last executing test programs:

5.776260036s ago: executing program 0 (id=2064):
socket$inet_mptcp(0x2, 0x1, 0x106)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x2, @pix_mp={0x0, 0x0, 0x34324152, 0x0, 0xb}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
socket(0x10, 0x803, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_open_dev$tty20(0xc, 0x4, 0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = getpid()
process_vm_readv(r1, 0x0, 0x0, &(0x7f0000008640)=[{0x0}], 0x1, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_open_procfs(0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r3)
sendmsg$NFC_CMD_ACTIVATE_TARGET(r3, &(0x7f0000000780)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000800)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="0100230100003402000007000000080001"], 0x2c}}, 0x20040080)
r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
openat$cgroup_ro(r5, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x301, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x40, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}, @NFTA_CHAIN_HOOK={0x14, 0x4, 0x0, 0x1, [@NFTA_HOOK_PRIORITY={0x8}, @NFTA_HOOK_HOOKNUM={0x8}]}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x4c, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, @counter={{0xc}, @void}}, {0x10, 0x1, 0x0, 0x1, @redir={{0xa}, @void}}]}]}], {0x14}}, 0xd4}}, 0x0)

4.647558037s ago: executing program 0 (id=2070):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x2, @pix_mp={0x0, 0x4, 0x34324152, 0x2, 0xb, [{}, {}, {}, {0xfffffffd}, {}, {0x0, 0x1000000}]}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, &(0x7f0000000080)='iocharset', &(0x7f00000000c0)='io#harset', 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
r1 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r1, &(0x7f0000000000)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB], 0x10}}, 0x0)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r2, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16)
connect$inet(r2, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
sendmmsg(r2, &(0x7f0000007fc0), 0x800001d, 0xf0)

3.757462795s ago: executing program 0 (id=2074):
socket$netlink(0x10, 0x3, 0x0)
socket$netlink(0x10, 0x3, 0x0)
socket(0x10, 0x803, 0x0)
socket$igmp6(0xa, 0x3, 0x2)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0x82602, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x804}, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000cc0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc0200000000000000ae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fc40848228567ffb400000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df2624f56da648d28ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71400fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada10eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff00000000000f000000ef0000000000000000000000000c52f4ebd2c893"], &(0x7f0000000080)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8b1b, &(0x7f0000000000)={'wlan1\x00', @multicast})
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r1, 0x34}, 0x10)
r2 = getpid()
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
ioctl$VHOST_SET_VRING_BASE(0xffffffffffffffff, 0x4008af12, &(0x7f0000000300)={0x3, 0x8000})
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = syz_io_uring_setup(0x117, &(0x7f0000000100), &(0x7f0000000280)=<r6=>0x0, &(0x7f00000001c0)=<r7=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000080)=0xfffffc00, 0x0, 0x4)
syz_io_uring_submit(r6, r7, &(0x7f00000000c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x7, 0x0, 0x0, 0x0, 0xc})
io_uring_enter(r5, 0x47f6, 0x0, 0x0, 0x0, 0x0)

3.024184259s ago: executing program 3 (id=2079):
r0 = socket$netlink(0x10, 0x3, 0x0)
socket$netlink(0x10, 0x3, 0x0) (async)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$IPSET_CMD_PROTOCOL(r2, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000008c0)={&(0x7f0000000880)=ANY=[@ANYBLOB="00000a000001000000000040000000a66d686eea"], 0x14}, 0x1, 0x0, 0x0, 0x4}, 0x30000000)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_int(r4, 0x0, 0x1a, &(0x7f00000002c0), 0x4) (async)
setsockopt$inet_int(r4, 0x0, 0x1a, &(0x7f00000002c0), 0x4)
sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r3, @ANYBLOB="01000000000000001c0012000c000100626f6e64"], 0x3c}}, 0x0) (async)
sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=<r5=>r3, @ANYBLOB="01000000000000001c0012000c000100626f6e64"], 0x3c}}, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000003c0)=ANY=[@ANYBLOB="3c00000010001fff000004000000000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800a000100767863616e0000000400028008000a00", @ANYRES32=r3, @ANYBLOB="76047a4693ece8734cabfd4aef"], 0x3c}}, 0x0)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NBD_CMD_RECONFIGURE(r6, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000000)=ANY=[@ANYBLOB="14000000", @ANYRESHEX=r5], 0x14}}, 0x0)
syz_genetlink_get_family_id$nfc(&(0x7f00000001c0), r6) (async)
syz_genetlink_get_family_id$nfc(&(0x7f00000001c0), r6)
syz_genetlink_get_family_id$nl802154(&(0x7f0000000080), r6)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) (async)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
syz_genetlink_get_family_id$nfc(&(0x7f0000000100), 0xffffffffffffffff) (async)
syz_genetlink_get_family_id$nfc(&(0x7f0000000100), 0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) (async)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r7 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r7, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r8=>0xffffffffffffffff, <r9=>0xffffffffffffffff})
connect$unix(r8, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r9, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r7, 0x8, &(0x7f0000000240)=0x2) (async)
sched_setaffinity(r7, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r8, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$kcm(0x10, 0x2, 0x0) (async)
socket$kcm(0x10, 0x2, 0x0)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) (async)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r10 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r10, 0x1, &(0x7f0000000b40)='source', &(0x7f0000000040)='c:::\x00', 0x0)

2.887357719s ago: executing program 0 (id=2080):
r0 = socket(0x2b, 0x80801, 0x1)
r1 = fsopen(&(0x7f0000000000)='cifs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000040)='source', &(0x7f0000005fc0)='//\xf2/\x06\b/\xdf/o\xdc\xea\x95\x9a\x82\x10\x97W\x8f7\x98\x9b\\/\\\xf9\rmD\x94)U\xdb\x15X.I\n}\xf3\x9d\xe4_\x05\x9cqf4I^#b?9\xde\xafu\'\x83L\xe0\x97\xe1n_\xa4%\xb1\x97\x93\xafv\xce/\\\xb4L\xf2_\xa7\xfb\xf4\x84\x1fA\xeas^\xef\xa2\x85\xa3!\xfb\x93\xd7R\xab2\x1eW\xe9h\x9b\xf7ul\xf9D\xd4\x82X5\x13\xaa\x87\xf9\xba\xa9m\x14\x14R_\x9a\\>4\xce\x8e_#\xf8D\xb1\xdep\x01\xcc:\xa6\xc5n\xeb\xab\xf70\x99\xef\x8b<M\n\xc0`[\x82\xf6$\xa4\xbe\x1e\xd3\xe4\xd9L\x14\xed\xcfK\xcc\xeb,\x1a1\xa6\xf3e\xc2F\xc3\x00\xaa\xd5\xfc\x1bR\xa9\x8c\xb4&\x9f\xa2$\x06\x1a\xb0W#\xf4\xde6\x04c\xc0\xeec\xa0l\xd5d\xe5\xcd\xb2\xc10\x97w\x87\xe5\x06\x91W\rr\xf5\x97%\xe8pO\xeb]\xc2\x98C\xffK\xa0\xb3\\\x99{\xcdR\x92\x94\xf7\x1d\x01Q\x1a\xbd\x15b\x15h\xe2!\x00\xb9z)\x19\x00\xee\xd2)[p`\xb3\x03\xa7p\'X\xec\xcdoX\x05\xff\xff/o\xb2\xad\xb8\x89i@\f\xffS&\x8a\xc9\xfez\xc2\x90\xe7F\xa6\xdb\r\x03j,N\xe1lw\n\xad\xe8\xf0\xbd\xa1\x98\xce\xf9\x1eR\x9cc\xc5ke_\xa7\x11\"\x04\xd8.\xa0\x15\x83\xf1\x92\xdby\xe9\xdc@.\xc1g\xc6\fc\xa26\xd8\xdf\xef\xf7\x9c\x1a\xcc\x8am\x8b7\xcf\xc5\xa6\xf4\f\xabj%Y\xa9\xdd\x0e9e\xb5\xec\x99@\xd2\t\n\xb1o', 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x14, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x5f, '\x00', 0x0, @lirc_mode2=0x10, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r4 = socket$packet(0x11, 0x2, 0x300)
close(r4)
signalfd(r4, &(0x7f00000001c0)={[0x1, 0xffffffff]}, 0x8)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r5 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000200)={0x0, 0x1, 0xf000, 0x2000, &(0x7f0000f9a000/0x2000)=nil})
getpid()
r6 = dup(r5)
ioctl$KVM_SET_VCPU_EVENTS(r5, 0x4400ae8f, &(0x7f0000000040)=@x86={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff})
ioctl$KVM_SET_VAPIC_ADDR(r6, 0x4008ae93, &(0x7f00000000c0)=0xffff)
r7 = socket$alg(0x26, 0x5, 0x0)
r8 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000002580)=@newtaction={0x88c, 0x30, 0x8, 0x0, 0x0, {0x7a}, [{0x878, 0x1, [@m_police={0x874, 0x1, 0x0, 0x0, {{0xb}, {0x848, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c, 0x1, {0x401, 0x3, 0xe78, 0x2, 0x3, {0x10, 0x1, 0x5, 0x401, 0x4, 0x1}, {0x1, 0x2, 0x6, 0x7ff, 0x90e, 0x7}, 0x5, 0x6, 0xf8}}, @TCA_POLICE_RATE={0x404, 0x2, [0x2, 0x10000, 0x1000, 0x7fffffff, 0xf3, 0x7, 0xfffffff7, 0x2, 0x7, 0xd, 0x4, 0x7fff, 0xa, 0xf7, 0xfffffff8, 0x7, 0x9, 0x2, 0x1, 0x100, 0x7f, 0xa, 0x101, 0x6b0, 0x71, 0x1000, 0x8, 0x707, 0x2, 0x9, 0xd1ca, 0xffffff00, 0x70, 0x3e2a, 0x1, 0x6, 0x2, 0x75a7, 0x4, 0x6, 0x96, 0x0, 0xffff, 0x4, 0xa, 0xb, 0xb84, 0x80000002, 0x1, 0x5, 0x71d, 0xfff, 0xd69f, 0x1, 0x6, 0x1, 0x8, 0x8, 0x1ff, 0x6, 0x400000, 0x4e, 0x101, 0x2, 0x0, 0x9, 0x2, 0xc, 0x8, 0x308, 0x7fff, 0x7, 0x6, 0xfffffffb, 0x3, 0x8, 0x2, 0x1, 0x8, 0x0, 0x9, 0xfffffff9, 0x1, 0xd, 0x80000000, 0x46, 0xfdc, 0xffffff8a, 0x10, 0x2, 0x1, 0x6, 0x9, 0x0, 0x3, 0x7, 0x1c0000, 0x7, 0xfffffff7, 0x6, 0x0, 0x1, 0x4, 0xb, 0x9, 0x8, 0x1, 0x80000000, 0xf9, 0x8, 0x2, 0x92c9, 0x80000001, 0x1c000, 0x7, 0x10000, 0x9, 0x9, 0x0, 0xb, 0x28, 0x2, 0x6, 0xd77, 0x4, 0x5, 0x4, 0x9, 0x0, 0x6a7b, 0x1, 0x6, 0x5, 0x6, 0x10000, 0x1, 0x0, 0x9, 0x0, 0xfffffff7, 0x4717, 0x0, 0x7ff, 0x3, 0x0, 0x7, 0x78c, 0x3, 0x1a, 0x2, 0x4, 0x6, 0x800, 0xc13, 0x81, 0x90, 0xb65, 0x1, 0x1, 0x0, 0x7, 0xcc66, 0x6, 0x7, 0x91, 0x32, 0xb, 0x401, 0x6a3, 0x6, 0x6, 0x1d, 0x3, 0x1, 0xffffffac, 0x63c, 0x8, 0x5, 0x5, 0x3, 0x5, 0x10001, 0x2, 0x3, 0xff7ffe00, 0x0, 0x9, 0x1, 0x400, 0x1ff, 0xd, 0xe64, 0x5, 0xfffffffc, 0x7ff, 0x200, 0x320, 0xb0c, 0x7, 0x5e37, 0x8a, 0x6, 0x0, 0xff, 0x0, 0x7, 0x8, 0xfffffffc, 0xdb2, 0x2, 0x0, 0xfffffffb, 0x7fffffff, 0x5, 0x2, 0x9, 0x9, 0x0, 0x6, 0x80d, 0x0, 0x1, 0x10, 0x7, 0x0, 0x40, 0x1000, 0x8, 0xb, 0x8000, 0xfffffffd, 0x9, 0x0, 0x9, 0x0, 0x73db, 0xbac5, 0x9, 0x51, 0x4, 0x200, 0x401, 0x10001, 0x400, 0x3, 0x8c7, 0x1, 0x8, 0x4, 0x2, 0x8, 0x0, 0x7990, 0x9, 0x8]}, @TCA_POLICE_PEAKRATE={0x404, 0x3, [0x7, 0x6, 0x4, 0x2, 0x1, 0x0, 0x7, 0x4, 0x9ba, 0x9, 0x40, 0x8, 0xc2bc, 0x8, 0x4, 0x3, 0x1, 0xe5, 0x8001, 0xc, 0x6, 0x1, 0x0, 0xb, 0x3, 0x3, 0xffff, 0x5fb, 0x8001, 0x7fff, 0x97c, 0x6, 0x1, 0xd, 0xc8e4, 0x6, 0x3, 0x7, 0xd, 0x8, 0x4, 0x0, 0x9, 0x7fffffff, 0x5, 0x6, 0x2c, 0xfffffffa, 0xfffffffd, 0x8001, 0x3, 0xfffffffc, 0x6, 0x5, 0x4, 0x2, 0x9, 0x1, 0x81, 0x800, 0x6, 0xf, 0xdb9, 0x1, 0x7, 0xa42b, 0x3ff, 0x8, 0x7fff, 0x7744, 0x6, 0x1, 0x4, 0x4, 0xb21, 0x2, 0x0, 0xf, 0x200, 0x3fc, 0x4, 0x4, 0x4, 0xbd, 0xc43, 0x80, 0x1, 0x8697, 0x2, 0x2, 0xdd, 0x3e2, 0x400, 0x5, 0x3ff, 0x8, 0x3, 0x9725, 0xd541, 0xd52, 0x6, 0x6, 0x7, 0x683, 0x9, 0x9, 0x3, 0x5, 0x400, 0x7fffffff, 0x6, 0x2, 0x4, 0xfffffffc, 0x2, 0x7f, 0x8, 0x1, 0x80, 0x0, 0x20, 0x635fb9e6, 0x2, 0x200, 0x0, 0x3, 0xfffffffb, 0xdf, 0x875, 0x950, 0x8, 0xffffffff, 0x1, 0x6, 0x9814, 0x8, 0xc, 0x8, 0x7, 0x8, 0x9, 0x9, 0xfffff000, 0x0, 0x7, 0x8, 0x21d9, 0x7, 0x5, 0x4, 0x9, 0xfffffffa, 0x0, 0x2, 0x635, 0x4, 0x6, 0x4, 0x6, 0xff, 0xfffffff7, 0x7, 0x40, 0xa, 0x0, 0xca62, 0x7, 0x1, 0x3, 0xffffffff, 0x4, 0x80094, 0x800, 0xb, 0xe, 0x5, 0x0, 0x9, 0x7ff, 0x2, 0xbb, 0x0, 0x401, 0x8001, 0xa2, 0x9, 0x5, 0x0, 0x0, 0x6, 0x1, 0x5, 0xffffff84, 0x5, 0x1010000, 0x9, 0x8, 0x2, 0x380, 0x6, 0x7, 0xffff, 0x8, 0x200, 0x5, 0x200, 0x0, 0x8, 0xfffffff8, 0x3, 0x0, 0x4, 0x0, 0xd0db, 0x7, 0xfffffffa, 0x2, 0x400, 0x81, 0x3ff, 0x2, 0x8, 0xffffffff, 0x8, 0x5, 0x1, 0x4, 0x2, 0x67cf, 0x3ff8, 0xea50, 0xfffffffb, 0x5, 0xa27, 0xd, 0x1, 0x867, 0x4179, 0x9b6, 0xf, 0x80, 0x0, 0x7, 0x0, 0x2, 0x2, 0x0, 0x4, 0x0, 0x1ff, 0x7, 0x5, 0xbf70, 0x2, 0x1, 0x97f]}]]}, {0x4}, {0xc, 0xb}, {0xc, 0xa}}}]}]}, 0x88c}}, 0x0)
bind$alg(r7, &(0x7f00000023c0)={0x26, 'hash\x00', 0x0, 0x0, 'crc32\x00'}, 0x58)
r9 = accept4(r7, 0x0, 0x0, 0x0)
sendto$inet6(r9, &(0x7f0000000400)="03948d648f98db713754", 0xfffffffffffffd9f, 0x40000, 0x0, 0x1c)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000740)={0x4, 0x2, 0x10000, 0x1000, &(0x7f0000f9a000/0x1000)=nil})
ioctl$KVM_RUN(r6, 0xae80, 0x0)
fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000080)='source', &(0x7f0000000240)='//\xf2/\x06\b/\xdf/o\xdc\xea\x95\x9a\x82\x10\x97W\x8f7\x98\x9b\\/\\\xf9\rmD\x94)U\xdb\x15X.I\n}\xf3\x9d\xe4_\x05\x9cqf4I^#b?9\xde\xafu\'\x83L\xe0\x97\xe1n_\xa4%\xb1\x97\x93\xafv\xce/\\\xb4L\xf2_\xa7\xfb\xf4\x84\x1fA\xeas^\xef\xa2\x85\xa3!\xfb\x93\xd7R\xab2\x1eW\xe9h\x9b\xf7ul\xf9D\xd4\x82X5\x13\xaa\x87\xf9\xba\xa9m\x14\x14R_\x9a\\>4\xce\x8e_#\xf8D\xb1\xdep\x01\xcc:\xa6\xc5n\xeb\xab\xf70\x99\xef\x8b<M\n\xc0`[\x82\xf6$\xa4\xbe\x1e\xd3\xe4\xd9L\x14\xed\xcfK\xcc\xeb,\x1a1\xa6\xf3e\xc2F\xc3\x00\xaa\xd5\xfc\x1bR\xa9\x8c\xb4&\x9f\xa2$\x06\x1a\xb0W#\xf4\xde6\x04c\xc0\xeec\xa0l\xd5d\xe5\xcd\xb2\xc10\x97w\x87\xe5\x06\x91W\rr\xf5\x97%\xe8pO\xeb]\xc2\x98C\xffK\xa0\xb3\\\x99{\xcdR\x92\x94\xf7\x1d\x01Q\x1a\xbd\x15b\x15h\xe2!\x00\xb9z)\x19\x00\xee\xd2)[p`\xb3\x03\xa7p\'X\xec\xcdoX\x05\xff\xff/o\xb2\xad\xb8\x89i@\f\xffS&\x8a\xc9\xfez\xc2\x90\xe7F\xa6\xdb\r\x03j,N\xe1lw\n\xad\xe8\xf0\xbd\xa1\x98\xce\xf9\x1eR\x9cc\xc5ke_\xa7\x11\"\x04\xd8.\xa0\x15\x83\xf1\x92\xdby\xe9\xdc@.\xc1g\xc6\fc\xa26\xd8\xdf\xef\xf7\x9c\x1a\xcc\x8am\x8b7\xcf\xc5\xa6\xf4\f\xabj%Y\xa9\xdd\x0e9e\xb5\xec\x99@\xd2\t\n\xb1o', 0x0)
dup(r0)
getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(0xffffffffffffffff, 0x84, 0x66, &(0x7f00000000c0)={0x0, 0x1}, &(0x7f0000000140)=0x8)
r10 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r10, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x10)

2.727248452s ago: executing program 3 (id=2082):
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
r1 = socket$inet6(0xa, 0x2, 0x0)
openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000000), 0x8801, 0x0)
socket$packet(0x11, 0x2, 0x300)
inotify_init1(0x0)
ioctl$vim2m_VIDIOC_ENUM_FMT(0xffffffffffffffff, 0xc0405602, &(0x7f0000000140)={0x0, 0x1, 0x0, "ee471a55b5e2c266422ef07bbfd7a61e37466e060403bbd8115bd48970e86a02"})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
r3 = syz_io_uring_setup(0x497, &(0x7f0000000200)={0x0, 0x7279, 0x0, 0x4, 0x316}, &(0x7f0000000340)=<r4=>0x0, &(0x7f0000000280)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
io_uring_enter(r3, 0x3516, 0x0, 0x0, 0x0, 0x0)
bind$inet6(r1, &(0x7f0000000480)={0xa, 0x0, 0x0, @rand_addr, 0x147d}, 0x1c)
r6 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r7 = dup(r6)
r8 = openat$sequencer(0xffffff9c, &(0x7f0000000080), 0x101000, 0x0)
ioctl$SNDCTL_SEQ_GETTIME(r8, 0x80045113, &(0x7f00000000c0))
ioctl$VHOST_SET_OWNER(r7, 0xaf01, 0x0)
setsockopt$bt_BT_VOICE(r0, 0x112, 0xb, &(0x7f0000000180)=0xc3, 0x2)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000181100", @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)

2.589242736s ago: executing program 0 (id=2084):
openat$vimc1(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r0 = creat(0x0, 0x20)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r2 = socket$inet6(0xa, 0x80002, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000400)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000280)={&(0x7f0000000300)=@mpls_getroute={0xcc, 0x1a, 0x8, 0x70bd27, 0x25dfdbfb, {0x1c, 0x0, 0x80, 0x8f, 0x0, 0x3, 0x0, 0x0, 0x1400}, [@RTA_NEWDST={0x84, 0x13, [{0xfff, 0x0, 0x1}, {0x5, 0x0, 0x1}, {0x6}, {0x92}, {0x4}, {0x0, 0x0, 0x1}, {0x16009, 0x0, 0x1}, {0x4, 0x0, 0x1}, {0x2}, {0xc}, {0x3, 0x0, 0x1}, {0x9}, {0xa}, {0x1, 0x0, 0x1}, {0xffff}, {0x9}, {0xf}, {0xff599, 0x0, 0x1}, {0x6}, {0xffff7}, {0x1, 0x0, 0x1}, {0xf066}, {}, {0x8, 0x0, 0x1}, {0x2}, {0x0, 0x0, 0x1}, {0xffffb, 0x0, 0x1}, {0x80}, {0x5}, {0x48d7, 0x0, 0x1}, {0xf}, {0x1, 0x0, 0x1}]}, @RTA_DST={0x8, 0x1, {0x3539, 0x0, 0x1}}, @RTA_VIA={0x14, 0x12, {0x1, "1bc30bd7dc694db5d9cb1dff99ab"}}, @RTA_DST={0x8, 0x1, {0xd64d, 0x0, 0x1}}, @RTA_DST={0x8, 0x1, {0x7ff}}]}, 0xcc}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
setsockopt$inet6_udp_int(r2, 0x11, 0x1, &(0x7f0000000080), 0x4)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
ptrace(0x4207, r1)
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r0, 0x8983, &(0x7f00000001c0)={0x0, 'ipvlan1\x00', {0x3}, 0xe39c})
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bind$alg(0xffffffffffffffff, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'blake2s-128\x00'}, 0xffffffffffffff18)
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$TIOCSETD(r5, 0x5423, &(0x7f0000000100)=0x14)
r6 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TIOCSETD(r6, 0x5423, &(0x7f0000000040)=0x14)
r7 = socket$phonet_pipe(0x23, 0x5, 0x2)
setsockopt$PNPIPE_ENCAP(r7, 0x113, 0x1, &(0x7f0000000140)=0x1, 0x4)

2.521313697s ago: executing program 2 (id=2085):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$TIPC_CMD_RESET_LINK_STATS(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000b00)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="0100000000000000000001"], 0x30}}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan0\x00'})
syz_genetlink_get_family_id$nl80211(&(0x7f0000000840), 0xffffffffffffffff)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x1002, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc, 0x7, {0x1}}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x800}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_SET_INTERFACE(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, 0x0, 0x5, 0x0, 0x0, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000640)='./cgroup.cpu/syz0\x00', 0x200002, 0x0)
r5 = openat$cgroup_procs(r4, &(0x7f0000000480)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r5, &(0x7f00000000c0), 0x12)

2.383422659s ago: executing program 1 (id=2086):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000ff0f000006"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r1, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)

2.383055231s ago: executing program 1 (id=2087):
sendmsg$NL80211_CMD_SET_POWER_SAVE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)={0x40, 0x0, 0x1, 0x70bd2b, 0x25dfdbfc, {{}, {@val={0x8}, @val={0xc, 0x99, {0x2, 0x3}}}}, [@NL80211_ATTR_PS_STATE={0x8}, @NL80211_ATTR_PS_STATE={0x8, 0x5d, 0x1}, @NL80211_ATTR_PS_STATE={0x8, 0x5d, 0x1}]}, 0x40}, 0x1, 0x0, 0x0, 0x801}, 0x40854)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
sendmsg$key(0xffffffffffffffff, &(0x7f0000000000)={0x500, 0x0, &(0x7f0000000040)={0x0, 0x30}}, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000240)={0x40000004})
r2 = creat(&(0x7f00000002c0)='./file0\x00', 0x60)
write$binfmt_script(r2, &(0x7f0000000d00)={'#! ', './file0', [{0x20, ','}, {0x20, '\t\x1b\x1c\x1e\xc3h$\xb0^\xc1\xab/\xb9\xf0\x13\xed\xd2\x05\xdfn{q\xac\xca\'\xef\xb0*\x11j=\xfb\x06$pY\x1cD\xd4\xf3\x98\xc6\xa1\x88\x9c\xe4\r9\xd3\x06L\xbf\x1a\xf1}M79?L\x98e\f\xb5\x0f\xfb\bH\xa8V\xc9ty\xdaJ9E-\xd0Z\xf4\x9b\xa0\xf5\x92\x06\x1b\x81\x03\xb7\xb0\xe3\x88\x85}G\xd9\x05\x85Jn\xf7\xf0\xae\xf7\xe22\x80[\xc62\'\x8e\xafC!b\x12\x9e\xd6\x0fW\x03\xf2c\xa5\x98h\xf9H\xa2\xa8\x83\xcb\x1c\xdd\xdc\xd2}\xfezZ\xc5\xd0ua\xd7\x06\x00\xa8\xf27\x8cU\xc4\x11\x1e\"`\x06Y\xafZ\xefK\xb1\xf0\x99\xd6\x1b\xed\xf5\xb7@/\x9d\x11\x9b\xe5\x9dP\xff\x99w\x81\xca,\x9a\xfc\a\x99\f\b%\x90\xd5\xd8\xb7\xc07#\xb7\xb5\xfc!i/\x05\x865\xeawWV+\xcc\x8c\xd3\xb5\x03\xff\xe0\x00'/233}, {0x20, 'ext4\x00'}, {0x20, '\xa6\x01+\x12e\xe9G\x87X\xff\x0e{\xe26\xec\xb1\xb07\xf0\x83\x1f5\xd8+!a<\x17i\xfb\xa9\x0f\xe3\x9c\xf4\x89S\x02\xa7\x93\xaf\xa9\xc8\x17W_\x8d\x7fm\x18\xbc\xb9x\xc2M\xa1\xeb:\xa8Tn;[\xb7\xecR\xdd\xd0\x95l\x00\x92\xff\x19\x1a\xa9\x06\x00\xe7Q\x11\xb83*#[\xe2\xfe0\xd7\xe1\x00\xb0q\xd7\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00}\xad\xbbG\xeb\xcf\xc0\xa2~}@w\xf9\xbc\xe3\xf1\x04\x8e!d\xfa\x83>J\xd6\xc4]\xca\xf1\x8f}|\xf5Z\x9c\xc9\x1f\xd9P'}, {0x20, 'ro\x00'}, {0x20, ':@'}]}, 0x19a)
write$UHID_INPUT(r2, &(0x7f0000002140)={0x8, {"0667ac1471a39e7e405a56fad1da33657c469277f43a3fd378bd197d6389e5b1e26f4c915122e6234741a35d5feff45cdaecf6a50ce568e26c3d9ac712395d040b9b422e85f06d1ed229b4e3e770f5ca31715663d60f7676a31a08eb04037a5d5d9c84c4c5eb4a17db2db860efa5c2d3fde2e69719c0b8d2921498e782dece314bf94161b9605b55895e1effd5326f0b9e46b372b1e4baac0c8e16db020ce566951bdcc61e0ae670832749e1792fb39fe2cd227ff0161096699ec99865feed9fff1e39dd7559b3c3452afa897fcd5c22f223d0060007df00fe14c5acfc1247f01874b501e9c95eeb0ea131259fa6711979283752c67a756c12b7b0382e9bed73ffd34202775d3b04cf904fcf445a64ae8408851f648bee65623ac7a56bfe9b7a44c5c848df4f5f508885af98d419e3c019593639c3b35a8fc5874b5f2863357f519b83d9bb37f3b7dc0d85662e83659c2d613078c2dcf580bb45c4099649df8484fa5fbd50e72a75d5a5d4d4cfa2f6a3a4b630a005158289b1e9a193c0f7dd3cfc0ac9f44cff352bf2b3914d24af628a1ede993f8c2c8139341103122d8036cb3b362872a0d5d6603cc5785c7f0917013034501b77ccce1e54d4afc41f94f79c40055c6463dca113367d5dcfb842d947a0f78a798c09a999835f1a591af7ad1d75b0215e41d1406152c674192e1703c614308008abf5228aa17954639565a5dacc1652ef3c0e514ce3fb7c0e218827673c4f710054ec7867869b4c40db2be56de65e0068ed3b21f4f5f138a395819accf412d4f6c903e510894504f066747bd26e4e483531b9330d478cbe7345a7232a684e603f5f6d947f43c5176495cb636c03da75a21b615a35db114095e4c9ae5ccb167153f790bba333ee22375eb454d912f04882c3eb39c9cb55460082b553b728f2afd5dab5e2a2698c7aa48682b46d25600d1f2ffa4b5463e9f5ea82234a683d929aff82164c797a44b07d60f966759eb4f91507c1e4a94c0d359e6ae268f47f269c76251baf3428cf64dfad87732440e15943d9e75e32f7a25ff08c89034b632823d243fc7d4cf068a17625147d99e2f1f79f139165a5b1ea5bcd92480587a7ee9543054ca5baeaad93e10c0f272686762ce75908b0be928125cc0d384dd890b665016fcd3b1f08ba9e35b6dc71b241a914bdc028eef3b1ba6ba397d88ef4fba6a00eb0a62546c4f7c4ec0f321a23feab51d89c9b71641092945bbef97ae87589f9d92e0ac7bd70a3b6ab938044f322935e50a257e04328e387f75042756d32482a0c351e7afe5116b46f64b734a552accb6b0dcd6cbeb0eef2a928eb1ee1cf56d9d0fb247a069a28f28c3462a8ce629c4feae6ad8b211e4f19801f569d0a2cce55fe2a894b9593eda0f696481e64ff481be9755a47a1e7b91c898f0f119203da21e5705b219344fbb48d70c3553e828b9bc4a8195db91168c521803d16aecd320c6e6ce1b0ba7a60af7b6289e4458c0453f81fa760dc37487c4b23e556c81e10efb9f002a2341eaddb3fc3bb55c388b115a7d2af2e8de67dd4cc4cb9a386e2c1b2bfb2e2b28f6d061d00093cb25b0b4d95dd1d01f308414105e575369a57736faba5c41502f8ff5dd27087a467604676f1e7154fffbcafa9464c2d2e4c3806f689285388686a892dd3ee6ccc14e4bb7b7e5bc5692bc28a108af91788e29df4b3eb2ad8a14daf83c75288758b5822bb45f9f531555a5518dabdd756e3bf73e5d4f0477aa250bf1041867734732faffb745018ea635217eadaee22abea004656ae1ef59e57fdb02d615da20b437d37f311f951e0bbb0857c39e537b0bb2c92d01c8a1ddaf493d8fec2e6251be7b3b462c6471330508bfcc7afff1a5dca7e646b297a7814cfdb88ab9c2829d3970a97aa7753c9a14f349ad67d9d68c9c707b8ebac8458a34ffb1ef688f4f9e1ca528578d961c6511888647ac8d3b0480ec3594aa0909b29c2bcddb5d52212f49d5c20cea05704ae75d494792529e0a8d57cf717ab7760b4506f07774ddefc299ee08de21ab44950427b1a25f4d06ac6fac10f8a5c892e02eaaff0ba4ffc992c31abe049458b88c549055d4218231182ef73cdabb51f27fff813caf8ce8651579ad7e1064324939f5ae678a29838d7baaae162f8258086366562a42d9e4952dae09052f222192cc20b16ad9f200b858e2a254d8ecce1f4755ac24aad6fc6199a588a8e2f1f0771ca6616b1271842057cb8f1df82b8c5729d7be61ee967a596627b2e7dad8612f0d35b70c242c825b739e4290d71cb5dc425c2e379958b0a0e2b1f058a4486702c7201080d87bba97537f77820b78448cda801d303c52943353a2d54505d9d99b0428a9ef425312146f74b657a31bd59480750a9f2415465ec9bfd9805a92c52490fe3de55854b1a2bb5cc25c34f95da672c03d1e82043f4daa77956cd5d2039a730f5f3f132c03572d0c7891e50f5eb509ec84205ba1488aab5e950ba439c9c3476feb5c2733e1bb37fa4d3ded8906c781b07c56fa57686a4a4ce8e9ddd778145f06228edb4b89860dabc7d8406dd4df1cd0fbb9974f2a88011e64ce09287c1124ad0afda256b461cfd59cc6f62206781131a2626f3ad8f7779ab68ed54d3d1b0d6f092d1f8d88a508062c1852ccc7bb148d00c9d24a06a30fbb71c1c1e6a1c3d7fd54860b27ac3bbc957b2d5a7cea44b2105d907cf6de1c45cebabdbe7fe98781e33fe9ab2c543a000b992bf79d816ad7f1e134a904d5bf4dd01e20ff28587fa973ceb7f6fdebc2eb3a3b684b12e85f6990b02d4dd7945fbf508529d9db15b2b80b5674cb1f4f33de96ad3a06dedbb6369edd3a8c754d22a0f2de857bfa7fa99c5725cbb2be3f5318032e06766bafd5184e5062c0f523b44526032b5f88ddabcba9721ea6376e14d9f66dd19fa67a684309f53e23cb152c592869cc7c99266123bd36cfdb198032a7085b4f895b1aec00b5d9ba8a9acbc9eb6d43bd3b387b306dcfa93c8be2b854a215b0e6112d45a08153894c070422a643111b5b3a746f83ebc5f7dabbe2f26f95b2005aae8005f92984220f5cf79945d1453e6e1f5ae406eb237b7001f11735d7d4dca2e93ac7136f40552e802585ba61b2f363f468cc9e909efe05512b60595d9070f53db5049acbd7bb5800b7aede84db92dfa0b225bf7f8a1188a9087ee7cf26e280922e67f032d53b82d75f42a2d6b3dba313e069efeed08e1f8dae89aca7575a8191518ef01ea6f649d1090d0902f18378a94b9040c34633b8b78297df1117724824ad3f507bf8c80412d585088c6f5333b39330ed679239185a37123228c1ca5edbcb4e304db7ed927123a42b914c13ff79532e524bfc01f0ee7c4603c4289b213641fffcf0da169383e45d02a18aff9ebd8941a4a6b3d25487908a30520ae95bb91f438c64d77f8f29e66b037e0a8019731a912aa63481c4661169592b7e0c349015c2f5488d85daaaeaf88ed09e53b1f01655c472687d64bc08ca9dc08dcb4630bc23d12ba168d05f67de7014df5232ebef78ec88106db68fbcf35b640ff8fd4c9af6d7cfcd1a9e7f7714c4b689e490f08ba5e9d372cee6bf2b9952ae6fdfc330954b41d1c0153724636dd78cc58849a9e9c13873dd5efd47ccdbe8434e59de9b819b09d1836371805bd2573f96314c233a6fe76bc27d83135219539f29a96a029f59778c44ccc58da759b324f74736494b64ea876373a050a076bc3ebf429a5b292836a0ac5ed2f612209b29d743faba13edcb9662e8bccaf1f926f90f6c8f3537e184beabe2062f9cbce368cbd765f4ef707739aba75aa8aa19121bc94a09748df6a1e08fef0c6f21eb54b66f3b476d0b5630b4e1ba11cd534f9a94917464df45b6d727fba47468eebf0daedbe905ca90400fa7138c24b351c76422152a00c2e1e8a260ba2fcabe1902d4a0a26e185820a1e20b3b3d2c8f96bcec99932ccddbc79f152a38914f0c34e60b0591d3c43c0d33ebd0dfd5665284ccbb67fdbac60ebe748d102f356fa4e69b50c3d61e0a80b1311a83f30c0c8a0f43a18e1226d36a8b2a92cca75544e265f4e0177adcbd4a7c7f38581a645a741754011a8f78e887d84b73918dbd54a95db989adb227fbd5fb69fb7cd45516559de141a2ac2f6897e96469b45e770b92500a75965c33102276255916f7b44c3d31dee5a5232aa321431fce2f274e187e5cd5ba5e2fc8b36c92e042adf270dd88a525bf7d519071896d08470acb754df61a65e115942031fe10fa6d8b0a503c14f32f11189827a2250e1ca4e72692a60b2e55456ea23e9d1b641c8ed6e27e85dc27622e42bce70e3e2b15ea7f9115e81788159d8afd452ce4219c017da79d5d47c6d2a688d0e804805fde5f8d49b024de3104d19aca3096a5879b0cad7dd5b51c98420f60ccd35aa5879900e7ae818b839ec3fa2b62a3175f10750e058b8e04707bb8a35fe73e1d5285be51086d4188cdd1fed0c692c922c24910bf50e07af5218545fcc80790c37d70f54b7ee055e57237e510e7e3f842a2f7d0c03c31d19a6dabb3a9af3fb645af7beda19de3bd41e396f503dcfc6963fe962da731a2c79ec8f5090469a0ba23ec94c990ff0cc576efb9405f86b14c4a856728aeb9f388404fff315ee082235579ef95a9097d007fd8c1d687dceffe2c81a58556408e714b402440611eb8bba32b1215fd0eb5feeda7b77c289d7df44409845bdacc39a2d34b5712ba2eff621462ab08b40d222c063c06d4717261e6a2a4c06f8563096e738695a526f6b4cb03889e29fbb6cd4893ce1f6cf2b1cee52b7b4769a43c24cb1122408b5d9d58208eeeee25af36a6ca9a495676ce3533bb7a1a86619f20ddd3a41d8a9d66de8158d7d146d620ee86402febcce619d2d6122174be9b793e8afcefe4c5e963230eb762cdcd9a9d678176b3f0529bcb147becf0b21eb445bbf24e216947981f8355d4f14c3a19bf24eef760ec828eb6c6919c901f4680467554232b04c0faf2fba629e433e9d0dcfd20ff1aa04a74d7ab239245db9f38bc90cdc94db1a7a77bbaf7832f6f9163b47d8ea6ff9825de9e90d76c18361b64b3ef8f837782dd66e97a2def7da111db56964177a8fda138384e5f3150355d0883be5d5e30f95b17ed19aa040ba0b17546ac05af6991dbeb13d92551e677951d00ee354314bb304dbfaf98cd13469131d935520cd29937ee064ad27504b07affa346d40412511c0d0f9f1d484bc9f8d5fee8e102a1d5126c28211f280e5f6c5373aec44b6cb82dcc46d6b630b7a91dbf7327c016807eb8c004c5d626167332dba018f595f73fb905eba252994f76707fbca30d8b0c0358186eb25c78a74a5cf96aaf9fd428f6328f46ce57551a1104920f36db499552e9d1d2d6f3f8ccec04ba0d1edecb5cb653e41407516941c1c940d6a05e1facd4b6ab8478146b81b58d389557351d7fe4a12a384f4afb48ad0fac63b0b4f66320d32cfdaac67874e4c9b0854a1e91c7982ef028ba61b4ab3fdb061200cecd26f2cfe2f4cd07d695a13617b5d51d40ff8dd24cf9cc84c87d088d922bc6dd12facc2768db3d93dcd6a7926c0e12e8254839bbf21d05acf6e7afb93efcc562da4029259d8f7185bfed0c397e48f8475489477a4952ecfc12a09c89681a30f758198c25208e15cbd1bc0f12b1fba7e2e138d0fa065d6cf66504f4a8d21256e38fdf4db6873b2f6dcca3c5e81f909a86a1a89690bef6e01b2459fe108dd7f0ffcfbfe5dc4c522cd078d9c8ac8dd09a33bb3e5b3c5d04d19e56b69a7692218e8592cbbf521f089ff4522b5", 0x1000}}, 0x1006)
ioctl$vim2m_VIDIOC_REQBUFS(r2, 0xc0145608, &(0x7f00000000c0)={0x1, 0x0, 0x4, 0x0, 0xff})
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text32={0x20, &(0x7f0000000180)="66ba4300b006ee0f01c40f009b27000000b9800000c00f3235008000000f30b80e0000000f23d80f21f835800000a00f23f8c9b9490300000f60b932c00a000000328fe858b660002fb90d090000b800680000ba000000000f30", 0x5a}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

2.137324853s ago: executing program 2 (id=2088):
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
fsopen(&(0x7f0000000080)='ext3\x00', 0x0)
r1 = getpgid(0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x0, 0x0)
r2 = epoll_create1(0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r4, 0x0, 0x0, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
creat(0x0, 0x0)
r5 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r5, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7fffffff, 0x400, 0x1, 0xd, 0x1, 0x6, 0x6}, 0x1c)
recvmmsg$unix(r5, &(0x7f0000003100)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}}], 0x1, 0x0, 0x0)
sendmmsg(r5, &(0x7f00000030c0)=[{{0x0, 0x0, &(0x7f0000000400)=[{&(0x7f00000000c0)}], 0x1}}], 0x1, 0x9200000000000000)
fcntl$addseals(0xffffffffffffffff, 0x409, 0x7)
fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
r6 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r4, &(0x7f0000000100)={0x20000014})
epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r2, &(0x7f0000000000)={0xa0000001})
epoll_wait(r6, &(0x7f0000000340)=[{}], 0x1, 0x1000)
socket$inet6_tcp(0xa, 0x1, 0x0)
r7 = socket(0x15, 0x5, 0x0)
getsockopt(r7, 0x200000000114, 0x2720, 0x0, &(0x7f0000000000))
r8 = memfd_create(&(0x7f0000001dc0)='+\x8b\x8a\xa9\x16\x11\x91J\xbc+  \x18\x17\xc2:}\xa3\x9bO\xdd\xdf\xdf\x92\xd5\xed\xb4\x17\xe5\xd6\x9a\xb2\xd8\x9ba\xde\xb2.F\xc0\x99}|\xaf\xd3\x1d\x84[*_\x9f\x9d\xb0rYP\x1b\x9f \xe0\x9cgq\x103\x89\x11\x87Rv\x169\xdf\xe3>B\x04\x00\x00\x00W\xd3\xec\xfb\xdf?\xa2\x90+\xa4!\xb2\xf2\xff\x90\a\xc3\x12\xc4;\xffh\xf1x=\xb9c\xce\x03h\xdap\x88U\x1788\x82\xd7\xfd\x83\x00Sx\x91%\x99_\xfe\xd4c\x83\x86\x0f\xa4a-\xaf\x9e\xd9\xef\xe0)]\x00F\xfa\x03\xbc4\xc4\x9a\v\x03\x8b\xa4\xf3\x8f\xf4\"\'\xd3\a9\x14H}j&~\xe9\x16\x83o\xbd\xab\xcd[\xbd\xcb\x04\xfc\xe7\xe3\x9e?\x12\xf0\xf4\x83M3\xd88\x92?@\v\xe6\xd1\xd2\xe4\xde\xdaUeJ\x9fR\xd1`\xfa\xc8\v\xed\xfd\x0e\xc8\x89W\x847\x88\x82\x94\x14\xe33\xb7H\xc8b\xd6@3F#\xb7\x04C\x8dm\t\x16a\x0fI\xf4\xfe\xf8\x06j\x19Pz\x03\x00\x0f\x98`W\xdb\xc6\"81A\xa4\x8bT\xf1\xcb\xab\xa3\t\xef\xdf&\x0e\xad\x03\x123.\xc2V\xaa\xd5\xf8\xde\x8aV\xa4p{\xcez\xa2\x92 \x00*wLO\f\x97X\x05\x9a\xc2\xe8\x85\x9d\xcb\xc8\xf0\xc4\x01\x03\xe3?\x9f1\xf4\xfb\xa5y`KB\xdf\xae#\x94C\a\x04\xea\xccG\xf2\b\x8f\xf7\xb1\xe96\x90\xf5P\xa4\'\f\xc9\xc5H\x0f;\xd3\xe2\at\x9bJ\xe6\xce\xe3\xa24\x196\xc5Q\xa1K\x95\xd6\xfal\xe9\xd1\\\r&\xb2c\xb3\x8d\xa7\xb7\xa8\x03S\xbd\xdd\b{\xae\f\x10\xc2\xbb\xd0\xdd*\xa3\xb4\fJ\x00X\xab`N; LF\xa5D\xee\xdf\x7f\x80p\xf6o\x1c\xbdXR\xf2\xa0\x81a\xa1\xe1B\x93Xn\xaf\xfc\x05?\xab\xac\x91x\xa8#\xe1\xbeQ\xd1^\x9b\xb9)\xd3\n\xf7(3!\x18\b\xc0\xaampRl\xfdQ\x03\x8c\xd5\xe4\\\xed\x9a\xd1?\xd21\xc8\x90\x1dl|\xd1\x14\xbc3\xe0\x1e\x0e\xe6\x88Y\x99K\x93\x1c@_P\x8c\xc7\x9eZ\xb74KT:\x8a\xdbJ#w\x18\x14\x00\x93\x86\xa5wo\xf6M\xe7D\xf4*\xe3X\x1d\x19\x83\xa7w\xc7+7\x89s\xed\x8a\xd7O\xdd\rhh`\xc0\xa8$\x06pu\xa0\xd0L\x0ez@I\xb8\x83\xb2f\x93j\a0I\xc8l\xe5\x9b\x06\xb5\xac`d\xa3\xcf/\x14\x10\xab\xab\t\xec\xc1c\fA\xee\xdc\xef\xbap@*7\x86\xdf\',\x03Y\xb1$\xf0\xb5}\xf0\x82%)\xdeA\x1ed\x85m\x80\xd2\xcf@\x06}\xea\xe7w`\xa5\x11\x9f\x9b\x9e\x8f\xb7cb\x1a\xe1\xcf\x87\x1c\\\xf5\xc21\xf7\x82C*\xd5;\x00\x00\x00\x00\x03\xba\xe3\xdc\x92\'\x8e\xd5\x7fG\xfd.\x91\x89T\x99t\xd4d,\xd5\x92O\xf1\xafT!Y\x8e\\\xac\xf7\x11R\x05p\x1a\"\r\xe9\xe5\x8b&\x0f\x8c\xfb\xef\xf8\xd5\x18\xde\xeb\xe5\x19\xdd\xebQ8\xc5iS+\x06D\x16\xfe\xf5.\xe5\v\x89\xb0\"\xa3M\xe9\x81\x11P\xdb\xc4\xc2y\x14\x04\x06\xf6\f\xb0\xecz\x8d`\xb5\x9b\xb43\xcc1\xa7\x9e\xa8\xb5\'\xc6MAe\x0f\xd1\xfcG\xc2/\xe8\xe9t\xcaQ\xf1\fI\x1chM\xc1\x92\xe3\xc3\x01M\xc8/\xefJ\xcb\xd0]\f\xff\xf5\x92\xce\x97Z\xea\xe8\x99\xfa\x96\xce\xa7\x02\xad\xa2\xce\x955\xeaNg\x02\xcd\xfd\x1a}.\xd3\"x\x89/8H\xc2\x93B\na)\x86\xa9U\xa0\xb7\x18\xfb\xe9\xd1\x97\xf6\xb8\xebN\xe2\x18\x04[\xabW}\xb1\xffo\xae~=\x9dd\x9f\x92\xd2[\xb8\xb6\x1a\x02c\xa1\xd1H\xb7@\x06\x96s\xef\xee\x92\xfaC\x15+\x84%h1O\xe2\xb8\xd3\x19R\x00\f\n\x1cpEn\xad\xa7IRf\xc65\x15<}\xb8\x05\xe4\xb7\x9e\xf3\xda\xdavzB\xf8qj\x9e\xe4\xbd\x05\xcfx\xb5\x12\t\xe0\xf2\'f\xf4+\xb3\xdeA6\x10O\xdd\x9c\xf7B', 0x3)
fcntl$addseals(r8, 0x409, 0x8)
ioctl$FS_IOC_RESVSP(r8, 0x40305829, &(0x7f0000000000)={0x0, 0x0, 0x1, 0x0, 0x4000})
close_range(r0, 0xffffffffffffffff, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)

1.618741477s ago: executing program 3 (id=2089):
r0 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
preadv(r0, &(0x7f00000004c0)=[{&(0x7f0000000480)=""/28, 0x1c}], 0x1, 0xffffffff, 0x7fffffff)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_KEY(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)={0x3c, r1, 0x9, 0x0, 0xfffffffe, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_KEY={0x14, 0x50, 0x0, 0x1, [@NL80211_KEY_MODE={0x5, 0x9, 0x2}, @NL80211_KEY_IDX={0x5}]}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}]}, 0x3c}}, 0x0)

1.526995179s ago: executing program 3 (id=2090):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x8, 0xb4, &(0x7f0000000140)=""/180, 0x41100, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xfffffe94, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
iopl(0x3)
get_robust_list(0x0, 0x0, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
ioprio_set$pid(0x3, 0x0, 0x4004)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2)
socket$inet6(0xa, 0x1, 0x0)
r3 = socket$nl_rdma(0x10, 0x3, 0x14)
r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000680)=ANY=[@ANYBLOB="0200000000400092c8c115a0c1383bf2dcfd41a328d3afb549b327b77c59caa9ec196e9c8bccbe6021297dcaa830b9a82725cb971cd5a84aff7891d0c3be0dd6634c0b202f88f9e3976ff5cd586ca58773f464c410218247b3aaecdacd8a9705a6f7552bb7489c03bab827ec1e146b98df8d137a8049d516fafc68b13a0321bcb40a09eeb6a827e8e59f19a58f6521836fad4d16eb5638d45fa525fdcc687a12c36d294cd00847372d66cf4d23931ca7e017", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
r5 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TIOCSETD(r5, 0x545d, &(0x7f0000000200)=0x3)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000040)={r4}, 0x4)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r4, @ANYBLOB="0000000000000000b70500000000000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000a50000000800000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r6}, 0x10)
bpf$MAP_CREATE(0x300000000000000, &(0x7f0000000280)=@base={0x18, 0x4, 0x41, 0x0, 0x1, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x4003, 0x1, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r7 = eventfd(0x3)
write$eventfd(r7, &(0x7f0000000bc0)=0xffffffffffffffff, 0x8)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="ffff0000031401fedbdf250900040073797a3100000008004000733deb9968003300626f6e300800"/51], 0x38}, 0x1, 0x0, 0x0, 0x800}, 0x20000000)

1.33673968s ago: executing program 1 (id=2091):
bpf$MAP_CREATE(0x0, &(0x7f0000000680)=ANY=[@ANYBLOB="0f000000040000000800000008"], 0x48)
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo/3\x00')
read$eventfd(r0, &(0x7f00000004c0), 0xffffffffffffffa6)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002700)={0x18, 0x3, &(0x7f0000000480)=ANY=[], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xa, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$SO_TIMESTAMP(r1, 0x1, 0x3f, &(0x7f0000000080)=0x1, 0x4)
bind$inet(r1, &(0x7f0000000440)={0x2, 0x4e23, @multicast1}, 0x10)
sendto$inet(r1, 0x0, 0x0, 0x20000f3d, &(0x7f0000000000)={0x2, 0x24e23, @empty}, 0x10)
sendmsg$inet(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000002ac0)=[{&(0x7f0000002b00)="3c4be665", 0x4}], 0x1}, 0x0)
setsockopt$SO_TIMESTAMPING(r1, 0x1, 0x25, &(0x7f00000022c0)=0x19fa, 0x4)
recvmmsg(r1, &(0x7f0000003b00)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000003540)=""/126, 0x7e}, 0xe2}], 0x400000000000160, 0x2, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
r2 = socket$tipc(0x1e, 0x4, 0x0)
setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000040)={0x42, 0x840}, 0x10)
r3 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r3, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0x2}}, 0x10)
r4 = socket$tipc(0x1e, 0x5, 0x0)
r5 = syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x80000)
ioctl$DRM_IOCTL_MODE_PAGE_FLIP(r5, 0xc01864b0, &(0x7f0000000040)={0x0, 0x0, 0xb, 0x32, 0x9})
bind$tipc(r4, &(0x7f00000000c0)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10)
bind$tipc(r4, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x1, 0x4}}, 0x10)
bind$tipc(r3, 0x0, 0x0)
r6 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r6)
wait4(r6, 0x0, 0x0, &(0x7f0000000500))
syz_emit_ethernet(0x66, &(0x7f0000000500)=ANY=[@ANYBLOB="bbbbbbbbbbbbaaaaaaaaaabb86dd6002adf700303200fe880000000000000000000000000001ff020000000000000000000000000001020007780000000060cb03800000000000000000000000000000ffffe0000001fe880000000000000000000000000001462bcd24ec8657a0eb843b25d1b733cf50cb2fe949bf2bd83dd6a8c4e19139840e9bbf405b5a6e50fb50acdfa4845d43f90040c9a323a25ad6ad00aa5c96fee8f3b35141ca896cb433e8d7aeb914a321a598dad42273100366b867d79af9acc401436759561ce7cb62784cb58decae6956ca8175ed9069057830db543e233892482b18081e27745f00a6fffa7471d3a6f9659760bd7e73f3a1c0b26beca9afca0c2affe7a991488d591bb93541c18f9b69cf7dee0a29dd278fb50abc926a91d2078c3a1f7934cc0b192f51cca290"], 0x0)

1.255795651s ago: executing program 2 (id=2092):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r0)
sendmsg$NFC_CMD_DEV_UP(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r1, @ANYBLOB, @ANYRES32=0x0, @ANYBLOB], 0x1c}}, 0x0)
r2 = socket(0x29, 0x2, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r2, 0x10e, 0xc, &(0x7f0000000000)={0x76dc, 0x0, 0xfffffff8, 0xfffffffc}, 0xf)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000540)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000fef000/0x1000)=nil})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=@getqdisc={0x34, 0x26, 0x4, 0x70bd2c, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x8, 0xfff2}, {0x0, 0x3}, {0x1, 0x3}}, [{0x4}, {0x4}, {0x4}, {0x4}]}, 0x34}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socket$igmp6(0xa, 0x3, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r3, 0x8, &(0x7f00000000c0)=0x2)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r6 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r6, 0x84, 0x9, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r6, 0x84, 0x13, &(0x7f0000000040)=0xa, 0x4)
sendto$inet6(r6, &(0x7f0000847fff)='X', 0x1, 0x0, 0x0, 0x0)
r7 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2)
r8 = memfd_create(&(0x7f0000000540)='y\x105\xfb\xf7u\x83%\x1f\xe09@:r\xc2\xb9x0\x90P\x03\x00\x00\x00\x00\x00\x00\x00\xfe,\x1c\xf1\xdd\xcf]\xac\xbc\t\xbb\xfc\xa4j\x9f\xceX\x8f5=\xaa\xd5\xe9n\xab s\xa5\x00\x8d\tV\t\x91\x18\x06O\xb0=D\xda\xb6F\x1a\xc82\x8b\xc0l\xd0\x89d\xe6\xb7\xd8\x97\xb8\xde\xa3\x89\"%/u\x17\xdam\x8d\x01Lh\x1e^\x9ej\x1c\xc5\xf0\xf6\x92\x05\x9aH\x00\'\xd4\x94d[\v\xfc\xad\x0f\xa8\xc5\xad\x001\x8b%\xaa?\x00\x00\x00\x00\x00\x00\x00\nj\x8c\xef\x90\xc0Z\xfa\x1a\xb3\xf0wVq\xe9d\xf8N\x80\xd1g\xd8e\xc8\x16\xad1\x02\xab\xce3\xb2\xb0\xd1\x11\xf0\xc2Gj+kV', 0x2)
ftruncate(r8, 0xffff)
fcntl$addseals(r8, 0x409, 0x7)
r9 = ioctl$UDMABUF_CREATE(r7, 0x40187542, &(0x7f0000000000)={r8})
ioctl$DMA_BUF_IOCTL_SYNC(r9, 0x40086200, &(0x7f0000000100)=0x6)

1.254743123s ago: executing program 1 (id=2093):
socket(0x40000000002, 0x3, 0x2)
syz_open_dev$sndctrl(&(0x7f0000000100), 0xab3, 0x2d0142)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={&(0x7f0000000640)=ANY=[@ANYBLOB="9feb0100180008000000000034000000340000000600000004000000000000070000000000"], 0x0, 0x52, 0x0, 0x1, 0x0, 0x0, @void, @value}, 0x28)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="0000001c151c439869e84ae70066d8ade0f5238dca6b"], &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x16, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000400)={'veth0_to_team\x00', 0x0})
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
r3 = pidfd_getfd(0xffffffffffffffff, r1, 0x0)
ioctl$FIBMAP(r3, 0x1, &(0x7f00000002c0)=0x2a278e3f)
sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2)
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r4, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x2}, 0x6)
r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
socket$netlink(0x10, 0x3, 0x0)
ioctl$HCIINQUIRY(r5, 0x400448ca, 0x0)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000340)='./file0\x00', &(0x7f00000004c0), 0x700, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0)
mkdir(&(0x7f0000000080)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x4000000, &(0x7f0000000500)={[{@workdir={'workdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@nfs_export_off}, {@verity_require}]})

822.354391ms ago: executing program 0 (id=2094):
openat$vimc1(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r0 = creat(0x0, 0x20)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r2 = socket$inet6(0xa, 0x80002, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000400)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000280)={&(0x7f0000000300)=@mpls_getroute={0xcc, 0x1a, 0x8, 0x70bd27, 0x25dfdbfb, {0x1c, 0x0, 0x80, 0x8f, 0x0, 0x3, 0x0, 0x0, 0x1400}, [@RTA_NEWDST={0x84, 0x13, [{0xfff, 0x0, 0x1}, {0x5, 0x0, 0x1}, {0x6}, {0x92}, {0x4}, {0x0, 0x0, 0x1}, {0x16009, 0x0, 0x1}, {0x4, 0x0, 0x1}, {0x2}, {0xc}, {0x3, 0x0, 0x1}, {0x9}, {0xa}, {0x1, 0x0, 0x1}, {0xffff}, {0x9}, {0xf}, {0xff599, 0x0, 0x1}, {0x6}, {0xffff7}, {0x1, 0x0, 0x1}, {0xf066}, {}, {0x8, 0x0, 0x1}, {0x2}, {0x0, 0x0, 0x1}, {0xffffb, 0x0, 0x1}, {0x80}, {0x5}, {0x48d7, 0x0, 0x1}, {0xf}, {0x1, 0x0, 0x1}]}, @RTA_DST={0x8, 0x1, {0x3539, 0x0, 0x1}}, @RTA_VIA={0x14, 0x12, {0x1, "1bc30bd7dc694db5d9cb1dff99ab"}}, @RTA_DST={0x8, 0x1, {0xd64d, 0x0, 0x1}}, @RTA_DST={0x8, 0x1, {0x7ff}}]}, 0xcc}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
setsockopt$inet6_udp_int(r2, 0x11, 0x1, &(0x7f0000000080), 0x4)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
ptrace(0x4207, r1)
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r0, 0x8983, &(0x7f00000001c0)={0x0, 'ipvlan1\x00', {0x3}, 0xe39c})
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bind$alg(0xffffffffffffffff, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'blake2s-128\x00'}, 0xffffffffffffff18)
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$TIOCSETD(r5, 0x5423, &(0x7f0000000100)=0x14)
r6 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TIOCSETD(r6, 0x5423, &(0x7f0000000040)=0x14)
r7 = socket$phonet_pipe(0x23, 0x5, 0x2)
setsockopt$PNPIPE_ENCAP(r7, 0x113, 0x1, &(0x7f0000000140)=0x1, 0x4)

634.113063ms ago: executing program 3 (id=2095):
r0 = socket(0x2b, 0x80801, 0x1)
r1 = fsopen(&(0x7f0000000000)='cifs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000040)='source', &(0x7f0000005fc0)='//\xf2/\x06\b/\xdf/o\xdc\xea\x95\x9a\x82\x10\x97W\x8f7\x98\x9b\\/\\\xf9\rmD\x94)U\xdb\x15X.I\n}\xf3\x9d\xe4_\x05\x9cqf4I^#b?9\xde\xafu\'\x83L\xe0\x97\xe1n_\xa4%\xb1\x97\x93\xafv\xce/\\\xb4L\xf2_\xa7\xfb\xf4\x84\x1fA\xeas^\xef\xa2\x85\xa3!\xfb\x93\xd7R\xab2\x1eW\xe9h\x9b\xf7ul\xf9D\xd4\x82X5\x13\xaa\x87\xf9\xba\xa9m\x14\x14R_\x9a\\>4\xce\x8e_#\xf8D\xb1\xdep\x01\xcc:\xa6\xc5n\xeb\xab\xf70\x99\xef\x8b<M\n\xc0`[\x82\xf6$\xa4\xbe\x1e\xd3\xe4\xd9L\x14\xed\xcfK\xcc\xeb,\x1a1\xa6\xf3e\xc2F\xc3\x00\xaa\xd5\xfc\x1bR\xa9\x8c\xb4&\x9f\xa2$\x06\x1a\xb0W#\xf4\xde6\x04c\xc0\xeec\xa0l\xd5d\xe5\xcd\xb2\xc10\x97w\x87\xe5\x06\x91W\rr\xf5\x97%\xe8pO\xeb]\xc2\x98C\xffK\xa0\xb3\\\x99{\xcdR\x92\x94\xf7\x1d\x01Q\x1a\xbd\x15b\x15h\xe2!\x00\xb9z)\x19\x00\xee\xd2)[p`\xb3\x03\xa7p\'X\xec\xcdoX\x05\xff\xff/o\xb2\xad\xb8\x89i@\f\xffS&\x8a\xc9\xfez\xc2\x90\xe7F\xa6\xdb\r\x03j,N\xe1lw\n\xad\xe8\xf0\xbd\xa1\x98\xce\xf9\x1eR\x9cc\xc5ke_\xa7\x11\"\x04\xd8.\xa0\x15\x83\xf1\x92\xdby\xe9\xdc@.\xc1g\xc6\fc\xa26\xd8\xdf\xef\xf7\x9c\x1a\xcc\x8am\x8b7\xcf\xc5\xa6\xf4\f\xabj%Y\xa9\xdd\x0e9e\xb5\xec\x99@\xd2\t\n\xb1o', 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x14, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x5f, '\x00', 0x0, @lirc_mode2=0x10, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r4 = socket$packet(0x11, 0x2, 0x300)
close(r4)
signalfd(r4, &(0x7f00000001c0)={[0x1, 0xffffffff]}, 0x8)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r5 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000200)={0x0, 0x1, 0xf000, 0x2000, &(0x7f0000f9a000/0x2000)=nil})
getpid()
r6 = dup(r5)
ioctl$KVM_SET_VCPU_EVENTS(r5, 0x4400ae8f, &(0x7f0000000040)=@x86={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff})
ioctl$KVM_SET_VAPIC_ADDR(r6, 0x4008ae93, &(0x7f00000000c0)=0xffff)
r7 = socket$alg(0x26, 0x5, 0x0)
r8 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000002580)=@newtaction={0x88c, 0x30, 0x8, 0x0, 0x0, {0x7a}, [{0x878, 0x1, [@m_police={0x874, 0x1, 0x0, 0x0, {{0xb}, {0x848, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c, 0x1, {0x401, 0x3, 0xe78, 0x2, 0x3, {0x10, 0x1, 0x5, 0x401, 0x4, 0x1}, {0x1, 0x2, 0x6, 0x7ff, 0x90e, 0x7}, 0x5, 0x6, 0xf8}}, @TCA_POLICE_RATE={0x404, 0x2, [0x2, 0x10000, 0x1000, 0x7fffffff, 0xf3, 0x7, 0xfffffff7, 0x2, 0x7, 0xd, 0x4, 0x7fff, 0xa, 0xf7, 0xfffffff8, 0x7, 0x9, 0x2, 0x1, 0x100, 0x7f, 0xa, 0x101, 0x6b0, 0x71, 0x1000, 0x8, 0x707, 0x2, 0x9, 0xd1ca, 0xffffff00, 0x70, 0x3e2a, 0x1, 0x6, 0x2, 0x75a7, 0x4, 0x6, 0x96, 0x0, 0xffff, 0x4, 0xa, 0xb, 0xb84, 0x80000002, 0x1, 0x5, 0x71d, 0xfff, 0xd69f, 0x1, 0x6, 0x1, 0x8, 0x8, 0x1ff, 0x6, 0x400000, 0x4e, 0x101, 0x2, 0x0, 0x9, 0x2, 0xc, 0x8, 0x308, 0x7fff, 0x7, 0x6, 0xfffffffb, 0x3, 0x8, 0x2, 0x1, 0x8, 0x0, 0x9, 0xfffffff9, 0x1, 0xd, 0x80000000, 0x46, 0xfdc, 0xffffff8a, 0x10, 0x2, 0x1, 0x6, 0x9, 0x0, 0x3, 0x7, 0x1c0000, 0x7, 0xfffffff7, 0x6, 0x0, 0x1, 0x4, 0xb, 0x9, 0x8, 0x1, 0x80000000, 0xf9, 0x8, 0x2, 0x92c9, 0x80000001, 0x1c000, 0x7, 0x10000, 0x9, 0x9, 0x0, 0xb, 0x28, 0x2, 0x6, 0xd77, 0x4, 0x5, 0x4, 0x9, 0x0, 0x6a7b, 0x1, 0x6, 0x5, 0x6, 0x10000, 0x1, 0x0, 0x9, 0x0, 0xfffffff7, 0x4717, 0x0, 0x7ff, 0x3, 0x0, 0x7, 0x78c, 0x3, 0x1a, 0x2, 0x4, 0x6, 0x800, 0xc13, 0x81, 0x90, 0xb65, 0x1, 0x1, 0x0, 0x7, 0xcc66, 0x6, 0x7, 0x91, 0x32, 0xb, 0x401, 0x6a3, 0x6, 0x6, 0x1d, 0x3, 0x1, 0xffffffac, 0x63c, 0x8, 0x5, 0x5, 0x3, 0x5, 0x10001, 0x2, 0x3, 0xff7ffe00, 0x0, 0x9, 0x1, 0x400, 0x1ff, 0xd, 0xe64, 0x5, 0xfffffffc, 0x7ff, 0x200, 0x320, 0xb0c, 0x7, 0x5e37, 0x8a, 0x6, 0x0, 0xff, 0x0, 0x7, 0x8, 0xfffffffc, 0xdb2, 0x2, 0x0, 0xfffffffb, 0x7fffffff, 0x5, 0x2, 0x9, 0x9, 0x0, 0x6, 0x80d, 0x0, 0x1, 0x10, 0x7, 0x0, 0x40, 0x1000, 0x8, 0xb, 0x8000, 0xfffffffd, 0x9, 0x0, 0x9, 0x0, 0x73db, 0xbac5, 0x9, 0x51, 0x4, 0x200, 0x401, 0x10001, 0x400, 0x3, 0x8c7, 0x1, 0x8, 0x4, 0x2, 0x8, 0x0, 0x7990, 0x9, 0x8]}, @TCA_POLICE_PEAKRATE={0x404, 0x3, [0x7, 0x6, 0x4, 0x2, 0x1, 0x0, 0x7, 0x4, 0x9ba, 0x9, 0x40, 0x8, 0xc2bc, 0x8, 0x4, 0x3, 0x1, 0xe5, 0x8001, 0xc, 0x6, 0x1, 0x0, 0xb, 0x3, 0x3, 0xffff, 0x5fb, 0x8001, 0x7fff, 0x97c, 0x6, 0x1, 0xd, 0xc8e4, 0x6, 0x3, 0x7, 0xd, 0x8, 0x4, 0x0, 0x9, 0x7fffffff, 0x5, 0x6, 0x2c, 0xfffffffa, 0xfffffffd, 0x8001, 0x3, 0xfffffffc, 0x6, 0x5, 0x4, 0x2, 0x9, 0x1, 0x81, 0x800, 0x6, 0xf, 0xdb9, 0x1, 0x7, 0xa42b, 0x3ff, 0x8, 0x7fff, 0x7744, 0x6, 0x1, 0x4, 0x4, 0xb21, 0x2, 0x0, 0xf, 0x200, 0x3fc, 0x4, 0x4, 0x4, 0xbd, 0xc43, 0x80, 0x1, 0x8697, 0x2, 0x2, 0xdd, 0x3e2, 0x400, 0x5, 0x3ff, 0x8, 0x3, 0x9725, 0xd541, 0xd52, 0x6, 0x6, 0x7, 0x683, 0x9, 0x9, 0x3, 0x5, 0x400, 0x7fffffff, 0x6, 0x2, 0x4, 0xfffffffc, 0x2, 0x7f, 0x8, 0x1, 0x80, 0x0, 0x20, 0x635fb9e6, 0x2, 0x200, 0x0, 0x3, 0xfffffffb, 0xdf, 0x875, 0x950, 0x8, 0xffffffff, 0x1, 0x6, 0x9814, 0x8, 0xc, 0x8, 0x7, 0x8, 0x9, 0x9, 0xfffff000, 0x0, 0x7, 0x8, 0x21d9, 0x7, 0x5, 0x4, 0x9, 0xfffffffa, 0x0, 0x2, 0x635, 0x4, 0x6, 0x4, 0x6, 0xff, 0xfffffff7, 0x7, 0x40, 0xa, 0x0, 0xca62, 0x7, 0x1, 0x3, 0xffffffff, 0x4, 0x80094, 0x800, 0xb, 0xe, 0x5, 0x0, 0x9, 0x7ff, 0x2, 0xbb, 0x0, 0x401, 0x8001, 0xa2, 0x9, 0x5, 0x0, 0x0, 0x6, 0x1, 0x5, 0xffffff84, 0x5, 0x1010000, 0x9, 0x8, 0x2, 0x380, 0x6, 0x7, 0xffff, 0x8, 0x200, 0x5, 0x200, 0x0, 0x8, 0xfffffff8, 0x3, 0x0, 0x4, 0x0, 0xd0db, 0x7, 0xfffffffa, 0x2, 0x400, 0x81, 0x3ff, 0x2, 0x8, 0xffffffff, 0x8, 0x5, 0x1, 0x4, 0x2, 0x67cf, 0x3ff8, 0xea50, 0xfffffffb, 0x5, 0xa27, 0xd, 0x1, 0x867, 0x4179, 0x9b6, 0xf, 0x80, 0x0, 0x7, 0x0, 0x2, 0x2, 0x0, 0x4, 0x0, 0x1ff, 0x7, 0x5, 0xbf70, 0x2, 0x1, 0x97f]}]]}, {0x4}, {0xc, 0xb}, {0xc, 0xa}}}]}]}, 0x88c}}, 0x0)
bind$alg(r7, &(0x7f00000023c0)={0x26, 'hash\x00', 0x0, 0x0, 'crc32\x00'}, 0x58)
r9 = accept4(r7, 0x0, 0x0, 0x0)
sendto$inet6(r9, &(0x7f0000000400)="03948d648f98db713754", 0xfffffffffffffd9f, 0x40000, 0x0, 0x1c)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000740)={0x4, 0x2, 0x10000, 0x1000, &(0x7f0000f9a000/0x1000)=nil})
ioctl$KVM_RUN(r6, 0xae80, 0x0)
fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000080)='source', &(0x7f0000000240)='//\xf2/\x06\b/\xdf/o\xdc\xea\x95\x9a\x82\x10\x97W\x8f7\x98\x9b\\/\\\xf9\rmD\x94)U\xdb\x15X.I\n}\xf3\x9d\xe4_\x05\x9cqf4I^#b?9\xde\xafu\'\x83L\xe0\x97\xe1n_\xa4%\xb1\x97\x93\xafv\xce/\\\xb4L\xf2_\xa7\xfb\xf4\x84\x1fA\xeas^\xef\xa2\x85\xa3!\xfb\x93\xd7R\xab2\x1eW\xe9h\x9b\xf7ul\xf9D\xd4\x82X5\x13\xaa\x87\xf9\xba\xa9m\x14\x14R_\x9a\\>4\xce\x8e_#\xf8D\xb1\xdep\x01\xcc:\xa6\xc5n\xeb\xab\xf70\x99\xef\x8b<M\n\xc0`[\x82\xf6$\xa4\xbe\x1e\xd3\xe4\xd9L\x14\xed\xcfK\xcc\xeb,\x1a1\xa6\xf3e\xc2F\xc3\x00\xaa\xd5\xfc\x1bR\xa9\x8c\xb4&\x9f\xa2$\x06\x1a\xb0W#\xf4\xde6\x04c\xc0\xeec\xa0l\xd5d\xe5\xcd\xb2\xc10\x97w\x87\xe5\x06\x91W\rr\xf5\x97%\xe8pO\xeb]\xc2\x98C\xffK\xa0\xb3\\\x99{\xcdR\x92\x94\xf7\x1d\x01Q\x1a\xbd\x15b\x15h\xe2!\x00\xb9z)\x19\x00\xee\xd2)[p`\xb3\x03\xa7p\'X\xec\xcdoX\x05\xff\xff/o\xb2\xad\xb8\x89i@\f\xffS&\x8a\xc9\xfez\xc2\x90\xe7F\xa6\xdb\r\x03j,N\xe1lw\n\xad\xe8\xf0\xbd\xa1\x98\xce\xf9\x1eR\x9cc\xc5ke_\xa7\x11\"\x04\xd8.\xa0\x15\x83\xf1\x92\xdby\xe9\xdc@.\xc1g\xc6\fc\xa26\xd8\xdf\xef\xf7\x9c\x1a\xcc\x8am\x8b7\xcf\xc5\xa6\xf4\f\xabj%Y\xa9\xdd\x0e9e\xb5\xec\x99@\xd2\t\n\xb1o', 0x0)
dup(r0)
getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(0xffffffffffffffff, 0x84, 0x66, &(0x7f00000000c0)={0x0, 0x1}, &(0x7f0000000140)=0x8)
r10 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r10, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x10)

364.413646ms ago: executing program 3 (id=2096):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000), 0x80082, 0x0)
ppoll(&(0x7f0000000200)=[{r0, 0x1002}], 0x1, &(0x7f0000000240)={0x77359400}, 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0x11, 0xc, &(0x7f0000000380)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d0000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000400000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000040)='sys_enter\x00', r1}, 0x10)
r2 = socket$inet_sctp(0x2, 0x1, 0x84)
flistxattr(r2, 0x0, 0x0)
write$vga_arbiter(r0, &(0x7f0000000040)=@other={'lock', ' ', 'io+mem'}, 0xc)
write$vga_arbiter(r0, &(0x7f0000000080)=@other={'decodes', ' ', 'none'}, 0xd)
r3 = syz_open_dev$sndctrl(&(0x7f0000000300), 0x1, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r3, 0xc2c45512, &(0x7f0000000340)={{0x8, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7130, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x7ff, 0xffffffff, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10001, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0xfffffffc, 0x0, 0x1000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xfefffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x10000000, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0xfffffffd]})
syz_emit_vhci(&(0x7f0000000280)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x1a}, @l2cap_cid_le_signaling={{0x16}, @l2cap_ecred_conn_req={{0x17, 0x3, 0x12}, {0xfc, 0x8, 0x7, 0x3, [0xd50, 0xfff9, 0xfe01, 0x3, 0xfffd]}}}}, 0x1f)
remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x20, 0x0)

306.408843ms ago: executing program 1 (id=2097):
bind$alg(0xffffffffffffffff, &(0x7f0000003880)={0x26, 'hash\x00', 0x0, 0x0, 'sha1-ssse3\x00'}, 0x58)
prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffc000/0x4000)=nil, 0x4000, &(0x7f0000000040)='proc\x00')
r0 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0xd, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000004a70cc340000000000006119c000000000009500000000000000"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
r1 = syz_clone(0x88208000, 0x0, 0x0, 0x0, 0x0, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00')
fchdir(r2)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, &(0x7f0000000000)={0x0, 0x138, &(0x7f0000000540)={&(0x7f0000000340)=ANY=[@ANYBLOB="38010000100013070000000000000000fc01000000000000000000000a000001fe8800000000000000000000000000010000000000000000c86d182bdd36326031a2653e919dd0ea4c3bda358a9842460fbac833250b3a1148a8797ee6900ca11c79c14664d029a231edddb7986e16740c278a766353c5a6b1c50145ad45fd363e627a6908e38f892ae88230edfff6214ea5b9fdc2e4199ea4e652dd8d0f92dcdc264afc1af1bf256faac233fe0e942c9611bb1e09755e5abc1c8f345396926ce53af2f6474d784218", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000033000000ac14140000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00020024000000480001006469676573745f6e756c6c00"/236], 0x138}}, 0x0)
mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0)
r4 = syz_open_procfs(r1, &(0x7f00000002c0)='pagemap\x00')
ioctl$KVM_RUN(r4, 0xae80, 0x0)
r5 = socket$inet6_sctp(0xa, 0x1, 0x84)
listen(r5, 0x100)
shutdown(r5, 0x0)
r6 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
shutdown(r6, 0x0)
recvmmsg(r6, &(0x7f0000000080), 0x72a, 0x500, 0x0)
write(r0, &(0x7f0000000100)="a6a127b0d97868038f296aac2a1ac225e6cf081b", 0x14)
accept4(r5, 0x0, 0x0, 0x0)
read$msr(r4, &(0x7f0000032680)=""/102385, 0xffffff49)
sendmmsg(r0, &(0x7f0000009640)=[{{0x0, 0x0, &(0x7f0000001980)=[{&(0x7f00000013c0)="62040a", 0x3}, {&(0x7f0000001440)="38166e9aeb", 0x5}], 0x2}}], 0x1, 0x0)

86.832488ms ago: executing program 2 (id=2098):
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000005c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'bridge_slave_1\x00', <r1=>0x0})
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000003c0)=ANY=[@ANYBLOB="7c0000001000010400"/18, @ANYRES32=r1, @ANYBLOB="00000000000000005c001280110001006272696467655f736c61766500000000440005800500090000000000050020"], 0x7c}}, 0x0)

86.099788ms ago: executing program 2 (id=2099):
bpf$MAP_CREATE(0x0, &(0x7f0000000680)=ANY=[@ANYBLOB="0f000000040000000800000008"], 0x48)
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo/3\x00')
read$eventfd(r0, &(0x7f00000004c0), 0xffffffffffffffa6)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002700)={0x18, 0x3, &(0x7f0000000480)=ANY=[], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xa, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$SO_TIMESTAMP(r1, 0x1, 0x3f, &(0x7f0000000080)=0x1, 0x4)
bind$inet(r1, &(0x7f0000000440)={0x2, 0x4e23, @multicast1}, 0x10)
sendto$inet(r1, 0x0, 0x0, 0x20000f3d, &(0x7f0000000000)={0x2, 0x24e23, @empty}, 0x10)
sendmsg$inet(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000002ac0)=[{&(0x7f0000002b00)="3c4be665", 0x4}], 0x1}, 0x0)
setsockopt$SO_TIMESTAMPING(r1, 0x1, 0x25, &(0x7f00000022c0)=0x19fa, 0x4)
recvmmsg(r1, &(0x7f0000003b00)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000003540)=""/126, 0x7e}, 0xe2}], 0x400000000000160, 0x2, 0x0)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
r3 = socket$tipc(0x1e, 0x4, 0x0)
setsockopt$TIPC_GROUP_JOIN(r3, 0x10f, 0x87, &(0x7f0000000040)={0x42, 0x840}, 0x10)
r4 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r4, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0x2}}, 0x10)
r5 = socket$tipc(0x1e, 0x5, 0x0)
r6 = syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x80000)
ioctl$DRM_IOCTL_MODE_PAGE_FLIP(r6, 0xc01864b0, &(0x7f0000000040)={0x0, 0x0, 0xb, 0x32, 0x9})
bind$tipc(r5, &(0x7f00000000c0)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10)
bind$tipc(r5, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x1, 0x4}}, 0x10)
bind$tipc(r4, 0x0, 0x0)
r7 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r7)
wait4(r7, 0x0, 0x0, &(0x7f0000000500))
setsockopt$IPT_SO_SET_REPLACE(r2, 0x0, 0x40, &(0x7f0000000000)=@nat={'nat\x00', 0x670, 0x5, 0x348, 0x0, 0xa4, 0xfeffffff, 0x210, 0xa4, 0x2b4, 0x2b4, 0xffffffff, 0x2b4, 0x2b4, 0x5, 0x0, {[{{@ip={@local, @local, 0x0, 0x0, '\x00', 'geneve0\x00'}, 0x0, 0x70, 0xa4}, @SNAT0={0x34, 'SNAT\x00', 0x0, {0x1, {0x0, @multicast1, @remote, @gre_key, @gre_key}}}}, {{@uncond, 0x0, 0xa4, 0xc8, 0x0, {0x0, 0x7}, [@common=@unspec=@devgroup={{0x34}, {0x1}}]}, @common=@unspec=@STANDARD={0x24, '\x00', 0x0, 0xa4}}, {{@uncond, 0x0, 0x70, 0xa4}, @SNAT0={0x34, 'SNAT\x00', 0x0, {0x1, {0x0, @loopback, @local, @gre_key, @gre_key=0xf4}}}}, {{@uncond, 0x0, 0x70, 0xa4}, @MASQUERADE={0x34, 'MASQUERADE\x00', 0x0, {0x1, {0x10, @loopback, @initdev={0xac, 0x1e, 0x1, 0x0}, @gre_key, @gre_key=0xb}}}}], {{'\x00', 0x0, 0x70, 0x94}, {0x24}}}}, 0x3a4)
syz_emit_ethernet(0x66, &(0x7f0000000500)=ANY=[@ANYBLOB="bbbbbbbbbbbbaaaaaaaaaabb86dd6002adf700303200fe880000000000000000000000000001ff020000000000000000000000000001020007780000000060cb03800000000000000000000000000000ffffe0000001fe880000000000000000000000000001462bcd24ec8657a0eb843b25d1b733cf50cb2fe949bf2bd83dd6a8c4e19139840e9bbf405b5a6e50fb50acdfa4845d43f90040c9a323a25ad6ad00aa5c96fee8f3b35141ca896cb433e8d7aeb914a321a598dad42273100366b867d79af9acc401436759561ce7cb62784cb58decae6956ca8175ed9069057830db543e233892482b18081e27745f00a6fffa7471d3a6f9659760bd7e73f3a1c0b26beca9afca0c2affe7a991488d591bb93541c18f9b69cf7dee0a29dd278fb50abc926a91d2078c3a1f7934cc0b192f51cca290"], 0x0)

67.773171ms ago: executing program 1 (id=2100):
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
fsopen(&(0x7f0000000080)='ext3\x00', 0x0)
r1 = getpgid(0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x0, 0x0)
r2 = epoll_create1(0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r4, 0x0, 0x0, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
creat(0x0, 0x0)
r5 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r5, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7fffffff, 0x400, 0x1, 0xd, 0x1, 0x6, 0x6}, 0x1c)
recvmmsg$unix(r5, &(0x7f0000003100)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}}], 0x1, 0x0, 0x0)
sendmmsg(r5, &(0x7f00000030c0)=[{{0x0, 0x0, &(0x7f0000000400)=[{&(0x7f00000000c0)}], 0x1}}], 0x1, 0x9200000000000000)
fcntl$addseals(0xffffffffffffffff, 0x409, 0x7)
fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
r6 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r4, &(0x7f0000000100)={0x20000014})
epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r2, &(0x7f0000000000)={0xa0000001})
epoll_wait(r6, &(0x7f0000000340)=[{}], 0x1, 0x1000)
socket$inet6_tcp(0xa, 0x1, 0x0)
r7 = socket(0x15, 0x5, 0x0)
getsockopt(r7, 0x200000000114, 0x2720, 0x0, &(0x7f0000000000))
r8 = memfd_create(&(0x7f0000001dc0)='+\x8b\x8a\xa9\x16\x11\x91J\xbc+  \x18\x17\xc2:}\xa3\x9bO\xdd\xdf\xdf\x92\xd5\xed\xb4\x17\xe5\xd6\x9a\xb2\xd8\x9ba\xde\xb2.F\xc0\x99}|\xaf\xd3\x1d\x84[*_\x9f\x9d\xb0rYP\x1b\x9f \xe0\x9cgq\x103\x89\x11\x87Rv\x169\xdf\xe3>B\x04\x00\x00\x00W\xd3\xec\xfb\xdf?\xa2\x90+\xa4!\xb2\xf2\xff\x90\a\xc3\x12\xc4;\xffh\xf1x=\xb9c\xce\x03h\xdap\x88U\x1788\x82\xd7\xfd\x83\x00Sx\x91%\x99_\xfe\xd4c\x83\x86\x0f\xa4a-\xaf\x9e\xd9\xef\xe0)]\x00F\xfa\x03\xbc4\xc4\x9a\v\x03\x8b\xa4\xf3\x8f\xf4\"\'\xd3\a9\x14H}j&~\xe9\x16\x83o\xbd\xab\xcd[\xbd\xcb\x04\xfc\xe7\xe3\x9e?\x12\xf0\xf4\x83M3\xd88\x92?@\v\xe6\xd1\xd2\xe4\xde\xdaUeJ\x9fR\xd1`\xfa\xc8\v\xed\xfd\x0e\xc8\x89W\x847\x88\x82\x94\x14\xe33\xb7H\xc8b\xd6@3F#\xb7\x04C\x8dm\t\x16a\x0fI\xf4\xfe\xf8\x06j\x19Pz\x03\x00\x0f\x98`W\xdb\xc6\"81A\xa4\x8bT\xf1\xcb\xab\xa3\t\xef\xdf&\x0e\xad\x03\x123.\xc2V\xaa\xd5\xf8\xde\x8aV\xa4p{\xcez\xa2\x92 \x00*wLO\f\x97X\x05\x9a\xc2\xe8\x85\x9d\xcb\xc8\xf0\xc4\x01\x03\xe3?\x9f1\xf4\xfb\xa5y`KB\xdf\xae#\x94C\a\x04\xea\xccG\xf2\b\x8f\xf7\xb1\xe96\x90\xf5P\xa4\'\f\xc9\xc5H\x0f;\xd3\xe2\at\x9bJ\xe6\xce\xe3\xa24\x196\xc5Q\xa1K\x95\xd6\xfal\xe9\xd1\\\r&\xb2c\xb3\x8d\xa7\xb7\xa8\x03S\xbd\xdd\b{\xae\f\x10\xc2\xbb\xd0\xdd*\xa3\xb4\fJ\x00X\xab`N; LF\xa5D\xee\xdf\x7f\x80p\xf6o\x1c\xbdXR\xf2\xa0\x81a\xa1\xe1B\x93Xn\xaf\xfc\x05?\xab\xac\x91x\xa8#\xe1\xbeQ\xd1^\x9b\xb9)\xd3\n\xf7(3!\x18\b\xc0\xaampRl\xfdQ\x03\x8c\xd5\xe4\\\xed\x9a\xd1?\xd21\xc8\x90\x1dl|\xd1\x14\xbc3\xe0\x1e\x0e\xe6\x88Y\x99K\x93\x1c@_P\x8c\xc7\x9eZ\xb74KT:\x8a\xdbJ#w\x18\x14\x00\x93\x86\xa5wo\xf6M\xe7D\xf4*\xe3X\x1d\x19\x83\xa7w\xc7+7\x89s\xed\x8a\xd7O\xdd\rhh`\xc0\xa8$\x06pu\xa0\xd0L\x0ez@I\xb8\x83\xb2f\x93j\a0I\xc8l\xe5\x9b\x06\xb5\xac`d\xa3\xcf/\x14\x10\xab\xab\t\xec\xc1c\fA\xee\xdc\xef\xbap@*7\x86\xdf\',\x03Y\xb1$\xf0\xb5}\xf0\x82%)\xdeA\x1ed\x85m\x80\xd2\xcf@\x06}\xea\xe7w`\xa5\x11\x9f\x9b\x9e\x8f\xb7cb\x1a\xe1\xcf\x87\x1c\\\xf5\xc21\xf7\x82C*\xd5;\x00\x00\x00\x00\x03\xba\xe3\xdc\x92\'\x8e\xd5\x7fG\xfd.\x91\x89T\x99t\xd4d,\xd5\x92O\xf1\xafT!Y\x8e\\\xac\xf7\x11R\x05p\x1a\"\r\xe9\xe5\x8b&\x0f\x8c\xfb\xef\xf8\xd5\x18\xde\xeb\xe5\x19\xdd\xebQ8\xc5iS+\x06D\x16\xfe\xf5.\xe5\v\x89\xb0\"\xa3M\xe9\x81\x11P\xdb\xc4\xc2y\x14\x04\x06\xf6\f\xb0\xecz\x8d`\xb5\x9b\xb43\xcc1\xa7\x9e\xa8\xb5\'\xc6MAe\x0f\xd1\xfcG\xc2/\xe8\xe9t\xcaQ\xf1\fI\x1chM\xc1\x92\xe3\xc3\x01M\xc8/\xefJ\xcb\xd0]\f\xff\xf5\x92\xce\x97Z\xea\xe8\x99\xfa\x96\xce\xa7\x02\xad\xa2\xce\x955\xeaNg\x02\xcd\xfd\x1a}.\xd3\"x\x89/8H\xc2\x93B\na)\x86\xa9U\xa0\xb7\x18\xfb\xe9\xd1\x97\xf6\xb8\xebN\xe2\x18\x04[\xabW}\xb1\xffo\xae~=\x9dd\x9f\x92\xd2[\xb8\xb6\x1a\x02c\xa1\xd1H\xb7@\x06\x96s\xef\xee\x92\xfaC\x15+\x84%h1O\xe2\xb8\xd3\x19R\x00\f\n\x1cpEn\xad\xa7IRf\xc65\x15<}\xb8\x05\xe4\xb7\x9e\xf3\xda\xdavzB\xf8qj\x9e\xe4\xbd\x05\xcfx\xb5\x12\t\xe0\xf2\'f\xf4+\xb3\xdeA6\x10O\xdd\x9c\xf7B', 0x3)
fcntl$addseals(r8, 0x409, 0x8)
ioctl$FS_IOC_RESVSP(r8, 0x40305829, &(0x7f0000000000)={0x0, 0x0, 0x1, 0x0, 0x4000})
close_range(r0, 0xffffffffffffffff, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)

0s ago: executing program 2 (id=2101):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDFONTOP_SET(r0, 0x4b72, &(0x7f0000000000)={0x0, 0xffffff7e, 0x10, 0x1c, 0x200, &(0x7f0000000040)="1ae19337aa151f36ae49bb3f8cb95c5bf840d4f1e55efaaf098d47a70eb36a73090000007ffffcff0f4743f490c585108c1331c7749299a25a705f5096cb268cbc6070d680e1be250700000000000000472471ff550c0010000007f3c7b61abe4162256004ea8ca5e5b5f379c6eb3257eda08f7e6959090000004d13184d382747e035b4722525e00ade86b4c6d1e157c75d15c1f961ebc0a64d7f2a73f8979fcecacaa64f9b9069ebcc1d5b471edbc4f6c7f1b98ae74e909aa6f25b7fa77bf9cd4ed36d5c53dc519d11c3cc1c22a3b86cf3c645413f4afbcea0c99ded703699d2bb6a4a663b99b6069da5aaf64785a5887c31261d4b9e57ee07000000def6f255ca26108f11f02047d47f2d0fec30f7e92482f71496e184214a4e0c5fdc48b0af0c0478940016d8f0990a0e1090fd515380aae83c5eaeed338701574b64200a16ef2811fadcf1e0f49a514df529061e09ce45e3da03a03fe9b4a6bcfa7d04594e4f6d0714a2e14ea127ab37d64a5e0db630cd4f4a2e6c985a542ff20a9b2193f265f93a258a88dd6c9d6a926dd23d32425849c5d9210007660a617f22133b6cb5087f4c6057942aa18193172bd995fa70a1f949b196f2e2a3c175858575713be5ee3f7f4dcecc98123f9ded3afdebe13d79a7f7fcb2469ae0ac503111401612df7ee995f74fb97a63bf62d61f78c062f959119ab50c1f706a930121ebcd53ccb93d158186ed360750ca8e728150d988844b9a5cff46591ccaff416e5a8c25f9555da5ca6fdf75b86ea6171b046b856168f403b5253a5cc393430a09a4489a0895571e597ac8846f945ffb372a88d3a25978b463dc961416c80c55773f917020751ed51cfd73c1e06fbadd156d56bedc117af95d242d6dccbe2ce34dccd6005e944afa92b22ec9a698469c6edc06caa2cfcd61912607d459b4c28ebea9745bcd4697d75c9601fd333d3cd797963a3c71b7cc5fdc756da8d97207936e5f53b53b732533c2722e03002293517966611602f297de6ff5408777b7a93c45cee3ee5c5601a4e94266b295ea7a86812a7ab8896ec5ea1b12643e1844b185734528399e62bceb8700cc6cd491e4a4430d0a3ba329a5a2fa170fd0b1cc4ba8294de988cd35df2cd7344aa8a9f3432b96fb889c02f484f635a0cc3466a3c2733d45f176931b2db18dba54991a9553cedb7f585786388d4042dbae1c95b769e3d4e036e8afea0a04c04f542b152ca1fd1f8efee60425c5a122fd1b90e98635284abd9f217d9e19cb2a64b354c9d79509cc47d7305114990148a7291cb0fe2d1c773a6664b66ae04aa62c534d072ae54c2ca0d5962cc58945d8924abfc4d5af922462507430d8f2c17479a6678b0b3700000000000000000000000000000000000000000000f800"}) (fail_nth: 12)

kernel console output (not intermixed with test programs):

fast_syscall_32+0x73/0x120
[  201.067268][ T9420]  do_fast_syscall_32+0x32/0x80
[  201.067282][ T9420]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  201.067306][ T9420] RIP: 0023:0xf73be579
[  201.067319][ T9420] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  201.067334][ T9420] RSP: 002b:00000000f504655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  201.067351][ T9420] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000c008ae88
[  201.067360][ T9420] RDX: 0000000080000140 RSI: 0000000000000000 RDI: 0000000000000000
[  201.067368][ T9420] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  201.067377][ T9420] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  201.067386][ T9420] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  201.067407][ T9420]  </TASK>
[  202.112309][ T9439] netlink: 16 bytes leftover after parsing attributes in process `syz.0.968'.
[  202.146377][ T9425] [U] 
[  204.016495][ T9477] overlayfs: missing 'workdir'
[  204.245931][ T9480] netlink: 16402 bytes leftover after parsing attributes in process `syz.2.976'.
[  204.252088][ T9478] netlink: 16402 bytes leftover after parsing attributes in process `syz.2.976'.
[  204.263643][ T9480] netlink: 28 bytes leftover after parsing attributes in process `syz.2.976'.
[  205.226330][ T9496] FAULT_INJECTION: forcing a failure.
[  205.226330][ T9496] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  205.230440][ T9496] CPU: 3 UID: 0 PID: 9496 Comm: syz.0.981 Not tainted 6.14.0-rc2-syzkaller-00056-gab68d7eb7b1a #0
[  205.230455][ T9496] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  205.230462][ T9496] Call Trace:
[  205.230466][ T9496]  <TASK>
[  205.230470][ T9496]  dump_stack_lvl+0x16c/0x1f0
[  205.230515][ T9496]  should_fail_ex+0x50a/0x650
[  205.230535][ T9496]  _copy_to_user+0x32/0xd0
[  205.230556][ T9496]  bpf_test_finish.isra.0+0x498/0x670
[  205.230583][ T9496]  ? __pfx_bpf_test_finish.isra.0+0x10/0x10
[  205.230599][ T9496]  ? __might_fault+0xe3/0x190
[  205.230621][ T9496]  ? _copy_from_user+0x59/0xd0
[  205.230643][ T9496]  bpf_prog_test_run_xdp+0xa02/0x1560
[  205.230666][ T9496]  ? lock_acquire+0x2f/0xb0
[  205.230682][ T9496]  ? __fget_files+0x40/0x3a0
[  205.230698][ T9496]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  205.230717][ T9496]  ? __fget_files+0x206/0x3a0
[  205.230733][ T9496]  ? fput+0x67/0x440
[  205.230750][ T9496]  ? __bpf_prog_get+0xa0/0x290
[  205.230767][ T9496]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  205.230783][ T9496]  __sys_bpf+0x1921/0x57a0
[  205.230800][ T9496]  ? __pfx_lock_release+0x10/0x10
[  205.230818][ T9496]  ? __pfx___sys_bpf+0x10/0x10
[  205.230834][ T9496]  ? vfs_write+0x306/0x1150
[  205.230851][ T9496]  ? __mutex_unlock_slowpath+0x164/0x6a0
[  205.230887][ T9496]  ? fput+0x67/0x440
[  205.230904][ T9496]  ? ksys_write+0x1ba/0x250
[  205.230917][ T9496]  ? __pfx_ksys_write+0x10/0x10
[  205.230935][ T9496]  __ia32_sys_bpf+0x76/0xe0
[  205.230955][ T9496]  __do_fast_syscall_32+0x73/0x120
[  205.230973][ T9496]  do_fast_syscall_32+0x32/0x80
[  205.230987][ T9496]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  205.231010][ T9496] RIP: 0023:0xf7f31579
[  205.231022][ T9496] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  205.231035][ T9496] RSP: 002b:00000000f505655c EFLAGS: 00000296 ORIG_RAX: 0000000000000165
[  205.231050][ T9496] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000080000340
[  205.231059][ T9496] RDX: 0000000000000050 RSI: 0000000000000000 RDI: 0000000000000000
[  205.231072][ T9496] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  205.231080][ T9496] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  205.231088][ T9496] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  205.231106][ T9496]  </TASK>
[  205.333662][ T9498] netlink: 8 bytes leftover after parsing attributes in process `syz.3.982'.
[  205.337100][ T9498] netlink: 4 bytes leftover after parsing attributes in process `syz.3.982'.
[  205.339578][ T9498] netlink: 26 bytes leftover after parsing attributes in process `syz.3.982'.
[  205.521379][ T9503] bochs-drm 0000:00:01.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem
[  205.663453][ T9504] overlayfs: option "workdir=./file1" is useless in a non-upper mount, ignore
[  205.666143][ T9504] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  205.838352][ T9512] rdma_rxe: rxe_newlink: failed to add team_slave_0
[  206.326352][ T9516] __nla_validate_parse: 1 callbacks suppressed
[  206.326365][ T9516] netlink: 16402 bytes leftover after parsing attributes in process `syz.3.988'.
[  206.331169][ T9515] netlink: 16402 bytes leftover after parsing attributes in process `syz.3.988'.
[  207.181404][ T9533] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  207.491954][ T9542] netlink: 'syz.3.995': attribute type 2 has an invalid length.
[  207.689240][ T9550] rdma_rxe: rxe_newlink: failed to add team_slave_0
[  208.099398][ T9554] overlayfs: option "workdir=./file1" is useless in a non-upper mount, ignore
[  208.102510][ T9554] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  209.107342][ T9567] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1000'.
[  210.048522][ T9577] overlayfs: option "workdir=./file1" is useless in a non-upper mount, ignore
[  210.051059][ T9577] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  210.190467][ T9584] PKCS7: Unknown OID: [4] 5.25.264.112.81.102.117.87.150326315.2007(bad)
[  210.193239][ T9584] PKCS7: Only support pkcs7_signedData type
[  210.959087][ T9581] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  211.266943][ T9611] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  211.280617][ T5961] Bluetooth: hci3: link tx timeout
[  211.282061][ T5961] Bluetooth: hci3: killing stalled connection 11:aa:aa:aa:aa:aa
[  211.678501][ T9617] netlink: 16402 bytes leftover after parsing attributes in process `syz.0.1013'.
[  211.693932][ T9616] netlink: 16402 bytes leftover after parsing attributes in process `syz.0.1013'.
[  211.704993][ T9617] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1013'.
[  212.172402][    C2] vkms_vblank_simulate: vblank timer overrun
[  213.180907][ T9654] netlink: 'syz.0.1022': attribute type 8 has an invalid length.
[  213.183273][ T9654] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1022'.
[  213.345421][   T64] Bluetooth: hci3: command 0x0406 tx timeout
[  213.450949][ T9665] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1024'.
[  213.471979][ T9666] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  214.373163][ T9684] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1031'.
[  214.404968][ T9681] netlink: 16402 bytes leftover after parsing attributes in process `syz.1.1031'.
[  214.449231][ T9683] netlink: 16402 bytes leftover after parsing attributes in process `syz.1.1031'.
[  214.819166][ T9695] netlink: 16402 bytes leftover after parsing attributes in process `syz.0.1034'.
[  214.823342][ T9694] netlink: 16402 bytes leftover after parsing attributes in process `syz.0.1034'.
[  215.108149][ T9698] syz!: rxe_newlink: already configured on team_slave_0
[  218.675981][ T9801] __nla_validate_parse: 3 callbacks suppressed
[  218.676028][ T9801] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1047'.
[  219.476292][ T9819] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  220.101641][ T9840] overlayfs: option "workdir=./file1" is useless in a non-upper mount, ignore
[  220.104326][ T9840] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  220.655591][ T9846] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1056'.
[  220.658127][ T9846] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1056'.
[  220.660522][ T9846] netlink: 26 bytes leftover after parsing attributes in process `syz.2.1056'.
[  220.850584][ T9852] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1059'.
[  220.914668][ T5961] Bluetooth: hci3: ACL packet for unknown connection handle 201
[  221.244891][ T9863] netlink: 16402 bytes leftover after parsing attributes in process `syz.1.1062'.
[  221.248414][ T9862] netlink: 16402 bytes leftover after parsing attributes in process `syz.1.1062'.
[  221.249629][ T9863] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1062'.
[  222.446089][ T9873] syz!: rxe_newlink: already configured on team_slave_0
[  222.603937][ T9875] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1066'.
[  222.607504][ T9875] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1066'.
[  222.940970][ T9881] overlayfs: option "workdir=./file1" is useless in a non-upper mount, ignore
[  222.962983][ T9881] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  223.771848][ T9917] bochs-drm 0000:00:01.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem
[  224.043930][ T9926] __nla_validate_parse: 1 callbacks suppressed
[  224.043970][ T9926] netlink: 72 bytes leftover after parsing attributes in process `syz.2.1074'.
[  224.378539][ T9931] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1076'.
[  224.412630][ T9933] rdma_rxe: rxe_newlink: failed to add team_slave_0
[  224.757686][ T9943] netlink: 72 bytes leftover after parsing attributes in process `syz.1.1077'.
[  225.108294][ T9950] netlink: 16402 bytes leftover after parsing attributes in process `syz.2.1081'.
[  225.111637][ T9949] netlink: 16402 bytes leftover after parsing attributes in process `syz.2.1081'.
[  225.112151][ T9950] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1081'.
[  225.566323][ T9958] overlayfs: option "workdir=./file1" is useless in a non-upper mount, ignore
[  225.570119][ T9958] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  226.747891][ T9993] rdma_rxe: rxe_newlink: failed to add team_slave_0
[  226.789824][ T9996] netlink: 72 bytes leftover after parsing attributes in process `syz.0.1086'.
[  229.528764][T10040] netlink: 16402 bytes leftover after parsing attributes in process `syz.3.1098'.
[  229.532130][T10039] netlink: 16402 bytes leftover after parsing attributes in process `syz.3.1098'.
[  229.536336][T10040] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1098'.
[  230.021408][T10047] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1101'.
[  230.875321][   T57] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  231.022053][T10053] [U] 
[  231.026872][   T57] usb 5-1: config index 0 descriptor too short (expected 45, got 36)
[  231.030616][   T57] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 21
[  231.034617][   T57] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  231.037833][   T57] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  231.043228][   T57] usb 5-1: config 0 descriptor??
[  231.048595][   T57] usbhid 5-1:0.0: couldn't find an input interrupt endpoint
[  231.195089][T10064] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  232.085027][T10086] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1113'.
[  232.088846][T10086] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1113'.
[  232.092772][T10086] netlink: 26 bytes leftover after parsing attributes in process `syz.2.1113'.
[  232.377529][T10094] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1115'.
[  233.616051][T10118] rdma_rxe: rxe_newlink: failed to add team_slave_0
[  233.741795][ T1482] usb 5-1: USB disconnect, device number 9
[  235.111234][T10180] rdma_rxe: rxe_newlink: failed to add team_slave_0
[  235.234608][T10185] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1127'.
[  235.359266][T10184] netlink: 16402 bytes leftover after parsing attributes in process `syz.0.1127'.
[  235.369046][T10176] netlink: 16402 bytes leftover after parsing attributes in process `syz.0.1127'.
[  235.704507][T10165] [U] 
[  235.765452][ T5947] usb 6-1: new high-speed USB device number 10 using dummy_hcd
[  235.825571][T10210] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1131'.
[  235.938092][ T5947] usb 6-1: config index 0 descriptor too short (expected 45, got 36)
[  235.940386][ T5947] usb 6-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 21
[  235.945110][ T5947] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  235.976012][ T5947] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  235.981468][ T5947] usb 6-1: config 0 descriptor??
[  235.985486][ T5947] usbhid 6-1:0.0: couldn't find an input interrupt endpoint
[  237.836987][T10299] syz!: rxe_newlink: already configured on team_slave_0
[  238.522301][ T5947] usb 6-1: USB disconnect, device number 10
[  238.607070][T10322] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1142'.
[  238.610749][T10322] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1142'.
[  238.614193][T10322] netlink: 10 bytes leftover after parsing attributes in process `syz.2.1142'.
[  238.653962][T10325] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1143'.
[  238.658411][T10325] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1143'.
[  238.660911][T10325] netlink: 10 bytes leftover after parsing attributes in process `syz.0.1143'.
[  239.311514][T10313] [U] 
[  239.918429][ T5947] usb 6-1: new high-speed USB device number 11 using dummy_hcd
[  240.076534][ T5947] usb 6-1: config index 0 descriptor too short (expected 45, got 36)
[  240.081507][ T5947] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  240.091488][ T5947] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  240.097139][ T5947] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  240.165624][ T5947] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  240.174780][ T5947] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  240.181438][ T5947] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  240.194072][ T5947] usb 6-1: config 0 descriptor??
[  240.200347][T10377] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  240.470865][T10409] rdma_rxe: rxe_newlink: failed to add team_slave_0
[  240.611056][ T5947] usbhid 6-1:0.0: can't add hid device: -71
[  240.613468][ T5947] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[  240.626752][ T5947] usb 6-1: USB disconnect, device number 11
[  240.687225][T10413] __nla_validate_parse: 3 callbacks suppressed
[  240.687243][T10413] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1152'.
[  240.692955][T10413] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1152'.
[  240.696374][T10413] netlink: 10 bytes leftover after parsing attributes in process `syz.0.1152'.
[  241.801382][T10418] [U] 
[  241.999093][T10455] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1158'.
[  242.090940][T10466] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1161'.
[  242.094365][T10466] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1161'.
[  242.098472][T10466] netlink: 10 bytes leftover after parsing attributes in process `syz.3.1161'.
[  242.198822][T10474] rdma_rxe: rxe_newlink: failed to add team_slave_0
[  242.216431][T10470] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1159'.
[  242.490023][T10497] syz!: rxe_newlink: already configured on team_slave_0
[  242.739060][T10508] netlink: 72 bytes leftover after parsing attributes in process `syz.3.1166'.
[  243.352857][T10520] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1168'.
[  243.823546][T10514] [U] 
[  246.663075][T10623] __nla_validate_parse: 2 callbacks suppressed
[  246.663092][T10623] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1184'.
[  247.252959][T10625] ata1.00: invalid command format 189
[  247.646487][T10640] overlayfs: option "workdir=./file1" is useless in a non-upper mount, ignore
[  247.649094][T10640] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  248.702920][T10662] netlink: 72 bytes leftover after parsing attributes in process `syz.1.1192'.
[  248.747702][T10663] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  249.491255][T10676] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1199'.
[  250.586526][T10690] overlayfs: option "workdir=./file1" is useless in a non-upper mount, ignore
[  250.590263][T10690] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  250.830135][T10693] netlink: 72 bytes leftover after parsing attributes in process `syz.2.1203'.
[  251.185484][T10698] rdma_rxe: rxe_newlink: failed to add team_slave_0
[  251.320915][T10697] netlink: 16402 bytes leftover after parsing attributes in process `syz.1.1205'.
[  251.325146][T10700] netlink: 16402 bytes leftover after parsing attributes in process `syz.1.1205'.
[  251.331594][T10697] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1205'.
[  251.630352][T10711] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  251.679153][T10712] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1209'.
[  251.747481][T10714] netlink: 16402 bytes leftover after parsing attributes in process `syz.0.1206'.
[  251.751859][T10704] netlink: 16402 bytes leftover after parsing attributes in process `syz.0.1206'.
[  251.770477][T10704] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1206'.
[  253.529765][T10752] overlayfs: option "workdir=./file1" is useless in a non-upper mount, ignore
[  253.532284][T10752] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  254.061015][T10778] rdma_rxe: rxe_newlink: failed to add team_slave_0
[  254.646804][   T57] usb 6-1: new high-speed USB device number 12 using dummy_hcd
[  254.880546][T10783] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  255.046970][   T57] usb 6-1: config index 0 descriptor too short (expected 45, got 36)
[  255.046998][   T57] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  255.047010][   T57] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  255.047023][   T57] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  255.047035][   T57] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  255.047052][   T57] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  255.047064][   T57] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  255.050301][   T57] usb 6-1: config 0 descriptor??
[  255.051106][T10796] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  255.268256][ T1413] ieee802154 phy0 wpan0: encryption failed: -22
[  255.270431][ T1413] ieee802154 phy1 wpan1: encryption failed: -22
[  255.371132][T10835] netlink: 'syz.2.1223': attribute type 1 has an invalid length.
[  255.373633][T10835] netlink: 224 bytes leftover after parsing attributes in process `syz.2.1223'.
[  255.462958][   T57] usbhid 6-1:0.0: can't add hid device: -71
[  255.465138][   T57] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[  255.484202][   T57] usb 6-1: USB disconnect, device number 12
[  255.663236][T10854] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1225'.
[  255.669067][T10848] bochs-drm 0000:00:01.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem
[  255.673653][ T5961] Bluetooth: hci2: link tx timeout
[  255.675260][ T5961] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa
[  256.281933][T10862] netlink: 16402 bytes leftover after parsing attributes in process `syz.1.1226'.
[  256.286857][T10858] netlink: 16402 bytes leftover after parsing attributes in process `syz.1.1226'.
[  256.583609][T10867] overlayfs: option "workdir=./file1" is useless in a non-upper mount, ignore
[  256.586265][T10867] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  256.747386][T10874] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1231'.
[  256.979819][T10880] rdma_rxe: rxe_newlink: failed to add team_slave_0
[  257.754058][   T64] Bluetooth: hci2: command 0x0406 tx timeout
[  257.972193][T10920] netlink: 16402 bytes leftover after parsing attributes in process `syz.3.1238'.
[  257.977133][T10915] netlink: 16402 bytes leftover after parsing attributes in process `syz.3.1238'.
[  258.229131][T10928] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  258.397169][T10933] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1240'.
[  259.840244][T10959] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1249'.
[  259.901409][T10964] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1251'.
[  260.540718][T10975] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1254'.
[  261.109221][T11000] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1259'.
[  261.260823][T11007] netlink: 16402 bytes leftover after parsing attributes in process `syz.0.1258'.
[  261.268969][T11004] netlink: 16402 bytes leftover after parsing attributes in process `syz.0.1258'.
[  261.576461][T11023] syz!: rxe_newlink: already configured on team_slave_0
[  262.081584][T11045] __nla_validate_parse: 1 callbacks suppressed
[  262.081735][T11045] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1268'.
[  262.481492][T11061] netlink: 72 bytes leftover after parsing attributes in process `syz.3.1271'.
[  262.580270][T11062] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1274'.
[  263.780250][T11082] xt_TPROXY: Can be used only with -p tcp or -p udp
[  263.858098][T11084] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1278'.
[  264.343537][T11104] netlink: 72 bytes leftover after parsing attributes in process `syz.0.1280'.
[  264.388030][   T39] audit: type=1326 audit(1739511608.373:8029): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11102 comm="syz.3.1281" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f88579 code=0x7ffc0000
[  264.472095][   T39] audit: type=1326 audit(1739511608.373:8030): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11102 comm="syz.3.1281" exe="/syz-executor" sig=0 arch=40000003 syscall=125 compat=1 ip=0xf7f88579 code=0x7ffc0000
[  264.479884][   T39] audit: type=1326 audit(1739511608.373:8031): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11102 comm="syz.3.1281" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f88579 code=0x7ffc0000
[  264.486223][   T39] audit: type=1326 audit(1739511608.373:8032): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11102 comm="syz.3.1281" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7f88579 code=0x7ffc0000
[  264.505409][   T39] audit: type=1326 audit(1739511608.373:8033): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11102 comm="syz.3.1281" exe="/syz-executor" sig=0 arch=40000003 syscall=346 compat=1 ip=0xf7f88579 code=0x7ffc0000
[  264.525560][   T39] audit: type=1326 audit(1739511608.373:8034): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11102 comm="syz.3.1281" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7f88579 code=0x7ffc0000
[  264.545757][   T39] audit: type=1326 audit(1739511608.373:8035): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11102 comm="syz.3.1281" exe="/syz-executor" sig=0 arch=40000003 syscall=346 compat=1 ip=0xf7f88579 code=0x7ffc0000
[  264.561686][   T39] audit: type=1326 audit(1739511608.373:8036): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11102 comm="syz.3.1281" exe="/syz-executor" sig=0 arch=40000003 syscall=6 compat=1 ip=0xf7f88579 code=0x7ffc0000
[  264.571648][   T39] audit: type=1326 audit(1739511608.373:8037): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11102 comm="syz.3.1281" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f88579 code=0x7ffc0000
[  264.585794][   T39] audit: type=1326 audit(1739511608.383:8038): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11102 comm="syz.3.1281" exe="/syz-executor" sig=0 arch=40000003 syscall=361 compat=1 ip=0xf7f88579 code=0x7ffc0000
[  264.805349][   T56] usb 8-1: new high-speed USB device number 25 using dummy_hcd
[  264.899427][T11129] xt_TPROXY: Can be used only with -p tcp or -p udp
[  264.992748][T11132] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1287'.
[  265.136949][   T56] usb 8-1: config index 0 descriptor too short (expected 45, got 36)
[  265.139760][   T56] usb 8-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  265.143288][   T56] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  265.147240][   T56] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  265.150894][   T56] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  265.156348][   T56] usb 8-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  265.160015][   T56] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  265.167194][   T56] usb 8-1: config 0 descriptor??
[  265.171354][T11112] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  265.609071][T11125] [U] 
[  265.780288][   T56] usbhid 8-1:0.0: can't add hid device: -71
[  265.782120][   T56] usbhid 8-1:0.0: probe with driver usbhid failed with error -71
[  265.795409][   T56] usb 8-1: USB disconnect, device number 25
[  265.949089][T11148] netlink: 72 bytes leftover after parsing attributes in process `syz.1.1290'.
[  267.380347][T11189] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1295'.
[  268.585466][ T6016] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  268.739320][ T6016] usb 5-1: config index 0 descriptor too short (expected 45, got 36)
[  268.742013][ T6016] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  268.745315][ T6016] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  268.748664][ T6016] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  268.752148][ T6016] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  268.755712][ T6016] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  268.758146][ T6016] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  268.762081][ T6016] usb 5-1: config 0 descriptor??
[  268.765587][T11219] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  268.883492][T11223] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  269.108778][T11227] bochs-drm 0000:00:01.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem
[  269.405127][ T6016] usbhid 5-1:0.0: can't add hid device: -71
[  269.408229][ T6016] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  269.416017][ T6016] usb 5-1: USB disconnect, device number 10
[  269.510360][T11231] FAULT_INJECTION: forcing a failure.
[  269.510360][T11231] name failslab, interval 1, probability 0, space 0, times 0
[  269.513812][T11231] CPU: 1 UID: 0 PID: 11231 Comm: syz.3.1303 Not tainted 6.14.0-rc2-syzkaller-00056-gab68d7eb7b1a #0
[  269.513836][T11231] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  269.513844][T11231] Call Trace:
[  269.513875][T11231]  <TASK>
[  269.513880][T11231]  dump_stack_lvl+0x16c/0x1f0
[  269.514197][T11231]  should_fail_ex+0x50a/0x650
[  269.514392][T11231]  ? fs_reclaim_acquire+0xae/0x150
[  269.514461][T11231]  should_failslab+0xc2/0x120
[  269.514482][T11231]  kmem_cache_alloc_noprof+0x6e/0x3b0
[  269.514494][T11231]  ? sk_prot_alloc+0x60/0x2a0
[  269.514619][T11231]  sk_prot_alloc+0x60/0x2a0
[  269.514632][T11231]  sk_alloc+0x36/0xb90
[  269.514643][T11231]  inet_create+0x3a1/0x10a0
[  269.514708][T11231]  ? inet_create+0x90/0x10a0
[  269.514724][T11231]  __sock_create+0x335/0x8d0
[  269.514741][T11231]  mptcp_pm_nl_create_listen_socket+0x11c/0x720
[  269.514756][T11231]  ? __pfx_mptcp_pm_nl_create_listen_socket+0x10/0x10
[  269.514776][T11231]  mptcp_pm_nl_add_addr_doit+0x2ea/0xc80
[  269.514790][T11231]  ? __pfx_mptcp_pm_nl_add_addr_doit+0x10/0x10
[  269.514801][T11231]  ? mark_held_locks+0x9f/0xe0
[  269.514849][T11231]  ? irqentry_exit+0x3b/0x90
[  269.514879][T11231]  ? lockdep_hardirqs_on+0x7c/0x110
[  269.514897][T11231]  ? __pfx_mptcp_pm_nl_add_addr_doit+0x10/0x10
[  269.514910][T11231]  genl_family_rcv_msg_doit+0x202/0x2f0
[  269.514946][T11231]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  269.514962][T11231]  ? trace_cap_capable+0x1a2/0x210
[  269.515000][T11231]  ? bpf_lsm_capable+0x9/0x10
[  269.515015][T11231]  ? security_capable+0x7e/0x260
[  269.515030][T11231]  ? ns_capable+0xd7/0x110
[  269.515045][T11231]  genl_rcv_msg+0x565/0x800
[  269.515056][T11231]  ? __pfx_genl_rcv_msg+0x10/0x10
[  269.515066][T11231]  ? __pfx_mptcp_pm_nl_add_addr_doit+0x10/0x10
[  269.515078][T11231]  ? __pfx___lock_acquire+0x10/0x10
[  269.515091][T11231]  netlink_rcv_skb+0x165/0x410
[  269.515106][T11231]  ? __pfx_genl_rcv_msg+0x10/0x10
[  269.515117][T11231]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  269.515136][T11231]  ? down_read+0xc9/0x330
[  269.515147][T11231]  ? __pfx_down_read+0x10/0x10
[  269.515168][T11231]  ? netlink_deliver_tap+0x1ae/0xca0
[  269.515186][T11231]  genl_rcv+0x28/0x40
[  269.515200][T11231]  netlink_unicast+0x53c/0x7f0
[  269.515216][T11231]  ? __pfx_netlink_unicast+0x10/0x10
[  269.515230][T11231]  ? __check_object_size+0x488/0x710
[  269.515246][T11231]  netlink_sendmsg+0x8b8/0xd70
[  269.515262][T11231]  ? __pfx_netlink_sendmsg+0x10/0x10
[  269.515281][T11231]  ____sys_sendmsg+0x9ae/0xb40
[  269.515295][T11231]  ? __pfx_____sys_sendmsg+0x10/0x10
[  269.515308][T11231]  ? get_compat_msghdr+0x11b/0x170
[  269.515348][T11231]  ___sys_sendmsg+0x135/0x1e0
[  269.515359][T11231]  ? __pfx____sys_sendmsg+0x10/0x10
[  269.515375][T11231]  ? __pfx_lock_release+0x10/0x10
[  269.515386][T11231]  ? trace_lock_acquire+0x14e/0x1f0
[  269.515399][T11231]  ? __fget_files+0x206/0x3a0
[  269.515415][T11231]  __sys_sendmsg+0x16e/0x220
[  269.515425][T11231]  ? __pfx___sys_sendmsg+0x10/0x10
[  269.515443][T11231]  __do_fast_syscall_32+0x73/0x120
[  269.515460][T11231]  do_fast_syscall_32+0x32/0x80
[  269.515470][T11231]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  269.515504][T11231] RIP: 0023:0xf7f88579
[  269.515513][T11231] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  269.515523][T11231] RSP: 002b:00000000f506455c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  269.515548][T11231] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000080000400
[  269.515554][T11231] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  269.515559][T11231] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  269.515565][T11231] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  269.515570][T11231] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  269.515582][T11231]  </TASK>
[  271.897957][T11316] bochs-drm 0000:00:01.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem
[  271.902258][ T5961] Bluetooth: hci3: ACL packet for unknown connection handle 201
[  272.192692][T11325] netlink: 72 bytes leftover after parsing attributes in process `syz.1.1313'.
[  272.663837][T11341] netlink: 72 bytes leftover after parsing attributes in process `syz.3.1315'.
[  272.899115][T11350] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1320'.
[  273.471168][T11358] netlink: 72 bytes leftover after parsing attributes in process `syz.2.1321'.
[  273.750406][T11365] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  274.080269][T11377] netlink: 'syz.2.1326': attribute type 7 has an invalid length.
[  274.084355][T11377] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1326'.
[  274.189505][T11378] 9pnet_fd: p9_fd_create_unix (11378): address too long: ./file1aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
[  274.849330][T11394] netlink: 72 bytes leftover after parsing attributes in process `syz.2.1329'.
[  275.348688][T11424] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1330'.
[  276.126139][T11419] [U] 
[  276.410880][T11463] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1334'.
[  276.585157][T11473] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  277.910224][T11487] netlink: 72 bytes leftover after parsing attributes in process `syz.3.1339'.
[  278.658150][T11509] overlayfs: option "workdir=./file1" is useless in a non-upper mount, ignore
[  278.660893][T11509] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  279.173155][T11537] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1345'.
[  279.938505][T11570] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1348'.
[  279.941089][T11570] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1348'.
[  279.943538][T11570] netlink: 34 bytes leftover after parsing attributes in process `syz.1.1348'.
[  280.037703][   T39] kauditd_printk_skb: 53 callbacks suppressed
[  280.037717][   T39] audit: type=1326 audit(1739511624.023:8092): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11576 comm="syz.0.1351" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f31579 code=0x7ffc0000
[  280.055309][   T39] audit: type=1326 audit(1739511624.023:8093): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11576 comm="syz.0.1351" exe="/syz-executor" sig=0 arch=40000003 syscall=245 compat=1 ip=0xf7f31579 code=0x7ffc0000
[  280.062512][   T39] audit: type=1326 audit(1739511624.023:8094): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11576 comm="syz.0.1351" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f31579 code=0x7ffc0000
[  280.070948][   T39] audit: type=1326 audit(1739511624.023:8095): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11576 comm="syz.0.1351" exe="/syz-executor" sig=0 arch=40000003 syscall=246 compat=1 ip=0xf7f31579 code=0x7ffc0000
[  280.187517][T11587] rdma_rxe: rxe_newlink: failed to add team_slave_0
[  280.246232][   T39] audit: type=1326 audit(1739511624.233:8096): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11576 comm="syz.0.1351" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f31579 code=0x7ffc0000
[  280.261816][   T39] audit: type=1326 audit(1739511624.233:8097): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11576 comm="syz.0.1351" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f31579 code=0x7ffc0000
[  280.431589][T11600] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1358'.
[  280.434171][T11600] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1358'.
[  280.437008][T11600] netlink: 34 bytes leftover after parsing attributes in process `syz.3.1358'.
[  280.946999][T11610] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  281.770749][T11621] netlink: 72 bytes leftover after parsing attributes in process `syz.0.1363'.
[  282.883344][T11636] netlink: 2040 bytes leftover after parsing attributes in process `syz.0.1366'.
[  282.929498][T11640] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1368'.
[  282.932249][T11640] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1368'.
[  282.934989][T11640] netlink: 34 bytes leftover after parsing attributes in process `syz.1.1368'.
[  284.802647][T11706] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1377'.
[  284.805342][T11706] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1377'.
[  284.807798][T11706] netlink: 34 bytes leftover after parsing attributes in process `syz.3.1377'.
[  286.163866][T11763] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1386'.
[  286.170335][T11763] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1386'.
[  286.170349][T11763] netlink: 34 bytes leftover after parsing attributes in process `syz.3.1386'.
[  286.368740][T11770] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1388'.
[  286.463833][T11772] openvswitch: netlink: Flow key attr not present in new flow.
[  287.484172][T11792] serio: Serial port ptm0
[  288.371724][T11802] __nla_validate_parse: 2 callbacks suppressed
[  288.371763][T11802] netlink: 72 bytes leftover after parsing attributes in process `syz.0.1393'.
[  288.634754][T11806] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1396'.
[  288.639765][T11806] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1396'.
[  288.642534][T11806] netlink: 34 bytes leftover after parsing attributes in process `syz.3.1396'.
[  288.700828][T11808] netlink: 16402 bytes leftover after parsing attributes in process `syz.1.1394'.
[  288.713465][T11807] netlink: 16402 bytes leftover after parsing attributes in process `syz.1.1394'.
[  288.839612][T11809] bochs-drm 0000:00:01.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem
[  288.845231][ T5961] Bluetooth: hci3: ACL packet for unknown connection handle 201
[  289.869500][T11835] netlink: 72 bytes leftover after parsing attributes in process `syz.3.1400'.
[  290.454666][T11845] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1403'.
[  290.529868][T11850] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1404'.
[  290.592869][T11853] netlink: 92 bytes leftover after parsing attributes in process `syz.3.1405'.
[  290.814969][T11856] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  290.871744][T11860] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  291.165350][ T1482] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  291.326879][ T1482] usb 5-1: config index 0 descriptor too short (expected 45, got 36)
[  291.329611][ T1482] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  291.333257][ T1482] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  291.336764][ T1482] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  291.339638][ T1482] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  291.343060][ T1482] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  291.347541][ T1482] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  291.352640][ T1482] usb 5-1: config 0 descriptor??
[  291.354598][T11863] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  291.762594][ T1482] plantronics 0003:047F:FFFF.0008: unknown main item tag 0xd
[  291.764768][ T1482] plantronics 0003:047F:FFFF.0008: unknown main item tag 0x0
[  291.767245][ T1482] plantronics 0003:047F:FFFF.0008: unknown main item tag 0x0
[  291.769427][ T1482] plantronics 0003:047F:FFFF.0008: unknown main item tag 0x0
[  291.771483][ T1482] plantronics 0003:047F:FFFF.0008: unknown main item tag 0x0
[  291.773593][ T1482] plantronics 0003:047F:FFFF.0008: unknown main item tag 0x0
[  291.777234][ T1482] plantronics 0003:047F:FFFF.0008: No inputs registered, leaving
[  291.782810][ T1482] plantronics 0003:047F:FFFF.0008: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0
[  292.039424][   T56] usb 5-1: USB disconnect, device number 11
[  292.055146][T11869] syz!: rxe_newlink: already configured on team_slave_0
[  292.471477][   T39] audit: type=1800 audit(1739511636.453:8098): pid=11877 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1413" name="file1" dev="overlay" ino=1829 res=0 errno=0
[  293.548533][T11900] rdma_rxe: rxe_newlink: failed to add team_slave_0
[  293.723967][T11903] __nla_validate_parse: 8 callbacks suppressed
[  293.723990][T11903] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1421'.
[  293.730134][T11903] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1421'.
[  293.733524][T11903] netlink: 34 bytes leftover after parsing attributes in process `syz.0.1421'.
[  294.267980][T11910] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  294.457632][T11915] netlink: 92 bytes leftover after parsing attributes in process `syz.1.1425'.
[  294.622049][T11904] [U] 
[  294.966962][T11923] bochs-drm 0000:00:01.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem
[  294.971160][ T5961] Bluetooth: hci2: ACL packet for unknown connection handle 201
[  295.444098][T11927] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1428'.
[  295.496170][T11931] syz!: rxe_newlink: already configured on team_slave_0
[  295.624296][T11935] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1430'.
[  295.813937][T11938] overlayfs: option "workdir=./file1" is useless in a non-upper mount, ignore
[  295.817554][T11938] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  296.040096][T11947] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1433'.
[  296.347345][T11952] netlink: 92 bytes leftover after parsing attributes in process `syz.1.1434'.
[  297.543389][T11971] netlink: 16402 bytes leftover after parsing attributes in process `syz.1.1438'.
[  297.547289][T11970] netlink: 16402 bytes leftover after parsing attributes in process `syz.1.1438'.
[  299.844624][T12019] __nla_validate_parse: 7 callbacks suppressed
[  299.844643][T12019] netlink: 16402 bytes leftover after parsing attributes in process `syz.1.1448'.
[  299.851221][T12018] netlink: 16402 bytes leftover after parsing attributes in process `syz.1.1448'.
[  299.853486][T12019] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1448'.
[  299.937467][T12021] qrtr: Invalid version 8
[  299.942716][T12021] dvmrp8: entered allmulticast mode
[  300.235523][ T6013] usb 7-1: new high-speed USB device number 16 using dummy_hcd
[  300.247338][T12025] netlink: 92 bytes leftover after parsing attributes in process `syz.0.1451'.
[  300.400127][ T6013] usb 7-1: config index 0 descriptor too short (expected 45, got 36)
[  300.403073][ T6013] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  300.412366][ T6013] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  300.416233][ T6013] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  300.419414][ T6013] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  300.423118][ T6013] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  300.426212][ T6013] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  300.430299][ T6013] usb 7-1: config 0 descriptor??
[  300.434242][T12029] netlink: 16402 bytes leftover after parsing attributes in process `syz.0.1452'.
[  300.438845][T12023] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  300.447279][T12028] netlink: 16402 bytes leftover after parsing attributes in process `syz.0.1452'.
[  300.448581][T12029] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1452'.
[  300.543031][T12032] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1453'.
[  300.848690][ T6013] plantronics 0003:047F:FFFF.0009: unknown main item tag 0xd
[  300.853802][ T6013] plantronics 0003:047F:FFFF.0009: unknown main item tag 0x0
[  300.856405][ T6013] plantronics 0003:047F:FFFF.0009: unknown main item tag 0x0
[  300.858736][ T6013] plantronics 0003:047F:FFFF.0009: unknown main item tag 0x0
[  300.860950][ T6013] plantronics 0003:047F:FFFF.0009: unknown main item tag 0x0
[  300.863236][ T6013] plantronics 0003:047F:FFFF.0009: unknown main item tag 0x0
[  300.868882][ T6013] plantronics 0003:047F:FFFF.0009: No inputs registered, leaving
[  300.876758][ T6013] plantronics 0003:047F:FFFF.0009: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0
[  301.106819][ T7499] usb 7-1: USB disconnect, device number 16
[  302.412424][T12067] can0: slcan on ttyS3.
[  302.570058][T12073] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0)
[  302.594580][T12073] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1460'.
[  303.067235][T12055] can0 (unregistered): slcan off ttyS3.
[  303.218939][T12097] FAULT_INJECTION: forcing a failure.
[  303.218939][T12097] name failslab, interval 1, probability 0, space 0, times 0
[  303.223348][T12097] CPU: 1 UID: 0 PID: 12097 Comm: syz.1.1463 Not tainted 6.14.0-rc2-syzkaller-00056-gab68d7eb7b1a #0
[  303.223374][T12097] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  303.223381][T12097] Call Trace:
[  303.223385][T12097]  <TASK>
[  303.223390][T12097]  dump_stack_lvl+0x16c/0x1f0
[  303.223413][T12097]  should_fail_ex+0x50a/0x650
[  303.223428][T12097]  ? fs_reclaim_acquire+0xae/0x150
[  303.223446][T12097]  should_failslab+0xc2/0x120
[  303.223460][T12097]  __kmalloc_noprof+0xce/0x4f0
[  303.223472][T12097]  ? tomoyo_realpath_from_path+0xbf/0x710
[  303.223490][T12097]  tomoyo_realpath_from_path+0xbf/0x710
[  303.223505][T12097]  tomoyo_mount_acl+0x66d/0x880
[  303.223517][T12097]  ? hlock_class+0x4e/0x130
[  303.223534][T12097]  ? __lock_acquire+0x15a9/0x3c40
[  303.223548][T12097]  ? __pfx_tomoyo_mount_acl+0x10/0x10
[  303.223562][T12097]  ? __pfx___lock_acquire+0x10/0x10
[  303.223573][T12097]  ? stack_trace_save+0x95/0xd0
[  303.223598][T12097]  ? trace_lock_acquire+0x14e/0x1f0
[  303.223608][T12097]  ? tomoyo_mount_permission+0x149/0x420
[  303.223619][T12097]  ? lock_acquire+0x2f/0xb0
[  303.223630][T12097]  ? tomoyo_mount_permission+0x149/0x420
[  303.223643][T12097]  tomoyo_mount_permission+0x16e/0x420
[  303.223654][T12097]  ? tomoyo_mount_permission+0x149/0x420
[  303.223665][T12097]  ? __pfx_tomoyo_mount_permission+0x10/0x10
[  303.223682][T12097]  ? get_current_fs_domain+0x184/0x1f0
[  303.223711][T12097]  security_sb_mount+0x9b/0x260
[  303.223728][T12097]  path_mount+0x129/0x1f00
[  303.223741][T12097]  ? kmem_cache_free+0x2e2/0x4d0
[  303.223752][T12097]  ? __pfx_path_mount+0x10/0x10
[  303.223765][T12097]  ? putname+0x13c/0x180
[  303.223779][T12097]  __ia32_sys_mount+0x28d/0x310
[  303.223791][T12097]  ? __pfx___ia32_sys_mount+0x10/0x10
[  303.223807][T12097]  __do_fast_syscall_32+0x73/0x120
[  303.223818][T12097]  do_fast_syscall_32+0x32/0x80
[  303.223829][T12097]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  303.223846][T12097] RIP: 0023:0xf744e579
[  303.223877][T12097] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  303.223891][T12097] RSP: 002b:00000000f50d655c EFLAGS: 00000296 ORIG_RAX: 0000000000000015
[  303.223904][T12097] RAX: ffffffffffffffda RBX: 0000000080000080 RCX: 0000000080000040
[  303.223910][T12097] RDX: 00000000800000c0 RSI: 0000000000a08410 RDI: 0000000000000000
[  303.223916][T12097] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  303.223922][T12097] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  303.223927][T12097] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  303.223940][T12097]  </TASK>
[  303.223988][T12097] ERROR: Out of memory at tomoyo_realpath_from_path.
[  303.734051][T12112] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1466'.
[  303.859651][T12113] bochs-drm 0000:00:01.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem
[  303.864905][ T5961] Bluetooth: hci2: ACL packet for unknown connection handle 201
[  304.864863][T12124] netlink: 72 bytes leftover after parsing attributes in process `syz.0.1469'.
[  305.290116][ T5989] IPVS: starting estimator thread 0...
[  305.319154][T12133] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1472'.
[  305.429803][T12139] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1475'.
[  305.445387][T12131] IPVS: using max 22 ests per chain, 52800 per kthread
[  305.581722][T12147] rdma_rxe: rxe_newlink: failed to add team_slave_0
[  305.910016][T12150] bochs-drm 0000:00:01.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem
[  305.914696][ T5961] Bluetooth: hci1: link tx timeout
[  305.918236][ T5961] Bluetooth: hci1: killing stalled connection 11:aa:aa:aa:aa:aa
[  305.933444][T12153] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1478'.
[  306.523680][T12161] netlink: 72 bytes leftover after parsing attributes in process `syz.1.1479'.
[  307.025921][T12166] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1481'.
[  307.183455][T12164] lo speed is unknown, defaulting to 1000
[  307.302538][T12164] wg1 speed is unknown, defaulting to 1000
[  307.480948][    C3] IPv4: Oversized IP packet from 127.0.0.1
[  307.486238][    C3] IPv4: Oversized IP packet from 127.0.0.1
[  307.489581][    C3] IPv4: Oversized IP packet from 127.0.0.1
[  307.492717][    C3] IPv4: Oversized IP packet from 127.0.0.1
[  307.496483][    C3] IPv4: Oversized IP packet from 127.0.0.1
[  307.501083][    C3] IPv4: Oversized IP packet from 127.0.0.1
[  307.504124][    C3] IPv4: Oversized IP packet from 127.0.0.1
[  307.508114][    C3] IPv4: Oversized IP packet from 127.0.0.1
[  307.511260][    C3] IPv4: Oversized IP packet from 127.0.0.1
[  307.999565][   T64] Bluetooth: hci1: command 0x0406 tx timeout
[  308.007595][T12187] rdma_rxe: rxe_newlink: failed to add team_slave_0
[  309.018217][ T7499] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  309.176905][ T7499] usb 5-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  309.180549][ T7499] usb 5-1: config 0 interface 0 has no altsetting 0
[  309.184408][ T7499] usb 5-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  309.187139][ T7499] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  309.189488][ T7499] usb 5-1: Product: syz
[  309.190728][ T7499] usb 5-1: Manufacturer: syz
[  309.192109][ T7499] usb 5-1: SerialNumber: syz
[  309.194588][ T7499] usb 5-1: config 0 descriptor??
[  309.198327][ T7499] usb 5-1: selecting invalid altsetting 0
[  309.550275][ T5989] usb 5-1: USB disconnect, device number 12
[  309.699173][T12208] netlink: 72 bytes leftover after parsing attributes in process `syz.2.1490'.
[  310.305300][T12223] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1494'.
[  310.323417][T12224] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1492'.
[  310.437090][T12230] syz!: rxe_newlink: already configured on team_slave_0
[  310.755966][T12232] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1496'.
[  311.120463][T12241] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  313.005608][ T7499] usb 7-1: new high-speed USB device number 17 using dummy_hcd
[  313.656228][ T7499] usb 7-1: config index 0 descriptor too short (expected 45, got 36)
[  313.659266][ T7499] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  313.663199][ T7499] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  313.674651][ T7499] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  313.679006][ T7499] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  313.683670][ T7499] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  313.690903][ T7499] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  313.702010][T12257] netlink: 2040 bytes leftover after parsing attributes in process `syz.3.1504'.
[  313.715390][ T7499] usb 7-1: config 0 descriptor??
[  313.719598][T12250] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  313.820270][ T5362] udevd[5362]: worker [8017] terminated by signal 33 (Unknown signal 33)
[  313.823746][ T5362] udevd[5362]: worker [8017] failed while handling '/devices/LNXSYSTM:00/LNXSYBUS:00/ACPI0012:00/ndbus0/region0/namespace0.0/block/pmem0'
[  314.088448][T12268] rdma_rxe: rxe_newlink: failed to add team_slave_0
[  314.133984][ T7499] plantronics 0003:047F:FFFF.000A: unknown main item tag 0xd
[  314.136431][ T7499] plantronics 0003:047F:FFFF.000A: unknown main item tag 0x0
[  314.138614][ T7499] plantronics 0003:047F:FFFF.000A: unknown main item tag 0x0
[  314.141018][ T7499] plantronics 0003:047F:FFFF.000A: No inputs registered, leaving
[  314.145526][ T7499] plantronics 0003:047F:FFFF.000A: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0
[  314.400262][   T56] usb 7-1: USB disconnect, device number 17
[  314.419814][T12271] netlink: 72 bytes leftover after parsing attributes in process `syz.1.1507'.
[  314.759850][T12275] netlink: 2040 bytes leftover after parsing attributes in process `syz.3.1508'.
[  316.376705][T12302] cgroup: Bad value for 'name'
[  316.709574][ T1413] ieee802154 phy0 wpan0: encryption failed: -22
[  317.091977][T12311] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1517'.
[  317.166849][T12313] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1518'.
[  317.170358][T12313] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1518'.
[  317.173280][T12313] netlink: 34 bytes leftover after parsing attributes in process `syz.0.1518'.
[  317.499151][T12322] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1522'.
[  318.173737][T12318] [U] 
[  318.281875][T12329] netlink: 72 bytes leftover after parsing attributes in process `syz.1.1523'.
[  318.380905][T12339] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1526'.
[  318.419619][T12342] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1527'.
[  320.057039][T12373] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1533'.
[  320.341871][T12379] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1536'.
[  321.712313][T12425] debugfs: Directory 'ttyS3' with parent 'caif_serial' already present!
[  322.285606][T12451] overlayfs: option "workdir=./file1" is useless in a non-upper mount, ignore
[  322.288192][T12451] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  322.339850][T12462] __nla_validate_parse: 3 callbacks suppressed
[  322.339871][T12462] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1544'.
[  322.400648][T12466] netlink: 72 bytes leftover after parsing attributes in process `syz.0.1543'.
[  323.106698][T12473] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1545'.
[  323.436075][T12490] netlink: 16402 bytes leftover after parsing attributes in process `syz.1.1550'.
[  323.439495][T12482] netlink: 16402 bytes leftover after parsing attributes in process `syz.1.1550'.
[  323.487161][T12482] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1550'.
[  323.981784][T12493] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1552'.
[  324.076873][T12500] syz!: rxe_newlink: already configured on team_slave_0
[  324.189592][T12502] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  324.539517][T12509] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1556'.
[  324.591042][T12513] netlink: 72 bytes leftover after parsing attributes in process `syz.2.1555'.
[  324.645515][T12514] rdma_rxe: rxe_newlink: failed to add team_slave_0
[  324.916785][T12516] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1558'.
[  325.297164][T12522] (unnamed net_device) (uninitialized): (slave ip6gre0): Device is not bonding slave
[  325.300906][T12522] (unnamed net_device) (uninitialized): option active_slave: invalid value (ip6gre0)
[  326.895297][ T7499] usb 8-1: new full-speed USB device number 26 using dummy_hcd
[  327.067085][ T7499] usb 8-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  327.067112][ T7499] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64
[  327.069551][ T7499] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  327.069569][ T7499] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  327.069578][ T7499] usb 8-1: Product: syz
[  327.069586][ T7499] usb 8-1: Manufacturer: syz
[  327.069593][ T7499] usb 8-1: SerialNumber: syz
[  327.072167][T12541] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  327.073246][ T7499] usb 8-1: selecting invalid altsetting 1
[  327.375485][ T7499] cdc_ncm 8-1:1.0: bind() failure
[  327.380759][ T7499] usb 8-1: USB disconnect, device number 26
[  327.548937][T12618] __nla_validate_parse: 1 callbacks suppressed
[  327.548956][T12618] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1565'.
[  327.944623][T12629] syz!: rxe_newlink: already configured on team_slave_0
[  328.488786][T12632] netlink: 72 bytes leftover after parsing attributes in process `syz.3.1567'.
[  328.934896][T12659] netlink: 16402 bytes leftover after parsing attributes in process `syz.1.1571'.
[  328.943194][T12655] netlink: 16402 bytes leftover after parsing attributes in process `syz.1.1571'.
[  328.960639][T12655] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1571'.
[  329.141706][T12660] bochs-drm 0000:00:01.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem
[  329.149252][ T5961] Bluetooth: hci1: ACL packet for unknown connection handle 201
[  329.302718][T12665] netlink: 'syz.2.1574': attribute type 5 has an invalid length.
[  329.306120][T12665] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1574'.
[  329.443246][T12672] syz!: rxe_newlink: already configured on team_slave_0
[  329.480195][T12673] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1577'.
[  330.380528][T12685] netlink: 2040 bytes leftover after parsing attributes in process `syz.3.1581'.
[  330.744298][T12686] netlink: 72 bytes leftover after parsing attributes in process `syz.2.1580'.
[  330.952286][T12693] netlink: 16402 bytes leftover after parsing attributes in process `syz.0.1583'.
[  330.981761][T12695] netlink: 'syz.3.1584': attribute type 5 has an invalid length.
[  331.133641][T12700] rdma_rxe: rxe_newlink: failed to add team_slave_0
[  331.521070][T12708] bochs-drm 0000:00:01.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem
[  333.299722][T12735] __nla_validate_parse: 7 callbacks suppressed
[  333.299789][T12735] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1594'.
[  333.530813][T12746] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  333.682587][   T39] audit: type=1800 audit(1739511677.663:8099): pid=12753 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.1597" name="[kvm-gmem]" dev="anon_inodefs" ino=42410 res=0 errno=0
[  334.766784][T12759] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1601'.
[  336.002388][T12809] netlink: 72 bytes leftover after parsing attributes in process `syz.0.1610'.
[  337.155243][ T5947] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[  337.306782][ T5947] usb 5-1: config index 0 descriptor too short (expected 45, got 36)
[  337.309943][ T5947] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  337.314419][ T5947] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  337.323220][ T5947] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  337.327933][ T5947] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  337.332762][ T5947] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  337.340664][ T5947] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  337.359930][ T5947] usb 5-1: config 0 descriptor??
[  337.365658][T12827] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  337.408882][T12834] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1618'.
[  337.772343][ T5947] plantronics 0003:047F:FFFF.000B: unknown main item tag 0xd
[  337.775847][ T5947] plantronics 0003:047F:FFFF.000B: No inputs registered, leaving
[  337.780615][ T5947] plantronics 0003:047F:FFFF.000B: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0
[  338.028023][ T5947] usb 5-1: USB disconnect, device number 13
[  338.489726][T12859] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  338.845212][   T30] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[  339.010417][   T30] usb 5-1: config index 0 descriptor too short (expected 45, got 36)
[  339.012860][   T30] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  339.016339][   T30] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  339.019475][   T30] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  339.022750][   T30] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  339.026670][   T30] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  339.029605][   T30] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  339.038371][   T30] usb 5-1: config 0 descriptor??
[  339.041734][T12862] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  339.466805][   T30] plantronics 0003:047F:FFFF.000C: unknown main item tag 0xd
[  339.492986][   T30] plantronics 0003:047F:FFFF.000C: No inputs registered, leaving
[  339.534568][   T30] plantronics 0003:047F:FFFF.000C: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0
[  339.957610][ T5947] usb 5-1: USB disconnect, device number 14
[  340.124329][T12878] netlink: 72 bytes leftover after parsing attributes in process `syz.1.1626'.
[  340.346841][T12882] rdma_rxe: rxe_newlink: failed to add team_slave_0
[  340.548361][T12885] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1629'.
[  341.516870][T12906] lo speed is unknown, defaulting to 1000
[  341.554297][T12906] wg1 speed is unknown, defaulting to 1000
[  342.138350][T12916] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1637'.
[  342.645065][T12927] bochs-drm 0000:00:01.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem
[  342.654613][ T5961] Bluetooth: hci1: ACL packet for unknown connection handle 201
[  344.265336][   T30] usb 8-1: new high-speed USB device number 27 using dummy_hcd
[  344.428432][   T30] usb 8-1: config index 0 descriptor too short (expected 45, got 36)
[  344.436958][   T30] usb 8-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  344.458604][   T30] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  344.463402][   T30] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  344.466749][   T30] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  344.470578][   T30] usb 8-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  344.474628][   T30] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  344.486679][   T30] usb 8-1: config 0 descriptor??
[  344.491915][T12951] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  344.812996][T12964] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1648'.
[  344.938683][   T30] plantronics 0003:047F:FFFF.000D: unknown main item tag 0xd
[  344.942766][   T30] plantronics 0003:047F:FFFF.000D: No inputs registered, leaving
[  344.958338][   T30] plantronics 0003:047F:FFFF.000D: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0
[  345.166857][ T1482] usb 8-1: USB disconnect, device number 27
[  345.717967][T12981] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1651'.
[  346.038418][T12988] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  346.615740][T12998] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1654'.
[  347.712172][T13008] FAULT_INJECTION: forcing a failure.
[  347.712172][T13008] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  347.717368][T13008] CPU: 3 UID: 0 PID: 13008 Comm: syz.3.1658 Not tainted 6.14.0-rc2-syzkaller-00056-gab68d7eb7b1a #0
[  347.717382][T13008] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  347.717389][T13008] Call Trace:
[  347.717392][T13008]  <TASK>
[  347.717396][T13008]  dump_stack_lvl+0x16c/0x1f0
[  347.717728][T13008]  should_fail_ex+0x50a/0x650
[  347.717904][T13008]  ? __pfx___might_resched+0x10/0x10
[  347.717966][T13008]  should_fail_alloc_page+0xe7/0x130
[  347.718015][T13008]  prepare_alloc_pages.constprop.0+0x16f/0x560
[  347.718051][T13008]  __alloc_frozen_pages_noprof+0x18e/0x2470
[  347.718065][T13008]  ? hlock_class+0x4e/0x130
[  347.718080][T13008]  ? mark_lock+0xb5/0xc60
[  347.718108][T13008]  ? __pfx_mark_lock+0x10/0x10
[  347.718120][T13008]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  347.718133][T13008]  ? hlock_class+0x4e/0x130
[  347.718147][T13008]  ? mark_lock+0xb5/0xc60
[  347.718158][T13008]  ? hlock_class+0x4e/0x130
[  347.718175][T13008]  ? hlock_class+0x4e/0x130
[  347.718189][T13008]  ? __lock_acquire+0xcc5/0x3c40
[  347.718201][T13008]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  347.718217][T13008]  ? policy_nodemask+0xea/0x4e0
[  347.718231][T13008]  alloc_pages_mpol+0x1fc/0x540
[  347.718244][T13008]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  347.718256][T13008]  ? __lock_acquire+0x15a9/0x3c40
[  347.718270][T13008]  folio_alloc_mpol_noprof+0x36/0x2f0
[  347.718285][T13008]  vma_alloc_folio_noprof+0xee/0x1b0
[  347.718299][T13008]  ? __pfx_vma_alloc_folio_noprof+0x10/0x10
[  347.718313][T13008]  ? find_held_lock+0x2d/0x110
[  347.718330][T13008]  do_pte_missing+0x202f/0x3e10
[  347.718347][T13008]  __handle_mm_fault+0x1166/0x2c60
[  347.718361][T13008]  ? __pfx___handle_mm_fault+0x10/0x10
[  347.718371][T13008]  ? follow_page_pte+0x3ac/0x1490
[  347.718382][T13008]  ? __pfx_lock_release+0x10/0x10
[  347.718402][T13008]  handle_mm_fault+0x3fa/0xaa0
[  347.718415][T13008]  __get_user_pages+0x773/0x36f0
[  347.718430][T13008]  ? __pfx___get_user_pages+0x10/0x10
[  347.718439][T13008]  ? down_read_killable+0xcc/0x380
[  347.718468][T13008]  ? __pfx_down_read_killable+0x10/0x10
[  347.718479][T13008]  ? find_held_lock+0x2d/0x110
[  347.718499][T13008]  __gup_longterm_locked+0x212/0x1870
[  347.718510][T13008]  ? __pfx_lock_release+0x10/0x10
[  347.718521][T13008]  ? trace_lock_acquire+0x14e/0x1f0
[  347.718532][T13008]  ? __pfx___gup_longterm_locked+0x10/0x10
[  347.718542][T13008]  ? gup_fast_fallback+0x84c/0x2690
[  347.718553][T13008]  ? __pfx_lock_release+0x10/0x10
[  347.718564][T13008]  ? try_get_folio+0x517/0x800
[  347.718574][T13008]  ? sanity_check_pinned_pages+0x3ab/0x11e0
[  347.718586][T13008]  gup_fast_fallback+0x1802/0x2690
[  347.718604][T13008]  ? __pfx_gup_fast_fallback+0x10/0x10
[  347.718620][T13008]  pin_user_pages_fast+0xa8/0x100
[  347.718631][T13008]  ? __pfx_pin_user_pages_fast+0x10/0x10
[  347.718641][T13008]  ? __kmalloc_noprof+0x23b/0x4f0
[  347.718653][T13008]  ? rds_info_getsockopt+0x376/0x4f0
[  347.718734][T13008]  rds_info_getsockopt+0x39a/0x4f0
[  347.718746][T13008]  ? __might_fault+0x13b/0x190
[  347.718759][T13008]  ? __pfx_rds_info_getsockopt+0x10/0x10
[  347.718769][T13008]  ? trace_lock_acquire+0x14e/0x1f0
[  347.718779][T13008]  ? lock_acquire+0x2f/0xb0
[  347.718790][T13008]  ? __might_fault+0xe3/0x190
[  347.718802][T13008]  ? __might_fault+0xe3/0x190
[  347.718817][T13008]  rds_getsockopt+0x173/0x2d0
[  347.718847][T13008]  ? __pfx_rds_getsockopt+0x10/0x10
[  347.718862][T13008]  do_sock_getsockopt+0x3fe/0x870
[  347.718987][T13008]  ? __pfx_do_sock_getsockopt+0x10/0x10
[  347.719000][T13008]  ? lock_acquire+0x2f/0xb0
[  347.719010][T13008]  ? __fget_files+0x40/0x3a0
[  347.719024][T13008]  ? __fget_files+0x206/0x3a0
[  347.719036][T13008]  __sys_getsockopt+0x12f/0x260
[  347.719050][T13008]  __ia32_sys_getsockopt+0xbc/0x160
[  347.719060][T13008]  ? lockdep_hardirqs_on+0x7c/0x110
[  347.719076][T13008]  ? syscall_enter_from_user_mode_prepare+0x68/0xe0
[  347.719092][T13008]  __do_fast_syscall_32+0x73/0x120
[  347.719103][T13008]  do_fast_syscall_32+0x32/0x80
[  347.719112][T13008]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  347.719144][T13008] RIP: 0023:0xf7f88579
[  347.719153][T13008] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  347.719162][T13008] RSP: 002b:00000000f50a655c EFLAGS: 00000296 ORIG_RAX: 000000000000016d
[  347.719188][T13008] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000114
[  347.719193][T13008] RDX: 0000000000002719 RSI: 0000000080000580 RDI: 0000000080000000
[  347.719199][T13008] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  347.719205][T13008] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  347.719210][T13008] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  347.719221][T13008]  </TASK>
[  347.920718][T13016] netlink: 16402 bytes leftover after parsing attributes in process `syz.0.1659'.
[  347.925770][T13011] netlink: 16402 bytes leftover after parsing attributes in process `syz.0.1659'.
[  347.927922][T13016] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1659'.
[  347.952749][T13017] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1661'.
[  348.177848][T13022] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1663'.
[  349.195600][T13038] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1666'.
[  349.610727][T13048] tipc: Started in network mode
[  349.612636][T13048] tipc: Node identity aaaaaaaaaa34, cluster identity 4711
[  349.616077][T13048] tipc: Enabled bearer <eth:macvlan0>, priority 10
[  350.167144][T13050] netlink: 72 bytes leftover after parsing attributes in process `syz.2.1671'.
[  350.185493][ T1482] usb 8-1: new high-speed USB device number 28 using dummy_hcd
[  350.345420][ T1482] usb 8-1: Using ep0 maxpacket: 32
[  350.348535][ T1482] usb 8-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  350.352864][ T1482] usb 8-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  350.355744][ T1482] usb 8-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  350.357970][ T1482] usb 8-1: Product: syz
[  350.359324][ T1482] usb 8-1: Manufacturer: syz
[  350.360648][ T1482] usb 8-1: SerialNumber: syz
[  350.363592][ T1482] usb 8-1: config 0 descriptor??
[  350.365544][T13048] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  350.369177][ T1482] hub 8-1:0.0: bad descriptor, ignoring hub
[  350.370880][ T1482] hub 8-1:0.0: probe with driver hub failed with error -5
[  350.382397][T13055] bochs-drm 0000:00:01.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem
[  350.387544][ T5961] Bluetooth: hci2: ACL packet for unknown connection handle 201
[  350.615314][ T1482] tipc: Node number set to 10398378
[  350.618044][T13064] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1675'.
[  350.695398][ T1328] usb 8-1: USB disconnect, device number 28
[  352.773436][T13096] netlink: 2040 bytes leftover after parsing attributes in process `syz.2.1683'.
[  352.804684][T13101] netlink: 72 bytes leftover after parsing attributes in process `syz.3.1685'.
[  353.387419][T13113] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1689'.
[  354.087217][T13117] netlink: 'syz.3.1692': attribute type 2 has an invalid length.
[  354.090642][T13117] FAULT_INJECTION: forcing a failure.
[  354.090642][T13117] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  354.095869][T13117] CPU: 3 UID: 0 PID: 13117 Comm: syz.3.1692 Not tainted 6.14.0-rc2-syzkaller-00056-gab68d7eb7b1a #0
[  354.095883][T13117] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  354.095890][T13117] Call Trace:
[  354.095893][T13117]  <TASK>
[  354.095897][T13117]  dump_stack_lvl+0x16c/0x1f0
[  354.095921][T13117]  should_fail_ex+0x50a/0x650
[  354.095938][T13117]  _copy_from_user+0x2e/0xd0
[  354.095954][T13117]  kstrtouint_from_user+0xd7/0x1c0
[  354.095965][T13117]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  354.095978][T13117]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  354.095994][T13117]  proc_fail_nth_write+0x84/0x250
[  354.096037][T13117]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  354.096050][T13117]  ? ksys_write+0x12b/0x250
[  354.096064][T13117]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  354.096078][T13117]  vfs_write+0x24c/0x1150
[  354.096088][T13117]  ? __fget_files+0x1fc/0x3a0
[  354.096099][T13117]  ? __pfx___mutex_lock+0x10/0x10
[  354.096110][T13117]  ? __pfx_vfs_write+0x10/0x10
[  354.096123][T13117]  ? __fget_files+0x206/0x3a0
[  354.096136][T13117]  ksys_write+0x12b/0x250
[  354.096146][T13117]  ? __pfx_ksys_write+0x10/0x10
[  354.096159][T13117]  __do_fast_syscall_32+0x73/0x120
[  354.096171][T13117]  do_fast_syscall_32+0x32/0x80
[  354.096180][T13117]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  354.096197][T13117] RIP: 0023:0xf7f88579
[  354.096205][T13117] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  354.096215][T13117] RSP: 002b:00000000f50a6590 EFLAGS: 00000293 ORIG_RAX: 0000000000000004
[  354.096225][T13117] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000f50a6620
[  354.096231][T13117] RDX: 0000000000000001 RSI: 00000000f740cff4 RDI: 0000000000000000
[  354.096236][T13117] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  354.096241][T13117] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  354.096247][T13117] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  354.096258][T13117]  </TASK>
[  354.864146][T13126] netlink: 16402 bytes leftover after parsing attributes in process `syz.3.1693'.
[  354.867764][T13130] netlink: 16402 bytes leftover after parsing attributes in process `syz.3.1693'.
[  354.905170][T13126] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1693'.
[  355.323834][T13134] netlink: 16402 bytes leftover after parsing attributes in process `syz.0.1695'.
[  355.329395][T13133] netlink: 16402 bytes leftover after parsing attributes in process `syz.0.1695'.
[  355.384233][T13133] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1695'.
[  355.508543][T13142] Can't find a SQUASHFS superblock on nullb0
[  355.600272][T13143] netlink: 2040 bytes leftover after parsing attributes in process `syz.2.1696'.
[  356.194589][T13146] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  357.658036][T13197] bochs-drm 0000:00:01.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem
[  358.681352][T13237] __nla_validate_parse: 2 callbacks suppressed
[  358.681384][T13237] netlink: 72 bytes leftover after parsing attributes in process `syz.3.1709'.
[  358.964531][T13226] [U] 
[  360.278711][T13284] overlayfs: option "workdir=./file1" is useless in a non-upper mount, ignore
[  360.282854][T13284] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  360.337565][T13294] netlink: 16402 bytes leftover after parsing attributes in process `syz.3.1715'.
[  360.341078][T13289] netlink: 16402 bytes leftover after parsing attributes in process `syz.3.1715'.
[  360.345037][T13294] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1715'.
[  360.850469][T13324] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  361.592119][T13321] [U] 
[  361.749033][T13342] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1721'.
[  361.996800][T13347] netlink: 16402 bytes leftover after parsing attributes in process `syz.3.1723'.
[  361.999921][T13346] netlink: 16402 bytes leftover after parsing attributes in process `syz.3.1723'.
[  362.001697][T13347] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1723'.
[  363.575253][T13366] rdma_rxe: rxe_newlink: failed to add team_slave_0
[  363.715327][T13368] netlink: 84 bytes leftover after parsing attributes in process `syz.3.1728'.
[  363.764822][T13375] netlink: 72 bytes leftover after parsing attributes in process `syz.0.1729'.
[  363.966327][T13391] netlink: 16402 bytes leftover after parsing attributes in process `syz.0.1734'.
[  363.970172][T13386] netlink: 16402 bytes leftover after parsing attributes in process `syz.0.1734'.
[  363.976587][T13386] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1734'.
[  364.675245][ T6016] usb 6-1: new high-speed USB device number 13 using dummy_hcd
[  364.828835][ T6016] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  364.844052][ T6016] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  364.847327][ T6016] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  364.849623][ T6016] usb 6-1: Product: syz
[  364.850833][ T6016] usb 6-1: Manufacturer: syz
[  364.852204][ T6016] usb 6-1: SerialNumber: syz
[  364.860375][ T6016] usb 6-1: selecting invalid altsetting 1
[  365.485215][T13414] rdma_rxe: rxe_newlink: failed to add team_slave_0
[  365.504274][T13415] netlink: 16402 bytes leftover after parsing attributes in process `syz.2.1738'.
[  365.508064][T13413] netlink: 16402 bytes leftover after parsing attributes in process `syz.2.1738'.
[  365.513320][T13413] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1738'.
[  365.658794][ T6016] cdc_ncm 6-1:1.0: failed GET_NTB_PARAMETERS
[  365.660578][ T6016] cdc_ncm 6-1:1.0: bind() failure
[  365.669784][ T6016] usb 6-1: USB disconnect, device number 13
[  365.931561][ T5961] Bluetooth: hci1: ACL packet for unknown connection handle 201
[  366.131072][T13420] netlink: 84 bytes leftover after parsing attributes in process `syz.0.1741'.
[  366.227466][T13425] netlink: 72 bytes leftover after parsing attributes in process `syz.0.1742'.
[  368.447552][T13508] bochs-drm 0000:00:01.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem
[  368.452544][ T5961] Bluetooth: hci2: ACL packet for unknown connection handle 201
[  369.389387][T13533] rdma_rxe: rxe_newlink: failed to add team_slave_0
[  369.538373][T13521] [U] 
[  370.147223][T13559] __nla_validate_parse: 2 callbacks suppressed
[  370.147237][T13559] netlink: 72 bytes leftover after parsing attributes in process `syz.1.1763'.
[  370.754784][T13604] netlink: 72 bytes leftover after parsing attributes in process `syz.2.1769'.
[  371.883689][T13613] [U] 
[  371.974862][T13625] rdma_rxe: rxe_newlink: failed to add team_slave_0
[  373.484930][T13649] overlayfs: option "workdir=./file1" is useless in a non-upper mount, ignore
[  373.488398][T13649] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  373.688941][T13657] rdma_rxe: rxe_newlink: failed to add team_slave_0
[  374.264359][T13662] netlink: 92 bytes leftover after parsing attributes in process `syz.3.1785'.
[  374.314738][T13650] [U] 
[  374.321077][T13670] net_ratelimit: 23 callbacks suppressed
[  374.321089][T13670] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0)
[  374.610127][T13673] hub 6-0:1.0: USB hub found
[  374.623505][T13673] hub 6-0:1.0: 1 port detected
[  375.476008][T13691] rdma_rxe: rxe_newlink: failed to add team_slave_0
[  375.588187][T13692] overlayfs: option "workdir=./file1" is useless in a non-upper mount, ignore
[  375.591508][T13692] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  375.635435][T13694] netlink: 72 bytes leftover after parsing attributes in process `syz.3.1792'.
[  377.131745][T13712] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1799'.
[  377.851069][T13707] [U] 
[  377.996160][T13728] rdma_rxe: rxe_newlink: failed to add team_slave_0
[  378.157416][ T1413] ieee802154 phy0 wpan0: encryption failed: -22
[  378.540355][T13749] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1808'.
[  378.543799][T13749] nbd: socks must be embedded in a SOCK_ITEM attr
[  379.327252][T13764] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1812'.
[  380.614542][T13801] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  380.761412][T13808] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1823'.
[  380.814984][T13806] fuse: root generation should be zero
[  381.082059][T13812] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1825'.
[  381.364475][T13815] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1826'.
[  381.735380][ T1482] usb 8-1: new high-speed USB device number 29 using dummy_hcd
[  381.895505][ T1482] usb 8-1: Using ep0 maxpacket: 8
[  381.901052][ T1482] usb 8-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config
[  381.908659][ T1482] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  381.912493][ T1482] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  381.916790][ T1482] usb 8-1: config 16 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  381.921941][ T1482] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  381.925923][ T1482] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  381.932674][ T1482] usbtmc 8-1:16.0: bulk endpoints not found
[  382.775519][T13838] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1832'.
[  382.834184][T13843] fuse: Bad value for 'fd'
[  382.860252][T13846] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1836'.
[  383.485289][T13859] netlink: 92 bytes leftover after parsing attributes in process `syz.2.1839'.
[  384.280061][T13884] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  384.438438][T13892] syz.2.1843: vmalloc error: size 16384, failed to allocate pages, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  384.447754][T13892] CPU: 2 UID: 0 PID: 13892 Comm: syz.2.1843 Not tainted 6.14.0-rc2-syzkaller-00056-gab68d7eb7b1a #0
[  384.447777][T13892] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  384.447786][T13892] Call Trace:
[  384.447791][T13892]  <TASK>
[  384.447798][T13892]  dump_stack_lvl+0x16c/0x1f0
[  384.447831][T13892]  warn_alloc+0x24d/0x3a0
[  384.447852][T13892]  ? __pfx_warn_alloc+0x10/0x10
[  384.447871][T13892]  ? alloc_pages_mpol+0x25b/0x540
[  384.447891][T13892]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  384.447918][T13892]  __vmalloc_node_range_noprof+0x12bd/0x1530
[  384.447941][T13892]  ? vhost_task_create+0x1bd/0x2b0
[  384.447962][T13892]  ? __memcg_slab_post_alloc_hook+0x4fc/0x9b0
[  384.447983][T13892]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  384.447999][T13892]  ? rcu_is_watching+0x12/0xc0
[  384.448022][T13892]  ? trace_kmem_cache_alloc+0x2d/0xd0
[  384.448043][T13892]  ? kmem_cache_alloc_node_noprof+0x219/0x3b0
[  384.448061][T13892]  ? vhost_task_create+0x1bd/0x2b0
[  384.448076][T13892]  copy_process+0x29b3/0x6f20
[  384.448100][T13892]  ? vhost_task_create+0x1bd/0x2b0
[  384.448125][T13892]  ? __pfx_copy_process+0x10/0x10
[  384.448148][T13892]  ? lockdep_init_map_type+0x16d/0x7d0
[  384.448166][T13892]  ? __raw_spin_lock_init+0x3a/0x110
[  384.448194][T13892]  ? __pfx_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10
[  384.448217][T13892]  ? __pfx_kvm_nx_huge_page_recovery_worker+0x10/0x10
[  384.448243][T13892]  vhost_task_create+0x1bd/0x2b0
[  384.448259][T13892]  ? __pfx_vhost_task_create+0x10/0x10
[  384.448281][T13892]  ? __pfx_vhost_task_fn+0x10/0x10
[  384.448306][T13892]  kvm_mmu_post_init_vm+0x273/0x380
[  384.448326][T13892]  kvm_arch_vcpu_ioctl_run+0x66/0x17f0
[  384.448345][T13892]  ? lock_acquire+0x2f/0xb0
[  384.448361][T13892]  ? kvm_vcpu_ioctl+0x14be/0x16b0
[  384.448384][T13892]  kvm_vcpu_ioctl+0x5ea/0x16b0
[  384.448403][T13892]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  384.448422][T13892]  ? tomoyo_path_number_perm+0x190/0x5b0
[  384.448498][T13892]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  384.448512][T13892]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  384.448534][T13892]  ? do_vfs_ioctl+0x513/0x1950
[  384.448556][T13892]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  384.448588][T13892]  ? __pfx_lock_release+0x10/0x10
[  384.448604][T13892]  ? trace_lock_acquire+0x14e/0x1f0
[  384.448620][T13892]  kvm_vcpu_compat_ioctl+0x210/0x3d0
[  384.448639][T13892]  ? __pfx_kvm_vcpu_compat_ioctl+0x10/0x10
[  384.448657][T13892]  ? __fget_files+0x206/0x3a0
[  384.448677][T13892]  ? __pfx_kvm_vcpu_compat_ioctl+0x10/0x10
[  384.448694][T13892]  __do_compat_sys_ioctl+0x1cb/0x2c0
[  384.448716][T13892]  __do_fast_syscall_32+0x73/0x120
[  384.448734][T13892]  do_fast_syscall_32+0x32/0x80
[  384.448747][T13892]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  384.448772][T13892] RIP: 0023:0xf73be579
[  384.448785][T13892] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  384.448798][T13892] RSP: 002b:00000000f504655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  384.448814][T13892] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000000ae80
[  384.448822][T13892] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  384.448830][T13892] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  384.448838][T13892] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  384.448845][T13892] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  384.448863][T13892]  </TASK>
[  384.448870][T13892] Mem-Info:
[  384.577841][T13892] active_anon:7522 inactive_anon:53 isolated_anon:0
[  384.577841][T13892]  active_file:15251 inactive_file:35047 isolated_file:0
[  384.577841][T13892]  unevictable:1768 dirty:154 writeback:0
[  384.577841][T13892]  slab_reclaimable:7832 slab_unreclaimable:62523
[  384.577841][T13892]  mapped:26715 shmem:4988 pagetables:1006
[  384.577841][T13892]  sec_pagetables:312 bounce:0
[  384.577841][T13892]  kernel_misc_reclaimable:0
[  384.577841][T13892]  free:42921 free_pcp:4942 free_cma:0
[  384.578664][ T5989] usb 8-1: USB disconnect, device number 29
[  384.594832][T13892] Node 0 active_anon:820kB inactive_anon:208kB active_file:1332kB inactive_file:2536kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:2688kB dirty:8kB writeback:0kB shmem:7556kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:9944kB pagetables:1412kB sec_pagetables:1156kB all_unreclaimable? yes
[  384.607801][T13892] Node 1 active_anon:29068kB inactive_anon:4kB active_file:59672kB inactive_file:137652kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:103572kB dirty:608kB writeback:0kB shmem:12396kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:3068kB pagetables:2612kB sec_pagetables:92kB all_unreclaimable? no
[  384.620927][T13892] Node 0 DMA free:2992kB boost:2048kB min:2808kB low:2996kB high:3184kB reserved_highatomic:0KB active_anon:12kB inactive_anon:0kB active_file:16kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:628kB local_pcp:100kB free_cma:0kB
[  384.631336][T13892] lowmem_reserve[]: 0 297 0 0 0
[  384.633233][T13892] Node 0 DMA32 free:17296kB boost:0kB min:13672kB low:17088kB high:20504kB reserved_highatomic:4096KB active_anon:808kB inactive_anon:208kB active_file:1316kB inactive_file:2536kB unevictable:3536kB writepending:8kB present:1032196kB managed:305040kB mlocked:0kB bounce:0kB free_pcp:3516kB local_pcp:332kB free_cma:0kB
[  384.649473][T13892] lowmem_reserve[]: 0 0 0 0 0
[  384.651376][T13892] Node 1 DMA32 free:150948kB boost:0kB min:47144kB low:58928kB high:70712kB reserved_highatomic:0KB active_anon:29068kB inactive_anon:4kB active_file:59672kB inactive_file:137652kB unevictable:3536kB writepending:608kB present:1048432kB managed:948252kB mlocked:0kB bounce:0kB free_pcp:16244kB local_pcp:928kB free_cma:0kB
[  384.669334][T13892] lowmem_reserve[]: 0 0 0 0 0
[  384.671283][T13892] Node 0 DMA: 34*4kB (UME) 25*8kB (UME) 14*16kB (UME) 32*32kB (UME) 12*64kB (UME) 5*128kB (UME) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 2992kB
[  384.677424][T13892] Node 0 DMA32: 54*4kB (UMH) 101*8kB (UMH) 49*16kB (UME) 65*32kB (UMEH) 27*64kB (UME) 11*128kB (UME) 6*256kB (UME) 5*512kB (UM) 4*1024kB (M) 1*2048kB (M) 0*4096kB = 17264kB
[  384.685805][T13892] Node 1 DMA32: 11*4kB (UME) 51*8kB (UE) 502*16kB (UME) 357*32kB (UME) 221*64kB (UME) 73*128kB (UME) 26*256kB (UM) 18*512kB (UME) 11*1024kB (UME) 14*2048kB (UME) 12*4096kB (UM) = 148356kB
[  384.693313][T13892] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  384.697955][T13892] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  384.701596][T13892] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  384.705514][T13892] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  384.709171][T13892] 56371 total pagecache pages
[  384.711005][T13892] 210 pages in swap cache
[  384.712372][T13892] Free swap  = 118936kB
[  384.713488][T13892] Total swap = 124996kB
[  384.714653][T13892] 524155 pages RAM
[  384.715959][T13892] 0 pages HighMem/MovableOnly
[  384.717351][T13892] 206992 pages reserved
[  384.718878][T13892] 0 pages cma reserved
[  385.939382][T13941] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1852'.
[  386.325649][T13956] FAULT_INJECTION: forcing a failure.
[  386.325649][T13956] name failslab, interval 1, probability 0, space 0, times 0
[  386.329327][T13956] CPU: 1 UID: 0 PID: 13956 Comm: syz.2.1854 Not tainted 6.14.0-rc2-syzkaller-00056-gab68d7eb7b1a #0
[  386.329341][T13956] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  386.329348][T13956] Call Trace:
[  386.329352][T13956]  <TASK>
[  386.329357][T13956]  dump_stack_lvl+0x16c/0x1f0
[  386.329380][T13956]  should_fail_ex+0x50a/0x650
[  386.329395][T13956]  ? fs_reclaim_acquire+0xae/0x150
[  386.329413][T13956]  should_failslab+0xc2/0x120
[  386.329427][T13956]  kmem_cache_alloc_noprof+0x6e/0x3b0
[  386.329439][T13956]  ? __get_fs_type+0x21/0x170
[  386.329452][T13956]  ? getname_kernel+0x52/0x370
[  386.329466][T13956]  ? do_raw_read_unlock+0x44/0xe0
[  386.329483][T13956]  getname_kernel+0x52/0x370
[  386.329497][T13956]  kern_path+0x1d/0x50
[  386.329507][T13956]  tomoyo_mount_acl+0x62d/0x880
[  386.329520][T13956]  ? hlock_class+0x4e/0x130
[  386.329535][T13956]  ? __lock_acquire+0x15a9/0x3c40
[  386.329548][T13956]  ? __pfx_tomoyo_mount_acl+0x10/0x10
[  386.329562][T13956]  ? __pfx___lock_acquire+0x10/0x10
[  386.329573][T13956]  ? stack_trace_save+0x95/0xd0
[  386.329590][T13956]  ? __pfx_lock_release+0x10/0x10
[  386.329608][T13956]  ? trace_lock_acquire+0x14e/0x1f0
[  386.329617][T13956]  ? tomoyo_mount_permission+0x149/0x420
[  386.329629][T13956]  ? lock_acquire+0x2f/0xb0
[  386.329639][T13956]  ? tomoyo_mount_permission+0x149/0x420
[  386.329652][T13956]  tomoyo_mount_permission+0x16e/0x420
[  386.329662][T13956]  ? tomoyo_mount_permission+0x149/0x420
[  386.329674][T13956]  ? __pfx_tomoyo_mount_permission+0x10/0x10
[  386.329691][T13956]  ? get_current_fs_domain+0x184/0x1f0
[  386.329709][T13956]  security_sb_mount+0x9b/0x260
[  386.329726][T13956]  path_mount+0x129/0x1f00
[  386.329739][T13956]  ? kmem_cache_free+0x2e2/0x4d0
[  386.329749][T13956]  ? __pfx_path_mount+0x10/0x10
[  386.329762][T13956]  ? putname+0x13c/0x180
[  386.329775][T13956]  __ia32_sys_mount+0x28d/0x310
[  386.329787][T13956]  ? __pfx___ia32_sys_mount+0x10/0x10
[  386.329803][T13956]  __do_fast_syscall_32+0x73/0x120
[  386.329814][T13956]  do_fast_syscall_32+0x32/0x80
[  386.329823][T13956]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  386.329839][T13956] RIP: 0023:0xf73be579
[  386.329847][T13956] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  386.329856][T13956] RSP: 002b:00000000f504655c EFLAGS: 00000296 ORIG_RAX: 0000000000000015
[  386.329866][T13956] RAX: ffffffffffffffda RBX: 0000000080000000 RCX: 00000000800000c0
[  386.329872][T13956] RDX: 0000000080000040 RSI: 0000000000008080 RDI: 0000000000000000
[  386.329878][T13956] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  386.329883][T13956] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  386.329888][T13956] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  386.329900][T13956]  </TASK>
[  386.765175][T13965] netlink: 2040 bytes leftover after parsing attributes in process `syz.2.1855'.
[  386.799857][T13939] syz.1.1851 (13939) used greatest stack depth: 19952 bytes left
[  387.178470][T13998] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1860'.
[  387.186712][T13998] ntfs3(nbd1): try to read out of volume at offset 0x0
[  388.251706][T14018] FAULT_INJECTION: forcing a failure.
[  388.251706][T14018] name failslab, interval 1, probability 0, space 0, times 0
[  388.256236][T14018] CPU: 2 UID: 0 PID: 14018 Comm: syz.3.1867 Not tainted 6.14.0-rc2-syzkaller-00056-gab68d7eb7b1a #0
[  388.256280][T14018] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  388.256289][T14018] Call Trace:
[  388.256293][T14018]  <TASK>
[  388.256298][T14018]  dump_stack_lvl+0x16c/0x1f0
[  388.256326][T14018]  should_fail_ex+0x50a/0x650
[  388.256344][T14018]  ? fs_reclaim_acquire+0xae/0x150
[  388.256365][T14018]  ? io_uring_setup+0x176/0x21a0
[  388.256382][T14018]  should_failslab+0xc2/0x120
[  388.256399][T14018]  __kmalloc_cache_noprof+0x68/0x420
[  388.256414][T14018]  ? io_uring_fill_params+0x59f/0x900
[  388.256433][T14018]  io_uring_setup+0x176/0x21a0
[  388.256451][T14018]  ? __pfx_io_uring_setup+0x10/0x10
[  388.256470][T14018]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  388.256494][T14018]  ? __fget_files+0x206/0x3a0
[  388.256513][T14018]  ? ksys_write+0x1ba/0x250
[  388.256526][T14018]  ? __pfx_ksys_write+0x10/0x10
[  388.256541][T14018]  __ia32_sys_io_uring_setup+0x97/0x140
[  388.256559][T14018]  __do_fast_syscall_32+0x73/0x120
[  388.256573][T14018]  do_fast_syscall_32+0x32/0x80
[  388.256584][T14018]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  388.256605][T14018] RIP: 0023:0xf7f88579
[  388.256615][T14018] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  388.256628][T14018] RSP: 002b:00000000f50a655c EFLAGS: 00000296 ORIG_RAX: 00000000000001a9
[  388.256641][T14018] RAX: ffffffffffffffda RBX: 0000000000004e27 RCX: 0000000080000940
[  388.256649][T14018] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  388.256656][T14018] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  388.256663][T14018] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  388.256670][T14018] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  388.256685][T14018]  </TASK>
[  388.625262][ T5947] usb 8-1: new high-speed USB device number 30 using dummy_hcd
[  388.691146][T14040] netlink: 2040 bytes leftover after parsing attributes in process `syz.1.1871'.
[  388.785356][ T5947] usb 8-1: Using ep0 maxpacket: 8
[  388.793707][ T5947] usb 8-1: config 8 has an invalid interface number: 75 but max is 1
[  388.796841][ T5947] usb 8-1: config 8 has an invalid interface descriptor of length 6, skipping
[  388.800147][ T5947] usb 8-1: config 8 has an invalid interface descriptor of length 7, skipping
[  388.803622][ T5947] usb 8-1: config 8 has an invalid descriptor of length 1, skipping remainder of the config
[  388.808423][ T5947] usb 8-1: config 8 has 1 interface, different from the descriptor's value: 2
[  388.811425][ T5947] usb 8-1: config 8 has no interface number 0
[  388.813148][ T5947] usb 8-1: config 8 interface 75 altsetting 10 has 0 endpoint descriptors, different from the interface descriptor's value: 15
[  388.817277][ T5947] usb 8-1: config 8 interface 75 has no altsetting 0
[  388.821472][ T5947] usb 8-1: New USB device found, idVendor=19d2, idProduct=1592, bcdDevice=32.3b
[  388.825015][ T5947] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  388.828731][ T5947] usb 8-1: Product: syz
[  388.830379][ T5947] usb 8-1: Manufacturer: syz
[  388.832280][ T5947] usb 8-1: SerialNumber: syz
[  389.057839][ T5947] option 8-1:8.75: GSM modem (1-port) converter detected
[  389.066802][ T5947] usb 8-1: USB disconnect, device number 30
[  389.071016][ T5947] option 8-1:8.75: device disconnected
[  389.542433][T14070] rdma_rxe: rxe_newlink: failed to add team_slave_0
[  390.717124][T14102] netlink: 'syz.1.1880': attribute type 1 has an invalid length.
[  390.726034][T14102] 8021q: adding VLAN 0 to HW filter on device bond1
[  390.743556][T14102] bond1: (slave gretap1): making interface the new active one
[  390.746572][T14102] bond1: (slave gretap1): Enslaving as an active interface with an up link
[  390.955572][   T56] usb 7-1: new high-speed USB device number 18 using dummy_hcd
[  391.073244][T14112] xt_NFQUEUE: number of total queues is 0
[  391.106409][   T56] usb 7-1: Using ep0 maxpacket: 8
[  391.114647][   T56] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  391.120682][   T56] usb 7-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  391.124403][   T56] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  391.128833][T14117] rdma_rxe: rxe_newlink: failed to add team_slave_0
[  391.131740][   T56] usb 7-1: config 0 descriptor??
[  391.347538][   T56] iowarrior 7-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[  391.600887][T14124] FAULT_INJECTION: forcing a failure.
[  391.600887][T14124] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  391.611744][T14124] CPU: 3 UID: 0 PID: 14124 Comm: syz.2.1882 Not tainted 6.14.0-rc2-syzkaller-00056-gab68d7eb7b1a #0
[  391.611786][T14124] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  391.611797][T14124] Call Trace:
[  391.611803][T14124]  <TASK>
[  391.611810][T14124]  dump_stack_lvl+0x16c/0x1f0
[  391.611843][T14124]  should_fail_ex+0x50a/0x650
[  391.611869][T14124]  strncpy_from_user+0x3b/0x2d0
[  391.611888][T14124]  getname_flags.part.0+0x8f/0x550
[  391.611914][T14124]  getname+0x8d/0xe0
[  391.611930][T14124]  do_sys_openat2+0x104/0x1e0
[  391.611950][T14124]  ? __pfx_do_sys_openat2+0x10/0x10
[  391.611972][T14124]  ? __fget_files+0x206/0x3a0
[  391.611993][T14124]  __ia32_compat_sys_openat+0x16e/0x210
[  391.612016][T14124]  ? __pfx___ia32_compat_sys_openat+0x10/0x10
[  391.612037][T14124]  ? ksys_write+0x1ba/0x250
[  391.612058][T14124]  __do_fast_syscall_32+0x73/0x120
[  391.612076][T14124]  do_fast_syscall_32+0x32/0x80
[  391.612092][T14124]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  391.612120][T14124] RIP: 0023:0xf73be579
[  391.612133][T14124] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  391.612150][T14124] RSP: 002b:00000000f5025100 EFLAGS: 00000293 ORIG_RAX: 0000000000000127
[  391.612167][T14124] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 00000000f5025150
[  391.612177][T14124] RDX: 0000000000000002 RSI: 0000000000000000 RDI: 00000000f73acff4
[  391.612186][T14124] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000
[  391.612196][T14124] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  391.612206][T14124] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  391.612225][T14124]  </TASK>
[  391.779563][T14126] infiniband syz0: set down
[  391.781116][T14126] infiniband syz0: added bond0
[  391.817810][T14126] RDS/IB: syz0: added
[  391.819214][T14126] smc: adding ib device syz0 with port count 1
[  391.821036][T14126] smc:    ib device syz0 port 1 has pnetid SYZ2 (user defined)
[  391.928556][   T56] usb 7-1: USB disconnect, device number 18
[  392.522631][T14145] bochs-drm 0000:00:01.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem
[  393.297203][T14161] rdma_rxe: rxe_newlink: failed to add team_slave_0
[  393.512022][T14166] netlink: 'syz.3.1894': attribute type 1 has an invalid length.
[  393.559234][T14166] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1894'.
[  393.567931][T14166] 8021q: adding VLAN 0 to HW filter on device batadv2
[  393.570685][T14166] bond1: (slave batadv2): Enslaving as a backup interface with an up link
[  393.579238][T14166] bond1 (unregistering): (slave batadv2): Releasing backup interface
[  393.584024][T14166] bond1 (unregistering): Released all slaves
[  393.889885][T14191] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  393.899710][T14203] netlink: 16402 bytes leftover after parsing attributes in process `syz.0.1895'.
[  393.904922][T14178] netlink: 16402 bytes leftover after parsing attributes in process `syz.0.1895'.
[  393.917938][T14178] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1895'.
[  394.034030][T14191] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  394.217178][T14191] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  394.334790][T14191] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  394.493734][T14191] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  394.502185][T14191] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  394.507373][T14191] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  394.513523][T14191] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  394.540706][T14211] orangefs_mount: mount request failed with -4
[  395.422213][T14262] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1902'.
[  395.554731][T14265] bochs-drm 0000:00:01.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem
[  396.229698][T14272] rdma_rxe: rxe_newlink: failed to add team_slave_0
[  396.548670][T14278] bochs-drm 0000:00:01.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem
[  396.699156][T14286] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0)
[  396.905936][T14287] hub 6-0:1.0: USB hub found
[  396.907784][T14287] hub 6-0:1.0: 1 port detected
[  397.229636][T14284] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  397.234527][T14284] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  397.242898][T14284] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  397.361251][T14294] netlink: 16402 bytes leftover after parsing attributes in process `syz.2.1909'.
[  397.364589][T14291] netlink: 16402 bytes leftover after parsing attributes in process `syz.2.1909'.
[  397.373712][T14291] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1909'.
[  397.763149][T14303] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1914'.
[  398.787275][ T5961] Bluetooth: hci1: command 0x0406 tx timeout
[  398.986690][   T30] wg1 speed is unknown, defaulting to 1000
[  399.056527][T14310] rdma_rxe: rxe_newlink: failed to add team_slave_0
[  399.190875][T14314] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0)
[  399.265348][ T5961] Bluetooth: hci3: command 0x0406 tx timeout
[  399.267780][ T5961] Bluetooth: hci2: command 0x0406 tx timeout
[  399.393391][T14315] hub 6-0:1.0: USB hub found
[  399.395237][T14315] hub 6-0:1.0: 1 port detected
[  399.885885][T14317] netlink: 2040 bytes leftover after parsing attributes in process `syz.2.1918'.
[  400.191159][T14336] netlink: 56 bytes leftover after parsing attributes in process `syz.2.1923'.
[  400.213669][T14334] netlink: 72 bytes leftover after parsing attributes in process `syz.0.1919'.
[  400.304984][T14343] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1924'.
[  401.042080][T14346] rdma_rxe: rxe_newlink: failed to add team_slave_0
[  401.181623][T14354] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0)
[  401.182773][T14355] netlink: 2040 bytes leftover after parsing attributes in process `syz.2.1928'.
[  401.300135][T14362] netlink: 56 bytes leftover after parsing attributes in process `syz.3.1931'.
[  401.373689][T14357] hub 6-0:1.0: USB hub found
[  401.378718][T14357] hub 6-0:1.0: 1 port detected
[  401.467678][T14366] bochs-drm 0000:00:01.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem
[  401.482898][ T5961] Bluetooth: hci3: ACL packet for unknown connection handle 201
[  402.876855][T14388] netlink: 2040 bytes leftover after parsing attributes in process `syz.3.1938'.
[  403.405741][T14397] syz!: rxe_newlink: already configured on team_slave_0
[  403.935915][T14412] FAULT_INJECTION: forcing a failure.
[  403.935915][T14412] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  403.941962][T14412] CPU: 2 UID: 0 PID: 14412 Comm: syz.3.1945 Not tainted 6.14.0-rc2-syzkaller-00056-gab68d7eb7b1a #0
[  403.941978][T14412] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  403.941984][T14412] Call Trace:
[  403.941988][T14412]  <TASK>
[  403.941992][T14412]  dump_stack_lvl+0x16c/0x1f0
[  403.942015][T14412]  should_fail_ex+0x50a/0x650
[  403.942031][T14412]  _copy_from_user+0x2e/0xd0
[  403.942046][T14412]  copy_from_buffer+0x86/0xb0
[  403.942061][T14412]  copy_uabi_to_xstate+0x26e/0x670
[  403.942075][T14412]  ? __pfx_copy_uabi_to_xstate+0x10/0x10
[  403.942087][T14412]  ? __pfx_lock_release+0x10/0x10
[  403.942099][T14412]  ? trace_lock_acquire+0x14e/0x1f0
[  403.942112][T14412]  ? __local_bh_enable_ip+0xa4/0x120
[  403.942128][T14412]  __fpu_restore_sig+0x1062/0x1430
[  403.942141][T14412]  ? __pfx___fpu_restore_sig+0x10/0x10
[  403.942161][T14412]  ? lock_acquire+0x2f/0xb0
[  403.942172][T14412]  ? __might_fault+0xe3/0x190
[  403.942200][T14412]  fpu__restore_sig+0x113/0x190
[  403.942213][T14412]  ia32_restore_sigcontext+0x40f/0x5d0
[  403.942228][T14412]  ? __pfx_ia32_restore_sigcontext+0x10/0x10
[  403.942241][T14412]  ? __pfx_lock_release+0x10/0x10
[  403.942255][T14412]  ? _raw_spin_unlock_irq+0x23/0x50
[  403.942271][T14412]  ? lockdep_hardirqs_on+0x7c/0x110
[  403.942289][T14412]  __do_compat_sys_rt_sigreturn+0x121/0x1f0
[  403.942304][T14412]  ? __pfx___do_compat_sys_rt_sigreturn+0x10/0x10
[  403.942333][T14412]  do_int80_emulation+0x104/0x200
[  403.942344][T14412]  asm_int80_emulation+0x1a/0x20
[  403.942358][T14412] RIP: 0023:0xf7f88577
[  403.942366][T14412] Code: 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 <cd> 80 5d 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00
[  403.942376][T14412] RSP: 002b:00000000f50a655c EFLAGS: 00000296
[  403.942385][T14412] RAX: 0000000000000004 RBX: 0000000000000003 RCX: 0000000080000380
[  403.942391][T14412] RDX: 0000000000000010 RSI: 0000000000000000 RDI: 0000000000000000
[  403.942397][T14412] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  403.942402][T14412] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  403.942408][T14412] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  403.942419][T14412]  </TASK>
[  404.338134][T14421] bridge_slave_1: left allmulticast mode
[  404.339867][T14421] bridge_slave_1: left promiscuous mode
[  404.343577][T14421] bridge0: port 2(bridge_slave_1) entered disabled state
[  404.823024][T14430] rdma_rxe: rxe_newlink: failed to add team_slave_0
[  405.001955][T14431] bochs-drm 0000:00:01.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem
[  405.011536][ T5961] Bluetooth: hci3: ACL packet for unknown connection handle 201
[  405.113557][T14433] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1951'.
[  405.306463][T14442] IPVS: sync thread started: state = MASTER, mcast_ifn = wg1, syncid = 262145, id = 0
[  405.415263][T14447] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1953'.
[  405.432073][T14447] batadv1: entered promiscuous mode
[  405.433778][T14447] batadv1: entered allmulticast mode
[  406.558005][T14468] overlayfs: option "workdir=./file1" is useless in a non-upper mount, ignore
[  406.561041][T14468] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  406.682550][T14471] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0)
[  406.859081][T14472] hub 6-0:1.0: USB hub found
[  406.860642][T14472] hub 6-0:1.0: 1 port detected
[  407.197720][T14475] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1961'.
[  407.655504][T14490] netlink: 16402 bytes leftover after parsing attributes in process `syz.2.1965'.
[  407.658528][T14487] netlink: 16402 bytes leftover after parsing attributes in process `syz.2.1965'.
[  407.658964][T14490] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1965'.
[  407.884043][T14499] netlink: 16402 bytes leftover after parsing attributes in process `syz.2.1968'.
[  407.888725][T14497] netlink: 16402 bytes leftover after parsing attributes in process `syz.2.1968'.
[  407.901085][T14499] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1968'.
[  407.986427][T14500] netlink: 72 bytes leftover after parsing attributes in process `syz.0.1964'.
[  408.811704][T14512] bochs-drm 0000:00:01.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem
[  408.819524][ T5961] Bluetooth: hci2: ACL packet for unknown connection handle 201
[  409.065011][T14515] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0)
[  409.164296][T14516] hub 6-0:1.0: USB hub found
[  409.166113][T14516] hub 6-0:1.0: 1 port detected
[  409.421829][T14508] [U] 
[  409.596227][T14524] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  409.599689][T14524] overlayfs: failed to set xattr on upper
[  409.601917][T14524] overlayfs: ...falling back to redirect_dir=nofollow.
[  409.604397][T14524] overlayfs: ...falling back to uuid=null.
[  409.845026][T14532] futex_wake_op: syz.1.1978 tries to shift op by -1; fix this program
[  410.670962][T14544] __nla_validate_parse: 1 callbacks suppressed
[  410.670977][T14544] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1981'.
[  412.246243][T14564] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0)
[  412.302091][T14547] [U] 
[  412.523130][T14565] hub 6-0:1.0: USB hub found
[  412.527775][T14565] hub 6-0:1.0: 1 port detected
[  413.306194][T14582] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1993'.
[  413.309637][T14582] FAULT_INJECTION: forcing a failure.
[  413.309637][T14582] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  413.314753][T14582] CPU: 0 UID: 0 PID: 14582 Comm: syz.3.1993 Not tainted 6.14.0-rc2-syzkaller-00056-gab68d7eb7b1a #0
[  413.314776][T14582] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  413.314787][T14582] Call Trace:
[  413.314792][T14582]  <TASK>
[  413.314799][T14582]  dump_stack_lvl+0x16c/0x1f0
[  413.315221][T14582]  should_fail_ex+0x50a/0x650
[  413.315438][T14582]  _copy_from_user+0x2e/0xd0
[  413.315463][T14582]  kstrtouint_from_user+0xd7/0x1c0
[  413.315481][T14582]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  413.315506][T14582]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  413.315588][T14582]  proc_fail_nth_write+0x84/0x250
[  413.315659][T14582]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  413.315680][T14582]  ? ksys_write+0x12b/0x250
[  413.315744][T14582]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  413.315765][T14582]  vfs_write+0x24c/0x1150
[  413.315782][T14582]  ? __fget_files+0x1fc/0x3a0
[  413.315801][T14582]  ? __pfx___mutex_lock+0x10/0x10
[  413.315837][T14582]  ? __pfx_vfs_write+0x10/0x10
[  413.315858][T14582]  ? __fget_files+0x206/0x3a0
[  413.315883][T14582]  ksys_write+0x12b/0x250
[  413.315898][T14582]  ? __pfx_ksys_write+0x10/0x10
[  413.315922][T14582]  __do_fast_syscall_32+0x73/0x120
[  413.315941][T14582]  do_fast_syscall_32+0x32/0x80
[  413.315957][T14582]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  413.316001][T14582] RIP: 0023:0xf7f88579
[  413.316014][T14582] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  413.316030][T14582] RSP: 002b:00000000f50a6590 EFLAGS: 00000293 ORIG_RAX: 0000000000000004
[  413.316064][T14582] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f50a6620
[  413.316073][T14582] RDX: 0000000000000001 RSI: 00000000f740cff4 RDI: 0000000000000000
[  413.316082][T14582] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  413.316091][T14582] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  413.316105][T14582] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  413.316126][T14582]  </TASK>
[  413.721282][T14598] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1996'.
[  413.957811][T14607] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  414.096166][T14613] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0)
[  414.944809][T14616] FAULT_INJECTION: forcing a failure.
[  414.944809][T14616] name failslab, interval 1, probability 0, space 0, times 0
[  414.949914][T14616] CPU: 3 UID: 0 PID: 14616 Comm: syz.1.2001 Not tainted 6.14.0-rc2-syzkaller-00056-gab68d7eb7b1a #0
[  414.949939][T14616] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  414.949950][T14616] Call Trace:
[  414.950000][T14616]  <TASK>
[  414.950007][T14616]  dump_stack_lvl+0x16c/0x1f0
[  414.950516][T14616]  should_fail_ex+0x50a/0x650
[  414.950711][T14616]  should_failslab+0xc2/0x120
[  414.950783][T14616]  kmem_cache_alloc_noprof+0x6e/0x3b0
[  414.950822][T14616]  ? skb_clone+0x190/0x3f0
[  414.951003][T14616]  skb_clone+0x190/0x3f0
[  414.951021][T14616]  netlink_deliver_tap+0xafd/0xca0
[  414.951089][T14616]  netlink_unicast+0x6b4/0x7f0
[  414.951115][T14616]  ? __pfx_netlink_unicast+0x10/0x10
[  414.951145][T14616]  netlink_ack+0x6a5/0xb20
[  414.951176][T14616]  netlink_rcv_skb+0x327/0x410
[  414.951200][T14616]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  414.951247][T14616]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  414.951270][T14616]  ? __pfx_aa_get_newest_label+0x10/0x10
[  414.951337][T14616]  ? bpf_lsm_capable+0x9/0x10
[  414.951360][T14616]  ? security_capable+0x7e/0x260
[  414.951387][T14616]  ? ns_capable+0xd7/0x110
[  414.951449][T14616]  nfnetlink_rcv+0x1b4/0x430
[  414.951474][T14616]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  414.951499][T14616]  ? netlink_deliver_tap+0x1ae/0xca0
[  414.951526][T14616]  netlink_unicast+0x53c/0x7f0
[  414.951553][T14616]  ? __pfx_netlink_unicast+0x10/0x10
[  414.951577][T14616]  ? __phys_addr_symbol+0x30/0x80
[  414.951622][T14616]  ? __check_object_size+0x488/0x710
[  414.951648][T14616]  netlink_sendmsg+0x8b8/0xd70
[  414.951675][T14616]  ? __pfx_netlink_sendmsg+0x10/0x10
[  414.951708][T14616]  ____sys_sendmsg+0x9ae/0xb40
[  414.951733][T14616]  ? __pfx_____sys_sendmsg+0x10/0x10
[  414.951754][T14616]  ? get_compat_msghdr+0x11b/0x170
[  414.951811][T14616]  ___sys_sendmsg+0x135/0x1e0
[  414.951831][T14616]  ? __pfx____sys_sendmsg+0x10/0x10
[  414.951860][T14616]  ? __pfx_lock_release+0x10/0x10
[  414.951887][T14616]  ? trace_lock_acquire+0x14e/0x1f0
[  414.951910][T14616]  ? __fget_files+0x206/0x3a0
[  414.951935][T14616]  __sys_sendmsg+0x16e/0x220
[  414.951953][T14616]  ? __pfx___sys_sendmsg+0x10/0x10
[  414.951985][T14616]  __do_fast_syscall_32+0x73/0x120
[  414.952022][T14616]  do_fast_syscall_32+0x32/0x80
[  414.952038][T14616]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  414.952084][T14616] RIP: 0023:0xf744e579
[  414.952099][T14616] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  414.952114][T14616] RSP: 002b:00000000f50d655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  414.952149][T14616] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800002c0
[  414.952158][T14616] RDX: 0000000000000080 RSI: 0000000000000000 RDI: 0000000000000000
[  414.952168][T14616] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  414.952177][T14616] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  414.952186][T14616] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  414.952208][T14616]  </TASK>
[  415.506569][T14631] netlink: 2040 bytes leftover after parsing attributes in process `syz.1.2005'.
[  415.989786][T14644] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2007'.
[  415.993515][T14643] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2007'.
[  416.633852][T14657] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2012'.
[  416.637363][T14657] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2012'.
[  417.731049][T14671] QAT: Device 253 not found
[  417.733871][T14671] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2016'.
[  417.772306][T14668] netlink: 16402 bytes leftover after parsing attributes in process `syz.3.2014'.
[  417.792763][T14668] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2014'.
[  417.797498][T14659] netlink: 16402 bytes leftover after parsing attributes in process `syz.3.2014'.
[  419.010293][T14715] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0)
[  419.209241][T14724] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2023'.
[  421.624808][T14775] Option 'o]‚çåc' to dns_resolver key: bad/missing value
[  421.769582][T14783] netlink: 72 bytes leftover after parsing attributes in process `syz.2.2028'.
[  421.934956][T14793] netlink: 16402 bytes leftover after parsing attributes in process `syz.3.2036'.
[  421.937926][T14788] netlink: 16402 bytes leftover after parsing attributes in process `syz.3.2036'.
[  421.946486][T14788] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2036'.
[  422.424260][T14805] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  424.134385][   T39] audit: type=1326 audit(1739511768.113:8100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14824 comm="syz.3.2046" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f88579 code=0x0
[  432.349485][T14852] sctp: [Deprecated]: syz.2.2053 (pid 14852) Use of int in max_burst socket option deprecated.
[  432.349485][T14852] Use struct sctp_assoc_value instead
[  432.516806][T14865] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2055'.
[  433.356598][T14876] rdma_rxe: rxe_newlink: failed to add team_slave_0
[  433.768799][T14891] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2064'.
[  434.726617][T14905] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2069'.
[  434.726642][T14905] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2069'.
[  435.461672][T14917] rdma_rxe: rxe_newlink: failed to add team_slave_0
[  435.911254][T14930] netlink: 2040 bytes leftover after parsing attributes in process `syz.2.2076'.
[  436.199470][T14938] overlayfs: option "workdir=./file1" is useless in a non-upper mount, ignore
[  436.203058][T14938] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  436.488719][T14940] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2079'.
[  436.488729][T14941] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2079'.
[  436.498100][T14940] 8021q: adding VLAN 0 to HW filter on device bond1
[  436.512072][T14940] 8021q: adding VLAN 0 to HW filter on device bond1
[  436.515052][T14940] bond1: (slave vxcan3): The slave device specified does not support setting the MAC address
[  436.520722][T14940] bond1: (slave vxcan3): Error -95 calling set_mac_address
[  436.871671][T14955] rdma_rxe: rxe_newlink: failed to add team_slave_0
[  438.482533][T14992] overlayfs: option "workdir=./file1" is useless in a non-upper mount, ignore
[  438.485587][T14992] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  439.266444][T15040] netlink: 76 bytes leftover after parsing attributes in process `syz.1.2097'.
[  439.378002][T15055] netlink: 92 bytes leftover after parsing attributes in process `syz.2.2098'.
[  439.480118][T15046] bochs-drm 0000:00:01.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem
[  439.484660][ T5961] Bluetooth: hci1: ACL packet for unknown connection handle 201
[  439.536467][T15070] FAULT_INJECTION: forcing a failure.
[  439.536467][T15070] name failslab, interval 1, probability 0, space 0, times 0
[  439.536487][T15070] CPU: 3 UID: 0 PID: 15070 Comm: syz.2.2101 Not tainted 6.14.0-rc2-syzkaller-00056-gab68d7eb7b1a #0
[  439.536499][T15070] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  439.536505][T15070] Call Trace:
[  439.536509][T15070]  <TASK>
[  439.536513][T15070]  dump_stack_lvl+0x16c/0x1f0
[  439.536536][T15070]  should_fail_ex+0x50a/0x650
[  439.536553][T15070]  should_failslab+0xc2/0x120
[  439.536567][T15070]  __kmalloc_noprof+0xce/0x4f0
[  439.536585][T15070]  ? bit_cursor+0x87c/0x1800
[  439.536632][T15070]  ? fb_get_color_depth+0x120/0x250
[  439.536649][T15070]  bit_cursor+0x87c/0x1800
[  439.536662][T15070]  ? __pfx_bit_cursor+0x10/0x10
[  439.536676][T15070]  ? fb_get_color_depth+0x120/0x250
[  439.536690][T15070]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  439.536707][T15070]  ? get_color+0x1ce/0x440
[  439.536721][T15070]  ? __pfx_bit_cursor+0x10/0x10
[  439.536730][T15070]  fbcon_cursor+0x409/0x5f0
[  439.536747][T15070]  hide_cursor+0x84/0x220
[  439.536785][T15070]  redraw_screen+0x5d6/0x760
[  439.536800][T15070]  ? __pfx_redraw_screen+0x10/0x10
[  439.536813][T15070]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[  439.536833][T15070]  vc_do_resize+0xe7d/0x10f0
[  439.536853][T15070]  ? __pfx_vc_do_resize+0x10/0x10
[  439.536867][T15070]  ? xfd_validate_state+0x5d/0x180
[  439.536883][T15070]  ? save_fpregs_to_fpstate+0x148/0x270
[  439.536895][T15070]  fbcon_do_set_font+0x427/0x910
[  439.536914][T15070]  fbcon_set_font+0x85f/0xa50
[  439.536931][T15070]  ? __pfx_fbcon_set_font+0x10/0x10
[  439.536946][T15070]  con_font_op+0x7fd/0xf50
[  439.536957][T15070]  ? __pfx_con_font_op+0x10/0x10
[  439.536967][T15070]  ? lock_acquire+0x2f/0xb0
[  439.536979][T15070]  ? __might_fault+0xe3/0x190
[  439.536993][T15070]  ? __might_fault+0xe3/0x190
[  439.537009][T15070]  vt_compat_ioctl+0x36b/0x4e0
[  439.537022][T15070]  ? __pfx_vt_compat_ioctl+0x10/0x10
[  439.537033][T15070]  ? find_held_lock+0x2d/0x110
[  439.537052][T15070]  ? __fget_files+0x206/0x3a0
[  439.537063][T15070]  ? __pfx_vt_compat_ioctl+0x10/0x10
[  439.537075][T15070]  tty_compat_ioctl+0x2ee/0x4d0
[  439.537091][T15070]  ? __pfx_tty_compat_ioctl+0x10/0x10
[  439.537106][T15070]  __do_compat_sys_ioctl+0x1cb/0x2c0
[  439.537122][T15070]  __do_fast_syscall_32+0x73/0x120
[  439.537133][T15070]  do_fast_syscall_32+0x32/0x80
[  439.537142][T15070]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  439.537160][T15070] RIP: 0023:0xf73be579
[  439.537167][T15070] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  439.537176][T15070] RSP: 002b:00000000f504655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  439.537187][T15070] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000004b72
[  439.537192][T15070] RDX: 0000000080000000 RSI: 0000000000000000 RDI: 0000000000000000
[  439.537198][T15070] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  439.537203][T15070] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  439.537208][T15070] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  439.537220][T15070]  </TASK>
[  439.586466][ T1413] ieee802154 phy0 wpan0: encryption failed: -22
[  439.587402][ T1413] ==================================================================
[  439.587413][ T1413] BUG: KASAN: slab-use-after-free in tty_write_room+0x7d/0x90
[  439.587438][ T1413] Read of size 8 at addr ffff888067e04020 by task aoe_tx0/1413
[  439.587449][ T1413] 
[  439.587456][ T1413] CPU: 3 UID: 0 PID: 1413 Comm: aoe_tx0 Not tainted 6.14.0-rc2-syzkaller-00056-gab68d7eb7b1a #0
[  439.587471][ T1413] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  439.587481][ T1413] Call Trace:
[  439.587486][ T1413]  <TASK>
[  439.587492][ T1413]  dump_stack_lvl+0x116/0x1f0
[  439.587517][ T1413]  print_report+0xc3/0x620
[  439.587535][ T1413]  ? __virt_addr_valid+0x5e/0x590
[  439.587550][ T1413]  ? __phys_addr+0xc6/0x150
[  439.587571][ T1413]  kasan_report+0xd9/0x110
[  439.587586][ T1413]  ? tty_write_room+0x7d/0x90
[  439.587601][ T1413]  ? tty_write_room+0x7d/0x90
[  439.587616][ T1413]  tty_write_room+0x7d/0x90
[  439.587631][ T1413]  handle_tx+0x151/0x630
[  439.587740][ T1413]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  439.587767][ T1413]  dev_hard_start_xmit+0x9a/0x7b0
[  439.587794][ T1413]  __dev_queue_xmit+0x7f0/0x43e0
[  439.587821][ T1413]  ? __pfx___dev_queue_xmit+0x10/0x10
[  439.587843][ T1413]  ? __pfx___lock_acquire+0x10/0x10
[  439.587864][ T1413]  ? __pfx___lock_acquire+0x10/0x10
[  439.587892][ T1413]  ? lock_acquire.part.0+0x11b/0x380
[  439.587910][ T1413]  ? find_held_lock+0x2d/0x110
[  439.587936][ T1413]  ? find_held_lock+0x2d/0x110
[  439.587961][ T1413]  ? tx+0xa8/0x190
[  439.588026][ T1413]  ? __pfx_lock_release+0x10/0x10
[  439.588044][ T1413]  ? lock_acquire+0x2f/0xb0
[  439.588067][ T1413]  tx+0xcc/0x190
[  439.588085][ T1413]  ? __pfx_tx+0x10/0x10
[  439.588102][ T1413]  kthread+0x1e7/0x3c0
[  439.588119][ T1413]  ? __pfx_kthread+0x10/0x10
[  439.588136][ T1413]  ? __pfx_default_wake_function+0x10/0x10
[  439.588174][ T1413]  ? lockdep_hardirqs_on+0x7c/0x110
[  439.588201][ T1413]  ? __kthread_parkme+0x148/0x220
[  439.588225][ T1413]  ? __pfx_kthread+0x10/0x10
[  439.588242][ T1413]  kthread+0x3af/0x750
[  439.588258][ T1413]  ? __pfx_kthread+0x10/0x10
[  439.588276][ T1413]  ? __pfx_kthread+0x10/0x10
[  439.588292][ T1413]  ret_from_fork+0x45/0x80
[  439.588314][ T1413]  ? __pfx_kthread+0x10/0x10
[  439.588329][ T1413]  ret_from_fork_asm+0x1a/0x30
[  439.588354][ T1413]  </TASK>
[  439.588360][ T1413] 
[  439.588364][ T1413] Allocated by task 15027:
[  439.588372][ T1413]  kasan_save_stack+0x33/0x60
[  439.588389][ T1413]  kasan_save_track+0x14/0x30
[  439.588406][ T1413]  __kasan_kmalloc+0xaa/0xb0
[  439.588420][ T1413]  alloc_tty_struct+0x98/0x8d0
[  439.588433][ T1413]  tty_init_dev.part.0+0x1e/0x660
[  439.588446][ T1413]  tty_init_dev+0x60/0x80
[  439.588459][ T1413]  ptmx_open+0x10d/0x360
[  439.588478][ T1413]  chrdev_open+0x237/0x6a0
[  439.588496][ T1413]  do_dentry_open+0x735/0x1c40
[  439.588511][ T1413]  vfs_open+0x82/0x3f0
[  439.588529][ T1413]  path_openat+0x1e88/0x2d80
[  439.588545][ T1413]  do_filp_open+0x20c/0x470
[  439.588559][ T1413]  do_sys_openat2+0x17a/0x1e0
[  439.588578][ T1413]  __ia32_compat_sys_openat+0x16e/0x210
[  439.588601][ T1413]  __do_fast_syscall_32+0x73/0x120
[  439.588615][ T1413]  do_fast_syscall_32+0x32/0x80
[  439.588628][ T1413]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  439.588654][ T1413] 
[  439.588658][ T1413] Freed by task 6014:
[  439.588665][ T1413]  kasan_save_stack+0x33/0x60
[  439.588680][ T1413]  kasan_save_track+0x14/0x30
[  439.588695][ T1413]  kasan_save_free_info+0x3b/0x60
[  439.588717][ T1413]  __kasan_slab_free+0x51/0x70
[  439.588734][ T1413]  kfree+0x2c4/0x4d0
[  439.588762][ T1413]  process_one_work+0x958/0x1b30
[  439.588780][ T1413]  worker_thread+0x6c8/0xf00
[  439.588797][ T1413]  kthread+0x3af/0x750
[  439.588811][ T1413]  ret_from_fork+0x45/0x80
[  439.588828][ T1413]  ret_from_fork_asm+0x1a/0x30
[  439.588844][ T1413] 
[  439.588848][ T1413] Last potentially related work creation:
[  439.588853][ T1413]  kasan_save_stack+0x33/0x60
[  439.588869][ T1413]  kasan_record_aux_stack+0xb8/0xd0
[  439.588895][ T1413]  insert_work+0x36/0x230
[  439.588909][ T1413]  __queue_work+0x97e/0x1080
[  439.588925][ T1413]  queue_work_on+0x11a/0x140
[  439.588941][ T1413]  release_tty+0x4de/0x5d0
[  439.588962][ T1413]  tty_release_struct+0xb7/0xe0
[  439.588982][ T1413]  tty_release+0xe25/0x1410
[  439.589004][ T1413]  __fput+0x3ff/0xb70
[  439.589021][ T1413]  task_work_run+0x14e/0x250
[  439.589037][ T1413]  syscall_exit_to_user_mode+0x27b/0x2a0
[  439.589060][ T1413]  __do_fast_syscall_32+0x80/0x120
[  439.589074][ T1413]  do_fast_syscall_32+0x32/0x80
[  439.589088][ T1413]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  439.589125][ T1413] 
[  439.589129][ T1413] The buggy address belongs to the object at ffff888067e04000
[  439.589129][ T1413]  which belongs to the cache kmalloc-cg-2k of size 2048
[  439.589141][ T1413] The buggy address is located 32 bytes inside of
[  439.589141][ T1413]  freed 2048-byte region [ffff888067e04000, ffff888067e04800)
[  439.795390][ T1413] 
[  439.795397][ T1413] The buggy address belongs to the physical page:
[  439.795403][ T1413] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x67e00
[  439.795415][ T1413] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  439.795422][ T1413] memcg:ffff88806346b701
[  439.795427][ T1413] anon flags: 0x4fff00000000040(head|node=1|zone=1|lastcpupid=0x7ff)
[  439.806189][ T1413] page_type: f5(slab)
[  439.807356][ T1413] raw: 04fff00000000040 ffff88801b050140 0000000000000000 dead000000000001
[  439.809721][ T1413] raw: 0000000000000000 0000000080080008 00000000f5000000 ffff88806346b701
[  439.812088][ T1413] head: 04fff00000000040 ffff88801b050140 0000000000000000 dead000000000001
[  439.814446][ T1413] head: 0000000000000000 0000000080080008 00000000f5000000 ffff88806346b701
[  439.816872][ T1413] head: 04fff00000000003 ffffea00019f8001 ffffffffffffffff 0000000000000000
[  439.819247][ T1413] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[  439.821657][ T1413] page dumped because: kasan: bad access detected
[  439.823442][ T1413] page_owner tracks the page as allocated
[  439.825007][ T1413] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5946, tgid 5946 (syz-executor), ts 45466118664, free_ts 0
[  439.830566][ T1413]  post_alloc_hook+0x181/0x1b0
[  439.831929][ T1413]  get_page_from_freelist+0xfce/0x2f80
[  439.833443][ T1413]  __alloc_frozen_pages_noprof+0x221/0x2470
[  439.835096][ T1413]  alloc_pages_mpol+0x1fc/0x540
[  439.836458][ T1413]  new_slab+0x23d/0x330
[  439.837661][ T1413]  ___slab_alloc+0xbfa/0x1600
[  439.839011][ T1413]  __slab_alloc.constprop.0+0x56/0xb0
[  439.840594][ T1413]  __kmalloc_node_track_caller_noprof+0x2ee/0x520
[  439.842362][ T1413]  kmemdup_noprof+0x29/0x60
[  439.843657][ T1413]  neigh_sysctl_register+0xb3/0x640
[  439.845104][ T1413]  addrconf_sysctl_register+0xb9/0x1f0
[  439.846733][ T1413]  ipv6_add_dev+0xa1a/0x13e0
[  439.848070][ T1413]  addrconf_notify+0x53e/0x19c0
[  439.849654][ T1413]  notifier_call_chain+0xb7/0x410
[  439.851069][ T1413]  call_netdevice_notifiers_info+0xbe/0x140
[  439.852693][ T1413]  register_netdevice+0x174a/0x1e50
[  439.854243][ T1413] page_owner free stack trace missing
[  439.855782][ T1413] 
[  439.856475][ T1413] Memory state around the buggy address:
[  439.858206][ T1413]  ffff888067e03f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  439.860438][ T1413]  ffff888067e03f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  439.862718][ T1413] >ffff888067e04000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  439.864916][ T1413]                                ^
[  439.866329][ T1413]  ffff888067e04080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  439.868571][ T1413]  ffff888067e04100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  439.870789][ T1413] ==================================================================
[  439.873134][    C3] vkms_vblank_simulate: vblank timer overrun
[  439.875010][ T1413] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  439.877277][ T1413] CPU: 3 UID: 0 PID: 1413 Comm: aoe_tx0 Not tainted 6.14.0-rc2-syzkaller-00056-gab68d7eb7b1a #0
[  439.880143][ T1413] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  439.883148][ T1413] Call Trace:
[  439.884054][ T1413]  <TASK>
[  439.884876][ T1413]  dump_stack_lvl+0x3d/0x1f0
[  439.886168][ T1413]  panic+0x71d/0x800
[  439.887318][ T1413]  ? mark_held_locks+0x9f/0xe0
[  439.888684][ T1413]  ? __pfx_panic+0x10/0x10
[  439.890058][ T1413]  ? irqentry_exit+0x3b/0x90
[  439.891387][ T1413]  ? lockdep_hardirqs_on+0x7c/0x110
[  439.892865][ T1413]  ? check_panic_on_warn+0x1f/0xb0
[  439.894312][ T1413]  check_panic_on_warn+0xab/0xb0
[  439.895749][ T1413]  end_report+0x117/0x180
[  439.897014][ T1413]  kasan_report+0xe9/0x110
[  439.898285][ T1413]  ? tty_write_room+0x7d/0x90
[  439.899638][ T1413]  ? tty_write_room+0x7d/0x90
[  439.901031][ T1413]  tty_write_room+0x7d/0x90
[  439.902315][ T1413]  handle_tx+0x151/0x630
[  439.903561][ T1413]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  439.905199][ T1413]  dev_hard_start_xmit+0x9a/0x7b0
[  439.906626][ T1413]  __dev_queue_xmit+0x7f0/0x43e0
[  439.908054][ T1413]  ? __pfx___dev_queue_xmit+0x10/0x10
[  439.909435][ T1413]  ? __pfx___lock_acquire+0x10/0x10
[  439.910915][ T1413]  ? __pfx___lock_acquire+0x10/0x10
[  439.912339][ T1413]  ? lock_acquire.part.0+0x11b/0x380
[  439.913814][ T1413]  ? find_held_lock+0x2d/0x110
[  439.915177][ T1413]  ? find_held_lock+0x2d/0x110
[  439.916522][ T1413]  ? tx+0xa8/0x190
[  439.917623][ T1413]  ? __pfx_lock_release+0x10/0x10
[  439.919041][ T1413]  ? lock_acquire+0x2f/0xb0
[  439.920324][ T1413]  tx+0xcc/0x190
[  439.921386][ T1413]  ? __pfx_tx+0x10/0x10
[  439.922559][ T1413]  kthread+0x1e7/0x3c0
[  439.923699][ T1413]  ? __pfx_kthread+0x10/0x10
[  439.925355][ T1413]  ? __pfx_default_wake_function+0x10/0x10
[  439.927176][ T1413]  ? lockdep_hardirqs_on+0x7c/0x110
[  439.928809][ T1413]  ? __kthread_parkme+0x148/0x220
[  439.930616][ T1413]  ? __pfx_kthread+0x10/0x10
[  439.931863][ T1413]  kthread+0x3af/0x750
[  439.932985][ T1413]  ? __pfx_kthread+0x10/0x10
[  439.934284][ T1413]  ? __pfx_kthread+0x10/0x10
[  439.935589][ T1413]  ret_from_fork+0x45/0x80
[  439.936881][ T1413]  ? __pfx_kthread+0x10/0x10
[  439.938202][ T1413]  ret_from_fork_asm+0x1a/0x30
[  439.939551][ T1413]  </TASK>
[  439.941149][ T1413] Kernel Offset: disabled
[  439.942380][ T1413] Rebooting in 86400 seconds..

VM DIAGNOSIS:
05:00:22  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000000000 RBX=ffff88802b744bc0 RCX=ffffffff81acfc1a RDX=ffff888025eaa440
RSI=ffffffff81acfbf4 RDI=0000000000000005 RBP=0000000000000003 RSP=ffffc9000384f930
R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000006
R12=ffffed10056e8979 R13=0000000000000001 R14=ffff88802b43ffc0 R15=ffff88802b744bc8
RIP=ffffffff81acfbf6 RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88802b400000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000000000000000 CR3=000000000df80000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000005000000000 0000000100000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000000000000 RBX=0000000000000003 RCX=1ffffffff2dd79de RDX=ffff8880227e8000
RSI=ffffffff816823d4 RDI=ffffffff8bd2d6e0 RBP=ffff888066e05d00 RSP=ffffc90003d6f6f8
R8 =0000000000000001 R9 =fffffbfff2dc49c8 R10=ffffffff96e24e47 R11=0000000000000004
R12=0000000000000003 R13=0000000000000003 R14=ffff88802b53fc80 R15=ffffed100cdc0ba0
RIP=ffffffff816823d6 RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0000 0000000000000000 ffffffff 00c00000
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88802b500000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000000000000000 CR3=000000006d7c0000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000005000000000 0000000100000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 2

CPU#2
RAX=00000000004f24e3 RBX=0000000000000002 RCX=ffffffff8b46be39 RDX=0000000000000000
RSI=ffffffff8b6ce5c0 RDI=ffffffff8bd2d6e0 RBP=ffffed1003ad2000 RSP=ffffc9000048fe08
R8 =0000000000000001 R9 =ffffed10056c6f85 R10=ffff88802b637c2b R11=0000000000000000
R12=0000000000000002 R13=ffff88801d690000 R14=ffffffff905fea10 R15=0000000000000000
RIP=ffffffff8b46d21f RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88802b600000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000008f000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000000000000000 CR3=000000005892e000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000004 00c800a400000000
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000300000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 3

CPU#3
RAX=dffffc0000000060 RBX=00000000000003fd RCX=0000000000000000 RDX=00000000000003fd
RSI=ffffffff85388530 RDI=ffffffff9aad4e20 RBP=ffffffff9aad4de0 RSP=ffffc9000750f3d0
R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=552033203a555043
R12=0000000000000000 R13=0000000000000020 R14=fffffbfff355aa16 R15=dffffc0000000000
RIP=ffffffff85388557 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88802b700000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000d6000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000000000000000 CR3=0000000022af8000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000