last executing test programs:

4.006305478s ago: executing program 3 (id=1410):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000006c0)=ANY=[@ANYBLOB="d80100001000330600000000fcdbdf25fe8000000000000000000000000000aaff02000000000000000000000000000100"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fc0100000000000000000000000000000000000032000000200100000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fcffffffffffffff000000000000000000000000040400000000000000000000ffffffff02000000000000004800020065636228636970686572756c6c290000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000000000035000000000000000000"], 0x1d8}}, 0x0)

3.949323114s ago: executing program 3 (id=1411):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x1}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x800}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$inet6(0xa, 0x800000000000002, 0x0)
sendmmsg$inet6(r3, &(0x7f0000006780)=[{{0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)}], 0x1}}], 0x1, 0x0)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000))
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000c00)=ANY=[])
chdir(&(0x7f0000000100)='./file0\x00')
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuset.effective_cpus\x00', 0x275a, 0x0)
pwritev2(r4, &(0x7f0000000980)=[{0x0}, {&(0x7f0000001980)="d8e266371b5a156dd615cef16752ad1da46006beac8c2afe470fda4ab99cbefd1d99a8bd233725239a987587077bf416a7cfa51b1f90320b2b3be3c625ae7a1ceb556334ffdf2aeb3ccb275458c596b17ba4ba1b9065b27d2c5d7f651119daedb16067158ebbb3835ba06546990a9e283378df9dcc41e1f31764da215dd047e02c235e3f0fb673961d3e8fc263c657418e7c5343cfc0388779bab9eba0af8a39635e940a42c857b5dbf0c85abec5bb56dff74ed0ba59c908a7d073fe79f650e0ea161760177e5b0bb98c0e70c8dffd7557afe30962031ecc63b9369ec0e882378a0c11c9f4d393b1bfec24fb155c078f1875f5987fd4220cf4ea1de57fea6bfbe21ed47227add291d38593a6b8472b12f2c241e5772cf9de4c1f7969f6a8f0862978773f3f5b557bd8d744db1970c0145f8df60c7364c46e06f1d19e89fabd5fcc92bf1d5f4583f9823dd68c4e097c8e306779c2ee47edf20b44a3ddcf9fbfe78a133343bf9195e5d2008f29e5c94b7885c817733deec78e744745d39ce3d9d3cbaa60fa5034e5afdcb2061f5c4600f17157826e8b86ac8ab7dffd10a494d60ca78197953abe66c0f94c4b7f678228baa85a9c375cc119cfca5b3447d8d7249db4f85875a5d30c9182ace809fd471311f4ae548088c382d2dbf903480b192511e74ceac914588c9a8c5eee734c523e54d56d72625bf2c50de0c6e14c68ffb9178ad095e11e64db74563b9cb566b9d513d6cfb172737fdbcba17110cf8f6983ee01017cf66dd47a37e0357789cb749e67a21520e8fcab8572826a6490c8bc427155afe3b79421d4cc5a41c72850a25e9241e6b2cb678188d8bcb1b9764e23a05570979e951d03b4c307d9350b307dbd634890d2dfd0ea90ddf5ac4b48c5a4c669112e853aaa62116126e9ce4c4e90f981a370c57f8b834011eabf792ccdd762eb46d48b814db572e856df3455d53a4552b0619c27faec3c921d79b15d984270d91a10702bf21044746f2fa2ce5176005715949524b787c724f55cce45d94427403553ed6437fb599f106abc670f625bb38e3a90ba894ddf0654464a8e22d68ba2b26978b52bb2a7", 0x307}, {0x0}], 0x3, 0x5, 0xa, 0x14)
r5 = socket$packet(0x11, 0x3, 0x300)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r5, 0x8933, &(0x7f0000000080))
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$IPVS_CMD_NEW_DAEMON(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)={0x18, r7, 0x1, 0x4, 0x0, {}, [@IPVS_CMD_ATTR_DAEMON={0x4}]}, 0x18}}, 0x0)
socket$netlink(0x10, 0x3, 0x0)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0xc, &(0x7f0000000100)=@framed={{0x18, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x3}, [@call={0x85, 0x0, 0x0, 0x41}, @printk={@lli, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x3}}]}, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r8, 0x0, 0x2100, 0x0, &(0x7f0000000100), 0x0, 0x1008, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="58000000020601020000000000000000000000000900020073797a31000000000500010007000000050005001ca7792a987f1d3ed10a0000001400078008000b400000000a05000300080000000c000300686173683a69700005000400dfffffff"], 0x58}}, 0x0)

3.062562099s ago: executing program 3 (id=1415):
syz_open_procfs$pagemap(0x0, &(0x7f0000000240))
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
openat$audio(0xffffff9c, 0x0, 0x402, 0x0)
connect$unix(r0, 0x0, 0x0)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32, @ANYBLOB="0000000000000900000010003310", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1f, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000180000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7050000080000a8c5000000a5000000180100002020640500000000002020207b1af8fe00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b300000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3d, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
write$binfmt_script(0xffffffffffffffff, &(0x7f00000000c0), 0xfea7)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x2, 0x8, 0x0, 0x3}, 0x0)
add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, 0x0, 0x0, 0xffffffffffffffff)
getsockopt(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000b3ffac)=""/84, 0x0)
r3 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000002340), 0x40800)
ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r4, 0xc058534f, &(0x7f0000002380)={{0x0, 0x1}, 0x0, 0xfffffffe, 0x2, {0x4, 0x1}, 0x3, 0x800})
ioctl$TUNSETOFFLOAD(r3, 0xc004743e, 0x110e22fff6)
r5 = openat$sequencer2(0xffffff9c, &(0x7f0000000080), 0xc41, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$SNDCTL_SEQ_NRMIDIS(r5, 0x8004510b, &(0x7f00000000c0))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
ioctl$sock_SIOCETHTOOL(r6, 0x89f0, &(0x7f0000000080)={'bridge0\x00', &(0x7f00000001c0)=@ethtool_ringparam={0x9, 0x200, 0x300, 0xffffffff, 0x0, 0x0, 0x0, 0xfffffffe}})
r7 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040), 0x185900, 0x0)
ioctl$IOCTL_STOP_ACCEL_DEV(r7, 0x40046104, &(0x7f0000000240))

2.899485951s ago: executing program 2 (id=1420):
r0 = socket(0x10, 0x3, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x15, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000ae00000095"], &(0x7f0000001b80)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x49, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, @void, @value}, 0x94)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
openat$vnet(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0)
r3 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$SO_RDS_MSG_RXPATH_LATENCY(r3, 0x114, 0xa, &(0x7f0000000400)=ANY=[@ANYBLOB='\x00\x00\x00'], 0x3)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$sndmidi(&(0x7f0000000140), 0x2, 0x141121)
r5 = dup(r4)
write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c)
r6 = userfaultfd(0x80001)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f00000000c0))
setrlimit(0x6, &(0x7f0000000000)={0x0, 0xfffffffffffffffd})
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r7 = socket$netlink(0x10, 0x3, 0xf)
r8 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00', <r9=>0x0})
r10 = openat$cdrom(0xffffff9c, &(0x7f0000000000), 0x2000, 0x0)
ioctl$CDROM_MEDIA_CHANGED(r10, 0x5325, 0x5)
sendmsg$nl_route(r7, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=ANY=[@ANYBLOB="2c00000013004500000000000000000007000000", @ANYRES32=r9, @ANYRES8=r0], 0x2c}}, 0x0)
r11 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$fou(&(0x7f0000000600), 0xffffffffffffffff)
sendmsg$FOU_CMD_GET(r11, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000004c0)=ANY=[@ANYBLOB="1c80010101e5406eca9a98a5f2080000007255e2433cce9744536f8d7b26e30000000000eaffffff00000000", @ANYRESOCT=r9, @ANYRESHEX=r2, @ANYRESOCT=r1, @ANYBLOB="dbe633b51eb57523bb10da2a69f93968d66239ab7a0964fdde31bbd7659fb336a99d3263d49b2647d4d17d8a5f65098a3ccd042097c4ceb56025827911d1791a65480d7ff7819bcaa60fcfbb3ba6439b50b7093531edc2db357d52677bf4e1abc5d959535cad4e3374c47c83795fb14e87fd"], 0x1c}, 0x1, 0x0, 0x0, 0x20002801}, 0x800)
ioctl$UFFDIO_REGISTER(r6, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x1})
r12 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r12, &(0x7f0000000080)={0x2, 0x4e21, @multicast2}, 0x10)
connect$inet(r12, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
sendto$inet(r12, &(0x7f0000000000), 0xffffffffffffff94, 0x1000000, 0x0, 0x0)
recvfrom$inet(r12, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x720, 0x0, 0xfffffffffffffd25)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)

2.799931609s ago: executing program 0 (id=1422):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r1, &(0x7f0000000080)={0x18, 0x0, {0x4, @broadcast, 'veth0\x00'}}, 0x1e)
ioctl$PPPOEIOCSFWD(r1, 0x4008b100, 0x0)
ioctl$BTRFS_IOC_QGROUP_LIMIT(r0, 0x8030942b, &(0x7f0000000000)={0x8001, {0x11, 0x4, 0x5, 0x10000, 0x2}})
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000740)={'wlan1\x00'})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r4=>0x0})
socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="600000000206030300000000000000000000000005000100070000000900020073797a310000000014000780050015000c000000080012400000000013000300686173683a6e65742c696661636500000500050002000000050004"], 0x60}}, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_REGISTER_FRAME(r6, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000040)={0x28, r3, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_FRAME_MATCH={0x4}, @NL80211_ATTR_FRAME_TYPE={0x6, 0x65, 0x40}]}, 0x28}}, 0x0)

2.798841484s ago: executing program 0 (id=1423):
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x400, 0x0)
socket$alg(0x26, 0x5, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x3, 0x3, &(0x7f0000000400)=ANY=[@ANYBLOB="18000000040000000000e0ffffffffa2cf20c6c4fb61923ff27cde7764000000950000000000000039c7de39d6d4221d11f3354d5bb7f713606a13493a09e6b2bb8ec2ebb213e5f6eb09874d44212e4166c1294c029403f4fcfe4f3ceaf4376f4335fe7f8f8959c7120a59ab7ce53bab517d0cae0e2a026d0ac3dc7f6d4516291d73331c69a6d25c0d0f2c76c6e4a2e45116d9d6a8f60ca07181cee3524828181c1b411132428d93e64a4d776afcdd7e4b92e8241388cf9413662092d4cb29eabb78d4413dcff037323c86fb44053a0f756b1622d7e431dbb2aea6a0cee7ecbbc5548c9127bc8eb2d50c185819f149357b2912f80b3809b7627bb2106d73440484141b2dafd801182a793ce818df57d0d9c9225abfb13f525c9314f3ce022f5b424785c811f0f1"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x26, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x9, 0x0, 0x100000, {}, [{0x90, 0x1, [@m_ct={0x44, 0x19, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9, 0x11e41e7a, 0x5, 0xfffffffe, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x4}}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0xb058}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = syz_io_uring_setup(0x110, &(0x7f0000000140)={0x0, 0xf2fe, 0x100, 0x1, 0x250}, &(0x7f0000000000)=<r4=>0x0, &(0x7f0000000040)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000280)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
syz_io_uring_submit(r4, r5, &(0x7f00000004c0)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r6, 0x0, 0x0, 0x0, 0x10102, 0x1})
io_uring_enter(r3, 0x305, 0x0, 0x4, 0x0, 0x0) (fail_nth: 3)

2.290862923s ago: executing program 1 (id=1424):
munmap(&(0x7f0000002000/0x1000)=nil, 0x1000)
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='schedstat\x00')
read$FUSE(r0, &(0x7f0000000300)={0x2020}, 0x2020)
sendto$inet6(0xffffffffffffffff, &(0x7f0000000000)='s', 0x10a73, 0x800, 0x0, 0x4b6ae4f95a5de35b)

2.219956965s ago: executing program 1 (id=1425):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c00028005000100000000000800074000000001"], 0x64}}, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=ANY=[@ANYBLOB="5c00000000010104000000000000000002001000240002801400018008000100e000000108000200e00000010c00028005000100000000001c0010800800014000000000d97405010000000008000240000000000800", @ANYRES64=r0], 0x5c}, 0x1, 0x0, 0x0, 0x4000}, 0x4000)
futex(0x0, 0x85, 0x0, 0x0, 0x0, 0xa0090199)
mount(&(0x7f0000000080)=@sg0, &(0x7f0000000180)='./cgroup\x00', &(0x7f0000000040)='ext4\x00', 0x1800000, 0x0) (async)
mount(&(0x7f0000000080)=@sg0, &(0x7f0000000180)='./cgroup\x00', &(0x7f0000000040)='ext4\x00', 0x1800000, 0x0)

2.219692087s ago: executing program 1 (id=1426):
socket$inet6(0xa, 0x800, 0x5)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
socket$inet6(0xa, 0x6, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_open_dev$ttys(0xc, 0x2, 0x1)
r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/sys/net/ipv4/vs/sync_qlen_max\x00', 0x2, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xfffffffe)
socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000080), 0x84080, 0x0)
ioctl$SNAPSHOT_GET_IMAGE_SIZE(r1, 0x8008330e, 0x0)
prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000c37000/0x3000)=nil, 0x3000, &(0x7f0000000040)='%((@\x00')
socket$packet(0x11, 0x3, 0x300)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
syz_open_dev$usbfs(0x0, 0x3, 0x5a8c0)
fsopen(&(0x7f0000000040)='zonefs\x00', 0x1)
r4 = dup(r3)
write$6lowpan_enable(r4, &(0x7f0000000000)='0', 0xfffffd2c)
write$bt_hci(r4, &(0x7f0000000100)=ANY=[@ANYBLOB="010c9c41ffffff93e3d46a8fa44e26986c159cb44effffff"], 0xa)
setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r2, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
keyctl$instantiate(0xc, 0x0, 0x0, 0x0, 0x0)
keyctl$instantiate(0xc, 0x0, 0x0, 0x0, 0xffffffffffffffff)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0xfffff000)
mbind(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x200006, 0x0)
read$msr(r0, &(0x7f0000000400)=""/240, 0xf0)

2.039167275s ago: executing program 2 (id=1427):
r0 = syz_open_dev$vim2m(&(0x7f0000000040), 0x7, 0x2)
setsockopt$MISDN_TIME_STAMP(0xffffffffffffffff, 0x0, 0x1, &(0x7f0000000000)=0x1, 0x4)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000005"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008000000b70300000000080085"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000300)={r2, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000280)="b9ff03076804268c989e14f088a8", 0x0, 0x1, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)
prctl$PR_MCE_KILL(0x21, 0x1, 0x3)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000740)=@newlink={0x48, 0x10, 0x439, 0x70bd2a, 0x0, {0x0, 0x0, 0xe403, 0x0, 0x3, 0x610c3}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @sit={{0x8}, {0x1c, 0x2, 0x0, 0x1, [@IFLA_IPTUN_REMOTE={0x8, 0x3, @remote}, @IFLA_IPTUN_6RD_RELAY_PREFIX={0x8}, @IFLA_IPTUN_6RD_RELAY_PREFIX={0x8, 0xc, 0xee}]}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x8000}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f00000001c0)={'batadv0\x00', <r4=>0x0})
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x8, &(0x7f0000005580)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd1200000000000085000000d0000000b70000000000000095000000000000003fba6a7d36d9b18ed812a2e2c49e8020a6f4e0e4a9446ca2b5f1cc1a100a9af698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f010c5077da80fb982c1e9400c603146cea484a415b76966118b64f751a0f241b072e90080008002d75593a280000c93e64c227c95aa0b784625704f07a72c2918451ebdcf4cef7f9606056fe5c34664c0af9360a1f7a5e6b607130c89f18c0c1089d8b85880000c29c48b45ef4adf634be763288d01aa27ae8b09e13e79ab20b0b8ed8fb7a68af2ad0000000000000006f803c6468082089b302d7bff8f06f7f918d65eae391cb41336023cdcedb5e0125ebbcebddcf10cb2364149215108355ee570f8078be5cab389cd65e7133719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad23000000803a90bce6dc3a13871765df961c2ed3b1006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f40cfd7c3a1d37a6ab87b1586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9f081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d60532be9c4d2ec7c32f2095e63c8cdc28f74d043ed8dba2f23b01a9aeb980aff9fa3a64709270c701db801f44cf945b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142bdda5e6c5d50b83bae616b5054d1e7c13b1355d6f4a8245eaa4997da9c77af4c0ebe097fca585ec6bf58351d599e9b61e8caab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a41326eea31ae4e0f75057df3c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57010000009700ce0b4b8bc22941330000000000000000000300000000000000000000000010008bc0d955f2a83366b99711e6e8861c46495ba585a4b2d02edc3e28dd279a896249ed85b9806f0b6c4a000000002b43dcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffff7f00000000df73be83bb7d5ad883ef3b7cda42013d53046da21b40216e14ba2d6af8656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff72943327d830689da6b53ffffffff631c7771429d1200000033ed846197fcff5e1c7c3d1d6e3a52872baef9753fffffffffffffe09fec2271fe010cd7bb2366fde4a59429738fcc917a57f94f6c453cea623cc5ee0c2a5ff870ce5dfd3467decb05cfd9fcd41df54cdbd9d10a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce978275d5bc8955778567bc79e13b78249788f11f708008b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe7d7fa29822a0269a660e717a04becff0f7191070000000000002ea37e927123d8ecbbc55bf404571be54c72d978cf2804107f0238abccd32368e57040906df0042e19000000000000002c06f815312e086dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef44cd1fe582786105c7df8be4877084d4173731efe895efc71f665c4d75cf2458e35d2c9062ece84c99e061887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb2b5e518a75f9e7d7ae22e16c6c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad055e4af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457ac0eaaa99bf0bdc14ae358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df9b3fdf242b985bf16b99c9cc0ad1857036f1a985f369191ae954febb3df464bfe0f773ee9afe72f32a2befb89d3777399f5874c553a2ebe9061fe86e669642e09bb6d163118e4cbe024fd452277c3887d6116c6cc9d8046c216c1f8a9778cb26e22a2a998de5eaeadea2a40da8daccf080842a486721737390cbf3a74cb2003efb9a101b51ab63e9600040000b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde6e4a4304e50c349f4f9ecee27defd83871c5191e10096e7e60fc3541a2c905a1a95e9571bf38aebd15172f94e3245c582909e2a3bce109b6000000000000000000d6d5210d7560eb92d6a97a27602b81f7636df1535bef1497f90100000000000000abf9010000007740890200d627e87306703be8672dc84eeadba6a41891c170d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e7a45319f18101288a0268893373750d10a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7ef8c08acaf30235b920500d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69b93e9960ff5f76062adae283d9756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff85000000000000c1fee30a3f7a85ecb29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546bba3d005585bf07d70e2505bc7f41019645466a31c72ad53bc19faa5401120000793ac48c1b539c75ab40743b00020000a1f68df75cf43f8ecc8d3726602111b40e761fd210a1920382f14d12ca3c3431ee97471c781d0d1280fb00818654a53b6df4b2c97cc1c98d85fda8f80fe908b65550b441233151122b41a8d73062197655b7f0469250a5989cef0e10773920ed3ccee42d2c3eb80159da5c002511e6eb93842054cfce2ac306cb6e472db3fd67a49b6855a694a8d359add43907003223a47a7fae4f3748d5a432825bc40a03aaef1c8488d86dc211dd2a3ba71e0f45492ef1f8b65ccb3dcd251a61b152d02c29ca0a3328fa7753a5cddea1acaae55ae8263fb284b7a6ab2a8826c1b948207c498cf4824ab1ea3225c380fac12f8205d182f8999e0311da5b8378bc841e1787e3a8128dda381a26cb2b365702ff8a27831375b2ddaa2f56e21169f7ca4fd9655ccd4a584acd244e965a0afedaff7c415ff682a4044b3381cc2df28278c9a6824c52048a7cfabda294925cc0956bffa8e950ff5e49f41ae600d830207bf728cd9807933c3c16d80bbea611a18becc2dc38ca0a6f5740f340b76edcd1f539bd43007231dcef58c7b88b5aeedaf9626cb51ce1737c10ab37d4f98a934b0f900e0eb639878a1200629f5503cf679154d27681d7a3744cbcd42af59407c9c8e39c5271868917954e604352ba26171d004f1cb2976fab3fa19c7d3ef9678bff79f5155524f061378f94fb453786c3a6f78b10d383b49e31d1568bd43ee34ce6e6be235aa6207285665c2fba773671da41959f51610963b48930658e2d6125a26085001345b0473240b7e5e91811312c43663e76f711d7219ecdec75c7ea1cf0f8f8fff40247d59bbde2ebb8659197e0f37a71be1b12a182ed7de3acba28561a04b807f7a4647e2ea6d8fb92541d07c3d5e4ba077d3cad9f8ba1919592014c00c8eccb2ca5d48ba7b1c3fb185a4bb79700cf51f818b0c701c8de47d12281a67bdaf4b0c50bee9e8f5936250df2e15c1172e7ea6619f7db330700d1e9e42a035e6fd532f61fbfed9c4a7124a1e38eee50a6bbcd1d4e3f68c3f27dd9a70f1a7c6046237ddfb0b26e197322226367d998010458cd4df10af249ce717f6f45e5176e0ddae3054d7289d4e13ab0912703ee39ce264572b89194fdf7acecc35cf8309d4b680a08eed367dad855fce210f1a7c7222dd360eafb4bef7d58bf83362930af6e3f3f851abdc0003bdf9401b533019e90feb069189100007a82df8d9b5f44ebf9355e7b1b01c9470608d4f306d21004730396a4d6c6d46e1ffac97aa93c36123532a36186575266be4981c847160079421d0137801e553069f8d025c40f287378810defc7f2ed4e15f6af17b21153394f8bcfa6a23a77c8d61c9bbc127a57b8d631f36558d9093dee08bc53d97a8003363421738650a26c8fd87b13026799caf58e59951b125e7f161ca34e2c0dd65a23d01a3cb191e743de07247c7f993cf01166fa2ac1ba02f60550e63a7f50422e478c6b5d87f9bd0567a279a9d85a380db25c43bd0529ad783b9d64aaac1b793afb44b7126e17d2b7c0d6be650de7eeef3f3605af344015d03c3e7819145cb9fe1978c98bf9cf10773db59505ae33708c728844c872dfd2cb0b29754f928c59306ce105ca18cb72f0944d0e4fea0a0abd0285bdaf1b000000c089d640c2facb0d1e6243873ac4b1e1068c45c715b68effb7d58d1f9e726dbf6bd910ca4ce0e075658ede42192cf393a50dcc197b03402fed75083628e5dd38213d353b9049e71f037064b05e73ec00c710f1ffc5737d397d555d1cf8859cc05fea8dc3c6a5b3b6fa1c81707479db1833d593a271253aa11efdb36b74784f2fc286814848e92d8ee541bc179813297a0a4cc3c8f80c28701185bea091f32475e859479b734727afc110e1abcff460172fd1b42e3c0e2a4bf94a060069000010000087c7572a1e7596f89e5c3d5e70640c90815f77b7b13d0000000085a1e1e84900000000000000000000000000b422fc160a458ee5a91a2471e6e56fdabec6c73ce8983fc68f0b7cdcdde632e6f54a07620e8aa116ce9e84fc3cd5e8288a333dcebb233da9186796995ba69487d8f77d2f8800f02d690fc70a08b231cad1bdcf3740a95d4dd1cfe0f417f275493cf33b19ffff93dfdaf7eb00b8ad87cdf7c21bab5af8e2bac54ee5597e6508c1158124a538c36f9bb11fea7d8b8c7e954b1bc7811654a6636b33f271d0923e9ecd1b724b8feffadfc23c07000000f0785fb722f346d6a5dffe1884d4d0cd8f00000092c85ed44db68ab800000000000000406e6ed9b219ad07125381087298e75965d1cc5932ddf9e66351ba332a34bee3e3d562c914c629933f0b8724cf680889ade72558d191d96ee1b84bb64b14aebc6b5194c55dd6890c69a718f9018586c5131c8dc8e0379bafda1a0fd2997ff115215ce23dca8db7236c1554cdaaadcce2f31834c1bd1908d8e1b361034db56bd86acb7654a195bc3e98df3a5dffd5b07838a3ef7da3433110e37f7c7cb7f3800de7f99abf910d6949e062747a9c87dcfcc716d6a9c0ec53b9cffe3cfd1df69a76f373d7f997edb9b80bdea1a99c2a6fbb25e035deadaadd7917ebfedd6304a19491769476208684e343f86b4d55a7dbbb07283cb1e35a139d24ebc5b4f8e35a82d3a7f84cb1e02a5a92b53567088be0b1ca023ccd518c0e0715b1c8760801a419ebd2e26440ff7493019bdb655cc88d72d6d7b6bca5a2e19b63ec52fcc49a729f11ab377f7132c543d29646a9378eea0761b7ed9d2172e33ed87c6513c843b180cc00000000006bedf2ed716ca43a941119b96d82b26d9061de240d85ec2cfa462bd52104489bb7a7548d7cc53627031e909c69cb824233975a1ea645de63522407c3a240a37e946f30ebf075ea97846a0a8d2286f3f446b1b99ab83a12ddf8a1c06294eadc3eb3e339591afd5c00000000000000000000000000000000000000000000000000579dad8347a3d16976bb7483840b32db0158fb6c809349333325a7866ca5d3133e33ef1a183cefdb65a79fa71800988c8445029e024822dbcfcab49c3a0aec9bd43e6e14078b260700d849a2aa14c9b593f6dcb1de334c065ecfd65031606e55949c185bcda9fde4f9b46a76b8a24bbcd31b22373eb0473248150cd179405ee1af1183b0c0ce3483dc1d9bf732b0751b78fb211d6706b55960c6431afbc02b3c7e08086573939290bb9e590a3875f02a828bf209d0ed9829dec16ab67a4f59a504e09f55ab82bbd405087a17a229a149c53ee9145500db213cb36489a10957739e481a756e65bde579bbbfb404213f661eeaaffacbcfbf"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000000)={@map=r5, r6, 0x2f, 0x2038, 0x4, @void, @void, @value=0xffffffffffffffff}, 0x20)
r7 = openat$dlm_control(0xffffff9c, &(0x7f0000000300), 0x787301, 0x0)
r8 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r8, 0xc1105517, &(0x7f0000000300)={{0x0, 0x0, 0x0, 0x0, 'syz1\x00'}, 0x3, 0x0, 0x20, 0x0, 0x1, 0x0, 'syz0\x00', &(0x7f0000000080)=['']})
linkat(r5, &(0x7f00000002c0)='./file0\x00', r7, &(0x7f0000000340)='./file0\x00', 0x1200)
sendmsg$nl_route_sched(r3, &(0x7f0000000280)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)=@getchain={0x34, 0x66, 0x316, 0x70bd2d, 0x25dfdbfd, {0x0, 0x0, 0x0, r4, {0x2, 0x1ffdc}, {0xf, 0xf}, {0xe}}, [{0x8, 0xb, 0x6}, {0x8, 0xb, 0x3}]}, 0x34}, 0x1, 0x0, 0x0, 0x40}, 0x20000000)
ioctl$vim2m_VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f0000000080)={0x0, @vbi={0x0, 0x1fd, 0xfffffffc, 0x4745504d, [0x7], [], 0x1}})

1.959475245s ago: executing program 3 (id=1428):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x1}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x800}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$inet6(0xa, 0x800000000000002, 0x0)
sendmmsg$inet6(r3, &(0x7f0000006780)=[{{0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)}], 0x1}}], 0x1, 0x0)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000))
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000c00)=ANY=[])
chdir(&(0x7f0000000100)='./file0\x00')
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuset.effective_cpus\x00', 0x275a, 0x0)
pwritev2(r4, &(0x7f0000000980)=[{0x0}, {&(0x7f0000001980)="d8e266371b5a156dd615cef16752ad1da46006beac8c2afe470fda4ab99cbefd1d99a8bd233725239a987587077bf416a7cfa51b1f90320b2b3be3c625ae7a1ceb556334ffdf2aeb3ccb275458c596b17ba4ba1b9065b27d2c5d7f651119daedb16067158ebbb3835ba06546990a9e283378df9dcc41e1f31764da215dd047e02c235e3f0fb673961d3e8fc263c657418e7c5343cfc0388779bab9eba0af8a39635e940a42c857b5dbf0c85abec5bb56dff74ed0ba59c908a7d073fe79f650e0ea161760177e5b0bb98c0e70c8dffd7557afe30962031ecc63b9369ec0e882378a0c11c9f4d393b1bfec24fb155c078f1875f5987fd4220cf4ea1de57fea6bfbe21ed47227add291d38593a6b8472b12f2c241e5772cf9de4c1f7969f6a8f0862978773f3f5b557bd8d744db1970c0145f8df60c7364c46e06f1d19e89fabd5fcc92bf1d5f4583f9823dd68c4e097c8e306779c2ee47edf20b44a3ddcf9fbfe78a133343bf9195e5d2008f29e5c94b7885c817733deec78e744745d39ce3d9d3cbaa60fa5034e5afdcb2061f5c4600f17157826e8b86ac8ab7dffd10a494d60ca78197953abe66c0f94c4b7f678228baa85a9c375cc119cfca5b3447d8d7249db4f85875a5d30c9182ace809fd471311f4ae548088c382d2dbf903480b192511e74ceac914588c9a8c5eee734c523e54d56d72625bf2c50de0c6e14c68ffb9178ad095e11e64db74563b9cb566b9d513d6cfb172737fdbcba17110cf8f6983ee01017cf66dd47a37e0357789cb749e67a21520e8fcab8572826a6490c8bc427155afe3b79421d4cc5a41c72850a25e9241e6b2cb678188d8bcb1b9764e23a05570979e951d03b4c307d9350b307dbd634890d2dfd0ea90ddf5ac4b48c5a4c669112e853aaa62116126e9ce4c4e90f981a370c57f8b834011eabf792ccdd762eb46d48b814db572e856df3455d53a4552b0619c27faec3c921d79b15d984270d91a10702bf21044746f2fa2ce5176005715949524b787c724f55cce45d94427403553ed6437fb599f106abc670f625bb38e3a90ba894ddf0654464a8e22d68ba2b26978b52bb2a7", 0x307}, {0x0}], 0x3, 0x5, 0xa, 0x14)
r5 = socket$packet(0x11, 0x3, 0x300)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r5, 0x8933, &(0x7f0000000080))
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$IPVS_CMD_NEW_DAEMON(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)={0x18, r7, 0x1, 0x4, 0x0, {}, [@IPVS_CMD_ATTR_DAEMON={0x4}]}, 0x18}}, 0x0)
socket$netlink(0x10, 0x3, 0x0)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0xc, &(0x7f0000000100)=@framed={{0x18, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x3}, [@call={0x85, 0x0, 0x0, 0x41}, @printk={@lli, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x3}}]}, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r8, 0x0, 0x2100, 0x0, &(0x7f0000000100), 0x0, 0x1008, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="58000000020601020000000000000000000000000900020073797a31000000000500010007000000050005001ca7792a987f1d3ed10a0000001400078008000b400000000a05000300080000000c000300686173683a69700005000400dfffffff"], 0x58}}, 0x0)

1.839570428s ago: executing program 2 (id=1429):
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000300)="2e00000010008188040f80ec59acbc0413a181000b00000000010000000000000e000a000f000000028002002d1f", 0x2e}], 0x1}, 0x0)

1.839265358s ago: executing program 0 (id=1430):
ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, &(0x7f0000000280)={<r0=>0xffffffffffffffff, 0xfffffffffffffff8, 0x0, 0x1})
r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r0, r1, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0xa, &(0x7f00000000c0)=[@dstype3={0x7, 0xf}], 0x1)
socket$inet_sctp(0x2, 0x800000000000001, 0x84)
syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="ffffffffffffbbbbbbbbbbbb0800450000580068000100019078ac1e8001ac1414aa05009078e00000024f15000600670003f4290004ac1414bb7f000001019404010094088abf5041c5fd44107e30000001000000000900000007440873e000000054000000"], 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r3 = dup(r2)
write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c)
openat$vim2m(0xffffff9c, &(0x7f0000000200), 0x2, 0x0)
r4 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
setsockopt$rose(r4, 0x104, 0x1, &(0x7f0000000000), 0x4)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1})
io_uring_enter(0xffffffffffffffff, 0x708, 0xafef, 0x0, 0x0, 0x0)
r5 = socket(0x40000000015, 0x5, 0x0)
r6 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
unshare(0x22020600)
move_mount(r6, 0x0, r6, 0x0, 0x256)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ipvs(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$IPVS_CMD_GET_DAEMON(r5, &(0x7f0000000100)={0x0, 0x32, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x20000090}, 0x24004840)
socket$nl_route(0x10, 0x3, 0x0)
write$binfmt_script(r3, 0x0, 0x0)
ioctl$LOOP_CONFIGURE(0xffffffffffffffff, 0x4c0a, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB], 0x1a)

1.839095912s ago: executing program 2 (id=1431):
setuid(0xee01)
r0 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r0, &(0x7f0000000140)={0x28, 0x0, 0x0, @host}, 0x10)
bind$vsock_stream(r0, &(0x7f00000001c0)={0x28, 0x0, 0x2710, @host}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{0xffffffffffffffff, <r1=>0xffffffffffffffff}, &(0x7f0000000040), &(0x7f0000000080)}, 0x1c)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x21, &(0x7f00000004c0)=@ringbuf={{}, {}, {}, [@ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x1}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)

1.769482819s ago: executing program 2 (id=1432):
syz_emit_vhci(&(0x7f0000000580)=ANY=[@ANYBLOB], 0xf2) (async)
syz_create_resource$binfmt(&(0x7f0000000040)='./file1\x00') (async)
r0 = socket(0x2a, 0x1, 0x1)
syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0) (async)
r1 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYRESHEX=r0], &(0x7f0000003ff6)='GPL\x00', 0xffffffff, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, &(0x7f00000002c0)=[{&(0x7f00000016c0)=""/4126, 0x101e}], 0x1) (async)
move_pages(0x0, 0x2064, &(0x7f0000000040)=[&(0x7f0000ff9000/0x2000)=nil], &(0x7f0000001180), &(0x7f0000000000), 0x0) (async)
syz_init_net_socket$ax25(0x3, 0x3, 0x1)
r2 = syz_open_procfs$namespace(0x0, &(0x7f0000000440)='ns/mnt\x00')
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000480)={@cgroup=r2, 0x11, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0x0, 0x0, 0x0}, 0x40) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async)
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x4, 0x1000085}, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) (async)
sched_setscheduler(0x0, 0x1, &(0x7f0000000180)=0x2)
mmap(&(0x7f0000ff9000/0x1000)=nil, 0x1000, 0x0, 0x80010, 0xffffffffffffffff, 0x11b68000) (async)
sched_setaffinity(0x0, 0x8, &(0x7f0000000340)) (async)
read$msr(r3, &(0x7f0000019680)=""/102384, 0x18ff0) (async)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0xb, 0x7ffc0002}]})
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a5"], &(0x7f0000000000)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x71ba, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000140)='mmap_lock_acquire_returned\x00', r4}, 0x10) (async)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3000002, 0x5d031, 0xffffffffffffffff, 0x0)
remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0) (async)
dup2(0xffffffffffffffff, 0xffffffffffffffff)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x2, 0xe, &(0x7f0000000200)=ANY=[@ANYBLOB="b70000001a000000bca30000000000002403000020feffff620af0fff8ffffff71a4f2ff000000001f030000000000002e100200000000002604fdffff02000014010000030000001d130000000000007a0a00fe0000001f0f14000000000000b503f7fff80000009500000000000000033bc065b78111c6dfa041b63af4a3912435f1a864a7aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168e5181554a090f300020000fe275daf51efd601b6bf01c8e8b1b526375ee4dd6fcd82e4fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e65440000000000000000028610643a98d9ec21ead2ed51b104d4d91af25b845b9f7d08d123deda88c658d42ecbf28bf7076c15b463bebc72f526dd70252e79166d858fcd0e06dd31af9612fa402d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff61623604000000000000006a89adaf17b0a6041bdeebdfd1f5089048ddff6da40f9411fe7226a40409d6e37c4f46756d31cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564163427afea62d84f3a10076443d643649393bf52d2105bd901128c7e0ec82701c8204a1deeed4155617572652d950ad31928b0b036dc2869f478341d02d0f5ad94b081fcd507acb4b9c67382f13d000000225d85ae49cee383dc5049076b98fb6853ab39a21514da60d2ae20cfb91d6a49964757cdf538f9ce2bdbb9893a5de817101a3062cd54f9ff51d355d84ce97bb0c6b6a595e487a2cc47c0efbb2d71cde2c10f0bc6980fe78683ac5c0c31032599dd273863be9261eee52216d009f4c52048ef8c126aeef5f510a8f1aded94a129e4aec6e8d9ab06faffc3a15d91c2ea3e2e04cfe031b287539d0540059fe6c7fe7cd8697502c7596566d674e425da5e7f009602a9f61d3804b3e0a1053abdc31282dfb15eb6841bb64a1b3045024a982f3c48153baae244e7bf573eac34b781337ad5905c6bbf1137548c7f1a4cad2422ee965a38f7defbd2960242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a90144022a579dfc0229cc0dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc48899b212c55318294270a1ad10c80fef7c24d47afcc829ba0f85da6d888f18ea40ab959f6074ab2a40d85d1501783a7ab540b8d7b4ead35a385e0b4a26b702396df7e0c1e02b88c114f244a9bf93f04bf072f0861f5c0b000000000000eedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba3401e6a52acb11883ad2a3b1832371fe5bc621426d1ed01b389708165b9cdbae2ed9dc7358f0ebadde0b727f27feeb7464dcd857ab15e355713767c536cbae2f5c7d951680f6f2f9a6a8346962a350845ffa0d82884f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010ae20e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a532869d701723fedcbada1ee7baa19faf67256b56a41fd355b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ced301efeb6dc5f6a9037d2283c42efc54fa84323afc4c10eff462c8843187f1dd48ef0981000000000000ff0f40b1888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538c6ee6ba65893ff1f908ba7554ba583ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738612e4fee18a22da19fc08001011e32f80fb60e14b9eee094277bbc170882c8890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f62e3f753b639a924599c1f69219927ea5301fff0a6063d427180d61542c2571f983e96635600000554f327a3535e7c7542799493c31ac05a7b57f03ca91a01ba2a30ca99e969d6fd09dc28ebc15edb4d91675767999d146aef7799738b292fd64bb25b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a794963342aece449a0d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b6ef9d12096833d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e1661261173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec035d232f89fe0120f64c62e8e3ed8bcb45202c204bbec8d722824c0ebca8db1ea4a05e41f6016ab5bbe4fe7ff5d785d0128171c90d9900ca2532b0f9d01c4b45294fbba468df3e1b393cb4e62e753b4172ba7ac1f2b51c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd849904568916694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a881192292ffff5392ab3d1311b82432662806add87047f601fa888400000000000000000000000000006acc19808d7cf29bc974b0ea92499a41b9b9a7c2bca311a28ee4952f2d325a56397c78f12205db653a536f9f3322405d1efd78e578dc6b3fb84f3738a4b6caa800000087efa51c5d95ecba4e50e529d1e8c89600e809dc3d0a2f65579e23457949a50f2d0455cf79a43746979f99f6a1527f004f1e37a3926937e84fb478199dc1020f4beb98b8074bf7df8b5e783637da740800000000000000c55a4385e9a617aa6c8e10d4202c5afeb06e2f9115558ea12f92d7ae633d44086b3f03b20d546fa66a72e38207c9d20035abc46271a30f1240de52536941242d23896ab74a3c6670fdc49c14f34fc4eadd6db8d80eba439772bf60a1db18c472dafc5569adc282928d2a1ffe29f1a57d3f18f4edaeb5d37918e6fddcd821da67a0785585a4443440dc65600e64a6a2740000000000000000000000000000000000000000000a0009dd14b38f2f4426d7cf5075047c31f6ce6adddfe3ac649c0643c8bfbeb14ba1fd7a485aa893915cf81e29aaf375e904bbe52691a4100260ffcd8f1d04166d291ebcef893e1b9ccb6797d0646fe0e7274434f28efb43e06e64f0698caca42f4e6018a455736c482a017e2b13dac4a90faa109f0e87cc94e3efb649692456463ca74aa6ad4bf50c1acb0000000000000005375e528285544d0064b98646f3109e9a4942ce42c6e7ec84b664f6c2770803f10baa804a707f0a1fcbfc309381aeba191950bae71f37f1eb7ceeffb3c0547ac6571603adbfde4c8b5f8d7f4b854441613633b48865b65bdc415e1e0dcf672d68cf4cebf04f4bc1eebf560a26d34d3757b1450fdb0a9a69f432e277f3a0386eb2bd3305c821c64757f786b79fef54dbe64c67d73934bc80b2133fb3c04cc7ea48bf97a6243c9f95dcbddecf45f008f1822c7868e1ff5a3cff5d6b6898335792749df7b1f51e91f8c1c3b1b93b33aaa3fab69cef08a9f6f6cf39dea3d878b2ed42545421970cc426e644332bc956d1c6adefdf0ede2c5c94aa632646ae225accdf031f611d01622921f1b922a5ac887cca3136133dce8d9f5f4da7bed2ea5d94362200000000000000000000f296b0c1484e5f781ad26bff696b05ff0a5e2270e07618b04273bd4075ea38ab463bfa6a38e7c537498ba3e4df8dfc9e040000003c3ffad44d2a376def42e41e9fc31678257e040fa7cf32c221aaac08000000000000001a00000000000000000000173570f0c11ae694b0f7a4f9c2f6790044a357e785af6e153d5f1ea460af92c7cbbd6295afe740f5e154346d483e0d641ef02e4d5295d756e110522a7a945b93fb705b95b6aae27a8fb33732ce1da1c0b1af8eb9222a06e984ab1e6984c8bdc12360627137ab67b6b68ab08acb29a74dc36b51209cfbc87f61182bbeb2772e9d5a1ffc477179be481efe46a4ce86be0b1d8eee42a611a3d44ca450b14586ed63dd92005c79e4a8ab8a94f0c6cb4bed8594a39bd76d3ef8a7ab014e787596db796bd93a36c2880423291e3bccc86f66ba792ff4d87b3f80e5908779e51c5e9055fc5b23605cd000c723187ef09dcf4b07b06a9342f3f62ee7acddff292082c1f4d8eb9561f80873a09a1ae0c9af1121175e5600f43a1179484502009759264a5729f07c2b218fa36ba2316a99aaad0130df83d0bda1e711290f78c143ea143967b00adcd77e6ad5e48d839ea61aadb83e4d071c54691924a3830d3e7b5c198bb0ed623153590000000000000000004b985ea1702f34f2f85b168c083e810ed567e3f1979b9ed1a4bf6a10dac825c96a0828b335de445a4880bb6474157efd1a72ca46ae4cbe3ab648c9bc4867a5a4cb87d7d6d55475b34b3cb6aa9e2337d4e04a37e35109752522ac9b186ddd80c47da6a2f4ef7bb909c975520000000000000000000000219cf5c1376ab33786f6b856d354e90a2733f78f2d188057cead3480eade49d55b770fad7fa000d23da6275768810b6b2df91d3a991ea98d929d271696c258d5b735d5db11df434e7dd1b7c1ca05cea3977df564115f4ec6ffab1d2ff8a642ca50934b3fbe44b0abeba9df209566984a29dfc0466e439a94e177b3c4d5f6e92b8176b9d6ddeeeb196fa964217f88e1acc180aaa4"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0x3}, 0x8, 0x10, &(0x7f00000000c0), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r5 = io_uring_setup(0x6390, &(0x7f00000001c0)={0x0, 0x621d, 0x842, 0x3, 0x39c})
io_uring_register$IORING_REGISTER_IOWQ_MAX_WORKERS(r5, 0x13, &(0x7f00000000c0)=[0x7, 0x80000000], 0x2)
r6 = syz_open_dev$evdev(&(0x7f0000000b80), 0x0, 0x0)
ioctl$EVIOCSMASK(r6, 0x40104593, &(0x7f0000000140)={0x0, 0x0, 0x0}) (async)
ioctl$EVIOCSKEYCODE_V2(r6, 0x80104592, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, "207d3d0040b6000900"}) (async)
ioctl$BTRFS_IOC_GET_DEV_STATS(r1, 0xc4089434, &(0x7f0000002700)={0x0, 0x8, 0x1, [0x80000001, 0x401, 0x7, 0x5, 0xfffffffffffffff7], [0x4, 0x3, 0xfffffffffffffffc, 0xfffffffffffffffa, 0xdd9, 0xfff, 0x3, 0xfffffffffffffffc, 0xffff, 0x8, 0x40, 0x3, 0xfffffffffffffffb, 0x4, 0x400, 0x1ff, 0xfffffffffffffffa, 0x7fffffff, 0x1, 0x3, 0x5, 0x1, 0x3, 0x7, 0x2, 0x5306, 0xffffffffffff64d0, 0x100, 0x3cc98dbb, 0x6, 0x4, 0x1, 0x80000000, 0x21, 0x101, 0x0, 0x7, 0x2, 0x9, 0x1000, 0x0, 0x3, 0x9, 0x45d96b26, 0xffffffffffffffff, 0x6, 0x5, 0x7, 0x9, 0x7, 0x1d1, 0x0, 0x8, 0x7e, 0x3, 0x0, 0x1ff, 0x60e, 0x4, 0xffffffff, 0x10001, 0x4, 0x8, 0x7c1, 0x9, 0x8000000000000000, 0x8, 0x3, 0x1bf, 0x664, 0x2, 0x8b, 0x3ff, 0x3, 0x8, 0xfffffffffffffe01, 0x3, 0x1, 0x101, 0x380000000000000, 0x1, 0xfffffffffffffff8, 0xffffffffffff517d, 0x1, 0x9, 0x6, 0x1, 0xc400, 0x9, 0x9, 0x6, 0x0, 0xc1c, 0xa, 0x0, 0x5, 0x2, 0xffff, 0x0, 0x5, 0x5, 0x1, 0xffffffffffffffff, 0x10001, 0x0, 0x9, 0x2a55, 0x81, 0xb, 0x80, 0x7fffffff, 0x8, 0x6, 0x8, 0x6c, 0xaa59, 0x8, 0x0, 0x7, 0x7, 0xee2c]})

1.689619957s ago: executing program 2 (id=1433):
gettid()
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0)
add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff)
mkdir(0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x4, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x3fff, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x5}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x8008000)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x7fffffffffffef9, 0x40000002, 0x0)
socket$key(0xf, 0x3, 0x2)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1000, 0x1)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
name_to_handle_at(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)=ANY=[@ANYBLOB="14"], &(0x7f0000000180), 0x1600)
open_by_handle_at(0xffffffffffffff9c, &(0x7f00000000c0)=ANY=[], 0x0)
r4 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'lo\x00', <r6=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=@newqdisc={0x30, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r6, {0x0, 0xa}, {0xffff, 0xffff}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x4}}]}, 0x30}}, 0x44080)

1.329628424s ago: executing program 0 (id=1434):
socket$kcm(0x10, 0x400000002, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f0000001900)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000240)={@cgroup, 0xffffffffffffffff, 0x1, 0x0, 0xffffffffffffffff, @void, @value}, 0x20)
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = syz_io_uring_setup(0x117, &(0x7f0000000300), &(0x7f0000000280)=<r4=>0x0, &(0x7f0000000200)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffc00, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f00000000c0)=@IORING_OP_SENDMSG={0x9, 0x48, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000018c0)={0x0, 0x0, &(0x7f0000001680)=[{0x0}, {0x0}], 0x2}, 0x0, 0x1})
io_uring_enter(r3, 0x47f6, 0x69090000, 0x0, 0x0, 0x0)
socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'gretap0\x00'})
r6 = syz_open_dev$tty1(0xc, 0x4, 0x2)
ioctl$TIOCL_PASTESEL(r6, 0x541c, &(0x7f0000000100))

1.328675428s ago: executing program 1 (id=1435):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000006c0)=ANY=[@ANYBLOB="d80100001000330600000000fcdbdf25fe8000000000000000000000000000aaff02000000000000000000000000000100"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fc0100000000000000000000000000000000000032000000200100000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fcffffffffffffff000000000000000000000000040400000000000000000000ffffffff02000000000000004800020065636228636970686572756c6c2900"/226], 0x1d8}}, 0x0)

1.239961773s ago: executing program 1 (id=1436):
syz_open_procfs$pagemap(0x0, &(0x7f0000000240))
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
openat$audio(0xffffff9c, 0x0, 0x402, 0x0)
connect$unix(r0, 0x0, 0x0)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32, @ANYBLOB="0000000000000900000010003310", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1f, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000180000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7050000080000a8c5000000a5000000180100002020640500000000002020207b1af8fe00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b300000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3d, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
write$binfmt_script(0xffffffffffffffff, &(0x7f00000000c0), 0xfea7)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x2, 0x8, 0x0, 0x3}, 0x0)
add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, 0x0, 0x0, 0xffffffffffffffff)
getsockopt(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000b3ffac)=""/84, 0x0)
r3 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000002340), 0x40800)
ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r4, 0xc058534f, &(0x7f0000002380)={{0x0, 0x1}, 0x0, 0xfffffffe, 0x2, {0x4, 0x1}, 0x3, 0x800})
ioctl$TUNSETOFFLOAD(r3, 0xc004743e, 0x110e22fff6)
r5 = openat$sequencer2(0xffffff9c, &(0x7f0000000080), 0xc41, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$SNDCTL_SEQ_NRMIDIS(r5, 0x8004510b, &(0x7f00000000c0))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
ioctl$sock_SIOCETHTOOL(r6, 0x89f0, &(0x7f0000000080)={'bridge0\x00', &(0x7f00000001c0)=@ethtool_ringparam={0x9, 0x200, 0x300, 0xffffffff, 0x0, 0x0, 0x0, 0xfffffffe}})
r7 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040), 0x185900, 0x0)
ioctl$IOCTL_STOP_ACCEL_DEV(r7, 0x40046104, &(0x7f0000000240))

879.590601ms ago: executing program 3 (id=1437):
r0 = syz_open_dev$vim2m(&(0x7f0000000040), 0x7, 0x2)
setsockopt$MISDN_TIME_STAMP(0xffffffffffffffff, 0x0, 0x1, &(0x7f0000000000)=0x1, 0x4)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000005"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008000000b7030000000008008500000033"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000300)={r2, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000280)="b9ff03076804268c989e14f088a8", 0x0, 0x1, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)
prctl$PR_MCE_KILL(0x21, 0x1, 0x3)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000740)=@newlink={0x48, 0x10, 0x439, 0x70bd2a, 0x0, {0x0, 0x0, 0xe403, 0x0, 0x3, 0x610c3}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @sit={{0x8}, {0x1c, 0x2, 0x0, 0x1, [@IFLA_IPTUN_REMOTE={0x8, 0x3, @remote}, @IFLA_IPTUN_6RD_RELAY_PREFIX={0x8}, @IFLA_IPTUN_6RD_RELAY_PREFIX={0x8, 0xc, 0xee}]}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x8000}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f00000001c0)={'batadv0\x00', <r4=>0x0})
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x8, &(0x7f0000005580)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd1200000000000085000000d0000000b70000000000000095000000000000003fba6a7d36d9b18ed812a2e2c49e8020a6f4e0e4a9446ca2b5f1cc1a100a9af698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f010c5077da80fb982c1e9400c603146cea484a415b76966118b64f751a0f241b072e90080008002d75593a280000c93e64c227c95aa0b784625704f07a72c2918451ebdcf4cef7f9606056fe5c34664c0af9360a1f7a5e6b607130c89f18c0c1089d8b85880000c29c48b45ef4adf634be763288d01aa27ae8b09e13e79ab20b0b8ed8fb7a68af2ad0000000000000006f803c6468082089b302d7bff8f06f7f918d65eae391cb41336023cdcedb5e0125ebbcebddcf10cb2364149215108355ee570f8078be5cab389cd65e7133719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad23000000803a90bce6dc3a13871765df961c2ed3b1006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f40cfd7c3a1d37a6ab87b1586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9f081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d60532be9c4d2ec7c32f2095e63c8cdc28f74d043ed8dba2f23b01a9aeb980aff9fa3a64709270c701db801f44cf945b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142bdda5e6c5d50b83bae616b5054d1e7c13b1355d6f4a8245eaa4997da9c77af4c0ebe097fca585ec6bf58351d599e9b61e8caab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a41326eea31ae4e0f75057df3c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57010000009700ce0b4b8bc22941330000000000000000000300000000000000000000000010008bc0d955f2a83366b99711e6e8861c46495ba585a4b2d02edc3e28dd279a896249ed85b9806f0b6c4a000000002b43dcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffff7f00000000df73be83bb7d5ad883ef3b7cda42013d53046da21b40216e14ba2d6af8656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff72943327d830689da6b53ffffffff631c7771429d1200000033ed846197fcff5e1c7c3d1d6e3a52872baef9753fffffffffffffe09fec2271fe010cd7bb2366fde4a59429738fcc917a57f94f6c453cea623cc5ee0c2a5ff870ce5dfd3467decb05cfd9fcd41df54cdbd9d10a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce978275d5bc8955778567bc79e13b78249788f11f708008b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe7d7fa29822a0269a660e717a04becff0f7191070000000000002ea37e927123d8ecbbc55bf404571be54c72d978cf2804107f0238abccd32368e57040906df0042e19000000000000002c06f815312e086dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef44cd1fe582786105c7df8be4877084d4173731efe895efc71f665c4d75cf2458e35d2c9062ece84c99e061887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb2b5e518a75f9e7d7ae22e16c6c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad055e4af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457ac0eaaa99bf0bdc14ae358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df9b3fdf242b985bf16b99c9cc0ad1857036f1a985f369191ae954febb3df464bfe0f773ee9afe72f32a2befb89d3777399f5874c553a2ebe9061fe86e669642e09bb6d163118e4cbe024fd452277c3887d6116c6cc9d8046c216c1f8a9778cb26e22a2a998de5eaeadea2a40da8daccf080842a486721737390cbf3a74cb2003efb9a101b51ab63e9600040000b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde6e4a4304e50c349f4f9ecee27defd83871c5191e10096e7e60fc3541a2c905a1a95e9571bf38aebd15172f94e3245c582909e2a3bce109b6000000000000000000d6d5210d7560eb92d6a97a27602b81f7636df1535bef1497f90100000000000000abf9010000007740890200d627e87306703be8672dc84eeadba6a41891c170d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e7a45319f18101288a0268893373750d10a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7ef8c08acaf30235b920500d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69b93e9960ff5f76062adae283d9756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff85000000000000c1fee30a3f7a85ecb29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546bba3d005585bf07d70e2505bc7f41019645466a31c72ad53bc19faa5401120000793ac48c1b539c75ab40743b00020000a1f68df75cf43f8ecc8d3726602111b40e761fd210a1920382f14d12ca3c3431ee97471c781d0d1280fb00818654a53b6df4b2c97cc1c98d85fda8f80fe908b65550b441233151122b41a8d73062197655b7f0469250a5989cef0e10773920ed3ccee42d2c3eb80159da5c002511e6eb93842054cfce2ac306cb6e472db3fd67a49b6855a694a8d359add43907003223a47a7fae4f3748d5a432825bc40a03aaef1c8488d86dc211dd2a3ba71e0f45492ef1f8b65ccb3dcd251a61b152d02c29ca0a3328fa7753a5cddea1acaae55ae8263fb284b7a6ab2a8826c1b948207c498cf4824ab1ea3225c380fac12f8205d182f8999e0311da5b8378bc841e1787e3a8128dda381a26cb2b365702ff8a27831375b2ddaa2f56e21169f7ca4fd9655ccd4a584acd244e965a0afedaff7c415ff682a4044b3381cc2df28278c9a6824c52048a7cfabda294925cc0956bffa8e950ff5e49f41ae600d830207bf728cd9807933c3c16d80bbea611a18becc2dc38ca0a6f5740f340b76edcd1f539bd43007231dcef58c7b88b5aeedaf9626cb51ce1737c10ab37d4f98a934b0f900e0eb639878a1200629f5503cf679154d27681d7a3744cbcd42af59407c9c8e39c5271868917954e604352ba26171d004f1cb2976fab3fa19c7d3ef9678bff79f5155524f061378f94fb453786c3a6f78b10d383b49e31d1568bd43ee34ce6e6be235aa6207285665c2fba773671da41959f51610963b48930658e2d6125a26085001345b0473240b7e5e91811312c43663e76f711d7219ecdec75c7ea1cf0f8f8fff40247d59bbde2ebb8659197e0f37a71be1b12a182ed7de3acba28561a04b807f7a4647e2ea6d8fb92541d07c3d5e4ba077d3cad9f8ba1919592014c00c8eccb2ca5d48ba7b1c3fb185a4bb79700cf51f818b0c701c8de47d12281a67bdaf4b0c50bee9e8f5936250df2e15c1172e7ea6619f7db330700d1e9e42a035e6fd532f61fbfed9c4a7124a1e38eee50a6bbcd1d4e3f68c3f27dd9a70f1a7c6046237ddfb0b26e197322226367d998010458cd4df10af249ce717f6f45e5176e0ddae3054d7289d4e13ab0912703ee39ce264572b89194fdf7acecc35cf8309d4b680a08eed367dad855fce210f1a7c7222dd360eafb4bef7d58bf83362930af6e3f3f851abdc0003bdf9401b533019e90feb069189100007a82df8d9b5f44ebf9355e7b1b01c9470608d4f306d21004730396a4d6c6d46e1ffac97aa93c36123532a36186575266be4981c847160079421d0137801e553069f8d025c40f287378810defc7f2ed4e15f6af17b21153394f8bcfa6a23a77c8d61c9bbc127a57b8d631f36558d9093dee08bc53d97a8003363421738650a26c8fd87b13026799caf58e59951b125e7f161ca34e2c0dd65a23d01a3cb191e743de07247c7f993cf01166fa2ac1ba02f60550e63a7f50422e478c6b5d87f9bd0567a279a9d85a380db25c43bd0529ad783b9d64aaac1b793afb44b7126e17d2b7c0d6be650de7eeef3f3605af344015d03c3e7819145cb9fe1978c98bf9cf10773db59505ae33708c728844c872dfd2cb0b29754f928c59306ce105ca18cb72f0944d0e4fea0a0abd0285bdaf1b000000c089d640c2facb0d1e6243873ac4b1e1068c45c715b68effb7d58d1f9e726dbf6bd910ca4ce0e075658ede42192cf393a50dcc197b03402fed75083628e5dd38213d353b9049e71f037064b05e73ec00c710f1ffc5737d397d555d1cf8859cc05fea8dc3c6a5b3b6fa1c81707479db1833d593a271253aa11efdb36b74784f2fc286814848e92d8ee541bc179813297a0a4cc3c8f80c28701185bea091f32475e859479b734727afc110e1abcff460172fd1b42e3c0e2a4bf94a060069000010000087c7572a1e7596f89e5c3d5e70640c90815f77b7b13d0000000085a1e1e84900000000000000000000000000b422fc160a458ee5a91a2471e6e56fdabec6c73ce8983fc68f0b7cdcdde632e6f54a07620e8aa116ce9e84fc3cd5e8288a333dcebb233da9186796995ba69487d8f77d2f8800f02d690fc70a08b231cad1bdcf3740a95d4dd1cfe0f417f275493cf33b19ffff93dfdaf7eb00b8ad87cdf7c21bab5af8e2bac54ee5597e6508c1158124a538c36f9bb11fea7d8b8c7e954b1bc7811654a6636b33f271d0923e9ecd1b724b8feffadfc23c07000000f0785fb722f346d6a5dffe1884d4d0cd8f00000092c85ed44db68ab800000000000000406e6ed9b219ad07125381087298e75965d1cc5932ddf9e66351ba332a34bee3e3d562c914c629933f0b8724cf680889ade72558d191d96ee1b84bb64b14aebc6b5194c55dd6890c69a718f9018586c5131c8dc8e0379bafda1a0fd2997ff115215ce23dca8db7236c1554cdaaadcce2f31834c1bd1908d8e1b361034db56bd86acb7654a195bc3e98df3a5dffd5b07838a3ef7da3433110e37f7c7cb7f3800de7f99abf910d6949e062747a9c87dcfcc716d6a9c0ec53b9cffe3cfd1df69a76f373d7f997edb9b80bdea1a99c2a6fbb25e035deadaadd7917ebfedd6304a19491769476208684e343f86b4d55a7dbbb07283cb1e35a139d24ebc5b4f8e35a82d3a7f84cb1e02a5a92b53567088be0b1ca023ccd518c0e0715b1c8760801a419ebd2e26440ff7493019bdb655cc88d72d6d7b6bca5a2e19b63ec52fcc49a729f11ab377f7132c543d29646a9378eea0761b7ed9d2172e33ed87c6513c843b180cc00000000006bedf2ed716ca43a941119b96d82b26d9061de240d85ec2cfa462bd52104489bb7a7548d7cc53627031e909c69cb824233975a1ea645de63522407c3a240a37e946f30ebf075ea97846a0a8d2286f3f446b1b99ab83a12ddf8a1c06294eadc3eb3e339591afd5c00000000000000000000000000000000000000000000000000579dad8347a3d16976bb7483840b32db0158fb6c809349333325a7866ca5d3133e33ef1a183cefdb65a79fa71800988c8445029e024822dbcfcab49c3a0aec9bd43e6e14078b260700d849a2aa14c9b593f6dcb1de334c065ecfd65031606e55949c185bcda9fde4f9b46a76b8a24bbcd31b22373eb0473248150cd179405ee1af1183b0c0ce3483dc1d9bf732b0751b78fb211d6706b55960c6431afbc02b3c7e08086573939290bb9e590a3875f02a828bf209d0ed9829dec16ab67a4f59a504e09f55ab82bbd405087a17a229a149c53ee9145500db213cb36489a10957739e481a756e65bde579bbbfb404213f661eeaaffacbcfbf"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000000)={@map=r5, r6, 0x2f, 0x2038, 0x4, @void, @void, @value=0xffffffffffffffff}, 0x20)
r7 = openat$dlm_control(0xffffff9c, &(0x7f0000000300), 0x787301, 0x0)
r8 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r8, 0xc1105517, &(0x7f0000000300)={{0x0, 0x0, 0x0, 0x0, 'syz1\x00'}, 0x3, 0x0, 0x20, 0x0, 0x1, 0x0, 'syz0\x00', &(0x7f0000000080)=['']})
linkat(r5, &(0x7f00000002c0)='./file0\x00', r7, &(0x7f0000000340)='./file0\x00', 0x1200)
sendmsg$nl_route_sched(r3, &(0x7f0000000280)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)=@getchain={0x34, 0x66, 0x316, 0x70bd2d, 0x25dfdbfd, {0x0, 0x0, 0x0, r4, {0x2, 0x1ffdc}, {0xf, 0xf}, {0xe}}, [{0x8, 0xb, 0x6}, {0x8, 0xb, 0x3}]}, 0x34}, 0x1, 0x0, 0x0, 0x40}, 0x20000000)
ioctl$vim2m_VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f0000000080)={0x0, @vbi={0x0, 0x1fd, 0xfffffffc, 0x4745504d, [0x7], [], 0x1}})

719.213587ms ago: executing program 3 (id=1438):
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0xea100, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000100)={0x1, 0x0, [{0x10a, 0x0, 0x2}]})
semget$private(0x0, 0x1, 0x44)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x22042, 0x0)
bpf$TOKEN_CREATE(0x24, 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x101000, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000feffffff850000007100000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x6, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r6, 0x0, 0xe, 0x0, &(0x7f0000000040)="0426063d032bbb006965499a03b9", 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x4004044)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x45, 0x0, 0x0, 0x8001, 0x0, 0xfffffffffffffffe}, 0x0)
r7 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
munmap(&(0x7f0000003000/0x4000)=nil, 0x4000)
socket(0x2, 0x3, 0x5)
r8 = dup(r7)
socket$nl_route(0x10, 0x3, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0)
sendfile(r8, r8, 0x0, 0xffffffff)
syz_io_uring_setup(0x497, &(0x7f0000000140)={0x0, 0xba7a, 0x800, 0x4, 0x2c}, &(0x7f0000000340), &(0x7f0000000280))

309.485132ms ago: executing program 1 (id=1439):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x8, 0x1c, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0xff}, {{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x5, 0x0, 0x7, 0x9, 0x0, 0x2, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x9, 0xfe00}, {0x5, 0x0, 0xb, 0x9}, {0x3, 0x0, 0x6, 0xa, 0x9, 0xfe04, 0xe1}, {0x7, 0x1, 0xb, 0x7, 0x8}, {0x7, 0x0, 0x0, 0x8}, {}, {}, {}, {0x18, 0x2, 0x2, 0x0, r0}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x181040, 0x0)
io_uring_enter(0xffffffffffffffff, 0x5bce, 0xfc96, 0x0, &(0x7f0000000040)={[0x7, 0x9]}, 0x8)
ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r3 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000000), 0x8801, 0x0)
fsetxattr$security_ima(r3, &(0x7f0000000080), &(0x7f0000000380)=@v2={0x5, 0x2, 0x7, 0x80}, 0x9, 0x0)
syz_open_dev$vbi(&(0x7f0000000000), 0x2, 0x2)
r4 = getpid()
syz_usb_connect(0x3, 0x1c, 0x0, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
r6 = socket$can_bcm(0x1d, 0x2, 0x2)
r7 = socket(0x1d, 0x2, 0x6)
ioctl$ifreq_SIOCGIFINDEX_vcan(r7, 0x8933, &(0x7f0000000000)={'vxcan0\x00', <r8=>0x0})
bind$can_j1939(r7, &(0x7f0000000100)={0x1d, r8, 0x2, {0x3}}, 0x18)
ioctl$ifreq_SIOCGIFINDEX_vcan(r6, 0x8933, &(0x7f0000000100)={'vxcan0\x00', <r9=>0x0})
r10 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000180), r7)
sendmsg$TIPC_NL_KEY_SET(r7, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x14, r10, 0x800, 0x70bd2c, 0x25dfdbfd}, 0x14}}, 0x10)
sendmsg$nl_route_sched(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)=@getchain={0x24, 0x11, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r9}}, 0x24}, 0x1, 0x0, 0x0, 0x20000}, 0x98)
sched_getparam(r4, &(0x7f0000000040))
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x50)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0)
set_thread_area(&(0x7f0000000000)={0x9, 0x0, 0x1000, 0x1, 0x2, 0x0, 0x1, 0x1, 0x0, 0x1})
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000300)={0xffffffffffffffff, 0xe0, &(0x7f0000000200)={0x0, <r11=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1, &(0x7f0000000080)=[0x0, 0x0], &(0x7f00000000c0)=[0x0], 0x0, 0xb, &(0x7f0000000100)=[{}, {}], 0x10, 0x10, &(0x7f0000000140), &(0x7f0000000180), 0x8, 0x22, 0x8, 0x8, &(0x7f00000001c0)}}, 0x10)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000340)={r11}, 0x4)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='net_prio.prioidx\x00', 0x275a, 0x0)

117.066565ms ago: executing program 0 (id=1440):
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000300)="2e00000010008188040f80ec59acbc0413a181000b00000000010000000000000e000a000f000000028002002d1f", 0x2e}], 0x1}, 0x0)

0s ago: executing program 0 (id=1441):
socket$nl_route(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0xe, &(0x7f0000001500)=ANY=[], &(0x7f0000000b80)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000040), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x800}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000400)=0x6)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = epoll_create1(0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r6, &(0x7f0000000000)={0x20002015})
close_range(r5, r6, 0x0)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000f00)={'wlan0\x00', &(0x7f0000000080)=@ethtool_perm_addr={0x4b}})
r7 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_GET(r7, &(0x7f0000000100)={0x0, 0xf00, &(0x7f0000000300)={&(0x7f0000000080)={0x10, 0x1401, 0x7fc32be5eb343aa7}, 0x5c}}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000a80)={{0x2, 0x4e23, @multicast1}, {0x0, @local}, 0x6, {0x2, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}}, 'lo\x00'})
r8 = socket$inet6_udp(0xa, 0x2, 0x0)
r9 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r9, &(0x7f0000000100)=@pppol2tpv3={0x18, 0x1, {0x0, r8, {0x2, 0x0, @multicast2}, 0x4, 0x0, 0x3}}, 0x2e)
ioctl$PPPIOCGCHAN(r9, 0x80047437, 0x0)

kernel console output (not intermixed with test programs):

2_compat_sys_sendfile+0x10/0x10
[  195.085175][ T8880]  ? rcu_is_watching+0x12/0xc0
[  195.085186][ T8880]  __do_fast_syscall_32+0x73/0x120
[  195.085200][ T8880]  do_fast_syscall_32+0x32/0x80
[  195.085213][ T8880]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  195.085225][ T8880] RIP: 0023:0xf7fb7579
[  195.085233][ T8880] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  195.085242][ T8880] RSP: 002b:00000000f50d655c EFLAGS: 00000296 ORIG_RAX: 00000000000000bb
[  195.085252][ T8880] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000000005
[  195.085258][ T8880] RDX: 0000000000000000 RSI: 0000000080000001 RDI: 0000000000000000
[  195.085263][ T8880] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  195.085268][ T8880] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  195.085273][ T8880] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  195.085285][ T8880]  </TASK>
[  195.241916][   T10] usb 7-1: new high-speed USB device number 5 using dummy_hcd
[  195.269506][   T10] usb 7-1: device descriptor read/8, error -71
[  195.520464][   T10] usb 7-1: new high-speed USB device number 6 using dummy_hcd
[  195.550807][   T10] usb 7-1: device descriptor read/8, error -71
[  195.660672][   T10] usb usb7-port1: unable to enumerate USB device
[  195.783902][ T8896] netlink: 20 bytes leftover after parsing attributes in process `syz.1.717'.
[  195.789778][ T8896] vlan2: entered promiscuous mode
[  195.791525][ T8896] bridge0: entered promiscuous mode
[  196.488117][ T8909] netlink: 16172 bytes leftover after parsing attributes in process `syz.0.721'.
[  197.010744][ T8924] input: syz1 as /devices/virtual/input/input95
[  197.023158][   T29] usb 8-1: new high-speed USB device number 9 using dummy_hcd
[  197.143339][ T8926] netlink: 44 bytes leftover after parsing attributes in process `syz.1.724'.
[  197.268667][   T29] usb 8-1: Using ep0 maxpacket: 32
[  197.271661][   T29] usb 8-1: config 1 interface 0 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  197.275118][   T29] usb 8-1: config 1 interface 0 altsetting 4 bulk endpoint 0x82 has invalid maxpacket 8
[  197.278399][   T29] usb 8-1: config 1 interface 0 altsetting 4 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  197.282648][   T29] usb 8-1: config 1 interface 0 has no altsetting 0
[  197.286279][   T29] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  197.289674][   T29] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  197.292191][   T29] usb 8-1: Product: syz
[  197.293682][   T29] usb 8-1: Manufacturer: syz
[  197.295210][   T29] usb 8-1: SerialNumber: syz
[  197.298940][ T8916] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  197.301263][ T8916] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  197.711451][   T29] cdc_ether 8-1:1.0: probe with driver cdc_ether failed with error -22
[  197.733754][ T8932] binder: 8931:8932 ioctl 4018620d 0 returned -22
[  197.737024][ T8932] trusted_key: encrypted_key: master key parameter 'user:' is invalid
[  197.755596][   T29] usb 8-1: USB disconnect, device number 9
[  198.320512][  T834] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  198.460428][  T834] usb 5-1: device descriptor read/64, error -71
[  198.590600][ T8962] input: syz1 as /devices/virtual/input/input96
[  198.830417][  T834] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  198.889307][ T8964] input: syz0 as /devices/virtual/input/input97
[  198.960423][  T834] usb 5-1: device descriptor read/64, error -71
[  199.070639][  T834] usb usb5-port1: attempt power cycle
[  199.410478][  T834] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[  199.431254][  T834] usb 5-1: device descriptor read/8, error -71
[  199.659259][ T8975] tipc: Started in network mode
[  199.666244][ T8975] tipc: Node identity ac141442, cluster identity 4711
[  199.670452][  T834] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[  199.680781][ T8975] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[  199.692615][  T834] usb 5-1: device descriptor read/8, error -71
[  199.800725][  T834] usb usb5-port1: unable to enumerate USB device
[  199.877162][ T8977] netlink: 4 bytes leftover after parsing attributes in process `syz.2.740'.
[  200.175568][ T8981] syz.1.741 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  200.312516][ T8952] Set syz1 is full, maxelem 65536 reached
[  200.605100][ T8993] netlink: zone id is out of range
[  200.606862][ T8993] netlink: zone id is out of range
[  201.114263][ T9002] vivid-000: =================  START STATUS  =================
[  201.116731][ T9002] vivid-000: Generate PTS: true
[  201.118722][ T9002] vivid-000: Generate SCR: true
[  201.120455][ T9002] tpg source WxH: 3840x2160 (Y'CbCr)
[  201.122115][ T9002] tpg field: 1
[  201.123232][ T9002] tpg crop: (0,0)/3840x2160
[  201.124657][ T9002] tpg compose: (0,0)/3840x2160
[  201.126177][ T9002] tpg colorspace: 8
[  201.127397][ T9002] tpg transfer function: 0/2
[  201.128892][ T9002] tpg Y'CbCr encoding: 0/1
[  201.130310][ T9002] tpg quantization: 0/2
[  201.131883][ T9002] tpg RGB range: 0/2
[  201.133176][ T9002] vivid-000: ==================  END STATUS  ==================
[  202.150726][ T1016] usb 7-1: new full-speed USB device number 7 using dummy_hcd
[  202.480556][ T6416] usb 8-1: new high-speed USB device number 10 using dummy_hcd
[  202.557735][ T9036] netlink: zone id is out of range
[  202.559366][ T9036] netlink: zone id is out of range
[  202.620436][ T6416] usb 8-1: device descriptor read/64, error -71
[  202.870467][ T6416] usb 8-1: new high-speed USB device number 11 using dummy_hcd
[  203.010550][ T6416] usb 8-1: device descriptor read/64, error -71
[  203.130682][ T6416] usb usb8-port1: attempt power cycle
[  203.480429][ T6416] usb 8-1: new high-speed USB device number 12 using dummy_hcd
[  203.501113][ T6416] usb 8-1: device descriptor read/8, error -71
[  203.760701][ T6416] usb 8-1: new high-speed USB device number 13 using dummy_hcd
[  203.780843][ T6416] usb 8-1: device descriptor read/8, error -71
[  203.890879][ T6416] usb usb8-port1: unable to enumerate USB device
[  204.329633][ T9067] netlink: 'syz.1.764': attribute type 19 has an invalid length.
[  204.339244][ T9067] openvswitch: netlink: Missing key (keys=40, expected=200000)
[  206.770416][   T10] usb 5-1: new high-speed USB device number 15 using dummy_hcd
[  206.920409][   T10] usb 5-1: Using ep0 maxpacket: 32
[  206.925711][   T10] usb 5-1: config 8 has an invalid interface number: 197 but max is 0
[  206.928226][   T10] usb 5-1: config 8 has no interface number 0
[  206.930130][   T10] usb 5-1: config 8 interface 197 has no altsetting 0
[  206.943274][   T10] usb 5-1: New USB device found, idVendor=1b3d, idProduct=9303, bcdDevice=3e.5a
[  206.945991][   T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  206.948421][   T10] usb 5-1: Product: syz
[  206.949697][   T10] usb 5-1: Manufacturer: syz
[  206.964579][   T10] usb 5-1: SerialNumber: syz
[  207.290528][ T6416] usb 8-1: new high-speed USB device number 14 using dummy_hcd
[  207.420546][ T6416] usb 8-1: device descriptor read/64, error -71
[  207.680462][ T6416] usb 8-1: new high-speed USB device number 15 using dummy_hcd
[  207.700482][ T2291] usb 6-1: new full-speed USB device number 10 using dummy_hcd
[  207.810458][ T6416] usb 8-1: device descriptor read/64, error -71
[  207.921969][ T6416] usb usb8-port1: attempt power cycle
[  208.270519][ T6416] usb 8-1: new high-speed USB device number 16 using dummy_hcd
[  208.290986][ T6416] usb 8-1: device descriptor read/8, error -71
[  208.560491][ T6416] usb 8-1: new high-speed USB device number 17 using dummy_hcd
[  208.581389][ T6416] usb 8-1: device descriptor read/8, error -71
[  208.690738][ T6416] usb usb8-port1: unable to enumerate USB device
[  208.990507][ T2291] usb 6-1: new high-speed USB device number 11 using dummy_hcd
[  209.145431][   T40] audit: type=1400 audit(1746204337.121:3): apparmor="DENIED" operation="change_onexec" class="file" info="label not found" error=-2 profile="unconfined" name=3AD41454D5D41D29AD1A6029598146E6BE166E41AD0DBD4054033C9F33BBDA8224A2F3D772E7636E48B33CBF708372E8F1B9933EC5127743BE2206209EF02DF9CBF2F6E880D3382F pid=9128 comm="syz.2.781"
[  209.162757][ T2291] usb 6-1: config index 0 descriptor too short (expected 72, got 60)
[  209.165374][ T2291] usb 6-1: config 1 has an invalid descriptor of length 9, skipping remainder of the config
[  209.168845][ T2291] usb 6-1: config 1 interface 0 altsetting 0 has 4 endpoint descriptors, different from the interface descriptor's value: 6
[  209.176455][ T2291] usb 6-1: config index 1 descriptor too short (expected 72, got 60)
[  209.179104][ T2291] usb 6-1: config 1 has an invalid descriptor of length 9, skipping remainder of the config
[  209.182568][ T2291] usb 6-1: config 1 interface 0 altsetting 0 has 4 endpoint descriptors, different from the interface descriptor's value: 6
[  209.188601][ T2291] usb 6-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  209.193016][ T2291] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  209.195489][ T2291] usb 6-1: Product: syz
[  209.196846][ T2291] usb 6-1: Manufacturer: syz
[  209.198328][ T2291] usb 6-1: SerialNumber: syz
[  209.205665][ T2291] usb 6-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  209.233792][ T2291] usb 6-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  209.462163][   T10] ftdi_sio 5-1:8.197: FTDI USB Serial Device converter detected
[  209.465951][   T10] ftdi_sio ttyUSB0: unknown device type: 0x3e5a
[  209.474039][   T10] usb 5-1: USB disconnect, device number 15
[  209.477691][   T10] ftdi_sio 5-1:8.197: device disconnected
[  209.647766][ T5977] usb 6-1: USB disconnect, device number 11
[  209.731782][ T9140] input: syz1 as /devices/virtual/input/input98
[  209.890424][   T57] usb 8-1: new high-speed USB device number 18 using dummy_hcd
[  210.020419][   T57] usb 8-1: device descriptor read/64, error -71
[  210.310537][ T2291] ath9k_htc 6-1:1.0: ath9k_htc: Target is unresponsive
[  210.340841][ T2291] ath9k_htc: Failed to initialize the device
[  210.344323][ T5977] usb 6-1: ath9k_htc: USB layer deinitialized
[  210.860427][ T5977] usb 6-1: new full-speed USB device number 12 using dummy_hcd
[  211.650747][   T57] usb 8-1: new high-speed USB device number 20 using dummy_hcd
[  211.790469][   T57] usb 8-1: device descriptor read/64, error -71
[  211.834994][ T9175] syz.1.795: attempt to access beyond end of device
[  211.834994][ T9175] loop3: rw=0, sector=64, nr_sectors = 2 limit=0
[  211.839129][ T9175] isofs_fill_super: bread failed, dev=loop3, iso_blknum=16, block=32
[  211.843572][ T9175] netlink: 256 bytes leftover after parsing attributes in process `syz.1.795'.
[  212.100451][   T57] usb 8-1: new high-speed USB device number 21 using dummy_hcd
[  212.197984][ T9185] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  212.262958][ T9188] 9pnet_virtio: no channels available for device syz
[  212.278044][ T9188] overlayfs: overlapping lowerdir path
[  212.350474][   T57] usb 8-1: device descriptor read/64, error -71
[  212.561461][   T57] usb usb8-port1: attempt power cycle
[  212.769806][ T9191] mac80211_hwsim hwsim5 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  212.930471][   T57] usb 8-1: new high-speed USB device number 22 using dummy_hcd
[  213.054887][   T57] usb 8-1: device descriptor read/8, error -71
[  213.290470][ T9205] 9pnet_virtio: no channels available for device syz
[  213.340852][   T57] usb 8-1: new high-speed USB device number 23 using dummy_hcd
[  213.381473][   T57] usb 8-1: device descriptor read/8, error -71
[  213.500715][   T57] usb usb8-port1: unable to enumerate USB device
[  213.925331][ T9209] fuse: root generation should be zero
[  214.192056][ T9223] lo speed is unknown, defaulting to 1000
[  214.195121][ T9223] lo speed is unknown, defaulting to 1000
[  214.422771][ T9231] openvswitch: netlink: Missing key (keys=40, expected=10000000)
[  215.190582][ T1143] wlan1: Trigger new scan to find an IBSS to join
[  215.382666][ T9257] 9pnet_virtio: no channels available for device syz
[  215.820484][ T5999] usb 7-1: new high-speed USB device number 8 using dummy_hcd
[  216.195468][ T5999] usb 7-1: no configurations
[  216.196923][ T5999] usb 7-1: can't read configurations, error -22
[  216.331749][ T5999] usb 7-1: new high-speed USB device number 9 using dummy_hcd
[  216.491192][ T5999] usb 7-1: no configurations
[  216.493190][ T5999] usb 7-1: can't read configurations, error -22
[  216.495285][ T5999] usb usb7-port1: attempt power cycle
[  216.830649][ T5999] usb 7-1: new high-speed USB device number 10 using dummy_hcd
[  216.851917][ T5999] usb 7-1: no configurations
[  216.853782][ T5999] usb 7-1: can't read configurations, error -22
[  216.990426][ T5999] usb 7-1: new high-speed USB device number 11 using dummy_hcd
[  217.021322][ T5999] usb 7-1: no configurations
[  217.022816][ T5999] usb 7-1: can't read configurations, error -22
[  217.024937][ T5999] usb usb7-port1: unable to enumerate USB device
[  217.866257][   T40] audit: type=1326 audit(1746204345.841:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9298 comm="syz.0.827" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb7579 code=0x7ffc0000
[  217.874960][   T40] audit: type=1326 audit(1746204345.851:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9298 comm="syz.0.827" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb7579 code=0x7ffc0000
[  217.882982][   T40] audit: type=1326 audit(1746204345.851:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9298 comm="syz.0.827" exe="/syz-executor" sig=0 arch=40000003 syscall=296 compat=1 ip=0xf7fb7579 code=0x7ffc0000
[  217.890512][   T40] audit: type=1326 audit(1746204345.851:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9298 comm="syz.0.827" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb7579 code=0x7ffc0000
[  217.897070][   T40] audit: type=1326 audit(1746204345.851:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9298 comm="syz.0.827" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb7579 code=0x7ffc0000
[  217.904567][   T40] audit: type=1326 audit(1746204345.851:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9298 comm="syz.0.827" exe="/syz-executor" sig=0 arch=40000003 syscall=271 compat=1 ip=0xf7fb7579 code=0x7ffc0000
[  217.914770][   T40] audit: type=1326 audit(1746204345.851:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9298 comm="syz.0.827" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb7579 code=0x7ffc0000
[  217.922502][   T40] audit: type=1326 audit(1746204345.851:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9298 comm="syz.0.827" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb7579 code=0x7ffc0000
[  217.931326][   T40] audit: type=1326 audit(1746204345.851:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9298 comm="syz.0.827" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb7579 code=0x7ffc0000
[  217.939763][   T40] audit: type=1326 audit(1746204345.851:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9298 comm="syz.0.827" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb7579 code=0x7ffc0000
[  218.590574][ T6416] usb 6-1: new low-speed USB device number 13 using dummy_hcd
[  218.720479][ T6416] usb 6-1: device descriptor read/64, error -71
[  218.990436][ T6416] usb 6-1: new low-speed USB device number 14 using dummy_hcd
[  219.120464][ T6416] usb 6-1: device descriptor read/64, error -71
[  219.231093][ T6416] usb usb6-port1: attempt power cycle
[  219.271040][ T1150] wlan1: Trigger new scan to find an IBSS to join
[  219.590577][ T6416] usb 6-1: new low-speed USB device number 15 using dummy_hcd
[  219.611012][ T6416] usb 6-1: device descriptor read/8, error -71
[  219.870417][ T6416] usb 6-1: new low-speed USB device number 16 using dummy_hcd
[  219.890854][ T6416] usb 6-1: device descriptor read/8, error -71
[  220.011735][ T6416] usb usb6-port1: unable to enumerate USB device
[  220.184806][ T9343] evm: overlay not supported
[  220.540472][ T5999] usb 5-1: new high-speed USB device number 16 using dummy_hcd
[  220.693134][ T5999] usb 5-1: no configurations
[  220.695103][ T5999] usb 5-1: can't read configurations, error -22
[  220.820570][ T5999] usb 5-1: new high-speed USB device number 17 using dummy_hcd
[  220.982736][ T5999] usb 5-1: no configurations
[  220.984250][ T5999] usb 5-1: can't read configurations, error -22
[  220.987280][ T5999] usb usb5-port1: attempt power cycle
[  221.190561][   T64] wlan1: Creating new IBSS network, BSSID 1a:14:54:ea:71:77
[  221.330541][ T5999] usb 5-1: new high-speed USB device number 18 using dummy_hcd
[  221.351615][ T5999] usb 5-1: no configurations
[  221.353122][ T5999] usb 5-1: can't read configurations, error -22
[  221.480503][ T5999] usb 5-1: new high-speed USB device number 19 using dummy_hcd
[  221.514868][ T5999] usb 5-1: no configurations
[  221.516384][ T5999] usb 5-1: can't read configurations, error -22
[  221.518756][ T5999] usb usb5-port1: unable to enumerate USB device
[  223.251958][ T9403] netlink: 4 bytes leftover after parsing attributes in process `syz.1.858'.
[  223.258496][ T9403] netlink: 356 bytes leftover after parsing attributes in process `syz.1.858'.
[  224.766846][ T9451] netlink: 8 bytes leftover after parsing attributes in process `syz.1.871'.
[  224.770094][ T9451] openvswitch: netlink: nsh attribute has 65532 unknown bytes.
[  224.774498][ T9451] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  224.792353][ T5977] usb 7-1: new high-speed USB device number 12 using dummy_hcd
[  224.940917][ T5977] usb 7-1: no configurations
[  224.942419][ T5977] usb 7-1: can't read configurations, error -22
[  225.071426][ T5977] usb 7-1: new high-speed USB device number 13 using dummy_hcd
[  225.220938][ T5977] usb 7-1: no configurations
[  225.222575][ T5977] usb 7-1: can't read configurations, error -22
[  225.224979][ T5977] usb usb7-port1: attempt power cycle
[  225.560483][ T5977] usb 7-1: new high-speed USB device number 14 using dummy_hcd
[  225.591369][ T5977] usb 7-1: no configurations
[  225.592859][ T5977] usb 7-1: can't read configurations, error -22
[  225.690536][ T5999] usb 8-1: new full-speed USB device number 24 using dummy_hcd
[  225.720702][ T5977] usb 7-1: new high-speed USB device number 15 using dummy_hcd
[  225.741284][ T5977] usb 7-1: no configurations
[  225.742765][ T5977] usb 7-1: can't read configurations, error -22
[  225.744917][ T5977] usb usb7-port1: unable to enumerate USB device
[  225.852009][ T5999] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  225.855251][ T5999] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  225.858639][ T5999] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  225.862026][ T5999] usb 8-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5
[  225.866874][ T5999] usb 8-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  225.870481][ T5999] usb 8-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  225.873032][ T5999] usb 8-1: Manufacturer: syz
[  225.876299][ T5999] usb 8-1: config 0 descriptor??
[  228.500436][ T5999] rc_core: IR keymap rc-hauppauge not found
[  228.502375][ T5999] Registered IR keymap rc-empty
[  228.503984][ T5999] mceusb 8-1:0.0: Error: mce write submit urb error = -90
[  228.520440][ T5999] mceusb 8-1:0.0: Error: mce write submit urb error = -90
[  228.542249][ T5999] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.3/usb8/8-1/8-1:0.0/rc/rc0
[  228.546609][ T5999] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.3/usb8/8-1/8-1:0.0/rc/rc0/input99
[  228.555460][ T5999] mceusb 8-1:0.0: Error: mce write submit urb error = -90
[  228.570451][ T5999] mceusb 8-1:0.0: Error: mce write submit urb error = -90
[  228.590446][ T5999] mceusb 8-1:0.0: Error: mce write submit urb error = -90
[  228.610599][ T5999] mceusb 8-1:0.0: Error: mce write submit urb error = -90
[  228.631554][ T5999] mceusb 8-1:0.0: Error: mce write submit urb error = -90
[  228.650519][ T5999] mceusb 8-1:0.0: Error: mce write submit urb error = -90
[  228.671104][ T5999] mceusb 8-1:0.0: Error: mce write submit urb error = -90
[  228.700609][ T5999] mceusb 8-1:0.0: Error: mce write submit urb error = -90
[  228.720589][ T5999] mceusb 8-1:0.0: Error: mce write submit urb error = -90
[  228.740478][ T5999] mceusb 8-1:0.0: Error: mce write submit urb error = -90
[  228.761294][ T5999] mceusb 8-1:0.0: Registered  with mce emulator interface version 1
[  228.763809][ T5999] mceusb 8-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  228.767830][ T5999] usb 8-1: USB disconnect, device number 24
[  228.800253][ T9522] input: syz1 as /devices/virtual/input/input100
[  229.445331][ T5950] Bluetooth: hci1: ACL packet for unknown connection handle 200
[  229.534840][ T9539] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  229.711429][ T6416] usb 8-1: new high-speed USB device number 25 using dummy_hcd
[  229.820612][ T5999] usb 6-1: new full-speed USB device number 17 using dummy_hcd
[  229.862201][ T6416] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  229.866479][ T6416] usb 8-1: config 0 has no interfaces?
[  229.870857][ T6416] usb 8-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f
[  229.874587][ T6416] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  229.877963][ T6416] usb 8-1: Product: syz
[  229.879721][ T6416] usb 8-1: Manufacturer: syz
[  229.882044][ T6416] usb 8-1: SerialNumber: syz
[  229.889027][ T6416] usb 8-1: config 0 descriptor??
[  229.972280][ T5999] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  229.975405][ T5999] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  229.978833][ T5999] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  229.981830][ T5999] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5
[  229.987062][ T5999] usb 6-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  229.989958][ T5999] usb 6-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  229.992509][ T5999] usb 6-1: Manufacturer: syz
[  229.998395][ T5999] usb 6-1: config 0 descriptor??
[  230.096204][  T834] usb 8-1: USB disconnect, device number 25
[  230.609443][ T9549] 9pnet_virtio: no channels available for device syz
[  230.689875][ T9552] lo speed is unknown, defaulting to 1000
[  230.693745][ T9552] lo speed is unknown, defaulting to 1000
[  232.570426][ T5999] rc_core: IR keymap rc-hauppauge not found
[  232.572411][ T5999] Registered IR keymap rc-empty
[  232.574066][ T5999] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  232.592003][ T5999] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  232.610941][ T5999] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:0.0/rc/rc0
[  232.615927][ T5999] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:0.0/rc/rc0/input101
[  232.621625][ T5999] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  232.640456][ T5999] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  232.641420][ T5291] Bluetooth: hci3: command 0x0406 tx timeout
[  232.660530][ T5999] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  232.680430][ T5999] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  232.700421][ T5999] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  232.720541][ T5999] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  232.740477][ T5999] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  232.760434][ T5999] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  232.780491][ T5999] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  232.800429][ T5999] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  232.823235][ T5999] mceusb 6-1:0.0: Registered  with mce emulator interface version 1
[  232.825742][ T5999] mceusb 6-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  232.830154][ T5999] usb 6-1: USB disconnect, device number 17
[  233.964025][ T9599] FAULT_INJECTION: forcing a failure.
[  233.964025][ T9599] name failslab, interval 1, probability 0, space 0, times 0
[  233.968759][ T9599] CPU: 0 UID: 0 PID: 9599 Comm: syz.1.906 Not tainted 6.15.0-rc4-syzkaller-00147-gebd297a2affa #0 PREEMPT(full) 
[  233.968775][ T9599] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  233.968781][ T9599] Call Trace:
[  233.968785][ T9599]  <TASK>
[  233.968790][ T9599]  dump_stack_lvl+0x16c/0x1f0
[  233.968806][ T9599]  should_fail_ex+0x512/0x640
[  233.968820][ T9599]  ? __kmalloc_noprof+0xbf/0x510
[  233.968832][ T9599]  ? video_usercopy+0x139/0x1440
[  233.968844][ T9599]  should_failslab+0xc2/0x120
[  233.968857][ T9599]  __kmalloc_noprof+0xd2/0x510
[  233.968867][ T9599]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  233.968882][ T9599]  video_usercopy+0x139/0x1440
[  233.968895][ T9599]  ? __pfx___video_do_ioctl+0x10/0x10
[  233.968907][ T9599]  ? __pfx_video_usercopy+0x10/0x10
[  233.968924][ T9599]  ? hook_file_ioctl_common+0x145/0x410
[  233.968938][ T9599]  v4l2_ioctl+0x1ba/0x250
[  233.968948][ T9599]  ? fput+0x71/0xf0
[  233.968960][ T9599]  v4l2_compat_ioctl32+0x214/0x2c0
[  233.968971][ T9599]  ? __pfx_v4l2_compat_ioctl32+0x10/0x10
[  233.968981][ T9599]  __ia32_compat_sys_ioctl+0x24c/0x360
[  233.968997][ T9599]  __do_fast_syscall_32+0x73/0x120
[  233.969011][ T9599]  do_fast_syscall_32+0x32/0x80
[  233.969024][ T9599]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  233.969037][ T9599] RIP: 0023:0xf7fa5579
[  233.969044][ T9599] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  233.969054][ T9599] RSP: 002b:00000000f50c655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  233.969063][ T9599] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c0845657
[  233.969069][ T9599] RDX: 0000000080000200 RSI: 0000000000000000 RDI: 0000000000000000
[  233.969075][ T9599] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  233.969080][ T9599] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  233.969086][ T9599] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  233.969097][ T9599]  </TASK>
[  234.480467][ T5999] usb 7-1: new high-speed USB device number 16 using dummy_hcd
[  234.641840][ T5999] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  234.644979][ T5999] usb 7-1: config 0 has no interfaces?
[  234.648634][ T5999] usb 7-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f
[  234.651491][ T5999] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  234.653981][ T5999] usb 7-1: Product: syz
[  234.655295][ T5999] usb 7-1: Manufacturer: syz
[  234.656751][ T5999] usb 7-1: SerialNumber: syz
[  234.659281][ T5999] usb 7-1: config 0 descriptor??
[  234.864201][ T5999] usb 7-1: USB disconnect, device number 16
[  235.180034][ T9619] lo speed is unknown, defaulting to 1000
[  235.182798][ T9619] lo speed is unknown, defaulting to 1000
[  235.283902][ T9622] netlink: 'syz.3.914': attribute type 3 has an invalid length.
[  235.831395][ T9641] netlink: 734 bytes leftover after parsing attributes in process `syz.1.920'.
[  235.890848][ T9641] QAT: Stopping all acceleration devices.
[  235.893246][ T9641] netlink: 'syz.1.920': attribute type 4 has an invalid length.
[  235.901232][ T9641] netlink: 'syz.1.920': attribute type 4 has an invalid length.
[  235.914236][   T29] lo speed is unknown, defaulting to 1000
[  235.916380][   T29] lo speed is unknown, defaulting to 1000
[  235.918383][   T29] lo speed is unknown, defaulting to 1000
[  236.580472][ T2291] usb 7-1: new high-speed USB device number 17 using dummy_hcd
[  236.731845][ T2291] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  236.735366][ T2291] usb 7-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  236.741021][ T2291] usb 7-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f
[  236.744543][ T2291] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  236.747015][ T2291] usb 7-1: Product: syz
[  236.748302][ T2291] usb 7-1: Manufacturer: syz
[  236.749697][ T2291] usb 7-1: SerialNumber: syz
[  236.752692][ T2291] usb 7-1: config 0 descriptor??
[  236.923040][ T9664] process 'syz.1.927' launched './file2' with NULL argv: empty string added
[  236.959165][ T5977] usb 7-1: USB disconnect, device number 17
[  237.275120][ T9670] netlink: 8 bytes leftover after parsing attributes in process `syz.0.928'.
[  237.678397][ T9675] FAULT_INJECTION: forcing a failure.
[  237.678397][ T9675] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  237.683659][ T9675] CPU: 3 UID: 0 PID: 9675 Comm: syz.2.930 Not tainted 6.15.0-rc4-syzkaller-00147-gebd297a2affa #0 PREEMPT(full) 
[  237.683673][ T9675] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  237.683679][ T9675] Call Trace:
[  237.683683][ T9675]  <TASK>
[  237.683687][ T9675]  dump_stack_lvl+0x16c/0x1f0
[  237.683704][ T9675]  should_fail_ex+0x512/0x640
[  237.683721][ T9675]  _copy_from_user+0x2e/0xd0
[  237.683738][ T9675]  video_usercopy+0x723/0x1440
[  237.683752][ T9675]  ? __pfx___video_do_ioctl+0x10/0x10
[  237.683764][ T9675]  ? __pfx_video_usercopy+0x10/0x10
[  237.683781][ T9675]  ? hook_file_ioctl_common+0x145/0x410
[  237.683795][ T9675]  v4l2_ioctl+0x1ba/0x250
[  237.683806][ T9675]  ? fput+0x71/0xf0
[  237.683818][ T9675]  v4l2_compat_ioctl32+0x214/0x2c0
[  237.683828][ T9675]  ? __pfx_v4l2_compat_ioctl32+0x10/0x10
[  237.683839][ T9675]  __ia32_compat_sys_ioctl+0x24c/0x360
[  237.683854][ T9675]  __do_fast_syscall_32+0x73/0x120
[  237.683869][ T9675]  do_fast_syscall_32+0x32/0x80
[  237.683882][ T9675]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  237.683894][ T9675] RIP: 0023:0xf7f02579
[  237.683902][ T9675] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  237.683911][ T9675] RSP: 002b:00000000f502655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  237.683920][ T9675] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 00000000c008561c
[  237.683926][ T9675] RDX: 0000000080000080 RSI: 0000000000000000 RDI: 0000000000000000
[  237.683932][ T9675] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  237.683937][ T9675] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  237.683943][ T9675] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  237.683954][ T9675]  </TASK>
[  238.050441][ T1016] usb 7-1: new full-speed USB device number 18 using dummy_hcd
[  238.382267][ T1016] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  238.385615][ T1016] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  238.389173][ T1016] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  238.410499][ T1016] usb 7-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5
[  238.416859][ T1016] usb 7-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  238.419767][ T1016] usb 7-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  238.430469][ T1016] usb 7-1: Manufacturer: syz
[  238.433882][ T1016] usb 7-1: config 0 descriptor??
[  239.891545][ T9710] FAULT_INJECTION: forcing a failure.
[  239.891545][ T9710] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  239.896937][ T9710] CPU: 3 UID: 0 PID: 9710 Comm: syz.1.939 Not tainted 6.15.0-rc4-syzkaller-00147-gebd297a2affa #0 PREEMPT(full) 
[  239.896953][ T9710] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  239.896959][ T9710] Call Trace:
[  239.896963][ T9710]  <TASK>
[  239.896967][ T9710]  dump_stack_lvl+0x16c/0x1f0
[  239.896984][ T9710]  should_fail_ex+0x512/0x640
[  239.897001][ T9710]  _copy_to_user+0x32/0xd0
[  239.897017][ T9710]  simple_read_from_buffer+0xcb/0x170
[  239.897033][ T9710]  proc_fail_nth_read+0x197/0x270
[  239.897059][ T9710]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  239.897075][ T9710]  ? rw_verify_area+0xcf/0x680
[  239.897088][ T9710]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  239.897102][ T9710]  vfs_read+0x1de/0xc70
[  239.897112][ T9710]  ? __pfx___mutex_lock+0x10/0x10
[  239.897125][ T9710]  ? __pfx_vfs_read+0x10/0x10
[  239.897138][ T9710]  ? __fget_files+0x20e/0x3c0
[  239.897157][ T9710]  ksys_read+0x12a/0x240
[  239.897165][ T9710]  ? __pfx_ksys_read+0x10/0x10
[  239.897175][ T9710]  ? rcu_is_watching+0x12/0xc0
[  239.897187][ T9710]  __do_fast_syscall_32+0x73/0x120
[  239.897201][ T9710]  do_fast_syscall_32+0x32/0x80
[  239.897214][ T9710]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  239.897226][ T9710] RIP: 0023:0xf7fa5579
[  239.897234][ T9710] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  239.897244][ T9710] RSP: 002b:00000000f50c6590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  239.897253][ T9710] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f50c6620
[  239.897260][ T9710] RDX: 000000000000000f RSI: 00000000f7432ff4 RDI: 0000000000000000
[  239.897265][ T9710] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  239.897271][ T9710] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  239.897276][ T9710] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  239.897288][ T9710]  </TASK>
[  240.029517][ T9714] netlink: 132 bytes leftover after parsing attributes in process `syz.1.941'.
[  240.061979][ T9714] kvm: vcpu 1: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer.
[  240.737042][ T9726] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  240.840496][ T1016] rc_core: IR keymap rc-hauppauge not found
[  240.842776][ T1016] Registered IR keymap rc-empty
[  240.844457][ T1016] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  240.862065][ T1016] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  240.881301][ T1016] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:0.0/rc/rc0
[  240.885888][ T1016] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:0.0/rc/rc0/input102
[  240.890691][ T1016] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  240.910456][ T1016] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  240.930513][ T1016] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  240.950472][ T1016] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  240.970461][ T1016] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  240.990473][ T1016] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  241.010540][ T1016] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  241.030458][ T1016] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  241.050428][ T1016] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  241.070513][ T1016] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  241.091172][ T1016] mceusb 7-1:0.0: Registered  with mce emulator interface version 1
[  241.093714][ T1016] mceusb 7-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  241.098357][ T1016] usb 7-1: USB disconnect, device number 18
[  242.462359][ T1016] usb 6-1: new full-speed USB device number 18 using dummy_hcd
[  242.611699][ T1016] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  242.615031][ T1016] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  242.618384][ T1016] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  242.621716][ T1016] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5
[  242.626609][ T1016] usb 6-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  242.629431][ T1016] usb 6-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  242.632086][ T1016] usb 6-1: Manufacturer: syz
[  242.635084][ T1016] usb 6-1: config 0 descriptor??
[  243.902645][ T9838] Trying to write to read-only block-device nullb0
[  243.910074][ T9838] netlink: 24 bytes leftover after parsing attributes in process `syz.3.962'.
[  244.188694][ T9846] netlink: 'syz.0.963': attribute type 4 has an invalid length.
[  245.270470][ T1016] rc_core: IR keymap rc-hauppauge not found
[  245.272699][ T1016] Registered IR keymap rc-empty
[  245.274298][ T1016] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  245.290434][ T1016] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  245.311038][ T1016] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:0.0/rc/rc0
[  245.316957][ T1016] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:0.0/rc/rc0/input103
[  245.322311][ T1016] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  245.340471][ T1016] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  245.360518][ T1016] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  245.380466][ T1016] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  245.400451][ T1016] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  245.420446][ T1016] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  245.440442][ T1016] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  245.460451][ T1016] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  245.480449][ T1016] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  245.500421][   T58] usb 7-1: new high-speed USB device number 19 using dummy_hcd
[  245.501834][ T1016] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  245.525959][ T1016] mceusb 6-1:0.0: Registered  with mce emulator interface version 1
[  245.528441][ T1016] mceusb 6-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  245.534436][ T1016] usb 6-1: USB disconnect, device number 18
[  245.673562][   T58] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  245.676839][   T58] usb 7-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  245.681610][   T58] usb 7-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f
[  245.684651][   T58] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  245.687197][   T58] usb 7-1: Product: syz
[  245.688552][   T58] usb 7-1: Manufacturer: syz
[  245.690277][   T58] usb 7-1: SerialNumber: syz
[  245.699055][   T58] usb 7-1: config 0 descriptor??
[  245.909763][   T58] usb 7-1: USB disconnect, device number 19
[  247.187849][   T40] kauditd_printk_skb: 13 callbacks suppressed
[  247.187865][   T40] audit: type=1326 audit(1746204375.161:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9887 comm="syz.2.975" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f02579 code=0x0
[  247.241387][ T9889] netlink: 20 bytes leftover after parsing attributes in process `syz.2.975'.
[  247.244563][ T9889] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount.
[  247.254130][ T9889] CIFS mount error: No usable UNC path provided in device string!
[  247.254130][ T9889] 
[  247.257305][ T9889] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  248.673243][ T9911] netlink: 20 bytes leftover after parsing attributes in process `syz.0.981'.
[  248.714931][ T9911] lo speed is unknown, defaulting to 1000
[  248.717442][ T9911] lo speed is unknown, defaulting to 1000
[  249.442299][ T9939] lo speed is unknown, defaulting to 1000
[  249.445303][ T9939] lo speed is unknown, defaulting to 1000
[  249.650469][ T2291] usb 8-1: new high-speed USB device number 26 using dummy_hcd
[  249.802251][ T2291] usb 8-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  249.808663][ T2291] usb 8-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f
[  249.816999][ T2291] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  249.830516][ T2291] usb 8-1: Product: syz
[  249.831949][ T2291] usb 8-1: Manufacturer: syz
[  249.833439][ T2291] usb 8-1: SerialNumber: syz
[  249.836206][ T2291] usb 8-1: config 0 descriptor??
[  249.858565][ T9947] FAULT_INJECTION: forcing a failure.
[  249.858565][ T9947] name failslab, interval 1, probability 0, space 0, times 0
[  249.863721][ T9947] CPU: 2 UID: 0 PID: 9947 Comm: syz.0.992 Not tainted 6.15.0-rc4-syzkaller-00147-gebd297a2affa #0 PREEMPT(full) 
[  249.863736][ T9947] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  249.863742][ T9947] Call Trace:
[  249.863745][ T9947]  <TASK>
[  249.863749][ T9947]  dump_stack_lvl+0x16c/0x1f0
[  249.863766][ T9947]  should_fail_ex+0x512/0x640
[  249.863779][ T9947]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[  249.863792][ T9947]  should_failslab+0xc2/0x120
[  249.863804][ T9947]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  249.863815][ T9947]  ? security_file_alloc+0x34/0x2b0
[  249.863830][ T9947]  security_file_alloc+0x34/0x2b0
[  249.863842][ T9947]  init_file+0x93/0x4c0
[  249.863859][ T9947]  alloc_empty_file+0x73/0x1e0
[  249.863871][ T9947]  alloc_file_pseudo+0x13a/0x230
[  249.863884][ T9947]  ? __pfx_alloc_file_pseudo+0x10/0x10
[  249.863897][ T9947]  ? do_raw_spin_unlock+0x172/0x230
[  249.863914][ T9947]  __anon_inode_getfile+0xf7/0x370
[  249.863932][ T9947]  anon_inode_getfd+0x52/0xb0
[  249.863947][ T9947]  __ia32_sys_fsopen+0x18f/0x240
[  249.863959][ T9947]  __do_fast_syscall_32+0x73/0x120
[  249.863973][ T9947]  do_fast_syscall_32+0x32/0x80
[  249.863987][ T9947]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  249.863999][ T9947] RIP: 0023:0xf7fb7579
[  249.864007][ T9947] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  249.864017][ T9947] RSP: 002b:00000000f50d655c EFLAGS: 00000296 ORIG_RAX: 00000000000001ae
[  249.864026][ T9947] RAX: ffffffffffffffda RBX: 0000000080000180 RCX: 0000000000000000
[  249.864032][ T9947] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  249.864037][ T9947] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  249.864043][ T9947] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  249.864048][ T9947] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  249.864060][ T9947]  </TASK>
[  250.038709][ T9959] netlink: 'syz.2.996': attribute type 8 has an invalid length.
[  250.056863][ T1016] usb 8-1: USB disconnect, device number 26
[  250.091219][ T9963] FAULT_INJECTION: forcing a failure.
[  250.091219][ T9963] name failslab, interval 1, probability 0, space 0, times 0
[  250.095164][ T9963] CPU: 0 UID: 0 PID: 9963 Comm: syz.0.998 Not tainted 6.15.0-rc4-syzkaller-00147-gebd297a2affa #0 PREEMPT(full) 
[  250.095178][ T9963] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  250.095184][ T9963] Call Trace:
[  250.095188][ T9963]  <TASK>
[  250.095192][ T9963]  dump_stack_lvl+0x16c/0x1f0
[  250.095209][ T9963]  should_fail_ex+0x512/0x640
[  250.095223][ T9963]  ? __kmalloc_noprof+0xbf/0x510
[  250.095235][ T9963]  ? nf_tables_newrule+0xbfd/0x28e0
[  250.095248][ T9963]  should_failslab+0xc2/0x120
[  250.095261][ T9963]  __kmalloc_noprof+0xd2/0x510
[  250.095271][ T9963]  ? nf_tables_newrule+0x8b0/0x28e0
[  250.095284][ T9963]  ? net_generic+0xf4/0x2a0
[  250.095295][ T9963]  nf_tables_newrule+0xbfd/0x28e0
[  250.095315][ T9963]  ? __pfx_nf_tables_newrule+0x10/0x10
[  250.095334][ T9963]  ? __nla_parse+0x40/0x60
[  250.095345][ T9963]  nfnetlink_rcv_batch+0x1908/0x2350
[  250.095365][ T9963]  ? __pfx_nfnetlink_rcv_batch+0x10/0x10
[  250.095377][ T9963]  ? consume_skb+0xcc/0x100
[  250.095389][ T9963]  ? find_held_lock+0x2b/0x80
[  250.095400][ T9963]  ? __local_bh_enable_ip+0xa4/0x120
[  250.095411][ T9963]  ? lockdep_hardirqs_on+0x7c/0x110
[  250.095430][ T9963]  ? __pfx___dev_queue_xmit+0x10/0x10
[  250.095457][ T9963]  ? __nla_parse+0x40/0x60
[  250.095468][ T9963]  nfnetlink_rcv+0x3c1/0x430
[  250.095480][ T9963]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  250.095496][ T9963]  netlink_unicast+0x53a/0x7f0
[  250.095510][ T9963]  ? __pfx_netlink_unicast+0x10/0x10
[  250.095525][ T9963]  netlink_sendmsg+0x8d1/0xdd0
[  250.095538][ T9963]  ? __pfx_netlink_sendmsg+0x10/0x10
[  250.095550][ T9963]  ? __import_iovec+0x1c8/0x660
[  250.095568][ T9963]  ____sys_sendmsg+0xa95/0xc70
[  250.095583][ T9963]  ? __pfx_____sys_sendmsg+0x10/0x10
[  250.095595][ T9963]  ? get_compat_msghdr+0x11a/0x170
[  250.095611][ T9963]  ___sys_sendmsg+0x134/0x1d0
[  250.095626][ T9963]  ? __pfx____sys_sendmsg+0x10/0x10
[  250.095653][ T9963]  __sys_sendmsg+0x16d/0x220
[  250.095663][ T9963]  ? __pfx___sys_sendmsg+0x10/0x10
[  250.095679][ T9963]  ? rcu_is_watching+0x12/0xc0
[  250.095690][ T9963]  __do_fast_syscall_32+0x73/0x120
[  250.095704][ T9963]  do_fast_syscall_32+0x32/0x80
[  250.095717][ T9963]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  250.095730][ T9963] RIP: 0023:0xf7fb7579
[  250.095738][ T9963] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  250.095748][ T9963] RSP: 002b:00000000f50d655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  250.095757][ T9963] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800000c0
[  250.095763][ T9963] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  250.095768][ T9963] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  250.095774][ T9963] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  250.095779][ T9963] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  250.095791][ T9963]  </TASK>
[  250.630728][   T58] usb 7-1: new full-speed USB device number 20 using dummy_hcd
[  250.782831][   T58] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  250.787206][   T58] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  250.793606][   T58] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  250.796610][   T58] usb 7-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5
[  250.803802][   T58] usb 7-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  250.806890][   T58] usb 7-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  250.809707][   T58] usb 7-1: Manufacturer: syz
[  250.813103][   T58] usb 7-1: config 0 descriptor??
[  251.497517][ T9993] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1007'.
[  251.500459][ T9993] bridge_slave_1: left allmulticast mode
[  251.502279][ T9993] bridge_slave_1: left promiscuous mode
[  251.504211][ T9993] bridge0: port 2(bridge_slave_1) entered disabled state
[  251.509926][ T9993] bridge_slave_0: left allmulticast mode
[  251.513051][ T9993] bridge_slave_0: left promiscuous mode
[  251.515015][ T9993] bridge0: port 1(bridge_slave_0) entered disabled state
[  251.813562][T10004] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  251.890552][ T5999] usb 5-1: new high-speed USB device number 20 using dummy_hcd
[  252.055285][ T5999] usb 5-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f
[  252.058166][ T5999] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  252.061345][ T5999] usb 5-1: Product: syz
[  252.062794][ T5999] usb 5-1: Manufacturer: syz
[  252.064389][ T5999] usb 5-1: SerialNumber: syz
[  252.070801][ T5999] usb 5-1: config 0 descriptor??
[  252.277560][ T2291] usb 5-1: USB disconnect, device number 20
[  252.340001][ T9998] [U] .ú
[  252.837444][T10024] QAT: Invalid ioctl 1075323139
[  253.318911][T10038] debugfs: Directory 'ttyS3' with parent 'caif_serial' already present!
[  253.337597][T10038] FAULT_INJECTION: forcing a failure.
[  253.337597][T10038] name failslab, interval 1, probability 0, space 0, times 0
[  253.342028][T10038] CPU: 1 UID: 0 PID: 10038 Comm: syz.3.1019 Not tainted 6.15.0-rc4-syzkaller-00147-gebd297a2affa #0 PREEMPT(full) 
[  253.342042][T10038] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  253.342049][T10038] Call Trace:
[  253.342052][T10038]  <TASK>
[  253.342056][T10038]  dump_stack_lvl+0x16c/0x1f0
[  253.342074][T10038]  should_fail_ex+0x512/0x640
[  253.342088][T10038]  ? __kmalloc_node_track_caller_noprof+0xc3/0x510
[  253.342102][T10038]  should_failslab+0xc2/0x120
[  253.342114][T10038]  __kmalloc_node_track_caller_noprof+0xd6/0x510
[  253.342126][T10038]  ? mark_held_locks+0x49/0x80
[  253.342137][T10038]  ? kstrdup_const+0x63/0x80
[  253.342152][T10038]  kstrdup+0x53/0x100
[  253.342164][T10038]  kstrdup_const+0x63/0x80
[  253.342175][T10038]  kvasprintf_const+0x10f/0x1a0
[  253.342191][T10038]  kobject_set_name_vargs+0x5a/0x140
[  253.342207][T10038]  dev_set_name+0xc7/0x100
[  253.342221][T10038]  ? __pfx_dev_set_name+0x10/0x10
[  253.342237][T10038]  ? lockdep_init_map_type+0x5c/0x280
[  253.342249][T10038]  ? __init_waitqueue_head+0xca/0x150
[  253.342267][T10038]  netdev_register_kobject+0xc5/0x3a0
[  253.342282][T10038]  register_netdevice+0x13dc/0x2270
[  253.342297][T10038]  ? __pfx_register_netdevice+0x10/0x10
[  253.342312][T10038]  ldisc_open+0x481/0x970
[  253.342324][T10038]  ? __pfx_ldisc_open+0x10/0x10
[  253.342335][T10038]  ? tty_ldisc_reinit+0x185/0x360
[  253.342345][T10038]  ? down_write+0x14d/0x200
[  253.342360][T10038]  ? __pfx_ldisc_open+0x10/0x10
[  253.342370][T10038]  tty_ldisc_open+0x9c/0x120
[  253.342379][T10038]  tty_ldisc_reinit+0x214/0x360
[  253.342390][T10038]  tty_reopen+0x239/0x2a0
[  253.342405][T10038]  tty_open+0xa13/0xf90
[  253.342419][T10038]  ? __pfx_tty_open+0x10/0x10
[  253.342431][T10038]  ? chrdev_open+0x10b/0x6a0
[  253.342443][T10038]  ? __pfx_tty_open+0x10/0x10
[  253.342454][T10038]  chrdev_open+0x231/0x6a0
[  253.342463][T10038]  ? __pfx_apparmor_file_open+0x10/0x10
[  253.342476][T10038]  ? __pfx_chrdev_open+0x10/0x10
[  253.342488][T10038]  ? file_set_fsnotify_mode_from_watchers+0x163/0x640
[  253.342505][T10038]  do_dentry_open+0x741/0x1c10
[  253.342515][T10038]  ? __pfx_chrdev_open+0x10/0x10
[  253.342528][T10038]  vfs_open+0x82/0x3f0
[  253.342541][T10038]  path_openat+0x1e5e/0x2d40
[  253.342556][T10038]  ? __pfx_path_openat+0x10/0x10
[  253.342569][T10038]  do_filp_open+0x20b/0x470
[  253.342578][T10038]  ? __pfx_do_filp_open+0x10/0x10
[  253.342597][T10038]  ? alloc_fd+0x471/0x7d0
[  253.342617][T10038]  do_sys_openat2+0x11b/0x1d0
[  253.342629][T10038]  ? __pfx_do_sys_openat2+0x10/0x10
[  253.342643][T10038]  ? __fget_files+0x20e/0x3c0
[  253.342660][T10038]  __ia32_compat_sys_openat+0x16d/0x210
[  253.342674][T10038]  ? __pfx___ia32_compat_sys_openat+0x10/0x10
[  253.342687][T10038]  ? ksys_write+0x1b9/0x240
[  253.342698][T10038]  ? rcu_is_watching+0x12/0xc0
[  253.342709][T10038]  __do_fast_syscall_32+0x73/0x120
[  253.342723][T10038]  do_fast_syscall_32+0x32/0x80
[  253.342737][T10038]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  253.342749][T10038] RIP: 0023:0xf7fd1579
[  253.342757][T10038] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  253.342766][T10038] RSP: 002b:00000000f50f655c EFLAGS: 00000296 ORIG_RAX: 0000000000000127
[  253.342776][T10038] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 0000000080000000
[  253.342782][T10038] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  253.342787][T10038] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  253.342793][T10038] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  253.342798][T10038] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  253.342810][T10038]  </TASK>
[  253.410652][   T58] rc_core: IR keymap rc-hauppauge not found
[  253.472765][   T58] Registered IR keymap rc-empty
[  253.474263][T10043] netlink: 184 bytes leftover after parsing attributes in process `syz.3.1021'.
[  253.474423][   T58] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  253.490536][   T58] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  253.511132][   T58] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:0.0/rc/rc0
[  253.516270][   T58] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:0.0/rc/rc0/input104
[  253.524062][   T58] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  253.540434][   T58] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  253.560508][   T58] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  253.580532][   T58] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  253.600478][   T58] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  253.620435][   T58] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  253.640543][   T58] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  253.660464][   T58] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  253.680548][   T58] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  253.700491][   T58] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  253.724065][   T58] mceusb 7-1:0.0: Registered  with mce emulator interface version 1
[  253.735387][   T58] mceusb 7-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  253.747762][   T58] usb 7-1: USB disconnect, device number 20
[  253.750435][ T1016] usb 6-1: new high-speed USB device number 19 using dummy_hcd
[  253.888567][T10064] binfmt_misc: register: failed to install interpreter file ./file0
[  253.924212][ T1016] usb 6-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f
[  253.927970][ T1016] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  253.931341][ T1016] usb 6-1: Product: syz
[  253.933122][ T1016] usb 6-1: Manufacturer: syz
[  253.935084][ T1016] usb 6-1: SerialNumber: syz
[  253.939372][ T1016] usb 6-1: config 0 descriptor??
[  254.075237][T10067] @: renamed from vlan0 (while UP)
[  254.157941][ T1016] usb 6-1: USB disconnect, device number 19
[  254.493404][T10079] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1032'.
[  254.496268][T10079] netlink: 'syz.2.1032': attribute type 5 has an invalid length.
[  254.498684][T10079] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1032'.
[  254.505321][T10079] netdevsim netdevsim2 netdevsim0: set [1, 1] type 2 family 0 port 256 - 0
[  254.508224][T10079] netdevsim netdevsim2 netdevsim1: set [1, 1] type 2 family 0 port 256 - 0
[  254.512358][T10079] netdevsim netdevsim2 netdevsim2: set [1, 1] type 2 family 0 port 256 - 0
[  254.516043][T10079] netdevsim netdevsim2 netdevsim3: set [1, 1] type 2 family 0 port 256 - 0
[  254.518894][T10079] geneve2: entered promiscuous mode
[  254.520893][T10079] geneve2: entered allmulticast mode
[  255.072139][T10096] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  255.124856][ T1416] ieee802154 phy1 wpan1: encryption failed: -22
[  256.007551][T10128] FAULT_INJECTION: forcing a failure.
[  256.007551][T10128] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  256.011870][T10128] CPU: 3 UID: 0 PID: 10128 Comm: syz.1.1044 Not tainted 6.15.0-rc4-syzkaller-00147-gebd297a2affa #0 PREEMPT(full) 
[  256.011884][T10128] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  256.011890][T10128] Call Trace:
[  256.011894][T10128]  <TASK>
[  256.011898][T10128]  dump_stack_lvl+0x16c/0x1f0
[  256.011914][T10128]  should_fail_ex+0x512/0x640
[  256.011931][T10128]  _copy_to_user+0x32/0xd0
[  256.011947][T10128]  simple_read_from_buffer+0xcb/0x170
[  256.011963][T10128]  proc_fail_nth_read+0x197/0x270
[  256.011977][T10128]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  256.011991][T10128]  ? rw_verify_area+0xcf/0x680
[  256.012004][T10128]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  256.012018][T10128]  vfs_read+0x1de/0xc70
[  256.012029][T10128]  ? __pfx___mutex_lock+0x10/0x10
[  256.012041][T10128]  ? __pfx_vfs_read+0x10/0x10
[  256.012054][T10128]  ? __fget_files+0x20e/0x3c0
[  256.012072][T10128]  ksys_read+0x12a/0x240
[  256.012081][T10128]  ? __pfx_ksys_read+0x10/0x10
[  256.012089][T10128]  ? rcu_is_watching+0x12/0xc0
[  256.012099][T10128]  ? rcu_is_watching+0x12/0xc0
[  256.012109][T10128]  __do_fast_syscall_32+0x73/0x120
[  256.012124][T10128]  do_fast_syscall_32+0x32/0x80
[  256.012138][T10128]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  256.012150][T10128] RIP: 0023:0xf7fa5579
[  256.012158][T10128] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  256.012167][T10128] RSP: 002b:00000000f50c6590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  256.012176][T10128] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f50c6620
[  256.012182][T10128] RDX: 000000000000000f RSI: 00000000f7432ff4 RDI: 0000000000000000
[  256.012188][T10128] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000
[  256.012193][T10128] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  256.012198][T10128] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  256.012210][T10128]  </TASK>
[  256.140424][ T1016] usb 8-1: new high-speed USB device number 27 using dummy_hcd
[  256.313218][ T1016] usb 8-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f
[  256.316049][ T1016] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  256.318525][ T1016] usb 8-1: Product: syz
[  256.319849][ T1016] usb 8-1: Manufacturer: syz
[  256.324975][ T1016] usb 8-1: SerialNumber: syz
[  256.328493][ T1016] usb 8-1: config 0 descriptor??
[  256.526083][T10137] netlink: 72 bytes leftover after parsing attributes in process `syz.2.1047'.
[  256.541353][ T1016] usb 8-1: USB disconnect, device number 27
[  256.582733][T10140] 9pnet_virtio: no channels available for device syz
[  257.780540][   T58] usb 7-1: new high-speed USB device number 21 using dummy_hcd
[  257.942022][   T58] usb 7-1: Using ep0 maxpacket: 8
[  257.951892][   T58] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  257.956384][   T58] usb 7-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  257.960067][   T58] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  257.974778][   T58] usb 7-1: config 0 descriptor??
[  258.025075][T10173] input: syz0 as /devices/virtual/input/input105
[  258.031616][T10173] netlink: 108 bytes leftover after parsing attributes in process `syz.1.1055'.
[  258.040407][T10173] block nbd0: Unsupported socket: shutdown callout must be supported.
[  258.134165][T10173] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  258.141523][T10173] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  258.160886][T10173] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  258.170415][T10173] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  258.180500][T10173] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  258.182427][T10173] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  258.195887][   T58] iowarrior 7-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[  258.325672][T10177] lo speed is unknown, defaulting to 1000
[  258.328661][T10177] lo speed is unknown, defaulting to 1000
[  258.590192][T10183] FAULT_INJECTION: forcing a failure.
[  258.590192][T10183] name failslab, interval 1, probability 0, space 0, times 0
[  258.594499][T10183] CPU: 3 UID: 0 PID: 10183 Comm: syz.1.1057 Not tainted 6.15.0-rc4-syzkaller-00147-gebd297a2affa #0 PREEMPT(full) 
[  258.594517][T10183] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  258.594524][T10183] Call Trace:
[  258.594528][T10183]  <TASK>
[  258.594532][T10183]  dump_stack_lvl+0x16c/0x1f0
[  258.594552][T10183]  should_fail_ex+0x512/0x640
[  258.594569][T10183]  ? __kmalloc_cache_noprof+0x57/0x3e0
[  258.594586][T10183]  should_failslab+0xc2/0x120
[  258.594598][T10183]  __kmalloc_cache_noprof+0x6a/0x3e0
[  258.594614][T10183]  ? ip_set_create+0x346/0x14d0
[  258.594632][T10183]  ip_set_create+0x346/0x14d0
[  258.594653][T10183]  ? __pfx_ip_set_create+0x10/0x10
[  258.594677][T10183]  ? find_held_lock+0x2b/0x80
[  258.594690][T10183]  nfnetlink_rcv_msg+0x9f9/0x1200
[  258.594708][T10183]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  258.594720][T10183]  ? kmem_cache_free+0x2d4/0x4d0
[  258.594749][T10183]  netlink_rcv_skb+0x16a/0x440
[  258.594760][T10183]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  258.594774][T10183]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  258.594785][T10183]  ? __pfx_aa_get_newest_label+0x10/0x10
[  258.594801][T10183]  ? bpf_lsm_capable+0x9/0x10
[  258.594811][T10183]  ? security_capable+0x7e/0x260
[  258.594834][T10183]  ? ns_capable+0xd7/0x110
[  258.594846][T10183]  nfnetlink_rcv+0x1b3/0x430
[  258.594858][T10183]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  258.594870][T10183]  ? netlink_deliver_tap+0x1ae/0xd30
[  258.594883][T10183]  netlink_unicast+0x53a/0x7f0
[  258.594896][T10183]  ? __pfx_netlink_unicast+0x10/0x10
[  258.594911][T10183]  netlink_sendmsg+0x8d1/0xdd0
[  258.594925][T10183]  ? __pfx_netlink_sendmsg+0x10/0x10
[  258.594937][T10183]  ? __import_iovec+0x1c8/0x660
[  258.594955][T10183]  ____sys_sendmsg+0xa95/0xc70
[  258.594970][T10183]  ? __pfx_____sys_sendmsg+0x10/0x10
[  258.594982][T10183]  ? get_compat_msghdr+0x11a/0x170
[  258.594999][T10183]  ___sys_sendmsg+0x134/0x1d0
[  258.595013][T10183]  ? __pfx____sys_sendmsg+0x10/0x10
[  258.595042][T10183]  __sys_sendmsg+0x16d/0x220
[  258.595052][T10183]  ? __pfx___sys_sendmsg+0x10/0x10
[  258.595069][T10183]  ? rcu_is_watching+0x12/0xc0
[  258.595080][T10183]  __do_fast_syscall_32+0x73/0x120
[  258.595095][T10183]  do_fast_syscall_32+0x32/0x80
[  258.595108][T10183]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  258.595120][T10183] RIP: 0023:0xf7fa5579
[  258.595128][T10183] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  258.595137][T10183] RSP: 002b:00000000f50c655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  258.595147][T10183] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000040
[  258.595153][T10183] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  258.595158][T10183] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  258.595163][T10183] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  258.595168][T10183] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  258.595181][T10183]  </TASK>
[  258.758933][   T58] usb 7-1: USB disconnect, device number 21
[  258.840484][ T5977] usb 5-1: new high-speed USB device number 21 using dummy_hcd
[  259.015006][ T5977] usb 5-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f
[  259.018139][ T5977] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  259.021652][ T5977] usb 5-1: Product: syz
[  259.023105][ T5977] usb 5-1: Manufacturer: syz
[  259.024768][ T5977] usb 5-1: SerialNumber: syz
[  259.028767][ T5977] usb 5-1: config 0 descriptor??
[  259.240851][   T58] usb 5-1: USB disconnect, device number 21
[  259.509711][T10200] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1064'.
[  259.778624][T10206] vcan0: tx drop: invalid da for name 0x00000000ffff0300
[  260.028036][    C3] vcan0: j1939_tp_rxtimer: 0xffff888021bd7000: rx timeout, send abort
[  260.151147][ T5291] Bluetooth: hci1: command 0x0406 tx timeout
[  260.230563][ T5291] Bluetooth: hci3: command 0x0406 tx timeout
[  260.231561][ T5950] Bluetooth: hci2: command 0x0406 tx timeout
[  260.528408][    C3] vcan0: j1939_tp_rxtimer: 0xffff888021bd6c00: rx timeout, send abort
[  260.531532][    C3] vcan0: j1939_tp_rxtimer: 0xffff888021bd7000: abort rx timeout. Force session deactivation
[  260.617643][T10229] netlink: 72 bytes leftover after parsing attributes in process `syz.0.1072'.
[  261.031131][    C3] vcan0: j1939_tp_rxtimer: 0xffff888021bd6c00: abort rx timeout. Force session deactivation
[  261.467308][ T5950] Bluetooth: hci3: SCO packet for unknown connection handle 200
[  261.497136][ T5950] Bluetooth: hci3: unexpected event for opcode 0x2002
[  261.546721][T10263] netlink: 5072 bytes leftover after parsing attributes in process `syz.1.1084'.
[  262.230712][ T5950] Bluetooth: hci1: command 0x0406 tx timeout
[  262.306314][T10286] 9pnet_virtio: no channels available for device syz
[  262.310852][ T5950] Bluetooth: hci2: command 0x0406 tx timeout
[  262.489322][    C3] ata1: illegal qc_active transition (00000000->00000800)
[  262.620429][ T2291] usb 7-1: new full-speed USB device number 22 using dummy_hcd
[  262.694837][T10296] overlay: Unknown parameter 'pcr'
[  262.814062][ T1104] ata1: SATA link up 1.5 Gbps (SStatus 113 SControl 300)
[  262.819685][ T1104] ata1.00: configured for UDMA/100
[  262.864215][ T2291] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  262.867470][ T2291] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  262.894459][ T2291] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  262.903954][ T2291] usb 7-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5
[  262.908594][ T2291] usb 7-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  262.908608][ T2291] usb 7-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  262.908617][ T2291] usb 7-1: Manufacturer: syz
[  262.910246][ T2291] usb 7-1: config 0 descriptor??
[  263.176273][T10305] batadv_slave_1: entered promiscuous mode
[  263.214424][   T58] hid (null): unknown global tag 0xc
[  263.216728][   T58] hid (null): global environment stack underflow
[  263.219289][   T58] hid (null): unknown global tag 0xd
[  263.231262][   T58] hid (null): unknown global tag 0xe
[  263.233000][   T58] hid (null): unknown global tag 0xc
[  263.234786][   T58] hid (null): unknown global tag 0x3d
[  263.242127][   T58] hid-generic 738D:02F7:0007.0003: unknown global tag 0xc
[  263.244482][   T58] hid-generic 738D:02F7:0007.0003: item 0 2 1 12 parsing failed
[  263.247172][   T58] hid-generic 738D:02F7:0007.0003: probe with driver hid-generic failed with error -22
[  263.493173][T10307] batadv_slave_1: left promiscuous mode
[  263.653785][   T57] usb 8-1: new high-speed USB device number 28 using dummy_hcd
[  263.863326][   T57] usb 8-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f
[  263.866187][   T57] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  263.868664][   T57] usb 8-1: Product: syz
[  263.869986][   T57] usb 8-1: Manufacturer: syz
[  263.871560][   T57] usb 8-1: SerialNumber: syz
[  263.876475][   T57] usb 8-1: config 0 descriptor??
[  264.084325][   T58] usb 8-1: USB disconnect, device number 28
[  265.320459][ T2291] rc_core: IR keymap rc-hauppauge not found
[  265.322417][ T2291] Registered IR keymap rc-empty
[  265.324005][ T2291] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  265.350686][ T2291] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  265.390402][ T2291] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:0.0/rc/rc0
[  265.395037][ T2291] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:0.0/rc/rc0/input106
[  265.400186][ T2291] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  265.432113][ T2291] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  265.450459][ T2291] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  265.470505][ T2291] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  265.500436][ T2291] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  265.511897][ T5950] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0
[  265.514732][ T5950] Bluetooth: hci3: Injecting HCI hardware error event
[  265.517687][ T5950] Bluetooth: hci3: hardware error 0x00
[  265.520748][ T2291] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  265.540475][ T2291] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  265.560491][ T2291] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  265.580477][ T2291] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  265.600643][ T2291] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  265.631382][ T2291] mceusb 7-1:0.0: Registered  with mce emulator interface version 1
[  265.634596][ T2291] mceusb 7-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  265.640835][ T2291] usb 7-1: USB disconnect, device number 22
[  265.668317][T10340] overlay: Bad value for 'redirect_dir'
[  265.824588][ T5291] Bluetooth: hci1: ACL packet for unknown connection handle 201
[  265.984248][T10355] FAULT_INJECTION: forcing a failure.
[  265.984248][T10355] name failslab, interval 1, probability 0, space 0, times 0
[  265.988328][T10355] CPU: 2 UID: 0 PID: 10355 Comm: syz.2.1107 Not tainted 6.15.0-rc4-syzkaller-00147-gebd297a2affa #0 PREEMPT(full) 
[  265.988342][T10355] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  265.988349][T10355] Call Trace:
[  265.988353][T10355]  <TASK>
[  265.988356][T10355]  dump_stack_lvl+0x16c/0x1f0
[  265.988374][T10355]  should_fail_ex+0x512/0x640
[  265.988388][T10355]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[  265.988401][T10355]  should_failslab+0xc2/0x120
[  265.988413][T10355]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  265.988424][T10355]  ? __alloc_skb+0x2b2/0x380
[  265.988436][T10355]  __alloc_skb+0x2b2/0x380
[  265.988446][T10355]  ? __pfx___alloc_skb+0x10/0x10
[  265.988457][T10355]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  265.988475][T10355]  netlink_alloc_large_skb+0x69/0x130
[  265.988488][T10355]  netlink_sendmsg+0x6a1/0xdd0
[  265.988501][T10355]  ? __pfx_netlink_sendmsg+0x10/0x10
[  265.988513][T10355]  ? __import_iovec+0x1c8/0x660
[  265.988531][T10355]  ____sys_sendmsg+0xa95/0xc70
[  265.988545][T10355]  ? __pfx_____sys_sendmsg+0x10/0x10
[  265.988557][T10355]  ? get_compat_msghdr+0x11a/0x170
[  265.988573][T10355]  ___sys_sendmsg+0x134/0x1d0
[  265.988584][T10355]  ? __pfx____sys_sendmsg+0x10/0x10
[  265.988610][T10355]  __sys_sendmsg+0x16d/0x220
[  265.988621][T10355]  ? __pfx___sys_sendmsg+0x10/0x10
[  265.988646][T10355]  ? rcu_is_watching+0x12/0xc0
[  265.988660][T10355]  __do_fast_syscall_32+0x73/0x120
[  265.988675][T10355]  do_fast_syscall_32+0x32/0x80
[  265.988688][T10355]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  265.988700][T10355] RIP: 0023:0xf7f02579
[  265.988708][T10355] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  265.988717][T10355] RSP: 002b:00000000f502655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  265.988726][T10355] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000000
[  265.988732][T10355] RDX: 00000000240008c4 RSI: 0000000000000000 RDI: 0000000000000000
[  265.988738][T10355] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  265.988744][T10355] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  265.988749][T10355] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  265.988761][T10355]  </TASK>
[  266.730451][   T57] usb 6-1: new full-speed USB device number 20 using dummy_hcd
[  266.961964][   T57] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  266.965127][   T57] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  266.968457][   T57] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  266.989827][   T57] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5
[  266.998795][   T57] usb 6-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  267.001808][   T57] usb 6-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  267.004282][   T57] usb 6-1: Manufacturer: syz
[  267.012651][   T57] usb 6-1: config 0 descriptor??
[  267.590641][ T5950] Bluetooth: hci3: Opcode 0x0c03 failed: -110
[  267.712305][T10409] FAULT_INJECTION: forcing a failure.
[  267.712305][T10409] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  267.716419][T10409] CPU: 3 UID: 0 PID: 10409 Comm: syz.2.1122 Not tainted 6.15.0-rc4-syzkaller-00147-gebd297a2affa #0 PREEMPT(full) 
[  267.716433][T10409] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  267.716439][T10409] Call Trace:
[  267.716443][T10409]  <TASK>
[  267.716447][T10409]  dump_stack_lvl+0x16c/0x1f0
[  267.716465][T10409]  should_fail_ex+0x512/0x640
[  267.716481][T10409]  _copy_from_user+0x2e/0xd0
[  267.716497][T10409]  kstrtouint_from_user+0xd6/0x1d0
[  267.716508][T10409]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  267.716519][T10409]  ? __lock_acquire+0xaa4/0x1ba0
[  267.716538][T10409]  proc_fail_nth_write+0x83/0x250
[  267.716553][T10409]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  267.716570][T10409]  vfs_write+0x25c/0x1180
[  267.716579][T10409]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  267.716595][T10409]  ? __pfx___mutex_lock+0x10/0x10
[  267.716608][T10409]  ? __pfx_vfs_write+0x10/0x10
[  267.716620][T10409]  ? __fget_files+0x20e/0x3c0
[  267.716639][T10409]  ksys_write+0x12a/0x240
[  267.716648][T10409]  ? __pfx_ksys_write+0x10/0x10
[  267.716656][T10409]  ? rcu_is_watching+0x12/0xc0
[  267.716673][T10409]  ? rcu_is_watching+0x12/0xc0
[  267.716684][T10409]  __do_fast_syscall_32+0x73/0x120
[  267.716698][T10409]  do_fast_syscall_32+0x32/0x80
[  267.716711][T10409]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  267.716724][T10409] RIP: 0023:0xf7f02579
[  267.716732][T10409] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  267.716741][T10409] RSP: 002b:00000000f5026590 EFLAGS: 00000293 ORIG_RAX: 0000000000000004
[  267.716751][T10409] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000f5026620
[  267.716757][T10409] RDX: 0000000000000001 RSI: 00000000f7392ff4 RDI: 0000000000000000
[  267.716763][T10409] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000
[  267.716768][T10409] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  267.716773][T10409] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  267.716786][T10409]  </TASK>
[  267.911665][ T5950] Bluetooth: hci2: command 0x0406 tx timeout
[  269.040251][T10437] Bluetooth: MGMT ver 1.23
[  269.045049][T10437] FAULT_INJECTION: forcing a failure.
[  269.045049][T10437] name failslab, interval 1, probability 0, space 0, times 0
[  269.049038][T10437] CPU: 3 UID: 0 PID: 10437 Comm: syz.0.1130 Not tainted 6.15.0-rc4-syzkaller-00147-gebd297a2affa #0 PREEMPT(full) 
[  269.049052][T10437] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  269.049058][T10437] Call Trace:
[  269.049062][T10437]  <TASK>
[  269.049066][T10437]  dump_stack_lvl+0x16c/0x1f0
[  269.049082][T10437]  should_fail_ex+0x512/0x640
[  269.049095][T10437]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[  269.049109][T10437]  should_failslab+0xc2/0x120
[  269.049121][T10437]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  269.049132][T10437]  ? __alloc_skb+0x2b2/0x380
[  269.049144][T10437]  __alloc_skb+0x2b2/0x380
[  269.049153][T10437]  ? __pfx___alloc_skb+0x10/0x10
[  269.049162][T10437]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  269.049179][T10437]  mgmt_cmd_complete+0x4f/0x550
[  269.049196][T10437]  start_discovery_internal+0x540/0x800
[  269.049208][T10437]  ? __pfx_start_discovery_internal+0x10/0x10
[  269.049218][T10437]  ? lockdep_init_map_type+0x5c/0x280
[  269.049232][T10437]  ? do_init_timer+0xc9/0x110
[  269.049243][T10437]  ? __pfx_mgmt_init_hdev+0x10/0x10
[  269.049259][T10437]  hci_sock_sendmsg+0x151f/0x25e0
[  269.049276][T10437]  ? __pfx_hci_sock_sendmsg+0x10/0x10
[  269.049294][T10437]  sock_write_iter+0x4fc/0x5b0
[  269.049308][T10437]  ? __pfx_sock_write_iter+0x10/0x10
[  269.049326][T10437]  ? bpf_lsm_file_permission+0x9/0x10
[  269.049341][T10437]  ? security_file_permission+0x71/0x210
[  269.049355][T10437]  ? rw_verify_area+0xcf/0x680
[  269.049370][T10437]  vfs_write+0x5ba/0x1180
[  269.049380][T10437]  ? __pfx_sock_write_iter+0x10/0x10
[  269.049394][T10437]  ? __pfx_vfs_write+0x10/0x10
[  269.049402][T10437]  ? find_held_lock+0x2b/0x80
[  269.049419][T10437]  ksys_write+0x205/0x240
[  269.049428][T10437]  ? __pfx_ksys_write+0x10/0x10
[  269.049439][T10437]  ? rcu_is_watching+0x12/0xc0
[  269.049450][T10437]  __do_fast_syscall_32+0x73/0x120
[  269.049465][T10437]  do_fast_syscall_32+0x32/0x80
[  269.049478][T10437]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  269.049490][T10437] RIP: 0023:0xf7fb7579
[  269.049498][T10437] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  269.049507][T10437] RSP: 002b:00000000f50d655c EFLAGS: 00000296 ORIG_RAX: 0000000000000004
[  269.049517][T10437] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000340
[  269.049523][T10437] RDX: 0000000000000007 RSI: 0000000000000000 RDI: 0000000000000000
[  269.049528][T10437] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  269.049533][T10437] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  269.049539][T10437] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  269.049551][T10437]  </TASK>
[  269.320453][   T57] rc_core: IR keymap rc-hauppauge not found
[  269.322330][   T57] Registered IR keymap rc-empty
[  269.323906][   T57] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  269.350426][   T57] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  269.383452][   T57] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:0.0/rc/rc0
[  269.395680][   T57] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:0.0/rc/rc0/input107
[  269.414302][   T57] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  269.450542][   T57] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  269.490487][   T57] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  269.510654][   T57] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  269.530469][   T57] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  269.550452][   T57] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  269.590746][   T57] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  269.630435][   T57] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  269.876099][   T57] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  270.079274][   T57] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  270.111253][   T57] mceusb 6-1:0.0: Registered  with mce emulator interface version 1
[  270.113794][   T57] mceusb 6-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  270.122121][   T57] usb 6-1: USB disconnect, device number 20
[  270.187223][T10464] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1137'.
[  270.307718][T10470] No control pipe specified
[  270.311278][T10470] No control pipe specified
[  270.353243][T10475] overlayfs: failed to resolve './file1': -2
[  270.413995][T10476] lo speed is unknown, defaulting to 1000
[  270.416438][T10476] lo speed is unknown, defaulting to 1000
[  270.800499][ T5977] usb 8-1: new full-speed USB device number 29 using dummy_hcd
[  270.951701][ T5977] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  270.954989][ T5977] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  270.958483][ T5977] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  270.961697][ T5977] usb 8-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5
[  270.966666][ T5977] usb 8-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  270.969814][ T5977] usb 8-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  270.972405][ T5977] usb 8-1: Manufacturer: syz
[  270.975148][ T5977] usb 8-1: config 0 descriptor??
[  271.601732][T10500] FAULT_INJECTION: forcing a failure.
[  271.601732][T10500] name failslab, interval 1, probability 0, space 0, times 0
[  271.605703][T10500] CPU: 2 UID: 0 PID: 10500 Comm: syz.1.1146 Not tainted 6.15.0-rc4-syzkaller-00147-gebd297a2affa #0 PREEMPT(full) 
[  271.605716][T10500] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  271.605722][T10500] Call Trace:
[  271.605726][T10500]  <TASK>
[  271.605730][T10500]  dump_stack_lvl+0x16c/0x1f0
[  271.605747][T10500]  should_fail_ex+0x512/0x640
[  271.605762][T10500]  ? fs_reclaim_acquire+0xae/0x150
[  271.605777][T10500]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[  271.605792][T10500]  should_failslab+0xc2/0x120
[  271.605804][T10500]  __kmalloc_noprof+0xd2/0x510
[  271.605818][T10500]  tomoyo_realpath_from_path+0xc2/0x6e0
[  271.605833][T10500]  ? tomoyo_profile+0x47/0x60
[  271.605849][T10500]  tomoyo_path_perm+0x274/0x460
[  271.605859][T10500]  ? tomoyo_path_perm+0x260/0x460
[  271.605871][T10500]  ? __pfx_tomoyo_path_perm+0x10/0x10
[  271.605896][T10500]  ? __pfx_ima_file_check+0x10/0x10
[  271.605910][T10500]  ? hook_file_truncate+0xc7/0x250
[  271.605924][T10500]  security_file_truncate+0x84/0x1e0
[  271.605937][T10500]  path_openat+0xc85/0x2d40
[  271.605953][T10500]  ? __pfx_path_openat+0x10/0x10
[  271.605965][T10500]  do_filp_open+0x20b/0x470
[  271.605975][T10500]  ? __pfx_do_filp_open+0x10/0x10
[  271.605994][T10500]  ? alloc_fd+0x471/0x7d0
[  271.606012][T10500]  do_sys_openat2+0x11b/0x1d0
[  271.606025][T10500]  ? __pfx_do_sys_openat2+0x10/0x10
[  271.606039][T10500]  ? __fget_files+0x20e/0x3c0
[  271.606056][T10500]  __ia32_compat_sys_openat+0x16d/0x210
[  271.606070][T10500]  ? __pfx___ia32_compat_sys_openat+0x10/0x10
[  271.606083][T10500]  ? ksys_write+0x1b9/0x240
[  271.606094][T10500]  ? rcu_is_watching+0x12/0xc0
[  271.606105][T10500]  __do_fast_syscall_32+0x73/0x120
[  271.606120][T10500]  do_fast_syscall_32+0x32/0x80
[  271.606136][T10500]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  271.606149][T10500] RIP: 0023:0xf7fa5579
[  271.606157][T10500] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  271.606169][T10500] RSP: 002b:00000000f50a555c EFLAGS: 00000296 ORIG_RAX: 0000000000000127
[  271.606179][T10500] RAX: ffffffffffffffda RBX: 000000000000000c RCX: 0000000080000040
[  271.606185][T10500] RDX: 000000000000275a RSI: 0000000000000000 RDI: 0000000000000000
[  271.606193][T10500] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  271.606198][T10500] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  271.606203][T10500] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  271.606218][T10500]  </TASK>
[  271.606222][T10500] ERROR: Out of memory at tomoyo_realpath_from_path.
[  272.400486][ T5950] Bluetooth: hci2: command 0x0406 tx timeout
[  273.540883][ T5977] rc_core: IR keymap rc-hauppauge not found
[  273.542804][ T5977] Registered IR keymap rc-empty
[  273.544463][ T5977] mceusb 8-1:0.0: Error: mce write submit urb error = -90
[  273.570452][ T5977] mceusb 8-1:0.0: Error: mce write submit urb error = -90
[  273.591651][ T5977] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.3/usb8/8-1/8-1:0.0/rc/rc0
[  273.602873][ T5977] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.3/usb8/8-1/8-1:0.0/rc/rc0/input108
[  273.611832][ T5977] mceusb 8-1:0.0: Error: mce write submit urb error = -90
[  273.630483][ T5977] mceusb 8-1:0.0: Error: mce write submit urb error = -90
[  273.650487][ T5977] mceusb 8-1:0.0: Error: mce write submit urb error = -90
[  273.680552][ T5977] mceusb 8-1:0.0: Error: mce write submit urb error = -90
[  273.700532][ T5977] mceusb 8-1:0.0: Error: mce write submit urb error = -90
[  273.720570][ T5977] mceusb 8-1:0.0: Error: mce write submit urb error = -90
[  273.740530][ T5977] mceusb 8-1:0.0: Error: mce write submit urb error = -90
[  273.760473][ T5977] mceusb 8-1:0.0: Error: mce write submit urb error = -90
[  273.780435][ T5977] mceusb 8-1:0.0: Error: mce write submit urb error = -90
[  273.800504][ T5977] mceusb 8-1:0.0: Error: mce write submit urb error = -90
[  273.823999][ T5977] mceusb 8-1:0.0: Registered  with mce emulator interface version 1
[  273.828299][ T5977] mceusb 8-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  273.841856][ T5977] usb 8-1: USB disconnect, device number 29
[  274.690417][   T57] usb 6-1: new high-speed USB device number 21 using dummy_hcd
[  274.863479][   T57] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  274.870423][   T57] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  274.876490][   T57] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  274.882949][   T57] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  274.899795][T10545] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  274.922554][   T57] usb 6-1: Quirk or no altset; falling back to MIDI 1.0
[  275.344825][T10557] netlink: 196 bytes leftover after parsing attributes in process `syz.0.1159'.
[  275.348345][T10557] netlink: 196 bytes leftover after parsing attributes in process `syz.0.1159'.
[  275.351851][T10557] netlink: 19 bytes leftover after parsing attributes in process `syz.0.1159'.
[  275.369081][T10560] iso9660: Unknown parameter 'ñ³‚ŒŠ(vn*;�\ÓØÆMȗˆš­'
[  275.391701][T10562] FAULT_INJECTION: forcing a failure.
[  275.391701][T10562] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  275.396762][T10562] CPU: 2 UID: 0 PID: 10562 Comm: syz.0.1161 Not tainted 6.15.0-rc4-syzkaller-00147-gebd297a2affa #0 PREEMPT(full) 
[  275.396776][T10562] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  275.396782][T10562] Call Trace:
[  275.396786][T10562]  <TASK>
[  275.396790][T10562]  dump_stack_lvl+0x16c/0x1f0
[  275.396807][T10562]  should_fail_ex+0x512/0x640
[  275.396823][T10562]  _copy_to_user+0x32/0xd0
[  275.396839][T10562]  simple_read_from_buffer+0xcb/0x170
[  275.396854][T10562]  proc_fail_nth_read+0x197/0x270
[  275.396868][T10562]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  275.396883][T10562]  ? rw_verify_area+0xcf/0x680
[  275.396896][T10562]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  275.396910][T10562]  vfs_read+0x1de/0xc70
[  275.396920][T10562]  ? __pfx___mutex_lock+0x10/0x10
[  275.396933][T10562]  ? __pfx_vfs_read+0x10/0x10
[  275.396946][T10562]  ? __fget_files+0x20e/0x3c0
[  275.396964][T10562]  ksys_read+0x12a/0x240
[  275.396973][T10562]  ? __pfx_ksys_read+0x10/0x10
[  275.396983][T10562]  ? rcu_is_watching+0x12/0xc0
[  275.396994][T10562]  __do_fast_syscall_32+0x73/0x120
[  275.397009][T10562]  do_fast_syscall_32+0x32/0x80
[  275.397022][T10562]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  275.397034][T10562] RIP: 0023:0xf7fb7579
[  275.397042][T10562] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  275.397051][T10562] RSP: 002b:00000000f50d6590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  275.397061][T10562] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f50d6620
[  275.397067][T10562] RDX: 000000000000000f RSI: 00000000f7442ff4 RDI: 0000000000000000
[  275.397072][T10562] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000
[  275.397077][T10562] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  275.397083][T10562] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  275.397095][T10562]  </TASK>
[  275.739632][T10566] lo speed is unknown, defaulting to 1000
[  275.742298][T10566] lo speed is unknown, defaulting to 1000
[  275.789468][T10577] capability: warning: `syz.2.1164' uses 32-bit capabilities (legacy support in use)
[  276.493916][T10600] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1172'.
[  276.533535][T10604] ip6t_rpfilter: only valid in 'raw' or 'mangle' table, not '
'
[  276.573209][T10608] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1174'.
[  276.582200][T10608] 9pnet_fd: Insufficient options for proto=fd
[  276.612532][T10609] netlink: 'syz.3.1175': attribute type 11 has an invalid length.
[  276.615095][T10609] netlink: 'syz.3.1175': attribute type 11 has an invalid length.
[  276.617635][T10609] netlink: 224 bytes leftover after parsing attributes in process `syz.3.1175'.
[  277.110411][   T57] usb 6-1: USB disconnect, device number 21
[  277.288487][T10623] binder: 10622:10623 ioctl ae41 1 returned -22
[  277.373208][T10628] netlink: 56 bytes leftover after parsing attributes in process `syz.0.1181'.
[  277.376030][T10628] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1181'.
[  277.557445][T10643] (unnamed net_device) (uninitialized): option primary: mode dependency failed, not supported in mode 802.3ad(4)
[  277.836424][T10650] netlink: 'syz.0.1184': attribute type 4 has an invalid length.
[  277.840535][T10650] netlink: 'syz.0.1184': attribute type 4 has an invalid length.
[  278.383213][T10640] delete_channel: no stack
[  278.463645][T10659] mac80211_hwsim hwsim8 wlan1: entered allmulticast mode
[  278.528480][T10659] netlink: 'syz.1.1194': attribute type 10 has an invalid length.
[  278.536261][T10659] mac80211_hwsim hwsim8 wlan1: entered promiscuous mode
[  278.598289][T10673] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1191'.
[  278.612853][T10673] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  278.615192][T10673] batman_adv: batadv0: Removing interface: batadv_slave_0
[  278.620048][T10673] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  278.623415][T10673] batman_adv: batadv0: Removing interface: batadv_slave_1
[  278.633195][ T5950] Bluetooth: hci2: command 0x0406 tx timeout
[  278.690203][T10677] syzkaller1: entered promiscuous mode
[  278.692016][T10677] syzkaller1: entered allmulticast mode
[  278.838647][T10682] random: crng reseeded on system resumption
[  278.893654][   T40] audit: type=1326 audit(1746204406.871:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10680 comm="syz.0.1195" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb7579 code=0x7ffc0000
[  278.900235][   T40] audit: type=1326 audit(1746204406.871:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10680 comm="syz.0.1195" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7fb7579 code=0x7ffc0000
[  278.906974][   T40] audit: type=1326 audit(1746204406.881:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10680 comm="syz.0.1195" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb7579 code=0x7ffc0000
[  278.913879][   T40] audit: type=1326 audit(1746204406.881:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10680 comm="syz.0.1195" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb7579 code=0x7ffc0000
[  279.066097][   T40] audit: type=1326 audit(1746204407.041:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10686 comm="syz.2.1197" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f02579 code=0x7ffc0000
[  279.074769][   T40] audit: type=1326 audit(1746204407.041:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10686 comm="syz.2.1197" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f02579 code=0x7ffc0000
[  279.082549][   T40] audit: type=1326 audit(1746204407.051:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10686 comm="syz.2.1197" exe="/syz-executor" sig=0 arch=40000003 syscall=30 compat=1 ip=0xf7f02579 code=0x7ffc0000
[  279.089709][   T40] audit: type=1326 audit(1746204407.051:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10686 comm="syz.2.1197" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f02579 code=0x7ffc0000
[  279.096671][   T40] audit: type=1326 audit(1746204407.051:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10686 comm="syz.2.1197" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f02579 code=0x7ffc0000
[  279.103604][   T40] audit: type=1326 audit(1746204407.051:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10686 comm="syz.2.1197" exe="/syz-executor" sig=0 arch=40000003 syscall=321 compat=1 ip=0xf7f02579 code=0x7ffc0000
[  280.190064][T10716] FAULT_INJECTION: forcing a failure.
[  280.190064][T10716] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  280.194941][T10716] CPU: 3 UID: 0 PID: 10716 Comm: syz.2.1204 Not tainted 6.15.0-rc4-syzkaller-00147-gebd297a2affa #0 PREEMPT(full) 
[  280.194956][T10716] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  280.194961][T10716] Call Trace:
[  280.194965][T10716]  <TASK>
[  280.194969][T10716]  dump_stack_lvl+0x16c/0x1f0
[  280.194986][T10716]  should_fail_ex+0x512/0x640
[  280.195003][T10716]  _copy_from_user+0x2e/0xd0
[  280.195018][T10716]  set_selection_user+0x83/0x140
[  280.195028][T10716]  ? __pfx_set_selection_user+0x10/0x10
[  280.195039][T10716]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  280.195053][T10716]  tioclinux+0x36d/0x5d0
[  280.195065][T10716]  vt_ioctl+0x2e8f/0x2f50
[  280.195081][T10716]  ? __pfx_vt_ioctl+0x10/0x10
[  280.195096][T10716]  ? aa_get_newest_label+0x375/0x680
[  280.195107][T10716]  ? __pfx_aa_get_newest_label+0x10/0x10
[  280.195117][T10716]  ? rcu_is_watching+0x12/0xc0
[  280.195126][T10716]  ? trace_cap_capable+0x18d/0x200
[  280.195137][T10716]  ? apparmor_capable+0x114/0x1d0
[  280.195147][T10716]  ? bpf_lsm_capable+0x9/0x10
[  280.195157][T10716]  ? security_capable+0x7e/0x260
[  280.195174][T10716]  vt_compat_ioctl+0x1c2/0x4e0
[  280.195189][T10716]  ? __pfx_vt_compat_ioctl+0x10/0x10
[  280.195203][T10716]  ? hook_file_ioctl_common+0x145/0x410
[  280.195216][T10716]  ? __fget_files+0x20e/0x3c0
[  280.195230][T10716]  ? fput+0x70/0xf0
[  280.195241][T10716]  ? __pfx_vt_compat_ioctl+0x10/0x10
[  280.195256][T10716]  tty_compat_ioctl+0x2ee/0x4d0
[  280.195267][T10716]  ? __pfx_tty_compat_ioctl+0x10/0x10
[  280.195279][T10716]  __ia32_compat_sys_ioctl+0x24c/0x360
[  280.195294][T10716]  __do_fast_syscall_32+0x73/0x120
[  280.195310][T10716]  do_fast_syscall_32+0x32/0x80
[  280.195323][T10716]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  280.195335][T10716] RIP: 0023:0xf7f02579
[  280.195343][T10716] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  280.195352][T10716] RSP: 002b:00000000f502655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  280.195362][T10716] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 000000000000541c
[  280.195368][T10716] RDX: 0000000080000000 RSI: 0000000000000000 RDI: 0000000000000000
[  280.195373][T10716] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  280.195382][T10716] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  280.195388][T10716] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  280.195399][T10716]  </TASK>
[  280.329390][T10719] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1205'.
[  280.630689][ T5967] usb 5-1: new high-speed USB device number 22 using dummy_hcd
[  280.790637][ T5967] usb 5-1: Using ep0 maxpacket: 8
[  280.793686][ T5967] usb 5-1: config 0 has an invalid interface number: 1 but max is 0
[  280.796254][ T5967] usb 5-1: config 0 has no interface number 0
[  280.798175][ T5967] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  280.801730][ T5967] usb 5-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  280.804625][ T5967] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  280.808641][ T5967] usb 5-1: config 0 descriptor??
[  280.817580][ T5967] iowarrior 5-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0
[  281.038675][ T5999] usb 5-1: USB disconnect, device number 22
[  281.365147][T10746] loop7: detected capacity change from 0 to 6
[  281.413559][T10746] Dev loop7: unable to read RDB block 6
[  281.415792][T10746]  loop7: unable to read partition table
[  281.417702][T10746] loop7: partition table beyond EOD, truncated
[  281.420177][T10746] loop_reread_partitions: partition scan of loop7 (îÝ·ÂU@™:ÖB$Œ{
WÎÉ´å) failed (rc=-5)
[  282.314764][T10768] netlink: 'syz.0.1220': attribute type 58 has an invalid length.
[  283.740494][ T5999] usb 6-1: new high-speed USB device number 22 using dummy_hcd
[  283.890523][ T5999] usb 6-1: Using ep0 maxpacket: 16
[  283.893088][ T5999] usb 6-1: too many configurations: 219, using maximum allowed: 8
[  283.901354][ T5999] usb 6-1: invalid descriptor for config index 0: type = 0x2, length = 149
[  283.904291][ T5999] usb 6-1: can't read configurations, error -22
[  284.040424][ T5999] usb 6-1: new high-speed USB device number 23 using dummy_hcd
[  284.190460][ T5999] usb 6-1: Using ep0 maxpacket: 16
[  284.192828][ T5999] usb 6-1: too many configurations: 219, using maximum allowed: 8
[  284.196104][ T5999] usb 6-1: invalid descriptor for config index 0: type = 0x2, length = 149
[  284.198776][ T5999] usb 6-1: can't read configurations, error -22
[  284.202434][ T5999] usb usb6-port1: attempt power cycle
[  284.376231][T10817] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1234'.
[  284.541719][ T5999] usb 6-1: new high-speed USB device number 24 using dummy_hcd
[  284.561410][ T5999] usb 6-1: Using ep0 maxpacket: 16
[  284.564632][ T5999] usb 6-1: too many configurations: 219, using maximum allowed: 8
[  284.569380][ T5999] usb 6-1: invalid descriptor for config index 0: type = 0x2, length = 149
[  284.574347][ T5999] usb 6-1: can't read configurations, error -22
[  284.700507][ T5999] usb 6-1: new high-speed USB device number 25 using dummy_hcd
[  284.721364][ T5999] usb 6-1: Using ep0 maxpacket: 16
[  284.723714][ T5999] usb 6-1: too many configurations: 219, using maximum allowed: 8
[  284.727058][ T5999] usb 6-1: invalid descriptor for config index 0: type = 0x2, length = 149
[  284.729794][ T5999] usb 6-1: can't read configurations, error -22
[  284.732314][ T5999] usb usb6-port1: unable to enumerate USB device
[  284.884666][T10833] /dev/nullb0: Can't open blockdev
[  285.303257][T10838] syzkaller0: entered promiscuous mode
[  285.305024][T10838] syzkaller0: entered allmulticast mode
[  285.886325][T10841] Bluetooth: MGMT ver 1.23
[  286.781859][T10851] xt_connbytes: Forcing CT accounting to be enabled
[  286.983511][T10861] /dev/nullb0: Can't open blockdev
[  287.359918][T10884] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1251'.
[  287.365097][T10884] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1251'.
[  287.370303][T10884] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1251'.
[  287.375264][T10884] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1251'.
[  287.440563][T10823] 9pnet_fd: p9_fd_create_tcp (10823): problem connecting socket to 127.0.0.1
[  288.590050][T10922] md: md2 stopped.
[  289.300576][T10939] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  289.388152][T10943] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1265'.
[  290.037302][T10955] FAULT_INJECTION: forcing a failure.
[  290.037302][T10955] name failslab, interval 1, probability 0, space 0, times 0
[  290.042176][T10955] CPU: 3 UID: 0 PID: 10955 Comm: syz.3.1268 Not tainted 6.15.0-rc4-syzkaller-00147-gebd297a2affa #0 PREEMPT(full) 
[  290.042197][T10955] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  290.042206][T10955] Call Trace:
[  290.042212][T10955]  <TASK>
[  290.042217][T10955]  dump_stack_lvl+0x16c/0x1f0
[  290.042242][T10955]  should_fail_ex+0x512/0x640
[  290.042261][T10955]  ? __kmalloc_cache_noprof+0x57/0x3e0
[  290.042288][T10955]  should_failslab+0xc2/0x120
[  290.042306][T10955]  __kmalloc_cache_noprof+0x6a/0x3e0
[  290.042328][T10955]  ? __asan_memset+0x23/0x50
[  290.042349][T10955]  ? alloc_netdev_mqs+0xece/0x1570
[  290.042367][T10955]  ? __xdp_rxq_info_reg+0x14e/0x2d0
[  290.042387][T10955]  alloc_netdev_mqs+0xece/0x1570
[  290.042409][T10955]  rtnl_create_link+0xc10/0xfa0
[  290.042429][T10955]  rtnl_newlink+0xb69/0x2000
[  290.042451][T10955]  ? __pfx_rtnl_newlink+0x10/0x10
[  290.042484][T10955]  ? kfree_skbmem+0x1a4/0x1f0
[  290.042511][T10955]  ? rcu_is_watching+0x12/0xc0
[  290.042526][T10955]  ? trace_cap_capable+0x18d/0x200
[  290.042548][T10955]  ? find_held_lock+0x2b/0x80
[  290.042562][T10955]  ? __pfx_rtnl_newlink+0x10/0x10
[  290.042577][T10955]  ? __pfx_rtnl_newlink+0x10/0x10
[  290.042592][T10955]  ? rtnetlink_rcv_msg+0x93a/0xe90
[  290.042609][T10955]  ? __pfx_rtnl_newlink+0x10/0x10
[  290.042620][T10955]  rtnetlink_rcv_msg+0x95b/0xe90
[  290.042632][T10955]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  290.042649][T10955]  netlink_rcv_skb+0x16a/0x440
[  290.042661][T10955]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  290.042673][T10955]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  290.042692][T10955]  ? netlink_deliver_tap+0x1ae/0xd30
[  290.042705][T10955]  netlink_unicast+0x53a/0x7f0
[  290.042718][T10955]  ? __pfx_netlink_unicast+0x10/0x10
[  290.042733][T10955]  netlink_sendmsg+0x8d1/0xdd0
[  290.042746][T10955]  ? __pfx_netlink_sendmsg+0x10/0x10
[  290.042758][T10955]  ? __import_iovec+0x1c8/0x660
[  290.042776][T10955]  ____sys_sendmsg+0xa95/0xc70
[  290.042791][T10955]  ? __pfx_____sys_sendmsg+0x10/0x10
[  290.042803][T10955]  ? get_compat_msghdr+0x11a/0x170
[  290.042819][T10955]  ___sys_sendmsg+0x134/0x1d0
[  290.042831][T10955]  ? __pfx____sys_sendmsg+0x10/0x10
[  290.042857][T10955]  __sys_sendmsg+0x16d/0x220
[  290.042868][T10955]  ? __pfx___sys_sendmsg+0x10/0x10
[  290.042884][T10955]  ? rcu_is_watching+0x12/0xc0
[  290.042894][T10955]  __do_fast_syscall_32+0x73/0x120
[  290.042908][T10955]  do_fast_syscall_32+0x32/0x80
[  290.042922][T10955]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  290.042934][T10955] RIP: 0023:0xf7fd1579
[  290.042941][T10955] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  290.042951][T10955] RSP: 002b:00000000f50f655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  290.042960][T10955] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000280
[  290.042966][T10955] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  290.042971][T10955] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  290.042977][T10955] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  290.042982][T10955] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  290.042994][T10955]  </TASK>
[  290.870621][ T1016] usb 6-1: new high-speed USB device number 26 using dummy_hcd
[  291.020477][ T1016] usb 6-1: Using ep0 maxpacket: 8
[  291.023443][ T1016] usb 6-1: config index 0 descriptor too short (expected 5924, got 36)
[  291.026071][ T1016] usb 6-1: config 250 has an invalid interface number: 228 but max is -1
[  291.028719][ T1016] usb 6-1: config 250 has 1 interface, different from the descriptor's value: 0
[  291.032134][ T1016] usb 6-1: config 250 has no interface number 0
[  291.034105][ T1016] usb 6-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024
[  291.037714][ T1016] usb 6-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024
[  291.041029][ T1016] usb 6-1: config 250 interface 228 altsetting 255 endpoint 0x82 has invalid wMaxPacketSize 0
[  291.044245][ T1016] usb 6-1: config 250 interface 228 altsetting 255 bulk endpoint 0x82 has invalid maxpacket 0
[  291.046641][T10958] delete_channel: no stack
[  291.047333][ T1016] usb 6-1: config 250 interface 228 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 17
[  291.047348][ T1016] usb 6-1: config 250 interface 228 has no altsetting 0
[  291.048900][ T1016] usb 6-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07
[  291.059255][ T1016] usb 6-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59
[  291.059268][ T1016] usb 6-1: Product: syz
[  291.059275][ T1016] usb 6-1: SerialNumber: syz
[  291.065200][ T1016] hub 6-1:250.228: bad descriptor, ignoring hub
[  291.079887][ T1016] hub 6-1:250.228: probe with driver hub failed with error -5
[  291.272090][ T1016] usblp 6-1:250.228: usblp0: USB Bidirectional printer dev 26 if 228 alt 255 proto 3 vid 0x0525 pid 0xD292
[  291.499809][T10976] input: syz0 as /devices/virtual/input/input109
[  292.162930][T10971] usb 6-1: reset high-speed USB device number 26 using dummy_hcd
[  292.167713][T10971] usb 6-1: device reset changed ep0 maxpacket size!
[  292.173135][ T5999] usb 6-1: USB disconnect, device number 26
[  292.177366][ T5999] usblp0: removed
[  292.312115][ T5999] usb 6-1: new high-speed USB device number 27 using dummy_hcd
[  292.389431][T10999] FAULT_INJECTION: forcing a failure.
[  292.389431][T10999] name failslab, interval 1, probability 0, space 0, times 0
[  292.395400][T10999] CPU: 1 UID: 0 PID: 10999 Comm: syz.0.1281 Not tainted 6.15.0-rc4-syzkaller-00147-gebd297a2affa #0 PREEMPT(full) 
[  292.395422][T10999] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  292.395432][T10999] Call Trace:
[  292.395453][T10999]  <TASK>
[  292.395461][T10999]  dump_stack_lvl+0x16c/0x1f0
[  292.395487][T10999]  should_fail_ex+0x512/0x640
[  292.395509][T10999]  ? __kmalloc_noprof+0xbf/0x510
[  292.395529][T10999]  ? iter_file_splice_write+0x1cc/0x1150
[  292.395552][T10999]  should_failslab+0xc2/0x120
[  292.395571][T10999]  __kmalloc_noprof+0xd2/0x510
[  292.395587][T10999]  ? ovl_revert_creds+0x13/0x50
[  292.395613][T10999]  ? ovl_other_xattr_get+0x100/0x160
[  292.395639][T10999]  iter_file_splice_write+0x1cc/0x1150
[  292.395669][T10999]  ? __vfs_getxattr+0x145/0x1a0
[  292.395693][T10999]  ? __pfx___vfs_getxattr+0x10/0x10
[  292.395716][T10999]  ? bpf_lsm_capable+0x9/0x10
[  292.395732][T10999]  ? security_capable+0x7e/0x260
[  292.395759][T10999]  ? __pfx_iter_file_splice_write+0x10/0x10
[  292.395782][T10999]  ? __lock_acquire+0xaa4/0x1ba0
[  292.395826][T10999]  backing_file_splice_write+0x27c/0x890
[  292.395858][T10999]  ovl_splice_write+0x38d/0x630
[  292.395877][T10999]  ? __pfx_ovl_splice_write+0x10/0x10
[  292.395893][T10999]  ? __pfx_ovl_file_end_write+0x10/0x10
[  292.395928][T10999]  ? __pfx_ovl_splice_write+0x10/0x10
[  292.395944][T10999]  direct_splice_actor+0x18f/0x6c0
[  292.395996][T10999]  splice_direct_to_actor+0x342/0xa30
[  292.396022][T10999]  ? __pfx_direct_splice_actor+0x10/0x10
[  292.396051][T10999]  ? __pfx_splice_direct_to_actor+0x10/0x10
[  292.396072][T10999]  ? get_pid_task+0xfc/0x250
[  292.396100][T10999]  do_splice_direct+0x174/0x240
[  292.396123][T10999]  ? __pfx_do_splice_direct+0x10/0x10
[  292.396146][T10999]  ? __pfx_direct_file_splice_eof+0x10/0x10
[  292.396173][T10999]  ? rw_verify_area+0xcf/0x680
[  292.396206][T10999]  do_sendfile+0xafd/0xe50
[  292.396234][T10999]  ? __pfx_do_sendfile+0x10/0x10
[  292.396258][T10999]  ? __might_fault+0xe3/0x190
[  292.396275][T10999]  ? __might_fault+0x13b/0x190
[  292.396297][T10999]  __ia32_compat_sys_sendfile+0x162/0x220
[  292.396317][T10999]  ? __pfx___ia32_compat_sys_sendfile+0x10/0x10
[  292.396336][T10999]  ? rcu_is_watching+0x12/0xc0
[  292.396369][T10999]  ? rcu_is_watching+0x12/0xc0
[  292.396387][T10999]  __do_fast_syscall_32+0x73/0x120
[  292.396412][T10999]  do_fast_syscall_32+0x32/0x80
[  292.396433][T10999]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  292.396452][T10999] RIP: 0023:0xf7fb7579
[  292.396466][T10999] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  292.396482][T10999] RSP: 002b:00000000f50b555c EFLAGS: 00000296 ORIG_RAX: 00000000000000bb
[  292.396498][T10999] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 0000000000000007
[  292.396509][T10999] RDX: 0000000080000080 RSI: 0000000000007f03 RDI: 0000000000000000
[  292.396519][T10999] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  292.396528][T10999] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  292.396537][T10999] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  292.396560][T10999]  </TASK>
[  292.514614][ T5999] usb 6-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 0
[  292.522419][ T5999] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  292.525346][ T5999] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  292.528949][ T5999] usb 6-1: Product: syz
[  292.540839][ T5999] usb 6-1: Manufacturer: syz
[  292.542815][ T5999] usb 6-1: SerialNumber: syz
[  292.548893][T10990] [U] .ú
[  292.705742][T11012] xt_CT: You must specify a L4 protocol and not use inversions on it
[  292.727545][T11012] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1287'.
[  292.753937][T11012] netlink: 'syz.0.1287': attribute type 2 has an invalid length.
[  292.755301][T10971] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  292.760152][T10971] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  292.782122][ T5999] cdc_ether 6-1:1.0: probe with driver cdc_ether failed with error -22
[  292.788025][ T5999] usb 6-1: USB disconnect, device number 27
[  294.016730][T11053] netlink: 236 bytes leftover after parsing attributes in process `syz.1.1296'.
[  294.635009][T11072] 9pnet_virtio: no channels available for device syz
[  295.442102][T11087] sctp: [Deprecated]: syz.2.1304 (pid 11087) Use of int in maxseg socket option.
[  295.442102][T11087] Use struct sctp_assoc_value instead
[  295.730444][   T34] usb 6-1: new high-speed USB device number 28 using dummy_hcd
[  295.875415][T11095] netlink: 236 bytes leftover after parsing attributes in process `syz.0.1307'.
[  295.880692][   T34] usb 6-1: Using ep0 maxpacket: 8
[  295.884230][   T34] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  295.888043][   T34] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  295.891991][   T34] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  295.895297][   T34] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  295.899361][   T34] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  295.903023][   T34] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  295.931546][T11097] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1308'.
[  296.110633][   T34] usb 6-1: GET_CAPABILITIES returned 0
[  296.112412][   T34] usbtmc 6-1:16.0: can't read capabilities
[  296.285683][T11106] ref_tracker: memory allocation failure, unreliable refcount tracker.
[  296.316558][  T834] usb 6-1: USB disconnect, device number 28
[  296.341578][T11109] MTD: Attempt to mount non-MTD device "/dev/sr0"
[  296.462534][T11109] /dev/sr0: Can't open blockdev
[  296.894586][T11115] 9pnet_fd: Insufficient options for proto=fd
[  297.364188][T11123] netlink: 236 bytes leftover after parsing attributes in process `syz.0.1317'.
[  297.447016][T11127] sctp: [Deprecated]: syz.0.1318 (pid 11127) Use of int in maxseg socket option.
[  297.447016][T11127] Use struct sctp_assoc_value instead
[  298.458578][T11147] netlink: 'syz.3.1322': attribute type 10 has an invalid length.
[  298.462247][T11147] syz_tun: entered promiscuous mode
[  298.727616][T11163] netlink: 236 bytes leftover after parsing attributes in process `syz.3.1326'.
[  299.945892][T11189] tipc: Started in network mode
[  299.947462][T11189] tipc: Node identity ac141442, cluster identity 4711
[  299.949800][T11189] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[  299.958880][   T40] kauditd_printk_skb: 250 callbacks suppressed
[  299.958891][   T40] audit: type=1326 audit(1746204427.931:288): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11184 comm="syz.3.1331" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd1579 code=0x7ffc0000
[  299.972928][   T40] audit: type=1326 audit(1746204427.931:289): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11184 comm="syz.3.1331" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd1579 code=0x7ffc0000
[  299.979886][   T40] audit: type=1326 audit(1746204427.941:290): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11184 comm="syz.3.1331" exe="/syz-executor" sig=0 arch=40000003 syscall=296 compat=1 ip=0xf7fd1579 code=0x7ffc0000
[  299.987430][   T40] audit: type=1326 audit(1746204427.941:291): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11184 comm="syz.3.1331" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd1579 code=0x7ffc0000
[  299.995121][   T40] audit: type=1326 audit(1746204427.941:292): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11184 comm="syz.3.1331" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd1579 code=0x7ffc0000
[  300.001893][   T40] audit: type=1326 audit(1746204427.941:293): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11184 comm="syz.3.1331" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd1579 code=0x7ffc0000
[  300.008594][   T40] audit: type=1326 audit(1746204427.941:294): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11184 comm="syz.3.1331" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd1579 code=0x7ffc0000
[  300.015486][   T40] audit: type=1326 audit(1746204427.941:295): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11184 comm="syz.3.1331" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7fd1579 code=0x7ffc0000
[  300.022642][   T40] audit: type=1326 audit(1746204427.941:296): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11184 comm="syz.3.1331" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd1579 code=0x7ffc0000
[  300.029237][   T40] audit: type=1326 audit(1746204427.951:297): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11184 comm="syz.3.1331" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd1579 code=0x7ffc0000
[  300.173654][T11197] netlink: 236 bytes leftover after parsing attributes in process `syz.2.1335'.
[  300.715373][T11208] 9pnet_virtio: no channels available for device syz
[  301.700420][   T34] usb 5-1: new high-speed USB device number 23 using dummy_hcd
[  301.859726][   T34] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  301.864245][   T34] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[  301.867745][   T34] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  301.871576][   T34] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  301.875580][   T34] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  301.878387][   T34] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  301.887295][   T34] usb 5-1: config 0 descriptor??
[  301.889596][T11231] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  302.034298][T11247] overlayfs: failed to clone upperpath
[  302.301733][T11231] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  302.304634][T11231] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  302.310592][   T34] plantronics 0003:047F:FFFF.0004: reserved main item tag 0xd
[  302.314955][   T34] plantronics 0003:047F:FFFF.0004: No inputs registered, leaving
[  302.324365][   T34] plantronics 0003:047F:FFFF.0004: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0
[  302.930014][T11260] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  303.014166][ T5950] Bluetooth: hci2: ACL packet for unknown connection handle 201
[  303.046759][T11267] netlink: 164 bytes leftover after parsing attributes in process `syz.2.1354'.
[  303.125270][ T5999] usb 5-1: USB disconnect, device number 23
[  303.492856][T11283] overlayfs: failed to clone upperpath
[  303.975093][T11288] Process accounting resumed
[  304.011181][T11307] syz.1.1366: attempt to access beyond end of device
[  304.011181][T11307] nbd1: rw=0, sector=0, nr_sectors = 2 limit=0
[  304.059186][   T57] hid-generic 0004:FFFFFFFF:0000.0005: unknown main item tag 0x0
[  304.073159][   T57] hid-generic 0004:FFFFFFFF:0000.0005: unknown main item tag 0x0
[  304.076270][   T57] hid-generic 0004:FFFFFFFF:0000.0005: unknown main item tag 0x0
[  304.078999][   T57] hid-generic 0004:FFFFFFFF:0000.0005: unknown main item tag 0x0
[  304.082252][   T57] hid-generic 0004:FFFFFFFF:0000.0005: unknown main item tag 0x0
[  304.086541][   T57] hid-generic 0004:FFFFFFFF:0000.0005: unknown main item tag 0x0
[  304.089101][   T57] hid-generic 0004:FFFFFFFF:0000.0005: unknown main item tag 0x0
[  304.093547][   T57] hid-generic 0004:FFFFFFFF:0000.0005: unknown main item tag 0x0
[  304.101097][   T57] hid-generic 0004:FFFFFFFF:0000.0005: unknown main item tag 0x0
[  304.105816][   T57] hid-generic 0004:FFFFFFFF:0000.0005: unknown main item tag 0x0
[  304.108577][   T57] hid-generic 0004:FFFFFFFF:0000.0005: unknown main item tag 0x0
[  304.112386][   T57] hid-generic 0004:FFFFFFFF:0000.0005: unknown main item tag 0x0
[  304.117517][   T57] hid-generic 0004:FFFFFFFF:0000.0005: unknown main item tag 0x0
[  304.120217][   T57] hid-generic 0004:FFFFFFFF:0000.0005: unknown main item tag 0x0
[  304.123192][   T57] hid-generic 0004:FFFFFFFF:0000.0005: unknown main item tag 0x0
[  304.126216][   T57] hid-generic 0004:FFFFFFFF:0000.0005: unknown main item tag 0x0
[  304.129052][   T57] hid-generic 0004:FFFFFFFF:0000.0005: unknown main item tag 0x0
[  304.132012][   T57] hid-generic 0004:FFFFFFFF:0000.0005: unknown main item tag 0x0
[  304.135308][   T57] hid-generic 0004:FFFFFFFF:0000.0005: unknown main item tag 0x0
[  304.138517][   T57] hid-generic 0004:FFFFFFFF:0000.0005: unknown main item tag 0x0
[  304.148458][   T57] hid-generic 0004:FFFFFFFF:0000.0005: unknown main item tag 0x0
[  304.157691][   T57] hid-generic 0004:FFFFFFFF:0000.0005: unknown main item tag 0x0
[  304.169329][   T57] hid-generic 0004:FFFFFFFF:0000.0005: unknown main item tag 0x0
[  304.179325][   T57] hid-generic 0004:FFFFFFFF:0000.0005: unknown main item tag 0x0
[  304.193810][   T57] hid-generic 0004:FFFFFFFF:0000.0005: unknown main item tag 0x0
[  304.204938][   T57] hid-generic 0004:FFFFFFFF:0000.0005: unknown main item tag 0x0
[  304.210237][   T57] hid-generic 0004:FFFFFFFF:0000.0005: unknown main item tag 0x0
[  304.218809][   T57] hid-generic 0004:FFFFFFFF:0000.0005: unknown main item tag 0x0
[  304.229888][   T57] hid-generic 0004:FFFFFFFF:0000.0005: unknown main item tag 0x0
[  304.237360][   T57] hid-generic 0004:FFFFFFFF:0000.0005: unknown main item tag 0x0
[  304.251878][   T57] hid-generic 0004:FFFFFFFF:0000.0005: unknown main item tag 0x0
[  304.254454][   T57] hid-generic 0004:FFFFFFFF:0000.0005: unknown main item tag 0x0
[  304.262621][   T57] hid-generic 0004:FFFFFFFF:0000.0005: hidraw1: <UNKNOWN> HID v0.00 Device [syz0] on syz0
[  304.340434][ T5976] usb 6-1: new high-speed USB device number 29 using dummy_hcd
[  304.492955][ T5976] usb 6-1: config 0 has no interfaces?
[  304.494857][ T5976] usb 6-1: New USB device found, idVendor=1a34, idProduct=0802, bcdDevice= 0.00
[  304.497747][ T5976] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  304.506947][ T5976] usb 6-1: config 0 descriptor??
[  304.552256][T11319] netlink: 'syz.3.1372': attribute type 10 has an invalid length.
[  304.672691][T11327] 9pnet_fd: Insufficient options for proto=fd
[  304.945882][T11338] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1378'.
[  305.023464][  T834] libceph: connect (1)[c::]:6789 error -101
[  305.026174][  T834] libceph: mon0 (1)[c::]:6789 connect error
[  305.301558][  T834] libceph: connect (1)[c::]:6789 error -101
[  305.303557][  T834] libceph: mon0 (1)[c::]:6789 connect error
[  305.695029][T11339] ceph: No mds server is up or the cluster is laggy
[  305.831840][T11358] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1392'.
[  306.886738][T11380] netlink: 'syz.3.1386': attribute type 10 has an invalid length.
[  306.984741][T11383] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1388'.
[  307.031553][   T10] usb 6-1: USB disconnect, device number 29
[  307.169623][T11391] netlink: 'syz.1.1394': attribute type 10 has an invalid length.
[  307.179085][T11391] netlink: 316 bytes leftover after parsing attributes in process `syz.1.1394'.
[  307.183456][T11391] openvswitch: netlink: Flow key attr not present in new flow.
[  307.208402][T11397] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1395'.
[  307.232093][T11394] fuse: Bad value for 'fd'
[  307.272387][T11400] netlink: 'syz.2.1396': attribute type 10 has an invalid length.
[  307.276365][T11400] syz_tun: entered promiscuous mode
[  307.288912][T11400] bond0: (slave syz_tun): Enslaving as an active interface with an up link
[  307.478247][T11417] tipc: Started in network mode
[  307.479880][T11417] tipc: Node identity 00000000000000000000000000000001, cluster identity 4711
[  307.483056][T11417] tipc: New replicast peer: fe80:0000:0000:0000:0000:0000:0000:00bb
[  307.487379][T11417] tipc: Enabled bearer <udp:syz1>, priority 10
[  307.957659][T11429] 9pnet_virtio: no channels available for device syz
[  308.164708][T11438] netlink: 'syz.3.1408': attribute type 10 has an invalid length.
[  308.203212][T11440] netlink: 164 bytes leftover after parsing attributes in process `syz.3.1410'.
[  308.492120][   T57] tipc: Node number set to 1
[  308.513998][T11450] 9pnet_virtio: no channels available for device syz
[  309.278795][T11471] netlink: 164 bytes leftover after parsing attributes in process `syz.0.1419'.
[  309.298353][T11470] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  309.970698][T11497] futex_wake_op: syz.1.1425 tries to shift op by 144; fix this program
[  309.974125][T11497] /dev/sg0: Can't lookup blockdev
[  309.974573][T11498] /dev/sg0: Can't lookup blockdev
[  310.423800][   T40] kauditd_printk_skb: 9 callbacks suppressed
[  310.423831][   T40] audit: type=1326 audit(1746204438.401:307): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11519 comm="syz.2.1432" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f02579 code=0x7ffc0000
[  310.437226][   T40] audit: type=1326 audit(1746204438.401:308): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11519 comm="syz.2.1432" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f02579 code=0x7ffc0000
[  310.446908][   T40] audit: type=1326 audit(1746204438.401:309): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11519 comm="syz.2.1432" exe="/syz-executor" sig=0 arch=40000003 syscall=192 compat=1 ip=0xf7f02579 code=0x7ffc0000
[  310.456037][   T40] audit: type=1326 audit(1746204438.401:310): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11519 comm="syz.2.1432" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f02579 code=0x7ffc0000
[  310.465028][   T40] audit: type=1326 audit(1746204438.401:311): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11519 comm="syz.2.1432" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f02579 code=0x7ffc0000
[  310.474326][   T40] audit: type=1326 audit(1746204438.401:312): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11519 comm="syz.2.1432" exe="/syz-executor" sig=0 arch=40000003 syscall=63 compat=1 ip=0xf7f02579 code=0x7ffc0000
[  310.483424][   T40] audit: type=1326 audit(1746204438.401:313): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11519 comm="syz.2.1432" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f02579 code=0x7ffc0000
[  310.491146][   T40] audit: type=1326 audit(1746204438.401:314): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11519 comm="syz.2.1432" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f02579 code=0x7ffc0000
[  310.498470][   T40] audit: type=1326 audit(1746204438.411:315): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11519 comm="syz.2.1432" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7f02579 code=0x7ffc0000
[  310.505364][   T40] audit: type=1326 audit(1746204438.411:316): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11519 comm="syz.2.1432" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f02579 code=0x7ffc0000
[  310.844015][T11500] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  310.846700][T11500] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  310.906957][T11535] netlink: 164 bytes leftover after parsing attributes in process `syz.1.1435'.
[  312.077088][T11561] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1439'.
[  312.230642][ T5291] Bluetooth: hci1: command 0x0406 tx timeout
[  312.256809][T11556] ==================================================================
[  312.259994][T11556] BUG: KASAN: vmalloc-out-of-bounds in vrealloc_noprof+0x132/0x320
[  312.263053][T11556] Write of size 4064 at addr ffffc90003ade020 by task syz.1.1439/11556
[  312.267518][T11556] 
[  312.268790][T11556] CPU: 2 UID: 0 PID: 11556 Comm: syz.1.1439 Not tainted 6.15.0-rc4-syzkaller-00147-gebd297a2affa #0 PREEMPT(full) 
[  312.268805][T11556] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  312.268811][T11556] Call Trace:
[  312.268815][T11556]  <TASK>
[  312.268820][T11556]  dump_stack_lvl+0x116/0x1f0
[  312.268837][T11556]  print_report+0xc3/0x670
[  312.268849][T11556]  ? __virt_addr_valid+0x5e/0x590
[  312.268863][T11556]  ? vrealloc_noprof+0x132/0x320
[  312.268871][T11556]  kasan_report+0xe0/0x110
[  312.268882][T11556]  ? vrealloc_noprof+0x132/0x320
[  312.268892][T11556]  kasan_check_range+0xef/0x1a0
[  312.268905][T11556]  __asan_memset+0x23/0x50
[  312.268920][T11556]  vrealloc_noprof+0x132/0x320
[  312.268929][T11556]  push_insn_history+0x2ae/0x6c0
[  312.268941][T11556]  do_check_common+0xbd3/0xc2a0
[  312.268958][T11556]  ? __pfx_do_check_common+0x10/0x10
[  312.268968][T11556]  ? __pfx_mark_fastcall_pattern_for_call+0x10/0x10
[  312.268983][T11556]  ? kfree+0x2b6/0x4d0
[  312.268997][T11556]  ? bpf_check+0x6c86/0xb460
[  312.269006][T11556]  ? bpf_check+0x7b2f/0xb460
[  312.269016][T11556]  bpf_check+0x7f51/0xb460
[  312.269032][T11556]  ? __pfx_bpf_check+0x10/0x10
[  312.269041][T11556]  ? pcpu_alloc_noprof+0x949/0x1470
[  312.269054][T11556]  ? __lock_acquire+0xaa4/0x1ba0
[  312.269070][T11556]  ? find_held_lock+0x2b/0x80
[  312.269080][T11556]  ? __asan_memset+0x23/0x50
[  312.269094][T11556]  ? bpf_obj_name_cpy+0x14a/0x1a0
[  312.269108][T11556]  bpf_prog_load+0xe41/0x2490
[  312.269121][T11556]  ? __pfx_bpf_prog_load+0x10/0x10
[  312.269134][T11556]  ? __pfx___futex_wait+0x10/0x10
[  312.269151][T11556]  ? bpf_lsm_bpf+0x9/0x10
[  312.269161][T11556]  __sys_bpf+0x433c/0x4d80
[  312.269174][T11556]  ? __pfx___sys_bpf+0x10/0x10
[  312.269187][T11556]  ? __lock_acquire+0xaa4/0x1ba0
[  312.269200][T11556]  ? do_futex+0x122/0x350
[  312.269209][T11556]  ? __pfx_do_futex+0x10/0x10
[  312.269222][T11556]  ? __pfx___ia32_sys_futex_time32+0x10/0x10
[  312.269234][T11556]  ? kcov_ioctl+0x265/0x730
[  312.269247][T11556]  __ia32_sys_bpf+0x76/0xe0
[  312.269261][T11556]  __do_fast_syscall_32+0x73/0x120
[  312.269275][T11556]  do_fast_syscall_32+0x32/0x80
[  312.269293][T11556]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  312.269305][T11556] RIP: 0023:0xf7fa5579
[  312.269313][T11556] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  312.269322][T11556] RSP: 002b:00000000f50c655c EFLAGS: 00000296 ORIG_RAX: 0000000000000165
[  312.269332][T11556] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000800003c0
[  312.269338][T11556] RDX: 0000000000000094 RSI: 0000000000000000 RDI: 0000000000000000
[  312.269344][T11556] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  312.269349][T11556] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  312.269355][T11556] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  312.269364][T11556]  </TASK>
[  312.269367][T11556] 
[  312.359835][T11556] The buggy address belongs to the virtual mapping at
[  312.359835][T11556]  [ffffc90003a9e000, ffffc90003ae0000) created by:
[  312.359835][T11556]  kvrealloc_noprof+0x7d/0xd0
[  312.365257][T11556] 
[  312.366102][T11556] The buggy address belongs to the physical page:
[  312.368121][T11556] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4b793
[  312.370854][T11556] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[  312.373144][T11556] raw: 04fff00000000000 0000000000000000 dead000000000122 0000000000000000
[  312.375821][T11556] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[  312.378438][T11556] page dumped because: kasan: bad access detected
[  312.380339][T11556] page_owner tracks the page as allocated
[  312.382117][T11556] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102cc2(GFP_HIGHUSER|__GFP_NOWARN), pid 11556, tgid 11555 (syz.1.1439), ts 312256653819, free_ts 310020957707
[  312.387469][T11556]  post_alloc_hook+0x181/0x1b0
[  312.388993][T11556]  get_page_from_freelist+0x135c/0x3920
[  312.390764][T11556]  __alloc_frozen_pages_noprof+0x5a8/0x23a0
[  312.392655][T11556]  alloc_pages_mpol+0x1fb/0x550
[  312.394214][T11556]  alloc_pages_noprof+0x131/0x390
[  312.395813][T11556]  __vmalloc_node_range_noprof+0x732/0x1540
[  312.397664][T11556]  __kvmalloc_node_noprof+0x2ff/0x600
[  312.399304][T11556]  kvrealloc_noprof+0x7d/0xd0
[  312.400705][T11556]  push_insn_history+0x2ae/0x6c0
[  312.402264][T11556]  do_check_common+0xbd3/0xc2a0
[  312.403870][T11556]  bpf_check+0x7f51/0xb460
[  312.405283][T11556]  bpf_prog_load+0xe41/0x2490
[  312.406765][T11556]  __sys_bpf+0x433c/0x4d80
[  312.408222][T11556]  __ia32_sys_bpf+0x76/0xe0
[  312.409662][T11556]  __do_fast_syscall_32+0x73/0x120
[  312.411286][T11556]  do_fast_syscall_32+0x32/0x80
[  312.412879][T11556] page last free pid 46 tgid 46 stack trace:
[  312.415051][T11556]  __free_frozen_pages+0x69d/0xff0
[  312.416939][T11556]  tlb_remove_table_rcu+0x116/0x1a0
[  312.418595][T11556]  rcu_core+0x799/0x14e0
[  312.419995][T11556]  handle_softirqs+0x216/0x8e0
[  312.421535][T11556]  do_softirq+0xb2/0xf0
[  312.422864][T11556]  __local_bh_enable_ip+0x100/0x120
[  312.424516][T11556]  nsim_dev_trap_report_work+0x8b5/0xcf0
[  312.426283][T11556]  process_one_work+0x9cc/0x1b70
[  312.427870][T11556]  worker_thread+0x6c8/0xf10
[  312.429346][T11556]  kthread+0x3c2/0x780
[  312.430661][T11556]  ret_from_fork+0x45/0x80
[  312.432099][T11556]  ret_from_fork_asm+0x1a/0x30
[  312.433588][T11556] 
[  312.434362][T11556] Memory state around the buggy address:
[  312.436211][T11556]  ffffc90003addf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  312.438853][T11556]  ffffc90003addf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  312.441397][T11556] >ffffc90003ade000: 00 00 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[  312.443892][T11556]                                ^
[  312.445516][T11556]  ffffc90003ade080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[  312.448056][T11556]  ffffc90003ade100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[  312.450576][T11556] ==================================================================
[  312.458433][T11556] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  312.460778][T11556] CPU: 2 UID: 0 PID: 11556 Comm: syz.1.1439 Not tainted 6.15.0-rc4-syzkaller-00147-gebd297a2affa #0 PREEMPT(full) 
[  312.464557][T11556] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  312.467893][T11556] Call Trace:
[  312.468955][T11556]  <TASK>
[  312.469904][T11556]  dump_stack_lvl+0x3d/0x1f0
[  312.471377][T11556]  panic+0x71c/0x800
[  312.472645][T11556]  ? __pfx_panic+0x10/0x10
[  312.474075][T11556]  ? rcu_is_watching+0x12/0xc0
[  312.475614][T11556]  ? preempt_schedule_thunk+0x16/0x30
[  312.477325][T11556]  ? vrealloc_noprof+0x132/0x320
[  312.478867][T11556]  ? preempt_schedule_common+0x44/0xc0
[  312.480612][T11556]  ? vrealloc_noprof+0x132/0x320
[  312.482203][T11556]  check_panic_on_warn+0xab/0xb0
[  312.483769][T11556]  end_report+0x107/0x170
[  312.485152][T11556]  kasan_report+0xee/0x110
[  312.486529][T11556]  ? vrealloc_noprof+0x132/0x320
[  312.488063][T11556]  kasan_check_range+0xef/0x1a0
[  312.489588][T11556]  __asan_memset+0x23/0x50
[  312.490968][T11556]  vrealloc_noprof+0x132/0x320
[  312.492438][T11556]  push_insn_history+0x2ae/0x6c0
[  312.493968][T11556]  do_check_common+0xbd3/0xc2a0
[  312.495446][T11556]  ? __pfx_do_check_common+0x10/0x10
[  312.497100][T11556]  ? __pfx_mark_fastcall_pattern_for_call+0x10/0x10
[  312.499091][T11556]  ? kfree+0x2b6/0x4d0
[  312.500374][T11556]  ? bpf_check+0x6c86/0xb460
[  312.501790][T11556]  ? bpf_check+0x7b2f/0xb460
[  312.503258][T11556]  bpf_check+0x7f51/0xb460
[  312.504677][T11556]  ? __pfx_bpf_check+0x10/0x10
[  312.506171][T11556]  ? pcpu_alloc_noprof+0x949/0x1470
[  312.507857][T11556]  ? __lock_acquire+0xaa4/0x1ba0
[  312.509399][T11556]  ? find_held_lock+0x2b/0x80
[  312.510877][T11556]  ? __asan_memset+0x23/0x50
[  312.512337][T11556]  ? bpf_obj_name_cpy+0x14a/0x1a0
[  312.513931][T11556]  bpf_prog_load+0xe41/0x2490
[  312.515389][T11556]  ? __pfx_bpf_prog_load+0x10/0x10
[  312.516969][T11556]  ? __pfx___futex_wait+0x10/0x10
[  312.518516][T11556]  ? bpf_lsm_bpf+0x9/0x10
[  312.519826][T11556]  __sys_bpf+0x433c/0x4d80
[  312.521206][T11556]  ? __pfx___sys_bpf+0x10/0x10
[  312.522694][T11556]  ? __lock_acquire+0xaa4/0x1ba0
[  312.524209][T11556]  ? do_futex+0x122/0x350
[  312.525561][T11556]  ? __pfx_do_futex+0x10/0x10
[  312.526986][T11556]  ? __pfx___ia32_sys_futex_time32+0x10/0x10
[  312.528807][T11556]  ? kcov_ioctl+0x265/0x730
[  312.530233][T11556]  __ia32_sys_bpf+0x76/0xe0
[  312.531655][T11556]  __do_fast_syscall_32+0x73/0x120
[  312.533267][T11556]  do_fast_syscall_32+0x32/0x80
[  312.534772][T11556]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  312.536693][T11556] RIP: 0023:0xf7fa5579
[  312.537928][T11556] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  312.543919][T11556] RSP: 002b:00000000f50c655c EFLAGS: 00000296 ORIG_RAX: 0000000000000165
[  312.546519][T11556] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000800003c0
[  312.548991][T11556] RDX: 0000000000000094 RSI: 0000000000000000 RDI: 0000000000000000
[  312.551471][T11556] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  312.553959][T11556] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  312.556432][T11556] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  312.558900][T11556]  </TASK>
[  312.560563][T11556] Kernel Offset: disabled
[  312.561925][T11556] Rebooting in 86400 seconds..

VM DIAGNOSIS:
16:47:20  Registers:
info registers vcpu 0

CPU#0
RAX=dffffc0000000000 RBX=ffffffff8b8d36e0 RCX=0000000000000000 RDX=1ffff110047e148b
RSI=0000000000000242 RDI=ffff888023f0a458 RBP=0000000000000242 RSP=ffffc90007b1f670
R8 =ffffffff8a108873 R9 =0000000000000000 R10=ffffc90007b1f7f0 R11=0000000000000000
R12=ffff888023f0a440 R13=ffffc90007b1f710 R14=0000000000000000 R15=1ffff92000f63edc
RIP=ffffffff81886bbb RFL=00000a06 [-O---P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff8880977ec000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000000080c35018 CR3=0000000069887000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000008
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000a800000000 0000000300000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=00000000012a873d RBX=0000000000000001 RCX=ffffffff8b6923e9 RDX=0000000000000000
RSI=ffffffff8dbda8eb RDI=ffffffff8bf467e0 RBP=ffffed1003b55488 RSP=ffffc9000046fdf8
R8 =0000000000000001 R9 =ffffed10056665bd R10=ffff88802b332deb R11=0000000000000000
R12=0000000000000001 R13=ffff88801daaa440 R14=ffffffff90851a10 R15=0000000000000000
RIP=ffffffff8b690c7f RFL=00000282 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880978ec000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000f50f5d80 CR3=000000006a19f000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000008
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000a800000000 0000000300000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 2

CPU#2
RAX=0000000000000035 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff854bf835 RDI=ffffffff9addfbc0 RBP=ffffffff9addfb80 RSP=ffffc90007096f00
R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=0000000074697257
R12=0000000000000000 R13=0000000000000035 R14=ffffffff9addfb80 R15=ffffffff854bf7d0
RIP=ffffffff854bf85f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff8880979ec000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000008f000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=000000000c379fc4 CR3=0000000068b77000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000dc00000000 0000000200000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 3

CPU#3
RAX=0000000000000001 RBX=ffff8880442f0b18 RCX=0000000000000000 RDX=0000000000000000
RSI=ffff8880442f0b18 RDI=ffff8880442f0000 RBP=ffff8880442f0af0 RSP=ffffc9000107ed08
R8 =0000000000000000 R9 =0000000000000000 R10=0000000000000000 R11=ffffffff8e3bf440
R12=0000000000000005 R13=0000000000000001 R14=ffff8880442f0000 R15=0000000000000000
RIP=ffffffff81978d45 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff888097aec000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000d6000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=000000002eb1fffc CR3=000000006542b000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000ac00000000 0000000100000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000