last executing test programs:

6.243925882s ago: executing program 0 (id=3213):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x18, 0x3, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000003e0095"], &(0x7f0000000000)='syzkaller\x00'}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='contention_begin\x00', r0}, 0x10)
r1 = socket$inet6(0xa, 0x80003, 0x6b)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000480)=ANY=[@ANYBLOB="48000000100001040000000000000000000000005ec57e7be9517db36634e5d43c138e9392cf28b03364101c87e5df6244e6cbe02ac4117f8bac962cb7394d17ab5f105aa70f46920059586c6770a07a2ce97b3beb4c4716ce4af89124589f04000000b0446749b42cded5293c04d994a5eeaf8d4dac606f", @ANYRES32=0x0, @ANYBLOB="0000000000000000280012800b00010065727370616e0000180002800400120005001600020000000600180000000000"], 0x48}}, 0x0)
openat$proc_capi20(0xffffff9c, &(0x7f0000000080), 0xdc0, 0x0)
r3 = socket$inet6_sctp(0xa, 0x5, 0x84)
r4 = syz_open_dev$video(0x0, 0xa7, 0x0)
ioctl$VIDIOC_S_MODULATOR(r4, 0x40445637, &(0x7f0000000140)={0x1, "73c25968be287febd00ac5d79d8c94269766a50b09d5bb4ebd912156af097f1c", 0x100, 0x0, 0x5, 0x10})
ioctl$VIDIOC_S_FMT(r4, 0xc0d05605, &(0x7f0000000280)={0x1, @pix={0x0, 0x0, 0x59555956, 0x0, 0x0, 0x0, 0xb}})
ioctl$VIDIOC_EXPBUF(r4, 0xc0405610, &(0x7f00000001c0)={0x9, 0x6, 0x3, 0x4800})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000800)=ANY=[@ANYBLOB="300000001900000103000000000000001d9c7cc0d12a01030008000a00d3b42e742e8489447a8ade7a88f27595344c804aa9de4246c96bbf5b99a73c44ce042ab8b15a0d07870ff0594f155b952cbb11edd1904dae78e4414ea4ff1d9aa0dbb24466de74e867d5570244ff45675e316149d80871c46d8da692c94b7ee27029dbee49c63527598802b97ebc42df4193c3417c2c3e1dbd495b9abf4f7ad534a5fa0b3735fa5cf1b3b81b882b2481d38b98", @ANYRES32=r3, @ANYBLOB='\f\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\t\x00', @ANYRESOCT, @ANYRESDEC=r1], 0x30}, 0x1, 0x0, 0x0, 0x40080}, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=@newtaction={0x78, 0x30, 0x300, 0x0, 0x0, {}, [{0x64, 0x1, [@m_ct={0x60, 0x1, 0x0, 0x0, {{0x7}, {0x38, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18}, @TCA_CT_ACTION={0x6, 0x3, 0x19}, @TCA_CT_NAT_IPV6_MIN={0x14, 0xb, @ipv4={'\x00', '\xff\xff', @multicast2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x78}}, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r9 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r9, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r10=>0x0})
creat(&(0x7f0000001040)='./file0\x00', 0x0)
r11 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fc00100}]})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r11, 0xc0502100, &(0x7f0000000340)={<r12=>0x0})
ioctl$SECCOMP_IOCTL_NOTIF_SEND(r11, 0xc0182101, &(0x7f0000000180)={r12})
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r11, 0xc0502100, &(0x7f0000002780)={<r13=>0x0})
ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r11, 0x40182103, &(0x7f0000000080)={r13, 0x3, r11, 0x5})
sendmsg$NL80211_CMD_SET_INTERFACE(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000280)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="050000000000000000000600000008000300", @ANYRES32=r10, @ANYBLOB="08001fed1279901177c14b05000300000021ebd4d86cd9d274afaf29bebd6091eec77163505aa557448aba0a384ce994275c6363967b69a3ec2b7af8a10550516ab2a4cfd6e879e7566b5f15a50c04b158f3846a05b616d0b85d0e95b3cd7f02d63d988bbe7431432987a6758f981d2dbf548f152a3c5ae8b129e5a9557307e0a67314d639e78db52af6e34587c0a2835907c583843ae441c3cfb20f84df97644d54a41509298efdd1bb39aae8335738a5274b9b0df49f40bc3bcb0f05e1b897998156205354462a774e3b791a9ac5933db7bef7e83ab5a7ff270a693f99a5d3feac055661b2d6fddf0605fbea6f05e8de61d55e2980b38125522ba990f443d545fb4673f8c90ada5e2152fcf414741130ed26d4ef186ebce3191cdd2cd7eb711ec892451912b84073467cfea7dae63311238cf23554c4b024f76ab47756234025807b46c8689dd7b9cca62197572041f1e17dfe5573c04521c42f53880dd1df8bb6dd494418f84ee4c1e580611ec63169cfd9116476e48b2772f2185fa952b15a5ac0"], 0x24}}, 0x0)
sendmsg$NL80211_CMD_START_AP(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000006c0)=ANY=[@ANYBLOB="2c00000039eb5ff80841d123cecd3c25afd805a0d02404bb3b67fc8cf38e6538368135c0c784267ceaf6b114bc778794afb0ca7c9072e937d500a6db62f271a6ad623491caeb0e126abf6186108304778327dffa77ed58308af4bcac390a60b639cbeec819eb8165d96925cadb5e0a6cd95b84ac58074ee73d749de34f4c581765e4c4013d87c58e42e8871e60e067d0d9df829a93965a8c9de111c5cea9c7426303c2353203a835bcc8e002e852ec227424d7e99f6b11dd701dfc67256b4361119f51de4470d7b2c2589cae6db2fde467e1e590971a4c8dcfda276fd2b363c4f5c7cbacfefd6a14b6d8cd527d2d12aba601587ee1", @ANYRES16, @ANYBLOB="050000000000000000000f00000008000300", @ANYRES32=r10, @ANYBLOB='\b\x00\f\x00d\x00\x00\x00\b\x00\r\x00\x00\x00\x00\x00'], 0x2c}}, 0x0)
keyctl$restrict_keyring(0x5, 0xfffffffffffffffd, 0x0, 0x0)

5.31151339s ago: executing program 0 (id=3216):
r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
dup3(r0, r1, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$HCIINQUIRY(0xffffffffffffffff, 0x800448d4, 0x0)
bpf$MAP_CREATE_TAIL_CALL(0x0, 0x0, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000000000))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpuset.effective_cpus\x00', 0x275a, 0x0)
ioctl$FS_IOC_SETFLAGS(r3, 0x40086602, &(0x7f0000000180))
ioctl$EXT4_IOC_MOVE_EXT(r3, 0xc028660f, &(0x7f0000000080)={0x0, r4})
write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0xf000)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@struct]}}, 0x0, 0x26}, 0x20)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, 0x0, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x6, &(0x7f0000000140)=ANY=[@ANYBLOB="180200000000000000e53e3b2f000000850000001700000018620000080000000000000003000000950000e0ffbcceeb0b425295740000000000"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffc}, 0xfffffffffffffd67)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r5, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
syz_emit_ethernet(0x0, 0x0, 0x0)
write$binfmt_script(r6, &(0x7f0000000100), 0xfecc)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000001, 0x12, r2, 0x1000)
r7 = socket$inet_smc(0x2b, 0x1, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
getsockopt$inet_tcp_int(r7, 0x11e, 0x1, 0x0, &(0x7f0000000200))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x200000000000002f, &(0x7f00000002c0)=@framed={{0x18, 0x8}, [@func={0x85, 0x0, 0x1, 0x0, 0x3}, @initr0, @exit, @alu={0x7, 0x1, 0xb, 0x0, 0xa}]}, &(0x7f0000000000)='GPL\x00', 0x1, 0xfa, &(0x7f00000007c0)=""/250}, 0x90)
r8 = socket(0x11, 0x800000003, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r8, 0x8933, &(0x7f0000000600))

5.201492343s ago: executing program 0 (id=3217):
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x2000)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000540)={'wlan1\x00'})
shmget$private(0x0, 0x3000, 0x0, &(0x7f0000ffd000/0x3000)=nil)
r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
r2 = open(&(0x7f0000000100)='./bus\x00', 0x0, 0x13a)
ftruncate(r2, 0x3f)
mmap(&(0x7f00005c6000/0x1000)=nil, 0x1000, 0x27ffff7, 0x10010, r2, 0x2f473000)
ioctl$SCSI_IOCTL_SEND_COMMAND(r1, 0x1, &(0x7f0000000380)=ANY=[@ANYBLOB="02000000000f"])
r3 = socket$igmp6(0xa, 0x3, 0x2)
getsockopt$MRT6(r3, 0x29, 0x1, 0x0, &(0x7f0000000940))
shmat(0x0, &(0x7f0000ffb000/0x2000)=nil, 0x5000)
mbind(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x3, &(0x7f0000000080)=0x1, 0x50, 0x0)
mbind(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x2, &(0x7f0000000040)=0x7, 0x1b, 0x0)
ioperm(0x0, 0x3, 0x3e)
getgid()
syz_emit_vhci(&(0x7f00000001c0)=ANY=[@ANYBLOB="040f04f5ff04"], 0x7)
r4 = socket$tipc(0x1e, 0x2, 0x0)
getsockopt$sock_int(r4, 0x1, 0x2f, 0x0, &(0x7f0000000140))
socket$inet6_mptcp(0xa, 0x1, 0x106)
r5 = syz_usb_connect$cdc_ecm(0x2, 0x56, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000002000040250244000101000000090400000302060000052406000005240000000d240f0100000000000000000909058103ff0300000009058202100000000009050302ff0300"/86], 0x0)
syz_usb_control_io$cdc_ecm(r5, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(0xffffffffffffffff, &(0x7f0000002840)={0x14, 0x0, &(0x7f0000002800)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
unshare(0x48040b00)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x400000a, 0x8010, r0, 0x2000)
write$binfmt_script(0xffffffffffffffff, 0x0, 0x0)
r6 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$EBT_SO_GET_ENTRIES(r6, 0x0, 0x82, &(0x7f0000001100)={'broute\x00', 0x0, 0x0, 0x0, [0x0, 0x0, 0x1000000000000, 0x20000000003, 0x8], 0x0, 0x0, 0x0}, &(0x7f0000000000)=0x78)
read$FUSE(0xffffffffffffffff, &(0x7f0000000580)={0x2020}, 0x2020)
syz_open_procfs(0x0, &(0x7f00000000c0)='net/wireless\x00')

4.971655857s ago: executing program 1 (id=3218):
r0 = socket$inet(0x2, 0x3, 0x2)
sendmmsg$inet(r0, &(0x7f0000002900)=[{{&(0x7f0000001480)={0x2, 0x0, @dev}, 0x10, &(0x7f0000002700)=[{&(0x7f00000014c0)="63b803d2cc5afaf9171babd7ab98a12af04566ed1bb5859c7915b8604dd082b8dd48df1161233a47e55a0102f043d5b8d8e1fd3c512c7f55c8f45754be103e54d33c748087a1b5b0f38e61613ee5fe42a55d5a3962d6d2a2ce50d8a4921cb79e2a62ddeab35815214d4de4fd58f60cacb233dfb73f7fbfef8c2afd4b63f851", 0x7f}, {&(0x7f0000001540)="53db6efff4efea63d542aa5493479c8c7adf1400671fd53734182e40ab79290b3a94bd1a53a7f0f7b25584cd052a7dea1a831232db2fd8824df23b6b2ed292d2f95fb191fede2353a3f0cd7f5fdf1281fd3549b56185c97a6381ea90b8be6bfa6b5889aef0818830fefff03e94bd", 0x6e}, {&(0x7f00000015c0)}], 0x3, &(0x7f0000000180)=[@ip_retopts={{0xc}}, @ip_retopts={{0x9c, 0x0, 0x7, {[@timestamp_addr={0x44, 0x4, 0x2d}, @rr={0x7, 0x1b, 0x0, [@broadcast, @dev, @rand_addr, @private, @private, @rand_addr]}, @timestamp_addr={0x44, 0x1c, 0x0, 0x1, 0x0, [{@private=0xa010100}, {@remote}, {@private}]}, @end, @noop, @cipso={0x86, 0x51, 0x0, [{0x0, 0x6, "28a9d7f8"}, {0x0, 0x11, "fc04ff49924ac700000000ad25e1cf"}, {0x0, 0x9, "c98a6586a10000"}, {0x0, 0x12, "caba9e2d3722815a637b2dee5fcb56e9"}, {0x0, 0xd, "261c680a0d7ef78f3037b4"}, {0x0, 0x2}, {0x0, 0xa, "0cad367fe1175108"}]}, @generic={0x0, 0x2}]}}}], 0xa8}}], 0x1, 0x0)

4.89105826s ago: executing program 1 (id=3219):
r0 = socket(0x840000000002, 0x3, 0x100)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @remote}, 0x10)
r1 = socket$packet(0x11, 0x3, 0x300)
r2 = signalfd4(r0, &(0x7f0000000040)={[0x3, 0x401]}, 0x8, 0x800)
bind$unix(r2, &(0x7f0000000100)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
setsockopt$MRT6_ASSERT(r2, 0x29, 0xcf, &(0x7f0000000080), 0x4)
sendmmsg$inet(r0, &(0x7f0000005240), 0x264e33, 0x0)
openat$cgroup_subtree(r2, &(0x7f00000001c0), 0x2, 0x0)
io_setup(0x20, &(0x7f0000001140)=<r3=>0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000180)={'vxcan1\x00'})
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.swap.events\x00', 0x26e1, 0x0)
close(r4)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0))
ioctl$SIOCSIFHWADDR(r4, 0x8b0f, &(0x7f0000000000)={'gre0\x00', @multicast})
getpeername$l2tp(r2, &(0x7f0000000200)={0x2, 0x0, @empty}, &(0x7f0000000240)=0x10)
socket$igmp6(0xa, 0x3, 0x2)
socket$igmp6(0xa, 0x3, 0x2)
io_submit(r3, 0x3, &(0x7f0000000580)=[&(0x7f0000002040)={0xf, 0x400000000000, 0x0, 0x1, 0x0, r0, 0x0}, 0x0, 0x0])
ioctl$SIOCGIFMTU(r2, 0x8921, &(0x7f00000000c0)={'ipvlan0\x00'})

4.181554797s ago: executing program 1 (id=3223):
connect$bt_l2cap(0xffffffffffffffff, &(0x7f0000000240)={0x1f, 0x21, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe)
setsockopt$bt_BT_FLUSHABLE(0xffffffffffffffff, 0x112, 0x8, &(0x7f00000000c0)=0x1, 0x4)
write$binfmt_script(0xffffffffffffffff, 0x0, 0x0)

4.121657968s ago: executing program 1 (id=3224):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x18, 0x3, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000003e0095"], &(0x7f0000000000)='syzkaller\x00'}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='contention_begin\x00', r0}, 0x10)
r1 = socket$inet6(0xa, 0x80003, 0x6b)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000480)=ANY=[@ANYBLOB="48000000100001040000000000000000000000005ec57e7be9517db36634e5d43c138e9392cf28b03364101c87e5df6244e6cbe02ac4117f8bac962cb7394d17ab5f105aa70f46920059586c6770a07a2ce97b3beb4c4716ce4af89124589f04000000b0446749b42cded5293c04d994a5eeaf8d4dac606f", @ANYRES32=0x0, @ANYBLOB="0000000000000000280012800b00010065727370616e0000180002800400120005001600020000000600180000000000"], 0x48}}, 0x0)
openat$proc_capi20(0xffffff9c, &(0x7f0000000080), 0xdc0, 0x0)
r3 = socket$inet6_sctp(0xa, 0x5, 0x84)
r4 = syz_open_dev$video(0x0, 0xa7, 0x0)
ioctl$VIDIOC_S_MODULATOR(r4, 0x40445637, &(0x7f0000000140)={0x1, "73c25968be287febd00ac5d79d8c94269766a50b09d5bb4ebd912156af097f1c", 0x100, 0x0, 0x5, 0x10})
ioctl$VIDIOC_S_FMT(r4, 0xc0d05605, &(0x7f0000000280)={0x1, @pix={0x0, 0x0, 0x59555956, 0x0, 0x0, 0x0, 0xb}})
ioctl$VIDIOC_EXPBUF(r4, 0xc0405610, &(0x7f00000001c0)={0x9, 0x6, 0x3, 0x4800})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000800)=ANY=[@ANYBLOB="300000001900000103000000000000001d9c7cc0d12a01030008000a00d3b42e742e8489447a8ade7a88f27595344c804aa9de4246c96bbf5b99a73c44ce042ab8b15a0d07870ff0594f155b952cbb11edd1904dae78e4414ea4ff1d9aa0dbb24466de74e867d5570244ff45675e316149d80871c46d8da692c94b7ee27029dbee49c63527598802b97ebc42df4193c3417c2c3e1dbd495b9abf4f7ad534a5fa0b3735fa5cf1b3b81b882b2481d38b98", @ANYRES32=r3, @ANYBLOB='\f\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\t\x00', @ANYRESOCT, @ANYRESDEC=r1], 0x30}, 0x1, 0x0, 0x0, 0x40080}, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=@newtaction={0x78, 0x30, 0x300, 0x0, 0x0, {}, [{0x64, 0x1, [@m_ct={0x60, 0x1, 0x0, 0x0, {{0x7}, {0x38, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18}, @TCA_CT_ACTION={0x6, 0x3, 0x19}, @TCA_CT_NAT_IPV6_MIN={0x14, 0xb, @ipv4={'\x00', '\xff\xff', @multicast2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x78}}, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r9 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r9, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r10=>0x0})
creat(&(0x7f0000001040)='./file0\x00', 0x0)
r11 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fc00100}]})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r11, 0xc0502100, &(0x7f0000000340)={<r12=>0x0})
ioctl$SECCOMP_IOCTL_NOTIF_SEND(r11, 0xc0182101, &(0x7f0000000180)={r12})
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r11, 0xc0502100, &(0x7f0000002780)={<r13=>0x0})
ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r11, 0x40182103, &(0x7f0000000080)={r13, 0x3, r11, 0x5})
sendmsg$NL80211_CMD_SET_INTERFACE(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000280)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="050000000000000000000600000008000300", @ANYRES32=r10, @ANYBLOB="08001fed1279901177c14b05000300000021ebd4d86cd9d274afaf29bebd6091eec77163505aa557448aba0a384ce994275c6363967b69a3ec2b7af8a10550516ab2a4cfd6e879e7566b5f15a50c04b158f3846a05b616d0b85d0e95b3cd7f02d63d988bbe7431432987a6758f981d2dbf548f152a3c5ae8b129e5a9557307e0a67314d639e78db52af6e34587c0a2835907c583843ae441c3cfb20f84df97644d54a41509298efdd1bb39aae8335738a5274b9b0df49f40bc3bcb0f05e1b897998156205354462a774e3b791a9ac5933db7bef7e83ab5a7ff270a693f99a5d3feac055661b2d6fddf0605fbea6f05e8de61d55e2980b38125522ba990f443d545fb4673f8c90ada5e2152fcf414741130ed26d4ef186ebce3191cdd2cd7eb711ec892451912b84073467cfea7dae63311238cf23554c4b024f76ab47756234025807b46c8689dd7b9cca62197572041f1e17dfe5573c04521c42f53880dd1df8bb6dd494418f84ee4c1e580611ec63169cfd9116476e48b2772f2185fa952b15a5ac0"], 0x24}}, 0x0)
sendmsg$NL80211_CMD_START_AP(r7, 0x0, 0x0)
keyctl$restrict_keyring(0x5, 0xfffffffffffffffd, 0x0, 0x0)

3.240998072s ago: executing program 1 (id=3229):
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f00000000c0))
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_SET_NESTED_STATE(0xffffffffffffffff, 0x4080aebf, 0x0)
r1 = io_uring_setup(0x4d63, &(0x7f0000000080))
io_uring_register$IORING_REGISTER_BUFFERS(r1, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a)
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000040)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})
getpid()
openat$vimc1(0xffffff9c, 0x0, 0x2, 0x0)
r2 = syz_genetlink_get_family_id$smc(&(0x7f0000000000), 0xffffffffffffffff)
r3 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x1b, &(0x7f0000000000)={@remote}, 0x20)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x1b, &(0x7f00000000c0)={@remote, 0xc}, 0x20)
r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fc00100}]})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r5, 0xc0502100, &(0x7f0000000500)={<r6=>0x0})
ioctl$SECCOMP_IOCTL_NOTIF_SEND(r5, 0xc0182101, &(0x7f0000000180)={r6})
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r5, 0xc0502100, &(0x7f0000000480)={<r7=>0x0})
ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r5, 0x40182103, &(0x7f0000000080)={r7, 0x3, r5, 0x5})
sendmsg$SMC_PNETID_DEL(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000000c0)=ANY=[@ANYBLOB="92001fdb", @ANYRES16=r2, @ANYBLOB="270e00000000fc"], 0x14}, 0x1, 0x40030000000000}, 0x0)
ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, 0x0)
openat$vnet(0xffffff9c, 0x0, 0x2, 0x0)

3.052598222s ago: executing program 3 (id=3231):
syz_genetlink_get_family_id$tipc2(&(0x7f00000006c0), 0xffffffffffffffff)
sendmsg$TIPC_NL_MEDIA_SET(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="01030026bb3d4f00000007000000040004c1820000000008"], 0x20}}, 0x0)
r0 = syz_genetlink_get_family_id$ipvs(0x0, 0xffffffffffffffff)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f00000001c0)={0x1, @pix={0x0, 0x2, 0x0, 0x0, 0xfffffffa, 0xd9, 0x7, 0x4, 0x0, 0x1, 0x1}})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000640)=@raw={'raw\x00', 0x3c1, 0x3, 0x2bc, 0x128, 0x2b8, 0x182, 0x128, 0x0, 0x1f4, 0x3a8, 0x3a8, 0x1f4, 0x3a8, 0x3, 0x0, {[{{@uncond, 0x0, 0xe0, 0x128, 0x0, {0x0, 0x1800}, [@common=@unspec=@limit={{0x3c}, {0x12000000, 0x4}}]}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'snmp\x00'}}}, {{@ipv6={@remote, @remote, [], [], 'macsec0\x00', 'netdevsim0\x00'}, 0x0, 0xa4, 0xcc}, @common=@unspec=@NFQUEUE3={0x28}}], {{'\x00', 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x318)
r2 = getpid()
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f00000003c0)={0xffffffffffffffff, 0x20, &(0x7f0000000380)={&(0x7f0000000000)=""/44, 0x2c, <r3=>0x0, &(0x7f0000000180)=""/59, 0x3b}}, 0x10)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0xd, 0xc, &(0x7f0000000100)=ANY=[@ANYRES32=r0, @ANYRESDEC=r0], &(0x7f0000000140)='syzkaller\x00', 0xffffffff, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r3, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000500)='tlb_flush\x00', r4}, 0x10)
socket$inet6(0xa, 0x0, 0x0)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
syz_emit_vhci(0x0, 0x1d)
process_vm_readv(r2, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
sendmsg$AUDIT_TRIM(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x10, 0x3f6, 0x404, 0x70bd2a, 0x25dfdbfb, "", ["", "", ""]}, 0x10}, 0x1, 0x0, 0x0, 0x80}, 0x4000)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f00000000c0))
getrusage(0x0, &(0x7f0000000980))
r5 = syz_open_procfs(0x0, &(0x7f0000000340)='net/ip6_mr_cache\x00')
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$MRT6_ADD_MFC(0xffffffffffffffff, 0x29, 0xd2, 0x0, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="200000006a0001"], 0x20}}, 0x0)
preadv(r5, &(0x7f0000000440)=[{&(0x7f0000001280)=""/64, 0x40}, {&(0x7f0000000080)=""/64, 0x40}], 0x2, 0x800000, 0x0)
syz_genetlink_get_family_id$l2tp(&(0x7f0000000480), 0xffffffffffffffff)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
ioctl$SNDCTL_DSP_SETTRIGGER(r5, 0x40045010, &(0x7f0000000040)=0x3)
msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x1f)

3.028812787s ago: executing program 2 (id=3232):
connect$bt_l2cap(0xffffffffffffffff, &(0x7f0000000240)={0x1f, 0x21, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe)
setsockopt$bt_BT_FLUSHABLE(0xffffffffffffffff, 0x112, 0x8, &(0x7f00000000c0)=0x1, 0x4)
write$binfmt_script(0xffffffffffffffff, 0x0, 0x0)

2.962659406s ago: executing program 2 (id=3233):
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000580)={0xffffffffffffffff, 0x0, 0x0}, 0x10)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000000)={'pim6reg1\x00'})
socket$inet_tcp(0x2, 0x1, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$MAP_CREATE_TAIL_CALL(0x0, 0x0, 0x0)
socket$nl_audit(0x10, 0x3, 0x9)
openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
r1 = socket(0x0, 0x803, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={0x0, 0x24}}, 0x0)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x2ba)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="3c0000001000850619fbb7c75150926b00000000", @ANYRES32=r2, @ANYBLOB="fe000400000000001c0012000c000100626f6e64000000000c0002000800010004"], 0x3c}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)=ANY=[@ANYBLOB="440000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b00010062617461647600000400028008000a00", @ANYRES32=r5, @ANYBLOB="08001f0004000000c5f2264bdade59d68477c77d0811ac5d86790a886f625fb337db0f51e32e5aa19df3ad0edecc255a23f7dc533774b4559e533d41264ed01adf371adb1fcbc6a1fa7b92c98a9acef87831c7e39bb2f1d79b2e1bee650b508d04b49f942c5ef2613fdcee571bb632f3d41aa0f1355bfe63ebe2b368ed0791eaa87d0d5f673ec3800d449e3e6db1efa2746a2102a27152c136978faaf5b3ef3f5bc33f954ee4b51eb4eaba52"], 0x44}}, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r7=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000640)={0x0, 0x7, &(0x7f0000000280)={&(0x7f0000000080)=ANY=[@ANYBLOB="2000000011005704000000000000000010000000", @ANYRES32=r7], 0x20}}, 0x0)

2.101710329s ago: executing program 0 (id=3234):
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000140)={{}, 0x0, &(0x7f0000000040)}, 0x1c)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x0, 0x8b}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
futex(&(0x7f0000001300)=0x80000001, 0x800000000006, 0x0, 0x0, 0x0, 0x0) (fail_nth: 4)
timer_create(0x0, &(0x7f0000000680)={0x0, 0x21, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
pipe(0x0)
splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0)

1.911511341s ago: executing program 0 (id=3235):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r0}, 0x10)
capset(0x0, &(0x7f0000000040))
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x4, &(0x7f00000000c0)=ANY=[], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x47}, 0x90)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = getpid()
process_vm_readv(r1, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
writev(r2, &(0x7f0000000300), 0x0)
r3 = syz_open_dev$cec(&(0x7f0000000040), 0x0, 0x509481)
ioctl$CEC_ADAP_S_LOG_ADDRS(r3, 0xc05c6104, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000b40)={0x11, 0x0, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x20, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x90)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000000540))
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
listen(0xffffffffffffffff, 0x8)
socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r4 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r4, 0xc04064a0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000440)=[<r5=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r4, 0xc05064a7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000340)=[<r6=>0x0], &(0x7f0000000040), 0x0, 0x1, 0x0, 0x0, r5})
ioctl$DRM_IOCTL_MODE_SETPROPERTY(r4, 0xc01064ab, &(0x7f0000000040)={0x0, r6, r5})
r7 = socket$kcm(0x2, 0xd, 0x2)
ioctl$SIOCSIFHWADDR(r7, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
r8 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r8, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040), 0x111}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r8, &(0x7f0000000180)={0x9, 0x40, 0xfa02, {{0x6000000, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @private2}}}, 0x48)
write$tun(0xffffffffffffffff, &(0x7f00000003c0)=ANY=[@ANYBLOB="1c00000d0000000000000040000060cd3c680028060087c50000000000000000000000000000fe880000000000000000000001"], 0x5e)
r9 = socket$inet(0xa, 0x801, 0x84)
connect$inet(r9, &(0x7f0000004cc0)={0x2, 0x0, @private=0xa010101}, 0x10)

1.789478173s ago: executing program 3 (id=3236):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x4, 0x5}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r2 = socket$nl_route(0x10, 0x3, 0x0)
openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000340), 0x80000, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="440000001000010400"/20, @ANYRES32=0x0, @ANYRES32=r1], 0xfd12}}, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.avg_queue_size\x00', 0x275a, 0x0)
write$binfmt_script(r3, &(0x7f0000000080)={'#! ', './file0'}, 0xb)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r3, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800006, 0x10, 0xffffffffffffffff, 0x0)
r4 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)}, 0x0)
r5 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000040)="2e00000010008108040f9becdb4cb92e0a28b137140000004abd6efb2503eaff0d000100020072bf050005001201", 0x2e}], 0x1}, 0x0)
r6 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r6, 0xaf01, 0x0)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFNL_MSG_ACCT_NEW(r7, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)={0x20, 0x0, 0x7, 0x301, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1}]}, 0x20}, 0x1, 0x0, 0x0, 0x88051}, 0x0)
sendmsg$NFNL_MSG_ACCT_DEL(r7, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)={0x20, 0x3, 0x7, 0x301, 0x0, 0x0, {}, [@NFACCT_NAME={0x9, 0x1, 'syz0\x00'}]}, 0x20}}, 0x0)
r8 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendto$inet6(r8, 0x0, 0x0, 0x20000844, &(0x7f0000b63fe4)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c)
getsockopt$inet6_buf(r8, 0x29, 0x18, 0x0, &(0x7f00000000c0))
r9 = eventfd(0x0)
ioctl$VHOST_SET_VRING_ADDR(r6, 0x4028af11, &(0x7f00000001c0)={0x0, 0x0, 0x0, &(0x7f0000000380)=""/138, 0x0})
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r9, &(0x7f0000000140))
ioctl$VHOST_SET_VRING_KICK(r6, 0x4008af20, &(0x7f0000000040)={0x0, r9})
ioctl$VHOST_SET_VRING_ADDR(r6, 0x4028af11, &(0x7f0000000280)={0x1, 0x0, 0x0, &(0x7f00000000c0)=""/87, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r6, 0x4008af03, &(0x7f0000000680))
ioctl$VHOST_SET_VRING_ERR(r6, 0x4008af22, &(0x7f0000000180)={0x0, r9})
ioctl$VHOST_VSOCK_SET_RUNNING(r6, 0x4004af61, &(0x7f0000000000)=0x20000)
madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9)

1.788753366s ago: executing program 2 (id=3237):
memfd_create(&(0x7f0000000480)='\x00\x00\x00\x00\x00\x00z\x9b\xb6\xe8t%\xfc\x02\x00\x00\x009\xa0\x8b\x14d\xa2\xa1\xa8!\xe8\xd1\xa0\x8a\xce0\x1c\xb7\xf1\xccm\xce\xd4\xdb\x89\xe5\x8f\xe2\xb6\xd6\x9cF\xbd\xff\x14\x05\x00\x00\x00\x00\x00\x00\x00\xf3\xdc\x91\'\x06\\8\r\xfc\xeeG\xbe\x90C\x1c\x87\x1e|C\xd8\x01\xd0\xf5\xbb}\xeb\x86P=\xe51\x9d,\xb7\xe6_M\xbe\x19\xea#\xff[\xd1\xc3\x9a\xa3\x1b\xf9\xe9\x1d \xce1\xc9\x9f\xb0\x14\xc2\xeb\xf9\xceE\xad\xa4\x92\f\xef\x87g\xb6\xabW\xac\rP\xf42\xb7\xc8\xaajnW\n\r\x802\xd7\x1b$\x95tO*\xf4\xae\xb8\xb8m\xbf\r\xd5\xbf*\xfd\xc7\x85\x1b\x8b\xe5\x97j`c\xe0\x88?\xda\x8a#t>r\xae\xe8\xc9)', 0x0)
r0 = memfd_create(&(0x7f00000025c0)='Y\xff\xff\x00\x00\x00\x00\x00K\xb2\x02\x80B\xe9\xe8\xcc\xde\x06\x00l\xa8\x1aJ\xaf\xb2M\xba\xb8_\x05U\xcd<|>\x9e\xec^\x0e\xbe\x18+-\x9b\x893\x02\x00\xa6\x1f+\xb3\xc5\x90z5\xe0\xdfi\xb7\x9f\xb4QW\xc9\xc9\x92\x03\t\x00\x00\x00\x00\x00\xb2\x0f\xee\xbe\f8\xcc\x7f\x00\x00\x00Z\x81\x00\x00\x00\x00\x18I\x13\xf1\xa2x\x04\x81R\xd45R\xae\x84\xcdN\xf7\xbd\x89\x8b\xf6\xa8\x03\xc1\x16\xd1\xaf\xf6\b~\xed_M^dQ:\xbc\xafq\x88\x19nSF|;]\xe1A\x8c\x8a\x98\xd7|\xadaC\xa6\xf9\xa7>c\x84\xd8\xfa\xf1\r\xb1\xfd\xbf!\xc7u\xccP\xdd\x13~\x89\xcf\x85\xca\xa0%\xc6\xc7\x11\x00\x00\x00\x00\x00\x00\x00?M9\\\av~\'\xd9\xb0\xacdya]8\x9d\xb7\v\xf39\xa0k\x9e\xe3\x0f/\xb8g8\xb9\x8d\x19\xe2\xca\x01y\x83\xe7\ng\x87\xd93<u\xbe\xeag\xd2\x04e\xf2s\xde}o#\x90\xda\x9cs,r\xfd:\xcb\xc7\vTmPZJ\xac\x8b\xd0\xc0\xbcRK\xcb\x1e8\xce\xbd[N\xb0\xb4<\xeb\x86[\xec\x8f\x14\xea\x82\x9e&\\\xb7!\xed\xa0\xc3,\x90m\x0f\x00\x00\x00\x00\x00\x00\xff\xd0\xb3\x94\x00\x00\x00\x00\x00\x00\x00\x9dH\xf8\xffRo\xa3W\xe1\x0f\x8eS\xaeX\x93\x7f\xd3\xb9a\xe4\xe0\xbd\xd9\xf5\xe4e\xf9\xcam\x1bQ6\xe8\xf90J\x81\xc4\xb9R\xe3\x03\xe4\xad\xd5&A\x02\xc8\xa9\xfe\xcb\x87\xd9\xd3\x84\f\xc08T~\xc4\xbd\x90?\x1f\x9c\x9b0\x19 \x9f\xd1p`\xc0/\x00u\x19\x1d\xac\xe8%\xb7\t\x9f4\xbb\x89\xe9\xc1\x81\xb0\xd6\xf7\x05\x16\xb9\xe9\xdc~\xd3\xa7\x1b\x9ffq\xd6\xef\xfe\x11\x7f-s\xe6;\x94\x1c^\x06\xdav;\xccD\x95sj/\x03\x00\x00\xac\xe5N\xea\x9eyl[[\xce5\xee\x05\x9c\x96\x87\x9dp\xea?/\xcb\x9a\xaa5\'Q\fuG\x81\x8a@\x97M=v\xfep\xf3\x93\x9d\x7f@9\xc0\xd2\xf1#\xe7N\x89\xf8\xe8+\xa1\x82\x13\xb2\xa9\xef\xa5\xf8\x8b \x00\x9ev\x92\x0e\xd1\x1f\x17Dx[\xad\xb0\x9d/\x96\xe42mO\x9fh\xea\xf3\x14\xcd\x96\x89_)2\xe2\xd6\x81\x00b\xaf;\x92T\xafz\x94\x9fG\xfb\xfd|&k\x03\xd7;\x9ay\xee\xf9W?\xb3\xf9\xf8I.E4\xc3eWq\xfa\":$\xd0\x17Q\x94\xf5\xe5mk\x8e&\xf1\x89\x02r>*\xce\x99\x04\xb9\x90\xbc\xc9#\xc5\xdf\x13\xd2K\x8b\xf5\f\xb2x\xdd\xd5\xb4\xa9^~O<\x12\xe3\xc2Ru2Ht\re\xa1\xf6\xbd\xaa\xb0\x83}i\xc3P|7\xc4\xc8\xb1r0Z\x98\x87^\xc8C\x1b\x96\xb4lsyF\xc5\xbc\xffOE\xe9\xd70\xe7\xfep\x83\xa7\xa1\xd9\xe4\xba\x92\x17\xbf\xe0\xe1\x01\xb7\x8b\x18j\x19n\xc8\xff\xe9\xf4\xf4\xcf a\xd7_w\x0f\x9dF\xae\xccAV\xac\x11\xa4\xdd\xb7\xe7\x1a\xa4O\xb4\xed\xc8\xccH\xd1=\x81\x00\x00\x00\xc7;Lb\xce\x1a\xcc\x98\xe8\xe9e\xe0\xc2N\xe7\xd7\x1d\x92\x87F8\x9e\xd6\xdd\xdaW\xf5X\x80\xa0f\xceo\xd8\x7f\xc0\x96\bSB\xce&\x04$\xc3\xe31U\x84\x82\xf0{i\x1d\x02\x10\x86C\x01^\xcf\x93?w\x01\x84\xa0\xd6\xa2\x10\xa4\xfcG\xabD\xd6dGZ\xb2Cx\x1b\xfdD9\x17U\xf0\x16K\xf9&@\xb1[\xe2j$F1n@\xde\n%t.[\xad\xb5\f<o\xdb\xa4\x90\xc4\xd0I\xa6\x96\xa1\x00\xbb\xdd\x94\x00t/1YekG\x7f\xbdrI\x1e\x8a4=\xa2\xe9\x82<\x9e|\xf5#\x7f\xa8\x1f\x14\x82ih\xf9?\x03Q\xf5\xc4\x95\x99 \xa7v~:$\x02O\xe3\xaa\x1f\x00\xebk\'\xd2q\x10\x1e\x94n\xd7w\xb1\xc8G\x89\xf4\x8ct\xf9R\x850\b,r\xc6r\xf7=\xfe\xc1\x16\xe6\xee\xbb:-h\x03;\xe5\x04\xd8\xa9\x9a\xd3\x05(\x7f|\xadU\xafe\x87V.i4$6U,R\x9b\n{\'\xfe1\xc4\xb09\x96\x87\xc0e\xab\xe7\xa9\xb4\x1a\n\xf5\xd7zuvz\x972\xd4\xfb\x13u2\xab\x18\x01~r\xbb\x06\x00\x00\x00\x00\x00\x00\x00U \x98\xb2\xe3I\xbd\x16T\xb75\xa6\a\xb7\xa1\x8d\xc9\x12\xb1\xbd\xbc\xd9c\xe9\"k\xee\x06\x83\xf4\xab\x18\x038\x8f\xc9^\x0f\xab\xea&P\b\xef#Z\x85\xf9V\xe6\xffA\xf6\xc3\xfc\xd4\xa0\xfd\x15N\xd3\xa0\x80\x9f\bU\xa63\xf6\xc9\xec\x01\'\t\x89(\xf9\x98B\xaf\xde*\x91\xd5k\xa1`d\xf0\x97\xc9e\xc1\"EC\x9a?x\x89\xf1`\x90D\xd1|%(\xd8\t\xea\xdfC\xce\x7fo+?v\xee\xc6bL\x1d\xbe\x84p\x8d\xa3\xec\xf7\xe0\xfe\x8c=<\xf2\x1f@\xc9\xcfw\xf3\x02\x1b\xde\xc3\x86\xe66E\xa7\x9c\xd3\xb6\xf5\xe0\x14\xb8\xd4`\x85\xe3;\x8c\xf8\xf2\xd9)\x0e\xd0\xff\xa5K\xf3\xf1\xc4\x18\xf4Z\xdci\x91\x84\xe8\xb7\x10\x90\xbc\xect\x13\xdfR\xe2\x80\xf8a\x92\xb2R\xdf0\xcdQ\xdf\x83\xbdjp,\xe8\xbb\xe6\xc6Db\xb8\xd6\xcd\x1ch3h\xcf<\x82\x97\xa5s/m\xb2\x1dd\xf7\xfc\xf5\xa9\x1d\xd34{\xcc\x1f\t,i\x16\x82\xad\x8e\xb6\x17\x0f\xaa\x85^/w\xbb~\xff\xce\x92\x90\x83\n\xe5\x14\x95\x92|\xfe-S%\x91i\xafh\x97z\x00@K\xbb\xc2\fcD\xff\xdc\x8a\xa1\xfaR\xbc\xd4k7L\x8a\xa3Z\xf9%{\xfax\x9a\x04\'/\x90\xe6\xe2\xe9\xf1@o\x0ez\xb8\xce\xbeF\x0fkE\xf4ry\x92n\xff\xcb\xf8e\xf3j\xc5[wK\x91\xdb\xf7-r\xd3\x1bx\x9b$\x91\x03q\x9e@\xd8R\x11\x05|\x8f\xb4\xc9\x16\x87C\xab\x96\xc4\xef\xea\xb9\r\xf5\xf3\xbe\x8a\t\xc7\x88\xc0sL;.\xcf\x1d\xc4^\xb0l\xbb\x97\xc5\xf6n\xca\x18M\xb8\x81\xff\xa9~\xf7\xa3\xa6\xd3\x15I\xecXG\x89\xa8\b\x8b\xcc\xe8\x88\xa07Z\x03\xa8.\x7f\x16qlk\xf1\xf1y\x8c\xd5\xd6|\xa1(\xf4\x12O\xca3\xf8%1\x8d\xd7\a\xfeJ\xe6\x8bc\xb3\x1bKC.\xafB\x8d\xdd\xf9\x1e\x9d\xa7\x13\x00\x14\xc7\xa1\xf3\x1e\xcb\x19\x13z`\xac\xf3\xd1x\x1b#}\xfaYR\xc5#Zoag@\x18\xfa*\xb4\xc4\x04\x03V\x87\xc5\xe7\xb5\x9bJ\x85-\x7f\xfe\xc0\xb7g\xe8\'`\x96q\x88[\xf8\xe8L\x12\x85\xf5t\x99\x0e}\xd3H\xed\xda\xf3>\xd8\x12\x8cXc5%\x03\x8d`\xdayC\x9b\x9a\xd9c\xe9\xb4\v\x99\x87\xe4\x00\x8a\x8eS\x8e\f\x05ZH\xa2\x0e\xbc\x9c\x95\b2Cf\x86\xbe\xd0\xda\x91\xc1sl\x11P\x93\xa5\x93\xc8\xf1w\x7fp6z\xbf\xe8[\'u\xb8\xd2$K\x12\rt\x87\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xfa$9N\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00r\xe2`\xdf\xd2\xb3\xaf\xe9\xc4!Z\xb4&\xa2\x12\xe2i\x91kC$A\xafR\xb3\xff\x1d=\xec\x10\xb4+\x13\'\x92>\x14\x00\a\xb6R\x8b\xdcz\xc3\xd1Y\xd6\xd9;s \xb0\x938\xb7D9\xdcX\xbd\xdbn\xe35\xa7\x02\x9c\xc1\xd9\x13?\xc9\xd7\xab\x9c\xf3\x82\xd1\xee^kk\xce\xdbn\x02\x1f\x80\t\xdbr\xa5\x13*\xec\x8c\xd4\xef\xad\x02W/p\x97\xb0\xbd\x8f\xdb|n2a\xee\x95u\x83\xca\x8a>}\xd3\xd0\xff6.pa\x17\xe3e\xd2\x7f\xf6\xbc\x9d\x112\x1b\x14<B\x91\xc0{{\x9d@\xb3a\xad\x14\xe9\xcc|\xd7\xa1\xc6\xb9F\x04\xce]\xb9YXZ\r\xb4\x05u\xda\x14R\xbd\xbd\f\xa4F;q\xec\x83\x9bM\x93\xa4\x9c\xdd\x93\xa0\x82E\x02d\xd4RAI\xd9O\x17\xa6P#\xa35\a\xf6\xbb\t>p\xa1\xd6u\xefn\xb4\xa3\x05D\x8c\xc5l\xcc\b\xeb\xf42\xe9\xf15\xf3\xf2\xee\xd6\xed\t\xb3\xf7\x1a\x7f\xe6\xb4z\x19\xe1\xb4w\xf7\xa6\xd7\\\xfa\x96\xe2\xf9\xb1\x81\xba\xdfg\xadI\x1c\xde*_\xd5\xdf\xeeA\xcd \x91\xc9\xd4\xd1\xcd*.t\x80]\x00\x00\x00\x00\x05ne-V\x11\x13\xbb\xd7\x1dV\x93\x15\xa1\x9a\xa9\xab_H\x00\x00\x00\x00\x00\x00\x00\x00\x00\x99\xf8\x89\xf3J@\x17\xe8\xa0\x1e\x9d\"\xa0s\xf1XNfC\xc2\xec\x00\x9da\xec\x1c-JcF\x81i\xe5\x12\xcc\xba\xea*\x80\xa5\x13\x0e\x91]\xae\x0e\x13\xcej-6\x11\x01\x93\xda\x0e\v\xa0\xc8\xd2NP\xf6\xdfM\xc1\x8b\xf0\xed @ \x18\xb6\x12\xefu\xf3\xc52\x89\xe2\x11\xce\xa2\xc0\x9b&\xf1~8\xd3\x87t#D\xa6\xe0S\xa9Av\t\xc9B\xf6\xfa\xff\x11\x10]\x88\x86\xfc\x88R[\b\az\xce\x8a\xaa\x96\x14v\x93\x02C\x00\xc9\xa3b\x8d\x9c\xbal\xee\xd8w\xaeDt\xe8\x04\xe7\xb0\x99\xa3\xef#\x85Q!V\xe9\xc0i\xf4\xa6\xb2[\xd4J\x81&\x1b\x85\x04\xc0\xed\n\xffx\x0e\xa8\xb1\x962\xf8\xf0\x87\xaf\x18\x19\x84', 0x5)
r1 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00')
r2 = memfd_create(&(0x7f00000002c0)='D\xa3\xd5Wj\x00\x00\x8b\x14\xc2\xac\x1a\x1a\vG\xa9~vB\xbc\t\x00\x00\x00VoA\xaa\xbc\xee[\xe1\xa2\xe0\xff\x04\x00\x9b\x12\x0eW\xcf\t\xb0\xa9 +H/\xfd\xa4\xcaN\x84\xadS\x8bqE\x99\x01t\xb1\x1f|\x99PL\x92\x8f\xc2y\xcd\x8cj\x03X\x05\x17mwI\xf0\x01\xe5z\xcdJ)\xc7\xfa)\xaa}\xef\xde\xf5\xcd\xb1o5\x18\xd6\v\x85q\x98\x9bB\xb9\xea\xe7\xff\x7f\x00\x00T\xc0\xd2\t?\bpBl\xf4\x86\xd4\xc9\xe3\x8f\xd9\x9f\x15\x1e\xf2\x18\r\xad\b\xe0\x96NH\x85\r+\xfc\xb3\xdd\xddhg(\x03\xa7\x92\xe5\x00+h\xb7@#K\x9cMY\xd3\x9b\b-G\xb1\xdaS\x81\xb2\x93\xb83\x8a\x94*\x8d\\\b\xff/\xf8A\xaf\\\xaa\xf5u\xde\xfa\xa1\xc0\xf9&gR\x81.\xff\x83k\xe6\rDa\x16\xbd\x1a\xb2w\b\x00'/244, 0x0)
write(0xffffffffffffffff, &(0x7f00000000c0)="6963e64243ea486da3a74e3deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b0000", 0x31)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
r3 = dup3(r1, r2, 0x0)
fchdir(r3)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000080)=ANY=[@ANYBLOB="9feb010018000000000000002400000024000000298700020200000083e7d89e0000000b030000000000000000fd453323000a000000"], 0x0, 0x3e}, 0x20)
r4 = inotify_init1(0x0)
r5 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r5, 0x84, 0x76, &(0x7f0000444ff8)={0x0, 0x7}, 0x8)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r5, 0x84, 0x75, &(0x7f0000000000)={0x0, 0xca}, 0x8)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r3, 0x84, 0x64, &(0x7f0000000040), 0x0)
sendmmsg$inet6(r5, &(0x7f0000003c40)=[{{&(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000140)="03", 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r5, 0x84, 0x77, &(0x7f00000003c0)=ANY=[@ANYRES32=0x0, @ANYBLOB="0300f2f192e1f00b62f4e647741e2d9980cdaee7451dd34368baa3460443c2233b944f550387769275029252c060bf05f8fd6759750c7b92de02ef3dff92941578600ddfe95dc5b4e28cc2f8d4d6900be4bab163dc626affad"], 0xa)
inotify_add_watch(r4, &(0x7f0000000040)='.\x00', 0x80000200)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x2000002, 0x10812, r0, 0x0)
r6 = memfd_create(&(0x7f0000000900)='\x00\xc76\xbe\x91\x8d\x182)!\x9a%\xa2\xd28\xd6\x06\a\x0e\xfc\xfe\x12\x8f&\x13\xae%@T\xa3\xb0>\\\xec\xa9\xf9Q@6A\x10\x8cn|\x00\x00\x00\x00\x00\x00\x00\x00\xeb0\xdd\xe8\x87\x05=\xfb\x8b$\xdcQ\xee\xc5\x1f\x8bQ\xf7fo\"i\xa1hk\x1d\xf5z\xc1\x7f\xa4\\]\xc4\xbe3\xf9\xa8\t?:\xd8\xda\x84\xeepI[\x1c\x00\x00\x00\x00\xf9v\x00\x00\x00\x00\x00T\xb6\xbe\x0f~\xc0\x92\xe9O{\xa8\x81(\x01\x14\xfc\x83\xf9\xfb\x05\x94Tr@Lq]\xf9\x15zj\x87\xc4\x8e\xe8/\xb9-&R\x8e\xb2\xb3bBx\x1e1\x18\x8f\x19\xf7]#\xed,\xc7\x11\tp\xf4\xa3\xee\xcb\xaf\xb3\xe3\'}\x18\xe8O\xa8#K\xb6\xe4U\x92\xd2\x99\xb8<X\xfa\xdd\x8a6\xa1\x82\xf7r\xd8z\x85\x8do\xa5\xed\xd4\xbc8\xfb\x16\x8e\x8b-W\xd4\xc9\xbc\x94CR[Du8U^\xf2tl8\xfe\xd0\x94\xfe\xf5\x1c+\x00U\te\xfa6\xca\xb9\xb4Q\xd9\xee\r6\x861h{\xc7z\'F\xc7\x91\x06x\xe1`\xf1:\xbd+\xd5\f\xb2\xce\xa4\x06\x90\x90\x9b\x1d\xcaa\xf7\x8f\x9e\x80\x93\xafT\xdfl\xec\xc6\x8e\x96\r[n\xc6\x99\x1fr<\x06\xb3\xbcT\x00\xda6\x18/\x18\x92%\xa4\xde^\x17\x8d\xeai\xdc\xe7\xca\t\xed\xb3\xaa\xaf\xe8\n\xe9\x18\x12Q\x9f\xba\xffl\xad\x7fW\xaaF\bs\xa2\xc4\xa2\xea\xd1\x8e<\xe8u\xdd\x7f\'\'\x1e\x9bY\xd5\r\x90\x9fr\x02\xbf\xe1O\v\xfe\x9ef\xd4\xfeT\xa2s\xb46\x84\xeaY\xae\x14\xec\n\xcfM\x87\x06a+mpI\x1d\xb6\xfe\xbd\x87\xe3\xcf2\xb6\xae\xe41\xce\x9b\xcc\xf9dy\x02<d\x1f\x8fM\x97\xfc\xe4\x92\xf9d\x00(y\xe6Y\xaf\xd9\x8c\x9d\xf1t\xab&\xb1\xbe~S?\xd6)\x10\xed\xb9\xe0\xd9\xafs\x96Q\xbd\xb6\x82^#\x84A\xdc\x81B\x0e\x95\xac\xc6=z\xec\xfa\xb1\x91\rI\x90\xac\x17X\xfd\\\xa4K8p9\x18rd\xca\xc9<e\x8c{5\xbdfDv\xd0\x17\xd7e\xe1\xa6\xba\xd8(\x83\x00\xe5\xe80\x80\xc4\xc6W\x86\x0fo$\x1a\xb3J\xacE[\x80@\x18CA\xea\xfa\xfe\xe5\x7f\x1f\xf4\xe0\f\xe84]\xbe\x00d\awv\xb8\x0f\xce\xe8G>\xb48ogK\x93(\xf5\x03G\xf7\x8a_\x8e[l\xa5\xa2\xec\xe3\xb3~qG\xfc\x84K\xfb\x87\x17\x8a\xa6;\xfe\x18\xf2\xdc\xacc;\x15\xe4\xcfT\xbf\x0fnU\x9a\b\xb7\x83\xb3\x1a\xcc\xde\xcf=\x9b\xe3T\xf3\x024\x93\x85\x1bf\xba\x99R B\xef^Rs\x18^\x8a\x06\xc1\x7f\xef\xe5\xeb\x88\xd5\x95=\f\b\x8fp\x01t\xbeI\xd8\x88\xa8p\x16\x15j', 0x4)
ioctl$FS_IOC_RESVSP(r6, 0x402c5828, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x100})
r7 = socket$nl_generic(0x10, 0x3, 0x10)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f00000000c0))
faccessat2(0xffffffffffffffff, 0x0, 0x0, 0x0)
r8 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="180000000000000040000000000000009500000000000020"], &(0x7f0000000140)='GPL\x00'}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r8}, 0x10)
r9 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r9, &(0x7f0000000280)={0x1f, 0xffff, 0x3}, 0x6)
write(r9, &(0x7f0000000340)="05000000010000", 0x7)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), r7)
socket$nl_generic(0x10, 0x3, 0x10)

1.640808454s ago: executing program 3 (id=3238):
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "ef359f413bb93852f7d6d1ce5d29c3ee5e5ca9000f7c41499dc2aac63a4b78c660e677df701908b9aaa3f6a00400", "036c47c6780820d1cbe78969e3fdcf335263bdbcef549ba197fce47ddfc2553abd9501ce721b6ae9b49600002a00", "b7326736181c208220000000b9000000000000000000f0fffffffff2ff00"})
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0xfff, 0x7}, 0x48)
r1 = getpid()
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec85"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r2}, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
process_vm_readv(r1, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
r3 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000240)={0x3, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000020000000000000000000000850000008700000095"], &(0x7f0000000000)='GPL\x00'}, 0x80)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000680)={r3, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000040)="9e36d448b388dd965f7a3312779a", 0x0, 0xffffff80, 0xe8030000, 0x0, 0x0, 0x0, 0x0}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="189adbea15fbfe592551e7504bd7d60000000700", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0xa, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r4 = socket(0x10, 0x803, 0x0)
syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0)
syz_open_dev$usbfs(&(0x7f0000000100), 0x75, 0x0)
sendto(r4, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mount$tmpfs(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000300), 0x0, 0x0)
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000180)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto}]})
chdir(&(0x7f0000000140)='./bus\x00')
r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='mountinfo\x00')
r6 = open(&(0x7f0000000080)='./file1\x00', 0x12b842, 0x0)
sendfile(r6, r5, 0x0, 0x80000000)
recvmmsg(r4, &(0x7f00000003c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x64}, {&(0x7f0000000280)=""/85, 0xfe58}, {&(0x7f0000000fc0)=""/4096, 0x1000}, {&(0x7f0000000400)=""/106, 0x6a}, {&(0x7f0000000980)=""/60, 0x3c}, {&(0x7f0000000540)=""/75, 0x45}, {&(0x7f00000007c0)=""/154, 0x9a}, {&(0x7f00000001c0)=""/17, 0x11}], 0x8, &(0x7f0000000600)=""/191, 0xbf}}, {{&(0x7f00000008c0)=@l2tp={0x2, 0x0, @empty}, 0x0, &(0x7f0000000340)=[{&(0x7f0000001fc0)=""/4096}, {&(0x7f0000000a40)=""/165}, {&(0x7f0000000b00)=""/179}, {&(0x7f0000000bc0)=""/177}, {&(0x7f0000000c80)=""/189}, {&(0x7f0000003800)=""/4096}, {&(0x7f0000000d40)=""/102}], 0x0, &(0x7f0000000dc0)=""/129}, 0x7}], 0x1, 0xc0010021, &(0x7f0000003700)={0x77359400})
socket$inet6_udp(0xa, 0x2, 0x0)
r7 = socket$inet6(0xa, 0x80002, 0x88)
bind$inet6(r7, &(0x7f0000000000)={0xa, 0x10000000004e20, 0x0, @mcast2, 0x6}, 0x1c)
setsockopt$SO_BINDTODEVICE(r7, 0x1, 0x19, 0x0, 0x0)

1.640294448s ago: executing program 2 (id=3239):
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
sendmmsg$inet_sctp(r0, 0x0, 0x0, 0x2400c845)

1.471607725s ago: executing program 2 (id=3240):
socketpair$unix(0x1, 0x0, 0x0, 0x0)
r0 = socket$inet(0x2, 0x0, 0x0)
sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0)
socket(0x0, 0x3, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x2, 0x0)
r1 = getpid()
process_vm_readv(r1, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
openat$rtc(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
mount$cgroup(0x0, 0x0, &(0x7f00000001c0), 0x0, 0x0)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x2004004)
r3 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc)=<r4=>0x0)
timer_settime(r4, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
fcntl$setown(0xffffffffffffffff, 0x8, r3)
waitid(0x0, 0x0, 0x0, 0x0, 0x0)
r5 = socket$vsock_stream(0x28, 0x1, 0x0)
vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0)
bind$vsock_stream(r5, &(0x7f0000000440), 0x10)
listen(r5, 0x0)
r6 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r6, &(0x7f0000000000)={0x28, 0x0, 0x0, @local}, 0x10)
writev(r6, &(0x7f00000002c0)=[{&(0x7f0000000080)='?', 0x20000081}], 0x2)
sendmsg$nl_route(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x44}}, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
pipe2$9p(0x0, 0x0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, 0x0)
syz_open_dev$usbmon(&(0x7f0000000200), 0x0, 0x12000)
syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')

808.331648ms ago: executing program 0 (id=3241):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
setsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, &(0x7f0000000040)=0xb6, 0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000000300)=""/102400, 0x19000)
syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x2, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000100), 0x141a42, 0x0)
mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file2\x00', 0x81c0, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x1, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe)

386.528026ms ago: executing program 2 (id=3242):
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x2000)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000540)={'wlan1\x00'})
shmget$private(0x0, 0x3000, 0x0, &(0x7f0000ffd000/0x3000)=nil)
r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
r2 = open(&(0x7f0000000100)='./bus\x00', 0x0, 0x13a)
ftruncate(r2, 0x3f)
mmap(&(0x7f00005c6000/0x1000)=nil, 0x1000, 0x27ffff7, 0x10010, r2, 0x2f473000)
ioctl$SCSI_IOCTL_SEND_COMMAND(r1, 0x1, &(0x7f0000000380)=ANY=[@ANYBLOB="02000000000f"])
r3 = socket$igmp6(0xa, 0x3, 0x2)
getsockopt$MRT6(r3, 0x29, 0x1, 0x0, &(0x7f0000000940))
shmat(0x0, &(0x7f0000ffb000/0x2000)=nil, 0x5000)
mbind(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x3, &(0x7f0000000080)=0x1, 0x50, 0x0)
mbind(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x2, &(0x7f0000000040)=0x7, 0x1b, 0x0)
ioperm(0x0, 0x3, 0x3e)
getgid()
syz_emit_vhci(&(0x7f00000001c0)=ANY=[@ANYBLOB="040f04f5ff04"], 0x7)
r4 = socket$tipc(0x1e, 0x2, 0x0)
getsockopt$sock_int(r4, 0x1, 0x2f, 0x0, &(0x7f0000000140))
socket$inet6_mptcp(0xa, 0x1, 0x106)
r5 = syz_usb_connect$cdc_ecm(0x2, 0x56, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000002000040250244000101000000090400000302060000052406000005240000000d240f0100000000000000000909058103ff0300000009058202100000000009050302ff0300"/86], 0x0)
syz_usb_control_io$cdc_ecm(r5, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(0xffffffffffffffff, &(0x7f0000002840)={0x14, 0x0, &(0x7f0000002800)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
unshare(0x48040b00)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x400000a, 0x8010, r0, 0x2000)
write$binfmt_script(0xffffffffffffffff, 0x0, 0x0)
r6 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$EBT_SO_GET_ENTRIES(r6, 0x0, 0x82, &(0x7f0000001100)={'broute\x00', 0x0, 0x0, 0x0, [0x0, 0x0, 0x1000000000000, 0x20000000003, 0x8], 0x0, 0x0, 0x0}, &(0x7f0000000000)=0x78)
read$FUSE(0xffffffffffffffff, &(0x7f0000000580)={0x2020}, 0x2020)
syz_open_procfs(0x0, &(0x7f00000000c0)='net/wireless\x00')

265.060575ms ago: executing program 3 (id=3243):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x0, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000240)={0x1f, 0x21, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe)
setsockopt$bt_BT_FLUSHABLE(r0, 0x112, 0x8, &(0x7f00000000c0)=0x1, 0x4)
write$binfmt_script(r0, 0x0, 0x0)

151.138266ms ago: executing program 3 (id=3244):
syz_genetlink_get_family_id$tipc2(&(0x7f00000006c0), 0xffffffffffffffff)
sendmsg$TIPC_NL_MEDIA_SET(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="01030026bb3d4f00000007000000040004c1820000000008"], 0x20}}, 0x0)
r0 = syz_genetlink_get_family_id$ipvs(0x0, 0xffffffffffffffff)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f00000001c0)={0x1, @pix={0x0, 0x2, 0x0, 0x0, 0xfffffffa, 0xd9, 0x7, 0x1, 0x0, 0x1, 0x1}})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000640)=@raw={'raw\x00', 0x3c1, 0x3, 0x2bc, 0x128, 0x2b8, 0x182, 0x128, 0x0, 0x1f4, 0x3a8, 0x3a8, 0x1f4, 0x3a8, 0x3, 0x0, {[{{@uncond, 0x0, 0xe0, 0x128, 0x0, {0x0, 0x1800}, [@common=@unspec=@limit={{0x3c}, {0x12000000, 0x4}}]}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'snmp\x00'}}}, {{@ipv6={@remote, @remote, [], [], 'macsec0\x00', 'netdevsim0\x00'}, 0x0, 0xa4, 0xcc}, @common=@unspec=@NFQUEUE3={0x28}}], {{'\x00', 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x318)
r2 = getpid()
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f00000003c0)={0xffffffffffffffff, 0x20, &(0x7f0000000380)={&(0x7f0000000600)=""/60, 0x3c, <r3=>0x0, &(0x7f0000000180)=""/59, 0x3b}}, 0x10)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0xd, 0xc, &(0x7f0000000bc0)=ANY=[@ANYRESHEX, @ANYRESDEC=r0], &(0x7f0000000140)='syzkaller\x00', 0xffffffff, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000500)='sched_kthread_work_execute_start\x00', r4}, 0x10)
socket$inet6(0xa, 0x0, 0x0)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0xfffffffd)
ioctl$KVM_CAP_HYPERV_ENFORCE_CPUID(r5, 0x4068aea3, &(0x7f0000000a80)={0xc7, 0x0, 0xfffffffffffffffe})
syz_emit_vhci(0x0, 0x1d)
process_vm_readv(r2, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x36}, {&(0x7f0000000b00)=""/157, 0x9d}], 0x2, &(0x7f0000008640)=[{&(0x7f0000000a00)=""/92, 0x5c}], 0x1, 0x0)
sendmsg$AUDIT_TRIM(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x10, 0x3f6, 0x200, 0x70bd29, 0x25dfdbfb, "", ["", "", ""]}, 0x10}, 0x1, 0x0, 0x0, 0x4004080}, 0x4000)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f00000000c0))
getrusage(0xffffffffffffffff, &(0x7f0000000980))
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$MRT6_ADD_MFC(0xffffffffffffffff, 0x29, 0xd2, 0x0, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=ANY=[@ANYBLOB="200000006a0001"], 0x20}}, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000000440)=[{&(0x7f0000001280)=""/64, 0x40}, {&(0x7f0000000080)=""/64, 0x40}], 0x2, 0x800000, 0x0)
syz_genetlink_get_family_id$l2tp(&(0x7f0000000480), 0xffffffffffffffff)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
ioctl$SNDCTL_DSP_SETTRIGGER(0xffffffffffffffff, 0x40045010, &(0x7f0000000040)=0x1000)
msync(&(0x7f0000952000/0x1000)=nil, 0x1000, 0x6)

150.424767ms ago: executing program 1 (id=3245):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000000000406c256d0000000000000109022400"], 0x0)
syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x34, 0x39, 0x9, 0x0, 0x0, {0x1}, [@typed={0x4}, @nested={0xc, 0x1, 0x0, 0x1, [@typed={0x6, 0x0, 0x0, 0x0, @str='\x05G'}]}, @typed={0x8, 0x2, 0x0, 0x0, @u32}, @nested={0x8, 0x7, 0x0, 0x1, [@typed={0x4}]}]}, 0x34}}, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
r2 = userfaultfd(0x1)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f00000000c0))
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$netlink(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000040)={0x18, 0x78, 0x1, 0x0, 0x0, "", [@typed={0x7, 0x0, 0x0, 0x0, @str='G\x00\x00'}]}, 0x18}], 0x1}, 0x0)
ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_NESTED_STATE(0xffffffffffffffff, 0x4080aebf, 0x0)
io_uring_setup(0x4d63, &(0x7f0000000080))
ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000040)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})
getpid()
openat$vimc1(0xffffff9c, 0x0, 0x2, 0x0)
ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, 0x0)
openat$vnet(0xffffff9c, 0x0, 0x2, 0x0)
syz_usb_connect$cdc_ncm(0x6, 0x6e, &(0x7f0000000800)={{0x12, 0x1, 0x300, 0x2, 0x0, 0x0, 0x1c0326d76f17158d, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0xd, 0x20, 0xf, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5, 0x24, 0x0, 0x10}, {0xd, 0x24, 0xf, 0x1, 0x6, 0x1, 0x8, 0x1}, {0x6, 0x24, 0x1a, 0x9, 0x15}}, {{0x9, 0x5, 0x81, 0x3, 0x20, 0x8, 0x3}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x40, 0x9, 0x72, 0xfa}}, {{0x9, 0x5, 0x3, 0x2, 0x20, 0x2, 0x1e, 0x56}}}}}}}]}}, &(0x7f0000000d80)={0xa, &(0x7f0000000140)={0xa, 0x6, 0x250, 0x4, 0x80, 0xf8, 0x0, 0x8}, 0x76, &(0x7f0000000880)={0x5, 0xf, 0x76, 0x6, [@ptm_cap={0x3}, @ext_cap={0x7, 0x10, 0x2, 0x10, 0x8, 0x6, 0x80}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0x4, 0x0, 0x1, 0x1}, @ss_container_id={0x14, 0x10, 0x4, 0xff, "2884b1a4831e640bab1fb68a3392f5f3"}, @ssp_cap={0x14, 0x10, 0xa, 0x8, 0x2, 0x1ff, 0xf00f, 0x44de, [0xc000, 0x410f]}, @generic={0x35, 0x10, 0xa, "c91d2bdf952d91b5a23e9920546d1d8847f5b101956165191a34521ccabb0a32dae1d99680494fbc3807ce8b92db9b504e04"}]}, 0x8, [{0x4, &(0x7f0000000640)=@lang_id={0x4, 0x3, 0x816}}, {0xdb, &(0x7f0000000900)=@string={0xdb, 0x3, "e2d0e284c24638a3e9ce9c9d5b64b6449895fa5f9744f686c77a4842734bc0f3f2b307a312272fafe506e8437308d17a09bf7fae1691dfd064facf6b5243288dbe5d98b294943f91789a8130cb7ba8ccfba194ae8c0b2d4d01b15f988ab2922b425fec992bbff1336a3aaff84db01845e49edb3064aa25bfcd102d877f3c8ab4ed80c5941c289da31d4fc34d532928c228d50ba00795c2134c52fe563608a5337fd3fae03da8a10548f530b46a5a0eced5474c086d1a7e92f1f613ce4a9b5d07b78ac64802cce5f66a0a9d9bd851d175ad903d25f03836d2e6"}}, {0x4, &(0x7f0000000a00)=@lang_id={0x4, 0x3, 0x1001}}, {0xec, &(0x7f0000000a40)=@string={0xec, 0x3, "d02871fe07bded1bb9bda6277828eb6831dbad6728e2fd2fa9649af754076c320e57d0981fd02c9ffb362eeb1b2741f91b559d9e04d691e3d60b2dac1e76402da6c04d45c6c327350f79b91f85d228071e6c42437dee012fa4f4f789fef5f7fb742796313baba37898dc1d59ad68849f6fca7f3716dc3310d248d376a4b91be1cf8a9288a38c128adad8ea3d27f2666b796fce97c0e22d7cab1fdfd389cfc79d886d556a6cf4a1db634b561e881681e5171e9f4a7024d0e58bd73af395a404d6eaaec297e6e3d1b8e77f2d86f4c9b819e2c19fe18846ab81fe17f1ca84a82cf70b170822b5aa6078234c"}}, {0x6e, &(0x7f0000000b40)=@string={0x6e, 0x3, "eecdb3706814cf1548ba8fdc0507a28347cbd8c2bd0555e74e949c2b1571fa6a8acc46517b0ba53a05ac2ad348a8f2fc03bf495785cce79dc575b37c5a3b35f7cf37a8ef9c33f478d9535d6aca55e5446dd8b1832e53a7152b042b794b35656cf12e3b21b35fe1f87a51da34"}}, {0x77, &(0x7f0000000bc0)=@string={0x77, 0x3, "9e9eb59200b6f5cfba37d093da4cfaefc807aa918c506f69e9ce74ff2990ed46e5a76e6906b3798f75888d6b0b9e19b326c5115a03ebcf86d69acbdcf12e957893a81eb49da926a1857c99e893087ddd2f673db9653b5ff41f8cd8147b21c9167a57af18e5f1549b6033a43694295290e117fcc449"}}, {0x99, &(0x7f0000000c40)=@string={0x99, 0x3, "ab6fe6e063e4d8d4f4091c373ef832175cd6685fd991a130d7d632e331e0b5ae00441ccbf094166a578eb8d81c6972e35204da13438bdc8eec0f1004ab1d573acfaae96bdba8336e4c99713b59a45fbaf8a990f5fa6a1e3edc487bdfb6e760d2bb34e4027ef99c1c9e5aa6d08f512b24d3185b920a34a50f836973b15f3b97adfda8c994263c1aa03928704cfcb137f702adec3cc7e5dd"}}, {0x6a, &(0x7f0000000d00)=@string={0x6a, 0x3, "e59f34542f249b467f084799a0c961b8ef6ba018ba8f276b89089b824572409796509ba335abe24cccbf73730bd71d2a20deff8fb950af1936b3e5d6ec9ca29fd8cb967c0697de8a04f205c599796509b4f7d13de5867d00c038e0fa8ec6f5190226e434aa49efb0"}}]})
ioctl$UFFDIO_COPY(r2, 0xc028aa05, &(0x7f0000000080)={&(0x7f0000c15000/0x1000)=nil, &(0x7f0000508000/0x4000)=nil, 0x1000})
syz_usb_control_io(0xffffffffffffffff, &(0x7f0000000240)={0x18, 0x0, 0x0, &(0x7f0000000840)=ANY=[], 0x0, &(0x7f0000000200)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x6, 0x0, 0x0, 0x0, 0xc0, 0x6, 0x1800}}}, &(0x7f0000000780)={0x44, &(0x7f0000000280)={0x40, 0x11, 0xf0, "678b54649b4d66e7901397ff69dc7d57b8ae72c82f3e135b48e2a2628f9da42adbb0ee4263ee19e55aded1e45fe187701d7a228b130b0085295304f5979a852be596bd715bbdc24be536c99ec3662915f3430401f69d8eda76abe3db80d02727e39963233f049e030d448ad9dea5d8c81482fd5370bf01833d2fb06380bc9c033f5a387563032c6fa85bddaa43417671518c62d77f7b2eab6e8d4eb0315c518648a9b77f9865a5aeac8a8533099cb4414e4f42b05ca1fb9b3101ebf1d6026d750507bc25444e32743228445a549a37929c1838a3e0f0f932f8ab3399a40cd46ea676fc635beadf49afb1642a6f128827"}, &(0x7f0000000380)={0x0, 0xa, 0x1, 0x86}, &(0x7f00000003c0)={0x0, 0x8, 0x1, 0xd}, &(0x7f0000000400)={0x20, 0x0, 0x4, {0x49c412e0632bd5c4}}, &(0x7f0000000440)={0x20, 0x0, 0x4, {0x140, 0x20}}, &(0x7f0000000480)={0x40, 0x7, 0x2, 0x5}, &(0x7f00000004c0)={0x40, 0x9, 0x1, 0x3}, &(0x7f0000000500)={0x40, 0xb, 0x2, 'p,'}, &(0x7f0000000540)={0x40, 0xf, 0x2, 0x2}, &(0x7f0000000580)={0x40, 0x13, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x15}}, &(0x7f00000005c0)={0x40, 0x17, 0x6, @multicast}, &(0x7f0000000600)={0x40, 0x19, 0x2, "2a10"}, &(0x7f0000000680)={0x40, 0x1a, 0x2, 0x5}, &(0x7f00000006c0)={0x40, 0x1c, 0x1, 0x4}, &(0x7f0000000700)={0x40, 0x1e, 0x1, 0x7}, &(0x7f0000000740)={0x40, 0x21, 0x1, 0x2}})
syz_usb_control_io$hid(r0, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000640)=ANY=[@ANYBLOB], 0x0, 0x0}, 0x0)

0s ago: executing program 3 (id=3246):
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000580)={0xffffffffffffffff, 0x0, 0x0}, 0x10)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000000)={'pim6reg1\x00'})
socket$inet_tcp(0x2, 0x1, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$MAP_CREATE_TAIL_CALL(0x0, 0x0, 0x0)
socket$nl_audit(0x10, 0x3, 0x9)
openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
r1 = socket(0x0, 0x803, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={0x0, 0x24}}, 0x0)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x2ba)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="3c0000001000850619fbb7c75150926b00000000", @ANYRES32=r2, @ANYBLOB="fe000400000000001c0012000c000100626f6e64000000000c0002000800010004"], 0x3c}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)=ANY=[@ANYBLOB="440000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b00010062617461647600000400028008000a00", @ANYRES32=r5, @ANYBLOB="08001f0004000000c5f2264bdade59d68477c77d0811ac5d86790a886f625fb337db0f51e32e5aa19df3ad0edecc255a23f7dc533774b4559e533d41264ed01adf371adb1fcbc6a1fa7b92c98a9acef87831c7e39bb2f1d79b2e1bee650b508d04b49f942c5ef2613fdcee571bb632f3d41aa0f1355bfe63ebe2b368ed0791eaa87d0d5f673ec3800d449e3e6db1efa2746a2102a27152c136978faaf5b3ef3f5bc33f954ee4b51eb4eaba52"], 0x44}}, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r7=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000640)={0x0, 0x7, &(0x7f0000000280)={&(0x7f0000000080)=ANY=[@ANYBLOB="2000000011005704000000000000000010000000", @ANYRES32=r7], 0x20}}, 0x0)

kernel console output (not intermixed with test programs):

g): (slave bond_slave_1): Releasing backup interface
[  685.793231][T10222] bond0 (unregistering): (slave macvlan0): Releasing backup interface
[  685.800783][T10222] bond0 (unregistering): Released all slaves
[  685.823111][T10222] bond1 (unregistering): (slave batadv2): Releasing backup interface
[  685.841925][T10222] bond1 (unregistering): Released all slaves
[  685.866611][T10222] bond2 (unregistering): (slave batadv3): Releasing backup interface
[  685.882342][T10222] bond2 (unregistering): Released all slaves
[  685.889634][ T5212] Bluetooth: hci0: command tx timeout
[  685.962662][T10222] bond3 (unregistering): (slave lo): Releasing active interface
[  685.972518][T10222] bond3 (unregistering): (slave lo): last VLAN challenged slave left bond - VLAN blocking is removed
[  685.989487][T10222] bond3 (unregistering): Released all slaves
[  686.100629][T15026] xt_NFQUEUE: number of total queues is 0
[  686.307741][T10222] tipc: Left network mode
[  686.325997][T14995] hsr_slave_0: entered promiscuous mode
[  686.335326][T14995] hsr_slave_1: entered promiscuous mode
[  686.342144][T14995] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  686.345698][T14995] Cannot create hsr debugfs directory
[  686.794829][T10222] hsr_slave_0: left promiscuous mode
[  686.813776][T10222] hsr_slave_1: left promiscuous mode
[  686.826126][T10222] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  686.830933][T10222] batman_adv: batadv0: Removing interface: batadv_slave_0
[  686.834669][T10222] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  686.837535][T10222] batman_adv: batadv0: Removing interface: batadv_slave_1
[  686.905067][T10222] veth1_macvtap: left promiscuous mode
[  686.907524][T10222] veth0_macvtap: left promiscuous mode
[  686.914353][T10222] veth0_vlan: left promiscuous mode
[  687.237876][T15043] ieee802154 phy1 wpan1: encryption failed: -22
[  687.978593][ T5212] Bluetooth: hci0: command tx timeout
[  688.426400][T10222] team0 (unregistering): Port device team_slave_1 removed
[  688.541304][T10222] team0 (unregistering): Port device team_slave_0 removed
[  689.308242][T15050] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2719'.
[  689.313322][T15054] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2720'.
[  690.048926][ T5212] Bluetooth: hci0: command tx timeout
[  690.319365][T14995] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  690.349279][T14995] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  690.357645][T14995] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  690.385817][T14995] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  690.535897][T10222] IPVS: stop unused estimator thread 0...
[  690.727891][T14995] 8021q: adding VLAN 0 to HW filter on device bond0
[  690.775241][T14995] 8021q: adding VLAN 0 to HW filter on device team0
[  690.803789][ T5253] bridge0: port 1(bridge_slave_0) entered blocking state
[  690.806643][ T5253] bridge0: port 1(bridge_slave_0) entered forwarding state
[  690.839430][ T5253] bridge0: port 2(bridge_slave_1) entered blocking state
[  690.842378][ T5253] bridge0: port 2(bridge_slave_1) entered forwarding state
[  691.101449][T14995] 8021q: adding VLAN 0 to HW filter on device batadv0
[  691.105507][ T1356] ieee802154 phy1 wpan1: encryption failed: -22
[  691.200857][T14995] veth0_vlan: entered promiscuous mode
[  691.224244][T14995] veth1_vlan: entered promiscuous mode
[  691.254805][T14995] veth0_macvtap: entered promiscuous mode
[  691.260442][T14995] veth1_macvtap: entered promiscuous mode
[  691.273932][T14995] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  691.278473][T14995] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  691.282755][T14995] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  691.287397][T14995] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  691.291771][T14995] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  691.296285][T14995] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  691.310395][T14995] batman_adv: batadv0: Interface activated: batadv_slave_0
[  691.325391][T14995] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  691.339488][T14995] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  691.343372][T14995] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  691.358747][T14995] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  691.363015][T14995] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  691.367101][T14995] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  691.383924][T14995] batman_adv: batadv0: Interface activated: batadv_slave_1
[  691.398677][T14995] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  691.402485][T14995] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  691.406092][T14995] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  691.410797][T14995] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  691.499136][T10220] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  691.502446][T10220] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  691.530700][T10220] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  691.534011][T10220] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  691.753251][T15108] xt_NFQUEUE: number of total queues is 0
[  691.955041][T15113] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2728'.
[  692.128994][ T5212] Bluetooth: hci0: command tx timeout
[  692.464100][T15123] x_tables: ip6_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING
[  692.904809][ T5253] hid-generic 0006:03FF:0000.002B: unknown main item tag 0x0
[  692.907764][ T5253] hid-generic 0006:03FF:0000.002B: unknown main item tag 0x0
[  692.912916][ T5253] hid-generic 0006:03FF:0000.002B: unknown main item tag 0x0
[  692.916028][ T5253] hid-generic 0006:03FF:0000.002B: unknown main item tag 0x0
[  692.924276][ T5253] hid-generic 0006:03FF:0000.002B: unknown main item tag 0x0
[  692.927212][ T5253] hid-generic 0006:03FF:0000.002B: unknown main item tag 0x0
[  692.930700][ T5253] hid-generic 0006:03FF:0000.002B: unknown main item tag 0x0
[  692.933742][ T5253] hid-generic 0006:03FF:0000.002B: unknown main item tag 0x0
[  692.936733][ T5253] hid-generic 0006:03FF:0000.002B: unknown main item tag 0x0
[  692.940258][ T5253] hid-generic 0006:03FF:0000.002B: unknown main item tag 0x0
[  692.943247][ T5253] hid-generic 0006:03FF:0000.002B: unknown main item tag 0x0
[  692.946074][ T5253] hid-generic 0006:03FF:0000.002B: unknown main item tag 0x0
[  692.949780][ T5253] hid-generic 0006:03FF:0000.002B: unknown main item tag 0x0
[  692.952767][ T5253] hid-generic 0006:03FF:0000.002B: unknown main item tag 0x0
[  692.955736][ T5253] hid-generic 0006:03FF:0000.002B: unknown main item tag 0x0
[  692.958888][ T5253] hid-generic 0006:03FF:0000.002B: unknown main item tag 0x0
[  692.961870][ T5253] hid-generic 0006:03FF:0000.002B: unknown main item tag 0x0
[  692.966331][T15140] IPVS: set_ctl: invalid protocol: 0 127.0.0.1:0
[  692.969476][ T5253] hid-generic 0006:03FF:0000.002B: unknown main item tag 0x0
[  692.972480][ T5253] hid-generic 0006:03FF:0000.002B: unknown main item tag 0x0
[  692.975547][ T5253] hid-generic 0006:03FF:0000.002B: unknown main item tag 0x0
[  692.981869][ T5253] hid-generic 0006:03FF:0000.002B: unknown main item tag 0x0
[  692.984937][ T5253] hid-generic 0006:03FF:0000.002B: unknown main item tag 0x0
[  692.987950][ T5253] hid-generic 0006:03FF:0000.002B: unknown main item tag 0x0
[  692.991094][ T5253] hid-generic 0006:03FF:0000.002B: unknown main item tag 0x0
[  692.994126][ T5253] hid-generic 0006:03FF:0000.002B: unknown main item tag 0x0
[  692.997220][ T5253] hid-generic 0006:03FF:0000.002B: unknown main item tag 0x0
[  693.000434][ T5253] hid-generic 0006:03FF:0000.002B: unknown main item tag 0x0
[  693.003517][ T5253] hid-generic 0006:03FF:0000.002B: unknown main item tag 0x0
[  693.006569][ T5253] hid-generic 0006:03FF:0000.002B: unknown main item tag 0x0
[  693.010359][ T5253] hid-generic 0006:03FF:0000.002B: unknown main item tag 0x0
[  693.013399][ T5253] hid-generic 0006:03FF:0000.002B: unknown main item tag 0x0
[  693.016514][ T5253] hid-generic 0006:03FF:0000.002B: unknown main item tag 0x0
[  693.019617][ T5253] hid-generic 0006:03FF:0000.002B: unknown main item tag 0x0
[  693.022680][ T5253] hid-generic 0006:03FF:0000.002B: unknown main item tag 0x0
[  693.025543][ T5253] hid-generic 0006:03FF:0000.002B: unknown main item tag 0x0
[  693.029399][ T5253] hid-generic 0006:03FF:0000.002B: unknown main item tag 0x0
[  693.032474][ T5253] hid-generic 0006:03FF:0000.002B: unknown main item tag 0x0
[  693.035568][ T5253] hid-generic 0006:03FF:0000.002B: unknown main item tag 0x0
[  693.038679][ T5253] hid-generic 0006:03FF:0000.002B: unknown main item tag 0x0
[  693.041757][ T5253] hid-generic 0006:03FF:0000.002B: unknown main item tag 0x0
[  693.044814][ T5253] hid-generic 0006:03FF:0000.002B: unknown main item tag 0x0
[  693.047876][ T5253] hid-generic 0006:03FF:0000.002B: unknown main item tag 0x0
[  693.050870][ T5253] hid-generic 0006:03FF:0000.002B: unknown main item tag 0x0
[  693.054163][ T5253] hid-generic 0006:03FF:0000.002B: unknown main item tag 0x0
[  693.057238][ T5253] hid-generic 0006:03FF:0000.002B: unknown main item tag 0x0
[  693.060674][ T5253] hid-generic 0006:03FF:0000.002B: unknown main item tag 0x0
[  693.063698][ T5253] hid-generic 0006:03FF:0000.002B: unknown main item tag 0x0
[  693.066761][ T5253] hid-generic 0006:03FF:0000.002B: unknown main item tag 0x0
[  693.069891][ T5253] hid-generic 0006:03FF:0000.002B: unknown main item tag 0x0
[  693.072926][ T5253] hid-generic 0006:03FF:0000.002B: unknown main item tag 0x0
[  693.075964][ T5253] hid-generic 0006:03FF:0000.002B: unknown main item tag 0x0
[  693.078955][ T5253] hid-generic 0006:03FF:0000.002B: unknown main item tag 0x0
[  693.081851][ T5253] hid-generic 0006:03FF:0000.002B: unknown main item tag 0x0
[  693.084820][ T5253] hid-generic 0006:03FF:0000.002B: unknown main item tag 0x0
[  693.087794][ T5253] hid-generic 0006:03FF:0000.002B: unknown main item tag 0x0
[  693.090981][ T5253] hid-generic 0006:03FF:0000.002B: unknown main item tag 0x0
[  693.094039][ T5253] hid-generic 0006:03FF:0000.002B: unknown main item tag 0x0
[  693.097062][ T5253] hid-generic 0006:03FF:0000.002B: unknown main item tag 0x0
[  693.100130][ T5253] hid-generic 0006:03FF:0000.002B: unknown main item tag 0x0
[  693.103120][ T5253] hid-generic 0006:03FF:0000.002B: unknown main item tag 0x0
[  693.106160][ T5253] hid-generic 0006:03FF:0000.002B: unknown main item tag 0x0
[  693.109295][ T5253] hid-generic 0006:03FF:0000.002B: unknown main item tag 0x0
[  693.112323][ T5253] hid-generic 0006:03FF:0000.002B: unknown main item tag 0x0
[  693.115298][ T5253] hid-generic 0006:03FF:0000.002B: unknown main item tag 0x0
[  693.117976][ T5253] hid-generic 0006:03FF:0000.002B: unknown main item tag 0x0
[  693.121093][ T5253] hid-generic 0006:03FF:0000.002B: unknown main item tag 0x0
[  693.123820][ T5253] hid-generic 0006:03FF:0000.002B: unknown main item tag 0x0
[  693.126783][ T5253] hid-generic 0006:03FF:0000.002B: unknown main item tag 0x0
[  693.130213][ T5253] hid-generic 0006:03FF:0000.002B: unknown main item tag 0x0
[  693.133177][ T5253] hid-generic 0006:03FF:0000.002B: unknown main item tag 0x0
[  693.136241][ T5253] hid-generic 0006:03FF:0000.002B: unknown main item tag 0x0
[  693.140156][ T5253] hid-generic 0006:03FF:0000.002B: unknown main item tag 0x0
[  693.143228][ T5253] hid-generic 0006:03FF:0000.002B: unknown main item tag 0x0
[  693.146275][ T5253] hid-generic 0006:03FF:0000.002B: unknown main item tag 0x0
[  693.149458][ T5253] hid-generic 0006:03FF:0000.002B: unknown main item tag 0x0
[  693.152507][ T5253] hid-generic 0006:03FF:0000.002B: unknown main item tag 0x0
[  693.155814][ T5253] hid-generic 0006:03FF:0000.002B: unknown main item tag 0x0
[  693.158852][ T5253] hid-generic 0006:03FF:0000.002B: unknown main item tag 0x0
[  693.161810][ T5253] hid-generic 0006:03FF:0000.002B: unknown main item tag 0x0
[  693.164874][ T5253] hid-generic 0006:03FF:0000.002B: unknown main item tag 0x0
[  693.167893][ T5253] hid-generic 0006:03FF:0000.002B: unknown main item tag 0x0
[  693.171042][ T5253] hid-generic 0006:03FF:0000.002B: unknown main item tag 0x0
[  693.174025][ T5253] hid-generic 0006:03FF:0000.002B: unknown main item tag 0x0
[  693.177057][ T5253] hid-generic 0006:03FF:0000.002B: unknown main item tag 0x0
[  693.180156][ T5253] hid-generic 0006:03FF:0000.002B: unknown main item tag 0x0
[  693.183173][ T5253] hid-generic 0006:03FF:0000.002B: unknown main item tag 0x0
[  693.186153][ T5253] hid-generic 0006:03FF:0000.002B: unknown main item tag 0x0
[  693.189319][ T5253] hid-generic 0006:03FF:0000.002B: unknown main item tag 0x0
[  693.192331][ T5253] hid-generic 0006:03FF:0000.002B: unknown main item tag 0x0
[  693.195345][ T5253] hid-generic 0006:03FF:0000.002B: unknown main item tag 0x0
[  693.198390][ T5253] hid-generic 0006:03FF:0000.002B: unknown main item tag 0x0
[  693.201446][ T5253] hid-generic 0006:03FF:0000.002B: unknown main item tag 0x0
[  693.204436][ T5253] hid-generic 0006:03FF:0000.002B: unknown main item tag 0x0
[  693.207434][ T5253] hid-generic 0006:03FF:0000.002B: unknown main item tag 0x0
[  693.210533][ T5253] hid-generic 0006:03FF:0000.002B: unknown main item tag 0x0
[  693.213527][ T5253] hid-generic 0006:03FF:0000.002B: unknown main item tag 0x0
[  693.216548][ T5253] hid-generic 0006:03FF:0000.002B: unknown main item tag 0x0
[  693.219521][ T5253] hid-generic 0006:03FF:0000.002B: unknown main item tag 0x0
[  693.222498][ T5253] hid-generic 0006:03FF:0000.002B: unknown main item tag 0x0
[  693.225502][ T5253] hid-generic 0006:03FF:0000.002B: unknown main item tag 0x0
[  693.228494][ T5253] hid-generic 0006:03FF:0000.002B: unknown main item tag 0x0
[  693.231446][ T5253] hid-generic 0006:03FF:0000.002B: unknown main item tag 0x0
[  693.234464][ T5253] hid-generic 0006:03FF:0000.002B: unknown main item tag 0x0
[  693.237534][ T5253] hid-generic 0006:03FF:0000.002B: unknown main item tag 0x0
[  693.240642][ T5253] hid-generic 0006:03FF:0000.002B: unknown main item tag 0x0
[  693.243671][ T5253] hid-generic 0006:03FF:0000.002B: unknown main item tag 0x0
[  693.246652][ T5253] hid-generic 0006:03FF:0000.002B: unknown main item tag 0x0
[  693.251774][ T5253] hid-generic 0006:03FF:0000.002B: unknown main item tag 0x0
[  693.254719][ T5253] hid-generic 0006:03FF:0000.002B: unknown main item tag 0x0
[  693.265327][ T5253] hid-generic 0006:03FF:0000.002B: unknown main item tag 0x0
[  693.268257][ T5253] hid-generic 0006:03FF:0000.002B: unknown main item tag 0x0
[  693.272966][ T5253] hid-generic 0006:03FF:0000.002B: hidraw1: VIRTUAL HID v7fffff.ff Device [syz1] on syz0
[  693.713785][ T5212] Bluetooth: Unknown BR/EDR signaling command 0x0d
[  693.717164][ T5212] Bluetooth: Wrong link type (-22)
[  693.719852][ T5212] Bluetooth: Unknown BR/EDR signaling command 0x10
[  693.722619][ T5212] Bluetooth: Wrong link type (-22)
[  694.958709][T15160] syz.0.2740 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  695.006703][T15160] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2740'.
[  695.096372][T15162] 9pnet_fd: Insufficient options for proto=fd
[  695.885511][ T5212] Bluetooth: hci0: unexpected event 0x04 length: 11 > 10
[  696.193949][T15183] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2747'.
[  696.317570][T15187] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2749'.
[  696.322359][T15187] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2749'.
[  696.475057][T15190] 9pnet_fd: Insufficient options for proto=fd
[  696.578438][ T5252] usb 8-1: new high-speed USB device number 124 using dummy_hcd
[  696.738822][ T5252] usb 8-1: device descriptor read/64, error -71
[  697.030619][ T5252] usb 8-1: new high-speed USB device number 125 using dummy_hcd
[  697.167218][T15202] Bluetooth: MGMT ver 1.23
[  697.208416][ T5252] usb 8-1: device descriptor read/64, error -71
[  697.338622][ T5252] usb usb8-port1: attempt power cycle
[  697.371293][T12100] Bluetooth: Unexpected start frame (len 0)
[  697.473821][T12100] Bluetooth: Unknown BR/EDR signaling command 0x0d
[  697.476228][T12100] Bluetooth: Wrong link type (-22)
[  697.478641][T12100] Bluetooth: Unknown BR/EDR signaling command 0x10
[  697.481321][T12100] Bluetooth: Wrong link type (-22)
[  697.778586][ T5252] usb 8-1: new high-speed USB device number 126 using dummy_hcd
[  697.829067][ T5252] usb 8-1: device descriptor read/8, error -71
[  697.900003][T12100] Bluetooth: hci0: command tx timeout
[  698.108427][ T5252] usb 8-1: new high-speed USB device number 127 using dummy_hcd
[  698.150156][ T5252] usb 8-1: device descriptor read/8, error -71
[  698.273324][ T5252] usb usb8-port1: unable to enumerate USB device
[  699.248657][ T5212] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  699.968517][ T5212] Bluetooth: hci0: command 0x0c1a tx timeout
[  700.167847][T15220] fuse: Bad value for 'user_id'
[  700.172549][T15220] fuse: Bad value for 'user_id'
[  700.193472][T15222] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2757'.
[  700.237654][T15228] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2761'.
[  700.249773][T15225] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2759'.
[  700.568526][  T824] usb 8-1: new high-speed USB device number 2 using dummy_hcd
[  700.720700][  T824] usb 8-1: device descriptor read/64, error -71
[  701.021354][  T824] usb 8-1: new high-speed USB device number 3 using dummy_hcd
[  701.188802][  T824] usb 8-1: device descriptor read/64, error -71
[  701.314563][  T824] usb usb8-port1: attempt power cycle
[  701.569743][T12100] Bluetooth: Unexpected start frame (len 0)
[  701.738708][  T824] usb 8-1: new high-speed USB device number 4 using dummy_hcd
[  701.748675][T12100] Bluetooth: Unknown BR/EDR signaling command 0x0d
[  701.751374][T12100] Bluetooth: Wrong link type (-22)
[  701.753515][T12100] Bluetooth: Unknown BR/EDR signaling command 0x10
[  701.756493][T12100] Bluetooth: Wrong link type (-22)
[  701.787205][  T824] usb 8-1: device descriptor read/8, error -71
[  702.090060][  T824] usb 8-1: new high-speed USB device number 5 using dummy_hcd
[  702.139013][  T824] usb 8-1: device descriptor read/8, error -71
[  702.271052][  T824] usb usb8-port1: unable to enumerate USB device
[  702.288426][ T5212] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  702.292357][T12100] Bluetooth: hci0: command 0x0c1a tx timeout
[  703.355401][T15264] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.2772'.
[  703.365252][T15264] openvswitch: netlink: IP tunnel attribute has 3048 unknown bytes.
[  703.453607][T15266] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2773'.
[  703.528723][T15270] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2775'.
[  703.538017][T15270] FAULT_INJECTION: forcing a failure.
[  703.538017][T15270] name failslab, interval 1, probability 0, space 0, times 0
[  703.548397][T15270] CPU: 2 PID: 15270 Comm: syz.1.2775 Not tainted 6.10.0-syzkaller-08676-g720261cfc732 #0
[  703.552965][T15270] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  703.558650][T15270] Call Trace:
[  703.560127][T15270]  <TASK>
[  703.561317][T15270]  dump_stack_lvl+0x16c/0x1f0
[  703.563481][T15270]  should_fail_ex+0x497/0x5b0
[  703.565248][T15270]  should_failslab+0x9/0x20
[  703.567213][T15270]  kmem_cache_alloc_noprof+0x6e/0x2f0
[  703.569491][T15270]  ? xfrm_state_alloc+0x23/0x510
[  703.571770][T15270]  xfrm_state_alloc+0x23/0x510
[  703.573846][T15270]  xfrm_add_acquire+0xf2/0xae0
[  703.575728][T15270]  ? __pfx_xfrm_add_acquire+0x10/0x10
[  703.578071][T15270]  ? __nla_parse+0x40/0x60
[  703.579807][T15270]  ? __pfx_xfrm_add_acquire+0x10/0x10
[  703.581889][T15270]  xfrm_user_rcv_msg+0x58c/0xb30
[  703.584007][T15270]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  703.586148][T15270]  ? hlock_class+0x4e/0x130
[  703.587886][T15270]  ? __lock_acquire+0x1620/0x3cb0
[  703.589695][T15270]  ? __mutex_trylock_common+0xea/0x250
[  703.591993][T15270]  netlink_rcv_skb+0x165/0x410
[  703.594080][T15270]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  703.596331][T15270]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  703.598322][T15270]  ? __mutex_lock+0x1a6/0x9c0
[  703.599958][T15270]  ? netlink_deliver_tap+0x1ae/0xcf0
[  703.601761][T15270]  xfrm_netlink_rcv+0x71/0x90
[  703.603824][T15270]  netlink_unicast+0x544/0x830
[  703.605987][T15270]  ? __pfx_netlink_unicast+0x10/0x10
[  703.608219][T15270]  ? __phys_addr_symbol+0x30/0x80
[  703.610094][T15270]  ? __check_object_size+0x48e/0x720
[  703.612080][T15270]  netlink_sendmsg+0x8b8/0xd70
[  703.614023][T15270]  ? __pfx_netlink_sendmsg+0x10/0x10
[  703.616185][T15270]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  703.618823][T15270]  ____sys_sendmsg+0x9b4/0xb50
[  703.621233][T15270]  ? __pfx_____sys_sendmsg+0x10/0x10
[  703.623809][T15270]  ? get_compat_msghdr+0x11b/0x170
[  703.626374][T15270]  ? __pfx___lock_acquire+0x10/0x10
[  703.629036][T15270]  ___sys_sendmsg+0x135/0x1e0
[  703.631084][T15270]  ? __pfx____sys_sendmsg+0x10/0x10
[  703.633124][T15270]  ? ksys_write+0x21c/0x260
[  703.634917][T15270]  ? __fget_light+0x173/0x210
[  703.636804][T15270]  __sys_sendmsg+0x117/0x1f0
[  703.638919][T15270]  ? __pfx___sys_sendmsg+0x10/0x10
[  703.641525][T15270]  __do_fast_syscall_32+0x73/0x120
[  703.644084][T15270]  do_fast_syscall_32+0x32/0x80
[  703.646228][T15270]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  703.649134][T15270] RIP: 0023:0xf7f7f579
[  703.651017][T15270] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  703.658602][T15270] RSP: 002b:00000000f5d3656c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  703.662602][T15270] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000200003c0
[  703.665428][T15270] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  703.668122][T15270] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  703.670811][T15270] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  703.673462][T15270] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  703.676320][T15270]  </TASK>
[  703.815356][T15274] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2776'.
[  705.058745][T15292] xt_NFQUEUE: number of total queues is 0
[  705.408357][T12100] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  705.408422][ T5212] Bluetooth: hci0: command 0x0c1a tx timeout
[  705.419642][T15298] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2784'.
[  705.436868][T15298] batadv0: entered promiscuous mode
[  706.084591][T15309] syz.1.2787 (15309) used greatest stack depth: 20912 bytes left
[  706.385491][T15316] random: crng reseeded on system resumption
[  706.649599][T15314] vivid-003: =================  START STATUS  =================
[  706.674444][T15314] vivid-003: Radio HW Seek Mode: Bounded
[  706.679322][T15314] vivid-003: Radio Programmable HW Seek: false
[  706.682433][T15314] vivid-003: RDS Rx I/O Mode: Block I/O
[  706.691709][T15314] vivid-003: Generate RBDS Instead of RDS: false
[  706.695153][T15314] vivid-003: RDS Reception: true
[  706.707177][T15314] vivid-003: RDS Program Type: 0 inactive
[  706.711422][T15314] vivid-003: RDS PS Name:  inactive
[  706.714035][T15314] vivid-003: RDS Radio Text:  inactive
[  706.717382][T15314] vivid-003: RDS Traffic Announcement: false inactive
[  706.727601][T15314] vivid-003: RDS Traffic Program: false inactive
[  706.734238][T15314] vivid-003: RDS Music: false inactive
[  706.740448][T15314] vivid-003: ==================  END STATUS  ==================
[  707.305325][T15327] netlink: 168 bytes leftover after parsing attributes in process `syz.2.2791'.
[  707.310013][T15327] netlink: 168 bytes leftover after parsing attributes in process `syz.2.2791'.
[  707.316091][T15327] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(7)
[  707.319153][T15327] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  707.324456][T15327] vhci_hcd vhci_hcd.0: Device attached
[  707.340449][T15328] vhci_hcd: cannot find a urb of seqnum 0 max seqnum 0
[  707.356925][T10215] vhci_hcd: stop threads
[  707.356939][T10215] vhci_hcd: release socket
[  707.356955][T10215] vhci_hcd: disconnect device
[  710.136670][T15372] random: crng reseeded on system resumption
[  710.528438][ T6659] usb 7-1: new high-speed USB device number 104 using dummy_hcd
[  710.720647][ T6659] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  710.729811][ T6659] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  710.735726][ T6659] usb 7-1: New USB device found, idVendor=041e, idProduct=2801, bcdDevice= 0.00
[  710.739934][ T6659] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  710.746054][ T6659] usb 7-1: config 0 descriptor??
[  711.148425][   T57] usb 8-1: new high-speed USB device number 6 using dummy_hcd
[  711.190147][ T6659] prodikeys 0003:041E:2801.002C: hidraw1: USB HID v0.00 Device [HID 041e:2801] on usb-dummy_hcd.2-1/input0
[  711.298450][   T57] usb 8-1: device descriptor read/64, error -71
[  711.377414][T15369] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  711.399877][T15369] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  711.464784][T15374] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  711.469799][T15374] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  711.484482][  T824] usb 7-1: USB disconnect, device number 104
[  711.568531][   T57] usb 8-1: new high-speed USB device number 7 using dummy_hcd
[  711.738449][   T57] usb 8-1: device descriptor read/64, error -71
[  711.869252][   T57] usb usb8-port1: attempt power cycle
[  712.080741][ T5212] Bluetooth: Unknown BR/EDR signaling command 0x0d
[  712.083109][ T5212] Bluetooth: Wrong link type (-22)
[  712.085670][ T5212] Bluetooth: Unknown BR/EDR signaling command 0x0c
[  712.088115][ T5212] Bluetooth: Wrong link type (-22)
[  712.288472][   T57] usb 8-1: new high-speed USB device number 8 using dummy_hcd
[  712.319408][   T57] usb 8-1: device descriptor read/8, error -71
[  712.598420][   T57] usb 8-1: new high-speed USB device number 9 using dummy_hcd
[  712.629104][   T57] usb 8-1: device descriptor read/8, error -71
[  712.688981][ T6659] usb 7-1: new high-speed USB device number 105 using dummy_hcd
[  712.752569][   T57] usb usb8-port1: unable to enumerate USB device
[  712.899253][ T6659] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  712.904404][ T6659] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[  712.909395][ T6659] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  712.913595][ T6659] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  712.924725][ T6659] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  712.927873][ T6659] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  712.935314][ T6659] usb 7-1: config 0 descriptor??
[  712.938886][T15395] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  713.355152][ T6659] plantronics 0003:047F:FFFF.002D: unknown main item tag 0xd
[  713.372611][ T6659] plantronics 0003:047F:FFFF.002D: No inputs registered, leaving
[  713.400423][ T6659] plantronics 0003:047F:FFFF.002D: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0
[  714.154158][T15415] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  714.158250][T15415] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  714.441203][T15417] vivid-003: =================  START STATUS  =================
[  714.449217][T15417] vivid-003: Radio HW Seek Mode: Bounded
[  714.455842][T15417] vivid-003: Radio Programmable HW Seek: false
[  714.461489][T15417] vivid-003: RDS Rx I/O Mode: Block I/O
[  714.464483][T15417] vivid-003: Generate RBDS Instead of RDS: false
[  714.467150][T15417] vivid-003: RDS Reception: true
[  714.470140][T15417] vivid-003: RDS Program Type: 0 inactive
[  714.473697][T15417] vivid-003: RDS PS Name:  inactive
[  714.476369][T15417] vivid-003: RDS Radio Text:  inactive
[  714.481688][T15417] vivid-003: RDS Traffic Announcement: false inactive
[  714.484782][T15417] vivid-003: RDS Traffic Program: false inactive
[  714.487560][T15417] vivid-003: RDS Music: false inactive
[  714.492825][T15417] vivid-003: ==================  END STATUS  ==================
[  714.818493][ T6659] usb 7-1: reset high-speed USB device number 105 using dummy_hcd
[  714.848737][ T3510] usb 8-1: new high-speed USB device number 10 using dummy_hcd
[  715.040699][ T3510] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  715.045286][ T3510] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  715.050122][ T3510] usb 8-1: New USB device found, idVendor=041e, idProduct=2801, bcdDevice= 0.00
[  715.053918][ T3510] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  715.060786][ T3510] usb 8-1: config 0 descriptor??
[  715.579049][ T3510] prodikeys 0003:041E:2801.002E: hidraw2: USB HID v0.00 Device [HID 041e:2801] on usb-dummy_hcd.3-1/input0
[  715.770967][T15419] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  715.774660][T15419] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  715.871579][T15419] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  715.875131][T15419] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  715.926730][ T3510] usb 8-1: USB disconnect, device number 10
[  716.109787][ T5493] usb 7-1: USB disconnect, device number 105
[  717.490145][T15451] xt_NFQUEUE: number of total queues is 0
[  718.581642][T15462] netlink: 'syz.1.2822': attribute type 1 has an invalid length.
[  718.706032][T15462] 8021q: adding VLAN 0 to HW filter on device batadv1
[  718.712055][T15462] bond1: (slave batadv1): Enslaving as a backup interface with an up link
[  718.732033][T15462] bond1 (unregistering): (slave batadv1): Releasing backup interface
[  718.763382][T15462] bond1 (unregistering): Released all slaves
[  718.888437][ T5493] usb 7-1: new high-speed USB device number 106 using dummy_hcd
[  719.075136][ T5493] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  719.080834][ T5493] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[  719.085583][ T5493] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  719.093180][ T5493] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  719.099600][ T5493] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  719.103507][ T5493] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  719.111904][ T5493] usb 7-1: config 0 descriptor??
[  719.115083][T15464] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  719.533321][ T5493] plantronics 0003:047F:FFFF.002F: unknown main item tag 0xd
[  719.537219][ T5493] plantronics 0003:047F:FFFF.002F: No inputs registered, leaving
[  719.577826][ T5493] plantronics 0003:047F:FFFF.002F: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0
[  719.607972][T15474] vivid-002: =================  START STATUS  =================
[  719.611207][T15474] vivid-002: Radio HW Seek Mode: Bounded
[  719.619174][T15474] vivid-002: Radio Programmable HW Seek: false
[  719.625148][T15474] vivid-002: RDS Rx I/O Mode: Block I/O
[  719.628243][T15474] vivid-002: Generate RBDS Instead of RDS: false
[  719.641340][T15474] vivid-002: RDS Reception: true
[  719.645479][T15474] vivid-002: RDS Program Type: 0 inactive
[  719.652100][T15474] vivid-002: RDS PS Name:  inactive
[  719.655166][T15474] vivid-002: RDS Radio Text:  inactive
[  719.661930][T15474] vivid-002: RDS Traffic Announcement: false inactive
[  719.674165][T15474] vivid-002: RDS Traffic Program: false inactive
[  719.696869][T15474] vivid-002: RDS Music: false inactive
[  719.700561][T15474] vivid-002: ==================  END STATUS  ==================
[  720.448758][  T824] usb 6-1: new high-speed USB device number 107 using dummy_hcd
[  720.640332][  T824] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  720.645028][  T824] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  720.658357][  T824] usb 6-1: New USB device found, idVendor=041e, idProduct=2801, bcdDevice= 0.00
[  720.661411][  T824] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  720.668886][  T824] usb 6-1: config 0 descriptor??
[  721.145212][  T824] prodikeys 0003:041E:2801.0030: hidraw2: USB HID v0.00 Device [HID 041e:2801] on usb-dummy_hcd.1-1/input0
[  721.349442][T15478] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  721.353262][T15478] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  721.443942][T15478] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  721.447662][T15478] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  721.462516][  T824] usb 6-1: USB disconnect, device number 107
[  721.516460][   T57] usb 7-1: USB disconnect, device number 106
[  721.582076][T15495] FAULT_INJECTION: forcing a failure.
[  721.582076][T15495] name failslab, interval 1, probability 0, space 0, times 0
[  721.587479][T15495] CPU: 3 PID: 15495 Comm: syz.2.2831 Not tainted 6.10.0-syzkaller-08676-g720261cfc732 #0
[  721.591888][T15495] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  721.595795][T15495] Call Trace:
[  721.597237][T15495]  <TASK>
[  721.598499][T15495]  dump_stack_lvl+0x16c/0x1f0
[  721.600479][T15495]  should_fail_ex+0x497/0x5b0
[  721.602458][T15495]  should_failslab+0x9/0x20
[  721.604370][T15495]  __kmalloc_noprof+0xcb/0x410
[  721.606088][T15495]  snd_ctl_new+0x5a/0x1a0
[  721.607950][T15495]  snd_ctl_elem_add+0x4a4/0x1330
[  721.610018][T15495]  ? __pfx___might_resched+0x10/0x10
[  721.612206][T15495]  ? __pfx_snd_ctl_elem_add+0x10/0x10
[  721.614390][T15495]  snd_ctl_elem_add_compat+0x299/0x3f0
[  721.616786][T15495]  snd_ctl_ioctl_compat+0x141/0x900
[  721.618900][T15495]  ? __pfx_snd_ctl_ioctl_compat+0x10/0x10
[  721.621324][T15495]  ? __fget_files+0x256/0x400
[  721.623462][T15495]  ? bpf_lsm_file_ioctl_compat+0x9/0x10
[  721.625850][T15495]  ? __pfx_snd_ctl_ioctl_compat+0x10/0x10
[  721.627958][T15495]  __do_compat_sys_ioctl+0x2c3/0x330
[  721.630235][T15495]  __do_fast_syscall_32+0x73/0x120
[  721.631999][T15495]  do_fast_syscall_32+0x32/0x80
[  721.633975][T15495]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  721.636702][T15495] RIP: 0023:0xf747e579
[  721.638472][T15495] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  721.646822][T15495] RSP: 002b:00000000f5d9656c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  721.650352][T15495] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c1105517
[  721.653646][T15495] RDX: 0000000020005880 RSI: 0000000000000000 RDI: 0000000000000000
[  721.657081][T15495] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  721.660288][T15495] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  721.663652][T15495] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  721.667031][T15495]  </TASK>
[  721.775406][T15501] netlink: 44 bytes leftover after parsing attributes in process `syz.2.2834'.
[  722.128741][T15508] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2836'.
[  722.269376][T15511] netlink: 180 bytes leftover after parsing attributes in process `syz.1.2837'.
[  722.362686][T15511] syzkaller0: entered promiscuous mode
[  722.365076][T15511] syzkaller0: entered allmulticast mode
[  722.666188][T15513] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2838'.
[  722.848869][T15516] random: crng reseeded on system resumption
[  723.533108][T15523] 9pnet_fd: Insufficient options for proto=fd
[  724.238435][ T5252] usb 6-1: new high-speed USB device number 108 using dummy_hcd
[  724.429027][ T5252] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  724.435122][ T5252] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  724.440088][ T5252] usb 6-1: New USB device found, idVendor=041e, idProduct=2801, bcdDevice= 0.00
[  724.443902][ T5252] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  724.456875][ T5252] usb 6-1: config 0 descriptor??
[  724.932888][ T5252] prodikeys 0003:041E:2801.0031: hidraw1: USB HID v0.00 Device [HID 041e:2801] on usb-dummy_hcd.1-1/input0
[  725.005442][T15534] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2846'.
[  725.121923][T15531] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  725.125728][T15531] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  725.131057][T15539] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2847'.
[  725.206026][T15532] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  725.218790][T15532] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  725.249795][ T5252] usb 6-1: USB disconnect, device number 108
[  725.351263][T15544] FAULT_INJECTION: forcing a failure.
[  725.351263][T15544] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  725.356262][T15544] CPU: 2 PID: 15544 Comm: syz.3.2849 Not tainted 6.10.0-syzkaller-08676-g720261cfc732 #0
[  725.360271][T15544] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  725.364551][T15544] Call Trace:
[  725.365722][T15544]  <TASK>
[  725.367020][T15544]  dump_stack_lvl+0x16c/0x1f0
[  725.369174][T15544]  should_fail_ex+0x497/0x5b0
[  725.371155][T15544]  _copy_to_user+0x30/0xc0
[  725.372989][T15544]  simple_read_from_buffer+0xd0/0x160
[  725.375180][T15544]  proc_fail_nth_read+0x1b0/0x290
[  725.377350][T15544]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  725.379776][T15544]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  725.382146][T15544]  vfs_read+0x1d4/0xbd0
[  725.384013][T15544]  ? __fdget_pos+0xeb/0x180
[  725.386154][T15544]  ? __pfx_vfs_read+0x10/0x10
[  725.388257][T15544]  ? __pfx___mutex_lock+0x10/0x10
[  725.390487][T15544]  ? __fget_files+0x256/0x400
[  725.392500][T15544]  ksys_read+0x12f/0x260
[  725.394198][T15544]  ? __pfx_ksys_read+0x10/0x10
[  725.396185][T15544]  __do_fast_syscall_32+0x73/0x120
[  725.397925][T15544]  do_fast_syscall_32+0x32/0x80
[  725.399967][T15544]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  725.402538][T15544] RIP: 0023:0xf7fc0579
[  725.404268][T15544] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  725.411945][T15544] RSP: 002b:00000000f5d765a0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  725.415497][T15544] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000f5d76630
[  725.419001][T15544] RDX: 000000000000000f RSI: 00000000f7449ff4 RDI: 0000000000000000
[  725.422870][T15544] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  725.426516][T15544] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  725.429955][T15544] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  725.433954][T15544]  </TASK>
[  725.435481][    C2] vkms_vblank_simulate: vblank timer overrun
[  725.476032][T15546] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2850'.
[  725.579961][T15554] program syz.3.2854 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  725.888657][ T5493] usb 8-1: new full-speed USB device number 11 using dummy_hcd
[  725.939492][T15559] xt_NFQUEUE: number of total queues is 0
[  726.099114][ T5493] usb 8-1: too many configurations: 9, using maximum allowed: 8
[  726.106163][ T5493] usb 8-1: unable to read config index 0 descriptor/start: -61
[  726.110891][ T5493] usb 8-1: can't read configurations, error -61
[  726.171446][T15561] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2856'.
[  726.278663][ T5493] usb 8-1: new full-speed USB device number 12 using dummy_hcd
[  726.475969][T15571] FAULT_INJECTION: forcing a failure.
[  726.475969][T15571] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  726.476419][T15573] FAULT_INJECTION: forcing a failure.
[  726.476419][T15573] name failslab, interval 1, probability 0, space 0, times 0
[  726.487024][T15573] CPU: 0 PID: 15573 Comm: syz.0.2860 Not tainted 6.10.0-syzkaller-08676-g720261cfc732 #0
[  726.491326][T15573] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  726.495883][T15573] Call Trace:
[  726.497355][T15573]  <TASK>
[  726.498659][T15573]  dump_stack_lvl+0x16c/0x1f0
[  726.500742][T15573]  should_fail_ex+0x497/0x5b0
[  726.502847][T15573]  should_failslab+0x9/0x20
[  726.504840][T15573]  kmem_cache_alloc_noprof+0x6e/0x2f0
[  726.507214][T15573]  ? dst_alloc+0x99/0x1a0
[  726.509152][T15573]  ? __pfx_ip6_dst_gc+0x10/0x10
[  726.511324][T15573]  dst_alloc+0x99/0x1a0
[  726.513187][T15573]  ip6_dst_alloc+0x2c/0xa0
[  726.515181][T15573]  ip6_create_rt_rcu+0x27b/0x520
[  726.517309][T15573]  ? __pfx_ip6_create_rt_rcu+0x10/0x10
[  726.521516][T15573]  ? ip6_redirect_nh_match+0x2d9/0x400
[  726.521546][T15573]  __ip6_route_redirect+0x7b4/0xb70
[  726.526251][T15573]  ? __pfx___ip6_route_redirect+0x10/0x10
[  726.528745][T15573]  ? hlock_class+0x4e/0x130
[  726.530739][T15573]  ? mark_lock+0xb5/0xc60
[  726.532657][T15573]  ? hlock_class+0x4e/0x130
[  726.534690][T15573]  ? __pfx___ip6_route_redirect+0x10/0x10
[  726.537208][T15573]  fib6_rule_lookup+0x655/0x720
[  726.539357][T15573]  ? __orc_find+0x104/0x130
[  726.541344][T15573]  ? __pfx_fib6_rule_lookup+0x10/0x10
[  726.543757][T15573]  ? __pfx_find_match+0x10/0x10
[  726.545919][T15573]  ? __find_rr_leaf+0x3fd/0xe00
[  726.548095][T15573]  ip6_route_redirect.constprop.0.isra.0+0x175/0x1e0
[  726.550988][T15573]  ? __pfx_ip6_route_redirect.constprop.0.isra.0+0x10/0x10
[  726.554174][T15573]  ? fib6_node_lookup+0x125/0x180
[  726.556397][T15573]  ? mark_lock+0xb5/0xc60
[  726.558319][T15573]  ? rcu_is_watching+0x12/0xc0
[  726.560458][T15573]  ip6_redirect_no_header+0x2e5/0x3b0
[  726.562830][T15573]  ? __pfx_ip6_redirect_no_header+0x10/0x10
[  726.565287][T15573]  ? __lock_acquire+0xbdd/0x3cb0
[  726.567459][T15573]  ? ndisc_parse_options+0x3ef/0x550
[  726.569780][T15573]  ? hlock_class+0x4e/0x130
[  726.571834][T15573]  ndisc_redirect_rcv+0x4f8/0x660
[  726.573973][T15573]  ? __pfx_ndisc_redirect_rcv+0x10/0x10
[  726.576124][T15573]  ? lock_acquire+0x1b1/0x560
[  726.577979][T15573]  ? find_held_lock+0x2d/0x110
[  726.580136][T15573]  ndisc_rcv+0x3bf/0x620
[  726.582044][T15573]  icmpv6_rcv+0x11da/0x1930
[  726.584136][T15573]  ? __pfx_icmpv6_rcv+0x10/0x10
[  726.586335][T15573]  ip6_protocol_deliver_rcu+0xf98/0x1530
[  726.588781][T15573]  ip6_input_finish+0x14f/0x2f0
[  726.590962][T15573]  ip6_input+0xa1/0xd0
[  726.592762][T15573]  ip6_mc_input+0x48b/0xfd0
[  726.594689][T15573]  ? __pfx_ip6_mc_input+0x10/0x10
[  726.596913][T15573]  ? __pfx_ip6_rcv_finish+0x10/0x10
[  726.599244][T15573]  ? __pfx_ip6_mc_input+0x10/0x10
[  726.601507][T15573]  ipv6_rcv+0x45a/0x680
[  726.603364][T15573]  ? __pfx_ipv6_rcv+0x10/0x10
[  726.605444][T15573]  __netif_receive_skb_one_core+0x12e/0x1e0
[  726.608050][T15573]  ? __pfx___netif_receive_skb_one_core+0x10/0x10
[  726.610855][T15573]  ? timekeeping_debug_get_ns+0x334/0x5b0
[  726.613298][T15573]  __netif_receive_skb+0x1d/0x160
[  726.615501][T15573]  netif_receive_skb+0x13f/0x7b0
[  726.617691][T15573]  ? __pfx_netif_receive_skb+0x10/0x10
[  726.620017][T15573]  ? __pfx___lock_acquire+0x10/0x10
[  726.622303][T15573]  tun_rx_batched+0x429/0x780
[  726.624419][T15573]  ? __pfx_tun_rx_batched+0x10/0x10
[  726.626743][T15573]  ? tun_get_user+0x1d66/0x3c20
[  726.629041][T15573]  tun_get_user+0x2a4b/0x3c20
[  726.631143][T15573]  ? __pfx_tun_get_user+0x10/0x10
[  726.633376][T15573]  ? find_held_lock+0x2d/0x110
[  726.635593][T15573]  ? __pfx_lock_release+0x10/0x10
[  726.637830][T15573]  tun_chr_write_iter+0xe8/0x210
[  726.640038][T15573]  vfs_write+0x6b6/0x1140
[  726.641931][T15573]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  726.644363][T15573]  ? __pfx_vfs_write+0x10/0x10
[  726.646365][T15573]  ? __fget_files+0x256/0x400
[  726.648406][T15573]  ? __fget_light+0x173/0x210
[  726.650435][T15573]  ksys_write+0x12f/0x260
[  726.652269][T15573]  ? __pfx_ksys_write+0x10/0x10
[  726.654432][T15573]  __do_fast_syscall_32+0x73/0x120
[  726.656682][T15573]  do_fast_syscall_32+0x32/0x80
[  726.658722][T15573]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  726.661171][T15573] RIP: 0023:0xf7f94579
[  726.662778][T15573] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  726.670755][T15573] RSP: 002b:00000000f5d46530 EFLAGS: 00000293 ORIG_RAX: 0000000000000004
[  726.674181][T15573] RAX: ffffffffffffffda RBX: 00000000000000c8 RCX: 0000000020000840
[  726.677493][T15573] RDX: 000000000000005e RSI: 00000000f7419ff4 RDI: 0000000000000000
[  726.680925][T15573] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  726.684414][T15573] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  726.687825][T15573] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  726.690940][T15573]  </TASK>
[  726.692173][T15571] CPU: 1 PID: 15571 Comm: syz.1.2859 Not tainted 6.10.0-syzkaller-08676-g720261cfc732 #0
[  726.697448][T15571] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  726.701828][T15571] Call Trace:
[  726.703230][T15571]  <TASK>
[  726.709062][T15571]  dump_stack_lvl+0x16c/0x1f0
[  726.710713][ T5493] usb 8-1: too many configurations: 9, using maximum allowed: 8
[  726.711406][T15571]  should_fail_ex+0x497/0x5b0
[  726.716804][T15571]  _copy_from_user+0x30/0xf0
[  726.716815][ T5493] usb 8-1: unable to read config index 0 descriptor/start: -61
[  726.718927][T15571]  kstrtouint_from_user+0xd7/0x1c0
[  726.718952][T15571]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  726.718981][T15571]  ? __pfx_lock_acquire+0x10/0x10
[  726.719003][T15571]  proc_fail_nth_write+0x84/0x270
[  726.719023][T15571]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  726.719049][T15571]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  726.719066][T15571]  vfs_write+0x29a/0x1140
[  726.719086][T15571]  ? __fdget_pos+0xeb/0x180
[  726.719104][T15571]  ? __pfx_vfs_write+0x10/0x10
[  726.719119][T15571]  ? __pfx___mutex_lock+0x10/0x10
[  726.719148][T15571]  ? __fget_files+0x256/0x400
[  726.722631][ T5493] usb 8-1: can't read configurations, error -61
[  726.724933][T15571]  ksys_write+0x12f/0x260
[  726.739307][ T5493] usb usb8-port1: attempt power cycle
[  726.739990][T15571]  ? __pfx_ksys_write+0x10/0x10
[  726.769396][T15571]  __do_fast_syscall_32+0x73/0x120
[  726.772049][T15571]  do_fast_syscall_32+0x32/0x80
[  726.774518][T15571]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  726.778193][T15571] RIP: 0023:0xf7f7f579
[  726.780597][T15571] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  726.791804][T15571] RSP: 002b:00000000f5d155a0 EFLAGS: 00000293 ORIG_RAX: 0000000000000004
[  726.796604][T15571] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f5d15630
[  726.801145][T15571] RDX: 0000000000000001 RSI: 00000000f7409ff4 RDI: 0000000000000000
[  726.805719][T15571] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  726.810348][T15571] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  726.814846][T15571] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  726.818522][T15571]  </TASK>
[  726.961256][T15578] Context (ID=0x10) not attached to queue pair (handle=0x2:0x0)
[  727.147647][T15587] random: crng reseeded on system resumption
[  727.158773][ T5493] usb 8-1: new full-speed USB device number 13 using dummy_hcd
[  727.200767][ T5493] usb 8-1: too many configurations: 9, using maximum allowed: 8
[  727.208441][ T5493] usb 8-1: unable to read config index 0 descriptor/start: -61
[  727.212574][ T5493] usb 8-1: can't read configurations, error -61
[  727.377191][ T5493] usb 8-1: new full-speed USB device number 14 using dummy_hcd
[  727.421067][ T5493] usb 8-1: too many configurations: 9, using maximum allowed: 8
[  727.426462][ T5493] usb 8-1: unable to read config index 0 descriptor/start: -61
[  727.438687][ T5493] usb 8-1: can't read configurations, error -61
[  727.441911][ T5493] usb usb8-port1: unable to enumerate USB device
[  728.218534][ T5249] usb 5-1: new high-speed USB device number 107 using dummy_hcd
[  728.400510][ T5249] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  728.404683][ T5249] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  728.409427][ T5249] usb 5-1: New USB device found, idVendor=041e, idProduct=2801, bcdDevice= 0.00
[  728.412924][ T5249] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  728.420014][ T5249] usb 5-1: config 0 descriptor??
[  728.624906][T15601] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2869'.
[  728.661657][T15599] xt_NFQUEUE: number of total queues is 0
[  728.859130][T15605] netlink: 64 bytes leftover after parsing attributes in process `syz.3.2870'.
[  728.873452][ T5249] prodikeys 0003:041E:2801.0032: hidraw1: USB HID v0.00 Device [HID 041e:2801] on usb-dummy_hcd.0-1/input0
[  729.072008][T15594] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  729.081423][T15594] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  729.179116][ T5212] Bluetooth: hci0: command 0x0c1a tx timeout
[  729.191556][T15606] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  729.195317][T15606] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  729.264396][T11553] usb 5-1: USB disconnect, device number 107
[  729.655677][T15616] random: crng reseeded on system resumption
[  730.083213][T15628] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2879'.
[  730.093733][T15627] program syz.0.2878 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  730.253666][T15633] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2880'.
[  730.408429][ T5249] usb 5-1: new full-speed USB device number 108 using dummy_hcd
[  730.599302][ T5249] usb 5-1: too many configurations: 9, using maximum allowed: 8
[  730.603132][ T5249] usb 5-1: unable to read config index 0 descriptor/start: -61
[  730.605770][ T5249] usb 5-1: can't read configurations, error -61
[  730.758403][ T5249] usb 5-1: new full-speed USB device number 109 using dummy_hcd
[  730.969298][ T5249] usb 5-1: too many configurations: 9, using maximum allowed: 8
[  730.976522][ T5249] usb 5-1: unable to read config index 0 descriptor/start: -61
[  730.979871][ T5249] usb 5-1: can't read configurations, error -61
[  730.982935][ T5249] usb usb5-port1: attempt power cycle
[  731.105465][T15646] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2883'.
[  731.123854][T15648] 9pnet_fd: Insufficient options for proto=fd
[  731.289774][ T5212] Bluetooth: Unexpected start frame (len 0)
[  731.361478][ T5212] Bluetooth: Unknown BR/EDR signaling command 0x0d
[  731.364488][ T5212] Bluetooth: Wrong link type (-22)
[  731.366905][ T5212] Bluetooth: Unknown BR/EDR signaling command 0x10
[  731.370474][ T5212] Bluetooth: Wrong link type (-22)
[  731.373006][ T5212] Bluetooth: hci0: link tx timeout
[  731.375905][ T5212] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa
[  731.391615][T15663] xt_NFQUEUE: number of total queues is 0
[  731.408528][ T5249] usb 5-1: new full-speed USB device number 110 using dummy_hcd
[  731.440423][ T5249] usb 5-1: too many configurations: 9, using maximum allowed: 8
[  731.445980][ T5249] usb 5-1: unable to read config index 0 descriptor/start: -61
[  731.449654][ T5249] usb 5-1: can't read configurations, error -61
[  731.619450][ T5249] usb 5-1: new full-speed USB device number 111 using dummy_hcd
[  731.661011][ T5249] usb 5-1: too many configurations: 9, using maximum allowed: 8
[  731.672358][ T5249] usb 5-1: unable to read config index 0 descriptor/start: -61
[  731.679663][ T5249] usb 5-1: can't read configurations, error -61
[  731.686198][ T5249] usb usb5-port1: unable to enumerate USB device
[  731.778420][ T5252] usb 8-1: new high-speed USB device number 15 using dummy_hcd
[  731.884029][T15667] random: crng reseeded on system resumption
[  731.973355][ T5252] usb 8-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  731.983057][ T5252] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[  731.993194][ T5252] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  732.003053][ T5252] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  732.016188][ T5252] usb 8-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  732.028522][ T5252] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  732.039694][ T5252] usb 8-1: config 0 descriptor??
[  732.046321][T15665] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  733.301516][T15674] xt_NFQUEUE: number of total queues is 0
[  733.411556][ T5212] Bluetooth: hci0: command 0x0c1a tx timeout
[  734.402192][ T5252] usbhid 8-1:0.0: can't add hid device: -71
[  734.404975][ T5252] usbhid 8-1:0.0: probe with driver usbhid failed with error -71
[  734.429410][ T5252] usb 8-1: USB disconnect, device number 15
[  734.720728][T15692] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2895'.
[  735.411926][T15699] program syz.3.2897 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  735.688886][ T5249] usb 8-1: new full-speed USB device number 16 using dummy_hcd
[  735.879772][ T5249] usb 8-1: too many configurations: 9, using maximum allowed: 8
[  735.885865][ T5249] usb 8-1: unable to read config index 0 descriptor/start: -61
[  735.889517][ T5249] usb 8-1: can't read configurations, error -61
[  736.038384][ T5249] usb 8-1: new full-speed USB device number 17 using dummy_hcd
[  736.103127][T15705] netlink: 'syz.0.2899': attribute type 1 has an invalid length.
[  736.229329][ T5249] usb 8-1: too many configurations: 9, using maximum allowed: 8
[  736.234801][ T5249] usb 8-1: unable to read config index 0 descriptor/start: -61
[  736.238350][ T5249] usb 8-1: can't read configurations, error -61
[  736.244142][ T5249] usb usb8-port1: attempt power cycle
[  736.246850][T15705] 8021q: adding VLAN 0 to HW filter on device batadv7
[  736.270406][T15705] bond7: (slave batadv7): Enslaving as a backup interface with an up link
[  736.333737][T15705] bond7 (unregistering): (slave batadv7): Releasing backup interface
[  736.354979][T15705] bond7 (unregistering): Released all slaves
[  736.688682][ T5249] usb 8-1: new full-speed USB device number 18 using dummy_hcd
[  736.729970][ T5249] usb 8-1: too many configurations: 9, using maximum allowed: 8
[  736.736135][ T5249] usb 8-1: unable to read config index 0 descriptor/start: -61
[  736.745792][ T5249] usb 8-1: can't read configurations, error -61
[  736.899658][ T5249] usb 8-1: new full-speed USB device number 19 using dummy_hcd
[  736.940529][ T5249] usb 8-1: too many configurations: 9, using maximum allowed: 8
[  736.949968][ T5249] usb 8-1: unable to read config index 0 descriptor/start: -61
[  736.953493][ T5249] usb 8-1: can't read configurations, error -61
[  736.968765][ T5249] usb usb8-port1: unable to enumerate USB device
[  737.320360][T15712] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2900'.
[  737.968486][ T5212] Bluetooth: hci0: command 0x0c1a tx timeout
[  737.975092][T12100] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  738.203864][ T5253] usb 7-1: new high-speed USB device number 107 using dummy_hcd
[  738.390526][ T5253] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  738.395341][ T5253] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[  738.399966][ T5253] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  738.403410][ T5253] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  738.408803][ T5253] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  738.412511][ T5253] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  738.417850][ T5253] usb 7-1: config 0 descriptor??
[  738.420800][T15717] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  738.573485][T15720] netlink: 'syz.3.2902': attribute type 1 has an invalid length.
[  738.680181][T15720] 8021q: adding VLAN 0 to HW filter on device batadv9
[  738.683894][T15720] bond6: (slave batadv9): Enslaving as a backup interface with an up link
[  738.719107][T15720] bond6 (unregistering): (slave batadv9): Releasing backup interface
[  738.726199][T15720] bond6 (unregistering): Released all slaves
[  740.850057][ T5253] usbhid 7-1:0.0: can't add hid device: -71
[  740.852913][ T5253] usbhid 7-1:0.0: probe with driver usbhid failed with error -71
[  740.858277][ T5253] usb 7-1: USB disconnect, device number 107
[  741.445677][T15747] random: crng reseeded on system resumption
[  742.768435][ T5212] Bluetooth: hci0: command 0x0c1a tx timeout
[  742.768511][T12100] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  743.163231][T15765] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2913'.
[  743.249154][T15771] netlink: 'syz.1.2915': attribute type 1 has an invalid length.
[  743.358050][T15771] 8021q: adding VLAN 0 to HW filter on device batadv2
[  743.378937][T15771] bond1: (slave batadv2): Enslaving as a backup interface with an up link
[  743.414418][T15776] bond1 (unregistering): (slave batadv2): Releasing backup interface
[  743.449215][T15776] bond1 (unregistering): Released all slaves
[  744.295739][T15788] random: crng reseeded on system resumption
[  745.328614][ T5212] Bluetooth: hci0: command 0x0c1a tx timeout
[  745.331347][T12100] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  748.661275][T15812] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2924'.
[  749.160941][T15819] netlink: 'syz.3.2926': attribute type 1 has an invalid length.
[  751.355500][T15849] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2933'.
[  751.442400][T15852] netlink: 'syz.1.2934': attribute type 1 has an invalid length.
[  751.488512][ T5212] Bluetooth: hci0: command 0x0c1a tx timeout
[  751.492373][T12100] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  751.644469][T15858] netlink: 'syz.1.2936': attribute type 1 has an invalid length.
[  751.797614][T15860] 8021q: adding VLAN 0 to HW filter on device batadv3
[  751.825506][T15860] bond1: (slave batadv3): Enslaving as a backup interface with an up link
[  751.887515][T15858] bond1 (unregistering): (slave batadv3): Releasing backup interface
[  751.918716][T12100] Bluetooth: hci0: unexpected event 0x04 length: 14 > 10
[  751.938960][T15858] bond1 (unregistering): Released all slaves
[  752.538922][ T1356] ieee802154 phy1 wpan1: encryption failed: -22
[  753.151326][T12100] Bluetooth: hci0: ACL packet for unknown connection handle 201
[  753.224675][T12100] Bluetooth: Unknown BR/EDR signaling command 0x0d
[  753.227007][T12100] Bluetooth: Wrong link type (-22)
[  753.228998][T12100] Bluetooth: Unknown BR/EDR signaling command 0x10
[  753.231343][T12100] Bluetooth: Wrong link type (-22)
[  753.532932][T15877] netlink: 'syz.3.2939': attribute type 1 has an invalid length.
[  753.654610][T15881] 8021q: adding VLAN 0 to HW filter on device batadv10
[  753.657965][T15881] bond6: (slave batadv10): Enslaving as a backup interface with an up link
[  753.824686][T15877] bond6 (unregistering): (slave batadv10): Releasing backup interface
[  753.866346][T15877] bond6 (unregistering): Released all slaves
[  753.968516][T12100] Bluetooth: hci0: command 0x0c1a tx timeout
[  757.333600][T15908] netlink: 'syz.0.2949': attribute type 1 has an invalid length.
[  757.376366][T15908] 8021q: adding VLAN 0 to HW filter on device batadv8
[  757.381027][T15908] bond7: (slave batadv8): Enslaving as a backup interface with an up link
[  757.397205][T15908] bond7 (unregistering): (slave batadv8): Releasing backup interface
[  757.411910][T15908] bond7 (unregistering): Released all slaves
[  757.556249][T15913] random: crng reseeded on system resumption
[  758.101043][T15921] random: crng reseeded on system resumption
[  759.731194][T12100] Bluetooth: hci0: unexpected event 0x04 length: 14 > 10
[  760.987689][T15954] random: crng reseeded on system resumption
[  761.818409][T12100] Bluetooth: hci0: command 0x0c1a tx timeout
[  763.498866][ T5253] usb 5-1: new high-speed USB device number 112 using dummy_hcd
[  763.700642][ T5253] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  763.718354][ T5253] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[  763.723289][ T5253] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  763.728219][ T5253] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  763.734470][ T5253] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  763.738864][ T5253] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  763.752940][ T5253] usb 5-1: config 0 descriptor??
[  763.756054][T15973] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  764.356410][T15983] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2968'.
[  764.431173][T15985] random: crng reseeded on system resumption
[  764.916556][T15993] xt_NFQUEUE: number of total queues is 0
[  765.222824][T12100] Bluetooth: hci0: ACL packet for unknown connection handle 201
[  765.309658][T12100] Bluetooth: Unknown BR/EDR signaling command 0x0d
[  765.312544][T12100] Bluetooth: Wrong link type (-22)
[  765.314727][T12100] Bluetooth: Unknown BR/EDR signaling command 0x10
[  765.317476][T12100] Bluetooth: Wrong link type (-22)
[  766.100513][ T5253] usbhid 5-1:0.0: can't add hid device: -71
[  766.103716][ T5253] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  766.132449][ T5253] usb 5-1: USB disconnect, device number 112
[  770.270895][T16039] xt_NFQUEUE: number of total queues is 0
[  770.860719][T16052] netlink: 'syz.3.2985': attribute type 1 has an invalid length.
[  770.977168][T16052] 8021q: adding VLAN 0 to HW filter on device batadv11
[  771.000234][T16052] bond6: (slave batadv11): Enslaving as a backup interface with an up link
[  771.049563][T16052] bond6 (unregistering): (slave batadv11): Releasing backup interface
[  771.072905][T16052] bond6 (unregistering): Released all slaves
[  773.019272][T16072] netlink: 'syz.3.2990': attribute type 1 has an invalid length.
[  773.053820][T16072] 8021q: adding VLAN 0 to HW filter on device batadv12
[  773.059615][T16072] bond6: (slave batadv12): Enslaving as a backup interface with an up link
[  773.070579][T16072] bond6 (unregistering): (slave batadv12): Releasing backup interface
[  773.077612][T16072] bond6 (unregistering): Released all slaves
[  773.205739][T16075] program syz.0.2991 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  773.498590][T10743] usb 5-1: new full-speed USB device number 113 using dummy_hcd
[  773.704510][T10743] usb 5-1: too many configurations: 9, using maximum allowed: 8
[  773.711880][T10743] usb 5-1: unable to read config index 0 descriptor/start: -61
[  773.716733][T10743] usb 5-1: can't read configurations, error -61
[  773.725733][T16083] netlink: 'syz.1.2993': attribute type 1 has an invalid length.
[  773.808421][T16083] 8021q: adding VLAN 0 to HW filter on device batadv4
[  773.814213][T16083] bond1: (slave batadv4): Enslaving as a backup interface with an up link
[  773.868492][T10743] usb 5-1: new full-speed USB device number 114 using dummy_hcd
[  773.899121][T16083] bond1 (unregistering): (slave batadv4): Releasing backup interface
[  773.939590][T16083] bond1 (unregistering): Released all slaves
[  774.069458][T10743] usb 5-1: too many configurations: 9, using maximum allowed: 8
[  774.079725][T10743] usb 5-1: unable to read config index 0 descriptor/start: -61
[  774.082993][T10743] usb 5-1: can't read configurations, error -61
[  774.088852][T10743] usb usb5-port1: attempt power cycle
[  774.328099][T16087] xt_NFQUEUE: number of total queues is 0
[  774.498387][T10743] usb 5-1: new full-speed USB device number 115 using dummy_hcd
[  774.540726][T10743] usb 5-1: too many configurations: 9, using maximum allowed: 8
[  774.545003][T10743] usb 5-1: unable to read config index 0 descriptor/start: -61
[  774.547586][T10743] usb 5-1: can't read configurations, error -61
[  774.698393][T10743] usb 5-1: new full-speed USB device number 116 using dummy_hcd
[  774.729298][T10743] usb 5-1: too many configurations: 9, using maximum allowed: 8
[  774.737110][T10743] usb 5-1: unable to read config index 0 descriptor/start: -61
[  774.746210][T10743] usb 5-1: can't read configurations, error -61
[  774.748989][T10743] usb usb5-port1: unable to enumerate USB device
[  779.345081][T16113] netlink: 40 bytes leftover after parsing attributes in process `syz.1.3001'.
[  779.674412][T16117] netlink: 'syz.3.3002': attribute type 1 has an invalid length.
[  779.760839][T16117] 8021q: adding VLAN 0 to HW filter on device batadv13
[  779.783019][T16117] bond6: (slave batadv13): Enslaving as a backup interface with an up link
[  779.829529][T16117] bond6 (unregistering): (slave batadv13): Releasing backup interface
[  779.856423][T16117] bond6 (unregistering): Released all slaves
[  780.811753][T16134] program syz.0.3008 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  781.098618][T10743] usb 5-1: new full-speed USB device number 117 using dummy_hcd
[  781.283051][T10743] usb 5-1: too many configurations: 9, using maximum allowed: 8
[  781.292247][T10743] usb 5-1: unable to read config index 0 descriptor/start: -61
[  781.295181][T10743] usb 5-1: can't read configurations, error -61
[  781.458453][T10743] usb 5-1: new full-speed USB device number 118 using dummy_hcd
[  781.659259][T10743] usb 5-1: too many configurations: 9, using maximum allowed: 8
[  781.664880][T10743] usb 5-1: unable to read config index 0 descriptor/start: -61
[  781.668169][T10743] usb 5-1: can't read configurations, error -61
[  781.678825][T10743] usb usb5-port1: attempt power cycle
[  781.870544][T16144] netlink: 'syz.2.3010': attribute type 1 has an invalid length.
[  781.931448][T16144] 8021q: adding VLAN 0 to HW filter on device batadv1
[  781.937370][T16144] bond1: (slave batadv1): Enslaving as a backup interface with an up link
[  782.012020][T16144] bond1 (unregistering): (slave batadv1): Releasing backup interface
[  782.033396][T16144] bond1 (unregistering): Released all slaves
[  782.128394][T10743] usb 5-1: new full-speed USB device number 119 using dummy_hcd
[  782.169800][T10743] usb 5-1: too many configurations: 9, using maximum allowed: 8
[  782.174811][T10743] usb 5-1: unable to read config index 0 descriptor/start: -61
[  782.181403][T10743] usb 5-1: can't read configurations, error -61
[  782.348508][T10743] usb 5-1: new full-speed USB device number 120 using dummy_hcd
[  782.399572][T10743] usb 5-1: too many configurations: 9, using maximum allowed: 8
[  782.404054][T10743] usb 5-1: unable to read config index 0 descriptor/start: -61
[  782.407439][T10743] usb 5-1: can't read configurations, error -61
[  782.418655][T10743] usb usb5-port1: unable to enumerate USB device
[  783.501572][T16152] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3012'.
[  784.537143][T16170] netlink: 'syz.2.3017': attribute type 1 has an invalid length.
[  784.638018][T16172] 8021q: adding VLAN 0 to HW filter on device batadv2
[  784.650912][T16172] bond1: (slave batadv2): Enslaving as a backup interface with an up link
[  784.707932][T16170] bond1 (unregistering): (slave batadv2): Releasing backup interface
[  784.762136][T16170] bond1 (unregistering): Released all slaves
[  786.253950][T16183] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3021'.
[  786.405309][T12100] Bluetooth: hci0: ACL packet for unknown connection handle 201
[  786.472481][T12100] Bluetooth: Unknown BR/EDR signaling command 0x0d
[  786.475046][T12100] Bluetooth: Wrong link type (-22)
[  786.477080][T12100] Bluetooth: Unknown BR/EDR signaling command 0x10
[  786.479878][T12100] Bluetooth: Wrong link type (-22)
[  786.647737][T16197] netlink: 40 bytes leftover after parsing attributes in process `syz.3.3025'.
[  787.250280][T16211] netlink: 'syz.1.3029': attribute type 1 has an invalid length.
[  787.288808][T16211] 8021q: adding VLAN 0 to HW filter on device batadv5
[  787.294057][T16211] bond1: (slave batadv5): Enslaving as a backup interface with an up link
[  787.307852][T16211] bond1 (unregistering): (slave batadv5): Releasing backup interface
[  787.323273][T16211] bond1 (unregistering): Released all slaves
[  787.622327][T16214] netlink: 44 bytes leftover after parsing attributes in process `syz.3.3030'.
[  788.208601][T16229] netlink: 'syz.3.3034': attribute type 1 has an invalid length.
[  788.292638][T16229] 8021q: adding VLAN 0 to HW filter on device batadv14
[  788.297651][T16229] bond6: (slave batadv14): Enslaving as a backup interface with an up link
[  788.400075][T16229] bond6 (unregistering): (slave batadv14): Releasing backup interface
[  788.441250][T16229] bond6 (unregistering): Released all slaves
[  789.208614][ T5251] usb 7-1: new high-speed USB device number 108 using dummy_hcd
[  789.420876][ T5251] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  789.426035][ T5251] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[  789.433596][ T5251] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  789.439262][ T5251] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  789.445123][ T5251] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  789.454082][T16242] netlink: 40 bytes leftover after parsing attributes in process `syz.1.3038'.
[  789.458368][ T5251] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  789.467303][ T5251] usb 7-1: config 0 descriptor??
[  789.471375][T16235] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  789.890953][ T5251] plantronics 0003:047F:FFFF.0033: unknown main item tag 0xd
[  789.894874][ T5251] plantronics 0003:047F:FFFF.0033: No inputs registered, leaving
[  789.903556][ T5251] plantronics 0003:047F:FFFF.0033: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0
[  790.104955][ T5493] usb 7-1: USB disconnect, device number 108
[  790.391343][T16248] netlink: 44 bytes leftover after parsing attributes in process `syz.1.3040'.
[  790.828813][T16262] netlink: 'syz.1.3044': attribute type 1 has an invalid length.
[  790.872515][T16262] 8021q: adding VLAN 0 to HW filter on device batadv6
[  790.879997][T16262] bond1: (slave batadv6): Enslaving as a backup interface with an up link
[  790.895252][T16262] bond1 (unregistering): (slave batadv6): Releasing backup interface
[  790.918557][T16262] bond1 (unregistering): Released all slaves
[  792.419653][T16276] FAULT_INJECTION: forcing a failure.
[  792.419653][T16276] name failslab, interval 1, probability 0, space 0, times 0
[  792.425676][T16276] CPU: 3 PID: 16276 Comm: syz.3.3048 Not tainted 6.10.0-syzkaller-08676-g720261cfc732 #0
[  792.430151][T16276] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  792.434824][T16276] Call Trace:
[  792.436321][T16276]  <TASK>
[  792.437655][T16276]  dump_stack_lvl+0x16c/0x1f0
[  792.439772][T16276]  should_fail_ex+0x497/0x5b0
[  792.441831][T16276]  should_failslab+0x9/0x20
[  792.443852][T16276]  __kmalloc_node_noprof+0xd1/0x440
[  792.446134][T16276]  ? tcp_sigpool_alloc_ahash+0x210/0xda0
[  792.448630][T16276]  tcp_sigpool_alloc_ahash+0x210/0xda0
[  792.451084][T16276]  ? __pfx_tcp_sigpool_alloc_ahash+0x10/0x10
[  792.453775][T16276]  tcp_md5_alloc_sigpool+0x1b/0x50
[  792.456151][T16276]  tcp_md5_do_add+0x196/0x470
[  792.458236][T16276]  tcp_v4_parse_md5_keys+0x255/0x690
[  792.460892][T16276]  ? __pfx_tcp_v4_parse_md5_keys+0x10/0x10
[  792.463520][T16276]  ? mark_held_locks+0x9f/0xe0
[  792.465671][T16276]  ? sockopt_lock_sock+0x54/0x70
[  792.467883][T16276]  ? __local_bh_enable_ip+0xa4/0x120
[  792.470229][T16276]  ? lockdep_hardirqs_on+0x7c/0x110
[  792.472541][T16276]  do_tcp_setsockopt+0x1244/0x2820
[  792.474727][T16276]  ? __pfx_do_tcp_setsockopt+0x10/0x10
[  792.476930][T16276]  ? __pfx___might_resched+0x10/0x10
[  792.479271][T16276]  ? __pfx_lock_release+0x10/0x10
[  792.481253][T16276]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  792.483714][T16276]  ? aa_sk_perm+0x2f5/0xb40
[  792.485779][T16276]  ? __pfx_aa_sk_perm+0x10/0x10
[  792.487998][T16276]  tcp_setsockopt+0xe2/0x100
[  792.490020][T16276]  ? bpf_lsm_socket_setsockopt+0x9/0x10
[  792.492483][T16276]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  792.495071][T16276]  do_sock_setsockopt+0x222/0x480
[  792.497234][T16276]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  792.499945][T16276]  ? __fget_light+0x173/0x210
[  792.502322][T16276]  __sys_setsockopt+0x1a4/0x270
[  792.504483][T16276]  ? __pfx___sys_setsockopt+0x10/0x10
[  792.506901][T16276]  ? fput+0x32/0x390
[  792.508653][T16276]  ? ksys_write+0x1ab/0x260
[  792.510839][T16276]  ? __pfx_ksys_write+0x10/0x10
[  792.513072][T16276]  __ia32_sys_setsockopt+0xbc/0x160
[  792.515521][T16276]  ? lockdep_hardirqs_on+0x7c/0x110
[  792.520133][T16276]  ? syscall_enter_from_user_mode_prepare+0x68/0xe0
[  792.523024][T16276]  __do_fast_syscall_32+0x73/0x120
[  792.525288][T16276]  do_fast_syscall_32+0x32/0x80
[  792.527632][T16276]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  792.530472][T16276] RIP: 0023:0xf7fc0579
[  792.532273][T16276] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  792.540973][T16276] RSP: 002b:00000000f5d7656c EFLAGS: 00000296 ORIG_RAX: 000000000000016e
[  792.544514][T16276] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000006
[  792.548092][T16276] RDX: 0000000000000020 RSI: 0000000020000040 RDI: 00000000000000f6
[  792.551269][T16276] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  792.554578][T16276] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  792.558622][T16276] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  792.561971][T16276]  </TASK>
[  792.707004][T16283] netlink: 44 bytes leftover after parsing attributes in process `syz.3.3050'.
[  792.815076][T16290] netlink: 'syz.2.3053': attribute type 1 has an invalid length.
[  792.910594][T16295] 8021q: adding VLAN 0 to HW filter on device batadv3
[  792.941752][T16295] bond1: (slave batadv3): Enslaving as a backup interface with an up link
[  792.963321][T16290] bond1 (unregistering): (slave batadv3): Releasing backup interface
[  792.996095][T16290] bond1 (unregistering): Released all slaves
[  793.985764][T16323] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6)
[  793.988626][T16323] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  793.992559][T16323] vhci_hcd vhci_hcd.0: Device attached
[  793.998910][T16323] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  794.004991][T16323] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  794.013166][T16323] vhci_hcd vhci_hcd.0: pdev(3) rhport(3) sockfd(12)
[  794.016714][T16323] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  794.027384][T16323] vhci_hcd vhci_hcd.0: Device attached
[  794.191660][ T5251] vhci_hcd: vhci_device speed not set
[  794.258379][ T5251] usb 19-1: new full-speed USB device number 3 using vhci_hcd
[  794.448038][T16326] vhci_hcd: connection closed
[  794.448369][T10221] vhci_hcd: stop threads
[  794.448781][T16324] vhci_hcd: connection reset by peer
[  794.450870][T10221] vhci_hcd: release socket
[  794.466487][T10221] vhci_hcd: disconnect device
[  794.472729][T10221] vhci_hcd: stop threads
[  794.474522][T10221] vhci_hcd: release socket
[  794.488257][T10221] vhci_hcd: disconnect device
[  795.137802][T16330] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3063'.
[  795.888425][T12100] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  795.888630][ T5212] Bluetooth: hci0: command 0x0c1a tx timeout
[  795.988526][T16343] netlink: 'syz.2.3067': attribute type 1 has an invalid length.
[  796.079840][T16343] 8021q: adding VLAN 0 to HW filter on device batadv4
[  796.085386][T16343] bond1: (slave batadv4): Enslaving as a backup interface with an up link
[  796.116227][T16343] bond1 (unregistering): (slave batadv4): Releasing backup interface
[  796.134566][T16343] bond1 (unregistering): Released all slaves
[  797.711606][T16357] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3072'.
[  797.900231][T16363] netlink: 32 bytes leftover after parsing attributes in process `syz.2.3075'.
[  797.920768][T16367] FAULT_INJECTION: forcing a failure.
[  797.920768][T16367] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  797.926241][T16367] CPU: 0 PID: 16367 Comm: syz.3.3074 Not tainted 6.10.0-syzkaller-08676-g720261cfc732 #0
[  797.930225][T16367] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  797.934415][T16367] Call Trace:
[  797.935735][T16367]  <TASK>
[  797.936990][T16367]  dump_stack_lvl+0x16c/0x1f0
[  797.939153][T16367]  should_fail_ex+0x497/0x5b0
[  797.940968][T16367]  _copy_from_iter+0x27a/0xfb0
[  797.943019][T16367]  ? __alloc_skb+0x200/0x380
[  797.945021][T16367]  ? __pfx__copy_from_iter+0x10/0x10
[  797.947438][T16367]  ? __virt_addr_valid+0x5e/0x590
[  797.949139][T16367]  ? __phys_addr_symbol+0x30/0x80
[  797.951274][T16367]  ? __check_object_size+0x4a7/0x720
[  797.953585][T16367]  netlink_sendmsg+0x813/0xd70
[  797.955541][T16367]  ? __pfx_netlink_sendmsg+0x10/0x10
[  797.957768][T16367]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  797.959711][T16367]  ____sys_sendmsg+0x9b4/0xb50
[  797.961748][T16367]  ? __pfx_____sys_sendmsg+0x10/0x10
[  797.963838][T16367]  ? get_compat_msghdr+0x11b/0x170
[  797.966036][T16367]  ? __pfx___lock_acquire+0x10/0x10
[  797.968248][T16367]  ___sys_sendmsg+0x135/0x1e0
[  797.970264][T16367]  ? __pfx____sys_sendmsg+0x10/0x10
[  797.972320][T16367]  ? ksys_write+0x21c/0x260
[  797.974275][T16367]  ? __fget_light+0x173/0x210
[  797.976092][T16367]  __sys_sendmsg+0x117/0x1f0
[  797.977670][T16367]  ? __pfx___sys_sendmsg+0x10/0x10
[  797.979431][T16367]  __do_fast_syscall_32+0x73/0x120
[  797.981430][T16367]  do_fast_syscall_32+0x32/0x80
[  797.983547][T16367]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  797.986379][T16367] RIP: 0023:0xf7fc0579
[  797.988268][T16367] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  797.996370][T16367] RSP: 002b:00000000f5d7656c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  797.999458][T16367] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000200000c0
[  798.002818][T16367] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  798.005637][T16367] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  798.008689][T16367] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  798.011867][T16367] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  798.014980][T16367]  </TASK>
[  798.340193][T16380] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3079'.
[  798.418439][  T824] usb 8-1: new high-speed USB device number 20 using dummy_hcd
[  798.621589][  T824] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  798.638439][  T824] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  798.642527][  T824] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  798.647905][  T824] usb 8-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  798.659111][  T824] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  798.669983][  T824] usb 8-1: config 0 descriptor??
[  799.065518][T16389] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3082'.
[  799.084398][  T824] plantronics 0003:047F:FFFF.0034: unknown main item tag 0xe
[  799.088033][  T824] plantronics 0003:047F:FFFF.0034: unknown main item tag 0x7
[  799.099026][  T824] plantronics 0003:047F:FFFF.0034: No inputs registered, leaving
[  799.111638][  T824] plantronics 0003:047F:FFFF.0034: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0
[  799.428419][ T5251] vhci_hcd: vhci_device speed not set
[  799.648930][T12100] Bluetooth: hci0: command 0x0c1a tx timeout
[  799.648999][ T5212] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  799.743858][T16411] FAULT_INJECTION: forcing a failure.
[  799.743858][T16411] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  799.749776][T16411] CPU: 3 PID: 16411 Comm: syz.0.3088 Not tainted 6.10.0-syzkaller-08676-g720261cfc732 #0
[  799.753427][T16411] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  799.757698][T16411] Call Trace:
[  799.759112][T16411]  <TASK>
[  799.760538][T16411]  dump_stack_lvl+0x16c/0x1f0
[  799.762522][T16411]  should_fail_ex+0x497/0x5b0
[  799.764524][T16411]  ? fs_reclaim_acquire+0xae/0x160
[  799.766618][T16411]  __should_fail_alloc_page+0xe7/0x130
[  799.768790][T16411]  prepare_alloc_pages.constprop.0+0x16f/0x560
[  799.771488][T16411]  __alloc_pages_noprof+0x194/0x2460
[  799.773827][T16411]  ? hlock_class+0x4e/0x130
[  799.775838][T16411]  ? __lock_acquire+0x1620/0x3cb0
[  799.778067][T16411]  ? hlock_class+0x4e/0x130
[  799.780062][T16411]  ? __pfx___alloc_pages_noprof+0x10/0x10
[  799.782530][T16411]  ? __pfx___lock_acquire+0x10/0x10
[  799.784786][T16411]  ? lock_acquire+0x1b1/0x560
[  799.786855][T16411]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  799.789418][T16411]  ? policy_nodemask+0xea/0x4e0
[  799.791489][T16411]  alloc_pages_mpol_noprof+0x275/0x610
[  799.793827][T16411]  ? __pfx_alloc_pages_mpol_noprof+0x10/0x10
[  799.793965][T16414] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  799.796376][T16411]  ? __pfx_lock_release+0x10/0x10
[  799.802732][T16411]  get_free_pages_noprof+0xc/0x40
[  799.804920][T16411]  __pollwait+0x292/0x4c0
[  799.806870][T16411]  pipe_poll+0x290/0x8a0
[  799.808753][T16411]  ? __pfx___pollwait+0x10/0x10
[  799.810978][T16411]  ? __pfx_pipe_poll+0x10/0x10
[  799.812879][T16411]  do_sys_poll+0x539/0xde0
[  799.814867][T16411]  ? __pfx_do_sys_poll+0x10/0x10
[  799.817008][T16411]  ? __pfx___lock_acquire+0x10/0x10
[  799.819153][T16411]  ? __pfx___pollwait+0x10/0x10
[  799.820848][T16411]  ? __pfx_pollwake+0x10/0x10
[  799.822507][T16411]  ? __pfx_pollwake+0x10/0x10
[  799.824234][T16411]  ? __pfx_pollwake+0x10/0x10
[  799.825675][T16414] xt_HMARK: proto mask must be zero with L3 mode
[  799.825886][T16411]  ? __pfx_pollwake+0x10/0x10
[  799.830290][T16411]  ? __pfx_pollwake+0x10/0x10
[  799.832310][T16411]  ? __pfx_pollwake+0x10/0x10
[  799.834352][T16411]  ? __pfx_pollwake+0x10/0x10
[  799.836521][T16411]  ? __pfx_pollwake+0x10/0x10
[  799.838458][T16411]  ? __pfx_pollwake+0x10/0x10
[  799.840422][T16411]  ? __mutex_unlock_slowpath+0x164/0x650
[  799.842673][T16411]  ? set_compat_user_sigmask+0x20f/0x2a0
[  799.844856][T16411]  ? __pfx_set_compat_user_sigmask+0x10/0x10
[  799.847250][T16411]  __ia32_compat_sys_ppoll_time32+0x24a/0x2c0
[  799.849728][T16411]  ? __pfx___ia32_compat_sys_ppoll_time32+0x10/0x10
[  799.852651][T16411]  ? ksys_write+0x1ab/0x260
[  799.854702][T16411]  ? __pfx_ksys_write+0x10/0x10
[  799.856892][T16411]  __do_fast_syscall_32+0x73/0x120
[  799.859179][T16411]  do_fast_syscall_32+0x32/0x80
[  799.860763][   T39] kauditd_printk_skb: 50 callbacks suppressed
[  799.860778][   T39] audit: type=1804 audit(1721389582.536:116): pid=16414 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.3089" name="/newroot/96/bus/file0" dev="overlay" ino=552 res=1 errno=0
[  799.861352][T16411]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  799.864187][   T39] audit: type=1800 audit(1721389582.536:117): pid=16414 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.3089" name="file0" dev="overlay" ino=552 res=0 errno=0
[  799.873359][T16411] RIP: 0023:0xf7f94579
[  799.873379][T16411] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  799.873396][T16411] RSP: 002b:00000000f5d4656c EFLAGS: 00000296 ORIG_RAX: 0000000000000135
[  799.873414][T16411] RAX: ffffffffffffffda RBX: 0000000020000000 RCX: 0000000000000077
[  799.873426][T16411] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  799.904458][T16411] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  799.908017][T16411] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  799.911528][T16411] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  799.914907][T16411]  </TASK>
[  800.258481][ T5493] usb 6-1: new high-speed USB device number 109 using dummy_hcd
[  800.441705][ T5493] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  800.446974][ T5493] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  800.454506][ T5493] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  800.460730][ T5493] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  800.468776][  T824] usb 8-1: reset high-speed USB device number 20 using dummy_hcd
[  800.475001][T16421] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  800.477499][T12100] Bluetooth: hci0: link tx timeout
[  800.481670][T12100] Bluetooth: hci0: killing stalled connection 10:aa:aa:aa:aa:aa
[  800.924800][   T25] usb 6-1: USB disconnect, device number 109
[  801.462935][T16437] random: crng reseeded on system resumption
[  801.970990][   T56] usb 8-1: USB disconnect, device number 20
[  802.048763][T12100] Bluetooth: hci0: command 0x0c1a tx timeout
[  802.052771][ T5212] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  802.401645][T16450] FAULT_INJECTION: forcing a failure.
[  802.401645][T16450] name failslab, interval 1, probability 0, space 0, times 0
[  802.407560][T16450] CPU: 3 PID: 16450 Comm: syz.3.3099 Not tainted 6.10.0-syzkaller-08676-g720261cfc732 #0
[  802.411834][T16450] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  802.416571][T16450] Call Trace:
[  802.418016][T16450]  <TASK>
[  802.419297][T16450]  dump_stack_lvl+0x16c/0x1f0
[  802.421336][T16450]  should_fail_ex+0x497/0x5b0
[  802.423374][T16450]  should_failslab+0x9/0x20
[  802.425295][T16450]  kmem_cache_alloc_node_noprof+0x71/0x310
[  802.427787][T16450]  ? alloc_vmap_area+0x636/0x2a70
[  802.429625][T16450]  alloc_vmap_area+0x636/0x2a70
[  802.431178][T16450]  ? __pfx_alloc_vmap_area+0x10/0x10
[  802.432959][T16450]  __get_vm_area_node+0x17e/0x2d0
[  802.434727][T16450]  __vmalloc_node_range_noprof+0x276/0x1520
[  802.436670][T16450]  ? kvm_dev_ioctl+0x154/0x1c60
[  802.438325][T16450]  ? vsnprintf+0x40f/0x1870
[  802.440529][T16450]  ? __pfx_vsnprintf+0x10/0x10
[  802.442677][T16450]  ? kvm_dev_ioctl+0x154/0x1c60
[  802.444910][T16450]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  802.447821][T16450]  ? __pfx_snprintf+0x10/0x10
[  802.449951][T16450]  ? _raw_spin_unlock+0x28/0x50
[  802.452067][T16450]  ? alloc_fd+0x2d7/0x6c0
[  802.453952][T16450]  ? kvm_dev_ioctl+0x154/0x1c60
[  802.456062][T16450]  __vmalloc_noprof+0x6d/0x90
[  802.458123][T16450]  ? kvm_dev_ioctl+0x154/0x1c60
[  802.460185][T16450]  kvm_dev_ioctl+0x154/0x1c60
[  802.462195][T16450]  ? find_held_lock+0x59/0x110
[  802.464212][T16450]  ? find_held_lock+0x2d/0x110
[  802.466284][T16450]  ? __pfx_kvm_dev_ioctl+0x10/0x10
[  802.468522][T16450]  ? __fget_light+0x173/0x210
[  802.470575][T16450]  ? bpf_lsm_file_ioctl_compat+0x9/0x10
[  802.472952][T16450]  ? __pfx_kvm_dev_ioctl+0x10/0x10
[  802.475135][T16450]  __do_compat_sys_ioctl+0x2c3/0x330
[  802.477147][T16450]  __do_fast_syscall_32+0x73/0x120
[  802.479212][T16450]  do_fast_syscall_32+0x32/0x80
[  802.481322][T16450]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  802.484086][T16450] RIP: 0023:0xf7fc0579
[  802.485821][T16450] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  802.493798][T16450] RSP: 002b:00000000f5d7656c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  802.497220][T16450] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 000000000000ae01
[  802.500171][T16450] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  802.503049][T16450] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  802.506114][T16450] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  802.509314][T16450] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  802.512511][T16450]  </TASK>
[  802.548441][T16450] syz.3.3099: vmalloc error: size 39408, vm_struct allocation failed, mode:0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null),cpuset=syz3,mems_allowed=0-1
[  802.555172][T16450] CPU: 3 PID: 16450 Comm: syz.3.3099 Not tainted 6.10.0-syzkaller-08676-g720261cfc732 #0
[  802.559056][T16450] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  802.563393][T16450] Call Trace:
[  802.564853][T16450]  <TASK>
[  802.566183][T16450]  dump_stack_lvl+0x16c/0x1f0
[  802.568250][T16450]  warn_alloc+0x24d/0x3a0
[  802.570161][T16450]  ? __pfx_warn_alloc+0x10/0x10
[  802.572268][T16450]  ? lockdep_hardirqs_on+0x7c/0x110
[  802.574188][T16450]  ? __get_vm_area_node+0x27d/0x2d0
[  802.576266][T16450]  ? __get_vm_area_node+0x1bc/0x2d0
[  802.578142][T16450]  __vmalloc_node_range_noprof+0xc1e/0x1520
[  802.580435][T16450]  ? vsnprintf+0x40f/0x1870
[  802.582044][T16450]  ? __pfx_vsnprintf+0x10/0x10
[  802.583743][T16450]  ? kvm_dev_ioctl+0x154/0x1c60
[  802.585714][T16450]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  802.588447][T16450]  ? __pfx_snprintf+0x10/0x10
[  802.590375][T16450]  ? _raw_spin_unlock+0x28/0x50
[  802.592556][T16450]  ? alloc_fd+0x2d7/0x6c0
[  802.594711][T16450]  ? kvm_dev_ioctl+0x154/0x1c60
[  802.596563][T16450]  __vmalloc_noprof+0x6d/0x90
[  802.598574][T16450]  ? kvm_dev_ioctl+0x154/0x1c60
[  802.600734][T16450]  kvm_dev_ioctl+0x154/0x1c60
[  802.602770][T16450]  ? find_held_lock+0x59/0x110
[  802.604882][T16450]  ? find_held_lock+0x2d/0x110
[  802.607074][T16450]  ? __pfx_kvm_dev_ioctl+0x10/0x10
[  802.609258][T16450]  ? __fget_light+0x173/0x210
[  802.611191][T16450]  ? bpf_lsm_file_ioctl_compat+0x9/0x10
[  802.613602][T16450]  ? __pfx_kvm_dev_ioctl+0x10/0x10
[  802.615778][T16450]  __do_compat_sys_ioctl+0x2c3/0x330
[  802.618021][T16450]  __do_fast_syscall_32+0x73/0x120
[  802.620174][T16450]  do_fast_syscall_32+0x32/0x80
[  802.622255][T16450]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  802.624978][T16450] RIP: 0023:0xf7fc0579
[  802.626857][T16450] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  802.634614][T16450] RSP: 002b:00000000f5d7656c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  802.638217][T16450] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 000000000000ae01
[  802.641579][T16450] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  802.645018][T16450] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  802.648487][T16450] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  802.651888][T16450] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  802.654921][T16450]  </TASK>
[  802.708349][T16450] Mem-Info:
[  802.709862][T16450] active_anon:6782 inactive_anon:454 isolated_anon:0
[  802.709862][T16450]  active_file:3336 inactive_file:44020 isolated_file:0
[  802.709862][T16450]  unevictable:769 dirty:207 writeback:0
[  802.709862][T16450]  slab_reclaimable:4678 slab_unreclaimable:59307
[  802.709862][T16450]  mapped:17905 shmem:1376 pagetables:794
[  802.709862][T16450]  sec_pagetables:337 bounce:0
[  802.709862][T16450]  kernel_misc_reclaimable:0
[  802.709862][T16450]  free:101528 free_pcp:1313 free_cma:0
[  802.758386][T16450] Node 0 active_anon:0kB inactive_anon:900kB active_file:0kB inactive_file:16kB unevictable:1540kB isolated(anon):0kB isolated(file):0kB mapped:15168kB dirty:12kB writeback:0kB shmem:1280kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:9584kB pagetables:2336kB sec_pagetables:1316kB all_unreclaimable? no
[  802.788375][T16450] Node 1 active_anon:26588kB inactive_anon:1516kB active_file:13344kB inactive_file:176064kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:56452kB dirty:816kB writeback:0kB shmem:4224kB shmem_thp:2048kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:1652kB pagetables:840kB sec_pagetables:32kB all_unreclaimable? no
[  802.818356][T16450] Node 0 DMA free:908kB boost:0kB min:760kB low:948kB high:1136kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:232kB local_pcp:8kB free_cma:0kB
[  802.838605][T16450] lowmem_reserve[]: 0 374 0 0 0
[  802.840755][T16450] Node 0 DMA32 free:27956kB boost:0kB min:19048kB low:23808kB high:28568kB reserved_highatomic:4096KB active_anon:200kB inactive_anon:600kB active_file:0kB inactive_file:16kB unevictable:1540kB writepending:12kB present:1032192kB managed:410728kB mlocked:4kB bounce:0kB free_pcp:2128kB local_pcp:64kB free_cma:0kB
[  802.868352][T16450] lowmem_reserve[]: 0 0 0 0 0
[  802.870631][T16450] Node 1 DMA32 free:378316kB boost:0kB min:47048kB low:58808kB high:70568kB reserved_highatomic:0KB active_anon:26588kB inactive_anon:1516kB active_file:13344kB inactive_file:176064kB unevictable:1536kB writepending:816kB present:1048436kB managed:946208kB mlocked:0kB bounce:0kB free_pcp:1924kB local_pcp:0kB free_cma:0kB
[  802.908451][T16450] lowmem_reserve[]: 0 0 0 0 0
[  802.910459][T16450] Node 0 DMA: 7*4kB (U) 10*8kB (U) 4*16kB (U) 26*32kB (U) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 1004kB
[  802.915946][T16450] Node 0 DMA32: 372*4kB (UMEH) 270*8kB (UMEH) 106*16kB (UMEH) 87*32kB (UMEH) 66*64kB (UMEH) 29*128kB (UME) 11*256kB (UME) 4*512kB (UME) 3*1024kB (U) 2*2048kB (M) 0*4096kB = 28096kB
[  802.938920][T16450] Node 1 DMA32: 11*4kB (UE) 30*8kB (UME) 103*16kB (UME) 463*32kB (UME) 250*64kB (UME) 42*128kB (UME) 22*256kB (UM) 38*512kB (UME) 36*1024kB (UM) 12*2048kB (UM) 62*4096kB (UM) = 378604kB
[  802.958817][T16450] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  802.963171][T16450] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  802.967239][T16450] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  802.971661][T16450] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  802.975548][T16450] 49720 total pagecache pages
[  802.977489][T16450] 1029 pages in swap cache
[  802.979339][T16450] Free swap  = 107308kB
[  802.980878][T16450] Total swap = 124996kB
[  802.982543][T16450] 524155 pages RAM
[  802.984142][T16450] 0 pages HighMem/MovableOnly
[  802.986195][T16450] 181081 pages reserved
[  802.987810][T16450] 0 pages cma reserved
[  803.578396][ T5249] usb 8-1: new high-speed USB device number 21 using dummy_hcd
[  803.589282][T16473] netlink: 40 bytes leftover after parsing attributes in process `syz.1.3106'.
[  803.592039][T16477] random: crng reseeded on system resumption
[  803.758623][ T5249] usb 8-1: Using ep0 maxpacket: 8
[  803.762990][ T5249] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 1536, setting to 1024
[  803.768035][ T5249] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  803.772597][ T5249] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  803.776789][ T5249] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  803.788372][ T5249] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  803.791985][ T5249] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  804.014739][ T5249] usb 8-1: usb_control_msg returned -32
[  804.017347][ T5249] usbtmc 8-1:16.0: can't read capabilities
[  804.128522][T12100] Bluetooth: hci0: command 0x0c1a tx timeout
[  804.132318][ T5212] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  804.175052][T16484] netlink: 'syz.2.3110': attribute type 1 has an invalid length.
[  804.225178][T16484] 8021q: adding VLAN 0 to HW filter on device batadv5
[  804.232569][T16484] bond1: (slave batadv5): Enslaving as a backup interface with an up link
[  804.244469][T16484] bond1 (unregistering): (slave batadv5): Releasing backup interface
[  804.252149][T16484] bond1 (unregistering): Released all slaves
[  804.368142][T16488] overlayfs: failed to resolve './file0': -2
[  804.734274][T16500] xt_NFQUEUE: number of total queues is 0
[  806.208440][T12100] Bluetooth: hci0: command 0x0c1a tx timeout
[  806.319621][T10743] usb 8-1: USB disconnect, device number 21
[  806.655612][T16516] fuse: Bad value for 'group_id'
[  806.657781][T16516] fuse: Bad value for 'group_id'
[  806.718922][T16517] netlink: 'syz.3.3119': attribute type 4 has an invalid length.
[  806.917466][T16522] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3121'.
[  806.983248][T16524] netlink: 'syz.3.3122': attribute type 1 has an invalid length.
[  807.068637][T16524] 8021q: adding VLAN 0 to HW filter on device batadv15
[  807.073678][T16524] bond6: (slave batadv15): Enslaving as a backup interface with an up link
[  807.095593][T16524] bond6 (unregistering): (slave batadv15): Releasing backup interface
[  807.116460][T16524] bond6 (unregistering): Released all slaves
[  808.288879][T16548] xt_NFQUEUE: number of total queues is 0
[  808.291913][ T5212] Bluetooth: hci0: command 0x0c1a tx timeout
[  808.757659][T16556] netlink: 'syz.2.3131': attribute type 1 has an invalid length.
[  808.801576][T16556] 8021q: adding VLAN 0 to HW filter on device batadv6
[  808.808713][T16556] bond1: (slave batadv6): Enslaving as a backup interface with an up link
[  808.836270][T16556] bond1 (unregistering): (slave batadv6): Releasing backup interface
[  808.877858][T16556] bond1 (unregistering): Released all slaves
[  809.008510][ T5249] usb 8-1: new high-speed USB device number 22 using dummy_hcd
[  809.202132][ T5249] usb 8-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  809.206994][ T5249] usb 8-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  809.221574][ T5249] usb 8-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  809.225497][ T5249] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  809.243859][T16554] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  809.454898][T16569] netlink: 40 bytes leftover after parsing attributes in process `syz.1.3135'.
[  809.686127][ T5493] usb 8-1: USB disconnect, device number 22
[  810.298754][T16585] xt_NFQUEUE: number of total queues is 0
[  811.258529][  T824] usb 5-1: new high-speed USB device number 121 using dummy_hcd
[  811.366243][T16605] netlink: 36 bytes leftover after parsing attributes in process `syz.1.3145'.
[  811.438398][  T824] usb 5-1: Using ep0 maxpacket: 8
[  811.442849][  T824] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 1536, setting to 1024
[  811.447492][  T824] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  811.458472][  T824] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  811.462508][  T824] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  811.467571][  T824] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  811.476559][  T824] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  811.709080][  T824] usb 5-1: usb_control_msg returned -32
[  811.718589][  T824] usbtmc 5-1:16.0: can't read capabilities
[  811.875473][T16614] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3148'.
[  812.073801][T16618] overlayfs: failed to resolve './file0': -2
[  812.298621][T16621] xt_NFQUEUE: number of total queues is 0
[  812.528365][ T5212] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  812.528915][T12100] Bluetooth: hci0: command 0x0c1a tx timeout
[  813.218391][ T5251] usb 6-1: new high-speed USB device number 110 using dummy_hcd
[  813.400520][ T5251] usb 6-1: New USB device found, idVendor=05ac, idProduct=0290, bcdDevice=dc.1b
[  813.408567][ T5251] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  813.417766][ T5251] usb 6-1: config 0 descriptor??
[  813.446658][ T5251] input: bcm5974 as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:0.0/input/input41
[  813.570282][ T5249] usb 8-1: new high-speed USB device number 23 using dummy_hcd
[  813.654125][   T56] usb 6-1: USB disconnect, device number 110
[  813.772146][ T5249] usb 8-1: config index 0 descriptor too short (expected 45, got 36)
[  813.775544][ T5249] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11
[  813.785476][ T5249] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024
[  813.793755][ T5249] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  813.801086][ T5249] usb 8-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  813.801393][T12100] Bluetooth: hci0: ACL packet for unknown connection handle 201
[  813.804971][ T5249] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  813.812586][ T5249] usb 8-1: config 0 descriptor??
[  813.818275][T16640] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22
[  813.877565][T12100] Bluetooth: hci0: ACL packet for unknown connection handle 200
[  813.971589][ T1356] ieee802154 phy1 wpan1: encryption failed: -22
[  813.985304][   T56] usb 5-1: USB disconnect, device number 121
[  814.156487][T16656] xt_NFQUEUE: number of total queues is 0
[  814.265878][T16638] netlink: 203516 bytes leftover after parsing attributes in process `syz.3.3156'.
[  814.278735][T16638] netlink: zone id is out of range
[  814.283617][T16638] netlink: zone id is out of range
[  814.285773][T16638] netlink: zone id is out of range
[  814.287788][T16638] netlink: zone id is out of range
[  814.298385][T16638] netlink: zone id is out of range
[  814.304132][T16638] netlink: zone id is out of range
[  814.306312][T16638] netlink: zone id is out of range
[  814.328946][T16638] netlink: zone id is out of range
[  814.334926][T16638] netlink: zone id is out of range
[  814.337040][T16638] netlink: zone id is out of range
[  814.381958][T16660] netlink: 40 bytes leftover after parsing attributes in process `syz.1.3162'.
[  815.386255][T16672] xt_NFQUEUE: number of total queues is 0
[  816.153383][T16685] program syz.2.3170 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  816.172746][ T5212] Bluetooth: hci0: unexpected event for opcode 0x0000
[  816.260856][ T5249] usbhid 8-1:0.0: can't add hid device: -71
[  816.265405][ T5249] usbhid 8-1:0.0: probe with driver usbhid failed with error -71
[  816.272441][ T5249] usb 8-1: USB disconnect, device number 23
[  816.288765][T12100] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  816.314807][T16690] netlink: 'syz.1.3172': attribute type 1 has an invalid length.
[  816.357631][T16690] 8021q: adding VLAN 0 to HW filter on device batadv7
[  816.362392][T16690] bond1: (slave batadv7): Enslaving as a backup interface with an up link
[  816.376712][T16690] bond1 (unregistering): (slave batadv7): Releasing backup interface
[  816.391725][T16690] bond1 (unregistering): Released all slaves
[  816.413900][T16692] xt_NFQUEUE: number of total queues is 0
[  816.418387][   T57] usb 5-1: new high-speed USB device number 122 using dummy_hcd
[  816.450186][  T824] usb 7-1: new full-speed USB device number 109 using dummy_hcd
[  816.610827][   T57] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  816.616291][   T57] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[  816.628746][   T57] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  816.633546][   T57] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  816.649019][   T57] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  816.650259][  T824] usb 7-1: too many configurations: 9, using maximum allowed: 8
[  816.653009][   T57] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  816.662202][  T824] usb 7-1: unable to read config index 0 descriptor/start: -61
[  816.665303][  T824] usb 7-1: can't read configurations, error -61
[  816.670512][   T57] usb 5-1: config 0 descriptor??
[  816.673396][T16686] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  816.819279][  T824] usb 7-1: new full-speed USB device number 110 using dummy_hcd
[  817.019645][  T824] usb 7-1: too many configurations: 9, using maximum allowed: 8
[  817.025198][  T824] usb 7-1: unable to read config index 0 descriptor/start: -61
[  817.029950][  T824] usb 7-1: can't read configurations, error -61
[  817.034140][  T824] usb usb7-port1: attempt power cycle
[  817.089013][   T57] plantronics 0003:047F:FFFF.0035: unknown main item tag 0xd
[  817.093992][   T57] plantronics 0003:047F:FFFF.0035: No inputs registered, leaving
[  817.111412][   T57] plantronics 0003:047F:FFFF.0035: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0
[  817.304940][ T5493] usb 5-1: USB disconnect, device number 122
[  817.468393][  T824] usb 7-1: new full-speed USB device number 111 using dummy_hcd
[  817.521018][  T824] usb 7-1: too many configurations: 9, using maximum allowed: 8
[  817.570847][  T824] usb 7-1: unable to read config index 0 descriptor/start: -61
[  817.574266][  T824] usb 7-1: can't read configurations, error -61
[  817.750445][  T824] usb 7-1: new full-speed USB device number 112 using dummy_hcd
[  817.831863][  T824] usb 7-1: too many configurations: 9, using maximum allowed: 8
[  817.849407][  T824] usb 7-1: unable to read config index 0 descriptor/start: -61
[  817.852624][  T824] usb 7-1: can't read configurations, error -61
[  817.878594][  T824] usb usb7-port1: unable to enumerate USB device
[  818.078705][T16724] netlink: 'syz.1.3181': attribute type 1 has an invalid length.
[  818.236840][T16729] 8021q: adding VLAN 0 to HW filter on device batadv8
[  818.270567][T16729] bond1: (slave batadv8): Enslaving as a backup interface with an up link
[  818.302701][T16724] bond1 (unregistering): (slave batadv8): Releasing backup interface
[  818.407119][T16724] bond1 (unregistering): Released all slaves
[  818.438506][   T57] usb 5-1: new high-speed USB device number 123 using dummy_hcd
[  818.684279][   T57] usb 5-1: config index 0 descriptor too short (expected 45, got 36)
[  818.689040][   T57] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11
[  818.695982][   T57] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024
[  818.715685][   T57] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  818.728615][   T57] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  818.732793][   T57] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  818.738247][   T57] usb 5-1: config 0 descriptor??
[  818.747556][T16726] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  819.343856][ T5212] Bluetooth: hci0: unexpected event 0x04 length: 14 > 10
[  819.407458][T16717] netlink: 203516 bytes leftover after parsing attributes in process `syz.0.3179'.
[  819.419213][T16717] net_ratelimit: 7 callbacks suppressed
[  819.419226][T16717] netlink: zone id is out of range
[  819.426268][T16717] netlink: zone id is out of range
[  819.431648][T16717] netlink: zone id is out of range
[  819.434036][T16717] netlink: zone id is out of range
[  819.436388][T16717] netlink: zone id is out of range
[  819.442625][T16717] netlink: zone id is out of range
[  819.447923][T16717] netlink: zone id is out of range
[  819.454856][T16717] netlink: zone id is out of range
[  819.463422][T16717] netlink: zone id is out of range
[  819.481611][T16717] netlink: zone id is out of range
[  819.600257][T16746] FAULT_INJECTION: forcing a failure.
[  819.600257][T16746] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  819.606066][T16746] CPU: 2 PID: 16746 Comm: syz.3.3186 Not tainted 6.10.0-syzkaller-08676-g720261cfc732 #0
[  819.607699][   T57] usbhid 5-1:0.0: can't add hid device: -71
[  819.612161][T16746] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  819.612176][T16746] Call Trace:
[  819.612184][T16746]  <TASK>
[  819.612192][T16746]  dump_stack_lvl+0x16c/0x1f0
[  819.612225][T16746]  should_fail_ex+0x497/0x5b0
[  819.626560][   T57] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  819.628262][T16746]  _copy_from_user+0x30/0xf0
[  819.637431][   T57] usb 5-1: USB disconnect, device number 123
[  819.639202][T16746]  get_compat_msghdr+0xa8/0x170
[  819.639274][T16746]  ? __pfx_get_compat_msghdr+0x10/0x10
[  819.646314][T16746]  ? __pfx___lock_acquire+0x10/0x10
[  819.648375][T16746]  ? __might_fault+0x13b/0x190
[  819.650284][T16746]  ___sys_sendmsg+0x1b0/0x1e0
[  819.652151][T16746]  ? __pfx____sys_sendmsg+0x10/0x10
[  819.655841][T16746]  ? __pfx_lock_release+0x10/0x10
[  819.658680][T16746]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  819.661646][T16746]  ? __fget_light+0x173/0x210
[  819.663885][T16746]  __sys_sendmmsg+0x2a5/0x450
[  819.666132][T16746]  ? __pfx___sys_sendmmsg+0x10/0x10
[  819.668412][T16746]  ? vfs_write+0x14d/0x1140
[  819.670415][T16746]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  819.673245][T16746]  ? fput+0x32/0x390
[  819.675303][T16746]  ? ksys_write+0x1ab/0x260
[  819.678661][T16746]  ? __pfx_ksys_write+0x10/0x10
[  819.681083][T16746]  __ia32_compat_sys_sendmmsg+0x9d/0x100
[  819.683971][T16746]  ? syscall_enter_from_user_mode_prepare+0x68/0xe0
[  819.687810][T16746]  __do_fast_syscall_32+0x73/0x120
[  819.690446][T16746]  do_fast_syscall_32+0x32/0x80
[  819.692635][T16746]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  819.695444][T16746] RIP: 0023:0xf7fc0579
[  819.697401][T16746] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  819.706573][T16746] RSP: 002b:00000000f5d7656c EFLAGS: 00000296 ORIG_RAX: 0000000000000159
[  819.710494][T16746] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000200
[  819.714024][T16746] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000000000000000
[  819.717501][T16746] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  819.721371][T16746] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  819.725021][T16746] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  819.728923][T16746]  </TASK>
[  819.802347][T16748] netlink: 40 bytes leftover after parsing attributes in process `syz.3.3187'.
[  820.220235][ T5212] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0
[  820.223960][ T5212] Bluetooth: hci0: Injecting HCI hardware error event
[  820.370483][T16757] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  820.376057][T16757] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  820.519718][   T25] usb 6-1: new high-speed USB device number 111 using dummy_hcd
[  820.672662][T16763] program syz.3.3192 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  820.711339][   T25] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  820.715577][   T25] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[  820.719920][   T25] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  820.724425][   T25] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  820.731147][   T25] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  820.736734][   T25] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  820.743000][   T25] usb 6-1: config 0 descriptor??
[  820.747845][T16752] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  820.831673][T16766] netlink: 'syz.2.3193': attribute type 1 has an invalid length.
[  820.895582][T16766] 8021q: adding VLAN 0 to HW filter on device batadv7
[  820.901954][T16766] bond1: (slave batadv7): Enslaving as a backup interface with an up link
[  820.939133][T16766] bond1 (unregistering): (slave batadv7): Releasing backup interface
[  820.956816][T16766] bond1 (unregistering): Released all slaves
[  820.958372][ T5252] usb 8-1: new full-speed USB device number 24 using dummy_hcd
[  821.139030][ T5252] usb 8-1: too many configurations: 9, using maximum allowed: 8
[  821.148936][ T5252] usb 8-1: unable to read config index 0 descriptor/start: -61
[  821.152609][ T5252] usb 8-1: can't read configurations, error -61
[  821.160264][   T25] plantronics 0003:047F:FFFF.0036: unknown main item tag 0xd
[  821.167772][   T25] plantronics 0003:047F:FFFF.0036: No inputs registered, leaving
[  821.178263][   T25] plantronics 0003:047F:FFFF.0036: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0
[  821.308444][ T5252] usb 8-1: new full-speed USB device number 25 using dummy_hcd
[  821.370591][T10743] usb 6-1: USB disconnect, device number 111
[  821.509113][ T5252] usb 8-1: too many configurations: 9, using maximum allowed: 8
[  821.514097][ T5252] usb 8-1: unable to read config index 0 descriptor/start: -61
[  821.516998][ T5252] usb 8-1: can't read configurations, error -61
[  821.520916][ T5252] usb usb8-port1: attempt power cycle
[  821.671654][ T5212] Bluetooth: hci0: unexpected event 0x04 length: 14 > 10
[  821.938547][ T5252] usb 8-1: new full-speed USB device number 26 using dummy_hcd
[  822.020183][ T5252] usb 8-1: too many configurations: 9, using maximum allowed: 8
[  822.054194][ T5252] usb 8-1: unable to read config index 0 descriptor/start: -61
[  822.068999][ T5252] usb 8-1: can't read configurations, error -61
[  822.228578][ T5252] usb 8-1: new full-speed USB device number 27 using dummy_hcd
[  822.261001][ T5252] usb 8-1: too many configurations: 9, using maximum allowed: 8
[  822.274993][ T5252] usb 8-1: unable to read config index 0 descriptor/start: -61
[  822.281367][ T5252] usb 8-1: can't read configurations, error -61
[  822.290432][ T5252] usb usb8-port1: unable to enumerate USB device
[  822.665092][T16791] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3200'.
[  822.740265][T16794] IPVS: set_ctl: invalid protocol: 255 172.20.20.187:0
[  822.744866][T16794] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  823.968592][ T5252] usb 7-1: new high-speed USB device number 113 using dummy_hcd
[  824.018468][T16825] IPVS: set_ctl: invalid protocol: 255 172.20.20.187:0
[  824.030188][T16825] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  824.170106][ T5252] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  824.174530][ T5252] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[  824.188352][ T5252] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  824.192581][ T5252] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  824.197411][ T5252] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  824.201182][ T5252] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  824.205730][ T5252] usb 7-1: config 0 descriptor??
[  824.211491][T16815] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  824.231431][T16830] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3213'.
[  824.345155][  T824] usb 8-1: new high-speed USB device number 28 using dummy_hcd
[  824.529237][  T824] usb 8-1: too many configurations: 9, using maximum allowed: 8
[  824.538732][  T824] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9
[  824.543335][  T824] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  824.551064][  T824] usb 8-1: config 0 interface 0 has no altsetting 0
[  824.555179][  T824] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9
[  824.565499][  T824] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  824.577167][  T824] usb 8-1: config 0 interface 0 has no altsetting 0
[  824.581218][  T824] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9
[  824.584918][  T824] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  824.589673][  T824] usb 8-1: config 0 interface 0 has no altsetting 0
[  824.593690][  T824] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9
[  824.596954][  T824] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  824.601741][  T824] usb 8-1: config 0 interface 0 has no altsetting 0
[  824.605921][  T824] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9
[  824.610627][  T824] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  824.615009][  T824] usb 8-1: config 0 interface 0 has no altsetting 0
[  824.619454][  T824] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9
[  824.623509][  T824] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  824.626208][ T5252] plantronics 0003:047F:FFFF.0037: unknown main item tag 0xd
[  824.628016][  T824] usb 8-1: config 0 interface 0 has no altsetting 0
[  824.629268][  T824] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9
[  824.637118][  T824] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  824.641254][  T824] usb 8-1: config 0 interface 0 has no altsetting 0
[  824.645157][  T824] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9
[  824.650124][  T824] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  824.650726][ T5252] plantronics 0003:047F:FFFF.0037: No inputs registered, leaving
[  824.656949][  T824] usb 8-1: config 0 interface 0 has no altsetting 0
[  824.662897][ T5252] plantronics 0003:047F:FFFF.0037: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0
[  824.673767][  T824] usb 8-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e
[  824.679532][  T824] usb 8-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168
[  824.683440][  T824] usb 8-1: Product: syz
[  824.685244][  T824] usb 8-1: Manufacturer: syz
[  824.687284][  T824] usb 8-1: SerialNumber: syz
[  824.696880][  T824] usb 8-1: config 0 descriptor??
[  824.705766][  T824] yurex 8-1:0.0: USB YUREX device now attached to Yurex #1
[  824.985658][ T5251] usb 8-1: USB disconnect, device number 28
[  824.989577][ T5251] yurex 8-1:0.0: USB YUREX #1 now disconnected
[  825.238712][T16842] program syz.0.3217 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  825.538383][ T5252] usb 5-1: new full-speed USB device number 124 using dummy_hcd
[  825.729175][ T5252] usb 5-1: too many configurations: 9, using maximum allowed: 8
[  825.734468][ T5252] usb 5-1: unable to read config index 0 descriptor/start: -61
[  825.737555][ T5252] usb 5-1: can't read configurations, error -61
[  825.908441][ T5252] usb 5-1: new full-speed USB device number 125 using dummy_hcd
[  826.089200][ T5252] usb 5-1: too many configurations: 9, using maximum allowed: 8
[  826.094272][ T5252] usb 5-1: unable to read config index 0 descriptor/start: -61
[  826.097089][ T5252] usb 5-1: can't read configurations, error -61
[  826.108753][ T5252] usb usb5-port1: attempt power cycle
[  826.324122][T16860] netlink: 40 bytes leftover after parsing attributes in process `syz.1.3224'.
[  826.518750][ T5252] usb 5-1: new full-speed USB device number 126 using dummy_hcd
[  826.550030][ T5252] usb 5-1: too many configurations: 9, using maximum allowed: 8
[  826.555932][ T5252] usb 5-1: unable to read config index 0 descriptor/start: -61
[  826.559317][ T5252] usb 5-1: can't read configurations, error -61
[  826.588729][  T824] usb 7-1: USB disconnect, device number 113
[  826.708536][ T5252] usb 5-1: new full-speed USB device number 127 using dummy_hcd
[  826.749627][ T5252] usb 5-1: too many configurations: 9, using maximum allowed: 8
[  826.754927][ T5252] usb 5-1: unable to read config index 0 descriptor/start: -61
[  826.758040][ T5252] usb 5-1: can't read configurations, error -61
[  826.758625][T16863] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3225'.
[  826.765414][T16863] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3225'.
[  826.769070][ T5252] usb usb5-port1: unable to enumerate USB device
[  826.920097][T16865] net_ratelimit: 8 callbacks suppressed
[  826.920108][T16865] TCP: request_sock_TCP: Possible SYN flooding on port [::]:20002. Sending cookies.
[  827.064503][T16869] netlink: 36 bytes leftover after parsing attributes in process `syz.3.3227'.
[  827.396318][T16882] xt_CT: You must specify a L4 protocol and not use inversions on it
[  827.554920][T16882] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3231'.
[  828.267980][T16895] FAULT_INJECTION: forcing a failure.
[  828.267980][T16895] name fail_futex, interval 1, probability 0, space 0, times 1
[  828.273462][T16895] CPU: 3 PID: 16895 Comm: syz.0.3234 Not tainted 6.10.0-syzkaller-08676-g720261cfc732 #0
[  828.277860][T16895] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  828.281937][T16895] Call Trace:
[  828.283222][T16895]  <TASK>
[  828.284347][T16895]  dump_stack_lvl+0x16c/0x1f0
[  828.286199][T16895]  should_fail_ex+0x497/0x5b0
[  828.288046][T16895]  get_futex_key+0xb89/0x1090
[  828.289913][T16895]  ? __pfx_get_futex_key+0x10/0x10
[  828.291923][T16895]  ? kasan_save_track+0x14/0x30
[  828.293821][T16895]  ? __kasan_kmalloc+0xaa/0xb0
[  828.295713][T16895]  futex_lock_pi+0x258/0x710
[  828.297544][T16895]  ? __pfx_futex_lock_pi+0x10/0x10
[  828.299544][T16895]  ? find_held_lock+0x2d/0x110
[  828.301450][T16895]  ? __pfx_futex_wake_mark+0x10/0x10
[  828.303493][T16895]  ? vfs_write+0x14d/0x1140
[  828.305418][T16895]  do_futex+0x11b/0x350
[  828.307776][T16895]  ? __pfx_do_futex+0x10/0x10
[  828.309899][T16895]  __ia32_sys_futex_time32+0x1da/0x460
[  828.311925][T16895]  ? __pfx___ia32_sys_futex_time32+0x10/0x10
[  828.314435][T16895]  ? ksys_write+0x1ab/0x260
[  828.316153][T16895]  ? __pfx_ksys_write+0x10/0x10
[  828.318102][T16895]  __do_fast_syscall_32+0x73/0x120
[  828.320258][T16895]  do_fast_syscall_32+0x32/0x80
[  828.322313][T16895]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  828.324680][T16895] RIP: 0023:0xf7f94579
[  828.326225][T16895] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  828.335252][T16895] RSP: 002b:00000000f5d4656c EFLAGS: 00000296 ORIG_RAX: 00000000000000f0
[  828.339122][T16895] RAX: ffffffffffffffda RBX: 0000000020001300 RCX: 0000000000000006
[  828.342432][T16895] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  828.345778][T16895] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  828.349155][T16895] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  828.352662][T16895] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  828.355810][T16895]  </TASK>
[  828.650982][T16900] netlink: 36 bytes leftover after parsing attributes in process `syz.3.3236'.
[  828.711057][T12100] Bluetooth: hci0: hardware error 0x00
[  829.285615][T16916] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  830.115864][T16922] program syz.2.3242 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  830.166031][ T5212] Bluetooth: hci0: unexpected event for opcode 0x0004
[  830.319741][T16926] xt_CT: You must specify a L4 protocol and not use inversions on it
[  830.375223][T16926] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3244'.
[  830.458729][ T5251] usb 7-1: new full-speed USB device number 114 using dummy_hcd
[  830.598743][   T57] usb 6-1: new high-speed USB device number 112 using dummy_hcd
[  830.669023][ T5251] usb 7-1: too many configurations: 9, using maximum allowed: 8
[  830.673525][ T5251] usb 7-1: unable to read config index 0 descriptor/start: -61
[  830.676147][ T5251] usb 7-1: can't read configurations, error -61
[  830.768466][T12100] Bluetooth: hci0: Opcode 0x0c03 failed: -110
[  830.771399][T12100] ==================================================================
[  830.774471][T12100] BUG: KASAN: slab-use-after-free in set_powered_sync+0xc1/0xd0
[  830.777354][T12100] Read of size 8 at addr ffff888029b0d098 by task kworker/u33:0/12100
[  830.782910][T12100] 
[  830.783904][T12100] CPU: 1 PID: 12100 Comm: kworker/u33:0 Not tainted 6.10.0-syzkaller-08676-g720261cfc732 #0
[  830.788124][T12100] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  830.792018][T12100] Workqueue: hci0 hci_cmd_sync_work
[  830.794024][T12100] Call Trace:
[  830.795377][T12100]  <TASK>
[  830.796483][T12100]  dump_stack_lvl+0x116/0x1f0
[  830.798123][T12100]  print_report+0xc3/0x620
[  830.799584][T12100]  ? __virt_addr_valid+0x5e/0x590
[  830.801341][T12100]  ? __phys_addr+0xc6/0x150
[  830.802885][T12100]  kasan_report+0xd9/0x110
[  830.804338][T12100]  ? set_powered_sync+0xc1/0xd0
[  830.806235][T12100]  ? set_powered_sync+0xc1/0xd0
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  830.807852][T12100]  set_powered_sync+0xc1/0xd0
[  830.809648][T12100]  hci_cmd_sync_work+0x1a4/0x410
[  830.811215][T12100]  process_one_work+0x958/0x1ad0
[  830.812966][T12100]  ? __pfx_hci_error_reset+0x10/0x10
[  830.814851][T12100]  ? __pfx_process_one_work+0x10/0x10
[  830.816695][T12100]  ? assign_work+0x1a0/0x250
[  830.818220][T12100]  worker_thread+0x6c8/0xf20
[  830.819761][T12100]  ? __kthread_parkme+0x148/0x220
[  830.821417][T12100]  ? __pfx_worker_thread+0x10/0x10
[  830.823237][T12100]  kthread+0x2c1/0x3a0
[  830.824675][T12100]  ? _raw_spin_unlock_irq+0x23/0x50
[  830.826550][T12100]  ? __pfx_kthread+0x10/0x10
[  830.828271][T12100]  ret_from_fork+0x45/0x80
[  830.829678][T12100]  ? __pfx_kthread+0x10/0x10
[  830.831252][T12100]  ret_from_fork_asm+0x1a/0x30
[  830.833059][T12100]  </TASK>
[  830.834213][T12100] 
[  830.835044][T12100] Allocated by task 16902:
[  830.836613][T12100]  kasan_save_stack+0x33/0x60
[  830.838301][T12100]  kasan_save_track+0x14/0x30
[  830.839783][T12100]  __kasan_kmalloc+0xaa/0xb0
[  830.841676][T12100]  mgmt_pending_new+0x5b/0x290
[  830.843281][T12100]  mgmt_pending_add+0x36/0x160
[  830.845128][T12100]  set_powered+0x28c/0x5c0
[  830.846832][T12100]  hci_sock_sendmsg+0x1528/0x25e0
[  830.848766][T12100]  sock_write_iter+0x50a/0x5c0
[  830.850425][T12100]  vfs_write+0x6b6/0x1140
[  830.851907][T12100]  ksys_write+0x1f8/0x260
[  830.853403][T12100]  __do_fast_syscall_32+0x73/0x120
[  830.855178][T12100]  do_fast_syscall_32+0x32/0x80
[  830.856691][T12100]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  830.858574][T12100] 
[  830.859313][T12100] Freed by task 12100:
[  830.860522][T12100]  kasan_save_stack+0x33/0x60
[  830.861974][T12100]  kasan_save_track+0x14/0x30
[  830.863726][T12100]  kasan_save_free_info+0x3b/0x60
[  830.865448][T12100]  poison_slab_object+0xf7/0x160
[  830.867336][T12100]  __kasan_slab_free+0x32/0x50
[  830.869030][T12100]  kfree+0x12a/0x3b0
[  830.870360][T12100]  settings_rsp+0x257/0x400
[  830.871863][T12100]  mgmt_pending_foreach+0xdf/0x140
[  830.873656][T12100]  __mgmt_power_off+0xcd/0x2e0
[  830.875043][T12100]  hci_dev_close_sync+0xcb8/0x11d0
[  830.876372][T12100]  hci_dev_do_close+0x2e/0x90
[  830.877916][T12100]  hci_error_reset+0xbf/0x320
[  830.879664][T12100]  process_one_work+0x958/0x1ad0
[  830.881309][T12100]  worker_thread+0x6c8/0xf20
[  830.883010][T12100]  kthread+0x2c1/0x3a0
[  830.884448][T12100]  ret_from_fork+0x45/0x80
[  830.886089][T12100]  ret_from_fork_asm+0x1a/0x30
[  830.887976][T12100] 
[  830.888987][T12100] The buggy address belongs to the object at ffff888029b0d080
[  830.888987][T12100]  which belongs to the cache kmalloc-96 of size 96
[  830.893947][T12100] The buggy address is located 24 bytes inside of
[  830.893947][T12100]  freed 96-byte region [ffff888029b0d080, ffff888029b0d0e0)
[  830.899003][T12100] 
[  830.899950][T12100] The buggy address belongs to the physical page:
[  830.902423][T12100] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x29b0d
[  830.905499][T12100] anon flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  830.908148][T12100] page_type: 0xffffefff(slab)
[  830.909864][T12100] raw: 00fff00000000000 ffff888015442280 0000000000000000 dead000000000001
[  830.912785][T12100] raw: 0000000000000000 0000000000200020 00000001ffffefff 0000000000000000
[  830.915426][T12100] page dumped because: kasan: bad access detected
[  830.917328][T12100] page_owner tracks the page as allocated
[  830.919351][T12100] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x152820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL), pid 1092, tgid 1092 (kworker/u32:8), ts 63765514763, free_ts 63579873079
[  830.926397][T12100]  post_alloc_hook+0x2d1/0x350
[  830.928076][T12100]  get_page_from_freelist+0x1353/0x2e50
[  830.930208][T12100]  __alloc_pages_noprof+0x22b/0x2460
[  830.932256][T12100]  alloc_slab_page+0x56/0x110
[  830.934121][T12100]  new_slab+0x84/0x260
[  830.935552][T12100]  ___slab_alloc+0xdac/0x1870
[  830.937205][T12100]  __slab_alloc.constprop.0+0x56/0xb0
[  830.939479][T12100]  __kmalloc_cache_noprof+0x2c5/0x310
[  830.941736][T12100]  dst_cow_metrics_generic+0x4c/0x1f0
[  830.944310][T12100]  icmp6_dst_alloc+0x370/0x4a0
[  830.946489][T12100]  ndisc_send_skb+0x1279/0x1c30
[  830.948401][T12100]  ndisc_send_ns+0xc7/0x150
[  830.950193][T12100]  addrconf_dad_work+0xca5/0x1500
[  830.952333][T12100]  process_one_work+0x958/0x1ad0
[  830.954472][T12100]  worker_thread+0x6c8/0xf20
[  830.956351][T12100]  kthread+0x2c1/0x3a0
[  830.957833][T12100] page last free pid 5285 tgid 5284 stack trace:
[  830.959989][T12100]  free_unref_page+0x64a/0xe40
[  830.961721][T12100]  __put_partials+0x14c/0x170
[  830.963536][T12100]  qlist_free_all+0x4e/0x140
[  830.965320][T12100]  kasan_quarantine_reduce+0x192/0x1e0
[  830.967437][T12100]  __kasan_slab_alloc+0x69/0x90
[  830.969341][T12100]  kmem_cache_alloc_lru_noprof+0x121/0x2f0
[  830.971582][T12100]  alloc_inode+0xba/0x230
[  830.973268][T12100]  new_inode+0x22/0x210
[  830.974972][T12100]  __debugfs_create_file+0x11a/0x660
[  830.977008][T12100]  kvm_dev_ioctl+0x1628/0x1c60
[  830.978861][T12100]  __do_compat_sys_ioctl+0x2c3/0x330
[  830.980924][T12100]  __do_fast_syscall_32+0x73/0x120
[  830.982973][T12100]  do_fast_syscall_32+0x32/0x80
[  830.984800][T12100]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  830.987210][T12100] 
[  830.988141][T12100] Memory state around the buggy address:
[  830.990251][T12100]  ffff888029b0cf80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc
[  830.993283][T12100]  ffff888029b0d000: 00 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc
[  830.996357][T12100] >ffff888029b0d080: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[  830.999468][T12100]                             ^
[  831.001298][T12100]  ffff888029b0d100: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[  831.004165][T12100]  ffff888029b0d180: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[  831.007118][T12100] ==================================================================
[  831.012796][T12100] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  831.015820][T12100] CPU: 1 PID: 12100 Comm: kworker/u33:0 Not tainted 6.10.0-syzkaller-08676-g720261cfc732 #0
[  831.019879][T12100] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  831.023498][T12100] Workqueue: hci0 hci_cmd_sync_work
[  831.025453][T12100] Call Trace:
[  831.026703][T12100]  <TASK>
[  831.028076][T12100]  dump_stack_lvl+0x3d/0x1f0
[  831.030013][T12100]  panic+0x6f5/0x7a0
[  831.031482][T12100]  ? __pfx_panic+0x10/0x10
[  831.033353][T12100]  ? preempt_schedule_thunk+0x1a/0x30
[  831.035543][T12100]  ? preempt_schedule_common+0x44/0xc0
[  831.037755][T12100]  ? check_panic_on_warn+0x1f/0xb0
[  831.040149][T12100]  check_panic_on_warn+0xab/0xb0
[  831.042645][T12100]  end_report+0x117/0x180
[  831.044569][T12100]  kasan_report+0xe9/0x110
[  831.046521][T12100]  ? set_powered_sync+0xc1/0xd0
[  831.048587][T12100]  ? set_powered_sync+0xc1/0xd0
[  831.050704][T12100]  set_powered_sync+0xc1/0xd0
[  831.052810][T12100]  hci_cmd_sync_work+0x1a4/0x410
[  831.054809][T12100]  process_one_work+0x958/0x1ad0
[  831.056756][T12100]  ? __pfx_hci_error_reset+0x10/0x10
[  831.058785][T12100]  ? __pfx_process_one_work+0x10/0x10
[  831.060815][T12100]  ? assign_work+0x1a0/0x250
[  831.063729][T12100]  worker_thread+0x6c8/0xf20
[  831.065825][T12100]  ? __kthread_parkme+0x148/0x220
[  831.067999][T12100]  ? __pfx_worker_thread+0x10/0x10
[  831.070800][T12100]  kthread+0x2c1/0x3a0
[  831.073070][T12100]  ? _raw_spin_unlock_irq+0x23/0x50
[  831.075438][T12100]  ? __pfx_kthread+0x10/0x10
[  831.077425][T12100]  ret_from_fork+0x45/0x80
[  831.079399][T12100]  ? __pfx_kthread+0x10/0x10
[  831.081486][T12100]  ret_from_fork_asm+0x1a/0x30
[  831.083697][T12100]  </TASK>
[  831.085796][T12100] Kernel Offset: disabled
[  831.087657][T12100] Rebooting in 86400 seconds..

VM DIAGNOSIS:
11:46:53  Registers:
info registers vcpu 0

CPU#0
RAX=0000000094eff35b RBX=00000000ee11342d RCX=00000000806f3773 RDX=000000003176e9b2
RSI=00000000a99aa65f RDI=000000004e0cf75c RBP=00000000901d6207 RSP=ffffc9000760f848
R8 =0000000034870fac R9 =000000004704f933 R10=00000000f30fa41a R11=00000000a27a6feb
R12=00000000da13e51f R13=0000000026e984b5 R14=0000000060ccf124 R15=0000000021ecba95
RIP=ffffffff848246bb RFL=00000082 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88802c000000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000000020032000 CR3=000000005cdec000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000014000000000 0000000400000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000000000030 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff84fc1315 RDI=ffffffff94da62c0 RBP=ffffffff94da6280 RSP=ffffc900040a7718
R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=3062393230386552
R12=0000000000000000 R13=0000000000000030 R14=ffffffff84fc12b0 R15=0000000000000000
RIP=ffffffff84fc133f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88802c100000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000000020010000 CR3=0000000066e50000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000014000000000 0000000400000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 2

CPU#2
RAX=0000000000000004 RBX=0000000000000000 RCX=ffffffff94b1dca0 RDX=ffffffff94240ae8
RSI=1ffff92000602e85 RDI=ffffffff8dbb4e68 RBP=0000000000000000 RSP=ffffc90003017398
R8 =0000000000000000 R9 =0000000000000000 R10=ffffffff8fe49adf R11=0000000000000002
R12=ffffffff8dbb4e60 R13=0000000000000000 R14=0000000000000000 R15=ffff88801ff98000
RIP=ffffffff816c4315 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0000 0000000000000000 ffffffff 00c00000
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007fad92fb8d00 ffffffff 00c00000
GS =0000 ffff88802c200000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000008f000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=000055b148606000 CR3=0000000026d1e000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000008082082 Opmask01=0000000000000000 Opmask02=00000000dfff7fff Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000001 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 554245440045534f 4252455600524f52 5245004c41544146 0054454955510029
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 554245440045534f 4252455600524f52 5245004c41544146 005445495551000c
ZMM20=0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004
ZMM21=198e343f198e343f 198e343f198e343f 198e343f198e343f 198e343f198e343f 198e343f198e343f 198e343f198e343f 198e343f198e343f 198e343f198e343f
ZMM22=666e6bea666e6bea 666e6bea666e6bea 666e6bea666e6bea 666e6bea666e6bea 666e6bea666e6bea 666e6bea666e6bea 666e6bea666e6bea 666e6bea666e6bea
ZMM23=1ba539c51ba539c5 1ba539c51ba539c5 1ba539c51ba539c5 1ba539c51ba539c5 1ba539c51ba539c5 1ba539c51ba539c5 1ba539c51ba539c5 1ba539c51ba539c5
ZMM24=9528f5099528f509 9528f5099528f509 9528f5099528f509 9528f5099528f509 9528f5099528f509 9528f5099528f509 9528f5099528f509 9528f5099528f509
ZMM25=aecd9ff6aecd9ff6 aecd9ff6aecd9ff6 aecd9ff6aecd9ff6 aecd9ff6aecd9ff6 aecd9ff6aecd9ff6 aecd9ff6aecd9ff6 aecd9ff6aecd9ff6 aecd9ff6aecd9ff6
ZMM26=27066c8327066c83 27066c8327066c83 27066c8327066c83 27066c8327066c83 27066c8327066c83 27066c8327066c83 27066c8327066c83 27066c8327066c83
ZMM27=62b969cb62b969cb 62b969cb62b969cb 62b969cb62b969cb 62b969cb62b969cb 62b969cb62b969cb 62b969cb62b969cb 62b969cb62b969cb 62b969cb62b969cb
ZMM28=000000500000004f 0000004e0000004d 0000004c0000004b 0000004a00000049 0000004800000047 0000004600000045 0000004400000043 0000004200000041
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=c5190000c5190000 c5190000c5190000 c5190000c5190000 c5190000c5190000 c5190000c5190000 c5190000c5190000 c5190000c5190000 c5190000c5190000
info registers vcpu 3

CPU#3
RAX=0000000000000000 RBX=ffff88801b0eaf70 RCX=0000000000000002 RDX=dffffc0000000000
RSI=ffff88801b0eaf70 RDI=ffff88801b0eaf92 RBP=ffffc90001fb7148 RSP=ffffc90001fb7010
R8 =0000000000000000 R9 =0000000000000006 R10=ffffffff9423f39f R11=0000000000000002
R12=ffff88801b0ea440 R13=ffff88801b0eaf70 R14=0000000000000008 R15=1ffff920003f6e08
RIP=ffffffff816c3144 RFL=00000802 [-O-----] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88802c300000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000d6000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000000056c5a4c0 CR3=0000000059668000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000005000000000 0000000100000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000