last executing test programs:

7.858818118s ago: executing program 2 (id=3162):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x200, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x4, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x4, 0x0, 0x0, 0x0, 0x2}}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x6, 0x1}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
syz_open_dev$cec(0x0, 0x0, 0x2)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat$vim2m(0xffffff9c, &(0x7f0000000180), 0x2, 0x0)
add_key(0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB, @ANYRES32=0x0, @ANYRES32, @ANYRES32], 0x44}}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$can_j1939(0x1d, 0x2, 0x7)
mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x0)
execve(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
r1 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', <r2=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000500)=@newqdisc={0x38, 0x24, 0x3fe3aa0262d8c583, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hhf={{0x8}, {0xc, 0x2, [@TCA_HHF_HH_FLOWS_LIMIT={0x8}]}}]}, 0x38}}, 0x40000)
mount(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x23010, 0x0)
move_pages(0x0, 0x20a0, &(0x7f0000000040), &(0x7f0000001180), &(0x7f0000000000), 0x0)

6.802222266s ago: executing program 2 (id=3173):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x200, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x4, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x4, 0x0, 0x0, 0x0, 0x2}}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x6, 0x1}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(0x0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
syz_open_dev$cec(0x0, 0x0, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat$vim2m(0xffffff9c, &(0x7f0000000180), 0x2, 0x0)
add_key(0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB, @ANYRES32=0x0, @ANYRES32, @ANYRES32], 0x44}}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$can_j1939(0x1d, 0x2, 0x7)
mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x0)
execve(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
r2 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000500)=@newqdisc={0x38, 0x24, 0x3fe3aa0262d8c583, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hhf={{0x8}, {0xc, 0x2, [@TCA_HHF_HH_FLOWS_LIMIT={0x8}]}}]}, 0x38}}, 0x40000)
move_pages(0x0, 0x20a0, &(0x7f0000000040), &(0x7f0000001180), &(0x7f0000000000), 0x0)
execve(&(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000d00)={[&(0x7f0000000840)='\x7f\xb7\xc3\x7f\xa5a\xd6A*c\x9b\xd8R\xf02b\xefA|uiWb\x8f\xee\x1c\xc5\xdb^\x11\x16h\x83\x94y<yN\xfbXh[\xe9\xa9\x1702\x7f\x9e\xf0\x99\xad\xdc;p\x98R\a\xb1\x9d^\x0f\x121\xb3\xab7P\xd6\xcb\x06\xfe2~W\xd9\xad\x80\xd9!\x89%\xb80\xa3l;\x1eK\x90\x15\xc6\x11A\xfc\x7f\xc6\xed\xe7\xa3\x9f\xb4\xce\"\xef\xa8\x86F\x15\xb9\rj\f\xafa\xb0}\xde\'E\x84\xb2bO\xd2\xd4\x85F\xde1e\xe0\xf2\xa0/\xd3<\xda\xfe\x04,\xfa\x97\xb6\xf4\xcf\x0el\xf2\xbd\x18\x88\xd7\x02\xce\x99\x1f\xadj\x89\xd9\xb7\xae9\xb0\xb0{n.\xd7\x87C\x0eh|KZG\x108l\n\xcd\xe9\x04\xafM\xbf\x83#>\x89\xf1Y{\x87\xd5\xf3\xccMr\xc5\xbdT\x9e\xc4\x84\x06\xcd\x8b\xcd\t\x01']})

5.818370507s ago: executing program 2 (id=3169):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
mq_open(&(0x7f0000000180)='/dev/snd/midiC#D#\x00', 0x1, 0x52, &(0x7f0000000200)={0x79f, 0x10, 0x7, 0x3})
accept4(r0, 0x0, 0x0, 0x800)
pipe2$9p(&(0x7f00000000c0), 0x880)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x101121)
r2 = dup(r1)
write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c)
r3 = syz_io_uring_setup(0x49a, &(0x7f0000000400)={0x0, 0x79af, 0x3180, 0x8000, 0x400246}, &(0x7f0000000340)=<r4=>0x0, &(0x7f00000006c0)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_MSG_RING={0x28, 0x40, 0x0, r3, 0x0, 0x0, 0x0, 0x2})
io_uring_enter(r3, 0x4c6e, 0xc67a, 0x8, 0x0, 0x0)
io_uring_enter(r3, 0x627, 0x4c1, 0x43, 0x0, 0x0)
r6 = syz_io_uring_setup(0x1c57, 0x0, &(0x7f00000003c0), 0x0)
io_uring_enter(r6, 0x2def, 0x4000, 0x0, 0x0, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x1, 0x2, 0xfffffffffffffffd, 0x0, 0x0, 0xffffffffffffffff}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff, 0x8000}, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[], 0x44}, 0x1, 0x0, 0x0, 0x40}, 0x20004080)
r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r7, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r8 = socket(0x400000000010, 0x3, 0x0)
r9 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNDEL(r9, 0x400448c9, &(0x7f0000000100)={@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x1})
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r10=>0x0})
sendmsg$nl_route_sched(r8, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r10, {0x0, 0x1}, {0xffff, 0xffff}, {0x0, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)

4.81666064s ago: executing program 2 (id=3170):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x1a9d42, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
mlock2(&(0x7f000000e000/0x1000)=nil, 0x1000, 0x0)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
syz_80211_join_ibss(&(0x7f0000000040)='wlan0\x00', &(0x7f0000000080)=@default_ibss_ssid, 0x6, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000000)={0x0}, 0x1, 0x0, 0x0, 0xc0}, 0x0)
socket(0x10, 0x80002, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback=0x20, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_emit_ethernet(0x50a, &(0x7f0000000d40)=ANY=[@ANYBLOB="ffffffffffffaaaaaaaaaa0086dd63ee288604d4110000000000000000000000000000000001fe88000000000000000000000000010100190000000000000102000005020001000100088caa3d9fc34610b96650af8b7759466a9a2493ebb0be5ee44f28a4a0804da09125fe957a68658da34ba0d628d0084a0a4346259bae17d28eedcde583bbf68690bc7ae234ce95f0f8b30ce1bc4fad9abb4dfd951cf242f06c54e7dcb889084b7f1aa87d8e5f7c4b446e0baab9c896857b779c078b9bacdad243cd53aeec911192408f0ac93d2fb3238e813e4163000100000100000100c910ff020000000000000000000000000001c910fe80000000000000000000000000003a050200000000000000007332000000000000050200090740000000010e0608000180ffffffffffff00020000000000000900000000000000010000000000000004000000000000000100000000000000bd9b000000000000c2040000000481aee29af31e62dba058e676be61a35214a83e45a88d07ca8903436ebc981602622e85bea50f9eae419b18774c3587b040659ac014880220b5b36b3488eda1bf9ed6aa21223358a82cc44b035307d0bcb2b6a2db0a649da291555cf3ec2fc2f713b2bec5cfa0df2d7c855bbead7e29aa63aaa25d2007f4183a54aa8dc5dd4ff872088c0938554fdc1122308949fdfe6f5438f67f828d5fbbb8794af8a782598e9c869981a631d8fc9695444f569d4ca3040101018b26289fed7ee581029317cc63c72358cceb3358d820b4e6fc3873f03aeac5f034e32d356a87215c1cab0d9ec13038fa08adba99e57b0499b9754609f6e5066847a3bbdc26c4fba18ee5a742927752e14420e3630da4064e5ca15961b67c27ee1261d9cfa4f035a71b279a36707de16a54c7712e8e398c5bb9f135f5bb45b7b7d6a65ba97aefae2baec023fb0502000201000000000000008704040280100600fe880000000000000000000000000101fc0100000000000000000000000000001201000000000000000100c20400000005000000000000002c0b00eb0700000000005e43e32b4823f0b16b7717e86c8c10d005afd0466b509b56063f809ab742441c2d4e8fdaeaef0c9058658052103c876416d709d56ed8f561be9ac7c901a748ca954e2e144607100000000302020700ffffffffffffffffc204000010000000003b0404020028ff0320010000000000000000000000000001fc020000000000000000000000000001161200000000000001010008882bea1a6e009d20fedce2f1a969b258671059b4957836292c34338fe61d97751bbe2f0f74f23f6dc613ff0e724162510b1fddf7472ef528cc45f0366d0bae465019925cfd2b7684b2c782e03c01009158499080ef74c92e79f76790a866979bb57200e2b629fb8d0cbfbc2df77bbc50efe8bb21e22eeaa55b96713ba6e4a1dfb68f208c51dbdeb4aec204fffffff700000000004e224e2200ec9078820400018000000034065ad17fec7227d872a5324d38306e4711f6177cc8c1f6c585ea4d1f6ddd644f858273babc902c18361d993580db96c386cd893b9f3208c945f3bd37afe49804e59ebba7c07cc69ce76d85dfaa249c77b02f61dbc4265b7a7abd2cadd165afa8fc8911b16d66641fe65d5e0cd18e0d005fbfeda1817b6a79cbaabdbd1c38119b6c5b8e65eccd8ed3734693730f39c953af7daf23c8ac3ea934729589998c306b71221075c87cf661929145f9ee48161cb2ec24751e2d10c1ef56f23daa32c0a74cdc425d1cebbb0df7f4ef2ef60d516c8fd7786c1c67e944dcf48c"], 0x0)
ioctl$SNDCTL_DSP_SPEED(0xffffffffffffffff, 0xc0045011, 0x0)
openat$rtc(0xffffff9c, 0x0, 0x8103, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x0, @pix_mp={0x80000000, 0x9, 0x31363553, 0x0, 0xa, [{0x2, 0x5}, {0x6, 0x7f37}, {0x200, 0x70}, {0x3, 0xf}, {0xa, 0x100}, {0x6, 0x589}, {0x8, 0x3ff}, {0x10041, 0x8}], 0x10, 0x8, 0x2, 0x2, 0x3}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
openat$uinput(0xffffff9c, 0x0, 0x802, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000032680)=""/102392, 0x18ff8)
socket$kcm(0x10, 0x2, 0x4)
r2 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000000), 0x121600, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffb000/0x4000)=nil, 0x930, 0x0, 0x4010, r2, 0x0)
syz_clone(0x1000, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x0)
request_key(&(0x7f0000000040)='asymmetric\x00', &(0x7f0000001ffb)={'syz', 0x1}, &(0x7f0000001fee)='R\x10rust\xe3c*sgrVex;De', 0x0)
mbind(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x2)

4.815420986s ago: executing program 1 (id=3179):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = openat$pfkey(0xffffff9c, 0x0, 0xa802, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x101121)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, 0x0, 0x0)
r2 = dup(r1)
write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c)
ioctl$sock_SIOCETHTOOL(r2, 0x8946, 0x0)
r3 = syz_io_uring_setup(0x1c57, &(0x7f0000000580)={0x0, 0x40ac, 0x10000, 0x2, 0x3f, 0x0, r2}, &(0x7f0000000180), &(0x7f0000000300))
r4 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000400)=@generic={&(0x7f0000000080)='./file0\x00'}, 0x14)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000440)={'team0\x00', <r5=>0x0})
bpf$MAP_CREATE(0x0, &(0x7f0000000600)=@bloom_filter={0x1e, 0x87f4, 0x637, 0x49, 0x800, r4, 0x6, '\x00', r5, 0xffffffffffffffff, 0x4, 0x1, 0x1, 0x6}, 0x50)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={0xffffffffffffffff, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000040)="76ea090000000000009ba56a88ca", 0x0, 0xfffffffe, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)
r6 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r6, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r6, 0x84, 0x6f, &(0x7f0000000200)={<r7=>0x0, 0x10, &(0x7f00000001c0)=[@in={0x2, 0x4e27, @rand_addr=0x64010100}]}, &(0x7f0000000140)=0x10)
setsockopt$inet6_IPV6_HOPOPTS(r6, 0x29, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x8)
getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r6, 0x84, 0x7a, &(0x7f0000000340)={r7, @in6={{0xa, 0x3, 0x4, @mcast1}}}, &(0x7f0000000040)=0x84)
io_uring_enter(r3, 0x2def, 0x4000, 0x0, 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount$afs(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='dyn'])
chdir(0x0)

4.807388024s ago: executing program 3 (id=3180):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
mq_open(&(0x7f0000000180)='/dev/snd/midiC#D#\x00', 0x1, 0x52, &(0x7f0000000200)={0x79f, 0x10, 0x7, 0x3})
accept4(r0, 0x0, 0x0, 0x800)
pipe2$9p(&(0x7f00000000c0), 0x880)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x101121)
r2 = dup(r1)
write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c)
r3 = syz_io_uring_setup(0x49a, &(0x7f0000000400)={0x0, 0x79af, 0x3180, 0x8000, 0x400246}, &(0x7f0000000340)=<r4=>0x0, &(0x7f00000006c0)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_MSG_RING={0x28, 0x40, 0x0, r3, 0x0, 0x0, 0x0, 0x2})
io_uring_enter(r3, 0x4c6e, 0xc67a, 0x8, 0x0, 0x0)
io_uring_enter(r3, 0x627, 0x4c1, 0x43, 0x0, 0x0)
r6 = syz_io_uring_setup(0x1c57, 0x0, &(0x7f00000003c0), 0x0)
io_uring_enter(r6, 0x2def, 0x4000, 0x0, 0x0, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x1, 0x2, 0xfffffffffffffffd, 0x0, 0x0, 0xffffffffffffffff}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff, 0x8000}, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[], 0x44}, 0x1, 0x0, 0x0, 0x40}, 0x20004080)
r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r7, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r8 = socket(0x400000000010, 0x3, 0x0)
r9 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNDEL(r9, 0x400448c9, &(0x7f0000000100)={@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x1})
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r10=>0x0})
sendmsg$nl_route_sched(r8, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r10, {0x0, 0x1}, {0xffff, 0xffff}, {0x0, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)

4.356104982s ago: executing program 1 (id=3171):
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000040)=0x8000000)
dup2(r0, r0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
socket$nl_xfrm(0x10, 0x3, 0x6)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff})
setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000000), 0x4)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r5, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000f80)=[@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000000180)=0x10)
getsockopt$inet_sctp_SCTP_MAX_BURST(r5, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={<r6=>0x0}, &(0x7f0000001080)=0x8)
getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r5, 0x84, 0x66, &(0x7f0000000ac0)={r6, 0xd0}, &(0x7f0000000b00)=0x8)
r7 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
read$FUSE(r7, 0x0, 0x0)
write$FUSE_DIRENTPLUS(r7, &(0x7f0000000840)=ANY=[@ANYBLOB="b0000000daffff", @ANYRES64=0x3, @ANYBLOB="040000000000000000000000000000000000000000000080040000000000000000000000ff000000010000000000f900060000000000", @ANYRES32, @ANYRES32], 0xb0)
ioctl$BLKZEROOUT(0xffffffffffffffff, 0x127f, 0x0)
r8 = socket$inet_smc(0x2b, 0x1, 0x0)
connect$inet(r8, &(0x7f0000000000)={0x2, 0x4001, @remote}, 0x10)
setsockopt$SO_BINDTODEVICE_wg(r8, 0x1, 0x19, &(0x7f0000000080)='wg1\x00', 0x4)

3.729928308s ago: executing program 3 (id=3172):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = io_uring_setup(0x3eae, &(0x7f0000000080)={0x0, 0x6d37, 0x100, 0x10, 0x3fffffe})
r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r6, 0x0, 0x0)
io_uring_register$IORING_REGISTER_BUFFERS(r5, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
fchdir(0xffffffffffffffff)
r7 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0x149a82, 0x48)
write$cgroup_int(r7, &(0x7f0000000000)=0xfe8e, 0x12)
socketpair(0x23, 0x2, 0x1, &(0x7f0000000040))
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x800}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000040), r1)
sendmsg$IPSET_CMD_ADD(r0, &(0x7f0000000000)={0x0, 0xffffffffffffff98, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[], 0x44}, 0x1, 0x0, 0x0, 0x10000047}, 0x0)

3.255400656s ago: executing program 1 (id=3175):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x200, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x4, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x4, 0x0, 0x0, 0x0, 0x2}}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x6, 0x1}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
syz_open_dev$cec(0x0, 0x0, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat$vim2m(0xffffff9c, &(0x7f0000000180), 0x2, 0x0)
add_key(0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB, @ANYRES32=0x0, @ANYRES32, @ANYRES32], 0x44}}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$can_j1939(0x1d, 0x2, 0x7)
mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x0)
execve(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
r3 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000500)=@newqdisc={0x38, 0x24, 0x3fe3aa0262d8c583, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hhf={{0x8}, {0xc, 0x2, [@TCA_HHF_HH_FLOWS_LIMIT={0x8}]}}]}, 0x38}}, 0x40000)
move_pages(0x0, 0x20a0, &(0x7f0000000040), &(0x7f0000001180), &(0x7f0000000000), 0x0)

2.967528722s ago: executing program 2 (id=3176):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x200, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x4, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x4, 0x0, 0x0, 0x0, 0x2}}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x6, 0x1}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
syz_open_dev$cec(0x0, 0x0, 0x2)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat$vim2m(0xffffff9c, &(0x7f0000000180), 0x2, 0x0)
add_key(0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB, @ANYRES32=0x0, @ANYRES32, @ANYRES32], 0x44}}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$can_j1939(0x1d, 0x2, 0x7)
mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x0)
execve(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
r1 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', <r2=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000500)=@newqdisc={0x38, 0x24, 0x3fe3aa0262d8c583, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hhf={{0x8}, {0xc, 0x2, [@TCA_HHF_HH_FLOWS_LIMIT={0x8}]}}]}, 0x38}}, 0x40000)
mount(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x23010, 0x0)
move_pages(0x0, 0x20a0, &(0x7f0000000040), &(0x7f0000001180), &(0x7f0000000000), 0x0)

2.650472526s ago: executing program 2 (id=3177):
r0 = socket$inet(0xa, 0x2, 0x284)
connect$inet(r0, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10)
listen(r0, 0x8)
r1 = accept4(r0, 0x0, 0x0, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0xc, &(0x7f0000000b80)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b7030000000000008500000072000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000340)='block_bio_remap\x00', r2, 0x0, 0x8}, 0x18)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r3, &(0x7f00000000c0)={0xa, 0xfffd, 0x0, @mcast1, 0x2}, 0x1c)
r4 = socket$inet(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000300)={'bond0\x00', <r5=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r3, 0x29, 0x32, &(0x7f0000000280)={@ipv4={'\x00', '\xff\xff', @broadcast}, r5}, 0x14)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r6}, 0x10)
r7 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3)
ioctl$FS_IOC_GETFSLABEL(r7, 0x400452c9, &(0x7f0000000100))
quotactl$Q_SYNC(0xffffffff80000102, 0x0, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r1, 0x84, 0x7b, &(0x7f0000000140)={0x0, 0x1}, 0x8)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x4)
sendfile64(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000280)=0x8001, 0x7)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r1, 0x84, 0x7c, &(0x7f0000000180)={0x0, 0x6}, 0x8)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x6, 0x4, &(0x7f0000000300)=@framed={{0x18, 0x2}, [@alu={0x7, 0x0, 0x8, 0x0, 0x9, 0x18}]}, &(0x7f0000000040)='syzkaller\x00', 0x5}, 0x90)
r8 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
syz_usb_connect$cdc_ncm(0x4, 0x6e, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000020000002505a1a440000102030109025c0002010000000904000001a3f45747d649f9a30105240000000d240f8100000000000000000006241a0000000905810300000000000904010000020d00000904010102020d000009058202000000000009050302"], 0x0)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000100)=ANY=[@ANYBLOB="120100001ddf8208c007121522300000000109021b0001000000010904010001faf40d00090582"], 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
close_range(r8, 0xffffffffffffffff, 0x0)
r9 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r10 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
connect$802154_dgram(r10, &(0x7f0000000000)={0x10, @short}, 0x2)
bind$bt_hci(r9, &(0x7f0000000000)={0x1f, 0xffff, 0x3}, 0x6)

2.604591182s ago: executing program 3 (id=3178):
getpid()
openat$drirender128(0xffffffffffffff9c, 0x0, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x2, 0x0, &(0x7f0000000280)="f5b2"})
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
read$FUSE(r3, &(0x7f00000034c0)={0x2020}, 0xcac)
r4 = syz_io_uring_setup(0x3811, &(0x7f0000000380)={0x0, 0x6417, 0x10100, 0x0, 0xffffffff}, &(0x7f0000000080)=<r5=>0x0, &(0x7f0000000100)=<r6=>0x0)
syz_io_uring_submit(r5, r6, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x4, 0x0, @fd=r0})
io_uring_enter(r4, 0x2ded, 0x4000, 0x0, 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000580)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x57, 0x7fc00100}]})
socket$nl_netfilter(0x10, 0x3, 0xc)

2.587435301s ago: executing program 0 (id=3181):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x200, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x4, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x4, 0x0, 0x0, 0x0, 0x2}}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x6, 0x1}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
syz_open_dev$cec(0x0, 0x0, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat$vim2m(0xffffff9c, &(0x7f0000000180), 0x2, 0x0)
add_key(0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$can_j1939(0x1d, 0x2, 0x7)
mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x0)
execve(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
r3 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000500)=@newqdisc={0x38, 0x24, 0x3fe3aa0262d8c583, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hhf={{0x8}, {0xc, 0x2, [@TCA_HHF_HH_FLOWS_LIMIT={0x8}]}}]}, 0x38}}, 0x40000)
move_pages(0x0, 0x20a0, &(0x7f0000000040), &(0x7f0000001180), &(0x7f0000000000), 0x0)
execve(&(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000d00)={[&(0x7f0000000840)='\x7f\xb7\xc3\x7f\xa5a\xd6A*c\x9b\xd8R\xf02b\xefA|uiWb\x8f\xee\x1c\xc5\xdb^\x11\x16h\x83\x94y<yN\xfbXh[\xe9\xa9\x1702\x7f\x9e\xf0\x99\xad\xdc;p\x98R\a\xb1\x9d^\x0f\x121\xb3\xab7P\xd6\xcb\x06\xfe2~W\xd9\xad\x80\xd9!\x89%\xb80\xa3l;\x1eK\x90\x15\xc6\x11A\xfc\x7f\xc6\xed\xe7\xa3\x9f\xb4\xce\"\xef\xa8\x86F\x15\xb9\rj\f\xafa\xb0}\xde\'E\x84\xb2bO\xd2\xd4\x85F\xde1e\xe0\xf2\xa0/\xd3<\xda\xfe\x04,\xfa\x97\xb6\xf4\xcf\x0el\xf2\xbd\x18\x88\xd7\x02\xce\x99\x1f\xadj\x89\xd9\xb7\xae9\xb0\xb0{n.\xd7\x87C\x0eh|KZG\x108l\n\xcd\xe9\x04\xafM\xbf\x83#>\x89\xf1Y{\x87\xd5\xf3\xccMr\xc5\xbdT\x9e\xc4\x84\x06\xcd\x8b\xcd\t\x01']})

2.20338318s ago: executing program 1 (id=3182):
getpid()
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
openat$drirender128(0xffffffffffffff9c, 0x0, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x2, 0x0, &(0x7f0000000280)="f5b2"})
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
read$FUSE(r2, &(0x7f00000034c0)={0x2020}, 0xcac)
r3 = syz_io_uring_setup(0x3811, &(0x7f0000000380)={0x0, 0x6417, 0x10100, 0x0, 0xffffffff}, &(0x7f0000000080)=<r4=>0x0, &(0x7f0000000100)=<r5=>0x0)
syz_io_uring_submit(r4, r5, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x4, 0x0, @fd=r0})
io_uring_enter(r3, 0x2ded, 0x4000, 0x0, 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000580)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x57, 0x7fc00100}]})
socket$nl_netfilter(0x10, 0x3, 0xc)

1.725030168s ago: executing program 3 (id=3183):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000680), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_PAUSE_GET(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f00000001c0)={0x2c, r2, 0x1, 0x70bd26, 0x0, {0x25}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'dummy0\x00'}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x2008040}, 0x880)
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x184, 0x10, 0x713, 0x0, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in=@initdev={0xac, 0x1e, 0x0, 0x0}}, {@in6=@local, 0x0, 0x33}, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_crypt={0x48, 0x4, {{'ecb(cipher_null)\x00'}}}, @algo_auth_trunc={0x4c, 0x14, {{'sha1\x00'}}}]}, 0x184}}, 0x0)

1.701326092s ago: executing program 3 (id=3184):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
mq_open(&(0x7f0000000180)='/dev/snd/midiC#D#\x00', 0x1, 0x52, &(0x7f0000000200)={0x79f, 0x10, 0x7, 0x3})
accept4(r0, 0x0, 0x0, 0x800)
pipe2$9p(&(0x7f00000000c0), 0x880)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x101121)
r2 = dup(r1)
write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c)
r3 = syz_io_uring_setup(0x49a, &(0x7f0000000400)={0x0, 0x79af, 0x3180, 0x8000, 0x400246}, &(0x7f0000000340)=<r4=>0x0, &(0x7f00000006c0)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_MSG_RING={0x28, 0x40, 0x0, r3, 0x0, 0x0, 0x0, 0x2})
io_uring_enter(r3, 0x4c6e, 0xc67a, 0x8, 0x0, 0x0)
io_uring_enter(r3, 0x627, 0x4c1, 0x43, 0x0, 0x0)
r6 = syz_io_uring_setup(0x1c57, 0x0, &(0x7f00000003c0), 0x0)
io_uring_enter(r6, 0x2def, 0x4000, 0x0, 0x0, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x1, 0x2, 0xfffffffffffffffd, 0x0, 0x0, 0xffffffffffffffff}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff, 0x8000}, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="447e0000000000ac5d5b591238dc4d3cf99dfa", @ANYRES32=0x0], 0x44}, 0x1, 0x0, 0x0, 0x40}, 0x20004080)
r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r7, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r8 = socket(0x400000000010, 0x3, 0x0)
r9 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNDEL(r9, 0x400448c9, &(0x7f0000000100)={@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x1})
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r10=>0x0})
sendmsg$nl_route_sched(r8, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r10, {0x0, 0x1}, {0xffff, 0xffff}, {0x0, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)

1.651986318s ago: executing program 0 (id=3185):
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r0, 0xc058534f, &(0x7f00000001c0)={{0xf, 0x1}, 0x1, 0x4, 0x2})

1.278619291s ago: executing program 1 (id=3186):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fc00100}]})
ioctl$F2FS_IOC_MOVE_RANGE(r0, 0xc020f509, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f0000000240)={<r1=>0x0})
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f0000000400))
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_SEND(r0, 0xc0182101, &(0x7f00000001c0)={r1})

1.277480837s ago: executing program 0 (id=3194):
r0 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
mkdirat(r0, &(0x7f0000000340)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000400)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1/file0\x00', 0x0)
r1 = io_uring_setup(0xad5, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x3d0})
r2 = openat$tun(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x2})
preadv2(r2, &(0x7f0000000340)=[{&(0x7f0000000100)=""/65, 0x41}], 0x1, 0x0, 0x0, 0x0)
close(r1)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
ioctl$TUNSETIFF(r3, 0x541b, 0x0)
mount$bind(&(0x7f0000000100)='.\x00', &(0x7f0000000280)='./file1/file0\x00', 0x0, 0x201008, 0x0)
mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000000), 0x0, &(0x7f00000004c0)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file1/file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f0000001180)='./bus\x00')
r4 = socket$inet(0xa, 0x801, 0x84)
connect$inet(r4, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10)
listen(r4, 0x8)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r5, 0x0)

1.046300123s ago: executing program 0 (id=3187):
syz_open_dev$media(&(0x7f00000006c0), 0x2, 0x40b02)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)={0x2c, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2, 0x0, 0x1}, [@CTA_TUPLE_REPLY={0x18, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @empty}, {0x8, 0x2, @loopback}}}]}]}, 0x2c}}, 0x0)
r1 = syz_io_uring_setup(0x234, &(0x7f0000000580)={0x0, 0x0, 0x10100}, 0x0, &(0x7f0000000100)=<r2=>0x0)
r3 = getpid()
r4 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x40000)
ioctl$SG_IO(r4, 0x2285, &(0x7f0000000440)={0x53, 0xfffffffffffffffb, 0x6, 0x0, @buffer={0x23, 0x13, &(0x7f0000000040)=""/19}, &(0x7f0000000240)="851666ce20db", 0x0, 0x10, 0x3b, 0xfffffffc, 0x0})
prctl$PR_SCHED_CORE(0x3e, 0x4, r3, 0x3, &(0x7f0000000080))
syz_io_uring_submit(0x0, r2, &(0x7f00000009c0)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, 0x8})
io_uring_setup(0x560e, &(0x7f0000000a40)={0x0, 0xb589, 0x2, 0x0, 0x3bd})
r5 = syz_init_net_socket$ax25(0x3, 0x5, 0x0)
r6 = syz_open_dev$evdev(&(0x7f0000000000), 0x1, 0x40000)
ioctl$EVIOCGEFFECTS(r6, 0x80044584, &(0x7f0000000740)=""/82)
listen(r5, 0x3)
accept4(r0, 0x0, 0x0, 0x1000)
io_uring_enter(r1, 0x207a98, 0x0, 0x0, 0x0, 0x0)

966.275745ms ago: executing program 0 (id=3188):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x200, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x4, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x4, 0x0, 0x0, 0x0, 0x2}}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x6, 0x1}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat$vim2m(0xffffff9c, &(0x7f0000000180), 0x2, 0x0)
add_key(0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB, @ANYRES32=0x0, @ANYRES32, @ANYRES32], 0x44}}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$can_j1939(0x1d, 0x2, 0x7)
mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x0)
execve(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
r3 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000500)=@newqdisc={0x38, 0x24, 0x3fe3aa0262d8c583, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hhf={{0x8}, {0xc, 0x2, [@TCA_HHF_HH_FLOWS_LIMIT={0x8}]}}]}, 0x38}}, 0x40000)
mount(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x23010, 0x0)
move_pages(0x0, 0x20a0, &(0x7f0000000040), &(0x7f0000001180), &(0x7f0000000000), 0x0)

696.826303ms ago: executing program 3 (id=3189):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = io_uring_setup(0x3eae, &(0x7f0000000080)={0x0, 0x6d37, 0x100, 0x10, 0x3fffffe})
r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r6, 0x0, 0x0)
io_uring_register$IORING_REGISTER_BUFFERS(r5, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
fchdir(0xffffffffffffffff)
r7 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0x149a82, 0x48)
write$cgroup_int(r7, &(0x7f0000000000)=0xfe8e, 0x12)
socketpair(0x23, 0x2, 0x1, &(0x7f0000000040))
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x800}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000040), r1)
sendmsg$IPSET_CMD_ADD(r0, &(0x7f0000000000)={0x0, 0xffffffffffffff98, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[], 0x44}, 0x1, 0x0, 0x0, 0x10000047}, 0x0)

366.754396ms ago: executing program 1 (id=3190):
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
openat$drirender128(0xffffffffffffff9c, 0x0, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x2, 0x0, &(0x7f0000000280)="f5b2"})
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
read$FUSE(r3, &(0x7f00000034c0)={0x2020}, 0xcac)
r4 = syz_io_uring_setup(0x3811, &(0x7f0000000380)={0x0, 0x6417, 0x10100, 0x0, 0xffffffff}, &(0x7f0000000080)=<r5=>0x0, &(0x7f0000000100)=<r6=>0x0)
syz_io_uring_submit(r5, r6, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x4, 0x0, @fd=r0})
io_uring_enter(r4, 0x2ded, 0x4000, 0x0, 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000580)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x57, 0x7fc00100}]})
socket$nl_netfilter(0x10, 0x3, 0xc)

0s ago: executing program 0 (id=3191):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x1a9d42, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
mlock2(&(0x7f000000e000/0x1000)=nil, 0x1000, 0x0)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
syz_80211_join_ibss(&(0x7f0000000040)='wlan0\x00', &(0x7f0000000080)=@default_ibss_ssid, 0x6, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000000)={0x0}, 0x1, 0x0, 0x0, 0xc0}, 0x0)
socket(0x10, 0x80002, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018", @ANYRES32, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback=0x20, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_emit_ethernet(0x50a, &(0x7f0000000d40)=ANY=[@ANYBLOB="ffffffffffffaaaaaaaaaa0086dd63ee288604d4110000000000000000000000000000000001fe88000000000000000000000000010100190000000000000102000005020001000100088caa3d9fc34610b96650af8b7759466a9a2493ebb0be5ee44f28a4a0804da09125fe957a68658da34ba0d628d0084a0a4346259bae17d28eedcde583bbf68690bc7ae234ce95f0f8b30ce1bc4fad9abb4dfd951cf242f06c54e7dcb889084b7f1aa87d8e5f7c4b446e0baab9c896857b779c078b9bacdad243cd53aeec911192408f0ac93d2fb3238e813e4163000100000100000100c910ff020000000000000000000000000001c910fe80000000000000000000000000003a050200000000000000007332000000000000050200090740000000010e0608000180ffffffffffff00020000000000000900000000000000010000000000000004000000000000000100000000000000bd9b000000000000c2040000000481aee29af31e62dba058e676be61a35214a83e45a88d07ca8903436ebc981602622e85bea50f9eae419b18774c3587b040659ac014880220b5b36b3488eda1bf9ed6aa21223358a82cc44b035307d0bcb2b6a2db0a649da291555cf3ec2fc2f713b2bec5cfa0df2d7c855bbead7e29aa63aaa25d2007f4183a54aa8dc5dd4ff872088c0938554fdc1122308949fdfe6f5438f67f828d5fbbb8794af8a782598e9c869981a631d8fc9695444f569d4ca3040101018b26289fed7ee581029317cc63c72358cceb3358d820b4e6fc3873f03aeac5f034e32d356a87215c1cab0d9ec13038fa08adba99e57b0499b9754609f6e5066847a3bbdc26c4fba18ee5a742927752e14420e3630da4064e5ca15961b67c27ee1261d9cfa4f035a71b279a36707de16a54c7712e8e398c5bb9f135f5bb45b7b7d6a65ba97aefae2baec023fb0502000201000000000000008704040280100600fe880000000000000000000000000101fc0100000000000000000000000000001201000000000000000100c20400000005000000000000002c0b00eb0700000000005e43e32b4823f0b16b7717e86c8c10d005afd0466b509b56063f809ab742441c2d4e8fdaeaef0c9058658052103c876416d709d56ed8f561be9ac7c901a748ca954e2e144607100000000302020700ffffffffffffffffc204000010000000003b0404020028ff0320010000000000000000000000000001fc020000000000000000000000000001161200000000000001010008882bea1a6e009d20fedce2f1a969b258671059b4957836292c34338fe61d97751bbe2f0f74f23f6dc613ff0e724162510b1fddf7472ef528cc45f0366d0bae465019925cfd2b7684b2c782e03c01009158499080ef74c92e79f76790a866979bb57200e2b629fb8d0cbfbc2df77bbc50efe8bb21e22eeaa55b96713ba6e4a1dfb68f208c51dbdeb4aec204fffffff700000000004e224e2200ec9078820400018000000034065ad17fec7227d872a5324d38306e4711f6177cc8c1f6c585ea4d1f6ddd644f858273babc902c18361d993580db96c386cd893b9f3208c945f3bd37afe49804e59ebba7c07cc69ce76d85dfaa249c77b02f61dbc4265b7a7abd2cadd165afa8fc8911b16d66641fe65d5e0cd18e0d005fbfeda1817b6a79cbaabdbd1c38119b6c5b8e65eccd8ed3734693730f39c953af7daf23c8ac3ea934729589998c306b71221075c87cf661929145f9ee48161cb2ec24"], 0x0)
ioctl$SNDCTL_DSP_SPEED(0xffffffffffffffff, 0xc0045011, 0x0)
openat$rtc(0xffffff9c, 0x0, 0x8103, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x0, @pix_mp={0x80000000, 0x9, 0x31363553, 0x0, 0xa, [{0x2, 0x5}, {0x6, 0x7f37}, {0x200, 0x70}, {0x3, 0xf}, {0xa, 0x100}, {0x6, 0x589}, {0x8, 0x3ff}, {0x10041, 0x8}], 0x10, 0x8, 0x2, 0x2, 0x3}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
openat$uinput(0xffffff9c, 0x0, 0x802, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000032680)=""/102392, 0x18ff8)
socket$kcm(0x10, 0x2, 0x4)
r2 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000000), 0x121600, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffb000/0x4000)=nil, 0x930, 0x0, 0x4010, r2, 0x0)
syz_clone(0x1000, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x0)
request_key(&(0x7f0000000040)='asymmetric\x00', &(0x7f0000001ffb)={'syz', 0x1}, &(0x7f0000001fee)='R\x10rust\xe3c*sgrVex;De', 0x0)
mbind(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x2)

kernel console output (not intermixed with test programs):

a1: illegal qc_active transition (00000000->00000020)
[  564.066855][ T1110] ata1: SATA link up 1.5 Gbps (SStatus 113 SControl 300)
[  564.071717][ T1110] ata1.00: configured for UDMA/100
[  564.073151][ T6026] usb 8-1: new high-speed USB device number 51 using dummy_hcd
[  564.203119][ T6026] usb 8-1: device descriptor read/64, error -71
[  564.652218][T15125] binder: 15122:15125 ioctl c0306201 0 returned -14
[  564.723074][ T6026] usb 8-1: new high-speed USB device number 52 using dummy_hcd
[  564.758594][T15130] binder: 15126:15130 ioctl c0306201 0 returned -14
[  564.863088][ T6026] usb 8-1: device descriptor read/64, error -71
[  564.973253][ T6026] usb usb8-port1: attempt power cycle
[  565.086917][T15134] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2552'.
[  565.090919][T15134] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2552'.
[  565.095029][T15134] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2552'.
[  565.113681][T15134] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2552'.
[  565.118007][T15134] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2552'.
[  565.323477][ T6026] usb 8-1: new high-speed USB device number 53 using dummy_hcd
[  565.363860][ T6026] usb 8-1: device descriptor read/8, error -71
[  565.623115][ T6026] usb 8-1: new high-speed USB device number 54 using dummy_hcd
[  565.643462][ T6026] usb 8-1: device descriptor read/8, error -71
[  565.759564][ T6026] usb usb8-port1: unable to enumerate USB device
[  566.860716][T15158] kAFS: No cell specified
[  567.131428][T15163] kAFS: No cell specified
[  567.384767][T15167] binder: 15165:15167 ioctl c0306201 0 returned -14
[  567.475200][T15169] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2562'.
[  567.478136][T15169] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2562'.
[  567.542325][T15169] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2562'.
[  567.547303][T15169] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2562'.
[  567.550705][ T5963] Process accounting resumed
[  567.646981][T15169] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2562'.
[  567.727629][T15176] FAULT_INJECTION: forcing a failure.
[  567.727629][T15176] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  567.731667][T15176] CPU: 1 UID: 0 PID: 15176 Comm: syz.2.2564 Not tainted 6.16.0-rc4-syzkaller-00123-g4c06e63b9203 #0 PREEMPT(full) 
[  567.731681][T15176] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  567.731688][T15176] Call Trace:
[  567.731693][T15176]  <TASK>
[  567.731697][T15176]  dump_stack_lvl+0x16c/0x1f0
[  567.731716][T15176]  should_fail_ex+0x512/0x640
[  567.731734][T15176]  _copy_from_iter+0x29f/0x16f0
[  567.731755][T15176]  ? __pfx__copy_from_iter+0x10/0x10
[  567.731771][T15176]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  567.731788][T15176]  copy_page_from_iter+0xde/0x180
[  567.731806][T15176]  tun_build_skb.constprop.0+0x2e8/0x14f0
[  567.731823][T15176]  ? __pfx_tun_build_skb.constprop.0+0x10/0x10
[  567.731836][T15176]  ? __lock_acquire+0x622/0x1c90
[  567.731857][T15176]  ? find_held_lock+0x2b/0x80
[  567.731869][T15176]  tun_get_user+0x165f/0x3b80
[  567.731885][T15176]  ? __pfx_tun_get_user+0x10/0x10
[  567.731895][T15176]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  567.731915][T15176]  ? find_held_lock+0x2b/0x80
[  567.731926][T15176]  ? tun_get+0x191/0x370
[  567.731945][T15176]  tun_chr_write_iter+0xdc/0x210
[  567.731956][T15176]  vfs_write+0x6c4/0x1150
[  567.731972][T15176]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  567.731984][T15176]  ? __pfx_vfs_write+0x10/0x10
[  567.731997][T15176]  ? find_held_lock+0x2b/0x80
[  567.732020][T15176]  ksys_write+0x12a/0x250
[  567.732035][T15176]  ? __pfx_ksys_write+0x10/0x10
[  567.732051][T15176]  ? rcu_is_watching+0x12/0xc0
[  567.732064][T15176]  __do_fast_syscall_32+0x7c/0x3a0
[  567.732083][T15176]  do_fast_syscall_32+0x32/0x80
[  567.732099][T15176]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  567.732112][T15176] RIP: 0023:0xf7fb2579
[  567.732120][T15176] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  567.732131][T15176] RSP: 002b:00000000f50d6520 EFLAGS: 00000293 ORIG_RAX: 0000000000000004
[  567.732140][T15176] RAX: ffffffffffffffda RBX: 00000000000000c8 RCX: 0000000080000680
[  567.732147][T15176] RDX: 0000000000000036 RSI: 00000000f7443ff4 RDI: 0000000000000000
[  567.732153][T15176] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  567.732158][T15176] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  567.732164][T15176] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  567.732177][T15176]  </TASK>
[  569.173173][ T5963] usb 6-1: new high-speed USB device number 58 using dummy_hcd
[  569.864341][ T5963] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  569.867090][ T5963] usb 6-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  569.870327][ T5963] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66
[  569.873368][ T5963] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9
[  569.876845][ T5963] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024
[  569.881740][ T5963] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  569.884670][ T5963] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  569.887234][ T5963] usb 6-1: Product: syz
[  569.888655][ T5963] usb 6-1: Manufacturer: syz
[  569.914881][ T5963] cdc_wdm 6-1:1.0: skipping garbage
[  569.960423][ T5963] cdc_wdm 6-1:1.0: skipping garbage
[  569.963814][ T5963] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device
[  569.965606][ T5963] cdc_wdm 6-1:1.0: Unknown control protocol
[  570.156409][  T837] usb 6-1: USB disconnect, device number 58
[  570.521682][ T5968] Bluetooth: hci0: connection err: -111
[  570.531080][T15223] __nla_validate_parse: 2 callbacks suppressed
[  570.531092][T15223] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2576'.
[  570.913077][  T836] usb 8-1: new high-speed USB device number 55 using dummy_hcd
[  571.083050][  T836] usb 8-1: Using ep0 maxpacket: 8
[  571.086432][  T836] usb 8-1: config 0 has no interfaces?
[  571.090275][  T836] usb 8-1: New USB device found, idVendor=046d, idProduct=08ae, bcdDevice=11.58
[  571.093915][  T836] usb 8-1: New USB device strings: Mfr=241, Product=1, SerialNumber=3
[  571.103203][  T836] usb 8-1: Product: syz
[  571.104866][  T836] usb 8-1: Manufacturer: syz
[  571.113055][  T836] usb 8-1: SerialNumber: syz
[  571.125328][  T836] usb 8-1: config 0 descriptor??
[  571.484420][T14801] usb 8-1: USB disconnect, device number 55
[  571.685330][T15240] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2581'.
[  571.763117][   T40] audit: type=1326 audit(2000000440.819:112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15233 comm="syz.0.2579" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f63579 code=0x7fc00000
[  571.983177][  T836] usb 5-1: new full-speed USB device number 62 using dummy_hcd
[  572.145807][  T836] usb 5-1: config 0 interface 0 altsetting 4 endpoint 0x81 has invalid maxpacket 1024, setting to 64
[  572.149268][  T836] usb 5-1: config 0 interface 0 altsetting 4 has 2 endpoint descriptors, different from the interface descriptor's value: 7
[  572.153336][  T836] usb 5-1: config 0 interface 0 has no altsetting 0
[  572.155392][  T836] usb 5-1: New USB device found, idVendor=047f, idProduct=c055, bcdDevice= 0.00
[  572.158491][  T836] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  572.162133][  T836] usb 5-1: config 0 descriptor??
[  572.167691][T15242] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  572.379073][T15242] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  572.390401][T15242] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  572.396737][  T836] usbhid 5-1:0.0: can't add hid device: -71
[  572.398636][  T836] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  572.403744][  T836] usb 5-1: USB disconnect, device number 62
[  572.513597][T15253] binder: 15248:15253 ioctl c0306201 0 returned -14
[  572.853228][   T55] usb 5-1: new high-speed USB device number 63 using dummy_hcd
[  573.003016][   T55] usb 5-1: Using ep0 maxpacket: 32
[  573.035948][   T55] usb 5-1: config 0 interface 0 altsetting 4 endpoint 0x2 has an invalid bInterval 129, changing to 11
[  573.039332][   T55] usb 5-1: config 0 interface 0 altsetting 4 has 2 endpoint descriptors, different from the interface descriptor's value: 7
[  573.043356][   T55] usb 5-1: config 0 interface 0 has no altsetting 0
[  573.050573][   T55] usb 5-1: New USB device found, idVendor=047f, idProduct=c055, bcdDevice= 0.00
[  573.063085][   T55] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  573.067020][   T55] usb 5-1: config 0 descriptor??
[  573.073733][   T55] hub 5-1:0.0: bad descriptor, ignoring hub
[  573.075576][   T55] hub 5-1:0.0: probe with driver hub failed with error -5
[  573.483779][   T55] plantronics 0003:047F:C055.0007: hiddev0,hidraw1: USB HID v0.00 Device [HID 047f:c055] on usb-dummy_hcd.0-1/input0
[  573.891551][    C3] ata1: illegal qc_active transition (00000000->00020000)
[  574.226347][ T1110] ata1: SATA link up 1.5 Gbps (SStatus 113 SControl 300)
[  574.234396][ T1110] ata1.00: configured for UDMA/100
[  574.389412][T15281] kAFS: No cell specified
[  574.701286][   T40] audit: type=1326 audit(2000000443.769:113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15233 comm="syz.0.2579" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7f63579 code=0x7fc00000
[  574.863811][T14801] usb 5-1: USB disconnect, device number 63
[  574.898159][T15287] binder: 15285:15287 ioctl c0306201 0 returned -14
[  575.895589][T15304] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2596'.
[  576.683044][T14801] usb 8-1: new high-speed USB device number 56 using dummy_hcd
[  576.752259][T15318] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2597'.
[  576.755687][T15316] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2595'.
[  576.758518][T15316] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2595'.
[  576.762717][T15318] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2597'.
[  576.811381][T15316] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2595'.
[  576.814393][T15318] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2597'.
[  576.817192][T15318] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2597'.
[  576.837340][T15316] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2595'.
[  576.845538][   T29] Process accounting resumed
[  576.853068][T14801] usb 8-1: Using ep0 maxpacket: 8
[  576.856816][T14801] usb 8-1: config 0 has no interfaces?
[  576.860295][T14801] usb 8-1: New USB device found, idVendor=046d, idProduct=08ae, bcdDevice=11.58
[  576.864163][T14801] usb 8-1: New USB device strings: Mfr=241, Product=1, SerialNumber=3
[  576.866711][T14801] usb 8-1: Product: syz
[  576.868298][T14801] usb 8-1: Manufacturer: syz
[  576.869950][T14801] usb 8-1: SerialNumber: syz
[  576.872842][T14801] usb 8-1: config 0 descriptor??
[  576.907499][T15316] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2595'.
[  577.083239][T14801] usb 8-1: USB disconnect, device number 56
[  577.095692][T12559] Process accounting resumed
[  577.882665][T15341] binder: 15339:15341 ioctl c0306201 0 returned -14
[  578.755836][T15347] binder: 15345:15347 ioctl c0306201 0 returned -14
[  579.096992][    C3] ata1: illegal qc_active transition (00000000->00000010)
[  579.103044][  T837] usb 5-1: new high-speed USB device number 64 using dummy_hcd
[  579.263038][  T837] usb 5-1: Using ep0 maxpacket: 32
[  579.266052][  T837] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  579.271011][  T837] usb 5-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  579.274595][  T837] usb 5-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  579.277545][  T837] usb 5-1: Product: syz
[  579.279351][  T837] usb 5-1: Manufacturer: syz
[  579.280907][  T837] usb 5-1: SerialNumber: syz
[  579.284215][  T837] usb 5-1: config 0 descriptor??
[  579.287245][T15352] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  579.292299][  T837] hub 5-1:0.0: bad descriptor, ignoring hub
[  579.294745][  T837] hub 5-1:0.0: probe with driver hub failed with error -5
[  579.428230][ T1110] ata1: SATA link up 1.5 Gbps (SStatus 113 SControl 300)
[  579.435898][ T1110] ata1.00: configured for UDMA/100
[  579.936464][T14801] usb 5-1: USB disconnect, device number 64
[  580.093269][T14801] usb 5-1: new full-speed USB device number 65 using dummy_hcd
[  580.263549][T14801] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x85 has invalid maxpacket 1024, setting to 64
[  580.268505][T14801] usb 5-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  580.271175][T14801] usb 5-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  580.279378][T14801] usb 5-1: Product: syz
[  580.281220][T14801] usb 5-1: Manufacturer: syz
[  580.282662][T14801] usb 5-1: SerialNumber: syz
[  580.289905][T14801] usb 5-1: config 0 descriptor??
[  580.292319][T15364] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  580.330417][T14801] hub 5-1:0.0: bad descriptor, ignoring hub
[  580.332350][T14801] hub 5-1:0.0: probe with driver hub failed with error -5
[  580.616979][T15377] fuse: Bad value for 'fd'
[  580.673886][  T837] usb 5-1: USB disconnect, device number 65
[  580.686588][T15380] binder: 15378:15380 ioctl c0306201 0 returned -14
[  581.386241][T15397] binder: 15390:15397 ioctl c0306201 0 returned -14
[  581.860977][ T1110] ata1.00: Read log 0x10 page 0x00 failed, Emask 0x1
[  581.872779][ T1110] ata1: failed to read log page 10h (errno=-5)
[  581.893054][ T1110] ata1.00: exception Emask 0x1 SAct 0x40 SErr 0x0 action 0x0
[  581.895154][ T1110] ata1.00: irq_stat 0x40000000
[  581.903698][ T1110] ata1.00: failed command: WRITE FPDMA QUEUED
[  581.905365][ T1110] ata1.00: cmd 61/48:30:36:31:08/00:00:00:00:00/40 tag 6 ncq dma 36864 out
[  581.905365][ T1110]          res 50/04:00:00:00:00/00:00:00:00:00/00 Emask 0x1 (device error)
[  581.909928][ T1110] ata1.00: status: { DRDY }
[  581.911236][ T1110] ata1.00: error: { ABRT }
[  581.913988][ T1110] ata1.00: configured for UDMA/100
[  581.915584][ T1110] ata1: EH complete
[  582.033503][T15408] __nla_validate_parse: 4 callbacks suppressed
[  582.033515][T15408] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2623'.
[  582.813048][ T5963] usb 7-1: new high-speed USB device number 69 using dummy_hcd
[  583.143055][ T5963] usb 7-1: Using ep0 maxpacket: 16
[  583.148723][T15422] fuse: Bad value for 'fd'
[  583.158650][ T5963] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0xD has an invalid bInterval 0, changing to 7
[  583.165086][ T5963] usb 7-1: New USB device found, idVendor=4752, idProduct=0011, bcdDevice=32.4f
[  583.167850][ T5963] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  583.171416][ T5963] usb 7-1: Product: syz
[  583.172732][ T5963] usb 7-1: Manufacturer: syz
[  583.176502][ T5963] usb 7-1: SerialNumber: syz
[  583.182769][ T5963] usb 7-1: config 0 descriptor??
[  583.192168][ T5963] hub 7-1:0.0: bad descriptor, ignoring hub
[  583.198409][ T5963] hub 7-1:0.0: probe with driver hub failed with error -5
[  583.204858][ T5963] usb 7-1: Quirk or no altset; falling back to MIDI 1.0
[  583.231215][T15433] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(11)
[  583.233940][T15433] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  583.244324][T15433] vhci_hcd vhci_hcd.0: Device attached
[  583.317726][T15434] vhci_hcd: connection closed
[  583.319282][ T1141] vhci_hcd: stop threads
[  583.323793][ T1141] vhci_hcd: release socket
[  583.325575][ T1141] vhci_hcd: disconnect device
[  583.921714][T15444] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2633'.
[  584.253868][ T1110] ata1.00: Read log 0x10 page 0x00 failed, Emask 0x1
[  584.255937][ T1110] ata1: failed to read log page 10h (errno=-5)
[  584.258094][ T1110] ata1.00: exception Emask 0x1 SAct 0x200 SErr 0x0 action 0x0
[  584.260616][ T1110] ata1.00: irq_stat 0x40000000
[  584.262308][ T1110] ata1.00: failed command: WRITE FPDMA QUEUED
[  584.264767][ T1110] ata1.00: cmd 61/28:48:06:1a:10/00:00:00:00:00/40 tag 9 ncq dma 20480 out
[  584.264767][ T1110]          res 50/04:00:00:00:00/00:00:00:00:00/00 Emask 0x1 (device error)
[  584.271385][ T1110] ata1.00: status: { DRDY }
[  584.273364][ T1110] ata1.00: error: { ABRT }
[  584.276088][ T1110] ata1.00: configured for UDMA/100
[  584.278395][ T1110] ata1: EH complete
[  584.713169][T15457] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  584.729179][T15457] kvm: requested 164266 ns i8254 timer period limited to 200000 ns
[  584.733111][T15457] kvm: requested 12571 ns i8254 timer period limited to 200000 ns
[  584.739372][T15457] kvm: requested 12571 ns i8254 timer period limited to 200000 ns
[  584.742166][T15457] kvm: requested 85485 ns i8254 timer period limited to 200000 ns
[  584.745143][T15457] kvm: requested 93028 ns i8254 timer period limited to 200000 ns
[  584.747790][T15457] kvm: requested 7542 ns i8254 timer period limited to 200000 ns
[  584.750194][T15457] kvm: requested 10057 ns i8254 timer period limited to 200000 ns
[  584.753144][T15457] kvm: requested 155047 ns i8254 timer period limited to 200000 ns
[  584.755492][T15457] kvm: requested 160914 ns i8254 timer period limited to 200000 ns
[  584.819828][   T40] audit: type=1326 audit(2000000453.889:114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15449 comm="syz.3.2635" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f93579 code=0x7fc00000
[  585.142663][T15467] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2640'.
[  585.796242][ T2296] usb 7-1: USB disconnect, device number 69
[  585.955073][T15474] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2642'.
[  586.009610][T15477] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2643'.
[  586.013192][T15477] netlink: 44 bytes leftover after parsing attributes in process `syz.0.2643'.
[  587.207949][T15489] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2646'.
[  588.177325][   T40] audit: type=1326 audit(2000000457.249:115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15490 comm="syz.3.2647" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f93579 code=0x7fc00000
[  588.407021][T15504] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2651'.
[  589.392444][T15521] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2650'.
[  589.395418][T15521] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2650'.
[  589.440059][T15521] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2650'.
[  589.444018][T15521] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2650'.
[  589.573252][ T2296] Process accounting resumed
[  589.718479][T15521] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2650'.
[  589.725163][T15521] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2650'.
[  590.101434][   T40] audit: type=1326 audit(2000000459.169:116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15511 comm="syz.3.2654" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f93579 code=0x7fc00000
[  590.311855][T15541] binder: 15539:15541 ioctl c0306201 0 returned -14
[  591.345251][T15553] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2661'.
[  591.743917][T15561] afs: Unknown parameter 'K
'
[  591.911626][T15564] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2665'.
[  592.542623][T15582] FAULT_INJECTION: forcing a failure.
[  592.542623][T15582] name failslab, interval 1, probability 0, space 0, times 0
[  592.547065][T15582] CPU: 2 UID: 0 PID: 15582 Comm: syz.2.2672 Not tainted 6.16.0-rc4-syzkaller-00123-g4c06e63b9203 #0 PREEMPT(full) 
[  592.547080][T15582] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  592.547087][T15582] Call Trace:
[  592.547090][T15582]  <TASK>
[  592.547094][T15582]  dump_stack_lvl+0x16c/0x1f0
[  592.547114][T15582]  should_fail_ex+0x512/0x640
[  592.547130][T15582]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[  592.547148][T15582]  should_failslab+0xc2/0x120
[  592.547159][T15582]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  592.547175][T15582]  ? mas_alloc_nodes+0x18b/0x8b0
[  592.547191][T15582]  mas_alloc_nodes+0x18b/0x8b0
[  592.547207][T15582]  mas_node_count_gfp+0x105/0x130
[  592.547222][T15582]  mas_preallocate+0x7e0/0xde0
[  592.547235][T15582]  ? __pfx_mas_preallocate+0x10/0x10
[  592.547250][T15582]  ? rcu_read_unlock+0x17/0x60
[  592.547264][T15582]  vma_link+0x135/0x6a0
[  592.547281][T15582]  ? __pfx_vma_link+0x10/0x10
[  592.547300][T15582]  ? anon_vma_clone+0x405/0x5c0
[  592.547315][T15582]  ? anon_vma_name+0x75/0x100
[  592.547328][T15582]  copy_vma+0x6c2/0xaa0
[  592.547346][T15582]  ? __pfx_copy_vma+0x10/0x10
[  592.547378][T15582]  ? register_lock_class+0x41/0x4c0
[  592.547403][T15582]  copy_vma_and_data+0x1cf/0x750
[  592.547421][T15582]  ? __pfx_copy_vma_and_data+0x10/0x10
[  592.547440][T15582]  ? __vma_enter_locked+0x163/0x3f0
[  592.547456][T15582]  ? find_held_lock+0x2b/0x80
[  592.547467][T15582]  ? move_vma+0x536/0x1740
[  592.547485][T15582]  move_vma+0x548/0x1740
[  592.547503][T15582]  ? __pfx_move_vma+0x10/0x10
[  592.547517][T15582]  ? mm_get_unmapped_area+0x95/0xe0
[  592.547530][T15582]  ? shmem_get_unmapped_area+0x170/0xa00
[  592.547544][T15582]  ? cap_mmap_addr+0x4b/0x120
[  592.547554][T15582]  ? bpf_lsm_mmap_addr+0x9/0x10
[  592.547565][T15582]  ? security_mmap_addr+0x6c/0x1e0
[  592.547579][T15582]  ? __get_unmapped_area+0x267/0x440
[  592.547593][T15582]  ? vrm_set_new_addr+0x208/0x290
[  592.547609][T15582]  __do_sys_mremap+0xe07/0x1590
[  592.547627][T15582]  ? __pfx___do_sys_mremap+0x10/0x10
[  592.547643][T15582]  ? __mutex_unlock_slowpath+0x161/0x6a0
[  592.547661][T15582]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  592.547679][T15582]  ? __fget_files+0x20e/0x3c0
[  592.547692][T15582]  ? handle_mm_fault+0x2a0/0xd10
[  592.547713][T15582]  ? rcu_is_watching+0x12/0xc0
[  592.547727][T15582]  __do_fast_syscall_32+0x7c/0x3a0
[  592.547744][T15582]  do_fast_syscall_32+0x32/0x80
[  592.547765][T15582]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  592.547778][T15582] RIP: 0023:0xf7fb2579
[  592.547786][T15582] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  592.547797][T15582] RSP: 002b:00000000f50d655c EFLAGS: 00000296 ORIG_RAX: 00000000000000a3
[  592.547807][T15582] RAX: ffffffffffffffda RBX: 0000000080ffe000 RCX: 0000000000002000
[  592.547814][T15582] RDX: 0000000000002000 RSI: 0000000000000003 RDI: 00000000807fe000
[  592.547820][T15582] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  592.547825][T15582] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  592.547831][T15582] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  592.547844][T15582]  </TASK>
[  592.733082][   T40] audit: type=1326 audit(2000000461.799:117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15574 comm="syz.3.2670" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f93579 code=0x7fc00000
[  592.754469][T15588] netlink: 72 bytes leftover after parsing attributes in process `syz.2.2673'.
[  592.757481][T15593] netlink: 72 bytes leftover after parsing attributes in process `syz.2.2673'.
[  592.983165][ T1022] usb 8-1: new full-speed USB device number 57 using dummy_hcd
[  593.135138][ T1022] usb 8-1: config 0 interface 0 altsetting 4 endpoint 0x81 has invalid maxpacket 1024, setting to 64
[  593.138563][ T1022] usb 8-1: config 0 interface 0 altsetting 4 has 2 endpoint descriptors, different from the interface descriptor's value: 7
[  593.143181][ T1022] usb 8-1: config 0 interface 0 has no altsetting 0
[  593.145380][ T1022] usb 8-1: New USB device found, idVendor=047f, idProduct=c055, bcdDevice= 0.00
[  593.148172][ T1022] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  593.152289][ T1022] usb 8-1: config 0 descriptor??
[  593.154474][T15585] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  593.367759][T15585] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  593.371799][T15585] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  593.403515][ T1022] usbhid 8-1:0.0: can't add hid device: -71
[  593.405970][ T1022] usbhid 8-1:0.0: probe with driver usbhid failed with error -71
[  593.411013][ T1022] usb 8-1: USB disconnect, device number 57
[  593.853077][ T6026] usb 8-1: new high-speed USB device number 58 using dummy_hcd
[  594.015089][ T6026] usb 8-1: Using ep0 maxpacket: 32
[  594.019847][ T6026] usb 8-1: config 0 interface 0 altsetting 4 endpoint 0x2 has an invalid bInterval 129, changing to 11
[  594.023998][ T6026] usb 8-1: config 0 interface 0 altsetting 4 has 2 endpoint descriptors, different from the interface descriptor's value: 7
[  594.028045][ T6026] usb 8-1: config 0 interface 0 has no altsetting 0
[  594.030118][ T6026] usb 8-1: New USB device found, idVendor=047f, idProduct=c055, bcdDevice= 0.00
[  594.033349][ T6026] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  594.037291][ T6026] usb 8-1: config 0 descriptor??
[  594.045194][ T6026] hub 8-1:0.0: bad descriptor, ignoring hub
[  594.047170][ T6026] hub 8-1:0.0: probe with driver hub failed with error -5
[  594.263875][ T1110] ata1.00: Read log 0x10 page 0x00 failed, Emask 0x1
[  594.266758][ T1110] ata1: failed to read log page 10h (errno=-5)
[  594.269255][ T1110] ata1.00: NCQ disabled due to excessive errors
[  594.271239][ T1110] ata1.00: exception Emask 0x1 SAct 0x80000000 SErr 0x0 action 0x0
[  594.274253][ T1110] ata1.00: irq_stat 0x40000000
[  594.276927][ T1110] ata1.00: failed command: WRITE FPDMA QUEUED
[  594.279491][ T1110] ata1.00: cmd 61/30:f8:56:1a:10/00:00:00:00:00/40 tag 31 ncq dma 24576 out
[  594.279491][ T1110]          res 50/00:00:00:00:00/00:00:00:00:00/00 Emask 0x1 (device error)
[  594.286423][ T1110] ata1.00: status: { DRDY }
[  594.289272][ T1110] ata1.00: configured for UDMA/100
[  594.291715][ T1110] ata1: EH complete
[  594.512903][ T6026] plantronics 0003:047F:C055.0008: hiddev0,hidraw1: USB HID v0.00 Device [HID 047f:c055] on usb-dummy_hcd.3-1/input0
[  595.751129][   T40] audit: type=1326 audit(2000000464.819:118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15574 comm="syz.3.2670" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7f93579 code=0x7fc00000
[  595.873295][ T1022] usb 8-1: USB disconnect, device number 58
[  596.910838][ T5963] IPVS: starting estimator thread 0...
[  597.003683][T15650] IPVS: using max 44 ests per chain, 105600 per kthread
[  597.253805][ T1201] wlan1: Trigger new scan to find an IBSS to join
[  597.718055][   T40] audit: type=1326 audit(2000000466.789:119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15659 comm="syz.1.2690" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ee579 code=0x7fc00000
[  598.023175][   T24] usb 6-1: new full-speed USB device number 59 using dummy_hcd
[  598.178245][   T24] usb 6-1: config 0 interface 0 altsetting 4 endpoint 0x81 has invalid maxpacket 1024, setting to 64
[  598.182732][   T24] usb 6-1: config 0 interface 0 altsetting 4 has 2 endpoint descriptors, different from the interface descriptor's value: 7
[  598.188045][   T24] usb 6-1: config 0 interface 0 has no altsetting 0
[  598.190782][   T24] usb 6-1: New USB device found, idVendor=047f, idProduct=c055, bcdDevice= 0.00
[  598.197119][   T24] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  598.202500][   T24] usb 6-1: config 0 descriptor??
[  598.206917][T15666] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  598.418472][T15666] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  598.424527][T15666] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  598.439348][   T24] usbhid 6-1:0.0: can't add hid device: -71
[  598.440103][T15677] binder: 15676:15677 ioctl c018620c 80000100 returned -22
[  598.441273][   T24] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[  598.483953][   T24] usb 6-1: USB disconnect, device number 59
[  598.501584][T15680] FAULT_INJECTION: forcing a failure.
[  598.501584][T15680] name failslab, interval 1, probability 0, space 0, times 0
[  598.510901][T15680] CPU: 3 UID: 0 PID: 15680 Comm: syz.3.2695 Not tainted 6.16.0-rc4-syzkaller-00123-g4c06e63b9203 #0 PREEMPT(full) 
[  598.510926][T15680] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  598.510936][T15680] Call Trace:
[  598.510941][T15680]  <TASK>
[  598.510948][T15680]  dump_stack_lvl+0x16c/0x1f0
[  598.510976][T15680]  should_fail_ex+0x512/0x640
[  598.510998][T15680]  ? fs_reclaim_acquire+0xae/0x150
[  598.511017][T15680]  ? tomoyo_encode2+0x100/0x3e0
[  598.511042][T15680]  should_failslab+0xc2/0x120
[  598.511057][T15680]  __kmalloc_noprof+0xd2/0x510
[  598.511080][T15680]  ? d_absolute_path+0x136/0x1a0
[  598.511099][T15680]  tomoyo_encode2+0x100/0x3e0
[  598.511123][T15680]  tomoyo_encode+0x29/0x50
[  598.511145][T15680]  tomoyo_realpath_from_path+0x18f/0x6e0
[  598.511175][T15680]  tomoyo_path_number_perm+0x245/0x580
[  598.511194][T15680]  ? tomoyo_path_number_perm+0x237/0x580
[  598.511216][T15680]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  598.511260][T15680]  ? find_held_lock+0x2b/0x80
[  598.511279][T15680]  ? hook_file_ioctl_common+0x145/0x410
[  598.511304][T15680]  ? __fget_files+0x20e/0x3c0
[  598.511324][T15680]  ? __fput_deferred+0x440/0x480
[  598.511345][T15680]  security_file_ioctl_compat+0x9b/0x240
[  598.511367][T15680]  __ia32_compat_sys_ioctl+0xc3/0x370
[  598.511392][T15680]  __do_fast_syscall_32+0x7c/0x3a0
[  598.511417][T15680]  do_fast_syscall_32+0x32/0x80
[  598.511440][T15680]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  598.511458][T15680] RIP: 0023:0xf7f93579
[  598.511473][T15680] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  598.511487][T15680] RSP: 002b:00000000f50b655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  598.511501][T15680] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000c018620c
[  598.511509][T15680] RDX: 0000000080000100 RSI: 0000000000000000 RDI: 0000000000000000
[  598.511517][T15680] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  598.511524][T15680] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  598.511532][T15680] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  598.511550][T15680]  </TASK>
[  598.511564][T15680] ERROR: Out of memory at tomoyo_realpath_from_path.
[  598.586124][T15680] binder: 15679:15680 ioctl c018620c 80000100 returned -22
[  598.643692][T15683] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2689'.
[  598.652237][T15683] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2689'.
[  598.714283][T15685] binder: 15681:15685 ioctl c0306201 0 returned -14
[  598.716064][T15683] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2689'.
[  598.719245][T15683] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2689'.
[  598.873254][T15683] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2689'.
[  598.883047][T15683] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2689'.
[  598.934435][  T837] usb 6-1: new high-speed USB device number 60 using dummy_hcd
[  599.083090][  T837] usb 6-1: Using ep0 maxpacket: 32
[  599.089117][  T837] usb 6-1: config 0 interface 0 altsetting 4 endpoint 0x2 has an invalid bInterval 129, changing to 11
[  599.094294][  T837] usb 6-1: config 0 interface 0 altsetting 4 has 2 endpoint descriptors, different from the interface descriptor's value: 7
[  599.099009][  T837] usb 6-1: config 0 interface 0 has no altsetting 0
[  599.102011][  T837] usb 6-1: New USB device found, idVendor=047f, idProduct=c055, bcdDevice= 0.00
[  599.105383][  T837] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  599.113264][  T837] usb 6-1: config 0 descriptor??
[  599.121907][  T837] hub 6-1:0.0: bad descriptor, ignoring hub
[  599.130566][  T837] hub 6-1:0.0: probe with driver hub failed with error -5
[  599.335126][T15700] binder: 15699:15700 ioctl c0306201 80000540 returned -14
[  599.340418][    C3] sr 2:0:0:0: [sr0] tag#5 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s
[  599.343626][    C3] sr 2:0:0:0: [sr0] tag#5 CDB: ATA command pass through(16)
[  599.345889][    C3] sr 2:0:0:0: [sr0] tag#5 CDB[00]: 85 26 b6 2b fa d6 3a 5d ba 5e 98 e1 9f 27 80 c8
[  599.348787][    C3] sr 2:0:0:0: [sr0] tag#5 CDB[10]: 05
[  599.532701][T15705] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2699'.
[  599.535742][T15705] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2699'.
[  599.579143][T15705] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2699'.
[  599.582101][T15705] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2699'.
[  599.593720][ T5963] Process accounting resumed
[  600.428295][T15717] netlink: 'syz.3.2703': attribute type 6 has an invalid length.
[  600.536471][   T40] audit: type=1326 audit(2000000469.609:120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15659 comm="syz.1.2690" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf70ee579 code=0x7fc00000
[  600.553637][  T837] usbhid 6-1:0.0: can't add hid device: -71
[  600.559009][  T837] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[  600.583468][  T837] usb 6-1: USB disconnect, device number 60
[  600.638901][T15723] binder: 15721:15723 ioctl c0306201 0 returned -14
[  602.273255][ T1201] wlan1: Trigger new scan to find an IBSS to join
[  602.343219][ T1058] wlan1: Trigger new scan to find an IBSS to join
[  603.183840][ T1201] wlan1: Creating new IBSS network, BSSID 6e:66:56:b1:46:6c
[  603.787693][T15769] capability: warning: `syz.0.2716' uses deprecated v2 capabilities in a way that may be insecure
[  603.978180][   T40] audit: type=1326 audit(2000000473.049:121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15766 comm="syz.2.2715" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb2579 code=0x7fc00000
[  604.031059][T15786] FAULT_INJECTION: forcing a failure.
[  604.031059][T15786] name failslab, interval 1, probability 0, space 0, times 0
[  604.052029][   T40] audit: type=1326 audit(2000000473.119:122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15778 comm="syz.0.2720" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f63579 code=0x7fc00000
[  604.068846][T15786] CPU: 1 UID: 0 PID: 15786 Comm: syz.3.2717 Not tainted 6.16.0-rc4-syzkaller-00123-g4c06e63b9203 #0 PREEMPT(full) 
[  604.068873][T15786] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  604.068880][T15786] Call Trace:
[  604.068884][T15786]  <TASK>
[  604.068889][T15786]  dump_stack_lvl+0x16c/0x1f0
[  604.068909][T15786]  should_fail_ex+0x512/0x640
[  604.068925][T15786]  ? __kmalloc_cache_noprof+0x57/0x3e0
[  604.068941][T15786]  should_failslab+0xc2/0x120
[  604.068952][T15786]  __kmalloc_cache_noprof+0x6a/0x3e0
[  604.068970][T15786]  ? ceph_create_client+0x68/0x370
[  604.068985][T15786]  ceph_create_client+0x68/0x370
[  604.068997][T15786]  ceph_get_tree+0x1ac/0x1ec0
[  604.069011][T15786]  ? security_capable+0x7e/0x260
[  604.069023][T15786]  vfs_get_tree+0x8e/0x340
[  604.069036][T15786]  vfs_cmd_create+0xd7/0x2a0
[  604.069048][T15786]  __do_sys_fsconfig+0x7b8/0xbe0
[  604.069060][T15786]  ? __pfx___do_sys_fsconfig+0x10/0x10
[  604.069069][T15786]  ? fput+0x70/0xf0
[  604.069082][T15786]  ? rcu_is_watching+0x12/0xc0
[  604.069096][T15786]  __do_fast_syscall_32+0x7c/0x3a0
[  604.069114][T15786]  do_fast_syscall_32+0x32/0x80
[  604.069130][T15786]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  604.069143][T15786] RIP: 0023:0xf7f93579
[  604.069152][T15786] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  604.069162][T15786] RSP: 002b:00000000f507455c EFLAGS: 00000296 ORIG_RAX: 00000000000001af
[  604.069172][T15786] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 0000000000000006
[  604.069178][T15786] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  604.069184][T15786] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  604.069190][T15786] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  604.069196][T15786] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  604.069208][T15786]  </TASK>
[  604.214486][T12559] usb 7-1: new full-speed USB device number 70 using dummy_hcd
[  604.215805][T15786] tty tty1: ldisc open failed (-12), clearing slot 0
[  604.373920][T12559] usb 7-1: config 0 interface 0 altsetting 4 endpoint 0x81 has invalid maxpacket 1024, setting to 64
[  604.377295][T12559] usb 7-1: config 0 interface 0 altsetting 4 has 2 endpoint descriptors, different from the interface descriptor's value: 7
[  604.381474][T12559] usb 7-1: config 0 interface 0 has no altsetting 0
[  604.393008][T12559] usb 7-1: New USB device found, idVendor=047f, idProduct=c055, bcdDevice= 0.00
[  604.395793][T12559] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  604.399352][T12559] usb 7-1: config 0 descriptor??
[  604.401419][T15783] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  604.608600][T15781] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  604.612441][T15781] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  604.620631][T12559] usbhid 7-1:0.0: can't add hid device: -71
[  604.622562][T12559] usbhid 7-1:0.0: probe with driver usbhid failed with error -71
[  604.631625][T12559] usb 7-1: USB disconnect, device number 70
[  604.733093][   T40] audit: type=1326 audit(2000000473.799:123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15778 comm="syz.0.2720" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7f63579 code=0x7fc00000
[  604.758470][T15799] __nla_validate_parse: 2 callbacks suppressed
[  604.758482][T15799] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2723'.
[  604.794062][T15802] 9pnet_fd: p9_fd_create_tcp (15802): problem connecting socket to 127.0.0.1
[  605.101237][  T837] usb 7-1: new high-speed USB device number 71 using dummy_hcd
[  605.283043][  T837] usb 7-1: Using ep0 maxpacket: 32
[  605.286509][  T837] usb 7-1: config 0 interface 0 altsetting 4 endpoint 0x2 has an invalid bInterval 129, changing to 11
[  605.296502][  T837] usb 7-1: config 0 interface 0 altsetting 4 has 2 endpoint descriptors, different from the interface descriptor's value: 7
[  605.303182][   T92] wlan1: Trigger new scan to find an IBSS to join
[  605.306599][  T837] usb 7-1: config 0 interface 0 has no altsetting 0
[  605.324993][  T837] usb 7-1: New USB device found, idVendor=047f, idProduct=c055, bcdDevice= 0.00
[  605.363485][  T837] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  605.379112][  T837] usb 7-1: config 0 descriptor??
[  605.390500][  T837] hub 7-1:0.0: bad descriptor, ignoring hub
[  605.398460][  T837] hub 7-1:0.0: probe with driver hub failed with error -5
[  605.864033][T15816] FAULT_INJECTION: forcing a failure.
[  605.864033][T15816] name failslab, interval 1, probability 0, space 0, times 0
[  605.868803][T15816] CPU: 3 UID: 0 PID: 15816 Comm: syz.3.2727 Not tainted 6.16.0-rc4-syzkaller-00123-g4c06e63b9203 #0 PREEMPT(full) 
[  605.868825][T15816] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  605.868833][T15816] Call Trace:
[  605.868840][T15816]  <TASK>
[  605.868846][T15816]  dump_stack_lvl+0x16c/0x1f0
[  605.868872][T15816]  should_fail_ex+0x512/0x640
[  605.868898][T15816]  ? __kmalloc_cache_noprof+0x57/0x3e0
[  605.868923][T15816]  should_failslab+0xc2/0x120
[  605.868940][T15816]  __kmalloc_cache_noprof+0x6a/0x3e0
[  605.868956][T15816]  ? ip6_setup_cork+0x223/0x1530
[  605.868970][T15816]  ip6_setup_cork+0x223/0x1530
[  605.868990][T15816]  ip6_append_data+0x255/0x4c0
[  605.869001][T15816]  ? __pfx_raw6_getfrag+0x10/0x10
[  605.869014][T15816]  rawv6_sendmsg+0x1642/0x47a0
[  605.869025][T15816]  ? trace_mm_page_alloc+0x11f/0x1a0
[  605.869043][T15816]  ? __pfx_rawv6_sendmsg+0x10/0x10
[  605.869053][T15816]  ? unwind_get_return_address+0x59/0xa0
[  605.869073][T15816]  ? __lock_acquire+0x622/0x1c90
[  605.869095][T15816]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  605.869116][T15816]  ? __pfx_aa_sk_perm+0x10/0x10
[  605.869130][T15816]  ? __pfx_rawv6_sendmsg+0x10/0x10
[  605.869141][T15816]  ? inet_sendmsg+0x11c/0x140
[  605.869155][T15816]  inet_sendmsg+0x11c/0x140
[  605.869169][T15816]  sock_write_iter+0x4aa/0x5b0
[  605.869183][T15816]  ? __pfx_sock_write_iter+0x10/0x10
[  605.869199][T15816]  ? bpf_lsm_file_permission+0x9/0x10
[  605.869211][T15816]  ? security_file_permission+0x71/0x210
[  605.869226][T15816]  ? rw_verify_area+0xcf/0x680
[  605.869241][T15816]  vfs_write+0x6c4/0x1150
[  605.869257][T15816]  ? __pfx_sock_write_iter+0x10/0x10
[  605.869269][T15816]  ? __pfx_vfs_write+0x10/0x10
[  605.869283][T15816]  ? find_held_lock+0x2b/0x80
[  605.869302][T15816]  ksys_write+0x1f8/0x250
[  605.869317][T15816]  ? __pfx_ksys_write+0x10/0x10
[  605.869333][T15816]  ? rcu_is_watching+0x12/0xc0
[  605.869347][T15816]  __do_fast_syscall_32+0x7c/0x3a0
[  605.869364][T15816]  do_fast_syscall_32+0x32/0x80
[  605.869380][T15816]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  605.869394][T15816] RIP: 0023:0xf7f93579
[  605.869402][T15816] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  605.869412][T15816] RSP: 002b:00000000f50b655c EFLAGS: 00000296 ORIG_RAX: 0000000000000004
[  605.869422][T15816] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800000c0
[  605.869428][T15816] RDX: 00000000000005ac RSI: 0000000000000000 RDI: 0000000000000000
[  605.869434][T15816] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  605.869440][T15816] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  605.869462][T15816] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  605.869476][T15816]  </TASK>
[  606.388796][ T2296] Process accounting resumed
[  606.775414][T15831] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2732'.
[  606.778379][T15831] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2732'.
[  606.801220][T15831] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2732'.
[  606.804405][T15831] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2732'.
[  606.805106][   T40] audit: type=1326 audit(2000000475.879:124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15766 comm="syz.2.2715" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7fb2579 code=0x7fc00000
[  606.833552][ T2296] Process accounting resumed
[  606.837077][  T837] usbhid 7-1:0.0: can't add hid device: -71
[  606.839030][  T837] usbhid 7-1:0.0: probe with driver usbhid failed with error -71
[  606.864943][  T837] usb 7-1: USB disconnect, device number 71
[  606.993708][T15831] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2732'.
[  606.996541][T15831] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2732'.
[  607.266256][T15846] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2735'.
[  607.985701][T15854] binder: 15853:15854 ioctl c0306201 0 returned -14
[  608.273452][ T1058] wlan1: Trigger new scan to find an IBSS to join
[  608.276781][   T92] wlan1: Trigger new scan to find an IBSS to join
[  609.258892][ T1141] wlan1: Creating new IBSS network, BSSID 1e:c1:a2:20:35:a1
[  609.299714][T15898] binder: 15896:15898 ioctl c0306201 0 returned -14
[  609.931809][T15906] binder: 15905:15906 ioctl c0306201 0 returned -14
[  610.794986][T15919] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2755'.
[  612.634922][T15950] binder: 15949:15950 ioctl c0306201 0 returned -14
[  612.703165][   T55] usb 8-1: new high-speed USB device number 59 using dummy_hcd
[  612.852837][T15956] net veth1_virt_wifi 
€Â: renamed from virt_wifi0
[  612.863686][   T55] usb 8-1: Using ep0 maxpacket: 32
[  612.870405][   T55] usb 8-1: config 0 has an invalid interface number: 85 but max is 0
[  612.873428][   T55] usb 8-1: config 0 has no interface number 0
[  612.876164][   T55] usb 8-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  612.880744][   T55] usb 8-1: config 0 interface 85 has no altsetting 0
[  612.885120][T15956] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2766'.
[  612.886377][   T55] usb 8-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72
[  612.891801][   T55] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  612.894935][   T55] usb 8-1: Product: syz
[  612.896921][   T55] usb 8-1: Manufacturer: syz
[  612.898747][   T55] usb 8-1: SerialNumber: syz
[  612.908255][   T55] usb 8-1: config 0 descriptor??
[  612.979771][T15958] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2767'.
[  613.215580][T15968] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2768'.
[  613.223207][ T1058] wlan1: Trigger new scan to find an IBSS to join
[  614.134318][   T92] wlan1: Creating new IBSS network, BSSID 9e:84:52:35:4e:6a
[  615.500295][   T55] appletouch 8-1:0.85: Failed to read mode from device.
[  615.515116][   T55] appletouch 8-1:0.85: probe with driver appletouch failed with error -5
[  615.521704][   T55] usb 8-1: USB disconnect, device number 59
[  615.848272][T16008] binder: 16007:16008 ioctl c0306201 0 returned -14
[  615.883196][T12559] usb 7-1: new high-speed USB device number 72 using dummy_hcd
[  616.053011][T12559] usb 7-1: Using ep0 maxpacket: 8
[  616.055934][T12559] usb 7-1: config 0 has no interfaces?
[  616.057674][T12559] usb 7-1: New USB device found, idVendor=0853, idProduct=0146, bcdDevice= 0.00
[  616.060454][T12559] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  616.065253][T12559] usb 7-1: config 0 descriptor??
[  616.182653][T16013] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2780'.
[  616.567115][  T837] usb 7-1: USB disconnect, device number 72
[  616.789339][ T1058] Bluetooth: hci3: Frame reassembly failed (-84)
[  617.139923][T16027] sctp: [Deprecated]: syz.0.2784 (pid 16027) Use of struct sctp_assoc_value in delayed_ack socket option.
[  617.139923][T16027] Use struct sctp_sack_info instead
[  617.150526][T16027] wlaf0: renamed from batadv_slave_1 (while UP)
[  617.153076][  T837] usb 7-1: new high-speed USB device number 73 using dummy_hcd
[  617.159646][T16027] batman_adv: batadv0: Interface deactivated: wlaf0
[  617.164225][T16027] wlaf0: entered allmulticast mode
[  617.283175][  T837] usb 7-1: device descriptor read/64, error -71
[  617.533191][  T837] usb 7-1: new high-speed USB device number 74 using dummy_hcd
[  617.663038][  T837] usb 7-1: device descriptor read/64, error -71
[  617.774559][  T837] usb usb7-port1: attempt power cycle
[  618.152096][  T837] usb 7-1: new high-speed USB device number 75 using dummy_hcd
[  618.173643][  T837] usb 7-1: device descriptor read/8, error -71
[  618.423085][  T837] usb 7-1: new high-speed USB device number 76 using dummy_hcd
[  618.443612][  T837] usb 7-1: device descriptor read/8, error -71
[  618.554232][  T837] usb usb7-port1: unable to enumerate USB device
[  618.663176][    C0] ip6_tunnel: ip6gretap2 xmit: Local address not yet configured!
[  618.673150][T12559] usb 8-1: new full-speed USB device number 60 using dummy_hcd
[  618.823154][T16020] Bluetooth: hci3: command 0x1003 tx timeout
[  618.823372][ T5968] Bluetooth: hci3: Opcode 0x1003 failed: -110
[  618.832290][T12559] usb 8-1: config 0 interface 0 altsetting 4 endpoint 0x81 has invalid maxpacket 1024, setting to 64
[  618.836741][T12559] usb 8-1: config 0 interface 0 altsetting 4 endpoint 0x3 has invalid wMaxPacketSize 0
[  618.840543][T12559] usb 8-1: config 0 interface 0 altsetting 4 has 2 endpoint descriptors, different from the interface descriptor's value: 7
[  618.846719][T12559] usb 8-1: config 0 interface 0 has no altsetting 0
[  618.849340][T12559] usb 8-1: New USB device found, idVendor=047f, idProduct=c055, bcdDevice= 0.00
[  618.855521][T12559] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  618.860659][T12559] usb 8-1: config 0 descriptor??
[  618.865667][T16046] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  618.891430][T16048] mkiss: ax0: crc mode is auto.
[  619.010106][T16053] binder: 16052:16053 ioctl c0306201 0 returned -14
[  619.072861][T16046] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  619.076085][T16046] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  619.088218][T12559] usbhid 8-1:0.0: can't add hid device: -71
[  619.090259][T12559] usbhid 8-1:0.0: probe with driver usbhid failed with error -71
[  619.096336][T12559] usb 8-1: USB disconnect, device number 60
[  619.169545][T16056] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2792'.
[  619.543093][T12559] usb 8-1: new high-speed USB device number 61 using dummy_hcd
[  619.693121][T12559] usb 8-1: Using ep0 maxpacket: 32
[  619.697275][T12559] usb 8-1: config 0 interface 0 altsetting 4 endpoint 0x3 has invalid wMaxPacketSize 0
[  619.701291][T12559] usb 8-1: config 0 interface 0 altsetting 4 has 2 endpoint descriptors, different from the interface descriptor's value: 7
[  619.706612][T12559] usb 8-1: config 0 interface 0 has no altsetting 0
[  619.709288][T12559] usb 8-1: New USB device found, idVendor=047f, idProduct=c055, bcdDevice= 0.00
[  619.713513][T12559] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  619.717110][T12559] usb 8-1: config 0 descriptor??
[  619.722306][T12559] hub 8-1:0.0: bad descriptor, ignoring hub
[  619.724320][T12559] hub 8-1:0.0: probe with driver hub failed with error -5
[  620.132358][T12559] plantronics 0003:047F:C055.0009: unknown main item tag 0x0
[  620.140286][T12559] plantronics 0003:047F:C055.0009: unknown main item tag 0x0
[  620.142590][T12559] plantronics 0003:047F:C055.0009: unknown main item tag 0x0
[  620.144985][T12559] plantronics 0003:047F:C055.0009: unknown main item tag 0x0
[  620.147265][T12559] plantronics 0003:047F:C055.0009: unknown main item tag 0x0
[  620.153301][T12559] plantronics 0003:047F:C055.0009: hiddev0,hidraw1: USB HID v0.00 Device [HID 047f:c055] on usb-dummy_hcd.3-1/input0
[  620.216771][   T40] audit: type=1326 audit(2000000489.289:125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16063 comm="syz.2.2795" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb2579 code=0x7fc00000
[  620.448498][ T6026] Process accounting resumed
[  620.453298][T12559] usb 7-1: new full-speed USB device number 77 using dummy_hcd
[  620.493294][   T55] usb 8-1: USB disconnect, device number 61
[  620.615245][T12559] usb 7-1: config 0 interface 0 altsetting 4 endpoint 0x81 has invalid maxpacket 1024, setting to 64
[  620.618640][T12559] usb 7-1: config 0 interface 0 altsetting 4 has 2 endpoint descriptors, different from the interface descriptor's value: 7
[  620.622600][T12559] usb 7-1: config 0 interface 0 has no altsetting 0
[  620.624752][T12559] usb 7-1: New USB device found, idVendor=047f, idProduct=c055, bcdDevice= 0.00
[  620.627558][T12559] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  620.631269][T12559] usb 7-1: config 0 descriptor??
[  620.633358][T16072] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  620.839387][T16071] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  620.844773][T16071] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  620.853832][T12559] usbhid 7-1:0.0: can't add hid device: -71
[  620.855848][T12559] usbhid 7-1:0.0: probe with driver usbhid failed with error -71
[  620.862759][T12559] usb 7-1: USB disconnect, device number 77
[  621.052700][   T13] wlan1: Selected IBSS BSSID 9e:84:52:35:4e:6a based on configured SSID
[  622.063979][   T29] Process accounting resumed
[  622.945109][T16110] Driver unsupported XDP return value 0 on prog  (id 467) dev N/A, expect packet loss!
[  622.958062][   T40] audit: type=1326 audit(2000000492.029:126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16063 comm="syz.2.2795" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7fb2579 code=0x7fc00000
[  623.106966][   T29] usb 6-1: new high-speed USB device number 61 using dummy_hcd
[  623.233107][   T29] usb 6-1: device descriptor read/64, error -71
[  623.475720][   T29] usb 6-1: new high-speed USB device number 62 using dummy_hcd
[  623.693173][   T29] usb 6-1: device descriptor read/64, error -71
[  623.786380][ T1420] ieee802154 phy1 wpan1: encryption failed: -22
[  623.813549][   T29] usb usb6-port1: attempt power cycle
[  623.828808][   T40] audit: type=1326 audit(2000000492.899:127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16122 comm="syz.0.2808" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f63579 code=0x7ffc0000
[  623.841790][   T40] audit: type=1326 audit(2000000492.909:128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16122 comm="syz.0.2808" exe="/syz-executor" sig=0 arch=40000003 syscall=351 compat=1 ip=0xf7f63579 code=0x7ffc0000
[  623.848396][   T40] audit: type=1326 audit(2000000492.909:129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16122 comm="syz.0.2808" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f63579 code=0x7ffc0000
[  623.863856][   T40] audit: type=1326 audit(2000000492.909:130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16122 comm="syz.0.2808" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f63579 code=0x7ffc0000
[  623.877898][   T40] audit: type=1326 audit(2000000492.909:131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16122 comm="syz.0.2808" exe="/syz-executor" sig=0 arch=40000003 syscall=4 compat=1 ip=0xf7f63579 code=0x7ffc0000
[  623.896179][   T40] audit: type=1326 audit(2000000492.909:132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16122 comm="syz.0.2808" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f63579 code=0x7ffc0000
[  623.912424][   T40] audit: type=1326 audit(2000000492.909:133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16122 comm="syz.0.2808" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f63579 code=0x7ffc0000
[  623.925021][   T40] audit: type=1326 audit(2000000492.909:134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16122 comm="syz.0.2808" exe="/syz-executor" sig=0 arch=40000003 syscall=4 compat=1 ip=0xf7f63579 code=0x7ffc0000
[  623.936307][T16125] pim6reg: entered allmulticast mode
[  624.273141][   T29] usb 6-1: new high-speed USB device number 63 using dummy_hcd
[  624.303453][   T29] usb 6-1: device descriptor read/8, error -71
[  624.553125][   T29] usb 6-1: new high-speed USB device number 64 using dummy_hcd
[  624.563463][T16122] pim6reg: left allmulticast mode
[  624.573517][   T29] usb 6-1: device descriptor read/8, error -71
[  624.733247][   T29] usb usb6-port1: unable to enumerate USB device
[  625.766171][T16142] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2813'.
[  625.864023][T16020] Bluetooth: hci4: command 0x0406 tx timeout
[  625.901595][T16148] binder: 16146:16148 ioctl c0306201 0 returned -14
[  626.008227][T16152] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2812'.
[  626.011248][T16152] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2812'.
[  626.033558][T16152] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2812'.
[  626.036363][T16152] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2812'.
[  626.067420][   T29] Process accounting resumed
[  626.082149][T16152] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2812'.
[  626.085063][T16152] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2812'.
[  626.123227][   T40] kauditd_printk_skb: 41 callbacks suppressed
[  626.123243][   T40] audit: type=1326 audit(2000000495.199:176): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16144 comm="syz.1.2814" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ee579 code=0x7fc00000
[  626.383077][ T1022] usb 6-1: new full-speed USB device number 65 using dummy_hcd
[  626.554686][ T1022] usb 6-1: config 0 interface 0 altsetting 4 endpoint 0x81 has invalid maxpacket 1024, setting to 64
[  626.558142][ T1022] usb 6-1: config 0 interface 0 altsetting 4 has 2 endpoint descriptors, different from the interface descriptor's value: 7
[  626.562127][ T1022] usb 6-1: config 0 interface 0 has no altsetting 0
[  626.564448][ T1022] usb 6-1: New USB device found, idVendor=047f, idProduct=c055, bcdDevice= 0.00
[  626.568148][ T1022] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  626.573965][ T1022] usb 6-1: config 0 descriptor??
[  626.576774][T16150] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  626.688573][T16161] lo speed is unknown, defaulting to 1000
[  626.783728][T16150] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  626.789743][T16150] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  626.795821][ T1022] usbhid 6-1:0.0: can't add hid device: -71
[  626.797701][ T1022] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[  626.809449][ T1022] usb 6-1: USB disconnect, device number 65
[  626.892003][T16171] input: syz0 as /devices/virtual/input/input15
[  627.012451][   T61] wlan1: Selected IBSS BSSID 1e:c1:a2:20:35:a1 based on configured SSID
[  627.503178][   T55] usb 8-1: new high-speed USB device number 62 using dummy_hcd
[  627.636192][   T55] usb 8-1: device descriptor read/64, error -71
[  627.873166][   T55] usb 8-1: new high-speed USB device number 63 using dummy_hcd
[  628.023091][   T55] usb 8-1: device descriptor read/64, error -71
[  628.136975][   T55] usb usb8-port1: attempt power cycle
[  628.503104][   T55] usb 8-1: new high-speed USB device number 64 using dummy_hcd
[  628.523448][   T55] usb 8-1: device descriptor read/8, error -71
[  628.763076][   T55] usb 8-1: new high-speed USB device number 65 using dummy_hcd
[  628.784620][   T55] usb 8-1: device descriptor read/8, error -71
[  628.844996][   T40] audit: type=1326 audit(2000000497.919:177): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16144 comm="syz.1.2814" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf70ee579 code=0x7fc00000
[  628.904274][   T55] usb usb8-port1: unable to enumerate USB device
[  629.254206][T16203] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2827'.
[  629.339313][T16205] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2825'.
[  629.383203][T16205] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2825'.
[  629.645163][T12559] Process accounting resumed
[  631.225194][T16238] binder: 16236:16238 ioctl c0306201 0 returned -14
[  631.706683][T16248] FAULT_INJECTION: forcing a failure.
[  631.706683][T16248] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  631.710724][T16248] CPU: 0 UID: 0 PID: 16248 Comm: syz.0.2838 Not tainted 6.16.0-rc4-syzkaller-00123-g4c06e63b9203 #0 PREEMPT(full) 
[  631.710750][T16248] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  631.710757][T16248] Call Trace:
[  631.710762][T16248]  <TASK>
[  631.710766][T16248]  dump_stack_lvl+0x16c/0x1f0
[  631.710785][T16248]  should_fail_ex+0x512/0x640
[  631.710803][T16248]  _copy_from_user+0x2e/0xd0
[  631.710814][T16248]  get_compat_msghdr+0xa7/0x170
[  631.710831][T16248]  ? __pfx_get_compat_msghdr+0x10/0x10
[  631.710853][T16248]  ___sys_sendmsg+0x1ae/0x1d0
[  631.710869][T16248]  ? __pfx____sys_sendmsg+0x10/0x10
[  631.710891][T16248]  ? find_held_lock+0x2b/0x80
[  631.710912][T16248]  __sys_sendmsg+0x16d/0x220
[  631.710927][T16248]  ? __pfx___sys_sendmsg+0x10/0x10
[  631.710949][T16248]  ? rcu_is_watching+0x12/0xc0
[  631.710962][T16248]  __do_fast_syscall_32+0x7c/0x3a0
[  631.710980][T16248]  do_fast_syscall_32+0x32/0x80
[  631.710996][T16248]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  631.711009][T16248] RIP: 0023:0xf7f63579
[  631.711017][T16248] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  631.711028][T16248] RSP: 002b:00000000f508655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  631.711038][T16248] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000000
[  631.711044][T16248] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  631.711049][T16248] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  631.711055][T16248] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  631.711061][T16248] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  631.711073][T16248]  </TASK>
[  631.823571][T16250] __nla_validate_parse: 5 callbacks suppressed
[  631.823636][T16250] netlink: 32 bytes leftover after parsing attributes in process `syz.3.2836'.
[  631.828409][T16250] netlink: 32 bytes leftover after parsing attributes in process `syz.3.2836'.
[  631.849354][T16252] binder: 16251:16252 ioctl c0306201 0 returned -14
[  631.877053][ T5963] Process accounting resumed
[  631.908933][T16250] netlink: 32 bytes leftover after parsing attributes in process `syz.3.2836'.
[  631.915514][T16250] netlink: 32 bytes leftover after parsing attributes in process `syz.3.2836'.
[  632.004265][T16250] netlink: 32 bytes leftover after parsing attributes in process `syz.3.2836'.
[  632.007403][T16250] netlink: 32 bytes leftover after parsing attributes in process `syz.3.2836'.
[  632.291518][ T5963] libceph: connect (1)[c::]:6789 error -101
[  632.293638][ T5963] libceph: mon0 (1)[c::]:6789 connect error
[  632.329299][T16266] ceph: No mds server is up or the cluster is laggy
[  632.902787][T16288] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(10)
[  632.904895][T16288] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  632.907622][T16288] vhci_hcd vhci_hcd.0: Device attached
[  632.987625][T16289] vhci_hcd: connection closed
[  632.988882][   T12] vhci_hcd: stop threads
[  632.998971][   T12] vhci_hcd: release socket
[  633.007025][   T12] vhci_hcd: disconnect device
[  633.021019][T16288] tipc: Started in network mode
[  633.022615][T16288] tipc: Node identity 4, cluster identity 4711
[  633.024774][T16288] tipc: Node number set to 4
[  633.052031][T16292] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2844'.
[  633.188946][   T61] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  633.932162][T16302] input: syz0 as /devices/virtual/input/input16
[  633.946569][T16303] binder: 16294:16303 ioctl c0306201 0 returned -14
[  636.177733][T16340] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2858'.
[  637.235981][T16351] netlink: 'syz.3.2862': attribute type 1 has an invalid length.
[  637.307479][T16351] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2862'.
[  637.310146][T16351] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2862'.
[  637.351754][T16351] veth3: entered promiscuous mode
[  637.461532][T16356] input: syz1 as /devices/virtual/input/input17
[  637.795758][T16368] netlink: 5364 bytes leftover after parsing attributes in process `syz.1.2866'.
[  637.978625][T16376] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2869'.
[  637.983861][T16376] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2869'.
[  638.106695][T16382] Bluetooth: MGMT ver 1.23
[  638.333128][    T9] usb 7-1: new high-speed USB device number 78 using dummy_hcd
[  638.507954][    T9] usb 7-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[  638.511333][    T9] usb 7-1: config 27 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  638.518307][    T9] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  638.526677][    T9] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  639.398595][    T9] usb 7-1: Quirk or no altset; falling back to MIDI 1.0
[  639.459699][    T9] snd-usb-audio 7-1:27.0: probe with driver snd-usb-audio failed with error -2
[  640.659608][T16409] netlink: 5364 bytes leftover after parsing attributes in process `syz.3.2877'.
[  640.771586][T16411] 8021q: VLANs not supported on vcan0
[  640.860476][T16415] FAULT_INJECTION: forcing a failure.
[  640.860476][T16415] name failslab, interval 1, probability 0, space 0, times 0
[  640.864787][T16415] CPU: 3 UID: 0 PID: 16415 Comm: syz.0.2879 Not tainted 6.16.0-rc4-syzkaller-00123-g4c06e63b9203 #0 PREEMPT(full) 
[  640.864825][T16415] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  640.864836][T16415] Call Trace:
[  640.864842][T16415]  <TASK>
[  640.864848][T16415]  dump_stack_lvl+0x16c/0x1f0
[  640.864868][T16415]  should_fail_ex+0x512/0x640
[  640.864884][T16415]  ? fs_reclaim_acquire+0xae/0x150
[  640.864898][T16415]  ? tomoyo_encode2+0x100/0x3e0
[  640.864913][T16415]  should_failslab+0xc2/0x120
[  640.864924][T16415]  __kmalloc_noprof+0xd2/0x510
[  640.864940][T16415]  ? d_absolute_path+0x136/0x1a0
[  640.864954][T16415]  tomoyo_encode2+0x100/0x3e0
[  640.864970][T16415]  tomoyo_encode+0x29/0x50
[  640.864984][T16415]  tomoyo_realpath_from_path+0x18f/0x6e0
[  640.865003][T16415]  tomoyo_path_number_perm+0x245/0x580
[  640.865015][T16415]  ? tomoyo_path_number_perm+0x237/0x580
[  640.865029][T16415]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  640.865057][T16415]  ? find_held_lock+0x2b/0x80
[  640.865068][T16415]  ? hook_file_ioctl_common+0x145/0x410
[  640.865083][T16415]  ? __fget_files+0x20e/0x3c0
[  640.865097][T16415]  ? __fput_deferred+0x440/0x480
[  640.865110][T16415]  security_file_ioctl_compat+0x9b/0x240
[  640.865145][T16415]  __ia32_compat_sys_ioctl+0xc3/0x370
[  640.865166][T16415]  __do_fast_syscall_32+0x7c/0x3a0
[  640.865185][T16415]  do_fast_syscall_32+0x32/0x80
[  640.865201][T16415]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  640.865214][T16415] RIP: 0023:0xf7f63579
[  640.865223][T16415] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  640.865234][T16415] RSP: 002b:00000000f508655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  640.865244][T16415] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c02c640e
[  640.865250][T16415] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  640.865256][T16415] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  640.865261][T16415] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  640.865267][T16415] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  640.865280][T16415]  </TASK>
[  640.865318][T16415] ERROR: Out of memory at tomoyo_realpath_from_path.
[  640.934332][    T9] usb 7-1: USB disconnect, device number 78
[  641.550252][T16429] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(11)
[  641.552389][T16429] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  641.555719][T16429] vhci_hcd vhci_hcd.0: Device attached
[  641.621179][T16430] vhci_hcd: connection closed
[  641.621286][   T13] vhci_hcd: stop threads
[  641.625781][   T13] vhci_hcd: release socket
[  641.627541][   T13] vhci_hcd: disconnect device
[  642.031101][T16442] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2885'.
[  642.043582][T16442] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2885'.
[  642.065286][T16442] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2885'.
[  642.068171][T16442] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2885'.
[  642.093989][   T29] Process accounting resumed
[  642.737151][   T40] audit: type=1800 audit(2000000511.809:178): pid=16458 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=set_data cause=unavailable-hash-algorithm comm="syz.1.2889" name="/" dev="sockfs" ino=84853 res=0 errno=0
[  642.939204][T16467] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  644.109948][T16489] binder: 16487:16489 ioctl 4008ae73 80000000 returned -22
[  644.655631][T16500] __nla_validate_parse: 2 callbacks suppressed
[  644.655643][T16500] netlink: 32 bytes leftover after parsing attributes in process `syz.3.2900'.
[  644.824606][T16511] binder: 16510:16511 ioctl c0306201 0 returned -14
[  645.813785][   T40] audit: type=1804 audit(2000000514.889:179): pid=16536 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.2908" name="/newroot/128/bus/bus" dev="overlay" ino=707 res=1 errno=0
[  645.828160][   T40] audit: type=1804 audit(2000000514.899:180): pid=16536 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.2908" name="/newroot/128/bus/bus" dev="overlay" ino=707 res=1 errno=0
[  646.079259][T16535] hub 2-0:1.0: USB hub found
[  646.080924][T16535] hub 2-0:1.0: 2 ports detected
[  646.177788][T16541] loop6: detected capacity change from 0 to 524287999
[  646.355236][ T5968] Bluetooth: hci2: command 0x0406 tx timeout
[  646.478444][T16551] binder: 16550:16551 ioctl c0306201 0 returned -14
[  647.560263][T16576] FAULT_INJECTION: forcing a failure.
[  647.560263][T16576] name failslab, interval 1, probability 0, space 0, times 0
[  647.560388][T16576] CPU: 1 UID: 0 PID: 16576 Comm: syz.0.2924 Not tainted 6.16.0-rc4-syzkaller-00123-g4c06e63b9203 #0 PREEMPT(full) 
[  647.560414][T16576] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  647.560421][T16576] Call Trace:
[  647.560425][T16576]  <TASK>
[  647.560429][T16576]  dump_stack_lvl+0x16c/0x1f0
[  647.560448][T16576]  should_fail_ex+0x512/0x640
[  647.560464][T16576]  ? fs_reclaim_acquire+0xae/0x150
[  647.560478][T16576]  ? tomoyo_encode2+0x100/0x3e0
[  647.560493][T16576]  should_failslab+0xc2/0x120
[  647.560503][T16576]  __kmalloc_noprof+0xd2/0x510
[  647.560519][T16576]  ? d_absolute_path+0x136/0x1a0
[  647.560533][T16576]  tomoyo_encode2+0x100/0x3e0
[  647.560550][T16576]  tomoyo_encode+0x29/0x50
[  647.560563][T16576]  tomoyo_realpath_from_path+0x18f/0x6e0
[  647.560582][T16576]  tomoyo_path_number_perm+0x245/0x580
[  647.560594][T16576]  ? tomoyo_path_number_perm+0x237/0x580
[  647.560608][T16576]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  647.560637][T16576]  ? find_held_lock+0x2b/0x80
[  647.560649][T16576]  ? hook_file_ioctl_common+0x145/0x410
[  647.560664][T16576]  ? __fget_files+0x20e/0x3c0
[  647.560678][T16576]  ? __fput_deferred+0x440/0x480
[  647.560691][T16576]  security_file_ioctl_compat+0x9b/0x240
[  647.560706][T16576]  __ia32_compat_sys_ioctl+0xc3/0x370
[  647.560720][T16576]  __do_fast_syscall_32+0x7c/0x3a0
[  647.560738][T16576]  do_fast_syscall_32+0x32/0x80
[  647.560754][T16576]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  647.560768][T16576] RIP: 0023:0xf7f63579
[  647.560776][T16576] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  647.560786][T16576] RSP: 002b:00000000f508655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  647.560796][T16576] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000004b72
[  647.560802][T16576] RDX: 0000000080000000 RSI: 0000000000000000 RDI: 0000000000000000
[  647.560808][T16576] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  647.560814][T16576] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  647.560820][T16576] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  647.560832][T16576]  </TASK>
[  647.566394][T16576] ERROR: Out of memory at tomoyo_realpath_from_path.
[  648.173272][T16590] loop6: detected capacity change from 0 to 524287999
[  648.442718][T16592] FAULT_INJECTION: forcing a failure.
[  648.442718][T16592] name failslab, interval 1, probability 0, space 0, times 0
[  648.448871][T16592] CPU: 3 UID: 0 PID: 16592 Comm: syz.1.2929 Not tainted 6.16.0-rc4-syzkaller-00123-g4c06e63b9203 #0 PREEMPT(full) 
[  648.448893][T16592] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  648.448902][T16592] Call Trace:
[  648.448908][T16592]  <TASK>
[  648.448915][T16592]  dump_stack_lvl+0x16c/0x1f0
[  648.448944][T16592]  should_fail_ex+0x512/0x640
[  648.448969][T16592]  ? fs_reclaim_acquire+0xae/0x150
[  648.448992][T16592]  ? tomoyo_encode2+0x100/0x3e0
[  648.449015][T16592]  should_failslab+0xc2/0x120
[  648.449032][T16592]  __kmalloc_noprof+0xd2/0x510
[  648.449085][T16592]  tomoyo_encode2+0x100/0x3e0
[  648.449114][T16592]  tomoyo_encode+0x29/0x50
[  648.449137][T16592]  tomoyo_realpath_from_path+0x18f/0x6e0
[  648.449163][T16592]  ? tomoyo_profile+0x47/0x60
[  648.449183][T16592]  tomoyo_path_number_perm+0x245/0x580
[  648.449203][T16592]  ? tomoyo_path_number_perm+0x237/0x580
[  648.449226][T16592]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  648.449273][T16592]  ? find_held_lock+0x2b/0x80
[  648.449291][T16592]  ? hook_file_ioctl_common+0x145/0x410
[  648.449316][T16592]  ? __fget_files+0x20e/0x3c0
[  648.449339][T16592]  ? __fput_deferred+0x440/0x480
[  648.449363][T16592]  security_file_ioctl_compat+0x9b/0x240
[  648.449387][T16592]  __ia32_compat_sys_ioctl+0xc3/0x370
[  648.449412][T16592]  __do_fast_syscall_32+0x7c/0x3a0
[  648.449441][T16592]  do_fast_syscall_32+0x32/0x80
[  648.449467][T16592]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  648.449493][T16592] RIP: 0023:0xf70ee579
[  648.449508][T16592] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  648.449538][T16592] RSP: 002b:00000000f50de55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  648.449555][T16592] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000000ae80
[  648.449566][T16592] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  648.449576][T16592] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  648.449586][T16592] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  648.449596][T16592] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  648.449620][T16592]  </TASK>
[  648.450230][T16592] ERROR: Out of memory at tomoyo_realpath_from_path.
[  648.691818][T16596] binder: 16594:16596 ioctl c0306201 0 returned -14
[  649.934599][T16615] loop6: detected capacity change from 0 to 524287999
[  650.488066][   T61] bond2 (unregistering): (slave ip6gretap1): Releasing backup interface
[  650.493299][   T61] bond2 (unregistering): (slave ip6gretap1): the permanent HWaddr of slave - ae:f2:60:3d:b0:8b - is still in use by bond - set the HWaddr of slave to a different address to avoid conflicts
[  650.620428][T16635] FAULT_INJECTION: forcing a failure.
[  650.620428][T16635] name failslab, interval 1, probability 0, space 0, times 0
[  650.624393][T16635] CPU: 2 UID: 0 PID: 16635 Comm: syz.1.2941 Not tainted 6.16.0-rc4-syzkaller-00123-g4c06e63b9203 #0 PREEMPT(full) 
[  650.624408][T16635] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  650.624415][T16635] Call Trace:
[  650.624419][T16635]  <TASK>
[  650.624423][T16635]  dump_stack_lvl+0x16c/0x1f0
[  650.624442][T16635]  should_fail_ex+0x512/0x640
[  650.624458][T16635]  ? fs_reclaim_acquire+0xae/0x150
[  650.624472][T16635]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[  650.624487][T16635]  should_failslab+0xc2/0x120
[  650.624498][T16635]  __kmalloc_noprof+0xd2/0x510
[  650.624517][T16635]  tomoyo_realpath_from_path+0xc2/0x6e0
[  650.624533][T16635]  ? tomoyo_profile+0x47/0x60
[  650.624544][T16635]  tomoyo_path_number_perm+0x245/0x580
[  650.624556][T16635]  ? tomoyo_path_number_perm+0x237/0x580
[  650.624570][T16635]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  650.624596][T16635]  ? find_held_lock+0x2b/0x80
[  650.624607][T16635]  ? hook_file_ioctl_common+0x145/0x410
[  650.624622][T16635]  ? __fget_files+0x20e/0x3c0
[  650.624636][T16635]  ? __fput_deferred+0x440/0x480
[  650.624650][T16635]  security_file_ioctl_compat+0x9b/0x240
[  650.624665][T16635]  __ia32_compat_sys_ioctl+0xc3/0x370
[  650.624680][T16635]  __do_fast_syscall_32+0x7c/0x3a0
[  650.624697][T16635]  do_fast_syscall_32+0x32/0x80
[  650.624713][T16635]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  650.624725][T16635] RIP: 0023:0xf70ee579
[  650.624734][T16635] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  650.624744][T16635] RSP: 002b:00000000f50de55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  650.624753][T16635] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 000000000000541b
[  650.624760][T16635] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  650.624765][T16635] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  650.624771][T16635] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  650.624777][T16635] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  650.624789][T16635]  </TASK>
[  650.624793][T16635] ERROR: Out of memory at tomoyo_realpath_from_path.
[  650.742861][   T61] bond1 (unregistering): (slave gretap1): Releasing active interface
[  650.897280][   T61] bond1 (unregistering): Released all slaves
[  650.898766][T16645] binder: 16643:16645 ioctl c0306201 0 returned -14
[  650.904719][   T61] bond2 (unregistering): (slave veth3): Releasing backup interface
[  650.908142][   T61] bond2 (unregistering): Released all slaves
[  651.056060][T16652] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2944'.
[  651.107811][   T92] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  651.133823][   T61] tipc: Left network mode
[  651.171568][T16657] FAULT_INJECTION: forcing a failure.
[  651.171568][T16657] name failslab, interval 1, probability 0, space 0, times 0
[  651.176863][T16657] CPU: 0 UID: 0 PID: 16657 Comm: syz.3.2945 Not tainted 6.16.0-rc4-syzkaller-00123-g4c06e63b9203 #0 PREEMPT(full) 
[  651.176879][T16657] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  651.176886][T16657] Call Trace:
[  651.176890][T16657]  <TASK>
[  651.176894][T16657]  dump_stack_lvl+0x16c/0x1f0
[  651.176914][T16657]  should_fail_ex+0x512/0x640
[  651.176934][T16657]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[  651.176956][T16657]  should_failslab+0xc2/0x120
[  651.176966][T16657]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  651.176982][T16657]  ? __alloc_skb+0x2b2/0x380
[  651.177000][T16657]  __alloc_skb+0x2b2/0x380
[  651.177014][T16657]  ? __pfx___alloc_skb+0x10/0x10
[  651.177030][T16657]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  651.177070][T16657]  netlink_alloc_large_skb+0x69/0x130
[  651.177082][T16657]  netlink_sendmsg+0x6a1/0xdd0
[  651.177095][T16657]  ? __pfx_netlink_sendmsg+0x10/0x10
[  651.177107][T16657]  ? __import_iovec+0x1dd/0x650
[  651.177121][T16657]  ____sys_sendmsg+0xa98/0xc70
[  651.177134][T16657]  ? __pfx_____sys_sendmsg+0x10/0x10
[  651.177145][T16657]  ? get_compat_msghdr+0x11a/0x170
[  651.177168][T16657]  ___sys_sendmsg+0x134/0x1d0
[  651.177184][T16657]  ? __pfx____sys_sendmsg+0x10/0x10
[  651.177206][T16657]  ? find_held_lock+0x2b/0x80
[  651.177230][T16657]  __sys_sendmsg+0x16d/0x220
[  651.177245][T16657]  ? __pfx___sys_sendmsg+0x10/0x10
[  651.177266][T16657]  ? rcu_is_watching+0x12/0xc0
[  651.177279][T16657]  __do_fast_syscall_32+0x7c/0x3a0
[  651.177297][T16657]  do_fast_syscall_32+0x32/0x80
[  651.177313][T16657]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  651.177326][T16657] RIP: 0023:0xf7f93579
[  651.177334][T16657] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  651.177345][T16657] RSP: 002b:00000000f50b655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  651.177355][T16657] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000080000080
[  651.177361][T16657] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  651.177367][T16657] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  651.177373][T16657] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  651.177379][T16657] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  651.177391][T16657]  </TASK>
[  651.468675][T16020] Bluetooth: hci1: command 0x0406 tx timeout
[  651.647191][   T61] hsr_slave_0: left promiscuous mode
[  651.649730][   T61] hsr_slave_1: left promiscuous mode
[  651.653535][   T61] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  651.657240][   T61] batman_adv: batadv0: Removing interface: batadv_slave_0
[  651.663071][   T61] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  651.665677][   T61] batman_adv: batadv0: Removing interface: batadv_slave_1
[  651.713546][   T61] veth0_macvtap: left promiscuous mode
[  651.724782][   T61] veth1_vlan: left promiscuous mode
[  651.728165][   T61] veth0_vlan: left promiscuous mode
[  652.862262][   T61] team0 (unregistering): Port device team_slave_1 removed
[  653.303847][ T6026] lo speed is unknown, defaulting to 1000
[  653.305690][ T6026] syz0: Port: 1 Link DOWN
[  653.416738][T16682] binder: 16680:16682 ioctl c0306201 0 returned -14
[  653.524222][T16690] binder: 16685:16690 ioctl c0306201 0 returned -14
[  654.511559][T16702] block device autoloading is deprecated and will be removed.
[  654.516948][T16702] syz.2.2954: attempt to access beyond end of device
[  654.516948][T16702] loop0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  654.705808][   T40] audit: type=1326 audit(2000000523.779:181): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16703 comm="syz.3.2955" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f93579 code=0x7fc00000
[  654.963046][T12559] usb 8-1: new full-speed USB device number 66 using dummy_hcd
[  655.143661][T12559] usb 8-1: config 0 interface 0 altsetting 4 endpoint 0x81 has invalid maxpacket 1024, setting to 64
[  655.153234][T12559] usb 8-1: config 0 interface 0 altsetting 4 has 2 endpoint descriptors, different from the interface descriptor's value: 7
[  655.163061][T12559] usb 8-1: config 0 interface 0 has no altsetting 0
[  655.164873][T12559] usb 8-1: New USB device found, idVendor=047f, idProduct=c055, bcdDevice= 0.00
[  655.167904][T12559] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  655.171728][T12559] usb 8-1: config 0 descriptor??
[  655.184308][T16705] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  655.392729][T16705] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  655.396058][T16705] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  655.402711][T12559] usbhid 8-1:0.0: can't add hid device: -71
[  655.405497][T12559] usbhid 8-1:0.0: probe with driver usbhid failed with error -71
[  655.410203][T12559] usb 8-1: USB disconnect, device number 66
[  655.843025][ T6026] usb 8-1: new high-speed USB device number 67 using dummy_hcd
[  655.993084][ T6026] usb 8-1: Using ep0 maxpacket: 32
[  655.997376][ T6026] usb 8-1: config 0 interface 0 altsetting 4 endpoint 0x2 has an invalid bInterval 129, changing to 11
[  656.001565][ T6026] usb 8-1: config 0 interface 0 altsetting 4 has 2 endpoint descriptors, different from the interface descriptor's value: 7
[  656.007117][ T6026] usb 8-1: config 0 interface 0 has no altsetting 0
[  656.009850][ T6026] usb 8-1: New USB device found, idVendor=047f, idProduct=c055, bcdDevice= 0.00
[  656.013586][ T6026] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  656.023495][ T6026] usb 8-1: config 0 descriptor??
[  656.032564][ T6026] hub 8-1:0.0: bad descriptor, ignoring hub
[  656.038078][ T6026] hub 8-1:0.0: probe with driver hub failed with error -5
[  656.453753][ T6026] plantronics 0003:047F:C055.000A: hiddev0,hidraw1: USB HID v0.00 Device [HID 047f:c055] on usb-dummy_hcd.3-1/input0
[  656.910161][T16734] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2962'.
[  656.913073][T16734] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2962'.
[  656.935106][T16734] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2962'.
[  656.938114][T16734] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2962'.
[  656.989089][T16734] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2962'.
[  656.991914][T16734] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2962'.
[  657.046920][   T92] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  657.158253][T16741] binder: 16739:16741 ioctl c0306201 0 returned -14
[  657.456966][T16746] binder: 16744:16746 ioctl c0306201 0 returned -14
[  657.811214][   T40] audit: type=1326 audit(2000000526.879:182): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16703 comm="syz.3.2955" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7f93579 code=0x7fc00000
[  657.862513][   T55] usb 8-1: USB disconnect, device number 67
[  657.931001][T16753] binder: 16751:16753 ioctl c0306201 0 returned -14
[  658.045940][   T40] audit: type=1804 audit(2000000527.119:183): pid=16759 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.2968" name="/newroot/166/file0/file0" dev="9p" ino=35913944 res=1 errno=0
[  658.170704][T16761] loop2: detected capacity change from 0 to 7
[  658.177785][T16761] Dev loop2: unable to read RDB block 7
[  658.180264][T16761]  loop2: AHDI p1 p2 p3
[  658.182032][T16761] loop2: partition table partially beyond EOD, truncated
[  658.186096][T16761] loop2: p1 start 1601398130 is beyond EOD, truncated
[  658.189021][T16761] loop2: p2 start 1702059890 is beyond EOD, truncated
[  658.272762][ T5370] Dev loop2: unable to read RDB block 7
[  658.276710][ T5370]  loop2: AHDI p1 p2 p3
[  658.278176][ T5370] loop2: partition table partially beyond EOD, truncated
[  658.280563][ T5370] loop2: p1 start 1601398130 is beyond EOD, truncated
[  658.282763][ T5370] loop2: p2 start 1702059890 is beyond EOD, truncated
[  658.335135][ T5370] Dev loop2: unable to read RDB block 7
[  658.337277][ T5370]  loop2: AHDI p1 p2 p3
[  658.338977][ T5370] loop2: partition table partially beyond EOD, truncated
[  658.342940][ T5370] loop2: p1 start 1601398130 is beyond EOD, truncated
[  658.345309][ T5370] loop2: p2 start 1702059890 is beyond EOD, truncated
[  658.563093][    T9] usb 6-1: new high-speed USB device number 66 using dummy_hcd
[  659.423728][    T9] usb 6-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  659.444322][    T9] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  659.458465][    T9] usb 6-1: Product: syz
[  659.464281][    T9] usb 6-1: Manufacturer: syz
[  659.473470][    T9] usb 6-1: SerialNumber: syz
[  659.554790][    T9] usb 6-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  659.583689][ T5370] Dev loop2: unable to read RDB block 7
[  659.585540][ T5370]  loop2: AHDI p1 p2 p3
[  659.590888][ T5370] loop2: partition table partially beyond EOD, truncated
[  659.593222][ T5370] loop2: p1 start 1601398130 is beyond EOD, truncated
[  659.595482][ T5370] loop2: p2 start 1702059890 is beyond EOD, truncated
[  659.630939][   T10] usb 6-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  659.804382][T16785] binder: 16783:16785 ioctl c0306201 0 returned -14
[  660.114406][T16793] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2974'.
[  660.117223][T16793] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2974'.
[  660.137030][T16793] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2974'.
[  660.139906][T16793] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2974'.
[  660.634604][ T5370] Dev loop2: unable to read RDB block 7
[  660.637272][ T5370]  loop2: AHDI p1 p2 p3
[  660.639037][ T5370] loop2: partition table partially beyond EOD, truncated
[  660.641956][ T5370] loop2: p1 start 1601398130 is beyond EOD, truncated
[  660.647465][ T5370] loop2: p2 start 1702059890 is beyond EOD, truncated
[  660.752882][   T10] ath9k_htc 6-1:1.0: ath9k_htc: Target is unresponsive
[  660.755604][   T10] ath9k_htc: Failed to initialize the device
[  660.780924][   T10] usb 6-1: ath9k_htc: USB layer deinitialized
[  661.935870][   T55] usb 6-1: USB disconnect, device number 66
[  662.679837][T16839] binder: 16833:16839 ioctl c0306201 0 returned -14
[  663.223472][   T40] audit: type=1326 audit(2000000532.289:184): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16846 comm="syz.0.2992" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f63579 code=0x7fc00000
[  663.473461][T12559] usb 5-1: new full-speed USB device number 66 using dummy_hcd
[  663.624341][T12559] usb 5-1: config 0 interface 0 altsetting 4 endpoint 0x81 has invalid maxpacket 1024, setting to 64
[  663.627700][T12559] usb 5-1: config 0 interface 0 altsetting 4 has 2 endpoint descriptors, different from the interface descriptor's value: 7
[  663.631702][T12559] usb 5-1: config 0 interface 0 has no altsetting 0
[  663.634675][T12559] usb 5-1: New USB device found, idVendor=047f, idProduct=c055, bcdDevice= 0.00
[  663.637619][T12559] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  663.641738][T12559] usb 5-1: config 0 descriptor??
[  663.644530][T16850] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  663.853433][T12559] usbhid 5-1:0.0: can't add hid device: -71
[  663.855630][T12559] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  663.862555][T12559] usb 5-1: USB disconnect, device number 66
[  664.113270][   T92] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  664.292598][  T836] usb 5-1: new high-speed USB device number 67 using dummy_hcd
[  664.366345][T16874] binder: 16872:16874 ioctl c0306201 0 returned -14
[  664.443118][  T836] usb 5-1: Using ep0 maxpacket: 32
[  664.449333][  T836] usb 5-1: config 0 interface 0 altsetting 4 endpoint 0x2 has an invalid bInterval 129, changing to 11
[  664.452588][  T836] usb 5-1: config 0 interface 0 altsetting 4 has 2 endpoint descriptors, different from the interface descriptor's value: 7
[  664.456523][  T836] usb 5-1: config 0 interface 0 has no altsetting 0
[  664.458547][  T836] usb 5-1: New USB device found, idVendor=047f, idProduct=c055, bcdDevice= 0.00
[  664.461208][  T836] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  664.468008][  T836] usb 5-1: config 0 descriptor??
[  664.817032][T16880] FAULT_INJECTION: forcing a failure.
[  664.817032][T16880] name failslab, interval 1, probability 0, space 0, times 0
[  664.821397][T16880] CPU: 3 UID: 0 PID: 16880 Comm: syz.1.3000 Not tainted 6.16.0-rc4-syzkaller-00123-g4c06e63b9203 #0 PREEMPT(full) 
[  664.821412][T16880] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  664.821419][T16880] Call Trace:
[  664.821423][T16880]  <TASK>
[  664.821427][T16880]  dump_stack_lvl+0x16c/0x1f0
[  664.821451][T16880]  should_fail_ex+0x512/0x640
[  664.821467][T16880]  ? fs_reclaim_acquire+0xae/0x150
[  664.821482][T16880]  ? tomoyo_encode2+0x100/0x3e0
[  664.821496][T16880]  should_failslab+0xc2/0x120
[  664.821507][T16880]  __kmalloc_noprof+0xd2/0x510
[  664.821526][T16880]  tomoyo_encode2+0x100/0x3e0
[  664.821543][T16880]  tomoyo_encode+0x29/0x50
[  664.821557][T16880]  tomoyo_realpath_from_path+0x18f/0x6e0
[  664.821573][T16880]  ? tomoyo_profile+0x47/0x60
[  664.821584][T16880]  tomoyo_path_number_perm+0x245/0x580
[  664.821596][T16880]  ? tomoyo_path_number_perm+0x237/0x580
[  664.821610][T16880]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  664.821636][T16880]  ? find_held_lock+0x2b/0x80
[  664.821647][T16880]  ? hook_file_ioctl_common+0x145/0x410
[  664.821662][T16880]  ? __fget_files+0x20e/0x3c0
[  664.821676][T16880]  ? __fput_deferred+0x440/0x480
[  664.821690][T16880]  security_file_ioctl_compat+0x9b/0x240
[  664.821705][T16880]  __ia32_compat_sys_ioctl+0xc3/0x370
[  664.821720][T16880]  __do_fast_syscall_32+0x7c/0x3a0
[  664.821738][T16880]  do_fast_syscall_32+0x32/0x80
[  664.821754][T16880]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  664.821767][T16880] RIP: 0023:0xf70ee579
[  664.821776][T16880] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  664.821786][T16880] RSP: 002b:00000000f50de55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  664.821796][T16880] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000000894b
[  664.821802][T16880] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  664.821808][T16880] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  664.821814][T16880] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  664.821820][T16880] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  664.821832][T16880]  </TASK>
[  664.821843][T16880] ERROR: Out of memory at tomoyo_realpath_from_path.
[  664.880021][  T836] plantronics 0003:047F:C055.000B: hiddev0,hidraw1: USB HID v0.00 Device [HID 047f:c055] on usb-dummy_hcd.0-1/input0
[  665.235060][T16893] netlink: 'syz.3.3004': attribute type 10 has an invalid length.
[  665.237727][T16893] bridge0: port 3(team0) entered blocking state
[  665.240223][T16893] bridge0: port 3(team0) entered disabled state
[  665.242282][T16893] team0: entered allmulticast mode
[  665.244037][T16893] team_slave_0: entered allmulticast mode
[  665.245902][T16893] team_slave_1: entered allmulticast mode
[  665.249061][T16893] team0: entered promiscuous mode
[  665.250611][T16893] team_slave_0: entered promiscuous mode
[  665.252442][T16893] team_slave_1: entered promiscuous mode
[  665.257229][T16893] bridge0: port 3(team0) entered blocking state
[  665.259209][T16893] bridge0: port 3(team0) entered forwarding state
[  666.173527][   T40] audit: type=1326 audit(2000000535.249:185): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16846 comm="syz.0.2992" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7f63579 code=0x7fc00000
[  666.199704][  T836] usb 5-1: USB disconnect, device number 67
[  666.654218][T16927] binder: 16923:16927 ioctl c0306201 0 returned -14
[  666.863677][T16931] __nla_validate_parse: 3 callbacks suppressed
[  666.863689][T16931] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3020'.
[  666.868541][T16931] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3020'.
[  666.910560][T16931] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3020'.
[  666.963693][T16931] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3020'.
[  666.967046][ T2296] Process accounting resumed
[  667.047460][T16931] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3020'.
[  667.050413][T16931] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3020'.
[  668.467854][   T40] audit: type=1326 audit(2000000537.539:186): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16955 comm="syz.0.3018" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f63579 code=0x7fc00000
[  668.723027][ T1022] usb 5-1: new full-speed USB device number 68 using dummy_hcd
[  668.894039][ T1022] usb 5-1: config 0 interface 0 altsetting 4 endpoint 0x81 has invalid maxpacket 1024, setting to 64
[  668.897367][ T1022] usb 5-1: config 0 interface 0 altsetting 4 has 2 endpoint descriptors, different from the interface descriptor's value: 7
[  668.901910][ T1022] usb 5-1: config 0 interface 0 has no altsetting 0
[  668.905062][ T1022] usb 5-1: New USB device found, idVendor=047f, idProduct=c055, bcdDevice= 0.00
[  668.908204][ T1022] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  668.920616][ T1022] usb 5-1: config 0 descriptor??
[  668.923786][T16959] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  669.139139][ T1022] usbhid 5-1:0.0: can't add hid device: -71
[  669.141084][ T1022] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  669.152932][ T1022] usb 5-1: USB disconnect, device number 68
[  669.583122][ T1022] usb 5-1: new high-speed USB device number 69 using dummy_hcd
[  669.624326][T16987] netlink: 64 bytes leftover after parsing attributes in process `syz.1.3024'.
[  669.733142][ T1022] usb 5-1: Using ep0 maxpacket: 32
[  669.743814][ T1022] usb 5-1: config 0 interface 0 altsetting 4 endpoint 0x2 has an invalid bInterval 129, changing to 11
[  669.748219][ T1022] usb 5-1: config 0 interface 0 altsetting 4 has 2 endpoint descriptors, different from the interface descriptor's value: 7
[  669.763409][ T1022] usb 5-1: config 0 interface 0 has no altsetting 0
[  669.773019][ T1022] usb 5-1: New USB device found, idVendor=047f, idProduct=c055, bcdDevice= 0.00
[  669.775893][ T1022] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  669.783543][ T1022] usb 5-1: config 0 descriptor??
[  670.202373][ T1022] plantronics 0003:047F:C055.000C: hiddev0,hidraw1: USB HID v0.00 Device [HID 047f:c055] on usb-dummy_hcd.0-1/input0
[  671.454832][   T40] audit: type=1326 audit(2000000540.529:187): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16955 comm="syz.0.3018" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7f63579 code=0x7fc00000
[  671.466369][T12559] usb 5-1: USB disconnect, device number 69
[  671.544947][T17019] binder: 17016:17019 ioctl c0306201 0 returned -14
[  671.956036][T17020] netlink: 32 bytes leftover after parsing attributes in process `syz.3.3033'.
[  671.958984][T17020] netlink: 32 bytes leftover after parsing attributes in process `syz.3.3033'.
[  671.982382][T17020] netlink: 32 bytes leftover after parsing attributes in process `syz.3.3033'.
[  671.985448][T17020] netlink: 32 bytes leftover after parsing attributes in process `syz.3.3033'.
[  672.041237][T17020] netlink: 32 bytes leftover after parsing attributes in process `syz.3.3033'.
[  672.044800][T17020] netlink: 32 bytes leftover after parsing attributes in process `syz.3.3033'.
[  672.117986][T12559] Process accounting resumed
[  673.797485][T17053] binder: 17051:17053 ioctl c0306201 0 returned -14
[  674.617932][T17069] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3044'.
[  674.621172][T17069] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3044'.
[  674.642273][T17069] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3044'.
[  674.646343][T17069] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3044'.
[  674.715847][T12559] Process accounting resumed
[  675.198981][T17080] binder: 17078:17080 ioctl c0306201 0 returned -14
[  675.718387][T17087] binder: 17084:17087 ioctl c0306201 0 returned -14
[  676.999965][T17112] binder: 17107:17112 ioctl c0306201 0 returned -14
[  678.875224][T17126] __nla_validate_parse: 2 callbacks suppressed
[  678.875237][T17126] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3062'.
[  680.342543][T17149] binder: 17147:17149 ioctl c0306201 0 returned -14
[  680.908472][T17163] binder: 17160:17163 ioctl c0306201 0 returned -14
[  680.976922][   T40] audit: type=1326 audit(2000000550.049:188): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17155 comm="syz.0.3068" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f63579 code=0x7fc00000
[  681.233290][   T55] usb 5-1: new full-speed USB device number 70 using dummy_hcd
[  681.373075][   T55] usb 5-1: device descriptor read/64, error -71
[  681.623118][   T55] usb 5-1: new full-speed USB device number 71 using dummy_hcd
[  681.763984][   T55] usb 5-1: device descriptor read/64, error -71
[  681.873951][   T55] usb usb5-port1: attempt power cycle
[  682.213125][   T55] usb 5-1: new full-speed USB device number 72 using dummy_hcd
[  682.237349][ T1201] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  682.243563][   T55] usb 5-1: device descriptor read/8, error -71
[  682.483113][   T55] usb 5-1: new full-speed USB device number 73 using dummy_hcd
[  682.503951][   T55] usb 5-1: device descriptor read/8, error -71
[  682.613292][   T55] usb usb5-port1: unable to enumerate USB device
[  683.376057][T17196] netlink: 32 bytes leftover after parsing attributes in process `syz.2.3076'.
[  683.379722][T17196] netlink: 32 bytes leftover after parsing attributes in process `syz.2.3076'.
[  683.441442][T17196] netlink: 32 bytes leftover after parsing attributes in process `syz.2.3076'.
[  683.446270][T17196] netlink: 32 bytes leftover after parsing attributes in process `syz.2.3076'.
[  683.449417][ T2296] Process accounting resumed
[  683.497137][T17194] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3077'.
[  683.527489][T17196] netlink: 32 bytes leftover after parsing attributes in process `syz.2.3076'.
[  683.531381][T17196] netlink: 32 bytes leftover after parsing attributes in process `syz.2.3076'.
[  683.704314][   T40] audit: type=1326 audit(2000000552.779:189): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17155 comm="syz.0.3068" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7f63579 code=0x7fc00000
[  684.446728][T17223] binder: 17221:17223 ioctl c0306201 0 returned -14
[  685.225427][ T1420] ieee802154 phy1 wpan1: encryption failed: -22
[  685.998232][T17243] netlink: 32 bytes leftover after parsing attributes in process `syz.2.3087'.
[  686.001092][T17243] netlink: 32 bytes leftover after parsing attributes in process `syz.2.3087'.
[  686.069363][T17243] netlink: 32 bytes leftover after parsing attributes in process `syz.2.3087'.
[  686.072215][T17243] netlink: 32 bytes leftover after parsing attributes in process `syz.2.3087'.
[  686.108750][T17243] netlink: 32 bytes leftover after parsing attributes in process `syz.2.3087'.
[  686.111559][T17243] netlink: 32 bytes leftover after parsing attributes in process `syz.2.3087'.
[  686.113283][   T40] audit: type=1326 audit(2000000555.189:190): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17239 comm="syz.1.3088" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ee579 code=0x7fc00000
[  686.131711][T12559] Process accounting resumed
[  686.149616][T17255] netlink: 32 bytes leftover after parsing attributes in process `syz.0.3089'.
[  686.152540][T17255] netlink: 32 bytes leftover after parsing attributes in process `syz.0.3089'.
[  686.172212][T17255] netlink: 32 bytes leftover after parsing attributes in process `syz.0.3089'.
[  686.176310][T17255] netlink: 32 bytes leftover after parsing attributes in process `syz.0.3089'.
[  686.208823][T16820] Process accounting resumed
[  686.373141][  T836] usb 6-1: new full-speed USB device number 67 using dummy_hcd
[  686.503444][  T836] usb 6-1: device descriptor read/64, error -71
[  686.743846][  T836] usb 6-1: new full-speed USB device number 68 using dummy_hcd
[  686.893205][  T836] usb 6-1: device descriptor read/64, error -71
[  687.004081][  T836] usb usb6-port1: attempt power cycle
[  687.343095][  T836] usb 6-1: new full-speed USB device number 69 using dummy_hcd
[  687.363449][  T836] usb 6-1: device descriptor read/8, error -71
[  687.603049][  T836] usb 6-1: new full-speed USB device number 70 using dummy_hcd
[  687.625285][  T836] usb 6-1: device descriptor read/8, error -71
[  687.734530][  T836] usb usb6-port1: unable to enumerate USB device
[  688.074003][   T92] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  688.082001][T17282] binder: 17280:17282 ioctl c0306201 0 returned -14
[  688.531705][   T40] audit: type=1326 audit(2000000557.599:191): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17275 comm="syz.2.3094" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb2579 code=0x7fc00000
[  688.714199][T17289] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(11)
[  688.716289][T17289] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  688.719832][T17289] vhci_hcd vhci_hcd.0: Device attached
[  688.850184][   T40] audit: type=1326 audit(2000000557.919:192): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17239 comm="syz.1.3088" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf70ee579 code=0x7fc00000
[  688.910682][T17291] vhci_hcd: connection closed
[  688.934715][   T12] vhci_hcd: stop threads
[  688.938620][   T12] vhci_hcd: release socket
[  688.941740][   T12] vhci_hcd: disconnect device
[  688.963452][T14801] usb 41-1: new high-speed USB device number 2 using vhci_hcd
[  688.965995][T14801] usb 41-1: enqueue for inactive port 0
[  689.043106][T14801] vhci_hcd: vhci_device speed not set
[  689.713099][   T54] usb 5-1: new high-speed USB device number 74 using dummy_hcd
[  689.723009][T16820] usb 8-1: new high-speed USB device number 68 using dummy_hcd
[  689.853047][   T54] usb 5-1: device descriptor read/64, error -71
[  689.873011][T16820] usb 8-1: Using ep0 maxpacket: 32
[  689.876033][T16820] usb 8-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  689.880932][T16820] usb 8-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  689.884588][T16820] usb 8-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  689.887906][T16820] usb 8-1: Product: syz
[  689.889254][T16820] usb 8-1: Manufacturer: syz
[  689.890788][T16820] usb 8-1: SerialNumber: syz
[  689.893715][T16820] usb 8-1: config 0 descriptor??
[  689.895855][T17300] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  689.898867][T16820] hub 8-1:0.0: bad descriptor, ignoring hub
[  689.900760][T16820] hub 8-1:0.0: probe with driver hub failed with error -5
[  690.103067][   T54] usb 5-1: new high-speed USB device number 75 using dummy_hcd
[  690.184788][T16777] Process accounting resumed
[  690.253022][   T54] usb 5-1: device descriptor read/64, error -71
[  690.373489][   T54] usb usb5-port1: attempt power cycle
[  690.505049][  T836] usb 8-1: USB disconnect, device number 68
[  690.633046][  T836] usb 8-1: new full-speed USB device number 69 using dummy_hcd
[  690.733031][   T54] usb 5-1: new high-speed USB device number 76 using dummy_hcd
[  690.755485][   T54] usb 5-1: device descriptor read/8, error -71
[  690.789306][  T836] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x85 has invalid maxpacket 1024, setting to 64
[  690.795835][  T836] usb 8-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  690.798657][  T836] usb 8-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  690.801204][  T836] usb 8-1: Product: syz
[  690.802523][  T836] usb 8-1: Manufacturer: syz
[  690.804478][  T836] usb 8-1: SerialNumber: syz
[  690.808453][  T836] usb 8-1: config 0 descriptor??
[  690.811783][T17308] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  690.849331][  T836] hub 8-1:0.0: bad descriptor, ignoring hub
[  690.851275][  T836] hub 8-1:0.0: probe with driver hub failed with error -5
[  691.003064][   T54] usb 5-1: new high-speed USB device number 77 using dummy_hcd
[  691.033540][   T54] usb 5-1: device descriptor read/8, error -71
[  691.048977][T17322] binder: 17318:17322 ioctl c0306201 0 returned -14
[  691.163177][T14801] usb 8-1: USB disconnect, device number 69
[  691.263125][   T54] usb usb5-port1: unable to enumerate USB device
[  692.063728][T17338] __nla_validate_parse: 8 callbacks suppressed
[  692.063831][T17338] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3111'.
[  694.113058][ T6013] usb 5-1: new high-speed USB device number 78 using dummy_hcd
[  694.243069][ T6013] usb 5-1: device descriptor read/64, error -71
[  694.493083][ T6013] usb 5-1: new high-speed USB device number 79 using dummy_hcd
[  694.633145][ T6013] usb 5-1: device descriptor read/64, error -71
[  694.743255][ T6013] usb usb5-port1: attempt power cycle
[  694.835311][T17382] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3123'.
[  694.922079][T17387] binder: 17385:17387 ioctl c0306201 0 returned -14
[  695.139713][   T13] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  695.224246][ T6013] usb 5-1: new high-speed USB device number 80 using dummy_hcd
[  695.286818][ T6013] usb 5-1: device descriptor read/8, error -71
[  695.641804][ T6013] usb 5-1: new high-speed USB device number 81 using dummy_hcd
[  695.667030][ T6013] usb 5-1: device descriptor read/8, error -71
[  695.778519][ T6013] usb usb5-port1: unable to enumerate USB device
[  695.809314][T17399] FAULT_INJECTION: forcing a failure.
[  695.809314][T17399] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  695.813453][T17399] CPU: 2 UID: 0 PID: 17399 Comm: syz.3.3129 Not tainted 6.16.0-rc4-syzkaller-00123-g4c06e63b9203 #0 PREEMPT(full) 
[  695.813468][T17399] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  695.813475][T17399] Call Trace:
[  695.813479][T17399]  <TASK>
[  695.813484][T17399]  dump_stack_lvl+0x16c/0x1f0
[  695.813503][T17399]  should_fail_ex+0x512/0x640
[  695.813522][T17399]  _copy_to_user+0x32/0xd0
[  695.813533][T17399]  simple_read_from_buffer+0xcb/0x170
[  695.813550][T17399]  proc_fail_nth_read+0x197/0x270
[  695.813564][T17399]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  695.813578][T17399]  ? rw_verify_area+0xcf/0x680
[  695.813592][T17399]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  695.813606][T17399]  vfs_read+0x1e4/0xc60
[  695.813622][T17399]  ? fdget_pos+0x2a2/0x370
[  695.813639][T17399]  ? __pfx_vfs_read+0x10/0x10
[  695.813653][T17399]  ? find_held_lock+0x2b/0x80
[  695.813669][T17399]  ? __fget_files+0x20e/0x3c0
[  695.813699][T17399]  ksys_read+0x12a/0x250
[  695.813714][T17399]  ? __pfx_ksys_read+0x10/0x10
[  695.813731][T17399]  ? rcu_is_watching+0x12/0xc0
[  695.813744][T17399]  __do_fast_syscall_32+0x7c/0x3a0
[  695.813762][T17399]  do_fast_syscall_32+0x32/0x80
[  695.813778][T17399]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  695.813792][T17399] RIP: 0023:0xf7f93579
[  695.813801][T17399] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  695.813811][T17399] RSP: 002b:00000000f50b6590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  695.813821][T17399] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000f50b6620
[  695.813828][T17399] RDX: 000000000000000f RSI: 00000000f7423ff4 RDI: 0000000000000000
[  695.813834][T17399] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  695.813840][T17399] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  695.813846][T17399] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  695.813859][T17399]  </TASK>
[  696.209649][T17404] netlink: 32 bytes leftover after parsing attributes in process `syz.3.3130'.
[  696.212484][T17404] netlink: 32 bytes leftover after parsing attributes in process `syz.3.3130'.
[  696.260882][T16777] Process accounting resumed
[  696.283469][T17404] netlink: 32 bytes leftover after parsing attributes in process `syz.3.3130'.
[  696.286306][T17404] netlink: 32 bytes leftover after parsing attributes in process `syz.3.3130'.
[  696.323069][T17404] netlink: 32 bytes leftover after parsing attributes in process `syz.3.3130'.
[  696.325907][T17404] netlink: 32 bytes leftover after parsing attributes in process `syz.3.3130'.
[  696.348403][   T40] audit: type=1326 audit(2000000565.419:193): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17402 comm="syz.1.3131" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ee579 code=0x7fc00000
[  696.374213][   T40] audit: type=1326 audit(2000000565.449:194): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17405 comm="syz.2.3132" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb2579 code=0x7fc00000
[  696.593019][   T55] usb 6-1: new full-speed USB device number 71 using dummy_hcd
[  696.613093][ T1022] usb 7-1: new full-speed USB device number 79 using dummy_hcd
[  696.745177][   T55] usb 6-1: config 0 interface 0 altsetting 4 endpoint 0x81 has invalid maxpacket 1024, setting to 64
[  696.748677][   T55] usb 6-1: config 0 interface 0 altsetting 4 has 2 endpoint descriptors, different from the interface descriptor's value: 7
[  696.752573][   T55] usb 6-1: config 0 interface 0 has no altsetting 0
[  696.754726][   T55] usb 6-1: New USB device found, idVendor=047f, idProduct=c055, bcdDevice= 0.00
[  696.757490][   T55] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  696.761137][   T55] usb 6-1: config 0 descriptor??
[  696.763393][T17407] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  696.768162][ T1022] usb 7-1: config 0 interface 0 altsetting 4 endpoint 0x81 has invalid maxpacket 1024, setting to 64
[  696.772100][ T1022] usb 7-1: config 0 interface 0 altsetting 4 has 2 endpoint descriptors, different from the interface descriptor's value: 7
[  696.776768][ T1022] usb 7-1: config 0 interface 0 has no altsetting 0
[  696.779655][ T1022] usb 7-1: New USB device found, idVendor=047f, idProduct=c055, bcdDevice= 0.00
[  696.782582][ T1022] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  696.786381][ T1022] usb 7-1: config 0 descriptor??
[  696.788995][T17416] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22
[  696.970332][T17407] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  696.978793][T17407] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  696.998356][   T55] usbhid 6-1:0.0: can't add hid device: -71
[  697.000264][   T55] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[  697.015592][T17416] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  697.017439][   T55] usb 6-1: USB disconnect, device number 71
[  697.032359][T17416] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  697.047356][ T1022] usbhid 7-1:0.0: can't add hid device: -71
[  697.049327][ T1022] usbhid 7-1:0.0: probe with driver usbhid failed with error -71
[  697.064599][ T1022] usb 7-1: USB disconnect, device number 79
[  697.079648][T17424] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3134'.
[  697.473076][T14801] usb 6-1: new high-speed USB device number 72 using dummy_hcd
[  697.483063][ T1022] usb 7-1: new high-speed USB device number 80 using dummy_hcd
[  697.633054][T14801] usb 6-1: Using ep0 maxpacket: 32
[  697.635272][ T1022] usb 7-1: Using ep0 maxpacket: 32
[  697.639611][T14801] usb 6-1: config 0 interface 0 altsetting 4 endpoint 0x2 has an invalid bInterval 129, changing to 11
[  697.644520][T14801] usb 6-1: config 0 interface 0 altsetting 4 has 2 endpoint descriptors, different from the interface descriptor's value: 7
[  697.649809][T14801] usb 6-1: config 0 interface 0 has no altsetting 0
[  697.652643][ T1022] usb 7-1: config 0 interface 0 altsetting 4 endpoint 0x2 has an invalid bInterval 129, changing to 11
[  697.656806][T14801] usb 6-1: New USB device found, idVendor=047f, idProduct=c055, bcdDevice= 0.00
[  697.659588][T14801] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  697.662772][ T1022] usb 7-1: config 0 interface 0 altsetting 4 has 2 endpoint descriptors, different from the interface descriptor's value: 7
[  697.667330][T14801] usb 6-1: config 0 descriptor??
[  697.668940][ T1022] usb 7-1: config 0 interface 0 has no altsetting 0
[  697.671357][ T1022] usb 7-1: New USB device found, idVendor=047f, idProduct=c055, bcdDevice= 0.00
[  697.674708][ T1022] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  697.678860][T14801] hub 6-1:0.0: bad descriptor, ignoring hub
[  697.681113][ T1022] usb 7-1: config 0 descriptor??
[  697.682793][T14801] hub 6-1:0.0: probe with driver hub failed with error -5
[  697.690066][ T1022] hub 7-1:0.0: bad descriptor, ignoring hub
[  697.692536][ T1022] hub 7-1:0.0: probe with driver hub failed with error -5
[  697.890145][T17433] binder: 17429:17433 ioctl c0306201 0 returned -14
[  698.089481][T14801] plantronics 0003:047F:C055.000D: hiddev0,hidraw1: USB HID v0.00 Device [HID 047f:c055] on usb-dummy_hcd.1-1/input0
[  698.108354][ T1022] plantronics 0003:047F:C055.000E: hiddev1,hidraw2: USB HID v0.00 Device [HID 047f:c055] on usb-dummy_hcd.2-1/input0
[  699.222364][T17455] netlink: 32 bytes leftover after parsing attributes in process `syz.3.3141'.
[  699.226089][T17455] netlink: 32 bytes leftover after parsing attributes in process `syz.3.3141'.
[  699.257063][T17455] netlink: 32 bytes leftover after parsing attributes in process `syz.3.3141'.
[  699.259949][T17455] netlink: 32 bytes leftover after parsing attributes in process `syz.3.3141'.
[  699.273832][T16777] Process accounting resumed
[  699.311125][T17455] netlink: 32 bytes leftover after parsing attributes in process `syz.3.3141'.
[  699.314008][T17455] netlink: 32 bytes leftover after parsing attributes in process `syz.3.3141'.
[  699.318953][   T40] audit: type=1326 audit(2000000568.389:195): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17405 comm="syz.2.3132" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7fb2579 code=0x7fc00000
[  699.343235][ T1022] usb 5-1: new high-speed USB device number 82 using dummy_hcd
[  699.433218][   T55] usb 7-1: USB disconnect, device number 80
[  699.438509][   T40] audit: type=1326 audit(2000000568.509:196): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17402 comm="syz.1.3131" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf70ee579 code=0x7fc00000
[  699.473289][ T1022] usb 5-1: device descriptor read/64, error -71
[  699.473868][   T24] usb 6-1: USB disconnect, device number 72
[  699.713134][ T1022] usb 5-1: new high-speed USB device number 83 using dummy_hcd
[  699.716482][T17469] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3145'.
[  699.863061][ T1022] usb 5-1: device descriptor read/64, error -71
[  699.973159][ T1022] usb usb5-port1: attempt power cycle
[  700.313110][ T1022] usb 5-1: new high-speed USB device number 84 using dummy_hcd
[  700.383478][ T1022] usb 5-1: device descriptor read/8, error -71
[  700.653065][ T1022] usb 5-1: new high-speed USB device number 85 using dummy_hcd
[  700.675691][ T1022] usb 5-1: device descriptor read/8, error -71
[  700.783303][ T1022] usb usb5-port1: unable to enumerate USB device
[  700.873245][T16777] usb 8-1: new high-speed USB device number 70 using dummy_hcd
[  701.113102][T16777] usb 8-1: Using ep0 maxpacket: 16
[  701.143298][T16777] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0xD has an invalid bInterval 0, changing to 7
[  701.634437][T16777] usb 8-1: New USB device found, idVendor=4752, idProduct=0011, bcdDevice=32.4f
[  701.637278][T16777] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  701.639758][T16777] usb 8-1: Product: syz
[  701.641083][T16777] usb 8-1: Manufacturer: syz
[  701.642563][T16777] usb 8-1: SerialNumber: syz
[  701.654238][T16777] usb 8-1: config 0 descriptor??
[  701.656990][T16777] hub 8-1:0.0: bad descriptor, ignoring hub
[  701.658853][T16777] hub 8-1:0.0: probe with driver hub failed with error -5
[  701.662133][T16777] usb 8-1: Quirk or no altset; falling back to MIDI 1.0
[  702.183240][ T1201] wlan1: Trigger new scan to find an IBSS to join
[  702.183265][   T12] wlan1: Trigger new scan to find an IBSS to join
[  702.195257][T17495] binder: 17493:17495 ioctl c0306201 0 returned -14
[  702.888704][   T40] audit: type=1326 audit(2000000571.959:197): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17498 comm="syz.1.3153" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ee579 code=0x7fc00000
[  703.102139][T17508] netlink: 32 bytes leftover after parsing attributes in process `syz.2.3154'.
[  703.105458][T17508] netlink: 32 bytes leftover after parsing attributes in process `syz.2.3154'.
[  703.128793][T17508] netlink: 32 bytes leftover after parsing attributes in process `syz.2.3154'.
[  703.131679][T17508] netlink: 32 bytes leftover after parsing attributes in process `syz.2.3154'.
[  703.153186][   T55] usb 6-1: new full-speed USB device number 73 using dummy_hcd
[  703.154079][   T54] Process accounting resumed
[  703.172840][T17508] netlink: 32 bytes leftover after parsing attributes in process `syz.2.3154'.
[  703.179026][T17508] netlink: 32 bytes leftover after parsing attributes in process `syz.2.3154'.
[  703.325441][   T55] usb 6-1: config 0 interface 0 altsetting 4 endpoint 0x81 has invalid maxpacket 1024, setting to 64
[  703.330004][   T55] usb 6-1: config 0 interface 0 altsetting 4 has 2 endpoint descriptors, different from the interface descriptor's value: 7
[  703.334822][   T55] usb 6-1: config 0 interface 0 has no altsetting 0
[  703.336866][   T55] usb 6-1: New USB device found, idVendor=047f, idProduct=c055, bcdDevice= 0.00
[  703.339618][   T55] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  703.344948][   T55] usb 6-1: config 0 descriptor??
[  703.346978][T17502] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  703.551695][T17502] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  703.555149][T17502] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  703.559384][   T55] usbhid 6-1:0.0: can't add hid device: -71
[  703.561312][   T55] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[  703.565696][   T55] usb 6-1: USB disconnect, device number 73
[  703.573197][T16777] usb 8-1: USB disconnect, device number 70
[  704.003063][ T1022] usb 6-1: new high-speed USB device number 74 using dummy_hcd
[  704.175353][ T1022] usb 6-1: Using ep0 maxpacket: 32
[  704.194681][ T1022] usb 6-1: config 0 interface 0 altsetting 4 endpoint 0x2 has an invalid bInterval 129, changing to 11
[  704.198364][ T1022] usb 6-1: config 0 interface 0 altsetting 4 has 2 endpoint descriptors, different from the interface descriptor's value: 7
[  704.212323][ T1022] usb 6-1: config 0 interface 0 has no altsetting 0
[  704.214611][ T1022] usb 6-1: New USB device found, idVendor=047f, idProduct=c055, bcdDevice= 0.00
[  704.217550][ T1022] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  704.221731][ T1022] usb 6-1: config 0 descriptor??
[  704.231147][ T1022] hub 6-1:0.0: bad descriptor, ignoring hub
[  704.237148][ T1022] hub 6-1:0.0: probe with driver hub failed with error -5
[  704.682682][ T1022] plantronics 0003:047F:C055.000F: hiddev0,hidraw1: USB HID v0.00 Device [HID 047f:c055] on usb-dummy_hcd.1-1/input0
[  705.140687][T17538] binder: 17533:17538 ioctl c0306201 0 returned -14
[  705.303291][   T12] wlan1: Trigger new scan to find an IBSS to join
[  706.033085][   T40] audit: type=1326 audit(2000000575.089:198): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17498 comm="syz.1.3153" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf70ee579 code=0x7fc00000
[  706.055373][ T1022] usb 6-1: USB disconnect, device number 74
[  706.261214][   T13] wlan1: Creating new IBSS network, BSSID 96:9b:98:00:de:7f
[  707.244029][   T29] IPVS: starting estimator thread 0...
[  707.343900][T16777] usb 5-1: new high-speed USB device number 86 using dummy_hcd
[  707.354023][T17567] IPVS: using max 45 ests per chain, 108000 per kthread
[  707.384598][   T13] wlan1: Trigger new scan to find an IBSS to join
[  707.523096][T16777] usb 5-1: Using ep0 maxpacket: 16
[  707.529830][T16777] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0xD has an invalid bInterval 0, changing to 7
[  707.543716][T16777] usb 5-1: New USB device found, idVendor=4752, idProduct=0011, bcdDevice=32.4f
[  707.762867][T16777] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  707.769858][T16777] usb 5-1: Product: syz
[  707.773378][T16777] usb 5-1: Manufacturer: syz
[  707.777013][T16777] usb 5-1: SerialNumber: syz
[  707.784228][T16777] usb 5-1: config 0 descriptor??
[  707.792707][T16777] hub 5-1:0.0: bad descriptor, ignoring hub
[  707.794682][T16777] hub 5-1:0.0: probe with driver hub failed with error -5
[  707.800241][T16777] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[  707.973071][T17573] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3167'.
[  707.977057][T17573] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3167'.
[  708.034455][T16777] Process accounting resumed
[  708.170628][T17573] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3167'.
[  708.185209][T17573] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3167'.
[  708.345345][T17573] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3167'.
[  708.352632][T17573] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3167'.
[  710.172064][T16777] usb 5-1: USB disconnect, device number 86
[  710.346071][T17605] binder: 17603:17605 ioctl c0306201 0 returned -14
[  711.316058][T17625] binder: 17620:17625 ioctl c0306201 0 returned -14
[  711.443384][   T54] usb 7-1: new high-speed USB device number 81 using dummy_hcd
[  711.573043][   T54] usb 7-1: device descriptor read/64, error -71
[  711.813129][   T54] usb 7-1: new high-speed USB device number 82 using dummy_hcd
[  711.953043][   T54] usb 7-1: device descriptor read/64, error -71
[  712.073268][   T54] usb usb7-port1: attempt power cycle
[  712.084500][T17634] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3183'.
[  712.263124][   T13] wlan1: Trigger new scan to find an IBSS to join
[  712.453050][   T54] usb 7-1: new high-speed USB device number 83 using dummy_hcd
[  712.473563][   T54] usb 7-1: device descriptor read/8, error -71
[  712.682720][   T40] audit: type=1326 audit(2000000581.749:199): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17641 comm="syz.1.3186" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ee579 code=0x7fc00000
[  712.714015][   T54] usb 7-1: new high-speed USB device number 84 using dummy_hcd
[  712.737146][   T54] usb 7-1: device descriptor read/8, error -71
[  712.932632][   T54] usb usb7-port1: unable to enumerate USB device
[  713.195172][   T13] wlan1: Creating new IBSS network, BSSID c6:71:e0:94:e0:83
[  713.360030][   T40] audit: type=1326 audit(2000000582.429:200): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17641 comm="syz.1.3186" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf70ee579 code=0x7fc00000
[  713.460749][T17662] binder: 17660:17662 ioctl c0306201 0 returned -14
[  713.994535][T17656] ------------[ cut here ]------------
[  713.996509][T17656] WARNING: CPU: 1 PID: 17656 at mm/shmem.c:1388 shmem_evict_inode+0x8f0/0xbe0
[  713.999626][T17656] Modules linked in:
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  714.001065][T17656] CPU: 1 UID: 0 PID: 17656 Comm: syz.3.3189 Not tainted 6.16.0-rc4-syzkaller-00123-g4c06e63b9203 #0 PREEMPT(full) 
[  714.006491][T17656] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  714.010003][T17656] RIP: 0010:shmem_evict_inode+0x8f0/0xbe0
[  714.011715][T17656] Code: fe e8 04 b7 bd ff 45 85 ff 75 ac e8 ba bb bd ff 48 8b 74 24 28 48 8b 7c 24 30 e8 ab 6b 96 ff e9 e3 fd ff ff e8 a1 bb bd ff 90 <0f> 0b 90 e9 4f f9 ff ff e8 93 bb bd ff 4c 89 e2 48 b8 00 00 00 00
[  714.017579][T17656] RSP: 0018:ffffc90002e979b0 EFLAGS: 00010293
[  714.019398][T17656] RAX: 0000000000000000 RBX: ffff88806f434958 RCX: ffffffff81fdcace
[  714.021841][T17656] RDX: ffff888024342440 RSI: ffffffff81fdd17f RDI: 0000000000000007
[  714.024309][T17656] RBP: ffffc90002e97ad8 R08: 0000000000000007 R09: 0000000000000000
[  714.026723][T17656] R10: 0000000000000008 R11: 0000000000000001 R12: 0000000000000008
[  714.029338][T17656] R13: 0000000000000000 R14: ffff88806f434988 R15: ffff88806f434848
[  714.032178][T17656] FS:  0000000000000000(0000) GS:ffff888097622000(0000) knlGS:0000000000000000
[  714.034967][T17656] CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
[  714.037054][T17656] CR2: 000000002ebf4ff8 CR3: 000000000e382000 CR4: 0000000000352ef0
[  714.039489][T17656] Call Trace:
[  714.040568][T17656]  <TASK>
[  714.041597][T17656]  ? __pfx_shmem_evict_inode+0x10/0x10
[  714.043375][T17656]  ? __pfx_inode_wait_for_writeback+0x10/0x10
[  714.045381][T17656]  ? find_held_lock+0x2b/0x80
[  714.046881][T17656]  ? evict+0x3a2/0x920
[  714.048208][T17656]  ? __pfx_shmem_evict_inode+0x10/0x10
[  714.049978][T17656]  evict+0x3e6/0x920
[  714.051206][T17656]  ? __pfx_evict+0x10/0x10
[  714.052632][T17656]  ? iput+0x519/0x880
[  714.053940][T17656]  iput+0x521/0x880
[  714.055148][T17656]  ? __pfx_generic_delete_inode+0x10/0x10
[  714.056926][T17656]  dentry_unlink_inode+0x29c/0x480
[  714.058495][T17656]  __dentry_kill+0x1d0/0x600
[  714.060031][T17656]  dput.part.0+0x4b1/0x9b0
[  714.061514][T17656]  dput+0x1f/0x30
[  714.062682][T17656]  __fput+0x51c/0xb70
[  714.064020][T17656]  ? _raw_spin_unlock_irq+0x23/0x50
[  714.065640][T17656]  task_work_run+0x14d/0x240
[  714.067086][T17656]  ? __pfx_task_work_run+0x10/0x10
[  714.068670][T17656]  ? do_raw_spin_unlock+0x172/0x230
[  714.070340][T17656]  do_exit+0x86c/0x2bd0
[  714.071723][T17656]  ? __pfx_do_exit+0x10/0x10
[  714.073239][T17656]  ? preempt_schedule_thunk+0x16/0x30
[  714.074926][T17656]  do_group_exit+0xd3/0x2a0
[  714.076380][T17656]  __ia32_sys_exit_group+0x3e/0x50
[  714.078025][T17656]  ia32_sys_call+0xd56/0x1c40
[  714.079499][T17656]  __do_fast_syscall_32+0x7c/0x3a0
[  714.081110][T17656]  do_fast_syscall_32+0x32/0x80
[  714.082655][T17656]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  714.084676][T17656] RIP: 0023:0xf7f93579
[  714.085959][T17656] Code: Unable to access opcode bytes at 0xf7f9354f.
[  714.088010][T17656] RSP: 002b:00000000ff94f07c EFLAGS: 00000282 ORIG_RAX: 00000000000000fc
[  714.090548][T17656] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000000000
[  714.093043][T17656] RDX: 0000000000000000 RSI: 00000000ffffff9c RDI: 00000000f7423ff4
[  714.095444][T17656] RBP: 000000000000002c R08: 0000000000000000 R09: 0000000000000000
[  714.097822][T17656] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000
[  714.100196][T17656] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  714.102598][T17656]  </TASK>
[  714.103651][T17656] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  714.106006][T17656] CPU: 1 UID: 0 PID: 17656 Comm: syz.3.3189 Not tainted 6.16.0-rc4-syzkaller-00123-g4c06e63b9203 #0 PREEMPT(full) 
[  714.109541][T17656] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  714.112738][T17656] Call Trace:
[  714.113805][T17656]  <TASK>
[  714.114714][T17656]  dump_stack_lvl+0x3d/0x1f0
[  714.116127][T17656]  panic+0x71c/0x800
[  714.117347][T17656]  ? __pfx_panic+0x10/0x10
[  714.118716][T17656]  ? show_trace_log_lvl+0x29b/0x3e0
[  714.120294][T17656]  ? check_panic_on_warn+0x1f/0xb0
[  714.121873][T17656]  ? shmem_evict_inode+0x8f0/0xbe0
[  714.123447][T17656]  check_panic_on_warn+0xab/0xb0
[  714.125007][T17656]  __warn+0xf6/0x3c0
[  714.126251][T17656]  ? shmem_evict_inode+0x8f0/0xbe0
[  714.127846][T17656]  report_bug+0x3c3/0x580
[  714.129163][T17656]  ? shmem_evict_inode+0x8f0/0xbe0
[  714.130715][T17656]  handle_bug+0x184/0x210
[  714.132053][T17656]  exc_invalid_op+0x17/0x50
[  714.133493][T17656]  asm_exc_invalid_op+0x1a/0x20
[  714.135038][T17656] RIP: 0010:shmem_evict_inode+0x8f0/0xbe0
[  714.136735][T17656] Code: fe e8 04 b7 bd ff 45 85 ff 75 ac e8 ba bb bd ff 48 8b 74 24 28 48 8b 7c 24 30 e8 ab 6b 96 ff e9 e3 fd ff ff e8 a1 bb bd ff 90 <0f> 0b 90 e9 4f f9 ff ff e8 93 bb bd ff 4c 89 e2 48 b8 00 00 00 00
[  714.142404][T17656] RSP: 0018:ffffc90002e979b0 EFLAGS: 00010293
[  714.144380][T17656] RAX: 0000000000000000 RBX: ffff88806f434958 RCX: ffffffff81fdcace
[  714.146785][T17656] RDX: ffff888024342440 RSI: ffffffff81fdd17f RDI: 0000000000000007
[  714.149190][T17656] RBP: ffffc90002e97ad8 R08: 0000000000000007 R09: 0000000000000000
[  714.151584][T17656] R10: 0000000000000008 R11: 0000000000000001 R12: 0000000000000008
[  714.154019][T17656] R13: 0000000000000000 R14: ffff88806f434988 R15: ffff88806f434848
[  714.156377][T17656]  ? shmem_evict_inode+0x23e/0xbe0
[  714.157947][T17656]  ? shmem_evict_inode+0x8ef/0xbe0
[  714.159510][T17656]  ? __pfx_shmem_evict_inode+0x10/0x10
[  714.161157][T17656]  ? __pfx_inode_wait_for_writeback+0x10/0x10
[  714.163012][T17656]  ? find_held_lock+0x2b/0x80
[  714.164474][T17656]  ? evict+0x3a2/0x920
[  714.165731][T17656]  ? __pfx_shmem_evict_inode+0x10/0x10
[  714.167373][T17656]  evict+0x3e6/0x920
[  714.168563][T17656]  ? __pfx_evict+0x10/0x10
[  714.169967][T17656]  ? iput+0x519/0x880
[  714.171235][T17656]  iput+0x521/0x880
[  714.172420][T17656]  ? __pfx_generic_delete_inode+0x10/0x10
[  714.174170][T17656]  dentry_unlink_inode+0x29c/0x480
[  714.175698][T17656]  __dentry_kill+0x1d0/0x600
[  714.177078][T17656]  dput.part.0+0x4b1/0x9b0
[  714.178464][T17656]  dput+0x1f/0x30
[  714.179600][T17656]  __fput+0x51c/0xb70
[  714.180815][T17656]  ? _raw_spin_unlock_irq+0x23/0x50
[  714.182378][T17656]  task_work_run+0x14d/0x240
[  714.183811][T17656]  ? __pfx_task_work_run+0x10/0x10
[  714.185357][T17656]  ? do_raw_spin_unlock+0x172/0x230
[  714.186943][T17656]  do_exit+0x86c/0x2bd0
[  714.188219][T17656]  ? __pfx_do_exit+0x10/0x10
[  714.189624][T17656]  ? preempt_schedule_thunk+0x16/0x30
[  714.191232][T17656]  do_group_exit+0xd3/0x2a0
[  714.192666][T17656]  __ia32_sys_exit_group+0x3e/0x50
[  714.194257][T17656]  ia32_sys_call+0xd56/0x1c40
[  714.195712][T17656]  __do_fast_syscall_32+0x7c/0x3a0
[  714.197301][T17656]  do_fast_syscall_32+0x32/0x80
[  714.198810][T17656]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  714.200759][T17656] RIP: 0023:0xf7f93579
[  714.202049][T17656] Code: Unable to access opcode bytes at 0xf7f9354f.
[  714.204100][T17656] RSP: 002b:00000000ff94f07c EFLAGS: 00000282 ORIG_RAX: 00000000000000fc
[  714.206660][T17656] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000000000
[  714.209083][T17656] RDX: 0000000000000000 RSI: 00000000ffffff9c RDI: 00000000f7423ff4
[  714.211470][T17656] RBP: 000000000000002c R08: 0000000000000000 R09: 0000000000000000
[  714.213903][T17656] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000
[  714.216315][T17656] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  714.218747][T17656]  </TASK>
[  714.220398][T17656] Kernel Offset: disabled
[  714.221706][T17656] Rebooting in 86400 seconds..

VM DIAGNOSIS:
17:49:06  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000000000 RBX=ffff888027158000 RCX=ffffffff81c35baf RDX=0000000000000000
RSI=ffffffff8de04e18 RDI=ffffffff8c156a60 RBP=0000000000000200 RSP=ffffc900030975d8
R8 =0000000000000000 R9 =0000000000000001 R10=ffffffff90a98557 R11=0000000000000001
R12=ffffc90003097710 R13=ffffea00004ef1f4 R14=ffffea00004ef1c0 R15=0000000000000081
RIP=ffffffff8b8493e4 RFL=00000092 [--S-A--] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff888097522000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000569fc4c0 CR3=0000000024a0e000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000a000000000 0000000200000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000000000020 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff85587775 RDI=ffffffff9b0aaa00 RBP=ffffffff9b0aa9c0 RSP=ffffc90002e97320
R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=0000000000000001
R12=0000000000000000 R13=0000000000000020 R14=ffffffff9b0aa9c0 R15=ffffffff85587710
RIP=ffffffff8558779f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff888097622000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=000000002ebf4ff8 CR3=000000000e382000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 d6dcdbcfce09efde aba6d22c7b5a4d40
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 f4c0c03ba3fd0069 2015361e5bbf7e1e
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 3d762dae1163412d 7b8bd4abb855ced0
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 533f2b0e588d6e9e 64a35c74bd8f2b7f
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000017c0
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000040
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000002ef01b15052 25500000704c0000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 01b14d8701b150ba 01b1677c01b15de7
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000021d30b80000 cf4a00007fb60000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 b9b0000097860000 01b150d454530000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 d3420e6b163ed530 5781b420861a49ef
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 aeedefc4e21f7b0d af36d76dbcae5c78
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 a54ff53a3c6ef372 bb67ae856a09e667
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 5be0cd191f83d9ab 9b05688c510e527f
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 2

CPU#2
RAX=ffffffff913e7cee RBX=ffffffff90ba9ed4 RCX=dffffc0000000000 RDX=0000000000000000
RSI=0000000000000000 RDI=ffffffff90ba9ed4 RBP=ffffffff90ba9ed4 RSP=ffffc9000346f0a0
R8 =ffffffff913e7cf4 R9 =0000000000000000 R10=0000000000000000 R11=0000000000006bbc
R12=ffffffff90ba9ed4 R13=ffffffff816bbceb R14=ffffffff90ba9ed4 R15=ffffffff90ba9ed4
RIP=ffffffff816a7d45 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0000 0000000000000000 ffffffff 00c00000
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff888097722000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000008f000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000ffdfdd4c CR3=000000004bbc9000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 f700585858585858 2e7a7973f73f3ff4
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 f700585858585858
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff 0f0e0d0c0b0a0908
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 3

CPU#3
RAX=dffffc0000000000 RBX=ffffffff812c009a RCX=ffffc90006eaf10c RDX=1ffff92000dd5e40
RSI=ffffffff8de04e18 RDI=ffffffff812c009a RBP=ffffc90006eaf200 RSP=ffffc90006eaf188
R8 =0000000000000001 R9 =0000000000000000 R10=0000000000000000 R11=0000000000006024
R12=ffffffff81a70910 R13=ffffc90006eaf278 R14=0000000000000000 R15=ffff888027562440
RIP=ffffffff8184c0c0 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0000 0000000000000000 ffffffff 00c00000
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff888097822000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000d6000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000000081000000 CR3=0000000023eca000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 be2deecc99c7ecd0 59e80924413ce31c
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 f2c9be7025c3437e 2d2f28151097488a
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 f9972f6f60a1009b 5799dcca2252d616
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 7014a4f2b935ff87 d204240e31b9b464
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000001b40
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000040
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0100000001000000 2a18008001000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 01b16e6401b16e80 01b16eb301000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 e180008001b16e70 0100000095d20080
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 01b16e96a3440080 5eac008001b16e57
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 f623ae3bd5ddfdce 079e7b9678fb0829
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 9ec179bc367bbc33 cd087a0f4c23f513
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 a54ff53a3c6ef372 bb67ae856a09e667
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 5be0cd191f83d9ab 9b05688c510e527f
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000