb, 0x0, 0x0)
ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r3, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x2}, 0x6)
setsockopt$SO_TIMESTAMPING(r3, 0x1, 0x25, &(0x7f00000002c0)=0x7932, 0x4)
recvmmsg(r3, &(0x7f0000003280)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)=""/70, 0x46}}], 0x1, 0x0, 0x0)
socket$unix(0x1, 0x2, 0x0)
socket$unix(0x1, 0x1, 0x0)
sendmsg$NL80211_CMD_SET_PMKSA(0xffffffffffffffff, 0x0, 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)
inotify_init1(0x80000)
bpf$MAP_CREATE(0x0, 0x0, 0x3a2426f0f7a4fb20)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r5 = openat$cgroup_procs(r4, &(0x7f00000006c0)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r5, &(0x7f0000000100), 0x12)
r6 = openat$cgroup_int(r4, &(0x7f0000000040)='cpuset.cpus\x00', 0x2, 0x0)
write$cgroup_subtree(r6, &(0x7f00000000c0)={[{0x0, 'rlimit'}]}, 0x8)

2.979918705s ago: executing program 1 (id=3013):
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
getresgid(&(0x7f0000000040), &(0x7f0000000180), &(0x7f0000000240))
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', 0x0, 0x0, &(0x7f0000000700)=ANY=[])
syz_fuse_handle_req(r0, &(0x7f000000abc0)="1195ac9218230be8698e3c32212a907ef4ebdb358a3845acde78d80602e932aff327ea7fa73f792c40cebdba37cecd38ed8a684e8e7e17c283a4a8133578350204e227bc8b66e6e3e496a9058407be3b1c02fe6a537132a7dbb038450582558bc290991aa904db098add7df0dfbb1872456b02af0baa9d727d628215805b913a4a76742f8086dc1d4aeafee73a85593ad0b5894773faa16ba06cf2f5a42ff342dd413b65c59ee263d078e5224bfa88f40e834878bb4ddc596a258558f4faef188fcb81f6de204fa4c275aec29c3d198c8918c230e80cbbffb8b4847d949783042e0aa097ac44b197332210e6f983f88f077b8e9e98ab605534a19e2c7099bad58f5d45cc9e9132320a2c53696f9011a9e6410046f32556f58cacbd56b22e38206ae6f3b09eefd692c89d1434ec54964aaba6c6704863aba623d0a6f99ee44b353a29b1e0b3311509200ee9052c8a98127b2f60b73d8390a5ea306879122e314431dbebce943b924e2b02c6b7cae0ccf680fca614bd21e3d04fbda26ec22518ce189371a0757b334332f21f028571779919a1562a0c9fbcb2161060a4491761a5d1c75725665db8078cfbe681a5a486fdad7f53a300e8fe749c54be9807e2a1bea17a8b4e75f0f6e66d0b73b2db67b985c9fb0464343b4d8a4f7e3f7cf99ae2ccb5140791863f765b6334c08bb123ac632c0326db66baa39006083c9afe2573da0191b6866c089223271e3914cdf6806795e2ab2fc9f78cd6527088cce01447266c0773120b71d72a03a110d142277c4324330dee504d11fe46bf3b13ee94e8d3266dd27207ebae0da9559f7198165aa5d962272465dde32e68017341bc7a8baaa727c279db496bfa3427628aa4a2ac26300c117607d9e771c70408c9a1fc8fc01d6a7c4e53374e249f0d77d93d8f5e065981e2001e8d3eb6e7db05547abb747b7c405de291f383a048bf15e5ab07527ea8cf32aa96980494b8c540ec04fa2f498d469afda8dcf289521a459e532054e62aa42a97f912627449ef20f30e6ca203fc3d2a84eb115898744e65790253d5b2813e5c7b8b27ab17c7562964baa46589a46868eb79491d7309eb2a87958619825d4a0971d34962fc48ad762e0fbc0e0f3217d88950199c4e4c00322509f9a1d03f2f375b1ec77190df881ea468c62baa4ec4caba3302e5442157a63596e723f04fb40b6b1e6740e2af48820f0b53ebe9031f2ec6b59810ee5abb6ae2d1ce2372eba86db69e313ff7a6f17d15b8ddc2170c24bdb065dd6baf0edc38f41e37473a66e4dbc4b1ffde72f5450716bd88c5992f0a61953234965ec5d1e031df13cdefabdcf89b6521996dd1b1392813dd4c845a939dc6e629e72f967e7d0bcdd0f1af46335a581f8bad4146f48907c36cee6d7a9c449f122c56956768f2a5658506bba553683724a7c36fa9d5f3ae9064f9a67ad964c2d8442f3812aed7ce0941a11309f80c69d478beb9c8c88332693645bbfce9987e61ca2fd008bb5f5296c842d80b367c0dc49da3ebcc8b7c2cbfebc656e546c0bd9b9422d4c49f13cfc8152958ae75a03174d693eb4d5df1a45a0ac12481053b7874b08b6701e85c4f058cba81cbae4ff8bd426f625ee2884bf719f490795fba7927765c4299b6c2c03c3521e74a19130dfe76dbb26f4aef2689060a6ea83956e2af600c87c894b79f2d172d9ffb572ec7731662ff5f38129dac6bbe75176e56d3e4d01bcd94343bdecac0047d916b09a5a0cd9bae339f481e085c900f1ac282ae8f6eb04c4fbecdc697227247ee5c9d632c50e33d716cbd6d60d90182fc0235f92aa7480b2ebfba9fb6e3e2a175ad83fb5bddd8e7fd539bdcc9388a2e59a4f6b445c60210d30d66d652be1d705f26809291c43f78c028af6dbe38cb3f1635bb671e1d36183a32047f80959e489441c24ce546abea2aee04cd742e9fcec01760197b914a9cd677e5862b748c1e6f8b760fc1d6add31578176b0c149ced98a4379f115990bb629107914498e933bfb1bad94098063bcab75b2b8667df6fab15d3460fe3bbfd09157f860eacf75a23b4a4744af043bccf4aa3c3f3180130bf2a1de45f8304bdbaca1be46bcfddaa1e8524f40523c8c2bf1249f4bb8cd811a24e1b6f820c7daa8b6b9367554f97f7f3f68634ad6de0a59256d58b4e5cbba2524ff2cf97c3afa90e529e9d802ec9ad5ff49e9a1ac4151abc68e7ce7c03673c3513736925420c6f667a5e68adbbe8d062b4fc163ff20748055c152a42412b980ca3c692bfe759a6e0b2ce14f2c5f470927e6ce00ee18ddfee2de194e3793b1921f9039a90147ebe9902bd0d0e1541a9c7cc803492394a13645aa94ebd712f8908070ad8daf1a6b58e74caad344eeda72315b2fc3db4455d46dfbec77d0aeece7a7f6f566e636dcbdbdd872341b0bf8ee54b46471da2ce085afabada91cfd1785f5e2d1824d55844a42c99a94fae9acdde0e22da26cee563a0421512fd60605709d8fe4b6a6166617982d28529dc73232ab55b19e65ebeecf47a921d6e60be3f3049d93694baf5a93a4af602a37cfcb6f9801765e5fac20fe221ef4a083fa4e01bb6c7836b3691aa4ef846b18e8181f8a73fb81437c0f1400eae9866c43eca0393e5628b85f03e5706d223ac4cb58919f4a906f3e3a225cb139e1f2feef448f173c778978757edbb9fa8cc9777c51bb1c6a5f45e7769fb7c1134df864599449a4dbe80c6fa944a1e21ca31fc0cdae18eaf88999c9c196967dd3de189e6ff8d04dcdf7cd11a73cd80904b5e3f5d1c5383103ccb549d194d97b9dfabfc51e07e80a64565c1d8683ea5803f81e54e1dee4004d56eefeed1a96dbcbc98a5bdeb9b327216ae3334b78a48f5a8d45aabe7931f08c4b13fe4719d3119d4ad59ed094c1f38fefc6afca15bc8027401a0ca65bae1f3d4be2327d776c4f3dd0de91aa4acbbe1166577e9eab77ddafd055b1ae6e9c2653faacda733f850bc97ed023e66922346c3ae3b20b46a7caca216eeb65c35bef91a1910f96696d1addb5e71090757db69e7799eb6924c331db23ba05db7a1a8e51262925c9d71aa238676499bdf0150c43a0e19a184d861f66f9d8c422e6aa64f49d4c0b802dd4f7b36f4743d3872ee32761b5984f6c04a19ac52d44edb701f8349bf8bb3a753bbae71e042b89936747d13d75c681bd8e79a76edba119389464c267af8fb237ca3ff2a8e3e577da6f6480ead48e0958638e28769ccf4aa93be482513ebe87a15d127b46f526599b60e9f771a1fa2513c790ea1f8ee09ac98316b7f461a0dcbaab6c3bc4f92709cde1a4021ece3f9801c1bf08d875d97b4728bc903f18b45cf4d57c0ef1003bc7a3df29a648b152f0d9571d38f1c16dfb289bcd8a1dc9499dfa15ff73ebf844f749b6508d250adcaee0fd01ba3de01ed05be515c814c5e9879a12e540dfc44df0298bc5ead95cec9ed47c0a26a3805ca1cd7a98f7d4e46da93c4e7108ed562ca0c31fd8bb1d55ab0f759e4229fe34129c65267973869fefca9c1d3e839db40c897cce4e7fbe147e2a063f3647a085807d34afc1971724ec56497e91b79fd3353562dd604cced748c45429d6e30269b19380c567fe2aa4a6149fc6476c31050cc82af709ec4f62e5fb6faa51c86f3cd6fb81dc64a6bccb739f0e9f559ba9d4acf882c3e77d1401f824c702af544a29eb05edde2f0ae10dbb4a2edd9d78933444932e7e4a278372643d01743ff954abbeb4f9946b74ca37086cd3faf4680e809202cd2c2bbd50cd936f4a8a3d4f9df8ae90a568f3ac6f6788541b202ae298df9a69ac09f68c1f8364850f67b2b5a69172ac8c4fdfc097a3d02c13e04578f6c766c5d3f1e6c3db86ffb4510718a267d8bbe00ca2b17a5c1cfc046c906c08010ed4981a1bc4e10d71f9148dcdf8524d939f86a3fb1f64a8e3de5544a8779dac4a43709240f36288b14d39ec68e59b9063f61bdfd7d20d98da5766a95bed463a564d38c263ecc9a3b2e4022941611c8975f2b3ca232ba5e4fa9d6b371a816fcc9ab66a52c9ada22c735d312d7846c4674afdd58ce7965f1c93c43feef6f558483f91c575525f09ef7f0713bdacf60415527efdcf12f09b6641fa058a13ff76fe7af55a15e39bed26c45c2c3464d503f6ff2b6b95e3d4101ef1aa4e0aa6b60248c4f26c72497b026a9f0f8a25ca38f358624ae18258aa3594d3d0596a8b66b3c5e259168bb5f61881eaa4b9733119474a64b28f61a18c049d2514f9ca508af4aaacc005965d3fe68538cbdcf17e4aa9e82fef208d2fd3d9b6f7099337631ec8268b83b90279e5f8c18572b2c15edf1b1e08fc00fb2b38c856e66a79885d61d2f1bd04c93bb892ef5343d9dd04eb75db7a4cf2a25f3be77369937d802f57c4fed0860f6f721892d9ba5324a3aa6d5231f54d07fb0a1450c4c708c996bfcf3fd6a79c8050b2fd34652655681869c5ea07c1f9c3228add4089be8593a6ea05193719221a99e4c90f400e5c3d59bfdbdc6ea3c56687267a9a48a8aa636acb99f07ed893f7ae3f7d50f82217166140ba0b003c23cae03aa1445c0025e92e67b342dc37acf5795fdc802da80900e1cd9a84cb6f749752bae73ac05f9a5778a4679927d7ec777fbb8d5edcd230846f74079018fd494d657e9a099f4e0d8cd70d1c60d37972998b3a83abf35d1b8c090afa28c56999381008d23a7dac91a196a316c7d5e284cec002d1ff145f569abb70910fd9abbd9d017bed22ef0c5f48466d70e386ea4ee50cce142cf4e562b80b4e17ba1282701ca36a917d4bbd98a8795c120b0e7c38cdaa4bfd86d9860442a60f955ac03a9db8503884fadd3f8dcc0174570c145e0f22859667a6f44ca297bce84b2192bd0bd5e4cd006ee43a9bb77474414ba8f96a3fc940d41cb6bc05eb90d3025e57c9c6697485d5dc6d9be64705684602433fcde9303289bb23db0739a6db6dc7682ea6aab49c5077f66fa21e8af5cd01833654cead3646d48184bbb68bdd897b8026f3580d538fad7dce7c7e9f163a09e8edffa5cfbee9ac743e4d97a2a1461fc945c4541be3e4b940c73d64e69471adeeb7b2bfb3c5fefacc68414b24c7cc5e124aa51430618ed69c496440651bfb95aa766bb3336eabc3a817c82c39c4b81acbb6d97f623ca1fdd3fbeef5ef7e6cefd09e16391f1d409a3ed1305b79c82b3d29077849b8d584c5edcfe08dcb0361684c7d4f56e408cb745e11196ad0fcea32866140a181c17ddb0097ba22b714bd49f228bc6b57fd6fea29475f3f61e1d68330e6015539eda198e3cf85ac9b5012e8f5f44a272c61ca3af2c3040ea0cb425dc43d02e0641d831369b96eae13bbe494d08a49409f7d9ba07642ad0bce66d22ba548acebf527c09f8d0bf8167215ce0844241e91978ab487cf84e4ddcf49213a360ca8dfd060f345ac9a177bff55e41247663b4db3f874026149c81f3281193d0d634f056aab00bf4a56bfb9ff9c50e4260ec224cfbdb06ba8ccddd3c46cbc1482e3c3d121dd783b11b5a4af3956259b943e4054b9e5d8954aef77f7f0d997324969c63631e157be36d082c6fe9090012fadd6384c8ac4a915346aac0e6c033b13fa1a50d2d13baa70ad596fd841d0711cc5465d7fa5ee72b0734fc570dececfdc62356fd5f97aaba7c1ffc89b73ecd4ff69a3aba137648b1ef8022bac30aad32393acaa5fa16c976a809f1572f7c766bbd36f9886dbc477501c412b966edd8751dc603e0dafec7fdb020a21701fa27b250f88662cc934775b82e788f9847425c21a9d93276d572213a5dbea46155b747a03e5e9126a1c2710b3d3be575d1d4c40fe10efda14606a7203585314ff929c636221fc4bb17f5243f61d4b877917e11b2956cf785f5b3e2a154b6cf9fe7694f2829983801b79ec796f4d47407f75eed168826c489e9f295c78546e8c628785e9fc2989fc30ec2416782bb78ebaeea24bc4b20699db6150e28984cfb809f1adb18fbd5dcf7ea4d3c248d99324806c9c27e644a88a1193c26eaf692f33edbe9f6de2ab448d1683b98cd82d6990b6b105ec77a36c81260d525b0f75dd3f1da8f75072fa90b31b15caa883eb60026d2a4dc80c84e169f4a6d50f1a3f083043a8cfa01e47b83b7d8a15c73a416c035692e3612664b253de522846d12f82d90c7d7a1a1c41ba04e19859f527b47ca588632fb18cf45a06a58d85e08f61f77a4bf1fdd68a4ea06d75b4d6ad2f0f26b9e72b37e5104e17240c40fc5e4c1c9f6145715c0529baee5a3cd72ab30ef31ab61b38bc91ab6279e48351268680eb3cad3481cd550cb64654bc90f073149786ef959f94f9390184250ce0268ad6221b43efaf14a11de971c45a370a2db06d592c742e84917550ef2b37b9b68966e802f95a2c00da784afe8e62a6deb1d6976a08db1008093418dd35e4d4ba8a0f9f2bfa20c7d0b3c2afffe755cf1296b5ab84393248bce17ac3cd71eec5966801e3b3b1d2de47131e59f487587767485edfbfe6ff037531e57e1db1b61921d7b702dceff03b925d14d205f9b8697110490ccbb383ef911dc6b6a16b617902da843d27747cef1ef311157b25cb1cdd9231aaf86647d343ca36c85c4059f59fe8a7508f466c6240476d867ae06883ac7f45c50613e56b337692cce24ba24efad08ef93920119fb2b0879474d3f0ba61da5a4f3299ca80d2cb65fc905ab5271303db67ac86723203071b354d45945f342c9821a9845bc0ba3df7ed61c12f88512f692d5757a30911072af8e0fa95142315c6be38726f390d696cd4938d2d9bf357064513cc90510a0422be150e1218fb22a5b71de6e8c313a565c939cb48a6b1ac1b75638e3ae00a4caec8834c16c297df319508441e7f063d67c6e4062b1ad606b18e039da59e7167dd3a0b34356f95f9f52093939106180a0071533bf71ab47086263bd96c7b4004085779bc813c2186b5f44f84aecab71b78027f7fcca02be7d149db4c0f17835201ef03c9ca6fbcca3a1353d5d94fc366bc2fda593280ca7daec8ae12815f854fc84cc1c3e40b4412850baec19331413fb4d19b2a51769af14c51b98e9bb8575d0a066a060f9bc44202f22183a1ba2713453259599690bd70392782fef5b7c5e3f8e6379ea84a3b602273e372805f9acc7994dd745bbb9ab401035b6d042c9e0a1fa329502e2e0f17ee9d34b96c255a3305b6e311fe4893d144c10afd860d74218ee78d83f252d4620964a1d7bccf718fad9df3baf5dd5bfec7448e52601f598e78665546ad09ccbc9e1b96debdada7a570ba6ff018fff9a589111ab45b71b9daa9f068a8fb09a16a1c1a6f6e22296ccad7d5d968821794236a79a62262e5edc5756c99c7e733e88ab78120da5f844968d02fa0b9e2fc3763dd16f354117b9ce848c21992b2b391137a7a8c31f2226d4c0669a8334ce6d5d85fac701bb0b23452453ff766373f18dc9c44b80151ef728e256656b40baf747b9292489de5e20184a9c022c1ed330003454f4b686a393e68b0db21e8fd931aca596ba3f51243101250fe78de2ebd95f4f333ad25edd6f80406a00dee774121da8f8b23b6eb7f2c657852fc777122753bf2fe4566ce403b6c0ef0b8bd0c53823d9f60bc44d0ddd6ac788e8888df28f322ad0fb6fd9b6d88b6530be372d29050d2f1b1e8273fb7a1ca6395c882090422af5ca6f803877f172fa3e3bba15facb5bcef8fa89a5e3c661b835b11e02b19f6d5c872bdc4917913458c5972b4e2cd3aaa08cb2ec668c0ec2692eb53d61988f63c8460aa945a2975ad59abfe00ad67242739b653e8ad422675a37026396f6e7d9bdc9f311ee667ddbc64c4afb4166316ea167780c718d541846d29202113b869ae8ef66811edb958cda474195542b7a0becbe351ccc7ef78f6b572af15e431b59fc5f82d47265372c4f3fc18da44c9aee246bcc248de3533f20a60b61d8a4b8324dca11ec571028271a7d1bc83183e92be5385ed4b2e94343452468f50f747c3a4b172e34c947b9a40415602d44469dcf426087ccb2a3977a8698c5c1190e1a84f70366b544c89fab78146b7b6daace5676067a48e00fb90a6073167be04341ebf2181575559cfbc03a9871617cd7718ce1a46c52dd3faf79babd1a01fbeaf89d8b59fa9dc6400766cd102db6cd6132e8f5daf25061614042f9dc254f91a4ed14031992476021a0cfe5b7cd8a8410391d80572c19404c43d5328fe9c96e7feedde6b3741d04b524e11a41dd3131d5b2c36b5824a899d7aa1918fce06dc08d3cb2b29581553ff352b8f606db5fbfcca1a154c4613de096ab5c7f4eb6250096d964b270ebe242850c359686114b1bcfeb715c7154f04a772973c41ca9399b61841d7fdaeee47745cfce51f842f7cf412022d006567f58fb49dfb3eba342191ea6ed037d32e6a92123d7e58777ad352c2bc27da93ed46c378ff631a7dce38d94fd8d865b5ce62de4c67af96bfee74018671be2fedd63823306c3492320fe530b099b5cdd144608b6cb14aa79f5482b01f828b8aadb6e98415daea029984e470f8b28b2655b2ac753d33b8035963b4a5c00bb0cfda3372b2782590596d6d03c237e95a4ab347531d2819c9ac9ba37f642298f6a999fdaaa13778e10d07e3fc9c1387a0a76016a4b30317fb3d8ddeb4433d0b04d17d30c29615aacf0f8697255a6a55e6b47d64fa45d7171a8ca4af78b32047acb2b7c5c70969e530828882287a16ad460c3f372cce00404ba06b2fe64166d70dcb4f6bb636fd53a267be9a13beb9a1d8253dbc9e49028981f7479488eb40ccb58cfa1c0c9fd61437ef0e84f51ed5f788d8e9595e5955faa744c700d6677bfe3c5e52f0ecf70270b9e62610d5cbd53b2321033a7aa3bd70ad8a9506545f0da4cfce3aac6e9a03051ad703a0f564685ef2b1e5f203637edd5c30ba505f81666012e2cae3b3a815d33ae97b0767e8b48f3d42272f9d326e8bcf176f852a8aeb0603a11fe12b5e04c3c5ab4cab621eedfb5e86436661bb279459e3d874ba0fba92e55fcc763cb8b732b5cd9286e8f3147d3cadf5f342dc9313f64bd83ed828fc426b69761179ce732a3009194b8777a10eb2d3f4881129478b994e55abaf73965d62d846b8c4976f91d009b73738ca1c81f055e0936aeb527cb4002daa96ddd8cefe2e390bb5f90eca8e6d6997ade6819be3b44b2e346d533f7ca8f3c031f3c5ebbe9e17ee00d0e0823c61d850c6fea943fbdb4caa6539e3f7903e05a304e7cdf24b989908ba2f41b8bf67cec6a83ebdddeca2ec954e70c7816d8241d703b8109029869f3cb58c62e1e7c9fee329af5a3ec5d8a12db1f00fb579fad7ff18fe5a72bf1b185f52cdae932df12744b5eb24a0c3e4e5706c880f5f6b64ffdf6b71a17985fc4d2cea77860196f378ccf5b2b235b93b0278fb69fc7f460f21472cb90ec54d16d168a5caf2337d63b8ebf11012568d2ea0d92e91e83cd6cbbc88afba1097a84cd1af3948a2388891225237b30b4704d2fefb6bc7bf6adf6dd86b7a65c511637d96a3397096217c3a9743050133bf836b8333519d001947230cd25ade2e2e4e9b8a1227ae4283b2052b2c3a58a11bf7edc534bc11113c329791cea22dc5b71f3b4702d1529d965f4ed81951ce99a61779452751bca8d3a0070c47b1f8fb636ae6bef93514950f607c1746f5d9afa96902effd960b770a26aedad55aa5ad869d18c98e24b470c99b901badbaee298d93c2458303104e5c2dc3077b93c39ff46f0e81440a6f9d2a267f05f533c3c0943b6bfe50906944d2325143d84e5c12d528841ec611014d2768b116992fe1483c1764467eab1446b14adce8e366ec1615f7ad0fcc272355ade823771ea79db57f2dfba3335a50dd0c1c6105ec51f245e096c1492ba4230a752871e4c16e8ee301bf5960e97fdc948c7d54697f7c01439f18f97cfd01c4b74022607e9459fbdcd10243239b4b7f29dbc217a0caafc0b613e43e9689dc1bb2e135e9deca88bebfc61cffdea1ee33df41967cf96ef72a9d87c45084fb105077273109aeba2e3384ef27b604f356984401a8643c493acbc56e3780f0f0ce868db37c0f0f91d403e99951e9c33ec808ac1107a133109588e065162ccb0fa254c8fdc3fc89bfba51a17c975ba3cfc4d1f0faac685619bd5453ea2acaa8a3dcf34b2cac31447d77a89ad8adc9b1c0c620b6b72230a02f978a5407572fc3994c59b764b27221aece8b8ce9faed1d6c442672c102d7f2d28059173b6b6b188dbad05273ff852e0b9f14380f2ba94a34859092407449b9118a7d54201890c216a4720001f026306a9f8e57d0bdb9c29b9eea019e0bdef92e5e6a93852dd3e26cd3eda7a27cf479e88dab17bae6d339f2519b76824f1e5549304dd01333b393082274655b8c3dc00e602aea10f35793d6882069ce5a4debf9884c51d38aa1d83c91a92c0606d38076a1dbd7bd4c0cc5ad01dfb2b04b0dcdb1cfa9cb08c498ec9481559f0b5fdfca94ef3f2f07de6b541ccc5b287904d0344ba8b5b51c535644e8d459d15166c3af4bf36cfdccfd1ac83ebf540d61db77069f13152f27f17757d68536fa52473dee6b1db107f7c9aca2d6a98ab5e537b9fdc5625e7febe87c2127dbe140a94018dd26a640fd42a769bba8e6ffa284d5435d6c57a1f950933a6f6b45d2c7faf19ae2e8f2d2a96b946f1f6d2aeb335aeee909a746a5944f7dcd85f9cef487e9b182ed90cc03d9b170c1173cbdb0e9c40382e0cbdac38bbe8c3ffeee255c009f0423efc3d8135f9f7c949d12d4b700d2aff5bd3c0fa3c9f30a6054959b4f609c2ec8e235f5652d6416be3d13abcb84fe2db79e304757ffcbfbe286a1c8b4c0f8aa19d846608f6fd7f8a34acad860a73588593eb1cf7cc6f3586356747d43726982a38a527f3d94dcc25849ab71286b89c5a30cea07b8cb255dfe1b86b54d077960db18eaa30cae8101b4a61fef2147f1f38a5e83e40e262e2484bc552b728879d1c169a81713db17379c4bf5f9dcdbfd0196228a7afa3b181d401d98ac322c5ec619b0d504e28aa71a450b259c0c89fa2ba1ba7a7356da009b58085bb6e25fe5cd0097d822d39f9f3c9b39da1041c58ac1a4556de9d34f452c995ec21d1034e959218e8fe002d2b757c674848eb7ac84e8bd457a312c4378303ebb3184d4c90108e0604cca678487bcdd0be37facdd7c6b17e740a098fa4b38091b10f1536df1f297902bdb5f02d69f25e4e84d3f4700070f63189440a2a39b9bab6d4f3dbc23634867aeeca99dba4aec39ee94e701ccb77ead02aed1012f7eaa84eb44ad3e625d5619aec5ef76172213ab1d66680d42872e8ce8846e057329fe5937757e3ca7c1be1f3db31305f48978a178a043eb8d4a060d125dcc202e6d8c75205fdb2e42b0b0d215e768c73832d58ecceca993f7d5cca8c3ea340a8c1e722b806c865ed1380a1cd83b8b5e93ad4e2ea1d66cc7979fbac5fa26a2bf881b6db305bb60eb05a39edafbbed715e6aee84245b1cf950a2cb69dd631d95365e1c731ba5756b2ae1fdba6384cea97d7d74f9be62cb83fa7ea1287b6f26eb6f24532c6dad7f7869eff58b8a3448a5a6b0c4f45d8c1eb277174e3636aff670d8f169e040a445dce4b33f6c33b3be3e01", 0x2000, &(0x7f0000001480)={&(0x7f0000000480)={0x50}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_fuse_handle_req(r0, &(0x7f00000066c0)="e472d1bd70fb558d64de5dd41648b39b6bc8703d4af57c31fd3242fcad4bcf6c131b4551cf610090653cfa4313b17e010f60aa5e29ab12cb706c2e4c3349d4c804b092faf440340aad7ef8e87042d91378c7a42fba7055513716c595ea69b3cfe998391d937e785ea8c309103ff4254074c02d28ea563f73129443db839c73e062ec40910766c9685f61b491874faad03c8a9cb47817f11ea0c8a51182c505116bc175fb3f3dbf7a32794c0fbca30ae63e67fda028f2d4c94fabcad18d713428c96f977d4e9cee5c70f89584cc19405b5469b01c9d947720b3b1463c00bb6c6860fa837d8eb6d732cfd11b222ea20caeaa5d95dee51f95b6871829fdc60599887d22ef1a0101c24e4003d2753265afd5cffbab0c38223fe2112cc5873fc5c7d93b89282f02f54d8eb17dc173f38ca7e8a5f977528eba8487d73c440e3f08c42b6edac52cab3ec7f686a4be73089c2db376ffd8f75f32b4975fc3c9883011fa02003b4a551faa5d92f8da66ef7895411bd1224acfa4a72233793dc0c92de4dbc32d489e8b05db3122914320830ec2a437821355af94c9bf02c2546546363e083cc108a54f7d9e6e56a83d9e52a8357ed6a31aea8bd22f97db5d9f11b87e5d557ab94cdc64a866636287f2547c336f498df0d977d363ad223aab0a53918ea0c493dfc4aa44dd8fc75a547cd602f19c990823290a3f7dd98c164d69d654b88dc5b39ca4053a131a0451d4db92caa020004c3065e694a7bac984c70ca80535dbf829b2c33b81851c9d1201686a344d0ed63c10e9dbdb4d9c47f6283435a511a2fdcce58a043d08a1b460593353edc0957bca21ed6762733f8cfcc41f6e590145a8122648bc48f3b5bf1875bd97e0d0e3ac66cb7078944a9cdc5bc43ad7143a4702553616731a30a538886f7381d47bace5eb23d7a7c73618a7a18fc08f54cde38ba9e7140e4aefc9d46d81ba3cd58910528003663760c0d2efa66c6ed289bb5b05686edd377d094b8e3f9f67b050aca39eca3be674c7bbe8da75f6cbcdd819a74fac7a306b7f392d16829c609cdbe13871011e7c79235bcead6822f98e58c8f7ae04ca9924497c3d53be8f9a7893f8c273031a9a442d2de8e354fd9fac203cd549cabcc8e234319616397c5d91751e76364d9363dfd815fd3d51c348a56bf0b97636379366699124ce17c7435764481e51a72a7b68ea5d9e583c7883301af3591ef9ed10086963358ecd009794a1beb11b770dd254f46b3297d1443a44d7a598bde8eff4a07b89982a8dd886aecaa1e230a74fae6902d4b52c10c4b382c0dd3fd754c5e8045206fd0f2d464d3398f0fa9701a8c00c6e7ca36034304b436ce6841352bb4ebc570b1e65e781d25d4b1ffd77d68ab9addc242c7e087c6030de358867cb13d9717aa2ec0a6cb9174edc9abeded1c0cfdfff48f930d8d601a6d219e974320ac4ccf6c2ca2456a5c14c378d46cd521fb424f7791318b15ea152f7f04d3c2c50f7ffed93914b6b46511be08f866239a3339b46e254d0c143d0ef1f15e30a16123ea8bd67dd5791ce994b960889c29a6041d2e4431e3b1b819d980ff10dd1ee4c2fb57c0461ef2c170b4ed03bf3a54f5ed3a5b0232db956daa99cca7cb7dbce3b4953da110944993aaf6f91e57bd4cdd1cbcfed17d18e52c10e2bc06d9eae153153ec71a48915864318a14255580af8422d4a779293fad34cb5a635dd980cbd4a6509ff233cbcd6f1c82b135093eadec234e306f3e779292258e698932152aeedfdd3de825db5ee7bfd34ab8a1b748aa3baa1a792498d992c486b1bbf2567c6e6ce1acfc91d66b19312d730e36c6a789942248dc9b27091c5784a079393ae3c3057312e420853b7180ff2fe9b8e177713c5bebad56e07423614293487de32dd690fb2d573f9d66d21e0abd15786e529938b61048b15457a8b5df2138eb78e8c34858b4f2196ddcbb5f93090d26511ec88915de365e7b6edcbc32c8aa584be61174108d7463a6636b36b1ebb41b3046e311b2168d74e5a08e2df1b604b5cb20b6137346112e5e95696197273debe46d9909a3e490ffcc58d097432949b7351f7094a97aead2060fa6be15665e7f8101a909e5a7431bb0e001135a0d1ab0d7bdad363b06c9f1e7452afd023877bc3c9a15c5600a893af6d7aa2febe12eb62703972a80da7a4a177d4e660e15b1656270f86f23d9772295197fcd67fbeb4f6be26c655992fab2e99f16323c369050a6938f5dd33565ac110cf1848ed2786025a2a51843f61a6dfdac05984f0c4f266b0f2ad490ffbcfa3d2ad6ec8b3c5baccb9efee608123ceb06bea3bd794805a5b0aad41587d05623a473b6c08f021de0e9261e3877ef074b053fc3ee7a4bb1108bd6195b387ea2b17fbaa07a38b339f4cca17acd9d888452fdf29a22d7623ea0ef7134c341b777f4d016af32f286481afac9308461643abff28dc9958446d8841c3b0cbaffabadc67763ba308acd21cc2c64b63e3796b7d765548b081c7854d7fdb4da5a250c83e2d703660db9090262ad9fbf549c8a432a835b1924340136af55bb267bc209f3a9f75c4898d95bef3231471758ff161d32e00436028eacf529fd5815ba95c8d172458bc4a49bb568b57b85736c9bbb6b310af8ccd4cf47742fa8cfde5f22bd2ab34790609c5a0afea5a2c96c1c718d818365565c046f896312544533112ed4bd53f42306286de271308983a047286bf0db5f2604a5e068baff586a527a242545f7bf38911681c2c9a43e527714788fae402841d8ab274e3ba84765da20ede649d8aa96b86944104db799a2b99d8833d0e5c18b76324bffbca929b3524652a7b2b61ecf4a0c5e3eaf146a3daf1d38641f4439e2aa7c1c3ed862131f867854c50b9d87e3828cbe113e2008b3c85da0362ae27840750d34e6f4f6c036a963493d8a0f7363f25c5d8db87bced64fdfe6bcdc09b99e1a5dff27db7043da410cf04221de12f117800f995ddce79a8e40b16fcab8b76088d6dd1361a55f915ae36724f65218a518a8b5ee0d9b234fea5f299d07422095f66ea20b606126ab389ff5e8b026acd523c3f04ad8def4b0ba8cb4298796f30a55425f0e4317d418d1738c9e1801e850aa938868d8d0a20d8226704e934393c4c0e012d0f924b3692708042589eb6aff3e53d772faf737464be2431ac150975e5421b159b60e527db8416dde677569785bf54469e095df47fbca3569e2c7e5e2bdb4481f4f3afa8388d78beb158f0eda5ce32f5623a5038ded23f0d927f990221659eefcc21da13d871a15183b0af9278367938cf1efbff0cb1ac773ed7c8d4d0976a33601d4a6cb813f8b9473537d63de952b20f3f7e50a188893a8299732ae09240864715b81b1f4b35d4542a1bc2d7e31efdf761f350ef5e77daa4f79ad21d94ca9fc9d534659cbbfafffffffffffffffca914d91a84df437b6032ba02ad2e7a260f564c6271a6b5055859bdd22c7aef0f7c7b3cead47857d3ee7df12fab53579dafc9881a0706ca5539af1dad404512aeb11769bfe2f75989585b8ef31c6f39ded4a854f4c6a677ab6f07eb573ad86c214228a4f81f2b4e0bd5eb9c69b6e2e3c6e0f69490031b22fff7b5191f076f94f8711c37d8d6197f1673a2b3dc0d78584315afe6b0aedbecb0a4ab1d290488b6a7a2cb45bc05adb0f4de60dfc967f69cf6740262ba302471db28a2a0c4bd74967a5524a7c0255e8b9a39ad8ad3617efeac4038317177b726d4daf45b17ab52ac74546847a0f5a0f94f97827cae2312aa328d4c64645ee623f14f7b9b2ddaf8e26ca62686c399629a2693526f09ca8d72e079611817bf94ae489d7e13e913262e74bced24c60b55b2cb0104e534dab9e8c14696d035ff83aec922539f7c8035deb67d897cbd18adf86426aed2260da7303264b82ad3736bf6b8145ac55c4559af3e8c6198a0006f71b944e9761cfc8efd5c0574a5e586376418ec560a22735f1b6a546e00b4692d8326e82bef566c1571c10704676d6b4699c26f115963d0f3b6cf73c5235b146cff1d5db9b5920f47a4cb4203b06c988ac38eda55b6774e274be3947d60563aedc7c87a5520ffef98b9176e48d34ff8b3d64a4b929e787930b1f40f7a886a4f49f734675a8d5d3910f09c4076435b7866414bd248320f26598be202ac4864700f939a30274370fd716215cdc371f37bad5b546dc8894646b4df24efb9e068b9471ee8ca36f13ecaa666b4bbd2a640e5568b87202b20a80bbed7e6b8a78a21255dfa896d19ee729915007d7f53bee159d3728b399597bab9faa3da473ed2aeb2b6e657eace5c728ac080be95d9c30947b575ca1302bba297ec9e7ad8415e7a5ddd0b5395de86b575cafdca33dc8807bb3382bdd605d92f9b7ec322d970c34965c5cff21dfd0475d209d28b78c8baea018c176f254811ef6a7b68e6f4e6fbd098e795987a77bf6d5932ed2bd9280e63725cedbf7e9475286f84902a34a620a96977ca49ecff6eabf1d173c6a3f62a36463bfa9be0848392e6f0b7936786334808295b20abb1119905c34fffe564677988e2ebbc3dd0eb00e493ecb73a7484965107479402f89cebc444601f5d212a5720df1cf9dc254e9c90761abb1d03739be0dea622099dda43bab6f065331d0ce808484f49040947c86a7c82a7a406165844f4fa06dda89e62472bda1d3b6055924360ff84d6feb87098b8343cacba9fcf5ffa8077cef936965c7fade510a9775efd0ca62ea7345a07ea53807b54af9aa1b5b398a96ba82ce6d7ccb128db034437b55c7de34ce3594ace82485eec1068ba5973455c589c650e7e68d86e5b99cc8108fcff81ef849933cd759c4299d9dd7790f683d5eb6deae13ee045982e9b148cf0023a395b45623e9fa7a1e68cc7513fa345595755951693d98abbfa9618f2cbd2cbb83675622860c150a6e37d46bba16750aa65115ecfdb999eab5bff0ec37c4a27519326a070161c76396f9ae68c7aa1171483536a8388ad81125a31605eec02222a786b3bac009c4699f3117b817df89be37f704879453acc914f6b16f991069f4867ce67efe4172650cad71cc90ed96149c9bbc73c8216ff6cef0f52fa8525ea81a1a3eea142553465668d9aca9cbcf795144895a7f31cebd100ce1390f374273ed13e0363e6e17aa6f967adb1f6ee9bb468b2a955e30a4f41dd38b019b06fcf3d595e143ffcfa1cb0b0ba132a5f14509560753a0efdca40d01f22e198ab13b359dbc49d856002031e08f2e57a51c0f4573660bb3548713319af46b152cbbbb57ea06685800e4271afe192e88bb2686432ad35d08293af7c7f0b8ba92efe540f28f986873f5f2ac9df0120b82cf414713d93954b61e8903cdd65c51dd2b59bb2f507d7fd6a78651579e064a966155e42d52a7cd5b2c3eb457e5878f5095fe45820505c495ed92784ccc3efad4a994e344a606b53b4297746aeec0173e9eef65b25ef0a64cdf930ba8af282eddb64cc0d8b3e7d315cf9469998839983d3e50b419a1d8f5e116f9e927606e46bd5e86f2e1c7add66aa11bb98e259bc40f457ed208a666b19ee9c3e8bed98d77f79aaf0460c5395ab9b7ca702f35a271810360542f7caba7c25627e45947fb9c3964c44bc1f0208ab7452122bde224c2a9ad6cfa4413a90aa8ab790d01f2917000bc611170e1a057403e9e6b0cd49ad14f188b2ea53b747689df82ff11659e9033a248229fb96e468c51fa5c2f77b16ada92f2e4dcc83f6d4ea098977c9a4b704c0180ef2078a1d6ad6f4345fac91d3307c32cd95b83853dd960269cec3c5131a5d590949697f2037e3fc848284db876bf771eae15bebd0816f2a63e7e094787c14010379ae907292114e0b8becea516ef0fe8e4478c6eb7dcea29239aa1404167b6fc88bb1e297d599de01edfd8dff76717531d7fc846ac27dd162866ffe23cb1a56a0b7db51a3ed30ed092e9a3f925ca5632c91e9fbf4d800cfe20e8f8d24c4d508cc1a8a8d71ae9810347e14a810ad38be8a15fb2265ee8ceff80b928cd34318368a3756eb9074b5d9f86e08d043c870da036b762259026e20cb9760875dd77305d8474ac9f156666838ff10383b81af4ed7dc05c0336ac9c723c3cbea6090fe692486842c3e2c1d5c3ca2260f5509d07bcd8d936e109e791966e4403e7a5ee3e4970042ed08d670457fe9da4f6e4119b1693243f0065f970dc56484a593b35f0be32875f13632690067404da5b14a31b0b3f881858ddc0b7663856c5194b8834f40636ff59c9d41b9e81191230a0d755fc7e9db0e2cf5aec063ceb1ed3a490fbfa97c3768d71eecf518107271720cba10b1c5a6e6b570e661a893211c2d6ec17170b7d0662d51d146687a912811f8a9e149663719eb821e37a3aa85f913e596a7eca790d98910ff4887db654fccc89a0557149ec1057e10f465e606e04fbc73602010be0bcef47f1622bff188a06d0d7947cf12054516b8e4aecc7fc9fcd2cdf30af6df0d6ba8bcdbf201e61714fa66ce0d66c114d7c8e4ae2c5ccc3e1060cfe293dba799e2148860c9332dee536ce795ceebb78a56a6cea0369543c352a9659cdb64c82759cb7f3cd0bddf9a523ce38e59afab6cc5213cf37730e504aa726340a2bb839ef064d13fd60f163f8110ea51e4f99cc2d233a0ab88acd6a53e67677fa93168fc450ff23242e7a9385831bbfaa1056708ea47494fddf8a4ebed860dbe8960551978c7bef2ec957e738b1e6c4fb6e97ebbe4fbf46380138f953f8c67726cfb49ceee85612025a137856f855ac77ee92bfa9b06e161cff7d9881ae61e3abc326641af356c19220025993cf51f9ff1090cb3e4cec46124b14c164d7676da94d15d83b4de27ec63c2758f7634915808061945fbf898b4e7848db95b2d31f105645152898ca2dd1c342c0f06803ad34d09fe019b513454f72abb8ac5c771bfdd19b4a9e0bc0e06a046cd7e4401f73d78e024fc912293a2009ba83f2b51a60814dddbea98e37e79969d403a0e7bed30cd3629933d697d3723174e919e65f5815127e6a49843781f9462fb45e65818d0b2ed216f5bdd1cb897c68d3decb83d9e2217f69e3a5447b0902a9e56361f36c1b60ae5e2f6833e227759e7122b0e6dadb325df1b5925b4dc75123799a3b5ec2e5c480975c49d45c4eed68e72cf7f450444b652021988fcf97242684b95d5f6cf0063191cb1969615c8441d5208fe669057c2703904b5152ddcb5da5d0ef757bf40cbeb4906d316ca97e8bb89750cdc7eff99dfa255fb411f904dd35a81f5338805a42656d0998007c323157ccc79e05be40c15ccf51b675713e9b35bf8d341b98ff01ffac098a0bcd31f10c95012f5023458ed90a44efe86a3e6b3bd3a911fb36ed6f2b2b37c91aad562db519bde5d800c75cf0ca7c6c9476b5106a2fd85fbc46c09b13d4b67e3afb5d7254eee4cf4f4357a157a3bda19ec767661e07acf46964ecd83bcc07747bee1752f49c8995fd97d3aa9d647c8c315328e986823166051a64fe7b24efad03d894bb776000a35965fc4444f84b6d087ab980ee7a38a79e709acbe3c4a62d7d9f2162d56d2a393802f567d91e3708983ab2bb7a870744d1d7ad67d5534f81995416c4b1aea7669c3bb899adace67f33b6ccf6d2b0ed0d45b672b947ba9375c10176ad6ee40a030f0bb6ce5d58c3db3a307e8bd5271eb19d265f0c0f99bba7c8c0960ff00d16eadd58bec73d3d8e785047f48af87fee26afe084d9de9893c03e60a31a00eea6b832517c0287b3f5559aedf0271e2d2d6b2ab8a0a766b5ddc1ac17126dbcb696f45d9dd21b392f95a6d83f682566a50e58a6dd45a77a79dce7d19871eb68c3120d85b742ab71c9f3ef0dd5c22b03dc4b6ca2d10a7cde73fc4ffe62c812037ce1897b2798cf480f5c71a659f84909ece19dbe7848134a02ca16f674e38d5fa9fe1299bfe004af99091136803916d637509654a8b15397315219200dc923ee3b7de21004259f1d77be9d58ea87805efcfd7a5c50cc4ff5e77132be212fa413daa54d41812ba2ead03a531cf537fb66cc437703153d488966c225361e8253ac550d87c7094d529c4afb0e75842e3be0ef7292eeea177367aa6efb21dec3ad12493db606a97e8eff3e4cb5c9333de8b22041df489c93d16f915bf5d1cd2f47e3e5bb33296b89fd76c86c5332daa2582d49fab29d4c9fc1b732b9a1641a3064ca77c45e7bec5c2eb1bf59b5420ff3bdbf01e51d3463166dd6a9831e9c53f38734b1b2237d6a2dfb375ad090b6b3732231ebdc9dd04bc2aca3fe8d876cf3dc5d37eebc30d11629afc6f7b458de5ddaf184fcae678786982bc0b70d850f4dd32da36fdd5e3e38435ec803bd936c58f75fb62f9172fc74f2a0b40d14c275fda5fee06fa056e048a50138315479bd77a20e1e5c8243bdec4d0f6780fdb7e24e680d6881057b8a087d0666b07f5a6fe8da0cdab399df5f747122b5ebdc84628c48efea88461ecea783b5104e1992b1eed5a65e0f46837c8952b63982a41dc73fd0acdccc2350daff5af13a236c96265058f46ef2a748597877898722602523c8ea92554424d80b4c13dd0f45ab09e9689528e4b89e743ef0c62ab7458f8815f52a049c55ca177eb0659e21cc0f2dfc9c7b11a4522cdcdc2e1194a1151c8ca7d9113fe8d8d02a2ba256fbcc399555c6c51943024647530e26bd941993df85f1503943c4a70a242eca2209e5c4960b6ad168d709eedc703f38a521c2c443bbf6346afadc97b91c9a85443ab0007ecb1c6e46bfebd20d5ecf286bef1402584afe910501b81c7f1c03ade0fca870a224382b553e44c9275a243b6c1447c8d99f68290cc8384895b9d375039eaa6489357eea1ca7dce802927f8ae779ac9170d7c3d182f971034c9814982c3d9663e5c102ff3b3769104326661837d4580c5892a4a8a405496c8a6e51a6db03d47220e5b94204cb81d7d713b212bf7b776e30dce8bd05a772226ea52dbd7fb569040b58cb53edec24ee3502a41291d53f7db1d0eb1bd46f076f854648661b985d0d685f674a213e79e38b6d76cb741e2e75db096ff739e3bad694b34f6a556f5373592195f51df845a9c44e974537f8b378d3326f6e58ad98cc0259ea6d33dc7ca3550a6f7966acd6a93589585d31e8393d97dbbef8cb7eae9802de74e8c822d6d86b36a8d9929a0e6683f6a29bd9b1a3a5f5a1720b58f8ae22176592678a2417f55c45e86f88b2e7c9cb922ed625b79bcf26ff2324e90d177d3ee2eb249c2fbaf11b2e4f65efa155f3470a7451a793ce842bc80f6b0ca3c87e9bcd2ee31eae94c756c88b7ea57eb8e34bd9d2d2d980ffb10693620221ef53d7f695bb45d7dfc99100e2bbbe5363a6c8a5eb2e7063b9480d11c2989c00bab8483f0001ff03dc089c03e82134104351aea7eebebfefa2babd328c1841ec8672aebb96b99a987353d98fb46205202e9c595ad3b405951cb4e30b7f16cff9aa4e1fb1330f0ce359b4b296dfceea700d0fc598ee780bf1e4f1993ffcd380b95f75b6d3513bbf590e21ce936ea0d83bcdb4e5fb1105228ce1c6b65e5c86d21d5731088aa2b0c4a5cf7649b16072dae252e77a9256ae37995ce86bb1427a535a555a90d666277310d5c80a8a436d79d4c4df14dc0e1b5703b022034c09cf546797cdc51f4ab8655e400460b863e354a9416cefc8c0088af766676e66cef18846edc75e9d1f5ee66183e588f6858d8eba0ec7566a6620a2cf74713a68c4b44eb7d476f350ba735abdfa2d2dce14b1d3d379dafb7e951849d36bd8613eb890c53959bfec0d099589c3c414eba2fbde2d0d6e5e49c27db979160fe194a6787177ac92410afe788133cafe10c03bc6c304ac1e887322654590e212d7768381fba349876c950bd15483944ee259e8974704bf233301244a2cafcd7783fcd80355eabbf6a459993a7b5a91d0651fd7f45194da6301054721f7f8cd5948597c10cedb887b1ef9d48cb3d21406003d6620cbe0f030fe801a3ec3596b4a036fe6393c28e8736ce1f340f6e389ea826d39f4e361ee760e51bbc1e6922701e60a122a6f4c5d476384555b2792bf0f5bb3a45f2e7a4b2eb782e0cbe574adfd431c8819aa668bc18c0649558accd27a759c68b82aa3f00dd7cdfdd51c2aee8c8e48f5dd8fbe779be876c8ad7836e868332f29ba373643f23cfbb5efdc7f1ac3752b7f150e000c613654ef8db38158dfa0e2776236c4eb535ae6f62cf8f4ed030b2282d462d3cf5466c7832454496ceaaeeb5eb4c60bf6ab2ac692c5951fe88b7c24e600e9238b31d1fea7ede4b523214103b14a087609584fff3d5d30007756b3608efeb44b4f1872c238462edb42821bef293afb4ed88830b7d84c98a5b7059f403a49a1853075f7d1e155fe1c578d1896ce970167f6ad5967f2f87373c54090e6e9c0d6f0b92f7e89047c868c51ad4ba76a9505519f34c205daf392c0ff977b1d062ea288df95bf8de9084f065a6607dd5fe5837f3b6ad6580454bc9e8d048dc1a6380c923bbdd2f718b64a7a6af2ed46ace922290fd48bb136d1386f9d4fc699fe1b427e240b40da1b14c64df2f04c6ba0fc93b80ed3b7a0bb102072f5ca1a09a73ba0eea95256aba17977a6ff1a30d94744a8464d9a5fe55c9b6e37b5354bed93ef7a0f55a687232e195455084b3abf10b42de681e98b946c5156fac504b5f78c22c1b5085a634e67ce90fb0e8816ef3751f35069d79ba5278de700ee19f8af6124ee34c6451d4c993cc03cf4a96f87e7714e60b873772c2c0df5bb83db89e09a1471cd6e9b06f2927e5315443a5078eb3b65a153ca24c5bafc6553e599f6b7b829609dccbe2e96928ec5a6c70fc4d13dd21f92c9ce25d9ccac61aa405dc5ee069c1e7be2a84cc9a8fb3836891591c7b68999eb083a0f8eb8ff48617c50fd0f711c257f707358d11c6e63e77ef8f37af91c959d9cdb8e31960099644b461cd4855b632f798ae9f10645ecf2fd6b6682c1d1dfa0fc81205480cd9456338d5336a6d7031fd226111882d4d2469fe86465a7cb25be0192a24d12fa886f187d76b9c41eb43a47c83e6b122fd2afda65e73d59b2f7ad086331596b50b37e0e09baa9b3aa25b2b4d09f1ec98bd753fb9cf557543720d4efec5991172a60f68c00ce4588c094d9928a721f0a00b328dcd4ef3b3aa29a8b15ae9a345fd28eca6bf7aadf679f86b4c9d68c5d1be9c7b7d601892ff2b36849160d6606e33b347cbc66400f2aef575008b1a0072fbab8c92768f49485180415194c004fc22c6f0d772a0c8b988d7a530a86c3040b4f8baa0eb7f86794867db4b4428923c4af2f637eea0609a99ba565335c697749d506e3da43136cca18caae8a5fe2ee55b2e479f78b2d0cbace741b6ecf78390acb37ff5920c4001fd8f012f46dd757f9bb446f9666826280ea4949b9526cbd51e9488b6f54e927b657d6b31e0f68f98b42a2d879e47f9e690aa1a10f5f1ee2c2e307b2884ed301ee6be0635d04b5fbba27b38c99477a9936ce46767b670f77aa6b7f7941c6bfeef9a6b726c31e2eee70610b782d92dc7b6dfc57a2d588ecf1f2e0dd8d5282e6e2216afff09c557bb3eb02fab5d1dea0ea44d0f82e8e335a0f33b36839200", 0x2000, &(0x7f0000000940)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000600)={0x90, 0xffffffffffffffda, 0x0, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}}}, 0x0, 0x0, 0x0, 0x0})
ioctl$BTRFS_IOC_BALANCE_CTL(r0, 0x40049421, 0x2)
r1 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCL_GETMOUSEREPORTING(r1, 0x5603, 0x0)
r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x20}, 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000002c0)={r2}, 0x4)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={0xffffffffffffffff, 0x0, 0xe, 0x0, &(0x7f00000004c0)="3f6c00c2231bc4cb500170870800", 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000080)={'wlan0\x00'})
sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000007c0)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYBLOB="0d98991b139efb69b486dd49304055c19c913257db65ec2d2347956a5717485c7a1737688f0d57a96aca5aac096de30b7c763807256344dc2afe5fa17458d259d9cdce49619046c02a91b26a15740e1fb7c5e8f49153a5e49f97bb18dec83c3c8b", @ANYRESDEC=0x0, @ANYBLOB, @ANYBLOB="25003300d0000000080211000001080211000000505050505050000003"], 0x44}}, 0x0)
r4 = socket$unix(0x1, 0x2, 0x0)
accept4$unix(r4, &(0x7f0000000100), &(0x7f0000000000)=0x6e, 0x80000)
r5 = openat$binder_debug(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
r6 = epoll_create1(0x0)
epoll_wait(r6, &(0x7f0000000240)=[{}], 0x1, 0x7ff)
ppoll(&(0x7f0000000080)=[{r6, 0x8201}], 0x1, 0x0, 0x0, 0x0)
r7 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder1\x00', 0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r7, &(0x7f00000000c0)={0x10000001})
read(r5, &(0x7f0000000580)=""/119, 0x77)
getegid()
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0)
mlock2(&(0x7f0000ff5000/0x9000)=nil, 0x9000, 0x0)
mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x5000000, 0x3, &(0x7f0000ffd000/0x1000)=nil)

2.918633416s ago: executing program 0 (id=3014):
r0 = getpid()
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
process_vm_readv(r0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
r1 = syz_open_dev$loop(&(0x7f00000001c0), 0x100000, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="3400000021000100000000000000000002000000faff000000000000080018004e284e2205001600000000000800"], 0x34}}, 0x0)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=@newspdinfo={0x1c, 0x24, 0x21, 0x0, 0x0, 0x0, [@XFRMA_SPD_IPV4_HTHRESH={0x6}]}, 0x1c}}, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000003c0)=@updpolicy={0xb8, 0x19, 0xfd3649826d894c67, 0x0, 0x0, {{@in=@dev, @in6=@mcast1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x2b}}}, 0xb8}}, 0x0)
syz_emit_ethernet(0x3a, &(0x7f0000000180)={@link_local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x2c, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @multicast1}, {0x0, 0x4e22, 0x18, 0x0, @wg=@data}}}}}, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$SNDRV_PCM_IOCTL_UNLINK(0xffffffffffffffff, 0x40044160, 0x3)
r3 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VIDIOC_REQBUFS(r3, 0xc0145608, &(0x7f0000000040)={0x204, 0xa, 0x4})
r4 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VIDIOC_REQBUFS(r4, 0xc0585609, &(0x7f0000000040)={0x20, 0xa})
ioctl$LOOP_CONFIGURE(0xffffffffffffffff, 0x4c0a, &(0x7f0000000000)={0xffffffffffffffff, 0x0, {0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x3, 0x8, 0x0, "82ffe9a7ca8d338e0978c80c568a9d94969744223a3bf7b1ce1f566ac0b5502df67a3a54817e92bda7e02337b5186bf1532b41dc173f2ef38ea641dbf4bea193", "2c8d978bbbaf836770b6bc05c7d33d4ba1eeb28b81365fd5b98b898cd82f59b99d77af213e51d53d7e04d4e85e1d41ee121ea3aad63b499c7a25e1b181ac9ebf", "9fef7affaecac6ed08f4c36330801327cabc8491b2a7e8063de5ae1f02b8cb3a", [0x0, 0x3]}})
symlinkat(&(0x7f0000000180)='.\x00', 0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00')
mount(&(0x7f00000000c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000100)='./file0\x00', &(0x7f00000001c0)='efs\x00', 0x0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f00000000c0)=""/223, 0xdf}], 0x1, 0xfffff62d, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
sendfile(r1, 0xffffffffffffffff, 0x0, 0x1)
r5 = socket$inet_tcp(0x2, 0x1, 0x0)
getsockopt$inet_tcp_buf(r5, 0x6, 0x1c, 0x0, &(0x7f0000000080))
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000003f000000000000000000"], &(0x7f0000000140)='GPL\x00'}, 0x90)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
unshare(0x62040200)

2.295763593s ago: executing program 0 (id=3015):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5", 0x4)
r1 = accept4(r0, 0x0, 0x0, 0x0)
sendmmsg$unix(r1, &(0x7f00000072c0)=[{{0x0, 0x0, &(0x7f0000000280), 0x0, &(0x7f0000002640)=[@cred={{0x1c}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0xee01}}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0xee00}}}], 0xc0, 0x20044000}}, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000}}], 0x2, 0x0)

2.208167866s ago: executing program 0 (id=3016):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000000002000000000000000000018190000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x4, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000280)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='percpu_alloc_percpu\x00', r1}, 0x10)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
r3 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000080)=0xa, 0x4)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000003c0)={'wlan0\x00', <r4=>0x0})
sendto$packet(r3, &(0x7f0000000180)="0b031000e0ff030002004788aa96a13bb1000000000008000500", 0x10000, 0x0, &(0x7f0000000140)={0x11, 0x0, r4}, 0x14)
socket$nl_generic(0x10, 0x3, 0x10)
r5 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001400)=ANY=[@ANYBLOB="1c0000005e0021a5553f8c6b23cbff070000f3"], 0x1c}}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
read$FUSE(0xffffffffffffffff, &(0x7f0000001300)={0x2020}, 0x2020)
ioctl$RFKILL_IOCTL_NOINPUT(0xffffffffffffffff, 0x5201)
pipe(&(0x7f0000000040)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
r8 = fsopen(&(0x7f0000000080)='autofs\x00', 0x0)
fsconfig$FSCONFIG_SET_FD(r8, 0x5, &(0x7f00000005c0)='fd', 0x0, r7)
r9 = socket$inet_sctp(0x2, 0x1, 0x84)
ioctl$sock_SIOCETHTOOL(r9, 0x8946, &(0x7f0000000040)={'netdevsim0\x00', &(0x7f0000000080)=@ethtool_test={0xf, 0x0, 0x0, 0xa, [0x0, 0x8000000000000000, 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, 0xabca, 0x9]}})
fsconfig$FSCONFIG_CMD_CREATE(r8, 0x6, 0x0, 0x0, 0x0)
close_range(r6, 0xffffffffffffffff, 0x0)
r10 = syz_open_procfs(0x0, &(0x7f0000000080)='coredump_filter\x00')
prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1)
syz_emit_ethernet(0x4e, &(0x7f00000001c0)={@local, @remote, @val={@void, {0x8100, 0x6, 0x0, 0x3}}, {@ipv6={0x86dd, @tcp={0x0, 0x6, "f11b8c", 0x14, 0x6, 0x0, @loopback, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, {[], {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0)
preadv(r10, &(0x7f0000000000), 0xc, 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x6, &(0x7f0000000000)=[{0x4, 0xd6, 0x5, 0xa}, {0x3, 0x2, 0x0, 0x8}, {0x1, 0x1, 0x6, 0x2}, {0x5, 0x2f, 0x1f}, {0x4, 0x0, 0x3, 0x3}, {0x6, 0x0, 0x2b, 0x6}]})
ioctl$SECCOMP_IOCTL_NOTIF_SEND(r10, 0xc0182101, &(0x7f0000000000)={0x0, 0x2332, 0x1})

2.033204731s ago: executing program 2 (id=3017):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)={0x54, 0x2, 0x6, 0x801, 0xe4340000, 0x0, {}, [@IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:net\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8}]}]}, 0x54}}, 0x0)
sendmsg$IPSET_CMD_DESTROY(r0, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000700)={0x1c, 0x4, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)

1.941542791s ago: executing program 2 (id=3018):
r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)
r2 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[<r3=>0x0], 0x0, 0x0, 0x0, 0x1})
r4 = socket(0x10, 0x80002, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8b24, &(0x7f0000000000)={'wlan0\x00'})
readv(r4, &(0x7f0000000ac0)=[{&(0x7f0000000200)=""/96, 0x60}, {&(0x7f0000000100)=""/34, 0x22}, {&(0x7f0000000280)=""/246, 0xf6}, {&(0x7f0000000380)=""/149, 0x95}, {&(0x7f00000005c0)=""/218, 0xda}, {&(0x7f00000004c0)=""/57, 0x39}, {&(0x7f0000000780)=""/240, 0xf0}, {&(0x7f0000000940)=""/170, 0xaa}, {&(0x7f0000000a00)=""/158, 0x9e}, {&(0x7f00000006c0)=""/82, 0x52}], 0xa)
ioctl$DRM_IOCTL_MODE_GETCRTC(r2, 0xc06864a1, &(0x7f0000000440)={0x0, 0x0, r3, <r5=>0x0})
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000008c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1}, 0x48)
bpf$BPF_PROG_QUERY(0x10, 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_GETFB2(r2, 0xc06864ce, &(0x7f0000000540)={r5, 0x0, 0x0, 0x0, 0x0, [<r6=>0x0]})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000140)={0x3fe, 0xb, 0xb2})
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r1, 0xc00c642d, &(0x7f0000000080)={r6})
socket$inet_udp(0x2, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r7 = getpid()
process_vm_readv(r7, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x3, 0x4, &(0x7f00000004c0)=ANY=[@ANYBLOB="8500000097000000350000000000000085000000230000009500000000000000f4670880271e3503200ffa95a2c8c037c5a142dfa8ba6287066c5197fabd5f7010e81ae0b737126e0000000000000009ed8d38665cb6e22ff5dde54704d25c79949c23e2eb15d755a2410ea7c09cc28de194f44800000000b0d3712c7e93363af3c075ff1e23160104d95433bb755af3d576090c4867a7b6393e366c6386d5ec7201d031f40f3012e9576e51a7f550afc852003b2f7846c744ae6af3c037102124d85cec074c6949e1d76d067a97000247fe5f17fdab800f4104dbaba46aac3abe6c4d7f47ef6d02ba536cdacecf7eb6baaa4a9779f8555eaea768c1f2c221c155411c5483b8741036674d41513656d400ef050000000ee282ab76f593d828cf95846be6277c04b8c5324812696a623cd8a4f8dc8dcba00b1b2d2547c45b0c52087b5efabf8496b9a951667dd5b5a0327b56c0ebfb19a34268335648e1f844ce328c10752a42dca52fb98c1452b651ebffffffff00000000419a2f238f173d0cd46dafc6e95500f53e5309ec91d83cf4fbd775d9c07d8d591a4dac60ff00e609b3b20000000000000000000000000000000000000000000000004e41ffd11d49614fc97bff9cfa13a834a8b7d58ef7845b492b808b59a29b3bfa21b4ce7abc79e8279ef3e2151281fe64f52fc86715aca2e027cb0d5ae3a489dd4f97e6dfdaf622a6964faea221d4b6a7d5fbaeb8ce597ec671a0f8cab6877df3ef4b21d902a66f091947f1a69f09007d1c22c1fa85de1caa493de14810f42ed36488b944b3ca4e86a4738f730f473f3f29d592549b220d051c3b31e321d426ac7b28e8204d3253184d307966ad8ef7482da915473bd11a72e9acefc61cb7a40b78a066f120cf5acc12e56107f7cd8144c4b1df091e9fb661120eaeaa4efe4a9e798925a72da837a364c0051118dd744db455ae5e9a579f97b4fcf60e26c7fcbd31ccc030f2a8077e089b36d6a5"], &(0x7f0000000140)='GPL\x00', 0x0, 0xe0, &(0x7f0000000180)=""/153, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x50, 0x10, 0x0, 0xfffffc1a}, 0x15)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={r8, 0xfffff000, 0xe, 0x0, &(0x7f00000000c0)="61df712bc884fed5722780b6c2a7", 0x0, 0x8000}, 0x28)
openat$drirender128(0xffffffffffffff9c, &(0x7f0000000040), 0x101080, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

1.859191742s ago: executing program 1 (id=3019):
socket$nl_route(0x10, 0x3, 0x0)
socket$inet_smc(0x2b, 0x1, 0x0)
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000140)={0x2, 0x4e22, @multicast2}, 0x10)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000000c0)='veth0_to_bridge\x00', 0x10)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r1, &(0x7f0000000180), 0x40010)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280))
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x3, 0x3, &(0x7f0000000480)=ANY=[@ANYBLOB="1800"/14], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_CREATE_TAIL_CALL(0x0, 0x0, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
sendmsg$unix(0xffffffffffffffff, 0x0, 0x0)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r3 = openat$cgroup_int(r2, &(0x7f00000010c0)='cpu.weight\x00', 0x2, 0x0)
write$cgroup_int(r3, &(0x7f00000001c0)=0x2, 0x12)

1.344326325s ago: executing program 0 (id=3020):
socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080))
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000818010000", @ANYRES32, @ANYBLOB="0000000000008da4b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000100)='kfree\x00', r0}, 0x10)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='attr/exec\x00')
readv(r1, &(0x7f0000000480)=[{&(0x7f0000000200)=""/216, 0xd8}], 0x1)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
flistxattr(0xffffffffffffffff, 0x0, 0xdeff)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={0xffffffffffffffff, &(0x7f0000000080), &(0x7f0000001540)=""/155}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000ac0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000020000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000d00)='sched_switch\x00', r2}, 0x10)
syz_open_dev$usbfs(&(0x7f0000000000), 0x1ff, 0x0)
ioctl$SNDRV_PCM_IOCTL_DRAIN(r1, 0x4144, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000980)='/proc/bus/input/handlers\x00', 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x0, &(0x7f0000000040)={0x4, &(0x7f0000000300)=[{0x3, 0x9, 0x0, 0x80000000}, {0x8, 0x4, 0x7, 0xb}, {0xb, 0x10, 0x1}, {0x7, 0x3, 0x8, 0x10003}]})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x2, &(0x7f0000000100)=[{0x54}, {0x6}]})
openat$sndseq(0xffffffffffffff9c, &(0x7f00000001c0), 0x100580)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = dup(r4)
ioctl$KVM_REGISTER_COALESCED_MMIO(r5, 0x4010ae67, &(0x7f0000000280)={0xf000})
ioctl$KVM_UNREGISTER_COALESCED_MMIO(r4, 0x4010ae68, &(0x7f0000000040))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000080)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
r6 = socket$kcm(0x10, 0x2, 0x0)
recvmsg(r6, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000002640)=""/4096, 0x1000}, {&(0x7f0000000600)=""/235, 0xeb}, {&(0x7f0000000540)=""/167, 0xa7}], 0x3}, 0x0)

980.727208ms ago: executing program 2 (id=3021):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_SAVE(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)=ANY=[@ANYBLOB="1c0000000806010100000000000000002000000005"], 0x1c}}, 0x0)

915.068912ms ago: executing program 2 (id=3022):
r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x0, 0x2)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
getsockopt$bt_hci(r1, 0x0, 0x1, 0x0, &(0x7f0000000080))
pipe(&(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = socket$inet_udp(0x2, 0x2, 0x0)
close(r4)
r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x161b01, 0x0)
ioctl$TIOCSETD(r5, 0x5423, &(0x7f0000000040)=0xd)
socket$nl_netfilter(0x10, 0x3, 0xc)
write$binfmt_misc(r3, &(0x7f0000000200)=ANY=[], 0xfffffecc)
socket$inet_tcp(0x2, 0x1, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x275a, 0x0)
pselect6(0x40, &(0x7f00000001c0), 0x0, &(0x7f00000002c0)={0x3ff}, 0x0, 0x0)
splice(r2, 0x0, r4, 0x0, 0x4ffe6, 0x0)
ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f00000000c0)={0x1, 0x2, 0x1})
ioctl$vim2m_VIDIOC_EXPBUF(r0, 0xc0405610, &(0x7f0000000040)={0x2, 0x0, 0x0, 0x0, <r6=>0xffffffffffffffff})
ioctl$DMA_BUF_IOCTL_SYNC(r6, 0x40086200, &(0x7f0000000480)=0x7)

914.446938ms ago: executing program 1 (id=3023):
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
syz_usb_control_io$cdc_ncm(0xffffffffffffffff, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(0xffffffffffffffff, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(0xffffffffffffffff, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c}, 0x0, 0x0, 0x0, 0x0})
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000001200)={0x0, 0x0, &(0x7f00000011c0)={&(0x7f0000000b00)=ANY=[@ANYBLOB="300000004a003b8800000000000000000a008000", @ANYBLOB='{'], 0x30}}, 0x0)
syz_usb_control_io$cdc_ncm(0xffffffffffffffff, 0x0, 0x0)
r1 = syz_usb_connect$cdc_ecm(0x4, 0x5c, &(0x7f0000000d00)={{0x12, 0x1, 0x310, 0x2, 0x0, 0x0, 0x10, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x4a, 0x1, 0x1, 0x4, 0x10, 0xc6, [{{0x9, 0x4, 0x0, 0x7f, 0x4, 0x2, 0x6, 0x0, 0x4, {{0xb, 0x24, 0x6, 0x0, 0x0, "549501e87001"}, {0x5, 0x24, 0x0, 0x2}, {0xd, 0x24, 0xf, 0x1, 0x1, 0x0, 0xe32f, 0x2}}, {[{{0x9, 0x5, 0x81, 0x3, 0x40, 0x9, 0x4, 0x7}}], {{0x9, 0x5, 0x82, 0x2, 0x3ff, 0x0, 0x5, 0xca}}, {{0x9, 0x5, 0x3, 0x2, 0x8, 0x24, 0x1, 0x80}}}}}]}}]}}, &(0x7f00000002c0)={0xa, &(0x7f0000000cc0)={0xa, 0x6, 0x110, 0x5, 0xff, 0x94, 0x10, 0x96}, 0x5, &(0x7f00000001c0)={0x5, 0xf, 0x5}, 0x2, [{0xf, &(0x7f0000001080)=@string={0xf, 0x3, "6027b5ce44160ea62a00c5e5d1"}}, {0x4, &(0x7f0000000280)=@lang_id={0x4, 0x3, 0x42a}}]})
syz_usb_control_io(r1, &(0x7f00000005c0)={0x2c, &(0x7f00000003c0)={0x0, 0x7, 0x9a, {0x9a, 0x8, "c19a25e0cc06ea748f994160146ef2aabaab12134722caa148192f2f91e0c60eea42ae625aee4c77307e08e9dc6c57c6d4ab183d47b91bbf27284e8c4ca8fa5b25830c51e7cbd850c670b272a0014539978d91b6ee0dd39a42cb06435f996fb3a5a9e2b5a750d58637c5a30b04a7af3d6e8f706d03021b11d8e8771d71a250df101fd7e4c4e00c3a1548714f5b17392a957a53183f70c158"}}, &(0x7f0000000b00)=ANY=[@ANYBLOB="0003a1000000a10313a97bfcf2deb97a03b6aba1aef0ecf3810e0a83577226e871b7be668fbf049ef3e599d1010baa26135c0ae46574e9fd313836cff2c352c89fbba12e65f6be99ad25256692987ba4c00e98bf354e9b71288290c0828ae8ee4f89edc2569251af9c5455a9a6d3b1ca91586629946e5701ccc7432e2fb349d8e60930d1c55706ec155c65a035b00aa9e6923e9bd117d15276f25575d22e8859469e6b37a8ef84c68ce623aca46fc5c7d2b7a005f7e27196f8a19bf16b18092fac126c3da5094a89ee5dade5fb21b92a39e86bb9baa414b66c85f06f48ee4b4786b95d2a96b3a5a207d20cdda06230dafe997262390929baf26e20a981b8bd40c72fed7bdd2105b01b5b8afed603ef4759612dae14d5265bb9fbddb66299f5dc0c31b1e20f0aa7cbc120070de8b0be29cef284e78e55c36d98e6ba2b719efae12bd95795dec8ac0647c57cf6995447192249ce25ec65407967310ceb07de55b254a6a18efa8df897c94adb046063db6e5c14913ca7a312"], &(0x7f0000000300)={0x0, 0xf, 0x19, {0x5, 0xf, 0x19, 0x1, [@ss_container_id={0x14, 0x10, 0x4, 0xdd, "de6d101f6a0e35b82c8b092d6ec7eb0f"}]}}, &(0x7f0000000540)={0x20, 0x29, 0xf, {0xf, 0x29, 0x0, 0x4, 0x4, 0x9, "cfe9b658", "1ae235e1"}}, &(0x7f0000000580)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x0, 0x8, 0x5, 0x0, 0x6, 0x1ff, 0x7}}}, &(0x7f0000000a40)={0x84, &(0x7f0000000600)=ANY=[], 0x0, &(0x7f00000006c0)={0x0, 0x8, 0x1}, &(0x7f0000000700)={0x20, 0x0, 0x4, {0x3}}, &(0x7f0000000740)={0x20, 0x0, 0x4, {0x140, 0x10}}, 0x0, &(0x7f00000007c0)={0x40, 0x9, 0x1}, &(0x7f0000000800)={0x40, 0xb, 0x2, "8fea"}, &(0x7f0000000840)={0x40, 0xf, 0x2, 0x6}, &(0x7f0000000880)={0x40, 0x13, 0x6, @link_local}, &(0x7f00000008c0)={0x40, 0x17, 0x6, @remote}, &(0x7f0000000900)={0x40, 0x19, 0x2, "23d9"}, &(0x7f0000000940)={0x40, 0x1a, 0x2, 0x8}, &(0x7f0000000980)={0x40, 0x1c, 0x1, 0x6}, &(0x7f00000009c0)={0x40, 0x1e, 0x1, 0x3f}, &(0x7f0000000a00)={0x40, 0x21, 0x1, 0x4}})
r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
accept4(r2, 0x0, 0x0, 0x0)
r3 = openat$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000240), 0x2, 0x0)
open(&(0x7f00009e1000)='./file0\x00', 0x8060, 0x0)
syz_usb_disconnect(r1)
r4 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000002380)={{'fd', 0x3d, r4}, 0x2c, {'rootmode', 0x3d, 0x8000}})
write$FUSE_NOTIFY_STORE(r4, &(0x7f0000000180)={0x29, 0x4, 0x0, {0x1, 0xfffffffff0000000, 0x1, 0x0, [0x0]}}, 0x29)
write$binfmt_misc(r3, &(0x7f00000010c0)={'syz0', "eade60dae9f8f75f93431c53aa65afab0eff51ddaf41ad2401a2d6ae116e44b7a6317bd7caf9fd1e11d34f034ddb6f4793a4379dbd2ba9d773698e45519bfdf704c730b3f8b491bf3f1cd713138d8447ab892232289e90d175625fab82fac1cea3f349462ccf30d5bf66422770262297b419666c6242a6a942917f22b17cfb44a0dfac7a16e89de84077499b208d383db9554be42975a5eb9fbba050b0e121c9df15edf92a7a235c060d3544e371303bd84424"}, 0xb7)
r5 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x4d9, 0xa070, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0)
syz_usb_control_io$hid(r5, 0x0, 0x0)
syz_usb_control_io$hid(r5, &(0x7f0000000e00)={0x24, &(0x7f0000000480)={0x20, 0x6, 0x90, {0x90, 0x3, "d3584b0bf05f49333719724cfad44b016244c4a50823a7c5f43ff39d758a34cb61673dc9653e678acf5faaeb757367dde6f22ed9498e9c7f00ad38ba71d5c875cd5c3a11877d3fbdd31dcae36b23ac4133a01eb7c5d1a5bef77894eefc54db7fc4531cbbd078d721e3a2d334c181fc2de9080aff5ce3eb3e9485d994bd4b99a94c80d9f93c24a927390091a7e4d2"}}, &(0x7f0000000c80)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0xf0ff}}, &(0x7f0000000d80)={0x0, 0x22, 0x16, {[@global=@item_012={0x1, 0x1, 0x5, "03"}, @main=@item_012={0x2, 0x0, 0xb, "eae3"}, @main=@item_4={0x3, 0x0, 0xc}, @global=@item_4={0x3, 0x1, 0x3, "8b396133"}, @global=@item_012={0x1, 0x1, 0x4, "c9"}, @global=@item_4={0x3, 0x1, 0x6, "a58fe856"}]}}, &(0x7f0000000dc0)={0x0, 0x21, 0x9, {0x9, 0x21, 0x100, 0xcb, 0x1, {0x22, 0x45c}}}}, &(0x7f0000001040)={0x2c, &(0x7f0000000e40)={0x0, 0xe, 0x4c, "da7b0dfac84fd7d49cc6e685978ac95567309c4d2d5827a804232ba6c580fda14c9c5052de91247fc1fe8cc74712d3af6ef85a2dae0b3f4b927879a211a007f36401be7a5e0f123e0bca27c8"}, &(0x7f0000000ec0)={0x0, 0xa, 0x1, 0x6}, &(0x7f0000000f00)={0x0, 0x8, 0x1, 0x90}, &(0x7f0000000f40)={0x20, 0x1, 0x75, "ced5af8f9652740880e3a9bcf01447a33d9289f9dcc0882d3ab181ba5b36a1f0bfa2b994f96de42291f8153fd0e8422bb09be72e0a6ca1dbb03537611b146357bde4cce96a1d5b614abe732b2a2db3ff31323844fc691477905683fb04638767495f06c838e47f43f049463068d00102ffa6477235"}, &(0x7f0000001000)={0x20, 0x3, 0x1, 0x5}})
syz_usb_control_io$cdc_ncm(0xffffffffffffffff, &(0x7f0000000000)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r6 = socket(0x840000000002, 0x3, 0x100)
setsockopt$IPT_SO_SET_REPLACE(r6, 0x4000000000000, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x701, 0x3, 0x270, 0x100, 0xba020000, 0x108, 0x100, 0x0, 0x1d8, 0x1c8, 0x1c8, 0x1d8, 0x1c8, 0x3, 0x0, {[{{@ip={@rand_addr, @dev, 0x0, 0x0, 'caif0\x00', 'veth0\x00', {}, {}, 0x32}, 0x0, 0xa0, 0x100, 0x0, {}, [@common=@inet=@esp={{0x30}, {[], 0x2}}]}, @common=@SET={0x60}}, {{@uncond, 0x0, 0xb0, 0xd8, 0x0, {}, [@common=@set={{0x40}}]}, @common=@unspec=@NFQUEUE1={0x28}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x2d0)
socket$xdp(0x2c, 0x3, 0x0)
openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
socket$xdp(0x2c, 0x3, 0x0)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)

755.107361ms ago: executing program 3 (id=3024):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5", 0x4)
r1 = accept4(r0, 0x0, 0x0, 0x0)
sendmmsg$unix(r1, &(0x7f00000072c0)=[{{0x0, 0x0, &(0x7f0000000280), 0x0, &(0x7f0000002640)=[@cred={{0x1c}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0xee01}}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0xee00}}}], 0xc0, 0x20044000}}, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000}}], 0x2, 0x0)

680.336145ms ago: executing program 3 (id=3025):
openat$sysctl(0xffffffffffffff9c, &(0x7f0000001200)='/proc/sys/vm/compact_memory\x00', 0x1, 0x0)
socket$inet6_udplite(0xa, 0x2, 0x88)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000200)=[{{&(0x7f0000000140)={0xa, 0x4e23, 0x0, @remote}, 0x1c, 0x0}}], 0x1, 0x0)
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000180)=@broute={'broute\x00', 0x20, 0x5, 0x92e, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000340], 0x0, &(0x7f0000000040), &(0x7f0000000340)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff01000000110000004800000088a874756e6c300000000000000000000000766c616e3000000000000000000000007465616d5f736c6176655f3000000000767863616e3100000000000000000000000000000000ff00000000ff000000000000ffffffffff00ce0000004e010000960100006367726f75700000000000000000000000000000000000000000000000000000080000000000000005000000000000007374617465000000000000000000000000000000000000000000000000000000080000000000000007000000000000004e46515545554500000000000000000000000000000000000000000000000000080000000000000004000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a310000000000000000000000000000000000000000000000005904000007000000000000004552524f520000000000000000000000000000000000000000000000000000002000000000000000293010464416a5483090745e853ac5a8844a15548469773c057916e257030000000000000000000000000000000000206a0000000000000000000000000000000000000001000000fcffffff02000000050000005e000000001c76657468315f766c616e000000000000697036746e6c3000000000000000000073797a6b616c6c65723000000000000076657468315f746f5f626f6e64000000aaaaaaaaaaaaff00ffff00ffaaaaaaaaaabb0000ff00ff00be000000be000000ee0100006e66616363740000000000000000000000000000000000000000000000000000280000000000000073797a300000000000000000000000000000000000000000000000000000000007000000000000005345434d41524b000000000000000000000000000000000000000000000000000801000000000000010000000080000073797374656d5f753a6f626a6563745f723a73657472616e735f7661725f72756e5f743a73300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000b0000006005776c616e310000000000000000000000766972745f77696669300000000000006e72300000000000000000000000000070696d72656730000000000000000000aaaaaaaaaabb0000ffffff00aaaaaaaaaaaa0000ffffffffce000000ce000000fe000000766c616e000000000000000000000000000000000000000000000000000000000800000000000000040001000a010000706b74747970650000000000000000000000000000000000000000000000000008000000000000000001000000000000434f4e4e5345434d41524b0000000000000000000000000000000000000000000800000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000003000000ffffffff02000000110000000c0000008863766c616e310000000000000000000000636169663000000000000000000000000000000000000000000000000000000076657468300000000000000000000000bbbbbbbbbbbbffffff000000bbbbbbbbbbbb000000ffff00ce000000ce0000001e0100007374617465000000000000000000000000000000000000000000000000000000080000000000000008000000000000003830325f3300000000000000000000000000000000000000000000000000000008000000000000000e00f4500002000049444c4554494d455200000000000000000000000000000000000000000000002800000000000000f9ffffff73797a300000000000000000000000000000000000000000000000000b00000000000000110000003c00000022f076657468305f746f5f687372000000006970766c616e3100000000000000000067656e6576653100000000000000000064766d72703000000000000000000000ffffffffffffff000000ff00000000000000ffffff000000d601000096020000ce020000737461746973746963000000000000000000000000000000000000000000000018000000000000000000010040be0000060000009e0700001758000000000000636f6d6d656e74000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004e464c4f47000000000000000000000000000000000000000000000000000000500000000000000004000000070005000100000086a0ae1ec86958ef8a6a18dba2c26afe089e26f7d09c88fba79903f6cf2f79083d471e6e61608964c050607d24613c3de7f78614bd2e3d21249a66713c677195000000005241544545535400000000000000000000000000000000000000000000000000200000000000000073797a3100000000000000000000000006de0000000000000200000000000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aa4c75545bdf0000fdffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000005000000fcffffff00000000"]}, 0x9a6)
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000000)=[{0x6}]})
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000980), 0xffffffffffffffff)
socket$netlink(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000680)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$ifreq_SIOCGIFINDEX_wireguard(r3, 0x8933, &(0x7f0000000100)={'wg1\x00'})
ioctl$SOUND_MIXER_READ_CAPS(0xffffffffffffffff, 0x805c4d25, 0xfffffffffffffffe)
r4 = syz_open_dev$loop(&(0x7f0000000100), 0x0, 0x0)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.stat\x00', 0x275a, 0x0)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe)
madvise(&(0x7f00007fe000/0x800000)=nil, 0x800000, 0xc)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
r6 = gettid()
process_vm_writev(r6, &(0x7f0000000000)=[{&(0x7f0000000140)=""/247, 0xf7}], 0x1, &(0x7f0000121000)=[{&(0x7f0000217f28)=""/231, 0xe7}], 0x1, 0x0)
mremap(&(0x7f000020e000/0x2000)=nil, 0x2000, 0x400000, 0x3, &(0x7f000082a000/0x400000)=nil)
mremap(&(0x7f00003fd000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f00004d6000/0x2000)=nil)
write$binfmt_aout(r5, &(0x7f0000000140)=ANY=[], 0x1a3)
write$binfmt_misc(r5, &(0x7f0000000040)=ANY=[], 0xe09)
ioctl$LOOP_CONFIGURE(r4, 0x4c0a, &(0x7f00000002c0)={r5, 0x0, {0x2a00, 0x80010000, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea89de2b7fb0a0100000000000000000300", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00"}})
r7 = socket(0x10, 0x3, 0x0)
write(r7, &(0x7f00000000c0)="1c0000001d005f0214fffffffffffff8070000001d00000000000000", 0x1c)
close_range(r1, 0xffffffffffffffff, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_wait_time\x00', 0x275a, 0x0)

301.034919ms ago: executing program 0 (id=3026):
open_tree(0xffffffffffffffff, 0x0, 0x89901)
openat$dsp1(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x402, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x38011, r0, 0x0)
openat$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x3, 0x0, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x300, 0x0)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x4e, 0x0, 0x0)

0s ago: executing program 2 (id=3027):
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x101800, 0x0)
ioctl$TUNSETOFFLOAD(r1, 0xc004743e, 0x20001439)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x1f, 0x4, 0x4, 0x12, 0x0, 0xffffffffffffffff, 0x100, '\x00', 0x0, 0xffffffffffffffff, 0xfffffffc, 0xfffffffd}, 0x48)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000240)={0x0, <r3=>0x0}, &(0x7f0000000280)=0x5)
setreuid(0x0, r3)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0xf, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r4}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x3}, {0x85, 0x0, 0x0, 0x5}}, {}, [], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="580000001400192340834b", 0xb}, {&(0x7f00000002c0)="db6dfa07d8098bd2ced64ad5edc54382ee45da9203efd5732acfcc727b53d3079ed06ecae1342e4ec9c8283311dceddf89948d3ef84ff58ffb015760e03187c365999492cb07f544c5f8e72917b4af1e3e47b4655360c078947e62afae62d2ec31a3e0043a888d2096a4fe21b43cef30a6299fda9e752ea4ac9bd768a5a01356f8f5d1dae5c092d7f0fba15747b05104819751a787c6202cca9911ddff6f00ddc9997b", 0xa3}], 0x100000e0)
r5 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000000c0)=@newlink={0x3c, 0x10, 0x503, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @macsec={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_MACSEC_VALIDATION={0x5, 0xd, 0x3}]}}}]}, 0x3c}}, 0x0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22)
syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0)
r6 = io_uring_setup(0x4011, &(0x7f0000000380)={0x0, 0x6e42, 0x40, 0x2, 0x3d7})
syz_io_uring_setup(0x8a5, &(0x7f0000000080)={0x0, 0xc524, 0x4, 0x0, 0x0, 0x0, r6}, &(0x7f0000000200)=<r7=>0x0, &(0x7f0000000140)=<r8=>0x0)
syz_io_uring_submit(r7, r8, &(0x7f0000000280)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index, 0x0, {0x0, r0}})
r9 = openat$vcs(0xffffffffffffff9c, &(0x7f0000001880), 0x400000, 0x0)
dup(r9)
r10 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r10, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r10, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r10, 0x6, 0x1f, &(0x7f00000001c0), 0x4)
setsockopt$inet6_tcp_TLS_TX(r10, 0x11a, 0x1, &(0x7f0000000140)=@gcm_256={{0x304}, "85406704bbcd6043", "898e9d750bfd000000000400", "a22300", "8ce3a39e3181899b"}, 0x38)
setsockopt$inet6_tcp_TLS_TX(r10, 0x11a, 0x2, &(0x7f0000000280)=@ccm_128={{0x304}, "3a997aae6644173f", "b9c0a8cd2707555d2fd4cc373ac51cf2", "1784fe44", "d3e69d47722a0439"}, 0x28)
ioctl$IOCTL_VMCI_VERSION2(r9, 0x7a7, &(0x7f0000000240)=0x10000)
r11 = socket$rxrpc(0x21, 0x2, 0xa)
sendmmsg(r11, &(0x7f0000000900)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x20}}], 0x1, 0x0)

kernel console output (not intermixed with test programs):


[  679.690405][T14730]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  679.692708][T14730] RIP: 0033:0x7fe953d799f9
[  679.694448][T14730] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  679.702061][T14730] RSP: 002b:00007fe954bb7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  679.705563][T14730] RAX: ffffffffffffffda RBX: 00007fe953f15f80 RCX: 00007fe953d799f9
[  679.708976][T14730] RDX: 0000000020000100 RSI: 0000000000003b70 RDI: 0000000000000003
[  679.712027][T14730] RBP: 00007fe954bb7090 R08: 0000000000000000 R09: 0000000000000000
[  679.715252][T14730] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  679.718302][T14730] R13: 0000000000000000 R14: 00007fe953f15f80 R15: 00007fff665a15e8
[  679.721450][T14730]  </TASK>
[  679.759888][   T39] audit: type=1400 audit(1723599170.608:950): avc:  denied  { remount } for  pid=14731 comm="syz.1.2534" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  679.802096][T14738] FAULT_INJECTION: forcing a failure.
[  679.802096][T14738] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  679.816726][T14738] CPU: 0 UID: 0 PID: 14738 Comm: syz.1.2536 Not tainted 6.11.0-rc3-syzkaller-00010-g6b4aa469f049 #0
[  679.820994][T14738] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  679.825397][T14738] Call Trace:
[  679.826836][T14738]  <TASK>
[  679.828150][T14738]  dump_stack_lvl+0x16c/0x1f0
[  679.830346][T14738]  should_fail_ex+0x497/0x5b0
[  679.832263][T14738]  _copy_to_user+0x30/0xc0
[  679.834286][T14738]  simple_read_from_buffer+0xd0/0x160
[  679.836695][T14738]  proc_fail_nth_read+0x1b0/0x290
[  679.838883][T14738]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  679.842563][T14738]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  679.845488][T14738]  vfs_read+0x1d4/0xbd0
[  679.847378][T14738]  ? __fdget_pos+0xeb/0x180
[  679.849688][T14738]  ? __pfx_vfs_read+0x10/0x10
[  679.851764][T14738]  ? __pfx___mutex_lock+0x10/0x10
[  679.854005][T14738]  ? __fget_files+0x256/0x400
[  679.856000][T14738]  ksys_read+0x12f/0x260
[  679.857544][T14738]  ? __pfx_ksys_read+0x10/0x10
[  679.859376][T14738]  do_syscall_64+0xcd/0x250
[  679.861182][T14738]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  679.863446][T14738] RIP: 0033:0x7fb21bf7843c
[  679.865095][T14738] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8d 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8d 02 00 48
[  679.874034][T14738] RSP: 002b:00007fb21cd40030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  679.877456][T14738] RAX: ffffffffffffffda RBX: 00007fb21c115f80 RCX: 00007fb21bf7843c
[  679.880866][T14738] RDX: 000000000000000f RSI: 00007fb21cd400a0 RDI: 0000000000000004
[  679.884264][T14738] RBP: 00007fb21cd40090 R08: 0000000000000000 R09: 0000000000000000
[  679.887771][T14738] R10: 00000000200004c0 R11: 0000000000000246 R12: 0000000000000001
[  679.891161][T14738] R13: 0000000000000000 R14: 00007fb21c115f80 R15: 00007ffcc147dc98
[  679.895015][T14738]  </TASK>
[  680.340232][T14751] syz.2.2540[14751] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  680.340456][T14751] syz.2.2540[14751] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  680.468185][   T39] audit: type=1326 audit(1723599171.318:951): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14750 comm="syz.2.2540" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f58e67799f9 code=0x0
[  680.903107][T14758] FAULT_INJECTION: forcing a failure.
[  680.903107][T14758] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  680.909553][T14758] CPU: 2 UID: 0 PID: 14758 Comm: syz.0.2542 Not tainted 6.11.0-rc3-syzkaller-00010-g6b4aa469f049 #0
[  680.914315][T14758] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  680.919274][T14758] Call Trace:
[  680.920880][T14758]  <TASK>
[  680.922259][T14758]  dump_stack_lvl+0x16c/0x1f0
[  680.924389][T14758]  should_fail_ex+0x497/0x5b0
[  680.926575][T14758]  _copy_to_user+0x30/0xc0
[  680.928497][T14758]  simple_read_from_buffer+0xd0/0x160
[  680.930784][T14758]  proc_fail_nth_read+0x1b0/0x290
[  680.933058][T14758]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  680.935499][T14758]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  680.937941][T14758]  vfs_read+0x1d4/0xbd0
[  680.940185][T14758]  ? __fdget_pos+0xeb/0x180
[  680.942315][T14758]  ? __pfx_vfs_read+0x10/0x10
[  680.944428][T14758]  ? __pfx___mutex_lock+0x10/0x10
[  680.947636][T14758]  ? __fget_files+0x256/0x400
[  680.953909][T14758]  ksys_read+0x12f/0x260
[  680.956003][T14758]  ? __pfx_ksys_read+0x10/0x10
[  680.958200][T14758]  do_syscall_64+0xcd/0x250
[  680.961022][T14758]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  680.963852][T14758] RIP: 0033:0x7fd892f7843c
[  680.965962][T14758] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8d 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8d 02 00 48
[  680.974727][T14758] RSP: 002b:00007fd893d16030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  680.978717][T14758] RAX: ffffffffffffffda RBX: 00007fd893115f80 RCX: 00007fd892f7843c
[  680.982364][T14758] RDX: 000000000000000f RSI: 00007fd893d160a0 RDI: 0000000000000006
[  680.986210][T14758] RBP: 00007fd893d16090 R08: 0000000000000000 R09: 0000000000000000
[  680.989718][T14758] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  680.993071][T14758] R13: 0000000000000000 R14: 00007fd893115f80 R15: 00007ffc64e64de8
[  680.996792][T14758]  </TASK>
[  681.275891][T14760] sch_fq: defrate 4294967292 ignored.
[  681.534514][T14769] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2545'.
[  681.836583][   T39] audit: type=1326 audit(1723599172.678:952): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14776 comm="syz.3.2546" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe953d799f9 code=0x0
[  682.506424][T14790] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2550'.
[  682.595854][T11001] usb 7-1: new low-speed USB device number 56 using dummy_hcd
[  682.818912][T11001] usb 7-1: config 246 has too many interfaces: 42, using maximum allowed: 32
[  682.822692][T11001] usb 7-1: config 246 descriptor has 1 excess byte, ignoring
[  682.827877][T11001] usb 7-1: config 246 has 1 interface, different from the descriptor's value: 42
[  682.836175][T11001] usb 7-1: config 246 interface 0 altsetting 0 has an endpoint descriptor with address 0x3F, changing to 0xF
[  682.846772][T11001] usb 7-1: config 246 interface 0 altsetting 0 endpoint 0xF has invalid maxpacket 77, setting to 8
[  682.855653][T11001] usb 7-1: config 246 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10
[  682.887228][T11001] usb 7-1: config 246 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  682.902922][T11001] usb 7-1: config 246 has too many interfaces: 42, using maximum allowed: 32
[  682.909130][T11001] usb 7-1: config 246 descriptor has 1 excess byte, ignoring
[  682.917642][T11001] usb 7-1: config 246 has 1 interface, different from the descriptor's value: 42
[  682.929882][T11001] usb 7-1: config 246 interface 0 altsetting 0 has an endpoint descriptor with address 0x3F, changing to 0xF
[  682.940787][T11001] usb 7-1: config 246 interface 0 altsetting 0 endpoint 0xF has invalid maxpacket 77, setting to 8
[  682.955115][T11001] usb 7-1: config 246 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10
[  682.961270][T11001] usb 7-1: config 246 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  682.969983][T11001] usb 7-1: config 246 has too many interfaces: 42, using maximum allowed: 32
[  682.974039][T11001] usb 7-1: config 246 descriptor has 1 excess byte, ignoring
[  682.986522][T11001] usb 7-1: config 246 has 1 interface, different from the descriptor's value: 42
[  683.017186][T11001] usb 7-1: config 246 interface 0 altsetting 0 has an endpoint descriptor with address 0x3F, changing to 0xF
[  683.037465][T11001] usb 7-1: config 246 interface 0 altsetting 0 endpoint 0xF has invalid maxpacket 77, setting to 8
[  683.057560][T11001] usb 7-1: config 246 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10
[  683.069208][T11001] usb 7-1: config 246 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  683.086980][T11001] usb 7-1: string descriptor 0 read error: -22
[  683.089755][T11001] usb 7-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  683.104232][T11001] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  683.169239][T11001] adutux 7-1:246.0: ADU100  now attached to /dev/usb/adutux0
[  683.182613][T14797] FAULT_INJECTION: forcing a failure.
[  683.182613][T14797] name failslab, interval 1, probability 0, space 0, times 0
[  683.208253][T14797] CPU: 3 UID: 0 PID: 14797 Comm: syz.3.2553 Not tainted 6.11.0-rc3-syzkaller-00010-g6b4aa469f049 #0
[  683.212843][T14797] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  683.217388][T14797] Call Trace:
[  683.218938][T14797]  <TASK>
[  683.220266][T14797]  dump_stack_lvl+0x16c/0x1f0
[  683.222385][T14797]  should_fail_ex+0x497/0x5b0
[  683.224436][T14797]  ? fs_reclaim_acquire+0xae/0x160
[  683.226683][T14797]  should_failslab+0xc2/0x120
[  683.228751][T14797]  kmem_cache_alloc_noprof+0x6e/0x2f0
[  683.230989][T14797]  ? security_file_alloc+0x41/0x260
[  683.233237][T14797]  security_file_alloc+0x41/0x260
[  683.235489][T14797]  init_file+0x99/0x260
[  683.237326][T14797]  alloc_empty_file+0x91/0x1e0
[  683.239492][T14797]  path_openat+0xe0/0x2d20
[  683.241423][T14797]  ? hlock_class+0x4e/0x130
[  683.243065][T14797]  ? __lock_acquire+0x1620/0x3cb0
[  683.244802][T14797]  ? __pfx_path_openat+0x10/0x10
[  683.246769][T14797]  ? __pfx___lock_acquire+0x10/0x10
[  683.248716][T14797]  ? find_held_lock+0x2d/0x110
[  683.250800][T14797]  do_filp_open+0x1dc/0x430
[  683.252685][T14797]  ? __pfx_do_filp_open+0x10/0x10
[  683.254651][T14797]  ? find_held_lock+0x2d/0x110
[  683.256753][T14797]  ? _raw_spin_unlock+0x28/0x50
[  683.258761][T14797]  ? alloc_fd+0x2d7/0x6c0
[  683.260459][T14797]  do_sys_openat2+0x17a/0x1e0
[  683.262364][T14797]  ? __pfx_do_sys_openat2+0x10/0x10
[  683.264352][T14797]  __x64_sys_openat+0x175/0x210
[  683.266327][T14797]  ? __pfx___x64_sys_openat+0x10/0x10
[  683.268688][T14797]  ? ksys_write+0x1ab/0x260
[  683.270517][T14797]  do_syscall_64+0xcd/0x250
[  683.272259][T14797]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  683.274777][T14797] RIP: 0033:0x7fe953d78390
[  683.276816][T14797] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 19 8e 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 6c 8e 02 00 8b 44
[  683.285056][T14797] RSP: 002b:00007fe954b95b70 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[  683.288706][T14797] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007fe953d78390
[  683.292212][T14797] RDX: 0000000000000002 RSI: 00007fe954b95c10 RDI: 00000000ffffff9c
[  683.295667][T14797] RBP: 00007fe954b95c10 R08: 0000000000000000 R09: 00007fe954b95987
[  683.299212][T14797] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[  683.302594][T14797] R13: 0000000000000001 R14: 00007fe953f16058 R15: 00007fff665a15e8
[  683.305662][T14797]  </TASK>
[  683.539345][T14804] FAULT_INJECTION: forcing a failure.
[  683.539345][T14804] name failslab, interval 1, probability 0, space 0, times 0
[  683.545757][T14804] CPU: 2 UID: 0 PID: 14804 Comm: syz.0.2556 Not tainted 6.11.0-rc3-syzkaller-00010-g6b4aa469f049 #0
[  683.550349][T14804] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  683.554946][T14804] Call Trace:
[  683.557416][T14804]  <TASK>
[  683.559162][T14804]  dump_stack_lvl+0x16c/0x1f0
[  683.561348][T14804]  should_fail_ex+0x497/0x5b0
[  683.563332][T14804]  ? fs_reclaim_acquire+0xae/0x160
[  683.565300][T14804]  should_failslab+0xc2/0x120
[  683.567133][T14804]  __kmalloc_noprof+0xcb/0x400
[  683.569023][T14804]  fib6_info_alloc+0x40/0x160
[  683.570910][T14804]  ip6_route_info_create+0x337/0x1940
[  683.573338][T14804]  ? ipv6_route_ioctl+0x3d3/0x600
[  683.577422][T14804]  ? __pfx_ip6_route_info_create+0x10/0x10
[  683.580250][T14804]  ip6_route_add+0x26/0x190
[  683.582190][T14804]  ipv6_route_ioctl+0x422/0x600
[  683.584327][T14804]  ? __pfx_ipv6_route_ioctl+0x10/0x10
[  683.586566][T14804]  ? find_held_lock+0x2d/0x110
[  683.588645][T14804]  ? __might_fault+0xe3/0x190
[  683.591059][T14804]  inet6_ioctl+0x269/0x2b0
[  683.593070][T14804]  ? __pfx_inet6_ioctl+0x10/0x10
[  683.595311][T14804]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  683.597933][T14804]  sock_do_ioctl+0x116/0x280
[  683.599741][T14804]  ? __pfx_sock_do_ioctl+0x10/0x10
[  683.601786][T14804]  ? ioctl_has_perm.constprop.0.isra.0+0x2f9/0x470
[  683.604171][T14804]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[  683.607592][T14804]  sock_ioctl+0x22e/0x6c0
[  683.609466][T14804]  ? __pfx_sock_ioctl+0x10/0x10
[  683.611532][T14804]  ? selinux_file_ioctl+0x180/0x270
[  683.613726][T14804]  ? selinux_file_ioctl+0xb4/0x270
[  683.616022][T14804]  ? __pfx_sock_ioctl+0x10/0x10
[  683.618544][T14804]  __x64_sys_ioctl+0x193/0x220
[  683.620444][T14804]  do_syscall_64+0xcd/0x250
[  683.622417][T14804]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  683.624415][T14804] RIP: 0033:0x7fd892f799f9
[  683.626467][T14804] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  683.634807][T14804] RSP: 002b:00007fd893d16038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  683.638349][T14804] RAX: ffffffffffffffda RBX: 00007fd893115f80 RCX: 00007fd892f799f9
[  683.641477][T14804] RDX: 0000000020000540 RSI: 000000000000890b RDI: 0000000000000004
[  683.644542][T14804] RBP: 00007fd893d16090 R08: 0000000000000000 R09: 0000000000000000
[  683.647349][T14804] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  683.650325][T14804] R13: 0000000000000000 R14: 00007fd893115f80 R15: 00007ffc64e64de8
[  683.653922][T14804]  </TASK>
[  683.807905][   T39] audit: type=1400 audit(1723599174.658:953): avc:  denied  { audit_write } for  pid=14814 comm="syz.0.2558" capability=29  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[  684.217258][   T39] audit: type=1326 audit(1723599175.068:954): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14820 comm="syz.1.2560" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb21bf799f9 code=0x0
[  686.318888][ T1380] ieee802154 phy0 wpan0: encryption failed: -22
[  686.775909][T14846] xt_addrtype: input interface limitation not valid in POSTROUTING and OUTPUT
[  686.781916][   T39] audit: type=1400 audit(1723599177.628:955): avc:  denied  { search } for  pid=14845 comm="syz.3.2566" name="/" dev="configfs" ino=3152 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1
[  686.805974][   T39] audit: type=1400 audit(1723599177.628:956): avc:  denied  { read } for  pid=14845 comm="syz.3.2566" name="/" dev="configfs" ino=3152 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1
[  686.826926][   T39] audit: type=1400 audit(1723599177.628:957): avc:  denied  { open } for  pid=14845 comm="syz.3.2566" path="/" dev="configfs" ino=3152 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1
[  687.235515][ T5380] usb 6-1: new full-speed USB device number 38 using dummy_hcd
[  687.341014][  T830] usb 7-1: USB disconnect, device number 56
[  687.461186][ T5380] usb 6-1: config index 0 descriptor too short (expected 156, got 27)
[  687.464929][ T5380] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x87 has an invalid bInterval 0, changing to 10
[  687.504039][ T5380] usb 6-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  687.512631][ T5380] usb 6-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  687.516068][ T5380] usb 6-1: Product: syz
[  687.517878][ T5380] usb 6-1: Manufacturer: syz
[  687.525739][ T5380] usb 6-1: SerialNumber: syz
[  687.548458][ T5380] usb 6-1: config 0 descriptor??
[  687.577223][ T5380] ldusb 6-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  687.581173][   T39] audit: type=1400 audit(1723599178.428:958): avc:  denied  { ioctl } for  pid=14855 comm="syz.2.2570" path="/dev/fb0" dev="devtmpfs" ino=639 ioctlcmd=0x4610 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[  687.587340][ T5380] ldusb 6-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  687.634854][   T39] audit: type=1326 audit(1723599178.478:959): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14858 comm="syz.0.2571" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd892f799f9 code=0x0
[  687.756931][T14850] FAULT_INJECTION: forcing a failure.
[  687.756931][T14850] name failslab, interval 1, probability 0, space 0, times 0
[  687.762778][T14850] CPU: 0 UID: 0 PID: 14850 Comm: syz.1.2568 Not tainted 6.11.0-rc3-syzkaller-00010-g6b4aa469f049 #0
[  687.767603][T14850] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  687.772514][T14850] Call Trace:
[  687.774215][T14850]  <TASK>
[  687.775716][T14850]  dump_stack_lvl+0x16c/0x1f0
[  687.777942][T14850]  should_fail_ex+0x497/0x5b0
[  687.780108][T14850]  ? fs_reclaim_acquire+0xae/0x160
[  687.782223][T14850]  should_failslab+0xc2/0x120
[  687.784322][T14850]  kmem_cache_alloc_noprof+0x6e/0x2f0
[  687.786725][T14850]  ? security_file_alloc+0x41/0x260
[  687.789071][T14850]  security_file_alloc+0x41/0x260
[  687.791364][T14850]  init_file+0x99/0x260
[  687.793215][T14850]  alloc_empty_file+0x91/0x1e0
[  687.795111][T14850]  path_openat+0xe0/0x2d20
[  687.796958][T14850]  ? hlock_class+0x4e/0x130
[  687.798835][T14850]  ? __lock_acquire+0x1620/0x3cb0
[  687.800894][T14850]  ? __pfx_path_openat+0x10/0x10
[  687.803024][T14850]  ? __pfx___lock_acquire+0x10/0x10
[  687.806104][T14850]  ? find_held_lock+0x2d/0x110
[  687.808224][T14850]  do_filp_open+0x1dc/0x430
[  687.810043][T14850]  ? __pfx_do_filp_open+0x10/0x10
[  687.812162][T14850]  ? find_held_lock+0x2d/0x110
[  687.814367][T14850]  ? _raw_spin_unlock+0x28/0x50
[  687.816438][T14850]  ? alloc_fd+0x2d7/0x6c0
[  687.817999][T14850]  do_sys_openat2+0x17a/0x1e0
[  687.819735][T14850]  ? __pfx_do_sys_openat2+0x10/0x10
[  687.822114][T14850]  __x64_sys_openat+0x175/0x210
[  687.824358][T14850]  ? __pfx___x64_sys_openat+0x10/0x10
[  687.827089][T14850]  ? ksys_write+0x1ab/0x260
[  687.829246][T14850]  do_syscall_64+0xcd/0x250
[  687.831244][T14850]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  687.833906][T14850] RIP: 0033:0x7fb21bf78390
[  687.835897][T14850] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 19 8e 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 6c 8e 02 00 8b 44
[  687.844413][T14850] RSP: 002b:00007fb21cd3fb70 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[  687.848541][T14850] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007fb21bf78390
[  687.851884][T14850] RDX: 0000000000000002 RSI: 00007fb21cd3fc10 RDI: 00000000ffffff9c
[  687.855371][T14850] RBP: 00007fb21cd3fc10 R08: 0000000000000000 R09: 00007fb21cd3f987
[  687.858441][T14850] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[  687.861562][T14850] R13: 0000000000000000 R14: 00007fb21c115f80 R15: 00007ffcc147dc98
[  687.864668][T14850]  </TASK>
[  687.874548][   T35] usb 6-1: USB disconnect, device number 38
[  687.880666][   T35] ldusb 6-1:0.0: LD USB Device #0 now disconnected
[  687.977728][T14864] syz.3.2572[14864] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  687.977860][T14864] syz.3.2572[14864] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  688.053635][   T39] audit: type=1326 audit(1723599178.898:960): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14863 comm="syz.3.2572" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe953d799f9 code=0x0
[  688.445989][ T5371] usb 7-1: new high-speed USB device number 57 using dummy_hcd
[  688.585431][T14873] syzkaller1: entered promiscuous mode
[  688.588094][T14873] syzkaller1: entered allmulticast mode
[  688.608241][T14873] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2575'.
[  688.647879][ T5371] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  688.653289][ T5371] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  688.658251][ T5371] usb 7-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[  688.662809][ T5371] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  688.668930][ T5371] usb 7-1: config 0 descriptor??
[  689.078253][T14878] netlink: 'syz.3.2577': attribute type 1 has an invalid length.
[  689.102395][ T5371] cm6533_jd 0003:0D8C:0022.004A: unknown main item tag 0x0
[  689.105954][ T5371] cm6533_jd 0003:0D8C:0022.004A: unknown main item tag 0x0
[  689.109246][ T5371] cm6533_jd 0003:0D8C:0022.004A: unknown main item tag 0x0
[  689.113509][ T5371] cm6533_jd 0003:0D8C:0022.004A: No inputs registered, leaving
[  689.128046][ T5371] cm6533_jd 0003:0D8C:0022.004A: hiddev0,hidraw1: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.2-1/input0
[  689.316616][    T9] usb 7-1: USB disconnect, device number 57
[  689.509077][T14887] mkiss: ax0: crc mode is auto.
[  689.665362][ T5371] usb 8-1: new low-speed USB device number 63 using dummy_hcd
[  689.848025][ T5371] usb 8-1: config 246 has too many interfaces: 42, using maximum allowed: 32
[  689.872391][ T5371] usb 8-1: config 246 descriptor has 1 excess byte, ignoring
[  689.889111][ T5371] usb 8-1: config 246 has 1 interface, different from the descriptor's value: 42
[  689.904120][ T5371] usb 8-1: config 246 interface 0 altsetting 0 has an endpoint descriptor with address 0x3F, changing to 0xF
[  689.934034][ T5371] usb 8-1: config 246 interface 0 altsetting 0 endpoint 0xF has invalid maxpacket 77, setting to 8
[  689.950370][ T5371] usb 8-1: config 246 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10
[  689.957298][ T5371] usb 8-1: config 246 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  689.964876][ T5371] usb 8-1: config 246 has too many interfaces: 42, using maximum allowed: 32
[  689.984840][ T5371] usb 8-1: config 246 descriptor has 1 excess byte, ignoring
[  689.989167][ T5371] usb 8-1: config 246 has 1 interface, different from the descriptor's value: 42
[  689.993214][ T5371] usb 8-1: config 246 interface 0 altsetting 0 has an endpoint descriptor with address 0x3F, changing to 0xF
[  689.999399][ T5371] usb 8-1: config 246 interface 0 altsetting 0 endpoint 0xF has invalid maxpacket 77, setting to 8
[  690.019835][ T5371] usb 8-1: config 246 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10
[  690.029992][ T5371] usb 8-1: config 246 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  690.035444][ T5371] usb 8-1: config 246 has too many interfaces: 42, using maximum allowed: 32
[  690.050142][ T5371] usb 8-1: config 246 descriptor has 1 excess byte, ignoring
[  690.053927][ T5371] usb 8-1: config 246 has 1 interface, different from the descriptor's value: 42
[  690.058915][ T5371] usb 8-1: config 246 interface 0 altsetting 0 has an endpoint descriptor with address 0x3F, changing to 0xF
[  690.132041][ T5371] usb 8-1: config 246 interface 0 altsetting 0 endpoint 0xF has invalid maxpacket 77, setting to 8
[  690.161377][ T5371] usb 8-1: config 246 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10
[  690.171935][ T5371] usb 8-1: config 246 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  690.224077][ T5371] usb 8-1: string descriptor 0 read error: -22
[  690.228223][ T5371] usb 8-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  690.237007][ T5371] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  690.237267][T14896] program syz.2.2581 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  690.264831][ T5371] adutux 8-1:246.0: ADU100  now attached to /dev/usb/adutux0
[  690.346163][T14896] ata1.00: invalid multi_count 32 ignored
[  690.784510][T14911] syz.0.2584[14911] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  690.784896][T14911] syz.0.2584[14911] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  691.064966][T14912] REISERFS warning (device nullb0): sh-2021 reiserfs_fill_super: can not find reiserfs on nullb0
[  691.496387][T14920] syz.0.2585[14920] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  691.496548][T14920] syz.0.2585[14920] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  693.495722][ T5351] Bluetooth: hci18: command 0x0406 tx timeout
[  693.797102][   T39] audit: type=1400 audit(1723599184.638:961): avc:  denied  { connect } for  pid=14959 comm="syz.2.2596" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[  693.855619][   T39] audit: type=1400 audit(1723599184.708:962): avc:  denied  { read } for  pid=14959 comm="syz.2.2596" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[  694.295929][T14403] usb 8-1: USB disconnect, device number 63
[  694.335169][ T7954] usb 7-1: new high-speed USB device number 58 using dummy_hcd
[  694.525846][ T7954] usb 7-1: too many configurations: 9, using maximum allowed: 8
[  694.545939][ T7954] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9
[  694.549791][ T7954] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  694.557662][ T7954] usb 7-1: config 0 interface 0 has no altsetting 0
[  694.561496][ T7954] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9
[  694.565378][ T7954] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  694.569637][ T7954] usb 7-1: config 0 interface 0 has no altsetting 0
[  694.576137][ T7954] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9
[  694.579649][ T7954] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  694.583956][ T7954] usb 7-1: config 0 interface 0 has no altsetting 0
[  694.596519][ T7954] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9
[  694.600285][ T7954] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  694.604779][ T7954] usb 7-1: config 0 interface 0 has no altsetting 0
[  694.620758][ T7954] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9
[  694.624496][ T7954] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  694.629820][ T7954] usb 7-1: config 0 interface 0 has no altsetting 0
[  694.635772][ T7954] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9
[  694.639478][ T7954] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  694.644180][ T7954] usb 7-1: config 0 interface 0 has no altsetting 0
[  694.663026][ T7954] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9
[  694.675387][ T7954] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  694.680213][ T7954] usb 7-1: config 0 interface 0 has no altsetting 0
[  694.684211][ T7954] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9
[  694.695336][ T7954] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  694.699633][ T7954] usb 7-1: config 0 interface 0 has no altsetting 0
[  694.707428][ T7954] usb 7-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e
[  694.711533][ T7954] usb 7-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168
[  694.725266][ T7954] usb 7-1: Product: syz
[  694.727017][ T7954] usb 7-1: Manufacturer: syz
[  694.728868][ T7954] usb 7-1: SerialNumber: syz
[  694.746109][ T7954] usb 7-1: config 0 descriptor??
[  694.776152][ T7954] yurex 7-1:0.0: USB YUREX device now attached to Yurex #0
[  695.715582][T14979] syzkaller1: entered promiscuous mode
[  695.718187][T14979] syzkaller1: entered allmulticast mode
[  695.752652][T14979] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2599'.
[  695.888092][T14987] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2602'.
[  696.397102][   T59] usb 6-1: new high-speed USB device number 39 using dummy_hcd
[  696.479927][T14990] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2603'.
[  696.577252][   T59] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  696.583711][   T59] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  696.594666][   T59] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  696.618558][   T59] usb 6-1: New USB device found, idVendor=04d9, idProduct=a070, bcdDevice= 0.00
[  696.626259][   T59] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  696.642882][   T59] usb 6-1: config 0 descriptor??
[  696.823006][    T9] usb 7-1: USB disconnect, device number 58
[  696.828269][    T9] yurex 7-1:0.0: USB YUREX #0 now disconnected
[  697.073440][   T59] holtek_mouse 0003:04D9:A070.004B: hidraw1: USB HID v0.00 Device [HID 04d9:a070] on usb-dummy_hcd.1-1/input0
[  697.136282][T14997] EXT4-fs warning (device sda1): ext4_resize_fs:2018: can't read last block, resize aborted
[  697.204726][T14999] FAULT_INJECTION: forcing a failure.
[  697.204726][T14999] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  697.212648][T14999] CPU: 1 UID: 0 PID: 14999 Comm: syz.2.2606 Not tainted 6.11.0-rc3-syzkaller-00010-g6b4aa469f049 #0
[  697.217481][T14999] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  697.222136][T14999] Call Trace:
[  697.223587][T14999]  <TASK>
[  697.224871][T14999]  dump_stack_lvl+0x16c/0x1f0
[  697.228421][T14999]  should_fail_ex+0x497/0x5b0
[  697.231528][T14999]  _copy_from_iter+0x2a1/0x1150
[  697.234377][T14999]  ? __alloc_skb+0x1fe/0x380
[  697.236306][T14999]  ? __pfx__copy_from_iter+0x10/0x10
[  697.238539][T14999]  ? __virt_addr_valid+0x5e/0x590
[  697.241273][T14999]  ? __phys_addr_symbol+0x30/0x80
[  697.243381][T14999]  ? __check_object_size+0x497/0x720
[  697.245699][T14999]  netlink_sendmsg+0x813/0xd70
[  697.248328][T14999]  ? __pfx_netlink_sendmsg+0x10/0x10
[  697.249232][T14997] input: syz0 as /devices/virtual/input/input55
[  697.250580][T14999]  ? __import_iovec+0x1fd/0x6e0
[  697.250611][T14999]  ____sys_sendmsg+0xab5/0xc90
[  697.257825][T14999]  ? copy_msghdr_from_user+0x10b/0x160
[  697.260336][T14999]  ? __pfx_____sys_sendmsg+0x10/0x10
[  697.262626][T14999]  ? find_held_lock+0x2d/0x110
[  697.264720][T14999]  ? __pfx___lock_acquire+0x10/0x10
[  697.266931][T14999]  ___sys_sendmsg+0x135/0x1e0
[  697.269195][T14999]  ? __pfx____sys_sendmsg+0x10/0x10
[  697.271475][T14999]  ? ksys_write+0x21c/0x260
[  697.273793][T14999]  ? __fget_light+0x173/0x210
[  697.276751][T14999]  __sys_sendmsg+0x117/0x1f0
[  697.279813][T14999]  ? __pfx___sys_sendmsg+0x10/0x10
[  697.282766][T14999]  do_syscall_64+0xcd/0x250
[  697.284760][T14999]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  697.287665][T14999] RIP: 0033:0x7f58e67799f9
[  697.289675][T14999] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  697.297928][T14999] RSP: 002b:00007f58e74d9038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  697.301334][T14999] RAX: ffffffffffffffda RBX: 00007f58e6915f80 RCX: 00007f58e67799f9
[  697.304309][T14999] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000003
[  697.307355][T14999] RBP: 00007f58e74d9090 R08: 0000000000000000 R09: 0000000000000000
[  697.311179][T14999] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  697.314738][T14999] R13: 0000000000000000 R14: 00007f58e6915f80 R15: 00007ffced7822e8
[  697.318093][T14999]  </TASK>
[  697.333673][   T59] usb 6-1: USB disconnect, device number 39
[  697.605351][T15005] (unnamed net_device) (uninitialized): option arp_validate: invalid value (18446744073709551615)
[  697.964553][    C1] hpet: Lost 1 RTC interrupts
[  697.989189][T15007] kvm: pic: non byte write
[  698.280632][    C1] hpet: Lost 1 RTC interrupts
[  698.368753][T15015] syz.2.2610[15015] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  698.368899][T15015] syz.2.2610[15015] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  698.508374][   T39] audit: type=1326 audit(1723599189.358:963): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15014 comm="syz.2.2610" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f58e67799f9 code=0x0
[  698.758263][   T39] audit: type=1400 audit(1723599189.608:964): avc:  denied  { write } for  pid=15018 comm="syz.0.2611" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  698.794282][   T39] audit: type=1400 audit(1723599189.638:965): avc:  denied  { bind } for  pid=15018 comm="syz.0.2611" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  699.170883][T15026] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2611'.
[  699.347682][ T5351] Bluetooth: hci20: command 0x0406 tx timeout
[  699.535190][ T5342] usb 6-1: new high-speed USB device number 40 using dummy_hcd
[  699.784655][ T5342] usb 6-1: too many configurations: 9, using maximum allowed: 8
[  699.811503][ T5342] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[  699.836293][ T5342] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  699.840680][ T5342] usb 6-1: config 0 interface 0 has no altsetting 0
[  699.863323][ T5342] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[  699.867379][ T5342] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  699.871518][ T5342] usb 6-1: config 0 interface 0 has no altsetting 0
[  699.875941][ T5342] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[  699.882684][ T5342] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  699.887559][ T5342] usb 6-1: config 0 interface 0 has no altsetting 0
[  699.916921][ T5342] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[  699.920913][ T5342] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  699.945138][ T5342] usb 6-1: config 0 interface 0 has no altsetting 0
[  699.965822][ T5342] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[  699.970180][ T5342] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  699.975661][ T5342] usb 6-1: config 0 interface 0 has no altsetting 0
[  699.983947][ T5342] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[  699.988486][ T5342] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  699.993500][ T5342] usb 6-1: config 0 interface 0 has no altsetting 0
[  699.998193][ T5342] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[  700.002405][ T5342] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  700.014132][ T5342] usb 6-1: config 0 interface 0 has no altsetting 0
[  700.026206][ T5342] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[  700.030311][ T5342] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  700.034827][ T5342] usb 6-1: config 0 interface 0 has no altsetting 0
[  700.048264][ T5342] usb 6-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e
[  700.062029][ T5342] usb 6-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168
[  700.070982][ T5342] usb 6-1: Product: syz
[  700.076407][ T5342] usb 6-1: Manufacturer: syz
[  700.079790][ T5342] usb 6-1: SerialNumber: syz
[  700.100086][ T5342] usb 6-1: config 0 descriptor??
[  700.124237][ T5342] yurex 6-1:0.0: USB YUREX device now attached to Yurex #0
[  700.484462][    C1] vkms_vblank_simulate: vblank timer overrun
[  700.485660][    C0] usb 6-1: yurex_control_callback - control failed: -71
[  700.494051][ T5342] usb 6-1: USB disconnect, device number 40
[  700.535195][ T5342] yurex 6-1:0.0: USB YUREX #0 now disconnected
[  701.740268][   T39] audit: type=1400 audit(1723599192.588:966): avc:  denied  { unmount } for  pid=13276 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bpf_t tclass=filesystem permissive=1
[  702.344686][    C1] hpet: Lost 1 RTC interrupts
[  702.808137][T15059] syz.0.2621[15059] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  702.808279][T15059] syz.0.2621[15059] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  702.881543][   T39] audit: type=1326 audit(1723599193.728:967): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15058 comm="syz.0.2621" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd892f799f9 code=0x0
[  702.964995][T15060] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2620'.
[  704.025133][   T39] audit: type=1400 audit(1723599194.868:968): avc:  denied  { bind } for  pid=15066 comm="syz.0.2623" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  704.149356][   T39] audit: type=1326 audit(1723599194.988:969): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15073 comm="syz.2.2626" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f58e67799f9 code=0x0
[  704.306846][T15076] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2625'.
[  704.536009][T15083] syzkaller1: entered promiscuous mode
[  704.539028][T15083] syzkaller1: entered allmulticast mode
[  704.561030][T15083] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2627'.
[  705.986865][T15094] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2631'.
[  705.994230][T15102] syz.1.2632: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz1,mems_allowed=0-1
[  706.077288][T15102] CPU: 2 UID: 0 PID: 15102 Comm: syz.1.2632 Not tainted 6.11.0-rc3-syzkaller-00010-g6b4aa469f049 #0
[  706.081491][T15102] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  706.085518][T15102] Call Trace:
[  706.086963][T15102]  <TASK>
[  706.096364][T15102]  dump_stack_lvl+0x16c/0x1f0
[  706.098513][T15102]  warn_alloc+0x24d/0x3a0
[  706.100527][T15102]  ? __pfx_warn_alloc+0x10/0x10
[  706.102644][T15102]  ? hlock_class+0x4e/0x130
[  706.104486][T15102]  ? stack_depot_save_flags+0x28/0x8f0
[  706.106793][T15102]  ? kasan_save_stack+0x42/0x60
[  706.108770][T15102]  ? kasan_save_stack+0x33/0x60
[  706.110866][T15102]  ? kasan_save_track+0x14/0x30
[  706.112812][T15102]  ? __kasan_kmalloc+0xaa/0xb0
[  706.114913][T15102]  ? xskq_create+0x52/0x1d0
[  706.116921][T15102]  ? xsk_setsockopt+0x757/0xa10
[  706.119142][T15102]  ? __sys_setsockopt+0x1a4/0x270
[  706.121417][T15102]  ? __x64_sys_setsockopt+0xbd/0x160
[  706.123756][T15102]  ? do_syscall_64+0xcd/0x250
[  706.125878][T15102]  __vmalloc_node_range_noprof+0x10b8/0x1520
[  706.128309][T15102]  ? xskq_create+0xfb/0x1d0
[  706.130373][T15102]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  706.133013][T15102]  ? xskq_create+0xfb/0x1d0
[  706.134926][T15102]  vmalloc_user_noprof+0x6b/0x90
[  706.137010][T15102]  ? xskq_create+0xfb/0x1d0
[  706.138900][T15102]  xskq_create+0xfb/0x1d0
[  706.140349][T15102]  xsk_setsockopt+0x757/0xa10
[  706.142327][T15102]  ? __pfx_xsk_setsockopt+0x10/0x10
[  706.144089][T15102]  ? find_held_lock+0x2d/0x110
[  706.145717][T15102]  ? selinux_socket_setsockopt+0x6a/0x80
[  706.148037][T15102]  ? __pfx_xsk_setsockopt+0x10/0x10
[  706.150078][T15102]  do_sock_setsockopt+0x222/0x480
[  706.152103][T15102]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  706.154218][T15102]  ? __fget_light+0x173/0x210
[  706.155997][T15102]  __sys_setsockopt+0x1a4/0x270
[  706.157734][T15102]  ? __pfx___sys_setsockopt+0x10/0x10
[  706.159969][T15102]  __x64_sys_setsockopt+0xbd/0x160
[  706.162104][T15102]  ? do_syscall_64+0x91/0x250
[  706.163972][T15102]  ? lockdep_hardirqs_on+0x7c/0x110
[  706.166092][T15102]  do_syscall_64+0xcd/0x250
[  706.167994][T15102]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  706.170463][T15102] RIP: 0033:0x7fb21bf799f9
[  706.172358][T15102] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  706.179615][T15102] RSP: 002b:00007fb21cd1f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  706.182371][T15102] RAX: ffffffffffffffda RBX: 00007fb21c116058 RCX: 00007fb21bf799f9
[  706.185275][T15102] RDX: 0000000000000002 RSI: 000000000000011b RDI: 0000000000000005
[  706.188088][T15102] RBP: 00007fb21bfe78ee R08: 0000000000000020 R09: 0000000000000000
[  706.190564][T15102] R10: 00000000200000c0 R11: 0000000000000246 R12: 0000000000000000
[  706.193229][T15102] R13: 0000000000000001 R14: 00007fb21c116058 R15: 00007ffcc147dc98
[  706.196591][T15102]  </TASK>
[  706.235147][T15102] Mem-Info:
[  706.236890][T15102] active_anon:3310 inactive_anon:29 isolated_anon:0
[  706.236890][T15102]  active_file:4396 inactive_file:1505 isolated_file:0
[  706.236890][T15102]  unevictable:1768 dirty:312 writeback:0
[  706.236890][T15102]  slab_reclaimable:7730 slab_unreclaimable:123333
[  706.236890][T15102]  mapped:77944 shmem:1801 pagetables:1291
[  706.236890][T15102]  sec_pagetables:340 bounce:0
[  706.236890][T15102]  kernel_misc_reclaimable:0
[  706.236890][T15102]  free:341703 free_pcp:13499 free_cma:0
[  706.265464][T15102] Node 0 active_anon:44kB inactive_anon:380kB active_file:468kB inactive_file:1032kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:222724kB dirty:596kB writeback:0kB shmem:5592kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:14416kB pagetables:4112kB sec_pagetables:1332kB all_unreclaimable? no
[  706.279803][T15102] Node 1 active_anon:6728kB inactive_anon:4kB active_file:16744kB inactive_file:5360kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:88432kB dirty:652kB writeback:0kB shmem:1612kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:880kB pagetables:1052kB sec_pagetables:28kB all_unreclaimable? no
[  706.293902][T15102] Node 0 DMA free:392kB boost:0kB min:328kB low:408kB high:488kB reserved_highatomic:0KB active_anon:20kB inactive_anon:12kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:112kB local_pcp:8kB free_cma:0kB
[  706.313793][T15102] lowmem_reserve[]: 0 1313 0 0 0
[  706.321817][T15102] Node 0 DMA32 free:50064kB boost:0kB min:28924kB low:36152kB high:43380kB reserved_highatomic:14336KB active_anon:0kB inactive_anon:428kB active_file:1096kB inactive_file:404kB unevictable:3536kB writepending:596kB present:2080628kB managed:1372136kB mlocked:0kB bounce:0kB free_pcp:17292kB local_pcp:8092kB free_cma:0kB
[  706.342659][T15102] lowmem_reserve[]: 0 0 0 0 0
[  706.344479][T15102] Node 1 Normal free:1316404kB boost:0kB min:38324kB low:47904kB high:57484kB reserved_highatomic:0KB active_anon:6412kB inactive_anon:4kB active_file:16744kB inactive_file:5360kB unevictable:3536kB writepending:652kB present:2097152kB managed:1781924kB mlocked:0kB bounce:0kB free_pcp:42500kB local_pcp:22148kB free_cma:0kB
[  706.357076][T15102] lowmem_reserve[]: 0 0 0 0 0
[  706.359250][T15102] Node 0 DMA: 2*4kB (U) 8*8kB (U) 0*16kB 11*32kB (U) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 424kB
[  706.364339][T15102] Node 0 DMA32: 174*4kB (UMEH) 137*8kB (UMEH) 81*16kB (UMEH) 210*32kB (UMEH) 161*64kB (UMEH) 61*128kB (UMEH) 25*256kB (UMEH) 9*512kB (M) 7*1024kB (MH) 2*2048kB (M) 0*4096kB = 50192kB
[  706.373525][T15102] Node 1 Normal: 2*4kB (ME) 3*8kB (UM) 3*16kB (ME) 13*32kB (UME) 4*64kB (UE) 59*128kB (UME) 33*256kB (UM) 20*512kB (UM) 5*1024kB (UME) 7*2048kB (UME) 310*4096kB (M) = 1316208kB
[  706.382350][T15102] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  706.386793][T15102] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  706.390995][T15102] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  706.394760][T15102] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  706.399268][T15102] 8421 total pagecache pages
[  706.401365][T15102] 717 pages in swap cache
[  706.403565][T15102] Free swap  = 94388kB
[  706.405915][T15102] Total swap = 124996kB
[  706.407894][T15102] 1048443 pages RAM
[  706.409593][T15102] 0 pages HighMem/MovableOnly
[  706.411362][T15102] 256088 pages reserved
[  706.412960][T15102] 0 pages cma reserved
[  706.456938][   T39] audit: type=1326 audit(1723599197.308:970): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15113 comm="syz.3.2637" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe953d799f9 code=0x0
[  706.486982][T15118] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2638'.
[  706.584017][T15122] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=39 sclass=netlink_route_socket pid=15122 comm=syz.1.2638
[  707.384985][    C1] hpet: Lost 1 RTC interrupts
[  707.854896][T15141] netlink: 129384 bytes leftover after parsing attributes in process `syz.1.2646'.
[  708.159269][T15152] usb 2-1: USB disconnect, device number 2
[  709.142540][T15164] syz.1.2652[15164] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  709.142680][T15164] syz.1.2652[15164] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  709.303833][T15167] syzkaller1: entered promiscuous mode
[  709.311945][T15167] syzkaller1: entered allmulticast mode
[  709.326444][T15167] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2651'.
[  709.391268][T15169] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2653'.
[  710.206747][T15178] FAULT_INJECTION: forcing a failure.
[  710.206747][T15178] name failslab, interval 1, probability 0, space 0, times 0
[  710.215210][T15178] CPU: 3 UID: 0 PID: 15178 Comm: syz.1.2655 Not tainted 6.11.0-rc3-syzkaller-00010-g6b4aa469f049 #0
[  710.219221][T15178] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  710.223231][T15178] Call Trace:
[  710.224528][T15178]  <TASK>
[  710.225684][T15178]  dump_stack_lvl+0x16c/0x1f0
[  710.227541][T15178]  should_fail_ex+0x497/0x5b0
[  710.229355][T15178]  ? fs_reclaim_acquire+0xae/0x160
[  710.231362][T15178]  should_failslab+0xc2/0x120
[  710.233202][T15178]  __kmalloc_node_noprof+0xd1/0x430
[  710.235152][T15178]  ? __kvmalloc_node_noprof+0x9d/0x1a0
[  710.237038][T15178]  __kvmalloc_node_noprof+0x9d/0x1a0
[  710.238917][T15178]  vmemdup_user+0x25/0x100
[  710.240692][T15178]  setxattr_copy+0x148/0x200
[  710.242507][T15178]  __do_sys_fsetxattr+0x185/0x350
[  710.244430][T15178]  ? __pfx___do_sys_fsetxattr+0x10/0x10
[  710.246822][T15178]  ? __mutex_unlock_slowpath+0x164/0x650
[  710.249046][T15178]  ? __pfx_ksys_write+0x10/0x10
[  710.250955][T15178]  do_syscall_64+0xcd/0x250
[  710.252757][T15178]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  710.255025][T15178] RIP: 0033:0x7fb21bf799f9
[  710.256753][T15178] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  710.264093][T15178] RSP: 002b:00007fb21cd40038 EFLAGS: 00000246 ORIG_RAX: 00000000000000be
[  710.264116][T15178] RAX: ffffffffffffffda RBX: 00007fb21c115f80 RCX: 00007fb21bf799f9
[  710.264130][T15178] RDX: 0000000020000040 RSI: 0000000020000100 RDI: 0000000000000005
[  710.264143][T15178] RBP: 00007fb21cd40090 R08: 0000000000000000 R09: 0000000000000000
[  710.275409][T15178] R10: 0000000000000024 R11: 0000000000000246 R12: 0000000000000001
[  710.278540][T15178] R13: 0000000000000000 R14: 00007fb21c115f80 R15: 00007ffcc147dc98
[  710.281606][T15178]  </TASK>
[  711.185735][   T59] usb 8-1: new low-speed USB device number 64 using dummy_hcd
[  711.398712][   T59] usb 8-1: config 246 has too many interfaces: 42, using maximum allowed: 32
[  711.405145][   T59] usb 8-1: config 246 descriptor has 1 excess byte, ignoring
[  711.415173][   T59] usb 8-1: config 246 has 1 interface, different from the descriptor's value: 42
[  711.422347][   T59] usb 8-1: config 246 interface 0 altsetting 0 has an endpoint descriptor with address 0x3F, changing to 0xF
[  711.430491][   T59] usb 8-1: config 246 interface 0 altsetting 0 endpoint 0xF has invalid maxpacket 77, setting to 8
[  711.435356][   T59] usb 8-1: config 246 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10
[  711.440401][   T59] usb 8-1: config 246 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  711.446470][   T59] usb 8-1: config 246 has too many interfaces: 42, using maximum allowed: 32
[  711.455164][   T59] usb 8-1: config 246 descriptor has 1 excess byte, ignoring
[  711.464126][   T59] usb 8-1: config 246 has 1 interface, different from the descriptor's value: 42
[  711.477469][   T59] usb 8-1: config 246 interface 0 altsetting 0 has an endpoint descriptor with address 0x3F, changing to 0xF
[  711.491208][   T59] usb 8-1: config 246 interface 0 altsetting 0 endpoint 0xF has invalid maxpacket 77, setting to 8
[  711.504436][   T59] usb 8-1: config 246 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10
[  711.541631][   T59] usb 8-1: config 246 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  711.560508][   T59] usb 8-1: config 246 has too many interfaces: 42, using maximum allowed: 32
[  711.564384][   T59] usb 8-1: config 246 descriptor has 1 excess byte, ignoring
[  711.569042][   T59] usb 8-1: config 246 has 1 interface, different from the descriptor's value: 42
[  711.572986][   T59] usb 8-1: config 246 interface 0 altsetting 0 has an endpoint descriptor with address 0x3F, changing to 0xF
[  711.583047][   T59] usb 8-1: config 246 interface 0 altsetting 0 endpoint 0xF has invalid maxpacket 77, setting to 8
[  711.589069][   T59] usb 8-1: config 246 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10
[  711.593817][   T59] usb 8-1: config 246 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  711.608413][   T59] usb 8-1: string descriptor 0 read error: -22
[  711.625418][   T59] usb 8-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  711.643526][   T59] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  711.679296][   T59] adutux 8-1:246.0: ADU100  now attached to /dev/usb/adutux0
[  712.370517][T15219] syzkaller1: entered promiscuous mode
[  712.372899][T15219] syzkaller1: entered allmulticast mode
[  712.387726][T15219] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2665'.
[  712.462584][T15220] syzkaller1: entered promiscuous mode
[  712.465048][T15220] syzkaller1: entered allmulticast mode
[  712.485207][T11005] usb 7-1: new high-speed USB device number 59 using dummy_hcd
[  712.494397][T15220] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2666'.
[  712.675706][T11005] usb 7-1: Using ep0 maxpacket: 16
[  712.687652][T11005] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA5, changing to 0x85
[  712.698265][T11005] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 104
[  712.717255][T11005] usb 7-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e
[  712.745237][T11005] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  712.752461][T11005] usb 7-1: Product: syz
[  712.757368][T11005] usb 7-1: Manufacturer: syz
[  712.762518][T11005] usb 7-1: SerialNumber: syz
[  712.777337][T11005] usb 7-1: config 0 descriptor??
[  712.783591][T15208] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  712.792675][T11005] input: syz syz as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:0.0/input/input57
[  712.803273][    C3] usbtouchscreen 7-1:0.0: usbtouch_irq - usb_submit_urb failed with result: -1
[  712.825419][    C3] usbtouchscreen 7-1:0.0: usbtouch_irq - usb_submit_urb failed with result: -1
[  713.117544][ T1798] usb 7-1: USB disconnect, device number 59
[  713.704102][T15229] FAULT_INJECTION: forcing a failure.
[  713.704102][T15229] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  713.710658][T15229] CPU: 2 UID: 0 PID: 15229 Comm: syz.1.2669 Not tainted 6.11.0-rc3-syzkaller-00010-g6b4aa469f049 #0
[  713.715516][T15229] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  713.720134][T15229] Call Trace:
[  713.721599][T15229]  <TASK>
[  713.723002][T15229]  dump_stack_lvl+0x16c/0x1f0
[  713.724977][T15229]  should_fail_ex+0x497/0x5b0
[  713.726740][T15229]  _copy_to_user+0x30/0xc0
[  713.728454][T15229]  simple_read_from_buffer+0xd0/0x160
[  713.730902][T15229]  proc_fail_nth_read+0x1b0/0x290
[  713.733084][T15229]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  713.735461][T15229]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  713.741428][T15229]  vfs_read+0x1d4/0xbd0
[  713.743178][T15229]  ? __fdget_pos+0xeb/0x180
[  713.745274][T15229]  ? __pfx_vfs_read+0x10/0x10
[  713.747461][T15229]  ? __pfx___mutex_lock+0x10/0x10
[  713.749728][T15229]  ? __fget_files+0x256/0x400
[  713.751513][T15229]  ksys_read+0x12f/0x260
[  713.753451][T15229]  ? __pfx_ksys_read+0x10/0x10
[  713.755274][T15229]  do_syscall_64+0xcd/0x250
[  713.756902][T15229]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  713.759279][T15229] RIP: 0033:0x7fb21bf7843c
[  713.761337][T15229] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8d 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8d 02 00 48
[  713.769691][T15229] RSP: 002b:00007fb21cd40030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  713.773502][T15229] RAX: ffffffffffffffda RBX: 00007fb21c115f80 RCX: 00007fb21bf7843c
[  713.776968][T15229] RDX: 000000000000000f RSI: 00007fb21cd400a0 RDI: 0000000000000005
[  713.780446][T15229] RBP: 00007fb21cd40090 R08: 0000000000000000 R09: 0000000000000000
[  713.783557][T15229] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  713.786908][T15229] R13: 0000000000000000 R14: 00007fb21c115f80 R15: 00007ffcc147dc98
[  713.790448][T15229]  </TASK>
[  715.232002][T15247] syzkaller1: entered promiscuous mode
[  715.234865][T15247] syzkaller1: entered allmulticast mode
[  715.282630][T15247] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2675'.
[  715.327617][T11005] usb 7-1: new high-speed USB device number 60 using dummy_hcd
[  715.427648][T15250] syzkaller1: entered promiscuous mode
[  715.429875][T15250] syzkaller1: entered allmulticast mode
[  715.476513][T15250] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2676'.
[  715.511178][T11005] usb 7-1: too many configurations: 9, using maximum allowed: 8
[  715.536203][T11005] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9
[  715.542416][T11005] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  715.557901][T11005] usb 7-1: config 0 interface 0 has no altsetting 0
[  715.562575][T11005] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9
[  715.569200][T11005] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  715.605540][T11005] usb 7-1: config 0 interface 0 has no altsetting 0
[  715.612053][T11005] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9
[  715.616414][T11005] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  715.621146][T11005] usb 7-1: config 0 interface 0 has no altsetting 0
[  715.628678][T11005] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9
[  715.656272][T11005] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  715.672476][T11005] usb 7-1: config 0 interface 0 has no altsetting 0
[  715.694924][T11005] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9
[  715.709064][T11005] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  715.732791][T11005] usb 7-1: config 0 interface 0 has no altsetting 0
[  715.742164][T11005] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9
[  715.751548][T11005] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  715.758830][T11005] usb 7-1: config 0 interface 0 has no altsetting 0
[  715.776937][T11005] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9
[  715.781177][T11005] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  715.794739][T11005] usb 7-1: config 0 interface 0 has no altsetting 0
[  715.814372][T11005] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9
[  715.820109][T11005] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  715.879957][T11005] usb 7-1: config 0 interface 0 has no altsetting 0
[  715.889950][T11005] usb 7-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e
[  715.896920][T11005] usb 7-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168
[  715.904787][T11005] usb 7-1: Product: syz
[  715.904995][ T5381] usb 8-1: USB disconnect, device number 64
[  715.909376][T11005] usb 7-1: Manufacturer: syz
[  715.909394][T11005] usb 7-1: SerialNumber: syz
[  715.920747][T11005] usb 7-1: config 0 descriptor??
[  715.936042][T11005] yurex 7-1:0.0: USB YUREX device now attached to Yurex #1
[  716.186490][  T830] usb 7-1: USB disconnect, device number 60
[  716.191168][  T830] yurex 7-1:0.0: USB YUREX #1 now disconnected
[  716.327732][T15259] FAULT_INJECTION: forcing a failure.
[  716.327732][T15259] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  716.344570][T15259] CPU: 2 UID: 0 PID: 15259 Comm: syz.0.2680 Not tainted 6.11.0-rc3-syzkaller-00010-g6b4aa469f049 #0
[  716.348802][T15259] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  716.353052][T15259] Call Trace:
[  716.354599][T15259]  <TASK>
[  716.356011][T15259]  dump_stack_lvl+0x16c/0x1f0
[  716.358144][T15259]  should_fail_ex+0x497/0x5b0
[  716.360301][T15259]  _copy_from_iter+0x2a1/0x1150
[  716.362513][T15259]  ? __pfx__copy_from_iter+0x10/0x10
[  716.364942][T15259]  ? __virt_addr_valid+0x5e/0x590
[  716.367232][T15259]  ? __phys_addr_symbol+0x30/0x80
[  716.369886][T15259]  ? __check_object_size+0x497/0x720
[  716.372203][T15259]  file_tty_write.constprop.0+0x49f/0x9b0
[  716.374625][T15259]  vfs_write+0x6b6/0x1140
[  716.376713][T15259]  ? __pfx_tty_write+0x10/0x10
[  716.379144][T15259]  ? __pfx_vfs_write+0x10/0x10
[  716.381246][T15259]  ? __fget_files+0x256/0x400
[  716.383251][T15259]  ? __fget_light+0x173/0x210
[  716.385347][T15259]  ksys_write+0x12f/0x260
[  716.387189][T15259]  ? __pfx_ksys_write+0x10/0x10
[  716.389387][T15259]  do_syscall_64+0xcd/0x250
[  716.391469][T15259]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  716.394147][T15259] RIP: 0033:0x7fd892f799f9
[  716.396158][T15259] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  716.404702][T15259] RSP: 002b:00007fd893d16038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  716.408379][T15259] RAX: ffffffffffffffda RBX: 00007fd893115f80 RCX: 00007fd892f799f9
[  716.411883][T15259] RDX: 0000000000001006 RSI: 0000000020002080 RDI: 0000000000000004
[  716.415364][T15259] RBP: 00007fd893d16090 R08: 0000000000000000 R09: 0000000000000000
[  716.418908][T15259] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  716.422650][T15259] R13: 0000000000000000 R14: 00007fd893115f80 R15: 00007ffc64e64de8
[  716.426193][T15259]  </TASK>
[  717.319235][T15269] syz.3.2684[15269] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  717.319380][T15269] syz.3.2684[15269] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  717.503374][   T39] audit: type=1326 audit(1723599208.348:971): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15268 comm="syz.3.2684" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe953d799f9 code=0x0
[  717.998403][   T39] audit: type=1400 audit(1723599208.848:972): avc:  denied  { create } for  pid=15272 comm="syz.1.2685" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[  718.005931][   T39] audit: type=1400 audit(1723599208.848:973): avc:  denied  { write } for  pid=15272 comm="syz.1.2685" path="socket:[69492]" dev="sockfs" ino=69492 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[  718.005986][   T39] audit: type=1400 audit(1723599208.848:974): avc:  denied  { nlmsg_read } for  pid=15272 comm="syz.1.2685" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[  718.088034][T15278] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2685'.
[  718.097135][   T39] audit: type=1400 audit(1723599208.938:975): avc:  denied  { write } for  pid=15272 comm="syz.1.2685" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1
[  718.325228][T15281] FAULT_INJECTION: forcing a failure.
[  718.325228][T15281] name failslab, interval 1, probability 0, space 0, times 0
[  718.330771][T15281] CPU: 0 UID: 0 PID: 15281 Comm: syz.3.2687 Not tainted 6.11.0-rc3-syzkaller-00010-g6b4aa469f049 #0
[  718.335484][T15281] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  718.344599][T15281] Call Trace:
[  718.346063][T15281]  <TASK>
[  718.347397][T15281]  dump_stack_lvl+0x16c/0x1f0
[  718.349318][T15281]  should_fail_ex+0x497/0x5b0
[  718.350974][T15281]  should_failslab+0xc2/0x120
[  718.353047][T15281]  kmem_cache_alloc_noprof+0x6e/0x2f0
[  718.355379][T15281]  ? skb_clone+0x190/0x3f0
[  718.357372][T15281]  skb_clone+0x190/0x3f0
[  718.359249][T15281]  netlink_deliver_tap+0xab3/0xd90
[  718.361519][T15281]  netlink_unicast+0x606/0x830
[  718.363657][T15281]  ? __pfx_netlink_unicast+0x10/0x10
[  718.366000][T15281]  netlink_sendmsg+0x8b8/0xd70
[  718.367964][T15281]  ? __pfx_netlink_sendmsg+0x10/0x10
[  718.370362][T15281]  __sys_sendto+0x47f/0x4e0
[  718.372417][T15281]  ? __pfx___sys_sendto+0x10/0x10
[  718.374658][T15281]  ? ksys_write+0x1ab/0x260
[  718.376793][T15281]  ? __pfx_ksys_write+0x10/0x10
[  718.378940][T15281]  __x64_sys_sendto+0xe0/0x1c0
[  718.381052][T15281]  ? do_syscall_64+0x91/0x250
[  718.383072][T15281]  ? lockdep_hardirqs_on+0x7c/0x110
[  718.385202][T15281]  do_syscall_64+0xcd/0x250
[  718.386945][T15281]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  718.389218][T15281] RIP: 0033:0x7fe953d799f9
[  718.390867][T15281] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  718.398085][T15281] RSP: 002b:00007fe954bb7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  718.401359][T15281] RAX: ffffffffffffffda RBX: 00007fe953f15f80 RCX: 00007fe953d799f9
[  718.404466][T15281] RDX: 0000000000010a63 RSI: 0000000020000000 RDI: 0000000000000003
[  718.407990][T15281] RBP: 00007fe954bb7090 R08: 0000000000000000 R09: 4b6ae4f95a5de35b
[  718.411228][T15281] R10: 0000000000000800 R11: 0000000000000246 R12: 0000000000000001
[  718.414662][T15281] R13: 0000000000000000 R14: 00007fe953f15f80 R15: 00007fff665a15e8
[  718.418167][T15281]  </TASK>
[  718.419632][    C0] vkms_vblank_simulate: vblank timer overrun
[  718.550390][T15283] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2688'.
[  718.776932][T15288] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2689'.
[  719.285786][ T5381] usb 6-1: new high-speed USB device number 41 using dummy_hcd
[  719.468293][ T5381] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  719.475683][ T5381] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  719.485247][ T5381] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  719.501833][ T5381] usb 6-1: New USB device found, idVendor=04d9, idProduct=a070, bcdDevice= 0.00
[  719.506669][ T5381] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  719.507239][T15294] syzkaller1: entered promiscuous mode
[  719.513005][T15294] syzkaller1: entered allmulticast mode
[  719.518929][ T5381] usb 6-1: config 0 descriptor??
[  719.531998][T15295] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2691'.
[  719.695342][T15297] syz.3.2692[15297] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  719.695483][T15297] syz.3.2692[15297] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  719.740550][   T39] audit: type=1326 audit(1723599210.588:976): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15296 comm="syz.3.2692" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe953d799f9 code=0x0
[  719.980839][ T5381] holtek_mouse 0003:04D9:A070.004C: hidraw0: USB HID v0.00 Device [HID 04d9:a070] on usb-dummy_hcd.1-1/input0
[  720.277534][ T7954] usb 6-1: USB disconnect, device number 41
[  720.400562][   T39] audit: type=1326 audit(1723599211.248:977): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15300 comm="syz.0.2693" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd892f799f9 code=0x0
[  720.907487][   T39] audit: type=1400 audit(1723599211.758:978): avc:  denied  { getopt } for  pid=15310 comm="syz.1.2696" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[  721.255429][T15317] md: md0 stopped.
[  721.255877][   T39] audit: type=1400 audit(1723599212.098:979): avc:  denied  { ioctl } for  pid=15316 comm="syz.1.2698" path="/51/file0/file0" dev="fuse" ino=0 ioctlcmd=0x932 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=blk_file permissive=1
[  721.285710][   T39] audit: type=1326 audit(1723599212.128:980): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15321 comm="syz.0.2699" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd892f799f9 code=0x0
[  721.986660][T15331] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  722.040372][T15339] syz.3.2704[15339] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  722.040507][T15339] syz.3.2704[15339] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  722.045969][T15337] syz.2.2703[15337] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  722.050650][T15337] syz.2.2703[15337] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  722.163348][T15341] jfs: Unrecognized mount option "
[  722.163348][T15341] \+" or missing value
[  722.243352][T15344] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2705'.
[  722.658619][T15353] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(5)
[  722.661400][T15353] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  722.667018][T15353] vhci_hcd vhci_hcd.0: Device attached
[  722.675330][T15354] vhci_hcd: connection closed
[  722.677708][   T75] vhci_hcd: stop threads
[  722.683272][   T75] vhci_hcd: release socket
[  722.685279][   T75] vhci_hcd: disconnect device
[  723.382451][T15370] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2712'.
[  723.877260][T15382] syzkaller1: entered promiscuous mode
[  723.881186][T15382] syzkaller1: entered allmulticast mode
[  723.908916][T15382] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2713'.
[  724.234949][T15386] syz.3.2715[15386] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  724.242239][T15386] syz.3.2715[15386] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  724.333183][   T39] kauditd_printk_skb: 3 callbacks suppressed
[  724.333198][   T39] audit: type=1326 audit(1723599215.178:984): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15385 comm="syz.3.2715" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe953d799f9 code=0x0
[  724.577767][T15392] syz.1.2716[15392] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  724.577908][T15392] syz.1.2716[15392] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  724.651630][   T39] audit: type=1326 audit(1723599215.498:985): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15391 comm="syz.1.2716" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb21bf799f9 code=0x0
[  725.150765][T15400] xt_l2tp: v2 doesn't support IP mode
[  725.161645][T15400] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2718'.
[  725.166129][T15400] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2718'.
[  725.187072][T15400] Bluetooth: MGMT ver 1.23
[  725.253682][   T39] audit: type=1400 audit(1723599216.088:986): avc:  denied  { ioctl } for  pid=15401 comm="syz.2.2719" path="socket:[71544]" dev="sockfs" ino=71544 ioctlcmd=0x89e2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[  725.270494][T15405] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_to_hsr, syncid = 0, id = 0
[  725.439976][T15404] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2720'.
[  725.451447][   T39] audit: type=1400 audit(1723599216.298:987): avc:  denied  { read write } for  pid=15411 comm="syz.2.2722" name="vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1
[  725.463427][   T39] audit: type=1400 audit(1723599216.298:988): avc:  denied  { open } for  pid=15411 comm="syz.2.2722" path="/dev/vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1
[  725.825279][   T59] usb 7-1: new high-speed USB device number 61 using dummy_hcd
[  726.015284][   T59] usb 7-1: Using ep0 maxpacket: 8
[  726.020176][   T59] usb 7-1: config 0 has an invalid interface number: 1 but max is 0
[  726.023003][   T59] usb 7-1: config 0 has no interface number 0
[  726.027392][   T59] usb 7-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  726.037681][   T59] usb 7-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  726.046638][   T59] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  726.064777][   T59] usb 7-1: config 0 descriptor??
[  726.080455][   T59] iowarrior 7-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0
[  727.583183][T15440] netlink: 'syz.3.2730': attribute type 4 has an invalid length.
[  727.618503][T15442] syz.0.2731[15442] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  727.618637][T15442] syz.0.2731[15442] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  727.623602][T15440] netlink: 'syz.3.2730': attribute type 4 has an invalid length.
[  727.715834][   T39] audit: type=1326 audit(1723599218.568:989): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15441 comm="syz.0.2731" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd892f799f9 code=0x0
[  727.761859][   T39] audit: type=1400 audit(1723599218.608:990): avc:  denied  { ioctl } for  pid=15438 comm="syz.3.2730" path="socket:[70645]" dev="sockfs" ino=70645 ioctlcmd=0x4944 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1
[  728.402478][    T9] usb 7-1: USB disconnect, device number 61
[  728.410439][    T9] iowarrior 7-1:0.1: I/O-Warror #0 now disconnected
[  729.074015][T15469] syz.3.2737[15469] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  729.074246][T15469] syz.3.2737[15469] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  729.132357][   T39] audit: type=1400 audit(1723599219.978:991): avc:  denied  { write } for  pid=15461 comm="syz.1.2736" name="uhid" dev="devtmpfs" ino=1113 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1
[  729.183336][   T39] audit: type=1326 audit(1723599220.028:992): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15466 comm="syz.3.2737" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe953d799f9 code=0x0
[  729.417573][   T30] kworker/1:0 (30) used greatest stack depth: 20912 bytes left
[  729.494993][   T39] audit: type=1400 audit(1723599220.338:993): avc:  denied  { sqpoll } for  pid=15472 comm="syz.2.2738" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1
[  730.357146][ T1107] bridge0: port 2(bridge_slave_1) entered disabled state
[  730.595947][T15495] syz.1.2743[15495] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  730.598199][T15495] syz.1.2743[15495] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  730.674321][   T39] audit: type=1326 audit(1723599221.518:994): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15494 comm="syz.1.2743" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb21bf799f9 code=0x0
[  731.443599][   T39] audit: type=1400 audit(1723599222.288:995): avc:  denied  { getopt } for  pid=15505 comm="syz.2.2745" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  731.773195][T15518] syzkaller1: entered promiscuous mode
[  731.778098][T15518] syzkaller1: entered allmulticast mode
[  731.860970][T15518] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2748'.
[  732.301030][T15520] FAULT_INJECTION: forcing a failure.
[  732.301030][T15520] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  732.332493][T15520] CPU: 0 UID: 0 PID: 15520 Comm: syz.3.2749 Not tainted 6.11.0-rc3-syzkaller-00010-g6b4aa469f049 #0
[  732.337143][T15520] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  732.341993][T15520] Call Trace:
[  732.343536][T15520]  <TASK>
[  732.344905][T15520]  dump_stack_lvl+0x16c/0x1f0
[  732.347096][T15520]  should_fail_ex+0x497/0x5b0
[  732.349180][T15520]  _copy_to_user+0x30/0xc0
[  732.351224][T15520]  simple_read_from_buffer+0xd0/0x160
[  732.353601][T15520]  proc_fail_nth_read+0x1b0/0x290
[  732.355787][T15520]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  732.358227][T15520]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  732.360560][T15520]  vfs_read+0x1d4/0xbd0
[  732.362462][T15520]  ? __fdget_pos+0xeb/0x180
[  732.364714][T15520]  ? __pfx_vfs_read+0x10/0x10
[  732.366908][T15520]  ? __pfx___mutex_lock+0x10/0x10
[  732.371090][T15520]  ? __fget_files+0x256/0x400
[  732.373033][T15520]  ksys_read+0x12f/0x260
[  732.374812][T15520]  ? __pfx_ksys_read+0x10/0x10
[  732.377260][T15520]  do_syscall_64+0xcd/0x250
[  732.378905][T15520]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  732.381179][T15520] RIP: 0033:0x7fe953d7843c
[  732.382944][T15520] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8d 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8d 02 00 48
[  732.391181][T15520] RSP: 002b:00007fe954bb7030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  732.394823][T15520] RAX: ffffffffffffffda RBX: 00007fe953f15f80 RCX: 00007fe953d7843c
[  732.398266][T15520] RDX: 000000000000000f RSI: 00007fe954bb70a0 RDI: 0000000000000003
[  732.401636][T15520] RBP: 00007fe954bb7090 R08: 0000000000000000 R09: 0000000000000000
[  732.404999][T15520] R10: 0000000000000046 R11: 0000000000000246 R12: 0000000000000001
[  732.408374][T15520] R13: 0000000000000001 R14: 00007fe953f15f80 R15: 00007fff665a15e8
[  732.411545][T15520]  </TASK>
[  732.627378][T15526] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2752'.
[  732.794822][T15531] syzkaller1: entered promiscuous mode
[  732.796982][T15531] syzkaller1: entered allmulticast mode
[  732.825857][T15531] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2753'.
[  733.280592][T15539] bridge0: port 1(bridge_slave_0) entered disabled state
[  733.357690][T15539] bridge_slave_1: left allmulticast mode
[  733.360328][T15539] bridge_slave_1: left promiscuous mode
[  733.375637][T15539] bridge0: port 2(bridge_slave_1) entered disabled state
[  733.537134][T15539] bridge_slave_0: left allmulticast mode
[  733.555609][T15539] bridge_slave_0: left promiscuous mode
[  733.558047][T15539] bridge0: port 1(bridge_slave_0) entered disabled state
[  734.691948][T15563] syz.3.2760[15563] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  734.695704][T15563] syz.3.2760[15563] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  734.841716][T15567] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  734.862748][T15567] IPv6: NLM_F_CREATE should be set when creating new route
[  734.866222][T15567] IPv6: NLM_F_CREATE should be set when creating new route
[  734.869928][T15567] IPv6: NLM_F_CREATE should be set when creating new route
[  734.892159][   T39] audit: type=1326 audit(1723599225.738:996): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15560 comm="syz.3.2760" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe953d799f9 code=0x0
[  735.639123][T15577] SELinux:  Context system_u:object_r:systemd_passwd_agent_exec_t:s0 is not valid (left unmapped).
[  735.655567][   T39] audit: type=1400 audit(1723599226.488:997): avc:  denied  { relabelto } for  pid=15573 comm="syz.2.2763" name="file0" dev="tmpfs" ino=864 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:systemd_passwd_agent_exec_t:s0"
[  735.675190][   T39] audit: type=1400 audit(1723599226.518:998): avc:  denied  { associate } for  pid=15573 comm="syz.2.2763" name="file0" dev="tmpfs" ino=864 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 srawcon="system_u:object_r:systemd_passwd_agent_exec_t:s0"
[  735.897006][T15583] syzkaller1: entered promiscuous mode
[  735.899302][T15583] syzkaller1: entered allmulticast mode
[  735.932334][T15583] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2762'.
[  735.953037][   T39] audit: type=1400 audit(1723599226.798:999): avc:  denied  { rmdir } for  pid=13276 comm="syz-executor" name="file0" dev="tmpfs" ino=864 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:systemd_passwd_agent_exec_t:s0"
[  736.151505][T15589] syz.2.2766: attempt to access beyond end of device
[  736.151505][T15589] nbd2: rw=0, sector=0, nr_sectors = 1 limit=0
[  736.159771][T15589] efs: cannot read volume header
[  737.005413][   T39] audit: type=1400 audit(1723599227.848:1000): avc:  denied  { getopt } for  pid=15594 comm="syz.1.2768" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1
[  737.266582][T15605] syz.2.2772[15605] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  737.266732][T15605] syz.2.2772[15605] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  737.318723][T15607] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2771'.
[  737.367013][   T39] audit: type=1326 audit(1723599228.208:1001): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15604 comm="syz.2.2772" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f58e67799f9 code=0x0
[  737.374200][T15603] syzkaller1: entered promiscuous mode
[  737.379106][T15603] syzkaller1: entered allmulticast mode
[  737.437808][T15603] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2770'.
[  738.121132][T15617] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2774'.
[  738.578734][   T39] audit: type=1400 audit(1723599229.428:1002): avc:  denied  { write } for  pid=15630 comm="syz.0.2778" name="msr" dev="devtmpfs" ino=87 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1
[  738.647503][   T39] audit: type=1400 audit(1723599229.498:1003): avc:  denied  { shutdown } for  pid=15632 comm="syz.0.2779" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1
[  738.680484][   T39] audit: type=1400 audit(1723599229.508:1004): avc:  denied  { read } for  pid=15632 comm="syz.0.2779" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1
[  738.912847][   T39] audit: type=1326 audit(1723599229.758:1005): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15636 comm="syz.0.2780" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd892f799f9 code=0x0
[  739.893352][T15648] syz.1.2784[15648] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  739.893464][T15648] syz.1.2784[15648] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  739.944167][   T39] audit: type=1326 audit(1723599230.788:1006): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15647 comm="syz.1.2784" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb21bf799f9 code=0x0
[  740.174386][T15650] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2785'.
[  741.032945][T15665] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2789'.
[  742.208545][   T39] audit: type=1400 audit(1723599233.058:1007): avc:  denied  { listen } for  pid=15688 comm="syz.1.2795" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[  742.227024][   T39] audit: type=1400 audit(1723599233.058:1008): avc:  denied  { connect } for  pid=15688 comm="syz.1.2795" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[  742.395804][T15694] netdevsim netdevsim2 netdevsim0: set [1, 1] type 2 family 0 port 5 - 0
[  742.398850][T15694] netdevsim netdevsim2 netdevsim1: set [1, 1] type 2 family 0 port 5 - 0
[  742.401810][T15694] netdevsim netdevsim2 netdevsim2: set [1, 1] type 2 family 0 port 5 - 0
[  742.404623][T15694] netdevsim netdevsim2 netdevsim3: set [1, 1] type 2 family 0 port 5 - 0
[  742.432658][T15694] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2796'.
[  742.444433][T15694] netdevsim netdevsim2 netdevsim0: unset [1, 1] type 2 family 0 port 5 - 0
[  742.455683][T15694] netdevsim netdevsim2 netdevsim1: unset [1, 1] type 2 family 0 port 5 - 0
[  742.460457][T15694] netdevsim netdevsim2 netdevsim2: unset [1, 1] type 2 family 0 port 5 - 0
[  742.468662][T15694] netdevsim netdevsim2 netdevsim3: unset [1, 1] type 2 family 0 port 5 - 0
[  742.973110][   T39] audit: type=1400 audit(1723599233.818:1009): avc:  denied  { read write } for  pid=15700 comm="syz.0.2799" name="nullb0" dev="devtmpfs" ino=693 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  743.015409][   T39] audit: type=1400 audit(1723599233.818:1010): avc:  denied  { open } for  pid=15700 comm="syz.0.2799" path="/dev/nullb0" dev="devtmpfs" ino=693 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  743.188293][T15706] FAULT_INJECTION: forcing a failure.
[  743.188293][T15706] name failslab, interval 1, probability 0, space 0, times 0
[  743.232415][T15706] CPU: 3 UID: 0 PID: 15706 Comm: syz.2.2801 Not tainted 6.11.0-rc3-syzkaller-00010-g6b4aa469f049 #0
[  743.236933][T15706] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  743.241733][T15706] Call Trace:
[  743.243298][T15706]  <TASK>
[  743.244658][T15706]  dump_stack_lvl+0x16c/0x1f0
[  743.246901][T15706]  should_fail_ex+0x497/0x5b0
[  743.248989][T15706]  ? fs_reclaim_acquire+0xae/0x160
[  743.251270][T15706]  should_failslab+0xc2/0x120
[  743.253665][T15706]  kmem_cache_alloc_node_noprof+0x71/0x310
[  743.256487][T15706]  ? __alloc_skb+0x2b1/0x380
[  743.258526][T15706]  __alloc_skb+0x2b1/0x380
[  743.260549][T15706]  ? __pfx___alloc_skb+0x10/0x10
[  743.262707][T15706]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  743.265404][T15706]  netlink_alloc_large_skb+0x69/0x130
[  743.267895][T15706]  netlink_sendmsg+0x689/0xd70
[  743.270338][T15706]  ? __pfx_netlink_sendmsg+0x10/0x10
[  743.273169][T15706]  ? __import_iovec+0x1fd/0x6e0
[  743.275739][T15706]  ____sys_sendmsg+0xab5/0xc90
[  743.278295][T15706]  ? copy_msghdr_from_user+0x10b/0x160
[  743.281109][T15706]  ? __pfx_____sys_sendmsg+0x10/0x10
[  743.283531][T15706]  ? find_held_lock+0x2d/0x110
[  743.285790][T15706]  ? __pfx___lock_acquire+0x10/0x10
[  743.288121][T15706]  ___sys_sendmsg+0x135/0x1e0
[  743.290560][T15706]  ? __pfx____sys_sendmsg+0x10/0x10
[  743.293198][T15706]  ? ksys_write+0x21c/0x260
[  743.295421][T15706]  ? __fget_light+0x173/0x210
[  743.297825][T15706]  __sys_sendmsg+0x117/0x1f0
[  743.299911][T15706]  ? __pfx___sys_sendmsg+0x10/0x10
[  743.303017][T15706]  do_syscall_64+0xcd/0x250
[  743.305798][T15706]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  743.308737][T15706] RIP: 0033:0x7f58e67799f9
[  743.310756][T15706] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  743.319109][T15706] RSP: 002b:00007f58e74d9038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  743.323100][T15706] RAX: ffffffffffffffda RBX: 00007f58e6915f80 RCX: 00007f58e67799f9
[  743.326565][T15706] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000003
[  743.329725][T15706] RBP: 00007f58e74d9090 R08: 0000000000000000 R09: 0000000000000000
[  743.332749][T15706] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  743.335751][T15706] R13: 0000000000000000 R14: 00007f58e6915f80 R15: 00007ffced7822e8
[  743.338772][T15706]  </TASK>
[  744.544370][   T59] usb 7-1: new high-speed USB device number 62 using dummy_hcd
[  744.564040][T15740] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2811'.
[  744.758078][   T59] usb 7-1: too many configurations: 9, using maximum allowed: 8
[  744.764006][   T59] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9
[  744.769044][   T59] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  744.792647][   T59] usb 7-1: config 0 interface 0 has no altsetting 0
[  744.814453][   T59] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9
[  744.818820][   T59] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  744.835830][   T59] usb 7-1: config 0 interface 0 has no altsetting 0
[  744.854492][   T59] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9
[  744.862372][   T59] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  744.883958][   T59] usb 7-1: config 0 interface 0 has no altsetting 0
[  744.912349][   T59] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9
[  744.923457][   T59] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  744.936895][   T59] usb 7-1: config 0 interface 0 has no altsetting 0
[  744.941570][   T59] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9
[  744.946142][   T59] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  744.953117][   T59] usb 7-1: config 0 interface 0 has no altsetting 0
[  744.959483][   T59] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9
[  744.963060][   T59] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  744.975922][   T59] usb 7-1: config 0 interface 0 has no altsetting 0
[  744.981702][   T59] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9
[  744.987203][   T59] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  744.992218][   T59] usb 7-1: config 0 interface 0 has no altsetting 0
[  745.029436][   T59] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9
[  745.032639][   T59] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  745.039003][   T59] usb 7-1: config 0 interface 0 has no altsetting 0
[  745.053154][   T59] usb 7-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e
[  745.073050][   T59] usb 7-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168
[  745.080535][   T59] usb 7-1: Product: syz
[  745.083655][   T59] usb 7-1: Manufacturer: syz
[  745.094416][   T59] usb 7-1: SerialNumber: syz
[  745.103309][   T59] usb 7-1: config 0 descriptor??
[  745.134530][   T59] yurex 7-1:0.0: USB YUREX device now attached to Yurex #0
[  745.415571][   T39] audit: type=1326 audit(1723599236.248:1011): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15746 comm="syz.0.2814" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd892f799f9 code=0x0
[  745.457948][    C1] usb 7-1: yurex_control_callback - control failed: -71
[  745.458336][ T5342] usb 7-1: USB disconnect, device number 62
[  745.468038][ T5342] yurex 7-1:0.0: USB YUREX #0 now disconnected
[  746.483770][T15755] netlink: 131280 bytes leftover after parsing attributes in process `syz.3.2816'.
[  746.544179][T15758] 9pnet_fd: Insufficient options for proto=fd
[  746.608850][   T39] audit: type=1400 audit(1723599237.458:1012): avc:  denied  { write } for  pid=15760 comm="syz.1.2819" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  746.628339][   T39] audit: type=1400 audit(1723599237.468:1013): avc:  denied  { bind } for  pid=15760 comm="syz.1.2819" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  747.213570][T15769] syz.0.2821[15769] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  747.213708][T15769] syz.0.2821[15769] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  747.239306][   T39] audit: type=1326 audit(1723599238.088:1014): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15768 comm="syz.0.2821" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd892f799f9 code=0x0
[  747.359915][    C1] vkms_vblank_simulate: vblank timer overrun
[  747.765267][ T1380] ieee802154 phy0 wpan0: encryption failed: -22
[  747.845377][   T39] audit: type=1326 audit(1723599238.678:1015): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15774 comm="syz.1.2823" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb21bf799f9 code=0x0
[  748.883219][T15785] syz.1.2826: attempt to access beyond end of device
[  748.883219][T15785] nbd1: rw=0, sector=0, nr_sectors = 1 limit=0
[  748.892241][T15785] efs: cannot read volume header
[  749.825586][ T5351] Bluetooth: hci19: command 0x0406 tx timeout
[  750.298770][T15802] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  750.394407][T15806] syz.3.2831[15806] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  750.394548][T15806] syz.3.2831[15806] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  750.404634][T15808] syz.2.2833[15808] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  750.409984][T15808] syz.2.2833[15808] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  750.471465][   T39] audit: type=1326 audit(1723599241.318:1016): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15804 comm="syz.3.2831" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe953d799f9 code=0x0
[  750.485955][   T39] audit: type=1326 audit(1723599241.338:1017): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15807 comm="syz.2.2833" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f58e67799f9 code=0x0
[  750.965390][ T1998] usb 5-1: new high-speed USB device number 67 using dummy_hcd
[  751.157711][ T1998] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  751.162423][ T1998] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 3
[  751.168109][ T1998] usb 5-1: New USB device found, idVendor=0489, idProduct=e057, bcdDevice= 0.00
[  751.172354][ T1998] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  751.188539][ T1998] usb 5-1: config 0 descriptor??
[  751.464202][   T39] audit: type=1400 audit(1723599242.308:1018): avc:  denied  { accept } for  pid=15819 comm="syz.3.2836" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  751.831733][ T1998] usb 5-1: Direct firmware load for ar3k/ramps_0xd2b9879d_0.dfu failed with error -2
[  751.845205][ T1998] usb 5-1: Falling back to sysfs fallback for: ar3k/ramps_0xd2b9879d_0.dfu
[  752.085261][  T831] usb 8-1: new high-speed USB device number 65 using dummy_hcd
[  752.148013][T15816] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2834'.
[  752.152438][T15816] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2834'.
[  752.296901][  T831] usb 8-1: too many configurations: 9, using maximum allowed: 8
[  752.302114][  T831] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9
[  752.324137][  T831] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  752.334323][  T831] usb 8-1: config 0 interface 0 has no altsetting 0
[  752.340679][  T831] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9
[  752.344491][  T831] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  752.349167][  T831] usb 8-1: config 0 interface 0 has no altsetting 0
[  752.353555][  T831] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9
[  752.358073][  T831] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  752.375505][  T831] usb 8-1: config 0 interface 0 has no altsetting 0
[  752.384552][  T831] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9
[  752.388175][  T831] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  752.392589][  T831] usb 8-1: config 0 interface 0 has no altsetting 0
[  752.396788][  T831] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9
[  752.400529][  T831] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  752.405706][  T831] usb 8-1: config 0 interface 0 has no altsetting 0
[  752.412372][  T831] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9
[  752.416295][  T831] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  752.421901][  T831] usb 8-1: config 0 interface 0 has no altsetting 0
[  752.426150][  T831] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9
[  752.429810][  T831] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  752.434161][  T831] usb 8-1: config 0 interface 0 has no altsetting 0
[  752.438183][  T831] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9
[  752.441782][  T831] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  752.442189][T15831] syzkaller1: entered promiscuous mode
[  752.449388][T15831] syzkaller1: entered allmulticast mode
[  752.465380][  T831] usb 8-1: config 0 interface 0 has no altsetting 0
[  752.472392][T15831] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2839'.
[  752.474184][T15833] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2840'.
[  752.482101][  T831] usb 8-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e
[  752.500994][  T831] usb 8-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168
[  752.504536][  T831] usb 8-1: Product: syz
[  752.514999][  T831] usb 8-1: Manufacturer: syz
[  752.522269][  T831] usb 8-1: SerialNumber: syz
[  752.525702][  T831] usb 8-1: config 0 descriptor??
[  752.543448][  T831] yurex 8-1:0.0: USB YUREX device now attached to Yurex #0
[  752.868783][    C1] usb 8-1: yurex_control_callback - control failed: -71
[  752.872292][T11001] usb 8-1: USB disconnect, device number 65
[  752.876480][T11001] yurex 8-1:0.0: USB YUREX #0 now disconnected
[  753.005188][  T831] usb 7-1: new high-speed USB device number 63 using dummy_hcd
[  753.189298][  T831] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  753.204024][  T831] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  753.210019][  T831] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  753.220288][  T831] usb 7-1: New USB device found, idVendor=04d9, idProduct=a070, bcdDevice= 0.00
[  753.224619][  T831] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  753.234543][  T831] usb 7-1: config 0 descriptor??
[  753.727129][  T831] holtek_mouse 0003:04D9:A070.004D: hidraw0: USB HID v0.00 Device [HID 04d9:a070] on usb-dummy_hcd.2-1/input0
[  754.001633][ T5342] usb 7-1: USB disconnect, device number 63
[  754.159618][T15850] lo speed is unknown, defaulting to 1000
[  754.168617][T15850] lo speed is unknown, defaulting to 1000
[  754.177722][T15850] lo speed is unknown, defaulting to 1000
[  754.190148][T15850] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  754.213645][T15850] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98
[  754.322392][T15850] lo speed is unknown, defaulting to 1000
[  754.337983][T15850] lo speed is unknown, defaulting to 1000
[  754.341799][T15850] lo speed is unknown, defaulting to 1000
[  754.351550][T15850] lo speed is unknown, defaulting to 1000
[  754.371956][T15850] lo speed is unknown, defaulting to 1000
[  754.381367][T15850] lo speed is unknown, defaulting to 1000
[  754.388841][T15850] lo speed is unknown, defaulting to 1000
[  754.400632][T15850] lo speed is unknown, defaulting to 1000
[  754.407034][T15850] lo speed is unknown, defaulting to 1000
[  754.413192][T15850] lo speed is unknown, defaulting to 1000
[  754.422354][T15850] lo speed is unknown, defaulting to 1000
[  754.428717][T15850] lo speed is unknown, defaulting to 1000
[  754.436299][T15850] lo speed is unknown, defaulting to 1000
[  754.442020][T15850] lo speed is unknown, defaulting to 1000
[  754.448457][T15850] lo speed is unknown, defaulting to 1000
[  754.454608][T15850] lo speed is unknown, defaulting to 1000
[  754.470836][T15850] lo speed is unknown, defaulting to 1000
[  754.506348][T15850] lo speed is unknown, defaulting to 1000
[  754.509521][T15850] lo speed is unknown, defaulting to 1000
[  754.512866][T15850] lo speed is unknown, defaulting to 1000
[  754.518810][T15850] lo speed is unknown, defaulting to 1000
[  754.717247][   T39] audit: type=1400 audit(1723599245.568:1019): avc:  denied  { map } for  pid=15853 comm="syz.2.2846" path="socket:[75432]" dev="sockfs" ino=75432 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  754.767639][   T39] audit: type=1400 audit(1723599245.568:1020): avc:  denied  { read accept } for  pid=15853 comm="syz.2.2846" path="socket:[75432]" dev="sockfs" ino=75432 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  754.800240][   T39] audit: type=1400 audit(1723599245.578:1021): avc:  denied  { append } for  pid=15853 comm="syz.2.2846" name="mice" dev="devtmpfs" ino=862 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1
[  754.826592][   T39] audit: type=1400 audit(1723599245.578:1022): avc:  denied  { ioctl } for  pid=15853 comm="syz.2.2846" path="/dev/input/mice" dev="devtmpfs" ino=862 ioctlcmd=0x640d scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1
[  755.139166][T15856] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2847'.
[  755.967241][T15862] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  755.970720][T15862] IPv6: NLM_F_CREATE should be set when creating new route
[  755.974583][T15862] IPv6: NLM_F_CREATE should be set when creating new route
[  755.978053][T15862] IPv6: NLM_F_CREATE should be set when creating new route
[  757.645851][T15880] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2854'.
[  757.947384][T15889] syzkaller1: entered promiscuous mode
[  757.949825][T15889] syzkaller1: entered allmulticast mode
[  757.996570][T15889] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2855'.
[  759.725357][T15918] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  759.920421][   T39] audit: type=1326 audit(1723599250.768:1023): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15924 comm="syz.2.2865" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f58e67799f9 code=0x0
[  760.023974][T15927] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2866'.
[  760.411607][T15932] syz.1.2867: attempt to access beyond end of device
[  760.411607][T15932] nbd1: rw=0, sector=0, nr_sectors = 1 limit=0
[  760.416684][T15932] efs: cannot read volume header
[  760.515773][  T831] usb 8-1: new high-speed USB device number 66 using dummy_hcd
[  760.618188][   T39] audit: type=1400 audit(1723599251.458:1024): avc:  denied  { ioctl } for  pid=15933 comm="syz.0.2868" path="/dev/usbmon8" dev="devtmpfs" ino=748 ioctlcmd=0x9206 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[  760.708964][  T831] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  760.714781][  T831] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  760.720274][  T831] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  760.737567][  T831] usb 8-1: New USB device found, idVendor=04d9, idProduct=a070, bcdDevice= 0.00
[  760.741247][  T831] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  760.753521][  T831] usb 8-1: config 0 descriptor??
[  761.260557][  T831] holtek_mouse 0003:04D9:A070.004E: hidraw0: USB HID v0.00 Device [HID 04d9:a070] on usb-dummy_hcd.3-1/input0
[  761.294854][T15941] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2870'.
[  761.470083][  T831] usb 8-1: USB disconnect, device number 66
[  763.880085][   T39] audit: type=1400 audit(1723599254.728:1025): avc:  denied  { map } for  pid=15984 comm="syz.2.2884" path="/dev/nullb0" dev="devtmpfs" ino=693 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  763.905183][   T39] audit: type=1400 audit(1723599254.728:1026): avc:  denied  { execute } for  pid=15984 comm="syz.2.2884" path="/dev/nullb0" dev="devtmpfs" ino=693 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  764.107902][T11001] usb 8-1: new low-speed USB device number 67 using dummy_hcd
[  764.316883][T11001] usb 8-1: config 246 has too many interfaces: 42, using maximum allowed: 32
[  764.323315][T11001] usb 8-1: config 246 descriptor has 1 excess byte, ignoring
[  764.353013][T11001] usb 8-1: config 246 has 1 interface, different from the descriptor's value: 42
[  764.357340][T11001] usb 8-1: config 246 interface 0 altsetting 0 has an endpoint descriptor with address 0x3F, changing to 0xF
[  764.363341][T11001] usb 8-1: config 246 interface 0 altsetting 0 endpoint 0xF has invalid maxpacket 77, setting to 8
[  764.369557][T11001] usb 8-1: config 246 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10
[  764.374664][T11001] usb 8-1: config 246 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  764.387601][T11001] usb 8-1: config 246 has too many interfaces: 42, using maximum allowed: 32
[  764.404760][T11001] usb 8-1: config 246 descriptor has 1 excess byte, ignoring
[  764.408111][T11001] usb 8-1: config 246 has 1 interface, different from the descriptor's value: 42
[  764.413104][T11001] usb 8-1: config 246 interface 0 altsetting 0 has an endpoint descriptor with address 0x3F, changing to 0xF
[  764.418457][T11001] usb 8-1: config 246 interface 0 altsetting 0 endpoint 0xF has invalid maxpacket 77, setting to 8
[  764.485977][T11001] usb 8-1: config 246 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10
[  764.587957][T11001] usb 8-1: config 246 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  764.598651][T11001] usb 8-1: config 246 has too many interfaces: 42, using maximum allowed: 32
[  764.603259][T11001] usb 8-1: config 246 descriptor has 1 excess byte, ignoring
[  764.607785][T11001] usb 8-1: config 246 has 1 interface, different from the descriptor's value: 42
[  764.616191][T11001] usb 8-1: config 246 interface 0 altsetting 0 has an endpoint descriptor with address 0x3F, changing to 0xF
[  764.621281][T11001] usb 8-1: config 246 interface 0 altsetting 0 endpoint 0xF has invalid maxpacket 77, setting to 8
[  764.629546][T15997] syz.0.2887: attempt to access beyond end of device
[  764.629546][T15997] nbd0: rw=0, sector=0, nr_sectors = 1 limit=0
[  764.636352][T15997] efs: cannot read volume header
[  764.715989][T11001] usb 8-1: config 246 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10
[  764.723751][T11001] usb 8-1: config 246 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  764.734836][T11001] usb 8-1: string descriptor 0 read error: -22
[  764.739230][T11001] usb 8-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  764.743558][T11001] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  764.785509][T11001] adutux 8-1:246.0: ADU100  now attached to /dev/usb/adutux0
[  766.424310][T16015] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2892'.
[  767.504653][T16027] cgroup: fork rejected by pids controller in /syz1
[  768.529283][ T5381] IPVS: starting estimator thread 0...
[  768.535283][   T35] usb 6-1: new high-speed USB device number 42 using dummy_hcd
[  768.626128][T16139] IPVS: using max 19 ests per chain, 45600 per kthread
[  768.755972][   T35] usb 6-1: New USB device found, idVendor=057c, idProduct=2200, bcdDevice= 3.90
[  768.760310][   T35] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  768.775680][   T35] usb 6-1: config 0 descriptor??
[  768.788540][ T5380] usb 8-1: USB disconnect, device number 67
[  768.810708][   T35] bfusb 6-1:0.0: probe with driver bfusb failed with error -5
[  771.643777][   T39] audit: type=1400 audit(1723599262.488:1027): avc:  denied  { append } for  pid=16179 comm="syz.0.2907" name="ppp" dev="devtmpfs" ino=716 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[  771.879949][   T39] audit: type=1400 audit(1723599262.728:1028): avc:  denied  { bind } for  pid=16184 comm="syz.2.2908" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  771.946817][   T39] audit: type=1400 audit(1723599262.798:1029): avc:  denied  { append } for  pid=16184 comm="syz.2.2908" name="renderD128" dev="devtmpfs" ino=636 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[  772.009701][T16187] syz.2.2909[16187] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  772.009790][T16187] syz.2.2909[16187] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  772.099353][   T39] audit: type=1326 audit(1723599262.948:1030): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16186 comm="syz.2.2909" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f58e67799f9 code=0x0
[  773.127706][T16199] syzkaller1: entered promiscuous mode
[  773.131004][T16199] syzkaller1: entered allmulticast mode
[  773.143682][T16199] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2912'.
[  773.158542][   T39] audit: type=1400 audit(1723599263.998:1031): avc:  denied  { accept } for  pid=16194 comm="syz.3.2911" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  773.167607][   T39] audit: type=1400 audit(1723599264.018:1032): avc:  denied  { bind } for  pid=16194 comm="syz.3.2911" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  773.472629][T16203] syz.0.2913: attempt to access beyond end of device
[  773.472629][T16203] nbd0: rw=0, sector=0, nr_sectors = 1 limit=0
[  773.479104][T16203] efs: cannot read volume header
[  773.546614][T16203] lo speed is unknown, defaulting to 1000
[  775.328146][T16225] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2919'.
[  775.484415][   T39] audit: type=1326 audit(1723599266.328:1033): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16228 comm="syz.2.2921" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f58e67799f9 code=0x0
[  775.501438][T16230] syz.0.2920: attempt to access beyond end of device
[  775.501438][T16230] nbd0: rw=0, sector=0, nr_sectors = 1 limit=0
[  775.507962][T16230] efs: cannot read volume header
[  775.547805][T16230] lo speed is unknown, defaulting to 1000
[  775.835613][  T831] usb 8-1: new high-speed USB device number 68 using dummy_hcd
[  776.066138][  T831] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  776.071278][  T831] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  776.087699][  T831] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  776.093334][  T831] usb 8-1: New USB device found, idVendor=04d9, idProduct=a070, bcdDevice= 0.00
[  776.108210][  T831] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  776.115927][  T831] usb 8-1: config 0 descriptor??
[  776.448149][T16244] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  776.542912][  T831] holtek_mouse 0003:04D9:A070.004F: hidraw0: USB HID v0.00 Device [HID 04d9:a070] on usb-dummy_hcd.3-1/input0
[  776.580996][T16249] syz.0.2926: attempt to access beyond end of device
[  776.580996][T16249] nbd0: rw=0, sector=0, nr_sectors = 1 limit=0
[  776.587330][T16249] efs: cannot read volume header
[  776.632080][T16249] lo speed is unknown, defaulting to 1000
[  776.755347][   T59] usb 8-1: USB disconnect, device number 68
[  777.171538][T16021] usb 6-1: USB disconnect, device number 42
[  777.463782][T16262] syzkaller1: entered promiscuous mode
[  777.466996][T16262] syzkaller1: entered allmulticast mode
[  777.478563][   T39] audit: type=1326 audit(1723599268.328:1034): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16260 comm="syz.3.2930" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe953d799f9 code=0x0
[  777.492697][T16262] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2929'.
[  779.158332][T16278] syz.2.2936: attempt to access beyond end of device
[  779.158332][T16278] nbd2: rw=0, sector=0, nr_sectors = 1 limit=0
[  779.163917][T16278] efs: cannot read volume header
[  779.290123][T16278] lo speed is unknown, defaulting to 1000
[  779.559727][T16283] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2938'.
[  780.164534][   T39] audit: type=1400 audit(1723599271.008:1035): avc:  denied  { write } for  pid=16287 comm="syz.2.2940" name="autofs" dev="devtmpfs" ino=104 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1
[  780.760572][T16306] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  780.764002][T16306] IPv6: NLM_F_CREATE should be set when creating new route
[  780.767325][T16306] IPv6: NLM_F_CREATE should be set when creating new route
[  780.770758][T16306] IPv6: NLM_F_CREATE should be set when creating new route
[  781.444559][T16316] syzkaller1: entered promiscuous mode
[  781.447301][T16316] syzkaller1: entered allmulticast mode
[  781.465652][T16316] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2947'.
[  781.608830][T16318] syz.3.2949[16318] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  781.608972][T16318] syz.3.2949[16318] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  781.707233][   T39] audit: type=1326 audit(1723599272.558:1036): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16317 comm="syz.3.2949" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe953d799f9 code=0x0
[  782.384739][T16333] FAULT_INJECTION: forcing a failure.
[  782.384739][T16333] name failslab, interval 1, probability 0, space 0, times 0
[  782.391200][T16333] CPU: 3 UID: 0 PID: 16333 Comm: syz.1.2952 Not tainted 6.11.0-rc3-syzkaller-00010-g6b4aa469f049 #0
[  782.396127][T16333] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  782.402019][T16333] Call Trace:
[  782.403732][T16333]  <TASK>
[  782.405294][T16333]  dump_stack_lvl+0x16c/0x1f0
[  782.407485][T16333]  should_fail_ex+0x497/0x5b0
[  782.410289][T16333]  should_failslab+0xc2/0x120
[  782.412522][T16333]  kmem_cache_alloc_noprof+0x6e/0x2f0
[  782.415823][T16333]  ? skb_clone+0x190/0x3f0
[  782.418088][T16333]  skb_clone+0x190/0x3f0
[  782.420204][T16333]  netlink_deliver_tap+0xab3/0xd90
[  782.422033][T16333]  netlink_dump+0xb2d/0xcc0
[  782.424185][T16333]  ? __pfx_netlink_dump+0x10/0x10
[  782.427098][T16333]  ? kfree_skbmem+0x10e/0x200
[  782.429858][T16333]  ? kfree_skbmem+0x10e/0x200
[  782.431508][T16333]  netlink_recvmsg+0xa0d/0xf30
[  782.433496][T16333]  ? __pfx_netlink_recvmsg+0x10/0x10
[  782.435517][T16333]  ? find_held_lock+0x2d/0x110
[  782.437562][T16333]  ? security_socket_recvmsg+0x98/0xd0
[  782.440027][T16333]  sock_recvmsg+0x1f6/0x250
[  782.441980][T16333]  ____sys_recvmsg+0x21f/0x6b0
[  782.444117][T16333]  ? __pfx_____sys_recvmsg+0x10/0x10
[  782.446517][T16333]  ? find_held_lock+0x2d/0x110
[  782.448618][T16333]  ___sys_recvmsg+0x115/0x1a0
[  782.450637][T16333]  ? __pfx____sys_recvmsg+0x10/0x10
[  782.453199][T16333]  ? __fget_light+0x173/0x210
[  782.455270][T16333]  __sys_recvmsg+0x114/0x1e0
[  782.457526][T16333]  ? __pfx___sys_recvmsg+0x10/0x10
[  782.459728][T16333]  do_syscall_64+0xcd/0x250
[  782.461820][T16333]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  782.464356][T16333] RIP: 0033:0x7fb21bf799f9
[  782.466228][T16333] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  782.475436][T16333] RSP: 002b:00007fb21cd40038 EFLAGS: 00000246 ORIG_RAX: 000000000000002f
[  782.479363][T16333] RAX: ffffffffffffffda RBX: 00007fb21c115f80 RCX: 00007fb21bf799f9
[  782.482858][T16333] RDX: 0000000000000000 RSI: 0000000020000440 RDI: 0000000000000003
[  782.486133][T16333] RBP: 00007fb21cd40090 R08: 0000000000000000 R09: 0000000000000000
[  782.489509][T16333] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  782.492919][T16333] R13: 0000000000000000 R14: 00007fb21c115f80 R15: 00007ffcc147dc98
[  782.498333][T16333]  </TASK>
[  783.044710][T16352] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  783.838449][    T9] hid-generic 0101:002C:0000.0050: unknown main item tag 0x0
[  783.842169][    T9] hid-generic 0101:002C:0000.0050: unknown main item tag 0x0
[  783.854783][    T9] hid-generic 0101:002C:0000.0050: unknown main item tag 0x0
[  783.861051][    T9] hid-generic 0101:002C:0000.0050: unknown main item tag 0x0
[  783.864498][    T9] hid-generic 0101:002C:0000.0050: unknown main item tag 0x0
[  783.868254][    T9] hid-generic 0101:002C:0000.0050: unknown main item tag 0x0
[  783.871762][    T9] hid-generic 0101:002C:0000.0050: unknown main item tag 0x0
[  783.875356][    T9] hid-generic 0101:002C:0000.0050: unknown main item tag 0x0
[  783.879013][    T9] hid-generic 0101:002C:0000.0050: unknown main item tag 0x0
[  783.884681][    T9] hid-generic 0101:002C:0000.0050: unknown main item tag 0x0
[  783.891138][    T9] hid-generic 0101:002C:0000.0050: unknown main item tag 0x0
[  783.894271][    T9] hid-generic 0101:002C:0000.0050: unknown main item tag 0x0
[  783.897912][    T9] hid-generic 0101:002C:0000.0050: unknown main item tag 0x0
[  783.901370][    T9] hid-generic 0101:002C:0000.0050: unknown main item tag 0x0
[  783.904646][    T9] hid-generic 0101:002C:0000.0050: unknown main item tag 0x0
[  783.908327][    T9] hid-generic 0101:002C:0000.0050: unknown main item tag 0x0
[  783.911502][    T9] hid-generic 0101:002C:0000.0050: unknown main item tag 0x0
[  783.937612][    T9] hid-generic 0101:002C:0000.0050: unknown main item tag 0x0
[  783.940823][    T9] hid-generic 0101:002C:0000.0050: unknown main item tag 0x0
[  783.966587][    T9] hid-generic 0101:002C:0000.0050: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[  784.115252][ T5399] usb 6-1: new high-speed USB device number 43 using dummy_hcd
[  784.325919][ T5399] usb 6-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  784.329914][ T5399] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  784.333051][ T5399] usb 6-1: Product: syz
[  784.334853][ T5399] usb 6-1: Manufacturer: syz
[  784.339764][ T5399] usb 6-1: SerialNumber: syz
[  784.377657][ T5399] usb 6-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  784.491833][ T7954] usb 6-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  784.781652][   T39] audit: type=1400 audit(1723599275.628:1037): avc:  denied  { create } for  pid=16372 comm="syz.0.2966" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_connector_socket permissive=1
[  785.576565][ T7954] ath9k_htc 6-1:1.0: ath9k_htc: Target is unresponsive
[  785.580223][ T7954] ath9k_htc: Failed to initialize the device
[  785.634751][ T7954] usb 6-1: ath9k_htc: USB layer deinitialized
[  785.780371][T16021] usb 6-1: USB disconnect, device number 43
[  786.104469][T16387] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  786.820895][T16391] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2969'.
[  787.149623][T16401] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2972'.
[  787.959386][T16432] syz.0.2976[16432] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  787.959601][T16432] syz.0.2976[16432] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  788.018594][   T39] audit: type=1326 audit(1723599278.868:1038): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16417 comm="syz.0.2976" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd892f799f9 code=0x0
[  788.091226][T16416] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2975'.
[  788.213711][T16528] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  788.217055][T16528] IPv6: NLM_F_CREATE should be set when creating new route
[  788.220194][T16528] IPv6: NLM_F_CREATE should be set when creating new route
[  788.223303][T16528] IPv6: NLM_F_CREATE should be set when creating new route
[  789.715197][T11001] usb 6-1: new high-speed USB device number 44 using dummy_hcd
[  790.045635][T11001] usb 6-1: New USB device found, idVendor=057c, idProduct=2200, bcdDevice= 3.90
[  790.049691][T11001] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  790.056062][T11001] usb 6-1: config 0 descriptor??
[  790.145781][T11001] bfusb 6-1:0.0: probe with driver bfusb failed with error -5
[  790.347504][T16560] syzkaller1: entered promiscuous mode
[  790.350075][T16560] syzkaller1: entered allmulticast mode
[  790.362477][T16560] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2986'.
[  790.415270][T16561] syzkaller1: entered promiscuous mode
[  790.417730][T16561] syzkaller1: entered allmulticast mode
[  790.437855][T16561] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2987'.
[  791.251045][T16568] syz.0.2989: attempt to access beyond end of device
[  791.251045][T16568] nbd0: rw=0, sector=0, nr_sectors = 1 limit=0
[  791.260429][T16568] efs: cannot read volume header
[  791.421157][T16568] lo speed is unknown, defaulting to 1000
[  791.610730][   T39] audit: type=1326 audit(1723599282.458:1039): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16569 comm="syz.3.2990" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe953d799f9 code=0x0
[  793.165364][   T39] audit: type=1400 audit(1723599283.988:1040): avc:  denied  { bind } for  pid=16587 comm="syz.3.2996" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  793.361350][  T830] usb 6-1: USB disconnect, device number 44
[  793.366647][T16595] syzkaller1: entered promiscuous mode
[  793.372428][T16595] syzkaller1: entered allmulticast mode
[  793.384759][T16595] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2997'.
[  793.404747][T16593] PKCS7: Unknown OID: [4] 5.25.264.112.81.102.117
[  793.408957][T16593] PKCS7: Only support pkcs7_signedData type
[  793.542978][   T39] audit: type=1400 audit(1723599284.388:1041): avc:  denied  { setattr } for  pid=16596 comm="syz.1.2998" path="/dev/dlm_plock" dev="devtmpfs" ino=102 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  793.635605][   T39] audit: type=1400 audit(1723599284.488:1042): avc:  denied  { create } for  pid=16596 comm="syz.1.2998" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  793.810312][T16591] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0
[  794.377372][T16605] syz.1.3000: attempt to access beyond end of device
[  794.377372][T16605] nbd1: rw=0, sector=0, nr_sectors = 1 limit=0
[  794.384748][T16605] efs: cannot read volume header
[  794.684951][T16605] lo speed is unknown, defaulting to 1000
[  795.330554][T16622] syzkaller1: entered promiscuous mode
[  795.332943][T16622] syzkaller1: entered allmulticast mode
[  795.351013][T16622] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3005'.
[  795.891990][T16632] syz.0.3009[16632] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  795.892132][T16632] syz.0.3009[16632] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  796.019176][   T39] audit: type=1326 audit(1723599286.868:1043): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16631 comm="syz.0.3009" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd892f799f9 code=0x0
[  796.972415][T16655] syz.0.3014: attempt to access beyond end of device
[  796.972415][T16655] nbd0: rw=0, sector=0, nr_sectors = 1 limit=0
[  796.978523][T16655] efs: cannot read volume header
[  797.128547][T16655] lo speed is unknown, defaulting to 1000
[  797.486089][T16660] trusted_key: syz.0.3015 sent an empty control message without MSG_MORE.
[  797.560335][   T39] audit: type=1326 audit(1723599288.408:1044): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16661 comm="syz.0.3016" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd892f799f9 code=0x0
[  798.472939][T16674] syz.0.3020[16674] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  798.473058][T16674] syz.0.3020[16674] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  798.541043][   T39] audit: type=1326 audit(1723599289.388:1045): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16673 comm="syz.0.3020" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd892f799f9 code=0x0
[  798.889024][T16682] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3023'.
[  799.076817][   T39] audit: type=1326 audit(1723599289.928:1046): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16687 comm="syz.3.3025" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe953d799f9 code=0x0
[  799.397694][T11001] usb 6-1: new high-speed USB device number 45 using dummy_hcd
[  799.597363][T11001] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  799.625998][T11001] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  799.631113][T11001] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  799.645499][T11001] usb 6-1: New USB device found, idVendor=04d9, idProduct=a070, bcdDevice= 0.00
[  799.650118][T11001] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  799.667765][T11001] usb 6-1: config 0 descriptor??
[  799.808249][   T67] BUG: sleeping function called from invalid context at kernel/locking/mutex.c:585
[  799.813797][   T67] in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 67, name: kworker/u33:0
[  799.821889][   T67] preempt_count: 0, expected: 0
[  799.823925][   T67] RCU nest depth: 1, expected: 0
[  799.827445][   T67] 4 locks held by kworker/u33:0/67:
[  799.829808][   T67]  #0: ffff88802eda7148 ((wq_completion)hci18#2){+.+.}-{0:0}, at: process_one_work+0x1277/0x1b40
[  799.833619][   T67]  #1: ffffc90000d47d80 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work+0x921/0x1b40
[  799.838693][   T67]  #2: ffff88803ca88078 (&hdev->lock){+.+.}-{3:3}, at: hci_le_create_big_complete_evt+0xde/0xb30
[  799.844016][   T67]  #3: ffffffff8ddb5ce0 (rcu_read_lock){....}-{1:2}, at: hci_le_create_big_complete_evt+0x100/0xb30
[  799.849469][   T67] CPU: 0 UID: 0 PID: 67 Comm: kworker/u33:0 Not tainted 6.11.0-rc3-syzkaller-00010-g6b4aa469f049 #0
[  799.854856][   T67] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  799.859625][   T67] Workqueue: hci18 hci_rx_work
[  799.861995][   T67] Call Trace:
[  799.863629][   T67]  <TASK>
[  799.865131][   T67]  dump_stack_lvl+0x16c/0x1f0
[  799.867555][   T67]  __might_resched+0x3c0/0x5e0
[  799.869903][   T67]  ? __pfx___might_resched+0x10/0x10
[  799.873596][   T67]  ? __pfx___lock_acquire+0x10/0x10
[  799.877957][   T67]  ? rcu_is_watching+0x12/0xc0
[  799.880314][   T67]  __mutex_lock+0xe2/0x9c0
[  799.882337][   T67]  ? hci_le_create_big_complete_evt+0x387/0xb30
[  799.884894][   T67]  ? __pfx___mutex_lock+0x10/0x10
[  799.886576][   T67]  ? __pfx_lock_acquire+0x10/0x10
[  799.888583][   T67]  ? find_held_lock+0x2d/0x110
[  799.890567][   T67]  ? hci_event_packet+0x438/0x1180
[  799.892845][   T67]  ? __pfx_lock_release+0x10/0x10
[  799.895544][   T67]  ? hci_le_create_big_complete_evt+0x387/0xb30
[  799.898740][   T67]  hci_le_create_big_complete_evt+0x387/0xb30
[  799.901439][   T67]  ? __mutex_unlock_slowpath+0x164/0x650
[  799.903966][   T67]  ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[  799.907400][   T67]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  799.910156][   T67]  ? skb_pull_data+0x166/0x210
[  799.912375][   T67]  hci_le_meta_evt+0x2e2/0x5d0
[  799.915073][   T67]  ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[  799.918197][   T67]  hci_event_packet+0x666/0x1180
[  799.920511][   T67]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  799.922868][   T67]  ? __pfx_hci_event_packet+0x10/0x10
[  799.925836][   T67]  ? mark_held_locks+0x9f/0xe0
[  799.928339][   T67]  ? kcov_remote_start+0x3cf/0x6e0
[  799.930624][   T67]  ? lockdep_hardirqs_on+0x7c/0x110
[  799.933277][   T67]  hci_rx_work+0x2c6/0x1610
[  799.935507][   T67]  process_one_work+0x9c5/0x1b40
[  799.938056][   T67]  ? __pfx_lock_acquire+0x10/0x10
[  799.940305][   T67]  ? __pfx_process_one_work+0x10/0x10
[  799.942920][   T67]  ? assign_work+0x1a0/0x250
[  799.944871][   T67]  worker_thread+0x6c8/0xf20
[  799.947187][   T67]  ? __pfx_worker_thread+0x10/0x10
[  799.949910][   T67]  kthread+0x2c1/0x3a0
[  799.952096][   T67]  ? _raw_spin_unlock_irq+0x23/0x50
[  799.954891][   T67]  ? __pfx_kthread+0x10/0x10
[  799.957427][   T67]  ret_from_fork+0x45/0x80
[  799.959585][   T67]  ? __pfx_kthread+0x10/0x10
[  799.961725][   T67]  ret_from_fork_asm+0x1a/0x30
[  799.963865][   T67]  </TASK>
[  799.972226][   T67] 
[  799.973330][   T67] =============================
[  799.975716][   T67] [ BUG: Invalid wait context ]
[  799.978310][   T67] 6.11.0-rc3-syzkaller-00010-g6b4aa469f049 #0 Tainted: G        W         
[  799.982768][   T67] -----------------------------
[  799.984978][   T67] kworker/u33:0/67 is trying to lock:
[  799.987306][   T67] ffffffff8fc865a8 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_le_create_big_complete_evt+0x387/0xb30
[  799.999114][   T67] other info that might help us debug this:
[  800.002360][   T67] context-{4:4}
[  800.004317][   T67] 4 locks held by kworker/u33:0/67:
[  800.008193][   T67]  #0: ffff88802eda7148 ((wq_completion)hci18#2){+.+.}-{0:0}, at: process_one_work+0x1277/0x1b40
[  800.013658][   T67]  #1: ffffc90000d47d80 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work+0x921/0x1b40
[  800.019201][   T67]  #2: ffff88803ca88078 (&hdev->lock){+.+.}-{3:3}, at: hci_le_create_big_complete_evt+0xde/0xb30
[  800.025206][   T67]  #3: ffffffff8ddb5ce0 (rcu_read_lock){....}-{1:2}, at: hci_le_create_big_complete_evt+0x100/0xb30
[  800.030793][   T67] stack backtrace:
[  800.032859][   T67] CPU: 0 UID: 0 PID: 67 Comm: kworker/u33:0 Tainted: G        W          6.11.0-rc3-syzkaller-00010-g6b4aa469f049 #0
[  800.039148][   T67] Tainted: [W]=WARN
[  800.040872][   T67] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  800.045754][   T67] Workqueue: hci18 hci_rx_work
[  800.048162][   T67] Call Trace:
[  800.049691][   T67]  <TASK>
[  800.051093][   T67]  dump_stack_lvl+0x116/0x1f0
[  800.053068][   T67]  __lock_acquire+0x13cc/0x3cb0
[  800.055317][   T67]  ? __pfx___lock_acquire+0x10/0x10
[  800.057836][   T67]  ? irqentry_exit+0x3b/0x90
[  800.060079][   T67]  ? lockdep_hardirqs_on+0x7c/0x110
[  800.062385][   T67]  lock_acquire+0x1b1/0x560
[  800.064801][   T67]  ? hci_le_create_big_complete_evt+0x387/0xb30
[  800.068164][   T67]  ? __pfx_lock_acquire+0x10/0x10
[  800.070897][   T67]  ? dump_stack_lvl+0x1a3/0x1f0
[  800.074094][   T67]  ? add_taint+0x5f/0xd0
[  800.076554][   T67]  ? __might_resched+0x3cc/0x5e0
[  800.078893][   T67]  ? __pfx___might_resched+0x10/0x10
[  800.081230][   T67]  ? __pfx___lock_acquire+0x10/0x10
[  800.083415][   T67]  __mutex_lock+0x175/0x9c0
[  800.085261][   T67]  ? hci_le_create_big_complete_evt+0x387/0xb30
[  800.088136][   T67]  ? hci_le_create_big_complete_evt+0x387/0xb30
[  800.090888][   T67]  ? __pfx___mutex_lock+0x10/0x10
[  800.092897][   T67]  ? __pfx_lock_acquire+0x10/0x10
[  800.094898][   T67]  ? find_held_lock+0x2d/0x110
[  800.097888][   T67]  ? hci_event_packet+0x438/0x1180
[  800.100929][   T67]  ? __pfx_lock_release+0x10/0x10
[  800.103431][   T67]  ? hci_le_create_big_complete_evt+0x387/0xb30
[  800.106388][   T67]  hci_le_create_big_complete_evt+0x387/0xb30
[  800.109637][   T67]  ? __mutex_unlock_slowpath+0x164/0x650
[  800.112316][   T67]  ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[  800.115307][   T67]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  800.118368][   T67]  ? skb_pull_data+0x166/0x210
[  800.121887][   T67]  hci_le_meta_evt+0x2e2/0x5d0
[  800.124713][   T67]  ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[  800.128586][   T67]  hci_event_packet+0x666/0x1180
[  800.131144][   T67]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  800.133630][   T67]  ? __pfx_hci_event_packet+0x10/0x10
[  800.136245][   T67]  ? mark_held_locks+0x9f/0xe0
[  800.138705][   T67]  ? kcov_remote_start+0x3cf/0x6e0
[  800.141099][   T67]  ? lockdep_hardirqs_on+0x7c/0x110
[  800.143545][   T67]  hci_rx_work+0x2c6/0x1610
[  800.145782][   T67]  process_one_work+0x9c5/0x1b40
[  800.148306][   T67]  ? __pfx_lock_acquire+0x10/0x10
[  800.150728][   T67]  ? __pfx_process_one_work+0x10/0x10
[  800.153363][   T67]  ? assign_work+0x1a0/0x250
[  800.156024][   T67]  worker_thread+0x6c8/0xf20
[  800.158649][   T67]  ? __pfx_worker_thread+0x10/0x10
[  800.161268][   T67]  kthread+0x2c1/0x3a0
[  800.163451][   T67]  ? _raw_spin_unlock_irq+0x23/0x50
[  800.166026][   T67]  ? __pfx_kthread+0x10/0x10
[  800.168089][   T67]  ret_from_fork+0x45/0x80
[  800.170176][   T67]  ? __pfx_kthread+0x10/0x10
[  800.172544][   T67]  ret_from_fork_asm+0x1a/0x30
[  800.175311][   T67]  </TASK>
[  800.182632][T11001] holtek_mouse 0003:04D9:A070.0051: hidraw0: USB HID v0.00 Device [HID 04d9:a070] on usb-dummy_hcd.1-1/input0
[  800.205425][   T67] ==================================================================
[  800.209687][   T67] BUG: KASAN: slab-use-after-free in hci_le_create_big_complete_evt+0xa62/0xb30
[  800.214392][   T67] Read of size 8 at addr ffff888038570000 by task kworker/u33:0/67
[  800.217956][   T67] 
[  800.219030][   T67] CPU: 0 UID: 0 PID: 67 Comm: kworker/u33:0 Tainted: G        W          6.11.0-rc3-syzkaller-00010-g6b4aa469f049 #0
[  800.226283][   T67] Tainted: [W]=WARN
[  800.228628][   T67] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  800.234816][   T67] Workqueue: hci18 hci_rx_work
[  800.237585][   T67] Call Trace:
[  800.239183][   T67]  <TASK>
[  800.240937][   T67]  dump_stack_lvl+0x116/0x1f0
[  800.243074][   T67]  print_report+0xc3/0x620
[  800.245168][   T67]  ? __virt_addr_valid+0x5e/0x590
[  800.247431][   T67]  ? __phys_addr+0xc6/0x150
[  800.250110][   T67]  kasan_report+0xd9/0x110
[  800.253186][   T67]  ? hci_le_create_big_complete_evt+0xa62/0xb30
[  800.256679][   T67]  ? hci_le_create_big_complete_evt+0xa62/0xb30
[  800.260005][   T67]  hci_le_create_big_complete_evt+0xa62/0xb30
[  800.262576][   T67]  ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[  800.265820][   T67]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  800.269107][   T67]  ? skb_pull_data+0x166/0x210
[  800.271217][   T67]  hci_le_meta_evt+0x2e2/0x5d0
[  800.273252][   T67]  ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[  800.275787][   T67]  hci_event_packet+0x666/0x1180
[  800.278907][   T67]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  800.281313][   T67]  ? __pfx_hci_event_packet+0x10/0x10
[  800.284151][   T67]  ? mark_held_locks+0x9f/0xe0
[  800.286544][   T67]  ? kcov_remote_start+0x3cf/0x6e0
[  800.289352][   T67]  ? lockdep_hardirqs_on+0x7c/0x110
[  800.292048][   T67]  hci_rx_work+0x2c6/0x1610
[  800.294459][   T67]  process_one_work+0x9c5/0x1b40
[  800.297099][   T67]  ? __pfx_lock_acquire+0x10/0x10
[  800.299446][   T67]  ? __pfx_process_one_work+0x10/0x10
[  800.301626][   T67]  ? assign_work+0x1a0/0x250
[  800.303884][   T67]  worker_thread+0x6c8/0xf20
[  800.306120][   T67]  ? __pfx_worker_thread+0x10/0x10
[  800.308500][   T67]  kthread+0x2c1/0x3a0
[  800.310422][   T67]  ? _raw_spin_unlock_irq+0x23/0x50
[  800.313021][   T67]  ? __pfx_kthread+0x10/0x10
[  800.315160][   T67]  ret_from_fork+0x45/0x80
[  800.317158][   T67]  ? __pfx_kthread+0x10/0x10
[  800.319185][   T67]  ret_from_fork_asm+0x1a/0x30
[  800.321186][   T67]  </TASK>
[  800.322447][   T67] 
[  800.323529][   T67] Allocated by task 5351:
[  800.325542][   T67]  kasan_save_stack+0x33/0x60
[  800.327527][   T67]  kasan_save_track+0x14/0x30
[  800.329798][   T67]  __kasan_kmalloc+0xaa/0xb0
[  800.331900][   T67]  __hci_conn_add+0x131/0x1a50
[  800.334332][   T67]  hci_conn_add+0x56/0x70
[  800.336364][   T67]  hci_le_big_sync_established_evt+0x73f/0xad0
[  800.339182][   T67]  hci_le_meta_evt+0x2e2/0x5d0
[  800.341455][   T67]  hci_event_packet+0x666/0x1180
[  800.343819][   T67]  hci_rx_work+0x2c6/0x1610
[  800.346017][   T67]  process_one_work+0x9c5/0x1b40
[  800.348688][   T67]  worker_thread+0x6c8/0xf20
[  800.350856][   T67]  kthread+0x2c1/0x3a0
[  800.352789][   T67]  ret_from_fork+0x45/0x80
[  800.355311][   T67]  ret_from_fork_asm+0x1a/0x30
[  800.357454][   T67] 
[  800.358573][   T67] Freed by task 67:
[  800.360399][   T67]  kasan_save_stack+0x33/0x60
[  800.362744][   T67]  kasan_save_track+0x14/0x30
[  800.365308][   T67]  kasan_save_free_info+0x3b/0x60
[  800.367705][   T67]  poison_slab_object+0xf7/0x160
[  800.370295][   T67]  __kasan_slab_free+0x32/0x50
[  800.372364][   T67]  kfree+0x12a/0x3b0
[  800.374074][   T67]  device_release+0xa1/0x240
[  800.376268][   T67]  kobject_put+0x1fa/0x5b0
[  800.378644][   T67]  put_device+0x1f/0x30
[  800.380686][   T67]  hci_conn_del_sysfs+0x151/0x180
[  800.382847][   T67]  hci_conn_del+0x54e/0xdb0
[  800.384867][   T67]  hci_le_create_big_complete_evt+0x4ba/0xb30
[  800.387950][   T67]  hci_le_meta_evt+0x2e2/0x5d0
[  800.390225][   T67]  hci_event_packet+0x666/0x1180
[  800.392575][   T67]  hci_rx_work+0x2c6/0x1610
[  800.394842][   T67]  process_one_work+0x9c5/0x1b40
[  800.397383][   T67]  worker_thread+0x6c8/0xf20
[  800.399732][   T67]  kthread+0x2c1/0x3a0
[  800.402140][   T67]  ret_from_fork+0x45/0x80
[  800.404729][   T67]  ret_from_fork_asm+0x1a/0x30
[  800.406858][   T67] 
[  800.408083][   T67] The buggy address belongs to the object at ffff888038570000
[  800.408083][   T67]  which belongs to the cache kmalloc-8k of size 8192
[  800.415296][   T67] The buggy address is located 0 bytes inside of
[  800.415296][   T67]  freed 8192-byte region [ffff888038570000, ffff888038572000)
[  800.421724][   T67] 
[  800.422984][   T67] The buggy address belongs to the physical page:
[  800.426262][   T67] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x38570
[  800.430104][   T67] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  800.434141][   T67] ksm flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  800.438090][   T67] page_type: 0xfdffffff(slab)
[  800.441185][   T67] raw: 00fff00000000040 ffff888015843180 ffffea00018fec00 0000000000000003
[  800.446038][   T67] raw: 0000000000000000 0000000000020002 00000001fdffffff 0000000000000000
[  800.450664][   T67] head: 00fff00000000040 ffff888015843180 ffffea00018fec00 0000000000000003
[  800.455130][   T67] head: 0000000000000000 0000000000020002 00000001fdffffff 0000000000000000
[  800.458835][   T67] head: 00fff00000000003 ffffea0000e15c01 ffffffffffffffff 0000000000000000
[  800.463255][   T67] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[  800.468047][   T67] page dumped because: kasan: bad access detected
[  800.471599][   T67] page_owner tracks the page as allocated
[  800.473991][   T67] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 13463, tgid 13462 (syz.2.2182), ts 579594662264, free_ts 579535738859
[  800.485830][   T67]  post_alloc_hook+0x2d1/0x350
[  800.488337][   T67]  get_page_from_freelist+0x1351/0x2e50
[  800.490908][   T67]  __alloc_pages_noprof+0x22b/0x2460
[  800.493646][   T67]  alloc_slab_page+0x4e/0xf0
[  800.495803][   T67]  new_slab+0x84/0x260
[  800.497727][   T67]  ___slab_alloc+0xdac/0x1870
[  800.500142][   T67]  __slab_alloc.constprop.0+0x56/0xb0
[  800.503091][   T67]  __kmalloc_node_noprof+0x357/0x430
[  800.506315][   T67]  __kvmalloc_node_noprof+0x6f/0x1a0
[  800.509217][   T67]  netlink_alloc_large_skb+0x96/0x130
[  800.512245][   T67]  netlink_sendmsg+0x689/0xd70
[  800.515085][   T67]  sock_sendmsg+0x3cb/0x470
[  800.517839][   T67]  splice_to_socket+0xab2/0x1040
[  800.520442][   T67]  direct_splice_actor+0x19b/0x6d0
[  800.522651][   T67]  splice_direct_to_actor+0x346/0xa40
[  800.524828][   T67]  do_splice_direct+0x17e/0x250
[  800.526928][   T67] page last free pid 13463 tgid 13462 stack trace:
[  800.529971][   T67]  free_unref_page+0x64a/0xe40
[  800.532059][   T67]  __put_partials+0x14c/0x170
[  800.534100][   T67]  qlist_free_all+0x4e/0x140
[  800.536124][   T67]  kasan_quarantine_reduce+0x192/0x1e0
[  800.538442][   T67]  __kasan_slab_alloc+0x69/0x90
[  800.540536][   T67]  __kmalloc_noprof+0x199/0x400
[  800.542620][   T67]  copy_splice_read+0x1a8/0xb80
[  800.544758][   T67]  do_splice_read+0x2cf/0x380
[  800.546769][   T67]  splice_direct_to_actor+0x2a4/0xa40
[  800.549084][   T67]  do_splice_direct+0x17e/0x250
[  800.550994][   T67]  do_sendfile+0xb1e/0xe50
[  800.552924][   T67]  __x64_sys_sendfile64+0x1da/0x220
[  800.555209][   T67]  do_syscall_64+0xcd/0x250
[  800.557205][   T67]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  800.559817][   T67] 
[  800.560853][   T67] Memory state around the buggy address:
[  800.563228][   T67]  ffff88803856ff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  800.566622][   T67]  ffff88803856ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  800.570042][   T67] >ffff888038570000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  800.573409][   T67]                    ^
[  800.575152][   T67]  ffff888038570080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  800.578533][   T67]  ffff888038570100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  800.581904][   T67] ==================================================================
[  800.593442][   T67] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  800.596629][   T67] CPU: 0 UID: 0 PID: 67 Comm: kworker/u33:0 Tainted: G        W          6.11.0-rc3-syzkaller-00010-g6b4aa469f049 #0
[  800.601646][   T67] Tainted: [W]=WARN
[  800.603294][   T67] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  800.607809][   T67] Workqueue: hci18 hci_rx_work
[  800.609950][   T67] Call Trace:
[  800.611414][   T67]  <TASK>
[  800.612696][   T67]  dump_stack_lvl+0x3d/0x1f0
[  800.614703][   T67]  panic+0x6f5/0x7a0
[  800.616435][   T67]  ? __pfx_panic+0x10/0x10
[  800.620880][   T67]  ? trace_irq_enable.constprop.0+0xe4/0x130
[  800.623490][   T67]  ? preempt_schedule_thunk+0x1a/0x30
[  800.625741][   T67]  ? preempt_schedule_common+0x44/0xc0
[  800.628012][   T67]  check_panic_on_warn+0xab/0xb0
[  800.630112][   T67]  end_report+0x117/0x180
[  800.632035][   T67]  kasan_report+0xe9/0x110
[  800.633937][   T67]  ? hci_le_create_big_complete_evt+0xa62/0xb30
[  800.652515][   T67]  ? hci_le_create_big_complete_evt+0xa62/0xb30
[  800.655165][   T67]  hci_le_create_big_complete_evt+0xa62/0xb30
[  800.657789][   T67]  ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[  800.660694][   T67]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  800.663376][   T67]  ? skb_pull_data+0x166/0x210
[  800.667982][   T67]  hci_le_meta_evt+0x2e2/0x5d0
[  800.669898][   T67]  ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[  800.672308][   T67]  hci_event_packet+0x666/0x1180
[  800.674211][   T67]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  800.676180][   T67]  ? __pfx_hci_event_packet+0x10/0x10
[  800.678365][   T67]  ? mark_held_locks+0x9f/0xe0
[  800.680272][   T67]  ? kcov_remote_start+0x3cf/0x6e0
[  800.682256][   T67]  ? lockdep_hardirqs_on+0x7c/0x110
[  800.684351][   T67]  hci_rx_work+0x2c6/0x1610
[  800.686045][   T67]  process_one_work+0x9c5/0x1b40
[  800.687885][   T67]  ? __pfx_lock_acquire+0x10/0x10
[  800.689906][   T67]  ? __pfx_process_one_work+0x10/0x10
[  800.691576][   T67]  ? assign_work+0x1a0/0x250
[  800.693273][   T67]  worker_thread+0x6c8/0xf20
[  800.695106][   T67]  ? __pfx_worker_thread+0x10/0x10
[  800.698309][   T67]  kthread+0x2c1/0x3a0
[  800.700744][   T67]  ? _raw_spin_unlock_irq+0x23/0x50
[  800.704298][   T67]  ? __pfx_kthread+0x10/0x10
[  800.706351][   T67]  ret_from_fork+0x45/0x80
[  800.708405][   T67]  ? __pfx_kthread+0x10/0x10
[  800.710783][   T67]  ret_from_fork_asm+0x1a/0x30
[  800.722628][   T67]  </TASK>
[  800.728297][   T67] Kernel Offset: disabled
[  800.730172][   T67] Rebooting in 86400 seconds..

VM DIAGNOSIS:
01:34:50  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000000064 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff84fe63b5 RDI=ffffffff9519f6a0 RBP=ffffffff9519f660 RSP=ffffc90000d47418
R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=0000000000000000
R12=0000000000000000 R13=0000000000000064 R14=ffffffff84fe6350 R15=0000000000000000
RIP=ffffffff84fe63df RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88806b000000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00007f58e68cfee0 CR3=000000011b6aa000 CR4=00352ef0
DR0=0000000000000400 DR1=00000000872c9164 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000208001 Opmask01=0000000000010100 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f58e67e86e4
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f58e67e86f1
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f58e67e86eb
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f58e67e86ff
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f58e67e8785
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f58e67e8863
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f58e68eb488 00007f58e68eb480 00007f58e68eb478 00007f58e68eb450
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f58e744d100 00007f58e68eb440 00007f58e68eb458 00007f58e68eb4a0
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f58e68eb498 00007f58e68eb490 00007f58e68eb488 00007f58e68eb480
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000038 0000000000000001 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=00000000010c90bb RBX=0000000000000001 RCX=ffffffff8b121709 RDX=0000000000000000
RSI=ffffffff8b4cc500 RDI=ffffffff8bb08ec0 RBP=ffffed10030d0910 RSP=ffffc90000187e08
R8 =0000000000000001 R9 =ffffed100d626fd9 R10=ffff88806b137ecb R11=0000000000000000
R12=0000000000000001 R13=ffff888018684880 R14=ffffffff9012de18 R15=0000000000000000
RIP=ffffffff8b122aff RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88806b100000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00007f58e68c4de0 CR3=0000000000ee2000 CR4=00352ef0
DR0=0000000000000400 DR1=00000000872c9164 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000208001 Opmask01=0000000000000000 Opmask02=0000000000000fff Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffff8132df25 ffffffff8132def3
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffff82003a4f ffffffff8132df25
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 ffffffff8132df25
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fd892fe86e4
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fd892fe86f1
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fd892fe86eb
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fd892fe86ff
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fd892fe8785
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fd892fe8863
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fd8930eb488 00007fd8930eb480 00007fd8930eb478 00007fd8930eb450
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fd893c4d100 00007fd8930eb440 00007fd800040008 000c00130014000c
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fd8930eb498 00007fd8930eb490 00007fd8930eb488 00007fd8930eb480
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000001 0000000000000000 0000000000000000 00000000000000c4
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 2

CPU#2
RAX=0000000000000001 RBX=ffffffff8ef67820 RCX=0000000000000100 RDX=0000000000000001
RSI=0000000000000004 RDI=ffffffff8ef67822 RBP=dffffc0000000000 RSP=ffffc90000858970
R8 =0000000000000001 R9 =fffffbfff1decf04 R10=ffffffff8ef67823 R11=0000000000000000
R12=0000000000000000 R13=0000000000007b2a R14=ffff88806b23fc80 R15=fffffbfff1decf04
RIP=ffffffff8b14de55 RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0000 0000000000000000 ffffffff 00c00000
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007f4de5eb4d00 ffffffff 00c00000
GS =0000 ffff88806b200000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000008f000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=000056494f5bd000 CR3=0000000026ad0000 CR4=00352ef0
DR0=0000000000000400 DR1=00000000872c9164 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000008082082 Opmask01=0000000000000000 Opmask02=00000000dfff7fff Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000001 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 554245440045534f 4252455600524f52 5245004c41544146 0054454955510029
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 554245440045534f 4252455600524f52 5245004c41544146 005445495551000c
ZMM20=0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004
ZMM21=369f7d34369f7d34 369f7d34369f7d34 369f7d34369f7d34 369f7d34369f7d34 369f7d34369f7d34 369f7d34369f7d34 369f7d34369f7d34 369f7d34369f7d34
ZMM22=94bf101d94bf101d 94bf101d94bf101d 94bf101d94bf101d 94bf101d94bf101d 94bf101d94bf101d 94bf101d94bf101d 94bf101d94bf101d 94bf101d94bf101d
ZMM23=65fa865965fa8659 65fa865965fa8659 65fa865965fa8659 65fa865965fa8659 65fa865965fa8659 65fa865965fa8659 65fa865965fa8659 65fa865965fa8659
ZMM24=567f7372567f7372 567f7372567f7372 567f7372567f7372 567f7372567f7372 567f7372567f7372 567f7372567f7372 567f7372567f7372 567f7372567f7372
ZMM25=c0f9607fc0f9607f c0f9607fc0f9607f c0f9607fc0f9607f c0f9607fc0f9607f c0f9607fc0f9607f c0f9607fc0f9607f c0f9607fc0f9607f c0f9607fc0f9607f
ZMM26=2f5e86782f5e8678 2f5e86782f5e8678 2f5e86782f5e8678 2f5e86782f5e8678 2f5e86782f5e8678 2f5e86782f5e8678 2f5e86782f5e8678 2f5e86782f5e8678
ZMM27=0d67c5650d67c565 0d67c5650d67c565 0d67c5650d67c565 0d67c5650d67c565 0d67c5650d67c565 0d67c5650d67c565 0d67c5650d67c565 0d67c5650d67c565
ZMM28=000000100000000f 0000000e0000000d 0000000c0000000b 0000000a00000009 0000000800000007 0000000600000005 0000000400000003 0000000200000001
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=171b0000171b0000 171b0000171b0000 171b0000171b0000 171b0000171b0000 171b0000171b0000 171b0000171b0000 171b0000171b0000 171b0000171b0000
info registers vcpu 3

CPU#3
RAX=1ffff1100355408f RBX=ffff88801aaa0460 RCX=0000000000000006 RDX=1ffffffff2a20077
RSI=0000000000000004 RDI=ffff88801aaa0478 RBP=ffffc90000908df0 RSP=ffffc90000908d10
R8 =0000000000000001 R9 =fffff52000121190 R10=0000000000000003 R11=0000000000000000
R12=0000000000000010 R13=dffffc0000000000 R14=ffff8880446bf048 R15=1ffff920001211a4
RIP=ffffffff84896cf2 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88806b300000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000d6000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000000020001439 CR3=000000001f700000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000001000000 Opmask01=0000000001000001 Opmask02=00000000ffffffef Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffc64e65170 0000003000000018
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fd892fe86e4
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fd892fe86f1
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fd892fe86eb
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fd892fe86ff
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fd892fe8785
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fd892fe8863
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000001 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000000c4
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000001 0000000000000000 0000000000000000 00000000000000c4
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000