last executing test programs:

7.599339048s ago: executing program 2 (id=1574):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0x3)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000000280)={<r2=>0x0, @in={{0x2, 0x4e20, @multicast2}}, 0x9, 0x0, 0x8, 0x8, 0xd0, 0x876, 0x3}, &(0x7f0000000000)=0x9c)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r1, 0x84, 0x75, &(0x7f00000000c0)={r2, 0x4e}, 0x8)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r3 = syz_open_dev$usbfs(&(0x7f0000000080), 0x77, 0x101301)
ioctl$USBDEVFS_CONNECTINFO(r3, 0x80045503, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0a00000004000000040000000a"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000180100002020702500000000002020207b0af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007200000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='tlb_flush\x00', r5}, 0x10)
r6 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0xd, 0x3, &(0x7f0000000380)=@raw=[@call={0x85, 0x0, 0x0, 0x6e}, @map_idx={0x18, 0x7, 0x5, 0x0, 0xa}], &(0x7f00000003c0)='GPL\x00', 0xffff, 0x79, &(0x7f00000004c0)=""/121, 0x41000, 0x2c, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x8, &(0x7f00000005c0)={0x9, 0x1}, 0x8, 0x10, &(0x7f0000000600)={0x0, 0xf, 0x4, 0x3}, 0x10, 0x0, r6, 0x6, &(0x7f0000000640)=[r4, r4, r4, 0xffffffffffffffff, r4, r4, r4, 0xffffffffffffffff], &(0x7f0000000680)=[{0x5, 0x4, 0x3, 0xa}, {0x1, 0x5, 0x9, 0x8}, {0x2, 0x5, 0x8, 0x5}, {0x2, 0x2, 0xf, 0x6}, {0x1, 0x1, 0x5}, {0x3, 0x1, 0x4, 0x3}], 0x10, 0x5, @void, @value}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r7 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r8 = dup(r7)
write$6lowpan_enable(r8, &(0x7f0000000000)='0', 0xfffffd2c)
r9 = syz_io_uring_setup(0x239, &(0x7f0000000740)={0x0, 0xb1ea, 0x10100, 0x0, 0x0, 0x0, r8}, &(0x7f0000000180)=<r10=>0x0, &(0x7f00000001c0)=<r11=>0x0)
syz_io_uring_submit(r10, r11, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r7, 0x0, 0x0, 0x0, {}, 0x1})
io_uring_enter(r9, 0x2ded, 0xef92, 0x0, 0x0, 0x0)
gettid()
r12 = eventfd2(0x0, 0x0)
read$eventfd(r12, &(0x7f0000000040), 0x8)
ioctl$FIONREAD(r0, 0x541b, &(0x7f0000000340))
r13 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x47c01, 0x0)
ioctl$PPPIOCGFLAGS1(r13, 0x8004745a, &(0x7f0000000100))

6.672484563s ago: executing program 2 (id=1584):
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0201, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000001340))
ioctl$SNDCTL_DSP_CHANNELS(r0, 0xc0045006, &(0x7f0000000180)=0x6f)
syz_usb_connect(0x1, 0xfffffffffffffd22, 0x0, 0x0)
socketpair$tipc(0x1e, 0x2, 0x0, 0x0)
write$dsp(r0, &(0x7f00000012c0)="a52876830a602234f6b4e928d758f38a5a7cb4b31c4c09289e9ebb6286784ca3", 0x4000)

5.390853854s ago: executing program 1 (id=1591):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_opts(r0, 0x29, 0x37, &(0x7f0000004600)=ANY=[@ANYBLOB="ff0002090000000069ec23a4400c090040db13cf1d235e16bdbd9fec7b8502604b0da0f87d6c55"], 0x8)
setsockopt$inet6_IPV6_DSTOPTS(r0, 0x29, 0x3b, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000540)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x6, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r2, 0x2000000, 0x11, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1f)

5.390304048s ago: executing program 1 (id=1592):
bind$bt_l2cap(0xffffffffffffffff, &(0x7f0000000000)={0x1f, 0x0, @any, 0x8000, 0x1}, 0xe)

5.310868614s ago: executing program 1 (id=1593):
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x60281, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
listen(0xffffffffffffffff, 0x7fff)
pselect6(0x40, &(0x7f0000000040)={0x5, 0x8, 0xd95, 0x1, 0xffff, 0xfffffffffffffffd, 0x8000000000000000, 0x100000001}, 0x0, &(0x7f0000000140)={0x0, 0x3ff, 0x367d, 0x9, 0xb5, 0x47c, 0x7, 0x9}, &(0x7f0000000180)={0x0, 0x3938700}, &(0x7f0000000340)={&(0x7f0000000200)={[0x6, 0xce]}, 0x8})
connect$phonet_pipe(0xffffffffffffffff, 0x0, 0x0)
socket$kcm(0xa, 0x922000000003, 0x11)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1804000000000000000000000000000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000200)='inet_sk_error_report\x00', r2}, 0x18)
r3 = socket$kcm(0x10, 0x2, 0x4)
r4 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0)
writev(r4, &(0x7f00000000c0)=[{&(0x7f0000000140)='2', 0x1}], 0x1)
sendmsg$kcm(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="48000000150081fb7059ae08060c04000aff0f11000000040011018701546fabca1b4e7d06a6bd7c493872f750375ed08a562af5745e17b8c119418f0f000000d6e74703c48f93b8", 0x48}], 0x1}, 0x0)
ioctl$TIOCSETD(r1, 0x5423, 0x0)
syz_io_uring_setup(0x2be, &(0x7f0000000240)={0x0, 0x4331, 0x1, 0x2, 0x113}, 0x0, &(0x7f0000000000)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(0x0, r5, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x9, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3fe, 0x5, 0x3, 0x9, 0x8, 0x45ff, 0x7ffffffc}, 0x0, 0x0)
mknod$loop(0x0, 0x0, 0x0)
r6 = openat$cuse(0xffffff9c, &(0x7f00000003c0), 0x2, 0x0)
read$FUSE(r6, 0x0, 0x0)
write$FUSE_INIT(0xffffffffffffffff, 0x0, 0x0)

4.478723543s ago: executing program 3 (id=1596):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x70bd2d, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x13, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x3}}}]}, {0x4}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x0, 0x3}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$igmp6(0xa, 0x3, 0x2)
getsockopt$MRT6(r3, 0x29, 0xce, &(0x7f0000000180), &(0x7f0000000300)=0x4)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x4)
sendmsg$NFT_BATCH(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000010000000000000000000200000a40000000060a090400000000000000000200000014000480100001800700010072740000040002800900010073797a30000000000900020073797a320000000014000000110001000000000ad6c338547c1725af81ae7b86f6b1843114b39f3d5d5f9477248381565670566146f30afad8aea11265b435e462bbb4ed50a264f2ae3a395d84"], 0x68}}, 0x0)
syz_open_dev$sndmidi(0x0, 0x2, 0x141101)
r5 = syz_io_uring_setup(0x67f2, &(0x7f0000000500)={0x0, 0xaa75, 0x400, 0x0, 0x24c}, &(0x7f0000000340)=<r6=>0x0, &(0x7f0000000380)=<r7=>0x0)
r8 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r8, &(0x7f0000000840)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x24}}, 0x10)
sendmsg$rds(r8, &(0x7f0000000000)={&(0x7f0000000040)={0x1b, 0x0, @private=0xa010100}, 0x10, 0x0, 0x0, &(0x7f0000000a40)=[@mask_cswp={0x58, 0x114, 0x9, {{0x7fff, 0x80000000}, 0x0, 0x0, 0x9, 0x8, 0x3, 0x800, 0x47, 0x6}}], 0x58}, 0x0)
syz_io_uring_submit(r6, r7, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {0x211}, 0x1})
io_uring_enter(r5, 0x234e, 0xb1e6, 0x1, 0x0, 0x14)
r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_sys\x00', 0x275a, 0x0)
fcntl$lock(r9, 0x6, &(0x7f0000000000)={0x0, 0x0, 0x8})
fcntl$lock(r9, 0x26, &(0x7f0000000080)={0x1, 0x0, 0x2007, 0x1fd})
mount$9p_fd(0x0, 0x0, &(0x7f0000001780), 0x8, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xd, 0x3, &(0x7f0000000580)=ANY=[@ANYBLOB="b40000000000000061111400000000009500740000000000802c9f899d8473ebe909a2856fa5f0ae8b85ec69780607ba90a86b1d2fa2f41c42fe2e03f8166e9e31506768d675b36f5642bccd275e887d8dbf71d69560e34a8d30951c021cf3acf74df38301c6232b88c932dc390f940e5a4b48b5341b9ec7fede97"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)

4.394943783s ago: executing program 1 (id=1597):
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0201, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000001340))
ioctl$SNDCTL_DSP_CHANNELS(r0, 0xc0045006, &(0x7f0000000180)=0x6f)
syz_usb_connect(0x1, 0xfffffffffffffd22, 0x0, 0x0)
r1 = openat$dsp1(0xffffffffffffff9c, 0x0, 0x0, 0x0)
read$dsp(r1, &(0x7f0000001600)=""/4085, 0xff5)
write$dsp(r0, &(0x7f00000012c0)="a52876830a602214f6b4e928d758f38a5a7cb4b31c4c09289e9ebb6286784ca3", 0x4000) (fail_nth: 4)

4.372342101s ago: executing program 2 (id=1598):
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x60281, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
listen(0xffffffffffffffff, 0x7fff)
pselect6(0x40, &(0x7f0000000040)={0x5, 0x8, 0xd95, 0x1, 0xffff, 0xfffffffffffffffd, 0x8000000000000000, 0x100000001}, 0x0, &(0x7f0000000140)={0x0, 0x3ff, 0x367d, 0x9, 0xb5, 0x47c, 0x7, 0x9}, &(0x7f0000000180)={0x0, 0x3938700}, &(0x7f0000000340)={&(0x7f0000000200)={[0x6, 0xce]}, 0x8})
connect$phonet_pipe(0xffffffffffffffff, 0x0, 0x0)
socket$kcm(0xa, 0x922000000003, 0x11)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1804000000000000000000000000000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)

3.521852799s ago: executing program 3 (id=1602):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000140)='contention_end\x00', r0}, 0x10)
syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB="04ffff"], 0x7)
syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="043e0c0f"], 0xf)

3.521586585s ago: executing program 1 (id=1603):
r0 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB], 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000780)={0x44, &(0x7f0000000200)=ANY=[@ANYRES32, @ANYRES64, @ANYRES16], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
ioctl$EVIOCGMASK(r1, 0x80015b1a, 0x0)

3.499268871s ago: executing program 2 (id=1604):
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0201, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000001340))
syz_usb_connect(0x1, 0xfffffffffffffd22, 0x0, 0x0)
socketpair$tipc(0x1e, 0x2, 0x0, 0x0)
write$dsp(r0, &(0x7f00000012c0)="a52876830a602234f6b4e928d758f38a5a7cb4b31c4c09289e9ebb6286784ca3", 0x4000)

3.441326082s ago: executing program 3 (id=1605):
r0 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x1458c2, 0x0)
r1 = openat$random(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x15) (fail_nth: 2)

3.321604036s ago: executing program 3 (id=1606):
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x60281, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
listen(0xffffffffffffffff, 0x7fff)
pselect6(0x40, &(0x7f0000000040)={0x5, 0x8, 0xd95, 0x1, 0xffff, 0xfffffffffffffffd, 0x8000000000000000, 0x100000001}, 0x0, &(0x7f0000000140)={0x0, 0x3ff, 0x367d, 0x9, 0xb5, 0x47c, 0x7, 0x9}, &(0x7f0000000180)={0x0, 0x3938700}, &(0x7f0000000340)={&(0x7f0000000200)={[0x6, 0xce]}, 0x8})
connect$phonet_pipe(0xffffffffffffffff, 0x0, 0x0)
socket$kcm(0xa, 0x922000000003, 0x11)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1804000000000000000000000000000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000200)='inet_sk_error_report\x00', r2}, 0x18)
r3 = socket$kcm(0x10, 0x2, 0x4)
r4 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0)
writev(r4, &(0x7f00000000c0)=[{&(0x7f0000000140)='2', 0x1}], 0x1)
sendmsg$kcm(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="48000000150081fb7059ae08060c04000aff0f11000000040011018701546fabca1b4e7d06a6bd7c493872f750375ed08a562af5745e17b8c119418f0f000000d6e74703c48f93b8", 0x48}], 0x1}, 0x0)
ioctl$TIOCSETD(r1, 0x5423, 0x0)
syz_io_uring_setup(0x2be, &(0x7f0000000240)={0x0, 0x4331, 0x1, 0x2, 0x113}, 0x0, &(0x7f0000000000)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(0x0, r5, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x9, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3fe, 0x5, 0x3, 0x9, 0x8, 0x45ff, 0x7ffffffc}, 0x0, 0x0)
mknod$loop(0x0, 0x0, 0x0)
r6 = openat$cuse(0xffffff9c, &(0x7f00000003c0), 0x2, 0x0)
read$FUSE(r6, 0x0, 0x0)
write$FUSE_INIT(0xffffffffffffffff, 0x0, 0x0)

2.510936206s ago: executing program 0 (id=1613):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb4b, 0x9, 0x8, 0x0, 0x400003}, 0x0)
r2 = socket$inet6_udplite(0xa, 0x2, 0x88)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_IOEVENTFD(r4, 0x4040ae79, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, 0x0, 0x0)
syz_open_dev$sndctrl(0x0, 0xfffffffffffffffc, 0x40000)
r5 = syz_open_dev$sndctrl(&(0x7f00000000c0), 0x10000, 0x200000)
ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r5, 0x80045530, &(0x7f0000000140)=""/18)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r3, 0xc0502100, &(0x7f00000001c0)={0x0, <r6=>0x0})
r7 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
copy_file_range(r7, 0x0, r7, 0x0, 0x4, 0x0)
prlimit64(r6, 0xe, 0x0, 0x0)
socket$alg(0x26, 0x5, 0x0)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x40}, 0x0)
sendmsg$NFT_BATCH(r8, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000680)=ANY=[@ANYBLOB="14000000100001000000000000b890c1a000000a80000000160a01030000000000000000020000000900020073797a30000000000900010073797a30000000005400038008000240000000000800014000000000400003801400010076657468315f746f5f6272696467650014000100776732000000000000000000000000001400010076657468305f746f5f7465616d00000014000000110001"], 0xa8}}, 0x0)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_wireguard(r9, 0x8933, &(0x7f0000000080)={'wg2\x00', <r11=>0x0})
sendmsg$WG_CMD_SET_DEVICE(r9, &(0x7f0000000100)={0x0, 0x3f, &(0x7f00000000c0)={&(0x7f0000000640)={0x20c, r10, 0x1, 0x0, 0x0, {}, [@WGDEVICE_A_PRIVATE_KEY={0x24, 0x3, @a}, @WGDEVICE_A_FLAGS={0x8}, @WGDEVICE_A_PEERS={0x1bc, 0x8, 0x0, 0x1, [{0x8c, 0x0, 0x0, 0x1, [@WGPEER_A_ENDPOINT6={0x20, 0x4, {0xa, 0x0, 0x0, @dev}}, @WGPEER_A_ENDPOINT4={0x14, 0x4, {0x2, 0x0, @multicast1}}, @WGPEER_A_PUBLIC_KEY={0x24, 0x1, @neg}, @WGPEER_A_ENDPOINT6={0x20, 0x4, {0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}, @WGPEER_A_FLAGS={0x8}, @WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL={0x6}]}, {0x12c, 0x0, 0x0, 0x1, [@WGPEER_A_ALLOWEDIPS={0xd8, 0x9, 0x0, 0x1, [{0x70, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @remote}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @mcast1}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @empty}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @dev}, {0x5}}]}, {0x64, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @multicast2}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @dev}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @ipv4={'\x00', '\xff\xff', @dev}}, {0x5}}]}]}, @WGPEER_A_PRESHARED_KEY={0x24, 0x2, "2767b524f45e9dfaf001c414581741c92349c3b6661d9864680582bd184ef1a6"}, @WGPEER_A_ALLOWEDIPS={0x8, 0x9, 0x0, 0x1, [{0x4}]}, @WGPEER_A_PUBLIC_KEY={0x24, 0x1, @neg}]}]}, @WGDEVICE_A_FWMARK={0x8}, @WGDEVICE_A_IFINDEX={0x8, 0x1, r11}]}, 0x20c}}, 0x0)

2.482091404s ago: executing program 3 (id=1614):
socket$nl_route(0x10, 0x3, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0x3, &(0x7f0000000300)=ANY=[@ANYRESOCT, @ANYRES64=<r0=>0xffffffffffffffff, @ANYBLOB="44a8", @ANYRESDEC], &(0x7f0000000280)='GPL\x00', 0xa, 0xb9, &(0x7f0000000140)=""/185, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat$proc_mixer(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/asound/card0/oss_mixer\x00', 0x0, 0x0)
bind$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
writev(0xffffffffffffffff, &(0x7f0000000200)=[{&(0x7f00000000c0)='X', 0x8030000}], 0x1)
io_setup(0x8, &(0x7f00000002c0))
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYRES16=r0, @ANYRES16=r2, @ANYRESHEX=0x0], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000019007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r5 = syz_open_dev$usbfs(&(0x7f0000000480), 0x77, 0x41341)
ioctl$USBDEVFS_IOCTL(r5, 0xc0105512, &(0x7f0000000040))
ioctl$USBDEVFS_IOCTL(r5, 0xc0105512, &(0x7f0000000000)=@usbdevfs_connect)
socket$inet_udp(0x2, 0x2, 0x0)
openat$binderfs(0xffffff9c, &(0x7f0000000280)='./binderfs/binder1\x00', 0x800, 0x0)
syz_open_procfs(0xffffffffffffffff, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
r6 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x10, &(0x7f0000002140)={{'fd', 0x3d, r6}, 0x2c, {'rootmode', 0x3d, 0x4000}})
chdir(&(0x7f0000000080)='./file0/file0\x00')

1.510871275s ago: executing program 0 (id=1615):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000020000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000340)='kfree\x00', r4}, 0x10)
add_key(&(0x7f00000001c0)='ceph\x00', 0x0, &(0x7f0000000840)='\x00\x00\x00\x00\x00\x00\x00\x00\x00*\x00\x00', 0xc, 0xffffffffffffffff)
r5 = socket(0x1f, 0x3, 0x2)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000001880)=ANY=[@ANYBLOB="b700000081000000bfa30000000000000703000003feffff720a00fef8ffffff71a4f1ff0000000071302000000000001d400500000000004704000001ed00000f030000000000001d44000000000000620a00ff040400007203000000000000b500f7ff000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fe51bef7af9aa0d7d600c095199fe3380d28e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51bf900000000000000d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a22048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93020000000000000080e69db384ac7eeedcf2ba3a9508f9d6aba582a896a9f1e096df6ecea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00e10000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f6f096753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c2571f983e9673560000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d490cba8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e16e1461173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b583cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd84990453f006694d461b76a58d88cf0f520310a1e80dc18cde98d662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6032399f87a7a14245bbd796a09313b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c00000000000000f59dd19e8d525206c0a728cfd42193abe8130bc01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ed1012fd7a8139166fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336d205c5913ef67cf0216e2d81e6127bd9d7fab28800eaab2355992f8ce4cd38add4b272c0bee4076ca4847ffa691cf78fb7ec212bad3bef29f577ea7159b7f3025b3d977ff7c91024cf71126233cb8791c3c"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xfffffffffffffd00, 0x0, 0xffffffffffffffff, 0xffffffffffffff20, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x5, &(0x7f0000000040)=@framed={{0x15, 0xa, 0x0, 0x0, 0x0, 0x61, 0x11, 0x8c}, [@initr0]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r5)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r8=>0x0})
sendmsg$NL80211_CMD_SET_KEY(r7, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)={0x3c, r6, 0x9, 0x0, 0xfffffffe, {{}, {@val={0x8, 0x3, r8}, @void}}, [@NL80211_ATTR_KEY={0x14, 0x50, 0x0, 0x1, [@NL80211_KEY_MODE={0x5, 0x9, 0x2}, @NL80211_KEY_IDX={0x5}]}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}]}, 0x3c}}, 0x0)
sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0)
r9 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$apparmor_exec(r9, &(0x7f0000000500)=ANY=[@ANYBLOB='exec \"'], 0xb0)

1.49824034s ago: executing program 3 (id=1616):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000140)=ANY=[@ANYBLOB="1201000000000040ac054382408b0b00000109022400010000002009040000fd0301000009210000000122010009058103"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f00000003c0)={0x24, 0x0, 0x0, &(0x7f0000000a80)=ANY=[@ANYBLOB="002281"], 0x0}, 0x0)
syz_usb_control_io(r0, &(0x7f0000000240)={0x18, 0x0, &(0x7f0000000180)={0x0, 0x3, 0x2, @string={0x2}}, 0x0, 0x0, 0x0}, 0x0)
r1 = syz_open_dev$hiddev(&(0x7f00000000c0), 0x0, 0x0)
ioctl$HIDIOCSREPORT(r1, 0x81044804, &(0x7f0000000400)={0x1, 0x1}) (fail_nth: 4)

450.331483ms ago: executing program 1 (id=1617):
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x80002, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x19)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
r2 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2)
ioctl$VIDIOC_S_INPUT(r2, 0xc0045627, &(0x7f00000000c0)=0x3)
syz_io_uring_submit(0x0, 0x0, 0x0)
io_uring_enter(0xffffffffffffffff, 0x2def, 0x2e0e, 0x0, 0x0, 0xffffffffffffffa2)
mkdirat(r1, 0x0, 0x0)
write$rfkill(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x1, 0x3, 0x1}, 0x8)
r3 = syz_io_uring_setup(0x49dc, &(0x7f0000000580)={0x0, 0x50a2, 0xb5a65093f344f3cc, 0x2, 0x352, 0x0, r1}, &(0x7f0000000240), &(0x7f0000000380))
syz_io_uring_setup(0x7c9b, &(0x7f00000003c0)={0x0, 0x4a67, 0x2, 0x3, 0x6e, 0x0, r3}, &(0x7f0000000440), &(0x7f0000000500))
syz_usb_connect(0x2, 0x24, 0x0, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0xc, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000feffffff00000000000004008500000036000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000010400000850000000600000095"], &(0x7f00000001c0)='GPL\x00', 0x2, 0x0, 0x0, 0x41000, 0x44, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
openat$sndseq(0xffffff9c, &(0x7f0000000100), 0x4e0180)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000140)={r4, 0x0, 0xe, 0x0, &(0x7f0000000200)="ff7f0e3f2617d1f439b5a1db8511", 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x9, 0x6}, 0x50)
r5 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000200), 0x4000000004002, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[], 0x28}, 0x1, 0x0, 0x0, 0x20000800}, 0x4005)
r6 = fsmount(0xffffffffffffffff, 0x1, 0x0)
fchdir(r6)
ioctl$SIOCSIFHWADDR(r6, 0x8924, &(0x7f0000000540)={'veth0_macvtap\x00', @random="16166a5dd3ae"})
r7 = dup(r5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000007, 0x38011, r7, 0x0)
r8 = fsopen(&(0x7f0000000280)='ramfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r8, 0x2, &(0x7f0000000080)='disBard', &(0x7f0000000200)='\x00', 0x1)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x17)

449.840977ms ago: executing program 2 (id=1618):
r0 = socket(0x10, 0x80002, 0x0)
getpeername$llc(r0, &(0x7f0000000040)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @broadcast}, &(0x7f0000000080)=0x10)
sendmsg$nl_route_sched(r0, &(0x7f0000001240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000004c0)=@newtaction={0x14, 0x30, 0x51b}, 0x14}}, 0x0)

171.837246ms ago: executing program 2 (id=1619):
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000000c0)="d80000001c0081044e81f782db44b9040a1d080214000000020003a118000c000300000000000e1208000f0100810401a8001600200001400300000803600cfab94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef075c11503c6bbace8017cb090000001fb791643a5ee4001b146218a07445d6d930dfe1d9d322fe7c9fd68775730d16a4683f5aeb4edbb57a5025ccca9e00360db70100000040fad95667e0060000000000000080bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd68adbef3d93452a00"/216, 0xd8}], 0x1, 0x0, 0x0, 0x7400}, 0x20000080)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000c40)=@newtaction={0x10d0, 0x30, 0x1, 0x0, 0x0, {}, [{0x10bc, 0x1, [@m_vlan={0x1070, 0x1, 0x0, 0x0, {{0x9}, {0x44, 0x2, 0x0, 0x1, [@TCA_VLAN_PARMS={0x1c, 0x2, {{0x9, 0x78, 0x3, 0x6976, 0x10000}, 0x3}}, @TCA_VLAN_PARMS={0x1c, 0x2, {{0xa00, 0x1ff, 0x5, 0xc, 0x2}, 0x2}}, @TCA_VLAN_PUSH_VLAN_PRIORITY={0x5, 0x6, 0x6}]}, {0x1004, 0x6, "81b96b5ec344caab9f03cf5247e66e65457be1ed572a4b36839efb29b779b48afc452a2a8b40fdf965ec583a012a4d9726b01b2eacaecf8765a24fd1f345496aa1f1df7ca2e5f5da7b831dc743b809622f84a6d27bc7873b5585b7e84e1b8f945c84c4653fc53236e559ff56305510834c9cc523aed82f81b0ef6a3d8cca42e4d72653cf8869ed476e5de75a89e053e7f5fa43c24a2c0bcd00915929d21c9b17f5dfa384554b698246353693ea904226b624a62e2e311c31e61964519a8603463cdf0012fa94bc608e421a0c6a2e45049f83ce0d70c3222af37541a3ca655ee57b24398d683391145277f784107ded23f542b07df95a88be9e0b319e75c9abaaaf31340b2ca6fc4c1cf36b4182394657f6509e26080549792e020b6b76c702a2d37da0acfa2920a42ec798fb373f3e55f1097111e4db31087debf044b0c311d00d34b026c2b95c3a581a0438db79eb0421f80958203063075bca8a7e0db074c3f4e0aaf66f7a8d1011e8d1f15468f3773de96568f1e7b44bc6b688b6163e47f577957b205eb20d76dec691868d8bf69a6a83bb78a606bd896bcf3d7bcdc0735e1ac3725cc6d94d76aec5d4ceccf2319bfaec1636b6b70b0c437eee97664ceaec53422fe92c6c0ebde35fe831536220c932ed2b0c82f59361d27aa39dcfffd32a7fde9f0039641326ea9ddc4b403b03a8cbfd95717c301dd8af93e30244ce7bc6fd93429af651a26f10f7df15e6075fc04d10f5ca321a789c0634aee53b48969d48c27a05cb14ec88013ae8d914269025cc5bfbc5ffbc195d1ac286866e9969c58d1fcd08a425b6c04793080b89bdf627b43276f0de5f134b131f7c78e52a796cbd8d57cc9debdc030a2b1cd1647b16ba3ed5ce0120bbb010ae0d12886b09f3efbd6814f0a8efe11a371ef089e163d66da693c327cf2e3972192e9884cbd7f5978c49ff5d5e9be1390d88968134d723a3e3c096ed244e14a2fb65ae22ea5b878d20be5256fce9edf06542d51eed76d036881965dec15bedbfad4e9c75fb9647f8f085bcb376703d01beb9d52c7e22e6c825c3a0ea2c453113b844c7af67db53f9876e81eabce6b3640ee627ce9387f532eaa3c171cb1282898874487a9ce94d9ca04e23f05eee7a06de21401813814c362016d0ebc9ed3edffe43ddb33e720b0c4a05e963f990d06cd5114797035bbd5e083d9dc7622ce454cb79317ed53467a559e83ea297dbab303f7f60ffb12b826fbd5cb360d2e6640b0515969399671de938de81c82a4060dfd8470949c8a95ee5f92e79f8ccdaf75e052862a04cf233e3a156ba86e12c68928d1e6673fdb6db179095a2208ec1a23c039807a331a89a17848db60667b15e268bcd57038bddd3c4778627433eb034b4a7edf9eb5d346c48cc0439c490ced1cc853ed42a00f130b17babfd63b933faa8d0fc35a2edf281008c971f67c37abbdfd98c1293a198774de59ea538a2c8f3f6e3fc7d8e1a7d7348741a8ceddddad066e871a69bdcbcb38089cb5aa5e5f1504d8081be1018e6accc14c0170a4fdc14297dda8e1eef421ad609df77669417698000b8148c657e22baf24ad89318059bf44bab8f188535f5b5b64eb270bc0f77b264ed649b4848c9cb3237617e74be6f6645eeeeaab92a8cea4533a48184449e7aa15ecd77e3326eeb04c7371d1e829a3ef10d34ec5e431ae816184798e5f5787cb109964c9e762298a4e762400b6bc4ac671f6a6c1f4863d9ed528ed7c118c20d349d56c20d7fcd902d8b77cf321fca6cd29777db4e33a212dc8f2c08f2ca41eafa1dc3a001f689bcfb7b095bfe9a6c0731677d697a109664c0228544b5d81db74588aefdef2926980b37f4a12290b85839b81b6a05ebb4fc61d9f84e49cb997db484e7a13223b5a305467fd11623f30e0756ae3d32feafd18fb5ab444f81f0cc6d4589f5f9423ba2458bca344d477c78662787a7135ab00d5db3bca3a59a8e246994252b02d3d19603d93e105f371556d3a506781d947ee9e102232a6cb39e6da923a22d1dc536d7f02f979e1255b1748ce9f5d0d3a0907729a28e9a4a02d766b8238b0a21c5e874d054bade749126b7fb1109477720e6e0f5584735277076cac2fdb203d33d319bb76f1ab91821f79b543de61e6b6b64c7bfa68344aa2a7ecf953538c4ce8217446996150d355b5cce086190c056dd0d19529e9b971da0d76f9f390aaf1214281af17728ecf614ffa8859c8b3adbc3ee9e1f337b335256445f4632a3789f713380009b9d891c1b971ebc89afe79362d5314e03a9390510ccc40b3df89b30b4ff3b69af1c6ebe0b60ca5980d82b8e718f2140eac46cfc403d5f74e3b6a12487a32527e9a19a7d750176960f2f02e7b5535b625e7f2402af8596d892b51e5fc96192aaf90d720780dd1c4737419170389b40b667952bb57cd5b12da0755b4ef55a83c10135a69fe6f62312473b113f177a9ec382c476edeb438ba560ad518f41eb181756d7bcf496d6bcb8b1a86c2e602777ce5cf09ffeb69c98f921b5ca50da57698ef6c4a2c6446970ddca229607e86a2d5cb02ffb03add70ed89fad2f377976b201b5dea702e14d3e8f09a52af775ed156d804ee904b9213345db5f99b9a9531b299603ae531dc316f7bd0ef1ac418410102ca490545e06913c7f29b1de1c1fd0ac585fa7d47217fe2b88a773acc618bf5deef3d247dcc3a652077dc855b50a9b59358ce6fcb59876178f4dbb8dd98305fe2037eb6617f3b5fb7db061259d5859a1e12f9548f5be8cec86d0e81d0e9af047553e5cf3f74d4a61d12d3bd3abdbe1cb819be27232f43bd9b44788b6ff02b7367ea5da412d0a60b738723de411ad7e78029323ae03421731abd8cae60d2bcd1b3b80437092037fdf5bdfc631653717a765fa02f5af2b2882eff2886ae151810b1c900ea49eab219368d4435cf05c3b82168fa38c2a65d31fe2e7254f1d596b0a48ea061879ab103c410d78682910a584883a670bfc5476712cf9ca051d7013c2addaadd9d1ed594b3082dc74c385eda6263ad9ebb12d0ff2cd40808eeb36726f48ef7c48abe2b6373638b987d5e1093786dae9e746844843de42598b435329ced569df3d4015dea9ba08ec2cc15984a19caa5406fd36b03eaa6543c4facea75c4b1b35a515b9c9cae522009c1c49039f64c4fd6854c2a6cb3afdbbac62cd1bcc90ee9823af91681f8f556c105a242aa1d818235042a4a16fe73a5af3386c0fdcf72795d3339a1aaae6ca379447a0d5c728ad88c44daf4bb720ec4fffcda5ee7f3c91b07ecb6158c8f74b417ec564138340c330f49bc1bd68cf79145bd78e20bd468d7c8fd0b50a33cd3376663b3571c1e205de9cee3564c1e4ae3bd98fa1df027528391ea7954d9826f64aa55c87fe0a864fa1f14241ca236ec689c4dff1e19ed5213d86c3bf06aea0fc78f9049e37274ef0f25e96e971c0dd612f2f75eb4e8a8570dfa20979c923a277fb02df5f7cbfd183bcfc00570c9cb7acb52eb1d169b0452dfeb30d8f7230675b4360e4cb7affbbf3efa7bd14e5527158cfc6b4dca7f193370bd92bfa14ae49025270b7fd26515876ea4dbb26a9f86d4ae345935f234ad9c37e3a43f89f1f204960f74c910ef10c8d6f8b91c087a17acfe7452e38e82b0585a17f1198101ce45bbffbdaae716f1b1f03e272073a0c10800140807d9b91281b055dfffb79f5da0d5e2508550722516a3b80d1e8e6b50b971a84910951ad42267571a06e14bfa1abdfa010a74845fd781de949cf173d8aaf612bf7de921b9b94f43f9d64d533f8b12379211a73f72d79ae68eb97dfe895c54c95536fa9801254086b0aa725b3cd55c958401b70d7c4ec7bdcf67febf61d6d7c1972f3212a9a7e5c8de95aa33c1e932178b39f778fea1e19b0e01c824070e7ea2f96563bc3ef383c9a89744b1b8a2be0a4a7be132dcc7c1e515d743df2f0a28e96c4e0ccfcba38b42b629ad063015a77a49f1701c0f52dc97c70f4374a85640d5bc5f3ee5a0c413385445a8a6cc47a6b038f32d74def02edf641b8634b1aa00822c9f67a015db343b374db26c9627d905c65aa1e73aa4b6b4701a06a6030340097921831ff49e63d6e1aec92cd80422b612567d0795acaeac220eb2534acf0aaac45ff2785d6aef6e84aa1980e88cb2d26900a61d3decb888f015acda4ac0c0cfa0841d8ba85aa087f1df6caac1c0c2c87cbc5318b85f0f1f6a06e690a61092f59fa201de5fffd0a2371441712ed6712d9a070fda7793b709fceb47d1103a858006a943d4db128a5dc6fe7cb233ce9e1eecdce7e89b3e196d384fb34287cb95a5690f648989eac1f27cb2798e06aeba56df541a09d7f7634b5836f368810b688287508c846edf4e0d70ce3249fa5c8c4f2273ff3aa4dfce8f1992aacfbc5934020e037246a84fadb19f15666ac4e6c11bf1ff048d3784801feda1dd3931345c223bc88f5f8362985af40a1bf8ba9902c4c28a00a3e8db971cf2fa28e0c9c67885a9a0d92d6fffc4afc5a31080a906bec855ab76e42a5d99169ef84ada98e8a0cada42b9c89eee329878a7a50a8b20b31154f10632925c02bda6704abd6443691bd911d7274b1fa629164b42e0ab640a9400042651b5d1de754f28882a1c14f930ab7328b993b6d7b0d04a3e775c326227a1bdd8c6bc65f9091744fcf60e8897e355e764e90debb4da07aaaae027e46129a7100cd0d85198816a7b61db54de6041760166b3a1cdc031e0f26ac541c322f3bc7ed98b26506a4c1f38e2395878ff85b486203e3e289967265e5463626a638e8dff364f1e7a34b388e2e49564edc02d5a0ecec020b2c746399aa81d5ed8be9613bbd48eb2500a5f6a377eb45efb7ebf14017fa167fc03eb62ab90e5286086b178d715b81d8edf28cb4bd7d22ab988eb57bd4b8ccf6e88d0545164d10261ee67158c39f47d5592b2b28f5da80ddb3a2c42e810fad10622f46c6f9d22c197098b6246296cd3f9cbd837d8ae9dbfb61edef3f28c73cc9540531f58b960a6dee76241419056a65c4fd7c68d1489482d0212abcf3981116cfdfae883efbec6d14114afb9002d381cfb2ed0fe3b5100cae9f0cbb8fe5cc0b903cf95bbec80b1d60c0a4885ebee5768c7cd2d28c38affd743399d0053a49db0be314a8beb1607e687ec629c7ecb6c5785c1b6d9a0dc3f081fcc9de288c029e07cb175f260fb342f34af81640896b793fe1f7d3cf32928b76b35f6a030336df06d7b1d9c716910db4a9123134c1481268b1d8e1d6b5d4e6c7294b4eb2dce07bb406e3e21b6acb8fbc57aea5c3a73114f7e6672319aa6155e942a2fa4ebbd5705b096ccce88084100900cb6438bf9c6682325ee854056f93a2cb32c4b63895ca899918b485957947e7e647a7ae6a6c155abef5b5a3352595799c1a50b1a2f34e8e4c87f6b879fa9fb4e5713a1f1dbdd241a946b334154023fed2a2676e04b4cee36017a23eed6b50b6eea04f20aa43e9f2e42f82dd60895ab16a78d714f8fa53f19a8075ba02fbd61fef4e775c7101a96c9d5763781f9ae9fd9edd3d7757ca721219d7c61b9d8c09031c6ec9ab35111c261e72cd7ddb5c9a460bab0f827ba5487d5ef01e7f244fc4bbb17b4c02b6693d83c8ca40fd5c9d21060ff2743418a3d2a9db17bd270ddb7a1fb0093eb3a3c483c7ec95122b71b8a79292f89a92c6b25d895b7f12a4ee98ec3f4b7e5f4339e1d51551ace3b72d703cfbfa41e25f4f3f5da5395c17f7a78c78ffb958a420381183bd154ed631a84011d59d621c607a6155a360030b03b35b437bebf5ddeff8"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x3, 0x2}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{}, 0x80}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x10d0}, 0x1, 0x0, 0x0, 0x800}, 0x40000)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r4 = socket(0x2c, 0x4, 0x0)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f00000003c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x141)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e642c6163638173733d616e792c63616368653d667363616368652c76657273696f6e3d3970323030302e75"])
chdir(&(0x7f0000000300)='./file0\x00')
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.throttle.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r7, &(0x7f0000000100), 0x4)
r8 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0, 0x30)
r9 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000580)=ANY=[@ANYBLOB="f800000016008502000000000000000020010000000000000000000000000002a600000200"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000"/15], 0xf8}}, 0x0)
sendmsg$nl_xfrm(r9, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000000)=ANY=[], 0x134}}, 0x0)
lseek(r8, 0xfffffffc, 0x1)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000340)={'wlan0\x00', <r10=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="050000000000000000000600000008000300", @ANYRES32=r10, @ANYBLOB="0820050003000000"], 0x24}}, 0x0)

141.470753ms ago: executing program 0 (id=1620):
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143042, 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000100)='./file1\x00', &(0x7f0000000140), 0x2, &(0x7f0000002400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r0, &(0x7f0000000200)={0x2020, 0x0, <r1=>0x0}, 0x2020)
open(&(0x7f00000000c0)='./file1\x00', 0x300, 0x0)
write$FUSE_INIT(r0, &(0x7f0000002300)={0x50, 0x0, r1, {0x7, 0x9, 0x0, 0x1030002}}, 0x50)
read$FUSE(r0, &(0x7f0000004580)={0x2020, 0x0, <r2=>0x0}, 0x2020)
write$FUSE_INTERRUPT(r0, &(0x7f0000002240)={0x10, 0xffffffffffffffda, r2}, 0x10)
r3 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
write$FUSE_NOTIFY_STORE(r0, &(0x7f0000002280)={0x29, 0x4, 0x0, {0x1, 0x2, 0x1, 0x0, [0x0]}}, 0x29)
dup3(r3, r0, 0x0)

69.855085ms ago: executing program 0 (id=1621):
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x6a)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = openat$cgroup_procs(r0, 0x0, 0x2, 0x0)
socket$netlink(0x10, 0x3, 0x0)
lseek(r1, 0x4, 0x0)

69.56669ms ago: executing program 0 (id=1622):
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0}, 0x30)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = openat$cgroup_procs(r0, &(0x7f0000000480)='cgroup.threads\x00', 0x2, 0x0)
socket$netlink(0x10, 0x3, 0x0)
lseek(r1, 0x4, 0x0)

0s ago: executing program 0 (id=1623):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0x3)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000000280)={<r2=>0x0, @in={{0x2, 0x4e20, @multicast2}}, 0x9, 0x0, 0x8, 0x8, 0xd0, 0x876, 0x3}, &(0x7f0000000000)=0x9c)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r1, 0x84, 0x75, &(0x7f00000000c0)={r2, 0x4e}, 0x8)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r3 = syz_open_dev$usbfs(&(0x7f0000000080), 0x77, 0x101301)
ioctl$USBDEVFS_CONNECTINFO(r3, 0x80045503, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0a00000004000000040000000a"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000180100002020702500000000002020207b0af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007200000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='tlb_flush\x00', r5}, 0x10)
r6 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0xd, 0x3, &(0x7f0000000380)=@raw=[@call={0x85, 0x0, 0x0, 0x6e}, @map_idx={0x18, 0x7, 0x5, 0x0, 0xa}], &(0x7f00000003c0)='GPL\x00', 0xffff, 0x79, &(0x7f00000004c0)=""/121, 0x41000, 0x2c, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x8, &(0x7f00000005c0)={0x9, 0x1}, 0x8, 0x10, &(0x7f0000000600)={0x0, 0xf, 0x4, 0x3}, 0x10, 0x0, r6, 0x6, &(0x7f0000000640)=[r4, r4, r4, 0xffffffffffffffff, r4, r4, r4, 0xffffffffffffffff], &(0x7f0000000680)=[{0x5, 0x4, 0x3, 0xa}, {0x1, 0x5, 0x9, 0x8}, {0x2, 0x5, 0x8, 0x5}, {0x2, 0x2, 0xf, 0x6}, {0x1, 0x1, 0x5}, {0x3, 0x1, 0x4, 0x3}], 0x10, 0x5, @void, @value}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r7 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r8 = dup(r7)
write$6lowpan_enable(r8, &(0x7f0000000000)='0', 0xfffffd2c)
r9 = syz_io_uring_setup(0x239, &(0x7f0000000740)={0x0, 0xb1ea, 0x10100, 0x0, 0x0, 0x0, r8}, &(0x7f0000000180)=<r10=>0x0, &(0x7f00000001c0)=<r11=>0x0)
syz_io_uring_submit(r10, r11, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r7, 0x0, 0x0, 0x0, {}, 0x1})
io_uring_enter(r9, 0x2ded, 0xef92, 0x0, 0x0, 0x0)
gettid()
r12 = eventfd2(0x0, 0x0)
read$eventfd(r12, &(0x7f0000000040), 0x8)
ioctl$FIONREAD(r0, 0x541b, &(0x7f0000000340))
ioctl$PPPIOCGFLAGS1(0xffffffffffffffff, 0x8004745a, &(0x7f0000000100))

kernel console output (not intermixed with test programs):

get_files+0x20e/0x3c0
[  170.364814][ T8876]  ? handle_mm_fault+0x230/0xd10
[  170.364829][ T8876]  __ia32_compat_sys_open+0x146/0x1e0
[  170.364841][ T8876]  ? __pfx___ia32_compat_sys_open+0x10/0x10
[  170.364860][ T8876]  ? rcu_is_watching+0x12/0xc0
[  170.364870][ T8876]  ? syscall_enter_from_user_mode_prepare+0x68/0xe0
[  170.364889][ T8876]  __do_fast_syscall_32+0x7c/0x3a0
[  170.364900][ T8876]  do_fast_syscall_32+0x32/0x80
[  170.364909][ T8876]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  170.364921][ T8876] RIP: 0023:0xf712e579
[  170.364930][ T8876] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  170.364941][ T8876] RSP: 002b:00000000f511e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000005
[  170.364951][ T8876] RAX: ffffffffffffffda RBX: 00000000800000c0 RCX: 0000000000000000
[  170.364958][ T8876] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  170.364963][ T8876] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  170.364969][ T8876] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  170.364975][ T8876] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  170.364987][ T8876]  </TASK>
[  170.506302][ T8874] snd_dummy snd_dummy.0: control 0:0:0:syz1:0 is already present
[  171.169278][   T24] usb 7-1: new high-speed USB device number 6 using dummy_hcd
[  171.233234][ T8894] block device autoloading is deprecated and will be removed.
[  171.255697][ T8896] syz_tun: entered allmulticast mode
[  171.261159][ T8895] syz_tun: left allmulticast mode
[  171.319532][   T24] usb 7-1: Using ep0 maxpacket: 8
[  171.323362][   T24] usb 7-1: config index 0 descriptor too short (expected 301, got 45)
[  171.326934][   T24] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  171.330557][   T24] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  171.333711][   T24] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  171.336969][   T24] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  171.341300][   T24] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  171.344222][   T24] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  171.558066][   T24] usb 7-1: usb_control_msg returned -32
[  171.560978][   T24] usbtmc 7-1:16.0: can't read capabilities
[  171.570979][   T24] usb 7-1: USB disconnect, device number 6
[  171.585832][ T8898] snd_dummy snd_dummy.0: control 0:0:0:syz1:0 is already present
[  171.863679][ T8905] 9pnet_virtio: no channels available for device syz
[  172.109260][ T6033] usb 8-1: new high-speed USB device number 20 using dummy_hcd
[  172.229273][ T8910] Bluetooth: MGMT ver 1.23
[  172.259253][ T6033] usb 8-1: Using ep0 maxpacket: 8
[  172.263174][ T6033] usb 8-1: config index 0 descriptor too short (expected 301, got 45)
[  172.266199][ T6033] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  172.270991][ T6033] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  172.275050][ T6033] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  172.279095][ T6033] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  172.285573][ T6033] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  172.289622][ T6033] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  172.373851][ T8916] snd_dummy snd_dummy.0: control 0:0:0:syz1:0 is already present
[  172.504546][ T6033] usb 8-1: usb_control_msg returned -32
[  172.509348][ T6033] usbtmc 8-1:16.0: can't read capabilities
[  172.577470][ T8918] netlink: 8 bytes leftover after parsing attributes in process `syz.0.836'.
[  173.531059][ T8918] ceph: No mds server is up or the cluster is laggy
[  173.932979][ T8937] netlink: 'syz.0.839': attribute type 10 has an invalid length.
[  173.959811][ T8936] netdevsim netdevsim1 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0
[  173.962851][ T8936] netdevsim netdevsim1 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0
[  173.966135][ T8936] netdevsim netdevsim1 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0
[  173.969918][ T8936] netdevsim netdevsim1 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0
[  173.973127][ T8936] geneve3: entered promiscuous mode
[  173.974906][ T8936] geneve3: entered allmulticast mode
[  174.862157][ T6033] usb 8-1: USB disconnect, device number 20
[  174.883593][   T40] kauditd_printk_skb: 7 callbacks suppressed
[  174.883605][   T40] audit: type=1800 audit(1749795461.073:926): pid=8948 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.843" name="/" dev="fuse" ino=1 res=0 errno=0
[  174.922371][   T34] hid-generic 0002:0004:0000.0019: unknown main item tag 0x0
[  174.924704][   T34] hid-generic 0002:0004:0000.0019: unknown main item tag 0x0
[  174.930568][   T34] hid-generic 0002:0004:0000.0019: unknown main item tag 0x0
[  174.937954][   T34] hid-generic 0002:0004:0000.0019: hidraw1: <UNKNOWN> HID vffffff.ff Device [syz0] on syz0
[  175.570220][ T8970] syz_tun: entered allmulticast mode
[  175.593076][ T8969] syz_tun: left allmulticast mode
[  175.638474][ T8972] netlink: 20 bytes leftover after parsing attributes in process `syz.2.850'.
[  176.311693][    T9] hid-generic 0002:0004:0000.001A: unknown main item tag 0x0
[  176.314871][    T9] hid-generic 0002:0004:0000.001A: unknown main item tag 0x0
[  176.321964][    T9] hid-generic 0002:0004:0000.001A: unknown main item tag 0x0
[  176.331549][    T9] hid-generic 0002:0004:0000.001A: hidraw1: <UNKNOWN> HID vffffff.ff Device [syz0] on syz0
[  176.367246][ T8986] fido_id[8986]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  176.519276][ T6033] usb 8-1: new high-speed USB device number 21 using dummy_hcd
[  176.560703][ T8977] syz.2.851 (8977) used greatest stack depth: 19240 bytes left
[  176.689220][ T6033] usb 8-1: Using ep0 maxpacket: 8
[  176.691876][ T6033] usb 8-1: config index 0 descriptor too short (expected 301, got 45)
[  176.694179][ T6033] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  176.696920][ T6033] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  176.700430][ T6033] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  176.703237][ T6033] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  176.706606][ T6033] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  176.709067][ T6033] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  176.915152][ T6033] usb 8-1: usb_control_msg returned -32
[  176.916854][ T6033] usbtmc 8-1:16.0: can't read capabilities
[  177.319442][ T9006] netlink: 20 bytes leftover after parsing attributes in process `syz.0.859'.
[  177.496230][ T9014] 9pnet_fd: Insufficient options for proto=fd
[  177.781653][  T217] Bluetooth: hci4: Frame reassembly failed (-84)
[  177.797479][ T9017] FAULT_INJECTION: forcing a failure.
[  177.797479][ T9017] name failslab, interval 1, probability 0, space 0, times 0
[  177.801473][ T9019] nbd0: detected capacity change from 0 to 4294967296
[  177.804471][ T9017] CPU: 3 UID: 0 PID: 9017 Comm: syz.0.863 Not tainted 6.16.0-rc1-syzkaller-00101-g27605c8c0f69 #0 PREEMPT(full) 
[  177.804487][ T9017] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  177.804494][ T9017] Call Trace:
[  177.804498][ T9017]  <TASK>
[  177.804503][ T9017]  dump_stack_lvl+0x16c/0x1f0
[  177.804524][ T9017]  should_fail_ex+0x512/0x640
[  177.804539][ T9017]  ? fs_reclaim_acquire+0xae/0x150
[  177.804552][ T9017]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[  177.804567][ T9017]  should_failslab+0xc2/0x120
[  177.804577][ T9017]  __kmalloc_noprof+0xd2/0x510
[  177.804595][ T9017]  tomoyo_realpath_from_path+0xc2/0x6e0
[  177.804610][ T9017]  ? tomoyo_profile+0x47/0x60
[  177.804627][ T9017]  tomoyo_path_number_perm+0x245/0x580
[  177.804638][ T9017]  ? tomoyo_path_number_perm+0x237/0x580
[  177.804651][ T9017]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  177.804677][ T9017]  ? find_held_lock+0x2b/0x80
[  177.804687][ T9017]  ? hook_file_ioctl_common+0x145/0x410
[  177.804702][ T9017]  ? __fget_files+0x20e/0x3c0
[  177.804715][ T9017]  ? fput+0x60/0xf0
[  177.804727][ T9017]  security_file_ioctl_compat+0x9b/0x240
[  177.804741][ T9017]  __ia32_compat_sys_ioctl+0xc3/0x370
[  177.804755][ T9017]  __do_fast_syscall_32+0x7c/0x3a0
[  177.804766][ T9017]  do_fast_syscall_32+0x32/0x80
[  177.804776][ T9017]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  177.804790][ T9017] RIP: 0023:0xf712e579
[  177.804798][ T9017] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  177.804808][ T9017] RSP: 002b:00000000f511e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  177.804819][ T9017] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000000ab04
[  177.804825][ T9017] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  177.804831][ T9017] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  177.804836][ T9017] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  177.804842][ T9017] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  177.804855][ T9017]  </TASK>
[  177.804859][ T9017] ERROR: Out of memory at tomoyo_realpath_from_path.
[  177.873168][ T9017] block nbd0: shutting down sockets
[  177.909268][    C0] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  177.912116][    C0] Buffer I/O error on dev nbd0, logical block 0, async page read
[  177.914634][ T6744] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  177.917584][ T6744] Buffer I/O error on dev nbd0, logical block 0, async page read
[  177.920236][ T6744] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  177.923005][ T6744] Buffer I/O error on dev nbd0, logical block 0, async page read
[  177.925525][ T6744] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  177.928400][ T6744] Buffer I/O error on dev nbd0, logical block 0, async page read
[  177.937167][ T6744] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  177.939834][ T6744] Buffer I/O error on dev nbd0, logical block 0, async page read
[  177.942264][ T6744] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  177.945057][ T6744] Buffer I/O error on dev nbd0, logical block 0, async page read
[  177.947491][ T6744] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  177.959217][ T6744] Buffer I/O error on dev nbd0, logical block 0, async page read
[  177.961903][ T6744] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  177.964709][ T6744] Buffer I/O error on dev nbd0, logical block 0, async page read
[  177.967165][ T6744] ldm_validate_partition_table(): Disk read failed.
[  177.969592][ T6744] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  177.972395][ T6744] Buffer I/O error on dev nbd0, logical block 0, async page read
[  177.974865][ T6744] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  177.977701][ T6744] Buffer I/O error on dev nbd0, logical block 0, async page read
[  177.980438][ T6744] Dev nbd0: unable to read RDB block 0
[  177.982728][ T6744]  nbd0: unable to read partition table
[  177.988476][ T6744] ldm_validate_partition_table(): Disk read failed.
[  177.990900][ T6744] Dev nbd0: unable to read RDB block 0
[  177.992891][ T6744]  nbd0: unable to read partition table
[  179.171387][ T9029] netlink: 12 bytes leftover after parsing attributes in process `syz.0.865'.
[  179.228347][ T6477] usb 8-1: USB disconnect, device number 21
[  179.471034][ T9031] snd_dummy snd_dummy.0: control 0:0:0:syz1:0 is already present
[  179.652473][ T9037] netlink: 20 bytes leftover after parsing attributes in process `syz.1.868'.
[  179.789483][ T5963] Bluetooth: hci4: command 0x1003 tx timeout
[  179.791802][ T5956] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  180.577242][ T9053] netem: change failed
[  180.876802][   T61] hid-generic 0002:0004:0000.001B: unknown main item tag 0x0
[  180.882887][   T61] hid-generic 0002:0004:0000.001B: unknown main item tag 0x0
[  180.885404][   T61] hid-generic 0002:0004:0000.001B: unknown main item tag 0x0
[  180.890334][   T61] hid-generic 0002:0004:0000.001B: hidraw1: <UNKNOWN> HID vffffff.ff Device [syz0] on syz0
[  180.981471][ T9056] lo speed is unknown, defaulting to 1000
[  181.554526][ T9076] netfs: Couldn't get user pages (rc=-14)
[  182.085664][ T9092] netlink: 12 bytes leftover after parsing attributes in process `syz.2.880'.
[  182.167781][ T6033] hid-generic 0002:0004:0000.001C: unknown main item tag 0x0
[  182.173032][ T6033] hid-generic 0002:0004:0000.001C: unknown main item tag 0x0
[  182.175893][ T6033] hid-generic 0002:0004:0000.001C: unknown main item tag 0x0
[  182.184220][ T6033] hid-generic 0002:0004:0000.001C: hidraw1: <UNKNOWN> HID vffffff.ff Device [syz0] on syz0
[  182.518456][ T9102] syzkaller0: entered promiscuous mode
[  182.520352][ T9102] syzkaller0: entered allmulticast mode
[  182.805142][ T9109] 9pnet: Unknown protocol version 9p20\++}
[  182.905075][ T9115] FAULT_INJECTION: forcing a failure.
[  182.905075][ T9115] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  182.911776][ T9115] CPU: 2 UID: 0 PID: 9115 Comm: syz.0.890 Not tainted 6.16.0-rc1-syzkaller-00101-g27605c8c0f69 #0 PREEMPT(full) 
[  182.911801][ T9115] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  182.911812][ T9115] Call Trace:
[  182.911817][ T9115]  <TASK>
[  182.911824][ T9115]  dump_stack_lvl+0x16c/0x1f0
[  182.911854][ T9115]  should_fail_ex+0x512/0x640
[  182.911880][ T9115]  _copy_from_user+0x2e/0xd0
[  182.911907][ T9115]  get_user_ifreq+0x116/0x1c0
[  182.911923][ T9115]  sock_do_ioctl+0x16b/0x280
[  182.911942][ T9115]  ? __pfx_sock_do_ioctl+0x10/0x10
[  182.911958][ T9115]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  182.911991][ T9115]  ? __pfx_compat_raw_ioctl+0x10/0x10
[  182.912015][ T9115]  ? compat_raw_ioctl+0x4b/0x60
[  182.912039][ T9115]  compat_sock_ioctl+0x301/0x730
[  182.912062][ T9115]  ? __pfx_compat_sock_ioctl+0x10/0x10
[  182.912079][ T9115]  ? hook_file_ioctl_common+0x145/0x410
[  182.912103][ T9115]  ? __fget_files+0x20e/0x3c0
[  182.912124][ T9115]  ? fput+0x60/0xf0
[  182.912146][ T9115]  ? __pfx_compat_sock_ioctl+0x10/0x10
[  182.912165][ T9115]  __ia32_compat_sys_ioctl+0x242/0x370
[  182.912189][ T9115]  __do_fast_syscall_32+0x7c/0x3a0
[  182.912208][ T9115]  do_fast_syscall_32+0x32/0x80
[  182.912224][ T9115]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  182.912245][ T9115] RIP: 0023:0xf712e579
[  182.912259][ T9115] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  182.912275][ T9115] RSP: 002b:00000000f511e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  182.912290][ T9115] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000008933
[  182.912300][ T9115] RDX: 0000000080000040 RSI: 0000000000000000 RDI: 0000000000000000
[  182.912310][ T9115] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  182.912319][ T9115] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  182.912329][ T9115] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  182.912351][ T9115]  </TASK>
[  182.959304][ T6033] usb 7-1: new high-speed USB device number 7 using dummy_hcd
[  182.984619][ T9118] FAULT_INJECTION: forcing a failure.
[  182.984619][ T9118] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  182.998078][ T9118] CPU: 0 UID: 0 PID: 9118 Comm: syz.0.891 Not tainted 6.16.0-rc1-syzkaller-00101-g27605c8c0f69 #0 PREEMPT(full) 
[  182.998095][ T9118] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  182.998101][ T9118] Call Trace:
[  182.998106][ T9118]  <TASK>
[  182.998111][ T9118]  dump_stack_lvl+0x16c/0x1f0
[  182.998132][ T9118]  should_fail_ex+0x512/0x640
[  182.998160][ T9118]  _copy_to_user+0x32/0xd0
[  182.998179][ T9118]  simple_read_from_buffer+0xcb/0x170
[  182.998194][ T9118]  proc_fail_nth_read+0x197/0x270
[  182.998207][ T9118]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  182.998220][ T9118]  ? rw_verify_area+0xcf/0x680
[  182.998233][ T9118]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  182.998244][ T9118]  vfs_read+0x1e1/0xc60
[  182.998258][ T9118]  ? fdget_pos+0x2a2/0x370
[  182.998274][ T9118]  ? __pfx_vfs_read+0x10/0x10
[  182.998287][ T9118]  ? find_held_lock+0x2b/0x80
[  182.998301][ T9118]  ? __fget_files+0x20e/0x3c0
[  182.998313][ T9118]  ? __up_read+0x190/0x750
[  182.998332][ T9118]  ksys_read+0x12a/0x250
[  182.998345][ T9118]  ? __pfx_ksys_read+0x10/0x10
[  182.998360][ T9118]  ? rcu_is_watching+0x12/0xc0
[  182.998373][ T9118]  __do_fast_syscall_32+0x7c/0x3a0
[  182.998384][ T9118]  do_fast_syscall_32+0x32/0x80
[  182.998394][ T9118]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  182.998407][ T9118] RIP: 0023:0xf712e579
[  182.998416][ T9118] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  182.998426][ T9118] RSP: 002b:00000000f511e590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  182.998436][ T9118] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f511e620
[  182.998443][ T9118] RDX: 000000000000000f RSI: 00000000f7492ff4 RDI: 0000000000000000
[  182.998449][ T9118] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  182.998454][ T9118] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  182.998460][ T9118] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  182.998474][ T9118]  </TASK>
[  183.116259][ T9113] snd_dummy snd_dummy.0: control 0:0:0:syz1:0 is already present
[  183.140651][ T6033] usb 7-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  183.144053][ T6033] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  183.147402][ T6033] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  183.158328][ T6033] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  183.167336][ T6033] usb 7-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  183.170378][ T6033] usb 7-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  183.174884][ T6033] usb 7-1: Manufacturer: syz
[  183.178589][ T6033] usb 7-1: config 0 descriptor??
[  183.607965][ T6033] appleir 0003:05AC:8243.001D: unknown main item tag 0x0
[  183.611957][ T6033] appleir 0003:05AC:8243.001D: No inputs registered, leaving
[  183.617398][ T6033] appleir 0003:05AC:8243.001D: hiddev0,hidraw1: USB HID v0.00 Device [syz] on usb-dummy_hcd.2-1/input0
[  183.954559][ T9130] input: syz0 as /devices/virtual/input/input7
[  184.551254][ T9143] FAULT_INJECTION: forcing a failure.
[  184.551254][ T9143] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  184.555284][ T9143] CPU: 1 UID: 0 PID: 9143 Comm: syz.3.899 Not tainted 6.16.0-rc1-syzkaller-00101-g27605c8c0f69 #0 PREEMPT(full) 
[  184.555299][ T9143] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  184.555306][ T9143] Call Trace:
[  184.555310][ T9143]  <TASK>
[  184.555315][ T9143]  dump_stack_lvl+0x16c/0x1f0
[  184.555335][ T9143]  should_fail_ex+0x512/0x640
[  184.555353][ T9143]  _copy_to_user+0x32/0xd0
[  184.555370][ T9143]  simple_read_from_buffer+0xcb/0x170
[  184.555385][ T9143]  proc_fail_nth_read+0x197/0x270
[  184.555398][ T9143]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  184.555411][ T9143]  ? rw_verify_area+0xcf/0x680
[  184.555424][ T9143]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  184.555435][ T9143]  vfs_read+0x1e1/0xc60
[  184.555450][ T9143]  ? fdget_pos+0x2a2/0x370
[  184.555466][ T9143]  ? __pfx_vfs_read+0x10/0x10
[  184.555478][ T9143]  ? find_held_lock+0x2b/0x80
[  184.555492][ T9143]  ? __fget_files+0x20e/0x3c0
[  184.555505][ T9143]  ? __up_read+0x190/0x750
[  184.555535][ T9143]  ksys_read+0x12a/0x250
[  184.555551][ T9143]  ? __pfx_ksys_read+0x10/0x10
[  184.555567][ T9143]  ? rcu_is_watching+0x12/0xc0
[  184.555579][ T9143]  __do_fast_syscall_32+0x7c/0x3a0
[  184.555591][ T9143]  do_fast_syscall_32+0x32/0x80
[  184.555601][ T9143]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  184.555613][ T9143] RIP: 0023:0xf708e579
[  184.555622][ T9143] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  184.555632][ T9143] RSP: 002b:00000000f507e590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  184.555643][ T9143] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f507e620
[  184.555649][ T9143] RDX: 000000000000000f RSI: 00000000f73f2ff4 RDI: 0000000000000000
[  184.555655][ T9143] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  184.555660][ T9143] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  184.555666][ T9143] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  184.555679][ T9143]  </TASK>
[  185.363032][   T40] audit: type=1800 audit(1749795471.553:927): pid=9141 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.898" name="/" dev="fuse" ino=1 res=0 errno=0
[  185.511056][ T9164] netlink: 8 bytes leftover after parsing attributes in process `syz.1.905'.
[  185.514413][ T9164] netlink: 12 bytes leftover after parsing attributes in process `syz.1.905'.
[  185.597735][ T9169] netlink: 'syz.1.907': attribute type 1 has an invalid length.
[  185.602311][ T9169] netlink: 'syz.1.907': attribute type 3 has an invalid length.
[  185.604751][ T9169] netlink: 224 bytes leftover after parsing attributes in process `syz.1.907'.
[  185.747354][ T9177] FAULT_INJECTION: forcing a failure.
[  185.747354][ T9177] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  185.754246][ T9177] CPU: 2 UID: 0 PID: 9177 Comm: syz.0.910 Not tainted 6.16.0-rc1-syzkaller-00101-g27605c8c0f69 #0 PREEMPT(full) 
[  185.754263][ T9177] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  185.754270][ T9177] Call Trace:
[  185.754274][ T9177]  <TASK>
[  185.754278][ T9177]  dump_stack_lvl+0x16c/0x1f0
[  185.754300][ T9177]  should_fail_ex+0x512/0x640
[  185.754318][ T9177]  should_fail_alloc_page+0xe7/0x130
[  185.754330][ T9177]  prepare_alloc_pages+0x3c2/0x610
[  185.754345][ T9177]  __alloc_frozen_pages_noprof+0x18b/0x23f0
[  185.754361][ T9177]  ? copy_splice_read+0x1a8/0xba0
[  185.754373][ T9177]  ? stack_trace_save+0x8e/0xc0
[  185.754385][ T9177]  ? __pfx_stack_trace_save+0x10/0x10
[  185.754395][ T9177]  ? stack_depot_save_flags+0x28/0xa40
[  185.754413][ T9177]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  185.754428][ T9177]  ? kasan_save_stack+0x42/0x60
[  185.754442][ T9177]  ? kasan_save_track+0x14/0x30
[  185.754455][ T9177]  ? __kmalloc_noprof+0x223/0x510
[  185.754469][ T9177]  ? copy_splice_read+0x1a8/0xba0
[  185.754480][ T9177]  ? do_splice_read+0x282/0x370
[  185.754490][ T9177]  ? splice_direct_to_actor+0x2a1/0xa30
[  185.754502][ T9177]  ? do_splice_direct+0x174/0x240
[  185.754513][ T9177]  ? do_sendfile+0xb06/0xe50
[  185.754525][ T9177]  ? __ia32_compat_sys_sendfile+0x1e5/0x220
[  185.754544][ T9177]  alloc_pages_bulk_noprof+0x71c/0x1410
[  185.754570][ T9177]  ? __pfx_alloc_pages_bulk_noprof+0x10/0x10
[  185.754596][ T9177]  ? trace_kmalloc+0x2b/0xd0
[  185.754613][ T9177]  ? __kmalloc_noprof+0x242/0x510
[  185.754640][ T9177]  copy_splice_read+0x1e1/0xba0
[  185.754667][ T9177]  ? __pfx_copy_splice_read+0x10/0x10
[  185.754686][ T9177]  ? look_up_lock_class+0x6b/0x150
[  185.754704][ T9177]  ? lockdep_init_map_type+0x5c/0x280
[  185.754718][ T9177]  ? __pfx_pipe_lock_cmp_fn+0x10/0x10
[  185.754734][ T9177]  ? __pfx_copy_splice_read+0x10/0x10
[  185.754746][ T9177]  do_splice_read+0x282/0x370
[  185.754764][ T9177]  splice_direct_to_actor+0x2a1/0xa30
[  185.754778][ T9177]  ? __pfx_direct_splice_actor+0x10/0x10
[  185.754793][ T9177]  ? __pfx_splice_direct_to_actor+0x10/0x10
[  185.754805][ T9177]  ? get_pid_task+0xfc/0x250
[  185.754822][ T9177]  do_splice_direct+0x174/0x240
[  185.754835][ T9177]  ? __pfx_do_splice_direct+0x10/0x10
[  185.754847][ T9177]  ? __pfx_direct_file_splice_eof+0x10/0x10
[  185.754862][ T9177]  ? rw_verify_area+0xcf/0x680
[  185.754875][ T9177]  do_sendfile+0xb06/0xe50
[  185.754891][ T9177]  ? __pfx_do_sendfile+0x10/0x10
[  185.754905][ T9177]  ? __fget_files+0x20e/0x3c0
[  185.754921][ T9177]  __ia32_compat_sys_sendfile+0x1e5/0x220
[  185.754931][ T9177]  ? ksys_write+0x1ac/0x250
[  185.754944][ T9177]  ? __pfx___ia32_compat_sys_sendfile+0x10/0x10
[  185.754955][ T9177]  ? rcu_is_watching+0x12/0xc0
[  185.754967][ T9177]  __do_fast_syscall_32+0x7c/0x3a0
[  185.754978][ T9177]  do_fast_syscall_32+0x32/0x80
[  185.754988][ T9177]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  185.755001][ T9177] RIP: 0023:0xf712e579
[  185.755011][ T9177] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  185.755021][ T9177] RSP: 002b:00000000f511e55c EFLAGS: 00000296 ORIG_RAX: 00000000000000bb
[  185.755031][ T9177] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000000004
[  185.755038][ T9177] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 0000000000000000
[  185.755043][ T9177] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  185.755049][ T9177] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  185.755055][ T9177] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  185.755067][ T9177]  </TASK>
[  185.904430][ T9179] lo speed is unknown, defaulting to 1000
[  185.909326][ T9163] snd_dummy snd_dummy.0: control 0:0:0:syz1:0 is already present
[  185.966324][ T6477] usb 7-1: USB disconnect, device number 7
[  186.035765][ T9191] netlink: 'syz.3.909': attribute type 10 has an invalid length.
[  186.071249][   T59] hid-generic 0002:0004:0000.001E: unknown main item tag 0x0
[  186.073772][   T59] hid-generic 0002:0004:0000.001E: unknown main item tag 0x0
[  186.076182][   T59] hid-generic 0002:0004:0000.001E: unknown main item tag 0x0
[  186.079940][   T59] hid-generic 0002:0004:0000.001E: hidraw1: <UNKNOWN> HID vffffff.ff Device [syz0] on syz0
[  186.275916][  T839] hid-generic 0002:0004:0000.001F: unknown main item tag 0x0
[  186.278290][  T839] hid-generic 0002:0004:0000.001F: unknown main item tag 0x0
[  186.296523][  T839] hid-generic 0002:0004:0000.001F: unknown main item tag 0x0
[  186.319821][  T839] hid-generic 0002:0004:0000.001F: hidraw1: <UNKNOWN> HID vffffff.ff Device [syz0] on syz0
[  186.348815][ T9204] fido_id[9204]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  186.775722][ T9218] netlink: 'syz.3.925': attribute type 1 has an invalid length.
[  186.789273][   T40] audit: type=1800 audit(1749795472.973:928): pid=9184 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.913" name="/" dev="fuse" ino=1 res=0 errno=0
[  186.824852][ T6477] hid-generic 0002:0004:0000.0020: unknown main item tag 0x0
[  186.827290][ T6477] hid-generic 0002:0004:0000.0020: unknown main item tag 0x0
[  186.833118][ T6477] hid-generic 0002:0004:0000.0020: unknown main item tag 0x0
[  186.839521][ T6477] hid-generic 0002:0004:0000.0020: hidraw1: <UNKNOWN> HID vffffff.ff Device [syz0] on syz0
[  186.842975][ T9222] netlink: 28 bytes leftover after parsing attributes in process `syz.3.925'.
[  186.954102][ T9229] netlink: 'syz.0.928': attribute type 1 has an invalid length.
[  186.984756][ T9229] netdevsim netdevsim0 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0
[  186.992840][ T9229] netdevsim netdevsim0 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0
[  186.999081][ T9229] netdevsim netdevsim0 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0
[  187.004442][ T9229] netdevsim netdevsim0 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0
[  187.011644][ T9229] bond1: (slave geneve2): making interface the new active one
[  187.014967][ T9229] bond1: (slave geneve2): Enslaving as an active interface with an up link
[  187.021717][ T9229] netlink: 28 bytes leftover after parsing attributes in process `syz.0.928'.
[  187.026332][ T9229] 8021q: adding VLAN 0 to HW filter on device bond1
[  187.330419][ T9248] netlink: 'syz.0.932': attribute type 10 has an invalid length.
[  187.437962][   T24] hid-generic 0002:0004:0000.0021: unknown main item tag 0x0
[  187.441742][   T24] hid-generic 0002:0004:0000.0021: unknown main item tag 0x0
[  187.444911][   T24] hid-generic 0002:0004:0000.0021: unknown main item tag 0x0
[  187.452138][   T24] hid-generic 0002:0004:0000.0021: hidraw1: <UNKNOWN> HID vffffff.ff Device [syz0] on syz0
[  187.673976][   T40] audit: type=1800 audit(1749795473.863:929): pid=9256 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.937" name="/" dev="fuse" ino=1 res=0 errno=0
[  187.676327][ T9256] FAULT_INJECTION: forcing a failure.
[  187.676327][ T9256] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  187.685799][ T9256] CPU: 3 UID: 0 PID: 9256 Comm: syz.2.937 Not tainted 6.16.0-rc1-syzkaller-00101-g27605c8c0f69 #0 PREEMPT(full) 
[  187.685814][ T9256] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  187.685820][ T9256] Call Trace:
[  187.685824][ T9256]  <TASK>
[  187.685828][ T9256]  dump_stack_lvl+0x16c/0x1f0
[  187.685850][ T9256]  should_fail_ex+0x512/0x640
[  187.685868][ T9256]  _copy_to_user+0x32/0xd0
[  187.685885][ T9256]  simple_read_from_buffer+0xcb/0x170
[  187.685900][ T9256]  proc_fail_nth_read+0x197/0x270
[  187.685913][ T9256]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  187.685926][ T9256]  ? rw_verify_area+0xcf/0x680
[  187.685939][ T9256]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  187.685950][ T9256]  vfs_read+0x1e1/0xc60
[  187.685965][ T9256]  ? fdget_pos+0x2a2/0x370
[  187.685985][ T9256]  ? __pfx_vfs_read+0x10/0x10
[  187.685998][ T9256]  ? find_held_lock+0x2b/0x80
[  187.686012][ T9256]  ? __fget_files+0x20e/0x3c0
[  187.686029][ T9256]  ksys_read+0x12a/0x250
[  187.686043][ T9256]  ? __pfx_ksys_read+0x10/0x10
[  187.686058][ T9256]  ? rcu_is_watching+0x12/0xc0
[  187.686070][ T9256]  __do_fast_syscall_32+0x7c/0x3a0
[  187.686082][ T9256]  do_fast_syscall_32+0x32/0x80
[  187.686092][ T9256]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  187.686105][ T9256] RIP: 0023:0xf7f56579
[  187.686113][ T9256] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  187.686123][ T9256] RSP: 002b:00000000f5076590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  187.686133][ T9256] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 00000000f5076620
[  187.686140][ T9256] RDX: 000000000000000f RSI: 00000000f73e2ff4 RDI: 0000000000000000
[  187.686146][ T9256] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  187.686152][ T9256] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  187.686157][ T9256] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  187.686170][ T9256]  </TASK>
[  187.689235][   T40] audit: type=1804 audit(1749795473.863:930): pid=9256 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.937" name="/newroot/235/file1" dev="fuse" ino=1 res=1 errno=0
[  187.768589][   T40] audit: type=1800 audit(1749795473.863:931): pid=9256 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.937" name="/" dev="fuse" ino=1 res=0 errno=0
[  188.130807][   T40] audit: type=1800 audit(1749795474.313:932): pid=9246 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.935" name="/" dev="fuse" ino=1 res=0 errno=0
[  189.181861][ T9281] netlink: 'syz.0.943': attribute type 1 has an invalid length.
[  189.234330][ T9282] FAULT_INJECTION: forcing a failure.
[  189.234330][ T9282] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  189.241377][ T9282] CPU: 3 UID: 0 PID: 9282 Comm: syz.0.943 Not tainted 6.16.0-rc1-syzkaller-00101-g27605c8c0f69 #0 PREEMPT(full) 
[  189.241402][ T9282] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  189.241413][ T9282] Call Trace:
[  189.241419][ T9282]  <TASK>
[  189.241427][ T9282]  dump_stack_lvl+0x16c/0x1f0
[  189.241459][ T9282]  should_fail_ex+0x512/0x640
[  189.241489][ T9282]  _copy_from_iter+0x29f/0x16f0
[  189.241519][ T9282]  ? __alloc_skb+0x200/0x380
[  189.241546][ T9282]  ? __pfx__copy_from_iter+0x10/0x10
[  189.241575][ T9282]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  189.241603][ T9282]  netlink_sendmsg+0x829/0xdd0
[  189.241627][ T9282]  ? __pfx_netlink_sendmsg+0x10/0x10
[  189.241649][ T9282]  ? __import_iovec+0x1dd/0x650
[  189.241670][ T9282]  ____sys_sendmsg+0xa98/0xc70
[  189.241694][ T9282]  ? __pfx_____sys_sendmsg+0x10/0x10
[  189.241714][ T9282]  ? get_compat_msghdr+0x11a/0x170
[  189.241742][ T9282]  ___sys_sendmsg+0x134/0x1d0
[  189.241795][ T9282]  ? __pfx____sys_sendmsg+0x10/0x10
[  189.241834][ T9282]  ? find_held_lock+0x2b/0x80
[  189.241867][ T9282]  __sys_sendmsg+0x16d/0x220
[  189.241884][ T9282]  ? __pfx___sys_sendmsg+0x10/0x10
[  189.241922][ T9282]  ? rcu_is_watching+0x12/0xc0
[  189.241942][ T9282]  __do_fast_syscall_32+0x7c/0x3a0
[  189.241962][ T9282]  do_fast_syscall_32+0x32/0x80
[  189.241979][ T9282]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  189.242001][ T9282] RIP: 0023:0xf712e579
[  189.242015][ T9282] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  189.242030][ T9282] RSP: 002b:00000000f50fd55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  189.242047][ T9282] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000800000c0
[  189.242058][ T9282] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  189.242068][ T9282] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  189.242078][ T9282] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  189.242088][ T9282] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  189.242111][ T9282]  </TASK>
[  189.242997][ T9282] netlink: 28 bytes leftover after parsing attributes in process `syz.0.943'.
[  189.377219][ T9282] 8021q: adding VLAN 0 to HW filter on device bond2
[  190.324413][ T9305] netlink: 'syz.1.949': attribute type 10 has an invalid length.
[  190.333599][ T9305] bridge0: port 3(team0) entered disabled state
[  190.338954][ T9305] team0: left allmulticast mode
[  190.341261][ T9305] team_slave_0: left allmulticast mode
[  190.343551][ T9305] team_slave_1: left allmulticast mode
[  190.345332][ T9305] team0: left promiscuous mode
[  190.346916][ T9305] team_slave_0: left promiscuous mode
[  190.390755][ T9305] team_slave_1: left promiscuous mode
[  190.393787][ T9305] bridge0: port 3(team0) entered disabled state
[  190.403339][ T9305] batman_adv: batadv0: Adding interface: team0
[  190.405867][ T9305] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  190.415572][ T9305] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active
[  190.499328][ T6033] usb 8-1: new high-speed USB device number 22 using dummy_hcd
[  190.669286][ T6033] usb 8-1: Using ep0 maxpacket: 8
[  190.674195][ T6033] usb 8-1: config index 0 descriptor too short (expected 301, got 45)
[  190.679100][ T6033] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  190.684808][ T6033] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  190.691955][ T6033] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  190.697622][ T6033] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  190.705641][ T6033] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  190.711282][ T6033] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  190.865968][ T9310] snd_dummy snd_dummy.0: control 0:0:0:syz1:0 is already present
[  190.927949][ T6033] usb 8-1: usb_control_msg returned -32
[  190.930900][ T6033] usbtmc 8-1:16.0: can't read capabilities
[  190.955272][ T6033] usb 8-1: USB disconnect, device number 22
[  191.102930][ T9318] syz_tun: entered allmulticast mode
[  191.140582][ T9317] syz_tun: left allmulticast mode
[  191.444203][ T9335] netlink: 4 bytes leftover after parsing attributes in process `syz.0.961'.
[  191.448886][ T9335] FAULT_INJECTION: forcing a failure.
[  191.448886][ T9335] name failslab, interval 1, probability 0, space 0, times 0
[  191.453154][ T9335] CPU: 3 UID: 0 PID: 9335 Comm: syz.0.961 Not tainted 6.16.0-rc1-syzkaller-00101-g27605c8c0f69 #0 PREEMPT(full) 
[  191.453169][ T9335] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  191.453176][ T9335] Call Trace:
[  191.453180][ T9335]  <TASK>
[  191.453185][ T9335]  dump_stack_lvl+0x16c/0x1f0
[  191.453205][ T9335]  should_fail_ex+0x512/0x640
[  191.453223][ T9335]  should_failslab+0xc2/0x120
[  191.453234][ T9335]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  191.453249][ T9335]  ? lock_acquire+0x179/0x350
[  191.453262][ T9335]  ? dst_alloc+0x99/0x1a0
[  191.453278][ T9335]  ? __pfx_ip6_dst_gc+0x10/0x10
[  191.453293][ T9335]  dst_alloc+0x99/0x1a0
[  191.453309][ T9335]  ip6_pol_route+0x96b/0x1230
[  191.453325][ T9335]  ? __pfx_ip6_pol_route+0x10/0x10
[  191.453338][ T9335]  ? __pfx_rt6_multipath_hash+0x10/0x10
[  191.453358][ T9335]  ? __pfx_ip6_pol_route_input+0x10/0x10
[  191.453371][ T9335]  fib6_rule_lookup+0x536/0x720
[  191.453384][ T9335]  ? __pfx_fib6_rule_lookup+0x10/0x10
[  191.453397][ T9335]  ? nf_nat_ipv6_fn+0xff/0x2e0
[  191.453412][ T9335]  ? __pfx_nf_nat_ipv6_fn+0x10/0x10
[  191.453428][ T9335]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  191.453445][ T9335]  ip6_route_input+0x662/0xc00
[  191.453461][ T9335]  ? __pfx_ip6_route_input+0x10/0x10
[  191.453474][ T9335]  ? lock_acquire+0x179/0x350
[  191.453494][ T9335]  ? sock_wfree+0x11c/0x880
[  191.453510][ T9335]  ? __pfx_ip6_rcv_finish+0x10/0x10
[  191.453526][ T9335]  ip6_rcv_finish_core.constprop.0+0x1a0/0x5d0
[  191.453542][ T9335]  ipv6_rcv+0x1e8/0x680
[  191.453557][ T9335]  ? __pfx_ipv6_rcv+0x10/0x10
[  191.453569][ T9335]  __netif_receive_skb_one_core+0x12d/0x1e0
[  191.453584][ T9335]  ? __pfx___netif_receive_skb_one_core+0x10/0x10
[  191.453600][ T9335]  ? lock_acquire+0x179/0x350
[  191.453614][ T9335]  ? __phys_addr+0xe8/0x180
[  191.453627][ T9335]  __netif_receive_skb+0x1d/0x160
[  191.453642][ T9335]  netif_receive_skb+0x137/0x7b0
[  191.453656][ T9335]  ? __pfx_netif_receive_skb+0x10/0x10
[  191.453675][ T9335]  tun_rx_batched.isra.0+0x3ee/0x740
[  191.453694][ T9335]  ? __pfx_tun_rx_batched.isra.0+0x10/0x10
[  191.453713][ T9335]  ? tun_get_user+0x1c0d/0x3b80
[  191.453722][ T9335]  ? rcu_is_watching+0x12/0xc0
[  191.453734][ T9335]  tun_get_user+0x28a2/0x3b80
[  191.453749][ T9335]  ? __pfx_tun_get_user+0x10/0x10
[  191.453758][ T9335]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  191.453779][ T9335]  ? find_held_lock+0x2b/0x80
[  191.453789][ T9335]  ? tun_get+0x191/0x370
[  191.453807][ T9335]  tun_chr_write_iter+0xdc/0x210
[  191.453818][ T9335]  vfs_write+0x6c4/0x1150
[  191.453833][ T9335]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  191.453844][ T9335]  ? __pfx_vfs_write+0x10/0x10
[  191.453857][ T9335]  ? find_held_lock+0x2b/0x80
[  191.453874][ T9335]  ksys_write+0x12a/0x250
[  191.453888][ T9335]  ? __pfx_ksys_write+0x10/0x10
[  191.453903][ T9335]  ? rcu_is_watching+0x12/0xc0
[  191.453928][ T9335]  __do_fast_syscall_32+0x7c/0x3a0
[  191.453943][ T9335]  do_fast_syscall_32+0x32/0x80
[  191.453953][ T9335]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  191.453966][ T9335] RIP: 0023:0xf712e579
[  191.453975][ T9335] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  191.453985][ T9335] RSP: 002b:00000000f511e520 EFLAGS: 00000293 ORIG_RAX: 0000000000000004
[  191.453995][ T9335] RAX: ffffffffffffffda RBX: 00000000000000c8 RCX: 00000000800009c0
[  191.454002][ T9335] RDX: 0000000000000046 RSI: 00000000f7492ff4 RDI: 0000000000000000
[  191.454007][ T9335] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  191.454013][ T9335] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  191.454019][ T9335] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  191.454032][ T9335]  </TASK>
[  191.947366][ T5865] hid-generic 0002:0004:0000.0022: unknown main item tag 0x0
[  191.950964][ T5865] hid-generic 0002:0004:0000.0022: unknown main item tag 0x0
[  191.953376][ T5865] hid-generic 0002:0004:0000.0022: unknown main item tag 0x0
[  191.958765][ T5865] hid-generic 0002:0004:0000.0022: hidraw1: <UNKNOWN> HID vffffff.ff Device [syz0] on syz0
[  192.034094][ T9342] snd_dummy snd_dummy.0: control 0:0:0:syz1:0 is already present
[  192.302890][ T9366] 9pnet_virtio: no channels available for device syz
[  192.405778][  T839] hid-generic 0002:0004:0000.0023: unknown main item tag 0x0
[  192.413232][  T839] hid-generic 0002:0004:0000.0023: unknown main item tag 0x0
[  192.415814][  T839] hid-generic 0002:0004:0000.0023: unknown main item tag 0x0
[  192.420070][  T839] hid-generic 0002:0004:0000.0023: hidraw1: <UNKNOWN> HID vffffff.ff Device [syz0] on syz0
[  192.579278][ T6033] usb 8-1: new high-speed USB device number 23 using dummy_hcd
[  192.760097][ T6033] usb 8-1: Using ep0 maxpacket: 8
[  192.763349][ T6033] usb 8-1: config index 0 descriptor too short (expected 301, got 45)
[  192.766577][ T6033] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  192.771846][ T6033] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  192.775433][ T6033] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  192.778920][ T6033] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  192.783404][ T6033] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  192.786713][ T6033] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  192.935893][ T9381] syz_tun: entered allmulticast mode
[  192.940118][ T9380] syz_tun: left allmulticast mode
[  193.000088][ T6033] usb 8-1: GET_CAPABILITIES returned 0
[  193.001867][ T6033] usbtmc 8-1:16.0: can't read capabilities
[  193.294691][ T9387] snd_dummy snd_dummy.0: control 0:0:0:syz1:0 is already present
[  193.360224][   T40] audit: type=1800 audit(1749795479.553:933): pid=9375 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.974" name="/" dev="fuse" ino=1 res=0 errno=0
[  193.662809][ T9400] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(5)
[  193.665008][ T9400] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  193.668886][ T9400] vhci_hcd vhci_hcd.0: Device attached
[  193.722018][ T1421] ieee802154 phy0 wpan0: encryption failed: -22
[  193.724646][ T1421] ieee802154 phy1 wpan1: encryption failed: -22
[  193.731006][ T9403] snd_dummy snd_dummy.0: control 0:0:0:syz1:0 is already present
[  193.949285][ T6015] usb 42-1: SetAddress Request (2) to port 0
[  193.999331][ T6015] usb 42-1: new SuperSpeed USB device number 2 using vhci_hcd
[  194.034708][ T9410] netlink: 32 bytes leftover after parsing attributes in process `syz.1.985'.
[  194.095117][ T9414] netlink: 4 bytes leftover after parsing attributes in process `syz.1.987'.
[  194.275062][ T9401] vhci_hcd: connection reset by peer
[  194.279118][   T46] vhci_hcd: stop threads
[  194.280916][   T46] vhci_hcd: release socket
[  194.283701][   T46] vhci_hcd: disconnect device
[  195.351068][   T40] audit: type=1800 audit(1749795481.543:934): pid=9424 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.990" name="/" dev="fuse" ino=1 res=0 errno=0
[  195.649449][ T9438] snd_dummy snd_dummy.0: control 0:0:0:syz1:0 is already present
[  195.666722][ T9440] netlink: 32 bytes leftover after parsing attributes in process `syz.1.995'.
[  195.731170][ T9442] 9pnet_virtio: no channels available for device syz
[  196.106777][ T9450] netlink: 'syz.2.999': attribute type 1 has an invalid length.
[  196.143927][ T9450] netdevsim netdevsim2 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0
[  196.147715][ T9450] netdevsim netdevsim2 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0
[  196.151594][ T9450] netdevsim netdevsim2 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0
[  196.155167][ T9450] netdevsim netdevsim2 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0
[  196.162490][ T9450] bond1: (slave geneve2): making interface the new active one
[  196.166345][ T9450] bond1: (slave geneve2): Enslaving as an active interface with an up link
[  196.183494][ T9450] netlink: 28 bytes leftover after parsing attributes in process `syz.2.999'.
[  196.190125][ T9450] 8021q: adding VLAN 0 to HW filter on device bond1
[  196.438111][ T9456] 9pnet_virtio: no channels available for device syz
[  196.681644][ T9460] netlink: 'syz.0.1002': attribute type 10 has an invalid length.
[  197.441858][ T9465] lo speed is unknown, defaulting to 1000
[  197.503428][ T9468] syz_tun: entered allmulticast mode
[  197.542741][ T9467] syz_tun: left allmulticast mode
[  197.583382][ T9471] 9pnet_virtio: no channels available for device syz
[  198.076125][ T9477] netlink: 14 bytes leftover after parsing attributes in process `syz.2.1008'.
[  198.270405][ T9362] usbtmc 8-1:16.0: stb usb_control_msg returned -110
[  198.310613][  T839] usb 8-1: USB disconnect, device number 23
[  198.681733][ T9490] netlink: 'syz.0.1013': attribute type 10 has an invalid length.
[  199.046208][ T9496] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1014'.
[  199.070417][ T6015] usb 42-1: device descriptor read/8, error -110
[  199.471082][ T6015] usb usb42-port1: attempt power cycle
[  199.802795][ T9515] futex_wake_op: syz.2.1020 tries to shift op by -1; fix this program
[  200.037785][ T6015] usb usb42-port1: unable to enumerate USB device
[  200.482770][ T9525] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1023'.
[  201.825530][ T9556] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1033'.
[  202.118525][ T9570] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1032'.
[  202.177766][ T9574] Mount JFS Failure: -22
[  202.180695][ T9574] jfs_mount failed w/return code = -22
[  202.222070][   T34] hid-generic 0002:0004:0000.0024: unknown main item tag 0x0
[  202.225161][   T34] hid-generic 0002:0004:0000.0024: unknown main item tag 0x0
[  202.234068][   T34] hid-generic 0002:0004:0000.0024: unknown main item tag 0x0
[  202.244312][   T34] hid-generic 0002:0004:0000.0024: hidraw1: <UNKNOWN> HID vffffff.ff Device [syz0] on syz0
[  202.283177][ T9580] fido_id[9580]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  202.371622][ T9583] 8021q: adding VLAN 0 to HW filter on device bond1
[  202.374399][ T9583] bond1: entered allmulticast mode
[  202.467154][ T9583] bond1 (unregistering): Released all slaves
[  202.647565][ T9593] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1043'.
[  202.729410][   T59] usb 7-1: new high-speed USB device number 8 using dummy_hcd
[  202.890093][   T59] usb 7-1: Using ep0 maxpacket: 8
[  202.900988][   T59] usb 7-1: config index 0 descriptor too short (expected 301, got 45)
[  202.903487][   T59] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  202.906482][   T59] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  202.927010][   T59] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  202.942387][   T59] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  202.946343][   T59] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  202.949103][   T59] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  203.061144][ T9595] snd_dummy snd_dummy.0: control 0:0:0:syz1:0 is already present
[  203.198382][ T9603] netlink: 'syz.0.1046': attribute type 10 has an invalid length.
[  203.253138][   T59] usb 7-1: GET_CAPABILITIES returned 0
[  203.254894][   T59] usbtmc 7-1:16.0: can't read capabilities
[  203.292550][ T9607] 9pnet_virtio: no channels available for device syz
[  203.438348][   T34] hid-generic 0002:0004:0000.0025: unknown main item tag 0x0
[  203.442099][   T34] hid-generic 0002:0004:0000.0025: unknown main item tag 0x0
[  203.443442][ T9611] 9pnet_virtio: no channels available for device syz
[  203.445247][   T34] hid-generic 0002:0004:0000.0025: unknown main item tag 0x0
[  203.460573][   T34] hid-generic 0002:0004:0000.0025: hidraw1: <UNKNOWN> HID vffffff.ff Device [syz0] on syz0
[  203.498818][ T9612] fido_id[9612]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  203.577061][ T9619] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1052'.
[  203.641349][   T40] audit: type=1804 audit(1749795489.833:935): pid=9621 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.1053" name="/newroot/210/file0/file0" dev="ramfs" ino=31296 res=1 errno=0
[  203.711659][ T9622] FAULT_INJECTION: forcing a failure.
[  203.711659][ T9622] name failslab, interval 1, probability 0, space 0, times 0
[  203.715595][ T9622] CPU: 0 UID: 0 PID: 9622 Comm: syz.1.1051 Not tainted 6.16.0-rc1-syzkaller-00101-g27605c8c0f69 #0 PREEMPT(full) 
[  203.715610][ T9622] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  203.715616][ T9622] Call Trace:
[  203.715621][ T9622]  <TASK>
[  203.715625][ T9622]  dump_stack_lvl+0x16c/0x1f0
[  203.715647][ T9622]  should_fail_ex+0x512/0x640
[  203.715662][ T9622]  ? fs_reclaim_acquire+0xae/0x150
[  203.715676][ T9622]  should_failslab+0xc2/0x120
[  203.715686][ T9622]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  203.715702][ T9622]  ? security_inode_alloc+0x3b/0x2b0
[  203.715716][ T9622]  security_inode_alloc+0x3b/0x2b0
[  203.715727][ T9622]  inode_init_always_gfp+0xce4/0x1030
[  203.715744][ T9622]  alloc_inode+0x86/0x240
[  203.715754][ T9622]  sock_alloc+0x40/0x280
[  203.715767][ T9622]  do_accept+0xf7/0x530
[  203.715781][ T9622]  ? do_raw_spin_lock+0x12c/0x2b0
[  203.715797][ T9622]  ? __pfx_do_accept+0x10/0x10
[  203.715820][ T9622]  io_accept+0x259/0x950
[  203.715838][ T9622]  ? __pfx_io_accept+0x10/0x10
[  203.715857][ T9622]  __io_issue_sqe+0xe8/0x7c0
[  203.715890][ T9622]  io_issue_sqe+0x86/0xe50
[  203.715904][ T9622]  io_submit_sqes+0x92d/0x2580
[  203.715925][ T9622]  __do_sys_io_uring_enter+0xd6a/0x1630
[  203.715940][ T9622]  ? __fget_files+0x20e/0x3c0
[  203.715954][ T9622]  ? __pfx___do_sys_io_uring_enter+0x10/0x10
[  203.715969][ T9622]  ? fput+0x70/0xf0
[  203.715979][ T9622]  ? ksys_write+0x1ac/0x250
[  203.715992][ T9622]  ? __pfx_ksys_write+0x10/0x10
[  203.716007][ T9622]  ? rcu_is_watching+0x12/0xc0
[  203.716020][ T9622]  __do_fast_syscall_32+0x7c/0x3a0
[  203.716031][ T9622]  do_fast_syscall_32+0x32/0x80
[  203.716041][ T9622]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  203.716054][ T9622] RIP: 0023:0xf7fb5579
[  203.716064][ T9622] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  203.716078][ T9622] RSP: 002b:00000000f50b555c EFLAGS: 00000296 ORIG_RAX: 00000000000001aa
[  203.716094][ T9622] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 0000000000003516
[  203.716104][ T9622] RDX: 000000000000c2de RSI: 0000000000000008 RDI: 0000000000000000
[  203.716113][ T9622] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  203.716123][ T9622] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  203.716131][ T9622] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  203.716152][ T9622]  </TASK>
[  204.607909][ T9633] snd_dummy snd_dummy.0: control 0:0:0:syz1:0 is already present
[  204.844536][ T9642] 9pnet_virtio: no channels available for device syz
[  204.934263][   T53] hid-generic 0002:0004:0000.0026: unknown main item tag 0x0
[  204.937399][   T53] hid-generic 0002:0004:0000.0026: unknown main item tag 0x0
[  204.942472][   T53] hid-generic 0002:0004:0000.0026: unknown main item tag 0x0
[  204.947193][   T53] hid-generic 0002:0004:0000.0026: hidraw1: <UNKNOWN> HID vffffff.ff Device [syz0] on syz0
[  205.260742][ T9653] netlink: 'syz.0.1062': attribute type 10 has an invalid length.
[  205.759121][ T9657] netlink: 'syz.1.1063': attribute type 12 has an invalid length.
[  205.762427][ T9657] netlink: 'syz.1.1063': attribute type 29 has an invalid length.
[  205.765546][ T9657] netlink: 148 bytes leftover after parsing attributes in process `syz.1.1063'.
[  205.769120][ T9657] netlink: 'syz.1.1063': attribute type 1 has an invalid length.
[  205.773166][ T9657] netlink: 'syz.1.1063': attribute type 2 has an invalid length.
[  205.776309][ T9657] netlink: 39 bytes leftover after parsing attributes in process `syz.1.1063'.
[  205.855389][ T9662] deleting an unspecified loop device is not supported.
[  205.990993][ T9669] 9pnet_virtio: no channels available for device syz
[  206.095270][   T53] hid-generic 0002:0004:0000.0027: unknown main item tag 0x0
[  206.097672][   T53] hid-generic 0002:0004:0000.0027: unknown main item tag 0x0
[  206.100309][   T53] hid-generic 0002:0004:0000.0027: unknown main item tag 0x0
[  206.104092][   T53] hid-generic 0002:0004:0000.0027: hidraw1: <UNKNOWN> HID vffffff.ff Device [syz0] on syz0
[  206.114926][ T9664] snd_dummy snd_dummy.0: control 0:0:0:syz1:0 is already present
[  206.234664][ T9677] lo speed is unknown, defaulting to 1000
[  206.368671][ T9681] 9pnet_virtio: no channels available for device syz
[  206.609289][   T53] usb 6-1: new high-speed USB device number 10 using dummy_hcd
[  206.759437][   T53] usb 6-1: Using ep0 maxpacket: 8
[  206.763371][   T53] usb 6-1: config index 0 descriptor too short (expected 301, got 45)
[  206.765909][   T53] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  206.769422][   T53] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  206.772332][   T53] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  206.775310][   T53] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  206.779596][   T53] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  206.782346][   T53] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  206.995544][   T53] usb 6-1: usb_control_msg returned -32
[  206.997808][   T53] usbtmc 6-1:16.0: can't read capabilities
[  208.130740][ T9695] trusted_key: syz.0.1076 sent an empty control message without MSG_MORE.
[  208.214091][ T9700] lo speed is unknown, defaulting to 1000
[  208.236768][ T9702] FAULT_INJECTION: forcing a failure.
[  208.236768][ T9702] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  208.240938][ T9702] CPU: 3 UID: 0 PID: 9702 Comm: syz.0.1079 Not tainted 6.16.0-rc1-syzkaller-00101-g27605c8c0f69 #0 PREEMPT(full) 
[  208.240954][ T9702] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  208.240961][ T9702] Call Trace:
[  208.240965][ T9702]  <TASK>
[  208.240969][ T9702]  dump_stack_lvl+0x16c/0x1f0
[  208.240989][ T9702]  should_fail_ex+0x512/0x640
[  208.241007][ T9702]  _copy_to_user+0x32/0xd0
[  208.241024][ T9702]  simple_read_from_buffer+0xcb/0x170
[  208.241039][ T9702]  proc_fail_nth_read+0x197/0x270
[  208.241052][ T9702]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  208.241065][ T9702]  ? rw_verify_area+0xcf/0x680
[  208.241077][ T9702]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  208.241089][ T9702]  vfs_read+0x1e1/0xc60
[  208.241103][ T9702]  ? fdget_pos+0x2a2/0x370
[  208.241119][ T9702]  ? __pfx_vfs_read+0x10/0x10
[  208.241131][ T9702]  ? find_held_lock+0x2b/0x80
[  208.241145][ T9702]  ? __fget_files+0x20e/0x3c0
[  208.241162][ T9702]  ksys_read+0x12a/0x250
[  208.241176][ T9702]  ? __pfx_ksys_read+0x10/0x10
[  208.241190][ T9702]  ? rcu_is_watching+0x12/0xc0
[  208.241202][ T9702]  __do_fast_syscall_32+0x7c/0x3a0
[  208.241214][ T9702]  do_fast_syscall_32+0x32/0x80
[  208.241224][ T9702]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  208.241237][ T9702] RIP: 0023:0xf712e579
[  208.241246][ T9702] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  208.241256][ T9702] RSP: 002b:00000000f511e590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  208.241266][ T9702] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f511e620
[  208.241272][ T9702] RDX: 000000000000000f RSI: 00000000f7492ff4 RDI: 0000000000000000
[  208.241278][ T9702] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  208.241283][ T9702] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  208.241289][ T9702] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  208.241302][ T9702]  </TASK>
[  208.509806][ T9590] usbtmc 7-1:16.0: stb usb_control_msg returned -110
[  208.517636][ T9709] snd_dummy snd_dummy.0: control 0:0:0:syz1:0 is already present
[  208.533341][ T6015] usb 7-1: USB disconnect, device number 8
[  208.707367][ T9713] FAULT_INJECTION: forcing a failure.
[  208.707367][ T9713] name failslab, interval 1, probability 0, space 0, times 0
[  208.712124][ T9713] CPU: 0 UID: 0 PID: 9713 Comm: syz.3.1083 Not tainted 6.16.0-rc1-syzkaller-00101-g27605c8c0f69 #0 PREEMPT(full) 
[  208.712147][ T9713] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  208.712157][ T9713] Call Trace:
[  208.712163][ T9713]  <TASK>
[  208.712169][ T9713]  dump_stack_lvl+0x16c/0x1f0
[  208.712200][ T9713]  should_fail_ex+0x512/0x640
[  208.712228][ T9713]  should_failslab+0xc2/0x120
[  208.712244][ T9713]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  208.712270][ T9713]  ? skb_clone+0x190/0x3f0
[  208.712289][ T9713]  skb_clone+0x190/0x3f0
[  208.712305][ T9713]  bpf_clone_redirect+0xb2/0x3f0
[  208.712327][ T9713]  bpf_prog_208b094576c80b22+0x5f/0x68
[  208.712343][ T9713]  ? __kernel_text_address+0xd/0x40
[  208.712368][ T9713]  ? unwind_get_return_address+0x59/0xa0
[  208.712397][ T9713]  ? __lock_acquire+0xb8a/0x1c90
[  208.712421][ T9713]  ? __lock_acquire+0x622/0x1c90
[  208.712448][ T9713]  ? find_held_lock+0x2b/0x80
[  208.712467][ T9713]  ? ktime_get+0x200/0x310
[  208.712485][ T9713]  ? lockdep_hardirqs_on+0x7c/0x110
[  208.712510][ T9713]  ? read_tsc+0x9/0x20
[  208.712526][ T9713]  ? __pfx___cant_migrate+0x10/0x10
[  208.712548][ T9713]  bpf_test_run+0x489/0xa70
[  208.712581][ T9713]  ? __pfx_bpf_test_run+0x10/0x10
[  208.712628][ T9713]  ? __asan_memset+0x23/0x50
[  208.712653][ T9713]  bpf_prog_test_run_skb+0xb92/0x2280
[  208.712679][ T9713]  ? __pfx_bpf_prog_test_run_skb+0x10/0x10
[  208.712700][ T9713]  ? fput+0x70/0xf0
[  208.712717][ T9713]  ? __pfx_bpf_prog_test_run_skb+0x10/0x10
[  208.712735][ T9713]  __sys_bpf+0x1488/0x4d80
[  208.712764][ T9713]  ? __pfx___sys_bpf+0x10/0x10
[  208.712789][ T9713]  ? ksys_write+0x190/0x250
[  208.712814][ T9713]  ? __mutex_unlock_slowpath+0x161/0x6a0
[  208.712849][ T9713]  ? fput+0x70/0xf0
[  208.712863][ T9713]  ? ksys_write+0x1ac/0x250
[  208.712885][ T9713]  ? __pfx_ksys_write+0x10/0x10
[  208.712911][ T9713]  __ia32_sys_bpf+0x76/0xe0
[  208.712928][ T9713]  __do_fast_syscall_32+0x7c/0x3a0
[  208.712946][ T9713]  do_fast_syscall_32+0x32/0x80
[  208.712961][ T9713]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  208.712983][ T9713] RIP: 0023:0xf708e579
[  208.712995][ T9713] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  208.713011][ T9713] RSP: 002b:00000000f507e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000165
[  208.713027][ T9713] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000080000080
[  208.713037][ T9713] RDX: 0000000000000048 RSI: 0000000000000000 RDI: 0000000000000000
[  208.713046][ T9713] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  208.713056][ T9713] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  208.713065][ T9713] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  208.713086][ T9713]  </TASK>
[  209.556976][   T24] usb 6-1: USB disconnect, device number 10
[  209.705979][ T9732] FAULT_INJECTION: forcing a failure.
[  209.705979][ T9732] name failslab, interval 1, probability 0, space 0, times 0
[  209.711560][ T9732] CPU: 2 UID: 0 PID: 9732 Comm: syz.1.1089 Not tainted 6.16.0-rc1-syzkaller-00101-g27605c8c0f69 #0 PREEMPT(full) 
[  209.711583][ T9732] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  209.711593][ T9732] Call Trace:
[  209.711599][ T9732]  <TASK>
[  209.711606][ T9732]  dump_stack_lvl+0x16c/0x1f0
[  209.711636][ T9732]  should_fail_ex+0x512/0x640
[  209.711659][ T9732]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[  209.711687][ T9732]  should_failslab+0xc2/0x120
[  209.711720][ T9732]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  209.711750][ T9732]  ? __alloc_skb+0x2b2/0x380
[  209.711777][ T9732]  ? bpf_lsm_capable+0x9/0x10
[  209.711800][ T9732]  __alloc_skb+0x2b2/0x380
[  209.711826][ T9732]  ? __pfx___alloc_skb+0x10/0x10
[  209.711850][ T9732]  ? genl_rcv_msg+0x4c0/0x800
[  209.711869][ T9732]  ? genl_rcv_msg+0x4bb/0x800
[  209.711897][ T9732]  netlink_ack+0x15d/0xb80
[  209.711922][ T9732]  netlink_rcv_skb+0x332/0x420
[  209.711942][ T9732]  ? __pfx_genl_rcv_msg+0x10/0x10
[  209.711964][ T9732]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  209.711994][ T9732]  ? netlink_deliver_tap+0x1ae/0xd30
[  209.712017][ T9732]  genl_rcv+0x28/0x40
[  209.712035][ T9732]  netlink_unicast+0x53d/0x7f0
[  209.712059][ T9732]  ? __pfx_netlink_unicast+0x10/0x10
[  209.712087][ T9732]  netlink_sendmsg+0x8d1/0xdd0
[  209.712110][ T9732]  ? __pfx_netlink_sendmsg+0x10/0x10
[  209.712132][ T9732]  ? __import_iovec+0x1dd/0x650
[  209.712156][ T9732]  ____sys_sendmsg+0xa98/0xc70
[  209.712181][ T9732]  ? __pfx_____sys_sendmsg+0x10/0x10
[  209.712200][ T9732]  ? get_compat_msghdr+0x11a/0x170
[  209.712228][ T9732]  ___sys_sendmsg+0x134/0x1d0
[  209.712255][ T9732]  ? __pfx____sys_sendmsg+0x10/0x10
[  209.712294][ T9732]  ? find_held_lock+0x2b/0x80
[  209.712327][ T9732]  __sys_sendmsg+0x16d/0x220
[  209.712343][ T9732]  ? __pfx___sys_sendmsg+0x10/0x10
[  209.712380][ T9732]  ? rcu_is_watching+0x12/0xc0
[  209.712400][ T9732]  __do_fast_syscall_32+0x7c/0x3a0
[  209.712418][ T9732]  do_fast_syscall_32+0x32/0x80
[  209.712434][ T9732]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  209.712453][ T9732] RIP: 0023:0xf7fb5579
[  209.712466][ T9732] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  209.712481][ T9732] RSP: 002b:00000000f50d655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  209.712496][ T9732] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000800001c0
[  209.712506][ T9732] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  209.712516][ T9732] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  209.712525][ T9732] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  209.712534][ T9732] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  209.712557][ T9732]  </TASK>
[  209.831703][    C2] vkms_vblank_simulate: vblank timer overrun
[  210.139229][ T6477] usb 6-1: new high-speed USB device number 11 using dummy_hcd
[  210.276388][ T9736] snd_dummy snd_dummy.0: control 0:0:0:syz1:0 is already present
[  210.289209][ T6477] usb 6-1: Using ep0 maxpacket: 8
[  210.294954][ T6477] usb 6-1: config index 0 descriptor too short (expected 301, got 45)
[  210.297954][ T6477] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  210.301181][ T6477] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  210.304379][ T6477] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  210.307642][ T6477] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  210.311881][ T6477] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  210.314882][ T6477] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  210.521640][ T6477] usb 6-1: GET_CAPABILITIES returned 0
[  210.523776][ T6477] usbtmc 6-1:16.0: can't read capabilities
[  210.563555][ T9746] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1095'.
[  210.620125][ T9748] 9pnet_virtio: no channels available for device syz
[  210.859238][ T5865] usb 8-1: new high-speed USB device number 24 using dummy_hcd
[  211.053747][ T5865] usb 8-1: Using ep0 maxpacket: 8
[  211.084917][ T5865] usb 8-1: config index 0 descriptor too short (expected 301, got 45)
[  211.087577][ T5865] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  211.099489][ T5865] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  211.102498][ T5865] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  211.105685][ T5865] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  211.119494][ T5865] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  211.129467][ T5865] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  211.335123][ T5865] usb 8-1: usb_control_msg returned -32
[  211.336978][ T5865] usbtmc 8-1:16.0: can't read capabilities
[  212.341343][ T9760] cdrom: dropping to single frame dma
[  214.750448][ T5956] Bluetooth: hci1: ACL packet for unknown connection handle 200
[  215.801486][ T9734] usbtmc 6-1:16.0: stb usb_control_msg returned -110
[  215.829612][ T6033] usb 8-1: USB disconnect, device number 24
[  215.829745][   T34] usb 6-1: USB disconnect, device number 11
[  216.987930][ T9801] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1110'.
[  216.993800][ T9801] vcan0: entered promiscuous mode
[  216.996151][ T9801] vcan0: entered allmulticast mode
[  217.013013][ T9802] netlink: 'syz.0.1109': attribute type 10 has an invalid length.
[  217.672462][ T9816] netlink: 'syz.1.1113': attribute type 10 has an invalid length.
[  218.282073][ T9827] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1116'.
[  218.288363][ T9827] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1116'.
[  218.359518][ T9831] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1117'.
[  218.471730][ T9830] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1117'.
[  218.637957][ T9819] syz.0.1114 (9819): drop_caches: 2
[  218.916853][ T9860] loop6: detected capacity change from 0 to 524287999
[  220.385108][ T9896] FAULT_INJECTION: forcing a failure.
[  220.385108][ T9896] name failslab, interval 1, probability 0, space 0, times 0
[  220.389085][ T9896] CPU: 3 UID: 0 PID: 9896 Comm: syz.3.1128 Not tainted 6.16.0-rc1-syzkaller-00101-g27605c8c0f69 #0 PREEMPT(full) 
[  220.389100][ T9896] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  220.389107][ T9896] Call Trace:
[  220.389111][ T9896]  <TASK>
[  220.389115][ T9896]  dump_stack_lvl+0x16c/0x1f0
[  220.389147][ T9896]  should_fail_ex+0x512/0x640
[  220.389164][ T9896]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[  220.389182][ T9896]  should_failslab+0xc2/0x120
[  220.389193][ T9896]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  220.389207][ T9896]  ? __alloc_skb+0x2b2/0x380
[  220.389225][ T9896]  __alloc_skb+0x2b2/0x380
[  220.389240][ T9896]  ? __pfx___alloc_skb+0x10/0x10
[  220.389257][ T9896]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  220.389272][ T9896]  netlink_alloc_large_skb+0x69/0x130
[  220.389285][ T9896]  netlink_sendmsg+0x6a1/0xdd0
[  220.389299][ T9896]  ? __pfx_netlink_sendmsg+0x10/0x10
[  220.389312][ T9896]  ? __import_iovec+0x1dd/0x650
[  220.389325][ T9896]  ____sys_sendmsg+0xa98/0xc70
[  220.389339][ T9896]  ? __pfx_____sys_sendmsg+0x10/0x10
[  220.389350][ T9896]  ? get_compat_msghdr+0x11a/0x170
[  220.389367][ T9896]  ___sys_sendmsg+0x134/0x1d0
[  220.389384][ T9896]  ? __pfx____sys_sendmsg+0x10/0x10
[  220.389407][ T9896]  ? find_held_lock+0x2b/0x80
[  220.389426][ T9896]  __sys_sendmsg+0x16d/0x220
[  220.389436][ T9896]  ? __pfx___sys_sendmsg+0x10/0x10
[  220.389458][ T9896]  ? rcu_is_watching+0x12/0xc0
[  220.389470][ T9896]  __do_fast_syscall_32+0x7c/0x3a0
[  220.389481][ T9896]  do_fast_syscall_32+0x32/0x80
[  220.389491][ T9896]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  220.389508][ T9896] RIP: 0023:0xf708e579
[  220.389516][ T9896] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  220.389526][ T9896] RSP: 002b:00000000f507e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  220.389536][ T9896] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080002f80
[  220.389542][ T9896] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  220.389548][ T9896] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  220.389554][ T9896] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  220.389560][ T9896] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  220.389572][ T9896]  </TASK>
[  220.740592][ T9906] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1132'.
[  220.744730][ T9906] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1132'.
[  220.772834][ T9906] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1132'.
[  220.866660][ T9910] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1132'.
[  220.869574][ T9910] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1132'.
[  220.948523][ T9915] vcan0: entered promiscuous mode
[  220.950253][ T9915] vcan0: entered allmulticast mode
[  221.025267][ T9918] FAULT_INJECTION: forcing a failure.
[  221.025267][ T9918] name failslab, interval 1, probability 0, space 0, times 0
[  221.031005][ T9918] CPU: 1 UID: 0 PID: 9918 Comm: syz.1.1133 Not tainted 6.16.0-rc1-syzkaller-00101-g27605c8c0f69 #0 PREEMPT(full) 
[  221.031046][ T9918] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  221.031058][ T9918] Call Trace:
[  221.031065][ T9918]  <TASK>
[  221.031073][ T9918]  dump_stack_lvl+0x16c/0x1f0
[  221.031105][ T9918]  should_fail_ex+0x512/0x640
[  221.031129][ T9918]  ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0
[  221.031156][ T9918]  should_failslab+0xc2/0x120
[  221.031171][ T9918]  kmem_cache_alloc_lru_noprof+0x72/0x3b0
[  221.031215][ T9918]  ? sock_alloc_inode+0x25/0x1c0
[  221.031240][ T9918]  ? __pfx_sock_alloc_inode+0x10/0x10
[  221.031257][ T9918]  sock_alloc_inode+0x25/0x1c0
[  221.031275][ T9918]  alloc_inode+0x61/0x240
[  221.031294][ T9918]  sock_alloc+0x40/0x280
[  221.031314][ T9918]  __sock_create+0xc1/0x8d0
[  221.031341][ T9918]  rfcomm_l2sock_create+0x2f/0x130
[  221.031365][ T9918]  rfcomm_dlc_open+0x5fb/0xaa0
[  221.031393][ T9918]  ? __pfx_rfcomm_dlc_open+0x10/0x10
[  221.031418][ T9918]  ? find_held_lock+0x2b/0x80
[  221.031436][ T9918]  ? rfcomm_sock_connect+0x3df/0x670
[  221.031453][ T9918]  ? rcu_is_watching+0x12/0xc0
[  221.031470][ T9918]  ? __local_bh_enable_ip+0xa4/0x120
[  221.031493][ T9918]  rfcomm_sock_connect+0x423/0x670
[  221.031516][ T9918]  ? __pfx_rfcomm_sock_connect+0x10/0x10
[  221.031531][ T9918]  __sys_connect_file+0x141/0x1a0
[  221.031558][ T9918]  __sys_connect+0x13b/0x160
[  221.031582][ T9918]  ? __pfx___sys_connect+0x10/0x10
[  221.031615][ T9918]  ? __pfx_ksys_write+0x10/0x10
[  221.031645][ T9918]  __ia32_sys_connect+0x71/0xb0
[  221.031670][ T9918]  ? syscall_enter_from_user_mode_prepare+0x68/0xe0
[  221.031704][ T9918]  __do_fast_syscall_32+0x7c/0x3a0
[  221.031724][ T9918]  do_fast_syscall_32+0x32/0x80
[  221.031741][ T9918]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  221.031763][ T9918] RIP: 0023:0xf7fb5579
[  221.031779][ T9918] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  221.031796][ T9918] RSP: 002b:00000000f509455c EFLAGS: 00000296 ORIG_RAX: 000000000000016a
[  221.031813][ T9918] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000080000080
[  221.031826][ T9918] RDX: 000000000000000a RSI: 0000000000000000 RDI: 0000000000000000
[  221.031836][ T9918] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  221.031845][ T9918] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  221.031856][ T9918] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  221.031879][ T9918]  </TASK>
[  221.031919][ T9918] socket: no more sockets
[  221.319290][   T24] usb 7-1: new high-speed USB device number 9 using dummy_hcd
[  221.479325][   T24] usb 7-1: Using ep0 maxpacket: 32
[  221.483676][   T24] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 9
[  221.489953][   T24] usb 7-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c
[  221.493678][   T24] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  221.496953][   T24] usb 7-1: Product: syz
[  221.498711][   T24] usb 7-1: Manufacturer: syz
[  221.501844][   T24] usb 7-1: SerialNumber: syz
[  221.504708][   T24] usb 7-1: config 0 descriptor??
[  221.507059][ T9910] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  221.515811][   T24] input: syz syz as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:0.0/input/input8
[  221.825323][   T24] usb 7-1: USB disconnect, device number 9
[  221.825377][    C2] usbtouchscreen 7-1:0.0: usbtouch_irq - usb_submit_urb failed with result: -19
[  222.311679][   T40] audit: type=1326 audit(1749795508.503:936): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9932 comm="syz.1.1140" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb5579 code=0x7ffc0000
[  222.319115][   T40] audit: type=1326 audit(1749795508.503:937): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9932 comm="syz.1.1140" exe="/syz-executor" sig=0 arch=40000003 syscall=354 compat=1 ip=0xf7fb5579 code=0x7ffc0000
[  222.326571][   T40] audit: type=1326 audit(1749795508.503:938): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9932 comm="syz.1.1140" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7fb5579 code=0x0
[  222.388091][ T9941] erspan0: entered promiscuous mode
[  222.390856][ T9941] erspan0: entered allmulticast mode
[  222.414762][ T9939] __nla_validate_parse: 1 callbacks suppressed
[  222.414773][ T9939] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1143'.
[  222.878927][ T9955] sysfs: cannot create duplicate filename '/class/ieee80211/!寿$ûÌ'
[  222.902118][ T9955] CPU: 1 UID: 0 PID: 9955 Comm: syz.0.1147 Not tainted 6.16.0-rc1-syzkaller-00101-g27605c8c0f69 #0 PREEMPT(full) 
[  222.902148][ T9955] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  222.902156][ T9955] Call Trace:
[  222.902161][ T9955]  <TASK>
[  222.902165][ T9955]  dump_stack_lvl+0x16c/0x1f0
[  222.902188][ T9955]  sysfs_warn_dup+0x7f/0xa0
[  222.902204][ T9955]  sysfs_do_create_link_sd+0x124/0x140
[  222.902219][ T9955]  sysfs_create_link+0x61/0xc0
[  222.902234][ T9955]  device_add+0x62c/0x1a70
[  222.902247][ T9955]  ? __pfx_device_add+0x10/0x10
[  222.902258][ T9955]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  222.902274][ T9955]  ? ieee80211_set_bitrate_flags+0x243/0x6b0
[  222.902289][ T9955]  wiphy_register+0x1c9c/0x2850
[  222.902301][ T9955]  ? netdev_run_todo+0x864/0x1320
[  222.902317][ T9955]  ? __pfx_wiphy_register+0x10/0x10
[  222.902333][ T9955]  ? ieee80211_init_rate_ctrl_alg+0x125/0x6b0
[  222.902347][ T9955]  ieee80211_register_hw+0x24ac/0x4140
[  222.902364][ T9955]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  222.902378][ T9955]  ? find_held_lock+0x2b/0x80
[  222.902390][ T9955]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  222.902405][ T9955]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[  222.902417][ T9955]  ? __hrtimer_setup+0x176/0x280
[  222.902436][ T9955]  mac80211_hwsim_new_radio+0x3034/0x54d0
[  222.902459][ T9955]  ? __kmalloc_node_track_caller_noprof+0x23e/0x510
[  222.902476][ T9955]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  222.902492][ T9955]  ? __asan_memcpy+0x3c/0x60
[  222.902507][ T9955]  hwsim_new_radio_nl+0xb51/0x12c0
[  222.902523][ T9955]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  222.902543][ T9955]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290
[  222.902557][ T9955]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290
[  222.902574][ T9955]  genl_family_rcv_msg_doit+0x206/0x2f0
[  222.902588][ T9955]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  222.902602][ T9955]  ? trace_cap_capable+0x18d/0x200
[  222.902616][ T9955]  ? bpf_lsm_capable+0x9/0x10
[  222.902627][ T9955]  ? security_capable+0x7e/0x260
[  222.902638][ T9955]  ? ns_capable+0xd7/0x110
[  222.902649][ T9955]  genl_rcv_msg+0x55c/0x800
[  222.902664][ T9955]  ? __pfx_genl_rcv_msg+0x10/0x10
[  222.902678][ T9955]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  222.902701][ T9955]  ? __lock_acquire+0x622/0x1c90
[  222.902716][ T9955]  netlink_rcv_skb+0x155/0x420
[  222.902729][ T9955]  ? __pfx_genl_rcv_msg+0x10/0x10
[  222.902743][ T9955]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  222.902763][ T9955]  ? netlink_deliver_tap+0x1ae/0xd30
[  222.902774][ T9955]  ? is_vmalloc_addr+0x86/0xa0
[  222.902791][ T9955]  genl_rcv+0x28/0x40
[  222.902804][ T9955]  netlink_unicast+0x53d/0x7f0
[  222.902818][ T9955]  ? __pfx_netlink_unicast+0x10/0x10
[  222.902834][ T9955]  netlink_sendmsg+0x8d1/0xdd0
[  222.902849][ T9955]  ? __pfx_netlink_sendmsg+0x10/0x10
[  222.902862][ T9955]  ? __import_iovec+0x1dd/0x650
[  222.902892][ T9955]  ____sys_sendmsg+0xa98/0xc70
[  222.902907][ T9955]  ? __pfx_____sys_sendmsg+0x10/0x10
[  222.902920][ T9955]  ? get_compat_msghdr+0x11a/0x170
[  222.902933][ T9955]  ? __pfx_futex_wake_mark+0x10/0x10
[  222.902957][ T9955]  ___sys_sendmsg+0x134/0x1d0
[  222.902982][ T9955]  ? __pfx____sys_sendmsg+0x10/0x10
[  222.903019][ T9955]  ? find_held_lock+0x2b/0x80
[  222.903055][ T9955]  __sys_sendmsg+0x16d/0x220
[  222.903071][ T9955]  ? __pfx___sys_sendmsg+0x10/0x10
[  222.903086][ T9955]  ? __ia32_sys_futex_time32+0x1d9/0x460
[  222.903106][ T9955]  ? rcu_is_watching+0x12/0xc0
[  222.903118][ T9955]  __do_fast_syscall_32+0x7c/0x3a0
[  222.903130][ T9955]  do_fast_syscall_32+0x32/0x80
[  222.903140][ T9955]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  222.903153][ T9955] RIP: 0023:0xf712e579
[  222.903162][ T9955] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  222.903172][ T9955] RSP: 002b:00000000f50dc55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  222.903209][ T9955] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000080000040
[  222.903218][ T9955] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  222.903225][ T9955] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  222.903231][ T9955] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  222.903237][ T9955] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  222.903252][ T9955]  </TASK>
[  223.449274][   T34] usb 8-1: new high-speed USB device number 25 using dummy_hcd
[  223.490682][ T9965] FAULT_INJECTION: forcing a failure.
[  223.490682][ T9965] name failslab, interval 1, probability 0, space 0, times 0
[  223.494994][ T9965] CPU: 1 UID: 0 PID: 9965 Comm: syz.1.1151 Not tainted 6.16.0-rc1-syzkaller-00101-g27605c8c0f69 #0 PREEMPT(full) 
[  223.495020][ T9965] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  223.495026][ T9965] Call Trace:
[  223.495031][ T9965]  <TASK>
[  223.495036][ T9965]  dump_stack_lvl+0x16c/0x1f0
[  223.495056][ T9965]  should_fail_ex+0x512/0x640
[  223.495072][ T9965]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[  223.495089][ T9965]  should_failslab+0xc2/0x120
[  223.495099][ T9965]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  223.495114][ T9965]  ? alloc_empty_file+0x55/0x1e0
[  223.495127][ T9965]  alloc_empty_file+0x55/0x1e0
[  223.495137][ T9965]  path_openat+0xda/0x2cb0
[  223.495151][ T9965]  ? do_fast_syscall_32+0x32/0x80
[  223.495160][ T9965]  ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  223.495192][ T9965]  ? __pfx_path_openat+0x10/0x10
[  223.495211][ T9965]  do_filp_open+0x20b/0x470
[  223.495225][ T9965]  ? __pfx_do_filp_open+0x10/0x10
[  223.495249][ T9965]  ? _raw_spin_unlock+0x28/0x50
[  223.495263][ T9965]  ? alloc_fd+0x471/0x7d0
[  223.495280][ T9965]  do_sys_openat2+0x11b/0x1d0
[  223.495291][ T9965]  ? __pfx_do_sys_openat2+0x10/0x10
[  223.495303][ T9965]  ? __pfx___schedule+0x10/0x10
[  223.495316][ T9965]  ? __fget_files+0x20e/0x3c0
[  223.495328][ T9965]  ? handle_mm_fault+0x230/0xd10
[  223.495344][ T9965]  __ia32_compat_sys_openat+0x16d/0x210
[  223.495356][ T9965]  ? __pfx___ia32_compat_sys_openat+0x10/0x10
[  223.495368][ T9965]  ? ksys_write+0x1ac/0x250
[  223.495386][ T9965]  ? rcu_is_watching+0x12/0xc0
[  223.495399][ T9965]  __do_fast_syscall_32+0x7c/0x3a0
[  223.495410][ T9965]  do_fast_syscall_32+0x32/0x80
[  223.495419][ T9965]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  223.495431][ T9965] RIP: 0023:0xf7fb5579
[  223.495440][ T9965] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  223.495450][ T9965] RSP: 002b:00000000f50b5100 EFLAGS: 00000293 ORIG_RAX: 0000000000000127
[  223.495460][ T9965] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 00000000f50b5150
[  223.495466][ T9965] RDX: 0000000000000002 RSI: 0000000000000000 RDI: 00000000f7442ff4
[  223.495472][ T9965] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000
[  223.495477][ T9965] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  223.495483][ T9965] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  223.495496][ T9965]  </TASK>
[  223.649265][   T34] usb 8-1: Using ep0 maxpacket: 8
[  223.652258][   T34] usb 8-1: config index 0 descriptor too short (expected 301, got 45)
[  223.654798][   T34] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  223.657770][   T34] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  223.661336][   T34] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  223.664423][   T34] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  223.669054][   T34] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  223.672905][   T34] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  223.910489][ T5963] Bluetooth: hci3: command 0x0c1a tx timeout
[  223.987419][   T34] usb 8-1: usb_control_msg returned -32
[  223.991230][   T34] usbtmc 8-1:16.0: can't read capabilities
[  224.196811][   T40] audit: type=1326 audit(1749795510.383:939): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9974 comm="syz.1.1155" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7fb5579 code=0x0
[  224.258758][ T9975] lo speed is unknown, defaulting to 1000
[  224.340931][ T9982] usbtmc 8-1:16.0: control status returned 0
[  224.551289][ T6033] usb 8-1: USB disconnect, device number 25
[  224.771855][ T9993] FAULT_INJECTION: forcing a failure.
[  224.771855][ T9993] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  224.776084][ T9993] CPU: 3 UID: 0 PID: 9993 Comm: syz.0.1160 Not tainted 6.16.0-rc1-syzkaller-00101-g27605c8c0f69 #0 PREEMPT(full) 
[  224.776098][ T9993] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  224.776105][ T9993] Call Trace:
[  224.776109][ T9993]  <TASK>
[  224.776114][ T9993]  dump_stack_lvl+0x16c/0x1f0
[  224.776134][ T9993]  should_fail_ex+0x512/0x640
[  224.776152][ T9993]  _copy_from_user+0x2e/0xd0
[  224.776168][ T9993]  snd_pcm_oss_write2+0x1c2/0x410
[  224.776182][ T9993]  ? __pfx_snd_pcm_oss_write2+0x10/0x10
[  224.776193][ T9993]  ? snd_pcm_kernel_ioctl+0x267/0x2e0
[  224.776207][ T9993]  ? snd_pcm_oss_prepare+0x11e/0x220
[  224.776221][ T9993]  snd_pcm_oss_write+0x711/0xa10
[  224.776234][ T9993]  ? security_file_permission+0x71/0x210
[  224.776251][ T9993]  ? __pfx_snd_pcm_oss_write+0x10/0x10
[  224.776262][ T9993]  vfs_write+0x2a0/0x1150
[  224.776281][ T9993]  ? __pfx_vfs_write+0x10/0x10
[  224.776294][ T9993]  ? find_held_lock+0x2b/0x80
[  224.776304][ T9993]  ? __fget_files+0x204/0x3c0
[  224.776320][ T9993]  ? __fget_files+0x20e/0x3c0
[  224.776332][ T9993]  ? handle_mm_fault+0x230/0xd10
[  224.776355][ T9993]  ksys_write+0x12a/0x250
[  224.776369][ T9993]  ? __pfx_ksys_write+0x10/0x10
[  224.776383][ T9993]  ? rcu_is_watching+0x12/0xc0
[  224.776397][ T9993]  __do_fast_syscall_32+0x7c/0x3a0
[  224.776408][ T9993]  do_fast_syscall_32+0x32/0x80
[  224.776417][ T9993]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  224.776430][ T9993] RIP: 0023:0xf712e579
[  224.776439][ T9993] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  224.776450][ T9993] RSP: 002b:00000000f511e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000004
[  224.776460][ T9993] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800012c0
[  224.776466][ T9993] RDX: 0000000000004000 RSI: 0000000000000000 RDI: 0000000000000000
[  224.776472][ T9993] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  224.776478][ T9993] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  224.776484][ T9993] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  224.776497][ T9993]  </TASK>
[  225.013900][ T9995] 9pnet_virtio: no channels available for device syz
[  225.742626][T10026] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1172'.
[  226.049271][ T5865] usb 7-1: new high-speed USB device number 10 using dummy_hcd
[  226.219289][ T5865] usb 7-1: Using ep0 maxpacket: 8
[  226.222754][ T5865] usb 7-1: config index 0 descriptor too short (expected 301, got 45)
[  226.226005][ T5865] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  226.230108][ T5865] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  226.233799][ T5865] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  226.237545][ T5865] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  226.249286][ T5865] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  226.252825][ T5865] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  226.298138][T10039] snd_dummy snd_dummy.0: control 0:0:0:syz1:0 is already present
[  226.359390][T10042] snd_dummy snd_dummy.0: control 0:0:0:syz1:0 is already present
[  226.462253][ T5865] usb 7-1: usb_control_msg returned -32
[  226.464060][ T5865] usbtmc 7-1:16.0: can't read capabilities
[  226.539930][T10046] delete_channel: no stack
[  226.554030][T10048] bond_slave_1: entered promiscuous mode
[  226.556663][T10048] bond_slave_1: left promiscuous mode
[  226.815436][T10060] usbtmc 7-1:16.0: control status returned 0
[  227.019204][    T9] usb 7-1: USB disconnect, device number 10
[  227.204017][   T40] audit: type=1326 audit(1749795513.393:940): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10061 comm="syz.3.1183" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf708e579 code=0x0
[  227.587408][   T34] hid-generic 0002:0004:0000.0028: unknown main item tag 0x0
[  227.592550][   T34] hid-generic 0002:0004:0000.0028: unknown main item tag 0x0
[  227.595126][   T34] hid-generic 0002:0004:0000.0028: unknown main item tag 0x0
[  227.601035][   T34] hid-generic 0002:0004:0000.0028: hidraw1: <UNKNOWN> HID vffffff.ff Device [syz0] on syz0
[  227.907885][T10080] snd_dummy snd_dummy.0: control 0:0:0:syz1:0 is already present
[  228.656723][T10097] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1193'.
[  228.779244][T10099] /dev/nbd3: Can't open blockdev
[  229.229309][   T59] usb 8-1: new high-speed USB device number 26 using dummy_hcd
[  229.379244][   T59] usb 8-1: Using ep0 maxpacket: 8
[  229.390872][   T59] usb 8-1: config index 0 descriptor too short (expected 301, got 45)
[  229.394133][   T59] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  229.397620][   T59] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  229.415079][   T59] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  229.418850][   T59] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  229.439337][   T59] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  229.442096][   T59] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  229.533562][ T5963] Bluetooth: hci1: unexpected Set CIG Parameters response data
[  229.542557][ T5963] Bluetooth: hci1: unexpected event for opcode 0x2062
[  229.683015][   T59] usb 8-1: usb_control_msg returned -32
[  229.684885][   T59] usbtmc 8-1:16.0: can't read capabilities
[  230.034866][T10114] usbtmc 8-1:16.0: control status returned 0
[  230.235581][   T59] usb 8-1: USB disconnect, device number 26
[  230.295286][T10116] netlink: 'syz.2.1199': attribute type 10 has an invalid length.
[  230.473810][T10126] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1202'.
[  230.708181][T10136] snd_dummy snd_dummy.0: control 0:0:0:syz1:0 is already present
[  231.545189][T10154] netlink: 'syz.3.1211': attribute type 10 has an invalid length.
[  231.551447][ T5963] Bluetooth: hci1: command 0x0c1a tx timeout
[  231.663753][T10161] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1212'.
[  232.035952][T10167] snd_dummy snd_dummy.0: control 0:0:0:syz1:0 is already present
[  232.057454][ T5963] Bluetooth: hci1: ACL packet for unknown connection handle 201
[  232.187364][T10173] fuse: Bad value for 'fd'
[  232.197161][   T40] audit: type=1804 audit(1749795518.383:941): pid=10173 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.1217" name="/newroot/255/file0" dev="tmpfs" ino=1371 res=1 errno=0
[  232.860964][T10192] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1224'.
[  232.893022][   T59] hid-generic 0002:0004:0000.0029: unknown main item tag 0x0
[  232.895200][   T59] hid-generic 0002:0004:0000.0029: unknown main item tag 0x0
[  232.897507][   T59] hid-generic 0002:0004:0000.0029: unknown main item tag 0x0
[  232.900856][   T59] hid-generic 0002:0004:0000.0029: hidraw1: <UNKNOWN> HID vffffff.ff Device [syz0] on syz0
[  233.312404][T10205] snd_dummy snd_dummy.0: control 0:0:0:syz1:0 is already present
[  233.551206][ T5963] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0
[  233.553998][ T5963] Bluetooth: hci1: Injecting HCI hardware error event
[  233.557195][ T5963] Bluetooth: hci1: hardware error 0x00
[  233.715691][ T5956] Bluetooth: hci0: unexpected Set CIG Parameters response data
[  233.718946][ T5956] Bluetooth: hci0: unexpected event for opcode 0x2062
[  233.968677][   T40] audit: type=1326 audit(1749795520.153:942): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10216 comm="syz.2.1230" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f56579 code=0x0
[  235.168383][T10245] snd_dummy snd_dummy.0: control 0:0:0:syz1:0 is already present
[  235.629459][ T5963] Bluetooth: hci1: Opcode 0x0c03 failed: -110
[  235.789339][ T5963] Bluetooth: hci0: command 0x0c1a tx timeout
[  236.252090][T10258] netlink: 'syz.1.1242': attribute type 10 has an invalid length.
[  236.700473][T10273] fuse: Bad value for 'fd'
[  237.579667][T10294] netlink: 'syz.2.1254': attribute type 10 has an invalid length.
[  237.702689][T10301] netlink: 140 bytes leftover after parsing attributes in process `syz.2.1257'.
[  237.790109][ T5963] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0
[  237.793063][ T5963] Bluetooth: hci0: Injecting HCI hardware error event
[  237.797392][ T5956] Bluetooth: hci0: hardware error 0x00
[  237.980601][T10308] fuse: Bad value for 'fd'
[  238.435868][T10317] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1261'.
[  238.438887][T10317] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1261'.
[  238.441831][T10317] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1261'.
[  238.444663][T10317] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1261'.
[  238.448163][T10317] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1261'.
[  238.451431][T10317] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1261'.
[  238.454275][T10317] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1261'.
[  238.457549][T10317] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1261'.
[  238.460846][T10317] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1261'.
[  239.869340][ T5956] Bluetooth: hci0: Opcode 0x0c03 failed: -110
[  239.949271][   T59] usb 7-1: new high-speed USB device number 11 using dummy_hcd
[  240.162388][   T59] usb 7-1: Using ep0 maxpacket: 8
[  240.165396][   T59] usb 7-1: config index 0 descriptor too short (expected 301, got 45)
[  240.167976][   T59] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  240.171265][   T59] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  240.174307][   T59] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  240.177367][   T59] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  240.181699][   T59] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  240.184524][   T59] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  240.392942][   T59] usb 7-1: usb_control_msg returned -32
[  240.394789][   T59] usbtmc 7-1:16.0: can't read capabilities
[  240.749402][T10358] usbtmc 7-1:16.0: control status returned 0
[  240.951489][ T5865] usb 7-1: USB disconnect, device number 11
[  241.175351][T10368] FAULT_INJECTION: forcing a failure.
[  241.175351][T10368] name failslab, interval 1, probability 0, space 0, times 0
[  241.179631][T10368] CPU: 0 UID: 0 PID: 10368 Comm: syz.3.1277 Not tainted 6.16.0-rc1-syzkaller-00101-g27605c8c0f69 #0 PREEMPT(full) 
[  241.179647][T10368] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  241.179654][T10368] Call Trace:
[  241.179657][T10368]  <TASK>
[  241.179662][T10368]  dump_stack_lvl+0x16c/0x1f0
[  241.179682][T10368]  should_fail_ex+0x512/0x640
[  241.179698][T10368]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[  241.179715][T10368]  should_failslab+0xc2/0x120
[  241.179725][T10368]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  241.179739][T10368]  ? consume_skb+0xcc/0x100
[  241.179750][T10368]  ? __alloc_skb+0x2b2/0x380
[  241.179767][T10368]  __alloc_skb+0x2b2/0x380
[  241.179782][T10368]  ? __pfx___alloc_skb+0x10/0x10
[  241.179801][T10368]  netlink_ack+0x15d/0xb80
[  241.179814][T10368]  ? __pfx___dev_queue_xmit+0x10/0x10
[  241.179831][T10368]  netlink_rcv_skb+0x332/0x420
[  241.179842][T10368]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  241.179857][T10368]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  241.179875][T10368]  ? ns_capable+0xd7/0x110
[  241.179887][T10368]  nfnetlink_rcv+0x1b3/0x430
[  241.179900][T10368]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  241.179913][T10368]  ? netlink_deliver_tap+0x1ae/0xd30
[  241.179927][T10368]  netlink_unicast+0x53d/0x7f0
[  241.179940][T10368]  ? __pfx_netlink_unicast+0x10/0x10
[  241.179955][T10368]  netlink_sendmsg+0x8d1/0xdd0
[  241.179969][T10368]  ? __pfx_netlink_sendmsg+0x10/0x10
[  241.179981][T10368]  ? __import_iovec+0x1dd/0x650
[  241.179994][T10368]  ____sys_sendmsg+0xa98/0xc70
[  241.180008][T10368]  ? __pfx_____sys_sendmsg+0x10/0x10
[  241.180020][T10368]  ? get_compat_msghdr+0x11a/0x170
[  241.180036][T10368]  ___sys_sendmsg+0x134/0x1d0
[  241.180053][T10368]  ? __pfx____sys_sendmsg+0x10/0x10
[  241.180075][T10368]  ? find_held_lock+0x2b/0x80
[  241.180094][T10368]  __sys_sendmsg+0x16d/0x220
[  241.180103][T10368]  ? __pfx___sys_sendmsg+0x10/0x10
[  241.180125][T10368]  ? rcu_is_watching+0x12/0xc0
[  241.180137][T10368]  __do_fast_syscall_32+0x7c/0x3a0
[  241.180148][T10368]  do_fast_syscall_32+0x32/0x80
[  241.180158][T10368]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  241.180171][T10368] RIP: 0023:0xf708e579
[  241.180180][T10368] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  241.180190][T10368] RSP: 002b:00000000f507e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  241.180200][T10368] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000300
[  241.180206][T10368] RDX: 0000000000008000 RSI: 0000000000000000 RDI: 0000000000000000
[  241.180212][T10368] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  241.180218][T10368] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  241.180223][T10368] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  241.180236][T10368]  </TASK>
[  242.552219][T10394] 9pnet_virtio: no channels available for device syz
[  242.796481][T10398] __nla_validate_parse: 8 callbacks suppressed
[  242.796499][T10398] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1286'.
[  243.149922][T10404] snd_dummy snd_dummy.0: control 0:0:0:syz1:0 is already present
[  243.369260][T10410] netlink: 'syz.3.1290': attribute type 10 has an invalid length.
[  244.132494][T10419] 9pnet_virtio: no channels available for device syz
[  244.222669][T10423] syz_tun: entered allmulticast mode
[  244.242013][T10422] syz_tun: left allmulticast mode
[  244.840970][T10439] syz.2.1300 (10439): drop_caches: 2
[  245.853421][T10446] 9pnet_virtio: no channels available for device syz
[  247.009334][ T6015] usb 6-1: new high-speed USB device number 12 using dummy_hcd
[  247.159249][ T6015] usb 6-1: Using ep0 maxpacket: 8
[  247.218555][T10474] syz.2.1313 (10474): drop_caches: 2
[  247.839011][ T6015] usb 6-1: config index 0 descriptor too short (expected 301, got 45)
[  247.937258][ T6015] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  247.940905][ T6015] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  247.944340][ T6015] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  247.947828][ T6015] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  247.951983][ T6015] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  247.954829][ T6015] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  248.162522][ T6015] usb 6-1: usb_control_msg returned -32
[  248.164371][ T6015] usbtmc 6-1:16.0: can't read capabilities
[  248.286577][T10495] netlink: 'syz.2.1316': attribute type 10 has an invalid length.
[  248.446524][T10494] snd_dummy snd_dummy.0: control 0:0:0:syz1:0 is already present
[  248.520762][T10497] usbtmc 6-1:16.0: control status returned 0
[  248.723076][ T6033] usb 6-1: USB disconnect, device number 12
[  249.149113][T10508] syz.2.1325 (10508): drop_caches: 2
[  250.973078][   T40] audit: type=1326 audit(1749795537.163:943): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10537 comm="syz.0.1337" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf712e579 code=0x0
[  252.293591][   T40] audit: type=1326 audit(1749795538.483:944): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10558 comm="syz.0.1345" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf712e579 code=0x0
[  252.798566][T10566] snd_dummy snd_dummy.0: control 0:0:0:syz1:0 is already present
[  253.773228][T10589] netlink: 'syz.3.1353': attribute type 10 has an invalid length.
[  254.118820][T10595] snd_dummy snd_dummy.0: control 0:0:0:syz1:0 is already present
[  254.799297][ T6033] usb 8-1: new high-speed USB device number 27 using dummy_hcd
[  254.970605][ T6033] usb 8-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  254.974733][ T6033] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  254.979052][ T6033] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  254.984025][ T6033] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  254.989512][ T6033] usb 8-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  254.992690][ T6033] usb 8-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  254.995687][ T6033] usb 8-1: Manufacturer: syz
[  255.000080][ T6033] usb 8-1: config 0 descriptor??
[  255.161723][ T1421] ieee802154 phy0 wpan0: encryption failed: -22
[  255.163769][ T1421] ieee802154 phy1 wpan1: encryption failed: -22
[  255.417465][ T6033] appleir 0003:05AC:8243.002A: unknown main item tag 0x0
[  255.431854][ T6033] appleir 0003:05AC:8243.002A: No inputs registered, leaving
[  255.445336][ T6033] appleir 0003:05AC:8243.002A: hiddev0,hidraw1: USB HID v0.00 Device [syz] on usb-dummy_hcd.3-1/input0
[  255.769295][   T59] usb 6-1: new high-speed USB device number 13 using dummy_hcd
[  255.919215][   T59] usb 6-1: Using ep0 maxpacket: 8
[  255.921991][   T59] usb 6-1: config index 0 descriptor too short (expected 301, got 45)
[  255.924583][   T59] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  255.928135][   T59] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  255.932341][   T59] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  255.936056][   T59] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  255.941197][   T59] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  255.944365][   T59] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  256.020689][T10628] syz.2.1370 (10628): drop_caches: 2
[  256.118064][T10632] snd_dummy snd_dummy.0: control 0:0:0:syz1:0 is already present
[  256.155374][   T59] usb 6-1: usb_control_msg returned -32
[  256.157395][   T59] usbtmc 6-1:16.0: can't read capabilities
[  256.579828][T10644] netlink: 'syz.0.1374': attribute type 10 has an invalid length.
[  256.959627][T10654] syz.2.1379 (10654): drop_caches: 2
[  257.521415][   T61] usb 8-1: USB disconnect, device number 27
[  257.523407][T10670] snd_dummy snd_dummy.0: control 0:0:0:syz1:0 is already present
[  258.196108][T10681] syz.0.1388 (10681): drop_caches: 2
[  258.254923][T10684] snd_dummy snd_dummy.0: control 0:0:0:syz1:0 is already present
[  258.562124][   T59] usb 6-1: USB disconnect, device number 13
[  258.706947][T10687] syz.2.1390 (10687): drop_caches: 2
[  259.614117][ T6051] hid-generic 0002:0004:0000.002B: unknown main item tag 0x0
[  259.616481][ T6051] hid-generic 0002:0004:0000.002B: unknown main item tag 0x0
[  259.618761][ T6051] hid-generic 0002:0004:0000.002B: unknown main item tag 0x0
[  259.623392][ T6051] hid-generic 0002:0004:0000.002B: hidraw1: <UNKNOWN> HID vffffff.ff Device [syz0] on syz0
[  259.654838][T10702] fido_id[10702]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  259.920055][   T59] usb 6-1: new high-speed USB device number 14 using dummy_hcd
[  259.984159][T10710] fuse: Bad value for 'group_id'
[  259.985772][T10710] fuse: Bad value for 'group_id'
[  260.021204][T10712] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1400'.
[  260.024924][T10712] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1400'.
[  260.071677][   T59] usb 6-1: Using ep0 maxpacket: 8
[  260.075144][   T59] usb 6-1: config index 0 descriptor too short (expected 301, got 45)
[  260.077722][   T59] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  260.081639][   T59] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  260.084640][   T59] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  260.087695][   T59] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  260.096069][   T59] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  260.098982][   T59] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  260.146187][ T6033] hid-generic 0002:0004:0000.002C: unknown main item tag 0x0
[  260.148559][ T6033] hid-generic 0002:0004:0000.002C: unknown main item tag 0x0
[  260.152003][ T6033] hid-generic 0002:0004:0000.002C: unknown main item tag 0x0
[  260.156272][ T6033] hid-generic 0002:0004:0000.002C: hidraw1: <UNKNOWN> HID vffffff.ff Device [syz0] on syz0
[  260.189422][T10722] fido_id[10722]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  260.457910][   T59] usb 6-1: usb_control_msg returned -32
[  260.459763][   T59] usbtmc 6-1:16.0: can't read capabilities
[  260.477931][T10731] snd_dummy snd_dummy.0: control 0:0:0:syz1:0 is already present
[  260.679441][T10735] usbtmc 6-1:16.0: control status returned 0
[  260.883540][ T5865] usb 6-1: USB disconnect, device number 14
[  261.069317][ T6477] usb 8-1: new high-speed USB device number 28 using dummy_hcd
[  261.122120][ T6015] hid-generic 0002:0004:0000.002D: unknown main item tag 0x0
[  261.125269][ T6015] hid-generic 0002:0004:0000.002D: unknown main item tag 0x0
[  261.135999][ T6015] hid-generic 0002:0004:0000.002D: unknown main item tag 0x0
[  261.142639][ T6015] hid-generic 0002:0004:0000.002D: hidraw1: <UNKNOWN> HID vffffff.ff Device [syz0] on syz0
[  261.193786][T10749] fido_id[10749]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  261.219256][ T6477] usb 8-1: Using ep0 maxpacket: 8
[  261.226165][ T6477] usb 8-1: config index 0 descriptor too short (expected 301, got 45)
[  261.231072][ T6477] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  261.235170][ T6477] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  261.239383][ T6477] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  261.244053][ T6477] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  261.249582][ T6477] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  261.253429][ T6477] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  261.358166][   T40] audit: type=1326 audit(1749795547.543:945): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10758 comm="syz.2.1419" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f56579 code=0x0
[  261.464666][ T6477] usb 8-1: usb_control_msg returned -32
[  261.466521][ T6477] usbtmc 8-1:16.0: can't read capabilities
[  261.821457][T10764] usbtmc 8-1:16.0: control status returned 0
[  262.029426][   T59] usb 8-1: USB disconnect, device number 28
[  262.240695][T10770] syzkaller0: entered promiscuous mode
[  262.242446][T10770] syzkaller0: entered allmulticast mode
[  263.589126][   T40] audit: type=1326 audit(1749795549.773:946): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10795 comm="syz.1.1431" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7fb5579 code=0x0
[  264.464020][    T9] hid-generic 0002:0004:0000.002E: unknown main item tag 0x0
[  264.471338][    T9] hid-generic 0002:0004:0000.002E: unknown main item tag 0x0
[  264.473925][    T9] hid-generic 0002:0004:0000.002E: unknown main item tag 0x0
[  264.480758][    T9] hid-generic 0002:0004:0000.002E: hidraw1: <UNKNOWN> HID vffffff.ff Device [syz0] on syz0
[  264.527090][T10810] fido_id[10810]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  264.642164][T10803] syz.2.1434 (10803): drop_caches: 2
[  265.438851][   T40] audit: type=1326 audit(1749795551.623:947): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10828 comm="syz.1.1444" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7fb5579 code=0x0
[  266.219238][T10841] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1449'.
[  266.222132][T10841] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1449'.
[  266.252203][T10843] dlm: no local IP address has been set
[  266.254164][T10843] dlm: cannot start dlm midcomms -107
[  266.334777][T10849] input: syz0 as /devices/virtual/input/input10
[  267.104549][T10860] cgroup: fork rejected by pids controller in /syz0
[  267.267660][T10993] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1458'.
[  267.271251][T10993] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1458'.
[  267.587981][T11006] input: syz0 as /devices/virtual/input/input11
[  267.619320][  T839] usb 7-1: new high-speed USB device number 12 using dummy_hcd
[  267.637218][T11008] fuse: Unknown parameter 'grou00000000000000000000'
[  267.769279][  T839] usb 7-1: device descriptor read/64, error -71
[  268.009305][  T839] usb 7-1: new high-speed USB device number 13 using dummy_hcd
[  268.075927][T11015] FAULT_INJECTION: forcing a failure.
[  268.075927][T11015] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  268.081638][T11015] CPU: 1 UID: 0 PID: 11015 Comm: syz.0.1468 Not tainted 6.16.0-rc1-syzkaller-00101-g27605c8c0f69 #0 PREEMPT(full) 
[  268.081662][T11015] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  268.081673][T11015] Call Trace:
[  268.081679][T11015]  <TASK>
[  268.081686][T11015]  dump_stack_lvl+0x16c/0x1f0
[  268.081718][T11015]  should_fail_ex+0x512/0x640
[  268.081744][T11015]  ? __pfx_device_write+0x10/0x10
[  268.081764][T11015]  ? __pfx_device_write+0x10/0x10
[  268.081780][T11015]  _copy_from_user+0x2e/0xd0
[  268.081808][T11015]  memdup_user_nul+0x6c/0x120
[  268.081826][T11015]  device_write+0xc1/0x1e60
[  268.081845][T11015]  ? __pfx_device_write+0x10/0x10
[  268.081862][T11015]  ? apparmor_file_permission+0x251/0x400
[  268.081883][T11015]  ? bpf_lsm_file_permission+0x9/0x10
[  268.081902][T11015]  ? security_file_permission+0x71/0x210
[  268.081925][T11015]  ? rw_verify_area+0xcf/0x680
[  268.081949][T11015]  ? __pfx_device_write+0x10/0x10
[  268.081966][T11015]  vfs_write+0x2a0/0x1150
[  268.081994][T11015]  ? __pfx_vfs_write+0x10/0x10
[  268.082015][T11015]  ? find_held_lock+0x2b/0x80
[  268.082033][T11015]  ? __fget_files+0x204/0x3c0
[  268.082059][T11015]  ? __fget_files+0x20e/0x3c0
[  268.082079][T11015]  ? handle_mm_fault+0x230/0xd10
[  268.082108][T11015]  ksys_write+0x12a/0x250
[  268.082132][T11015]  ? __pfx_ksys_write+0x10/0x10
[  268.082157][T11015]  ? rcu_is_watching+0x12/0xc0
[  268.082179][T11015]  __do_fast_syscall_32+0x7c/0x3a0
[  268.082199][T11015]  do_fast_syscall_32+0x32/0x80
[  268.082231][T11015]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  268.082253][T11015] RIP: 0023:0xf712e579
[  268.082267][T11015] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  268.082283][T11015] RSP: 002b:00000000f511e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000004
[  268.082301][T11015] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800005c0
[  268.082318][T11015] RDX: 0000000000000070 RSI: 0000000000000000 RDI: 0000000000000000
[  268.082328][T11015] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  268.082338][T11015] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  268.082348][T11015] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  268.082371][T11015]  </TASK>
[  268.154881][T11017] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1469'.
[  268.157344][    C1] vkms_vblank_simulate: vblank timer overrun
[  268.182220][T11017] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1469'.
[  268.199283][  T839] usb 7-1: device descriptor read/64, error -71
[  268.319883][  T839] usb usb7-port1: attempt power cycle
[  268.351601][T11028] fuse: Unknown parameter 'grou00000000000000000000'
[  268.384661][T11022] syz.0.1470 (11022): drop_caches: 2
[  268.397976][T11030] input: syz0 as /devices/virtual/input/input12
[  268.577773][T11034] syz.3.1476 (11034): drop_caches: 2
[  268.682442][  T839] usb 7-1: new high-speed USB device number 14 using dummy_hcd
[  268.733610][  T839] usb 7-1: device descriptor read/8, error -71
[  268.989405][  T839] usb 7-1: new high-speed USB device number 15 using dummy_hcd
[  269.011973][  T839] usb 7-1: device descriptor read/8, error -71
[  269.089954][T11038] syz.1.1477 (11038): drop_caches: 2
[  269.121768][  T839] usb usb7-port1: unable to enumerate USB device
[  269.395080][T11043] dlm: no local IP address has been set
[  269.396869][T11043] dlm: cannot start dlm midcomms -107
[  270.209237][   T34] usb 6-1: new high-speed USB device number 15 using dummy_hcd
[  270.362345][   T34] usb 6-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  270.366797][   T34] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  270.371578][   T34] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  270.377629][   T34] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  270.382778][   T34] usb 6-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  270.385557][   T34] usb 6-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  270.388066][   T34] usb 6-1: Manufacturer: syz
[  270.391021][   T34] usb 6-1: config 0 descriptor??
[  270.480420][T11063] snd_dummy snd_dummy.0: control 0:0:0:syz1:0 is already present
[  270.659088][T11067] syz.0.1487 (11067): drop_caches: 2
[  270.826629][   T34] appleir 0003:05AC:8243.002F: unknown main item tag 0x0
[  270.902956][   T34] appleir 0003:05AC:8243.002F: No inputs registered, leaving
[  270.909629][   T34] appleir 0003:05AC:8243.002F: hiddev0,hidraw1: USB HID v0.00 Device [syz] on usb-dummy_hcd.1-1/input0
[  271.141364][T11074] input: syz0 as /devices/virtual/input/input13
[  271.757442][T11088] fuse: Unknown parameter 'group_i00000000000000000000'
[  272.106832][T11086] snd_dummy snd_dummy.0: control 0:0:0:syz1:0 is already present
[  272.259220][   T34] usb 6-1: reset high-speed USB device number 15 using dummy_hcd
[  272.399282][   T34] usb 6-1: device descriptor read/64, error -32
[  272.509455][T11099] syz.2.1496 (11099): drop_caches: 2
[  272.659207][   T34] usb 6-1: reset high-speed USB device number 15 using dummy_hcd
[  272.884360][   T34] usb 6-1: device descriptor read/64, error -32
[  273.189278][   T34] usb 6-1: reset high-speed USB device number 15 using dummy_hcd
[  273.490864][T11105] snd_dummy snd_dummy.0: control 0:0:0:syz1:0 is already present
[  273.493840][   T34] usb 6-1: device not accepting address 15, error -71
[  273.499734][T11109] syz.0.1499 (11109): drop_caches: 2
[  273.775393][T11116] fuse: Unknown parameter 'group_i00000000000000000000'
[  274.155870][T11132] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1509'.
[  274.325980][T11137] netlink: 'syz.2.1502': attribute type 10 has an invalid length.
[  274.423473][T11139] netlink: 44 bytes leftover after parsing attributes in process `syz.3.1509'.
[  274.613811][   T61] usb 6-1: USB disconnect, device number 15
[  274.848638][T11144] snd_dummy snd_dummy.0: control 0:0:0:syz1:0 is already present
[  275.124879][T11158] fuse: Unknown parameter 'group_id00000000000000000000'
[  275.725730][T11176] netlink: 'syz.0.1520': attribute type 10 has an invalid length.
[  275.869355][ T5963] Bluetooth: hci3: command 0x0c1a tx timeout
[  276.300994][T11191] fuse: Unknown parameter 'group_id00000000000000000000'
[  277.527336][T11222] netlink: 'syz.2.1534': attribute type 10 has an invalid length.
[  278.044122][T11244] syz.3.1542 (11244): drop_caches: 2
[  278.898885][T11254] syz.1.1546 (11254): drop_caches: 2
[  280.329874][T11287] delete_channel: no stack
[  281.933981][T11344] syz.3.1577 (11344): drop_caches: 2
[  283.345612][T11390] syz.1.1593 (11390): drop_caches: 2
[  283.539891][T11397] syz.0.1595 (11397): drop_caches: 2
[  284.199294][T11402] FAULT_INJECTION: forcing a failure.
[  284.199294][T11402] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  284.204412][T11402] CPU: 2 UID: 0 PID: 11402 Comm: syz.1.1597 Not tainted 6.16.0-rc1-syzkaller-00101-g27605c8c0f69 #0 PREEMPT(full) 
[  284.204437][T11402] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  284.204445][T11402] Call Trace:
[  284.204449][T11402]  <TASK>
[  284.204453][T11402]  dump_stack_lvl+0x16c/0x1f0
[  284.204474][T11402]  should_fail_ex+0x512/0x640
[  284.204492][T11402]  _copy_from_user+0x2e/0xd0
[  284.204509][T11402]  snd_pcm_oss_write2+0x1c2/0x410
[  284.204523][T11402]  ? __pfx_snd_pcm_oss_write2+0x10/0x10
[  284.204534][T11402]  ? snd_pcm_kernel_ioctl+0x267/0x2e0
[  284.204549][T11402]  ? snd_pcm_oss_prepare+0x11e/0x220
[  284.204562][T11402]  snd_pcm_oss_write+0x711/0xa10
[  284.204575][T11402]  ? security_file_permission+0x71/0x210
[  284.204592][T11402]  ? __pfx_snd_pcm_oss_write+0x10/0x10
[  284.204604][T11402]  vfs_write+0x2a0/0x1150
[  284.204622][T11402]  ? __pfx_vfs_write+0x10/0x10
[  284.204634][T11402]  ? find_held_lock+0x2b/0x80
[  284.204645][T11402]  ? __fget_files+0x204/0x3c0
[  284.204661][T11402]  ? __fget_files+0x20e/0x3c0
[  284.204673][T11402]  ? handle_mm_fault+0x230/0xd10
[  284.204690][T11402]  ksys_write+0x12a/0x250
[  284.204704][T11402]  ? __pfx_ksys_write+0x10/0x10
[  284.204719][T11402]  ? rcu_is_watching+0x12/0xc0
[  284.204731][T11402]  __do_fast_syscall_32+0x7c/0x3a0
[  284.204743][T11402]  do_fast_syscall_32+0x32/0x80
[  284.204753][T11402]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  284.204766][T11402] RIP: 0023:0xf7fb5579
[  284.204775][T11402] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  284.204785][T11402] RSP: 002b:00000000f50d655c EFLAGS: 00000296 ORIG_RAX: 0000000000000004
[  284.204794][T11402] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800012c0
[  284.204801][T11402] RDX: 0000000000004000 RSI: 0000000000000000 RDI: 0000000000000000
[  284.204807][T11402] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  284.204812][T11402] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  284.204818][T11402] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  284.204831][T11402]  </TASK>
[  285.075211][T11424] FAULT_INJECTION: forcing a failure.
[  285.075211][T11424] name failslab, interval 1, probability 0, space 0, times 0
[  285.079102][T11424] CPU: 1 UID: 0 PID: 11424 Comm: syz.3.1605 Not tainted 6.16.0-rc1-syzkaller-00101-g27605c8c0f69 #0 PREEMPT(full) 
[  285.079117][T11424] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  285.079124][T11424] Call Trace:
[  285.079128][T11424]  <TASK>
[  285.079145][T11424]  dump_stack_lvl+0x16c/0x1f0
[  285.079166][T11424]  should_fail_ex+0x512/0x640
[  285.079181][T11424]  ? __kmalloc_noprof+0xbf/0x510
[  285.079198][T11424]  ? alloc_pipe_info+0x1ec/0x590
[  285.079213][T11424]  should_failslab+0xc2/0x120
[  285.079223][T11424]  __kmalloc_noprof+0xd2/0x510
[  285.079238][T11424]  ? kasan_save_track+0x14/0x30
[  285.079254][T11424]  alloc_pipe_info+0x1ec/0x590
[  285.079270][T11424]  splice_direct_to_actor+0x77d/0xa30
[  285.079285][T11424]  ? __pfx_direct_splice_actor+0x10/0x10
[  285.079299][T11424]  ? __pfx_aa_file_perm+0x10/0x10
[  285.079314][T11424]  ? __pfx_splice_direct_to_actor+0x10/0x10
[  285.079326][T11424]  ? get_pid_task+0xfc/0x250
[  285.079343][T11424]  do_splice_direct+0x174/0x240
[  285.079355][T11424]  ? __pfx_do_splice_direct+0x10/0x10
[  285.079368][T11424]  ? __pfx_direct_file_splice_eof+0x10/0x10
[  285.079383][T11424]  ? rw_verify_area+0xcf/0x680
[  285.079397][T11424]  do_sendfile+0xb06/0xe50
[  285.079412][T11424]  ? __pfx_do_sendfile+0x10/0x10
[  285.079426][T11424]  ? __fget_files+0x20e/0x3c0
[  285.079443][T11424]  __ia32_compat_sys_sendfile+0x1e5/0x220
[  285.079453][T11424]  ? ksys_write+0x1ac/0x250
[  285.079466][T11424]  ? __pfx___ia32_compat_sys_sendfile+0x10/0x10
[  285.079477][T11424]  ? rcu_is_watching+0x12/0xc0
[  285.079490][T11424]  __do_fast_syscall_32+0x7c/0x3a0
[  285.079501][T11424]  do_fast_syscall_32+0x32/0x80
[  285.079511][T11424]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  285.079524][T11424] RIP: 0023:0xf708e579
[  285.079533][T11424] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  285.079542][T11424] RSP: 002b:00000000f507e55c EFLAGS: 00000296 ORIG_RAX: 00000000000000bb
[  285.079553][T11424] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000004
[  285.079559][T11424] RDX: 0000000000000000 RSI: 0000000000000015 RDI: 0000000000000000
[  285.079565][T11424] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  285.079570][T11424] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  285.079576][T11424] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  285.079589][T11424]  </TASK>
[  285.271580][ T6033] usb 6-1: new high-speed USB device number 16 using dummy_hcd
[  285.333119][T11427] syz.3.1606 (11427): drop_caches: 2
[  285.409435][ T6033] usb 6-1: device descriptor read/64, error -71
[  285.669623][ T6033] usb 6-1: new high-speed USB device number 17 using dummy_hcd
[  285.820106][ T6033] usb 6-1: device descriptor read/64, error -71
[  285.893650][ T6477] hid-generic 0002:0004:0000.0030: unknown main item tag 0x0
[  285.896145][ T6477] hid-generic 0002:0004:0000.0030: unknown main item tag 0x0
[  285.898445][ T6477] hid-generic 0002:0004:0000.0030: unknown main item tag 0x0
[  285.903209][ T6477] hid-generic 0002:0004:0000.0030: hidraw1: <UNKNOWN> HID vffffff.ff Device [syz0] on syz0
[  285.929715][ T6033] usb usb6-port1: attempt power cycle
[  286.279305][ T6033] usb 6-1: new high-speed USB device number 18 using dummy_hcd
[  286.301230][ T6033] usb 6-1: device descriptor read/8, error -71
[  286.308834][T11451] hub 9-0:1.0: USB hub found
[  286.314102][T11451] hub 9-0:1.0: 1 port detected
[  286.539311][ T6033] usb 6-1: new high-speed USB device number 19 using dummy_hcd
[  286.569928][ T6033] usb 6-1: device descriptor read/8, error -71
[  286.679539][ T6033] usb usb6-port1: unable to enumerate USB device
[  287.047876][T11454] tipc: Started in network mode
[  287.050638][T11454] tipc: Node identity , cluster identity 4711
[  287.052785][T11454] tipc: Failed to obtain node identity
[  287.054387][T11454] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  287.076420][T11454] syzkaller0: entered promiscuous mode
[  287.078206][T11454] syzkaller0: entered allmulticast mode
[  287.086441][   T40] audit: type=1400 audit(1749795573.273:948): apparmor="DENIED" operation="change_onexec" class="file" info="label not found" error=-2 profile="unconfined" name=22 pid=11453 comm="syz.0.1615"
[  287.329257][   T53] usb 8-1: new high-speed USB device number 29 using dummy_hcd
[  287.501572][   T53] usb 8-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  287.505426][   T53] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  287.508796][   T53] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  287.512429][   T53] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  287.517242][   T53] usb 8-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  287.520364][   T53] usb 8-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  287.522878][   T53] usb 8-1: Manufacturer: syz
[  287.525548][   T53] usb 8-1: config 0 descriptor??
[  287.939807][   T53] appleir 0003:05AC:8243.0031: unknown main item tag 0x0
[  287.943269][   T53] appleir 0003:05AC:8243.0031: No inputs registered, leaving
[  287.953535][   T53] appleir 0003:05AC:8243.0031: hiddev0,hidraw1: USB HID v0.00 Device [syz] on usb-dummy_hcd.3-1/input0
[  288.362472][T11465] netlink: 'syz.2.1619': attribute type 12 has an invalid length.
[  288.364993][T11465] netlink: 132 bytes leftover after parsing attributes in process `syz.2.1619'.
[  288.421856][T11467] fuse: Bad value for 'fd'
[  288.567477][T11473] FAULT_INJECTION: forcing a failure.
[  288.567477][T11473] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  288.568867][T11473] 
[  288.568875][T11473] ======================================================
[  288.568881][T11473] WARNING: possible circular locking dependency detected
[  288.568888][T11473] 6.16.0-rc1-syzkaller-00101-g27605c8c0f69 #0 Not tainted
[  288.568898][T11473] ------------------------------------------------------
[  288.568903][T11473] syz.3.1616/11473 is trying to acquire lock:
[  288.568912][T11473] ffffffff8e2d1c40 (console_owner){-.-.}-{0:0}, at: console_lock_spinning_enable+0x9f/0xd0
[  288.568961][T11473] 
[  288.568961][T11473] but task is already holding lock:
[  288.568966][T11473] ffff88802b23bdd8 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x7e/0x130
[  288.568999][T11473] 
[  288.568999][T11473] which lock already depends on the new lock.
[  288.568999][T11473] 
[  288.569005][T11473] 
[  288.569005][T11473] the existing dependency chain (in reverse order) is:
[  288.569011][T11473] 
[  288.569011][T11473] -> #4 (&rq->__lock){-.-.}-{2:2}:
[  288.569031][T11473]        _raw_spin_lock_nested+0x31/0x40
[  288.569054][T11473]        raw_spin_rq_lock_nested+0x29/0x130
[  288.569068][T11473]        task_rq_lock+0xcf/0x490
[  288.569082][T11473]        cgroup_move_task+0x81/0x2a0
[  288.569098][T11473]        css_set_move_task+0x288/0x5f0
[  288.569124][T11473]        cgroup_post_fork+0x201/0x9e0
[  288.569162][T11473]        copy_process+0x5cfc/0x76a0
[  288.569181][T11473]        kernel_clone+0xfc/0x960
[  288.569195][T11473]        user_mode_thread+0xc7/0x110
[  288.569211][T11473]        rest_init+0x23/0x2b0
[  288.569228][T11473]        start_kernel+0x3ee/0x4d0
[  288.569245][T11473]        x86_64_start_reservations+0x18/0x30
[  288.569263][T11473]        x86_64_start_kernel+0x130/0x190
[  288.569282][T11473]        common_startup_64+0x13e/0x148
[  288.569306][T11473] 
[  288.569306][T11473] -> #3 (&p->pi_lock){-.-.}-{2:2}:
[  288.569327][T11473]        _raw_spin_lock_irqsave+0x3a/0x60
[  288.569348][T11473]        try_to_wake_up+0xb2/0x1680
[  288.569362][T11473]        __wake_up_common+0x132/0x1f0
[  288.569380][T11473]        __wake_up+0x31/0x60
[  288.569396][T11473]        tty_port_default_wakeup+0x2a/0x40
[  288.569412][T11473]        serial8250_tx_chars+0x68e/0x860
[  288.569429][T11473]        serial8250_handle_irq+0x761/0xcb0
[  288.569445][T11473]        serial8250_default_handle_irq+0x9a/0x210
[  288.569462][T11473]        serial8250_interrupt+0x103/0x210
[  288.569480][T11473]        __handle_irq_event_percpu+0x22c/0x7d0
[  288.569495][T11473]        handle_irq_event+0xab/0x1e0
[  288.569508][T11473]        handle_edge_irq+0x28e/0xab0
[  288.569531][T11473]        __common_interrupt+0xdf/0x250
[  288.569549][T11473]        common_interrupt+0xba/0xe0
[  288.569566][T11473]        asm_common_interrupt+0x26/0x40
[  288.569580][T11473]        pv_native_safe_halt+0xf/0x20
[  288.569601][T11473]        default_idle+0x13/0x20
[  288.569615][T11473]        default_idle_call+0x6d/0xb0
[  288.569630][T11473]        do_idle+0x391/0x510
[  288.569643][T11473]        cpu_startup_entry+0x4f/0x60
[  288.569657][T11473]        start_secondary+0x21d/0x2b0
[  288.569674][T11473]        common_startup_64+0x13e/0x148
[  288.569697][T11473] 
[  288.569697][T11473] -> #2 (&tty->write_wait){-...}-{3:3}:
[  288.569717][T11473]        _raw_spin_lock_irqsave+0x3a/0x60
[  288.569737][T11473]        __wake_up+0x1c/0x60
[  288.569752][T11473]        tty_port_default_wakeup+0x2a/0x40
[  288.569766][T11473]        serial8250_tx_chars+0x68e/0x860
[  288.569782][T11473]        __start_tx+0x3e9/0x4a0
[  288.569795][T11473]        serial8250_start_tx+0x368/0x530
[  288.569811][T11473]        __uart_start+0x292/0x4c0
[  288.569829][T11473]        uart_write+0x218/0xb30
[  288.569841][T11473]        n_tty_write+0x40f/0x1160
[  288.569857][T11473]        file_tty_write.constprop.0+0x504/0x9b0
[  288.569880][T11473]        redirected_tty_write+0xd4/0x150
[  288.569902][T11473]        vfs_write+0x6c4/0x1150
[  288.569922][T11473]        ksys_write+0x12a/0x250
[  288.569941][T11473]        do_syscall_64+0xcd/0x490
[  288.569954][T11473]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  288.569969][T11473] 
[  288.569969][T11473] -> #1 (&port_lock_key){-.-.}-{3:3}:
[  288.569989][T11473]        _raw_spin_lock_irqsave+0x3a/0x60
[  288.570009][T11473]        serial8250_console_write+0x181/0x1890
[  288.570027][T11473]        console_flush_all+0x801/0xc60
[  288.570040][T11473]        console_unlock+0xd8/0x210
[  288.570053][T11473]        vprintk_emit+0x418/0x6d0
[  288.570067][T11473]        _printk+0xc7/0x100
[  288.570085][T11473]        register_console+0xc2d/0x11b0
[  288.570100][T11473]        univ8250_console_init+0x5f/0x90
[  288.570124][T11473]        console_init+0x14f/0x680
[  288.570142][T11473]        start_kernel+0x29f/0x4d0
[  288.570160][T11473]        x86_64_start_reservations+0x18/0x30
[  288.570178][T11473]        x86_64_start_kernel+0x130/0x190
[  288.570197][T11473]        common_startup_64+0x13e/0x148
[  288.570220][T11473] 
[  288.570220][T11473] -> #0 (console_owner){-.-.}-{0:0}:
[  288.570240][T11473]        __lock_acquire+0x126f/0x1c90
[  288.570259][T11473]        lock_acquire+0x179/0x350
[  288.570277][T11473]        console_lock_spinning_enable+0xb0/0xd0
[  288.570301][T11473]        console_flush_all+0x7aa/0xc60
[  288.570314][T11473]        console_unlock+0xd8/0x210
[  288.570326][T11473]        vprintk_emit+0x418/0x6d0
[  288.570340][T11473]        _printk+0xc7/0x100
[  288.570357][T11473]        should_fail_ex+0x4e7/0x640
[  288.570379][T11473]        strncpy_from_user+0x3b/0x2e0
[  288.570399][T11473]        strncpy_from_user_nofault+0x7f/0x180
[  288.570423][T11473]        bpf_probe_read_user_str+0x26/0x70
[  288.570440][T11473]        bpf_prog_7acee76fef7300d9+0x64/0x6c
[  288.570452][T11473]        bpf_trace_run2+0x230/0x590
[  288.570471][T11473]        __bpf_trace_tlb_flush+0xd1/0x110
[  288.570488][T11473]        trace_tlb_flush+0xe4/0x160
[  288.570503][T11473]        switch_mm_irqs_off+0x2b1/0x7f0
[  288.570519][T11473]        __schedule+0xf4a/0x5de0
[  288.570539][T11473]        preempt_schedule_irq+0x51/0x90
[  288.570560][T11473]        irqentry_exit+0x36/0x90
[  288.570603][T11473]        asm_sysvec_reschedule_ipi+0x1a/0x20
[  288.570620][T11473]        tomoyo_realpath_from_path+0x13c/0x6e0
[  288.570641][T11473]        tomoyo_path_number_perm+0x245/0x580
[  288.570658][T11473]        security_file_ioctl_compat+0x9b/0x240
[  288.570676][T11473]        __ia32_compat_sys_ioctl+0xc3/0x370
[  288.570694][T11473]        __do_fast_syscall_32+0x7c/0x3a0
[  288.570708][T11473]        do_fast_syscall_32+0x32/0x80
[  288.570721][T11473]        entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  288.570740][T11473] 
[  288.570740][T11473] other info that might help us debug this:
[  288.570740][T11473] 
[  288.570745][T11473] Chain exists of:
[  288.570745][T11473]   console_owner --> &p->pi_lock --> &rq->__lock
[  288.570745][T11473] 
[  288.570767][T11473]  Possible unsafe locking scenario:
[  288.570767][T11473] 
[  288.570772][T11473]        CPU0                    CPU1
[  288.570776][T11473]        ----                    ----
[  288.570780][T11473]   lock(&rq->__lock);
[  288.570789][T11473]                                lock(&p->pi_lock);
[  288.570800][T11473]                                lock(&rq->__lock);
[  288.570810][T11473]   lock(console_owner);
[  288.570820][T11473] 
[  288.570820][T11473]  *** DEADLOCK ***
[  288.570820][T11473] 
[  288.570824][T11473] 5 locks held by syz.3.1616/11473:
[  288.570833][T11473]  #0: ffffffff8ee42bb0 (tomoyo_ss){.+.+}-{0:0}, at: tomoyo_path_number_perm+0x237/0x580
[  288.570870][T11473]  #1: ffff88802b23bdd8 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x7e/0x130
[  288.570905][T11473]  #2: ffffffff8e3c46c0 (rcu_read_lock){....}-{1:3}, at: bpf_trace_run2+0x1b6/0x590
[  288.570945][T11473]  #3: ffffffff8e3b2080 (console_lock){+.+.}-{0:0}, at: _printk+0xc7/0x100
[  288.570983][T11473]  #4: ffffffff8e3b20f0 (console_srcu){....}-{0:0}, at: console_flush_all+0x158/0xc60
[  288.571016][T11473] 
[  288.571016][T11473] stack backtrace:
[  288.571024][T11473] CPU: 1 UID: 0 PID: 11473 Comm: syz.3.1616 Not tainted 6.16.0-rc1-syzkaller-00101-g27605c8c0f69 #0 PREEMPT(full) 
[  288.571045][T11473] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  288.571055][T11473] Call Trace:
[  288.571061][T11473]  <TASK>
[  288.571067][T11473]  dump_stack_lvl+0x116/0x1f0
[  288.571093][T11473]  print_circular_bug+0x275/0x350
[  288.571118][T11473]  check_noncircular+0x14c/0x170
[  288.571140][T11473]  __lock_acquire+0x126f/0x1c90
[  288.571164][T11473]  lock_acquire+0x179/0x350
[  288.571183][T11473]  ? console_lock_spinning_enable+0x9f/0xd0
[  288.571209][T11473]  ? console_lock_spinning_enable+0x88/0xd0
[  288.571235][T11473]  console_lock_spinning_enable+0xb0/0xd0
[  288.571259][T11473]  ? console_lock_spinning_enable+0x9f/0xd0
[  288.571283][T11473]  console_flush_all+0x7aa/0xc60
[  288.571299][T11473]  ? __pfx_console_flush_all+0x10/0x10
[  288.571317][T11473]  ? is_printk_cpu_sync_owner+0x32/0x40
[  288.571335][T11473]  console_unlock+0xd8/0x210
[  288.571349][T11473]  ? __pfx_console_unlock+0x10/0x10
[  288.571363][T11473]  ? do_raw_spin_unlock+0xc0/0x230
[  288.571387][T11473]  ? _printk+0xc7/0x100
[  288.571406][T11473]  ? __down_trylock_console_sem+0xb0/0x140
[  288.571429][T11473]  vprintk_emit+0x418/0x6d0
[  288.571445][T11473]  ? __pfx_vprintk_emit+0x10/0x10
[  288.571460][T11473]  ? __lock_acquire+0xb8a/0x1c90
[  288.571482][T11473]  _printk+0xc7/0x100
[  288.571501][T11473]  ? __pfx__printk+0x10/0x10
[  288.571523][T11473]  ? __pfx____ratelimit+0x10/0x10
[  288.571547][T11473]  should_fail_ex+0x4e7/0x640
[  288.571570][T11473]  strncpy_from_user+0x3b/0x2e0
[  288.571592][T11473]  strncpy_from_user_nofault+0x7f/0x180
[  288.571618][T11473]  bpf_probe_read_user_str+0x26/0x70
[  288.571636][T11473]  bpf_prog_7acee76fef7300d9+0x64/0x6c
[  288.571650][T11473]  bpf_trace_run2+0x230/0x590
[  288.571671][T11473]  ? __pfx_bpf_trace_run2+0x10/0x10
[  288.571691][T11473]  ? kvm_sched_clock_read+0x11/0x20
[  288.571714][T11473]  ? sched_clock_cpu+0x6c/0x530
[  288.571733][T11473]  ? lock_acquire+0x179/0x350
[  288.571754][T11473]  __bpf_trace_tlb_flush+0xd1/0x110
[  288.571771][T11473]  ? __pfx___bpf_trace_tlb_flush+0x10/0x10
[  288.571793][T11473]  trace_tlb_flush+0xe4/0x160
[  288.571810][T11473]  switch_mm_irqs_off+0x2b1/0x7f0
[  288.571829][T11473]  __schedule+0xf4a/0x5de0
[  288.571850][T11473]  ? security_file_ioctl_compat+0x9b/0x240
[  288.571868][T11473]  ? __ia32_compat_sys_ioctl+0xc3/0x370
[  288.571885][T11473]  ? __do_fast_syscall_32+0x7c/0x3a0
[  288.571900][T11473]  ? do_fast_syscall_32+0x32/0x80
[  288.571919][T11473]  ? __pfx___schedule+0x10/0x10
[  288.571944][T11473]  ? mark_held_locks+0x49/0x80
[  288.571964][T11473]  preempt_schedule_irq+0x51/0x90
[  288.571987][T11473]  irqentry_exit+0x36/0x90
[  288.572010][T11473]  asm_sysvec_reschedule_ipi+0x1a/0x20
[  288.572026][T11473] RIP: 0010:tomoyo_realpath_from_path+0x13c/0x6e0
[  288.572049][T11473] Code: 00 00 00 48 85 ed 0f 84 a5 00 00 00 e8 7d 64 2b fd 48 8d 7d 48 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 <0f> 85 ff 04 00 00 48 8b 6d 48 48 85 ed 74 78 e8 50 64 2b fd 44 89
[  288.572065][T11473] RSP: 0018:ffffc9002463fbb8 EFLAGS: 00000246
[  288.572078][T11473] RAX: dffffc0000000000 RBX: ffff88800df4c000 RCX: 0000000000002000
[  288.572088][T11473] RDX: 1ffffffff173fc21 RSI: ffffffff84901493 RDI: ffffffff8b9fe108
[  288.572099][T11473] RBP: ffffffff8b9fe0c0 R08: 0000000000000c40 R09: 00000000ffffffff
[  288.572109][T11473] R10: 0000000000000001 R11: 0000000000000001 R12: 0000000000001000
[  288.572123][T11473] R13: 0000000000000fff R14: ffff88802626c758 R15: dffffc0000000000
[  288.572137][T11473]  ? tomoyo_realpath_from_path+0x123/0x6e0
[  288.572160][T11473]  ? tomoyo_realpath_from_path+0x123/0x6e0
[  288.572183][T11473]  ? tomoyo_profile+0x47/0x60
[  288.572207][T11473]  tomoyo_path_number_perm+0x245/0x580
[  288.572225][T11473]  ? tomoyo_path_number_perm+0x237/0x580
[  288.572244][T11473]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  288.572263][T11473]  ? finish_task_switch.isra.0+0x221/0xc10
[  288.572288][T11473]  ? find_held_lock+0x2b/0x80
[  288.572302][T11473]  ? hook_file_ioctl_common+0x145/0x410
[  288.572321][T11473]  ? __fget_files+0x20e/0x3c0
[  288.572341][T11473]  ? fput+0x60/0xf0
[  288.572356][T11473]  security_file_ioctl_compat+0x9b/0x240
[  288.572376][T11473]  __ia32_compat_sys_ioctl+0xc3/0x370
[  288.572396][T11473]  __do_fast_syscall_32+0x7c/0x3a0
[  288.572412][T11473]  do_fast_syscall_32+0x32/0x80
[  288.572427][T11473]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  288.572446][T11473] RIP: 0023:0xf708e579
[  288.572457][T11473] Code: Unable to access opcode bytes at 0xf708e54f.
[  288.572465][T11473] RSP: 002b:00000000f505d55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  288.572479][T11473] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000081044804
[  288.572489][T11473] RDX: 0000000080000400 RSI: 0000000000000000 RDI: 0000000000000000
[  288.572499][T11473] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  288.572509][T11473] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  288.572519][T11473] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  288.572533][T11473]  </TASK>
[  289.017788][T11473] CPU: 1 UID: 0 PID: 11473 Comm: syz.3.1616 Not tainted 6.16.0-rc1-syzkaller-00101-g27605c8c0f69 #0 PREEMPT(full) 
[  289.017803][T11473] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  289.017809][T11473] Call Trace:
[  289.017814][T11473]  <TASK>
[  289.017819][T11473]  dump_stack_lvl+0x116/0x1f0
[  289.017840][T11473]  should_fail_ex+0x512/0x640
[  289.017856][T11473]  strncpy_from_user+0x3b/0x2e0
[  289.017870][T11473]  strncpy_from_user_nofault+0x7f/0x180
[  289.017887][T11473]  bpf_probe_read_user_str+0x26/0x70
[  289.017900][T11473]  bpf_prog_7acee76fef7300d9+0x64/0x6c
[  289.017908][T11473]  bpf_trace_run2+0x230/0x590
[  289.017922][T11473]  ? __pfx_bpf_trace_run2+0x10/0x10
[  289.017935][T11473]  ? kvm_sched_clock_read+0x11/0x20
[  289.017949][T11473]  ? sched_clock_cpu+0x6c/0x530
[  289.017961][T11473]  ? lock_acquire+0x179/0x350
[  289.017975][T11473]  __bpf_trace_tlb_flush+0xd1/0x110
[  289.017986][T11473]  ? __pfx___bpf_trace_tlb_flush+0x10/0x10
[  289.018000][T11473]  trace_tlb_flush+0xe4/0x160
[  289.018012][T11473]  switch_mm_irqs_off+0x2b1/0x7f0
[  289.018024][T11473]  __schedule+0xf4a/0x5de0
[  289.018037][T11473]  ? security_file_ioctl_compat+0x9b/0x240
[  289.018049][T11473]  ? __ia32_compat_sys_ioctl+0xc3/0x370
[  289.018061][T11473]  ? __do_fast_syscall_32+0x7c/0x3a0
[  289.018070][T11473]  ? do_fast_syscall_32+0x32/0x80
[  289.018082][T11473]  ? __pfx___schedule+0x10/0x10
[  289.018097][T11473]  ? mark_held_locks+0x49/0x80
[  289.018109][T11473]  preempt_schedule_irq+0x51/0x90
[  289.018124][T11473]  irqentry_exit+0x36/0x90
[  289.018139][T11473]  asm_sysvec_reschedule_ipi+0x1a/0x20
[  289.018150][T11473] RIP: 0010:tomoyo_realpath_from_path+0x13c/0x6e0
[  289.018165][T11473] Code: 00 00 00 48 85 ed 0f 84 a5 00 00 00 e8 7d 64 2b fd 48 8d 7d 48 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 <0f> 85 ff 04 00 00 48 8b 6d 48 48 85 ed 74 78 e8 50 64 2b fd 44 89
[  289.018175][T11473] RSP: 0018:ffffc9002463fbb8 EFLAGS: 00000246
[  289.018184][T11473] RAX: dffffc0000000000 RBX: ffff88800df4c000 RCX: 0000000000002000
[  289.018190][T11473] RDX: 1ffffffff173fc21 RSI: ffffffff84901493 RDI: ffffffff8b9fe108
[  289.018196][T11473] RBP: ffffffff8b9fe0c0 R08: 0000000000000c40 R09: 00000000ffffffff
[  289.018202][T11473] R10: 0000000000000001 R11: 0000000000000001 R12: 0000000000001000
[  289.018208][T11473] R13: 0000000000000fff R14: ffff88802626c758 R15: dffffc0000000000
[  289.018216][T11473]  ? tomoyo_realpath_from_path+0x123/0x6e0
[  289.018232][T11473]  ? tomoyo_realpath_from_path+0x123/0x6e0
[  289.018246][T11473]  ? tomoyo_profile+0x47/0x60
[  289.018260][T11473]  tomoyo_path_number_perm+0x245/0x580
[  289.018272][T11473]  ? tomoyo_path_number_perm+0x237/0x580
[  289.018283][T11473]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  289.018295][T11473]  ? finish_task_switch.isra.0+0x221/0xc10
[  289.018311][T11473]  ? find_held_lock+0x2b/0x80
[  289.018320][T11473]  ? hook_file_ioctl_common+0x145/0x410
[  289.018332][T11473]  ? __fget_files+0x20e/0x3c0
[  289.018344][T11473]  ? fput+0x60/0xf0
[  289.018354][T11473]  security_file_ioctl_compat+0x9b/0x240
[  289.018366][T11473]  __ia32_compat_sys_ioctl+0xc3/0x370
[  289.018378][T11473]  __do_fast_syscall_32+0x7c/0x3a0
[  289.018389][T11473]  do_fast_syscall_32+0x32/0x80
[  289.018398][T11473]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  289.018410][T11473] RIP: 0023:0xf708e579
[  289.018417][T11473] Code: Unable to access opcode bytes at 0xf708e54f.
[  289.018421][T11473] RSP: 002b:00000000f505d55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  289.018430][T11473] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000081044804
[  289.018436][T11473] RDX: 0000000080000400 RSI: 0000000000000000 RDI: 0000000000000000
[  289.018442][T11473] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  289.018447][T11473] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  289.018453][T11473] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  289.018461][T11473]  </TASK>
[  289.018600][    C0] vkms_vblank_simulate: vblank timer overrun
[  289.141786][    C0] vkms_vblank_simulate: vblank timer overrun
[  289.151012][T11472] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1619'.
[  289.295579][   T61] usb 8-1: USB disconnect, device number 29

VM DIAGNOSIS:
06:19:34  Registers:
info registers vcpu 0

CPU#0
RAX=0000000080010003 RBX=0000000000000003 RCX=ffffffff8169d366 RDX=ffffffff8e097780
RSI=ffffffff816a03bc RDI=0000000000000000 RBP=ffff88802b23bdc0 RSP=ffffc90000007b18
R8 =0000000000000000 R9 =0000000000000003 R10=0000000000000003 R11=ffffc90000007ff8
R12=0000000000000003 R13=0000000000000003 R14=ffff88802b23cd40 R15=ffffed10056477b8
RIP=ffffffff816a03bd RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff888097761000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000000080318000 CR3=00000000500aa000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000022c00000000 0000000600000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000000000069 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff8557d555 RDI=ffffffff9ae6da80 RBP=ffffffff9ae6da40 RSP=ffffc9002463f1b0
R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=722d302e36312e36
R12=0000000000000000 R13=0000000000000069 R14=ffffffff9ae6da40 R15=ffffffff8557d4f0
RIP=ffffffff8557d57f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff888097861000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000000000000000 CR3=00000000259bb000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 2323232323232323 2323232323232323
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff ffffffffffffffff
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 2

CPU#2
RAX=dffffc0000000000 RBX=0000000000000000 RCX=ffffc9000d162000 RDX=1ffff920006d0f20
RSI=ffffffff8951d6c0 RDI=0000000000000000 RBP=1ffff920006d0ed8 RSP=ffffc900036876b8
R8 =0000000000000001 R9 =0000000000000000 R10=0000000000000000 R11=0000000000000001
R12=ffffc90003687900 R13=ffffc90003687d58 R14=0000000000000000 R15=ffff88802632c218
RIP=ffffffff81bb7910 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff888097961000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000008f000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000000000000000 CR3=00000000259bb000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000005000000000 0000000100000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 3

CPU#3
RAX=0000000000000016 RBX=ffff88802b53be80 RCX=000000000000b6ac RDX=dffffc0000000000
RSI=1ffff110056a77e5 RDI=ffff88802b53bf28 RBP=ffff88802322a4c0 RSP=ffffc900005e8a18
R8 =0000000000b27ef0 R9 =0000000000000000 R10=1ffff110056a77e1 R11=0000000000005c88
R12=000000400647d330 R13=0000000000000000 R14=00000000000c216c R15=ffff88802322a580
RIP=ffffffff818ca66d RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff888097a61000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000d6000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000000000000000 CR3=0000000066145000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000