last executing test programs:

8.347847894s ago: executing program 0 (id=2709):
socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NL802154_CMD_SET_ACKREQ_DEFAULT(0xffffffffffffffff, 0x0, 0x0)
syz_genetlink_get_family_id$nl802154(0x0, 0xffffffffffffffff)
syz_genetlink_get_family_id$nl802154(0x0, 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, 0x0)
pipe(&(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
write(r1, &(0x7f0000000340), 0x11000)
io_submit(0x0, 0x0, &(0x7f0000000140))
io_submit(0x0, 0x0, 0x0)
vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x19, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$l2tp(0x2, 0x2, 0x73)
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$L2TP_CMD_TUNNEL_DELETE(0xffffffffffffffff, 0x0, 0x0)
close(0xffffffffffffffff)
mount(&(0x7f0000000000)=@nullb, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0, 0x0)
syz_open_procfs$namespace(0x0, &(0x7f0000000540)='ns/pid\x00')

8.17670735s ago: executing program 0 (id=2711):
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000000300)=""/102400, 0x19000)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket(0x23, 0x5, 0x5)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000100), 0x141a42, 0x0)
mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file2\x00', 0x81c0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000040)='./file2\x00', 0x0, 0x0, 0x0)
r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/block/loop0', 0x0, 0x0)
symlinkat(&(0x7f0000000000)='./file2/file0\x00', r2, &(0x7f0000000180)='./file2\x00')
lsm_set_self_attr(0x0, &(0x7f0000019300)=ANY=[@ANYRESDEC=r0, @ANYRESOCT=r2], 0x20, 0x0)
ioctl$FAT_IOCTL_SET_ATTRIBUTES(0xffffffffffffffff, 0x40047211, &(0x7f0000000180)=0x2)
r3 = syz_open_dev$tty1(0xc, 0x4, 0x1)
prctl$PR_SET_MM(0x23, 0x0, &(0x7f0000ffb000/0x2000)=nil)
r4 = syz_open_dev$radio(&(0x7f00000003c0), 0x2, 0x2)
ioctl$VIDIOC_LOG_STATUS(r4, 0x5646, 0x0)
writev(r3, &(0x7f0000000300)=[{&(0x7f0000000180)}, {&(0x7f0000019400)="5456feaf485084ce31fa7167bb4032ab0e87291cc261527b844f6c0af733f64ada4d914290115f42e374f699bcfbb365e10996ef8c131ddee7d1d05f78a5cecf0db91b2bb234963a2975f7737540552f6719399b686aec83370e60805cc64308f496fb007be15dc195a334dfd91c76d0be773e2041b2a51dc2fef37fa0d27db229d0db5f87154729a8332fc006122e04a0756043e2dee47c4c73dcd3bc991826ecc451ea4c5f449102", 0xa9}, {&(0x7f0000000200)}], 0x3)

5.900747433s ago: executing program 0 (id=2716):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000e40)=ANY=[@ANYBLOB="a30939110081d71c99169ec6c5b7d8726b018265e83e709662c8a7fd695a93cbdd82", @ANYBLOB="7fc6a8a97dec163cdcadb1e9483cfd7ec18d47422108692a4567771582d5f3b839f18d5f74b286d8580875dde425315103e40833eb7b0218cb49f6b2769c5355d7cd7fa4f68d9383f752e6ac4dad85b6f776b20cae9f2b67725eb75eca4edb20fb42d026a5681c60cdd9a1555139b29b26522ee5e0c8cde4e53f97df0fc598410978133c8f3dc329ee4e8bf5f90aa845c5255bda80821f628b3d8cf76693e384f0ddcd93aa453af19ea758ffbcd346cc1745210200f4e2df0595e9934338337a6ee06123b0134a47d85713c004f20b", @ANYBLOB="c8e81cc3b151a622d3fe852fea740f7c2130b367696ffd19f8d47e78ba470b5e6c3417adc209d79b8f27c39f360f99bd0f55e3833ba62e96a661a44a001c98d4a31f4108c7e7e31ca0382a33b3458117494b416af82f28604a61088c4e561690d1b7f65c3d581ebcd5da27d602ba06f3b40eb1a07635b400132977db30f120171124dbce44e037f610665e4b8e6e3f77fedeb7880bddcf36bcdaa18c6f59b9a72848e1a37dde88d072599396847cac43de8b939fc3cce174ac5b1293abf7879bfb9e2a505c3c60dd0ad242337dd885ed409c72e01a4c6941", @ANYBLOB="af51cc7667ee3c65167969e87bd9078d3089c92884db92796f0dccdab7e1af146bdfecf3a7fb245c8726b594b12f9342afc4222218ab7374bd53a97c5f52a0130bbcde02", @ANYBLOB="eb8e7a9521650ba78e0c1e73b2e1d81bd123792cb63ce6244ffa6cf849820e0bc603530af62f65f3bec9cd74dd704a88b2e331bb40fa291866ec478962770cd62f711da06f6aea69eb994d287892b8a106b0b91a793fa65c8be52feaec7b0633ccefcb1ddc56448d792fda2c3b1c9be40ac1826250953670619b7c0cd8b38282b2303f38dc0e0dd8c7c5faf3d99eab42915cdf849938fccafc382774d44402d9ea2259148d2dbdf658ee0c99c558fd226d22b49726f405062f33c2b57c860b54d2", @ANYRESOCT=0x0, @ANYRESHEX=0x0, @ANYRESHEX, @ANYRES8=0x0], &(0x7f0000000680)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x5, 0xd, &(0x7f0000000400)=ANY=[@ANYRESOCT=r0], &(0x7f0000000340)='syzkaller\x00', 0x20000000, 0xfffffffffffffcfb, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r1}, 0x10)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
dup(0xffffffffffffffff)
openat$dlm_control(0xffffff9c, &(0x7f0000000080), 0x60101, 0x0)
gettid()
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = openat$vcsa(0xffffff9c, &(0x7f0000000200), 0x2c045, 0x0)
ioctl$USBDEVFS_RESET(r3, 0x5514)
sendmsg$nl_generic(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYRES16], 0x18}, 0x1, 0x3000000}, 0x0)
syz_emit_vhci(&(0x7f0000000380)=ANY=[@ANYBLOB="02c9003a00360001000602dd0c0000000000000400ff7f0700100d0400c0000710010d0200040011800200b5000110020001000dae08000800428e05000400"], 0x3f)
openat$tun(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r4, 0x6, 0xa, &(0x7f0000000040)=0x2, 0x4)
setsockopt$inet6_tcp_int(r4, 0x6, 0x19, &(0x7f0000000080)=0x3, 0x4)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r5)
socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$SIOCSIFHWADDR(r5, 0x8943, &(0x7f0000002280)={'syzkaller0\x00'})
preadv(0xffffffffffffffff, &(0x7f0000000640)=[{&(0x7f0000000440)=""/264, 0x108}, {&(0x7f00000005c0)=""/114, 0x72}], 0x2, 0x0, 0x0)
socket$rxrpc(0x21, 0x2, 0x2)
setsockopt$RXRPC_SECURITY_KEY(0xffffffffffffffff, 0x110, 0x1, &(0x7f00000006c0)='!@\x00', 0x3)
connect$can_bcm(0xffffffffffffffff, &(0x7f0000000580), 0x10)
r6 = syz_open_dev$I2C(&(0x7f0000000000), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x0, 0x0)
r7 = getpid()
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x0, 0xc, 0x0, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
process_vm_readv(r7, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x36}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000000280)=""/93, 0x5d}], 0x1, 0x0)
ioctl$I2C_SMBUS(r6, 0x720, &(0x7f00000000c0)={0x0, 0x0, 0x5, &(0x7f0000000080)={0x1, "df1e970974a7c9e7472342370d2762faff00"}})

5.760237115s ago: executing program 0 (id=2717):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0xfff, 0x7}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='sched_switch\x00', r1}, 0x10)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x4, 0xc, &(0x7f0000000940)=ANY=[@ANYBLOB="180200000300000000000000000000008500000029000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r2, 0x0, 0xe, 0x0, &(0x7f0000000900)="e02742e8680d85ff9782762f86dd", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r3 = getpid()
process_vm_readv(r3, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x24, &(0x7f0000000180)='/proc/sys/net/ipv4/vs/sync_qlen_max\x00'}, 0x30)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
write$binfmt_script(r4, &(0x7f0000000100), 0xfecc)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r4, 0x0)
mkdirat$cgroup(0xffffffffffffffff, &(0x7f0000000080)='syz0\x00', 0x1ff)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r5}, 0x10)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="1c0000002200830600000000000000000a000000000000000000000049d3cd60ec605aea07"], 0x1c}}, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15)
bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0x0, 0x4, 0x4, 0x7f, 0x0, 0x1}, 0x48)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x0, 0x0})
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r7}, 0x10)
r8 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r8)
r9 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0xc, &(0x7f00000004c0)=ANY=[@ANYBLOB="1802000000000000000000000000000085000000200000001801000020207025000033d8002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703393fa1064e36189600692e652466267b4b05676d1684835574a8b5839b3a6422969c6598def0a13a47d33ae92a27187d76fbf46ee0d5afa5c53931895832144029fc02c87f10d2795f1925e1c94dede17a4606c7a5f9400d0b5a02aeac92bc4b9a502f802e9d5983cc208e516b3d2107ccb307cb03c6d3d12aa9253db3504bea61ec6b509c47c1a98f9700bca393e76a0aee5135466717ff72983f9bc51873aad3e0f4834b3459c5c406352ebfd080c7219dd7c37e62d4e132fd4b38da1fdbf7a5c7b8d36d21c813f356811b1d345a2eac9d8664d7b340c4da"], &(0x7f0000000080)='GPL\x00'}, 0x65)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r9, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0xa5bc, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r10 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x2, 0x0, &(0x7f0000000140)={0x0, 0x0})
ioctl$BTRFS_IOC_QGROUP_LIMIT(r7, 0x8030942b, &(0x7f0000000280)={0x8000000000000000, {0x20, 0x7, 0x8000000000000000, 0x1, 0x100}})
write(r10, &(0x7f0000000000)="fa", 0xfffffdef)

5.083907292s ago: executing program 3 (id=2719):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x90)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x0, 0x8d}, 0x0)
r2 = getpid()
sched_setscheduler(r2, 0x1, &(0x7f00000045c0)=0x8)
fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000000)='source', &(0x7f0000000040)='c:::\x00', 0x0)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0)
r3 = gettid()
fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0)
fsconfig$FSCONFIG_SET_BINARY(r1, 0x2, &(0x7f0000000240)='\x8b\xcdsource', &(0x7f00000000c0)='n', 0x1)
fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0)
tkill(r3, 0xb)
r4 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000006c0), 0xffffffffffffffff)
sendmsg$IEEE802154_ADD_IFACE(r0, &(0x7f0000000c80)={0x0, 0x0, &(0x7f0000000c40)={&(0x7f0000000000)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010000000000000000006100000009001f0070687930000000000c000500000000000000000045aaffa1c485215e40287be11efa25e91619d703ea362687b6"], 0x2c}}, 0x0)
syz_open_dev$dri(&(0x7f0000000080), 0x0, 0x0)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000540)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$fou(&(0x7f00000004c0), 0xffffffffffffffff)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00'}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r5}, 0x10)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
r7 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r7, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000002c0)={<r8=>0xffffffffffffffff}, 0x13f}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r7, &(0x7f0000000100)={0x3, 0x40, 0xfa00, {{0x2, 0x4e21, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, {0xa, 0x0, 0x0, @mcast2}, r8}}, 0x48)
r9 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r9, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000002c0)={<r10=>0xffffffffffffffff}, 0x13f}}, 0x20)
write$RDMA_USER_CM_CMD_SET_OPTION(r9, &(0x7f0000000380)={0xe, 0x18, 0xfa00, @id_afonly={&(0x7f0000000000)=0x1, r10, 0x0, 0x2, 0x4}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r9, &(0x7f0000000100)={0x3, 0x40, 0xfa00, {{0xa, 0x4e21, 0x0, @loopback}, {0xa, 0x0, 0x0, @remote}, r10}}, 0x48)
close_range(r6, 0xffffffffffffffff, 0x0)

5.020779989s ago: executing program 0 (id=2721):
pipe2(&(0x7f0000000040), 0x0)
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x0, 0x8000, 0x6}, 0x1c)
syz_io_uring_setup(0x20f6, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000180), &(0x7f0000000140))
r1 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
ioctl$NBD_SET_SOCK(r1, 0xab00, r2)
r3 = syz_open_dev$ndb(&(0x7f00000000c0), 0x0, 0x0)
ioctl$NBD_DO_IT(r1, 0xab03)
ioctl$NBD_CLEAR_SOCK(r3, 0xab04)
io_submit(0x0, 0x1, &(0x7f00000002c0)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x7, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x2}])
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_open_procfs(0x0, &(0x7f0000000100)='auxv\x00')

4.761345271s ago: executing program 0 (id=2724):
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000000300)=""/102400, 0x19000)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket(0x23, 0x5, 0x5)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000100), 0x141a42, 0x0)
mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file2\x00', 0x81c0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000040)='./file2\x00', 0x0, 0x0, 0x0)
r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/block/loop0', 0x0, 0x0)
symlinkat(&(0x7f0000000000)='./file2/file0\x00', r2, &(0x7f0000000180)='./file2\x00')
lsm_set_self_attr(0x0, &(0x7f0000019300)=ANY=[@ANYRESDEC=r0, @ANYRESOCT=r2], 0x20, 0x0)
ioctl$FAT_IOCTL_SET_ATTRIBUTES(0xffffffffffffffff, 0x40047211, &(0x7f0000000180)=0x2)
r3 = syz_open_dev$tty1(0xc, 0x4, 0x1)
prctl$PR_SET_MM(0x23, 0x0, &(0x7f0000ffb000/0x2000)=nil)
r4 = syz_open_dev$radio(&(0x7f00000003c0), 0x2, 0x2)
ioctl$VIDIOC_LOG_STATUS(r4, 0x5646, 0x0)
writev(r3, &(0x7f0000000300)=[{&(0x7f0000000180)}, {&(0x7f0000019400)="5456feaf485084ce31fa7167bb4032ab0e87291cc261527b844f6c0af733f64ada4d914290115f42e374f699bcfbb365e10996ef8c131ddee7d1d05f78a5cecf0db91b2bb234963a2975f7737540552f6719399b686aec83370e60805cc64308f496fb007be15dc195a334dfd91c76d0be773e2041b2a51dc2fef37fa0d27db229d0db5f87154729a8332fc006122e04a0756043e2dee47c4c73dcd3bc991826ecc451ea4c5f449102", 0xa9}, {&(0x7f0000000200)="2e85d88a3798dda0d406865d77e485cd159af87eb38e93ca663691b776e060dbb7bcddb5407973f97026eaa03afae4fa5fbc11f143355e2d8d175f5927", 0x3d}], 0x3)

4.760796876s ago: executing program 3 (id=2725):
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$TIOCL_PASTESEL(r0, 0x541c, &(0x7f0000000000))
r1 = socket$netlink(0x10, 0x3, 0x0)
landlock_restrict_self(0xffffffffffffffff, 0x0)
unshare(0x22020600)
mkdir(&(0x7f0000000440)='./file1\x00', 0x0)
mount(0x0, &(0x7f0000000280)='./file1\x00', &(0x7f0000000240)='tmpfs\x00', 0x0, &(0x7f0000000300)='usrquota')
chdir(&(0x7f0000000080)='./file1\x00')
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="540000001f0001000001000000000000000000000000000000000000000000000000000002000000ac1414aa00000000000000000000000000000000000000000c001500000000000000000208001e0000000000"], 0x54}}, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='freezer.parent_freezing\x00', 0x275a, 0x0)
getsockopt$inet_IP_IPSEC_POLICY(r3, 0x0, 0x10, &(0x7f0000000480)={{{@in6=@private0, @in6=@private0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r4=>0x0}}, {{@in6=@local}, 0x0, @in6=@ipv4={""/10, ""/2, @broadcast}}}, &(0x7f00000001c0)=0xe4)
quotactl_fd$Q_SETQUOTA(r3, 0xffffffff80000800, r4, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0xe, 0x7fffffff})
r5 = syz_open_procfs$namespace(0x0, &(0x7f0000000140)='ns/mnt\x00')
setns(r5, 0x0)
close_range(r1, 0xffffffffffffffff, 0x0)
socket$inet(0x2, 0x4000000805, 0x0)
sendmmsg(0xffffffffffffffff, &(0x7f0000000b00)=[{{&(0x7f0000000000)=@l2tp={0x2, 0x0, @private=0xa010102}, 0x80, &(0x7f0000000180)=[{&(0x7f0000000640)="84", 0x1}], 0x1}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f000001ba80)=[{0xc, 0x84, 0x4}], 0xc}}], 0x2, 0x880)

4.667973432s ago: executing program 3 (id=2726):
socket$inet6_sctp(0xa, 0x1, 0x84)
syz_emit_vhci(&(0x7f0000000100)=@HCI_SCODATA_PKT={0x3, {0xc9, 0x6d}, "24a477e0f3f08e2bc19ed98cbadb1afcbf6cbae2ce023ce737ed2ab66844f3ac03d81e7c304cb91634d09eddb39460ae21c06b0ed009f7b33e90a272c0394914454dc48d64bcc5911fd459caa734765636d91a3d5975c12106f957b62e1024d9b39cda2e359236c6389a0ab5c6"}, 0x71)
ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f0000000000)={'geneve1\x00', 0x400})
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x20088004, &(0x7f0000000280)={0xa, 0x4e20, 0x0, @remote, 0x7}, 0x1c)
r0 = openat$vicodec0(0xffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(0xffffffffffffffff, 0xc00c642d, &(0x7f0000000040)={0x0, 0x80000, <r1=>0xffffffffffffffff})
ioctl$DRM_IOCTL_AGP_INFO(r1, 0x80206433, &(0x7f0000000080)=""/12)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, 0x0)
ioctl$VIDIOC_G_EXT_CTRLS(r0, 0xc0185647, &(0x7f0000000100)={0xf000000, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000000c0)={0x98f903, 0x0, '\x00', @p_u16=0x0}})
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)
syz_emit_vhci(0x0, 0x9)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000001dc0)={0x26, 'hash\x00', 0x0, 0x0, 'blake2b-512\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000300)="c9", 0x1)
r3 = accept4(r2, 0x0, 0x0, 0x0)
sendmsg$kcm(r3, &(0x7f0000000e80)={0x0, 0x0, &(0x7f0000000ac0)=[{&(0x7f0000000180)="eabcc61194b6a5e88c2b5fc81183247186e822c2ef5bb9fa614a686891fcb4c4d8e4e1a8dfdb1664566f12805026", 0x2e}, {0x0}], 0x2}, 0x0)
mmap$xdp(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x2, 0x400c031, r3, 0x100000000)
r4 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_REGISTER(r4, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x1})
mbind(&(0x7f0000ffc000/0x4000)=nil, 0x4002, 0x4005, &(0x7f0000000000)=0xa636, 0x5, 0x0)
ioctl$UFFDIO_COPY(r4, 0xc028aa03, &(0x7f0000000100)={&(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x4000)=nil, 0x3000})
io_uring_setup(0x3c8e, &(0x7f0000000100))
r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0)
write$binfmt_aout(r5, &(0x7f0000001000)=ANY=[], 0xff2e)
setsockopt$inet_tcp_int(r3, 0x6, 0x5, &(0x7f00000001c0)=0x6, 0x4)
ioctl$TCSETS(r5, 0x40045431, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, "df3f0400000000000000000000000609000040"})
syz_open_pts(r5, 0x0)
r6 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r5, &(0x7f0000000080))

4.078935275s ago: executing program 3 (id=2728):
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYRES32, @ANYBLOB], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={0x0}, 0x10)
socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'vcan0\x00'})
dup(0xffffffffffffffff)
write$FUSE_NOTIFY_RETRIEVE(0xffffffffffffffff, &(0x7f00000000c0)={0x14c}, 0x137)
openat$dlm_control(0xffffff9c, &(0x7f0000000080), 0x0, 0x0)
r0 = syz_open_dev$I2C(&(0x7f0000000000), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x0, 0x0)
r1 = getpid()
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xc, &(0x7f0000000800)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={0x0, r2}, 0x10)
process_vm_readv(r1, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
ioctl$I2C_SMBUS(r0, 0x8933, &(0x7f00000000c0)={0x0, 0x0, 0x5, &(0x7f0000000080)={0x1, "df1e970974a7c9e7472342370d2762faff00"}})

3.730311206s ago: executing program 2 (id=2731):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @empty}, 0x10)
connect$inet(0xffffffffffffffff, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x2a)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000000)=[@mss, @timestamp, @window, @mss, @timestamp, @window], 0x21a5)
setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000001c0), 0xc7)
sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0)
syz_usb_connect(0x0, 0x24, &(0x7f00000007c0)=ANY=[@ANYBLOB="1201000064172f2057155081ed29010203010902"], 0x0)
recvfrom$inet(r0, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x500, 0x0, 0xfffffffffffffd25)

3.481262432s ago: executing program 3 (id=2733):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0xfff, 0x7}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='sched_switch\x00', r1}, 0x10)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x4, 0xc, &(0x7f0000000940)=ANY=[@ANYBLOB="180200000300000000000000000000008500000029000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r2, 0x0, 0xe, 0x0, &(0x7f0000000900)="e02742e8680d85ff9782762f86dd", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r3 = getpid()
process_vm_readv(r3, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x24, &(0x7f0000000180)='/proc/sys/net/ipv4/vs/sync_qlen_max\x00'}, 0x30)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
write$binfmt_script(r4, &(0x7f0000000100), 0xfecc)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r4, 0x0)
mkdirat$cgroup(0xffffffffffffffff, &(0x7f0000000080)='syz0\x00', 0x1ff)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r5}, 0x10)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="1c0000002200830600000000000000000a000000000000000000000049d3cd60ec605aea07"], 0x1c}}, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15)
bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0x0, 0x4, 0x4, 0x7f, 0x0, 0x1}, 0x48)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x0, 0x0})
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r7}, 0x10)
r8 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r8)
r9 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0xc, &(0x7f00000004c0)=ANY=[@ANYBLOB="1802000000000000000000000000000085000000200000001801000020207025000033d8002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703393fa1064e36189600692e652466267b4b05676d1684835574a8b5839b3a6422969c6598def0a13a47d33ae92a27187d76fbf46ee0d5afa5c53931895832144029fc02c87f10d2795f1925e1c94dede17a4606c7a5f9400d0b5a02aeac92bc4b9a502f802e9d5983cc208e516b3d2107ccb307cb03c6d3d12aa9253db3504bea61ec6b509c47c1a98f9700bca393e76a0aee5135466717ff72983f9bc51873aad3e0f4834b3459c5c406352ebfd080c7219dd7c37e62d4e132fd4b38da1fdbf7a5c7b8d36d21c813f356811b1d345a2eac9d8664d7b340c4da"], &(0x7f0000000080)='GPL\x00'}, 0x65)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r9, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0xa5bc, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r10 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x2, 0x0, &(0x7f0000000140)={0x0, 0x0})
ioctl$BTRFS_IOC_QGROUP_LIMIT(r7, 0x8030942b, &(0x7f0000000280)={0x8000000000000000, {0x20, 0x7, 0x8000000000000000, 0x1, 0x100}})
write(r10, &(0x7f0000000000)="fa", 0xfffffdef)

2.820031511s ago: executing program 3 (id=2737):
prctl$PR_GET_NAME(0x10, &(0x7f00000000c0)=""/23)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="1400000010f2000000000000000000000000000a2c00000003cc0a0157000000000000000005000000000000000500010000000000000000000002000a17f0aa730ed1641ef4c90f457fb420d1df2de3f0be55f1a17564df2eded4f557102d4ed52a44088f7ab1211c2760dc89f70f001df7f257d0ad3536f4954b0e1d0a0f01010000cd32650c4ce93d4fe5d67e48f5d4"], 0x54}}, 0x4800)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$kcm(0x10, 0x0, 0x0)
r2 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
read$FUSE(0xffffffffffffffff, &(0x7f0000004bc0)={0x2020, 0x0, 0x0, 0x0, <r3=>0x0, <r4=>0x0}, 0x2020)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180))
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
r6 = memfd_create(&(0x7f0000000400)='\xa3\x9fn\xb4dR\x04i5\x02\xac\xce\xe1\x88\x9d[@8\xd7\xce\x1f 9I\x7f\x15\x1d\x93=\xb5\xe7\\\'L\xe6\xd2\x8e\xbc)JtTDq\x81\xcf\x81\xba\xe51\xf5 \xc8\x10>\xc9\\\x85\x17L\xbf\xcf\x91\xdfM\xf3\x02^T*\x00\x02\xb9~B\x9f\xacl\x1d3\x06o\xf8\x16H\xaa*\x02\xf7\xfb\x06\xf1\x83\x92\xa8\xc2\xcb\xae\xb0\xb4\x93\xb8\x04\xf1\x99\xc2yY+\xd9y\x8a\xd5b\xe8\"q\x1b0)\xccm\xacz\xc1\xadd\x9b6a\xf3\xdds\xbb\x88\xff\b\x85\xb3s\x00\x0e\xbcfvi\x85\xfc.|\xd4h\xec\x82o\x8e\x93\x11\xc1\xd4\xae\x05\x17=\xd9R\xd0\xd4\x90\xcf\x9b\xdc\xaeV\x88\x94\x9f\xe3\xefqi\xed\xa8w\xbe\xd0\xd0-tBl\x9e+\xd3\xed\xce\x9f\x83\x86\xf9\x12\x16Ts\x80\x13]C\xfb`\xc2`\xf7\x1a\x00\x00\x00\x00\x00\x00\x00k\xae\xcb\x1a.\xc2\x8f\xd1x4]PZ\x9e\xd5Y\xf0L\xa4\xbc\x84\xf6\x04L\xff0\x8b\\*\xf9,\xb6\r\x97\xedy\xe0\x8a\xe2\x8ck\xc6S\xc3g\xb9\x1a\xf8\x8f \x9d\x00u7\xd8\'\xf1E\xa4(Q\x80Fy\xb5\xe4q\xc9\xff \xd8\x9d\xad\x11\xf8m\xd3\xbc\x9e\x10D\x7f!\xca\x0ev\x15h$\x01\xdd\xe5\xce\xf8*\xb3\x01\x85\a\xe4qv&\x9c\xac\x9aN~o\xe5\x89\xd5\a\x9f\f\x1f\xc2e/\x8d\x1e\n\xd0_\xbd!^\xa46\xb8j\xc0x\n\xdb\xe1\xa3\xd6\xae;\r\x92@\xa5I\x88Z1F\xf0\x1at\t\xd0\x8a\x04m\x06\xf3BL\xffS\x9eY\xf4\xb0U \xf8\xd00\x88y\xebX\x92\xd5\xbb\xa1h7\xf3\xe0\x0f\xbd\x02\xe4%\xf9\xb1\x87\x8aM\xfeG\xb2L\xbd\x92-\xcd\x1f\xf4\xe1,\xb7G|\xec\"\xa2\xab\xf6\x84\xe0\xcf1\x9a', 0x0)
r7 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r7, 0x7a7, &(0x7f0000001380)=0xa0000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r7, 0x7a0, &(0x7f0000000040)={@hyper})
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r7, 0x7a8, &(0x7f00000000c0)={{@hyper}})
r8 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(0xffffffffffffffff, 0x7a7, &(0x7f0000000040)=0x90000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r8, 0x7a0, &(0x7f0000000240)={@hyper, 0x1})
r9 = openat$cgroup_ro(r5, &(0x7f00000003c0)='cpuacct.usage_all\x00', 0x275a, 0x0)
write$binfmt_script(r9, &(0x7f0000000200)={'#! ', '', [{0x20, '!@#[\x00'}, {0x20, '/dev/vmci\x00'}]}, 0x15)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2800005, 0x80010, r2, 0x36164000)
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r8, 0x7a8, &(0x7f0000000080)={{@hyper}, @my=0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1})
write$binfmt_elf32(r6, &(0x7f0000000140)=ANY=[@ANYRES32=0x0], 0xd8)
write$binfmt_elf64(r6, &(0x7f0000001900)=ANY=[], 0x6ce)
execveat(r6, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)
write$FUSE_DIRENTPLUS(r2, &(0x7f00000005c0)=ANY=[@ANYRES8=r2, @ANYBLOB="5001000000000000", @ANYRESDEC=r3, @ANYRESHEX=r4], 0xffffffffffffff73)
r10 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TCXONC(r10, 0x540a, 0x3)

2.620449642s ago: executing program 1 (id=2738):
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000080)={{0x1}, &(0x7f0000000000), &(0x7f0000000040)='%ps    \x00'}, 0x20)
socket$nl_route(0x10, 0x3, 0x0)
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
getsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, &(0x7f0000000000), &(0x7f0000000040)=0x4)
r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581d7"], 0x0)
syz_usb_control_io$hid(r1, 0x0, 0x0)
syz_usb_control_io$hid(r1, &(0x7f0000001540)={0x24, 0x0, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="00220f00000008c9c0e2f52b71b9a7abb31000090ec4d21edcd87bfdbebf79b0cadf4470e2eddcb4add04c56d97836952522dbf74fad78a5289174e4fa896636f53da79c563aa5b94f4ef805b867ad21385589d2da07f41c5c94156a684c3788da5917bb6d547b1728e3dfa0d4cc8ce6b67e2e8b9c034f5c4f2d8e678ea055348c475382be35461d62d32a43699776bf4d7949554b25136c32e9640d"], 0x0}, 0x0)
r2 = syz_open_dev$hiddev(&(0x7f0000000100), 0x0, 0x0)
ioctl$HIDIOCGUSAGE(0xffffffffffffffff, 0xc018480d, 0x0)
syz_usb_connect$cdc_ecm(0x0, 0x0, 0x0, 0x0)
ioctl$HIDIOCGREPORTINFO(r2, 0xc00c4809, &(0x7f0000000640)={0x3})
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a14000000000a01040000000000000000010000002c000000030a01020000000000000000010000000900010073797a30000000000900000073797a320000000014000000060a0104000000000000000001000006140000001100010000000000000000000000000a"], 0x7c}}, 0x0)
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="189f69000000000000000000000000009500000000000000"], &(0x7f0000000440)='syzkaller\x00'}, 0x90)
ioctl$sock_inet_SIOCSIFFLAGS(r3, 0x8924, &(0x7f00000000c0)={'wlan0\x00', 0x1})
r4 = syz_open_dev$hiddev(&(0x7f0000000100), 0x0, 0x0)
ioctl$HIDIOCGUSAGE(r4, 0xc018480b, &(0x7f0000000040)={0x3, 0xffffffff})
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f0000000b80)=[{&(0x7f0000000740)="7d865ab352f1b54cf3d04f4251adf15e02f6c0f6217a3e66e4aa7cd79c740cdaf1d4bc253ab28f055a242b25879c6abf6168859d67b9da86f36c89324ae5eec8387a11521576c19067424b194c9fd2c8212be6e69b8efc712868cd3a1c2490d199d7618e8c05367abb5748e368db027d9ea2858c1f0854470b51c80e328f95545f25b3e3a0c778b18cf35b9e8e0df698c901fd27d04c651b979d65b47786dbd8795a2a0390fcce12e3b3c9885b4885651bccab186624908be24f54544ec342379a", 0xc1}], 0x1}}], 0x1, 0x0)
socket(0x10, 0x3, 0x0)
ioctl$VIDIOC_G_FREQUENCY(0xffffffffffffffff, 0xc02c5638, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@bloom_filter={0x1e, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2}, 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
move_mount(0xffffffffffffff9c, 0x0, 0xffffffffffffffff, 0x0, 0x0)
pipe(&(0x7f0000000080)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0)
splice(r6, 0x0, r5, 0x0, 0x3, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'sit0\x00', &(0x7f0000000600)})

2.450055171s ago: executing program 2 (id=2739):
r0 = syz_pidfd_open(0x0, 0x0)
r1 = pidfd_getfd(r0, r0, 0x0)
setns(r1, 0x66020000)
r2 = inotify_init()
r3 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r3, 0x0, 0x80, 0x0, 0x176)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, 0x0)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0xcd)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r4 = socket$inet(0x2, 0x2, 0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = getpid()
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xc, &(0x7f0000000800)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
r7 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000500)='tlb_flush\x00', r6}, 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=@gettaction={0x20, 0x32, 0x6dd711a25f4cb68b, 0x0, 0x0, {}, [@action_dump_flags=@TCA_ROOT_FLAGS={0xc, 0x2, {0x1}}]}, 0x20}}, 0x0)
process_vm_readv(r5, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
r8 = socket$nl_route(0x10, 0x3, 0x0)
pselect6(0x40, &(0x7f0000000200)={0x2, 0x200, 0x28cb, 0x5, 0x0, 0x0, 0x1, 0x100000001}, &(0x7f0000000240)={0x8001, 0x8, 0x0, 0x2, 0x64, 0x3, 0xaab5, 0x8}, &(0x7f0000000280)={0x5b, 0xf1, 0x1, 0x3, 0xfffffffffffffffa, 0x36, 0xe, 0x5}, &(0x7f0000000340), &(0x7f00000003c0)={&(0x7f0000000380)={[0xe, 0x6]}, 0x8})
sendmsg$nl_route(r8, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[@ANYBLOB="300000001000010800"/20, @ANYRES32=<r9=>0x0, @ANYBLOB="000000000000000008000400699b000008001b"], 0x30}}, 0x0)
rename(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)='./file0\x00')
mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000002700)=ANY=[@ANYBLOB="bfdf118e8c9e0efc0c896256ba6a7e0db498ee5c3b15740683b68fbea52eab069fdc46c9626a158e79a314f03d1e6e744051f0eb19a10ec1f94c5011df88a5773229565e7674b7c73d8554f2c94a65ae8f57142c35a43f933d6d3b089b9dc04808af869a5deeaa8a860b922bb5c1d029a1a64c97689acdd8d72c88e92de66bedb8fdc1bd214edb303513d25bafbb5641a6cc00bf0e7543f07e3df6a58237de5dfbd82f481dfce353e02fb90ecd4bdb37427834e95b1a3bd9d50b9c4e2501664f42bca058bed45732c37ee968bc8564558a02e0f2c6cbab98064101a9982d7a20815719fbb4de2bf608338ce285ceda685892e5bb4e5feb3ee01ea26f6b39c113765bec55da0beaae0e32d0eabb2ab083a51d1680286e3c8257e20797bf8b080e42967e6497a98b1e0950abfec58b10f799e953f2d74069125aee19b9142cc2976813e7c0a3127c6fadcd8464d45852d9bea8720fe18319ffaaa46c2cef32d8290ab2e816c420ec6b320ead9349357332787f3af8ad4fbd7dcab675a22dc333119220c6e5bd293440bd8346dc701219db5147eb4486c15d9a5c46e8a158bd023aea48ba70cadc8a0f260c61cad16aaf8d820185d25125ec8cee2b5b2242587b86c182853d7e33f865e25223fb5c4e0a79d34682533a0449e5b011eff72d1ee9c224efa95c297ec11b9bd0ec1cd828964d6dc250e4ad24633ca9bbba5454613a96dd5a18c576179a22ec092905ecd773fa1fb499068f3ba6fed06b2b0b8d482df8ec53bcd1330cc14008e89ce1869c27753358a0839180d9e6029241a4cf82b5f909a93d92b8fbb4ac5e2e73ef1b2a7e97f4671da5f4c43cbf2c9f91e275b3dd12b9d037ffaef08025880cfb26976e3f8cc1f80e242c39276f22c2cd53c2f53c130ebf489d63c2de3721dfa7b2c19b387363830ce086cbeb2e8d0d942664158a4c05a7a561b93d899b1fb139b1ecbd6b9292ff74ef14096fc87c6115fd6891b3b83d099be2c0fcb07298805710e412811d2c0e19eed84c0cd0916a3b50e1c83bc3779403a4a216347ff8836c9fb3845f8f8e24aeb7d26d6e405891766e53b68592269d0b6ee09077436b62c988a02f987c0f124473dfb2f0702d89584f065327b6b6bf0c57dbe76e6a7cb9d3e790f29eb7fbcd45839ddea4c7810a91350f01bda8cc4d535461bd77e21a8e74c773aaeb0e8bef648bf1a33994cb009edf28dc3df4f2e0bcf8b1de734bf2fc894d0c25378230d051606deb72d70790a4bab29f7c82223f5da6ceb85730bfcec193ded2edd5fd61b120deccd538263a99bcdf8333a1864a43aff2033a98fb1172687fb7ef48f577b787e5d23d33408bde28e4c4e675447a1639100075a2d72af55e32dbc32b37770249317e7a7a290d2385d41724143ef3f3d6180d8dc953d847ab63fba48d0a62d9896500b091c6e025c55cb5be4ad7489478945d7c954cba5b48d902430893ab705c94cc1d656fc6850ce01cb559fe954fc2a7d718d3c25085b59d11ccfbfd3913465c25cc1f7c6bb1000579b5c2a6a42a6f025ef940986e266a5da54f2b6b1d310179c4f9209dd4e3c828ad40c869a4b4dba28cc6269ef4068bb79cd75ca98ce74c3357dc43b71d081796391e23d6eda1846d2f2b7abfa4712a56d914b0dbc2c2ef26a89e59c30173901594cbf67e3af46a1c92793367992ab5e65d1a2708a4f037732fc266388df3e81c5ccaa9182c76667765f8c6403bb275972450a86e539f427237709864a47eb7536feed2ea8015650c0fb69b59d0c0e4210d8b87974ad379a2033b1ad7e7feabc1ed47a935b0c492c7ee9bcf43ff921182c747514a4c38a9820325f9f662b7c3d98cbb80122f8d3159443fb6e6c7d7691f6139e2681883270fb3a7a93efea1677ed9d5439001ddb65d91a4c5a2e90a6484650943e6555cfcdc709e52d10fdc7920e33775c8768b1291f1086482675c84f7c12950dbad18938d93fcf4b0f6440ddedf538d1cb5e3c233a2c258fd8a04980a35f019f11b703e6211f7ad8451d9802c1482e0fd2f1724ac9e8ab8e838c9e63b00a357e6e3c5e50e562744340579539223520d08c49ca116e77bb563c2db000d53dffa79698ce451e93cff56e4f6641414a672e7ccf96dfac968306626375d894144ec349ca0f332e148dcd6f38ca06854ae12d2dbf9c67cdc9c372b4a507e63b0353c21ed37a9640522db5b212876d5693d8bcc608548aaf8a5fd23ebc1ea9f9db8f2f81478bfafd3bf69c40a4cab81437677d55bef9b349c7dfa8285a905622267e0a6698b42b70d226ba6c8ae671a43b0e18c7bcef0595806eb0d2d58b67c64eccb2038d320dfaf57782b08733ca1ad1b28e52b6fbf6ba567bf4535ace11eaada50c630fc40e700c13fc4ae8b0a12bff797bd1b8a739d5c52901babbb36267b3fedfe2f3090e9a5be288dcc01f2937bc90cfc9abf6872d47cc6393b9030ef6980fc99ef11d0f9f32a32d26cda72392b77b5e81bedfa137c64fca4c70f4d3d29c48135aabb201699232b32d9b74df25537c3262807bc86ac15af7600a872fe837cb7b7c2136df53f43d4c41f326dda2d5a4e699853ae0f5dcb63170d97c09a2611acde6ba3f87f1a900aa2a2a315598e70a3730e7a85cf666f183984ef6eb90cca0ec2a9d5919e70b654e281316af2aacc9c906afb523153dd666a38d9312e6195fa2dc42450f37f52fd4ec4f1324237e5fefaae692c641e653e3f0271939eda8f834168537e73124fa5bee79d2abbf4ee6a51a4e759d18cc66428cf12106f1c02deec1a1767e33cae239ff824dc1a5ef007638941c182f10a418fe950f9b3bccba4b9142e4dfb6fc92dbd7d486f0f42f69db17db14573bb4c28bdd704e5a72a4569d1595a500b0b29e94e7d483b61bf09c2b04ccf68bea0520b63fbc0f24e95ad1ea6eb0e1512aef04ab5ef543a965190847c5363295471f4a797a01f40c0b928d3b8f67ca5984c5d21470d72abd44198f978d8d99dc2e74bf730d9ff2d569e7aa5401302ad661842450cc52557c2671f9ce9bc70526e3aa7e29f32ff941b28e7ed89c8146057542e398893afaf9a6ced615bb30cce49997c75e80faf91cffa2ade13736e19ff238729488caef3d6145265de3003871bf00dd22b67ecff4c22d494d4dce69e67f4f76c2cd7362c5420fd8e59ba0a71bfea28bb51f8aea1410629104036aa2070d96936490326f1a6cfe5b0cf29d499f3622f0e63695f671aea93bdceaebd994634fb10d648e117a49ec203845cccf8ac5e9b459409b46fb6a1ac08f1e1ddb80e7dc8e0d864ed536d17a2a9b9655381e98f742a85461f43a3174d29738d245c1c7fa3c7137212596c386f10efa6f09021fd4901e9565bb0d499c3cea434f8ef37e5137ed1e727f1838e61a0cd47d088597cc8b846b43823da3e1fd65ffc296592b20f6c01d19fdac275775185dd7623bd23b746471f534ad5ac18cccdfeab8ce9d9a31e188c24091f409e9dec8ef83e7f6e3cc1ae37fa67ffa122140fb4c2a1f8d145ef545dd2dfaa19bf65fed02f18f1455a62a50508658ee91a2b537e0bfef012e77680422af0d8260524bfaa620e3fd617a938bb96c4cc3552261922a847ac4208edf600931b5b0855e561b5078e260c9823e0e9595133a77dae1d9cc3b0345b813b3db8e6cecda7a8109232a25faa18be58ca285da11039bc5cbee7b34ff0b2bd31a7cdb52f869ab4fea725d2971868a7609e1857b983b1a140694af6fc9b4be6977e3192bc70de5b741a739cb7908af1777991d9758730ac078cdc5ce3374ac67ea79aeecf746ac39b2ac2257ed68759a70c21116094ea492f4802820f701a44fe54b9ca288c6ea591a5a69c6d7435d0d4f817b97aa79ae5deb1ef3b5f56c2b44887d38ebccf1f3e0cd17f0630dc9fb4e42253f1ee079207482d1330876c207ee2f655b4a3d17c4b75de604d54986d88d08530d3f9eb030518972dc36232c7ff5f35e6ae6dd91f9b31561caac338ba153455e200e03d2f9c29c148546f831e79c5fa1616ad713036d769280d839a5d17d233eb5927d5f7b7e9463c531338144e085bf01a0470f5ea8c859281a6b21fc1209a0634cf1a1a5883ad64bf18cc13797da98030fc5845b4269d3542a35a37917aa132a0495d1ce64c55f72caa34586ac9dc67e4478d29da656de05d4572ab744bc4c7de91e6c29436294f1f42fe7a4e6d191e7a7e9903fb38d53893a30cb91c2d55af6a9fc14f3c49c59d96d35388b3a1bc20093c08083bb325817894db1f7afafcbff769fbeef69d08fbe598e2ec0bb6b5c22db3647ee38d25a436eeaa2367c50149a08a4fea4918738aed372e3c8ba05caa39f33a8aa0f1a6906b43d16f88ae962f4eae0ffc34aae519bea2957da9699128c1aaf9fc949bf9f16045b4dd811fcb037ca4978c5b8a557527fe9581d398155ddc324dda1b7793a94b92e950be87c3f2b5e73ac31c03af2dd92ee8bb0db7202e2190d870ffb938b4f3e5256537596702d163a4d5f4d2c360e677ffdc72ce3387016ef0062d787ff857d7c3f3b034f23909f5814986984d202f4ef82fdd1b197af7642b9bc13b5cfbe738aba5dbed8571d8fe2f3a446582cb352eeff3509a5fe86cda7e1cc356bd6255265e44ff2d339695916db410c8908164afdea29d2295ea8e6cd4be8920602e79bc1f3c9317d7c722c19eadad2b8fa7b3a609ee22bb7fcc712cf8f57beebf10f8626dff1084b81524e18d1f6851e1e1f0c10586b70f8225ec1dcd4d090529eb499b424961ccbd8316c93c0145c2ae2a78cd6632bf777480a64e21e2013aeaa3cabf6b1d5159c9e857c83553f2b3a4560c7d59e9b0f36e72608f06d5f4731f5af112e8feef629a200e5fc07499c1028c2476049e2a32707db04394dbac5efbd1e480d417afa5ba8daed665a8ef74b5d30b90eb12fc0c250d3e79eb6bd60b2acec6e26eba5078224e49127f831e6ea01b14b34c2423846db56e3144e461e19bc56f9065816df1cd0031c9f66569184ee90d897ec80edb9517dd22bb471a7da8eec7d75b53ee61ea737b752e68f5b370807078366daaad365245bbc59ae68364234bc060251c786ae96c337b343f418b55e34bea21a1cda4c1522ce9c9d38dd35976cce07f80b4cf798ee70bc3eb11000e842c874dff178eea377a48208e6a66e51923f0cdf8c1c1140af6386afa75c4d7dbf8fcf7bdad0302db9152d64599440f99deece2974722bc206f8c3a80d98cdefd868f9167818a5ccb085c551093b263d2d85385bef535ed2148cff06502d322cf7901a7afc40397c0fcb0811f831e0066f5e0a99ac0ffdaf4783c076e853904fcaf9d7b7270a644de21827e3d572393013a18847e8b873f19130638b62442813c6e6cd84fa179ce6e22d024dee910a6c0d17d2ffd00159e0d5e6c41e0679ed83cc007396f07dbe1d8a710efa451af57b91b1e115b301f0f5075f60aff694e99513bb3b0c07c60d6c3eb4f3e8bfca4e07b4290e94ed4633a52bfe1fa91630f3808556e7da2169f5de663a695e44c3f7acaa3691a64d6deb0acd628f64b1e12198c23121388788e334002ebb458b985bc3948f80d7c75c328e469b1bb28267b34d19f64a4f2196c0fd9eebd9540a9c5d6793fcff05d2405a125080aa217bebe2b30390b13fd3275dc3b432ad12a50a69ee23b97520178ad5a60f54fa335c3d92a7dc0df909d08325f6afa4d317b8edf2a16e5ad8ddd0c91b5a49e961b403fe3470a05d942b6ef083882aeeeb397b1f5270110851c7d0a2e28a5d4cac09893bc1c36ace3793b220d5318f8ca424c0a", @ANYRESDEC=r4, @ANYRES16=r0, @ANYRES8=r7, @ANYRESDEC=r0, @ANYRES16=r3, @ANYRES16=r9, @ANYRES16, @ANYRESHEX=r9])
r10 = io_uring_setup(0x15ae, &(0x7f0000000080)={0x0, 0x0, 0x100})
io_uring_register$IORING_REGISTER_BUFFERS(r10, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x18)
writev(0xffffffffffffffff, &(0x7f0000000140)=[{&(0x7f0000000240)="480000001400190d09004beafd0d8c562c84ed7a80ffe05e959126dda8900db462060f000000000000a2bc5603ca00000f7f89000000200000000101ff0000000309ff5bffff00c7", 0x48}], 0x1)
inotify_add_watch(r2, &(0x7f0000000000)='.\x00', 0x400027e)

1.406723398s ago: executing program 2 (id=2740):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000001740), 0x101042, 0x0)
ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000100))
mremap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x2000, 0x0, &(0x7f0000fff000/0x1000)=nil)
r1 = syz_open_procfs(0x0, &(0x7f0000000080)='net/dev\x00')
read$FUSE(r1, &(0x7f0000000100)={0x2020}, 0x2020)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
r2 = userfaultfd(0x1)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f00000000c0))
r3 = io_uring_setup(0x3eae, &(0x7f0000000080))
io_uring_register$IORING_REGISTER_BUFFERS(r3, 0x0, &(0x7f00000021c0)=[{&(0x7f0000002140)=""/89, 0x59}], 0x1)
ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000040)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})
ioctl$UFFDIO_COPY(r2, 0xc028aa05, &(0x7f0000000080)={&(0x7f0000c15000/0x1000)=nil, &(0x7f0000508000/0x4000)=nil, 0x1000})
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
madvise(&(0x7f0000003000/0x1000)=nil, 0x7f7884acbfff, 0x8)
write$ppp(r0, &(0x7f00000002c0)="16", 0x1)
sendmsg$IPSET_CMD_DESTROY(0xffffffffffffffff, 0x0, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x1, 0xfffffffd, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0xfffffffa}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xb, 0xf, &(0x7f0000000e80)=ANY=[@ANYBLOB="38070000000000000000000069e6a480080d48ed6dd6fd653b9db9f9f62ebef7c4041eb6e56b0ef80e6fcb1ff131000000000000000000000000b7d67847d78cedd7656cebb537d2134ad417ea1c999a0a929b09c009cbd399aad9e54981eff09c748170fcb8d71db96d1bf43c92d3f0649b730541851d35bd138737f160f5d3feb8b081bbe17ddb799e4585e4e8eb4fb7fd690be79f790712477319d2fd2fb55e204c1f3e5fb90e6cdeb956fe0cab213219d1db6d6e4c7efa5a75503e29467f3df2572ac20c1f08b05aa85385582894587df91167e69f0180b725051ade954f789c9b9e8a643c839abc3c52732ad36c8634e60f20b10001ced0ae0f173bb9ee8379b1391fd9b6a89e22bbf373cbd0035862e6dadc36ef1d90bc214d2d2498dce246eb39ef00", @ANYRESOCT=r0, @ANYBLOB="0000000000000000b70300000000000000000031000000bf090000000000950000000000000086ff091400000000b7020000100000008500000000000000b7140000000000009500000000000000cf18ecddcb1905c5541eeaeef13b2d74edec99973c8e9512083ba9d57c527b729c46ef8d650a7210d256625ecb8813f5a9d98f4a489b9e31f6b45cdff25299214a97ee80bb5485bccf2d72270c2a7c53e4121dd9babaa88ec8ba97f4049e858c89e23dbcd051188757740d20e40cb559745e5d9bfa4df14c0751b5eb51188f347bbb66b404effffbb7625fde87097fd9fffdafa3d3d069a7f72ff0306a0da7e125d06327d31daf59f6423300"/266], &(0x7f0000000580)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x1, '\x00', 0x0, 0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90)
socket$inet(0x2, 0x0, 0x84)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x2, 0x4, 0x6, 0x504}, 0x48)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000), &(0x7f0000000200), 0xa78, r4}, 0x38)
r5 = socket$packet(0x11, 0x3, 0x300)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), r6)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000000)={'wlan1\x00'})
ioctl$FS_IOC_SETVERSION(0xffffffffffffffff, 0x40087602, 0x0)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000940)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r7, @ANYBLOB="010000000000000000004400000008000300", @ANYRES32=0x0, @ANYBLOB="d120b6cd0882122fc4a3add54ff95ee188b1cf1992d3e655fec1a06737849985710ad97b5fa45fe479004c4ac61ef63b8009490b2e19701bff58eea98b88f1c9c37e1a389f41e0675522"], 0x1c}}, 0x0)

1.116047169s ago: executing program 2 (id=2741):
r0 = getpid()
r1 = syz_pidfd_open(r0, 0x0)
r2 = pidfd_getfd(r1, r1, 0x0)
setns(r2, 0x66020000)
r3 = inotify_init()
r4 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r4, 0x0, 0x80, 0x0, 0x176)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, 0x0)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0xcd)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r5 = socket$inet(0x2, 0x2, 0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r6 = getpid()
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xc, &(0x7f0000000800)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
r8 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000500)='tlb_flush\x00', r7}, 0x10)
r9 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r9, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=@gettaction={0x20, 0x32, 0x6dd711a25f4cb68b, 0x0, 0x0, {}, [@action_dump_flags=@TCA_ROOT_FLAGS={0xc, 0x2, {0x1}}]}, 0x20}}, 0x0)
process_vm_readv(r6, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
r10 = socket$nl_route(0x10, 0x3, 0x0)
pselect6(0x40, &(0x7f0000000200)={0x2, 0x200, 0x28cb, 0x5, 0x0, 0x5, 0x1, 0x100000001}, &(0x7f0000000240)={0x8001, 0x8, 0x0, 0x2, 0x64, 0x3, 0xaab5, 0x8}, &(0x7f0000000280)={0x5b, 0xf1, 0x1, 0x3, 0xfffffffffffffffa, 0x0, 0xe, 0x5}, &(0x7f0000000340), &(0x7f00000003c0)={&(0x7f0000000380)={[0xe, 0x6]}, 0x8})
sendmsg$nl_route(r10, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[@ANYBLOB="300000001000010800"/20, @ANYRES32=<r11=>0x0, @ANYBLOB="000000000000000008000400699b000008001b"], 0x30}}, 0x0)
rename(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)='./file0\x00')
mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000002700)=ANY=[@ANYBLOB="bfdf118e8c9e0efc0c896256ba6a7e0db498ee5c3b15740683b68fbea52eab069fdc46c9626a158e79a314f03d1e6e744051f0eb19a10ec1f94c5011df88a5773229565e7674b7c73d8554f2c94a65ae8f57142c35a43f933d6d3b089b9dc04808af869a5deeaa8a860b922bb5c1d029a1a64c97689acdd8d72c88e92de66bedb8fdc1bd214edb303513d25bafbb5641a6cc00bf0e7543f07e3df6a58237de5dfbd82f481dfce353e02fb90ecd4bdb37427834e95b1a3bd9d50b9c4e2501664f42bca058bed45732c37ee968bc8564558a02e0f2c6cbab98064101a9982d7a20815719fbb4de2bf608338ce285ceda685892e5bb4e5feb3ee01ea26f6b39c113765bec55da0beaae0e32d0eabb2ab083a51d1680286e3c8257e20797bf8b080e42967e6497a98b1e0950abfec58b10f799e953f2d74069125aee19b9142cc2976813e7c0a3127c6fadcd8464d45852d9bea8720fe18319ffaaa46c2cef32d8290ab2e816c420ec6b320ead9349357332787f3af8ad4fbd7dcab675a22dc333119220c6e5bd293440bd8346dc701219db5147eb4486c15d9a5c46e8a158bd023aea48ba70cadc8a0f260c61cad16aaf8d820185d25125ec8cee2b5b2242587b86c182853d7e33f865e25223fb5c4e0a79d34682533a0449e5b011eff72d1ee9c224efa95c297ec11b9bd0ec1cd828964d6dc250e4ad24633ca9bbba5454613a96dd5a18c576179a22ec092905ecd773fa1fb499068f3ba6fed06b2b0b8d482df8ec53bcd1330cc14008e89ce1869c27753358a0839180d9e6029241a4cf82b5f909a93d92b8fbb4ac5e2e73ef1b2a7e97f4671da5f4c43cbf2c9f91e275b3dd12b9d037ffaef08025880cfb26976e3f8cc1f80e242c39276f22c2cd53c2f53c130ebf489d63c2de3721dfa7b2c19b387363830ce086cbeb2e8d0d942664158a4c05a7a561b93d899b1fb139b1ecbd6b9292ff74ef14096fc87c6115fd6891b3b83d099be2c0fcb07298805710e412811d2c0e19eed84c0cd0916a3b50e1c83bc3779403a4a216347ff8836c9fb3845f8f8e24aeb7d26d6e405891766e53b68592269d0b6ee09077436b62c988a02f987c0f124473dfb2f0702d89584f065327b6b6bf0c57dbe76e6a7cb9d3e790f29eb7fbcd45839ddea4c7810a91350f01bda8cc4d535461bd77e21a8e74c773aaeb0e8bef648bf1a33994cb009edf28dc3df4f2e0bcf8b1de734bf2fc894d0c25378230d051606deb72d70790a4bab29f7c82223f5da6ceb85730bfcec193ded2edd5fd61b120deccd538263a99bcdf8333a1864a43aff2033a98fb1172687fb7ef48f577b787e5d23d33408bde28e4c4e675447a1639100075a2d72af55e32dbc32b37770249317e7a7a290d2385d41724143ef3f3d6180d8dc953d847ab63fba48d0a62d9896500b091c6e025c55cb5be4ad7489478945d7c954cba5b48d902430893ab705c94cc1d656fc6850ce01cb559fe954fc2a7d718d3c25085b59d11ccfbfd3913465c25cc1f7c6bb1000579b5c2a6a42a6f025ef940986e266a5da54f2b6b1d310179c4f9209dd4e3c828ad40c869a4b4dba28cc6269ef4068bb79cd75ca98ce74c3357dc43b71d081796391e23d6eda1846d2f2b7abfa4712a56d914b0dbc2c2ef26a89e59c30173901594cbf67e3af46a1c92793367992ab5e65d1a2708a4f037732fc266388df3e81c5ccaa9182c76667765f8c6403bb275972450a86e539f427237709864a47eb7536feed2ea8015650c0fb69b59d0c0e4210d8b87974ad379a2033b1ad7e7feabc1ed47a935b0c492c7ee9bcf43ff921182c747514a4c38a9820325f9f662b7c3d98cbb80122f8d3159443fb6e6c7d7691f6139e2681883270fb3a7a93efea1677ed9d5439001ddb65d91a4c5a2e90a6484650943e6555cfcdc709e52d10fdc7920e33775c8768b1291f1086482675c84f7c12950dbad18938d93fcf4b0f6440ddedf538d1cb5e3c233a2c258fd8a04980a35f019f11b703e6211f7ad8451d9802c1482e0fd2f1724ac9e8ab8e838c9e63b00a357e6e3c5e50e562744340579539223520d08c49ca116e77bb563c2db000d53dffa79698ce451e93cff56e4f6641414a672e7ccf96dfac968306626375d894144ec349ca0f332e148dcd6f38ca06854ae12d2dbf9c67cdc9c372b4a507e63b0353c21ed37a9640522db5b212876d5693d8bcc608548aaf8a5fd23ebc1ea9f9db8f2f81478bfafd3bf69c40a4cab81437677d55bef9b349c7dfa8285a905622267e0a6698b42b70d226ba6c8ae671a43b0e18c7bcef0595806eb0d2d58b67c64eccb2038d320dfaf57782b08733ca1ad1b28e52b6fbf6ba567bf4535ace11eaada50c630fc40e700c13fc4ae8b0a12bff797bd1b8a739d5c52901babbb36267b3fedfe2f3090e9a5be288dcc01f2937bc90cfc9abf6872d47cc6393b9030ef6980fc99ef11d0f9f32a32d26cda72392b77b5e81bedfa137c64fca4c70f4d3d29c48135aabb201699232b32d9b74df25537c3262807bc86ac15af7600a872fe837cb7b7c2136df53f43d4c41f326dda2d5a4e699853ae0f5dcb63170d97c09a2611acde6ba3f87f1a900aa2a2a315598e70a3730e7a85cf666f183984ef6eb90cca0ec2a9d5919e70b654e281316af2aacc9c906afb523153dd666a38d9312e6195fa2dc42450f37f52fd4ec4f1324237e5fefaae692c641e653e3f0271939eda8f834168537e73124fa5bee79d2abbf4ee6a51a4e759d18cc66428cf12106f1c02deec1a1767e33cae239ff824dc1a5ef007638941c182f10a418fe950f9b3bccba4b9142e4dfb6fc92dbd7d486f0f42f69db17db14573bb4c28bdd704e5a72a4569d1595a500b0b29e94e7d483b61bf09c2b04ccf68bea0520b63fbc0f24e95ad1ea6eb0e1512aef04ab5ef543a965190847c5363295471f4a797a01f40c0b928d3b8f67ca5984c5d21470d72abd44198f978d8d99dc2e74bf730d9ff2d569e7aa5401302ad661842450cc52557c2671f9ce9bc70526e3aa7e29f32ff941b28e7ed89c8146057542e398893afaf9a6ced615bb30cce49997c75e80faf91cffa2ade13736e19ff238729488caef3d6145265de3003871bf00dd22b67ecff4c22d494d4dce69e67f4f76c2cd7362c5420fd8e59ba0a71bfea28bb51f8aea1410629104036aa2070d96936490326f1a6cfe5b0cf29d499f3622f0e63695f671aea93bdceaebd994634fb10d648e117a49ec203845cccf8ac5e9b459409b46fb6a1ac08f1e1ddb80e7dc8e0d864ed536d17a2a9b9655381e98f742a85461f43a3174d29738d245c1c7fa3c7137212596c386f10efa6f09021fd4901e9565bb0d499c3cea434f8ef37e5137ed1e727f1838e61a0cd47d088597cc8b846b43823da3e1fd65ffc296592b20f6c01d19fdac275775185dd7623bd23b746471f534ad5ac18cccdfeab8ce9d9a31e188c24091f409e9dec8ef83e7f6e3cc1ae37fa67ffa122140fb4c2a1f8d145ef545dd2dfaa19bf65fed02f18f1455a62a50508658ee91a2b537e0bfef012e77680422af0d8260524bfaa620e3fd617a938bb96c4cc3552261922a847ac4208edf600931b5b0855e561b5078e260c9823e0e9595133a77dae1d9cc3b0345b813b3db8e6cecda7a8109232a25faa18be58ca285da11039bc5cbee7b34ff0b2bd31a7cdb52f869ab4fea725d2971868a7609e1857b983b1a140694af6fc9b4be6977e3192bc70de5b741a739cb7908af1777991d9758730ac078cdc5ce3374ac67ea79aeecf746ac39b2ac2257ed68759a70c21116094ea492f4802820f701a44fe54b9ca288c6ea591a5a69c6d7435d0d4f817b97aa79ae5deb1ef3b5f56c2b44887d38ebccf1f3e0cd17f0630dc9fb4e42253f1ee079207482d1330876c207ee2f655b4a3d17c4b75de604d54986d88d08530d3f9eb030518972dc36232c7ff5f35e6ae6dd91f9b31561caac338ba153455e200e03d2f9c29c148546f831e79c5fa1616ad713036d769280d839a5d17d233eb5927d5f7b7e9463c531338144e085bf01a0470f5ea8c859281a6b21fc1209a0634cf1a1a5883ad64bf18cc13797da98030fc5845b4269d3542a35a37917aa132a0495d1ce64c55f72caa34586ac9dc67e4478d29da656de05d4572ab744bc4c7de91e6c29436294f1f42fe7a4e6d191e7a7e9903fb38d53893a30cb91c2d55af6a9fc14f3c49c59d96d35388b3a1bc20093c08083bb325817894db1f7afafcbff769fbeef69d08fbe598e2ec0bb6b5c22db3647ee38d25a436eeaa2367c50149a08a4fea4918738aed372e3c8ba05caa39f33a8aa0f1a6906b43d16f88ae962f4eae0ffc34aae519bea2957da9699128c1aaf9fc949bf9f16045b4dd811fcb037ca4978c5b8a557527fe9581d398155ddc324dda1b7793a94b92e950be87c3f2b5e73ac31c03af2dd92ee8bb0db7202e2190d870ffb938b4f3e5256537596702d163a4d5f4d2c360e677ffdc72ce3387016ef0062d787ff857d7c3f3b034f23909f5814986984d202f4ef82fdd1b197af7642b9bc13b5cfbe738aba5dbed8571d8fe2f3a446582cb352eeff3509a5fe86cda7e1cc356bd6255265e44ff2d339695916db410c8908164afdea29d2295ea8e6cd4be8920602e79bc1f3c9317d7c722c19eadad2b8fa7b3a609ee22bb7fcc712cf8f57beebf10f8626dff1084b81524e18d1f6851e1e1f0c10586b70f8225ec1dcd4d090529eb499b424961ccbd8316c93c0145c2ae2a78cd6632bf777480a64e21e2013aeaa3cabf6b1d5159c9e857c83553f2b3a4560c7d59e9b0f36e72608f06d5f4731f5af112e8feef629a200e5fc07499c1028c2476049e2a32707db04394dbac5efbd1e480d417afa5ba8daed665a8ef74b5d30b90eb12fc0c250d3e79eb6bd60b2acec6e26eba5078224e49127f831e6ea01b14b34c2423846db56e3144e461e19bc56f9065816df1cd0031c9f66569184ee90d897ec80edb9517dd22bb471a7da8eec7d75b53ee61ea737b752e68f5b370807078366daaad365245bbc59ae68364234bc060251c786ae96c337b343f418b55e34bea21a1cda4c1522ce9c9d38dd35976cce07f80b4cf798ee70bc3eb11000e842c874dff178eea377a48208e6a66e51923f0cdf8c1c1140af6386afa75c4d7dbf8fcf7bdad0302db9152d64599440f99deece2974722bc206f8c3a80d98cdefd868f9167818a5ccb085c551093b263d2d85385bef535ed2148cff06502d322cf7901a7afc40397c0fcb0811f831e0066f5e0a99ac0ffdaf4783c076e853904fcaf9d7b7270a644de21827e3d572393013a18847e8b873f19130638b62442813c6e6cd84fa179ce6e22d024dee910a6c0d17d2ffd00159e0d5e6c41e0679ed83cc007396f07dbe1d8a710efa451af57b91b1e115b301f0f5075f60aff694e99513bb3b0c07c60d6c3eb4f3e8bfca4e07b4290e94ed4633a52bfe1fa91630f3808556e7da2169f5de663a695e44c3f7acaa3691a64d6deb0acd628f64b1e12198c23121388788e334002ebb458b985bc3948f80d7c75c328e469b1bb28267b34d19f64a4f2196c0fd9eebd9540a9c5d6793fcff05d2405a125080aa217bebe2b30390b13fd3275dc3b432ad12a50a69ee23b97520178ad5a60f54fa335c3d92a7dc0df909d08325f6afa4d317b8edf2a16e5ad8ddd0c91b5a49e961b403fe3470a05d942b6ef083882aeeeb397b1f5270110851c7d0a2e28a5d4cac09893bc1c36ace3793b22", @ANYRESDEC=r5, @ANYRES16=r1, @ANYRES8=r8, @ANYRESDEC=r1, @ANYRES16=r4, @ANYRESDEC=r7, @ANYRES16=r11, @ANYRES16=r0, @ANYRESHEX=r11])
r12 = io_uring_setup(0x15ae, &(0x7f0000000080)={0x0, 0x0, 0x100})
io_uring_register$IORING_REGISTER_BUFFERS(r12, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x18)
writev(0xffffffffffffffff, &(0x7f0000000140)=[{&(0x7f0000000240)="480000001400190d09004beafd0d8c562c84ed7a80ffe05e959126dda8900db462060f000000000000a2bc5603ca00000f7f89000000200000000101ff0000000309ff5bffff00c7", 0x48}], 0x1)
inotify_add_watch(r3, &(0x7f0000000000)='.\x00', 0x400027e)

746.436132ms ago: executing program 1 (id=2742):
pipe2(&(0x7f0000000040), 0x0)
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x0, 0x8000, 0x6}, 0x1c)
syz_io_uring_setup(0x20f6, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000180), &(0x7f0000000140))
r1 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
ioctl$NBD_SET_SOCK(r1, 0xab00, r2)
r3 = syz_open_dev$ndb(&(0x7f00000000c0), 0x0, 0x0)
ioctl$NBD_DO_IT(r1, 0xab03)
ioctl$NBD_CLEAR_SOCK(r3, 0xab04)
io_submit(0x0, 0x1, &(0x7f00000002c0)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x7, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x2}])
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_open_procfs(0x0, &(0x7f0000000100)='auxv\x00')

511.408697ms ago: executing program 1 (id=2743):
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x30000, &(0x7f0000000200)={&(0x7f0000000240)={0x38, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_SOCKET_OWNER={0x4}]}, 0x38}}, 0x0)

407.074852ms ago: executing program 1 (id=2744):
creat(&(0x7f0000000280)='./file0\x00', 0x0)
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000540)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x2, 0x8, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000002000000000000000002000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70300000000000085000000ad000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f00000002c0)={r1, 0xffffffffffffffff, 0x30, 0x4000000, @val=@uprobe_multi={&(0x7f00000001c0)='./file0\x00', &(0x7f0000000240)=[0x0], 0x0, 0x0, 0x1}}, 0x40)

251.216189ms ago: executing program 1 (id=2745):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_MCAST_JOIN_GROUP(r0, 0x0, 0x2a, &(0x7f00000000c0)={0x2, {{0x2, 0x0, @multicast2}}}, 0x88)
setsockopt$inet_MCAST_MSFILTER(r0, 0x0, 0x30, &(0x7f0000000180)={0x2, {{0x2, 0x0, @multicast2}}, 0x0, 0x1, [{}]}, 0x10c)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_MCAST_JOIN_GROUP(r1, 0x0, 0x2a, &(0x7f00000000c0)={0x2, {{0x2, 0x0, @multicast2}}}, 0x88)
setsockopt$inet_MCAST_MSFILTER(r1, 0x0, 0x30, &(0x7f0000000180)={0x2, {{0x2, 0x0, @multicast2}}, 0x1, 0x1, [{}]}, 0x110) (fail_nth: 2)

1.060717ms ago: executing program 1 (id=2746):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x0, 0x0, 0x2}}, 0x0, 0x1a}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xb, &(0x7f0000000b00)=@framed={{}, [@printk={@p, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x20000000}, {0x85, 0x0, 0x0, 0x72}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000c80)={'lo\x00', <r3=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newqdisc={0x148, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {0x1}, {0xffff, 0xffff}, {0x8}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x30, 0x2, {{}, [@TCA_NETEM_LATENCY64={0x0, 0xa, 0x6}]}}}, @TCA_STAB={0xe8, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x9c, 0x8, 0x9, 0xfeb, 0x1, 0x8000, 0xf7, 0xa}}, {0x18, 0x2, [0x3a31, 0x86, 0x1, 0x3, 0x1, 0x83, 0x7fff, 0x1, 0x6, 0x7]}}, {{0x1c, 0x1, {0xa, 0x1, 0x2, 0x4, 0x0, 0x7, 0x5, 0x3}}, {0xfffffffffffffe4a, 0x2, [0x5, 0x58, 0xfe86]}}, {{0x1c, 0x1, {0x2, 0x69, 0x1, 0xb, 0x2, 0xc, 0xc, 0x6}}, {0x10, 0x2, [0x9, 0x8, 0x5, 0x3985, 0x8001, 0x2d]}}, {{0x1c, 0x1, {0x25, 0x5, 0x6, 0x2, 0x2, 0x0, 0x9, 0x9}}, {0x16, 0x2, [0x0, 0xe0, 0xa2, 0x0, 0x4, 0x27ee, 0x446, 0xff, 0xff]}}, {{0x1c, 0x1, {0x81, 0x6, 0x4, 0xe, 0x0, 0x2f4f, 0x1, 0x4}}, {0xc, 0x2, [0x4, 0x0, 0x6000, 0x7fff]}}]}]}, 0x148}, 0x1, 0x0, 0x0, 0x8800}, 0x0)

248.747µs ago: executing program 2 (id=2747):
ioctl$PAGEMAP_SCAN(0xffffffffffffffff, 0xc0606610, &(0x7f00000001c0)={0x60, 0x0, &(0x7f0000ea6000/0xe000)=nil, &(0x7f0000ffb000/0x4000)=nil, 0x0, 0x0})
r0 = syz_io_uring_setup(0x16d2, &(0x7f00000000c0)={0x0, 0x0, 0x10100}, &(0x7f0000000180)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r3, &(0x7f00000001c0)=ANY=[@ANYBLOB='6'], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_MKDIRAT={0x25, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0})
io_uring_enter(r0, 0x2d3e, 0x1f00, 0x0, 0x0, 0x0)

0s ago: executing program 2 (id=2748):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000140)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3f8, 0x0, 0x32}, 0x9c)
bind$inet6(r3, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
r4 = syz_open_dev$ttys(0xc, 0x2, 0x1)
ioctl$TIOCGPKT(r4, 0x80045438, 0x0)
sendto$inet6(r3, &(0x7f0000847fff)='X', 0xcf88, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r3, &(0x7f0000000000)='\t', 0x7e4, 0x0, 0x0, 0x0)
close_range(r2, 0xffffffffffffffff, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000005000/0x18000)=nil, &(0x7f0000000380)=[@text32={0x20, &(0x7f00000001c0)="b8050000000f01c10f46a78900000066ba2100b067ee66ba2000b000ee6d6c2f800000c00f3266bac0000f3066b808008ed0660f38806f008ee0", 0x3a}], 0x1, 0x0, 0x0, 0x63)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r6, &(0x7f0000000100), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r6, 0x0)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x0, 0x0, @pic={0x0, 0x7, 0x3, 0x0, 0x0, 0x0, 0x8}})
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x44], 0x0, 0x2c0710})
ioctl$KVM_RUN(r5, 0xae80, 0x0)

kernel console output (not intermixed with test programs):

ram: false inactive
[  564.774743][T14760] vivid-001: RDS Music: false inactive
[  564.778244][   T39] kauditd_printk_skb: 2131 callbacks suppressed
[  564.778257][   T39] audit: type=1326 audit(1720745739.715:2474): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14767 comm="syz.3.2348" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7486579 code=0x7ffc0000
[  564.793100][T14760] vivid-001: ==================  END STATUS  ==================
[  564.809928][   T39] audit: type=1326 audit(1720745739.715:2475): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14767 comm="syz.3.2348" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7486579 code=0x7ffc0000
[  564.858272][   T39] audit: type=1326 audit(1720745739.715:2476): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14767 comm="syz.3.2348" exe="/syz-executor" sig=0 arch=40000003 syscall=346 compat=1 ip=0xf7486579 code=0x7ffc0000
[  564.872681][   T39] audit: type=1326 audit(1720745739.715:2477): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14767 comm="syz.3.2348" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7486579 code=0x7ffc0000
[  564.884483][   T39] audit: type=1326 audit(1720745739.715:2478): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14767 comm="syz.3.2348" exe="/syz-executor" sig=0 arch=40000003 syscall=346 compat=1 ip=0xf7486579 code=0x7ffc0000
[  564.896784][   T39] audit: type=1326 audit(1720745739.715:2479): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14767 comm="syz.3.2348" exe="/syz-executor" sig=0 arch=40000003 syscall=6 compat=1 ip=0xf7486579 code=0x7ffc0000
[  564.906327][   T39] audit: type=1326 audit(1720745739.715:2480): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14767 comm="syz.3.2348" exe="/syz-executor" sig=0 arch=40000003 syscall=362 compat=1 ip=0xf7486579 code=0x7ffc0000
[  564.919852][   T39] audit: type=1326 audit(1720745739.715:2481): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14767 comm="syz.3.2348" exe="/syz-executor" sig=0 arch=40000003 syscall=6 compat=1 ip=0xf7486579 code=0x7ffc0000
[  564.928728][   T39] audit: type=1326 audit(1720745739.715:2482): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14767 comm="syz.3.2348" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7486579 code=0x7ffc0000
[  564.938176][   T39] audit: type=1326 audit(1720745739.715:2483): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14767 comm="syz.3.2348" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7486579 code=0x7ffc0000
[  565.047198][T14771] __nla_validate_parse: 2 callbacks suppressed
[  565.047220][T14771] netlink: 68 bytes leftover after parsing attributes in process `syz.3.2349'.
[  565.056538][T14771] netlink: 68 bytes leftover after parsing attributes in process `syz.3.2349'.
[  565.587190][T14778] vivid-003: =================  START STATUS  =================
[  565.590940][T14778] vivid-003: Radio HW Seek Mode: Bounded
[  565.593497][T14778] vivid-003: Radio Programmable HW Seek: false
[  565.596079][T14778] vivid-003: RDS Rx I/O Mode: Block I/O
[  565.599818][T14778] vivid-003: Generate RBDS Instead of RDS: false
[  565.603123][T14778] vivid-003: RDS Reception: true
[  565.605595][T14778] vivid-003: RDS Program Type: 0 inactive
[  565.608969][T14778] vivid-003: RDS PS Name:  inactive
[  565.611464][T14778] vivid-003: RDS Radio Text:  inactive
[  565.616001][T14778] vivid-003: RDS Traffic Announcement: false inactive
[  565.620896][T14778] vivid-003: RDS Traffic Program: false inactive
[  565.623920][T14778] vivid-003: RDS Music: false inactive
[  565.626551][T14778] vivid-003: ==================  END STATUS  ==================
[  566.479702][T14795] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2356'.
[  567.106152][T14801] vivid-000: =================  START STATUS  =================
[  567.109716][T14801] vivid-000: Radio HW Seek Mode: Bounded
[  567.112659][T14801] vivid-000: Radio Programmable HW Seek: false
[  567.115521][T14801] vivid-000: RDS Rx I/O Mode: Block I/O
[  567.119025][T14801] vivid-000: Generate RBDS Instead of RDS: false
[  567.121319][T14801] vivid-000: RDS Reception: true
[  567.123098][T14801] vivid-000: RDS Program Type: 0 inactive
[  567.125606][T14801] vivid-000: RDS PS Name:  inactive
[  567.127470][T14801] vivid-000: RDS Radio Text:  inactive
[  567.133082][T14801] vivid-000: RDS Traffic Announcement: false inactive
[  567.136026][T14801] vivid-000: RDS Traffic Program: false inactive
[  567.138734][T14801] vivid-000: RDS Music: false inactive
[  567.141232][T14801] vivid-000: ==================  END STATUS  ==================
[  569.679850][T14860] vivid-002: =================  START STATUS  =================
[  569.683198][T14860] vivid-002: Radio HW Seek Mode: Bounded
[  569.685771][T14860] vivid-002: Radio Programmable HW Seek: false
[  569.692740][T14860] vivid-002: RDS Rx I/O Mode: Block I/O
[  569.695437][T14860] vivid-002: Generate RBDS Instead of RDS: false
[  569.703949][T14860] vivid-002: RDS Reception: true
[  569.706233][T14860] vivid-002: RDS Program Type: 0 inactive
[  569.709656][T14860] vivid-002: RDS PS Name:  inactive
[  569.717146][T14860] vivid-002: RDS Radio Text:  inactive
[  569.720143][T14860] vivid-002: RDS Traffic Announcement: false inactive
[  569.724740][T14860] vivid-002: RDS Traffic Program: false inactive
[  569.728843][T14860] vivid-002: RDS Music: false inactive
[  569.732558][T14860] vivid-002: ==================  END STATUS  ==================
[  570.652073][T14872] vivid-000: =================  START STATUS  =================
[  570.655741][T14872] vivid-000: Radio HW Seek Mode: Bounded
[  570.666768][T14872] vivid-000: Radio Programmable HW Seek: false
[  570.671073][T14872] vivid-000: RDS Rx I/O Mode: Block I/O
[  570.673624][T14872] vivid-000: Generate RBDS Instead of RDS: false
[  570.678394][T14872] vivid-000: RDS Reception: true
[  570.682084][T14872] vivid-000: RDS Program Type: 0 inactive
[  570.684907][T14872] vivid-000: RDS PS Name:  inactive
[  570.687323][T14872] vivid-000: RDS Radio Text:  inactive
[  570.691305][T14872] vivid-000: RDS Traffic Announcement: false inactive
[  570.693973][T14872] vivid-000: RDS Traffic Program: false inactive
[  570.696439][T14872] vivid-000: RDS Music: false inactive
[  570.705968][T14872] vivid-000: ==================  END STATUS  ==================
[  571.161688][T14883] virtio-fs: tag <(null)> not found
[  571.171403][T14883] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(5)
[  571.174365][T14883] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  571.178555][T14883] vhci_hcd vhci_hcd.0: Device attached
[  571.249378][ T5210] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection
[  571.250802][T14884] vhci_hcd: connection closed
[  571.253598][ T1148] vhci_hcd: stop threads
[  571.257720][ T1148] vhci_hcd: release socket
[  571.259842][ T1148] vhci_hcd: disconnect device
[  571.553058][   T30] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  571.757948][   T30] usb 5-1: Using ep0 maxpacket: 32
[  571.762581][   T30] usb 5-1: config 0 has no interfaces?
[  571.770511][   T30] usb 5-1: New USB device found, idVendor=1557, idProduct=8150, bcdDevice=29.ed
[  571.774564][   T30] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  571.778791][   T30] usb 5-1: Product: syz
[  571.780734][   T30] usb 5-1: Manufacturer: syz
[  571.782808][   T30] usb 5-1: SerialNumber: syz
[  571.787135][   T30] usb 5-1: config 0 descriptor??
[  571.849745][T14897] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2383'.
[  572.069834][T14901] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2385'.
[  572.073782][T14901] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2385'.
[  572.085083][T14901] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2385'.
[  572.329379][T14905] vivid-000: =================  START STATUS  =================
[  572.335137][T14905] vivid-000: Radio HW Seek Mode: Bounded
[  572.345614][T14905] vivid-000: Radio Programmable HW Seek: false
[  572.349575][T14905] vivid-000: RDS Rx I/O Mode: Block I/O
[  572.352549][T14905] vivid-000: Generate RBDS Instead of RDS: false
[  572.355332][T14905] vivid-000: RDS Reception: true
[  572.359107][T14905] vivid-000: RDS Program Type: 0 inactive
[  572.362157][T14905] vivid-000: RDS PS Name:  inactive
[  572.364850][T14905] vivid-000: RDS Radio Text:  inactive
[  572.367645][T14905] vivid-000: RDS Traffic Announcement: false inactive
[  572.372777][T14905] vivid-000: RDS Traffic Program: false inactive
[  572.375836][T14905] vivid-000: RDS Music: false inactive
[  572.379234][T14905] vivid-000: ==================  END STATUS  ==================
[  572.696435][   T25] usb 5-1: USB disconnect, device number 9
[  573.346980][T14927] virtio-fs: tag <(null)> not found
[  573.367024][T14927] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(5)
[  573.373455][T14927] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  573.381416][T14927] vhci_hcd vhci_hcd.0: Device attached
[  573.451683][ T5210] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection
[  573.463003][T14928] vhci_hcd: connection closed
[  573.463298][ T1086] vhci_hcd: stop threads
[  573.466965][ T1086] vhci_hcd: release socket
[  573.473794][ T1086] vhci_hcd: disconnect device
[  573.486631][T14933] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2393'.
[  573.529942][T14935] netlink: 'syz.0.2394': attribute type 10 has an invalid length.
[  573.549844][T14935] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  573.554748][T14937] netlink: 'syz.1.2395': attribute type 10 has an invalid length.
[  573.564103][T14937] netlink: 2 bytes leftover after parsing attributes in process `syz.1.2395'.
[  573.574466][T14937] bond0: entered promiscuous mode
[  573.584271][T14937] bond_slave_0: entered promiscuous mode
[  573.588283][T14937] bond_slave_1: entered promiscuous mode
[  573.591359][T14937] bridge0: port 3(bond0) entered blocking state
[  573.594431][T14937] bridge0: port 3(bond0) entered disabled state
[  573.597388][T14937] bond0: entered allmulticast mode
[  573.600107][T14937] bond_slave_0: entered allmulticast mode
[  573.602808][T14937] bond_slave_1: entered allmulticast mode
[  573.613162][T14937] bridge0: port 3(bond0) entered blocking state
[  573.616010][T14937] bridge0: port 3(bond0) entered forwarding state
[  574.832266][   T25] usb 7-1: new high-speed USB device number 15 using dummy_hcd
[  575.000901][T14956] vivid-001: =================  START STATUS  =================
[  575.003923][T14956] vivid-001: Radio HW Seek Mode: Bounded
[  575.006778][T14956] vivid-001: Radio Programmable HW Seek: false
[  575.011432][T14956] vivid-001: RDS Rx I/O Mode: Block I/O
[  575.015969][   T25] usb 7-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[  575.020890][T14956] vivid-001: Generate RBDS Instead of RDS: 
[  575.021599][   T25] usb 7-1: config 27 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  575.031441][T14956] false
[  575.033129][T14956] vivid-001: RDS Reception: true
[  575.034038][   T25] usb 7-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  575.035510][T14956] vivid-001: RDS Program Type: 
[  575.040951][   T25] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  575.041048][T14956] 0
[  575.043152][   T25] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  575.047125][T14956]  inactive
[  575.058782][T14956] vivid-001: RDS PS Name:  inactive
[  575.062201][T14956] vivid-001: RDS Radio Text:  inactive
[  575.079670][T14956] vivid-001: RDS Traffic Announcement: false inactive
[  575.084636][T14956] vivid-001: RDS Traffic Program: false inactive
[  575.090555][T14956] vivid-001: RDS Music: false inactive
[  575.095165][T14956] vivid-001: ==================  END STATUS  ==================
[  575.113791][   T25] snd-usb-audio 7-1:27.0: probe with driver snd-usb-audio failed with error -2
[  575.147762][T14326] udevd[14326]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb7/7-1/7-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  575.268422][ T7794] usb 7-1: USB disconnect, device number 15
[  575.626832][T14966] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2403'.
[  575.803870][T14971] netlink: 'syz.3.2405': attribute type 10 has an invalid length.
[  575.807563][T14971] netlink: 2 bytes leftover after parsing attributes in process `syz.3.2405'.
[  575.815018][T14971] bond0: entered promiscuous mode
[  575.818254][T14971] bond_slave_0: entered promiscuous mode
[  575.822323][T14971] bond_slave_1: entered promiscuous mode
[  575.824986][T14971] mac80211_hwsim hwsim8 wlan1: entered promiscuous mode
[  575.831270][T14971] bridge0: port 3(bond0) entered blocking state
[  575.834199][T14971] bridge0: port 3(bond0) entered disabled state
[  575.837500][T14971] bond0: entered allmulticast mode
[  575.840937][T14971] bond_slave_0: entered allmulticast mode
[  575.843578][T14971] bond_slave_1: entered allmulticast mode
[  575.846006][T14971] mac80211_hwsim hwsim8 wlan1: entered allmulticast mode
[  575.853648][T14975] virtio-fs: tag <(null)> not found
[  575.857992][T14971] bridge0: port 3(bond0) entered blocking state
[  575.861655][T14971] bridge0: port 3(bond0) entered forwarding state
[  575.898209][T14975] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(5)
[  575.901273][T14975] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  575.928986][T14975] vhci_hcd vhci_hcd.0: Device attached
[  575.969655][T14979] netlink: 76 bytes leftover after parsing attributes in process `syz.3.2407'.
[  575.979157][T14976] vhci_hcd: connection closed
[  575.982388][ T1086] vhci_hcd: stop threads
[  575.986691][ T1086] vhci_hcd: release socket
[  575.990558][ T1086] vhci_hcd: disconnect device
[  576.929073][ T7794] usb 7-1: new high-speed USB device number 16 using dummy_hcd
[  577.027110][T14999] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2412'.
[  577.102583][T14996] vivid-002: =================  START STATUS  =================
[  577.106178][T14996] vivid-002: Radio HW Seek Mode: Bounded
[  577.112989][T14996] vivid-002: Radio Programmable HW Seek: false
[  577.116114][T14996] vivid-002: RDS Rx I/O Mode: Block I/O
[  577.119106][T14996] vivid-002: Generate RBDS Instead of RDS: false
[  577.122364][T14996] vivid-002: RDS Reception: true
[  577.126064][T14996] vivid-002: RDS Program Type: 0 inactive
[  577.130759][ T7794] usb 7-1: Using ep0 maxpacket: 32
[  577.137417][T14996] vivid-002: RDS PS Name:  inactive
[  577.145931][ T7794] usb 7-1: config 0 has no interfaces?
[  577.155103][T14996] vivid-002: RDS Radio Text:  inactive
[  577.157713][T14996] vivid-002: RDS Traffic Announcement: false inactive
[  577.159999][ T7794] usb 7-1: New USB device found, idVendor=413c, idProduct=819b, bcdDevice=a7.c0
[  577.164540][ T7794] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  577.164564][ T7794] usb 7-1: Product: syz
[  577.164577][ T7794] usb 7-1: Manufacturer: syz
[  577.164591][ T7794] usb 7-1: SerialNumber: syz
[  577.168647][T14996] vivid-002: RDS Traffic Program: false inactive
[  577.169170][T14996] vivid-002: RDS Music: false inactive
[  577.170380][T14996] vivid-002: ==================  END STATUS  ==================
[  577.175269][ T7794] usb 7-1: config 0 descriptor??
[  577.407952][   T35] usb 7-1: USB disconnect, device number 16
[  577.763361][T15020] virtio-fs: tag <(null)> not found
[  577.787892][T15020] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(5)
[  577.791263][T15020] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  577.816878][T15020] vhci_hcd vhci_hcd.0: Device attached
[  577.888749][ T5210] Bluetooth: hci4: Ignoring HCI_Connection_Complete for existing connection
[  577.921396][T15022] vhci_hcd: connection closed
[  577.922549][ T1088] vhci_hcd: stop threads
[  577.926651][ T1088] vhci_hcd: release socket
[  577.929179][ T1088] vhci_hcd: disconnect device
[  578.261170][T15019] vivid-000: =================  START STATUS  =================
[  578.265198][T15019] vivid-000: Radio HW Seek Mode: Bounded
[  578.268007][T15019] vivid-000: Radio Programmable HW Seek: false
[  578.270677][T15019] vivid-000: RDS Rx I/O Mode: Block I/O
[  578.273280][T15019] vivid-000: Generate RBDS Instead of RDS: false
[  578.276489][T15019] vivid-000: RDS Reception: true
[  578.283363][T15019] vivid-000: RDS Program Type: 0 inactive
[  578.286192][T15019] vivid-000: RDS PS Name:  inactive
[  578.289859][T15019] vivid-000: RDS Radio Text:  inactive
[  578.292397][T15019] vivid-000: RDS Traffic Announcement: false inactive
[  578.295980][T15019] vivid-000: RDS Traffic Program: false inactive
[  578.298761][T15019] vivid-000: RDS Music: false inactive
[  578.301062][T15019] vivid-000: ==================  END STATUS  ==================
[  578.816435][T15031] netlink: 'syz.3.2422': attribute type 10 has an invalid length.
[  578.826204][T15031] netdevsim netdevsim3 netdevsim0: entered promiscuous mode
[  578.840952][T15031] netdevsim netdevsim3 netdevsim0: entered allmulticast mode
[  578.844967][T15031] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  579.255770][T15039] input: syz1 as /devices/virtual/input/input12
[  579.928201][T15052] netlink: 'syz.2.2428': attribute type 1 has an invalid length.
[  579.931947][T15052] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2428'.
[  579.935964][T15052] FAULT_INJECTION: forcing a failure.
[  579.935964][T15052] name failslab, interval 1, probability 0, space 0, times 0
[  579.979276][T15052] CPU: 0 PID: 15052 Comm: syz.2.2428 Not tainted 6.10.0-rc7-syzkaller-00076-g9d9a2f29aefd #0
[  579.983702][T15052] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  579.988467][T15052] Call Trace:
[  579.989835][T15052]  <TASK>
[  579.990985][T15052]  dump_stack_lvl+0x16c/0x1f0
[  579.992625][T15052]  should_fail_ex+0x497/0x5b0
[  579.994410][T15052]  should_failslab+0x9/0x20
[  579.996181][T15052]  kmalloc_trace_noprof+0x6b/0x310
[  579.998144][T15052]  ? nft_add_set_elem+0x2d8b/0x38b0
[  580.000380][T15052]  nft_add_set_elem+0x2d8b/0x38b0
[  580.002505][T15052]  ? __pfx___lock_acquire+0x10/0x10
[  580.004595][T15052]  ? __pfx_nft_add_set_elem+0x10/0x10
[  580.006551][T15052]  ? hlock_class+0x4e/0x130
[  580.008387][T15052]  ? __lock_acquire+0xc5d/0x3b30
[  580.010418][T15052]  ? __pfx___lock_acquire+0x10/0x10
[  580.012381][T15052]  ? find_held_lock+0x2d/0x110
[  580.014446][T15052]  ? nla_strcmp+0xff/0x130
[  580.016323][T15052]  ? nft_set_lookup_global+0x163/0x3d0
[  580.018443][T15052]  nf_tables_newsetelem+0x5d8/0xa20
[  580.020747][T15052]  ? net_generic+0xea/0x2a0
[  580.022722][T15052]  ? __pfx_nf_tables_newsetelem+0x10/0x10
[  580.024847][T15052]  ? __nla_parse+0x40/0x60
[  580.026799][T15052]  nfnetlink_rcv_batch+0x1a13/0x24d0
[  580.029013][T15052]  ? __pfx_nfnetlink_rcv_batch+0x10/0x10
[  580.031308][T15052]  ? kmem_cache_free+0x12f/0x3a0
[  580.033532][T15052]  ? skb_release_data+0x761/0x980
[  580.035926][T15052]  ? lockdep_hardirqs_on+0x7c/0x110
[  580.038343][T15052]  ? __dev_queue_xmit+0x85d/0x4130
[  580.040631][T15052]  ? __local_bh_enable_ip+0xa4/0x120
[  580.043106][T15052]  ? __dev_queue_xmit+0x85d/0x4130
[  580.045438][T15052]  ? __dev_queue_xmit+0x87e/0x4130
[  580.047721][T15052]  ? bpf_lsm_capable+0x9/0x10
[  580.049912][T15052]  ? __nla_parse+0x40/0x60
[  580.051981][T15052]  nfnetlink_rcv+0x3c3/0x430
[  580.054126][T15052]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  580.056557][T15052]  netlink_unicast+0x542/0x820
[  580.058791][T15052]  ? __pfx_netlink_unicast+0x10/0x10
[  580.061294][T15052]  ? __phys_addr_symbol+0x30/0x80
[  580.063638][T15052]  ? __check_object_size+0x48e/0x720
[  580.065808][T15052]  netlink_sendmsg+0x8b8/0xd70
[  580.068269][T15052]  ? __pfx_netlink_sendmsg+0x10/0x10
[  580.070686][T15052]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  580.073121][T15052]  ____sys_sendmsg+0x9b4/0xb50
[  580.075311][T15052]  ? __pfx_____sys_sendmsg+0x10/0x10
[  580.077754][T15052]  ? get_compat_msghdr+0x11b/0x170
[  580.080057][T15052]  ? __pfx___lock_acquire+0x10/0x10
[  580.082450][T15052]  ___sys_sendmsg+0x135/0x1e0
[  580.084604][T15052]  ? __pfx____sys_sendmsg+0x10/0x10
[  580.086903][T15052]  ? ksys_write+0x21c/0x260
[  580.088981][T15052]  ? __fget_light+0x173/0x210
[  580.091095][T15052]  __sys_sendmsg+0x117/0x1f0
[  580.093109][T15052]  ? __pfx___sys_sendmsg+0x10/0x10
[  580.095163][T15052]  __do_fast_syscall_32+0x73/0x120
[  580.097088][T15052]  do_fast_syscall_32+0x32/0x80
[  580.099274][T15052]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  580.102054][T15052] RIP: 0023:0xf7451579
[  580.103908][T15052] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  580.111930][T15052] RSP: 002b:00000000f5d6957c EFLAGS: 00000292 ORIG_RAX: 0000000000000172
[  580.115389][T15052] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000200000c0
[  580.118554][T15052] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  580.122167][T15052] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  580.125755][T15052] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  580.129546][T15052] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  580.133164][T15052]  </TASK>
[  580.320148][T15062] FAULT_INJECTION: forcing a failure.
[  580.320148][T15062] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  580.326397][T15062] CPU: 0 PID: 15062 Comm: syz.1.2431 Not tainted 6.10.0-rc7-syzkaller-00076-g9d9a2f29aefd #0
[  580.331275][T15062] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  580.336239][T15062] Call Trace:
[  580.337831][T15062]  <TASK>
[  580.339262][T15062]  dump_stack_lvl+0x16c/0x1f0
[  580.341432][T15062]  should_fail_ex+0x497/0x5b0
[  580.343662][T15062]  _copy_from_iter+0x411/0xfb0
[  580.345897][T15062]  ? __pfx__copy_from_iter+0x10/0x10
[  580.348326][T15062]  ? __pfx__copy_from_iter+0x10/0x10
[  580.350747][T15062]  copy_page_from_iter+0xa5/0x120
[  580.353025][T15062]  skb_copy_datagram_from_iter+0x41d/0x6c0
[  580.355750][T15062]  packet_sendmsg+0x2046/0x5220
[  580.358018][T15062]  ? __pfx___might_resched+0x10/0x10
[  580.360438][T15062]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  580.363069][T15062]  ? aa_sk_perm+0x2f5/0xb40
[  580.365186][T15062]  ? __pfx_packet_sendmsg+0x10/0x10
[  580.367597][T15062]  ? __pfx_aa_sk_perm+0x10/0x10
[  580.369886][T15062]  ? __import_iovec+0x1fd/0x6e0
[  580.372200][T15062]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  580.374786][T15062]  ____sys_sendmsg+0x9b4/0xb50
[  580.377579][T15062]  ? __pfx_____sys_sendmsg+0x10/0x10
[  580.380059][T15062]  ? get_compat_msghdr+0x11b/0x170
[  580.382309][T15062]  ? __pfx___lock_acquire+0x10/0x10
[  580.384692][T15062]  ___sys_sendmsg+0x135/0x1e0
[  580.386710][T15062]  ? __pfx____sys_sendmsg+0x10/0x10
[  580.388904][T15062]  ? ksys_write+0x21c/0x260
[  580.390521][T15062]  ? __fget_light+0x173/0x210
[  580.392413][T15062]  __sys_sendmsg+0x117/0x1f0
[  580.394340][T15062]  ? __pfx___sys_sendmsg+0x10/0x10
[  580.396480][T15062]  __do_fast_syscall_32+0x73/0x120
[  580.398458][T15062]  do_fast_syscall_32+0x32/0x80
[  580.400621][T15062]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  580.402930][T15062] RIP: 0023:0xf7419579
[  580.404536][T15062] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  580.412113][T15062] RSP: 002b:00000000f5d3157c EFLAGS: 00000292 ORIG_RAX: 0000000000000172
[  580.415536][T15062] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000200000c0
[  580.418647][T15062] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  580.421612][T15062] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  580.425063][T15062] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  580.427876][T15062] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  580.431001][T15062]  </TASK>
[  580.583312][T15069] FAULT_INJECTION: forcing a failure.
[  580.583312][T15069] name failslab, interval 1, probability 0, space 0, times 0
[  580.589250][T15069] CPU: 3 PID: 15069 Comm: syz.0.2434 Not tainted 6.10.0-rc7-syzkaller-00076-g9d9a2f29aefd #0
[  580.593791][T15069] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  580.598590][T15069] Call Trace:
[  580.599962][T15069]  <TASK>
[  580.600886][T15069]  dump_stack_lvl+0x16c/0x1f0
[  580.602362][T15069]  should_fail_ex+0x497/0x5b0
[  580.604148][T15069]  should_failslab+0x9/0x20
[  580.605968][T15069]  kmem_cache_alloc_noprof+0x6e/0x2f0
[  580.608126][T15069]  ? security_file_alloc+0x41/0x260
[  580.610220][T15069]  security_file_alloc+0x41/0x260
[  580.612057][T15069]  init_file+0x99/0x260
[  580.613824][T15069]  alloc_empty_file+0x91/0x1e0
[  580.615883][T15069]  path_openat+0xe0/0x2e50
[  580.617963][T15069]  ? hlock_class+0x4e/0x130
[  580.620162][T15069]  ? __lock_acquire+0x14f4/0x3b30
[  580.622433][T15069]  ? __pfx_path_openat+0x10/0x10
[  580.624719][T15069]  ? __pfx___lock_acquire+0x10/0x10
[  580.626822][T15069]  ? find_held_lock+0x2d/0x110
[  580.629045][T15069]  do_filp_open+0x1dc/0x430
[  580.631230][T15069]  ? __pfx_do_filp_open+0x10/0x10
[  580.633211][T15069]  ? find_held_lock+0x2d/0x110
[  580.634971][T15069]  ? _raw_spin_unlock+0x28/0x50
[  580.637252][T15069]  ? alloc_fd+0x2d7/0x6c0
[  580.639275][T15069]  do_sys_openat2+0x17a/0x1e0
[  580.641388][T15069]  ? __pfx_do_sys_openat2+0x10/0x10
[  580.643746][T15069]  __ia32_compat_sys_openat+0x16e/0x210
[  580.646237][T15069]  ? __pfx___ia32_compat_sys_openat+0x10/0x10
[  580.648756][T15069]  ? ksys_write+0x1ab/0x260
[  580.650599][T15069]  __do_fast_syscall_32+0x73/0x120
[  580.652553][T15069]  do_fast_syscall_32+0x32/0x80
[  580.654653][T15069]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  580.657554][T15069] RIP: 0023:0xf7436579
[  580.659442][T15069] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  580.668165][T15069] RSP: 002b:00000000f5d4e510 EFLAGS: 00000293 ORIG_RAX: 0000000000000127
[  580.671889][T15069] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 00000000f7320315
[  580.675982][T15069] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000f7421ff4
[  580.679133][T15069] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  580.682577][T15069] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  580.686153][T15069] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  580.689750][T15069]  </TASK>
[  581.338929][T15074] vivid-001: =================  START STATUS  =================
[  581.343902][T15083] virtio-fs: tag <(null)> not found
[  581.347176][T15074] vivid-001: Radio HW Seek Mode: Bounded
[  581.354333][T15074] vivid-001: Radio Programmable HW Seek: false
[  581.360201][T15074] vivid-001: RDS Rx I/O Mode: Block I/O
[  581.362870][T15074] vivid-001: Generate RBDS Instead of RDS: false
[  581.365912][T15074] vivid-001: RDS Reception: true
[  581.371341][T15074] vivid-001: RDS Program Type: 0 inactive
[  581.376028][T15074] vivid-001: RDS PS Name:  inactive
[  581.378994][T15074] vivid-001: RDS Radio Text:  inactive
[  581.383950][T15074] vivid-001: RDS Traffic Announcement: false inactive
[  581.387305][T15074] vivid-001: RDS Traffic Program: false inactive
[  581.392485][T15085] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2438'.
[  581.392796][T15074] vivid-001: RDS Music: false
[  581.397296][T15085] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2438'.
[  581.399668][T15074]  inactive
[  581.399689][T15074] vivid-001: ==================  END STATUS  ==================
[  581.411468][T15083] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(5)
[  581.414305][T15083] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  581.417591][T15083] vhci_hcd vhci_hcd.0: Device attached
[  581.417988][T15085] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2438'.
[  581.471942][T15086] vhci_hcd: connection closed
[  581.472439][   T82] vhci_hcd: stop threads
[  581.479269][   T82] vhci_hcd: release socket
[  581.481026][   T82] vhci_hcd: disconnect device
[  581.506617][T15089] netlink: 'syz.1.2439': attribute type 10 has an invalid length.
[  581.513188][T15089] netlink: 2 bytes leftover after parsing attributes in process `syz.1.2439'.
[  581.807712][T15099] cgroup: noprefix used incorrectly
[  581.810880][T15099] cgroup: noprefix used incorrectly
[  581.817059][T15099] cgroup: noprefix used incorrectly
[  581.821507][T15099] cgroup: noprefix used incorrectly
[  581.825710][T15099] cgroup: noprefix used incorrectly
[  581.830675][T15099] cgroup: noprefix used incorrectly
[  581.834634][T15099] cgroup: noprefix used incorrectly
[  581.847412][T15099] cgroup: noprefix used incorrectly
[  581.855269][T15099] cgroup: noprefix used incorrectly
[  581.860558][T15099] cgroup: noprefix used incorrectly
[  582.077733][   T39] kauditd_printk_skb: 60 callbacks suppressed
[  582.077751][   T39] audit: type=1326 audit(1720745757.005:2544): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15101 comm="syz.1.2442" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7419579 code=0x0
[  582.737414][ T5205] Bluetooth: Unknown LE signaling command 0x31
[  582.740383][ T5205] Bluetooth: Wrong link type (-22)
[  582.765089][T15118] vivid-006: disconnect
[  583.280872][T15124] netlink: 'syz.1.2447': attribute type 3 has an invalid length.
[  583.285389][T15124] netlink: 130984 bytes leftover after parsing attributes in process `syz.1.2447'.
[  583.579212][T15133] vivid-004: disconnect
[  583.580533][T15136] virtio-fs: tag <(null)> not found
[  583.583179][T15131] vivid-004: reconnect
[  583.596914][T15136] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(5)
[  583.600101][T15136] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  583.605901][T15136] vhci_hcd vhci_hcd.0: Device attached
[  583.663289][T15117] vivid-006: reconnect
[  583.717744][ T5205] Bluetooth: hci2: Ignoring HCI_Connection_Complete for existing connection
[  583.758004][T15137] vhci_hcd: connection closed
[  583.758232][ T1088] vhci_hcd: stop threads
[  583.763571][ T1088] vhci_hcd: release socket
[  583.766066][ T1088] vhci_hcd: disconnect device
[  583.815049][ T5240] vhci_hcd: vhci_device speed not set
[  584.987122][T15161] FAULT_INJECTION: forcing a failure.
[  584.987122][T15161] name failslab, interval 1, probability 0, space 0, times 0
[  585.042217][T15161] CPU: 1 PID: 15161 Comm: syz.3.2458 Not tainted 6.10.0-rc7-syzkaller-00076-g9d9a2f29aefd #0
[  585.047406][T15161] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  585.054682][T15161] Call Trace:
[  585.056718][T15161]  <TASK>
[  585.058172][T15161]  dump_stack_lvl+0x16c/0x1f0
[  585.060722][T15161]  should_fail_ex+0x497/0x5b0
[  585.062720][T15161]  should_failslab+0x9/0x20
[  585.064619][T15161]  __kmalloc_noprof+0xcf/0x420
[  585.066756][T15161]  ? __pfx_lock_acquire+0x10/0x10
[  585.069163][T15161]  tomoyo_realpath_from_path+0xbf/0x710
[  585.071597][T15161]  ? tomoyo_profile+0x47/0x60
[  585.073671][T15161]  tomoyo_path_number_perm+0x245/0x5b0
[  585.076109][T15161]  ? tomoyo_path_number_perm+0x232/0x5b0
[  585.078514][T15161]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  585.081170][T15161]  ? __pfx_lock_release+0x10/0x10
[  585.083909][T15161]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  585.086661][T15161]  ? __fget_files+0x256/0x400
[  585.088901][T15161]  security_file_ioctl_compat+0x75/0xc0
[  585.091173][T15161]  __do_compat_sys_ioctl+0x5d/0x330
[  585.093637][T15161]  __do_fast_syscall_32+0x73/0x120
[  585.096264][T15161]  do_fast_syscall_32+0x32/0x80
[  585.098619][T15161]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  585.101354][T15161] RIP: 0023:0xf7486579
[  585.102942][T15161] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  585.110680][T15161] RSP: 002b:00000000f5d9e57c EFLAGS: 00000292 ORIG_RAX: 0000000000000036
[  585.113477][T15161] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000004018aee3
[  585.116588][T15161] RDX: 00000000200006c0 RSI: 0000000000000000 RDI: 0000000000000000
[  585.119965][T15161] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  585.123226][T15161] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  585.126741][T15161] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  585.130177][T15161]  </TASK>
[  585.151516][T15161] ERROR: Out of memory at tomoyo_realpath_from_path.
[  585.563310][ T5205] Bluetooth: hci2: link tx timeout
[  585.566223][ T5205] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa
[  585.727573][   T65] Bluetooth: hci4: command 0x0406 tx timeout
[  586.042004][T15180] FAULT_INJECTION: forcing a failure.
[  586.042004][T15180] name failslab, interval 1, probability 0, space 0, times 0
[  586.049978][T15180] CPU: 2 PID: 15180 Comm: syz.2.2463 Not tainted 6.10.0-rc7-syzkaller-00076-g9d9a2f29aefd #0
[  586.054469][T15180] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  586.058960][T15180] Call Trace:
[  586.060315][T15180]  <TASK>
[  586.061482][T15180]  dump_stack_lvl+0x16c/0x1f0
[  586.063657][T15180]  should_fail_ex+0x497/0x5b0
[  586.065805][T15180]  should_failslab+0x9/0x20
[  586.067906][T15180]  __kmalloc_noprof+0xcf/0x420
[  586.070187][T15180]  ? __pfx_lock_acquire+0x10/0x10
[  586.072595][T15180]  tomoyo_realpath_from_path+0xbf/0x710
[  586.075112][T15180]  ? tomoyo_profile+0x47/0x60
[  586.077341][T15180]  tomoyo_path_number_perm+0x245/0x5b0
[  586.079549][T15180]  ? tomoyo_path_number_perm+0x232/0x5b0
[  586.081621][T15180]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  586.083706][T15180]  ? __pfx_lock_release+0x10/0x10
[  586.085508][T15180]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  586.087508][T15180]  ? __fget_files+0x256/0x400
[  586.089627][T15180]  security_file_ioctl_compat+0x75/0xc0
[  586.092246][T15180]  __do_compat_sys_ioctl+0x5d/0x330
[  586.094552][T15180]  __do_fast_syscall_32+0x73/0x120
[  586.096696][T15180]  do_fast_syscall_32+0x32/0x80
[  586.098883][T15180]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  586.101873][T15180] RIP: 0023:0xf7451579
[  586.103783][T15180] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  586.112566][T15180] RSP: 002b:00000000f5d6957c EFLAGS: 00000292 ORIG_RAX: 0000000000000036
[  586.116259][T15180] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000008943
[  586.119785][T15180] RDX: 0000000020002280 RSI: 0000000000000000 RDI: 0000000000000000
[  586.123521][T15180] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  586.127001][T15180] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  586.130453][T15180] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  586.133978][T15180]  </TASK>
[  586.136021][T15180] ERROR: Out of memory at tomoyo_realpath_from_path.
[  586.255165][T15188] bridge0: port 2(bridge_slave_1) entered disabled state
[  586.259211][T15188] bridge0: port 1(bridge_slave_0) entered disabled state
[  586.373785][T15195] virtio-fs: tag <(null)> not found
[  586.403048][T15195] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(5)
[  586.406331][T15195] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  586.418876][T15195] vhci_hcd vhci_hcd.0: Device attached
[  586.524676][   T39] audit: type=1326 audit(1720745761.455:2545): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15200 comm="" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7436579 code=0x7ffc0000
[  586.525831][T15201] random: crng reseeded on system resumption
[  586.543433][   T39] audit: type=1326 audit(1720745761.455:2546): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15200 comm="" exe="/syz-executor" sig=0 arch=40000003 syscall=329 compat=1 ip=0xf7436579 code=0x7ffc0000
[  586.560135][   T39] audit: type=1326 audit(1720745761.455:2547): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15200 comm="" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7436579 code=0x7ffc0000
[  586.570213][   T39] audit: type=1326 audit(1720745761.455:2548): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15200 comm="" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7436579 code=0x7ffc0000
[  586.582254][   T39] audit: type=1326 audit(1720745761.455:2549): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15200 comm="" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7436579 code=0x7ffc0000
[  586.593033][   T39] audit: type=1326 audit(1720745761.485:2550): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15200 comm="" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7436579 code=0x7ffc0000
[  586.595480][T15198] vhci_hcd: connection closed
[  586.602717][ T5210] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection
[  586.609370][   T39] audit: type=1326 audit(1720745761.495:2551): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15200 comm="" exe="/syz-executor" sig=0 arch=40000003 syscall=4 compat=1 ip=0xf7436579 code=0x7ffc0000
[  586.619029][   T39] audit: type=1326 audit(1720745761.495:2552): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15200 comm="" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7436579 code=0x7ffc0000
[  586.621572][ T7794] vhci_hcd: vhci_device speed not set
[  586.627416][   T39] audit: type=1326 audit(1720745761.495:2553): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15200 comm="" exe="/syz-executor" sig=0 arch=40000003 syscall=120 compat=1 ip=0xf7436579 code=0x7ffc0000
[  586.646437][ T1088] vhci_hcd: stop threads
[  586.648645][ T1088] vhci_hcd: release socket
[  586.650863][ T1088] vhci_hcd: disconnect device
[  586.718742][ T7794] usb 19-1: new full-speed USB device number 3 using vhci_hcd
[  586.722482][ T7794] usb 19-1: enqueue for inactive port 0
[  586.817976][ T7794] vhci_hcd: vhci_device speed not set
[  587.628070][   T65] Bluetooth: hci2: command 0x0406 tx timeout
[  588.651449][T15241] virtio-fs: tag <(null)> not found
[  588.673667][T15241] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(5)
[  588.676101][T15241] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  588.680760][T15241] vhci_hcd vhci_hcd.0: Device attached
[  588.721820][ T5205] Bluetooth: hci2: Ignoring HCI_Connection_Complete for existing connection
[  588.724601][T15243] vhci_hcd: connection closed
[  588.726365][ T1148] vhci_hcd: stop threads
[  588.730876][ T1148] vhci_hcd: release socket
[  588.732865][ T1148] vhci_hcd: disconnect device
[  588.733307][ T1086] Bluetooth: hci0: Frame reassembly failed (-84)
[  589.014714][T15247] FAULT_INJECTION: forcing a failure.
[  589.014714][T15247] name failslab, interval 1, probability 0, space 0, times 0
[  589.019719][ T1148] Bluetooth: hci5: Frame reassembly failed (-84)
[  589.021307][T15247] CPU: 2 PID: 15247 Comm: syz.2.2482 Not tainted 6.10.0-rc7-syzkaller-00076-g9d9a2f29aefd #0
[  589.027108][T15247] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  589.031391][T15247] Call Trace:
[  589.032637][T15247]  <TASK>
[  589.033765][T15247]  dump_stack_lvl+0x16c/0x1f0
[  589.035884][T15247]  should_fail_ex+0x497/0x5b0
[  589.038055][T15247]  should_failslab+0x9/0x20
[  589.040109][T15247]  __kmalloc_noprof+0xcf/0x420
[  589.042063][T15247]  ? __pfx_lock_acquire+0x10/0x10
[  589.044090][T15247]  tomoyo_realpath_from_path+0xbf/0x710
[  589.046625][T15247]  ? tomoyo_profile+0x47/0x60
[  589.048765][T15247]  tomoyo_path_number_perm+0x245/0x5b0
[  589.051131][T15247]  ? tomoyo_path_number_perm+0x232/0x5b0
[  589.053504][T15247]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  589.055933][T15247]  ? __pfx_lock_release+0x10/0x10
[  589.058184][T15247]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  589.060627][T15247]  ? __fget_files+0x256/0x400
[  589.062392][T15247]  security_file_ioctl_compat+0x75/0xc0
[  589.064596][T15247]  __do_compat_sys_ioctl+0x5d/0x330
[  589.066650][T15247]  __do_fast_syscall_32+0x73/0x120
[  589.068948][T15247]  do_fast_syscall_32+0x32/0x80
[  589.071172][T15247]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  589.073976][T15247] RIP: 0023:0xf7451579
[  589.075806][T15247] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  589.083859][T15247] RSP: 002b:00000000f5d6957c EFLAGS: 00000292 ORIG_RAX: 0000000000000036
[  589.087404][T15247] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000005423
[  589.090776][T15247] RDX: 0000000020000080 RSI: 0000000000000000 RDI: 0000000000000000
[  589.094109][T15247] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  589.097193][T15247] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  589.100556][T15247] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  589.103517][T15247]  </TASK>
[  589.104789][    C2] vkms_vblank_simulate: vblank timer overrun
[  589.108604][T15247] ERROR: Out of memory at tomoyo_realpath_from_path.
[  589.268989][ T5210] Bluetooth: hci4: unexpected event 0x05 length: 6 > 4
[  589.340855][T15252] FAULT_INJECTION: forcing a failure.
[  589.340855][T15252] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  589.349055][T15252] CPU: 1 PID: 15252 Comm: syz.0.2484 Not tainted 6.10.0-rc7-syzkaller-00076-g9d9a2f29aefd #0
[  589.353382][T15252] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  589.358000][T15252] Call Trace:
[  589.359489][T15252]  <TASK>
[  589.360827][T15252]  dump_stack_lvl+0x16c/0x1f0
[  589.362891][T15252]  should_fail_ex+0x497/0x5b0
[  589.364501][T15252]  _copy_to_iter+0x411/0xfc0
[  589.366284][T15252]  ? __pfx__copy_to_iter+0x10/0x10
[  589.368249][T15252]  ? lock_acquire+0x1b1/0x560
[  589.370222][T15252]  signalfd_copyinfo+0x1aa/0x760
[  589.372375][T15252]  ? __pfx_signalfd_copyinfo+0x10/0x10
[  589.374712][T15252]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  589.377240][T15252]  ? lockdep_hardirqs_on+0x7c/0x110
[  589.379826][T15252]  signalfd_read_iter+0x376/0x770
[  589.382073][T15252]  ? __pfx_signalfd_read_iter+0x10/0x10
[  589.384634][T15252]  ? aa_file_perm+0x4f2/0x1010
[  589.386807][T15252]  ? __pfx_default_wake_function+0x10/0x10
[  589.389053][T15252]  ? copy_compat_iovec_from_user+0x115/0x150
[  589.391128][T15252]  do_iter_readv_writev+0x5e6/0x780
[  589.392925][T15252]  ? __pfx_do_iter_readv_writev+0x10/0x10
[  589.394940][T15252]  ? bpf_lsm_file_permission+0x9/0x10
[  589.396824][T15252]  ? security_file_permission+0x98/0xc0
[  589.398720][T15252]  vfs_readv+0x4d8/0x8a0
[  589.400556][T15252]  ? __pfx_vfs_readv+0x10/0x10
[  589.402462][T15252]  ? __fget_files+0x24c/0x400
[  589.404352][T15252]  ? do_readv+0x137/0x370
[  589.406095][T15252]  do_readv+0x137/0x370
[  589.407850][T15252]  ? __pfx_do_readv+0x10/0x10
[  589.410014][T15252]  __do_fast_syscall_32+0x73/0x120
[  589.412381][T15252]  do_fast_syscall_32+0x32/0x80
[  589.414523][T15252]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  589.417091][T15252] RIP: 0023:0xf7436579
[  589.418814][T15252] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  589.426583][T15252] RSP: 002b:00000000f5d2d57c EFLAGS: 00000292 ORIG_RAX: 0000000000000091
[  589.430003][T15252] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 0000000020000240
[  589.433133][T15252] RDX: 0000000000000002 RSI: 0000000000000000 RDI: 0000000000000000
[  589.436763][T15252] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  589.440152][T15252] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  589.443494][T15252] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  589.446640][T15252]  </TASK>
[  590.748172][ T5210] Bluetooth: hci0: command 0x1003 tx timeout
[  590.753929][   T65] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  590.826875][    C2] vkms_vblank_simulate: vblank timer overrun
[  591.078054][ T4639] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  591.153580][T15269] netlink: 'syz.3.2490': attribute type 4 has an invalid length.
[  591.869537][T15303] FAULT_INJECTION: forcing a failure.
[  591.869537][T15303] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  591.896959][T15303] CPU: 2 PID: 15303 Comm: syz.1.2495 Not tainted 6.10.0-rc7-syzkaller-00076-g9d9a2f29aefd #0
[  591.901376][T15303] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  591.906027][T15303] Call Trace:
[  591.907475][T15303]  <TASK>
[  591.908779][T15303]  dump_stack_lvl+0x16c/0x1f0
[  591.910948][T15303]  should_fail_ex+0x497/0x5b0
[  591.913092][T15303]  _copy_from_user+0x30/0xf0
[  591.915093][T15303]  snd_seq_oss_write+0x398/0x7b0
[  591.917218][T15303]  ? __pfx_snd_seq_oss_write+0x10/0x10
[  591.919577][T15303]  ? __pfx___lock_acquire+0x10/0x10
[  591.921799][T15303]  ? apparmor_file_permission+0x251/0x410
[  591.924327][T15303]  ? bpf_lsm_file_permission+0x9/0x10
[  591.926760][T15303]  ? security_file_permission+0x98/0xc0
[  591.929308][T15303]  ? __pfx_odev_write+0x10/0x10
[  591.931594][T15303]  odev_write+0x57/0xa0
[  591.933486][T15303]  vfs_write+0x29a/0x1140
[  591.935390][T15303]  ? __pfx_vfs_write+0x10/0x10
[  591.937570][T15303]  ? __fget_files+0x256/0x400
[  591.939748][T15303]  ? __fget_light+0x173/0x210
[  591.941882][T15303]  ksys_write+0x12f/0x260
[  591.943753][T15303]  ? __pfx_ksys_write+0x10/0x10
[  591.945803][T15303]  __do_fast_syscall_32+0x73/0x120
[  591.948023][T15303]  do_fast_syscall_32+0x32/0x80
[  591.950114][T15303]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  591.952850][T15303] RIP: 0023:0xf7419579
[  591.954596][T15303] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  591.962871][T15303] RSP: 002b:00000000f5d1057c EFLAGS: 00000292 ORIG_RAX: 0000000000000004
[  591.966565][T15303] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000000
[  591.969981][T15303] RDX: 0000000000000008 RSI: 0000000000000000 RDI: 0000000000000000
[  591.973439][T15303] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  591.976856][T15303] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  591.980301][T15303] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  591.983864][T15303]  </TASK>
[  591.985612][    C2] vkms_vblank_simulate: vblank timer overrun
[  592.528416][T15319] FAULT_INJECTION: forcing a failure.
[  592.528416][T15319] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  592.534541][T15319] CPU: 1 PID: 15319 Comm: syz.2.2499 Not tainted 6.10.0-rc7-syzkaller-00076-g9d9a2f29aefd #0
[  592.539140][T15319] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  592.543812][T15319] Call Trace:
[  592.545260][T15319]  <TASK>
[  592.546500][T15319]  dump_stack_lvl+0x16c/0x1f0
[  592.552193][T15319]  should_fail_ex+0x497/0x5b0
[  592.554356][T15319]  _copy_from_user+0x30/0xf0
[  592.556737][T15319]  get_compat_msghdr+0xa8/0x170
[  592.559206][T15319]  ? __pfx_get_compat_msghdr+0x10/0x10
[  592.561899][T15319]  ? __pfx___lock_acquire+0x10/0x10
[  592.564483][T15319]  ___sys_sendmsg+0x1b0/0x1e0
[  592.566778][T15319]  ? __pfx____sys_sendmsg+0x10/0x10
[  592.569233][T15319]  ? ksys_write+0x21c/0x260
[  592.571274][T15319]  ? __fget_light+0x173/0x210
[  592.573424][T15319]  __sys_sendmsg+0x117/0x1f0
[  592.575575][T15319]  ? __pfx___sys_sendmsg+0x10/0x10
[  592.577919][T15319]  __do_fast_syscall_32+0x73/0x120
[  592.580348][T15319]  do_fast_syscall_32+0x32/0x80
[  592.582654][T15319]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  592.585354][T15319] RIP: 0023:0xf7451579
[  592.587139][T15319] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  592.593795][T15319] RSP: 002b:00000000f5d6957c EFLAGS: 00000292 ORIG_RAX: 0000000000000172
[  592.597277][T15319] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000020000000
[  592.600839][T15319] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  592.604447][T15319] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  592.607756][T15319] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  592.611449][T15319] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  592.615562][T15319]  </TASK>
[  592.727320][T15322] FAULT_INJECTION: forcing a failure.
[  592.727320][T15322] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  592.735738][T15322] CPU: 1 PID: 15322 Comm: syz.1.2500 Not tainted 6.10.0-rc7-syzkaller-00076-g9d9a2f29aefd #0
[  592.740234][T15322] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  592.745176][T15322] Call Trace:
[  592.746844][T15322]  <TASK>
[  592.748227][T15322]  dump_stack_lvl+0x16c/0x1f0
[  592.750375][T15322]  should_fail_ex+0x497/0x5b0
[  592.752525][T15322]  ? fs_reclaim_acquire+0xae/0x160
[  592.754860][T15322]  __should_fail_alloc_page+0xe7/0x130
[  592.757251][T15322]  prepare_alloc_pages.constprop.0+0x16f/0x560
[  592.759924][T15322]  ? __pfx_mark_lock+0x10/0x10
[  592.761984][T15322]  __alloc_pages_noprof+0x194/0x2460
[  592.764331][T15322]  ? unwind_get_return_address+0x45/0xe0
[  592.766763][T15322]  ? hlock_class+0x4e/0x130
[  592.768791][T15322]  ? __lock_acquire+0xc5d/0x3b30
[  592.771236][T15322]  ? __pfx___alloc_pages_noprof+0x10/0x10
[  592.773572][T15322]  ? __pfx___lock_acquire+0x10/0x10
[  592.775781][T15322]  ? __lock_acquire+0xc5d/0x3b30
[  592.777959][T15322]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  592.780839][T15322]  ? policy_nodemask+0xea/0x4e0
[  592.783111][T15322]  alloc_pages_mpol_noprof+0x275/0x610
[  592.785284][T15322]  ? __pfx_alloc_pages_mpol_noprof+0x10/0x10
[  592.787608][T15322]  ? find_held_lock+0x2d/0x110
[  592.789624][T15322]  vma_alloc_folio_noprof+0xad/0x1f0
[  592.792072][T15322]  ? __pfx_vma_alloc_folio_noprof+0x10/0x10
[  592.794831][T15322]  ? reacquire_held_locks+0x20b/0x4c0
[  592.797319][T15322]  ? lock_vma_under_rcu+0x1e2/0x8f0
[  592.799611][T15322]  __handle_mm_fault+0x2cc7/0x52a0
[  592.801882][T15322]  ? down_read_trylock+0x1ed/0x3f0
[  592.804118][T15322]  ? lock_vma_under_rcu+0x1e2/0x8f0
[  592.806382][T15322]  ? __pfx___handle_mm_fault+0x10/0x10
[  592.808770][T15322]  ? __pfx_lock_vma_under_rcu+0x10/0x10
[  592.810915][T15322]  handle_mm_fault+0x476/0xa00
[  592.812714][T15322]  do_user_addr_fault+0x426/0xe50
[  592.814951][T15322]  ? trace_irq_disable.constprop.0+0xe4/0x130
[  592.817395][T15322]  exc_page_fault+0x5c/0xc0
[  592.819280][T15322]  asm_exc_page_fault+0x26/0x30
[  592.821534][T15322] RIP: 0023:0xf724bb30
[  592.823406][T15322] Code: 20 00 00 65 8b 15 14 00 00 00 89 94 24 cc 20 00 00 8b 56 68 85 d2 0f 85 46 01 00 00 c7 46 68 ff ff ff ff 8d 94 24 cc 00 00 00 <89> b4 24 bc 00 00 00 89 54 24 38 89 54 24 34 8d 94 24 cc 20 00 00
[  592.831986][T15322] RSP: 002b:00000000f5d2f4b0 EFLAGS: 00010246
[  592.834213][T15322] RAX: 00000000f72f4c60 RBX: 00000000f7404ff4 RCX: 00000000f5d315e4
[  592.837516][T15322] RDX: 00000000f5d2f57c RSI: 00000000f740b240 RDI: 0000000000000009
[  592.840582][T15322] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  592.843582][T15322] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  592.847755][T15322] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  592.851131][T15322]  </TASK>
[  592.857744][T15322] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[  592.878464][T15326] ip6_vti0: entered allmulticast mode
[  592.937650][T15331] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2503'.
[  592.976892][T15335] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2505'.
[  593.001832][T15335] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2505'.
[  593.098151][   T39] kauditd_printk_skb: 7 callbacks suppressed
[  593.098171][   T39] audit: type=1800 audit(1720745768.025:2561): pid=15342 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.2507" name="SYSV00000000" dev="hugetlbfs" ino=6 res=0 errno=0
[  593.135148][   T39] audit: type=1800 audit(1720745768.065:2562): pid=15342 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.2507" name="SYSV00000000" dev="hugetlbfs" ino=9 res=0 errno=0
[  593.464089][T15358] ptm ptm0: ldisc open failed (-12), clearing slot 0
[  593.684223][T15349] vivid-001: =================  START STATUS  =================
[  593.687293][T15349] vivid-001: Radio HW Seek Mode: Bounded
[  593.689687][T15349] vivid-001: Radio Programmable HW Seek: false
[  593.692531][T15349] vivid-001: RDS Rx I/O Mode: Block I/O
[  593.711500][T15349] vivid-001: Generate RBDS Instead of RDS: false
[  593.715483][T15349] vivid-001: RDS Reception: true
[  593.731799][T15349] vivid-001: RDS Program Type: 0 inactive
[  593.734456][T15349] vivid-001: RDS PS Name:  inactive
[  593.737136][T15349] vivid-001: RDS Radio Text:  inactive
[  593.739725][T15349] vivid-001: RDS Traffic Announcement: false inactive
[  593.739809][T15349] vivid-001: RDS Traffic Program: false inactive
[  593.739833][T15349] vivid-001: RDS Music: false inactive
[  593.739973][T15349] vivid-001: ==================  END STATUS  ==================
[  594.151739][T15365] FAULT_INJECTION: forcing a failure.
[  594.151739][T15365] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  594.157714][T15365] CPU: 3 PID: 15365 Comm: syz.3.2511 Not tainted 6.10.0-rc7-syzkaller-00076-g9d9a2f29aefd #0
[  594.162742][T15365] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  594.167366][T15365] Call Trace:
[  594.168869][T15365]  <TASK>
[  594.170198][T15365]  dump_stack_lvl+0x16c/0x1f0
[  594.172402][T15365]  should_fail_ex+0x497/0x5b0
[  594.174675][T15365]  _copy_to_user+0x30/0xc0
[  594.176905][T15365]  simple_read_from_buffer+0xd0/0x160
[  594.179499][T15365]  proc_fail_nth_read+0x1b0/0x290
[  594.181760][T15365]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  594.184277][T15365]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  594.186739][T15365]  vfs_read+0x1d4/0xbd0
[  594.188457][T15365]  ? __up_read+0x1fb/0x760
[  594.190255][T15365]  ? __fdget_pos+0xeb/0x180
[  594.192073][T15365]  ? __pfx_vfs_read+0x10/0x10
[  594.193957][T15365]  ? __pfx___mutex_lock+0x10/0x10
[  594.196011][T15365]  ? __fget_files+0x256/0x400
[  594.197943][T15365]  ksys_read+0x12f/0x260
[  594.199765][T15365]  ? __pfx_ksys_read+0x10/0x10
[  594.201833][T15365]  __do_fast_syscall_32+0x73/0x120
[  594.204120][T15365]  do_fast_syscall_32+0x32/0x80
[  594.206291][T15365]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  594.209544][T15365] RIP: 0023:0xf7486579
[  594.211351][T15365] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  594.220047][T15365] RSP: 002b:00000000f5d9e5b0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  594.223733][T15365] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 00000000f5d9e630
[  594.227166][T15365] RDX: 000000000000000f RSI: 00000000f7471ff4 RDI: 0000000000000000
[  594.230503][T15365] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  594.234119][T15365] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  594.237569][T15365] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  594.241056][T15365]  </TASK>
[  594.451982][T15372] vivid-003: =================  START STATUS  =================
[  594.455514][T15372] vivid-003: Radio HW Seek Mode: Bounded
[  594.458330][T15372] vivid-003: Radio Programmable HW Seek: false
[  594.465741][T15372] vivid-003: RDS Rx I/O Mode: Block I/O
[  594.471852][T15372] vivid-003: Generate RBDS Instead of RDS: false
[  594.474877][T15372] vivid-003: RDS Reception: true
[  594.480063][T15372] vivid-003: RDS Program Type: 0 inactive
[  594.482812][T15372] vivid-003: RDS PS Name:  inactive
[  594.485644][T15372] vivid-003: RDS Radio Text:  inactive
[  594.490461][T15372] vivid-003: RDS Traffic Announcement: false inactive
[  594.496938][T15372] vivid-003: RDS Traffic Program: false inactive
[  594.501906][T15372] vivid-003: RDS Music: false inactive
[  594.504447][T15372] vivid-003: ==================  END STATUS  ==================
[  594.740062][T15381] vivid-002: =================  START STATUS  =================
[  594.740782][T15381] vivid-002: Radio HW Seek Mode: Bounded
[  594.740813][T15381] vivid-002: Radio Programmable HW Seek: false
[  594.745160][T15381] vivid-002: RDS Rx I/O Mode: Block I/O
[  594.745182][T15381] vivid-002: Generate RBDS Instead of RDS: false
[  594.745203][T15381] vivid-002: RDS Reception: true
[  594.745572][T15381] vivid-002: RDS Program Type: 0 inactive
[  594.745598][T15381] vivid-002: RDS PS Name:  inactive
[  594.745775][T15381] vivid-002: RDS Radio Text:  inactive
[  594.746972][T15381] vivid-002: RDS Traffic Announcement: false inactive
[  594.747580][T15381] vivid-002: RDS Traffic Program: false inactive
[  594.747698][T15381] vivid-002: RDS Music: false inactive
[  594.748404][T15381] vivid-002: ==================  END STATUS  ==================
[  597.402303][T15414] syzkaller1: entered promiscuous mode
[  597.405391][T15414] syzkaller1: entered allmulticast mode
[  597.443575][T15418] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2523'.
[  597.472606][   T57] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  597.604754][T15423] netlink: 'syz.3.2526': attribute type 10 has an invalid length.
[  597.609728][T15423] netlink: 181292 bytes leftover after parsing attributes in process `syz.3.2526'.
[  597.614906][T15423] openvswitch: netlink: Message has 4 unknown bytes.
[  597.714953][   T57] usb 5-1: config index 0 descriptor too short (expected 65535, got 27)
[  597.724885][   T57] usb 5-1: config 255 has too many interfaces: 255, using maximum allowed: 32
[  597.729892][   T57] usb 5-1: config 255 has an invalid descriptor of length 0, skipping remainder of the config
[  597.734099][   T57] usb 5-1: config 255 has 0 interfaces, different from the descriptor's value: 255
[  597.749991][   T57] usb 5-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
[  597.757903][ T7794] usb 6-1: new high-speed USB device number 14 using dummy_hcd
[  597.758308][   T57] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  597.872106][T15428] block nbd2: shutting down sockets
[  597.998398][T15410] fuse: Invalid user_id
[  598.010407][   T25] usb 5-1: USB disconnect, device number 10
[  598.447840][T15445] vivid-002: =================  START STATUS  =================
[  598.452513][T15445] vivid-002: Radio HW Seek Mode: Bounded
[  598.456010][T15445] vivid-002: Radio Programmable HW Seek: false
[  598.459184][T15445] vivid-002: RDS Rx I/O Mode: Block I/O
[  598.463219][T15445] vivid-002: Generate RBDS Instead of RDS: false
[  598.466306][T15445] vivid-002: RDS Reception: true
[  598.469016][T15445] vivid-002: RDS Program Type: 0 inactive
[  598.472903][T15445] vivid-002: RDS PS Name:  inactive
[  598.476423][T15445] vivid-002: RDS Radio Text:  inactive
[  598.479298][T15445] vivid-002: RDS Traffic Announcement: false inactive
[  598.483614][T15445] vivid-002: RDS Traffic Program: false inactive
[  598.486885][T15445] vivid-002: RDS Music: false inactive
[  598.490267][T15445] vivid-002: ==================  END STATUS  ==================
[  599.348024][ T5242] usb 7-1: new high-speed USB device number 17 using dummy_hcd
[  599.577966][ T5242] usb 7-1: Using ep0 maxpacket: 32
[  599.584176][ T5242] usb 7-1: config 0 has no interfaces?
[  599.592774][ T5242] usb 7-1: New USB device found, idVendor=1557, idProduct=8150, bcdDevice=29.ed
[  599.597368][ T5242] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  599.601292][ T5242] usb 7-1: Product: syz
[  599.603316][ T5242] usb 7-1: Manufacturer: syz
[  599.605456][ T5242] usb 7-1: SerialNumber: syz
[  599.616427][ T5242] usb 7-1: config 0 descriptor??
[  600.508078][T15466] netlink: 'syz.1.2537': attribute type 10 has an invalid length.
[  600.517154][T15466] netlink: 181292 bytes leftover after parsing attributes in process `syz.1.2537'.
[  600.530463][T15466] openvswitch: netlink: Message has 4 unknown bytes.
[  600.597581][T15462] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2536'.
[  601.020055][T15473] block nbd1: shutting down sockets
[  601.436516][T15487] block nbd1: shutting down sockets
[  601.663063][ T5240] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  601.881830][ T5240] usb 5-1: config index 0 descriptor too short (expected 65535, got 27)
[  601.885549][ T5240] usb 5-1: config 255 has too many interfaces: 255, using maximum allowed: 32
[  601.897872][ T5240] usb 5-1: config 255 has an invalid descriptor of length 0, skipping remainder of the config
[  601.902632][ T5240] usb 5-1: config 255 has 0 interfaces, different from the descriptor's value: 255
[  601.917913][ T5240] usb 5-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
[  601.922185][ T5240] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  601.971492][   T25] usb 7-1: USB disconnect, device number 17
[  602.350732][T15485] fuse: Invalid user_id
[  602.366071][ T5240] usb 5-1: USB disconnect, device number 11
[  603.211435][T15506] vivid-003: =================  START STATUS  =================
[  603.215988][T15506] vivid-003: Radio HW Seek Mode: Bounded
[  603.222704][T15506] vivid-003: Radio Programmable HW Seek: false
[  603.227504][T15506] vivid-003: RDS Rx I/O Mode: Block I/O
[  603.230784][T15506] vivid-003: Generate RBDS Instead of RDS: false
[  603.233716][T15506] vivid-003: RDS Reception: true
[  603.239342][T15506] vivid-003: RDS Program Type: 0 inactive
[  603.243621][T15506] vivid-003: RDS PS Name:  inactive
[  603.251659][T15506] vivid-003: RDS Radio Text:  inactive
[  603.262130][T15506] vivid-003: RDS Traffic Announcement: false inactive
[  603.273946][T15506] vivid-003: RDS Traffic Program: false inactive
[  603.274048][T15506] vivid-003: RDS Music: false inactive
[  603.274148][T15506] vivid-003: ==================  END STATUS  ==================
[  603.399275][T15513] block nbd3: shutting down sockets
[  603.539749][T15520] netlink: 16186 bytes leftover after parsing attributes in process `syz.3.2550'.
[  603.818292][T15523] block nbd2: shutting down sockets
[  603.947971][   T35] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  604.128058][   T35] usb 5-1: Using ep0 maxpacket: 32
[  604.132124][   T35] usb 5-1: config 0 has no interfaces?
[  604.137305][   T35] usb 5-1: New USB device found, idVendor=1557, idProduct=8150, bcdDevice=29.ed
[  604.147903][   T35] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  604.151612][   T35] usb 5-1: Product: syz
[  604.154237][   T35] usb 5-1: Manufacturer: syz
[  604.156290][   T35] usb 5-1: SerialNumber: syz
[  604.175852][   T35] usb 5-1: config 0 descriptor??
[  604.288271][T15529] vivid-000: =================  START STATUS  =================
[  604.291182][T15529] vivid-000: Radio HW Seek Mode: Bounded
[  604.293758][T15529] vivid-000: Radio Programmable HW Seek: false
[  604.298469][T15529] vivid-000: RDS Rx I/O Mode: Block I/O
[  604.300835][T15529] vivid-000: Generate RBDS Instead of RDS: false
[  604.303455][T15529] vivid-000: RDS Reception: true
[  604.305888][T15529] vivid-000: RDS Program Type: 0 inactive
[  604.310166][T15529] vivid-000: RDS PS Name:  inactive
[  604.312691][T15529] vivid-000: RDS Radio Text:  inactive
[  604.315151][T15529] vivid-000: RDS Traffic Announcement: false inactive
[  604.319540][T15529] vivid-000: RDS Traffic Program: false inactive
[  604.322253][T15529] vivid-000: RDS Music: false inactive
[  604.324680][T15529] vivid-000: ==================  END STATUS  ==================
[  604.393939][   T35] usb 5-1: USB disconnect, device number 12
[  604.428138][ T4639] Bluetooth: hci3: command 0x0406 tx timeout
[  605.523372][T15562] block nbd1: shutting down sockets
[  605.573131][T15560] warning: checkpointing journal with EXT4_IOC_CHECKPOINT_FLAG_ZEROOUT can be slow
[  605.944941][T15568] FAULT_INJECTION: forcing a failure.
[  605.944941][T15568] name failslab, interval 1, probability 0, space 0, times 0
[  605.962738][T15568] CPU: 0 PID: 15568 Comm: syz.1.2563 Not tainted 6.10.0-rc7-syzkaller-00076-g9d9a2f29aefd #0
[  605.966988][T15568] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  605.971774][T15568] Call Trace:
[  605.973521][T15568]  <TASK>
[  605.974973][T15568]  dump_stack_lvl+0x16c/0x1f0
[  605.977338][T15568]  should_fail_ex+0x497/0x5b0
[  605.979926][T15568]  should_failslab+0x9/0x20
[  605.981967][T15568]  __kmalloc_noprof+0xcf/0x420
[  605.984213][T15568]  ? __pfx_lock_acquire+0x10/0x10
[  605.986560][T15568]  tomoyo_realpath_from_path+0xbf/0x710
[  605.989064][T15568]  ? tomoyo_profile+0x47/0x60
[  605.991186][T15568]  tomoyo_path_number_perm+0x245/0x5b0
[  605.994180][T15568]  ? tomoyo_path_number_perm+0x232/0x5b0
[  605.996660][T15568]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  605.999319][T15568]  ? __pfx_lock_release+0x10/0x10
[  606.001722][T15568]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  606.004712][T15568]  ? __fget_files+0x256/0x400
[  606.006889][T15568]  security_file_ioctl_compat+0x75/0xc0
[  606.009266][T15568]  __do_compat_sys_ioctl+0x5d/0x330
[  606.011634][T15568]  __do_fast_syscall_32+0x73/0x120
[  606.013997][T15568]  do_fast_syscall_32+0x32/0x80
[  606.016183][T15568]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  606.018997][T15568] RIP: 0023:0xf7419579
[  606.020911][T15568] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  606.030028][T15568] RSP: 002b:00000000f5d1057c EFLAGS: 00000292 ORIG_RAX: 0000000000000036
[  606.033872][T15568] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000c004743e
[  606.037510][T15568] RDX: 0000000020000140 RSI: 0000000000000000 RDI: 0000000000000000
[  606.040787][T15568] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  606.044478][T15568] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  606.048386][T15568] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  606.053783][T15568]  </TASK>
[  606.063005][T15568] ERROR: Out of memory at tomoyo_realpath_from_path.
[  606.666042][T15578] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2565'.
[  606.830607][T15582] netlink: 'syz.0.2566': attribute type 1 has an invalid length.
[  606.854583][T15582] bond1: entered promiscuous mode
[  606.921133][T15582] bond1: (slave veth3): Enslaving as an active interface with a down link
[  607.849878][T15595] vivid-001: =================  START STATUS  =================
[  607.855783][T15595] vivid-001: Radio HW Seek Mode: Bounded
[  607.869714][T15595] vivid-001: Radio Programmable HW Seek: false
[  607.872645][T15595] vivid-001: RDS Rx I/O Mode: Block I/O
[  607.875567][T15595] vivid-001: Generate RBDS Instead of RDS: false
[  607.886079][T15595] vivid-001: RDS Reception: true
[  607.891449][T15595] vivid-001: RDS Program Type: 0 inactive
[  607.894370][T15595] vivid-001: RDS PS Name:  inactive
[  607.897345][T15595] vivid-001: RDS Radio Text:  inactive
[  607.901415][T15595] vivid-001: RDS Traffic Announcement: false inactive
[  607.905055][T15595] vivid-001: RDS Traffic Program: false inactive
[  607.905086][T15595] vivid-001: RDS Music: false inactive
[  607.905107][T15595] vivid-001: ==================  END STATUS  ==================
[  608.250735][T15607] vivid-002: =================  START STATUS  =================
[  608.254204][T15607] vivid-002: Radio HW Seek Mode: Bounded
[  608.256865][T15607] vivid-002: Radio Programmable HW Seek: false
[  608.284982][T15607] vivid-002: RDS Rx I/O Mode: Block I/O
[  608.293415][T15607] vivid-002: Generate RBDS Instead of RDS: false
[  608.302157][T15607] vivid-002: RDS Reception: true
[  608.327314][T15607] vivid-002: RDS Program Type: 0 inactive
[  608.327355][T15607] vivid-002: RDS PS Name:  inactive
[  608.327377][T15607] vivid-002: RDS Radio Text:  inactive
[  608.327401][T15607] vivid-002: RDS Traffic Announcement: false inactive
[  608.327430][T15607] vivid-002: RDS Traffic Program: false inactive
[  608.327457][T15607] vivid-002: RDS Music: false inactive
[  608.327484][T15607] vivid-002: ==================  END STATUS  ==================
[  608.433931][T15613] warning: checkpointing journal with EXT4_IOC_CHECKPOINT_FLAG_ZEROOUT can be slow
[  609.096098][T15616] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2574'.
[  609.512660][T15623] FAULT_INJECTION: forcing a failure.
[  609.512660][T15623] name failslab, interval 1, probability 0, space 0, times 0
[  609.519232][T15623] CPU: 0 PID: 15623 Comm: syz.2.2576 Not tainted 6.10.0-rc7-syzkaller-00076-g9d9a2f29aefd #0
[  609.522986][T15623] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  609.527515][T15623] Call Trace:
[  609.528930][T15623]  <TASK>
[  609.530202][T15623]  dump_stack_lvl+0x16c/0x1f0
[  609.532735][T15623]  should_fail_ex+0x497/0x5b0
[  609.534773][T15623]  should_failslab+0x9/0x20
[  609.536836][T15623]  __kmalloc_noprof+0xcf/0x420
[  609.539123][T15623]  ? __pfx_d_absolute_path+0x10/0x10
[  609.541387][T15623]  tomoyo_encode2+0x100/0x3e0
[  609.543700][T15623]  tomoyo_realpath_from_path+0x1a7/0x710
[  609.546227][T15623]  tomoyo_path_number_perm+0x245/0x5b0
[  609.548744][T15623]  ? tomoyo_path_number_perm+0x232/0x5b0
[  609.551278][T15623]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  609.554131][T15623]  ? __pfx_lock_release+0x10/0x10
[  609.556985][T15623]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  609.560946][T15623]  ? __fget_files+0x256/0x400
[  609.563114][T15623]  security_file_ioctl_compat+0x75/0xc0
[  609.566297][T15623]  __do_compat_sys_ioctl+0x5d/0x330
[  609.569234][T15623]  __do_fast_syscall_32+0x73/0x120
[  609.571894][T15623]  do_fast_syscall_32+0x32/0x80
[  609.574108][T15623]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  609.577202][T15623] RIP: 0023:0xf7451579
[  609.579309][T15623] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  609.588577][T15623] RSP: 002b:00000000f5d6957c EFLAGS: 00000292 ORIG_RAX: 0000000000000036
[  609.592252][T15623] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080045104
[  609.596579][T15623] RDX: 0000000020000440 RSI: 0000000000000000 RDI: 0000000000000000
[  609.601136][T15623] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  609.604816][T15623] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  609.608120][T15623] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  609.611711][T15623]  </TASK>
[  609.613171][    C0] vkms_vblank_simulate: vblank timer overrun
[  609.624620][T15623] ERROR: Out of memory at tomoyo_realpath_from_path.
[  609.716529][T15625] FAULT_INJECTION: forcing a failure.
[  609.716529][T15625] name failslab, interval 1, probability 0, space 0, times 0
[  609.722162][T15625] CPU: 0 PID: 15625 Comm: syz.2.2577 Not tainted 6.10.0-rc7-syzkaller-00076-g9d9a2f29aefd #0
[  609.734746][T15625] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  609.739467][T15625] Call Trace:
[  609.741044][T15625]  <TASK>
[  609.742425][T15625]  dump_stack_lvl+0x16c/0x1f0
[  609.744674][T15625]  should_fail_ex+0x497/0x5b0
[  609.746855][T15625]  should_failslab+0x9/0x20
[  609.748925][T15625]  __kmalloc_noprof+0xcf/0x420
[  609.751119][T15625]  ? __pfx_d_absolute_path+0x10/0x10
[  609.753248][T15625]  tomoyo_encode2+0x100/0x3e0
[  609.755122][T15625]  tomoyo_realpath_from_path+0x1a7/0x710
[  609.757393][T15625]  tomoyo_path_number_perm+0x245/0x5b0
[  609.759757][T15625]  ? tomoyo_path_number_perm+0x232/0x5b0
[  609.762122][T15625]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  609.764717][T15625]  ? __pfx_lock_release+0x10/0x10
[  609.767027][T15625]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  609.769779][T15625]  ? __fget_files+0x256/0x400
[  609.771877][T15625]  security_file_ioctl_compat+0x75/0xc0
[  609.774393][T15625]  __do_compat_sys_ioctl+0x5d/0x330
[  609.779550][T15625]  __do_fast_syscall_32+0x73/0x120
[  609.781903][T15625]  do_fast_syscall_32+0x32/0x80
[  609.784228][T15625]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  609.787530][T15625] RIP: 0023:0xf7451579
[  609.789385][T15625] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  609.798697][T15625] RSP: 002b:00000000f5d6957c EFLAGS: 00000292 ORIG_RAX: 0000000000000036
[  609.802634][T15625] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000004c0a
[  609.806270][T15625] RDX: 00000000200003c0 RSI: 0000000000000000 RDI: 0000000000000000
[  609.809973][T15625] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  609.814175][T15625] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  609.817980][T15625] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  609.821660][T15625]  </TASK>
[  609.823558][    C0] vkms_vblank_simulate: vblank timer overrun
[  609.884888][T15625] ERROR: Out of memory at tomoyo_realpath_from_path.
[  610.237952][   T35] usb 7-1: new high-speed USB device number 18 using dummy_hcd
[  610.448091][   T35] usb 7-1: Using ep0 maxpacket: 32
[  610.462064][   T35] usb 7-1: config index 0 descriptor too short (expected 156, got 27)
[  610.466110][   T35] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x87 has an invalid bInterval 0, changing to 7
[  610.477094][   T35] usb 7-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  610.482189][   T35] usb 7-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  610.486160][   T35] usb 7-1: Product: syz
[  610.488863][   T35] usb 7-1: Manufacturer: syz
[  610.491008][   T35] usb 7-1: SerialNumber: syz
[  610.498098][   T35] usb 7-1: config 0 descriptor??
[  610.503987][   T35] ldusb 7-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  610.522376][   T35] ldusb 7-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  610.528328][T15636] vivid-003: =================  START STATUS  =================
[  610.531630][T15636] vivid-003: Radio HW Seek Mode: Bounded
[  610.536614][T15636] vivid-003: Radio Programmable HW Seek: false
[  610.542917][T15636] vivid-003: RDS Rx I/O Mode: Block I/O
[  610.545152][T15636] vivid-003: Generate RBDS Instead of RDS: false
[  610.548708][T15636] vivid-003: RDS Reception: true
[  610.551267][T15636] vivid-003: RDS Program Type: 0 inactive
[  610.557946][T15636] vivid-003: RDS PS Name:  inactive
[  610.560659][T15636] vivid-003: RDS Radio Text:  inactive
[  610.565815][T15636] vivid-003: RDS Traffic Announcement: false inactive
[  610.570412][T15636] vivid-003: RDS Traffic Program: false inactive
[  610.574236][T15636] vivid-003: RDS Music: false inactive
[  610.576731][T15636] vivid-003: ==================  END STATUS  ==================
[  610.733479][   T57] usb 7-1: USB disconnect, device number 18
[  610.733596][    C2] ldusb 7-1:0.0: usb_submit_urb failed (-19)
[  610.739776][   T57] ldusb 7-1:0.0: LD USB Device #0 now disconnected
[  610.940027][T15627] ldusb: No device or device unplugged -19
[  610.959938][T15627] binder_alloc: 15626: binder_alloc_buf, no vma
[  610.966995][T15627] MTD: Attempt to mount non-MTD device "/dev/nullb0"
[  610.977679][T15627] netlink: 'syz.2.2578': attribute type 2 has an invalid length.
[  610.984421][T15627] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2578'.
[  611.170901][T15641] fuse: Unknown parameter ''
[  611.480788][T15653] netlink: 60 bytes leftover after parsing attributes in process `syz.3.2585'.
[  611.503684][T15653] Êü: entered promiscuous mode
[  611.525862][T15653] netlink: 56 bytes leftover after parsing attributes in process `syz.3.2585'.
[  612.373464][T15677] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2589'.
[  612.746751][T15681] FAULT_INJECTION: forcing a failure.
[  612.746751][T15681] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  612.787913][T15681] CPU: 3 PID: 15681 Comm: syz.3.2591 Not tainted 6.10.0-rc7-syzkaller-00076-g9d9a2f29aefd #0
[  612.792688][T15681] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  612.797481][T15681] Call Trace:
[  612.799573][T15681]  <TASK>
[  612.802072][T15681]  dump_stack_lvl+0x16c/0x1f0
[  612.805173][T15681]  should_fail_ex+0x497/0x5b0
[  612.807724][T15681]  _copy_from_user+0x30/0xf0
[  612.810074][T15681]  compat_do_replace+0x16f/0x500
[  612.812918][T15681]  ? __pfx_compat_do_replace+0x10/0x10
[  612.815335][T15681]  ? __pfx_aa_get_newest_label+0x10/0x10
[  612.819099][T15681]  ? bpf_lsm_capable+0x9/0x10
[  612.821316][T15681]  ? security_capable+0x98/0xd0
[  612.823765][T15681]  do_ip6t_set_ctl+0x686/0xc20
[  612.826559][T15681]  ? rcu_is_watching+0x12/0xc0
[  612.829242][T15681]  ? trace_contention_end+0xea/0x140
[  612.832176][T15681]  ? __pfx_do_ip6t_set_ctl+0x10/0x10
[  612.835957][T15681]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  612.839838][T15681]  ? __pfx___might_resched+0x10/0x10
[  612.843589][T15681]  ? nf_sockopt_find.constprop.0+0x221/0x290
[  612.850538][T15681]  nf_setsockopt+0x8a/0xf0
[  612.867518][T15681]  ipv6_setsockopt+0x133/0x1a0
[  612.870110][T15681]  tcp_setsockopt+0xa4/0x100
[  612.872165][T15681]  ? bpf_lsm_socket_setsockopt+0x9/0x10
[  612.874643][T15681]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  612.877292][T15681]  do_sock_setsockopt+0x222/0x480
[  612.879988][T15681]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  612.884461][T15681]  ? __fget_light+0x173/0x210
[  612.887006][T15681]  __sys_setsockopt+0x1a4/0x270
[  612.890401][T15681]  ? __pfx___sys_setsockopt+0x10/0x10
[  612.895816][T15681]  ? fput+0x32/0x390
[  612.897643][T15681]  ? ksys_write+0x1ab/0x260
[  612.900047][T15681]  ? __pfx_ksys_write+0x10/0x10
[  612.902322][T15681]  __ia32_sys_setsockopt+0xbc/0x160
[  612.905124][T15681]  ? lockdep_hardirqs_on+0x7c/0x110
[  612.907457][T15681]  ? syscall_enter_from_user_mode_prepare+0x68/0xe0
[  612.910466][T15681]  __do_fast_syscall_32+0x73/0x120
[  612.912866][T15681]  do_fast_syscall_32+0x32/0x80
[  612.915516][T15681]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  612.918316][T15681] RIP: 0023:0xf7486579
[  612.920247][T15681] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  612.929870][T15681] RSP: 002b:00000000f5d9e57c EFLAGS: 00000292 ORIG_RAX: 000000000000016e
[  612.934634][T15681] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000029
[  612.939151][T15681] RDX: 0000000000000040 RSI: 0000000020000e80 RDI: 000000000000056c
[  612.943828][T15681] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  612.947257][T15681] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  612.950793][T15681] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  612.954393][T15681]  </TASK>
[  613.092056][T15690] netlink: 'syz.3.2595': attribute type 10 has an invalid length.
[  613.096207][T15690] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.2595'.
[  613.102180][T15690] openvswitch: netlink: Key type 29 is not supported
[  613.250125][T15702] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2598'.
[  613.497998][ T5240] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[  613.631276][T15705] vivid-002: =================  START STATUS  =================
[  613.635264][T15705] vivid-002: Radio HW Seek Mode: Bounded
[  613.638865][T15705] vivid-002: Radio Programmable HW Seek: false
[  613.641833][T15705] vivid-002: RDS Rx I/O Mode: Block I/O
[  613.644628][T15705] vivid-002: Generate RBDS Instead of RDS: false
[  613.647736][T15705] vivid-002: RDS Reception: true
[  613.650677][T15705] vivid-002: RDS Program Type: 0 inactive
[  613.653434][T15705] vivid-002: RDS PS Name:  inactive
[  613.656183][T15705] vivid-002: RDS Radio Text:  inactive
[  613.658864][T15705] vivid-002: RDS Traffic Announcement: false inactive
[  613.662200][T15705] vivid-002: RDS Traffic Program: false inactive
[  613.664969][T15705] vivid-002: RDS Music: false inactive
[  613.667968][T15705] vivid-002: ==================  END STATUS  ==================
[  613.677907][ T5240] usb 5-1: Using ep0 maxpacket: 8
[  613.691011][ T5240] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0xA has invalid maxpacket 1023, setting to 64
[  613.691047][ T5240] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0xFE has invalid maxpacket 18032, setting to 1024
[  613.691067][ T5240] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0xFE has invalid maxpacket 1024
[  613.691084][ T5240] usb 5-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  613.691100][ T5240] usb 5-1: config 0 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  613.693698][ T5240] usb 5-1: New USB device found, idVendor=0403, idProduct=6015, bcdDevice= 0.6d
[  613.693729][ T5240] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  613.693747][ T5240] usb 5-1: Product: syz
[  613.693761][ T5240] usb 5-1: Manufacturer: syz
[  613.693774][ T5240] usb 5-1: SerialNumber: syz
[  613.695950][ T5240] usb 5-1: config 0 descriptor??
[  613.697110][T15700] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  613.700068][ T5240] ftdi_sio 5-1:0.0: FTDI USB Serial Device converter detected
[  613.701694][ T5240] usb 5-1: Detected SIO
[  613.726210][ T5240] usb 5-1: FTDI USB Serial Device converter now attached to ttyUSB0
[  613.942190][ T5240] usb 5-1: USB disconnect, device number 13
[  613.950797][ T5240] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[  613.956593][ T5240] ftdi_sio 5-1:0.0: device disconnected
[  614.093863][T15718] FAULT_INJECTION: forcing a failure.
[  614.093863][T15718] name failslab, interval 1, probability 0, space 0, times 0
[  614.100644][T15718] CPU: 1 PID: 15718 Comm: syz.2.2601 Not tainted 6.10.0-rc7-syzkaller-00076-g9d9a2f29aefd #0
[  614.104977][T15718] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  614.110248][T15718] Call Trace:
[  614.111856][T15718]  <TASK>
[  614.113360][T15718]  dump_stack_lvl+0x16c/0x1f0
[  614.115482][T15718]  should_fail_ex+0x497/0x5b0
[  614.118285][T15718]  ? hlock_class+0x4e/0x130
[  614.120770][T15718]  should_failslab+0x9/0x20
[  614.122917][T15718]  kmem_cache_alloc_node_noprof+0x71/0x310
[  614.125624][T15718]  ? __alloc_skb+0x2b3/0x380
[  614.127699][T15718]  __alloc_skb+0x2b3/0x380
[  614.129789][T15718]  ? __pfx___alloc_skb+0x10/0x10
[  614.132087][T15718]  ? __timer_delete+0xf6/0x1c0
[  614.134299][T15718]  ? __pfx_mark_lock+0x10/0x10
[  614.136480][T15718]  __ipv6_ifa_notify+0x1fb/0xc30
[  614.138707][T15718]  ? __pfx___ipv6_ifa_notify+0x10/0x10
[  614.141263][T15718]  ? __pfx___cancel_work+0x10/0x10
[  614.143567][T15718]  ? ipv6_del_addr+0x4de/0xba0
[  614.145736][T15718]  ipv6_del_addr+0x4de/0xba0
[  614.147811][T15718]  ? __pfx_ipv6_del_addr+0x10/0x10
[  614.149682][T15718]  ? inet6_addr_del+0x27e/0x720
[  614.151541][T15718]  ? __local_bh_enable_ip+0xa4/0x120
[  614.153772][T15718]  inet6_addr_del+0x2e9/0x720
[  614.156048][T15718]  addrconf_del_ifaddr+0x122/0x190
[  614.156079][T15718]  ? __pfx_addrconf_del_ifaddr+0x10/0x10
[  614.156096][T15718]  ? find_held_lock+0x2d/0x110
[  614.162516][T15718]  inet6_ioctl+0x1e7/0x2b0
[  614.164250][T15718]  ? __pfx_inet6_ioctl+0x10/0x10
[  614.166134][T15718]  ? kfree+0x12a/0x3b0
[  614.167695][T15718]  ? tomoyo_path_number_perm+0x467/0x5b0
[  614.169949][T15718]  ? tomoyo_path_number_perm+0x190/0x5b0
[  614.172111][T15718]  sock_do_ioctl+0x116/0x280
[  614.173753][T15718]  ? __pfx_sock_do_ioctl+0x10/0x10
[  614.175711][T15718]  ? vfs_fileattr_set+0xb90/0xc00
[  614.177710][T15718]  ? __pfx_lock_release+0x10/0x10
[  614.180016][T15718]  compat_sock_ioctl+0x31e/0x7f0
[  614.182308][T15718]  ? __pfx_compat_sock_ioctl+0x10/0x10
[  614.184752][T15718]  ? __fget_files+0x256/0x400
[  614.187019][T15718]  ? bpf_lsm_file_ioctl_compat+0x9/0x10
[  614.189676][T15718]  ? __pfx_compat_sock_ioctl+0x10/0x10
[  614.192356][T15718]  __do_compat_sys_ioctl+0x2c3/0x330
[  614.194729][T15718]  __do_fast_syscall_32+0x73/0x120
[  614.196823][T15718]  do_fast_syscall_32+0x32/0x80
[  614.198729][T15718]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  614.201797][T15718] RIP: 0023:0xf7451579
[  614.203655][T15718] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  614.211461][T15718] RSP: 002b:00000000f5d4857c EFLAGS: 00000292 ORIG_RAX: 0000000000000036
[  614.214716][T15718] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000008936
[  614.217803][T15718] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000
[  614.220835][T15718] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  614.224083][T15718] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  614.226999][T15718] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  614.230902][T15718]  </TASK>
[  614.577465][T15723] netlink: 148 bytes leftover after parsing attributes in process `syz.0.2603'.
[  614.581888][T15723] netlink: 'syz.0.2603': attribute type 2 has an invalid length.
[  614.585232][T15723] netlink: 60 bytes leftover after parsing attributes in process `syz.0.2603'.
[  614.835559][T15721] netlink: 5 bytes leftover after parsing attributes in process `syz.2.2602'.
[  614.841615][T15721] A link change request failed with some changes committed already. Interface ip_vti0 may have been left with an inconsistent configuration, please check.
[  615.232372][T15738] vivid-001: =================  START STATUS  =================
[  615.236396][T15738] vivid-001: Radio HW Seek Mode: Bounded
[  615.240536][T15738] vivid-001: Radio Programmable HW Seek: false
[  615.243832][T15738] vivid-001: RDS Rx I/O Mode: Block I/O
[  615.246180][T15738] vivid-001: Generate RBDS Instead of RDS: false
[  615.249600][T15738] vivid-001: RDS Reception: true
[  615.252542][T15738] vivid-001: RDS Program Type: 0 inactive
[  615.256200][T15738] vivid-001: RDS PS Name:  inactive
[  615.276558][T15738] vivid-001: RDS Radio Text:  inactive
[  615.280381][T15738] vivid-001: RDS Traffic Announcement: false inactive
[  615.283670][T15738] vivid-001: RDS Traffic Program: false inactive
[  615.288567][T15738] vivid-001: RDS Music: false inactive
[  615.289038][T15738] vivid-001: ==================  END STATUS  ==================
[  615.361354][T15743] FAULT_INJECTION: forcing a failure.
[  615.361354][T15743] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  615.361386][T15743] CPU: 2 PID: 15743 Comm: syz.1.2609 Not tainted 6.10.0-rc7-syzkaller-00076-g9d9a2f29aefd #0
[  615.361405][T15743] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  615.361415][T15743] Call Trace:
[  615.361423][T15743]  <TASK>
[  615.361430][T15743]  dump_stack_lvl+0x16c/0x1f0
[  615.361457][T15743]  should_fail_ex+0x497/0x5b0
[  615.361492][T15743]  _copy_from_iter+0x27a/0xfb0
[  615.361518][T15743]  ? __alloc_skb+0x200/0x380
[  615.361543][T15743]  ? __pfx__copy_from_iter+0x10/0x10
[  615.361569][T15743]  ? __virt_addr_valid+0x5e/0x590
[  615.361595][T15743]  ? __phys_addr_symbol+0x30/0x80
[  615.361616][T15743]  ? __check_object_size+0x48e/0x720
[  615.361765][T15743]  netlink_sendmsg+0x813/0xd70
[  615.361787][T15743]  ? __pfx_netlink_sendmsg+0x10/0x10
[  615.361808][T15743]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  615.361831][T15743]  ____sys_sendmsg+0x9b4/0xb50
[  615.361855][T15743]  ? __pfx_____sys_sendmsg+0x10/0x10
[  615.361876][T15743]  ? get_compat_msghdr+0x11b/0x170
[  615.361903][T15743]  ? __pfx___lock_acquire+0x10/0x10
[  615.361925][T15743]  ___sys_sendmsg+0x135/0x1e0
[  615.361946][T15743]  ? __pfx____sys_sendmsg+0x10/0x10
[  615.361973][T15743]  ? ksys_write+0x21c/0x260
[  615.362004][T15743]  ? __fget_light+0x173/0x210
[  615.362027][T15743]  __sys_sendmsg+0x117/0x1f0
[  615.362046][T15743]  ? __pfx___sys_sendmsg+0x10/0x10
[  615.362080][T15743]  __do_fast_syscall_32+0x73/0x120
[  615.362106][T15743]  do_fast_syscall_32+0x32/0x80
[  615.362130][T15743]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  615.362149][T15743] RIP: 0023:0xf7419579
[  615.362163][T15743] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  615.362180][T15743] RSP: 002b:00000000f5d3157c EFLAGS: 00000292 ORIG_RAX: 0000000000000172
[  615.362197][T15743] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000200000c0
[  615.362209][T15743] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  615.362219][T15743] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  615.362229][T15743] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  615.362239][T15743] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  615.362261][T15743]  </TASK>
[  615.432187][T15745] FAULT_INJECTION: forcing a failure.
[  615.432187][T15745] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  615.509608][T15745] CPU: 3 PID: 15745 Comm: syz.1.2610 Not tainted 6.10.0-rc7-syzkaller-00076-g9d9a2f29aefd #0
[  615.509635][T15745] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  615.509646][T15745] Call Trace:
[  615.509653][T15745]  <TASK>
[  615.509660][T15745]  dump_stack_lvl+0x16c/0x1f0
[  615.509688][T15745]  should_fail_ex+0x497/0x5b0
[  615.509715][T15745]  _copy_from_iter+0x27a/0xfb0
[  615.509741][T15745]  ? __pfx__copy_from_iter+0x10/0x10
[  615.509759][T15745]  ? trace_kmem_cache_alloc+0x2d/0xe0
[  615.509781][T15745]  ? __virt_addr_valid+0x5e/0x590
[  615.509802][T15745]  ? const_folio_flags.constprop.0+0x56/0x150
[  615.509818][T15745]  ? __phys_addr_symbol+0x30/0x80
[  615.509839][T15745]  ? __check_object_size+0x48e/0x720
[  615.509856][T15745]  netlink_sendmsg+0x813/0xd70
[  615.509877][T15745]  ? __pfx_netlink_sendmsg+0x10/0x10
[  615.509895][T15745]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  615.509915][T15745]  ____sys_sendmsg+0x9b4/0xb50
[  615.509939][T15745]  ? __pfx_____sys_sendmsg+0x10/0x10
[  615.509958][T15745]  ? get_compat_msghdr+0x11b/0x170
[  615.509984][T15745]  ? __pfx___lock_acquire+0x10/0x10
[  615.510004][T15745]  ___sys_sendmsg+0x135/0x1e0
[  615.510023][T15745]  ? __pfx____sys_sendmsg+0x10/0x10
[  615.510046][T15745]  ? ksys_write+0x21c/0x260
[  615.510075][T15745]  ? __fget_light+0x173/0x210
[  615.510097][T15745]  __sys_sendmsg+0x117/0x1f0
[  615.510114][T15745]  ? __pfx___sys_sendmsg+0x10/0x10
[  615.510144][T15745]  __do_fast_syscall_32+0x73/0x120
[  615.510168][T15745]  do_fast_syscall_32+0x32/0x80
[  615.510188][T15745]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  615.510207][T15745] RIP: 0023:0xf7419579
[  615.510220][T15745] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  615.510237][T15745] RSP: 002b:00000000f5d3157c EFLAGS: 00000292 ORIG_RAX: 0000000000000172
[  615.510256][T15745] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000020000000
[  615.510267][T15745] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  615.510276][T15745] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  615.510286][T15745] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  615.510296][T15745] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  615.510314][T15745]  </TASK>
[  616.847982][   T10] usb 6-1: new high-speed USB device number 15 using dummy_hcd
[  617.040771][   T10] usb 6-1: Using ep0 maxpacket: 32
[  617.046503][   T10] usb 6-1: config 0 has no interfaces?
[  617.054502][   T10] usb 6-1: New USB device found, idVendor=1557, idProduct=8150, bcdDevice=29.ed
[  617.060289][   T10] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  617.077190][   T10] usb 6-1: Product: syz
[  617.080159][   T10] usb 6-1: Manufacturer: syz
[  617.082872][   T10] usb 6-1: SerialNumber: syz
[  617.092777][   T10] usb 6-1: config 0 descriptor??
[  617.305618][   T10] usb 6-1: USB disconnect, device number 15
[  617.340798][T15773] vivid-000: =================  START STATUS  =================
[  617.368014][T15773] vivid-000: Radio HW Seek Mode: Bounded
[  617.374727][T15773] vivid-000: Radio Programmable HW Seek: false
[  617.377287][T15773] vivid-000: RDS Rx I/O Mode: Block I/O
[  617.382066][T15773] vivid-000: Generate RBDS Instead of RDS: false
[  617.384555][T15773] vivid-000: RDS Reception: true
[  617.386407][T15773] vivid-000: RDS Program Type: 0 inactive
[  617.393401][T15773] vivid-000: RDS PS Name:  inactive
[  617.396652][T15773] vivid-000: RDS Radio Text:  inactive
[  617.400062][T15773] vivid-000: RDS Traffic Announcement: false inactive
[  617.403434][T15773] vivid-000: RDS Traffic Program: false inactive
[  617.406574][T15773] vivid-000: RDS Music: false inactive
[  617.409787][T15773] vivid-000: ==================  END STATUS  ==================
[  618.064085][T15775] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2617'.
[  619.134857][   T57] usb 6-1: new high-speed USB device number 16 using dummy_hcd
[  619.328513][   T57] usb 6-1: Using ep0 maxpacket: 8
[  619.333556][   T57] usb 6-1: config 246 has too many interfaces: 42, using maximum allowed: 32
[  619.339977][   T57] usb 6-1: config 246 descriptor has 1 excess byte, ignoring
[  619.347939][   T57] usb 6-1: config 246 has 1 interface, different from the descriptor's value: 42
[  619.352182][   T57] usb 6-1: config 246 interface 0 altsetting 0 endpoint 0x3F has an invalid bInterval 255, changing to 11
[  619.359799][   T57] usb 6-1: config 246 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7
[  619.365155][   T57] usb 6-1: config 246 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  619.374078][   T57] usb 6-1: config 246 has too many interfaces: 42, using maximum allowed: 32
[  619.381469][   T57] usb 6-1: config 246 descriptor has 1 excess byte, ignoring
[  619.386212][   T57] usb 6-1: config 246 has 1 interface, different from the descriptor's value: 42
[  619.396489][   T57] usb 6-1: config 246 interface 0 altsetting 0 endpoint 0x3F has an invalid bInterval 255, changing to 11
[  619.404716][   T57] usb 6-1: config 246 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7
[  619.414126][   T57] usb 6-1: config 246 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  619.421093][   T57] usb 6-1: config 246 has too many interfaces: 42, using maximum allowed: 32
[  619.425442][   T57] usb 6-1: config 246 descriptor has 1 excess byte, ignoring
[  619.432493][   T57] usb 6-1: config 246 has 1 interface, different from the descriptor's value: 42
[  619.437153][   T57] usb 6-1: config 246 interface 0 altsetting 0 endpoint 0x3F has an invalid bInterval 255, changing to 11
[  619.444165][   T57] usb 6-1: config 246 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7
[  619.452447][   T57] usb 6-1: config 246 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  619.464116][   T57] usb 6-1: string descriptor 0 read error: -22
[  619.480339][   T57] usb 6-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  619.485217][   T57] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  619.523189][   T57] adutux 6-1:246.0: ADU100  now attached to /dev/usb/adutux0
[  619.771148][ T5240] usb 6-1: USB disconnect, device number 16
[  619.971659][T15789] adutux: No device or device unplugged -19
[  620.849629][ T5240] usb 6-1: new high-speed USB device number 17 using dummy_hcd
[  621.044353][ T5240] usb 6-1: Using ep0 maxpacket: 32
[  621.056335][ T5240] usb 6-1: config 0 has no interfaces?
[  621.078501][ T5240] usb 6-1: New USB device found, idVendor=1557, idProduct=8150, bcdDevice=29.ed
[  621.089657][ T5240] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  621.096193][ T5240] usb 6-1: Product: syz
[  621.099010][ T5240] usb 6-1: Manufacturer: syz
[  621.101325][ T5240] usb 6-1: SerialNumber: syz
[  621.124585][ T5240] usb 6-1: config 0 descriptor??
[  621.346504][ T5240] usb 6-1: USB disconnect, device number 17
[  621.887161][T15822] can0: slcan on ttyS3.
[  622.049704][T15822] can0 (unregistered): slcan off ttyS3.
[  622.838301][T15842] vivid-002: =================  START STATUS  =================
[  622.848623][T15842] vivid-002: Radio HW Seek Mode: Bounded
[  622.851163][T15842] vivid-002: Radio Programmable HW Seek: false
[  622.853892][T15842] vivid-002: RDS Rx I/O Mode: Block I/O
[  622.857462][T15842] vivid-002: Generate RBDS Instead of RDS: false
[  622.861310][T15842] vivid-002: RDS Reception: true
[  622.864028][T15842] vivid-002: RDS Program Type: 0 inactive
[  622.868673][T15842] vivid-002: RDS PS Name:  inactive
[  622.871646][T15842] vivid-002: RDS Radio Text:  inactive
[  622.875605][T15842] vivid-002: RDS Traffic Announcement: false inactive
[  622.879361][T15842] vivid-002: RDS Traffic Program: false inactive
[  622.886959][T15842] vivid-002: RDS Music: false inactive
[  622.890407][T15842] vivid-002: ==================  END STATUS  ==================
[  622.982904][T15853] netlink: 'syz.2.2634': attribute type 2 has an invalid length.
[  622.982933][T15853] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2634'.
[  623.298796][T15860] Unsupported ieee802154 address type: 0
[  623.661284][T15866] vivid-001: =================  START STATUS  =================
[  623.664624][T15866] vivid-001: Radio HW Seek Mode: Bounded
[  623.667070][T15866] vivid-001: Radio Programmable HW Seek: false
[  623.670421][T15866] vivid-001: RDS Rx I/O Mode: Block I/O
[  623.672805][T15866] vivid-001: Generate RBDS Instead of RDS: false
[  623.675486][T15866] vivid-001: RDS Reception: true
[  623.678196][T15866] vivid-001: RDS Program Type: 0 inactive
[  623.692710][T15866] vivid-001: RDS PS Name:  inactive
[  623.696085][T15866] vivid-001: RDS Radio Text:  inactive
[  623.709250][T15866] vivid-001: RDS Traffic Announcement: false inactive
[  623.712529][T15866] vivid-001: RDS Traffic Program: false inactive
[  623.716464][T15866] vivid-001: RDS Music: false inactive
[  623.728110][T15866] vivid-001: ==================  END STATUS  ==================
[  624.034717][T15874] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2640'.
[  624.603635][ T1353] ieee802154 phy0 wpan0: encryption failed: -22
[  624.606756][ T1353] ieee802154 phy1 wpan1: encryption failed: -22
[  625.277879][T15895] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2646'.
[  625.330425][T15899] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2648'.
[  625.518595][T15907] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2650'.
[  625.522813][T15907] FAULT_INJECTION: forcing a failure.
[  625.522813][T15907] name failslab, interval 1, probability 0, space 0, times 0
[  625.532784][T15907] CPU: 3 PID: 15907 Comm: syz.3.2650 Not tainted 6.10.0-rc7-syzkaller-00076-g9d9a2f29aefd #0
[  625.550069][T15907] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  625.554156][T15907] Call Trace:
[  625.555571][T15907]  <TASK>
[  625.556915][T15907]  dump_stack_lvl+0x16c/0x1f0
[  625.559058][T15907]  should_fail_ex+0x497/0x5b0
[  625.561177][T15907]  should_failslab+0x9/0x20
[  625.563195][T15907]  kmalloc_trace_noprof+0x6b/0x310
[  625.565515][T15907]  ? xfrm_policy_alloc+0x87/0x440
[  625.567799][T15907]  xfrm_policy_alloc+0x87/0x440
[  625.569969][T15907]  xfrm_policy_construct+0x35/0xa10
[  625.572277][T15907]  xfrm_add_policy+0x29e/0x870
[  625.589430][T15907]  ? __pfx_xfrm_add_policy+0x10/0x10
[  625.592045][T15907]  ? __nla_parse+0x40/0x60
[  625.594303][T15907]  ? __pfx_xfrm_add_policy+0x10/0x10
[  625.597119][T15907]  xfrm_user_rcv_msg+0x58c/0xb30
[  625.599688][T15907]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  625.602237][T15907]  ? kasan_quarantine_put+0x10a/0x240
[  625.604831][T15907]  ? hlock_class+0x4e/0x130
[  625.607035][T15907]  ? __lock_acquire+0x14f4/0x3b30
[  625.609606][T15907]  ? __mutex_trylock_common+0xea/0x250
[  625.612867][T15907]  netlink_rcv_skb+0x165/0x410
[  625.615017][T15907]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  625.617542][T15907]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  625.620727][T15907]  ? __mutex_lock+0x1a6/0x9c0
[  625.623613][T15907]  ? netlink_deliver_tap+0x1ae/0xcf0
[  625.626383][T15907]  xfrm_netlink_rcv+0x71/0x90
[  625.628970][T15907]  netlink_unicast+0x542/0x820
[  625.631274][T15907]  ? __pfx_netlink_unicast+0x10/0x10
[  625.634426][T15907]  ? __phys_addr_symbol+0x30/0x80
[  625.637124][T15907]  ? __check_object_size+0x48e/0x720
[  625.639422][T15907]  netlink_sendmsg+0x8b8/0xd70
[  625.641651][T15907]  ? __pfx_netlink_sendmsg+0x10/0x10
[  625.644179][T15907]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  625.646542][T15907]  ____sys_sendmsg+0x9b4/0xb50
[  625.648680][T15907]  ? __pfx_____sys_sendmsg+0x10/0x10
[  625.651551][T15907]  ? get_compat_msghdr+0x11b/0x170
[  625.653972][T15907]  ? __pfx___lock_acquire+0x10/0x10
[  625.656408][T15907]  ___sys_sendmsg+0x135/0x1e0
[  625.658463][T15907]  ? __pfx____sys_sendmsg+0x10/0x10
[  625.660899][T15907]  ? ksys_write+0x21c/0x260
[  625.663050][T15907]  ? __fget_light+0x173/0x210
[  625.679357][T15907]  __sys_sendmsg+0x117/0x1f0
[  625.681292][T15907]  ? __pfx___sys_sendmsg+0x10/0x10
[  625.683451][T15907]  __do_fast_syscall_32+0x73/0x120
[  625.685485][T15907]  do_fast_syscall_32+0x32/0x80
[  625.687502][T15907]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  625.689988][T15907] RIP: 0023:0xf7486579
[  625.692066][T15907] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  625.701150][T15907] RSP: 002b:00000000f5d9e57c EFLAGS: 00000292 ORIG_RAX: 0000000000000172
[  625.705404][T15907] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000580
[  625.709081][T15907] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  625.712419][T15907] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  625.716842][T15907] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  625.720434][T15907] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  625.723960][T15907]  </TASK>
[  626.158463][T15920] block nbd2: shutting down sockets
[  626.164396][T15912] vivid-002: =================  START STATUS  =================
[  626.171549][T15912] vivid-002: Radio HW Seek Mode: Bounded
[  626.174673][T15912] vivid-002: Radio Programmable HW Seek: false
[  626.178321][T15912] vivid-002: RDS Rx I/O Mode: Block I/O
[  626.183987][T15912] vivid-002: Generate RBDS Instead of RDS: false
[  626.186874][T15912] vivid-002: RDS Reception: true
[  626.190096][T15912] vivid-002: RDS Program Type: 0 inactive
[  626.193419][T15912] vivid-002: RDS PS Name:  inactive
[  626.196735][T15912] vivid-002: RDS Radio Text:  inactive
[  626.200894][T15912] vivid-002: RDS Traffic Announcement: false inactive
[  626.203948][T15912] vivid-002: RDS Traffic Program: false inactive
[  626.206895][T15912] vivid-002: RDS Music: false inactive
[  626.211896][T15912] vivid-002: ==================  END STATUS  ==================
[  626.295871][T15924] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2656'.
[  626.306244][T15926] virtio-fs: tag <(null)> not found
[  626.314440][T15927] virtio-fs: tag <(null)> not found
[  626.351865][T15927] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(5)
[  626.351902][T15927] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  626.353321][T15927] vhci_hcd vhci_hcd.0: Device attached
[  626.387461][T15926] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(5)
[  626.387491][T15926] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  626.387945][T15926] vhci_hcd vhci_hcd.0: Device attached
[  626.409685][ T4639] Bluetooth: hci2: Ignoring HCI_Connection_Complete for existing connection
[  626.411920][T15930] vhci_hcd: connection closed
[  626.413914][   T82] vhci_hcd: stop threads
[  626.413942][   T82] vhci_hcd: release socket
[  626.413959][   T82] vhci_hcd: disconnect device
[  626.481628][T15932] vhci_hcd: connection closed
[  626.483248][   T82] vhci_hcd: stop threads
[  626.492456][   T82] vhci_hcd: release socket
[  626.494741][   T82] vhci_hcd: disconnect device
[  627.139334][T15943] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2659'.
[  627.282679][   T65] Bluetooth: hci4: unexpected event 0x05 length: 6 > 4
[  627.868160][T15957] block nbd1: shutting down sockets
[  628.072613][T15963] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2665'.
[  628.194766][T15967] virtio-fs: tag <(null)> not found
[  628.210853][T15967] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(5)
[  628.213612][T15967] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  628.218955][T15967] vhci_hcd vhci_hcd.0: Device attached
[  628.273020][   T65] Bluetooth: hci4: Ignoring HCI_Connection_Complete for existing connection
[  628.287651][T15968] vhci_hcd: connection closed
[  628.296464][   T13] vhci_hcd: stop threads
[  628.303216][   T13] vhci_hcd: release socket
[  628.305657][   T13] vhci_hcd: disconnect device
[  628.728541][T15973] virtio-fs: tag <(null)> not found
[  628.758722][T15973] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(5)
[  628.761775][T15973] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  628.764985][T15973] vhci_hcd vhci_hcd.0: Device attached
[  628.834450][T15974] vhci_hcd: connection closed
[  628.834940][   T13] vhci_hcd: stop threads
[  628.839466][   T13] vhci_hcd: release socket
[  628.839960][T15977] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2669'.
[  628.841437][   T13] vhci_hcd: disconnect device
[  629.277115][T15982] sit0: entered allmulticast mode
[  629.458222][T15989] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2674'.
[  629.816792][T16011] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2680'.
[  630.361495][T16023] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2684'.
[  630.432823][T16027] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2686'.
[  630.501316][T16027] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.2686'.
[  630.505685][T16027] openvswitch: netlink: VXLAN extension 45 out of range max 1
[  630.861906][T16055] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2694'.
[  630.996736][ T5240] usb 7-1: new high-speed USB device number 19 using dummy_hcd
[  631.180504][ T5240] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0xFF has an invalid bInterval 255, changing to 11
[  631.194191][ T5240] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0xFF has invalid maxpacket 59391, setting to 1024
[  631.209849][ T5240] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  631.225927][ T5240] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  631.237959][ T5240] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  631.251995][ T5240] usb 7-1: config 0 descriptor??
[  631.260718][T16035] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  631.717316][ T5240] plantronics 0003:047F:FFFF.0008: unknown main item tag 0xd
[  631.723294][ T5240] plantronics 0003:047F:FFFF.0008: No inputs registered, leaving
[  631.736009][ T5240] plantronics 0003:047F:FFFF.0008: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0
[  631.768011][T16067] FAULT_INJECTION: forcing a failure.
[  631.768011][T16067] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  631.774408][T16067] CPU: 0 PID: 16067 Comm: syz.3.2695 Not tainted 6.10.0-rc7-syzkaller-00076-g9d9a2f29aefd #0
[  631.780189][T16067] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  631.785436][T16067] Call Trace:
[  631.787000][T16067]  <TASK>
[  631.788404][T16067]  dump_stack_lvl+0x16c/0x1f0
[  631.791075][T16067]  should_fail_ex+0x497/0x5b0
[  631.793182][T16067]  _copy_from_user+0x30/0xf0
[  631.795538][T16067]  do_ip_setsockopt+0x2099/0x38c0
[  631.798613][T16067]  ? __pfx_do_ip_setsockopt+0x10/0x10
[  631.801222][T16067]  ? __pfx___might_resched+0x10/0x10
[  631.803974][T16067]  ? __pfx___lock_acquire+0x10/0x10
[  631.806260][T16067]  ? __pfx_lock_release+0x10/0x10
[  631.809119][T16067]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  631.811844][T16067]  ? aa_sk_perm+0x2f5/0xb40
[  631.813903][T16067]  ip_setsockopt+0x59/0xf0
[  631.815874][T16067]  tcp_setsockopt+0xa4/0x100
[  631.817897][T16067]  ? bpf_lsm_socket_setsockopt+0x9/0x10
[  631.820445][T16067]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  631.823425][T16067]  do_sock_setsockopt+0x222/0x480
[  631.825580][T16067]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  631.828310][T16067]  ? __fget_light+0x173/0x210
[  631.830312][T16067]  __sys_setsockopt+0x1a4/0x270
[  631.832475][T16067]  ? __pfx___sys_setsockopt+0x10/0x10
[  631.834599][T16067]  ? fput+0x32/0x390
[  631.835984][T16067]  ? ksys_write+0x1ab/0x260
[  631.838027][T16067]  ? __pfx_ksys_write+0x10/0x10
[  631.840091][T16067]  __ia32_sys_setsockopt+0xbc/0x160
[  631.842017][T16067]  ? lockdep_hardirqs_on+0x7c/0x110
[  631.844282][T16067]  ? syscall_enter_from_user_mode_prepare+0x68/0xe0
[  631.847263][T16067]  __do_fast_syscall_32+0x73/0x120
[  631.849967][T16067]  do_fast_syscall_32+0x32/0x80
[  631.852286][T16067]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  631.855336][T16067] RIP: 0023:0xf7486579
[  631.857300][T16067] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  631.866391][T16067] RSP: 002b:00000000f5d9e57c EFLAGS: 00000292 ORIG_RAX: 000000000000016e
[  631.869682][T16067] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000000000
[  631.873343][T16067] RDX: 0000000000000030 RSI: 0000000020000180 RDI: 000000000000008c
[  631.876994][T16067] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  631.880406][T16067] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  631.884074][T16067] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  631.887580][T16067]  </TASK>
[  632.029274][   T65] Bluetooth: hci2: command 0x0406 tx timeout
[  632.242322][T16084] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2702'.
[  632.320885][ T4639] Bluetooth: hci4: Received unexpected HCI Event 0x00
[  632.413256][T16089] block nbd3: shutting down sockets
[  632.469738][T16091] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2704'.
[  632.507708][T16091] FAULT_INJECTION: forcing a failure.
[  632.507708][T16091] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  632.514063][T16091] CPU: 2 PID: 16091 Comm: syz.3.2704 Not tainted 6.10.0-rc7-syzkaller-00076-g9d9a2f29aefd #0
[  632.518763][T16091] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  632.524176][T16091] Call Trace:
[  632.525905][T16091]  <TASK>
[  632.527451][T16091]  dump_stack_lvl+0x16c/0x1f0
[  632.529700][T16091]  should_fail_ex+0x497/0x5b0
[  632.531859][T16091]  _copy_from_user+0x30/0xf0
[  632.533915][T16091]  get_compat_msghdr+0xa8/0x170
[  632.536125][T16091]  ? __pfx_get_compat_msghdr+0x10/0x10
[  632.538598][T16091]  ? kfree+0x245/0x3b0
[  632.540471][T16091]  ? find_held_lock+0x2d/0x110
[  632.542679][T16091]  ___sys_recvmsg+0x193/0x1a0
[  632.544812][T16091]  ? __pfx____sys_recvmsg+0x10/0x10
[  632.547237][T16091]  ? __pfx___might_resched+0x10/0x10
[  632.549684][T16091]  ? __fget_light+0x173/0x210
[  632.551834][T16091]  do_recvmmsg+0x51a/0x750
[  632.553899][T16091]  ? __pfx_do_recvmmsg+0x10/0x10
[  632.556301][T16091]  ? __pfx_lock_release+0x10/0x10
[  632.567361][T16091]  ? vfs_write+0x14d/0x1140
[  632.569296][T16091]  __sys_recvmmsg+0x21e/0x280
[  632.571382][T16091]  ? __pfx___sys_recvmmsg+0x10/0x10
[  632.573812][T16091]  ? __pfx_ksys_write+0x10/0x10
[  632.576205][T16091]  __ia32_compat_sys_recvmmsg_time32+0xc4/0x160
[  632.587138][T16091]  ? lockdep_hardirqs_on+0x7c/0x110
[  632.589279][T16091]  ? syscall_enter_from_user_mode_prepare+0x68/0xe0
[  632.591949][T16091]  __do_fast_syscall_32+0x73/0x120
[  632.594013][T16091]  do_fast_syscall_32+0x32/0x80
[  632.596130][T16091]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  632.601666][T16091] RIP: 0023:0xf7486579
[  632.603266][T16091] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  632.610671][T16091] RSP: 002b:00000000f5d9e57c EFLAGS: 00000292 ORIG_RAX: 0000000000000151
[  632.613125][T16091] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000020000b40
[  632.615844][T16091] RDX: 00000000000005df RSI: 0000000000000002 RDI: 0000000000000000
[  632.619217][T16091] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  632.622615][T16091] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  632.625585][T16091] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  632.628480][T16091]  </TASK>
[  632.633819][ T4639] Bluetooth: hci4: ACL packet for unknown connection handle 200
[  633.179783][   T10] usb 7-1: reset high-speed USB device number 19 using dummy_hcd
[  633.372606][   T10] usb 7-1: device descriptor read/64, error -32
[  633.662677][   T10] usb 7-1: reset high-speed USB device number 19 using dummy_hcd
[  633.843567][   T10] usb 7-1: device descriptor read/64, error -32
[  634.128244][   T10] usb 7-1: reset high-speed USB device number 19 using dummy_hcd
[  634.168428][   T10] usb 7-1: device descriptor read/8, error -32
[  634.292786][T16102] 9pnet: Limiting 'msize' to 1048576 as this is the maximum supported by transport fd
[  634.471200][   T10] usb 7-1: reset high-speed USB device number 19 using dummy_hcd
[  634.519041][   T10] usb 7-1: device descriptor read/8, error -32
[  634.639622][T16107] netlink: 48 bytes leftover after parsing attributes in process `syz.3.2710'.
[  634.655814][   T10] raw-gadget.0 gadget.2: failed to queue suspend event
[  634.670741][ T7794] usb 7-1: USB disconnect, device number 19
[  634.677197][T16075] raw-gadget.0 gadget.2: failed to queue disconnect event
[  634.871844][T16114] vivid-001: =================  START STATUS  =================
[  634.880485][T16114] vivid-001: Radio HW Seek Mode: Bounded
[  634.888512][T16114] vivid-001: Radio Programmable HW Seek: false
[  634.899846][T16114] vivid-001: RDS Rx I/O Mode: Block I/O
[  634.908318][T16114] vivid-001: Generate RBDS Instead of RDS: 
[  634.909257][T16118] block nbd2: shutting down sockets
[  634.915634][T16114] false
[  634.926663][T16114] vivid-001: RDS Reception: true
[  634.929413][T16114] vivid-001: RDS Program Type: 0 inactive
[  634.929449][T16114] vivid-001: RDS PS Name:  inactive
[  634.929476][T16114] vivid-001: RDS Radio Text:  inactive
[  634.929503][T16114] vivid-001: RDS Traffic Announcement: false inactive
[  634.944668][T16114] vivid-001: RDS Traffic Program: false inactive
[  634.944838][T16114] vivid-001: RDS Music: false inactive
[  634.945170][T16114] vivid-001: ==================  END STATUS  ==================
[  635.428067][ T7794] usb 7-1: new high-speed USB device number 20 using dummy_hcd
[  635.541408][T16126] vivid-003: =================  START STATUS  =================
[  635.553455][T16126] vivid-003: Radio HW Seek Mode: Bounded
[  635.561343][T16126] vivid-003: Radio Programmable HW Seek: false
[  635.564349][T16126] vivid-003: RDS Rx I/O Mode: Block I/O
[  635.569120][T16126] vivid-003: Generate RBDS Instead of RDS: false
[  635.574762][T16126] vivid-003: RDS Reception: true
[  635.578664][T16126] vivid-003: RDS Program Type: 0 inactive
[  635.578700][T16126] vivid-003: RDS PS Name:  inactive
[  635.578725][T16126] vivid-003: RDS Radio Text:  inactive
[  635.578750][T16126] vivid-003: RDS Traffic Announcement: false inactive
[  635.578780][T16126] vivid-003: RDS Traffic Program: false inactive
[  635.597255][T16126] vivid-003: RDS Music: false inactive
[  635.606909][T16126] vivid-003: ==================  END STATUS  ==================
[  635.638197][ T7794] usb 7-1: Using ep0 maxpacket: 32
[  635.640954][ T7794] usb 7-1: config 0 has no interfaces?
[  635.643874][ T7794] usb 7-1: New USB device found, idVendor=1557, idProduct=8150, bcdDevice=29.ed
[  635.643905][ T7794] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  635.643927][ T7794] usb 7-1: Product: syz
[  635.643941][ T7794] usb 7-1: Manufacturer: syz
[  635.643954][ T7794] usb 7-1: SerialNumber: syz
[  635.646130][ T7794] usb 7-1: config 0 descriptor??
[  636.337279][T16132] vivid-002: =================  START STATUS  =================
[  636.342675][T16132] vivid-002: Radio HW Seek Mode: Bounded
[  636.345396][T16132] vivid-002: Radio Programmable HW Seek: false
[  636.358952][T16132] vivid-002: RDS Rx I/O Mode: Block I/O
[  636.361497][T16132] vivid-002: Generate RBDS Instead of RDS: false
[  636.364470][T16132] vivid-002: RDS Reception: true
[  636.367662][T16132] vivid-002: RDS Program Type: 0 inactive
[  636.371429][T16132] vivid-002: RDS PS Name:  inactive
[  636.381550][T16132] vivid-002: RDS Radio Text:  inactive
[  636.381620][T16132] vivid-002: RDS Traffic Announcement: false inactive
[  636.381646][T16132] vivid-002: RDS Traffic Program: false inactive
[  636.381670][T16132] vivid-002: RDS Music: false inactive
[  636.381694][T16132] vivid-002: ==================  END STATUS  ==================
[  636.942034][ T4639] Bluetooth: hci2: ACL packet for unknown connection handle 201
[  637.638394][T16148] FAULT_INJECTION: forcing a failure.
[  637.638394][T16148] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  637.645028][T16148] CPU: 2 PID: 16148 Comm: syz.1.2718 Not tainted 6.10.0-rc7-syzkaller-00076-g9d9a2f29aefd #0
[  637.649372][T16148] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  637.656517][T16148] Call Trace:
[  637.658115][T16148]  <TASK>
[  637.659429][T16148]  dump_stack_lvl+0x16c/0x1f0
[  637.662085][T16148]  should_fail_ex+0x497/0x5b0
[  637.664353][T16148]  _copy_to_iter+0x27a/0xfc0
[  637.666430][T16148]  ? do_raw_spin_unlock+0x172/0x230
[  637.668842][T16148]  ? __pfx__copy_to_iter+0x10/0x10
[  637.670870][T16148]  ? free_unref_page+0x75f/0xe40
[  637.672967][T16148]  ? __folio_put+0x23e/0x360
[  637.675556][T16148]  ? __pfx___folio_put+0x10/0x10
[  637.677953][T16148]  copy_page_to_iter+0xf1/0x180
[  637.680221][T16148]  pipe_to_user+0xb0/0x170
[  637.682185][T16148]  ? anon_pipe_buf_release+0x3fa/0x4b0
[  637.685311][T16148]  __splice_from_pipe+0x3a0/0x810
[  637.687670][T16148]  ? __pfx_pipe_to_user+0x10/0x10
[  637.690109][T16148]  __do_sys_vmsplice+0xc13/0x1230
[  637.692470][T16148]  ? get_pid_task+0xfc/0x250
[  637.694574][T16148]  ? __pfx_lock_release+0x10/0x10
[  637.696999][T16148]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  637.699557][T16148]  ? __pfx___do_sys_vmsplice+0x10/0x10
[  637.702011][T16148]  ? ksys_write+0x12f/0x260
[  637.703658][T16148]  ? ksys_write+0x21c/0x260
[  637.705234][T16148]  ? __pfx_lock_release+0x10/0x10
[  637.707141][T16148]  ? fput+0x32/0x390
[  637.708750][T16148]  ? ksys_write+0x1ab/0x260
[  637.710904][T16148]  ? __pfx_ksys_write+0x10/0x10
[  637.712805][T16148]  ? __do_fast_syscall_32+0x73/0x120
[  637.714928][T16148]  __do_fast_syscall_32+0x73/0x120
[  637.717250][T16148]  do_fast_syscall_32+0x32/0x80
[  637.719817][T16148]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  637.722442][T16148] RIP: 0023:0xf7419579
[  637.724020][T16148] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  637.731607][T16148] RSP: 002b:00000000f5d1057c EFLAGS: 00000292 ORIG_RAX: 000000000000013c
[  637.734776][T16148] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000020000000
[  637.738087][T16148] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000000000000000
[  637.741281][T16148] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  637.744582][T16148] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  637.747386][T16148] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  637.750566][T16148]  </TASK>
[  637.811069][ T7794] Dead loop on virtual device ipvlan1, fix it urgently!
[  637.926958][T16150] ceph: No mds server is up or the cluster is laggy
[  637.971342][T16164] block nbd0: shutting down sockets
[  637.983621][ T7794] usb 7-1: USB disconnect, device number 20
[  638.403835][T16174] vivid-001: =================  START STATUS  =================
[  638.407455][T16174] vivid-001: Radio HW Seek Mode: Bounded
[  638.411442][T16174] vivid-001: Radio Programmable HW Seek: false
[  638.416179][T16174] vivid-001: RDS Rx I/O Mode: Block I/O
[  638.420134][T16174] vivid-001: Generate RBDS Instead of RDS: false
[  638.423511][T16174] vivid-001: RDS Reception: true
[  638.426151][T16174] vivid-001: RDS Program Type: 0 inactive
[  638.429528][T16174] vivid-001: RDS PS Name:  inactive
[  638.435556][T16174] vivid-001: RDS Radio Text:  inactive
[  638.439328][T16174] vivid-001: RDS Traffic Announcement: false inactive
[  638.442854][T16174] vivid-001: RDS Traffic Program: false inactive
[  638.446175][T16174] vivid-001: RDS Music: false inactive
[  638.452549][T16174] vivid-001: ==================  END STATUS  ==================
[  638.940521][T16187] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2729'.
[  639.408062][ T5239] usb 7-1: new high-speed USB device number 21 using dummy_hcd
[  639.448559][T16199] block nbd1: shutting down sockets
[  639.592744][T16204] netlink: 'syz.1.2734': attribute type 1 has an invalid length.
[  639.596315][T16204] netlink: 9396 bytes leftover after parsing attributes in process `syz.1.2734'.
[  639.598651][ T5239] usb 7-1: Using ep0 maxpacket: 32
[  639.604889][ T5239] usb 7-1: config 0 has no interfaces?
[  639.611660][ T5239] usb 7-1: New USB device found, idVendor=1557, idProduct=8150, bcdDevice=29.ed
[  639.618011][ T5239] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  639.621631][ T5239] usb 7-1: Product: syz
[  639.623577][ T5239] usb 7-1: Manufacturer: syz
[  639.625671][ T5239] usb 7-1: SerialNumber: syz
[  639.638639][ T5239] usb 7-1: config 0 descriptor??
[  639.846930][ T5239] usb 7-1: USB disconnect, device number 21
[  640.538029][ T5239] usb 6-1: new high-speed USB device number 18 using dummy_hcd
[  640.740145][ T5239] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  640.746774][ T5239] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  640.758049][ T5239] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  640.763884][ T5239] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  640.771009][ T5239] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  640.778933][ T5239] usb 6-1: config 0 descriptor??
[  641.197085][ T5239] plantronics 0003:047F:FFFF.0009: unknown main item tag 0xe
[  641.202346][ T5239] plantronics 0003:047F:FFFF.0009: unknown main item tag 0x7
[  641.210381][ T5239] plantronics 0003:047F:FFFF.0009: No inputs registered, leaving
[  641.223367][ T5239] plantronics 0003:047F:FFFF.0009: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0
[  641.519776][ T5239] usb 6-1: USB disconnect, device number 18
[  642.240945][T16239] block nbd1: shutting down sockets
[  642.649173][T16245] FAULT_INJECTION: forcing a failure.
[  642.649173][T16245] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  642.658790][T16245] CPU: 3 PID: 16245 Comm: syz.1.2745 Not tainted 6.10.0-rc7-syzkaller-00076-g9d9a2f29aefd #0
[  642.663485][T16245] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  642.668903][T16245] Call Trace:
[  642.670741][T16245]  <TASK>
[  642.672329][T16245]  dump_stack_lvl+0x16c/0x1f0
[  642.674680][T16245]  should_fail_ex+0x497/0x5b0
[  642.677039][T16245]  _copy_from_user+0x30/0xf0
[  642.679293][T16245]  do_ip_setsockopt+0x2099/0x38c0
[  642.681658][T16245]  ? __pfx_do_ip_setsockopt+0x10/0x10
[  642.683881][T16245]  ? __pfx___might_resched+0x10/0x10
[  642.685975][T16245]  ? __pfx___lock_acquire+0x10/0x10
[  642.688123][T16245]  ? __pfx_lock_release+0x10/0x10
[  642.690231][T16245]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  642.692605][T16245]  ? aa_sk_perm+0x2f5/0xb40
[  642.695186][T16245]  ip_setsockopt+0x59/0xf0
[  642.697340][T16245]  tcp_setsockopt+0xa4/0x100
[  642.699594][T16245]  ? bpf_lsm_socket_setsockopt+0x9/0x10
[  642.702220][T16245]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  642.704938][T16245]  do_sock_setsockopt+0x222/0x480
[  642.707324][T16245]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  642.709974][T16245]  ? __fget_light+0x173/0x210
[  642.712438][T16245]  __sys_setsockopt+0x1a4/0x270
[  642.714802][T16245]  ? __pfx___sys_setsockopt+0x10/0x10
[  642.717318][T16245]  ? fput+0x32/0x390
[  642.719193][T16245]  ? ksys_write+0x1ab/0x260
[  642.721348][T16245]  ? __pfx_ksys_write+0x10/0x10
[  642.723560][T16245]  __ia32_sys_setsockopt+0xbc/0x160
[  642.725989][T16245]  ? lockdep_hardirqs_on+0x7c/0x110
[  642.728476][T16245]  ? syscall_enter_from_user_mode_prepare+0x68/0xe0
[  642.731660][T16245]  __do_fast_syscall_32+0x73/0x120
[  642.734211][T16245]  do_fast_syscall_32+0x32/0x80
[  642.736618][T16245]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  642.739694][T16245] RIP: 0023:0xf7419579
[  642.741559][T16245] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  642.750503][T16245] RSP: 002b:00000000f5d3157c EFLAGS: 00000292 ORIG_RAX: 000000000000016e
[  642.753946][T16245] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000000000
[  642.757189][T16245] RDX: 0000000000000030 RSI: 0000000020000180 RDI: 0000000000000110
[  642.760903][T16245] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  642.764815][T16245] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  642.768699][T16245] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  642.772413][T16245]  </TASK>
[  642.869817][T16249] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN NOPTI
[  642.876069][T16249] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]
[  642.883893][T16249] CPU: 3 PID: 16249 Comm: syz.1.2746 Not tainted 6.10.0-rc7-syzkaller-00076-g9d9a2f29aefd #0
[  642.890816][T16249] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  642.895973][T16249] RIP: 0010:dev_map_enqueue+0x31/0x3e0
[  642.898552][T16249] Code: 56 41 55 49 89 d5 41 54 49 89 fc 55 48 89 f5 53 48 83 ec 08 e8 e0 fb d9 ff 4c 89 e2 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <80> 3c 02 00 0f 85 86 03 00 00 49 8d 7c 24 18 49 8b 1c 24 48 b8 00
[  642.913216][T16249] RSP: 0018:ffffc90007f1f6f0 EFLAGS: 00010246
[  642.916781][T16249] RAX: dffffc0000000000 RBX: 000000000000000e RCX: ffffc90029421000
[  642.920619][T16249] RDX: 0000000000000000 RSI: ffffffff81b49340 RDI: 0000000000000000
[  642.924395][T16249] RBP: ffff88806420c070 R08: 0000000000000005 R09: 0000000000000000
[  642.927993][T16249] R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000000
[  642.931740][T16249] R13: ffff88802bdd4000 R14: 0000000000000000 R15: 00000000000000fd
[  642.935581][T16249] FS:  0000000000000000(0000) GS:ffff88802c300000(0063) knlGS:00000000f5d31b40
[  642.939709][T16249] CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
[  642.942559][T16249] CR2: 000000000c395510 CR3: 0000000057f16000 CR4: 0000000000350ef0
[  642.945910][T16249] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  642.949006][T16249] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  642.952029][T16249] Call Trace:
[  642.953519][T16249]  <TASK>
[  642.954859][T16249]  ? show_regs+0x8c/0xa0
[  642.956581][T16249]  ? die_addr+0x4f/0xd0
[  642.958003][T16249]  ? exc_general_protection+0x155/0x230
[  642.960192][T16249]  ? asm_exc_general_protection+0x26/0x30
[  642.962128][T16249]  ? dev_map_enqueue+0x20/0x3e0
[  642.963863][T16249]  ? dev_map_enqueue+0x31/0x3e0
[  642.965600][T16249]  xdp_do_redirect_frame+0x1b8/0x590
[  642.967481][T16249]  bpf_test_run_xdp_live+0x4a3/0x1bb0
[  642.969659][T16249]  ? __pfx_bpf_test_run_xdp_live+0x10/0x10
[  642.971623][T16249]  ? __pfx_xdp_test_run_init_page+0x10/0x10
[  642.973436][T16249]  ? find_held_lock+0x2d/0x110
[  642.975088][T16249]  ? __might_fault+0xe3/0x190
[  642.976898][T16249]  ? _copy_from_user+0x5d/0xf0
[  642.978651][T16249]  ? bpf_test_init.isra.0+0x111/0x150
[  642.980950][T16249]  bpf_prog_test_run_xdp+0x82d/0x1530
[  642.983335][T16249]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  642.985917][T16249]  ? fput+0x32/0x390
[  642.987676][T16249]  ? __bpf_prog_get+0xa0/0x2f0
[  642.989680][T16249]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  642.992166][T16249]  __sys_bpf+0x1787/0x5830
[  642.994192][T16249]  ? __pfx___sys_bpf+0x10/0x10
[  642.996410][T16249]  ? __pfx_futex_wait+0x10/0x10
[  642.998747][T16249]  ? do_futex+0x123/0x350
[  643.000619][T16249]  ? __pfx_do_futex+0x10/0x10
[  643.002532][T16249]  ? xfd_validate_state+0x5d/0x180
[  643.004642][T16249]  __ia32_sys_bpf+0x76/0xe0
[  643.006607][T16249]  __do_fast_syscall_32+0x73/0x120
[  643.008865][T16249]  do_fast_syscall_32+0x32/0x80
[  643.010889][T16249]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  643.013285][T16249] RIP: 0023:0xf7419579
[  643.014860][T16249] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  643.022056][T16249] RSP: 002b:00000000f5d3157c EFLAGS: 00000292 ORIG_RAX: 0000000000000165
[  643.025100][T16249] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000020000240
[  643.028536][T16249] RDX: 0000000000000050 RSI: 0000000000000000 RDI: 0000000000000000
[  643.031948][T16249] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  643.035392][T16249] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  643.039347][T16249] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  643.043055][T16249]  </TASK>
[  643.044455][T16249] Modules linked in:
[  643.046949][T16249] ---[ end trace 0000000000000000 ]---
[  643.049540][T16249] RIP: 0010:dev_map_enqueue+0x31/0x3e0
[  643.052638][T16249] Code: 56 41 55 49 89 d5 41 54 49 89 fc 55 48 89 f5 53 48 83 ec 08 e8 e0 fb d9 ff 4c 89 e2 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <80> 3c 02 00 0f 85 86 03 00 00 49 8d 7c 24 18 49 8b 1c 24 48 b8 00
[  643.061415][T16249] RSP: 0018:ffffc90007f1f6f0 EFLAGS: 00010246
[  643.063876][T16249] RAX: dffffc0000000000 RBX: 000000000000000e RCX: ffffc90029421000
[  643.066829][T16249] RDX: 0000000000000000 RSI: ffffffff81b49340 RDI: 0000000000000000
[  643.071162][T16249] RBP: ffff88806420c070 R08: 0000000000000005 R09: 0000000000000000
[  643.074367][T16249] R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000000
[  643.077421][T16249] R13: ffff88802bdd4000 R14: 0000000000000000 R15: 00000000000000fd
[  643.081121][T16249] FS:  0000000000000000(0000) GS:ffff88802c300000(0063) knlGS:00000000f5d31b40
[  643.085288][T16249] CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
[  643.088127][T16249] CR2: 000000000c395510 CR3: 0000000057f16000 CR4: 0000000000352ef0
[  643.092367][T16249] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  643.096360][T16249] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  643.100744][T16249] Kernel panic - not syncing: Fatal exception in interrupt
[  643.118859][T16249] Kernel Offset: disabled
[  643.120988][T16249] Rebooting in 86400 seconds..

VM DIAGNOSIS:
00:56:58  Registers:
info registers vcpu 0

CPU#0
RAX=00000002000008fb RBX=0000000000000001 RCX=0000000000000830 RDX=0000000000000002
RSI=00000000000000fb RDI=0000000000000002 RBP=0000000000000001 RSP=ffffc90000007e20
R8 =0000000000000001 R9 =0000000000000000 R10=0000000000000001 R11=ffffc90000007ff8
R12=0000000000000001 R13=0000000000000000 R14=ffff88802c13ebc0 R15=ffff888020ae4c01
RIP=ffffffff813b39a8 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88802c000000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000f212aff8 CR3=0000000026b90000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=00000000f6000001 Opmask01=00000000d8000004 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=00000000ffffffff Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000001
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffdbbb26f80 0000003000000018
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 6565656565656565 6565656565656565
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ff00ff0000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff ffffffffffff0000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ff00ff0000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0a0a0a0a0a0a0a0a 0a0a0a0a0a0a0a0a 0a0a0a0a0a0a0a0a 0a0a0a0a0a0a0a0a
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000030000030 373178302f306278 302b726573755f6f 745f657069702000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000030000030 3731723025306272 3021726573755565 7455657063702000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 3541303030303030 2030393230303020 30203a5220413534 3220313735313330
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 203030202e302030 2020303020300020 3020203020203020 2020202030202030
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2a6e322a3a3a2a3a 3a2a3a3a2a3a3a2a 3c382a3e682a6e32 2a3a332a3a332a3a
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 3f6c3a3a3a3a3a3a 3a3a3068383a3a2a 305a59582a573f3e 383c3b5e5157393a
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=00000000014278f4 RBX=0000000000000001 RCX=ffffffff8adc5bf9 RDX=ffffed1005826fde
RSI=ffffffff8b8fbda0 RDI=ffffffff816725bc RBP=ffffed1002c63910 RSP=ffffc90000477e08
R8 =0000000000000000 R9 =ffffed1005826fdd R10=ffff88802c137eeb R11=ffffffff8b2f4160
R12=0000000000000001 R13=ffff88801631c880 R14=ffffffff8fe29790 R15=0000000000000000
RIP=ffffffff8adc6fef RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88802c100000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000f72331a0 CR3=0000000000df6000 CR4=00350ef0
DR0=0000000000000000 DR1=00000000872c9164 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000005000000000 0000000100000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 2

CPU#2
RAX=ffffffff88fe8cd9 RBX=ffffc90002b574c8 RCX=1ffff9200056aea2 RDX=dffffc0000000000
RSI=ffffffff813c7a49 RDI=ffffc90002b57ad0 RBP=0000000000000001 RSP=ffffc90002b57448
R8 =0000000000000001 R9 =0000000000000000 R10=0000000000000001 R11=dffffc0000000000
R12=ffffffff91060998 R13=ffffc90002b57ad8 R14=ffffffff9106099c R15=0000000000000001
RIP=ffffffff813c93ef RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff88802c200000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000008f000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000f743d230 CR3=0000000056098000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000585858585858 2e7a797300000000
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000585858585858
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff 0f0e0d0c0b0a0908
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000000000206e 61000074736f686c
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffff0000ffff00 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 3

CPU#3
RAX=0000000000000055 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff84f98915 RDI=ffffffff94d5ae00 RBP=ffffffff94d5adc0 RSP=ffffc90007f1f0d8
R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=502033203a555043
R12=0000000000000000 R13=0000000000000055 R14=ffffffff84f988b0 R15=0000000000000000
RIP=ffffffff84f9893f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff88802c300000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000d6000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=000000000c395510 CR3=0000000057f16000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000005000000000 0000000100000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000