last executing test programs:

9.708703177s ago: executing program 3 (id=3217):
socket$netlink(0x10, 0x3, 0xc)
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x2, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0)
write$P9_RSTATu(r3, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_IPV6_HOPOPTS(r4, 0x29, 0x48, &(0x7f0000000080)={0x84, 0x4, '\x00', [@calipso={0x7, 0x20, {0x1, 0x6, 0x8, 0x0, [0x6, 0x5, 0x9]}}]}, 0x30)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a300000000040000000030a01080000000000000000010040000900030073797a320000000014000480080002400000000008000140000000000900010073797a300000000088000000060a010400000000000000000100000008000b40000000000900010073797a3000000000600004805c0001800b0001007470726f787900004c000280"], 0x110}}, 0x40040)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r7=>0x0})
r8 = socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$inet6_tcp_TCP_ULP(r8, 0x6, 0x1f, &(0x7f0000000000), 0x4)
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010000000000000000003900000008000300", @ANYRES32=r7, @ANYBLOB="24005a80200003800500040001000000140005"], 0x40}}, 0x0)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r9, &(0x7f0000003e00)={0x0, 0x0, &(0x7f0000003dc0)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000010000000000000000090000000a20000000000a05140000000000000000010000000900010073797a300000000058000000160a09000900000000000000010000000900010073797a30000000000900020073797a32000000002c00038018000380140001006d616373656330000000000000000000080002400000000008000140000000001400000011"], 0xa0}}, 0x0)
sendmsg$NFT_BATCH(r9, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000001740)=ANY=[@ANYBLOB="140000001000010000000000000000000100000a300700000c0a01010000000000000000030000090900010073797a30000000000900020073797a320000000004070380e80500800800034000000001d4050b800c00018008000100647570001c0001800b00010064796e73657400000c0002800800054000000003100001800b0001007470726f7879000034000180090001007866726d00000000240002800500030002000000080004400000000405000300030000000800014000000000100001800b0001006578746864720000100001800a00010072616e676500000050000180080001006475700044000280080002400000000008000240000000090800024000000010080002400000000108000240cec23698080002400000001308000240000000090800024000000010a00401800e000100696d6d6564696174650000008c040280700102804000028008000180fffffffd0900020073797a32000000000900020073797a320000000008000340000000010900020073797a32001859000000080003400000000205000100a5000000340002800900020073797a320000000008000180fffffffd0900020073797a3000000000080003400000000308000180fffffffd0c00028008000180fffffffe0c0002800800018000000002d80001008825653d4197161f3a3b16f5b7e548b8ed50506e5d8d2e35f4b251ce5a14e964a75f5e09cf656efcabd17aa399886b1908ba3c6f368059d46c47ff541a7f10ca7c5aca32831df4c5663aae7c0c9457dcd893ffe965a7493d2891c1afa4f3631dbdde6d46a24679858f1c8dad5584c53a74c0dd8c599023f8d7df0be81b8926e746c77fae2ad29d1644a00c34b2ac1edbcc671164c2ad2ab03aa4f25efba7666a699d75a48895835bf2c7048134e37ccf4086c4d766397604be55d9e5f75e0ab845ffbb644c02bbb986a069e4549260226a167655080001400000000e440002803e0001005c96cdceb386e427a989fb5b05b067c7100438fb25c0935befcb66055acfcfba6fe01e46b5ba7147f43f20f8cb678672b7f2cfca726c29a0e0a50000cc020280c1000100f23d5caea2c224fc440a70387352d184cf75cfa29d4acca5fe1b8ec039714edec9a67c11750b29f7d796336aaeece56a1241a69e24e56941fbd4cac303769b594dad0498ffe74803460db3717c08458ccc523f11506496d435744708752549a2c261777c7443beabde4e4ae17439ba4a478fa30c104fc8a66222d6fa84e22efe428f52c8e1190f699d616fbd3f9c9e5fd354a9212c0f8f275dc3d50e4cf867e61b1cc7a7164e4ae4e515080a1fc70e5c8bfc19920a224d9c248d7bde6e000000100002800900020073797a3200000000010101009a51bd31bc8cc276dd62e1dfd4ea98302411b46ded33d98b0269d4914798d17568286ca7fa6c1a780be3bb2a4a6cd8df636983ddd6fbb36b58ce22c955fb0c6a16466ed4a1eb64486ecea9289c92275be8254f5c05bd5890a11f3531d72969e9976cc7900341dd4b8fd495d9c51f5257054bf2be0490886c26ef1b3b135a288cf947c81ca712073f27aee2fdcd7bebb4538794869553d42f3197024f81f7e514609af6b22e0553228eb7b0fab55c7a257fbf32bd68fa7aebddceb892b8ca19618d0f555c47d46baff81f36a061ec71f86ffa67b5294cb9862698252b23de3e413aad8b1cb8bcefcebb68d78143a5fad90809350d0c833cea42495168c200000004000100e9000100ce55dabe01c01bc130d1e5fc60b36174f7fce42044508ad2946abb855d8412c1792e49bd695ac724d5b1f7350360f279b1a6d725db763901da764f0628c54090c2199003b291d939cacc52fc4a7460a3737e11efac9760560de5e2b8f488bf95fbef04eb460a872f4c2639d7f780fd445b3b1c4b7c12222178b81b5fe43682c23b0964116917cf12b739057856b5ca6423f2ec6d06ef3d86d7560a5537f11efbd7951dde413056633f649c2e407b5e4b858f472e200b660bead17464071e60541fc98d5c7bcd8ffde65c0260dfd353f7fc664354d268793efbc6baf53a9d1d1dface99732b000000440001800c000100636f756e74657200340002800c00024000000000000000030c00024000000000000003ff0c00024000000000000000030c00014000001fc0000000001000018009000100686173680000000008000340000000021c0000800900090073797a30000000000c0005400000000000000009fc0000801800078008000100647570000c00028008000221000000160c0005400000000000008000d400064072b09bf420a5f26f8ce1ff858688245c768ba5558e1713508e51e5045f5f1dd42e15818bdaf0dd9e24980e4b8e7e9461d762d5345bc7aec7923e30096c47472bc7c32bcf67dd0b8b0a33e05f5467807710b2fda9d605ec73454f705bdde78507c7d6c5030414681ffa02d9f933bf3f86bc01d2825c0eca69cfb41f4a4f915840b4ff818f9ef2e757c0ea3d61fc82464a99f4c60fb9be2c0470596b7b633e581ea2c9e5e5e8ac5b33d637d2f0cda3ba74b05721d72d7347a4b25b16c7789ef970caf77dd5684472fc2e3c3426a1ea4da01400000011000100ffffffff000000000000000a"], 0x758}, 0x1, 0x1200}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)

8.812189725s ago: executing program 3 (id=3220):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x2, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.throttle.io_service_bytes_recursive\x00', 0x275a, 0x0)
syz_usb_connect$cdc_ncm(0x0, 0x0, 0x0, 0x0)
write$binfmt_script(r3, &(0x7f0000000100), 0xfffffd9d)
r4 = socket(0x1e, 0x4, 0x0)
connect$tipc(r4, &(0x7f0000000040)=@nameseq={0x1e, 0x1, 0x0, {0x1, 0x1, 0x4}}, 0x10)
sendfile(r4, r3, 0x0, 0x8010002b)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000000)='kvm_set_irq\x00', r3, 0x0, 0xd}, 0x18)

5.3308767s ago: executing program 3 (id=3230):
r0 = getpid()
r1 = syz_pidfd_open(r0, 0x0)
r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000004c0), 0x48100)
r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000002c0), 0x1)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r3, 0xc08c5332, &(0x7f0000000040)={0x0, 0x3, 0x0, 'queue0\x00'})
write$sndseq(r3, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick, {}, {}, @raw32}], 0xffc8)
poll(&(0x7f0000000780)=[{r3, 0x3230}], 0x1, 0x40000)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(r2, 0xc08c5335, &(0x7f00000001c0)={0x0, 0x80, 0x0, 'queue0\x00'})
close_range(r1, 0xffffffffffffffff, 0x0)

5.286184717s ago: executing program 2 (id=3231):
bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x11, 0xc, &(0x7f0000000680)=ANY=[@ANYRES64], &(0x7f0000000200)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x2f, '\x00', 0x0, @fallback=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
socket$netlink(0x10, 0x3, 0x0)
mount$9p_unix(&(0x7f0000000180)='./file0/file0\x00', &(0x7f0000000300)='./file0\x00', &(0x7f0000000340), 0x10000, &(0x7f0000000440)=ANY=[])
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9f, 0x11e41e7a, 0x20000000, 0x2, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0xffffffffffffffd2}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x800}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000400)=0x6)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x17, &(0x7f0000000000)={&(0x7f0000000100)=@ipv4_newrule={0x24, 0x20, 0x301, 0x0, 0x25dfdbfb, {0x2, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x8}}, 0x24}}, 0x40)
sendmsg$IPSET_CMD_SAVE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000500)=ANY=[@ANYBLOB="1c000000080601020000000000000000000000000500010007000000c6571bf2e7186ac883c237f47d4c44bc733dc30d8c5237d3f20b3f0cca634156a791193eb68a6285bd8feab5bed2ced12b3a993320e79e8b951a6af69dbbe867a3f24acd973eec476cc759e333efb1910bcd1f49f38ff1e3c1a786683bf3deb61e7b2e981d66dfa13fd20597a7775b1e561d576527b763126d05bf1efa0d4fd123b15146ff9f9e62d8e9cc8a0c6daa87fa035f6b7e66e9f84c1127c6cd52e97293d317a6c332e4b7ef51183a732749034e6b5ec426dd8aaf6d3be1e3aaefa19b1f12c95520abf8e2992ff90a132ae97c886605b4ea261d2b167ca52f34fb46d8955264f00334647d4420ffb6cfdc0e90b547c6dd2f57bc70c3ac68520a7ef7f0dcfe0567bc1e7b3c828976d450168179c0499bef21800034acaa9129c326dd917ac49a906f3432f64c87455575d85adeb108e44cf3af65ac24f0725d3f7bc170f0a80086eae708061b9d3b99d1d1e04434e3ed"], 0x1c}}, 0x0)
pipe2$9p(&(0x7f0000000100), 0x80000)
r4 = openat$sndseq(0xffffff9c, &(0x7f0000001240), 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r4, 0xc0a45320, &(0x7f00000000c0)={{0x80, 0xf7}, 'port1\x00', 0x3ab, 0x2062f, 0x3, 0x7, 0x0, 0xc, 0x3fc, 0x0, 0x7, 0xfd})
readv(r4, &(0x7f0000000700)=[{&(0x7f0000000080)=""/63, 0x3f}], 0x1)
openat$sequencer(0xffffff9c, &(0x7f0000000000), 0x2, 0x21)
r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'bridge0\x00'})
socket$nl_route(0x10, 0x3, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)

5.006804367s ago: executing program 0 (id=3233):
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = socket$tipc(0x1e, 0x2, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x4, 0x800000)
syz_io_uring_setup(0x27da, &(0x7f0000000180)={0x0, 0x745b, 0x2, 0x1, 0x32f}, &(0x7f0000000080), &(0x7f0000000100))
r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r2, 0xaf01, 0x0)
ioctl$VHOST_SET_VRING_ENDIAN(r2, 0x4008af13, &(0x7f0000000080)={0x1, 0x1})
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x16, &(0x7f0000000140)=ANY=[@ANYBLOB="61154c00000000006113300000000000bfa00000000000001503000008004e002d35010000000000950000bc000000006916000000000000bf67000000000000350605000fff07206706000005000000160302000ee60060bf500000000000000f650000000000006507f9ff0100000007070000cddfffff1e75000000000000bf54000000000000070400000400f9ffad4501000000000095000000000000001500000000000000950000000000000032ed3c12dc8c27df8ecf264e0f84f9f17d3c30e32f1754558f2278af6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd3997f9c9c4f6f3be4b369289aa6812b8e007e733a9a4f1b0af3dda82ee45a010fb94fe9de57b9d8a81426104000000000000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546ccd3f1d5ab2af27546e7c0700000000000000b555202da2e0ec2871b4a7e65836429a527dc47ebe84a423b6c8d345dc8da3085b0ab71ca1b901627b562ed04ae76002d4519af619e3cca4d69e0dee5eb106774a8f3e6916dfec88158f0200000000c8fb730a5c1bf2b2bb71a629361997a75fd552bdc2300000008ac86d8a297dff0445a15f21dce4de9f29eff65aadc841848c9b562a31e56723888fb126a163f16f920ae2fb494059bba8e3b680324a188076eb685d55c4e9b2ad9bc1172ba7cbebe174aba210d739a018f9bbec63222d20cecac4d03723f1c932b3a6aa57f1ad2e99e0e67ab93716d20000009f0f53acbb40b4f8e2738270b31562ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb4000000000000000000000000004000bc00f679629709e7e78f4d08000000ebe6bd9d42ca0140a7afaab43176e65ec1118d50d1e827f3472f4445d253880800000000000000690884f800031e03a651bb96589a7e2e509bcc1d161347623cb5e7ac4629c8ab04871bc47287cd31cc43000000207b40407d000000210000000000000000005f37d83f84e98a523d80bd970d703f37ca364a601ae899a56715a0a62a34c6c94cce6994521629ab028acfc1d926a0f6a5489af8dc2f17923f3c40dfd1970a55c22fe3a5ac000000000000000000000000000000c1eb2d91fb79ea00000000000000bb0d0000000000000000b712c1e47be511fe32fbc90e2364a55e9bb609c64423d2d00fea2594e190deae46e26c596f84eba9000000000000003cc3aa39ee4b1386bab561cda886fa642994cacd4722a11dc3c693962895496d4f6e9cc54db6c7205a6b068fff496d2da7d632bd1f61b007e1ff5f1be1969a1ba791ad46d800000000c7f26a0337302f3b41eae59809fd05d12f6186f117b062df67d3a63f3265dd1410eea68208a3f26b2989b832d8b34a34a4f08b34b3042065acaa10856e858d27adee7daf32903d3fc78700d429a2d4c835d803eb83eecfe4c7ff9e6ab5a52e83d089dad7a8710e0254f1b11cced7bc3c8da0c44d2ebf9f6f3ff3be4d1458077c2253b0c7c7a0a9fdd63bf910dc20e5cb2a88e59febc47f1212a21f631dbaa74f22bad050e9856b48ae3a03a497c37758537650fe6db88aa3c41fdc3d78e046f6160e1741299e8dc29906870e6431ed1eab5d067a183f064b060a8ec12725d42e3a74863d66bee966b1574f8e01b3f34a267ff0afa1e1c758a0079b747067312e9815a21cb3f1f8150d999d788535a4d3114dbc7e2bf2402a75fd7a55733360040855ed5d1c0d634fb9fb38f84d9d87b27f8a5d91217b728f13e3ee20e69e0ffb2780b1a7af137ff7b4ff139604faf0a4da65396174b4563d54b52f06c870edf0c5d744b5272b44c23488b2bdbff947c4dfa108cbb88202eeb81f428a5b3c299848649e1a6bff5af657a67463d7dbf85ae9321fad16ee751cd7dde94ec97549c2b517dc4a29b9cba8ded5de8206c812439ab129ae818837ee1562078fc524b3baf49a0be9bb7d958d5e87c6c09bf71a894bad62934782cc308e936d7637e07c4a2a3bc87b0da23c00d9ef418cf19e7a8c4c328be0ce95798adc2dca871073f6bd61dc18402cde8bf377b2eaa45c940aabc86b94f8cbde4d470667bee722a6a2af483ad0d3415ed0f9db059a6cffb92e2a0cfd81434e00000000000000000000d154ba10a8e51489a614e69722bac30000000000000000000000000000c5c4d188ff555285b9743d3aac000583f42d168613151d681a2f71373f20d92c9048407c91fabecfe8b3f2d5454d127edab14ba61ba1cfc4336324c86f3dcb43e9a58208077e90f6ec1c7ac756f61dcc372cdd30b82507489f0bbfbd3c3f21752e81319c0161e154ceb16e00bc7f5a6962dff317f4d014786e432817064874d69a39cb0da31bcc5f81894d8a5cbb8be3f7741b18007dff12eb95066cc6bc256f0a12282224bb031bbee6d23cef7074f6d718b06ca80b57aa183dd0c3eee45891441f2b89b4c67aa9882281393954972046974f18df232cd7fca610e33f51c2d062020f403d85ff36c26e2f6bd1d82f4d3ceb3472d9a77e0057a3bfe697d9ab7585f4a1b381343d2cf855689232f4fc5135790662dc1419a374be9d7b3e5be2886d23add90d862f1a682ff11c798e338af3e5bb0f9d3952b15bf3e0c618c89d20ca1e18a031397693bf3cfbd8417e5b55e641c898c280356f2da222d5d68919d98158578dcf18efa404e508bcbbb8cfcf70086821ebdf34c9a1dff45af873d0ecdf904c2bdbef81f246d26f4b40df949e12bdac18532f4e11c608cc31d60cb591c40a7b386fa1c753336d7220a35118d4919b45eff32aab684e62c6691de14e97aa7e9dc8ecf0cd50540246d2b746e41e5b4e2c095039dfe0f71db6265f7580d098be40ef36faee5d1695830d4242a23e541e6ce9fa1998d8961cf4fe3c8e8fbb566fffffffffc229614a4b7f80d237b8abc6fd0407de31d6e5532f360d379f20f054e5deb27f7922fe6c14eba96c9af409da03290e4009f872d5aaca63dbe239efb1e02dd4fc07f8c5b070e2ddeb4b5afa6df2e7e162962e334d8553cc56008ddc8277fa9e8f6684513bfa827686b6fb71259743f55f46fa7e6379312e93213faf275f0441d46bc5690181244c44bea45854ed4ccd99f3fd328110ae22ef1504ec0566652d742ed8a7e202539c6531824f7399b486fbb906a91b77f2a6ba27bf97ebc7482cea32278a7acd9f2210e6ed2defcbd112f29a92401c5a37c58835f870b056186ef3971d3d9effa5661cabc2a059689dcfb030dd4ac0fe54db67510d3e9a5d36b900000000000000000000000000000000c9e484cf5f8c0955c11b285de46871d62f9d986e73658d228225b21f694dd2dc80e96ce476496973ee14e3d4fd03507c6f7c0c8ae809ddc9a36b4f30d15d08cc8e72d750f5e529cf4cec823b923d382f3f2c42dcb4b316eba77e7f767ae17d4d3427c9379eadbd040fbbe0c6dd8100f1558354bdd35626052c2e66cc34f4e266cc04218764824533cac2736e236b50ae4d800565910200af9cb11002791a91d834ffcc65a6226ecafe0372e3ace29c2441eca24371857aa9eb9b3910a2eb"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xffffffffffffffd2, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0)
pread64(r3, &(0x7f00000001c0)=""/200, 0xc8, 0x0)
lseek(r3, 0x0, 0x1)
syz_open_dev$video4linux(&(0x7f0000000040), 0x10001, 0x800)
madvise(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x16)
ioctl$SOUND_MIXER_READ_STEREODEVS(r3, 0x80044dfb, &(0x7f0000000bc0))
openat$misdntimer(0xffffff9c, &(0x7f0000000140), 0x80c40, 0x0)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000001c0)={{}, 0x0, 0x0}, 0x20)
pipe(&(0x7f0000000480)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
vmsplice(r4, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1)
socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000b80)={'ip6tnl0\x00', <r5=>0x0})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000b40)=ANY=[@ANYBLOB='D\x00\x00\x00\x00', @ANYRES32=r5, @ANYBLOB="000024000000000024001200140001006272696467655f736c617665800000000c000500080005"], 0x3}}, 0x0)
splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x10d00, 0xf)
r6 = dup(r1)
write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c)
pselect6(0x40, &(0x7f0000000600)={0x11, 0x2, 0x2, 0xffffffffffffffff, 0xfffffffffffffffe, 0xc, 0x2, 0x8}, 0x0, &(0x7f0000000400)={0x7fc, 0x2, 0x800000, 0x0, 0x15, 0xc3ad}, 0x0, 0x0)
pselect6(0x40, &(0x7f0000000600)={0x6, 0x0, 0xfffffffffffffffd, 0x40, 0x2, 0xd, 0x7, 0x7}, 0x0, &(0x7f0000000680)={0x7ff, 0x7, 0x9, 0x7, 0x4, 0x0, 0x5, 0x2}, 0x0, 0x0)

4.365819912s ago: executing program 3 (id=3234):
openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/tcp_wmem\x00', 0x1, 0x0)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x3000000)
syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
mount$9p_fd(0x0, 0x0, &(0x7f0000000080), 0x400, &(0x7f0000000a40)=ANY=[@ANYBLOB=',debug=0x0000007,version=9p20\\++},%{!(6,afid=0x000000003f5689cf', @ANYRES16])
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x8c)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = openat$dsp1(0xffffff9c, &(0x7f00000001c0), 0x24003, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
fanotify_init(0x4c, 0x0)
connect$inet(0xffffffffffffffff, &(0x7f0000000300)={0x2, 0x4e20, @local}, 0x10)
ioctl$SOUND_OLD_MIXER_INFO(r0, 0x80304d65, &(0x7f0000000280))
shutdown(0xffffffffffffffff, 0x1)
mount$overlay(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200), 0xd4, &(0x7f0000000180)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@workdir={'workdir', 0x3d, './file0'}}], [], 0x2c})
fspick(0xffffffffffffffff, &(0x7f0000000140)='./file0\x00', 0x1)
r4 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000380)=ANY=[@ANYBLOB="38000000031401002abd7000fedbdf250900020073017a31000000000800410072786500140033006c6f", @ANYRES64=0x0, @ANYBLOB="4aa7f55c4d9e79be09974ea08334682d824c86160d90989198327e0d0a958d96b86fd594f9948da6dd357e2d751dc4a30f3707d929e761358698adf1427de2abf4f2a920a0286e64ca10ff79fcc7b704d3f076ee2347b0d641feec0f23ee046ca9e70a8998c19dee5f82dd235b2f42b02918700300dd1919a4e6958abe1a8b8742d3f694d04e85a5524f3ac988bba6710701a2a99a5f4753d13b8ce0cd4f9d3e71120de6b89ec9339e98113fc98539dc69747167b0a25c4eeffa79c13755de64496701299232", @ANYBLOB="8d7b7332550e78f2fa9d1e29fc08c30719baa9af90af6f4a09660efe813c", @ANYRES16=0x0], 0x38}, 0x1, 0x0, 0x0, 0x44}, 0x810)
socket$inet6(0xa, 0x5, 0x6)
syz_usb_connect(0x3, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400011b00000009040000022a3e740009058bff7f0000100109050b362f"], 0x0)
close(0xffffffffffffffff)

4.348576389s ago: executing program 2 (id=3235):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket(0x1d, 0x2, 0x6)
bind$l2tp(r1, 0x0, 0x0)
syz_emit_vhci(&(0x7f00000006c0)=ANY=[@ANYBLOB="04230d00c80001"], 0x10)
socket$nl_netfilter(0x10, 0x3, 0xc)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x141121)
r3 = dup(r2)
write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB="140000001000010000000000000000f9ffffff0924000000060a0b04000000000000000002000008040004800900020073797a3200000000140000001100010000000000000000000000000a93ae51bd1ebe0c5d5969fd92f738"], 0x4c}}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x300000e, 0x20c44fb6edc09a38, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r6=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r6, @ANYBLOB="1f003300d00000000802110000010802110000005050505050500000", @ANYRES8=r0], 0x3c}}, 0x10)

3.821738486s ago: executing program 0 (id=3236):
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32=0x0, @ANYBLOB="0000000000000100"/20, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00'/28], 0x48)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x70bd2b, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7b, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$CEC_ADAP_S_LOG_ADDRS(0xffffffffffffffff, 0xc05c6104, &(0x7f00000001c0)={"f2efe21e", 0x0, 0x5, 0x4a, 0x0, 0x1ff, "2179d46fd08e3c0ced34c7d0c7e6d7", "7ca24a13", "0400", "a2d1d4a2", ["1af0b1ba1cb8fd54c9c9b587", "bed0f3d6ce7a5f7389827f04", "33af343c60abc64f2fdc9ddf", "9b3842fc63849f62b6eb1c3c"]})
r3 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000000c0), 0x80201, 0x0)
write$rfkill(r3, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x1}, 0x8)
r4 = syz_open_dev$cec(&(0x7f0000000000), 0x0, 0x0)
r5 = memfd_secret(0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x400, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r7, 0xae60)
ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000000200)={0x0, 0x1, 0xf000, 0x1000, &(0x7f0000f9a000/0x1000)=nil})
ioctl$KVM_SET_VAPIC_ADDR(0xffffffffffffffff, 0x4008ae93, &(0x7f00000000c0)=0xffff)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000280)={0xffffffffffffffff, r5, 0x2e, 0x4608, @void}, 0x10)
write$uinput_user_dev(r5, &(0x7f00000003c0)={'syz0\x00', {0x3b, 0x5, 0x5f, 0x500}, 0x10, [0xa, 0x40, 0x2, 0x1, 0x2, 0x200, 0x6, 0xa5d2, 0xffff85cf, 0x4, 0x3, 0x9, 0x8, 0x6, 0x4, 0x55defd4e, 0x10, 0x3, 0xfffffffb, 0xdc6, 0x100, 0x0, 0x7, 0x81, 0x7f, 0x4, 0x1, 0x9, 0x80000001, 0x3, 0x7, 0x0, 0x8, 0x2, 0xe5a, 0x5, 0x8, 0xe, 0x3, 0xc61, 0x80000000, 0x1, 0x0, 0xe, 0x2, 0xe, 0x8, 0x6, 0xfffffff8, 0x0, 0x246aac8c, 0x7, 0x98b, 0x102f, 0x0, 0x5, 0xfffffff8, 0x80000000, 0x6, 0x9, 0x10e, 0x0, 0x8, 0x2], [0x5, 0x7, 0x2, 0x1000, 0xb4e8, 0x2, 0xd89, 0xffffffff, 0xa8, 0x200, 0xa, 0x8, 0x8, 0x5, 0x40, 0x0, 0x8e41, 0x6, 0x2, 0x3, 0x1, 0x1ed3df8b, 0xc, 0x1, 0x200, 0xb18, 0x3, 0xfffffff9, 0xb, 0x1000, 0xffffff64, 0x2, 0xe8, 0x0, 0x9, 0x3ff, 0x1, 0x80000001, 0x80000001, 0x2, 0x2, 0x1, 0x70, 0x1, 0xbac, 0x101, 0x2, 0x7fff, 0x7f, 0x401, 0x72c7, 0xffff, 0xffffffff, 0x80, 0x2, 0x6, 0x8001, 0x3, 0x7, 0x8001, 0xd, 0x3, 0x0, 0x5], [0xf, 0x9, 0x7, 0x4, 0x7e, 0x8, 0x5, 0x2, 0x7, 0x1, 0x4, 0xd3, 0x2, 0x5c3, 0x81, 0x6, 0x8001, 0x5, 0xfffffffc, 0x7, 0x2, 0x3, 0x6, 0xd, 0x4, 0x280, 0x8, 0x400000, 0x9, 0x6, 0xb71, 0x6, 0x6, 0x1ff, 0x7, 0x9, 0x3, 0x8, 0x6, 0x2, 0x800, 0x5, 0x3, 0x1, 0x2, 0x3, 0xfffeffff, 0x1, 0x8, 0x6, 0x10, 0xb2, 0x200, 0x48, 0xfffffffc, 0x4, 0x2, 0x7, 0x6, 0x9, 0x8d1, 0x0, 0x4, 0xffffffff], [0x7ff, 0x3e41, 0x0, 0x11, 0x10001, 0x9, 0xa, 0x0, 0x8, 0x1000, 0x7b5a, 0xfffffffc, 0x6, 0x7c, 0x5, 0x8, 0xd, 0xffff, 0x6, 0x7, 0x1, 0x8, 0x9, 0x5, 0x9, 0x1, 0x3, 0x5, 0x7, 0x0, 0x5, 0x5, 0x378, 0xfffffff9, 0x3, 0xc6, 0x8, 0x9, 0xf24, 0x6, 0x3, 0x9c, 0x2, 0x9, 0x80000000, 0x1, 0x9c59, 0x359, 0x6, 0x10, 0x8, 0x0, 0x0, 0xf6, 0x4, 0x3, 0x0, 0x3, 0xffffffff, 0x2, 0x751, 0x1, 0xffffb288]}, 0x45c)
ioctl$CEC_TRANSMIT(r4, 0xc0386105, &(0x7f0000000d40)={0x2, 0x3, 0x3, 0xfffffffc, 0x0, 0x4063, "57c1169b6664ea61326ac71ae7213059", 0x0, 0x0, 0x0, 0xfd, 0x5, 0x1})

3.355720142s ago: executing program 1 (id=3239):
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/key-users\x00', 0x0, 0x0)
r1 = memfd_create(&(0x7f00000005c0)='\x00\xc76\xbe\x91\x8d\x182)!\x9a%\xa2\xd28\xd6\x06\a\x0e\xfc\xfe\x12\x8f&\x13\xae%@T\xa3\xb0>\\\xec\xa9\xf9Q@6A\x10\x8cn|\x00\x00\x00\x00\x00\x00\x00\x00\xeb0\xdd\xe8\x87\x05=\xfb\x8b$\xdcQ\xee\xc5\x1f\x8bQ\xf7fo\"i\xa1hk\x1d\xf5z\xc1\x7f\xa4\\]\xc4\xbe3\xf9\xa8\t?:\xd8\xda\x84\xeepI[\x1c\x00\x00\x00\x00\xf9v\x00\x00\x00\x00\x00T\xb6\xbe\x0f~\xc0\x92\xe9O{\xa8\x81(\x01\x14\xfc\x83\xf9\xfb\x05\x94Tr@Lq]\xf9\x15zj\x87\xc4\x8e\xe8/\xb9-&R\x8e\xb2\xb3bBx\x1e1\x18\x8f\x19\xf7]#\xed,\xc7\x11\tp\xf4\xa3\xee\xcb\xaf\xb3\xe3\'}\x18\xe8O\xa8#K\xb6\xe4U\x92\xd2\x99\xb8<X\xfa\xdd\x8a6\xa1\x82\xf7r\xd8z\x85\x8do\xa5\xed\xd4\xbc8\xfb\x16\x8e\x8b-W\xd4\xc9\xbc\x94CR[Du8U^\xf2tl8\xfe\xd0\x94\xfe\xf5\x1c+\x00U\te\xfa6\xca\xb9\xb4Q\xd9\xee\r6\x861h{\xc7z\'F\xc7\x91\x06x\xe1`\xf1:\xbd+\xd5\f\xb2\xce\xa4\x06\x90\x90\x9b\x1d\xcaa\xf7\x8f\x9e\x80\x93\xafT\xdfl\xec\xc6\x8e\x96\r[n\xc6\x99\x1fr<\x06\xb3\xbcT\x00\xda6\x18/\x18', 0x0)
ioctl$FS_IOC_RESVSP(r1, 0x402c5828, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x100})
ftruncate(r1, 0x3)
lseek(r1, 0x0, 0x3)
r2 = openat$ipvs(0xffffffffffffff9c, &(0x7f00000004c0)='/proc/sys/net/ipv4/vs/sync_qlen_max\x00', 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_io_uring_setup(0x19ff, 0x0, &(0x7f0000000240), &(0x7f0000000100))
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00'}, 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000a00)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0a000000010000003f0000004000000042000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000000000000000000000000000000000000000000000000007f721185d1bd3a0ddc9b4f4fb93aedd0a03ab11a8cb57ca3b63a1566d7b8c329386274571eb19ffef06b6d1fff919327c75193a37bfd8eccb5961ba7d48b24796f3025fac2b1f91877"], 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080), &(0x7f0000001a40), 0x1003, r6}, 0x38)
r7 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000080)=ANY=[@ANYBLOB="9feb010018000000000000001c0000001c00000003000000010000000000000e0200000000000000000000000000000504000000002e"], 0x0, 0x37, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20)
bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x9, 0x4, 0x4, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, r7, 0x10000002, 0x1001, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r8 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/secure_tcp\x00', 0x2, 0x0)
write$cgroup_int(r8, &(0x7f0000000040)=0x3, 0x12)
sendfile(r2, r0, &(0x7f0000000000)=0x9, 0x3fffff)

3.338049659s ago: executing program 2 (id=3240):
syz_open_dev$evdev(&(0x7f0000000240), 0x0, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
socket(0x400000000010, 0x3, 0x0)
socket$unix(0x1, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$packet(0x11, 0x3, 0x300)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet6_udp(0xa, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x10, 0x3, 0x0)
socket$netlink(0x10, 0x3, 0x0)
fsopen(&(0x7f0000000180)='gfs2meta\x00', 0x0)
r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000040)={&(0x7f0000000100)=[<r1=>0x0], 0x1})
r2 = socket$phonet_pipe(0x23, 0x5, 0x2)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000240)={{}, 0x0, &(0x7f0000000200)=r2}, 0x20)
ioctl$DRM_IOCTL_MODE_ATOMIC(r0, 0xc03864bc, &(0x7f0000000180)={0x1, 0x1, &(0x7f00000000c0)=[r1], &(0x7f0000000180), &(0x7f0000000200), &(0x7f00000001c0)})

3.168704949s ago: executing program 2 (id=3241):
r0 = epoll_create(0x10000e9)
openat$udambuf(0xffffffffffffff9c, &(0x7f00000000c0), 0x2)
r1 = memfd_create(&(0x7f0000000340)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\x008\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf8\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xd9\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00', 0x3)
getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x6d, &(0x7f0000000580)={<r2=>0x0, 0xc3, "09937e220d27b0964c5311128e76b11ec5241157103801d7ed077d3a7067e428de9457b585b7cb64c051a56b3473a953c2a1a522982fa249d446a1063576c897cc0217cad456ce184545c81593ee6461fa106a75bda4893f5fbd042dd1fce021818a089633d06d0abf4c2c72bc3467e79432818833ff884baa25bca9db1185c6b995829d2483f3cf86ab2cb4bd7eeee993a8d9965ced19ef9c65958e2b5eed1091a87ee2268213f55dccb2d6493237f64f21268719a2056c03f18c896d275ceb86a8d4"}, &(0x7f0000000200)=0xcb)
setsockopt$inet_sctp_SCTP_PR_SUPPORTED(0xffffffffffffffff, 0x84, 0x71, &(0x7f0000000240)={r2, 0xffffff9e}, 0x8)
r3 = signalfd4(r0, &(0x7f0000000480)={[0x0, 0xfffffffc]}, 0x8, 0x0)
r4 = syz_open_dev$radio(&(0x7f0000000000), 0x3, 0x2)
ioctl$VIDIOC_DQEVENT(r4, 0x80805659, &(0x7f0000001200)={0x0, @frame_sync, 0x0, 0x0, {<r5=>0x0}})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r6 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r6, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
mount(&(0x7f0000000680)=@nbd={'/dev/nbd', 0x0}, &(0x7f00000006c0)='./cgroup\x00', &(0x7f0000000300)='udf\x00', 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000100)='./file0\x00', &(0x7f00000004c0), 0x40, 0x0)
chdir(&(0x7f0000000280)='./file0\x00')
renameat2(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup\x00', 0xffffffffffffff9c, &(0x7f00000007c0)='./cgroup\x00', 0x2)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00'}, 0x10)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$batadv(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r7, &(0x7f0000000400)={0x0, 0x22, &(0x7f0000000780)={&(0x7f0000000880)=ANY=[@ANYRESHEX=0x0, @ANYRES16=r8, @ANYRES64=r1, @ANYRES64, @ANYRES16=r5], 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x0)
r9 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r3, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000500)=[@textreal={0x8, &(0x7f0000000700)="66b9800000c00f326635000800000f3066b90b0a000066b83600000066ba000000000f30670f01ba002000002e0fc77f030f0d1c66b80f0000000f23c80f21f866350c00a0000f23f83e0fc73bbaf80c66b820643e8f66efbafc0c66ed66b9a40900000f3266b9800000c00f326635008000000f30", 0x75}], 0x1, 0x40, 0x0, 0x0)
ioctl$KVM_RUN(r9, 0xae80, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r9, &(0x7f0000015000/0x18000)=nil, &(0x7f0000000140)=[@text32={0x20, &(0x7f0000000180)="0f01cb66baf80cb8987a8e87ef66bafc0cb80b000000ef6436360f001066ba610066b87e0066efb998090000b8ce000000ba000000000f30c4e3610ea4ba0000000004b8010000000f01c1b9b50b0000b85240d2b5ba000000000f30660f382b61550fc77c858d", 0x67}], 0x1, 0x20, &(0x7f0000000180), 0x0)
ftruncate(r1, 0xffff)
fcntl$addseals(r1, 0x409, 0x7)

2.518246242s ago: executing program 0 (id=3242):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newchain={0x1520, 0x64, 0x102, 0x70bd29, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, {0xa, 0x1}, {0x0, 0x4}, {0xffe1, 0x7}}, [@TCA_RATE={0x6, 0x5, {0x6, 0xe2}}, @TCA_RATE={0x6, 0x5, {0x9, 0x6}}, @filter_kind_options=@f_bpf={{0x8}, {0x4}}, @TCA_RATE={0x6, 0x5, {0x7, 0x9}}, @TCA_RATE={0x6, 0x5, {0x2, 0x9}}, @filter_kind_options=@f_fw={{0x7}, {0x14c8, 0x2, [@TCA_FW_ACT={0x14a0, 0x4, [@m_connmark={0x170, 0x1f, 0x0, 0x0, {{0xd}, {0x11c, 0x2, 0x0, 0x1, [@TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x0, 0x7, 0x6, 0x5, 0x6}, 0x8001}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x1, 0xfffffffb, 0x5, 0xfffffffa, 0x8}}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x7, 0x3, 0x7, 0xae42, 0x5}, 0x4}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x5, 0x4, 0x7, 0xb, 0x6}, 0x6}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x9, 0x9, 0x10000004, 0x80000000, 0x5}, 0x3}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x9, 0x4, 0x8, 0x3, 0x7f}, 0x1ff}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0xfffff001, 0x10001, 0x5, 0x4, 0x4}, 0x8}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x5a, 0xffffff33, 0x6, 0x5, 0x81}, 0xe2b}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x2008, 0x8, 0x5, 0xe5f7, 0x5}, 0x9}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x1, 0x7, 0x0, 0x1, 0x5}, 0x4}}]}, {0x25, 0x6, "b7d15d1ca5919170b30222c8398620c848b48e48f50f60bc506b9c091f1ed58d68"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x1, 0x2}}}}, @m_nat={0x1194, 0x15, 0x0, 0x0, {{0x8}, {0x16c, 0x2, 0x0, 0x1, [@TCA_NAT_PARMS={0x28, 0x1, {{0xd74, 0x2c, 0x1, 0x6, 0x8}, @broadcast, @rand_addr=0x64010100, 0x0, 0x1}}, @TCA_NAT_PARMS={0x28, 0x1, {{0x7, 0x9, 0x10000000, 0xa31, 0xffff}, @private=0xa010102, @empty}}, @TCA_NAT_PARMS={0x28, 0x1, {{0x8, 0x8000, 0x3, 0x2, 0x5}, @private=0xa010102, @rand_addr=0x64010102, 0xff000000}}, @TCA_NAT_PARMS={0x28, 0x1, {{0x0, 0x7, 0xffffffffffffffff, 0x1, 0x3}, @loopback, @empty, 0x0, 0x1}}, @TCA_NAT_PARMS={0x28, 0x1, {{0x9, 0x3b08, 0xfffffffffffffff7, 0x5, 0x200000}, @multicast1, @remote, 0x0, 0x1}}, @TCA_NAT_PARMS={0x28, 0x1, {{0x7fff, 0x401, 0x2, 0x2, 0x80000000}, @empty, @multicast1, 0xff000000, 0x1}}, @TCA_NAT_PARMS={0x28, 0x1, {{0x4, 0xe8a1c29f, 0x0, 0xb, 0x101}, @loopback, @local, 0xff}}, @TCA_NAT_PARMS={0x28, 0x1, {{0x4, 0x1, 0xffffffffffffffff, 0x1}, @broadcast, @multicast2, 0xffffff00, 0x1}}, @TCA_NAT_PARMS={0x28, 0x1, {{0x2, 0x8, 0x10000000, 0x101, 0x3}, @broadcast, @local, 0xffffffff}}]}, {0x1004, 0x6, "68e51b7a5a0b16f319eed84e8f0de58b0f182c6c3bcbbb76ec1b4d68acbf05954ab6d727cc2bba88921dbc0159cc8f31a991597c00b64fc90ef5738ff56d824f2c9119f95adb42c8ff4e5a1a623f26a98ca98b2adb48f4e3865b7eff4b8367959b1fa642e5abfd47bca9f31a46e8e51b59d640f480e2c22c3761b41b9800ada5474d8922ca62919a230f67c5baa96264a9366e0b7e2c9c36742cd95a198fe92689e08304411d00419147a29df557b19bdd838c8a7824392fa928e9a54523d5e84acbf30dbec2361f84e1981360e9bc7e5a359429d5cadfa29045dc057d5939f5567bab7cde6ef5318097dbe4ff1d9a4a40ab29b856e24e09020eeb491bee76d8a0d0c22c773252c317a7c47201d95ebcef0f4fbcabdc46f085b44793ef4f1eca6152227f19e23d913aab24281d087f4aa8cd2517fea02b13c184235904ff940fb84c6dd7a7597eb7491ef4c7abe27bbf7bd1c00b99465a04ae795d305c225277a53c441c705ac616daabb9bdffe44929e9c19c521f94534387694567669bccb873d89f00205b2714ed377b378b8c3c4cfe0865310bc1b8b58606a08efe3643323ee887dbad4e2794221aaf4a605c3581ab15f4d1e6e34818c4f88b68bbd72a67138a4fe005af4c3a2773554d49cb4c4ce4044e860bc646abfbd8c7342ebdc3d3dbb6266170e6e62d70dc101f7d737672600e3d96638378840f4e8fbd121fbc8630e34e661720da1ef7985d05d18dc5c22d0c0e61dac3c7860cf1963867572776199646eb79bc2670629db93c4cb585ca05dd1865d43b27db82dad43d96f5a91f6d3dae6f1477abe412f67574ee162d18cabca3b96d965ca17ec4de29e1da72e3a5974c1b16af3974f287c7ec3d42ae628fd2a97fe82bd0b3312813657c057994dfc1e8697eda1ce661446a9e33f5cd7649cd559fb76f24360a60c770a40ddc69de1801c00d4d8ab804e12103cd24dfcfdbca126324a131adefa01afbcdc7f2d0a05257d97ce42a04c1b812d151a1f2833e547ecfc2c7dc839cdc8eed4ef770949a6d2618e99d606aba629d82de91216d0a49c2a58d0d1d5a59493629af669a0052e3137eb364c40acbb2ec8514c3ba9a0abd6dc78a51508347e13ea328a675108e2019cc2410e34c67a404f72223d582acaebf1bb5595eb7b53fa2369685aadb45b05af6d3ca6da8735dbed35b3140e9cb96f605526280adf2fe40906265eecee88ce91aecc05974494337df033f9661f2f554f7f85ca0bf293a1bb73b5c0c0fb4b151c26225bc0a5e5550306efc50216204d8e70aaaedde6a849d6f9ec80585c2b7a4fdf835266e54ff27735320cd583b9f239a066852393162117d25209b840c20e782bdebb80c59a85e1adf17f0db923da5776dcf27b26d0620786d1e59665cdd559f2ae9dcc9ba18131a7a8a436f9d009f32daa253e7715bf19bb821c3605592256ff4b5a13f7409939686e4e8451546b4f961fc7c8902571ba75c3e2bce24599d7276d68c77f79c2e876e75f35a14dca725936bbcde242fd933b5e6f7b138d31030019b86ce93c55f20a90cf70ae98247be794c4e7df6031bd1f318b770cc19fc0d262c8078455004121e28271cdaf7eec3deb4466665e07b9e362bb6b0f738e0cdb41fcc025ce276676cc02611edcc1626fe89013fe43293e726171bbd5f1074ed5eb58e00d4dff98c85cbe1cf426571129355d7a5323228094dc50373ef87ba3a4a3fdd44c0f94e4fbfd3822a56b59fcfae8e9eea346c0edb2058abcf9c7ba623518ab588f7d7a4546d3a94a333b17c0c0e4f1fe62a8289b82757f422879ec0ac7f645a57c8925ebfbf97f19e2b67f64911266391df8f05615e78b588986d2030dd8b003d4214296d484ec26922a3295f3a535a2853858a7c7fdf0a8ec83bf590c2f3d57741c2b1b7c4d65401fafb789d3d1ff5e018caef0e87430d4aeefc01fb223e561a30e2882f95adb3c12d3ae0865e76b0c75983f42db99338b53df4c313d4c101ae0a6ad79ec10cad625fb754952712d68242ff180dec179c6cc248c3eaf06b32749da306ef186601e6535516c750df6281ff15705bf1749aca5c2b805ed2edc920e86a112b48e326f668437fb397eaff067edbb089abcce337dca87801f56a98fc40859d7cd7707a0dd47562b1ce3f68200d9547431d72c0575bd7af754235bd73e552f5dcd8f5af2fc1ab38c614d19e8cb9d90f84df5b1cfdbf12eab434ca32bc3a3eaae4784e5347c63de48e00053e6d43628c978ba2b51e4777425449161c1541679f0507c24ea78e676dcf3215da46d3335d69d98837a993206a6c52df5e6ae9ab6175f36f892291a2f662f79ec858724b8ae46ec07bd71bcaad575deaeea764880b63a2adee4c92e41a577e91a026dde49e8c85b8bde6356fe75631ade16a47a120c11ae42285ef0a063c363fe82877b874f908cfd6ce0050633df3d058a8d103278e84199175c14bef5e1318532f0064084757ff941e2f481133d263ed5ce8f5431d4ad1ded004f3ce768bf6aa7c2ed36cc494f32dd91e4962c1665c3f3d000621cc0ffe4203bdccea42cb19dbf0a60e5b42a1dc689fb67ce58306f1165f860829cf58628573b25fe29842d2b467294919ca3c231ef0c26d603618b68e3545e8b6fad22046e8d0c48351a369fd4697ca1fc75cfce4d6454f14ec348d6da3d831f21d01ca27621189697c93b6703efaee0dbfeda8f82190b1d3d3eef7dc0a6c9bb8d233312a9e7b442ae8aab713422dee058a42ad3bb6878875dc4a5308e2e88f9b6263d9bab8e1ae0d2575278df93436b0a705272e1082f005297b8c59190bffe809a7bb910308e1d7c2b3a498b22cc530e122bccfce69855ec32014c75e99d803ca530461f3d683de3846a9e52f5b00022f35e63ea119c7ddbfe2be6a472035c3842a95da812f3410b2a0c8de3f5270621341a9c99f2f3d2bbc309539c35ab73aa426c8d2d0e2362f7d6e06f8953b3791d49c3b99621b2b61d703dacff4ecc6c6f03ab630f366241e2f7581d69bca8c2cd36d9377a1c08039c58661dde3998ca6f7bd0c2ca6817e1629bed21a277de8b6d2781dc8e674fb3d9e46c672ab7ca4d3850e41efbe5e7540d3d82c65206cf9334475e8507215be9873fec7cc54a9ccf40d4d9055c91df557a7f2259adc1546f975eb9a834ed84c1b6005d39277a596aca3178e4abfb37952fdc843e5cb6495e357ca2393acceb63934ada14bfd3a3729d38e100962b283dcdc55c03ba4433764888311eb9763bdda10e527132dd17cc21c13576c2dab200314fecbe7e100942fcc540063dad192710483f971af437affe72dd21e8aea1e9b3ed584c43a2863ff91a3bbe60219f46902e05b62e08b7e54dba67a0c9d55eaa2edcdad57fec8598a5ae368904f3cc8e5848bb5bed7a2ec593bd2b096346eaac305df615183f1f4cf47d326abe32267021c1ad531a02fa6b80e34fd907b4556948071fa2d9bf4956e0fa92c31b22bbfab598a6762aa0922f40564bbd12136990f3bddfc0e641ec894500932679b1932e18c3560c8730e0863fb4012fd94d841c8ae1676118c66b2559a4b0fafda71864c40f4a54d51671d681788f4c10ff1f89ee4ecc0e478ec3fc26b81c9c691ea286026305da32434de9ac8623dc9cc4670e34f37732148648123c7444267ef1db1497fa058e4f2e1e99ed687e5046cbca85525a81cab9d75735b21a3fca0880f48e2bc539ce35e122b2d539505afbc85f82cafabc68abde18dad89c2e41b256433aa84ab38f577338cddb5efbde9bf834d7b864d69f4104805009be49b4fc6729967f39a1825ac3b2b98f60fa6f68e1951e47022126a6cd8c17b544acd60aca6a62e985a40ef1a62ba86a9c6d91f97d649ee20da61022d3735f66298dc5c92a1705f969dbadfa7f1c4bf525c35d8e91a2f5ba05e5087455cc4dadb1808f8719016e00f7489218e30393863db3bce0d4fb15a256d5ac5b94b9a62ddffd966d7cd896c9dabb9158d45e04c10fcd693e48641cf524ccb3ab96a2e548662e58ba11961d1e822c9eac7de10243b558e011a6870ae12c285234988c54068f91b92d223f5dd02c7f319e5d59e47e932ad5e530beb25377c8e41269676b4b064819c127a5f0812d7bef45c3aa3aac1e12e12c7466847a850921af60c635832b65398bb52f551ff7fbe19378b47ec2d6d032539e50ed73c775e524e0f3abd3cb1f6a810828253c5cb84f3f6eb2d9d21ce576bb6974993fc46b23fb773ed14691256285c60bcce7ad59838a51a9171c8132f11ca3d64753ef8ee3ed09cc00c93780818fa501c4b767690f0b7ec14d30ed9a9833ec825965109a22415239f49e1900dedfacdfb0be48cd005cfdc409fc798d1fa9d71ddc54a99ba1d3456da3156426371ac1668cd05b2153e48c1cd2994985f7a63e3e110e75f3456517933aa704b056873a1b5b0a3b70fd78b67f0dcc95dbb2a83cbc1d9c9c3ab6c0625980ac8b3f93e487b6c12559520b27604313e16ee2d4de2835eaf3f86f90658dd5d6bee03491d2f788fe7e8003585fbdfaa39df18babf5464a81bfa1c2a5c8fabe66990290e8b3582c7ca2bd95bbd647a3c8d534160b32d08af32fe8c5642d48398b65f06ea7dd0e941ce3f343b2a734351a30427fc16acaadc421be4caa980aa1a2c556462f58364a4580f571e9b79fc34b61c396f96314c358c6e89e1fdc97967681ddc39562ae5f7bdf192f8bd87d0a94910baafa4c444bb1be5458ffd3c04d3a238a3f4639b0dd174620479610ef9162c8e8b1b4c8bdb72092c553a5a9a0c9ca8419c91d10a79c3f0857080c2878ab19786ab1913b825fbdb1efd7dc92326c9cddca2c392f80d375f8583d939b1e672a8079e47dec48a4bbe5f20cfd91da459b7a1fc79ce66445447d20970c0e5690199c17c0564859f27a2aa6e247e0dc0201233fbaa8de24941aae2ed3610312ef2d09b3d88629721a7ff47b91a8153db2eedf1d4de732e8d10c109bd81b27c782e5a988d19b1c33830ea1ed14e3236d69b835957c0b769a2fbdcc1dafe0134c797479959899cda913be1d06eaa6caab4b9716813e17f18b4a0fb58f37cd7e8f61689377448efed7379f303a3d1b03175e4135b67e30c05801235f17d7e3517cd759cb567b5bfa000820f6c51434afdcf05a9a496a4159da827e87fbd46f247afdfab82eb1fd09a301015fa289596e626d49227939914e0b330df68ee024ca663c69066ad9d6103d5d281f93fa00d8f8b17c8eb6b0ff3f52d585171745f189bebcded500176ddb148553ca6075fc239191472e4c6e578053a50ca59b945b0e5fe9cea6fee252e58a4230b6e8e593c35ca38ba84957cd0de0334fd95676c9086841a45db1e21c0f68c3d504702c4d990dae41d5ee1aa492a532019ea53574912e00f7b9b1317141b11bdf5f8ec368dad1b312770a8e5bf1fa25b66ba2b2b0ee6e7410cb2c8c70f88c7e69f88af36515b81ad759021f218d92f41b8283fcd45f38218e93b577d90b6e2c22e19bb26fedf31facb00185d3823445892678becbd46328522e2142cd662d335967160ba0f6baf17fc87bb414ab591ed01a8f3e51d679070e44dd7385d589bcf1525f7eb3f517906fe335a10396ed549358672a0af07a5b8a65406b79bcf673684a6accff92437930f89e1d281577539dbac27c9e64cebb09a1dfdda9d9d01156ec7d68369d6aecc788d33811d3b9004a88e47c70b22a8724059cb73415a29c2931e65418a35df3cbb4155ed88054bd40f59b8c2a9439174a59a634530e951f5ca870fd2650a32f3437646a0f95e"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x1, 0x3}}}}, @m_gact={0xd0, 0x12, 0x0, 0x0, {{0x9}, {0x64, 0x2, 0x0, 0x1, [@TCA_GACT_PROB={0xc, 0x3, {0x1, 0x1957, 0xffffffffffffffff}}, @TCA_GACT_PARMS={0x18, 0x2, {0x6, 0x9, 0x8, 0x6, 0x2}}, @TCA_GACT_PROB={0xc, 0x3, {0x2, 0x1065, 0xb}}, @TCA_GACT_PROB={0xc, 0x3, {0x0, 0x125e, 0xffffffffffffffff}}, @TCA_GACT_PROB={0xc, 0x3, {0x0, 0x1e91, 0x2}}, @TCA_GACT_PARMS={0x18, 0x2, {0xa65, 0x3, 0x8, 0x3, 0x7}}]}, {0x43, 0x6, "32252a9585f30e12fde72e5556973a715dab69bf686eb37b33077d7ddc7502cc8cbcb7329ed05b877a16b97afcc25704586c7fdc4b6a391b4f84cdbfb763a7"}, {0xc, 0x7, {0xca9c6974ee138e89}}, {0xc, 0x8, {0x2, 0x1}}}}, @m_skbmod={0xc8, 0x10, 0x0, 0x0, {{0xb}, {0x9c, 0x2, 0x0, 0x1, [@TCA_SKBMOD_PARMS={0x20, 0x2, {{0x7, 0x8, 0x6, 0x2, 0x1}, 0xc}}, @TCA_SKBMOD_PARMS={0x20, 0x2, {{0x4, 0x1, 0x0, 0x1aae, 0x9}, 0x9}}, @TCA_SKBMOD_DMAC={0xa, 0x3, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xb}}, @TCA_SKBMOD_DMAC={0xa, 0x3, @multicast}, @TCA_SKBMOD_DMAC={0xa, 0x3, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x35}}, @TCA_SKBMOD_DMAC={0xa}, @TCA_SKBMOD_PARMS={0x20, 0x2, {{0xe, 0x8, 0x4}, 0xe}}, @TCA_SKBMOD_ETYPE={0x6, 0x5, 0x4f}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0x1}}}}]}, @TCA_FW_INDEV={0x14, 0x3, 'macvtap0\x00'}, @TCA_FW_MASK={0x8, 0x5, 0x10000}, @TCA_FW_CLASSID={0x8, 0x1, {0x0, 0xf}}]}}]}, 0x1520}, 0x1, 0x0, 0x0, 0x4885}, 0x40040) (async)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) (async)
sched_setscheduler(0x0, 0x1, &(0x7f0000000180)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x400) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
getsockopt$ARPT_SO_GET_INFO(0xffffffffffffffff, 0x0, 0x60, &(0x7f0000000340)={'filter\x00', 0x0, [0xd, 0x3a5e]}, &(0x7f0000000280)=0x44) (async)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) (async)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) (async)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0) (async)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000c00)=ANY=[])
chdir(&(0x7f0000000300)='./file0\x00') (async)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
writev(r4, &(0x7f0000000080), 0x0)
write$binfmt_elf64(r4, &(0x7f00000003c0)=ANY=[@ANYBLOB="0800000011ff0300000174ed82f607eabe3a0b2eaa5d742bb03fc2c8a96887df830da1389ba389d64ecc33e70a24b41313"], 0x1c) (async)
r5 = socket$netlink(0x10, 0x3, 0x4)
write$binfmt_misc(r4, &(0x7f0000000100), 0xfef0) (async)
splice(r3, 0x0, r5, 0x0, 0x80000001, 0x0)
r6 = openat$cgroup_ro(r4, 0x0, 0x275a, 0x0)
fcntl$lock(r6, 0x6, &(0x7f0000000040)={0x2, 0x0, 0x80}) (async)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.throttle.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r7, &(0x7f0000000100), 0x4) (async)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.throttle.io_service_bytes_recursive\x00', 0x275a, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x641, 0x0) (async)
r8 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0, 0x160)
lseek(r8, 0xfffffffc, 0x1)

2.358812999s ago: executing program 1 (id=3243):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
connect$inet(r0, &(0x7f0000000480)={0x2, 0x4e24, @local}, 0x10)
sendmmsg$sock(r0, &(0x7f0000002680)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000940)=[@mark={{0x10, 0x1, 0x24, 0x3}}], 0x10, 0x1000000}}], 0x11, 0x20000000)

2.35834062s ago: executing program 1 (id=3244):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x25dfdbfb, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x15e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x800}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x15, &(0x7f0000000280)=ANY=[@ANYRES64, @ANYRESOCT, @ANYRES64=0x0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
io_uring_register$IORING_REGISTER_FILES(0xffffffffffffffff, 0x1e, &(0x7f0000000000)=[0xffffffffffffffff], 0x1)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = syz_io_uring_setup(0x131, &(0x7f0000000340)={0x0, 0x5cb1, 0x2, 0x4, 0xfffffffd}, &(0x7f0000000140), 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000027c0)={0x11, 0x4, &(0x7f0000000a40)=ANY=[@ANYBLOB="1801000000050000000000000000ea0485000000d000000095"], &(0x7f0000000a00)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
setrlimit(0x3, &(0x7f0000000180)={0x7, 0x3})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$SNDCTL_DSP_GETTRIGGER(0xffffffffffffffff, 0x80045010, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0)
mmap(&(0x7f0000496000/0x4000)=nil, 0x4000, 0x5000005, 0x4010, r0, 0x0)
mbind(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x2)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
ioctl$TIOCSETD(r5, 0x5423, &(0x7f0000000740)=0xe)
ioctl$TIOCSTI(r5, 0x5412, &(0x7f0000000340)=0xff)
r6 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r6, &(0x7f0000000100)={0x2, 0x4e21, @loopback}, 0x10)

2.159317763s ago: executing program 2 (id=3245):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000540)={{0x14}, [@NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x3, 0x0, 0x0, {0x3}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz0\x00'}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWTABLE={0x14, 0x0, 0xa, 0x401, 0x0, 0x0, {0x3}}], {0x14}}, 0x68}}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000580), 0x41, 0x0)
write$binfmt_aout(r1, &(0x7f00000000c0)=ANY=[], 0xff2e)
ioctl$TCSETSW(r1, 0x5403, &(0x7f0000000240)={0x2, 0x6a, 0x6, 0x9, 0x4, "a79703dfb24b10afd37e0306326bedb823ac34"})
r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r3 = dup(r2)
r4 = syz_open_dev$sndctrl(&(0x7f0000000280), 0x6, 0x204000)
ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r4, 0xc2c45513, &(0x7f00000005c0)={{0x1, 0x4, 0x0, 0x4, '\x00', 0xfff}, 0x0, [0x916, 0x100, 0x3, 0x87d3, 0x6, 0x4, 0x6, 0x9, 0x0, 0x5, 0xa, 0x4, 0x5, 0x8, 0x4, 0x5, 0x200, 0x2, 0x811, 0xf, 0x3, 0x200, 0x9, 0xb, 0x6, 0x4, 0xbc2, 0x2, 0x0, 0x5, 0x95, 0x3c000, 0x9, 0xff, 0x8, 0x6, 0x6, 0xcd10, 0xc, 0x3, 0x6, 0x0, 0x5, 0x1, 0x9, 0x7f, 0x8, 0x6, 0x5, 0x800000, 0x2, 0x3, 0x4, 0x8, 0x1, 0x3d, 0xfffffffe, 0xfffffff9, 0x0, 0x0, 0x6, 0x2, 0x3, 0xffff876b, 0x3, 0x9, 0x4, 0xfffffffc, 0x100, 0x1, 0x5, 0xb, 0xe, 0x27c4, 0x1f0a, 0xfffffeae, 0x0, 0x3, 0x1, 0x46, 0xf7, 0x7, 0x7, 0x4, 0x1, 0x3, 0x7, 0x4, 0x8ff3, 0x7, 0x8, 0x81, 0x2, 0xfffffffe, 0x1ff, 0xfdff, 0x43f, 0x5, 0x10, 0x7, 0x3, 0xc750, 0x8, 0x8, 0x7, 0x3, 0x8, 0x2, 0x9, 0x7f, 0x16, 0x7f, 0x9, 0x10, 0x2, 0x5, 0xa, 0x6, 0xfffffff6, 0xe1, 0x9, 0x7fff, 0xd1, 0xc09, 0x5a40, 0xfffffffb, 0x1, 0x7ff]})
write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c)
iopl(0x3)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0xc000, 0x0)
faccessat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x2)
r5 = syz_io_uring_setup(0x239, &(0x7f0000000300)={0x0, 0x4711, 0x10100, 0x1, 0x0, 0x0, r3}, &(0x7f00000000c0)=<r6=>0x0, &(0x7f0000000100)=<r7=>0x0)
syz_io_uring_submit(r6, r7, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r2, 0x0, 0x0, 0x0, {}, 0x1})
io_uring_enter(r5, 0x2ded, 0x4000, 0x0, 0x0, 0x0)
bind$alg(0xffffffffffffffff, &(0x7f0000000040)={0x26, 'aead\x00', 0x0, 0x0, 'morus1280\x00'}, 0x58)
r8 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1)
inotify_init1(0x800)
bind$bt_hci(r8, &(0x7f0000000000)={0x27}, 0x62)
listen(r8, 0x0)
accept4(r8, 0x0, 0x0, 0x0)
r9 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(0xffffffffffffffff, 0x84, 0x6, &(0x7f00000000c0)={<r10=>0x0, @in6={{0xa, 0x4e23, 0x3, @dev={0xfe, 0x80, '\x00', 0x3f}, 0xc700}}}, &(0x7f0000000000)=0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r9, 0x84, 0x9, &(0x7f0000000180)={r10, @in={{0x2, 0x4e21, @remote}}, 0x200, 0x8, 0x1, 0x0, 0x20, 0x2, 0x2}, 0x9c)

2.003934131s ago: executing program 0 (id=3246):
r0 = socket$netlink(0x10, 0x3, 0x10)
sched_setscheduler(0x0, 0x1, 0x0)
r1 = getpid()
r2 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000030c0)=[{&(0x7f0000000340)="1400000016001963d25a80648c56915a19aa2bfe", 0x14}], 0x1}, 0x0)
pipe(&(0x7f0000000840)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$lock(r3, 0x25, &(0x7f0000000300)={0x0, 0x0, 0x72, 0x5})
io_uring_register$IORING_REGISTER_PROBE(0xffffffffffffffff, 0x8, &(0x7f0000000480)={0x0, 0x0, 0x0, '\x00', [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}]}, 0x3c)
recvmsg(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000001580)=""/4075, 0xfeb}], 0x1}, 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$nfs4(&(0x7f00000001c0)='\x00', &(0x7f0000000240)='.\x00', &(0x7f00000003c0), 0x200000, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), r0)
r4 = socket$inet_smc(0x2b, 0x1, 0x0)
ppoll(0x0, 0x0, 0x0, 0x0, 0x0)
setsockopt$inet_tcp_int(r4, 0x6, 0x19, &(0x7f0000000200)=0x2, 0x43)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = eventfd2(0x0, 0x0)
ioctl$KVM_HYPERV_EVENTFD(r6, 0x4018aebd, &(0x7f0000000140)={0x100, r7})
close_range(r6, r7, 0x0)
fstatat64(0xffffff9c, &(0x7f0000000080)='./bus\x00', &(0x7f0000000680), 0x1000)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000e00), 0x1881008, &(0x7f0000000000)={[{@redirect_dir_nofollow}, {@metacopy_on}]})
syz_genetlink_get_family_id$l2tp(&(0x7f0000000180), r0)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='environ\x00')
r8 = socket$caif_stream(0x25, 0x1, 0x1)
recvmmsg(r8, &(0x7f0000001300)=[{{0x0, 0x0, 0x0}, 0xb9d}, {{0x0, 0x0, &(0x7f0000000840), 0x0, &(0x7f0000000b40)=""/171, 0xab}, 0xb}, {{&(0x7f0000000c00)=@tipc=@name, 0x80, &(0x7f00000011c0)=[{&(0x7f0000000c80)=""/253, 0xfd}, {&(0x7f0000001480)=""/109, 0x6d}, {&(0x7f0000001240)=""/42, 0x2a}, {&(0x7f0000000d80)=""/109, 0x6d}, {&(0x7f0000000f80)=""/136, 0x88}], 0x5, &(0x7f00000010c0)=""/235, 0xeb}, 0x591dd229}, {{0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000400)=""/34, 0x22}], 0x1, &(0x7f0000000f00)=""/76, 0x4c}, 0xa}], 0x4, 0x4023, 0x0)
exit(0x0)
syz_open_procfs(r1, &(0x7f0000001440)='attr/exec\x00')
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000040000000000000000000000000a20000000000a05000000000000000000070000000900010073797a3000000000480100000b0a010300000000000000000000000908000840000000005d000d40b4ebbbe1d4a3a3943f01dc504bee20b9ffdc9c1c333908174d01f7333bc842b319a62a741928d7ab9029b5c90c06003c1ea69f40f14e15bae3869219ef487b375d22f07825ad78c58e08c2f8bb4717fcb534da3352e3ac903b00000005000d4059000000100009800400028008000140ffffffffb2000d401ca8e6beb5242745fa11b54e66b54bdcb169997ca3d8285bf242f443753a5f49e343266a66a96c090c14691a47b4a517c4a87c9b17eb431d3010dc3007fa1f18d21bb66f8fe43456ec5f2cefefd688de19e1d17f00bf18f9ef1b176ee3c6e2e68117e4e42c5230ba28194f7cad60cf2b7e932b07b9a5c64021cd7d755f440a1e7ad6b24cba4fe9afc42617b37107efc856d65e1af78d5682525fd61b9395ea0cc5875bfe2f5e08516ac383a501cf0000740000000c0a01030000000000000000070000000900020073797a31000000004c0003804400008000000340000000020400018027000440000000000000000c040000800800044000000002140000001000010000000000000000000084000a5dbe33c6fad07b7b0760272f7614b2deaa7de7d684ea30f92399e9b64ae29754539723767ceb36718a09c57050aeb4bcb228a1dfae7e40a5e34ddb5a2ab9a4ec07d677697ca9296ce80fb664b2d6d26ae80072819b40d70128dfa205ee9c6ed2c64576793866d023e4f3b5996e60c89bacc29384a4037dfc3ad6a8fa"], 0x204}}, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'lo\x00'})

1.486191573s ago: executing program 1 (id=3247):
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = socket(0x10, 0x2, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000000)={0x8, 0x0, 0x2, 0x959a}, 0x10)
write(r0, &(0x7f0000000040)="1c0000001a009b8a140000003b9b301f00"/28, 0x1c)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000100)={0x12, 0xc, &(0x7f00000006c0)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x7}}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xb, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
recvmmsg(r0, &(0x7f0000002ec0), 0x400000000000ec0, 0x2, &(0x7f00000001c0)={0x77359400})
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000340)={0x1, 0x5}, 0x4)
syz_emit_ethernet(0x46, &(0x7f0000000280)={@local, @link_local, @void, {@ipv4={0x800, @tcp={{0x9, 0x4, 0x0, 0x0, 0x38, 0x2, 0x0, 0x0, 0x5, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @private=0xa010100, {[@ssrr={0x89, 0xb, 0xc6, [@initdev={0xac, 0x1e, 0x0, 0x0}, @local]}, @generic={0x83, 0x2}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x0, 0xe02}}}}}}, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x1)
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
pselect6(0x40, &(0x7f0000000100), 0x0, &(0x7f0000000240)={0x1f}, &(0x7f0000000280)={0x0, 0x3938700}, 0x0)
r2 = syz_open_dev$usbmon(&(0x7f0000005500), 0x4853, 0x40500)
r3 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000200), 0x0)
ioctl$SNDRV_TIMER_IOCTL_GPARAMS(r3, 0x541b, 0x0)
r4 = openat$snapshot(0xffffff9c, &(0x7f0000000080), 0x1a1d82, 0x0)
ioperm(0x6, 0xdc9b, 0x8)
r5 = openat$vcsu(0xffffff9c, &(0x7f00000000c0), 0x10000, 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r5, 0xc08c5332, &(0x7f0000000280)={0x77, 0xffff, 0x0, 'queue0\x00', 0xfffffffd})
ioctl$SNAPSHOT_CREATE_IMAGE(r4, 0x40043311, &(0x7f0000000040))
r6 = syz_open_dev$vim2m(&(0x7f00000001c0), 0x7fff, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r6, 0xc0145608, &(0x7f00000000c0)={0xb, 0x1, 0x4, 0x0, 0x7})
ioctl$vim2m_VIDIOC_STREAMOFF(r6, 0x40045612, &(0x7f0000000000)=0x1)
ioctl$vim2m_VIDIOC_DQBUF(r6, 0xc0585611, &(0x7f0000000200)=@multiplanar_mmap={0x8, 0x1, 0x4, 0x400, 0x0, {}, {0x5, 0xc, 0xd, 0xff, 0xb, 0x2d, "48cfa348"}, 0x3, 0x1, {0x0}, 0xb})
r7 = syz_open_dev$vim2m(&(0x7f0000000000), 0x800, 0x2)
r8 = syz_open_procfs(0x0, &(0x7f0000000040)='task\x00')
fcntl$notify(r8, 0x402, 0x80000004)
getdents(r8, &(0x7f00000003c0)=""/86, 0x56)
ioctl$vim2m_VIDIOC_S_CTRL(r7, 0xc008561c, &(0x7f0000000040)={0xf0f046})
ioctl$MON_IOCQ_RING_SIZE(r2, 0x9205)

1.292849372s ago: executing program 1 (id=3248):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket(0x1d, 0x2, 0x6)
bind$l2tp(r1, 0x0, 0x0)
syz_emit_vhci(&(0x7f00000006c0)=ANY=[@ANYBLOB="04230d00c80001"], 0x10)
socket$nl_netfilter(0x10, 0x3, 0xc)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x141121)
r3 = dup(r2)
write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB="140000001000010000000000000000f9ffffff0924000000060a0b04000000000000000002000008040004800900020073797a3200000000140000001100010000000000000000000000000a93ae51bd1ebe0c5d5969fd92f738"], 0x4c}}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x300000e, 0x20c44fb6edc09a38, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r6=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r6, @ANYBLOB="1f003300d00000000802110000010802110000005050505050500000", @ANYRES8=r0], 0x3c}}, 0x10)

1.276692681s ago: executing program 3 (id=3249):
r0 = socket$kcm(0x10, 0x2, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, 0x0)
setsockopt$sock_attach_bpf(r0, 0x1, 0x32, 0x0, 0x0)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000180)}], 0x1}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x70bd2d, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x6}]}, {0x4}, {0xc, 0x7, {0x1}}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
r4 = socket$inet(0x2, 0x3, 0x5)
r5 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r5, 0x89f1, &(0x7f0000001040)={'gre0\x00', &(0x7f0000001000)={'syztnl2\x00', 0x0, 0x0, 0xa000, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x2f, 0x0, @empty, @rand_addr=0x3}}}})
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r4, 0x89f3, &(0x7f0000000300)={'syztnl2\x00', &(0x7f0000000280)={'syztnl1\x00', 0x0, 0x20, 0x80, 0x1000, 0x1, {{0x5, 0x4, 0x2, 0x2, 0x14, 0x66, 0x0, 0xe9, 0x2f, 0x0, @private, @local}}}})
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x2, 0x0)
syz_open_dev$sndmidi(0x0, 0x2, 0x141101)
r6 = syz_io_uring_setup(0x235, &(0x7f0000000500)={0x0, 0x4533, 0x10100, 0x1, 0x24c}, &(0x7f00000001c0)=<r7=>0x0, &(0x7f0000000280)=<r8=>0x0)
syz_io_uring_submit(r7, r8, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {0x211}, 0x1})
io_uring_enter(r6, 0x234f, 0xb1e6, 0x1, 0x0, 0x0)
r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_sys\x00', 0x275a, 0x0)
fcntl$lock(r9, 0x26, &(0x7f0000000080)={0x1, 0x0, 0x2007, 0x1fd})
socket$nl_netfilter(0x10, 0x3, 0xc)

1.112075449s ago: executing program 2 (id=3250):
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32=0x0, @ANYBLOB="0000000000000100"/20, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00'/28], 0x48)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x70bd2b, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7b, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$CEC_ADAP_S_LOG_ADDRS(0xffffffffffffffff, 0xc05c6104, &(0x7f00000001c0)={"f2efe21e", 0x0, 0x5, 0x4a, 0x0, 0x1ff, "2179d46fd08e3c0ced34c7d0c7e6d7", "7ca24a13", "0400", "a2d1d4a2", ["1af0b1ba1cb8fd54c9c9b587", "bed0f3d6ce7a5f7389827f04", "33af343c60abc64f2fdc9ddf", "9b3842fc63849f62b6eb1c3c"]})
r3 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000000c0), 0x80201, 0x0)
write$rfkill(r3, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x1}, 0x8)
r4 = syz_open_dev$cec(&(0x7f0000000000), 0x0, 0x0)
r5 = memfd_secret(0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x400, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r7, 0xae60)
ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000000200)={0x0, 0x1, 0xf000, 0x1000, &(0x7f0000f9a000/0x1000)=nil})
ioctl$KVM_SET_VAPIC_ADDR(0xffffffffffffffff, 0x4008ae93, &(0x7f00000000c0)=0xffff)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000280)={0xffffffffffffffff, r5, 0x2e, 0x4608, @void}, 0x10)
write$uinput_user_dev(r5, &(0x7f00000003c0)={'syz0\x00', {0x3b, 0x5, 0x5f, 0x500}, 0x10, [0xa, 0x40, 0x2, 0x1, 0x2, 0x200, 0x6, 0xa5d2, 0xffff85cf, 0x4, 0x3, 0x9, 0x8, 0x6, 0x4, 0x55defd4e, 0x10, 0x3, 0xfffffffb, 0xdc6, 0x100, 0x0, 0x7, 0x81, 0x7f, 0x4, 0x1, 0x9, 0x80000001, 0x3, 0x7, 0x0, 0x8, 0x2, 0xe5a, 0x5, 0x8, 0xe, 0x3, 0xc61, 0x80000000, 0x1, 0x0, 0xe, 0x2, 0xe, 0x8, 0x6, 0xfffffff8, 0x0, 0x246aac8c, 0x7, 0x98b, 0x102f, 0x0, 0x5, 0xfffffff8, 0x80000000, 0x6, 0x9, 0x10e, 0x0, 0x8, 0x2], [0x5, 0x7, 0x2, 0x1000, 0xb4e8, 0x2, 0xd89, 0xffffffff, 0xa8, 0x200, 0xa, 0x8, 0x8, 0x5, 0x40, 0x0, 0x8e41, 0x6, 0x2, 0x3, 0x1, 0x1ed3df8b, 0xc, 0x1, 0x200, 0xb18, 0x3, 0xfffffff9, 0xb, 0x1000, 0xffffff64, 0x2, 0xe8, 0x0, 0x9, 0x3ff, 0x1, 0x80000001, 0x80000001, 0x2, 0x2, 0x1, 0x70, 0x1, 0xbac, 0x101, 0x2, 0x7fff, 0x7f, 0x401, 0x72c7, 0xffff, 0xffffffff, 0x80, 0x2, 0x6, 0x8001, 0x3, 0x7, 0x8001, 0xd, 0x3, 0x0, 0x5], [0xf, 0x9, 0x7, 0x4, 0x7e, 0x8, 0x5, 0x2, 0x7, 0x1, 0x4, 0xd3, 0x2, 0x5c3, 0x81, 0x6, 0x8001, 0x5, 0xfffffffc, 0x7, 0x2, 0x3, 0x6, 0xd, 0x4, 0x280, 0x8, 0x400000, 0x9, 0x6, 0xb71, 0x6, 0x6, 0x1ff, 0x7, 0x9, 0x3, 0x8, 0x6, 0x2, 0x800, 0x5, 0x3, 0x1, 0x2, 0x3, 0xfffeffff, 0x1, 0x8, 0x6, 0x10, 0xb2, 0x200, 0x48, 0xfffffffc, 0x4, 0x2, 0x7, 0x6, 0x9, 0x8d1, 0x0, 0x4, 0xffffffff], [0x7ff, 0x3e41, 0x0, 0x11, 0x10001, 0x9, 0xa, 0x0, 0x8, 0x1000, 0x7b5a, 0xfffffffc, 0x6, 0x7c, 0x5, 0x8, 0xd, 0xffff, 0x6, 0x7, 0x1, 0x8, 0x9, 0x5, 0x9, 0x1, 0x3, 0x5, 0x7, 0x0, 0x5, 0x5, 0x378, 0xfffffff9, 0x3, 0xc6, 0x8, 0x9, 0xf24, 0x6, 0x3, 0x9c, 0x2, 0x9, 0x80000000, 0x1, 0x9c59, 0x359, 0x6, 0x10, 0x8, 0x0, 0x0, 0xf6, 0x4, 0x3, 0x0, 0x3, 0xffffffff, 0x2, 0x751, 0x1, 0xffffb288]}, 0x45c)
ioctl$CEC_TRANSMIT(r4, 0xc0386105, &(0x7f0000000d40)={0x2, 0x3, 0x3, 0xfffffffc, 0x0, 0x4063, "57c1169b6664ea61326ac71ae7213059", 0x0, 0x0, 0x0, 0xfd, 0x5, 0x1})

1.111424546s ago: executing program 0 (id=3251):
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/key-users\x00', 0x0, 0x0)
r1 = memfd_create(&(0x7f00000005c0)='\x00\xc76\xbe\x91\x8d\x182)!\x9a%\xa2\xd28\xd6\x06\a\x0e\xfc\xfe\x12\x8f&\x13\xae%@T\xa3\xb0>\\\xec\xa9\xf9Q@6A\x10\x8cn|\x00\x00\x00\x00\x00\x00\x00\x00\xeb0\xdd\xe8\x87\x05=\xfb\x8b$\xdcQ\xee\xc5\x1f\x8bQ\xf7fo\"i\xa1hk\x1d\xf5z\xc1\x7f\xa4\\]\xc4\xbe3\xf9\xa8\t?:\xd8\xda\x84\xeepI[\x1c\x00\x00\x00\x00\xf9v\x00\x00\x00\x00\x00T\xb6\xbe\x0f~\xc0\x92\xe9O{\xa8\x81(\x01\x14\xfc\x83\xf9\xfb\x05\x94Tr@Lq]\xf9\x15zj\x87\xc4\x8e\xe8/\xb9-&R\x8e\xb2\xb3bBx\x1e1\x18\x8f\x19\xf7]#\xed,\xc7\x11\tp\xf4\xa3\xee\xcb\xaf\xb3\xe3\'}\x18\xe8O\xa8#K\xb6\xe4U\x92\xd2\x99\xb8<X\xfa\xdd\x8a6\xa1\x82\xf7r\xd8z\x85\x8do\xa5\xed\xd4\xbc8\xfb\x16\x8e\x8b-W\xd4\xc9\xbc\x94CR[Du8U^\xf2tl8\xfe\xd0\x94\xfe\xf5\x1c+\x00U\te\xfa6\xca\xb9\xb4Q\xd9\xee\r6\x861h{\xc7z\'F\xc7\x91\x06x\xe1`\xf1:\xbd+\xd5\f\xb2\xce\xa4\x06\x90\x90\x9b\x1d\xcaa\xf7\x8f\x9e\x80\x93\xafT\xdfl\xec\xc6\x8e\x96\r[n\xc6\x99\x1fr<\x06\xb3\xbcT\x00\xda6\x18/\x18', 0x0)
ioctl$FS_IOC_RESVSP(r1, 0x402c5828, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x100})
ftruncate(r1, 0x3)
lseek(r1, 0x0, 0x3)
r2 = openat$ipvs(0xffffffffffffff9c, &(0x7f00000004c0)='/proc/sys/net/ipv4/vs/sync_qlen_max\x00', 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_io_uring_setup(0x19ff, 0x0, &(0x7f0000000240), &(0x7f0000000100))
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00'}, 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000a00)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0a000000010000003f0000004000000042000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000000000000000000000000000000000000000000000000007f721185d1bd3a0ddc9b4f4fb93aedd0a03ab11a8cb57ca3b63a1566d7b8c329386274571eb19ffef06b6d1fff919327c75193a37bfd8eccb5961ba7d48b24796f3025fac2b1f91877"], 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080), &(0x7f0000001a40), 0x1003, r6}, 0x38)
r7 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000080)=ANY=[@ANYBLOB="9feb010018000000000000001c0000001c00000003000000010000000000000e0200000000000000000000000000000504000000002e"], 0x0, 0x37, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20)
bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x9, 0x4, 0x4, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, r7, 0x10000002, 0x1001, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r8 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/secure_tcp\x00', 0x2, 0x0)
write$cgroup_int(r8, &(0x7f0000000040)=0x3, 0x12)
sendfile(r2, r0, &(0x7f0000000000)=0x9, 0x3fffff)

338.282615ms ago: executing program 1 (id=3252):
openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/tcp_wmem\x00', 0x1, 0x0)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x3000000)
syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
mount$9p_fd(0x0, 0x0, &(0x7f0000000080), 0x400, &(0x7f0000000a40)=ANY=[@ANYBLOB=',debug=0x0000007,version=9p20\\++},%{!(6,afid=0x000000003f5689cf', @ANYRES16])
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x8c)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = openat$dsp1(0xffffff9c, &(0x7f00000001c0), 0x24003, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
fanotify_init(0x4c, 0x0)
connect$inet(0xffffffffffffffff, &(0x7f0000000300)={0x2, 0x4e20, @local}, 0x10)
ioctl$SOUND_OLD_MIXER_INFO(r0, 0x80304d65, &(0x7f0000000280))
shutdown(0xffffffffffffffff, 0x1)
mount$overlay(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200), 0xd4, &(0x7f0000000180)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@workdir={'workdir', 0x3d, './file0'}}], [], 0x2c})
fspick(0xffffffffffffffff, &(0x7f0000000140)='./file0\x00', 0x1)
r4 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000380)=ANY=[@ANYBLOB="38000000031401002abd7000fedbdf250900020073017a31000000000800410072786500140033006c6f", @ANYRES64=0x0, @ANYBLOB="4aa7f55c4d9e79be09974ea08334682d824c86160d90989198327e0d0a958d96b86fd594f9948da6dd357e2d751dc4a30f3707d929e761358698adf1427de2abf4f2a920a0286e64ca10ff79fcc7b704d3f076ee2347b0d641feec0f23ee046ca9e70a8998c19dee5f82dd235b2f42b02918700300dd1919a4e6958abe1a8b8742d3f694d04e85a5524f3ac988bba6710701a2a99a5f4753d13b8ce0cd4f9d3e71120de6b89ec9339e98113fc98539dc69747167b0a25c4eeffa79c13755de64496701299232", @ANYBLOB="8d7b7332550e78f2fa9d1e29fc08c30719baa9af90af6f4a09660efe813c", @ANYRES16=0x0], 0x38}, 0x1, 0x0, 0x0, 0x44}, 0x810)
socket$inet6(0xa, 0x5, 0x6)
syz_usb_connect(0x3, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400011b00000009040000022a3e740009058bff7f0000100109050b362f"], 0x0)
close(0xffffffffffffffff)

157.796707ms ago: executing program 3 (id=3253):
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32=0x0, @ANYBLOB="0000000000000100"/20, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00'/28], 0x48)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x70bd2b, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7b, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$CEC_ADAP_S_LOG_ADDRS(0xffffffffffffffff, 0xc05c6104, &(0x7f00000001c0)={"f2efe21e", 0x0, 0x5, 0x4a, 0x0, 0x1ff, "2179d46fd08e3c0ced34c7d0c7e6d7", "7ca24a13", "0400", "a2d1d4a2", ["1af0b1ba1cb8fd54c9c9b587", "bed0f3d6ce7a5f7389827f04", "33af343c60abc64f2fdc9ddf", "9b3842fc63849f62b6eb1c3c"]})
r3 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000000c0), 0x80201, 0x0)
write$rfkill(r3, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x1}, 0x8)
r4 = syz_open_dev$cec(&(0x7f0000000000), 0x0, 0x0)
r5 = memfd_secret(0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x400, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r7, 0xae60)
ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000000200)={0x0, 0x1, 0xf000, 0x1000, &(0x7f0000f9a000/0x1000)=nil})
ioctl$KVM_SET_VAPIC_ADDR(0xffffffffffffffff, 0x4008ae93, &(0x7f00000000c0)=0xffff)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000280)={0xffffffffffffffff, r5, 0x2e, 0x4608, @void}, 0x10)
write$uinput_user_dev(r5, &(0x7f00000003c0)={'syz0\x00', {0x3b, 0x5, 0x5f, 0x500}, 0x10, [0xa, 0x40, 0x2, 0x1, 0x2, 0x200, 0x6, 0xa5d2, 0xffff85cf, 0x4, 0x3, 0x9, 0x8, 0x6, 0x4, 0x55defd4e, 0x10, 0x3, 0xfffffffb, 0xdc6, 0x100, 0x0, 0x7, 0x81, 0x7f, 0x4, 0x1, 0x9, 0x80000001, 0x3, 0x7, 0x0, 0x8, 0x2, 0xe5a, 0x5, 0x8, 0xe, 0x3, 0xc61, 0x80000000, 0x1, 0x0, 0xe, 0x2, 0xe, 0x8, 0x6, 0xfffffff8, 0x0, 0x246aac8c, 0x7, 0x98b, 0x102f, 0x0, 0x5, 0xfffffff8, 0x80000000, 0x6, 0x9, 0x10e, 0x0, 0x8, 0x2], [0x5, 0x7, 0x2, 0x1000, 0xb4e8, 0x2, 0xd89, 0xffffffff, 0xa8, 0x200, 0xa, 0x8, 0x8, 0x5, 0x40, 0x0, 0x8e41, 0x6, 0x2, 0x3, 0x1, 0x1ed3df8b, 0xc, 0x1, 0x200, 0xb18, 0x3, 0xfffffff9, 0xb, 0x1000, 0xffffff64, 0x2, 0xe8, 0x0, 0x9, 0x3ff, 0x1, 0x80000001, 0x80000001, 0x2, 0x2, 0x1, 0x70, 0x1, 0xbac, 0x101, 0x2, 0x7fff, 0x7f, 0x401, 0x72c7, 0xffff, 0xffffffff, 0x80, 0x2, 0x6, 0x8001, 0x3, 0x7, 0x8001, 0xd, 0x3, 0x0, 0x5], [0xf, 0x9, 0x7, 0x4, 0x7e, 0x8, 0x5, 0x2, 0x7, 0x1, 0x4, 0xd3, 0x2, 0x5c3, 0x81, 0x6, 0x8001, 0x5, 0xfffffffc, 0x7, 0x2, 0x3, 0x6, 0xd, 0x4, 0x280, 0x8, 0x400000, 0x9, 0x6, 0xb71, 0x6, 0x6, 0x1ff, 0x7, 0x9, 0x3, 0x8, 0x6, 0x2, 0x800, 0x5, 0x3, 0x1, 0x2, 0x3, 0xfffeffff, 0x1, 0x8, 0x6, 0x10, 0xb2, 0x200, 0x48, 0xfffffffc, 0x4, 0x2, 0x7, 0x6, 0x9, 0x8d1, 0x0, 0x4, 0xffffffff], [0x7ff, 0x3e41, 0x0, 0x11, 0x10001, 0x9, 0xa, 0x0, 0x8, 0x1000, 0x7b5a, 0xfffffffc, 0x6, 0x7c, 0x5, 0x8, 0xd, 0xffff, 0x6, 0x7, 0x1, 0x8, 0x9, 0x5, 0x9, 0x1, 0x3, 0x5, 0x7, 0x0, 0x5, 0x5, 0x378, 0xfffffff9, 0x3, 0xc6, 0x8, 0x9, 0xf24, 0x6, 0x3, 0x9c, 0x2, 0x9, 0x80000000, 0x1, 0x9c59, 0x359, 0x6, 0x10, 0x8, 0x0, 0x0, 0xf6, 0x4, 0x3, 0x0, 0x3, 0xffffffff, 0x2, 0x751, 0x1, 0xffffb288]}, 0x45c)
ioctl$CEC_TRANSMIT(r4, 0xc0386105, &(0x7f0000000d40)={0x2, 0x3, 0x3, 0xfffffffc, 0x0, 0x4063, "57c1169b6664ea61326ac71ae7213059", 0x0, 0x0, 0x0, 0xfd, 0x5, 0x1})

0s ago: executing program 0 (id=3254):
prlimit64(0x0, 0xe, 0x0, 0x0)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000002c0), 0x7e00, 0x0) (fail_nth: 9)

kernel console output (not intermixed with test programs):

912]  ? syscall_enter_from_user_mode_prepare+0x68/0xe0
[  490.208150][T14912]  __do_fast_syscall_32+0x73/0x120
[  490.208167][T14912]  do_fast_syscall_32+0x32/0x80
[  490.208184][T14912]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  490.208197][T14912] RIP: 0023:0xf7f74579
[  490.208206][T14912] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  490.208216][T14912] RSP: 002b:00000000f507555c EFLAGS: 00000296 ORIG_RAX: 0000000000000159
[  490.208226][T14912] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 00000000800020c0
[  490.208233][T14912] RDX: 000000000000fdef RSI: 0000000000000000 RDI: 0000000000000000
[  490.208239][T14912] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  490.208245][T14912] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  490.208251][T14912] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  490.208264][T14912]  </TASK>
[  490.291994][ T1170] vhci_hcd: release socket
[  490.293852][ T1170] vhci_hcd: disconnect device
[  490.301100][   T58] usb 37-1: new high-speed USB device number 2 using vhci_hcd
[  490.961174][   T29] vhci_hcd: vhci_device speed not set
[  491.051100][   T68] Bluetooth: hci4: command 0x0406 tx timeout
[  491.121309][   T68] Bluetooth: hci5: command 0x0c1a tx timeout
[  491.201274][   T68] Bluetooth: hci2: command 0x0c1a tx timeout
[  491.203371][ T5956] Bluetooth: hci0: command 0x0c1a tx timeout
[  491.494870][T14924] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(9)
[  491.496882][T14924] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  491.500769][T14924] vhci_hcd vhci_hcd.0: Device attached
[  491.532268][T14927] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2723'.
[  491.972203][T14925] vhci_hcd: connection reset by peer
[  491.979336][ T1170] vhci_hcd: stop threads
[  491.980660][ T1170] vhci_hcd: release socket
[  491.982300][ T1170] vhci_hcd: disconnect device
[  492.657071][T14942] Bluetooth: received HCILL_WAKE_UP_ACK in state 2
[  492.660399][ T1170] Bluetooth: hci1: Frame reassembly failed (-84)
[  492.665152][ T1170] Bluetooth: hci1: Frame reassembly failed (-84)
[  492.981116][   T29] usb 5-1: new high-speed USB device number 44 using dummy_hcd
[  493.067104][T14956] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2731'.
[  493.163433][T14958] netlink: 'syz.3.2734': attribute type 4 has an invalid length.
[  493.181407][   T29] usb 5-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  493.358124][   T29] usb 5-1: config 0 interface 0 has no altsetting 0
[  493.457233][   T29] usb 5-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  493.460098][   T29] usb 5-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  493.666891][   T29] usb 5-1: Product: syz
[  493.672355][   T29] usb 5-1: Manufacturer: syz
[  493.676277][   T29] usb 5-1: SerialNumber: syz
[  493.682307][   T29] usb 5-1: config 0 descriptor??
[  493.687610][   T29] usb 5-1: selecting invalid altsetting 0
[  494.721180][ T5956] Bluetooth: hci1: Opcode 0x1003 failed: -110
[  494.721461][   T68] Bluetooth: hci1: command 0x1003 tx timeout
[  495.274803][T14976] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2740'.
[  495.494817][T14980] lo speed is unknown, defaulting to 1000
[  495.561084][   T58] vhci_hcd: vhci_device speed not set
[  495.577482][T14980] lo speed is unknown, defaulting to 1000
[  495.629249][   T10] usb 5-1: USB disconnect, device number 44
[  495.873882][T15001] FAULT_INJECTION: forcing a failure.
[  495.873882][T15001] name failslab, interval 1, probability 0, space 0, times 0
[  495.877826][T15001] CPU: 0 UID: 0 PID: 15001 Comm: syz.2.2747 Not tainted 6.15.0-rc7-syzkaller-00152-gd0c22de9995b #0 PREEMPT(full) 
[  495.877841][T15001] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  495.877847][T15001] Call Trace:
[  495.877851][T15001]  <TASK>
[  495.877855][T15001]  dump_stack_lvl+0x16c/0x1f0
[  495.877874][T15001]  should_fail_ex+0x512/0x640
[  495.877891][T15001]  ? fs_reclaim_acquire+0xae/0x150
[  495.877908][T15001]  ? tomoyo_encode2+0x100/0x3e0
[  495.877923][T15001]  should_failslab+0xc2/0x120
[  495.877937][T15001]  __kmalloc_noprof+0xd2/0x510
[  495.877948][T15001]  ? d_absolute_path+0x136/0x1a0
[  495.877964][T15001]  tomoyo_encode2+0x100/0x3e0
[  495.877981][T15001]  tomoyo_encode+0x29/0x50
[  495.877995][T15001]  tomoyo_realpath_from_path+0x18f/0x6e0
[  495.878015][T15001]  tomoyo_path_number_perm+0x245/0x580
[  495.878028][T15001]  ? tomoyo_path_number_perm+0x237/0x580
[  495.878042][T15001]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  495.878070][T15001]  ? find_held_lock+0x2b/0x80
[  495.878080][T15001]  ? hook_file_ioctl_common+0x145/0x410
[  495.878093][T15001]  ? __fget_files+0x204/0x3c0
[  495.878105][T15001]  ? __fget_files+0x20e/0x3c0
[  495.878113][T15001]  ? __pfx_fput+0x10/0x10
[  495.878128][T15001]  security_file_ioctl_compat+0x9b/0x240
[  495.878144][T15001]  __ia32_compat_sys_ioctl+0xc3/0x360
[  495.878161][T15001]  __do_fast_syscall_32+0x73/0x120
[  495.878179][T15001]  do_fast_syscall_32+0x32/0x80
[  495.878195][T15001]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  495.878208][T15001] RIP: 0023:0xf7f74579
[  495.878217][T15001] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  495.878227][T15001] RSP: 002b:00000000f509655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  495.878237][T15001] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000040047454
[  495.878244][T15001] RDX: 0000000080000000 RSI: 0000000000000000 RDI: 0000000000000000
[  495.878250][T15001] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  495.878255][T15001] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  495.878262][T15001] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  495.878275][T15001]  </TASK>
[  495.878284][T15001] ERROR: Out of memory at tomoyo_realpath_from_path.
[  496.970366][T15024] Bluetooth: received HCILL_WAKE_UP_ACK in state 2
[  497.009172][T15029] netlink: 'syz.3.2754': attribute type 4 has an invalid length.
[  497.031126][T13783] usb 7-1: new high-speed USB device number 50 using dummy_hcd
[  497.049150][ T1141] Bluetooth: hci1: Frame reassembly failed (-84)
[  497.051525][  T224] Bluetooth: hci1: Frame reassembly failed (-84)
[  497.066120][  T224] Bluetooth: hci1: Frame reassembly failed (-84)
[  497.181928][T13783] usb 7-1: Using ep0 maxpacket: 16
[  497.188164][T13783] usb 7-1: config 0 has an invalid interface number: 8 but max is 0
[  497.190651][T13783] usb 7-1: config 0 has no interface number 0
[  497.193460][T13783] usb 7-1: config 0 interface 8 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  497.199967][T13783] usb 7-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f
[  497.206760][T13783] usb 7-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[  497.213144][T13783] usb 7-1: Product: syz
[  497.216560][T13783] usb 7-1: SerialNumber: syz
[  497.231884][T13783] usb 7-1: config 0 descriptor??
[  497.245623][T13783] usbhid 7-1:0.8: couldn't find an input interrupt endpoint
[  497.271078][   T34] usb 5-1: new high-speed USB device number 45 using dummy_hcd
[  497.459724][T15023] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  497.462332][   T34] usb 5-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  497.466640][   T34] usb 5-1: config 0 interface 0 has no altsetting 0
[  497.470230][   T34] usb 5-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  497.470733][T15023] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  497.473408][   T34] usb 5-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  497.478142][   T34] usb 5-1: Product: syz
[  497.479513][   T34] usb 5-1: Manufacturer: syz
[  497.480989][   T34] usb 5-1: SerialNumber: syz
[  497.483791][   T34] usb 5-1: config 0 descriptor??
[  497.488635][   T34] usb 5-1: selecting invalid altsetting 0
[  498.226688][T15033] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2752'.
[  498.582504][T15040] FAULT_INJECTION: forcing a failure.
[  498.582504][T15040] name failslab, interval 1, probability 0, space 0, times 0
[  498.588504][T15040] CPU: 0 UID: 0 PID: 15040 Comm: syz.1.2757 Not tainted 6.15.0-rc7-syzkaller-00152-gd0c22de9995b #0 PREEMPT(full) 
[  498.588520][T15040] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  498.588527][T15040] Call Trace:
[  498.588531][T15040]  <TASK>
[  498.588535][T15040]  dump_stack_lvl+0x16c/0x1f0
[  498.588555][T15040]  should_fail_ex+0x512/0x640
[  498.588572][T15040]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[  498.588586][T15040]  should_failslab+0xc2/0x120
[  498.588600][T15040]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  498.588612][T15040]  ? getname_kernel+0x52/0x370
[  498.588627][T15040]  getname_kernel+0x52/0x370
[  498.588640][T15040]  kern_path+0x1d/0x50
[  498.588650][T15040]  lookup_bdev+0xd8/0x280
[  498.588664][T15040]  ? __pfx_lookup_bdev+0x10/0x10
[  498.588677][T15040]  ? resume_store+0x1b8/0x460
[  498.588693][T15040]  ? __asan_memcpy+0x3c/0x60
[  498.588707][T15040]  resume_store+0x1d6/0x460
[  498.588725][T15040]  ? __pfx_resume_store+0x10/0x10
[  498.588745][T15040]  ? find_held_lock+0x2b/0x80
[  498.588758][T15040]  ? __pfx_resume_store+0x10/0x10
[  498.588773][T15040]  kobj_attr_store+0x55/0x80
[  498.588790][T15040]  ? __pfx_kobj_attr_store+0x10/0x10
[  498.588806][T15040]  sysfs_kf_write+0xef/0x150
[  498.588823][T15040]  kernfs_fop_write_iter+0x351/0x510
[  498.588836][T15040]  ? __pfx_sysfs_kf_write+0x10/0x10
[  498.588857][T15040]  vfs_write+0x5bd/0x1180
[  498.588873][T15040]  ? __pfx_kernfs_fop_write_iter+0x10/0x10
[  498.588894][T15040]  ? __pfx___mutex_lock+0x10/0x10
[  498.588933][T15040]  ? __pfx_vfs_write+0x10/0x10
[  498.588968][T15040]  ksys_write+0x12a/0x240
[  498.588981][T15040]  ? __pfx_ksys_write+0x10/0x10
[  498.588993][T15040]  ? rcu_is_watching+0x12/0xc0
[  498.589005][T15040]  __do_fast_syscall_32+0x73/0x120
[  498.589022][T15040]  do_fast_syscall_32+0x32/0x80
[  498.589039][T15040]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  498.589052][T15040] RIP: 0023:0xf7f13579
[  498.589061][T15040] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  498.589071][T15040] RSP: 002b:00000000f503655c EFLAGS: 00000296 ORIG_RAX: 0000000000000004
[  498.589082][T15040] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000000
[  498.589088][T15040] RDX: 0000000000000012 RSI: 0000000000000000 RDI: 0000000000000000
[  498.589097][T15040] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  498.589106][T15040] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  498.589115][T15040] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  498.589137][T15040]  </TASK>
[  498.698929][T15040] syz.1.2757: attempt to access beyond end of device
[  498.698929][T15040] sr0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  499.041148][ T5956] Bluetooth: hci1: Opcode 0x1003 failed: -110
[  499.043077][   T68] Bluetooth: hci1: command 0x1003 tx timeout
[  499.668336][T13080] usb 5-1: USB disconnect, device number 45
[  499.681291][   T58] usb 7-1: USB disconnect, device number 50
[  499.695925][T15050] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  500.311111][T13080] usb 5-1: new high-speed USB device number 46 using dummy_hcd
[  500.438959][T15062] overlayfs: missing 'lowerdir'
[  500.443840][T15062] rdma_rxe: rxe_newlink: failed to add lo
[  500.462273][T13080] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  500.465012][T13080] usb 5-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  500.472191][T13080] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66
[  500.478442][T13080] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  500.481918][T13080] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  500.489410][T13080] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  500.493962][T13080] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  500.496512][T13080] usb 5-1: Product: syz
[  500.497836][T13080] usb 5-1: Manufacturer: syz
[  500.512159][T13080] cdc_wdm 5-1:1.0: skipping garbage
[  500.513847][T13080] cdc_wdm 5-1:1.0: skipping garbage
[  500.516455][T13080] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device
[  500.518324][T13080] cdc_wdm 5-1:1.0: Unknown control protocol
[  500.791138][T14913] usb 8-1: new high-speed USB device number 24 using dummy_hcd
[  500.883610][ T1415] ieee802154 phy0 wpan0: encryption failed: -22
[  500.885740][ T1415] ieee802154 phy1 wpan1: encryption failed: -22
[  500.889206][T15072] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2765'.
[  500.894058][T15073] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2766'.
[  500.920043][T14414] usb 5-1: USB disconnect, device number 46
[  501.072467][T14913] usb 8-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  501.075856][T14913] usb 8-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  501.078796][T14913] usb 8-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  501.081566][T14913] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  501.085735][T15065] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  501.089552][T14913] usb 8-1: Quirk or no altset; falling back to MIDI 1.0
[  501.141151][T13080] usb 6-1: new high-speed USB device number 39 using dummy_hcd
[  501.291080][T13080] usb 6-1: Using ep0 maxpacket: 16
[  501.296091][T13080] usb 6-1: config 0 has an invalid interface number: 8 but max is 0
[  501.298576][T13080] usb 6-1: config 0 has no interface number 0
[  501.300487][T13080] usb 6-1: config 0 interface 8 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  501.305052][T13080] usb 6-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f
[  501.307947][T13080] usb 6-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[  501.310311][T13080] usb 6-1: Product: syz
[  501.313203][T13080] usb 6-1: SerialNumber: syz
[  501.315845][T13080] usb 6-1: config 0 descriptor??
[  501.319259][T13080] usbhid 6-1:0.8: couldn't find an input interrupt endpoint
[  501.523790][T15071] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  501.526659][T15071] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  501.621118][   T40] kauditd_printk_skb: 33 callbacks suppressed
[  501.621129][   T40] audit: type=1800 audit(2000000148.020:2642): pid=15076 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.2767" name="file0" dev="overlay" ino=408 res=0 errno=0
[  501.698057][T15079] nfs4: Bad value for 'source'
[  502.236871][T15081] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2766'.
[  502.351628][T15083] lo speed is unknown, defaulting to 1000
[  502.438623][T15083] lo speed is unknown, defaulting to 1000
[  502.565056][T15091] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2770'.
[  503.289449][   T58] usb 8-1: USB disconnect, device number 24
[  503.331850][T15097] netlink: 'syz.3.2772': attribute type 4 has an invalid length.
[  503.764992][T15103] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2773'.
[  504.895389][T13080] usb 6-1: USB disconnect, device number 39
[  505.360302][T15120] netlink: 4768 bytes leftover after parsing attributes in process `syz.0.2778'.
[  505.772164][T15129] nfs4: Bad value for 'source'
[  506.837513][T15149] overlayfs: missing 'lowerdir'
[  506.843868][T15149] rdma_rxe: rxe_newlink: failed to add lo
[  506.857101][T15148] Bluetooth: received HCILL_WAKE_UP_ACK in state 2
[  506.874868][   T40] audit: type=1800 audit(2000000153.260:2643): pid=15145 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.2784" name="file0" dev="overlay" ino=565 res=0 errno=0
[  506.984107][   T12] Bluetooth: hci1: Frame reassembly failed (-84)
[  507.241192][   T66] usb 7-1: new high-speed USB device number 51 using dummy_hcd
[  507.251126][T14913] usb 8-1: new high-speed USB device number 25 using dummy_hcd
[  507.393312][   T66] usb 7-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  507.396392][   T66] usb 7-1: config 0 interface 0 has no altsetting 0
[  507.400423][   T66] usb 7-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  507.404271][   T66] usb 7-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  507.407557][   T66] usb 7-1: Product: syz
[  507.408977][   T66] usb 7-1: Manufacturer: syz
[  507.410482][   T66] usb 7-1: SerialNumber: syz
[  507.413249][   T66] usb 7-1: config 0 descriptor??
[  507.417123][   T66] usb 7-1: selecting invalid altsetting 0
[  507.422481][T14913] usb 8-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  507.425965][T14913] usb 8-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  507.429211][T14913] usb 8-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  507.432787][T14913] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  507.437067][T15150] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  507.441126][T14913] usb 8-1: Quirk or no altset; falling back to MIDI 1.0
[  507.551302][T15155] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2786'.
[  507.861067][T14913] usb 6-1: new high-speed USB device number 40 using dummy_hcd
[  508.023165][T14913] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  508.026887][T14913] usb 6-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  508.030128][T14913] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66
[  508.033140][T14913] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  508.036588][T14913] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  508.041661][T14913] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  508.044604][T14913] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  508.047220][T14913] usb 6-1: Product: syz
[  508.048725][T14913] usb 6-1: Manufacturer: syz
[  508.063845][T14913] cdc_wdm 6-1:1.0: skipping garbage
[  508.065619][T14913] cdc_wdm 6-1:1.0: skipping garbage
[  508.069414][T14913] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device
[  508.079784][T14913] cdc_wdm 6-1:1.0: Unknown control protocol
[  508.083333][T15163] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2788'.
[  508.467841][T14913] usb 6-1: USB disconnect, device number 40
[  508.828675][T15166] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2789'.
[  508.891260][ T5947] Bluetooth: hci1: command 0x1003 tx timeout
[  508.891313][ T5956] Bluetooth: hci1: Opcode 0x1003 failed: -110
[  509.054059][T15171] netlink: 'syz.1.2791': attribute type 4 has an invalid length.
[  509.196557][T15176] nfs4: Bad value for 'source'
[  509.683895][T14913] usb 8-1: USB disconnect, device number 25
[  509.743304][T15159] usb 7-1: USB disconnect, device number 51
[  510.076489][   T40] audit: type=1800 audit(2000000156.480:2644): pid=15189 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.2795" name="file0" dev="overlay" ino=353 res=0 errno=0
[  510.350282][T15190] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2796'.
[  511.141124][T14913] usb 7-1: new high-speed USB device number 52 using dummy_hcd
[  511.172184][T15201] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2800'.
[  511.467417][T14913] usb 7-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  511.469991][T14913] usb 7-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  511.809944][T14913] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 66
[  511.812854][T14913] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  511.816599][T14913] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  511.822427][T14913] usb 7-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  511.825133][T14913] usb 7-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  511.827553][T14913] usb 7-1: Product: syz
[  511.828846][T14913] usb 7-1: Manufacturer: syz
[  511.832739][T14913] cdc_wdm 7-1:1.0: skipping garbage
[  511.834341][T14913] cdc_wdm 7-1:1.0: skipping garbage
[  511.838040][T15200] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2797'.
[  511.838082][T14913] cdc_wdm 7-1:1.0: cdc-wdm0: USB WDM device
[  511.842859][T14913] cdc_wdm 7-1:1.0: Unknown control protocol
[  512.143720][T15211] overlayfs: missing 'lowerdir'
[  512.149154][T15211] rdma_rxe: rxe_newlink: failed to add lo
[  512.236580][T15159] usb 7-1: USB disconnect, device number 52
[  512.274365][T15216] Bluetooth: received HCILL_WAKE_UP_ACK in state 2
[  512.309676][   T13] Bluetooth: hci1: Frame reassembly failed (-84)
[  512.471266][T14913] usb 8-1: new high-speed USB device number 26 using dummy_hcd
[  512.581197][T13080] usb 5-1: new high-speed USB device number 47 using dummy_hcd
[  512.645982][T14913] usb 8-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  512.650376][T14913] usb 8-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  512.655691][T14913] usb 8-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  512.658499][T14913] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  512.664130][T15215] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  512.668121][T14913] usb 8-1: Quirk or no altset; falling back to MIDI 1.0
[  512.734902][T13080] usb 5-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  512.741089][T13080] usb 5-1: config 0 interface 0 has no altsetting 0
[  512.752165][T13080] usb 5-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  512.754898][T13080] usb 5-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  512.757267][T13080] usb 5-1: Product: syz
[  512.758546][T13080] usb 5-1: Manufacturer: syz
[  512.762807][T13080] usb 5-1: SerialNumber: syz
[  512.765800][T13080] usb 5-1: config 0 descriptor??
[  512.769778][T13080] usb 5-1: selecting invalid altsetting 0
[  512.770715][T15226] nfs4: Bad value for 'source'
[  512.934952][   T40] audit: type=1800 audit(2000000159.340:2645): pid=15230 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.2806" name="file0" dev="overlay" ino=605 res=0 errno=0
[  513.690586][T15236] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2808'.
[  513.721465][T15237] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2809'.
[  514.321125][ T5956] Bluetooth: hci1: Opcode 0x1003 failed: -110
[  514.333055][T15246] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2811'.
[  514.827372][T15249] netlink: 'syz.1.2812': attribute type 4 has an invalid length.
[  515.004020][T14913] usb 8-1: USB disconnect, device number 26
[  515.142261][T13080] usb 5-1: USB disconnect, device number 47
[  515.265782][T15261] nfs4: Bad value for 'source'
[  515.681093][T14913] usb 8-1: new high-speed USB device number 27 using dummy_hcd
[  515.832389][T14913] usb 8-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  515.834962][T14913] usb 8-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  515.837924][T14913] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 66
[  515.840571][T14913] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  515.844713][T14913] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  515.849129][T14913] usb 8-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  515.851999][T14913] usb 8-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  515.854349][T14913] usb 8-1: Product: syz
[  515.855575][T14913] usb 8-1: Manufacturer: syz
[  515.859331][T14913] cdc_wdm 8-1:1.0: skipping garbage
[  515.860927][T14913] cdc_wdm 8-1:1.0: skipping garbage
[  515.866369][T14913] cdc_wdm 8-1:1.0: cdc-wdm0: USB WDM device
[  515.868171][T14913] cdc_wdm 8-1:1.0: Unknown control protocol
[  516.134501][   T40] audit: type=1800 audit(2000000162.540:2646): pid=15272 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.2818" name="file0" dev="overlay" ino=404 res=0 errno=0
[  516.211358][T15273] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2819'.
[  516.363372][T14913] usb 8-1: USB disconnect, device number 27
[  516.894783][T15278] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2820'.
[  517.363959][T15285] overlayfs: option "workdir=./file0" is useless in a non-upper mount, ignore
[  517.366652][T15285] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  517.381975][T15285] rdma_rxe: rxe_newlink: failed to add lo
[  517.731134][T14913] usb 8-1: new high-speed USB device number 28 using dummy_hcd
[  517.750202][T15294] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2823'.
[  517.855845][T15296] Bluetooth: received HCILL_WAKE_UP_ACK in state 2
[  517.873961][ T1137] Bluetooth: hci1: Frame reassembly failed (-84)
[  517.882975][T14913] usb 8-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  517.887669][T14913] usb 8-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  517.892803][T14913] usb 8-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  517.896599][T14913] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  517.906563][T15288] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  517.912320][T14913] usb 8-1: Quirk or no altset; falling back to MIDI 1.0
[  518.111191][T15159] usb 7-1: new high-speed USB device number 53 using dummy_hcd
[  518.272820][T15159] usb 7-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  518.276347][T15159] usb 7-1: config 0 interface 0 has no altsetting 0
[  518.280877][T15159] usb 7-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  518.284606][T15159] usb 7-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  518.287641][T15159] usb 7-1: Product: syz
[  518.289356][T15159] usb 7-1: Manufacturer: syz
[  518.291814][T15159] usb 7-1: SerialNumber: syz
[  518.295726][T15159] usb 7-1: config 0 descriptor??
[  518.300915][T15159] usb 7-1: selecting invalid altsetting 0
[  518.495567][T15303] nfs4: Bad value for 'source'
[  519.171157][   T40] audit: type=1800 audit(2000000165.570:2647): pid=15309 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.2828" name="file0" dev="overlay" ino=635 res=0 errno=0
[  519.591160][T13080] usb 5-1: new high-speed USB device number 48 using dummy_hcd
[  519.765277][T13080] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  519.767914][T13080] usb 5-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  519.770898][T13080] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66
[  519.773668][T13080] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  519.776886][T13080] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  519.781633][T13080] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  519.784750][T13080] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  519.787184][T13080] usb 5-1: Product: syz
[  519.788502][T13080] usb 5-1: Manufacturer: syz
[  519.795253][T13080] cdc_wdm 5-1:1.0: skipping garbage
[  519.796882][T13080] cdc_wdm 5-1:1.0: skipping garbage
[  519.799324][T13080] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device
[  519.801373][T13080] cdc_wdm 5-1:1.0: Unknown control protocol
[  519.899617][ T5956] Bluetooth: hci5: Malformed HCI Event: 0x22
[  519.921777][ T5956] Bluetooth: hci1: command 0x1003 tx timeout
[  519.925206][ T5947] Bluetooth: hci1: Opcode 0x1003 failed: -110
[  519.979357][T15316] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2831'.
[  520.204059][T13080] usb 5-1: USB disconnect, device number 48
[  520.218165][T14913] usb 8-1: USB disconnect, device number 28
[  520.312707][T15320] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2832'.
[  520.346810][T15322] netlink: 'syz.1.2833': attribute type 4 has an invalid length.
[  520.770353][T13080] usb 7-1: USB disconnect, device number 53
[  521.153684][T15331] netlink: 4768 bytes leftover after parsing attributes in process `syz.2.2835'.
[  522.885324][T15341] nfs4: Bad value for 'source'
[  522.947731][T15342] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2834'.
[  523.431328][   T40] audit: type=1800 audit(2000000169.840:2648): pid=15348 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.2838" name="file0" dev="overlay" ino=528 res=0 errno=0
[  523.863833][T15358] overlayfs: option "workdir=./file0" is useless in a non-upper mount, ignore
[  523.866698][T15358] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  523.873378][T15358] rdma_rxe: rxe_newlink: failed to add lo
[  524.005900][T15360] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2841'.
[  524.031232][   T10] usb 6-1: new high-speed USB device number 41 using dummy_hcd
[  524.182451][   T10] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  524.185585][   T10] usb 6-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  524.194620][   T10] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66
[  524.197432][   T10] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  524.210470][   T10] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  524.216496][   T10] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  524.219324][   T10] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  524.224548][   T10] usb 6-1: Product: syz
[  524.225880][   T10] usb 6-1: Manufacturer: syz
[  524.231298][   T29] usb 8-1: new high-speed USB device number 29 using dummy_hcd
[  524.231893][   T10] cdc_wdm 6-1:1.0: skipping garbage
[  524.235618][   T10] cdc_wdm 6-1:1.0: skipping garbage
[  524.238875][T15367] Bluetooth: received HCILL_WAKE_UP_ACK in state 2
[  524.241404][   T10] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device
[  524.243291][   T10] cdc_wdm 6-1:1.0: Unknown control protocol
[  524.251080][ T1170] Bluetooth: hci1: Frame reassembly failed (-84)
[  524.382659][   T29] usb 8-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  524.400078][   T29] usb 8-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  524.411093][   T29] usb 8-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  524.413962][   T29] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  524.418228][T15359] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  524.424631][   T29] usb 8-1: Quirk or no altset; falling back to MIDI 1.0
[  524.521113][T13080] usb 5-1: new high-speed USB device number 49 using dummy_hcd
[  524.635055][   T10] usb 6-1: USB disconnect, device number 41
[  524.652868][T15370] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2844'.
[  524.679116][T13080] usb 5-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  524.683438][T13080] usb 5-1: config 0 interface 0 has no altsetting 0
[  524.688166][T13080] usb 5-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  524.690960][T13080] usb 5-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  524.694394][T13080] usb 5-1: Product: syz
[  524.695803][T13080] usb 5-1: Manufacturer: syz
[  524.697244][T13080] usb 5-1: SerialNumber: syz
[  524.702952][T13080] usb 5-1: config 0 descriptor??
[  524.721679][T13080] usb 5-1: selecting invalid altsetting 0
[  524.928403][T15373] syz.2.2845: attempt to access beyond end of device
[  524.928403][T15373] sr0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  525.190632][T15379] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2846'.
[  525.940872][T15384] nfs4: Bad value for 'source'
[  526.096513][T15389] netlink: 4768 bytes leftover after parsing attributes in process `syz.1.2850'.
[  526.321140][ T5956] Bluetooth: hci1: command 0x1003 tx timeout
[  526.321366][ T5947] Bluetooth: hci1: Opcode 0x1003 failed: -110
[  526.706733][T14913] usb 8-1: USB disconnect, device number 29
[  526.720751][T15391] netlink: 'syz.3.2851': attribute type 4 has an invalid length.
[  527.129073][   T40] audit: type=1800 audit(2000000173.530:2649): pid=15400 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.2852" name="file0" dev="overlay" ino=680 res=0 errno=0
[  527.143929][ T2093] usb 5-1: USB disconnect, device number 49
[  527.353223][T15401] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2853'.
[  527.904506][T15405] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2854'.
[  528.446498][T15413] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2856'.
[  528.761177][   T10] usb 7-1: new high-speed USB device number 54 using dummy_hcd
[  528.912360][   T10] usb 7-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  528.915055][   T10] usb 7-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  528.918184][   T10] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 66
[  528.920989][   T10] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  528.929335][   T10] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  528.936760][   T10] usb 7-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  528.939574][   T10] usb 7-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  528.942319][   T10] usb 7-1: Product: syz
[  528.943650][   T10] usb 7-1: Manufacturer: syz
[  528.947459][   T10] cdc_wdm 7-1:1.0: skipping garbage
[  528.949099][   T10] cdc_wdm 7-1:1.0: skipping garbage
[  528.952449][   T10] cdc_wdm 7-1:1.0: cdc-wdm0: USB WDM device
[  528.954339][   T10] cdc_wdm 7-1:1.0: Unknown control protocol
[  529.130796][T15422] overlayfs: option "workdir=./file0" is useless in a non-upper mount, ignore
[  529.133834][T15422] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  529.139622][T15422] rdma_rxe: rxe_newlink: failed to add lo
[  529.363665][T14913] usb 7-1: USB disconnect, device number 54
[  529.451500][   T29] usb 6-1: new high-speed USB device number 42 using dummy_hcd
[  529.602474][   T29] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  529.606519][   T29] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  529.610181][   T29] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  529.613734][   T29] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  529.618826][T15424] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  529.623636][   T29] usb 6-1: Quirk or no altset; falling back to MIDI 1.0
[  529.921663][T15430] nfs4: Bad value for 'source'
[  529.946619][T15432] netlink: 4768 bytes leftover after parsing attributes in process `syz.3.2862'.
[  530.100849][T15438] Bluetooth: received HCILL_WAKE_UP_ACK in state 2
[  530.106272][   T64] Bluetooth: hci1: Frame reassembly failed (-84)
[  530.381118][   T29] usb 8-1: new high-speed USB device number 30 using dummy_hcd
[  530.542623][   T29] usb 8-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  530.546450][   T29] usb 8-1: config 0 interface 0 has no altsetting 0
[  530.550599][   T29] usb 8-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  530.554074][   T29] usb 8-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  530.556698][   T29] usb 8-1: Product: syz
[  530.558147][   T29] usb 8-1: Manufacturer: syz
[  530.559665][   T29] usb 8-1: SerialNumber: syz
[  530.562516][   T29] usb 8-1: config 0 descriptor??
[  530.566928][   T29] usb 8-1: selecting invalid altsetting 0
[  530.683322][T15441] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2864'.
[  530.983851][   T40] audit: type=1800 audit(2000000177.390:2650): pid=15446 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.2865" name="file0" dev="overlay" ino=487 res=0 errno=0
[  531.287254][T15449] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2866'.
[  531.725158][T15456] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2867'.
[  531.981448][T14913] usb 6-1: USB disconnect, device number 42
[  532.161207][ T5956] Bluetooth: hci1: command 0x1003 tx timeout
[  532.165619][ T5947] Bluetooth: hci1: Opcode 0x1003 failed: -110
[  532.351079][T14913] usb 6-1: new high-speed USB device number 43 using dummy_hcd
[  532.490104][T15464] netlink: 'syz.0.2871': attribute type 4 has an invalid length.
[  532.554459][T14913] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  532.557208][T14913] usb 6-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  532.600923][T15469] nfs4: Bad value for 'source'
[  532.988774][ T5982] usb 8-1: USB disconnect, device number 30
[  533.136444][T15476] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2874'.
[  533.599295][T15480] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2875'.
[  533.645225][T14913] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66
[  534.246176][T14913] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  534.250599][T14913] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  534.274414][T14913] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  534.277280][T14913] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  534.279746][T14913] usb 6-1: Product: syz
[  534.281139][T14913] usb 6-1: Manufacturer: syz
[  534.285315][T14913] cdc_wdm 6-1:1.0: skipping garbage
[  534.287163][T14913] cdc_wdm 6-1:1.0: skipping garbage
[  534.297982][T14913] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device
[  534.299944][T14913] cdc_wdm 6-1:1.0: Unknown control protocol
[  534.531211][   T40] audit: type=1800 audit(2000000180.930:2651): pid=15488 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.2876" name="file0" dev="overlay" ino=1057 res=0 errno=0
[  534.700880][   T10] usb 6-1: USB disconnect, device number 43
[  535.428556][T15498] rdma_rxe: rxe_newlink: failed to add lo
[  535.589800][T15495] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2879'.
[  535.731200][T14913] usb 8-1: new high-speed USB device number 31 using dummy_hcd
[  535.896536][T14913] usb 8-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  535.915733][T14913] usb 8-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  535.919341][T14913] usb 8-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  535.922319][T14913] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  535.930967][T15498] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  535.940238][T14913] usb 8-1: Quirk or no altset; falling back to MIDI 1.0
[  536.143226][T15512] nfs4: Bad value for 'source'
[  536.218206][T15514] Bluetooth: received HCILL_WAKE_UP_ACK in state 2
[  536.223944][ T1137] Bluetooth: hci1: Frame reassembly failed (-84)
[  536.227634][ T1137] Bluetooth: hci1: Frame reassembly failed (-84)
[  536.492408][T14913] usb 5-1: new high-speed USB device number 50 using dummy_hcd
[  536.630701][T15519] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2884'.
[  536.652726][T14913] usb 5-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  536.657319][T14913] usb 5-1: config 0 interface 0 has no altsetting 0
[  536.662168][T14913] usb 5-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  536.665188][T14913] usb 5-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  536.667874][T14913] usb 5-1: Product: syz
[  536.669286][T14913] usb 5-1: Manufacturer: syz
[  536.672719][T14913] usb 5-1: SerialNumber: syz
[  536.675925][T14913] usb 5-1: config 0 descriptor??
[  536.681725][T14913] usb 5-1: selecting invalid altsetting 0
[  537.121194][   T40] audit: type=1800 audit(2000000183.520:2652): pid=15528 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.2886" name="file0" dev="overlay" ino=543 res=0 errno=0
[  537.271188][T13783] usb 6-1: new high-speed USB device number 44 using dummy_hcd
[  537.422479][T13783] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  537.425281][T13783] usb 6-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  537.428459][T13783] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66
[  537.435837][T13783] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  537.440923][T13783] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  537.445590][T13783] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  537.448467][T13783] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  537.450971][T13783] usb 6-1: Product: syz
[  537.452482][T13783] usb 6-1: Manufacturer: syz
[  537.456461][T13783] cdc_wdm 6-1:1.0: skipping garbage
[  537.458139][T13783] cdc_wdm 6-1:1.0: skipping garbage
[  537.460579][T13783] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device
[  537.462687][T13783] cdc_wdm 6-1:1.0: Unknown control protocol
[  537.860840][T14913] usb 6-1: USB disconnect, device number 44
[  537.869463][T15531] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2888'.
[  538.117693][T15534] netlink: 'syz.2.2889': attribute type 4 has an invalid length.
[  538.241171][ T5956] Bluetooth: hci1: command 0x1003 tx timeout
[  538.244635][   T68] Bluetooth: hci1: Opcode 0x1003 failed: -110
[  538.436383][T14913] usb 8-1: USB disconnect, device number 31
[  538.791129][T15545] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2891'.
[  539.119770][T13783] usb 5-1: USB disconnect, device number 50
[  539.276478][T15552] nfs4: Bad value for 'source'
[  539.311986][T15553] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2893'.
[  539.729900][   T40] audit: type=1800 audit(2000000185.970:2653): pid=15560 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.2896" name="file0" dev="overlay" ino=733 res=0 errno=0
[  540.255265][T15567] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2897'.
[  540.361421][T15572] rdma_rxe: rxe_newlink: failed to add lo
[  540.641115][ T2296] usb 6-1: new high-speed USB device number 45 using dummy_hcd
[  540.671178][T14913] usb 8-1: new high-speed USB device number 32 using dummy_hcd
[  540.792465][ T2296] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  540.796360][ T2296] usb 6-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  540.799579][ T2296] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66
[  540.803713][ T2296] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  540.809697][ T2296] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  540.814665][ T2296] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  540.817588][ T2296] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  540.820121][ T2296] usb 6-1: Product: syz
[  540.821808][ T2296] usb 6-1: Manufacturer: syz
[  540.825863][ T2296] cdc_wdm 6-1:1.0: skipping garbage
[  540.827636][ T2296] cdc_wdm 6-1:1.0: skipping garbage
[  540.830034][ T2296] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device
[  540.832307][ T2296] cdc_wdm 6-1:1.0: Unknown control protocol
[  540.833885][T14913] usb 8-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  540.843275][T14913] usb 8-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  540.849994][T14913] usb 8-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  540.855643][T14913] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  540.864163][T15576] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  540.868280][T14913] usb 8-1: Quirk or no altset; falling back to MIDI 1.0
[  541.229480][ T2296] usb 6-1: USB disconnect, device number 45
[  541.418877][T15582] Bluetooth: received HCILL_WAKE_UP_ACK in state 2
[  541.425879][  T224] Bluetooth: hci1: Frame reassembly failed (-84)
[  541.681133][ T2093] usb 5-1: new high-speed USB device number 51 using dummy_hcd
[  541.743313][T15585] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2902'.
[  541.746246][T15585] nbd: must specify a size in bytes for the device
[  541.835637][ T2093] usb 5-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  541.848270][ T2093] usb 5-1: config 0 interface 0 has no altsetting 0
[  541.859699][ T2093] usb 5-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  541.869286][ T2093] usb 5-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  541.874445][ T2093] usb 5-1: Product: syz
[  541.875852][ T2093] usb 5-1: Manufacturer: syz
[  541.877530][ T2093] usb 5-1: SerialNumber: syz
[  541.886856][ T2093] usb 5-1: config 0 descriptor??
[  541.907580][ T2093] usb 5-1: selecting invalid altsetting 0
[  542.023429][T15589] netlink: 96 bytes leftover after parsing attributes in process `syz.1.2903'.
[  542.705189][T15597] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2905'.
[  543.189900][T14913] usb 8-1: USB disconnect, device number 32
[  543.451153][   T68] Bluetooth: hci1: command 0x1003 tx timeout
[  543.451195][ T5956] Bluetooth: hci1: Opcode 0x1003 failed: -110
[  543.884172][   T40] audit: type=1800 audit(2000000190.170:2654): pid=15606 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.2907" name="file0" dev="overlay" ino=768 res=0 errno=0
[  543.890585][T15607] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2906'.
[  543.919419][T15610] nfs4: Bad value for 'source'
[  544.347504][ T5982] usb 5-1: USB disconnect, device number 51
[  544.371933][T15615] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2909'.
[  544.432880][T15617] netlink: 'syz.0.2910': attribute type 4 has an invalid length.
[  545.657517][T15633] rdma_rxe: rxe_newlink: failed to add lo
[  545.661880][T14913] usb 6-1: new high-speed USB device number 46 using dummy_hcd
[  545.830423][T15636] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2915'.
[  545.974154][T14913] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  545.976899][T14913] usb 6-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  545.980213][T14913] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66
[  545.988344][T14913] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  546.001526][T14913] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  546.008808][T14913] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  546.017701][T14913] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  546.020453][T14913] usb 6-1: Product: syz
[  546.063045][ T6300] usb 7-1: new high-speed USB device number 55 using dummy_hcd
[  546.082893][T14913] usb 6-1: Manufacturer: syz
[  546.088889][T14913] cdc_wdm 6-1:1.0: skipping garbage
[  546.092802][T14913] cdc_wdm 6-1:1.0: skipping garbage
[  546.371290][T14913] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device
[  546.373827][T14913] cdc_wdm 6-1:1.0: Unknown control protocol
[  546.402582][ T6300] usb 7-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  546.406218][ T6300] usb 7-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  546.413007][ T6300] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  546.421253][ T6300] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  546.446155][T15634] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  546.494150][ T6300] usb 7-1: Quirk or no altset; falling back to MIDI 1.0
[  546.611340][   T29] usb 6-1: USB disconnect, device number 46
[  547.527242][T15649] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2917'.
[  547.677156][T15650] Bluetooth: received HCILL_WAKE_UP_ACK in state 2
[  547.681754][   T12] Bluetooth: hci1: Frame reassembly failed (-84)
[  547.884797][T15651] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  547.951194][T13783] usb 8-1: new high-speed USB device number 33 using dummy_hcd
[  548.103467][T13783] usb 8-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  548.106385][T13783] usb 8-1: config 0 interface 0 has no altsetting 0
[  548.109965][T13783] usb 8-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  548.112849][T13783] usb 8-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  548.115352][T13783] usb 8-1: Product: syz
[  548.116637][T13783] usb 8-1: Manufacturer: syz
[  548.118070][T13783] usb 8-1: SerialNumber: syz
[  548.120627][T13783] usb 8-1: config 0 descriptor??
[  548.127500][T13783] usb 8-1: selecting invalid altsetting 0
[  548.396452][   T40] audit: type=1800 audit(2000000194.800:2655): pid=15658 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.2920" name="file0" dev="overlay" ino=793 res=0 errno=0
[  548.614518][   T29] usb 7-1: USB disconnect, device number 55
[  548.659230][T15665] nfs4: Bad value for 'source'
[  548.698848][T15666] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2921'.
[  549.201180][ T2093] usb 7-1: new high-speed USB device number 56 using dummy_hcd
[  549.358236][ T2093] usb 7-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  549.364456][ T2093] usb 7-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  549.367668][ T2093] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 66
[  549.370382][ T2093] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  549.374524][ T2093] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  549.383711][ T2093] usb 7-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  549.388446][ T2093] usb 7-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  549.390936][ T2093] usb 7-1: Product: syz
[  549.392803][ T2093] usb 7-1: Manufacturer: syz
[  549.418570][ T2093] cdc_wdm 7-1:1.0: skipping garbage
[  549.420783][ T2093] cdc_wdm 7-1:1.0: skipping garbage
[  549.435675][ T2093] cdc_wdm 7-1:1.0: cdc-wdm0: USB WDM device
[  549.438160][ T2093] cdc_wdm 7-1:1.0: Unknown control protocol
[  549.681434][ T5956] Bluetooth: hci1: Opcode 0x1003 failed: -110
[  549.814298][T15681] netlink: 'syz.0.2927': attribute type 4 has an invalid length.
[  549.828138][ T2296] usb 7-1: USB disconnect, device number 56
[  550.283958][T15688] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2928'.
[  550.420226][ T2296] usb 8-1: USB disconnect, device number 33
[  550.919569][T15704] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2931'.
[  551.046840][   T29] usb 7-1: new high-speed USB device number 57 using dummy_hcd
[  551.178921][   T40] audit: type=1800 audit(2000000197.580:2656): pid=15709 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.2934" name="file0" dev="overlay" ino=1162 res=0 errno=0
[  551.198768][   T29] usb 7-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  551.206245][   T29] usb 7-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  551.211312][   T29] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  551.217363][   T29] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  551.240634][T15693] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  551.252726][   T29] usb 7-1: Quirk or no altset; falling back to MIDI 1.0
[  551.555943][T15711] nfs4: Bad value for 'source'
[  552.637773][T15723] Bluetooth: received HCILL_WAKE_UP_ACK in state 2
[  552.641712][   T12] Bluetooth: hci1: Frame reassembly failed (-84)
[  552.643947][   T12] Bluetooth: hci1: Frame reassembly failed (-84)
[  552.646217][ T1141] Bluetooth: hci1: Frame reassembly failed (-84)
[  552.921151][ T5982] usb 6-1: new high-speed USB device number 47 using dummy_hcd
[  553.038889][T15730] netlink: 'syz.0.2941': attribute type 1 has an invalid length.
[  553.041539][T15730] netlink: 224 bytes leftover after parsing attributes in process `syz.0.2941'.
[  553.074408][ T5982] usb 6-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  553.078528][ T5982] usb 6-1: config 0 interface 0 has no altsetting 0
[  553.085175][ T5982] usb 6-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  553.090188][ T5982] usb 6-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  553.094903][ T5982] usb 6-1: Product: syz
[  553.096567][ T5982] usb 6-1: Manufacturer: syz
[  553.098411][ T5982] usb 6-1: SerialNumber: syz
[  553.102640][ T5982] usb 6-1: config 0 descriptor??
[  553.114831][ T5982] usb 6-1: selecting invalid altsetting 0
[  553.235505][T15736] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2940'.
[  553.450250][   T29] usb 7-1: USB disconnect, device number 57
[  553.592621][T15737] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2943'.
[  553.734795][   T40] audit: type=1800 audit(2000000200.130:2657): pid=15742 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.2944" name="file0" dev="overlay" ino=633 res=0 errno=0
[  554.417739][T15757] netlink: 64 bytes leftover after parsing attributes in process `syz.2.2949'.
[  554.422656][T15757] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2949'.
[  554.425556][T15757] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2949'.
[  554.641896][ T5956] Bluetooth: hci1: Opcode 0x1003 failed: -110
[  554.867955][T15760] netlink: 'syz.3.2950': attribute type 4 has an invalid length.
[  555.435328][T15771] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2953'.
[  555.648247][ T5982] usb 6-1: USB disconnect, device number 47
[  555.873175][T15774] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2954'.
[  556.167003][T15776] unknown channel width for channel at 909000KHz?
[  556.732462][T15786] FAULT_INJECTION: forcing a failure.
[  556.732462][T15786] name failslab, interval 1, probability 0, space 0, times 0
[  556.737248][T15786] CPU: 3 UID: 0 PID: 15786 Comm: syz.1.2959 Not tainted 6.15.0-rc7-syzkaller-00152-gd0c22de9995b #0 PREEMPT(full) 
[  556.737264][T15786] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  556.737271][T15786] Call Trace:
[  556.737275][T15786]  <TASK>
[  556.737280][T15786]  dump_stack_lvl+0x16c/0x1f0
[  556.737300][T15786]  should_fail_ex+0x512/0x640
[  556.737317][T15786]  ? __kmalloc_noprof+0xbf/0x510
[  556.737330][T15786]  ? constrain_params_by_rules+0x175/0xca0
[  556.737346][T15786]  should_failslab+0xc2/0x120
[  556.737360][T15786]  __kmalloc_noprof+0xd2/0x510
[  556.737371][T15786]  ? __pfx_stack_trace_save+0x10/0x10
[  556.737386][T15786]  constrain_params_by_rules+0x175/0xca0
[  556.737402][T15786]  ? save_trace+0x4e/0x380
[  556.737416][T15786]  ? __bfs+0x148/0x290
[  556.737429][T15786]  ? __pfx_constrain_params_by_rules+0x10/0x10
[  556.737445][T15786]  ? check_irq_usage+0xcb/0x920
[  556.737461][T15786]  ? __mutex_trylock_common+0xe9/0x250
[  556.737480][T15786]  ? snd_interval_refine+0x2fa/0x580
[  556.737494][T15786]  snd_pcm_hw_refine+0x7de/0xad0
[  556.737514][T15786]  ? __pfx_snd_pcm_hw_refine+0x10/0x10
[  556.737533][T15786]  ? do_raw_spin_lock+0x12c/0x2b0
[  556.737550][T15786]  ? mark_held_locks+0x49/0x80
[  556.737566][T15786]  snd_pcm_hw_params+0x3e4/0x1b40
[  556.737579][T15786]  ? do_raw_spin_unlock+0x172/0x230
[  556.737594][T15786]  ? __pfx_snd_pcm_hw_params+0x10/0x10
[  556.737604][T15786]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[  556.737619][T15786]  ? find_held_lock+0x2b/0x80
[  556.737630][T15786]  ? mark_held_locks+0x49/0x80
[  556.737643][T15786]  ? _raw_spin_unlock_irq+0x23/0x50
[  556.737656][T15786]  ? lockdep_hardirqs_on+0x7c/0x110
[  556.737674][T15786]  snd_pcm_kernel_ioctl+0x147/0x2e0
[  556.737686][T15786]  snd_pcm_oss_change_params_locked+0x1432/0x3a30
[  556.737710][T15786]  ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10
[  556.737727][T15786]  ? mas_preallocate+0x5b4/0xcd0
[  556.737747][T15786]  snd_pcm_oss_mmap+0x578/0x700
[  556.737765][T15786]  __mmap_region+0x1485/0x27c0
[  556.737779][T15786]  ? __pfx___mmap_region+0x10/0x10
[  556.737819][T15786]  ? __lock_acquire+0xaa4/0x1ba0
[  556.737837][T15786]  mmap_region+0x1ab/0x3f0
[  556.737857][T15786]  do_mmap+0xd8e/0x11b0
[  556.737875][T15786]  ? __pfx_do_mmap+0x10/0x10
[  556.737891][T15786]  ? __pfx_down_write_killable+0x10/0x10
[  556.737904][T15786]  vm_mmap_pgoff+0x281/0x450
[  556.737922][T15786]  ? __pfx_vm_mmap_pgoff+0x10/0x10
[  556.737940][T15786]  ? __fget_files+0x20e/0x3c0
[  556.737954][T15786]  ksys_mmap_pgoff+0x32c/0x5c0
[  556.737969][T15786]  ? __ia32_sys_mmap_pgoff+0x11/0x1b0
[  556.737986][T15786]  __do_fast_syscall_32+0x73/0x120
[  556.738003][T15786]  do_fast_syscall_32+0x32/0x80
[  556.738019][T15786]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  556.738032][T15786] RIP: 0023:0xf7f13579
[  556.738042][T15786] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  556.738052][T15786] RSP: 002b:00000000f503655c EFLAGS: 00000296 ORIG_RAX: 00000000000000c0
[  556.738062][T15786] RAX: ffffffffffffffda RBX: 0000000080ffd000 RCX: 0000000000002000
[  556.738069][T15786] RDX: 000000000100000b RSI: 0000000000008012 RDI: 0000000000000003
[  556.738075][T15786] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  556.738081][T15786] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  556.738087][T15786] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  556.738101][T15786]  </TASK>
[  557.029906][T15795] Bluetooth: received HCILL_WAKE_UP_ACK in state 2
[  557.069538][T13863] Bluetooth: hci1: Frame reassembly failed (-84)
[  557.321394][ T2093] usb 6-1: new high-speed USB device number 48 using dummy_hcd
[  557.472668][ T2093] usb 6-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  557.475825][ T2093] usb 6-1: config 0 interface 0 has no altsetting 0
[  557.480184][ T2093] usb 6-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  557.487702][ T2093] usb 6-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  557.490286][ T2093] usb 6-1: Product: syz
[  557.491844][ T2093] usb 6-1: Manufacturer: syz
[  557.493349][ T2093] usb 6-1: SerialNumber: syz
[  557.506120][ T2093] usb 6-1: config 0 descriptor??
[  557.646760][T15801] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2963'.
[  557.857512][ T2093] usb 6-1: selecting invalid altsetting 0
[  558.509512][T15809] nfs4: Bad value for 'source'
[  558.924274][T15814] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2967'.
[  559.121133][ T5956] Bluetooth: hci1: Opcode 0x1003 failed: -110
[  559.397408][T15817] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2968'.
[  559.529894][T15830] netlink: 'syz.2.2974': attribute type 4 has an invalid length.
[  560.031790][ T6300] usb 8-1: new high-speed USB device number 34 using dummy_hcd
[  560.206668][ T6300] usb 8-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  560.221119][ T6300] usb 8-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  560.243293][ T6300] usb 8-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  560.246435][ T6300] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  560.250658][T15837] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  560.256373][ T6300] usb 8-1: Quirk or no altset; falling back to MIDI 1.0
[  560.785399][   T10] usb 6-1: USB disconnect, device number 48
[  561.164145][T15851] nfs4: Bad value for 'source'
[  562.276943][T15860] netlink: 'syz.1.2980': attribute type 10 has an invalid length.
[  562.289797][T15860] veth0_vlan: left promiscuous mode
[  562.293988][T15860] veth0_vlan: entered promiscuous mode
[  562.299156][T15860] team0: Device veth0_vlan failed to register rx_handler
[  562.325099][ T1415] ieee802154 phy0 wpan0: encryption failed: -22
[  562.327766][ T1415] ieee802154 phy1 wpan1: encryption failed: -22
[  562.578417][ T6300] usb 8-1: USB disconnect, device number 34
[  562.781194][   T40] audit: type=1800 audit(2000000209.170:2658): pid=15875 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.2983" name="file0" dev="overlay" ino=875 res=0 errno=0
[  562.805289][   T40] audit: type=1800 audit(2000000209.210:2659): pid=15874 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.2984" name="file0" dev="overlay" ino=724 res=0 errno=0
[  563.637148][T15892] unknown channel width for channel at 909000KHz?
[  563.721127][ T5982] usb 5-1: new high-speed USB device number 52 using dummy_hcd
[  563.892662][ T5982] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  563.895443][ T5982] usb 5-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  563.898478][ T5982] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66
[  563.911180][T15897] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2990'.
[  563.914492][ T5982] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  563.936495][ T5982] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  563.982822][ T5982] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  563.986553][ T5982] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  563.989852][ T5982] usb 5-1: Product: syz
[  564.008611][ T5982] usb 5-1: Manufacturer: syz
[  564.026550][ T5982] cdc_wdm 5-1:1.0: skipping garbage
[  564.028672][ T5982] cdc_wdm 5-1:1.0: skipping garbage
[  564.034913][ T5982] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device
[  564.037182][ T5982] cdc_wdm 5-1:1.0: Unknown control protocol
[  564.442344][   T29] usb 5-1: USB disconnect, device number 52
[  564.461206][ T6300] usb 8-1: new high-speed USB device number 35 using dummy_hcd
[  564.622987][ T6300] usb 8-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  564.627551][ T6300] usb 8-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  564.630733][ T6300] usb 8-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  564.634210][ T6300] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  564.638715][T15902] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  564.642929][ T6300] usb 8-1: Quirk or no altset; falling back to MIDI 1.0
[  565.676340][T15919] netlink: 'syz.0.2996': attribute type 10 has an invalid length.
[  565.696755][T15919] veth0_vlan: left promiscuous mode
[  565.704234][T15919] veth0_vlan: entered promiscuous mode
[  565.708568][T15919] team0: Device veth0_vlan failed to register rx_handler
[  566.285884][T15935] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3000'.
[  567.083180][ T6300] usb 8-1: USB disconnect, device number 35
[  567.429060][T15933] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2999'.
[  567.601867][T13783] usb 7-1: new high-speed USB device number 58 using dummy_hcd
[  567.754473][T13783] usb 7-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  567.757200][T13783] usb 7-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  567.770747][T13783] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 66
[  567.773773][T13783] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  567.777135][T13783] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  567.797779][T13783] usb 7-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  567.800963][T13783] usb 7-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  567.811051][T13783] usb 7-1: Product: syz
[  567.812425][T13783] usb 7-1: Manufacturer: syz
[  567.816236][T13783] cdc_wdm 7-1:1.0: skipping garbage
[  567.821862][T13783] cdc_wdm 7-1:1.0: skipping garbage
[  567.828355][T13783] cdc_wdm 7-1:1.0: cdc-wdm0: USB WDM device
[  567.830221][T13783] cdc_wdm 7-1:1.0: Unknown control protocol
[  568.082178][T15957] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  568.187212][T15960] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3007'.
[  568.294280][T13080] usb 7-1: USB disconnect, device number 58
[  568.328041][   T40] audit: type=1800 audit(2000000214.710:2660): pid=15961 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.3005" name="file0" dev="overlay" ino=932 res=0 errno=0
[  568.886449][T15965] nfs4: Bad value for 'source'
[  568.965762][T15970] netlink: 'syz.1.3010': attribute type 4 has an invalid length.
[  569.459063][T15991] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3016'.
[  570.461073][   T29] usb 7-1: new high-speed USB device number 59 using dummy_hcd
[  570.704937][   T29] usb 7-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  570.708492][   T29] usb 7-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  570.726858][   T29] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  570.741581][   T29] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  570.801832][T16002] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  570.831382][   T29] usb 7-1: Quirk or no altset; falling back to MIDI 1.0
[  571.505351][T13783] IPVS: starting estimator thread 0...
[  571.591145][T16020] IPVS: using max 44 ests per chain, 105600 per kthread
[  572.674800][T16031] netlink: 'syz.0.3027': attribute type 1 has an invalid length.
[  572.678054][T16031] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3027'.
[  572.979820][   T29] usb 7-1: USB disconnect, device number 59
[  573.146567][   T40] audit: type=1326 audit(2000000219.550:2661): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16036 comm="syz.2.3029" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f74579 code=0x0
[  574.018621][T16052] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3032'.
[  574.023826][T16052] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3032'.
[  574.192792][T16060] nfs4: Bad value for 'source'
[  574.423844][T16064] lo speed is unknown, defaulting to 1000
[  574.571727][T16064] lo speed is unknown, defaulting to 1000
[  575.087897][   T40] audit: type=1800 audit(2000000221.320:2662): pid=16073 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.3036" name="file0" dev="overlay" ino=969 res=0 errno=0
[  576.814403][   T40] audit: type=1800 audit(2000000223.220:2663): pid=16094 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.3041" name="file0" dev="overlay" ino=770 res=0 errno=0
[  576.814416][T16095] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3043'.
[  576.868451][T16086] fuse: Unknown parameter 'mask'
[  576.990832][T16101] nfs4: Bad value for 'source'
[  577.460127][T16116] syz.2.3047: attempt to access beyond end of device
[  577.460127][T16116] sr0: rw=0, sector=64, nr_sectors = 4 limit=0
[  577.554319][T16116] syz.2.3047: attempt to access beyond end of device
[  577.554319][T16116] sr0: rw=0, sector=1024, nr_sectors = 4 limit=0
[  577.559592][T16116] UDF-fs: error (device sr0): udf_read_tagged: read failed, block=256, location=256
[  577.566169][T16116] syz.2.3047: attempt to access beyond end of device
[  577.566169][T16116] sr0: rw=0, sector=2048, nr_sectors = 4 limit=0
[  577.574553][T16116] UDF-fs: error (device sr0): udf_read_tagged: read failed, block=512, location=512
[  577.578252][T16116] UDF-fs: warning (device sr0): udf_load_vrs: No anchor found
[  577.583490][T16116] UDF-fs: Scanning with blocksize 2048 failed
[  577.588998][T16116] syz.2.3047: attempt to access beyond end of device
[  577.588998][T16116] sr0: rw=0, sector=64, nr_sectors = 8 limit=0
[  577.705587][T16116] syz.2.3047: attempt to access beyond end of device
[  577.705587][T16116] sr0: rw=0, sector=2048, nr_sectors = 8 limit=0
[  577.710670][T16116] UDF-fs: error (device sr0): udf_read_tagged: read failed, block=256, location=256
[  577.719724][T16116] syz.2.3047: attempt to access beyond end of device
[  577.719724][T16116] sr0: rw=0, sector=4096, nr_sectors = 8 limit=0
[  577.752710][T16116] UDF-fs: error (device sr0): udf_read_tagged: read failed, block=512, location=512
[  577.764987][T16116] UDF-fs: warning (device sr0): udf_load_vrs: No anchor found
[  577.768787][T16116] UDF-fs: Scanning with blocksize 4096 failed
[  577.778785][T16116] UDF-fs: warning (device sr0): udf_fill_super: No partition found (1)
[  577.801069][   T29] usb 5-1: new high-speed USB device number 53 using dummy_hcd
[  577.967535][   T29] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  577.976390][   T29] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  577.985616][   T29] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  577.988462][   T29] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  577.992676][T16121] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  577.996538][   T29] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[  578.153790][T16130] netlink: 5364 bytes leftover after parsing attributes in process `syz.2.3052'.
[  578.705021][T16138] FAULT_INJECTION: forcing a failure.
[  578.705021][T16138] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  578.709560][T16138] CPU: 3 UID: 0 PID: 16138 Comm: syz.3.3054 Not tainted 6.15.0-rc7-syzkaller-00152-gd0c22de9995b #0 PREEMPT(full) 
[  578.709575][T16138] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  578.709582][T16138] Call Trace:
[  578.709587][T16138]  <TASK>
[  578.709591][T16138]  dump_stack_lvl+0x16c/0x1f0
[  578.709611][T16138]  should_fail_ex+0x512/0x640
[  578.709630][T16138]  _copy_from_user+0x2e/0xd0
[  578.709641][T16138]  kstrtouint_from_user+0xd6/0x1d0
[  578.709654][T16138]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  578.709667][T16138]  ? __lock_acquire+0xaa4/0x1ba0
[  578.709688][T16138]  proc_fail_nth_write+0x83/0x250
[  578.709709][T16138]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  578.709728][T16138]  vfs_write+0x25c/0x1180
[  578.709738][T16138]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  578.709755][T16138]  ? __pfx___mutex_lock+0x10/0x10
[  578.709771][T16138]  ? __pfx_vfs_write+0x10/0x10
[  578.709785][T16138]  ? __fget_files+0x20e/0x3c0
[  578.709799][T16138]  ksys_write+0x12a/0x240
[  578.709810][T16138]  ? __pfx_ksys_write+0x10/0x10
[  578.709821][T16138]  ? rcu_is_watching+0x12/0xc0
[  578.709833][T16138]  __do_fast_syscall_32+0x73/0x120
[  578.709850][T16138]  do_fast_syscall_32+0x32/0x80
[  578.709866][T16138]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  578.709879][T16138] RIP: 0023:0xf703e579
[  578.709889][T16138] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  578.709899][T16138] RSP: 002b:00000000f502e590 EFLAGS: 00000293 ORIG_RAX: 0000000000000004
[  578.709910][T16138] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000f502e620
[  578.709916][T16138] RDX: 0000000000000001 RSI: 00000000f73a2ff4 RDI: 0000000000000000
[  578.709922][T16138] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  578.709928][T16138] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  578.709934][T16138] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  578.709947][T16138]  </TASK>
[  579.516404][   T40] audit: type=1800 audit(2000000225.890:2664): pid=16148 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.3056" name="file0" dev="overlay" ino=1005 res=0 errno=0
[  580.370185][   T29] usb 5-1: USB disconnect, device number 53
[  580.514965][T16164] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3061'.
[  580.834942][T16169] netlink: 5364 bytes leftover after parsing attributes in process `syz.2.3062'.
[  581.844523][T16184] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies.
[  582.002981][T16189] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3067'.
[  582.143684][T16190] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3068'.
[  582.194274][T16194] input input17: cannot allocate more than FF_MAX_EFFECTS effects
[  582.199697][T16194] xt_CHECKSUM: CHECKSUM should be avoided.  If really needed, restrict with "-p udp" and only use in OUTPUT
[  582.221913][T16194] x_tables: ip_tables: rpfilter match: used from hooks FORWARD, but only valid from PREROUTING
[  583.191850][T16189] netlink: 32 bytes leftover after parsing attributes in process `syz.3.3067'.
[  583.494629][   T66] usb 6-1: new high-speed USB device number 49 using dummy_hcd
[  583.641049][   T66] usb 6-1: Using ep0 maxpacket: 16
[  583.644713][   T66] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  583.647868][   T66] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3
[  583.653593][   T66] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  583.656549][   T66] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  583.659051][   T66] usb 6-1: Product: syz
[  583.660356][   T66] usb 6-1: Manufacturer: syz
[  583.662318][   T66] usb 6-1: SerialNumber: syz
[  583.918729][   T66] usb 6-1: 0:2 : does not exist
[  583.961969][   T66] usb 6-1: USB disconnect, device number 49
[  585.161242][   T29] usb 6-1: new high-speed USB device number 50 using dummy_hcd
[  585.296075][T16256] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3085'.
[  585.474054][   T29] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  585.477454][   T29] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  585.480459][   T29] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  585.515896][   T29] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  585.625138][T16249] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  585.666432][   T29] usb 6-1: Quirk or no altset; falling back to MIDI 1.0
[  586.163777][T16256] netlink: 32 bytes leftover after parsing attributes in process `syz.3.3085'.
[  586.524361][T16271] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3095'.
[  587.372063][T16271] netlink: 32 bytes leftover after parsing attributes in process `syz.0.3095'.
[  587.450950][T16286] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  587.645267][   T29] usb 6-1: USB disconnect, device number 50
[  587.672547][T16296] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3093'.
[  587.841098][T13080] usb 5-1: new high-speed USB device number 54 using dummy_hcd
[  588.014025][T13080] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  588.017661][T13080] usb 5-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  588.021245][T13080] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66
[  588.024090][T13080] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  588.027510][T13080] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  588.034849][T13080] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  588.037603][T13080] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  588.040094][T13080] usb 5-1: Product: syz
[  588.041523][T13080] usb 5-1: Manufacturer: syz
[  588.045508][T13080] cdc_wdm 5-1:1.0: skipping garbage
[  588.047184][T13080] cdc_wdm 5-1:1.0: skipping garbage
[  588.049489][T13080] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device
[  588.051455][T13080] cdc_wdm 5-1:1.0: Unknown control protocol
[  588.464335][   T66] usb 5-1: USB disconnect, device number 54
[  588.604843][   T29] usb 7-1: new high-speed USB device number 60 using dummy_hcd
[  588.774261][   T29] usb 7-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  588.795321][   T29] usb 7-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  588.819383][   T29] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  588.842668][   T29] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  588.871436][T16310] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  588.886413][   T29] usb 7-1: Quirk or no altset; falling back to MIDI 1.0
[  589.297746][T16323] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3103'.
[  589.317951][T16325] A link change request failed with some changes committed already. Interface ip6gretap0 may have been left with an inconsistent configuration, please check.
[  589.327612][T16325] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  589.482937][   T29] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured!
[  589.601438][T13783] usb 5-1: new full-speed USB device number 55 using dummy_hcd
[  589.752678][T13783] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  589.755824][T13783] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  589.759063][T13783] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  589.765141][T13783] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5
[  589.769841][T13783] usb 5-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  589.772948][T13783] usb 5-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  589.775408][T13783] usb 5-1: Manufacturer: syz
[  589.778038][T13783] usb 5-1: config 0 descriptor??
[  589.941211][ T5982] usb 6-1: new high-speed USB device number 51 using dummy_hcd
[  590.033923][T13783] rc_core: IR keymap rc-hauppauge not found
[  590.035818][T13783] Registered IR keymap rc-empty
[  590.037476][T13783] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  590.051133][T13783] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  590.071804][T13783] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.0/rc/rc0
[  590.076511][T13783] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.0/rc/rc0/input18
[  590.086148][T13783] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  590.099604][ T5982] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  590.101180][T13783] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  590.104020][ T5982] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  590.110119][ T5982] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  590.114673][ T5982] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  590.121217][T13783] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  590.121479][T16330] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22
[  590.129465][ T5982] usb 6-1: Quirk or no altset; falling back to MIDI 1.0
[  590.142205][T13783] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  590.161194][T13783] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  590.181197][T13783] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  590.201088][T13783] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  590.221110][T13783] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  590.246037][T13783] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  590.261309][T13783] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  590.282025][T13783] mceusb 5-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  590.284900][T13783] mceusb 5-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  590.288835][T13783] usb 5-1: USB disconnect, device number 55
[  590.321273][   T29] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured!
[  591.020711][ T6300] usb 7-1: USB disconnect, device number 60
[  591.722999][T16367] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3113'.
[  592.157161][T16385] batadv_slave_1: entered promiscuous mode
[  592.190047][T16385] batadv_slave_1: left promiscuous mode
[  592.215686][T16389] syz.0.3117: attempt to access beyond end of device
[  592.215686][T16389] nbd0: rw=0, sector=64, nr_sectors = 1 limit=0
[  592.220720][T16389] syz.0.3117: attempt to access beyond end of device
[  592.220720][T16389] nbd0: rw=0, sector=256, nr_sectors = 1 limit=0
[  592.225154][T16389] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256, location=256
[  592.229486][T16389] syz.0.3117: attempt to access beyond end of device
[  592.229486][T16389] nbd0: rw=0, sector=512, nr_sectors = 1 limit=0
[  592.233733][T16389] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512, location=512
[  592.236940][T16389] UDF-fs: warning (device nbd0): udf_load_vrs: No anchor found
[  592.240156][T16389] UDF-fs: Scanning with blocksize 512 failed
[  592.243620][T16389] syz.0.3117: attempt to access beyond end of device
[  592.243620][T16389] nbd0: rw=0, sector=64, nr_sectors = 2 limit=0
[  592.248334][T16389] syz.0.3117: attempt to access beyond end of device
[  592.248334][T16389] nbd0: rw=0, sector=512, nr_sectors = 2 limit=0
[  592.252609][T16389] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256, location=256
[  592.255829][T16389] syz.0.3117: attempt to access beyond end of device
[  592.255829][T16389] nbd0: rw=0, sector=1024, nr_sectors = 2 limit=0
[  592.259979][T16389] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512, location=512
[  592.262900][T16389] UDF-fs: warning (device nbd0): udf_load_vrs: No anchor found
[  592.265994][T16389] UDF-fs: Scanning with blocksize 1024 failed
[  592.269240][T16389] syz.0.3117: attempt to access beyond end of device
[  592.269240][T16389] nbd0: rw=0, sector=64, nr_sectors = 4 limit=0
[  592.273701][T16389] syz.0.3117: attempt to access beyond end of device
[  592.273701][T16389] nbd0: rw=0, sector=1024, nr_sectors = 4 limit=0
[  592.278002][T16389] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256, location=256
[  592.281473][T16389] syz.0.3117: attempt to access beyond end of device
[  592.281473][T16389] nbd0: rw=0, sector=2048, nr_sectors = 4 limit=0
[  592.286037][T16389] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512, location=512
[  592.289232][T16389] UDF-fs: warning (device nbd0): udf_load_vrs: No anchor found
[  592.291817][T16389] UDF-fs: Scanning with blocksize 2048 failed
[  592.296382][T16389] syz.0.3117: attempt to access beyond end of device
[  592.296382][T16389] nbd0: rw=0, sector=64, nr_sectors = 8 limit=0
[  592.303406][T16389] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256, location=256
[  592.308027][T16389] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512, location=512
[  592.312119][T16389] UDF-fs: warning (device nbd0): udf_load_vrs: No anchor found
[  592.315430][T16389] UDF-fs: Scanning with blocksize 4096 failed
[  592.319362][T16389] UDF-fs: warning (device nbd0): udf_fill_super: No partition found (1)
[  592.595966][ T6300] usb 6-1: USB disconnect, device number 51
[  592.911275][T13080] usb 7-1: new high-speed USB device number 61 using dummy_hcd
[  593.134911][T13080] usb 7-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  593.138496][T13080] usb 7-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  593.145470][T13080] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 66
[  593.150039][T13080] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  593.171199][T13080] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  593.183904][T13080] usb 7-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  593.189305][T13080] usb 7-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  593.201260][T13080] usb 7-1: Product: syz
[  593.205033][T13080] usb 7-1: Manufacturer: syz
[  593.222012][T13080] cdc_wdm 7-1:1.0: skipping garbage
[  593.226218][T13080] cdc_wdm 7-1:1.0: skipping garbage
[  593.229716][T13080] cdc_wdm 7-1:1.0: cdc-wdm0: USB WDM device
[  593.232239][T13080] cdc_wdm 7-1:1.0: Unknown control protocol
[  593.242364][T16410] 9pnet: Unknown protocol version 9p20\++}
[  593.627781][T16420] netlink: 'syz.1.3127': attribute type 10 has an invalid length.
[  593.632661][ T5982] usb 7-1: USB disconnect, device number 61
[  593.650695][T16420] mac80211_hwsim hwsim15 wlan1: entered promiscuous mode
[  593.656757][T16420] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  593.764618][T16425] netlink: 36 bytes leftover after parsing attributes in process `syz.1.3130'.
[  594.004770][T16438] netlink: 48 bytes leftover after parsing attributes in process `syz.1.3133'.
[  594.007713][T16438] unsupported nla_type 52263
[  594.019023][T16438] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98
[  594.160488][T16442] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3134'.
[  594.298396][T16446] smc: net device bond0 applied user defined pnetid SYZ0
[  594.389576][T16453] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_to_bond, syncid = 33554432, id = 0
[  594.404234][T16452] IPVS: stopping master sync thread 16453 ...
[  595.315446][T16474] FAULT_INJECTION: forcing a failure.
[  595.315446][T16474] name failslab, interval 1, probability 0, space 0, times 0
[  595.319352][T16474] CPU: 3 UID: 0 PID: 16474 Comm: syz.3.3142 Not tainted 6.15.0-rc7-syzkaller-00152-gd0c22de9995b #0 PREEMPT(full) 
[  595.319367][T16474] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  595.319374][T16474] Call Trace:
[  595.319378][T16474]  <TASK>
[  595.319383][T16474]  dump_stack_lvl+0x16c/0x1f0
[  595.319402][T16474]  should_fail_ex+0x512/0x640
[  595.319418][T16474]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[  595.319433][T16474]  should_failslab+0xc2/0x120
[  595.319446][T16474]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  595.319458][T16474]  ? rcu_is_watching+0x12/0xc0
[  595.319468][T16474]  ? __alloc_skb+0x2b2/0x380
[  595.319486][T16474]  __alloc_skb+0x2b2/0x380
[  595.319498][T16474]  ? __pfx___alloc_skb+0x10/0x10
[  595.319510][T16474]  ? find_held_lock+0x2b/0x80
[  595.319522][T16474]  ? aa_label_sk_perm+0x19b/0x5a0
[  595.319538][T16474]  alloc_skb_with_frags+0xe0/0x860
[  595.319552][T16474]  ? __pfx_aa_label_sk_perm+0x10/0x10
[  595.319568][T16474]  sock_alloc_send_pskb+0x7fb/0x990
[  595.319579][T16474]  ? __lock_acquire+0x5ca/0x1ba0
[  595.319597][T16474]  ? __pfx_sock_alloc_send_pskb+0x10/0x10
[  595.319611][T16474]  ? __pfx___might_resched+0x10/0x10
[  595.319622][T16474]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  595.319641][T16474]  hci_sock_sendmsg+0x1c7/0x25e0
[  595.319653][T16474]  ? __pfx_aa_sk_perm+0x10/0x10
[  595.319666][T16474]  ? __pfx_hci_sock_sendmsg+0x10/0x10
[  595.319681][T16474]  sock_write_iter+0x4ff/0x5b0
[  595.319697][T16474]  ? __pfx_sock_write_iter+0x10/0x10
[  595.319718][T16474]  ? bpf_lsm_file_permission+0x9/0x10
[  595.319728][T16474]  ? security_file_permission+0x71/0x210
[  595.319743][T16474]  ? rw_verify_area+0xcf/0x680
[  595.319760][T16474]  vfs_write+0x5bd/0x1180
[  595.319771][T16474]  ? __pfx_sock_write_iter+0x10/0x10
[  595.319788][T16474]  ? __pfx_vfs_write+0x10/0x10
[  595.319797][T16474]  ? find_held_lock+0x2b/0x80
[  595.319815][T16474]  ksys_write+0x205/0x240
[  595.319825][T16474]  ? __pfx_ksys_write+0x10/0x10
[  595.319837][T16474]  ? rcu_is_watching+0x12/0xc0
[  595.319849][T16474]  __do_fast_syscall_32+0x73/0x120
[  595.319866][T16474]  do_fast_syscall_32+0x32/0x80
[  595.319882][T16474]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  595.319896][T16474] RIP: 0023:0xf703e579
[  595.319904][T16474] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  595.319915][T16474] RSP: 002b:00000000f502e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000004
[  595.319925][T16474] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000000
[  595.319932][T16474] RDX: 000000000000000d RSI: 0000000000000000 RDI: 0000000000000000
[  595.319938][T16474] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  595.319943][T16474] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  595.319950][T16474] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  595.319962][T16474]  </TASK>
[  595.447390][T16476] mkiss: ax0: crc mode is auto.
[  595.475996][   T40] audit: type=1326 audit(2000000470.879:2665): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16480 comm="syz.0.3144" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f67579 code=0x0
[  595.555801][T16483] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3145'.
[  595.740829][T16495] netlink: 76 bytes leftover after parsing attributes in process `syz.2.3147'.
[  595.833380][   T10] usb 5-1: new full-speed USB device number 56 using dummy_hcd
[  595.842805][T16495] FAULT_INJECTION: forcing a failure.
[  595.842805][T16495] name failslab, interval 1, probability 0, space 0, times 0
[  595.847183][T16495] CPU: 1 UID: 0 PID: 16495 Comm: syz.2.3147 Not tainted 6.15.0-rc7-syzkaller-00152-gd0c22de9995b #0 PREEMPT(full) 
[  595.847204][T16495] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  595.847228][T16495] Call Trace:
[  595.847235][T16495]  <TASK>
[  595.847242][T16495]  dump_stack_lvl+0x16c/0x1f0
[  595.847263][T16495]  should_fail_ex+0x512/0x640
[  595.847279][T16495]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[  595.847294][T16495]  should_failslab+0xc2/0x120
[  595.847308][T16495]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  595.847321][T16495]  ? __alloc_skb+0x2b2/0x380
[  595.847336][T16495]  __alloc_skb+0x2b2/0x380
[  595.847348][T16495]  ? __pfx___alloc_skb+0x10/0x10
[  595.847366][T16495]  alloc_skb_with_frags+0xe0/0x860
[  595.847381][T16495]  ? is_bpf_text_address+0x8a/0x1a0
[  595.847395][T16495]  ? bpf_ksym_find+0x124/0x1c0
[  595.847413][T16495]  tcp_send_rcvq+0x111/0x4e0
[  595.847429][T16495]  ? __pfx_tcp_send_rcvq+0x10/0x10
[  595.847443][T16495]  ? __kernel_text_address+0xd/0x40
[  595.847453][T16495]  ? unwind_get_return_address+0x59/0xa0
[  595.847471][T16495]  tcp_sendmsg_locked+0x3222/0x3930
[  595.847489][T16495]  ? __pfx_stack_trace_save+0x10/0x10
[  595.847504][T16495]  ? aes_gcm_aad_update+0xa9/0xc0
[  595.847519][T16495]  ? __asan_memcpy+0x3c/0x60
[  595.847529][T16495]  ? memcpy_to_scatterwalk+0x16a/0x350
[  595.847540][T16495]  ? __pfx_tcp_sendmsg_locked+0x10/0x10
[  595.847566][T16495]  tls_push_sg+0x25a/0x970
[  595.847582][T16495]  ? __pfx_tls_push_sg+0x10/0x10
[  595.847601][T16495]  ? find_held_lock+0x2b/0x80
[  595.847613][T16495]  tls_tx_records+0x345/0x6e0
[  595.847629][T16495]  tls_push_record+0x24e7/0x30f0
[  595.847650][T16495]  ? __pfx_tls_push_record+0x10/0x10
[  595.847662][T16495]  ? sk_psock_get+0x13e/0x470
[  595.847673][T16495]  ? __pfx_sk_psock_get+0x10/0x10
[  595.847685][T16495]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  595.847700][T16495]  bpf_exec_tx_verdict+0xe20/0x1280
[  595.847713][T16495]  ? iov_iter_advance+0x7d/0x6c0
[  595.847731][T16495]  ? __iov_iter_get_pages_alloc+0x894/0x1f20
[  595.847742][T16495]  ? __pfx_bpf_exec_tx_verdict+0x10/0x10
[  595.847755][T16495]  ? tls_get_rec+0x111/0x680
[  595.847766][T16495]  ? stack_trace_save+0x8e/0xc0
[  595.847809][T16495]  ? sk_msg_alloc+0x65b/0x920
[  595.847831][T16495]  tls_sw_sendmsg+0x1b8d/0x2390
[  595.847855][T16495]  ? __pfx_tls_sw_sendmsg+0x10/0x10
[  595.847867][T16495]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  595.847884][T16495]  ? aa_sk_perm+0x2f4/0xb10
[  595.847897][T16495]  ? __fget_files+0x204/0x3c0
[  595.847908][T16495]  ? __pfx_aa_sk_perm+0x10/0x10
[  595.847921][T16495]  ? __fget_files+0x20e/0x3c0
[  595.847929][T16495]  ? __print_lock_name+0xd0/0xe0
[  595.847939][T16495]  ? __pfx_tls_sw_sendmsg+0x10/0x10
[  595.847953][T16495]  inet6_sendmsg+0x11c/0x140
[  595.847966][T16495]  __sys_sendto+0x37d/0x510
[  595.847978][T16495]  ? __pfx___sys_sendto+0x10/0x10
[  595.848001][T16495]  ? ksys_write+0x1b9/0x240
[  595.848012][T16495]  ? __pfx_ksys_write+0x10/0x10
[  595.848024][T16495]  __ia32_sys_sendto+0xdd/0x1b0
[  595.848036][T16495]  ? lockdep_hardirqs_on+0x7c/0x110
[  595.848051][T16495]  ? syscall_enter_from_user_mode_prepare+0x68/0xe0
[  595.848067][T16495]  __do_fast_syscall_32+0x73/0x120
[  595.848084][T16495]  do_fast_syscall_32+0x32/0x80
[  595.848100][T16495]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  595.848113][T16495] RIP: 0023:0xf7f74579
[  595.848123][T16495] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  595.848133][T16495] RSP: 002b:00000000f507555c EFLAGS: 00000296 ORIG_RAX: 0000000000000171
[  595.848143][T16495] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000800001c0
[  595.848150][T16495] RDX: 00000000fffffede RSI: 0000000000000000 RDI: 0000000000000000
[  595.848156][T16495] RBP: 0000000003000137 R08: 0000000000000000 R09: 0000000000000000
[  595.848162][T16495] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  595.848168][T16495] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  595.848181][T16495]  </TASK>
[  596.175790][   T10] usb 5-1: not running at top speed; connect to a high speed hub
[  596.193744][   T10] usb 5-1: config 255 has an invalid interface number: 134 but max is 2
[  596.196402][   T10] usb 5-1: config 255 has an invalid interface number: 89 but max is 2
[  596.198954][   T10] usb 5-1: config 255 has an invalid interface number: 90 but max is 2
[  596.201818][   T10] usb 5-1: config 255 has an invalid interface number: 228 but max is 2
[  596.204517][   T10] usb 5-1: config 255 has 4 interfaces, different from the descriptor's value: 3
[  596.207425][   T10] usb 5-1: config 255 has no interface number 0
[  596.209463][   T10] usb 5-1: config 255 has no interface number 1
[  596.212019][   T10] usb 5-1: config 255 has no interface number 2
[  596.214071][   T10] usb 5-1: config 255 has no interface number 3
[  596.216733][   T10] usb 5-1: config 255 interface 134 altsetting 3 endpoint 0x2 has invalid maxpacket 512, setting to 64
[  596.221255][   T10] usb 5-1: config 255 interface 134 altsetting 3 endpoint 0x7 has invalid maxpacket 512, setting to 64
[  596.224939][   T10] usb 5-1: config 255 interface 134 altsetting 3 endpoint 0xA has invalid maxpacket 1023, setting to 64
[  596.228814][   T10] usb 5-1: config 255 interface 134 altsetting 3 has a duplicate endpoint with address 0xA, skipping
[  596.232551][   T10] usb 5-1: config 255 interface 134 altsetting 3 endpoint 0xC has invalid maxpacket 1023, setting to 64
[  596.236061][   T10] usb 5-1: config 255 interface 134 altsetting 3 has a duplicate endpoint with address 0x2, skipping
[  596.239570][   T10] usb 5-1: config 255 interface 134 altsetting 3 has 8 endpoint descriptors, different from the interface descriptor's value: 9
[  596.243945][   T10] usb 5-1: too many endpoints for config 255 interface 89 altsetting 243: 138, using maximum allowed: 30
[  596.247473][   T10] usb 5-1: config 255 interface 89 altsetting 243 has an invalid descriptor for endpoint zero, skipping
[  596.251293][   T10] usb 5-1: config 255 interface 89 altsetting 243 has 1 endpoint descriptor, different from the interface descriptor's value: 138
[  596.255444][   T10] usb 5-1: config 255 interface 228 altsetting 9 has a duplicate endpoint with address 0x3, skipping
[  596.258908][   T10] usb 5-1: config 255 interface 228 altsetting 9 has an invalid descriptor for endpoint zero, skipping
[  596.372552][   T10] usb 5-1: config 255 interface 228 altsetting 9 has a duplicate endpoint with address 0xA, skipping
[  596.391119][   T10] usb 5-1: config 255 interface 228 altsetting 9 endpoint 0x5 has invalid maxpacket 1023, setting to 64
[  596.403060][   T10] usb 5-1: config 255 interface 228 altsetting 9 has an invalid descriptor for endpoint zero, skipping
[  596.407801][   T10] usb 5-1: config 255 interface 228 altsetting 9 endpoint 0xD has an invalid bInterval 0, changing to 4
[  596.415811][   T10] usb 5-1: config 255 interface 134 has no altsetting 0
[  596.420621][   T10] usb 5-1: config 255 interface 89 has no altsetting 0
[  596.427480][   T10] usb 5-1: config 255 interface 90 has no altsetting 0
[  596.435870][   T10] usb 5-1: config 255 interface 228 has no altsetting 0
[  596.443274][   T10] usb 5-1: New USB device found, idVendor=12d1, idProduct=b0da, bcdDevice=78.55
[  596.447282][   T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  596.449761][   T10] usb 5-1: Product: syz
[  596.458369][   T10] usb 5-1: Manufacturer: syz
[  596.459848][   T10] usb 5-1: SerialNumber: syz
[  596.683778][   T10] option 5-1:255.134: GSM modem (1-port) converter detected
[  596.780638][   T10] usb 5-1: USB disconnect, device number 56
[  596.780731][T16507] 9pnet_fd: Insufficient options for proto=fd
[  596.785360][   T10] option 5-1:255.134: device disconnected
[  597.099167][T16513] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3153'.
[  598.211173][ T6300] usb 6-1: new high-speed USB device number 52 using dummy_hcd
[  598.413087][ T6300] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  598.420626][ T6300] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  598.426193][ T6300] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  598.430013][ T6300] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  598.442800][T16529] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  598.446708][ T6300] usb 6-1: Quirk or no altset; falling back to MIDI 1.0
[  599.409812][T16545] x_tables: ip6_tables: SYNPROXY target: used from hooks PREROUTING, but only usable from INPUT/FORWARD
[  599.585727][T13863] Bluetooth: hci1: Frame reassembly failed (-84)
[  599.901152][ T2093] usb 7-1: new high-speed USB device number 62 using dummy_hcd
[  600.073223][ T2093] usb 7-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  600.077066][ T2093] usb 7-1: config 0 interface 0 has no altsetting 0
[  600.085207][ T2093] usb 7-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  600.088740][ T2093] usb 7-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  600.093520][ T2093] usb 7-1: Product: syz
[  600.094951][ T2093] usb 7-1: Manufacturer: syz
[  600.096455][ T2093] usb 7-1: SerialNumber: syz
[  600.187186][ T2093] usb 7-1: config 0 descriptor??
[  600.194836][ T2093] usb 7-1: selecting invalid altsetting 0
[  600.574975][ T6300] usb 6-1: USB disconnect, device number 52
[  601.325620][T16575] netlink: 'syz.3.3169': attribute type 4 has an invalid length.
[  601.611174][   T68] Bluetooth: hci1: Opcode 0x1003 failed: -110
[  601.611184][ T5956] Bluetooth: hci1: command 0x1003 tx timeout
[  601.690330][T16582] veth1_macvtap: left promiscuous mode
[  602.500235][T13080] usb 7-1: USB disconnect, device number 62
[  603.141104][   T58] usb 5-1: new high-speed USB device number 57 using dummy_hcd
[  603.372941][   T58] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  603.376520][   T58] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  603.409485][   T58] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  603.435835][   T58] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  603.499620][T16601] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  603.504931][   T58] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[  604.341710][T16641] Bluetooth: received HCILL_WAKE_UP_ACK in state 2
[  604.357367][   T64] Bluetooth: hci1: Frame reassembly failed (-84)
[  604.417260][T16647] FAULT_INJECTION: forcing a failure.
[  604.417260][T16647] name failslab, interval 1, probability 0, space 0, times 0
[  604.421935][T16647] CPU: 1 UID: 0 PID: 16647 Comm: syz.3.3187 Not tainted 6.15.0-rc7-syzkaller-00152-gd0c22de9995b #0 PREEMPT(full) 
[  604.421950][T16647] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  604.421957][T16647] Call Trace:
[  604.421961][T16647]  <TASK>
[  604.421965][T16647]  dump_stack_lvl+0x16c/0x1f0
[  604.421989][T16647]  should_fail_ex+0x512/0x640
[  604.422005][T16647]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[  604.422019][T16647]  should_failslab+0xc2/0x120
[  604.422033][T16647]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  604.422045][T16647]  ? mas_alloc_nodes+0x18b/0x8b0
[  604.422064][T16647]  mas_alloc_nodes+0x18b/0x8b0
[  604.422082][T16647]  mas_node_count_gfp+0x105/0x130
[  604.422097][T16647]  mas_preallocate+0x53e/0xcd0
[  604.422110][T16647]  ? __pfx_mas_preallocate+0x10/0x10
[  604.422126][T16647]  ? anon_vma_name+0x75/0x100
[  604.422142][T16647]  __split_vma+0x33b/0x1030
[  604.422156][T16647]  ? __pfx___split_vma+0x10/0x10
[  604.422173][T16647]  vms_gather_munmap_vmas+0x1c2/0x1310
[  604.422188][T16647]  ? __pfx_vms_gather_munmap_vmas+0x10/0x10
[  604.422201][T16647]  ? mas_walk+0x6a6/0x910
[  604.422249][T16647]  __mmap_region+0x314/0x27c0
[  604.422263][T16647]  ? __pfx___mmap_region+0x10/0x10
[  604.422281][T16647]  ? __lock_acquire+0x5ca/0x1ba0
[  604.422297][T16647]  ? __lock_acquire+0xaa4/0x1ba0
[  604.422309][T16647]  ? _parse_integer_limit+0x17f/0x1d0
[  604.422339][T16647]  ? __lock_acquire+0xaa4/0x1ba0
[  604.422356][T16647]  mmap_region+0x32b/0x3f0
[  604.422378][T16647]  do_mmap+0xd8e/0x11b0
[  604.422406][T16647]  ? __pfx_do_mmap+0x10/0x10
[  604.422430][T16647]  ? __pfx_down_write_killable+0x10/0x10
[  604.422454][T16647]  vm_mmap_pgoff+0x281/0x450
[  604.422483][T16647]  ? __pfx_vm_mmap_pgoff+0x10/0x10
[  604.422509][T16647]  ? __fget_files+0x20e/0x3c0
[  604.422522][T16647]  ksys_mmap_pgoff+0x32c/0x5c0
[  604.422538][T16647]  ? __ia32_sys_mmap_pgoff+0x11/0x1b0
[  604.422555][T16647]  __do_fast_syscall_32+0x73/0x120
[  604.422572][T16647]  do_fast_syscall_32+0x32/0x80
[  604.422588][T16647]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  604.422602][T16647] RIP: 0023:0xf703e579
[  604.422611][T16647] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  604.422621][T16647] RSP: 002b:00000000f502e55c EFLAGS: 00000296 ORIG_RAX: 00000000000000c0
[  604.422632][T16647] RAX: ffffffffffffffda RBX: 0000000080fed000 RCX: 0000000000012000
[  604.422638][T16647] RDX: 0000000000000002 RSI: 0000000000000011 RDI: 0000000000000004
[  604.422644][T16647] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  604.422650][T16647] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  604.422656][T16647] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  604.422669][T16647]  </TASK>
[  604.612891][T13783] usb 7-1: new high-speed USB device number 63 using dummy_hcd
[  604.846889][T13783] usb 7-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  604.849947][T13783] usb 7-1: config 0 interface 0 has no altsetting 0
[  604.865301][T13783] usb 7-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  604.868355][T13783] usb 7-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  604.886758][T13783] usb 7-1: Product: syz
[  604.888535][T13783] usb 7-1: Manufacturer: syz
[  604.890495][T13783] usb 7-1: SerialNumber: syz
[  604.904148][T13783] usb 7-1: config 0 descriptor??
[  604.918772][T13783] usb 7-1: selecting invalid altsetting 0
[  605.141195][   T66] usb 8-1: new high-speed USB device number 36 using dummy_hcd
[  605.201133][ T5956] Bluetooth: hci5: command 0x0c1a tx timeout
[  605.303776][   T66] usb 8-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  605.312672][   T66] usb 8-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  605.320690][   T66] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 66
[  605.327186][   T66] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  605.331906][   T66] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  605.338166][   T66] usb 8-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  605.343184][   T66] usb 8-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  605.346505][   T66] usb 8-1: Product: syz
[  605.348268][   T66] usb 8-1: Manufacturer: syz
[  605.354624][   T66] cdc_wdm 8-1:1.0: skipping garbage
[  605.356858][   T66] cdc_wdm 8-1:1.0: skipping garbage
[  605.360877][   T66] cdc_wdm 8-1:1.0: cdc-wdm0: USB WDM device
[  605.364382][   T66] cdc_wdm 8-1:1.0: Unknown control protocol
[  605.589822][T16655] FAULT_INJECTION: forcing a failure.
[  605.589822][T16655] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  605.594620][T16655] CPU: 2 UID: 0 PID: 16655 Comm: syz.0.3190 Not tainted 6.15.0-rc7-syzkaller-00152-gd0c22de9995b #0 PREEMPT(full) 
[  605.594636][T16655] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  605.594643][T16655] Call Trace:
[  605.594647][T16655]  <TASK>
[  605.594651][T16655]  dump_stack_lvl+0x16c/0x1f0
[  605.594672][T16655]  should_fail_ex+0x512/0x640
[  605.594691][T16655]  strncpy_from_user+0x3b/0x2e0
[  605.594707][T16655]  getname_flags.part.0+0x8f/0x550
[  605.594724][T16655]  getname_flags+0x93/0xf0
[  605.594741][T16655]  user_path_at+0x24/0x60
[  605.594751][T16655]  __ia32_sys_name_to_handle_at+0x1e7/0x300
[  605.594768][T16655]  ? __pfx___ia32_sys_name_to_handle_at+0x10/0x10
[  605.594786][T16655]  ? rcu_is_watching+0x12/0xc0
[  605.594799][T16655]  __do_fast_syscall_32+0x73/0x120
[  605.594816][T16655]  do_fast_syscall_32+0x32/0x80
[  605.594832][T16655]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  605.594845][T16655] RIP: 0023:0xf7f67579
[  605.594854][T16655] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  605.594864][T16655] RSP: 002b:00000000f508655c EFLAGS: 00000296 ORIG_RAX: 0000000000000155
[  605.594875][T16655] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 0000000080000080
[  605.594881][T16655] RDX: 00000000800000c0 RSI: 0000000080002300 RDI: 0000000000000000
[  605.594888][T16655] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  605.594893][T16655] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  605.594899][T16655] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  605.594912][T16655]  </TASK>
[  605.655383][    C2] vkms_vblank_simulate: vblank timer overrun
[  605.716395][T16652] Cannot find del_set index 3 as target
[  605.719565][T16652] netlink: 244 bytes leftover after parsing attributes in process `syz.1.3189'.
[  605.765152][ T2093] usb 8-1: USB disconnect, device number 36
[  605.804943][   T29] usb 5-1: USB disconnect, device number 57
[  606.211122][   T29] usb 5-1: new high-speed USB device number 58 using dummy_hcd
[  606.391163][   T29] usb 5-1: Using ep0 maxpacket: 8
[  606.394483][   T29] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  606.398549][   T29] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  606.401225][   T68] Bluetooth: hci1: Opcode 0x1003 failed: -110
[  606.402649][   T29] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  606.411076][   T29] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  606.415278][   T29] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  606.418307][   T29] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  606.626093][   T29] usb 5-1: GET_CAPABILITIES returned 0
[  606.628009][   T29] usbtmc 5-1:16.0: can't read capabilities
[  606.711152][   T10] usb 8-1: new high-speed USB device number 37 using dummy_hcd
[  606.793728][T16665] FAULT_INJECTION: forcing a failure.
[  606.793728][T16665] name failslab, interval 1, probability 0, space 0, times 0
[  606.799112][T16665] CPU: 3 UID: 0 PID: 16665 Comm: syz.1.3194 Not tainted 6.15.0-rc7-syzkaller-00152-gd0c22de9995b #0 PREEMPT(full) 
[  606.799136][T16665] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  606.799147][T16665] Call Trace:
[  606.799154][T16665]  <TASK>
[  606.799161][T16665]  dump_stack_lvl+0x16c/0x1f0
[  606.799193][T16665]  should_fail_ex+0x512/0x640
[  606.799219][T16665]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[  606.799244][T16665]  should_failslab+0xc2/0x120
[  606.799267][T16665]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  606.799288][T16665]  ? __alloc_skb+0x2b2/0x380
[  606.799314][T16665]  __alloc_skb+0x2b2/0x380
[  606.799335][T16665]  ? __pfx___alloc_skb+0x10/0x10
[  606.799358][T16665]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  606.799387][T16665]  netlink_alloc_large_skb+0x69/0x130
[  606.799412][T16665]  netlink_sendmsg+0x6a1/0xdd0
[  606.799440][T16665]  ? __pfx_netlink_sendmsg+0x10/0x10
[  606.799471][T16665]  ? __import_iovec+0x1c8/0x660
[  606.799495][T16665]  ____sys_sendmsg+0xa95/0xc70
[  606.799525][T16665]  ? __pfx_____sys_sendmsg+0x10/0x10
[  606.799550][T16665]  ? get_compat_msghdr+0x11a/0x170
[  606.799582][T16665]  ___sys_sendmsg+0x134/0x1d0
[  606.799607][T16665]  ? __pfx____sys_sendmsg+0x10/0x10
[  606.799659][T16665]  __sys_sendmsg+0x16d/0x220
[  606.799682][T16665]  ? __pfx___sys_sendmsg+0x10/0x10
[  606.799715][T16665]  ? rcu_is_watching+0x12/0xc0
[  606.799737][T16665]  __do_fast_syscall_32+0x73/0x120
[  606.799765][T16665]  do_fast_syscall_32+0x32/0x80
[  606.799792][T16665]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  606.799813][T16665] RIP: 0023:0xf7f13579
[  606.799828][T16665] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  606.799844][T16665] RSP: 002b:00000000f503655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  606.799862][T16665] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000080
[  606.799873][T16665] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  606.799882][T16665] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  606.799893][T16665] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  606.799903][T16665] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  606.799926][T16665]  </TASK>
[  606.862548][   T10] usb 8-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  606.951144][   T10] usb 8-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  606.954292][   T10] usb 8-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  606.957050][   T10] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  606.982745][T16663] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22
[  606.993430][   T10] usb 8-1: Quirk or no altset; falling back to MIDI 1.0
[  607.202385][   T10] usb 8-1: USB disconnect, device number 37
[  607.425347][   T66] usb 7-1: USB disconnect, device number 63
[  608.259535][T16692] deleting an unspecified loop device is not supported.
[  608.530072][T16695] netlink: 40 bytes leftover after parsing attributes in process `syz.1.3201'.
[  608.671902][T16699] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3202'.
[  609.001313][   T29] usb 5-1: USB disconnect, device number 58
[  609.478076][T16708] nfs4: Bad value for 'source'
[  609.619409][T16714] af_packet: tpacket_rcv: packet too big, clamped from 8 to 4294967272. macoff=96
[  609.801551][T16715] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3205'.
[  609.807676][T16716] tmpfs: Unknown parameter 'qota<grpquota_Zlock_haOd ?mit'
[  610.771234][   T10] usb 7-1: new high-speed USB device number 64 using dummy_hcd
[  610.897325][   T68] Bluetooth: hci0: unexpected event for opcode 0x2062
[  610.942541][   T10] usb 7-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  610.946570][   T10] usb 7-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  610.959209][   T10] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  610.964244][   T10] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  610.970730][T16719] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  610.977671][   T10] usb 7-1: Quirk or no altset; falling back to MIDI 1.0
[  611.406470][T16740] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3212'.
[  611.949808][T16751] FAULT_INJECTION: forcing a failure.
[  611.949808][T16751] name failslab, interval 1, probability 0, space 0, times 0
[  611.954659][T16751] CPU: 3 UID: 0 PID: 16751 Comm: syz.1.3214 Not tainted 6.15.0-rc7-syzkaller-00152-gd0c22de9995b #0 PREEMPT(full) 
[  611.954676][T16751] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  611.954682][T16751] Call Trace:
[  611.954686][T16751]  <TASK>
[  611.954691][T16751]  dump_stack_lvl+0x16c/0x1f0
[  611.954710][T16751]  should_fail_ex+0x512/0x640
[  611.954726][T16751]  ? __kmalloc_noprof+0xbf/0x510
[  611.954740][T16751]  ? iovec_from_user+0x108/0x140
[  611.954749][T16751]  should_failslab+0xc2/0x120
[  611.954763][T16751]  __kmalloc_noprof+0xd2/0x510
[  611.954774][T16751]  ? __pfx_io_handle_tw_list+0x10/0x10
[  611.954789][T16751]  iovec_from_user+0x108/0x140
[  611.954801][T16751]  __import_iovec+0x88/0x660
[  611.954810][T16751]  ? __pfx___might_resched+0x10/0x10
[  611.954826][T16751]  import_iovec+0x86/0xb0
[  611.954837][T16751]  vfs_readv+0x193/0x8a0
[  611.954857][T16751]  ? __pfx_vfs_readv+0x10/0x10
[  611.954882][T16751]  ? __fget_files+0x20e/0x3c0
[  611.954895][T16751]  ? do_readv+0x295/0x330
[  611.954903][T16751]  do_readv+0x295/0x330
[  611.954912][T16751]  ? __pfx_do_readv+0x10/0x10
[  611.954931][T16751]  do_int80_emulation+0x104/0x200
[  611.954949][T16751]  asm_int80_emulation+0x1a/0x20
[  611.954960][T16751] RIP: 0023:0xf7f13579
[  611.954969][T16751] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  611.954979][T16751] RSP: 002b:00000000f501555c EFLAGS: 00000296 ORIG_RAX: 0000000000000091
[  611.954990][T16751] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 0000000080000200
[  611.954996][T16751] RDX: 000000000000000e RSI: 0000000000000000 RDI: 0000000000000000
[  611.955002][T16751] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  611.955008][T16751] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  611.955014][T16751] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  611.955026][T16751]  </TASK>
[  612.778911][T16753] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  613.232268][   T29] usb 7-1: USB disconnect, device number 64
[  613.314997][T16765] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3217'.
[  615.393717][ T6300] IPVS: starting estimator thread 0...
[  615.499221][T16791] IPVS: using max 30 ests per chain, 72000 per kthread
[  615.661838][T16796] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3223'.
[  616.368404][T16809] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3226'.
[  616.373890][T16809] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3226'.
[  616.377111][T16809] netlink: 'syz.0.3226': attribute type 18 has an invalid length.
[  616.379635][T16809] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3226'.
[  617.050593][T16816] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3228'.
[  617.437615][T16823] 9pnet_virtio: no channels available for device ./file0/file0
[  617.852513][T16835] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3231'.
[  618.416952][   T68] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  618.553013][T16846] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3235'.
[  618.681172][T16847] rdma_rxe: rxe_newlink: failed to add lo
[  619.071131][   T29] usb 8-1: new high-speed USB device number 38 using dummy_hcd
[  619.223973][   T29] usb 8-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  619.227498][   T29] usb 8-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  619.230785][   T29] usb 8-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  619.239051][   T29] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  619.248419][T16849] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  619.256839][   T29] usb 8-1: Quirk or no altset; falling back to MIDI 1.0
[  619.667894][T16871] bio_check_eod: 2 callbacks suppressed
[  619.667906][T16871] syz.2.3241: attempt to access beyond end of device
[  619.667906][T16871] nbd2: rw=0, sector=64, nr_sectors = 2 limit=0
[  619.674473][T16871] syz.2.3241: attempt to access beyond end of device
[  619.674473][T16871] nbd2: rw=0, sector=512, nr_sectors = 2 limit=0
[  619.678940][T16871] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=256, location=256
[  619.683011][T16871] syz.2.3241: attempt to access beyond end of device
[  619.683011][T16871] nbd2: rw=0, sector=1024, nr_sectors = 2 limit=0
[  619.687242][T16871] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=512, location=512
[  619.690300][T16871] UDF-fs: warning (device nbd2): udf_load_vrs: No anchor found
[  619.695045][T16871] UDF-fs: Scanning with blocksize 1024 failed
[  619.700937][T16871] syz.2.3241: attempt to access beyond end of device
[  619.700937][T16871] nbd2: rw=0, sector=64, nr_sectors = 4 limit=0
[  619.705645][T16871] syz.2.3241: attempt to access beyond end of device
[  619.705645][T16871] nbd2: rw=0, sector=1024, nr_sectors = 4 limit=0
[  619.710352][T16871] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=256, location=256
[  619.713774][T16871] syz.2.3241: attempt to access beyond end of device
[  619.713774][T16871] nbd2: rw=0, sector=2048, nr_sectors = 4 limit=0
[  619.718126][T16871] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=512, location=512
[  619.721388][T16871] UDF-fs: warning (device nbd2): udf_load_vrs: No anchor found
[  619.724119][T16871] UDF-fs: Scanning with blocksize 2048 failed
[  619.727357][T16871] syz.2.3241: attempt to access beyond end of device
[  619.727357][T16871] nbd2: rw=0, sector=64, nr_sectors = 8 limit=0
[  619.732026][T16871] syz.2.3241: attempt to access beyond end of device
[  619.732026][T16871] nbd2: rw=0, sector=2048, nr_sectors = 8 limit=0
[  619.736232][T16871] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=256, location=256
[  619.739294][T16871] syz.2.3241: attempt to access beyond end of device
[  619.739294][T16871] nbd2: rw=0, sector=4096, nr_sectors = 8 limit=0
[  619.743602][T16871] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=512, location=512
[  619.747975][T16871] UDF-fs: warning (device nbd2): udf_load_vrs: No anchor found
[  619.751871][T16871] UDF-fs: Scanning with blocksize 4096 failed
[  619.754148][T16871] UDF-fs: warning (device nbd2): udf_fill_super: No partition found (1)
[  620.778483][T16888] nfs4: Bad value for 'source'
[  621.455851][ T6300] usb 8-1: USB disconnect, device number 38
[  621.584163][T16906] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3248'.
[  622.727959][T16924] rdma_rxe: rxe_newlink: failed to add lo
[  622.791870][T16927] FAULT_INJECTION: forcing a failure.
[  622.791870][T16927] name failslab, interval 1, probability 0, space 0, times 0
[  622.812781][T16927] CPU: 3 UID: 0 PID: 16927 Comm: syz.0.3254 Not tainted 6.15.0-rc7-syzkaller-00152-gd0c22de9995b #0 PREEMPT(full) 
[  622.812800][T16927] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  622.812806][T16927] Call Trace:
[  622.812811][T16927]  <TASK>
[  622.812815][T16927]  dump_stack_lvl+0x16c/0x1f0
[  622.812835][T16927]  should_fail_ex+0x512/0x640
[  622.812854][T16927]  should_failslab+0xc2/0x120
[  622.812868][T16927]  __kmalloc_cache_noprof+0x6a/0x3e0
[  622.812879][T16927]  ? do_raw_spin_lock+0x12c/0x2b0
[  622.812895][T16927]  ? find_held_lock+0x2b/0x80
[  622.812904][T16927]  ? async_schedule_node_domain+0x54/0x120
[  622.812918][T16927]  ? __pfx___async_dev_cache_fw_image+0x10/0x10
[  622.812930][T16927]  async_schedule_node_domain+0x54/0x120
[  622.812944][T16927]  dev_cache_fw_image+0x38e/0x490
[  622.812962][T16927]  ? __pfx_dev_cache_fw_image+0x10/0x10
[  622.812980][T16927]  ? __pfx_dev_cache_fw_image+0x10/0x10
[  622.812997][T16927]  dpm_for_each_dev+0x5a/0xb0
[  622.813013][T16927]  fw_pm_notify+0x81/0x150
[  622.813028][T16927]  notifier_call_chain+0xbc/0x410
[  622.813040][T16927]  ? __pfx_fw_pm_notify+0x10/0x10
[  622.813058][T16927]  blocking_notifier_call_chain_robust+0xc8/0x160
[  622.813073][T16927]  ? __pfx_blocking_notifier_call_chain_robust+0x10/0x10
[  622.813088][T16927]  ? do_raw_spin_unlock+0x172/0x230
[  622.813107][T16927]  pm_notifier_call_chain_robust+0x27/0x60
[  622.813121][T16927]  snapshot_open+0x189/0x2b0
[  622.813134][T16927]  ? __pfx_snapshot_open+0x10/0x10
[  622.813146][T16927]  misc_open+0x35d/0x420
[  622.813157][T16927]  ? __pfx_misc_open+0x10/0x10
[  622.813167][T16927]  chrdev_open+0x234/0x6a0
[  622.813178][T16927]  ? __pfx_apparmor_file_open+0x10/0x10
[  622.813193][T16927]  ? __pfx_chrdev_open+0x10/0x10
[  622.813206][T16927]  ? file_set_fsnotify_mode_from_watchers+0x163/0x640
[  622.813225][T16927]  do_dentry_open+0x741/0x1c10
[  622.813241][T16927]  ? __pfx_chrdev_open+0x10/0x10
[  622.813255][T16927]  vfs_open+0x82/0x3f0
[  622.813271][T16927]  path_openat+0x1e5e/0x2d40
[  622.813288][T16927]  ? __pfx_path_openat+0x10/0x10
[  622.813303][T16927]  do_filp_open+0x20b/0x470
[  622.813313][T16927]  ? __pfx_do_filp_open+0x10/0x10
[  622.813335][T16927]  ? alloc_fd+0x471/0x7d0
[  622.813355][T16927]  do_sys_openat2+0x11b/0x1d0
[  622.813369][T16927]  ? __pfx_do_sys_openat2+0x10/0x10
[  622.813385][T16927]  ? __fget_files+0x20e/0x3c0
[  622.813398][T16927]  __ia32_compat_sys_openat+0x16d/0x210
[  622.813414][T16927]  ? __pfx___ia32_compat_sys_openat+0x10/0x10
[  622.813428][T16927]  ? ksys_write+0x1b9/0x240
[  622.813441][T16927]  ? rcu_is_watching+0x12/0xc0
[  622.813454][T16927]  __do_fast_syscall_32+0x73/0x120
[  622.813471][T16927]  do_fast_syscall_32+0x32/0x80
[  622.813487][T16927]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  622.813500][T16927] RIP: 0023:0xf7f67579
[  622.813509][T16927] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  622.813520][T16927] RSP: 002b:00000000f508655c EFLAGS: 00000296 ORIG_RAX: 0000000000000127
[  622.813530][T16927] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 00000000800002c0
[  622.813536][T16927] RDX: 0000000000007e00 RSI: 0000000000000000 RDI: 0000000000000000
[  622.813542][T16927] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  622.813548][T16927] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  622.813554][T16927] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  622.813567][T16927]  </TASK>
[  622.817992][T16927] 
[  622.944578][T16927] ============================================
[  622.946592][T16927] WARNING: possible recursive locking detected
[  622.948524][T16927] 6.15.0-rc7-syzkaller-00152-gd0c22de9995b #0 Not tainted
[  622.951664][T16927] --------------------------------------------
[  622.954676][T16927] syz.0.3254/16927 is trying to acquire lock:
[  622.957142][T16927] ffffffff8f2f5b48 (fw_lock){+.+.}-{4:4}, at: assign_fw+0x4e/0x640
[  622.960407][T16927] 
[  622.960407][T16927] but task is already holding lock:
[  622.963576][T16927] ffffffff8f2f5b48 (fw_lock){+.+.}-{4:4}, at: fw_pm_notify+0x69/0x150
[  622.966952][T16927] 
[  622.966952][T16927] other info that might help us debug this:
[  622.970206][T16927]  Possible unsafe locking scenario:
[  622.970206][T16927] 
[  622.972506][T16927]        CPU0
[  622.973672][T16927]        ----
[  622.974995][T16927]   lock(fw_lock);
[  622.976464][T16927]   lock(fw_lock);
[  622.977849][T16927] 
[  622.977849][T16927]  *** DEADLOCK ***
[  622.977849][T16927] 
[  622.980389][T16927]  May be due to missing lock nesting notation
[  622.980389][T16927] 
[  622.982929][T16927] 5 locks held by syz.0.3254/16927:
[  622.984596][T16927]  #0: ffffffff8f0e6248 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x63/0x420
[  622.988012][T16927]  #1: ffffffff8e283c48 (system_transition_mutex){+.+.}-{4:4}, at: lock_system_sleep+0x87/0xa0
[  622.992221][T16927]  #2: ffffffff8e2c3790 ((pm_chain_head).rwsem){++++}-{4:4}, at: blocking_notifier_call_chain_robust+0xa8/0x160
[  622.997040][T16927]  #3: ffffffff8f2f5b48 (fw_lock){+.+.}-{4:4}, at: fw_pm_notify+0x69/0x150
[  623.000635][T16927]  #4: ffffffff8f2f0768 (dpm_list_mtx){+.+.}-{4:4}, at: dpm_for_each_dev+0x2d/0xb0
[  623.004473][T16927] 
[  623.004473][T16927] stack backtrace:
[  623.006929][T16927] CPU: 3 UID: 0 PID: 16927 Comm: syz.0.3254 Not tainted 6.15.0-rc7-syzkaller-00152-gd0c22de9995b #0 PREEMPT(full) 
[  623.006951][T16927] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  623.006966][T16927] Call Trace:
[  623.006974][T16927]  <TASK>
[  623.006980][T16927]  dump_stack_lvl+0x116/0x1f0
[  623.007011][T16927]  print_deadlock_bug+0x1e9/0x240
[  623.007034][T16927]  __lock_acquire+0xff7/0x1ba0
[  623.007057][T16927]  ? __kasan_slab_free+0x51/0x70
[  623.007078][T16927]  lock_acquire+0x179/0x350
[  623.007099][T16927]  ? assign_fw+0x4e/0x640
[  623.007114][T16927]  ? __pfx___might_resched+0x10/0x10
[  623.007133][T16927]  ? do_sys_openat2+0x11b/0x1d0
[  623.007154][T16927]  ? __ia32_compat_sys_openat+0x16d/0x210
[  623.007177][T16927]  ? __do_fast_syscall_32+0x73/0x120
[  623.007203][T16927]  __mutex_lock+0x199/0xb90
[  623.007226][T16927]  ? assign_fw+0x4e/0x640
[  623.007246][T16927]  ? assign_fw+0x4e/0x640
[  623.007260][T16927]  ? __pfx___mutex_lock+0x10/0x10
[  623.007288][T16927]  ? kasan_quarantine_put+0x10a/0x240
[  623.007306][T16927]  ? lockdep_hardirqs_on+0x7c/0x110
[  623.007331][T16927]  ? assign_fw+0x4e/0x640
[  623.007343][T16927]  assign_fw+0x4e/0x640
[  623.007357][T16927]  ? _request_firmware+0x957/0x1470
[  623.007375][T16927]  _request_firmware+0x988/0x1470
[  623.007394][T16927]  ? __pfx__request_firmware+0x10/0x10
[  623.007410][T16927]  ? dump_stack_lvl+0x185/0x1f0
[  623.007432][T16927]  ? lockdep_hardirqs_on+0x7c/0x110
[  623.007457][T16927]  __async_dev_cache_fw_image+0xb1/0x340
[  623.007474][T16927]  ? __pfx___async_dev_cache_fw_image+0x10/0x10
[  623.007492][T16927]  ? mark_held_locks+0x49/0x80
[  623.007512][T16927]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  623.007536][T16927]  ? __pfx___async_dev_cache_fw_image+0x10/0x10
[  623.007554][T16927]  async_schedule_node_domain+0xd4/0x120
[  623.007575][T16927]  dev_cache_fw_image+0x38e/0x490
[  623.007602][T16927]  ? __pfx_dev_cache_fw_image+0x10/0x10
[  623.007629][T16927]  ? __pfx_dev_cache_fw_image+0x10/0x10
[  623.007654][T16927]  dpm_for_each_dev+0x5a/0xb0
[  623.007679][T16927]  fw_pm_notify+0x81/0x150
[  623.007702][T16927]  notifier_call_chain+0xbc/0x410
[  623.007722][T16927]  ? __pfx_fw_pm_notify+0x10/0x10
[  623.007748][T16927]  blocking_notifier_call_chain_robust+0xc8/0x160
[  623.007771][T16927]  ? __pfx_blocking_notifier_call_chain_robust+0x10/0x10
[  623.007794][T16927]  ? do_raw_spin_unlock+0x172/0x230
[  623.007821][T16927]  pm_notifier_call_chain_robust+0x27/0x60
[  623.007844][T16927]  snapshot_open+0x189/0x2b0
[  623.007863][T16927]  ? __pfx_snapshot_open+0x10/0x10
[  623.007883][T16927]  misc_open+0x35d/0x420
[  623.007900][T16927]  ? __pfx_misc_open+0x10/0x10
[  623.007915][T16927]  chrdev_open+0x234/0x6a0
[  623.007933][T16927]  ? __pfx_apparmor_file_open+0x10/0x10
[  623.007956][T16927]  ? __pfx_chrdev_open+0x10/0x10
[  623.007975][T16927]  ? file_set_fsnotify_mode_from_watchers+0x163/0x640
[  623.008003][T16927]  do_dentry_open+0x741/0x1c10
[  623.008021][T16927]  ? __pfx_chrdev_open+0x10/0x10
[  623.008041][T16927]  vfs_open+0x82/0x3f0
[  623.008064][T16927]  path_openat+0x1e5e/0x2d40
[  623.008085][T16927]  ? __pfx_path_openat+0x10/0x10
[  623.008104][T16927]  do_filp_open+0x20b/0x470
[  623.008121][T16927]  ? __pfx_do_filp_open+0x10/0x10
[  623.008145][T16927]  ? alloc_fd+0x471/0x7d0
[  623.008173][T16927]  do_sys_openat2+0x11b/0x1d0
[  623.008195][T16927]  ? __pfx_do_sys_openat2+0x10/0x10
[  623.008219][T16927]  ? __fget_files+0x20e/0x3c0
[  623.008242][T16927]  __ia32_compat_sys_openat+0x16d/0x210
[  623.008266][T16927]  ? __pfx___ia32_compat_sys_openat+0x10/0x10
[  623.008290][T16927]  ? ksys_write+0x1b9/0x240
[  623.008307][T16927]  ? rcu_is_watching+0x12/0xc0
[  623.008326][T16927]  __do_fast_syscall_32+0x73/0x120
[  623.008352][T16927]  do_fast_syscall_32+0x32/0x80
[  623.008377][T16927]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  623.008399][T16927] RIP: 0023:0xf7f67579
[  623.008413][T16927] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  623.008429][T16927] RSP: 002b:00000000f508655c EFLAGS: 00000296 ORIG_RAX: 0000000000000127
[  623.008445][T16927] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 00000000800002c0
[  623.008457][T16927] RDX: 0000000000007e00 RSI: 0000000000000000 RDI: 0000000000000000
[  623.008467][T16927] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  623.008477][T16927] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  623.008487][T16927] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  623.008502][T16927]  </TASK>
[  623.770777][ T1415] ieee802154 phy0 wpan0: encryption failed: -22
[  623.772826][ T1415] ieee802154 phy1 wpan1: encryption failed: -22

VM DIAGNOSIS:
15:36:44  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000000046 RBX=0000000000000000 RCX=ffffffff81c273ff RDX=0000000000000000
RSI=ffffffff8bf48e20 RDI=ffffffff8bf48e60 RBP=ffff888064210000 RSP=ffffc90002e8fd18
R8 =0000000000000000 R9 =fffffbfff210a9e2 R10=ffffffff90854f17 R11=0000000000000001
R12=ffff888040499180 R13=0000000000000200 R14=ffffea0001908400 R15=0000000000000000
RIP=ffffffff8b69ab9e RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007f7dced5a880 ffffffff 00c00000
GS =0000 ffff8880977e7000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00007fafadedee9c CR3=0000000022728000 CR4=00352ef0
DR0=0000000000000005 DR1=0000000000000006 DR2=0000000000000005 DR3=0000000000000007 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000004 Opmask01=0000000000020000 Opmask02=00000000effffdff Opmask03=0000000000000000
Opmask04=00000000ffffffff Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000562ef15a3ce0 0000562ef15a3ce0
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000562ef1594720
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000562ef15929f0
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f7dce7f1b20
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffff000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffff0000 ffffff00000000ff
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffff0000 ffffffffffffffff
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 80805e662332b3ab 73732558e0c5313a
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 73737373737372f2 7373737373737373
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6961660064657373 65636f727020756c 6c2520716573006e 6f69746974726170
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 30302c443230302c 433230302c423230 302c393230003138 3d5145534b534944
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0d0d11440f0d0d11 430f0d0d11420f0d 0d11040f0d000c05 005145534b534944
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 396a704177637754 7c783270787a1b10 0a51781749333322 2061036922371764
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 44003730303d4d55 4e53554200343031 2f3338312f32313d 4550595400623039
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2f63585c52124d7a 3d2a266d0047151e 5c163875637d6e78 06111f0645367e70
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 7f7f7f7d777b7f7f 7f7f7f7f7f7f5f5e 7f7f7d7f7f7f7f7e 7e7f5f7f773f7f7e
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 343064623a312b32 316f70627e322d33 2e36312e312d6e61 696265642d332e36
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 392f330031313200 32313234313d4d42 4e51005300745f00 33313220313d4d20
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 3600330030313200 3200323000343031 2f33003100320000 30303220003d3020
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000000000000 RBX=ffff88802b541480 RCX=ffffffff81aea149 RDX=ffff888026e48000
RSI=ffffffff81aea123 RDI=0000000000000005 RBP=0000000000000003 RSP=ffffc90002e9f7e8
R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000001 R11=1ffffffff1c79521
R12=ffffed10056a8291 R13=0000000000000001 R14=dffffc0000000000 R15=ffff88802b33b180
RIP=ffffffff81aea125 RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff8880978e7000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000f7f655c0 CR3=0000000061054000 CR4=00352ef0
DR0=0000000000000005 DR1=0000000000000006 DR2=0000000000000005 DR3=0000000000000007 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 2

CPU#2
RAX=0000000000000002 RBX=ffffc90006a6f898 RCX=ffffffff8941ecac RDX=ffff8880256c4880
RSI=ffffffff8941ecb9 RDI=0000000000000005 RBP=00000000ffffffff RSP=ffffc90006a6f6b8
R8 =0000000000000005 R9 =0000000000000000 R10=00000000ffffffff R11=ffff88802b33a7d8
R12=ffff88801383dba8 R13=ffff8880239fd180 R14=ffffc90006a6f868 R15=ffffc90006a6f898
RIP=ffffffff81baafd8 RFL=00000086 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff8880979e7000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000008f000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=000000000c2530ae CR3=000000002a512000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 3

CPU#3
RAX=0000000000000037 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff854c6a35 RDI=ffffffff9ade4c80 RBP=ffffffff9ade4c40 RSP=ffffc900067eecf8
R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=2d2d2d2d2d2d2d2d
R12=0000000000000000 R13=0000000000000037 R14=ffffffff9ade4c40 R15=ffffffff854c69d0
RIP=ffffffff854c6a5f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff888097ae7000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000d6000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00007fe16695e720 CR3=00000000651e3000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000a000000000 0000000200000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000