last executing test programs:

43.837571991s ago: executing program 1 (id=6109):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000b40)={0x11, 0x8, &(0x7f0000005c00)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546000677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289d01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5467a932b77674e802a0d42bc6099ad238af770b5ed8925161729298700000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3ac3209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b135ab6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809b5b9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed3957f813567f7a95435ac15fc0288d9b2a169cdcacc413b48dafb7a2c8cb482bac0ac559eaf39027ceb379a902d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385beef3282830689da6b53b263339863297771429d120000003341bf4abacac94500fca0493cf29b33dcc9ffffffffffffffd39f6ce0c6ff01589646efd1cf870cd7bb2366fdf870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1293b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd000c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c7df8be5877050c91301fb997316dbf17866fb84d4173731efe895ff2e1c55ef08235a0126e01254c44060926e90109b598502d3e959efc71f665c4d75cf2458e3542c9062ece84c99a861887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc74aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7ad333545794f37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f4df90400000000000000d6b2c5ea139376f24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8e3070000001e48418046c216c1f895778cb25122a2a998de0842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec84ac3571f02f647b3385b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba2f58ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df986741517abf11389b751f4e109b60000000000000000d6d5210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750890ae71555b3228b1bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e7a45319f18101288d139bd3da230ed05a8fe64680b0a3f9f2dd704e4214de5946912d6c98cd1a9fbe1e7d58c08acaf30235b9100000000a55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854356cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c776f4b4ce07e1c6fa66fcfc7a228805f76785efc0ceb1c8e5729c66418d169fc03aa18854693ad2a182068e1e3a0e2505bc7f41019645466ac96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a428f1da1f68df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7e478950aa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab848753203b458b97ec1afb079b4b4ba686fcdf240430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7db3c4be290159f6bcd75f0dda9de5532e71ae9e48b0ed1254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6c30ebc660309e1e245b0fdf9743af932cd6db49a47613808bad959719c0000000000378ac2e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6ca0400966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e3030108000000000000c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bffef97dcecc467ace456597685c5870d25f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4cba6e6390a9f302c6eb2df7766411bef0ebb5000000000006065d6735eb7a00e127c0000000000000000000000bfb0bba79344643b1d8daa9f38e4b62c1e2af68c6f5054b078acd74b4a9c944e4505da485a3a4154387a0a88372091cd397b09c5888a06431df3f68abf0b366c4d5f8bea7b29c257ed756dff7a21c6b661cbdd43de65afd7f661d5c84f915c90e3d6ea012b68b787eb01d8320000000000000060176dacba0ec503a37fae6b472ec369c79ee6a420c0fd8d8d82fe136d5af6c30bfeb0a7275babfdb96a127aa9386e0671c6454245a18c1c8c49552cff5d27b547cdc34c0858c77a47a9ff86ee9fbd9ceda428716a4218821176d8067997527230fa67d26950d3e4f2750fa7c872874ad3a2d11f9f6eb08e6d7b6fa257b04d8ce36360f524e3dfd2211641f3d2637d86b80681eca50ce0eecafdd22d41fa515c15591e70ded4b70efac3cb42fb352d82e8f7573e8ed8248da356fa91a252976d3a4d8c1843a8d5bb7f5f1028453a0562a3ea93117076dd4940b7df50d78289fe66197525f6095f8662d232970bef61b03fa83027963a1a2e07cfee30c0d0b4c5877f93b3637ca21eab5afcf5d4638dfe8f9202aaad51c979049dd76d65368cbd4187d9f74257c7c4a23ac4a34eec5aa17e78c5167216f5e72138d20f8325dd5f8f96c32189c904eaef580987f1ce601a7cdc35461db9981ac42f9e24b0699bbe4e3d986e38952b0b7938eefd9e7a292bbb66367ad77045fdc18855c81c031dedd185c723238373fc698d676791d04f1ff5f0825a6619e844882f31ed190233d58ecee949e310bf2b1a51b8a33ae65a06d2b6ad386bf8dc49dd328bcd75d1843a13d68560175a18af7efc3c0f20e32f84f6aaaf000000000000000000000013a6c66bce74a8fb9092023df695da2714a7933d699d42de2bc4a85e0a0e22228290a7a7553ab93a16e42453ed86869a02df2f47d4088fac1772d3cd955c81cbf91c2ca7942942f61723b558079b82547844f92df2499c4b2c2ef2539e5daa8d8727baaa6b5755e6f83bbfca00000000000000000000007925d0f1256330b9e2aa9a18cea8e009116f63c6c7d8f7f95bf0f6731e5eb1dcdc534f357b9f08e7a9a3aebeca145d695053b5bef004ca24e6c57ed10f01488d38b8b0b68d93e3cf630837915d518fde2115e66615786fe7b9216de958119cf762cac77ac829a02f48e72c0d2841880b2c"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xffffffffffffff7e, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
r1 = syz_open_dev$radio(&(0x7f0000000100), 0x3, 0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r3 = dup(r2)
write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd74)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffbfd, 0x0, 0x4)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x5, 0x0, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x1)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
io_uring_enter(0xffffffffffffffff, 0x47f6, 0x0, 0x0, 0x0, 0x0)
r4 = io_uring_setup(0x54a0, &(0x7f0000000000)={0x0, 0x70e5, 0x2, 0x2, 0xf2})
io_uring_register$IORING_REGISTER_IOWQ_MAX_WORKERS(r4, 0x13, &(0x7f0000000080)=[0x5, 0xa22], 0x2)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt_hci(r5, 0x400448cb, 0x0)
ioctl$BTRFS_IOC_QUOTA_RESCAN_WAIT(r1, 0x942e, 0x0)
r6 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000049c0)={0x3, 0x2e, 0x0, &(0x7f0000000080)='GPL\x00', 0x2, 0x0, 0x0, 0x45057bf4ccb05c67, 0x24, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r7, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)
write$dsp(r6, &(0x7f00000001c0)="5cba91a4", 0xffffffd9)
ioctl$SNDCTL_DSP_SYNC(r6, 0x5001, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r6, 0x40045010, &(0x7f0000000300)=0x3)
ioctl$SNDCTL_DSP_RESET(r6, 0x5000, 0x0)
bind$bt_hci(0xffffffffffffffff, &(0x7f0000000340)={0x1f, 0xffff, 0x3}, 0x6)
write(0xffffffffffffffff, &(0x7f0000000040)="05000000010000", 0x7)

42.693247624s ago: executing program 1 (id=6119):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000006c0)=@updsa={0xec, 0x1a, 0x1, 0x0, 0x0, {{@in6=@private0, @in6=@empty}, {@in, 0x0, 0x6c}, @in6=@private1, {}, {}, {}, 0x0, 0x0, 0xa}}, 0xec}}, 0x0) (async)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000080)=@bpf_lsm={0x12, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="560a00000000000079113000000000001800000000000000000000000000000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)

42.643298425s ago: executing program 1 (id=6120):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = eventfd2(0x4001, 0x800)
pipe(&(0x7f0000000600)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
write(r4, &(0x7f0000000000)="fc", 0x1)
r5 = socket$inet_udp(0x2, 0x2, 0x0)
close(r5)
r6 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r6, &(0x7f0000000000)={0x2, 0x0, @local}, 0x10)
setsockopt$sock_int(r6, 0x1, 0x3c, &(0x7f00000000c0)=0x1, 0x4)
sendmmsg$inet(r6, &(0x7f0000006c80)=[{{&(0x7f0000000100)={0x2, 0x4e20, @multicast1}, 0x10, 0x0}}], 0x1, 0x4008000)
r7 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0xc0802, 0x0)
ioctl$PPPIOCNEWUNIT(r7, 0xc004743e, &(0x7f00000000c0)=0x2)
ioctl$PPPIOCSMAXCID(r7, 0x40047451, &(0x7f0000000200)=0x3)
pwritev(r7, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00!G', 0x3}], 0x1, 0x807, 0x0)
splice(r3, 0x0, r5, 0x0, 0x1100000000f336, 0x0)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000200)='sched_switch\x00', r8}, 0x18)
futex(0x0, 0x85, 0x0, 0x0, 0x0, 0xc5fffffd)
prctl$PR_SET_NAME(0xf, 0x0)
r9 = syz_genetlink_get_family_id$smc(&(0x7f0000000000), 0xffffffffffffffff)
r10 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$SMC_PNETID_ADD(r10, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)={0x2c, r9, 0x1, 0x0, 0x0, {}, [@SMC_PNETID_NAME={0x9, 0x1, 'syz2\x00'}, @SMC_PNETID_IBNAME={0x9, 0x3, 'syz2\x00'}]}, 0x2c}}, 0xc800)
sendmsg$SMC_PNETID_DEL(r10, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)={0x14, r9, 0xe27, 0x0, 0x0, {0x4, 0x7, 0x2}}, 0x14}, 0x1, 0x40030000000000}, 0x0) (fail_nth: 5)
r11 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r11, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f0000000000)={0x1c, 0x2d, 0x1, 0x70bd26, 0x25dfdbfc, {0x4}, [@typed={0x8, 0x9, 0x0, 0x0, @binary="38eac21a"}]}, 0x1c}}, 0x20000000)
ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000140)={r2, 0xc4, 0x2})

41.599329471s ago: executing program 1 (id=6121):
fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0)
syz_open_dev$sndctrl(&(0x7f0000000080), 0x1, 0x0)
openat$vmci(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
socket(0xa, 0x3, 0x3a)
syz_open_procfs(0x0, &(0x7f0000000100)='attr/keycreate\x00')
socket$pppoe(0x18, 0x1, 0x0)
openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0201, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0)
socket$inet(0x2, 0x4000000000000001, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r0, 0x107, 0x14, &(0x7f0000000080)=0xfff, 0x4)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
getpeername$packet(r2, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @dev}, 0x0)
sendmmsg(r0, &(0x7f0000000440)=[{{&(0x7f0000000700)=@xdp={0x2c, 0x0, r3}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000180)='O', 0x36}], 0x1}}], 0x1, 0x0)

41.466876559s ago: executing program 1 (id=6127):
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$unix(0x1, 0x2, 0x0)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r3=>0x0})
sendmsg$NL80211_CMD_NEW_INTERFACE(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010028bd7000fddbdf250700000008000300", @ANYRES32=r3, @ANYBLOB="0c009900ff070000700000001400040073797a6b616c6c6572300000000000000800050006"], 0x44}, 0x1, 0x0, 0x0, 0x81}, 0x24044884)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r4)
socket$inet_sctp(0x2, 0x1, 0x84)
ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local})
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.events\x00', 0x26e1, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r5, &(0x7f00000003c0)={0x0, 0x2300, &(0x7f0000000000)=[{&(0x7f0000000080)="2e00000010008188e6b62aa73772cc9f1ba1f848480000005e140602000000000e000a000f000000028000001294", 0x2e}], 0x1}, 0x0)

41.392345682s ago: executing program 1 (id=6128):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000b40)={0x11, 0x8, &(0x7f0000005c00)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546000677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289d01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5467a932b77674e802a0d42bc6099ad238af770b5ed8925161729298700000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3ac3209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b135ab6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809b5b9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed3957f813567f7a95435ac15fc0288d9b2a169cdcacc413b48dafb7a2c8cb482bac0ac559eaf39027ceb379a902d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385beef3282830689da6b53b263339863297771429d120000003341bf4abacac94500fca0493cf29b33dcc9ffffffffffffffd39f6ce0c6ff01589646efd1cf870cd7bb2366fdf870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1293b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd000c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c7df8be5877050c91301fb997316dbf17866fb84d4173731efe895ff2e1c55ef08235a0126e01254c44060926e90109b598502d3e959efc71f665c4d75cf2458e3542c9062ece84c99a861887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc74aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7ad333545794f37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f4df90400000000000000d6b2c5ea139376f24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8e3070000001e48418046c216c1f895778cb25122a2a998de0842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec84ac3571f02f647b3385b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba2f58ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df986741517abf11389b751f4e109b60000000000000000d6d5210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750890ae71555b3228b1bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e7a45319f18101288d139bd3da230ed05a8fe64680b0a3f9f2dd704e4214de5946912d6c98cd1a9fbe1e7d58c08acaf30235b9100000000a55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854356cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c776f4b4ce07e1c6fa66fcfc7a228805f76785efc0ceb1c8e5729c66418d169fc03aa18854693ad2a182068e1e3a0e2505bc7f41019645466ac96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a428f1da1f68df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7e478950aa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab848753203b458b97ec1afb079b4b4ba686fcdf240430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7db3c4be290159f6bcd75f0dda9de5532e71ae9e48b0ed1254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6c30ebc660309e1e245b0fdf9743af932cd6db49a47613808bad959719c0000000000378ac2e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6ca0400966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e3030108000000000000c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bffef97dcecc467ace456597685c5870d25f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4cba6e6390a9f302c6eb2df7766411bef0ebb5000000000006065d6735eb7a00e127c0000000000000000000000bfb0bba79344643b1d8daa9f38e4b62c1e2af68c6f5054b078acd74b4a9c944e4505da485a3a4154387a0a88372091cd397b09c5888a06431df3f68abf0b366c4d5f8bea7b29c257ed756dff7a21c6b661cbdd43de65afd7f661d5c84f915c90e3d6ea012b68b787eb01d8320000000000000060176dacba0ec503a37fae6b472ec369c79ee6a420c0fd8d8d82fe136d5af6c30bfeb0a7275babfdb96a127aa9386e0671c6454245a18c1c8c49552cff5d27b547cdc34c0858c77a47a9ff86ee9fbd9ceda428716a4218821176d8067997527230fa67d26950d3e4f2750fa7c872874ad3a2d11f9f6eb08e6d7b6fa257b04d8ce36360f524e3dfd2211641f3d2637d86b80681eca50ce0eecafdd22d41fa515c15591e70ded4b70efac3cb42fb352d82e8f7573e8ed8248da356fa91a252976d3a4d8c1843a8d5bb7f5f1028453a0562a3ea93117076dd4940b7df50d78289fe66197525f6095f8662d232970bef61b03fa83027963a1a2e07cfee30c0d0b4c5877f93b3637ca21eab5afcf5d4638dfe8f9202aaad51c979049dd76d65368cbd4187d9f74257c7c4a23ac4a34eec5aa17e78c5167216f5e72138d20f8325dd5f8f96c32189c904eaef580987f1ce601a7cdc35461db9981ac42f9e24b0699bbe4e3d986e38952b0b7938eefd9e7a292bbb66367ad77045fdc18855c81c031dedd185c723238373fc698d676791d04f1ff5f0825a6619e844882f31ed190233d58ecee949e310bf2b1a51b8a33ae65a06d2b6ad386bf8dc49dd328bcd75d1843a13d68560175a18af7efc3c0f20e32f84f6aaaf000000000000000000000013a6c66bce74a8fb9092023df695da2714a7933d699d42de2bc4a85e0a0e22228290a7a7553ab93a16e42453ed86869a02df2f47d4088fac1772d3cd955c81cbf91c2ca7942942f61723b558079b82547844f92df2499c4b2c2ef2539e5daa8d8727baaa6b5755e6f83bbfca00000000000000000000007925d0f1256330b9e2aa9a18cea8e009116f63c6c7d8f7f95bf0f6731e5eb1dcdc534f357b9f08e7a9a3aebeca145d695053b5bef004ca24e6c57ed10f01488d38b8b0b68d93e3cf630837915d518fde2115e66615786fe7b9216de958119cf762cac77ac829a02f48e72c0d2841880b2c"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xffffffffffffff7e, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
r1 = syz_open_dev$radio(&(0x7f0000000100), 0x3, 0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r3 = dup(r2)
write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd74)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffbfd, 0x0, 0x4)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x5, 0x0, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x1)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
io_uring_enter(0xffffffffffffffff, 0x47f6, 0x0, 0x0, 0x0, 0x0)
r4 = io_uring_setup(0x54a0, &(0x7f0000000000)={0x0, 0x70e5, 0x2, 0x2, 0xf2})
io_uring_register$IORING_REGISTER_IOWQ_MAX_WORKERS(r4, 0x13, &(0x7f0000000080)=[0x5, 0xa22], 0x2)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt_hci(r5, 0x400448cb, 0x0)
ioctl$BTRFS_IOC_QUOTA_RESCAN_WAIT(r1, 0x942e, 0x0)
r6 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000049c0)={0x3, 0x2e, 0x0, &(0x7f0000000080)='GPL\x00', 0x2, 0x0, 0x0, 0x45057bf4ccb05c67, 0x24, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r7, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)
write$dsp(r6, &(0x7f00000001c0)="5cba91a4", 0xffffffd9)
ioctl$SNDCTL_DSP_SYNC(r6, 0x5001, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r6, 0x40045010, &(0x7f0000000300)=0x3)
ioctl$SNDCTL_DSP_RESET(r6, 0x5000, 0x0)
bind$bt_hci(0xffffffffffffffff, &(0x7f0000000340)={0x1f, 0xffff, 0x3}, 0x6)
write(0xffffffffffffffff, &(0x7f0000000040)="05000000010000", 0x7)

25.075474183s ago: executing program 32 (id=6128):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000b40)={0x11, 0x8, &(0x7f0000005c00)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546000677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289d01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5467a932b77674e802a0d42bc6099ad238af770b5ed8925161729298700000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3ac3209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b135ab6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809b5b9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed3957f813567f7a95435ac15fc0288d9b2a169cdcacc413b48dafb7a2c8cb482bac0ac559eaf39027ceb379a902d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385beef3282830689da6b53b263339863297771429d120000003341bf4abacac94500fca0493cf29b33dcc9ffffffffffffffd39f6ce0c6ff01589646efd1cf870cd7bb2366fdf870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1293b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd000c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c7df8be5877050c91301fb997316dbf17866fb84d4173731efe895ff2e1c55ef08235a0126e01254c44060926e90109b598502d3e959efc71f665c4d75cf2458e3542c9062ece84c99a861887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc74aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7ad333545794f37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f4df90400000000000000d6b2c5ea139376f24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8e3070000001e48418046c216c1f895778cb25122a2a998de0842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec84ac3571f02f647b3385b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba2f58ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df986741517abf11389b751f4e109b60000000000000000d6d5210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750890ae71555b3228b1bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e7a45319f18101288d139bd3da230ed05a8fe64680b0a3f9f2dd704e4214de5946912d6c98cd1a9fbe1e7d58c08acaf30235b9100000000a55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854356cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c776f4b4ce07e1c6fa66fcfc7a228805f76785efc0ceb1c8e5729c66418d169fc03aa18854693ad2a182068e1e3a0e2505bc7f41019645466ac96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a428f1da1f68df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7e478950aa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab848753203b458b97ec1afb079b4b4ba686fcdf240430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7db3c4be290159f6bcd75f0dda9de5532e71ae9e48b0ed1254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6c30ebc660309e1e245b0fdf9743af932cd6db49a47613808bad959719c0000000000378ac2e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6ca0400966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e3030108000000000000c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bffef97dcecc467ace456597685c5870d25f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4cba6e6390a9f302c6eb2df7766411bef0ebb5000000000006065d6735eb7a00e127c0000000000000000000000bfb0bba79344643b1d8daa9f38e4b62c1e2af68c6f5054b078acd74b4a9c944e4505da485a3a4154387a0a88372091cd397b09c5888a06431df3f68abf0b366c4d5f8bea7b29c257ed756dff7a21c6b661cbdd43de65afd7f661d5c84f915c90e3d6ea012b68b787eb01d8320000000000000060176dacba0ec503a37fae6b472ec369c79ee6a420c0fd8d8d82fe136d5af6c30bfeb0a7275babfdb96a127aa9386e0671c6454245a18c1c8c49552cff5d27b547cdc34c0858c77a47a9ff86ee9fbd9ceda428716a4218821176d8067997527230fa67d26950d3e4f2750fa7c872874ad3a2d11f9f6eb08e6d7b6fa257b04d8ce36360f524e3dfd2211641f3d2637d86b80681eca50ce0eecafdd22d41fa515c15591e70ded4b70efac3cb42fb352d82e8f7573e8ed8248da356fa91a252976d3a4d8c1843a8d5bb7f5f1028453a0562a3ea93117076dd4940b7df50d78289fe66197525f6095f8662d232970bef61b03fa83027963a1a2e07cfee30c0d0b4c5877f93b3637ca21eab5afcf5d4638dfe8f9202aaad51c979049dd76d65368cbd4187d9f74257c7c4a23ac4a34eec5aa17e78c5167216f5e72138d20f8325dd5f8f96c32189c904eaef580987f1ce601a7cdc35461db9981ac42f9e24b0699bbe4e3d986e38952b0b7938eefd9e7a292bbb66367ad77045fdc18855c81c031dedd185c723238373fc698d676791d04f1ff5f0825a6619e844882f31ed190233d58ecee949e310bf2b1a51b8a33ae65a06d2b6ad386bf8dc49dd328bcd75d1843a13d68560175a18af7efc3c0f20e32f84f6aaaf000000000000000000000013a6c66bce74a8fb9092023df695da2714a7933d699d42de2bc4a85e0a0e22228290a7a7553ab93a16e42453ed86869a02df2f47d4088fac1772d3cd955c81cbf91c2ca7942942f61723b558079b82547844f92df2499c4b2c2ef2539e5daa8d8727baaa6b5755e6f83bbfca00000000000000000000007925d0f1256330b9e2aa9a18cea8e009116f63c6c7d8f7f95bf0f6731e5eb1dcdc534f357b9f08e7a9a3aebeca145d695053b5bef004ca24e6c57ed10f01488d38b8b0b68d93e3cf630837915d518fde2115e66615786fe7b9216de958119cf762cac77ac829a02f48e72c0d2841880b2c"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xffffffffffffff7e, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
r1 = syz_open_dev$radio(&(0x7f0000000100), 0x3, 0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r3 = dup(r2)
write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd74)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffbfd, 0x0, 0x4)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x5, 0x0, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x1)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
io_uring_enter(0xffffffffffffffff, 0x47f6, 0x0, 0x0, 0x0, 0x0)
r4 = io_uring_setup(0x54a0, &(0x7f0000000000)={0x0, 0x70e5, 0x2, 0x2, 0xf2})
io_uring_register$IORING_REGISTER_IOWQ_MAX_WORKERS(r4, 0x13, &(0x7f0000000080)=[0x5, 0xa22], 0x2)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt_hci(r5, 0x400448cb, 0x0)
ioctl$BTRFS_IOC_QUOTA_RESCAN_WAIT(r1, 0x942e, 0x0)
r6 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000049c0)={0x3, 0x2e, 0x0, &(0x7f0000000080)='GPL\x00', 0x2, 0x0, 0x0, 0x45057bf4ccb05c67, 0x24, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r7, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)
write$dsp(r6, &(0x7f00000001c0)="5cba91a4", 0xffffffd9)
ioctl$SNDCTL_DSP_SYNC(r6, 0x5001, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r6, 0x40045010, &(0x7f0000000300)=0x3)
ioctl$SNDCTL_DSP_RESET(r6, 0x5000, 0x0)
bind$bt_hci(0xffffffffffffffff, &(0x7f0000000340)={0x1f, 0xffff, 0x3}, 0x6)
write(0xffffffffffffffff, &(0x7f0000000040)="05000000010000", 0x7)

15.094847233s ago: executing program 3 (id=6259):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x14)
r0 = io_uring_setup(0x1379, &(0x7f0000000080)={0x0, 0xfffffffc, 0x0, 0x0, 0x121})
r1 = socket$tipc(0x1e, 0x2, 0x0)
r2 = socket$tipc(0x1e, 0x5, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
r4 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000003480)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0)
read$FUSE(r4, &(0x7f00000034c0)={0x2020, 0x0, 0x0, <r5=>0x0, <r6=>0x0}, 0xcac)
fchown(r3, r5, r6)
fsetxattr$system_posix_acl(r3, &(0x7f0000000000)='system.posix_acl_access\x00', &(0x7f00000015c0)={{}, {0x1, 0x3}, [{0x2, 0x0, r5}], {0x4, 0x4}, [], {0x10, 0x1}, {0x20, 0x2}}, 0x2c, 0x2) (async)
fsetxattr$system_posix_acl(r3, &(0x7f0000000000)='system.posix_acl_access\x00', &(0x7f00000015c0)={{}, {0x1, 0x3}, [{0x2, 0x0, r5}], {0x4, 0x4}, [], {0x10, 0x1}, {0x20, 0x2}}, 0x2c, 0x2)
openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
bind$tipc(r2, &(0x7f00000001c0)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x1, 0xfffffffd}}, 0x10) (async)
bind$tipc(r2, &(0x7f00000001c0)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x1, 0xfffffffd}}, 0x10)
setresgid(0xee00, 0xee01, 0x0)
setresgid(0xffffffffffffffff, 0xee00, 0x0) (async)
setresgid(0xffffffffffffffff, 0xee00, 0x0)
setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000100)={0x42, 0x2, 0x2}, 0x10) (async)
setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000100)={0x42, 0x2, 0x2}, 0x10)
close_range(r0, 0xffffffffffffffff, 0x0) (async)
close_range(r0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000040)={'tunl0\x00', &(0x7f0000000140)={'syztnl0\x00', <r7=>0x0, 0x10, 0x8000, 0x68, 0x8, {{0x18, 0x4, 0x0, 0x3, 0x60, 0x68, 0x0, 0x1, 0x29, 0x0, @multicast1, @local, {[@timestamp_prespec={0x44, 0x34, 0x35, 0x3, 0xa, [{@loopback, 0x7}, {@local, 0x6}, {@multicast2, 0x3}, {@private=0xa010102, 0x5}, {@remote, 0x3}, {@local}]}, @cipso={0x86, 0x18, 0x0, [{0x1, 0x12, "4b875241af5bd033d4b3cf26dbf1c686"}]}]}}}}})
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="0d000000020000000800400001ce00b073512e08de5786740d8c4ff2c14937a1a7fa36b3a92a5edb4f5748531d055b114c20d8da6f789a27d119987c0648655e2225a551bfdaa1a8eb7c414eb3bb2bbf9e26862a2d1af4e94efa0373b31c1c8fef833e8c8d6914727494d3bdd9ca3b2656f1131b1fa2974458aefa557689b0a0c8bc177f9d512084a6a3386eaca60a397d5b36db7045400fcfa0a952aa000000", @ANYRES32, @ANYBLOB="0100008000"/20, @ANYRES32=r7, @ANYRES32, @ANYBLOB="01000000020000000400"/28], 0x50)
syz_open_dev$tty20(0xc, 0x4, 0x1) (async)
r9 = syz_open_dev$tty20(0xc, 0x4, 0x1)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000500)={0x18, 0x10, &(0x7f0000000280)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x800}, {{0x18, 0x1, 0x1, 0x0, r8}}, {}, [@call={0x85, 0x0, 0x0, 0x7f}], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000300)='syzkaller\x00', 0x3ff, 0x94, &(0x7f0000000340)=""/148, 0x40f00, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000400)={0x2, 0x2, 0x2, 0x100}, 0x10, 0x0, 0x0, 0x7, &(0x7f0000000440)=[r8], &(0x7f0000000480)=[{0x0, 0x4, 0x7, 0x5}, {0x5, 0x5, 0xd, 0x5}, {0x4, 0x4, 0x3, 0x2}, {0x2, 0x4, 0x3}, {0x4, 0x5, 0x4, 0x5}, {0x0, 0x1, 0x40, 0x4}, {0x4, 0x4, 0xf, 0xb}], 0x10, 0xcc8c, @void, @value}, 0x94) (async)
r10 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000500)={0x18, 0x10, &(0x7f0000000280)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x800}, {{0x18, 0x1, 0x1, 0x0, r8}}, {}, [@call={0x85, 0x0, 0x0, 0x7f}], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000300)='syzkaller\x00', 0x3ff, 0x94, &(0x7f0000000340)=""/148, 0x40f00, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000400)={0x2, 0x2, 0x2, 0x100}, 0x10, 0x0, 0x0, 0x7, &(0x7f0000000440)=[r8], &(0x7f0000000480)=[{0x0, 0x4, 0x7, 0x5}, {0x5, 0x5, 0xd, 0x5}, {0x4, 0x4, 0x3, 0x2}, {0x2, 0x4, 0x3}, {0x4, 0x5, 0x4, 0x5}, {0x0, 0x1, 0x40, 0x4}, {0x4, 0x4, 0xf, 0xb}], 0x10, 0xcc8c, @void, @value}, 0x94)
bpf$PROG_BIND_MAP(0x23, &(0x7f00000005c0)={r10, r8}, 0xc)
ioctl$int_in(r9, 0x5452, &(0x7f0000000000)=0x4)

14.716785099s ago: executing program 3 (id=6265):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc) (async)
syz_emit_ethernet(0x6a, &(0x7f00000000c0)=ANY=[@ANYBLOB="ffffffffffff0180c200000008004503005c00000000002f907800000000e0000001248088a80000000000ff000010000800000086dd86dd88be00000000100000000100000000400000080022eb00000001200000000200000000000000000000000800655800000000"], 0x0)
r1 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file1\x00', 0x169142, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x58b9808bbcfa107b, 0x12, r2, 0x0) (async, rerun: 32)
r3 = userfaultfd(0x801) (rerun: 32)
ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f00000000c0)) (async)
ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x5})
ioctl$UFFDIO_CONTINUE(r3, 0xc020aa08, &(0x7f0000000080)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}}) (async)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r1, 0x7a0, &(0x7f0000000080)) (async, rerun: 32)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) (async, rerun: 32)
r4 = syz_open_dev$cec(&(0x7f0000000000), 0xffffffffffffffff, 0x107400)
ioctl$IOC_PR_PREEMPT(r4, 0x40046109, &(0x7f00000003c0)={0xf0, 0x0, 0x2})
ioctl$CEC_S_MODE(r4, 0x40046109, &(0x7f0000000080)=0x2) (async)
sendmsg$IPCTNL_MSG_CT_GET_STATS_CPU(r0, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000900)={&(0x7f0000000080)={0x14, 0x4, 0x1, 0x5, 0x0, 0x0, {0x5, 0x0, 0xffff}, ["", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x20008080}, 0x4004cc1)
r5 = socket$inet(0x2, 0x2, 0x1)
sendmsg$inet(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000080)='*\x00', 0x2}, {&(0x7f0000000a00)="0000f3ffffff230618ef6f855c5710cc1cabef5dcbd3900b8416d21e7cae6abf0c35f387d95f4794cd7f13635dcdfdcf40c1de30b3031c64a246b209755d827c037a122046d8983612b616d6f0d91911bcbdec8aa1d75f2a2c558d985631e19c293541b1515096be6fd39a88bbc26eb77cec3c57854accd93df56ba27dc6213c281b2e007f1c0569", 0x88}], 0x2}, 0x400c001) (async)
sendmsg$NFT_BATCH(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000280)={{0x14}, [@NFT_MSG_NEWRULE={0x38, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2}, [@NFTA_RULE_POSITION={0xc, 0x6, 0x1, 0x0, 0x1}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x60}, 0x1, 0x0, 0x0, 0x4000001}, 0x1)
r6 = socket$alg(0x26, 0x5, 0x0)
setsockopt$SO_TIMESTAMP(r6, 0x1, 0x1d, &(0x7f0000000380), 0x4)
sendmsg$nl_xfrm(r2, &(0x7f0000000e80)={0x0, 0x0, &(0x7f0000000e40)={&(0x7f0000000bc0)=ANY=[@ANYBLOB="446d00d303b0785f333d1cc1cb1c9f19bf021740c501a951b65a8fe06f34593cb198e55afa0fe1d635d5ac917bb05c63b0b352b8ee1b0a2518b3cd4ef85299de333b68918fb904348f0e7f9e4a84e98d7148a3f5efa9a3097921128f7a223e3c4a5387d72c9db6efe3b50ca4211fb7b0bf337ad3ed2f4d2eb3254fc0adb956d27487d5c940f4956b0c35f1beeca3fb57855b26a58b0d93ad09b9af8eb2b2aa3e1b96eaae67850ba24227d85095e354ae5d71526ee7e5d69901522a43c833671952aef4b21ba6e4c6a50c85d9b3fc60b1c14d64130e22", @ANYRESOCT=r0, @ANYRES32=r4], 0xcc}, 0x1, 0x0, 0x0, 0x80}, 0x4000000) (async)
socketpair$unix(0x1, 0x3, 0x0, 0x0) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async, rerun: 64)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x3, @pix={0x434c, 0x8, 0x584e4f53, 0x4, 0x2, 0x7, 0x0, 0x5, 0x1, 0x4, 0x2, 0x7}}) (async, rerun: 64)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) (async)
r7 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x802, 0x0)
ioctl$BINDER_WRITE_READ(r7, 0xc0306201, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000001700)='`'})
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)

14.615846402s ago: executing program 3 (id=6267):
clock_getres(0xfffffffffffffffb, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
r0 = openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r1 = memfd_create(&(0x7f0000000240)='+\x8b\x8a\xa9\x16\x11\x91J\xbc+  \x18\x17\xc2:}\xa3\x9bO\xdd\xdf\xdf\x92\xd5\xed\xb4\x17\xe5\xd6\x9a\xb2\xd8\x9ba\xde\xb2.F\xc0\x99}|\xaf\xd3\x1d\x84[*_\x9f\x9d\xb0rYP\x1b\x9f \xe0\x9cgq\x103\x89\x11\x87Rv\x169\xdf\xe3>B\x04\x00\x00\x00W\xd3\xec\xfb\xdf?\xa2\x90+\xa4!\xb2\xf2\xff\x90\a\xc3\x12\xc4;\xffh\xf1x=\xb9c\xce\x03h\xdap\x88U\x1788\x82\xd7\xfd\x83\x00Sx\x91%\x99_\xfe\xd4c\x83\x86\x0f\xa4a-\xaf\x9e\xd9\xef\xe0)]\x00F\xfa\x03\xbc4\xc4\x9a\v\x03\x8b\xa4\xf3\x8f\xf4\"\'\xd3\a9\x14H}j&~\xe9\x16\x83o\xbd\xab\xcd[\xbd\xcb\x04\xfc\xe7\xe3\x9e?\x12\xf0\xf4\x83M3\xd88\x92?@\v\xe6\xd1\xd2\xe4\xde\xdaUeJ\x9fR\xd1`\xfa\xc8\v\xed\xfd\x0e\xc8\x89W\x847\x88\x82\x94\x14\xe33\xb7H\xc8b\xd6@3F#\xb7\x04C\x8dm\t\x16a\x0fI\xf4\xfe\xf8\x06j\x19Pz&\xb8\x0f\x98`W\xdb\xc6\"81A\xa4\x8bT\xf1\xcb\xab\xa3\t\xef\xdf&\x0e\xad\x03\x123.\xc2V\xaa\xd5\xf8\xde\x8aV\xa4p{\xcez\xa2\x92\xdb8*wLO\f\x97X\x05\x9a\xc2\xe8\x85\x9d\xcb\xc8\xf0\xc4\x01\x03\xe3?\x9f1\xf4\xfb\xa5y`KB\xdf\xae#\x94C\a\x04\xea\xccG\xf2\b\x8f\xf7\xb1\xe96\x90\xf5P\xa4\'\xce\xe3\xa24\x196\xc5Q\xa1K\x95\xd6\xfal\xe9\xd1\\\r&\xb2c\xb3\x8d\xa7\xb7\xa8\x03S\xbd\xdd\b{\xae\f\x10\xc2\xbb\xd0\xdd*\xa3\xb4\fJ\x00X\xab`N; LF\xa5D\xee\xdf\x7f\x80p\xf6o\x1c\xbdXR\xf2\xa0\x81a\xa1\xe1B\x93Xn\xaf\xfc\x05?\xab\xac\x91x\xa8#\xe1\xbeQ\xd1^\x9b\xb9)\xd3\n\xf7(3!\x18\b\xc0\xaampRl\xfdQ\x03\x8c\xd5\xe4\\\xed\x9a\xd1?\xd21\xc8\x90\x1dl|\xd1\x14\xbc3\xe0\x1e\x0e\xe6\x88Y\x99K\x93\x1c@_P\x8c\xc7\x9eZ\xb74KT:\x8a\xdbJ#w\x18\x14\x00\x93\x86\xa5wo\xf6M\xe7D\xf4*\xe3X\x1d\x19\x83\xa7w\xc7+7\x89s\xed\x8a\xd7O\xdd\rhh`\xc0\xa8$\x06pu\xa0\xd0L\x0ez@I\xb8\x83\xb2f\x93j\a0I\xc8l\xe5\x9b\x06\xb5\xac`d\xa3\xcf/\x14\x10\xab\xab\t\xec\xc1c\fA\xaf\x14\xef\xbap@*7\x86\xdf\',\x03Y\xb1$\xf0\xb5}\xf0\x82%)9`\x8f\x04\x85m\x80\xd2\xcf@\x06}\xea\xe7w`\xa5\x11\x9f\x9b\x9e\x8f\xb7cb\x1a\xe1\xcf\x87\x1c\\\xf5\xc21\xf7\x82C*\xd5;\x00\x00\x00\x00\x03\xba\xe3\xdc\x92\'\x8e\xd5\x7fG\xfd.\x91\x89T\x99t\xd4d,\xd5\x92O\xf1\xafT!Y\x8e\\\xac\xf7\x11R\x05p\x1a\"\r\xe9\xe5\x8b&\x0f\x8c\xfb\xef\xf8\xd5\x18\xde\xeb\xe5\x19\xdd\xebQ8\xc5iS+\x06D\x16\xfe\xf5.\xe5\v\x89\xb0\"\xa3M\xe9\x81\x11P\xdb\xc4\xc2y\x14\x04\x06\xf6\f\xb0\xecz\x8d`\xb5\x9b\xb43\xcc1\xa7\x9e\xa8\xb5\'\xc6MAe\x0f\xd1\xfcG\xc2/\xe8\xe9t\xcaQ\xf1\fI\x1chM\xc1\x92\xe3\xc3\x01M\xc8/\xefJ\xcb\xd0]\f\xff\xf5\x92\xce\x97Z\xea\xe8\x99\xfa\x96\xce\xa7\x02\xad\xa2\xce\x955\xeaNg\x02\xcd\xfd\x1a}.\xd3\"x\x89/8H\xc2\x93B\na)\x86\xa9U\xa0\xb7\x18\xfb\xe9\xd1\x97', 0x3)
write$binfmt_misc(r1, &(0x7f0000000740), 0xffffffffffffffbc)
fcntl$addseals(r1, 0x409, 0x8)
openat$bsg(0xffffff9c, 0x0, 0x380102, 0x0)
read$FUSE(r0, &(0x7f0000004180)={0x2020}, 0x2020)
write$FUSE_NOTIFY_INVAL_INODE(r0, &(0x7f00000000c0)={0x28, 0x4, 0x0, {0x0, 0xffffffffffffffff}}, 0x28)
timer_create(0x0, &(0x7f0000000680)={0x0, 0x21, 0x0, @tid=0xffffffffffffffff}, 0x0)
read$dsp(0xffffffffffffffff, 0x0, 0x0)
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
write$FUSE_OPEN(r0, 0x0, 0x0)

14.222094414s ago: executing program 3 (id=6271):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000ac0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, 0x0)
sendmsg$NL802154_CMD_DEL_SEC_LEVEL(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010025bd7000fcdbdf252100000008000300", @ANYRES32, @ANYBLOB="18002d800500010002030040e5b087f8ce"], 0x38}, 0x1, 0x0, 0x0, 0x4000000}, 0x4000)

14.128659672s ago: executing program 3 (id=6274):
openat$cdrom(0xffffff9c, &(0x7f0000000000), 0x101000, 0x0)
socket$kcm(0x10, 0x3, 0x10) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=@newtaction={0x1a4, 0x30, 0x100, 0x0, 0x0, {}, [{0x190, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x6, 0x2}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x5}}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x3}}}}, @m_simple={0x100, 0xe, 0x0, 0x0, {{0xb}, {0x58, 0x2, 0x0, 0x1, [@TCA_DEF_DATA={0x5, 0x3, '\x00'}, @TCA_DEF_DATA={0x7, 0x3, '(-\x00'}, @TCA_DEF_DATA={0xa, 0x3, '+^-[&\x00'}, @TCA_DEF_DATA={0x7, 0x3, '\'[\x00'}, @TCA_DEF_PARMS={0x18, 0x2, {0x879a, 0x7, 0x4, 0x1ff, 0x5}}, @TCA_DEF_PARMS={0x18, 0x2, {0x7, 0x3, 0x3, 0x3, 0x1}}]}, {0x7d, 0x6, "90b7ad8aaa1f54da390668052288a379c9027671c6fa46ec722163933061fa6fbf26bc9860c7c00bd809e08ef75a34b9618910d31f93951984d242949dd44ecdf4b95cd8c69ef68846452b536132a1df9c36364a44d29bb7fee4b4a8c9b28ad768fdc74c068942b12555ef7c80f11e7212cb1147b6d3681d1c"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x1, 0x2}}}}]}]}, 0x1a4}, 0x1, 0x0, 0x0, 0x804}, 0x0) (async)
prlimit64(0x0, 0xf, &(0x7f0000000340)={0x80000000, 0x8000}, 0x0) (async, rerun: 32)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) (rerun: 32)
r0 = getpid() (async)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) (async, rerun: 32)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}) (rerun: 32)
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) (async)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) (async)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000004c0)={<r3=>0xffffffffffffffff})
recvmsg$unix(r3, &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff8e}, 0x0) (async)
recvmsg$unix(r3, &(0x7f0000000d00)={0x0, 0x0, 0x0}, 0x2)
r4 = socket$pptp(0x18, 0x1, 0x2)
connect$pptp(r4, &(0x7f0000000040)={0x18, 0x2, {0xfffc, @initdev={0xac, 0x1e, 0x5, 0x0}}}, 0x1e)
quotactl_fd$Q_GETINFO(r3, 0xffffffff80000501, 0x0, &(0x7f00000003c0)) (async, rerun: 32)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) (async, rerun: 32)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) (async)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
r6 = openat$yama_ptrace_scope(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
r7 = syz_open_procfs(r0, 0x0)
mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd', @ANYRESHEX=r7, @ANYBLOB=',wfdno=', @ANYRESHEX=r6, @ANYBLOB="2c00b7aceb7e4d447e283c8a567204cb92fc26d5abc456dc0e6f7109d9cf3706636d77e960f3036ab08d32c0e1157adbe51a565c1de9d88b447b4bcbfb0b28f9fd100f832049e6c349b05093c0197fc2ac8ba5f96967b0c36bdaeeac143f73b38c53de4a374b6aa09abda02d26938f048e9300c7fad7faef7517adda39536f6bf836feae80a9a2c99cfbc9df4128578a5e20a561c88dbb114a349f9046ef65cf35666d5b7746073259c4f61c7f0c39045b0bd2ed921d36ab73fab9e0947719d52ec48e5e7e14a913dcfbce6803"]) (async)
syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x40381) (async)
ioctl$VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000180)={0x1, @pix={0x200, 0x2f5380, 0x41414770, 0x58595556, 0x5, 0x10001, 0xa, 0x9e0, 0x1, 0x3, 0x1, 0xa20e1c7e228a00c0}})

13.917340843s ago: executing program 3 (id=6276):
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000000)=<r1=>0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000140)=0x8001)
r2 = socket(0x6, 0x80005, 0x1000)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x0, 0x0}, &(0x7f0000000100)=0x10)
r3 = dup2(r2, r0)
getsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(r3, 0x84, 0x1f, &(0x7f00000003c0)={0x0, @in={{0x2, 0x0, @private=0xa010101}}}, &(0x7f0000000340)=0x90)
openat$ndctl0(0xffffffffffffff9c, 0x0, 0x81400, 0x0)
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
setsockopt$SO_TIMESTAMPING(r4, 0x1, 0x25, &(0x7f0000000080)=0x716, 0x4)
r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r5, &(0x7f0000000040)={0x1f, 0xffffffffffffffff}, 0x6)
r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r7 = socket$inet(0x2, 0x1, 0x0)
setsockopt$inet_opts(r7, 0x0, 0x4, 0x0, 0x0)
setsockopt$inet_opts(r7, 0x0, 0x4, 0x0, 0x0)
ioctl$HCIINQUIRY(r6, 0x400448ca, 0x0)

5.813439114s ago: executing program 2 (id=6314):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
socket$netlink(0x10, 0x3, 0x0)
mount$9p_unix(&(0x7f0000000180)='./file0/file0\x00', &(0x7f0000000300)='./file0\x00', &(0x7f0000000340), 0x10000, &(0x7f0000000440)=ANY=[])
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x800}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000400)=0x6)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
keyctl$KEYCTL_MOVE(0x1e, 0x0, 0x0, 0xfffffffffffffff9, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x17, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="2400000020000103009979b7fe36465238e73be524e48128913ab800"], 0x24}}, 0x40)
sendmsg$IPSET_CMD_SAVE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000500)=ANY=[@ANYBLOB="1c000000080601020000000000000000000000000500010007000000c6571bf2e7186ac883c237f47d4c44bc733dc30d8c5237d3f20b3f0cca634156a791193eb68a6285bd8feab5bed2ced12b3a993320e79e8b951a6af69dbbe867a3f24acd973eec476cc759e333efb1910bcd1f49f38ff1e3c1a786683bf3deb61e7b2e981d66dfa13fd20597a7775b1e561d576527b763126d05bf1efa0d4fd123b15146ff9f9e62d8e9cc8a0c6daa87fa035f6b7e66e9f84c1127c6cd52e97293d317a6c332e4b7ef51183a732749034e6b5ec426dd8aaf6d3be1e3aaefa19b1f12c95520abf8e2992ff90a132ae97c886605b4ea261d2b167ca52f34fb46d8955264f00334647d4420ffb6cfdc0e90b547c6dd2f57bc70c3ac68520a7ef7f0dcfe0567bc1e7b3c828976d450168179c0499bef21800034acaa9129c326dd917ac49a906f3432f64c87455575d85adeb108e44cf3af65ac"], 0x1c}}, 0x0)
pipe2$9p(0x0, 0x80000)
r5 = openat$sndseq(0xffffff9c, &(0x7f0000001240), 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r5, 0xc0a45320, &(0x7f00000000c0)={{0x80, 0xf7}, 'port1\x00', 0x3ab, 0x2062f, 0x3, 0x7, 0x0, 0xc, 0x3fc, 0x0, 0x7, 0xfd})
openat$sequencer(0xffffff9c, &(0x7f0000000000), 0x2, 0x21)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'bridge0\x00'})
socket$nl_route(0x10, 0x3, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
socket(0x840000000002, 0x3, 0xff)

5.663651965s ago: executing program 4 (id=6315):
r0 = creat(&(0x7f0000000180)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r2, &(0x7f0000000500)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15)
r3 = dup(r2)
write$FUSE_BMAP(r3, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r3, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r3}, 0x2c, {[{@cache_mmap}], [], 0x6b}})
r4 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
r5 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000000), 0x20081, 0x0)
write$RDMA_USER_CM_CMD_DISCONNECT(r5, 0x0, 0x100000)
ioctl$DRM_IOCTL_GET_CLIENT(r0, 0xc0186405, &(0x7f0000000340)={0x7, 0x437, {0xffffffffffffffff}, {0xee00}, 0x0, 0x5})
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8b04, &(0x7f0000000000)={'wlan1\x00'})

5.58795475s ago: executing program 4 (id=6316):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = syz_clone(0x400, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r2)
ptrace(0x8, r2)
move_pages(r2, 0x0, 0x0, &(0x7f0000000140), 0x0, 0x0)
r3 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0x25dfdbfd, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000540)=@newtfilter={0x64, 0x2c, 0xd27, 0x70bd28, 0x8000, {0x0, 0x0, 0x0, r4, {0x10, 0xffe0}, {}, {0xa, 0xfff3}}, [@filter_kind_options=@f_flower={{0xb}, {0x34, 0x2, [@TCA_FLOWER_KEY_ENC_OPTS_MASK={0x18, 0x55, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_ERSPAN={0x14, 0x3, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_ERSPAN_VER={0x5, 0x1, 0x2}, @TCA_FLOWER_KEY_ENC_OPT_ERSPAN_HWID={0xfffffffffffffebe, 0x4, 0xae}]}]}, @TCA_FLOWER_KEY_ENC_OPTS={0x18, 0x54, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_ERSPAN={0x14, 0x3, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_ERSPAN_VER={0x5, 0x1, 0x1}, @TCA_FLOWER_KEY_ENC_OPT_ERSPAN_INDEX={0x8, 0x2, 0x100c}]}]}]}}]}, 0x64}}, 0x40040)
r5 = fsopen(&(0x7f00000000c0)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r5, 0x1, &(0x7f0000000000)='source', &(0x7f0000000040)='c:::\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
openat$vimc2(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x2)
r8 = gettid()
fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0)
tkill(r8, 0xb)

4.851280513s ago: executing program 2 (id=6319):
sendmsg$IPCTNL_MSG_TIMEOUT_NEW(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0)
r0 = socket$rxrpc(0x21, 0x2, 0xa)
ioctl$sock_SIOCGPGRP(r0, 0x8904, 0x0)
r1 = syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000140)=ANY=[@ANYRES16, @ANYRES64=r0, @ANYRESDEC=r0, @ANYBLOB="5e0c7ac551861a6773eb4d8ddc19c5b5d6baa6b757880e58958b99fbd6e7292c02b52e1032a73ca1add0a5da65df078cedc8e337420be2644807d16150869a5bff"], 0x0)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, "7f12ddb357f7adf97affffffff7d1800"})
r3 = syz_open_pts(r2, 0x0)
ioctl$TIOCVHANGUP(r3, 0x5437, 0x0)
ioctl$TCSETA(r2, 0x5406, &(0x7f0000000080)={0x405, 0x401, 0xb, 0x2d1, 0x1})
ioctl$TIOCGPTPEER(r2, 0x5441, 0x0)
syz_usb_control_io(r1, 0x0, 0x0)
syz_usb_control_io(r1, &(0x7f0000000100)={0x2c, &(0x7f0000000280)=ANY=[@ANYBLOB="200617"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)

4.402278994s ago: executing program 4 (id=6321):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff})
r1 = syz_io_uring_setup(0x1715, &(0x7f0000000300)={0x0, 0x0, 0x2000, 0x0, 0xfffffffd}, &(0x7f0000000100)=<r2=>0x0, &(0x7f0000000400)=<r3=>0x0)
io_uring_register$IORING_REGISTER_PBUF_RING(r1, 0x16, &(0x7f0000000380)={&(0x7f0000001000)={[{0x0}, {0x0}, {0x0}, {0x0}]}, 0x4}, 0x1)
syz_io_uring_submit(r2, r3, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x20, 0x2, r0, 0x0, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x22}})
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
r4 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
bpf$MAP_CREATE(0x0, &(0x7f0000000540)=ANY=[@ANYRESDEC=r4, @ANYRESHEX=r4, @ANYBLOB="eeeaffff616d250b50c83b2a6a34000000000000", @ANYRES32=0x0, @ANYRES32, @ANYRES8], 0x50)
socket$kcm(0x10, 0x2, 0x0)
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x0)
syz_open_dev$vim2m(0x0, 0x0, 0x2)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000280)=0x2)
r5 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_MCAST_JOIN_GROUP(r5, 0x29, 0x2a, &(0x7f0000000140)={0x0, {{0xa, 0x4e20, 0x6, @mcast2, 0xd}}}, 0x88)
setsockopt$inet6_MCAST_MSFILTER(r5, 0x29, 0x30, &(0x7f0000000200)=ANY=[@ANYBLOB="0b0000000a000000076171c1ff020000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000020000000a004e2900000002fc0100000000000000000000000000ff06000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a004e2400000008fc0100000000000000000000000000020700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000"], 0x18c)
syz_emit_ethernet(0x46, &(0x7f0000000580)={@link_local, @multicast, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "04c2ad", 0x10, 0x11, 0x0, @private1={0xfc, 0x1, '\x00', 0x1}, @mcast2, {[], {0x4e21, 0xe22, 0x10, 0x0, @gue={{0x2}}}}}}}}, 0x0)

4.401826934s ago: executing program 4 (id=6322):
r0 = syz_open_dev$evdev(&(0x7f0000000040), 0x3e, 0x208604)
r1 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r1, &(0x7f0000000dc0)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}, 0x1c)
sendto$inet6(r1, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @empty, 0x2}, 0x1c)
syz_emit_ethernet(0x2a, &(0x7f0000000e00)={@random="371598b631a7", @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x8}}}}}, 0x0)
r2 = syz_usb_connect$cdc_ecm(0x0, 0x5e, &(0x7f0000000000)=ANY=[@ANYBLOB="12011001020000402505a1a440000102030d0902"], 0x0)
syz_usb_disconnect(r2)
syz_usb_disconnect(r0)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000180)=ANY=[@ANYBLOB="1201fb0019030320d812010079de01ec020109021b0001000003000904000001785ecc00090585020004"], 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
syz_usb_disconnect(r2)
r3 = accept4$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x0, @local}, &(0x7f0000000140)=0x10, 0x0)
r4 = accept4$inet(r3, &(0x7f0000000100)={0x2, 0x0, @multicast1}, &(0x7f00000000c0)=0x10, 0x80000)
fcntl$setstatus(r4, 0x4, 0x44400)

3.728604657s ago: executing program 0 (id=6323):
r0 = socket$inet6(0xa, 0x5, 0x5)
connect$inet6(r0, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @private=0xa010100}, 0xffffffff}, 0x1c)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan1\x00'})
r1 = open(&(0x7f0000000000)='./file0\x00', 0x80000, 0x40)
ioctl$F2FS_IOC_GET_COMPRESS_OPTION(r1, 0x8002f515, &(0x7f0000000080))
r2 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
getsockopt$bt_BT_VOICE(r1, 0x112, 0xb, &(0x7f00000013c0)=0x8001, &(0x7f0000001400)=0x2)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff)
r5 = open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x0)
r6 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r6, 0xc2c45512, &(0x7f0000000640)={{0xb, 0x2, 0x81, 0x5, 'syz1\x00', 0x9}, 0x0, [0x37e, 0xe8af, 0x1, 0xcc0, 0xe, 0x101, 0x80, 0xa6da, 0x2, 0x1, 0x9, 0xb, 0x8, 0xfffefff7, 0x8, 0x10, 0x5, 0x4, 0x40f, 0x80, 0x962, 0x2, 0x1, 0x400, 0x7fffffff, 0xbed, 0x80000001, 0x3, 0x60e3, 0xa12, 0x8, 0x10000, 0x7, 0x9, 0x7430, 0x2, 0x2, 0x0, 0x1, 0x3, 0x8, 0xd8a3, 0x8001, 0x8, 0x9, 0x1, 0x1, 0x0, 0xffff1688, 0x2, 0x0, 0x132, 0x9000, 0xe93, 0x4, 0x7ff, 0x7, 0x81, 0x50a, 0x0, 0x6, 0x7ff, 0x1000, 0xffffffff, 0x4, 0x5, 0x7a, 0x2, 0x9, 0x2, 0x3, 0x7, 0x1000ac, 0x7, 0x7, 0x4, 0x8000, 0x9, 0x4, 0x7, 0xd, 0x7, 0x9, 0x0, 0x0, 0x40, 0x2, 0x8000, 0xfff, 0x3, 0x3b9, 0x6, 0x4, 0x4660917f, 0x487d, 0x8000, 0x1, 0x5, 0x3, 0x0, 0x5, 0x4, 0xe, 0x1, 0x7, 0x9, 0xc, 0x4, 0x1, 0x1, 0x3ce, 0xa, 0x8, 0xf795, 0x0, 0x6, 0xfffffff7, 0xffffbf90, 0xfffffffd, 0x7, 0x2, 0x0, 0x7, 0xa, 0x809, 0xfffffffe, 0x73938332, 0x7763]})
pwritev2(r5, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0x76200}], 0x1, 0x7c00, 0x0, 0x3)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000640)={'wlan0\x00', <r7=>0x0})
sendmsg$NL80211_CMD_CONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000015c0)={0x40, r4, 0x21, 0xffffffff, 0xc, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_SSID={0x1b, 0x34, @random="c6f344b81ba101b26b06f2532acf180acf5b49d7b95a19"}, @crypto_settings=[@NL80211_ATTR_CONTROL_PORT_OVER_NL80211={0x4}, @NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT={0x4}]]}, 0x40}, 0x1, 0x0, 0x0, 0x800}, 0x880)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000001480)={'wlan1\x00', <r8=>0x0})
sendmsg$NL80211_CMD_DEL_PMK(0xffffffffffffffff, &(0x7f0000001580)={&(0x7f0000001440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000001540)={&(0x7f00000014c0)={0x4c, r4, 0x700, 0x70bd2c, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r8}, @val={0xc, 0x99, {0x8, 0x38}}}}, [@NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4040}, 0x24006008)
ioctl(r2, 0x8b2c, &(0x7f0000000040))
setsockopt$inet_sctp6_SCTP_ADD_STREAMS(r5, 0x84, 0x79, &(0x7f0000001600)={0x0, 0x3, 0x4}, 0x8)
r9 = syz_clone3(&(0x7f0000001300)={0x12840600, &(0x7f0000000140), &(0x7f00000001c0), &(0x7f0000000200), {0x1e}, &(0x7f0000000240)=""/104, 0x68, &(0x7f00000002c0)=""/4096, &(0x7f00000012c0)=[0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff], 0x8, {r1}}, 0x58)
sched_setscheduler(r9, 0x6, &(0x7f0000001380)=0x7)
fsetxattr$trusted_overlay_nlink(0xffffffffffffffff, &(0x7f00000000c0), &(0x7f0000000100)={'U-', 0x9}, 0x16, 0x3)

3.621894278s ago: executing program 0 (id=6324):
creat(&(0x7f0000000180)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000500)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[{@cache_mmap}], [], 0x6b}})
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
r4 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000000), 0x20081, 0x0)
write$RDMA_USER_CM_CMD_DISCONNECT(r4, 0x0, 0x100000)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8b04, &(0x7f0000000000)={'wlan1\x00'})

3.568337976s ago: executing program 0 (id=6325):
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
bpf$BPF_GET_MAP_INFO(0x3, &(0x7f00000006c0)={0xffffffffffffffff, 0x58, &(0x7f0000000100)}, 0x87)
sendmsg$OSF_MSG_ADD(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x24000080}, 0x0)
bind$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000400)=@base={0xe, 0x4, 0x4, 0x3, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
write$UHID_INPUT(r1, &(0x7f0000002080)={0xfc, {"a2336848149e516d4b5e071887f70e09d038e7ff7fc6e5539b0d500a8b089b3f383563030890e0879b0a71c6e70a9b334a959b669a242f0a0af3988f7ef319520100ffe8d178708c523c921b1b3e31070d0773090acd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9903f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928d28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f2730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b81305c038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849cd9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484539ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1f93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb8843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b2804563407308c58c89d9e99c81769177e6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463373b4b87c9050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e080000007ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e3933ed07c2b8081c128ad2706f48261ff07000000000000613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59500000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1000}}, 0x1006)
r2 = syz_open_dev$video4linux(&(0x7f0000000080), 0x0, 0x0)
ioctl$VIDIOC_QUERYMENU(r2, 0xc008561c, &(0x7f0000000000)={0x980900, 0x7, @value=0x2})
io_submit(0x0, 0x1, &(0x7f0000000340)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x6, r0, &(0x7f00000005c0)="0d6cf014c1eae8d5163e42f8a2e32f572c816e6256bd299b41701444c9c42b299d17fe21dce4b0a269130d358b5a0e2fd56ae20288778b2f7af105c80b4f096f4514e7c6ce5e764faf31e3f77b42eb2b26e3eccf89548e6286c7af59fbaf4d736a81b627b70f7280ca087e67ab1401ce4aaa61ff44c9a3550fbd8eaaefa2203653e910a42a787a85e2", 0x89, 0xce49}])
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
mkdirat(0xffffffffffffffff, &(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
r4 = syz_open_procfs(0x0, &(0x7f0000000180)='map_files\x00')
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000005000000000000"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000000c0)='mmap_lock_acquire_returned\x00', r5}, 0x10)
fchdir(r4)
sendmmsg$unix(r3, &(0x7f0000000d40)=[{{&(0x7f0000000080)=@abs={0x1, 0x30, 0x30}, 0x6e, 0x0}}], 0x1, 0x0)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NBD_CMD_CONNECT(r6, &(0x7f0000001ac0)={0x0, 0x700, &(0x7f0000001a80)={&(0x7f0000000700)=ANY=[@ANYBLOB="3c00020fad03ca96cd1d69faadfb1aa81417a512abb3aa5341547db37220aaa094ff5a34d884849baf3aae67691d636c24160676c56b5fb2942160ba22a493c876152ba77b9e73cb2af4b855d0286ef970bef4d0755b4e065ea8792e3f168bf655955ebb6416914bee522b2dc97d01ffdae27d9cabdfdf5a10bcee89e450f1646706cf2da20ef1aa1cefc092a5b8b49deebebeb7be6e4ab0d543c5618d8a0a85b6ab03d5106b67bd2066dc05b774f15daf962c6e71bd824ac69bb66ba4f7062e0f8337e99978baeaa1f16d2b97148c1db4215a6959eae0abbc30380bae25ea194fe89ea2e45b045a60550f17961139", @ANYRES16=r7, @ANYBLOB="010028bd7000fbdbdf25010000001c0007800c00018008000100", @ANYRES32, @ANYBLOB="0c00018008000100", @ANYRES32, @ANYBLOB="0c0002000300000000000000"], 0x3c}, 0x1, 0x0, 0x0, 0x20004000}, 0x0)

2.552947813s ago: executing program 0 (id=6326):
r0 = socket$packet(0x11, 0x2, 0x300)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$OSF_MSG_ADD(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="0815000000051104000000000000000001000005540201"], 0x1508}, 0x1, 0x0, 0x0, 0x20000000}, 0x20040000)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000200)={'erspan0\x00'})
socket$inet_tcp(0x2, 0x1, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
r2 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x181200, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_open_dev$evdev(0x0, 0x0, 0x60000)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$OSF_MSG_ADD(r4, 0x0, 0x0)
r5 = socket$l2tp6(0xa, 0x2, 0x73)
setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000e40)=@raw={'raw\x00', 0x3c1, 0x3, 0x424, 0x238, 0x2b8, 0x0, 0x0, 0xff000000, 0x35c, 0x3a8, 0x3a8, 0x35c, 0x3a8, 0x3, 0x0, {[{{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @local}, [], [], 'bond_slave_1\x00', 'wg2\x00'}, 0x0, 0x218, 0x238, 0x0, {}, [@common=@inet=@hashlimit2={{0x150}, {'vlan0\x00', {0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x3f, 0xffffffff}}}, @inet=@rpfilter={{0x24}, {0x1}}]}, @unspec=@TRACE={0x20}}, {{@uncond, 0x0, 0xc8, 0x124, 0x0, {}, [@inet=@rpfilter={{0x24}}]}, @common=@inet=@HMARK={0x5c, 'HMARK\x00', 0x0, {@ipv4=@initdev={0xac, 0x1e, 0x1, 0x0}, [0xff000000, 0xffffff00, 0x0, 0xb736a11490115a28], 0x4e24, 0x4e20, 0x4e21, 0x4e23, 0x62ee3619, 0xcb, 0x4, 0x5, 0x9}}}], {{'\x00', 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x480)
bind$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000400)=@base={0xe, 0x4, 0x4, 0x3, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
io_setup(0x6, &(0x7f0000001380)=<r6=>0x0)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
io_setup(0x4, &(0x7f0000000000))
ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
socket$nl_generic(0x10, 0x3, 0x10)
io_submit(r6, 0x1, &(0x7f0000001140)=[0x0])
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
ioctl$SNDCTL_MIDI_PRETIME(r2, 0xc0046d00, &(0x7f00000000c0)=0x5)

2.182388972s ago: executing program 0 (id=6327):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
socket$netlink(0x10, 0x3, 0x0)
mount$9p_unix(&(0x7f0000000180)='./file0/file0\x00', &(0x7f0000000300)='./file0\x00', &(0x7f0000000340), 0x10000, &(0x7f0000000440)=ANY=[])
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x800}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000400)=0x6)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
keyctl$KEYCTL_MOVE(0x1e, 0x0, 0x0, 0xfffffffffffffff9, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x17, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="2400000020000103009979b7fe36465238e73be524e48128913ab800"], 0x24}}, 0x40)
sendmsg$IPSET_CMD_SAVE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000500)=ANY=[@ANYBLOB="1c000000080601020000000000000000000000000500010007000000c6571bf2e7186ac883c237f47d4c44bc733dc30d8c5237d3f20b3f0cca634156a791193eb68a6285bd8feab5bed2ced12b3a993320e79e8b951a6af69dbbe867a3f24acd973eec476cc759e333efb1910bcd1f49f38ff1e3c1a786683bf3deb61e7b2e981d66dfa13fd20597a7775b1e561d576527b763126d05bf1efa0d4fd123b15146ff9f9e62d8e9cc8a0c6daa87fa035f6b7e66e9f84c1127c6cd52e97293d317a6c332e4b7ef51183a732749034e6b5ec426dd8aaf6d3be1e3aaefa19b1f12c95520abf8e2992ff90a132ae97c886605b4ea261d2b167ca52f34fb46d8955264f00334647d4420ffb6cfdc0e90b547c6dd2f57bc70c3ac68520a7ef7f0dcfe0567bc1e7b3c828976d450168179c0499bef21800034acaa9129c326dd917ac49a906f3432f64c87455575d85adeb108e44cf3af65ac"], 0x1c}}, 0x0)
pipe2$9p(0x0, 0x80000)
r5 = openat$sndseq(0xffffff9c, &(0x7f0000001240), 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r5, 0xc0a45320, &(0x7f00000000c0)={{0x80, 0xf7}, 'port1\x00', 0x3ab, 0x2062f, 0x3, 0x7, 0x0, 0xc, 0x3fc, 0x0, 0x7, 0xfd})
openat$sequencer(0xffffff9c, &(0x7f0000000000), 0x2, 0x21)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'bridge0\x00'})
socket$nl_route(0x10, 0x3, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
socket(0x840000000002, 0x3, 0xff)

1.798522718s ago: executing program 4 (id=6328):
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
open_tree(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r0 = socket(0x1d, 0x80000, 0xffffffff)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="12010000000000205804115000000000000109022400012000000009040000050300000009210000000122940309058103"], 0x0)
syz_usb_control_io(r1, 0x0, 0x0)
syz_usb_control_io$hid(r1, &(0x7f0000000340)={0x14, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB='\x00\"'], 0x0}, 0x0)
r2 = syz_open_dev$hiddev(&(0x7f0000000080), 0x0, 0x8000)
ioctl$HIDIOCGREPORT(r2, 0x400c4807, 0x0)
syz_open_dev$MSR(0x0, 0xfffffffe, 0x0)
r3 = userfaultfd(0x801)
bind$phonet(0xffffffffffffffff, &(0x7f0000000240)={0x23, 0x30, 0x0, 0x4}, 0x10)
r4 = socket$phonet_pipe(0x23, 0x5, 0x2)
bind$phonet(r4, &(0x7f0000000100)={0x23, 0x30}, 0x10)
shmctl$IPC_RMID(0x0, 0x300)
ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x1})
ioctl$UFFDIO_CONTINUE(r3, 0xc020aa08, &(0x7f0000000080)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}})
munmap(&(0x7f00003fe000/0xc00000)=nil, 0xc00000)
mremap(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x2000, 0x3, &(0x7f00007fe000/0x800000)=nil)
r5 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r5, 0x10e, 0xc, &(0x7f0000000040)={0x4001}, 0xfea3)
r6 = openat$rtc(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$RTC_WKALM_SET(r6, 0x40187013, &(0x7f0000000140)={0x0, 0x0, {0x0, 0xfffffffd, 0x2, 0x17, 0x0, 0x0, 0x0, 0x116, 0x1}})
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000000)={'batadv0\x00', <r7=>0x0})
sendmsg$nl_route(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="2c0000001600156f00000000fcdbdf25094000fd952e317ec2f77975c79654d40366901a0cd81a5ac0eed10c4de27e5c29bd452606be003e255a4e3624c8f21215e7f52e4c4f6f55a1eda8", @ANYRES32=r7, @ANYBLOB="14000a00"/19], 0xb}, 0x1, 0x0, 0x0, 0x8000}, 0x801)

1.601750124s ago: executing program 2 (id=6329):
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0)
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r0)
ptrace$peek(0x1, r0, &(0x7f0000000140))

1.526754809s ago: executing program 2 (id=6330):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001700)=ANY=[@ANYBLOB="180000003b000103f00000000000000001"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000)

1.526437299s ago: executing program 2 (id=6331):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
open(0x0, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYRES8], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000cc0)={0x1b, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f00, 0x4, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x50)
unlink(&(0x7f0000000040)='./file0\x00')
ioctl$USBDEVFS_CLEAR_HALT(0xffffffffffffffff, 0xc0105502, 0x0)
syz_init_net_socket$x25(0x9, 0x5, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
pipe2$9p(0x0, 0x0)
openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ppoll(0x0, 0x0, 0x0, 0x0, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a300000001f0900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000b80)={{0x14}, [@NFT_MSG_NEWRULE={0x58, 0x6, 0xa, 0x401, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x2c, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @lookup={{0xb}, @val={0x18, 0x2, 0x0, 0x1, [@NFTA_LOOKUP_SREG={0x8, 0x2, 0x1, 0x0, 0x9}, @NFTA_LOOKUP_SET={0x9, 0x1, 'syz2\x00'}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x80}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0, 0x58000000, 0x0, 0x0, 0x40f00, 0x48, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000100), 0x181900, 0x0)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000140)=0xe)
ioctl$EVIOCGPROP(r2, 0x40047438, &(0x7f0000000180)=""/237)
close_range(r3, 0xffffffffffffffff, 0x0)
r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r5, &(0x7f0000000080), 0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r5, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

1.163120708s ago: executing program 0 (id=6332):
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
open_tree(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r0 = socket(0x1d, 0x80000, 0xffffffff)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="12010000000000205804115000000000000109022400012000000009040000050300000009210000000122940309058103"], 0x0)
syz_usb_control_io(r1, 0x0, 0x0)
syz_usb_control_io$hid(r1, &(0x7f0000000340)={0x14, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB='\x00\"'], 0x0}, 0x0)
r2 = syz_open_dev$hiddev(&(0x7f0000000080), 0x0, 0x8000)
ioctl$HIDIOCGREPORT(r2, 0x400c4807, 0x0)
syz_open_dev$MSR(0x0, 0xfffffffe, 0x0)
r3 = userfaultfd(0x801)
bind$phonet(0xffffffffffffffff, &(0x7f0000000240)={0x23, 0x30, 0x0, 0x4}, 0x10)
r4 = socket$phonet_pipe(0x23, 0x5, 0x2)
bind$phonet(r4, &(0x7f0000000100)={0x23, 0x30}, 0x10)
shmctl$IPC_RMID(0x0, 0x300)
ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x1})
ioctl$UFFDIO_CONTINUE(r3, 0xc020aa08, &(0x7f0000000080)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}}) (fail_nth: 4)
munmap(&(0x7f00003fe000/0xc00000)=nil, 0xc00000)
mremap(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x2000, 0x3, &(0x7f00007fe000/0x800000)=nil)
r5 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r5, 0x10e, 0xc, &(0x7f0000000040)={0x4001}, 0xfea3)
r6 = openat$rtc(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$RTC_WKALM_SET(r6, 0x40187013, &(0x7f0000000140))
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000000)={'batadv0\x00', <r7=>0x0})
sendmsg$nl_route(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="2c0000001600156f00000000fcdbdf25094000fd952e317ec2f77975c79654d40366901a0cd81a5ac0eed10c4de27e5c29bd452606be003e255a4e3624c8f21215e7f52e4c4f6f55a1eda8", @ANYRES32=r7, @ANYBLOB="14000a00"/19], 0xb}, 0x1, 0x0, 0x0, 0x8000}, 0x801)

499.203144ms ago: executing program 2 (id=6333):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0x3, &(0x7f0000000040)=ANY=[@ANYRES8, @ANYRESDEC, @ANYRES8, @ANYRESHEX], &(0x7f0000000280)='GPL\x00', 0xa, 0xb9, &(0x7f0000000140)=""/185, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
r1 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r2 = openat$sw_sync(0xffffffffffffff9c, 0x0, 0xc8300, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x15, 0x4, &(0x7f00000001c0)=ANY=[@ANYBLOB="b4020000000000007911300000000000850000002e0000009500000000000000358bb9f43d86b13600"/50], &(0x7f0000000100)='syzkaller\x00', 0x4, 0xc5, &(0x7f0000000300)=""/197, 0x0, 0x0, '\x00', 0x0, @sk_reuseport, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f00000002c0), 0xffffffffffffff35, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x54)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r2, 0xc0285700, &(0x7f0000000100)={0x1, "5660359c3245d1c42317afad7d48ed51000000000000000100", <r3=>0xffffffffffffffff})
ioctl$SW_SYNC_IOC_CREATE_FENCE(r1, 0xc0285700, &(0x7f0000000000)={0x5, "340b7832ceefd131b8e6498c25f58fad9987ffe93bbabd18cf501922de974a27", <r4=>0xffffffffffffffff})
ioctl$SYNC_IOC_MERGE(r3, 0xc0303e03, &(0x7f00000000c0)={"3c2460b0fc36d4923431d4c7d5ffffffdf0000640e00005975af008d26f375aa", r4})
ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(0xffffffffffffffff, 0xc0c89425, &(0x7f00000000c0)={"766cacc700", 0x0, 0x0, {0x81, 0x50000a}, {0x7, 0x8}, 0x5, [0x3, 0x3, 0x4, 0x6, 0x0, 0x400, 0xffffffffffff0001, 0x2, 0x8, 0x7, 0x80000000, 0x81, 0x10, 0x522586f, 0xfffffffffffffffb, 0x7]})
poll(&(0x7f0000000000), 0x20000000000000b5, 0x9)
ioctl$SW_SYNC_IOC_INC(r2, 0x40045701, &(0x7f00000001c0)=0xfffffffd)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f00000005c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000730000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000540)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
socket$nl_route(0x10, 0x3, 0x0)
socket$xdp(0x2c, 0x3, 0x0)
r7 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r7, 0x84, 0x76, &(0x7f0000000200)={0x0, 0x1}, 0x8)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r7, 0x84, 0x75, &(0x7f0000000340)={0x0, 0xcc}, 0x8)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r7, 0x84, 0x64, &(0x7f0000000280)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c)
sendmmsg$inet6(r7, &(0x7f0000000780)=[{{&(0x7f0000000080)={0xa, 0x4e23, 0x4, @loopback, 0x3}, 0x1c, &(0x7f0000000500)=[{&(0x7f00000034c0)='\x00', 0x1}], 0x1}}], 0x1, 0x3404c8d4)
setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r7, 0x84, 0x77, &(0x7f00000004c0)=ANY=[@ANYRES32, @ANYRES16=r7], 0x1000f)
ioctl$AUTOFS_IOC_EXPIRE(r5, 0x810c9365, &(0x7f0000000640)={{0x5}, 0x100, './file1\x00'})

0s ago: executing program 4 (id=6334):
mount$tmpfs(0x0, 0x0, 0x0, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x40000000, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x3ffe, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e78, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{}, 0x80}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x800}, 0x40010)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
socket(0x2c, 0x4, 0x0)
sched_setscheduler(r0, 0x1, &(0x7f0000000280)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
getsockopt$ARPT_SO_GET_INFO(0xffffffffffffffff, 0x0, 0x60, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000003c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e642c6163638173733d616e792c63616368653d667363616368652c76657273696f6e3d3970323030302e75"])
chdir(&(0x7f0000000300)='./file0\x00')
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000180)='rpc_pipefs\x00', 0x0, 0x0)
r4 = inotify_init()
inotify_add_watch(r4, 0x0, 0x20000002)
getsockname$packet(r3, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000000380)=0x14)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.throttle.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r5, &(0x7f0000000640)={'#! ', './file0', [{}, {0x20, 'rp\xee\xff\xe4'}, {0x20, '\x12~\x85\xecZ@\xb5\x18\xec\x182\xc9L\xdc\xb2\x81\xdam\xa8\xc5{\x92\x14\xce\xf2\xb8\xf7\xa9\xa7\x00X \x93t\x91!%\xff\x13\xdc\aIY\x0e\xb4zh\\\x06\r\xe8^Z\x81\xb8$:P\x83\x98_\xa1\x98\xd6\xd2g-\xefr\x14<\xd1\xb84\x94\xa09\x9f\x12I\xed\xd5dT#f\xb4\xf3\x88\xcf\xde\x00\xd4\x81WN\xca\xb5c\xbf\r\xb0Q\xa9\xbaC\xd2\xa2\x1d~\xc5D(\x92A\x12f\x83fn\xd0\xb6\x02\x116t:|\x94\xc7\xac\xf6\xbc~m\xd6\xd1\xe5\xe0\xdd\xc2\x9cl#\x85\xab\xe7\xa9\xcb\"\xd2\x97\x10\xa5\xa8\xc1\x8d@U\a]Gi^\xd2\xdf\xb0\xa5!\x836\x92\xc9\x92\xe4'}], 0xa, "7bad65c4da5338577feb172ca63250224c76e2027f000000000000007e2ac7fe2e31a2e87e3ee43ed92dfbb6bc0700de24db4ec870b8000000000000002c65e7495fe9afeb28bb60e91e23e104f6dbbf40e1fc2ab1a77fd9f6414e438f03"}, 0xfffffc43)
add_key(&(0x7f0000000040)='ceph\x00', 0x0, &(0x7f0000000280)="010001000000000000001000015b097ead85847817353d2dbad05dd5", 0x1c, 0xfffffffffffffffd)

kernel console output (not intermixed with test programs):

812.244756][T23552] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  812.244777][T23552] CPU: 1 UID: 0 PID: 23552 Comm: syz.3.5505 Not tainted 6.16.0-rc1-syzkaller-00004-gaef17cb3d3c4 #0 PREEMPT(full) 
[  812.244791][T23552] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  812.244798][T23552] Call Trace:
[  812.244802][T23552]  <TASK>
[  812.244806][T23552]  dump_stack_lvl+0x16c/0x1f0
[  812.244826][T23552]  should_fail_ex+0x512/0x640
[  812.244845][T23552]  _copy_from_user+0x2e/0xd0
[  812.244862][T23552]  userfaultfd_ioctl+0xe13/0x38e0
[  812.244886][T23552]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  812.244901][T23552]  ? __pfx_userfaultfd_ioctl+0x10/0x10
[  812.244918][T23552]  ? find_held_lock+0x2b/0x80
[  812.244929][T23552]  ? hook_file_ioctl_common+0x145/0x410
[  812.244944][T23552]  ? __fget_files+0x20e/0x3c0
[  812.244957][T23552]  ? fput+0x70/0xf0
[  812.244967][T23552]  ? __pfx_userfaultfd_ioctl+0x10/0x10
[  812.244978][T23552]  ? compat_ptr_ioctl+0x6e/0xa0
[  812.244988][T23552]  compat_ptr_ioctl+0x6e/0xa0
[  812.244999][T23552]  ? __pfx_compat_ptr_ioctl+0x10/0x10
[  812.245010][T23552]  __ia32_compat_sys_ioctl+0x23f/0x370
[  812.245024][T23552]  __do_fast_syscall_32+0x7c/0x3a0
[  812.245036][T23552]  do_fast_syscall_32+0x32/0x80
[  812.245046][T23552]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  812.245059][T23552] RIP: 0023:0xf707e579
[  812.245067][T23552] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  812.245077][T23552] RSP: 002b:00000000f506e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  812.245088][T23552] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000c020aa08
[  812.245094][T23552] RDX: 0000000080000080 RSI: 0000000000000000 RDI: 0000000000000000
[  812.245105][T23552] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  812.245111][T23552] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  812.245117][T23552] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  812.245130][T23552]  </TASK>
[  812.256455][   T29] usbhid 8-1:32.0: can't add hid device: -71
[  812.256533][   T29] usbhid 8-1:32.0: probe with driver usbhid failed with error -71
[  812.257536][   T29] usb 8-1: USB disconnect, device number 58
[  812.470559][T23569] Device name not specified.
[  812.470559][T23569] 
[  812.496770][T23571] 9pnet_virtio: no channels available for device ./file0/file0
[  812.742099][T23575] binder: 23574:23575 ioctl c0046209 0 returned -22
[  813.013104][   T29] IPVS: starting estimator thread 0...
[  813.125019][T23581] IPVS: using max 44 ests per chain, 105600 per kthread
[  814.855136][T23609] 9pnet_virtio: no channels available for device ./file0/file0
[  815.524987][T23618] 9pnet_virtio: no channels available for device ./file0/file0
[  815.858604][T23629] ata1.00: non-matching transfer count (1530558389/0)
[  816.280883][T23644] syz.3.5532: attempt to access beyond end of device
[  816.280883][T23644] nbd3: rw=0, sector=0, nr_sectors = 1 limit=0
[  816.285901][T23644] hpfs: hpfs_map_sector(): read error
[  816.474279][T23648] netlink: 24 bytes leftover after parsing attributes in process `syz.1.5533'.
[  816.598012][T23653] binder: 23643:23653 ioctl 400c620e 80000000 returned -22
[  816.940841][T23660] ata1.00: non-matching transfer count (1530558389/0)
[  816.953651][T23662] binder: 23661:23662 ioctl c0046209 0 returned -22
[  817.191993][   T29] IPVS: starting estimator thread 0...
[  817.574387][T23672] IPVS: using max 28 ests per chain, 67200 per kthread
[  817.636624][T23679] syz_tun: entered allmulticast mode
[  818.796417][T23708] netlink: 24 bytes leftover after parsing attributes in process `syz.1.5549'.
[  820.149062][T23734] binder: 23733:23734 ioctl c0046209 0 returned -22
[  820.395798][T23739] bridge0: port 2(erspan0) entered blocking state
[  820.398148][T23739] bridge0: port 2(erspan0) entered disabled state
[  820.400331][T23739] erspan0: entered allmulticast mode
[  820.402761][T23739] erspan0: entered promiscuous mode
[  820.405391][T23739] bridge0: port 2(erspan0) entered blocking state
[  820.407501][T23739] bridge0: port 2(erspan0) entered forwarding state
[  820.480315][T23743] xt_HMARK: proto mask must be zero with L3 mode
[  821.692704][T23765] : entered promiscuous mode
[  822.485928][T23783] syz.3.5569: attempt to access beyond end of device
[  822.485928][T23783] nbd3: rw=0, sector=2, nr_sectors = 2 limit=0
[  822.486001][T23783] vxfs: unable to read disk superblock at 1
[  822.486299][T23783] syz.3.5569: attempt to access beyond end of device
[  822.486299][T23783] nbd3: rw=0, sector=16, nr_sectors = 2 limit=0
[  822.486332][T23783] vxfs: unable to read disk superblock at 8
[  822.486340][T23783] vxfs: can't find superblock.
[  823.145499][T23789] netlink: 40 bytes leftover after parsing attributes in process `syz.3.5572'.
[  823.775396][T23806] openvswitch: : Dropping previously announced user features
[  824.189648][T23815] bridge0: port 1(erspan0) entered blocking state
[  824.191866][T23815] bridge0: port 1(erspan0) entered disabled state
[  824.194011][T23815] erspan0: entered allmulticast mode
[  824.196575][T23815] erspan0: entered promiscuous mode
[  824.198853][T23815] bridge0: port 1(erspan0) entered blocking state
[  824.200938][T23815] bridge0: port 1(erspan0) entered forwarding state
[  824.284258][T23816] xt_HMARK: proto mask must be zero with L3 mode
[  824.518096][T23823] xt_HMARK: proto mask must be zero with L3 mode
[  825.715841][T23839] ceph: Unknown parameter 'grpquotaÆ7ŠeM�šÂ'
[  825.725720][T23839] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5586'.
[  826.205235][T23847] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5589'.
[  826.364739][T23855] bridge0: port 3(erspan0) entered blocking state
[  826.366975][T23855] bridge0: port 3(erspan0) entered disabled state
[  826.369216][T23855] erspan0: entered allmulticast mode
[  826.371781][T23855] erspan0: entered promiscuous mode
[  826.373762][T23855] bridge0: port 3(erspan0) entered blocking state
[  826.375864][T23855] bridge0: port 3(erspan0) entered forwarding state
[  826.458705][T23856] xt_HMARK: proto mask must be zero with L3 mode
[  827.281362][T23862] xt_HMARK: proto mask must be zero with L3 mode
[  828.774338][T23866] kexec: Could not allocate control_code_buffer
[  828.991192][T23892] xt_HMARK: proto mask must be zero with L3 mode
[  829.474839][T23913] kernel profiling enabled (shift: 17)
[  830.953217][T23953] : entered promiscuous mode
[  831.199004][T23961] xt_HMARK: proto mask must be zero with L3 mode
[  831.442338][T23964] xt_HMARK: proto mask must be zero with L3 mode
[  832.544208][  T837] usb 5-1: new high-speed USB device number 57 using dummy_hcd
[  832.705566][  T837] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  832.709043][  T837] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  832.712134][  T837] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  832.716944][  T837] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  832.719836][  T837] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  832.723897][  T837] usb 5-1: config 0 descriptor??
[  833.044752][T23991] ptm ptm1: ldisc open failed (-12), clearing slot 1
[  833.136961][  T837] plantronics 0003:047F:FFFF.001C: unknown main item tag 0x3
[  833.140246][  T837] plantronics 0003:047F:FFFF.001C: ignoring exceeding usage max
[  833.143698][  T837] plantronics 0003:047F:FFFF.001C: reserved main item tag 0xe
[  833.146439][  T837] plantronics 0003:047F:FFFF.001C: unknown main item tag 0x2
[  833.148731][  T837] plantronics 0003:047F:FFFF.001C: invalid report_size 56310
[  833.151167][  T837] plantronics 0003:047F:FFFF.001C: item 0 2 1 7 parsing failed
[  833.153805][  T837] plantronics 0003:047F:FFFF.001C: parse failed
[  833.164218][  T837] plantronics 0003:047F:FFFF.001C: probe with driver plantronics failed with error -22
[  833.321650][T24010] openvswitch: : Dropping previously announced user features
[  833.343739][T24010] Cannot find set identified by id 0 to match
[  834.073406][T24020] veth1_macvtap: default FDB implementation only supports local addresses
[  834.481347][T24036] FAULT_INJECTION: forcing a failure.
[  834.481347][T24036] name failslab, interval 1, probability 0, space 0, times 0
[  834.487595][T24036] CPU: 0 UID: 0 PID: 24036 Comm: syz.1.5646 Not tainted 6.16.0-rc1-syzkaller-00004-gaef17cb3d3c4 #0 PREEMPT(full) 
[  834.487620][T24036] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  834.487630][T24036] Call Trace:
[  834.487636][T24036]  <TASK>
[  834.487643][T24036]  dump_stack_lvl+0x16c/0x1f0
[  834.487674][T24036]  should_fail_ex+0x512/0x640
[  834.487698][T24036]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[  834.487727][T24036]  should_failslab+0xc2/0x120
[  834.487744][T24036]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  834.487770][T24036]  ? __alloc_skb+0x2b2/0x380
[  834.487799][T24036]  __alloc_skb+0x2b2/0x380
[  834.487825][T24036]  ? __pfx___alloc_skb+0x10/0x10
[  834.487851][T24036]  ? genl_rcv_msg+0x4bb/0x800
[  834.487881][T24036]  netlink_ack+0x15d/0xb80
[  834.487903][T24036]  ? __lock_acquire+0x622/0x1c90
[  834.487930][T24036]  netlink_rcv_skb+0x332/0x420
[  834.487949][T24036]  ? __pfx_genl_rcv_msg+0x10/0x10
[  834.487978][T24036]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  834.488009][T24036]  ? netlink_deliver_tap+0x1ae/0xd30
[  834.488027][T24036]  ? is_vmalloc_addr+0x86/0xa0
[  834.488055][T24036]  genl_rcv+0x28/0x40
[  834.488074][T24036]  netlink_unicast+0x53d/0x7f0
[  834.488098][T24036]  ? __pfx_netlink_unicast+0x10/0x10
[  834.488126][T24036]  netlink_sendmsg+0x8d1/0xdd0
[  834.488151][T24036]  ? __pfx_netlink_sendmsg+0x10/0x10
[  834.488173][T24036]  ? __import_iovec+0x1dd/0x650
[  834.488196][T24036]  ____sys_sendmsg+0xa95/0xc70
[  834.488220][T24036]  ? __pfx_____sys_sendmsg+0x10/0x10
[  834.488240][T24036]  ? get_compat_msghdr+0x11a/0x170
[  834.488271][T24036]  ___sys_sendmsg+0x134/0x1d0
[  834.488300][T24036]  ? __pfx____sys_sendmsg+0x10/0x10
[  834.488341][T24036]  ? find_held_lock+0x2b/0x80
[  834.488375][T24036]  __sys_sendmsg+0x16d/0x220
[  834.488393][T24036]  ? __pfx___sys_sendmsg+0x10/0x10
[  834.488422][T24036]  ? rcu_is_watching+0x12/0xc0
[  834.488444][T24036]  __do_fast_syscall_32+0x7c/0x3a0
[  834.488464][T24036]  do_fast_syscall_32+0x32/0x80
[  834.488480][T24036]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  834.488521][T24036] RIP: 0023:0xf70ae579
[  834.488538][T24036] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  834.488554][T24036] RSP: 002b:00000000f509e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  834.488571][T24036] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000800001c0
[  834.488583][T24036] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  834.488593][T24036] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  834.488603][T24036] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  834.488613][T24036] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  834.488636][T24036]  </TASK>
[  835.220465][   T40] audit: type=1326 audit(2000000091.309:6719): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24051 comm="syz.2.5651" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703e579 code=0x7ffc0000
[  835.234203][   T40] audit: type=1326 audit(2000000091.309:6720): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24051 comm="syz.2.5651" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703e579 code=0x7ffc0000
[  835.244620][   T40] audit: type=1326 audit(2000000091.309:6721): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24051 comm="syz.2.5651" exe="/syz-executor" sig=0 arch=40000003 syscall=313 compat=1 ip=0xf703e579 code=0x7ffc0000
[  835.251986][   T40] audit: type=1326 audit(2000000091.309:6722): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24051 comm="syz.2.5651" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703e579 code=0x7ffc0000
[  835.258713][   T40] audit: type=1326 audit(2000000091.309:6723): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24051 comm="syz.2.5651" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703e579 code=0x7ffc0000
[  835.290378][T14384] usb 5-1: USB disconnect, device number 57
[  835.771140][T24072] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5656'.
[  836.165932][T24083] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input41
[  836.838940][T24101] 9pnet_fd: Insufficient options for proto=fd
[  836.969121][   T40] audit: type=1326 audit(2000000093.059:6724): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24102 comm="syz.1.5666" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ae579 code=0x7ffc0000
[  836.975860][   T40] audit: type=1326 audit(2000000093.059:6725): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24102 comm="syz.1.5666" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ae579 code=0x7ffc0000
[  836.982684][   T40] audit: type=1326 audit(2000000093.059:6726): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24102 comm="syz.1.5666" exe="/syz-executor" sig=0 arch=40000003 syscall=313 compat=1 ip=0xf70ae579 code=0x7ffc0000
[  836.989458][   T40] audit: type=1326 audit(2000000093.059:6727): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24102 comm="syz.1.5666" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ae579 code=0x7ffc0000
[  836.996171][   T40] audit: type=1326 audit(2000000093.059:6728): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24102 comm="syz.1.5666" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ae579 code=0x7ffc0000
[  837.194221][ T6008] usb 5-1: new high-speed USB device number 58 using dummy_hcd
[  837.369137][ T6008] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  837.372978][ T6008] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  837.377194][ T6008] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  837.380117][ T6008] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  837.385507][T24107] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  837.389231][ T6008] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[  837.863862][T24132] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  838.574552][T24155] 9pnet_fd: Insufficient options for proto=fd
[  838.641621][T24158] 9pnet_virtio: no channels available for device ./file0/file0
[  839.201003][T24166] FAULT_INJECTION: forcing a failure.
[  839.201003][T24166] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  839.205648][T24166] CPU: 3 UID: 0 PID: 24166 Comm: syz.3.5686 Not tainted 6.16.0-rc1-syzkaller-00004-gaef17cb3d3c4 #0 PREEMPT(full) 
[  839.205663][T24166] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  839.205670][T24166] Call Trace:
[  839.205674][T24166]  <TASK>
[  839.205678][T24166]  dump_stack_lvl+0x16c/0x1f0
[  839.205698][T24166]  should_fail_ex+0x512/0x640
[  839.205717][T24166]  _copy_from_iter+0x29f/0x16f0
[  839.205735][T24166]  ? __alloc_skb+0x200/0x380
[  839.205752][T24166]  ? __pfx__copy_from_iter+0x10/0x10
[  839.205769][T24166]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  839.205786][T24166]  netlink_sendmsg+0x829/0xdd0
[  839.205800][T24166]  ? __pfx_netlink_sendmsg+0x10/0x10
[  839.205814][T24166]  ? __import_iovec+0x1dd/0x650
[  839.205832][T24166]  ____sys_sendmsg+0xa95/0xc70
[  839.205847][T24166]  ? __pfx_____sys_sendmsg+0x10/0x10
[  839.205859][T24166]  ? get_compat_msghdr+0x11a/0x170
[  839.205876][T24166]  ___sys_sendmsg+0x134/0x1d0
[  839.205893][T24166]  ? __pfx____sys_sendmsg+0x10/0x10
[  839.205921][T24166]  ? find_held_lock+0x2b/0x80
[  839.205940][T24166]  __sys_sendmsg+0x16d/0x220
[  839.205950][T24166]  ? __pfx___sys_sendmsg+0x10/0x10
[  839.205959][T24166]  ? __pfx_bpf_trace_run2+0x10/0x10
[  839.205977][T24166]  ? syscall_trace_enter+0x1cb/0x260
[  839.205995][T24166]  ? rcu_is_watching+0x12/0xc0
[  839.206008][T24166]  __do_fast_syscall_32+0x7c/0x3a0
[  839.206019][T24166]  do_fast_syscall_32+0x32/0x80
[  839.206029][T24166]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  839.206042][T24166] RIP: 0023:0xf707e579
[  839.206051][T24166] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  839.206061][T24166] RSP: 002b:00000000f506e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  839.206071][T24166] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800002c0
[  839.206078][T24166] RDX: 0000000000000080 RSI: 0000000000000000 RDI: 0000000000000000
[  839.206084][T24166] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  839.206089][T24166] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  839.206095][T24166] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  839.206108][T24166]  </TASK>
[  839.257798][ T6008] usb 5-1: USB disconnect, device number 58
[  839.429675][T24175] xt_HMARK: proto mask must be zero with L3 mode
[  840.516737][T24188] bridge0: port 1(erspan0) entered blocking state
[  840.519253][T24188] bridge0: port 1(erspan0) entered disabled state
[  840.521427][T24188] erspan0: entered allmulticast mode
[  840.524123][T24188] erspan0: entered promiscuous mode
[  840.524439][ T6027] usb 6-1: new high-speed USB device number 62 using dummy_hcd
[  840.690891][T24182] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  840.697379][T24182] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  841.166505][T24199] tipc: Failed to obtain node identity
[  841.175150][T24199] tipc: Enabling of bearer <ib:ip6gre0> rejected, failed to enable media
[  841.247613][T14384] IPVS: starting estimator thread 0...
[  841.250733][T24207] IPVS: set_ctl: invalid protocol: 44 10.1.1.1:20001
[  841.341664][T24211] netlink: 'syz.1.5700': attribute type 30 has an invalid length.
[  841.344063][T24211] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5700'.
[  841.349033][T24211] bridge0: port 2(bridge_slave_1) entered disabled state
[  841.354227][T24208] IPVS: using max 44 ests per chain, 105600 per kthread
[  841.844126][T24222] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[  841.847035][T24222] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[  841.923895][T24222] tipc: Started in network mode
[  841.925754][T24222] tipc: Node identity 4, cluster identity 4711
[  841.928050][T24222] tipc: Node number set to 4
[  842.198294][T24224] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5705'.
[  842.922023][T24224] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  842.931106][T24224] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  842.939322][T24224] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  842.945126][T24224] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  842.949761][T24224] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  843.054651][T24224] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  843.062763][T24241] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_cmd_wq": -EINTR
[  843.108695][T24244] FAULT_INJECTION: forcing a failure.
[  843.108695][T24244] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  843.117169][T24244] CPU: 1 UID: 0 PID: 24244 Comm: syz.2.5709 Not tainted 6.16.0-rc1-syzkaller-00004-gaef17cb3d3c4 #0 PREEMPT(full) 
[  843.117186][T24244] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  843.117193][T24244] Call Trace:
[  843.117197][T24244]  <TASK>
[  843.117202][T24244]  dump_stack_lvl+0x16c/0x1f0
[  843.117223][T24244]  should_fail_ex+0x512/0x640
[  843.117241][T24244]  _copy_to_user+0x32/0xd0
[  843.117253][T24244]  simple_read_from_buffer+0xcb/0x170
[  843.117268][T24244]  proc_fail_nth_read+0x197/0x270
[  843.117281][T24244]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  843.117295][T24244]  ? rw_verify_area+0xcf/0x680
[  843.117308][T24244]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  843.117320][T24244]  vfs_read+0x1e4/0xc60
[  843.117335][T24244]  ? fdget_pos+0x2a2/0x370
[  843.117351][T24244]  ? __pfx_vfs_read+0x10/0x10
[  843.117365][T24244]  ? find_held_lock+0x2b/0x80
[  843.117379][T24244]  ? __fget_files+0x20e/0x3c0
[  843.117397][T24244]  ksys_read+0x12a/0x250
[  843.117411][T24244]  ? __pfx_ksys_read+0x10/0x10
[  843.117426][T24244]  ? rcu_is_watching+0x12/0xc0
[  843.117439][T24244]  __do_fast_syscall_32+0x7c/0x3a0
[  843.117451][T24244]  do_fast_syscall_32+0x32/0x80
[  843.117461][T24244]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  843.117475][T24244] RIP: 0023:0xf703e579
[  843.117484][T24244] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  843.117494][T24244] RSP: 002b:00000000f502e590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  843.117505][T24244] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000f502e620
[  843.117511][T24244] RDX: 000000000000000f RSI: 00000000f73a2ff4 RDI: 0000000000000000
[  843.117518][T24244] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  843.117524][T24244] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  843.117529][T24244] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  843.117542][T24244]  </TASK>
[  844.324927][ T5945] Bluetooth: hci3: command 0x0405 tx timeout
[  844.797001][T24282] 9pnet_virtio: no channels available for device ./file0/file0
[  844.964181][T14863] Bluetooth: hci1: command 0x0c1a tx timeout
[  844.966389][T14863] Bluetooth: hci5: command 0x0c1a tx timeout
[  844.968502][ T5945] Bluetooth: hci2: command 0x0c1a tx timeout
[  845.581562][T24291] syz.2.5722: attempt to access beyond end of device
[  845.581562][T24291] nbd2: rw=0, sector=16, nr_sectors = 1 limit=0
[  845.587398][T24291] qnx6: unable to read the first superblock
[  845.590629][T24291] syz.2.5722: attempt to access beyond end of device
[  845.590629][T24291] nbd2: rw=0, sector=0, nr_sectors = 1 limit=0
[  845.597958][T24291] qnx6: unable to read the first superblock
[  845.601891][T24291] qnx6: unable to read the first superblock
[  846.455422][T24311] 9pnet_virtio: no channels available for device ./file0/file0
[  847.136585][T14863] Bluetooth: hci2: command 0x0c1a tx timeout
[  847.200149][T24320] 9pnet_virtio: no channels available for device ./file0/file0
[  847.706079][T23791] syz_tun (unregistering): left allmulticast mode
[  848.018959][T17111] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  848.083401][T17111] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  848.236090][ T5945] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  848.239464][T17111] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  848.241151][ T5945] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  848.245784][ T5945] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  848.251784][ T5945] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  848.254962][ T5945] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  848.441034][T17111] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  848.471183][T24359] netlink: 28 bytes leftover after parsing attributes in process `syz.0.5741'.
[  848.576931][T17111] erspan0: left allmulticast mode
[  848.578615][T17111] erspan0: left promiscuous mode
[  848.581463][T17111] bridge0: port 2(erspan0) entered disabled state
[  848.587276][T17111] team0: left allmulticast mode
[  848.589417][T17111] bridge0: port 1(team0) entered disabled state
[  848.913764][T17111] bond0 (unregistering): (slave wlan1): Releasing backup interface
[  848.919901][T17111] bond0 (unregistering): Released all slaves
[  848.931641][T24346] chnl_net:caif_netlink_parms(): no params data found
[  848.975450][T17111] : left promiscuous mode
[  849.092398][T17111] tipc: Disabling bearer <eth:ipvlan1>
[  849.096013][T17111] tipc: Left network mode
[  849.098477][T24346] bridge0: port 1(bridge_slave_0) entered blocking state
[  849.101710][T24346] bridge0: port 1(bridge_slave_0) entered disabled state
[  849.105013][T24346] bridge_slave_0: entered allmulticast mode
[  849.108858][T24346] bridge_slave_0: entered promiscuous mode
[  849.122186][T24346] bridge0: port 2(bridge_slave_1) entered blocking state
[  849.126862][T24346] bridge0: port 2(bridge_slave_1) entered disabled state
[  849.129874][T24346] bridge_slave_1: entered allmulticast mode
[  849.133796][T24346] bridge_slave_1: entered promiscuous mode
[  849.210375][T24346] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  849.216558][T24346] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  849.360160][ T5945] Bluetooth: hci2: command 0x0c1a tx timeout
[  849.418070][T24346] team0: Port device team_slave_0 added
[  849.423284][T24346] team0: Port device team_slave_1 added
[  849.443209][T24375] netlink: 'syz.0.5741': attribute type 2 has an invalid length.
[  849.502115][T17111] hsr_slave_0: left promiscuous mode
[  849.511444][T24378] 9pnet_virtio: no channels available for device ./file0/file0
[  849.527549][T17111] veth1_macvtap: left promiscuous mode
[  849.529353][T17111] veth0_macvtap: left promiscuous mode
[  849.531181][T17111] veth1_vlan: left promiscuous mode
[  849.532943][T17111] veth0_vlan: left promiscuous mode
[  849.798502][T24382] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  850.183950][T24387] overlayfs: conflicting lowerdir path
[  850.477710][ T5945] Bluetooth: hci0: command tx timeout
[  850.868438][T24394] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5751'.
[  850.871309][T24394] netlink: 'syz.1.5751': attribute type 5 has an invalid length.
[  850.873903][T24394] netlink: 20 bytes leftover after parsing attributes in process `syz.1.5751'.
[  851.886987][T24346] batman_adv: batadv0: Adding interface: batadv_slave_0
[  851.889137][T24346] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  851.897225][T24346] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  851.914270][T24394] netdevsim netdevsim1 netdevsim0: set [1, 1] type 2 family 0 port 256 - 0
[  851.918648][T24394] netdevsim netdevsim1 netdevsim1: set [1, 1] type 2 family 0 port 256 - 0
[  851.921367][T24394] netdevsim netdevsim1 netdevsim2: set [1, 1] type 2 family 0 port 256 - 0
[  851.924038][T24394] netdevsim netdevsim1 netdevsim3: set [1, 1] type 2 family 0 port 256 - 0
[  851.927631][T24394] geneve2: entered promiscuous mode
[  851.929313][T24394] geneve2: entered allmulticast mode
[  851.939182][T24346] batman_adv: batadv0: Adding interface: batadv_slave_1
[  851.941383][T24346] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  851.942990][T24406] syz.0.5754 (24406) used obsolete PPPIOCDETACH ioctl
[  851.955429][T24346] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  852.012930][T24346] hsr_slave_0: entered promiscuous mode
[  852.015269][T24346] hsr_slave_1: entered promiscuous mode
[  852.592062][T17111] IPVS: stop unused estimator thread 0...
[  852.697931][ T5945] Bluetooth: hci0: command tx timeout
[  852.800101][T24346] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  852.806239][T24346] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  852.812216][T24346] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  852.818018][T24346] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  852.911476][T24346] 8021q: adding VLAN 0 to HW filter on device bond0
[  852.928785][T24346] 8021q: adding VLAN 0 to HW filter on device team0
[  852.937995][ T9386] bridge0: port 1(bridge_slave_0) entered blocking state
[  852.941025][ T9386] bridge0: port 1(bridge_slave_0) entered forwarding state
[  852.952551][ T9386] bridge0: port 2(bridge_slave_1) entered blocking state
[  852.955523][ T9386] bridge0: port 2(bridge_slave_1) entered forwarding state
[  853.140795][T24346] 8021q: adding VLAN 0 to HW filter on device batadv0
[  853.165176][T24346] veth0_vlan: entered promiscuous mode
[  853.191733][T24346] veth1_vlan: entered promiscuous mode
[  853.211341][T24346] veth0_macvtap: entered promiscuous mode
[  853.216545][T24346] veth1_macvtap: entered promiscuous mode
[  853.230304][T24346] batman_adv: batadv0: Interface activated: batadv_slave_0
[  853.244594][T24346] batman_adv: batadv0: Interface activated: batadv_slave_1
[  853.247649][T24441] ata1.00: invalid cdb length 14
[  853.248733][T24346] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  853.254288][T24346] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  853.256984][T24346] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  853.259630][T24346] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  853.314782][ T9386] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  853.321863][ T9386] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  853.405131][T17111] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  853.405149][T17111] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  854.543684][ T9395] Bluetooth: hci4: Frame reassembly failed (-84)
[  854.929974][T14863] Bluetooth: hci0: command tx timeout
[  855.156678][T24477] ata1.00: invalid cdb length 14
[  855.391712][T24485] 9pnet_virtio: no channels available for device ./file0/file0
[  856.726108][T14863] Bluetooth: hci4: command 0x1003 tx timeout
[  856.729285][ T5945] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  857.142870][ T5945] Bluetooth: hci0: command tx timeout
[  857.951331][T24514] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5781'.
[  858.013314][T24516] ata1.00: invalid cdb length 14
[  858.335519][T24527] "syz.3.5783" (24527) uses obsolete ecb(arc4) skcipher
[  858.715604][T24533] kvm: kvm [24532]: vcpu0, guest rIP: 0x1a3 Unhandled WRMSR(0x11e) = 0xbe70a111
[  859.066167][ T9373] Bluetooth: hci4: Frame reassembly failed (-84)
[  859.068871][ T9395] Bluetooth: hci4: Frame reassembly failed (-84)
[  859.250873][T24550] ata1.00: invalid cdb length 15
[  859.557970][T24554] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5789'.
[  860.204538][T24555] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  860.243610][T24567] kvm: kvm [24566]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010058) = 0x800001c0
[  860.404969][T24576] bridge0: port 3(erspan0) entered blocking state
[  860.407316][T24576] bridge0: port 3(erspan0) entered disabled state
[  860.409427][T24576] erspan0: entered allmulticast mode
[  860.412017][T24576] erspan0: entered promiscuous mode
[  860.414006][T24576] bridge0: port 3(erspan0) entered blocking state
[  860.416134][T24576] bridge0: port 3(erspan0) entered forwarding state
[  860.571502][   T40] kauditd_printk_skb: 9 callbacks suppressed
[  860.571518][   T40] audit: type=1326 audit(2000000115.700:6738): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24577 comm="syz.2.5799" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703e579 code=0x7ffc0000
[  860.582784][   T40] audit: type=1326 audit(2000000115.700:6739): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24577 comm="syz.2.5799" exe="/syz-executor" sig=0 arch=40000003 syscall=313 compat=1 ip=0xf703e579 code=0x7ffc0000
[  860.591676][   T40] audit: type=1326 audit(2000000115.700:6740): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24577 comm="syz.2.5799" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703e579 code=0x7ffc0000
[  860.600478][   T40] audit: type=1326 audit(2000000115.700:6741): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24577 comm="syz.2.5799" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703e579 code=0x7ffc0000
[  861.008959][T24585] ata1.00: invalid cdb length 15
[  861.258788][ T5945] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  861.258866][T14863] Bluetooth: hci4: command 0x1003 tx timeout
[  861.474352][T24594] virtio-fs: tag <c:::> not found
[  862.452498][T24599] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  862.516428][T24616] ata1.00: invalid cdb length 15
[  864.864461][T24658] ata1.00: non-matching transfer count (1530558389/0)
[  867.879130][   T40] audit: type=1326 audit(2000000122.538:6742): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24697 comm="syz.3.5834" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709e579 code=0x7ffc0000
[  867.885809][   T40] audit: type=1326 audit(2000000122.538:6743): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24697 comm="syz.3.5834" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709e579 code=0x7ffc0000
[  867.893581][   T40] audit: type=1326 audit(2000000122.538:6744): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24697 comm="syz.3.5834" exe="/syz-executor" sig=0 arch=40000003 syscall=313 compat=1 ip=0xf709e579 code=0x7ffc0000
[  867.900575][   T40] audit: type=1326 audit(2000000122.538:6745): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24697 comm="syz.3.5834" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709e579 code=0x7ffc0000
[  867.907141][   T40] audit: type=1326 audit(2000000122.538:6746): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24697 comm="syz.3.5834" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709e579 code=0x7ffc0000
[  867.988741][T24706] ubi31: detaching mtd0
[  868.031746][T24706] ubi31: mtd0 is detached
[  868.128244][T24710] ata1.00: non-matching transfer count (1530558389/0)
[  868.189397][T24713] can: request_module (can-proto-3) failed.
[  869.979706][   T40] audit: type=1326 audit(2000000124.493:6747): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24743 comm="syz.1.5849" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ae579 code=0x7ffc0000
[  869.986374][   T40] audit: type=1326 audit(2000000124.493:6748): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24743 comm="syz.1.5849" exe="/syz-executor" sig=0 arch=40000003 syscall=313 compat=1 ip=0xf70ae579 code=0x7ffc0000
[  869.993058][   T40] audit: type=1326 audit(2000000124.493:6749): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24743 comm="syz.1.5849" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ae579 code=0x7ffc0000
[  870.003610][   T40] audit: type=1326 audit(2000000124.493:6750): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24743 comm="syz.1.5849" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ae579 code=0x7ffc0000
[  870.791343][T24759] fuse: Unknown parameter 'grou00000000000000000000'
[  871.171583][ T1418] ieee802154 phy1 wpan1: encryption failed: -22
[  871.670617][T24777] netlink: 'syz.2.5858': attribute type 1 has an invalid length.
[  871.673719][T24777] netlink: 224 bytes leftover after parsing attributes in process `syz.2.5858'.
[  871.679498][T24779] erspan0: left allmulticast mode
[  871.681200][T24779] erspan0: left promiscuous mode
[  871.685915][T24779] bridge0: port 1(erspan0) entered disabled state
[  871.690664][T24779] bond0: (slave wlan1): Releasing backup interface
[  871.716498][T24779] netlink: 'syz.0.5857': attribute type 10 has an invalid length.
[  871.739265][T24779] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  872.703687][T24797] fuse: Unknown parameter 'grou00000000000000000000'
[  872.748639][T24799] netlink: 68 bytes leftover after parsing attributes in process `syz.0.5863'.
[  872.880863][T24804] netlink: 24 bytes leftover after parsing attributes in process `syz.1.5865'.
[  873.158466][T24810] ata1.00: non-matching transfer count (1530558389/0)
[  874.500008][ T9371] Bluetooth: hci4: Frame reassembly failed (-84)
[  874.504104][T24831] ata1.00: non-matching transfer count (1530558389/0)
[  875.512752][T24848] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  875.578042][T24861] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5880'.
[  876.474994][ T6007] usb 6-1: new high-speed USB device number 63 using dummy_hcd
[  876.642780][T14863] Bluetooth: hci4: command 0x1003 tx timeout
[  876.645586][ T5945] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  877.254045][ T6007] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  877.257340][ T6007] usb 6-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  877.260815][ T6007] usb 6-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  877.317739][ T6007] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  877.320598][ T6007] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  877.323094][ T6007] usb 6-1: Product: syz
[  877.324429][ T6007] usb 6-1: Manufacturer: syz
[  877.325902][ T6007] usb 6-1: SerialNumber: syz
[  877.556287][ T6007] usblp 6-1:1.0: usblp0: USB Unidirectional printer dev 63 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[  877.647464][ T6027] usb 8-1: new high-speed USB device number 59 using dummy_hcd
[  877.772043][T24873] fuse: Unknown parameter 'user_i00000000000000000000'
[  877.777155][ T6007] usb 6-1: USB disconnect, device number 63
[  877.781004][ T6007] usblp0: removed
[  877.818463][ T6027] usb 8-1: Using ep0 maxpacket: 32
[  877.821450][ T6027] usb 8-1: config index 0 descriptor too short (expected 29220, got 36)
[  877.824094][ T6027] usb 8-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  877.826884][ T6027] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 81
[  877.829812][ T6027] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  877.832918][ T6027] usb 8-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  877.835901][ T6027] usb 8-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  877.840006][ T6027] usb 8-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  877.842651][ T6027] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  877.846466][ T6027] usb 8-1: config 0 descriptor??
[  878.069199][ T6027] usblp 8-1:0.0: usblp0: USB Bidirectional printer dev 59 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  878.074039][ T6027] usb 8-1: USB disconnect, device number 59
[  878.077449][ T6027] usblp0: removed
[  878.130927][T24894] ata1.00: non-matching transfer count (1530558389/0)
[  878.195416][ T5945] Bluetooth: hci3: unexpected event for opcode 0x1407
[  878.239839][T24900] veth1_macvtap: default FDB implementation only supports local addresses
[  878.246205][T24900] netdevsim netdevsim0 netdevsim0: entered promiscuous mode
[  878.249123][T24900] netdevsim netdevsim0 netdevsim0: entered allmulticast mode
[  878.271129][   T40] audit: type=1326 audit(2000000132.256:6751): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24897 comm="syz.2.5893" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703e579 code=0x7ffc0000
[  878.280036][   T40] audit: type=1326 audit(2000000132.256:6752): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24897 comm="syz.2.5893" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf703e598 code=0x7ffc0000
[  878.286940][   T40] audit: type=1326 audit(2000000132.256:6753): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24897 comm="syz.2.5893" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf703e598 code=0x7ffc0000
[  878.291112][T24902] ata1.00: non-matching transfer count (1530558389/0)
[  878.294258][   T40] audit: type=1326 audit(2000000132.256:6754): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24897 comm="syz.2.5893" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf703e598 code=0x7ffc0000
[  878.304608][   T40] audit: type=1326 audit(2000000132.256:6755): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24897 comm="syz.2.5893" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf703e598 code=0x7ffc0000
[  878.312584][   T40] audit: type=1326 audit(2000000132.256:6756): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24897 comm="syz.2.5893" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf703e598 code=0x7ffc0000
[  878.319452][   T40] audit: type=1326 audit(2000000132.256:6757): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24897 comm="syz.2.5893" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf703e598 code=0x7ffc0000
[  878.326683][   T40] audit: type=1326 audit(2000000132.256:6758): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24897 comm="syz.2.5893" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf703e598 code=0x7ffc0000
[  878.333954][   T40] audit: type=1326 audit(2000000132.256:6759): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24897 comm="syz.2.5893" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf703e598 code=0x7ffc0000
[  878.340893][   T40] audit: type=1326 audit(2000000132.256:6760): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24897 comm="syz.2.5893" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf703e598 code=0x7ffc0000
[  878.394828][T24906] netlink: 12 bytes leftover after parsing attributes in process `syz.1.5897'.
[  878.406270][T24906] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5897'.
[  878.416379][T24906] netlink: 12 bytes leftover after parsing attributes in process `syz.1.5897'.
[  878.488406][T24906] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5897'.
[  878.556409][T21108] usb 8-1: new high-speed USB device number 60 using dummy_hcd
[  878.698365][T24913] netlink: zone id is out of range
[  878.700089][T24913] netlink: zone id is out of range
[  878.702023][T24913] netlink: del zone limit has 4 unknown bytes
[  878.737918][T21108] usb 8-1: Using ep0 maxpacket: 32
[  878.760793][T21108] usb 8-1: config index 0 descriptor too short (expected 29220, got 36)
[  878.774544][T21108] usb 8-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  878.787405][T21108] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 81
[  878.795878][T21108] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  878.799179][T21108] usb 8-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  878.802773][T21108] usb 8-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  878.809526][T21108] usb 8-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  878.812518][T21108] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  878.839263][T21108] usb 8-1: config 0 descriptor??
[  879.482011][T21108] usblp 8-1:0.0: usblp0: USB Bidirectional printer dev 60 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  879.860771][T24914] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  880.034995][T24939] 9pnet_virtio: no channels available for device ./file0/file0
[  880.046799][T24941] ata1.00: non-matching transfer count (1530558389/0)
[  880.822642][ T9386] Bluetooth: hci4: Frame reassembly failed (-84)
[  880.914160][ T6007] usb 8-1: USB disconnect, device number 60
[  880.936085][ T6007] usblp0: removed
[  882.253359][T24975] xt_CT: You must specify a L4 protocol and not use inversions on it
[  882.360316][T24982] FAULT_INJECTION: forcing a failure.
[  882.360316][T24982] name failslab, interval 1, probability 0, space 0, times 0
[  882.366232][T24982] CPU: 2 UID: 0 PID: 24982 Comm: syz.2.5916 Not tainted 6.16.0-rc1-syzkaller-00004-gaef17cb3d3c4 #0 PREEMPT(full) 
[  882.366271][T24982] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  882.366279][T24982] Call Trace:
[  882.366283][T24982]  <TASK>
[  882.366288][T24982]  dump_stack_lvl+0x16c/0x1f0
[  882.366308][T24982]  should_fail_ex+0x512/0x640
[  882.366324][T24982]  ? __kmalloc_noprof+0xbf/0x510
[  882.366340][T24982]  ? io_cache_alloc_new+0x45/0xf0
[  882.366355][T24982]  should_failslab+0xc2/0x120
[  882.366366][T24982]  __kmalloc_noprof+0xd2/0x510
[  882.366380][T24982]  ? mark_held_locks+0x49/0x80
[  882.366397][T24982]  io_cache_alloc_new+0x45/0xf0
[  882.366413][T24982]  io_msg_alloc_async+0x1c3/0x3a0
[  882.366428][T24982]  io_bind_prep+0x1a3/0x260
[  882.366444][T24982]  io_submit_sqes+0x835/0x2580
[  882.366466][T24982]  __do_sys_io_uring_enter+0xd6a/0x1630
[  882.366483][T24982]  ? __fget_files+0x20e/0x3c0
[  882.366497][T24982]  ? __pfx___do_sys_io_uring_enter+0x10/0x10
[  882.366513][T24982]  ? fput+0x70/0xf0
[  882.366523][T24982]  ? ksys_write+0x1ac/0x250
[  882.366537][T24982]  ? __pfx_ksys_write+0x10/0x10
[  882.366553][T24982]  ? rcu_is_watching+0x12/0xc0
[  882.366566][T24982]  __do_fast_syscall_32+0x7c/0x3a0
[  882.366577][T24982]  do_fast_syscall_32+0x32/0x80
[  882.366587][T24982]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  882.366601][T24982] RIP: 0023:0xf703e579
[  882.366609][T24982] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  882.366619][T24982] RSP: 002b:00000000f502e55c EFLAGS: 00000296 ORIG_RAX: 00000000000001aa
[  882.366629][T24982] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000002d42
[  882.366636][T24982] RDX: 0000000000000002 RSI: 0000000000000060 RDI: 0000000000000000
[  882.366642][T24982] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  882.366648][T24982] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  882.366654][T24982] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  882.366667][T24982]  </TASK>
[  882.465654][T24985] fuse: Unknown parameter 'group_id00000000000000000000'
[  882.529811][T24990] overlay: Unknown parameter '/'
[  882.959716][T24997] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  882.971439][ T5305] Bluetooth: hci4: command 0x1003 tx timeout
[  882.975199][ T5945] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  883.399217][ T5945] Bluetooth: hci5: command 0x1003 tx timeout
[  883.404555][T14863] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  884.808509][T25018] fuse: Bad value for 'user_id'
[  884.810727][T25018] fuse: Bad value for 'user_id'
[  886.456257][T25047] netlink: zone id is out of range
[  886.463864][T25047] netlink: zone id is out of range
[  886.467411][T25047] netlink: zone id is out of range
[  886.478122][T25047] netlink: del zone limit has 4 unknown bytes
[  886.834633][   T40] kauditd_printk_skb: 245 callbacks suppressed
[  886.834646][   T40] audit: type=1326 audit(2000000140.263:7006): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25053 comm="syz.1.5937" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf70ae579 code=0x0
[  888.616040][T14863] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  888.616488][ T5945] Bluetooth: hci4: command 0x1003 tx timeout
[  890.729758][T25105] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  890.853597][T25118] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5951'.
[  891.663284][T17111] Bluetooth: hci4: Frame reassembly failed (-84)
[  891.980244][T25129] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  892.302304][T25156] netlink: 72 bytes leftover after parsing attributes in process `syz.0.5958'.
[  893.294641][T25170] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5963'.
[  893.298086][T25170] vlan0: entered promiscuous mode
[  893.844028][T14863] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  894.049672][T25180] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  894.378603][T25184] bond0: (slave wlan1): Releasing backup interface
[  894.383127][T25184] bond0: Destroying bond
[  894.488637][T25184] bond0 (unregistering): Released all slaves
[  894.854532][T25198] 9pnet_virtio: no channels available for device ./file0/file0
[  896.419658][ T6027] IPVS: starting estimator thread 0...
[  896.471793][ T6008] libceph: connect (1)[c::]:6789 error -101
[  896.474292][ T6008] libceph: mon0 (1)[c::]:6789 connect error
[  896.484271][T25225] ceph: No mds server is up or the cluster is laggy
[  896.527127][T25229] IPVS: using max 47 ests per chain, 112800 per kthread
[  896.775462][T25235] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5980'.
[  896.779381][T25235] netlink: 20 bytes leftover after parsing attributes in process `syz.2.5980'.
[  896.780646][T25237] 9pnet_virtio: no channels available for device ./file0/file0
[  897.810064][T25254] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  899.461059][T25281] 9pnet_virtio: no channels available for device ./file0/file0
[  899.602790][ T5945] Bluetooth: hci3: unexpected event for opcode 0x200c
[  899.642163][   T40] audit: type=1326 audit(2000000152.246:7007): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25288 comm="syz.2.5997" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf703e579 code=0x0
[  899.779905][T25294] overlayfs: missing 'lowerdir'
[  900.001209][T25296] Bluetooth: received HCILL_WAKE_UP_ACK in state 2
[  900.003513][ T9371] Bluetooth: hci4: Frame reassembly failed (-84)
[  900.181362][T25297] netlink: 28 bytes leftover after parsing attributes in process `syz.3.5999'.
[  902.214481][T14863] Bluetooth: hci4: command 0x1003 tx timeout
[  902.217624][ T5945] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  902.423522][T25334] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  902.438227][T25337] FAULT_INJECTION: forcing a failure.
[  902.438227][T25337] name failslab, interval 1, probability 0, space 0, times 0
[  902.443108][T25334] kvm: pic: non byte read
[  902.444206][T25334] kvm: pic: level sensitive irq not supported
[  902.446226][T25334] kvm: pic: non byte read
[  902.450669][T25337] CPU: 3 UID: 0 PID: 25337 Comm: syz.0.6011 Not tainted 6.16.0-rc1-syzkaller-00004-gaef17cb3d3c4 #0 PREEMPT(full) 
[  902.450686][T25337] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  902.450693][T25337] Call Trace:
[  902.450697][T25337]  <TASK>
[  902.450702][T25337]  dump_stack_lvl+0x16c/0x1f0
[  902.450722][T25337]  should_fail_ex+0x512/0x640
[  902.450739][T25337]  ? __kvmalloc_node_noprof+0x124/0x620
[  902.450755][T25337]  should_failslab+0xc2/0x120
[  902.450766][T25337]  __kvmalloc_node_noprof+0x137/0x620
[  902.450781][T25337]  ? __nf_hook_entries_try_shrink+0x15f/0x400
[  902.450796][T25337]  ? __nf_hook_entries_try_shrink+0x15f/0x400
[  902.450806][T25337]  __nf_hook_entries_try_shrink+0x15f/0x400
[  902.450820][T25337]  __nf_unregister_net_hook+0x2e5/0x680
[  902.450833][T25337]  nf_unregister_net_hooks+0x11b/0x160
[  902.450845][T25337]  ip_vs_unregister_hooks+0xd8/0x140
[  902.450858][T25337]  ip_vs_unlink_service+0x9a4/0xbf0
[  902.450876][T25337]  ip_vs_flush+0x1c0/0x230
[  902.450891][T25337]  do_ip_vs_set_ctl+0xe9a/0x11d0
[  902.450905][T25337]  ? __lock_acquire+0xb8a/0x1c90
[  902.450921][T25337]  ? __mutex_init+0x120/0x120
[  902.450934][T25337]  ? __pfx_do_ip_vs_set_ctl+0x10/0x10
[  902.450949][T25337]  ? __pfx___mutex_trylock_common+0x10/0x10
[  902.450964][T25337]  ? __pfx___might_resched+0x10/0x10
[  902.450978][T25337]  ? nf_sockopt_find.constprop.0+0x222/0x290
[  902.450993][T25337]  ? __mutex_unlock_slowpath+0x161/0x6a0
[  902.451016][T25337]  ? nf_setsockopt+0x8d/0xf0
[  902.451027][T25337]  nf_setsockopt+0x8d/0xf0
[  902.451040][T25337]  ip_setsockopt+0xcb/0xf0
[  902.451057][T25337]  tcp_setsockopt+0xa7/0x100
[  902.451069][T25337]  smc_setsockopt+0x1b6/0xa00
[  902.451082][T25337]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  902.451097][T25337]  ? __pfx_smc_setsockopt+0x10/0x10
[  902.451114][T25337]  ? __pfx_smc_setsockopt+0x10/0x10
[  902.451127][T25337]  do_sock_setsockopt+0x221/0x470
[  902.451139][T25337]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  902.451160][T25337]  __sys_setsockopt+0x120/0x1a0
[  902.451178][T25337]  __ia32_sys_setsockopt+0xbc/0x160
[  902.451194][T25337]  ? lockdep_hardirqs_on+0x7c/0x110
[  902.451209][T25337]  ? syscall_enter_from_user_mode_prepare+0x68/0xe0
[  902.451226][T25337]  __do_fast_syscall_32+0x7c/0x3a0
[  902.451238][T25337]  do_fast_syscall_32+0x32/0x80
[  902.451248][T25337]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  902.451262][T25337] RIP: 0023:0xf70de579
[  902.451270][T25337] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  902.451281][T25337] RSP: 002b:00000000f50ce55c EFLAGS: 00000296 ORIG_RAX: 000000000000016e
[  902.451291][T25337] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000000000
[  902.451297][T25337] RDX: 0000000000000485 RSI: 0000000000000000 RDI: 0000000000000000
[  902.451303][T25337] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  902.451309][T25337] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  902.451315][T25337] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  902.451329][T25337]  </TASK>
[  902.909784][T25351] FAULT_INJECTION: forcing a failure.
[  902.909784][T25351] name failslab, interval 1, probability 0, space 0, times 0
[  902.914328][T25351] CPU: 1 UID: 0 PID: 25351 Comm: syz.1.6017 Not tainted 6.16.0-rc1-syzkaller-00004-gaef17cb3d3c4 #0 PREEMPT(full) 
[  902.914343][T25351] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  902.914351][T25351] Call Trace:
[  902.914355][T25351]  <TASK>
[  902.914359][T25351]  dump_stack_lvl+0x16c/0x1f0
[  902.914380][T25351]  should_fail_ex+0x512/0x640
[  902.914396][T25351]  ? __kmalloc_cache_noprof+0x57/0x3e0
[  902.914412][T25351]  should_failslab+0xc2/0x120
[  902.914422][T25351]  __kmalloc_cache_noprof+0x6a/0x3e0
[  902.914435][T25351]  ? __build_skb_around+0x278/0x3b0
[  902.914449][T25351]  ? nfc_genl_dump_devices+0x2b3/0x470
[  902.914465][T25351]  nfc_genl_dump_devices+0x2b3/0x470
[  902.914482][T25351]  genl_dumpit+0x122/0x230
[  902.914497][T25351]  netlink_dump+0x51b/0xce0
[  902.914511][T25351]  ? __pfx_netlink_dump+0x10/0x10
[  902.914526][T25351]  ? __asan_memset+0x23/0x50
[  902.914540][T25351]  ? genl_start+0x67f/0x980
[  902.914568][T25351]  __netlink_dump_start+0x6d6/0x990
[  902.914585][T25351]  genl_family_rcv_msg_dumpit+0x1e2/0x2e0
[  902.914600][T25351]  ? __pfx_genl_family_rcv_msg_dumpit+0x10/0x10
[  902.914614][T25351]  ? genl_rcv_msg+0x577/0x800
[  902.914630][T25351]  ? __pfx_genl_get_cmd+0x10/0x10
[  902.914642][T25351]  ? __pfx_genl_start+0x10/0x10
[  902.914654][T25351]  ? __pfx_genl_dumpit+0x10/0x10
[  902.914666][T25351]  ? __pfx_genl_done+0x10/0x10
[  902.914681][T25351]  ? __do_fast_syscall_32+0x7c/0x3a0
[  902.914691][T25351]  ? do_fast_syscall_32+0x32/0x80
[  902.914699][T25351]  ? __radix_tree_lookup+0x21f/0x2c0
[  902.914717][T25351]  genl_rcv_msg+0x46e/0x800
[  902.914733][T25351]  ? __pfx_genl_rcv_msg+0x10/0x10
[  902.914747][T25351]  ? __pfx_nfc_genl_dump_devices+0x10/0x10
[  902.914759][T25351]  ? __pfx_nfc_genl_dump_devices_done+0x10/0x10
[  902.914774][T25351]  ? __lock_acquire+0x622/0x1c90
[  902.914790][T25351]  netlink_rcv_skb+0x155/0x420
[  902.914802][T25351]  ? __pfx_genl_rcv_msg+0x10/0x10
[  902.914816][T25351]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  902.914835][T25351]  ? netlink_deliver_tap+0x1ae/0xd30
[  902.914846][T25351]  ? is_vmalloc_addr+0x86/0xa0
[  902.914863][T25351]  genl_rcv+0x28/0x40
[  902.914874][T25351]  netlink_unicast+0x53d/0x7f0
[  902.914888][T25351]  ? __pfx_netlink_unicast+0x10/0x10
[  902.914904][T25351]  netlink_sendmsg+0x8d1/0xdd0
[  902.914919][T25351]  ? __pfx_netlink_sendmsg+0x10/0x10
[  902.914932][T25351]  ? __import_iovec+0x1dd/0x650
[  902.914946][T25351]  ____sys_sendmsg+0xa95/0xc70
[  902.914961][T25351]  ? __pfx_____sys_sendmsg+0x10/0x10
[  902.914973][T25351]  ? get_compat_msghdr+0x11a/0x170
[  902.914991][T25351]  ___sys_sendmsg+0x134/0x1d0
[  902.915008][T25351]  ? __pfx____sys_sendmsg+0x10/0x10
[  902.915032][T25351]  ? find_held_lock+0x2b/0x80
[  902.915052][T25351]  __sys_sendmsg+0x16d/0x220
[  902.915062][T25351]  ? __pfx___sys_sendmsg+0x10/0x10
[  902.915079][T25351]  ? rcu_is_watching+0x12/0xc0
[  902.915091][T25351]  __do_fast_syscall_32+0x7c/0x3a0
[  902.915102][T25351]  do_fast_syscall_32+0x32/0x80
[  902.915112][T25351]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  902.915126][T25351] RIP: 0023:0xf70ae579
[  902.915134][T25351] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  902.915144][T25351] RSP: 002b:00000000f509e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  902.915155][T25351] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000800001c0
[  902.915161][T25351] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  902.915167][T25351] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  902.915173][T25351] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  902.915179][T25351] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  902.915193][T25351]  </TASK>
[  903.337139][ T6026] usb 6-1: new high-speed USB device number 64 using dummy_hcd
[  903.534210][ T6026] usb 6-1: config 0 has no interfaces?
[  903.535962][ T6026] usb 6-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  903.538790][ T6026] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  903.553745][ T6026] usb 6-1: config 0 descriptor??
[  903.781900][ T6026] usb 6-1: USB disconnect, device number 64
[  903.956646][T25383] bridge0: port 1(erspan0) entered blocking state
[  903.961372][T25383] bridge0: port 1(erspan0) entered disabled state
[  903.964254][T25383] erspan0: entered allmulticast mode
[  903.967940][T25383] erspan0: entered promiscuous mode
[  904.052724][T25383] xt_HMARK: proto mask must be zero with L3 mode
[  904.641157][T25392] loop4: detected capacity change from 0 to 7
[  904.645908][T25392] Dev loop4: unable to read RDB block 7
[  904.647968][T25392]  loop4: unable to read partition table
[  904.650413][T25392] loop4: partition table beyond EOD, truncated
[  904.656347][T25392] loop_reread_partitions: partition scan of loop4 (3Ÿ¾‚³˜) failed (rc=-5)
[  904.682874][T25396] fuse: Bad value for 'rootmode'
[  905.240626][T25405] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  905.243422][T25405] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  905.245766][T25405] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  905.249214][T25397] Bluetooth: hci0: Opcode 0x0c03 failed: -112
[  905.252443][T25405] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  906.289303][T25418] FAULT_INJECTION: forcing a failure.
[  906.289303][T25418] name failslab, interval 1, probability 0, space 0, times 0
[  906.293998][T25418] CPU: 3 UID: 0 PID: 25418 Comm: syz.2.6036 Not tainted 6.16.0-rc1-syzkaller-00004-gaef17cb3d3c4 #0 PREEMPT(full) 
[  906.294013][T25418] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  906.294020][T25418] Call Trace:
[  906.294050][T25418]  <TASK>
[  906.294057][T25418]  dump_stack_lvl+0x16c/0x1f0
[  906.294081][T25418]  should_fail_ex+0x512/0x640
[  906.294099][T25418]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[  906.294116][T25418]  should_failslab+0xc2/0x120
[  906.294127][T25418]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  906.294142][T25418]  ? ptlock_alloc+0x1f/0x70
[  906.294158][T25418]  ptlock_alloc+0x1f/0x70
[  906.294171][T25418]  pte_alloc_one+0x82/0x3a0
[  906.294189][T25418]  __pte_alloc+0x6d/0x3c0
[  906.294199][T25418]  ? __pfx___pte_alloc+0x10/0x10
[  906.294213][T25418]  __handle_mm_fault+0x4358/0x5490
[  906.294235][T25418]  ? __pfx___handle_mm_fault+0x10/0x10
[  906.294248][T25418]  ? folio_mark_accessed+0xc1/0xc00
[  906.294266][T25418]  ? __pfx_folio_mark_accessed+0x10/0x10
[  906.294281][T25418]  ? vm_normal_page+0x152/0x2e0
[  906.294291][T25418]  ? find_held_lock+0x2b/0x80
[  906.294301][T25418]  ? find_held_lock+0x2b/0x80
[  906.294319][T25418]  handle_mm_fault+0x589/0xd10
[  906.294335][T25418]  __get_user_pages+0x589/0x3b80
[  906.294353][T25418]  ? __pfx___get_user_pages+0x10/0x10
[  906.294364][T25418]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[  906.294383][T25418]  ? __pfx_down_read_killable+0x10/0x10
[  906.294399][T25418]  ? __lock_acquire+0x622/0x1c90
[  906.294414][T25418]  __gup_longterm_locked+0x20d/0x1850
[  906.294430][T25418]  ? __pfx___gup_longterm_locked+0x10/0x10
[  906.294444][T25418]  ? find_held_lock+0x2b/0x80
[  906.294454][T25418]  ? sanity_check_pinned_pages+0x23/0x1200
[  906.294469][T25418]  gup_fast_fallback+0x1ab3/0x29e0
[  906.294492][T25418]  ? __pfx_gup_fast_fallback+0x10/0x10
[  906.294503][T25418]  ? rcu_is_watching+0x12/0xc0
[  906.294516][T25418]  ? __schedule+0x1181/0x5de0
[  906.294532][T25418]  ? irqentry_exit+0x20/0x90
[  906.294550][T25418]  pin_user_pages_fast+0xa7/0xf0
[  906.294562][T25418]  ? __pfx_pin_user_pages_fast+0x10/0x10
[  906.294574][T25418]  ? iov_iter_advance+0x1e3/0x6c0
[  906.294593][T25418]  iov_iter_extract_pages+0x3a2/0x1ed0
[  906.294607][T25418]  ? preempt_schedule_thunk+0x16/0x30
[  906.294621][T25418]  ? __pfx_iov_iter_extract_pages+0x10/0x10
[  906.294634][T25418]  ? __local_bh_enable_ip+0xa4/0x120
[  906.294645][T25418]  ? lockdep_hardirqs_on+0x7c/0x110
[  906.294660][T25418]  ? kernel_fpu_end+0x59/0x70
[  906.294675][T25418]  ? __local_bh_enable_ip+0xa4/0x120
[  906.294686][T25418]  ? kernel_fpu_end+0x5e/0x70
[  906.294701][T25418]  ? __asan_memcpy+0x3c/0x60
[  906.294716][T25418]  extract_iter_to_sg+0xf6e/0x20c0
[  906.294734][T25418]  ? shash_ahash_update+0x244/0x2d0
[  906.294747][T25418]  ? __pfx_extract_iter_to_sg+0x10/0x10
[  906.294760][T25418]  ? gup_put_folio+0x8d/0x260
[  906.294771][T25418]  ? __pfx_unpin_user_page+0x10/0x10
[  906.294788][T25418]  hash_sendmsg+0x43e/0xfb0
[  906.294805][T25418]  ____sys_sendmsg+0xa95/0xc70
[  906.294821][T25418]  ? __pfx_____sys_sendmsg+0x10/0x10
[  906.294833][T25418]  ? get_compat_msghdr+0x11a/0x170
[  906.294850][T25418]  ___sys_sendmsg+0x134/0x1d0
[  906.294867][T25418]  ? __pfx____sys_sendmsg+0x10/0x10
[  906.294891][T25418]  ? find_held_lock+0x2b/0x80
[  906.294909][T25418]  __sys_sendmsg+0x16d/0x220
[  906.294920][T25418]  ? __pfx___sys_sendmsg+0x10/0x10
[  906.294936][T25418]  ? rcu_is_watching+0x12/0xc0
[  906.294948][T25418]  __do_fast_syscall_32+0x7c/0x3a0
[  906.294959][T25418]  do_fast_syscall_32+0x32/0x80
[  906.294969][T25418]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  906.294982][T25418] RIP: 0023:0xf703e579
[  906.294991][T25418] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  906.295002][T25418] RSP: 002b:00000000f502e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  906.295012][T25418] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080001880
[  906.295018][T25418] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  906.295025][T25418] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  906.295031][T25418] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  906.295036][T25418] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  906.295050][T25418]  </TASK>
[  906.303448][T25357] ALSA: mixer_oss: invalid OSS volume ''
[  906.406265][T25420] FAULT_INJECTION: forcing a failure.
[  906.406265][T25420] name failslab, interval 1, probability 0, space 0, times 0
[  906.460824][T25420] CPU: 1 UID: 0 PID: 25420 Comm: syz.2.6037 Not tainted 6.16.0-rc1-syzkaller-00004-gaef17cb3d3c4 #0 PREEMPT(full) 
[  906.460849][T25420] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  906.460859][T25420] Call Trace:
[  906.460880][T25420]  <TASK>
[  906.460889][T25420]  dump_stack_lvl+0x16c/0x1f0
[  906.460919][T25420]  should_fail_ex+0x512/0x640
[  906.460936][T25420]  ? __kmalloc_noprof+0xbf/0x510
[  906.460954][T25420]  ? bpf_test_init.isra.0+0x9e/0x140
[  906.460970][T25420]  should_failslab+0xc2/0x120
[  906.460980][T25420]  __kmalloc_noprof+0xd2/0x510
[  906.460995][T25420]  ? __lock_acquire+0x622/0x1c90
[  906.461011][T25420]  bpf_test_init.isra.0+0x9e/0x140
[  906.461029][T25420]  bpf_prog_test_run_xdp+0x4f0/0x1590
[  906.461046][T25420]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  906.461059][T25420]  ? folio_get+0xa0/0xa0
[  906.461076][T25420]  ? fput+0x70/0xf0
[  906.461086][T25420]  ? __bpf_prog_get+0x97/0x2a0
[  906.461100][T25420]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  906.461112][T25420]  __sys_bpf+0x1488/0x4d80
[  906.461130][T25420]  ? __pfx___sys_bpf+0x10/0x10
[  906.461146][T25420]  ? ksys_write+0x190/0x250
[  906.461163][T25420]  ? __mutex_unlock_slowpath+0x161/0x6a0
[  906.461182][T25420]  ? fput+0x70/0xf0
[  906.461192][T25420]  ? ksys_write+0x1ac/0x250
[  906.461206][T25420]  ? __pfx_ksys_write+0x10/0x10
[  906.461223][T25420]  __ia32_sys_bpf+0x76/0xe0
[  906.461233][T25420]  __do_fast_syscall_32+0x7c/0x3a0
[  906.461245][T25420]  do_fast_syscall_32+0x32/0x80
[  906.461255][T25420]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  906.461269][T25420] RIP: 0023:0xf703e579
[  906.461277][T25420] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  906.461288][T25420] RSP: 002b:00000000f502e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000165
[  906.461298][T25420] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000080000080
[  906.461304][T25420] RDX: 0000000000000050 RSI: 0000000000000000 RDI: 0000000000000000
[  906.461311][T25420] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  906.461316][T25420] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  906.461322][T25420] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  906.461336][T25420]  </TASK>
[  906.695228][T25428] fuse: Bad value for 'rootmode'
[  907.260685][ T5945] Bluetooth: hci3: command 0x0405 tx timeout
[  907.431553][T14863] Bluetooth: hci1: command 0x0c1a tx timeout
[  907.433363][ T5945] Bluetooth: hci2: command 0x0c1a tx timeout
[  907.682080][T25447] 9pnet_fd: Insufficient options for proto=fd
[  907.932917][ T6007] hid-generic 0000:0000:0000.001D: unknown main item tag 0x0
[  907.936169][ T6007] hid-generic 0000:0000:0000.001D: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  908.190112][T25458] fuse: Bad value for 'rootmode'
[  909.829521][ T5945] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  909.999856][T25481] 9pnet_virtio: no channels available for device ./file0/file0
[  910.466860][T25473] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  910.600967][T25490] fuse: Unknown parameter 'use00000000000000000000'
[  911.364189][T25512] ata1.00: non-matching transfer count (1530558389/0)
[  911.371374][T25508] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  911.375432][T25508] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[  911.531060][T25508] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  911.535134][T25508] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[  911.716006][T25515] 9pnet_fd: Insufficient options for proto=fd
[  911.777723][T25508] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  911.782270][T25508] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[  911.933912][T25508] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  911.937039][T25508] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[  912.074731][T25508] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 256 - 0
[  912.078646][T25508] netdevsim netdevsim1 eth0: set [1, 1] type 2 family 0 port 6081 - 0
[  912.089724][T25508] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 256 - 0
[  912.092394][T25508] netdevsim netdevsim1 eth1: set [1, 1] type 2 family 0 port 6081 - 0
[  912.099218][T25508] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 256 - 0
[  912.101777][T25508] netdevsim netdevsim1 eth2: set [1, 1] type 2 family 0 port 6081 - 0
[  912.108286][T25508] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 256 - 0
[  912.110918][T25508] netdevsim netdevsim1 eth3: set [1, 1] type 2 family 0 port 6081 - 0
[  912.331047][T25529] fuse: Unknown parameter 'use00000000000000000000'
[  912.544978][T25532] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(8)
[  912.547125][T25532] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  912.549616][T25532] vhci_hcd vhci_hcd.0: Device attached
[  912.764991][T25536] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  912.827797][T25536] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  912.840915][   T29] usb 41-1: new low-speed USB device number 3 using vhci_hcd
[  912.908662][T25536] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  912.971760][T25536] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  913.050495][T25536] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  913.058736][T25536] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  913.065890][T25536] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  913.072460][T25536] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  913.251990][T25533] vhci_hcd: connection reset by peer
[  913.258142][ T9386] vhci_hcd: stop threads
[  913.259568][ T9386] vhci_hcd: release socket
[  913.262218][ T9386] vhci_hcd: disconnect device
[  913.942215][T14863] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  913.944749][ T5945] Bluetooth: hci4: command 0x1003 tx timeout
[  914.004673][ T9371] Bluetooth: hci4: Frame reassembly failed (-84)
[  915.268053][T25558] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  915.599206][T20679] usb 8-1: new high-speed USB device number 61 using dummy_hcd
[  915.781926][T20679] usb 8-1: Using ep0 maxpacket: 8
[  915.785627][T20679] usb 8-1: config index 0 descriptor too short (expected 301, got 45)
[  915.788278][T20679] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  915.791416][T20679] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  915.794561][T20679] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  915.797657][T20679] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  915.801836][T20679] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  915.804785][T20679] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  916.076056][T20679] usb 8-1: usb_control_msg returned -32
[  916.077864][T20679] usbtmc 8-1:16.0: can't read capabilities
[  916.109682][T25576] netlink: 28 bytes leftover after parsing attributes in process `syz.2.6080'.
[  916.155054][T14863] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  916.156440][ T5945] Bluetooth: hci4: command 0x1003 tx timeout
[  916.973603][T25592] ata1.00: non-matching transfer count (1530558389/0)
[  917.971645][T25612] tmpfs: Unknown parameter 'quot'
[  917.984210][T25612] overlayfs: workdir and upperdir must be separate subtrees
[  918.346811][   T29] vhci_hcd: vhci_device speed not set
[  918.501565][T25615] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6090'.
[  918.560565][ T6154] usb 8-1: USB disconnect, device number 61
[  918.754374][T25629] ata1.00: non-matching transfer count (1530558389/0)
[  918.797296][T25633] overlayfs: upperdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection.
[  919.152170][T25645] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6101'.
[  919.381220][T25653] ata1.00: non-matching transfer count (1530558389/0)
[  921.984858][T25679] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6110'.
[  921.989449][T25679] netlink: 'syz.0.6110': attribute type 1 has an invalid length.
[  921.992406][T25679] netlink: 'syz.0.6110': attribute type 2 has an invalid length.
[  922.104444][T25686] CIFS mount error: No usable UNC path provided in device string!
[  922.104444][T25686] 
[  922.107569][T25686] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  922.117262][T25686] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6112'.
[  922.334993][ T6026] usb 5-1: new full-speed USB device number 59 using dummy_hcd
[  922.458679][T25694] PKCS8: Unsupported PKCS#8 version
[  922.518438][ T6026] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  922.522183][ T6026] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  922.530424][ T6026] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  922.534245][ T6026] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  922.597570][T25702] overlayfs: failed to resolve './file0': -2
[  922.859137][T25680] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  922.893970][T25708] netlink: 12 bytes leftover after parsing attributes in process `syz.3.6117'.
[  922.954222][T25708] netdevsim netdevsim3 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[  922.957311][T25708] netdevsim netdevsim3 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[  922.959861][T25708] netdevsim netdevsim3 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[  922.962492][T25708] netdevsim netdevsim3 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[  922.997256][T25708] netdevsim netdevsim3 eth0: unset [0, 0] type 1 family 0 port 8472 - 0
[  923.000089][T25708] netdevsim netdevsim3 eth1: unset [0, 0] type 1 family 0 port 8472 - 0
[  923.002739][T25708] netdevsim netdevsim3 eth2: unset [0, 0] type 1 family 0 port 8472 - 0
[  923.005401][T25708] netdevsim netdevsim3 eth3: unset [0, 0] type 1 family 0 port 8472 - 0
[  923.149778][ T6026] usb 5-1: usb_control_msg returned -32
[  923.151601][ T6026] usbtmc 5-1:16.0: can't read capabilities
[  923.175041][T25720] futex_wake_op: syz.1.6120 tries to shift op by -1; fix this program
[  923.180111][T25720] FAULT_INJECTION: forcing a failure.
[  923.180111][T25720] name failslab, interval 1, probability 0, space 0, times 0
[  923.184200][T25720] CPU: 2 UID: 0 PID: 25720 Comm: syz.1.6120 Not tainted 6.16.0-rc1-syzkaller-00004-gaef17cb3d3c4 #0 PREEMPT(full) 
[  923.184226][T25720] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  923.184233][T25720] Call Trace:
[  923.184238][T25720]  <TASK>
[  923.184242][T25720]  dump_stack_lvl+0x16c/0x1f0
[  923.184264][T25720]  should_fail_ex+0x512/0x640
[  923.184280][T25720]  ? __kmalloc_noprof+0xbf/0x510
[  923.184298][T25720]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290
[  923.184313][T25720]  should_failslab+0xc2/0x120
[  923.184324][T25720]  __kmalloc_noprof+0xd2/0x510
[  923.184339][T25720]  ? __pfx___mutex_trylock_common+0x10/0x10
[  923.184357][T25720]  genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290
[  923.184376][T25720]  genl_family_rcv_msg_doit+0xbf/0x2f0
[  923.184391][T25720]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  923.184404][T25720]  ? rcu_is_watching+0x12/0xc0
[  923.184420][T25720]  ? bpf_lsm_capable+0x9/0x10
[  923.184433][T25720]  ? security_capable+0x7e/0x260
[  923.184446][T25720]  genl_rcv_msg+0x55c/0x800
[  923.184462][T25720]  ? __pfx_genl_rcv_msg+0x10/0x10
[  923.184476][T25720]  ? __pfx_smc_pnet_flush+0x10/0x10
[  923.184494][T25720]  ? __lock_acquire+0x622/0x1c90
[  923.184509][T25720]  netlink_rcv_skb+0x155/0x420
[  923.184521][T25720]  ? __pfx_genl_rcv_msg+0x10/0x10
[  923.184536][T25720]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  923.184554][T25720]  ? netlink_deliver_tap+0x1ae/0xd30
[  923.184565][T25720]  ? is_vmalloc_addr+0x86/0xa0
[  923.184581][T25720]  genl_rcv+0x28/0x40
[  923.184593][T25720]  netlink_unicast+0x53d/0x7f0
[  923.184607][T25720]  ? __pfx_netlink_unicast+0x10/0x10
[  923.184623][T25720]  netlink_sendmsg+0x8d1/0xdd0
[  923.184637][T25720]  ? __pfx_netlink_sendmsg+0x10/0x10
[  923.184651][T25720]  ? __import_iovec+0x1dd/0x650
[  923.184665][T25720]  ____sys_sendmsg+0xa95/0xc70
[  923.184680][T25720]  ? __pfx_____sys_sendmsg+0x10/0x10
[  923.184692][T25720]  ? get_compat_msghdr+0x11a/0x170
[  923.184710][T25720]  ___sys_sendmsg+0x134/0x1d0
[  923.184728][T25720]  ? __pfx____sys_sendmsg+0x10/0x10
[  923.184751][T25720]  ? find_held_lock+0x2b/0x80
[  923.184771][T25720]  __sys_sendmsg+0x16d/0x220
[  923.184781][T25720]  ? __pfx___sys_sendmsg+0x10/0x10
[  923.184797][T25720]  ? rcu_is_watching+0x12/0xc0
[  923.184809][T25720]  __do_fast_syscall_32+0x7c/0x3a0
[  923.184821][T25720]  do_fast_syscall_32+0x32/0x80
[  923.184831][T25720]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  923.184844][T25720] RIP: 0023:0xf70ae579
[  923.184853][T25720] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  923.184863][T25720] RSP: 002b:00000000f509e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  923.184873][T25720] RAX: ffffffffffffffda RBX: 000000000000000d RCX: 0000000080000080
[  923.184880][T25720] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  923.184886][T25720] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  923.184891][T25720] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  923.184897][T25720] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  923.184911][T25720]  </TASK>
[  924.202091][T25725] fuse: Unknown parameter 'user_id00000000000000000000'
[  924.329278][T25735] netlink: 'syz.1.6127': attribute type 10 has an invalid length.
[  924.346093][T25735] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  925.589010][ T6027] usb 5-1: USB disconnect, device number 59
[  925.663896][T25757] team0: Port device ip6_vti0 added
[  925.734298][T25759] fuse: Bad value for 'fd'
[  925.974066][T25767] 9pnet_virtio: no channels available for device ./file0/file0
[  926.818926][T25773] fuse: Bad value for 'group_id'
[  926.820746][T25773] fuse: Bad value for 'group_id'
[  926.831177][T25773] NILFS (nullb0): couldn't find nilfs on the device
[  927.977884][T25797] fuse: Bad value for 'fd'
[  928.009502][T25799] overlayfs: failed to resolve './file0': -2
[  929.238541][T25815] sg_write: data in/out 1633771837/8 bytes for SCSI command 0x61-- guessing data in;
[  929.238541][T25815]    program syz.0.6146 not setting count and/or reply_len properly
[  929.245973][T25815] sg_write: process 1040 (syz.0.6146) changed security contexts after opening file descriptor, this is not allowed.
[  929.389596][T25825] fuse: Unknown parameter 'rootlod'
[  929.398511][T25826] netlink: 16402 bytes leftover after parsing attributes in process `syz.3.6149'.
[  929.403020][T25823] netlink: 16402 bytes leftover after parsing attributes in process `syz.3.6149'.
[  929.430009][T25829] ata1.00: non-matching transfer count (1530558389/0)
[  929.450643][T25831] fuse: Bad value for 'fd'
[  931.819665][T25861] syz.3.6160 (25861): attempted to duplicate a private mapping with mremap.  This is not supported.
[  931.905008][T25864] ata1.00: non-matching transfer count (1530558389/0)
[  931.971735][T25866] netlink: 28 bytes leftover after parsing attributes in process `syz.3.6162'.
[  931.974549][T25866] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6162'.
[  932.004419][T25870] overlayfs: failed to resolve './file0': -2
[  932.109359][T25874] fuse: Bad value for 'max_read'
[  932.112445][T25872] netlink: zone id is out of range
[  932.114670][T25872] netlink: zone id is out of range
[  932.116527][T25872] netlink: zone id is out of range
[  932.118316][T25872] netlink: zone id is out of range
[  932.120396][T25872] netlink: zone id is out of range
[  932.122219][T25872] netlink: zone id is out of range
[  932.123872][T25872] netlink: zone id is out of range
[  932.125489][T25872] netlink: zone id is out of range
[  932.127407][T25872] netlink: zone id is out of range
[  932.131964][T25872] netlink: zone id is out of range
[  932.139809][T25872] netlink: 12 bytes leftover after parsing attributes in process `syz.3.6165'.
[  932.158901][T25872] hsr_slave_0: left promiscuous mode
[  932.166479][T25872] hsr_slave_1: left promiscuous mode
[  933.424782][T25888] ata1.00: non-matching transfer count (1530558389/0)
[  933.664196][T25886] tipc: Started in network mode
[  933.665802][T25886] tipc: Node identity e0000001, cluster identity 4711
[  933.667919][T25886] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[  933.671366][T25886] tipc: Enabled bearer <eth:team0>, priority 10
[  933.868485][T25896] erspan0: left allmulticast mode
[  933.870261][T25896] erspan0: left promiscuous mode
[  933.871934][T25896] bridge0: port 1(erspan0) entered disabled state
[  933.884382][T25896] team0: Port device ip6_vti0 removed
[  933.890465][T25896] netlink: 'syz.0.6172': attribute type 10 has an invalid length.
[  934.735871][   T29] tipc: Node number set to 3758096385
[  935.775568][T25926] ata1.00: non-matching transfer count (1530558389/0)
[  935.805174][T25928] FAULT_INJECTION: forcing a failure.
[  935.805174][T25928] name failslab, interval 1, probability 0, space 0, times 0
[  935.809118][T25928] CPU: 1 UID: 0 PID: 25928 Comm: syz.0.6180 Not tainted 6.16.0-rc1-syzkaller-00004-gaef17cb3d3c4 #0 PREEMPT(full) 
[  935.809133][T25928] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  935.809140][T25928] Call Trace:
[  935.809144][T25928]  <TASK>
[  935.809149][T25928]  dump_stack_lvl+0x16c/0x1f0
[  935.809170][T25928]  should_fail_ex+0x512/0x640
[  935.809187][T25928]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[  935.809204][T25928]  should_failslab+0xc2/0x120
[  935.809215][T25928]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  935.809234][T25928]  ? ptlock_alloc+0x1f/0x70
[  935.809249][T25928]  ptlock_alloc+0x1f/0x70
[  935.809262][T25928]  pte_alloc_one+0x82/0x3a0
[  935.809278][T25928]  __pte_alloc+0x6d/0x3c0
[  935.809287][T25928]  ? __pfx___pte_alloc+0x10/0x10
[  935.809298][T25928]  ? _raw_spin_unlock+0x28/0x50
[  935.809312][T25928]  ? __pmd_alloc+0x3fb/0x930
[  935.809325][T25928]  __handle_mm_fault+0x4358/0x5490
[  935.809342][T25928]  ? __pfx___handle_mm_fault+0x10/0x10
[  935.809354][T25928]  ? __pfx_mt_find+0x10/0x10
[  935.809373][T25928]  ? find_vma+0xbf/0x140
[  935.809382][T25928]  ? __pfx_find_vma+0x10/0x10
[  935.809394][T25928]  handle_mm_fault+0x589/0xd10
[  935.809408][T25928]  ? __pkru_allows_pkey+0x21/0xb0
[  935.809422][T25928]  do_user_addr_fault+0x7a6/0x1370
[  935.809438][T25928]  ? rcu_is_watching+0x12/0xc0
[  935.809451][T25928]  exc_page_fault+0x5c/0xb0
[  935.809467][T25928]  asm_exc_page_fault+0x26/0x30
[  935.809477][T25928] RIP: 0010:__put_user_4+0xd/0x20
[  935.809493][T25928] Code: 66 89 01 31 c9 0f 01 ca e9 d0 5a 03 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 48 89 cb 48 c1 fb 3f 48 09 d9 0f 01 cb <89> 01 31 c9 0f 01 ca c3 cc cc cc cc 0f 1f 80 00 00 00 00 90 90 90
[  935.809504][T25928] RSP: 0018:ffffc9000d62fba8 EFLAGS: 00050206
[  935.809513][T25928] RAX: 0000000000000044 RBX: 0000000000000000 RCX: 00000000800002c0
[  935.809520][T25928] RDX: ffff88807508a440 RSI: ffffffff85527b4f RDI: ffffffff8bf55a60
[  935.809526][T25928] RBP: dffffc0000000000 R08: 6e3da4e5b782f7c8 R09: 0000000000000000
[  935.809533][T25928] R10: 0000000000000000 R11: 0000000000000001 R12: 00000000800002c0
[  935.809539][T25928] R13: 0000000000000044 R14: ffffffff8f0e19d0 R15: 0000000000000044
[  935.809550][T25928]  ? vt_do_diacrit+0x5ef/0xa00
[  935.809564][T25928]  vt_do_diacrit+0x5fa/0xa00
[  935.809577][T25928]  vt_ioctl+0x505/0x30a0
[  935.809592][T25928]  ? __pfx_vt_ioctl+0x10/0x10
[  935.809605][T25928]  ? aa_get_newest_label+0x375/0x680
[  935.809618][T25928]  ? __pfx_aa_get_newest_label+0x10/0x10
[  935.809629][T25928]  ? rcu_is_watching+0x12/0xc0
[  935.809639][T25928]  ? trace_cap_capable+0x18d/0x200
[  935.809651][T25928]  ? apparmor_capable+0x114/0x1d0
[  935.809662][T25928]  ? bpf_lsm_capable+0x9/0x10
[  935.809674][T25928]  ? security_capable+0x7e/0x260
[  935.809686][T25928]  vt_compat_ioctl+0x1c2/0x4e0
[  935.809700][T25928]  ? __pfx_vt_compat_ioctl+0x10/0x10
[  935.809713][T25928]  ? hook_file_ioctl_common+0x145/0x410
[  935.809729][T25928]  ? __fget_files+0x20e/0x3c0
[  935.809742][T25928]  ? fput+0x70/0xf0
[  935.809751][T25928]  ? __pfx_vt_compat_ioctl+0x10/0x10
[  935.809798][T25928]  tty_compat_ioctl+0x2f1/0x4d0
[  935.809813][T25928]  ? __pfx_tty_compat_ioctl+0x10/0x10
[  935.809826][T25928]  __ia32_compat_sys_ioctl+0x23f/0x370
[  935.809841][T25928]  __do_fast_syscall_32+0x7c/0x3a0
[  935.809852][T25928]  do_fast_syscall_32+0x32/0x80
[  935.809862][T25928]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  935.809875][T25928] RIP: 0023:0xf70de579
[  935.809883][T25928] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  935.809893][T25928] RSP: 002b:00000000f50ce55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  935.809902][T25928] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000004b4a
[  935.809909][T25928] RDX: 00000000800002c0 RSI: 0000000000000000 RDI: 0000000000000000
[  935.809915][T25928] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  935.809921][T25928] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  935.809926][T25928] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  935.809939][T25928]  </TASK>
[  936.294569][T25940] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6181'.
[  936.297544][T25940] netlink: 'syz.3.6181': attribute type 5 has an invalid length.
[  936.300031][T25940] netlink: 20 bytes leftover after parsing attributes in process `syz.3.6181'.
[  936.319509][T25940] netdevsim netdevsim3 eth0: set [1, 1] type 2 family 0 port 256 - 0
[  936.322148][T25940] netdevsim netdevsim3 eth1: set [1, 1] type 2 family 0 port 256 - 0
[  936.324878][T25940] netdevsim netdevsim3 eth2: set [1, 1] type 2 family 0 port 256 - 0
[  936.327622][T25940] netdevsim netdevsim3 eth3: set [1, 1] type 2 family 0 port 256 - 0
[  936.330873][T25940] geneve2: entered promiscuous mode
[  936.332602][T25940] geneve2: entered allmulticast mode
[  936.855795][ T1418] ieee802154 phy1 wpan1: encryption failed: -22
[  937.060839][T25953] ata1.00: non-matching transfer count (1530558389/0)
[  937.375893][ T6154] usb 8-1: new high-speed USB device number 62 using dummy_hcd
[  937.541196][ T6154] usb 8-1: config 0 has no interfaces?
[  937.542810][ T6154] usb 8-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  937.545382][ T6154] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  937.555160][ T6154] usb 8-1: config 0 descriptor??
[  937.772657][T14384] usb 8-1: USB disconnect, device number 62
[  937.827508][T25963] 9p: Unknown uid 00000000004294967295
[  938.237414][T25956] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  938.467378][T25972] fuse: Unknown parameter '0x0000000000000003'
[  939.157913][T25986] 9pnet_virtio: no channels available for device ./file0/file0
[  940.132996][T25998] infiniband syz1: set down
[  940.136003][T25998] infiniband syz1: added syz_tun
[  940.153018][T25998] RDS/IB: syz1: added
[  940.154301][T25998] smc: adding ib device syz1 with port count 1
[  940.156287][T25998] smc:    ib device syz1 port 1 has pnetid SYZ2 (user defined)
[  940.190157][T25999] program syz.0.6202 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  940.749153][T26009] ata1.00: non-matching transfer count (1530558389/0)
[  941.035224][ T9373] Bluetooth: hci4: Frame reassembly failed (-84)
[  941.237634][ T5957] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  941.242490][ T5957] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  941.245582][ T5957] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  941.249439][ T5957] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  941.252088][ T5957] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  942.553193][T26042] ata1.00: non-matching transfer count (1530558389/0)
[  942.582970][T26018] chnl_net:caif_netlink_parms(): no params data found
[  942.945359][T26018] bridge0: port 1(bridge_slave_0) entered blocking state
[  942.948870][T26018] bridge0: port 1(bridge_slave_0) entered disabled state
[  942.951147][T26018] bridge_slave_0: entered allmulticast mode
[  942.953797][T26018] bridge_slave_0: entered promiscuous mode
[  942.957510][T26018] bridge0: port 2(bridge_slave_1) entered blocking state
[  942.959901][T26018] bridge0: port 2(bridge_slave_1) entered disabled state
[  942.962204][T26018] bridge_slave_1: entered allmulticast mode
[  942.964839][T26018] bridge_slave_1: entered promiscuous mode
[  943.003134][T26018] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  943.008834][T26018] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  943.056165][T26018] team0: Port device team_slave_0 added
[  943.062682][T26018] team0: Port device team_slave_1 added
[  943.066844][T26054] FAULT_INJECTION: forcing a failure.
[  943.066844][T26054] name failslab, interval 1, probability 0, space 0, times 0
[  943.071700][T26054] CPU: 3 UID: 0 PID: 26054 Comm: syz.3.6216 Not tainted 6.16.0-rc1-syzkaller-00004-gaef17cb3d3c4 #0 PREEMPT(full) 
[  943.071725][T26054] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  943.071736][T26054] Call Trace:
[  943.071743][T26054]  <TASK>
[  943.071751][T26054]  dump_stack_lvl+0x16c/0x1f0
[  943.071782][T26054]  should_fail_ex+0x512/0x640
[  943.071808][T26054]  ? __kmalloc_cache_noprof+0x57/0x3e0
[  943.071833][T26054]  should_failslab+0xc2/0x120
[  943.071849][T26054]  __kmalloc_cache_noprof+0x6a/0x3e0
[  943.071868][T26054]  ? __asan_memset+0x23/0x50
[  943.071887][T26054]  ? snd_pcm_oss_change_params_locked+0x6f4/0x3a30
[  943.071912][T26054]  snd_pcm_oss_change_params_locked+0x6f4/0x3a30
[  943.071933][T26054]  ? rcu_is_watching+0x12/0xc0
[  943.071952][T26054]  ? lockdep_hardirqs_on+0x7c/0x110
[  943.071999][T26054]  ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10
[  943.072023][T26054]  ? __pfx___mutex_lock+0x10/0x10
[  943.072041][T26054]  ? tomoyo_path_number_perm+0x295/0x580
[  943.072079][T26054]  snd_pcm_oss_get_active_substream+0x168/0x1d0
[  943.072106][T26054]  snd_pcm_oss_get_formats+0x7e/0x340
[  943.072124][T26054]  ? find_held_lock+0x2b/0x80
[  943.072142][T26054]  ? __pfx_snd_pcm_oss_get_formats+0x10/0x10
[  943.072162][T26054]  ? __might_fault+0x13b/0x190
[  943.072190][T26054]  snd_pcm_oss_ioctl+0x2efb/0x37a0
[  943.072209][T26054]  ? find_held_lock+0x2b/0x80
[  943.072223][T26054]  ? hook_file_ioctl_common+0x145/0x410
[  943.072241][T26054]  ? __pfx_snd_pcm_oss_ioctl+0x10/0x10
[  943.072263][T26054]  ? __fget_files+0x20e/0x3c0
[  943.072285][T26054]  ? fput+0x70/0xf0
[  943.072307][T26054]  ? __pfx_snd_pcm_oss_ioctl_compat+0x10/0x10
[  943.072330][T26054]  __ia32_compat_sys_ioctl+0x23f/0x370
[  943.072355][T26054]  __do_fast_syscall_32+0x7c/0x3a0
[  943.072374][T26054]  do_fast_syscall_32+0x32/0x80
[  943.072393][T26054]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  943.072415][T26054] RIP: 0023:0xf709e579
[  943.072427][T26054] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  943.072443][T26054] RSP: 002b:00000000f508e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  943.072459][T26054] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c0045005
[  943.072469][T26054] RDX: 0000000080000640 RSI: 0000000000000000 RDI: 0000000000000000
[  943.072479][T26054] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  943.072488][T26054] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  943.072497][T26054] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  943.072519][T26054]  </TASK>
[  943.182755][ T5305] Bluetooth: hci4: command 0x1003 tx timeout
[  943.183547][ T5945] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  943.204500][T26018] batman_adv: batadv0: Adding interface: batadv_slave_0
[  943.206833][T26018] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  943.215903][T26018] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  943.220400][T26018] batman_adv: batadv0: Adding interface: batadv_slave_1
[  943.222392][T26018] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  943.230553][T26018] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  943.300461][T26018] hsr_slave_0: entered promiscuous mode
[  943.303089][T26018] hsr_slave_1: entered promiscuous mode
[  943.437581][ T5945] Bluetooth: hci5: command tx timeout
[  943.556206][T26018] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  943.566395][T26018] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  943.572708][T26062] fuse: Unknown parameter 'permit_directio'
[  943.574458][T26018] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  943.590777][T26018] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  943.654709][T26018] bridge0: port 2(bridge_slave_1) entered blocking state
[  943.658022][T26018] bridge0: port 2(bridge_slave_1) entered forwarding state
[  943.661296][T26018] bridge0: port 1(bridge_slave_0) entered blocking state
[  943.664566][T26018] bridge0: port 1(bridge_slave_0) entered forwarding state
[  943.708217][   T46] bridge0: port 1(bridge_slave_0) entered disabled state
[  943.711789][   T46] bridge0: port 2(bridge_slave_1) entered disabled state
[  943.791237][T26018] 8021q: adding VLAN 0 to HW filter on device bond0
[  943.827058][T26018] 8021q: adding VLAN 0 to HW filter on device team0
[  943.833817][ T6027] usb 5-1: new high-speed USB device number 60 using dummy_hcd
[  943.894626][ T9395] bridge0: port 1(bridge_slave_0) entered blocking state
[  943.897007][ T9395] bridge0: port 1(bridge_slave_0) entered forwarding state
[  943.946452][   T46] bridge0: port 2(bridge_slave_1) entered blocking state
[  943.949494][   T46] bridge0: port 2(bridge_slave_1) entered forwarding state
[  943.994605][ T6027] usb 5-1: Using ep0 maxpacket: 8
[  943.997506][ T6027] usb 5-1: config index 0 descriptor too short (expected 301, got 45)
[  944.000137][ T6027] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  944.003154][ T6027] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  944.006718][ T6027] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  944.010438][ T6027] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  944.017492][ T6027] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  944.021062][ T6027] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  944.214987][T26018] 8021q: adding VLAN 0 to HW filter on device batadv0
[  944.390441][T26018] veth0_vlan: entered promiscuous mode
[  944.396224][T26018] veth1_vlan: entered promiscuous mode
[  944.423602][T26018] veth0_macvtap: entered promiscuous mode
[  944.428188][T26018] veth1_macvtap: entered promiscuous mode
[  944.439459][T26018] batman_adv: batadv0: Interface activated: batadv_slave_0
[  944.454722][T26018] batman_adv: batadv0: Interface activated: batadv_slave_1
[  944.459691][T26018] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  944.462497][T26018] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  944.467231][T26018] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  944.470987][T26018] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  944.544898][ T9395] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  944.547484][ T9395] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  944.573201][ T9371] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  944.575830][ T9371] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  944.624688][T26093] fuse: Unknown parameter '0x0000000000000003'
[  944.966368][   T24] usb 9-1: new low-speed USB device number 2 using dummy_hcd
[  945.129043][   T24] usb 9-1: config 0 has an invalid interface number: 55 but max is 0
[  945.132766][   T24] usb 9-1: config 0 has no interface number 0
[  945.136775][   T24] usb 9-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  945.142545][   T24] usb 9-1: config 0 interface 55 altsetting 0 endpoint 0xE has invalid maxpacket 32, setting to 8
[  945.146459][   T24] usb 9-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  945.152939][   T24] usb 9-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10
[  945.157635][   T24] usb 9-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 8
[  945.162975][   T24] usb 9-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  945.168444][   T24] usb 9-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  945.172540][   T24] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  945.179037][   T24] usb 9-1: config 0 descriptor??
[  945.182947][T26100] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  945.186230][T26100] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  945.193478][   T24] ldusb 9-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  945.277652][T21108] kernel read not supported for file /dsp1 (pid: 21108 comm: kworker/3:0)
[  945.388107][T26109] fuse: Unknown parameter 'permit_directio'
[  945.405487][   T29] usb 9-1: USB disconnect, device number 2
[  945.408788][   T29] ldusb 9-1:0.55: LD USB Device #0 now disconnected
[  945.444264][T26113] netlink: 'syz.2.6230': attribute type 3 has an invalid length.
[  945.447696][T26113] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.6230'.
[  945.661323][ T5945] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  945.661746][ T5305] Bluetooth: hci5: command tx timeout
[  946.182607][T26120] loop6: detected capacity change from 0 to 63
[  946.251787][T26120] Buffer I/O error on dev loop6, logical block 0, async page read
[  946.255933][T26120] Buffer I/O error on dev loop6, logical block 1, async page read
[  946.259354][T26120] Buffer I/O error on dev loop6, logical block 2, async page read
[  946.263226][T26120] Buffer I/O error on dev loop6, logical block 3, async page read
[  946.267173][T26120] Buffer I/O error on dev loop6, logical block 0, async page read
[  946.274376][T26120] Buffer I/O error on dev loop6, logical block 1, async page read
[  946.277927][T26120] Buffer I/O error on dev loop6, logical block 2, async page read
[  946.281487][T26120] Buffer I/O error on dev loop6, logical block 3, async page read
[  946.285258][T26120] Buffer I/O error on dev loop6, logical block 0, async page read
[  946.288934][T26120] Buffer I/O error on dev loop6, logical block 1, async page read
[  946.472110][T26124] fuse: Unknown parameter '0x0000000000000003'
[  946.740978][T21223] usb 8-1: new high-speed USB device number 63 using dummy_hcd
[  946.836930][ T6027] usb 5-1: usb_control_msg returned -71
[  946.843945][ T6027] usbtmc 5-1:16.0: can't read capabilities
[  946.879349][ T6027] usb 5-1: USB disconnect, device number 60
[  946.913452][T26138] netlink: 'syz.0.6238': attribute type 3 has an invalid length.
[  946.924373][T21223] usb 8-1: config index 0 descriptor too short (expected 45, got 36)
[  946.927031][T21223] usb 8-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 21
[  946.932067][T21223] usb 8-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  946.935699][T21223] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  946.939615][T21223] usb 8-1: config 0 descriptor??
[  946.944039][T21223] usbhid 8-1:0.0: couldn't find an input interrupt endpoint
[  947.179251][T21108] kernel read not supported for file /dsp1 (pid: 21108 comm: kworker/3:0)
[  947.888500][ T5945] Bluetooth: hci5: command tx timeout
[  947.888775][   T29] usb 8-1: USB disconnect, device number 63
[  948.294783][T26148] fuse: Unknown parameter 'fd0x0000000000000003'
[  948.668997][T26161] tipc: Started in network mode
[  948.672169][T26161] tipc: Node identity fa71866b644, cluster identity 4711
[  948.675153][T26161] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  948.678756][T26157] FAULT_INJECTION: forcing a failure.
[  948.678756][T26157] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  948.683985][T26157] CPU: 1 UID: 0 PID: 26157 Comm: syz.4.6246 Not tainted 6.16.0-rc1-syzkaller-00004-gaef17cb3d3c4 #0 PREEMPT(full) 
[  948.684010][T26157] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  948.684020][T26157] Call Trace:
[  948.684027][T26157]  <TASK>
[  948.684033][T26157]  dump_stack_lvl+0x16c/0x1f0
[  948.684062][T26157]  should_fail_ex+0x512/0x640
[  948.684091][T26157]  _copy_to_user+0x32/0xd0
[  948.684111][T26157]  simple_read_from_buffer+0xcb/0x170
[  948.684139][T26157]  proc_fail_nth_read+0x197/0x270
[  948.684162][T26157]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  948.684183][T26157]  ? rw_verify_area+0xcf/0x680
[  948.684202][T26157]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  948.684221][T26157]  vfs_read+0x1e4/0xc60
[  948.684246][T26157]  ? fdget_pos+0x2a2/0x370
[  948.684268][T26157]  ? __pfx_vfs_read+0x10/0x10
[  948.684288][T26157]  ? find_held_lock+0x2b/0x80
[  948.684317][T26157]  ? __fget_files+0x20e/0x3c0
[  948.684349][T26157]  ksys_read+0x12a/0x250
[  948.684372][T26157]  ? __pfx_ksys_read+0x10/0x10
[  948.684395][T26157]  ? rcu_is_watching+0x12/0xc0
[  948.684415][T26157]  __do_fast_syscall_32+0x7c/0x3a0
[  948.684434][T26157]  do_fast_syscall_32+0x32/0x80
[  948.684457][T26157]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  948.684481][T26157] RIP: 0023:0xf7fd3579
[  948.684493][T26157] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  948.684508][T26157] RSP: 002b:00000000f50f6590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  948.684525][T26157] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 00000000f50f6620
[  948.684538][T26157] RDX: 000000000000000f RSI: 00000000f7462ff4 RDI: 0000000000000000
[  948.684549][T26157] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  948.684559][T26157] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  948.684568][T26157] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  948.684591][T26157]  </TASK>
[  948.760043][T26157] tipc: Resetting bearer <eth:syzkaller0>
[  948.846621][T26166] FAULT_INJECTION: forcing a failure.
[  948.846621][T26166] name failslab, interval 1, probability 0, space 0, times 0
[  948.850745][T26166] CPU: 2 UID: 0 PID: 26166 Comm: syz.2.6248 Not tainted 6.16.0-rc1-syzkaller-00004-gaef17cb3d3c4 #0 PREEMPT(full) 
[  948.850761][T26166] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  948.850768][T26166] Call Trace:
[  948.850773][T26166]  <TASK>
[  948.850777][T26166]  dump_stack_lvl+0x16c/0x1f0
[  948.850798][T26166]  should_fail_ex+0x512/0x640
[  948.850814][T26166]  ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0
[  948.850832][T26166]  should_failslab+0xc2/0x120
[  948.850843][T26166]  kmem_cache_alloc_lru_noprof+0x72/0x3b0
[  948.850859][T26166]  ? sock_alloc_inode+0x25/0x1c0
[  948.850874][T26166]  ? __pfx_sock_alloc_inode+0x10/0x10
[  948.850890][T26166]  sock_alloc_inode+0x25/0x1c0
[  948.850901][T26166]  alloc_inode+0x61/0x240
[  948.850913][T26166]  sock_alloc+0x40/0x280
[  948.850924][T26166]  do_accept+0xf7/0x530
[  948.850938][T26166]  ? do_raw_spin_lock+0x12c/0x2b0
[  948.850954][T26166]  ? __pfx_do_accept+0x10/0x10
[  948.850977][T26166]  io_accept+0x259/0x950
[  948.850996][T26166]  ? __pfx_io_accept+0x10/0x10
[  948.851015][T26166]  __io_issue_sqe+0xe5/0x7c0
[  948.851027][T26166]  io_issue_sqe+0x86/0xe50
[  948.851043][T26166]  io_submit_sqes+0x92d/0x2580
[  948.851064][T26166]  __do_sys_io_uring_enter+0xd6a/0x1630
[  948.851080][T26166]  ? __fget_files+0x20e/0x3c0
[  948.851094][T26166]  ? __pfx___do_sys_io_uring_enter+0x10/0x10
[  948.851110][T26166]  ? fput+0x70/0xf0
[  948.851120][T26166]  ? ksys_write+0x1ac/0x250
[  948.851134][T26166]  ? __pfx_ksys_write+0x10/0x10
[  948.851150][T26166]  ? rcu_is_watching+0x12/0xc0
[  948.851162][T26166]  __do_fast_syscall_32+0x7c/0x3a0
[  948.851174][T26166]  do_fast_syscall_32+0x32/0x80
[  948.851184][T26166]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  948.851198][T26166] RIP: 0023:0xf703e579
[  948.851206][T26166] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  948.851216][T26166] RSP: 002b:00000000f502e55c EFLAGS: 00000296 ORIG_RAX: 00000000000001aa
[  948.851226][T26166] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000003517
[  948.851233][T26166] RDX: 000000000000c2de RSI: 0000000000000009 RDI: 0000000000000000
[  948.851242][T26166] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  948.851251][T26166] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  948.851259][T26166] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  948.851281][T26166]  </TASK>
[  948.959112][T26168] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  949.022108][T26172] 9pnet_fd: Insufficient options for proto=fd
[  949.815708][  T837] tipc: Node number set to 2654045803
[  950.120232][ T5945] Bluetooth: hci5: command tx timeout
[  950.300374][T26185] FAULT_INJECTION: forcing a failure.
[  950.300374][T26185] name failslab, interval 1, probability 0, space 0, times 0
[  950.311020][T26185] CPU: 0 UID: 0 PID: 26185 Comm: syz.2.6254 Not tainted 6.16.0-rc1-syzkaller-00004-gaef17cb3d3c4 #0 PREEMPT(full) 
[  950.311048][T26185] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  950.311058][T26185] Call Trace:
[  950.311064][T26185]  <TASK>
[  950.311071][T26185]  dump_stack_lvl+0x16c/0x1f0
[  950.311101][T26185]  should_fail_ex+0x512/0x640
[  950.311126][T26185]  ? __kmalloc_noprof+0xbf/0x510
[  950.311151][T26185]  ? fuse_io_alloc+0x92/0x150
[  950.311165][T26185]  should_failslab+0xc2/0x120
[  950.311180][T26185]  __kmalloc_noprof+0xd2/0x510
[  950.311201][T26185]  ? kasan_save_track+0x14/0x30
[  950.311225][T26185]  fuse_io_alloc+0x92/0x150
[  950.311240][T26185]  fuse_direct_io+0x2fa/0x24f0
[  950.311276][T26185]  ? __pfx_fuse_direct_io+0x10/0x10
[  950.311297][T26185]  ? lockdep_init_map_type+0x5c/0x280
[  950.311323][T26185]  fuse_direct_IO+0x624/0xf40
[  950.311347][T26185]  ? __pfx_aio_complete_rw+0x10/0x10
[  950.311370][T26185]  ? __pfx_fuse_direct_IO+0x10/0x10
[  950.311408][T26185]  ? __pfx___might_resched+0x10/0x10
[  950.311425][T26185]  ? generic_write_check_limits+0x1f1/0x290
[  950.311453][T26185]  ? aa_file_perm+0x4d6/0xfb0
[  950.311478][T26185]  fuse_direct_write_iter+0x4c7/0x840
[  950.311496][T26185]  ? register_lock_class+0x41/0x4c0
[  950.311519][T26185]  ? __pfx_fuse_direct_write_iter+0x10/0x10
[  950.311540][T26185]  ? __lock_acquire+0xb8a/0x1c90
[  950.311565][T26185]  ? kasan_save_stack+0x42/0x60
[  950.311598][T26185]  fuse_file_write_iter+0x66c/0x950
[  950.311619][T26185]  aio_write+0x3b6/0x910
[  950.311641][T26185]  ? __pfx_aio_write+0x10/0x10
[  950.311660][T26185]  ? __lock_acquire+0xb8a/0x1c90
[  950.311694][T26185]  ? __might_fault+0xe3/0x190
[  950.311715][T26185]  ? __might_fault+0x13b/0x190
[  950.311742][T26185]  ? io_submit_one+0x1243/0x1df0
[  950.311761][T26185]  io_submit_one+0x1243/0x1df0
[  950.311784][T26185]  ? __lock_acquire+0xb8a/0x1c90
[  950.311813][T26185]  ? __pfx_io_submit_one+0x10/0x10
[  950.311840][T26185]  ? __might_fault+0xe3/0x190
[  950.311862][T26185]  ? __might_fault+0x13b/0x190
[  950.311887][T26185]  ? __ia32_compat_sys_io_submit+0x1ad/0x3a0
[  950.311907][T26185]  __ia32_compat_sys_io_submit+0x1ad/0x3a0
[  950.311935][T26185]  ? __pfx___ia32_compat_sys_io_submit+0x10/0x10
[  950.311963][T26185]  ? rcu_is_watching+0x12/0xc0
[  950.311977][T26185]  ? syscall_enter_from_user_mode_prepare+0x68/0xe0
[  950.312003][T26185]  __do_fast_syscall_32+0x7c/0x3a0
[  950.312020][T26185]  do_fast_syscall_32+0x32/0x80
[  950.312034][T26185]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  950.312052][T26185] RIP: 0023:0xf703e579
[  950.312065][T26185] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  950.312080][T26185] RSP: 002b:00000000f502e55c EFLAGS: 00000296 ORIG_RAX: 00000000000000f8
[  950.312096][T26185] RAX: ffffffffffffffda RBX: 00000000f4fe4000 RCX: 000000000000047f
[  950.312106][T26185] RDX: 0000000080000780 RSI: 0000000000000000 RDI: 0000000000000000
[  950.312115][T26185] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  950.312123][T26185] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  950.312132][T26185] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  950.312153][T26185]  </TASK>
[  950.563291][T26157] tipc: Disabling bearer <eth:syzkaller0>
[  950.666792][T26191] ata1.00: non-matching transfer count (1530558389/0)
[  950.784598][T26197] misc userio: The device must be registered before sending interrupts
[  950.814013][T26199] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6261'.
[  951.122320][T26217] ata1.00: non-matching transfer count (1530558389/0)
[  951.418323][T26228] FAULT_INJECTION: forcing a failure.
[  951.418323][T26228] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  951.422514][T26228] CPU: 1 UID: 0 PID: 26228 Comm: syz.4.6269 Not tainted 6.16.0-rc1-syzkaller-00004-gaef17cb3d3c4 #0 PREEMPT(full) 
[  951.422530][T26228] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  951.422537][T26228] Call Trace:
[  951.422544][T26228]  <TASK>
[  951.422549][T26228]  dump_stack_lvl+0x16c/0x1f0
[  951.422572][T26228]  should_fail_ex+0x512/0x640
[  951.422590][T26228]  _copy_to_user+0x32/0xd0
[  951.422602][T26228]  simple_read_from_buffer+0xcb/0x170
[  951.422617][T26228]  proc_fail_nth_read+0x197/0x270
[  951.422630][T26228]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  951.422644][T26228]  ? rw_verify_area+0xcf/0x680
[  951.422658][T26228]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  951.422675][T26228]  vfs_read+0x1e4/0xc60
[  951.422690][T26228]  ? fdget_pos+0x2a2/0x370
[  951.422706][T26228]  ? __pfx_vfs_read+0x10/0x10
[  951.422719][T26228]  ? find_held_lock+0x2b/0x80
[  951.422733][T26228]  ? __fget_files+0x20e/0x3c0
[  951.422751][T26228]  ksys_read+0x12a/0x250
[  951.422765][T26228]  ? __pfx_ksys_read+0x10/0x10
[  951.422781][T26228]  ? rcu_is_watching+0x12/0xc0
[  951.422793][T26228]  __do_fast_syscall_32+0x7c/0x3a0
[  951.422805][T26228]  do_fast_syscall_32+0x32/0x80
[  951.422815][T26228]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  951.422829][T26228] RIP: 0023:0xf7fd3579
[  951.422837][T26228] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  951.422847][T26228] RSP: 002b:00000000f50d5590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  951.422862][T26228] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f50d5620
[  951.422869][T26228] RDX: 000000000000000f RSI: 00000000f7462ff4 RDI: 0000000000000000
[  951.422876][T26228] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  951.422881][T26228] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  951.422887][T26228] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  951.422900][T26228]  </TASK>
[  951.484204][    C1] vkms_vblank_simulate: vblank timer overrun
[  951.592426][T26236] net_ratelimit: 195 callbacks suppressed
[  951.592437][T26236] openvswitch: netlink: Duplicate key (type 0).
[  951.610173][T26238] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6271'.
[  951.915125][ T6154] usb 9-1: new high-speed USB device number 3 using dummy_hcd
[  952.054087][ T6154] usb 9-1: device descriptor read/64, error -71
[  952.078532][T26252] ata1.00: non-matching transfer count (1530558389/0)
[  952.310671][ T6154] usb 9-1: new high-speed USB device number 4 using dummy_hcd
[  952.449739][ T6154] usb 9-1: device descriptor read/64, error -71
[  952.567604][ T6154] usb usb9-port1: attempt power cycle
[  952.930701][ T6154] usb 9-1: new high-speed USB device number 5 using dummy_hcd
[  952.953621][ T6154] usb 9-1: device descriptor read/8, error -71
[  953.104278][T26267] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6283'.
[  953.219594][ T6154] usb 9-1: new high-speed USB device number 6 using dummy_hcd
[  953.242524][ T6154] usb 9-1: device descriptor read/8, error -71
[  953.337477][T26273] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  953.342046][T26272] tipc: Resetting bearer <eth:syzkaller0>
[  953.358961][ T6154] usb usb9-port1: unable to enumerate USB device
[  953.452780][T26275] ata1.00: non-matching transfer count (1530558389/0)
[  954.761095][T26272] tipc: Disabling bearer <eth:syzkaller0>
[  955.475069][ T6154] usb 7-1: new high-speed USB device number 82 using dummy_hcd
[  955.659737][ T6154] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  955.663478][ T6154] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  955.666784][ T6154] usb 7-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[  955.669969][ T6154] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  955.675295][ T6154] usb 7-1: config 0 descriptor??
[  955.922715][T26301] ata1.00: non-matching transfer count (1530558389/0)
[  956.125958][ T6154] cm6533_jd 0003:0D8C:0022.001E: unknown main item tag 0x0
[  956.128877][ T6154] cm6533_jd 0003:0D8C:0022.001E: unknown main item tag 0x0
[  956.132482][ T6154] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:0.0/0003:0D8C:0022.001E/input/input42
[  956.141260][ T6154] cm6533_jd 0003:0D8C:0022.001E: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.2-1/input0
[  956.339384][T26297] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  956.342938][T26297] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  956.351763][T26317] random: crng reseeded on system resumption
[  956.392142][T26317] binder: 26311:26317 ioctl c0306201 80000180 returned -14
[  957.442227][T26332] 9pnet_virtio: no channels available for device ./file0/file0
[  957.463591][T21108] usb 7-1: reset high-speed USB device number 82 using dummy_hcd
[  958.341542][T26343] Invalid source name
[  958.693046][T21223] usb 9-1: new high-speed USB device number 7 using dummy_hcd
[  958.855299][T21223] usb 9-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  958.858261][T21223] usb 9-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  958.861321][T21223] usb 9-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  958.867485][T21223] usb 9-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  958.870240][T21223] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  958.872743][T21223] usb 9-1: Product: syz
[  958.874091][T21223] usb 9-1: Manufacturer: syz
[  958.875648][T21223] usb 9-1: SerialNumber: syz
[  958.879561][T21223] hub 9-1:1.0: bad descriptor, ignoring hub
[  958.881427][T21223] hub 9-1:1.0: probe with driver hub failed with error -5
[  959.101459][T21223] usblp 9-1:1.0: usblp1: USB Unidirectional printer dev 7 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[  959.228622][ T6154] usb 7-1: USB disconnect, device number 82
[  959.313972][T26354] xt_CT: You must specify a L4 protocol and not use inversions on it
[  959.431993][T21223] usb 9-1: USB disconnect, device number 7
[  959.452519][T21223] usblp1: removed
[  959.954230][T26363] 9pnet_virtio: no channels available for device ./file0/file0
[  960.279486][T26369] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6316'.
[  960.314350][ T6154] libceph: connect (1)[c::]:6789 error -101
[  960.333086][ T6154] libceph: mon0 (1)[c::]:6789 connect error
[  960.542562][ T5945] Bluetooth: hci5: Controller not accepting commands anymore: ncmd = 0
[  960.547195][ T5945] Bluetooth: hci5: Injecting HCI hardware error event
[  960.552456][ T5945] Bluetooth: hci5: hardware error 0x00
[  960.610887][ T6154] libceph: connect (1)[c::]:6789 error -101
[  960.613508][ T6154] libceph: mon0 (1)[c::]:6789 connect error
[  961.152111][ T6154] libceph: connect (1)[c::]:6789 error -101
[  961.155463][ T6154] libceph: mon0 (1)[c::]:6789 connect error
[  961.183937][  T837] usb 7-1: new high-speed USB device number 83 using dummy_hcd
[  961.292292][T26369] ceph: No mds server is up or the cluster is laggy
[  961.338847][  T837] usb 7-1: device descriptor read/64, error -71
[  961.600962][  T837] usb 7-1: new high-speed USB device number 84 using dummy_hcd
[  961.675843][T21223] usb 9-1: new high-speed USB device number 8 using dummy_hcd
[  961.739844][  T837] usb 7-1: device descriptor read/64, error -71
[  961.837476][T21223] usb 9-1: too many configurations: 13, using maximum allowed: 8
[  961.840771][T21223] usb 9-1: config 0 has no interfaces?
[  961.843310][T21223] usb 9-1: config 0 has no interfaces?
[  961.845787][T21223] usb 9-1: config 0 has no interfaces?
[  961.849080][T21223] usb 9-1: config 0 has no interfaces?
[  961.851660][T21223] usb 9-1: config 0 has no interfaces?
[  961.854180][T21223] usb 9-1: config 0 has no interfaces?
[  961.856874][T21223] usb 9-1: config 0 has no interfaces?
[  961.859248][  T837] usb usb7-port1: attempt power cycle
[  961.861638][T21223] usb 9-1: config 0 has no interfaces?
[  961.865481][T21223] usb 9-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  961.869100][T21223] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  961.871577][T21223] usb 9-1: Product: syz
[  961.872904][T21223] usb 9-1: Manufacturer: syz
[  961.874405][T21223] usb 9-1: SerialNumber: syz
[  961.877226][T21223] usb 9-1: config 0 descriptor??
[  962.105209][T21223] usb 9-1: USB disconnect, device number 8
[  962.220909][  T837] usb 7-1: new high-speed USB device number 85 using dummy_hcd
[  962.244827][  T837] usb 7-1: device descriptor read/8, error -71
[  962.509615][  T837] usb 7-1: new high-speed USB device number 86 using dummy_hcd
[  962.532063][  T837] usb 7-1: device descriptor read/8, error -71
[  962.661854][  T837] usb usb7-port1: unable to enumerate USB device
[  962.777106][ T5945] Bluetooth: hci5: Opcode 0x0c03 failed: -110
[  962.798237][   T29] usb 9-1: new high-speed USB device number 9 using dummy_hcd
[  962.958509][   T29] usb 9-1: Using ep0 maxpacket: 32
[  962.962464][   T29] usb 9-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  962.968805][   T29] usb 9-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  962.972719][   T29] usb 9-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  962.976201][   T29] usb 9-1: Product: syz
[  962.978052][   T29] usb 9-1: Manufacturer: syz
[  962.980113][   T29] usb 9-1: SerialNumber: syz
[  962.984212][   T29] usb 9-1: config 0 descriptor??
[  962.987108][T26395] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  963.233562][T26407] netlink: 4768 bytes leftover after parsing attributes in process `syz.0.6326'.
[  963.306322][T26408] xt_HMARK: proto mask must be zero with L3 mode
[  963.430654][  T837] usb 9-1: USB disconnect, device number 9
[  963.620778][T26410] 9pnet_virtio: no channels available for device ./file0/file0
[  964.285131][   T29] usb 9-1: new high-speed USB device number 10 using dummy_hcd
[  964.444500][   T29] usb 9-1: Using ep0 maxpacket: 32
[  964.449916][   T29] usb 9-1: config 32 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  964.453900][   T29] usb 9-1: config 32 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  964.457134][   T29] usb 9-1: config 32 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  964.461195][   T29] usb 9-1: New USB device found, idVendor=0458, idProduct=5011, bcdDevice= 0.00
[  964.464108][   T29] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  964.865185][ T6008] usb 5-1: new high-speed USB device number 61 using dummy_hcd
[  965.043230][ T6008] usb 5-1: Using ep0 maxpacket: 32
[  965.047310][ T6008] usb 5-1: config 32 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  965.051029][ T6008] usb 5-1: config 32 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  965.054670][ T6008] usb 5-1: config 32 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  965.059335][ T6008] usb 5-1: New USB device found, idVendor=0458, idProduct=5011, bcdDevice= 0.00
[  965.062562][ T6008] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  965.132334][   T29] usbhid 9-1:32.0: can't add hid device: -71
[  965.135149][   T29] usbhid 9-1:32.0: probe with driver usbhid failed with error -71
[  965.139731][   T29] usb 9-1: USB disconnect, device number 10
[  965.732986][T26425] FAULT_INJECTION: forcing a failure.
[  965.732986][T26425] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  965.759427][T26425] CPU: 1 UID: 0 PID: 26425 Comm: syz.0.6332 Not tainted 6.16.0-rc1-syzkaller-00004-gaef17cb3d3c4 #0 PREEMPT(full) 
[  965.759445][T26425] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  965.759453][T26425] Call Trace:
[  965.759457][T26425]  <TASK>
[  965.759462][T26425]  dump_stack_lvl+0x16c/0x1f0
[  965.759483][T26425]  should_fail_ex+0x512/0x640
[  965.759503][T26425]  should_fail_alloc_page+0xe7/0x130
[  965.759515][T26425]  prepare_alloc_pages+0x3c2/0x610
[  965.759543][T26425]  __alloc_frozen_pages_noprof+0x18b/0x23f0
[  965.759562][T26425]  ? mark_held_locks+0x49/0x80
[  965.759576][T26425]  ? finish_task_switch.isra.0+0x221/0xc10
[  965.759587][T26425]  ? lockdep_hardirqs_on+0x7c/0x110
[  965.759603][T26425]  ? finish_task_switch.isra.0+0x221/0xc10
[  965.759614][T26425]  ? rcu_is_watching+0x12/0xc0
[  965.759626][T26425]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  965.759646][T26425]  ? register_lock_class+0x41/0x4c0
[  965.759663][T26425]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  965.759680][T26425]  ? policy_nodemask+0xea/0x4e0
[  965.759692][T26425]  alloc_pages_mpol+0x1fb/0x550
[  965.759702][T26425]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  965.759713][T26425]  ? irqentry_exit+0x3b/0x90
[  965.759728][T26425]  ? lockdep_hardirqs_on+0x7c/0x110
[  965.759745][T26425]  alloc_pages_noprof+0x131/0x390
[  965.759756][T26425]  pte_alloc_one+0x1c/0x3a0
[  965.759772][T26425]  __pte_alloc+0x6d/0x3c0
[  965.759783][T26425]  ? __pfx___pte_alloc+0x10/0x10
[  965.759798][T26425]  ? mm_alloc_pmd+0x250/0x470
[  965.759808][T26425]  ? mm_alloc_pmd+0x2c2/0x470
[  965.759819][T26425]  mfill_atomic_poison+0xe00/0x18e0
[  965.759834][T26425]  ? find_held_lock+0x2b/0x80
[  965.759843][T26425]  ? __might_fault+0xe3/0x190
[  965.759858][T26425]  ? __might_fault+0xe3/0x190
[  965.759871][T26425]  ? __might_fault+0x13b/0x190
[  965.759886][T26425]  ? __pfx_mfill_atomic_poison+0x10/0x10
[  965.759901][T26425]  userfaultfd_ioctl+0x10a7/0x38e0
[  965.759914][T26425]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  965.759928][T26425]  ? __pfx_userfaultfd_ioctl+0x10/0x10
[  965.759946][T26425]  ? find_held_lock+0x2b/0x80
[  965.759956][T26425]  ? hook_file_ioctl_common+0x145/0x410
[  965.759971][T26425]  ? __fget_files+0x20e/0x3c0
[  965.759984][T26425]  ? fput+0x70/0xf0
[  965.759994][T26425]  ? __pfx_userfaultfd_ioctl+0x10/0x10
[  965.760006][T26425]  ? compat_ptr_ioctl+0x6e/0xa0
[  965.760017][T26425]  compat_ptr_ioctl+0x6e/0xa0
[  965.760028][T26425]  ? __pfx_compat_ptr_ioctl+0x10/0x10
[  965.760039][T26425]  __ia32_compat_sys_ioctl+0x23f/0x370
[  965.760054][T26425]  __do_fast_syscall_32+0x7c/0x3a0
[  965.760065][T26425]  do_fast_syscall_32+0x32/0x80
[  965.760075][T26425]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  965.760089][T26425] RIP: 0023:0xf70de579
[  965.760097][T26425] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  965.760107][T26425] RSP: 002b:00000000f50ce55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  965.760118][T26425] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000c020aa08
[  965.760125][T26425] RDX: 0000000080000080 RSI: 0000000000000000 RDI: 0000000000000000
[  965.760131][T26425] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  965.760136][T26425] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  965.760142][T26425] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  965.760155][T26425]  </TASK>
[  965.879236][ T6008] usbhid 5-1:32.0: can't add hid device: -71
[  965.881213][ T6008] usbhid 5-1:32.0: probe with driver usbhid failed with error -71
[  965.885134][ T6008] usb 5-1: USB disconnect, device number 61
[  966.462071][ T6008] ==================================================================
[  966.465258][ T6008] BUG: KASAN: slab-use-after-free in __mutex_lock+0xa65/0xb90
[  966.468204][ T6008] Read of size 8 at addr ffff888021484320 by task kworker/1:4/6008
[  966.472431][ T6008] 
[  966.474062][ T6008] CPU: 1 UID: 0 PID: 6008 Comm: kworker/1:4 Not tainted 6.16.0-rc1-syzkaller-00004-gaef17cb3d3c4 #0 PREEMPT(full) 
[  966.474085][ T6008] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
SYZFAIL: failed to recv rpc
[  966.474098][ T6008] Workqueue: events l2cap_chan_timeout
[  966.474126][ T6008] Call Trace:
[  966.474133][ T6008]  <TASK>
[  966.474141][ T6008]  dump_stack_lvl+0x116/0x1f0
[  966.474167][ T6008]  print_report+0xcd/0x680
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  966.474182][ T6008]  ? __virt_addr_valid+0x81/0x610
[  966.474198][ T6008]  ? __phys_addr+0xe8/0x180
[  966.474214][ T6008]  ? __mutex_lock+0xa65/0xb90
[  966.474228][ T6008]  kasan_report+0xe0/0x110
[  966.474243][ T6008]  ? __mutex_lock+0xa65/0xb90
[  966.474260][ T6008]  __mutex_lock+0xa65/0xb90
[  966.474276][ T6008]  ? l2cap_chan_timeout+0x6d/0x310
[  966.474300][ T6008]  ? __pfx___mutex_lock+0x10/0x10
[  966.474319][ T6008]  ? lock_acquire+0x62/0x350
[  966.474341][ T6008]  ? l2cap_chan_timeout+0x6d/0x310
[  966.474364][ T6008]  l2cap_chan_timeout+0x6d/0x310
[  966.474388][ T6008]  process_one_work+0x9cf/0x1b70
[  966.474418][ T6008]  ? __pfx_process_one_work+0x10/0x10
[  966.474446][ T6008]  ? assign_work+0x1a0/0x250
[  966.474468][ T6008]  worker_thread+0x6c8/0xf10
[  966.474497][ T6008]  ? __pfx_worker_thread+0x10/0x10
[  966.474521][ T6008]  kthread+0x3c2/0x780
[  966.474544][ T6008]  ? __pfx_kthread+0x10/0x10
[  966.474566][ T6008]  ? rcu_is_watching+0x12/0xc0
[  966.474582][ T6008]  ? __pfx_kthread+0x10/0x10
[  966.474604][ T6008]  ret_from_fork+0x5d4/0x6f0
[  966.474625][ T6008]  ? __pfx_kthread+0x10/0x10
[  966.474647][ T6008]  ret_from_fork_asm+0x1a/0x30
[  966.474670][ T6008]  </TASK>
[  966.474676][ T6008] 
[  966.539849][ T6008] Allocated by task 25710:
[  966.541704][ T6008]  kasan_save_stack+0x33/0x60
[  966.543646][ T6008]  kasan_save_track+0x14/0x30
[  966.545604][ T6008]  __kasan_kmalloc+0xaa/0xb0
[  966.547505][ T6008]  l2cap_conn_add.part.0+0x60/0xa60
[  966.549722][ T6008]  l2cap_chan_connect+0x15e5/0x2020
[  966.551853][ T6008]  l2cap_sock_connect+0x3b7/0x740
[  966.553912][ T6008]  kernel_connect+0x104/0x180
[  966.555867][ T6008]  rfcomm_dlc_open+0x821/0xaa0
[  966.557881][ T6008]  rfcomm_sock_connect+0x423/0x670
[  966.559968][ T6008]  __sys_connect_file+0x141/0x1a0
[  966.562054][ T6008]  __sys_connect+0x13b/0x160
[  966.563964][ T6008]  __ia32_sys_connect+0x71/0xb0
[  966.565999][ T6008]  __do_fast_syscall_32+0x7c/0x3a0
[  966.568133][ T6008]  do_fast_syscall_32+0x32/0x80
[  966.570159][ T6008]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  966.572765][ T6008] 
[  966.573791][ T6008] Freed by task 25743:
[  966.575499][ T6008]  kasan_save_stack+0x33/0x60
[  966.577453][ T6008]  kasan_save_track+0x14/0x30
[  966.579415][ T6008]  kasan_save_free_info+0x3b/0x60
[  966.581491][ T6008]  __kasan_slab_free+0x51/0x70
[  966.583436][ T6008]  kfree+0x2b4/0x4d0
[  966.585098][ T6008]  l2cap_conn_del+0x59c/0x730
[  966.587058][ T6008]  l2cap_disconn_cfm+0x96/0xd0
[  966.589051][ T6008]  hci_conn_hash_flush+0x10b/0x260
[  966.591169][ T6008]  hci_dev_reset+0x1ee/0x530
[  966.593062][ T6008]  hci_sock_ioctl+0x493/0x7d0
[  966.594997][ T6008]  hci_sock_compat_ioctl+0x43/0x80
[  966.597234][ T6008]  compat_sock_ioctl+0x176/0x730
[  966.599400][ T6008]  __ia32_compat_sys_ioctl+0x23f/0x370
[  966.601647][ T6008]  __do_fast_syscall_32+0x7c/0x3a0
[  966.603741][ T6008]  do_fast_syscall_32+0x32/0x80
[  966.605759][ T6008]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  966.608344][ T6008] 
[  966.609349][ T6008] The buggy address belongs to the object at ffff888021484000
[  966.609349][ T6008]  which belongs to the cache kmalloc-1k of size 1024
[  966.614864][ T6008] The buggy address is located 800 bytes inside of
[  966.614864][ T6008]  freed 1024-byte region [ffff888021484000, ffff888021484400)
[  966.620268][ T6008] 
[  966.621283][ T6008] The buggy address belongs to the physical page:
[  966.623800][ T6008] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x21480
[  966.627300][ T6008] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  966.630560][ T6008] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  966.632909][ T6008] page_type: f5(slab)
[  966.634186][ T6008] raw: 00fff00000000040 ffff88801b442dc0 dead000000000100 dead000000000122
[  966.636818][ T6008] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  966.639409][ T6008] head: 00fff00000000040 ffff88801b442dc0 dead000000000100 dead000000000122
[  966.642119][ T6008] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  966.644802][ T6008] head: 00fff00000000003 ffffea0000852001 00000000ffffffff 00000000ffffffff
[  966.647477][ T6008] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  966.650192][ T6008] page dumped because: kasan: bad access detected
[  966.652212][ T6008] page_owner tracks the page as allocated
[  966.654008][ T6008] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x252800(GFP_NOWAIT|__GFP_NORETRY|__GFP_COMP|__GFP_THISNODE), pid 24132, tgid 24131 (syz.2.5674), ts 837862064576, free_ts 828814596868
[  966.659796][ T6008]  post_alloc_hook+0x1c0/0x230
[  966.661296][ T6008]  get_page_from_freelist+0x1321/0x3890
[  966.663042][ T6008]  __alloc_frozen_pages_noprof+0x58b/0x23f0
[  966.664881][ T6008]  new_slab+0x94/0x330
[  966.666177][ T6008]  ___slab_alloc+0xd9c/0x1940
[  966.667819][ T6008]  __slab_alloc.constprop.0+0x56/0xb0
[  966.669955][ T6008]  __kmalloc_cache_node_noprof+0x100/0x420
[  966.671904][ T6008]  shrinker_alloc+0x784/0xbf0
[  966.673628][ T6008]  alloc_super+0x7c8/0xbd0
[  966.675037][ T6008]  sget_fc+0x116/0xc20
[  966.676328][ T6008]  get_tree_nodev+0x28/0x190
[  966.677856][ T6008]  vfs_get_tree+0x8e/0x340
[  966.679274][ T6008]  path_mount+0x1414/0x2020
[  966.680708][ T6008]  __ia32_sys_mount+0x28b/0x310
[  966.682269][ T6008]  __do_fast_syscall_32+0x7c/0x3a0
[  966.683885][ T6008]  do_fast_syscall_32+0x32/0x80
[  966.685436][ T6008] page last free pid 15 tgid 15 stack trace:
[  966.687314][ T6008]  __free_frozen_pages+0x7fe/0x1180
[  966.688940][ T6008]  rcu_core+0x79c/0x14e0
[  966.690317][ T6008]  handle_softirqs+0x219/0x8e0
[  966.691824][ T6008]  run_ksoftirqd+0x3a/0x60
[  966.693242][ T6008]  smpboot_thread_fn+0x3f7/0xae0
[  966.694827][ T6008]  kthread+0x3c2/0x780
[  966.696409][ T6008]  ret_from_fork+0x5d4/0x6f0
[  966.698276][ T6008]  ret_from_fork_asm+0x1a/0x30
[  966.700191][ T6008] 
[  966.701151][ T6008] Memory state around the buggy address:
[  966.703259][ T6008]  ffff888021484200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  966.705750][ T6008]  ffff888021484280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  966.708241][ T6008] >ffff888021484300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  966.710728][ T6008]                                ^
[  966.712468][ T6008]  ffff888021484380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  966.715565][ T6008]  ffff888021484400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  966.718465][ T6008] ==================================================================
[  966.721730][ T6008] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  966.724170][ T6008] CPU: 1 UID: 0 PID: 6008 Comm: kworker/1:4 Not tainted 6.16.0-rc1-syzkaller-00004-gaef17cb3d3c4 #0 PREEMPT(full) 
[  966.728626][ T6008] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  966.732067][ T6008] Workqueue: events l2cap_chan_timeout
[  966.733804][ T6008] Call Trace:
[  966.734873][ T6008]  <TASK>
[  966.735814][ T6008]  dump_stack_lvl+0x3d/0x1f0
[  966.737271][ T6008]  panic+0x71c/0x800
[  966.738552][ T6008]  ? __pfx_panic+0x10/0x10
[  966.739963][ T6008]  ? mark_held_locks+0x49/0x80
[  966.741470][ T6008]  ? __mutex_lock+0xa65/0xb90
[  966.742997][ T6008]  ? check_panic_on_warn+0x1f/0xb0
[  966.744607][ T6008]  ? __mutex_lock+0xa65/0xb90
[  966.746094][ T6008]  check_panic_on_warn+0xab/0xb0
[  966.747651][ T6008]  end_report+0x107/0x170
[  966.749017][ T6008]  kasan_report+0xee/0x110
[  966.750425][ T6008]  ? __mutex_lock+0xa65/0xb90
[  966.751902][ T6008]  __mutex_lock+0xa65/0xb90
[  966.753343][ T6008]  ? l2cap_chan_timeout+0x6d/0x310
[  966.754958][ T6008]  ? __pfx___mutex_lock+0x10/0x10
[  966.756649][ T6008]  ? lock_acquire+0x62/0x350
[  966.758194][ T6008]  ? l2cap_chan_timeout+0x6d/0x310
[  966.759803][ T6008]  l2cap_chan_timeout+0x6d/0x310
[  966.761377][ T6008]  process_one_work+0x9cf/0x1b70
[  966.762942][ T6008]  ? __pfx_process_one_work+0x10/0x10
[  966.764634][ T6008]  ? assign_work+0x1a0/0x250
[  966.766099][ T6008]  worker_thread+0x6c8/0xf10
[  966.767662][ T6008]  ? __pfx_worker_thread+0x10/0x10
[  966.769266][ T6008]  kthread+0x3c2/0x780
[  966.770576][ T6008]  ? __pfx_kthread+0x10/0x10
[  966.772059][ T6008]  ? rcu_is_watching+0x12/0xc0
[  966.773572][ T6008]  ? __pfx_kthread+0x10/0x10
[  966.775026][ T6008]  ret_from_fork+0x5d4/0x6f0
[  966.776468][ T6008]  ? __pfx_kthread+0x10/0x10
[  966.777980][ T6008]  ret_from_fork_asm+0x1a/0x30
[  966.779573][ T6008]  </TASK>
[  966.781197][ T6008] Kernel Offset: disabled
[  966.782648][ T6008] Rebooting in 86400 seconds..

VM DIAGNOSIS:
19:06:33  Registers:
info registers vcpu 0

CPU#0
RAX=000000000134f875 RBX=0000000000000000 RCX=ffffffff8b7bec69 RDX=0000000000000000
RSI=ffffffff8dc12cca RDI=ffffffff8bf55a60 RBP=fffffbfff1c12ef0 RSP=ffffffff8e007e08
R8 =0000000000000001 R9 =ffffed1005646645 R10=ffff88802b23322b R11=0000000000000001
R12=0000000000000000 R13=ffffffff8e097780 R14=ffffffff90882750 R15=0000000000000000
RIP=ffffffff8b7bd7cf RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff888097762000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000f5130752 CR3=00000000742cc000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=00000000be70000e 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000a000000000 0000000200000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000000000065 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff8557d3d5 RDI=ffffffff9ae6ca80 RBP=ffffffff9ae6ca40 RSP=ffffc90004577540
R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=3230383838666666
R12=0000000000000000 R13=0000000000000065 R14=ffffffff9ae6ca40 R15=ffffffff8557d370
RIP=ffffffff8557d3ff RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff888097862000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=000000002d8daffc CR3=0000000073523000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000a000000000 0000000200000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 2

CPU#2
RAX=0000000001159f21 RBX=0000000000000002 RCX=ffffffff8b7bec69 RDX=0000000000000000
RSI=ffffffff8dc12cca RDI=ffffffff8bf55a60 RBP=ffffed1003b5c910 RSP=ffffc9000047fdf8
R8 =0000000000000001 R9 =ffffed1005686645 R10=ffff88802b43322b R11=0000000000000001
R12=0000000000000002 R13=ffff88801dae4880 R14=ffffffff90882750 R15=0000000000000000
RIP=ffffffff8b7bd7cf RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff888097962000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000008f000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00005594cf2f8f40 CR3=0000000063179000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000a000000000 0000000200000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 3

CPU#3
RAX=0000000000000000 RBX=0000000000000002 RCX=ffffffff84df0db6 RDX=ffff888024474880
RSI=0000000000000020 RDI=0000000000000001 RBP=ffffffff8bf5a760 RSP=ffffc90002e771c8
R8 =0000000000000001 R9 =0000000000000020 R10=0000000000000010 R11=0000000000000001
R12=0000000000000010 R13=0000000000000001 R14=0000000000000003 R15=ffffffff8bf5abf1
RIP=ffffffff81bb84eb RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0000 0000000000000000 ffffffff 00c00000
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007f82853cc300 ffffffff 00c00000
GS =0000 ffff888097a62000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000d6000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00005594d3939000 CR3=000000004b5a7000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=00000000fcffc200 Opmask01=000000000000ffff Opmask02=00000000ffffffff Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000001 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffff8acb0230 ffffffff85540432 0000000500000004 0000000600040008
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000018c6 ffffffff8552f826 ffffffff8ac1183e ffffffff894a3655
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 ff02068b80031808 0006080020080006 006ff23a00000b71 0000000200000001
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 7973000300090000 0000307a79730001 0009000000020000 0000ffe600000301
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0a030000002c0300 0000400200080000 0000307a79730001 000900000002d5ff
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 1a5e000000000101 0a00000000280a00 0000000000000000 0000000100100000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 001401de080d8003 0d80020880030880 02068b9003000800 068b88030fffffff
ZMM24=c87468ecc87468ec c87468ecc87468ec c87468ecc87468ec c87468ecc87468ec c87468ecc87468ec c87468ecc87468ec c87468ecc87468ec c87468ecc87468ec
ZMM25=9c94f0e59c94f0e5 9c94f0e59c94f0e5 9c94f0e59c94f0e5 9c94f0e59c94f0e5 9c94f0e59c94f0e5 9c94f0e59c94f0e5 9c94f0e59c94f0e5 9c94f0e59c94f0e5
ZMM26=a064dca2a064dca2 a064dca2a064dca2 a064dca2a064dca2 a064dca2a064dca2 a064dca2a064dca2 a064dca2a064dca2 a064dca2a064dca2 a064dca2a064dca2
ZMM27=777d4b58777d4b58 777d4b58777d4b58 777d4b58777d4b58 777d4b58777d4b58 777d4b58777d4b58 777d4b58777d4b58 777d4b58777d4b58 777d4b58777d4b58
ZMM28=000000300000002f 0000002e0000002d 0000002c0000002b 0000002a00000029 0000002800000027 0000002600000025 0000002400000023 0000002200000021
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=1129000011290000 1129000011290000 1129000011290000 1129000011290000 1129000011290000 1129000011290000 1129000011290000 1129000011290000