last executing test programs:

4.218283233s ago: executing program 2 (id=1219):
prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0)
gettid()
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
bind$bt_sco(r0, &(0x7f0000000740)={0x1f, @none}, 0x8)
listen(r0, 0x0)
accept4(r0, 0x0, 0x0, 0x80800)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x141121)
r2 = dup(r1)
write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c)
r3 = socket$alg(0x26, 0x5, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00'], 0x48)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="020000000400000006000000aa0b"], 0x48)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000003c0)={0x0, &(0x7f00000002c0)=""/251, &(0x7f0000000940), &(0x7f0000000200), 0xa7c, r4}, 0x38)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000080)=ANY=[], 0x120}, 0x1, 0x0, 0x0, 0x2800}, 0x0)
prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x0)
socket(0x10, 0x80002, 0xfffffffe)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0xffffffffffffffff, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="180025bd7002ffdbdf250a000400"/24], 0x18}, 0x1, 0x0, 0x0, 0x8810}, 0x40040d0)
fanotify_init(0x4c, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000002c0), 0x7e00, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
preadv2(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)

3.957551253s ago: executing program 3 (id=1221):
capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280)={0x0, 0xfffffffe, 0x0, 0x0, 0x80000, 0x4})
getuid()
r0 = fsopen(&(0x7f0000000100)='ramfs\x00', 0x1)
r1 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', <r2=>0x0})
socket$igmp6(0xa, 0x3, 0x2)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r6, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x4, 0x8001, 0x0, 0xb49, 0x200000000002, 0x7, 0x8, 0x3}, 0x0)
r7 = syz_open_dev$vbi(&(0x7f0000000000), 0x1, 0x2)
ioctl$VIDIOC_CREATE_BUFS(r7, 0xc100565c, &(0x7f00000013c0)={0x3, 0x2, 0x2, {0x5, @vbi={0xb5, 0x0, 0x3, 0x20363159, [0x0, 0x8000000], [0x8200, 0x1]}}})
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff)
r8 = socket(0x1e, 0x5, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r8, 0x8933, &(0x7f0000000040))
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r9=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x24, r4, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r9}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x7}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_JOIN_MESH(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)={0x30, r4, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r9}, @void}}, [@NL80211_ATTR_MESH_ID={0xa}, @chandef_params=[@NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0xc}]]}, 0x30}, 0x1, 0x0, 0x0, 0x200080d0}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=@newqdisc={0x44, 0x24, 0x3fe3aa0262d8c583, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}, {0x6}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0x14, 0x8002, [@TCA_FQ_PIE_LIMIT={0x8, 0x1, 0x8}, @TCA_FQ_PIE_FLOWS={0x8, 0x2, 0x810c}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x2}, 0x2000400c)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
fsmount(r0, 0x1, 0x0)
r10 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r10, @ANYBLOB=',rootmode=0000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYRESDEC=0x0])
openat$comedi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/comedi0\x00', 0x101182, 0x0)

3.25318493s ago: executing program 2 (id=1223):
r0 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000380)='/proc/asound/card1/oss_mixer\x00', 0x1, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r2 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r1, &(0x7f0000000280)={@val={0x0, 0x800}, @val={0x1, 0x0, 0x0, 0x0, 0x3d}, @mpls={[], @ipv4=@tcp={{0x5, 0x4, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x84, 0x0, @empty=0x3fffffff, @local}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x2, 0xb, 0x4, 0x4, 0x0, 0x4, {[@window={0xa, 0x3}, @timestamp={0x5, 0xa}, @generic={0x0, 0x8, "d58838068b91"}]}}}}}}, 0x4e)
r3 = syz_usb_connect$printer(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="1201000000030020f003176c400000000001090224725100000000090400001207010300090501020000000000090582020002"], 0x0)
r4 = syz_open_dev$video4linux(&(0x7f0000000000), 0x0, 0x0)
ioctl$VIDIOC_QUERY_EXT_CTRL(r4, 0xc0445624, &(0x7f0000000140)={0x80f0f000, 0x8, "9a555c14c966e134d198b9aaaa7da80f8e4fa888dece6ffdb507a3c83e58e128"})
syz_usb_disconnect(r3)
write$proc_mixer(r0, &(0x7f0000000040)=[{'OGAIN', @val={' \'', 'Line Capture Switch'}}, {'TREBLE', @void}, {'OGAIN', @void}], 0x3e)
r5 = syz_usb_connect(0x0, 0x4a, &(0x7f0000000080)=ANY=[], 0x0)
syz_usb_ep_write$ath9k_ep1(r5, 0x82, 0x0, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

3.033746778s ago: executing program 1 (id=1224):
mkdir(&(0x7f0000000180)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e642c6163638173733d616e792c63616368653d667363616368652c76657273696f6e3d3970323030302e75"])
chdir(&(0x7f0000000600)='./file0\x00')
r0 = creat(&(0x7f0000000280)='./file1\x00', 0xecf86c37d53049ce)
fcntl$lock(r0, 0x25, &(0x7f0000000080)={0x1, 0x2, 0x3, 0x3})
pwritev2(r0, &(0x7f0000000980)=[{&(0x7f0000000000)="e9", 0x1e}], 0x1, 0x4, 0xa, 0x17)

2.911861194s ago: executing program 3 (id=1225):
r0 = socket(0x10, 0x2, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, 0x0)
syz_emit_ethernet(0x66, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000c80)={'lo\x00', <r4=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd28, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}, {0xd}}, [@qdisc_kind_options=@q_fq={{0x7}, {0xc, 0x2, [@TCA_FQ_FLOW_MAX_RATE={0x8, 0x7, 0x9}]}}]}, 0x38}}, 0x0)
r5 = socket$l2tp6(0xa, 0x2, 0x73)
sendto$inet6(r5, 0x0, 0x0, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback, 0x7f}, 0x1c)
r6 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000c80)={'lo\x00', <r7=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd28, 0x0, {0x0, 0x0, 0x0, r7, {}, {0xffff, 0xffff}, {0xd, 0xfff2}}, [@qdisc_kind_options=@q_fq={{0x7}, {0xc, 0x2, [@TCA_FQ_BUCKETS_LOG={0x8, 0x8, 0x1}]}}]}, 0x38}}, 0x0) (fail_nth: 4)

2.851673908s ago: executing program 3 (id=1226):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$mptcp(0x0, 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000200)={0x28, r1, 0x1, 0x0, 0x0, {0x7}, [@MPTCP_PM_ATTR_ADDR={0x14, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x1}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x1a}]}]}, 0x28}}, 0x0)

2.851357603s ago: executing program 3 (id=1227):
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f00000004c0)='afs_notify_call\x00', r0, 0x0, 0x7fffffff}, 0x18)
openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newsa={0xec, 0x10, 0x713, 0x70bd28, 0x0, {{@in=@initdev={0xac, 0x1e, 0x1, 0x0}, @in=@local, 0x4e23, 0x1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x3a, 0x0, 0xee00}, {@in6=@remote, 0x0, 0x32}, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', {0x0, 0x0, 0x8, 0x100000001, 0x6}, {0x0, 0x0, 0x2, 0xfffffffffffffffc}, {0xc}, 0x70bd28, 0x0, 0x2}}, 0xec}, 0x1, 0x0, 0x0, 0xc0}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{0x0}], 0x1}, 0x0)
r1 = socket$inet_mptcp(0x2, 0x1, 0x106)
r2 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_int(r2, 0x29, 0xb, &(0x7f0000000040)=0x9, 0x4)
bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty, 0x1000}, 0x1c)
recvmmsg(r2, &(0x7f00000009c0)=[{{0x0, 0x0, 0x0}, 0x4}], 0x65942126f3d7b6a8, 0x2, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000300)='syzkaller\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x40f00, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r4 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r4, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r5, 0x8983, &(0x7f0000000100)={0x0, 'erspan0\x00', {0x1}, 0x26})
read$FUSE(0xffffffffffffffff, &(0x7f0000009780)={0x2020}, 0x2020)
ioctl$F2FS_IOC_MOVE_RANGE(r3, 0xc01cf509, &(0x7f0000000280)={<r7=>r6, 0xfffffffffffffff9, 0x9, 0x2})
ioctl$BLKZEROOUT(r7, 0x127f, &(0x7f00000000c0)={0x0, 0x80600})
r8 = socket$inet_smc(0x2b, 0x1, 0x0)
connect$inet(r1, &(0x7f0000000000)={0x2, 0x4000, @remote}, 0x10)
setsockopt$SO_BINDTODEVICE_wg(r8, 0x1, 0x19, 0x0, 0x0)

2.563703578s ago: executing program 0 (id=1228):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x9)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x10000000000002)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_usbip_server_init(0x6)
socket$netlink(0x10, 0x3, 0x15)
r3 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
r4 = socket$inet6_mptcp(0xa, 0x1, 0x106)
ioctl$sock_SIOCETHTOOL(r4, 0x8946, &(0x7f0000000000)={'netdevsim0\x00', &(0x7f00000000c0)=@ethtool_gfeatures={0x33}})
r5 = syz_open_procfs(0x0, &(0x7f0000000000)='map_files\x00')
getdents64(r5, &(0x7f0000002f40)=""/4098, 0x1002)

2.092211069s ago: executing program 1 (id=1229):
socket$tipc(0x1e, 0x5, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="190000000400"], 0x48)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000002280)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x8000}})
read$FUSE(r0, &(0x7f0000006380)={0x2020, 0x0, 0x0, <r1=>0x0, <r2=>0x0}, 0x2020)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000740)={0x14, 0x38, 0x701, 0x0, 0x0, {0x8}}, 0x14}, 0x1, 0x0, 0x0, 0x48010}, 0x4000000)
syz_fuse_handle_req(r0, &(0x7f0000004300)="00e7a0633e8438bafa888b9b02144af32e296a0a01dc194d649b6fa26d6d5e63bac4a04baeeb8aacb22c6eec461b67db6a737737c6d2687acb00572f92e3fdb5d0cb2f11121c557a943020200755bcab77b39c406b733239e2bb1175b9322ba39dc7d67da8f77aed1714dae2e6c24c3ea96be9d151c6ab7b3c54bbe507b8b2461fb4be8dc90042184af6d48f8ace16abb5e3fc943cf61cdb75624a259bdb5f7829b9775820f85f2d1a6ee6c6c2af4fd41ab8a41ecb2612abf13cd2c6f9f3e6db505e4bbe68cc000cf5fa6d5636191a4b366ab59af52132a3f9678d4ed1bd577bacffb3b52850804005eebf3dfa4763168ff30490a11acdbbf4c3312a45f30139f6b72b1e7cdec185006bb30e0e8fa88da2cefc718cae7e9830f7ca101e4e23c6bd16bfacf4a9927fb13af4b79c86ab999beda4ad396abdda354a42fb4ef21d6749175dc21a0cf9191aa4f90d274b50370a580ad8dcd166d2b06c0d8b071973c3fde30f7e2bc371a51ca5866bf8b24eaac75bf482dd4436b214ff62d32e20df223b0b680ede28b3a49e66e330a8a3ecace0db9855d235d5ff23765e742d1a739c2ac8743f4c62664a3b347279da55a1a5b16e1e2828b584a013577d50f890e3894d9e8d6bfccdfb2b70221f12a7fac24b7a8818edce72b65f622c77bf1312771a2c0d805ec9a25c536c91868762032255be78903b77b2c1a773a03996fabba69214e76f5df6df0375b592692a2c3c86c75a3be56fe598ddaea0b9901d20db7e43e128e04e5509283f833c24c625887288459db5727210ba9a301fb8c934dd1d8dca68039fe5b2e1a8d7cdfc6d875e5851098100c3cd42544ed90bb55b58d20a501fabbc485d148c615a3b070fa0520da2ed68ee115a4411d5418b47f3d95616096f67a7a36d68f1e8df82eca8ef96fb4a96b3422fe046a37ea5f5967513a559bd770fecab7228b0692f439765c9e9c6ea4fc608e0b27f9b49064daa2bac06f83f6d87ebc61fa3a29bb5ed39641245ce8cf43770df32a84838802b0827ca5a40e2003915e2ed108a005637bb028d29bd2cfd28a1bd55e67ed1b6b7b72163c27c4b0e36d1b134d6dfdb165a66fb46498fc04bb8053b84098af5b18758631d1318d625a6fa4d3ce5a4d3a90e10c6363a26b5ae96c2d56f87ad21a6118af6847d041f88f852ddc3f250c088ef5cb31198f3ac81cff9a5bab26ed56c09f8416188974e08349f7da28fc754b98c1ac4ea0060ac1e1b1c49f7dbadbc59254b265dc418cab9ac14e2bbecc4c3103543e37984efb1f61315e10d2b422732217d3a9b0cfe4561f3765d3bda60be239e02bdc164dd631582e8c87dd8fa60d63dcf9e7f3dadc4ce5e4433a42425b8ee8cb8a2defab0bf9b6109c90b5655b79b18c06884f2670a985d454e08e54de69f645cb0cbb70620bd988ee717c310ae77b4abe81c01c6e7f47268ee20bc30b9062830917705682eba2c5ef966b877f33294aa5f8b29d3dd5ed92302087f34fa18d19a005de05f925e3e93c8c0f24507ff20cd23d9ae5452c32ff58c78ccdb1ab32c98edfaa6d2c3971934ca8f849ac360c286566eb72b0793f12cef84bd282368d533247ee750f18aeda484167f3d680e4aaa3aa0694441d4ff6a71531f1a30f87eeb71afd04c5d686e1f86f27586f4e2c8ff77c09612ba1af9b3fb93efd31af42f8e0498f35d07c662b743a08f2839cad8f95b90cbb4fc0ed2ca45dd093a549cde4c6ff08ce09a2cbc6f9f78b6f96643357f92f8f403202742057731fd3e343a87c0affe803cfdbddb8c2694ab63f2dc35da705624747e30a943000fc82c40f10e1975d2e2ec15aefd531b6dbc053606b054dc976f44d5b5a5f37e9c08532ce16cf8bca55ab6c814ceb855ab50b8b52620f8645a9dc25fcb732080d84bf39c3ebb235b4d96da527b64ec4b72f69e91d16a4efcaf76f2e1f968ca68a06f60b01ec7becc9ffd7877c0992cb0f80fb3daabc039513896bd7697843be06aba53e7761e11e075c61ef2d897d4d9f90041c14283746feeb3f0d456ba4be27843350fe43e7c1110b4439489139f6dae01c43f23ec71f08d3042663c65e059d368e4e2c6e49de45bf078d3182a1bc1208bc59379e705aa3309579947409f2a8b3d79099c8619f916e7a6fa333d2312a274247156b8c25cbcfcc59ef13339c700f56a8691dff39bd4338789001872c0d90929037dc0ad99b380a6ba73f331f73f9274f4c2bf5233d7482edf37bf6ffed4f2c0ee44a1d57cae0d644f25591dc03bf837571a82d0c31b61be7ff85a5b3843e8f96a50eaa43f5c137ecfc4e4530d08a2afa4ba02fcc50117a4ad0d5862302017639344c82749f673dbd650e49b35302d0acbab45c0973198291bb42b4cfcd3b0c272074341ea8eca19e122cd234da6d41bf5eedb706e16c17687ed8b84db67130796d26b94eac83bbcd785b603242bd6252c155711efd7dd22cc54e1eaf6d910d0f22c701f3d4da0314dd2829c6ee13bbcbd126558b47b8066bf0766c792a012315bd29bfeda8f28a2c1f4e638b701758e19a0e5bd5b4f19048b00a877d956292e345f8a3a8367892f955bcb5e50ca145ec5e2c9309e25941bd277e393aaad38f9b72a42514b27da6856223c37a1fc1327fa760551d3fdeb0b222ab180b16c9eea138cf4f327e88fdfee293c5b6b007028eb796a60772148282dcd17ffc1c90ed8b6540ede933545ed5a5301d6ff39734444ff3d85cda4ac3befa5083a4685e9e231eba4a91a35f4f7f48fd5ac2447c64c010e2a9f8e80691c95460e1995444466ec5f3cd71fe509a26ff0b7f3254bc8c3255e903834e841b37c70b267fb33deb0d1ed4ea84a869453ba508fc255b12cf847103d5195046c930ae4a75c956f22fcfe4186d547686b54bd7a534940d5d62216994eac0e8ed3bd2bd59354e6b9c6b5b10511d54a8b928040f1e1024a423b0cf519fc6e9673df5c48c0778c7edb8fa8d8ace77463a77d2d6313160e1ee72742953e433b6732ced59c93464fd91520847db238610ed0c289fc55647881a7d6257cf28090c75a6f19df079cfd35742a74a5ab270314f7c8039c20ff0f3f543d029b75a741b5dc6425241ac2ffabf1f96288e6d4ba34da09fb6049c2c8753fbd41fdb4bc68c57bf374ef4feb0df00c41319debb26afba2ff39e1799a1c2137f4e920ee5b02d93789b6b0c853e8143dae5b08ee85da2ea7c31803610ce797293ea95c16ade6dae2afb008e59d8b9505737f008b5227df5f1e4eb5d707f502698a17ead9b1f5ec09dff34248ff2fb153dc6df4812e39754a4baa42e1d8b77fbddef3ca091701ac28ae5fd422dbd8db5b122d3965383abc37a52d2fca5ce56eba974dba3d059cefe40e3c35c9daa8ae31198214303c1dcb90d58fc983ccfd504fa43925636f94b128d44e8aa5cd3ecfabd50a84062d03f7508a0575ab65ecc749d3ef566fdbc529a8139b7a7fb3a9bd784df52cddc6f2699044ba47615163fbbe19f3d88d38a8b71fe52b2611ca74341429d1cef1a7e350545be29d2caa560e60352cab074c298c44ca2c07f9795ce52f10aa3e2fcdef371f24e309b19e52218881f25a4674527edbe3b3bd0b9b536d810c6f9500c0c81bcfd9a440dd91c1d35c52758d2b2ae1a8497bb394c4f09d3947cf777727b0d1daf5ac4fe4fa3c247a791702cb84b96321b7fec81bf549d4eb5d6dafe019b26187417c68b064e4308908535a3e77b6cd3e28caaf12d726f15590b7958e40134d045a38cbb689131a7e85532f1c63dd4bac9e4d00645cd7b2b71704563f3738b92044a8153f6ba717800ab7cb238175c376d7add2c5ec38e4c856f1ab9c3ee33f6ca6d576ae908dd290e4bae23470182e253765e04e8eb02a791c4396a511ef467879a9e2818b8a4b1b0b39a6c44e816e3ebf6e3be93929dfcb38d5dad7d20b60215447674d0608b8b02331ac20e57083cb9b4449fecbb149441aea0ad82f00a82d87d743fc80d410922bc20923516885440f43c9f32beb81ce148def6140952583a7825c2d2fe012d52d30ef66d32a8a0864ac5c1737e2506228d41ff0515ee80be4cf012927dde0fd2a07cac68eff8c4437f2844d4df07936fd8753e5909f962c5c767f8719cc295bdfa8a16f3f36ff56e34d7b14b6b8c46d5af248b04a9c5396f84990e23d145670950bce5f5638e5e2cea37c371a4483729338f1305cbb32fa1c05dd9d21d2a69e5fa3abe9a2dad2237be20b4088393c04aa66cf13718de4bffac72f641a8c017a1d5568fa15a6a06e4dc833874ec95af6f115bdadf15179bfc8c4e3e64f26f1299e282c4ab397340934efc1e601afc630fe195e8ae7d8da1310568cab4f2fad085d0ec39710d8b7c812b3fd55c6f50925bcfc90fbcb35b8daa0f1e1f69d82fae2034039f7ad6921694ed48a55a68bc541e6d86f1e33c261a92d48b50eb58a03d8e31b2f6564a4ddc3ee988d0dc47b4b610a9a9dcb87571b5c1edb3362df0ec3d58872157e0f7247dfa8100b4478b705702a5620c9201010f40232327550db333e845dbecd6aadbd0a94c064862b1100b4dd45ece811b8c0275e3753e11b4bcd8bc5ed7668e72afa5bc5cc17b4c313273755f532ecfdefdf2d5c47999453a3b7c158d98332f0bd3a820cfb2c8c3bcd43197e7395a032cec6e41662079f2f654965aebc393e22b5c8516d9b8ad01e33ee481a4ac46a2df304dadeaa9e5274d340aaebe14dcea315fe1279f1a41a5c7aa8c94bf4b3d48757503171f53488e01210145e62c0de7c39737848dbdb1b207d4d33b8de180b020e8a76b1b521905e5e3ce97292f8558fb68efdee774681bfffcf1dc3eef35f660dd1659a32950de2d50e762313beee330d9c2a9fe8ce5e4e61ddd86378d3551335f6ef62053d3b248a8c33a11abdf3f3aa1975a15f4a6957a13d5b12a44d0f2b52b9a2d996e98c630c0f2abca80c7ae89efcf81ae284a0d19582cb1319d207077e5657d245533181ed6e07e0f7647123fc46c37bd75b4f4d181112b4a08acdcf445332cb9dde69a0923dd9244dd2ecd818b19588939922e3b2d8dd9d9fed95fa55b0e4564b38aca2c4d24eebc634664400177fbdeaeb278bb1d8eb11baf4be5c87d4f8d9a855bfa75df4c51fb4eec87a27c59df9a47d82523b08022a1c0fb22ff6f93c3d2cc22a4111a6ec5be428cba33617be65739c2240248f3a02d01ddf2d6aca9e537a2296b16d082d2b868504371dd5e41898885b03ebfaca73b40e8924ece83c1c80de6ce14943e1199c6f81bf359f44c3ed5ae3c6eacb730b1039f0b6555347bd566dfff45a7a2176420ab2b40916a73b66a3ad07af6e1ac5597393d203fa1ad34d4564af956a0a3e2997e27a4e5eff67dd89cce8875d995e00c1858234f149f6ad4cac2b8056966f726df57b8c4ee8f22f23097ba1471b1f1036e3a499400fccdb75b56eb13e9eca1407d5bff4b075b06d00fcbfcafc28431eb33156232e73c6577e3eca437330c494ede57b9609e1f40634918dea767338b5542197410cdc000143ace89ca0b7bf645b3267f74767d7c7fce05d2f59c137204e56bfa711f66903c511f681cf7a1b4f9fc0f42b7c438ff8957e1059375321df5b0c5c884f46d94c21686e1300582d34928bc398653118f79bfeea2e7cfbbf31a7718f4aab50fae57db94203d43e060365c9a7455241be03d82dffc3783d0f6aa170c0866eb0dad07485831526922d8348a7a16e2e9903a2ac93c58c6dce83127fab17703ec004a519ae5675baffb31bf4b52f9ca992a84017a44d68dc693abd829947342f277fdcbc87168bcc03c32b8b1e81a1915af2517c464af07d52b79d1b0e53164c82ba049f81e92ed1dc20a88fd72e9ce7aa4b22a7cc57dc5527d14f62bc29cfc9d57ed26fd523cac39ac00ba12d3a49d694709924275fc0793d56acf9558818dc9eb210749fa5307d45886b879257d627cee0542b51c2ce6ce134100efb47c92456ece5b73cdc051f570810a8d534222649eb56cf73a377162b753de6c282bcd4a25dda21dd10901bd8dfe8fd4ba8a70811c39707beded23dd60f23e2933372e3a6bce099899b07f0a4c4956fd98e956a8649622c77717de099463c0c6c9389ab4a1ae10f8ddd086d876af2943ee0b6b402ae5f89e09922e8c510ec0caa0a83e366e916400bfec88a52ab457037a35ddc6a8e2289c33684a5915c37bf5d227cbc65a737b52bdcb4fbbb7b4e7f965db116b46044d0870846c730dce12e120b1fe6dd5798ced24cad72c59a3f44de4978b8bc05a1dbeb766be6e2abf6ef46c67a58a370e54e92d89e5f44525e82b94a388d8d0cb20c3469a258c1633c9dddb6854aee255f93f59435ff317622f6899250aa185c207644275278580c5d32401741fe264a2e03b80f442ed58fd0704ebac923ac6a5abb7f0c695252f82e3fbcf2b99d721589a8fe3fad4d5926aee3d7bfafb6739e525faae3d25b12841fa2cc61dddc44d36acb9a8b72d60ecdd9c8cf04f9bac341b5e0f9bc59042db8126324888b07afe72b18cce36d61eec975b6b4ef5dc4a16ac14440cf770599bd4db630bd110eb63a03a80cd95c16d314a4de60cc5115bf0754cb7ab84a827ecefafa96069c721a5979f227fdc2467b4cd1975dafb5b28e1d6f3c1c3a2816ad831dd98c1378a03798c128f176426eaa0e361571e758d54bf4ec2c988355f016e16d6cd5cf97bb4891ab33f5623b7e796af313cc7a9e2f9510cd2bead1ea5dd080d9de1f595b2629ebccf69a0feaed3963ae8a6c89edd66fbf6e566379898185828925f8669668d6bddff961b08aaedbbe7fc196931a887ec740da6bcdab8f826a34aa2aa1e406a258558f3baf022a64222df4d6ee8726c79ba3dd6e11a19e4b4bb49b4a8cd99c189e6392f08ad731e415b65d0ccb919dca46efe9f79e21437111ab09e926d3038182044ae047bf1cc92e2d2644c528985719667a1a8abaf65d0f211172ea789b2fa016e1a88325d1ed706239da4dbb9e2079e3598b4ae5885667587ba1e0921c9ba55d7a3be4c47bc2f2f3547ce9efe32e5a22855f761bd4cbe1cd9337eda4bd7d82a918084d7e116b656104ca87e64b1b8c62323c3c296c5b5b98051feb607b872edf9f789744aff710c4b7279711182bcac6b76c05f5cd982f52f451e7e29046550e012e01d8cdd3e305427030f4247488c9136303084c12175c5c781cdd08aede5a356ea0ccdd05a460be3c7b4bfd62c3ce9ab68e285a36c1546d0b18edad71f69f5bedb340772e1bbb035514b085067259e39f59dc292a12557350c66904b253efee29a5eb7a6920f583c899dc46a1d3e2af2db3a3d1a0e8d1f98722a16c6cc1e401058d60c8c436d8f1166ba53bdde5810f9d0288528affd486c266546a864c92af3df8abd451cc1e0d6bfea534865cea9d49b3ea5e390fa823118df8a61e31022f5fbb8ceee870bf2e60890263c4d14e24d053d0fddf665ff80a66fa00a5957f8a30fe82a4b82cf2f6b4d49def98f66bfcdaa0aef13314e950ca9f3849b1edf3b82eaf74a0dbcf45c3dba9bd2d853281a78484f1efaf4150da1207ec3cb61fbcbf759f8182b7052b28d7164b73197b0a440759fe9d5ddf827f1897a174e82fb968a9a07c61bee44bc1f7f9ee5c6de04c02d57735c5fab741b36aec7c8642e56cba932a08b8e8a9d3eb066a4ee7cbf22e5abbd4346de59eca1f24ad9f7f9ff7621e5f30dd08f4cddda8e80e496908109f5212a72bab1378d1237def07bdda4178719975346c68405de15153031fb17535894e5e3c1de6fdd507333f0226b78ba7cae509cfb48d6735ede9392650bf85ac1db919b1e9fe0a823119d8253204dbb2f7a8f524be6d419f3a45c5051a7a88ef0bd41586d90c11a894d647f03895f671a6e19f1c70e32668653aba8366a3d372522f49844081a9637db080663ab02f4a8af502955d5411461b62f85308c91852f8fb9f0bdddd500b4a133791d3a2f91a82dc4b09f5ad2196a9172ab0cd3fafe7266e9f6d159110d99ca8da8a34b17be17a04ad4509a9fffab1e45e10f10e0cf9cfbd9c761ad044064c07e473fdc626289cfb88b13a11455c069b70aa02426d9119ac878a14c9483be9c0d5bcbb5fa76c8d06531f59c7cf7c26372e750e2f332418ca769e5e7fbeb3ada7bb58b573a0635e2e3ad9a53ddb809ea01086a3fa993ad57e89da6f9c5e61bd0f8ba69212a386b2aa1ae17520d7fb989dbe14021885eb50fa3048aebd42c861a09a308b660d382c0480ead8a52a1e14927c7c77957f94bb59ccfd557f8c4a7af23360a298a603d20ebc386db041d8c306b3e32b0bff541bdec5ff75c3b40950815cf9f89d48a382f67e44c409d046c01fb1262aca0df6f5238a3c3c09977261494f7361ba326815d6e23f49e4d6d4b54665081067332265fff59cf54af9da0db9d19bc611cbcb6e6f3f1e2e1ffb6cdd6253578d78d06a2ff5f9250f1994c5749e3ce49231fbd63bba28e948f9150933e3ae31299babaa41043b181a100882e613b4b4b8f49ceeb742d22f860853a9b917f5a323a8a1fb1f3363a7be4407fba44b408f259b5db79a055b92ce3d7a0649cc59f4afa2b1f69959d5c6f5eef1fa7987a47bee4491f685c52e9db1ee1a231ab5a4bae1019c97868a409dd0d57b32525394a233023c4a7ac429808bbcb57a34b41883202744c3bdebc0a637773273f19c2be6e806bef7fc1002846db762ee4e16867773808c5477987d5851d5b1641d070feabc203cb3d7943ffb206272fcac1bccb616352d85975f5a22c0f247548535ad9fb83fb2be17689453f10691143c060cd964df63c3c70e7b1cfc7e2b468015f327f9869353477bfeeed330b03ddd9e4e0a2441182244da283d7a59d2b2b20e6de3e3a47c26aeef4944c1190bba674523a6c3c4ed6bac53b9edffcb0e9fb19d8bf36949d03ef6a7e59eb903a00d9614f642d1932c766421906f5b177963c71e881453560e3ffcec792e8dc46b1832a8fcb2ab2268a9c1fb648d1c6fa1c8cbd50d5a2d8264fbc6c063e6daac5519d362da389dcd3d12c8039f991de91e728abf5bab95c3aef66dd8cc36c60e73cb10afb02eff6df20ff12c59b142b07fc48fe94612de80b8b958f78256fd7cf3c6f79a83867f3bb5f70da392957badadecefdf7b6e4ebd39ff945397c7d302ca0a5a3918d8abb893cd9cdd680916a50fe19699ff0476ad82e6ba46523f26ccc5eb65313c1df1077c8876d2b73bf86ba311862d12b0c557a92ef827197121512e87f817167d4b17c7e225a48b3f8fbbf4187438e0e9b78e905cdbeb72e80dfb37ec0104f5186b39b4ff34f0cdf4b74dc915acd3f98874cd6a67308d0ad9697121ac477550b1affe004f433705933f9647522be65cb5a7471120ec942aeb956f195be0c1783102cf7d842f2968222ae1a7fa6513f200d3fa85d71724956ed697f0673ee3b40a4d46ba4850439ec125b708ed52b52b9f72906477d520c90a9f5dd49a7a33a328137a183f439895532b78ae451a8c3db789bc862fbc37241d523027e1a008629c969380f6eb55f9cf3f0675bca6851f00df6aaf90de9f62d5c179945ef81d1073850301f97e379ea415d830e3f3751cf83e2dba541cb6cdd89e6b674f2c53e329e5f3dd418d534ada6469a5b3bca5b7cfbdfdd6df4abaf77d4520d0311e801145c91b52586a56086e663841b702f52cef9fff8cfb7b33dfa125688ba6b4fadd1dca8defaf4259ca85323b23d3bbb45933562c25af3e8d7bc6ad4a50ae974f8d207994b3bd74a6812ab6a40fcaf96bb4e17bd20d742b14c72226caef3e0f5c56c4930071e9f9a894f18650fbb785c6f707605c86b634c9722c8690cf3a954f68d7c2db3a257339ade67a41259f6f878dd0ab7876deffa77f6f00819282a8f4c4da84c6cf4f335cd0410770a2b1a1fbb3f85f4489eeceb78bbfddb2d1866c57b41f6ed179a0bc3750a486403d23473f2feef43ebc5af1018d9c20089e277d77fb9c34f425c8f8af4c49864b57572fa8c232e61ef37194251a1ddc2f73ffecd57e638751cb72bcb2c40d22540166ca1e8588f24b010c9fbd962e3a2c23a7e93f131df61b8703ce326ed80cc87912d3c6aaa27574bbe8d65bcaecd660c31cead132a44b1d0e4a53cacc0b82a263c4e7783944af0af08ea9e68e8e25ed9111cfef841f1b2fd24164f9097f70efe09b1109e5cb91fe68a2760381fd63a7fd422dd578a60661abc9ee3a5db1c2cde2fb21f2040f1ed3fc27b99e254256949d0560e8b98fa028fca50768caa951a87bf8969af498d50a9ee773c9caa7d9f7d8e1955506013f198cda316d79b177e59f233b98f727afd2494fc18642f0015adab756ea6742690c7d00f28655b915ce4eb8b3ba2e8559ba23e1ff1ccc9f79ae2df85f924459c56715dec78ef4592352eb1a850cd65ecd36e1a9121e888586b7b2fa84da920b8cf44480433e61ab076b10171c0537524bb170a4b99b0b0c437418a665b7ef909652b6483b20362e557c1480c2a2a0efa221fc59054a48122b52d38245f9bd026001635be5b155f5c766a59306fbde231fa72b4d74449a2fe8fb969496ee26af5881adaafb4189b439877ab8f78709cfd32c10ea576a010bfc137b7a4aae137ea3d29070ce3bc8dbe6655e967115ca3461ad9d28b9cf8af07441e68a54ec5e889846f3978f07ba51f7d5af5da78c5c675dc5d0c1a4a399ff4247203573a46fb903eaf7bc886e6cbd3126fa4a3fe3bb13bbdfea7da871f6563aa750f6ad7895b34b2809563dcf5ed30f1c60cef4138aa49d4f55e396534ed10cf4d857723a2b442f47d79de162c30ec6c4daf939b4c88649494e3682d1da81b4a5928d8e18a16c46707a685305e592589acb484e28e9d5af89c44b6e563d125ec97c0155410527406d94b90bc9576a662db99da1cb82b04d610d02187ce08f22ea0e8fd31919d53fa6aaf980e31ca7f8610e695a41919c24136a8406c62d5f15fca36507002b54ece17664b5247583ad60d863f283f3c288946139575dcaedc978762e85f534e56334ef0221c34ffae054ddf79339b8f08701e9699b11041df8f518dd33203363c8098fbefb01555bcc2542422777b38d8dff11b15aadb0c251ce2c5b32f8735b3cb784f2e5731b48feb5a0e791a1106abdea0f7d1f087737cbe7fdf523fa14c9be2a2987511004c5b7ac1814ef6961db16799698242452c469a07c30e4a1f73193c74a41bdd88aef50035e4648bc9dfa276951798420a45e4085932bdb9381af3cc4678bd962af616549e4020d2c9fd25e2117a6d8934fde2218273d7833d60ea492e251417a27e7fb32012a940a6b6487af4b64958bf05f1b1107732149d227eeda5ca5a43cf583dc297d66072a1acd75e93a7caefd36a0d581e21d5cb08654c4ecef46ebac5391546e0b7d2a6418548d8f816446bcf237f676e873e6bae9107234abe5ab24c53ea472ad10653cef068fd9f4e729fc0d526e489f8df13af5575f1e70e0ec22899728b0659d70fc2dd509d9df3ec170638f89e540f4d3f02aa9b1b1819f84da596e0d7b45a5818061728f8eeccd2bea0f460dd7e18cb95f2364c50e351f0690e184eb63ebbb14a0b4b2117e44f3b2b3", 0x2000, &(0x7f0000000b40)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000a00)={0x130, 0x0, 0x403, {0x1, 0x4000005, 0x0, '\x00', {0x1000, 0xad4, 0x4, 0x8, r1, r2, 0xa000, '\x00', 0xb7ef, 0x4, 0x9, 0x6, {0x6, 0x6}, {0x4}, {0x100000000, 0x8}, {0x8, 0xa06}, 0x4, 0x80000b, 0x3, 0x3}}}})
ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0186405, &(0x7f0000000040)={0x10, 0x200, {0xffffffffffffffff}, {<r4=>0xffffffffffffffff}, 0x7, 0xab9})
setreuid(r1, r4)
r5 = socket(0x10, 0x3, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
r8 = socket$netlink(0x10, 0x3, 0x14)
sendmsg$NFNL_MSG_CTHELPER_DEL(r8, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000180)={&(0x7f0000000040)={0x64, 0x2, 0x9, 0x101, 0x0, 0x0, {0xa, 0x0, 0xa}, [@NFCTH_QUEUE_NUM={0x8, 0x3, 0x1, 0x0, 0xff}, @NFCTH_STATUS={0x8}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_POLICY={0xc, 0x4, 0x0, 0x1, {0x8, 0x1, 0x1, 0x0, 0x5}}, @NFCTH_TUPLE={0x18, 0x2, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @rand_addr=0x64010100}, {0x8, 0x2, @remote}}}]}, @NFCTH_POLICY={0xc, 0x4, 0x0, 0x1, {0x8, 0x1, 0x1, 0x0, 0x8}}, @NFCTH_TUPLE={0x4}]}, 0x64}, 0x1, 0x0, 0x0, 0x20000004}, 0x4080004)
r9 = socket$inet_smc(0x2b, 0x1, 0x0)
r10 = open(0x0, 0x48062, 0x0)
r11 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r11, 0x6, 0x21, &(0x7f00000000c0)="00fbff008600000000003271a5bf00", 0x20)
getsockopt$inet_tcp_buf(r11, 0x6, 0x21, 0x0, &(0x7f0000000100))
fcntl$setlease(r10, 0x400, 0x0)
link(&(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='./file1\x00')
setsockopt$IP_VS_SO_SET_FLUSH(r9, 0x0, 0x485, 0x0, 0x0)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r8, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000001200)={&(0x7f0000001080)=ANY=[@ANYBLOB="380000000314010002070000000000000900020073797a25000000000800410072786500140033"], 0x38}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
sendmsg$NL80211_CMD_GET_WOWLAN(r7, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000340)={0x0, 0x30}}, 0x0)
getsockname$packet(r7, &(0x7f00000002c0)={0x11, 0x0, <r12=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB="50000000100001042dbd70000000000000000000", @ANYRES32=r12, @ANYBLOB="000000000000000030001280080001007369740024000280080014002f00000008000300", @ANYBLOB='\b'], 0x50}}, 0x0)
sendmmsg(r5, &(0x7f0000000000), 0x400000000000235, 0x0)

1.964146899s ago: executing program 1 (id=1230):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002})
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000180)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x10000000000)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0x10b})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4c, 0x0, &(0x7f0000000400)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x68, 0xc, &(0x7f00000002c0)={@ptr={0x70742a85, 0x0, 0x0, 0x0, 0x2, 0x1e}, @ptr={0x70742a85, 0x0, 0x0, 0x0, 0x2, 0xffffffffffffffff}, @flat=@handle={0x73682a85, 0x1000, 0x1}}, &(0x7f0000001500)={0x0, 0x68, 0x50}}, 0x1000}], 0x0, 0x0, 0x0}) (fail_nth: 4)

1.845526388s ago: executing program 1 (id=1231):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e642c6163638173733d616e792c63616368653d667363616368652c76657273696f6e3d3970323030302e75"])
chdir(&(0x7f0000000100)='./file0\x00')
r0 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc)
write$binfmt_script(r0, &(0x7f0000000400)={'#! ', './file0'}, 0xb)
fcntl$lock(r0, 0x25, &(0x7f0000000080)={0x1, 0x0, 0x4, 0x3})
write$binfmt_format(r0, &(0x7f0000000200)='0\x00', 0x2)
pwritev2(r0, &(0x7f0000000980)=[{&(0x7f0000000000)="e9", 0x1}], 0x1, 0x10007, 0x9, 0x10)
openat$dir(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
open(&(0x7f0000000080)='./file1\x00', 0x10b942, 0x1) (fail_nth: 4)

1.844679126s ago: executing program 3 (id=1232):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x9)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x10000000000002)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_usbip_server_init(0x6)
socket$netlink(0x10, 0x3, 0x15)
r3 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
r4 = socket$inet6_mptcp(0xa, 0x1, 0x106)
ioctl$sock_SIOCETHTOOL(r4, 0x8946, &(0x7f0000000000)={'netdevsim0\x00', &(0x7f00000000c0)=@ethtool_gfeatures={0x33}})
r5 = syz_open_procfs(0x0, &(0x7f0000000000)='map_files\x00')
getdents64(r5, &(0x7f0000002f40)=""/4098, 0x1002)

1.713463423s ago: executing program 1 (id=1233):
r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
write$vga_arbiter(r0, &(0x7f0000000600)=@other={'unlock', ' ', 'none'}, 0xc)
socket$inet_udplite(0x2, 0x2, 0x88)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='blkio.bfq.io_service_time\x00', 0x275a, 0x0)
r1 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$KDSKBENT(r1, 0x4b47, &(0x7f0000000c40)={0xf8, 0x0, 0xff80})
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x184, 0x10, 0x713, 0x0, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in=@initdev={0xac, 0x1e, 0x0, 0x0}}, {@in6=@local, 0x0, 0x33}, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_crypt={0x48, 0x4, {{'ecb(cipher_null)\x00'}}}, @algo_auth_trunc={0x4c, 0x14, {{'sha1\x00'}}}]}, 0x184}}, 0x0)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0)
ioctl$TCSETAF(r3, 0x5408, &(0x7f00000000c0)={0x80, 0x8000, 0x0, 0xb9ff, 0x15})
write$binfmt_aout(r3, &(0x7f00000000c0)=ANY=[], 0xff2e)
ioctl$TCSETS(r3, 0x40045431, 0x0)
r4 = syz_open_pts(r3, 0x101000)
dup3(r4, r3, 0x0)
pipe(&(0x7f0000000080))
r5 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VIDIOC_REQBUFS(r5, 0xc0145608, &(0x7f0000000040)={0x204, 0xa, 0x4})
r6 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
syz_emit_vhci(&(0x7f0000012c80)=ANY=[@ANYBLOB="042c11057a7dfdffffffffff02"], 0x14)
ioctl$VIDIOC_REQBUFS(r6, 0xc0585609, &(0x7f0000000040)={0x0, 0xa})
syz_open_dev$dri(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x5, &(0x7f0000000240)=ANY=[@ANYBLOB="1802000003000000000000000000000085000000a0000000850000005000000095"], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x32, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
io_setup(0x6, &(0x7f0000001380))
r7 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r7, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="2e00000010008188e6b62aa73772cc9f1ba1f848480000005e140602000000000e000a000f000000028000001294", 0x2e}], 0x1}, 0x4000)

1.087241907s ago: executing program 0 (id=1234):
r0 = fsopen(&(0x7f0000000140)='debugfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x8, 0x300, 0x0, 0x0)

1.002526945s ago: executing program 0 (id=1235):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002})
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000180)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x10000000000)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0x10b})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4c, 0x68, &(0x7f0000000400)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x68, 0xc, &(0x7f00000002c0)={@ptr={0x70742a85, 0x0, 0x0, 0x0, 0x2, 0x1e}, @ptr={0x70742a85, 0x0, 0x0, 0x0, 0x2, 0xffffffffffffffff}, @flat=@handle={0x73682a85, 0x1000, 0x1}}, &(0x7f0000001500)={0x0, 0x68, 0x50}}, 0x1000}], 0x0, 0x0, 0x0})

1.002308456s ago: executing program 0 (id=1236):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.numa_stat\x00', 0x26e1, 0x0)
r1 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
syz_open_procfs(0x0, &(0x7f0000000100)='attr/sockcreate\x00')
bind$rose(r1, &(0x7f00000000c0)=@short={0xb, @dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x1, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}}, 0x1c)
close(r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040))
ioctl$SIOCSIFHWADDR(r0, 0x8b15, &(0x7f0000000000)={'wlan1\x00', @remote})

938.340903ms ago: executing program 0 (id=1237):
mkdir(&(0x7f0000000180)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e642c6163638173733d616e792c63616368653d667363616368652c76657273696f6e3d3970323030302e75"])
chdir(&(0x7f0000000600)='./file0\x00')
r0 = creat(&(0x7f0000000280)='./file1\x00', 0xecf86c37d53049ce)
fcntl$lock(r0, 0x25, &(0x7f0000000080)={0x1, 0x2, 0x3, 0x3})
pwritev2(r0, &(0x7f0000000980)=[{&(0x7f0000000000)="e9", 0x1e}], 0x1, 0x4, 0xa, 0x17)

675.006486ms ago: executing program 1 (id=1238):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581d7"], 0x0)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000001700)=@newsa={0x13c, 0x1a, 0x7, 0x0, 0xfffffffc, {{@in6=@mcast2, @in=@multicast2, 0x4e23, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x2, 0x0, 0xee00}, {@in6=@mcast1, 0x0, 0x2b}, @in6=@private0, {0x0, 0x0, 0x1, 0x2}, {0x0, 0x200000, 0x7}, {0x40000, 0x0, 0xae8}, 0x0, 0x0, 0x2, 0x0, 0x0, 0x58}, [@algo_auth_trunc={0x4c, 0x14, {{'crc32-generic\x00'}, 0x0, 0x60}}]}, 0x13c}, 0x1, 0x0, 0x0, 0x4080}, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000140)={'team0\x00'})
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f00000002c0)={0x14, 0x0, 0x0, &(0x7f00000000c0)={0x0, 0x22, 0xf, {[@global=@item_4={0x3, 0x1, 0x0, "0a000006"}, @local=@item_4={0x3, 0x2, 0x0, "45501821"}, @local=@item_4={0x3, 0x2, 0x1, "6db80c51"}]}}, 0x0}, 0x0)
r2 = syz_open_dev$hiddev(&(0x7f0000000540), 0x0, 0x0)
ioctl$HIDIOCGREPORT(r2, 0x400c4807, &(0x7f0000000040)={0x2, 0x100, 0x7})
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
mq_notify(r3, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
r5 = syz_usb_connect$printer(0x5, 0x36, &(0x7f0000000180)={{0x12, 0x1, 0x200, 0x0, 0x0, 0x0, 0x60, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x7, 0x50, 0x9, [{{0x9, 0x4, 0x0, 0x71, 0x1, 0x7, 0x1, 0x1, 0x1, "", {{{0x9, 0x5, 0x1, 0x2, 0x400, 0x3, 0x8, 0x81}}, [{{0x9, 0x5, 0x82, 0x2, 0x0, 0x2, 0x8, 0x2}}]}}}]}}]}}, &(0x7f0000000340)={0xa, &(0x7f00000001c0)={0xa, 0x6, 0x200, 0x9, 0xd, 0xfe, 0x10, 0x3}, 0xf, &(0x7f0000000200)={0x5, 0xf, 0xf, 0x1, [@ss_cap={0xa, 0x10, 0x3, 0x0, 0x4, 0xff, 0x3}]}, 0x5, [{0x2a, &(0x7f0000000240)=@string={0x2a, 0x3, "9a0873f0ba2582410d95fb07f57ea24cf25c4c62c0b04ce41cbddf3afa84f40c1a63482e699b20a3"}}, {0xdb, &(0x7f0000000400)=@string={0xdb, 0x3, "ac0b884906867d92a0566e665bbab4bfb08b73f2446320dccf8144258ca0a1332fb451358ca16d976479176d8bdce504634a510f04c8ba8d711a05108dea5a985c4d2747651dd5ba61d02b33647f83dfa6a77f79122dfa447aa4c987c8ca207b7905cf6919357e4427f20f4dae32569ddd5e72edc3cf13c6d56631879d8280aa10ffb4346202b728e38bf2662da9ae313ed317086fd26c4d6fe0654fbc4fa0cf09522daedc13f27ab32ec016dfb687d4f3e44d6f6c1debd4dd2a1595d3ae0ae33e398d411ed5f43318e07b630729dbb69d7608bbe7ad328ce4"}}, {0x4, &(0x7f0000000280)=@lang_id={0x4, 0x3, 0x44b}}, {0x4, &(0x7f0000000300)=@lang_id={0x4, 0x3, 0xc0c}}, {0x50, &(0x7f0000000580)=@string={0x50, 0x3, "de50d37a6f4ffca1e02608cad53911958d7ceb6275e8f8fb7902c1aaa7ae9ef3e84423e1ca06dc409882236554175f762801207cea2c0b3fb7e038acf57bb126e067cc05733abc85ab73a39508e4"}}]})
syz_usb_control_io$printer(r5, &(0x7f0000000700)={0xc, &(0x7f0000000600)={0x20, 0x6, 0xd2, {0xd2, 0x29, "b01630a99b870c27a06f974677a74dc1cdf1d00bcb82eb024a8d96241825d05831e47831c8182022fb6e15f07c93620b526358d229ad2e04979a35edabd051a4a6ba40f033e3091bec418a4a590e03d97f69f1fdc76c790251795786e355c6a7c6094890cfc9d87c2d8b7f17cfa5271158355e7ae571eb8441d061991984b6dcb461ffcf41e353f4b52b0f75ee6af488fcbaa831763d6608b2a8c1633c00f1d041eea6e192b14111bf537db7be16cc09ca025080c197fe2fccfb9bd928008e0df25ef9558861a1a4ac612eab71c6792e"}}, &(0x7f0000000500)={0x0, 0x3, 0x1d, @string={0x1d, 0x3, "e71e9328384457f547fdefa2e005e90d130835c37a2a15ef886531"}}}, &(0x7f0000000940)={0x1c, &(0x7f0000000740)={0x20, 0x15, 0x99, "86425866a3f2d08f904f934c07df381dc23daf54516d9f10f642c0e651fb0a39bb0a6d9e9d72153058238d357941e85aa5c73eef965e8f9e53f506265eb96700815c1c98c47e5de2b797899df3e85c3511ee265e088a6b2397628cfb93e809c46c3cfd1df90ebb849036997eca7f26effd8b45ecedfb57dd7efb2e190ae9f10593743ad72e9b900183f36c2f52cf15cd7c866e0597ecf2366f"}, &(0x7f0000000800)={0x0, 0xa, 0x1, 0x3}, &(0x7f0000000840)={0x0, 0x8, 0x1, 0x1}, &(0x7f0000000880)={0x20, 0x0, 0x15, {0x13, "81328d06d8bbfaef121914e44af51d66f87168"}}, &(0x7f00000008c0)={0x20, 0x1, 0x1, 0x6}, &(0x7f0000000900)={0x20, 0x0, 0x1, 0x6}})
syz_kvm_setup_cpu$x86(r3, r4, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000100)=[@textreal={0x8, &(0x7f0000000080)="bad00466b83e00000066ef66b9e00b000066b86ab7dca666ba000000000f30d239e9708866b94f0a00000f320f320f00dd660ffbfb660f28c4ba4000b004ee", 0x3f}], 0x1, 0x4, &(0x7f0000000140), 0x0)

521.184506ms ago: executing program 2 (id=1239):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f00000006c0), 0xffffffffffffffff)
sendmsg$NL802154_CMD_NEW_SEC_DEVKEY(r0, &(0x7f0000000980)={0x0, 0x0, &(0x7f0000000940)={&(0x7f0000000000)={0x4c, r1, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_SEC_DEVKEY={0x2c, 0x2f, 0x0, 0x1, [@NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8}, @NL802154_DEVKEY_ATTR_EXTENDED_ADDR={0xc}, @NL802154_DEVKEY_ATTR_ID={0x14, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_INDEX={0x5}, @NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x1}]}]}]}, 0x4c}}, 0x0)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_udp_encap(r2, 0x11, 0x68, &(0x7f0000003a80)=0x2, 0x4)
setsockopt$inet6_udp_encap(r2, 0x11, 0x64, &(0x7f0000000080), 0x4)
r3 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wpan0\x00', <r4=>0x0})
sendmsg$NL802154_CMD_SET_CCA_ED_LEVEL(r0, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x38, r3, 0x200, 0x70bd2c, 0x25dfdbfc, {}, [@NL802154_ATTR_CCA_ED_LEVEL={0x8, 0xe, 0x5}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000003}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r4}, @NL802154_ATTR_CCA_ED_LEVEL={0x8, 0xe, 0xd}]}, 0x38}, 0x1, 0x0, 0x0, 0x40890}, 0x4000004)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x10, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x79, 0x10, 0x48}, [@ldst={0x2, 0x0, 0x3}], {0x95, 0x0, 0x74}}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xc3, &(0x7f0000000400)=""/198, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xffffff52}, 0x37)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000008da4b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000640)={r5}, 0xc)
r6 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000000), 0x8801, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
r8 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r8, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00', <r9=>0x0})
sendmsg$nl_route(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000100)=@newlink={0x50, 0x10, 0x437, 0x70bd2c, 0x0, {0x0, 0x0, 0x0, r9, 0x192, 0x10001}, [@IFLA_VFINFO_LIST={0x30, 0x16, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, [@IFLA_VF_MAC={0x28, 0x1, {0xfffffffc, @local}}]}]}]}, 0x50}, 0x1, 0x0, 0x0, 0x10}, 0x4080)
write$UHID_INPUT(r6, &(0x7f0000001c40)={0x8, {"45707fe6c13ec0bd03e5ecc69c764fabe1f326e479445fcb5b205f8c3b622124e794bd8e155f4d904619803fd30c7c202046abd5cd2a26aeb32d246533b18dbb112bba54737fa3db4899cfbf40d3f0c487e58766cf9c7b78842142fb94c1a1c94a4b98b0cf1fed922cdbea0b164200d9f958ecd17c75d4b852a384e41367b0298b005bb13c7050e0342de230db20f9a86fe5fff6fff420f03ec7bb88747480857ed08bd7b1c7d178945f1af284d8ca636101edf9c287491e9a33df027ba595b273a8ed5aa6e64d7d3b218b76dc3566398b63e3a8dd3de57079ca6118e08a919f343ead86112d5dea53d5318814f9ddf14081758874653d15a71d0a4b7b18910a03e474208e31ca08e010c28aaa46ecc7c466cb8a06ee6047ca4ae798dc67f6e612afb9aca11097fec86fd5f12ffc6d43e70d749ed8962f2c9d7e88c49cad8b6af5ffca7d38eecafe276f318fdc229937052dee824a11519c054b9716a45703baef71e935632522ac184812313296a6599384899e8015ca5812cd608882ed02e8bc602bb3fb28b7e2bf2128e9fbe97a1e27e074586c6ebb0449ae67c56a96a0b0fcddadb770e57ef7377fed2191d519f222f8a8ce060cbeaa0428c835884f62fca487cd834ad600a5f68c28840878f9f519238abac8ab71c985bd0cdfb5bb1448cb8bb34a59ae512f2deee1f404e0d0c603c615a09be57ef4b94005ee0ef906239d56fa9f310b1be21098ac02db6302c4950496fdbc249d8ffd7cd19e7e26464e712c3184182b57546ae65b77ce55edeae4ee690a0db16b5c26977d36a3369c58ee48588f0ba502f4b584ccfe2e0f60b861930f24db34307ccfb6bf8139b0f8dea88413afc00bcf5582f211348df402e4ae1556627ac3f07dcc77d44d9454ba8eed51139ffdcea61172920c3494ff0d222e6836f8de22d66b10e3875b9b89a48c4ae134e7d81049039d186ea8995b5a289584437c54eb5d03197a7b81e2339f633dbba878eef49eeb85ee34df7789295c5491584af81f8f53487b713becb9a285f674d4c72b188ba6f767ede8ffae64842ecb82b33e799e90f7e977556884664e978e9dc7686c5d1253d4328ac7d95c67258a4fbc267a29b515f09a27a87015756c825f3ce309a2d8b089f2aed4e560d2b154d40ec1fe9cd01ecbfe3b025ff4222891757b376a9cbf325820912f8027ddd963d1ccf549baa912c0cf4817bf1a639dd5b39e56a63d108d914169c72577bc45730e1a9e20529a9f6a8aee9c83da159467c2f77212c1b9eda16804490198a29c61efec362dfa448ffa56a8e120690222f8e56ee6a820feda4173637e34c1aab938637ff82aad4f4f352f12ff9c164a9a7ebaa7a17797764b2bacae18898c33e8c759298eb94db0b8e676b6cc7971e6bd80445472af014f7470656d2566d7ca656acd4135e61dd4545f2d587ea05e6161db82f298bd71d610e50a092b817789473f5da3d32716613a1b09bbda29d501eff30e9993271f20423e74a2a0a1662f99f73c27e855d32796bc68a769e92e2b5d659f2ebd132dc9bfffbf031cd225f7e83e321160b65e55ff38462e8a36a4c533d30302d8102bcb41bec2abab1984b06733d370c2f3363a8d5e30c08f0e74e9e876f72745f574bc80fbe25943896ebe04fe72cfa9de6ee8506ad70c3be65a86eaf4f1fb913821afc85cf985b841d8ca96321dc1a31724f0b599c2ad147713692ecde7238ac87f2f426169bc060281c460f0e1346a92f464ee1f794002d3187a84fc6757f735cbbf42c41a0bb5d99ca04ef3792276491a1232fbcc00f7caf321ac9951a6517eeabaedc207c6b4d9c8f4e5a458d7def6c08a508b66ed3ccae5b544f0b84c9871129c4f6efa804404852993483d06b9227a689cb37a605b43265ca46ebe674073fbca8f83a56856cd6d5cf6e018dea75ca325b2365527888321bc8686069a7dbdc8b22a32c20e07e79eca4f83902a7d02c641bbdbe66a1bc18ff132c770b67964cce6c3800c05a5f0e0253ebd85b825e1c692887e36e4b938ac97507979aa39459ea04070fb078c63c334eabbc1e6444ce1336f98a41045d2a576a049d07368e027b182f6038ad38c3359dd3de78544dc621f9acd4f0540e117162c22e753462c4be2065724c3429b75b4db74e89d84f2795aba986dfc2b1fdcbe98346260cb9748f454a65f4b35b874ac5910184ad0fece39f01cd50663ca2462729f4cfa4e756c0cb6fc397f77c8fdcd7c9e194705e522ca83c625c7fab6ea43aad89db0b6ba71eed901209fc7330e8bc671aff44e5e48502abddc2409b52ece3779d3b19c1832b30abd3f81a9ff0c68fce42ad9c1941f03ce33ed9d37dce98dbe5e1d23519d22087f307e870c82f028e96fef580c4c8c62a32c2776eed31c3d8bddeb43cc53ab8592478253b6de3095d6828bd960989b9ed9879f863d3128f708eebe99f7701823f232444f2ac9830da973b993679e1bb510b2b6939847751cd0d4642d7bb899e21a7c26938fae9f1b149ff19032b5149b4cde635fa99c2160a8cd6f7ad6a5a242b6b31e253e04ea72f1b6f60677ef87fd8e175373c24822a3794134a3124f2e109a59d9db08e48f845254d4b68c42da5b2b2f3c3c528f4281cae4f5117cd0a4658e9ed1dba09656393623fb13fad1cda4eaa602176aba55ba251817017338193512318390fed2a914739050b1a85ca3833f71aa7c4c8fb45158b530c24bd4316f72c9b432a1bd067cd6fc64d646cc06bfbbf990dacb32de9496a8d730cc07171ce548957d435b2f121ea4bb939f70785ebce86f0ad6d89bb71cdc1d0897284ac5d09b95a76ddbfc787a98193b9cbdb1d3ffd89d5f10b9bbb5d41a2a33f73385df351db85c83786db3da558d890f414b21615160dfcb3b46f0958d492bd6d056550c48e5f0c26dd10c1c6ab3b4c6b7d911db5ac463f8e37a8bbcc2295fe79fa109f491a126fff6a1ffe161c7787f746fc8ddea5f19bd20fabca63aa81ae2d725e0b250f27fd7c8431ef6b2827904f62b5ffefc9bfdfb7d55ef6d9883c6ab43c5214b4af237d0df67afcb3d62e80041720952e837e65a22351cb3bf8a9e271568597f79f12144495d31ef72fc36a86e9eb4359790aee88c00b05473ac1a90b8bbe0c0db99570dd9bda506469c258e145841d9c26c9f32722a678cf25657acd124831cfc6a1809e341989b46b6df9db72b18f8be39cd845669bad697bc6bd9bec531047d5fa9e201e1a525c372367f8495280c5d93a62f9fb6f890c59959dcbac7de68e3a417befcd11c722067aac4726e2fdcabce2321ea64d9fbda04ab25dedbcb441faaef2d7bf024fe765591fd0354b2bcaa243a6d741272d4458e433118568944047eeec85d3b0f5b98cbdad0f77371be15af9c1bf928eceb652c581fa638e2131c22d901e6f047a5649ffab5324054389ebeb47ff283e0f0ffe074382e520c632bc440cbeaa68770877516e101709489bcb643b187cb2715e58479074cd32d53077331453fc537d34f87a7ec5e5da686c2f304116394e2bd1e480f5da74a6b725d526b71dc869df8dda3feb44f5463f4c678b6a8be34994ecb0902b3cf269de1adf0da8b8ad340b63a6d0237df7e812b94572adbc196784dfcf33e3e97a17b71a2dad7015fb2d59d4c5838ca551984c7d8ee7bf05ab3edf89029ffd20e373fcb72523bff1e63df721416a068d7b2daa3e17fbba8e831c53e29a94dc483e289cf7406a7b2da28ecc761cf9d847d39b7daa5e34a2a0e4dd19ca5c4a1ab274c7fb9a3057109ec0644579f1af210f8b8133dd87f1abd7c71ac09cfc38699573b35e6d9c5bdaa21f16442b87860e9a7f62ff7c2458160c6a64dc218a258ee06e222e47b3b8e0cf5a5c2d9985f886f32abd129ee056fae9b2e32d0571532eab27fa8f079f9c3e378125f2020064850cfb19c53aa44ad8da6f83a5d827bcb131da9d4dde6e8bd0005ef240c4a02b17051845c35725bd8668c3b27b46355febbf2bf3e5dc5ec650499669cbfe921815396d87b3ede410d492cc73ec7f3a40409eed9358131f1f75e31f24e34af6fc7b6fe2730fd043fd69269d939772e7fef5f2e08b657038a61bc8a8d5688b16029d15aacefe6631a364769d3b9b261bbac584c5ba29b7fbda146fc2ac0f1044f89141a57292b87c7275c6ec6011e5b4b40d1ebc4fc32e7c7ac96aea170225e60c189ed09f8df0a143232bd93c6a9d0fba9783f303b3375b10dde9cd501e68df3734f6278a0389418578834e1912806f07e2fa715bfed4bc707559ee3d4966f51cb652b06b747ae2d79b56759035f01953e76a2dc14c817eb0f97332e68c1d3995dcd84b2329194299944cb2c050991c409fe447ed764a9a3a1182bc30f773b0b415c1898460150c9fec8987c24ba07f87f299d014bd89049b3e9d0c9bf1c6bf159545e52cdfcf9e799b593cb411a3db12396dc9c09ddeddfcb6165a99074e531b7ceddaf344baf2e65225203da537cf09fc073d61d92c13a1c95f93e70050b99850272d0227a89faadfbfae923501b0321984b59229b7dc3c646bf4e381534fcb31783c568deb1a36f95c873df99ccab25446c77d96de6b2c70d5baa5b27786e8027b2f70be117bfdc1b2c6d72a6ab2f9e9a9ce231443d0621448e78393142f90177e7bb52976c668583c64beca45af5ea23a060ec910c6cd89ba7cb9cbbd7627ee56dd2d4d60d994cd63e81f181642b8864afa797aecc22358eea8d059d681a333caa15a8c56918523d465e94668d6ef5f3dcc089bffb13ad76dbf79c44c14f494fda3a55f61c3ed659e20a274297360576fd3230b3e4b7e79ea5b7d78c1def22741a38d17b39c646579d8d5df4cae4eca98d1c0df9371532fe89efc2c375fe433699ee14fcd4cf84495d380663aa10a374dba851536b8159deee491ed2c0e2b920bf7c5627db54562f1ff9c56795245be220391d6b681360fa221efc91faf57d80f15b5e3d881cfa30e1145dbde325c6cc8254938a9eb906d846ec5f76f63443b8f2c50db90b6563900a8f97947c82caec3ce4ee3a5e19fc3324376e4b041b7ed82d9940f7a63f9f962f6d746cb781dbbe16a90649881a77e8ac40677e74d87beadc50df2bc624aa6a707cb50c8ee749db526903f38d706df0201bf503b759d320fa940838ec74c914d0de569ed9ffc6eb2cee026ce22cd50a884bccfadbf503892930c4c4dd7efcb3caaac1695027ed66f3f29c7a1edade721bac0599ff0c400542d31d5dc235ddca7bada9cabcf427e038e5c6a54687b955131c547155036401c7a9a44b3b0437edaa30635b84e37996bcc8594307a6b6bbd8b06daa994cf238925485cd9ace35b3fdfd72788199b6f0570eed2078a4b2f36f511a68566927389ca5ce1c854cb500c2693d7a7917cc8f1215608b7dd2ab22de43a5cc91309a4db2a4c29fdeceaec4a604d13af72a60ea50070626aa6d4cfa418b95edda37a88db5218a1e096436a3551ee712ae137217cd0e941c31e86839e3a9aef8058f5f3196a5006f5a13f3343c0cbf50f9a27c7481e62614a4c51071df6c9a2e0058e534be00c510052e03148c79cc31256359b330c0de91e6130ce741d0472a838463987b9cb80693701825d0af139207f4ff1dc5cb92187170acb8c217f26b1a0544021a8ddce3e31de19b603a5eeca75a7a6234f75d890322a2dca481bc814ba65893cf8e4492094dfe534936a4378e85f680559f4ebce2cccdbea2c0c1e776c4cf50df6b0bc2effcee0f2c76b5c478f9dd02e0eef9399ddf2ba449e03cfd5d33388b0b683c3ce0d301ca1ba4ab", 0x1000}}, 0x1006)
ioctl$FIONREAD(r6, 0x541b, 0x0)

359.854967ms ago: executing program 2 (id=1240):
socket$nl_route(0x10, 0x3, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xe8001, 0x0)
r0 = creat(0x0, 0x0)
close(r0)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, 0x0, 0x0)
accept4(r1, 0x0, 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r3 = syz_io_uring_setup(0x8d2, &(0x7f00000000c0)={0x0, 0x0, 0x3010, 0x1, 0x39d}, &(0x7f0000000040)=<r4=>0x0, &(0x7f0000000080)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f0000000200)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
io_uring_enter(r3, 0x47ba, 0x3e80, 0x0, 0x0, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)

318.742955ms ago: executing program 3 (id=1241):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
bind$inet6(r0, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
setsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r0, 0x84, 0x13, &(0x7f0000000000)=0x93d2, 0x4)
sendto$inet6(r0, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000001ac0)=[{&(0x7f0000000200)=ANY=[@ANYBLOB="140100001f00010000000000"], 0x114}], 0x1}, 0x0)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb010018000000000000003400000034000000020000000000000000000003000000000300000002000000fcffffff00000000000000010500000010000000000000000000000400e0ff000000"], 0x0, 0x4e}, 0x28)
r3 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000140), r2)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000200), 0xffffffffffffffff)
r6 = gettid()
sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x24, r5, 0x1, 0x70bd28, 0x25dfdbff, {}, [@NL802154_ATTR_WPAN_PHY={0x8, 0x1, 0x1}, @NL802154_ATTR_PID={0x8, 0x1c, r6}]}, 0x24}, 0x1, 0x0, 0x0, 0x20000040}, 0x4000000)
r7 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000300), r2)
sendmsg$NL802154_CMD_GET_SEC_DEVKEY(r4, &(0x7f00000003c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x20, r7, 0x100, 0x70bd25, 0x25dfdbfe, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x20}, 0x1, 0x0, 0x0, 0x200048c1}, 0x4044881)
sendmsg$NLBL_MGMT_C_ADD(r2, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x8010008}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)={0x48, r3, 0x20, 0x70bd28, 0x25dfdbff, {}, [@NLBL_MGMT_A_CLPDOI={0x8}, @NLBL_MGMT_A_FAMILY={0x6, 0xb, 0x1f}, @NLBL_MGMT_A_CLPDOI={0x8}, @NLBL_MGMT_A_IPV4MASK={0x8, 0x8, @broadcast}, @NLBL_MGMT_A_IPV6ADDR={0x14, 0x5, @empty}]}, 0x48}, 0x1, 0x0, 0x0, 0x8004}, 0x40c0)
r8 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000440), 0xffffffffffffffff)
sendmsg$NL802154_CMD_NEW_INTERFACE(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x34, r8, 0x1, 0x70bd2a, 0x25dfdbfe, {}, [@NL802154_ATTR_WPAN_PHY={0x8, 0x1, 0x1}, @NL802154_ATTR_IFNAME={0xa, 0x4, 'wpan0\x00'}, @NL802154_ATTR_EXTENDED_ADDR={0xc, 0x17, {0xaaaaaaaaaaaa0102}}]}, 0x34}, 0x1, 0x0, 0x0, 0x80}, 0x0)
memfd_secret(0x0)

278.266923ms ago: executing program 2 (id=1242):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000040)=0x1)
ioctl$TCSETS(r1, 0x8926, &(0x7f0000000100)={0x4, 0x0, 0x0, 0x7ff, 0xd, "5dee000000594000"})
r2 = socket(0x10, 0x3, 0x0)
r3 = userfaultfd(0x1)
ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f00000000c0))
madvise(&(0x7f00003ca000/0x1000)=nil, 0x1000, 0x66)
ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2})
ioctl$UFFDIO_COPY(r3, 0xc028aa05, &(0x7f0000000180)={&(0x7f00002b9000/0x400000)=nil, &(0x7f00003ab000/0x2000)=nil, 0x400000, 0x2, 0x2})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
sendmsg$IPCTNL_MSG_TIMEOUT_DELETE(r2, &(0x7f00000002c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000280)={&(0x7f0000000600)=ANY=[@ANYBLOB="5c0000000208030000000000000000000a000003050003003a00000005000300210000000900010073797a31000000000900010073797a310000000006000240001b0000050003002100000005000300110000000500030001000000c2a4877578c215aa7e79e4ecaec2d353c161dd36f230371ed8860b0c1cb9e572193037aa5869dd621faee887a7"], 0x5c}, 0x1, 0x0, 0x0, 0x24000800}, 0x20000000)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'lo\x00'})
sendmsg$nl_route_sched(r2, 0x0, 0x0)
r5 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000002540), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r5, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={<r6=>0xffffffffffffffff}, 0x106}}, 0x20)
write$RDMA_USER_CM_CMD_QUERY(r5, &(0x7f0000000000)={0x13, 0x10, 0xfa00, {&(0x7f00000003c0), r6}}, 0x18)
r7 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="02000000040000000800100001"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x6, 0x10, &(0x7f0000000400)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000091007b8af8ff00000000b70800000b0000007b8af0ff00000000bfa100000000000007010000f8ffffffbf9200000000000007040000f0ffffffb70200000800000018230000f87bbd5591d9daf8b951b2ac1ce0d1a86d82375b1696add9f3f39dda3ac241211b7fe12187ec28c0a8b3a29b514b80504bffc3c6b3949e1e60b0630e4b5eef2e2358690dddadec006cff07b0d0a2b230ccf0f1074279546ddf20222a4062aab16a0cd5c09a0e04e537326810642d654a0d98cb50ed44f6b5ca243f487176f51044b033289b47abe1e8f3f4c6959b3c898bb852672c85fc4b3c9b38856a541de8fe240f09fddec65bfaecef9196d37d6862107036b7cf1af509adb04fcff4f1e212e34f43243087b0e8aa88b92ec93be8c711bb52ecf207e9309d0af74d2defb8fa57a5a39a7651921818cd9cab8233342f3f69edb91d69eab83ab8e86e2c91dfccd812468f49adc7ce924476959a247a74cd1236c6be82a61418e15443e574", @ANYRES32=r7, @ANYBLOB], &(0x7f0000000200)='GPL\x00', 0x1, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f000000c280)={&(0x7f0000000000)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000050000000900010073797a300000000030000000030a0103000000000000000005000000ae76321e254cd80d8f06debdf6102d0900010073797a30000000000900030073797a320000000004000c0014000000020a09010000000000000000000007001400000011"], 0x8c}}, 0x0)

125.177839ms ago: executing program 2 (id=1243):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f00000004c0)='afs_notify_call\x00', 0xffffffffffffffff, 0x0, 0x7fffffff}, 0x18)
openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newsa={0xec, 0x10, 0x713, 0x70bd28, 0x0, {{@in=@initdev={0xac, 0x1e, 0x1, 0x0}, @in=@local, 0x4e23, 0x1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x3a, 0x0, 0xee00}, {@in6=@remote, 0x0, 0x32}, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', {0x0, 0x0, 0x8, 0x100000001, 0x6}, {0x0, 0x0, 0x2, 0xfffffffffffffffc}, {0xc}, 0x70bd28, 0x0, 0x2}}, 0xec}, 0x1, 0x0, 0x0, 0xc0}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{0x0}], 0x1}, 0x0)
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
r1 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_int(r1, 0x29, 0xb, &(0x7f0000000040)=0x9, 0x4)
bind$inet6(r1, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty, 0x1000}, 0x1c)
recvmmsg(r1, &(0x7f00000009c0)=[{{0x0, 0x0, 0x0}, 0x4}], 0x65942126f3d7b6a8, 0x2, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000300)='syzkaller\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x40f00, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r4, 0x8983, &(0x7f0000000100)={0x0, 'erspan0\x00', {0x1}, 0x26})
read$FUSE(0xffffffffffffffff, &(0x7f0000009780)={0x2020}, 0x2020)
ioctl$F2FS_IOC_MOVE_RANGE(r2, 0xc01cf509, &(0x7f0000000280)={<r6=>r5, 0xfffffffffffffff9, 0x9, 0x2})
ioctl$BLKZEROOUT(r6, 0x127f, &(0x7f00000000c0)={0x0, 0x80600})
r7 = socket$inet_smc(0x2b, 0x1, 0x0)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x4000, @remote}, 0x10)
setsockopt$SO_BINDTODEVICE_wg(r7, 0x1, 0x19, 0x0, 0x0)

0s ago: executing program 0 (id=1244):
r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0)
ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, 0x0)
ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, &(0x7f00000000c0)={'c6xdigio\x00', [0x4f27, 0x1f, 0x10000, 0x4, 0x5, 0xcc7, 0x8, 0x7, 0x4, 0x100, 0x2, 0x1000001, 0x2, 0x1, 0x6, 0x101, 0x0, 0x1a449, 0x3, 0x40000006, 0x89, 0xcaa7, 0x0, 0x20201e58, 0x6, 0xe69, 0x7, 0x8, 0x100006, 0x0, 0xfffffff8]}) (fail_nth: 4)

kernel console output (not intermixed with test programs):

xc2/0x120
[  178.997813][ T8766]  __kmalloc_noprof+0xd2/0x510
[  178.997837][ T8766]  sock_kmalloc+0x111/0x170
[  178.997861][ T8766]  skcipher_recvmsg+0x4a6/0x1030
[  178.997893][ T8766]  ? __pfx_skcipher_recvmsg+0x10/0x10
[  178.997923][ T8766]  sock_recvmsg+0x1f9/0x250
[  178.997948][ T8766]  ____sys_recvmsg+0x218/0x6b0
[  178.997976][ T8766]  ? __pfx_____sys_recvmsg+0x10/0x10
[  178.997996][ T8766]  ? import_iovec+0x86/0xb0
[  178.998027][ T8766]  ? __lock_acquire+0x622/0x1c90
[  178.998061][ T8766]  ___sys_recvmsg+0x114/0x1a0
[  178.998080][ T8766]  ? __pfx____sys_recvmsg+0x10/0x10
[  178.998101][ T8766]  ? find_held_lock+0x2b/0x80
[  178.998136][ T8766]  __sys_recvmsg+0x16a/0x220
[  178.998155][ T8766]  ? __pfx___sys_recvmsg+0x10/0x10
[  178.998185][ T8766]  ? rcu_is_watching+0x12/0xc0
[  178.998207][ T8766]  __do_fast_syscall_32+0x7c/0x3a0
[  178.998228][ T8766]  do_fast_syscall_32+0x32/0x80
[  178.998247][ T8766]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  178.998268][ T8766] RIP: 0023:0xf704e579
[  178.998282][ T8766] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  178.998299][ T8766] RSP: 002b:00000000f503e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000174
[  178.998316][ T8766] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000800005c0
[  178.998327][ T8766] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  178.998337][ T8766] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  178.998347][ T8766] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  178.998357][ T8766] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  178.998380][ T8766]  </TASK>
[  180.699494][ T8797] syz.1.751: attempt to access beyond end of device
[  180.699494][ T8797] loop1: rw=0, sector=0, nr_sectors = 1 limit=0
[  180.703703][ T8797] (syz.1.751,8797,1):ocfs2_get_sector:1714 ERROR: status = -5
[  180.706014][ T8797] (syz.1.751,8797,1):ocfs2_sb_probe:753 ERROR: status = -5
[  180.708259][ T8797] (syz.1.751,8797,1):ocfs2_fill_super:989 ERROR: superblock probe failed!
[  180.711024][ T8797] (syz.1.751,8797,1):ocfs2_fill_super:1177 ERROR: status = -5
[  180.714647][ T8797] syz.1.751: attempt to access beyond end of device
[  180.714647][ T8797] loop1: rw=0, sector=0, nr_sectors = 1 limit=0
[  180.718542][ T8797] (syz.1.751,8797,1):ocfs2_get_sector:1714 ERROR: status = -5
[  180.720905][ T8797] (syz.1.751,8797,1):ocfs2_sb_probe:753 ERROR: status = -5
[  180.723182][ T8797] (syz.1.751,8797,1):ocfs2_fill_super:989 ERROR: superblock probe failed!
[  180.725763][ T8797] (syz.1.751,8797,1):ocfs2_fill_super:1177 ERROR: status = -5
[  180.729250][ T8797] syz.1.751: attempt to access beyond end of device
[  180.729250][ T8797] loop1: rw=0, sector=0, nr_sectors = 1 limit=0
[  180.742131][ T8797] (syz.1.751,8797,1):ocfs2_get_sector:1714 ERROR: status = -5
[  180.752385][ T8797] (syz.1.751,8797,1):ocfs2_sb_probe:753 ERROR: status = -5
[  180.762682][ T8800] pty pty23: ldisc open failed (-12), clearing slot 23
[  180.762686][ T8797] (syz.1.751,8797,1):ocfs2_fill_super:989 ERROR: superblock probe failed!
[  180.767899][ T8797] (syz.1.751,8797,1):ocfs2_fill_super:1177 ERROR: status = -5
[  181.027286][ T1019] usb 7-1: USB disconnect, device number 10
[  181.222468][ T8809] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(5)
[  181.224609][ T8809] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  181.227586][ T8809] vhci_hcd vhci_hcd.0: Device attached
[  181.533492][   T54] usb 42-1: SetAddress Request (14) to port 0
[  181.535498][   T54] usb 42-1: new SuperSpeed USB device number 14 using vhci_hcd
[  181.666124][ T8810] vhci_hcd: connection reset by peer
[  181.669079][ T1228] vhci_hcd: stop threads
[  181.670431][ T1228] vhci_hcd: release socket
[  181.675421][ T1228] vhci_hcd: disconnect device
[  182.349841][ T8834] netlink: 4 bytes leftover after parsing attributes in process `syz.3.760'.
[  182.385360][ T8834] batman_adv: batadv0: Local translation table size (108) exceeds maximum packet size (-320); Ignoring new local tt entry: 80:00:00:00:00:85
[  182.391387][ T8834] netlink: 4 bytes leftover after parsing attributes in process `syz.3.760'.
[  182.655952][ T6020] usb 7-1: new high-speed USB device number 11 using dummy_hcd
[  183.000487][ T6020] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  183.004191][ T6020] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  183.007691][ T6020] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  183.010777][ T6020] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  183.014825][ T6020] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  183.017716][ T6020] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  183.022015][ T6020] usb 7-1: config 0 descriptor??
[  183.186493][ T8851] FAULT_INJECTION: forcing a failure.
[  183.186493][ T8851] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  183.191016][ T8851] CPU: 1 UID: 0 PID: 8851 Comm: syz.0.765 Not tainted 6.16.0-rc7-syzkaller-00127-g302f88ff3584 #0 PREEMPT(full) 
[  183.191032][ T8851] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  183.191039][ T8851] Call Trace:
[  183.191042][ T8851]  <TASK>
[  183.191047][ T8851]  dump_stack_lvl+0x16c/0x1f0
[  183.191062][ T8851]  should_fail_ex+0x512/0x640
[  183.191076][ T8851]  _copy_to_user+0x32/0xd0
[  183.191089][ T8851]  proc_pid_cmdline_read+0x51b/0x900
[  183.191107][ T8851]  ? __pfx_proc_pid_cmdline_read+0x10/0x10
[  183.191124][ T8851]  ? rw_verify_area+0xcf/0x680
[  183.191140][ T8851]  ? __pfx_proc_pid_cmdline_read+0x10/0x10
[  183.191155][ T8851]  vfs_readv+0x5c1/0x8b0
[  183.191174][ T8851]  ? __pfx_vfs_readv+0x10/0x10
[  183.191190][ T8851]  ? find_held_lock+0x2b/0x80
[  183.191209][ T8851]  ? __fget_files+0x20e/0x3c0
[  183.191230][ T8851]  ? do_preadv+0x1a6/0x270
[  183.191245][ T8851]  do_preadv+0x1a6/0x270
[  183.191261][ T8851]  ? __pfx_do_preadv+0x10/0x10
[  183.191278][ T8851]  ? rcu_is_watching+0x12/0xc0
[  183.191291][ T8851]  __do_fast_syscall_32+0x7c/0x3a0
[  183.191304][ T8851]  do_fast_syscall_32+0x32/0x80
[  183.191315][ T8851]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  183.191329][ T8851] RIP: 0023:0xf704e579
[  183.191337][ T8851] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  183.191348][ T8851] RSP: 002b:00000000f503e55c EFLAGS: 00000296 ORIG_RAX: 000000000000014d
[  183.191358][ T8851] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000040
[  183.191364][ T8851] RDX: 0000000000000001 RSI: 0000000000000300 RDI: 0000000000000000
[  183.191371][ T8851] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  183.191376][ T8851] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  183.191382][ T8851] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  183.191395][ T8851]  </TASK>
[  183.464175][ T6020] usbhid 7-1:0.0: can't add hid device: -71
[  183.466731][ T6020] usbhid 7-1:0.0: probe with driver usbhid failed with error -71
[  183.475082][ T6020] usb 7-1: USB disconnect, device number 11
[  183.896369][   T29] usb 40-1: device descriptor read/8, error -110
[  184.359628][   T29] usb usb40-port1: attempt power cycle
[  184.532073][ T8882] xt_CT: You must specify a L4 protocol and not use inversions on it
[  184.559341][ T8882] 9pnet: Could not find request transport: 0x0000000000000007
[  185.008366][   T29] usb usb40-port1: unable to enumerate USB device
[  185.394679][   T40] kauditd_printk_skb: 8 callbacks suppressed
[  185.394693][   T40] audit: type=1326 audit(1753574377.941:157): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8893 comm="syz.2.778" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7fc4579 code=0x0
[  185.409513][ T8885] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  185.412299][ T8885] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  185.415135][ T8885] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  185.417810][ T8885] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  185.648885][ T8906] netlink: 'syz.1.782': attribute type 1 has an invalid length.
[  185.651739][ T8906] netlink: 244 bytes leftover after parsing attributes in process `syz.1.782'.
[  185.981129][ T8903] netlink: 8 bytes leftover after parsing attributes in process `syz.3.780'.
[  185.983887][ T8903] netlink: 48 bytes leftover after parsing attributes in process `syz.3.780'.
[  185.989648][ T8903] geneve3: entered promiscuous mode
[  185.991413][ T8903] geneve3: entered allmulticast mode
[  186.241529][ T8912] netlink: 4 bytes leftover after parsing attributes in process `syz.0.784'.
[  186.277557][ T8912] batman_adv: batadv0: Local translation table size (96) exceeds maximum packet size (-320); Ignoring new local tt entry: 80:00:00:00:00:85
[  186.283731][ T8912] netlink: 4 bytes leftover after parsing attributes in process `syz.0.784'.
[  186.340887][ T8919] tipc: Started in network mode
[  186.342555][ T8919] tipc: Node identity 3af93764f337, cluster identity 4711
[  186.345353][ T8919] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  186.348888][ T8919] syzkaller0: entered promiscuous mode
[  186.350697][ T8919] syzkaller0: entered allmulticast mode
[  186.552785][ T8930] tipc: Resetting bearer <eth:syzkaller0>
[  186.889523][ T5961] Bluetooth: hci0: command 0x0c1a tx timeout
[  186.975283][   T54] usb 42-1: device descriptor read/8, error -110
[  187.376435][ T8918] tipc: Resetting bearer <eth:syzkaller0>
[  187.406703][ T8918] tipc: Disabling bearer <eth:syzkaller0>
[  187.409457][   T54] usb usb42-port1: attempt power cycle
[  187.470226][ T8933] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  187.472375][ T8933] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  187.474359][ T8933] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  187.476327][ T8933] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  187.576383][ T8946] netlink: 1068 bytes leftover after parsing attributes in process `syz.0.793'.
[  187.672751][ T8956] netlink: 4 bytes leftover after parsing attributes in process `syz.0.796'.
[  187.704160][ T8956] batman_adv: batadv0: Local translation table size (96) exceeds maximum packet size (-320); Ignoring new local tt entry: 80:00:00:00:00:85
[  187.710139][ T8956] netlink: 4 bytes leftover after parsing attributes in process `syz.0.796'.
[  187.851040][ T8964] netlink: 4 bytes leftover after parsing attributes in process `syz.1.792'.
[  188.015017][   T54] usb usb42-port1: unable to enumerate USB device
[  189.626302][ T5962] Bluetooth: hci3: command 0x0c1a tx timeout
[  189.626339][ T5318] Bluetooth: hci1: command 0x0c1a tx timeout
[  189.627012][ T5965] Bluetooth: hci2: command 0x0c1a tx timeout
[  190.066634][ T9000] fuse: Bad value for 'fd'
[  190.120834][ T8993] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  190.123468][ T8993] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  190.127432][ T8993] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  190.129655][ T8993] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  190.147248][ T9004] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(5)
[  190.149344][ T9004] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  190.156147][ T9004] vhci_hcd vhci_hcd.0: Device attached
[  190.168862][ T9004] netdevsim netdevsim0: Direct firmware load for @ failed with error -2
[  190.171872][ T9004] netdevsim netdevsim0: Falling back to sysfs fallback for: @
[  190.481499][   T54] usb 38-1: SetAddress Request (14) to port 0
[  190.483650][   T54] usb 38-1: new SuperSpeed USB device number 14 using vhci_hcd
[  190.579428][ T9005] vhci_hcd: connection reset by peer
[  190.595460][   T46] vhci_hcd: stop threads
[  190.596924][   T46] vhci_hcd: release socket
[  190.598446][   T46] vhci_hcd: disconnect device
[  191.757134][ T9036] netlink: 4 bytes leftover after parsing attributes in process `syz.0.814'.
[  191.764396][ T5961] Bluetooth: hci0: command 0x0c1a tx timeout
[  191.826082][ T9036] batman_adv: batadv0: Local translation table size (96) exceeds maximum packet size (-320); Ignoring new local tt entry: 80:00:00:00:00:85
[  191.833143][ T9036] netlink: 4 bytes leftover after parsing attributes in process `syz.0.814'.
[  191.837254][ T9040] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(5)
[  191.839441][ T9040] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  191.842937][ T9040] vhci_hcd vhci_hcd.0: Device attached
[  192.280659][ T5961] Bluetooth: hci3: command 0x0c1a tx timeout
[  192.283408][ T5961] Bluetooth: hci2: command 0x0c1a tx timeout
[  192.286046][ T5961] Bluetooth: hci1: command 0x0c1a tx timeout
[  193.114769][ T9041] vhci_hcd: connection closed
[  193.115121][   T46] vhci_hcd: stop threads
[  193.118939][   T46] vhci_hcd: release socket
[  193.121136][   T46] vhci_hcd: disconnect device
[  193.440193][ T9065] xt_CT: You must specify a L4 protocol and not use inversions on it
[  193.484867][ T9065] 9pnet: Could not find request transport: 0x0000000000000007
[  194.014133][ T9081] FAULT_INJECTION: forcing a failure.
[  194.014133][ T9081] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  194.019480][ T9081] CPU: 3 UID: 0 PID: 9081 Comm: syz.0.824 Not tainted 6.16.0-rc7-syzkaller-00127-g302f88ff3584 #0 PREEMPT(full) 
[  194.019504][ T9081] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  194.019529][ T9081] Call Trace:
[  194.019536][ T9081]  <TASK>
[  194.019543][ T9081]  dump_stack_lvl+0x16c/0x1f0
[  194.019564][ T9081]  should_fail_ex+0x512/0x640
[  194.019586][ T9081]  _copy_to_user+0x32/0xd0
[  194.019606][ T9081]  simple_read_from_buffer+0xcb/0x170
[  194.019632][ T9081]  proc_fail_nth_read+0x197/0x270
[  194.019655][ T9081]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  194.019679][ T9081]  ? rw_verify_area+0xcf/0x680
[  194.019701][ T9081]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  194.019724][ T9081]  vfs_read+0x1e4/0xc60
[  194.019740][ T9081]  ? fdget_pos+0x2a2/0x370
[  194.019758][ T9081]  ? __pfx_vfs_read+0x10/0x10
[  194.019771][ T9081]  ? find_held_lock+0x2b/0x80
[  194.019794][ T9081]  ? __fget_files+0x20e/0x3c0
[  194.019826][ T9081]  ksys_read+0x12a/0x250
[  194.019840][ T9081]  ? __pfx_ksys_read+0x10/0x10
[  194.019857][ T9081]  ? rcu_is_watching+0x12/0xc0
[  194.019877][ T9081]  __do_fast_syscall_32+0x7c/0x3a0
[  194.019897][ T9081]  do_fast_syscall_32+0x32/0x80
[  194.019932][ T9081]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  194.019952][ T9081] RIP: 0023:0xf704e579
[  194.019964][ T9081] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  194.019981][ T9081] RSP: 002b:00000000f501d590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  194.019996][ T9081] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f501d620
[  194.020007][ T9081] RDX: 000000000000000f RSI: 00000000f73b4ff4 RDI: 0000000000000000
[  194.020017][ T9081] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  194.020026][ T9081] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  194.020036][ T9081] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  194.020058][ T9081]  </TASK>
[  194.255351][ T9091] FAULT_INJECTION: forcing a failure.
[  194.255351][ T9091] name failslab, interval 1, probability 0, space 0, times 0
[  194.260556][ T9091] CPU: 2 UID: 0 PID: 9091 Comm: syz.0.829 Not tainted 6.16.0-rc7-syzkaller-00127-g302f88ff3584 #0 PREEMPT(full) 
[  194.260580][ T9091] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  194.260591][ T9091] Call Trace:
[  194.260598][ T9091]  <TASK>
[  194.260605][ T9091]  dump_stack_lvl+0x16c/0x1f0
[  194.260628][ T9091]  should_fail_ex+0x512/0x640
[  194.260645][ T9091]  ? __kmalloc_noprof+0xbf/0x510
[  194.260665][ T9091]  ? sock_kmalloc+0x111/0x170
[  194.260686][ T9091]  should_failslab+0xc2/0x120
[  194.260707][ T9091]  __kmalloc_noprof+0xd2/0x510
[  194.260726][ T9091]  ? sock_kmalloc+0x13a/0x170
[  194.260749][ T9091]  sock_kmalloc+0x111/0x170
[  194.260774][ T9091]  skcipher_recvmsg+0x4a6/0x1030
[  194.260807][ T9091]  ? __pfx_skcipher_recvmsg+0x10/0x10
[  194.260836][ T9091]  sock_recvmsg+0x1f9/0x250
[  194.260860][ T9091]  ____sys_recvmsg+0x218/0x6b0
[  194.260887][ T9091]  ? __pfx_____sys_recvmsg+0x10/0x10
[  194.260915][ T9091]  ? import_iovec+0x86/0xb0
[  194.260946][ T9091]  ? __lock_acquire+0x622/0x1c90
[  194.260974][ T9091]  ___sys_recvmsg+0x114/0x1a0
[  194.260993][ T9091]  ? __pfx____sys_recvmsg+0x10/0x10
[  194.261013][ T9091]  ? find_held_lock+0x2b/0x80
[  194.261048][ T9091]  __sys_recvmsg+0x16a/0x220
[  194.261067][ T9091]  ? __pfx___sys_recvmsg+0x10/0x10
[  194.261098][ T9091]  ? rcu_is_watching+0x12/0xc0
[  194.261120][ T9091]  __do_fast_syscall_32+0x7c/0x3a0
[  194.261142][ T9091]  do_fast_syscall_32+0x32/0x80
[  194.261160][ T9091]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  194.261197][ T9091] RIP: 0023:0xf704e579
[  194.261212][ T9091] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  194.261228][ T9091] RSP: 002b:00000000f503e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000174
[  194.261245][ T9091] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000800005c0
[  194.261255][ T9091] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  194.261265][ T9091] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  194.261275][ T9091] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  194.261285][ T9091] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  194.261307][ T9091]  </TASK>
[  194.353404][  T837] usb 7-1: new full-speed USB device number 12 using dummy_hcd
[  194.506092][ T9101] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(5)
[  194.508895][ T9101] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  194.512695][ T9101] vhci_hcd vhci_hcd.0: Device attached
[  194.522643][ T9101] netdevsim netdevsim1: Direct firmware load for @ failed with error -2
[  194.525407][ T9101] netdevsim netdevsim1: Falling back to sysfs fallback for: @
[  194.535213][  T837] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  194.539412][  T837] usb 7-1: config 0 has no interfaces?
[  194.543468][  T837] usb 7-1: New USB device found, idVendor=084e, idProduct=1001, bcdDevice=ed.ae
[  194.548042][  T837] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  194.551134][  T837] usb 7-1: Product: syz
[  194.552844][  T837] usb 7-1: Manufacturer: syz
[  194.554775][  T837] usb 7-1: SerialNumber: syz
[  194.559303][  T837] usb 7-1: config 0 descriptor??
[  194.800508][   T29] usb 40-1: SetAddress Request (14) to port 0
[  194.803221][   T29] usb 40-1: new SuperSpeed USB device number 14 using vhci_hcd
[  195.181949][ T9102] vhci_hcd: connection reset by peer
[  195.184535][   T12] vhci_hcd: stop threads
[  195.187905][   T12] vhci_hcd: release socket
[  195.190127][   T12] vhci_hcd: disconnect device
[  195.733561][ T9117] xt_CT: You must specify a L4 protocol and not use inversions on it
[  195.771604][ T9117] 9pnet: Could not find request transport: 0x0000000000000007
[  195.869682][   T54] usb 38-1: device descriptor read/8, error -110
[  196.192648][ T9120] sch_tbf: burst 0 is lower than device lo mtu (82) !
[  196.255403][ T9123] netlink: 28 bytes leftover after parsing attributes in process `syz.1.837'.
[  196.288165][   T54] usb usb38-port1: attempt power cycle
[  196.293101][ T9114] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  196.295100][ T9114] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  196.297403][ T9114] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  196.299612][ T9114] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  196.367922][ T9131] binder_alloc: 9130: binder_alloc_buf, no vma
[  196.885615][   T54] usb usb38-port1: unable to enumerate USB device
[  197.078113][ T6020] usb 7-1: USB disconnect, device number 12
[  197.758680][ T9163] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(5)
[  197.760772][ T9163] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  197.763836][ T9163] vhci_hcd vhci_hcd.0: Device attached
[  197.774494][ T9163] netdevsim netdevsim1: Direct firmware load for @ failed with error -2
[  197.777177][ T9163] netdevsim netdevsim1: Falling back to sysfs fallback for: @
[  197.855903][ T5318] Bluetooth: hci0: command 0x0c1a tx timeout
[  198.112883][ T9176] netlink: 224 bytes leftover after parsing attributes in process `syz.3.851'.
[  198.126895][ T9176] usb usb8: usbfs: process 9176 (syz.3.851) did not claim interface 0 before use
[  198.199970][ T9179] fuse: Bad value for 'fd'
[  198.334383][ T9164] vhci_hcd: connection closed
[  198.336261][ T1223] vhci_hcd: stop threads
[  198.340207][ T1223] vhci_hcd: release socket
[  198.342243][ T1223] vhci_hcd: disconnect device
[  198.435558][ T5318] Bluetooth: hci1: command 0x0c1a tx timeout
[  198.520955][ T5318] Bluetooth: hci3: command 0x0c1a tx timeout
[  198.531738][ T5318] Bluetooth: hci2: command 0x0c1a tx timeout
[  198.690689][ T9169] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  198.695705][ T9169] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  198.698483][ T9169] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  198.701248][ T9169] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  198.763496][ T9182] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  198.767843][ T9182] netlink: 28 bytes leftover after parsing attributes in process `syz.2.853'.
[  199.473221][ T1419] ieee802154 phy0 wpan0: encryption failed: -22
[  199.773331][ T9215] ipvlan0: entered promiscuous mode
[  200.160668][ T5318] Bluetooth: hci0: command 0x0c1a tx timeout
[  200.233685][   T29] usb 40-1: device descriptor read/8, error -110
[  200.661010][   T29] usb usb40-port1: attempt power cycle
[  200.915545][ T5318] Bluetooth: hci3: command 0x0c1a tx timeout
[  200.916044][ T5961] Bluetooth: hci2: command 0x0c1a tx timeout
[  200.916060][ T5962] Bluetooth: hci1: command 0x0c1a tx timeout
[  201.012602][ T9253] FAULT_INJECTION: forcing a failure.
[  201.012602][ T9253] name failslab, interval 1, probability 0, space 0, times 0
[  201.017816][ T9253] CPU: 1 UID: 0 PID: 9253 Comm: syz.2.863 Not tainted 6.16.0-rc7-syzkaller-00127-g302f88ff3584 #0 PREEMPT(full) 
[  201.017852][ T9253] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  201.017863][ T9253] Call Trace:
[  201.017869][ T9253]  <TASK>
[  201.017876][ T9253]  dump_stack_lvl+0x16c/0x1f0
[  201.017899][ T9253]  should_fail_ex+0x512/0x640
[  201.017918][ T9253]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[  201.017938][ T9253]  should_failslab+0xc2/0x120
[  201.017958][ T9253]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  201.017974][ T9253]  ? trace_sched_exit_tp+0xde/0x130
[  201.017993][ T9253]  ? alloc_empty_file+0x55/0x1e0
[  201.018017][ T9253]  alloc_empty_file+0x55/0x1e0
[  201.018037][ T9253]  path_openat+0xda/0x2cb0
[  201.018061][ T9253]  ? __pfx_path_openat+0x10/0x10
[  201.018082][ T9253]  do_filp_open+0x20b/0x470
[  201.018102][ T9253]  ? __pfx_do_filp_open+0x10/0x10
[  201.018116][ T9253]  ? rcu_is_watching+0x12/0xc0
[  201.018149][ T9253]  ? _raw_spin_unlock+0x28/0x50
[  201.018172][ T9253]  ? alloc_fd+0x471/0x7d0
[  201.018203][ T9253]  do_sys_openat2+0x11b/0x1d0
[  201.018224][ T9253]  ? __pfx_do_sys_openat2+0x10/0x10
[  201.018246][ T9253]  ? __pfx___schedule+0x10/0x10
[  201.018269][ T9253]  ? __fget_files+0x20e/0x3c0
[  201.018292][ T9253]  ? handle_mm_fault+0x230/0xd10
[  201.018321][ T9253]  __ia32_compat_sys_openat+0x16d/0x210
[  201.018344][ T9253]  ? __pfx___ia32_compat_sys_openat+0x10/0x10
[  201.018366][ T9253]  ? ksys_write+0x1ac/0x250
[  201.018384][ T9253]  ? rcu_is_watching+0x12/0xc0
[  201.018404][ T9253]  __do_fast_syscall_32+0x7c/0x3a0
[  201.018424][ T9253]  do_fast_syscall_32+0x32/0x80
[  201.018441][ T9253]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  201.018461][ T9253] RIP: 0023:0xf7fc4579
[  201.018473][ T9253] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  201.018488][ T9253] RSP: 002b:00000000f50a455c EFLAGS: 00000296 ORIG_RAX: 0000000000000127
[  201.018504][ T9253] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 0000000080000040
[  201.018514][ T9253] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000000000000000
[  201.018523][ T9253] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  201.018532][ T9253] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  201.018542][ T9253] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  201.018562][ T9253]  </TASK>
[  201.161550][ T9258] netlink: 224 bytes leftover after parsing attributes in process `syz.3.864'.
[  201.179830][ T9258] usb usb8: usbfs: process 9258 (syz.3.864) did not claim interface 0 before use
[  201.322221][   T29] usb usb40-port1: unable to enumerate USB device
[  201.330565][ T9272] netlink: 8 bytes leftover after parsing attributes in process `syz.1.868'.
[  201.340291][ T9272] netlink: 4 bytes leftover after parsing attributes in process `syz.1.868'.
[  201.421370][ T9281] netlink: 'syz.3.871': attribute type 1 has an invalid length.
[  201.424439][ T9281] netlink: 244 bytes leftover after parsing attributes in process `syz.3.871'.
[  201.578337][   T54] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  201.749323][   T54] usb 5-1: Using ep0 maxpacket: 32
[  201.752820][   T54] usb 5-1: config index 0 descriptor too short (expected 29220, got 36)
[  201.755464][   T54] usb 5-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  201.758227][   T54] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 81
[  201.761896][ T9288] netlink: 32 bytes leftover after parsing attributes in process `syz.1.874'.
[  201.764877][   T54] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  201.767870][   T54] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  201.770999][   T54] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  201.775142][   T54] usb 5-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  201.777942][   T54] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  201.782172][   T54] usb 5-1: config 0 descriptor??
[  202.076954][   T54] usblp 5-1:0.0: usblp0: USB Bidirectional printer dev 11 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  202.130174][   T54] usb 5-1: USB disconnect, device number 11
[  202.166986][   T54] usblp0: removed
[  202.658440][   T54] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  202.764723][ T9309] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  202.809279][ T9309] netlink: 28 bytes leftover after parsing attributes in process `syz.3.877'.
[  202.893288][   T54] usb 5-1: Using ep0 maxpacket: 32
[  202.898170][   T54] usb 5-1: config index 0 descriptor too short (expected 29220, got 36)
[  202.900933][   T54] usb 5-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  202.903754][   T54] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 81
[  202.906904][   T54] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  202.910689][   T54] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  202.914309][   T54] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  202.918763][   T54] usb 5-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  202.922315][   T54] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  202.928321][   T54] usb 5-1: config 0 descriptor??
[  203.014377][ T9320] xt_CT: You must specify a L4 protocol and not use inversions on it
[  203.199063][   T54] usblp 5-1:0.0: usblp0: USB Bidirectional printer dev 12 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  203.417557][  T837] usb 5-1: USB disconnect, device number 12
[  203.422618][  T837] usblp0: removed
[  204.198729][ T9338] FAULT_INJECTION: forcing a failure.
[  204.198729][ T9338] name failslab, interval 1, probability 0, space 0, times 0
[  204.202886][ T9338] CPU: 1 UID: 0 PID: 9338 Comm: syz.0.883 Not tainted 6.16.0-rc7-syzkaller-00127-g302f88ff3584 #0 PREEMPT(full) 
[  204.202913][ T9338] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  204.202920][ T9338] Call Trace:
[  204.202925][ T9338]  <TASK>
[  204.202929][ T9338]  dump_stack_lvl+0x16c/0x1f0
[  204.202944][ T9338]  should_fail_ex+0x512/0x640
[  204.202955][ T9338]  ? __kvmalloc_node_noprof+0x124/0x620
[  204.202975][ T9338]  should_failslab+0xc2/0x120
[  204.202988][ T9338]  __kvmalloc_node_noprof+0x137/0x620
[  204.203005][ T9338]  ? __pfx_copy_from_sockptr_offset+0x10/0x10
[  204.203021][ T9338]  ? xt_alloc_table_info+0x3e/0xa0
[  204.203038][ T9338]  ? xt_alloc_table_info+0x3e/0xa0
[  204.203051][ T9338]  xt_alloc_table_info+0x3e/0xa0
[  204.203066][ T9338]  compat_do_replace+0x184/0x3c0
[  204.203082][ T9338]  ? __pfx_compat_do_replace+0x10/0x10
[  204.203098][ T9338]  ? __pfx_aa_get_newest_label+0x10/0x10
[  204.203112][ T9338]  ? rcu_is_watching+0x12/0xc0
[  204.203128][ T9338]  ? bpf_lsm_capable+0x9/0x10
[  204.203144][ T9338]  ? security_capable+0x7e/0x260
[  204.203159][ T9338]  do_ip6t_set_ctl+0x55d/0xa70
[  204.203174][ T9338]  ? nf_sockopt_find.constprop.0+0x222/0x290
[  204.203191][ T9338]  ? __pfx_do_ip6t_set_ctl+0x10/0x10
[  204.203206][ T9338]  ? finish_task_switch.isra.0+0x21c/0xc10
[  204.203219][ T9338]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  204.203238][ T9338]  ? nf_sockopt_find.constprop.0+0x222/0x290
[  204.203253][ T9338]  nf_setsockopt+0x8a/0xf0
[  204.203268][ T9338]  ipv6_setsockopt+0x135/0x170
[  204.203284][ T9338]  tcp_setsockopt+0xa7/0x100
[  204.203295][ T9338]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  204.203311][ T9338]  do_sock_setsockopt+0xf0/0x1d0
[  204.203327][ T9338]  __sys_setsockopt+0x120/0x1a0
[  204.203340][ T9338]  __ia32_sys_setsockopt+0xbc/0x160
[  204.203367][ T9338]  ? lockdep_hardirqs_on+0x7c/0x110
[  204.203377][ T9338]  ? syscall_enter_from_user_mode_prepare+0x68/0xe0
[  204.203389][ T9338]  __do_fast_syscall_32+0x7c/0x3a0
[  204.203402][ T9338]  do_fast_syscall_32+0x32/0x80
[  204.203413][ T9338]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  204.203426][ T9338] RIP: 0023:0xf704e579
[  204.203435][ T9338] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  204.203446][ T9338] RSP: 002b:00000000f4ffc55c EFLAGS: 00000296 ORIG_RAX: 000000000000016e
[  204.203456][ T9338] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000000029
[  204.203463][ T9338] RDX: 0000000000000040 RSI: 0000000080000700 RDI: 0000000000000528
[  204.203469][ T9338] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  204.203475][ T9338] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  204.203481][ T9338] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  204.203493][ T9338]  </TASK>
[  204.398731][ T9340] netlink: 4 bytes leftover after parsing attributes in process `syz.1.884'.
[  204.461320][ T9341] netlink: 'syz.1.884': attribute type 10 has an invalid length.
[  204.693750][ T9343] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  204.703131][ T9343] netlink: 28 bytes leftover after parsing attributes in process `syz.2.885'.
[  205.377892][ T9369] xt_CT: You must specify a L4 protocol and not use inversions on it
[  205.380991][ T9369] 9pnet_fd: Insufficient options for proto=fd
[  205.947740][ T9381] xt_CT: You must specify a L4 protocol and not use inversions on it
[  206.577555][ T9393] block device autoloading is deprecated and will be removed.
[  206.677767][   T10] usb 7-1: new high-speed USB device number 13 using dummy_hcd
[  206.724115][ T9396] FAULT_INJECTION: forcing a failure.
[  206.724115][ T9396] name failslab, interval 1, probability 0, space 0, times 0
[  206.731080][ T9396] CPU: 3 UID: 0 PID: 9396 Comm: syz.1.899 Not tainted 6.16.0-rc7-syzkaller-00127-g302f88ff3584 #0 PREEMPT(full) 
[  206.731107][ T9396] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  206.731114][ T9396] Call Trace:
[  206.731119][ T9396]  <TASK>
[  206.731123][ T9396]  dump_stack_lvl+0x16c/0x1f0
[  206.731138][ T9396]  should_fail_ex+0x512/0x640
[  206.731149][ T9396]  ? __kmalloc_noprof+0xbf/0x510
[  206.731161][ T9396]  ? sock_kmalloc+0x111/0x170
[  206.731175][ T9396]  should_failslab+0xc2/0x120
[  206.731188][ T9396]  __kmalloc_noprof+0xd2/0x510
[  206.731202][ T9396]  sock_kmalloc+0x111/0x170
[  206.731216][ T9396]  skcipher_recvmsg+0x4a6/0x1030
[  206.731236][ T9396]  ? __pfx_skcipher_recvmsg+0x10/0x10
[  206.731254][ T9396]  sock_recvmsg+0x1f9/0x250
[  206.731269][ T9396]  ____sys_recvmsg+0x218/0x6b0
[  206.731286][ T9396]  ? __pfx_____sys_recvmsg+0x10/0x10
[  206.731299][ T9396]  ? import_iovec+0x86/0xb0
[  206.731318][ T9396]  ? __lock_acquire+0x622/0x1c90
[  206.731360][ T9396]  ___sys_recvmsg+0x114/0x1a0
[  206.731372][ T9396]  ? __pfx____sys_recvmsg+0x10/0x10
[  206.731386][ T9396]  ? find_held_lock+0x2b/0x80
[  206.731406][ T9396]  __sys_recvmsg+0x16a/0x220
[  206.731418][ T9396]  ? __pfx___sys_recvmsg+0x10/0x10
[  206.731437][ T9396]  ? rcu_is_watching+0x12/0xc0
[  206.731450][ T9396]  __do_fast_syscall_32+0x7c/0x3a0
[  206.731463][ T9396]  do_fast_syscall_32+0x32/0x80
[  206.731474][ T9396]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  206.731488][ T9396] RIP: 0023:0xf702e579
[  206.731497][ T9396] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  206.731507][ T9396] RSP: 002b:00000000f501e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000174
[  206.731523][ T9396] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000800005c0
[  206.731530][ T9396] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  206.731548][ T9396] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  206.731554][ T9396] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  206.731560][ T9396] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  206.731573][ T9396]  </TASK>
[  206.872561][   T10] usb 7-1: Using ep0 maxpacket: 8
[  206.876153][   T10] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  206.879607][   T10] usb 7-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  206.896334][   T10] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  207.048560][   T10] usb 7-1: config 0 descriptor??
[  207.275501][   T10] iowarrior 7-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[  207.499548][ T9412] xt_CT: You must specify a L4 protocol and not use inversions on it
[  208.582741][ T9425] netlink: 12 bytes leftover after parsing attributes in process `syz.1.907'.
[  208.986825][    C1] Clock: inserting leap second 23:59:60 UTC
[  209.145430][ T9434] xt_CT: You must specify a L4 protocol and not use inversions on it
[  209.148333][ T9434] 9pnet_fd: Insufficient options for proto=fd
[  209.364501][ T9438] netlink: 4 bytes leftover after parsing attributes in process `syz.1.911'.
[  209.433614][ T9439] netlink: 'syz.1.911': attribute type 10 has an invalid length.
[  209.628716][   T10] usb 7-1: USB disconnect, device number 13
[  210.301926][ T6006] usb 7-1: new high-speed USB device number 14 using dummy_hcd
[  210.462224][ T6006] usb 7-1: Using ep0 maxpacket: 32
[  210.466518][ T6006] usb 7-1: config index 0 descriptor too short (expected 29220, got 36)
[  210.470026][ T6006] usb 7-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  210.473550][ T6006] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 81
[  210.477147][ T6006] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  210.480942][ T6006] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  210.484566][ T6006] usb 7-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  210.489415][ T6006] usb 7-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  210.493188][ T6006] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  210.498618][ T6006] usb 7-1: config 0 descriptor??
[  210.725335][ T6006] usblp 7-1:0.0: usblp0: USB Bidirectional printer dev 14 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  210.731230][ T6006] usb 7-1: USB disconnect, device number 14
[  210.736446][ T6006] usblp0: removed
[  210.896405][ T9459] FAULT_INJECTION: forcing a failure.
[  210.896405][ T9459] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  210.900753][ T9459] CPU: 3 UID: 0 PID: 9459 Comm: syz.0.919 Not tainted 6.16.0-rc7-syzkaller-00127-g302f88ff3584 #0 PREEMPT(full) 
[  210.900769][ T9459] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  210.900777][ T9459] Call Trace:
[  210.900780][ T9459]  <TASK>
[  210.900784][ T9459]  dump_stack_lvl+0x16c/0x1f0
[  210.900819][ T9459]  should_fail_ex+0x512/0x640
[  210.900837][ T9459]  _copy_from_user+0x2e/0xd0
[  210.900849][ T9459]  sctp_setsockopt+0x2045/0xb870
[  210.900869][ T9459]  ? __pfx_sctp_setsockopt+0x10/0x10
[  210.900884][ T9459]  ? __pfx_aa_sk_perm+0x10/0x10
[  210.900900][ T9459]  ? __fget_files+0x204/0x3c0
[  210.900919][ T9459]  ? sock_common_setsockopt+0x2e/0xf0
[  210.900933][ T9459]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  210.900948][ T9459]  do_sock_setsockopt+0xf0/0x1d0
[  210.900964][ T9459]  __sys_setsockopt+0x120/0x1a0
[  210.900976][ T9459]  __ia32_sys_setsockopt+0xbc/0x160
[  210.900987][ T9459]  ? lockdep_hardirqs_on+0x7c/0x110
[  210.900997][ T9459]  ? syscall_enter_from_user_mode_prepare+0x68/0xe0
[  210.901008][ T9459]  __do_fast_syscall_32+0x7c/0x3a0
[  210.901021][ T9459]  do_fast_syscall_32+0x32/0x80
[  210.901032][ T9459]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  210.901046][ T9459] RIP: 0023:0xf704e579
[  210.901055][ T9459] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  210.901065][ T9459] RSP: 002b:00000000f503e55c EFLAGS: 00000296 ORIG_RAX: 000000000000016e
[  210.901076][ T9459] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000084
[  210.901083][ T9459] RDX: 0000000000000064 RSI: 00000000800003c0 RDI: 000000000000001c
[  210.901089][ T9459] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  210.901095][ T9459] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  210.901101][ T9459] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  210.901113][ T9459]  </TASK>
[  211.037600][ T9463] netlink: 4 bytes leftover after parsing attributes in process `syz.0.921'.
[  211.104821][ T9464] netlink: 'syz.0.921': attribute type 10 has an invalid length.
[  211.199852][ T1019] usb 7-1: new high-speed USB device number 15 using dummy_hcd
[  211.259131][ T9466] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(3)
[  211.261233][ T9466] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  211.264702][ T9466] vhci_hcd vhci_hcd.0: Device attached
[  211.269510][ T9467] usbip_core: unknown command
[  211.271002][ T9467] vhci_hcd: unknown pdu 0
[  211.272359][ T9467] usbip_core: unknown command
[  211.277926][   T12] vhci_hcd: stop threads
[  211.283096][   T12] vhci_hcd: release socket
[  211.285080][   T12] vhci_hcd: disconnect device
[  211.311190][   T10] IPVS: starting estimator thread 0...
[  211.367804][ T9474] netlink: 16 bytes leftover after parsing attributes in process `syz.1.922'.
[  211.379312][ T9474] netlink: 'syz.1.922': attribute type 10 has an invalid length.
[  211.390747][ T9474] 8021q: adding VLAN 0 to HW filter on device bond0
[  211.395936][ T9474] team0: Port device bond0 added
[  211.402969][ T1019] usb 7-1: Using ep0 maxpacket: 32
[  211.403138][ T9471] IPVS: using max 47 ests per chain, 112800 per kthread
[  211.407939][ T1019] usb 7-1: config index 0 descriptor too short (expected 29220, got 36)
[  211.411136][ T1019] usb 7-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  211.416157][ T1019] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 81
[  211.418949][ T1019] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  211.422116][ T1019] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  211.425501][ T1019] usb 7-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  211.429738][ T1019] usb 7-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  211.433739][ T1019] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  211.438452][ T1019] usb 7-1: config 0 descriptor??
[  212.031169][ T9483] netlink: 36 bytes leftover after parsing attributes in process `syz.3.927'.
[  212.285944][ T9488] netlink: 'syz.3.928': attribute type 1 has an invalid length.
[  212.288606][ T9488] netlink: 244 bytes leftover after parsing attributes in process `syz.3.928'.
[  212.870535][ T1019] usblp 7-1:0.0: usblp0: USB Bidirectional printer dev 15 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  212.923205][ T1019] usb 7-1: USB disconnect, device number 15
[  212.933946][ T1019] usblp0: removed
[  214.507389][ T9521] netlink: 20 bytes leftover after parsing attributes in process `syz.0.937'.
[  214.513004][ T9521] batman_adv: batadv0: Local translation table size (96) exceeds maximum packet size (-320); Ignoring new local tt entry: 80:00:00:00:00:85
[  214.526856][ T9521] netlink: 4 bytes leftover after parsing attributes in process `syz.0.937'.
[  214.644240][ T9527] netlink: 20 bytes leftover after parsing attributes in process `syz.3.941'.
[  214.648703][ T9527] batman_adv: batadv0: Local translation table size (108) exceeds maximum packet size (-320); Ignoring new local tt entry: 80:00:00:00:00:85
[  214.654517][ T9527] netlink: 4 bytes leftover after parsing attributes in process `syz.3.941'.
[  214.909627][ T9538] xt_CT: You must specify a L4 protocol and not use inversions on it
[  214.977280][ T9538] 9pnet: Could not find request transport: 0x0000000000000007
[  215.315769][  T837] usb 6-1: new high-speed USB device number 14 using dummy_hcd
[  215.477847][  T837] usb 6-1: config 0 has an invalid interface number: 223 but max is 0
[  215.481290][  T837] usb 6-1: config 0 has no interface number 0
[  215.483843][ T9549] netlink: 20 bytes leftover after parsing attributes in process `syz.3.948'.
[  215.485494][  T837] usb 6-1: New USB device found, idVendor=05f9, idProduct=ffff, bcdDevice=55.7a
[  215.489061][ T9549] batman_adv: batadv0: Local translation table size (108) exceeds maximum packet size (-320); Ignoring new local tt entry: 80:00:00:00:00:85
[  215.489871][  T837] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  215.494956][ T9549] netlink: 4 bytes leftover after parsing attributes in process `syz.3.948'.
[  215.496972][  T837] usb 6-1: Product: syz
[  215.504519][  T837] usb 6-1: Manufacturer: syz
[  215.506455][  T837] usb 6-1: SerialNumber: syz
[  215.510987][  T837] usb 6-1: config 0 descriptor??
[  215.515987][  T837] usbserial_generic 6-1:0.223: The "generic" usb-serial driver is only for testing and one-off prototypes.
[  215.526137][  T837] usbserial_generic 6-1:0.223: Tell linux-usb@vger.kernel.org to add your device to a proper driver.
[  215.536957][  T837] usbserial_generic 6-1:0.223: device has no bulk endpoints
[  215.760884][ T1019] usb 6-1: USB disconnect, device number 14
[  215.810973][ T9557] netlink: 'syz.0.951': attribute type 1 has an invalid length.
[  215.813407][ T9557] netlink: 28 bytes leftover after parsing attributes in process `syz.0.951'.
[  216.552165][ T9564] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(5)
[  216.554835][ T9564] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  216.561133][ T9564] vhci_hcd vhci_hcd.0: Device attached
[  216.597792][ T9568] xt_hashlimit: invalid interval
[  216.795823][ T9565] vhci_hcd: connection closed
[  216.796516][   T12] vhci_hcd: stop threads
[  216.799417][   T12] vhci_hcd: release socket
[  216.812383][   T12] vhci_hcd: disconnect device
[  216.855760][ T9581] netlink: 20 bytes leftover after parsing attributes in process `syz.3.957'.
[  216.860468][ T9581] batman_adv: batadv0: Local translation table size (108) exceeds maximum packet size (-320); Ignoring new local tt entry: 80:00:00:00:00:85
[  216.865901][ T9581] netlink: 4 bytes leftover after parsing attributes in process `syz.3.957'.
[  217.146898][   T40] audit: type=1326 audit(1753574406.640:158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9592 comm="syz.1.962" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf702e579 code=0x0
[  217.585631][ T9604] netlink: 4 bytes leftover after parsing attributes in process `syz.2.966'.
[  217.650107][ T9605] netlink: 'syz.2.966': attribute type 10 has an invalid length.
[  218.292839][ T9610] team0: Device gtp0 is of different type
[  218.512680][ T9614] netlink: 'syz.0.970': attribute type 4 has an invalid length.
[  218.862798][ T9619] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(5)
[  218.864907][ T9619] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  218.867667][ T9619] vhci_hcd vhci_hcd.0: Device attached
[  219.153687][ T6006] usb 42-1: SetAddress Request (20) to port 0
[  219.155726][ T6006] usb 42-1: new SuperSpeed USB device number 20 using vhci_hcd
[  219.303700][    C0] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  219.517714][ T1118] sr 2:0:0:0: [sr0] tag#13 FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_OK cmd_age=0s
[  219.520818][ T1118] sr 2:0:0:0: [sr0] tag#13 Sense Key : Illegal Request [current] 
[  219.523249][ T1118] sr 2:0:0:0: [sr0] tag#13 Add. Sense: Invalid command operation code
[  219.525805][ T1118] sr 2:0:0:0: [sr0] tag#13 CDB: Write(10) 2a 00 00 00 00 00 00 00 04 00
[  219.528667][ T1118] critical target error, dev sr0, sector 0 op 0x1:(WRITE) flags 0x800 phys_seg 2 prio class 0
[  219.532005][ T1118] Buffer I/O error on dev sr0, logical block 0, lost async page write
[  219.534595][ T1118] Buffer I/O error on dev sr0, logical block 1, lost async page write
[  219.548042][ T9620] vhci_hcd: connection reset by peer
[  219.550823][   T12] vhci_hcd: stop threads
[  219.552682][   T12] vhci_hcd: release socket
[  219.554656][   T12] vhci_hcd: disconnect device
[  220.321508][ T9635] FAULT_INJECTION: forcing a failure.
[  220.321508][ T9635] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  220.325550][ T9635] CPU: 1 UID: 0 PID: 9635 Comm: syz.3.975 Not tainted 6.16.0-rc7-syzkaller-00127-g302f88ff3584 #0 PREEMPT(full) 
[  220.325566][ T9635] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  220.325573][ T9635] Call Trace:
[  220.325577][ T9635]  <TASK>
[  220.325581][ T9635]  dump_stack_lvl+0x16c/0x1f0
[  220.325612][ T9635]  should_fail_ex+0x512/0x640
[  220.325629][ T9635]  strncpy_from_user+0x3b/0x2e0
[  220.325651][ T9635]  getname_flags.part.0+0x8f/0x550
[  220.325668][ T9635]  getname_flags+0x93/0xf0
[  220.325685][ T9635]  __ia32_sys_renameat2+0xd4/0x130
[  220.325698][ T9635]  __do_fast_syscall_32+0x7c/0x3a0
[  220.325712][ T9635]  do_fast_syscall_32+0x32/0x80
[  220.325723][ T9635]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  220.325736][ T9635] RIP: 0023:0xf704e579
[  220.325745][ T9635] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  220.325755][ T9635] RSP: 002b:00000000f503e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000161
[  220.325766][ T9635] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 0000000080000440
[  220.325772][ T9635] RDX: 00000000ffffff9c RSI: 0000000080000480 RDI: 0000000000000000
[  220.325778][ T9635] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  220.325784][ T9635] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  220.325791][ T9635] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  220.325803][ T9635]  </TASK>
[  221.181202][ T9632] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  221.183970][ T9632] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  221.188015][ T9632] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  221.190688][ T9632] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  221.451857][ T9659] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(5)
[  221.453925][ T9659] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  221.456615][ T9659] vhci_hcd vhci_hcd.0: Device attached
[  221.462791][ T9659] netdevsim netdevsim0: Direct firmware load for @ failed with error -2
[  221.465547][ T9659] netdevsim netdevsim0: Falling back to sysfs fallback for: @
[  221.506767][   T24] usb 7-1: new high-speed USB device number 16 using dummy_hcd
[  221.688815][   T24] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  221.692358][   T24] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  221.702317][   T24] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  221.708451][   T24] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  221.716567][   T24] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  221.719526][   T24] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  221.734348][   T24] usb 7-1: config 0 descriptor??
[  221.785187][   T29] usb 38-1: SetAddress Request (18) to port 0
[  221.787107][   T29] usb 38-1: new SuperSpeed USB device number 18 using vhci_hcd
[  222.007902][ T9664] loop7: detected capacity change from 0 to 7
[  222.013674][    C2] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  222.016545][    C2] Buffer I/O error on dev loop7, logical block 0, async page read
[  222.019523][    C2] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  222.022379][    C2] Buffer I/O error on dev loop7, logical block 0, async page read
[  222.025176][    C2] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  222.028035][    C2] Buffer I/O error on dev loop7, logical block 0, async page read
[  222.030877][    C3] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  222.033838][    C3] Buffer I/O error on dev loop7, logical block 0, async page read
[  222.036714][    C3] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  222.039535][    C3] Buffer I/O error on dev loop7, logical block 0, async page read
[  222.042049][    C2] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  222.044882][    C2] Buffer I/O error on dev loop7, logical block 0, async page read
[  222.047467][    C3] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  222.050299][    C3] Buffer I/O error on dev loop7, logical block 0, async page read
[  222.052823][ T5960] ldm_validate_partition_table(): Disk read failed.
[  222.055100][    C2] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  222.057906][    C2] Buffer I/O error on dev loop7, logical block 0, async page read
[  222.062947][    C3] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  222.066078][ T5960] Dev loop7: unable to read RDB block 0
[  222.068433][ T5960]  loop7: unable to read partition table
[  222.070440][ T5960] loop7: partition table beyond EOD, truncated
[  222.078618][ T9664] ldm_validate_partition_table(): Disk read failed.
[  222.081870][ T9664] Dev loop7: unable to read RDB block 0
[  222.085111][ T9664]  loop7: unable to read partition table
[  222.086985][ T9664] loop7: partition table beyond EOD, truncated
[  222.088935][ T9664] loop_reread_partitions: partition scan of loop7 (���������C�j̖�P=ý?�}X���	���%��`��ր���{��֐�ȵ4FLQk݊) failed (rc=-5)
[  222.096707][ T9668] ldm_validate_partition_table(): Disk read failed.
[  222.099454][ T9668] Dev loop7: unable to read RDB block 0
[  222.101748][ T9668]  loop7: unable to read partition table
[  222.103683][ T9668] loop7: partition table beyond EOD, truncated
[  222.123869][ T9660] vhci_hcd: connection reset by peer
[  222.126190][ T1223] vhci_hcd: stop threads
[  222.127597][ T1223] vhci_hcd: release socket
[  222.129231][ T1223] vhci_hcd: disconnect device
[  222.172360][   T24] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0
[  222.174756][   T24] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0
[  222.177133][   T24] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0
[  222.180017][   T24] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0
[  222.182333][   T24] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0
[  222.184740][   T24] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0
[  222.189982][   T24] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0
[  222.192325][   T40] audit: type=1326 audit(1753574411.364:159): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9669 comm="syz.1.985" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702e579 code=0x7ffc0000
[  222.198958][   T24] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0
[  222.198981][   T24] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0
[  222.198993][   T24] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0
[  222.205887][   T40] audit: type=1326 audit(1753574411.364:160): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9669 comm="syz.1.985" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702e579 code=0x7ffc0000
[  222.205930][   T40] audit: type=1326 audit(1753574411.364:161): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9669 comm="syz.1.985" exe="/syz-executor" sig=0 arch=40000003 syscall=172 compat=1 ip=0xf702e579 code=0x7ffc0000
[  222.206967][   T24] plantronics 0003:047F:FFFF.0005: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0
[  222.208598][   T40] audit: type=1326 audit(1753574411.364:162): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9669 comm="syz.1.985" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702e579 code=0x7ffc0000
[  222.243689][ T9670] FAULT_INJECTION: forcing a failure.
[  222.243689][ T9670] name failslab, interval 1, probability 0, space 0, times 0
[  222.247928][ T9670] CPU: 0 UID: 0 PID: 9670 Comm: syz.1.985 Not tainted 6.16.0-rc7-syzkaller-00127-g302f88ff3584 #0 PREEMPT(full) 
[  222.247944][ T9670] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  222.247952][ T9670] Call Trace:
[  222.247956][ T9670]  <TASK>
[  222.247960][ T9670]  dump_stack_lvl+0x16c/0x1f0
[  222.247975][ T9670]  should_fail_ex+0x512/0x640
[  222.247990][ T9670]  ? aa_label_asxprint+0x75/0x140
[  222.248003][ T9670]  should_failslab+0xc2/0x120
[  222.248017][ T9670]  __kmalloc_noprof+0xd2/0x510
[  222.248031][ T9670]  aa_label_asxprint+0x75/0x140
[  222.248045][ T9670]  apparmor_lsmprop_to_secctx+0xb2/0x1a0
[  222.248063][ T9670]  security_lsmprop_to_secctx+0x94/0x260
[  222.248081][ T9670]  audit_log_task_context+0x134/0x1a0
[  222.248096][ T9670]  ? __pfx_audit_log_task_context+0x10/0x10
[  222.248110][ T9670]  ? from_kuid+0x8d/0xd0
[  222.248125][ T9670]  ? __pfx_from_kuid+0x10/0x10
[  222.248142][ T9670]  ? __pfx_audit_log_start+0x10/0x10
[  222.248157][ T9670]  audit_log_task+0x1c2/0x3f0
[  222.248173][ T9670]  ? __pfx_audit_log_task+0x10/0x10
[  222.248191][ T9670]  ? __pfx_migrate_enable+0x10/0x10
[  222.248203][ T9670]  audit_seccomp+0x79/0x1f0
[  222.248216][ T9670]  __seccomp_filter+0x7b6/0xea0
[  222.248230][ T9670]  ? __pfx___seccomp_filter+0x10/0x10
[  222.248244][ T9670]  ? fput+0x70/0xf0
[  222.248256][ T9670]  ? ksys_write+0x1ac/0x250
[  222.248268][ T9670]  __secure_computing+0x215/0x320
[  222.248281][ T9670]  syscall_trace_enter+0x89/0x260
[  222.248298][ T9670]  __do_fast_syscall_32+0x21b/0x3a0
[  222.248312][ T9670]  do_fast_syscall_32+0x32/0x80
[  222.248323][ T9670]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  222.248337][ T9670] RIP: 0023:0xf702e579
[  222.248345][ T9670] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  222.248355][ T9670] RSP: 002b:00000000f501e55c EFLAGS: 00000296 ORIG_RAX: 000000000000018d
[  222.248365][ T9670] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000080000000
[  222.248372][ T9670] RDX: 00000000ffffcfff RSI: 0000000000000000 RDI: 0000000000000000
[  222.248378][ T9670] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  222.248384][ T9670] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  222.248390][ T9670] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  222.248403][ T9670]  </TASK>
[  222.248408][ T9670] audit: error in audit_log_task_context
[  222.264860][   T40] audit: type=1326 audit(1753574411.364:163): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9669 comm="syz.1.985" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702e579 code=0x7ffc0000
[  222.347820][   T40] audit: type=1326 audit(1753574411.364:164): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9669 comm="syz.1.985" exe="/syz-executor" sig=0 arch=40000003 syscall=172 compat=1 ip=0xf702e579 code=0x7ffc0000
[  222.354393][   T40] audit: type=1326 audit(1753574411.364:165): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9669 comm="syz.1.985" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702e579 code=0x7ffc0000
[  222.361056][   T40] audit: type=1326 audit(1753574411.364:166): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9669 comm="syz.1.985" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702e579 code=0x7ffc0000
[  222.447673][ T2292] usb 7-1: USB disconnect, device number 16
[  222.553351][ T5318] Bluetooth: hci0: command 0x0c1a tx timeout
[  222.558004][   T40] kauditd_printk_skb: 33 callbacks suppressed
[  222.558015][   T40] audit: type=1326 audit(1753574411.700:200): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9669 comm="syz.1.985" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702e579 code=0x7ffc0000
[  222.566484][   T40] audit: type=1326 audit(1753574411.700:201): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9669 comm="syz.1.985" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702e579 code=0x7ffc0000
[  223.323033][ T5318] Bluetooth: hci1: command 0x0c1a tx timeout
[  223.419736][ T5962] Bluetooth: hci2: command 0x0c1a tx timeout
[  223.423393][ T5318] Bluetooth: hci3: command 0x0c1a tx timeout
[  223.467544][ T9691] netlink: 20 bytes leftover after parsing attributes in process `syz.3.992'.
[  223.474211][ T9691] batman_adv: batadv0: Local translation table size (108) exceeds maximum packet size (-320); Ignoring new local tt entry: 80:00:00:00:00:85
[  223.481310][ T9691] netlink: 4 bytes leftover after parsing attributes in process `syz.3.992'.
[  223.727903][ T9707] fuse: Bad value for 'fd'
[  224.322054][ T9694] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  224.324446][ T9694] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  224.326602][ T9694] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  224.328720][ T9694] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  224.345570][   T40] audit: type=1326 audit(1753574413.375:202): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9712 comm="syz.0.997" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704e579 code=0x7ffc0000
[  224.362996][   T40] audit: type=1326 audit(1753574413.384:203): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9712 comm="syz.0.997" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704e579 code=0x7ffc0000
[  224.370212][   T40] audit: type=1326 audit(1753574413.384:204): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9712 comm="syz.0.997" exe="/syz-executor" sig=0 arch=40000003 syscall=172 compat=1 ip=0xf704e579 code=0x7ffc0000
[  224.378701][   T40] audit: type=1326 audit(1753574413.384:205): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9712 comm="syz.0.997" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704e579 code=0x7ffc0000
[  224.388711][   T40] audit: type=1326 audit(1753574413.384:206): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9712 comm="syz.0.997" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704e579 code=0x7ffc0000
[  224.396052][   T40] audit: type=1326 audit(1753574413.384:207): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9712 comm="syz.0.997" exe="/syz-executor" sig=0 arch=40000003 syscall=172 compat=1 ip=0xf704e579 code=0x7ffc0000
[  224.405655][   T40] audit: type=1326 audit(1753574413.384:208): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9712 comm="syz.0.997" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704e579 code=0x7ffc0000
[  224.414495][   T40] audit: type=1326 audit(1753574413.384:209): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9712 comm="syz.0.997" exe="/syz-executor" sig=0 arch=40000003 syscall=370 compat=1 ip=0xf704e579 code=0x7ffc0000
[  224.569484][ T9717] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  224.575919][ T9717] FAULT_INJECTION: forcing a failure.
[  224.575919][ T9717] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  224.579993][ T9717] CPU: 1 UID: 0 PID: 9717 Comm: syz.3.998 Not tainted 6.16.0-rc7-syzkaller-00127-g302f88ff3584 #0 PREEMPT(full) 
[  224.580008][ T9717] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  224.580015][ T9717] Call Trace:
[  224.580019][ T9717]  <TASK>
[  224.580024][ T9717]  dump_stack_lvl+0x16c/0x1f0
[  224.580039][ T9717]  should_fail_ex+0x512/0x640
[  224.580054][ T9717]  _copy_from_user+0x2e/0xd0
[  224.580066][ T9717]  ucma_write+0x128/0x330
[  224.580079][ T9717]  ? __pfx_ucma_write+0x10/0x10
[  224.580091][ T9717]  ? bpf_lsm_file_permission+0x9/0x10
[  224.580105][ T9717]  ? security_file_permission+0x71/0x210
[  224.580123][ T9717]  ? rw_verify_area+0xcf/0x680
[  224.580140][ T9717]  ? __pfx_ucma_write+0x10/0x10
[  224.580151][ T9717]  vfs_write+0x29d/0x1150
[  224.580163][ T9717]  ? __pfx_vfs_write+0x10/0x10
[  224.580172][ T9717]  ? find_held_lock+0x2b/0x80
[  224.580185][ T9717]  ? __fget_files+0x204/0x3c0
[  224.580204][ T9717]  ? __fget_files+0x20e/0x3c0
[  224.580232][ T9717]  ? handle_mm_fault+0x230/0xd10
[  224.580252][ T9717]  ksys_write+0x1f8/0x250
[  224.580262][ T9717]  ? __pfx_ksys_write+0x10/0x10
[  224.580273][ T9717]  ? rcu_is_watching+0x12/0xc0
[  224.580286][ T9717]  __do_fast_syscall_32+0x7c/0x3a0
[  224.580299][ T9717]  do_fast_syscall_32+0x32/0x80
[  224.580310][ T9717]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  224.580324][ T9717] RIP: 0023:0xf704e579
[  224.580332][ T9717] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  224.580347][ T9717] RSP: 002b:00000000f503e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000004
[  224.580357][ T9717] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 0000000080000000
[  224.580364][ T9717] RDX: 0000000000000018 RSI: 0000000000000000 RDI: 0000000000000000
[  224.580370][ T9717] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  224.580376][ T9717] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  224.580382][ T9717] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  224.580395][ T9717]  </TASK>
[  224.580880][ T9717] netlink: 28 bytes leftover after parsing attributes in process `syz.3.998'.
[  224.662770][ T6006] usb 42-1: device descriptor read/8, error -110
[  224.824772][ T9737] netlink: 'syz.2.1003': attribute type 1 has an invalid length.
[  224.827433][ T9737] netlink: 244 bytes leftover after parsing attributes in process `syz.2.1003'.
[  225.077242][ T6006] usb usb42-port1: attempt power cycle
[  225.162238][   T10] usb 7-1: new high-speed USB device number 17 using dummy_hcd
[  225.322229][   T10] usb 7-1: Using ep0 maxpacket: 8
[  225.325251][   T10] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  225.328252][   T10] usb 7-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  225.331118][   T10] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  225.423545][   T10] usb 7-1: config 0 descriptor??
[  225.430038][   T10] iowarrior 7-1:0.0: no interrupt-in endpoint found
[  225.717729][ T5318] Bluetooth: hci0: command 0x0c1a tx timeout
[  225.883634][ T6006] usb usb42-port1: unable to enumerate USB device
[  226.487667][ T5318] Bluetooth: hci3: command 0x0c1a tx timeout
[  226.487718][ T5962] Bluetooth: hci2: command 0x0c1a tx timeout
[  226.487753][ T5965] Bluetooth: hci1: command 0x0c1a tx timeout
[  226.839422][ T9762] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  226.842527][ T9762] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  226.845220][ T9762] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  226.848884][ T9762] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  227.210135][   T29] usb 38-1: device descriptor read/8, error -110
[  227.622561][ T9789] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1018'.
[  227.722957][   T29] usb usb38-port1: attempt power cycle
[  227.754381][ T9798] Context (ID=0x0) not attached to queue pair (handle=0x4d9:0x0)
[  227.787734][ T5960] udevd[5960]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory
[  228.091281][ T6006] usb 7-1: USB disconnect, device number 17
[  228.361076][   T29] usb usb38-port1: unable to enumerate USB device
[  228.366760][ T9814] xt_CT: You must specify a L4 protocol and not use inversions on it
[  228.435315][ T9814] 9pnet: Could not find request transport: 0x0000000000000007
[  228.916463][ T9808] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  228.919259][ T9808] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  228.921584][ T9808] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  228.924524][ T9808] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  229.000367][   T40] kauditd_printk_skb: 43 callbacks suppressed
[  229.000509][   T40] audit: type=1326 audit(1753574417.734:253): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9826 comm="syz.1.1027" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702e579 code=0x7ffc0000
[  229.071007][   T40] audit: type=1326 audit(1753574417.734:254): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9826 comm="syz.1.1027" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702e579 code=0x7ffc0000
[  229.115762][   T40] audit: type=1326 audit(1753574417.734:255): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9826 comm="syz.1.1027" exe="/syz-executor" sig=0 arch=40000003 syscall=172 compat=1 ip=0xf702e579 code=0x7ffc0000
[  229.122676][   T40] audit: type=1326 audit(1753574417.734:256): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9826 comm="syz.1.1027" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702e579 code=0x7ffc0000
[  229.272257][   T40] audit: type=1326 audit(1753574417.734:257): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9826 comm="syz.1.1027" exe="/syz-executor" sig=0 arch=40000003 syscall=172 compat=1 ip=0xf702e579 code=0x7ffc0000
[  229.287010][   T40] audit: type=1326 audit(1753574417.734:258): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9826 comm="syz.1.1027" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702e579 code=0x7ffc0000
[  229.303358][   T40] audit: type=1326 audit(1753574417.734:259): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9826 comm="syz.1.1027" exe="/syz-executor" sig=0 arch=40000003 syscall=370 compat=1 ip=0xf702e579 code=0x7ffc0000
[  229.326958][   T40] audit: type=1326 audit(1753574417.734:260): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9826 comm="syz.1.1027" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702e579 code=0x7ffc0000
[  229.352654][   T40] audit: type=1326 audit(1753574417.734:261): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9826 comm="syz.1.1027" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702e579 code=0x7ffc0000
[  229.376367][   T40] audit: type=1326 audit(1753574417.734:262): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9826 comm="syz.1.1027" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf702e579 code=0x7ffc0000
[  230.421673][ T5961] Bluetooth: hci0: command 0x0c1a tx timeout
[  231.106055][ T5961] Bluetooth: hci3: command 0x0c1a tx timeout
[  231.106778][ T5318] Bluetooth: hci2: command 0x0c1a tx timeout
[  231.108415][ T5961] Bluetooth: hci1: command 0x0c1a tx timeout
[  231.874654][ T9861] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  231.878289][ T9861] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  231.881022][ T9861] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  231.884166][ T9861] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  232.766496][ T9893] netlink: 'syz.2.1043': attribute type 4 has an invalid length.
[  232.792928][ T9893] netlink: 'syz.2.1043': attribute type 4 has an invalid length.
[  232.922824][ T9895] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1045'.
[  232.941016][ T9895] batman_adv: batadv0: Local translation table size (96) exceeds maximum packet size (-320); Ignoring new local tt entry: 80:00:00:00:00:85
[  232.948210][ T9895] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1045'.
[  233.163553][ T9900] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1047'.
[  233.202473][ T9900] batman_adv: batadv0: Local translation table size (108) exceeds maximum packet size (-320); Ignoring new local tt entry: 80:00:00:00:00:85
[  233.210417][ T9900] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1047'.
[  233.329479][ T5965] Bluetooth: hci0: command 0x0c1a tx timeout
[  234.099975][ T5318] Bluetooth: hci1: command 0x0c1a tx timeout
[  234.102603][ T5961] Bluetooth: hci2: command 0x0c1a tx timeout
[  234.105144][ T5965] Bluetooth: hci3: command 0x0c1a tx timeout
[  234.446568][ T9924] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1054'.
[  234.462430][ T9924] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1054'.
[  234.681153][ T9929] syzkaller0: entered promiscuous mode
[  234.683161][ T9929] syzkaller0: entered allmulticast mode
[  234.705172][ T9931] sch_tbf: burst 0 is lower than device lo mtu (82) !
[  234.710327][ T9931] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1056'.
[  235.922029][ T9967] xt_CT: You must specify a L4 protocol and not use inversions on it
[  236.312772][ T9958] 9pnet: Could not find request transport: 0x0000000000000007
[  236.326483][ T5965] Bluetooth: hci3: command 0x0c1a tx timeout
[  236.395535][ T9979] FAULT_INJECTION: forcing a failure.
[  236.395535][ T9979] name failslab, interval 1, probability 0, space 0, times 0
[  236.399730][ T9979] CPU: 2 UID: 0 PID: 9979 Comm: syz.2.1066 Not tainted 6.16.0-rc7-syzkaller-00127-g302f88ff3584 #0 PREEMPT(full) 
[  236.399745][ T9979] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  236.399753][ T9979] Call Trace:
[  236.399757][ T9979]  <TASK>
[  236.399762][ T9979]  dump_stack_lvl+0x16c/0x1f0
[  236.399777][ T9979]  should_fail_ex+0x512/0x640
[  236.399788][ T9979]  ? __kvmalloc_node_noprof+0x124/0x620
[  236.399807][ T9979]  should_failslab+0xc2/0x120
[  236.399820][ T9979]  __kvmalloc_node_noprof+0x137/0x620
[  236.399837][ T9979]  ? __pfx___mutex_lock+0x10/0x10
[  236.399849][ T9979]  ? traverse.part.0.constprop.0+0x392/0x640
[  236.399868][ T9979]  ? traverse.part.0.constprop.0+0x392/0x640
[  236.399884][ T9979]  traverse.part.0.constprop.0+0x392/0x640
[  236.399905][ T9979]  seq_read_iter+0x932/0x12c0
[  236.399922][ T9979]  ? aa_file_perm+0x4d6/0xfb0
[  236.399936][ T9979]  seq_read+0x39e/0x4e0
[  236.399951][ T9979]  ? __pfx_seq_read+0x10/0x10
[  236.399969][ T9979]  ? get_pid_task+0xfc/0x250
[  236.399990][ T9979]  ? __pfx_seq_read+0x10/0x10
[  236.400004][ T9979]  proc_reg_read+0x23d/0x330
[  236.400016][ T9979]  ? __pfx_proc_reg_read+0x10/0x10
[  236.400027][ T9979]  vfs_read+0x1e4/0xc60
[  236.400040][ T9979]  ? __pfx_vfs_read+0x10/0x10
[  236.400048][ T9979]  ? find_held_lock+0x2b/0x80
[  236.400060][ T9979]  ? __fget_files+0x204/0x3c0
[  236.400079][ T9979]  ? __fget_files+0x20e/0x3c0
[  236.400094][ T9979]  ? __fget_files+0x1b0/0x3c0
[  236.400127][ T9979]  ksys_pread64+0x161/0x1a0
[  236.400138][ T9979]  ? __pfx_ksys_pread64+0x10/0x10
[  236.400150][ T9979]  ? rcu_is_watching+0x12/0xc0
[  236.400163][ T9979]  __do_fast_syscall_32+0x7c/0x3a0
[  236.400176][ T9979]  do_fast_syscall_32+0x32/0x80
[  236.400187][ T9979]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  236.400201][ T9979] RIP: 0023:0xf7fc4579
[  236.400209][ T9979] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  236.400220][ T9979] RSP: 002b:00000000f50e655c EFLAGS: 00000296 ORIG_RAX: 00000000000000b4
[  236.400231][ T9979] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000180
[  236.400237][ T9979] RDX: 000000000000fd8a RSI: 000000000000003c RDI: 0000000000000000
[  236.400243][ T9979] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  236.400250][ T9979] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  236.400256][ T9979] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  236.400269][ T9979]  </TASK>
[  236.832875][ T9994] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(5)
[  236.835075][ T9994] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  236.838240][ T9994] vhci_hcd vhci_hcd.0: Device attached
[  236.902489][ T9994] netdevsim netdevsim1: Direct firmware load for @ failed with error -2
[  236.905239][ T9994] netdevsim netdevsim1: Falling back to sysfs fallback for: @
[  237.181921][ T6006] usb 40-1: SetAddress Request (18) to port 0
[  237.184565][ T6006] usb 40-1: new SuperSpeed USB device number 18 using vhci_hcd
[  237.450551][ T9995] vhci_hcd: connection reset by peer
[  237.458069][   T12] vhci_hcd: stop threads
[  237.459942][   T12] vhci_hcd: release socket
[  237.461897][   T12] vhci_hcd: disconnect device
[  237.761690][T10002] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1073'.
[  237.833946][T10004] netlink: 'syz.3.1074': attribute type 1 has an invalid length.
[  237.837201][T10004] netlink: 244 bytes leftover after parsing attributes in process `syz.3.1074'.
[  238.299084][T10012] Cannot find add_set index 0 as target
[  238.304069][ T5965] Bluetooth: hci1: ACL packet for unknown connection handle 201
[  238.342698][ T5965] Bluetooth: hci1: unexpected event for opcode 0x2031
[  238.609399][T10018] xt_CT: You must specify a L4 protocol and not use inversions on it
[  238.650034][T10018] 9pnet: Could not find request transport: 0x0000000000000007
[  239.349653][T10031] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1083'.
[  239.418404][T10034] FAULT_INJECTION: forcing a failure.
[  239.418404][T10034] name failslab, interval 1, probability 0, space 0, times 0
[  239.423841][T10034] CPU: 0 UID: 0 PID: 10034 Comm: syz.1.1084 Not tainted 6.16.0-rc7-syzkaller-00127-g302f88ff3584 #0 PREEMPT(full) 
[  239.423867][T10034] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  239.423878][T10034] Call Trace:
[  239.423885][T10034]  <TASK>
[  239.423892][T10034]  dump_stack_lvl+0x16c/0x1f0
[  239.423915][T10034]  should_fail_ex+0x512/0x640
[  239.423938][T10034]  should_failslab+0xc2/0x120
[  239.423959][T10034]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  239.423978][T10034]  ? skb_clone+0x190/0x3f0
[  239.424002][T10034]  skb_clone+0x190/0x3f0
[  239.424022][T10034]  ip6_finish_output2+0x1468/0x2020
[  239.424048][T10034]  ? ip6_mtu+0x1a3/0x4a0
[  239.424074][T10034]  __ip6_finish_output+0x3cd/0xff0
[  239.424101][T10034]  ip6_output+0x1f9/0x540
[  239.424125][T10034]  ? __pfx_ip6_output+0x10/0x10
[  239.424149][T10034]  ip6_local_out+0xcd/0x4a0
[  239.424170][T10034]  ip6_send_skb+0x112/0x460
[  239.424197][T10034]  udp_v6_send_skb+0x96f/0x1910
[  239.424230][T10034]  udpv6_sendmsg+0x23a8/0x2d20
[  239.424248][T10034]  ? __pfx_ip_generic_getfrag+0x10/0x10
[  239.424279][T10034]  ? __pfx_udpv6_sendmsg+0x10/0x10
[  239.424303][T10034]  ? __lock_acquire+0xb8a/0x1c90
[  239.424338][T10034]  ? reacquire_held_locks+0xcd/0x1f0
[  239.424374][T10034]  ? rcu_is_watching+0x12/0xc0
[  239.424392][T10034]  ? __local_bh_enable_ip+0xa4/0x120
[  239.424413][T10034]  ? lockdep_hardirqs_on+0x7c/0x110
[  239.424430][T10034]  ? inet_autobind+0x145/0x1a0
[  239.424452][T10034]  ? __local_bh_enable_ip+0xa4/0x120
[  239.424472][T10034]  ? inet_autobind+0x14a/0x1a0
[  239.424493][T10034]  ? __pfx_udpv6_sendmsg+0x10/0x10
[  239.424513][T10034]  ? inet6_sendmsg+0x105/0x140
[  239.424529][T10034]  inet6_sendmsg+0x105/0x140
[  239.424548][T10034]  __sys_sendto+0x376/0x520
[  239.424566][T10034]  ? __pfx___sys_sendto+0x10/0x10
[  239.424606][T10034]  ? ksys_write+0x1ac/0x250
[  239.424623][T10034]  ? __pfx_ksys_write+0x10/0x10
[  239.424644][T10034]  __ia32_sys_sendto+0xdd/0x1b0
[  239.424660][T10034]  ? lockdep_hardirqs_on+0x7c/0x110
[  239.424676][T10034]  ? syscall_enter_from_user_mode_prepare+0x68/0xe0
[  239.424695][T10034]  __do_fast_syscall_32+0x7c/0x3a0
[  239.424717][T10034]  do_fast_syscall_32+0x32/0x80
[  239.424735][T10034]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  239.424757][T10034] RIP: 0023:0xf702e579
[  239.424772][T10034] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  239.424787][T10034] RSP: 002b:00000000f501e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000171
[  239.424805][T10034] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000000
[  239.424816][T10034] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00000000800003c0
[  239.424826][T10034] RBP: 0000000000000080 R08: 0000000000000000 R09: 0000000000000000
[  239.424836][T10034] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  239.424846][T10034] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  239.424885][T10034]  </TASK>
[  239.931618][T10048] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1091'.
[  239.969250][T10048] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1091'.
[  240.204063][T10058] xt_CT: You must specify a L4 protocol and not use inversions on it
[  240.251066][T10058] 9pnet: Could not find request transport: 0x0000000000000007
[  241.371516][T10074] netlink: 'syz.1.1098': attribute type 1 has an invalid length.
[  241.373921][T10074] netlink: 244 bytes leftover after parsing attributes in process `syz.1.1098'.
[  242.359535][T10095] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1106'.
[  242.381097][T10095] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1106'.
[  242.541640][T10094] xt_CT: You must specify a L4 protocol and not use inversions on it
[  242.566350][ T6006] usb 40-1: device descriptor read/8, error -110
[  242.572228][T10090] 9pnet: Could not find request transport: 0x0000000000000007
[  243.005599][   T24] usb 6-1: new high-speed USB device number 15 using dummy_hcd
[  243.164901][   T24] usb 6-1: Using ep0 maxpacket: 8
[  243.168590][   T24] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  243.172178][   T24] usb 6-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  243.175156][   T24] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  243.180612][   T24] usb 6-1: config 0 descriptor??
[  243.265773][ T6006] usb usb40-port1: attempt power cycle
[  243.408468][   T24] iowarrior 6-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[  243.427891][T10109] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1110'.
[  243.885194][ T6006] usb usb40-port1: unable to enumerate USB device
[  244.894389][T10124] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  244.897929][T10124] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  244.900647][T10124] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  244.903375][T10124] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  244.962826][   T40] kauditd_printk_skb: 26 callbacks suppressed
[  244.962837][   T40] audit: type=1326 audit(1753574432.663:289): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10134 comm="syz.0.1116" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704e579 code=0x7ffc0000
[  244.962915][   T40] audit: type=1326 audit(1753574432.663:290): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10134 comm="syz.0.1116" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704e579 code=0x7ffc0000
[  244.965269][   T40] audit: type=1326 audit(1753574432.663:291): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10134 comm="syz.0.1116" exe="/syz-executor" sig=0 arch=40000003 syscall=449 compat=1 ip=0xf704e579 code=0x7ffc0000
[  245.020683][   T40] audit: type=1326 audit(1753574432.709:292): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10134 comm="syz.0.1116" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704e579 code=0x7ffc0000
[  245.027561][   T40] audit: type=1326 audit(1753574432.709:293): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10134 comm="syz.0.1116" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704e579 code=0x7ffc0000
[  245.030242][T10135] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1116'.
[  245.034138][   T40] audit: type=1326 audit(1753574432.719:294): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10134 comm="syz.0.1116" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf704e579 code=0x7ffc0000
[  245.038004][T10135] team0: left allmulticast mode
[  245.044378][   T40] audit: type=1326 audit(1753574432.719:295): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10134 comm="syz.0.1116" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704e579 code=0x7ffc0000
[  245.046561][T10135] team_slave_0: left allmulticast mode
[  245.053030][   T40] audit: type=1326 audit(1753574432.719:296): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10134 comm="syz.0.1116" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704e579 code=0x7ffc0000
[  245.055271][T10135] team_slave_1: left allmulticast mode
[  245.055492][T10135] bridge0: port 3(team0) entered disabled state
[  245.061883][   T40] audit: type=1326 audit(1753574432.719:297): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10134 comm="syz.0.1116" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf704e579 code=0x7ffc0000
[  245.073386][   T40] audit: type=1326 audit(1753574432.719:298): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10134 comm="syz.0.1116" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704e579 code=0x7ffc0000
[  245.080853][T10135] bridge_slave_1: left allmulticast mode
[  245.083295][T10135] bridge_slave_1: left promiscuous mode
[  245.085921][T10135] bridge0: port 2(bridge_slave_1) entered disabled state
[  245.092450][T10135] bridge_slave_0: left allmulticast mode
[  245.094280][T10135] bridge_slave_0: left promiscuous mode
[  245.096191][T10135] bridge0: port 1(bridge_slave_0) entered disabled state
[  245.301378][T10141] FAULT_INJECTION: forcing a failure.
[  245.301378][T10141] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  245.306206][T10141] CPU: 3 UID: 0 PID: 10141 Comm: syz.0.1118 Not tainted 6.16.0-rc7-syzkaller-00127-g302f88ff3584 #0 PREEMPT(full) 
[  245.306223][T10141] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  245.306230][T10141] Call Trace:
[  245.306234][T10141]  <TASK>
[  245.306239][T10141]  dump_stack_lvl+0x16c/0x1f0
[  245.306254][T10141]  should_fail_ex+0x512/0x640
[  245.306278][T10141]  _copy_from_user+0x2e/0xd0
[  245.306293][T10141]  memdup_user+0x6b/0xe0
[  245.306305][T10141]  kvm_arch_vm_ioctl+0x2a3/0x1cf0
[  245.306320][T10141]  ? __pfx_kvm_arch_vm_ioctl+0x10/0x10
[  245.306333][T10141]  ? is_bpf_text_address+0x8a/0x1a0
[  245.306348][T10141]  ? bpf_ksym_find+0x124/0x1c0
[  245.306360][T10141]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  245.306373][T10141]  ? is_bpf_text_address+0x94/0x1a0
[  245.306388][T10141]  ? kernel_text_address+0x8d/0x100
[  245.306405][T10141]  ? __kernel_text_address+0xd/0x40
[  245.306422][T10141]  ? unwind_get_return_address+0x59/0xa0
[  245.306439][T10141]  ? arch_stack_walk+0xa6/0x100
[  245.306453][T10141]  ? __lock_acquire+0x622/0x1c90
[  245.306469][T10141]  ? __lock_acquire+0x622/0x1c90
[  245.306489][T10141]  ? __lock_acquire+0x622/0x1c90
[  245.306513][T10141]  ? __lock_acquire+0x622/0x1c90
[  245.306534][T10141]  ? find_held_lock+0x2b/0x80
[  245.306545][T10141]  ? is_bpf_text_address+0x8a/0x1a0
[  245.306562][T10141]  ? bpf_ksym_find+0x124/0x1c0
[  245.306573][T10141]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  245.306586][T10141]  ? is_bpf_text_address+0x94/0x1a0
[  245.306601][T10141]  ? kernel_text_address+0x8d/0x100
[  245.306617][T10141]  ? __kernel_text_address+0xd/0x40
[  245.306634][T10141]  ? unwind_get_return_address+0x59/0xa0
[  245.306651][T10141]  ? arch_stack_walk+0xa6/0x100
[  245.306664][T10141]  kvm_vm_ioctl+0x19d3/0x3dd0
[  245.306682][T10141]  ? stack_trace_save+0x8e/0xc0
[  245.306694][T10141]  ? __pfx_stack_trace_save+0x10/0x10
[  245.306706][T10141]  ? stack_depot_save_flags+0x28/0xa40
[  245.306718][T10141]  ? __lock_acquire+0xb8a/0x1c90
[  245.306736][T10141]  ? __pfx_kvm_vm_ioctl+0x10/0x10
[  245.306755][T10141]  ? kasan_save_stack+0x42/0x60
[  245.306765][T10141]  ? kasan_save_stack+0x33/0x60
[  245.306774][T10141]  ? kasan_save_track+0x14/0x30
[  245.306784][T10141]  ? kasan_save_free_info+0x3b/0x60
[  245.306798][T10141]  ? __kasan_slab_free+0x51/0x70
[  245.306809][T10141]  ? kfree+0x2b4/0x4d0
[  245.306823][T10141]  ? tomoyo_path_number_perm+0x470/0x580
[  245.306838][T10141]  ? security_file_ioctl_compat+0x9b/0x240
[  245.306854][T10141]  ? __ia32_compat_sys_ioctl+0xc3/0x370
[  245.306869][T10141]  ? __do_fast_syscall_32+0x7c/0x3a0
[  245.306880][T10141]  ? do_fast_syscall_32+0x32/0x80
[  245.306890][T10141]  ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  245.306904][T10141]  ? kvm_arch_vm_compat_ioctl+0x2d0/0x470
[  245.306917][T10141]  ? __pfx_kvm_arch_vm_compat_ioctl+0x10/0x10
[  245.306941][T10141]  ? kasan_quarantine_put+0x10a/0x240
[  245.306951][T10141]  ? lockdep_hardirqs_on+0x7c/0x110
[  245.306963][T10141]  ? find_held_lock+0x2b/0x80
[  245.306996][T10141]  ? tomoyo_path_number_perm+0x295/0x580
[  245.307014][T10141]  ? tomoyo_path_number_perm+0x18d/0x580
[  245.307031][T10141]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  245.307046][T10141]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  245.307063][T10141]  ? do_vfs_ioctl+0x523/0x1a60
[  245.307078][T10141]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  245.307099][T10141]  kvm_vm_compat_ioctl+0x393/0x430
[  245.307116][T10141]  ? __pfx_kvm_vm_compat_ioctl+0x10/0x10
[  245.307134][T10141]  ? find_held_lock+0x2b/0x80
[  245.307144][T10141]  ? hook_file_ioctl_common+0x145/0x410
[  245.307167][T10141]  ? __fget_files+0x20e/0x3c0
[  245.307183][T10141]  ? __fput_deferred+0x480/0x480
[  245.307198][T10141]  ? __pfx_kvm_vm_compat_ioctl+0x10/0x10
[  245.307216][T10141]  __ia32_compat_sys_ioctl+0x23f/0x370
[  245.307233][T10141]  __do_fast_syscall_32+0x7c/0x3a0
[  245.307245][T10141]  do_fast_syscall_32+0x32/0x80
[  245.307257][T10141]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  245.307270][T10141] RIP: 0023:0xf704e579
[  245.307278][T10141] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  245.307289][T10141] RSP: 002b:00000000f503e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  245.307299][T10141] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000c208ae62
[  245.307306][T10141] RDX: 0000000080000580 RSI: 0000000000000000 RDI: 0000000000000000
[  245.307312][T10141] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  245.307318][T10141] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  245.307324][T10141] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  245.307337][T10141]  </TASK>
[  245.457789][ T6006] usb 7-1: new high-speed USB device number 18 using dummy_hcd
[  245.472074][T10142] xt_CT: You must specify a L4 protocol and not use inversions on it
[  245.490560][T10139] 9pnet: Could not find request transport: 0x0000000000000007
[  245.602308][ T6006] usb 7-1: device descriptor read/64, error -71
[  245.615384][T10146] netlink: 'syz.0.1119': attribute type 10 has an invalid length.
[  245.869682][ T6006] usb 7-1: new high-speed USB device number 19 using dummy_hcd
[  245.938116][ T1019] usb 6-1: USB disconnect, device number 15
[  246.009011][ T6006] usb 7-1: device descriptor read/64, error -71
[  246.126441][ T6006] usb usb7-port1: attempt power cycle
[  246.296463][T10158] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1121'.
[  246.329425][ T5965] Bluetooth: hci0: command 0x0c1a tx timeout
[  246.500274][ T6006] usb 7-1: new high-speed USB device number 20 using dummy_hcd
[  246.522119][ T6006] usb 7-1: device descriptor read/8, error -71
[  246.788937][ T6006] usb 7-1: new high-speed USB device number 21 using dummy_hcd
[  246.810945][ T6006] usb 7-1: device descriptor read/8, error -71
[  246.930433][ T6006] usb usb7-port1: unable to enumerate USB device
[  247.099100][ T5318] Bluetooth: hci1: command 0x0c1a tx timeout
[  247.101953][ T5961] Bluetooth: hci3: command 0x0c1a tx timeout
[  247.104427][ T5965] Bluetooth: hci2: command 0x0c1a tx timeout
[  247.144207][T10173] FAULT_INJECTION: forcing a failure.
[  247.144207][T10173] name failslab, interval 1, probability 0, space 0, times 0
[  247.150001][T10173] CPU: 0 UID: 0 PID: 10173 Comm: syz.3.1124 Not tainted 6.16.0-rc7-syzkaller-00127-g302f88ff3584 #0 PREEMPT(full) 
[  247.150026][T10173] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  247.150049][T10173] Call Trace:
[  247.150059][T10173]  <TASK>
[  247.150066][T10173]  dump_stack_lvl+0x16c/0x1f0
[  247.150090][T10173]  should_fail_ex+0x512/0x640
[  247.150108][T10173]  ? __kmalloc_cache_noprof+0x57/0x3e0
[  247.150137][T10173]  should_failslab+0xc2/0x120
[  247.150158][T10173]  __kmalloc_cache_noprof+0x6a/0x3e0
[  247.150185][T10173]  ? cgroup_show_path+0xb2/0x740
[  247.150206][T10173]  ? __pfx_cgroup_show_path+0x10/0x10
[  247.150223][T10173]  cgroup_show_path+0xb2/0x740
[  247.150244][T10173]  ? __pfx_cgroup_show_path+0x10/0x10
[  247.150261][T10173]  kernfs_sop_show_path+0xe9/0x160
[  247.150286][T10173]  ? __pfx_kernfs_sop_show_path+0x10/0x10
[  247.150311][T10173]  show_path+0x9e/0x100
[  247.150331][T10173]  show_mountinfo+0x1c6/0x810
[  247.150354][T10173]  ? trace_kmalloc+0x2b/0xd0
[  247.150374][T10173]  ? __pfx_show_mountinfo+0x10/0x10
[  247.150405][T10173]  seq_read_iter+0xb1b/0x12c0
[  247.150441][T10173]  vfs_read+0x8bc/0xc60
[  247.150469][T10173]  ? __pfx_vfs_read+0x10/0x10
[  247.150483][T10173]  ? find_held_lock+0x2b/0x80
[  247.150524][T10173]  ksys_read+0x12a/0x250
[  247.150540][T10173]  ? __pfx_ksys_read+0x10/0x10
[  247.150559][T10173]  ? rcu_is_watching+0x12/0xc0
[  247.150584][T10173]  __do_fast_syscall_32+0x7c/0x3a0
[  247.150606][T10173]  do_fast_syscall_32+0x32/0x80
[  247.150625][T10173]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  247.150646][T10173] RIP: 0023:0xf704e579
[  247.150660][T10173] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  247.150676][T10173] RSP: 002b:00000000f503e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000003
[  247.150692][T10173] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000400
[  247.150704][T10173] RDX: 0000000000002020 RSI: 0000000000000000 RDI: 0000000000000000
[  247.150716][T10173] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  247.150725][T10173] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  247.150734][T10173] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  247.150759][T10173]  </TASK>
[  247.275207][T10170] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1123'.
[  247.520820][T10190] netlink: 'syz.0.1128': attribute type 10 has an invalid length.
[  247.580388][T10189] FAULT_INJECTION: forcing a failure.
[  247.580388][T10189] name failslab, interval 1, probability 0, space 0, times 0
[  247.585174][T10189] CPU: 3 UID: 0 PID: 10189 Comm: syz.2.1129 Not tainted 6.16.0-rc7-syzkaller-00127-g302f88ff3584 #0 PREEMPT(full) 
[  247.585195][T10189] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  247.585202][T10189] Call Trace:
[  247.585207][T10189]  <TASK>
[  247.585212][T10189]  dump_stack_lvl+0x16c/0x1f0
[  247.585228][T10189]  should_fail_ex+0x512/0x640
[  247.585240][T10189]  ? fs_reclaim_acquire+0xae/0x150
[  247.585257][T10189]  should_failslab+0xc2/0x120
[  247.585270][T10189]  __kmalloc_node_track_caller_noprof+0xd6/0x510
[  247.585283][T10189]  ? nbd_add_socket+0x378/0xbe0
[  247.585298][T10189]  krealloc_noprof+0x156/0x370
[  247.585308][T10189]  ? kasan_save_track+0x14/0x30
[  247.585320][T10189]  nbd_add_socket+0x378/0xbe0
[  247.585333][T10189]  ? __pfx_nbd_add_socket+0x10/0x10
[  247.585346][T10189]  ? bpf_lsm_capable+0x9/0x10
[  247.585365][T10189]  nbd_ioctl+0x8b4/0xda0
[  247.585378][T10189]  ? __pfx_nbd_ioctl+0x10/0x10
[  247.585396][T10189]  ? find_held_lock+0x2b/0x80
[  247.585415][T10189]  ? __pfx_nbd_ioctl+0x10/0x10
[  247.585432][T10189]  compat_blkdev_ioctl+0x2eb/0x7a0
[  247.585460][T10189]  ? __pfx_compat_blkdev_ioctl+0x10/0x10
[  247.585483][T10189]  ? __fput_deferred+0x480/0x480
[  247.585508][T10189]  ? __pfx_compat_blkdev_ioctl+0x10/0x10
[  247.585535][T10189]  __ia32_compat_sys_ioctl+0x23f/0x370
[  247.585562][T10189]  __do_fast_syscall_32+0x7c/0x3a0
[  247.585583][T10189]  do_fast_syscall_32+0x32/0x80
[  247.585602][T10189]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  247.585626][T10189] RIP: 0023:0xf7fc4579
[  247.585641][T10189] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  247.585659][T10189] RSP: 002b:00000000f50e655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  247.585677][T10189] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000000ab00
[  247.585689][T10189] RDX: 0000000000000004 RSI: 0000000000000000 RDI: 0000000000000000
[  247.585701][T10189] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  247.585711][T10189] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  247.585721][T10189] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  247.585747][T10189]  </TASK>
[  247.586273][T10188] block nbd2: shutting down sockets
[  249.109644][T10218] FAULT_INJECTION: forcing a failure.
[  249.109644][T10218] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  249.113821][T10218] CPU: 0 UID: 0 PID: 10218 Comm: syz.1.1138 Not tainted 6.16.0-rc7-syzkaller-00127-g302f88ff3584 #0 PREEMPT(full) 
[  249.113836][T10218] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  249.113844][T10218] Call Trace:
[  249.113848][T10218]  <TASK>
[  249.113852][T10218]  dump_stack_lvl+0x16c/0x1f0
[  249.113868][T10218]  should_fail_ex+0x512/0x640
[  249.113881][T10218]  _copy_from_iter+0x29f/0x16f0
[  249.113895][T10218]  ? __alloc_skb+0x200/0x380
[  249.113906][T10218]  ? __pfx__copy_from_iter+0x10/0x10
[  249.113919][T10218]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  249.113937][T10218]  netlink_sendmsg+0x829/0xdd0
[  249.113952][T10218]  ? __pfx_netlink_sendmsg+0x10/0x10
[  249.113966][T10218]  ? __import_iovec+0x1dd/0x650
[  249.113981][T10218]  ____sys_sendmsg+0xa95/0xc70
[  249.113997][T10218]  ? __pfx_____sys_sendmsg+0x10/0x10
[  249.114012][T10218]  ? get_compat_msghdr+0x11a/0x170
[  249.114029][T10218]  ___sys_sendmsg+0x134/0x1d0
[  249.114041][T10218]  ? __pfx____sys_sendmsg+0x10/0x10
[  249.114059][T10218]  ? find_held_lock+0x2b/0x80
[  249.114079][T10218]  __sys_sendmsg+0x16d/0x220
[  249.114090][T10218]  ? __pfx___sys_sendmsg+0x10/0x10
[  249.114120][T10218]  ? rcu_is_watching+0x12/0xc0
[  249.114135][T10218]  __do_fast_syscall_32+0x7c/0x3a0
[  249.114148][T10218]  do_fast_syscall_32+0x32/0x80
[  249.114159][T10218]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  249.114174][T10218] RIP: 0023:0xf702e579
[  249.114182][T10218] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  249.114193][T10218] RSP: 002b:00000000f501e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  249.114203][T10218] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000280
[  249.114210][T10218] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  249.114216][T10218] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  249.114222][T10218] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  249.114228][T10218] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  249.114241][T10218]  </TASK>
[  252.153404][T10278] netlink: 'syz.1.1158': attribute type 10 has an invalid length.
[  254.054692][T10305] input: syz0 as /devices/virtual/input/input9
[  254.455483][T10311] sch_tbf: burst 0 is lower than device lo mtu (82) !
[  254.477019][T10311] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1165'.
[  255.478982][T10338] random: crng reseeded on system resumption
[  255.596398][T10339] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(5)
[  255.599077][T10339] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  255.604831][T10339] vhci_hcd vhci_hcd.0: Device attached
[  255.825280][T10344] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  255.827397][T10344] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  255.829716][T10344] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  255.832486][T10344] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  255.886708][ T6006] usb 42-1: SetAddress Request (24) to port 0
[  255.890015][ T6006] usb 42-1: new SuperSpeed USB device number 24 using vhci_hcd
[  256.275633][T10340] vhci_hcd: connection closed
[  256.276676][ T1139] vhci_hcd: stop threads
[  256.280740][ T1139] vhci_hcd: release socket
[  256.286339][ T1139] vhci_hcd: disconnect device
[  256.346294][    C0] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  256.740033][   T54] usb 6-1: new high-speed USB device number 16 using dummy_hcd
[  256.743209][ T6006] usb 42-1: enqueue for inactive port 0
[  256.804934][T10359] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1175'.
[  256.820973][T10359] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1175'.
[  256.915941][   T54] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  256.919712][   T54] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  256.923198][   T54] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  256.926497][   T54] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  256.930684][   T54] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  256.933639][   T54] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  256.938206][   T54] usb 6-1: config 0 descriptor??
[  257.220003][ T6006] usb usb42-port1: attempt power cycle
[  257.472893][   T54] plantronics 0003:047F:FFFF.0006: ignoring exceeding usage max
[  257.483121][   T54] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0
[  257.488867][   T54] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0
[  257.491357][   T54] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0
[  257.493746][   T54] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0
[  257.496606][   T54] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0
[  257.509432][   T54] plantronics 0003:047F:FFFF.0006: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0
[  257.748503][   T54] usb 6-1: USB disconnect, device number 16
[  257.814687][ T6006] usb usb42-port1: unable to enumerate USB device
[  258.057187][ T5318] Bluetooth: hci3: command 0x0c1a tx timeout
[  258.057784][ T5965] Bluetooth: hci2: command 0x0c1a tx timeout
[  258.059072][ T5318] Bluetooth: hci1: command 0x0c1a tx timeout
[  258.061600][ T5965] Bluetooth: hci0: command 0x0c1a tx timeout
[  258.250567][T10383] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  258.253411][T10383] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  258.256067][T10383] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  258.258782][T10383] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  258.330601][T10387] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  258.336739][T10387] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1182'.
[  258.358801][T10390] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1183'.
[  258.370071][T10390] netlink: 'syz.1.1183': attribute type 10 has an invalid length.
[  258.433623][T10396] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1184'.
[  258.448294][T10396] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1184'.
[  258.756021][T10409] xt_CT: You must specify a L4 protocol and not use inversions on it
[  258.781180][T10411] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1187'.
[  258.853380][T10409] 9pnet: Could not find request transport: 0x0000000000000007
[  259.746294][  T837] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None
[  259.917060][   T53] usb 6-1: new high-speed USB device number 17 using dummy_hcd
[  259.925987][T10437] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  259.932985][T10437] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1192'.
[  260.022780][T10440] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1193'.
[  260.078800][   T53] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  260.082394][   T53] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  260.088770][   T53] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  260.094930][   T53] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  260.099774][   T53] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  260.102673][   T53] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  260.108735][   T53] usb 6-1: config 0 descriptor??
[  260.357512][T10457] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1195'.
[  260.376832][T10457] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1195'.
[  260.440871][ T5961] Bluetooth: hci1: command 0x0c1a tx timeout
[  260.442813][ T5961] Bluetooth: hci0: command 0x0c1a tx timeout
[  260.451652][ T5965] Bluetooth: hci3: command 0x0c1a tx timeout
[  260.453622][ T5965] Bluetooth: hci2: command 0x0c1a tx timeout
[  260.584590][   T53] plantronics 0003:047F:FFFF.0007: ignoring exceeding usage max
[  260.599268][   T53] plantronics 0003:047F:FFFF.0007: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0
[  260.798111][   T10] usb 6-1: USB disconnect, device number 17
[  265.146813][ T1419] ieee802154 phy0 wpan0: encryption failed: -22
[  271.199491][T10488] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  271.201523][T10488] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  271.203537][T10488] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  271.205460][T10488] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  271.391144][T10492] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  271.393137][T10492] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  271.398867][T10492] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  271.400820][T10492] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  271.481883][T10510] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1206'.
[  271.491830][T10510] netlink: 'syz.3.1206': attribute type 10 has an invalid length.
[  273.136174][T10536] afs: Unknown parameter 'eyn'
[  273.241777][T10537] afs: Unknown parameter 'eyn'
[  273.611969][ T5961] Bluetooth: hci3: command 0x0c1a tx timeout
[  273.612041][ T5965] Bluetooth: hci2: command 0x0c1a tx timeout
[  273.612095][ T5962] Bluetooth: hci0: command 0x0c1a tx timeout
[  273.612143][ T5318] Bluetooth: hci1: command 0x0c1a tx timeout
[  274.245466][T10555] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1218'.
[  274.257987][T10555] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1218'.
[  275.216035][T10560] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  275.219171][T10560] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  275.223066][T10560] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  275.227012][T10560] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  275.535753][T10582] FAULT_INJECTION: forcing a failure.
[  275.535753][T10582] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  275.539943][T10582] CPU: 1 UID: 0 PID: 10582 Comm: syz.3.1225 Not tainted 6.16.0-rc7-syzkaller-00127-g302f88ff3584 #0 PREEMPT(full) 
[  275.539959][T10582] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  275.539966][T10582] Call Trace:
[  275.539970][T10582]  <TASK>
[  275.539974][T10582]  dump_stack_lvl+0x16c/0x1f0
[  275.539990][T10582]  should_fail_ex+0x512/0x640
[  275.540004][T10582]  _copy_from_iter+0x29f/0x16f0
[  275.540018][T10582]  ? __alloc_skb+0x200/0x380
[  275.540029][T10582]  ? __pfx__copy_from_iter+0x10/0x10
[  275.540042][T10582]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  275.540060][T10582]  netlink_sendmsg+0x829/0xdd0
[  275.540075][T10582]  ? __pfx_netlink_sendmsg+0x10/0x10
[  275.540089][T10582]  ? __import_iovec+0x1dd/0x650
[  275.540104][T10582]  ____sys_sendmsg+0xa95/0xc70
[  275.540120][T10582]  ? __pfx_____sys_sendmsg+0x10/0x10
[  275.540134][T10582]  ? get_compat_msghdr+0x11a/0x170
[  275.540152][T10582]  ___sys_sendmsg+0x134/0x1d0
[  275.540164][T10582]  ? __pfx____sys_sendmsg+0x10/0x10
[  275.540181][T10582]  ? find_held_lock+0x2b/0x80
[  275.540205][T10582]  __sys_sendmsg+0x16d/0x220
[  275.540216][T10582]  ? __pfx___sys_sendmsg+0x10/0x10
[  275.540233][T10582]  ? rcu_is_watching+0x12/0xc0
[  275.540247][T10582]  __do_fast_syscall_32+0x7c/0x3a0
[  275.540259][T10582]  do_fast_syscall_32+0x32/0x80
[  275.540271][T10582]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  275.540284][T10582] RIP: 0023:0xf704e579
[  275.540293][T10582] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  275.540304][T10582] RSP: 002b:00000000f503e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  275.540314][T10582] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080001200
[  275.540320][T10582] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  275.540326][T10582] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  275.540332][T10582] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  275.540338][T10582] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  275.540351][T10582]  </TASK>
[  275.611941][ T6019] usb 7-1: new high-speed USB device number 22 using dummy_hcd
[  275.771223][ T6019] usb 7-1: Using ep0 maxpacket: 32
[  275.774933][ T6019] usb 7-1: config index 0 descriptor too short (expected 29220, got 36)
[  275.777555][ T6019] usb 7-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  275.780256][ T6019] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 81
[  275.783494][ T6019] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  275.786451][ T6019] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  275.789409][ T6019] usb 7-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  275.793811][ T6019] usb 7-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  275.796597][ T6019] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  275.802048][ T6019] usb 7-1: config 0 descriptor??
[  276.125444][ T6019] usblp 7-1:0.0: usblp0: USB Bidirectional printer dev 22 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  276.146077][ T6019] usb 7-1: USB disconnect, device number 22
[  276.150798][ T6019] usblp0: removed
[  276.381407][T10593] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(5)
[  276.383506][T10593] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  276.387229][T10593] vhci_hcd vhci_hcd.0: Device attached
[  276.483022][T10597] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1229'.
[  276.492761][T10597] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1229'.
[  276.534437][T10599] FAULT_INJECTION: forcing a failure.
[  276.534437][T10599] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  276.538618][T10599] CPU: 3 UID: 0 PID: 10599 Comm: syz.1.1230 Not tainted 6.16.0-rc7-syzkaller-00127-g302f88ff3584 #0 PREEMPT(full) 
[  276.538634][T10599] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  276.538641][T10599] Call Trace:
[  276.538645][T10599]  <TASK>
[  276.538650][T10599]  dump_stack_lvl+0x16c/0x1f0
[  276.538665][T10599]  should_fail_ex+0x512/0x640
[  276.538679][T10599]  _copy_from_user+0x2e/0xd0
[  276.538715][T10599]  binder_thread_write+0xa5c/0x4e70
[  276.538734][T10599]  ? kasan_save_track+0x14/0x30
[  276.538749][T10599]  ? __pfx_binder_thread_write+0x10/0x10
[  276.538764][T10599]  ? binder_debug+0xde/0x1a0
[  276.538777][T10599]  ? binder_debug+0xde/0x1a0
[  276.538788][T10599]  ? __pfx_binder_debug+0x10/0x10
[  276.538800][T10599]  ? find_held_lock+0x2b/0x80
[  276.538817][T10599]  ? __pfx_binder_ioctl+0x10/0x10
[  276.538830][T10599]  binder_ioctl+0x26a7/0x72c0
[  276.538848][T10599]  ? tomoyo_path_number_perm+0x295/0x580
[  276.538866][T10599]  ? tomoyo_path_number_perm+0x18d/0x580
[  276.538883][T10599]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  276.538900][T10599]  ? __pfx_binder_ioctl+0x10/0x10
[  276.538914][T10599]  ? do_vfs_ioctl+0x523/0x1a60
[  276.538929][T10599]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  276.538953][T10599]  ? find_held_lock+0x2b/0x80
[  276.538963][T10599]  ? hook_file_ioctl_common+0x145/0x410
[  276.538981][T10599]  ? __fget_files+0x20e/0x3c0
[  276.538997][T10599]  ? __fput_deferred+0x480/0x480
[  276.539012][T10599]  ? __pfx_binder_ioctl+0x10/0x10
[  276.539025][T10599]  compat_ptr_ioctl+0x6e/0xa0
[  276.539039][T10599]  ? __pfx_compat_ptr_ioctl+0x10/0x10
[  276.539053][T10599]  __ia32_compat_sys_ioctl+0x23f/0x370
[  276.539069][T10599]  __do_fast_syscall_32+0x7c/0x3a0
[  276.539086][T10599]  do_fast_syscall_32+0x32/0x80
[  276.539103][T10599]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  276.539125][T10599] RIP: 0023:0xf702e579
[  276.539145][T10599] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  276.539163][T10599] RSP: 002b:00000000f501e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  276.539177][T10599] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c0306201
[  276.539183][T10599] RDX: 0000000080000240 RSI: 0000000000000000 RDI: 0000000000000000
[  276.539189][T10599] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  276.539195][T10599] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  276.539201][T10599] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  276.539214][T10599]  </TASK>
[  276.539219][T10599] binder: 10598:10599 ioctl c0306201 80000240 returned -14
[  276.659182][ T6019] usb 7-1: new high-speed USB device number 23 using dummy_hcd
[  276.672634][   T40] kauditd_printk_skb: 11 callbacks suppressed
[  276.672645][   T40] audit: type=1804 audit(1753574462.324:310): pid=10603 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.1231" name="/newroot/332/file0/file0" dev="9p" ino=35913837 res=1 errno=0
[  276.686799][T10603] overlay: ./file0 is not a directory
[  276.689157][T10603] FAULT_INJECTION: forcing a failure.
[  276.689157][T10603] name failslab, interval 1, probability 0, space 0, times 0
[  276.694182][T10603] CPU: 3 UID: 0 PID: 10603 Comm: syz.1.1231 Not tainted 6.16.0-rc7-syzkaller-00127-g302f88ff3584 #0 PREEMPT(full) 
[  276.694197][T10603] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  276.694205][T10603] Call Trace:
[  276.694208][T10603]  <TASK>
[  276.694212][T10603]  dump_stack_lvl+0x16c/0x1f0
[  276.694227][T10603]  should_fail_ex+0x512/0x640
[  276.694238][T10603]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[  276.694251][T10603]  should_failslab+0xc2/0x120
[  276.694263][T10603]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  276.694274][T10603]  ? security_file_alloc+0x34/0x2b0
[  276.694294][T10603]  security_file_alloc+0x34/0x2b0
[  276.694310][T10603]  init_file+0x93/0x4c0
[  276.694324][T10603]  alloc_empty_file+0x73/0x1e0
[  276.694338][T10603]  path_openat+0xda/0x2cb0
[  276.694353][T10603]  ? do_fast_syscall_32+0x32/0x80
[  276.694364][T10603]  ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  276.694382][T10603]  ? __pfx_path_openat+0x10/0x10
[  276.694394][T10603]  ? __lock_acquire+0xb8a/0x1c90
[  276.694410][T10603]  do_filp_open+0x20b/0x470
[  276.694421][T10603]  ? __pfx_do_filp_open+0x10/0x10
[  276.694441][T10603]  ? alloc_fd+0x471/0x7d0
[  276.694461][T10603]  do_sys_openat2+0x11b/0x1d0
[  276.694475][T10603]  ? __pfx_do_sys_openat2+0x10/0x10
[  276.694491][T10603]  ? __fget_files+0x20e/0x3c0
[  276.694506][T10603]  ? handle_mm_fault+0x230/0xd10
[  276.694525][T10603]  __ia32_compat_sys_open+0x146/0x1e0
[  276.694541][T10603]  ? __pfx___ia32_compat_sys_open+0x10/0x10
[  276.694558][T10603]  ? rcu_is_watching+0x12/0xc0
[  276.694570][T10603]  ? syscall_enter_from_user_mode_prepare+0x68/0xe0
[  276.694584][T10603]  __do_fast_syscall_32+0x7c/0x3a0
[  276.694596][T10603]  do_fast_syscall_32+0x32/0x80
[  276.694607][T10603]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  276.694620][T10603] RIP: 0023:0xf702e579
[  276.694629][T10603] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  276.694640][T10603] RSP: 002b:00000000f501e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000005
[  276.694650][T10603] RAX: ffffffffffffffda RBX: 0000000080000080 RCX: 000000000010b942
[  276.694656][T10603] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000000000000000
[  276.694662][T10603] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  276.694668][T10603] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  276.694674][T10603] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  276.694710][T10603]  </TASK>
[  276.739264][   T54] usb 38-1: SetAddress Request (22) to port 0
[  276.779467][ T5961] Bluetooth: hci0: command 0x0c1a tx timeout
[  276.819288][ T6019] usb 7-1: Using ep0 maxpacket: 32
[  276.822157][ T6019] usb 7-1: config index 0 descriptor too short (expected 29220, got 36)
[  276.824780][ T6019] usb 7-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  276.827574][ T6019] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 81
[  276.830714][ T6019] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  276.833569][ T6019] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  276.838444][ T6019] usb 7-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  276.843560][T10606] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1233'.
[  276.847662][ T6019] usb 7-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  276.849446][T10594] vhci_hcd: connection closed
[  276.850711][ T1139] vhci_hcd: stop threads
[  276.851495][   T54] usb 38-1: new SuperSpeed USB device number 22 using vhci_hcd
[  276.852897][ T1139] vhci_hcd: release socket
[  276.858561][ T1139] vhci_hcd: disconnect device
[  276.861210][ T6019] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  276.870951][ T6019] usb 7-1: config 0 descriptor??
[  276.882980][   T54] usb 38-1: enqueue for inactive port 0
[  276.909745][T10607] netlink: 'syz.1.1233': attribute type 10 has an invalid length.
[  276.965705][T10608] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(5)
[  276.967786][T10608] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  276.971415][T10608] vhci_hcd vhci_hcd.0: Device attached
[  277.268290][ T6006] usb 44-1: SetAddress Request (18) to port 0
[  277.270162][ T6006] usb 44-1: new SuperSpeed USB device number 18 using vhci_hcd
[  277.309656][ T6019] usblp 7-1:0.0: usblp0: USB Bidirectional printer dev 23 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  277.318459][ T6019] usb 7-1: USB disconnect, device number 23
[  277.321893][   T54] usb usb38-port1: attempt power cycle
[  277.322193][ T6019] usblp0: removed
[  277.460805][ T5961] Bluetooth: hci3: command 0x0c1a tx timeout
[  277.461218][ T5318] Bluetooth: hci1: command 0x0c1a tx timeout
[  277.462100][ T5965] Bluetooth: hci2: command 0x0c1a tx timeout
[  277.576901][T10609] vhci_hcd: connection reset by peer
[  277.580841][ T1139] vhci_hcd: stop threads
[  277.582240][ T1139] vhci_hcd: release socket
[  277.583784][ T1139] vhci_hcd: disconnect device
[  277.953044][   T54] usb usb38-port1: unable to enumerate USB device
[  277.983818][T10622] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  277.989976][T10622] [U] 
[  277.990941][T10622] [U] K{�
[  277.992182][T10622] [U] �t �1��Š�F���fˊ�`G�J��g���������o��/�mC�
[  277.994535][T10622] [U] t�ؖ/,�~�Ĝ��j���}8���'o1��"�7-�JQ�K��W��q�5c%"�H12��Y������X�`����`+��(��!(���z'�tXln�I�g�j����ݭ�p�~�7�!���"�����(�5�Ob���̓J�
[  278.000600][T10622] [U] �k\&�}6�6�X�HX�������.`�a�$�40|϶��9��ި����U��4���Vbz��}�w�M�T���Q��Φr�4��
[  278.003950][T10622] [U] ".h6��"�k�[����J�4��I�n��[Z(��C|T�]z{��3�c=��x�����4�w�)\T�XJ��SH{q;칢��t��+���g����d�.˂�>y����wUh�fN����hl]S�2���\g%�O�&z)��'�pul�_<�	�ذ����`ұT�������;_�"(�u{7j��2X �/�'��c���I����H�c�ճ�V�=��Ai�%w�Es� R��j���g��r����hI
���a��6-�D��V�� i"��n� ��Asc~4���8c�*�OO5/��J�~���w�vK+����3��Y)��M���v��yq潀DTr�
Otpem%f��ej�A5��T_-X~�^aaۂ�q��
[  278.017459][T10622] [U] 	+�w�G?]��'a:	��)�
����' B>t���f/��<'�U�'��h�i�.+]e�.�-ɿ���%��>2`�^U�8F.�6��3��+�A�«���g3�p��6:�^0��t��v�'E�t����YC�n��rϩ�n�Pj�;�Z������8!��\���A�ʖ2��$�­wi.��#��/Bai���`��4j��d�y@�z��gW�5˿B��ٜ�N�y"vI2��
[  278.024642][T10622] [U] �T�_K5�t�YJ���9��c�$br�L�Nul��9w���|�G�"ʃ�%����C�؝���q��
 ��3��q��N^HP*��$	�.�7yӱ�2�
[  278.028128][T10622] [U] �?���h��*����3�7�鍾^#Q�"0~���(�o�XL�b�,'v��=���C�S���G�S��0�ւ��`���ه��=1(��p#�2DO*Ƀ
[  278.031750][T10622] [U] �s��g������Gu��d-{���|&������2��L�c_��!`��oz֥�B��%>�r��w���Ss�H"�yA4�O.�Y��䏄RTԶ�B�[+/<<R�B����|Фe���۠�V96#���ͤ�j�U�%
s851���ҩs�P��\��?q�|L��QX�0�K�1orɴ2��|��d�F�������2ޔ���0��H�}C[/����px^��o
[  278.039066][T10622] [U] �؛���(J�Л��m��xz�;�����؝_����*3�3��5�\�xm��U��AK!aQ`��;F�I+��VUH���m�j��Ʒ��Z�c��z���)_矡	���&�����a�xto���_� ���:���%�P���C���y�+_�����}U�m��ƫC�!KJ�7��g��=b�
[  278.045310][T10622] [U] ٽ�F�%�XA��l�2r*g��VW��$��j	�A��F�ߝ�+��9̈́Vi�֗�kپ�1}_��
�%�r6��(]��/����řYܺ��h����r g��rn/ܫ�#!�d����%���D��-{�$�vU��T���$:mtr�E�C1V�D~��];[�����sq����(��e,X�8�"�
��G�d���2@T8��������t8.Rc+�@�ꦇp�u�
p����C���'�yL�-Ss1E?�7�O���^]����c��H]�Jkr]Rkq܆��ݣ��OTc��x���4�N�	��&���ڋ��@�:m7�~�+�W*���xM��>>��{q���
_�՝LX8�U����{�Z����)��7?�rR;�c�r�hײڣ����1�>)�Mă��t���(��aϝ�}9�ڥ�J*Mќ�ġ�'L��q	�DW����=��|q�	�Æ�W;5��Ž�!�dB�x`��/��E�`ƦM��X��"�\
[  278.059691][T10622] [U] {;����٘_�o2��)�o��.2�W2���y���x_  HPϱ�S�D����:]�{������
[  278.062741][T10622] [U] I,�>��	��5�1��^1�N4�oǶ�'0�?֒i�9w.�_.�W�a���V��`)�Z���c6Giӹ�a��XL[����F�*��O�W)+��'\n�
[K@����2�Ǭ���p"^`���	��
[  278.066848][T10622] [U] 22��Ʃ���x?0;3u�
[  278.068453][T10622] [U] ޜ�
��sObx�8�W�4�(�~/���K�U��ԖoQ�e+�G�-y�gY_
�>v�����3.h�ә]̈́�2��)�D�,	��	�D~�d���+�w;A\�F
P��Ș|$��)�
KؐI���ɿk�YT^R���癵��A=�#�ܜ	����ae��t�1��ݯ4K�.e"R�S|��s���:��>p��r�"z������#P!�KY"�}��F�N84����hޱ�o��sߙ̫%Dlw�m��
[  278.076112][T10622] [U] [�['xn�'�����,mr��/����1D=!D�x91B�
w�R�lf���K�Z��#�`�l؛�˜��b~�m���
[  278.078997][T10622] [U] �L�>��d+�d�����"5���h3<���iR=F^�f�n��������v���D�OIO�:U�>�Y�
[  278.081757][T10622] [U] 'B�6v�20��瞥�׌�"t8�{9�FW��]���쩍
[  278.083710][T10622] [U] �72�����u�C6����τI]8c��tۨQSk�Y��I��� �|V'�TV/��g�$[� 9kh`�"����}��[^=��0�]��%�̂T�����F�_v�4C���
[  278.087496][T10622] [U] �ec�
[  278.088523][T10622] [U] ���|���<��:^�3$7nK~�-�@��?��/mtl��۾�I�w�@g~t�{��P�+�$�jp|���I�Ri�pm� ��Y� ��8�t���V�����,�l�,�
[  278.094125][T10621] [U] �K�����)0���~��ʪ�iP'�f��z��r���@B�]�5��{��ʼ�'�8�ƥF��UTqUd
ǩ�K;7��0c[��y���YC���ذm��L�8�T�͚�5���rx����W� x���oQhVi'8����L�
[  278.144632][   T10] usb 6-1: new high-speed USB device number 18 using dummy_hcd
[  278.241261][T10627] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1242'.
[  278.328501][   T10] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  278.332312][   T10] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  278.336341][   T10] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  278.341342][   T10] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  278.344304][   T10] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  278.354375][   T10] usb 6-1: config 0 descriptor??
[  278.559333][T10647] FAULT_INJECTION: forcing a failure.
[  278.559333][T10647] name failslab, interval 1, probability 0, space 0, times 0
[  278.564714][T10647] CPU: 1 UID: 0 PID: 10647 Comm: syz.0.1244 Not tainted 6.16.0-rc7-syzkaller-00127-g302f88ff3584 #0 PREEMPT(full) 
[  278.564730][T10647] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  278.564738][T10647] Call Trace:
[  278.564742][T10647]  <TASK>
[  278.564746][T10647]  dump_stack_lvl+0x16c/0x1f0
[  278.564761][T10647]  should_fail_ex+0x512/0x640
[  278.564772][T10647]  ? __kmalloc_cache_noprof+0x57/0x3e0
[  278.564790][T10647]  should_failslab+0xc2/0x120
[  278.564803][T10647]  __kmalloc_cache_noprof+0x6a/0x3e0
[  278.564819][T10647]  ? __pfx___mutex_lock+0x10/0x10
[  278.564830][T10647]  ? __request_region+0x5c/0xf0
[  278.564847][T10647]  __request_region+0x5c/0xf0
[  278.564863][T10647]  comedi_request_region+0x6d/0x1c0
[  278.564876][T10647]  c6xdigio_attach+0x52/0x4b0
[  278.564890][T10647]  comedi_device_attach+0x3b0/0x900
[  278.564905][T10647]  do_devconfig_ioctl+0x1a7/0x580
[  278.564919][T10647]  ? __pfx_do_devconfig_ioctl+0x10/0x10
[  278.564943][T10647]  ? kasan_save_stack+0x42/0x60
[  278.564953][T10647]  ? kasan_save_stack+0x33/0x60
[  278.564962][T10647]  ? kasan_save_track+0x14/0x30
[  278.564984][T10647]  ? kasan_save_free_info+0x3b/0x60
[  278.565000][T10647]  ? __kasan_slab_free+0x51/0x70
[  278.565010][T10647]  ? kfree+0x2b4/0x4d0
[  278.565024][T10647]  ? tomoyo_path_number_perm+0x470/0x580
[  278.565043][T10647]  comedi_unlocked_ioctl+0x165d/0x2f00
[  278.565063][T10647]  ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[  278.565089][T10647]  ? kasan_quarantine_put+0x10a/0x240
[  278.565099][T10647]  ? lockdep_hardirqs_on+0x7c/0x110
[  278.565111][T10647]  ? find_held_lock+0x2b/0x80
[  278.565122][T10647]  ? tomoyo_path_number_perm+0x295/0x580
[  278.565140][T10647]  ? tomoyo_path_number_perm+0x18d/0x580
[  278.565156][T10647]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  278.565174][T10647]  comedi_compat_ioctl+0x1d0/0x990
[  278.565190][T10647]  ? __pfx_comedi_compat_ioctl+0x10/0x10
[  278.565216][T10647]  ? find_held_lock+0x2b/0x80
[  278.565226][T10647]  ? hook_file_ioctl_common+0x145/0x410
[  278.565244][T10647]  ? __fget_files+0x20e/0x3c0
[  278.565261][T10647]  ? __fput_deferred+0x480/0x480
[  278.565277][T10647]  ? __pfx_comedi_compat_ioctl+0x10/0x10
[  278.565293][T10647]  __ia32_compat_sys_ioctl+0x23f/0x370
[  278.565311][T10647]  __do_fast_syscall_32+0x7c/0x3a0
[  278.565323][T10647]  do_fast_syscall_32+0x32/0x80
[  278.565335][T10647]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  278.565349][T10647] RIP: 0023:0xf704e579
[  278.565357][T10647] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  278.565368][T10647] RSP: 002b:00000000f503e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  278.565378][T10647] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000040946400
[  278.565385][T10647] RDX: 00000000800000c0 RSI: 0000000000000000 RDI: 0000000000000000
[  278.565391][T10647] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  278.565397][T10647] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  278.565403][T10647] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  278.565416][T10647]  </TASK>
[  278.565477][T10647] comedi comedi3: c6xdigio: I/O port conflict (0x4f27,3)
[  278.578911][T10620] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1238'.
[  278.579414][T10647] ==================================================================
[  278.676638][T10647] BUG: KASAN: slab-use-after-free in sysfs_remove_file_ns+0x63/0x70
[  278.679110][T10647] Read of size 8 at addr ffff888013048630 by task syz.0.1244/10647
[  278.682321][T10647] 
[  278.683319][T10647] CPU: 3 UID: 0 PID: 10647 Comm: syz.0.1244 Not tainted 6.16.0-rc7-syzkaller-00127-g302f88ff3584 #0 PREEMPT(full) 
[  278.683334][T10647] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  278.683341][T10647] Call Trace:
[  278.683346][T10647]  <TASK>
[  278.683598][T10647]  dump_stack_lvl+0x116/0x1f0
[  278.683612][T10647]  print_report+0xcd/0x630
[  278.683625][T10647]  ? __virt_addr_valid+0x81/0x610
[  278.683636][T10647]  ? __phys_addr+0xe8/0x180
[  278.683648][T10647]  ? sysfs_remove_file_ns+0x63/0x70
[  278.683662][T10647]  kasan_report+0xe0/0x110
[  278.683674][T10647]  ? sysfs_remove_file_ns+0x63/0x70
[  278.683690][T10647]  sysfs_remove_file_ns+0x63/0x70
[  278.683704][T10647]  driver_remove_file+0x4a/0x60
[  278.683718][T10647]  bus_remove_driver+0x224/0x2c0
[  278.683729][T10647]  driver_unregister+0x76/0xb0
[  278.683742][T10647]  comedi_device_detach+0x140/0x9e0
[  278.683754][T10647]  ? comedi_request_region+0xd4/0x1c0
[  278.683765][T10647]  comedi_device_attach+0x43d/0x900
[  278.683777][T10647]  do_devconfig_ioctl+0x1a7/0x580
[  278.683791][T10647]  ? __pfx_do_devconfig_ioctl+0x10/0x10
[  278.683808][T10647]  ? kasan_save_stack+0x42/0x60
[  278.683817][T10647]  ? kasan_save_stack+0x33/0x60
[  278.683827][T10647]  ? kasan_save_track+0x14/0x30
[  278.683839][T10647]  ? kasan_save_free_info+0x3b/0x60
[  278.683860][T10647]  ? __kasan_slab_free+0x51/0x70
[  278.683879][T10647]  ? kfree+0x2b4/0x4d0
[  278.683898][T10647]  ? tomoyo_path_number_perm+0x470/0x580
[  278.683915][T10647]  comedi_unlocked_ioctl+0x165d/0x2f00
[  278.683932][T10647]  ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[  278.683952][T10647]  ? kasan_quarantine_put+0x10a/0x240
[  278.683962][T10647]  ? lockdep_hardirqs_on+0x7c/0x110
[  278.683973][T10647]  ? find_held_lock+0x2b/0x80
[  278.683985][T10647]  ? tomoyo_path_number_perm+0x295/0x580
[  278.684000][T10647]  ? tomoyo_path_number_perm+0x18d/0x580
[  278.684016][T10647]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  278.684032][T10647]  comedi_compat_ioctl+0x1d0/0x990
[  278.684047][T10647]  ? __pfx_comedi_compat_ioctl+0x10/0x10
[  278.684067][T10647]  ? find_held_lock+0x2b/0x80
[  278.684077][T10647]  ? hook_file_ioctl_common+0x145/0x410
[  278.684093][T10647]  ? __fget_files+0x20e/0x3c0
[  278.684110][T10647]  ? __fput_deferred+0x480/0x480
[  278.684124][T10647]  ? __pfx_comedi_compat_ioctl+0x10/0x10
[  278.684140][T10647]  __ia32_compat_sys_ioctl+0x23f/0x370
[  278.684156][T10647]  __do_fast_syscall_32+0x7c/0x3a0
[  278.684168][T10647]  do_fast_syscall_32+0x32/0x80
[  278.684179][T10647]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  278.684193][T10647] RIP: 0023:0xf704e579
[  278.684202][T10647] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  278.684212][T10647] RSP: 002b:00000000f503e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  278.684223][T10647] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000040946400
[  278.684230][T10647] RDX: 00000000800000c0 RSI: 0000000000000000 RDI: 0000000000000000
[  278.684236][T10647] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  278.684242][T10647] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  278.684248][T10647] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  278.684257][T10647]  </TASK>
[  278.684261][T10647] 
[  278.783961][T10647] Allocated by task 8837:
[  278.785307][T10647]  kasan_save_stack+0x33/0x60
[  278.786795][T10647]  kasan_save_track+0x14/0x30
[  278.788302][T10647]  __kasan_kmalloc+0xaa/0xb0
[  278.789752][T10647]  bus_add_driver+0x92/0x690
[  278.791219][T10647]  driver_register+0x15c/0x4b0
[  278.792763][T10647]  c6xdigio_attach+0xa3/0x4b0
[  278.794255][T10647]  comedi_device_attach+0x3b0/0x900
[  278.795886][T10647]  do_devconfig_ioctl+0x1a7/0x580
[  278.797462][T10647]  comedi_unlocked_ioctl+0x165d/0x2f00
[  278.799170][T10647]  comedi_compat_ioctl+0x1d0/0x990
[  278.800786][T10647]  __ia32_compat_sys_ioctl+0x23f/0x370
[  278.802521][T10647]  __do_fast_syscall_32+0x7c/0x3a0
[  278.804152][T10647]  do_fast_syscall_32+0x32/0x80
[  278.805678][T10647]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  278.807652][T10647] 
[  278.808419][T10647] Freed by task 10647:
[  278.809723][T10647]  kasan_save_stack+0x33/0x60
[  278.811228][T10647]  kasan_save_track+0x14/0x30
[  278.812737][T10647]  kasan_save_free_info+0x3b/0x60
[  278.814334][T10647]  __kasan_slab_free+0x51/0x70
[  278.815842][T10647]  kfree+0x2b4/0x4d0
[  278.817088][T10647]  kobject_put+0x1e7/0x5a0
[  278.818490][T10647]  bus_remove_driver+0x16e/0x2c0
[  278.820056][T10647]  driver_unregister+0x76/0xb0
[  278.821566][T10647]  comedi_device_detach+0x140/0x9e0
[  278.823238][T10647]  do_devconfig_ioctl+0x46c/0x580
[  278.824819][T10647]  comedi_unlocked_ioctl+0x165d/0x2f00
[  278.826516][T10647]  comedi_compat_ioctl+0x1d0/0x990
[  278.828135][T10647]  __ia32_compat_sys_ioctl+0x23f/0x370
[  278.829830][T10647]  __do_fast_syscall_32+0x7c/0x3a0
[  278.831434][T10647]  do_fast_syscall_32+0x32/0x80
[  278.832983][T10647]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  278.834956][T10647] 
[  278.835718][T10647] The buggy address belongs to the object at ffff888013048600
[  278.835718][T10647]  which belongs to the cache kmalloc-256 of size 256
[  278.839974][T10647] The buggy address is located 48 bytes inside of
[  278.839974][T10647]  freed 256-byte region [ffff888013048600, ffff888013048700)
[  278.844139][T10647] 
[  278.844908][T10647] The buggy address belongs to the physical page:
[  278.846895][T10647] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x13048
[  278.849522][T10647] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  278.852105][T10647] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  278.854556][T10647] page_type: f5(slab)
[  278.855814][T10647] raw: 00fff00000000040 ffff88801b842b40 ffffea0001c61f80 dead000000000005
[  278.858454][T10647] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  278.861112][T10647] head: 00fff00000000040 ffff88801b842b40 ffffea0001c61f80 dead000000000005
[  278.863820][T10647] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  278.866511][T10647] head: 00fff00000000001 ffffea00004c1201 00000000ffffffff 00000000ffffffff
[  278.869218][T10647] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[  278.871885][T10647] page dumped because: kasan: bad access detected
[  278.873918][T10647] page_owner tracks the page as allocated
[  278.875697][T10647] page last allocated via order 1, migratetype Unmovable, gfp_mask 0x252800(GFP_NOWAIT|__GFP_NORETRY|__GFP_COMP|__GFP_THISNODE), pid 5963, tgid 5963 (syz-executor), ts 182286310262, free_ts 168187519512
[  278.881628][T10647]  post_alloc_hook+0x1c0/0x230
[  278.883187][T10647]  get_page_from_freelist+0x1321/0x3890
[  278.884917][T10647]  __alloc_frozen_pages_noprof+0x261/0x23f0
[  278.886758][T10647]  new_slab+0x94/0x330
[  278.888065][T10647]  ___slab_alloc+0xd9c/0x1940
[  278.889552][T10647]  __slab_alloc.constprop.0+0x56/0xb0
[  278.891238][T10647]  __kmalloc_node_noprof+0x2ed/0x500
[  278.892901][T10647]  alloc_slab_obj_exts+0x41/0xa0
[  278.894469][T10647]  new_slab+0x283/0x330
[  278.895790][T10647]  ___slab_alloc+0xd9c/0x1940
[  278.897275][T10647]  __slab_alloc.constprop.0+0x56/0xb0
[  278.898958][T10647]  kmem_cache_alloc_noprof+0xef/0x3b0
[  278.900636][T10647]  vm_area_dup+0x27/0x8d0
[  278.902002][T10647]  dup_mmap+0x877/0x21d0
[  278.903384][T10647]  copy_process+0x4081/0x7650
[  278.904878][T10647]  kernel_clone+0xfc/0x960
[  278.906281][T10647] page last free pid 8518 tgid 8518 stack trace:
[  278.908248][T10647]  __free_frozen_pages+0x7fe/0x1180
[  278.909881][T10647]  free_pg_vec+0xf5/0x150
[  278.911249][T10647]  packet_set_ring+0x69a/0x18d0
[  278.912772][T10647]  packet_release+0x617/0xd90
[  278.914257][T10647]  __sock_release+0xb0/0x270
[  278.915704][T10647]  sock_close+0x1c/0x30
[  278.917013][T10647]  __fput+0x402/0xb70
[  278.918271][T10647]  task_work_run+0x14d/0x240
[  278.919737][T10647]  exit_to_user_mode_loop+0xeb/0x110
[  278.921387][T10647]  __do_fast_syscall_32+0x2ac/0x3a0
[  278.923055][T10647]  do_fast_syscall_32+0x32/0x80
[  278.924593][T10647]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  278.926562][T10647] 
[  278.927341][T10647] Memory state around the buggy address:
[  278.929085][T10647]  ffff888013048500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  278.931559][T10647]  ffff888013048580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  278.933969][T10647] >ffff888013048600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  278.936442][T10647]                                      ^
[  278.938183][T10647]  ffff888013048680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  278.940669][T10647]  ffff888013048700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  278.943163][T10647] ==================================================================
[  278.946428][   T10] plantronics 0003:047F:FFFF.0008: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0
[  278.968534][T10647] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  278.970805][T10647] CPU: 3 UID: 0 PID: 10647 Comm: syz.0.1244 Not tainted 6.16.0-rc7-syzkaller-00127-g302f88ff3584 #0 PREEMPT(full) 
[  278.974517][T10647] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  278.977882][T10647] Call Trace:
[  278.979221][T10647]  <TASK>
[  278.980343][T10647]  dump_stack_lvl+0x3d/0x1f0
[  278.981801][T10647]  panic+0x71c/0x800
[  278.983110][T10647]  ? __pfx_panic+0x10/0x10
[  278.984533][T10647]  ? mark_held_locks+0x49/0x80
[  278.986043][T10647]  ? preempt_schedule_thunk+0x16/0x30
[  278.987731][T10647]  ? sysfs_remove_file_ns+0x63/0x70
[  278.989362][T10647]  ? preempt_schedule_common+0x44/0xc0
[  278.991269][T10647]  ? check_panic_on_warn+0x1f/0xb0
[  278.993112][T10647]  ? sysfs_remove_file_ns+0x63/0x70
[  278.994906][T10647]  check_panic_on_warn+0xab/0xb0
[  278.996861][T10647]  end_report+0x107/0x170
[  278.998698][T10647]  kasan_report+0xee/0x110
[  279.000599][T10647]  ? sysfs_remove_file_ns+0x63/0x70
[  279.002808][T10647]  sysfs_remove_file_ns+0x63/0x70
[  279.004937][T10647]  driver_remove_file+0x4a/0x60
[  279.006978][T10647]  bus_remove_driver+0x224/0x2c0
[  279.009051][T10647]  driver_unregister+0x76/0xb0
[  279.011066][T10647]  comedi_device_detach+0x140/0x9e0
[  279.012912][T10647]  ? comedi_request_region+0xd4/0x1c0
[  279.014580][T10647]  comedi_device_attach+0x43d/0x900
[  279.016227][T10647]  do_devconfig_ioctl+0x1a7/0x580
[  279.018102][T10647]  ? __pfx_do_devconfig_ioctl+0x10/0x10
[  279.020297][T10647]  ? kasan_save_stack+0x42/0x60
[  279.022119][T10647]  ? kasan_save_stack+0x33/0x60
[  279.023905][T10647]  ? kasan_save_track+0x14/0x30
[  279.025949][T10647]  ? kasan_save_free_info+0x3b/0x60
[  279.028140][T10647]  ? __kasan_slab_free+0x51/0x70
[  279.030215][T10647]  ? kfree+0x2b4/0x4d0
[  279.031927][T10647]  ? tomoyo_path_number_perm+0x470/0x580
[  279.034179][T10647]  comedi_unlocked_ioctl+0x165d/0x2f00
[  279.036361][T10647]  ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[  279.038305][T10647]  ? kasan_quarantine_put+0x10a/0x240
[  279.040589][T10647]  ? lockdep_hardirqs_on+0x7c/0x110
[  279.042787][T10647]  ? find_held_lock+0x2b/0x80
[  279.044773][T10647]  ? tomoyo_path_number_perm+0x295/0x580
[  279.047127][T10647]  ? tomoyo_path_number_perm+0x18d/0x580
[  279.049481][T10647]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  279.051987][T10647]  comedi_compat_ioctl+0x1d0/0x990
[  279.054099][T10647]  ? __pfx_comedi_compat_ioctl+0x10/0x10
[  279.055903][T10647]  ? find_held_lock+0x2b/0x80
[  279.057382][T10647]  ? hook_file_ioctl_common+0x145/0x410
[  279.059184][T10647]  ? __fget_files+0x20e/0x3c0
[  279.060709][T10647]  ? __fput_deferred+0x480/0x480
[  279.062342][T10647]  ? __pfx_comedi_compat_ioctl+0x10/0x10
[  279.064143][T10647]  __ia32_compat_sys_ioctl+0x23f/0x370
[  279.066030][T10647]  __do_fast_syscall_32+0x7c/0x3a0
[  279.068173][T10647]  do_fast_syscall_32+0x32/0x80
[  279.070194][T10647]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  279.072835][T10647] RIP: 0023:0xf704e579
[  279.074559][T10647] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  279.082481][T10647] RSP: 002b:00000000f503e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  279.085755][T10647] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000040946400
[  279.088862][T10647] RDX: 00000000800000c0 RSI: 0000000000000000 RDI: 0000000000000000
[  279.091952][T10647] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  279.095065][T10647] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  279.098155][T10647] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  279.101297][T10647]  </TASK>
[  279.103228][T10647] Kernel Offset: disabled
[  279.104935][T10647] Rebooting in 86400 seconds..

VM DIAGNOSIS:
23:48:28  Registers:
info registers vcpu 0

CPU#0
RAX=00000002000008fb RBX=0000000000000001 RCX=0000000000000830 RDX=0000000000000002
RSI=00000000000000fb RDI=0000000000000002 RBP=ffff8880276f0038 RSP=ffffc900045875e0
R8 =0000000000000001 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000001
R12=0000000000000001 R13=1ffff920008b0ebf R14=1ffff11004ede001 R15=0000000000000000
RIP=ffffffff81693ef8 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff88809752d000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000000030112ffc CR3=00000000239d0000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000607f14b51940 RBX=ffff88801deba440 RCX=0000000000000001 RDX=1ffff110048fb2eb
RSI=ffffffff8de04ada RDI=ffff8880137570a0 RBP=0000000000000001 RSP=ffffc9000046fbe0
R8 =0000000000000004 R9 =0000000000000001 R10=ffff88801deba447 R11=0000000000000000
R12=0000000000000001 R13=fffffbfff1be6bb5 R14=ffff888013757000 R15=dffffc0000000000
RIP=ffffffff8196af38 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88809762d000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=000000003020bffc CR3=00000000239d0000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000005000000000 0000000100000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 2

CPU#2
RAX=0000000000000000 RBX=ffff88802b541f20 RCX=ffffffff81af491d RDX=ffff888027a44880
RSI=ffffffff81af48f9 RDI=0000000000000005 RBP=0000000000000001 RSP=ffffc90006cb78a0
R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000001
R12=dffffc0000000000 R13=0000000000000003 R14=ffffed10056a83e5 R15=ffff88802b43b6c0
RIP=ffffffff81af48fb RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88809772d000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000008f000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=000055b4cce9c138 CR3=000000000e382000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000005000000000 0000000100000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 3

CPU#3
RAX=0000000000000002 RBX=ffffffff8e4d22e0 RCX=1ffff9200067cdea RDX=0000000000000002
RSI=ffffffff8bae3160 RDI=0000000000000002 RBP=00000000ffffec1e RSP=ffffc900033e6ea8
R8 =0000000000000001 R9 =fffff5200067cdea R10=ffffc900033e6f57 R11=0000000000005e07
R12=ffffffffffff3698 R13=1ffff9200067cde2 R14=0000000000000002 R15=dffffc0000000000
RIP=ffffffff81bb509a RFL=00000086 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff88809782d000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000d6000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000000080001700 CR3=0000000052559000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000008
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000c400000000 0000000100000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000