last executing test programs:

10.260957714s ago: executing program 2 (id=2134):
syz_emit_ethernet(0x6a, &(0x7f0000000240)={@random="a5050f0014b5", @random="0000009000", @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x5, 0x0, 0x0, 0xe0, 0x0, 0xe000, {0x10, 0x4, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x89, 0x0, @local, @local, {[@timestamp_prespec={0x44, 0x2c, 0x0, 0x3, 0x0, [{@private}, {@multicast1}, {@initdev={0xac, 0x1e, 0x0, 0x0}}, {@remote}, {}]}]}}}}}}}, 0x0)

10.259029236s ago: executing program 2 (id=2136):
r0 = open(&(0x7f0000000180)='./bus\x00', 0x0, 0x106)
ioctl$CDROM_SEND_PACKET(0xffffffffffffffff, 0x2202, 0x0)
ioctl$DMA_HEAP_IOCTL_ALLOC(r0, 0xc0184800, &(0x7f0000000080)={0x7, <r1=>r0, 0x80002})
ioctl$TUNSETLINK(r1, 0x400454cd, 0x308)
mount(&(0x7f00000002c0)=@nullb, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0)
r2 = open(&(0x7f0000000040)='./bus\x00', 0x80000, 0x0)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27fffff, 0x4002011, r2, 0x0)
r3 = open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x0)
pwritev2(r3, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0x1}], 0x1, 0x33000, 0x0, 0x3)

10.181023419s ago: executing program 2 (id=2137):
bpf$TOKEN_CREATE(0x24, &(0x7f00000001c0), 0x8)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000002c0)=0xffffffffffffffff, 0x4)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000480)=ANY=[@ANYBLOB="1c0000001800010000000000000000001d01000005000d00010000"], 0x1c}}, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000340)={@broadcast, @local, @void, {@ipv6={0x86dd, @generic={0x0, 0x6, "87fb89", 0x0, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @dev}}}}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r1 = syz_open_dev$MSR(&(0x7f0000000000), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_open_dev$tty20(0xc, 0x4, 0x1)
r2 = socket$inet6(0xa, 0x802, 0x0)
connect$inet6(r2, &(0x7f0000000080)={0xa, 0x0, 0x0, @dev, 0x4}, 0x1c)
sendmmsg(r2, &(0x7f0000002cc0), 0x1a3, 0xf97)
bpf$TOKEN_CREATE(0x24, &(0x7f00000001c0), 0x8) (async)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000002c0)=0xffffffffffffffff, 0x4) (async)
socket$nl_route(0x10, 0x3, 0x0) (async)
sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000480)=ANY=[@ANYBLOB="1c0000001800010000000000000000001d01000005000d00010000"], 0x1c}}, 0x0) (async)
syz_emit_ethernet(0x36, &(0x7f0000000340)={@broadcast, @local, @void, {@ipv6={0x86dd, @generic={0x0, 0x6, "87fb89", 0x0, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @dev}}}}, 0x0) (async)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) (async)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) (async)
syz_open_dev$MSR(&(0x7f0000000000), 0x0, 0x0) (async)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) (async)
syz_open_dev$tty20(0xc, 0x4, 0x1) (async)
socket$inet6(0xa, 0x802, 0x0) (async)
connect$inet6(r2, &(0x7f0000000080)={0xa, 0x0, 0x0, @dev, 0x4}, 0x1c) (async)
sendmmsg(r2, &(0x7f0000002cc0), 0x1a3, 0xf97) (async)

8.316999421s ago: executing program 2 (id=2150):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x6, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000a1070000000200000300000085000000a5000000180000000500000000000000ff7fffff9500000000000000"], &(0x7f0000000100)='GPL\x00', 0x5, 0xb1, &(0x7f0000000140)=""/177, 0x40f00, 0x11, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000200)={0x7, 0x3}, 0x8, 0x10, &(0x7f0000000240)={0x2, 0x3, 0x1, 0xe}, 0x10, 0x0, 0x0, 0x3, &(0x7f0000000280)=[0x1, 0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x1], &(0x7f00000002c0)=[{0x0, 0x1, 0xb, 0x3}, {0x0, 0x2, 0xc}, {0x5, 0x4, 0xd, 0x9}], 0x10, 0xffff, @void, @value}, 0x94)
r1 = creat(&(0x7f0000000280)='./file0\x00', 0x0)
r2 = openat$cdrom(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$CDROM_SEND_PACKET(r2, 0x5304, 0x0)
close(r1)
ioctl$DRM_IOCTL_MODE_GETCRTC(r1, 0xc06864a1, &(0x7f0000000300)={0x0, 0xfffffffffffffe7a, 0x0, <r3=>0x0})
ioctl$DRM_IOCTL_GET_CLIENT(r1, 0xc0186405, &(0x7f0000000080)={0xfffffff8, 0x40, {}, {<r4=>0xee01}, 0x46e, 0x6})
quotactl_fd$Q_SETINFO(r1, 0xffffffff80000600, r4, &(0x7f00000000c0)={0x2, 0x80, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETFB2(r1, 0xc06864ce, &(0x7f0000000600)={r3})
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x1f, 0xf, &(0x7f0000000080)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000000)={r5}, 0xc)

8.261623148s ago: executing program 2 (id=2151):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e23, @remote}, 0x10)
r1 = socket$netlink(0x10, 0x3, 0x4)
writev(r1, &(0x7f0000000300)=[{&(0x7f0000000340)="580000001400192340834b80040d8c5602117436c3794e2300000000000058000b4824ca945f6400940f6a0325010ebc000000000000008000f0fffeffe809005300fff5dd00000010000100030c10000000214e224e0000", 0x58}], 0x1)

8.26098884s ago: executing program 2 (id=2152):
openat$userio(0xffffffffffffff9c, &(0x7f0000000080), 0x2202c2, 0x0)
syz_open_dev$usbmon(&(0x7f0000000180), 0x8, 0x0)
syz_io_uring_setup(0x14173, &(0x7f0000000780)={0x0, 0x0, 0x10100, 0x1, 0x2cc}, &(0x7f0000000100)=<r0=>0x0, &(0x7f00000000c0)=<r1=>0x0)
syz_io_uring_submit(r0, r1, &(0x7f0000000180)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
socket$inet6_tcp(0xa, 0x1, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xb, &(0x7f0000000380)={0xffffa7f5, 0x140008b}, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
read$msr(r2, &(0x7f0000032680)=""/102392, 0xffffff32)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
memfd_create(0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x0, 0x0)
r3 = memfd_create(&(0x7f0000000280)='\x01\xfd\xae.+\xa6\x8c\xb6?2\x199\x94S,|x?Ue[\xbd\xe1!\x033\xbc\'#\xff\x17\x9b%\xf3[d  \x97\xf5G\x97A\xc2\xd8\xf0Uq\xe6+\xa5l\x94\v\xb6\a\x17\\\xfb\x04!\xe4\xc4\xb1\xa2\x1c\xffC;\x94Q\r\xb6}\x9c\xecC\v\xcf\xeb\xe4\x9aR\xe5,\x82\x03\x00\x19\x8d\xe8\xc6\xb9\xe4\xb4\x99\x8a\x19P\xb8\x8cx\b\x99\x04R\x05\xaf\xa2\xea5\f\xcc\x1a\x9b\x00Uf\xa5\xf7\x80Tgiz\nX\b\x91\xfd0\x8e\xb6\xa3\v#\xa1\xdf\xb4\xc0\xe6\xb4\xef\xa8i\xd8\xa2\xd2(\x98\x9bA\x8f\x13\xeb\xf4b/\xef!\x8f\xf6]-\xe9k\xb62\x89gEv\x13\xf4\xc7\xb2\xf5\\\x17\x90\xb5\xa6\xa8\xb8o\x0f\xe2 \xe7\x9c$\xd7\xf2@\xf7cdv[\t\x00\x8d\xf3\xcc1\r$\x1e\xff\xf0P\xb2\x97\xb8\xbc\xeb\x91\x87\x8bu\xbf\xd4\'\xff\x1f\f\x016\x9dQ\xeeT\xe8\bY\x00\xb2\x06\xa6\xbel\x9b.o\xbe\x80\x9dx\xd5O\xd6h\\I\xc9\x8d\a\x1d\xc9\x0f\x82\xdbs\xc7\x83L\x9e\xa2\xd1\xb3\xac\x8d\xd8\xb4\xb4\xea\x90Q\xd8\xc7\xeb%\x8bOp\x1ab\x96\xcf\xbb\x15\xcf\xfcN\xed\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00s\xaf\xa2\x14]p+\x96\x1ei|n\xda\xee\\\xae\x96*\x82*\xb8j\xda\xaa\x14\x1f\x1d\xf8\xf8\xae\xfcH\xc4\xb3j\xe8\xcfO\xef\x0e\xafe\xb5*\x89\x18\xb2w\x96\b\x1by\xeaT\xdd\xb3g6\xbc\x85\xb2Y\xccv\x06\x00\x00\x00\xc5e\x90\xc51\x9f\v_# \b\xa5\xbcP,|\xe9\xd6s\x1f\x1f\xbe\xd3\x80\xb1\xa8 \xce|df\x903\v\x02\xea.\x03X\xb5\xe4,8\xb7\xadEI\xdcA\xa7\xcc\xd7\xf9n\x1b\x95\xf8\x11Z\xe6:\x03\xce\xfe\x02\x8ctdy~_oC\x9e\xef\xf0\xa2K\xe9;\x8e:\x01\x03C\x92\xeb\x16\x1c\xbf\xbe\xef\xccUxhg\xffY\xe6\x83\xa6z\xff\x01\x9d o_{!O\xaajU\x84 \xe9\xb59r\x9cw\x18Z\xd3\xcd\x0e\xba\\\xdb\xf0\xe1\x86\t\xaf\vi\xdc\xbf?\xf5\n\xbd^\x05\xc0\xceuC}\xa8\xc7\xad\x86\xd7\x15&\xb9]1\x05J\x96\xf0\x84\xc1\f\xa6p\x96\xb8\x02\x13pA\x19\tf\x12\x88\xc8\x9c\xc9Cn\xd4\xa47V\'+\xcc\xbf\r\xa9\x10\x1d\xcf\xebKlb\xe5:\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00G\xdf\xbb\xc0_\x99F\xf4n]\x14\xbc\xcd\xd3\x9f\x9fe\xc5\xe6\xe8Mb\xc6\x82\x82\xcc\xcaXe\xe1\xa2\xaa\x02\x86\xb8\x18\xe2C\xeb\xa9\x17&\x01&\'w\xa1t0\x80\xf0\x93\x80\x9f\x9b\xe0\x9f\xea\xb9\x9eD]#V\xda\x92\xca\xc6\xfa.\xd6\xe31\xfe\xe8\x02\xebX\xbd\nz\x01O\xd3r\xa2\xa9u\x93', 0x6)
mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0xe, 0x12, r3, 0x0)
fallocate(r3, 0x0, 0x0, 0x400)
r4 = userfaultfd(0x801)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3000002, 0x5d031, 0xffffffffffffffff, 0x0)
ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f0000000600))
ioctl$UFFDIO_REGISTER(r4, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x4})
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$UFFDIO_COPY(r4, 0xc028aa03, &(0x7f0000000000)={&(0x7f00006a1000/0x3000)=nil, &(0x7f0000c8b000/0x4000)=nil, 0x3000, 0x2})
fanotify_init(0x0, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$TIPC_NL_LINK_RESET_STATS(r5, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x880)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$devlink(&(0x7f0000000640), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RATE_SET(r6, 0x0, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x7, 0x0, 0xfffffffffffffffd, 0x0, 0x4}, 0x0, &(0x7f0000000080)={0x3ff, 0x0, 0x2, 0xfffffffffffffffa, 0x1, 0xfffffffffffffffe, 0xfffffffffffffffc}, 0x0, 0x0)

4.901438158s ago: executing program 1 (id=2161):
r0 = socket$kcm(0x10, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f0000000300)=ANY=[], &(0x7f0000000300)='syzkaller\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000200)={0x10000008, 0x4}, 0x8, 0x10, &(0x7f0000000240)={0x3, 0x4, 0x3, 0x6}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
kcmp(0x0, 0x0, 0x2, 0xffffffffffffffff, 0xffffffffffffffff)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x10)
socket$inet_tcp(0x2, 0x1, 0x0)
r4 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB="021300000200"/16, @ANYRESDEC=r2], 0x10}}, 0x0)
setsockopt$inet6_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8000002b)
ioctl$PTP_ENABLE_PPS(0xffffffffffffffff, 0x40043d04, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0cc5605, &(0x7f00000000c0)={0x1, @pix_mp={0x1000000, 0x0, 0x34343459, 0x0, 0x0, [{}, {}, {}, {}, {}, {}, {}, {0x1}]}})
setsockopt$sock_int(r4, 0x1, 0x23, &(0x7f00000001c0)=0x101, 0x4)
r5 = syz_open_dev$vim2m(&(0x7f0000000040), 0x8, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r5, 0xc0145608, &(0x7f00000000c0)={0x1, 0x2, 0x1})
ioctl$vim2m_VIDIOC_QBUF(r5, 0xc044560f, &(0x7f00000001c0)=@mmap={0x0, 0x2, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "2063569a"}})
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$rdma_cm(0xffffff9c, &(0x7f00000002c0), 0x2, 0x0)
sendmsg$kcm(r0, &(0x7f00000000c0)={0x0, 0x4788, &(0x7f0000000000)=[{&(0x7f0000000140)="d800000019008111e0020f060d8107040a60090000020000000455a1bc00090008000699e3ffffff1400050008fff00006000567b8b7b94002000009080016060000000000000074d67f6f9400f7d1d9bbe94fa27100a007a2f7457f01896034277ce06bbace8017cb39b62ee5a7cef4090000001fb791643a5e83d42365f003724a237ee4b11602b2a10000000014d6d930dfe1d9c322fe040000005025acca262f3d40fad95667e006dcdf634c1f215ce3bb9ad809d50b694138c9f1ac76efb42a9ecbee5de6ccd44242f4d643f6fd0f26187b51980dd6", 0xd8}], 0x1}, 0x0)

4.004114785s ago: executing program 1 (id=2164):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x6, 0x5, 0x1000, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000004c0)={r1, 0xf, 0x0, 0x0, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)

3.887424755s ago: executing program 3 (id=2165):
r0 = ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0)
writev(r0, &(0x7f00000002c0)=[{&(0x7f0000000000)="95337cf2db738cd606b72595e964faa755f2f0985d7777c62bab6a8eb32821d8da519c85fea4e63e6822d816302c73913c07f3dceed3cc7ebf4cc384c728f8577470f32a609e73a624982108be098a507afecf372b525f5e31e734bb026032a0c78884d45cb1d5cb214640e414afa7e0053018c702a09b988c7f14722b2e2f50220d88b3af4e159e78e13d5ef1a55d15adcb68e9cba9636deddde73193f2d32adbcb0c6e7ab36c1e4a94cde02855a53a7b5732e55df94fb0af3950b94f20d3f075165f26766a55ee2c30ec5b577464039ae6cd870f32fa7c268dffa98e83eca58661f4d547c848d139875fb7b297f05a", 0xf0}, {&(0x7f0000000100)}, {&(0x7f0000000140)="55354e296eebe04322a1d53c0a323bd5997df44375d12bf2041820f96b91be59379b3d37f82ef33b566c9194", 0x2c}, {&(0x7f0000000180)="92034a137e9db5ed3b48f08f8eade48968e19b7d4e8b1146a80913fdde4163b1b32e5e60be6528616fbdf0de00032e96231d505f91a699c35606b001f27bbd92b83bf7e629635ad7742a08348d8cf0c58812c77f5f8d96ef856655e6494a0306aa79dcac2cf4b1ee51cd6e84b424d3148691e123f4c1938f41167101cdb4098e1bcedc433c5589957286a33257671c01ee961978bf33", 0x96}, {&(0x7f0000000240)="c7d812469e8e22d00fef6f51585e7fd45514a5eb4d79866b60b5643b31442b3e36", 0x21}, {&(0x7f0000000280)="aed32d38a62e2695e389c74e28ec5c6c75c005ccd01fea65a3d24f9927b3159f6cb5dd8b", 0x24}], 0x6)
pread64(r0, &(0x7f0000000300)=""/214, 0xd6, 0x5)
r1 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000440)=@o_path={&(0x7f0000000400)='./file0\x00', 0x0, 0x4000, r0}, 0x14)
ioctl$EXT4_IOC_SWAP_BOOT(r1, 0x6611)
pread64(r0, &(0x7f0000000480)=""/135, 0x87, 0x4)
r2 = openat$vhost_vsock(0xffffff9c, &(0x7f0000000540), 0x2, 0x0)
ioctl$VHOST_VSOCK_SET_RUNNING(r2, 0x4004af61, &(0x7f0000000580)=0x1)
r3 = syz_open_dev$tty1(0xc, 0x4, 0x3)
ioctl$KDSKBSENT(r3, 0x4b49, &(0x7f00000005c0)={0xfd, "22fa240785268ffebefe5ba2f28bd9340a7f67a250b81782f94c0559d0138a95acc67bea5876bec26217a25cda2538d7d22839286fb0bbd9e7a941df78df8572872cb67944fc809d19929170d104df5cee7a00c478f857eac8134d2bb62cc3cdd6bab75fb8a3482dd301cc092b0ea02fbd689c6e84c3848caf2577212d9ffdc79b09d896a29a23ea8854e401ce0d7a7c90a5930b0ec6777c9b7903b869dbef7472ea1bb3b845cc28f5d3a30a4785c9af2c3b7e2f7559406f9cc70f0ece915b21033dcf8b92ec0f3efa9882605d451d74e08a2fc517f0df35bb810b9a7c5ec3c2128f4adaf2c9885babed87bad4f6877171be611ae9651631c60cb39fbc036eab1a4df1d516d17422908e814d90edb139d9be375bffb319cb552a8fefede4226b385492e63f06a652cae9dc9407b49cf3774744c9756abd66cc7615819e3dd6ec053188f88d97112b97d88842e2a675a98fd78c471fdec0d7a3c99483ec8e979898e5602928d2cfcb14d047dab7a6f24cdf9e3916ed4f92ce9428e715532f144aa99915c86235b2d6591daa2c4601b383597c2ccc5836296501fa55b2b5d89c954a6de9cf60975ce9023eab5b2085dcde0a8b63dae73671edefcee6e9a9d6a79abf1cabcf88d3d914c4b06dfa5b4717c681b9a20bbdd6184e7430fea60e3073551a0fb1c5a9a0b72e5da8dd78103d648f93317aaf7dc41922835f0326278ad312"})
ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, 0x0)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000880)={0x3, &(0x7f0000000840)=[{0x4, 0x7f, 0x0, 0x16e}, {0x8, 0x1, 0x6, 0x4}, {0x1ff, 0x2, 0xe9, 0x7}]}, 0x8)
sync()
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, 0x0)
ioctl$KDSKBENT(r3, 0x4b47, &(0x7f0000000940)={0x1, 0x4, 0x2})
socket(0x15, 0x3, 0x10000)
ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, &(0x7f0000000980)={{0x1, 0x1, 0x18, <r4=>r1, {0xf, 0xf7bf}}, './file0\x00'})
r5 = open$dir(&(0x7f0000000a00)='./file0\x00', 0x20080, 0x100)
linkat(r4, &(0x7f00000009c0)='./file0\x00', r5, &(0x7f0000000a40)='./file0\x00', 0x490045595102bc32)
write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000ac0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000a80)={<r6=>0xffffffffffffffff}, 0x111, 0xa}}, 0x20)
write$RDMA_USER_CM_CMD_CONNECT(r4, &(0x7f0000000b00)={0x6, 0x118, 0xfa00, {{0x8000, 0x2, "b44a72d7ec6e8ce63c765c292f782fa9c170c765d96e445e6c26ce59cadd8ebd42e46783ac241595d534f8cde5ea2220d9f3da6de75ab5deb4150d398dd0e6fb2256db0fdec4887b32a965ef596b3131fbf7a9e5c8b788921fb3f4ae31cc8a36b3e65824fefc4a12de6bfbb723ff10790d18fcdb4f1d8a4aa77107dddfc9817403123c57164f8aaf770d8b1657b54e2dcc7170745933988496f5432b21087a313252d2d9d86b10fef76dd6d02b410c94b0ff1824ee6645e2baa6e468199c4ddc692ffd26a87bce46c29bf80be8a5511ef771e47e7b57e80a1f9152bc81cc30ddbc61de89cd696737dcdddb101322538bfa1df98e202d35606a7b22d52892c7a6", 0x6, 0x80, 0x0, 0xc, 0x5b, 0x7, 0x8, 0x1}, r6}}, 0x120)
r7 = add_key$keyring(&(0x7f0000000d40), &(0x7f0000000d80)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffe)
add_key$fscrypt_v1(&(0x7f0000000c40), &(0x7f0000000c80)={'fscrypt:', @desc1}, &(0x7f0000000cc0)={0x0, "4ea1cb79c1d9bda8dbb57d9db03b1ba91623620a72570d93e26b98beb762a4ea851d0c4112d6936eea12a1121918b7f14dc6c52b0884767911251c78f144ccf9", 0x26}, 0x48, r7)
pread64(r3, &(0x7f0000000dc0)=""/240, 0xf0, 0x1)
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r4, 0xc0189379, &(0x7f0000000f00)={{0x1, 0x1, 0x18, <r8=>0xffffffffffffffff}, './file0\x00'})
syz_genetlink_get_family_id$nl80211(&(0x7f0000000ec0), r8)
ioctl$FITRIM(r3, 0xc0185879, &(0x7f0000000f40)={0x7, 0x383, 0x10000})
io_setup(0x8001, &(0x7f0000000f80))
syz_emit_vhci(&(0x7f0000000fc0)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x1, 0x0, 0xc}, @l2cap_cid_le_signaling={{0x8}, @l2cap_le_credits={{0x16, 0x3, 0x4}, {0x2, 0x6}}}}, 0x11)
keyctl$restrict_keyring(0x1d, r7, &(0x7f0000001000)='pkcs7_test\x00', &(0x7f0000001040)='*,\x00')

3.511554385s ago: executing program 3 (id=2166):
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = userfaultfd(0x1)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040))
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
mremap(&(0x7f00002d7000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f000082a000/0x400000)=nil)
get_mempolicy(0x0, 0x0, 0x0, &(0x7f0000a88000/0x2000)=nil, 0x3)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="17000000f5ff000000ff000000000000", @ANYRES32=0x1, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000200"/28], 0x50)
open(&(0x7f0000000180)='./bus\x00', 0x14957e, 0x0)
mount(&(0x7f0000000040)=@nullb, &(0x7f0000000280)='./bus\x00', &(0x7f0000000240)='minix\x00', 0x2808088, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000001640)={&(0x7f0000000300)={0x2, 0x0, @multicast2=0xe0000001}, 0x10, 0x0, 0x0, 0x0, 0x38}, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
openat$rdma_cm(0xffffff9c, &(0x7f0000000000), 0x2, 0x0)
r5 = io_uring_setup(0x7bd9, &(0x7f0000000180)={0x0, 0x480e, 0x400, 0x0, 0x43})
r6 = io_uring_register$IORING_REGISTER_PERSONALITY(r5, 0x9, 0x0, 0x0)
io_uring_register$IORING_UNREGISTER_PERSONALITY(r5, 0x1b, 0x20000009, r6)
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
mkdir(&(0x7f0000000040)='./file0\x00', 0x1c)
r7 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r7, 0x400448de, &(0x7f00000000c0)={0x0, 0x0, "cd0200"})
r8 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r8, &(0x7f0000000340)={0x1f, 0xffff, 0x3}, 0x6)
write(r8, &(0x7f0000000040)="05000000010000", 0x7)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000080)='mem_disconnect\x00', r4}, 0x10)
socket$inet6_tcp(0xa, 0x1, 0x0)

3.121427765s ago: executing program 1 (id=2168):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x3c, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x74, 0x0, 0x2000, 0x1233}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bridge={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BR_VLAN_DEFAULT_PVID={0x6, 0x27, 0xf000}]}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x800}, 0x0)

3.061464091s ago: executing program 1 (id=2169):
socket$nl_route(0x10, 0x3, 0x0)
timerfd_settime(0xffffffffffffffff, 0x3, &(0x7f0000000040)={{0x77359400}, {0x0, 0x989680}}, 0x0)
timerfd_gettime(0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000080)=[@in={0x2, 0x4e20, @empty}], 0x10)
r2 = syz_open_dev$hidraw(&(0x7f0000000280), 0x0, 0x0)
syz_open_dev$hidraw(&(0x7f0000000940), 0x0, 0x0)
ioctl$HIDIOCGFEATURE(r2, 0x4004480c, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
r4 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r5 = dup(r4)
write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c)
syz_io_uring_setup(0x690a, &(0x7f0000000340), &(0x7f0000000140), &(0x7f0000000280))
r6 = socket$inet6_udplite(0xa, 0x2, 0x88)
sendto$inet6(r6, 0x0, 0x0, 0x4c004, &(0x7f0000002880)={0xa, 0x4e22, 0x0, @mcast2}, 0x1c)
sendmmsg$inet6(r6, &(0x7f0000000fc0)=[{{0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000640)="383cd9cbce39f8c83f86c16cba3abbe0a1cc0ad921451ad90d20c72eb63222a37aae8f91c29a66efc1105e7f0b06d2d7d1f876c12c8b973ed6d1cc7e50c655a261d38303a2a8207b93fdf1c3119793fde070c8b352da2b29dc1881854b3c4e3fee5c11fb47c67ad456420760e853740c170a0a959fb04834d318beb94d0f919978e7735438d039dc81547bd691dc26888535a0af6262f7aee3fcde21e4e51474c1154f91dd642c1523f08a194491fbb33e25fe4f566802650ed77497cef0b0ce59681befc62a0c1e9b5899567715c0824463466d6d948a059962e44407245258ba2e6d02affafb03fcfdcecb5691e97fa7f332a35ff0c8e379a5f91e01302be79027b1f342614b0c616786ee8fc05d1ff275918e487ee241ae9759a500137bb7e63f65ec7969cff76b97e14dd7a7de48e37584ba66da992e3674d3f8a0788c6e72b0a736b8da9c6087090fcd5c0e3aefb88b39c8892becf8760560b16a45cfee5304f4d6c228772200d4fe48be3b4ed570c85f7b09c94210375e7263dc1119bf9aef972f32cbb6d70b427bb3c3fe211353d210eb27a757bc592b268d92c8e3c8632467f93c9a5a0cf90d0f8e0c6480b512e70828c5e2b53ed5d5f4b9f1d84477c209886aa095a77087d93c166797ec3282daf2f8e18d9944b4b9a13bb391b312fea26301ce18952204d4552bcc707112cb10d18df37379961ba957caf4bfaf4c48f0573ef237fb1f1cd0310a39d55f5def3da37e2e8a0f5573a2268ba74afb62f681f4bd02c9f250b3ff01388e59f69d9d651506561dfd901aa56129b8474afec21fc1115a38198fd0047e132cf879fb1dcf374eff81e5f079493d55a70014722b9157080281f42c7f37711aec262670ba5ddd151bdd018542c803b47be1dfc884ff5a22156fb9032095de7e69afe9eab810b0c3bac90a8ca8d8c1cb7919a082e7d6d5b2944822ebba4aef382525c5c3382bd8b9d368c337247b935aca5aa46e1124e350ef3fb60b80dd35dc0c65e45c81cd9f271be8c97b8845928926f931641af62f2bc81a6a1a982f8f3318da1a38489f51c564c6c7791fe2f63a10e0e432271aa1aff11f899c87a5c29c5bef73ed72473fada6f49d0af7916800fae9a4b8c60a2c69a93ba9abad0df99ea168cd40c63dee61518dcf8bb29743085de0b2b0cc0a68c4005120fa8ee871b8baa2c6f2f2f4c22002231c9334ca23804457df0922cfc37aaf4b8e4757ff37cd16052006e8bd20a086e4c2a2c3d8dd722e67dd0cb0204a577febd46d1c2315db5c5929c23d08b9c0fcaf9eef78f48d7ef6f51e5b9a6046699d572a9195b8a61ddab408580e209f5fdd804099f01afb597ef41419c82d029be14b8ac40c23c4519619301536709fed1a3150ed69f34012ee25257f4b19fcd1f3d1bfd5be03f85587470c85372ae257d220d7c346bfbd22fbfba27d5daf988e5fbed3c1872e70039f9196f61a30436791a65d5f727b5eb375a06735f7fab2e0434e6424e333a8d098e61c2793b9030df7427f5d654f48ac2f547acce2293fbc7ae6afd36008c31078cef27ec19e975b387ae73ba3e5b3657869ee0fe24a33b558fe42386466d55c56a3b5ce46c54df104bfa002e97e8bde1811681687dc7a2269783476a2c4106bcb25057a72c527a0747d7bef127e4dcd22a658ebe1ff79a77cd887734621b2fc9c4336c5ddc1fb49812b869c13453680e041bc2212f17550fc8d2c70c82452ef6b288985b7cbf53bb35b56a4b53e51dd112e15", 0x4df}], 0x1}}, {{0x0, 0x0, &(0x7f0000007440)=[{&(0x7f0000001500)="adf5bd04f01eccec95c1c5ca7fba623735df51cf89844d9bad7429917e03ad4b4cc6ae623ad8c0924b316f0e6d195479b75186ca55315366ef5d0b491b1811e932fb16a15906cab57fa112718bef35405bee39435abc9aa27f44c0fb7d15e1d8dd4b7a59deae296177fe9316e72cbc89f7e7e7c83d3ffae7d847a21894888b3de40826e54e7a0fc7b552c388637004dc3ea210d2c6dfc6283f690afa5b85b25939464a350dcdf1c38d97854aba19593fc884caec78d9c0", 0xb7}], 0x1}}, {{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f00000001c0)="6be87034983df7d6abe2c2e287503e9fe67324bd3e88", 0x16}], 0x1}}], 0x3, 0x400c804)
getdents(0xffffffffffffffff, 0x0, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_STRSET_GET(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="e9070000000000000000010000001c0002800c00018008000100030000000c0001800800010001000000"], 0x30}}, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x4e20, @local}]}, &(0x7f0000000100)=0x10)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000180)={0x0, @in6={{0xa, 0x3, 0x0, @empty}}, 0xfffffffc, 0x3, 0x989, 0x0, 0x84, 0x8000}, 0x9c)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, 0xffffffffffffffff, 0x0)
syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$F2FS_IOC_MOVE_RANGE(r3, 0xc01cf509, &(0x7f0000000240)={r0, 0xa80, 0x1, 0xffff})
socket$nl_generic(0x10, 0x3, 0x10)

3.003522299s ago: executing program 0 (id=2170):
r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
ioctl$SG_IO(r0, 0x2285, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001440)={0x18, 0x3, &(0x7f0000001180)=ANY=[@ANYRES64=r0], &(0x7f0000001140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={0x0, r1}, 0x18)
socket$nl_generic(0x10, 0x3, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f00000001c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}}, &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0, 0xf, @void, @value}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000001340)=ANY=[@ANYBLOB="0500000004000000080000000b00000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000000000000000000000000800000000000000000000000000000000009ee5bd0b642211d10b8bf70733d48e33c9fc35f847fdb8409f0cf9b61d06837a1b3f0fbcf8461940e3047fffed7cc535d600328c339e81da14f5b070eddb43b50b1628523855ae86dc92f677ec16d255d0940d691e02016bb2e0de9ad32d7c8136ba6e49b75293ca6dfea228d97b8a647e7025a227edad73939803bfcf4d6e54b48d84a92f4cd39c424965242d53a35fe36a142b1d471970df6dd654c82491b5b80695185580bde82a"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002300000018110000", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000080)='sched_switch\x00', r2, 0x0, 0x6}, 0x18)
socket$nl_route(0x10, 0x3, 0x0)
r3 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r3, 0xc0d05605, &(0x7f0000000140)={0x1, @pix_mp={0x0, 0x1, 0x34324152, 0x0, 0x0, [{0x3}, {}, {0x1}]}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000000)=@filter={'filter\x00', 0x2, 0x4, 0x5c0, 0xffffffff, 0xc8, 0x4f8, 0xc8, 0xfeffffff, 0xffffffff, 0x4f8, 0x4f8, 0x4f8, 0xffffffff, 0x4, 0x0, {[{{@ipv6={@dev, @mcast1, [], [], 'macsec0\x00', 'rose0\x00'}, 0x2f2, 0xa4, 0xc8}, @REJECT={0x24}}, {{@uncond, 0x0, 0x1fc, 0x220, 0x0, {}, [@common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x4, 0x0, 0x40, 0x0, 0x2, 0xf8e74ba, 0xfe8c, 0x5d8}}}]}, @common=@unspec=@CONNSECMARK={0x24}}, {{@uncond, 0x0, 0x1dc, 0x210, 0x0, {}, [@common=@rt={{0x138}, {0x0, [], 0x0, 0x0, 0x0, [@local, @remote, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @local, @private1, @empty, @mcast1, @mcast1, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}, @mcast2, @local, @remote, @private1, @private0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @mcast2]}}]}, @common=@inet=@SET3={0x34}}], {{'\x00', 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x61c)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
r5 = syz_open_dev$radio(&(0x7f0000000000), 0x3, 0x2)
syz_emit_vhci(&(0x7f0000001200)=ANY=[@ANYBLOB="040e059a2a203ccdb6fd440ac313ab2b67a75451b40007"], 0x8)
syz_io_uring_setup(0x239, &(0x7f0000000540)={0x0, 0xffffffff, 0x400, 0x0, 0x2000}, &(0x7f0000000080), &(0x7f0000000280))
ioctl$VIDIOC_SUBSCRIBE_EVENT(r5, 0x4020565a, &(0x7f0000000140)={0x3, 0x98f90f, 0x1})
socketpair(0x1, 0x3, 0x0, &(0x7f0000000100))
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x2, &(0x7f0000000040), 0x4)
r6 = syz_io_uring_setup(0x48be, &(0x7f0000000000)={0x0, 0x0, 0x2000, 0x1}, &(0x7f00000011c0), &(0x7f0000ff4000))
io_uring_register$IORING_REGISTER_BUFFERS(r6, 0x0, &(0x7f0000002300)=[{&(0x7f0000000140)=""/4096, 0x1000}], 0x3100)

2.926804011s ago: executing program 3 (id=2171):
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket(0x10, 0x3, 0x0)
sendmsg$SEG6_CMD_GET_TUNSRC(r0, &(0x7f0000000400)={&(0x7f00000003c0), 0xc, &(0x7f0000000440)={0x0, 0x34}}, 0x0)
getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14)
r2 = socket(0x40000000015, 0x5, 0x0)
connect$inet(r2, &(0x7f0000000080)={0x2, 0x4e21, @private=0xa010101}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, '\x00', r1, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, &(0x7f0000000200)=ANY=[@ANYBLOB="1802000002000000000000000000000018010000786c6c2500000000070000007b1af8ff00000000bfa100000000000007010000f8ffffffb7"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
openat$ptp0(0xffffffffffffff9c, &(0x7f0000000080), 0x20000, 0x0)
syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x0)
socket$inet_dccp(0x2, 0x6, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x0, 0xdd}, 0x0, &(0x7f0000000080)={0x3ff}, 0x0, 0x0)
openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
sendmsg$WG_CMD_SET_DEVICE(0xffffffffffffffff, &(0x7f0000001680)={0x0, 0x0, &(0x7f0000001640)={&(0x7f0000000040)=ANY=[@ANYBLOB="000000000000000000000100000024000300a05ca84f6c9c8e"], 0xe84}}, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r3 = getpid()
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
process_vm_readv(r3, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x36}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640), 0x0, 0x0)
r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/ipv6_route\x00')
r5 = openat$dlm_plock(0xffffff9c, &(0x7f00000000c0), 0x141a82, 0x0)
ppoll(&(0x7f0000001fc0)=[{r5, 0x2402}], 0x1, &(0x7f0000002040)={0x0, 0x3938700}, 0x0, 0x0)
lseek(r4, 0xae7d, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f00000001c0))
openat$pmem0(0xffffffffffffff9c, &(0x7f0000000280), 0x4401, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

2.241141969s ago: executing program 0 (id=2172):
r0 = ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0)
writev(r0, &(0x7f00000002c0)=[{&(0x7f0000000000)="95337cf2db738cd606b72595e964faa755f2f0985d7777c62bab6a8eb32821d8da519c85fea4e63e6822d816302c73913c07f3dceed3cc7ebf4cc384c728f8577470f32a609e73a624982108be098a507afecf372b525f5e31e734bb026032a0c78884d45cb1d5cb214640e414afa7e0053018c702a09b988c7f14722b2e2f50220d88b3af4e159e78e13d5ef1a55d15adcb68e9cba9636deddde73193f2d32adbcb0c6e7ab36c1e4a94cde02855a53a7b5732e55df94fb0af3950b94f20d3f075165f26766a55ee2c30ec5b577464039ae6cd870f32fa7c268dffa98e83eca58661f4d547c848d139875fb7b297f05a", 0xf0}, {&(0x7f0000000100)}, {&(0x7f0000000140)="55354e296eebe04322a1d53c0a323bd5997df44375d12bf2041820f96b91be59379b3d37f82ef33b566c9194", 0x2c}, {&(0x7f0000000180)="92034a137e9db5ed3b48f08f8eade48968e19b7d4e8b1146a80913fdde4163b1b32e5e60be6528616fbdf0de00032e96231d505f91a699c35606b001f27bbd92b83bf7e629635ad7742a08348d8cf0c58812c77f5f8d96ef856655e6494a0306aa79dcac2cf4b1ee51cd6e84b424d3148691e123f4c1938f41167101cdb4098e1bcedc433c5589957286a33257671c01ee961978bf33", 0x96}, {&(0x7f0000000240)="c7d812469e8e22d00fef6f51585e7fd45514a5eb4d79866b60b5643b31442b3e36", 0x21}, {&(0x7f0000000280)="aed32d38a62e2695e389c74e28ec5c6c75c005ccd01fea65a3d24f9927b3159f6cb5dd8b", 0x24}], 0x6)
pread64(r0, &(0x7f0000000300)=""/214, 0xd6, 0x5)
r1 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000440)=@o_path={&(0x7f0000000400)='./file0\x00', 0x0, 0x4000, r0}, 0x14)
ioctl$EXT4_IOC_SWAP_BOOT(r1, 0x6611)
pread64(r0, &(0x7f0000000480)=""/135, 0x87, 0x4)
r2 = openat$vhost_vsock(0xffffff9c, &(0x7f0000000540), 0x2, 0x0)
ioctl$VHOST_VSOCK_SET_RUNNING(r2, 0x4004af61, &(0x7f0000000580)=0x1)
r3 = syz_open_dev$tty1(0xc, 0x4, 0x3)
ioctl$KDSKBSENT(r3, 0x4b49, &(0x7f00000005c0)={0xfd, "22fa240785268ffebefe5ba2f28bd9340a7f67a250b81782f94c0559d0138a95acc67bea5876bec26217a25cda2538d7d22839286fb0bbd9e7a941df78df8572872cb67944fc809d19929170d104df5cee7a00c478f857eac8134d2bb62cc3cdd6bab75fb8a3482dd301cc092b0ea02fbd689c6e84c3848caf2577212d9ffdc79b09d896a29a23ea8854e401ce0d7a7c90a5930b0ec6777c9b7903b869dbef7472ea1bb3b845cc28f5d3a30a4785c9af2c3b7e2f7559406f9cc70f0ece915b21033dcf8b92ec0f3efa9882605d451d74e08a2fc517f0df35bb810b9a7c5ec3c2128f4adaf2c9885babed87bad4f6877171be611ae9651631c60cb39fbc036eab1a4df1d516d17422908e814d90edb139d9be375bffb319cb552a8fefede4226b385492e63f06a652cae9dc9407b49cf3774744c9756abd66cc7615819e3dd6ec053188f88d97112b97d88842e2a675a98fd78c471fdec0d7a3c99483ec8e979898e5602928d2cfcb14d047dab7a6f24cdf9e3916ed4f92ce9428e715532f144aa99915c86235b2d6591daa2c4601b383597c2ccc5836296501fa55b2b5d89c954a6de9cf60975ce9023eab5b2085dcde0a8b63dae73671edefcee6e9a9d6a79abf1cabcf88d3d914c4b06dfa5b4717c681b9a20bbdd6184e7430fea60e3073551a0fb1c5a9a0b72e5da8dd78103d648f93317aaf7dc41922835f0326278ad312"})
ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, 0x0)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000880)={0x2, &(0x7f0000000840)=[{0x8, 0x1, 0x6, 0x4}, {0x1ff, 0x2, 0xe9, 0x7}]}, 0x8)
sync()
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000900)={0x3, &(0x7f00000008c0)=[{0x8, 0x40, 0x11, 0x8}, {0x9, 0x0, 0x4, 0x6}, {0x9, 0x9, 0x7, 0x5}]})
ioctl$KDSKBENT(r3, 0x4b47, &(0x7f0000000940)={0x1, 0x4, 0x2})
socket(0x15, 0x3, 0x10000)
ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, &(0x7f0000000980)={{0x1, 0x1, 0x18, <r4=>r1, {0xf, 0xf7bf}}, './file0\x00'})
r5 = open$dir(&(0x7f0000000a00)='./file0\x00', 0x20080, 0x100)
linkat(r4, &(0x7f00000009c0)='./file0\x00', r5, &(0x7f0000000a40)='./file0\x00', 0x490045595102bc32)
write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000ac0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000a80)={<r6=>0xffffffffffffffff}, 0x111, 0xa}}, 0x20)
write$RDMA_USER_CM_CMD_CONNECT(r4, &(0x7f0000000b00)={0x6, 0x118, 0xfa00, {{0x8000, 0x2, "b44a72d7ec6e8ce63c765c292f782fa9c170c765d96e445e6c26ce59cadd8ebd42e46783ac241595d534f8cde5ea2220d9f3da6de75ab5deb4150d398dd0e6fb2256db0fdec4887b32a965ef596b3131fbf7a9e5c8b788921fb3f4ae31cc8a36b3e65824fefc4a12de6bfbb723ff10790d18fcdb4f1d8a4aa77107dddfc9817403123c57164f8aaf770d8b1657b54e2dcc7170745933988496f5432b21087a313252d2d9d86b10fef76dd6d02b410c94b0ff1824ee6645e2baa6e468199c4ddc692ffd26a87bce46c29bf80be8a5511ef771e47e7b57e80a1f9152bc81cc30ddbc61de89cd696737dcdddb101322538bfa1df98e202d35606a7b22d52892c7a6", 0x6, 0x80, 0x0, 0xc, 0x5b, 0x7, 0x8, 0x1}, r6}}, 0x120)
r7 = add_key$keyring(&(0x7f0000000d40), &(0x7f0000000d80)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffe)
add_key$fscrypt_v1(&(0x7f0000000c40), &(0x7f0000000c80)={'fscrypt:', @desc1}, &(0x7f0000000cc0)={0x0, "4ea1cb79c1d9bda8dbb57d9db03b1ba91623620a72570d93e26b98beb762a4ea851d0c4112d6936eea12a1121918b7f14dc6c52b0884767911251c78f144ccf9", 0x26}, 0x48, r7)
pread64(r3, &(0x7f0000000dc0)=""/240, 0xf0, 0x1)
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r4, 0xc0189379, &(0x7f0000000f00)={{0x1, 0x1, 0x18, <r8=>0xffffffffffffffff}, './file0\x00'})
syz_genetlink_get_family_id$nl80211(&(0x7f0000000ec0), r8)
ioctl$FITRIM(r3, 0xc0185879, &(0x7f0000000f40)={0x7, 0x383, 0x10000})
io_setup(0x8001, &(0x7f0000000f80))
syz_emit_vhci(&(0x7f0000000fc0)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x1, 0x0, 0xc}, @l2cap_cid_le_signaling={{0x8}, @l2cap_le_credits={{0x16, 0x3, 0x4}, {0x2, 0x6}}}}, 0x11)
keyctl$restrict_keyring(0x1d, r7, &(0x7f0000001000)='pkcs7_test\x00', &(0x7f0000001040)='*,\x00')

2.025129391s ago: executing program 3 (id=2173):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2)
r2 = syz_open_dev$I2C(&(0x7f0000003000), 0x0, 0x0)
ioctl$I2C_SMBUS(r2, 0x720, &(0x7f0000003080)={0x0, 0xfd, 0x2, &(0x7f0000003040)={0x57, "f4e1a030be8f46a95dbc000000000300"}})

2.016990023s ago: executing program 1 (id=2174):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000040), r0)
sendmsg$NLBL_UNLABEL_C_STATICREMOVEDEF(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)={0x30, r1, 0x1, 0x0, 0x0, {}, [@NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @private1}, @NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @rand_addr=0x64010101}]}, 0x30}}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYRESHEX=0x0, @ANYRESHEX=r2, @ANYRESHEX=r2], 0x4c}}, 0x0)

1.971392374s ago: executing program 0 (id=2175):
r0 = syz_open_dev$swradio(&(0x7f0000000140), 0x0, 0x2)
r1 = dup(r0)
read(r0, &(0x7f0000000040)=""/19, 0x13)
ioctl$VIDIOC_S_CTRL(r1, 0xc008561c, &(0x7f0000000000)={0xf0f040})

1.831173866s ago: executing program 1 (id=2176):
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000040)={0x1, 0x3, 0x6000, 0x1000, &(0x7f0000090000/0x1000)=nil})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = syz_open_dev$evdev(&(0x7f00000000c0), 0x0, 0x822b01)
io_submit(0x0, 0x1, &(0x7f0000000440)=[&(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x10000}])
r2 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
sendmsg$alg(r2, 0x0, 0x0)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet6_int(r3, 0x29, 0x21, &(0x7f00000000c0)=0xb021b617, 0x4)
sendto$inet6(r3, &(0x7f0000000100)="87", 0x1, 0x240088c4, &(0x7f0000000040)={0xa, 0x0, 0x80000000, @private2, 0x1000000}, 0x1c)
r4 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r4, &(0x7f0000001880)=[{&(0x7f0000001a80)=""/102400, 0x19000}], 0x1, 0x0, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
ioctl$KVM_GET_NESTED_STATE(r7, 0xc080aebe, &(0x7f0000005580)={{0x0, 0x0, 0x80}})
sendmsg$nl_route_sched(r2, 0x0, 0x0)
gettid()
ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT(0xffffffffffffffff, 0xc0605345, 0x0)
ioctl$EVIOCGRAB(r1, 0x40044590, &(0x7f0000000140))
r8 = syz_init_net_socket$ax25(0x3, 0x3, 0x0)
setsockopt$ax25_int(r8, 0x101, 0x3, &(0x7f0000000000)=0x4, 0x4)
r9 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r9, 0x400448ca, 0x0)
r10 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt_hci(r9, 0x400448c9, 0x0)
bind$bt_hci(r10, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6)
write(r10, &(0x7f0000000340)="07000000010000", 0x7)
write$char_usb(r1, &(0x7f0000000040)="e2", 0x2778)
r11 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x0)

1.830733799s ago: executing program 0 (id=2177):
socket$nl_route(0x10, 0x3, 0x0)
timerfd_settime(0xffffffffffffffff, 0x3, &(0x7f0000000040)={{0x77359400}, {0x0, 0x989680}}, 0x0)
timerfd_gettime(0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000080), 0x0)
r2 = syz_open_dev$hidraw(&(0x7f0000000280), 0x0, 0x0)
syz_open_dev$hidraw(&(0x7f0000000940), 0x0, 0x0)
ioctl$HIDIOCGFEATURE(r2, 0x4004480c, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
r4 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r5 = dup(r4)
write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c)
syz_io_uring_setup(0x690a, &(0x7f0000000340), &(0x7f0000000140), &(0x7f0000000280))
r6 = socket$inet6_udplite(0xa, 0x2, 0x88)
sendto$inet6(r6, 0x0, 0x0, 0x4c004, &(0x7f0000002880)={0xa, 0x4e22, 0x0, @mcast2}, 0x1c)
sendmmsg$inet6(r6, &(0x7f0000000fc0)=[{{0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000640)="383cd9cbce39f8c83f86c16cba3abbe0a1cc0ad921451ad90d20c72eb63222a37aae8f91c29a66efc1105e7f0b06d2d7d1f876c12c8b973ed6d1cc7e50c655a261d38303a2a8207b93fdf1c3119793fde070c8b352da2b29dc1881854b3c4e3fee5c11fb47c67ad456420760e853740c170a0a959fb04834d318beb94d0f919978e7735438d039dc81547bd691dc26888535a0af6262f7aee3fcde21e4e51474c1154f91dd642c1523f08a194491fbb33e25fe4f566802650ed77497cef0b0ce59681befc62a0c1e9b5899567715c0824463466d6d948a059962e44407245258ba2e6d02affafb03fcfdcecb5691e97fa7f332a35ff0c8e379a5f91e01302be79027b1f342614b0c616786ee8fc05d1ff275918e487ee241ae9759a500137bb7e63f65ec7969cff76b97e14dd7a7de48e37584ba66da992e3674d3f8a0788c6e72b0a736b8da9c6087090fcd5c0e3aefb88b39c8892becf8760560b16a45cfee5304f4d6c228772200d4fe48be3b4ed570c85f7b09c94210375e7263dc1119bf9aef972f32cbb6d70b427bb3c3fe211353d210eb27a757bc592b268d92c8e3c8632467f93c9a5a0cf90d0f8e0c6480b512e70828c5e2b53ed5d5f4b9f1d84477c209886aa095a77087d93c166797ec3282daf2f8e18d9944b4b9a13bb391b312fea26301ce18952204d4552bcc707112cb10d18df37379961ba957caf4bfaf4c48f0573ef237fb1f1cd0310a39d55f5def3da37e2e8a0f5573a2268ba74afb62f681f4bd02c9f250b3ff01388e59f69d9d651506561dfd901aa56129b8474afec21fc1115a38198fd0047e132cf879fb1dcf374eff81e5f079493d55a70014722b9157080281f42c7f37711aec262670ba5ddd151bdd018542c803b47be1dfc884ff5a22156fb9032095de7e69afe9eab810b0c3bac90a8ca8d8c1cb7919a082e7d6d5b2944822ebba4aef382525c5c3382bd8b9d368c337247b935aca5aa46e1124e350ef3fb60b80dd35dc0c65e45c81cd9f271be8c97b8845928926f931641af62f2bc81a6a1a982f8f3318da1a38489f51c564c6c7791fe2f63a10e0e432271aa1aff11f899c87a5c29c5bef73ed72473fada6f49d0af7916800fae9a4b8c60a2c69a93ba9abad0df99ea168cd40c63dee61518dcf8bb29743085de0b2b0cc0a68c4005120fa8ee871b8baa2c6f2f2f4c22002231c9334ca23804457df0922cfc37aaf4b8e4757ff37cd16052006e8bd20a086e4c2a2c3d8dd722e67dd0cb0204a577febd46d1c2315db5c5929c23d08b9c0fcaf9eef78f48d7ef6f51e5b9a6046699d572a9195b8a61ddab408580e209f5fdd804099f01afb597ef41419c82d029be14b8ac40c23c4519619301536709fed1a3150ed69f34012ee25257f4b19fcd1f3d1bfd5be03f85587470c85372ae257d220d7c346bfbd22fbfba27d5daf988e5fbed3c1872e70039f9196f61a30436791a65d5f727b5eb375a06735f7fab2e0434e6424e333a8d098e61c2793b9030df7427f5d654f48ac2f547acce2293fbc7ae6afd36008c31078cef27ec19e975b387ae73ba3e5b3657869ee0fe24a33b558fe42386466d55c56a3b5ce46c54df104bfa002e97e8bde1811681687dc7a2269783476a2c4106bcb25057a72c527a0747d7bef127e4dcd22a658ebe1ff79a77cd887734621b2fc9c4336c5ddc1fb49812b869c13", 0x4b9}], 0x1}}, {{0x0, 0x0, &(0x7f0000007440)=[{&(0x7f0000001500)="adf5bd04f01eccec95c1c5ca7fba623735df51cf89844d9bad7429917e03ad4b4cc6ae623ad8c0924b316f0e6d195479b75186ca55315366ef5d0b491b1811e932fb16a15906cab57fa112718bef35405bee39435abc9aa27f44c0fb7d15e1d8dd4b7a59deae296177fe9316e72cbc89f7e7e7c83d3ffae7d847a21894888b3de40826e54e7a0fc7b552c388637004dc3ea210d2c6dfc6283f690afa5b85b25939464a350dcdf1c38d97854aba19593fc884caec78d9c0", 0xb7}], 0x1}}, {{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f00000001c0)="6be87034983df7d6abe2c2e287503e9fe67324bd3e88", 0x16}], 0x1}}], 0x3, 0x400c804)
getdents(0xffffffffffffffff, 0x0, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_STRSET_GET(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="e9070000000000000000010000001c0002800c00018008000100030000000c0001800800010001000000"], 0x30}}, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x4e20, @local}]}, &(0x7f0000000100)=0x10)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000180)={0x0, @in6={{0xa, 0x3, 0x0, @empty}}, 0xfffffffc, 0x3, 0x989, 0x0, 0x84, 0x8000}, 0x9c)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, 0xffffffffffffffff, 0x0)
syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$F2FS_IOC_MOVE_RANGE(r3, 0xc01cf509, &(0x7f0000000240)={<r9=>r0, 0xa80, 0x1, 0xffff})
read$FUSE(r9, &(0x7f00000003c0)={0x2020}, 0x2020)

998.802285ms ago: executing program 3 (id=2178):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f0000000800)=ANY=[@ANYRES16=r0, @ANYRES8=r0, @ANYRES8=0x0, @ANYRESOCT=r0, @ANYRESDEC=r0, @ANYRES16=r0, @ANYRES32=r0, @ANYRESHEX=r0, @ANYRES32=r0], &(0x7f0000000040)='syzkaller\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, &(0x7f0000000340)=[{0x0, 0x5, 0x8, 0xb}, {0x5, 0x2, 0x13, 0x3}, {0x5, 0x5, 0x5, 0x9}], 0x10, 0x37, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
r2 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r2, &(0x7f00000007c0)={0x400000000000000, 0x0, &(0x7f0000000140)={&(0x7f0000000480)=ANY=[@ANYBLOB="020f00000c0000000005000500000000000a000000000000f8ffffeb4d3595c35d71eb000000000000000000000000000000ff7f0200000000000000000000000000010000000000000000c470fdbb246abbba023a6c3a19f273a7caac18291ba04ec81b835fd5e9c2465d8efcb746cda0ee501e1ae59ef150acb8061f28302fd3b670797fe0da847950819596ce2a12b721da56d3f7ee8f264a7e1562d32ea1290fee2d9f85e9921465c1e09ff10622861e243b7b20a6b164ad00"/200], 0x60}}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2)
r5 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$inet6_udp_int(r5, 0x11, 0x65, &(0x7f0000000040)=0x91, 0x4)
connect$inet6(r5, &(0x7f0000000080)={0xa, 0x4e23, 0x7fffffe, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x9}, 0xfffffffffffffeb0)
sendmmsg$inet6(r5, &(0x7f0000003cc0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)
r6 = syz_open_dev$loop(&(0x7f00000001c0), 0x0, 0x0)
r7 = syz_open_dev$I2C(&(0x7f0000003000), 0x0, 0x0)
ioctl$I2C_SMBUS(r7, 0x720, &(0x7f0000003080)={0x1, 0x0, 0x6, &(0x7f0000003040)={0x0, "f4e1a230be8f46463fb1a5f1b44f44eaa65e485b747aa95df8c01eaf07677d18bc"}})
ioctl$LOOP_SET_CAPACITY(r6, 0x4c07)
openat$nullb(0xffffffffffffff9c, 0x0, 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
socket$packet(0x11, 0x2, 0x300)
syz_init_net_socket$rose(0xb, 0x5, 0x0)
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0100000003000000040000000c00000000000000", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00', @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)

891.412651ms ago: executing program 0 (id=2179):
setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x41, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[@ANYBLOB, @ANYBLOB="0000000000000000b70500000800000085000000a50000009500000000"], &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000200)={0xa}, 0x8, 0x10, &(0x7f0000000240)={0x3, 0x4, 0x3, 0x6}, 0x10, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000340)=[{0xfffffffe, 0x1, 0xa, 0xb}, {0x2, 0x2, 0xf, 0x7}, {0x5, 0x2, 0x13, 0x2}, {0x5, 0x5, 0x8, 0x9}], 0x10, 0x37, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r0 = syz_clone(0x800c000, &(0x7f0000001480), 0x0, 0x0, 0x0, 0x0)
kcmp(r0, 0x0, 0x2, 0xffffffffffffffff, 0xffffffffffffffff)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2)
socket(0xa, 0x1, 0x0)
prlimit64(0x0, 0xa, &(0x7f00000002c0)={0x0, 0x2}, 0x0)
setreuid(0x0, 0x0)
setresuid(0x0, 0x0, 0x0)
r4 = socket$inet6_sctp(0xa, 0x801, 0x84)
sendmmsg$inet6(r4, &(0x7f00000025c0)=[{{&(0x7f0000000000)={0xa, 0x4e22, 0x0, @private1}, 0x1c, &(0x7f0000000300)=[{&(0x7f0000000040)='P', 0x1}], 0x1, 0x0, 0x0, 0x40000000}}, {{&(0x7f0000000100)={0xa, 0x0, 0x0, @private1}, 0x1c, &(0x7f0000002400)=[{&(0x7f0000000140)='i', 0x1}], 0x1}}], 0x2, 0x0)

10.262341ms ago: executing program 3 (id=2180):
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = userfaultfd(0x1)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040))
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
mremap(&(0x7f00002d7000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f000082a000/0x400000)=nil)
get_mempolicy(0x0, 0x0, 0x0, &(0x7f0000a88000/0x2000)=nil, 0x3)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="17000000f5ff000000ff000000000000005400", @ANYRES32=0x1, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000200"/28], 0x50)
open(&(0x7f0000000180)='./bus\x00', 0x14957e, 0x0)
mount(&(0x7f0000000040)=@nullb, &(0x7f0000000280)='./bus\x00', &(0x7f0000000240)='minix\x00', 0x2808088, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000001640)={&(0x7f0000000300)={0x2, 0x0, @multicast2=0xe0000001}, 0x10, 0x0, 0x0, 0x0, 0x38}, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
openat$rdma_cm(0xffffff9c, &(0x7f0000000000), 0x2, 0x0)
r5 = io_uring_setup(0x7bd9, &(0x7f0000000180)={0x0, 0x480e, 0x400, 0x0, 0x43})
r6 = io_uring_register$IORING_REGISTER_PERSONALITY(r5, 0x9, 0x0, 0x0)
io_uring_register$IORING_UNREGISTER_PERSONALITY(r5, 0x1b, 0x20000009, r6)
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
mkdir(&(0x7f0000000040)='./file0\x00', 0x1c)
r7 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r7, 0x400448de, &(0x7f00000000c0)={0x0, 0x0, "cd0200"})
r8 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r8, &(0x7f0000000340)={0x1f, 0xffff, 0x3}, 0x6)
write(r8, &(0x7f0000000040)="05000000010000", 0x7)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000080)='mem_disconnect\x00', r4}, 0x10)
socket$inet6_tcp(0xa, 0x1, 0x0)

0s ago: executing program 0 (id=2181):
r0 = ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0)
writev(r0, &(0x7f00000002c0)=[{&(0x7f0000000000)="95337cf2db738cd606b72595e964faa755f2f0985d7777c62bab6a8eb32821d8da519c85fea4e63e6822d816302c73913c07f3dceed3cc7ebf4cc384c728f8577470f32a609e73a624982108be098a507afecf372b525f5e31e734bb026032a0c78884d45cb1d5cb214640e414afa7e0053018c702a09b988c7f14722b2e2f50220d88b3af4e159e78e13d5ef1a55d15adcb68e9cba9636deddde73193f2d32adbcb0c6e7ab36c1e4a94cde02855a53a7b5732e55df94fb0af3950b94f20d3f075165f26766a55ee2c30ec5b577464039ae6cd870f32fa7c268dffa98e83eca58661f4d547c848d139875fb7b297f05a", 0xf0}, {&(0x7f0000000100)}, {&(0x7f0000000140)="55354e296eebe04322a1d53c0a323bd5997df44375d12bf2041820f96b91be59379b3d37f82ef33b566c9194", 0x2c}, {&(0x7f0000000180)="92034a137e9db5ed3b48f08f8eade48968e19b7d4e8b1146a80913fdde4163b1b32e5e60be6528616fbdf0de00032e96231d505f91a699c35606b001f27bbd92b83bf7e629635ad7742a08348d8cf0c58812c77f5f8d96ef856655e6494a0306aa79dcac2cf4b1ee51cd6e84b424d3148691e123f4c1938f41167101cdb4098e1bcedc433c5589957286a33257671c01ee961978bf33", 0x96}, {&(0x7f0000000240)="c7d812469e8e22d00fef6f51585e7fd45514a5eb4d79866b60b5643b31442b3e36", 0x21}, {&(0x7f0000000280)="aed32d38a62e2695e389c74e28ec5c6c75c005ccd01fea65a3d24f9927b3159f6cb5dd8b", 0x24}], 0x6)
pread64(r0, &(0x7f0000000300)=""/214, 0xd6, 0x5)
r1 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000440)=@o_path={&(0x7f0000000400)='./file0\x00', 0x0, 0x4000, r0}, 0x14)
ioctl$EXT4_IOC_SWAP_BOOT(r1, 0x6611)
pread64(r0, &(0x7f0000000480)=""/135, 0x87, 0x4)
r2 = openat$vhost_vsock(0xffffff9c, &(0x7f0000000540), 0x2, 0x0)
ioctl$VHOST_VSOCK_SET_RUNNING(r2, 0x4004af61, &(0x7f0000000580)=0x1)
r3 = syz_open_dev$tty1(0xc, 0x4, 0x3)
ioctl$KDSKBSENT(r3, 0x4b49, &(0x7f00000005c0)={0xfd, "22fa240785268ffebefe5ba2f28bd9340a7f67a250b81782f94c0559d0138a95acc67bea5876bec26217a25cda2538d7d22839286fb0bbd9e7a941df78df8572872cb67944fc809d19929170d104df5cee7a00c478f857eac8134d2bb62cc3cdd6bab75fb8a3482dd301cc092b0ea02fbd689c6e84c3848caf2577212d9ffdc79b09d896a29a23ea8854e401ce0d7a7c90a5930b0ec6777c9b7903b869dbef7472ea1bb3b845cc28f5d3a30a4785c9af2c3b7e2f7559406f9cc70f0ece915b21033dcf8b92ec0f3efa9882605d451d74e08a2fc517f0df35bb810b9a7c5ec3c2128f4adaf2c9885babed87bad4f6877171be611ae9651631c60cb39fbc036eab1a4df1d516d17422908e814d90edb139d9be375bffb319cb552a8fefede4226b385492e63f06a652cae9dc9407b49cf3774744c9756abd66cc7615819e3dd6ec053188f88d97112b97d88842e2a675a98fd78c471fdec0d7a3c99483ec8e979898e5602928d2cfcb14d047dab7a6f24cdf9e3916ed4f92ce9428e715532f144aa99915c86235b2d6591daa2c4601b383597c2ccc5836296501fa55b2b5d89c954a6de9cf60975ce9023eab5b2085dcde0a8b63dae73671edefcee6e9a9d6a79abf1cabcf88d3d914c4b06dfa5b4717c681b9a20bbdd6184e7430fea60e3073551a0fb1c5a9a0b72e5da8dd78103d648f93317aaf7dc41922835f0326278ad312"})
ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, 0x0)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000880)={0x3, &(0x7f0000000840)=[{0x4, 0x7f, 0x0, 0x16e}, {0x8, 0x1, 0x6, 0x4}, {0x1ff, 0x2, 0xe9, 0x7}]}, 0x8)
sync()
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000900)={0x0, 0x0})
ioctl$KDSKBENT(r3, 0x4b47, &(0x7f0000000940)={0x1, 0x4, 0x2})
socket(0x15, 0x3, 0x10000)
ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, &(0x7f0000000980)={{0x1, 0x1, 0x18, <r4=>r1, {0xf, 0xf7bf}}, './file0\x00'})
r5 = open$dir(&(0x7f0000000a00)='./file0\x00', 0x20080, 0x100)
linkat(r4, &(0x7f00000009c0)='./file0\x00', r5, &(0x7f0000000a40)='./file0\x00', 0x490045595102bc32)
write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000ac0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000a80)={<r6=>0xffffffffffffffff}, 0x111, 0xa}}, 0x20)
write$RDMA_USER_CM_CMD_CONNECT(r4, &(0x7f0000000b00)={0x6, 0x118, 0xfa00, {{0x8000, 0x2, "b44a72d7ec6e8ce63c765c292f782fa9c170c765d96e445e6c26ce59cadd8ebd42e46783ac241595d534f8cde5ea2220d9f3da6de75ab5deb4150d398dd0e6fb2256db0fdec4887b32a965ef596b3131fbf7a9e5c8b788921fb3f4ae31cc8a36b3e65824fefc4a12de6bfbb723ff10790d18fcdb4f1d8a4aa77107dddfc9817403123c57164f8aaf770d8b1657b54e2dcc7170745933988496f5432b21087a313252d2d9d86b10fef76dd6d02b410c94b0ff1824ee6645e2baa6e468199c4ddc692ffd26a87bce46c29bf80be8a5511ef771e47e7b57e80a1f9152bc81cc30ddbc61de89cd696737dcdddb101322538bfa1df98e202d35606a7b22d52892c7a6", 0x6, 0x80, 0x0, 0xc, 0x5b, 0x7, 0x8, 0x1}, r6}}, 0x120)
r7 = add_key$keyring(&(0x7f0000000d40), &(0x7f0000000d80)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffe)
add_key$fscrypt_v1(&(0x7f0000000c40), &(0x7f0000000c80)={'fscrypt:', @desc1}, &(0x7f0000000cc0)={0x0, "4ea1cb79c1d9bda8dbb57d9db03b1ba91623620a72570d93e26b98beb762a4ea851d0c4112d6936eea12a1121918b7f14dc6c52b0884767911251c78f144ccf9", 0x26}, 0x48, r7)
pread64(r3, &(0x7f0000000dc0)=""/240, 0xf0, 0x1)
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r4, 0xc0189379, &(0x7f0000000f00)={{0x1, 0x1, 0x18, <r8=>0xffffffffffffffff}, './file0\x00'})
syz_genetlink_get_family_id$nl80211(&(0x7f0000000ec0), r8)
ioctl$FITRIM(r3, 0xc0185879, &(0x7f0000000f40)={0x7, 0x383, 0x10000})
io_setup(0x8001, &(0x7f0000000f80))
syz_emit_vhci(&(0x7f0000000fc0)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x1, 0x0, 0xc}, @l2cap_cid_le_signaling={{0x8}, @l2cap_le_credits={{0x16, 0x3, 0x4}, {0x2, 0x6}}}}, 0x11)
keyctl$restrict_keyring(0x1d, r7, &(0x7f0000001000)='pkcs7_test\x00', &(0x7f0000001040)='*,\x00')

kernel console output (not intermixed with test programs):

0c20 tx timeout
[  265.587704][ T9927] FAULT_INJECTION: forcing a failure.
[  265.587704][ T9927] name failslab, interval 1, probability 0, space 0, times 0
[  265.591624][ T9927] CPU: 1 UID: 0 PID: 9927 Comm: syz.2.1311 Not tainted 6.12.0-rc3-syzkaller-00044-g2f87d0916ce0 #0
[  265.594890][ T9927] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  265.597656][ T9927] Call Trace:
[  265.598455][ T9927]  <TASK>
[  265.599194][ T9927]  dump_stack_lvl+0x16c/0x1f0
[  265.600405][ T9927]  should_fail_ex+0x497/0x5b0
[  265.601834][ T9927]  ? fs_reclaim_acquire+0xae/0x150
[  265.603086][ T9927]  should_failslab+0xc2/0x120
[  265.604222][ T9927]  __kmalloc_noprof+0xcb/0x410
[  265.605841][ T9927]  lsm_blob_alloc+0x68/0x90
[  265.607448][ T9927]  security_sk_alloc+0x30/0x270
[  265.608787][ T9927]  sk_prot_alloc+0xfb/0x2a0
[  265.609937][ T9927]  sk_alloc+0x36/0xb90
[  265.610973][ T9927]  inet_create+0x3a1/0x1070
[  265.612121][ T9927]  ? inet_create+0x90/0x1070
[  265.613269][ T9927]  __sock_create+0x32e/0x840
[  265.614476][ T9927]  __sys_socket+0x14f/0x260
[  265.615670][ T9927]  ? __pfx___sys_socket+0x10/0x10
[  265.617067][ T9927]  ? ksys_write+0x1ad/0x260
[  265.618242][ T9927]  ? __pfx_ksys_write+0x10/0x10
[  265.619458][ T9927]  __ia32_sys_socket+0x72/0xb0
[  265.620673][ T9927]  ? syscall_enter_from_user_mode_prepare+0x68/0xe0
[  265.622314][ T9927]  __do_fast_syscall_32+0x73/0x120
[  265.623587][ T9927]  do_fast_syscall_32+0x32/0x80
[  265.624942][ T9927]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  265.626498][ T9927] RIP: 0023:0xf7fef579
[  265.627492][ T9927] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  265.632031][ T9927] RSP: 002b:00000000f577656c EFLAGS: 00000296 ORIG_RAX: 0000000000000167
[  265.634024][ T9927] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 0000000000000002
[  265.635951][ T9927] RDX: 0000000000000088 RSI: 0000000000000000 RDI: 0000000000000000
[  265.637846][ T9927] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  265.639740][ T9927] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  265.641652][ T9927] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  265.643525][ T9927]  </TASK>
[  265.737354][ T5351] Bluetooth: hci3: ACL packet for unknown connection handle 200
[  265.752597][ T5351] Bluetooth: hci0: ACL packet for unknown connection handle 200
[  265.919549][ T5351] Bluetooth: hci3: ACL packet for unknown connection handle 200
[  265.961961][ T9941] syzkaller1: entered promiscuous mode
[  265.963364][ T9941] syzkaller1: entered allmulticast mode
[  266.030305][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  266.672003][ T9957] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check.
[  267.070279][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  267.149958][ T5351] Bluetooth: hci0: ACL packet for unknown connection handle 200
[  267.248607][ T5351] Bluetooth: hci1: ACL packet for unknown connection handle 200
[  267.390291][ T5351] Bluetooth: hci0: command 0x0c20 tx timeout
[  267.413613][ T9980] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1328'.
[  267.496225][ T5351] Bluetooth: hci1: unexpected event for opcode 0x202a
[  268.110320][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  268.244193][ T9995] warning: `syz.1.1333' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  268.245842][ T5351] Bluetooth: hci0: ACL packet for unknown connection handle 200
[  268.309928][ T5351] Bluetooth: hci1: ACL packet for unknown connection handle 200
[  268.562277][ T5351] Bluetooth: hci1: unexpected event for opcode 0x202a
[  268.660009][T10011] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check.
[  269.150393][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  269.209836][ T5351] Bluetooth: hci1: ACL packet for unknown connection handle 200
[  269.368584][T10017] block device autoloading is deprecated and will be removed.
[  269.379857][T10019] netlink: 92 bytes leftover after parsing attributes in process `syz.1.1342'.
[  269.384790][T10019] netlink: 92 bytes leftover after parsing attributes in process `syz.1.1342'.
[  269.467958][T10024] bridge0: port 3(ipvlan2) entered blocking state
[  269.470095][T10024] bridge0: port 3(ipvlan2) entered disabled state
[  269.472777][T10024] ipvlan2: entered allmulticast mode
[  269.474933][T10024] bridge0: entered allmulticast mode
[  269.477432][T10024] ipvlan2: left allmulticast mode
[  269.478969][T10024] bridge0: left allmulticast mode
[  269.480348][ T5351] Bluetooth: hci0: command 0x0c20 tx timeout
[  269.568496][T10019] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(11)
[  269.570689][T10019] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  269.577907][T10019] vhci_hcd vhci_hcd.0: Device attached
[  269.652339][T10029] vhci_hcd: connection closed
[  269.653893][ T1097] vhci_hcd: stop threads
[  269.657021][ T1097] vhci_hcd: release socket
[  269.658592][ T1097] vhci_hcd: disconnect device
[  269.663267][ T5351] Bluetooth: hci2: ACL packet for unknown connection handle 200
[  270.190345][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  270.327551][ T5351] Bluetooth: hci1: unexpected event for opcode 0x202a
[  270.334949][T10043] FAULT_INJECTION: forcing a failure.
[  270.334949][T10043] name failslab, interval 1, probability 0, space 0, times 0
[  270.339232][T10043] CPU: 1 UID: 0 PID: 10043 Comm: syz.1.1349 Not tainted 6.12.0-rc3-syzkaller-00044-g2f87d0916ce0 #0
[  270.342809][T10043] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  270.346363][T10043] Call Trace:
[  270.347495][T10043]  <TASK>
[  270.348490][T10043]  dump_stack_lvl+0x16c/0x1f0
[  270.350115][T10043]  should_fail_ex+0x497/0x5b0
[  270.351700][T10043]  ? fs_reclaim_acquire+0xae/0x150
[  270.353426][T10043]  should_failslab+0xc2/0x120
[  270.355190][T10043]  __kmalloc_node_noprof+0xd1/0x440
[  270.356966][T10043]  ? alloc_slab_obj_exts+0x41/0xa0
[  270.358700][T10043]  alloc_slab_obj_exts+0x41/0xa0
[  270.360352][T10043]  __memcg_slab_post_alloc_hook+0x2a7/0x9b0
[  270.362352][T10043]  ? io_rsrc_data_alloc+0xe1/0x460
[  270.364061][T10043]  __kmalloc_noprof+0x39e/0x410
[  270.365733][T10043]  io_rsrc_data_alloc+0xe1/0x460
[  270.367393][T10043]  io_sqe_buffers_register+0x129/0xa60
[  270.369232][T10043]  ? __mutex_trylock_common+0xea/0x250
[  270.371060][T10043]  ? __pfx_io_sqe_buffers_register+0x10/0x10
[  270.373087][T10043]  ? rcu_is_watching+0x12/0xc0
[  270.374433][T10043]  ? __mutex_lock+0x1a6/0x9c0
[  270.375667][T10043]  ? __fget_files+0x23a/0x3f0
[  270.376923][T10043]  __io_uring_register+0x1e7c/0x1f00
[  270.378468][T10043]  ? __pfx___mutex_lock+0x10/0x10
[  270.379790][T10043]  ? __pfx___io_uring_register+0x10/0x10
[  270.381258][T10043]  ? __fget_files+0x244/0x3f0
[  270.382480][T10043]  __ia32_sys_io_uring_register+0x157/0x270
[  270.384003][T10043]  __do_fast_syscall_32+0x73/0x120
[  270.385333][T10043]  do_fast_syscall_32+0x32/0x80
[  270.386596][T10043]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  270.388222][T10043] RIP: 0023:0xf7f11579
[  270.389290][T10043] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  270.394264][T10043] RSP: 002b:00000000f567556c EFLAGS: 00000296 ORIG_RAX: 00000000000001ab
[  270.396560][T10043] RAX: ffffffffffffffda RBX: 000000000000000c RCX: 0000000000000000
[  270.398611][T10043] RDX: 0000000020002300 RSI: 0000000000003100 RDI: 0000000000000000
[  270.400682][T10043] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  270.402969][T10043] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  270.405204][T10043] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  270.407835][T10043]  </TASK>
[  270.728200][ T5351] Bluetooth: hci3: ACL packet for unknown connection handle 200
[  271.003133][T10056] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1354'.
[  271.163499][ T5351] Bluetooth: hci2: ACL packet for unknown connection handle 200
[  271.230397][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  271.552278][ T5351] Bluetooth: hci0: command 0x0c20 tx timeout
[  271.585061][T10047] netlink: 'syz.3.1350': attribute type 10 has an invalid length.
[  271.673334][T10068] Bluetooth: hci0: Opcode 0x0c20 failed: -112
[  272.172030][T10082] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1361'.
[  272.270282][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  272.288235][   T40] audit: type=1326 audit(1729063111.380:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10083 comm="syz.3.1362" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fef579 code=0x7ffc0000
[  272.312220][   T40] audit: type=1326 audit(1729063111.380:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10083 comm="syz.3.1362" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fef579 code=0x7ffc0000
[  272.333004][   T40] audit: type=1326 audit(1729063111.380:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10083 comm="syz.3.1362" exe="/syz-executor" sig=0 arch=40000003 syscall=386 compat=1 ip=0xf7fef579 code=0x7ffc0000
[  272.368844][   T40] audit: type=1326 audit(1729063111.380:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10083 comm="syz.3.1362" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fef579 code=0x7ffc0000
[  272.415400][   T40] audit: type=1326 audit(1729063111.380:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10083 comm="syz.3.1362" exe="/syz-executor" sig=0 arch=40000003 syscall=310 compat=1 ip=0xf7fef579 code=0x7ffc0000
[  272.469870][   T40] audit: type=1326 audit(1729063111.380:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10083 comm="syz.3.1362" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fef579 code=0x7ffc0000
[  272.492439][   T40] audit: type=1326 audit(1729063111.380:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10083 comm="syz.3.1362" exe="/syz-executor" sig=0 arch=40000003 syscall=277 compat=1 ip=0xf7fef579 code=0x7ffc0000
[  272.510638][   T40] audit: type=1326 audit(1729063111.390:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10083 comm="syz.3.1362" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fef579 code=0x7ffc0000
[  272.516183][   T40] audit: type=1326 audit(1729063111.390:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10083 comm="syz.3.1362" exe="/syz-executor" sig=0 arch=40000003 syscall=354 compat=1 ip=0xf7fef579 code=0x7ffc0000
[  272.540533][   T40] audit: type=1326 audit(1729063111.390:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10083 comm="syz.3.1362" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fef579 code=0x7ffc0000
[  273.320285][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  273.640337][ T5349] Bluetooth: hci0: command 0x0c20 tx timeout
[  273.642082][ T5351] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  274.360264][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  274.492309][T10109] netlink: 'syz.2.1369': attribute type 10 has an invalid length.
[  275.151702][T10140] tipc: Enabling of bearer <udp:s> rejected, already enabled
[  275.302300][ T5351] Bluetooth: hci0: ACL packet for unknown connection handle 200
[  275.390339][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  275.720343][ T5351] Bluetooth: hci0: command 0x0c20 tx timeout
[  276.440304][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  276.460724][ T5351] Bluetooth: hci0: ACL packet for unknown connection handle 200
[  276.854168][T10176] Bluetooth: hci0: Opcode 0x0c20 failed: -112
[  276.990157][T10169] netlink: 'syz.2.1386': attribute type 10 has an invalid length.
[  277.470270][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  277.800328][ T5349] Bluetooth: hci0: command 0x0c20 tx timeout
[  277.802004][ T5351] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  277.803111][T10197] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  277.805967][T10197] tipc: Enabled bearer <udp:s>, priority 10
[  277.901552][T10202] x_tables: ip_tables: MASQUERADE target: used from hooks INPUT, but only usable from POSTROUTING
[  277.950331][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  278.014920][ T5351] Bluetooth: hci3: ACL packet for unknown connection handle 200
[  278.090778][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  278.230916][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  278.370685][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  278.520612][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  278.522427][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  278.670330][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  278.810742][  T829] tipc: Node number set to 25048681
[  278.960500][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  279.870388][ T5351] Bluetooth: hci0: command 0x0c20 tx timeout
[  280.917921][T10229] netlink: 'syz.0.1403': attribute type 3 has an invalid length.
[  280.919942][T10229] netlink: 130984 bytes leftover after parsing attributes in process `syz.0.1403'.
[  281.471662][T10233] Cannot find set identified by id 0 to match
[  281.979923][ T5351] Bluetooth: hci0: command 0x0c20 tx timeout
[  282.680298][    C2] net_ratelimit: 7 callbacks suppressed
[  282.680317][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  282.920298][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  283.710306][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  283.831082][T10205] sched: DL replenish lagged too much
[  283.950296][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  284.109888][ T5351] Bluetooth: hci0: command 0x0c20 tx timeout
[  284.147096][T10247] tmpfs: Unknown parameter '�����'
[  284.750327][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  284.930676][T10267] process 'syz.0.1414' launched './file0' with NULL argv: empty string added
[  284.990327][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  285.141039][T10267] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1414'.
[  285.160587][   T40] kauditd_printk_skb: 5 callbacks suppressed
[  285.160600][   T40] audit: type=1326 audit(1729063124.220:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10265 comm="syz.0.1414" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf742e579 code=0x7ffc0000
[  285.160675][T10267] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1414'.
[  285.162550][   T40] audit: type=1326 audit(1729063124.220:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10265 comm="syz.0.1414" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf742e579 code=0x7ffc0000
[  285.168572][T10267] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1414'.
[  285.194880][   T40] audit: type=1326 audit(1729063124.220:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10265 comm="syz.0.1414" exe="/syz-executor" sig=0 arch=40000003 syscall=247 compat=1 ip=0xf742e579 code=0x7ffc0000
[  285.201588][T10267] Process accounting resumed
[  285.207204][   T40] audit: type=1326 audit(1729063124.220:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10265 comm="syz.0.1414" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf742e579 code=0x7ffc0000
[  285.213144][   T40] audit: type=1326 audit(1729063124.220:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10265 comm="syz.0.1414" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf742e579 code=0x7ffc0000
[  285.219838][   T40] audit: type=1326 audit(1729063124.220:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10265 comm="syz.0.1414" exe="/syz-executor" sig=0 arch=40000003 syscall=245 compat=1 ip=0xf742e579 code=0x7ffc0000
[  285.228716][   T40] audit: type=1326 audit(1729063124.220:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10265 comm="syz.0.1414" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf742e579 code=0x7ffc0000
[  285.235048][   T40] audit: type=1326 audit(1729063124.220:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10265 comm="syz.0.1414" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf742e579 code=0x7ffc0000
[  285.244223][   T40] audit: type=1326 audit(1729063124.220:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10265 comm="syz.0.1414" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf742e579 code=0x7ffc0000
[  285.251494][   T40] audit: type=1326 audit(1729063124.220:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10265 comm="syz.0.1414" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf742e579 code=0x7ffc0000
[  285.359745][T10281] netlink: 140 bytes leftover after parsing attributes in process `syz.0.1418'.
[  285.790299][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  286.030277][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  286.114941][T10300] IPVS: set_ctl: invalid protocol: 0 0.0.0.0:20000
[  286.190336][ T5351] Bluetooth: hci0: command 0x0c20 tx timeout
[  286.830336][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  287.070325][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  287.515753][ T5351] Bluetooth: hci2: ACL packet for unknown connection handle 200
[  287.870274][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  288.120322][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  288.910260][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  289.062772][T10356] batman_adv: batadv0: Adding interface: dummy0
[  289.069562][T10356] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  289.106562][T10356] batman_adv: batadv0: Not using interface dummy0 (retrying later): interface not active
[  289.160258][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  289.950361][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  290.200269][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  290.249865][ T5351] Bluetooth: hci0: ACL packet for unknown connection handle 200
[  290.639300][   T40] kauditd_printk_skb: 33 callbacks suppressed
[  290.639317][   T40] audit: type=1326 audit(1729063129.730:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10388 comm="syz.3.1449" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7fef579 code=0x0
[  290.990270][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  291.014032][T10382] netlink: 'syz.2.1445': attribute type 10 has an invalid length.
[  291.104494][T10394] RDS: rds_bind could not find a transport for fe80::1a, load rds_tcp or rds_rdma?
[  291.230276][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  291.496810][T10402] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1453'.
[  291.500929][T10402] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1453'.
[  291.503656][T10402] openvswitch: netlink: Actions may not be safe on all matching packets
[  291.506232][T10402] netlink: 104 bytes leftover after parsing attributes in process `syz.0.1453'.
[  291.508546][T10402] netlink: 104 bytes leftover after parsing attributes in process `syz.0.1453'.
[  291.599992][T10404] Bluetooth: hci0: Opcode 0x0c20 failed: -112
[  291.905714][ T5349] Bluetooth: hci0: ACL packet for unknown connection handle 200
[  292.030300][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  292.131824][T10419] block nbd0: not configured, cannot reconfigure
[  293.070264][    C2] net_ratelimit: 1 callbacks suppressed
[  293.070278][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  293.320260][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  293.550425][ T5349] Bluetooth: hci0: command 0x0c20 tx timeout
[  293.552085][ T5351] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  293.651900][T10453] Bluetooth: hci0: Opcode 0x0c20 failed: -112
[  293.659858][T10458] netlink: 'syz.1.1468': attribute type 3 has an invalid length.
[  293.662270][T10458] netlink: 130984 bytes leftover after parsing attributes in process `syz.1.1468'.
[  294.110299][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  294.350297][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  294.563704][ T5349] Bluetooth: hci3: ACL packet for unknown connection handle 200
[  294.861146][T10478] netlink: 'syz.1.1475': attribute type 10 has an invalid length.
[  295.080584][T10491] syzkaller1: entered promiscuous mode
[  295.085445][T10491] syzkaller1: entered allmulticast mode
[  295.150306][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  295.390422][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  295.502215][T10513] FAULT_INJECTION: forcing a failure.
[  295.502215][T10513] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  295.514878][T10513] CPU: 2 UID: 0 PID: 10513 Comm: syz.3.1485 Not tainted 6.12.0-rc3-syzkaller-00044-g2f87d0916ce0 #0
[  295.518084][T10513] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  295.521595][T10513] Call Trace:
[  295.522765][T10513]  <TASK>
[  295.523780][T10513]  dump_stack_lvl+0x16c/0x1f0
[  295.525168][T10513]  should_fail_ex+0x497/0x5b0
[  295.526445][T10513]  _copy_to_user+0x30/0xc0
[  295.527648][T10513]  simple_read_from_buffer+0xd0/0x160
[  295.529284][T10513]  proc_fail_nth_read+0x198/0x270
[  295.530854][T10513]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  295.532295][T10513]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  295.533720][T10513]  vfs_read+0x1ce/0xbd0
[  295.534813][T10513]  ? __fget_files+0x23a/0x3f0
[  295.536495][T10513]  ? fdget_pos+0x24c/0x360
[  295.537712][T10513]  ? __pfx_lock_release+0x10/0x10
[  295.539165][T10513]  ? trace_lock_acquire+0x14a/0x1d0
[  295.540535][T10513]  ? __pfx_vfs_read+0x10/0x10
[  295.541740][T10513]  ? __pfx___mutex_lock+0x10/0x10
[  295.543125][T10513]  ? __fget_files+0x244/0x3f0
[  295.544422][T10513]  ksys_read+0x12f/0x260
[  295.545565][T10513]  ? __pfx_ksys_read+0x10/0x10
[  295.546834][T10513]  __do_fast_syscall_32+0x73/0x120
[  295.548186][T10513]  do_fast_syscall_32+0x32/0x80
[  295.549510][T10513]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  295.551199][T10513] RIP: 0023:0xf7fef579
[  295.552302][T10513] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  295.557303][T10513] RSP: 002b:00000000f57555a0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  295.559440][T10513] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000f5755620
[  295.561465][T10513] RDX: 000000000000000f RSI: 00000000f747bff4 RDI: 0000000000000000
[  295.563477][T10513] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  295.565501][T10513] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  295.567519][T10513] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  295.569541][T10513]  </TASK>
[  295.634945][ T5349] Bluetooth: hci0: command 0x0c20 tx timeout
[  295.636916][ T5351] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  296.190271][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  296.440303][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  296.839363][T10522] netlink: 'syz.3.1486': attribute type 10 has an invalid length.
[  297.065855][T10543] FAULT_INJECTION: forcing a failure.
[  297.065855][T10543] name failslab, interval 1, probability 0, space 0, times 0
[  297.069737][T10543] CPU: 2 UID: 0 PID: 10543 Comm: syz.1.1493 Not tainted 6.12.0-rc3-syzkaller-00044-g2f87d0916ce0 #0
[  297.072509][T10543] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  297.075345][T10543] Call Trace:
[  297.076578][T10543]  <TASK>
[  297.078000][T10543]  dump_stack_lvl+0x16c/0x1f0
[  297.079661][T10543]  should_fail_ex+0x497/0x5b0
[  297.081404][T10543]  ? fs_reclaim_acquire+0xae/0x150
[  297.083112][T10543]  should_failslab+0xc2/0x120
[  297.084390][T10543]  __kmalloc_noprof+0xcb/0x410
[  297.085748][T10543]  io_alloc_async_data+0x9d/0x150
[  297.087093][T10543]  io_prep_rw+0x30d/0xb70
[  297.088603][T10543]  io_prep_rwv+0xa8/0x350
[  297.089814][T10543]  ? __pfx_io_prep_rwv+0x10/0x10
[  297.091476][T10543]  ? io_issue_sqe+0x1d3/0x1550
[  297.093083][T10543]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  297.094612][T10543]  io_submit_sqes+0x8aa/0x2530
[  297.095853][T10543]  __do_sys_io_uring_enter+0xc0f/0x1170
[  297.097323][T10543]  ? __fget_files+0x244/0x3f0
[  297.098560][T10543]  ? __pfx___do_sys_io_uring_enter+0x10/0x10
[  297.100148][T10543]  ? fput+0x30/0x390
[  297.101198][T10543]  ? ksys_write+0x1ad/0x260
[  297.102395][T10543]  ? __pfx_ksys_write+0x10/0x10
[  297.103683][T10543]  __do_fast_syscall_32+0x73/0x120
[  297.105018][T10543]  do_fast_syscall_32+0x32/0x80
[  297.106290][T10543]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  297.107923][T10543] RIP: 0023:0xf7f11579
[  297.109002][T10543] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  297.114332][T10543] RSP: 002b:00000000f569656c EFLAGS: 00000296 ORIG_RAX: 00000000000001aa
[  297.117053][T10543] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000000047ba
[  297.119584][T10543] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  297.121829][T10543] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  297.123815][T10543] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  297.126556][T10543] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  297.128867][T10543]  </TASK>
[  297.230264][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  297.480452][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  297.720306][ T5351] Bluetooth: hci0: command 0x0c20 tx timeout
[  298.109161][T10545] netlink: 'syz.0.1492': attribute type 10 has an invalid length.
[  298.270269][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  298.515604][T10577] infiniband Syz1: RDMA CMA: cma_listen_on_dev, error -98
[  298.518836][ T5351] Bluetooth: hci3: ACL packet for unknown connection handle 0
[  298.520280][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  298.522486][T10576] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  298.584301][T10582] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  299.311767][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  299.541337][T10601] FAULT_INJECTION: forcing a failure.
[  299.541337][T10601] name failslab, interval 1, probability 0, space 0, times 0
[  299.544654][T10601] CPU: 2 UID: 0 PID: 10601 Comm: syz.3.1509 Not tainted 6.12.0-rc3-syzkaller-00044-g2f87d0916ce0 #0
[  299.547491][T10601] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  299.550422][T10601] Call Trace:
[  299.551546][T10601]  <TASK>
[  299.552348][T10601]  dump_stack_lvl+0x16c/0x1f0
[  299.553616][T10601]  should_fail_ex+0x497/0x5b0
[  299.554923][T10601]  ? fs_reclaim_acquire+0xae/0x150
[  299.556308][T10601]  should_failslab+0xc2/0x120
[  299.557570][T10601]  __kmalloc_noprof+0xcb/0x410
[  299.558844][T10601]  ? kasan_save_track+0x14/0x30
[  299.560150][T10601]  alloc_pipe_info+0x1ec/0x590
[  299.561503][T10601]  splice_direct_to_actor+0x793/0xa40
[  299.562920][T10601]  ? __pfx_direct_splice_actor+0x10/0x10
[  299.564437][T10601]  ? __pfx_aa_file_perm+0x10/0x10
[  299.565832][T10601]  ? __pfx_splice_direct_to_actor+0x10/0x10
[  299.567379][T10601]  ? __fget_files+0x23a/0x3f0
[  299.568649][T10601]  do_splice_direct+0x178/0x250
[  299.569980][T10601]  ? __pfx_do_splice_direct+0x10/0x10
[  299.571415][T10601]  ? __pfx_direct_file_splice_eof+0x10/0x10
[  299.573027][T10601]  ? bpf_lsm_file_permission+0x9/0x10
[  299.574497][T10601]  ? security_file_permission+0x71/0x210
[  299.575990][T10601]  do_sendfile+0xb0c/0xe40
[  299.577196][T10601]  ? __pfx_do_sendfile+0x10/0x10
[  299.578519][T10601]  ? __fget_files+0x244/0x3f0
[  299.579754][T10601]  __ia32_compat_sys_sendfile+0x1e7/0x230
[  299.581263][T10601]  ? ksys_write+0x1ad/0x260
[  299.582456][T10601]  ? __pfx___ia32_compat_sys_sendfile+0x10/0x10
[  299.584198][T10601]  __do_fast_syscall_32+0x73/0x120
[  299.585581][T10601]  do_fast_syscall_32+0x32/0x80
[  299.586886][T10601]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  299.588598][T10601] RIP: 0023:0xf7fef579
[  299.589686][T10601] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  299.594791][T10601] RSP: 002b:00000000f573456c EFLAGS: 00000296 ORIG_RAX: 00000000000000bb
[  299.597052][T10601] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 0000000000000006
[  299.599210][T10601] RDX: 0000000000000000 RSI: 0000000000089ffc RDI: 0000000000000000
[  299.601394][T10601] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  299.603539][T10601] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  299.605675][T10601] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  299.607765][T10601]  </TASK>
[  299.608902][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  299.800374][ T5351] Bluetooth: hci0: command 0x0c20 tx timeout
[  300.350318][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  300.670361][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  301.261505][T10600] netlink: 'syz.2.1510': attribute type 10 has an invalid length.
[  301.390271][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  301.683609][T10594] netlink: 'syz.1.1507': attribute type 10 has an invalid length.
[  301.710348][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  302.295120][   T90] Bluetooth: hci4: Frame reassembly failed (-84)
[  302.299028][T10641] Bluetooth: hci4: Frame reassembly failed (-84)
[  302.430285][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  302.750270][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  302.920835][ T5349] Bluetooth: hci1: ACL packet for unknown connection handle 200
[  303.416545][T10665] Bluetooth: hci0: Opcode 0x0c20 failed: -112
[  303.480304][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  303.790266][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  304.360343][ T5351] Bluetooth: hci4: Entering manufacturer mode failed (-110)
[  304.360683][   T66] Bluetooth: hci4: command 0xfc11 tx timeout
[  304.510308][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  304.830297][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  304.842655][ T5351] Bluetooth: hci1: ACL packet for unknown connection handle 200
[  305.213068][T10707] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1542'.
[  305.216770][T10707] netlink: 'syz.1.1542': attribute type 2 has an invalid length.
[  305.300251][ T5351] Bluetooth: hci0: unexpected event for opcode 0x202a
[  305.304296][T10712] FAULT_INJECTION: forcing a failure.
[  305.304296][T10712] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  305.309066][T10712] CPU: 1 UID: 0 PID: 10712 Comm: syz.3.1543 Not tainted 6.12.0-rc3-syzkaller-00044-g2f87d0916ce0 #0
[  305.312824][T10712] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  305.315807][T10712] Call Trace:
[  305.316863][T10712]  <TASK>
[  305.317658][T10712]  dump_stack_lvl+0x16c/0x1f0
[  305.318916][T10712]  should_fail_ex+0x497/0x5b0
[  305.320164][T10712]  _copy_from_user+0x30/0xf0
[  305.321711][T10712]  video_usercopy+0xc62/0x1500
[  305.323506][T10712]  ? __pfx___video_do_ioctl+0x10/0x10
[  305.325355][T10712]  ? __pfx_video_usercopy+0x10/0x10
[  305.327139][T10712]  v4l2_ioctl+0x1ba/0x250
[  305.328873][T10712]  v4l2_compat_ioctl32+0x214/0x2c0
[  305.330677][T10712]  ? __pfx_v4l2_compat_ioctl32+0x10/0x10
[  305.332768][T10712]  __do_compat_sys_ioctl+0x259/0x2b0
[  305.334746][T10712]  __do_fast_syscall_32+0x73/0x120
[  305.336669][T10712]  do_fast_syscall_32+0x32/0x80
[  305.338451][T10712]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  305.340123][T10712] RIP: 0023:0xf7fef579
[  305.341352][T10712] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  305.346335][T10712] RSP: 002b:00000000f575556c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  305.348516][T10712] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 000000004020565a
[  305.350602][T10712] RDX: 0000000020000140 RSI: 0000000000000000 RDI: 0000000000000000
[  305.352623][T10712] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  305.354601][T10712] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  305.356819][T10712] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  305.358774][T10712]  </TASK>
[  305.389805][T10715] netlink: 'syz.2.1545': attribute type 11 has an invalid length.
[  305.444076][T10718] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1546'.
[  305.447686][T10718] netlink: 52 bytes leftover after parsing attributes in process `syz.2.1546'.
[  305.470311][ T5349] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  305.550266][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  305.567688][ T5349] Bluetooth: hci3: unexpected event for opcode 0x202a
[  305.880260][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  306.107398][ T5349] Bluetooth: hci1: ACL packet for unknown connection handle 200
[  306.403886][T10740] block device autoloading is deprecated and will be removed.
[  306.484873][T10742] bridge0: port 3(ipvlan2) entered blocking state
[  306.486638][T10742] bridge0: port 3(ipvlan2) entered disabled state
[  306.488525][T10742] ipvlan2: entered allmulticast mode
[  306.489877][T10742] bridge0: entered allmulticast mode
[  306.491890][T10742] ipvlan2: left allmulticast mode
[  306.493447][T10742] bridge0: left allmulticast mode
[  306.600304][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  306.649122][T10748] tmpfs: Bad value for 'mpol'
[  306.655350][T10748] netlink: 'syz.1.1554': attribute type 10 has an invalid length.
[  306.658260][T10748] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1554'.
[  306.910385][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  306.935739][ T5349] Bluetooth: hci3: ACL packet for unknown connection handle 200
[  307.630301][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  307.636038][ T5349] Bluetooth: hci2: unexpected event for opcode 0x202a
[  307.708685][T10771] FAULT_INJECTION: forcing a failure.
[  307.708685][T10771] name failslab, interval 1, probability 0, space 0, times 0
[  307.712020][T10771] CPU: 3 UID: 0 PID: 10771 Comm: syz.0.1563 Not tainted 6.12.0-rc3-syzkaller-00044-g2f87d0916ce0 #0
[  307.714761][T10771] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  307.717491][T10771] Call Trace:
[  307.718358][T10771]  <TASK>
[  307.719138][T10771]  dump_stack_lvl+0x16c/0x1f0
[  307.720394][T10771]  should_fail_ex+0x497/0x5b0
[  307.722077][T10771]  ? fs_reclaim_acquire+0xae/0x150
[  307.723397][T10771]  should_failslab+0xc2/0x120
[  307.724615][T10771]  __kmalloc_noprof+0xcb/0x410
[  307.725836][T10771]  io_rsrc_data_alloc+0xe1/0x460
[  307.727108][T10771]  io_sqe_buffers_register+0x129/0xa60
[  307.728509][T10771]  ? __mutex_trylock_common+0xea/0x250
[  307.729840][T10771]  ? __pfx_io_sqe_buffers_register+0x10/0x10
[  307.731316][T10771]  ? rcu_is_watching+0x12/0xc0
[  307.732540][T10771]  ? __mutex_lock+0x1a6/0x9c0
[  307.733710][T10771]  ? __fget_files+0x23a/0x3f0
[  307.734875][T10771]  __io_uring_register+0x1e7c/0x1f00
[  307.736232][T10771]  ? __pfx___mutex_lock+0x10/0x10
[  307.737481][T10771]  ? __pfx___io_uring_register+0x10/0x10
[  307.738881][T10771]  ? __fget_files+0x244/0x3f0
[  307.740065][T10771]  __ia32_sys_io_uring_register+0x157/0x270
[  307.741511][T10771]  __do_fast_syscall_32+0x73/0x120
[  307.742751][T10771]  do_fast_syscall_32+0x32/0x80
[  307.743948][T10771]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  307.745534][T10771] RIP: 0023:0xf742e579
[  307.746560][T10771] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  307.751292][T10771] RSP: 002b:00000000f56f556c EFLAGS: 00000296 ORIG_RAX: 00000000000001ab
[  307.753384][T10771] RAX: ffffffffffffffda RBX: 000000000000000c RCX: 0000000000000000
[  307.755410][T10771] RDX: 0000000020002300 RSI: 0000000000003100 RDI: 0000000000000000
[  307.757433][T10771] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  307.759411][T10771] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  307.761452][T10771] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  307.763493][T10771]  </TASK>
[  307.950410][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  308.039294][T10776] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1565'.
[  308.152159][T10778] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[  308.340086][T10780] trusted_key: syz.2.1567 sent an empty control message without MSG_MORE.
[  308.491701][ T5349] Bluetooth: hci2: ACL packet for unknown connection handle 200
[  308.670292][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  308.760611][ T5385] usb 7-1: new high-speed USB device number 5 using dummy_hcd
[  308.936198][ T5385] usb 7-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  308.938472][ T5385] usb 7-1: config 1 has an invalid descriptor of length 82, skipping remainder of the config
[  308.941703][ T5385] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 66
[  308.943963][ T5385] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 128, changing to 11
[  308.946762][ T5385] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8883, setting to 1024
[  308.954277][ T5385] usb 7-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  308.956709][ T5385] usb 7-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  308.958861][ T5385] usb 7-1: Product: syz
[  308.959979][ T5385] usb 7-1: Manufacturer: syz
[  308.965196][ T5385] cdc_wdm 7-1:1.0: skipping garbage
[  308.966604][ T5385] cdc_wdm 7-1:1.0: skipping garbage
[  308.971428][ T5385] cdc_wdm 7-1:1.0: cdc-wdm0: USB WDM device
[  308.974797][ T5385] cdc_wdm 7-1:1.0: Unknown control protocol
[  308.990290][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  309.169802][ T5385] usb 7-1: USB disconnect, device number 5
[  309.710337][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  310.030311][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  310.288485][T10810] netlink: 'syz.0.1575': attribute type 10 has an invalid length.
[  310.672609][T10827] Bluetooth: hci0: Opcode 0x0c20 failed: -112
[  310.750272][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  310.887698][T10837] FAULT_INJECTION: forcing a failure.
[  310.887698][T10837] name failslab, interval 1, probability 0, space 0, times 0
[  310.890697][T10837] CPU: 1 UID: 0 PID: 10837 Comm: syz.0.1581 Not tainted 6.12.0-rc3-syzkaller-00044-g2f87d0916ce0 #0
[  310.893174][T10837] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  310.895543][T10837] Call Trace:
[  310.896364][T10837]  <TASK>
[  310.897033][T10837]  dump_stack_lvl+0x16c/0x1f0
[  310.898129][T10837]  should_fail_ex+0x497/0x5b0
[  310.899234][T10837]  ? fs_reclaim_acquire+0xae/0x150
[  310.900434][T10837]  should_failslab+0xc2/0x120
[  310.901500][T10837]  __kmalloc_cache_noprof+0x6b/0x310
[  310.902712][T10837]  ? alloc_pipe_info+0x10e/0x590
[  310.903857][T10837]  alloc_pipe_info+0x10e/0x590
[  310.904995][T10837]  splice_direct_to_actor+0x793/0xa40
[  310.906423][T10837]  ? __pfx_direct_splice_actor+0x10/0x10
[  310.907736][T10837]  ? __pfx_aa_file_perm+0x10/0x10
[  310.908918][T10837]  ? __pfx_splice_direct_to_actor+0x10/0x10
[  310.910297][T10837]  ? __fget_files+0x23a/0x3f0
[  310.911399][T10837]  do_splice_direct+0x178/0x250
[  310.912585][T10837]  ? __pfx_do_splice_direct+0x10/0x10
[  310.913833][T10837]  ? __pfx_direct_file_splice_eof+0x10/0x10
[  310.915279][T10837]  ? bpf_lsm_file_permission+0x9/0x10
[  310.916546][T10837]  ? security_file_permission+0x71/0x210
[  310.917860][T10837]  do_sendfile+0xb0c/0xe40
[  310.918920][T10837]  ? __pfx_do_sendfile+0x10/0x10
[  310.920131][T10837]  ? __pfx___schedule+0x10/0x10
[  310.921274][T10837]  ? __fget_files+0x244/0x3f0
[  310.922375][T10837]  __ia32_compat_sys_sendfile+0x1e7/0x230
[  310.923701][T10837]  ? ksys_write+0x1ad/0x260
[  310.924774][T10837]  ? __pfx___ia32_compat_sys_sendfile+0x10/0x10
[  310.926233][T10837]  __do_fast_syscall_32+0x73/0x120
[  310.927418][T10837]  do_fast_syscall_32+0x32/0x80
[  310.928699][T10837]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  310.930159][T10837] RIP: 0023:0xf742e579
[  310.931115][T10837] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  310.935424][T10837] RSP: 002b:00000000f56d456c EFLAGS: 00000296 ORIG_RAX: 00000000000000bb
[  310.937380][T10837] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 0000000000000007
[  310.939275][T10837] RDX: 0000000000000000 RSI: 0000000000089ffc RDI: 0000000000000000
[  310.941114][T10837] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  310.942951][T10837] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  310.944866][T10837] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  310.946722][T10837]  </TASK>
[  311.070315][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  311.800269][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  312.120417][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  312.574000][ T5351] Bluetooth: hci2: unexpected event for opcode 0x202a
[  312.680502][ T5351] Bluetooth: hci0: command 0x0c20 tx timeout
[  312.682475][ T5349] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  312.830279][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  312.859855][ T5349] Bluetooth: hci3: ACL packet for unknown connection handle 200
[  312.988296][ T5349] Bluetooth: hci2: ACL packet for unknown connection handle 200
[  313.018740][T10881] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1594'.
[  313.150332][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  313.302006][T10888] Bluetooth: hci0: Opcode 0x0c20 failed: -112
[  313.870263][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  314.066385][ T5351] Bluetooth: hci3: unexpected event for opcode 0x202a
[  314.200289][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  314.250537][ T5351] Bluetooth: hci2: ACL packet for unknown connection handle 200
[  314.750465][ T5351] Bluetooth: hci0: command 0x0c20 tx timeout
[  314.752441][ T5349] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  314.910264][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  315.240301][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  315.420628][T10926] Bluetooth: hci0: Opcode 0x0c20 failed: -4
[  315.950274][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  316.270275][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  316.515547][ T1373] ieee802154 phy0 wpan0: encryption failed: -22
[  316.517873][ T1373] ieee802154 phy1 wpan1: encryption failed: -22
[  316.830356][ T5349] Bluetooth: hci0: command 0x0c20 tx timeout
[  316.990273][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  317.310269][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  318.040260][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  318.048769][T10978] Bluetooth: hci0: Opcode 0x0c20 failed: -112
[  318.350339][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  318.910305][ T5351] Bluetooth: hci0: command 0x0c20 tx timeout
[  318.911991][ T5349] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  319.070271][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  319.390344][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  319.801000][T11012] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1629'.
[  319.816152][T11012] bridge0: port 3(batadv1) entered blocking state
[  319.820840][T11012] bridge0: port 3(batadv1) entered disabled state
[  319.824728][T11012] batadv1: entered allmulticast mode
[  319.829435][T11012] batadv1: entered promiscuous mode
[  320.110277][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  320.123202][T11016] Bluetooth: hci0: Opcode 0x0c20 failed: -112
[  320.310460][ T1097] batman_adv: batadv1: No IGMP Querier present - multicast optimizations disabled
[  320.312886][ T1097] batman_adv: batadv1: No MLD Querier present - multicast optimizations disabled
[  320.427984][T11034] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check.
[  320.431993][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  321.000284][ T5351] Bluetooth: hci0: command 0x0c20 tx timeout
[  321.002688][ T5349] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  321.160271][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  321.223854][ T5349] Bluetooth: hci3: ACL packet for unknown connection handle 200
[  321.459858][T11055] Bluetooth: hci0: Opcode 0x0c20 failed: -112
[  321.470488][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  322.200269][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  322.440904][ T5351] Bluetooth: hci0: ACL packet for unknown connection handle 200
[  322.510257][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  323.070360][ T5351] Bluetooth: hci0: command 0x0c20 tx timeout
[  323.072279][ T5349] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  323.240380][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  323.509400][T11105] Bluetooth: hci0: Opcode 0x0c20 failed: -112
[  323.582243][ T5351] Bluetooth: hci2: ACL packet for unknown connection handle 200
[  324.280256][    C2] net_ratelimit: 1 callbacks suppressed
[  324.280268][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  324.590259][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  324.894056][T11137] FAULT_INJECTION: forcing a failure.
[  324.894056][T11137] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  324.897669][T11137] CPU: 2 UID: 0 PID: 11137 Comm: syz.1.1665 Not tainted 6.12.0-rc3-syzkaller-00044-g2f87d0916ce0 #0
[  324.900458][T11137] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  324.903240][T11137] Call Trace:
[  324.904130][T11137]  <TASK>
[  324.904908][T11137]  dump_stack_lvl+0x16c/0x1f0
[  324.906149][T11137]  should_fail_ex+0x497/0x5b0
[  324.907392][T11137]  _copy_to_user+0x30/0xc0
[  324.908576][T11137]  bpf_test_finish.isra.0+0x4a1/0x680
[  324.909981][T11137]  ? __might_fault+0xe3/0x190
[  324.911218][T11137]  ? __pfx_bpf_test_finish.isra.0+0x10/0x10
[  324.912772][T11137]  bpf_prog_test_run_xdp+0xa13/0x1580
[  324.914180][T11137]  ? lock_acquire+0x2f/0xb0
[  324.915377][T11137]  ? __fget_files+0x40/0x3f0
[  324.916609][T11137]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  324.918135][T11137]  ? fput+0x30/0x390
[  324.919168][T11137]  ? __bpf_prog_get+0xa0/0x290
[  324.920426][T11137]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  324.921943][T11137]  __sys_bpf+0x1921/0x5780
[  324.923117][T11137]  ? ksys_write+0x21e/0x260
[  324.924314][T11137]  ? __pfx___sys_bpf+0x10/0x10
[  324.925568][T11137]  ? vfs_write+0x14d/0x1140
[  324.926756][T11137]  ? __mutex_unlock_slowpath+0x164/0x650
[  324.928232][T11137]  ? fput+0x30/0x390
[  324.929263][T11137]  ? ksys_write+0x1ad/0x260
[  324.930455][T11137]  ? __pfx_ksys_write+0x10/0x10
[  324.931729][T11137]  __ia32_sys_bpf+0x76/0xe0
[  324.932935][T11137]  __do_fast_syscall_32+0x73/0x120
[  324.934279][T11137]  do_fast_syscall_32+0x32/0x80
[  324.935557][T11137]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  324.937213][T11137] RIP: 0023:0xf7f11579
[  324.938332][T11137] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  324.943272][T11137] RSP: 002b:00000000f567556c EFLAGS: 00000296 ORIG_RAX: 0000000000000165
[  324.945429][T11137] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000020000500
[  324.947469][T11137] RDX: 000000000000000c RSI: 0000000000000000 RDI: 0000000000000000
[  324.949513][T11137] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  324.951551][T11137] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  324.953592][T11137] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  324.955633][T11137]  </TASK>
[  325.161185][ T5351] Bluetooth: hci0: command 0x0c20 tx timeout
[  325.162909][ T5349] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  325.210808][ T5351] Bluetooth: hci0: unexpected event for opcode 0x202a
[  325.270154][T11148] fuse: Unknown parameter 'user_i00000000000000000000'
[  325.300402][T11128] Bluetooth: hci0: Opcode 0x0c20 failed: -4
[  325.310268][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  325.348487][ T5351] Bluetooth: hci1: ACL packet for unknown connection handle 200
[  325.640283][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  326.350262][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  326.494375][T11175] netlink: 'syz.1.1677': attribute type 3 has an invalid length.
[  326.496373][T11175] netlink: 130984 bytes leftover after parsing attributes in process `syz.1.1677'.
[  326.667555][T11181] fuse: Unknown parameter 'rd'
[  326.680272][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  326.914282][T11185] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1679'.
[  327.208570][T11190] netlink: 'syz.1.1680': attribute type 21 has an invalid length.
[  327.210698][T11190] netlink: 'syz.1.1680': attribute type 6 has an invalid length.
[  327.212701][T11190] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1680'.
[  327.390300][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  327.523365][ T5351] Bluetooth: hci2: ACL packet for unknown connection handle 200
[  327.720262][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  328.440257][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  328.617349][ T5351] Bluetooth: hci3: ACL packet for unknown connection handle 200
[  328.691715][T11218] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1688'.
[  328.749696][T11219] overlayfs: failed to resolve './file1': -2
[  328.750301][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  329.480287][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  329.790287][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  329.986104][ T5351] Bluetooth: hci3: ACL packet for unknown connection handle 200
[  330.510257][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  330.830332][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  331.509340][T11257] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1699'.
[  331.529038][T11257] bridge0: port 3(batadv1) entered blocking state
[  331.537204][T11257] bridge0: port 3(batadv1) entered disabled state
[  331.538975][T11257] batadv1: entered allmulticast mode
[  331.547806][T11257] batadv1: entered promiscuous mode
[  331.550260][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  331.870453][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  332.031844][   T90] batman_adv: batadv1: No IGMP Querier present - multicast optimizations disabled
[  332.034642][   T90] batman_adv: batadv1: No MLD Querier present - multicast optimizations disabled
[  332.412417][ T5351] Bluetooth: hci3: ACL packet for unknown connection handle 200
[  332.590283][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  332.656284][ T5351] Bluetooth: hci3: ACL packet for unknown connection handle 200
[  332.920257][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  333.630290][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  333.950275][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  334.184462][T11293] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1711'.
[  334.187440][T11293] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1711'.
[  334.257778][ T5351] Bluetooth: hci1: ACL packet for unknown connection handle 200
[  334.670274][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  334.990267][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  335.720275][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  335.959374][T11330] netlink: 'syz.0.1725': attribute type 3 has an invalid length.
[  335.962794][T11330] netlink: 130984 bytes leftover after parsing attributes in process `syz.0.1725'.
[  336.030253][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  336.097708][T11337] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1726'.
[  336.750312][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  336.970152][T11359] IPVS: sync thread started: state = BACKUP, mcast_ifn = hsr0, syncid = 0, id = 0
[  336.970696][T11358] IPVS: stopping backup sync thread 11359 ...
[  337.070433][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  337.671660][ T5351] Bluetooth: hci1: ACL packet for unknown connection handle 200
[  337.800273][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  338.110305][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  338.252501][ T5351] Bluetooth: hci2: ACL packet for unknown connection handle 200
[  338.808972][T11397] Bluetooth: hci0: Opcode 0x0c20 failed: -112
[  338.840255][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  338.915056][ T5349] Bluetooth: hci0: ACL packet for unknown connection handle 200
[  339.030664][T11405] netlink: 100 bytes leftover after parsing attributes in process `syz.3.1747'.
[  339.035470][T11405] netlink: 52 bytes leftover after parsing attributes in process `syz.3.1747'.
[  339.160298][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  339.440107][ T5349] Bluetooth: hci2: ACL packet for unknown connection handle 200
[  339.486354][T11419] macsec1: entered promiscuous mode
[  339.488257][T11419] syz_tun: entered promiscuous mode
[  339.490381][T11419] macsec1: entered allmulticast mode
[  339.491901][T11419] syz_tun: entered allmulticast mode
[  339.494967][T11419] syz_tun: left allmulticast mode
[  339.496580][T11419] syz_tun: left promiscuous mode
[  339.830814][T11426] FAULT_INJECTION: forcing a failure.
[  339.830814][T11426] name failslab, interval 1, probability 0, space 0, times 0
[  339.834055][T11426] CPU: 3 UID: 0 PID: 11426 Comm: syz.2.1754 Not tainted 6.12.0-rc3-syzkaller-00044-g2f87d0916ce0 #0
[  339.836809][T11426] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  339.839545][T11426] Call Trace:
[  339.840441][T11426]  <TASK>
[  339.841216][T11426]  dump_stack_lvl+0x16c/0x1f0
[  339.842445][T11426]  should_fail_ex+0x497/0x5b0
[  339.843674][T11426]  ? fs_reclaim_acquire+0xae/0x150
[  339.845013][T11426]  should_failslab+0xc2/0x120
[  339.846241][T11426]  __kmalloc_noprof+0xcb/0x410
[  339.847490][T11426]  copy_splice_read+0x1a8/0xb90
[  339.848771][T11426]  ? look_up_lock_class+0x6b/0x150
[  339.850103][T11426]  ? __pfx_copy_splice_read+0x10/0x10
[  339.851496][T11426]  ? __pfx_register_lock_class+0x10/0x10
[  339.852969][T11426]  ? __pfx_copy_splice_read+0x10/0x10
[  339.854339][T11426]  do_splice_read+0x282/0x370
[  339.855554][T11426]  splice_direct_to_actor+0x2a4/0xa40
[  339.856971][T11426]  ? __pfx_direct_splice_actor+0x10/0x10
[  339.858430][T11426]  ? __pfx_splice_direct_to_actor+0x10/0x10
[  339.859928][T11426]  ? __fget_files+0x23a/0x3f0
[  339.861094][T11426]  do_splice_direct+0x178/0x250
[  339.862290][T11426]  ? __pfx_do_splice_direct+0x10/0x10
[  339.863630][T11426]  ? __pfx_direct_file_splice_eof+0x10/0x10
[  339.865124][T11426]  ? bpf_lsm_file_permission+0x9/0x10
[  339.866442][T11426]  ? security_file_permission+0x71/0x210
[  339.867880][T11426]  do_sendfile+0xb0c/0xe40
[  339.869050][T11426]  ? __pfx_do_sendfile+0x10/0x10
[  339.870314][T11426]  ? __fget_files+0x244/0x3f0
[  339.870340][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  339.871487][T11426]  __ia32_compat_sys_sendfile+0x1e7/0x230
[  339.874656][T11426]  ? ksys_write+0x1ad/0x260
[  339.875872][T11426]  ? __pfx___ia32_compat_sys_sendfile+0x10/0x10
[  339.878004][T11426]  __do_fast_syscall_32+0x73/0x120
[  339.879287][T11426]  do_fast_syscall_32+0x32/0x80
[  339.880530][T11426]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  339.882180][T11426] RIP: 0023:0xf7fef579
[  339.883247][T11426] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  339.888182][T11426] RSP: 002b:00000000f573456c EFLAGS: 00000296 ORIG_RAX: 00000000000000bb
[  339.890318][T11426] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 0000000000000006
[  339.892350][T11426] RDX: 0000000000000000 RSI: 0000000000089ffc RDI: 0000000000000000
[  339.894371][T11426] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  339.896413][T11426] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  339.898442][T11426] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  339.900490][T11426]  </TASK>
[  340.190286][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  340.610960][T11436] o2cb: This node has not been configured.
[  340.612732][T11436] o2cb: Cluster check failed. Fix errors before retrying.
[  340.614959][T11436] (syz.2.1757,11436,3):user_dlm_register:674 ERROR: status = -22
[  340.616982][T11436] (syz.2.1757,11436,3):dlmfs_mkdir:436 ERROR: Error -22 could not register domain "file1"
[  340.646326][T11438] netlink: 'syz.2.1758': attribute type 3 has an invalid length.
[  340.648491][T11438] netlink: 130984 bytes leftover after parsing attributes in process `syz.2.1758'.
[  340.830365][ T5349] Bluetooth: hci0: command 0x0c20 tx timeout
[  340.832007][ T5351] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  340.910329][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  341.034815][ T5351] Bluetooth: hci1: ACL packet for unknown connection handle 200
[  341.115040][T11449] netlink: 'syz.3.1762': attribute type 4 has an invalid length.
[  341.120006][T11449] netlink: 'syz.3.1762': attribute type 4 has an invalid length.
[  341.208870][ T5351] Bluetooth: hci0: ACL packet for unknown connection handle 200
[  341.240258][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  341.630307][ T5384] usb 7-1: new high-speed USB device number 6 using dummy_hcd
[  341.721797][T11464] netlink: 'syz.0.1767': attribute type 3 has an invalid length.
[  341.723940][T11464] netlink: 130984 bytes leftover after parsing attributes in process `syz.0.1767'.
[  341.810369][ T5384] usb 7-1: Using ep0 maxpacket: 8
[  341.813061][ T5384] usb 7-1: config 0 has no interfaces?
[  341.815750][ T5384] usb 7-1: New USB device found, idVendor=046d, idProduct=08ae, bcdDevice=11.58
[  341.818153][ T5384] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  341.819995][ T5384] usb 7-1: Product: syz
[  341.821649][ T5384] usb 7-1: Manufacturer: syz
[  341.822745][ T5384] usb 7-1: SerialNumber: syz
[  341.829912][ T5384] usb 7-1: config 0 descriptor??
[  341.960292][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  342.118635][ T5351] Bluetooth: hci1: ACL packet for unknown connection handle 200
[  342.264627][T11477] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  342.270289][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  342.693466][ T5351] Bluetooth: hci0: ACL packet for unknown connection handle 200
[  342.804995][ T5351] Bluetooth: hci2: ACL packet for unknown connection handle 200
[  342.910388][ T5351] Bluetooth: hci0: command 0x0c20 tx timeout
[  342.990325][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  343.108971][T11495] pim6reg: entered allmulticast mode
[  343.113150][T11495] pim6reg: left allmulticast mode
[  343.218577][T11501] netlink: 'syz.0.1777': attribute type 3 has an invalid length.
[  343.220930][T11501] netlink: 130984 bytes leftover after parsing attributes in process `syz.0.1777'.
[  343.310347][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  343.704075][ T5351] Bluetooth: hci0: ACL packet for unknown connection handle 200
[  344.030284][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  344.350405][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  344.377717][ T5385] usb 7-1: USB disconnect, device number 6
[  345.000312][ T5351] Bluetooth: hci0: command 0x0c20 tx timeout
[  345.070283][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  345.400302][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  345.408931][ T5351] Bluetooth: hci0: ACL packet for unknown connection handle 200
[  345.427853][T11546] netlink: 'syz.1.1788': attribute type 3 has an invalid length.
[  345.430734][T11546] netlink: 130984 bytes leftover after parsing attributes in process `syz.1.1788'.
[  346.110307][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  346.430358][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  346.611411][T11573] netlink: 'syz.3.1797': attribute type 3 has an invalid length.
[  346.617439][T11573] netlink: 130984 bytes leftover after parsing attributes in process `syz.3.1797'.
[  347.080330][ T5351] Bluetooth: hci0: command 0x0c20 tx timeout
[  347.150291][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  347.156560][ T5351] Bluetooth: hci3: ACL packet for unknown connection handle 200
[  347.470342][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  348.200282][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  348.300658][T11614] Bluetooth: hci0: Opcode 0x0c20 failed: -112
[  348.510293][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  348.552564][T11624] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1810'.
[  349.011833][ T5349] Bluetooth: hci0: ACL packet for unknown connection handle 200
[  349.146390][T11637] netlink: 'syz.3.1813': attribute type 3 has an invalid length.
[  349.148519][T11637] netlink: 130984 bytes leftover after parsing attributes in process `syz.3.1813'.
[  349.150333][ T5349] Bluetooth: hci0: command 0x0c20 tx timeout
[  349.156058][ T5351] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  349.230312][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  349.351090][T11619] Bluetooth: hci0: Opcode 0x0c20 failed: -4
[  349.481145][T11626] Bluetooth: hci0: Opcode 0x0c20 failed: -4
[  349.550283][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  349.702036][ T5349] Bluetooth: hci1: ACL packet for unknown connection handle 200
[  350.270260][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  350.590260][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  350.742432][ T5349] Bluetooth: hci0: ACL packet for unknown connection handle 200
[  351.230284][ T5349] Bluetooth: hci0: command 0x0c20 tx timeout
[  351.310278][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  351.341787][T11680] Bluetooth: hci0: Opcode 0x0c20 failed: -112
[  351.630300][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  352.245291][ T5351] Bluetooth: hci3: ACL packet for unknown connection handle 200
[  352.360279][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  352.680266][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  353.310329][ T5351] Bluetooth: hci0: command 0x0c20 tx timeout
[  353.312213][ T5349] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  353.395095][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  353.596447][T11726] netlink: 'syz.1.1837': attribute type 3 has an invalid length.
[  353.598452][T11726] netlink: 130984 bytes leftover after parsing attributes in process `syz.1.1837'.
[  353.720257][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  353.791286][T11713] Bluetooth: hci0: Opcode 0x0c20 failed: -4
[  354.098000][ T5349] Bluetooth: hci0: ACL packet for unknown connection handle 200
[  354.294480][   T40] audit: type=1326 audit(1729063193.390:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11743 comm="syz.3.1844" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fef579 code=0x7ffc0000
[  354.312538][   T40] audit: type=1326 audit(1729063193.400:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11743 comm="syz.3.1844" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fef579 code=0x7ffc0000
[  354.334073][   T40] audit: type=1326 audit(1729063193.400:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11743 comm="syz.3.1844" exe="/syz-executor" sig=0 arch=40000003 syscall=14 compat=1 ip=0xf7fef579 code=0x7ffc0000
[  354.351000][   T40] audit: type=1326 audit(1729063193.400:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11743 comm="syz.3.1844" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fef579 code=0x7ffc0000
[  354.368292][   T40] audit: type=1326 audit(1729063193.400:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11743 comm="syz.3.1844" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fef579 code=0x7ffc0000
[  354.385975][   T40] audit: type=1326 audit(1729063193.400:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11743 comm="syz.3.1844" exe="/syz-executor" sig=0 arch=40000003 syscall=5 compat=1 ip=0xf7fef579 code=0x7ffc0000
[  354.403796][   T40] audit: type=1326 audit(1729063193.400:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11743 comm="syz.3.1844" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fef579 code=0x7ffc0000
[  354.414336][   T40] audit: type=1326 audit(1729063193.400:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11743 comm="syz.3.1844" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fef579 code=0x7ffc0000
[  354.420072][   T40] audit: type=1326 audit(1729063193.400:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11743 comm="syz.3.1844" exe="/syz-executor" sig=0 arch=40000003 syscall=329 compat=1 ip=0xf7fef579 code=0x7ffc0000
[  354.425353][   T40] audit: type=1326 audit(1729063193.400:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11743 comm="syz.3.1844" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fef579 code=0x7ffc0000
[  354.430261][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  354.723564][ T5349] Bluetooth: hci1: ACL packet for unknown connection handle 200
[  354.750293][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  355.121613][ T5349] Bluetooth: hci1: ACL packet for unknown connection handle 200
[  355.390437][ T5349] Bluetooth: hci0: command 0x0c20 tx timeout
[  355.470251][    C2] net_ratelimit: 1 callbacks suppressed
[  355.470263][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  355.790307][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  355.915296][T11786] tmpfs: Unknown parameter '�'
[  356.454966][ T5349] Bluetooth: hci3: ACL packet for unknown connection handle 200
[  356.510251][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  356.673067][ T5349] Bluetooth: hci3: ACL packet for unknown connection handle 200
[  356.830350][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  356.901988][ T5385] usb 8-1: new high-speed USB device number 4 using dummy_hcd
[  357.050350][ T5385] usb 8-1: Using ep0 maxpacket: 8
[  357.053454][ T5385] usb 8-1: config 0 has no interfaces?
[  357.056913][ T5385] usb 8-1: New USB device found, idVendor=046d, idProduct=08ae, bcdDevice=11.58
[  357.059519][ T5385] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  357.062126][ T5385] usb 8-1: Product: syz
[  357.063270][ T5385] usb 8-1: Manufacturer: syz
[  357.064683][ T5385] usb 8-1: SerialNumber: syz
[  357.075372][ T5385] usb 8-1: config 0 descriptor??
[  357.098595][T11812] Bluetooth: hci0: Opcode 0x0c20 failed: -112
[  357.334528][T11818] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1865'.
[  357.339825][T11818] usb usb8: usbfs: interface 0 claimed by hub while 'syz.1.1865' sets config #261
[  357.343790][T11818] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1865'.
[  357.480302][ T5351] Bluetooth: hci0: command 0x0c20 tx timeout
[  357.482065][ T5349] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  357.496977][T11827] FAULT_INJECTION: forcing a failure.
[  357.496977][T11827] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  357.501830][T11827] CPU: 3 UID: 0 PID: 11827 Comm: syz.1.1867 Not tainted 6.12.0-rc3-syzkaller-00044-g2f87d0916ce0 #0
[  357.505729][T11827] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  357.509609][T11827] Call Trace:
[  357.510843][T11827]  <TASK>
[  357.511923][T11827]  dump_stack_lvl+0x16c/0x1f0
[  357.513657][T11827]  should_fail_ex+0x497/0x5b0
[  357.515360][T11827]  _copy_to_user+0x30/0xc0
[  357.516956][T11827]  bpf_test_finish.isra.0+0x52b/0x680
[  357.518654][T11827]  ? __might_fault+0xe3/0x190
[  357.520550][T11827]  ? __pfx_bpf_test_finish.isra.0+0x10/0x10
[  357.522178][T11827]  bpf_prog_test_run_xdp+0xa13/0x1580
[  357.523544][T11827]  ? lock_acquire+0x2f/0xb0
[  357.524723][T11827]  ? __fget_files+0x40/0x3f0
[  357.525911][T11827]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  357.527383][T11827]  ? fput+0x30/0x390
[  357.528406][T11827]  ? __bpf_prog_get+0xa0/0x290
[  357.529726][T11827]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  357.531347][T11827]  __sys_bpf+0x1921/0x5780
[  357.532603][T11827]  ? ksys_write+0x21e/0x260
[  357.533959][T11827]  ? __pfx___sys_bpf+0x10/0x10
[  357.535245][T11827]  ? vfs_write+0x14d/0x1140
[  357.536460][T11827]  ? __mutex_unlock_slowpath+0x164/0x650
[  357.537932][T11827]  ? fput+0x30/0x390
[  357.538955][T11827]  ? ksys_write+0x1ad/0x260
[  357.540135][T11827]  ? __pfx_ksys_write+0x10/0x10
[  357.541420][T11827]  __ia32_sys_bpf+0x76/0xe0
[  357.542617][T11827]  __do_fast_syscall_32+0x73/0x120
[  357.543965][T11827]  do_fast_syscall_32+0x32/0x80
[  357.545353][T11827]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  357.547453][T11827] RIP: 0023:0xf7f11579
[  357.548778][T11827] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  357.550257][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  357.554808][T11827] RSP: 002b:00000000f567556c EFLAGS: 00000296 ORIG_RAX: 0000000000000165
[  357.554833][T11827] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000020000500
[  357.554844][T11827] RDX: 000000000000000c RSI: 0000000000000000 RDI: 0000000000000000
[  357.564567][T11827] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  357.566847][T11827] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  357.568925][T11827] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  357.570977][T11827]  </TASK>
[  357.762329][T11832] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1868'.
[  357.870313][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  358.246107][ T5349] Bluetooth: hci3: ACL packet for unknown connection handle 200
[  358.567141][T11850] pim6reg: entered allmulticast mode
[  358.582363][T11850] pim6reg: left allmulticast mode
[  358.594154][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  358.753832][T11855] Bluetooth: hci0: Opcode 0x0c20 failed: -112
[  358.920269][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  359.514930][ T5351] Bluetooth: hci3: ACL packet for unknown connection handle 200
[  359.560342][ T5351] Bluetooth: hci0: command 0x0c20 tx timeout
[  359.562025][ T5349] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  359.630352][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  359.682501][ T5384] usb 8-1: USB disconnect, device number 4
[  359.950306][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  360.670284][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  360.990319][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  361.446906][T11896] Bluetooth: hci0: Opcode 0x0c20 failed: -112
[  361.633466][ T5351] Bluetooth: hci0: command 0x0c20 tx timeout
[  361.635450][ T5349] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  361.698675][ T5349] Bluetooth: hci2: ACL packet for unknown connection handle 200
[  361.720266][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  361.843697][T11917] tmpfs: Unknown parameter '�'
[  362.030318][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  362.760271][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  362.761321][T11928] netlink: 104 bytes leftover after parsing attributes in process `syz.2.1890'.
[  362.764959][T11928] netlink: 104 bytes leftover after parsing attributes in process `syz.2.1890'.
[  362.926112][T11931] netlink: 'syz.3.1891': attribute type 9 has an invalid length.
[  362.929285][T11931] netlink: 134660 bytes leftover after parsing attributes in process `syz.3.1891'.
[  363.080273][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  363.192334][ T5349] Bluetooth: hci2: unexpected event for opcode 0x202a
[  363.236331][ T5349] Bluetooth: hci0: ACL packet for unknown connection handle 200
[  363.455165][ T5349] Bluetooth: hci0: ACL packet for unknown connection handle 200
[  363.570322][ T5349] Bluetooth: hci1: ACL packet for unknown connection handle 200
[  363.709835][T11957] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1900'.
[  363.714815][T11957] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1900'.
[  363.720671][ T5349] Bluetooth: hci0: command 0x0c20 tx timeout
[  363.720998][T11957] openvswitch: netlink: Actions may not be safe on all matching packets
[  363.741828][T11957] netlink: 104 bytes leftover after parsing attributes in process `syz.1.1900'.
[  363.745533][T11957] netlink: 104 bytes leftover after parsing attributes in process `syz.1.1900'.
[  363.771005][T11958] nfs: Unknown parameter 'ntext'
[  363.776239][T11958] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1899'.
[  363.778873][T11958] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1899'.
[  363.790289][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  364.110295][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  364.840313][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  364.841006][ T5349] Bluetooth: hci1: ACL packet for unknown connection handle 200
[  365.574892][ T5349] Bluetooth: hci1: unexpected event for opcode 0x202a
[  365.790305][ T5349] Bluetooth: hci0: command 0x0c20 tx timeout
[  365.870365][    C2] net_ratelimit: 1 callbacks suppressed
[  365.870384][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  366.190351][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  366.910275][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  367.060357][ T5388] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  367.210355][ T5388] usb 5-1: Using ep0 maxpacket: 16
[  367.214795][ T5388] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0
[  367.219423][ T5388] usb 5-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e
[  367.222775][ T5388] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  367.225048][ T5388] usb 5-1: Product: syz
[  367.226129][ T5388] usb 5-1: Manufacturer: syz
[  367.227323][ T5388] usb 5-1: SerialNumber: syz
[  367.230354][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  367.230916][ T5388] usb 5-1: config 0 descriptor??
[  367.235163][ T5388] hub 5-1:0.0: bad descriptor, ignoring hub
[  367.236768][ T5388] hub 5-1:0.0: probe with driver hub failed with error -5
[  367.239798][ T5388] input: syz syz as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.0/input/input15
[  367.446336][T12008] sch_fq: defrate 0 ignored.
[  367.545870][T12018] program syz.1.1917 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  367.870290][ T5349] Bluetooth: hci0: command 0x0c20 tx timeout
[  367.950289][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  367.996227][T12026] Bluetooth: hci0: Opcode 0x0c20 failed: -112
[  368.246385][ T5388] usb 5-1: USB disconnect, device number 6
[  368.270325][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  368.606897][T12043] binder: 12042:12043 ioctl c0306201 0 returned -14
[  368.630271][T12043] binder: BC_ACQUIRE_RESULT not supported
[  368.631895][T12043] binder: 12042:12043 ioctl c0306201 200001c0 returned -22
[  368.747179][T12055] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1927'.
[  368.990558][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  369.320295][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  369.651045][ T5351] Bluetooth: hci3: ACL packet for unknown connection handle 200
[  369.950394][ T5351] Bluetooth: hci0: command 0x0c20 tx timeout
[  369.952121][ T5349] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  370.030300][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  370.350332][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  370.637885][T12091] Bluetooth: hci0: Opcode 0x0c20 failed: -112
[  370.700478][T11768] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  370.871363][T11768] usb 6-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[  370.877622][T11768] usb 6-1: config 27 has 0 interfaces, different from the descriptor's value: 1
[  370.881203][T12105] FAULT_INJECTION: forcing a failure.
[  370.881203][T12105] name failslab, interval 1, probability 0, space 0, times 0
[  370.883346][T11768] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  370.884629][T12105] CPU: 0 UID: 0 PID: 12105 Comm: syz.2.1942 Not tainted 6.12.0-rc3-syzkaller-00044-g2f87d0916ce0 #0
[  370.886943][T11768] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  370.889793][T12105] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  370.889802][T12105] Call Trace:
[  370.889807][T12105]  <TASK>
[  370.889812][T12105]  dump_stack_lvl+0x16c/0x1f0
[  370.889831][T12105]  should_fail_ex+0x497/0x5b0
[  370.889846][T12105]  ? fs_reclaim_acquire+0xae/0x150
[  370.889859][T12105]  should_failslab+0xc2/0x120
[  370.889872][T12105]  __kmalloc_cache_noprof+0x6b/0x310
[  370.905442][T12105]  ? vkms_atomic_crtc_duplicate_state+0x78/0x1d0
[  370.907228][T12105]  vkms_atomic_crtc_duplicate_state+0x78/0x1d0
[  370.908986][T12105]  drm_atomic_get_crtc_state+0x162/0x440
[  370.910513][T12105]  drm_atomic_set_crtc_for_plane+0x1c1/0x560
[  370.912161][T12105]  drm_atomic_helper_update_plane+0xc5/0x400
[  370.913743][T12105]  __setplane_atomic+0x250/0x360
[  370.915107][T12105]  drm_mode_cursor_universal+0x4a7/0xcb0
[  370.917158][T12105]  ? __pfx_drm_mode_cursor_universal+0x10/0x10
[  370.918879][T12105]  ? __pfx_drm_lease_held+0x10/0x10
[  370.920470][T12105]  ? modeset_lock+0x10e/0x6c0
[  370.921802][T12105]  drm_mode_cursor_common+0x318/0x970
[  370.923215][T12105]  ? __pfx_drm_mode_cursor_common+0x10/0x10
[  370.924901][T12105]  ? lock_acquire.part.0+0x11b/0x380
[  370.926484][T12105]  ? find_held_lock+0x2d/0x110
[  370.928345][T12105]  drm_mode_cursor_ioctl+0xa6/0xe0
[  370.930551][T12105]  ? __pfx_drm_mode_cursor_ioctl+0x10/0x10
[  370.932782][T12105]  ? do_raw_spin_unlock+0x172/0x230
[  370.934664][T12105]  drm_ioctl_kernel+0x1e6/0x3d0
[  370.936445][T12105]  ? __pfx_drm_mode_cursor_ioctl+0x10/0x10
[  370.938583][T12105]  ? __pfx_drm_ioctl_kernel+0x10/0x10
[  370.940853][T12105]  ? __pfx_drm_mode_cursor_ioctl+0x10/0x10
[  370.942978][T12105]  drm_ioctl+0x57e/0xba0
[  370.944562][T12105]  ? __pfx_drm_ioctl+0x10/0x10
[  370.946307][T12105]  drm_compat_ioctl+0x327/0x460
[  370.948108][T12105]  ? __pfx_drm_compat_ioctl+0x10/0x10
[  370.950070][T12105]  __do_compat_sys_ioctl+0x259/0x2b0
[  370.951932][T12105]  __do_fast_syscall_32+0x73/0x120
[  370.953275][T12105]  do_fast_syscall_32+0x32/0x80
[  370.954555][T12105]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  370.956259][T12105] RIP: 0023:0xf7fef579
[  370.957299][T12105] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  370.962237][T12105] RSP: 002b:00000000f577656c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  370.964617][T12105] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c01c64a3
[  370.966831][T12105] RDX: 0000000020000280 RSI: 0000000000000000 RDI: 0000000000000000
[  370.968848][T12105] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  370.970852][T12105] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  370.972890][T12105] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  370.974907][T12105]  </TASK>
[  371.070316][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  371.080065][T12109] syzkaller1: entered promiscuous mode
[  371.084069][T12109] syzkaller1: entered allmulticast mode
[  371.108668][T11768] usb 6-1: USB disconnect, device number 5
[  371.278405][T12111] kvm: apic: phys broadcast and lowest prio
[  371.284292][T12113] netlink: 'syz.2.1944': attribute type 9 has an invalid length.
[  371.286504][T12113] netlink: 399 bytes leftover after parsing attributes in process `syz.2.1944'.
[  371.390418][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  372.030383][ T5351] Bluetooth: hci0: command 0x0c20 tx timeout
[  372.032077][ T5349] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  372.110316][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  372.440307][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  372.892603][T12157] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1956'.
[  373.100518][ T5349] Bluetooth: hci3: unexpected event for opcode 0x202a
[  373.160260][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  373.480296][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  373.566452][T12172] FAULT_INJECTION: forcing a failure.
[  373.566452][T12172] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  373.569877][T12172] CPU: 1 UID: 0 PID: 12172 Comm: syz.1.1961 Not tainted 6.12.0-rc3-syzkaller-00044-g2f87d0916ce0 #0
[  373.572664][T12172] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  373.575402][T12172] Call Trace:
[  373.576271][T12172]  <TASK>
[  373.577044][T12172]  dump_stack_lvl+0x16c/0x1f0
[  373.578269][T12172]  should_fail_ex+0x497/0x5b0
[  373.579494][T12172]  _copy_to_user+0x30/0xc0
[  373.580666][T12172]  video_usercopy+0xe70/0x1500
[  373.582190][T12172]  ? __pfx___video_do_ioctl+0x10/0x10
[  373.584055][T12172]  ? __pfx_video_usercopy+0x10/0x10
[  373.585951][T12172]  v4l2_ioctl+0x1ba/0x250
[  373.587478][T12172]  ? do_vfs_ioctl+0x1921/0x1950
[  373.588827][T12172]  v4l2_compat_ioctl32+0x214/0x2c0
[  373.590150][T12172]  ? __pfx_v4l2_compat_ioctl32+0x10/0x10
[  373.591806][T12172]  __do_compat_sys_ioctl+0x259/0x2b0
[  373.593733][T12172]  __do_fast_syscall_32+0x73/0x120
[  373.595598][T12172]  do_fast_syscall_32+0x32/0x80
[  373.597355][T12172]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  373.599620][T12172] RIP: 0023:0xf7f11579
[  373.601068][T12172] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  373.606292][T12172] RSP: 002b:00000000f569656c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  373.609255][T12172] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000c008561c
[  373.611434][T12172] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000
[  373.613927][T12172] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  373.615988][T12172] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  373.618028][T12172] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  373.620096][T12172]  </TASK>
[  373.621029][    C1] vkms_vblank_simulate: vblank timer overrun
[  373.834960][T12180] block device autoloading is deprecated and will be removed.
[  373.913894][T12186] netlink: 'syz.0.1964': attribute type 9 has an invalid length.
[  373.915161][ T5351] Bluetooth: hci0: unexpected event for opcode 0x202a
[  373.916095][T12186] netlink: 134660 bytes leftover after parsing attributes in process `syz.0.1964'.
[  374.009417][T12190] binder: BINDER_SET_CONTEXT_MGR already set
[  374.018065][T12190] binder: 12189:12190 ioctl 4018620d 20000040 returned -16
[  374.200260][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  374.430438][T12201] netlink: 'syz.1.1970': attribute type 33 has an invalid length.
[  374.483374][T12209] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1973'.
[  374.520283][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  374.674269][ T5349] Bluetooth: hci0: ACL packet for unknown connection handle 200
[  374.879281][T12225] Cannot find set identified by id 0 to match
[  375.240265][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  375.389907][T12235] netlink: 'syz.0.1979': attribute type 3 has an invalid length.
[  375.391590][T12232] =======================================================
[  375.391590][T12232] WARNING: The mand mount option has been deprecated and
[  375.391590][T12232]          and is ignored by this kernel. Remove the mand
[  375.391590][T12232]          option from the mount to silence this warning.
[  375.391590][T12232] =======================================================
[  375.392885][T12235] netlink: 130984 bytes leftover after parsing attributes in process `syz.0.1979'.
[  375.396356][T12237] FAULT_INJECTION: forcing a failure.
[  375.396356][T12237] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  375.396371][T12237] CPU: 2 UID: 0 PID: 12237 Comm: syz.2.1980 Not tainted 6.12.0-rc3-syzkaller-00044-g2f87d0916ce0 #0
[  375.396383][T12237] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  375.396389][T12237] Call Trace:
[  375.396392][T12237]  <TASK>
[  375.396396][T12237]  dump_stack_lvl+0x16c/0x1f0
[  375.396413][T12237]  should_fail_ex+0x497/0x5b0
[  375.396429][T12237]  _copy_from_user+0x30/0xf0
[  375.396441][T12237]  get_compat_msghdr+0xa8/0x170
[  375.396452][T12237]  ? __pfx_get_compat_msghdr+0x10/0x10
[  375.396464][T12237]  ? __pfx___lock_acquire+0x10/0x10
[  375.396480][T12237]  ___sys_sendmsg+0x1b0/0x1e0
[  375.396497][T12237]  ? __pfx____sys_sendmsg+0x10/0x10
[  375.396516][T12237]  ? lock_acquire+0x2f/0xb0
[  375.396528][T12237]  ? __fget_files+0x40/0x3f0
[  375.396542][T12237]  ? fdget+0x176/0x210
[  375.396553][T12237]  __sys_sendmsg+0x117/0x1f0
[  375.396566][T12237]  ? __pfx___sys_sendmsg+0x10/0x10
[  375.396585][T12237]  ? __fget_files+0x244/0x3f0
[  375.396602][T12237]  __do_fast_syscall_32+0x73/0x120
[  375.396617][T12237]  do_fast_syscall_32+0x32/0x80
[  375.396630][T12237]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  375.396644][T12237] RIP: 0023:0xf7fef579
[  375.396652][T12237] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  375.396661][T12237] RSP: 002b:00000000f577656c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  375.396672][T12237] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000020000000
[  375.396678][T12237] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  375.396684][T12237] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  375.396690][T12237] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  375.396695][T12237] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  375.396707][T12237]  </TASK>
[  375.550258][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  375.552700][T12250] netlink: 'syz.0.1984': attribute type 8 has an invalid length.
[  375.604457][T12252] netlink: 'syz.0.1986': attribute type 8 has an invalid length.
[  375.606522][T12252] FAULT_INJECTION: forcing a failure.
[  375.606522][T12252] name failslab, interval 1, probability 0, space 0, times 0
[  375.609697][T12252] CPU: 0 UID: 0 PID: 12252 Comm: syz.0.1986 Not tainted 6.12.0-rc3-syzkaller-00044-g2f87d0916ce0 #0
[  375.612402][T12252] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  375.615112][T12252] Call Trace:
[  375.616029][T12252]  <TASK>
[  375.616809][T12252]  dump_stack_lvl+0x16c/0x1f0
[  375.618045][T12252]  should_fail_ex+0x497/0x5b0
[  375.619278][T12252]  ? fs_reclaim_acquire+0xae/0x150
[  375.620657][T12252]  should_failslab+0xc2/0x120
[  375.621905][T12252]  kmem_cache_alloc_node_noprof+0x71/0x310
[  375.623435][T12252]  ? __alloc_skb+0x2b3/0x380
[  375.624649][T12252]  __alloc_skb+0x2b3/0x380
[  375.625822][T12252]  ? __pfx___alloc_skb+0x10/0x10
[  375.627117][T12252]  ? __nla_parse+0x40/0x60
[  375.628423][T12252]  ovs_vport_cmd_set+0x52/0x480
[  375.629691][T12252]  genl_family_rcv_msg_doit+0x202/0x2f0
[  375.631087][T12252]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  375.632670][T12252]  ? bpf_lsm_capable+0x9/0x10
[  375.633907][T12252]  ? security_capable+0x7e/0x260
[  375.635210][T12252]  ? ns_capable+0xd7/0x110
[  375.636402][T12252]  genl_rcv_msg+0x565/0x800
[  375.637597][T12252]  ? __pfx_genl_rcv_msg+0x10/0x10
[  375.638931][T12252]  ? __pfx_ovs_vport_cmd_set+0x10/0x10
[  375.640336][T12252]  ? __pfx___lock_acquire+0x10/0x10
[  375.641643][T12252]  netlink_rcv_skb+0x165/0x410
[  375.642895][T12252]  ? __pfx_genl_rcv_msg+0x10/0x10
[  375.644226][T12252]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  375.645612][T12252]  ? down_read+0xc9/0x330
[  375.646753][T12252]  ? __pfx_down_read+0x10/0x10
[  375.648019][T12252]  ? netlink_deliver_tap+0x1ae/0xcf0
[  375.649387][T12252]  genl_rcv+0x28/0x40
[  375.650446][T12252]  netlink_unicast+0x53c/0x7f0
[  375.651712][T12252]  ? __pfx_netlink_unicast+0x10/0x10
[  375.653093][T12252]  ? __phys_addr_symbol+0x30/0x80
[  375.654404][T12252]  ? __check_object_size+0x488/0x710
[  375.655804][T12252]  netlink_sendmsg+0x8b8/0xd70
[  375.657062][T12252]  ? __pfx_netlink_sendmsg+0x10/0x10
[  375.658438][T12252]  ? lock_acquire+0x2f/0xb0
[  375.659648][T12252]  ____sys_sendmsg+0x9ae/0xb40
[  375.660901][T12252]  ? __pfx_____sys_sendmsg+0x10/0x10
[  375.662275][T12252]  ? get_compat_msghdr+0x11b/0x170
[  375.663581][T12252]  ? __pfx___lock_acquire+0x10/0x10
[  375.664942][T12252]  ___sys_sendmsg+0x135/0x1e0
[  375.666189][T12252]  ? __pfx____sys_sendmsg+0x10/0x10
[  375.667605][T12252]  ? lock_acquire+0x2f/0xb0
[  375.668804][T12252]  ? __fget_files+0x40/0x3f0
[  375.670074][T12252]  ? fdget+0x176/0x210
[  375.671149][T12252]  __sys_sendmsg+0x117/0x1f0
[  375.672427][T12252]  ? __pfx___sys_sendmsg+0x10/0x10
[  375.673773][T12252]  ? __fget_files+0x244/0x3f0
[  375.674964][T12252]  __do_fast_syscall_32+0x73/0x120
[  375.676436][T12252]  do_fast_syscall_32+0x32/0x80
[  375.677723][T12252]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  375.679381][T12252] RIP: 0023:0xf742e579
[  375.680465][T12252] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  375.685496][T12252] RSP: 002b:00000000f571656c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  375.687887][T12252] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000100
[  375.690267][T12252] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  375.693004][T12252] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  375.695669][T12252] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  375.698304][T12252] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  375.700604][T12252]  </TASK>
[  375.769290][ T5349] Bluetooth: hci2: ACL packet for unknown connection handle 200
[  375.840677][ T5349] Bluetooth: hci1: ACL packet for unknown connection handle 200
[  376.315962][ T1097] bond0: (slave netdevsim0): Releasing backup interface
[  376.420402][ T5351] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  376.425130][ T5351] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  376.428424][ T5351] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  376.446559][ T5351] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  376.454288][ T1097] batadv1: left allmulticast mode
[  376.454380][ T5351] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  376.455951][ T1097] batadv1: left promiscuous mode
[  376.460149][ T1097] bridge0: port 3(batadv1) entered disabled state
[  376.462779][ T5351] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  376.478929][ T1097] bridge_slave_1: left allmulticast mode
[  376.482842][ T1097] bridge_slave_1: left promiscuous mode
[  376.484707][ T1097] bridge0: port 2(bridge_slave_1) entered disabled state
[  376.500182][ T1097] bridge_slave_0: left allmulticast mode
[  376.502752][ T1097] bridge_slave_0: left promiscuous mode
[  376.505224][ T1097] bridge0: port 1(bridge_slave_0) entered disabled state
[  376.590270][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  377.038232][ T1097] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  377.044728][ T1097] bond0 (unregistering): Released all slaves
[  377.147362][ T1097] tipc: Disabling bearer <udp:s>
[  377.151088][ T1097] tipc: Left network mode
[  377.207461][T12273] chnl_net:caif_netlink_parms(): no params data found
[  377.514702][T12273] bridge0: port 1(bridge_slave_0) entered blocking state
[  377.516599][T12273] bridge0: port 1(bridge_slave_0) entered disabled state
[  377.522851][T12273] bridge_slave_0: entered allmulticast mode
[  377.525648][T12273] bridge_slave_0: entered promiscuous mode
[  377.540995][T12273] bridge0: port 2(bridge_slave_1) entered blocking state
[  377.542895][T12273] bridge0: port 2(bridge_slave_1) entered disabled state
[  377.544814][T12273] bridge_slave_1: entered allmulticast mode
[  377.546865][T12273] bridge_slave_1: entered promiscuous mode
[  377.640271][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  377.641506][T12273] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  377.647168][T12273] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  377.705310][T12273] team0: Port device team_slave_0 added
[  377.721819][T12273] team0: Port device team_slave_1 added
[  377.832533][T12273] batman_adv: batadv0: Adding interface: batadv_slave_0
[  377.835969][T12273] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  377.844907][T12273] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  377.848478][T12273] batman_adv: batadv0: Adding interface: batadv_slave_1
[  377.852015][T12273] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  377.858896][T12273] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  377.925063][ T1097] hsr_slave_0: left promiscuous mode
[  377.928647][ T1097] hsr_slave_1: left promiscuous mode
[  377.932651][ T1097] batman_adv: batadv0: Removing interface: dummy0
[  377.935064][ T1097] batman_adv: batadv0: Removing interface: batadv_slave_0
[  377.937325][ T1097] batman_adv: batadv0: Removing interface: batadv_slave_1
[  377.954852][ T1373] ieee802154 phy0 wpan0: encryption failed: -22
[  377.956529][ T1373] ieee802154 phy1 wpan1: encryption failed: -22
[  378.079325][ T5351] Bluetooth: hci1: ACL packet for unknown connection handle 200
[  378.535266][ T5351] Bluetooth: hci0: command tx timeout
[  378.683448][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  378.729648][ T1097] team0 (unregistering): Port device team_slave_1 removed
[  379.323854][T12273] hsr_slave_0: entered promiscuous mode
[  379.325953][T12273] hsr_slave_1: entered promiscuous mode
[  379.328781][T12273] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  379.333388][T12273] Cannot create hsr debugfs directory
[  379.348803][T12322] netlink: 'syz.0.2000': attribute type 10 has an invalid length.
[  379.351665][T12322] bond0: (slave netdevsim0): Releasing backup interface
[  379.354005][T12324] netlink: 'syz.0.2000': attribute type 10 has an invalid length.
[  379.357000][T12324] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  379.584262][T12343] Bluetooth: MGMT ver 1.23
[  379.589136][T12333] Bluetooth: hci0: Opcode 0x0c20 failed: -112
[  379.720316][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  379.954349][ T1097] IPVS: stop unused estimator thread 0...
[  380.066247][ T5349] Bluetooth: hci2: ACL packet for unknown connection handle 200
[  380.079566][T12273] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  380.083457][T12273] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  380.086634][T12273] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  380.093526][T12273] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  380.129585][T12273] 8021q: adding VLAN 0 to HW filter on device bond0
[  380.142587][T12273] 8021q: adding VLAN 0 to HW filter on device team0
[  380.146749][   T90] bridge0: port 1(bridge_slave_0) entered blocking state
[  380.149083][   T90] bridge0: port 1(bridge_slave_0) entered forwarding state
[  380.155693][T12375] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2010'.
[  380.164191][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  380.166100][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  380.251081][T12387] netlink: 'syz.0.2012': attribute type 10 has an invalid length.
[  380.254652][T12387] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  380.316932][T12397] binder: 12382:12397 unknown command 0
[  380.318400][T12397] binder: 12382:12397 ioctl c0306201 20000640 returned -22
[  380.321862][T12273] 8021q: adding VLAN 0 to HW filter on device batadv0
[  380.371965][T12273] veth0_vlan: entered promiscuous mode
[  380.375778][T12273] veth1_vlan: entered promiscuous mode
[  380.389621][T12273] veth0_macvtap: entered promiscuous mode
[  380.394847][T12273] veth1_macvtap: entered promiscuous mode
[  380.402605][T12273] batman_adv: batadv0: Interface activated: batadv_slave_0
[  380.405992][T12273] batman_adv: batadv0: Interface activated: batadv_slave_1
[  380.410829][T12273] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  380.413143][T12273] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  380.415348][T12273] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  380.417536][T12273] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  380.457327][ T1132] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  380.459523][ T1132] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  380.480300][ T1097] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  380.482313][ T1097] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  380.530377][ T5385] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[  380.590324][ T5349] Bluetooth: hci0: command tx timeout
[  380.680295][ T5385] usb 6-1: Using ep0 maxpacket: 16
[  380.683099][ T5385] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0
[  380.689624][ T5385] usb 6-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e
[  380.695271][ T5385] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  380.697354][ T5385] usb 6-1: Product: syz
[  380.711248][ T5385] usb 6-1: Manufacturer: syz
[  380.723958][ T5385] usb 6-1: SerialNumber: syz
[  380.731180][ T5385] usb 6-1: config 0 descriptor??
[  380.735505][ T5385] hub 6-1:0.0: bad descriptor, ignoring hub
[  380.737521][ T5385] hub 6-1:0.0: probe with driver hub failed with error -5
[  380.741601][ T5385] input: syz syz as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:0.0/input/input16
[  380.750328][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  380.947910][T12393] sch_fq: defrate 0 ignored.
[  381.591217][ T5349] Bluetooth: hci1: ACL packet for unknown connection handle 200
[  381.640440][ T5351] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  381.800263][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  382.208786][ T5351] Bluetooth: hci1: ACL packet for unknown connection handle 200
[  382.526999][ T5388] usb 6-1: USB disconnect, device number 6
[  382.720683][ T5351] Bluetooth: hci0: command 0x040f tx timeout
[  382.830289][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  383.324614][T12462] usb usb8: usbfs: process 12462 (syz.2.2029) did not claim interface 0 before use
[  383.871108][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  384.169277][ T5351] Bluetooth: hci2: ACL packet for unknown connection handle 200
[  384.421522][T12493] Bluetooth: hci0: Opcode 0x0c20 failed: -112
[  384.750542][ T5349] Bluetooth: hci0: command 0x040f tx timeout
[  384.754385][ T5351] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  384.764074][T12507] program syz.2.2041 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  384.910273][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  385.045746][T12517] syzkaller1: entered promiscuous mode
[  385.047431][T12517] syzkaller1: entered allmulticast mode
[  385.279872][ T5349] Bluetooth: hci2: ACL packet for unknown connection handle 200
[  385.352364][ T5349] Bluetooth: hci1: ACL packet for unknown connection handle 200
[  385.950275][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  386.531112][ T5349] Bluetooth: hci2: ACL packet for unknown connection handle 200
[  386.658461][T12565] infiniband Syz1: RDMA CMA: cma_listen_on_dev, error -98
[  386.830370][ T5349] Bluetooth: hci0: command 0x040f tx timeout
[  386.860492][ T5384] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[  387.000309][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  387.022220][ T5384] usb 6-1: Using ep0 maxpacket: 16
[  387.045849][ T5384] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0
[  387.056251][ T5384] usb 6-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e
[  387.060820][ T5384] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  387.065359][ T5384] usb 6-1: Product: syz
[  387.067093][ T5384] usb 6-1: Manufacturer: syz
[  387.068962][ T5384] usb 6-1: SerialNumber: syz
[  387.080085][ T5384] usb 6-1: config 0 descriptor??
[  387.093991][ T5384] hub 6-1:0.0: bad descriptor, ignoring hub
[  387.096194][ T5384] hub 6-1:0.0: probe with driver hub failed with error -5
[  387.113977][ T5384] input: syz syz as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:0.0/input/input17
[  387.305606][T12560] sch_fq: defrate 0 ignored.
[  388.030335][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  388.094179][   T30] usb 6-1: USB disconnect, device number 7
[  388.170460][ T5349] Bluetooth: hci1: ACL packet for unknown connection handle 200
[  388.910279][ T5349] Bluetooth: hci0: command 0x040f tx timeout
[  389.080396][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  389.617090][T12619] syzkaller1: entered promiscuous mode
[  389.618912][T12619] syzkaller1: entered allmulticast mode
[  390.110296][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  390.990351][ T5349] Bluetooth: hci0: command 0x040f tx timeout
[  391.101225][T12648] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2084'.
[  391.150260][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  391.331827][T12650] md2: using deprecated bitmap file support
[  391.333819][T12650] md2: error: failed to get bitmap file
[  391.376081][T12653] input: syz0 as /devices/virtual/input/input18
[  391.719584][T12661] Bluetooth: hci0: Opcode 0x0c20 failed: -112
[  391.947773][   T40] kauditd_printk_skb: 186 callbacks suppressed
[  391.947785][   T40] audit: type=1804 audit(1729063231.040:259): pid=12670 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.2089" name="/newroot/499/bus/bus" dev="overlay" ino=2772 res=1 errno=0
[  391.951460][T12669] Invalid ELF header magic: != ELF
[  391.960702][   T40] audit: type=1804 audit(1729063231.040:260): pid=12669 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.2089" name="/newroot/499/bus/bus" dev="overlay" ino=2772 res=1 errno=0
[  392.137518][T12673] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  392.190269][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  392.368154][T12677] FAULT_INJECTION: forcing a failure.
[  392.368154][T12677] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  392.371872][T12677] CPU: 1 UID: 0 PID: 12677 Comm: syz.3.2092 Not tainted 6.12.0-rc3-syzkaller-00044-g2f87d0916ce0 #0
[  392.374603][T12677] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  392.377357][T12677] Call Trace:
[  392.378225][T12677]  <TASK>
[  392.378994][T12677]  dump_stack_lvl+0x16c/0x1f0
[  392.380248][T12677]  should_fail_ex+0x497/0x5b0
[  392.381472][T12677]  _copy_to_user+0x30/0xc0
[  392.382626][T12677]  simple_read_from_buffer+0xd0/0x160
[  392.384015][T12677]  proc_fail_nth_read+0x198/0x270
[  392.385331][T12677]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  392.386767][T12677]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  392.388216][T12677]  vfs_read+0x1ce/0xbd0
[  392.389300][T12677]  ? __fget_files+0x23a/0x3f0
[  392.390628][T12677]  ? fdget_pos+0x24c/0x360
[  392.391812][T12677]  ? __pfx_lock_release+0x10/0x10
[  392.393123][T12677]  ? trace_lock_acquire+0x14a/0x1d0
[  392.394506][T12677]  ? __pfx_vfs_read+0x10/0x10
[  392.395759][T12677]  ? __pfx___mutex_lock+0x10/0x10
[  392.397080][T12677]  ? __fget_files+0x244/0x3f0
[  392.398321][T12677]  ksys_read+0x12f/0x260
[  392.399443][T12677]  ? __pfx_ksys_read+0x10/0x10
[  392.400700][T12677]  __do_fast_syscall_32+0x73/0x120
[  392.402034][T12677]  do_fast_syscall_32+0x32/0x80
[  392.403304][T12677]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  392.404963][T12677] RIP: 0023:0xf7ff2579
[  392.406022][T12677] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  392.410934][T12677] RSP: 002b:00000000f57765a0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  392.413073][T12677] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000f5776620
[  392.415108][T12677] RDX: 000000000000000f RSI: 00000000f747bff4 RDI: 0000000000000000
[  392.417153][T12677] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  392.419193][T12677] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  392.421233][T12677] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  392.423275][T12677]  </TASK>
[  392.435540][ T5385] usb 7-1: new high-speed USB device number 7 using dummy_hcd
[  392.513609][ T5351] Bluetooth: Unexpected continuation frame (len 12)
[  392.590364][ T5385] usb 7-1: Using ep0 maxpacket: 8
[  392.596849][ T5385] usb 7-1: config 246 has too many interfaces: 42, using maximum allowed: 32
[  392.599105][ T5385] usb 7-1: config 246 descriptor has 1 excess byte, ignoring
[  392.601322][ T5385] usb 7-1: config 246 has 1 interface, different from the descriptor's value: 42
[  392.603656][ T5385] usb 7-1: config 246 interface 0 altsetting 0 has an endpoint descriptor with address 0x3F, changing to 0xF
[  392.618614][ T5385] usb 7-1: config 246 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 255, changing to 11
[  392.624478][ T5385] usb 7-1: config 246 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7
[  392.640322][ T5385] usb 7-1: config 246 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  392.643553][ T5351] Bluetooth: hci1: unexpected event for opcode 0x202a
[  392.696731][ T5385] usb 7-1: config 246 has too many interfaces: 42, using maximum allowed: 32
[  392.699119][ T5385] usb 7-1: config 246 descriptor has 1 excess byte, ignoring
[  392.712090][ T5385] usb 7-1: config 246 has 1 interface, different from the descriptor's value: 42
[  392.714441][ T5385] usb 7-1: config 246 interface 0 altsetting 0 has an endpoint descriptor with address 0x3F, changing to 0xF
[  392.718067][ T5385] usb 7-1: config 246 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 255, changing to 11
[  392.721603][ T5385] usb 7-1: config 246 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7
[  392.728663][ T5385] usb 7-1: config 246 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  392.732914][ T5385] usb 7-1: config 246 has too many interfaces: 42, using maximum allowed: 32
[  392.735513][ T5385] usb 7-1: config 246 descriptor has 1 excess byte, ignoring
[  392.737426][ T5385] usb 7-1: config 246 has 1 interface, different from the descriptor's value: 42
[  392.739937][ T5385] usb 7-1: config 246 interface 0 altsetting 0 has an endpoint descriptor with address 0x3F, changing to 0xF
[  392.756977][ T5385] usb 7-1: config 246 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 255, changing to 11
[  392.764728][ T5385] usb 7-1: config 246 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7
[  392.770651][ T5385] usb 7-1: config 246 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  392.779494][ T5385] usb 7-1: string descriptor 0 read error: -22
[  392.781334][ T5385] usb 7-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  392.784074][ T5385] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  392.793451][ T5385] adutux 7-1:246.0: ADU100  now attached to /dev/usb/adutux0
[  393.070384][ T5351] Bluetooth: hci0: command 0x040f tx timeout
[  393.074264][ T5349] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  393.230283][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  393.930677][   T30] usb 7-1: USB disconnect, device number 7
[  394.223310][T12722] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2103'.
[  394.249197][T12724] x_tables: ip_tables: MASQUERADE target: used from hooks INPUT, but only usable from POSTROUTING
[  394.270270][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  394.795809][T12735] FAULT_INJECTION: forcing a failure.
[  394.795809][T12735] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  394.798839][T12735] CPU: 1 UID: 0 PID: 12735 Comm: syz.2.2106 Not tainted 6.12.0-rc3-syzkaller-00044-g2f87d0916ce0 #0
[  394.801272][T12735] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  394.803777][T12735] Call Trace:
[  394.804571][T12735]  <TASK>
[  394.805274][T12735]  dump_stack_lvl+0x16c/0x1f0
[  394.806352][T12735]  should_fail_ex+0x497/0x5b0
[  394.807445][T12735]  ? fs_reclaim_acquire+0xae/0x150
[  394.808646][T12735]  should_fail_alloc_page+0xe7/0x130
[  394.809883][T12735]  prepare_alloc_pages.constprop.0+0x16f/0x560
[  394.811290][T12735]  __alloc_pages_noprof+0x190/0x25a0
[  394.812512][T12735]  ? copy_splice_read+0x1a8/0xb90
[  394.813709][T12735]  ? stack_trace_save+0x95/0xd0
[  394.814862][T12735]  ? __pfx_stack_trace_save+0x10/0x10
[  394.816108][T12735]  ? stack_depot_save_flags+0x28/0x900
[  394.817328][T12735]  ? __pfx___alloc_pages_noprof+0x10/0x10
[  394.818653][T12735]  ? copy_splice_read+0x1a8/0xb90
[  394.819841][T12735]  ? kasan_save_stack+0x33/0x60
[  394.820991][T12735]  ? kasan_save_track+0x14/0x30
[  394.822139][T12735]  ? __kasan_kmalloc+0xaa/0xb0
[  394.823263][T12735]  ? __kmalloc_noprof+0x1e8/0x410
[  394.824447][T12735]  ? copy_splice_read+0x1a8/0xb90
[  394.825631][T12735]  ? do_splice_read+0x282/0x370
[  394.826772][T12735]  ? splice_direct_to_actor+0x2a4/0xa40
[  394.828021][T12735]  ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  394.829467][T12735]  alloc_pages_bulk_noprof+0x77c/0x1110
[  394.830744][T12735]  ? __pfx_alloc_pages_bulk_noprof+0x10/0x10
[  394.832116][T12735]  ? trace_kmalloc+0x2d/0xe0
[  394.833164][T12735]  ? __kmalloc_noprof+0x207/0x410
[  394.834334][T12735]  copy_splice_read+0x1e3/0xb90
[  394.835472][T12735]  ? look_up_lock_class+0x6b/0x150
[  394.836632][T12735]  ? __pfx_copy_splice_read+0x10/0x10
[  394.837889][T12735]  ? __pfx_register_lock_class+0x10/0x10
[  394.839208][T12735]  ? __pfx_copy_splice_read+0x10/0x10
[  394.840578][T12735]  do_splice_read+0x282/0x370
[  394.841692][T12735]  splice_direct_to_actor+0x2a4/0xa40
[  394.842954][T12735]  ? __pfx_direct_splice_actor+0x10/0x10
[  394.844263][T12735]  ? __pfx_splice_direct_to_actor+0x10/0x10
[  394.845588][T12735]  ? __fget_files+0x23a/0x3f0
[  394.846648][T12735]  do_splice_direct+0x178/0x250
[  394.847719][T12735]  ? __pfx_do_splice_direct+0x10/0x10
[  394.848900][T12735]  ? __pfx_direct_file_splice_eof+0x10/0x10
[  394.850790][T12735]  ? bpf_lsm_file_permission+0x9/0x10
[  394.852462][T12735]  ? security_file_permission+0x71/0x210
[  394.854204][T12735]  do_sendfile+0xb0c/0xe40
[  394.855337][T12735]  ? __pfx_do_sendfile+0x10/0x10
[  394.856540][T12735]  ? __fget_files+0x244/0x3f0
[  394.857617][T12735]  __ia32_compat_sys_sendfile+0x1e7/0x230
[  394.858893][T12735]  ? ksys_write+0x1ad/0x260
[  394.859963][T12735]  ? __pfx___ia32_compat_sys_sendfile+0x10/0x10
[  394.861419][T12735]  __do_fast_syscall_32+0x73/0x120
[  394.862615][T12735]  do_fast_syscall_32+0x32/0x80
[  394.863760][T12735]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  394.865380][T12735] RIP: 0023:0xf7fef579
[  394.866389][T12735] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  394.870950][T12735] RSP: 002b:00000000f573456c EFLAGS: 00000296 ORIG_RAX: 00000000000000bb
[  394.873031][T12735] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 0000000000000007
[  394.874969][T12735] RDX: 0000000000000000 RSI: 0000000000089ffc RDI: 0000000000000000
[  394.876866][T12735] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  394.878662][T12735] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  394.880414][T12735] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  394.882185][T12735]  </TASK>
[  395.189260][ T5351] Bluetooth: hci0: command 0x040f tx timeout
[  395.273616][T12739] overlayfs: failed to decode file handle (len=6, type=248, flags=0, err=-61)
[  395.320276][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  395.491250][T12750] overlay: Unknown parameter 'euid'
[  395.502963][T12750] netlink: 'syz.2.2112': attribute type 3 has an invalid length.
[  395.506834][T12750] netlink: 130984 bytes leftover after parsing attributes in process `syz.2.2112'.
[  396.167919][T12737] block nbd1: shutting down sockets
[  396.350292][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  396.572839][T12768] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2117'.
[  396.578390][T12768] usb usb8: usbfs: interface 0 claimed by hub while 'syz.2.2117' sets config #261
[  396.590716][T12768] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2117'.
[  396.636197][T12779] netlink: 132 bytes leftover after parsing attributes in process `syz.2.2120'.
[  396.682090][T12781] random: crng reseeded on system resumption
[  396.694079][T12781] loop9: detected capacity change from 0 to 6
[  396.700335][T12781] Dev loop9: unable to read RDB block 6
[  396.702154][T12781]  loop9: unable to read partition table
[  396.703762][T12781] loop9: partition table beyond EOD, truncated
[  396.705368][T12781] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dƤ����ݡ�����
[  396.705368][T12781] 
) failed (rc=-5)
[  396.772291][T12781] Dev loop9: unable to read RDB block 6
[  396.778239][T12781]  loop9: unable to read partition table
[  396.800358][T12781] loop9: partition table beyond EOD, truncated
[  396.802011][T12781] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dƤ����ݡ�����
[  396.802011][T12781] 
) failed (rc=-5)
[  397.120419][   T57] usb 8-1: new high-speed USB device number 5 using dummy_hcd
[  397.178405][T12800] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check.
[  397.250310][ T5351] Bluetooth: hci0: command 0x040f tx timeout
[  397.280280][   T57] usb 8-1: Using ep0 maxpacket: 8
[  397.291617][   T57] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  397.294659][   T57] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  397.297648][   T57] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  397.304250][   T57] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  397.315201][   T57] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  397.322100][   T57] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  397.400255][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  397.552451][T12789] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2123'.
[  397.560746][   T57] usb 8-1: usb_control_msg returned -32
[  397.562198][   T57] usbtmc 8-1:16.0: can't read capabilities
[  398.185206][T12828] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2138'.
[  398.329906][T12836] FAULT_INJECTION: forcing a failure.
[  398.329906][T12836] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  398.353106][T12836] CPU: 1 UID: 0 PID: 12836 Comm: syz.0.2135 Not tainted 6.12.0-rc3-syzkaller-00044-g2f87d0916ce0 #0
[  398.355879][T12836] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  398.358583][T12836] Call Trace:
[  398.359456][T12836]  <TASK>
[  398.360228][T12836]  dump_stack_lvl+0x16c/0x1f0
[  398.361525][T12836]  should_fail_ex+0x497/0x5b0
[  398.362745][T12836]  ? fs_reclaim_acquire+0xae/0x150
[  398.364073][T12836]  should_fail_alloc_page+0xe7/0x130
[  398.365438][T12836]  prepare_alloc_pages.constprop.0+0x16f/0x560
[  398.367022][T12836]  __alloc_pages_noprof+0x190/0x25a0
[  398.368388][T12836]  ? copy_splice_read+0x1a8/0xb90
[  398.369684][T12836]  ? stack_trace_save+0x95/0xd0
[  398.370941][T12836]  ? __pfx_stack_trace_save+0x10/0x10
[  398.372328][T12836]  ? stack_depot_save_flags+0x28/0x900
[  398.373730][T12836]  ? __pfx___alloc_pages_noprof+0x10/0x10
[  398.375201][T12836]  ? copy_splice_read+0x1a8/0xb90
[  398.376485][T12836]  ? kasan_save_stack+0x33/0x60
[  398.377789][T12836]  ? kasan_save_track+0x14/0x30
[  398.379049][T12836]  ? __kasan_kmalloc+0xaa/0xb0
[  398.380287][T12836]  ? __kmalloc_noprof+0x1e8/0x410
[  398.381593][T12836]  ? copy_splice_read+0x1a8/0xb90
[  398.382895][T12836]  ? do_splice_read+0x282/0x370
[  398.384168][T12836]  ? splice_direct_to_actor+0x2a4/0xa40
[  398.385602][T12836]  ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  398.387279][T12836]  alloc_pages_bulk_noprof+0x77c/0x1110
[  398.388724][T12836]  ? __pfx_alloc_pages_bulk_noprof+0x10/0x10
[  398.390273][T12836]  ? trace_kmalloc+0x2d/0xe0
[  398.391490][T12836]  ? __kmalloc_noprof+0x207/0x410
[  398.392798][T12836]  copy_splice_read+0x1e3/0xb90
[  398.394131][T12836]  ? __pfx_copy_splice_read+0x10/0x10
[  398.395537][T12836]  ? pipe_unlock+0x4a/0x70
[  398.396719][T12836]  ? __pfx_splice_from_pipe+0x10/0x10
[  398.398114][T12836]  ? __pfx_register_lock_class+0x10/0x10
[  398.399577][T12836]  ? __pfx_copy_splice_read+0x10/0x10
[  398.400962][T12836]  do_splice_read+0x282/0x370
[  398.402183][T12836]  splice_direct_to_actor+0x2a4/0xa40
[  398.403545][T12836]  ? __pfx_direct_splice_actor+0x10/0x10
[  398.404924][T12836]  ? __pfx_splice_direct_to_actor+0x10/0x10
[  398.406439][T12836]  ? __fget_files+0x23a/0x3f0
[  398.407666][T12836]  do_splice_direct+0x178/0x250
[  398.408931][T12836]  ? __pfx_do_splice_direct+0x10/0x10
[  398.410320][T12836]  ? __pfx_direct_file_splice_eof+0x10/0x10
[  398.411923][T12836]  ? bpf_lsm_file_permission+0x9/0x10
[  398.413333][T12836]  ? security_file_permission+0x71/0x210
[  398.414790][T12836]  do_sendfile+0xb0c/0xe40
[  398.415982][T12836]  ? __pfx_do_sendfile+0x10/0x10
[  398.417263][T12836]  ? __fget_files+0x244/0x3f0
[  398.418487][T12836]  __ia32_compat_sys_sendfile+0x1e7/0x230
[  398.419967][T12836]  ? ksys_write+0x1ad/0x260
[  398.421154][T12836]  ? __pfx___ia32_compat_sys_sendfile+0x10/0x10
[  398.422768][T12836]  __do_fast_syscall_32+0x73/0x120
[  398.424138][T12836]  do_fast_syscall_32+0x32/0x80
[  398.425531][T12836]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  398.427156][T12836] RIP: 0023:0xf742e579
[  398.428225][T12836] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  398.433217][T12836] RSP: 002b:00000000f56d456c EFLAGS: 00000296 ORIG_RAX: 00000000000000bb
[  398.435381][T12836] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 0000000000000007
[  398.437402][T12836] RDX: 0000000000000000 RSI: 0000000000089ffc RDI: 0000000000000000
[  398.439434][T12836] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  398.441445][T12836] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  398.443464][T12836] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  398.445488][T12836]  </TASK>
[  398.450307][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  399.248234][T12847] hpfs: bad mount options.
[  399.282095][T12851] binder: 12849:12851 ioctl ae78 20000180 returned -22
[  399.364889][T12856] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2144'.
[  399.470257][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  399.892774][ T5385] usb 8-1: USB disconnect, device number 5
[  400.520259][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  401.560260][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  401.772809][T12900] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2156'.
[  402.040358][ T5384] usb 8-1: new high-speed USB device number 6 using dummy_hcd
[  402.200284][ T5384] usb 8-1: Using ep0 maxpacket: 32
[  402.203199][ T5384] usb 8-1: config index 0 descriptor too short (expected 29220, got 36)
[  402.205350][ T5384] usb 8-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  402.207540][ T5384] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 81
[  402.209644][ T5384] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  402.232917][ T5384] usb 8-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  402.235994][ T5384] usb 8-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  402.242960][ T5384] usb 8-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  402.250343][ T5384] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  402.257695][ T5384] usb 8-1: config 0 descriptor??
[  402.494440][ T5384] usblp 8-1:0.0: usblp0: USB Bidirectional printer dev 6 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  402.521202][ T5384] usb 8-1: USB disconnect, device number 6
[  402.531563][ T5384] usblp0: removed
[  402.590282][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  402.914366][T12911] program syz.0.2159 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  402.918487][   T40] audit: type=1326 audit(1729063242.010:261): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12910 comm="syz.0.2159" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf742e579 code=0x0
[  403.202521][T12914] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2160'.
[  403.204769][T12914] netlink: 'syz.1.2160': attribute type 7 has an invalid length.
[  403.206767][T12914] netlink: 'syz.1.2160': attribute type 8 has an invalid length.
[  403.208779][T12914] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2160'.
[  403.234454][T12914] gretap0: entered promiscuous mode
[  403.240761][T12914] batadv_slave_1: entered promiscuous mode
[  403.250912][T12914] gretap0: left promiscuous mode
[  403.255227][T12914] batadv_slave_1: left promiscuous mode
[  403.640258][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  404.533211][ T5351] Bluetooth: Unexpected continuation frame (len 12)
[  404.670260][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  404.927029][T12934] Bluetooth: hci0: Opcode 0x0c20 failed: -112
[  405.405161][ T5349] Bluetooth: hci2: unexpected event for opcode 0x202a
[  405.720253][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  406.192511][ T5349] Bluetooth: hci2: ACL packet for unknown connection handle 200
[  406.750323][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  406.910353][ T5349] Bluetooth: hci0: command 0x040f tx timeout
[  406.912107][ T5351] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  407.790280][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  408.380396][ T5349] Bluetooth: hci2: ACL packet for unknown connection handle 200
[  408.392534][ T5351] Bluetooth: hci0: Opcode 0x0c1a failed: -112
[  408.401699][T12988] Bluetooth: hci0: Opcode 0x0c20 failed: -22
[  408.404064][ T5351] ==================================================================
[  408.406639][ T5351] BUG: KASAN: slab-use-after-free in set_powered_sync+0xc1/0xd0
[  408.408659][ T5351] Read of size 8 at addr ffff888022491c98 by task kworker/u33:4/5351
[  408.412180][ T5351] 
[  408.413153][ T5351] CPU: 1 UID: 0 PID: 5351 Comm: kworker/u33:4 Not tainted 6.12.0-rc3-syzkaller-00044-g2f87d0916ce0 #0
[  408.415948][ T5351] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  408.418553][ T5351] Workqueue: hci0 hci_cmd_sync_work
[  408.419919][ T5351] Call Trace:
[  408.420755][ T5351]  <TASK>
[  408.421524][ T5351]  dump_stack_lvl+0x116/0x1f0
[  408.422757][ T5351]  print_report+0xc3/0x620
[  408.423933][ T5351]  ? __virt_addr_valid+0x5e/0x590
[  408.425244][ T5351]  ? __phys_addr+0xc6/0x150
[  408.426430][ T5351]  kasan_report+0xd9/0x110
[  408.427603][ T5351]  ? set_powered_sync+0xc1/0xd0
[  408.428867][ T5351]  ? set_powered_sync+0xc1/0xd0
[  408.430140][ T5351]  set_powered_sync+0xc1/0xd0
[  408.431375][ T5351]  hci_cmd_sync_work+0x1a4/0x410
[  408.432667][ T5351]  ? __pfx_mgmt_set_connectable_complete+0x10/0x10
[  408.434348][ T5351]  process_one_work+0x958/0x1b30
[  408.435661][ T5351]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  408.437139][ T5351]  ? __pfx_process_one_work+0x10/0x10
[  408.438536][ T5351]  ? assign_work+0x1a0/0x250
[  408.439758][ T5351]  worker_thread+0x6c8/0xf00
[  408.440974][ T5351]  ? __pfx_worker_thread+0x10/0x10
[  408.442310][ T5351]  kthread+0x2c1/0x3a0
[  408.443386][ T5351]  ? _raw_spin_unlock_irq+0x23/0x50
[  408.444740][ T5351]  ? __pfx_kthread+0x10/0x10
[  408.445943][ T5351]  ret_from_fork+0x45/0x80
[  408.447073][ T5351]  ? __pfx_kthread+0x10/0x10
[  408.448288][ T5351]  ret_from_fork_asm+0x1a/0x30
[  408.449556][ T5351]  </TASK>
[  408.450366][ T5351] 
[  408.450990][ T5351] Allocated by task 12993:
[  408.452157][ T5351]  kasan_save_stack+0x33/0x60
[  408.453384][ T5351]  kasan_save_track+0x14/0x30
[  408.454610][ T5351]  __kasan_kmalloc+0xaa/0xb0
[  408.455825][ T5351]  mgmt_pending_new+0x5b/0x290
[  408.457064][ T5351]  mgmt_pending_add+0x36/0x160
[  408.458303][ T5351]  set_powered+0x28c/0x5c0
[  408.459661][ T5351]  hci_sock_sendmsg+0x1528/0x25e0
[  408.460981][ T5351]  sock_write_iter+0x4fe/0x5b0
[  408.462228][ T5351]  vfs_write+0x6b5/0x1140
[  408.463352][ T5351]  ksys_write+0x1fa/0x260
[  408.464472][ T5351]  __do_fast_syscall_32+0x73/0x120
[  408.465797][ T5351]  do_fast_syscall_32+0x32/0x80
[  408.467062][ T5351]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  408.468677][ T5351] 
[  408.469309][ T5351] Freed by task 12970:
[  408.470360][ T5351]  kasan_save_stack+0x33/0x60
[  408.471588][ T5351]  kasan_save_track+0x14/0x30
[  408.472805][ T5351]  kasan_save_free_info+0x3b/0x60
[  408.474109][ T5351]  __kasan_slab_free+0x51/0x70
[  408.475364][ T5351]  kfree+0x14f/0x4b0
[  408.476377][ T5351]  settings_rsp+0x257/0x400
[  408.477548][ T5351]  mgmt_pending_foreach+0xdf/0x140
[  408.478860][ T5351]  __mgmt_power_off+0xc8/0x2c0
[  408.480111][ T5351]  hci_dev_close_sync+0xcb8/0x11d0
[  408.481429][ T5351]  hci_dev_do_close+0x2e/0x90
[  408.482646][ T5351]  hci_dev_close+0x183/0x1e0
[  408.483851][ T5351]  hci_sock_ioctl+0x28c/0x880
[  408.485053][ T5351]  hci_sock_compat_ioctl+0x43/0x80
[  408.486405][ T5351]  compat_sock_ioctl+0x17b/0x7e0
[  408.487688][ T5351]  __do_compat_sys_ioctl+0x259/0x2b0
[  408.489050][ T5351]  __do_fast_syscall_32+0x73/0x120
[  408.490386][ T5351]  do_fast_syscall_32+0x32/0x80
[  408.491675][ T5351]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  408.493346][ T5351] 
[  408.493965][ T5351] The buggy address belongs to the object at ffff888022491c80
[  408.493965][ T5351]  which belongs to the cache kmalloc-96 of size 96
[  408.497497][ T5351] The buggy address is located 24 bytes inside of
[  408.497497][ T5351]  freed 96-byte region [ffff888022491c80, ffff888022491ce0)
[  408.500959][ T5351] 
[  408.501586][ T5351] The buggy address belongs to the physical page:
[  408.503233][ T5351] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x22491
[  408.505465][ T5351] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  408.507493][ T5351] page_type: f5(slab)
[  408.508527][ T5351] raw: 00fff00000000000 ffff88801ac42280 ffffea00017b0c00 dead000000000008
[  408.510716][ T5351] raw: 0000000000000000 0000000080200020 00000001f5000000 0000000000000000
[  408.512908][ T5351] page dumped because: kasan: bad access detected
[  408.514554][ T5351] page_owner tracks the page as allocated
[  408.516033][ T5351] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52c40(GFP_NOFS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 4820, tgid 4820 (acpid), ts 14284825135, free_ts 14244358889
[  408.520707][ T5351]  post_alloc_hook+0x2d1/0x350
[  408.521953][ T5351]  get_page_from_freelist+0x101e/0x3070
[  408.523413][ T5351]  __alloc_pages_noprof+0x223/0x25a0
[  408.524776][ T5351]  alloc_pages_mpol_noprof+0x2c9/0x610
[  408.526189][ T5351]  new_slab+0x2ba/0x3f0
[  408.527277][ T5351]  ___slab_alloc+0xd1d/0x16f0
[  408.528503][ T5351]  __slab_alloc.constprop.0+0x56/0xb0
[  408.529898][ T5351]  __kmalloc_noprof+0x379/0x410
[  408.531163][ T5351]  tomoyo_get_name+0x246/0x490
[  408.532413][ T5351]  tomoyo_parse_name_union+0x121/0x1f0
[  408.533965][ T5351]  tomoyo_write_file+0x4d3/0x7f0
[  408.535325][ T5351]  tomoyo_write_domain2+0x129/0x1f0
[  408.536694][ T5351]  tomoyo_supervisor+0x4ad/0x1180
[  408.538052][ T5351]  tomoyo_path_permission+0x270/0x3b0
[  408.539508][ T5351]  tomoyo_check_open_permission+0x377/0x3b0
[  408.541066][ T5351]  tomoyo_file_open+0x6b/0x90
[  408.542285][ T5351] page last free pid 4822 tgid 4822 stack trace:
[  408.543907][ T5351]  free_unref_page+0x5f4/0xdc0
[  408.545149][ T5351]  __put_partials+0x14c/0x170
[  408.546466][ T5351]  qlist_free_all+0x4e/0x120
[  408.547696][ T5351]  kasan_quarantine_reduce+0x192/0x1e0
[  408.549170][ T5351]  __kasan_slab_alloc+0x69/0x90
[  408.550434][ T5351]  kmem_cache_alloc_node_noprof+0x153/0x310
[  408.551978][ T5351]  copy_process+0x49c/0x6ee0
[  408.553177][ T5351]  kernel_clone+0xfd/0x960
[  408.554329][ T5351]  __do_sys_vfork+0x89/0xc0
[  408.555522][ T5351]  do_syscall_64+0xcd/0x250
[  408.556700][ T5351]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  408.558229][ T5351] 
[  408.558849][ T5351] Memory state around the buggy address:
[  408.560325][ T5351]  ffff888022491b80: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[  408.562381][ T5351]  ffff888022491c00: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[  408.564428][ T5351] >ffff888022491c80: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[  408.566469][ T5351]                             ^
[  408.567970][ T5351]  ffff888022491d00: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[  408.570129][ T5351]  ffff888022491d80: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[  408.572192][ T5351] ==================================================================
[  408.576341][ T5351] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  408.578222][ T5351] CPU: 1 UID: 0 PID: 5351 Comm: kworker/u33:4 Not tainted 6.12.0-rc3-syzkaller-00044-g2f87d0916ce0 #0
[  408.580920][ T5351] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  408.583641][ T5351] Workqueue: hci0 hci_cmd_sync_work
[  408.584985][ T5351] Call Trace:
[  408.585850][ T5351]  <TASK>
[  408.586620][ T5351]  dump_stack_lvl+0x3d/0x1f0
[  408.587830][ T5351]  panic+0x71d/0x800
[  408.588852][ T5351]  ? __pfx_panic+0x10/0x10
[  408.590017][ T5351]  ? preempt_schedule_thunk+0x1a/0x30
[  408.591422][ T5351]  ? preempt_schedule_common+0x44/0xc0
[  408.593025][ T5351]  ? check_panic_on_warn+0x1f/0xb0
[  408.594356][ T5351]  check_panic_on_warn+0xab/0xb0
[  408.595661][ T5351]  end_report+0x117/0x180
[  408.596816][ T5351]  kasan_report+0xe9/0x110
[  408.597987][ T5351]  ? set_powered_sync+0xc1/0xd0
[  408.599276][ T5351]  ? set_powered_sync+0xc1/0xd0
[  408.600558][ T5351]  set_powered_sync+0xc1/0xd0
[  408.601795][ T5351]  hci_cmd_sync_work+0x1a4/0x410
[  408.603092][ T5351]  ? __pfx_mgmt_set_connectable_complete+0x10/0x10
[  408.604769][ T5351]  process_one_work+0x958/0x1b30
[  408.606070][ T5351]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  408.607542][ T5351]  ? __pfx_process_one_work+0x10/0x10
[  408.608950][ T5351]  ? assign_work+0x1a0/0x250
[  408.610174][ T5351]  worker_thread+0x6c8/0xf00
[  408.611498][ T5351]  ? __pfx_worker_thread+0x10/0x10
[  408.612837][ T5351]  kthread+0x2c1/0x3a0
[  408.613908][ T5351]  ? _raw_spin_unlock_irq+0x23/0x50
[  408.615297][ T5351]  ? __pfx_kthread+0x10/0x10
[  408.616512][ T5351]  ret_from_fork+0x45/0x80
[  408.617690][ T5351]  ? __pfx_kthread+0x10/0x10
[  408.618829][ T5351]  ret_from_fork_asm+0x1a/0x30
[  408.620069][ T5351]  </TASK>
[  408.621309][ T5351] Kernel Offset: disabled
[  408.622381][ T5351] Rebooting in 86400 seconds..

VM DIAGNOSIS:
07:20:47  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000f692ad RBX=0000000000000000 RCX=ffffffff8b137a49 RDX=0000000000000000
RSI=ffffffff8b4cc8e0 RDI=ffffffff8bb12ae0 RBP=fffffbfff1b52af8 RSP=ffffffff8da07e20
R8 =0000000000000001 R9 =ffffed1005687025 R10=ffff88802b43812b R11=0000000000000000
R12=0000000000000000 R13=ffffffff8da957c0 R14=ffffffff901ce188 R15=0000000000000000
RIP=ffffffff8b138e2f RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88802b400000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=000000002028b000 CR3=00000000498a2000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000008082082 Opmask01=0000000000000000 Opmask02=00000000dfff7fff Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000001 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000a60ce07b 00000000cec3662e
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 4458d53835c14686
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=6b20657479622d32 3320646e61707865 6b20657479622d32 3320646e61707865 6b20657479622d32 3320646e61707865 6b20657479622d32 3320646e61707865
ZMM17=fc34805734b32411 5d138c7e52c435f4 fc34805734b32411 5d138c7e52c435f4 fc34805734b32411 5d138c7e52c435f4 fc34805734b32411 5d138c7e52c435f4
ZMM18=ffc211e22987c2af eb96febf8e8d8937 ffc211e22987c2af eb96febf8e8d8937 ffc211e22987c2af eb96febf8e8d8937 ffc211e22987c2af eb96febf8e8d8937
ZMM19=f11b000000000000 0000000000000010 f11b000000000000 000000000000000f f11b000000000000 000000000000000e f11b000000000000 000000000000000d
ZMM20=0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004
ZMM21=5d138c7e5d138c7e 5d138c7e5d138c7e 5d138c7e5d138c7e 5d138c7e5d138c7e 5d138c7e5d138c7e 5d138c7e5d138c7e 5d138c7e5d138c7e 5d138c7e5d138c7e
ZMM22=34b3241134b32411 34b3241134b32411 34b3241134b32411 34b3241134b32411 34b3241134b32411 34b3241134b32411 34b3241134b32411 34b3241134b32411
ZMM23=fc348057fc348057 fc348057fc348057 fc348057fc348057 fc348057fc348057 fc348057fc348057 fc348057fc348057 fc348057fc348057 fc348057fc348057
ZMM24=8e8d89378e8d8937 8e8d89378e8d8937 8e8d89378e8d8937 8e8d89378e8d8937 8e8d89378e8d8937 8e8d89378e8d8937 8e8d89378e8d8937 8e8d89378e8d8937
ZMM25=eb96febfeb96febf eb96febfeb96febf eb96febfeb96febf eb96febfeb96febf eb96febfeb96febf eb96febfeb96febf eb96febfeb96febf eb96febfeb96febf
ZMM26=2987c2af2987c2af 2987c2af2987c2af 2987c2af2987c2af 2987c2af2987c2af 2987c2af2987c2af 2987c2af2987c2af 2987c2af2987c2af 2987c2af2987c2af
ZMM27=ffc211e2ffc211e2 ffc211e2ffc211e2 ffc211e2ffc211e2 ffc211e2ffc211e2 ffc211e2ffc211e2 ffc211e2ffc211e2 ffc211e2ffc211e2 ffc211e2ffc211e2
ZMM28=000000100000000f 0000000e0000000d 0000000c0000000b 0000000a00000009 0000000800000007 0000000600000005 0000000400000003 0000000200000001
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=f11b0000f11b0000 f11b0000f11b0000 f11b0000f11b0000 f11b0000f11b0000 f11b0000f11b0000 f11b0000f11b0000 f11b0000f11b0000 f11b0000f11b0000
info registers vcpu 1

CPU#1
RAX=000000000000006b RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff8503db85 RDI=ffffffff9a63d260 RBP=ffffffff9a63d220 RSP=ffffc90003a97698
R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=3432323038386552
R12=0000000000000000 R13=000000000000006b R14=ffffffff8503db20 R15=0000000000000000
RIP=ffffffff8503dbaf RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88802b500000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000f73aca50 CR3=000000002824e000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000060001 Opmask01=0000000001800040 Opmask02=00000000ffffffff Opmask03=0000000000000000
Opmask04=00000000f7ffffff Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000001
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffcbdf2d880 0000003000000018
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 6565656565656565 6565656565656565
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ff00ff0000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff ffffffffffff0000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ff00ff0000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0a0a0a0a0a0a0a0a 0a0a0a0a0a0a0a0a 0a0a0a0a0a0a0a0a 0a0a0a0a0a0a0a0a
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6f6f7465756c4220 5d31353335000030 303220656c646e61 68206e6f69746300
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6565746575664220 5731353335000030 3032206566646461 6220646563746300
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 656d6c0000303430 3d65646163203937 2033303030303030 343d6820313d2031
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 3024650000202230 376563203020332d 2033302f22203030 342022203131202e
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 3a24707379283767 6765692a3a3b3338 3b376e637a2a6e6f 64636c646569647f
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 7a6765692a3a3e38 3766666b69797379 2a393a3a3a3a3a3a 3e376269786b2a3b
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 2

CPU#2
RAX=0000000000000000 RBX=ffff88802b546780 RCX=ffffffff8180abcc RDX=ffff88801b744880
RSI=ffffffff8180aba6 RDI=0000000000000005 RBP=0000000000000003 RSP=ffffc900003e79a0
R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000000
R12=ffffed10056a8cf1 R13=0000000000000001 R14=ffff88802b546788 R15=ffff88802b640100
RIP=ffffffff8180aba8 RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88802b600000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000008f000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=000000000c2bb9db CR3=000000000db7c000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000008
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000015000000000 0000000600000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 3

CPU#3
RAX=0000000000000000 RBX=0000000000000000 RCX=1ffff11003e725ed RDX=0000000000020000
RSI=0000000000000022 RDI=ffff88801f392f94 RBP=0000000000000000 RSP=ffffc90007257960
R8 =0000000000000000 R9 =0000000000000000 R10=000000000000000a R11=0000000000000002
R12=0000000000000000 R13=ffff88801f392f70 R14=0000000000000022 R15=ffff88801f392440
RIP=ffffffff8169f6ae RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88802b700000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000d6000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000f5675bac CR3=0000000028c24000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000060000000 Opmask01=0000000000000001 Opmask02=0000000000010000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000001
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fff309349a0 0000003000000010
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 6565656565656565 6565656565656565
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ff00ff0000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff ffffffffffff0000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ff00ff0000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4f6e3a6d5e007325 2e73250064252e73 2500656c6f736e6f 632f7665642f000a
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4f4b1f485e005600 0b56000041000b56 000040494a564b4a 460a5340410a000a
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0a2e27302031322e 312e6e6f6360203d 6a62636f20352032 3720393439323400
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000