last executing test programs:

3.795875056s ago: executing program 0 (id=1916):
socket$kcm(0x10, 0x3, 0x10)
r0 = syz_open_dev$dri(0x0, 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r0, 0xc01864c6, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r0, 0xc01864c6, 0x0)
ioctl$DRM_IOCTL_MODE_LIST_LESSEES(r0, 0xc01064c7, 0x0)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, 0x0, 0x0)
accept4(r1, 0x0, 0x0, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={{0x14}, [@NFT_MSG_NEWRULE={0x38, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x18, 0x4, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, @masq={{0x9}, @val={0x4}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0x60}}, 0x0)
r3 = socket$kcm(0x2, 0x200000000000001, 0x106)
sendmsg$kcm(r3, &(0x7f0000001900)={0x0, 0x0, 0x0}, 0x20040000)
sendmsg$inet(r3, &(0x7f0000000080)={&(0x7f0000000140)={0x2, 0x4001, @local}, 0xfc, 0x0}, 0x30004001)
r4 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r4, &(0x7f0000000000)={0x0, 0xffffff0a, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f030022003505d25a806f8c2394f90435fc600400110a0a740100053582c137153e370248018000f01700d1bd", 0x33fe0}], 0x1}, 0x0)

3.744417763s ago: executing program 0 (id=1918):
r0 = semget(0xffffffffffffffff, 0x3, 0x0)
semctl$SETALL(r0, 0x0, 0x11, &(0x7f0000000000))
semctl$SETALL(r0, 0x0, 0x11, &(0x7f0000000100)=[0x1])
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000900)={&(0x7f0000000880)=ANY=[@ANYBLOB="1c00000001040108c069b3718beced2c000000040500010001"], 0x1c}}, 0x0)
pipe2(&(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
r3 = socket$packet(0x11, 0x2, 0x300)
sched_setscheduler(0x0, 0x2, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f000014f000)={0x0, 0x0, &(0x7f00000bfff0)={0x0, 0xb8}, 0x1, 0xfffff000}, 0x0)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000640)=@updpolicy={0xb8, 0x19, 0xfd3649826d894c67, 0x0, 0x0, {{@in6=@mcast1, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa}}}, 0xb8}}, 0x0)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
r6 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x20000899)
sendmsg$nl_xfrm(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000640)=@updpolicy={0xb8, 0x19, 0xfd3649826d894c67, 0x0, 0x0, {{@in6=@mcast1, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x8000}}, 0xb8}}, 0x0)
sendmsg$nl_xfrm(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000003c0)=ANY=[], 0xb8}}, 0x0)
setsockopt$packet_rx_ring(r3, 0x107, 0x5, &(0x7f0000000000)=@req3={0x1000, 0x3a, 0x1000, 0x3a}, 0x1c)
close_range(r2, 0xffffffffffffffff, 0x0) (fail_nth: 1)
sendmsg$NFULNL_MSG_CONFIG(r1, 0x0, 0x0)
ioctl$TCSETSF(0xffffffffffffffff, 0x5404, 0x0)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)

3.642372269s ago: executing program 0 (id=1920):
r0 = semget(0xffffffffffffffff, 0x3, 0x0)
semctl$SETALL(r0, 0x0, 0x11, &(0x7f0000000000))
semctl$SETALL(r0, 0x0, 0x11, &(0x7f0000000100)=[0x1])
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000900)={&(0x7f0000000880)=ANY=[@ANYBLOB="1c00000001040108c069b3718beced2c000000040500010001"], 0x1c}}, 0x0)
pipe2(&(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
r3 = socket$packet(0x11, 0x2, 0x300)
sched_setscheduler(0x0, 0x2, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f000014f000)={0x0, 0x0, &(0x7f00000bfff0)={0x0, 0xb8}, 0x1, 0xfffff000}, 0x0)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000640)=@updpolicy={0xb8, 0x19, 0xfd3649826d894c67, 0x0, 0x0, {{@in6=@mcast1, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa}}}, 0xb8}}, 0x0)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
r6 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x20000899)
sendmsg$nl_xfrm(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000640)=@updpolicy={0xb8, 0x19, 0xfd3649826d894c67, 0x0, 0x0, {{@in6=@mcast1, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x8000}}, 0xb8}}, 0x0)
sendmsg$nl_xfrm(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000003c0)=ANY=[], 0xb8}}, 0x0)
setsockopt$packet_rx_ring(r3, 0x107, 0x5, &(0x7f0000000000)=@req3={0x1000, 0x3a, 0x1000, 0x3a}, 0x1c)
close_range(r2, 0xffffffffffffffff, 0x0)
sendmsg$NFULNL_MSG_CONFIG(r1, 0x0, 0x0)
ioctl$TCSETSF(0xffffffffffffffff, 0x5404, 0x0)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)

3.510143081s ago: executing program 0 (id=1921):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff})
openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
openat$uinput(0xffffffffffffff9c, 0x0, 0x802, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB, @ANYRES16=r2, @ANYBLOB, @ANYRES8=0x0], 0x50)
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r3, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(r3, &(0x7f0000000000), 0xd)

3.434997103s ago: executing program 0 (id=1922):
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r0 = open(&(0x7f0000000040)='./cgroup.cpu/cpuset.cpus\x00', 0x121342, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r3 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r2, &(0x7f0000000240)=ANY=[@ANYBLOB="0c0088fb000004"], 0xfce)
r4 = getpid()
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r6 = syz_open_procfs(0x0, &(0x7f0000001080)='net/protocols\x00')
preadv(r6, &(0x7f0000000480)=[{&(0x7f00000001c0)=""/158, 0x9e}], 0x1, 0x2, 0x0)
mount$tmpfs(0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="0c26d26c6b70d9cb515718f85eac", @ANYRESDEC, @ANYRESHEX=r5, @ANYRES16])
mount(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f0000000100)='devpts\x00', 0x0, &(0x7f0000000400))
capget(&(0x7f0000000000)={0x0, r4}, 0x0)
openat$ppp(0xffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_wireguard(r8, 0x8933, &(0x7f0000001880)={'wg1\x00', <r9=>0x0})
r10 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000fc0), 0xffffffffffffffff)
sendmsg$WG_CMD_SET_DEVICE(r7, &(0x7f0000000b80)={0x0, 0x0, &(0x7f0000000b40)={&(0x7f00000003c0)={0x14, r10, 0xa29}, 0x14}}, 0x0)
sendmsg$WG_CMD_SET_DEVICE(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)={0x40, r10, 0x1, 0x0, 0x0, {}, [@WGDEVICE_A_PRIVATE_KEY={0x24, 0x3, @a}, @WGDEVICE_A_IFINDEX={0x8, 0x1, r9}]}, 0x40}}, 0x0)
write$tcp_mem(r0, &(0x7f00000006c0)={0x5, 0x2d, 0x0, 0xa, 0x0, 0x2c}, 0x48)

2.1487272s ago: executing program 1 (id=1930):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05000000000000000000070000000900010073797a30000000003c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a30000000000800054000000021500000000c0a01010000000000000000070000000900020073797a31000000000900010073797a300000000024000380f2fe008008000340000000000b801000018000000100667764000000028000000340000000000000024000000000000003400000000000000340000000000000024000000000000002400000000000000140000000000000"], 0xd4}}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = syz_open_dev$MSR(&(0x7f0000000500), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_INTERFACE(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB='$\x00\x00', @ANYRES16=r3, @ANYBLOB="05000000000000e000000600000008000300", @ANYRES32=<r4=>0xffffffffffffffff, @ANYBLOB="080005000200"], 0x24}}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x3c}, 0x1, 0x0, 0x0, 0x24060951}, 0x0)
nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, 0x0)
socketpair(0x29, 0x2, 0x0, &(0x7f0000000a40))
r5 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x3e, &(0x7f0000000000)=0x20000084, 0x4)
sendto$inet6(r5, 0x0, 0x0, 0x200c8004, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @mcast2}, 0x1c)
sendto$inet6(r5, &(0x7f00000009c0)="c7cfcaaa22e10542fca5c0195350f15147657e0bfc59d383a47190db88690e6fedc3040ab5809ae02a54cd429cc3338c5afa0c9dce3f91950d1f567f358ac21154159130e88cbb6c43197813b2f23f3e442f80877490b393408142ebcfea6821f543e5ee9e27032e2b75d78f1b79f5a6bb6f0645e267770ef7e8f3a92148091217450ce8581e54223eeb6486205a209bf1fe854d211c03f8c3140fc3979d824082990d119473d20e94f253c9621fac339560ae46cb24b88bf2d01559bb658e343257b90f233b81bc5c398be3bbddb23a1e", 0xffd6, 0xc001, 0x0, 0xffffffffffffff0c)
sendmsg$inet6(r5, &(0x7f0000000500)={0x0, 0x0, 0x0}, 0x0)
setsockopt$inet6_int(r5, 0x29, 0x19, 0x0, 0x0)
r6 = socket$unix(0x1, 0x2, 0x0)
syz_80211_inject_frame(&(0x7f0000000280), &(0x7f0000000580)=ANY=[@ANYRES8=r5, @ANYRESDEC=r5, @ANYRES32=r6, @ANYRES64=r4, @ANYRES64=r0, @ANYRESHEX=r3], 0x28)
socket(0x21, 0x2, 0x2)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r8, 0xae60)
ioctl$KVM_CREATE_PIT2(r8, 0x4040ae77, &(0x7f0000000040)={0x7})
r9 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6}]})
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x0)
close_range(r9, 0xffffffffffffffff, 0x0)

2.14818131s ago: executing program 2 (id=1931):
setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x41, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[@ANYBLOB="0000000000000000b7050000080000"], &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000200)={0x8}, 0x8, 0x10, &(0x7f0000000240)={0x3, 0x4, 0x3, 0x6}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r0 = syz_clone(0x800c000, 0x0, 0x0, 0x0, 0x0, 0x0)
kcmp(r0, 0x0, 0x2, 0xffffffffffffffff, 0xffffffffffffffff)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2)
socket(0x10, 0x3, 0x0)
execve(0x0, 0x0, 0x0)
bind$inet(0xffffffffffffffff, 0x0, 0x0)
socket(0x10, 0x125d47d40f39fcb0, 0x5)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
lsetxattr$system_posix_acl(&(0x7f0000000280)='./file0\x00', &(0x7f00000002c0)='system.posix_acl_default\x00', &(0x7f0000000540)=ANY=[], 0x6c, 0x1)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000004c0)='./bus\x00', &(0x7f0000000440), 0x0, 0x0)

978.441512ms ago: executing program 2 (id=1933):
socket$kcm(0x10, 0x3, 0x10)
r0 = syz_open_dev$dri(0x0, 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r0, 0xc01864c6, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r0, 0xc01864c6, 0x0)
ioctl$DRM_IOCTL_MODE_LIST_LESSEES(r0, 0xc01064c7, 0x0)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, 0x0, 0x0)
accept4(r1, 0x0, 0x0, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={{0x14}, [@NFT_MSG_NEWRULE={0x38, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x18, 0x4, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, @masq={{0x9}, @val={0x4}}}]}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x60}}, 0x0)
r3 = socket$kcm(0x2, 0x200000000000001, 0x106)
sendmsg$kcm(r3, &(0x7f0000001900)={0x0, 0x0, 0x0}, 0x20040000)
sendmsg$inet(r3, &(0x7f0000000080)={&(0x7f0000000140)={0x2, 0x4001, @local}, 0xfc, 0x0}, 0x30004001)
r4 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r4, &(0x7f0000000000)={0x0, 0xffffff0a, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f030022003505d25a806f8c2394f90435fc600400110a0a740100053582c137153e370248018000f01700d1bd", 0x33fe0}], 0x1}, 0x0)

899.84265ms ago: executing program 2 (id=1934):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x5c, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x74, 0x0, 0x0, 0x11203}, [@IFLA_LINKINFO={0x3c, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x2c, 0x2, 0x0, 0x1, [@IFLA_BR_STP_STATE={0x8, 0x5, 0x1}, @IFLA_BR_VLAN_DEFAULT_PVID={0x6}, @IFLA_BR_FORWARD_DELAY={0x8, 0x1, 0x15}, @IFLA_BR_AGEING_TIME={0x8, 0x4, 0x9}, @IFLA_BR_MCAST_ROUTER={0x5, 0x16, 0x1}]}}}]}, 0x5c}, 0x1, 0x0, 0x0, 0x800}, 0x0) (fail_nth: 3)

899.594347ms ago: executing program 2 (id=1935):
syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000500)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r0 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r0, 0x40045532, &(0x7f0000000580))
r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0)
write$binfmt_aout(r1, 0x0, 0x1000)
r2 = syz_open_dev$sndpcmp(&(0x7f0000000180), 0x0, 0xa2c65)
ioctl$SNDRV_PCM_IOCTL_READN_FRAMES(r2, 0x80184132, &(0x7f0000000500)={0x0, 0x0}) (fail_nth: 4)

749.199154ms ago: executing program 2 (id=1936):
r0 = socket$inet6(0xa, 0x3, 0x2f)
setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000003c0)={{{@in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @in=@dev={0xac, 0x14, 0x14, 0x16}, 0x0, 0x0, 0x0, 0x0, 0xa, 0xa0, 0xa0}, {0x0, 0x0, 0x0, 0x10000000, 0x0, 0x0, 0xfffffffffffffffe, 0x298}, {}, 0x0, 0x0, 0x1, 0x0, 0x5}, {{@in=@empty, 0x4d4, 0x6c}, 0x0, @in6=@empty, 0x0, 0x0, 0x0, 0x2}}, 0xe4)
syz_emit_ethernet(0x5e, &(0x7f00000000c0)={@local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x50, 0x68, 0x0, 0x6, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e22, 0x3c, 0x0, @opaque="fb43ea87cc392726c5a24bc9c3657cf2d599b2f69553089443c6071d083c1b4055510cff6801e3a214a03fff4c9cd25bc703f651"}}}}}, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_GSI_ROUTING(r2, 0x4020ae46, &(0x7f00000000c0)=ANY=[@ANYBLOB="010000000100"])
r3 = openat$vnet(0xffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VHOST_SET_LOG_BASE(r3, 0x4008af04, &(0x7f0000000140)=&(0x7f0000000080))

669.91887ms ago: executing program 1 (id=1937):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x5c, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x74, 0x0, 0x0, 0x11203}, [@IFLA_LINKINFO={0x3c, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x2c, 0x2, 0x0, 0x1, [@IFLA_BR_STP_STATE={0x8, 0x5, 0x1}, @IFLA_BR_VLAN_DEFAULT_PVID={0x6}, @IFLA_BR_FORWARD_DELAY={0x8, 0x1, 0x15}, @IFLA_BR_AGEING_TIME={0x8, 0x4, 0x9}, @IFLA_BR_MCAST_ROUTER={0x5, 0x16, 0x1}]}}}]}, 0x5c}, 0x1, 0x0, 0x0, 0x800}, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), r1)

669.586947ms ago: executing program 1 (id=1938):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff})
openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
openat$uinput(0xffffffffffffff9c, 0x0, 0x802, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1a000000070000000b00", @ANYRES16=r2, @ANYBLOB, @ANYRES8=0x0], 0x50)
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r3, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(r3, &(0x7f0000000000), 0xd)

665.469616ms ago: executing program 1 (id=1939):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETOBJ_RESET(r0, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000600)={&(0x7f00000003c0)=ANY=[@ANYBLOB="28000000150a010100"], 0x28}}, 0x0) (fail_nth: 8)

470.097495ms ago: executing program 2 (id=1940):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=ANY=[@ANYBLOB="5000000008021100000108021100000008021100004000000000000000000000640001000006020202020202010882848b960c121824"], 0x36)
nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380))
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={{{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r3}, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCETHTOOL(r4, 0x8946, &(0x7f0000000000)={'netdevsim0\x00', &(0x7f0000000400)=@ethtool_flash={0x33, 0x0, '.\x00'}})
chdir(&(0x7f0000000140)='./bus\x00')
r5 = getpid()
process_vm_readv(r5, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
r6 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
r7 = socket$inet_smc(0x2b, 0x1, 0x0)
r8 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(0xffffffffffffffff, &(0x7f0000000080)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10)
bind$tipc(r8, &(0x7f00000001c0)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0x10000000}}, 0x10)
bind$tipc(r8, 0x0, 0x0)
close_range(r7, 0xffffffffffffffff, 0x0)
ftruncate(r6, 0x2006e2)

469.845808ms ago: executing program 1 (id=1941):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d00000067"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
keyctl$set_reqkey_keyring(0xe, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r0}, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = getpid()
process_vm_readv(r1, &(0x7f0000000340)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0xe8}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00'})
setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xf, &(0x7f0000000080)=0xf3e, 0x62)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
r2 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), 0xffffffffffffffff)
sendmsg$NFC_CMD_DEV_UP(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x1c, r2, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8}]}, 0x1c}}, 0x0)
chdir(&(0x7f0000000280)='./file0\x00')
r3 = userfaultfd(0x1)
ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x488})
ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000000040)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})

319.682062ms ago: executing program 1 (id=1943):
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
r0 = getpid()
r1 = syz_pidfd_open(r0, 0x0)
setns(r1, 0x24020000)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x3, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x10, 0x803, 0x0)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r5)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xf, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r6}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000400)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000000)='kfree\x00', r7}, 0x10)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffff11feffffff000000", @ANYRES32=r8, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000005840)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000001240)=@newqdisc={0x78, 0x24, 0x5820a61ca228651, 0x0, 0x0, {0x0, 0x0, 0x0, r8, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c}}]}, 0x78}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000380)=@newtfilter={0x6c, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r8, {}, {}, {0xd}}, [@filter_kind_options=@f_basic={{0xa}, {0x3c, 0x2, [@TCA_BASIC_EMATCHES={0x38, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0xffff}}, @TCA_EMATCH_TREE_LIST={0x2c, 0x2, 0x0, 0x1, [@TCF_EM_NBYTE={0x10, 0x1}, @TCF_EM_META={0x18, 0x2, 0x0, 0x0, {{}, [@TCA_EM_META_HDR={0xc}]}}]}]}]}}]}, 0x6c}}, 0x0)
syz_clone(0x498144ee7f42e149, 0x0, 0x0, 0x0, 0x0, 0x0)

319.36388ms ago: executing program 3 (id=1944):
add_key$fscrypt_v1(&(0x7f0000004e00), &(0x7f0000004e40)={'fscrypt:', @desc3}, &(0x7f0000004e80)={0x0, "97f57c22181b67d5118416c2cf87c15cd6e56db481e3c7a9c68fb511a1e2242ace8fcaff85a1f8d4cb775806faf3a1897311d5b5fb539d38d63dab508e33e03c", 0x17}, 0x48, 0xfffffffffffffffc)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="2c0000000301010400000000000000000200000018fa0080140001800001"], 0x2c}}, 0x0)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000600)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(twofish)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10)
r2 = accept4(r1, 0x0, 0x0, 0x80000)
syz_genetlink_get_family_id$tipc(&(0x7f0000000280), r2)
sendmsg$can_raw(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=@canfd={{0x1, 0x0, 0x1, 0x1}, 0x3a, 0x2, 0x0, 0x0, "42c7e8130a75669a56ff2ccc7914a37676a0d0498d4383478dccf7d8583d17bc55e71800"}, 0x48}, 0x1, 0x0, 0x0, 0x61972e87988bb667}, 0x8000)
sendmmsg$alg(r2, &(0x7f0000000180)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000680)=[@op={0x10, 0x117, 0x3, 0x1}], 0x10, 0x1}], 0x1, 0x1)
sendmsg$TIPC_CMD_GET_BEARER_NAMES(r2, 0x0, 0x4)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_GET_BYINDEX(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)=ANY=[@ANYBLOB="240000000f06030000000000000000000a00010206000b00040000018000000000000000"], 0x24}, 0x1, 0x0, 0x0, 0x24000850}, 0x4)

319.055069ms ago: executing program 0 (id=1945):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05000000000000000000070000000900010073797a30000000003c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a30000000000800054000000021500000000c0a01010000000000000000070000000900020073797a31000000000900010073797a300000000024000380f2fe008008000340000000000b801000018000000100667764000000028000000340000000000000024000000000000003400000000000000340000000000000024000000000000002400000000000000140000000000000"], 0xd4}}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = syz_open_dev$MSR(&(0x7f0000000500), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_INTERFACE(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB='$\x00\x00', @ANYRES16=r3, @ANYBLOB="05000000000000e000000600000008000300", @ANYRES32=<r4=>0xffffffffffffffff, @ANYBLOB="080005000200"], 0x24}}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x3c}, 0x1, 0x0, 0x0, 0x24060951}, 0x0)
nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, 0x0)
socketpair(0x29, 0x2, 0x0, &(0x7f0000000a40))
r5 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x3e, &(0x7f0000000000)=0x20000084, 0x4)
sendto$inet6(r5, 0x0, 0x0, 0x200c8004, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @mcast2}, 0x1c)
sendto$inet6(r5, &(0x7f00000009c0)="c7cfcaaa22e10542fca5c0195350f15147657e0bfc59d383a47190db88690e6fedc3040ab5809ae02a54cd429cc3338c5afa0c9dce3f91950d1f567f358ac21154159130e88cbb6c43197813b2f23f3e442f80877490b393408142ebcfea6821f543e5ee9e27032e2b75d78f1b79f5a6bb6f0645e267770ef7e8f3a92148091217450ce8581e54223eeb6486205a209bf1fe854d211c03f8c3140fc3979d824082990d119473d20e94f253c9621fac339560ae46cb24b88bf2d01559bb658e343257b90f233b81bc5c398be3bbddb23a1e", 0xffd6, 0xc001, 0x0, 0xffffffffffffff0c)
sendmsg$inet6(r5, &(0x7f0000000500)={0x0, 0x0, 0x0}, 0x0)
setsockopt$inet6_int(r5, 0x29, 0x19, 0x0, 0x0)
r6 = socket$unix(0x1, 0x2, 0x0)
syz_80211_inject_frame(&(0x7f0000000280), &(0x7f0000000580)=ANY=[@ANYRES8=r5, @ANYRESDEC=r5, @ANYRES32=r6, @ANYRES64=r4, @ANYRES64=r0, @ANYRESHEX=r3], 0x28)
socket(0x21, 0x2, 0x2)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r8, 0xae60)
ioctl$KVM_CREATE_PIT2(r8, 0x4040ae77, &(0x7f0000000040)={0x7})
r9 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6}]})
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x0)
close_range(r9, 0xffffffffffffffff, 0x0)

240.824541ms ago: executing program 3 (id=1946):
r0 = socket(0x10, 0x3, 0x0)
r1 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x3, 0x502)
ioctl$SNDRV_CTL_IOCTL_TLV_WRITE(r1, 0xc008551b, 0x0) (async)
syz_open_dev$usbfs(&(0x7f00000003c0), 0xa, 0x480e02)
r2 = socket$pppl2tp(0x18, 0x1, 0x1)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r3, &(0x7f0000000300)={0xa, 0x0, 0x80000003, @loopback}, 0x1c)
connect$pppl2tp(r2, &(0x7f0000000240)=@pppol2tpin6={0x18, 0x1, {0x0, r3, 0x8, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @rand_addr=' \x01\x00'}}}, 0x32) (async)
syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[], 0x64}}, 0xc000) (async)
r5 = socket$xdp(0x2c, 0x3, 0x0) (async)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r6, &(0x7f0000000040)={0xa, 0x4e22}, 0x1c)
setsockopt$inet6_IPV6_XFRM_POLICY(r6, 0x29, 0x23, &(0x7f0000000640)={{{@in6=@private2={0xfc, 0x2, '\x00', 0xfd}, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x10}, {}, 0x0, 0x0, 0x0, 0x1, 0x2, 0x3}, {{@in=@loopback, 0x0, 0x6c}, 0x0, @in6=@ipv4={'\x00', '\xff\xff', @multicast2}}}, 0xe4) (async)
listen(r6, 0x0) (async)
syz_emit_ethernet(0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff0800450000280000000000069078000000000000000000004e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5010000090060002"], 0x0) (async)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f00000000c0)={'ip6_vti0\x00', &(0x7f0000000180)={'ip6_vti0\x00', <r7=>0x0, 0x29, 0x81, 0x7, 0xfff, 0x15, @ipv4={'\x00', '\xff\xff', @multicast2}, @mcast2, 0x8000, 0x7, 0x2, 0xf}})
sendmsg$xdp(r5, &(0x7f0000000600)={&(0x7f0000000200)={0x2c, 0x3, r7, 0x37}, 0x10, &(0x7f0000000580)=[{&(0x7f0000000240)}, {0x0}, {0x0}, {0x0}, {&(0x7f0000000540)="78e53c4defb5f0b7737c378fbba542385ca9991d54509ddea5fa7173279d475ccace7ec606f64a18c2024b9c16b99a", 0x2f}], 0x5, 0x0, 0x0, 0x10}, 0x801) (async)
r8 = getpid() (async)
r9 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYRESDEC=r1], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x18, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000002140)={&(0x7f0000000140)='itimer_expire\x00', r9}, 0x18) (async)
prctl$PR_SCHED_CORE(0x3e, 0x2, 0x0, 0x2, 0x0) (async)
process_vm_readv(r8, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x36}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000000340)=[{&(0x7f0000008480)=""/85, 0x55}], 0x1, 0x0) (async)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) (async)
r10 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_AUTH_KEY(r10, 0x84, 0x17, 0x0, 0xf)
r11 = syz_open_procfs(0x0, &(0x7f00000004c0)='net/wireless\x00')
ioctl$FIBMAP(r11, 0x1, &(0x7f0000000040)=0x7) (async)
setsockopt$inet6_IPV6_RTHDRDSTOPTS(r3, 0x29, 0x37, &(0x7f00000002c0)=ANY=[@ANYRES8], 0x8)

160.193641ms ago: executing program 3 (id=1947):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff})
openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
openat$uinput(0xffffffffffffff9c, 0x0, 0x802, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1a000000070000000b00", @ANYRES16=r2, @ANYBLOB, @ANYRES8=0x0], 0x50)
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r3, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(r3, &(0x7f0000000000), 0xd)

159.749418ms ago: executing program 3 (id=1948):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="24000000200001030000100000000000020000000000000000000000080006"], 0x24}}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="2c0000002000010300000000000000000200000000000000000000000500160062"], 0x2c}, 0x1, 0x0, 0x0, 0x4000000}, 0x4000850)
r3 = inotify_init1(0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
fcntl$getownex(r3, 0x10, &(0x7f0000000140)={0x0, <r4=>0x0})
r5 = syz_open_procfs(r4, &(0x7f0000000600)='fd/4\x00')
ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40305829, &(0x7f0000000240))
sendto$inet(r5, &(0x7f0000000000)="fa624cf3afeac15e5848c5a830e3b5eb3254f09e48276890d603bb2d7e0502c3bf5771ccf30e", 0x26, 0x8000, &(0x7f0000000080)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x2d}}, 0x10)
r6 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
r7 = signalfd4(0xffffffffffffffff, &(0x7f0000000140), 0x8, 0x0)
r8 = add_key$keyring(&(0x7f0000000280), &(0x7f00000002c0)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
socket$inet6_tcp(0xa, 0x1, 0x0)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r8, &(0x7f0000000140)='asymmetric\x00', &(0x7f0000000000)=@secondary)
keyctl$get_persistent(0x16, 0x0, r8)
r9 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
connect$bt_l2cap(r9, &(0x7f0000000040)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe)
recvmmsg(0xffffffffffffffff, &(0x7f0000005280)=[{{0x0, 0x0, &(0x7f0000005180)=[{&(0x7f0000003e00)=""/4096, 0x1000}], 0x1}}], 0x1, 0x0, 0x0)
sendmmsg$sock(r9, &(0x7f0000004100)=[{{0x0, 0x0, 0x0}}], 0xffffff80, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r10 = syz_io_uring_setup(0x34a8, &(0x7f0000000080)={0x0, 0x0, 0x10100, 0x0, 0x2000}, &(0x7f0000000100)=<r11=>0x0, &(0x7f0000000040)=<r12=>0x0)
syz_io_uring_submit(r11, r12, &(0x7f0000000440)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x0, 0x0, 0x800})
io_uring_enter(r10, 0xe0c, 0xc19d, 0x5, 0x0, 0x0)
close_range(r7, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000fe5000/0x2000)=nil})
r13 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$SNDCTL_SEQ_OUTOFBAND(r13, 0x40085112, &(0x7f0000000040)=@e={0xff, 0x3, 0x0, 0x0, @SEQ_NOTEON})

214.653µs ago: executing program 3 (id=1949):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETOBJ_RESET(r0, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000600)={&(0x7f00000003c0)=ANY=[@ANYBLOB="28000000150a010100"], 0x28}}, 0x0)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000000), 0x4)

0s ago: executing program 3 (id=1950):
r0 = io_uring_setup(0x253d, &(0x7f0000000280)={0x0, 0xe615, 0x800})
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
connect(r1, &(0x7f0000000300)=@rc={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x8}, 0x80)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_open_dev$tty1(0xc, 0x4, 0x1)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
epoll_create(0x0)
r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r2, 0xaf01, 0x0)
r3 = eventfd(0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffffff, @void, @value}, 0x90)
ioctl$VHOST_SET_VRING_BASE(r2, 0x4008af12, &(0x7f0000000080)={0x1, 0x7f})
ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f0000000540)={0x0, 0x0, 0x0, &(0x7f00000002c0)=""/138, 0x0})
ioctl$VHOST_SET_LOG_FD(r2, 0x4004af07, &(0x7f0000000740)=r3)
ioctl$VHOST_SET_VRING_KICK(r2, 0x4008af20, &(0x7f0000000040)={0x1, r3})
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74})
ioctl$VHOST_SET_MEM_TABLE(r2, 0x4008af03, &(0x7f0000000940)={0x1, 0x0, [{0x0, 0xe4, &(0x7f0000000580)=""/228}]})
ioctl$VHOST_VSOCK_SET_RUNNING(r2, 0x4004af61, &(0x7f0000000000)=0x20000)
sendmsg$netlink(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)}, 0x0)
open(0x0, 0x26063c, 0x48)
timer_settime(0x0, 0x0, 0x0, 0x0)
ptrace$getenv(0x4201, 0x0, 0x7, 0x0)

kernel console output (not intermixed with test programs):

9755][T10033]  ____sys_sendmsg+0x9ae/0xb40
[  228.101034][T10033]  ? __pfx_____sys_sendmsg+0x10/0x10
[  228.102433][T10033]  ? get_compat_msghdr+0x11b/0x170
[  228.103820][T10033]  ? __pfx___lock_acquire+0x10/0x10
[  228.105209][T10033]  ___sys_sendmsg+0x135/0x1e0
[  228.106465][T10033]  ? __pfx____sys_sendmsg+0x10/0x10
[  228.107862][T10033]  ? lock_acquire+0x2f/0xb0
[  228.109078][T10033]  ? __fget_files+0x40/0x3f0
[  228.110351][T10033]  ? fdget+0x176/0x210
[  228.111493][T10033]  __sys_sendmsg+0x117/0x1f0
[  228.112773][T10033]  ? __pfx___sys_sendmsg+0x10/0x10
[  228.114151][T10033]  ? __fget_files+0x244/0x3f0
[  228.115433][T10033]  __do_fast_syscall_32+0x73/0x120
[  228.116797][T10033]  do_fast_syscall_32+0x32/0x80
[  228.118093][T10033]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  228.119826][T10033] RIP: 0023:0xf7fe4579
[  228.120912][T10033] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  228.125986][T10033] RSP: 002b:00000000f576656c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  228.128216][T10033] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000000
[  228.130291][T10033] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  228.132390][T10033] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  228.134462][T10033] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  228.136573][T10033] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  228.138806][T10033]  </TASK>
[  228.491668][T10043] overlayfs: missing 'lowerdir'
[  230.127857][T10063] FAULT_INJECTION: forcing a failure.
[  230.127857][T10063] name failslab, interval 1, probability 0, space 0, times 0
[  230.131490][T10063] CPU: 1 UID: 0 PID: 10063 Comm: syz.0.1472 Not tainted 6.12.0-rc2-syzkaller #0
[  230.133863][T10063] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  230.136684][T10063] Call Trace:
[  230.137579][T10063]  <TASK>
[  230.138375][T10063]  dump_stack_lvl+0x16c/0x1f0
[  230.139654][T10063]  should_fail_ex+0x497/0x5b0
[  230.140923][T10063]  ? fs_reclaim_acquire+0xae/0x160
[  230.142290][T10063]  should_failslab+0xc2/0x120
[  230.143579][T10063]  __kmalloc_node_noprof+0xd1/0x440
[  230.145027][T10063]  ? __kvmalloc_node_noprof+0xad/0x1a0
[  230.146481][T10063]  __kvmalloc_node_noprof+0xad/0x1a0
[  230.147900][T10063]  seq_read_iter+0x82a/0x12b0
[  230.149167][T10063]  kernfs_fop_read_iter+0x414/0x580
[  230.150550][T10063]  copy_splice_read+0x620/0xb90
[  230.151861][T10063]  ? __pfx_copy_splice_read+0x10/0x10
[  230.153295][T10063]  ? __pfx_register_lock_class+0x10/0x10
[  230.154791][T10063]  ? __pfx_copy_splice_read+0x10/0x10
[  230.156225][T10063]  do_splice_read+0x282/0x370
[  230.157481][T10063]  splice_direct_to_actor+0x2a4/0xa40
[  230.158912][T10063]  ? __pfx_direct_splice_actor+0x10/0x10
[  230.160415][T10063]  ? __pfx_splice_direct_to_actor+0x10/0x10
[  230.161989][T10063]  ? __fget_files+0x23a/0x3f0
[  230.163261][T10063]  do_splice_direct+0x178/0x250
[  230.164562][T10063]  ? __pfx_do_splice_direct+0x10/0x10
[  230.165988][T10063]  ? __pfx_direct_file_splice_eof+0x10/0x10
[  230.167573][T10063]  ? bpf_lsm_file_permission+0x9/0x10
[  230.168998][T10063]  ? security_file_permission+0x71/0x210
[  230.170494][T10063]  do_sendfile+0xb0c/0xe40
[  230.171693][T10063]  ? __pfx_do_sendfile+0x10/0x10
[  230.173013][T10063]  ? __fget_files+0x244/0x3f0
[  230.174268][T10063]  __ia32_compat_sys_sendfile+0x1e7/0x230
[  230.175782][T10063]  ? ksys_write+0x1ad/0x260
[  230.176995][T10063]  ? __pfx___ia32_compat_sys_sendfile+0x10/0x10
[  230.178657][T10063]  __do_fast_syscall_32+0x73/0x120
[  230.180035][T10063]  do_fast_syscall_32+0x32/0x80
[  230.181343][T10063]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  230.182993][T10063] RIP: 0023:0xf73ee579
[  230.184044][T10063] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  230.189358][T10063] RSP: 002b:00000000f56d656c EFLAGS: 00000296 ORIG_RAX: 00000000000000bb
[  230.191531][T10063] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000004
[  230.193596][T10063] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000000
[  230.195677][T10063] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  230.197739][T10063] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  230.199820][T10063] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  230.201901][T10063]  </TASK>
[  230.717812][T10077] overlayfs: missing 'lowerdir'
[  231.839120][T10095] __nla_validate_parse: 17 callbacks suppressed
[  231.839132][T10095] netlink: 16126 bytes leftover after parsing attributes in process `syz.3.1483'.
[  231.844566][T10095] netlink: 183228 bytes leftover after parsing attributes in process `syz.3.1483'.
[  231.935995][ T5344] usb 6-1: new high-speed USB device number 19 using dummy_hcd
[  232.086038][ T5344] usb 6-1: Using ep0 maxpacket: 32
[  232.089175][ T5344] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  232.093839][ T5344] usb 6-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  232.096505][ T5344] usb 6-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  232.098959][ T5344] usb 6-1: Product: syz
[  232.100252][ T5344] usb 6-1: Manufacturer: syz
[  232.101743][ T5344] usb 6-1: SerialNumber: syz
[  232.107030][ T5344] usb 6-1: config 0 descriptor??
[  232.110363][T10092] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  232.113323][T10102] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1486'.
[  232.179500][T10103] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1486'.
[  232.460071][T10114] overlayfs: missing 'lowerdir'
[  232.585786][ T5344] usb 6-1: USB disconnect, device number 19
[  233.263072][T10124] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1490'.
[  233.265556][T10124] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1490'.
[  233.268071][T10124] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1490'.
[  233.270684][T10124] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1490'.
[  233.403877][T10130] netlink: 16126 bytes leftover after parsing attributes in process `syz.1.1492'.
[  233.406492][T10130] netlink: 183228 bytes leftover after parsing attributes in process `syz.1.1492'.
[  234.350726][T10139] overlayfs: missing 'lowerdir'
[  235.770558][T10188] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  235.817956][   T40] audit: type=1326 audit(1728326555.931:88): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10186 comm="syz.1.1510" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7fe4579 code=0x0
[  236.315204][T10199] netlink: 'syz.0.1513': attribute type 3 has an invalid length.
[  236.568063][ T1067] ata1.00: Read log 0x10 page 0x00 failed, Emask 0x1
[  236.569823][ T1067] ata1: failed to read log page 10h (errno=-5)
[  236.571435][ T1067] ata1.00: exception Emask 0x1 SAct 0x800 SErr 0x0 action 0x0
[  236.573352][ T1067] ata1.00: irq_stat 0x40000000
[  236.574600][ T1067] ata1.00: failed command: WRITE FPDMA QUEUED
[  236.576317][ T1067] ata1.00: cmd 61/08:58:e2:9d:08/00:00:00:00:00/40 tag 11 ncq dma 4096 out
[  236.576317][ T1067]          res 50/00:00:00:00:00/00:00:00:00:00/00 Emask 0x1 (device error)
[  236.580725][ T1067] ata1.00: status: { DRDY }
[  236.582567][ T1067] ata1.00: configured for UDMA/100
[  236.584135][ T1067] ata1: EH complete
[  236.746533][ T1067] ata1.00: Read log 0x10 page 0x00 failed, Emask 0x1
[  236.748311][ T1067] ata1: failed to read log page 10h (errno=-5)
[  236.749919][ T1067] ata1.00: exception Emask 0x1 SAct 0x100 SErr 0x0 action 0x0
[  236.751856][ T1067] ata1.00: irq_stat 0x40000000
[  236.753326][ T1067] ata1.00: failed command: WRITE FPDMA QUEUED
[  236.754963][ T1067] ata1.00: cmd 61/10:40:92:a1:08/00:00:00:00:00/40 tag 8 ncq dma 8192 out
[  236.754963][ T1067]          res 50/04:00:00:00:00/00:00:00:00:00/00 Emask 0x1 (device error)
[  236.759995][ T1067] ata1.00: status: { DRDY }
[  236.761209][ T1067] ata1.00: error: { ABRT }
[  236.762963][ T1067] ata1.00: configured for UDMA/100
[  236.764508][ T1067] ata1: EH complete
[  237.408303][ T1067] ata1.00: Read log 0x10 page 0x00 failed, Emask 0x1
[  237.410074][ T1067] ata1: failed to read log page 10h (errno=-5)
[  237.411683][ T1067] ata1.00: exception Emask 0x1 SAct 0x2000000 SErr 0x0 action 0x0
[  237.413697][ T1067] ata1.00: irq_stat 0x40000000
[  237.414967][ T1067] ata1.00: failed command: WRITE FPDMA QUEUED
[  237.417745][ T1067] ata1.00: cmd 61/38:c8:1a:0b:10/00:00:00:00:00/40 tag 25 ncq dma 28672 out
[  237.417745][ T1067]          res 50/04:00:00:00:00/00:00:00:00:00/00 Emask 0x1 (device error)
[  237.422209][ T1067] ata1.00: status: { DRDY }
[  237.423416][ T1067] ata1.00: error: { ABRT }
[  237.425123][ T1067] ata1.00: configured for UDMA/100
[  237.427339][ T1067] ata1: EH complete
[  237.596509][ T1067] ata1.00: Read log 0x10 page 0x00 failed, Emask 0x1
[  237.598291][ T1067] ata1: failed to read log page 10h (errno=-5)
[  237.599914][ T1067] ata1.00: NCQ disabled due to excessive errors
[  237.601549][ T1067] ata1.00: exception Emask 0x1 SAct 0x40000 SErr 0x0 action 0x0
[  237.603557][ T1067] ata1.00: irq_stat 0x40000000
[  237.604833][ T1067] ata1.00: failed command: WRITE FPDMA QUEUED
[  237.606509][ T1067] ata1.00: cmd 61/08:90:12:9e:08/00:00:00:00:00/40 tag 18 ncq dma 4096 out
[  237.606509][ T1067]          res 50/04:00:00:00:00/00:00:00:00:00/00 Emask 0x1 (device error)
[  237.610939][ T1067] ata1.00: status: { DRDY }
[  237.612159][ T1067] ata1.00: error: { ABRT }
[  237.613874][ T1067] ata1.00: configured for UDMA/100
[  237.615429][ T1067] ata1: EH complete
[  238.686627][T10218] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  238.795098][T10224] __nla_validate_parse: 13 callbacks suppressed
[  238.795154][T10224] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1519'.
[  238.806062][T10224] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1519'.
[  238.808534][T10224] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1519'.
[  238.810922][T10224] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1519'.
[  238.909211][T10226] netlink: 16126 bytes leftover after parsing attributes in process `syz.0.1520'.
[  238.911901][T10226] netlink: 183228 bytes leftover after parsing attributes in process `syz.0.1520'.
[  238.945982][  T978] usb 8-1: new high-speed USB device number 10 using dummy_hcd
[  239.106528][  T978] usb 8-1: Using ep0 maxpacket: 8
[  239.115300][  T978] usb 8-1: config 246 has too many interfaces: 42, using maximum allowed: 32
[  239.120776][  T978] usb 8-1: config 246 descriptor has 1 excess byte, ignoring
[  239.123001][  T978] usb 8-1: config 246 has 1 interface, different from the descriptor's value: 42
[  239.125493][  T978] usb 8-1: config 246 interface 0 altsetting 0 has an endpoint descriptor with address 0x3F, changing to 0xF
[  239.129528][  T978] usb 8-1: config 246 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 255, changing to 11
[  239.132659][  T978] usb 8-1: config 246 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7
[  239.135785][  T978] usb 8-1: config 246 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  239.145477][  T978] usb 8-1: config 246 has too many interfaces: 42, using maximum allowed: 32
[  239.148349][  T978] usb 8-1: config 246 descriptor has 1 excess byte, ignoring
[  239.150350][  T978] usb 8-1: config 246 has 1 interface, different from the descriptor's value: 42
[  239.152654][T10235] netlink: 68 bytes leftover after parsing attributes in process `syz.0.1524'.
[  239.152785][  T978] usb 8-1: config 246 interface 0 altsetting 0 has an endpoint descriptor with address 0x3F, changing to 0xF
[  239.160926][  T978] usb 8-1: config 246 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 255, changing to 11
[  239.166141][  T978] usb 8-1: config 246 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7
[  239.172294][  T978] usb 8-1: config 246 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  239.176856][  T978] usb 8-1: config 246 has too many interfaces: 42, using maximum allowed: 32
[  239.179323][  T978] usb 8-1: config 246 descriptor has 1 excess byte, ignoring
[  239.182348][  T978] usb 8-1: config 246 has 1 interface, different from the descriptor's value: 42
[  239.184846][  T978] usb 8-1: config 246 interface 0 altsetting 0 has an endpoint descriptor with address 0x3F, changing to 0xF
[  239.187950][  T978] usb 8-1: config 246 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 255, changing to 11
[  239.190944][  T978] usb 8-1: config 246 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7
[  239.193742][  T978] usb 8-1: config 246 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  239.200207][  T978] usb 8-1: string descriptor 0 read error: -22
[  239.201906][  T978] usb 8-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  239.204398][  T978] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  239.213514][  T978] adutux 8-1:246.0: ADU100  now attached to /dev/usb/adutux0
[  239.583945][T10238] random: crng reseeded on system resumption
[  239.660028][  T978] usb 8-1: USB disconnect, device number 10
[  239.891505][T10241] Process accounting resumed
[  240.815365][T10249] overlayfs: missing 'lowerdir'
[  241.067207][T10265] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1533'.
[  241.070238][T10265] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1533'.
[  241.072670][T10265] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1533'.
[  241.336038][ T5344] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  241.486027][ T5344] usb 5-1: Using ep0 maxpacket: 8
[  241.488704][ T5344] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  241.491498][ T5344] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  241.494103][ T5344] usb 5-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  241.497513][ T5344] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  241.500528][ T5344] usb 5-1: config 0 descriptor??
[  241.710302][ T5354] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci1/hci1:201'
[  241.713616][ T5354] CPU: 0 UID: 0 PID: 5354 Comm: kworker/u33:8 Not tainted 6.12.0-rc2-syzkaller #0
[  241.716037][ T5354] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  241.719449][ T5354] Workqueue: hci1 hci_rx_work
[  241.720647][ T5354] Call Trace:
[  241.721577][ T5354]  <TASK>
[  241.722385][ T5354]  dump_stack_lvl+0x16c/0x1f0
[  241.723631][ T5354]  sysfs_warn_dup+0x7f/0xa0
[  241.724865][ T5354]  sysfs_create_dir_ns+0x24d/0x2b0
[  241.726224][ T5354]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  241.727713][ T5354]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  241.729129][ T5354]  ? kobject_add_internal+0x12d/0x990
[  241.730546][ T5354]  ? do_raw_spin_unlock+0x172/0x230
[  241.731939][ T5354]  kobject_add_internal+0x2c8/0x990
[  241.733334][ T5354]  kobject_add+0x16f/0x240
[  241.734528][ T5354]  ? __pfx_kobject_add+0x10/0x10
[  241.735917][ T5354]  ? class_to_subsys+0x3e/0x160
[  241.737523][ T5354]  ? do_raw_spin_unlock+0x172/0x230
[  241.739157][ T5354]  ? kobject_put+0xab/0x5a0
[  241.740328][ T5354]  device_add+0x289/0x1a70
[  241.741477][ T5354]  ? __pfx_dev_set_name+0x10/0x10
[  241.743041][ T5354]  ? __pfx_device_add+0x10/0x10
[  241.744700][ T5354]  ? mgmt_send_event_skb+0x2f2/0x460
[  241.746513][ T5354]  hci_conn_add_sysfs+0x17e/0x230
[  241.748227][ T5354]  le_conn_complete_evt+0xfc7/0x1cf0
[  241.750027][ T5354]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  241.751953][ T5354]  ? trace_contention_end+0xea/0x140
[  241.753756][ T5354]  ? __mutex_lock+0x1a6/0x9c0
[  241.755375][ T5354]  hci_le_enh_conn_complete_evt+0x23d/0x380
[  241.757227][ T5354]  ? skb_pull_data+0x166/0x210
[  241.758649][ T5354]  hci_le_meta_evt+0x2e2/0x5d0
[  241.759936][ T5354]  ? __pfx_hci_le_enh_conn_complete_evt+0x10/0x10
[  241.761620][ T5354]  hci_event_packet+0x666/0x1190
[  241.762969][ T5354]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  241.764381][ T5354]  ? __pfx_hci_event_packet+0x10/0x10
[  241.765781][ T5354]  ? mark_held_locks+0x9f/0xe0
[  241.767063][ T5354]  ? kcov_remote_start+0x3cf/0x6e0
[  241.768417][ T5354]  ? lockdep_hardirqs_on+0x7c/0x110
[  241.769793][ T5354]  hci_rx_work+0x2c6/0x16c0
[  241.771010][ T5354]  ? lock_acquire+0x2f/0xb0
[  241.772216][ T5354]  ? process_one_work+0x8bb/0x1b30
[  241.773578][ T5354]  process_one_work+0x958/0x1b30
[  241.774964][ T5354]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  241.776463][ T5354]  ? __pfx_process_one_work+0x10/0x10
[  241.777902][ T5354]  ? assign_work+0x1a0/0x250
[  241.779126][ T5354]  worker_thread+0x6c8/0xf00
[  241.780270][ T5354]  ? __kthread_parkme+0x148/0x220
[  241.781578][ T5354]  ? __pfx_worker_thread+0x10/0x10
[  241.782951][ T5354]  kthread+0x2c1/0x3a0
[  241.784124][ T5354]  ? _raw_spin_unlock_irq+0x23/0x50
[  241.785558][ T5354]  ? __pfx_kthread+0x10/0x10
[  241.786816][ T5354]  ret_from_fork+0x45/0x80
[  241.788024][ T5354]  ? __pfx_kthread+0x10/0x10
[  241.789267][ T5354]  ret_from_fork_asm+0x1a/0x30
[  241.790564][ T5354]  </TASK>
[  241.791753][ T5354] kobject: kobject_add_internal failed for hci1:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  241.795397][ T5354] Bluetooth: hci1: failed to register connection device
[  241.803517][ T5344] iowarrior 5-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[  241.826759][T10275] fuseblk: Unknown parameter 'Md'
[  241.850178][T10279] netlink: 'syz.1.1538': attribute type 13 has an invalid length.
[  241.907394][T10267] iowarrior 5-1:0.0: Error -90 while submitting URB
[  241.916055][ T5344] usb 5-1: USB disconnect, device number 10
[  241.923206][ T5344] iowarrior 5-1:0.0: I/O-Warror #0 now disconnected
[  241.985534][T10284] trusted_key: syz.1.1539 sent an empty control message without MSG_MORE.
[  243.401379][T10290] overlayfs: missing 'lowerdir'
[  243.575319][T10300] lo speed is unknown, defaulting to 1000
[  243.616651][   T40] audit: type=1326 audit(1728326563.731:89): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10299 comm="syz.2.1545" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f58579 code=0x0
[  243.794558][T10315] FAULT_INJECTION: forcing a failure.
[  243.794558][T10315] name failslab, interval 1, probability 0, space 0, times 0
[  243.802095][T10315] CPU: 1 UID: 0 PID: 10315 Comm: syz.2.1550 Not tainted 6.12.0-rc2-syzkaller #0
[  243.804478][T10315] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  243.807337][T10315] Call Trace:
[  243.808309][T10315]  <TASK>
[  243.809177][T10315]  dump_stack_lvl+0x16c/0x1f0
[  243.810538][T10315]  should_fail_ex+0x497/0x5b0
[  243.811906][T10315]  ? fs_reclaim_acquire+0xae/0x160
[  243.813411][T10315]  should_failslab+0xc2/0x120
[  243.814796][T10315]  __kmalloc_noprof+0xcb/0x410
[  243.816164][T10315]  io_alloc_hash_table+0x2d/0xc0
[  243.817616][T10315]  io_uring_setup+0x320/0x3750
[  243.819005][T10315]  ? __pfx_io_uring_setup+0x10/0x10
[  243.820632][T10315]  ? __fget_files+0x244/0x3f0
[  243.822131][T10315]  ? ksys_write+0x1ad/0x260
[  243.823473][T10315]  ? __pfx_ksys_write+0x10/0x10
[  243.824865][T10315]  __ia32_sys_io_uring_setup+0x97/0x140
[  243.826481][T10315]  __do_fast_syscall_32+0x73/0x120
[  243.827896][T10315]  do_fast_syscall_32+0x32/0x80
[  243.829171][T10315]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  243.830814][T10315] RIP: 0023:0xf7f58579
[  243.831888][T10315] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  243.836852][T10315] RSP: 002b:00000000f56d651c EFLAGS: 00000206 ORIG_RAX: 00000000000001a9
[  243.838997][T10315] RAX: ffffffffffffffda RBX: 0000000000000237 RCX: 0000000020000080
[  243.841032][T10315] RDX: 00000000f722d2f4 RSI: 0000000000000001 RDI: 00000000f56d657c
[  243.843084][T10315] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  243.845061][T10315] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  243.847111][T10315] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  243.849157][T10315]  </TASK>
[  243.850079][    C1] vkms_vblank_simulate: vblank timer overrun
[  243.856063][   T64] Bluetooth: hci1: command 0x040f tx timeout
[  244.032028][T10323] __nla_validate_parse: 8 callbacks suppressed
[  244.032040][T10323] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1553'.
[  244.034352][T10324] netlink: 16126 bytes leftover after parsing attributes in process `syz.3.1552'.
[  244.038401][T10324] netlink: 183228 bytes leftover after parsing attributes in process `syz.3.1552'.
[  244.212936][T10330] netlink: 16126 bytes leftover after parsing attributes in process `syz.0.1555'.
[  244.215562][T10330] netlink: 183228 bytes leftover after parsing attributes in process `syz.0.1555'.
[  244.302986][T10331] overlayfs: missing 'lowerdir'
[  244.763495][T10335] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1557'.
[  244.820439][T10338] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1557'.
[  245.330361][T10352] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1563'.
[  245.392001][T10355] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1563'.
[  245.461579][T10360] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1564'.
[  246.257307][T10371] random: crng reseeded on system resumption
[  247.045637][T10368] overlayfs: missing 'lowerdir'
[  247.270522][T10373] Process accounting resumed
[  247.552358][T10401] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  247.577377][   T40] audit: type=1326 audit(1728326567.691:90): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10396 comm="syz.0.1577" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf73ee579 code=0x0
[  249.167172][T10417] overlayfs: missing 'lowerdir'
[  249.179213][T10419] nbd: nbd2 already in use
[  249.264304][   T64] Bluetooth: hci1: unexpected event for opcode 0x0c46
[  249.298143][T10425] __nla_validate_parse: 15 callbacks suppressed
[  249.298156][T10425] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1584'.
[  249.362045][T10434] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1585'.
[  249.477337][T10441] netlink: 16126 bytes leftover after parsing attributes in process `syz.1.1586'.
[  249.479786][T10441] netlink: 183228 bytes leftover after parsing attributes in process `syz.1.1586'.
[  249.538535][T10445] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1588'.
[  249.699151][T10453] autofs: Bad value for 'fd'
[  249.824113][T10460] FAULT_INJECTION: forcing a failure.
[  249.824113][T10460] name failslab, interval 1, probability 0, space 0, times 0
[  249.833793][T10460] CPU: 1 UID: 0 PID: 10460 Comm: syz.0.1595 Not tainted 6.12.0-rc2-syzkaller #0
[  249.836316][T10460] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  249.839161][T10460] Call Trace:
[  249.840078][T10460]  <TASK>
[  249.840896][T10460]  dump_stack_lvl+0x16c/0x1f0
[  249.842249][T10460]  should_fail_ex+0x497/0x5b0
[  249.843531][T10460]  ? fs_reclaim_acquire+0xae/0x160
[  249.844951][T10460]  should_failslab+0xc2/0x120
[  249.846262][T10460]  kmem_cache_alloc_noprof+0x6e/0x2f0
[  249.847671][T10460]  ? create_new_namespaces+0x30/0xad0
[  249.849114][T10460]  create_new_namespaces+0x30/0xad0
[  249.850425][T10460]  ? bpf_lsm_capable+0x9/0x10
[  249.851689][T10460]  ? security_capable+0x7e/0x260
[  249.853013][T10460]  unshare_nsproxy_namespaces+0xc0/0x1f0
[  249.854533][T10460]  ksys_unshare+0x45d/0xa40
[  249.855734][T10460]  ? __pfx_ksys_unshare+0x10/0x10
[  249.857079][T10460]  ? ksys_write+0x1ad/0x260
[  249.858309][T10460]  __ia32_sys_unshare+0x30/0x40
[  249.859545][T10460]  __do_fast_syscall_32+0x73/0x120
[  249.860874][T10460]  do_fast_syscall_32+0x32/0x80
[  249.862256][T10460]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  249.863950][T10460] RIP: 0023:0xf73ee579
[  249.865096][T10460] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  249.870306][T10460] RSP: 002b:00000000f56d656c EFLAGS: 00000296 ORIG_RAX: 0000000000000136
[  249.872464][T10460] RAX: ffffffffffffffda RBX: 0000000020000400 RCX: 0000000000000000
[  249.874527][T10460] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  249.876507][T10460] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  249.878575][T10460] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  249.880667][T10460] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  249.882667][T10460]  </TASK>
[  249.967635][T10463] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1596'.
[  249.983521][T10465] netlink: 16126 bytes leftover after parsing attributes in process `syz.0.1597'.
[  249.986060][T10465] netlink: 183228 bytes leftover after parsing attributes in process `syz.0.1597'.
[  250.028897][T10468] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1596'.
[  250.069220][T10470] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1598'.
[  250.385391][T10478] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  250.410547][   T40] audit: type=1326 audit(1728326570.521:91): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10475 comm="syz.1.1601" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7fe4579 code=0x0
[  250.891446][T10486] raw_sendmsg: syz.0.1603 forgot to set AF_INET. Fix it!
[  251.400264][T10499] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  251.478053][   T40] audit: type=1326 audit(1728326571.591:92): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10497 comm="syz.0.1605" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf73ee579 code=0x0
[  251.730234][   T64] Bluetooth: hci1: unexpected event for opcode 0x080d
[  253.126007][T10556] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  253.422667][T10546] overlayfs: missing 'lowerdir'
[  254.387608][T10583] FAULT_INJECTION: forcing a failure.
[  254.387608][T10583] name failslab, interval 1, probability 0, space 0, times 0
[  254.391558][T10583] CPU: 1 UID: 0 PID: 10583 Comm: syz.0.1638 Not tainted 6.12.0-rc2-syzkaller #0
[  254.393937][T10583] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  254.396919][T10583] Call Trace:
[  254.397936][T10583]  <TASK>
[  254.398777][T10583]  dump_stack_lvl+0x16c/0x1f0
[  254.400213][T10583]  should_fail_ex+0x497/0x5b0
[  254.401632][T10583]  ? fs_reclaim_acquire+0xae/0x160
[  254.403146][T10583]  should_failslab+0xc2/0x120
[  254.404460][T10583]  __kmalloc_node_noprof+0xd1/0x440
[  254.405940][T10583]  ? __kvmalloc_node_noprof+0xad/0x1a0
[  254.407543][T10583]  __kvmalloc_node_noprof+0xad/0x1a0
[  254.409075][T10583]  xt_alloc_table_info+0x3e/0xa0
[  254.410595][T10583]  translate_compat_table+0xc06/0x18e0
[  254.412209][T10583]  ? __pfx_translate_compat_table+0x10/0x10
[  254.413930][T10583]  ? __might_fault+0x13b/0x190
[  254.415340][T10583]  ? __pfx_lock_release+0x10/0x10
[  254.416833][T10583]  compat_do_replace+0x35d/0x500
[  254.418345][T10583]  ? __pfx_compat_do_replace+0x10/0x10
[  254.419783][T10583]  ? aa_get_newest_label+0x376/0x680
[  254.421161][T10583]  ? sockopt_release_sock+0x52/0x60
[  254.422578][T10583]  ? __pfx_aa_get_newest_label+0x10/0x10
[  254.424072][T10583]  ? bpf_lsm_capable+0x9/0x10
[  254.425311][T10583]  ? security_capable+0x7e/0x260
[  254.426613][T10583]  do_ip6t_set_ctl+0x686/0xc20
[  254.427888][T10583]  ? trace_contention_end+0xea/0x140
[  254.429278][T10583]  ? __mutex_lock+0x1a6/0x9c0
[  254.430521][T10583]  ? __pfx_do_ip6t_set_ctl+0x10/0x10
[  254.431916][T10583]  ? __pfx___mutex_lock+0x10/0x10
[  254.433242][T10583]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  254.434823][T10583]  ? hlock_class+0x4e/0x130
[  254.436021][T10583]  ? nf_sockopt_find.constprop.0+0x221/0x290
[  254.437591][T10583]  nf_setsockopt+0x8a/0xf0
[  254.438774][T10583]  ipv6_setsockopt+0x135/0x170
[  254.440052][T10583]  rawv6_setsockopt+0xdc/0x700
[  254.441315][T10583]  ? __pfx_rawv6_setsockopt+0x10/0x10
[  254.442734][T10583]  ? sock_common_setsockopt+0x2e/0xf0
[  254.444153][T10583]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  254.445750][T10583]  do_sock_setsockopt+0x222/0x480
[  254.447236][T10583]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  254.448854][T10583]  ? fdget+0x176/0x210
[  254.450087][T10583]  __sys_setsockopt+0x1a4/0x270
[  254.451556][T10583]  ? __pfx___sys_setsockopt+0x10/0x10
[  254.453132][T10583]  ? fput+0x30/0x390
[  254.454331][T10583]  ? ksys_write+0x1ad/0x260
[  254.455642][T10583]  ? __pfx_ksys_write+0x10/0x10
[  254.456876][T10583]  __ia32_sys_setsockopt+0xbc/0x160
[  254.458184][T10583]  ? lockdep_hardirqs_on+0x7c/0x110
[  254.459560][T10583]  ? syscall_enter_from_user_mode_prepare+0x68/0xe0
[  254.461526][T10583]  __do_fast_syscall_32+0x73/0x120
[  254.463034][T10583]  do_fast_syscall_32+0x32/0x80
[  254.464408][T10583]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  254.466116][T10583] RIP: 0023:0xf73ee579
[  254.467326][T10583] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  254.472918][T10583] RSP: 002b:00000000f56d656c EFLAGS: 00000296 ORIG_RAX: 000000000000016e
[  254.475364][T10583] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000029
[  254.477625][T10583] RDX: 0000000000000040 RSI: 0000000020002c40 RDI: 0000000000000544
[  254.479958][T10583] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  254.482257][T10583] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  254.484342][T10583] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  254.486411][T10583]  </TASK>
[  254.517539][   T40] audit: type=1326 audit(1728326574.631:93): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10587 comm="syz.1.1631" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe4579 code=0x7ffc0000
[  254.523206][   T40] audit: type=1326 audit(1728326574.631:94): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10587 comm="syz.1.1631" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe4579 code=0x7ffc0000
[  254.529024][   T40] audit: type=1326 audit(1728326574.631:95): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10587 comm="syz.1.1631" exe="/syz-executor" sig=0 arch=40000003 syscall=39 compat=1 ip=0xf7fe4579 code=0x7ffc0000
[  254.534553][   T40] audit: type=1326 audit(1728326574.631:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10587 comm="syz.1.1631" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe4579 code=0x7ffc0000
[  254.553226][   T40] audit: type=1326 audit(1728326574.631:97): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10587 comm="syz.1.1631" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe4579 code=0x7ffc0000
[  254.558162][T10588] net veth1_virt_wifi virt_wifi0: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  254.559292][   T40] audit: type=1326 audit(1728326574.631:98): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10587 comm="syz.1.1631" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7fe4579 code=0x7ffc0000
[  254.567403][   T40] audit: type=1326 audit(1728326574.631:99): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10587 comm="syz.1.1631" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe4579 code=0x7ffc0000
[  254.573094][   T40] audit: type=1326 audit(1728326574.631:100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10587 comm="syz.1.1631" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7fe4579 code=0x7ffc0000
[  254.627552][T10586] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  255.017175][ T1375] ieee802154 phy0 wpan0: encryption failed: -22
[  255.017204][ T1375] ieee802154 phy1 wpan1: encryption failed: -22
[  255.560445][T10598] overlayfs: missing 'lowerdir'
[  255.707752][   T56] libceph: connect (1)[c::]:6789 error -101
[  255.709758][   T56] libceph: mon0 (1)[c::]:6789 connect error
[  255.725029][T10603] ceph: No mds server is up or the cluster is laggy
[  255.731784][   T56] libceph: connect (1)[c::]:6789 error -101
[  255.733486][   T56] libceph: mon0 (1)[c::]:6789 connect error
[  255.736902][   T40] kauditd_printk_skb: 28 callbacks suppressed
[  255.736912][   T40] audit: type=1326 audit(1728326575.851:129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10602 comm="syz.2.1636" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f58579 code=0x7ffc0000
[  255.737588][   T64] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0
[  255.738538][   T40] audit: type=1326 audit(1728326575.851:130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10602 comm="syz.2.1636" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f58579 code=0x7ffc0000
[  255.744400][   T64] Bluetooth: hci1: Injecting HCI hardware error event
[  255.746550][   T40] audit: type=1326 audit(1728326575.851:131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10602 comm="syz.2.1636" exe="/syz-executor" sig=0 arch=40000003 syscall=425 compat=1 ip=0xf7f58579 code=0x7ffc0000
[  255.754091][   T64] Bluetooth: hci1: hardware error 0x00
[  255.759615][   T40] audit: type=1326 audit(1728326575.851:132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10602 comm="syz.2.1636" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f58579 code=0x7ffc0000
[  255.767122][   T40] audit: type=1326 audit(1728326575.851:133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10602 comm="syz.2.1636" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f58579 code=0x7ffc0000
[  255.772639][   T40] audit: type=1326 audit(1728326575.851:134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10602 comm="syz.2.1636" exe="/syz-executor" sig=0 arch=40000003 syscall=94 compat=1 ip=0xf7f58579 code=0x7ffc0000
[  255.778794][   T40] audit: type=1326 audit(1728326575.851:135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10602 comm="syz.2.1636" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f58579 code=0x7ffc0000
[  255.784210][   T40] audit: type=1326 audit(1728326575.851:136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10602 comm="syz.2.1636" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f58579 code=0x7ffc0000
[  255.789935][   T40] audit: type=1326 audit(1728326575.851:137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10602 comm="syz.2.1636" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7f58579 code=0x7ffc0000
[  255.795474][   T40] audit: type=1326 audit(1728326575.851:138): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10602 comm="syz.2.1636" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f58579 code=0x7ffc0000
[  255.870172][T10615] __nla_validate_parse: 11 callbacks suppressed
[  255.870224][T10615] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1640'.
[  255.950625][T10625] netlink: 16126 bytes leftover after parsing attributes in process `syz.1.1642'.
[  255.953118][T10625] netlink: 183228 bytes leftover after parsing attributes in process `syz.1.1642'.
[  256.004960][T10624] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  256.078124][T10629] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1645'.
[  256.146326][T10633] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1645'.
[  256.223546][T10638] xt_CT: You must specify a L4 protocol and not use inversions on it
[  256.507227][T10643] overlayfs: missing 'lowerdir'
[  256.980835][T10646] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  257.093113][T10655] xt_policy: neither incoming nor outgoing policy selected
[  257.252893][T10661] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1653'.
[  257.257939][T10661] syzkaller0: entered allmulticast mode
[  257.409096][T10658] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  257.422062][T10666] netlink: 'syz.0.1655': attribute type 2 has an invalid length.
[  257.488047][T10668] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1656'.
[  257.550970][T10669] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1656'.
[  257.816134][   T64] Bluetooth: hci1: Opcode 0x0c03 failed: -110
[  257.996651][T10673] netlink: 16126 bytes leftover after parsing attributes in process `syz.3.1657'.
[  257.999096][T10673] netlink: 183228 bytes leftover after parsing attributes in process `syz.3.1657'.
[  258.248102][T10684] binder: 10683:10684 ioctl c0306201 0 returned -14
[  258.250097][T10684] binder: BC_ACQUIRE_RESULT not supported
[  258.251687][T10684] binder: 10683:10684 ioctl c0306201 200001c0 returned -22
[  258.472067][T10696] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  259.277282][T10707] netlink: 'syz.3.1666': attribute type 6 has an invalid length.
[  259.811415][T10712] FAULT_INJECTION: forcing a failure.
[  259.811415][T10712] name failslab, interval 1, probability 0, space 0, times 0
[  259.823696][T10712] CPU: 1 UID: 0 PID: 10712 Comm: syz.2.1667 Not tainted 6.12.0-rc2-syzkaller #0
[  259.826074][T10712] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  259.828862][T10712] Call Trace:
[  259.829747][T10712]  <TASK>
[  259.830533][T10712]  dump_stack_lvl+0x16c/0x1f0
[  259.831790][T10712]  should_fail_ex+0x497/0x5b0
[  259.833047][T10712]  ? fs_reclaim_acquire+0xae/0x160
[  259.834400][T10712]  should_failslab+0xc2/0x120
[  259.835648][T10712]  __kmalloc_noprof+0xcb/0x410
[  259.836942][T10712]  io_rsrc_data_alloc+0xe1/0x460
[  259.838258][T10712]  io_sqe_buffers_register+0x129/0xa60
[  259.839698][T10712]  ? __might_fault+0x13b/0x190
[  259.840964][T10712]  ? __pfx_lock_release+0x10/0x10
[  259.842296][T10712]  ? trace_lock_acquire+0x14a/0x1d0
[  259.843688][T10712]  ? __pfx_io_sqe_buffers_register+0x10/0x10
[  259.845261][T10712]  ? lock_acquire+0x2f/0xb0
[  259.846470][T10712]  ? __might_fault+0xe3/0x190
[  259.847722][T10712]  ? __might_fault+0xe3/0x190
[  259.848965][T10712]  io_register_rsrc+0x1bf/0x230
[  259.850248][T10712]  ? __pfx_io_register_rsrc+0x10/0x10
[  259.851674][T10712]  ? __mutex_lock+0x1a6/0x9c0
[  259.852919][T10712]  ? __fget_files+0x23a/0x3f0
[  259.854165][T10712]  __io_uring_register+0x8f0/0x1f00
[  259.855545][T10712]  ? __pfx___mutex_lock+0x10/0x10
[  259.856884][T10712]  ? __pfx___io_uring_register+0x10/0x10
[  259.858359][T10712]  ? __fget_files+0x244/0x3f0
[  259.859616][T10712]  __ia32_sys_io_uring_register+0x157/0x270
[  259.861172][T10712]  __do_fast_syscall_32+0x73/0x120
[  259.862537][T10712]  do_fast_syscall_32+0x32/0x80
[  259.863845][T10712]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  259.865515][T10712] RIP: 0023:0xf7f58579
[  259.866603][T10712] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  259.871609][T10712] RSP: 002b:00000000f56d656c EFLAGS: 00000296 ORIG_RAX: 00000000000001ab
[  259.873782][T10712] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000000000f
[  259.875851][T10712] RDX: 0000000020000540 RSI: 0000000000000020 RDI: 0000000000000000
[  259.877908][T10712] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  259.879974][T10712] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  259.882035][T10712] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  259.884113][T10712]  </TASK>
[  260.656014][T10738] FAULT_INJECTION: forcing a failure.
[  260.656014][T10738] name failslab, interval 1, probability 0, space 0, times 0
[  260.659437][T10738] CPU: 1 UID: 0 PID: 10738 Comm: syz.1.1676 Not tainted 6.12.0-rc2-syzkaller #0
[  260.661806][T10738] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  260.664633][T10738] Call Trace:
[  260.665523][T10738]  <TASK>
[  260.666317][T10738]  dump_stack_lvl+0x16c/0x1f0
[  260.667740][T10738]  should_fail_ex+0x497/0x5b0
[  260.668977][T10738]  ? fs_reclaim_acquire+0xae/0x160
[  260.670329][T10738]  should_failslab+0xc2/0x120
[  260.671590][T10738]  __kmalloc_noprof+0xcb/0x410
[  260.672835][T10738]  ? __pfx_lock_release+0x10/0x10
[  260.674114][T10738]  fuse_do_ioctl+0x2fb/0x15f0
[  260.675373][T10738]  ? __pfx_fuse_do_ioctl+0x10/0x10
[  260.676725][T10738]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  260.678294][T10738]  fuse_ioctl_common+0x123/0x190
[  260.679654][T10738]  fuse_dir_compat_ioctl+0x122/0x180
[  260.681046][T10738]  ? __pfx_fuse_dir_compat_ioctl+0x10/0x10
[  260.682589][T10738]  __do_compat_sys_ioctl+0x259/0x2b0
[  260.683989][T10738]  __do_fast_syscall_32+0x73/0x120
[  260.685347][T10738]  do_fast_syscall_32+0x32/0x80
[  260.686712][T10738]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  260.688385][T10738] RIP: 0023:0xf7fe4579
[  260.689464][T10738] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  260.694486][T10738] RSP: 002b:00000000f576656c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  260.696674][T10738] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000c4089434
[  260.698774][T10738] RDX: 00000000200000c0 RSI: 0000000000000000 RDI: 0000000000000000
[  260.700828][T10738] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  260.702905][T10738] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  260.704958][T10738] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  260.707030][T10738]  </TASK>
[  260.960326][T10744] random: crng reseeded on system resumption
[  260.969570][T10744] Restarting kernel threads ... done.
[  261.808688][T10767] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  261.909598][   T40] kauditd_printk_skb: 37 callbacks suppressed
[  261.909610][   T40] audit: type=1326 audit(1728326582.021:176): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10762 comm="syz.1.1683" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7fe4579 code=0x0
[  262.201985][T10785] binder: 10784:10785 ioctl c0306201 20000240 returned -22
[  262.667791][T10809] program syz.2.1695 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  263.045472][   T40] audit: type=1800 audit(1728326583.151:177): pid=10821 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1701" name="bus" dev="overlay" ino=2541 res=0 errno=0
[  263.223105][T10827] FAULT_INJECTION: forcing a failure.
[  263.223105][T10827] name failslab, interval 1, probability 0, space 0, times 0
[  263.247489][T10827] CPU: 1 UID: 0 PID: 10827 Comm: syz.1.1702 Not tainted 6.12.0-rc2-syzkaller #0
[  263.250232][T10827] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  263.253872][T10827] Call Trace:
[  263.254894][T10827]  <TASK>
[  263.255678][T10827]  dump_stack_lvl+0x16c/0x1f0
[  263.257075][T10827]  should_fail_ex+0x497/0x5b0
[  263.258355][T10827]  ? fs_reclaim_acquire+0xae/0x160
[  263.259834][T10827]  should_failslab+0xc2/0x120
[  263.261139][T10827]  __kmalloc_node_noprof+0xd1/0x440
[  263.262608][T10827]  ? __kvmalloc_node_noprof+0xad/0x1a0
[  263.264362][T10827]  __kvmalloc_node_noprof+0xad/0x1a0
[  263.265900][T10827]  bucket_table_alloc.isra.0+0x86/0x460
[  263.267359][T10827]  ? __raw_spin_lock_init+0x3a/0x110
[  263.268736][T10827]  rhashtable_init_noprof+0x43b/0x7d0
[  263.270142][T10827]  rhltable_init_noprof+0x20/0x60
[  263.271493][T10827]  nf_tables_newtable+0xfb6/0x1b40
[  263.272853][T10827]  ? net_generic+0xea/0x2a0
[  263.274155][T10827]  ? __pfx_nf_tables_newtable+0x10/0x10
[  263.275701][T10827]  ? trace_lock_acquire+0x14a/0x1d0
[  263.277067][T10827]  ? __nla_parse+0x40/0x60
[  263.278247][T10827]  nfnetlink_rcv_batch+0x1a28/0x24e0
[  263.279656][T10827]  ? __pfx_nfnetlink_rcv_batch+0x10/0x10
[  263.281123][T10827]  ? preempt_schedule_common+0x44/0xc0
[  263.282573][T10827]  ? __pfx___lock_acquire+0x10/0x10
[  263.283967][T10827]  ? __nla_parse+0x40/0x60
[  263.285147][T10827]  nfnetlink_rcv+0x3c3/0x430
[  263.286375][T10827]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  263.287719][T10827]  netlink_unicast+0x53c/0x7f0
[  263.288987][T10827]  ? __pfx_netlink_unicast+0x10/0x10
[  263.290380][T10827]  ? __phys_addr_symbol+0x30/0x80
[  263.291722][T10827]  ? __check_object_size+0x488/0x710
[  263.293119][T10827]  netlink_sendmsg+0x8b8/0xd70
[  263.294408][T10827]  ? __pfx_netlink_sendmsg+0x10/0x10
[  263.296210][T10827]  ? lock_acquire+0x2f/0xb0
[  263.297706][T10827]  ____sys_sendmsg+0x9ae/0xb40
[  263.299368][T10827]  ? __pfx_____sys_sendmsg+0x10/0x10
[  263.301180][T10827]  ? get_compat_msghdr+0x11b/0x170
[  263.302954][T10827]  ? __pfx___lock_acquire+0x10/0x10
[  263.304483][T10827]  ___sys_sendmsg+0x135/0x1e0
[  263.305732][T10827]  ? __pfx____sys_sendmsg+0x10/0x10
[  263.307416][T10827]  ? lock_acquire+0x2f/0xb0
[  263.308828][T10827]  ? __fget_files+0x40/0x3f0
[  263.310301][T10827]  ? fdget+0x176/0x210
[  263.311723][T10827]  __sys_sendmsg+0x117/0x1f0
[  263.313218][T10827]  ? __pfx___sys_sendmsg+0x10/0x10
[  263.314572][T10827]  ? __fget_files+0x244/0x3f0
[  263.315838][T10827]  __do_fast_syscall_32+0x73/0x120
[  263.317191][T10827]  do_fast_syscall_32+0x32/0x80
[  263.318534][T10827]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  263.320387][T10827] RIP: 0023:0xf7fe4579
[  263.321465][T10827] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  263.326538][T10827] RSP: 002b:00000000f576656c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  263.328736][T10827] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000200000c0
[  263.330822][T10827] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  263.332887][T10827] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  263.334956][T10827] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  263.337013][T10827] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  263.339085][T10827]  </TASK>
[  263.548624][T10830] __nla_validate_parse: 8 callbacks suppressed
[  263.548637][T10830] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1704'.
[  264.652254][T10859] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  264.668419][T10863] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1712'.
[  264.722179][   T40] audit: type=1326 audit(1728326584.831:178): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10853 comm="syz.1.1709" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7fe4579 code=0x0
[  264.731882][T10866] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1712'.
[  264.796068][   T56] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  264.955989][   T56] usb 5-1: Using ep0 maxpacket: 8
[  264.962832][   T56] usb 5-1: config 179 has an invalid interface number: 65 but max is 0
[  264.964995][   T56] usb 5-1: config 179 has no interface number 0
[  264.966819][   T56] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  264.969649][   T56] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  264.972577][   T56] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  264.975649][   T56] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[  264.986641][   T56] usb 5-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  264.990238][   T56] usb 5-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  264.992859][   T56] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  264.996878][T10858] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  265.214438][ T5344] input: Generic X-Box pad as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:179.65/input/input27
[  265.407407][   T56] usb 5-1: USB disconnect, device number 11
[  265.408946][    C1] xpad 5-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[  265.408966][    C1] xpad 5-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  265.417487][   T56] xpad 5-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19
[  266.403296][T10877] overlayfs: missing 'lowerdir'
[  266.719543][T10897] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1722'.
[  266.775471][T10898] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1722'.
[  267.522729][T10896] overlayfs: missing 'lowerdir'
[  267.634087][T10907] netlink: 'syz.3.1724': attribute type 10 has an invalid length.
[  267.668352][T10907] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  267.670648][T10909] netlink: 'syz.3.1724': attribute type 10 has an invalid length.
[  267.700987][T10909] bond0: (slave netdevsim0): Releasing backup interface
[  267.707542][T10909] team0: Failed to send port change of device netdevsim0 via netlink (err -105)
[  267.711682][T10909] team0: Failed to send options change via netlink (err -105)
[  267.715213][T10909] team0: Port device netdevsim0 added
[  267.726308][   T12] team0: Failed to send port change of device netdevsim0 via netlink (err -105)
[  267.793410][T10921] FAULT_INJECTION: forcing a failure.
[  267.793410][T10921] name failslab, interval 1, probability 0, space 0, times 0
[  267.799620][T10921] CPU: 1 UID: 0 PID: 10921 Comm: syz.1.1726 Not tainted 6.12.0-rc2-syzkaller #0
[  267.802078][T10921] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  267.804959][T10921] Call Trace:
[  267.805851][T10921]  <TASK>
[  267.806643][T10921]  dump_stack_lvl+0x16c/0x1f0
[  267.807934][T10921]  should_fail_ex+0x497/0x5b0
[  267.809188][T10921]  ? fs_reclaim_acquire+0xae/0x160
[  267.810549][T10921]  should_failslab+0xc2/0x120
[  267.811819][T10921]  __kmalloc_noprof+0xcb/0x410
[  267.813115][T10921]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  267.814618][T10921]  tomoyo_realpath_from_path+0xbf/0x710
[  267.816091][T10921]  ? tomoyo_path_number_perm+0x232/0x5b0
[  267.817579][T10921]  tomoyo_path_number_perm+0x245/0x5b0
[  267.819028][T10921]  ? tomoyo_path_number_perm+0x232/0x5b0
[  267.820511][T10921]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  267.822122][T10921]  ? trace_lock_acquire+0x14a/0x1d0
[  267.823533][T10921]  ? lock_acquire+0x2f/0xb0
[  267.824747][T10921]  ? __fget_files+0x40/0x3f0
[  267.826005][T10921]  ? __fget_files+0x244/0x3f0
[  267.827266][T10921]  security_file_ioctl_compat+0x9b/0x240
[  267.828772][T10921]  __do_compat_sys_ioctl+0x52/0x2b0
[  267.830143][T10921]  __do_fast_syscall_32+0x73/0x120
[  267.831521][T10921]  do_fast_syscall_32+0x32/0x80
[  267.832831][T10921]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  267.834512][T10921] RIP: 0023:0xf7fe4579
[  267.835613][T10921] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  267.840683][T10921] RSP: 002b:00000000f574556c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  267.842873][T10921] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000c008ae05
[  267.844981][T10921] RDX: 0000000020000080 RSI: 0000000000000000 RDI: 0000000000000000
[  267.847100][T10921] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  267.849215][T10921] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  267.851318][T10921] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  267.853455][T10921]  </TASK>
[  267.858234][T10921] ERROR: Out of memory at tomoyo_realpath_from_path.
[  268.327953][T10926] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1729'.
[  268.334185][T10926] netlink: 16126 bytes leftover after parsing attributes in process `syz.0.1729'.
[  268.337069][T10926] netlink: 183228 bytes leftover after parsing attributes in process `syz.0.1729'.
[  269.545610][T10941] overlayfs: missing 'lowerdir'
[  269.729960][T10943] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1734'.
[  269.791008][T10944] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1734'.
[  270.211019][T10954] netlink: 16126 bytes leftover after parsing attributes in process `syz.0.1738'.
[  270.213564][T10954] netlink: 183228 bytes leftover after parsing attributes in process `syz.0.1738'.
[  270.223908][T10952] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  270.237711][T10956] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1739'.
[  270.240204][T10956] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1739'.
[  270.454569][T10966] lo speed is unknown, defaulting to 1000
[  270.524470][T10964] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  270.587517][   T40] audit: type=1326 audit(1728326590.701:179): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10962 comm="syz.3.1742" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f36579 code=0x0
[  270.916703][T10979] FAULT_INJECTION: forcing a failure.
[  270.916703][T10979] name failslab, interval 1, probability 0, space 0, times 0
[  270.920602][T10979] CPU: 1 UID: 0 PID: 10979 Comm: syz.1.1745 Not tainted 6.12.0-rc2-syzkaller #0
[  270.923003][T10979] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  270.925795][T10979] Call Trace:
[  270.926689][T10979]  <TASK>
[  270.927471][T10979]  dump_stack_lvl+0x16c/0x1f0
[  270.928732][T10979]  should_fail_ex+0x497/0x5b0
[  270.929980][T10979]  ? fs_reclaim_acquire+0xae/0x160
[  270.931332][T10979]  should_failslab+0xc2/0x120
[  270.932581][T10979]  kmem_cache_alloc_node_noprof+0x71/0x310
[  270.934119][T10979]  ? __alloc_skb+0x2b3/0x380
[  270.935354][T10979]  __alloc_skb+0x2b3/0x380
[  270.936538][T10979]  ? __pfx___alloc_skb+0x10/0x10
[  270.937853][T10979]  netlink_ack+0x164/0xb20
[  270.939041][T10979]  netlink_rcv_skb+0x327/0x410
[  270.940302][T10979]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  270.941733][T10979]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  270.943137][T10979]  ? __pfx_aa_get_newest_label+0x10/0x10
[  270.944618][T10979]  ? bpf_lsm_capable+0x9/0x10
[  270.945864][T10979]  ? security_capable+0x7e/0x260
[  270.947175][T10979]  ? ns_capable+0xd7/0x110
[  270.948354][T10979]  nfnetlink_rcv+0x1b4/0x430
[  270.949580][T10979]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  270.950930][T10979]  ? netlink_deliver_tap+0x1ae/0xcf0
[  270.952329][T10979]  netlink_unicast+0x53c/0x7f0
[  270.953597][T10979]  ? __pfx_netlink_unicast+0x10/0x10
[  270.955168][T10979]  ? __phys_addr_symbol+0x30/0x80
[  270.956515][T10979]  ? __check_object_size+0x488/0x710
[  270.957913][T10979]  netlink_sendmsg+0x8b8/0xd70
[  270.959193][T10979]  ? __pfx_netlink_sendmsg+0x10/0x10
[  270.960591][T10979]  ? lock_acquire+0x2f/0xb0
[  270.961804][T10979]  ____sys_sendmsg+0x9ae/0xb40
[  270.963089][T10979]  ? __pfx_____sys_sendmsg+0x10/0x10
[  270.964485][T10979]  ? get_compat_msghdr+0x11b/0x170
[  270.965841][T10979]  ? __pfx___lock_acquire+0x10/0x10
[  270.967246][T10979]  ___sys_sendmsg+0x135/0x1e0
[  270.968499][T10979]  ? __pfx____sys_sendmsg+0x10/0x10
[  270.969882][T10979]  ? lock_acquire+0x2f/0xb0
[  270.971091][T10979]  ? __fget_files+0x40/0x3f0
[  270.972323][T10979]  ? fdget+0x176/0x210
[  270.973403][T10979]  __sys_sendmsg+0x117/0x1f0
[  270.974611][T10979]  ? __pfx___sys_sendmsg+0x10/0x10
[  270.975985][T10979]  ? __fget_files+0x244/0x3f0
[  270.977248][T10979]  __do_fast_syscall_32+0x73/0x120
[  270.978613][T10979]  do_fast_syscall_32+0x32/0x80
[  270.979922][T10979]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  270.981601][T10979] RIP: 0023:0xf7fe4579
[  270.982705][T10979] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  270.987743][T10979] RSP: 002b:00000000f576656c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  270.989897][T10979] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000040
[  270.991974][T10979] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  270.994046][T10979] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  270.996130][T10979] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  270.998203][T10979] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  271.000283][T10979]  </TASK>
[  271.088336][T10980] overlayfs: missing 'lowerdir'
[  271.361555][T10987] block nbd0: shutting down sockets
[  271.398296][T10986] ptrace attach of "/syz-executor exec"[5350] was attempted by "/syz-executor exec"[10986]
[  271.446764][T10990] netlink: 16126 bytes leftover after parsing attributes in process `syz.1.1748'.
[  271.453921][T10990] netlink: 183228 bytes leftover after parsing attributes in process `syz.1.1748'.
[  271.539848][   T40] audit: type=1326 audit(1728326591.651:180): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10991 comm="syz.1.1749" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe4579 code=0x7ffc0000
[  271.547598][   T40] audit: type=1326 audit(1728326591.651:181): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10991 comm="syz.1.1749" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe4579 code=0x7ffc0000
[  271.553625][   T40] audit: type=1326 audit(1728326591.651:182): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10991 comm="syz.1.1749" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7fe4579 code=0x7ffc0000
[  271.559779][   T40] audit: type=1326 audit(1728326591.651:183): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10991 comm="syz.1.1749" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe4579 code=0x7ffc0000
[  271.565433][   T40] audit: type=1326 audit(1728326591.651:184): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10991 comm="syz.1.1749" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe4579 code=0x7ffc0000
[  271.571243][   T40] audit: type=1326 audit(1728326591.651:185): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10991 comm="syz.1.1749" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7fe4579 code=0x7ffc0000
[  271.576965][   T40] audit: type=1326 audit(1728326591.651:186): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10991 comm="syz.1.1749" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe4579 code=0x7ffc0000
[  271.582513][   T40] audit: type=1326 audit(1728326591.651:187): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10991 comm="syz.1.1749" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe4579 code=0x7ffc0000
[  271.588247][   T40] audit: type=1326 audit(1728326591.651:188): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10991 comm="syz.1.1749" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7fe4579 code=0x7ffc0000
[  272.081844][T10998] 9pnet_fd: Insufficient options for proto=fd
[  272.086264][T10998] Option 'o]‚çåc' to dns_resolver key: bad/missing value
[  272.729747][   T56] hid-generic 0000:3000000:0000.0004: unknown main item tag 0x4
[  272.731931][   T56] hid-generic 0000:3000000:0000.0004: unknown main item tag 0x2
[  272.734149][   T56] hid-generic 0000:3000000:0000.0004: unknown main item tag 0x0
[  272.736465][   T56] hid-generic 0000:3000000:0000.0004: unknown main item tag 0x0
[  272.738555][   T56] hid-generic 0000:3000000:0000.0004: unknown main item tag 0x0
[  272.740640][   T56] hid-generic 0000:3000000:0000.0004: unknown main item tag 0x0
[  272.742734][   T56] hid-generic 0000:3000000:0000.0004: unknown main item tag 0x0
[  272.745944][T11025] netlink: 16126 bytes leftover after parsing attributes in process `syz.1.1759'.
[  272.748392][T11025] netlink: 183228 bytes leftover after parsing attributes in process `syz.1.1759'.
[  272.751030][   T56] hid-generic 0000:3000000:0000.0004: unknown main item tag 0x0
[  272.753579][   T56] hid-generic 0000:3000000:0000.0004: unknown main item tag 0x0
[  272.758482][   T56] hid-generic 0000:3000000:0000.0004: unknown main item tag 0x0
[  272.765228][   T56] hid-generic 0000:3000000:0000.0004: unknown main item tag 0x0
[  272.771072][   T56] hid-generic 0000:3000000:0000.0004: unknown main item tag 0x0
[  272.783797][   T56] hid-generic 0000:3000000:0000.0004: unknown main item tag 0x0
[  272.799232][   T56] hid-generic 0000:3000000:0000.0004: unknown main item tag 0x0
[  272.801216][   T56] hid-generic 0000:3000000:0000.0004: unknown main item tag 0x0
[  272.803182][   T56] hid-generic 0000:3000000:0000.0004: unknown main item tag 0x0
[  272.815055][   T56] hid-generic 0000:3000000:0000.0004: hidraw1: <UNKNOWN> HID v0.00 Device [sy

] on syz0
[  273.103273][T11036] FAULT_INJECTION: forcing a failure.
[  273.103273][T11036] name failslab, interval 1, probability 0, space 0, times 0
[  273.112048][T11036] CPU: 1 UID: 0 PID: 11036 Comm: syz.2.1762 Not tainted 6.12.0-rc2-syzkaller #0
[  273.114483][T11036] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  273.117324][T11036] Call Trace:
[  273.118217][T11036]  <TASK>
[  273.119022][T11036]  dump_stack_lvl+0x16c/0x1f0
[  273.120276][T11036]  should_fail_ex+0x497/0x5b0
[  273.121535][T11036]  ? fs_reclaim_acquire+0xae/0x160
[  273.122922][T11036]  should_failslab+0xc2/0x120
[  273.124180][T11036]  __kmalloc_cache_noprof+0x6b/0x310
[  273.125581][T11036]  ? alloc_netdev_mqs+0xdde/0x12a0
[  273.126957][T11036]  alloc_netdev_mqs+0xdde/0x12a0
[  273.128273][T11036]  rtnl_create_link+0xbed/0xf10
[  273.129572][T11036]  __rtnl_newlink+0x10b3/0x1920
[  273.130895][T11036]  ? __pfx___rtnl_newlink+0x10/0x10
[  273.132286][T11036]  rtnl_newlink+0x67/0xa0
[  273.133438][T11036]  ? __pfx_rtnl_newlink+0x10/0x10
[  273.134810][T11036]  rtnetlink_rcv_msg+0x3c7/0xea0
[  273.136123][T11036]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  273.137564][T11036]  ? __pfx___lock_acquire+0x10/0x10
[  273.139126][T11036]  netlink_rcv_skb+0x165/0x410
[  273.140584][T11036]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  273.142145][T11036]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  273.143699][T11036]  ? netlink_deliver_tap+0x1ae/0xcf0
[  273.145239][T11036]  netlink_unicast+0x53c/0x7f0
[  273.146602][T11036]  ? __pfx_netlink_unicast+0x10/0x10
[  273.148092][T11036]  ? __phys_addr_symbol+0x30/0x80
[  273.149534][T11036]  ? __check_object_size+0x488/0x710
[  273.151040][T11036]  netlink_sendmsg+0x8b8/0xd70
[  273.152481][T11036]  ? __pfx_netlink_sendmsg+0x10/0x10
[  273.154099][T11036]  ? lock_acquire+0x2f/0xb0
[  273.155416][T11036]  ____sys_sendmsg+0x9ae/0xb40
[  273.156712][T11036]  ? __pfx_____sys_sendmsg+0x10/0x10
[  273.158108][T11036]  ? get_compat_msghdr+0x11b/0x170
[  273.159477][T11036]  ? __pfx___lock_acquire+0x10/0x10
[  273.160858][T11036]  ___sys_sendmsg+0x135/0x1e0
[  273.162110][T11036]  ? __pfx____sys_sendmsg+0x10/0x10
[  273.163517][T11036]  ? lock_acquire+0x2f/0xb0
[  273.164743][T11036]  ? __fget_files+0x40/0x3f0
[  273.165985][T11036]  ? fdget+0x176/0x210
[  273.167081][T11036]  __sys_sendmsg+0x117/0x1f0
[  273.168321][T11036]  ? __pfx___sys_sendmsg+0x10/0x10
[  273.169691][T11036]  ? __fget_files+0x244/0x3f0
[  273.170968][T11036]  __do_fast_syscall_32+0x73/0x120
[  273.172338][T11036]  do_fast_syscall_32+0x32/0x80
[  273.173647][T11036]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  273.175341][T11036] RIP: 0023:0xf7f58579
[  273.176453][T11036] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  273.181558][T11036] RSP: 002b:00000000f56d656c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  273.183767][T11036] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000280
[  273.185843][T11036] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  273.187929][T11036] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  273.190016][T11036] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  273.192114][T11036] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  273.194224][T11036]  </TASK>
[  273.195152][    C1] vkms_vblank_simulate: vblank timer overrun
[  273.380844][T11042] lo speed is unknown, defaulting to 1000
[  274.252129][T11074] hpfs: bad mount options.
[  274.632330][T11089] overlayfs: missing 'lowerdir'
[  275.016024][ T5344] usb 6-1: new high-speed USB device number 20 using dummy_hcd
[  275.165991][ T5344] usb 6-1: Using ep0 maxpacket: 8
[  275.168664][ T5344] usb 6-1: config 179 has an invalid interface number: 65 but max is 0
[  275.170799][ T5344] usb 6-1: config 179 has no interface number 0
[  275.172549][ T5344] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  275.175588][ T5344] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  275.178798][ T5344] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  275.181896][ T5344] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[  275.185059][ T5344] usb 6-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  275.188974][ T5344] usb 6-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  275.191594][ T5344] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  275.198831][T11093] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  275.363867][T11099] __nla_validate_parse: 6 callbacks suppressed
[  275.363879][T11099] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1779'.
[  275.368538][T11099] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1779'.
[  275.370937][T11099] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1779'.
[  275.373319][T11099] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1779'.
[  275.460707][T11101] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1780'.
[  275.463102][T11101] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1780'.
[  275.465508][T11101] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1780'.
[  275.468053][T11101] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1780'.
[  275.640532][T11091] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  275.662341][ T5344] usb 6-1: USB disconnect, device number 20
[  275.663957][    C1] xpad 6-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[  275.663976][    C1] xpad 6-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  275.684141][T11104] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  275.719611][   T40] kauditd_printk_skb: 19 callbacks suppressed
[  275.719622][   T40] audit: type=1326 audit(1728326595.831:208): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11102 comm="syz.0.1781" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf73ee579 code=0x0
[  277.139308][T11118] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1785'.
[  277.167647][T11113] lo speed is unknown, defaulting to 1000
[  277.208636][T11123] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1785'.
[  277.300000][T11130] FAULT_INJECTION: forcing a failure.
[  277.300000][T11130] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  277.303832][T11130] CPU: 3 UID: 0 PID: 11130 Comm: syz.3.1789 Not tainted 6.12.0-rc2-syzkaller #0
[  277.306222][T11130] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  277.309044][T11130] Call Trace:
[  277.309942][T11130]  <TASK>
[  277.310745][T11130]  dump_stack_lvl+0x16c/0x1f0
[  277.312015][T11130]  should_fail_ex+0x497/0x5b0
[  277.313278][T11130]  _copy_from_user+0x30/0xf0
[  277.314600][T11130]  memdup_user+0x71/0xd0
[  277.315742][T11130]  strndup_user+0x78/0xe0
[  277.316965][T11130]  __ia32_sys_mount+0x181/0x310
[  277.318257][T11130]  ? __pfx___ia32_sys_mount+0x10/0x10
[  277.319696][T11130]  __do_fast_syscall_32+0x73/0x120
[  277.321054][T11130]  do_fast_syscall_32+0x32/0x80
[  277.322345][T11130]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  277.324143][T11130] RIP: 0023:0xf7f36579
[  277.325298][T11130] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  277.330284][T11130] RSP: 002b:00000000f56b656c EFLAGS: 00000296 ORIG_RAX: 0000000000000015
[  277.332475][T11130] RAX: ffffffffffffffda RBX: 0000000020000100 RCX: 0000000020000180
[  277.334530][T11130] RDX: 00000000200000c0 RSI: 0000000000000000 RDI: 0000000020000340
[  277.336725][T11130] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  277.338897][T11130] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  277.340976][T11130] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  277.343111][T11130]  </TASK>
[  277.694059][T11149] overlayfs: missing 'lowerdir'
[  278.107628][T11152] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  278.132419][   T40] audit: type=1326 audit(1728326598.241:209): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11150 comm="syz.2.1796" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f58579 code=0x0
[  278.782086][T11173] openvswitch: netlink: Missing key (keys=8040, expected=2000)
[  279.666160][T11195] openvswitch: netlink: Missing key (keys=8040, expected=2000)
[  279.668307][T11195] FAULT_INJECTION: forcing a failure.
[  279.668307][T11195] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  279.672649][T11195] CPU: 1 UID: 0 PID: 11195 Comm: syz.3.1808 Not tainted 6.12.0-rc2-syzkaller #0
[  279.674912][T11195] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  279.677649][T11195] Call Trace:
[  279.678521][T11195]  <TASK>
[  279.679304][T11195]  dump_stack_lvl+0x16c/0x1f0
[  279.680548][T11195]  should_fail_ex+0x497/0x5b0
[  279.681784][T11195]  _copy_to_user+0x30/0xc0
[  279.682972][T11195]  simple_read_from_buffer+0xd0/0x160
[  279.684373][T11195]  proc_fail_nth_read+0x198/0x270
[  279.685692][T11195]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  279.687135][T11195]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  279.688570][T11195]  vfs_read+0x1ce/0xbd0
[  279.689656][T11195]  ? __fget_files+0x23a/0x3f0
[  279.690889][T11195]  ? fdget_pos+0x24c/0x360
[  279.692050][T11195]  ? __pfx_lock_release+0x10/0x10
[  279.693363][T11195]  ? trace_lock_acquire+0x14a/0x1d0
[  279.694731][T11195]  ? __pfx_vfs_read+0x10/0x10
[  279.695937][T11195]  ? __pfx___mutex_lock+0x10/0x10
[  279.697216][T11195]  ? __fget_files+0x244/0x3f0
[  279.698396][T11195]  ksys_read+0x12f/0x260
[  279.699489][T11195]  ? __pfx_ksys_read+0x10/0x10
[  279.700716][T11195]  __do_fast_syscall_32+0x73/0x120
[  279.702016][T11195]  do_fast_syscall_32+0x32/0x80
[  279.703277][T11195]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  279.704896][T11195] RIP: 0023:0xf7f36579
[  279.705950][T11195] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  279.711030][T11195] RSP: 002b:00000000f56b65a0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  279.713160][T11195] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f56b6620
[  279.715177][T11195] RDX: 000000000000000f RSI: 00000000f73bbff4 RDI: 0000000000000000
[  279.717117][T11195] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000
[  279.719127][T11195] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  279.721072][T11195] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  279.723119][T11195]  </TASK>
[  279.880096][T11204] FAULT_INJECTION: forcing a failure.
[  279.880096][T11204] name failslab, interval 1, probability 0, space 0, times 0
[  279.883390][T11204] CPU: 3 UID: 0 PID: 11204 Comm: syz.3.1811 Not tainted 6.12.0-rc2-syzkaller #0
[  279.885712][T11204] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  279.888521][T11204] Call Trace:
[  279.889408][T11204]  <TASK>
[  279.890201][T11204]  dump_stack_lvl+0x16c/0x1f0
[  279.891476][T11204]  should_fail_ex+0x497/0x5b0
[  279.892733][T11204]  ? fs_reclaim_acquire+0xae/0x160
[  279.894109][T11204]  should_failslab+0xc2/0x120
[  279.895367][T11204]  __kmalloc_noprof+0xcb/0x410
[  279.896619][T11204]  ? __pfx_d_absolute_path+0x10/0x10
[  279.898005][T11204]  tomoyo_encode2+0x100/0x3e0
[  279.899278][T11204]  tomoyo_realpath_from_path+0x1a7/0x710
[  279.900708][T11204]  tomoyo_path_number_perm+0x245/0x5b0
[  279.902146][T11204]  ? tomoyo_path_number_perm+0x232/0x5b0
[  279.903605][T11204]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  279.905160][T11204]  ? trace_lock_acquire+0x14a/0x1d0
[  279.906648][T11204]  ? lock_acquire+0x2f/0xb0
[  279.907873][T11204]  ? __fget_files+0x40/0x3f0
[  279.909054][T11204]  ? __fget_files+0x244/0x3f0
[  279.910256][T11204]  security_file_ioctl_compat+0x9b/0x240
[  279.911678][T11204]  __do_compat_sys_ioctl+0x52/0x2b0
[  279.913019][T11204]  __do_fast_syscall_32+0x73/0x120
[  279.914333][T11204]  do_fast_syscall_32+0x32/0x80
[  279.915586][T11204]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  279.917174][T11204] RIP: 0023:0xf7f36579
[  279.918218][T11204] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  279.922937][T11204] RSP: 002b:00000000f56b656c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  279.925021][T11204] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000c008561c
[  279.926994][T11204] RDX: 0000000020000040 RSI: 0000000000000000 RDI: 0000000000000000
[  279.928983][T11204] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  279.931064][T11204] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  279.933063][T11204] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  279.935060][T11204]  </TASK>
[  279.936018][T11204] ERROR: Out of memory at tomoyo_realpath_from_path.
[  280.081269][  T978] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  280.083291][  T978] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  280.085304][  T978] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  280.087552][  T978] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  280.089505][  T978] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  280.091458][  T978] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  280.093405][  T978] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  280.095402][  T978] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  280.097818][  T978] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  280.100040][  T978] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  280.101982][  T978] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  280.103939][  T978] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  280.105931][  T978] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  280.107916][  T978] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  280.109850][  T978] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  280.111788][  T978] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  280.113718][  T978] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  280.115666][  T978] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  280.117804][  T978] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  280.119748][  T978] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  280.121674][  T978] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  280.123607][  T978] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  280.125515][  T978] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  280.127562][  T978] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  280.129505][  T978] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  280.131456][  T978] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  280.133402][  T978] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  280.135377][  T978] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  280.137623][  T978] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  280.139582][  T978] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  280.141524][  T978] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  280.143467][  T978] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  280.145407][  T978] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  280.147469][  T978] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  280.149414][  T978] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  280.151380][  T978] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  280.153318][  T978] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  280.155269][  T978] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  280.157281][  T978] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  280.159229][  T978] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  280.161172][  T978] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  280.163120][  T978] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  280.165064][  T978] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  280.167089][  T978] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  280.169047][  T978] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  280.171278][  T978] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  280.173228][  T978] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  280.175198][  T978] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  280.177197][  T978] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  280.179146][  T978] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  280.181083][  T978] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  280.183039][  T978] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  280.184977][  T978] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  280.186979][  T978] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  280.188909][  T978] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  280.190849][  T978] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  280.192783][  T978] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  280.194723][  T978] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  280.196730][  T978] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  280.198677][  T978] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  280.200630][  T978] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  280.202588][  T978] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  280.204533][  T978] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  280.206534][  T978] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  280.208487][  T978] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  280.210439][  T978] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  280.212394][  T978] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  280.214356][  T978] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  280.216425][  T978] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  280.218349][  T978] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  280.220595][  T978] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  280.222572][  T978] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  280.224519][  T978] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  280.232615][  T978] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  280.234602][  T978] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  280.236628][  T978] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  280.238605][  T978] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  280.238971][T11222] FAULT_INJECTION: forcing a failure.
[  280.238971][T11222] name failslab, interval 1, probability 0, space 0, times 0
[  280.240531][  T978] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  280.245794][  T978] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  280.248092][  T978] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  280.250042][  T978] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  280.251979][  T978] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  280.253884][  T978] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  280.255725][  T978] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  280.258449][  T978] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  280.258510][T11222] CPU: 1 UID: 0 PID: 11222 Comm: syz.1.1817 Not tainted 6.12.0-rc2-syzkaller #0
[  280.260589][  T978] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  280.262898][T11222] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  280.264794][  T978] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  280.267472][T11222] Call Trace:
[  280.267479][T11222]  <TASK>
[  280.267484][T11222]  dump_stack_lvl+0x16c/0x1f0
[  280.267504][T11222]  should_fail_ex+0x497/0x5b0
[  280.267520][T11222]  ? fs_reclaim_acquire+0xae/0x160
[  280.267535][T11222]  should_failslab+0xc2/0x120
[  280.267550][T11222]  __kmalloc_noprof+0xcb/0x410
[  280.267565][T11222]  ? lock_acquire+0x2f/0xb0
[  280.267580][T11222]  ? fib6_get_table+0x5c/0x3b0
[  280.267593][T11222]  fib6_info_alloc+0x40/0x160
[  280.267603][T11222]  ip6_route_info_create+0x337/0x1aa0
[  280.267621][T11222]  ? __pfx_ip6_route_info_create+0x10/0x10
[  280.267639][T11222]  ip6_route_multipath_add+0xe40/0x2190
[  280.270046][  T978] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  280.270233][T11222]  ? __pfx_ip6_route_multipath_add+0x10/0x10
[  280.287909][T11222]  ? __mutex_trylock_common+0xea/0x250
[  280.289294][T11222]  ? __pfx___mutex_trylock_common+0x10/0x10
[  280.290802][T11222]  ? inet6_rtm_newroute+0xe5/0x170
[  280.292075][T11222]  inet6_rtm_newroute+0xe5/0x170
[  280.293376][T11222]  ? __pfx_inet6_rtm_newroute+0x10/0x10
[  280.294844][T11222]  ? __pfx_inet6_rtm_newroute+0x10/0x10
[  280.296349][T11222]  rtnetlink_rcv_msg+0x3c7/0xea0
[  280.297709][T11222]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  280.299135][T11222]  ? __pfx___dev_queue_xmit+0x10/0x10
[  280.300541][T11222]  netlink_rcv_skb+0x165/0x410
[  280.301797][T11222]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  280.303145][T11222]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  280.304420][T11222]  ? netlink_deliver_tap+0x1ae/0xcf0
[  280.305767][T11222]  netlink_unicast+0x53c/0x7f0
[  280.307031][T11222]  ? __pfx_netlink_unicast+0x10/0x10
[  280.308419][T11222]  ? __phys_addr_symbol+0x30/0x80
[  280.309697][T11222]  ? __check_object_size+0x488/0x710
[  280.310994][T11222]  netlink_sendmsg+0x8b8/0xd70
[  280.312173][T11222]  ? __pfx_netlink_sendmsg+0x10/0x10
[  280.313450][T11222]  ? lock_acquire+0x2f/0xb0
[  280.314567][T11222]  ____sys_sendmsg+0x9ae/0xb40
[  280.315751][T11222]  ? __pfx_____sys_sendmsg+0x10/0x10
[  280.317070][T11222]  ? get_compat_msghdr+0x11b/0x170
[  280.318361][T11222]  ? __pfx___lock_acquire+0x10/0x10
[  280.319667][T11222]  ___sys_sendmsg+0x135/0x1e0
[  280.320833][T11222]  ? __pfx____sys_sendmsg+0x10/0x10
[  280.322152][T11222]  ? lock_acquire+0x2f/0xb0
[  280.323278][T11222]  ? __fget_files+0x40/0x3f0
[  280.324542][T11222]  ? fdget+0x176/0x210
[  280.325637][T11222]  __sys_sendmmsg+0x2a5/0x450
[  280.326837][T11222]  ? __pfx___sys_sendmmsg+0x10/0x10
[  280.328103][T11222]  ? vfs_write+0x14d/0x1140
[  280.329232][T11222]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  280.330794][T11222]  ? fput+0x30/0x390
[  280.331826][T11222]  ? ksys_write+0x1ad/0x260
[  280.333019][T11222]  ? __pfx_ksys_write+0x10/0x10
[  280.334297][T11222]  __ia32_compat_sys_sendmmsg+0x9d/0x100
[  280.335766][T11222]  ? syscall_enter_from_user_mode_prepare+0x68/0xe0
[  280.337471][T11222]  __do_fast_syscall_32+0x73/0x120
[  280.338820][T11222]  do_fast_syscall_32+0x32/0x80
[  280.340091][T11222]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  280.341731][T11222] RIP: 0023:0xf7fe4579
[  280.342814][T11222] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  280.347756][T11222] RSP: 002b:00000000f576656c EFLAGS: 00000296 ORIG_RAX: 0000000000000159
[  280.349916][T11222] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 00000000200002c0
[  280.351963][T11222] RDX: 000000000000009f RSI: 0000000000000000 RDI: 0000000000000000
[  280.354008][T11222] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  280.356061][T11222] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  280.358100][T11222] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  280.360151][T11222]  </TASK>
[  280.361091][  T978] hid-generic 0000:0000:0000.0005: hidraw1: <UNKNOWN> HID v0.00 Device [syz0] on syz0
[  280.500785][T11231] __nla_validate_parse: 12 callbacks suppressed
[  280.500797][T11231] netlink: 16126 bytes leftover after parsing attributes in process `syz.2.1819'.
[  280.504926][T11231] netlink: 183228 bytes leftover after parsing attributes in process `syz.2.1819'.
[  280.959200][T11243] FAULT_INJECTION: forcing a failure.
[  280.959200][T11243] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  280.962442][T11243] CPU: 0 UID: 0 PID: 11243 Comm: syz.3.1823 Not tainted 6.12.0-rc2-syzkaller #0
[  280.964650][T11243] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  280.967266][T11243] Call Trace:
[  280.968088][T11243]  <TASK>
[  280.968842][T11243]  dump_stack_lvl+0x16c/0x1f0
[  280.970041][T11243]  should_fail_ex+0x497/0x5b0
[  280.971248][T11243]  _copy_to_user+0x30/0xc0
[  280.972371][T11243]  simple_read_from_buffer+0xd0/0x160
[  280.973731][T11243]  proc_fail_nth_read+0x198/0x270
[  280.974984][T11243]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  280.976370][T11243]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  280.977772][T11243]  vfs_read+0x1ce/0xbd0
[  280.978830][T11243]  ? __fget_files+0x23a/0x3f0
[  280.980007][T11243]  ? fdget_pos+0x24c/0x360
[  280.981139][T11243]  ? __pfx_lock_release+0x10/0x10
[  280.982419][T11243]  ? trace_lock_acquire+0x14a/0x1d0
[  280.983752][T11243]  ? __pfx_vfs_read+0x10/0x10
[  280.984936][T11243]  ? __pfx___mutex_lock+0x10/0x10
[  280.986178][T11243]  ? __fget_files+0x244/0x3f0
[  280.987356][T11243]  ksys_read+0x12f/0x260
[  280.988381][T11243]  ? __pfx_ksys_read+0x10/0x10
[  280.989561][T11243]  __do_fast_syscall_32+0x73/0x120
[  280.990866][T11243]  do_fast_syscall_32+0x32/0x80
[  280.992105][T11243]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  280.993716][T11243] RIP: 0023:0xf7f36579
[  280.994750][T11243] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  280.999484][T11243] RSP: 002b:00000000f56b65a0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  281.001509][T11243] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f56b6620
[  281.003461][T11243] RDX: 000000000000000f RSI: 00000000f73bbff4 RDI: 0000000000000000
[  281.005403][T11243] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000
[  281.007341][T11243] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  281.009302][T11243] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  281.011300][T11243]  </TASK>
[  281.032426][T11245] netlink: 260 bytes leftover after parsing attributes in process `syz.3.1824'.
[  281.277557][T11250] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1826'.
[  281.280025][T11250] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1826'.
[  281.282367][T11250] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1826'.
[  281.284768][T11250] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1826'.
[  281.488825][T11263] netlink: 16126 bytes leftover after parsing attributes in process `syz.3.1829'.
[  281.490815][T11262] openvswitch: netlink: Actions may not be safe on all matching packets
[  281.491174][T11263] netlink: 183228 bytes leftover after parsing attributes in process `syz.3.1829'.
[  281.604907][T11270] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1834'.
[  282.398123][T11300] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  282.407095][   T40] audit: type=1326 audit(1728326602.521:210): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11298 comm="syz.0.1842" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf73ee579 code=0x0
[  282.622692][T11307] input: syz0 as /devices/virtual/input/input28
[  283.696647][T11331] FAULT_INJECTION: forcing a failure.
[  283.696647][T11331] name failslab, interval 1, probability 0, space 0, times 0
[  283.700335][T11331] CPU: 2 UID: 0 PID: 11331 Comm: syz.3.1853 Not tainted 6.12.0-rc2-syzkaller #0
[  283.702627][T11331] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  283.705871][T11331] Call Trace:
[  283.706766][T11331]  <TASK>
[  283.707518][T11331]  dump_stack_lvl+0x16c/0x1f0
[  283.708714][T11331]  should_fail_ex+0x497/0x5b0
[  283.709895][T11331]  ? fs_reclaim_acquire+0xae/0x160
[  283.711190][T11331]  should_failslab+0xc2/0x120
[  283.712202][T11333] fuse: Unknown parameter 'user_i00000000000000000000'
[  283.712383][T11331]  __kmalloc_noprof+0xcb/0x410
[  283.715409][T11331]  ? __pfx_blk_mq_alloc_request+0x10/0x10
[  283.716865][T11331]  bio_kmalloc+0x41/0x70
[  283.717953][T11331]  blk_rq_map_kern+0x3ea/0x760
[  283.719136][T11331]  scsi_execute_cmd+0x379/0xff0
[  283.720375][T11331]  ? kasan_save_stack+0x42/0x60
[  283.721609][T11331]  ? __pfx_scsi_execute_cmd+0x10/0x10
[  283.722944][T11331]  ? __do_fast_syscall_32+0x73/0x120
[  283.724294][T11331]  ? do_fast_syscall_32+0x32/0x80
[  283.725574][T11331]  ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  283.727218][T11331]  sr_do_ioctl+0x21c/0x830
[  283.728352][T11331]  ? __pfx_sr_do_ioctl+0x10/0x10
[  283.729614][T11331]  sr_read_tochdr.isra.0+0xfd/0x270
[  283.730937][T11331]  ? __pfx_sr_read_tochdr.isra.0+0x10/0x10
[  283.732414][T11331]  ? hlock_class+0x4e/0x130
[  283.733528][T11331]  sr_audio_ioctl+0x111/0x2e0
[  283.734735][T11331]  ? __pfx_sr_audio_ioctl+0x10/0x10
[  283.736046][T11331]  ? __pfx_scsi_test_unit_ready+0x10/0x10
[  283.737497][T11331]  cdrom_count_tracks+0x26d/0x7e0
[  283.738772][T11331]  ? __pfx_cdrom_count_tracks+0x10/0x10
[  283.740152][T11331]  ? __pfx_sr_drive_status+0x10/0x10
[  283.741492][T11331]  cdrom_open+0x73a/0x2680
[  283.742630][T11331]  ? __pfx_cdrom_open+0x10/0x10
[  283.743859][T11331]  ? __pfx___mutex_trylock_common+0x10/0x10
[  283.745347][T11331]  ? sr_block_open+0x167/0x270
[  283.746559][T11331]  ? rcu_is_watching+0x12/0xc0
[  283.747722][T11331]  ? trace_contention_end+0xea/0x140
[  283.749077][T11331]  ? __mutex_lock+0x1a6/0x9c0
[  283.750287][T11331]  ? sr_block_open+0x167/0x270
[  283.751505][T11331]  ? mark_held_locks+0x9f/0xe0
[  283.752727][T11331]  ? __pfx___mutex_lock+0x10/0x10
[  283.753989][T11331]  ? _raw_spin_unlock_irq+0x23/0x50
[  283.755311][T11331]  ? disk_check_media_change+0x1cf/0x280
[  283.756736][T11331]  ? __pfx_disk_check_media_change+0x10/0x10
[  283.758224][T11331]  ? lockdep_hardirqs_on+0x7c/0x110
[  283.759550][T11331]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[  283.761017][T11331]  sr_block_open+0x174/0x270
[  283.762215][T11331]  ? __pfx_sr_block_open+0x10/0x10
[  283.763493][T11331]  ? __pfx_sr_block_open+0x10/0x10
[  283.764831][T11331]  blkdev_get_whole+0x96/0x290
[  283.766146][T11331]  bdev_open+0x2c7/0xe20
[  283.767235][T11331]  blkdev_open+0x36c/0x450
[  283.768459][T11331]  do_dentry_open+0x6ca/0x1530
[  283.769695][T11331]  ? __pfx_blkdev_open+0x10/0x10
[  283.770966][T11331]  vfs_open+0x82/0x3f0
[  283.772011][T11331]  ? may_open+0x1f2/0x400
[  283.773136][T11331]  path_openat+0x1e6a/0x2d60
[  283.774317][T11331]  ? __pfx_path_openat+0x10/0x10
[  283.775562][T11331]  ? __pfx___lock_acquire+0x10/0x10
[  283.776878][T11331]  do_filp_open+0x1dc/0x430
[  283.778057][T11331]  ? __pfx_do_filp_open+0x10/0x10
[  283.779341][T11331]  ? find_held_lock+0x2d/0x110
[  283.780563][T11331]  ? _raw_spin_unlock+0x28/0x50
[  283.781814][T11331]  ? alloc_fd+0x2d7/0x6c0
[  283.782937][T11331]  do_sys_openat2+0x17a/0x1e0
[  283.784144][T11331]  ? __pfx_do_sys_openat2+0x10/0x10
[  283.785460][T11331]  ? __fget_files+0x244/0x3f0
[  283.786589][T11331]  __ia32_compat_sys_openat+0x16e/0x210
[  283.787946][T11331]  ? __pfx___ia32_compat_sys_openat+0x10/0x10
[  283.789466][T11331]  ? ksys_write+0x1ad/0x260
[  283.790623][T11331]  __do_fast_syscall_32+0x73/0x120
[  283.791920][T11331]  do_fast_syscall_32+0x32/0x80
[  283.793161][T11331]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  283.794723][T11331] RIP: 0023:0xf7f36579
[  283.795730][T11331] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  283.800522][T11331] RSP: 002b:00000000f56b656c EFLAGS: 00000296 ORIG_RAX: 0000000000000127
[  283.802631][T11331] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 0000000020000000
[  283.804606][T11331] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  283.806528][T11331] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  283.808443][T11331] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  283.810333][T11331] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  283.812283][T11331]  </TASK>
[  283.813080][    C2] vkms_vblank_simulate: vblank timer overrun
[  284.610150][T11353] fuse: Unknown parameter 'user_i00000000000000000000'
[  284.861151][T11359] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  284.878367][   T40] audit: type=1326 audit(1728326604.991:211): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11357 comm="syz.3.1859" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f36579 code=0x0
[  285.457738][T11366] fuse: Unknown parameter 'user_i00000000000000000000'
[  286.170426][T11380] __nla_validate_parse: 12 callbacks suppressed
[  286.170438][T11380] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1863'.
[  287.178872][T11397] FAULT_INJECTION: forcing a failure.
[  287.178872][T11397] name failslab, interval 1, probability 0, space 0, times 0
[  287.182937][T11397] CPU: 1 UID: 0 PID: 11397 Comm: syz.2.1868 Not tainted 6.12.0-rc2-syzkaller #0
[  287.185630][T11397] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  287.188847][T11397] Call Trace:
[  287.189842][T11397]  <TASK>
[  287.190812][T11397]  dump_stack_lvl+0x16c/0x1f0
[  287.192259][T11397]  should_fail_ex+0x497/0x5b0
[  287.193721][T11397]  ? fs_reclaim_acquire+0xae/0x160
[  287.195216][T11397]  should_failslab+0xc2/0x120
[  287.196564][T11397]  __kmalloc_cache_noprof+0x6b/0x310
[  287.197997][T11397]  ? __tipc_dump_start+0xea/0x160
[  287.199537][T11397]  __tipc_dump_start+0xea/0x160
[  287.201027][T11397]  __tipc_nl_compat_dumpit+0x19f/0xb90
[  287.202800][T11397]  ? __pfx___tipc_nl_compat_dumpit+0x10/0x10
[  287.204537][T11397]  ? skb_put+0x138/0x1b0
[  287.205889][T11397]  ? __nlmsg_put+0x152/0x1c0
[  287.207225][T11397]  tipc_nl_compat_dumpit+0x45f/0x820
[  287.208728][T11397]  tipc_nl_compat_recv+0x5b8/0xc00
[  287.210249][T11397]  ? __pfx_tipc_nl_compat_recv+0x10/0x10
[  287.211973][T11397]  ? __pfx_tipc_nl_node_dump_link+0x10/0x10
[  287.214013][T11397]  ? __pfx_tipc_nl_compat_link_stat_dump+0x10/0x10
[  287.215931][T11397]  ? __mutex_trylock_common+0xea/0x250
[  287.217632][T11397]  ? rcu_is_watching+0x12/0xc0
[  287.219064][T11397]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290
[  287.221317][T11397]  genl_family_rcv_msg_doit+0x202/0x2f0
[  287.223007][T11397]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  287.224672][T11397]  ? __radix_tree_lookup+0x21f/0x2c0
[  287.226242][T11397]  genl_rcv_msg+0x565/0x800
[  287.227722][T11397]  ? __pfx_genl_rcv_msg+0x10/0x10
[  287.229151][T11397]  ? __pfx_tipc_nl_compat_recv+0x10/0x10
[  287.230811][T11397]  ? __pfx___lock_acquire+0x10/0x10
[  287.232365][T11397]  netlink_rcv_skb+0x165/0x410
[  287.233764][T11397]  ? __pfx_genl_rcv_msg+0x10/0x10
[  287.235145][T11397]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  287.236669][T11397]  ? down_read+0xc9/0x330
[  287.237910][T11397]  ? __pfx_down_read+0x10/0x10
[  287.239307][T11397]  ? netlink_deliver_tap+0x1ae/0xcf0
[  287.240815][T11397]  genl_rcv+0x28/0x40
[  287.241977][T11397]  netlink_unicast+0x53c/0x7f0
[  287.243402][T11397]  ? __pfx_netlink_unicast+0x10/0x10
[  287.245014][T11397]  ? __phys_addr_symbol+0x30/0x80
[  287.246523][T11397]  ? __check_object_size+0x488/0x710
[  287.248024][T11397]  netlink_sendmsg+0x8b8/0xd70
[  287.249478][T11397]  ? __pfx_netlink_sendmsg+0x10/0x10
[  287.251045][T11397]  ? lock_acquire+0x2f/0xb0
[  287.252477][T11397]  ____sys_sendmsg+0x9ae/0xb40
[  287.253892][T11397]  ? __pfx_____sys_sendmsg+0x10/0x10
[  287.255414][T11397]  ? get_compat_msghdr+0x11b/0x170
[  287.257020][T11397]  ? __pfx___lock_acquire+0x10/0x10
[  287.258685][T11397]  ___sys_sendmsg+0x135/0x1e0
[  287.260185][T11397]  ? __pfx____sys_sendmsg+0x10/0x10
[  287.261802][T11397]  ? lock_acquire+0x2f/0xb0
[  287.263095][T11397]  ? __fget_files+0x40/0x3f0
[  287.264400][T11397]  ? fdget+0x176/0x210
[  287.265509][T11397]  __sys_sendmsg+0x117/0x1f0
[  287.266747][T11397]  ? __pfx___sys_sendmsg+0x10/0x10
[  287.268090][T11397]  ? __fget_files+0x244/0x3f0
[  287.269335][T11397]  __do_fast_syscall_32+0x73/0x120
[  287.270698][T11397]  do_fast_syscall_32+0x32/0x80
[  287.272028][T11397]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  287.273705][T11397] RIP: 0023:0xf7f58579
[  287.274815][T11397] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  287.280150][T11397] RSP: 002b:00000000f56d656c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  287.282320][T11397] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000200003c0
[  287.284383][T11397] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  287.286447][T11397] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  287.288516][T11397] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  287.290589][T11397] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  287.292656][T11397]  </TASK>
[  287.494552][T11401] ata3.00: invalid multi_count 1 ignored
[  288.075204][T11408] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  288.095434][   T40] audit: type=1326 audit(1728326608.201:212): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11402 comm="syz.2.1871" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f58579 code=0x0
[  288.976693][T11423] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  288.993862][T11423] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  289.208298][T11433] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1879'.
[  289.274929][T11434] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1879'.
[  289.406003][ T5344] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  289.578641][ T5344] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  289.581660][ T5344] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  289.584414][ T5344] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  289.587183][ T5344] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  289.592897][T11430] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  289.596409][ T5344] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[  289.960199][T11437] netlink: 'syz.2.1880': attribute type 7 has an invalid length.
[  289.962397][T11437] netlink: 15 bytes leftover after parsing attributes in process `syz.2.1880'.
[  289.965425][T11437] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1880'.
[  289.967860][T11437] netlink: 872 bytes leftover after parsing attributes in process `syz.2.1880'.
[  289.970473][T11437] netlink: 'syz.2.1880': attribute type 7 has an invalid length.
[  289.973892][T11437] netlink: 15 bytes leftover after parsing attributes in process `syz.2.1880'.
[  289.980444][T11437] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1880'.
[  290.136337][   T64] Bluetooth: hci3: command 0x040f tx timeout
[  291.060048][T11447] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1883'.
[  291.065036][T11447] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  291.070099][T11447] batman_adv: batadv0: Removing interface: batadv_slave_0
[  291.075783][T11447] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  291.081349][T11447] batman_adv: batadv0: Removing interface: batadv_slave_1
[  291.447013][T11451] netlink: 68 bytes leftover after parsing attributes in process `syz.2.1884'.
[  291.957851][ T5344] usb 5-1: USB disconnect, device number 12
[  292.101540][T11460] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  292.115964][   T40] audit: type=1326 audit(1728326612.221:213): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11458 comm="syz.1.1886" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7fe4579 code=0x0
[  292.382128][T11466] usb usb8: usbfs: process 11466 (syz.2.1888) did not claim interface 0 before use
[  292.464902][T11467] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1888'.
[  292.498119][T11467] Êü: entered promiscuous mode
[  292.906372][   T40] audit: type=1326 audit(1728326613.021:214): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11469 comm="syz.0.1889" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73ee579 code=0x7ffc0000
[  292.907746][T11471] can0: slcan on ttyS3.
[  292.916406][   T40] audit: type=1326 audit(1728326613.021:215): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11469 comm="syz.0.1889" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73ee579 code=0x7ffc0000
[  292.921978][   T40] audit: type=1326 audit(1728326613.021:216): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11469 comm="syz.0.1889" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf73ee579 code=0x7ffc0000
[  292.927824][   T40] audit: type=1326 audit(1728326613.021:217): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11469 comm="syz.0.1889" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73ee579 code=0x7ffc0000
[  292.933394][   T40] audit: type=1326 audit(1728326613.021:218): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11469 comm="syz.0.1889" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73ee579 code=0x7ffc0000
[  292.939387][   T40] audit: type=1326 audit(1728326613.021:219): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11469 comm="syz.0.1889" exe="/syz-executor" sig=0 arch=40000003 syscall=370 compat=1 ip=0xf73ee579 code=0x7ffc0000
[  292.944938][   T40] audit: type=1326 audit(1728326613.021:220): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11469 comm="syz.0.1889" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73ee579 code=0x7ffc0000
[  292.950330][   T40] audit: type=1326 audit(1728326613.021:221): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11469 comm="syz.0.1889" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73ee579 code=0x7ffc0000
[  293.096051][T11471] can0 (unregistered): slcan off ttyS3.
[  293.106069][ T5354] Bluetooth: hci3: command 0x040f tx timeout
[  293.180093][T11476] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1892'.
[  293.254492][T11485] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1892'.
[  293.259920][T11480] trusted_key: encrypted_key: master key parameter '' is invalid
[  293.324168][T11488] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1896'.
[  293.333922][T11488] overlayfs: missing 'lowerdir'
[  293.380926][T11491] netlink: 16126 bytes leftover after parsing attributes in process `syz.1.1897'.
[  293.383492][T11491] netlink: 183228 bytes leftover after parsing attributes in process `syz.1.1897'.
[  293.495709][T11502] netlink: 4072 bytes leftover after parsing attributes in process `syz.2.1900'.
[  293.499502][T11502] openvswitch: netlink: Actions may not be safe on all matching packets
[  293.528566][T11500] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  293.584389][T11500] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  293.642039][T11508] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  293.652265][T11507] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  293.659742][   T40] kauditd_printk_skb: 50 callbacks suppressed
[  293.659752][   T40] audit: type=1326 audit(1728326613.771:272): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11505 comm="syz.2.1901" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f58579 code=0x0
[  294.407207][T11516] syz.1.1904 (11516) used greatest stack depth: 19688 bytes left
[  294.583903][T11521] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check.
[  294.604583][T11521] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1905'.
[  294.955214][T11529] netlink: 16126 bytes leftover after parsing attributes in process `syz.1.1906'.
[  295.000042][T11531] usb usb8: usbfs: process 11531 (syz.1.1908) did not claim interface 0 before use
[  296.123881][T11549] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  296.185126][T11549] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  296.243472][T11549] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  296.268399][T11552] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  296.273194][   T40] audit: type=1326 audit(1728326616.381:273): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11550 comm="syz.2.1915" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f58579 code=0x0
[  296.810982][T11556] __nla_validate_parse: 3 callbacks suppressed
[  296.811033][T11556] netlink: 16126 bytes leftover after parsing attributes in process `syz.0.1916'.
[  296.815283][T11556] netlink: 183228 bytes leftover after parsing attributes in process `syz.0.1916'.
[  296.872450][T11558] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1918'.
[  296.884719][T11558] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1918'.
[  296.884865][ T5354] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  296.893300][ T5354] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  296.896937][ T5354] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  296.903359][ T5354] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  296.906848][ T5354] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  296.909144][ T5354] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  296.929207][T11559] lo speed is unknown, defaulting to 1000
[  296.969706][T11567] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1920'.
[  296.979301][T11559] chnl_net:caif_netlink_parms(): no params data found
[  296.980166][T11567] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1920'.
[  297.042279][T11559] bridge0: port 1(bridge_slave_0) entered blocking state
[  297.044232][T11559] bridge0: port 1(bridge_slave_0) entered disabled state
[  297.046341][T11559] bridge_slave_0: entered allmulticast mode
[  297.048333][T11559] bridge_slave_0: entered promiscuous mode
[  297.052320][T11559] bridge0: port 2(bridge_slave_1) entered blocking state
[  297.054247][T11559] bridge0: port 2(bridge_slave_1) entered disabled state
[  297.056441][T11559] bridge_slave_1: entered allmulticast mode
[  297.058493][T11559] bridge_slave_1: entered promiscuous mode
[  297.089036][T11559] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  297.093140][T11559] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  297.116600][T11559] team0: Port device team_slave_0 added
[  297.120053][T11559] team0: Port device team_slave_1 added
[  297.142541][T11559] batman_adv: batadv0: Adding interface: batadv_slave_0
[  297.144391][T11559] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  297.151266][T11559] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  297.156812][T11559] batman_adv: batadv0: Adding interface: batadv_slave_1
[  297.158650][T11559] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  297.165403][T11559] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  297.200190][T11559] hsr_slave_0: entered promiscuous mode
[  297.202458][T11559] hsr_slave_1: entered promiscuous mode
[  297.207258][T11559] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  297.209628][T11559] Cannot create hsr debugfs directory
[  297.295293][T11559] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  297.321884][T11578] overlayfs: missing 'lowerdir'
[  297.390803][T11559] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  297.513537][T11559] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  297.581062][T11580] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1923'.
[  297.613601][T11559] team0: Port device netdevsim0 removed
[  297.617172][T11559] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  297.647621][T11581] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1923'.
[  297.703351][T11559] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  297.707784][T11559] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  297.712500][T11559] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  297.716618][T11559] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  297.726603][T11559] bridge0: port 2(bridge_slave_1) entered blocking state
[  297.728490][T11559] bridge0: port 2(bridge_slave_1) entered forwarding state
[  297.731018][T11559] bridge0: port 1(bridge_slave_0) entered blocking state
[  297.732939][T11559] bridge0: port 1(bridge_slave_0) entered forwarding state
[  297.760796][T11559] 8021q: adding VLAN 0 to HW filter on device bond0
[  297.771209][ T1137] bridge0: port 1(bridge_slave_0) entered disabled state
[  297.774726][ T1137] bridge0: port 2(bridge_slave_1) entered disabled state
[  297.809577][T11559] 8021q: adding VLAN 0 to HW filter on device team0
[  297.829995][ T1131] bridge0: port 1(bridge_slave_0) entered blocking state
[  297.831900][ T1131] bridge0: port 1(bridge_slave_0) entered forwarding state
[  297.845460][ T1137] bridge0: port 2(bridge_slave_1) entered blocking state
[  297.847414][ T1137] bridge0: port 2(bridge_slave_1) entered forwarding state
[  298.002865][T11559] 8021q: adding VLAN 0 to HW filter on device batadv0
[  298.023066][T11559] veth0_vlan: entered promiscuous mode
[  298.029087][T11559] veth1_vlan: entered promiscuous mode
[  298.042512][T11559] veth0_macvtap: entered promiscuous mode
[  298.045658][T11559] veth1_macvtap: entered promiscuous mode
[  298.053127][T11559] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  298.056039][T11559] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  298.058637][T11559] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  298.061406][T11559] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  298.064041][T11559] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  298.067347][T11559] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  298.071254][T11559] batman_adv: batadv0: Interface activated: batadv_slave_0
[  298.073757][T11591] netlink: 16126 bytes leftover after parsing attributes in process `syz.1.1925'.
[  298.076654][T11591] netlink: 183228 bytes leftover after parsing attributes in process `syz.1.1925'.
[  298.078814][T11559] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  298.081819][T11559] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  298.084366][T11559] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  298.087295][T11559] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  298.089816][T11559] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  298.092895][T11559] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  298.097079][T11559] batman_adv: batadv0: Interface activated: batadv_slave_1
[  298.101887][T11559] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  298.104181][T11559] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  298.107188][T11559] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  298.109673][T11559] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  298.137224][T11593] usb usb8: usbfs: process 11593 (syz.1.1926) did not claim interface 0 before use
[  298.145175][ T1131] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  298.147510][ T1131] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  298.164452][ T1131] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  298.168649][ T1131] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  298.333881][T11600] rdma_rxe: rxe_newlink: failed to add lo
[  298.582043][T11609] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  298.672963][   T40] audit: type=1326 audit(1728326618.781:274): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11604 comm="syz.1.1930" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7fe4579 code=0x0
[  298.893957][T11614] overlayfs: missing 'lowerdir'
[  298.936855][ T5354] Bluetooth: hci4: command tx timeout
[  299.142517][T11616] syz.3.1932 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  299.164607][   T40] audit: type=1326 audit(1728326619.271:275): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11615 comm="syz.3.1932" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73be579 code=0x7ffc0000
[  299.179632][   T40] audit: type=1326 audit(1728326619.281:276): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11615 comm="syz.3.1932" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73be579 code=0x7ffc0000
[  299.186585][   T40] audit: type=1326 audit(1728326619.281:277): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11615 comm="syz.3.1932" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf73be579 code=0x7ffc0000
[  299.192598][   T40] audit: type=1326 audit(1728326619.281:278): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11615 comm="syz.3.1932" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73be579 code=0x7ffc0000
[  299.200183][   T40] audit: type=1326 audit(1728326619.281:279): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11615 comm="syz.3.1932" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73be579 code=0x7ffc0000
[  299.205956][   T40] audit: type=1326 audit(1728326619.281:280): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11615 comm="syz.3.1932" exe="/syz-executor" sig=0 arch=40000003 syscall=192 compat=1 ip=0xf73be579 code=0x7ffc0000
[  299.211560][   T40] audit: type=1326 audit(1728326619.291:281): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11615 comm="syz.3.1932" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73be579 code=0x7ffc0000
[  299.217605][   T40] audit: type=1326 audit(1728326619.291:282): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11615 comm="syz.3.1932" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73be579 code=0x7ffc0000
[  299.223274][   T40] audit: type=1326 audit(1728326619.301:283): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11615 comm="syz.3.1932" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf73be579 code=0x7ffc0000
[  299.695588][T11625] FAULT_INJECTION: forcing a failure.
[  299.695588][T11625] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  299.699786][T11625] CPU: 1 UID: 0 PID: 11625 Comm: syz.2.1935 Not tainted 6.12.0-rc2-syzkaller #0
[  299.702158][T11625] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  299.704935][T11625] Call Trace:
[  299.705813][T11625]  <TASK>
[  299.706603][T11625]  dump_stack_lvl+0x16c/0x1f0
[  299.707845][T11625]  should_fail_ex+0x497/0x5b0
[  299.709082][T11625]  _copy_to_user+0x30/0xc0
[  299.710257][T11625]  simple_read_from_buffer+0xd0/0x160
[  299.711665][T11625]  proc_fail_nth_read+0x198/0x270
[  299.712986][T11625]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  299.714479][T11625]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  299.715922][T11625]  vfs_read+0x1ce/0xbd0
[  299.717018][T11625]  ? __fget_files+0x23a/0x3f0
[  299.718251][T11625]  ? fdget_pos+0x24c/0x360
[  299.719430][T11625]  ? __pfx_lock_release+0x10/0x10
[  299.720749][T11625]  ? trace_lock_acquire+0x14a/0x1d0
[  299.722121][T11625]  ? __pfx_vfs_read+0x10/0x10
[  299.723361][T11625]  ? __pfx___mutex_lock+0x10/0x10
[  299.724688][T11625]  ? __fget_files+0x244/0x3f0
[  299.725927][T11625]  ksys_read+0x12f/0x260
[  299.727050][T11625]  ? __pfx_ksys_read+0x10/0x10
[  299.728310][T11625]  __do_fast_syscall_32+0x73/0x120
[  299.729656][T11625]  do_fast_syscall_32+0x32/0x80
[  299.730951][T11625]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  299.732603][T11625] RIP: 0023:0xf7f58579
[  299.733681][T11625] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  299.738696][T11625] RSP: 002b:00000000f56d65a0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  299.740875][T11625] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000f56d6620
[  299.742915][T11625] RDX: 000000000000000f RSI: 00000000f73dbff4 RDI: 0000000000000000
[  299.745027][T11625] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  299.747113][T11625] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  299.749167][T11625] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  299.751249][T11625]  </TASK>
[  299.752145][    C1] vkms_vblank_simulate: vblank timer overrun
[  299.931450][T11634] FAULT_INJECTION: forcing a failure.
[  299.931450][T11634] name failslab, interval 1, probability 0, space 0, times 0
[  299.935323][T11634] CPU: 1 UID: 0 PID: 11634 Comm: syz.1.1939 Not tainted 6.12.0-rc2-syzkaller #0
[  299.937677][T11634] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  299.940463][T11634] Call Trace:
[  299.941345][T11634]  <TASK>
[  299.942141][T11634]  dump_stack_lvl+0x16c/0x1f0
[  299.943398][T11634]  should_fail_ex+0x497/0x5b0
[  299.944643][T11634]  should_failslab+0xc2/0x120
[  299.945883][T11634]  kmem_cache_alloc_noprof+0x6e/0x2f0
[  299.947326][T11634]  ? skb_clone+0x190/0x3f0
[  299.948509][T11634]  skb_clone+0x190/0x3f0
[  299.949635][T11634]  netlink_deliver_tap+0xb26/0xcf0
[  299.950992][T11634]  netlink_dump+0xb2d/0xcc0
[  299.952194][T11634]  ? __pfx_netlink_dump+0x10/0x10
[  299.953536][T11634]  ? find_held_lock+0x2d/0x110
[  299.954815][T11634]  ? lock_acquire+0x2f/0xb0
[  299.956023][T11634]  ? netlink_lookup+0x3d/0x270
[  299.957289][T11634]  __netlink_dump_start+0x6d9/0x980
[  299.958659][T11634]  ? nft_netlink_dump_start_rcu+0x63/0x1f0
[  299.960192][T11634]  nft_netlink_dump_start_rcu+0x81/0x1f0
[  299.961659][T11634]  nf_tables_getobj_reset+0x564/0x6a0
[  299.963078][T11634]  ? net_generic+0xea/0x2a0
[  299.964274][T11634]  ? __pfx_nf_tables_getobj_reset+0x10/0x10
[  299.965814][T11634]  ? trace_lock_acquire+0x14a/0x1d0
[  299.967314][T11634]  ? __pfx_nf_tables_dumpreset_obj_start+0x10/0x10
[  299.969002][T11634]  ? __pfx_nf_tables_dumpreset_obj+0x10/0x10
[  299.970577][T11634]  ? __pfx_nf_tables_dump_obj_done+0x10/0x10
[  299.972142][T11634]  ? __nla_parse+0x40/0x60
[  299.973322][T11634]  ? __pfx_nf_tables_getobj_reset+0x10/0x10
[  299.974873][T11634]  nfnetlink_rcv_msg+0x560/0x11e0
[  299.976205][T11634]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  299.977629][T11634]  ? find_held_lock+0x2d/0x110
[  299.978912][T11634]  netlink_rcv_skb+0x165/0x410
[  299.980170][T11634]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  299.981598][T11634]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  299.983000][T11634]  ? __pfx_aa_get_newest_label+0x10/0x10
[  299.984477][T11634]  ? bpf_lsm_capable+0x9/0x10
[  299.985717][T11634]  ? security_capable+0x7e/0x260
[  299.987058][T11634]  ? ns_capable+0xd7/0x110
[  299.988252][T11634]  nfnetlink_rcv+0x1b4/0x430
[  299.989430][T11634]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  299.990785][T11634]  ? netlink_deliver_tap+0x1ae/0xcf0
[  299.992170][T11634]  netlink_unicast+0x53c/0x7f0
[  299.993432][T11634]  ? __pfx_netlink_unicast+0x10/0x10
[  299.994822][T11634]  ? __phys_addr_symbol+0x30/0x80
[  299.996142][T11634]  ? __check_object_size+0x4a1/0x710
[  299.997548][T11634]  netlink_sendmsg+0x8b8/0xd70
[  299.998818][T11634]  ? __pfx_netlink_sendmsg+0x10/0x10
[  300.000207][T11634]  ? lock_acquire+0x2f/0xb0
[  300.001408][T11634]  ____sys_sendmsg+0x9ae/0xb40
[  300.002685][T11634]  ? __pfx_____sys_sendmsg+0x10/0x10
[  300.004068][T11634]  ? get_compat_msghdr+0x11b/0x170
[  300.005413][T11634]  ? __pfx___lock_acquire+0x10/0x10
[  300.006783][T11634]  ___sys_sendmsg+0x135/0x1e0
[  300.008025][T11634]  ? __pfx____sys_sendmsg+0x10/0x10
[  300.009396][T11634]  ? lock_acquire+0x2f/0xb0
[  300.010600][T11634]  ? __fget_files+0x40/0x3f0
[  300.011816][T11634]  ? fdget+0x176/0x210
[  300.012889][T11634]  __sys_sendmsg+0x117/0x1f0
[  300.014112][T11634]  ? __pfx___sys_sendmsg+0x10/0x10
[  300.015459][T11634]  ? __fget_files+0x244/0x3f0
[  300.016703][T11634]  __do_fast_syscall_32+0x73/0x120
[  300.018048][T11634]  do_fast_syscall_32+0x32/0x80
[  300.019338][T11634]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  300.020996][T11634] RIP: 0023:0xf7fe4579
[  300.022080][T11634] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  300.027070][T11634] RSP: 002b:00000000f576656c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  300.029227][T11634] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000640
[  300.031296][T11634] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  300.033349][T11634] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  300.035404][T11634] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  300.037456][T11634] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  300.039531][T11634]  </TASK>
[  300.040459][    C1] vkms_vblank_simulate: vblank timer overrun
[  300.136294][T11641] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  300.205615][T11636] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  300.247710][T11636] netdevsim netdevsim2: loading /lib/firmware/. failed with error -22
[  300.250209][T11636] netdevsim netdevsim2: Direct firmware load for . failed with error -22
[  300.255750][T11636] netdevsim netdevsim2: Falling back to sysfs fallback for: .
[  300.318425][T11649] lo speed is unknown, defaulting to 1000
[  300.448969][T11656] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  300.867552][T11674] 
[  300.868261][T11674] ======================================================
[  300.870077][T11674] WARNING: possible circular locking dependency detected
[  300.871902][T11674] 6.12.0-rc2-syzkaller #0 Not tainted
[  300.873516][T11674] ------------------------------------------------------
[  300.876597][T11674] syz.3.1950/11674 is trying to acquire lock:
[  300.878191][T11674] ffff88802389e258 (sk_lock-AF_BLUETOOTH-BTPROTO_RFCOMM){+.+.}-{0:0}, at: rfcomm_sk_state_change+0x6d/0x3b0
[  300.881185][T11674] 
[  300.881185][T11674] but task is already holding lock:
[  300.883111][T11674] ffff88805e9f2d28 (&d->lock){+.+.}-{3:3}, at: __rfcomm_dlc_close+0x235/0x700
[  300.885413][T11674] 
[  300.885413][T11674] which lock already depends on the new lock.
[  300.885413][T11674] 
[  300.888060][T11674] 
[  300.888060][T11674] the existing dependency chain (in reverse order) is:
[  300.890398][T11674] 
[  300.890398][T11674] -> #3 (&d->lock){+.+.}-{3:3}:
[  300.892204][T11674]        __mutex_lock+0x175/0x9c0
[  300.893517][T11674]        __rfcomm_dlc_close+0x235/0x700
[  300.894972][T11674]        rfcomm_dlc_close+0x1eb/0x240
[  300.896367][T11674]        __rfcomm_sock_close+0xa7/0x230
[  300.897805][T11674]        rfcomm_sock_shutdown+0xd5/0x230
[  300.899288][T11674]        rfcomm_sock_release+0x5d/0x140
[  300.900732][T11674]        __sock_release+0xb0/0x270
[  300.902078][T11674]        sock_close+0x1c/0x30
[  300.903319][T11674]        __fput+0x3f6/0xb60
[  300.904575][T11674]        task_work_run+0x14e/0x250
[  300.905982][T11674]        get_signal+0x1d3/0x26d0
[  300.907351][T11674]        arch_do_signal_or_restart+0x90/0x7e0
[  300.909028][T11674]        syscall_exit_to_user_mode+0x150/0x2a0
[  300.910706][T11674]        __do_fast_syscall_32+0x80/0x120
[  300.912241][T11674]        do_fast_syscall_32+0x32/0x80
[  300.913708][T11674]        entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  300.915572][T11674] 
[  300.915572][T11674] -> #2 (rfcomm_mutex){+.+.}-{3:3}:
[  300.917592][T11674]        __mutex_lock+0x175/0x9c0
[  300.918977][T11674]        rfcomm_dlc_exists+0x5f/0x1a0
[  300.920452][T11674]        rfcomm_dev_ioctl+0xabc/0x1e70
[  300.921957][T11674]        rfcomm_sock_compat_ioctl+0xba/0xe0
[  300.923595][T11674]        compat_sock_ioctl+0x17b/0x7e0
[  300.925090][T11674]        __do_compat_sys_ioctl+0x259/0x2b0
[  300.926707][T11674]        __do_fast_syscall_32+0x73/0x120
[  300.928249][T11674]        do_fast_syscall_32+0x32/0x80
[  300.929719][T11674]        entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  300.931606][T11674] 
[  300.931606][T11674] -> #1 (rfcomm_ioctl_mutex){+.+.}-{3:3}:
[  300.933755][T11674]        __mutex_lock+0x175/0x9c0
[  300.935143][T11674]        rfcomm_dev_ioctl+0x9db/0x1e70
[  300.936639][T11674]        rfcomm_sock_compat_ioctl+0xba/0xe0
[  300.938273][T11674]        compat_sock_ioctl+0x17b/0x7e0
[  300.939776][T11674]        __do_compat_sys_ioctl+0x259/0x2b0
[  300.941384][T11674]        __do_fast_syscall_32+0x73/0x120
[  300.942948][T11674]        do_fast_syscall_32+0x32/0x80
[  300.944424][T11674]        entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  300.946287][T11674] 
[  300.946287][T11674] -> #0 (sk_lock-AF_BLUETOOTH-BTPROTO_RFCOMM){+.+.}-{0:0}:
[  300.948834][T11674]        __lock_acquire+0x250b/0x3ce0
[  300.950315][T11674]        lock_acquire.part.0+0x11b/0x380
[  300.951894][T11674]        lock_sock_nested+0x3a/0xf0
[  300.953318][T11674]        rfcomm_sk_state_change+0x6d/0x3b0
[  300.954941][T11674]        __rfcomm_dlc_close+0x28c/0x700
[  300.956471][T11674]        rfcomm_dlc_close+0x1eb/0x240
[  300.957952][T11674]        __rfcomm_sock_close+0xa7/0x230
[  300.959492][T11674]        rfcomm_sock_shutdown+0xd5/0x230
[  300.961042][T11674]        rfcomm_sock_release+0x5d/0x140
[  300.962601][T11674]        __sock_release+0xb0/0x270
[  300.964026][T11674]        sock_close+0x1c/0x30
[  300.965344][T11674]        __fput+0x3f6/0xb60
[  300.966574][T11674]        task_work_run+0x14e/0x250
[  300.967915][T11674]        get_signal+0x1d3/0x26d0
[  300.969205][T11674]        arch_do_signal_or_restart+0x90/0x7e0
[  300.970789][T11674]        syscall_exit_to_user_mode+0x150/0x2a0
[  300.972389][T11674]        __do_fast_syscall_32+0x80/0x120
[  300.973851][T11674]        do_fast_syscall_32+0x32/0x80
[  300.975303][T11674]        entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  300.977012][T11674] 
[  300.977012][T11674] other info that might help us debug this:
[  300.977012][T11674] 
[  300.979614][T11674] Chain exists of:
[  300.979614][T11674]   sk_lock-AF_BLUETOOTH-BTPROTO_RFCOMM --> rfcomm_mutex --> &d->lock
[  300.979614][T11674] 
[  300.983152][T11674]  Possible unsafe locking scenario:
[  300.983152][T11674] 
[  300.985061][T11674]        CPU0                    CPU1
[  300.986455][T11674]        ----                    ----
[  300.987829][T11674]   lock(&d->lock);
[  300.988818][T11674]                                lock(rfcomm_mutex);
[  300.990515][T11674]                                lock(&d->lock);
[  300.992140][T11674]   lock(sk_lock-AF_BLUETOOTH-BTPROTO_RFCOMM);
[  300.993725][T11674] 
[  300.993725][T11674]  *** DEADLOCK ***
[  300.993725][T11674] 
[  300.995804][T11674] 3 locks held by syz.3.1950/11674:
[  300.997145][T11674]  #0: ffff888011ddc408 (&sb->s_type->i_mutex_key#10){+.+.}-{3:3}, at: __sock_release+0x86/0x270
[  300.999860][T11674]  #1: ffffffff8fd52128 (rfcomm_mutex){+.+.}-{3:3}, at: rfcomm_dlc_close+0x33/0x240
[  301.002270][T11674]  #2: ffff88805e9f2d28 (&d->lock){+.+.}-{3:3}, at: __rfcomm_dlc_close+0x235/0x700
[  301.004660][T11674] 
[  301.004660][T11674] stack backtrace:
[  301.006179][T11674] CPU: 2 UID: 0 PID: 11674 Comm: syz.3.1950 Not tainted 6.12.0-rc2-syzkaller #0
[  301.008483][T11674] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  301.011233][T11674] Call Trace:
[  301.012099][T11674]  <TASK>
[  301.012872][T11674]  dump_stack_lvl+0x116/0x1f0
[  301.014101][T11674]  print_circular_bug+0x419/0x5d0
[  301.015416][T11674]  check_noncircular+0x31a/0x400
[  301.015980][ T5354] Bluetooth: hci4: command tx timeout
[  301.016700][T11674]  ? __pfx_check_noncircular+0x10/0x10
[  301.019949][T11674]  ? lockdep_lock+0xc6/0x200
[  301.021158][T11674]  ? __pfx_lockdep_lock+0x10/0x10
[  301.022489][T11674]  __lock_acquire+0x250b/0x3ce0
[  301.023768][T11674]  ? __pfx___lock_acquire+0x10/0x10
[  301.025124][T11674]  ? __mutex_trylock_common+0xea/0x250
[  301.026549][T11674]  ? __pfx___mutex_trylock_common+0x10/0x10
[  301.028081][T11674]  ? __rfcomm_dlc_close+0x235/0x700
[  301.029432][T11674]  lock_acquire.part.0+0x11b/0x380
[  301.030767][T11674]  ? rfcomm_sk_state_change+0x6d/0x3b0
[  301.032189][T11674]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  301.033646][T11674]  ? rcu_is_watching+0x12/0xc0
[  301.034899][T11674]  ? trace_lock_acquire+0x14a/0x1d0
[  301.036245][T11674]  ? rfcomm_sk_state_change+0x6d/0x3b0
[  301.037659][T11674]  ? lock_acquire+0x2f/0xb0
[  301.038848][T11674]  ? rfcomm_sk_state_change+0x6d/0x3b0
[  301.040263][T11674]  lock_sock_nested+0x3a/0xf0
[  301.041491][T11674]  ? rfcomm_sk_state_change+0x6d/0x3b0
[  301.042917][T11674]  rfcomm_sk_state_change+0x6d/0x3b0
[  301.044292][T11674]  __rfcomm_dlc_close+0x28c/0x700
[  301.045597][T11674]  rfcomm_dlc_close+0x1eb/0x240
[  301.046869][T11674]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  301.048402][T11674]  __rfcomm_sock_close+0xa7/0x230
[  301.049712][T11674]  rfcomm_sock_shutdown+0xd5/0x230
[  301.051049][T11674]  rfcomm_sock_release+0x5d/0x140
[  301.052360][T11674]  __sock_release+0xb0/0x270
[  301.053572][T11674]  ? __pfx_sock_close+0x10/0x10
[  301.054845][T11674]  sock_close+0x1c/0x30
[  301.055955][T11674]  __fput+0x3f6/0xb60
[  301.057008][T11674]  ? _raw_spin_unlock_irq+0x23/0x50
[  301.058368][T11674]  task_work_run+0x14e/0x250
[  301.059580][T11674]  ? __pfx_task_work_run+0x10/0x10
[  301.060921][T11674]  get_signal+0x1d3/0x26d0
[  301.062099][T11674]  ? kick_process+0xf6/0x1b0
[  301.063319][T11674]  ? task_work_add+0x1d6/0x370
[  301.064573][T11674]  ? __pfx_task_work_add+0x10/0x10
[  301.065901][T11674]  ? __pfx_get_signal+0x10/0x10
[  301.067181][T11674]  arch_do_signal_or_restart+0x90/0x7e0
[  301.068610][T11674]  ? __pfx___sys_connect+0x10/0x10
[  301.069935][T11674]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  301.071539][T11674]  ? rcu_is_watching+0x12/0xc0
[  301.072781][T11674]  syscall_exit_to_user_mode+0x150/0x2a0
[  301.074236][T11674]  __do_fast_syscall_32+0x80/0x120
[  301.075565][T11674]  do_fast_syscall_32+0x32/0x80
[  301.076829][T11674]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  301.078467][T11674] RIP: 0023:0xf73be579
[  301.079526][T11674] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  301.084454][T11674] RSP: 002b:00000000f56a656c EFLAGS: 00000296 ORIG_RAX: 000000000000016a
[  301.086596][T11674] RAX: fffffffffffffffc RBX: 0000000000000005 RCX: 0000000020000300
[  301.088998][T11674] RDX: 0000000000000080 RSI: 0000000000000000 RDI: 0000000000000000
[  301.091086][T11674] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  301.093130][T11674] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  301.095159][T11674] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  301.097186][T11674]  </TASK>
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  301.580855][ T1137] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  301.727057][ T1137] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  301.839118][ T1137] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  301.898925][ T1137] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  302.017255][ T1137] bridge_slave_1: left allmulticast mode
[  302.018782][ T1137] bridge_slave_1: left promiscuous mode
[  302.020290][ T1137] bridge0: port 2(bridge_slave_1) entered disabled state
[  302.022773][ T1137] bridge_slave_0: left allmulticast mode
[  302.024256][ T1137] bridge_slave_0: left promiscuous mode
[  302.025755][ T1137] bridge0: port 1(bridge_slave_0) entered disabled state
[  302.159303][ T1137] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  302.162642][ T1137] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  302.165787][ T1137] bond0 (unregistering): (slave macvlan2): Releasing backup interface
[  302.168339][ T1137] team0: left promiscuous mode
[  302.169727][ T1137] team_slave_0: left promiscuous mode
[  302.171152][ T1137] team_slave_1: left promiscuous mode
[  302.173331][ T1137] bond0 (unregistering): Released all slaves
[  302.243963][ T1137] bond1 (unregistering): Released all slaves
[  302.318669][ T1137] Êü: left promiscuous mode
[  302.570569][ T1137] hsr_slave_0: left promiscuous mode
[  302.572205][ T1137] hsr_slave_1: left promiscuous mode
[  302.574567][ T1137] veth0_macvtap: left promiscuous mode
[  302.576107][ T1137] veth1_vlan: left promiscuous mode
[  302.577495][ T1137] veth0_vlan: left promiscuous mode
[  302.785794][ T1137] team0 (unregistering): Port device team_slave_1 removed
[  302.823760][ T1137] team0 (unregistering): Port device team_slave_0 removed
[  303.279688][ T1137] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  303.328930][ T1137] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  303.379262][ T1137] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  303.459131][ T1137] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  303.557591][ T1137] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  303.628527][ T1137] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  303.698850][ T1137] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  303.765685][ T1137] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  303.847459][ T1137] bridge_slave_1: left allmulticast mode
[  303.848973][ T1137] bridge_slave_1: left promiscuous mode
[  303.850496][ T1137] bridge0: port 2(bridge_slave_1) entered disabled state
[  303.852996][ T1137] bridge_slave_0: left allmulticast mode
[  303.854507][ T1137] bridge_slave_0: left promiscuous mode
[  303.856239][ T1137] bridge0: port 1(bridge_slave_0) entered disabled state
[  303.859047][ T1137] bridge_slave_1: left allmulticast mode
[  303.860539][ T1137] bridge_slave_1: left promiscuous mode
[  303.862077][ T1137] bridge0: port 2(bridge_slave_1) entered disabled state
[  303.864509][ T1137] bridge_slave_0: left allmulticast mode
[  303.866153][ T1137] bridge_slave_0: left promiscuous mode
[  303.867653][ T1137] bridge0: port 1(bridge_slave_0) entered disabled state
[  304.029504][ T1137] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  304.032807][ T1137] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  304.035760][ T1137] bond0 (unregistering): Released all slaves
[  304.041207][ T1137] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  304.044295][ T1137] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  304.047360][ T1137] bond0 (unregistering): Released all slaves
[  304.104951][ T1137] tipc: Left network mode
[  304.378666][ T1137] wlan1: deauthenticating from 08:02:11:00:00:00 by local choice (Reason: 3=DEAUTH_LEAVING)
[  304.550564][ T1137] hsr_slave_0: left promiscuous mode
[  304.552347][ T1137] hsr_slave_1: left promiscuous mode
[  304.554158][ T1137] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  304.556220][ T1137] batman_adv: batadv0: Removing interface: batadv_slave_0
[  304.558465][ T1137] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  304.560403][ T1137] batman_adv: batadv0: Removing interface: batadv_slave_1
[  304.563702][ T1137] hsr_slave_0: left promiscuous mode
[  304.565413][ T1137] hsr_slave_1: left promiscuous mode
[  304.567349][ T1137] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  304.569289][ T1137] batman_adv: batadv0: Removing interface: batadv_slave_0
[  304.571466][ T1137] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  304.573409][ T1137] batman_adv: batadv0: Removing interface: batadv_slave_1
[  304.577504][ T1137] veth1_macvtap: left promiscuous mode
[  304.579003][ T1137] veth0_macvtap: left promiscuous mode
[  304.580469][ T1137] veth1_vlan: left promiscuous mode
[  304.581907][ T1137] veth0_vlan: left promiscuous mode
[  304.583518][ T1137] veth1_macvtap: left promiscuous mode
[  304.584963][ T1137] veth0_macvtap: left promiscuous mode
[  304.586622][ T1137] veth1_vlan: left promiscuous mode
[  304.772140][ T1137] team0 (unregistering): Port device team_slave_1 removed
[  304.809320][ T1137] team0 (unregistering): Port device team_slave_0 removed
[  305.264816][ T1137] team0 (unregistering): Port device team_slave_1 removed
[  305.304029][ T1137] team0 (unregistering): Port device team_slave_0 removed

VM DIAGNOSIS:
18:43:41  Registers:
info registers vcpu 0

CPU#0
RAX=00000000013794a4 RBX=0000000000000000 RCX=ffffffff8b130829 RDX=ffffed1005687026
RSI=ffffffff8bb122e0 RDI=ffffffff816417fc RBP=fffffbfff1b52af8 RSP=ffffffff8da07e20
R8 =0000000000000000 R9 =ffffed1005687025 R10=ffff88802b43812b R11=0000000000000001
R12=0000000000000000 R13=ffffffff8da957c0 R14=ffffffff901cd188 R15=0000000000000000
RIP=ffffffff8b131c0f RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88802b400000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000000000000000 CR3=000000002a8c0000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=00000000000000f6 RBX=0000000000000001 RCX=000000000000083f RDX=0000000000000000
RSI=00000000000000f6 RDI=000000000000003f RBP=0000000000040001 RSP=ffffc9000713f2b0
R8 =0000000000000001 R9 =0000000000000000 R10=0000000000000001 R11=000000000000dff0
R12=0000000000000001 R13=0000000000000000 R14=0000000000000001 R15=ffff888029628000
RIP=ffffffff813bc0f8 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff88802b500000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000000020ca7000 CR3=0000000073528000 CR4=00352ef0
DR0=0000000000000000 DR1=00000000872c9164 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 2

CPU#2
RAX=000000000000002d RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff85036a05 RDI=ffffffff9a63a220 RBP=ffffffff9a63a1e0 RSP=ffffc9002c8bf1a8
R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=2d2d2d2d2d2d2d2d
R12=0000000000000000 R13=000000000000002d R14=ffffffff850369a0 R15=0000000000000000
RIP=ffffffff85036a2f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff88802b600000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000008f000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000f522647d CR3=000000002a8c0000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 3

CPU#3
RAX=0000000000000000 RBX=0000000000000000 RCX=ffffffff81cb02e4 RDX=ffff88801fa80000
RSI=ffffffff81cb013e RDI=ffffffff8ddb7800 RBP=ffff888043475820 RSP=ffffc90001fbf7b8
R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000000 R11=ffff88802b728a7c
R12=ffff888043475800 R13=dffffc0000000000 R14=0000000000000002 R15=ffff8880404de000
RIP=ffffffff81cb02fd RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88802b700000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000d6000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000f71e18e0 CR3=000000002a8c0000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=000000000000000e 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000