last executing test programs:

8.635989038s ago: executing program 0 (id=3967):
setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0x2c)
socket$netlink(0x10, 0x3, 0x12)
openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)={{0x14}, [@NFT_MSG_NEWRULE={0x50, 0x6, 0xa, 0x401, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0xf}, @NFTA_CT_DREG={0x8, 0x1, 0x1, 0x0, 0x2}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x78}}, 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r1, &(0x7f0000000040)={0x2, 0x4e22, @empty}, 0x67)
sendto$inet(r1, 0x0, 0x0, 0x20000800, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
syz_emit_ethernet(0x36, &(0x7f0000000100)={@local, @random="cf3cccaf382f", @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x13, 0x0, 0x0, 0xfe, 0x6, 0x0, @remote, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0xc2}}}}}}, 0x0)

7.712234257s ago: executing program 0 (id=3972):
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/mdstat\x00', 0x0, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{}, 0xdf}}]}, {0x4}, {0xc, 0x7, {0x1}}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x10000800)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, 0x0, 0x0)
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r4 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_rx_ring(r4, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x3a, 0x1000, 0x3a}, 0x1c)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10)
r6 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r6, 0x89f3, &(0x7f0000000300)={'syztnl2\x00', &(0x7f0000000040)={'syztnl2\x00', 0x0, 0x4, 0xfe, 0x2, 0x4038a09, 0x4, @loopback={0xe0}, @mcast2={0xff, 0x5}, 0x0, 0x0, 0x0, 0x5}})
r7 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x1, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r7, 0xc2c45512, &(0x7f0000000640)={{0xb, 0x2, 0x81, 0x5, 'syz1\x00', 0x9}, 0x0, [0x380, 0x10e8af, 0x1, 0xcc0, 0xe, 0x101, 0x80000001, 0xa6da, 0x2, 0x1, 0x81, 0x8, 0x8, 0xfffefff7, 0x8, 0x10, 0x5, 0x4, 0x40f, 0x80, 0x962, 0x2, 0x1, 0x400, 0x7fffffff, 0xc360, 0x80000001, 0x6, 0x60e3, 0xa12, 0x8, 0x10000, 0x7, 0x9, 0x107430, 0x2, 0x2, 0x609, 0x1, 0x3, 0x8, 0x5, 0x8001, 0x8, 0x8009, 0x1, 0x8, 0x0, 0xffff1688, 0x2, 0x0, 0x4, 0x9000, 0xe93, 0x4, 0x7ff, 0x7, 0x81, 0x50a, 0x0, 0x6, 0x7ff, 0x6, 0xffffffff, 0x4, 0x5, 0x7a, 0x2, 0x9, 0x2, 0x3, 0x7, 0x1000ac, 0x7, 0x3, 0x4, 0x8000, 0x1ff, 0x4, 0x7, 0xd, 0x7, 0x5, 0x0, 0x0, 0x40, 0x2, 0x8000, 0xfff, 0x3, 0x3b9, 0x6, 0x4, 0x4660917f, 0x487d, 0x8000, 0x1, 0x5, 0x7, 0xfffffffe, 0x5, 0x4, 0xe, 0x1, 0x7, 0x9, 0xc, 0x8, 0x1, 0x1, 0x3ce, 0xa, 0x8, 0x9, 0x0, 0xa6dd88eb, 0xfffffff7, 0xffffbf90, 0xfffffffd, 0x7, 0x2, 0x0, 0x7, 0xa, 0x809, 0xffffffff, 0x73938332, 0x7763]})
prctl$PR_TASK_PERF_EVENTS_ENABLE(0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
openat$rdma_cm(0xffffff9c, &(0x7f0000000440), 0x2, 0x0)

6.340457406s ago: executing program 0 (id=3978):
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x6)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_io_uring_setup(0x897, &(0x7f0000000440)={0x0, 0xaee1, 0x8, 0x0, 0x68}, &(0x7f0000000100), &(0x7f0000000280))
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000040)='virtio_transport_alloc_pkt\x00', r1, 0x0, 0x3}, 0x18)
r2 = socket$vsock_stream(0x28, 0x1, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0xc0046209, &(0x7f0000000080)={0x73622a85, 0x100})
connect$vsock_stream(r2, &(0x7f0000000140)={0x28, 0x0, 0x0, @my=0x1}, 0x10)
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r4, 0x84, 0x81, &(0x7f00000002c0)="1a00000002000000", 0x8)
setsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r4, 0x84, 0x18, &(0x7f0000000300)={0x0, 0x8}, 0x8)
r5 = openat$nvme_fabrics(0xffffff9c, 0x0, 0x20a83, 0x0)
connect$unix(r5, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e)
sendmsg$NFQNL_MSG_CONFIG(0xffffffffffffffff, 0x0, 0x8080)
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r6, &(0x7f0000000000), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r6, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x15)
remap_file_pages(&(0x7f000051c000/0x400000)=nil, 0x400d00, 0x1800, 0x0, 0x0)

5.510328982s ago: executing program 0 (id=3980):
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005165c0f63cdc2e82818254950ee03568b8809a1ff4c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab60c1aae1314d7381fcfeb970bea672cf1e926f6a51479343144648a07a975bd89dc398712376610f6254f12495b4658319684387f6f3543205d4bc4ce05b8b961103673dff7f158052e62b20f05fd24108d8363d44fcd0f8f3647899762a17282a1914452d11f557c28f396eebdc858558db0276d14f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5de2503dab358f42a2624c7daa9ed44039aab46419496362e54cfad05a0004ac71a003d7b85d07191bed4e5a890826300214146f7ed569985439baa355c2766dd056f5d79e454f3d873095e7a237bc06d035a8d601f21746d886419f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c66b0f65021829f87d988b4e2d71753b1549fa734f0b2e56dbd21ed2e09d0cddad721971637f384eed3034597c93e1c52f42cad0ed09c395dc6e9703660fefa1c80f467367c006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0c9be9654db05fb918086cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f717f13fa7552d92c51dbd32ea50c490ecd085d2811a7555c538cffffff7f00000000dd872244bfa64779e0f43a9c277e2910b7ccdc3d6726d34ad2101033a623ca2a49ad344884289130bc71cee2b7de62bf48129ae1af052a2d46a61625735a9eea7f793946b3229e861d8ea49806b3f7d4295f6b000000000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c00000099b13ecda2a5b37de0519e974cba92ebaf0f701611a9b027ce04340bda4594cc9049c3f101629ab028145e004209ebe71a6fe84af50804000000000000004a27213354964e250a98fe357676f94b6947383e320fbb1118f586d5b9b1b977e1e1a4490ff67703a9b5900f8a6f8a805879dd91ec5ff435b219c53680c0ae04dcc4ef69b98fcb0d6b6a03a8b71a66b4e2876dc4b610444bf10000000000b046b6ae5d68156bcbd6d8793ade9a22ac8fc7857e5bbc14adc4e12b08f350c6789283b9990c72e64372a1f79769a8bdc632fc1a0b3417855d8b7d25ca4d404c23631ad3d2f55dcd385371c86170a4bca58c2b2b4eabc365f45bd10bb45b0c5bc354456a52be18d9b44014d20a3c51c8f013dade83562e73278662829e4f5a9ac00fd91178468c737f0872d97d38d11a176be5a0d7294c51eb161eddcfefa8837c7430721851ec2a107af0df6d43e732bbc01e76c66895eb85d36798d61622773591ee21ad9f6a1b73fa9cf3ffeb8a00b63af800a81d0fb8aa29df8b8ad6fbafefb5802a23cbdeeabceda5bfc5ff2fa5c1d61d04a1324794c6ed000696d9f04010c35474e690545c3d9bd836d4cef2585ba616e01c3d000000000000000000470ebc6f3453ecbf3047e4547d7632d3ad21798e730cb5d1da059b5bdb8107815dff995c0788906790406dfb4f8ee9f24ff94233e2e6e581e6e5de33a5f254c9a8b612547473c3001df3928dac9203b744619082421a8da7c00000000000000000000000000000018a73ef40cca690fb7595c6962984f8276677be6f66cbdbccf1896433808c9c84d74ac4a7c186a04a2250972f7acb156b21f9826b6acb7db32c4e3b3ec8b59fd972975edb1da872d81a35e4fda2f5cbde6b40bea20418c6e9dad30b791eea58f53e80fee4dd7fe08373ea2784fcd3a65261de71eb866458d2c22a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000300)=ANY=[@ANYRES32=r0, @ANYRES32=r1, @ANYBLOB="02"], 0x10)
socket$kcm(0xa, 0x2, 0x73)
r2 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r2, &(0x7f0000000080)={0x18, 0x0, {0x1, @broadcast, 'batadv_slave_1\x00'}}, 0x1e)
r3 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000300), 0x40a40, 0x0)
ioctl$PPPIOCATTCHAN(r3, 0x40047438, &(0x7f00000000c0)=0x1)
connect$pppl2tp(0xffffffffffffffff, &(0x7f0000000040)=@pppol2tpv3in6={0x18, 0x1, {0x0, r2, 0x1, 0x3, 0x2, 0x3, {0xa, 0x4e22, 0xfffffff8, @mcast1}}}, 0x3a)
ioctl$PPPIOCBRIDGECHAN(r3, 0x40047435, &(0x7f0000000200)=0x1)
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
bind$inet6(r4, &(0x7f00000002c0)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
listen(r4, 0x4)
r5 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x2, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r6 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r6, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
connect$unix(r7, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r8, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r6, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r7, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendto$inet6(r5, &(0x7f0000847fff)='X', 0x14f8d, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x100, @loopback}, 0x1c)
close_range(r4, r5, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x9, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000018000000000000000061121000000020009500000000000000"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)

4.582395466s ago: executing program 0 (id=3986):
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/mdstat\x00', 0x0, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{}, 0xdf}}]}, {0x4}, {0xc, 0x7, {0x1}}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x10000800)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, 0x0, 0x0)
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r4 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_rx_ring(r4, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x3a, 0x1000, 0x3a}, 0x1c)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10)
r6 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r6, 0x89f3, &(0x7f0000000300)={'syztnl2\x00', &(0x7f0000000040)={'syztnl2\x00', 0x0, 0x4, 0xfe, 0x2, 0x4038a09, 0x4, @loopback={0xe0}, @mcast2={0xff, 0x5}, 0x0, 0x0, 0x0, 0x5}})
r7 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x1, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r7, 0xc2c45512, &(0x7f0000000640)={{0xb, 0x2, 0x81, 0x5, 'syz1\x00', 0x9}, 0x0, [0x380, 0x10e8af, 0x1, 0xcc0, 0xe, 0x101, 0x80000001, 0xa6da, 0x2, 0x1, 0x81, 0x8, 0x8, 0xfffefff7, 0x8, 0x10, 0x5, 0x4, 0x40f, 0x80, 0x962, 0x2, 0x1, 0x400, 0x7fffffff, 0xc360, 0x80000001, 0x6, 0x60e3, 0xa12, 0x8, 0x10000, 0x7, 0x9, 0x107430, 0x2, 0x2, 0x609, 0x1, 0x3, 0x8, 0x5, 0x8001, 0x8, 0x8009, 0x1, 0x8, 0x0, 0xffff1688, 0x2, 0x0, 0x4, 0x9000, 0xe93, 0x4, 0x7ff, 0x7, 0x81, 0x50a, 0x0, 0x6, 0x7ff, 0x6, 0xffffffff, 0x4, 0x5, 0x7a, 0x2, 0x9, 0x2, 0x3, 0x7, 0x1000ac, 0x7, 0x3, 0x4, 0x8000, 0x1ff, 0x4, 0x7, 0xd, 0x7, 0x5, 0x0, 0x0, 0x40, 0x2, 0x8000, 0xfff, 0x3, 0x3b9, 0x6, 0x4, 0x4660917f, 0x487d, 0x8000, 0x1, 0x5, 0x7, 0xfffffffe, 0x5, 0x4, 0xe, 0x1, 0x7, 0x9, 0xc, 0x8, 0x1, 0x1, 0x3ce, 0xa, 0x8, 0x9, 0x0, 0xa6dd88eb, 0xfffffff7, 0xffffbf90, 0xfffffffd, 0x7, 0x2, 0x0, 0x7, 0xa, 0x809, 0xffffffff, 0x73938332, 0x7763]})
prctl$PR_TASK_PERF_EVENTS_ENABLE(0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
openat$rdma_cm(0xffffff9c, &(0x7f0000000440), 0x2, 0x0)

4.222256779s ago: executing program 0 (id=3987):
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
rseq(&(0x7f0000000400)={0x0, 0x0, 0x0, 0x4}, 0x20, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)

4.02194016s ago: executing program 1 (id=3989):
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
r2 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$int_in(r2, 0x5452, &(0x7f0000002380)=0x200)
write$P9_RVERSION(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15)
r3 = dup(r1)
write$FUSE_BMAP(r3, &(0x7f0000000300)={0x18, 0x0, 0x0, {0xfffffffffffffffa}}, 0x18)
r4 = syz_io_uring_setup(0x49a, &(0x7f0000000400)={0x0, 0x79af, 0x3180, 0x8000, 0x40024e}, &(0x7f0000000340)=<r5=>0x0, &(0x7f0000000040)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f00000002c0)=@IORING_OP_MSG_RING={0x28, 0x44, 0x0, r4, 0x0, 0x0, 0x0, 0x2})
io_uring_enter(r4, 0x627, 0x4c1, 0x43, 0x0, 0x0)
r7 = socket(0x2b, 0x801, 0x1)
r8 = socket(0x11, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r8, 0x8933, &(0x7f0000000600)={'team0\x00', <r9=>0x0})
r10 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r10, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000004c0)=@newqdisc={0xa4, 0x24, 0xf0b, 0x0, 0x1000000, {0x0, 0x0, 0x12, r9, {0x0, 0x300}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x74, 0x2, [@TCA_TAPRIO_ATTR_SCHED_CLOCKID={0x8}, @TCA_TAPRIO_ATTR_FLAGS={0x8, 0xa, 0x1}, @TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1], 0x0, [0x8, 0x4], [0x0, 0x0, 0x0, 0x0, 0xd645, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0xffff]}}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x8, 0x2, 0x0, 0x1, [{0x4, 0x3f}]}]}}]}, 0xa4}, 0x1, 0x7a00}, 0x4000000)
setsockopt$inet_tcp_TCP_MD5SIG(r7, 0x6, 0xe, &(0x7f000087cf79)={@in6={{0xa, 0x0, 0x0, @ipv4}}, 0x0, 0x0, 0x0, 0x0, "0000000000000099010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000be4f28860000000000000000ffe300"}, 0xd8)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000000c0)={r3, 0x58}, 0x10)
write$FUSE_DIRENTPLUS(r3, &(0x7f0000002100)=ANY=[@ANYBLOB="b0000000000000001659ec0889419429aa5db97288b0f8a87ea8e66d9a8b"], 0xb0)
write$FUSE_DIRENTPLUS(r3, &(0x7f0000000140)=ANY=[@ANYBLOB="10"], 0x10)
write$FUSE_DIRENTPLUS(r3, &(0x7f0000000280)=ANY=[@ANYBLOB="a8"], 0xa8)
mkdir(&(0x7f00000020c0)='./file0\x00', 0x0)
read$FUSE(r2, &(0x7f0000004280)={0x2020, 0x0, <r11=>0x0}, 0x2020)
getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, &(0x7f0000000640)={{{@in6=@loopback, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r12=>0x0}}, {{@in6=@remote}, 0x0, @in6=@empty}}, &(0x7f0000000180)=0xe4)
r13 = socket(0x10, 0x3, 0x0)
getsockopt$sock_cred(r13, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, <r14=>0x0}, &(0x7f0000cab000)=0xc)
setresgid(r14, r14, 0x0)
getsockopt$inet_IP_XFRM_POLICY(r3, 0x0, 0x11, &(0x7f0000000800)={{{@in=@broadcast, @in6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r15=>0x0}}, {{@in=@private}, 0x0, @in6=@initdev}}, &(0x7f00000001c0)=0xe4)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f0000000900)={0x150, 0xfffffffffffffffe, r11, [{{0x0, 0x1, 0xffff, 0x4, 0x1, 0x1, {0x4, 0x88e, 0x4656, 0x8, 0x10001, 0xd, 0x80000000, 0x1, 0xbc2, 0x1000, 0x0, r12, r14, 0x10000, 0x3}}, {0x3, 0xfffffffffffffffb, 0x2, 0xb98, '\\,'}}, {{0x4, 0x0, 0x100000000, 0x8000000000000000, 0x6, 0x37a, {0x2, 0x40000, 0x1, 0xcd5f, 0x4, 0x5, 0x3, 0x7ff, 0x0, 0x2000, 0x6, r15, 0xee01, 0x80000001, 0x5}}, {0x4, 0x0, 0x5, 0x1ff, 'wfdno'}}]}, 0x150)
write$FUSE_INIT(r3, &(0x7f0000004200)={0x50, 0x0, 0x0, {0x7, 0x21, 0xffffffff, 0xfffffffff12bd390, 0x2, 0x6, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6}}, 0x50)
mount$9p_fd(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000500)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}, 0x2c, {[{@posixacl}]}})

4.021621064s ago: executing program 3 (id=3990):
r0 = socket$inet6(0xa, 0x3, 0xff)
setsockopt$inet6_IPV6_RTHDR(r0, 0x29, 0x39, &(0x7f0000002e40)=ANY=[@ANYBLOB="00020201"], 0x18)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c)
r1 = dup(r0)
write$midi(r1, 0x0, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)={0x1c, 0x20, 0x9, 0x2, 0x25dfdbff, {0x4}, [@typed={0x8, 0x8, 0x0, 0x0, @fd=r2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000000}, 0x4000)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
unlink(0x0)

3.942341515s ago: executing program 3 (id=3991):
openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000140), 0x1a1002, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0xffffffb3, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
r4 = fsmount(0xffffffffffffffff, 0x1, 0x1)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB="6800000002060500000000000000000000000000120003006269746d61703a69702c6d616300000005000400000000000900797a3000028008000100000080020c000180080001400000000005001400020000000500010006000000"], 0x68}}, 0x0)
fchdir(r4)
bind$inet(r3, &(0x7f0000000080)={0x2, 0x4e21, @broadcast}, 0x10)
connect$inet(r3, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10)
r5 = signalfd4(r3, &(0x7f0000000100)={[0x5, 0x4bb307b8]}, 0x8, 0x80000)
setsockopt$inet_tcp_TCP_CONGESTION(r5, 0x6, 0xd, &(0x7f0000000280)='cdg\x00', 0x4)
sendto$inet(r3, &(0x7f0000000000), 0xffffffffffffff94, 0x240, 0x0, 0x0)
recvfrom$inet(r3, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x720, 0x0, 0xfffffffffffffd25)
socket(0x10, 0x3, 0x0)
socket$packet(0x11, 0x2, 0x300)
r6 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r6, &(0x7f0000000180)={0x400000000000000, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="020f000015000000000000000000000005000500000000000a00ffffff800000000000000000000000000000000000000004000000000000080012000000020000000000020000000600000000000000090000000000000000000000000000000000000000000000ff01000000000000000000000000000105000600000000000a000002ffffffffff02000000000000000000000000000100000000000000000100"], 0xa8}}, 0x0)

3.841393828s ago: executing program 2 (id=3992):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x3}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) (async, rerun: 64)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) (rerun: 64)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) (async)
prlimit64(0x0, 0xe, 0x0, 0x0) (async)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) (async)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x48, 0x2, 0x6, 0x301, 0x0, 0x0, {}, [@IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'list:set\x00'}]}, 0x48}}, 0x0)
sendmsg$IPSET_CMD_DEL(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000300)={0x44, 0xa, 0x6, 0x101, 0xd000000, 0x0, {0x1}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_ADT={0x14, 0x8, 0x0, 0x1, [{0x10, 0x7, 0x0, 0x1, @IPSET_ATTR_NAME={0x9, 0x12, 'syz2\x00'}}]}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_LINENO={0x8}]}, 0x44}}, 0x0)
r2 = getpid() (async, rerun: 64)
write$UHID_INPUT(0xffffffffffffffff, 0x0, 0x0) (async, rerun: 64)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
syz_open_dev$evdev(0x0, 0x0, 0x0)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) (async)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x12140, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) (async)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) (async)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) (async)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/wakeup_count', 0x101a02, 0x0)
sendfile(r5, r5, 0x0, 0x101)
mmap$binder(&(0x7f00008d6000/0x2000)=nil, 0x2000, 0x1, 0x11, r5, 0x5) (async)
socket$nl_netfilter(0x10, 0x3, 0xc)
write$uinput_user_dev(r5, &(0x7f0000000540)={'syz1\x00', {0xf9d, 0x1ff, 0xec00, 0x6cc7}, 0x42, [0x80000001, 0x7fff, 0x7ff, 0x0, 0x4, 0x3, 0x3, 0xffffffff, 0x5, 0x2, 0x9, 0x9, 0x6, 0x80000000, 0x8, 0x7fff, 0x9, 0x8, 0x7, 0x0, 0xb, 0x7a47, 0x7fc, 0x9, 0xd4, 0x8, 0x4, 0x2, 0xfffffffd, 0x5, 0x5, 0x4, 0x100, 0x1, 0x5, 0x9, 0xffff, 0x51b1, 0x2, 0x2, 0x9, 0x0, 0x7fffffff, 0x1, 0xee, 0x0, 0x800, 0xfffffffb, 0x10000, 0x5, 0x2, 0x6, 0x7, 0x8000, 0xc0, 0x6, 0x6, 0x8, 0x4, 0x1, 0x10001, 0xff1, 0xf, 0x5], [0x8, 0x3, 0x6, 0x101, 0x2, 0x7ff, 0x7, 0x0, 0x2, 0x7, 0x8, 0x4, 0x3ff, 0x6310, 0x6, 0x1e1, 0xfffffffe, 0x10000, 0x0, 0xffff, 0xe, 0x9, 0x8384, 0x9, 0x8c, 0x688, 0x8, 0xfffffff9, 0x2, 0x8, 0x4, 0xf, 0xffff0000, 0x9, 0x7ff, 0xeeb, 0x7ff, 0xfff, 0x0, 0x9, 0x8a27, 0x8, 0x3, 0x8, 0x0, 0x6, 0x3, 0x3, 0x27173dc7, 0x5, 0xb0e, 0x7, 0x8, 0x4, 0x2, 0x219c000, 0x4, 0xfffffffe, 0x7ff, 0x10001, 0x6, 0x7, 0x8, 0x8], [0xc18, 0x5, 0xa, 0x6448, 0xc, 0x7, 0x8, 0x401, 0x7f, 0x9f, 0x0, 0x0, 0x3, 0x40, 0x36, 0x591, 0x7b2c, 0x4, 0xb, 0x0, 0x800, 0x6, 0x4, 0x2, 0x9, 0xb, 0x800, 0x5, 0x3, 0x20, 0x0, 0x0, 0x8, 0x400, 0x3, 0x6, 0xc8, 0x17f, 0x8654, 0xfc1b, 0x0, 0x89c, 0x8, 0x3, 0x2c0c, 0x8, 0xff, 0x7, 0x1, 0x3, 0x7, 0x80000000, 0x7, 0x7ff, 0x2c0d, 0xfffffffc, 0x7aa, 0x9, 0x4, 0x1, 0x2, 0x2, 0x6, 0xfffff753], [0xfffffffb, 0x5, 0x7fff, 0x0, 0x6, 0x0, 0x2, 0x9, 0x3, 0x9, 0x1000, 0x9, 0xfffffad0, 0xe4, 0xe, 0x3, 0x10, 0x81, 0x468, 0x9, 0x4, 0x2, 0x3, 0x7fffffff, 0x4, 0x4, 0x101, 0x9, 0xa, 0x1, 0x81, 0x7, 0x7fff, 0x2, 0xcdb, 0x200, 0x2, 0x3, 0x7f, 0x5, 0x7, 0x7, 0x3, 0xf, 0xfffffff7, 0x2, 0x0, 0x6, 0x3ff, 0xffc00000, 0x6d5, 0x100, 0x10000, 0x8, 0x6, 0x9, 0xd, 0x1, 0x1, 0x5, 0x4, 0x1, 0x5, 0x7]}, 0x45c) (async, rerun: 32)
getsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x28, 0x0, &(0x7f00000002c0)) (rerun: 32)

3.840561824s ago: executing program 1 (id=3993):
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x60, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000b40)={0x11, 0x8, &(0x7f0000005c00)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546000677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289d01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5467a932b77674e802a0d42bc6099ad238af770b5ed8925161729298700000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3ac3209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b135ab6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809b5b9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed3957f813567f7a95435ac15fc0288d9b2a169cdcacc413b48dafb7a2c8cb482bac0ac559eaf39027ceb379a902d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385beef3282830689da6b53b263339863297771429d120000003341bf4abacac94500fca0493cf29b33dcc9ffffffffffffffd39f6ce0c6ff01589646efd1cf870cd7bb2366fdf870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1293b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd000c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c7df8be5877050c91301fb997316dbf17866fb84d4173731efe895ff2e1c55ef08235a0126e01254c44060926e90109b598502d3e959efc71f665c4d75cf2458e3542c9062ece84c99a861887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc74aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7ad333545794f37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f4df90400000000000000d6b2c5ea139376f24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8e3070000001e48418046c216c1f895778cb25122a2a998de0842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec84ac3571f02f647b3385b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba2f58ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df986741517abf11389b751f4e109b60000000000000000d6d5210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750890ae71555b3228b1bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e7a45319f18101288d139bd3da230ed05a8fe64680b0a3f9f2dd704e4214de5946912d6c98cd1a9fbe1e7d58c08acaf30235b9100000000a55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854356cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c776f4b4ce07e1c6fa66fcfc7a228805f76785efc0ceb1c8e5729c66418d169fc03aa18854693ad2a182068e1e3a0e2505bc7f41019645466ac96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a428f1da1f68df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7e478950aa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab848753203b458b97ec1afb079b4b4ba686fcdf240430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7db3c4be290159f6bcd75f0dda9de5532e71ae9e48b0ed1254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6c30ebc660309e1e245b0fdf9743af932cd6db49a47613808bad959719c0000000000378ac2e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6ca0400966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e3030108000000000000c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bffef97dcecc467ace456597685c5870d25f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4cba6e6390a9f302c6eb2df7766411bef0ebb5000000000006065d6735eb7a00e127c0000000000000000000000bfb0bba79344643b1d8daa9f38e4b62c1e2af68c6f5054b078acd74b4a9c944e4505da485a3a4154387a0a88372091cd397b09c5888a06431df3f68abf0b366c4d5f8bea7b29c257ed756dff7a21c6b661cbdd43de65afd7f661d5c84f915c90e3d6ea012b68b787eb01d8320000000000000060176dacba0ec503a37fae6b472ec369c79ee6a420c0fd8d8d82fe136d5af6c30bfeb0a7275babfdb96a127aa9386e0671c6454245a18c1c8c49552cff5d27b547cdc34c0858c77a47a9ff86ee9fbd9ceda428716a4218821176d8067997527230fa67d26950d3e4f2750fa7c872874ad3a2d11f9f6eb08e6d7b6fa257b04d8ce36360f524e3dfd2211641f3d2637d86b80681eca50ce0eecafdd22d41fa515c15591e70ded4b70efac3cb42fb352d82e8f7573e8ed8248da356fa91a252976d3a4d8c1843a8d5bb7f5f1028453a0562a3ea93117076dd4940b7df50d78289fe66197525f6095f8662d232970bef61b03fa83027963a1a2e07cfee30c0d0b4c5877f93b3637ca21eab5afcf5d4638dfe8f9202aaad51c979049dd76d65368cbd4187d9f74257c7c4a23ac4a34eec5aa17e78c5167216f5e72138d20f8325dd5f8f96c32189c904eaef580987f1ce601a7cdc35461db9981ac42f9e24b0699bbe4e3d986e38952b0b7938eefd9e7a292bbb66367ad77045fdc18855c81c031dedd185c723238373fc698d676791d04f1ff5f0825a6619e844882f31ed190233d58ecee949e310bf2b1a51b8a33ae65a06d2b6ad386bf8dc49dd328bcd75d1843a13d68560175a18af7efc3c0f20e32f84f6aaaf000000000000000000000013a6c66bce74a8fb9092023df695da2714a7933d699d42de2bc4a85e0a0e22228290a7a7553ab93a16e42453ed86869a02df2f47d4088fac1772d3cd955c81cbf91c2ca7942942f61723b558079b82547844f92df2499c4b2c2ef2539e5daa8d8727baaa6b5755e6f83bbfca00000000000000000000007925d0f1256330b9e2aa9a18cea8e009116f63c6c7d8f7f95bf0f6731e5eb1dcdc534f357b9f08e7a9a3aebeca145d695053b5bef004ca24e6c57ed10f01488d38b8b0b68d93e3cf630837915d518fde2115e66615786fe7b9216de958119cf762cac77ac829a02f48e72c0d2841880b2c"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000)={0x0, 0x2000000}, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
syz_open_dev$radio(&(0x7f0000000100), 0x3, 0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r2 = dup(r1)
write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd74)
r3 = syz_io_uring_setup(0x917, &(0x7f0000000300)={0x0, 0x400, 0x1, 0x1000001, 0xf7fffffc, 0x0, r2}, &(0x7f0000000180)=<r4=>0x0, &(0x7f0000000200)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffbfd, 0x0, 0x4)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_tracing={0x1a, 0x2, &(0x7f0000000980)=ANY=[@ANYRES64=r5, @ANYRES32=r2, @ANYBLOB="03000000eeffffff"], &(0x7f0000000500)='syzkaller\x00', 0x40a, 0x1000, &(0x7f0000001000)=""/4096, 0x41100, 0x1a, '\x00', 0x0, 0x17, r2, 0x8, &(0x7f0000000540)={0x3, 0x1}, 0x8, 0x10, &(0x7f0000000a40)={0x3, 0xf, 0x80000000, 0x8}, 0x10, 0x151f5, 0xffffffffffffffff, 0x7, &(0x7f0000000d00)=[r2, r2, r2, r2, r2, r2], &(0x7f0000000d40)=[{0x0, 0x3, 0xe, 0x5}, {0x4, 0x5, 0x10, 0xc}, {0x3, 0x2, 0x5, 0x6}, {0x0, 0x1, 0xc, 0x4}, {0x3, 0x4, 0x0, 0x4}, {0x5, 0x1, 0xb, 0x4}, {0x4, 0x3, 0x3, 0xc}], 0x10, 0xe, @void, @value}, 0x94)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1)
io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0)
r6 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0)
syz_io_uring_submit(r4, r5, &(0x7f00000000c0)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r2, 0x0, &(0x7f0000000a80)={&(0x7f0000000240)=@in6={0xa, 0x0, 0x0, @mcast1}, 0x80, &(0x7f00000009c0)=[{&(0x7f0000000380)=""/197, 0xc5}, {&(0x7f0000000c00)=""/245, 0xe7}, {&(0x7f0000000580)=""/162, 0xa2}, {&(0x7f00000001c0)=""/37, 0x38}, {&(0x7f0000000640)=""/120, 0x78}, {&(0x7f00000006c0)=""/228, 0xe8}, {&(0x7f00000007c0)=""/114, 0x72}, {&(0x7f00000002c0)=""/27, 0x1b}, {&(0x7f0000000840)=""/155, 0x9b}, {&(0x7f0000000900)=""/124, 0x85}], 0xa, &(0x7f0000000ac0)=""/16, 0x10}, 0x0, 0x140, 0x0, {0x1, r6}})
io_uring_enter(r3, 0x47f6, 0x0, 0x0, 0x0, 0x0)
r7 = io_uring_setup(0x549d, &(0x7f0000000000)={0x0, 0x72e3, 0x1, 0x2, 0xfb, 0x0, r3})
io_uring_register$IORING_REGISTER_IOWQ_MAX_WORKERS(r7, 0x13, &(0x7f0000000080)=[0x5, 0xa22], 0x2)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f00000004c0)='scmi_rx_done\x00', r0}, 0x18)
r8 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt_hci(r8, 0x400448cb, 0x0)
r9 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r10 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000049c0)={0x3, 0x2e, &(0x7f0000000e80)=ANY=[@ANYBLOB="180000000000008000000000f8ffffff18110000", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b70300000000ec2464f1027dd5ff00008500000083000000bf09000000000000550901000000000095000000000000008520000005000000183b000003000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000810000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000020000008500000082000000182b0000", @ANYRES32=r2, @ANYBLOB="00000000fcffffff1801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000002000000850000000600000006580600000800001800000099000000000000000300000018340000040000000000000000000000182a0000", @ANYRES32=r2], &(0x7f0000000080)='GPL\x00', 0x2, 0x0, 0x0, 0x45057bf4ccb05c67, 0x24, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, @void, @value}, 0x94)
write$dsp(r10, &(0x7f00000001c0)="5cba91a4", 0xffffffd9)
ioctl$SNDCTL_DSP_SETFMT(r10, 0x40045010, &(0x7f0000000300)=0x3)
ioctl$SNDCTL_DSP_RESET(r10, 0x5000, 0x0)
bind$bt_hci(r9, &(0x7f0000000340)={0x1f, 0xffff, 0x3}, 0x6)
write(r9, &(0x7f0000000040)="05000000010000", 0x7)

3.049517142s ago: executing program 3 (id=3994):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x1a, 0xd, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000851000000100000095000000000000001800000020646c2500000000002020207b1a00fe00000000bda100000000000007010000f8ffffffb702000008000000b703000000000000850000007600000095"], &(0x7f0000000180)='GPL\x00', 0x9, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)

3.04780545s ago: executing program 3 (id=3995):
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x60, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000b40)={0x11, 0x8, &(0x7f0000005c00)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546000677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289d01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5467a932b77674e802a0d42bc6099ad238af770b5ed8925161729298700000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3ac3209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b135ab6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809b5b9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed3957f813567f7a95435ac15fc0288d9b2a169cdcacc413b48dafb7a2c8cb482bac0ac559eaf39027ceb379a902d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385beef3282830689da6b53b263339863297771429d120000003341bf4abacac94500fca0493cf29b33dcc9ffffffffffffffd39f6ce0c6ff01589646efd1cf870cd7bb2366fdf870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1293b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd000c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c7df8be5877050c91301fb997316dbf17866fb84d4173731efe895ff2e1c55ef08235a0126e01254c44060926e90109b598502d3e959efc71f665c4d75cf2458e3542c9062ece84c99a861887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc74aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7ad333545794f37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f4df90400000000000000d6b2c5ea139376f24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8e3070000001e48418046c216c1f895778cb25122a2a998de0842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec84ac3571f02f647b3385b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba2f58ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df986741517abf11389b751f4e109b60000000000000000d6d5210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750890ae71555b3228b1bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e7a45319f18101288d139bd3da230ed05a8fe64680b0a3f9f2dd704e4214de5946912d6c98cd1a9fbe1e7d58c08acaf30235b9100000000a55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854356cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c776f4b4ce07e1c6fa66fcfc7a228805f76785efc0ceb1c8e5729c66418d169fc03aa18854693ad2a182068e1e3a0e2505bc7f41019645466ac96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a428f1da1f68df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7e478950aa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab848753203b458b97ec1afb079b4b4ba686fcdf240430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7db3c4be290159f6bcd75f0dda9de5532e71ae9e48b0ed1254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6c30ebc660309e1e245b0fdf9743af932cd6db49a47613808bad959719c0000000000378ac2e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6ca0400966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e3030108000000000000c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bffef97dcecc467ace456597685c5870d25f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4cba6e6390a9f302c6eb2df7766411bef0ebb5000000000006065d6735eb7a00e127c0000000000000000000000bfb0bba79344643b1d8daa9f38e4b62c1e2af68c6f5054b078acd74b4a9c944e4505da485a3a4154387a0a88372091cd397b09c5888a06431df3f68abf0b366c4d5f8bea7b29c257ed756dff7a21c6b661cbdd43de65afd7f661d5c84f915c90e3d6ea012b68b787eb01d8320000000000000060176dacba0ec503a37fae6b472ec369c79ee6a420c0fd8d8d82fe136d5af6c30bfeb0a7275babfdb96a127aa9386e0671c6454245a18c1c8c49552cff5d27b547cdc34c0858c77a47a9ff86ee9fbd9ceda428716a4218821176d8067997527230fa67d26950d3e4f2750fa7c872874ad3a2d11f9f6eb08e6d7b6fa257b04d8ce36360f524e3dfd2211641f3d2637d86b80681eca50ce0eecafdd22d41fa515c15591e70ded4b70efac3cb42fb352d82e8f7573e8ed8248da356fa91a252976d3a4d8c1843a8d5bb7f5f1028453a0562a3ea93117076dd4940b7df50d78289fe66197525f6095f8662d232970bef61b03fa83027963a1a2e07cfee30c0d0b4c5877f93b3637ca21eab5afcf5d4638dfe8f9202aaad51c979049dd76d65368cbd4187d9f74257c7c4a23ac4a34eec5aa17e78c5167216f5e72138d20f8325dd5f8f96c32189c904eaef580987f1ce601a7cdc35461db9981ac42f9e24b0699bbe4e3d986e38952b0b7938eefd9e7a292bbb66367ad77045fdc18855c81c031dedd185c723238373fc698d676791d04f1ff5f0825a6619e844882f31ed190233d58ecee949e310bf2b1a51b8a33ae65a06d2b6ad386bf8dc49dd328bcd75d1843a13d68560175a18af7efc3c0f20e32f84f6aaaf000000000000000000000013a6c66bce74a8fb9092023df695da2714a7933d699d42de2bc4a85e0a0e22228290a7a7553ab93a16e42453ed86869a02df2f47d4088fac1772d3cd955c81cbf91c2ca7942942f61723b558079b82547844f92df2499c4b2c2ef2539e5daa8d8727baaa6b5755e6f83bbfca00000000000000000000007925d0f1256330b9e2aa9a18cea8e009116f63c6c7d8f7f95bf0f6731e5eb1dcdc534f357b9f08e7a9a3aebeca145d695053b5bef004ca24e6c57ed10f01488d38b8b0b68d93e3cf630837915d518fde2115e66615786fe7b9216de958119cf762cac77ac829a02f48e72c0d2841880b2c"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000)={0x0, 0x2000000}, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
syz_open_dev$radio(&(0x7f0000000100), 0x3, 0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r2 = dup(r1)
write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd74)
r3 = syz_io_uring_setup(0x917, &(0x7f0000000300)={0x0, 0x400, 0x1, 0x1000001, 0xf7fffffc, 0x0, r2}, &(0x7f0000000180)=<r4=>0x0, &(0x7f0000000200)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffbfd, 0x0, 0x4)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_tracing={0x1a, 0x2, &(0x7f0000000980)=ANY=[@ANYRES64=r5, @ANYRES32=r2, @ANYBLOB="03000000eeffffff"], &(0x7f0000000500)='syzkaller\x00', 0x40a, 0x1000, &(0x7f0000001000)=""/4096, 0x41100, 0x1a, '\x00', 0x0, 0x17, r2, 0x8, &(0x7f0000000540)={0x3, 0x1}, 0x8, 0x10, &(0x7f0000000a40)={0x3, 0xf, 0x80000000, 0x8}, 0x10, 0x151f5, 0xffffffffffffffff, 0x7, &(0x7f0000000d00)=[r2, r2, r2, r2, r2, r2], &(0x7f0000000d40)=[{0x0, 0x3, 0xe, 0x5}, {0x4, 0x5, 0x10, 0xc}, {0x3, 0x2, 0x5, 0x6}, {0x0, 0x1, 0xc, 0x4}, {0x3, 0x4, 0x0, 0x4}, {0x5, 0x1, 0xb, 0x4}, {0x4, 0x3, 0x3, 0xc}], 0x10, 0xe, @void, @value}, 0x94)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1)
io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0)
r6 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0)
syz_io_uring_submit(r4, r5, &(0x7f00000000c0)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r2, 0x0, &(0x7f0000000a80)={&(0x7f0000000240)=@in6={0xa, 0x0, 0x0, @mcast1}, 0x80, &(0x7f00000009c0)=[{&(0x7f0000000380)=""/197, 0xc5}, {&(0x7f0000000c00)=""/245, 0xe7}, {&(0x7f0000000580)=""/162, 0xa2}, {&(0x7f00000001c0)=""/37, 0x38}, {&(0x7f0000000640)=""/120, 0x78}, {&(0x7f00000006c0)=""/228, 0xe8}, {&(0x7f00000007c0)=""/114, 0x72}, {&(0x7f00000002c0)=""/27, 0x1b}, {&(0x7f0000000840)=""/155, 0x9b}, {&(0x7f0000000900)=""/124, 0x85}], 0xa, &(0x7f0000000ac0)=""/16, 0x10}, 0x0, 0x140, 0x0, {0x1, r6}})
io_uring_enter(r3, 0x47f6, 0x0, 0x0, 0x0, 0x0)
r7 = io_uring_setup(0x549d, &(0x7f0000000000)={0x0, 0x72e3, 0x1, 0x2, 0xfb, 0x0, r3})
io_uring_register$IORING_REGISTER_IOWQ_MAX_WORKERS(r7, 0x13, &(0x7f0000000080)=[0x5, 0xa22], 0x2)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f00000004c0)='scmi_rx_done\x00', r0}, 0x18)
r8 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt_hci(r8, 0x400448cb, 0x0)
r9 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r10 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)
r11 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000049c0)={0x3, 0x2e, &(0x7f0000000e80)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x2, 0x0, 0x0, 0x45057bf4ccb05c67, 0x24, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r11, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
write$dsp(r10, &(0x7f00000001c0)="5cba91a4", 0xffffffd9)
ioctl$SNDCTL_DSP_SYNC(r10, 0x5001, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r10, 0x40045010, &(0x7f0000000300)=0x3)
ioctl$SNDCTL_DSP_RESET(r10, 0x5000, 0x0)
bind$bt_hci(r9, &(0x7f0000000340)={0x1f, 0xffff, 0x3}, 0x6)
write(r9, &(0x7f0000000040)="05000000010000", 0x7)

2.922235806s ago: executing program 2 (id=3996):
socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x6}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x3}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x20000800}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
ioctl$USBDEVFS_CONTROL(0xffffffffffffffff, 0xc0105500, &(0x7f0000000140)={0x80, 0x6, 0x303, 0xfffd, 0x13, 0x0, 0x0})
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x5, &(0x7f0000000000)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x3, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r2 = socket$nl_sock_diag(0x10, 0x3, 0x4)
sendmsg$TCPDIAG_GETSOCK(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="4c0000001200010003950000000000000a0900004001000000000000000000000000ffff"], 0x4c}}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x2000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0)
r5 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
read$msr(r5, &(0x7f0000000040)=""/59, 0xffb5)

2.810495753s ago: executing program 1 (id=3997):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="c0260000410007010000000007000000017c00000400fc80a72601"], 0x26c0}}, 0x4010)
socket$inet6_mptcp(0xa, 0x1, 0x106)
syz_init_net_socket$netrom(0x6, 0x5, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000040))
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x60, 0x30, 0x1, 0x0, 0x25dfdbfd, {}, [{0x4c, 0x1, [@m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x1}}}}]}]}, 0x60}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x5e38b000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0006}]})
keyctl$dh_compute(0x17, &(0x7f0000000000), 0x0, 0x0, 0x0)
syz_open_dev$tty20(0xc, 0x4, 0x1)
sendto$inet(0xffffffffffffffff, &(0x7f0000000380)="437550b523af1a7f2da599e5139f10a0f56401a09a7d028e470e28217045a0db9dba02d08dfe3937f513c950593b1b21f1a9", 0x32, 0x20004801, &(0x7f0000000400)={0x2, 0x4e24, @empty}, 0x10)
r5 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r5, 0x10f, 0x87, &(0x7f0000000040)=@req={0x3fc}, 0x10)
r6 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r6, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10)
sendmmsg(r5, &(0x7f0000003240), 0x4000000000000e4, 0x0)

2.022281162s ago: executing program 2 (id=3998):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x6, 0x29, &(0x7f0000000740)=ANY=[@ANYBLOB="180000000000000000000000110000", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000", @ANYRES32, @ANYRES64=r0, @ANYBLOB="0000000000000000b70500000800000085000000a5000000852000000300000085000000a600000018400000f8ffffff000000000000000018000000010000000000000007000000bf91000000000000b7020000020000008500000000000000b7000000000000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0xc, '\x00', 0x0, @fallback=0x13, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, @void, @value}, 0x94) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async)
r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r2 = dup(r1)
write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c) (async)
r3 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r3, 0x1, &(0x7f0000000000)='source', &(0x7f0000000040)='c:::\x00', 0x0) (async)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000cc0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc0200000000000000ae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fc40848228567ffb400000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df2624f56da648d28ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71400fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada10eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff00000000000f000000ef0000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18aba6b16455a66c3b84b138efc20a546d3d5227e23b03f2a834391ade2ff3e93ee296c4082ee73e7c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0847a1ff2f7fc3c2b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f05c7f0be31491eb8c9ff68236c8600040000000000000000000066e034c81c3cab64e4fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f224baf1221c15fa12313ffbfa7c2730309f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca205081173bd03c4754fc4674812daab482fd390a1c903b5d28a1eb247b5837d7603b92495d5c569f6433c3fca5206cb0000003fdbbd3892c52c2e7612e05de32322e980a3d69931e2c9312dd517c96f2ee90362476ed853c4c9b7d4ebf13cbaa795860e92a3d7d004f2c491db38eb769f094d5d48b262cc35c40682138cf13a49aa9f27abec00002f01ba1251aaf2385416ca719300"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10)
fsconfig$FSCONFIG_SET_STRING(r3, 0x1, &(0x7f0000000380)='source\xcf\x87\x86\x1bY\x0f\xde\xd6\xcd\xc0\x01\xd3\x19>K\x04\xfe\x86YG\xa5\x0f\xed\xa0\x9f\x1e\x14R\x9e\x04\xfa\xed\xd0TG&\x88\xeaz\x9aD\xf8Tt\x8c\x00{\x1fm\xfe\x9c\xf6_h\x9e\xfc\'', &(0x7f00000001c0)='sou\x01ce', 0x0)
r5 = socket$packet(0x11, 0x3, 0x300) (async)
socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f00000000c0)={'geneve0\x00'})
socket$igmp(0x2, 0x3, 0x2) (async)
r6 = socket$nl_crypto(0x10, 0x3, 0x15)
sendmsg$nl_crypto(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000600)=ANY=[@ANYBLOB="18010000120001002ebd7000fedbdf256563622d6369706865725f6e756c6c000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000004000000000000000000000800010000000000080001008f03000057fe0100420000002b000100e0850000080001003bc5730c08000100ff7f000008000100ffff0000"], 0x118}}, 0x4048850) (async)
ioctl$VIDIOC_G_SELECTION(r2, 0xc040565e, &(0x7f00000002c0)={0xb, 0x0, 0x0, {0x800000, 0x0, 0x8, 0x7}})
r7 = gettid() (async)
fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0) (async)
r8 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x1, 0x141000)
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(r8, 0xc1105511, &(0x7f0000000140)={0xa, 0x0, 0x1, 0x0, 'syz0\x00'}) (async)
madvise(&(0x7f0000cd0000/0x4000)=nil, 0xffffffffdf32ffff, 0x16) (async)
ioctl$CEC_ADAP_S_LOG_ADDRS(0xffffffffffffffff, 0xc05c6104, &(0x7f0000000200)={"6080d517", 0x3, 0x9, 0x1, 0x2, 0xfffffffc, "f9a927627a35987cb2070800", "ae6c49d8", "1c4391b3", "aa04df4e", ["e4e7d0b3748a08eb4117a58f", "a42a5eb8b97b66092e22038e", "00284dc8b857e17ccdef2efa", "d89c67314b6a13a76640b81a"]}) (async)
tkill(r7, 0xb) (async)
socket$netlink(0x10, 0x3, 0x400000000000004) (async)
r9 = syz_open_dev$vim2m(&(0x7f0000000400), 0x0, 0x2)
ioctl$vim2m_VIDIOC_CREATE_BUFS(r9, 0xc0f8565c, &(0x7f0000000440)={0x0, 0xe8d, 0x1, {0x1, @win={{0x0, 0xffffffff, 0x100000, 0x4}, 0x0, 0x195, 0x0, 0x0, 0x0, 0xfd}}}) (async)
open_tree(0xffffffffffffffff, 0x0, 0x9300)

1.932198258s ago: executing program 2 (id=3999):
r0 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="1c0000005e0021768238324ee0d5b18eabeda10c06e6143315"], 0x1c}}, 0x0)
recvmmsg(r0, &(0x7f0000002640)=[{{0x0, 0xd94, 0x0}, 0x29b7}, {{0x0, 0x0, 0x0}, 0x181}], 0x2, 0x40012002, 0x0)

1.842028083s ago: executing program 1 (id=4000):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
openat$ttynull(0xffffff9c, 0x0, 0x20000, 0x0)
r2 = syz_io_uring_setup(0x239, &(0x7f0000000740)={0x0, 0x1c2a, 0x10100, 0x0, 0x0, 0x0, r1}, &(0x7f0000000180)=<r3=>0x0, &(0x7f00000001c0)=<r4=>0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1})
io_uring_enter(r2, 0x2ded, 0x4000, 0x0, 0x0, 0x0)
pipe(&(0x7f0000000080)={<r5=>0xffffffffffffffff})
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="9feb010018"], 0x0, 0x5a, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20)
socket(0x1, 0x803, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {}, [@IFA_LOCAL={0x14, 0x2, @ipv4}, @IFA_FLAGS={0x8, 0x8, 0x781}]}, 0x34}}, 0x0)
r6 = syz_io_uring_setup(0x7ee9, &(0x7f00000001c0)={0x0, 0xeaba, 0x0, 0x1, 0x80}, &(0x7f00000003c0), &(0x7f0000000580))
io_uring_register$IORING_REGISTER_PROBE(r6, 0x8, &(0x7f0000000280), 0x26)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x2, @val=@uprobe_multi={0x0, 0x0, 0x0, 0x6, 0x0, 0x1}}, 0x40)
r7 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r7, 0xaf01, 0x0)
r8 = eventfd(0xffffffff)
ioctl$VHOST_SET_LOG_FD(r7, 0x4004af07, &(0x7f0000000240)=r8)
ioctl$VHOST_SET_VRING_KICK(r7, 0x4008af20, &(0x7f0000000040)={0x1, r8})
ioctl$VHOST_SET_VRING_ADDR(r7, 0x4028af11, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r7, 0x4028af11, 0x0)
ioctl$VHOST_SET_MEM_TABLE(r7, 0x4008af03, &(0x7f0000000680))
ioctl$VHOST_VSOCK_SET_RUNNING(r7, 0x4004af61, &(0x7f0000000000)=0x1)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
r9 = socket$inet_udp(0x2, 0x2, 0x0)
close(r9)
socket$nl_route(0x10, 0x3, 0x0)
splice(r5, 0x0, r9, 0x0, 0x4ffe6, 0x0)
syz_open_dev$ttys(0xc, 0x2, 0x0)

1.241721898s ago: executing program 3 (id=4001):
mknodat$null(0xffffffffffffffff, 0x0, 0xc000, 0x103)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x60b03, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
r2 = userfaultfd(0x801)
r3 = socket(0x15, 0x80005, 0x0)
getsockopt(r3, 0x200000000114, 0xa, 0x0, &(0x7f0000000000))
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000140))
ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2})
mprotect(&(0x7f00003fd000/0xc00000)=nil, 0xc00000, 0x5)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2)

991.134881ms ago: executing program 3 (id=4002):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x881, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
r4 = dup(r3)
ioctl$KVM_SET_MSRS(r4, 0xc008ae88, &(0x7f00000000c0)=ANY=[@ANYBLOB="8200000000000000ff000040"])
syz_usb_connect(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="1a0100005c6b4408070a64006e40010203030902240001a82300000904000002ca744d00090503034d00ff99090805", @ANYRES32], &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]})
r5 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
write$char_usb(r5, &(0x7f0000000700)="8c0d1d2340809b8c61c25d67c8007ad9c53c62b06eae75f682ae95b594d9a1aba481b0aae95d36d7a69ba5e8422421be15a687045aae5485980cb5d7f871fe75b07e10d6cdec3752f7925cdc0651", 0x4e)
close_range(r0, 0xffffffffffffffff, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000580)=ANY=[@ANYBLOB="3c0000001000390427bd70000000000000000000", @ANYRES32=0x0, @ANYBLOB="3c45070000000000140012800900010076657468000000006800028008001300", @ANYRES32=r7], 0x3c}, 0x1, 0x0, 0x0, 0x240c4805}, 0xc080)
sched_setaffinity(r7, 0x8, &(0x7f0000000040)=0x6)

990.616367ms ago: executing program 1 (id=4003):
pselect6(0x0, 0x0, 0x0, &(0x7f00000000c0)={0x2, 0x9dc, 0x103, 0x92c, 0xf046, 0x7fff, 0x80000001, 0x1000000000007f}, 0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001c40)={0x8, 0x3, &(0x7f0000001300)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000001200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
r2 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0)
r3 = fsmount(r2, 0x0, 0x0)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000380)={r1, r3, 0x1, 0x0, @void}, 0x10)
getpeername$packet(r3, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @multicast}, &(0x7f0000000100)=0x14)
r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_NMI(r5, 0xae9a)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e642c6163638173733d616e792c63616368653d667363616368652c76657273696f6e3d3970323030302e75"])
chdir(&(0x7f0000000300)='./file0\x00')
r6 = openat(0xffffffffffffff9c, &(0x7f0000000440)='./file1\x00', 0x103a42, 0x32)
read$FUSE(r6, 0x0, 0x0)
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x100000000, 0x0, 0x81, 0x100000, 0x0, 0x2004c8, 0x8000000, 0x0, 0x1, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x2], 0x0, 0x200})
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
clock_settime(0x5, &(0x7f0000000000))

1.387304ms ago: executing program 2 (id=4004):
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x60, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000b40)={0x11, 0x8, &(0x7f0000005c00)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546000677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289d01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5467a932b77674e802a0d42bc6099ad238af770b5ed8925161729298700000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3ac3209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b135ab6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809b5b9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed3957f813567f7a95435ac15fc0288d9b2a169cdcacc413b48dafb7a2c8cb482bac0ac559eaf39027ceb379a902d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385beef3282830689da6b53b263339863297771429d120000003341bf4abacac94500fca0493cf29b33dcc9ffffffffffffffd39f6ce0c6ff01589646efd1cf870cd7bb2366fdf870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1293b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd000c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c7df8be5877050c91301fb997316dbf17866fb84d4173731efe895ff2e1c55ef08235a0126e01254c44060926e90109b598502d3e959efc71f665c4d75cf2458e3542c9062ece84c99a861887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc74aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7ad333545794f37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f4df90400000000000000d6b2c5ea139376f24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8e3070000001e48418046c216c1f895778cb25122a2a998de0842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec84ac3571f02f647b3385b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba2f58ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df986741517abf11389b751f4e109b60000000000000000d6d5210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750890ae71555b3228b1bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e7a45319f18101288d139bd3da230ed05a8fe64680b0a3f9f2dd704e4214de5946912d6c98cd1a9fbe1e7d58c08acaf30235b9100000000a55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854356cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c776f4b4ce07e1c6fa66fcfc7a228805f76785efc0ceb1c8e5729c66418d169fc03aa18854693ad2a182068e1e3a0e2505bc7f41019645466ac96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a428f1da1f68df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7e478950aa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab848753203b458b97ec1afb079b4b4ba686fcdf240430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7db3c4be290159f6bcd75f0dda9de5532e71ae9e48b0ed1254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6c30ebc660309e1e245b0fdf9743af932cd6db49a47613808bad959719c0000000000378ac2e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6ca0400966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e3030108000000000000c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bffef97dcecc467ace456597685c5870d25f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4cba6e6390a9f302c6eb2df7766411bef0ebb5000000000006065d6735eb7a00e127c0000000000000000000000bfb0bba79344643b1d8daa9f38e4b62c1e2af68c6f5054b078acd74b4a9c944e4505da485a3a4154387a0a88372091cd397b09c5888a06431df3f68abf0b366c4d5f8bea7b29c257ed756dff7a21c6b661cbdd43de65afd7f661d5c84f915c90e3d6ea012b68b787eb01d8320000000000000060176dacba0ec503a37fae6b472ec369c79ee6a420c0fd8d8d82fe136d5af6c30bfeb0a7275babfdb96a127aa9386e0671c6454245a18c1c8c49552cff5d27b547cdc34c0858c77a47a9ff86ee9fbd9ceda428716a4218821176d8067997527230fa67d26950d3e4f2750fa7c872874ad3a2d11f9f6eb08e6d7b6fa257b04d8ce36360f524e3dfd2211641f3d2637d86b80681eca50ce0eecafdd22d41fa515c15591e70ded4b70efac3cb42fb352d82e8f7573e8ed8248da356fa91a252976d3a4d8c1843a8d5bb7f5f1028453a0562a3ea93117076dd4940b7df50d78289fe66197525f6095f8662d232970bef61b03fa83027963a1a2e07cfee30c0d0b4c5877f93b3637ca21eab5afcf5d4638dfe8f9202aaad51c979049dd76d65368cbd4187d9f74257c7c4a23ac4a34eec5aa17e78c5167216f5e72138d20f8325dd5f8f96c32189c904eaef580987f1ce601a7cdc35461db9981ac42f9e24b0699bbe4e3d986e38952b0b7938eefd9e7a292bbb66367ad77045fdc18855c81c031dedd185c723238373fc698d676791d04f1ff5f0825a6619e844882f31ed190233d58ecee949e310bf2b1a51b8a33ae65a06d2b6ad386bf8dc49dd328bcd75d1843a13d68560175a18af7efc3c0f20e32f84f6aaaf000000000000000000000013a6c66bce74a8fb9092023df695da2714a7933d699d42de2bc4a85e0a0e22228290a7a7553ab93a16e42453ed86869a02df2f47d4088fac1772d3cd955c81cbf91c2ca7942942f61723b558079b82547844f92df2499c4b2c2ef2539e5daa8d8727baaa6b5755e6f83bbfca00000000000000000000007925d0f1256330b9e2aa9a18cea8e009116f63c6c7d8f7f95bf0f6731e5eb1dcdc534f357b9f08e7a9a3aebeca145d695053b5bef004ca24e6c57ed10f01488d38b8b0b68d93e3cf630837915d518fde2115e66615786fe7b9216de958119cf762cac77ac829a02f48e72c0d2841880b2c"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000)={0x0, 0x2000000}, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
syz_open_dev$radio(&(0x7f0000000100), 0x3, 0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r2 = dup(r1)
write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd74)
r3 = syz_io_uring_setup(0x917, &(0x7f0000000300)={0x0, 0x400, 0x1, 0x1000001, 0xf7fffffc, 0x0, r2}, &(0x7f0000000180)=<r4=>0x0, &(0x7f0000000200)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffbfd, 0x0, 0x4)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_tracing={0x1a, 0x2, &(0x7f0000000980)=ANY=[@ANYRES64=r5, @ANYRES32=r2, @ANYBLOB="03000000eeffffff"], &(0x7f0000000500)='syzkaller\x00', 0x40a, 0x1000, &(0x7f0000001000)=""/4096, 0x41100, 0x1a, '\x00', 0x0, 0x17, r2, 0x8, &(0x7f0000000540)={0x3, 0x1}, 0x8, 0x10, &(0x7f0000000a40)={0x3, 0xf, 0x80000000, 0x8}, 0x10, 0x151f5, 0xffffffffffffffff, 0x7, &(0x7f0000000d00)=[r2, r2, r2, r2, r2, r2], &(0x7f0000000d40)=[{0x0, 0x3, 0xe, 0x5}, {0x4, 0x5, 0x10, 0xc}, {0x3, 0x2, 0x5, 0x6}, {0x0, 0x1, 0xc, 0x4}, {0x3, 0x4, 0x0, 0x4}, {0x5, 0x1, 0xb, 0x4}, {0x4, 0x3, 0x3, 0xc}], 0x10, 0xe, @void, @value}, 0x94)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1)
io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0)
r6 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0)
syz_io_uring_submit(r4, r5, &(0x7f00000000c0)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r2, 0x0, &(0x7f0000000a80)={&(0x7f0000000240)=@in6={0xa, 0x0, 0x0, @mcast1}, 0x80, &(0x7f00000009c0)=[{&(0x7f0000000380)=""/197, 0xc5}, {&(0x7f0000000c00)=""/245, 0xe7}, {&(0x7f0000000580)=""/162, 0xa2}, {&(0x7f00000001c0)=""/37, 0x38}, {&(0x7f0000000640)=""/120, 0x78}, {&(0x7f00000006c0)=""/228, 0xe8}, {&(0x7f00000007c0)=""/114, 0x72}, {&(0x7f00000002c0)=""/27, 0x1b}, {&(0x7f0000000840)=""/155, 0x9b}, {&(0x7f0000000900)=""/124, 0x85}], 0xa, &(0x7f0000000ac0)=""/16, 0x10}, 0x0, 0x140, 0x0, {0x1, r6}})
io_uring_enter(r3, 0x47f6, 0x0, 0x0, 0x0, 0x0)
r7 = io_uring_setup(0x549d, &(0x7f0000000000)={0x0, 0x72e3, 0x1, 0x2, 0xfb, 0x0, r3})
io_uring_register$IORING_REGISTER_IOWQ_MAX_WORKERS(r7, 0x13, &(0x7f0000000080)=[0x5, 0xa22], 0x2)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f00000004c0)='scmi_rx_done\x00', r0}, 0x18)
r8 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt_hci(r8, 0x400448cb, 0x0)
r9 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r10 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000049c0)={0x3, 0x2e, &(0x7f0000000e80)=ANY=[@ANYBLOB="180000000000008000000000f8ffffff18110000", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b70300000000ec2464f1027dd5ff00008500000083000000bf09000000000000550901000000000095000000000000008520000005000000183b000003000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000810000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000020000008500000082000000182b0000", @ANYRES32=r2, @ANYBLOB="00000000fcffffff1801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000002000000850000000600000006580600000800001800000099000000000000000300000018340000040000000000000000000000182a0000", @ANYRES32=r2, @ANYBLOB], &(0x7f0000000080)='GPL\x00', 0x2, 0x0, 0x0, 0x45057bf4ccb05c67, 0x24, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, @void, @value}, 0x94)
write$dsp(r10, &(0x7f00000001c0)="5cba91a4", 0xffffffd9)
ioctl$SNDCTL_DSP_SETFMT(r10, 0x40045010, &(0x7f0000000300)=0x3)
ioctl$SNDCTL_DSP_RESET(r10, 0x5000, 0x0)
bind$bt_hci(r9, &(0x7f0000000340)={0x1f, 0xffff, 0x3}, 0x6)
write(r9, &(0x7f0000000040)="05000000010000", 0x7)

511.464µs ago: executing program 2 (id=4005):
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x60, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000b40)={0x11, 0x8, &(0x7f0000005c00)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546000677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289d01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5467a932b77674e802a0d42bc6099ad238af770b5ed8925161729298700000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3ac3209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b135ab6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809b5b9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed3957f813567f7a95435ac15fc0288d9b2a169cdcacc413b48dafb7a2c8cb482bac0ac559eaf39027ceb379a902d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385beef3282830689da6b53b263339863297771429d120000003341bf4abacac94500fca0493cf29b33dcc9ffffffffffffffd39f6ce0c6ff01589646efd1cf870cd7bb2366fdf870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1293b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd000c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c7df8be5877050c91301fb997316dbf17866fb84d4173731efe895ff2e1c55ef08235a0126e01254c44060926e90109b598502d3e959efc71f665c4d75cf2458e3542c9062ece84c99a861887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc74aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7ad333545794f37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f4df90400000000000000d6b2c5ea139376f24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8e3070000001e48418046c216c1f895778cb25122a2a998de0842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec84ac3571f02f647b3385b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba2f58ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df986741517abf11389b751f4e109b60000000000000000d6d5210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750890ae71555b3228b1bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e7a45319f18101288d139bd3da230ed05a8fe64680b0a3f9f2dd704e4214de5946912d6c98cd1a9fbe1e7d58c08acaf30235b9100000000a55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854356cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c776f4b4ce07e1c6fa66fcfc7a228805f76785efc0ceb1c8e5729c66418d169fc03aa18854693ad2a182068e1e3a0e2505bc7f41019645466ac96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a428f1da1f68df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7e478950aa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab848753203b458b97ec1afb079b4b4ba686fcdf240430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7db3c4be290159f6bcd75f0dda9de5532e71ae9e48b0ed1254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6c30ebc660309e1e245b0fdf9743af932cd6db49a47613808bad959719c0000000000378ac2e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6ca0400966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e3030108000000000000c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bffef97dcecc467ace456597685c5870d25f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4cba6e6390a9f302c6eb2df7766411bef0ebb5000000000006065d6735eb7a00e127c0000000000000000000000bfb0bba79344643b1d8daa9f38e4b62c1e2af68c6f5054b078acd74b4a9c944e4505da485a3a4154387a0a88372091cd397b09c5888a06431df3f68abf0b366c4d5f8bea7b29c257ed756dff7a21c6b661cbdd43de65afd7f661d5c84f915c90e3d6ea012b68b787eb01d8320000000000000060176dacba0ec503a37fae6b472ec369c79ee6a420c0fd8d8d82fe136d5af6c30bfeb0a7275babfdb96a127aa9386e0671c6454245a18c1c8c49552cff5d27b547cdc34c0858c77a47a9ff86ee9fbd9ceda428716a4218821176d8067997527230fa67d26950d3e4f2750fa7c872874ad3a2d11f9f6eb08e6d7b6fa257b04d8ce36360f524e3dfd2211641f3d2637d86b80681eca50ce0eecafdd22d41fa515c15591e70ded4b70efac3cb42fb352d82e8f7573e8ed8248da356fa91a252976d3a4d8c1843a8d5bb7f5f1028453a0562a3ea93117076dd4940b7df50d78289fe66197525f6095f8662d232970bef61b03fa83027963a1a2e07cfee30c0d0b4c5877f93b3637ca21eab5afcf5d4638dfe8f9202aaad51c979049dd76d65368cbd4187d9f74257c7c4a23ac4a34eec5aa17e78c5167216f5e72138d20f8325dd5f8f96c32189c904eaef580987f1ce601a7cdc35461db9981ac42f9e24b0699bbe4e3d986e38952b0b7938eefd9e7a292bbb66367ad77045fdc18855c81c031dedd185c723238373fc698d676791d04f1ff5f0825a6619e844882f31ed190233d58ecee949e310bf2b1a51b8a33ae65a06d2b6ad386bf8dc49dd328bcd75d1843a13d68560175a18af7efc3c0f20e32f84f6aaaf000000000000000000000013a6c66bce74a8fb9092023df695da2714a7933d699d42de2bc4a85e0a0e22228290a7a7553ab93a16e42453ed86869a02df2f47d4088fac1772d3cd955c81cbf91c2ca7942942f61723b558079b82547844f92df2499c4b2c2ef2539e5daa8d8727baaa6b5755e6f83bbfca00000000000000000000007925d0f1256330b9e2aa9a18cea8e009116f63c6c7d8f7f95bf0f6731e5eb1dcdc534f357b9f08e7a9a3aebeca145d695053b5bef004ca24e6c57ed10f01488d38b8b0b68d93e3cf630837915d518fde2115e66615786fe7b9216de958119cf762cac77ac829a02f48e72c0d2841880b2c"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000)={0x0, 0x2000000}, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
syz_open_dev$radio(&(0x7f0000000100), 0x3, 0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r2 = dup(r1)
write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd74)
r3 = syz_io_uring_setup(0x917, &(0x7f0000000300)={0x0, 0x400, 0x1, 0x1000001, 0xf7fffffc, 0x0, r2}, &(0x7f0000000180)=<r4=>0x0, &(0x7f0000000200)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffbfd, 0x0, 0x4)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_tracing={0x1a, 0x2, &(0x7f0000000980)=ANY=[@ANYRES64=r5, @ANYRES32=r2, @ANYBLOB="03000000eeffffff"], &(0x7f0000000500)='syzkaller\x00', 0x40a, 0x1000, &(0x7f0000001000)=""/4096, 0x41100, 0x1a, '\x00', 0x0, 0x17, r2, 0x8, &(0x7f0000000540)={0x3, 0x1}, 0x8, 0x10, &(0x7f0000000a40)={0x3, 0xf, 0x80000000, 0x8}, 0x10, 0x151f5, 0xffffffffffffffff, 0x7, &(0x7f0000000d00)=[r2, r2, r2, r2, r2, r2], &(0x7f0000000d40)=[{0x0, 0x3, 0xe, 0x5}, {0x4, 0x5, 0x10, 0xc}, {0x3, 0x2, 0x5, 0x6}, {0x0, 0x1, 0xc, 0x4}, {0x3, 0x4, 0x0, 0x4}, {0x5, 0x1, 0xb, 0x4}, {0x4, 0x3, 0x3, 0xc}], 0x10, 0xe, @void, @value}, 0x94)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1)
io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0)
r6 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0)
syz_io_uring_submit(r4, r5, &(0x7f00000000c0)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r2, 0x0, &(0x7f0000000a80)={&(0x7f0000000240)=@in6={0xa, 0x0, 0x0, @mcast1}, 0x80, &(0x7f00000009c0)=[{&(0x7f0000000380)=""/197, 0xc5}, {&(0x7f0000000c00)=""/245, 0xe7}, {&(0x7f0000000580)=""/162, 0xa2}, {&(0x7f00000001c0)=""/37, 0x38}, {&(0x7f0000000640)=""/120, 0x78}, {&(0x7f00000006c0)=""/228, 0xe8}, {&(0x7f00000007c0)=""/114, 0x72}, {&(0x7f00000002c0)=""/27, 0x1b}, {&(0x7f0000000840)=""/155, 0x9b}, {&(0x7f0000000900)=""/124, 0x85}], 0xa, &(0x7f0000000ac0)=""/16, 0x10}, 0x0, 0x140, 0x0, {0x1, r6}})
io_uring_enter(r3, 0x47f6, 0x0, 0x0, 0x0, 0x0)
r7 = io_uring_setup(0x549d, &(0x7f0000000000)={0x0, 0x72e3, 0x1, 0x2, 0xfb, 0x0, r3})
io_uring_register$IORING_REGISTER_IOWQ_MAX_WORKERS(r7, 0x13, &(0x7f0000000080)=[0x5, 0xa22], 0x2)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f00000004c0)='scmi_rx_done\x00', r0}, 0x18)
r8 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt_hci(r8, 0x400448cb, 0x0)
r9 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r10 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000049c0)={0x3, 0x2e, &(0x7f0000000e80)=ANY=[@ANYBLOB="180000000000008000000000f8ffffff18110000", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b70300000000ec2464f1027dd5ff00008500000083000000bf09000000000000550901000000000095000000000000008520000005000000183b000003000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000810000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000020000008500000082000000182b0000", @ANYRES32=r2, @ANYBLOB="00000000fcffffff1801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000002000000850000000600000006580600000800001800000099000000000000000300000018340000040000000000000000000000182a0000", @ANYRES32=r2, @ANYBLOB], &(0x7f0000000080)='GPL\x00', 0x2, 0x0, 0x0, 0x45057bf4ccb05c67, 0x24, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, @void, @value}, 0x94)
write$dsp(r10, &(0x7f00000001c0)="5cba91a4", 0xffffffd9)
ioctl$SNDCTL_DSP_SETFMT(r10, 0x40045010, &(0x7f0000000300)=0x3)
ioctl$SNDCTL_DSP_RESET(r10, 0x5000, 0x0)
bind$bt_hci(r9, &(0x7f0000000340)={0x1f, 0xffff, 0x3}, 0x6)
write(r9, &(0x7f0000000040)="05000000010000", 0x7)

0s ago: executing program 1 (id=4006):
r0 = syz_open_procfs(0x0, &(0x7f0000000100)='mountstats\x00')
bpf$MAP_CREATE(0x0, &(0x7f0000000380)=@base={0x0, 0x0, 0xd, 0x1, 0x200, 0xffffffffffffffff, 0x8, '\x00', 0x0, r0, 0x0, 0x5, 0x1, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000240)=@framed={{0x18, 0x0, 0x0, 0x0, 0x3b}}, &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x1, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
sendto$inet6(0xffffffffffffffff, &(0x7f0000000500), 0x0, 0x48004, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = openat$procfs(0xffffffffffffff9c, &(0x7f00000004c0)='/proc/asound/seq/clients\x00', 0x0, 0x0)
r5 = openat$uinput(0xffffffffffffff9c, 0x0, 0x802, 0x0)
ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000700)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @dev={0xfe, 0x80, '\x00', 0x3b}, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x1ff, 0xa, 0xc, 0x980, 0xffff, 0x40000044})
ioctl$UI_DEV_SETUP(r5, 0x405c5503, &(0x7f0000000280)={{0x5}, 'syz1\x00', 0x10})
ioctl$UI_DEV_CREATE(r0, 0x5501)
syz_open_dev$evdev(&(0x7f0000000340), 0xaa54, 0x108001)
ioctl$UI_DEV_DESTROY(r5, 0x5502)
lseek(r4, 0x9, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$afs(0x0, &(0x7f0000002840)='./file0\x00', &(0x7f0000002880), 0x700, &(0x7f00000001c0)=ANY=[@ANYBLOB="64796e2c0069e37bf4b94eeacd224739b537"])
lchown(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
umount2(&(0x7f0000000040)='./file0\x00', 0xb)
bpf$MAP_CREATE(0x0, &(0x7f0000000440)=@base={0x1d, 0x4, 0x2, 0x0, 0x201, 0xffffffffffffffff, 0x8, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x2, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
syz_usb_connect$printer(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="0d01000009000008250592d20700006a3b010902241700fa0074980904e4ff11070103000905010200"], 0x0)

kernel console output (not intermixed with test programs):

  911.453654][T20293] netlink: zone id is out of range
[  911.455269][T20293] netlink: get zone limit has 8 unknown bytes
[  911.699131][T20300] netlink: set zone limit has 4 unknown bytes
[  911.765323][   T58] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[  911.813695][   T58] usb 5-1: Using ep0 maxpacket: 8
[  911.818699][   T58] usb 5-1: unable to read config index 0 descriptor/start: -61
[  911.821911][   T58] usb 5-1: can't read configurations, error -61
[  911.958587][   T58] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[  911.978836][   T58] usb 5-1: Using ep0 maxpacket: 8
[  911.983018][   T58] usb 5-1: unable to read config index 0 descriptor/start: -61
[  911.992594][   T58] usb 5-1: can't read configurations, error -61
[  911.998902][   T58] usb usb5-port1: unable to enumerate USB device
[  913.763220][T20320] sg_write: data in/out 41084/1 bytes for SCSI command 0x1c-- guessing data in;
[  913.763220][T20320]    program syz.0.3068 not setting count and/or reply_len properly
[  913.994993][T20326] input: syz1 as /devices/virtual/input/input398
[  914.301479][T20330] netlink: set zone limit has 4 unknown bytes
[  915.082446][T20342] netlink: set zone limit has 4 unknown bytes
[  915.965617][ T5955] usb 6-1: new high-speed USB device number 110 using dummy_hcd
[  916.125242][ T5955] usb 6-1: Using ep0 maxpacket: 8
[  916.130614][ T5955] usb 6-1: unable to read config index 0 descriptor/start: -61
[  916.133238][ T5955] usb 6-1: can't read configurations, error -61
[  916.265417][ T5955] usb 6-1: new high-speed USB device number 111 using dummy_hcd
[  916.425303][ T5955] usb 6-1: Using ep0 maxpacket: 8
[  916.430220][ T5955] usb 6-1: unable to read config index 0 descriptor/start: -61
[  916.432579][ T5955] usb 6-1: can't read configurations, error -61
[  916.441547][ T5955] usb usb6-port1: attempt power cycle
[  916.750246][T20372] kAFS: No cell specified
[  916.935421][T17195] usb 5-1: new high-speed USB device number 15 using dummy_hcd
[  916.975343][ T5955] usb 6-1: new high-speed USB device number 112 using dummy_hcd
[  917.006251][ T5955] usb 6-1: Using ep0 maxpacket: 8
[  917.009543][ T5955] usb 6-1: unable to read config index 0 descriptor/start: -61
[  917.011845][ T5955] usb 6-1: can't read configurations, error -61
[  917.085252][T17195] usb 5-1: Using ep0 maxpacket: 8
[  917.088990][T17195] usb 5-1: config index 0 descriptor too short (expected 5924, got 36)
[  917.092165][T17195] usb 5-1: config 250 has an invalid interface number: 228 but max is -1
[  917.095512][T17195] usb 5-1: config 250 has 1 interface, different from the descriptor's value: 0
[  917.099019][T17195] usb 5-1: config 250 has no interface number 0
[  917.101474][T17195] usb 5-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024
[  917.105913][T17195] usb 5-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024
[  917.109901][T17195] usb 5-1: config 250 interface 228 altsetting 255 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[  917.114957][T17195] usb 5-1: config 250 interface 228 has no altsetting 0
[  917.119852][T17195] usb 5-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07
[  917.123340][T17195] usb 5-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59
[  917.126791][T17195] usb 5-1: Product: syz
[  917.128505][T17195] usb 5-1: SerialNumber: syz
[  917.135283][ T5955] usb 6-1: new high-speed USB device number 113 using dummy_hcd
[  917.138360][T17195] hub 5-1:250.228: bad descriptor, ignoring hub
[  917.140878][T17195] hub 5-1:250.228: probe with driver hub failed with error -5
[  917.155863][ T5955] usb 6-1: Using ep0 maxpacket: 8
[  917.163756][ T5955] usb 6-1: unable to read config index 0 descriptor/start: -61
[  917.166403][ T5955] usb 6-1: can't read configurations, error -61
[  917.168562][ T5955] usb usb6-port1: unable to enumerate USB device
[  917.621580][T20376] sg_write: data in/out 41084/1 bytes for SCSI command 0x1c-- guessing data in;
[  917.621580][T20376]    program syz.2.3081 not setting count and/or reply_len properly
[  917.837952][T20378] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3081'.
[  917.847139][T20378] input: syz1 as /devices/virtual/input/input399
[  918.527186][T20381] netlink: set zone limit has 4 unknown bytes
[  919.145444][T19834] usb 5-1: USB disconnect, device number 15
[  919.687440][T20402] overlayfs: failed to resolve './file0': -2
[  919.815055][   T40] audit: type=1804 audit(1748060717.894:171): pid=20404 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.3087" name="/newroot/137/bus/bus" dev="tmpfs" ino=758 res=1 errno=0
[  920.663851][T20413] sg_write: data in/out 41084/1 bytes for SCSI command 0x1c-- guessing data in;
[  920.663851][T20413]    program syz.1.3090 not setting count and/or reply_len properly
[  921.615220][T20426] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3090'.
[  921.623714][T20426] input: syz1 as /devices/virtual/input/input400
[  922.744915][T20442] sg_write: data in/out 41084/1 bytes for SCSI command 0x1c-- guessing data in;
[  922.744915][T20442]    program syz.1.3095 not setting count and/or reply_len properly
[  923.013502][T20446] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3095'.
[  923.023515][T20446] input: syz1 as /devices/virtual/input/input401
[  923.163017][   T40] audit: type=1804 audit(1748060721.244:172): pid=20450 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.3096" name="/newroot/209/bus/bus" dev="overlay" ino=1175 res=1 errno=0
[  923.180140][   T40] audit: type=1804 audit(1748060721.264:173): pid=20450 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.3096" name="/newroot/209/bus/bus" dev="overlay" ino=1175 res=1 errno=0
[  923.724350][T20455] CIFS mount error: No usable UNC path provided in device string!
[  923.724350][T20455] 
[  923.728328][T20455] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  924.405336][T19829] usb 5-1: new high-speed USB device number 16 using dummy_hcd
[  924.525083][T20469] sg_write: data in/out 41084/1 bytes for SCSI command 0x1c-- guessing data in;
[  924.525083][T20469]    program syz.1.3103 not setting count and/or reply_len properly
[  924.629577][T19829] usb 5-1: Using ep0 maxpacket: 8
[  924.632816][T19829] usb 5-1: config index 0 descriptor too short (expected 5924, got 36)
[  924.641886][T19829] usb 5-1: config 250 has an invalid interface number: 228 but max is -1
[  924.644538][T19829] usb 5-1: config 250 has 1 interface, different from the descriptor's value: 0
[  924.647665][T19829] usb 5-1: config 250 has no interface number 0
[  924.649665][T19829] usb 5-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024
[  924.653230][T19829] usb 5-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024
[  924.656557][T19829] usb 5-1: config 250 interface 228 altsetting 255 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[  924.665294][T19829] usb 5-1: config 250 interface 228 has no altsetting 0
[  924.670008][T19829] usb 5-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07
[  924.672994][T19829] usb 5-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59
[  924.676128][T19829] usb 5-1: Product: syz
[  924.685317][T19829] usb 5-1: SerialNumber: syz
[  924.696577][T19829] hub 5-1:250.228: bad descriptor, ignoring hub
[  924.699170][T19829] hub 5-1:250.228: probe with driver hub failed with error -5
[  924.732358][T20474] CIFS mount error: No usable UNC path provided in device string!
[  924.732358][T20474] 
[  924.736203][T20474] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  924.972656][T20478] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3103'.
[  924.984530][T20478] input: syz1 as /devices/virtual/input/input402
[  926.298250][T20499] kAFS: No cell specified
[  926.822162][   T40] audit: type=1804 audit(1748060724.904:174): pid=20506 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.3112" name="/newroot/156/bus/bus" dev="overlay" ino=859 res=1 errno=0
[  926.834445][   T40] audit: type=1804 audit(1748060724.914:175): pid=20506 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.3112" name="/newroot/156/bus/bus" dev="overlay" ino=859 res=1 errno=0
[  927.035583][T19829] usb 5-1: USB disconnect, device number 16
[  927.806263][T20517] CIFS mount error: No usable UNC path provided in device string!
[  927.806263][T20517] 
[  927.810041][T20517] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  927.863965][T19829] usb 6-1: new high-speed USB device number 114 using dummy_hcd
[  928.015801][T19829] usb 6-1: Using ep0 maxpacket: 8
[  928.020249][T19829] usb 6-1: config index 0 descriptor too short (expected 5924, got 36)
[  928.023595][T19829] usb 6-1: config 250 has an invalid interface number: 228 but max is -1
[  928.027198][T19829] usb 6-1: config 250 has 1 interface, different from the descriptor's value: 0
[  928.030822][T19829] usb 6-1: config 250 has no interface number 0
[  928.033355][T19829] usb 6-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024
[  928.037148][T19829] usb 6-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024
[  928.040266][T19829] usb 6-1: config 250 interface 228 altsetting 255 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[  928.044283][T19829] usb 6-1: config 250 interface 228 has no altsetting 0
[  928.047941][T19829] usb 6-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07
[  928.050614][T19829] usb 6-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59
[  928.053117][T19829] usb 6-1: Product: syz
[  928.054433][T19829] usb 6-1: SerialNumber: syz
[  928.059613][T19829] hub 6-1:250.228: bad descriptor, ignoring hub
[  928.061744][T19829] hub 6-1:250.228: probe with driver hub failed with error -5
[  929.704537][T20541] sg_write: data in/out 41084/1 bytes for SCSI command 0x1c-- guessing data in;
[  929.704537][T20541]    program syz.3.3120 not setting count and/or reply_len properly
[  930.158824][T20546] netlink: 212404 bytes leftover after parsing attributes in process `syz.2.3121'.
[  930.161787][T20546] netlink: zone id is out of range
[  930.163401][T20546] netlink: zone id is out of range
[  930.165310][T20546] netlink: zone id is out of range
[  930.167619][T20546] netlink: get zone limit has 8 unknown bytes
[  930.208093][T20547] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3120'.
[  930.216943][T20547] input: syz1 as /devices/virtual/input/input403
[  930.571675][T19829] usb 6-1: USB disconnect, device number 114
[  930.998498][ T1417] ieee802154 phy0 wpan0: encryption failed: -22
[  931.000743][ T1417] ieee802154 phy1 wpan1: encryption failed: -22
[  932.580394][T20581] sg_write: data in/out 41084/1 bytes for SCSI command 0x1c-- guessing data in;
[  932.580394][T20581]    program syz.2.3132 not setting count and/or reply_len properly
[  933.124694][T20589] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3132'.
[  933.139726][T20589] input: syz1 as /devices/virtual/input/input404
[  933.239911][T20591] netlink: set zone limit has 4 unknown bytes
[  933.612427][T20601] CIFS mount error: No usable UNC path provided in device string!
[  933.612427][T20601] 
[  933.615717][T20601] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  934.385385][T20606] sg_write: data in/out 41084/1 bytes for SCSI command 0x1c-- guessing data in;
[  934.385385][T20606]    program syz.0.3138 not setting count and/or reply_len properly
[  934.946295][T20617] input: syz1 as /devices/virtual/input/input405
[  936.625535][ T5986] usb 6-1: new high-speed USB device number 115 using dummy_hcd
[  936.934609][T20646] netlink: 3 bytes leftover after parsing attributes in process `syz.2.3146'.
[  936.941424][T20646] batadv3: entered allmulticast mode
[  936.965364][ T5986] usb 6-1: Using ep0 maxpacket: 8
[  936.974572][ T5986] usb 6-1: config index 0 descriptor too short (expected 5924, got 36)
[  936.977726][ T5986] usb 6-1: config 250 has an invalid interface number: 228 but max is -1
[  936.980826][ T5986] usb 6-1: config 250 has 1 interface, different from the descriptor's value: 0
[  936.984220][ T5986] usb 6-1: config 250 has no interface number 0
[  936.987333][ T5986] usb 6-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024
[  936.992148][ T5986] usb 6-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024
[  937.001555][ T5986] usb 6-1: config 250 interface 228 altsetting 255 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[  937.008824][T20648] input: syz1 as /devices/virtual/input/input406
[  937.020545][ T5986] usb 6-1: config 250 interface 228 has no altsetting 0
[  937.038230][ T5986] usb 6-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07
[  937.042327][ T5986] usb 6-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59
[  937.113045][ T5986] usb 6-1: Product: syz
[  937.120001][ T5986] usb 6-1: SerialNumber: syz
[  937.142532][ T5986] hub 6-1:250.228: bad descriptor, ignoring hub
[  937.144937][ T5986] hub 6-1:250.228: probe with driver hub failed with error -5
[  939.245464][   T10] usb 6-1: USB disconnect, device number 115
[  940.342202][T20687] netlink: 3 bytes leftover after parsing attributes in process `syz.0.3157'.
[  940.372195][T20687] batadv3: entered allmulticast mode
[  940.496228][T20689] input: syz1 as /devices/virtual/input/input407
[  940.779943][   T40] audit: type=1804 audit(1748060738.864:176): pid=20693 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.3158" name="/newroot/170/bus/bus" dev="overlay" ino=940 res=1 errno=0
[  940.787261][   T40] audit: type=1804 audit(1748060738.874:177): pid=20693 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.3158" name="/newroot/170/bus/bus" dev="overlay" ino=940 res=1 errno=0
[  941.331956][T20699] netlink: set zone limit has 4 unknown bytes
[  942.257789][T20714] netlink: 161716 bytes leftover after parsing attributes in process `syz.1.3164'.
[  942.261734][T20714] netlink: zone id is out of range
[  942.263844][T20714] netlink: zone id is out of range
[  942.266452][T20714] netlink: zone id is out of range
[  942.268584][T20714] netlink: get zone limit has 8 unknown bytes
[  942.312321][T20716] sg_write: data in/out 41084/1 bytes for SCSI command 0x1c-- guessing data in;
[  942.312321][T20716]    program syz.1.3165 not setting count and/or reply_len properly
[  942.672755][T20722] input: syz1 as /devices/virtual/input/input408
[  942.679914][T20721] sg_write: data in/out 41084/1 bytes for SCSI command 0x1c-- guessing data in;
[  942.679914][T20721]    program syz.2.3167 not setting count and/or reply_len properly
[  942.896353][T20726] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3167'.
[  942.907846][T20726] input: syz1 as /devices/virtual/input/input409
[  943.974358][T20740] netlink: 3 bytes leftover after parsing attributes in process `syz.2.3170'.
[  944.000315][T20740] batadv3: entered allmulticast mode
[  944.070179][T20741] input: syz1 as /devices/virtual/input/input410
[  944.083596][T19767] udevd[19767]: setting mode of /dev/input/event3 to 020660 failed: No such file or directory
[  944.088029][T19767] udevd[19767]: setting owner of /dev/input/event3 to uid=0, gid=104 failed: No such file or directory
[  944.667215][T20747] netlink: set zone limit has 4 unknown bytes
[  946.355494][    C0] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[  946.391893][T20776] netlink: 272 bytes leftover after parsing attributes in process `syz.2.3177'.
[  946.642635][T20779] sg_write: data in/out 41084/1 bytes for SCSI command 0x1c-- guessing data in;
[  946.642635][T20779]    program syz.3.3179 not setting count and/or reply_len properly
[  946.686438][T20781] sg_write: data in/out 41084/1 bytes for SCSI command 0x1c-- guessing data in;
[  946.686438][T20781]    program syz.1.3178 not setting count and/or reply_len properly
[  947.082136][T20785] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3179'.
[  947.095913][T20785] input: syz1 as /devices/virtual/input/input411
[  947.201990][T20791] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3178'.
[  947.206150][T20791] input: syz1 as /devices/virtual/input/input412
[  947.490808][T20793] netlink: 3 bytes leftover after parsing attributes in process `syz.2.3181'.
[  947.501046][T20793] batadv3: entered allmulticast mode
[  947.555492][T20794] input: syz1 as /devices/virtual/input/input413
[  947.864254][T20798] netlink: set zone limit has 4 unknown bytes
[  948.385318][T14592] usb 5-1: new high-speed USB device number 17 using dummy_hcd
[  948.535255][T14592] usb 5-1: Using ep0 maxpacket: 8
[  948.539247][T14592] usb 5-1: unable to read config index 0 descriptor/start: -61
[  948.541344][T20809] netlink: 3 bytes leftover after parsing attributes in process `syz.1.3193'.
[  948.541834][T14592] usb 5-1: can't read configurations, error -61
[  948.560782][T20809] batadv7: entered allmulticast mode
[  948.618178][T20810] input: syz1 as /devices/virtual/input/input414
[  948.695385][T14592] usb 5-1: new high-speed USB device number 18 using dummy_hcd
[  948.877090][T14592] usb 5-1: Using ep0 maxpacket: 8
[  948.882364][T14592] usb 5-1: unable to read config index 0 descriptor/start: -61
[  948.884869][T14592] usb 5-1: can't read configurations, error -61
[  948.895898][T14592] usb usb5-port1: attempt power cycle
[  949.220147][T20818] siw: device registration error -23
[  949.235387][T14592] usb 5-1: new high-speed USB device number 19 using dummy_hcd
[  949.255754][T14592] usb 5-1: Using ep0 maxpacket: 8
[  949.258891][T14592] usb 5-1: unable to read config index 0 descriptor/start: -61
[  949.261311][T14592] usb 5-1: can't read configurations, error -61
[  949.385354][T14592] usb 5-1: new high-speed USB device number 20 using dummy_hcd
[  949.416561][T14592] usb 5-1: Using ep0 maxpacket: 8
[  949.423258][T14592] usb 5-1: unable to read config index 0 descriptor/start: -61
[  949.426122][T14592] usb 5-1: can't read configurations, error -61
[  949.428709][T14592] usb usb5-port1: unable to enumerate USB device
[  950.876642][T20839] netlink: set zone limit has 4 unknown bytes
[  952.064428][T20863] netlink: 3 bytes leftover after parsing attributes in process `syz.0.3197'.
[  952.164499][T20863] batadv3: entered allmulticast mode
[  952.184271][T20866] input: syz1 as /devices/virtual/input/input415
[  952.345453][T20869] CIFS mount error: No usable UNC path provided in device string!
[  952.345453][T20869] 
[  952.348585][T20869] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  952.805870][T20876] CIFS mount error: No usable UNC path provided in device string!
[  952.805870][T20876] 
[  952.809208][T20876] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  953.272641][   T40] audit: type=1804 audit(1748060751.354:178): pid=20884 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.3202" name="/newroot/182/bus/bus" dev="tmpfs" ino=1006 res=1 errno=0
[  954.079414][T20900] netlink: set zone limit has 4 unknown bytes
[  955.025518][T20919] CIFS mount error: No usable UNC path provided in device string!
[  955.025518][T20919] 
[  955.029207][T20919] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  955.063345][T20920] netlink: 3 bytes leftover after parsing attributes in process `syz.0.3210'.
[  955.069877][T20920] batadv3: entered allmulticast mode
[  955.117449][T20922] input: syz1 as /devices/virtual/input/input416
[  955.973091][T20928] sg_write: data in/out 41084/1 bytes for SCSI command 0x1c-- guessing data in;
[  955.973091][T20928]    program syz.2.3213 not setting count and/or reply_len properly
[  956.228495][T20938] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3213'.
[  956.231522][T20938] netlink: 3 bytes leftover after parsing attributes in process `syz.2.3213'.
[  956.316629][T20941] input: syz1 as /devices/virtual/input/input417
[  956.356867][   T40] audit: type=1804 audit(1748060754.384:179): pid=20936 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.3215" name="/newroot/237/bus/bus" dev="tmpfs" ino=1321 res=1 errno=0
[  957.096174][T20956] netlink: set zone limit has 4 unknown bytes
[  957.227684][   T40] audit: type=1804 audit(1748060755.314:180): pid=20957 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.3217" name="/newroot/238/bus/bus" dev="overlay" ino=1336 res=1 errno=0
[  957.503856][   T40] audit: type=1804 audit(1748060755.584:181): pid=20957 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.3217" name="/newroot/238/bus/bus" dev="overlay" ino=1336 res=1 errno=0
[  957.994185][T20971] netlink: 212408 bytes leftover after parsing attributes in process `syz.3.3222'.
[  958.003504][T20971] netlink: zone id is out of range
[  958.005498][T20971] netlink: zone id is out of range
[  958.007118][T20971] netlink: zone id is out of range
[  958.008764][T20971] netlink: zone id is out of range
[  958.010353][T20971] netlink: get zone limit has 8 unknown bytes
[  958.042948][T20975] sg_write: data in/out 41084/1 bytes for SCSI command 0x1c-- guessing data in;
[  958.042948][T20975]    program syz.3.3224 not setting count and/or reply_len properly
[  958.343527][T20982] input: syz1 as /devices/virtual/input/input418
[  958.759237][T20985] sg_write: data in/out 41084/1 bytes for SCSI command 0x1c-- guessing data in;
[  958.759237][T20985]    program syz.1.3225 not setting count and/or reply_len properly
[  959.105072][T20995] input: syz1 as /devices/virtual/input/input419
[  959.301492][   T40] audit: type=1804 audit(1748060757.224:182): pid=20992 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.3226" name="/newroot/240/bus/bus" dev="tmpfs" ino=1351 res=1 errno=0
[  960.542201][T21025] CIFS mount error: No usable UNC path provided in device string!
[  960.542201][T21025] 
[  960.545626][T21025] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  961.014292][T21032] netlink: 212408 bytes leftover after parsing attributes in process `syz.2.3235'.
[  961.020276][T21032] netlink: zone id is out of range
[  961.021899][T21032] netlink: zone id is out of range
[  961.023557][T21032] netlink: zone id is out of range
[  961.025337][T21032] netlink: zone id is out of range
[  961.026957][T21032] netlink: get zone limit has 8 unknown bytes
[  961.374728][T21044] sg_write: data in/out 41084/1 bytes for SCSI command 0x1c-- guessing data in;
[  961.374728][T21044]    program syz.1.3239 not setting count and/or reply_len properly
[  961.416534][   T40] audit: type=1804 audit(1748060759.504:183): pid=21039 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.3237" name="/newroot/170/bus/bus" dev="tmpfs" ino=931 res=1 errno=0
[  961.686477][T21047] input: syz1 as /devices/virtual/input/input420
[  962.659251][T21068] netlink: 3 bytes leftover after parsing attributes in process `syz.1.3242'.
[  962.677554][T21068] batadv7: entered allmulticast mode
[  962.763429][T21069] input: syz1 as /devices/virtual/input/input421
[  963.645400][T21086] CIFS mount error: No usable UNC path provided in device string!
[  963.645400][T21086] 
[  963.648528][T21086] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  964.398422][T21102] overlayfs: missing 'lowerdir'
[  964.427693][   T40] audit: type=1804 audit(1748060762.504:184): pid=21102 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.3250" name="/newroot/173/bus/bus" dev="tmpfs" ino=951 res=1 errno=0
[  965.185669][T21115] sg_write: data in/out 41084/1 bytes for SCSI command 0x1c-- guessing data in;
[  965.185669][T21115]    program syz.3.3254 not setting count and/or reply_len properly
[  966.009090][T21125] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3254'.
[  966.024723][T21125] netlink: 3 bytes leftover after parsing attributes in process `syz.3.3254'.
[  966.051240][T21125] batadv4: entered allmulticast mode
[  967.205489][T21155] overlayfs: missing 'lowerdir'
[  967.406637][   T40] audit: type=1804 audit(1748060765.494:185): pid=21155 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.3262" name="/newroot/198/bus/bus" dev="tmpfs" ino=1092 res=1 errno=0
[  968.412307][T21171] netlink: 3 bytes leftover after parsing attributes in process `syz.2.3265'.
[  968.422731][T21171] batadv3: entered allmulticast mode
[  968.472205][T21175] input: syz1 as /devices/virtual/input/input424
[  968.963897][T21183] netlink: 272 bytes leftover after parsing attributes in process `syz.0.3268'.
[  969.919824][T21214] overlayfs: missing 'lowerdir'
[  970.035219][   T40] audit: type=1804 audit(1748060768.084:186): pid=21215 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.3273" name="/newroot/240/bus/bus" dev="tmpfs" ino=1332 res=1 errno=0
[  971.247002][T21239] netlink: 3 bytes leftover after parsing attributes in process `syz.2.3278'.
[  971.257041][T21239] batadv3: entered allmulticast mode
[  971.301297][T21240] input: syz1 as /devices/virtual/input/input425
[  971.450628][T21242] netlink: 212408 bytes leftover after parsing attributes in process `syz.0.3280'.
[  971.454619][T21242] netlink: zone id is out of range
[  971.456658][T21242] netlink: zone id is out of range
[  971.458664][T21242] netlink: zone id is out of range
[  971.460899][T21242] netlink: zone id is out of range
[  971.462563][T21242] netlink: get zone limit has 8 unknown bytes
[  972.048840][T21260] overlayfs: missing 'lowerdir'
[  972.056549][T21261] netlink: 3 bytes leftover after parsing attributes in process `syz.1.3283'.
[  972.063670][T21261] batadv7: entered allmulticast mode
[  972.075290][T16197] usb 7-1: new high-speed USB device number 5 using dummy_hcd
[  972.126506][T21262] input: syz1 as /devices/virtual/input/input426
[  972.225335][T16197] usb 7-1: Using ep0 maxpacket: 8
[  972.229206][T16197] usb 7-1: unable to read config index 0 descriptor/start: -61
[  972.232103][T16197] usb 7-1: can't read configurations, error -61
[  972.233087][   T40] audit: type=1804 audit(1748060770.214:187): pid=21260 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.3285" name="/newroot/181/bus/bus" dev="tmpfs" ino=996 res=1 errno=0
[  972.375264][T16197] usb 7-1: new high-speed USB device number 6 using dummy_hcd
[  972.525267][T16197] usb 7-1: Using ep0 maxpacket: 8
[  972.528752][T16197] usb 7-1: unable to read config index 0 descriptor/start: -61
[  972.531202][T16197] usb 7-1: can't read configurations, error -61
[  972.533308][T16197] usb usb7-port1: attempt power cycle
[  972.905294][T16197] usb 7-1: new high-speed USB device number 7 using dummy_hcd
[  972.937376][T16197] usb 7-1: Using ep0 maxpacket: 8
[  972.940800][T16197] usb 7-1: unable to read config index 0 descriptor/start: -61
[  972.943215][T16197] usb 7-1: can't read configurations, error -61
[  973.075483][T16197] usb 7-1: new high-speed USB device number 8 using dummy_hcd
[  973.106116][T16197] usb 7-1: Using ep0 maxpacket: 8
[  973.110576][T16197] usb 7-1: unable to read config index 0 descriptor/start: -61
[  973.113103][T16197] usb 7-1: can't read configurations, error -61
[  973.119305][T16197] usb usb7-port1: unable to enumerate USB device
[  973.677810][T21280] netlink: 212408 bytes leftover after parsing attributes in process `syz.1.3289'.
[  973.681773][T21280] netlink: zone id is out of range
[  973.683843][T21280] netlink: zone id is out of range
[  973.686531][T21280] netlink: zone id is out of range
[  973.688698][T21280] netlink: zone id is out of range
[  973.690899][T21280] netlink: get zone limit has 8 unknown bytes
[  975.249869][T21313] overlayfs: missing 'lowerdir'
[  975.286211][   T40] audit: type=1804 audit(1748060773.374:188): pid=21313 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.3296" name="/newroot/247/bus/bus" dev="tmpfs" ino=1372 res=1 errno=0
[  976.405082][   T40] audit: type=1804 audit(1748060774.484:189): pid=21334 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.3300" name="/newroot/206/bus/bus" dev="overlay" ino=1142 res=1 errno=0
[  976.430388][   T40] audit: type=1804 audit(1748060774.514:190): pid=21334 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.3300" name="/newroot/206/bus/bus" dev="overlay" ino=1142 res=1 errno=0
[  976.695807][T21339] net_ratelimit: 3 callbacks suppressed
[  976.695826][T21339] netlink: set zone limit has 4 unknown bytes
[  977.613335][T21353] netlink: set zone limit has 4 unknown bytes
[  978.492481][T21370] sg_write: data in/out 41084/1 bytes for SCSI command 0x1c-- guessing data in;
[  978.492481][T21370]    program syz.2.3310 not setting count and/or reply_len properly
[  978.758660][T21379] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3310'.
[  978.768431][T21379] input: syz1 as /devices/virtual/input/input427
[  979.423440][T21386] netlink: set zone limit has 4 unknown bytes
[  980.313969][T21400] netlink: 161716 bytes leftover after parsing attributes in process `syz.1.3316'.
[  980.318017][T21400] netlink: zone id is out of range
[  980.319953][T21400] netlink: zone id is out of range
[  980.321840][T21400] netlink: zone id is out of range
[  980.323914][T21400] netlink: get zone limit has 8 unknown bytes
[  980.666773][T21412] netlink: set zone limit has 4 unknown bytes
[  980.830808][T21419] netlink: 3 bytes leftover after parsing attributes in process `syz.3.3318'.
[  980.869973][T21419] batadv5: entered allmulticast mode
[  981.083405][T21422] input: syz1 as /devices/virtual/input/input428
[  981.648080][T21428] netlink: set zone limit has 4 unknown bytes
[  982.368087][T21440] netlink: set zone limit has 4 unknown bytes
[  983.261962][T21456] sg_write: data in/out 41084/1 bytes for SCSI command 0x1c-- guessing data in;
[  983.261962][T21456]    program syz.0.3329 not setting count and/or reply_len properly
[  983.533455][T21461] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3329'.
[  983.544067][T21461] input: syz1 as /devices/virtual/input/input429
[  983.900698][T21470] overlayfs: failed to resolve './file0': -2
[  983.979537][   T40] audit: type=1804 audit(1748060782.054:191): pid=21470 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.3331" name="/newroot/190/bus/bus" dev="tmpfs" ino=1046 res=1 errno=0
[  984.793230][T21487] netlink: 3 bytes leftover after parsing attributes in process `syz.2.3334'.
[  984.892205][T21491] overlayfs: failed to resolve './file1': -2
[  984.973732][   T40] audit: type=1804 audit(1748060783.054:192): pid=21491 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.3336" name="/newroot/191/bus/bus" dev="tmpfs" ino=1055 res=1 errno=0
[  984.982579][T21492] input: syz1 as /devices/virtual/input/input430
[  984.988695][T21487] batadv3: entered allmulticast mode
[  985.363952][T21486] netlink: 3 bytes leftover after parsing attributes in process `syz.1.3335'.
[  985.389059][T21486] batadv7: entered allmulticast mode
[  985.428676][T21496] input: syz1 as /devices/virtual/input/input431
[  986.592752][T21520] netlink: 272 bytes leftover after parsing attributes in process `syz.1.3340'.
[  986.810622][T21525] netlink: set zone limit has 4 unknown bytes
[  986.896521][T21527] netlink: set zone limit has 4 unknown bytes
[  987.995283][T21544] kAFS: No cell specified
[  988.231512][T21546] netlink: set zone limit has 4 unknown bytes
[  988.389834][T21552] overlayfs: failed to resolve './file0': -2
[  988.691292][ T5986] usb 7-1: new high-speed USB device number 9 using dummy_hcd
[  988.789253][   T40] audit: type=1804 audit(1748060786.874:193): pid=21552 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.3346" name="/newroot/272/bus/bus" dev="tmpfs" ino=1516 res=1 errno=0
[  988.865412][ T5986] usb 7-1: Using ep0 maxpacket: 8
[  988.871557][ T5986] usb 7-1: config index 0 descriptor too short (expected 5924, got 36)
[  988.875959][ T5986] usb 7-1: config 250 has an invalid interface number: 228 but max is -1
[  988.880990][ T5986] usb 7-1: config 250 has 1 interface, different from the descriptor's value: 0
[  988.885000][ T5986] usb 7-1: config 250 has no interface number 0
[  988.889772][ T5986] usb 7-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024
[  988.897446][ T5986] usb 7-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024
[  988.903686][ T5986] usb 7-1: config 250 interface 228 altsetting 255 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[  988.911395][ T5986] usb 7-1: config 250 interface 228 has no altsetting 0
[  988.922655][ T5986] usb 7-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07
[  988.926308][ T5986] usb 7-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59
[  988.929712][ T5986] usb 7-1: Product: syz
[  988.931413][ T5986] usb 7-1: SerialNumber: syz
[  988.940690][ T5986] hub 7-1:250.228: bad descriptor, ignoring hub
[  988.942838][ T5986] hub 7-1:250.228: probe with driver hub failed with error -5
[  990.020462][T21578] overlayfs: missing 'workdir'
[  990.055216][   T40] audit: type=1804 audit(1748060788.134:194): pid=21578 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.3353" name="/newroot/263/bus/bus" dev="tmpfs" ino=1457 res=1 errno=0
[  990.156428][T21580] netlink: set zone limit has 4 unknown bytes
[  990.555280][T21585] netlink: set zone limit has 4 unknown bytes
[  991.076620][ T5985] usb 7-1: USB disconnect, device number 9
[  991.910719][T21608] netlink: set zone limit has 4 unknown bytes
[  992.437478][    C2] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[  992.441294][ T1417] ieee802154 phy0 wpan0: encryption failed: -22
[  992.443889][ T1417] ieee802154 phy1 wpan1: encryption failed: -22
[  992.715269][T21626] CIFS mount error: No usable UNC path provided in device string!
[  992.715269][T21626] 
[  992.718502][T21626] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  992.937894][T21632] overlayfs: missing 'lowerdir'
[  992.970638][   T40] audit: type=1804 audit(1748060791.044:195): pid=21632 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.3365" name="/newroot/266/bus/bus" dev="tmpfs" ino=1477 res=1 errno=0
[  993.027202][T21634] netlink: set zone limit has 4 unknown bytes
[  995.311944][T21676] CIFS mount error: No usable UNC path provided in device string!
[  995.311944][T21676] 
[  995.315138][T21676] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  995.523734][T21684] overlayfs: missing 'lowerdir'
[  995.559312][   T40] audit: type=1804 audit(1748060793.644:196): pid=21684 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.3377" name="/newroot/224/bus/bus" dev="tmpfs" ino=1239 res=1 errno=0
[  996.406144][T21694] kAFS: No cell specified
[  996.745262][T19829] usb 5-1: new high-speed USB device number 21 using dummy_hcd
[  996.905249][T19829] usb 5-1: Using ep0 maxpacket: 8
[  996.909294][T19829] usb 5-1: config index 0 descriptor too short (expected 5924, got 36)
[  996.911803][T19829] usb 5-1: config 250 has an invalid interface number: 228 but max is -1
[  996.914339][T19829] usb 5-1: config 250 has 1 interface, different from the descriptor's value: 0
[  996.918444][T19829] usb 5-1: config 250 has no interface number 0
[  996.920406][T19829] usb 5-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024
[  996.923952][T19829] usb 5-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024
[  996.927692][T19829] usb 5-1: config 250 interface 228 altsetting 255 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[  996.931744][T19829] usb 5-1: config 250 interface 228 has no altsetting 0
[  996.935329][T19829] usb 5-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07
[  996.938035][T19829] usb 5-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59
[  996.940652][T19829] usb 5-1: Product: syz
[  996.941945][T19829] usb 5-1: SerialNumber: syz
[  996.947134][T19829] hub 5-1:250.228: bad descriptor, ignoring hub
[  996.949103][T19829] hub 5-1:250.228: probe with driver hub failed with error -5
[  998.828883][T21726] netlink: 3 bytes leftover after parsing attributes in process `syz.2.3384'.
[  998.840874][T21726] batadv3: entered allmulticast mode
[  998.891430][T21728] input: syz1 as /devices/virtual/input/input432
[  999.285755][ T5985] usb 5-1: USB disconnect, device number 21
[  999.295508][T21734] overlayfs: missing 'lowerdir'
[  999.340061][   T40] audit: type=1804 audit(1748060797.424:197): pid=21734 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.3387" name="/newroot/281/bus/bus" dev="tmpfs" ino=1568 res=1 errno=0
[ 1000.808120][T21763] CIFS mount error: No usable UNC path provided in device string!
[ 1000.808120][T21763] 
[ 1000.811386][T21763] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[ 1001.445761][T21770] kAFS: No cell specified
[ 1001.755644][T19829] usb 7-1: new high-speed USB device number 10 using dummy_hcd
[ 1001.915483][T19829] usb 7-1: Using ep0 maxpacket: 8
[ 1001.921190][T19829] usb 7-1: config index 0 descriptor too short (expected 5924, got 36)
[ 1001.923959][T19829] usb 7-1: config 250 has an invalid interface number: 228 but max is -1
[ 1001.926763][T19829] usb 7-1: config 250 has 1 interface, different from the descriptor's value: 0
[ 1001.929768][T19829] usb 7-1: config 250 has no interface number 0
[ 1001.931972][T19829] usb 7-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024
[ 1001.935934][T19829] usb 7-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024
[ 1001.939222][T19829] usb 7-1: config 250 interface 228 altsetting 255 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[ 1001.943459][T19829] usb 7-1: config 250 interface 228 has no altsetting 0
[ 1001.953985][T19829] usb 7-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07
[ 1001.965901][T19829] usb 7-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59
[ 1001.995124][T19829] usb 7-1: Product: syz
[ 1002.002811][T19829] usb 7-1: SerialNumber: syz
[ 1002.017345][T19829] hub 7-1:250.228: bad descriptor, ignoring hub
[ 1002.019343][T19829] hub 7-1:250.228: probe with driver hub failed with error -5
[ 1002.238585][T21782] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[ 1002.242499][T21782] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[ 1002.278145][   T40] audit: type=1804 audit(1748060800.364:198): pid=21782 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.3398" name="/newroot/204/bus/bus" dev="tmpfs" ino=1126 res=1 errno=0
[ 1004.445953][ T5985] usb 7-1: USB disconnect, device number 10
[ 1006.153128][T21854] kAFS: No cell specified
[ 1006.253770][T21860] CIFS mount error: No usable UNC path provided in device string!
[ 1006.253770][T21860] 
[ 1006.260698][T21860] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[ 1006.475278][ T5985] usb 5-1: new high-speed USB device number 22 using dummy_hcd
[ 1006.635433][ T5985] usb 5-1: Using ep0 maxpacket: 8
[ 1006.638401][ T5985] usb 5-1: config index 0 descriptor too short (expected 5924, got 36)
[ 1006.641034][ T5985] usb 5-1: config 250 has an invalid interface number: 228 but max is -1
[ 1006.643779][ T5985] usb 5-1: config 250 has 1 interface, different from the descriptor's value: 0
[ 1006.646858][ T5985] usb 5-1: config 250 has no interface number 0
[ 1006.648922][ T5985] usb 5-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024
[ 1006.652561][ T5985] usb 5-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024
[ 1006.656153][ T5985] usb 5-1: config 250 interface 228 altsetting 255 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[ 1006.660390][ T5985] usb 5-1: config 250 interface 228 has no altsetting 0
[ 1006.665518][ T5985] usb 5-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07
[ 1006.669697][ T5985] usb 5-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59
[ 1006.672338][ T5985] usb 5-1: Product: syz
[ 1006.673808][ T5985] usb 5-1: SerialNumber: syz
[ 1006.681903][ T5985] hub 5-1:250.228: bad descriptor, ignoring hub
[ 1006.684040][ T5985] hub 5-1:250.228: probe with driver hub failed with error -5
[ 1006.770578][T21870] netlink: 161716 bytes leftover after parsing attributes in process `syz.2.3417'.
[ 1008.105597][T19834] usb 7-1: new high-speed USB device number 11 using dummy_hcd
[ 1008.255235][T19834] usb 7-1: Using ep0 maxpacket: 8
[ 1008.260602][T19834] usb 7-1: config index 0 descriptor too short (expected 5924, got 36)
[ 1008.267481][T19834] usb 7-1: config 250 has an invalid interface number: 228 but max is -1
[ 1008.274435][T19834] usb 7-1: config 250 has 1 interface, different from the descriptor's value: 0
[ 1008.278418][T19834] usb 7-1: config 250 has no interface number 0
[ 1008.280504][T19834] usb 7-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024
[ 1008.284375][T19834] usb 7-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024
[ 1008.287953][T19834] usb 7-1: config 250 interface 228 altsetting 255 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[ 1008.292564][T19834] usb 7-1: config 250 interface 228 has no altsetting 0
[ 1008.296678][T19834] usb 7-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07
[ 1008.299584][T19834] usb 7-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59
[ 1008.302234][T19834] usb 7-1: Product: syz
[ 1008.303705][T19834] usb 7-1: SerialNumber: syz
[ 1008.311256][T19834] hub 7-1:250.228: bad descriptor, ignoring hub
[ 1008.315339][T19834] hub 7-1:250.228: probe with driver hub failed with error -5
[ 1009.077718][T19834] usb 5-1: USB disconnect, device number 22
[ 1009.614764][T21919] CIFS mount error: No usable UNC path provided in device string!
[ 1009.614764][T21919] 
[ 1009.618449][T21919] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[ 1009.735249][T21922] netlink: set zone limit has 4 unknown bytes
[ 1010.534567][T21932] netlink: 3 bytes leftover after parsing attributes in process `syz.3.3430'.
[ 1010.708009][T21932] batadv5: entered allmulticast mode
[ 1010.870383][T19834] usb 7-1: USB disconnect, device number 11
[ 1010.958945][T21928] input: syz1 as /devices/virtual/input/input433
[ 1013.605390][T19829] usb 7-1: new high-speed USB device number 12 using dummy_hcd
[ 1013.755268][T19829] usb 7-1: Using ep0 maxpacket: 8
[ 1013.762850][T19829] usb 7-1: config index 0 descriptor too short (expected 5924, got 36)
[ 1013.784324][T19829] usb 7-1: config 250 has an invalid interface number: 228 but max is -1
[ 1013.797283][T19829] usb 7-1: config 250 has 1 interface, different from the descriptor's value: 0
[ 1013.809658][T19829] usb 7-1: config 250 has no interface number 0
[ 1013.812233][T19829] usb 7-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024
[ 1013.816535][T19829] usb 7-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024
[ 1013.819883][T19829] usb 7-1: config 250 interface 228 altsetting 255 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[ 1013.824104][T19829] usb 7-1: config 250 interface 228 has no altsetting 0
[ 1013.829560][T19829] usb 7-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07
[ 1013.832581][T19829] usb 7-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59
[ 1013.835338][T19829] usb 7-1: Product: syz
[ 1013.836797][T19829] usb 7-1: SerialNumber: syz
[ 1013.848722][T19829] hub 7-1:250.228: bad descriptor, ignoring hub
[ 1013.850734][T19829] hub 7-1:250.228: probe with driver hub failed with error -5
[ 1014.937141][T22004] netlink: 3 bytes leftover after parsing attributes in process `syz.1.3445'.
[ 1014.949825][T22004] batadv7: entered allmulticast mode
[ 1014.999331][T22005] input: syz1 as /devices/virtual/input/input434
[ 1016.033263][T22021] netlink: set zone limit has 4 unknown bytes
[ 1016.186803][   T58] usb 7-1: USB disconnect, device number 12
[ 1017.431250][T22043] kAFS: No cell specified
[ 1017.675491][T14592] usb 6-1: new high-speed USB device number 116 using dummy_hcd
[ 1017.825385][T14592] usb 6-1: Using ep0 maxpacket: 8
[ 1017.828479][T14592] usb 6-1: config index 0 descriptor too short (expected 5924, got 36)
[ 1017.831099][T14592] usb 6-1: config 250 has an invalid interface number: 228 but max is -1
[ 1017.833771][T14592] usb 6-1: config 250 has 1 interface, different from the descriptor's value: 0
[ 1017.836793][T14592] usb 6-1: config 250 has no interface number 0
[ 1017.838786][T14592] usb 6-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024
[ 1017.842331][T14592] usb 6-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024
[ 1017.845692][T14592] usb 6-1: config 250 interface 228 altsetting 255 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[ 1017.849874][T14592] usb 6-1: config 250 interface 228 has no altsetting 0
[ 1017.853574][T14592] usb 6-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07
[ 1017.856442][T14592] usb 6-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59
[ 1017.858967][T14592] usb 6-1: Product: syz
[ 1017.860271][T14592] usb 6-1: SerialNumber: syz
[ 1017.866398][T14592] hub 6-1:250.228: bad descriptor, ignoring hub
[ 1017.868398][T14592] hub 6-1:250.228: probe with driver hub failed with error -5
[ 1018.585250][T19829] usb 5-1: new high-speed USB device number 23 using dummy_hcd
[ 1018.795265][T19829] usb 5-1: Using ep0 maxpacket: 8
[ 1018.798294][T19829] usb 5-1: config index 0 descriptor too short (expected 5924, got 36)
[ 1018.800940][T19829] usb 5-1: config 250 has an invalid interface number: 228 but max is -1
[ 1018.803721][T19829] usb 5-1: config 250 has 1 interface, different from the descriptor's value: 0
[ 1018.806990][T19829] usb 5-1: config 250 has no interface number 0
[ 1018.809064][T19829] usb 5-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024
[ 1018.812869][T19829] usb 5-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024
[ 1018.816848][T19829] usb 5-1: config 250 interface 228 altsetting 255 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[ 1018.821223][T19829] usb 5-1: config 250 interface 228 has no altsetting 0
[ 1018.826211][T19829] usb 5-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07
[ 1018.830161][T19829] usb 5-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59
[ 1018.833116][T19829] usb 5-1: Product: syz
[ 1018.834561][T19829] usb 5-1: SerialNumber: syz
[ 1018.840842][T19829] hub 5-1:250.228: bad descriptor, ignoring hub
[ 1018.843015][T19829] hub 5-1:250.228: probe with driver hub failed with error -5
[ 1019.515292][T22078] CIFS mount error: No usable UNC path provided in device string!
[ 1019.515292][T22078] 
[ 1019.518685][T22078] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[ 1020.175466][ T5986] usb 6-1: USB disconnect, device number 116
[ 1020.588369][ T5986] usb 6-1: new high-speed USB device number 117 using dummy_hcd
[ 1020.755241][ T5986] usb 6-1: Using ep0 maxpacket: 8
[ 1020.758399][ T5986] usb 6-1: config index 0 descriptor too short (expected 5924, got 36)
[ 1020.761159][ T5986] usb 6-1: config 250 has an invalid interface number: 228 but max is -1
[ 1020.763834][ T5986] usb 6-1: config 250 has 1 interface, different from the descriptor's value: 0
[ 1020.766792][ T5986] usb 6-1: config 250 has no interface number 0
[ 1020.768837][ T5986] usb 6-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024
[ 1020.772443][ T5986] usb 6-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024
[ 1020.775878][ T5986] usb 6-1: config 250 interface 228 altsetting 255 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[ 1020.780143][ T5986] usb 6-1: config 250 interface 228 has no altsetting 0
[ 1020.783637][ T5986] usb 6-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07
[ 1020.786683][ T5986] usb 6-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59
[ 1020.789282][ T5986] usb 6-1: Product: syz
[ 1020.790646][ T5986] usb 6-1: SerialNumber: syz
[ 1020.797247][ T5986] hub 6-1:250.228: bad descriptor, ignoring hub
[ 1020.799306][ T5986] hub 6-1:250.228: probe with driver hub failed with error -5
[ 1020.978919][T22095] netlink: set zone limit has 4 unknown bytes
[ 1021.257046][ T5986] usb 5-1: USB disconnect, device number 23
[ 1021.610482][T22109] CIFS mount error: No usable UNC path provided in device string!
[ 1021.610482][T22109] 
[ 1021.613788][T22109] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[ 1022.307283][T22118] netlink: 3 bytes leftover after parsing attributes in process `syz.3.3477'.
[ 1022.317332][T22118] batadv5: entered allmulticast mode
[ 1022.363404][T22119] input: syz1 as /devices/virtual/input/input435
[ 1023.235461][ T5986] usb 6-1: USB disconnect, device number 117
[ 1024.977979][T22166] netlink: 3 bytes leftover after parsing attributes in process `syz.2.3489'.
[ 1024.987815][T22166] batadv3: entered allmulticast mode
[ 1025.040040][T22169] input: syz1 as /devices/virtual/input/input436
[ 1025.291497][T22175] CIFS mount error: No usable UNC path provided in device string!
[ 1025.291497][T22175] 
[ 1025.295021][T22175] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[ 1026.185330][   T10] usb 7-1: new high-speed USB device number 13 using dummy_hcd
[ 1026.335252][   T10] usb 7-1: Using ep0 maxpacket: 8
[ 1026.339284][   T10] usb 7-1: unable to read config index 0 descriptor/start: -61
[ 1026.342635][   T10] usb 7-1: can't read configurations, error -61
[ 1026.478891][   T10] usb 7-1: new high-speed USB device number 14 using dummy_hcd
[ 1026.635386][   T10] usb 7-1: Using ep0 maxpacket: 8
[ 1026.638821][   T10] usb 7-1: unable to read config index 0 descriptor/start: -61
[ 1026.641279][   T10] usb 7-1: can't read configurations, error -61
[ 1026.643641][   T10] usb usb7-port1: attempt power cycle
[ 1026.985465][   T10] usb 7-1: new high-speed USB device number 15 using dummy_hcd
[ 1027.005908][   T10] usb 7-1: Using ep0 maxpacket: 8
[ 1027.009092][   T10] usb 7-1: unable to read config index 0 descriptor/start: -61
[ 1027.011453][   T10] usb 7-1: can't read configurations, error -61
[ 1027.309169][   T10] usb 7-1: new high-speed USB device number 16 using dummy_hcd
[ 1027.326867][   T10] usb 7-1: Using ep0 maxpacket: 8
[ 1027.331614][   T10] usb 7-1: unable to read config index 0 descriptor/start: -61
[ 1027.334745][   T10] usb 7-1: can't read configurations, error -61
[ 1027.337952][   T10] usb usb7-port1: unable to enumerate USB device
[ 1028.123918][T22221] CIFS mount error: No usable UNC path provided in device string!
[ 1028.123918][T22221] 
[ 1028.127568][T22221] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[ 1028.988401][T22235] CIFS mount error: No usable UNC path provided in device string!
[ 1028.988401][T22235] 
[ 1028.991601][T22235] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[ 1034.034322][T22318] netlink: 3 bytes leftover after parsing attributes in process `syz.1.3526'.
[ 1034.081932][T22318] batadv7: entered allmulticast mode
[ 1034.089992][T22321] input: syz1 as /devices/virtual/input/input437
[ 1035.252501][T22350] overlayfs: missing 'workdir'
[ 1035.321364][   T40] audit: type=1804 audit(1748060833.404:199): pid=22350 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.3533" name="/newroot/240/bus/bus" dev="tmpfs" ino=1315 res=1 errno=0
[ 1037.036140][T17195] usb 7-1: new high-speed USB device number 17 using dummy_hcd
[ 1037.185318][T17195] usb 7-1: Using ep0 maxpacket: 8
[ 1037.189564][T17195] usb 7-1: config index 0 descriptor too short (expected 5924, got 36)
[ 1037.192247][T17195] usb 7-1: config 250 has an invalid interface number: 228 but max is -1
[ 1037.194857][T17195] usb 7-1: config 250 has 1 interface, different from the descriptor's value: 0
[ 1037.198133][T17195] usb 7-1: config 250 has no interface number 0
[ 1037.200083][T17195] usb 7-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024
[ 1037.203614][T17195] usb 7-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024
[ 1037.206998][T17195] usb 7-1: config 250 interface 228 altsetting 255 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[ 1037.211252][T17195] usb 7-1: config 250 interface 228 has no altsetting 0
[ 1037.214786][T17195] usb 7-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07
[ 1037.217761][T17195] usb 7-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59
[ 1037.220504][T17195] usb 7-1: Product: syz
[ 1037.221907][T17195] usb 7-1: SerialNumber: syz
[ 1037.226764][T17195] hub 7-1:250.228: bad descriptor, ignoring hub
[ 1037.230741][T17195] hub 7-1:250.228: probe with driver hub failed with error -5
[ 1037.669495][T22385] netlink: 3 bytes leftover after parsing attributes in process `syz.3.3540'.
[ 1037.681753][T22385] batadv5: entered allmulticast mode
[ 1037.738059][T22389] input: syz1 as /devices/virtual/input/input438
[ 1039.703670][T19834] usb 7-1: USB disconnect, device number 17
[ 1039.855326][T19829] usb 6-1: new high-speed USB device number 118 using dummy_hcd
[ 1040.015378][T19829] usb 6-1: Using ep0 maxpacket: 8
[ 1040.028407][T19829] usb 6-1: config index 0 descriptor too short (expected 5924, got 36)
[ 1040.031920][T19829] usb 6-1: config 250 has an invalid interface number: 228 but max is -1
[ 1040.041641][T19829] usb 6-1: config 250 has 1 interface, different from the descriptor's value: 0
[ 1040.058942][T19829] usb 6-1: config 250 has no interface number 0
[ 1040.061181][T19829] usb 6-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024
[ 1040.076654][T19829] usb 6-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024
[ 1040.089097][T19829] usb 6-1: config 250 interface 228 altsetting 255 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[ 1040.095829][T19829] usb 6-1: config 250 interface 228 has no altsetting 0
[ 1040.109100][T19829] usb 6-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07
[ 1040.112050][T19829] usb 6-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59
[ 1040.114684][T19829] usb 6-1: Product: syz
[ 1040.116752][T19829] usb 6-1: SerialNumber: syz
[ 1040.136384][T19829] hub 6-1:250.228: bad descriptor, ignoring hub
[ 1040.140730][T19829] hub 6-1:250.228: probe with driver hub failed with error -5
[ 1040.372435][T22431] netlink: 3 bytes leftover after parsing attributes in process `syz.3.3552'.
[ 1040.378552][T22431] batadv5: entered allmulticast mode
[ 1040.442293][T22432] input: syz1 as /devices/virtual/input/input439
[ 1040.885724][ T5955] usb 7-1: new high-speed USB device number 18 using dummy_hcd
[ 1041.035294][ T5955] usb 7-1: Using ep0 maxpacket: 8
[ 1041.038873][ T5955] usb 7-1: unable to read config index 0 descriptor/start: -61
[ 1041.041868][ T5955] usb 7-1: can't read configurations, error -61
[ 1041.165329][ T5955] usb 7-1: new high-speed USB device number 19 using dummy_hcd
[ 1041.315650][ T5955] usb 7-1: Using ep0 maxpacket: 8
[ 1041.319113][ T5955] usb 7-1: unable to read config index 0 descriptor/start: -61
[ 1041.321476][ T5955] usb 7-1: can't read configurations, error -61
[ 1041.323761][ T5955] usb usb7-port1: attempt power cycle
[ 1041.665695][ T5955] usb 7-1: new high-speed USB device number 20 using dummy_hcd
[ 1041.686115][ T5955] usb 7-1: Using ep0 maxpacket: 8
[ 1041.689973][ T5955] usb 7-1: unable to read config index 0 descriptor/start: -61
[ 1041.692927][ T5955] usb 7-1: can't read configurations, error -61
[ 1041.835411][ T5955] usb 7-1: new high-speed USB device number 21 using dummy_hcd
[ 1041.855741][ T5955] usb 7-1: Using ep0 maxpacket: 8
[ 1041.859084][ T5955] usb 7-1: unable to read config index 0 descriptor/start: -61
[ 1041.861426][ T5955] usb 7-1: can't read configurations, error -61
[ 1041.863559][ T5955] usb usb7-port1: unable to enumerate USB device
[ 1042.245721][T19829] usb 6-1: USB disconnect, device number 118
[ 1043.945243][T19834] usb 5-1: new high-speed USB device number 24 using dummy_hcd
[ 1043.967902][T22479] netlink: set zone limit has 4 unknown bytes
[ 1044.185288][T19834] usb 5-1: Using ep0 maxpacket: 8
[ 1044.190262][T19834] usb 5-1: config index 0 descriptor too short (expected 5924, got 36)
[ 1044.192973][T19834] usb 5-1: config 250 has an invalid interface number: 228 but max is -1
[ 1044.197139][T19834] usb 5-1: config 250 has 1 interface, different from the descriptor's value: 0
[ 1044.199996][T19834] usb 5-1: config 250 has no interface number 0
[ 1044.202050][T19834] usb 5-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024
[ 1044.254205][T19834] usb 5-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024
[ 1044.257745][T19834] usb 5-1: config 250 interface 228 altsetting 255 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[ 1044.261905][T19834] usb 5-1: config 250 interface 228 has no altsetting 0
[ 1044.268207][T19834] usb 5-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07
[ 1044.285085][T19834] usb 5-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59
[ 1044.287862][T19834] usb 5-1: Product: syz
[ 1044.289315][T19834] usb 5-1: SerialNumber: syz
[ 1044.388712][T19834] hub 5-1:250.228: bad descriptor, ignoring hub
[ 1044.391425][T19834] hub 5-1:250.228: probe with driver hub failed with error -5
[ 1046.557768][T22515] CIFS mount error: No usable UNC path provided in device string!
[ 1046.557768][T22515] 
[ 1046.561533][T22515] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[ 1046.644041][T19829] usb 5-1: USB disconnect, device number 24
[ 1048.112348][   T40] audit: type=1804 audit(1748060846.194:200): pid=22537 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.3578" name="/newroot/253/bus/bus" dev="overlay" ino=1391 res=1 errno=0
[ 1048.122520][   T40] audit: type=1804 audit(1748060846.204:201): pid=22537 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.3578" name="/newroot/253/bus/bus" dev="overlay" ino=1391 res=1 errno=0
[ 1048.691658][T22550] overlayfs: missing 'lowerdir'
[ 1048.785260][   T40] audit: type=1804 audit(1748060846.824:202): pid=22550 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.3580" name="/newroot/332/bus/bus" dev="tmpfs" ino=1833 res=1 errno=0
[ 1049.129924][T22555] CIFS mount error: No usable UNC path provided in device string!
[ 1049.129924][T22555] 
[ 1049.133238][T22555] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[ 1050.639981][T22587] netlink: set zone limit has 4 unknown bytes
[ 1052.615862][T22613] netlink: 3 bytes leftover after parsing attributes in process `syz.0.3597'.
[ 1052.630713][T22613] batadv3: entered allmulticast mode
[ 1052.706886][T22614] input: syz1 as /devices/virtual/input/input440
[ 1053.028921][T22621] netlink: set zone limit has 4 unknown bytes
[ 1053.878152][ T1417] ieee802154 phy0 wpan0: encryption failed: -22
[ 1053.880319][ T1417] ieee802154 phy1 wpan1: encryption failed: -22
[ 1054.492154][   T40] audit: type=1800 audit(1748060852.564:203): pid=22643 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.3603" name="bus" dev="overlay" ino=1427 res=0 errno=0
[ 1055.576367][T19829] usb 6-1: new high-speed USB device number 119 using dummy_hcd
[ 1055.726007][T19829] usb 6-1: Using ep0 maxpacket: 8
[ 1055.728958][T19829] usb 6-1: config index 0 descriptor too short (expected 5924, got 36)
[ 1055.736943][T19829] usb 6-1: config 250 has an invalid interface number: 228 but max is -1
[ 1055.739656][T19829] usb 6-1: config 250 has 1 interface, different from the descriptor's value: 0
[ 1055.742501][T19829] usb 6-1: config 250 has no interface number 0
[ 1055.744622][T19829] usb 6-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024
[ 1055.748663][T19829] usb 6-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024
[ 1055.751882][T19829] usb 6-1: config 250 interface 228 altsetting 255 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[ 1055.756241][T19829] usb 6-1: config 250 interface 228 has no altsetting 0
[ 1055.759688][T19829] usb 6-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07
[ 1055.762581][T19829] usb 6-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59
[ 1055.765293][T19829] usb 6-1: Product: syz
[ 1055.766860][T19829] usb 6-1: SerialNumber: syz
[ 1055.770448][T22666] netlink: set zone limit has 4 unknown bytes
[ 1055.771202][T19829] hub 6-1:250.228: bad descriptor, ignoring hub
[ 1055.774907][T19829] hub 6-1:250.228: probe with driver hub failed with error -5
[ 1056.740610][T14592] usb 5-1: new high-speed USB device number 25 using dummy_hcd
[ 1056.896234][T14592] usb 5-1: Using ep0 maxpacket: 8
[ 1056.908355][T14592] usb 5-1: unable to read config index 0 descriptor/start: -61
[ 1056.911559][T14592] usb 5-1: can't read configurations, error -61
[ 1057.035774][T14592] usb 5-1: new high-speed USB device number 26 using dummy_hcd
[ 1057.185351][T14592] usb 5-1: Using ep0 maxpacket: 8
[ 1057.191027][T14592] usb 5-1: unable to read config index 0 descriptor/start: -61
[ 1057.194144][T14592] usb 5-1: can't read configurations, error -61
[ 1057.198102][T14592] usb usb5-port1: attempt power cycle
[ 1057.535260][T14592] usb 5-1: new high-speed USB device number 27 using dummy_hcd
[ 1057.557351][T14592] usb 5-1: Using ep0 maxpacket: 8
[ 1057.560823][T14592] usb 5-1: unable to read config index 0 descriptor/start: -61
[ 1057.563706][T14592] usb 5-1: can't read configurations, error -61
[ 1057.695291][T14592] usb 5-1: new high-speed USB device number 28 using dummy_hcd
[ 1057.740652][T14592] usb 5-1: Using ep0 maxpacket: 8
[ 1057.746164][T14592] usb 5-1: unable to read config index 0 descriptor/start: -61
[ 1057.748676][T14592] usb 5-1: can't read configurations, error -61
[ 1057.762660][T14592] usb usb5-port1: unable to enumerate USB device
[ 1057.795381][   T40] audit: type=1800 audit(1748060855.874:204): pid=22693 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.3616" name="bus" dev="overlay" ino=1534 res=0 errno=0
[ 1058.095418][T19829] usb 6-1: USB disconnect, device number 119
[ 1059.267156][T22711] netlink: 9896 bytes leftover after parsing attributes in process `syz.3.3621'.
[ 1060.261101][T22727] netlink: 3 bytes leftover after parsing attributes in process `syz.2.3623'.
[ 1060.269634][T22727] batadv3: entered allmulticast mode
[ 1060.314687][T22728] input: syz1 as /devices/virtual/input/input441
[ 1060.503146][T22733] CIFS mount error: No usable UNC path provided in device string!
[ 1060.503146][T22733] 
[ 1060.507803][T22733] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[ 1062.207752][T22759] netlink: set zone limit has 4 unknown bytes
[ 1063.025452][T22769] netlink: set zone limit has 4 unknown bytes
[ 1064.110945][T22787] CIFS mount error: No usable UNC path provided in device string!
[ 1064.110945][T22787] 
[ 1064.114055][T22787] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[ 1065.528961][   T40] audit: type=1804 audit(1748060863.614:205): pid=22812 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.3644" name="/newroot/348/bus/bus" dev="overlay" ino=1923 res=1 errno=0
[ 1065.597089][   T40] audit: type=1804 audit(1748060863.624:206): pid=22812 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.3644" name="/newroot/348/bus/bus" dev="overlay" ino=1923 res=1 errno=0
[ 1071.235417][T19834] usb 6-1: new high-speed USB device number 120 using dummy_hcd
[ 1071.385255][T19834] usb 6-1: Using ep0 maxpacket: 8
[ 1071.389002][T19834] usb 6-1: config index 0 descriptor too short (expected 5924, got 36)
[ 1071.393909][T19834] usb 6-1: config 250 has an invalid interface number: 228 but max is -1
[ 1071.398992][T19834] usb 6-1: config 250 has 1 interface, different from the descriptor's value: 0
[ 1071.402512][T19834] usb 6-1: config 250 has no interface number 0
[ 1071.404659][T19834] usb 6-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024
[ 1071.408847][T19834] usb 6-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024
[ 1071.412264][T19834] usb 6-1: config 250 interface 228 altsetting 255 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[ 1071.416594][T19834] usb 6-1: config 250 interface 228 has no altsetting 0
[ 1071.420488][T19834] usb 6-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07
[ 1071.423555][T19834] usb 6-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59
[ 1071.426312][T19834] usb 6-1: Product: syz
[ 1071.427734][T19834] usb 6-1: SerialNumber: syz
[ 1071.435528][T19834] hub 6-1:250.228: bad descriptor, ignoring hub
[ 1071.438407][T19834] hub 6-1:250.228: probe with driver hub failed with error -5
[ 1071.691053][   T40] audit: type=1804 audit(1748060869.774:207): pid=22938 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.3672" name="/newroot/275/bus/bus" dev="overlay" ino=1521 res=1 errno=0
[ 1071.706840][   T40] audit: type=1804 audit(1748060869.794:208): pid=22938 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.3672" name="/newroot/275/bus/bus" dev="overlay" ino=1521 res=1 errno=0
[ 1072.808042][T22957] CIFS mount error: No usable UNC path provided in device string!
[ 1072.808042][T22957] 
[ 1072.812214][T22957] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[ 1073.725590][T19834] usb 6-1: USB disconnect, device number 120
[ 1076.086048][T23009] CIFS mount error: No usable UNC path provided in device string!
[ 1076.086048][T23009] 
[ 1076.089322][T23009] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[ 1079.655270][ T5955] usb 6-1: new high-speed USB device number 121 using dummy_hcd
[ 1079.731888][   T40] audit: type=1804 audit(1748060877.814:209): pid=23074 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.3706" name="/newroot/286/bus/bus" dev="overlay" ino=1587 res=1 errno=0
[ 1079.751216][   T40] audit: type=1804 audit(1748060877.834:210): pid=23074 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.3706" name="/newroot/286/bus/bus" dev="overlay" ino=1587 res=1 errno=0
[ 1079.846428][ T5955] usb 6-1: Using ep0 maxpacket: 8
[ 1079.853621][ T5955] usb 6-1: config index 0 descriptor too short (expected 5924, got 36)
[ 1079.857175][ T5955] usb 6-1: config 250 has an invalid interface number: 228 but max is -1
[ 1079.860606][ T5955] usb 6-1: config 250 has 1 interface, different from the descriptor's value: 0
[ 1079.864842][ T5955] usb 6-1: config 250 has no interface number 0
[ 1079.867580][ T5955] usb 6-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024
[ 1079.871114][ T5955] usb 6-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024
[ 1079.875219][ T5955] usb 6-1: config 250 interface 228 altsetting 255 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[ 1079.879515][ T5955] usb 6-1: config 250 interface 228 has no altsetting 0
[ 1079.883165][ T5955] usb 6-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07
[ 1079.887554][ T5955] usb 6-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59
[ 1079.891414][ T5955] usb 6-1: Product: syz
[ 1079.893913][ T5955] usb 6-1: SerialNumber: syz
[ 1079.901874][ T5955] hub 6-1:250.228: bad descriptor, ignoring hub
[ 1079.903887][ T5955] hub 6-1:250.228: probe with driver hub failed with error -5
[ 1080.895242][T19829] usb 7-1: new high-speed USB device number 22 using dummy_hcd
[ 1081.045232][T19829] usb 7-1: Using ep0 maxpacket: 8
[ 1081.048486][T19829] usb 7-1: config index 0 descriptor too short (expected 5924, got 36)
[ 1081.051364][T19829] usb 7-1: config 250 has an invalid interface number: 228 but max is -1
[ 1081.054253][T19829] usb 7-1: config 250 has 1 interface, different from the descriptor's value: 0
[ 1081.057439][T19829] usb 7-1: config 250 has no interface number 0
[ 1081.059645][T19829] usb 7-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024
[ 1081.063582][T19829] usb 7-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024
[ 1081.067111][T19829] usb 7-1: config 250 interface 228 altsetting 255 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[ 1081.071569][T19829] usb 7-1: config 250 interface 228 has no altsetting 0
[ 1081.075471][T19829] usb 7-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07
[ 1081.078398][T19829] usb 7-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59
[ 1081.081041][T19829] usb 7-1: Product: syz
[ 1081.082480][T19829] usb 7-1: SerialNumber: syz
[ 1081.087793][T19829] hub 7-1:250.228: bad descriptor, ignoring hub
[ 1081.089922][T19829] hub 7-1:250.228: probe with driver hub failed with error -5
[ 1082.054705][T19834] usb 6-1: USB disconnect, device number 121
[ 1083.052490][T23106] netlink: 3 bytes leftover after parsing attributes in process `syz.0.3713'.
[ 1083.097794][T23106] batadv3: entered allmulticast mode
[ 1083.193485][T23109] input: syz1 as /devices/virtual/input/input442
[ 1083.465621][T19829] usb 7-1: USB disconnect, device number 22
[ 1083.756140][   T40] audit: type=1804 audit(1748060881.844:211): pid=23118 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.3716" name="/newroot/288/bus/bus" dev="overlay" ino=1608 res=1 errno=0
[ 1083.772214][   T40] audit: type=1804 audit(1748060881.854:212): pid=23118 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.3716" name="/newroot/288/bus/bus" dev="overlay" ino=1608 res=1 errno=0
[ 1083.859120][   T40] audit: type=1804 audit(1748060881.944:213): pid=23120 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.3717" name="/newroot/367/bus/bus" dev="overlay" ino=2029 res=1 errno=0
[ 1084.026207][   T40] audit: type=1804 audit(1748060881.954:214): pid=23120 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.3717" name="/newroot/367/bus/bus" dev="overlay" ino=2029 res=1 errno=0
[ 1084.595426][    C2] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[ 1084.772577][T23138] netlink: 9896 bytes leftover after parsing attributes in process `syz.1.3723'.
[ 1085.731830][   T40] audit: type=1800 audit(1748060883.814:215): pid=23151 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.3726" name="bus" dev="overlay" ino=2049 res=0 errno=0
[ 1086.549656][   T40] audit: type=1804 audit(1748060884.624:216): pid=23166 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.3729" name="/newroot/307/bus/bus" dev="overlay" ino=1681 res=1 errno=0
[ 1086.556395][   T40] audit: type=1804 audit(1748060884.624:217): pid=23166 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.3729" name="/newroot/307/bus/bus" dev="overlay" ino=1681 res=1 errno=0
[ 1086.842643][   T40] audit: type=1804 audit(1748060884.894:218): pid=23173 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.3731" name="/newroot/358/bus/bus" dev="overlay" ino=1964 res=1 errno=0
[ 1086.849237][   T40] audit: type=1804 audit(1748060884.904:219): pid=23173 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.3731" name="/newroot/358/bus/bus" dev="overlay" ino=1964 res=1 errno=0
[ 1088.405284][T19834] usb 7-1: new high-speed USB device number 23 using dummy_hcd
[ 1088.595315][T19834] usb 7-1: Using ep0 maxpacket: 8
[ 1088.598563][T19834] usb 7-1: unable to read config index 0 descriptor/start: -61
[ 1088.601150][T19834] usb 7-1: can't read configurations, error -61
[ 1088.765348][T19834] usb 7-1: new high-speed USB device number 24 using dummy_hcd
[ 1089.171361][T19834] usb 7-1: Using ep0 maxpacket: 8
[ 1089.174822][T19834] usb 7-1: unable to read config index 0 descriptor/start: -61
[ 1089.177583][T19834] usb 7-1: can't read configurations, error -61
[ 1089.179962][T19834] usb usb7-port1: attempt power cycle
[ 1089.685270][T19834] usb 7-1: new high-speed USB device number 25 using dummy_hcd
[ 1089.705726][T19834] usb 7-1: Using ep0 maxpacket: 8
[ 1089.710054][T19834] usb 7-1: unable to read config index 0 descriptor/start: -61
[ 1089.712773][T19834] usb 7-1: can't read configurations, error -61
[ 1089.734554][   T40] audit: type=1804 audit(1748060887.814:220): pid=23218 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.3742" name="/newroot/361/bus/bus" dev="overlay" ino=1989 res=1 errno=0
[ 1089.742767][   T40] audit: type=1804 audit(1748060887.834:221): pid=23218 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.3742" name="/newroot/361/bus/bus" dev="overlay" ino=1989 res=1 errno=0
[ 1089.855281][T19834] usb 7-1: new high-speed USB device number 26 using dummy_hcd
[ 1089.875704][T19834] usb 7-1: Using ep0 maxpacket: 8
[ 1089.880459][T19834] usb 7-1: unable to read config index 0 descriptor/start: -61
[ 1089.883133][T19834] usb 7-1: can't read configurations, error -61
[ 1089.889894][T19834] usb usb7-port1: unable to enumerate USB device
[ 1091.141118][   T40] audit: type=1804 audit(1748060889.224:222): pid=23240 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.3747" name="/newroot/375/bus/bus" dev="overlay" ino=2089 res=1 errno=0
[ 1091.157875][   T40] audit: type=1804 audit(1748060889.244:223): pid=23240 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.3747" name="/newroot/375/bus/bus" dev="overlay" ino=2089 res=1 errno=0
[ 1091.435296][   T40] audit: type=1804 audit(1748060889.474:224): pid=23246 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.3749" name="/newroot/310/bus/bus" dev="overlay" ino=1706 res=1 errno=0
[ 1091.484406][   T40] audit: type=1804 audit(1748060889.494:225): pid=23246 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.3749" name="/newroot/310/bus/bus" dev="overlay" ino=1706 res=1 errno=0
[ 1093.099797][T23280] CIFS mount error: No usable UNC path provided in device string!
[ 1093.099797][T23280] 
[ 1093.102993][T23280] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[ 1093.246121][T23282] netlink: 3 bytes leftover after parsing attributes in process `syz.3.3757'.
[ 1093.255437][T23282] batadv5: entered allmulticast mode
[ 1093.305278][ T5955] usb 7-1: new high-speed USB device number 27 using dummy_hcd
[ 1093.325668][T23283] input: syz1 as /devices/virtual/input/input443
[ 1093.455365][ T5955] usb 7-1: Using ep0 maxpacket: 8
[ 1093.459877][ T5955] usb 7-1: unable to read config index 0 descriptor/start: -61
[ 1093.463143][ T5955] usb 7-1: can't read configurations, error -61
[ 1093.605249][ T5955] usb 7-1: new high-speed USB device number 28 using dummy_hcd
[ 1093.775285][ T5955] usb 7-1: Using ep0 maxpacket: 8
[ 1093.787201][ T5955] usb 7-1: unable to read config index 0 descriptor/start: -61
[ 1093.789477][ T5955] usb 7-1: can't read configurations, error -61
[ 1093.792954][ T5955] usb usb7-port1: attempt power cycle
[ 1093.815074][T23287] netlink: 3 bytes leftover after parsing attributes in process `syz.1.3759'.
[ 1093.836945][T23287] batadv7: entered allmulticast mode
[ 1093.884539][T23288] input: syz1 as /devices/virtual/input/input444
[ 1094.153639][ T5955] usb 7-1: new high-speed USB device number 29 using dummy_hcd
[ 1094.176068][ T5955] usb 7-1: Using ep0 maxpacket: 8
[ 1094.179348][ T5955] usb 7-1: unable to read config index 0 descriptor/start: -61
[ 1094.181697][ T5955] usb 7-1: can't read configurations, error -61
[ 1094.253510][T23292] netlink: set zone limit has 4 unknown bytes
[ 1094.315454][ T5955] usb 7-1: new high-speed USB device number 30 using dummy_hcd
[ 1094.336646][ T5955] usb 7-1: Using ep0 maxpacket: 8
[ 1094.340028][ T5955] usb 7-1: unable to read config index 0 descriptor/start: -61
[ 1094.342549][ T5955] usb 7-1: can't read configurations, error -61
[ 1094.344787][ T5955] usb usb7-port1: unable to enumerate USB device
[ 1095.946872][   T40] audit: type=1804 audit(1748060894.034:226): pid=23317 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.3766" name="/newroot/368/bus/bus" dev="overlay" ino=2034 res=1 errno=0
[ 1095.967961][   T40] audit: type=1804 audit(1748060894.054:227): pid=23317 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.3766" name="/newroot/368/bus/bus" dev="overlay" ino=2034 res=1 errno=0
[ 1097.242170][T23339] netlink: 3 bytes leftover after parsing attributes in process `syz.0.3771'.
[ 1097.247866][T23339] batadv3: entered allmulticast mode
[ 1097.301258][T23341] input: syz1 as /devices/virtual/input/input445
[ 1097.569982][T23348] netlink: set zone limit has 4 unknown bytes
[ 1098.005358][   T40] audit: type=1804 audit(1748060896.044:228): pid=23357 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.3774" name="/newroot/315/bus/bus" dev="overlay" ino=1741 res=1 errno=0
[ 1098.012345][   T40] audit: type=1804 audit(1748060896.064:229): pid=23357 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.3774" name="/newroot/315/bus/bus" dev="overlay" ino=1741 res=1 errno=0
[ 1098.668061][T23363] netlink: 3 bytes leftover after parsing attributes in process `syz.1.3776'.
[ 1098.683329][T23363] batadv7: entered allmulticast mode
[ 1098.936233][T23367] input: syz1 as /devices/virtual/input/input446
[ 1100.654754][T23400] netlink: set zone limit has 4 unknown bytes
[ 1101.024304][T23407] netlink: set zone limit has 4 unknown bytes
[ 1102.384074][T23437] netlink: 9896 bytes leftover after parsing attributes in process `syz.0.3791'.
[ 1103.103151][   T40] audit: type=1804 audit(1748060901.184:230): pid=23449 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.3794" name="/newroot/307/bus/bus" dev="overlay" ino=1714 res=1 errno=0
[ 1103.110074][   T40] audit: type=1804 audit(1748060901.194:231): pid=23449 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.3794" name="/newroot/307/bus/bus" dev="overlay" ino=1714 res=1 errno=0
[ 1103.188624][T23450] netlink: 3 bytes leftover after parsing attributes in process `syz.1.3793'.
[ 1103.208350][T23450] batadv7: entered allmulticast mode
[ 1103.267039][T23451] input: syz1 as /devices/virtual/input/input447
[ 1103.886600][T23457] netlink: set zone limit has 4 unknown bytes
[ 1103.906814][T23459] netlink: set zone limit has 4 unknown bytes
[ 1103.996883][   T40] audit: type=1804 audit(1748060902.084:232): pid=23461 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.3797" name="/newroot/376/bus/bus" dev="overlay" ino=2084 res=1 errno=0
[ 1104.016189][   T40] audit: type=1804 audit(1748060902.104:233): pid=23461 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.3797" name="/newroot/376/bus/bus" dev="overlay" ino=2084 res=1 errno=0
[ 1105.760505][T23494] netlink: set zone limit has 4 unknown bytes
[ 1106.721249][   T40] audit: type=1804 audit(1748060904.804:234): pid=23503 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.3807" name="/newroot/379/bus/bus" dev="overlay" ino=2109 res=1 errno=0
[ 1106.728240][   T40] audit: type=1804 audit(1748060904.814:235): pid=23503 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.3807" name="/newroot/379/bus/bus" dev="overlay" ino=2109 res=1 errno=0
[ 1107.419876][T23512] netlink: 9896 bytes leftover after parsing attributes in process `syz.1.3810'.
[ 1107.503326][T23514] netlink: set zone limit has 4 unknown bytes
[ 1108.910014][T23534] netlink: 3 bytes leftover after parsing attributes in process `syz.2.3814'.
[ 1108.929834][T23534] batadv3: entered allmulticast mode
[ 1108.986206][T23536] input: syz1 as /devices/virtual/input/input448
[ 1109.392515][T23545] netlink: 3 bytes leftover after parsing attributes in process `syz.1.3816'.
[ 1109.425654][T23545] batadv7: entered allmulticast mode
[ 1109.465780][T23546] input: syz1 as /devices/virtual/input/input449
[ 1112.222719][T23605] netlink: set zone limit has 4 unknown bytes
[ 1114.558304][T23650] netlink: 9896 bytes leftover after parsing attributes in process `syz.2.3839'.
[ 1115.316895][ T1417] ieee802154 phy0 wpan0: encryption failed: -22
[ 1115.319759][ T1417] ieee802154 phy1 wpan1: encryption failed: -22
[ 1115.692763][   T40] audit: type=1804 audit(1748060913.774:236): pid=23668 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.3843" name="/newroot/335/bus/bus" dev="overlay" ino=1852 res=1 errno=0
[ 1115.701948][   T40] audit: type=1804 audit(1748060913.774:237): pid=23668 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.3843" name="/newroot/335/bus/bus" dev="overlay" ino=1852 res=1 errno=0
[ 1116.885354][T19829] usb 5-1: new high-speed USB device number 29 using dummy_hcd
[ 1117.065237][T19829] usb 5-1: Using ep0 maxpacket: 8
[ 1117.069267][T19829] usb 5-1: unable to read config index 0 descriptor/start: -61
[ 1117.074340][T19829] usb 5-1: can't read configurations, error -61
[ 1117.225250][T19829] usb 5-1: new high-speed USB device number 30 using dummy_hcd
[ 1117.395375][T19829] usb 5-1: Using ep0 maxpacket: 8
[ 1117.401915][T19829] usb 5-1: unable to read config index 0 descriptor/start: -61
[ 1117.404556][T19829] usb 5-1: can't read configurations, error -61
[ 1117.452493][T19829] usb usb5-port1: attempt power cycle
[ 1117.896519][T19829] usb 5-1: new high-speed USB device number 31 using dummy_hcd
[ 1117.925885][T19829] usb 5-1: Using ep0 maxpacket: 8
[ 1117.930171][T19829] usb 5-1: unable to read config index 0 descriptor/start: -61
[ 1117.933351][T19829] usb 5-1: can't read configurations, error -61
[ 1118.076487][T19829] usb 5-1: new high-speed USB device number 32 using dummy_hcd
[ 1118.136090][T19829] usb 5-1: Using ep0 maxpacket: 8
[ 1118.146764][T19829] usb 5-1: unable to read config index 0 descriptor/start: -61
[ 1118.151086][T19829] usb 5-1: can't read configurations, error -61
[ 1118.156453][T19829] usb usb5-port1: unable to enumerate USB device
[ 1118.365710][ T5986] usb 7-1: new high-speed USB device number 31 using dummy_hcd
[ 1118.495272][ T5986] usb 7-1: device descriptor read/64, error -71
[ 1118.745266][ T5986] usb 7-1: new high-speed USB device number 32 using dummy_hcd
[ 1118.885789][ T5986] usb 7-1: device descriptor read/64, error -71
[ 1118.995717][ T5986] usb usb7-port1: attempt power cycle
[ 1119.032163][   T40] audit: type=1804 audit(1748060917.114:238): pid=23725 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.3855" name="/newroot/392/bus/bus" dev="overlay" ino=2185 res=1 errno=0
[ 1119.040218][   T40] audit: type=1804 audit(1748060917.124:239): pid=23725 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.3855" name="/newroot/392/bus/bus" dev="overlay" ino=2185 res=1 errno=0
[ 1119.375534][ T5986] usb 7-1: new high-speed USB device number 33 using dummy_hcd
[ 1119.406271][ T5986] usb 7-1: device descriptor read/8, error -71
[ 1119.434336][T23729] netlink: 3 bytes leftover after parsing attributes in process `syz.3.3856'.
[ 1119.450643][T23729] batadv5: entered allmulticast mode
[ 1119.500139][T23730] input: syz1 as /devices/virtual/input/input450
[ 1119.761141][ T5986] usb 7-1: new high-speed USB device number 34 using dummy_hcd
[ 1119.780878][ T5986] usb 7-1: device descriptor read/8, error -71
[ 1119.885577][ T5986] usb usb7-port1: unable to enumerate USB device
[ 1120.253213][T23742] netlink: set zone limit has 4 unknown bytes
[ 1120.811382][   T40] audit: type=1804 audit(1748060918.894:240): pid=23753 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.3861" name="/newroot/320/bus/bus" dev="overlay" ino=1801 res=1 errno=0
[ 1120.825268][   T40] audit: type=1804 audit(1748060918.894:241): pid=23753 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.3861" name="/newroot/320/bus/bus" dev="overlay" ino=1801 res=1 errno=0
[ 1122.941855][T23799] netlink: 3 bytes leftover after parsing attributes in process `syz.3.3868'.
[ 1122.963280][T23799] batadv5: entered allmulticast mode
[ 1123.017602][T23800] input: syz1 as /devices/virtual/input/input451
[ 1123.200226][T23802] netlink: 3 bytes leftover after parsing attributes in process `syz.1.3869'.
[ 1123.212207][T23802] batadv7: entered allmulticast mode
[ 1123.385029][T23803] input: syz1 as /devices/virtual/input/input452
[ 1124.236504][T23819] lo speed is unknown, defaulting to 1000
[ 1124.297173][T23822] lo speed is unknown, defaulting to 1000
[ 1124.444522][T23822] FAULT_INJECTION: forcing a failure.
[ 1124.444522][T23822] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1124.450253][T23822] CPU: 2 UID: 0 PID: 23822 Comm: syz.1.3874 Not tainted 6.15.0-rc7-syzkaller-00142-g4856ebd99715 #0 PREEMPT(full) 
[ 1124.450270][T23822] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 1124.450276][T23822] Call Trace:
[ 1124.450281][T23822]  <TASK>
[ 1124.450285][T23822]  dump_stack_lvl+0x16c/0x1f0
[ 1124.450305][T23822]  should_fail_ex+0x512/0x640
[ 1124.450323][T23822]  _copy_from_user+0x2e/0xd0
[ 1124.450334][T23822]  copy_from_sockptr_offset.constprop.0+0x153/0x1a0
[ 1124.450353][T23822]  ? __pfx_copy_from_sockptr_offset.constprop.0+0x10/0x10
[ 1124.450372][T23822]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 1124.450388][T23822]  do_ip_getsockopt+0x27f/0x2100
[ 1124.450406][T23822]  ? __pfx_do_ip_getsockopt+0x10/0x10
[ 1124.450422][T23822]  ? __lock_acquire+0x5ca/0x1ba0
[ 1124.450440][T23822]  ? __lock_acquire+0xaa4/0x1ba0
[ 1124.450455][T23822]  ? _kstrtoull+0x145/0x200
[ 1124.450467][T23822]  ? __pfx__kstrtoull+0x10/0x10
[ 1124.450479][T23822]  ? aa_label_sk_perm+0x19b/0x5a0
[ 1124.450493][T23822]  ? __mutex_trylock_common+0xe9/0x250
[ 1124.450508][T23822]  ? __pfx___mutex_trylock_common+0x10/0x10
[ 1124.450523][T23822]  ? __pfx___might_resched+0x10/0x10
[ 1124.450536][T23822]  ? rcu_is_watching+0x12/0xc0
[ 1124.450546][T23822]  ? trace_contention_end+0xdd/0x130
[ 1124.450561][T23822]  ? __mutex_lock+0x1ca/0xb90
[ 1124.450578][T23822]  ip_getsockopt+0x9b/0x1e0
[ 1124.450594][T23822]  ? __pfx___mutex_lock+0x10/0x10
[ 1124.450610][T23822]  ? __pfx_ip_getsockopt+0x10/0x10
[ 1124.450625][T23822]  ? get_pid_task+0xfc/0x250
[ 1124.450644][T23822]  tcp_getsockopt+0xa1/0x100
[ 1124.450657][T23822]  smc_getsockopt+0x165/0x370
[ 1124.450669][T23822]  ? __pfx_sock_common_getsockopt+0x10/0x10
[ 1124.450685][T23822]  ? __pfx_smc_getsockopt+0x10/0x10
[ 1124.450695][T23822]  ? find_held_lock+0x2b/0x80
[ 1124.450707][T23822]  ? __pfx_smc_getsockopt+0x10/0x10
[ 1124.450719][T23822]  do_sock_getsockopt+0x3fc/0x800
[ 1124.450737][T23822]  ? __pfx_do_sock_getsockopt+0x10/0x10
[ 1124.450751][T23822]  ? __fget_files+0x204/0x3c0
[ 1124.450769][T23822]  __sys_getsockopt+0x123/0x1a0
[ 1124.450785][T23822]  __ia32_sys_getsockopt+0xbc/0x160
[ 1124.450796][T23822]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1124.450811][T23822]  ? syscall_enter_from_user_mode_prepare+0x68/0xe0
[ 1124.450827][T23822]  __do_fast_syscall_32+0x73/0x120
[ 1124.450844][T23822]  do_fast_syscall_32+0x32/0x80
[ 1124.450860][T23822]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1124.450879][T23822] RIP: 0023:0xf709e579
[ 1124.450892][T23822] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[ 1124.450906][T23822] RSP: 002b:00000000f508e55c EFLAGS: 00000296 ORIG_RAX: 000000000000016d
[ 1124.450922][T23822] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000000000
[ 1124.450934][T23822] RDX: 0000000000000060 RSI: 0000000080000240 RDI: 0000000080000300
[ 1124.450943][T23822] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1124.450951][T23822] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[ 1124.450961][T23822] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1124.450983][T23822]  </TASK>
[ 1124.788286][   T10] IPVS: starting estimator thread 0...
[ 1124.887135][T23831] IPVS: using max 23 ests per chain, 55200 per kthread
[ 1124.913137][T23835] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3878'.
[ 1124.962230][T23838] FAULT_INJECTION: forcing a failure.
[ 1124.962230][T23838] name failslab, interval 1, probability 0, space 0, times 1
[ 1124.973113][T23838] CPU: 1 UID: 0 PID: 23838 Comm: syz.2.3876 Not tainted 6.15.0-rc7-syzkaller-00142-g4856ebd99715 #0 PREEMPT(full) 
[ 1124.973142][T23838] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 1124.973150][T23838] Call Trace:
[ 1124.973155][T23838]  <TASK>
[ 1124.973160][T23838]  dump_stack_lvl+0x16c/0x1f0
[ 1124.973182][T23838]  should_fail_ex+0x512/0x640
[ 1124.973198][T23838]  ? fs_reclaim_acquire+0xae/0x150
[ 1124.973216][T23838]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[ 1124.973232][T23838]  should_failslab+0xc2/0x120
[ 1124.973246][T23838]  __kmalloc_noprof+0xd2/0x510
[ 1124.973262][T23838]  tomoyo_realpath_from_path+0xc2/0x6e0
[ 1124.973279][T23838]  ? tomoyo_profile+0x47/0x60
[ 1124.973290][T23838]  tomoyo_path_number_perm+0x245/0x580
[ 1124.973304][T23838]  ? tomoyo_path_number_perm+0x237/0x580
[ 1124.973318][T23838]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1124.973346][T23838]  ? find_held_lock+0x2b/0x80
[ 1124.973357][T23838]  ? hook_file_ioctl_common+0x145/0x410
[ 1124.973373][T23838]  ? __fget_files+0x204/0x3c0
[ 1124.973386][T23838]  ? __fget_files+0x20e/0x3c0
[ 1124.973394][T23838]  ? __pfx_fput+0x10/0x10
[ 1124.973409][T23838]  security_file_ioctl_compat+0x9b/0x240
[ 1124.973425][T23838]  __ia32_compat_sys_ioctl+0xc3/0x360
[ 1124.973442][T23838]  __do_fast_syscall_32+0x73/0x120
[ 1124.973460][T23838]  do_fast_syscall_32+0x32/0x80
[ 1124.973476][T23838]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1124.973489][T23838] RIP: 0023:0xf7f14579
[ 1124.973498][T23838] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[ 1124.973508][T23838] RSP: 002b:00000000f4ff455c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[ 1124.973519][T23838] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 000000004008af60
[ 1124.973525][T23838] RDX: 0000000080000280 RSI: 0000000000000000 RDI: 0000000000000000
[ 1124.973532][T23838] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1124.973537][T23838] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[ 1124.973543][T23838] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1124.973558][T23838]  </TASK>
[ 1124.973659][T23838] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1125.525510][T19829] usb 6-1: new high-speed USB device number 122 using dummy_hcd
[ 1125.685256][T19829] usb 6-1: Using ep0 maxpacket: 8
[ 1125.689114][T19829] usb 6-1: config index 0 descriptor too short (expected 5924, got 36)
[ 1125.691660][T19829] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1125.694717][T19829] usb 6-1: config 0 has no interfaces?
[ 1125.706647][T19829] usb 6-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07
[ 1125.709560][T19829] usb 6-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59
[ 1125.712092][T19829] usb 6-1: Product: syz
[ 1125.713409][T19829] usb 6-1: SerialNumber: syz
[ 1125.756873][T19829] usb 6-1: config 0 descriptor??
[ 1126.250849][T23855] netlink: 3 bytes leftover after parsing attributes in process `syz.0.3882'.
[ 1126.273689][T23855] batadv3: entered allmulticast mode
[ 1126.326584][T23856] input: syz1 as /devices/virtual/input/input453
[ 1126.513113][T23860] FAULT_INJECTION: forcing a failure.
[ 1126.513113][T23860] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1126.517316][T23860] CPU: 2 UID: 0 PID: 23860 Comm: syz.2.3883 Not tainted 6.15.0-rc7-syzkaller-00142-g4856ebd99715 #0 PREEMPT(full) 
[ 1126.517336][T23860] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 1126.517342][T23860] Call Trace:
[ 1126.517346][T23860]  <TASK>
[ 1126.517351][T23860]  dump_stack_lvl+0x16c/0x1f0
[ 1126.517371][T23860]  should_fail_ex+0x512/0x640
[ 1126.517390][T23860]  _copy_from_user+0x2e/0xd0
[ 1126.517401][T23860]  __ia32_sys_epoll_ctl+0x130/0x1e0
[ 1126.517418][T23860]  ? __pfx___ia32_sys_epoll_ctl+0x10/0x10
[ 1126.517435][T23860]  ? rcu_is_watching+0x12/0xc0
[ 1126.517448][T23860]  __do_fast_syscall_32+0x73/0x120
[ 1126.517465][T23860]  do_fast_syscall_32+0x32/0x80
[ 1126.517481][T23860]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1126.517494][T23860] RIP: 0023:0xf7f14579
[ 1126.517503][T23860] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[ 1126.517513][T23860] RSP: 002b:00000000f4ff455c EFLAGS: 00000296 ORIG_RAX: 00000000000000ff
[ 1126.517523][T23860] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000000001
[ 1126.517529][T23860] RDX: 0000000000000003 RSI: 0000000080000380 RDI: 0000000000000000
[ 1126.517535][T23860] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1126.517541][T23860] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[ 1126.517547][T23860] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1126.517560][T23860]  </TASK>
[ 1126.997260][T23867] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3885'.
[ 1127.000987][T23867] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3885'.
[ 1127.012689][T23867] FAULT_INJECTION: forcing a failure.
[ 1127.012689][T23867] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1127.017180][T23867] CPU: 1 UID: 0 PID: 23867 Comm: syz.0.3885 Not tainted 6.15.0-rc7-syzkaller-00142-g4856ebd99715 #0 PREEMPT(full) 
[ 1127.017196][T23867] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 1127.017202][T23867] Call Trace:
[ 1127.017207][T23867]  <TASK>
[ 1127.017212][T23867]  dump_stack_lvl+0x16c/0x1f0
[ 1127.017231][T23867]  should_fail_ex+0x512/0x640
[ 1127.017249][T23867]  strncpy_from_user+0x3b/0x2e0
[ 1127.017263][T23867]  ? lock_acquire+0x179/0x350
[ 1127.017278][T23867]  strncpy_from_user_nofault+0x7f/0x180
[ 1127.017295][T23867]  bpf_probe_read_user_str+0x26/0x70
[ 1127.017312][T23867]  bpf_prog_78f9c3f13797e2ae+0x3e/0x44
[ 1127.017322][T23867]  bpf_trace_run2+0x233/0x590
[ 1127.017336][T23867]  ? __pfx_bpf_trace_run2+0x10/0x10
[ 1127.017349][T23867]  ? __might_fault+0xe3/0x190
[ 1127.017361][T23867]  ? __might_fault+0x13b/0x190
[ 1127.017376][T23867]  __bpf_trace_sys_enter+0x37/0x60
[ 1127.017393][T23867]  syscall_trace_enter+0x1b5/0x260
[ 1127.017409][T23867]  __do_fast_syscall_32+0xc2/0x120
[ 1127.017427][T23867]  do_fast_syscall_32+0x32/0x80
[ 1127.017443][T23867]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1127.017456][T23867] RIP: 0023:0xf7f34579
[ 1127.017465][T23867] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[ 1127.017475][T23867] RSP: 002b:00000000f505655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[ 1127.017486][T23867] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000080001200
[ 1127.017492][T23867] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1127.017498][T23867] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1127.017504][T23867] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[ 1127.017510][T23867] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1127.017523][T23867]  </TASK>
[ 1127.714897][T23883] FAULT_INJECTION: forcing a failure.
[ 1127.714897][T23883] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1127.719456][T23883] CPU: 2 UID: 0 PID: 23883 Comm: syz.3.3889 Not tainted 6.15.0-rc7-syzkaller-00142-g4856ebd99715 #0 PREEMPT(full) 
[ 1127.719472][T23883] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 1127.719478][T23883] Call Trace:
[ 1127.719482][T23883]  <TASK>
[ 1127.719487][T23883]  dump_stack_lvl+0x16c/0x1f0
[ 1127.719506][T23883]  should_fail_ex+0x512/0x640
[ 1127.719524][T23883]  _copy_from_user+0x2e/0xd0
[ 1127.719535][T23883]  get_compat_msghdr+0xa7/0x170
[ 1127.719549][T23883]  ? __pfx_get_compat_msghdr+0x10/0x10
[ 1127.719566][T23883]  ___sys_sendmsg+0x1ae/0x1d0
[ 1127.719580][T23883]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1127.719609][T23883]  __sys_sendmsg+0x16d/0x220
[ 1127.719622][T23883]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1127.719641][T23883]  ? rcu_is_watching+0x12/0xc0
[ 1127.719654][T23883]  __do_fast_syscall_32+0x73/0x120
[ 1127.719671][T23883]  do_fast_syscall_32+0x32/0x80
[ 1127.719687][T23883]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1127.719700][T23883] RIP: 0023:0xf705e579
[ 1127.719708][T23883] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[ 1127.719719][T23883] RSP: 002b:00000000f504e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[ 1127.719729][T23883] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000300
[ 1127.719736][T23883] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1127.719742][T23883] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1127.719748][T23883] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[ 1127.719754][T23883] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1127.719767][T23883]  </TASK>
[ 1127.922205][T19829] usb 6-1: USB disconnect, device number 122
[ 1128.618036][T23898] mmap: syz.2.3894 (23898) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[ 1128.621839][T23898] FAULT_INJECTION: forcing a failure.
[ 1128.621839][T23898] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1128.626725][T23898] CPU: 0 UID: 0 PID: 23898 Comm: syz.2.3894 Not tainted 6.15.0-rc7-syzkaller-00142-g4856ebd99715 #0 PREEMPT(full) 
[ 1128.626750][T23898] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 1128.626761][T23898] Call Trace:
[ 1128.626768][T23898]  <TASK>
[ 1128.626775][T23898]  dump_stack_lvl+0x16c/0x1f0
[ 1128.626806][T23898]  should_fail_ex+0x512/0x640
[ 1128.626837][T23898]  _copy_to_user+0x32/0xd0
[ 1128.626856][T23898]  simple_read_from_buffer+0xcb/0x170
[ 1128.626885][T23898]  proc_fail_nth_read+0x197/0x270
[ 1128.626910][T23898]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1128.626937][T23898]  ? rw_verify_area+0xcf/0x680
[ 1128.626962][T23898]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1128.626986][T23898]  vfs_read+0x1de/0xc70
[ 1128.627007][T23898]  ? __pfx___mutex_lock+0x10/0x10
[ 1128.627030][T23898]  ? __pfx_vfs_read+0x10/0x10
[ 1128.627054][T23898]  ? __fget_files+0x20e/0x3c0
[ 1128.627079][T23898]  ksys_read+0x12a/0x240
[ 1128.627095][T23898]  ? __pfx_ksys_read+0x10/0x10
[ 1128.627114][T23898]  ? rcu_is_watching+0x12/0xc0
[ 1128.627136][T23898]  __do_fast_syscall_32+0x73/0x120
[ 1128.627164][T23898]  do_fast_syscall_32+0x32/0x80
[ 1128.627190][T23898]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1128.627211][T23898] RIP: 0023:0xf7f14579
[ 1128.627225][T23898] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[ 1128.627241][T23898] RSP: 002b:00000000f5036590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 1128.627257][T23898] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000f5036620
[ 1128.627268][T23898] RDX: 000000000000000f RSI: 00000000f73a2ff4 RDI: 0000000000000000
[ 1128.627278][T23898] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[ 1128.627288][T23898] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[ 1128.627298][T23898] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1128.627322][T23898]  </TASK>
[ 1128.704241][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1129.025973][T23906] syz.1.3896(23906): Attempt to set a LOCK_MAND lock via flock(2). This support has been removed and the request ignored.
[ 1129.031864][T23906] overlay: ./file1 is not a directory
[ 1129.325958][ T5986] usb 5-1: new high-speed USB device number 33 using dummy_hcd
[ 1129.485373][ T5986] usb 5-1: Using ep0 maxpacket: 8
[ 1129.490785][ T5986] usb 5-1: config index 0 descriptor too short (expected 5924, got 36)
[ 1129.493605][ T5986] usb 5-1: config 250 has an invalid interface number: 228 but max is -1
[ 1129.496819][ T5986] usb 5-1: config 250 has an invalid descriptor of length 0, skipping remainder of the config
[ 1129.501114][ T5986] usb 5-1: config 250 has 1 interface, different from the descriptor's value: 0
[ 1129.504995][ T5986] usb 5-1: config 250 has no interface number 0
[ 1129.507468][ T5986] usb 5-1: config 250 interface 228 altsetting 255 has 0 endpoint descriptors, different from the interface descriptor's value: 17
[ 1129.513103][ T5986] usb 5-1: config 250 interface 228 has no altsetting 0
[ 1129.523412][ T5986] usb 5-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07
[ 1129.526859][ T5986] usb 5-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59
[ 1129.529932][ T5986] usb 5-1: Product: syz
[ 1129.531423][ T5986] usb 5-1: SerialNumber: syz
[ 1129.564483][ T5986] hub 5-1:250.228: bad descriptor, ignoring hub
[ 1129.567365][ T5986] hub 5-1:250.228: probe with driver hub failed with error -5
[ 1131.054724][T23934] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1131.059083][T23934] Bluetooth: hci2: Opcode 0x0406 failed: -4
[ 1131.071358][T23934] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1131.073381][T23934] Bluetooth: hci3: Opcode 0x0406 failed: -4
[ 1131.078722][T23934] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1131.080658][T23934] Bluetooth: hci4: Opcode 0x0406 failed: -4
[ 1131.084112][T23934] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1131.089578][T23934] Bluetooth: hci1: Opcode 0x0406 failed: -4
[ 1131.406269][ T5955] usb 6-1: new low-speed USB device number 123 using dummy_hcd
[ 1131.535291][ T5955] usb 6-1: device descriptor read/64, error -71
[ 1131.601197][T23957] FAULT_INJECTION: forcing a failure.
[ 1131.601197][T23957] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1131.606156][T23957] CPU: 3 UID: 0 PID: 23957 Comm: syz.0.3909 Not tainted 6.15.0-rc7-syzkaller-00142-g4856ebd99715 #0 PREEMPT(full) 
[ 1131.606196][T23957] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 1131.606203][T23957] Call Trace:
[ 1131.606207][T23957]  <TASK>
[ 1131.606212][T23957]  dump_stack_lvl+0x16c/0x1f0
[ 1131.606231][T23957]  should_fail_ex+0x512/0x640
[ 1131.606250][T23957]  _copy_from_user+0x2e/0xd0
[ 1131.606260][T23957]  __ia32_compat_sys_socketcall+0x187/0x770
[ 1131.606275][T23957]  ? __fget_files+0x20e/0x3c0
[ 1131.606291][T23957]  ? __pfx___ia32_compat_sys_socketcall+0x10/0x10
[ 1131.606306][T23957]  ? fput+0x70/0xf0
[ 1131.606319][T23957]  ? ksys_write+0x1b9/0x240
[ 1131.606330][T23957]  ? __pfx_ksys_write+0x10/0x10
[ 1131.606341][T23957]  ? rcu_is_watching+0x12/0xc0
[ 1131.606354][T23957]  __do_fast_syscall_32+0x73/0x120
[ 1131.606371][T23957]  do_fast_syscall_32+0x32/0x80
[ 1131.606387][T23957]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1131.606401][T23957] RIP: 0023:0xf7f34579
[ 1131.606409][T23957] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[ 1131.606419][T23957] RSP: 002b:00000000f5055430 EFLAGS: 00000293 ORIG_RAX: 0000000000000066
[ 1131.606430][T23957] RAX: ffffffffffffffda RBX: 000000000000000b RCX: 00000000f5055444
[ 1131.606436][T23957] RDX: 0000000000000000 RSI: 00000000f5055560 RDI: 00000000f73c2ff4
[ 1131.606442][T23957] RBP: 00000000f5055560 R08: 0000000000000000 R09: 0000000000000000
[ 1131.606448][T23957] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[ 1131.606454][T23957] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1131.606468][T23957]  </TASK>
[ 1131.685582][T19829] usb 5-1: USB disconnect, device number 33
[ 1131.686322][T23959] input: syz1 as /devices/virtual/input/input454
[ 1131.795435][ T5955] usb 6-1: new low-speed USB device number 124 using dummy_hcd
[ 1131.925272][ T5955] usb 6-1: device descriptor read/64, error -71
[ 1132.045464][ T5955] usb usb6-port1: attempt power cycle
[ 1132.275573][ T5947] Bluetooth: hci2: command 0x0406 tx timeout
[ 1132.325440][T23974] netlink: 3 bytes leftover after parsing attributes in process `syz.0.3913'.
[ 1132.331809][T23974] batadv3: entered allmulticast mode
[ 1132.385650][ T5955] usb 6-1: new low-speed USB device number 125 using dummy_hcd
[ 1132.406099][ T5955] usb 6-1: device descriptor read/8, error -71
[ 1132.410753][T23976] input: syz1 as /devices/virtual/input/input455
[ 1132.645469][ T5955] usb 6-1: new low-speed USB device number 126 using dummy_hcd
[ 1132.666162][ T5955] usb 6-1: device descriptor read/8, error -71
[ 1132.775886][ T5955] usb usb6-port1: unable to enumerate USB device
[ 1133.075881][ T5947] Bluetooth: hci3: command 0x0406 tx timeout
[ 1133.155430][ T5947] Bluetooth: hci1: command 0x0405 tx timeout
[ 1133.155728][T23981] Bluetooth: hci4: command 0x0406 tx timeout
[ 1133.354413][T23985] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3917'.
[ 1133.384690][T23985] kvm: pic: non byte read
[ 1133.387658][T23985] kvm: pic: non byte read
[ 1133.390450][T23985] kvm: pic: non byte read
[ 1133.392942][T23985] kvm: pic: non byte read
[ 1133.396300][T23985] kvm: pic: non byte read
[ 1133.399072][T23985] kvm: pic: non byte read
[ 1133.401853][T23985] kvm: pic: non byte read
[ 1133.404646][T23985] kvm: pic: non byte read
[ 1133.669878][T23993] FAULT_INJECTION: forcing a failure.
[ 1133.669878][T23993] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1133.675149][T23993] CPU: 0 UID: 0 PID: 23993 Comm: syz.3.3919 Not tainted 6.15.0-rc7-syzkaller-00142-g4856ebd99715 #0 PREEMPT(full) 
[ 1133.675187][T23993] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 1133.675199][T23993] Call Trace:
[ 1133.675207][T23993]  <TASK>
[ 1133.675215][T23993]  dump_stack_lvl+0x16c/0x1f0
[ 1133.675244][T23993]  should_fail_ex+0x512/0x640
[ 1133.675273][T23993]  _copy_from_user+0x2e/0xd0
[ 1133.675296][T23993]  get_compat_msghdr+0xa7/0x170
[ 1133.675318][T23993]  ? __pfx_get_compat_msghdr+0x10/0x10
[ 1133.675345][T23993]  ___sys_sendmsg+0x1ae/0x1d0
[ 1133.675369][T23993]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1133.675418][T23993]  __sys_sendmsg+0x16d/0x220
[ 1133.675439][T23993]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1133.675470][T23993]  ? rcu_is_watching+0x12/0xc0
[ 1133.675491][T23993]  __do_fast_syscall_32+0x73/0x120
[ 1133.675520][T23993]  do_fast_syscall_32+0x32/0x80
[ 1133.675545][T23993]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1133.675566][T23993] RIP: 0023:0xf705e579
[ 1133.675580][T23993] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[ 1133.675596][T23993] RSP: 002b:00000000f504e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[ 1133.675614][T23993] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000280
[ 1133.675626][T23993] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1133.675636][T23993] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1133.675646][T23993] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[ 1133.675656][T23993] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1133.675679][T23993]  </TASK>
[ 1134.225223][T19829] usb 5-1: new high-speed USB device number 34 using dummy_hcd
[ 1134.355475][   T66] Bluetooth: hci2: command 0x0406 tx timeout
[ 1134.395510][T19829] usb 5-1: Using ep0 maxpacket: 8
[ 1134.406173][T19829] usb 5-1: config index 0 descriptor too short (expected 5924, got 36)
[ 1134.409043][T19829] usb 5-1: config 250 has an invalid interface number: 228 but max is -1
[ 1134.411836][T19829] usb 5-1: config 250 has an invalid descriptor of length 0, skipping remainder of the config
[ 1134.418239][T19829] usb 5-1: config 250 has 1 interface, different from the descriptor's value: 0
[ 1134.424921][T19829] usb 5-1: config 250 has no interface number 0
[ 1134.429416][T19829] usb 5-1: config 250 interface 228 altsetting 255 has 0 endpoint descriptors, different from the interface descriptor's value: 17
[ 1134.438073][T19829] usb 5-1: config 250 interface 228 has no altsetting 0
[ 1134.443877][T19829] usb 5-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07
[ 1134.450138][T19829] usb 5-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59
[ 1134.455285][T19829] usb 5-1: Product: syz
[ 1134.458777][T19829] usb 5-1: SerialNumber: syz
[ 1134.465899][T19829] hub 5-1:250.228: bad descriptor, ignoring hub
[ 1134.468927][T19829] hub 5-1:250.228: probe with driver hub failed with error -5
[ 1134.730083][   T40] audit: type=1800 audit(1748060932.814:242): pid=24012 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=set_data cause=unavailable-hash-algorithm comm="syz.1.3922" name="/newroot/406/bus" dev="tmpfs" ino=2268 res=0 errno=0
[ 1134.794835][T24012] block nbd1: shutting down sockets
[ 1135.155819][   T66] Bluetooth: hci3: command 0x0406 tx timeout
[ 1135.235506][   T66] Bluetooth: hci1: command 0x0405 tx timeout
[ 1135.238101][   T66] Bluetooth: hci4: command 0x0406 tx timeout
[ 1135.669928][T24026] netlink: 3 bytes leftover after parsing attributes in process `syz.3.3925'.
[ 1135.690068][T24026] batadv5: entered allmulticast mode
[ 1135.739712][T24029] input: syz1 as /devices/virtual/input/input456
[ 1136.001311][T24034] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3927'.
[ 1136.037997][T24034] kvm: pic: non byte read
[ 1136.041016][T24034] kvm: pic: non byte read
[ 1136.795475][T19829] usb 5-1: USB disconnect, device number 34
[ 1137.369086][T24062] FAULT_INJECTION: forcing a failure.
[ 1137.369086][T24062] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1137.373274][T24062] CPU: 2 UID: 0 PID: 24062 Comm: syz.1.3935 Not tainted 6.15.0-rc7-syzkaller-00142-g4856ebd99715 #0 PREEMPT(full) 
[ 1137.373289][T24062] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 1137.373295][T24062] Call Trace:
[ 1137.373300][T24062]  <TASK>
[ 1137.373308][T24062]  dump_stack_lvl+0x16c/0x1f0
[ 1137.373328][T24062]  should_fail_ex+0x512/0x640
[ 1137.373346][T24062]  _copy_from_user+0x2e/0xd0
[ 1137.373357][T24062]  get_compat_msghdr+0xa7/0x170
[ 1137.373371][T24062]  ? __pfx_get_compat_msghdr+0x10/0x10
[ 1137.373388][T24062]  ___sys_sendmsg+0x1ae/0x1d0
[ 1137.373403][T24062]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1137.373431][T24062]  __sys_sendmsg+0x16d/0x220
[ 1137.373444][T24062]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1137.373463][T24062]  ? rcu_is_watching+0x12/0xc0
[ 1137.373475][T24062]  __do_fast_syscall_32+0x73/0x120
[ 1137.373493][T24062]  do_fast_syscall_32+0x32/0x80
[ 1137.373509][T24062]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1137.373522][T24062] RIP: 0023:0xf709e579
[ 1137.373530][T24062] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[ 1137.373541][T24062] RSP: 002b:00000000f508e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[ 1137.373551][T24062] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000240
[ 1137.373557][T24062] RDX: 0000000020008820 RSI: 0000000000000000 RDI: 0000000000000000
[ 1137.373564][T24062] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1137.373569][T24062] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[ 1137.373575][T24062] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1137.373588][T24062]  </TASK>
[ 1138.235509][T24079] sp0: Synchronizing with TNC
[ 1138.764367][T24085] FAULT_INJECTION: forcing a failure.
[ 1138.764367][T24085] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1138.770079][T24085] CPU: 0 UID: 0 PID: 24085 Comm: syz.0.3941 Not tainted 6.15.0-rc7-syzkaller-00142-g4856ebd99715 #0 PREEMPT(full) 
[ 1138.770095][T24085] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 1138.770102][T24085] Call Trace:
[ 1138.770106][T24085]  <TASK>
[ 1138.770110][T24085]  dump_stack_lvl+0x16c/0x1f0
[ 1138.770130][T24085]  should_fail_ex+0x512/0x640
[ 1138.770148][T24085]  _copy_from_user+0x2e/0xd0
[ 1138.770159][T24085]  get_compat_msghdr+0xa7/0x170
[ 1138.770171][T24085]  ? __pfx_get_compat_msghdr+0x10/0x10
[ 1138.770194][T24085]  ___sys_sendmsg+0x1ae/0x1d0
[ 1138.770209][T24085]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1138.770237][T24085]  __sys_sendmsg+0x16d/0x220
[ 1138.770251][T24085]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1138.770268][T24085]  ? rcu_is_watching+0x12/0xc0
[ 1138.770279][T24085]  ? rcu_is_watching+0x12/0xc0
[ 1138.770291][T24085]  __do_fast_syscall_32+0x73/0x120
[ 1138.770308][T24085]  do_fast_syscall_32+0x32/0x80
[ 1138.770325][T24085]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1138.770338][T24085] RIP: 0023:0xf7f34579
[ 1138.770348][T24085] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[ 1138.770363][T24085] RSP: 002b:00000000f505655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[ 1138.770378][T24085] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800000c0
[ 1138.770389][T24085] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1138.770398][T24085] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1138.770408][T24085] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[ 1138.770418][T24085] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1138.770439][T24085]  </TASK>
[ 1139.025280][  T106] usb 7-1: new high-speed USB device number 35 using dummy_hcd
[ 1139.175602][  T106] usb 7-1: Using ep0 maxpacket: 8
[ 1139.179815][  T106] usb 7-1: config index 0 descriptor too short (expected 5924, got 36)
[ 1139.183251][  T106] usb 7-1: config 250 has an invalid interface number: 228 but max is -1
[ 1139.190805][  T106] usb 7-1: config 250 has an invalid descriptor of length 0, skipping remainder of the config
[ 1139.195553][  T106] usb 7-1: config 250 has 1 interface, different from the descriptor's value: 0
[ 1139.199395][  T106] usb 7-1: config 250 has no interface number 0
[ 1139.202344][  T106] usb 7-1: config 250 interface 228 altsetting 255 has 0 endpoint descriptors, different from the interface descriptor's value: 17
[ 1139.208563][  T106] usb 7-1: config 250 interface 228 has no altsetting 0
[ 1139.214204][  T106] usb 7-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07
[ 1139.220199][  T106] usb 7-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59
[ 1139.225702][  T106] usb 7-1: Product: syz
[ 1139.227244][  T106] usb 7-1: SerialNumber: syz
[ 1139.274725][  T106] hub 7-1:250.228: bad descriptor, ignoring hub
[ 1139.285305][  T106] hub 7-1:250.228: probe with driver hub failed with error -5
[ 1139.712505][T24103] netlink: set zone limit has 4 unknown bytes
[ 1141.505528][ T5986] usb 7-1: USB disconnect, device number 35
[ 1141.825591][T24146] netlink: set zone limit has 4 unknown bytes
[ 1141.880787][   T40] audit: type=1800 audit(1748060939.964:243): pid=24147 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=set_data cause=unavailable-hash-algorithm comm="syz.2.3951" name="/newroot/361/bus" dev="tmpfs" ino=1986 res=0 errno=0
[ 1141.935739][T24147] block nbd2: shutting down sockets
[ 1142.049382][T24152] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3954'.
[ 1145.024178][T24217] netlink: set zone limit has 4 unknown bytes
[ 1145.491274][T24224] kvm: kvm [24223]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010058) = 0x80000040
[ 1145.497124][T24224] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3971'.
[ 1146.443400][T24249] bio_check_eod: 2 callbacks suppressed
[ 1146.443411][T24249] syz.1.3975: attempt to access beyond end of device
[ 1146.443411][T24249] nbd1: rw=4096, sector=0, nr_sectors = 1 limit=0
[ 1146.450684][T24249] XFS (nbd1): SB validate failed with error -5.
[ 1146.653132][T24256] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3976'.
[ 1146.656970][T24257] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3976'.
[ 1147.937580][T24285] netlink: set zone limit has 4 unknown bytes
[ 1148.366727][T24290] netlink: set zone limit has 4 unknown bytes
[ 1148.441526][T24291] netlink: 3 bytes leftover after parsing attributes in process `syz.3.3984'.
[ 1148.457760][T24291] batadv5: entered allmulticast mode
[ 1148.507530][T24292] input: syz1 as /devices/virtual/input/input457
[ 1148.923196][T16871] bond0: (slave syz_tun): Releasing backup interface
[ 1149.087943][   T12] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1149.176121][   T12] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1149.262414][   T12] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1149.340642][   T12] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1149.347328][T23981] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 1149.351391][T23981] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 1149.354722][T23981] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 1149.359950][T23981] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 1149.363224][T23981] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 1149.380637][T24308] lo speed is unknown, defaulting to 1000
[ 1149.471564][T24308] chnl_net:caif_netlink_parms(): no params data found
[ 1149.749139][T24308] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1149.751549][T24308] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1149.753809][T24308] bridge_slave_0: entered allmulticast mode
[ 1149.766165][T24308] bridge_slave_0: entered promiscuous mode
[ 1149.770019][T24308] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1149.772789][T24308] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1149.775391][T24308] bridge_slave_1: entered allmulticast mode
[ 1149.778177][T24308] bridge_slave_1: entered promiscuous mode
[ 1149.872582][T24330] Bluetooth: MGMT ver 1.23
[ 1149.876640][T24322] Bluetooth: hci0: Opcode 0x0c03 failed: -112
[ 1149.881568][T24308] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1149.884667][   T12] bridge_slave_1: left allmulticast mode
[ 1149.887837][   T12] bridge_slave_1: left promiscuous mode
[ 1149.891414][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1149.896919][   T12] bridge_slave_0: left allmulticast mode
[ 1149.898746][   T12] bridge_slave_0: left promiscuous mode
[ 1149.900581][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1150.238650][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1150.242979][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1150.248682][   T12] bond0 (unregistering): Released all slaves
[ 1150.256547][T24308] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1150.288778][T24308] team0: Port device team_slave_0 added
[ 1150.292902][T24308] team0: Port device team_slave_1 added
[ 1150.534322][T24347] netlink: set zone limit has 4 unknown bytes
[ 1150.569986][T24308] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1150.572266][T24308] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1150.580587][T24308] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1150.588653][T24308] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1150.592491][T24308] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1150.602978][T24308] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1150.773283][T24308] hsr_slave_0: entered promiscuous mode
[ 1150.782962][T24308] hsr_slave_1: entered promiscuous mode
[ 1150.785039][T24308] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1150.802806][T24308] Cannot create hsr debugfs directory
[ 1150.990863][   T12] hsr_slave_0: left promiscuous mode
[ 1150.994018][   T12] hsr_slave_1: left promiscuous mode
[ 1150.997828][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1151.000312][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1151.003374][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1151.006021][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1151.032618][   T12] veth1_macvtap: left promiscuous mode
[ 1151.034545][   T12] veth0_macvtap: left promiscuous mode
[ 1151.036906][   T12] veth1_vlan: left promiscuous mode
[ 1151.038842][   T12] veth0_vlan: left promiscuous mode
[ 1151.273869][T24362] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3998'.
[ 1151.697749][   T12] team0 (unregistering): Port device team_slave_1 removed
[ 1151.774250][   T12] team0 (unregistering): Port device team_slave_0 removed
[ 1151.958667][T23981] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[ 1151.975526][T24339] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[ 1152.563353][T24387] Bluetooth: hci0: Opcode 0x0c03 failed: -112
[ 1152.869601][T24308] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 1152.877503][T24308] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 1152.884354][T24308] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 1152.893653][T24308] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 1152.941729][T24308] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1152.953698][T24308] 8021q: adding VLAN 0 to HW filter on device team0
[ 1152.959577][ T1138] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1152.961917][ T1138] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1152.972333][   T64] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1152.974659][   T64] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1153.159628][T24308] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1153.190184][T24308] veth0_vlan: entered promiscuous mode
[ 1153.195118][T24308] veth1_vlan: entered promiscuous mode
[ 1153.220481][T24308] veth0_macvtap: entered promiscuous mode
[ 1153.224833][T24308] veth1_macvtap: entered promiscuous mode
[ 1153.234696][T24308] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1153.242826][T24308] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1153.250451][T24308] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1153.253870][T24308] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1153.263429][T24308] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1153.266425][T24308] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1153.300759][ T1183] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1153.303291][ T1183] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1153.333352][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1153.336126][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1153.865269][ T5985] usb 6-1: new high-speed USB device number 127 using dummy_hcd
[ 1154.025309][ T5985] usb 6-1: Using ep0 maxpacket: 8
[ 1154.029405][ T5985] usb 6-1: config index 0 descriptor too short (expected 5924, got 36)
[ 1154.032807][ T5985] usb 6-1: config 250 has an invalid interface number: 228 but max is -1
[ 1154.036713][ T5985] usb 6-1: config 250 has an invalid descriptor of length 0, skipping remainder of the config
[ 1154.040867][ T5985] usb 6-1: config 250 has 1 interface, different from the descriptor's value: 0
[ 1154.044581][ T5985] usb 6-1: config 250 has no interface number 0
[ 1154.047292][ T5985] usb 6-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid wMaxPacketSize 0
[ 1154.051434][ T5985] usb 6-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 0
[ 1154.055785][ T5985] usb 6-1: config 250 interface 228 altsetting 255 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[ 1154.061156][ T5985] usb 6-1: config 250 interface 228 has no altsetting 0
[ 1154.066032][ T5985] usb 6-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07
[ 1154.069749][ T5985] usb 6-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59
[ 1154.073153][ T5985] usb 6-1: Product: syz
[ 1154.074930][ T5985] usb 6-1: SerialNumber: syz
[ 1154.081961][ T5985] hub 6-1:250.228: bad descriptor, ignoring hub
[ 1154.084606][ T5985] hub 6-1:250.228: probe with driver hub failed with error -5
[ 1154.595411][T23981] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[ 1154.600202][T24406] ==================================================================
[ 1154.602758][T24406] BUG: KASAN: slab-use-after-free in skb_queue_purge_reason+0x381/0x420
[ 1154.605332][T24406] Read of size 8 at addr ffff888022738858 by task syz.2.4005/24406
[ 1154.608882][T24406] 
[ 1154.610430][T24406] CPU: 1 UID: 0 PID: 24406 Comm: syz.2.4005 Not tainted 6.15.0-rc7-syzkaller-00142-g4856ebd99715 #0 PREEMPT(full) 
[ 1154.610446][T24406] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[ 1154.610454][T24406] Call Trace:
[ 1154.610459][T24406]  <TASK>
[ 1154.610464][T24406]  dump_stack_lvl+0x116/0x1f0
[ 1154.610484][T24406]  print_report+0xc3/0x670
[ 1154.610498][T24406]  ? __virt_addr_valid+0x5e/0x590
[ 1154.610514][T24406]  ? __phys_addr+0xc6/0x150
[ 1154.610528][T24406]  ? skb_queue_purge_reason+0x381/0x420
[ 1154.610544][T24406]  kasan_report+0xe0/0x110
[ 1154.610557][T24406]  ? skb_queue_purge_reason+0x381/0x420
[ 1154.610574][T24406]  skb_queue_purge_reason+0x381/0x420
[ 1154.610589][T24406]  ? __pfx_skb_queue_purge_reason+0x10/0x10
[ 1154.610607][T24406]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1154.610622][T24406]  ? drain_workqueue+0x313/0x3d0
[ 1154.610638][T24406]  ? __pfx_vhci_flush+0x10/0x10
[ 1154.610652][T24406]  vhci_flush+0x40/0x50
[ 1154.610666][T24406]  hci_dev_reset+0x231/0x530
[ 1154.610679][T24406]  hci_sock_ioctl+0x493/0x7d0
[ 1154.610689][T24406]  ? __pfx_hci_sock_ioctl+0x10/0x10
[ 1154.610701][T24406]  hci_sock_compat_ioctl+0x43/0x80
[ 1154.610711][T24406]  ? __pfx_hci_sock_compat_ioctl+0x10/0x10
[ 1154.610721][T24406]  compat_sock_ioctl+0x176/0x730
[ 1154.610731][T24406]  ? __pfx_compat_sock_ioctl+0x10/0x10
[ 1154.610742][T24406]  ? __fget_files+0x20e/0x3c0
[ 1154.610754][T24406]  ? __pfx_compat_sock_ioctl+0x10/0x10
[ 1154.610763][T24406]  __ia32_compat_sys_ioctl+0x24f/0x360
[ 1154.610779][T24406]  __do_fast_syscall_32+0x73/0x120
[ 1154.610796][T24406]  do_fast_syscall_32+0x32/0x80
[ 1154.610811][T24406]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1154.610824][T24406] RIP: 0023:0xf7f14579
[ 1154.610833][T24406] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[ 1154.610849][T24406] RSP: 002b:00000000f501555c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[ 1154.610860][T24406] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 00000000400448cb
[ 1154.610869][T24406] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1154.610875][T24406] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1154.610882][T24406] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[ 1154.610889][T24406] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1154.610900][T24406]  </TASK>
[ 1154.610904][T24406] 
[ 1154.685239][T24406] Allocated by task 24308:
[ 1154.686642][T24406]  kasan_save_stack+0x33/0x60
[ 1154.688113][T24406]  kasan_save_track+0x14/0x30
[ 1154.689576][T24406]  __kasan_kmalloc+0xaa/0xb0
[ 1154.691030][T24406]  vhci_open+0x4c/0x430
[ 1154.692357][T24406]  misc_open+0x35d/0x420
[ 1154.693699][T24406]  chrdev_open+0x234/0x6a0
[ 1154.695094][T24406]  do_dentry_open+0x741/0x1c10
[ 1154.696642][T24406]  vfs_open+0x82/0x3f0
[ 1154.697943][T24406]  path_openat+0x1e5e/0x2d40
[ 1154.699383][T24406]  do_filp_open+0x20b/0x470
[ 1154.700797][T24406]  do_sys_openat2+0x11b/0x1d0
[ 1154.702306][T24406]  __ia32_compat_sys_openat+0x16d/0x210
[ 1154.704040][T24406]  __do_fast_syscall_32+0x73/0x120
[ 1154.705642][T24406]  do_fast_syscall_32+0x32/0x80
[ 1154.707172][T24406]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1154.709137][T24406] 
[ 1154.709911][T24406] Freed by task 24308:
[ 1154.711184][T24406]  kasan_save_stack+0x33/0x60
[ 1154.712669][T24406]  kasan_save_track+0x14/0x30
[ 1154.714150][T24406]  kasan_save_free_info+0x3b/0x60
[ 1154.715722][T24406]  __kasan_slab_free+0x51/0x70
[ 1154.717219][T24406]  kfree+0x2b6/0x4d0
[ 1154.718493][T24406]  vhci_release+0xbb/0xf0
[ 1154.719856][T24406]  __fput+0x3ff/0xb70
[ 1154.721115][T24406]  task_work_run+0x150/0x240
[ 1154.722589][T24406]  do_exit+0xafb/0x2c30
[ 1154.723913][T24406]  do_group_exit+0xd3/0x2a0
[ 1154.725383][T24406]  __ia32_sys_exit_group+0x3e/0x50
[ 1154.727003][T24406]  ia32_sys_call+0xd56/0x1c40
[ 1154.728478][T24406]  __do_fast_syscall_32+0x73/0x120
[ 1154.730085][T24406]  do_fast_syscall_32+0x32/0x80
[ 1154.731607][T24406]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1154.733578][T24406] 
[ 1154.734353][T24406] The buggy address belongs to the object at ffff888022738800
[ 1154.734353][T24406]  which belongs to the cache kmalloc-1k of size 1024
[ 1154.738590][T24406] The buggy address is located 88 bytes inside of
[ 1154.738590][T24406]  freed 1024-byte region [ffff888022738800, ffff888022738c00)
[ 1154.742899][T24406] 
[ 1154.743657][T24406] The buggy address belongs to the physical page:
[ 1154.745592][T24406] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x22738
[ 1154.748275][T24406] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 1154.750865][T24406] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[ 1154.753308][T24406] page_type: f5(slab)
[ 1154.754572][T24406] raw: 00fff00000000040 ffff88801b442dc0 0000000000000000 dead000000000001
[ 1154.757194][T24406] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[ 1154.759828][T24406] head: 00fff00000000040 ffff88801b442dc0 0000000000000000 dead000000000001
[ 1154.762493][T24406] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[ 1154.765154][T24406] head: 00fff00000000003 ffffea000089ce01 00000000ffffffff 00000000ffffffff
[ 1154.767811][T24406] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[ 1154.770467][T24406] page dumped because: kasan: bad access detected
[ 1154.772448][T24406] page_owner tracks the page as allocated
[ 1154.774213][T24406] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 1231, tgid 1231 (kworker/u32:11), ts 941287834592, free_ts 941079177962
[ 1154.780081][T24406]  post_alloc_hook+0x181/0x1b0
[ 1154.781589][T24406]  get_page_from_freelist+0x135c/0x3920
[ 1154.783340][T24406]  __alloc_frozen_pages_noprof+0x263/0x23a0
[ 1154.785172][T24406]  alloc_pages_mpol+0x1fb/0x550
[ 1154.786699][T24406]  new_slab+0x244/0x340
[ 1154.788003][T24406]  ___slab_alloc+0xd9c/0x1940
[ 1154.789470][T24406]  __slab_alloc.constprop.0+0x56/0xb0
[ 1154.791199][T24406]  __kmalloc_noprof+0x2f2/0x510
[ 1154.792729][T24406]  ieee802_11_parse_elems_full+0x1d7/0x3780
[ 1154.794582][T24406]  ieee80211_ibss_rx_queued_mgmt+0xc69/0x2fd0
[ 1154.796464][T24406]  ieee80211_iface_work+0xbf4/0x1020
[ 1154.798146][T24406]  cfg80211_wiphy_work+0x3df/0x550
[ 1154.799741][T24406]  process_one_work+0x9cf/0x1b70
[ 1154.801293][T24406]  worker_thread+0x6c8/0xf10
[ 1154.802781][T24406]  kthread+0x3c2/0x780
[ 1154.804071][T24406]  ret_from_fork+0x48/0x80
[ 1154.805463][T24406] page last free pid 1231 tgid 1231 stack trace:
[ 1154.807417][T24406]  __free_frozen_pages+0x69d/0xff0
[ 1154.809006][T24406]  page_frag_free+0x255/0x2a0
[ 1154.810485][T24406]  skb_free_head+0xa0/0x1d0
[ 1154.811905][T24406]  skb_release_data+0x7a5/0x960
[ 1154.813431][T24406]  consume_skb+0xbf/0x100
[ 1154.814791][T24406]  batadv_forw_packet_free+0x217/0x250
[ 1154.816481][T24406]  batadv_iv_send_outstanding_bat_ogm_packet+0x26d/0x920
[ 1154.818651][T24406]  process_one_work+0x9cf/0x1b70
[ 1154.820202][T24406]  worker_thread+0x6c8/0xf10
[ 1154.821660][T24406]  kthread+0x3c2/0x780
[ 1154.822980][T24406]  ret_from_fork+0x48/0x80
[ 1154.824384][T24406]  ret_from_fork_asm+0x1a/0x30
[ 1154.825892][T24406] 
[ 1154.826653][T24406] Memory state around the buggy address:
[ 1154.828385][T24406]  ffff888022738700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 1154.830860][T24406]  ffff888022738780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 1154.833342][T24406] >ffff888022738800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1154.835815][T24406]                                                     ^
[ 1154.837968][T24406]  ffff888022738880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1154.840427][T24406]  ffff888022738900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1154.842959][T24406] ==================================================================
[ 1154.847269][T24406] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 1154.849539][T24406] CPU: 0 UID: 0 PID: 24406 Comm: syz.2.4005 Not tainted 6.15.0-rc7-syzkaller-00142-g4856ebd99715 #0 PREEMPT(full) 
[ 1154.853256][T24406] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 1154.856578][T24406] Call Trace:
[ 1154.857654][T24406]  <TASK>
[ 1154.858596][T24406]  dump_stack_lvl+0x3d/0x1f0
[ 1154.860060][T24406]  panic+0x71c/0x800
[ 1154.861305][T24406]  ? __pfx_panic+0x10/0x10
[ 1154.862741][T24406]  ? mark_held_locks+0x49/0x80
[ 1154.864248][T24406]  ? preempt_schedule_thunk+0x16/0x30
[ 1154.865945][T24406]  ? skb_queue_purge_reason+0x381/0x420
[ 1154.867668][T24406]  ? preempt_schedule_common+0x44/0xc0
[ 1154.869341][T24406]  ? skb_queue_purge_reason+0x381/0x420
[ 1154.871083][T24406]  check_panic_on_warn+0xab/0xb0
[ 1154.872791][T24406]  end_report+0x107/0x170
[ 1154.874264][T24406]  kasan_report+0xee/0x110
[ 1154.875689][T24406]  ? skb_queue_purge_reason+0x381/0x420
[ 1154.877430][T24406]  skb_queue_purge_reason+0x381/0x420
[ 1154.879122][T24406]  ? __pfx_skb_queue_purge_reason+0x10/0x10
[ 1154.880974][T24406]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1154.882635][T24406]  ? drain_workqueue+0x313/0x3d0
[ 1154.884217][T24406]  ? __pfx_vhci_flush+0x10/0x10
[ 1154.885767][T24406]  vhci_flush+0x40/0x50
[ 1154.887088][T24406]  hci_dev_reset+0x231/0x530
[ 1154.888542][T24406]  hci_sock_ioctl+0x493/0x7d0
[ 1154.890032][T24406]  ? __pfx_hci_sock_ioctl+0x10/0x10
[ 1154.891643][T24406]  hci_sock_compat_ioctl+0x43/0x80
[ 1154.893256][T24406]  ? __pfx_hci_sock_compat_ioctl+0x10/0x10
[ 1154.895089][T24406]  compat_sock_ioctl+0x176/0x730
[ 1154.896638][T24406]  ? __pfx_compat_sock_ioctl+0x10/0x10
[ 1154.898347][T24406]  ? __fget_files+0x20e/0x3c0
[ 1154.899825][T24406]  ? __pfx_compat_sock_ioctl+0x10/0x10
[ 1154.901507][T24406]  __ia32_compat_sys_ioctl+0x24f/0x360
[ 1154.903236][T24406]  __do_fast_syscall_32+0x73/0x120
[ 1154.904849][T24406]  do_fast_syscall_32+0x32/0x80
[ 1154.906390][T24406]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1154.908164][T24406] RIP: 0023:0xf7f14579
[ 1154.909447][T24406] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[ 1154.915358][T24406] RSP: 002b:00000000f501555c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[ 1154.917945][T24406] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 00000000400448cb
[ 1154.920376][T24406] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1154.922838][T24406] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1154.925267][T24406] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[ 1154.927724][T24406] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1154.930181][T24406]  </TASK>
[ 1154.931816][T24406] Kernel Offset: disabled
[ 1154.933171][T24406] Rebooting in 86400 seconds..

VM DIAGNOSIS:
04:21:39  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000000000 RBX=ffff88802b23b100 RCX=ffffffff81aec6ae RDX=ffff88801cac4880
RSI=ffffffff81aec688 RDI=0000000000000005 RBP=ffffc9000044fd10 RSP=ffffc9000044fc40
R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000001 R11=fffffbfff1c79516
R12=1ffff92000089f8c R13=0000000000000003 R14=0000000000000001 R15=ffffed1005647621
RIP=ffffffff81aec68a RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880977e7000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=000000002c1f5ffc CR3=000000005df6f000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000005000000000 0000000100000002
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000f000000000 0000000300000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=000000000000000a RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff854c6a35 RDI=ffffffff9ade4c80 RBP=ffffffff9ade4c40 RSP=ffffc9000d45f600
R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=3230383838666666
R12=0000000000000000 R13=000000000000000a R14=ffffffff9ade4c40 R15=ffffffff854c69d0
RIP=ffffffff854c6a5f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff8880978e7000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000000030620220 CR3=00000000122cc000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000005000000000 0000000100000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 2

CPU#2
RAX=0000000000000000 RBX=0000000000000000 RCX=ffffffff81f4cfc2 RDX=ffff8880248fc880
RSI=ffffffff81f4cfcb RDI=0000000000000005 RBP=ffffea0001708180 RSP=ffffc90003847740
R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000000 R11=0000000000000000
R12=0000000000000000 R13=dffffc0000000000 R14=dffffc0000000000 R15=ffff88804f0bc280
RIP=ffffffff81bab011 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880979e7000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000008f000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000f7f36e40 CR3=000000004b9a0000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 f700585858585858 2e7a7973f73d2ff4
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 f700585858585858
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff 0f0e0d0c0b0a0908
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 3

CPU#3
RAX=00000000010cf097 RBX=0000000000000003 RCX=ffffffff8b69a3e9 RDX=0000000000000000
RSI=ffffffff8dbde8d7 RDI=ffffffff8bf48ea0 RBP=ffffed100395c000 RSP=ffffc9000048fdf8
R8 =0000000000000001 R9 =ffffed10056a65bd R10=ffff88802b532deb R11=0000000000000000
R12=0000000000000003 R13=ffff88801cae0000 R14=ffffffff90854e10 R15=0000000000000000
RIP=ffffffff8b698c7f RFL=00000282 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff888097ae7000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000d6000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=000055af36b488c0 CR3=00000000229c2000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=000000000534c002 Opmask01=0000000000000000 Opmask02=00000000ffffffff Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000561acd284c50 0000561acd284c50
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fff2ff2fda0 0000003000000010
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6f6c737973007325 2e73250064252e73 2500656c6f736e6f 632f7665642f000a
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4a49565c56005600 0b56000041000b56 000040494a564b4a 460a5340410a000a
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 3230383838666666 6620726464612074 61203820657a6973 20666f2064616552
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 3731203a65756c61 76207327726f7470 6972637365642065 6361667265746e69
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 20656874206d6f72 6620746e65726566 666964202c726f74 7069726373656420
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 746e696f70646e65 2031207361682035 353220676e697474 6573746c61203832
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 3220656361667265 746e692030353220 6769666e6f63203a 312d362062737520
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000