last executing test programs:

5.205379409s ago: executing program 0 (id=566):
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000580)="d8000000140081054e81f782db44b9040a1d08020a000000040000a118000200fec0000000000e1208000f0100810401a80016ea1f0006400303000803600cfab94dcf5c0461c1d67f6f94007134cf6ee08002a0e408e8d8ef075c0100000000000000cb090000001fb791643a5ee4001b146218a07445d6d930dfe1d9d322fe7c9fd68775730d16a4683f5aeb4edbb57a5025ccca9e00360db70100000040fad95667e0060000000000000080bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd68adbef3d93452a00"/216, 0xd8}], 0x1, 0x0, 0x0, 0x7400}, 0x0) (fail_nth: 1)

5.096005082s ago: executing program 0 (id=567):
r0 = socket(0x27, 0x1, 0x2)
r1 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r1, 0x7a7, &(0x7f0000000080)=0xb0000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r1, 0x7a0, &(0x7f0000000000)={@my=0x0})
ioctl$IOCTL_VMCI_NOTIFY_RESOURCE(r1, 0x7a5, &(0x7f00000000c0)={{@my=0x0}, 0x1})
ioctl$IOCTL_VMCI_NOTIFICATIONS_RECEIVE(r1, 0x7a6, &(0x7f0000000040)={0x0, 0x0, 0x3})
sendmsg$NFT_MSG_GETGEN(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x14, 0x10, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x8}, [""]}, 0x14}, 0x1, 0x0, 0x0, 0x4004890}, 0x4)
connect$tipc(r0, &(0x7f0000000000)=@name={0x1e, 0x2, 0x2, {{0x0, 0x3}, 0x1}}, 0x10)
setsockopt$ax25_int(r0, 0x101, 0x2, &(0x7f0000000040)=0xffffff7f, 0x4)

5.095327408s ago: executing program 0 (id=568):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, 0x0)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0)
r1 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
r2 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r2, 0x107, 0x0, 0x0, 0x0)
setsockopt$packet_rx_ring(r2, 0x107, 0x5, 0x0, 0x0)
socket$igmp(0x2, 0x3, 0x2)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r3 = accept(r1, 0x0, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001900)=@newlink={0x40, 0x10, 0x403, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @gretap={{0xb}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x1, @multicast}]}, 0x40}}, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000200)={0x28, 0x13, 0x1, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64}, @nested={0xc, 0x0, 0x0, 0x1, [@typed={0x8, 0x0, 0x0, 0x0, @pid=0xffffffffffffffff}]}]}, 0x28}], 0x1}, 0x0)
setsockopt$packet_add_memb(r3, 0x107, 0x1, &(0x7f0000000000)={0x0, 0x1, 0x6}, 0x10)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
socket$inet6_udplite(0x11, 0x2, 0x88)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000800)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0)
write(0xffffffffffffffff, &(0x7f00000000c0)="24000000200099f0000000000000000002", 0x11)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000004c0)=ANY=[@ANYBLOB="021380ee02"], 0x10}}, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="020300090c00000000420b00000000000200130002000000000000000000001f0300060000000051020049e4f0000001c99a00000000000002000100002000100000000200000000030005"], 0x60}}, 0x0)
r5 = socket$key(0xf, 0x3, 0x2)
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$key(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000500)={0x2, 0x9, 0x0, 0x0, 0x2}, 0x10}}, 0x0)

5.00290696s ago: executing program 0 (id=569):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000640)=ANY=[@ANYBLOB="180000000000000000000000000020"], &(0x7f0000000000)='syzkaller\x00'}, 0x90)
readv(r0, &(0x7f0000000740)=[{&(0x7f0000000140)=""/72, 0x48}, {&(0x7f0000000500)=""/216, 0xd8}, {&(0x7f0000000680)=""/162, 0xa2}, {&(0x7f00000002c0)=""/6, 0x6}, {&(0x7f0000000300)=""/25, 0x19}], 0x5)
io_setup(0x2, &(0x7f0000000200))
bpf$MAP_CREATE(0x0, 0x0, 0x0)
socket(0x10, 0x4, 0x10000)
pipe2(&(0x7f0000000000), 0x0)
r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000c80)=ANY=[@ANYBLOB="12010000000000406d0422c200000000000109022400010000000009040000010300000009210000000122"], 0x0)
syz_usb_control_io$hid(r1, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
r3 = socket$key(0xf, 0x3, 0x2)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000240)={<r4=>0xffffffffffffffff})
close(r4)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1, 0x2, 0x10001, 0x8, 0x1, 0xffffffffffffffff, 0x10, '\x00', 0x0, 0xffffffffffffffff, 0xffffffff, 0x4}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
close(r4)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000000)={0xffffffffffffffff, 0xe0, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x100, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r6, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r6}, 0x0, 0x0}, 0x20)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000740)={r6, &(0x7f0000000000), &(0x7f00000000c0)=""/109}, 0x20)
sendmsg$key(r3, &(0x7f0000000000)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="0207000902"], 0x10}}, 0x0)
bind$inet(r2, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r7}, 0x10)
connect$inet(r2, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
setsockopt$inet_IP_XFRM_POLICY(r2, 0x0, 0x11, &(0x7f00000002c0)={{{@in=@dev={0xac, 0x14, 0x14, 0x2a}, @in=@dev={0xac, 0x14, 0x14, 0x40}, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x100000000000}, {}, 0x0, 0x0, 0x1}, {{@in6=@dev, 0x0, 0x33}, 0x0, @in=@multicast2, 0x0, 0x0, 0x0, 0xb7}}, 0xe8)
sendmmsg(r2, &(0x7f0000007fc0), 0x800001d, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x0, 0x8, 0x8}, 0x48)

3.531885016s ago: executing program 2 (id=581):
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000000140)={0x0, {{0xa, 0x0, 0x0, @mcast2}}}, 0x88)
setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f0000000b00)=ANY=[@ANYBLOB="0b000000000000000a00000000000000ff02000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002"], 0x190)
syz_emit_ethernet(0x7a, &(0x7f0000000280)={@broadcast, @empty, @void, {@ipv6={0x86dd, @gre_packet={0x0, 0x6, "dd690b", 0x44, 0x2f, 0x0, @private0, @mcast2, {[], {{0x0, 0x0, 0x1, 0x0, 0x2, 0x0, 0x0, 0x1, 0x8100}}}}}}}, 0x0)

3.487529098s ago: executing program 2 (id=582):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, 0x0)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0)
r1 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
r2 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r2, 0x107, 0x0, 0x0, 0x0)
setsockopt$packet_rx_ring(r2, 0x107, 0x5, 0x0, 0x0)
socket$igmp(0x2, 0x3, 0x2)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r3 = accept(r1, 0x0, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001900)=@newlink={0x40, 0x10, 0x403, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @gretap={{0xb}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x1, @multicast}]}, 0x40}}, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000200)={0x28, 0x13, 0x1, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64}, @nested={0xc, 0x0, 0x0, 0x1, [@typed={0x8, 0x0, 0x0, 0x0, @pid=0xffffffffffffffff}]}]}, 0x28}], 0x1}, 0x0)
setsockopt$packet_add_memb(r3, 0x107, 0x1, &(0x7f0000000000)={0x0, 0x1, 0x6}, 0x10)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
socket$inet6_udplite(0x11, 0x2, 0x88)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000800)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0)
write(0xffffffffffffffff, &(0x7f00000000c0)="24000000200099f0000000000000000002", 0x11)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000004c0)=ANY=[@ANYBLOB="021380ee02"], 0x10}}, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="020300090c00000000420b00000000000200130002000000000000000000001f0300060000000051020049e4f0000001c99a00000000000002000100002000100000000200000000030005"], 0x60}}, 0x0)
r5 = socket$key(0xf, 0x3, 0x2)
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$key(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000500)={0x2, 0x9, 0x0, 0x0, 0x2}, 0x10}}, 0x0)

2.948287291s ago: executing program 3 (id=583):
syz_emit_vhci(&(0x7f0000000540)=ANY=[@ANYBLOB="043e"], 0x22)
r0 = openat$vimc0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000140)={0x0, 0xa, 0x2})
syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB="04"], 0x7)
socket(0x0, 0x0, 0x0)
syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x12}, @l2cap_cid_le_signaling={{0xe}, @l2cap_le_conn_rsp={{0x15, 0x3, 0xa}, {0x5, 0x6, 0x8, 0x8, 0x1}}}}, 0x17)
r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r1, 0x3b81, &(0x7f0000000080)={0x19, 0x0, <r2=>0x0})
r3 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r3, 0x3b81, &(0x7f0000000200)={0x15})
ioctl$IOMMU_IOAS_MAP$PAGES(r1, 0x3b85, &(0x7f00000000c0)={0x28, 0x7, r2, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000})
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r1, 0x3ba0, &(0x7f00000001c0)={0x48, 0x5, r2, 0x0, <r4=>0xffffffffffffffff, 0x1})
r5 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r5, 0x3ba0, &(0x7f00000004c0)={0x48, 0x7, r4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x23b3b6})
r6 = dup3(r1, r5, 0x0)
openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r3, 0x3ba0, &(0x7f0000000240)={0x48, 0x7, r4, 0x0, 0x10001, 0x0, 0x0, 0x0, 0xa194f})
ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, &(0x7f00000002c0)={0xc, 0x0, <r7=>0x0})
ioctl$IOMMU_IOAS_UNMAP$ALL(r6, 0x3b86, &(0x7f0000000180)={0x18, r7})
r8 = fspick(0xffffffffffffffff, &(0x7f0000000100)='./file0\x00', 0x0)
fsconfig$FSCONFIG_SET_FD(r8, 0x5, &(0x7f0000000240)='/de4\x12O\x8e\x9cv/q-\xa8\xb7t\xb5\xbe;\xe2\x028s;\xfa\xb7N\xd1\xdd\xfc\x1c2\xd7^\x82\xcfM\xab\xb8\xb7\x93\xce\xfc\xb8\xad@\xd2c6\x88\x16gX}\xa4\xceO\xf7a\xd7d\xb2\x89Q$\xbf\x98\xfa\x8b\xf1\xc7\xd5\x00\xcdi\x8aT\xfd|\xe0', 0x0, 0xffffffffffffffff)
ioctl$IOCTL_VMCI_VERSION(0xffffffffffffffff, 0x79f, 0x0)
r9 = memfd_secret(0x0)
r10 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
r11 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r12=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r12, 0x8933, &(0x7f0000000080)={'bridge0\x00', <r13=>0x0})
sendmsg$nl_route(r11, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=@delneigh={0x2c, 0x1d, 0x1, 0x70bd2d, 0x0, {0x7, 0x0, 0x0, r13}, [@NDA_NH_ID={0x8, 0xd, 0x5}, @NDA_VLAN={0x6, 0x5, 0x1}]}, 0x2c}}, 0x0)
fcntl$dupfd(r10, 0x0, r9)

2.942296586s ago: executing program 2 (id=584):
r0 = socket$inet(0x2, 0x80001, 0x84)
setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000000280)=0x2, 0x4)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e20, @empty}, 0x10)
pipe(&(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@newlink={0x3c, 0x10, 0x0, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bond={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BOND_PACKETS_PER_SLAVE={0x8, 0x14, 0x2}]}}}]}, 0x3c}}, 0x0)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
close(r3)
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="4800000010005f3f"], 0x3}}, 0x0)
write$binfmt_misc(r2, &(0x7f0000000000)=ANY=[], 0xfffffecc)
splice(r1, 0x0, r3, 0x0, 0x4ffe2, 0x0)
listen(r0, 0x3)
r4 = socket$inet6(0xa, 0x5, 0x0)
setsockopt$sock_int(r4, 0x1, 0xf, &(0x7f0000fee000)=0x3fa, 0x4)
bind$inet6(r4, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
r5 = socket(0x2a, 0x2, 0x0)
connect$qrtr(r5, &(0x7f0000000000), 0xc)
sendto(r5, 0x0, 0x0, 0x0, &(0x7f0000000040)=@qipcrtr={0x2a, 0xffffffffffffffff, 0xfffffffe}, 0x80)

2.837787871s ago: executing program 1 (id=585):
r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
writev(r0, &(0x7f00000002c0)=[{&(0x7f0000000040)="01", 0x1}], 0x1) (fail_nth: 1)

2.788335073s ago: executing program 3 (id=586):
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$ENABLE_STATS(0x20, &(0x7f00000002c0), 0x4) (async)
r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RATE_NEW(r0, &(0x7f0000000180)={0x0, 0xfe84, &(0x7f0000000140)={&(0x7f0000000080)={0x44, r1, 0x207, 0x0, 0x0, {}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_RATE_NODE_NAME={0xf, 0xa8, @random}]}, 0x44}}, 0x0) (async)
syz_open_dev$sndmidi(&(0x7f0000000040), 0xca, 0x0) (async)
openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async)
r2 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') (async)
r3 = socket$can_j1939(0x1d, 0x2, 0x7)
recvmsg$can_j1939(r3, &(0x7f00000016c0)={0x0, 0x0, 0x0}, 0x2000) (async)
r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x62181)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r4, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue0\x00'}) (async)
write$sndseq(r4, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick, {}, {}, @raw32={[0x2600]}}], 0xffc8) (async)
read$msr(r2, &(0x7f0000000500)=""/172, 0xac) (async)
mount$9p_fd(0x0, &(0x7f0000000100)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000000400)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r4}})
ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT(r4, 0xc0bc5351, &(0x7f0000000440)={0x3, 0x2, 'client1\x00', 0x80000000, "c23d3a25ecf7f313", "c1858f5629ae05c8efde2e41d002d328e47a4ae3881f9caf2166e3398b644e58", 0x5, 0xa6cd}) (async)
openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0), 0x105101, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000001880)=ANY=[@ANYBLOB="b702000000000000bfa300000000000007030000fdfdfff67a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040000010000400404000001f7ff04b7050000240000006a0a00fe00000000850000000b000000b70000000000000095000000000000009cc6b3fcd62c061c6238975d43a4505f80e39c9f3c530cf08e467b592f868ee3b0a435df0a0e8c1bf176db2a6b2feb4b77d3d5707bfd2d84aaa3b1d4e984c46ea7e2b347a36f5662403e1b2be4284322a4988a0d411a9872971c7c56f0979bd10b97163c066d0e196bf0fb04e500b0c0502df9de9ca3c00cb9a323d9b401bf4e418d07fa22f0610a70f2bdf4000200000000b0c2c125080963f6324bb7b80197aa3161f45346b100000000000000000089e399f6609876b588743794298b79dc192dff048fc207c81f28bdd3e26a1a8a0481e9f0da43bb6ca66e2f55a9ff19ffcafe3e64be06000000000000005064caec04a367c23d9fb6a6991ddb737d527d6acb15426406991c3b404984dfa2c6e94bd0339454c13ad3c328a182c15dc760a313e3b3ca5d3393404029e98fa883c71949a34d84030323e3d54fc5b29d27643453ad9226e3550ee5520211d9370175fba303f003073afd1ec9f7c6133f260c6882a146880b9387f1beb5418618bc83a3becf9bb5d80eff7da7ba8b913c685fc6700848dc6665d73248c1f74e08ad04ce905faf32706e0000249a028044ede964362cfb2f30a246c3b2f60000fc4deb91da1368b0960b8d69bd99c64893d44f962524429dc0584b8e7e541c903869d96989b9a986620cb2c95c83f2a082c52764f49e51188f9418b01bcd8ae164acdac95318ec8b2c6feacdcf4b528e5e58219bc54f6ad5679e7f430e6960ed048c46e1dccca05bfa1d67c83795eae2d31968c055d325a9c794ef88b30c2de4a274878b73c05ffa88b7073be648b12bb1fee58958d6a6f31bfe568215dfbde59dad00008a73b40f09cf018cd496b36050d7fd45e3620c28f76749262e33e16429a6da35ceb1a989de81c3f8b8bc348ef2ac3789b847611fcb0a26acafdd6d9a1b17dcb9f7c493d8f8cd344a1d470ca0d6f16ab0293774b5509fb0e7113936d59d5a60dbd84a938476adeebab9ff44f531bb0200000000000000cc1fbc455a64fd449284f71761092a0302000000000000008a05d36fd9b814b4292745418c92d944763a4bf5e138d810e29a31f08f7dea7762d2d8f7e1d24cabe17ad4135d8872935ceac6eb4f046f2acc1b0efb4438abddcabb4e4e72a450aab72b589bec83bbb688e659fb426cd43d0ee993516fd4e867232cde69b6ffad447dcd92e0ef8234ff850ec3948dd1fa7afb77d951fe4abf618121b7894c106beb49a71c62df5544ef221973432ccc7e62b151eb898a01010a7ec5acd0a5dcb2de443880c8a682515d1da9a3048744acb44384d1591df789883c0560495cb0cb32283529926d25e5c7f481112ab8a82247e927fb6f256830dab3671f00500d36a17790bab7d0e89e6c15314f2b963bfc867953476b0505c7d728326d666f39e82cfcf7e7a85df288d75df24c5e4d529c349923f9a4fb882310391dd58b4cbd8def239a227724d39c3e6c40e20e07e68a22888a5c3941b7a765b92bcb37f302487bcbd93ccf3a104021ff34ddf7ffcca1a04eae963e25516a114573779b24a341dfb2e80f1f345c6d96493ffc2a18478b5bf3aab2ea59c51cf0678e1a57d0ea042d911548ff612002ddb2d54d42fbdde42b56887003d27468225b2594a0500200f314113e889468cf13dd92aa0d7744db6b56557a5adad95cb9a69d4de50642b4b9d6d3ba7eb534b00d0fea62f0a61535dfc4da06e7f8695be614c557caed7eb0120516e1351fed7d8ffa31c8f4be364185469cfc5f25c90d71bce745dd2d58a30e0844f12c4cbbdd7a08465e665c2620d78673dfb6d9263e44f59fae487c62c98a3534f1a3eac9ee9f18a18106ba3d7c7a62330f5c0e98cb7982dd7bad02c8dba9c13894185bfc4bd2520b6e2043fcb3fc5eb55ecf9e6e363ea2ac40a14a6f00f0ffffa0fdb6487c51ef12c2e88beeb5aa6f6a4151cfb90644e50630ed474df7d1635afcb1ea3f6c47b5acbba2ce5099a9387f74d1ffbd1da497613174f76a656ba5bacccbb58dddaf9a3510d65383829a51e0f41e661fa80ca1eaaa6cf0824305ba4ec80400c50ffe83ccb0e6fef321190c58aca8c7c8c6d26ff5cbc2cadebda8e1219e04f8dacffd33db1a0a2e74c9eb978d80a12d0b5327bfd053000000000000000000be0d02a14708504412fa93d335992b2983c5addc191b4a21c7b340d0536b01958e15315eb5f3f9f4992c18f666359f40295fa73284c4b607669bae01bd68c3e2b770c324a0ab26b6065d7e95a7bd80052db57506ec7cc861bf3998d07484c66630ca8173fea3f06ed1dfc70a8b90418e2dc76137e0f68cb1c8a908aef9f009f85647dba54e05028c33d94d463fb20d2e7547184b8d3611e45dff02144387f342ef9b9bf650e9d049bf65258a7bc094a6965e24611c077e1ca0891362a9d68f3ec7610c0449ac59110500a09b75885cd79ba32776e4a511c8a4ad922b000000000002ef507ec6fc7f5dc431b9d8cbd9003972bf1dc6a71bedad8e19efc3edd2a7a7e555d5f3176af69920471e6e5bcb8966c813c132d65e2b99d3015e06b372e1aefaae14ee3fbc6349af362c19b59c214de66912d1a9a98d92dc030000009443de62caca334c46d110e50896fe50d0477771d387f40c8ef05750ca651e6e69a237dcf78666d6ab2bda1f853525494e4efdd93be38bb5fc671f8794002d7a951fd336aaf4ed1166cb459df70218c571ba1c40b028234505e5477effff26af8812c2fbb8785a223fce0a0601c2a3b58bea8c6216eadabcabe86ab46e4cd3d58ef7ce8d3c4b0bc5952e81dfc0a490d8568db6f9c51fe703c6864fae0053d2f91f49e977cdc1962dbc28c29471a72199862bc8fc6e211d13d8579cab4fba94b2b613c9b8148d05e0690a4c4ab35aabc45801d2b82081e62b23a01b58b1ffb624f63ad2246796796160cd3682374364edac52f1becb7c6eff50823b75fb2ef516ec4ec1cb20a2535b504502d744f2099674e58f2c117c980cf0d041c8e45c4f166bab4aa5ed200ef4dcff96f7c9c1ab8c22db0f439b23b04bcd41ffc3a0e01976ca1cf43e12d7d72f3faa4979faabd62e2dc54a980eae4d5e8c6498de331c3aba1144ef1190ea6cda641d9416c4560cab2d819eac7b04c70f141754c3ffd79da363fe8859afee531710caf1b2bf5a51142f4755cbb700c28083525a9093790096cb93417f1216000000000000000000000000000040ceb244e4cae2b65a36d41793aabccd3d0c50486eae6793e1f54814a8ee2779c14ca94759266200229b58c12279817869e831cade7b09ddffffff9d93e2ad25eed43c0b9ee4fd209b5b919a42f676b9d7236fc8dd5040899d0676291407ce9ac8101dd3512f5b3ac8cf8179d1749de324000030d0f942ec4604c28d5c287d1435956784003a53eb5f0436ead88d7acf0166dbd9f30a9b259c8a9b9faf1356faf269cded935b07863e4fdad8aab52686c81babd1c08f6700a2fadd413443022ea5c774ffefdd426abed08d437a4db48611fc82a18ab9f54758a1aad86d95cd186ceb55fafa3930090467b8b7bb8ae7e1c8b4b4106a381cb67fdb86def4de2076dc538bb97502b4b4350e633dc0a53c2fc9a01bc5cfae0245f1fab843c633446f5f3a43226109b7dafe7815773bd6969f04cbe15236b90000000000000000000000000000000000000000000000000000ff0779b9c0057addb2efe11b8b3a706569f1522b57d71bb0beccab7c8fe9e1330b2f501b2ac3cfe9e2f505e833217557abb257d61a73a758543651b250f8d8ef9c8481bb28a137d15040b0181c28dfad7c17b30c452a64c43a117cb948247c33abc765a6ba695c3cea5e32a4d11c9b4be91c60932bae2dcbec2ff4268e03aad15efc6004e6b3d7f0edf8b5d4ae7846a6d43c16c90b7c5dc13ac2ff0439ab693498964cad2bb533bcd240778b7e49145c48efde42b44c01517f1a7c7707b4c4fc0900e7086ec40354504590696282286db9030f0320e2fcba8723939005347b3c99e3f1310d41ab328c1f351b3f744ff1973431000000000000000000000000000000000000003495d69aaf9a1d83e83511a3bf44fe753b8ad83bc34ea4d46b397e000fd267c50122aa5aaf8474ec2e57d960d963900bef84a4b3c7dd01ae4d6b5522aa8a35ae7996e298bcfe3f31a34e3e12c58cf172a4d3677a67b52041ec21ae8003aa1c9969178b1b00e4d12ac9741fd788fb6260ec043c013907523c77f8acc20b9e2fd224ca8f21fab2b10991881e0a12f4e1c4f54b9ca7c9a0c8298d60b8b6eaa023418992d6d62b0e9faca4a3b3a845e859137cd933ef5eb8db16f159f32505725da51414562d064b551246dacd58023fed3c087bb52ae4bc09f3846c785d1b278e661ed01fbc2415288bc9c808c4aef648d431b3029da0dec8886c3ee9cad996843d00a3b5eb54e270dd2e96c8f2fdb4c27c2d1bd467f2a14867dec67730d8a68329839d9feff688dfbe25c73f936338e7b057980da58a6303d95f17712d667d5a1066ae457ae32925ce658b559c1182a74e267da57fe25b19153f1cdebaddf3f7a3479c09f2303dff449c0513b152a75ed48215cc31264a6ff648a95daa0d599dbce303b3b5307572df30429a3b4b115cab0a018f2501272048dd9e69877535e20078e7c28a98f26ace7a266bdc15ce904f25ec7fb2434ee7b5b69bed702ba1e7ed72942f452f1a98a2d949450091075efa823b11f5f5eccd921c04c7c15a5a05750cd85b1300fc00ce275de7559e117f87cb6c3c9a4b9f96149e3fcffa44d7000000000000000000d43d07d546acb7009c0c4f6e57b8577d2113bfca1939b9bf757265e175c1863a7c8d7640675830dc11d5d59546daf2385a7074f770c8333b21e2fb660141bc4f1ed45f703da6ac2557ab6952bd0c300000000000000000005b44bff4e3966fdfc9b720412bec09936b08e440c774e222dbd9a323a889f295e5d3bae64fc48ba123668e6a0be1e732aa5e2a0d4373a0b76d84f018d45bdf6f12d6d5d23a0331c3ae5e99a2bcdb52386135ea15890007e1cba5e52a04971139272012ae5542ba109a9d2f49798ce2fc6f639735e0222cd08075418239042bfe47c363973d3245ce507e838dfd90ae442a96fa1343029be56de31c2eff226c05f0ae3dbe2281e7bc02db39342d5b54ad3616733a5aa7753613423a0c4d2844a6e08fa5b76e18f7e24e967f6f83c546718d0f20959376427cdd449a4be3d75fd3e51e1b7f8690855af8eddbd3fd556b4460d0091e3623933f1a11db14aea54af6c49725bfa51fed222dc379995f48b1aab94441767c8bccbfd966d814715203bd8f549cd57d6a87295bf16aa25fb4e7fcaa8cec5e5c03b0095861bf2fed70ffb46bbb78ba90ca272ead9b3d2959fd9dbaabd1d51a60b474cef4c700faf718b810e4d3527a4663ee9fbc0000000000000000000000000000000000000000000000000061abf7a66b7b3f57ff830000"], &(0x7f0000000340)='GPL\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000780)={r5, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000040)="5aee41dea43e63a3f7fb7f11c72b", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

2.636468959s ago: executing program 1 (id=587):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = socket$inet(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000040)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_JOIN_IBSS(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000440)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01010000009e2fb09d258cc9f2000013e36b08d954090000042b", @ANYRES32=r4, @ANYBLOB="04002a00050034007a000000"], 0x28}}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r5=>0x0})
sendmsg$NL80211_CMD_START_NAN(r0, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x38, r1, 0x2, 0x70bd26, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r5}, @val={0xc, 0x99, {0x6f9, 0x21}}}}, [@NL80211_ATTR_BANDS={0x8, 0xef, 0x2}, @NL80211_ATTR_BANDS={0x8, 0xef, 0x8}]}, 0x38}}, 0x40884)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a00000000000000000000000000000500010073797a30000000003c000000090a000000000007000000000000000008000a40000000000900020073797a32000000000900010073797a300000000008000540000000003c0000000e0a00000000000000000000000000000900020073797a32000000000900010073797a3000000000100003800c00008008000180040003"], 0xc0}}, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="2c0000003b0007010000000000000000027c00000400000014000180060006008847000008001c"], 0x2c}}, 0x0)
r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_802154(r7, 0x8933, &(0x7f0000000400)={'wpan1\x00', <r8=>0x0})
r9 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000580), 0xffffffffffffffff)
ioctl$SIOCX25SCALLUSERDATA(0xffffffffffffffff, 0x89e5, &(0x7f0000000480)={0x6c, "fee451ddb5180048f316e3433eda8be330b875116e922e9661224a394d950a707f86ebb709f593de26499003859ce2f8ff6f3658d11b20b3d7c3f7e100a35ebefe168613eea4a8112af68ea647c6bf25546210e1911c14fba212d4fd60d327f9f6ac2c83291875472df8784f4ac667852d977d6fdc986cfa51c93ab14030c599"})
sendmsg$NL802154_CMD_SET_SEC_PARAMS(r7, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000600)={&(0x7f00000005c0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="010000000000000000001500000008000300", @ANYRES32=r8, @ANYBLOB='\b\x00*'], 0x2c}}, 0x0)
r10 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000340), 0xffffffffffffffff)
sendmsg$IEEE802154_ADD_IFACE(r7, &(0x7f0000000400)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x1c, r10, 0x8, 0x70bd2b, 0x25dfdbfd, {}, [@IEEE802154_ATTR_DEV_TYPE={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000001}, 0x1)

2.636083628s ago: executing program 3 (id=588):
r0 = openat$vimc0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000140)={0x0, 0xa, 0x2})
syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB="0405"], 0x7)
socket(0x0, 0x0, 0x0)
syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x12}, @l2cap_cid_le_signaling={{0xe}, @l2cap_le_conn_rsp={{0x15, 0x3, 0xa}, {0x5, 0x6, 0x8, 0x8, 0x1}}}}, 0x17)
r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r1, 0x3b81, &(0x7f0000000080)={0x19, 0x0, <r2=>0x0})
r3 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r3, 0x3b81, &(0x7f0000000200)={0x15})
ioctl$IOMMU_IOAS_MAP$PAGES(r1, 0x3b85, &(0x7f00000000c0)={0x28, 0x7, r2, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000})
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(0xffffffffffffffff, 0x3ba0, &(0x7f00000001c0)={0x48, 0x5, 0x0, 0x0, <r4=>0xffffffffffffffff, 0x1})
r5 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r5, 0x3ba0, &(0x7f00000004c0)={0x48, 0x7, r4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x23b3b6})
r6 = dup3(r1, r5, 0x0)
r7 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r3, 0x3ba0, &(0x7f0000000240)={0x48, 0x7, r4, 0x0, 0x10001, 0x0, 0x0, 0x0, 0xa194f})
ioctl$IOMMU_IOAS_ALLOC(r7, 0x3b81, &(0x7f00000002c0)={0xc, 0x0, <r8=>0x0})
ioctl$IOMMU_IOAS_UNMAP$ALL(r6, 0x3b86, &(0x7f0000000180)={0x18, r8})
r9 = fspick(0xffffffffffffffff, &(0x7f0000000100)='./file0\x00', 0x0)
fsconfig$FSCONFIG_SET_FD(r9, 0x5, &(0x7f0000000240)='/de4\x12O\x8e\x9cv/q-\xa8\xb7t\xb5\xbe;\xe2\x028s;\xfa\xb7N\xd1\xdd\xfc\x1c2\xd7^\x82\xcfM\xab\xb8\xb7\x93\xce\xfc\xb8\xad@\xd2c6\x88\x16gX}\xa4\xceO\xf7a\xd7d\xb2\x89Q$\xbf\x98\xfa\x8b\xf1\xc7\xd5\x00\xcdi\x8aT\xfd|\xe0', 0x0, 0xffffffffffffffff)
ioctl$IOCTL_VMCI_VERSION(0xffffffffffffffff, 0x79f, 0x0)
r10 = memfd_secret(0x0)
r11 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
r12 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r13=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r13, 0x8933, &(0x7f0000000080)={'bridge0\x00', <r14=>0x0})
sendmsg$nl_route(r12, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=@delneigh={0x2c, 0x1d, 0x1, 0x70bd2d, 0x0, {0x7, 0x0, 0x0, r14}, [@NDA_NH_ID={0x8, 0xd, 0x5}, @NDA_VLAN={0x6, 0x5, 0x1}]}, 0x2c}}, 0x0)
fcntl$dupfd(r11, 0x0, r10)

2.634390845s ago: executing program 1 (id=589):
r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x0, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f0000000140)={0x1, @pix_mp={0x0, 0x0, 0x34324152}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r2, &(0x7f0000000480)={0x2, 0x4e23, @multicast1}, 0x10)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)={0x4c, 0x2, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8, 0x8, 0x1, 0x0, 0x10}]}, @IPSET_ATTR_TYPENAME={0x10, 0x3, 'hash:ip,mac\x00'}, @IPSET_ATTR_REVISION={0x5}]}, 0x4c}}, 0x0)
sendto$inet(r2, 0x0, 0x0, 0x200007fd, &(0x7f0000000000)={0x2, 0x24e23, @loopback}, 0x10)
sendmsg$inet(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000180)='/', 0x1}], 0x1}, 0x0)
recvmmsg(r2, &(0x7f00000005c0), 0x40000000000026c, 0x0, 0x0) (fail_nth: 1)
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$ETHTOOL_MSG_COALESCE_SET(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="9a7b87af", @ANYRES16=0x0, @ANYBLOB="010000000000000000001400000005000b00010000000800100001000000"], 0x24}}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bind$tipc(0xffffffffffffffff, &(0x7f0000000100)=@name={0x1e, 0x2, 0x0, {{0x42}}}, 0x10)
r4 = syz_io_uring_setup(0x5a8, &(0x7f0000000380)={0x0, 0x4, 0x10}, &(0x7f0000000340), &(0x7f00000002c0))
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f00000004c0)})
io_uring_enter(r4, 0x567, 0x0, 0x0, 0x0, 0x0)
setsockopt$TIPC_GROUP_JOIN(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000180), 0x10)
sendmsg$tipc(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x20d302, 0x0, 0x0, 0x0, 0x45}, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080))
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r5, 0x8933, &(0x7f0000000100))
getsockname$packet(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f00000001c0)=0x14)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000380)={'ip6gre0\x00', &(0x7f0000000300)={'syztnl1\x00', 0x0, 0x29, 0x4, 0x7f, 0x1, 0xafc670265c93db6f, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x10, 0x8000, 0x9f6, 0xfffffffa}})

2.564924069s ago: executing program 3 (id=590):
r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x0, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f0000000140)={0x1, @pix_mp={0x0, 0x0, 0x34324152}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r2, &(0x7f0000000480)={0x2, 0x4e23, @multicast1}, 0x10)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)={0x4c, 0x2, 0x6, 0x301, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_MARK={0x8, 0xa, 0x1, 0x0, 0x6}]}, @IPSET_ATTR_TYPENAME={0x10, 0x3, 'hash:ip,mac\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}]}, 0x4c}}, 0x0)
sendto$inet(r2, 0x0, 0x0, 0x200007fd, &(0x7f0000000000)={0x2, 0x24e23, @loopback}, 0x10)
sendmsg$inet(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000180)='/', 0x1}], 0x1}, 0x0)
recvmmsg(r2, &(0x7f00000005c0), 0x40000000000026c, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$ETHTOOL_MSG_COALESCE_SET(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x41, &(0x7f00000001c0)={&(0x7f0000000280)=ANY=[@ANYRES16=r2, @ANYRESHEX=r3, @ANYRESHEX=r2], 0x24}}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bind$tipc(0xffffffffffffffff, &(0x7f0000000100)=@name={0x1e, 0x2, 0x0, {{0x42}}}, 0x10)
r4 = syz_io_uring_setup(0x800005a8, &(0x7f0000000400)={0x0, 0x4, 0x2, 0xffffffff}, &(0x7f0000000040), &(0x7f00000002c0))
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f00000004c0)})
io_uring_enter(r4, 0x567, 0x0, 0x0, 0x0, 0x0)
setsockopt$TIPC_GROUP_JOIN(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000180), 0x10)
sendmsg$tipc(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x20d302, 0x0, 0x0, 0x0, 0x45}, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080))
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r5, 0x8933, &(0x7f0000000100))
getsockname$packet(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f00000001c0)=0x14)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000380)={'ip6gre0\x00', &(0x7f0000000300)={'syztnl1\x00', 0x0, 0x29, 0x4, 0x7f, 0x1, 0xafc670265c93db6f, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x10, 0x8000, 0x9f6, 0xfffffffa}})

2.024045691s ago: executing program 2 (id=591):
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="54000000190001"], 0x54}}, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
syz_emit_vhci(&(0x7f0000005200)=ANY=[@ANYBLOB="040000472300000000"], 0x9)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0)
r2 = eventfd(0xa)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000540)={0x0, 0x0, 0x0, &(0x7f0000000580)=""/122, 0x0, 0x3000})
ioctl$VHOST_SET_LOG_FD(r1, 0x4004af07, &(0x7f0000000740)=r2)
ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74})
ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000ac0)={0x2, 0x0, [{0x1, 0x1000, &(0x7f0000000cc0)=""/4096}, {0x0, 0x5, &(0x7f0000000240)=""/5}]})
ioctl$VHOST_VSOCK_SET_RUNNING(r1, 0x4004af61, &(0x7f0000000000)=0x20000)
r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000780)={0x2, 0x4, 0x8, 0x1, 0x80, r0, 0x10000000, '\x00', 0x0, 0x0, 0x8000, 0x5}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0xd, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bf8100000000000007080000f8ffffffbfa400000000000007040000f0ffffffb702000008000000182100", @ANYRES32=r3, @ANYBLOB="0000000002000000b70500000800000085000000aa00000095"], &(0x7f0000000300)='GPL\x00', 0x9}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_emit_vhci(&(0x7f0000002540)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x5}, @hci_rp_le_read_resolv_list_size={{0x9}, {0x5, 0x3}}}}, 0x8)
gettid()
inotify_init1(0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_SET_STATION(r4, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)={0x30, r5, 0x1, 0x0, 0x0, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_STA_SUPPORTED_CHANNELS={0x6, 0xbd, [0x0]}]}, 0x30}}, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48)
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000500)={0x0, @multicast1, @initdev}, &(0x7f00000006c0)=0xc)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0}, 0x90)

1.746751646s ago: executing program 0 (id=592):
r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x0, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f0000000140)={0x1, @pix_mp={0x0, 0x0, 0x34324152}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r2, &(0x7f0000000480)={0x2, 0x4e23, @multicast1}, 0x10)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)={0x4c, 0x2, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8, 0x8, 0x1, 0x0, 0x10}]}, @IPSET_ATTR_TYPENAME={0x10, 0x3, 'hash:ip,mac\x00'}, @IPSET_ATTR_REVISION={0x5}]}, 0x4c}}, 0x0)
sendto$inet(r2, 0x0, 0x0, 0x200007fd, &(0x7f0000000000)={0x2, 0x24e23, @loopback}, 0x10) (fail_nth: 1)
sendmsg$inet(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000180)='/', 0x1}], 0x1}, 0x0)
recvmmsg(r2, &(0x7f00000005c0), 0x40000000000026c, 0x0, 0x0)

1.271042638s ago: executing program 3 (id=593):
socket$can_j1939(0x1d, 0x2, 0x7)
syz_open_dev$tty1(0xc, 0x4, 0x1)
syz_io_uring_setup(0x82e, 0x0, 0x0, 0x0)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00'})
r1 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000080)=@generic={&(0x7f0000000a40)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x4}, 0x18)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x8004, 0x8000, 0x18c0, r1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x8000002}, 0x48)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r2, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c)
r3 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r3, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @loopback}, 0x400000}, 0x1c)
connect$inet6(r3, &(0x7f0000003e40)={0xa, 0x0, 0x0, @empty, 0xe0}, 0x1c)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x5, &(0x7f0000000000)=ANY=[@ANYRES32=r1], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='netlink_extack\x00', r4}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='hugetlb.2MB.rsvd.usage_in_bytes\x00', 0x275a, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER(0x3, 0x0, 0xffffffffffffffff)
write$RDMA_USER_CM_CMD_QUERY_ROUTE(0xffffffffffffffff, 0x0, 0x0)
write$binfmt_script(r5, &(0x7f0000000140), 0x208e24b)
r6 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r6, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'cryptd(crct10dif-generic)\x00'}, 0x58)
r7 = accept4(r6, 0x0, 0x0, 0x0)
sendfile(r7, r5, 0x0, 0x7ffff000)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x1}, 0x48)

1.06650309s ago: executing program 1 (id=594):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
stat(&(0x7f0000000000)='./file0\x00', &(0x7f00000001c0))
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
socket$nl_xfrm(0x10, 0x3, 0x6)
r2 = socket(0xa, 0x3, 0x9)
getsockopt$bt_BT_SECURITY(r2, 0x29, 0x42, 0x0, 0x20000000)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, 0x0, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000b40)={0x11, 0x8, &(0x7f0000005c00)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546000677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289d01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5467a932b77674e802a0d42bc6099ad238af770b5ed8925161729298700000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3ac3209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b135ab6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809b5b9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed3957f813567f7a95435ac15fc0288d9b2a169cdcacc413b48dafb7a2c8cb482bac0ac559eaf39027ceb379a902d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385beef3282830689da6b53b263339863297771429d120000003341bf4abacac94500fca0493cf29b33dcc9ffffffffffffffd39f6ce0c6ff01589646efd1cf870cd7bb2366fdf870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1293b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd000c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c7df8be5877050c91301fb997316dbf17866fb84d4173731efe895ff2e1c55ef08235a0126e01254c44060926e90109b598502d3e959efc71f665c4d75cf2458e3542c9062ece84c99a861887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc74aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7ad333545794f37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f4df90400000000000000d6b2c5ea139376f24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8e3070000001e48418046c216c1f895778cb25122a2a998de0842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec84ac3571f02f647b3385b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba2f58ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df986741517abf11389b751f4e109b60000000000000000d6d5210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750890ae71555b3228b1bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e7a45319f18101288d139bd3da230ed05a8fe64680b0a3f9f2dd704e4214de5946912d6c98cd1a9fbe1e7d58c08acaf30235b9100000000a55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854356cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c776f4b4ce07e1c6fa66fcfc7a228805f76785efc0ceb1c8e5729c66418d169fc03aa18854693ad2a182068e1e3a0e2505bc7f41019645466ac96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a428f1da1f68df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7e478950aa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab848753203b458b97ec1afb079b4b4ba686fcdf240430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7db3c4be290159f6bcd75f0dda9de5532e71ae9e48b0ed1254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6c30ebc660309e1e245b0fdf9743af932cd6db49a47613808bad959719c0000000000378ac2e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6ca0400966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e3030108000000000000c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bffef97dcecc467ace456597685c5870d25f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4cba6e6390a9f302c6eb2df7766411bef0ebb5000000000006065d6735eb7a00e127c0000000000000000000000bfb0bba79344643b1d8daa9f38e4b62c1e2af68c6f5054b078acd74b4a9c944e4505da485a3a4154387a0a88372091cd397b09c5888a06431df3f68abf0b366c4d5f8bea7b29c257ed756dff7a21c6b661cbdd43de65afd7f661d5c84f915c90e3d6ea012b68b787eb01d8320000000000000060176dacba0ec503a37fae6b472ec369c79ee6a420c0fd8d8d82fe136d5af6c30bfeb0a7275babfdb96a127aa9386e0671c6454245a18c1c8c49552cff5d27b547cdc34c0858c77a47a9ff86ee9fbd9ceda428716a4218821176d8067997527230fa67d26950d3e4f2750fa7c872874ad3a2d11f9f6eb08e6d7b6fa257b04d8ce36360f524e3dfd2211641f3d2637d86b80681eca50ce0eecafdd22d41fa515c15591e70ded4b70efac3cb42fb352d82e8f7573e8ed8248da356fa91a252976d3a4d8c1843a8d5bb7f5f1028453a0562a3ea93117076dd4940b7df50d78289fe66197525f6095f8662d232970bef61b03fa83027963a1a2e07cfee30c0d0b4c5877f93b3637ca21eab5afcf5d4638dfe8f9202aaad51c979049dd76d65368cbd4187d9f74257c7c4a23ac4a34eec5aa17e78c5167216f5e72138d20f8325dd5f8f96c32189c904eaef580987f1ce601a7cdc35461db9981ac42f9e24b0699bbe4e3d986e38952b0b7938eefd9e7a292bbb66367ad77045fdc18855c81c031dedd185c723238373fc698d676791d04f1ff5f0825a6619e844882f31ed190233d58ecee949e310bf2b1a51b8a33ae65a06d2b6ad386bf8dc49dd328bcd75d1843a13d68560175a18af7efc3c0f20e32f84f6aaaf000000000000000000000013a6c66bce74a8fb9092023df695da2714a7933d699d42de2bc4a85e0a0e22228290a7a7553ab93a16e42453ed86869a02df2f47d4088fac1772d3cd955c81cbf91c2ca7942942f61723b558079b82547844f92df2499c4b2c2ef2539e5daa8d8727baaa6b5755e6f83bbfca00000000000000000000007925d0f1256330b9e2aa9a18cea8e009116f63c6c7d8f7f95bf0f6731e5eb1dcdc534f357b9f08e7a9a3aebeca145d695053b5bef004ca24e6c57ed10f01488d38b8b0b68d93e3cf630837915d518fde2115e66615786fe7b9216de958119cf762cac77ac829a02f48e72c0d2841880b2c"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xffffffffffffff7e}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
r4 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$IP_VS_SO_SET_ADD(r4, 0x0, 0x482, &(0x7f0000000000)={0x6, @local, 0x0, 0x0, 'lc\x00'}, 0x2c)
setsockopt$IP_VS_SO_SET_ADD(r4, 0x0, 0x483, &(0x7f0000000000)={0x6, @local, 0x0, 0x0, 'none\x00'}, 0x2c)
r5 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000080)={'veth0_to_bridge\x00'})
write(0xffffffffffffffff, &(0x7f0000000040)="2700000014000707030e0000120f0a0011000100f5fe009d2fb112ff000000008a151f75080039", 0x27)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x10, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008009776b704000000000000850000003300000018110000"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000001080)={0x0, 0x0, 0x0, {0x0, 0x1}, {0x62, 0x2}, @cond})
r6 = syz_open_dev$evdev(&(0x7f00000000c0), 0x1, 0x842b01)
write$char_usb(r6, &(0x7f0000000040)="e2", 0x2250)
mknod$loop(&(0x7f0000000040)='./file0\x00', 0xfff, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0)
syz_usb_connect(0x0, 0xb, &(0x7f0000000300)=ANY=[@ANYBLOB="000000004e7de000e90f00dbd6510102030109021200010000000009040000007a8ab9000419e4a8ade39bef855ad018327c70a2a9f38af488d501b13bde2617fd5c7987f984a74e70f254bbd9a0da1c2f8e49956bd44bec78bdba1d7b4693730aaf4c7d86cd538d500c7b05323d9953433525e02ed1da"], 0x0)
r7 = socket$inet6(0xa, 0x2, 0x0)
bind(r7, &(0x7f0000000000)=@hci={0xa}, 0x80)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000980)={'wlan1\x00', <r8=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000001280)={0x44, r1, 0x81d, 0x0, 0x0, {{}, {@val={0x8, 0x3, r8}, @void}}, [@NL80211_ATTR_FRAME={0x1e, 0x33, @disassoc={{{}, {}, @device_b, @device_a, @random="b27bcb305b01"}, 0x0, @void}}, @NL80211_ATTR_DURATION={0x8, 0x57, 0x4400}]}, 0x44}}, 0x0)

961.292079ms ago: executing program 2 (id=595):
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, 0x0)
r0 = getuid()
getuid()
r1 = getuid()
getpgid(0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000007040)=[{&(0x7f0000000440)=ANY=[@ANYRESHEX=r1, @ANYBLOB="1d6b31046329b01768921007dd3220137ce65c7afdffffffffffffffd9daf0e9b4d0e33855698e74c9b9b71796", @ANYRES64=r0], 0x10}], 0x1, &(0x7f0000000280)=ANY=[], 0x7}, 0x0)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000001240)={0xffffffffffffffff, 0xffffffffffffffff, 0x10, 0x0, @void}, 0x10)
inotify_init1(0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x2, &(0x7f0000000340)=ANY=[@ANYBLOB="1801001f99efe24f18f785004b64ffec850000006d000000670000000500000095741e1a17ef2e7e189959c180bf1fcba0d67a8084562751f740ff471e079d11dc84fb0f965bf9faff43ce5f559cfcf138a1f77392f80ccf3c6e7a9ce1ead62d683a0b0300000000000000732d60a1197b40af843fc770aca2c727609e4af3ed2685c9e31d731f0e830dc809c9b0e8944a50efa161cff944a28b02bf27e83b908774caeeb35c0b92e117ff35aba18777c3e1c8c6829cebd83d7beb62e537140307dc0154839d0391761e2f795b1a2e0dc6a8b97551b97c7f910a6c791a14e4"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0xfffffffffffffdbc)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000240)='net_dev_start_xmit\x00', r3}, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
mq_unlink(&(0x7f00000000c0)='\x00')
ioctl$VIDIOC_S_TUNER(r4, 0x4054561e, &(0x7f0000000340)={0x0, "80b937610437579e8f437a0d708660470a2a1a6dd16c9b375b1b08e6fb4f9458", 0x0, 0x0, 0x4})
r5 = getpid()
process_vm_readv(r5, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
open(0x0, 0x480, 0x0)
unshare(0x22020400)
openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
socket$kcm(0x2, 0xa, 0x2)
r6 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IMADDTIMER(r6, 0x80044940, &(0x7f0000000080)=0x14)
r7 = socket$phonet_pipe(0x23, 0x5, 0x2)
ioctl$IMADDTIMER(r6, 0x80044940, &(0x7f0000000040)=0x14)
dup3(r7, r6, 0x0)
socket$igmp6(0xa, 0x3, 0x2)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f00000002c0)={'syzkaller1\x00'})

481.663117ms ago: executing program 3 (id=596):
socket$nl_route(0x10, 0x3, 0x0)
socket(0xa, 0x806, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_TRIGGER_SCAN(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r3, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_SCAN_FLAGS={0x8, 0x9e, 0x800}]}, 0x24}}, 0x0)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000340)={'wlan1\x00', <r6=>0x0})
r7 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_ipv6_tunnel_SIOCCHG6RD(r7, 0x89fb, &(0x7f0000000100)={'sit0\x00', &(0x7f00000000c0)={@loopback, @rand_addr=0x64010100, 0xf, 0x3}})
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r0, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000080)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r5, @ANYBLOB="110200000000000000003900000008000300", @ANYRES32=r6], 0x1c}}, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f00000008c0)=ANY=[@ANYBLOB="88008000080211000001080211000000505050505050d0ffeb"], 0x28)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f0000000980)={'wlan1\x00', <r10=>0x0})
sendmsg$NL80211_CMD_FRAME(r8, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000001280)={0x3c, r9, 0x81d, 0x0, 0x0, {{}, {@val={0x8, 0x3, r10}, @void}}, [@NL80211_ATTR_FRAME={0x1e, 0x33, @disassoc={{{}, {}, @device_b, @device_a, @random="b27bcb305b01"}, 0x0, @void}}]}, 0x3c}}, 0x0)
r11 = socket$nl_xfrm(0x10, 0x3, 0x6)
recvmsg(0xffffffffffffffff, &(0x7f0000000bc0)={0x0, 0x0, 0x0}, 0x0)
r12 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r12, 0x84, 0x1f, 0x0, 0x0)
sendmsg$nl_xfrm(r11, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000007c0)=ANY=[@ANYBLOB="9801000016003d1d27bd7000000000fdffffffffffffff000080ffffe0000002fe8000000000000000aa00"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ac1e00010000000000000000000000000000000033"], 0x1d8}}, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="020a00026e8937c40000000000000000"], 0x10}}, 0x0)
r13 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_tx_ring(r13, 0x107, 0xd, &(0x7f0000000380)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c)
ioctl$sock_SIOCGIFINDEX(r13, 0x8933, &(0x7f0000000000)={'veth0_macvtap\x00'})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000001000000000000000095", @ANYBLOB="c954ff8c17eacf8aedbe7e627d944c"], &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x74, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffcf4}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='xprtrdma_post_linv_err\x00', r11}, 0x10)

351.677709ms ago: executing program 1 (id=597):
socket$can_j1939(0x1d, 0x2, 0x7)
syz_open_dev$tty1(0xc, 0x4, 0x1)
syz_io_uring_setup(0x82e, 0x0, 0x0, 0x0)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00'})
r1 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000080)=@generic={&(0x7f0000000a40)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x4}, 0x18)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x8004, 0x8000, 0x18c0, r1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x8000002}, 0x48)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r2, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c)
r3 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r3, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @loopback}, 0x400000}, 0x1c)
connect$inet6(r3, &(0x7f0000003e40)={0xa, 0x0, 0x0, @empty, 0xe0}, 0x1c)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x5, &(0x7f0000000000)=ANY=[@ANYRES32=r1], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='netlink_extack\x00', r4}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='hugetlb.2MB.rsvd.usage_in_bytes\x00', 0x275a, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER(0x3, 0x0, 0xffffffffffffffff)
write$RDMA_USER_CM_CMD_QUERY_ROUTE(0xffffffffffffffff, 0x0, 0x0)
write$binfmt_script(r5, &(0x7f0000000140), 0x208e24b)
r6 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r6, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'cryptd(crct10dif-generic)\x00'}, 0x58)
r7 = accept4(r6, 0x0, 0x0, 0x0)
sendfile(r7, r5, 0x0, 0x7ffff000) (fail_nth: 1)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x1}, 0x48)

26.674746ms ago: executing program 1 (id=598):
r0 = openat$vimc0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000140)={0x0, 0xa, 0x2})
syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB="0405"], 0x7)
socket(0x0, 0x0, 0x0)
syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x12}, @l2cap_cid_le_signaling={{0xe}, @l2cap_le_conn_rsp={{0x15, 0x3, 0xa}, {0x5, 0x6, 0x8, 0x8, 0x1}}}}, 0x17)
r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r1, 0x3b81, &(0x7f0000000080)={0x19, 0x0, <r2=>0x0})
r3 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r3, 0x3b81, &(0x7f0000000200)={0x15})
ioctl$IOMMU_IOAS_MAP$PAGES(r1, 0x3b85, &(0x7f00000000c0)={0x28, 0x7, r2, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000})
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(0xffffffffffffffff, 0x3ba0, &(0x7f00000001c0)={0x48, 0x5, r2, 0x0, <r4=>0xffffffffffffffff})
r5 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r5, 0x3ba0, &(0x7f00000004c0)={0x48, 0x7, r4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x23b3b6})
r6 = dup3(r1, r5, 0x0)
r7 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r3, 0x3ba0, &(0x7f0000000240)={0x48, 0x7, r4, 0x0, 0x10001, 0x0, 0x0, 0x0, 0xa194f})
ioctl$IOMMU_IOAS_ALLOC(r7, 0x3b81, &(0x7f00000002c0)={0xc, 0x0, <r8=>0x0})
ioctl$IOMMU_IOAS_UNMAP$ALL(r6, 0x3b86, &(0x7f0000000180)={0x18, r8})
r9 = fspick(0xffffffffffffffff, &(0x7f0000000100)='./file0\x00', 0x0)
fsconfig$FSCONFIG_SET_FD(r9, 0x5, &(0x7f0000000240)='/de4\x12O\x8e\x9cv/q-\xa8\xb7t\xb5\xbe;\xe2\x028s;\xfa\xb7N\xd1\xdd\xfc\x1c2\xd7^\x82\xcfM\xab\xb8\xb7\x93\xce\xfc\xb8\xad@\xd2c6\x88\x16gX}\xa4\xceO\xf7a\xd7d\xb2\x89Q$\xbf\x98\xfa\x8b\xf1\xc7\xd5\x00\xcdi\x8aT\xfd|\xe0', 0x0, 0xffffffffffffffff)
ioctl$IOCTL_VMCI_VERSION(0xffffffffffffffff, 0x79f, 0x0)
r10 = memfd_secret(0x0)
r11 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
r12 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r13=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r13, 0x8933, &(0x7f0000000080)={'bridge0\x00', <r14=>0x0})
sendmsg$nl_route(r12, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=@delneigh={0x2c, 0x1d, 0x1, 0x70bd2d, 0x0, {0x7, 0x0, 0x0, r14}, [@NDA_NH_ID={0x8, 0xd, 0x5}, @NDA_VLAN={0x6, 0x5, 0x1}]}, 0x2c}}, 0x0)
fcntl$dupfd(r11, 0x0, r10)

23.044576ms ago: executing program 0 (id=599):
r0 = syz_io_uring_setup(0x2, &(0x7f0000000080)={0x0, 0x0, 0x40}, &(0x7f0000002500), &(0x7f0000002540))
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00')
fchdir(r1)
mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0)
r2 = inotify_init1(0x0)
fcntl$setown(r2, 0x8, 0xffffffffffffffff)
fcntl$getownex(r2, 0x10, &(0x7f0000000140)={0x0, <r3=>0x0})
r4 = syz_open_procfs(r3, &(0x7f0000000600)='fd/4\x00')
fchown(r4, 0xffffffffffffffff, 0x0)
r5 = socket$l2tp6(0xa, 0x2, 0x73)
sendmmsg$inet6(r5, &(0x7f0000001e40)=[{{&(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1}, 0x1c, 0x0, 0x0, &(0x7f0000000240)=[@hoplimit={{0x14}}, @dontfrag={{0x14}}], 0x30}}], 0x1, 0x0)
clock_gettime(0x0, &(0x7f00000001c0)={<r6=>0x0, <r7=>0x0})
mq_timedreceive(r4, &(0x7f0000000340)=""/235, 0xeb, 0x6, &(0x7f0000000500)={r6, r7+60000000})
r8 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r8, 0x800448f0, &(0x7f00000000c0)={0x0, 0x1, "a686cf"})
r9 = socket$netlink(0x10, 0x3, 0x0)
r10 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r10, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x24}}, 0x0)
getsockname$packet(r1, &(0x7f0000000200)={0x11, 0x0, <r11=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0x14)
syz_open_dev$video4linux(&(0x7f0000000140), 0x1000, 0x400202)
sendmsg$nl_route(r9, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r11, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0)
sendmsg$nl_route_sched(r10, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000480)=@newqdisc={0x64, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r11, {0x3}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x38, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{}, {}, 0x0, 0x10000}}, @TCA_TBF_RATE64={0xc, 0x4, 0xa92c8ccfe08dc33}]}}]}, 0x64}}, 0x0)
r12 = socket(0x10, 0x803, 0x0)
r13 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r12, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
getsockname$packet(r12, &(0x7f0000000000)={0x11, 0x0, <r14=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r13, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=ANY=[@ANYRES32=r14, @ANYBLOB="ba03d389e36d10e7f7a4049f6ec782cedda2140012410400000000000000805ab8e134"], 0x34}}, 0x0)
sendmsg$nl_route_sched(r9, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000640)=@delqdisc={0x17c, 0x25, 0x300, 0x70bd2c, 0x25dfdbfd, {0x0, 0x0, 0x0, r14, {0xfff3, 0x3}, {0x4, 0xa}, {0xffe0, 0xd}}, [@qdisc_kind_options=@q_rr={{0x7}, {0x18, 0x2, {0x7, "44c1b7c1ca8a127535a6cf2ed7caa1c1"}}}, @TCA_EGRESS_BLOCK={0x8, 0xe, 0x7fff}, @TCA_EGRESS_BLOCK={0x8, 0xe, 0x1000}, @TCA_EGRESS_BLOCK={0x8, 0xe, 0x6}, @TCA_STAB={0x7c, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0xa0, 0x5, 0x6, 0x1, 0x0, 0xf0000000, 0x4, 0x1}}, {0x6, 0x2, [0x4]}}, {{0x1c, 0x1, {0x4, 0xf, 0xf801, 0x3, 0x0, 0xbb2, 0x6, 0x5}}, {0xe, 0x2, [0x6, 0x3, 0x7a, 0x40, 0xfff]}}, {{0x1c, 0x1, {0x7, 0xcf, 0xb, 0x97d3, 0x0, 0x9, 0x9, 0x3}}, {0xa, 0x2, [0x1000, 0x9, 0x10]}}]}, @TCA_RATE={0x6, 0x5, {0x5, 0xd}}, @TCA_STAB={0x9c, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0xb, 0xa9, 0xf0bc, 0x10, 0x2, 0xde6, 0x1, 0x1}}, {0x6, 0x2, [0x7]}}, {{0x1c, 0x1, {0xd0, 0x2, 0x8, 0x6, 0x1, 0x58d1, 0x2, 0x1}}, {0x6, 0x2, [0xfffb]}}, {{0x1c, 0x1, {0x5, 0x2, 0x1ff, 0x2, 0x2, 0x1, 0x6ff, 0x3}}, {0xa, 0x2, [0x7, 0x8131, 0xe44f]}}, {{0x1c, 0x1, {0xef, 0xe, 0xf, 0x0, 0x160ced1d8589b869, 0x3d, 0x7, 0x3}}, {0xa, 0x2, [0xa, 0x1, 0xffff]}}]}]}, 0x17c}}, 0x0)
io_uring_register$IORING_REGISTER_RESTRICTIONS(r0, 0xb, &(0x7f0000000200), 0x0)
io_uring_register$IORING_REGISTER_IOWQ_MAX_WORKERS(r0, 0x13, &(0x7f0000000000)=[0x4, 0x9], 0x2)

0s ago: executing program 2 (id=600):
mlock(&(0x7f0000c00000/0x400000)=nil, 0x400000)
mremap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f0000fff000/0x1000)=nil)
madvise(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x17)
r0 = userfaultfd(0x80801)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000ffb000/0x2000)=nil, 0x2000}, 0x2})
ioctl$UFFDIO_WRITEPROTECT(r0, 0xc018aa06, &(0x7f0000000000)={{&(0x7f0000ffc000/0x1000)=nil, 0x1000}, 0x1})
mbind(&(0x7f0000ff9000/0x7000)=nil, 0x7000, 0x0, 0x0, 0x0, 0x3) (fail_nth: 1)

kernel console output (not intermixed with test programs):

201] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   61.386543][ T5201] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   61.391722][ T5201] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   61.441161][ T5197] 8021q: adding VLAN 0 to HW filter on device bond0
[   61.462822][ T5203] 8021q: adding VLAN 0 to HW filter on device bond0
[   61.493915][ T5197] 8021q: adding VLAN 0 to HW filter on device team0
[   61.515101][  T824] bridge0: port 1(bridge_slave_0) entered blocking state
[   61.518008][  T824] bridge0: port 1(bridge_slave_0) entered forwarding state
[   61.523644][  T824] bridge0: port 2(bridge_slave_1) entered blocking state
[   61.526391][  T824] bridge0: port 2(bridge_slave_1) entered forwarding state
[   61.593606][ T5203] 8021q: adding VLAN 0 to HW filter on device team0
[   61.616153][ T5196] 8021q: adding VLAN 0 to HW filter on device bond0
[   61.622156][ T5199] bridge0: port 1(bridge_slave_0) entered blocking state
[   61.625505][ T5199] bridge0: port 1(bridge_slave_0) entered forwarding state
[   61.645011][    T8] bridge0: port 2(bridge_slave_1) entered blocking state
[   61.648134][    T8] bridge0: port 2(bridge_slave_1) entered forwarding state
[   61.688357][ T5196] 8021q: adding VLAN 0 to HW filter on device team0
[   61.701028][    T8] bridge0: port 1(bridge_slave_0) entered blocking state
[   61.703971][    T8] bridge0: port 1(bridge_slave_0) entered forwarding state
[   61.718113][    T8] bridge0: port 2(bridge_slave_1) entered blocking state
[   61.721403][    T8] bridge0: port 2(bridge_slave_1) entered forwarding state
[   61.744834][ T5201] 8021q: adding VLAN 0 to HW filter on device bond0
[   61.799614][ T5196] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   61.826530][ T5201] 8021q: adding VLAN 0 to HW filter on device team0
[   61.838160][ T5240] bridge0: port 1(bridge_slave_0) entered blocking state
[   61.841525][ T5240] bridge0: port 1(bridge_slave_0) entered forwarding state
[   61.880440][    T8] bridge0: port 2(bridge_slave_1) entered blocking state
[   61.883488][    T8] bridge0: port 2(bridge_slave_1) entered forwarding state
[   61.896830][ T5197] 8021q: adding VLAN 0 to HW filter on device batadv0
[   61.978204][ T5197] veth0_vlan: entered promiscuous mode
[   61.983595][ T5196] 8021q: adding VLAN 0 to HW filter on device batadv0
[   62.005296][ T5203] 8021q: adding VLAN 0 to HW filter on device batadv0
[   62.035809][ T5197] veth1_vlan: entered promiscuous mode
[   62.082939][ T5197] veth0_macvtap: entered promiscuous mode
[   62.109607][ T5197] veth1_macvtap: entered promiscuous mode
[   62.121461][ T5203] veth0_vlan: entered promiscuous mode
[   62.133461][ T5203] veth1_vlan: entered promiscuous mode
[   62.141401][ T5196] veth0_vlan: entered promiscuous mode
[   62.150192][ T5196] veth1_vlan: entered promiscuous mode
[   62.168008][ T5197] batman_adv: batadv0: Interface activated: batadv_slave_0
[   62.187329][ T5201] 8021q: adding VLAN 0 to HW filter on device batadv0
[   62.198473][ T5197] batman_adv: batadv0: Interface activated: batadv_slave_1
[   62.207468][ T5197] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   62.211232][ T5197] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   62.215582][ T5197] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   62.219261][ T5197] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   62.234322][ T5196] veth0_macvtap: entered promiscuous mode
[   62.241394][ T5196] veth1_macvtap: entered promiscuous mode
[   62.247791][ T5203] veth0_macvtap: entered promiscuous mode
[   62.253250][ T5203] veth1_macvtap: entered promiscuous mode
[   62.309458][ T5196] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   62.314101][ T5196] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   62.319164][ T5196] batman_adv: batadv0: Interface activated: batadv_slave_0
[   62.325267][ T5203] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   62.329661][ T5203] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   62.334792][ T5203] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   62.338618][ T5203] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   62.343886][ T5203] batman_adv: batadv0: Interface activated: batadv_slave_0
[   62.357937][ T5196] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   62.363729][ T5196] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   62.369742][ T5196] batman_adv: batadv0: Interface activated: batadv_slave_1
[   62.382675][ T5196] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   62.387066][ T5196] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   62.390796][ T5196] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   62.394998][ T5196] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   62.400954][ T5203] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   62.405304][ T5203] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   62.408799][ T5203] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   62.412905][ T5203] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   62.418333][ T5203] batman_adv: batadv0: Interface activated: batadv_slave_1
[   62.428782][ T5203] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   62.432386][ T5203] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   62.436137][ T5203] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   62.439599][ T5203] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   62.489235][ T1089] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   62.493194][ T1089] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   62.499454][ T5201] veth0_vlan: entered promiscuous mode
[   62.519095][ T5201] veth1_vlan: entered promiscuous mode
[   62.550443][ T1094] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   62.554353][ T1094] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   62.589571][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   62.593257][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   62.598548][ T5201] veth0_macvtap: entered promiscuous mode
[   62.623104][ T1094] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   62.624056][ T5206] Bluetooth: hci0: command tx timeout
[   62.624270][ T4636] Bluetooth: hci1: command tx timeout
[   62.624302][ T4636] Bluetooth: hci3: command tx timeout
[   62.626659][ T5201] veth1_macvtap: entered promiscuous mode
[   62.631616][ T1094] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   62.679256][ T5201] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   62.683977][ T5201] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   62.688068][ T5201] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   62.692553][ T5201] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   62.697315][ T5201] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   62.701606][ T5201] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   62.707308][ T5201] batman_adv: batadv0: Interface activated: batadv_slave_0
[   62.710999][ T1089] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   62.714491][ T5206] Bluetooth: hci2: command tx timeout
[   62.717231][ T1089] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   62.725209][ T5201] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   62.729768][ T5201] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   62.733536][ T5201] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   62.737870][ T5201] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   62.741756][ T5201] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   62.745878][ T5201] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   62.750825][ T5201] batman_adv: batadv0: Interface activated: batadv_slave_1
[   62.759227][ T1148] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   62.761614][ T5201] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   62.761635][   T39] kauditd_printk_skb: 26 callbacks suppressed
[   62.761647][   T39] audit: type=1400 audit(1720870839.144:141): avc:  denied  { mounton } for  pid=5196 comm="syz-executor" path="/syzkaller.cPJPy9/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[   62.763311][ T1148] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   62.767121][ T5201] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   62.788232][ T5201] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   62.791713][ T5201] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   62.859862][   T39] audit: type=1400 audit(1720870839.244:142): avc:  denied  { create } for  pid=5266 comm="syz.2.3" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[   62.871756][   T56] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   62.875308][   T56] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   62.922516][ T1094] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   62.928688][   T39] audit: type=1400 audit(1720870839.304:143): avc:  denied  { create } for  pid=5271 comm="syz.1.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[   62.935970][ T1094] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   62.938634][   T39] audit: type=1400 audit(1720870839.314:144): avc:  denied  { write } for  pid=5271 comm="syz.1.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[   63.013282][   T39] audit: type=1400 audit(1720870839.394:145): avc:  denied  { read } for  pid=5266 comm="syz.2.3" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[   63.023997][   T39] audit: type=1400 audit(1720870839.394:146): avc:  denied  { open } for  pid=5266 comm="syz.2.3" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[   63.314419][   T39] audit: type=1400 audit(1720870839.704:147): avc:  denied  { create } for  pid=5290 comm="syz.1.5" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[   63.322729][   T39] audit: type=1400 audit(1720870839.704:148): avc:  denied  { bind } for  pid=5290 comm="syz.1.5" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[   63.332962][   T39] audit: type=1400 audit(1720870839.704:149): avc:  denied  { setopt } for  pid=5290 comm="syz.1.5" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[   63.341752][   T39] audit: type=1400 audit(1720870839.704:150): avc:  denied  { accept } for  pid=5290 comm="syz.1.5" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[   63.697409][ T5302] netlink: 8 bytes leftover after parsing attributes in process `syz.1.8'.
[   63.721986][ T5302] netlink: 12 bytes leftover after parsing attributes in process `syz.1.8'.
[   63.726617][    T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!!
[   63.738580][ T5302] geneve2: entered promiscuous mode
[   63.975056][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   64.382936][ T5308] netlink: 8 bytes leftover after parsing attributes in process `syz.1.10'.
[   64.409104][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   64.563504][ T5206] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci1/hci1:201'
[   64.569023][ T5206] CPU: 1 PID: 5206 Comm: kworker/u33:3 Not tainted 6.10.0-rc7-syzkaller-00254-g528dd46d0fc3 #0
[   64.574112][ T5206] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   64.578930][ T5206] Workqueue: hci1 hci_rx_work
[   64.581247][ T5206] Call Trace:
[   64.582764][ T5206]  <TASK>
[   64.584074][ T5206]  dump_stack_lvl+0x16c/0x1f0
[   64.586173][ T5206]  sysfs_warn_dup+0x7f/0xa0
[   64.588341][ T5206]  sysfs_create_dir_ns+0x24d/0x2b0
[   64.590965][ T5206]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[   64.593735][ T5206]  ? __pfx_do_raw_spin_lock+0x10/0x10
[   64.596555][ T5206]  ? do_raw_spin_unlock+0x172/0x230
[   64.599114][ T5206]  kobject_add_internal+0x2c8/0x990
[   64.601561][ T5206]  kobject_add+0x16f/0x240
[   64.603350][ T5206]  ? __pfx_kobject_add+0x10/0x10
[   64.605696][ T5206]  ? do_raw_spin_unlock+0x172/0x230
[   64.608021][ T5206]  ? kobject_put+0xbe/0x5b0
[   64.610154][ T5206]  device_add+0x289/0x1a70
[   64.611850][ T5206]  ? __pfx_dev_set_name+0x10/0x10
[   64.613995][ T5206]  ? __pfx_device_add+0x10/0x10
[   64.616057][ T5206]  ? mgmt_send_event_skb+0x2f0/0x460
[   64.618663][ T5206]  hci_conn_add_sysfs+0x17e/0x230
[   64.621290][ T5206]  le_conn_complete_evt+0x1078/0x1d80
[   64.623685][ T5206]  ? __pfx_le_conn_complete_evt+0x10/0x10
[   64.626352][ T5206]  ? trace_contention_end+0xea/0x140
[   64.628792][ T5206]  ? __mutex_lock+0x1a6/0x9c0
[   64.630960][ T5206]  hci_le_enh_conn_complete_evt+0x23d/0x380
[   64.633649][ T5206]  ? skb_pull_data+0x166/0x210
[   64.635753][ T5206]  hci_le_meta_evt+0x2e2/0x5d0
[   64.637792][ T5206]  ? __pfx_hci_le_enh_conn_complete_evt+0x10/0x10
[   64.640930][ T5206]  hci_event_packet+0x664/0x1170
[   64.643333][ T5206]  ? __pfx_hci_le_meta_evt+0x10/0x10
[   64.645535][ T5206]  ? __pfx_hci_event_packet+0x10/0x10
[   64.648000][ T5206]  ? mark_held_locks+0x9f/0xe0
[   64.650062][ T5206]  ? kcov_remote_start+0x3d1/0x6e0
[   64.652263][ T5206]  ? lockdep_hardirqs_on+0x7c/0x110
[   64.654479][ T5206]  hci_rx_work+0x2c4/0x1610
[   64.656374][ T5206]  process_one_work+0x9c5/0x1b40
[   64.658349][ T5206]  ? __pfx_lock_acquire+0x10/0x10
[   64.660514][ T5206]  ? __pfx_process_one_work+0x10/0x10
[   64.662823][ T5206]  ? assign_work+0x1a0/0x250
[   64.664939][ T5206]  worker_thread+0x6c8/0xf30
[   64.666991][ T5206]  ? __pfx_worker_thread+0x10/0x10
[   64.669205][ T5206]  kthread+0x2c1/0x3a0
[   64.671059][ T5206]  ? _raw_spin_unlock_irq+0x23/0x50
[   64.673286][ T5206]  ? __pfx_kthread+0x10/0x10
[   64.675642][ T5206]  ret_from_fork+0x45/0x80
[   64.677639][ T5206]  ? __pfx_kthread+0x10/0x10
[   64.679658][ T5206]  ret_from_fork_asm+0x1a/0x30
[   64.681617][ T5206]  </TASK>
[   64.686827][ T5206] kobject: kobject_add_internal failed for hci1:201 with -EEXIST, don't try to register things with the same name in the same directory.
[   64.694273][ T5206] Bluetooth: hci1: failed to register connection device
[   64.703904][ T5213] Bluetooth: hci0: command tx timeout
[   64.715302][ T5213] Bluetooth: hci3: command tx timeout
[   64.715363][ T5206] Bluetooth: hci1: command tx timeout
[   64.774955][ T5206] Bluetooth: hci1: Received unexpected HCI Event 0x00
[   64.785797][ T5206] Bluetooth: hci2: command tx timeout
[   66.170351][ T5206] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:201'
[   66.175359][ T5206] CPU: 0 PID: 5206 Comm: kworker/u33:3 Not tainted 6.10.0-rc7-syzkaller-00254-g528dd46d0fc3 #0
[   66.179866][ T5206] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   66.184212][ T5206] Workqueue: hci3 hci_rx_work
[   66.186346][ T5206] Call Trace:
[   66.187591][ T5206]  <TASK>
[   66.188702][ T5206]  dump_stack_lvl+0x16c/0x1f0
[   66.190808][ T5206]  sysfs_warn_dup+0x7f/0xa0
[   66.192533][ T5206]  sysfs_create_dir_ns+0x24d/0x2b0
[   66.194405][ T5206]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[   66.196458][ T5206]  ? __pfx_do_raw_spin_lock+0x10/0x10
[   66.198396][ T5206]  ? do_raw_spin_unlock+0x172/0x230
[   66.200625][ T5206]  kobject_add_internal+0x2c8/0x990
[   66.202837][ T5206]  kobject_add+0x16f/0x240
[   66.204697][ T5206]  ? __pfx_kobject_add+0x10/0x10
[   66.206689][ T5206]  ? do_raw_spin_unlock+0x172/0x230
[   66.208770][ T5206]  ? kobject_put+0xbe/0x5b0
[   66.210449][ T5206]  device_add+0x289/0x1a70
[   66.212377][ T5206]  ? __pfx_dev_set_name+0x10/0x10
[   66.214206][ T5206]  ? __pfx_device_add+0x10/0x10
[   66.216074][ T5206]  ? mgmt_send_event_skb+0x2f0/0x460
[   66.218349][ T5206]  hci_conn_add_sysfs+0x17e/0x230
[   66.220289][ T5206]  le_conn_complete_evt+0x1078/0x1d80
[   66.222176][ T5206]  ? __pfx_le_conn_complete_evt+0x10/0x10
[   66.224591][ T5206]  ? trace_contention_end+0xea/0x140
[   66.226859][ T5206]  ? __mutex_lock+0x1a6/0x9c0
[   66.228796][ T5206]  hci_le_enh_conn_complete_evt+0x23d/0x380
[   66.231200][ T5206]  ? skb_pull_data+0x166/0x210
[   66.232908][ T5206]  hci_le_meta_evt+0x2e2/0x5d0
[   66.234924][ T5206]  ? __pfx_hci_le_enh_conn_complete_evt+0x10/0x10
[   66.237523][ T5206]  hci_event_packet+0x664/0x1170
[   66.239567][ T5206]  ? __pfx_hci_le_meta_evt+0x10/0x10
[   66.241622][ T5206]  ? __pfx_hci_event_packet+0x10/0x10
[   66.243552][ T5206]  ? mark_held_locks+0x9f/0xe0
[   66.245364][ T5206]  ? kcov_remote_start+0x3d1/0x6e0
[   66.247559][ T5206]  ? lockdep_hardirqs_on+0x7c/0x110
[   66.249803][ T5206]  hci_rx_work+0x2c4/0x1610
[   66.251761][ T5206]  process_one_work+0x9c5/0x1b40
[   66.253863][ T5206]  ? __pfx_lock_acquire+0x10/0x10
[   66.256028][ T5206]  ? __pfx_process_one_work+0x10/0x10
[   66.258112][ T5206]  ? assign_work+0x1a0/0x250
[   66.260048][ T5206]  worker_thread+0x6c8/0xf30
[   66.261890][ T5206]  ? __pfx_worker_thread+0x10/0x10
[   66.263871][ T5206]  kthread+0x2c1/0x3a0
[   66.265488][ T5206]  ? _raw_spin_unlock_irq+0x23/0x50
[   66.267629][ T5206]  ? __pfx_kthread+0x10/0x10
[   66.270401][ T5206]  ret_from_fork+0x45/0x80
[   66.272953][ T5206]  ? __pfx_kthread+0x10/0x10
[   66.275197][ T5206]  ret_from_fork_asm+0x1a/0x30
[   66.277424][ T5206]  </TASK>
[   66.280643][ T5206] kobject: kobject_add_internal failed for hci3:201 with -EEXIST, don't try to register things with the same name in the same directory.
[   66.288149][ T5206] Bluetooth: hci3: failed to register connection device
[   66.347787][ T5345] syzkaller0: entered promiscuous mode
[   66.350792][ T5345] syzkaller0: entered allmulticast mode
[   66.784909][ T5213] Bluetooth: hci3: command tx timeout
[   66.787164][ T5206] Bluetooth: hci0: command tx timeout
[   66.805942][ T5206] Bluetooth: Unknown BR/EDR signaling command 0x11
[   66.808941][ T5206] Bluetooth: Wrong link type (-22)
[   66.814708][ T5206] Bluetooth: Unknown BR/EDR signaling command 0x0e
[   66.818068][ T5206] Bluetooth: Wrong link type (-22)
[   66.834299][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   66.853101][ T5206] Bluetooth: hci2: Received unexpected HCI Event 0x00
[   66.863927][ T5206] Bluetooth: hci1: command tx timeout
[   66.866314][ T5206] Bluetooth: hci2: command tx timeout
[   66.911072][ T5354] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   67.023933][ T5206] Bluetooth: hci3: Received unexpected HCI Event 0x00
[   67.527661][ T5206] Bluetooth: hci0: ACL packet for unknown connection handle 0
[   67.633669][ T5371] 9pnet_fd: Insufficient options for proto=fd
[   67.774041][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   67.806774][   T39] kauditd_printk_skb: 32 callbacks suppressed
[   67.806789][   T39] audit: type=1400 audit(1720870844.194:183): avc:  denied  { read write } for  pid=5372 comm="syz.1.31" name="sg0" dev="devtmpfs" ino=705 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[   67.820405][   T39] audit: type=1400 audit(1720870844.194:184): avc:  denied  { open } for  pid=5372 comm="syz.1.31" path="/dev/sg0" dev="devtmpfs" ino=705 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[   68.045190][   T39] audit: type=1400 audit(1720870844.424:185): avc:  denied  { create } for  pid=5386 comm="syz.0.35" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[   68.064647][    T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!!
[   68.151505][   T39] audit: type=1400 audit(1720870844.534:186): avc:  denied  { watch } for  pid=5386 comm="syz.0.35" path="/proc/31/task" dev="proc" ino=7135 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1
[   68.206441][   T39] audit: type=1400 audit(1720870844.594:187): avc:  denied  { create } for  pid=5386 comm="syz.0.35" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1
[   68.328687][    T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!!
[   68.424072][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   68.431655][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   68.576113][    T0] NOHZ tick-stop error: local softirq work is pending, handler #2ca!!!
[   68.646122][ T5206] Bluetooth: hci0: ISO packet for unknown connection handle 0
[   68.707274][ T5400] syzkaller0: entered promiscuous mode
[   68.708939][ T5206] Bluetooth: hci2: Received unexpected HCI Event 0x00
[   68.709843][ T5400] syzkaller0: entered allmulticast mode
[   69.084754][ T5206] Bluetooth: hci1: ISO packet for unknown connection handle 0
[   69.945038][ T5206] Bluetooth: hci1: ACL packet for unknown connection handle 0
[   70.027488][ T5424] fuse: Unknown parameter 'grou00000000000000000000'
[   70.163302][ T5429] netlink: 8 bytes leftover after parsing attributes in process `syz.3.46'.
[   70.217542][ T5427] Zero length message leads to an empty skb
[   70.473712][   T39] audit: type=1800 audit(1720870846.854:188): pid=5442 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.1.49" name="/" dev="fuse" ino=1 res=0 errno=0
[   70.554021][ T5206] Bluetooth: hci0: command tx timeout
[   70.819715][ T5206] Bluetooth: hci1: ISO packet for unknown connection handle 0
[   71.023867][ T5206] Bluetooth: hci1: command tx timeout
[   71.197316][ T5206] Bluetooth: hci2: Received unexpected HCI Event 0x00
[   71.686205][ T5206] Bluetooth: Unknown BR/EDR signaling command 0x11
[   71.689055][ T5206] Bluetooth: Wrong link type (-22)
[   71.691925][ T5206] Bluetooth: Unknown BR/EDR signaling command 0x0e
[   71.695093][ T5206] Bluetooth: Wrong link type (-22)
[   72.419561][ T5462] fuse: Unknown parameter 'grou00000000000000000000'
[   72.492076][ T5206] Bluetooth: hci2: ACL packet for unknown connection handle 0
[   72.643323][ T5474] netlink: 8 bytes leftover after parsing attributes in process `syz.3.58'.
[   72.672100][ T5474] netlink: 12 bytes leftover after parsing attributes in process `syz.3.58'.
[   72.680811][ T5206] Bluetooth: hci0: ISO packet for unknown connection handle 0
[   73.117418][ T5206] Bluetooth: hci1: command tx timeout
[   73.452464][ T5206] Bluetooth: hci0: Received unexpected HCI Event 0x00
[   73.590124][ T5206] Bluetooth: Unknown BR/EDR signaling command 0x11
[   73.592765][ T5206] Bluetooth: Wrong link type (-22)
[   73.595653][ T5206] Bluetooth: Unknown BR/EDR signaling command 0x0e
[   73.598920][ T5206] Bluetooth: Wrong link type (-22)
[   75.583869][ T5206] Bluetooth: hci2: command tx timeout
[   75.938922][ T5206] Bluetooth: hci2: Received unexpected HCI Event 0x00
[   76.072244][ T5206] Bluetooth: hci1: Received unexpected HCI Event 0x00
[   76.126450][ T5206] Bluetooth: Unknown BR/EDR signaling command 0x11
[   76.129486][ T5206] Bluetooth: Wrong link type (-22)
[   76.132021][ T5206] Bluetooth: Unknown BR/EDR signaling command 0x0e
[   76.136970][ T5206] Bluetooth: Wrong link type (-22)
[   76.853728][ T5206] Bluetooth: hci2: ACL packet for unknown connection handle 0
[   76.934862][ T5206] Bluetooth: hci0: ACL packet for unknown connection handle 0
[   77.080379][ T5547] netlink: 12 bytes leftover after parsing attributes in process `syz.0.78'.
[   77.112122][ T1357] ieee802154 phy0 wpan0: encryption failed: -22
[   77.115428][ T1357] ieee802154 phy1 wpan1: encryption failed: -22
[   77.118099][ T5547] IPv6: NLM_F_REPLACE set, but no existing node found!
[   77.130112][ T5261] IPVS: starting estimator thread 0...
[   77.140567][   T39] audit: type=1400 audit(1720870853.514:189): avc:  denied  { setopt } for  pid=5546 comm="syz.0.78" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[   77.144599][ T5547] IPVS: rr: TCP 172.20.20.170:0 - no destination available
[   77.174261][   T39] audit: type=1400 audit(1720870853.524:190): avc:  denied  { connect } for  pid=5546 comm="syz.0.78" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[   77.209080][   T39] audit: type=1400 audit(1720870853.594:191): avc:  denied  { ioctl } for  pid=5546 comm="syz.0.78" path="socket:[8565]" dev="sockfs" ino=8565 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[   77.222132][ T5553] netlink: 4 bytes leftover after parsing attributes in process `syz.0.78'.
[   77.228421][ T5551] IPVS: using max 22 ests per chain, 52800 per kthread
[   77.238759][ T5553] netlink: 24 bytes leftover after parsing attributes in process `syz.0.78'.
[   77.949889][ T5206] Bluetooth: hci3: Received unexpected HCI Event 0x00
[   78.136839][ T5206] Bluetooth: hci2: Received unexpected HCI Event 0x00
[   78.961696][ T5206] Bluetooth: hci2: ACL packet for unknown connection handle 0
[   80.063925][ T5206] Bluetooth: hci2: command tx timeout
[   80.449274][ T5605] netlink: 8 bytes leftover after parsing attributes in process `syz.3.91'.
[   81.670517][ T5206] Bluetooth: hci0: Received unexpected HCI Event 0x00
[   81.912884][ T5206] Bluetooth: hci1: ACL packet for unknown connection handle 0
[   82.241367][  T816] cfg80211: failed to load regulatory.db
[   82.504396][ T5206] Bluetooth: hci2: Received unexpected HCI Event 0x00
[   82.535737][ T5206] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection
[   82.606854][ T5206] Bluetooth: hci0: Received unexpected HCI Event 0x00
[   82.701651][ T5641] netlink: 12 bytes leftover after parsing attributes in process `syz.0.102'.
[   82.706691][ T5641] IPv6: NLM_F_REPLACE set, but no existing node found!
[   82.726735][ T5641] IPVS: rr: TCP 172.20.20.170:0 - no destination available
[   82.760002][ T5206] Bluetooth: hci3: ACL packet for unknown connection handle 0
[   82.796479][ T5649] netlink: 4 bytes leftover after parsing attributes in process `syz.0.102'.
[   82.813564][ T5649] netlink: 24 bytes leftover after parsing attributes in process `syz.0.102'.
[   82.892607][ T5206] Bluetooth: hci0: Received unexpected HCI Event 0x00
[   83.504130][ T5206] Bluetooth: hci3: command tx timeout
[   83.585547][ T5206] Bluetooth: hci1: Received unexpected HCI Event 0x00
[   83.623178][ T5206] Bluetooth: hci2: ACL packet for unknown connection handle 0
[   83.958140][ T5206] Bluetooth: hci0: Received unexpected HCI Event 0x00
[   84.310209][ T5206] Bluetooth: hci0: Received unexpected HCI Event 0x00
[   84.590753][ T5206] Bluetooth: hci0: ACL packet for unknown connection handle 0
[   85.461397][ T5213] Bluetooth: hci1: Received unexpected HCI Event 0x00
[   85.472585][ T5213] Bluetooth: hci2: ACL packet for unknown connection handle 0
[   85.593877][ T5213] Bluetooth: hci3: command tx timeout
[   85.617325][ T5213] Bluetooth: hci0: Received unexpected HCI Event 0x00
[   86.220264][ T5213] Bluetooth: hci3: Received unexpected HCI Event 0x00
[   86.564143][ T5213] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection
[   86.564769][ T5737] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   87.775438][ T5206] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection
[   87.937063][ T5206] Bluetooth: hci3: ACL packet for unknown connection handle 0
[   88.909920][ T5206] Bluetooth: hci3: Received unexpected HCI Event 0x00
[   89.845181][ T5206] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection
[   90.250203][ T5206] Bluetooth: hci2: Received unexpected HCI Event 0x00
[   90.505960][ T5206] Bluetooth: hci2: Received unexpected HCI Event 0x00
[   90.929181][   T39] audit: type=1400 audit(1720870867.314:192): avc:  denied  { read } for  pid=5802 comm="syz.2.144" name="ppp" dev="devtmpfs" ino=714 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[   90.940864][   T39] audit: type=1400 audit(1720870867.314:193): avc:  denied  { open } for  pid=5802 comm="syz.2.144" path="/dev/ppp" dev="devtmpfs" ino=714 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[   90.952582][   T39] audit: type=1400 audit(1720870867.314:194): avc:  denied  { ioctl } for  pid=5802 comm="syz.2.144" path="/dev/ppp" dev="devtmpfs" ino=714 ioctlcmd=0x7438 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[   90.964963][   T39] audit: type=1400 audit(1720870867.314:195): avc:  denied  { append } for  pid=5802 comm="syz.2.144" name="ppp" dev="devtmpfs" ino=714 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[   90.995020][ T5206] Bluetooth: hci0: Received unexpected HCI Event 0x00
[   91.396220][ T5206] Bluetooth: hci2: Received unexpected HCI Event 0x00
[   91.894560][ T5206] Bluetooth: hci0: Received unexpected HCI Event 0x00
[   92.108534][ T5206] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection
[   92.192429][ T5833] netlink: 8 bytes leftover after parsing attributes in process `syz.2.153'.
[   92.220323][ T5833] netlink: 12 bytes leftover after parsing attributes in process `syz.2.153'.
[   92.249269][ T5833] geneve2: entered promiscuous mode
[   92.469638][ T5213] Bluetooth: hci2: Received unexpected HCI Event 0x00
[   92.765192][ T5213] Bluetooth: hci0: Received unexpected HCI Event 0x00
[   92.847663][ T5213] Bluetooth: hci2: Received unexpected HCI Event 0x00
[   93.121844][ T5213] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:201'
[   93.128768][ T5213] CPU: 0 PID: 5213 Comm: kworker/u33:6 Not tainted 6.10.0-rc7-syzkaller-00254-g528dd46d0fc3 #0
[   93.133583][ T5213] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   93.138553][ T5213] Workqueue: hci2 hci_rx_work
[   93.140692][ T5213] Call Trace:
[   93.142332][ T5213]  <TASK>
[   93.143704][ T5213]  dump_stack_lvl+0x16c/0x1f0
[   93.145878][ T5213]  sysfs_warn_dup+0x7f/0xa0
[   93.148015][ T5213]  sysfs_create_dir_ns+0x24d/0x2b0
[   93.150525][ T5213]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[   93.153299][ T5213]  ? __pfx_do_raw_spin_lock+0x10/0x10
[   93.156551][ T5213]  ? do_raw_spin_unlock+0x172/0x230
[   93.158840][ T5213]  kobject_add_internal+0x2c8/0x990
[   93.160363][ T5206] Bluetooth: hci3: Received unexpected HCI Event 0x00
[   93.161263][ T5213]  kobject_add+0x16f/0x240
[   93.166217][ T5213]  ? __pfx_kobject_add+0x10/0x10
[   93.168594][ T5213]  ? do_raw_spin_unlock+0x172/0x230
[   93.170941][ T5213]  ? kobject_put+0xbe/0x5b0
[   93.178295][ T5213]  device_add+0x289/0x1a70
[   93.180651][ T5213]  ? __pfx_dev_set_name+0x10/0x10
[   93.183226][ T5213]  ? __pfx_device_add+0x10/0x10
[   93.199387][ T5213]  ? mgmt_send_event_skb+0x2f0/0x460
[   93.201436][ T5213]  hci_conn_add_sysfs+0x17e/0x230
[   93.203409][ T5213]  le_conn_complete_evt+0x1078/0x1d80
[   93.205368][ T5213]  ? __pfx_le_conn_complete_evt+0x10/0x10
[   93.207443][ T5213]  ? trace_contention_end+0xea/0x140
[   93.209353][ T5213]  ? __mutex_lock+0x1a6/0x9c0
[   93.213219][ T5213]  hci_le_enh_conn_complete_evt+0x23d/0x380
[   93.215652][ T5213]  ? skb_pull_data+0x166/0x210
[   93.217650][ T5213]  hci_le_meta_evt+0x2e2/0x5d0
[   93.219625][ T5213]  ? __pfx_hci_le_enh_conn_complete_evt+0x10/0x10
[   93.222392][ T5213]  hci_event_packet+0x664/0x1170
[   93.224411][ T5213]  ? __pfx_hci_le_meta_evt+0x10/0x10
[   93.231264][ T5213]  ? __pfx_hci_event_packet+0x10/0x10
[   93.234403][ T5213]  ? mark_held_locks+0x9f/0xe0
[   93.236620][ T5213]  ? kcov_remote_start+0x3d1/0x6e0
[   93.238969][ T5213]  ? lockdep_hardirqs_on+0x7c/0x110
[   93.241240][ T5213]  hci_rx_work+0x2c4/0x1610
[   93.243352][ T5213]  process_one_work+0x9c5/0x1b40
[   93.245684][ T5213]  ? __pfx_lock_acquire+0x10/0x10
[   93.247941][ T5213]  ? __pfx_process_one_work+0x10/0x10
[   93.250307][ T5213]  ? assign_work+0x1a0/0x250
[   93.252436][ T5213]  worker_thread+0x6c8/0xf30
[   93.254494][ T5213]  ? __pfx_worker_thread+0x10/0x10
[   93.256734][ T5213]  kthread+0x2c1/0x3a0
[   93.258616][ T5213]  ? _raw_spin_unlock_irq+0x23/0x50
[   93.261478][ T5213]  ? __pfx_kthread+0x10/0x10
[   93.263583][ T5213]  ret_from_fork+0x45/0x80
[   93.265148][ T5213]  ? __pfx_kthread+0x10/0x10
[   93.266979][ T5213]  ret_from_fork_asm+0x1a/0x30
[   93.269022][ T5213]  </TASK>
[   93.271281][ T5213] kobject: kobject_add_internal failed for hci2:201 with -EEXIST, don't try to register things with the same name in the same directory.
[   93.276569][ T5213] Bluetooth: hci2: failed to register connection device
[   93.459573][ T5206] Bluetooth: hci1: Received unexpected HCI Event 0x00
[   93.740275][ T5206] Bluetooth: hci2: Ignoring HCI_Connection_Complete for existing connection
[   94.046650][ T5213] Bluetooth: hci2: Received unexpected HCI Event 0x00
[   94.625324][ T5895] netlink: 8 bytes leftover after parsing attributes in process `syz.2.171'.
[   94.696290][ T5895] netlink: 12 bytes leftover after parsing attributes in process `syz.2.171'.
[   94.711365][ T5895] geneve2: entered promiscuous mode
[   95.358696][ T5213] Bluetooth: hci1: ACL packet for unknown connection handle 0
[   96.044281][ T5213] Bluetooth: hci2: Ignoring HCI_Connection_Complete for existing connection
[   96.247579][ T5206] Bluetooth: hci0: Received unexpected HCI Event 0x00
[   96.393884][ T5206] Bluetooth: hci1: Received unexpected HCI Event 0x00
[   96.416666][ T5206] Bluetooth: hci2: Received unexpected HCI Event 0x00
[   96.421854][ T5213] Bluetooth: hci1: Received unexpected HCI Event 0x00
[   96.504494][ T5213] Bluetooth: hci3: Received unexpected HCI Event 0x00
[   96.543138][ T5213] Bluetooth: hci2: ACL packet for unknown connection handle 0
[   96.934206][ T5213] Bluetooth: hci1: ISO packet for unknown connection handle 0
[   97.176661][ T5213] Bluetooth: hci0: Received unexpected HCI Event 0x00
[   97.265252][ T5213] Bluetooth: hci0: Received unexpected HCI Event 0x00
[   98.014320][ T5213] Bluetooth: hci3: ACL packet for unknown connection handle 0
[   98.196468][ T5213] Bluetooth: hci0: Received unexpected HCI Event 0x00
[   98.343469][ T5213] Bluetooth: hci0: Received unexpected HCI Event 0x00
[   98.615341][ T5213] Bluetooth: hci2: ACL packet for unknown connection handle 0
[   98.953850][ T5213] Bluetooth: hci1: command tx timeout
[   99.143195][ T5213] Bluetooth: hci1: Ignoring HCI_Connection_Complete for existing connection
[   99.308072][ T5206] Bluetooth: hci3: Received unexpected HCI Event 0x00
[  100.179785][ T5206] Bluetooth: Unknown BR/EDR signaling command 0x11
[  100.183699][ T5206] Bluetooth: Wrong link type (-22)
[  100.187733][ T5206] Bluetooth: Unknown BR/EDR signaling command 0x0e
[  100.190475][ T5206] Bluetooth: Wrong link type (-22)
[  100.348175][ T5206] Bluetooth: Unknown BR/EDR signaling command 0x11
[  100.351104][ T5206] Bluetooth: Wrong link type (-22)
[  100.353340][ T5206] Bluetooth: Unknown BR/EDR signaling command 0x0e
[  100.357144][ T5206] Bluetooth: Wrong link type (-22)
[  100.964079][ T5206] Bluetooth: hci1: ACL packet for unknown connection handle 0
[  101.657477][ T5206] Bluetooth: hci1: ACL packet for unknown connection handle 0
[  102.385544][   T39] audit: type=1800 audit(1720870878.774:196): pid=6039 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.2.208" name="/" dev="fuse" ino=1 res=0 errno=0
[  102.461990][ T5206] Bluetooth: hci1: ACL packet for unknown connection handle 0
[  103.117285][ T5206] Bluetooth: Unknown BR/EDR signaling command 0x11
[  103.120202][ T5206] Bluetooth: Wrong link type (-22)
[  103.122836][ T5206] Bluetooth: Unknown BR/EDR signaling command 0x0e
[  103.127573][ T5206] Bluetooth: Wrong link type (-22)
[  103.341806][ T5206] Bluetooth: hci0: Received unexpected HCI Event 0x00
[  104.219476][ T5206] Bluetooth: hci0: Received unexpected HCI Event 0x00
[  104.516050][ T5206] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:201'
[  104.522866][ T5206] CPU: 3 PID: 5206 Comm: kworker/u33:3 Not tainted 6.10.0-rc7-syzkaller-00254-g528dd46d0fc3 #0
[  104.528677][ T5206] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  104.534344][ T5206] Workqueue: hci0 hci_rx_work
[  104.537166][ T5206] Call Trace:
[  104.539182][ T5206]  <TASK>
[  104.540945][ T5206]  dump_stack_lvl+0x16c/0x1f0
[  104.543355][ T5206]  sysfs_warn_dup+0x7f/0xa0
[  104.545677][ T5206]  sysfs_create_dir_ns+0x24d/0x2b0
[  104.548178][ T5206]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  104.551074][ T5206]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  104.553662][ T5206]  ? do_raw_spin_unlock+0x172/0x230
[  104.556106][ T5206]  kobject_add_internal+0x2c8/0x990
[  104.558788][ T5206]  kobject_add+0x16f/0x240
[  104.561098][ T5206]  ? __pfx_kobject_add+0x10/0x10
[  104.563618][ T5206]  ? do_raw_spin_unlock+0x172/0x230
[  104.565984][ T5206]  ? kobject_put+0xbe/0x5b0
[  104.568009][ T5206]  device_add+0x289/0x1a70
[  104.570071][ T5206]  ? __pfx_dev_set_name+0x10/0x10
[  104.572357][ T5206]  ? __pfx_device_add+0x10/0x10
[  104.574806][ T5206]  ? mgmt_send_event_skb+0x2f0/0x460
[  104.577056][ T5206]  hci_conn_add_sysfs+0x17e/0x230
[  104.579473][ T5206]  le_conn_complete_evt+0x1078/0x1d80
[  104.582171][ T5206]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  104.585564][ T5206]  ? trace_contention_end+0xea/0x140
[  104.588764][ T5206]  ? __mutex_lock+0x1a6/0x9c0
[  104.590629][ T5206]  hci_le_enh_conn_complete_evt+0x23d/0x380
[  104.593123][ T5206]  ? skb_pull_data+0x166/0x210
[  104.595163][ T5206]  hci_le_meta_evt+0x2e2/0x5d0
[  104.597252][ T5206]  ? __pfx_hci_le_enh_conn_complete_evt+0x10/0x10
[  104.600238][ T5206]  hci_event_packet+0x664/0x1170
[  104.602318][ T5206]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  104.604557][ T5206]  ? __pfx_hci_event_packet+0x10/0x10
[  104.607176][ T5206]  ? mark_held_locks+0x9f/0xe0
[  104.609170][ T5206]  ? kcov_remote_start+0x3d1/0x6e0
[  104.611642][ T5206]  ? lockdep_hardirqs_on+0x7c/0x110
[  104.614145][ T5206]  hci_rx_work+0x2c4/0x1610
[  104.616320][ T5206]  process_one_work+0x9c5/0x1b40
[  104.618848][ T5206]  ? __pfx_lock_acquire+0x10/0x10
[  104.621440][ T5206]  ? __pfx_process_one_work+0x10/0x10
[  104.624152][ T5206]  ? assign_work+0x1a0/0x250
[  104.626309][ T5206]  worker_thread+0x6c8/0xf30
[  104.628392][ T5206]  ? __pfx_worker_thread+0x10/0x10
[  104.630941][ T5206]  kthread+0x2c1/0x3a0
[  104.632892][ T5206]  ? _raw_spin_unlock_irq+0x23/0x50
[  104.635695][ T5206]  ? __pfx_kthread+0x10/0x10
[  104.637993][ T5206]  ret_from_fork+0x45/0x80
[  104.640653][ T5206]  ? __pfx_kthread+0x10/0x10
[  104.643164][ T5206]  ret_from_fork_asm+0x1a/0x30
[  104.645845][ T5206]  </TASK>
[  104.653574][ T5206] kobject: kobject_add_internal failed for hci0:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  104.661749][ T5206] Bluetooth: hci0: failed to register connection device
[  104.786465][ T5206] Bluetooth: hci0: Received unexpected HCI Event 0x00
[  104.947677][ T5206] Bluetooth: hci1: Received unexpected HCI Event 0x00
[  105.069910][ T5206] Bluetooth: Unknown BR/EDR signaling command 0x11
[  105.080684][ T5206] Bluetooth: Wrong link type (-22)
[  105.083153][ T5206] Bluetooth: Unknown BR/EDR signaling command 0x0e
[  105.086974][ T5206] Bluetooth: Wrong link type (-22)
[  105.088854][ T5206] Bluetooth: hci2: link tx timeout
[  105.091808][ T5206] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa
[  105.710763][ T5213] Bluetooth: hci0: Received unexpected HCI Event 0x00
[  105.740054][ T5213] Bluetooth: hci3: ACL packet for unknown connection handle 0
[  106.002683][ T5213] Bluetooth: hci2: ACL packet for unknown connection handle 0
[  106.697696][ T5213] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[  106.977695][ T4636] Bluetooth: hci3: ACL packet for unknown connection handle 0
[  107.019391][ T4636] Bluetooth: hci0: ACL packet for unknown connection handle 0
[  107.103893][ T4636] Bluetooth: hci2: command 0x0406 tx timeout
[  107.450158][ T5206] Bluetooth: hci1: Received unexpected HCI Event 0x00
[  107.579148][ T5206] Bluetooth: hci2: Received unexpected HCI Event 0x00
[  107.722060][ T5206] Bluetooth: hci2: Received unexpected HCI Event 0x00
[  108.137014][ T5206] Bluetooth: hci0: Received unexpected HCI Event 0x00
[  108.869941][ T5206] Bluetooth: hci2: Received unexpected HCI Event 0x00
[  109.870543][ T5206] Bluetooth: hci2: Received unexpected HCI Event 0x00
[  110.582508][ T5206] Bluetooth: hci1: Received unexpected HCI Event 0x00
[  110.766871][ T6204] fuse: Bad value for 'fd'
[  111.689356][ T5206] Bluetooth: hci3: Received unexpected HCI Event 0x00
[  112.517515][   T39] audit: type=1800 audit(1720870888.904:197): pid=6229 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.3.258" name="/" dev="fuse" ino=1 res=0 errno=0
[  112.588560][ T6231] fuse: Bad value for 'fd'
[  112.623320][ T5206] Bluetooth: hci3: Received unexpected HCI Event 0x00
[  113.160954][ T6242] netlink: 8 bytes leftover after parsing attributes in process `syz.2.262'.
[  113.181538][ T6242] netlink: 12 bytes leftover after parsing attributes in process `syz.2.262'.
[  113.204129][ T6242] geneve2: entered promiscuous mode
[  113.528465][ T5206] Bluetooth: Unknown BR/EDR signaling command 0x11
[  113.532142][ T5206] Bluetooth: Wrong link type (-22)
[  113.535139][ T5206] Bluetooth: Unknown BR/EDR signaling command 0x0e
[  113.537514][ T5206] Bluetooth: Wrong link type (-22)
[  113.540387][ T5206] Bluetooth: hci1: link tx timeout
[  113.553498][ T5206] Bluetooth: hci1: killing stalled connection 11:aa:aa:aa:aa:aa
[  114.153563][ T4636] Bluetooth: hci0: ISO packet for unknown connection handle 0
[  114.214293][ T4636] Bluetooth: hci2: Received unexpected HCI Event 0x00
[  114.227567][ T4636] Bluetooth: hci3: ACL packet for unknown connection handle 0
[  114.697330][ T4636] Bluetooth: hci1: ISO packet for unknown connection handle 0
[  115.096208][ T4636] Bluetooth: hci0: ACL packet for unknown connection handle 0
[  115.448642][ T4636] Bluetooth: hci1: Received unexpected HCI Event 0x00
[  115.523434][ T4636] Bluetooth: hci1: unexpected event for opcode 0x202a
[  116.088454][ T5206] Bluetooth: hci2: Received unexpected HCI Event 0x00
[  116.144125][ T5206] Bluetooth: hci0: command tx timeout
[  117.144698][ T5206] Bluetooth: hci2: ISO packet for unknown connection handle 0
[  117.756025][ T5206] Bluetooth: hci1: ACL packet for unknown connection handle 0
[  118.381519][ T5206] Bluetooth: hci3: Received unexpected HCI Event 0x00
[  118.488942][ T5206] Bluetooth: hci1: Received unexpected HCI Event 0x00
[  119.103950][ T5206] Bluetooth: hci2: command 0x0406 tx timeout
[  119.545018][   T39] audit: type=1800 audit(1720870895.934:198): pid=6335 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.3.286" name="/" dev="fuse" ino=1 res=0 errno=0
[  120.034339][ T5206] Bluetooth: hci0: Received unexpected HCI Event 0x00
[  120.480666][ T5206] Bluetooth: hci2: ACL packet for unknown connection handle 0
[  120.710500][ T5206] Bluetooth: hci1: ACL packet for unknown connection handle 0
[  121.394933][ T5206] Bluetooth: hci1: ACL packet for unknown connection handle 0
[  121.624073][ T5206] Bluetooth: hci3: Received unexpected HCI Event 0x00
[  122.434393][ T5206] Bluetooth: Unknown BR/EDR signaling command 0x11
[  122.438008][ T5206] Bluetooth: Wrong link type (-22)
[  122.442716][ T5206] Bluetooth: Unknown BR/EDR signaling command 0x0e
[  122.446347][ T5206] Bluetooth: Wrong link type (-22)
[  122.449414][ T5206] Bluetooth: hci1: link tx timeout
[  124.143617][ T5206] Bluetooth: hci0: ACL packet for unknown connection handle 0
[  124.288801][ T5206] Bluetooth: hci1: ACL packet for unknown connection handle 0
[  124.884529][ T6409] netlink: 32 bytes leftover after parsing attributes in process `syz.1.304'.
[  125.158486][ T5206] Bluetooth: hci1: Received unexpected HCI Event 0x00
[  125.590073][ T5206] Bluetooth: Unknown BR/EDR signaling command 0x11
[  125.592799][ T5206] Bluetooth: Wrong link type (-22)
[  125.595158][ T5206] Bluetooth: Unknown BR/EDR signaling command 0x0e
[  125.598047][ T5206] Bluetooth: Wrong link type (-22)
[  125.600259][ T5206] Bluetooth: hci1: link tx timeout
[  125.997981][ T5206] Bluetooth: hci2: Received unexpected HCI Event 0x00
[  126.675311][ T6451] netlink: 32 bytes leftover after parsing attributes in process `syz.1.314'.
[  126.936915][   T39] audit: type=1800 audit(1720870903.324:199): pid=6460 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.2.316" name="/" dev="fuse" ino=1 res=0 errno=0
[  126.943919][ T5206] Bluetooth: hci2: Received unexpected HCI Event 0x00
[  127.252851][ T5206] Bluetooth: hci2: ACL packet for unknown connection handle 0
[  128.055862][ T5206] Bluetooth: hci2: Received unexpected HCI Event 0x00
[  128.138483][ T5206] Bluetooth: Unknown BR/EDR signaling command 0x11
[  128.141361][ T5206] Bluetooth: Wrong link type (-22)
[  128.143545][ T5206] Bluetooth: Unknown BR/EDR signaling command 0x0e
[  128.148294][ T5206] Bluetooth: Wrong link type (-22)
[  128.151328][ T5206] Bluetooth: hci3: link tx timeout
[  128.153731][ T5206] Bluetooth: hci3: killing stalled connection 10:aa:aa:aa:aa:aa
[  128.158812][ T5206] Bluetooth: hci3: link tx timeout
[  128.161033][ T5206] Bluetooth: hci3: killing stalled connection 11:aa:aa:aa:aa:aa
[  128.643276][ T5206] Bluetooth: hci3: Received unexpected HCI Event 0x00
[  128.703990][ T5206] Bluetooth: hci3: unexpected event for opcode 0x202a
[  129.092279][ T5206] Bluetooth: hci2: Received unexpected HCI Event 0x00
[  129.499184][ T5206] Bluetooth: hci2: ISO packet for unknown connection handle 0
[  129.579239][ T5206] Bluetooth: hci3: Received unexpected HCI Event 0x00
[  129.652745][ T5206] Bluetooth: hci3: unexpected event for opcode 0x202a
[  129.738287][ T5206] Bluetooth: hci1: ACL packet for unknown connection handle 0
[  130.462390][ T5206] Bluetooth: hci3: Received unexpected HCI Event 0x00
[  130.602853][ T5206] Bluetooth: hci3: unexpected event for opcode 0x202a
[  130.610222][ T5206] Bluetooth: hci1: Received unexpected HCI Event 0x00
[  130.634620][ T5206] Bluetooth: hci1: unexpected event for opcode 0x202a
[  130.863318][ T5206] Bluetooth: hci2: Received unexpected HCI Event 0x00
[  131.040135][ T5206] Bluetooth: hci2: Received unexpected HCI Event 0x00
[  132.083257][ T5206] Bluetooth: hci3: ISO packet for unknown connection handle 0
[  132.492707][ T4636] Bluetooth: hci1: Received unexpected HCI Event 0x00
[  132.513040][ T4636] Bluetooth: hci1: unexpected event for opcode 0x202a
[  132.721860][ T4636] Bluetooth: hci1: ACL packet for unknown connection handle 0
[  132.871395][ T4636] Bluetooth: hci3: Received unexpected HCI Event 0x00
[  133.068154][ T4636] Bluetooth: hci3: Received unexpected HCI Event 0x00
[  133.326133][ T4636] Bluetooth: hci0: Received unexpected HCI Event 0x00
[  133.652112][ T4636] Bluetooth: hci1: ACL packet for unknown connection handle 0
[  133.993860][ T4636] Bluetooth: hci3: command 0x0406 tx timeout
[  134.352398][   T39] audit: type=1800 audit(1720870910.734:200): pid=6595 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.2.353" name="/" dev="fuse" ino=1 res=0 errno=0
[  134.638737][ T4636] Bluetooth: hci3: ISO packet for unknown connection handle 0
[  135.511746][ T4636] Bluetooth: hci3: ACL packet for unknown connection handle 200
[  135.610069][   T39] audit: type=1800 audit(1720870911.994:201): pid=6602 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.0.355" name="/" dev="fuse" ino=1 res=0 errno=0
[  135.673840][ T4636] Bluetooth: hci1: Received unexpected HCI Event 0x00
[  135.848606][ T4636] Bluetooth: hci1: ACL packet for unknown connection handle 0
[  136.575285][ T4636] Bluetooth: hci3: command 0x0406 tx timeout
[  136.798892][ T4636] Bluetooth: hci3: Received unexpected HCI Event 0x00
[  136.869427][ T4636] Bluetooth: hci3: unexpected event for opcode 0x202a
[  137.462575][ T4636] Bluetooth: hci2: ACL packet for unknown connection handle 0
[  137.464356][ T5206] Bluetooth: Unknown BR/EDR signaling command 0x11
[  137.468253][ T5206] Bluetooth: Wrong link type (-22)
[  137.470775][ T5206] Bluetooth: Unknown BR/EDR signaling command 0x0e
[  137.473714][ T5206] Bluetooth: Wrong link type (-22)
[  137.477571][ T5206] Bluetooth: hci0: link tx timeout
[  137.480799][ T5206] Bluetooth: hci0: killing stalled connection 10:aa:aa:aa:aa:aa
[  137.487624][ T5206] Bluetooth: hci0: link tx timeout
[  137.490671][ T5206] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa
[  137.697848][ T5206] Bluetooth: hci3: Received unexpected HCI Event 0x00
[  137.802225][ T5206] Bluetooth: hci3: unexpected event for opcode 0x202a
[  138.221099][ T5206] Bluetooth: hci2: Received unexpected HCI Event 0x00
[  138.384473][ T5206] Bluetooth: hci2: Received unexpected HCI Event 0x00
[  138.388338][ T5206] Bluetooth: hci0: ACL packet for unknown connection handle 0
[  138.546904][ T1357] ieee802154 phy0 wpan0: encryption failed: -22
[  138.550566][ T1357] ieee802154 phy1 wpan1: encryption failed: -22
[  139.514013][ T5213] Bluetooth: hci0: command 0x0406 tx timeout
[  139.819264][   T39] audit: type=1800 audit(1720870916.204:202): pid=6682 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.1.374" name="/" dev="fuse" ino=1 res=0 errno=0
[  140.259892][ T4636] Bluetooth: hci2: Received unexpected HCI Event 0x00
[  140.578008][ T4636] Bluetooth: hci1: Received unexpected HCI Event 0x00
[  140.648772][ T4636] Bluetooth: hci2: ISO packet for unknown connection handle 0
[  141.467289][ T4636] Bluetooth: hci2: Received unexpected HCI Event 0x00
[  141.579639][ T4636] Bluetooth: hci2: Received unexpected HCI Event 0x00
[  141.583881][ T4636] Bluetooth: hci0: command 0x0406 tx timeout
[  142.481367][ T4636] Bluetooth: hci1: Received unexpected HCI Event 0x00
[  142.648461][ T4636] Bluetooth: hci1: Received unexpected HCI Event 0x00
[  142.721555][ T4636] Bluetooth: hci1: command 0x0406 tx timeout
[  142.832386][ T4636] Bluetooth: hci0: ACL packet for unknown connection handle 0
[  142.849389][ T4636] Bluetooth: hci1: Received unexpected HCI Event 0x00
[  142.946852][ T4636] Bluetooth: Unknown BR/EDR signaling command 0x11
[  142.949916][ T4636] Bluetooth: Wrong link type (-22)
[  142.952313][ T4636] Bluetooth: Unknown BR/EDR signaling command 0x0e
[  142.955377][ T4636] Bluetooth: Wrong link type (-22)
[  142.957445][ T4636] Bluetooth: hci2: link tx timeout
[  142.996184][ T4636] Bluetooth: hci3: ISO packet for unknown connection handle 0
[  143.572115][ T4636] Bluetooth: hci0: Received unexpected HCI Event 0x00
[  143.741528][   T39] audit: type=1400 audit(1720870920.124:203): avc:  denied  { create } for  pid=6750 comm="syz.1.393" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  143.775497][   T39] audit: type=1400 audit(1720870920.134:204): avc:  denied  { setopt } for  pid=6750 comm="syz.1.393" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  143.804200][   T39] audit: type=1400 audit(1720870920.144:205): avc:  denied  { ioctl } for  pid=6750 comm="syz.1.393" path="socket:[14460]" dev="sockfs" ino=14460 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  143.825242][   T39] audit: type=1400 audit(1720870920.154:206): avc:  denied  { bind } for  pid=6750 comm="syz.1.393" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  143.927526][ T4636] Bluetooth: hci2: ACL packet for unknown connection handle 0
[  144.063837][   T39] audit: type=1800 audit(1720870920.444:207): pid=6761 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.0.395" name="/" dev="fuse" ino=1 res=0 errno=0
[  144.488864][ T4636] Bluetooth: hci0: Received unexpected HCI Event 0x00
[  144.955254][ T4636] Bluetooth: hci3: command 0x0406 tx timeout
[  144.985188][   T39] audit: type=1800 audit(1720870921.374:208): pid=6778 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.1.399" name="/" dev="fuse" ino=1 res=0 errno=0
[  145.827045][ T4636] Bluetooth: hci2: Received unexpected HCI Event 0x00
[  145.955045][ T4636] Bluetooth: hci2: Received unexpected HCI Event 0x00
[  146.104786][ T4636] Bluetooth: Unknown BR/EDR signaling command 0x11
[  146.107685][ T4636] Bluetooth: Wrong link type (-22)
[  146.110268][ T4636] Bluetooth: Unknown BR/EDR signaling command 0x0e
[  146.113194][ T4636] Bluetooth: Wrong link type (-22)
[  146.117677][ T4636] Bluetooth: hci2: link tx timeout
[  146.290815][ T4636] Bluetooth: hci0: Received unexpected HCI Event 0x00
[  147.152459][ T4636] Bluetooth: hci3: Received unexpected HCI Event 0x00
[  147.289396][ T4636] Bluetooth: hci3: unexpected event for opcode 0x202a
[  148.257728][ T4636] Bluetooth: hci1: Received unexpected HCI Event 0x00
[  148.273689][ T4636] Bluetooth: hci3: ISO packet for unknown connection handle 0
[  148.451348][ T6829] netlink: 12 bytes leftover after parsing attributes in process `syz.0.413'.
[  148.575549][   T39] audit: type=1400 audit(1720870924.964:209): avc:  denied  { create } for  pid=6830 comm="syz.0.414" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  148.989641][   T39] audit: type=1800 audit(1720870925.374:210): pid=6842 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.3.415" name="/" dev="fuse" ino=1 res=0 errno=0
[  148.989772][ T4636] Bluetooth: hci1: Received unexpected HCI Event 0x00
[  149.882364][   T39] audit: type=1400 audit(1720870926.264:211): avc:  denied  { create } for  pid=6850 comm="syz.0.419" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1
[  149.888910][ T6851] Cannot find add_set index 0 as target
[  149.901814][   T39] audit: type=1400 audit(1720870926.274:212): avc:  denied  { setopt } for  pid=6850 comm="syz.0.419" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1
[  149.984205][ T6853] delete_channel: no stack
[  149.986476][   T39] audit: type=1400 audit(1720870926.364:213): avc:  denied  { create } for  pid=6852 comm="syz.0.420" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1
[  149.997863][   T39] audit: type=1400 audit(1720870926.374:214): avc:  denied  { create } for  pid=6852 comm="syz.0.420" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  150.006393][   T39] audit: type=1400 audit(1720870926.384:215): avc:  denied  { setopt } for  pid=6852 comm="syz.0.420" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  150.053897][ T6854] netlink: 'syz.0.420': attribute type 21 has an invalid length.
[  150.056780][ T4636] Bluetooth: hci3: Received unexpected HCI Event 0x00
[  150.059020][ T6854] netlink: 132 bytes leftover after parsing attributes in process `syz.0.420'.
[  150.138755][ T6859] netlink: 12 bytes leftover after parsing attributes in process `syz.0.422'.
[  150.215099][ T4636] Bluetooth: hci0: Received unexpected HCI Event 0x00
[  150.224335][ T4636] Bluetooth: hci3: command 0x0406 tx timeout
[  150.238641][ T6866] xt_CHECKSUM: CHECKSUM should be avoided.  If really needed, restrict with "-p udp" and only use in OUTPUT
[  150.251938][   T39] audit: type=1400 audit(1720870926.634:216): avc:  denied  { bind } for  pid=6860 comm="syz.0.423" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  150.267946][ T6867] netlink: 4 bytes leftover after parsing attributes in process `syz.0.423'.
[  150.282808][   T39] audit: type=1400 audit(1720870926.664:217): avc:  denied  { connect } for  pid=6860 comm="syz.0.423" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1
[  150.293506][   T39] audit: type=1400 audit(1720870926.664:218): avc:  denied  { name_connect } for  pid=6860 comm="syz.0.423" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=dccp_socket permissive=1
[  150.336664][   T39] audit: type=1400 audit(1720870926.724:219): avc:  denied  { shutdown } for  pid=6860 comm="syz.0.423" laddr=fe80::12 lport=34422 faddr=fe80::bb scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1
[  150.561515][   T39] audit: type=1400 audit(1720870926.944:220): avc:  denied  { read } for  pid=6871 comm="syz.2.426" name="hpet" dev="devtmpfs" ino=632 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[  150.575487][   T39] audit: type=1400 audit(1720870926.964:221): avc:  denied  { open } for  pid=6871 comm="syz.2.426" path="/dev/hpet" dev="devtmpfs" ino=632 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[  150.591858][   T39] audit: type=1400 audit(1720870926.974:222): avc:  denied  { map } for  pid=6871 comm="syz.2.426" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=13022 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  150.604379][   T39] audit: type=1400 audit(1720870926.974:223): avc:  denied  { read write } for  pid=6871 comm="syz.2.426" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=13022 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  151.440006][ T6890] netlink: 24 bytes leftover after parsing attributes in process `syz.2.429'.
[  152.037326][ T4636] Bluetooth: hci2: Received unexpected HCI Event 0x00
[  152.045971][ T6899] netlink: 12 bytes leftover after parsing attributes in process `syz.0.431'.
[  152.077710][ T4636] Bluetooth: hci3: Received unexpected HCI Event 0x00
[  152.121228][ T4636] Bluetooth: hci1: Received unexpected HCI Event 0x00
[  152.276184][ T4636] Bluetooth: Unknown BR/EDR signaling command 0x11
[  152.279131][ T4636] Bluetooth: Wrong link type (-22)
[  152.281129][ T4636] Bluetooth: Unknown BR/EDR signaling command 0x0e
[  152.283618][ T4636] Bluetooth: Wrong link type (-22)
[  152.287610][ T4636] Bluetooth: hci2: link tx timeout
[  152.355965][ T4636] Bluetooth: hci1: Received unexpected HCI Event 0x00
[  152.619008][ T5213] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  152.623442][ T5213] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  152.628286][ T5213] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  152.646513][ T5213] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  152.650743][ T5213] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  152.654421][ T5213] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  152.924740][   T56] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  152.967729][ T6920] chnl_net:caif_netlink_parms(): no params data found
[  153.033105][   T56] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  153.129730][ T6920] bridge0: port 1(bridge_slave_0) entered blocking state
[  153.132904][ T6920] bridge0: port 1(bridge_slave_0) entered disabled state
[  153.138157][ T6920] bridge_slave_0: entered allmulticast mode
[  153.141970][ T6920] bridge_slave_0: entered promiscuous mode
[  153.161266][   T56] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  153.170771][ T6920] bridge0: port 2(bridge_slave_1) entered blocking state
[  153.174351][ T6920] bridge0: port 2(bridge_slave_1) entered disabled state
[  153.177516][ T6920] bridge_slave_1: entered allmulticast mode
[  153.181635][ T6920] bridge_slave_1: entered promiscuous mode
[  153.242622][ T6920] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  153.257015][   T56] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  153.272072][ T6920] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  153.335072][ T6920] team0: Port device team_slave_0 added
[  153.340126][ T6920] team0: Port device team_slave_1 added
[  153.401522][ T6920] batman_adv: batadv0: Adding interface: batadv_slave_0
[  153.406725][ T6920] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  153.417853][ T6920] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  153.424474][ T6920] batman_adv: batadv0: Adding interface: batadv_slave_1
[  153.427098][ T6920] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  153.440383][ T6920] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  153.566847][ T6920] hsr_slave_0: entered promiscuous mode
[  153.570325][ T6920] hsr_slave_1: entered promiscuous mode
[  153.574642][ T6920] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  153.578637][ T6920] Cannot create hsr debugfs directory
[  153.646756][   T56] bridge_slave_1: left allmulticast mode
[  153.649214][   T56] bridge_slave_1: left promiscuous mode
[  153.652552][   T56] bridge0: port 2(bridge_slave_1) entered disabled state
[  153.659959][   T56] bridge_slave_0: left allmulticast mode
[  153.662390][   T56] bridge_slave_0: left promiscuous mode
[  153.665209][   T56] bridge0: port 1(bridge_slave_0) entered disabled state
[  154.076074][   T56] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  154.093229][   T56] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  154.100775][   T56] bond0 (unregistering): Released all slaves
[  154.673669][   T56] hsr_slave_0: left promiscuous mode
[  154.681453][   T56] hsr_slave_1: left promiscuous mode
[  154.688306][   T56] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  154.691697][   T56] batman_adv: batadv0: Removing interface: batadv_slave_0
[  154.699402][   T56] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  154.702686][   T56] batman_adv: batadv0: Removing interface: batadv_slave_1
[  154.704612][ T4636] Bluetooth: hci3: command tx timeout
[  154.744289][   T56] veth1_macvtap: left promiscuous mode
[  154.747897][   T56] veth0_macvtap: left promiscuous mode
[  154.750312][   T56] veth1_vlan: left promiscuous mode
[  154.753618][   T56] veth0_vlan: left promiscuous mode
[  155.624720][   T56] team0 (unregistering): Port device team_slave_1 removed
[  155.705752][   T56] team0 (unregistering): Port device team_slave_0 removed
[  155.802307][   T39] kauditd_printk_skb: 23 callbacks suppressed
[  155.802322][   T39] audit: type=1400 audit(1720870932.184:247): avc:  denied  { setopt } for  pid=6956 comm="syz.0.444" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  155.834592][   T39] audit: type=1400 audit(1720870932.204:248): avc:  denied  { bind } for  pid=6956 comm="syz.0.444" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  155.843338][   T39] audit: type=1400 audit(1720870932.204:249): avc:  denied  { name_bind } for  pid=6956 comm="syz.0.444" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=sctp_socket permissive=1
[  155.853312][   T39] audit: type=1400 audit(1720870932.204:250): avc:  denied  { node_bind } for  pid=6956 comm="syz.0.444" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=sctp_socket permissive=1
[  155.937432][   T39] audit: type=1400 audit(1720870932.314:251): avc:  denied  { connect } for  pid=6959 comm="syz.2.446" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  155.958744][   T39] audit: type=1400 audit(1720870932.324:252): avc:  denied  { setopt } for  pid=6959 comm="syz.2.446" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  155.988194][   T39] audit: type=1400 audit(1720870932.334:253): avc:  denied  { getopt } for  pid=6959 comm="syz.2.446" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  155.999842][   T39] audit: type=1326 audit(1720870932.344:254): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6959 comm="syz.2.446" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc175175bd9 code=0x0
[  156.009685][   T39] audit: type=1400 audit(1720870932.344:255): avc:  denied  { listen } for  pid=6956 comm="syz.0.444" lport=20000 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  156.022615][   T39] audit: type=1400 audit(1720870932.404:256): avc:  denied  { name_bind } for  pid=6956 comm="syz.0.444" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1
[  156.066243][ T6971] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  156.728110][ T4636] Bluetooth: hci0: Received unexpected HCI Event 0x00
[  156.745051][ T6963] netlink: 12 bytes leftover after parsing attributes in process `syz.0.444'.
[  156.803825][ T4636] Bluetooth: hci3: command tx timeout
[  156.920590][ T4636] Bluetooth: hci1: Received unexpected HCI Event 0x00
[  156.997139][ T6920] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  157.069812][ T6920] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  157.150954][ T6920] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  157.188281][ T6920] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  157.368461][ T6920] 8021q: adding VLAN 0 to HW filter on device bond0
[  157.381677][ T6920] 8021q: adding VLAN 0 to HW filter on device team0
[  157.401815][ T5236] bridge0: port 1(bridge_slave_0) entered blocking state
[  157.404832][ T5236] bridge0: port 1(bridge_slave_0) entered forwarding state
[  157.438843][ T5236] bridge0: port 2(bridge_slave_1) entered blocking state
[  157.442303][ T5236] bridge0: port 2(bridge_slave_1) entered forwarding state
[  157.511259][ T6920] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  157.871809][ T6920] 8021q: adding VLAN 0 to HW filter on device batadv0
[  157.919851][ T6920] veth0_vlan: entered promiscuous mode
[  157.927419][ T6920] veth1_vlan: entered promiscuous mode
[  157.962197][ T6920] veth0_macvtap: entered promiscuous mode
[  157.991798][ T6920] veth1_macvtap: entered promiscuous mode
[  158.082613][ T6920] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  158.086683][ T6920] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  158.090562][ T6920] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  158.094969][ T6920] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  158.106681][ T6920] batman_adv: batadv0: Interface activated: batadv_slave_0
[  158.116502][ T6920] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  158.121615][ T6920] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  158.127636][ T6920] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  158.136160][ T6920] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  158.136196][ T6920] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  158.136207][ T6920] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  158.137814][ T6920] batman_adv: batadv0: Interface activated: batadv_slave_1
[  158.145290][ T6920] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  158.145321][ T6920] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  158.145346][ T6920] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  158.145368][ T6920] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  158.272173][ T1094] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  158.275457][ T1094] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  158.300966][ T1094] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  158.310411][ T1094] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  158.483338][ T7020] dccp_invalid_packet: P.Data Offset(0) too small
[  158.490710][ T7021] fuse: Unknown parameter 'euid<00000000000000000000'
[  158.571930][ T7024] Failed to get privilege flags for destination (handle=0x0:0x0)
[  158.988150][ T4636] Bluetooth: hci3: command tx timeout
[  159.804410][ T4636] Bluetooth: hci3: Received unexpected HCI Event 0x00
[  160.042630][ T7060] netlink: 36 bytes leftover after parsing attributes in process `syz.1.465'.
[  160.101879][ T7062] FAULT_INJECTION: forcing a failure.
[  160.101879][ T7062] name fail_usercopy, interval 1, probability 0, space 0, times 1
[  160.116646][ T7062] CPU: 0 PID: 7062 Comm: syz.0.464 Not tainted 6.10.0-rc7-syzkaller-00254-g528dd46d0fc3 #0
[  160.134441][ T7062] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  160.142240][ T7062] Call Trace:
[  160.143608][ T7062]  <TASK>
[  160.144736][ T7062]  dump_stack_lvl+0x16c/0x1f0
[  160.146564][ T7062]  should_fail_ex+0x497/0x5b0
[  160.148372][ T7062]  _copy_from_user+0x30/0xf0
[  160.150129][ T7062]  get_timespec64+0x8c/0x240
[  160.151931][ T7062]  ? __pfx_get_timespec64+0x10/0x10
[  160.153925][ T7062]  __x64_sys_clock_nanosleep+0x1ce/0x4a0
[  160.156070][ T7062]  ? __pfx___x64_sys_clock_nanosleep+0x10/0x10
[  160.180043][ T7062]  do_syscall_64+0xcd/0x250
[  160.181890][ T7062]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  160.184185][ T7062] RIP: 0033:0x7f63af775bd9
[  160.185905][ T7062] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  160.194299][ T7062] RSP: 002b:00007f63b05ee048 EFLAGS: 00000246 ORIG_RAX: 00000000000000e6
[  160.197797][ T7062] RAX: ffffffffffffffda RBX: 00007f63af904038 RCX: 00007f63af775bd9
[  160.201410][ T7062] RDX: 00000000200000c0 RSI: 0000000000000000 RDI: 0000000000000008
[  160.205076][ T7062] RBP: 00007f63b05ee0a0 R08: 0000000000000000 R09: 0000000000000000
[  160.208405][ T7062] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  160.211671][ T7062] R13: 000000000000006e R14: 00007f63af904038 R15: 00007ffec3f794f8
[  160.215824][ T7062]  </TASK>
[  160.790246][ T7069] netlink: 12 bytes leftover after parsing attributes in process `syz.1.467'.
[  161.224820][ T4636] Bluetooth: hci2: Received unexpected HCI Event 0x00
[  161.242424][   T39] kauditd_printk_skb: 30 callbacks suppressed
[  161.242438][   T39] audit: type=1400 audit(1720870937.624:287): avc:  denied  { open } for  pid=7075 comm="syz.2.469" path="/dev/ptyq9" dev="devtmpfs" ino=138 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bsdpty_device_t tclass=chr_file permissive=1
[  161.904860][ T4636] Bluetooth: hci3: command tx timeout
[  162.002189][ T7101] FAULT_INJECTION: forcing a failure.
[  162.002189][ T7101] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  162.007772][ T7101] CPU: 1 PID: 7101 Comm: syz.0.475 Not tainted 6.10.0-rc7-syzkaller-00254-g528dd46d0fc3 #0
[  162.012587][ T7101] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  162.023272][ T7101] Call Trace:
[  162.025384][ T7101]  <TASK>
[  162.027189][ T7101]  dump_stack_lvl+0x16c/0x1f0
[  162.030191][ T7101]  should_fail_ex+0x497/0x5b0
[  162.033112][ T7101]  _copy_from_user+0x30/0xf0
[  162.035977][ T7101]  copy_msghdr_from_user+0x99/0x160
[  162.038284][ T7101]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  162.041114][ T7101]  ? find_held_lock+0x2d/0x110
[  162.043854][ T7101]  ___sys_recvmsg+0xdc/0x1a0
[  162.046285][ T7101]  ? __pfx____sys_recvmsg+0x10/0x10
[  162.048777][ T7101]  ? __fget_light+0x173/0x210
[  162.052044][ T7101]  __sys_recvmsg+0x114/0x1e0
[  162.054903][ T7101]  ? __pfx___sys_recvmsg+0x10/0x10
[  162.057496][ T7101]  do_syscall_64+0xcd/0x250
[  162.060252][ T7101]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  162.063849][ T7101] RIP: 0033:0x7f63af775bd9
[  162.066033][ T7101] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  162.077563][ T7101] RSP: 002b:00007f63b05ee048 EFLAGS: 00000246 ORIG_RAX: 000000000000002f
[  162.081654][ T7101] RAX: ffffffffffffffda RBX: 00007f63af904038 RCX: 00007f63af775bd9
[  162.085248][ T7101] RDX: 0000000000000002 RSI: 0000000020000500 RDI: 0000000000000005
[  162.089140][ T7101] RBP: 00007f63b05ee0a0 R08: 0000000000000000 R09: 0000000000000000
[  162.093077][ T7101] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  162.097045][ T7101] R13: 000000000000006e R14: 00007f63af904038 R15: 00007ffec3f794f8
[  162.101141][ T7101]  </TASK>
[  162.142543][   T39] audit: type=1400 audit(1720870938.524:288): avc:  denied  { create } for  pid=7102 comm="syz.3.476" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  162.151798][   T39] audit: type=1400 audit(1720870938.524:289): avc:  denied  { write } for  pid=7102 comm="syz.3.476" path="socket:[15637]" dev="sockfs" ino=15637 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  162.340259][   T39] audit: type=1800 audit(1720870938.724:290): pid=7109 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.3.477" name="/" dev="fuse" ino=1 res=0 errno=0
[  162.725207][   T39] audit: type=1800 audit(1720870939.114:291): pid=7114 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.1.478" name="/" dev="fuse" ino=1 res=0 errno=0
[  162.855156][ T4636] Bluetooth: hci1: Received unexpected HCI Event 0x00
[  162.993370][ T4636] Bluetooth: hci0: Received unexpected HCI Event 0x00
[  163.133107][ T4636] Bluetooth: hci1: Received unexpected HCI Event 0x00
[  163.348781][ T7128] syz.2.482 uses obsolete (PF_INET,SOCK_PACKET)
[  163.803932][   T39] audit: type=1400 audit(1720870940.184:292): avc:  denied  { write } for  pid=7129 comm="syz.2.483" name="nullb0" dev="devtmpfs" ino=691 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  163.813451][   T39] audit: type=1400 audit(1720870940.194:293): avc:  denied  { map } for  pid=7129 comm="syz.2.483" path="/dev/nullb0" dev="devtmpfs" ino=691 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  164.115663][   T39] audit: type=1326 audit(1720870940.504:294): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7129 comm="syz.2.483" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc175175bd9 code=0x0
[  164.447064][ T5261] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[  164.694971][ T5261] usb 7-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[  164.703984][ T5261] usb 7-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  164.712226][ T5261] usb 7-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  164.728963][ T5261] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  164.742921][ T5261] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  164.824639][ T5261] usb 7-1: invalid MIDI out EP 0
[  165.032987][ T5261] snd-usb-audio 7-1:27.0: probe with driver snd-usb-audio failed with error -22
[  165.114254][ T5261] usb 7-1: USB disconnect, device number 2
[  165.125014][ T7140] udevd[7140]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb7/7-1/7-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  165.420328][ T7144] netlink: 'syz.1.487': attribute type 1 has an invalid length.
[  165.421116][ T7145] FAULT_INJECTION: forcing a failure.
[  165.421116][ T7145] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  165.442798][ T7145] CPU: 0 PID: 7145 Comm: syz.3.486 Not tainted 6.10.0-rc7-syzkaller-00254-g528dd46d0fc3 #0
[  165.450793][ T7145] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  165.456153][ T7145] Call Trace:
[  165.457720][ T7145]  <TASK>
[  165.459146][ T7145]  dump_stack_lvl+0x16c/0x1f0
[  165.461444][ T7145]  should_fail_ex+0x497/0x5b0
[  165.464001][ T7145]  _copy_from_user+0x30/0xf0
[  165.466611][ T7145]  copy_msghdr_from_user+0x99/0x160
[  165.469225][ T7145]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  165.472006][ T7145]  ? __pfx___lock_acquire+0x10/0x10
[  165.474644][ T7145]  ___sys_sendmsg+0xff/0x1e0
[  165.476761][ T7145]  ? __pfx____sys_sendmsg+0x10/0x10
[  165.479229][ T7145]  ? __pfx_lock_release+0x10/0x10
[  165.481574][ T7145]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  165.484295][ T7145]  ? __fget_light+0x173/0x210
[  165.486526][ T7145]  __sys_sendmmsg+0x1a1/0x450
[  165.488629][ T7145]  ? __pfx___sys_sendmmsg+0x10/0x10
[  165.491526][ T7145]  ? vfs_write+0x14d/0x1140
[  165.493921][ T7145]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  165.496539][ T7145]  ? fput+0x32/0x390
[  165.498308][ T7145]  ? ksys_write+0x1ab/0x260
[  165.500432][ T7145]  ? __pfx_ksys_write+0x10/0x10
[  165.502651][ T7145]  __x64_sys_sendmmsg+0x9c/0x100
[  165.505099][ T7145]  ? lockdep_hardirqs_on+0x7c/0x110
[  165.507646][ T7145]  do_syscall_64+0xcd/0x250
[  165.510000][ T7145]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  165.512759][ T7145] RIP: 0033:0x7f1468b75bd9
[  165.514875][ T7145] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  165.523309][ T7145] RSP: 002b:00007f1469a29048 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  165.527159][ T7145] RAX: ffffffffffffffda RBX: 00007f1468d03f60 RCX: 00007f1468b75bd9
[  165.530664][ T7145] RDX: 0000000000000002 RSI: 0000000020005080 RDI: 0000000000000003
[  165.534246][ T7145] RBP: 00007f1469a290a0 R08: 0000000000000000 R09: 0000000000000000
[  165.537715][ T7145] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  165.541479][ T7145] R13: 000000000000000b R14: 00007f1468d03f60 R15: 00007fff448fb9c8
[  165.545543][ T7145]  </TASK>
[  165.653888][   T39] audit: type=1400 audit(1720870942.034:295): avc:  denied  { write } for  pid=7146 comm="syz.1.488" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  165.668196][ T4636] Bluetooth: hci2: Received unexpected HCI Event 0x00
[  165.790756][   T39] audit: type=1400 audit(1720870942.174:296): avc:  denied  { execute } for  pid=7153 comm="syz.0.490" path="/132/cpu.stat" dev="tmpfs" ino=734 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[  165.864232][ T4636] Bluetooth: hci0: Received unexpected HCI Event 0x00
[  165.940659][ T7160] pim6reg1: entered promiscuous mode
[  165.946408][ T7160] pim6reg1: entered allmulticast mode
[  165.958973][ T4636] Bluetooth: hci1: Received unexpected HCI Event 0x00
[  166.283875][   T35] usb 8-1: new high-speed USB device number 2 using dummy_hcd
[  166.401404][   T39] kauditd_printk_skb: 6 callbacks suppressed
[  166.401472][   T39] audit: type=1800 audit(1720870942.784:303): pid=7176 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.0.495" name="/" dev="fuse" ino=1 res=0 errno=0
[  166.481125][   T35] usb 8-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  166.486257][   T35] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 3
[  166.494825][   T35] usb 8-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  166.502597][   T35] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  166.509151][   T35] usb 8-1: SerialNumber: syz
[  167.259261][ T4636] Bluetooth: hci0: Received unexpected HCI Event 0x00
[  167.291796][   T35] usb 8-1: 0:2 : does not exist
[  167.294177][   T35] usb 8-1: unit 5 not found!
[  167.317323][   T35] usb 8-1: USB disconnect, device number 2
[  167.400567][ T7193] FAULT_INJECTION: forcing a failure.
[  167.400567][ T7193] name failslab, interval 1, probability 0, space 0, times 1
[  167.406817][ T7193] CPU: 0 PID: 7193 Comm: syz.2.500 Not tainted 6.10.0-rc7-syzkaller-00254-g528dd46d0fc3 #0
[  167.411257][ T7193] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  167.416096][ T7193] Call Trace:
[  167.417801][ T7193]  <TASK>
[  167.418927][ T7193]  dump_stack_lvl+0x16c/0x1f0
[  167.421329][ T7193]  should_fail_ex+0x497/0x5b0
[  167.423333][ T7193]  should_failslab+0x9/0x20
[  167.425293][ T7193]  __kmalloc_noprof+0xcf/0x410
[  167.431588][ T7193]  ? __pfx_lock_acquire+0x10/0x10
[  167.434742][ T7193]  tomoyo_realpath_from_path+0xb9/0x720
[  167.437060][ T7193]  ? tomoyo_profile+0x47/0x60
[  167.439038][ T7193]  tomoyo_path_number_perm+0x245/0x590
[  167.441339][ T7193]  ? tomoyo_path_number_perm+0x232/0x590
[  167.443637][ T7193]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  167.457626][ T7193]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  167.460669][ T7193]  ? __fget_files+0x256/0x400
[  167.462876][ T7193]  security_file_ioctl+0x75/0xc0
[  167.464990][ T7193]  __x64_sys_ioctl+0xbb/0x220
[  167.467084][ T7193]  do_syscall_64+0xcd/0x250
[  167.469046][ T7193]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  167.471462][ T7193] RIP: 0033:0x7fc175175bd9
[  167.473366][ T7193] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  167.483343][ T7193] RSP: 002b:00007fc175fd5048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  167.486976][ T7193] RAX: ffffffffffffffda RBX: 00007fc175303f60 RCX: 00007fc175175bd9
[  167.490777][ T7193] RDX: 0000000020000040 RSI: 0000000000008914 RDI: 0000000000000006
[  167.494924][ T7193] RBP: 00007fc175fd50a0 R08: 0000000000000000 R09: 0000000000000000
[  167.498408][ T7193] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  167.501595][ T7193] R13: 000000000000000b R14: 00007fc175303f60 R15: 00007ffecfee2538
[  167.504921][ T7193]  </TASK>
[  167.508137][ T7193] ERROR: Out of memory at tomoyo_realpath_from_path.
[  167.596048][ T5202] udevd[5202]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb8/8-1/8-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  167.648679][   T39] audit: type=1400 audit(1720870944.034:304): avc:  denied  { write } for  pid=7194 comm="syz.2.501" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  167.648959][ T7196] netlink: 16 bytes leftover after parsing attributes in process `syz.2.501'.
[  167.658819][   T39] audit: type=1400 audit(1720870944.034:305): avc:  denied  { nlmsg_write } for  pid=7194 comm="syz.2.501" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  168.016395][ T4636] Bluetooth: hci0: Received unexpected HCI Event 0x00
[  168.222876][   T39] audit: type=1400 audit(1720870944.604:306): avc:  denied  { nlmsg_read } for  pid=7204 comm="syz.3.505" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  168.224489][ T7205] FAULT_INJECTION: forcing a failure.
[  168.224489][ T7205] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  168.245550][ T7205] CPU: 2 PID: 7205 Comm: syz.3.505 Not tainted 6.10.0-rc7-syzkaller-00254-g528dd46d0fc3 #0
[  168.249882][ T7205] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  168.254580][ T7205] Call Trace:
[  168.256013][ T7205]  <TASK>
[  168.261588][ T7205]  dump_stack_lvl+0x16c/0x1f0
[  168.263581][ T7205]  should_fail_ex+0x497/0x5b0
[  168.265717][ T4636] Bluetooth: hci0: Received unexpected HCI Event 0x00
[  168.267473][ T7205]  _copy_from_user+0x30/0xf0
[  168.272247][ T7205]  copy_msghdr_from_user+0x99/0x160
[  168.274572][ T7205]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  168.277137][ T7205]  ? find_held_lock+0x2d/0x110
[  168.279189][ T7205]  ___sys_recvmsg+0xdc/0x1a0
[  168.291458][ T7205]  ? __pfx____sys_recvmsg+0x10/0x10
[  168.293539][ T7205]  ? __fget_light+0x173/0x210
[  168.303387][ T7205]  do_recvmmsg+0x2ba/0x750
[  168.305957][ T7205]  ? __pfx_do_recvmmsg+0x10/0x10
[  168.308847][ T7205]  ? vfs_write+0x14d/0x1140
[  168.311236][ T7205]  ? __mutex_unlock_slowpath+0x164/0x650
[  168.326935][ T7205]  __x64_sys_recvmmsg+0x239/0x290
[  168.328972][ T7205]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  168.331404][ T7205]  do_syscall_64+0xcd/0x250
[  168.333592][ T7205]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  168.336792][ T7205] RIP: 0033:0x7f1468b75bd9
[  168.338983][ T7205] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  168.348017][ T7205] RSP: 002b:00007f1469a29048 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  168.351575][ T7205] RAX: ffffffffffffffda RBX: 00007f1468d03f60 RCX: 00007f1468b75bd9
[  168.354909][ T7205] RDX: 0000000000000001 RSI: 0000000020006ec0 RDI: 0000000000000003
[  168.358286][ T7205] RBP: 00007f1469a290a0 R08: 0000000000000000 R09: 0000000000000000
[  168.361243][ T7205] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  168.364150][ T7205] R13: 000000000000000b R14: 00007f1468d03f60 R15: 00007fff448fb9c8
[  168.367068][ T7205]  </TASK>
[  168.391237][   T39] audit: type=1400 audit(1720870944.774:307): avc:  denied  { read write } for  pid=7206 comm="syz.2.506" name="vhost-vsock" dev="devtmpfs" ino=1116 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  168.417591][   T39] audit: type=1400 audit(1720870944.804:308): avc:  denied  { open } for  pid=7206 comm="syz.2.506" path="/dev/vhost-vsock" dev="devtmpfs" ino=1116 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  168.446173][   T39] audit: type=1400 audit(1720870944.804:309): avc:  denied  { ioctl } for  pid=7206 comm="syz.2.506" path="/dev/vhost-vsock" dev="devtmpfs" ino=1116 ioctlcmd=0xaf01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  168.551452][   T39] audit: type=1400 audit(1720870944.934:310): avc:  denied  { append } for  pid=7209 comm="syz.3.507" name="001" dev="devtmpfs" ino=726 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1
[  169.151716][ T7215] fuse: Bad value for 'group_id'
[  169.179601][   T39] audit: type=1400 audit(1720870945.564:311): avc:  denied  { create } for  pid=7214 comm="syz.1.508" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[  169.232886][   T39] audit: type=1400 audit(1720870945.614:312): avc:  denied  { create } for  pid=7222 comm="syz.0.509" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[  169.257888][ T7221] netlink: 'syz.2.510': attribute type 8 has an invalid length.
[  169.307081][ T7225] netlink: 'syz.3.511': attribute type 8 has an invalid length.
[  169.325305][ T7227] FAULT_INJECTION: forcing a failure.
[  169.325305][ T7227] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  169.332103][ T7227] CPU: 1 PID: 7227 Comm: syz.2.513 Not tainted 6.10.0-rc7-syzkaller-00254-g528dd46d0fc3 #0
[  169.336540][ T7227] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  169.341512][ T7227] Call Trace:
[  169.343217][ T7227]  <TASK>
[  169.344550][ T7227]  dump_stack_lvl+0x16c/0x1f0
[  169.362331][ T7227]  should_fail_ex+0x497/0x5b0
[  169.364446][ T7227]  _copy_from_user+0x30/0xf0
[  169.366563][ T7227]  copy_msghdr_from_user+0x99/0x160
[  169.368884][ T7227]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  169.371471][ T7227]  ? find_held_lock+0x2d/0x110
[  169.373430][ T7227]  ? __pfx___lock_acquire+0x10/0x10
[  169.385214][ T7227]  ___sys_sendmsg+0xff/0x1e0
[  169.387294][ T7227]  ? __pfx____sys_sendmsg+0x10/0x10
[  169.389762][ T7227]  ? ksys_write+0x21c/0x260
[  169.392679][ T7227]  ? __fget_light+0x173/0x210
[  169.395674][ T7227]  __sys_sendmsg+0x117/0x1f0
[  169.399100][ T7227]  ? __pfx___sys_sendmsg+0x10/0x10
[  169.402010][ T7227]  do_syscall_64+0xcd/0x250
[  169.404861][ T7227]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  169.408007][ T7227] RIP: 0033:0x7fc175175bd9
[  169.410356][ T7227] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  169.420346][ T7227] RSP: 002b:00007fc175fd5048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  169.425304][ T7227] RAX: ffffffffffffffda RBX: 00007fc175303f60 RCX: 00007fc175175bd9
[  169.429067][ T7227] RDX: 0000000000000000 RSI: 00000000200071c0 RDI: 0000000000000003
[  169.432772][ T7227] RBP: 00007fc175fd50a0 R08: 0000000000000000 R09: 0000000000000000
[  169.436629][ T7227] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  169.440079][ T7227] R13: 000000000000000b R14: 00007fc175303f60 R15: 00007ffecfee2538
[  169.444395][ T7227]  </TASK>
[  169.500500][ T7234] netlink: 60 bytes leftover after parsing attributes in process `syz.2.515'.
[  169.518816][ T7234] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=7234 comm=syz.2.515
[  169.582160][ T7240] REISERFS warning (device nullb0): super-6502 reiserfs_getopt: unknown mount option ""
[  169.626443][ T7245] FAULT_INJECTION: forcing a failure.
[  169.626443][ T7245] name failslab, interval 1, probability 0, space 0, times 0
[  169.631846][ T7245] CPU: 3 PID: 7245 Comm: syz.1.519 Not tainted 6.10.0-rc7-syzkaller-00254-g528dd46d0fc3 #0
[  169.636160][ T7245] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  169.640935][ T7245] Call Trace:
[  169.642434][ T7245]  <TASK>
[  169.643748][ T7245]  dump_stack_lvl+0x16c/0x1f0
[  169.645952][ T7245]  should_fail_ex+0x497/0x5b0
[  169.648042][ T7245]  should_failslab+0x9/0x20
[  169.650085][ T7245]  __kmalloc_noprof+0xcf/0x410
[  169.652190][ T7245]  ? __pfx_lock_acquire+0x10/0x10
[  169.654229][ T7245]  tomoyo_realpath_from_path+0xb9/0x720
[  169.657035][ T7245]  ? tomoyo_profile+0x47/0x60
[  169.659264][ T7245]  tomoyo_path_number_perm+0x245/0x590
[  169.661886][ T7245]  ? tomoyo_path_number_perm+0x232/0x590
[  169.664339][ T7245]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  169.666843][ T7245]  ? proc_fail_nth_write+0xa0/0x270
[  169.668887][ T7245]  ? __pfx_do_sys_openat2+0x10/0x10
[  169.671170][ T7245]  ? __fget_light+0x173/0x210
[  169.673407][ T7245]  security_file_ioctl+0x75/0xc0
[  169.675849][ T7245]  __x64_sys_ioctl+0xbb/0x220
[  169.677925][ T7245]  do_syscall_64+0xcd/0x250
[  169.679986][ T7245]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  169.682633][ T7245] RIP: 0033:0x7f75adb75bd9
[  169.684469][ T7245] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  169.692738][ T7245] RSP: 002b:00007f75ad5ff048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  169.696355][ T7245] RAX: ffffffffffffffda RBX: 00007f75add03f60 RCX: 00007f75adb75bd9
[  169.699707][ T7245] RDX: 00000000200000c0 RSI: 0000000080045510 RDI: 0000000000000004
[  169.703303][ T7245] RBP: 00007f75ad5ff0a0 R08: 0000000000000000 R09: 0000000000000000
[  169.706874][ T7245] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  169.710419][ T7245] R13: 000000000000000b R14: 00007f75add03f60 R15: 00007fff3bda0938
[  169.713985][ T7245]  </TASK>
[  169.718041][ T7245] ERROR: Out of memory at tomoyo_realpath_from_path.
[  169.942094][ T7258] netlink: 32 bytes leftover after parsing attributes in process `syz.0.522'.
[  171.110757][ T4636] Bluetooth: hci1: Received unexpected HCI Event 0x00
[  171.231556][ T4636] Bluetooth: hci2: ISO packet for unknown connection handle 0
[  171.381729][ T7284] netlink: 32 bytes leftover after parsing attributes in process `syz.0.531'.
[  171.490617][ T4636] Bluetooth: hci1: Received unexpected HCI Event 0x00
[  171.908901][   T39] kauditd_printk_skb: 7 callbacks suppressed
[  171.908914][   T39] audit: type=1326 audit(1720870948.294:320): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7289 comm="syz.2.530" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc175175bd9 code=0x0
[  172.039319][ T7300] fuse: Unknown parameter 'euid<00000000000000000000'
[  172.096736][   T35] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  172.189379][ T4636] Bluetooth: hci2: ISO packet for unknown connection handle 0
[  172.243987][ T5236] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[  172.280413][   T35] usb 6-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08
[  172.284811][   T35] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  172.291511][   T35] usb 6-1: config 0 descriptor??
[  172.425848][ T5236] usb 7-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[  172.430604][ T5236] usb 7-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  172.436017][ T5236] usb 7-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  172.441551][ T5236] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  172.453192][ T5236] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  172.480596][ T5236] usb 7-1: invalid MIDI out EP 0
[  172.528021][ T5236] snd-usb-audio 7-1:27.0: probe with driver snd-usb-audio failed with error -22
[  172.557780][ T7141] udevd[7141]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb7/7-1/7-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  172.709529][ T5204] usb 7-1: USB disconnect, device number 3
[  172.997686][ T7307] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=7307 comm=syz.3.538
[  173.024053][ T4636] Bluetooth: hci2: command 0x0406 tx timeout
[  173.084646][ T4636] Bluetooth: hci1: Received unexpected HCI Event 0x00
[  173.088836][   T39] audit: type=1400 audit(1720870949.474:321): avc:  denied  { bind } for  pid=7306 comm="syz.3.538" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  173.189239][ T7307] capability: warning: `syz.3.538' uses 32-bit capabilities (legacy support in use)
[  173.200538][   T39] audit: type=1400 audit(1720870949.584:322): avc:  denied  { read } for  pid=7306 comm="syz.3.538" name="loop-control" dev="devtmpfs" ino=657 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[  173.229168][ T7317] FAULT_INJECTION: forcing a failure.
[  173.229168][ T7317] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  173.235541][ T7317] CPU: 1 PID: 7317 Comm: syz.0.540 Not tainted 6.10.0-rc7-syzkaller-00254-g528dd46d0fc3 #0
[  173.240076][ T7317] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  173.245200][ T7317] Call Trace:
[  173.247158][ T7317]  <TASK>
[  173.248434][ T7317]  dump_stack_lvl+0x16c/0x1f0
[  173.250087][   T39] audit: type=1400 audit(1720870949.584:323): avc:  denied  { open } for  pid=7306 comm="syz.3.538" path="/dev/loop-control" dev="devtmpfs" ino=657 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[  173.250462][ T7317]  should_fail_ex+0x497/0x5b0
[  173.277451][ T7317]  _copy_from_user+0x30/0xf0
[  173.279370][ T7317]  dccp_setsockopt+0x771/0xa90
[  173.281193][ T7317]  ? __pfx_dccp_setsockopt+0x10/0x10
[  173.283127][ T7317]  ? selinux_socket_setsockopt+0x6a/0x80
[  173.284821][ T7317]  ? sock_common_setsockopt+0x2e/0xf0
[  173.288808][ T7317]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  173.291834][ T7317]  do_sock_setsockopt+0x222/0x480
[  173.294187][ T7317]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  173.296470][ T7317]  ? __fget_light+0x173/0x210
[  173.298441][ T7317]  __sys_setsockopt+0x1a4/0x270
[  173.300337][ T7317]  ? __pfx___sys_setsockopt+0x10/0x10
[  173.303130][ T7317]  ? fput+0x32/0x390
[  173.306309][ T7317]  ? ksys_write+0x1ab/0x260
[  173.308267][ T7317]  ? __pfx_ksys_write+0x10/0x10
[  173.314219][ T7317]  __x64_sys_setsockopt+0xbd/0x160
[  173.316203][ T7317]  ? do_syscall_64+0x91/0x250
[  173.318119][ T7317]  ? lockdep_hardirqs_on+0x7c/0x110
[  173.320654][ T7317]  do_syscall_64+0xcd/0x250
[  173.322973][ T7317]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  173.326035][ T7317] RIP: 0033:0x7f63af775bd9
[  173.328238][ T7317] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  173.336610][ T7317] RSP: 002b:00007f63b060f048 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  173.339975][ T7317] RAX: ffffffffffffffda RBX: 00007f63af903f60 RCX: 00007f63af775bd9
[  173.343251][ T7317] RDX: 000000000000000b RSI: 000000000000010d RDI: 0000000000000003
[  173.346812][ T7317] RBP: 00007f63b060f0a0 R08: 0000000000000004 R09: 0000000000000000
[  173.349981][ T7317] R10: 0000000020000000 R11: 0000000000000246 R12: 0000000000000001
[  173.352424][ T7317] R13: 000000000000000b R14: 00007f63af903f60 R15: 00007ffec3f794f8
[  173.355779][ T7317]  </TASK>
[  173.524698][ T4636] Bluetooth: hci0: ACL packet for unknown connection handle 200
[  173.673803][   T39] audit: type=1400 audit(1720870950.054:324): avc:  denied  { ioctl } for  pid=7334 comm="syz.0.545" path="/dev/sg0" dev="devtmpfs" ino=705 ioctlcmd=0x2285 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[  173.712141][ T7335] FAULT_INJECTION: forcing a failure.
[  173.712141][ T7335] name failslab, interval 1, probability 0, space 0, times 0
[  173.718857][ T7335] CPU: 0 PID: 7335 Comm: syz.0.545 Not tainted 6.10.0-rc7-syzkaller-00254-g528dd46d0fc3 #0
[  173.722447][ T7335] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  173.727277][ T7335] Call Trace:
[  173.728509][ T7335]  <TASK>
[  173.729791][ T7335]  dump_stack_lvl+0x16c/0x1f0
[  173.731888][ T7335]  should_fail_ex+0x497/0x5b0
[  173.733795][ T7335]  should_failslab+0x9/0x20
[  173.735337][ T7335]  kmem_cache_alloc_noprof+0x6e/0x2f0
[  173.737297][ T7335]  ? getname_flags.part.0+0x50/0x4f0
[  173.739524][ T7335]  getname_flags.part.0+0x50/0x4f0
[  173.742127][ T7335]  ? __pfx_ksys_write+0x10/0x10
[  173.744352][ T7335]  getname_flags+0x9b/0xf0
[  173.746753][ T7335]  __x64_sys_symlink+0x5a/0xa0
[  173.749462][ T7335]  do_syscall_64+0xcd/0x250
[  173.751529][ T7335]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  173.754404][ T7335] RIP: 0033:0x7f63af775bd9
[  173.756423][ T7335] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  173.765381][ T7335] RSP: 002b:00007f63b060f048 EFLAGS: 00000246 ORIG_RAX: 0000000000000058
[  173.769434][ T7335] RAX: ffffffffffffffda RBX: 00007f63af903f60 RCX: 00007f63af775bd9
[  173.773463][ T7335] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000020000080
[  173.776905][ T7335] RBP: 00007f63b060f0a0 R08: 0000000000000000 R09: 0000000000000000
[  173.780812][ T7335] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  173.784626][ T7335] R13: 000000000000000b R14: 00007f63af903f60 R15: 00007ffec3f794f8
[  173.789112][ T7335]  </TASK>
[  173.857683][ T4636] Bluetooth: hci1: Received unexpected HCI Event 0x00
[  174.008527][ T4636] Bluetooth: hci1: link tx timeout
[  174.010883][ T4636] Bluetooth: hci1: killing stalled connection 10:aa:aa:aa:aa:aa
[  174.015263][ T4636] Bluetooth: hci1: link tx timeout
[  174.018863][   T39] audit: type=1400 audit(1720870950.394:325): avc:  denied  { bind } for  pid=7341 comm="syz.0.547" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1
[  174.027541][   T39] audit: type=1400 audit(1720870950.394:326): avc:  denied  { name_bind } for  pid=7341 comm="syz.0.547" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=dccp_socket permissive=1
[  174.037054][   T39] audit: type=1400 audit(1720870950.404:327): avc:  denied  { node_bind } for  pid=7341 comm="syz.0.547" saddr=2001::1 src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=dccp_socket permissive=1
[  174.054768][   T39] audit: type=1400 audit(1720870950.404:328): avc:  denied  { listen } for  pid=7341 comm="syz.0.547" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1
[  174.249977][ T7348] FAULT_INJECTION: forcing a failure.
[  174.249977][ T7348] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  174.256896][ T7348] CPU: 1 PID: 7348 Comm: syz.0.548 Not tainted 6.10.0-rc7-syzkaller-00254-g528dd46d0fc3 #0
[  174.262194][ T7348] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  174.270578][ T7348] Call Trace:
[  174.273094][ T7348]  <TASK>
[  174.274581][ T7348]  dump_stack_lvl+0x16c/0x1f0
[  174.276915][ T7348]  should_fail_ex+0x497/0x5b0
[  174.279351][ T7348]  _copy_to_user+0x30/0xc0
[  174.281587][ T7348]  simple_read_from_buffer+0xd0/0x160
[  174.285224][ T7348]  proc_fail_nth_read+0x1b0/0x290
[  174.287945][ T7348]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  174.290322][ T7348]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  174.292834][ T7348]  vfs_read+0x1d4/0xbd0
[  174.295043][ T7348]  ? fput+0x32/0x390
[  174.297230][ T7348]  ? __fdget_pos+0xeb/0x180
[  174.300377][ T7348]  ? __pfx_vfs_read+0x10/0x10
[  174.303140][ T7348]  ? __pfx___mutex_lock+0x10/0x10
[  174.305585][ T7348]  ? __fget_files+0x256/0x400
[  174.307874][ T7348]  ksys_read+0x12f/0x260
[  174.310153][ T7348]  ? __pfx_ksys_read+0x10/0x10
[  174.312770][ T7348]  do_syscall_64+0xcd/0x250
[  174.315280][ T7348]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  174.318384][ T7348] RIP: 0033:0x7f63af7746bc
[  174.320684][ T7348] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 1f 8d 02 00 48
[  174.331106][ T7348] RSP: 002b:00007f63b05a8040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  174.335185][ T7348] RAX: ffffffffffffffda RBX: 00007f63af904110 RCX: 00007f63af7746bc
[  174.339656][ T7348] RDX: 000000000000000f RSI: 00007f63b05a80b0 RDI: 000000000000000d
[  174.343763][ T7348] RBP: 00007f63b05a80a0 R08: 0000000000000000 R09: 0000000000000000
[  174.348529][ T7348] R10: 000000007ffff000 R11: 0000000000000246 R12: 0000000000000001
[  174.352536][ T7348] R13: 000000000000006e R14: 00007f63af904110 R15: 00007ffec3f794f8
[  174.357112][ T7348]  </TASK>
[  174.445699][   T39] audit: type=1400 audit(1720870950.834:329): avc:  denied  { bind } for  pid=7350 comm="syz.2.549" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  174.465090][ T7353] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=7353 comm=syz.3.551
[  174.766158][ T4636] Bluetooth: Unknown BR/EDR signaling command 0x11
[  174.768729][ T4636] Bluetooth: Wrong link type (-22)
[  174.771095][ T4636] Bluetooth: Unknown BR/EDR signaling command 0x0e
[  174.773661][ T4636] Bluetooth: Wrong link type (-22)
[  174.779800][ T4636] Bluetooth: hci2: link tx timeout
[  174.802998][ T7379] FAULT_INJECTION: forcing a failure.
[  174.802998][ T7379] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  174.809986][ T7379] CPU: 3 PID: 7379 Comm: syz.2.559 Not tainted 6.10.0-rc7-syzkaller-00254-g528dd46d0fc3 #0
[  174.814748][ T7379] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  174.819102][ T7379] Call Trace:
[  174.820574][ T7379]  <TASK>
[  174.821756][ T7379]  dump_stack_lvl+0x16c/0x1f0
[  174.823971][ T7379]  should_fail_ex+0x497/0x5b0
[  174.836535][ T7379]  _copy_from_user+0x30/0xf0
[  174.839100][ T7379]  copy_msghdr_from_user+0x99/0x160
[  174.841634][ T7379]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  174.843968][ T7379]  ? find_held_lock+0x2d/0x110
[  174.845931][ T7379]  ? __pfx___lock_acquire+0x10/0x10
[  174.847982][ T7379]  ___sys_sendmsg+0xff/0x1e0
[  174.849679][ T7379]  ? __pfx____sys_sendmsg+0x10/0x10
[  174.851618][ T7379]  ? ksys_write+0x21c/0x260
[  174.853228][ T7379]  ? __fget_light+0x173/0x210
[  174.855524][ T7379]  __sys_sendmsg+0x117/0x1f0
[  174.858643][ T7379]  ? __pfx___sys_sendmsg+0x10/0x10
[  174.861643][ T7379]  do_syscall_64+0xcd/0x250
[  174.863710][ T7379]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  174.866170][ T7379] RIP: 0033:0x7fc175175bd9
[  174.867905][ T7379] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  174.882641][ T7379] RSP: 002b:00007fc175fd5048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  174.885883][ T7379] RAX: ffffffffffffffda RBX: 00007fc175303f60 RCX: 00007fc175175bd9
[  174.888920][ T7379] RDX: 0000000000000000 RSI: 0000000020001380 RDI: 0000000000000003
[  174.892077][ T7379] RBP: 00007fc175fd50a0 R08: 0000000000000000 R09: 0000000000000000
[  174.896310][ T7379] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  174.900362][ T7379] R13: 000000000000000b R14: 00007fc175303f60 R15: 00007ffecfee2538
[  174.904846][ T7379]  </TASK>
[  174.965621][   T35] usb 6-1: USB disconnect, device number 2
[  174.983524][ T7384] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  175.019205][ T5204] IPVS: starting estimator thread 0...
[  175.039135][ T7384] process 'syz.2.560' launched './file0' with NULL argv: empty string added
[  175.113929][ T4636] Bluetooth: hci2: command 0x0406 tx timeout
[  175.123966][ T7386] IPVS: using max 19 ests per chain, 45600 per kthread
[  175.187328][ T7395] netlink: 132 bytes leftover after parsing attributes in process `syz.0.564'.
[  175.288797][ T7399] FAULT_INJECTION: forcing a failure.
[  175.288797][ T7399] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  175.296354][ T7399] CPU: 3 PID: 7399 Comm: syz.0.566 Not tainted 6.10.0-rc7-syzkaller-00254-g528dd46d0fc3 #0
[  175.300559][ T7399] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  175.305294][ T7399] Call Trace:
[  175.307098][ T7399]  <TASK>
[  175.308489][ T7399]  dump_stack_lvl+0x16c/0x1f0
[  175.310804][ T7399]  should_fail_ex+0x497/0x5b0
[  175.312897][ T7399]  _copy_from_user+0x30/0xf0
[  175.314895][ T7399]  copy_msghdr_from_user+0x99/0x160
[  175.317144][ T7399]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  175.319620][ T7399]  ? find_held_lock+0x2d/0x110
[  175.321518][ T7399]  ? __pfx___lock_acquire+0x10/0x10
[  175.323548][ T7399]  ___sys_sendmsg+0xff/0x1e0
[  175.325486][ T7399]  ? __pfx____sys_sendmsg+0x10/0x10
[  175.327763][ T7399]  ? ksys_write+0x21c/0x260
[  175.329867][ T7399]  ? __fget_light+0x173/0x210
[  175.331896][ T7399]  __sys_sendmsg+0x117/0x1f0
[  175.333936][ T7399]  ? __pfx___sys_sendmsg+0x10/0x10
[  175.335886][ T7399]  do_syscall_64+0xcd/0x250
[  175.337931][ T7399]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  175.340481][ T7399] RIP: 0033:0x7f63af775bd9
[  175.342264][ T7399] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  175.350953][ T7399] RSP: 002b:00007f63b060f048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  175.355577][ T7399] RAX: ffffffffffffffda RBX: 00007f63af903f60 RCX: 00007f63af775bd9
[  175.358968][ T7399] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003
[  175.364648][ T7399] RBP: 00007f63b060f0a0 R08: 0000000000000000 R09: 0000000000000000
[  175.367923][ T7399] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  175.371778][ T7399] R13: 000000000000000b R14: 00007f63af903f60 R15: 00007ffec3f794f8
[  175.374994][ T7399]  </TASK>
[  175.583892][   T35] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  175.761968][ T7411] bridge_slave_1: left allmulticast mode
[  175.764207][ T7411] bridge_slave_1: left promiscuous mode
[  175.777279][ T7411] bridge0: port 2(bridge_slave_1) entered disabled state
[  175.782089][   T35] usb 6-1: Using ep0 maxpacket: 32
[  175.788342][   T35] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  175.792707][   T35] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  175.797865][   T35] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  175.802419][   T35] usb 6-1: config 1 interface 1 altsetting 1 has an endpoint descriptor with address 0x9F, changing to 0x8F
[  175.808512][   T35] usb 6-1: config 1 interface 1 altsetting 1 endpoint 0x8F has invalid maxpacket 9573, setting to 1024
[  175.813397][   T35] usb 6-1: config 1 interface 1 altsetting 1 bulk endpoint 0x8F has invalid maxpacket 1024
[  175.817626][   T35] usb 6-1: config 1 interface 1 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  175.825624][   T35] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  175.828984][   T35] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  175.831866][   T35] usb 6-1: Product: syz
[  175.834261][   T35] usb 6-1: Manufacturer: syz
[  175.836339][   T35] usb 6-1: SerialNumber: syz
[  175.873902][ T5236] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  175.875080][ T7416] netlink: 36 bytes leftover after parsing attributes in process `syz.2.573'.
[  176.051151][   T35] cdc_ncm 6-1:1.0: bind() failure
[  176.061076][   T35] cdc_ncm 6-1:1.1: CDC Union missing and no IAD found
[  176.073659][   T35] cdc_ncm 6-1:1.1: bind() failure
[  176.074174][ T4636] Bluetooth: hci1: command 0x0406 tx timeout
[  176.084809][ T5236] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  176.104123][ T5236] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  176.110121][   T35] usb 6-1: USB disconnect, device number 3
[  176.119317][ T5236] usb 5-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.00
[  176.128438][ T5236] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  176.133713][ T5236] usb 5-1: config 0 descriptor??
[  176.142730][ T5236] usbhid 5-1:0.0: couldn't find an input interrupt endpoint
[  176.146591][ T7421] FAULT_INJECTION: forcing a failure.
[  176.146591][ T7421] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  176.161797][ T7421] CPU: 0 PID: 7421 Comm: syz.2.574 Not tainted 6.10.0-rc7-syzkaller-00254-g528dd46d0fc3 #0
[  176.166414][ T7421] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  176.170887][ T7421] Call Trace:
[  176.172474][ T7421]  <TASK>
[  176.173836][ T7421]  dump_stack_lvl+0x16c/0x1f0
[  176.175946][ T7421]  should_fail_ex+0x497/0x5b0
[  176.178054][ T7421]  _copy_from_user+0x30/0xf0
[  176.180075][ T7421]  copy_msghdr_from_user+0x99/0x160
[  176.182146][ T7421]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  176.184476][ T7421]  ? find_held_lock+0x2d/0x110
[  176.186604][ T7421]  ___sys_recvmsg+0xdc/0x1a0
[  176.188610][ T7421]  ? __pfx____sys_recvmsg+0x10/0x10
[  176.191020][ T7421]  ? __fget_light+0x173/0x210
[  176.196294][ T7421]  do_recvmmsg+0x2ba/0x750
[  176.198328][ T7421]  ? __pfx_do_recvmmsg+0x10/0x10
[  176.205246][ T7421]  ? vfs_write+0x14d/0x1140
[  176.207175][ T7421]  ? __mutex_unlock_slowpath+0x164/0x650
[  176.209304][ T7421]  __x64_sys_recvmmsg+0x239/0x290
[  176.211334][ T7421]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  176.213770][ T7421]  do_syscall_64+0xcd/0x250
[  176.215806][ T7421]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  176.217845][ T7421] RIP: 0033:0x7fc175175bd9
[  176.219388][ T7421] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  176.227325][ T7421] RSP: 002b:00007fc175fd5048 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  176.230910][ T7421] RAX: ffffffffffffffda RBX: 00007fc175303f60 RCX: 00007fc175175bd9
[  176.233934][ T7421] RDX: 000000000400023c RSI: 00000000200055c0 RDI: 0000000000000009
[  176.237057][ T7421] RBP: 00007fc175fd50a0 R08: 0000000000000000 R09: 0000000000000000
[  176.239601][ T7421] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  176.242954][ T7421] R13: 000000000000000b R14: 00007fc175303f60 R15: 00007ffecfee2538
[  176.246130][ T7421]  </TASK>
[  176.454666][ T7425] FAULT_INJECTION: forcing a failure.
[  176.454666][ T7425] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  176.460206][ T7425] CPU: 0 PID: 7425 Comm: syz.3.576 Not tainted 6.10.0-rc7-syzkaller-00254-g528dd46d0fc3 #0
[  176.463992][ T7425] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  176.467900][ T7425] Call Trace:
[  176.469110][ T7425]  <TASK>
[  176.470121][ T7425]  dump_stack_lvl+0x16c/0x1f0
[  176.471710][ T7425]  should_fail_ex+0x497/0x5b0
[  176.473306][ T7425]  strncpy_from_user+0x38/0x300
[  176.475042][ T7425]  __do_sys_request_key+0xa9/0x3d0
[  176.477351][ T7425]  ? __pfx___do_sys_request_key+0x10/0x10
[  176.479436][ T7425]  ? ksys_write+0x1ab/0x260
[  176.481118][ T7425]  do_syscall_64+0xcd/0x250
[  176.482784][ T7425]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  176.484887][ T7425] RIP: 0033:0x7f1468b75bd9
[  176.486534][ T7425] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  176.494409][ T7425] RSP: 002b:00007f1469a29048 EFLAGS: 00000246 ORIG_RAX: 00000000000000f9
[  176.497821][ T7425] RAX: ffffffffffffffda RBX: 00007f1468d03f60 RCX: 00007f1468b75bd9
[  176.501161][ T7425] RDX: 0000000020000440 RSI: 0000000020000400 RDI: 00000000200003c0
[  176.503991][ T7425] RBP: 00007f1469a290a0 R08: 0000000000000000 R09: 0000000000000000
[  176.507162][ T7425] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  176.510560][ T7425] R13: 000000000000000b R14: 00007f1468d03f60 R15: 00007fff448fb9c8
[  176.514062][ T7425]  </TASK>
[  176.856609][ T7443] xt_time: invalid argument - start or stop time greater than 23:59:59
[  176.900839][ T7443] netlink: 20 bytes leftover after parsing attributes in process `syz.1.579'.
[  176.926138][ T4636] Bluetooth: Wrong link type (-71)
[  176.929600][ T7443] fuse: Unknown parameter '0x00000000000000230x000000000000000c'
[  177.031755][ T7453] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  177.103983][ T5236] IPVS: starting estimator thread 0...
[  177.217811][ T7459] IPVS: using max 20 ests per chain, 48000 per kthread
[  177.589016][ T4636] Bluetooth: hci2: Received unexpected HCI Event 0x00
[  177.677663][ T7479] netlink: 12 bytes leftover after parsing attributes in process `syz.2.584'.
[  177.720644][   T39] kauditd_printk_skb: 22 callbacks suppressed
[  177.720659][   T39] audit: type=1400 audit(1720870954.104:352): avc:  denied  { read write } for  pid=7481 comm="syz.1.585" name="uhid" dev="devtmpfs" ino=1111 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1
[  177.725755][ T7482] FAULT_INJECTION: forcing a failure.
[  177.725755][ T7482] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  177.733317][   T39] audit: type=1400 audit(1720870954.104:353): avc:  denied  { open } for  pid=7481 comm="syz.1.585" path="/dev/uhid" dev="devtmpfs" ino=1111 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1
[  177.757420][ T7482] CPU: 2 PID: 7482 Comm: syz.1.585 Not tainted 6.10.0-rc7-syzkaller-00254-g528dd46d0fc3 #0
[  177.762263][ T7482] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  177.766971][ T7482] Call Trace:
[  177.768766][ T7482]  <TASK>
[  177.770190][ T7482]  dump_stack_lvl+0x16c/0x1f0
[  177.772325][ T7482]  should_fail_ex+0x497/0x5b0
[  177.774253][ T7482]  _copy_to_user+0x30/0xc0
[  177.776116][ T7482]  simple_read_from_buffer+0xd0/0x160
[  177.778597][ T7482]  proc_fail_nth_read+0x1b0/0x290
[  177.781152][ T7482]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  177.784414][ T7482]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  177.786764][ T7482]  vfs_read+0x1d4/0xbd0
[  177.788730][ T7482]  ? __fdget_pos+0xeb/0x180
[  177.790922][ T7482]  ? __pfx_vfs_read+0x10/0x10
[  177.793357][ T7482]  ? __pfx___mutex_lock+0x10/0x10
[  177.795930][ T7482]  ? __fget_files+0x256/0x400
[  177.798266][ T7482]  ksys_read+0x12f/0x260
[  177.800231][ T7482]  ? __pfx_ksys_read+0x10/0x10
[  177.802522][ T7482]  do_syscall_64+0xcd/0x250
[  177.804787][ T7482]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  177.807667][ T7482] RIP: 0033:0x7f75adb746bc
[  177.809718][ T7482] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 1f 8d 02 00 48
[  177.818354][ T7482] RSP: 002b:00007f75ad5ff040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  177.822217][ T7482] RAX: ffffffffffffffda RBX: 00007f75add03f60 RCX: 00007f75adb746bc
[  177.825422][ T7482] RDX: 000000000000000f RSI: 00007f75ad5ff0b0 RDI: 0000000000000004
[  177.828650][ T7482] RBP: 00007f75ad5ff0a0 R08: 0000000000000000 R09: 0000000000000000
[  177.832360][ T7482] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  177.835863][ T7482] R13: 000000000000000b R14: 00007f75add03f60 R15: 00007fff3bda0938
[  177.839381][ T7482]  </TASK>
[  177.840863][    C2] vkms_vblank_simulate: vblank timer overrun
[  177.882568][ T7491] netlink: 20 bytes leftover after parsing attributes in process `syz.1.587'.
[  177.891546][ T7491] netlink: 8 bytes leftover after parsing attributes in process `syz.1.587'.
[  178.004066][ T7498] FAULT_INJECTION: forcing a failure.
[  178.004066][ T7498] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  178.010013][ T7498] CPU: 3 PID: 7498 Comm: syz.1.589 Not tainted 6.10.0-rc7-syzkaller-00254-g528dd46d0fc3 #0
[  178.014394][ T7498] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  178.018996][ T7498] Call Trace:
[  178.020440][ T7498]  <TASK>
[  178.021721][ T7498]  dump_stack_lvl+0x16c/0x1f0
[  178.023861][ T7498]  should_fail_ex+0x497/0x5b0
[  178.025989][ T7498]  _copy_from_user+0x30/0xf0
[  178.028102][ T7498]  copy_msghdr_from_user+0x99/0x160
[  178.030541][ T7498]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  178.033196][ T7498]  ? find_held_lock+0x2d/0x110
[  178.035124][ T7498]  ___sys_recvmsg+0xdc/0x1a0
[  178.037012][ T7498]  ? __pfx____sys_recvmsg+0x10/0x10
[  178.039370][ T7498]  ? __fget_light+0x173/0x210
[  178.041525][ T7498]  do_recvmmsg+0x2ba/0x750
[  178.043544][ T7498]  ? __pfx_do_recvmmsg+0x10/0x10
[  178.045753][ T7498]  ? vfs_write+0x14d/0x1140
[  178.047810][ T7498]  ? __mutex_unlock_slowpath+0x164/0x650
[  178.050346][ T7498]  __x64_sys_recvmmsg+0x239/0x290
[  178.052616][ T7498]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  178.055117][ T7498]  do_syscall_64+0xcd/0x250
[  178.057233][ T7498]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  178.059971][ T7498] RIP: 0033:0x7f75adb75bd9
[  178.061835][ T7498] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  178.069226][ T7498] RSP: 002b:00007f75ad5de048 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  178.072458][ T7498] RAX: ffffffffffffffda RBX: 00007f75add04038 RCX: 00007f75adb75bd9
[  178.076873][ T7498] RDX: 040000000000026c RSI: 00000000200005c0 RDI: 0000000000000005
[  178.080352][ T7498] RBP: 00007f75ad5de0a0 R08: 0000000000000000 R09: 0000000000000000
[  178.083778][ T7498] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  178.086939][ T7498] R13: 000000000000006e R14: 00007f75add04038 R15: 00007fff3bda0938
[  178.090253][ T7498]  </TASK>
[  178.570073][ T4636] Bluetooth: hci0: Received unexpected HCI Event 0x00
[  178.755131][ T5261] usb 5-1: USB disconnect, device number 2
[  179.173662][ T7507] FAULT_INJECTION: forcing a failure.
[  179.173662][ T7507] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  179.181351][ T7507] CPU: 2 PID: 7507 Comm: syz.0.592 Not tainted 6.10.0-rc7-syzkaller-00254-g528dd46d0fc3 #0
[  179.185852][ T7507] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  179.190574][ T7507] Call Trace:
[  179.191982][ T7507]  <TASK>
[  179.193283][ T7507]  dump_stack_lvl+0x16c/0x1f0
[  179.195959][ T7507]  should_fail_ex+0x497/0x5b0
[  179.198004][ T7507]  _copy_from_user+0x30/0xf0
[  179.200000][ T7507]  move_addr_to_kernel+0x68/0x160
[  179.202204][ T7507]  __sys_sendto+0x169/0x4e0
[  179.204122][ T7507]  ? __pfx___sys_sendto+0x10/0x10
[  179.206302][ T7507]  ? ksys_write+0x1ab/0x260
[  179.208336][ T7507]  ? __pfx_ksys_write+0x10/0x10
[  179.210430][ T7507]  __x64_sys_sendto+0xe0/0x1c0
[  179.212461][ T7507]  ? do_syscall_64+0x91/0x250
[  179.215350][ T7507]  ? lockdep_hardirqs_on+0x7c/0x110
[  179.218386][ T7507]  do_syscall_64+0xcd/0x250
[  179.220506][ T7507]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  179.223698][ T7507] RIP: 0033:0x7f63af775bd9
[  179.226054][ T7507] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  179.236365][ T7507] RSP: 002b:00007f63b05ee048 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  179.239930][ T7507] RAX: ffffffffffffffda RBX: 00007f63af904038 RCX: 00007f63af775bd9
[  179.243616][ T7507] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005
[  179.247898][ T7507] RBP: 00007f63b05ee0a0 R08: 0000000020000000 R09: 0000000000000010
[  179.252072][ T7507] R10: 00000000200007fd R11: 0000000000000246 R12: 0000000000000001
[  179.258640][ T7507] R13: 000000000000006e R14: 00007f63af904038 R15: 00007ffec3f794f8
[  179.262332][ T7507]  </TASK>
[  179.262561][    C2] vkms_vblank_simulate: vblank timer overrun
[  179.470446][ T7513] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  180.216771][ T7521] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  180.226979][ T7521] netlink: 160 bytes leftover after parsing attributes in process `syz.3.596'.
[  180.272078][ T7524] FAULT_INJECTION: forcing a failure.
[  180.272078][ T7524] name failslab, interval 1, probability 0, space 0, times 0
[  180.280913][ T7524] CPU: 3 PID: 7524 Comm: syz.1.597 Not tainted 6.10.0-rc7-syzkaller-00254-g528dd46d0fc3 #0
[  180.286082][ T7524] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  180.291088][ T7524] Call Trace:
[  180.292625][ T7524]  <TASK>
[  180.293979][ T7524]  dump_stack_lvl+0x16c/0x1f0
[  180.296261][ T7524]  should_fail_ex+0x497/0x5b0
[  180.298466][ T7524]  should_failslab+0x9/0x20
[  180.300615][ T7524]  kmalloc_trace_noprof+0x6b/0x300
[  180.302895][ T7524]  ? alloc_pipe_info+0x10e/0x590
[  180.305477][ T7524]  alloc_pipe_info+0x10e/0x590
[  180.307856][ T7524]  ? __pfx___lock_acquire+0x10/0x10
[  180.310111][ T7524]  splice_direct_to_actor+0x79c/0xa40
[  180.312558][ T7524]  ? __pfx_direct_splice_actor+0x10/0x10
[  180.315082][ T7524]  ? inode_has_perm+0x16f/0x1d0
[  180.317234][ T7524]  ? file_has_perm+0x286/0x360
[  180.319419][ T7524]  ? __pfx_splice_direct_to_actor+0x10/0x10
[  180.322044][ T7524]  ? __pfx_file_has_perm+0x10/0x10
[  180.324323][ T7524]  do_splice_direct+0x17e/0x250
[  180.326288][ T7524]  ? __pfx_do_splice_direct+0x10/0x10
[  180.328476][ T7524]  ? __pfx_direct_file_splice_eof+0x10/0x10
[  180.331648][ T7524]  ? security_file_permission+0x98/0xc0
[  180.334097][ T7524]  do_sendfile+0xb1e/0xe50
[  180.336199][ T7524]  ? __pfx_do_sendfile+0x10/0x10
[  180.338475][ T7524]  __x64_sys_sendfile64+0x1da/0x220
[  180.341186][ T7524]  ? ksys_write+0x1ab/0x260
[  180.343549][ T7524]  ? __pfx___x64_sys_sendfile64+0x10/0x10
[  180.346180][ T7524]  do_syscall_64+0xcd/0x250
[  180.348205][ T7524]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  180.350847][ T7524] RIP: 0033:0x7f75adb75bd9
[  180.352909][ T7524] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  180.362009][ T7524] RSP: 002b:00007f75ad5de048 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  180.365862][ T7524] RAX: ffffffffffffffda RBX: 00007f75add04038 RCX: 00007f75adb75bd9
[  180.369237][ T7524] RDX: 0000000000000000 RSI: 000000000000000a RDI: 000000000000000c
[  180.372781][ T7524] RBP: 00007f75ad5de0a0 R08: 0000000000000000 R09: 0000000000000000
[  180.375834][ T7524] R10: 000000007ffff000 R11: 0000000000000246 R12: 0000000000000001
[  180.379126][ T7524] R13: 000000000000006e R14: 00007f75add04038 R15: 00007fff3bda0938
[  180.382685][ T7524]  </TASK>
[  180.557966][   T39] audit: type=1400 audit(1720870956.944:354): avc:  denied  { mounton } for  pid=7526 comm="syz.0.599" path="/proc/536/task" dev="proc" ino=16552 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1
[  180.578167][ T7528] ==================================================================
[  180.581925][ T7528] BUG: KASAN: slab-use-after-free in skb_release_head_state+0x283/0x2b0
[  180.585797][ T7528] Read of size 8 at addr ffff88803a7c0b98 by task syz.0.599/7528
[  180.591020][ T7528] 
[  180.592378][ T7528] CPU: 1 PID: 7528 Comm: syz.0.599 Not tainted 6.10.0-rc7-syzkaller-00254-g528dd46d0fc3 #0
[  180.597548][ T7528] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  180.602243][ T7528] Call Trace:
[  180.603773][ T7528]  <TASK>
[  180.605054][ T7528]  dump_stack_lvl+0x116/0x1f0
[  180.607140][ T7528]  print_report+0xc3/0x620
[  180.609383][ T7528]  ? __virt_addr_valid+0x5e/0x590
[  180.611662][ T7528]  ? __phys_addr+0xc6/0x150
[  180.613750][ T7528]  kasan_report+0xd9/0x110
[  180.615749][ T7528]  ? skb_release_head_state+0x283/0x2b0
[  180.618205][ T7528]  ? skb_release_head_state+0x283/0x2b0
[  180.620700][ T7528]  skb_release_head_state+0x283/0x2b0
[  180.623060][ T7528]  kfree_skb_reason+0xed/0x210
[  180.625248][ T7528]  __hci_req_sync+0x61d/0x980
[  180.627649][ T7528]  ? __pfx___hci_req_sync+0x10/0x10
[  180.630134][ T7528]  ? trace_contention_end+0xea/0x140
[  180.632817][ T7528]  ? hci_req_sync+0x3f/0xd0
[  180.634886][ T7528]  ? __mutex_lock+0x1a6/0x9c0
[  180.636991][ T7528]  hci_req_sync+0x97/0xd0
[  180.638769][ T7528]  ? __pfx_hci_inq_req+0x10/0x10
[  180.640618][ T7528]  hci_inquiry+0x3ea/0x950
[  180.642450][ T7528]  ? __pfx_lock_release+0x10/0x10
[  180.644396][ T7528]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  180.646475][ T7528]  ? __pfx_hci_inquiry+0x10/0x10
[  180.648383][ T7528]  ? mgmt_device_connected+0x470/0x5d0
[  180.650490][ T7528]  ? __local_bh_enable_ip+0xa4/0x120
[  180.652566][ T7528]  hci_sock_ioctl+0x2bb/0x880
[  180.654399][ T7528]  ? __pfx_hci_sock_ioctl+0x10/0x10
[  180.656411][ T7528]  sock_do_ioctl+0x116/0x280
[  180.658483][ T7528]  ? __pfx_sock_do_ioctl+0x10/0x10
[  180.660656][ T7528]  ? ioctl_has_perm.constprop.0.isra.0+0x2f9/0x470
[  180.663315][ T7528]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[  180.666141][ T7528]  sock_ioctl+0x22e/0x6c0
[  180.667873][ T7528]  ? __pfx_sock_ioctl+0x10/0x10
[  180.669834][ T7528]  ? selinux_file_ioctl+0x180/0x270
[  180.671824][ T7528]  ? selinux_file_ioctl+0xb4/0x270
[  180.673722][ T7528]  ? __pfx_sock_ioctl+0x10/0x10
[  180.675909][ T7528]  __x64_sys_ioctl+0x193/0x220
[  180.678094][ T7528]  do_syscall_64+0xcd/0x250
[  180.680119][ T7528]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  180.682471][ T7528] RIP: 0033:0x7f63af775bd9
[  180.684241][ T7528] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  180.692091][ T7528] RSP: 002b:00007f63b060f048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  180.695889][ T7528] RAX: ffffffffffffffda RBX: 00007f63af903f60 RCX: 00007f63af775bd9
[  180.699810][ T7528] RDX: 00000000200000c0 RSI: 00000000800448f0 RDI: 0000000000000009
[  180.703597][ T7528] RBP: 00007f63af7e4e60 R08: 0000000000000000 R09: 0000000000000000
[  180.711257][ T7528] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  180.715442][ T7528] R13: 000000000000000b R14: 00007f63af903f60 R15: 00007ffec3f794f8
[  180.720120][ T7528]  </TASK>
[  180.721718][ T7528] 
[  180.722827][ T7528] Allocated by task 5206:
[  180.724809][ T7528]  kasan_save_stack+0x33/0x60
[  180.728375][ T7528]  kasan_save_track+0x14/0x30
[  180.730290][ T7528]  __kasan_slab_alloc+0x89/0x90
[  180.732226][ T7528]  kmem_cache_alloc_noprof+0x121/0x2f0
[  180.734980][ T7528]  skb_clone+0x190/0x3f0
[  180.736985][ T7528]  hci_cmd_work+0x66a/0x710
[  180.739036][ T7528]  process_one_work+0x9c5/0x1b40
[  180.741487][ T7528]  worker_thread+0x6c8/0xf30
[  180.743536][ T7528]  kthread+0x2c1/0x3a0
[  180.745736][ T7528]  ret_from_fork+0x45/0x80
[  180.747768][ T7528]  ret_from_fork_asm+0x1a/0x30
[  180.749816][ T7528] 
[  180.750964][ T7528] Freed by task 4636:
[  180.752611][ T7528]  kasan_save_stack+0x33/0x60
[  180.754466][ T7528]  kasan_save_track+0x14/0x30
[  180.756152][ T7528]  kasan_save_free_info+0x3b/0x60
[  180.758048][ T7528]  poison_slab_object+0xf7/0x160
[  180.759916][ T7528]  __kasan_slab_free+0x32/0x50
[  180.761955][ T7528]  kmem_cache_free+0x12f/0x3a0
[  180.763996][ T7528]  kfree_skbmem+0x10e/0x200
[  180.766084][ T7528]  kfree_skb_reason+0x138/0x210
[  180.768434][ T7528]  hci_cmd_work+0x63e/0x710
[  180.770401][ T7528]  process_one_work+0x9c5/0x1b40
[  180.772535][ T7528]  worker_thread+0x6c8/0xf30
[  180.774367][ T7528]  kthread+0x2c1/0x3a0
[  180.775944][ T7528]  ret_from_fork+0x45/0x80
[  180.777805][ T7528]  ret_from_fork_asm+0x1a/0x30
[  180.779889][ T7528] 
[  180.781099][ T7528] The buggy address belongs to the object at ffff88803a7c0b40
[  180.781099][ T7528]  which belongs to the cache skbuff_head_cache of size 240
[  180.788453][ T7528] The buggy address is located 88 bytes inside of
[  180.788453][ T7528]  freed 240-byte region [ffff88803a7c0b40, ffff88803a7c0c30)
[  180.796974][ T7528] 
[  180.797999][ T7528] The buggy address belongs to the physical page:
[  180.800635][ T7528] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x3a7c0
[  180.804600][ T7528] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  180.808877][ T7528] ksm flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  180.812551][ T7528] page_type: 0xffffefff(slab)
[  180.814525][ T7528] raw: 00fff00000000040 ffff8880196d2780 ffffea000058f100 dead000000000003
[  180.818584][ T7528] raw: 0000000000000000 0000000000190019 00000001ffffefff 0000000000000000
[  180.822605][ T7528] head: 00fff00000000040 ffff8880196d2780 ffffea000058f100 dead000000000003
[  180.826796][ T7528] head: 0000000000000000 0000000000190019 00000001ffffefff 0000000000000000
[  180.830366][ T7528] head: 00fff00000000001 ffffea0000e9f001 ffffffffffffffff 0000000000000000
[  180.833754][ T7528] head: 0000000700000002 0000000000000000 00000000ffffffff 0000000000000000
[  180.837579][ T7528] page dumped because: kasan: bad access detected
[  180.840205][ T7528] page_owner tracks the page as allocated
[  180.842525][ T7528] page last allocated via order 1, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 29, tgid 29 (ksoftirqd/1), ts 55305780237, free_ts 55204066008
[  180.850546][ T7528]  post_alloc_hook+0x2d1/0x350
[  180.852484][ T7528]  get_page_from_freelist+0x1353/0x2e50
[  180.854732][ T7528]  __alloc_pages_noprof+0x22b/0x2460
[  180.856848][ T7528]  alloc_slab_page+0x56/0x110
[  180.858638][ T7528]  new_slab+0x84/0x260
[  180.860392][ T7528]  ___slab_alloc+0xdac/0x1870
[  180.862495][ T7528]  kmem_cache_alloc_bulk_noprof+0x257/0x930
[  180.865436][ T7528]  napi_skb_cache_get+0x154/0x210
[  180.867442][ T7528]  __napi_build_skb+0x14/0x50
[  180.869493][ T7528]  napi_alloc_skb+0x2b8/0x5a0
[  180.871312][ T7528]  e1000_clean_rx_irq+0x2bc/0x1160
[  180.873338][ T7528]  e1000_clean+0x960/0x26f0
[  180.875181][ T7528]  __napi_poll.constprop.0+0xb7/0x550
[  180.878457][ T7528]  net_rx_action+0x9b6/0xf10
[  180.880825][ T7528]  handle_softirqs+0x216/0x8f0
[  180.882627][ T7528]  run_ksoftirqd+0x3a/0x60
[  180.884341][ T7528] page last free pid 5173 tgid 5173 stack trace:
[  180.886658][ T7528]  free_unref_page+0x64a/0xe40
[  180.888396][ T7528]  __folio_put+0x239/0x360
[  180.890113][ T7528]  skb_release_data+0x5df/0x980
[  180.891947][ T7528]  skb_attempt_defer_free+0x1b0/0x620
[  180.894386][ T7528]  tcp_recvmsg_locked+0x11cd/0x2700
[  180.896436][ T7528]  tcp_recvmsg+0x12e/0x680
[  180.899107][ T7528]  inet_recvmsg+0x12b/0x6a0
[  180.901321][ T7528]  sock_recvmsg+0x1b2/0x250
[  180.903508][ T7528]  sock_read_iter+0x2c7/0x3c0
[  180.905518][ T7528]  vfs_read+0xa39/0xbd0
[  180.907106][ T7528]  ksys_read+0x1f8/0x260
[  180.908713][ T7528]  do_syscall_64+0xcd/0x250
[  180.910426][ T7528]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  180.912626][ T7528] 
[  180.913707][ T7528] Memory state around the buggy address:
[  180.916180][ T7528]  ffff88803a7c0a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc
[  180.919176][ T7528]  ffff88803a7c0b00: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[  180.922254][ T7528] >ffff88803a7c0b80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  180.925399][ T7528]                             ^
[  180.927308][ T7528]  ffff88803a7c0c00: fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc
[  180.930416][ T7528]  ffff88803a7c0c80: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  180.933402][ T7528] ==================================================================
[  180.941430][ T7528] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  180.944898][ T7528] CPU: 0 PID: 7528 Comm: syz.0.599 Not tainted 6.10.0-rc7-syzkaller-00254-g528dd46d0fc3 #0
[  180.948899][ T7528] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  180.954129][ T7528] Call Trace:
[  180.955960][ T7528]  <TASK>
[  180.958140][ T7528]  dump_stack_lvl+0x3d/0x1f0
[  180.960817][ T7528]  panic+0x6f5/0x7a0
[  180.962532][ T7528]  ? __pfx_panic+0x10/0x10
[  180.964741][ T7528]  ? irqentry_exit+0x3b/0x90
[  180.966867][ T7528]  ? lockdep_hardirqs_on+0x7c/0x110
[  180.969223][ T7528]  ? preempt_schedule_thunk+0x1a/0x30
[  180.972267][ T7528]  ? preempt_schedule_common+0x44/0xc0
[  180.974703][ T7528]  check_panic_on_warn+0xab/0xb0
[  180.983240][ T7528]  end_report+0x117/0x180
[  180.986542][ T7528]  kasan_report+0xe9/0x110
[  180.988416][ T7528]  ? skb_release_head_state+0x283/0x2b0
[  180.992933][ T7528]  ? skb_release_head_state+0x283/0x2b0
[  180.995097][ T7528]  skb_release_head_state+0x283/0x2b0
[  180.997520][ T7528]  kfree_skb_reason+0xed/0x210
[  180.999706][ T7528]  __hci_req_sync+0x61d/0x980
[  181.001718][ T7528]  ? __pfx___hci_req_sync+0x10/0x10
[  181.004054][ T7528]  ? trace_contention_end+0xea/0x140
[  181.006297][ T7528]  ? hci_req_sync+0x3f/0xd0
[  181.007980][ T7528]  ? __mutex_lock+0x1a6/0x9c0
[  181.010431][ T7528]  hci_req_sync+0x97/0xd0
[  181.012985][ T7528]  ? __pfx_hci_inq_req+0x10/0x10
[  181.015250][ T7528]  hci_inquiry+0x3ea/0x950
[  181.017453][ T7528]  ? __pfx_lock_release+0x10/0x10
[  181.019786][ T7528]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  181.022783][ T7528]  ? __pfx_hci_inquiry+0x10/0x10
[  181.025401][ T7528]  ? mgmt_device_connected+0x470/0x5d0
[  181.028513][ T7528]  ? __local_bh_enable_ip+0xa4/0x120
[  181.037193][ T7528]  hci_sock_ioctl+0x2bb/0x880
[  181.039246][ T7528]  ? __pfx_hci_sock_ioctl+0x10/0x10
[  181.041678][ T7528]  sock_do_ioctl+0x116/0x280
[  181.043687][ T7528]  ? __pfx_sock_do_ioctl+0x10/0x10
[  181.045824][ T7528]  ? ioctl_has_perm.constprop.0.isra.0+0x2f9/0x470
[  181.048582][ T7528]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[  181.051450][ T7528]  sock_ioctl+0x22e/0x6c0
[  181.053348][ T7528]  ? __pfx_sock_ioctl+0x10/0x10
[  181.055519][ T7528]  ? selinux_file_ioctl+0x180/0x270
[  181.057917][ T7528]  ? selinux_file_ioctl+0xb4/0x270
[  181.060861][ T7528]  ? __pfx_sock_ioctl+0x10/0x10
[  181.063067][ T7528]  __x64_sys_ioctl+0x193/0x220
[  181.065460][ T7528]  do_syscall_64+0xcd/0x250
[  181.067382][ T7528]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  181.070324][ T7528] RIP: 0033:0x7f63af775bd9
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  181.072736][ T7528] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  181.081865][ T7528] RSP: 002b:00007f63b060f048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  181.085444][ T7528] RAX: ffffffffffffffda RBX: 00007f63af903f60 RCX: 00007f63af775bd9
[  181.089724][ T7528] RDX: 00000000200000c0 RSI: 00000000800448f0 RDI: 0000000000000009
[  181.094057][ T7528] RBP: 00007f63af7e4e60 R08: 0000000000000000 R09: 0000000000000000
[  181.097854][ T7528] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  181.101145][ T7528] R13: 000000000000000b R14: 00007f63af903f60 R15: 00007ffec3f794f8
[  181.104863][ T7528]  </TASK>
[  181.107399][ T7528] Kernel Offset: disabled
[  181.109325][ T7528] Rebooting in 86400 seconds..

VM DIAGNOSIS:
11:42:37  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000000000 RBX=000000000003e0f1 RCX=ffffffff81f48590 RDX=0000000000000001
RSI=0000000000000001 RDI=000000000003e0f1 RBP=000fffffffffffff RSP=ffffc90003967700
R8 =0000000000000007 R9 =0000000000000000 R10=0000000000000002 R11=0000000000000007
R12=0000000000000001 R13=ffff88801f879c80 R14=dffffc0000000000 R15=1ffff9200072ceec
RIP=ffffffff81f465a2 RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 000055556c041500 ffffffff 00c00000
GS =0000 ffff88806b000000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00007f75ae8356b8 CR3=000000002c7ec000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000001000000 Opmask01=0000000001000001 Opmask02=00000000ffffffef Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fff3bda0c40 0000003000000018
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f75adbe4325
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f75adbe4332
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f75adbe432c
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f75adbe4340
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f75adbe43c6
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f75adbe44a4
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000001 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000050
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000001 0000000000000000 0000000000000000 0000000000000050
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000000000038 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff84fda1c5 RDI=ffffffff94dde1e0 RBP=ffffffff94dde1a0 RSP=ffffc90003a87410
R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=20666f2064616552
R12=0000000000000000 R13=0000000000000038 R14=ffffffff84fda160 R15=0000000000000000
RIP=ffffffff84fda1ef RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007f63b060f6c0 ffffffff 00c00000
GS =0000 ffff88806b100000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=000000110c30dec7 CR3=0000000042ce2000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000480081 Opmask01=0000000001000001 Opmask02=00000000ffffffef Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f63b060efa0 0000003000000018
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f63af7e4325
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f63af7e4332
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f63af7e432c
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f63af7e4340
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f63af7e43c6
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f63af7e44a4
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6e72656b2f737973 2f000a6425203a64 656c696166202973 2528657469727700
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4b57404e0a565c56 0a000a4100051f41 40494c4443050c56 000d40514c575200
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000003 0000000000000000 0000000000000000 00000000000000f0
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 2

CPU#2
RAX=00000000002d7583 RBX=0000000000000002 RCX=ffffffff8ae7e759 RDX=0000000000000000
RSI=ffffffff8b2caf00 RDI=ffffffff8b9039c0 RBP=ffffed1002fd9000 RSP=ffffc90000197e08
R8 =0000000000000001 R9 =ffffed100d646fdd R10=ffff88806b237eeb R11=0000000000000000
R12=0000000000000002 R13=ffff888017ec8000 R14=ffffffff8fe486d0 R15=0000000000000000
RIP=ffffffff8ae7fb4f RFL=00000242 [---Z---] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88806b200000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000008f000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007fc175304030 CR3=000000001d360000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000001000000 Opmask01=0000000001000001 Opmask02=00000000ffffffef Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffecfee2840 0000003000000018
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fc1751e4325
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fc1751e4332
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fc1751e432c
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fc1751e4340
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fc1751e43c6
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fc1751e44a4
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000000a0
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 0000000000000000 0000000000000000 00000000000000a0
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 3

CPU#3
RAX=0000000000000000 RBX=0000000000000000 RCX=ffffffff8ad68afb RDX=0000000000000000
RSI=ffffffffffffffff RDI=ffffc90004107970 RBP=ffffc90004107970 RSP=ffffc900041078f0
R8 =0000000000000006 R9 =ffffffffffffffff R10=0000000000000000 R11=0000000000000001
R12=ffffffffffffffff R13=ffffc900041079a8 R14=0000000000000000 R15=ffff8880218c2f80
RIP=ffffffff8ad66472 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007fc175fd56c0 ffffffff 00c00000
GS =0000 ffff88806b300000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000d6000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000001b3065ffff CR3=00000000225f0000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000040001 Opmask01=0000000001000001 Opmask02=00000000ffffffef Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fc1751e4325
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fc1751e4332
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fc1751e432c
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fc1751e4340
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fc1751e43c6
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fc1751e44a4
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fc1752d4488 00007fc1752d4480 00007fc1752d4478 00007fc1752d4450
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fc175e3d100 00007fc1752d4440 00007fc1752d4458 00007fc1752d44a0
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fc1752d4498 00007fc1752d4490 00007fc1752d4488 00007fc1752d4480
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 0000000000000000 0000000000000000 00000000000000a0
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000